Grsec/PaX: 2.9.1-{2.6.32.60,3.2.45,3.9.2}-2013051420130514

48 files changed, 8640 insertions, 10821 deletions

diff --git a/2.6.32/0000_README b/2.6.32/0000_README
index ec404fe..64c91d5 100644
--- a/2.6.32/0000_README
+++ b/2.6.32/0000_README
@@ -34,7 +34,7 @@ Patch:	1059_linux-2.6.32.60.patch
 From:	http://www.kernel.org
 Desc:	Linux 2.6.32.59
 
-Patch:	4420_grsecurity-2.9.1-2.6.32.60-201305082213.patch
+Patch:	4420_grsecurity-2.9.1-2.6.32.60-201305142032.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201305082213.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201305142032.patch
index 08033a1..f34ed36 100644
--- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201305082213.patch
+++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201305142032.patch
@@ -76580,18 +76580,10 @@ index cb2849f..3718fb4 100644
  		if (entry->bitmap && entry->bytes > bytes + empty_size) {
  			ret = btrfs_bitmap_cluster(block_group, entry, cluster,
 diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
-index e03a836..d4e4e69 100644
+index e03a836..e786215 100644
 --- a/fs/btrfs/inode.c
 +++ b/fs/btrfs/inode.c
-@@ -17,6 +17,7 @@
-  */
- 
- #include <linux/kernel.h>
-+#include <linux/module.h>
- #include <linux/bio.h>
- #include <linux/buffer_head.h>
- #include <linux/file.h>
-@@ -63,7 +64,7 @@ static const struct inode_operations btrfs_file_inode_operations;
+@@ -63,7 +63,7 @@ static const struct inode_operations btrfs_file_inode_operations;
  static const struct address_space_operations btrfs_aops;
  static const struct address_space_operations btrfs_symlink_aops;
  static const struct file_operations btrfs_dir_file_operations;
@@ -76600,7 +76592,7 @@ index e03a836..d4e4e69 100644
  
  static struct kmem_cache *btrfs_inode_cachep;
  struct kmem_cache *btrfs_trans_handle_cachep;
-@@ -925,6 +926,7 @@ static int cow_file_range_async(struct inode *inode, struct page *locked_page,
+@@ -925,6 +925,7 @@ static int cow_file_range_async(struct inode *inode, struct page *locked_page,
  			 1, 0, NULL, GFP_NOFS);
  	while (start < end) {
  		async_cow = kmalloc(sizeof(*async_cow), GFP_NOFS);
@@ -76608,7 +76600,7 @@ index e03a836..d4e4e69 100644
  		async_cow->inode = inode;
  		async_cow->root = root;
  		async_cow->locked_page = locked_page;
-@@ -4591,6 +4593,8 @@ static noinline int uncompress_inline(struct btrfs_path *path,
+@@ -4591,6 +4592,8 @@ static noinline int uncompress_inline(struct btrfs_path *path,
  	inline_size = btrfs_file_extent_inline_item_len(leaf,
  					btrfs_item_nr(leaf, path->slots[0]));
  	tmp = kmalloc(inline_size, GFP_NOFS);
@@ -76617,31 +76609,7 @@ index e03a836..d4e4e69 100644
  	ptr = btrfs_file_extent_inline_start(item);
  
  	read_extent_buffer(leaf, tmp, ptr, inline_size);
-@@ -5410,7 +5414,7 @@ fail:
- 	return -ENOMEM;
- }
- 
--static int btrfs_getattr(struct vfsmount *mnt,
-+int btrfs_getattr(struct vfsmount *mnt,
- 			 struct dentry *dentry, struct kstat *stat)
- {
- 	struct inode *inode = dentry->d_inode;
-@@ -5422,6 +5426,14 @@ static int btrfs_getattr(struct vfsmount *mnt,
- 	return 0;
- }
- 
-+EXPORT_SYMBOL(btrfs_getattr);
-+
-+dev_t get_btrfs_dev_from_inode(struct inode *inode)
-+{
-+	return BTRFS_I(inode)->root->anon_super.s_dev;
-+}
-+EXPORT_SYMBOL(get_btrfs_dev_from_inode);
-+
- static int btrfs_rename(struct inode *old_dir, struct dentry *old_dentry,
- 			   struct inode *new_dir, struct dentry *new_dentry)
- {
-@@ -5972,7 +5984,7 @@ static const struct file_operations btrfs_dir_file_operations = {
+@@ -5972,7 +5975,7 @@ static const struct file_operations btrfs_dir_file_operations = {
  	.fsync		= btrfs_sync_file,
  };
  
@@ -86469,10 +86437,10 @@ index 0000000..1b9afa9
 +endif
 diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c
 new file mode 100644
-index 0000000..8d867c7
+index 0000000..6c8c298
 --- /dev/null
 +++ b/grsecurity/gracl.c
-@@ -0,0 +1,4201 @@
+@@ -0,0 +1,4203 @@
 +#include <linux/kernel.h>
 +#include <linux/module.h>
 +#include <linux/sched.h>
@@ -86499,6 +86467,13 @@ index 0000000..8d867c7
 +#include <linux/fdtable.h>
 +#include <linux/percpu.h>
 +#include <linux/posix-timers.h>
++#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE)
++#include <linux/magic.h>
++#include <linux/pagemap.h>
++#include "../fs/btrfs/async-thread.h"
++#include "../fs/btrfs/ctree.h"
++#include "../fs/btrfs/btrfs_inode.h"
++#endif
 +
 +#include <asm/uaccess.h>
 +#include <asm/errno.h>
@@ -86573,19 +86548,14 @@ index 0000000..8d867c7
 +	return (gr_status & GR_READY);
 +}
 +
-+#ifdef CONFIG_BTRFS_FS
-+extern dev_t get_btrfs_dev_from_inode(struct inode *inode);
-+extern int btrfs_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat);
-+#endif
-+
 +static inline dev_t __get_dev(const struct dentry *dentry)
 +{
-+#ifdef CONFIG_BTRFS_FS
-+	if (dentry->d_inode->i_op && dentry->d_inode->i_op->getattr == &btrfs_getattr)
-+		return get_btrfs_dev_from_inode(dentry->d_inode);
++#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE)
++	if (dentry->d_sb->s_magic == BTRFS_SUPER_MAGIC)
++		return BTRFS_I(dentry->d_inode)->root->anon_super.s_dev;
 +	else
 +#endif
-+		return dentry->d_inode->i_sb->s_dev;
++		return dentry->d_sb->s_dev;
 +}
 +
 +dev_t gr_get_dev_from_dentry(struct dentry *dentry)
@@ -92012,10 +91982,10 @@ index 0000000..70b2179
 +}
 diff --git a/grsecurity/gracl_segv.c b/grsecurity/gracl_segv.c
 new file mode 100644
-index 0000000..6bb1860
+index 0000000..f755034
 --- /dev/null
 +++ b/grsecurity/gracl_segv.c
-@@ -0,0 +1,284 @@
+@@ -0,0 +1,301 @@
 +#include <linux/kernel.h>
 +#include <linux/mm.h>
 +#include <asm/uaccess.h>
@@ -92034,6 +92004,13 @@ index 0000000..6bb1860
 +#include <linux/gracl.h>
 +#include <linux/grsecurity.h>
 +#include <linux/grinternal.h>
++#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE)
++#include <linux/magic.h>
++#include <linux/pagemap.h>
++#include "../fs/btrfs/async-thread.h"
++#include "../fs/btrfs/ctree.h"
++#include "../fs/btrfs/btrfs_inode.h"
++#endif
 +
 +static struct crash_uid *uid_set;
 +static unsigned short uid_used;
@@ -92044,6 +92021,16 @@ index 0000000..6bb1860
 +			      struct acl_role_label *role);
 +extern int gr_fake_force_sig(int sig, struct task_struct *t);
 +
++static inline dev_t __get_dev(const struct dentry *dentry)
++{
++#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE)
++	if (dentry->d_sb->s_magic == BTRFS_SUPER_MAGIC)
++		return BTRFS_I(dentry->d_inode)->root->anon_super.s_dev;
++	else
++#endif
++		return dentry->d_sb->s_dev;
++}
++
 +int
 +gr_init_uidset(void)
 +{
@@ -92256,7 +92243,7 @@ index 0000000..6bb1860
 +
 +	read_lock(&gr_inode_lock);
 +	curr = lookup_acl_subj_label(filp->f_path.dentry->d_inode->i_ino,
-+				     filp->f_path.dentry->d_inode->i_sb->s_dev,
++				     __get_dev(filp->f_path.dentry),
 +				     current->role);
 +	read_unlock(&gr_inode_lock);
 +
@@ -92767,7 +92754,7 @@ index 0000000..bc7b363
 +}
 diff --git a/grsecurity/grsec_disabled.c b/grsecurity/grsec_disabled.c
 new file mode 100644
-index 0000000..7a358f8
+index 0000000..61dafe0
 --- /dev/null
 +++ b/grsecurity/grsec_disabled.c
 @@ -0,0 +1,442 @@
@@ -93199,7 +93186,7 @@ index 0000000..7a358f8
 +
 +dev_t gr_get_dev_from_dentry(struct dentry *dentry)
 +{
-+	return dentry->d_inode->i_sb->s_dev;
++	return dentry->d_sb->s_dev;
 +}
 +
 +void gr_put_exec_file(struct task_struct *task)
@@ -105997,10 +105984,22 @@ index d656c27..21e452c 100644
  };
  
 diff --git a/kernel/perf_event.c b/kernel/perf_event.c
-index 37ebc14..9c121d9 100644
+index 37ebc14..4596080 100644
 --- a/kernel/perf_event.c
 +++ b/kernel/perf_event.c
-@@ -77,7 +77,7 @@ int sysctl_perf_event_mlock __read_mostly = 516; /* 'free' kb per user */
+@@ -52,7 +52,11 @@ static atomic_t nr_task_events __read_mostly;
+  *   1 - disallow cpu events for unpriv
+  *   2 - disallow kernel profiling for unpriv
+  */
++#ifdef CONFIG_GRKERNSEC_HIDESYM
++int sysctl_perf_event_paranoid __read_mostly = 2;
++#else
+ int sysctl_perf_event_paranoid __read_mostly = 1;
++#endif
+ 
+ static inline bool perf_paranoid_tracepoint_raw(void)
+ {
+@@ -77,7 +81,7 @@ int sysctl_perf_event_mlock __read_mostly = 516; /* 'free' kb per user */
   */
  int sysctl_perf_event_sample_rate __read_mostly = 100000;
  
@@ -106009,7 +106008,7 @@ index 37ebc14..9c121d9 100644
  
  /*
   * Lock for (sysadmin-configurable) event reservations:
-@@ -1094,9 +1094,9 @@ static void __perf_event_sync_stat(struct perf_event *event,
+@@ -1094,9 +1098,9 @@ static void __perf_event_sync_stat(struct perf_event *event,
  	 * In order to keep per-task stats reliable we need to flip the event
  	 * values when we flip the contexts.
  	 */
@@ -106022,7 +106021,7 @@ index 37ebc14..9c121d9 100644
  
  	swap(event->total_time_enabled, next_event->total_time_enabled);
  	swap(event->total_time_running, next_event->total_time_running);
-@@ -1552,7 +1552,7 @@ static u64 perf_event_read(struct perf_event *event)
+@@ -1552,7 +1556,7 @@ static u64 perf_event_read(struct perf_event *event)
  		update_event_times(event);
  	}
  
@@ -106031,7 +106030,7 @@ index 37ebc14..9c121d9 100644
  }
  
  /*
-@@ -1790,11 +1790,11 @@ static int perf_event_read_group(struct perf_event *event,
+@@ -1790,11 +1794,11 @@ static int perf_event_read_group(struct perf_event *event,
  	values[n++] = 1 + leader->nr_siblings;
  	if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) {
  		values[n++] = leader->total_time_enabled +
@@ -106045,7 +106044,7 @@ index 37ebc14..9c121d9 100644
  	}
  
  	size = n * sizeof(u64);
-@@ -1829,11 +1829,11 @@ static int perf_event_read_one(struct perf_event *event,
+@@ -1829,11 +1833,11 @@ static int perf_event_read_one(struct perf_event *event,
  	values[n++] = perf_event_read_value(event);
  	if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) {
  		values[n++] = event->total_time_enabled +
@@ -106059,7 +106058,7 @@ index 37ebc14..9c121d9 100644
  	}
  	if (read_format & PERF_FORMAT_ID)
  		values[n++] = primary_event_id(event);
-@@ -1903,7 +1903,7 @@ static unsigned int perf_poll(struct file *file, poll_table *wait)
+@@ -1903,7 +1907,7 @@ static unsigned int perf_poll(struct file *file, poll_table *wait)
  static void perf_event_reset(struct perf_event *event)
  {
  	(void)perf_event_read(event);
@@ -106068,7 +106067,7 @@ index 37ebc14..9c121d9 100644
  	perf_event_update_userpage(event);
  }
  
-@@ -2079,15 +2079,15 @@ void perf_event_update_userpage(struct perf_event *event)
+@@ -2079,15 +2083,15 @@ void perf_event_update_userpage(struct perf_event *event)
  	++userpg->lock;
  	barrier();
  	userpg->index = perf_event_index(event);
@@ -106088,7 +106087,7 @@ index 37ebc14..9c121d9 100644
  
  	barrier();
  	++userpg->lock;
-@@ -2903,14 +2903,14 @@ static void perf_output_read_one(struct perf_output_handle *handle,
+@@ -2903,14 +2907,14 @@ static void perf_output_read_one(struct perf_output_handle *handle,
  	u64 values[4];
  	int n = 0;
  
@@ -106106,7 +106105,7 @@ index 37ebc14..9c121d9 100644
  	}
  	if (read_format & PERF_FORMAT_ID)
  		values[n++] = primary_event_id(event);
-@@ -2940,7 +2940,7 @@ static void perf_output_read_group(struct perf_output_handle *handle,
+@@ -2940,7 +2944,7 @@ static void perf_output_read_group(struct perf_output_handle *handle,
  	if (leader != event)
  		leader->pmu->read(leader);
  
@@ -106115,7 +106114,7 @@ index 37ebc14..9c121d9 100644
  	if (read_format & PERF_FORMAT_ID)
  		values[n++] = primary_event_id(leader);
  
-@@ -2952,7 +2952,7 @@ static void perf_output_read_group(struct perf_output_handle *handle,
+@@ -2952,7 +2956,7 @@ static void perf_output_read_group(struct perf_output_handle *handle,
  		if (sub != event)
  			sub->pmu->read(sub);
  
@@ -106124,7 +106123,7 @@ index 37ebc14..9c121d9 100644
  		if (read_format & PERF_FORMAT_ID)
  			values[n++] = primary_event_id(sub);
  
-@@ -3525,12 +3525,12 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event)
+@@ -3525,12 +3529,12 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event)
  		 * need to add enough zero bytes after the string to handle
  		 * the 64bit alignment we do later.
  		 */
@@ -106139,7 +106138,7 @@ index 37ebc14..9c121d9 100644
  		if (IS_ERR(name)) {
  			name = strncpy(tmp, "//toolong", sizeof(tmp));
  			goto got_name;
-@@ -3783,7 +3783,7 @@ static void perf_swevent_add(struct perf_event *event, u64 nr,
+@@ -3783,7 +3787,7 @@ static void perf_swevent_add(struct perf_event *event, u64 nr,
  {
  	struct hw_perf_event *hwc = &event->hw;
  
@@ -106148,7 +106147,7 @@ index 37ebc14..9c121d9 100644
  
  	if (!hwc->sample_period)
  		return;
-@@ -4040,9 +4040,9 @@ static void cpu_clock_perf_event_update(struct perf_event *event)
+@@ -4040,9 +4044,9 @@ static void cpu_clock_perf_event_update(struct perf_event *event)
  	u64 now;
  
  	now = cpu_clock(cpu);
@@ -106161,7 +106160,7 @@ index 37ebc14..9c121d9 100644
  }
  
  static int cpu_clock_perf_event_enable(struct perf_event *event)
-@@ -4050,7 +4050,7 @@ static int cpu_clock_perf_event_enable(struct perf_event *event)
+@@ -4050,7 +4054,7 @@ static int cpu_clock_perf_event_enable(struct perf_event *event)
  	struct hw_perf_event *hwc = &event->hw;
  	int cpu = raw_smp_processor_id();
  
@@ -106170,7 +106169,7 @@ index 37ebc14..9c121d9 100644
  	perf_swevent_start_hrtimer(event);
  
  	return 0;
-@@ -4082,9 +4082,9 @@ static void task_clock_perf_event_update(struct perf_event *event, u64 now)
+@@ -4082,9 +4086,9 @@ static void task_clock_perf_event_update(struct perf_event *event, u64 now)
  	u64 prev;
  	s64 delta;
  
@@ -106182,7 +106181,7 @@ index 37ebc14..9c121d9 100644
  }
  
  static int task_clock_perf_event_enable(struct perf_event *event)
-@@ -4094,7 +4094,7 @@ static int task_clock_perf_event_enable(struct perf_event *event)
+@@ -4094,7 +4098,7 @@ static int task_clock_perf_event_enable(struct perf_event *event)
  
  	now = event->ctx->time;
  
@@ -106191,7 +106190,7 @@ index 37ebc14..9c121d9 100644
  
  	perf_swevent_start_hrtimer(event);
  
-@@ -4289,7 +4289,7 @@ perf_event_alloc(struct perf_event_attr *attr,
+@@ -4289,7 +4293,7 @@ perf_event_alloc(struct perf_event_attr *attr,
  	event->parent		= parent_event;
  
  	event->ns		= get_pid_ns(current->nsproxy->pid_ns);
@@ -106200,7 +106199,7 @@ index 37ebc14..9c121d9 100644
  
  	event->state		= PERF_EVENT_STATE_INACTIVE;
  
-@@ -4720,15 +4720,15 @@ static void sync_child_event(struct perf_event *child_event,
+@@ -4720,15 +4724,15 @@ static void sync_child_event(struct perf_event *child_event,
  	if (child_event->attr.inherit_stat)
  		perf_event_read_event(child_event, child);
  
@@ -118996,7 +118995,7 @@ index 524ba56..8f2f836 100644
  	if (!res)
  		eth_started = 1;
 diff --git a/net/tipc/link.c b/net/tipc/link.c
-index dd4c18b..f40d38d 100644
+index dd4c18b..356b07d 100644
 --- a/net/tipc/link.c
 +++ b/net/tipc/link.c
 @@ -1418,7 +1418,7 @@ again:
@@ -119017,6 +119016,44 @@ index dd4c18b..f40d38d 100644
  		sect_crs += sz;
  		sect_rest -= sz;
  		fragm_crs += sz;
+@@ -2551,12 +2551,13 @@ static int link_recv_changeover_msg(struct link **l_ptr,
+ 	struct tipc_msg *tunnel_msg = buf_msg(tunnel_buf);
+ 	u32 msg_typ = msg_type(tunnel_msg);
+ 	u32 msg_count = msg_msgcnt(tunnel_msg);
++	u32 bearer_id = msg_bearer_id(tunnel_msg);
+ 
+-	dest_link = (*l_ptr)->owner->links[msg_bearer_id(tunnel_msg)];
+-	if (!dest_link) {
+-		msg_dbg(tunnel_msg, "NOLINK/<REC<");
++	if (bearer_id >= MAX_BEARERS)
++		goto exit;
++	dest_link = (*l_ptr)->owner->links[bearer_id];
++	if (!dest_link)
+ 		goto exit;
+-	}
+ 	if (dest_link == *l_ptr) {
+ 		err("Unexpected changeover message on link <%s>\n",
+ 		    (*l_ptr)->name);
+@@ -2798,15 +2799,16 @@ int tipc_link_recv_fragment(struct sk_buff **pending, struct sk_buff **fb,
+ 		struct tipc_msg *imsg = (struct tipc_msg *)msg_data(fragm);
+ 		u32 msg_sz = msg_size(imsg);
+ 		u32 fragm_sz = msg_data_sz(fragm);
+-		u32 exp_fragm_cnt = msg_sz/fragm_sz + !!(msg_sz % fragm_sz);
++		u32 exp_fragm_cnt;
+ 		u32 max =  TIPC_MAX_USER_MSG_SIZE + LONG_H_SIZE;
++
+ 		if (msg_type(imsg) == TIPC_MCAST_MSG)
+ 			max = TIPC_MAX_USER_MSG_SIZE + MCAST_H_SIZE;
+-		if (msg_size(imsg) > max) {
+-			msg_dbg(fragm,"<REC<Oversized: ");
++		if (fragm_sz == 0 || msg_size(imsg) > max) {
+ 			buf_discard(fbuf);
+ 			return 0;
+ 		}
++		exp_fragm_cnt = msg_sz / fragm_sz + !!(msg_sz % fragm_sz);
+ 		pbuf = buf_acquire(msg_size(imsg));
+ 		if (pbuf != NULL) {
+ 			pbuf->next = *pending;
 diff --git a/net/tipc/subscr.c b/net/tipc/subscr.c
 index 0747d8a..e8bf3f3 100644
 --- a/net/tipc/subscr.c
diff --git a/2.6.32/4450_grsec-kconfig-default-gids.patch b/2.6.32/4450_grsec-kconfig-default-gids.patch
index dbd4565..87aa8e4 100644
--- a/2.6.32/4450_grsec-kconfig-default-gids.patch
+++ b/2.6.32/4450_grsec-kconfig-default-gids.patch
@@ -16,7 +16,7 @@ from shooting themselves in the foot.
 diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
 --- a/grsecurity/Kconfig	2012-10-13 09:51:35.000000000 -0400
 +++ b/grsecurity/Kconfig	2012-10-13 09:52:32.000000000 -0400
-@@ -560,7 +560,7 @@
+@@ -570,7 +570,7 @@
  config GRKERNSEC_AUDIT_GID
  	int "GID for auditing"
  	depends on GRKERNSEC_AUDIT_GROUP
@@ -25,7 +25,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
  
  config GRKERNSEC_EXECLOG
  	bool "Exec logging"
-@@ -780,7 +780,7 @@
+@@ -790,7 +790,7 @@
  config GRKERNSEC_TPE_UNTRUSTED_GID
  	int "GID for TPE-untrusted users"
  	depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT
@@ -34,7 +34,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
  	help
  	  Setting this GID determines what group TPE restrictions will be
  	  *enabled* for.  If the sysctl option is enabled, a sysctl option
-@@ -789,7 +789,7 @@
+@@ -799,7 +799,7 @@
  config GRKERNSEC_TPE_TRUSTED_GID
  	int "GID for TPE-trusted users"
  	depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT
@@ -43,7 +43,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
  	help
  	  Setting this GID determines what group TPE restrictions will be
  	  *disabled* for.  If the sysctl option is enabled, a sysctl option
-@@ -882,7 +882,7 @@
+@@ -892,7 +892,7 @@
  config GRKERNSEC_SOCKET_ALL_GID
  	int "GID to deny all sockets for"
  	depends on GRKERNSEC_SOCKET_ALL
@@ -52,7 +52,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
  	help
  	  Here you can choose the GID to disable socket access for. Remember to
  	  add the users you want socket access disabled for to the GID
-@@ -903,7 +903,7 @@
+@@ -913,7 +913,7 @@
  config GRKERNSEC_SOCKET_CLIENT_GID
  	int "GID to deny client sockets for"
  	depends on GRKERNSEC_SOCKET_CLIENT
@@ -61,7 +61,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
  	help
  	  Here you can choose the GID to disable client socket access for.
  	  Remember to add the users you want client socket access disabled for to
-@@ -921,7 +921,7 @@
+@@ -931,7 +931,7 @@
  config GRKERNSEC_SOCKET_SERVER_GID
  	int "GID to deny server sockets for"
  	depends on GRKERNSEC_SOCKET_SERVER
diff --git a/2.6.32/4465_selinux-avc_audit-log-curr_ip.patch b/2.6.32/4465_selinux-avc_audit-log-curr_ip.patch
index 6273202..19027c3 100644
--- a/2.6.32/4465_selinux-avc_audit-log-curr_ip.patch
+++ b/2.6.32/4465_selinux-avc_audit-log-curr_ip.patch
@@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org>
 diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
 --- a/grsecurity/Kconfig	2011-04-17 18:47:02.000000000 -0400
 +++ b/grsecurity/Kconfig	2011-04-17 18:51:15.000000000 -0400
-@@ -980,6 +980,27 @@
+@@ -990,6 +990,27 @@
  menu "Logging Options"
  depends on GRKERNSEC
  
diff --git a/3.2.44/0000_README b/3.2.45/0000_README
index cc13ddf..931a45e 100644
--- a/3.2.44/0000_README
+++ b/3.2.45/0000_README
@@ -94,7 +94,11 @@ Patch:	1043_linux-3.2.44.patch
 From:	http://www.kernel.org
 Desc:	Linux 3.2.44
 
-Patch:	4420_grsecurity-2.9.1-3.2.44-201305082214.patch
+Patch:	1044_linux-3.2.45.patch
+From:	http://www.kernel.org
+Desc:	Linux 3.2.45
+
+Patch:	4420_grsecurity-2.9.1-3.2.45-201305142033.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/3.2.44/1021_linux-3.2.22.patch b/3.2.45/1021_linux-3.2.22.patch
index e6ad93a..e6ad93a 100644
--- a/3.2.44/1021_linux-3.2.22.patch
+++ b/3.2.45/1021_linux-3.2.22.patch
diff --git a/3.2.44/1022_linux-3.2.23.patch b/3.2.45/1022_linux-3.2.23.patch
index 3d796d0..3d796d0 100644
--- a/3.2.44/1022_linux-3.2.23.patch
+++ b/3.2.45/1022_linux-3.2.23.patch
diff --git a/3.2.44/1023_linux-3.2.24.patch b/3.2.45/1023_linux-3.2.24.patch
index 4692eb4..4692eb4 100644
--- a/3.2.44/1023_linux-3.2.24.patch
+++ b/3.2.45/1023_linux-3.2.24.patch
diff --git a/3.2.44/1024_linux-3.2.25.patch b/3.2.45/1024_linux-3.2.25.patch
index e95c213..e95c213 100644
--- a/3.2.44/1024_linux-3.2.25.patch
+++ b/3.2.45/1024_linux-3.2.25.patch
diff --git a/3.2.44/1025_linux-3.2.26.patch b/3.2.45/1025_linux-3.2.26.patch
index 44065b9..44065b9 100644
--- a/3.2.44/1025_linux-3.2.26.patch
+++ b/3.2.45/1025_linux-3.2.26.patch
diff --git a/3.2.44/1026_linux-3.2.27.patch b/3.2.45/1026_linux-3.2.27.patch
index 5878eb4..5878eb4 100644
--- a/3.2.44/1026_linux-3.2.27.patch
+++ b/3.2.45/1026_linux-3.2.27.patch
diff --git a/3.2.44/1027_linux-3.2.28.patch b/3.2.45/1027_linux-3.2.28.patch
index 4dbba4b..4dbba4b 100644
--- a/3.2.44/1027_linux-3.2.28.patch
+++ b/3.2.45/1027_linux-3.2.28.patch
diff --git a/3.2.44/1028_linux-3.2.29.patch b/3.2.45/1028_linux-3.2.29.patch
index 3c65179..3c65179 100644
--- a/3.2.44/1028_linux-3.2.29.patch
+++ b/3.2.45/1028_linux-3.2.29.patch
diff --git a/3.2.44/1029_linux-3.2.30.patch b/3.2.45/1029_linux-3.2.30.patch
index 86aea4b..86aea4b 100644
--- a/3.2.44/1029_linux-3.2.30.patch
+++ b/3.2.45/1029_linux-3.2.30.patch
diff --git a/3.2.44/1030_linux-3.2.31.patch b/3.2.45/1030_linux-3.2.31.patch
index c6accf5..c6accf5 100644
--- a/3.2.44/1030_linux-3.2.31.patch
+++ b/3.2.45/1030_linux-3.2.31.patch
diff --git a/3.2.44/1031_linux-3.2.32.patch b/3.2.45/1031_linux-3.2.32.patch
index 247fc0b..247fc0b 100644
--- a/3.2.44/1031_linux-3.2.32.patch
+++ b/3.2.45/1031_linux-3.2.32.patch
diff --git a/3.2.44/1032_linux-3.2.33.patch b/3.2.45/1032_linux-3.2.33.patch
index c32fb75..c32fb75 100644
--- a/3.2.44/1032_linux-3.2.33.patch
+++ b/3.2.45/1032_linux-3.2.33.patch
diff --git a/3.2.44/1033_linux-3.2.34.patch b/3.2.45/1033_linux-3.2.34.patch
index d647b38..d647b38 100644
--- a/3.2.44/1033_linux-3.2.34.patch
+++ b/3.2.45/1033_linux-3.2.34.patch
diff --git a/3.2.44/1034_linux-3.2.35.patch b/3.2.45/1034_linux-3.2.35.patch
index 76a9c19..76a9c19 100644
--- a/3.2.44/1034_linux-3.2.35.patch
+++ b/3.2.45/1034_linux-3.2.35.patch
diff --git a/3.2.44/1035_linux-3.2.36.patch b/3.2.45/1035_linux-3.2.36.patch
index 5d192a3..5d192a3 100644
--- a/3.2.44/1035_linux-3.2.36.patch
+++ b/3.2.45/1035_linux-3.2.36.patch
diff --git a/3.2.44/1036_linux-3.2.37.patch b/3.2.45/1036_linux-3.2.37.patch
index ad13251..ad13251 100644
--- a/3.2.44/1036_linux-3.2.37.patch
+++ b/3.2.45/1036_linux-3.2.37.patch
diff --git a/3.2.44/1037_linux-3.2.38.patch b/3.2.45/1037_linux-3.2.38.patch
index a3c106f..a3c106f 100644
--- a/3.2.44/1037_linux-3.2.38.patch
+++ b/3.2.45/1037_linux-3.2.38.patch
diff --git a/3.2.44/1038_linux-3.2.39.patch b/3.2.45/1038_linux-3.2.39.patch
index 5639e92..5639e92 100644
--- a/3.2.44/1038_linux-3.2.39.patch
+++ b/3.2.45/1038_linux-3.2.39.patch
diff --git a/3.2.44/1039_linux-3.2.40.patch b/3.2.45/1039_linux-3.2.40.patch
index f26b39c..f26b39c 100644
--- a/3.2.44/1039_linux-3.2.40.patch
+++ b/3.2.45/1039_linux-3.2.40.patch
diff --git a/3.2.44/1040_linux-3.2.41.patch b/3.2.45/1040_linux-3.2.41.patch
index 0d27fcb..0d27fcb 100644
--- a/3.2.44/1040_linux-3.2.41.patch
+++ b/3.2.45/1040_linux-3.2.41.patch
diff --git a/3.2.44/1041_linux-3.2.42.patch b/3.2.45/1041_linux-3.2.42.patch
index 77a08ed..77a08ed 100644
--- a/3.2.44/1041_linux-3.2.42.patch
+++ b/3.2.45/1041_linux-3.2.42.patch
diff --git a/3.2.44/1042_linux-3.2.43.patch b/3.2.45/1042_linux-3.2.43.patch
index a3f878b..a3f878b 100644
--- a/3.2.44/1042_linux-3.2.43.patch
+++ b/3.2.45/1042_linux-3.2.43.patch
diff --git a/3.2.44/1043_linux-3.2.44.patch b/3.2.45/1043_linux-3.2.44.patch
index 3d5e6ff..3d5e6ff 100644
--- a/3.2.44/1043_linux-3.2.44.patch
+++ b/3.2.45/1043_linux-3.2.44.patch
diff --git a/3.2.45/1044_linux-3.2.45.patch b/3.2.45/1044_linux-3.2.45.patch
new file mode 100644
index 0000000..44e1767
--- /dev/null
+++ b/3.2.45/1044_linux-3.2.45.patch
@@ -0,0 +1,3809 @@
+diff --git a/Makefile b/Makefile
+index 566750c..9072fee 100644
+--- a/Makefile
++++ b/Makefile
+@@ -1,6 +1,6 @@
+ VERSION = 3
+ PATCHLEVEL = 2
+-SUBLEVEL = 44
++SUBLEVEL = 45
+ EXTRAVERSION =
+ NAME = Saber-toothed Squirrel
+ 
+diff --git a/arch/arm/mach-u300/include/mach/u300-regs.h b/arch/arm/mach-u300/include/mach/u300-regs.h
+index 035fdc9..a8b71f2 100644
+--- a/arch/arm/mach-u300/include/mach/u300-regs.h
++++ b/arch/arm/mach-u300/include/mach/u300-regs.h
+@@ -102,7 +102,7 @@
+ 
+ #ifdef CONFIG_MACH_U300_BS335
+ /* Fast UART1 on U335 only */
+-#define U300_UART1_BASE			(U300_SLOW_PER_PHYS_BASE+0x7000)
++#define U300_UART1_BASE			(U300_FAST_PER_PHYS_BASE+0x7000)
+ #endif
+ 
+ /*
+diff --git a/arch/ia64/include/asm/futex.h b/arch/ia64/include/asm/futex.h
+index 21ab376..1bd14d5 100644
+--- a/arch/ia64/include/asm/futex.h
++++ b/arch/ia64/include/asm/futex.h
+@@ -107,16 +107,15 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,
+ 		return -EFAULT;
+ 
+ 	{
+-		register unsigned long r8 __asm ("r8");
++		register unsigned long r8 __asm ("r8") = 0;
+ 		unsigned long prev;
+ 		__asm__ __volatile__(
+ 			"	mf;;					\n"
+-			"	mov %0=r0				\n"
+ 			"	mov ar.ccv=%4;;				\n"
+ 			"[1:]	cmpxchg4.acq %1=[%2],%3,ar.ccv		\n"
+ 			"	.xdata4 \"__ex_table\", 1b-., 2f-.	\n"
+ 			"[2:]"
+-			: "=r" (r8), "=r" (prev)
++			: "+r" (r8), "=&r" (prev)
+ 			: "r" (uaddr), "r" (newval),
+ 			  "rO" ((long) (unsigned) oldval)
+ 			: "memory");
+diff --git a/arch/ia64/include/asm/mca.h b/arch/ia64/include/asm/mca.h
+index 43f96ab..8c70961 100644
+--- a/arch/ia64/include/asm/mca.h
++++ b/arch/ia64/include/asm/mca.h
+@@ -143,6 +143,7 @@ extern unsigned long __per_cpu_mca[NR_CPUS];
+ extern int cpe_vector;
+ extern int ia64_cpe_irq;
+ extern void ia64_mca_init(void);
++extern void ia64_mca_irq_init(void);
+ extern void ia64_mca_cpu_init(void *);
+ extern void ia64_os_mca_dispatch(void);
+ extern void ia64_os_mca_dispatch_end(void);
+diff --git a/arch/ia64/kernel/irq.c b/arch/ia64/kernel/irq.c
+index ad69606..f2c41828 100644
+--- a/arch/ia64/kernel/irq.c
++++ b/arch/ia64/kernel/irq.c
+@@ -23,6 +23,8 @@
+ #include <linux/interrupt.h>
+ #include <linux/kernel_stat.h>
+ 
++#include <asm/mca.h>
++
+ /*
+  * 'what should we do if we get a hw irq event on an illegal vector'.
+  * each architecture has to answer this themselves.
+@@ -83,6 +85,12 @@ bool is_affinity_mask_valid(const struct cpumask *cpumask)
+ 
+ #endif /* CONFIG_SMP */
+ 
++int __init arch_early_irq_init(void)
++{
++	ia64_mca_irq_init();
++	return 0;
++}
++
+ #ifdef CONFIG_HOTPLUG_CPU
+ unsigned int vectors_in_migration[NR_IRQS];
+ 
+diff --git a/arch/ia64/kernel/mca.c b/arch/ia64/kernel/mca.c
+index 84fb405..9b97303 100644
+--- a/arch/ia64/kernel/mca.c
++++ b/arch/ia64/kernel/mca.c
+@@ -2071,22 +2071,16 @@ ia64_mca_init(void)
+ 	printk(KERN_INFO "MCA related initialization done\n");
+ }
+ 
++
+ /*
+- * ia64_mca_late_init
+- *
+- *	Opportunity to setup things that require initialization later
+- *	than ia64_mca_init.  Setup a timer to poll for CPEs if the
+- *	platform doesn't support an interrupt driven mechanism.
+- *
+- *  Inputs  :   None
+- *  Outputs :   Status
++ * These pieces cannot be done in ia64_mca_init() because it is called before
++ * early_irq_init() which would wipe out our percpu irq registrations. But we
++ * cannot leave them until ia64_mca_late_init() because by then all the other
++ * processors have been brought online and have set their own CMC vectors to
++ * point at a non-existant action. Called from arch_early_irq_init().
+  */
+-static int __init
+-ia64_mca_late_init(void)
++void __init ia64_mca_irq_init(void)
+ {
+-	if (!mca_init)
+-		return 0;
+-
+ 	/*
+ 	 *  Configure the CMCI/P vector and handler. Interrupts for CMC are
+ 	 *  per-processor, so AP CMC interrupts are setup in smp_callin() (smpboot.c).
+@@ -2105,6 +2099,23 @@ ia64_mca_late_init(void)
+ 	/* Setup the CPEI/P handler */
+ 	register_percpu_irq(IA64_CPEP_VECTOR, &mca_cpep_irqaction);
+ #endif
++}
++
++/*
++ * ia64_mca_late_init
++ *
++ *	Opportunity to setup things that require initialization later
++ *	than ia64_mca_init.  Setup a timer to poll for CPEs if the
++ *	platform doesn't support an interrupt driven mechanism.
++ *
++ *  Inputs  :   None
++ *  Outputs :   Status
++ */
++static int __init
++ia64_mca_late_init(void)
++{
++	if (!mca_init)
++		return 0;
+ 
+ 	register_hotcpu_notifier(&mca_cpu_notifier);
+ 
+diff --git a/arch/ia64/kvm/vtlb.c b/arch/ia64/kvm/vtlb.c
+index 4332f7e..a7869f8 100644
+--- a/arch/ia64/kvm/vtlb.c
++++ b/arch/ia64/kvm/vtlb.c
+@@ -256,7 +256,7 @@ u64 guest_vhpt_lookup(u64 iha, u64 *pte)
+ 			"srlz.d;;"
+ 			"ssm psr.i;;"
+ 			"srlz.d;;"
+-			: "=r"(ret) : "r"(iha), "r"(pte):"memory");
++			: "=&r"(ret) : "r"(iha), "r"(pte) : "memory");
+ 
+ 	return ret;
+ }
+diff --git a/arch/powerpc/kernel/head_64.S b/arch/powerpc/kernel/head_64.S
+index cdf6b3f..2c49227 100644
+--- a/arch/powerpc/kernel/head_64.S
++++ b/arch/powerpc/kernel/head_64.S
+@@ -502,6 +502,7 @@ _GLOBAL(copy_and_flush)
+ 	sync
+ 	addi	r5,r5,8
+ 	addi	r6,r6,8
++	isync
+ 	blr
+ 
+ .align 8
+diff --git a/arch/powerpc/mm/numa.c b/arch/powerpc/mm/numa.c
+index b22a83a..24523dc 100644
+--- a/arch/powerpc/mm/numa.c
++++ b/arch/powerpc/mm/numa.c
+@@ -221,7 +221,7 @@ int __node_distance(int a, int b)
+ 	int distance = LOCAL_DISTANCE;
+ 
+ 	if (!form1_affinity)
+-		return distance;
++		return ((a == b) ? LOCAL_DISTANCE : REMOTE_DISTANCE);
+ 
+ 	for (i = 0; i < distance_ref_points_depth; i++) {
+ 		if (distance_lookup_table[a][i] == distance_lookup_table[b][i])
+diff --git a/arch/powerpc/platforms/cell/spufs/inode.c b/arch/powerpc/platforms/cell/spufs/inode.c
+index e481f6b..70ec4e9 100644
+--- a/arch/powerpc/platforms/cell/spufs/inode.c
++++ b/arch/powerpc/platforms/cell/spufs/inode.c
+@@ -100,6 +100,7 @@ spufs_new_inode(struct super_block *sb, int mode)
+ 	if (!inode)
+ 		goto out;
+ 
++	inode->i_ino = get_next_ino();
+ 	inode->i_mode = mode;
+ 	inode->i_uid = current_fsuid();
+ 	inode->i_gid = current_fsgid();
+diff --git a/arch/s390/include/asm/pgtable.h b/arch/s390/include/asm/pgtable.h
+index 4f289ff..5aaf0bf 100644
+--- a/arch/s390/include/asm/pgtable.h
++++ b/arch/s390/include/asm/pgtable.h
+@@ -67,6 +67,10 @@ static inline int is_zero_pfn(unsigned long pfn)
+ 
+ #define my_zero_pfn(addr)	page_to_pfn(ZERO_PAGE(addr))
+ 
++/* TODO: s390 cannot support io_remap_pfn_range... */
++#define io_remap_pfn_range(vma, vaddr, pfn, size, prot) 	       \
++	remap_pfn_range(vma, vaddr, pfn, size, prot)
++
+ #endif /* !__ASSEMBLY__ */
+ 
+ /*
+diff --git a/arch/sparc/include/asm/pgtable_64.h b/arch/sparc/include/asm/pgtable_64.h
+index 38ebb2c..ddbbea3 100644
+--- a/arch/sparc/include/asm/pgtable_64.h
++++ b/arch/sparc/include/asm/pgtable_64.h
+@@ -781,6 +781,7 @@ static inline int io_remap_pfn_range(struct vm_area_struct *vma,
+ 	return remap_pfn_range(vma, from, phys_base >> PAGE_SHIFT, size, prot);
+ }
+ 
++#include <asm/tlbflush.h>
+ #include <asm-generic/pgtable.h>
+ 
+ /* We provide our own get_unmapped_area to cope with VA holes and
+diff --git a/arch/sparc/include/asm/system_64.h b/arch/sparc/include/asm/system_64.h
+index 10bcabc..f856c7f 100644
+--- a/arch/sparc/include/asm/system_64.h
++++ b/arch/sparc/include/asm/system_64.h
+@@ -140,8 +140,7 @@ do {						\
+ 	 * and 2 stores in this critical code path.  -DaveM
+ 	 */
+ #define switch_to(prev, next, last)					\
+-do {	flush_tlb_pending();						\
+-	save_and_clear_fpu();						\
++do {	save_and_clear_fpu();						\
+ 	/* If you are tempted to conditionalize the following */	\
+ 	/* so that ASI is only written if it changes, think again. */	\
+ 	__asm__ __volatile__("wr %%g0, %0, %%asi"			\
+diff --git a/arch/sparc/include/asm/tlbflush_64.h b/arch/sparc/include/asm/tlbflush_64.h
+index 2ef4634..f0d6a97 100644
+--- a/arch/sparc/include/asm/tlbflush_64.h
++++ b/arch/sparc/include/asm/tlbflush_64.h
+@@ -11,24 +11,40 @@
+ struct tlb_batch {
+ 	struct mm_struct *mm;
+ 	unsigned long tlb_nr;
++	unsigned long active;
+ 	unsigned long vaddrs[TLB_BATCH_NR];
+ };
+ 
+ extern void flush_tsb_kernel_range(unsigned long start, unsigned long end);
+ extern void flush_tsb_user(struct tlb_batch *tb);
++extern void flush_tsb_user_page(struct mm_struct *mm, unsigned long vaddr);
+ 
+ /* TLB flush operations. */
+ 
+-extern void flush_tlb_pending(void);
++static inline void flush_tlb_mm(struct mm_struct *mm)
++{
++}
++
++static inline void flush_tlb_page(struct vm_area_struct *vma,
++				  unsigned long vmaddr)
++{
++}
++
++static inline void flush_tlb_range(struct vm_area_struct *vma,
++				   unsigned long start, unsigned long end)
++{
++}
++
++#define __HAVE_ARCH_ENTER_LAZY_MMU_MODE
+ 
+-#define flush_tlb_range(vma,start,end)	\
+-	do { (void)(start); flush_tlb_pending(); } while (0)
+-#define flush_tlb_page(vma,addr)	flush_tlb_pending()
+-#define flush_tlb_mm(mm)		flush_tlb_pending()
++extern void flush_tlb_pending(void);
++extern void arch_enter_lazy_mmu_mode(void);
++extern void arch_leave_lazy_mmu_mode(void);
++#define arch_flush_lazy_mmu_mode()      do {} while (0)
+ 
+ /* Local cpu only.  */
+ extern void __flush_tlb_all(void);
+-
++extern void __flush_tlb_page(unsigned long context, unsigned long vaddr);
+ extern void __flush_tlb_kernel_range(unsigned long start, unsigned long end);
+ 
+ #ifndef CONFIG_SMP
+@@ -38,15 +54,24 @@ do {	flush_tsb_kernel_range(start,end); \
+ 	__flush_tlb_kernel_range(start,end); \
+ } while (0)
+ 
++static inline void global_flush_tlb_page(struct mm_struct *mm, unsigned long vaddr)
++{
++	__flush_tlb_page(CTX_HWBITS(mm->context), vaddr);
++}
++
+ #else /* CONFIG_SMP */
+ 
+ extern void smp_flush_tlb_kernel_range(unsigned long start, unsigned long end);
++extern void smp_flush_tlb_page(struct mm_struct *mm, unsigned long vaddr);
+ 
+ #define flush_tlb_kernel_range(start, end) \
+ do {	flush_tsb_kernel_range(start,end); \
+ 	smp_flush_tlb_kernel_range(start, end); \
+ } while (0)
+ 
++#define global_flush_tlb_page(mm, vaddr) \
++	smp_flush_tlb_page(mm, vaddr)
++
+ #endif /* ! CONFIG_SMP */
+ 
+ #endif /* _SPARC64_TLBFLUSH_H */
+diff --git a/arch/sparc/kernel/smp_64.c b/arch/sparc/kernel/smp_64.c
+index 7560772..e21d3c0d 100644
+--- a/arch/sparc/kernel/smp_64.c
++++ b/arch/sparc/kernel/smp_64.c
+@@ -856,7 +856,7 @@ void smp_tsb_sync(struct mm_struct *mm)
+ }
+ 
+ extern unsigned long xcall_flush_tlb_mm;
+-extern unsigned long xcall_flush_tlb_pending;
++extern unsigned long xcall_flush_tlb_page;
+ extern unsigned long xcall_flush_tlb_kernel_range;
+ extern unsigned long xcall_fetch_glob_regs;
+ extern unsigned long xcall_receive_signal;
+@@ -1070,23 +1070,56 @@ local_flush_and_out:
+ 	put_cpu();
+ }
+ 
++struct tlb_pending_info {
++	unsigned long ctx;
++	unsigned long nr;
++	unsigned long *vaddrs;
++};
++
++static void tlb_pending_func(void *info)
++{
++	struct tlb_pending_info *t = info;
++
++	__flush_tlb_pending(t->ctx, t->nr, t->vaddrs);
++}
++
+ void smp_flush_tlb_pending(struct mm_struct *mm, unsigned long nr, unsigned long *vaddrs)
+ {
+ 	u32 ctx = CTX_HWBITS(mm->context);
++	struct tlb_pending_info info;
+ 	int cpu = get_cpu();
+ 
++	info.ctx = ctx;
++	info.nr = nr;
++	info.vaddrs = vaddrs;
++
+ 	if (mm == current->mm && atomic_read(&mm->mm_users) == 1)
+ 		cpumask_copy(mm_cpumask(mm), cpumask_of(cpu));
+ 	else
+-		smp_cross_call_masked(&xcall_flush_tlb_pending,
+-				      ctx, nr, (unsigned long) vaddrs,
+-				      mm_cpumask(mm));
++		smp_call_function_many(mm_cpumask(mm), tlb_pending_func,
++				       &info, 1);
+ 
+ 	__flush_tlb_pending(ctx, nr, vaddrs);
+ 
+ 	put_cpu();
+ }
+ 
++void smp_flush_tlb_page(struct mm_struct *mm, unsigned long vaddr)
++{
++	unsigned long context = CTX_HWBITS(mm->context);
++	int cpu = get_cpu();
++
++	if (mm == current->mm && atomic_read(&mm->mm_users) == 1)
++		cpumask_copy(mm_cpumask(mm), cpumask_of(cpu));
++	else
++		smp_cross_call_masked(&xcall_flush_tlb_page,
++				      context, vaddr, 0,
++				      mm_cpumask(mm));
++	__flush_tlb_page(context, vaddr);
++
++	put_cpu();
++}
++
+ void smp_flush_tlb_kernel_range(unsigned long start, unsigned long end)
+ {
+ 	start &= PAGE_MASK;
+diff --git a/arch/sparc/mm/tlb.c b/arch/sparc/mm/tlb.c
+index b1f279c..afd021e 100644
+--- a/arch/sparc/mm/tlb.c
++++ b/arch/sparc/mm/tlb.c
+@@ -24,11 +24,17 @@ static DEFINE_PER_CPU(struct tlb_batch, tlb_batch);
+ void flush_tlb_pending(void)
+ {
+ 	struct tlb_batch *tb = &get_cpu_var(tlb_batch);
++	struct mm_struct *mm = tb->mm;
+ 
+-	if (tb->tlb_nr) {
+-		flush_tsb_user(tb);
++	if (!tb->tlb_nr)
++		goto out;
+ 
+-		if (CTX_VALID(tb->mm->context)) {
++	flush_tsb_user(tb);
++
++	if (CTX_VALID(mm->context)) {
++		if (tb->tlb_nr == 1) {
++			global_flush_tlb_page(mm, tb->vaddrs[0]);
++		} else {
+ #ifdef CONFIG_SMP
+ 			smp_flush_tlb_pending(tb->mm, tb->tlb_nr,
+ 					      &tb->vaddrs[0]);
+@@ -37,12 +43,30 @@ void flush_tlb_pending(void)
+ 					    tb->tlb_nr, &tb->vaddrs[0]);
+ #endif
+ 		}
+-		tb->tlb_nr = 0;
+ 	}
+ 
++	tb->tlb_nr = 0;
++
++out:
+ 	put_cpu_var(tlb_batch);
+ }
+ 
++void arch_enter_lazy_mmu_mode(void)
++{
++	struct tlb_batch *tb = &__get_cpu_var(tlb_batch);
++
++	tb->active = 1;
++}
++
++void arch_leave_lazy_mmu_mode(void)
++{
++	struct tlb_batch *tb = &__get_cpu_var(tlb_batch);
++
++	if (tb->tlb_nr)
++		flush_tlb_pending();
++	tb->active = 0;
++}
++
+ void tlb_batch_add(struct mm_struct *mm, unsigned long vaddr,
+ 		   pte_t *ptep, pte_t orig, int fullmm)
+ {
+@@ -90,6 +114,12 @@ no_cache_flush:
+ 		nr = 0;
+ 	}
+ 
++	if (!tb->active) {
++		global_flush_tlb_page(mm, vaddr);
++		flush_tsb_user_page(mm, vaddr);
++		goto out;
++	}
++
+ 	if (nr == 0)
+ 		tb->mm = mm;
+ 
+@@ -98,5 +128,6 @@ no_cache_flush:
+ 	if (nr >= TLB_BATCH_NR)
+ 		flush_tlb_pending();
+ 
++out:
+ 	put_cpu_var(tlb_batch);
+ }
+diff --git a/arch/sparc/mm/tsb.c b/arch/sparc/mm/tsb.c
+index 536412d..3ebcac7 100644
+--- a/arch/sparc/mm/tsb.c
++++ b/arch/sparc/mm/tsb.c
+@@ -8,11 +8,10 @@
+ #include <linux/slab.h>
+ #include <asm/system.h>
+ #include <asm/page.h>
+-#include <asm/tlbflush.h>
+-#include <asm/tlb.h>
+-#include <asm/mmu_context.h>
+ #include <asm/pgtable.h>
++#include <asm/mmu_context.h>
+ #include <asm/tsb.h>
++#include <asm/tlb.h>
+ #include <asm/oplib.h>
+ 
+ extern struct tsb swapper_tsb[KERNEL_TSB_NENTRIES];
+@@ -47,23 +46,27 @@ void flush_tsb_kernel_range(unsigned long start, unsigned long end)
+ 	}
+ }
+ 
+-static void __flush_tsb_one(struct tlb_batch *tb, unsigned long hash_shift,
+-			    unsigned long tsb, unsigned long nentries)
++static void __flush_tsb_one_entry(unsigned long tsb, unsigned long v,
++				  unsigned long hash_shift,
++				  unsigned long nentries)
+ {
+-	unsigned long i;
++	unsigned long tag, ent, hash;
+ 
+-	for (i = 0; i < tb->tlb_nr; i++) {
+-		unsigned long v = tb->vaddrs[i];
+-		unsigned long tag, ent, hash;
++	v &= ~0x1UL;
++	hash = tsb_hash(v, hash_shift, nentries);
++	ent = tsb + (hash * sizeof(struct tsb));
++	tag = (v >> 22UL);
+ 
+-		v &= ~0x1UL;
++	tsb_flush(ent, tag);
++}
+ 
+-		hash = tsb_hash(v, hash_shift, nentries);
+-		ent = tsb + (hash * sizeof(struct tsb));
+-		tag = (v >> 22UL);
++static void __flush_tsb_one(struct tlb_batch *tb, unsigned long hash_shift,
++			    unsigned long tsb, unsigned long nentries)
++{
++	unsigned long i;
+ 
+-		tsb_flush(ent, tag);
+-	}
++	for (i = 0; i < tb->tlb_nr; i++)
++		__flush_tsb_one_entry(tsb, tb->vaddrs[i], hash_shift, nentries);
+ }
+ 
+ void flush_tsb_user(struct tlb_batch *tb)
+@@ -91,6 +94,30 @@ void flush_tsb_user(struct tlb_batch *tb)
+ 	spin_unlock_irqrestore(&mm->context.lock, flags);
+ }
+ 
++void flush_tsb_user_page(struct mm_struct *mm, unsigned long vaddr)
++{
++	unsigned long nentries, base, flags;
++
++	spin_lock_irqsave(&mm->context.lock, flags);
++
++	base = (unsigned long) mm->context.tsb_block[MM_TSB_BASE].tsb;
++	nentries = mm->context.tsb_block[MM_TSB_BASE].tsb_nentries;
++	if (tlb_type == cheetah_plus || tlb_type == hypervisor)
++		base = __pa(base);
++	__flush_tsb_one_entry(base, vaddr, PAGE_SHIFT, nentries);
++
++#if defined(CONFIG_HUGETLB_PAGE) || defined(CONFIG_TRANSPARENT_HUGEPAGE)
++	if (mm->context.tsb_block[MM_TSB_HUGE].tsb) {
++		base = (unsigned long) mm->context.tsb_block[MM_TSB_HUGE].tsb;
++		nentries = mm->context.tsb_block[MM_TSB_HUGE].tsb_nentries;
++		if (tlb_type == cheetah_plus || tlb_type == hypervisor)
++			base = __pa(base);
++		__flush_tsb_one_entry(base, vaddr, HPAGE_SHIFT, nentries);
++	}
++#endif
++	spin_unlock_irqrestore(&mm->context.lock, flags);
++}
++
+ #if defined(CONFIG_SPARC64_PAGE_SIZE_8KB)
+ #define HV_PGSZ_IDX_BASE	HV_PGSZ_IDX_8K
+ #define HV_PGSZ_MASK_BASE	HV_PGSZ_MASK_8K
+diff --git a/arch/sparc/mm/ultra.S b/arch/sparc/mm/ultra.S
+index 874162a..dd10caa 100644
+--- a/arch/sparc/mm/ultra.S
++++ b/arch/sparc/mm/ultra.S
+@@ -53,6 +53,33 @@ __flush_tlb_mm:		/* 18 insns */
+ 	nop
+ 
+ 	.align		32
++	.globl		__flush_tlb_page
++__flush_tlb_page:	/* 22 insns */
++	/* %o0 = context, %o1 = vaddr */
++	rdpr		%pstate, %g7
++	andn		%g7, PSTATE_IE, %g2
++	wrpr		%g2, %pstate
++	mov		SECONDARY_CONTEXT, %o4
++	ldxa		[%o4] ASI_DMMU, %g2
++	stxa		%o0, [%o4] ASI_DMMU
++	andcc		%o1, 1, %g0
++	andn		%o1, 1, %o3
++	be,pn		%icc, 1f
++	 or		%o3, 0x10, %o3
++	stxa		%g0, [%o3] ASI_IMMU_DEMAP
++1:	stxa		%g0, [%o3] ASI_DMMU_DEMAP
++	membar		#Sync
++	stxa		%g2, [%o4] ASI_DMMU
++	sethi		%hi(KERNBASE), %o4
++	flush		%o4
++	retl
++	 wrpr		%g7, 0x0, %pstate
++	nop
++	nop
++	nop
++	nop
++
++	.align		32
+ 	.globl		__flush_tlb_pending
+ __flush_tlb_pending:	/* 26 insns */
+ 	/* %o0 = context, %o1 = nr, %o2 = vaddrs[] */
+@@ -203,6 +230,31 @@ __cheetah_flush_tlb_mm: /* 19 insns */
+ 	retl
+ 	 wrpr		%g7, 0x0, %pstate
+ 
++__cheetah_flush_tlb_page:	/* 22 insns */
++	/* %o0 = context, %o1 = vaddr */
++	rdpr		%pstate, %g7
++	andn		%g7, PSTATE_IE, %g2
++	wrpr		%g2, 0x0, %pstate
++	wrpr		%g0, 1, %tl
++	mov		PRIMARY_CONTEXT, %o4
++	ldxa		[%o4] ASI_DMMU, %g2
++	srlx		%g2, CTX_PGSZ1_NUC_SHIFT, %o3
++	sllx		%o3, CTX_PGSZ1_NUC_SHIFT, %o3
++	or		%o0, %o3, %o0	/* Preserve nucleus page size fields */
++	stxa		%o0, [%o4] ASI_DMMU
++	andcc		%o1, 1, %g0
++	be,pn		%icc, 1f
++	 andn		%o1, 1, %o3
++	stxa		%g0, [%o3] ASI_IMMU_DEMAP
++1:	stxa		%g0, [%o3] ASI_DMMU_DEMAP
++	membar		#Sync
++	stxa		%g2, [%o4] ASI_DMMU
++	sethi		%hi(KERNBASE), %o4
++	flush		%o4
++	wrpr		%g0, 0, %tl
++	retl
++	 wrpr		%g7, 0x0, %pstate
++
+ __cheetah_flush_tlb_pending:	/* 27 insns */
+ 	/* %o0 = context, %o1 = nr, %o2 = vaddrs[] */
+ 	rdpr		%pstate, %g7
+@@ -269,6 +321,20 @@ __hypervisor_flush_tlb_mm: /* 10 insns */
+ 	retl
+ 	 nop
+ 
++__hypervisor_flush_tlb_page: /* 11 insns */
++	/* %o0 = context, %o1 = vaddr */
++	mov		%o0, %g2
++	mov		%o1, %o0              /* ARG0: vaddr + IMMU-bit */
++	mov		%g2, %o1	      /* ARG1: mmu context */
++	mov		HV_MMU_ALL, %o2	      /* ARG2: flags */
++	srlx		%o0, PAGE_SHIFT, %o0
++	sllx		%o0, PAGE_SHIFT, %o0
++	ta		HV_MMU_UNMAP_ADDR_TRAP
++	brnz,pn		%o0, __hypervisor_tlb_tl0_error
++	 mov		HV_MMU_UNMAP_ADDR_TRAP, %o1
++	retl
++	 nop
++
+ __hypervisor_flush_tlb_pending: /* 16 insns */
+ 	/* %o0 = context, %o1 = nr, %o2 = vaddrs[] */
+ 	sllx		%o1, 3, %g1
+@@ -339,6 +405,13 @@ cheetah_patch_cachetlbops:
+ 	call		tlb_patch_one
+ 	 mov		19, %o2
+ 
++	sethi		%hi(__flush_tlb_page), %o0
++	or		%o0, %lo(__flush_tlb_page), %o0
++	sethi		%hi(__cheetah_flush_tlb_page), %o1
++	or		%o1, %lo(__cheetah_flush_tlb_page), %o1
++	call		tlb_patch_one
++	 mov		22, %o2
++
+ 	sethi		%hi(__flush_tlb_pending), %o0
+ 	or		%o0, %lo(__flush_tlb_pending), %o0
+ 	sethi		%hi(__cheetah_flush_tlb_pending), %o1
+@@ -397,10 +470,9 @@ xcall_flush_tlb_mm:	/* 21 insns */
+ 	nop
+ 	nop
+ 
+-	.globl		xcall_flush_tlb_pending
+-xcall_flush_tlb_pending:	/* 21 insns */
+-	/* %g5=context, %g1=nr, %g7=vaddrs[] */
+-	sllx		%g1, 3, %g1
++	.globl		xcall_flush_tlb_page
++xcall_flush_tlb_page:	/* 17 insns */
++	/* %g5=context, %g1=vaddr */
+ 	mov		PRIMARY_CONTEXT, %g4
+ 	ldxa		[%g4] ASI_DMMU, %g2
+ 	srlx		%g2, CTX_PGSZ1_NUC_SHIFT, %g4
+@@ -408,20 +480,16 @@ xcall_flush_tlb_pending:	/* 21 insns */
+ 	or		%g5, %g4, %g5
+ 	mov		PRIMARY_CONTEXT, %g4
+ 	stxa		%g5, [%g4] ASI_DMMU
+-1:	sub		%g1, (1 << 3), %g1
+-	ldx		[%g7 + %g1], %g5
+-	andcc		%g5, 0x1, %g0
++	andcc		%g1, 0x1, %g0
+ 	be,pn		%icc, 2f
+-
+-	 andn		%g5, 0x1, %g5
++	 andn		%g1, 0x1, %g5
+ 	stxa		%g0, [%g5] ASI_IMMU_DEMAP
+ 2:	stxa		%g0, [%g5] ASI_DMMU_DEMAP
+ 	membar		#Sync
+-	brnz,pt		%g1, 1b
+-	 nop
+ 	stxa		%g2, [%g4] ASI_DMMU
+ 	retry
+ 	nop
++	nop
+ 
+ 	.globl		xcall_flush_tlb_kernel_range
+ xcall_flush_tlb_kernel_range:	/* 25 insns */
+@@ -596,15 +664,13 @@ __hypervisor_xcall_flush_tlb_mm: /* 21 insns */
+ 	membar		#Sync
+ 	retry
+ 
+-	.globl		__hypervisor_xcall_flush_tlb_pending
+-__hypervisor_xcall_flush_tlb_pending: /* 21 insns */
+-	/* %g5=ctx, %g1=nr, %g7=vaddrs[], %g2,%g3,%g4,g6=scratch */
+-	sllx		%g1, 3, %g1
++	.globl		__hypervisor_xcall_flush_tlb_page
++__hypervisor_xcall_flush_tlb_page: /* 17 insns */
++	/* %g5=ctx, %g1=vaddr */
+ 	mov		%o0, %g2
+ 	mov		%o1, %g3
+ 	mov		%o2, %g4
+-1:	sub		%g1, (1 << 3), %g1
+-	ldx		[%g7 + %g1], %o0	/* ARG0: virtual address */
++	mov		%g1, %o0	        /* ARG0: virtual address */
+ 	mov		%g5, %o1		/* ARG1: mmu context */
+ 	mov		HV_MMU_ALL, %o2		/* ARG2: flags */
+ 	srlx		%o0, PAGE_SHIFT, %o0
+@@ -613,8 +679,6 @@ __hypervisor_xcall_flush_tlb_pending: /* 21 insns */
+ 	mov		HV_MMU_UNMAP_ADDR_TRAP, %g6
+ 	brnz,a,pn	%o0, __hypervisor_tlb_xcall_error
+ 	 mov		%o0, %g5
+-	brnz,pt		%g1, 1b
+-	 nop
+ 	mov		%g2, %o0
+ 	mov		%g3, %o1
+ 	mov		%g4, %o2
+@@ -697,6 +761,13 @@ hypervisor_patch_cachetlbops:
+ 	call		tlb_patch_one
+ 	 mov		10, %o2
+ 
++	sethi		%hi(__flush_tlb_page), %o0
++	or		%o0, %lo(__flush_tlb_page), %o0
++	sethi		%hi(__hypervisor_flush_tlb_page), %o1
++	or		%o1, %lo(__hypervisor_flush_tlb_page), %o1
++	call		tlb_patch_one
++	 mov		11, %o2
++
+ 	sethi		%hi(__flush_tlb_pending), %o0
+ 	or		%o0, %lo(__flush_tlb_pending), %o0
+ 	sethi		%hi(__hypervisor_flush_tlb_pending), %o1
+@@ -728,12 +799,12 @@ hypervisor_patch_cachetlbops:
+ 	call		tlb_patch_one
+ 	 mov		21, %o2
+ 
+-	sethi		%hi(xcall_flush_tlb_pending), %o0
+-	or		%o0, %lo(xcall_flush_tlb_pending), %o0
+-	sethi		%hi(__hypervisor_xcall_flush_tlb_pending), %o1
+-	or		%o1, %lo(__hypervisor_xcall_flush_tlb_pending), %o1
++	sethi		%hi(xcall_flush_tlb_page), %o0
++	or		%o0, %lo(xcall_flush_tlb_page), %o0
++	sethi		%hi(__hypervisor_xcall_flush_tlb_page), %o1
++	or		%o1, %lo(__hypervisor_xcall_flush_tlb_page), %o1
+ 	call		tlb_patch_one
+-	 mov		21, %o2
++	 mov		17, %o2
+ 
+ 	sethi		%hi(xcall_flush_tlb_kernel_range), %o0
+ 	or		%o0, %lo(xcall_flush_tlb_kernel_range), %o0
+diff --git a/arch/x86/kernel/cpu/perf_event_intel.c b/arch/x86/kernel/cpu/perf_event_intel.c
+index 957c216..4bb12f7 100644
+--- a/arch/x86/kernel/cpu/perf_event_intel.c
++++ b/arch/x86/kernel/cpu/perf_event_intel.c
+@@ -130,8 +130,14 @@ static struct event_constraint intel_gen_event_constraints[] __read_mostly =
+ };
+ 
+ static struct extra_reg intel_snb_extra_regs[] __read_mostly = {
+-	INTEL_EVENT_EXTRA_REG(0xb7, MSR_OFFCORE_RSP_0, 0x3fffffffffull, RSP_0),
+-	INTEL_EVENT_EXTRA_REG(0xbb, MSR_OFFCORE_RSP_1, 0x3fffffffffull, RSP_1),
++	INTEL_EVENT_EXTRA_REG(0xb7, MSR_OFFCORE_RSP_0, 0x3f807f8fffull, RSP_0),
++	INTEL_EVENT_EXTRA_REG(0xbb, MSR_OFFCORE_RSP_1, 0x3f807f8fffull, RSP_1),
++	EVENT_EXTRA_END
++};
++
++static struct extra_reg intel_snbep_extra_regs[] __read_mostly = {
++	INTEL_EVENT_EXTRA_REG(0xb7, MSR_OFFCORE_RSP_0, 0x3fffff8fffull, RSP_0),
++	INTEL_EVENT_EXTRA_REG(0xbb, MSR_OFFCORE_RSP_1, 0x3fffff8fffull, RSP_1),
+ 	EVENT_EXTRA_END
+ };
+ 
+@@ -1711,7 +1717,10 @@ __init int intel_pmu_init(void)
+ 
+ 		x86_pmu.event_constraints = intel_snb_event_constraints;
+ 		x86_pmu.pebs_constraints = intel_snb_pebs_event_constraints;
+-		x86_pmu.extra_regs = intel_snb_extra_regs;
++		if (boot_cpu_data.x86_model == 45)
++			x86_pmu.extra_regs = intel_snbep_extra_regs;
++		else
++			x86_pmu.extra_regs = intel_snb_extra_regs;
+ 		/* all extra regs are per-cpu when HT is on */
+ 		x86_pmu.er_flags |= ERF_HAS_RSP_1;
+ 		x86_pmu.er_flags |= ERF_NO_HT_SHARING;
+diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
+index 34a7f40..a4cca06 100644
+--- a/arch/x86/mm/init.c
++++ b/arch/x86/mm/init.c
+@@ -44,11 +44,15 @@ static void __init find_early_table_space(struct map_range *mr, int nr_range)
+ 	int i;
+ 	unsigned long puds = 0, pmds = 0, ptes = 0, tables;
+ 	unsigned long start = 0, good_end;
++	unsigned long pgd_extra = 0;
+ 	phys_addr_t base;
+ 
+ 	for (i = 0; i < nr_range; i++) {
+ 		unsigned long range, extra;
+ 
++		if ((mr[i].end >> PGDIR_SHIFT) - (mr[i].start >> PGDIR_SHIFT))
++			pgd_extra++;
++
+ 		range = mr[i].end - mr[i].start;
+ 		puds += (range + PUD_SIZE - 1) >> PUD_SHIFT;
+ 
+@@ -73,6 +77,7 @@ static void __init find_early_table_space(struct map_range *mr, int nr_range)
+ 	tables = roundup(puds * sizeof(pud_t), PAGE_SIZE);
+ 	tables += roundup(pmds * sizeof(pmd_t), PAGE_SIZE);
+ 	tables += roundup(ptes * sizeof(pte_t), PAGE_SIZE);
++	tables += (pgd_extra * PAGE_SIZE);
+ 
+ #ifdef CONFIG_X86_32
+ 	/* for fixmap */
+diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
+index 69b9ef6..044f5d9 100644
+--- a/arch/x86/xen/enlighten.c
++++ b/arch/x86/xen/enlighten.c
+@@ -1391,8 +1391,11 @@ static int __cpuinit xen_hvm_cpu_notify(struct notifier_block *self,
+ 	switch (action) {
+ 	case CPU_UP_PREPARE:
+ 		xen_vcpu_setup(cpu);
+-		if (xen_have_vector_callback)
++		if (xen_have_vector_callback) {
+ 			xen_init_lock_cpu(cpu);
++			if (xen_feature(XENFEAT_hvm_safe_pvclock))
++				xen_setup_timer(cpu);
++		}
+ 		break;
+ 	default:
+ 		break;
+diff --git a/arch/x86/xen/smp.c b/arch/x86/xen/smp.c
+index 9a23fff..6e4d5dc 100644
+--- a/arch/x86/xen/smp.c
++++ b/arch/x86/xen/smp.c
+@@ -563,6 +563,8 @@ static void xen_hvm_cpu_die(unsigned int cpu)
+ 	unbind_from_irqhandler(per_cpu(xen_callfunc_irq, cpu), NULL);
+ 	unbind_from_irqhandler(per_cpu(xen_debug_irq, cpu), NULL);
+ 	unbind_from_irqhandler(per_cpu(xen_callfuncsingle_irq, cpu), NULL);
++	xen_uninit_lock_cpu(cpu);
++	xen_teardown_timer(cpu);
+ 	native_cpu_die(cpu);
+ }
+ 
+diff --git a/arch/x86/xen/time.c b/arch/x86/xen/time.c
+index 0296a95..054cc01 100644
+--- a/arch/x86/xen/time.c
++++ b/arch/x86/xen/time.c
+@@ -497,7 +497,11 @@ static void xen_hvm_setup_cpu_clockevents(void)
+ {
+ 	int cpu = smp_processor_id();
+ 	xen_setup_runstate_info(cpu);
+-	xen_setup_timer(cpu);
++	/*
++	 * xen_setup_timer(cpu) - snprintf is bad in atomic context. Hence
++	 * doing it xen_hvm_cpu_notify (which gets called by smp_init during
++	 * early bootup and also during CPU hotplug events).
++	 */
+ 	xen_setup_cpu_clockevents();
+ }
+ 
+diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
+index ef5356c..0262210 100644
+--- a/crypto/algif_hash.c
++++ b/crypto/algif_hash.c
+@@ -161,6 +161,8 @@ static int hash_recvmsg(struct kiocb *unused, struct socket *sock,
+ 	else if (len < ds)
+ 		msg->msg_flags |= MSG_TRUNC;
+ 
++	msg->msg_namelen = 0;
++
+ 	lock_sock(sk);
+ 	if (ctx->more) {
+ 		ctx->more = 0;
+diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
+index 6a6dfc0..a1c4f0a 100644
+--- a/crypto/algif_skcipher.c
++++ b/crypto/algif_skcipher.c
+@@ -432,6 +432,7 @@ static int skcipher_recvmsg(struct kiocb *unused, struct socket *sock,
+ 	long copied = 0;
+ 
+ 	lock_sock(sk);
++	msg->msg_namelen = 0;
+ 	for (iov = msg->msg_iov, iovlen = msg->msg_iovlen; iovlen > 0;
+ 	     iovlen--, iov++) {
+ 		unsigned long seglen = iov->iov_len;
+diff --git a/drivers/acpi/pci_root.c b/drivers/acpi/pci_root.c
+index 7aff631..5b0f075 100644
+--- a/drivers/acpi/pci_root.c
++++ b/drivers/acpi/pci_root.c
+@@ -247,8 +247,8 @@ static acpi_status acpi_pci_query_osc(struct acpi_pci_root *root,
+ 		*control &= OSC_PCI_CONTROL_MASKS;
+ 		capbuf[OSC_CONTROL_TYPE] = *control | root->osc_control_set;
+ 	} else {
+-		/* Run _OSC query for all possible controls. */
+-		capbuf[OSC_CONTROL_TYPE] = OSC_PCI_CONTROL_MASKS;
++		/* Run _OSC query only with existing controls. */
++		capbuf[OSC_CONTROL_TYPE] = root->osc_control_set;
+ 	}
+ 
+ 	status = acpi_pci_run_osc(root->device->handle, capbuf, &result);
+diff --git a/drivers/char/hpet.c b/drivers/char/hpet.c
+index 0833896..14d49e4 100644
+--- a/drivers/char/hpet.c
++++ b/drivers/char/hpet.c
+@@ -374,26 +374,14 @@ static int hpet_mmap(struct file *file, struct vm_area_struct *vma)
+ 	struct hpet_dev *devp;
+ 	unsigned long addr;
+ 
+-	if (((vma->vm_end - vma->vm_start) != PAGE_SIZE) || vma->vm_pgoff)
+-		return -EINVAL;
+-
+ 	devp = file->private_data;
+ 	addr = devp->hd_hpets->hp_hpet_phys;
+ 
+ 	if (addr & (PAGE_SIZE - 1))
+ 		return -ENOSYS;
+ 
+-	vma->vm_flags |= VM_IO;
+ 	vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
+-
+-	if (io_remap_pfn_range(vma, vma->vm_start, addr >> PAGE_SHIFT,
+-					PAGE_SIZE, vma->vm_page_prot)) {
+-		printk(KERN_ERR "%s: io_remap_pfn_range failed\n",
+-			__func__);
+-		return -EAGAIN;
+-	}
+-
+-	return 0;
++	return vm_iomap_memory(vma, addr, PAGE_SIZE);
+ #else
+ 	return -ENOSYS;
+ #endif
+diff --git a/drivers/gpu/drm/i915/i915_dma.c b/drivers/gpu/drm/i915/i915_dma.c
+index ca67338..c77fc67 100644
+--- a/drivers/gpu/drm/i915/i915_dma.c
++++ b/drivers/gpu/drm/i915/i915_dma.c
+@@ -1007,56 +1007,50 @@ intel_teardown_mchbar(struct drm_device *dev)
+ 		release_resource(&dev_priv->mch_res);
+ }
+ 
+-#define PTE_ADDRESS_MASK		0xfffff000
+-#define PTE_ADDRESS_MASK_HIGH		0x000000f0 /* i915+ */
+-#define PTE_MAPPING_TYPE_UNCACHED	(0 << 1)
+-#define PTE_MAPPING_TYPE_DCACHE		(1 << 1) /* i830 only */
+-#define PTE_MAPPING_TYPE_CACHED		(3 << 1)
+-#define PTE_MAPPING_TYPE_MASK		(3 << 1)
+-#define PTE_VALID			(1 << 0)
+-
+-/**
+- * i915_stolen_to_phys - take an offset into stolen memory and turn it into
+- *                       a physical one
+- * @dev: drm device
+- * @offset: address to translate
+- *
+- * Some chip functions require allocations from stolen space and need the
+- * physical address of the memory in question.
+- */
+-static unsigned long i915_stolen_to_phys(struct drm_device *dev, u32 offset)
++static unsigned long i915_stolen_to_physical(struct drm_device *dev)
+ {
+ 	struct drm_i915_private *dev_priv = dev->dev_private;
+ 	struct pci_dev *pdev = dev_priv->bridge_dev;
+ 	u32 base;
+ 
+-#if 0
+ 	/* On the machines I have tested the Graphics Base of Stolen Memory
+-	 * is unreliable, so compute the base by subtracting the stolen memory
+-	 * from the Top of Low Usable DRAM which is where the BIOS places
+-	 * the graphics stolen memory.
++	 * is unreliable, so on those compute the base by subtracting the
++	 * stolen memory from the Top of Low Usable DRAM which is where the
++	 * BIOS places the graphics stolen memory.
++	 *
++	 * On gen2, the layout is slightly different with the Graphics Segment
++	 * immediately following Top of Memory (or Top of Usable DRAM). Note
++	 * it appears that TOUD is only reported by 865g, so we just use the
++	 * top of memory as determined by the e820 probe.
++	 *
++	 * XXX gen2 requires an unavailable symbol and 945gm fails with
++	 * its value of TOLUD.
+ 	 */
+-	if (INTEL_INFO(dev)->gen > 3 || IS_G33(dev)) {
+-		/* top 32bits are reserved = 0 */
++	base = 0;
++	if (INTEL_INFO(dev)->gen >= 6) {
++		/* Read Base Data of Stolen Memory Register (BDSM) directly.
++		 * Note that there is also a MCHBAR miror at 0x1080c0 or
++		 * we could use device 2:0x5c instead.
++		*/
++		pci_read_config_dword(pdev, 0xB0, &base);
++		base &= ~4095; /* lower bits used for locking register */
++	} else if (INTEL_INFO(dev)->gen > 3 || IS_G33(dev)) {
++		/* Read Graphics Base of Stolen Memory directly */
+ 		pci_read_config_dword(pdev, 0xA4, &base);
+-	} else {
+-		/* XXX presume 8xx is the same as i915 */
+-		pci_bus_read_config_dword(pdev->bus, 2, 0x5C, &base);
+-	}
+-#else
+-	if (INTEL_INFO(dev)->gen > 3 || IS_G33(dev)) {
+-		u16 val;
+-		pci_read_config_word(pdev, 0xb0, &val);
+-		base = val >> 4 << 20;
+-	} else {
++#if 0
++	} else if (IS_GEN3(dev)) {
+ 		u8 val;
++		/* Stolen is immediately below Top of Low Usable DRAM */
+ 		pci_read_config_byte(pdev, 0x9c, &val);
+ 		base = val >> 3 << 27;
+-	}
+-	base -= dev_priv->mm.gtt->stolen_size;
++		base -= dev_priv->mm.gtt->stolen_size;
++	} else {
++		/* Stolen is immediately above Top of Memory */
++		base = max_low_pfn_mapped << PAGE_SHIFT;
+ #endif
++	}
+ 
+-	return base + offset;
++	return base;
+ }
+ 
+ static void i915_warn_stolen(struct drm_device *dev)
+@@ -1081,7 +1075,7 @@ static void i915_setup_compression(struct drm_device *dev, int size)
+ 	if (!compressed_fb)
+ 		goto err;
+ 
+-	cfb_base = i915_stolen_to_phys(dev, compressed_fb->start);
++	cfb_base = dev_priv->mm.stolen_base + compressed_fb->start;
+ 	if (!cfb_base)
+ 		goto err_fb;
+ 
+@@ -1094,7 +1088,7 @@ static void i915_setup_compression(struct drm_device *dev, int size)
+ 		if (!compressed_llb)
+ 			goto err_fb;
+ 
+-		ll_base = i915_stolen_to_phys(dev, compressed_llb->start);
++		ll_base = dev_priv->mm.stolen_base + compressed_llb->start;
+ 		if (!ll_base)
+ 			goto err_llb;
+ 	}
+@@ -1113,7 +1107,7 @@ static void i915_setup_compression(struct drm_device *dev, int size)
+ 	}
+ 
+ 	DRM_DEBUG_KMS("FBC base 0x%08lx, ll base 0x%08lx, size %dM\n",
+-		      cfb_base, ll_base, size >> 20);
++		      (long)cfb_base, (long)ll_base, size >> 20);
+ 	return;
+ 
+ err_llb:
+@@ -1187,6 +1181,13 @@ static int i915_load_gem_init(struct drm_device *dev)
+ 	gtt_size = dev_priv->mm.gtt->gtt_total_entries << PAGE_SHIFT;
+ 	mappable_size = dev_priv->mm.gtt->gtt_mappable_entries << PAGE_SHIFT;
+ 
++	dev_priv->mm.stolen_base = i915_stolen_to_physical(dev);
++	if (dev_priv->mm.stolen_base == 0)
++		return 0;
++
++	DRM_DEBUG_KMS("found %d bytes of stolen memory at %08lx\n",
++		      dev_priv->mm.gtt->stolen_size, dev_priv->mm.stolen_base);
++
+ 	/* Basic memrange allocator for stolen space */
+ 	drm_mm_init(&dev_priv->mm.stolen, 0, prealloc_size);
+ 
+diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h
+index 144d37c..20cd295 100644
+--- a/drivers/gpu/drm/i915/i915_drv.h
++++ b/drivers/gpu/drm/i915/i915_drv.h
+@@ -581,6 +581,7 @@ typedef struct drm_i915_private {
+ 		unsigned long gtt_start;
+ 		unsigned long gtt_mappable_end;
+ 		unsigned long gtt_end;
++		unsigned long stolen_base; /* limited to low memory (32-bit) */
+ 
+ 		struct io_mapping *gtt_mapping;
+ 		int gtt_mtrr;
+diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c
+index b0186b8..2865b44 100644
+--- a/drivers/gpu/drm/i915/i915_gem.c
++++ b/drivers/gpu/drm/i915/i915_gem.c
+@@ -2520,6 +2520,11 @@ i915_find_fence_reg(struct drm_device *dev,
+ 	return avail;
+ }
+ 
++static void i915_gem_write_fence__ipi(void *data)
++{
++	wbinvd();
++}
++
+ /**
+  * i915_gem_object_get_fence - set up a fence reg for an object
+  * @obj: object to map through a fence reg
+@@ -2640,6 +2645,17 @@ update:
+ 	switch (INTEL_INFO(dev)->gen) {
+ 	case 7:
+ 	case 6:
++		/* In order to fully serialize access to the fenced region and
++		 * the update to the fence register we need to take extreme
++		 * measures on SNB+. In theory, the write to the fence register
++		 * flushes all memory transactions before, and coupled with the
++		 * mb() placed around the register write we serialise all memory
++		 * operations with respect to the changes in the tiler. Yet, on
++		 * SNB+ we need to take a step further and emit an explicit wbinvd()
++		 * on each processor in order to manually flush all memory
++		 * transactions before updating the fence register.
++		 */
++		on_each_cpu(i915_gem_write_fence__ipi, NULL, 1);
+ 		ret = sandybridge_write_fence_reg(obj, pipelined);
+ 		break;
+ 	case 5:
+diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
+index 897ca06..cfbb893 100644
+--- a/drivers/gpu/drm/i915/intel_display.c
++++ b/drivers/gpu/drm/i915/intel_display.c
+@@ -9093,6 +9093,9 @@ void intel_modeset_cleanup(struct drm_device *dev)
+ 	del_timer_sync(&dev_priv->idle_timer);
+ 	cancel_work_sync(&dev_priv->idle_work);
+ 
++	/* destroy backlight, if any, before the connectors */
++	intel_panel_destroy_backlight(dev);
++
+ 	drm_mode_config_cleanup(dev);
+ }
+ 
+diff --git a/drivers/gpu/drm/i915/intel_dp.c b/drivers/gpu/drm/i915/intel_dp.c
+index c8ecaab..a07ccab 100644
+--- a/drivers/gpu/drm/i915/intel_dp.c
++++ b/drivers/gpu/drm/i915/intel_dp.c
+@@ -2274,11 +2274,6 @@ done:
+ static void
+ intel_dp_destroy(struct drm_connector *connector)
+ {
+-	struct drm_device *dev = connector->dev;
+-
+-	if (intel_dpd_is_edp(dev))
+-		intel_panel_destroy_backlight(dev);
+-
+ 	drm_sysfs_connector_remove(connector);
+ 	drm_connector_cleanup(connector);
+ 	kfree(connector);
+diff --git a/drivers/gpu/drm/i915/intel_dvo.c b/drivers/gpu/drm/i915/intel_dvo.c
+index 6eda1b5..8ac91b8 100644
+--- a/drivers/gpu/drm/i915/intel_dvo.c
++++ b/drivers/gpu/drm/i915/intel_dvo.c
+@@ -371,6 +371,7 @@ void intel_dvo_init(struct drm_device *dev)
+ 		const struct intel_dvo_device *dvo = &intel_dvo_devices[i];
+ 		struct i2c_adapter *i2c;
+ 		int gpio;
++		bool dvoinit;
+ 
+ 		/* Allow the I2C driver info to specify the GPIO to be used in
+ 		 * special cases, but otherwise default to what's defined
+@@ -390,7 +391,17 @@ void intel_dvo_init(struct drm_device *dev)
+ 		i2c = &dev_priv->gmbus[gpio].adapter;
+ 
+ 		intel_dvo->dev = *dvo;
+-		if (!dvo->dev_ops->init(&intel_dvo->dev, i2c))
++
++		/* GMBUS NAK handling seems to be unstable, hence let the
++		 * transmitter detection run in bit banging mode for now.
++		 */
++		intel_gmbus_force_bit(i2c, true);
++
++		dvoinit = dvo->dev_ops->init(&intel_dvo->dev, i2c);
++
++		intel_gmbus_force_bit(i2c, false);
++
++		if (!dvoinit)
+ 			continue;
+ 
+ 		intel_encoder->type = INTEL_OUTPUT_DVO;
+diff --git a/drivers/gpu/drm/i915/intel_lvds.c b/drivers/gpu/drm/i915/intel_lvds.c
+index 6601d21..876bac0 100644
+--- a/drivers/gpu/drm/i915/intel_lvds.c
++++ b/drivers/gpu/drm/i915/intel_lvds.c
+@@ -553,8 +553,6 @@ static void intel_lvds_destroy(struct drm_connector *connector)
+ 	struct drm_device *dev = connector->dev;
+ 	struct drm_i915_private *dev_priv = dev->dev_private;
+ 
+-	intel_panel_destroy_backlight(dev);
+-
+ 	if (dev_priv->lid_notifier.notifier_call)
+ 		acpi_lid_notifier_unregister(&dev_priv->lid_notifier);
+ 	drm_sysfs_connector_remove(connector);
+@@ -788,6 +786,14 @@ static const struct dmi_system_id intel_no_lvds[] = {
+ 			DMI_MATCH(DMI_PRODUCT_NAME, "X7SPA-H"),
+ 		},
+ 	},
++	{
++		.callback = intel_no_lvds_dmi_callback,
++		.ident = "Fujitsu Esprimo Q900",
++		.matches = {
++			DMI_MATCH(DMI_SYS_VENDOR, "FUJITSU"),
++			DMI_MATCH(DMI_PRODUCT_NAME, "ESPRIMO Q900"),
++		},
++	},
+ 
+ 	{ }	/* terminating entry */
+ };
+diff --git a/drivers/gpu/drm/i915/intel_panel.c b/drivers/gpu/drm/i915/intel_panel.c
+index 72b8949..04cb34a 100644
+--- a/drivers/gpu/drm/i915/intel_panel.c
++++ b/drivers/gpu/drm/i915/intel_panel.c
+@@ -361,6 +361,9 @@ int intel_panel_setup_backlight(struct drm_device *dev)
+ 
+ 	intel_panel_init_backlight(dev);
+ 
++	if (WARN_ON(dev_priv->backlight))
++		return -ENODEV;
++
+ 	if (dev_priv->int_lvds_connector)
+ 		connector = dev_priv->int_lvds_connector;
+ 	else if (dev_priv->int_edp_connector)
+@@ -388,8 +391,10 @@ int intel_panel_setup_backlight(struct drm_device *dev)
+ void intel_panel_destroy_backlight(struct drm_device *dev)
+ {
+ 	struct drm_i915_private *dev_priv = dev->dev_private;
+-	if (dev_priv->backlight)
++	if (dev_priv->backlight) {
+ 		backlight_device_unregister(dev_priv->backlight);
++		dev_priv->backlight = NULL;
++	}
+ }
+ #else
+ int intel_panel_setup_backlight(struct drm_device *dev)
+diff --git a/drivers/gpu/drm/radeon/atom.c b/drivers/gpu/drm/radeon/atom.c
+index 3a05cdb..d969f3c 100644
+--- a/drivers/gpu/drm/radeon/atom.c
++++ b/drivers/gpu/drm/radeon/atom.c
+@@ -1387,10 +1387,10 @@ int atom_allocate_fb_scratch(struct atom_context *ctx)
+ 		firmware_usage = (struct _ATOM_VRAM_USAGE_BY_FIRMWARE *)(ctx->bios + data_offset);
+ 
+ 		DRM_DEBUG("atom firmware requested %08x %dkb\n",
+-			  firmware_usage->asFirmwareVramReserveInfo[0].ulStartAddrUsedByFirmware,
+-			  firmware_usage->asFirmwareVramReserveInfo[0].usFirmwareUseInKb);
++			  le32_to_cpu(firmware_usage->asFirmwareVramReserveInfo[0].ulStartAddrUsedByFirmware),
++			  le16_to_cpu(firmware_usage->asFirmwareVramReserveInfo[0].usFirmwareUseInKb));
+ 
+-		usage_bytes = firmware_usage->asFirmwareVramReserveInfo[0].usFirmwareUseInKb * 1024;
++		usage_bytes = le16_to_cpu(firmware_usage->asFirmwareVramReserveInfo[0].usFirmwareUseInKb) * 1024;
+ 	}
+ 	ctx->scratch_size_bytes = 0;
+ 	if (usage_bytes == 0)
+diff --git a/drivers/gpu/drm/radeon/atombios_crtc.c b/drivers/gpu/drm/radeon/atombios_crtc.c
+index a25d08a..038570a 100644
+--- a/drivers/gpu/drm/radeon/atombios_crtc.c
++++ b/drivers/gpu/drm/radeon/atombios_crtc.c
+@@ -544,6 +544,9 @@ static u32 atombios_adjust_pll(struct drm_crtc *crtc,
+ 		/* use frac fb div on APUs */
+ 		if (ASIC_IS_DCE41(rdev))
+ 			pll->flags |= RADEON_PLL_USE_FRAC_FB_DIV;
++		/* use frac fb div on RS780/RS880 */
++		if ((rdev->family == CHIP_RS780) || (rdev->family == CHIP_RS880))
++			pll->flags |= RADEON_PLL_USE_FRAC_FB_DIV;
+ 		if (ASIC_IS_DCE32(rdev) && mode->clock > 165000)
+ 			pll->flags |= RADEON_PLL_USE_FRAC_FB_DIV;
+ 	} else {
+diff --git a/drivers/gpu/drm/radeon/evergreen.c b/drivers/gpu/drm/radeon/evergreen.c
+index 60d13fe..0495a50 100644
+--- a/drivers/gpu/drm/radeon/evergreen.c
++++ b/drivers/gpu/drm/radeon/evergreen.c
+@@ -412,6 +412,16 @@ void evergreen_hpd_init(struct radeon_device *rdev)
+ 
+ 	list_for_each_entry(connector, &dev->mode_config.connector_list, head) {
+ 		struct radeon_connector *radeon_connector = to_radeon_connector(connector);
++
++		if (connector->connector_type == DRM_MODE_CONNECTOR_eDP ||
++		    connector->connector_type == DRM_MODE_CONNECTOR_LVDS) {
++			/* don't try to enable hpd on eDP or LVDS avoid breaking the
++			 * aux dp channel on imac and help (but not completely fix)
++			 * https://bugzilla.redhat.com/show_bug.cgi?id=726143
++			 * also avoid interrupt storms during dpms.
++			 */
++			continue;
++		}
+ 		switch (radeon_connector->hpd.hpd) {
+ 		case RADEON_HPD_1:
+ 			WREG32(DC_HPD1_CONTROL, tmp);
+diff --git a/drivers/gpu/drm/radeon/r600_hdmi.c b/drivers/gpu/drm/radeon/r600_hdmi.c
+index c45d921..57a825d 100644
+--- a/drivers/gpu/drm/radeon/r600_hdmi.c
++++ b/drivers/gpu/drm/radeon/r600_hdmi.c
+@@ -506,7 +506,7 @@ void r600_hdmi_enable(struct drm_encoder *encoder)
+ 	offset = radeon_encoder->hdmi_offset;
+ 	if (ASIC_IS_DCE32(rdev) && !ASIC_IS_DCE4(rdev)) {
+ 		WREG32_P(radeon_encoder->hdmi_config_offset + 0x4, 0x1, ~0x1);
+-	} else if (rdev->family >= CHIP_R600 && !ASIC_IS_DCE3(rdev)) {
++	} else if (ASIC_IS_DCE2(rdev) && !ASIC_IS_DCE3(rdev)) {
+ 		switch (radeon_encoder->encoder_id) {
+ 		case ENCODER_OBJECT_ID_INTERNAL_KLDSCP_TMDS1:
+ 			WREG32_P(AVIVO_TMDSA_CNTL, 0x4, ~0x4);
+@@ -572,7 +572,7 @@ void r600_hdmi_disable(struct drm_encoder *encoder)
+ 
+ 	if (ASIC_IS_DCE32(rdev) && !ASIC_IS_DCE4(rdev)) {
+ 		WREG32_P(radeon_encoder->hdmi_config_offset + 0x4, 0, ~0x1);
+-	} else if (rdev->family >= CHIP_R600 && !ASIC_IS_DCE3(rdev)) {
++	} else if (ASIC_IS_DCE2(rdev) && !ASIC_IS_DCE3(rdev)) {
+ 		switch (radeon_encoder->encoder_id) {
+ 		case ENCODER_OBJECT_ID_INTERNAL_KLDSCP_TMDS1:
+ 			WREG32_P(AVIVO_TMDSA_CNTL, 0, ~0x4);
+diff --git a/drivers/gpu/drm/radeon/radeon_atombios.c b/drivers/gpu/drm/radeon/radeon_atombios.c
+index 38585c5..383b38e 100644
+--- a/drivers/gpu/drm/radeon/radeon_atombios.c
++++ b/drivers/gpu/drm/radeon/radeon_atombios.c
+@@ -1989,6 +1989,8 @@ static int radeon_atombios_parse_power_table_1_3(struct radeon_device *rdev)
+ 	num_modes = power_info->info.ucNumOfPowerModeEntries;
+ 	if (num_modes > ATOM_MAX_NUMBEROF_POWER_BLOCK)
+ 		num_modes = ATOM_MAX_NUMBEROF_POWER_BLOCK;
++	if (num_modes == 0)
++		return state_index;
+ 	rdev->pm.power_state = kzalloc(sizeof(struct radeon_power_state) * num_modes, GFP_KERNEL);
+ 	if (!rdev->pm.power_state)
+ 		return state_index;
+@@ -2361,6 +2363,8 @@ static int radeon_atombios_parse_power_table_4_5(struct radeon_device *rdev)
+ 	power_info = (union power_info *)(mode_info->atom_context->bios + data_offset);
+ 
+ 	radeon_atombios_add_pplib_thermal_controller(rdev, &power_info->pplib.sThermalController);
++	if (power_info->pplib.ucNumStates == 0)
++		return state_index;
+ 	rdev->pm.power_state = kzalloc(sizeof(struct radeon_power_state) *
+ 				       power_info->pplib.ucNumStates, GFP_KERNEL);
+ 	if (!rdev->pm.power_state)
+@@ -2443,6 +2447,7 @@ static int radeon_atombios_parse_power_table_6(struct radeon_device *rdev)
+ 	int index = GetIndexIntoMasterTable(DATA, PowerPlayInfo);
+         u16 data_offset;
+ 	u8 frev, crev;
++	u8 *power_state_offset;
+ 
+ 	if (!atom_parse_data_header(mode_info->atom_context, index, NULL,
+ 				   &frev, &crev, &data_offset))
+@@ -2459,15 +2464,17 @@ static int radeon_atombios_parse_power_table_6(struct radeon_device *rdev)
+ 	non_clock_info_array = (struct NonClockInfoArray *)
+ 		(mode_info->atom_context->bios + data_offset +
+ 		 le16_to_cpu(power_info->pplib.usNonClockInfoArrayOffset));
++	if (state_array->ucNumEntries == 0)
++		return state_index;
+ 	rdev->pm.power_state = kzalloc(sizeof(struct radeon_power_state) *
+ 				       state_array->ucNumEntries, GFP_KERNEL);
+ 	if (!rdev->pm.power_state)
+ 		return state_index;
++	power_state_offset = (u8 *)state_array->states;
+ 	for (i = 0; i < state_array->ucNumEntries; i++) {
+ 		mode_index = 0;
+-		power_state = (union pplib_power_state *)&state_array->states[i];
+-		/* XXX this might be an inagua bug... */
+-		non_clock_array_index = i; /* power_state->v2.nonClockInfoIndex */
++		power_state = (union pplib_power_state *)power_state_offset;
++		non_clock_array_index = power_state->v2.nonClockInfoIndex;
+ 		non_clock_info = (struct _ATOM_PPLIB_NONCLOCK_INFO *)
+ 			&non_clock_info_array->nonClockInfo[non_clock_array_index];
+ 		rdev->pm.power_state[i].clock_info = kzalloc(sizeof(struct radeon_pm_clock_info) *
+@@ -2479,9 +2486,6 @@ static int radeon_atombios_parse_power_table_6(struct radeon_device *rdev)
+ 		if (power_state->v2.ucNumDPMLevels) {
+ 			for (j = 0; j < power_state->v2.ucNumDPMLevels; j++) {
+ 				clock_array_index = power_state->v2.clockInfoIndex[j];
+-				/* XXX this might be an inagua bug... */
+-				if (clock_array_index >= clock_info_array->ucNumEntries)
+-					continue;
+ 				clock_info = (union pplib_clock_info *)
+ 					&clock_info_array->clockInfo[clock_array_index];
+ 				valid = radeon_atombios_parse_pplib_clock_info(rdev,
+@@ -2503,6 +2507,7 @@ static int radeon_atombios_parse_power_table_6(struct radeon_device *rdev)
+ 								   non_clock_info);
+ 			state_index++;
+ 		}
++		power_state_offset += 2 + power_state->v2.ucNumDPMLevels;
+ 	}
+ 	/* if multiple clock modes, mark the lowest as no display */
+ 	for (i = 0; i < state_index; i++) {
+@@ -2549,7 +2554,9 @@ void radeon_atombios_get_power_modes(struct radeon_device *rdev)
+ 		default:
+ 			break;
+ 		}
+-	} else {
++	}
++
++	if (state_index == 0) {
+ 		rdev->pm.power_state = kzalloc(sizeof(struct radeon_power_state), GFP_KERNEL);
+ 		if (rdev->pm.power_state) {
+ 			rdev->pm.power_state[0].clock_info =
+diff --git a/drivers/gpu/drm/radeon/radeon_kms.c b/drivers/gpu/drm/radeon/radeon_kms.c
+index be2c122..4bb9e27 100644
+--- a/drivers/gpu/drm/radeon/radeon_kms.c
++++ b/drivers/gpu/drm/radeon/radeon_kms.c
+@@ -39,8 +39,12 @@ int radeon_driver_unload_kms(struct drm_device *dev)
+ 
+ 	if (rdev == NULL)
+ 		return 0;
++	if (rdev->rmmio == NULL)
++		goto done_free;
+ 	radeon_modeset_fini(rdev);
+ 	radeon_device_fini(rdev);
++
++done_free:
+ 	kfree(rdev);
+ 	dev->dev_private = NULL;
+ 	return 0;
+diff --git a/drivers/gpu/drm/radeon/radeon_pm.c b/drivers/gpu/drm/radeon/radeon_pm.c
+index ebd6c51..d58eccb 100644
+--- a/drivers/gpu/drm/radeon/radeon_pm.c
++++ b/drivers/gpu/drm/radeon/radeon_pm.c
+@@ -863,7 +863,11 @@ static int radeon_debugfs_pm_info(struct seq_file *m, void *data)
+ 	struct radeon_device *rdev = dev->dev_private;
+ 
+ 	seq_printf(m, "default engine clock: %u0 kHz\n", rdev->pm.default_sclk);
+-	seq_printf(m, "current engine clock: %u0 kHz\n", radeon_get_engine_clock(rdev));
++	/* radeon_get_engine_clock is not reliable on APUs so just print the current clock */
++	if ((rdev->family >= CHIP_PALM) && (rdev->flags & RADEON_IS_IGP))
++		seq_printf(m, "current engine clock: %u0 kHz\n", rdev->pm.current_sclk);
++	else
++		seq_printf(m, "current engine clock: %u0 kHz\n", radeon_get_engine_clock(rdev));
+ 	seq_printf(m, "default memory clock: %u0 kHz\n", rdev->pm.default_mclk);
+ 	if (rdev->asic->get_memory_clock)
+ 		seq_printf(m, "current memory clock: %u0 kHz\n", radeon_get_memory_clock(rdev));
+diff --git a/drivers/i2c/busses/i2c-xiic.c b/drivers/i2c/busses/i2c-xiic.c
+index 4bb68f3..64e7065 100644
+--- a/drivers/i2c/busses/i2c-xiic.c
++++ b/drivers/i2c/busses/i2c-xiic.c
+@@ -311,10 +311,8 @@ static void xiic_fill_tx_fifo(struct xiic_i2c *i2c)
+ 			/* last message in transfer -> STOP */
+ 			data |= XIIC_TX_DYN_STOP_MASK;
+ 			dev_dbg(i2c->adap.dev.parent, "%s TX STOP\n", __func__);
+-
+-			xiic_setreg16(i2c, XIIC_DTR_REG_OFFSET, data);
+-		} else
+-			xiic_setreg8(i2c, XIIC_DTR_REG_OFFSET, data);
++		}
++		xiic_setreg16(i2c, XIIC_DTR_REG_OFFSET, data);
+ 	}
+ }
+ 
+diff --git a/drivers/md/md.c b/drivers/md/md.c
+index 1702133..2d0544c 100644
+--- a/drivers/md/md.c
++++ b/drivers/md/md.c
+@@ -1588,8 +1588,8 @@ static int super_1_load(struct md_rdev *rdev, struct md_rdev *refdev, int minor_
+ 					     sector, count, 1) == 0)
+ 				return -EINVAL;
+ 		}
+-	} else if (sb->bblog_offset == 0)
+-		rdev->badblocks.shift = -1;
++	} else if (sb->bblog_offset != 0)
++		rdev->badblocks.shift = 0;
+ 
+ 	if (!refdev) {
+ 		ret = 1;
+@@ -3063,7 +3063,7 @@ int md_rdev_init(struct md_rdev *rdev)
+ 	 * be used - I wonder if that matters
+ 	 */
+ 	rdev->badblocks.count = 0;
+-	rdev->badblocks.shift = 0;
++	rdev->badblocks.shift = -1; /* disabled until explicitly enabled */
+ 	rdev->badblocks.page = kmalloc(PAGE_SIZE, GFP_KERNEL);
+ 	seqlock_init(&rdev->badblocks.lock);
+ 	if (rdev->badblocks.page == NULL)
+@@ -3135,9 +3135,6 @@ static struct md_rdev *md_import_device(dev_t newdev, int super_format, int supe
+ 			goto abort_free;
+ 		}
+ 	}
+-	if (super_format == -1)
+-		/* hot-add for 0.90, or non-persistent: so no badblocks */
+-		rdev->badblocks.shift = -1;
+ 
+ 	return rdev;
+ 
+diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
+index fc07f90..b436b84 100644
+--- a/drivers/net/bonding/bond_main.c
++++ b/drivers/net/bonding/bond_main.c
+@@ -1866,6 +1866,7 @@ err_detach:
+ 	write_unlock_bh(&bond->lock);
+ 
+ err_close:
++	slave_dev->priv_flags &= ~IFF_BONDING;
+ 	dev_close(slave_dev);
+ 
+ err_unset_master:
+@@ -4853,9 +4854,18 @@ static int __net_init bond_net_init(struct net *net)
+ static void __net_exit bond_net_exit(struct net *net)
+ {
+ 	struct bond_net *bn = net_generic(net, bond_net_id);
++	struct bonding *bond, *tmp_bond;
++	LIST_HEAD(list);
+ 
+ 	bond_destroy_sysfs(bn);
+ 	bond_destroy_proc_dir(bn);
++
++	/* Kill off any bonds created after unregistering bond rtnl ops */
++	rtnl_lock();
++	list_for_each_entry_safe(bond, tmp_bond, &bn->dev_list, bond_list)
++		unregister_netdevice_queue(bond->dev, &list);
++	unregister_netdevice_many(&list);
++	rtnl_unlock();
+ }
+ 
+ static struct pernet_operations bond_net_ops = {
+diff --git a/drivers/net/ethernet/atheros/atl1e/atl1e.h b/drivers/net/ethernet/atheros/atl1e/atl1e.h
+index edfdf6b..b5fd934 100644
+--- a/drivers/net/ethernet/atheros/atl1e/atl1e.h
++++ b/drivers/net/ethernet/atheros/atl1e/atl1e.h
+@@ -186,7 +186,7 @@ struct atl1e_tpd_desc {
+ /* how about 0x2000 */
+ #define MAX_TX_BUF_LEN      0x2000
+ #define MAX_TX_BUF_SHIFT    13
+-/*#define MAX_TX_BUF_LEN  0x3000 */
++#define MAX_TSO_SEG_SIZE    0x3c00
+ 
+ /* rrs word 1 bit 0:31 */
+ #define RRS_RX_CSUM_MASK	0xFFFF
+diff --git a/drivers/net/ethernet/atheros/atl1e/atl1e_main.c b/drivers/net/ethernet/atheros/atl1e/atl1e_main.c
+index c69dc29..dd893b3 100644
+--- a/drivers/net/ethernet/atheros/atl1e/atl1e_main.c
++++ b/drivers/net/ethernet/atheros/atl1e/atl1e_main.c
+@@ -2352,6 +2352,7 @@ static int __devinit atl1e_probe(struct pci_dev *pdev,
+ 
+ 	INIT_WORK(&adapter->reset_task, atl1e_reset_task);
+ 	INIT_WORK(&adapter->link_chg_task, atl1e_link_chg_task);
++	netif_set_gso_max_size(netdev, MAX_TSO_SEG_SIZE);
+ 	err = register_netdev(netdev);
+ 	if (err) {
+ 		netdev_err(netdev, "register netdevice failed\n");
+diff --git a/drivers/net/ethernet/freescale/gianfar_ptp.c b/drivers/net/ethernet/freescale/gianfar_ptp.c
+index f67b8ae..69c3adf 100644
+--- a/drivers/net/ethernet/freescale/gianfar_ptp.c
++++ b/drivers/net/ethernet/freescale/gianfar_ptp.c
+@@ -127,7 +127,6 @@ struct gianfar_ptp_registers {
+ 
+ #define DRIVER		"gianfar_ptp"
+ #define DEFAULT_CKSEL	1
+-#define N_ALARM		1 /* first alarm is used internally to reset fipers */
+ #define N_EXT_TS	2
+ #define REG_SIZE	sizeof(struct gianfar_ptp_registers)
+ 
+@@ -410,7 +409,7 @@ static struct ptp_clock_info ptp_gianfar_caps = {
+ 	.owner		= THIS_MODULE,
+ 	.name		= "gianfar clock",
+ 	.max_adj	= 512000,
+-	.n_alarm	= N_ALARM,
++	.n_alarm	= 0,
+ 	.n_ext_ts	= N_EXT_TS,
+ 	.n_per_out	= 0,
+ 	.pps		= 1,
+diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
+index 41396fa..d93eee1 100644
+--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
++++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
+@@ -1937,6 +1937,16 @@ static irqreturn_t ixgbe_msix_other(int irq, void *data)
+ 	 * with the write to EICR.
+ 	 */
+ 	eicr = IXGBE_READ_REG(hw, IXGBE_EICS);
++
++	/* The lower 16bits of the EICR register are for the queue interrupts
++	 * which should be masked here in order to not accidently clear them if
++	 * the bits are high when ixgbe_msix_other is called. There is a race
++	 * condition otherwise which results in possible performance loss
++	 * especially if the ixgbe_msix_other interrupt is triggering
++	 * consistently (as it would when PPS is turned on for the X540 device)
++	 */
++	eicr &= 0xFFFF0000;
++
+ 	IXGBE_WRITE_REG(hw, IXGBE_EICR, eicr);
+ 
+ 	if (eicr & IXGBE_EICR_LSC)
+@@ -5408,7 +5418,9 @@ static int ixgbe_resume(struct pci_dev *pdev)
+ 
+ 	pci_wake_from_d3(pdev, false);
+ 
++	rtnl_lock();
+ 	err = ixgbe_init_interrupt_scheme(adapter);
++	rtnl_unlock();
+ 	if (err) {
+ 		e_dev_err("Cannot initialize interrupts for device\n");
+ 		return err;
+diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c
+index d812790..f698183 100644
+--- a/drivers/net/ethernet/realtek/r8169.c
++++ b/drivers/net/ethernet/realtek/r8169.c
+@@ -1629,8 +1629,6 @@ static void rtl8169_rx_vlan_tag(struct RxDesc *desc, struct sk_buff *skb)
+ 
+ 	if (opts2 & RxVlanTag)
+ 		__vlan_hwaccel_put_tag(skb, swab16(opts2 & 0xffff));
+-
+-	desc->opts2 = 0;
+ }
+ 
+ static int rtl8169_gset_tbi(struct net_device *dev, struct ethtool_cmd *cmd)
+@@ -5566,6 +5564,14 @@ static netdev_tx_t rtl8169_start_xmit(struct sk_buff *skb,
+ 		goto err_stop_0;
+ 	}
+ 
++	/* 8168evl does not automatically pad to minimum length. */
++	if (unlikely(tp->mac_version == RTL_GIGA_MAC_VER_34 &&
++		     skb->len < ETH_ZLEN)) {
++		if (skb_padto(skb, ETH_ZLEN))
++			goto err_update_stats;
++		skb_put(skb, ETH_ZLEN - skb->len);
++	}
++
+ 	if (unlikely(le32_to_cpu(txd->opts1) & DescOwn))
+ 		goto err_stop_0;
+ 
+@@ -5633,6 +5639,7 @@ err_dma_1:
+ 	rtl8169_unmap_tx_skb(d, tp->tx_skb + entry, txd);
+ err_dma_0:
+ 	dev_kfree_skb(skb);
++err_update_stats:
+ 	dev->stats.tx_dropped++;
+ 	return NETDEV_TX_OK;
+ 
+@@ -5814,7 +5821,6 @@ static int rtl8169_rx_interrupt(struct net_device *dev,
+ 				rtl8169_schedule_work(dev, rtl8169_reset_task);
+ 				dev->stats.rx_fifo_errors++;
+ 			}
+-			rtl8169_mark_to_asic(desc, rx_buf_sz);
+ 		} else {
+ 			struct sk_buff *skb;
+ 			dma_addr_t addr = le64_to_cpu(desc->addr);
+@@ -5828,16 +5834,14 @@ static int rtl8169_rx_interrupt(struct net_device *dev,
+ 			if (unlikely(rtl8169_fragmented_frame(status))) {
+ 				dev->stats.rx_dropped++;
+ 				dev->stats.rx_length_errors++;
+-				rtl8169_mark_to_asic(desc, rx_buf_sz);
+-				continue;
++				goto release_descriptor;
+ 			}
+ 
+ 			skb = rtl8169_try_rx_copy(tp->Rx_databuff[entry],
+ 						  tp, pkt_size, addr);
+-			rtl8169_mark_to_asic(desc, rx_buf_sz);
+ 			if (!skb) {
+ 				dev->stats.rx_dropped++;
+-				continue;
++				goto release_descriptor;
+ 			}
+ 
+ 			rtl8169_rx_csum(skb, status);
+@@ -5851,6 +5855,10 @@ static int rtl8169_rx_interrupt(struct net_device *dev,
+ 			dev->stats.rx_bytes += pkt_size;
+ 			dev->stats.rx_packets++;
+ 		}
++release_descriptor:
++		desc->opts2 = 0;
++		wmb();
++		rtl8169_mark_to_asic(desc, rx_buf_sz);
+ 	}
+ 
+ 	count = cur_rx - tp->cur_rx;
+diff --git a/drivers/net/wireless/iwlwifi/iwl-agn-sta.c b/drivers/net/wireless/iwlwifi/iwl-agn-sta.c
+index ccf1524..3935994 100644
+--- a/drivers/net/wireless/iwlwifi/iwl-agn-sta.c
++++ b/drivers/net/wireless/iwlwifi/iwl-agn-sta.c
+@@ -563,6 +563,7 @@ void iwl_clear_ucode_stations(struct iwl_priv *priv,
+ void iwl_restore_stations(struct iwl_priv *priv, struct iwl_rxon_context *ctx)
+ {
+ 	struct iwl_addsta_cmd sta_cmd;
++	static const struct iwl_link_quality_cmd zero_lq = {};
+ 	struct iwl_link_quality_cmd lq;
+ 	unsigned long flags_spin;
+ 	int i;
+@@ -602,7 +603,9 @@ void iwl_restore_stations(struct iwl_priv *priv, struct iwl_rxon_context *ctx)
+ 				else
+ 					memcpy(&lq, priv->stations[i].lq,
+ 					       sizeof(struct iwl_link_quality_cmd));
+-				send_lq = true;
++
++				if (!memcmp(&lq, &zero_lq, sizeof(lq)))
++					send_lq = true;
+ 			}
+ 			spin_unlock_irqrestore(&priv->shrd->sta_lock,
+ 					       flags_spin);
+diff --git a/drivers/net/wireless/mwifiex/pcie.c b/drivers/net/wireless/mwifiex/pcie.c
+index 3cf4ecc..621b84f 100644
+--- a/drivers/net/wireless/mwifiex/pcie.c
++++ b/drivers/net/wireless/mwifiex/pcie.c
+@@ -1821,9 +1821,9 @@ static void mwifiex_pcie_cleanup(struct mwifiex_adapter *adapter)
+ 	if (pdev) {
+ 		pci_iounmap(pdev, card->pci_mmap);
+ 		pci_iounmap(pdev, card->pci_mmap1);
+-
+-		pci_release_regions(pdev);
+ 		pci_disable_device(pdev);
++		pci_release_region(pdev, 2);
++		pci_release_region(pdev, 0);
+ 		pci_set_drvdata(pdev, NULL);
+ 	}
+ }
+diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c
+index 6d4a531..363a5c6 100644
+--- a/drivers/pci/pci.c
++++ b/drivers/pci/pci.c
+@@ -664,15 +664,11 @@ static int pci_platform_power_transition(struct pci_dev *dev, pci_power_t state)
+ 		error = platform_pci_set_power_state(dev, state);
+ 		if (!error)
+ 			pci_update_current_state(dev, state);
+-		/* Fall back to PCI_D0 if native PM is not supported */
+-		if (!dev->pm_cap)
+-			dev->current_state = PCI_D0;
+-	} else {
++	} else
+ 		error = -ENODEV;
+-		/* Fall back to PCI_D0 if native PM is not supported */
+-		if (!dev->pm_cap)
+-			dev->current_state = PCI_D0;
+-	}
++
++	if (error && !dev->pm_cap) /* Fall back to PCI_D0 */
++		dev->current_state = PCI_D0;
+ 
+ 	return error;
+ }
+diff --git a/drivers/rtc/rtc-cmos.c b/drivers/rtc/rtc-cmos.c
+index 05beb6c..e3eed18 100644
+--- a/drivers/rtc/rtc-cmos.c
++++ b/drivers/rtc/rtc-cmos.c
+@@ -805,9 +805,8 @@ static int cmos_suspend(struct device *dev)
+ 			mask = RTC_IRQMASK;
+ 		tmp &= ~mask;
+ 		CMOS_WRITE(tmp, RTC_CONTROL);
++		hpet_mask_rtc_irq_bit(mask);
+ 
+-		/* shut down hpet emulation - we don't need it for alarm */
+-		hpet_mask_rtc_irq_bit(RTC_PIE|RTC_AIE|RTC_UIE);
+ 		cmos_checkintr(cmos, tmp);
+ 	}
+ 	spin_unlock_irq(&rtc_lock);
+@@ -872,6 +871,7 @@ static int cmos_resume(struct device *dev)
+ 			rtc_update_irq(cmos->rtc, 1, mask);
+ 			tmp &= ~RTC_AIE;
+ 			hpet_mask_rtc_irq_bit(RTC_AIE);
++			hpet_rtc_timer_init();
+ 		} while (mask & RTC_AIE);
+ 		spin_unlock_irq(&rtc_lock);
+ 	}
+diff --git a/drivers/s390/char/sclp_cmd.c b/drivers/s390/char/sclp_cmd.c
+index 0b54a91..a56a15e 100644
+--- a/drivers/s390/char/sclp_cmd.c
++++ b/drivers/s390/char/sclp_cmd.c
+@@ -509,6 +509,8 @@ static void __init sclp_add_standby_memory(void)
+ 	add_memory_merged(0);
+ }
+ 
++#define MEM_SCT_SIZE (1UL << SECTION_SIZE_BITS)
++
+ static void __init insert_increment(u16 rn, int standby, int assigned)
+ {
+ 	struct memory_increment *incr, *new_incr;
+@@ -521,7 +523,7 @@ static void __init insert_increment(u16 rn, int standby, int assigned)
+ 	new_incr->rn = rn;
+ 	new_incr->standby = standby;
+ 	if (!standby)
+-		new_incr->usecount = 1;
++		new_incr->usecount = rzm > MEM_SCT_SIZE ? rzm/MEM_SCT_SIZE : 1;
+ 	last_rn = 0;
+ 	prev = &sclp_mem_list;
+ 	list_for_each_entry(incr, &sclp_mem_list, list) {
+diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c
+index d19b879..4735928 100644
+--- a/drivers/tty/pty.c
++++ b/drivers/tty/pty.c
+@@ -669,6 +669,9 @@ static int ptmx_open(struct inode *inode, struct file *filp)
+ 
+ 	nonseekable_open(inode, filp);
+ 
++	/* We refuse fsnotify events on ptmx, since it's a shared resource */
++	filp->f_mode |= FMODE_NONOTIFY;
++
+ 	retval = tty_alloc_file(filp);
+ 	if (retval)
+ 		return retval;
+diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c
+index af5ffb9..488214a 100644
+--- a/drivers/tty/serial/serial_core.c
++++ b/drivers/tty/serial/serial_core.c
+@@ -1901,6 +1901,8 @@ int uart_suspend_port(struct uart_driver *drv, struct uart_port *uport)
+ 		mutex_unlock(&port->mutex);
+ 		return 0;
+ 	}
++	put_device(tty_dev);
++
+ 	if (console_suspend_enabled || !uart_console(uport))
+ 		uport->suspended = 1;
+ 
+@@ -1966,9 +1968,11 @@ int uart_resume_port(struct uart_driver *drv, struct uart_port *uport)
+ 			disable_irq_wake(uport->irq);
+ 			uport->irq_wake = 0;
+ 		}
++		put_device(tty_dev);
+ 		mutex_unlock(&port->mutex);
+ 		return 0;
+ 	}
++	put_device(tty_dev);
+ 	uport->suspended = 0;
+ 
+ 	/*
+diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
+index 05085be..3f35e42 100644
+--- a/drivers/tty/tty_io.c
++++ b/drivers/tty/tty_io.c
+@@ -940,6 +940,14 @@ void start_tty(struct tty_struct *tty)
+ 
+ EXPORT_SYMBOL(start_tty);
+ 
++/* We limit tty time update visibility to every 8 seconds or so. */
++static void tty_update_time(struct timespec *time)
++{
++	unsigned long sec = get_seconds() & ~7;
++	if ((long)(sec - time->tv_sec) > 0)
++		time->tv_sec = sec;
++}
++
+ /**
+  *	tty_read	-	read method for tty device files
+  *	@file: pointer to tty file
+@@ -976,8 +984,10 @@ static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
+ 	else
+ 		i = -EIO;
+ 	tty_ldisc_deref(ld);
++
+ 	if (i > 0)
+-		inode->i_atime = current_fs_time(inode->i_sb);
++		tty_update_time(&inode->i_atime);
++
+ 	return i;
+ }
+ 
+@@ -1079,8 +1089,8 @@ static inline ssize_t do_tty_write(
+ 		cond_resched();
+ 	}
+ 	if (written) {
+-		struct inode *inode = file->f_path.dentry->d_inode;
+-		inode->i_mtime = current_fs_time(inode->i_sb);
++               struct inode *inode = file->f_path.dentry->d_inode;
++		tty_update_time(&inode->i_mtime);
+ 		ret = written;
+ 	}
+ out:
+diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c
+index a9df218..22f770a 100644
+--- a/drivers/usb/core/devio.c
++++ b/drivers/usb/core/devio.c
+@@ -643,6 +643,8 @@ static int check_ctrlrecip(struct dev_state *ps, unsigned int requesttype,
+ 	index &= 0xff;
+ 	switch (requesttype & USB_RECIP_MASK) {
+ 	case USB_RECIP_ENDPOINT:
++		if ((index & ~USB_DIR_IN) == 0)
++			return 0;
+ 		ret = findintfep(ps->dev, index);
+ 		if (ret >= 0)
+ 			ret = checkintf(ps, ret);
+diff --git a/drivers/usb/misc/appledisplay.c b/drivers/usb/misc/appledisplay.c
+index ac0d75a..9f7003e 100644
+--- a/drivers/usb/misc/appledisplay.c
++++ b/drivers/usb/misc/appledisplay.c
+@@ -63,6 +63,7 @@ static const struct usb_device_id appledisplay_table[] = {
+ 	{ APPLEDISPLAY_DEVICE(0x9219) },
+ 	{ APPLEDISPLAY_DEVICE(0x921c) },
+ 	{ APPLEDISPLAY_DEVICE(0x921d) },
++	{ APPLEDISPLAY_DEVICE(0x9236) },
+ 
+ 	/* Terminating entry */
+ 	{ }
+diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c
+index 06394e5a..51d1712 100644
+--- a/drivers/usb/serial/ftdi_sio.c
++++ b/drivers/usb/serial/ftdi_sio.c
+@@ -195,6 +195,7 @@ static struct usb_device_id id_table_combined [] = {
+ 	{ USB_DEVICE(FTDI_VID, FTDI_OPENDCC_THROTTLE_PID) },
+ 	{ USB_DEVICE(FTDI_VID, FTDI_OPENDCC_GATEWAY_PID) },
+ 	{ USB_DEVICE(FTDI_VID, FTDI_OPENDCC_GBM_PID) },
++	{ USB_DEVICE(FTDI_VID, FTDI_OPENDCC_GBM_BOOST_PID) },
+ 	{ USB_DEVICE(NEWPORT_VID, NEWPORT_AGILIS_PID) },
+ 	{ USB_DEVICE(INTERBIOMETRICS_VID, INTERBIOMETRICS_IOBOARD_PID) },
+ 	{ USB_DEVICE(INTERBIOMETRICS_VID, INTERBIOMETRICS_MINI_IOBOARD_PID) },
+@@ -876,7 +877,9 @@ static struct usb_device_id id_table_combined [] = {
+ 	{ USB_DEVICE(FTDI_VID, FTDI_DOTEC_PID) },
+ 	{ USB_DEVICE(QIHARDWARE_VID, MILKYMISTONE_JTAGSERIAL_PID),
+ 		.driver_info = (kernel_ulong_t)&ftdi_jtag_quirk },
+-	{ USB_DEVICE(ST_VID, ST_STMCLT1030_PID),
++	{ USB_DEVICE(ST_VID, ST_STMCLT_2232_PID),
++		.driver_info = (kernel_ulong_t)&ftdi_jtag_quirk },
++	{ USB_DEVICE(ST_VID, ST_STMCLT_4232_PID),
+ 		.driver_info = (kernel_ulong_t)&ftdi_stmclite_quirk },
+ 	{ USB_DEVICE(FTDI_VID, FTDI_RF_R106) },
+ 	{ USB_DEVICE(FTDI_VID, FTDI_DISTORTEC_JTAG_LOCK_PICK_PID),
+@@ -1816,8 +1819,11 @@ static int ftdi_8u2232c_probe(struct usb_serial *serial)
+ }
+ 
+ /*
+- * First and second port on STMCLiteadaptors is reserved for JTAG interface
+- * and the forth port for pio
++ * First two ports on JTAG adaptors using an FT4232 such as STMicroelectronics's
++ * ST Micro Connect Lite are reserved for JTAG or other non-UART interfaces and
++ * can be accessed from userspace.
++ * The next two ports are enabled as UARTs by default, where port 2 is
++ * a conventional RS-232 UART.
+  */
+ static int ftdi_stmclite_probe(struct usb_serial *serial)
+ {
+@@ -1826,12 +1832,13 @@ static int ftdi_stmclite_probe(struct usb_serial *serial)
+ 
+ 	dbg("%s", __func__);
+ 
+-	if (interface == udev->actconfig->interface[2])
+-		return 0;
+-
+-	dev_info(&udev->dev, "Ignoring serial port reserved for JTAG\n");
++	if (interface == udev->actconfig->interface[0] ||
++	    interface == udev->actconfig->interface[1]) {
++		dev_info(&udev->dev, "Ignoring serial port reserved for JTAG\n");
++		return -ENODEV;
++	}
+ 
+-	return -ENODEV;
++	return 0;
+ }
+ 
+ /*
+diff --git a/drivers/usb/serial/ftdi_sio_ids.h b/drivers/usb/serial/ftdi_sio_ids.h
+index 809c03a..2f86008 100644
+--- a/drivers/usb/serial/ftdi_sio_ids.h
++++ b/drivers/usb/serial/ftdi_sio_ids.h
+@@ -74,6 +74,7 @@
+ #define FTDI_OPENDCC_THROTTLE_PID	0xBFDA
+ #define FTDI_OPENDCC_GATEWAY_PID	0xBFDB
+ #define FTDI_OPENDCC_GBM_PID	0xBFDC
++#define FTDI_OPENDCC_GBM_BOOST_PID	0xBFDD
+ 
+ /* NZR SEM 16+ USB (http://www.nzr.de) */
+ #define FTDI_NZR_SEM_USB_PID	0xC1E0	/* NZR SEM-LOG16+ */
+@@ -1150,7 +1151,8 @@
+  * STMicroelectonics
+  */
+ #define ST_VID			0x0483
+-#define ST_STMCLT1030_PID	0x3747 /* ST Micro Connect Lite STMCLT1030 */
++#define ST_STMCLT_2232_PID	0x3746
++#define ST_STMCLT_4232_PID	0x3747
+ 
+ /*
+  * Papouch products (http://www.papouch.com/)
+diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c
+index 4418538..8513f51 100644
+--- a/drivers/usb/serial/option.c
++++ b/drivers/usb/serial/option.c
+@@ -347,6 +347,7 @@ static void option_instat_callback(struct urb *urb);
+ /* Olivetti products */
+ #define OLIVETTI_VENDOR_ID			0x0b3c
+ #define OLIVETTI_PRODUCT_OLICARD100		0xc000
++#define OLIVETTI_PRODUCT_OLICARD145		0xc003
+ 
+ /* Celot products */
+ #define CELOT_VENDOR_ID				0x211f
+@@ -1273,6 +1274,7 @@ static const struct usb_device_id option_ids[] = {
+ 	{ USB_DEVICE(SIEMENS_VENDOR_ID, CINTERION_PRODUCT_HC28_MDMNET) },
+ 
+ 	{ USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD100) },
++	{ USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD145) },
+ 	{ USB_DEVICE(CELOT_VENDOR_ID, CELOT_PRODUCT_CT680M) }, /* CT-650 CDMA 450 1xEVDO modem */
+ 	{ USB_DEVICE(ONDA_VENDOR_ID, ONDA_MT825UP) }, /* ONDA MT825UP modem */
+ 	{ USB_DEVICE_AND_INTERFACE_INFO(SAMSUNG_VENDOR_ID, SAMSUNG_PRODUCT_GT_B3730, USB_CLASS_CDC_DATA, 0x00, 0x00) }, /* Samsung GT-B3730 LTE USB modem.*/
+@@ -1350,6 +1352,12 @@ static const struct usb_device_id option_ids[] = {
+ 	{ USB_DEVICE(TPLINK_VENDOR_ID, TPLINK_PRODUCT_MA180),
+ 	  .driver_info = (kernel_ulong_t)&net_intf4_blacklist },
+ 	{ USB_DEVICE(CHANGHONG_VENDOR_ID, CHANGHONG_PRODUCT_CH690) },
++	{ USB_DEVICE_AND_INTERFACE_INFO(0x2001, 0x7d01, 0xff, 0x02, 0x01) },	/* D-Link DWM-156 (variant) */
++	{ USB_DEVICE_AND_INTERFACE_INFO(0x2001, 0x7d01, 0xff, 0x00, 0x00) },	/* D-Link DWM-156 (variant) */
++	{ USB_DEVICE_AND_INTERFACE_INFO(0x2001, 0x7d02, 0xff, 0x02, 0x01) },
++	{ USB_DEVICE_AND_INTERFACE_INFO(0x2001, 0x7d02, 0xff, 0x00, 0x00) },
++	{ USB_DEVICE_AND_INTERFACE_INFO(0x2001, 0x7d03, 0xff, 0x02, 0x01) },
++	{ USB_DEVICE_AND_INTERFACE_INFO(0x2001, 0x7d03, 0xff, 0x00, 0x00) },
+ 	{ } /* Terminating entry */
+ };
+ MODULE_DEVICE_TABLE(usb, option_ids);
+diff --git a/drivers/usb/storage/cypress_atacb.c b/drivers/usb/storage/cypress_atacb.c
+index c844718..7341ce2 100644
+--- a/drivers/usb/storage/cypress_atacb.c
++++ b/drivers/usb/storage/cypress_atacb.c
+@@ -248,14 +248,26 @@ static int cypress_probe(struct usb_interface *intf,
+ {
+ 	struct us_data *us;
+ 	int result;
++	struct usb_device *device;
+ 
+ 	result = usb_stor_probe1(&us, intf, id,
+ 			(id - cypress_usb_ids) + cypress_unusual_dev_list);
+ 	if (result)
+ 		return result;
+ 
+-	us->protocol_name = "Transparent SCSI with Cypress ATACB";
+-	us->proto_handler = cypress_atacb_passthrough;
++	/* Among CY7C68300 chips, the A revision does not support Cypress ATACB
++	 * Filter out this revision from EEPROM default descriptor values
++	 */
++	device = interface_to_usbdev(intf);
++	if (device->descriptor.iManufacturer != 0x38 ||
++	    device->descriptor.iProduct != 0x4e ||
++	    device->descriptor.iSerialNumber != 0x64) {
++		us->protocol_name = "Transparent SCSI with Cypress ATACB";
++		us->proto_handler = cypress_atacb_passthrough;
++	} else {
++		us->protocol_name = "Transparent SCSI";
++		us->proto_handler = usb_stor_transparent_scsi_command;
++	}
+ 
+ 	result = usb_stor_probe2(us);
+ 	return result;
+diff --git a/drivers/video/console/fbcon.c b/drivers/video/console/fbcon.c
+index 7a36dff..6b4fb5c 100644
+--- a/drivers/video/console/fbcon.c
++++ b/drivers/video/console/fbcon.c
+@@ -1229,6 +1229,8 @@ static void fbcon_deinit(struct vc_data *vc)
+ finished:
+ 
+ 	fbcon_free_font(p, free_font);
++	if (free_font)
++		vc->vc_font.data = NULL;
+ 
+ 	if (!con_is_bound(&fb_con))
+ 		fbcon_exit();
+diff --git a/drivers/video/fbmem.c b/drivers/video/fbmem.c
+index babbb07..0a22808 100644
+--- a/drivers/video/fbmem.c
++++ b/drivers/video/fbmem.c
+@@ -1350,15 +1350,12 @@ fb_mmap(struct file *file, struct vm_area_struct * vma)
+ {
+ 	struct fb_info *info = file_fb_info(file);
+ 	struct fb_ops *fb;
+-	unsigned long off;
++	unsigned long mmio_pgoff;
+ 	unsigned long start;
+ 	u32 len;
+ 
+ 	if (!info)
+ 		return -ENODEV;
+-	if (vma->vm_pgoff > (~0UL >> PAGE_SHIFT))
+-		return -EINVAL;
+-	off = vma->vm_pgoff << PAGE_SHIFT;
+ 	fb = info->fbops;
+ 	if (!fb)
+ 		return -ENODEV;
+@@ -1370,33 +1367,24 @@ fb_mmap(struct file *file, struct vm_area_struct * vma)
+ 		return res;
+ 	}
+ 
+-	/* frame buffer memory */
++	/*
++	 * Ugh. This can be either the frame buffer mapping, or
++	 * if pgoff points past it, the mmio mapping.
++	 */
+ 	start = info->fix.smem_start;
+-	len = PAGE_ALIGN((start & ~PAGE_MASK) + info->fix.smem_len);
+-	if (off >= len) {
+-		/* memory mapped io */
+-		off -= len;
+-		if (info->var.accel_flags) {
+-			mutex_unlock(&info->mm_lock);
+-			return -EINVAL;
+-		}
++	len = info->fix.smem_len;
++	mmio_pgoff = PAGE_ALIGN((start & ~PAGE_MASK) + len) >> PAGE_SHIFT;
++	if (vma->vm_pgoff >= mmio_pgoff) {
++		vma->vm_pgoff -= mmio_pgoff;
+ 		start = info->fix.mmio_start;
+-		len = PAGE_ALIGN((start & ~PAGE_MASK) + info->fix.mmio_len);
++		len = info->fix.mmio_len;
+ 	}
+ 	mutex_unlock(&info->mm_lock);
+-	start &= PAGE_MASK;
+-	if ((vma->vm_end - vma->vm_start + off) > len)
+-		return -EINVAL;
+-	off += start;
+-	vma->vm_pgoff = off >> PAGE_SHIFT;
+-	/* This is an IO map - tell maydump to skip this VMA */
+-	vma->vm_flags |= VM_IO | VM_RESERVED;
++
+ 	vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
+-	fb_pgprotect(file, vma, off);
+-	if (io_remap_pfn_range(vma, vma->vm_start, off >> PAGE_SHIFT,
+-			     vma->vm_end - vma->vm_start, vma->vm_page_prot))
+-		return -EAGAIN;
+-	return 0;
++	fb_pgprotect(file, vma, start);
++
++	return vm_iomap_memory(vma, start, len);
+ }
+ 
+ static int
+diff --git a/fs/aio.c b/fs/aio.c
+index 3b65ee7..8cdd8ea 100644
+--- a/fs/aio.c
++++ b/fs/aio.c
+@@ -1112,9 +1112,9 @@ static int aio_read_evt(struct kioctx *ioctx, struct io_event *ent)
+ 	spin_unlock(&info->ring_lock);
+ 
+ out:
+-	kunmap_atomic(ring, KM_USER0);
+ 	dprintk("leaving aio_read_evt: %d  h%lu t%lu\n", ret,
+ 		 (unsigned long)ring->head, (unsigned long)ring->tail);
++	kunmap_atomic(ring, KM_USER0);
+ 	return ret;
+ }
+ 
+diff --git a/fs/dcache.c b/fs/dcache.c
+index e923bf4..d322929 100644
+--- a/fs/dcache.c
++++ b/fs/dcache.c
+@@ -1176,8 +1176,10 @@ void shrink_dcache_parent(struct dentry * parent)
+ 	LIST_HEAD(dispose);
+ 	int found;
+ 
+-	while ((found = select_parent(parent, &dispose)) != 0)
++	while ((found = select_parent(parent, &dispose)) != 0) {
+ 		shrink_dentry_list(&dispose);
++		cond_resched();
++	}
+ }
+ EXPORT_SYMBOL(shrink_dcache_parent);
+ 
+diff --git a/fs/ext4/Kconfig b/fs/ext4/Kconfig
+index 9ed1bb1..5459168 100644
+--- a/fs/ext4/Kconfig
++++ b/fs/ext4/Kconfig
+@@ -82,4 +82,5 @@ config EXT4_DEBUG
+ 	  Enables run-time debugging support for the ext4 filesystem.
+ 
+ 	  If you select Y here, then you will be able to turn on debugging
+-	  with a command such as "echo 1 > /sys/kernel/debug/ext4/mballoc-debug"
++	  with a command such as:
++		echo 1 > /sys/module/ext4/parameters/mballoc_debug
+diff --git a/fs/ext4/fsync.c b/fs/ext4/fsync.c
+index bb6c7d8..a8d03a4 100644
+--- a/fs/ext4/fsync.c
++++ b/fs/ext4/fsync.c
+@@ -260,8 +260,7 @@ int ext4_sync_file(struct file *file, loff_t start, loff_t end, int datasync)
+ 	if (journal->j_flags & JBD2_BARRIER &&
+ 	    !jbd2_trans_will_send_data_barrier(journal, commit_tid))
+ 		needs_barrier = true;
+-	jbd2_log_start_commit(journal, commit_tid);
+-	ret = jbd2_log_wait_commit(journal, commit_tid);
++	ret = jbd2_complete_transaction(journal, commit_tid);
+ 	if (needs_barrier)
+ 		blkdev_issue_flush(inode->i_sb->s_bdev, GFP_KERNEL, NULL);
+  out:
+diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
+index 3270ffd..025b4b6 100644
+--- a/fs/ext4/inode.c
++++ b/fs/ext4/inode.c
+@@ -147,8 +147,7 @@ void ext4_evict_inode(struct inode *inode)
+ 			journal_t *journal = EXT4_SB(inode->i_sb)->s_journal;
+ 			tid_t commit_tid = EXT4_I(inode)->i_datasync_tid;
+ 
+-			jbd2_log_start_commit(journal, commit_tid);
+-			jbd2_log_wait_commit(journal, commit_tid);
++			jbd2_complete_transaction(journal, commit_tid);
+ 			filemap_write_and_wait(&inode->i_data);
+ 		}
+ 		truncate_inode_pages(&inode->i_data, 0);
+diff --git a/fs/fscache/stats.c b/fs/fscache/stats.c
+index 4765190..73c0bd7 100644
+--- a/fs/fscache/stats.c
++++ b/fs/fscache/stats.c
+@@ -276,5 +276,5 @@ const struct file_operations fscache_stats_fops = {
+ 	.open		= fscache_stats_open,
+ 	.read		= seq_read,
+ 	.llseek		= seq_lseek,
+-	.release	= seq_release,
++	.release        = single_release,
+ };
+diff --git a/fs/jbd2/commit.c b/fs/jbd2/commit.c
+index d751f04..ab9463a 100644
+--- a/fs/jbd2/commit.c
++++ b/fs/jbd2/commit.c
+@@ -326,7 +326,7 @@ void jbd2_journal_commit_transaction(journal_t *journal)
+ 	int space_left = 0;
+ 	int first_tag = 0;
+ 	int tag_flag;
+-	int i, to_free = 0;
++	int i;
+ 	int tag_bytes = journal_tag_bytes(journal);
+ 	struct buffer_head *cbh = NULL; /* For transactional checksums */
+ 	__u32 crc32_sum = ~0;
+@@ -996,7 +996,7 @@ restart_loop:
+ 	journal->j_stats.run.rs_blocks_logged += stats.run.rs_blocks_logged;
+ 	spin_unlock(&journal->j_history_lock);
+ 
+-	commit_transaction->t_state = T_FINISHED;
++	commit_transaction->t_state = T_COMMIT_CALLBACK;
+ 	J_ASSERT(commit_transaction == journal->j_committing_transaction);
+ 	journal->j_commit_sequence = commit_transaction->t_tid;
+ 	journal->j_committing_transaction = NULL;
+@@ -1011,38 +1011,44 @@ restart_loop:
+ 				journal->j_average_commit_time*3) / 4;
+ 	else
+ 		journal->j_average_commit_time = commit_time;
++
+ 	write_unlock(&journal->j_state_lock);
+ 
+-	if (commit_transaction->t_checkpoint_list == NULL &&
+-	    commit_transaction->t_checkpoint_io_list == NULL) {
+-		__jbd2_journal_drop_transaction(journal, commit_transaction);
+-		to_free = 1;
++	if (journal->j_checkpoint_transactions == NULL) {
++		journal->j_checkpoint_transactions = commit_transaction;
++		commit_transaction->t_cpnext = commit_transaction;
++		commit_transaction->t_cpprev = commit_transaction;
+ 	} else {
+-		if (journal->j_checkpoint_transactions == NULL) {
+-			journal->j_checkpoint_transactions = commit_transaction;
+-			commit_transaction->t_cpnext = commit_transaction;
+-			commit_transaction->t_cpprev = commit_transaction;
+-		} else {
+-			commit_transaction->t_cpnext =
+-				journal->j_checkpoint_transactions;
+-			commit_transaction->t_cpprev =
+-				commit_transaction->t_cpnext->t_cpprev;
+-			commit_transaction->t_cpnext->t_cpprev =
+-				commit_transaction;
+-			commit_transaction->t_cpprev->t_cpnext =
++		commit_transaction->t_cpnext =
++			journal->j_checkpoint_transactions;
++		commit_transaction->t_cpprev =
++			commit_transaction->t_cpnext->t_cpprev;
++		commit_transaction->t_cpnext->t_cpprev =
++			commit_transaction;
++		commit_transaction->t_cpprev->t_cpnext =
+ 				commit_transaction;
+-		}
+ 	}
+ 	spin_unlock(&journal->j_list_lock);
+-
++	/* Drop all spin_locks because commit_callback may be block.
++	 * __journal_remove_checkpoint() can not destroy transaction
++	 * under us because it is not marked as T_FINISHED yet */
+ 	if (journal->j_commit_callback)
+ 		journal->j_commit_callback(journal, commit_transaction);
+ 
+ 	trace_jbd2_end_commit(journal, commit_transaction);
+ 	jbd_debug(1, "JBD2: commit %d complete, head %d\n",
+ 		  journal->j_commit_sequence, journal->j_tail_sequence);
+-	if (to_free)
+-		kfree(commit_transaction);
+ 
++	write_lock(&journal->j_state_lock);
++	spin_lock(&journal->j_list_lock);
++	commit_transaction->t_state = T_FINISHED;
++	/* Recheck checkpoint lists after j_list_lock was dropped */
++	if (commit_transaction->t_checkpoint_list == NULL &&
++	    commit_transaction->t_checkpoint_io_list == NULL) {
++		__jbd2_journal_drop_transaction(journal, commit_transaction);
++		kfree(commit_transaction);
++	}
++	spin_unlock(&journal->j_list_lock);
++	write_unlock(&journal->j_state_lock);
+ 	wake_up(&journal->j_wait_done_commit);
+ }
+diff --git a/fs/jbd2/journal.c b/fs/jbd2/journal.c
+index 0fa0123..17b04fc 100644
+--- a/fs/jbd2/journal.c
++++ b/fs/jbd2/journal.c
+@@ -663,6 +663,37 @@ int jbd2_log_wait_commit(journal_t *journal, tid_t tid)
+ }
+ 
+ /*
++ * When this function returns the transaction corresponding to tid
++ * will be completed.  If the transaction has currently running, start
++ * committing that transaction before waiting for it to complete.  If
++ * the transaction id is stale, it is by definition already completed,
++ * so just return SUCCESS.
++ */
++int jbd2_complete_transaction(journal_t *journal, tid_t tid)
++{
++	int	need_to_wait = 1;
++
++	read_lock(&journal->j_state_lock);
++	if (journal->j_running_transaction &&
++	    journal->j_running_transaction->t_tid == tid) {
++		if (journal->j_commit_request != tid) {
++			/* transaction not yet started, so request it */
++			read_unlock(&journal->j_state_lock);
++			jbd2_log_start_commit(journal, tid);
++			goto wait_commit;
++		}
++	} else if (!(journal->j_committing_transaction &&
++		     journal->j_committing_transaction->t_tid == tid))
++		need_to_wait = 0;
++	read_unlock(&journal->j_state_lock);
++	if (!need_to_wait)
++		return 0;
++wait_commit:
++	return jbd2_log_wait_commit(journal, tid);
++}
++EXPORT_SYMBOL(jbd2_complete_transaction);
++
++/*
+  * Log buffer allocation routines:
+  */
+ 
+diff --git a/fs/lockd/clntlock.c b/fs/lockd/clntlock.c
+index 8d4ea83..de88922 100644
+--- a/fs/lockd/clntlock.c
++++ b/fs/lockd/clntlock.c
+@@ -141,6 +141,9 @@ int nlmclnt_block(struct nlm_wait *block, struct nlm_rqst *req, long timeout)
+ 			timeout);
+ 	if (ret < 0)
+ 		return -ERESTARTSYS;
++	/* Reset the lock status after a server reboot so we resend */
++	if (block->b_status == nlm_lck_denied_grace_period)
++		block->b_status = nlm_lck_blocked;
+ 	req->a_res.status = block->b_status;
+ 	return 0;
+ }
+diff --git a/fs/lockd/clntproc.c b/fs/lockd/clntproc.c
+index a3a0987..8392cb8 100644
+--- a/fs/lockd/clntproc.c
++++ b/fs/lockd/clntproc.c
+@@ -551,9 +551,6 @@ again:
+ 		status = nlmclnt_block(block, req, NLMCLNT_POLL_TIMEOUT);
+ 		if (status < 0)
+ 			break;
+-		/* Resend the blocking lock request after a server reboot */
+-		if (resp->status ==  nlm_lck_denied_grace_period)
+-			continue;
+ 		if (resp->status != nlm_lck_blocked)
+ 			break;
+ 	}
+diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
+index fe5c5fb..08921b8 100644
+--- a/fs/nfsd/nfs4proc.c
++++ b/fs/nfsd/nfs4proc.c
+@@ -880,14 +880,14 @@ nfsd4_write(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
+ 
+ 	nfs4_lock_state();
+ 	status = nfs4_preprocess_stateid_op(cstate, stateid, WR_STATE, &filp);
+-	if (filp)
+-		get_file(filp);
+-	nfs4_unlock_state();
+-
+ 	if (status) {
++		nfs4_unlock_state();
+ 		dprintk("NFSD: nfsd4_write: couldn't process stateid!\n");
+ 		return status;
+ 	}
++	if (filp)
++		get_file(filp);
++	nfs4_unlock_state();
+ 
+ 	cnt = write->wr_buflen;
+ 	write->wr_how_written = write->wr_stable_how;
+diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
+index 7d189dc..4cef99f 100644
+--- a/fs/nfsd/nfs4state.c
++++ b/fs/nfsd/nfs4state.c
+@@ -188,13 +188,7 @@ static void __nfs4_file_put_access(struct nfs4_file *fp, int oflag)
+ {
+ 	if (atomic_dec_and_test(&fp->fi_access[oflag])) {
+ 		nfs4_file_put_fd(fp, oflag);
+-		/*
+-		 * It's also safe to get rid of the RDWR open *if*
+-		 * we no longer have need of the other kind of access
+-		 * or if we already have the other kind of open:
+-		 */
+-		if (fp->fi_fds[1-oflag]
+-			|| atomic_read(&fp->fi_access[1 - oflag]) == 0)
++		if (atomic_read(&fp->fi_access[1 - oflag]) == 0)
+ 			nfs4_file_put_fd(fp, O_RDWR);
+ 	}
+ }
+diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
+index 24afa96..ade5316 100644
+--- a/fs/nfsd/nfs4xdr.c
++++ b/fs/nfsd/nfs4xdr.c
+@@ -360,10 +360,7 @@ nfsd4_decode_fattr(struct nfsd4_compoundargs *argp, u32 *bmval,
+ 			   all 32 bits of 'nseconds'. */
+ 			READ_BUF(12);
+ 			len += 12;
+-			READ32(dummy32);
+-			if (dummy32)
+-				return nfserr_inval;
+-			READ32(iattr->ia_atime.tv_sec);
++			READ64(iattr->ia_atime.tv_sec);
+ 			READ32(iattr->ia_atime.tv_nsec);
+ 			if (iattr->ia_atime.tv_nsec >= (u32)1000000000)
+ 				return nfserr_inval;
+@@ -386,10 +383,7 @@ nfsd4_decode_fattr(struct nfsd4_compoundargs *argp, u32 *bmval,
+ 			   all 32 bits of 'nseconds'. */
+ 			READ_BUF(12);
+ 			len += 12;
+-			READ32(dummy32);
+-			if (dummy32)
+-				return nfserr_inval;
+-			READ32(iattr->ia_mtime.tv_sec);
++			READ64(iattr->ia_mtime.tv_sec);
+ 			READ32(iattr->ia_mtime.tv_nsec);
+ 			if (iattr->ia_mtime.tv_nsec >= (u32)1000000000)
+ 				return nfserr_inval;
+@@ -2374,8 +2368,7 @@ out_acl:
+ 	if (bmval1 & FATTR4_WORD1_TIME_ACCESS) {
+ 		if ((buflen -= 12) < 0)
+ 			goto out_resource;
+-		WRITE32(0);
+-		WRITE32(stat.atime.tv_sec);
++		WRITE64((s64)stat.atime.tv_sec);
+ 		WRITE32(stat.atime.tv_nsec);
+ 	}
+ 	if (bmval1 & FATTR4_WORD1_TIME_DELTA) {
+@@ -2388,15 +2381,13 @@ out_acl:
+ 	if (bmval1 & FATTR4_WORD1_TIME_METADATA) {
+ 		if ((buflen -= 12) < 0)
+ 			goto out_resource;
+-		WRITE32(0);
+-		WRITE32(stat.ctime.tv_sec);
++		WRITE64((s64)stat.ctime.tv_sec);
+ 		WRITE32(stat.ctime.tv_nsec);
+ 	}
+ 	if (bmval1 & FATTR4_WORD1_TIME_MODIFY) {
+ 		if ((buflen -= 12) < 0)
+ 			goto out_resource;
+-		WRITE32(0);
+-		WRITE32(stat.mtime.tv_sec);
++		WRITE64((s64)stat.mtime.tv_sec);
+ 		WRITE32(stat.mtime.tv_nsec);
+ 	}
+ 	if (bmval1 & FATTR4_WORD1_MOUNTED_ON_FILEID) {
+diff --git a/fs/notify/inotify/inotify_user.c b/fs/notify/inotify/inotify_user.c
+index 6f292dd..f255d37 100644
+--- a/fs/notify/inotify/inotify_user.c
++++ b/fs/notify/inotify/inotify_user.c
+@@ -577,7 +577,6 @@ static int inotify_update_existing_watch(struct fsnotify_group *group,
+ 	int add = (arg & IN_MASK_ADD);
+ 	int ret;
+ 
+-	/* don't allow invalid bits: we don't want flags set */
+ 	mask = inotify_arg_to_mask(arg);
+ 
+ 	fsn_mark = fsnotify_find_inode_mark(group, inode);
+@@ -628,7 +627,6 @@ static int inotify_new_watch(struct fsnotify_group *group,
+ 	struct idr *idr = &group->inotify_data.idr;
+ 	spinlock_t *idr_lock = &group->inotify_data.idr_lock;
+ 
+-	/* don't allow invalid bits: we don't want flags set */
+ 	mask = inotify_arg_to_mask(arg);
+ 
+ 	tmp_i_mark = kmem_cache_alloc(inotify_inode_mark_cachep, GFP_KERNEL);
+@@ -757,6 +755,10 @@ SYSCALL_DEFINE3(inotify_add_watch, int, fd, const char __user *, pathname,
+ 	int ret, fput_needed;
+ 	unsigned flags = 0;
+ 
++	/* don't allow invalid bits: we don't want flags set */
++	if (unlikely(!(mask & ALL_INOTIFY_BITS)))
++		return -EINVAL;
++
+ 	filp = fget_light(fd, &fput_needed);
+ 	if (unlikely(!filp))
+ 		return -EBADF;
+diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c
+index 3899e24..e756bc4 100644
+--- a/fs/sysfs/dir.c
++++ b/fs/sysfs/dir.c
+@@ -977,6 +977,7 @@ static int sysfs_readdir(struct file * filp, void * dirent, filldir_t filldir)
+ 	enum kobj_ns_type type;
+ 	const void *ns;
+ 	ino_t ino;
++	loff_t off;
+ 
+ 	type = sysfs_ns_type(parent_sd);
+ 	ns = sysfs_info(dentry->d_sb)->ns[type];
+@@ -999,6 +1000,7 @@ static int sysfs_readdir(struct file * filp, void * dirent, filldir_t filldir)
+ 			return 0;
+ 	}
+ 	mutex_lock(&sysfs_mutex);
++	off = filp->f_pos;
+ 	for (pos = sysfs_dir_pos(ns, parent_sd, filp->f_pos, pos);
+ 	     pos;
+ 	     pos = sysfs_dir_next_pos(ns, parent_sd, filp->f_pos, pos)) {
+@@ -1010,19 +1012,24 @@ static int sysfs_readdir(struct file * filp, void * dirent, filldir_t filldir)
+ 		len = strlen(name);
+ 		ino = pos->s_ino;
+ 		type = dt_type(pos);
+-		filp->f_pos = ino;
++		off = filp->f_pos = ino;
+ 		filp->private_data = sysfs_get(pos);
+ 
+ 		mutex_unlock(&sysfs_mutex);
+-		ret = filldir(dirent, name, len, filp->f_pos, ino, type);
++		ret = filldir(dirent, name, len, off, ino, type);
+ 		mutex_lock(&sysfs_mutex);
+ 		if (ret < 0)
+ 			break;
+ 	}
+ 	mutex_unlock(&sysfs_mutex);
+-	if ((filp->f_pos > 1) && !pos) { /* EOF */
+-		filp->f_pos = INT_MAX;
++
++	/* don't reference last entry if its refcount is dropped */
++	if (!pos) {
+ 		filp->private_data = NULL;
++
++		/* EOF and not changed as 0 or 1 in read/write path */
++		if (off == filp->f_pos && off > 1)
++			filp->f_pos = INT_MAX;
+ 	}
+ 	return 0;
+ }
+diff --git a/include/linux/ipc_namespace.h b/include/linux/ipc_namespace.h
+index 8a297a5..497c6cc 100644
+--- a/include/linux/ipc_namespace.h
++++ b/include/linux/ipc_namespace.h
+@@ -42,8 +42,8 @@ struct ipc_namespace {
+ 
+ 	size_t		shm_ctlmax;
+ 	size_t		shm_ctlall;
++	unsigned long	shm_tot;
+ 	int		shm_ctlmni;
+-	int		shm_tot;
+ 	/*
+ 	 * Defines whether IPC_RMID is forced for _all_ shm segments regardless
+ 	 * of shmctl()
+diff --git a/include/linux/jbd2.h b/include/linux/jbd2.h
+index 2092ea2..a153ed5 100644
+--- a/include/linux/jbd2.h
++++ b/include/linux/jbd2.h
+@@ -470,6 +470,7 @@ struct transaction_s
+ 		T_COMMIT,
+ 		T_COMMIT_DFLUSH,
+ 		T_COMMIT_JFLUSH,
++		T_COMMIT_CALLBACK,
+ 		T_FINISHED
+ 	}			t_state;
+ 
+@@ -1165,6 +1166,7 @@ int __jbd2_log_start_commit(journal_t *journal, tid_t tid);
+ int jbd2_journal_start_commit(journal_t *journal, tid_t *tid);
+ int jbd2_journal_force_commit_nested(journal_t *journal);
+ int jbd2_log_wait_commit(journal_t *journal, tid_t tid);
++int jbd2_complete_transaction(journal_t *journal, tid_t tid);
+ int jbd2_log_do_checkpoint(journal_t *journal);
+ int jbd2_trans_will_send_data_barrier(journal_t *journal, tid_t tid);
+ 
+diff --git a/include/linux/mm.h b/include/linux/mm.h
+index 4baadd1..d0493f6 100644
+--- a/include/linux/mm.h
++++ b/include/linux/mm.h
+@@ -1509,6 +1509,8 @@ int vm_insert_pfn(struct vm_area_struct *vma, unsigned long addr,
+ 			unsigned long pfn);
+ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr,
+ 			unsigned long pfn);
++int vm_iomap_memory(struct vm_area_struct *vma, phys_addr_t start, unsigned long len);
++
+ 
+ struct page *follow_page(struct vm_area_struct *, unsigned long address,
+ 			unsigned int foll_flags);
+diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
+index 00ca32b..8c43fd1 100644
+--- a/include/linux/netdevice.h
++++ b/include/linux/netdevice.h
+@@ -225,9 +225,9 @@ struct netdev_hw_addr {
+ #define NETDEV_HW_ADDR_T_SLAVE		3
+ #define NETDEV_HW_ADDR_T_UNICAST	4
+ #define NETDEV_HW_ADDR_T_MULTICAST	5
+-	bool			synced;
+ 	bool			global_use;
+ 	int			refcount;
++	int			synced;
+ 	struct rcu_head		rcu_head;
+ };
+ 
+diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
+index da65890..efe50af 100644
+--- a/include/linux/skbuff.h
++++ b/include/linux/skbuff.h
+@@ -2367,6 +2367,13 @@ static inline void nf_reset(struct sk_buff *skb)
+ #endif
+ }
+ 
++static inline void nf_reset_trace(struct sk_buff *skb)
++{
++#if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE)
++	skb->nf_trace = 0;
++#endif
++}
++
+ /* Note: This doesn't put any conntrack and bridge info in dst. */
+ static inline void __nf_copy(struct sk_buff *dst, const struct sk_buff *src)
+ {
+diff --git a/ipc/shm.c b/ipc/shm.c
+index b76be5b..326a20b 100644
+--- a/ipc/shm.c
++++ b/ipc/shm.c
+@@ -450,7 +450,7 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params)
+ 	size_t size = params->u.size;
+ 	int error;
+ 	struct shmid_kernel *shp;
+-	int numpages = (size + PAGE_SIZE -1) >> PAGE_SHIFT;
++	size_t numpages = (size + PAGE_SIZE - 1) >> PAGE_SHIFT;
+ 	struct file * file;
+ 	char name[13];
+ 	int id;
+diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c
+index 31fdc48..0caf1f8 100644
+--- a/kernel/audit_tree.c
++++ b/kernel/audit_tree.c
+@@ -608,9 +608,9 @@ void audit_trim_trees(void)
+ 		}
+ 		spin_unlock(&hash_lock);
+ 		trim_marked(tree);
+-		put_tree(tree);
+ 		drop_collected_mounts(root_mnt);
+ skip_it:
++		put_tree(tree);
+ 		mutex_lock(&audit_filter_mutex);
+ 	}
+ 	list_del(&cursor);
+diff --git a/kernel/cgroup.c b/kernel/cgroup.c
+index c0739f8..d2a01fe 100644
+--- a/kernel/cgroup.c
++++ b/kernel/cgroup.c
+@@ -2029,7 +2029,7 @@ int cgroup_attach_proc(struct cgroup *cgrp, struct task_struct *leader)
+ 	if (!group)
+ 		return -ENOMEM;
+ 	/* pre-allocate to guarantee space while iterating in rcu read-side. */
+-	retval = flex_array_prealloc(group, 0, group_size - 1, GFP_KERNEL);
++	retval = flex_array_prealloc(group, 0, group_size, GFP_KERNEL);
+ 	if (retval)
+ 		goto out_free_group_list;
+ 
+diff --git a/kernel/events/core.c b/kernel/events/core.c
+index 7d1f05e..9f21915 100644
+--- a/kernel/events/core.c
++++ b/kernel/events/core.c
+@@ -5164,7 +5164,7 @@ static void sw_perf_event_destroy(struct perf_event *event)
+ 
+ static int perf_swevent_init(struct perf_event *event)
+ {
+-	int event_id = event->attr.config;
++	u64 event_id = event->attr.config;
+ 
+ 	if (event->attr.type != PERF_TYPE_SOFTWARE)
+ 		return -ENOENT;
+@@ -5756,6 +5756,7 @@ skip_type:
+ 	if (pmu->pmu_cpu_context)
+ 		goto got_cpu_context;
+ 
++	ret = -ENOMEM;
+ 	pmu->pmu_cpu_context = alloc_percpu(struct perf_cpu_context);
+ 	if (!pmu->pmu_cpu_context)
+ 		goto free_dev;
+diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c
+index e4cee8d..60f7e32 100644
+--- a/kernel/hrtimer.c
++++ b/kernel/hrtimer.c
+@@ -298,6 +298,10 @@ ktime_t ktime_sub_ns(const ktime_t kt, u64 nsec)
+ 	} else {
+ 		unsigned long rem = do_div(nsec, NSEC_PER_SEC);
+ 
++		/* Make sure nsec fits into long */
++		if (unlikely(nsec > KTIME_SEC_MAX))
++			return (ktime_t){ .tv64 = KTIME_MAX };
++
+ 		tmp = ktime_set((long)nsec, rem);
+ 	}
+ 
+@@ -1308,6 +1312,8 @@ retry:
+ 
+ 				expires = ktime_sub(hrtimer_get_expires(timer),
+ 						    base->offset);
++				if (expires.tv64 < 0)
++					expires.tv64 = KTIME_MAX;
+ 				if (expires.tv64 < expires_next.tv64)
+ 					expires_next = expires;
+ 				break;
+diff --git a/kernel/time/tick-broadcast.c b/kernel/time/tick-broadcast.c
+index cd068b2..c3509fb 100644
+--- a/kernel/time/tick-broadcast.c
++++ b/kernel/time/tick-broadcast.c
+@@ -66,6 +66,8 @@ static void tick_broadcast_start_periodic(struct clock_event_device *bc)
+  */
+ int tick_check_broadcast_device(struct clock_event_device *dev)
+ {
++	struct clock_event_device *cur = tick_broadcast_device.evtdev;
++
+ 	if ((dev->features & CLOCK_EVT_FEAT_DUMMY) ||
+ 	    (tick_broadcast_device.evtdev &&
+ 	     tick_broadcast_device.evtdev->rating >= dev->rating) ||
+@@ -73,6 +75,8 @@ int tick_check_broadcast_device(struct clock_event_device *dev)
+ 		return 0;
+ 
+ 	clockevents_exchange_device(tick_broadcast_device.evtdev, dev);
++	if (cur)
++		cur->event_handler = clockevents_handle_noop;
+ 	tick_broadcast_device.evtdev = dev;
+ 	if (!cpumask_empty(tick_get_broadcast_mask()))
+ 		tick_broadcast_start_periodic(dev);
+diff --git a/kernel/time/tick-common.c b/kernel/time/tick-common.c
+index da6c9ec..ead79bc 100644
+--- a/kernel/time/tick-common.c
++++ b/kernel/time/tick-common.c
+@@ -323,6 +323,7 @@ static void tick_shutdown(unsigned int *cpup)
+ 		 */
+ 		dev->mode = CLOCK_EVT_MODE_UNUSED;
+ 		clockevents_exchange_device(dev, NULL);
++		dev->event_handler = clockevents_handle_noop;
+ 		td->evtdev = NULL;
+ 	}
+ 	raw_spin_unlock_irqrestore(&tick_device_lock, flags);
+diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
+index 5527211..24b3759 100644
+--- a/kernel/trace/ftrace.c
++++ b/kernel/trace/ftrace.c
+@@ -554,7 +554,7 @@ int ftrace_profile_pages_init(struct ftrace_profile_stat *stat)
+ 
+ 	pages = DIV_ROUND_UP(functions, PROFILES_PER_PAGE);
+ 
+-	for (i = 0; i < pages; i++) {
++	for (i = 1; i < pages; i++) {
+ 		pg->next = (void *)get_zeroed_page(GFP_KERNEL);
+ 		if (!pg->next)
+ 			goto out_free;
+@@ -3303,7 +3303,8 @@ out:
+ 	if (fail)
+ 		return -EINVAL;
+ 
+-	ftrace_graph_filter_enabled = 1;
++	ftrace_graph_filter_enabled = !!(*idx);
++
+ 	return 0;
+ }
+ 
+diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
+index 17edb14..0ec6c34 100644
+--- a/kernel/trace/trace.c
++++ b/kernel/trace/trace.c
+@@ -4563,6 +4563,8 @@ static __init int tracer_init_debugfs(void)
+ 	trace_access_lock_init();
+ 
+ 	d_tracer = tracing_init_dentry();
++	if (!d_tracer)
++		return 0;
+ 
+ 	trace_create_file("tracing_enabled", 0644, d_tracer,
+ 			&global_trace, &tracing_ctrl_fops);
+@@ -4696,36 +4698,32 @@ void trace_init_global_iter(struct trace_iterator *iter)
+ 	iter->cpu_file = TRACE_PIPE_ALL_CPU;
+ }
+ 
+-static void
+-__ftrace_dump(bool disable_tracing, enum ftrace_dump_mode oops_dump_mode)
++void ftrace_dump(enum ftrace_dump_mode oops_dump_mode)
+ {
+-	static arch_spinlock_t ftrace_dump_lock =
+-		(arch_spinlock_t)__ARCH_SPIN_LOCK_UNLOCKED;
+ 	/* use static because iter can be a bit big for the stack */
+ 	static struct trace_iterator iter;
++	static atomic_t dump_running;
+ 	unsigned int old_userobj;
+-	static int dump_ran;
+ 	unsigned long flags;
+ 	int cnt = 0, cpu;
+ 
+-	/* only one dump */
+-	local_irq_save(flags);
+-	arch_spin_lock(&ftrace_dump_lock);
+-	if (dump_ran)
+-		goto out;
+-
+-	dump_ran = 1;
++	/* Only allow one dump user at a time. */
++	if (atomic_inc_return(&dump_running) != 1) {
++		atomic_dec(&dump_running);
++		return;
++	}
+ 
++	/*
++	 * Always turn off tracing when we dump.
++	 * We don't need to show trace output of what happens
++	 * between multiple crashes.
++	 *
++	 * If the user does a sysrq-z, then they can re-enable
++	 * tracing with echo 1 > tracing_on.
++	 */
+ 	tracing_off();
+ 
+-	/* Did function tracer already get disabled? */
+-	if (ftrace_is_dead()) {
+-		printk("# WARNING: FUNCTION TRACING IS CORRUPTED\n");
+-		printk("#          MAY BE MISSING FUNCTION EVENTS\n");
+-	}
+-
+-	if (disable_tracing)
+-		ftrace_kill();
++	local_irq_save(flags);
+ 
+ 	trace_init_global_iter(&iter);
+ 
+@@ -4758,6 +4756,12 @@ __ftrace_dump(bool disable_tracing, enum ftrace_dump_mode oops_dump_mode)
+ 
+ 	printk(KERN_TRACE "Dumping ftrace buffer:\n");
+ 
++	/* Did function tracer already get disabled? */
++	if (ftrace_is_dead()) {
++		printk("# WARNING: FUNCTION TRACING IS CORRUPTED\n");
++		printk("#          MAY BE MISSING FUNCTION EVENTS\n");
++	}
++
+ 	/*
+ 	 * We need to stop all tracing on all CPUS to read the
+ 	 * the next buffer. This is a bit expensive, but is
+@@ -4796,26 +4800,15 @@ __ftrace_dump(bool disable_tracing, enum ftrace_dump_mode oops_dump_mode)
+ 		printk(KERN_TRACE "---------------------------------\n");
+ 
+  out_enable:
+-	/* Re-enable tracing if requested */
+-	if (!disable_tracing) {
+-		trace_flags |= old_userobj;
++	trace_flags |= old_userobj;
+ 
+-		for_each_tracing_cpu(cpu) {
+-			atomic_dec(&iter.tr->data[cpu]->disabled);
+-		}
+-		tracing_on();
++	for_each_tracing_cpu(cpu) {
++		atomic_dec(&iter.tr->data[cpu]->disabled);
+ 	}
+-
+- out:
+-	arch_spin_unlock(&ftrace_dump_lock);
++ 	atomic_dec(&dump_running);
+ 	local_irq_restore(flags);
+ }
+-
+-/* By default: disable tracing after the dump */
+-void ftrace_dump(enum ftrace_dump_mode oops_dump_mode)
+-{
+-	__ftrace_dump(true, oops_dump_mode);
+-}
++EXPORT_SYMBOL_GPL(ftrace_dump);
+ 
+ __init static int tracer_alloc_buffers(void)
+ {
+diff --git a/kernel/trace/trace_selftest.c b/kernel/trace/trace_selftest.c
+index 288541f..09fd98a 100644
+--- a/kernel/trace/trace_selftest.c
++++ b/kernel/trace/trace_selftest.c
+@@ -461,8 +461,6 @@ trace_selftest_startup_function(struct tracer *trace, struct trace_array *tr)
+ /* Maximum number of functions to trace before diagnosing a hang */
+ #define GRAPH_MAX_FUNC_TEST	100000000
+ 
+-static void
+-__ftrace_dump(bool disable_tracing, enum ftrace_dump_mode oops_dump_mode);
+ static unsigned int graph_hang_thresh;
+ 
+ /* Wrap the real function entry probe to avoid possible hanging */
+@@ -472,8 +470,11 @@ static int trace_graph_entry_watchdog(struct ftrace_graph_ent *trace)
+ 	if (unlikely(++graph_hang_thresh > GRAPH_MAX_FUNC_TEST)) {
+ 		ftrace_graph_stop();
+ 		printk(KERN_WARNING "BUG: Function graph tracer hang!\n");
+-		if (ftrace_dump_on_oops)
+-			__ftrace_dump(false, DUMP_ALL);
++		if (ftrace_dump_on_oops) {
++			ftrace_dump(DUMP_ALL);
++			/* ftrace_dump() disables tracing */
++			tracing_on();
++		}
+ 		return 0;
+ 	}
+ 
+diff --git a/kernel/trace/trace_stack.c b/kernel/trace/trace_stack.c
+index 77575b3..c5b20a3 100644
+--- a/kernel/trace/trace_stack.c
++++ b/kernel/trace/trace_stack.c
+@@ -17,13 +17,24 @@
+ 
+ #define STACK_TRACE_ENTRIES 500
+ 
++#ifdef CC_USING_FENTRY
++# define fentry		1
++#else
++# define fentry		0
++#endif
++
+ static unsigned long stack_dump_trace[STACK_TRACE_ENTRIES+1] =
+ 	 { [0 ... (STACK_TRACE_ENTRIES)] = ULONG_MAX };
+ static unsigned stack_dump_index[STACK_TRACE_ENTRIES];
+ 
++/*
++ * Reserve one entry for the passed in ip. This will allow
++ * us to remove most or all of the stack size overhead
++ * added by the stack tracer itself.
++ */
+ static struct stack_trace max_stack_trace = {
+-	.max_entries		= STACK_TRACE_ENTRIES,
+-	.entries		= stack_dump_trace,
++	.max_entries		= STACK_TRACE_ENTRIES - 1,
++	.entries		= &stack_dump_trace[1],
+ };
+ 
+ static unsigned long max_stack_size;
+@@ -37,25 +48,34 @@ static DEFINE_MUTEX(stack_sysctl_mutex);
+ int stack_tracer_enabled;
+ static int last_stack_tracer_enabled;
+ 
+-static inline void check_stack(void)
++static inline void
++check_stack(unsigned long ip, unsigned long *stack)
+ {
+ 	unsigned long this_size, flags;
+ 	unsigned long *p, *top, *start;
++	static int tracer_frame;
++	int frame_size = ACCESS_ONCE(tracer_frame);
+ 	int i;
+ 
+-	this_size = ((unsigned long)&this_size) & (THREAD_SIZE-1);
++	this_size = ((unsigned long)stack) & (THREAD_SIZE-1);
+ 	this_size = THREAD_SIZE - this_size;
++	/* Remove the frame of the tracer */
++	this_size -= frame_size;
+ 
+ 	if (this_size <= max_stack_size)
+ 		return;
+ 
+ 	/* we do not handle interrupt stacks yet */
+-	if (!object_is_on_stack(&this_size))
++	if (!object_is_on_stack(stack))
+ 		return;
+ 
+ 	local_irq_save(flags);
+ 	arch_spin_lock(&max_stack_lock);
+ 
++	/* In case another CPU set the tracer_frame on us */
++	if (unlikely(!frame_size))
++		this_size -= tracer_frame;
++
+ 	/* a race could have already updated it */
+ 	if (this_size <= max_stack_size)
+ 		goto out;
+@@ -68,10 +88,18 @@ static inline void check_stack(void)
+ 	save_stack_trace(&max_stack_trace);
+ 
+ 	/*
++	 * Add the passed in ip from the function tracer.
++	 * Searching for this on the stack will skip over
++	 * most of the overhead from the stack tracer itself.
++	 */
++	stack_dump_trace[0] = ip;
++	max_stack_trace.nr_entries++;
++
++	/*
+ 	 * Now find where in the stack these are.
+ 	 */
+ 	i = 0;
+-	start = &this_size;
++	start = stack;
+ 	top = (unsigned long *)
+ 		(((unsigned long)start & ~(THREAD_SIZE-1)) + THREAD_SIZE);
+ 
+@@ -95,6 +123,18 @@ static inline void check_stack(void)
+ 				found = 1;
+ 				/* Start the search from here */
+ 				start = p + 1;
++				/*
++				 * We do not want to show the overhead
++				 * of the stack tracer stack in the
++				 * max stack. If we haven't figured
++				 * out what that is, then figure it out
++				 * now.
++				 */
++				if (unlikely(!tracer_frame) && i == 1) {
++					tracer_frame = (p - stack) *
++						sizeof(unsigned long);
++					max_stack_size -= tracer_frame;
++				}
+ 			}
+ 		}
+ 
+@@ -110,6 +150,7 @@ static inline void check_stack(void)
+ static void
+ stack_trace_call(unsigned long ip, unsigned long parent_ip)
+ {
++	unsigned long stack;
+ 	int cpu;
+ 
+ 	if (unlikely(!ftrace_enabled || stack_trace_disabled))
+@@ -122,7 +163,26 @@ stack_trace_call(unsigned long ip, unsigned long parent_ip)
+ 	if (per_cpu(trace_active, cpu)++ != 0)
+ 		goto out;
+ 
+-	check_stack();
++	/*
++	 * When fentry is used, the traced function does not get
++	 * its stack frame set up, and we lose the parent.
++	 * The ip is pretty useless because the function tracer
++	 * was called before that function set up its stack frame.
++	 * In this case, we use the parent ip.
++	 *
++	 * By adding the return address of either the parent ip
++	 * or the current ip we can disregard most of the stack usage
++	 * caused by the stack tracer itself.
++	 *
++	 * The function tracer always reports the address of where the
++	 * mcount call was, but the stack will hold the return address.
++	 */
++	if (fentry)
++		ip = parent_ip;
++	else
++		ip += MCOUNT_INSN_SIZE;
++
++	check_stack(ip, &stack);
+ 
+  out:
+ 	per_cpu(trace_active, cpu)--;
+@@ -351,6 +411,8 @@ static __init int stack_trace_init(void)
+ 	struct dentry *d_tracer;
+ 
+ 	d_tracer = tracing_init_dentry();
++	if (!d_tracer)
++		return 0;
+ 
+ 	trace_create_file("stack_max_size", 0644, d_tracer,
+ 			&max_stack_size, &stack_max_size_fops);
+diff --git a/kernel/trace/trace_stat.c b/kernel/trace/trace_stat.c
+index 96cffb2..847f88a 100644
+--- a/kernel/trace/trace_stat.c
++++ b/kernel/trace/trace_stat.c
+@@ -307,6 +307,8 @@ static int tracing_stat_init(void)
+ 	struct dentry *d_tracing;
+ 
+ 	d_tracing = tracing_init_dentry();
++	if (!d_tracing)
++		return 0;
+ 
+ 	stat_dir = debugfs_create_dir("trace_stat", d_tracing);
+ 	if (!stat_dir)
+diff --git a/mm/memory.c b/mm/memory.c
+index 4f2add1..d5f913b 100644
+--- a/mm/memory.c
++++ b/mm/memory.c
+@@ -2309,6 +2309,53 @@ int remap_pfn_range(struct vm_area_struct *vma, unsigned long addr,
+ }
+ EXPORT_SYMBOL(remap_pfn_range);
+ 
++/**
++ * vm_iomap_memory - remap memory to userspace
++ * @vma: user vma to map to
++ * @start: start of area
++ * @len: size of area
++ *
++ * This is a simplified io_remap_pfn_range() for common driver use. The
++ * driver just needs to give us the physical memory range to be mapped,
++ * we'll figure out the rest from the vma information.
++ *
++ * NOTE! Some drivers might want to tweak vma->vm_page_prot first to get
++ * whatever write-combining details or similar.
++ */
++int vm_iomap_memory(struct vm_area_struct *vma, phys_addr_t start, unsigned long len)
++{
++	unsigned long vm_len, pfn, pages;
++
++	/* Check that the physical memory area passed in looks valid */
++	if (start + len < start)
++		return -EINVAL;
++	/*
++	 * You *really* shouldn't map things that aren't page-aligned,
++	 * but we've historically allowed it because IO memory might
++	 * just have smaller alignment.
++	 */
++	len += start & ~PAGE_MASK;
++	pfn = start >> PAGE_SHIFT;
++	pages = (len + ~PAGE_MASK) >> PAGE_SHIFT;
++	if (pfn + pages < pfn)
++		return -EINVAL;
++
++	/* We start the mapping 'vm_pgoff' pages into the area */
++	if (vma->vm_pgoff > pages)
++		return -EINVAL;
++	pfn += vma->vm_pgoff;
++	pages -= vma->vm_pgoff;
++
++	/* Can we fit all of the mapping? */
++	vm_len = vma->vm_end - vma->vm_start;
++	if (vm_len >> PAGE_SHIFT > pages)
++		return -EINVAL;
++
++	/* Ok, let it rip */
++	return io_remap_pfn_range(vma, vma->vm_start, pfn, vm_len, vma->vm_page_prot);
++}
++EXPORT_SYMBOL(vm_iomap_memory);
++
+ static int apply_to_pte_range(struct mm_struct *mm, pmd_t *pmd,
+ 				     unsigned long addr, unsigned long end,
+ 				     pte_fn_t fn, void *data)
+diff --git a/net/atm/common.c b/net/atm/common.c
+index 0ca06e8..43b6bfe 100644
+--- a/net/atm/common.c
++++ b/net/atm/common.c
+@@ -500,6 +500,8 @@ int vcc_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg,
+ 	struct sk_buff *skb;
+ 	int copied, error = -EINVAL;
+ 
++	msg->msg_namelen = 0;
++
+ 	if (sock->state != SS_CONNECTED)
+ 		return -ENOTCONN;
+ 	if (flags & ~MSG_DONTWAIT)		/* only handle MSG_DONTWAIT */
+diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c
+index b04a6ef..86ac37f 100644
+--- a/net/ax25/af_ax25.c
++++ b/net/ax25/af_ax25.c
+@@ -1641,6 +1641,7 @@ static int ax25_recvmsg(struct kiocb *iocb, struct socket *sock,
+ 		ax25_address src;
+ 		const unsigned char *mac = skb_mac_header(skb);
+ 
++		memset(sax, 0, sizeof(struct full_sockaddr_ax25));
+ 		ax25_addr_parse(mac + 1, skb->data - mac - 1, &src, NULL,
+ 				&digi, NULL, NULL);
+ 		sax->sax25_family = AF_AX25;
+diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c
+index 062124c..838f113 100644
+--- a/net/bluetooth/af_bluetooth.c
++++ b/net/bluetooth/af_bluetooth.c
+@@ -245,6 +245,8 @@ int bt_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
+ 	if (flags & (MSG_OOB))
+ 		return -EOPNOTSUPP;
+ 
++	msg->msg_namelen = 0;
++
+ 	skb = skb_recv_datagram(sk, flags, noblock, &err);
+ 	if (!skb) {
+ 		if (sk->sk_shutdown & RCV_SHUTDOWN)
+@@ -252,8 +254,6 @@ int bt_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
+ 		return err;
+ 	}
+ 
+-	msg->msg_namelen = 0;
+-
+ 	copied = skb->len;
+ 	if (len < copied) {
+ 		msg->msg_flags |= MSG_TRUNC;
+diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
+index 14c4864..82ce164 100644
+--- a/net/bluetooth/rfcomm/sock.c
++++ b/net/bluetooth/rfcomm/sock.c
+@@ -627,6 +627,7 @@ static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
+ 
+ 	if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
+ 		rfcomm_dlc_accept(d);
++		msg->msg_namelen = 0;
+ 		return 0;
+ 	}
+ 
+diff --git a/net/caif/caif_socket.c b/net/caif/caif_socket.c
+index a986280..53a8e37 100644
+--- a/net/caif/caif_socket.c
++++ b/net/caif/caif_socket.c
+@@ -320,6 +320,8 @@ static int caif_seqpkt_recvmsg(struct kiocb *iocb, struct socket *sock,
+ 	if (m->msg_flags&MSG_OOB)
+ 		goto read_error;
+ 
++	m->msg_namelen = 0;
++
+ 	skb = skb_recv_datagram(sk, flags, 0 , &ret);
+ 	if (!skb)
+ 		goto read_error;
+diff --git a/net/core/dev.c b/net/core/dev.c
+index 720aea0..8e455b8 100644
+--- a/net/core/dev.c
++++ b/net/core/dev.c
+@@ -1619,6 +1619,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
+ 	skb->mark = 0;
+ 	secpath_reset(skb);
+ 	nf_reset(skb);
++	nf_reset_trace(skb);
+ 	return netif_rx(skb);
+ }
+ EXPORT_SYMBOL_GPL(dev_forward_skb);
+diff --git a/net/core/dev_addr_lists.c b/net/core/dev_addr_lists.c
+index 0387da0..cd09414 100644
+--- a/net/core/dev_addr_lists.c
++++ b/net/core/dev_addr_lists.c
+@@ -57,7 +57,7 @@ static int __hw_addr_add_ex(struct netdev_hw_addr_list *list,
+ 	ha->type = addr_type;
+ 	ha->refcount = 1;
+ 	ha->global_use = global;
+-	ha->synced = false;
++	ha->synced = 0;
+ 	list_add_tail_rcu(&ha->list, &list->list);
+ 	list->count++;
+ 	return 0;
+@@ -155,7 +155,7 @@ int __hw_addr_sync(struct netdev_hw_addr_list *to_list,
+ 					    addr_len, ha->type);
+ 			if (err)
+ 				break;
+-			ha->synced = true;
++			ha->synced++;
+ 			ha->refcount++;
+ 		} else if (ha->refcount == 1) {
+ 			__hw_addr_del(to_list, ha->addr, addr_len, ha->type);
+@@ -176,7 +176,7 @@ void __hw_addr_unsync(struct netdev_hw_addr_list *to_list,
+ 		if (ha->synced) {
+ 			__hw_addr_del(to_list, ha->addr,
+ 				      addr_len, ha->type);
+-			ha->synced = false;
++			ha->synced--;
+ 			__hw_addr_del(from_list, ha->addr,
+ 				      addr_len, ha->type);
+ 		}
+diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
+index 3b5e680..5b7d5f2 100644
+--- a/net/core/rtnetlink.c
++++ b/net/core/rtnetlink.c
+@@ -1064,7 +1064,7 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
+ 	rcu_read_lock();
+ 	cb->seq = net->dev_base_seq;
+ 
+-	if (nlmsg_parse(cb->nlh, sizeof(struct rtgenmsg), tb, IFLA_MAX,
++	if (nlmsg_parse(cb->nlh, sizeof(struct ifinfomsg), tb, IFLA_MAX,
+ 			ifla_policy) >= 0) {
+ 
+ 		if (tb[IFLA_EXT_MASK])
+@@ -1907,7 +1907,7 @@ static u16 rtnl_calcit(struct sk_buff *skb, struct nlmsghdr *nlh)
+ 	u32 ext_filter_mask = 0;
+ 	u16 min_ifinfo_dump_size = 0;
+ 
+-	if (nlmsg_parse(nlh, sizeof(struct rtgenmsg), tb, IFLA_MAX,
++	if (nlmsg_parse(nlh, sizeof(struct ifinfomsg), tb, IFLA_MAX,
+ 			ifla_policy) >= 0) {
+ 		if (tb[IFLA_EXT_MASK])
+ 			ext_filter_mask = nla_get_u32(tb[IFLA_EXT_MASK]);
+diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
+index 530787b..238fc3b 100644
+--- a/net/ipv4/esp4.c
++++ b/net/ipv4/esp4.c
+@@ -137,8 +137,6 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
+ 
+ 	/* skb is pure payload to encrypt */
+ 
+-	err = -ENOMEM;
+-
+ 	esp = x->data;
+ 	aead = esp->aead;
+ 	alen = crypto_aead_authsize(aead);
+@@ -174,8 +172,10 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
+ 	}
+ 
+ 	tmp = esp_alloc_tmp(aead, nfrags + sglists, seqhilen);
+-	if (!tmp)
++	if (!tmp) {
++		err = -ENOMEM;
+ 		goto error;
++	}
+ 
+ 	seqhi = esp_tmp_seqhi(tmp);
+ 	iv = esp_tmp_iv(aead, tmp, seqhilen);
+diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
+index b2cfe83..8f441b2 100644
+--- a/net/ipv4/ip_fragment.c
++++ b/net/ipv4/ip_fragment.c
+@@ -251,8 +251,7 @@ static void ip_expire(unsigned long arg)
+ 		if (!head->dev)
+ 			goto out_rcu_unlock;
+ 
+-		/* skb dst is stale, drop it, and perform route lookup again */
+-		skb_dst_drop(head);
++		/* skb has no dst, perform route lookup again */
+ 		iph = ip_hdr(head);
+ 		err = ip_route_input_noref(head, iph->daddr, iph->saddr,
+ 					   iph->tos, head->dev);
+@@ -518,8 +517,16 @@ found:
+ 		qp->q.last_in |= INET_FRAG_FIRST_IN;
+ 
+ 	if (qp->q.last_in == (INET_FRAG_FIRST_IN | INET_FRAG_LAST_IN) &&
+-	    qp->q.meat == qp->q.len)
+-		return ip_frag_reasm(qp, prev, dev);
++	    qp->q.meat == qp->q.len) {
++		unsigned long orefdst = skb->_skb_refdst;
++
++		skb->_skb_refdst = 0UL;
++		err = ip_frag_reasm(qp, prev, dev);
++		skb->_skb_refdst = orefdst;
++		return err;
++	}
++
++	skb_dst_drop(skb);
+ 
+ 	write_lock(&ip4_frags.lock);
+ 	list_move_tail(&qp->q.lru_list, &qp->q.net->lru_list);
+diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c
+index 769c0e9..8a1bed2 100644
+--- a/net/ipv4/syncookies.c
++++ b/net/ipv4/syncookies.c
+@@ -347,8 +347,8 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
+ 	 * hasn't changed since we received the original syn, but I see
+ 	 * no easy way to do this.
+ 	 */
+-	flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk),
+-			   RT_SCOPE_UNIVERSE, IPPROTO_TCP,
++	flowi4_init_output(&fl4, sk->sk_bound_dev_if, sk->sk_mark,
++			   RT_CONN_FLAGS(sk), RT_SCOPE_UNIVERSE, IPPROTO_TCP,
+ 			   inet_sk_flowi_flags(sk),
+ 			   (opt && opt->srr) ? opt->faddr : ireq->rmt_addr,
+ 			   ireq->loc_addr, th->source, th->dest);
+diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
+index 3124e17..872b41d 100644
+--- a/net/ipv4/tcp_input.c
++++ b/net/ipv4/tcp_input.c
+@@ -115,6 +115,7 @@ int sysctl_tcp_abc __read_mostly;
+ #define FLAG_DSACKING_ACK	0x800 /* SACK blocks contained D-SACK info */
+ #define FLAG_NONHEAD_RETRANS_ACKED	0x1000 /* Non-head rexmitted data was ACKed */
+ #define FLAG_SACK_RENEGING	0x2000 /* snd_una advanced to a sacked seq */
++#define FLAG_UPDATE_TS_RECENT	0x4000 /* tcp_replace_ts_recent() */
+ 
+ #define FLAG_ACKED		(FLAG_DATA_ACKED|FLAG_SYN_ACKED)
+ #define FLAG_NOT_DUP		(FLAG_DATA|FLAG_WIN_UPDATE|FLAG_ACKED)
+@@ -3723,6 +3724,27 @@ static void tcp_send_challenge_ack(struct sock *sk)
+ 	}
+ }
+ 
++static void tcp_store_ts_recent(struct tcp_sock *tp)
++{
++	tp->rx_opt.ts_recent = tp->rx_opt.rcv_tsval;
++	tp->rx_opt.ts_recent_stamp = get_seconds();
++}
++
++static void tcp_replace_ts_recent(struct tcp_sock *tp, u32 seq)
++{
++	if (tp->rx_opt.saw_tstamp && !after(seq, tp->rcv_wup)) {
++		/* PAWS bug workaround wrt. ACK frames, the PAWS discard
++		 * extra check below makes sure this can only happen
++		 * for pure ACK frames.  -DaveM
++		 *
++		 * Not only, also it occurs for expired timestamps.
++		 */
++
++		if (tcp_paws_check(&tp->rx_opt, 0))
++			tcp_store_ts_recent(tp);
++	}
++}
++
+ /* This routine deals with incoming acks, but not outgoing ones. */
+ static int tcp_ack(struct sock *sk, const struct sk_buff *skb, int flag)
+ {
+@@ -3771,6 +3793,12 @@ static int tcp_ack(struct sock *sk, const struct sk_buff *skb, int flag)
+ 	prior_fackets = tp->fackets_out;
+ 	prior_in_flight = tcp_packets_in_flight(tp);
+ 
++	/* ts_recent update must be made after we are sure that the packet
++	 * is in window.
++	 */
++	if (flag & FLAG_UPDATE_TS_RECENT)
++		tcp_replace_ts_recent(tp, TCP_SKB_CB(skb)->seq);
++
+ 	if (!(flag & FLAG_SLOWPATH) && after(ack, prior_snd_una)) {
+ 		/* Window is constant, pure forward advance.
+ 		 * No more checks are required.
+@@ -4061,27 +4089,6 @@ const u8 *tcp_parse_md5sig_option(const struct tcphdr *th)
+ EXPORT_SYMBOL(tcp_parse_md5sig_option);
+ #endif
+ 
+-static inline void tcp_store_ts_recent(struct tcp_sock *tp)
+-{
+-	tp->rx_opt.ts_recent = tp->rx_opt.rcv_tsval;
+-	tp->rx_opt.ts_recent_stamp = get_seconds();
+-}
+-
+-static inline void tcp_replace_ts_recent(struct tcp_sock *tp, u32 seq)
+-{
+-	if (tp->rx_opt.saw_tstamp && !after(seq, tp->rcv_wup)) {
+-		/* PAWS bug workaround wrt. ACK frames, the PAWS discard
+-		 * extra check below makes sure this can only happen
+-		 * for pure ACK frames.  -DaveM
+-		 *
+-		 * Not only, also it occurs for expired timestamps.
+-		 */
+-
+-		if (tcp_paws_check(&tp->rx_opt, 0))
+-			tcp_store_ts_recent(tp);
+-	}
+-}
+-
+ /* Sorry, PAWS as specified is broken wrt. pure-ACKs -DaveM
+  *
+  * It is not fatal. If this ACK does _not_ change critical state (seqs, window)
+@@ -5552,14 +5559,10 @@ slow_path:
+ 		return 0;
+ 
+ step5:
+-	if (th->ack && tcp_ack(sk, skb, FLAG_SLOWPATH) < 0)
++	if (th->ack &&
++	    tcp_ack(sk, skb, FLAG_SLOWPATH | FLAG_UPDATE_TS_RECENT) < 0)
+ 		goto discard;
+ 
+-	/* ts_recent update must be made after we are sure that the packet
+-	 * is in window.
+-	 */
+-	tcp_replace_ts_recent(tp, TCP_SKB_CB(skb)->seq);
+-
+ 	tcp_rcv_rtt_measure_ts(sk, skb);
+ 
+ 	/* Process urgent data. */
+@@ -5923,7 +5926,8 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
+ 
+ 	/* step 5: check the ACK field */
+ 	if (th->ack) {
+-		int acceptable = tcp_ack(sk, skb, FLAG_SLOWPATH) > 0;
++		int acceptable = tcp_ack(sk, skb, FLAG_SLOWPATH |
++						  FLAG_UPDATE_TS_RECENT) > 0;
+ 
+ 		switch (sk->sk_state) {
+ 		case TCP_SYN_RECV:
+@@ -6030,11 +6034,6 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
+ 	} else
+ 		goto discard;
+ 
+-	/* ts_recent update must be made after we are sure that the packet
+-	 * is in window.
+-	 */
+-	tcp_replace_ts_recent(tp, TCP_SKB_CB(skb)->seq);
+-
+ 	/* step 6: check the URG bit */
+ 	tcp_urg(sk, skb, th);
+ 
+diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
+index 8589c2d..d84033b 100644
+--- a/net/ipv6/addrconf.c
++++ b/net/ipv6/addrconf.c
+@@ -2404,6 +2404,9 @@ static void sit_add_v4_addrs(struct inet6_dev *idev)
+ static void init_loopback(struct net_device *dev)
+ {
+ 	struct inet6_dev  *idev;
++	struct net_device *sp_dev;
++	struct inet6_ifaddr *sp_ifa;
++	struct rt6_info *sp_rt;
+ 
+ 	/* ::1 */
+ 
+@@ -2415,6 +2418,30 @@ static void init_loopback(struct net_device *dev)
+ 	}
+ 
+ 	add_addr(idev, &in6addr_loopback, 128, IFA_HOST);
++
++	/* Add routes to other interface's IPv6 addresses */
++	for_each_netdev(dev_net(dev), sp_dev) {
++		if (!strcmp(sp_dev->name, dev->name))
++			continue;
++
++		idev = __in6_dev_get(sp_dev);
++		if (!idev)
++			continue;
++
++		read_lock_bh(&idev->lock);
++		list_for_each_entry(sp_ifa, &idev->addr_list, if_list) {
++
++			if (sp_ifa->flags & (IFA_F_DADFAILED | IFA_F_TENTATIVE))
++				continue;
++
++			sp_rt = addrconf_dst_alloc(idev, &sp_ifa->addr, 0);
++
++			/* Failure cases are ignored */
++			if (!IS_ERR(sp_rt))
++				ip6_ins_rt(sp_rt);
++		}
++		read_unlock_bh(&idev->lock);
++	}
+ }
+ 
+ static void addrconf_add_linklocal(struct inet6_dev *idev, const struct in6_addr *addr)
+diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c
+index 2b0a4ca..411fe2c 100644
+--- a/net/ipv6/reassembly.c
++++ b/net/ipv6/reassembly.c
+@@ -386,8 +386,17 @@ found:
+ 	}
+ 
+ 	if (fq->q.last_in == (INET_FRAG_FIRST_IN | INET_FRAG_LAST_IN) &&
+-	    fq->q.meat == fq->q.len)
+-		return ip6_frag_reasm(fq, prev, dev);
++	    fq->q.meat == fq->q.len) {
++		int res;
++		unsigned long orefdst = skb->_skb_refdst;
++
++		skb->_skb_refdst = 0UL;
++		res = ip6_frag_reasm(fq, prev, dev);
++		skb->_skb_refdst = orefdst;
++		return res;
++	}
++
++	skb_dst_drop(skb);
+ 
+ 	write_lock(&ip6_frags.lock);
+ 	list_move_tail(&fq->q.lru_list, &fq->q.net->lru_list);
+diff --git a/net/irda/af_irda.c b/net/irda/af_irda.c
+index f4b49c5..91821e9 100644
+--- a/net/irda/af_irda.c
++++ b/net/irda/af_irda.c
+@@ -1386,6 +1386,8 @@ static int irda_recvmsg_dgram(struct kiocb *iocb, struct socket *sock,
+ 
+ 	IRDA_DEBUG(4, "%s()\n", __func__);
+ 
++	msg->msg_namelen = 0;
++
+ 	skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
+ 				flags & MSG_DONTWAIT, &err);
+ 	if (!skb)
+diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c
+index cf98d62..e836140 100644
+--- a/net/iucv/af_iucv.c
++++ b/net/iucv/af_iucv.c
+@@ -1356,6 +1356,8 @@ static int iucv_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
+ 	int blen;
+ 	int err = 0;
+ 
++	msg->msg_namelen = 0;
++
+ 	if ((sk->sk_state == IUCV_DISCONN || sk->sk_state == IUCV_SEVERED) &&
+ 	    skb_queue_empty(&iucv->backlog_skb_q) &&
+ 	    skb_queue_empty(&sk->sk_receive_queue) &&
+diff --git a/net/llc/af_llc.c b/net/llc/af_llc.c
+index 99a60d5..e5565c7 100644
+--- a/net/llc/af_llc.c
++++ b/net/llc/af_llc.c
+@@ -720,6 +720,8 @@ static int llc_ui_recvmsg(struct kiocb *iocb, struct socket *sock,
+ 	int target;	/* Read at least this many bytes */
+ 	long timeo;
+ 
++	msg->msg_namelen = 0;
++
+ 	lock_sock(sk);
+ 	copied = -ENOTCONN;
+ 	if (unlikely(sk->sk_type == SOCK_STREAM && sk->sk_state == TCP_LISTEN))
+diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c
+index f156382..3df7c5a 100644
+--- a/net/netrom/af_netrom.c
++++ b/net/netrom/af_netrom.c
+@@ -1178,6 +1178,7 @@ static int nr_recvmsg(struct kiocb *iocb, struct socket *sock,
+ 	}
+ 
+ 	if (sax != NULL) {
++		memset(sax, 0, sizeof(*sax));
+ 		sax->sax25_family = AF_NETROM;
+ 		skb_copy_from_linear_data_offset(skb, 7, sax->sax25_call.ax25_call,
+ 			      AX25_ADDR_LEN);
+diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c
+index f9ea925..1f96fb9 100644
+--- a/net/rose/af_rose.c
++++ b/net/rose/af_rose.c
+@@ -1258,6 +1258,7 @@ static int rose_recvmsg(struct kiocb *iocb, struct socket *sock,
+ 	skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
+ 
+ 	if (srose != NULL) {
++		memset(srose, 0, msg->msg_namelen);
+ 		srose->srose_family = AF_ROSE;
+ 		srose->srose_addr   = rose->dest_addr;
+ 		srose->srose_call   = rose->dest_call;
+diff --git a/net/sched/sch_cbq.c b/net/sched/sch_cbq.c
+index 599f67a..b7cddb9 100644
+--- a/net/sched/sch_cbq.c
++++ b/net/sched/sch_cbq.c
+@@ -963,8 +963,11 @@ cbq_dequeue(struct Qdisc *sch)
+ 		cbq_update(q);
+ 		if ((incr -= incr2) < 0)
+ 			incr = 0;
++		q->now += incr;
++	} else {
++		if (now > q->now)
++			q->now = now;
+ 	}
+-	q->now += incr;
+ 	q->now_rt = now;
+ 
+ 	for (;;) {
+diff --git a/net/sctp/auth.c b/net/sctp/auth.c
+index bf81204..333926d 100644
+--- a/net/sctp/auth.c
++++ b/net/sctp/auth.c
+@@ -71,7 +71,7 @@ void sctp_auth_key_put(struct sctp_auth_bytes *key)
+ 		return;
+ 
+ 	if (atomic_dec_and_test(&key->refcnt)) {
+-		kfree(key);
++		kzfree(key);
+ 		SCTP_DBG_OBJCNT_DEC(keys);
+ 	}
+ }
+diff --git a/net/tipc/socket.c b/net/tipc/socket.c
+index 42b8324..fdf34af 100644
+--- a/net/tipc/socket.c
++++ b/net/tipc/socket.c
+@@ -829,6 +829,7 @@ static void set_orig_addr(struct msghdr *m, struct tipc_msg *msg)
+ 	if (addr) {
+ 		addr->family = AF_TIPC;
+ 		addr->addrtype = TIPC_ADDR_ID;
++		memset(&addr->addr, 0, sizeof(addr->addr));
+ 		addr->addr.id.ref = msg_origport(msg);
+ 		addr->addr.id.node = msg_orignode(msg);
+ 		addr->addr.name.domain = 0;	/* could leave uninitialized */
+@@ -948,6 +949,9 @@ static int recv_msg(struct kiocb *iocb, struct socket *sock,
+ 		goto exit;
+ 	}
+ 
++	/* will be updated in set_orig_addr() if needed */
++	m->msg_namelen = 0;
++
+ 	timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
+ restart:
+ 
+@@ -1074,6 +1078,9 @@ static int recv_stream(struct kiocb *iocb, struct socket *sock,
+ 		goto exit;
+ 	}
+ 
++	/* will be updated in set_orig_addr() if needed */
++	m->msg_namelen = 0;
++
+ 	target = sock_rcvlowat(sk, flags & MSG_WAITALL, buf_len);
+ 	timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
+ restart:
+diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
+index 18978b6..5611563 100644
+--- a/net/unix/af_unix.c
++++ b/net/unix/af_unix.c
+@@ -1956,7 +1956,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
+ 			if ((UNIXCB(skb).pid  != siocb->scm->pid) ||
+ 			    (UNIXCB(skb).cred != siocb->scm->cred))
+ 				break;
+-		} else {
++		} else if (test_bit(SOCK_PASSCRED, &sock->flags)) {
+ 			/* Copy credentials */
+ 			scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred);
+ 			check_creds = 1;
+diff --git a/net/wireless/reg.c b/net/wireless/reg.c
+index 0b08905..21958cd 100644
+--- a/net/wireless/reg.c
++++ b/net/wireless/reg.c
+@@ -853,7 +853,7 @@ static void handle_channel(struct wiphy *wiphy,
+ 			return;
+ 
+ 		REG_DBG_PRINT("Disabling freq %d MHz\n", chan->center_freq);
+-		chan->flags = IEEE80211_CHAN_DISABLED;
++		chan->flags |= IEEE80211_CHAN_DISABLED;
+ 		return;
+ 	}
+ 
+diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c
+index 7ada40e..638600b 100644
+--- a/sound/core/pcm_native.c
++++ b/sound/core/pcm_native.c
+@@ -3204,18 +3204,10 @@ EXPORT_SYMBOL_GPL(snd_pcm_lib_default_mmap);
+ int snd_pcm_lib_mmap_iomem(struct snd_pcm_substream *substream,
+ 			   struct vm_area_struct *area)
+ {
+-	long size;
+-	unsigned long offset;
++	struct snd_pcm_runtime *runtime = substream->runtime;;
+ 
+ 	area->vm_page_prot = pgprot_noncached(area->vm_page_prot);
+-	area->vm_flags |= VM_IO;
+-	size = area->vm_end - area->vm_start;
+-	offset = area->vm_pgoff << PAGE_SHIFT;
+-	if (io_remap_pfn_range(area, area->vm_start,
+-				(substream->runtime->dma_addr + offset) >> PAGE_SHIFT,
+-				size, area->vm_page_prot))
+-		return -EAGAIN;
+-	return 0;
++	return vm_iomap_memory(area, runtime->dma_addr, runtime->dma_bytes);
+ }
+ 
+ EXPORT_SYMBOL(snd_pcm_lib_mmap_iomem);
+diff --git a/sound/soc/codecs/max98088.c b/sound/soc/codecs/max98088.c
+index ebbf63c..b7cf246 100644
+--- a/sound/soc/codecs/max98088.c
++++ b/sound/soc/codecs/max98088.c
+@@ -2007,7 +2007,7 @@ static int max98088_probe(struct snd_soc_codec *codec)
+                        ret);
+                goto err_access;
+        }
+-       dev_info(codec->dev, "revision %c\n", ret + 'A');
++       dev_info(codec->dev, "revision %c\n", ret - 0x40 + 'A');
+ 
+        snd_soc_write(codec, M98088_REG_51_PWR_SYS, M98088_PWRSV);
+ 
+diff --git a/sound/usb/card.c b/sound/usb/card.c
+index 566acb3..acb7fac 100644
+--- a/sound/usb/card.c
++++ b/sound/usb/card.c
+@@ -611,7 +611,9 @@ int snd_usb_autoresume(struct snd_usb_audio *chip)
+ 	int err = -ENODEV;
+ 
+ 	down_read(&chip->shutdown_rwsem);
+-	if (!chip->shutdown && !chip->probing)
++	if (chip->probing)
++		err = 0;
++	else if (!chip->shutdown)
+ 		err = usb_autopm_get_interface(chip->pm_intf);
+ 	up_read(&chip->shutdown_rwsem);
+ 
+diff --git a/sound/usb/card.h b/sound/usb/card.h
+index 665e297..2b7559c 100644
+--- a/sound/usb/card.h
++++ b/sound/usb/card.h
+@@ -73,6 +73,7 @@ struct snd_usb_substream {
+ 	unsigned int fill_max: 1;	/* fill max packet size always */
+ 	unsigned int txfr_quirk:1;	/* allow sub-frame alignment */
+ 	unsigned int fmt_type;		/* USB audio format type (1-3) */
++	unsigned int pkt_offset_adj;	/* Bytes to drop from beginning of packets (for non-compliant devices) */
+ 
+ 	unsigned int running: 1;	/* running status */
+ 
+diff --git a/sound/usb/endpoint.c b/sound/usb/endpoint.c
+index 9ab2b3e..5ebe8c4 100644
+--- a/sound/usb/endpoint.c
++++ b/sound/usb/endpoint.c
+@@ -458,7 +458,7 @@ static int retire_capture_urb(struct snd_usb_substream *subs,
+ 	stride = runtime->frame_bits >> 3;
+ 
+ 	for (i = 0; i < urb->number_of_packets; i++) {
+-		cp = (unsigned char *)urb->transfer_buffer + urb->iso_frame_desc[i].offset;
++		cp = (unsigned char *)urb->transfer_buffer + urb->iso_frame_desc[i].offset + subs->pkt_offset_adj;
+ 		if (urb->iso_frame_desc[i].status && printk_ratelimit()) {
+ 			snd_printdd("frame %d active: %d\n", i, urb->iso_frame_desc[i].status);
+ 			// continue;
+@@ -898,6 +898,7 @@ void snd_usb_init_substream(struct snd_usb_stream *as,
+ 	subs->speed = snd_usb_get_speed(subs->dev);
+ 	if (subs->speed >= USB_SPEED_HIGH)
+ 		subs->ops.prepare_sync = prepare_capture_sync_urb_hs;
++	subs->pkt_offset_adj = 0;
+ 
+ 	snd_usb_set_pcm_ops(as->pcm, stream);
+ 
+diff --git a/sound/usb/midi.c b/sound/usb/midi.c
+index 34b9bb7..e5fee18 100644
+--- a/sound/usb/midi.c
++++ b/sound/usb/midi.c
+@@ -126,7 +126,6 @@ struct snd_usb_midi {
+ 		struct snd_usb_midi_in_endpoint *in;
+ 	} endpoints[MIDI_MAX_ENDPOINTS];
+ 	unsigned long input_triggered;
+-	bool autopm_reference;
+ 	unsigned int opened[2];
+ 	unsigned char disconnected;
+ 	unsigned char input_running;
+@@ -1040,7 +1039,6 @@ static int substream_open(struct snd_rawmidi_substream *substream, int dir,
+ {
+ 	struct snd_usb_midi* umidi = substream->rmidi->private_data;
+ 	struct snd_kcontrol *ctl;
+-	int err;
+ 
+ 	down_read(&umidi->disc_rwsem);
+ 	if (umidi->disconnected) {
+@@ -1051,13 +1049,6 @@ static int substream_open(struct snd_rawmidi_substream *substream, int dir,
+ 	mutex_lock(&umidi->mutex);
+ 	if (open) {
+ 		if (!umidi->opened[0] && !umidi->opened[1]) {
+-			err = usb_autopm_get_interface(umidi->iface);
+-			umidi->autopm_reference = err >= 0;
+-			if (err < 0 && err != -EACCES) {
+-				mutex_unlock(&umidi->mutex);
+-				up_read(&umidi->disc_rwsem);
+-				return -EIO;
+-			}
+ 			if (umidi->roland_load_ctl) {
+ 				ctl = umidi->roland_load_ctl;
+ 				ctl->vd[0].access |= SNDRV_CTL_ELEM_ACCESS_INACTIVE;
+@@ -1080,8 +1071,6 @@ static int substream_open(struct snd_rawmidi_substream *substream, int dir,
+ 				snd_ctl_notify(umidi->card,
+ 				       SNDRV_CTL_EVENT_MASK_INFO, &ctl->id);
+ 			}
+-			if (umidi->autopm_reference)
+-				usb_autopm_put_interface(umidi->iface);
+ 		}
+ 	}
+ 	mutex_unlock(&umidi->mutex);
+@@ -2256,6 +2245,8 @@ int snd_usbmidi_create(struct snd_card *card,
+ 		return err;
+ 	}
+ 
++	usb_autopm_get_interface_no_resume(umidi->iface);
++
+ 	list_add_tail(&umidi->list, midi_list);
+ 	return 0;
+ }
+diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c
+index dfbd65d..42eeee8 100644
+--- a/sound/usb/quirks.c
++++ b/sound/usb/quirks.c
+@@ -744,6 +744,7 @@ static void set_format_emu_quirk(struct snd_usb_substream *subs,
+ 		break;
+ 	}
+ 	snd_emuusb_set_samplerate(subs->stream->chip, emu_samplerate_id);
++	subs->pkt_offset_adj = (emu_samplerate_id >= EMU_QUIRK_SR_176400HZ) ? 4 : 0;
+ }
+ 
+ void snd_usb_set_format_quirk(struct snd_usb_substream *subs,
+diff --git a/sound/usb/stream.c b/sound/usb/stream.c
+index 5ff8010..33a335b 100644
+--- a/sound/usb/stream.c
++++ b/sound/usb/stream.c
+@@ -168,6 +168,14 @@ static int parse_uac_endpoint_attributes(struct snd_usb_audio *chip,
+ 	if (!csep && altsd->bNumEndpoints >= 2)
+ 		csep = snd_usb_find_desc(alts->endpoint[1].extra, alts->endpoint[1].extralen, NULL, USB_DT_CS_ENDPOINT);
+ 
++	/*
++	 * If we can't locate the USB_DT_CS_ENDPOINT descriptor in the extra
++	 * bytes after the first endpoint, go search the entire interface.
++	 * Some devices have it directly *before* the standard endpoint.
++	 */
++	if (!csep)
++		csep = snd_usb_find_desc(alts->extra, alts->extralen, NULL, USB_DT_CS_ENDPOINT);
++
+ 	if (!csep || csep->bLength < 7 ||
+ 	    csep->bDescriptorSubtype != UAC_EP_GENERAL) {
+ 		snd_printk(KERN_WARNING "%d:%u:%d : no or invalid"
diff --git a/3.2.44/4420_grsecurity-2.9.1-3.2.44-201305082214.patch b/3.2.45/4420_grsecurity-2.9.1-3.2.45-201305142033.patch
index b2ac53e..d1995bd 100644
--- a/3.2.44/4420_grsecurity-2.9.1-3.2.44-201305082214.patch
+++ b/3.2.45/4420_grsecurity-2.9.1-3.2.45-201305142033.patch
@@ -262,7 +262,7 @@ index 88fd7f5..b318a78 100644
  ==============================================================
  
 diff --git a/Makefile b/Makefile
-index 566750c..8155f8b 100644
+index 9072fee..85e58c2 100644
 --- a/Makefile
 +++ b/Makefile
 @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -2676,7 +2676,7 @@ index c539c68..c95d3db 100644
  	.notifier_call = err_inject_cpu_callback,
  };
 diff --git a/arch/ia64/kernel/mca.c b/arch/ia64/kernel/mca.c
-index 84fb405..7f52920 100644
+index 9b97303..69464a9 100644
 --- a/arch/ia64/kernel/mca.c
 +++ b/arch/ia64/kernel/mca.c
 @@ -1919,7 +1919,7 @@ static int __cpuinit mca_cpu_callback(struct notifier_block *nfb,
@@ -5193,7 +5193,7 @@ index 5b63bd3..248942d 100644
  };
  
 diff --git a/arch/powerpc/mm/numa.c b/arch/powerpc/mm/numa.c
-index b22a83a..e55f74f 100644
+index 24523dc..7205007 100644
 --- a/arch/powerpc/mm/numa.c
 +++ b/arch/powerpc/mm/numa.c
 @@ -964,7 +964,7 @@ static void __init *careful_zallocation(int nid, unsigned long size,
@@ -5292,10 +5292,10 @@ index 0cfece4..2f1a0e5 100644
  	struct spu_context *ctx = vma->vm_file->private_data;
  	unsigned long offset = address - vma->vm_start;
 diff --git a/arch/powerpc/platforms/cell/spufs/inode.c b/arch/powerpc/platforms/cell/spufs/inode.c
-index e481f6b..6f90539 100644
+index 70ec4e9..3e7a115 100644
 --- a/arch/powerpc/platforms/cell/spufs/inode.c
 +++ b/arch/powerpc/platforms/cell/spufs/inode.c
-@@ -810,6 +810,7 @@ static struct file_system_type spufs_type = {
+@@ -811,6 +811,7 @@ static struct file_system_type spufs_type = {
  	.mount = spufs_mount,
  	.kill_sb = kill_litter_super,
  };
@@ -7072,7 +7072,7 @@ index 76e4ac1..78f8bb1 100644
  	}
  }
 diff --git a/arch/sparc/kernel/us3_cpufreq.c b/arch/sparc/kernel/us3_cpufreq.c
-index eb1624b..f9f4ddb 100644
+index eb1624b..55100de 100644
 --- a/arch/sparc/kernel/us3_cpufreq.c
 +++ b/arch/sparc/kernel/us3_cpufreq.c
 @@ -18,14 +18,12 @@
@@ -7162,7 +7162,7 @@ index eb1624b..f9f4ddb 100644
 -		return ret;
 -	}
 +	     impl == PANTHER_IMPL))
-+		return cpufreq_register_driver(cpufreq_us3_driver);
++		return cpufreq_register_driver(&cpufreq_us3_driver);
  
  	return -ENODEV;
  }
@@ -7176,7 +7176,7 @@ index eb1624b..f9f4ddb 100644
 -		kfree(us3_freq_table);
 -		us3_freq_table = NULL;
 -	}
-+	cpufreq_unregister_driver(cpufreq_us3_driver);
++	cpufreq_unregister_driver(&cpufreq_us3_driver);
  }
  
  MODULE_AUTHOR("David S. Miller <davem@redhat.com>");
@@ -9593,7 +9593,7 @@ index 6557769..ef6ae89 100644
  
  	if (err)
 diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S
-index 95b4eb3..ccdcbb6 100644
+index 95b4eb3..1b112f5 100644
 --- a/arch/x86/ia32/ia32entry.S
 +++ b/arch/x86/ia32/ia32entry.S
 @@ -13,7 +13,9 @@
@@ -9686,7 +9686,7 @@ index 95b4eb3..ccdcbb6 100644
   	   32bit zero extended */ 
 +
 +#ifdef CONFIG_PAX_MEMORY_UDEREF
-+	mov $PAX_USER_SHADOW_BASE,%r11
++	mov pax_user_shadow_base,%r11
 +	add %r11,%rbp
 +#endif
 +
@@ -9809,7 +9809,7 @@ index 95b4eb3..ccdcbb6 100644
  	/* hardware stack frame is complete now */	
 +
 +#ifdef CONFIG_PAX_MEMORY_UDEREF
-+	mov $PAX_USER_SHADOW_BASE,%r11
++	mov pax_user_shadow_base,%r11
 +	add %r11,%r8
 +#endif
 +
@@ -12502,7 +12502,7 @@ index cb00ccc..17e9054 100644
  
  /*
 diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h
-index 6be9909..4afeb15 100644
+index 6be9909..b7543b2 100644
 --- a/arch/x86/include/asm/pgtable.h
 +++ b/arch/x86/include/asm/pgtable.h
 @@ -44,6 +44,7 @@ extern struct mm_struct *pgd_page_get_mm(struct page *page);
@@ -12635,7 +12635,7 @@ index 6be9909..4afeb15 100644
  /*
   * a shortcut which implies the use of the kernel's pgd, instead
   * of a process's
-@@ -604,6 +678,20 @@ static inline int pgd_none(pgd_t pgd)
+@@ -604,6 +678,22 @@ static inline int pgd_none(pgd_t pgd)
  #define KERNEL_PGD_BOUNDARY	pgd_index(PAGE_OFFSET)
  #define KERNEL_PGD_PTRS		(PTRS_PER_PGD - KERNEL_PGD_BOUNDARY)
  
@@ -12646,9 +12646,11 @@ index 6be9909..4afeb15 100644
 +#define USER_PGD_PTRS		(_AC(1,UL) << (TASK_SIZE_MAX_SHIFT - PGDIR_SHIFT))
 +
 +#ifdef CONFIG_PAX_MEMORY_UDEREF
-+#define PAX_USER_SHADOW_BASE	(_AC(1,UL) << TASK_SIZE_MAX_SHIFT)
++#ifdef __ASSEMBLY__
++#define pax_user_shadow_base	pax_user_shadow_base(%rip)
 +#else
-+#define PAX_USER_SHADOW_BASE	(_AC(0,UL))
++extern unsigned long pax_user_shadow_base;
++#endif
 +#endif
 +
 +#endif
@@ -12656,7 +12658,7 @@ index 6be9909..4afeb15 100644
  #ifndef __ASSEMBLY__
  
  extern int direct_gbpages;
-@@ -768,11 +856,23 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm,
+@@ -768,11 +858,23 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm,
   * dst and src can be on the same page, but the range must not overlap,
   * and must not cross a page boundary.
   */
@@ -13785,7 +13787,7 @@ index d7ef849..b1b009a 100644
  #endif
  #endif /* _ASM_X86_THREAD_INFO_H */
 diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h
-index 36361bf..d10fb9a 100644
+index 36361bf..4252f11 100644
 --- a/arch/x86/include/asm/uaccess.h
 +++ b/arch/x86/include/asm/uaccess.h
 @@ -7,6 +7,7 @@
@@ -13931,9 +13933,9 @@ index 36361bf..d10fb9a 100644
 +#define ____m(x)					\
 +({							\
 +	unsigned long ____x = (unsigned long)(x);	\
-+	if (____x < PAX_USER_SHADOW_BASE)		\
-+		____x += PAX_USER_SHADOW_BASE;		\
-+	(void __user *)____x;				\
++	if (____x < pax_user_shadow_base)		\
++		____x += pax_user_shadow_base;		\
++	(typeof(x))____x;				\
 +})
 +#else
 +#define ____m(x) (x)
@@ -19310,7 +19312,7 @@ index 2f45c4c..3f51a0c 100644
  }
  
 diff --git a/arch/x86/kernel/kprobes.c b/arch/x86/kernel/kprobes.c
-index 7da647d..e88104f 100644
+index 7da647d..6e9fab5 100644
 --- a/arch/x86/kernel/kprobes.c
 +++ b/arch/x86/kernel/kprobes.c
 @@ -117,9 +117,12 @@ static void __kprobes __synthesize_relative_insn(void *from, void *to, u8 op)
@@ -19452,7 +19454,23 @@ index 7da647d..e88104f 100644
  		return ret;
  
  	switch (val) {
-@@ -1307,7 +1317,7 @@ static int __kprobes can_optimize(unsigned long paddr)
+@@ -1120,6 +1130,7 @@ static void __kprobes synthesize_relcall(void *from, void *to)
+ static void __kprobes synthesize_set_arg1(kprobe_opcode_t *addr,
+ 					  unsigned long val)
+ {
++	pax_open_kernel();
+ #ifdef CONFIG_X86_64
+ 	*addr++ = 0x48;
+ 	*addr++ = 0xbf;
+@@ -1127,6 +1138,7 @@ static void __kprobes synthesize_set_arg1(kprobe_opcode_t *addr,
+ 	*addr++ = 0xb8;
+ #endif
+ 	*(unsigned long *)addr = val;
++	pax_close_kernel();
+ }
+ 
+ static void __used __kprobes kprobes_optinsn_template_holder(void)
+@@ -1307,7 +1319,7 @@ static int __kprobes can_optimize(unsigned long paddr)
  			ret = recover_probed_instruction(buf, addr);
  			if (ret)
  				return 0;
@@ -19461,7 +19479,7 @@ index 7da647d..e88104f 100644
  		}
  		insn_get_length(&insn);
  		/* Recover address */
-@@ -1384,7 +1394,7 @@ int __kprobes arch_prepare_optimized_kprobe(struct optimized_kprobe *op)
+@@ -1384,7 +1396,7 @@ int __kprobes arch_prepare_optimized_kprobe(struct optimized_kprobe *op)
  	 * Verify if the address gap is in 2GB range, because this uses
  	 * a relative jump.
  	 */
@@ -19470,12 +19488,14 @@ index 7da647d..e88104f 100644
  	if (abs(rel) > 0x7fffffff)
  		return -ERANGE;
  
-@@ -1399,16 +1409,16 @@ int __kprobes arch_prepare_optimized_kprobe(struct optimized_kprobe *op)
+@@ -1399,16 +1411,18 @@ int __kprobes arch_prepare_optimized_kprobe(struct optimized_kprobe *op)
  	op->optinsn.size = ret;
  
  	/* Copy arch-dep-instance from template */
 -	memcpy(buf, &optprobe_template_entry, TMPL_END_IDX);
++	pax_open_kernel();
 +	memcpy(buf, ktla_ktva(&optprobe_template_entry), TMPL_END_IDX);
++	pax_close_kernel();
  
  	/* Set probe information */
  	synthesize_set_arg1(buf + TMPL_MOVE_IDX, (unsigned long)op);
@@ -19490,7 +19510,7 @@ index 7da647d..e88104f 100644
  			   (u8 *)op->kp.addr + op->optinsn.size);
  
  	flush_icache_range((unsigned long) buf,
-@@ -1431,7 +1441,7 @@ static void __kprobes setup_optimize_kprobe(struct text_poke_param *tprm,
+@@ -1431,7 +1445,7 @@ static void __kprobes setup_optimize_kprobe(struct text_poke_param *tprm,
  			((long)op->kp.addr + RELATIVEJUMP_SIZE));
  
  	/* Backup instructions which will be replaced by jump address */
@@ -19499,7 +19519,7 @@ index 7da647d..e88104f 100644
  	       RELATIVE_ADDR_SIZE);
  
  	insn_buf[0] = RELATIVEJUMP_OPCODE;
-@@ -1530,7 +1540,7 @@ static int  __kprobes setup_detour_execution(struct kprobe *p,
+@@ -1530,7 +1544,7 @@ static int  __kprobes setup_detour_execution(struct kprobe *p,
  		/* This kprobe is really able to run optimized path. */
  		op = container_of(p, struct optimized_kprobe, kp);
  		/* Detour through copied instructions */
@@ -23552,7 +23572,7 @@ index 0248402..821c786 100644
  
  	.section .fixup,"ax"
 diff --git a/arch/x86/lib/copy_user_nocache_64.S b/arch/x86/lib/copy_user_nocache_64.S
-index cb0c112..e3a6895 100644
+index cb0c112..61e0020 100644
 --- a/arch/x86/lib/copy_user_nocache_64.S
 +++ b/arch/x86/lib/copy_user_nocache_64.S
 @@ -8,12 +8,14 @@
@@ -23576,7 +23596,7 @@ index cb0c112..e3a6895 100644
  	CFI_STARTPROC
 +
 +#ifdef CONFIG_PAX_MEMORY_UDEREF
-+	mov $PAX_USER_SHADOW_BASE,%rcx
++	mov pax_user_shadow_base,%rcx
 +	cmp %rcx,%rsi
 +	jae 1f
 +	add %rcx,%rsi
@@ -23661,7 +23681,7 @@ index 459b58a..d67737f 100644
  }
  EXPORT_SYMBOL(csum_partial_copy_to_user);
 diff --git a/arch/x86/lib/getuser.S b/arch/x86/lib/getuser.S
-index 51f1504..ddac4c1 100644
+index 51f1504..144f6bd 100644
 --- a/arch/x86/lib/getuser.S
 +++ b/arch/x86/lib/getuser.S
 @@ -33,15 +33,38 @@
@@ -23689,7 +23709,7 @@ index 51f1504..ddac4c1 100644
 -1:	movzb (%_ASM_AX),%edx
 +
 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
-+	mov $PAX_USER_SHADOW_BASE,%_ASM_DX
++	mov pax_user_shadow_base,%_ASM_DX
 +	cmp %_ASM_DX,%_ASM_AX
 +	jae 1234f
 +	add %_ASM_DX,%_ASM_AX
@@ -23717,7 +23737,7 @@ index 51f1504..ddac4c1 100644
 -2:	movzwl -1(%_ASM_AX),%edx
 +
 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
-+	mov $PAX_USER_SHADOW_BASE,%_ASM_DX
++	mov pax_user_shadow_base,%_ASM_DX
 +	cmp %_ASM_DX,%_ASM_AX
 +	jae 1234f
 +	add %_ASM_DX,%_ASM_AX
@@ -23745,7 +23765,7 @@ index 51f1504..ddac4c1 100644
 -3:	mov -3(%_ASM_AX),%edx
 +
 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
-+	mov $PAX_USER_SHADOW_BASE,%_ASM_DX
++	mov pax_user_shadow_base,%_ASM_DX
 +	cmp %_ASM_DX,%_ASM_AX
 +	jae 1234f
 +	add %_ASM_DX,%_ASM_AX
@@ -23766,7 +23786,7 @@ index 51f1504..ddac4c1 100644
  	jae	bad_get_user
 +
 +#ifdef CONFIG_PAX_MEMORY_UDEREF
-+	mov $PAX_USER_SHADOW_BASE,%_ASM_DX
++	mov pax_user_shadow_base,%_ASM_DX
 +	cmp %_ASM_DX,%_ASM_AX
 +	jae 1234f
 +	add %_ASM_DX,%_ASM_AX
@@ -24468,7 +24488,7 @@ index 69fa106..adda88b 100644
  3:
  	CFI_RESTORE_STATE
 diff --git a/arch/x86/lib/putuser.S b/arch/x86/lib/putuser.S
-index 36b0d15..d381858 100644
+index 36b0d15..3edf573 100644
 --- a/arch/x86/lib/putuser.S
 +++ b/arch/x86/lib/putuser.S
 @@ -15,7 +15,9 @@
@@ -24516,7 +24536,7 @@ index 36b0d15..d381858 100644
 -1:	movb %al,(%_ASM_CX)
 +
 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
-+	mov $PAX_USER_SHADOW_BASE,%_ASM_BX
++	mov pax_user_shadow_base,%_ASM_BX
 +	cmp %_ASM_BX,%_ASM_CX
 +	jb 1234f
 +	xor %ebx,%ebx
@@ -24542,7 +24562,7 @@ index 36b0d15..d381858 100644
 -2:	movw %ax,(%_ASM_CX)
 +
 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
-+	mov $PAX_USER_SHADOW_BASE,%_ASM_BX
++	mov pax_user_shadow_base,%_ASM_BX
 +	cmp %_ASM_BX,%_ASM_CX
 +	jb 1234f
 +	xor %ebx,%ebx
@@ -24568,7 +24588,7 @@ index 36b0d15..d381858 100644
 -3:	movl %eax,(%_ASM_CX)
 +
 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
-+	mov $PAX_USER_SHADOW_BASE,%_ASM_BX
++	mov pax_user_shadow_base,%_ASM_BX
 +	cmp %_ASM_BX,%_ASM_CX
 +	jb 1234f
 +	xor %ebx,%ebx
@@ -24594,7 +24614,7 @@ index 36b0d15..d381858 100644
 -4:	mov %_ASM_AX,(%_ASM_CX)
 +
 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
-+	mov $PAX_USER_SHADOW_BASE,%_ASM_BX
++	mov pax_user_shadow_base,%_ASM_BX
 +	cmp %_ASM_BX,%_ASM_CX
 +	jb 1234f
 +	xor %ebx,%ebx
@@ -25390,7 +25410,7 @@ index e218d5d..7d522b8 100644
 +EXPORT_SYMBOL(set_fs);
 +#endif
 diff --git a/arch/x86/lib/usercopy_64.c b/arch/x86/lib/usercopy_64.c
-index 554b7b5..2f1b9c2 100644
+index 554b7b5..4027e2c 100644
 --- a/arch/x86/lib/usercopy_64.c
 +++ b/arch/x86/lib/usercopy_64.c
 @@ -42,6 +42,12 @@ long
@@ -25399,8 +25419,8 @@ index 554b7b5..2f1b9c2 100644
  	long res;
 +
 +#ifdef CONFIG_PAX_MEMORY_UDEREF
-+	if ((unsigned long)src < PAX_USER_SHADOW_BASE)
-+		src += PAX_USER_SHADOW_BASE;
++	if ((unsigned long)src < pax_user_shadow_base)
++		src += pax_user_shadow_base;
 +#endif
 +
  	__do_strncpy_from_user(dst, src, count, res);
@@ -25471,7 +25491,7 @@ index d0474ad..36e9257 100644
  		extern u32 pnp_bios_is_utter_crap;
  		pnp_bios_is_utter_crap = 1;
 diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
-index 53a7b69..0b31dac 100644
+index 53a7b69..8cc6fea 100644
 --- a/arch/x86/mm/fault.c
 +++ b/arch/x86/mm/fault.c
 @@ -13,11 +13,18 @@
@@ -25835,17 +25855,17 @@ index 53a7b69..0b31dac 100644
 +	unsigned long address = read_cr2();
 +
 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
-+	if (!user_mode(regs) && address < 2 * PAX_USER_SHADOW_BASE) {
++	if (!user_mode(regs) && address < 2 * pax_user_shadow_base) {
 +		if (!search_exception_tables(regs->ip)) {
 +			bad_area_nosemaphore(regs, error_code, address);
 +			return;
 +		}
-+		if (address < PAX_USER_SHADOW_BASE) {
++		if (address < pax_user_shadow_base) {
 +			printk(KERN_ERR "PAX: please report this to pageexec@freemail.hu\n");
 +			printk(KERN_ERR "PAX: faulting IP: %pS\n", (void *)regs->ip);
 +			show_trace_log_lvl(NULL, NULL, (void *)regs->sp, regs->bp, KERN_ERR);
 +		} else
-+			address -= PAX_USER_SHADOW_BASE;
++			address -= pax_user_shadow_base;
 +	}
 +#endif
 +
@@ -26456,7 +26476,7 @@ index df7d12c..7bbdfc3 100644
  	}
  	if (mm->get_unmapped_area == arch_get_unmapped_area)
 diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
-index 34a7f40..579f383 100644
+index a4cca06..e2ccdf7 100644
 --- a/arch/x86/mm/init.c
 +++ b/arch/x86/mm/init.c
 @@ -3,6 +3,7 @@
@@ -26482,10 +26502,10 @@ index 34a7f40..579f383 100644
  	unsigned long puds = 0, pmds = 0, ptes = 0, tables;
 -	unsigned long start = 0, good_end;
 +	unsigned long start = 0x100000, good_end;
+ 	unsigned long pgd_extra = 0;
  	phys_addr_t base;
  
- 	for (i = 0; i < nr_range; i++) {
-@@ -319,10 +322,40 @@ unsigned long __init_refok init_memory_mapping(unsigned long start,
+@@ -324,10 +327,40 @@ unsigned long __init_refok init_memory_mapping(unsigned long start,
   * Access has to be given to non-kernel-ram areas as well, these contain the PCI
   * mmio resources as well as potential bios/acpi data regions.
   */
@@ -26527,7 +26547,7 @@ index 34a7f40..579f383 100644
  	if (iomem_is_exclusive(pagenr << PAGE_SHIFT))
  		return 0;
  	if (!page_is_ram(pagenr))
-@@ -379,8 +412,117 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
+@@ -384,8 +417,117 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
  #endif
  }
  
@@ -29433,7 +29453,7 @@ index 153407c..611cba9 100644
 -}
 -__setup("vdso=", vdso_setup);
 diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
-index 69b9ef6..aa929bc 100644
+index 044f5d9..d4e3e58 100644
 --- a/arch/x86/xen/enlighten.c
 +++ b/arch/x86/xen/enlighten.c
 @@ -86,8 +86,6 @@ EXPORT_SYMBOL_GPL(xen_start_info);
@@ -29545,7 +29565,7 @@ index 69b9ef6..aa929bc 100644
  	xen_smp_init();
  
  #ifdef CONFIG_ACPI_NUMA
-@@ -1400,7 +1399,7 @@ static int __cpuinit xen_hvm_cpu_notify(struct notifier_block *self,
+@@ -1403,7 +1402,7 @@ static int __cpuinit xen_hvm_cpu_notify(struct notifier_block *self,
  	return NOTIFY_OK;
  }
  
@@ -29597,7 +29617,7 @@ index fe00be69..d2c142a 100644
  	.alloc_pud = xen_alloc_pmd_init,
  	.release_pud = xen_release_pmd_init,
 diff --git a/arch/x86/xen/smp.c b/arch/x86/xen/smp.c
-index 9a23fff..c05e794 100644
+index 6e4d5dc..78c131b 100644
 --- a/arch/x86/xen/smp.c
 +++ b/arch/x86/xen/smp.c
 @@ -209,11 +209,6 @@ static void __init xen_smp_prepare_boot_cpu(void)
@@ -32066,10 +32086,10 @@ index f773a9d..65cd683 100644
  	 	    return -EINVAL;
  	    else
 diff --git a/drivers/char/hpet.c b/drivers/char/hpet.c
-index 0833896..cccce52 100644
+index 14d49e4..d331fd8 100644
 --- a/drivers/char/hpet.c
 +++ b/drivers/char/hpet.c
-@@ -572,7 +572,7 @@ static inline unsigned long hpet_time_div(struct hpets *hpets,
+@@ -560,7 +560,7 @@ static inline unsigned long hpet_time_div(struct hpets *hpets,
  }
  
  static int
@@ -33736,10 +33756,10 @@ index 9b4e5c6..d7ec240 100644
  	mutex_unlock(&dev->struct_mutex);
  
 diff --git a/drivers/gpu/drm/i915/i915_dma.c b/drivers/gpu/drm/i915/i915_dma.c
-index ca67338..0003ba7 100644
+index c77fc67..4057c13 100644
 --- a/drivers/gpu/drm/i915/i915_dma.c
 +++ b/drivers/gpu/drm/i915/i915_dma.c
-@@ -1172,7 +1172,7 @@ static bool i915_switcheroo_can_switch(struct pci_dev *pdev)
+@@ -1166,7 +1166,7 @@ static bool i915_switcheroo_can_switch(struct pci_dev *pdev)
  	bool can_switch;
  
  	spin_lock(&dev->count_lock);
@@ -33749,7 +33769,7 @@ index ca67338..0003ba7 100644
  	return can_switch;
  }
 diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h
-index 144d37c..bf1110f 100644
+index 20cd295..052b178 100644
 --- a/drivers/gpu/drm/i915/i915_drv.h
 +++ b/drivers/gpu/drm/i915/i915_drv.h
 @@ -320,7 +320,7 @@ typedef struct drm_i915_private {
@@ -33761,7 +33781,7 @@ index 144d37c..bf1110f 100644
  
  	/* protects the irq masks */
  	spinlock_t irq_lock;
-@@ -897,7 +897,7 @@ struct drm_i915_gem_object {
+@@ -898,7 +898,7 @@ struct drm_i915_gem_object {
  	 * will be page flipped away on the next vblank.  When it
  	 * reaches 0, dev_priv->pending_flip_queue will be woken up.
  	 */
@@ -33770,7 +33790,7 @@ index 144d37c..bf1110f 100644
  };
  
  #define to_intel_bo(x) container_of(x, struct drm_i915_gem_object, base)
-@@ -1274,7 +1274,7 @@ extern int intel_setup_gmbus(struct drm_device *dev);
+@@ -1275,7 +1275,7 @@ extern int intel_setup_gmbus(struct drm_device *dev);
  extern void intel_teardown_gmbus(struct drm_device *dev);
  extern void intel_gmbus_set_speed(struct i2c_adapter *adapter, int speed);
  extern void intel_gmbus_force_bit(struct i2c_adapter *adapter, bool force_bit);
@@ -33898,7 +33918,7 @@ index 93e74fb..4a1182d 100644
  	INIT_WORK(&dev_priv->hotplug_work, i915_hotplug_work_func);
  	INIT_WORK(&dev_priv->error_work, i915_error_work_func);
 diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
-index 897ca06..ea0a32a 100644
+index cfbb893..982d86d 100644
 --- a/drivers/gpu/drm/i915/intel_display.c
 +++ b/drivers/gpu/drm/i915/intel_display.c
 @@ -2215,7 +2215,7 @@ intel_finish_fb(struct drm_framebuffer *old_fb)
@@ -34325,10 +34345,10 @@ index a9e33ce..09edd4b 100644
  
  #endif
 diff --git a/drivers/gpu/drm/radeon/evergreen.c b/drivers/gpu/drm/radeon/evergreen.c
-index 60d13fe..56badbf 100644
+index 0495a50..6d67dd7 100644
 --- a/drivers/gpu/drm/radeon/evergreen.c
 +++ b/drivers/gpu/drm/radeon/evergreen.c
-@@ -3066,7 +3066,9 @@ static int evergreen_startup(struct radeon_device *rdev)
+@@ -3076,7 +3076,9 @@ static int evergreen_startup(struct radeon_device *rdev)
  	r = evergreen_blit_init(rdev);
  	if (r) {
  		r600_blit_fini(rdev);
@@ -37367,7 +37387,7 @@ index 8953630..29b12d9 100644
  
  void dm_uevent_add(struct mapped_device *md, struct list_head *elist)
 diff --git a/drivers/md/md.c b/drivers/md/md.c
-index 1702133..f8faeb6 100644
+index 2d0544c..bc3c200 100644
 --- a/drivers/md/md.c
 +++ b/drivers/md/md.c
 @@ -278,10 +278,10 @@ EXPORT_SYMBOL_GPL(md_trim_bio);
@@ -37439,7 +37459,7 @@ index 1702133..f8faeb6 100644
  
  	INIT_LIST_HEAD(&rdev->same_set);
  	init_waitqueue_head(&rdev->blocked_wait);
-@@ -6706,7 +6706,7 @@ static int md_seq_show(struct seq_file *seq, void *v)
+@@ -6703,7 +6703,7 @@ static int md_seq_show(struct seq_file *seq, void *v)
  
  		spin_unlock(&pers_lock);
  		seq_printf(seq, "\n");
@@ -37448,7 +37468,7 @@ index 1702133..f8faeb6 100644
  		return 0;
  	}
  	if (v == (void*)2) {
-@@ -6795,7 +6795,7 @@ static int md_seq_show(struct seq_file *seq, void *v)
+@@ -6792,7 +6792,7 @@ static int md_seq_show(struct seq_file *seq, void *v)
  				chunk_kb ? "KB" : "B");
  			if (bitmap->file) {
  				seq_printf(seq, ", file: ");
@@ -37457,7 +37477,7 @@ index 1702133..f8faeb6 100644
  			}
  
  			seq_printf(seq, "\n");
-@@ -6826,7 +6826,7 @@ static int md_seq_open(struct inode *inode, struct file *file)
+@@ -6823,7 +6823,7 @@ static int md_seq_open(struct inode *inode, struct file *file)
  		return error;
  
  	seq = file->private_data;
@@ -37466,7 +37486,7 @@ index 1702133..f8faeb6 100644
  	return error;
  }
  
-@@ -6840,7 +6840,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait)
+@@ -6837,7 +6837,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait)
  	/* always allow read */
  	mask = POLLIN | POLLRDNORM;
  
@@ -37475,7 +37495,7 @@ index 1702133..f8faeb6 100644
  		mask |= POLLERR | POLLPRI;
  	return mask;
  }
-@@ -6884,7 +6884,7 @@ static int is_mddev_idle(struct mddev *mddev, int init)
+@@ -6881,7 +6881,7 @@ static int is_mddev_idle(struct mddev *mddev, int init)
  		struct gendisk *disk = rdev->bdev->bd_contains->bd_disk;
  		curr_events = (int)part_stat_read(&disk->part0, sectors[0]) +
  			      (int)part_stat_read(&disk->part0, sectors[1]) -
@@ -38722,10 +38742,10 @@ index a9ff89ff..461d313 100644
  	struct sm_sysfs_attribute *vendor_attribute;
  
 diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
-index fc07f90..c71767f 100644
+index b436b84..d3cecc5 100644
 --- a/drivers/net/bonding/bond_main.c
 +++ b/drivers/net/bonding/bond_main.c
-@@ -4795,7 +4795,7 @@ static int bond_get_tx_queues(struct net *net, struct nlattr *tb[],
+@@ -4796,7 +4796,7 @@ static int bond_get_tx_queues(struct net *net, struct nlattr *tb[],
  	return 0;
  }
  
@@ -38734,7 +38754,7 @@ index fc07f90..c71767f 100644
  	.kind		= "bond",
  	.priv_size	= sizeof(struct bonding),
  	.setup		= bond_setup,
-@@ -4911,8 +4911,8 @@ static void __exit bonding_exit(void)
+@@ -4921,8 +4921,8 @@ static void __exit bonding_exit(void)
  
  	bond_destroy_debugfs();
  
@@ -39255,7 +39275,7 @@ index 49b549f..13d648c 100644
  
  	mac->phydev = phydev;
 diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c
-index d812790..d1e0f1a 100644
+index f698183..d08df42 100644
 --- a/drivers/net/ethernet/realtek/r8169.c
 +++ b/drivers/net/ethernet/realtek/r8169.c
 @@ -704,17 +704,17 @@ struct rtl8169_private {
@@ -39424,6 +39444,19 @@ index 3ed983c..a1bb418 100644
  			break;
  		err = 0;
  		break;
+diff --git a/drivers/net/slip/slhc.c b/drivers/net/slip/slhc.c
+index 0a0a664..7e7deef 100644
+--- a/drivers/net/slip/slhc.c
++++ b/drivers/net/slip/slhc.c
+@@ -489,7 +489,7 @@ slhc_uncompress(struct slcompress *comp, unsigned char *icp, int isize)
+ 	register struct tcphdr *thp;
+ 	register struct iphdr *ip;
+ 	register struct cstate *cs;
+-	int len, hdrlen;
++	long len, hdrlen;
+ 	unsigned char *cp = icp;
+ 
+ 	/* We've got a compressed packet; read the change byte */
 diff --git a/drivers/net/tokenring/abyss.c b/drivers/net/tokenring/abyss.c
 index 515f122..41dd273 100644
 --- a/drivers/net/tokenring/abyss.c
@@ -41044,7 +41077,7 @@ index 023d17d..74ef35b 100644
  		init_data = &pdata->regulators[i];
  		priv->regulators[i] = regulator_register(
 diff --git a/drivers/rtc/rtc-cmos.c b/drivers/rtc/rtc-cmos.c
-index 05beb6c..6676a62 100644
+index e3eed18..155946b 100644
 --- a/drivers/rtc/rtc-cmos.c
 +++ b/drivers/rtc/rtc-cmos.c
 @@ -724,7 +724,9 @@ cmos_do_probe(struct device *dev, struct resource *ports, int rtc_irq)
@@ -42116,6 +42149,19 @@ index aec9311..ddc3103 100644
  			   const char *postfix,
  			   struct iio_chan_spec const *chan,
  			   ssize_t (*readfunc)(struct device *dev,
+diff --git a/drivers/staging/iio/ring_sw.c b/drivers/staging/iio/ring_sw.c
+index 66a34ad..65f6aea 100644
+--- a/drivers/staging/iio/ring_sw.c
++++ b/drivers/staging/iio/ring_sw.c
+@@ -173,7 +173,7 @@ static int iio_read_first_n_sw_rb(struct iio_buffer *r,
+ 
+ 	u8 *initial_read_p, *initial_write_p, *current_read_p, *end_read_p;
+ 	u8 *data;
+-	int ret, max_copied, bytes_to_rip, dead_offset;
++	long ret, max_copied, bytes_to_rip, dead_offset;
+ 
+ 	/* A userspace program has probably made an error if it tries to
+ 	 *  read something that is not a whole number of bpds.
 diff --git a/drivers/staging/octeon/ethernet-rx.c b/drivers/staging/octeon/ethernet-rx.c
 index 8b307b4..a97ac91 100644
 --- a/drivers/staging/octeon/ethernet-rx.c
@@ -42795,10 +42841,10 @@ index 8481aae..e1a589c 100644
  }
  EXPORT_SYMBOL_GPL(n_tty_inherit_ops);
 diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c
-index d19b879..aa288ec 100644
+index 4735928..e80860a 100644
 --- a/drivers/tty/pty.c
 +++ b/drivers/tty/pty.c
-@@ -772,8 +772,10 @@ static void __init unix98_pty_init(void)
+@@ -775,8 +775,10 @@ static void __init unix98_pty_init(void)
  	register_sysctl_table(pty_root_table);
  
  	/* Now create the /dev/ptmx special device */
@@ -42958,47 +43004,19 @@ index 43db715..82134aa 100644
  
  		if (get_user(c, buf))
 diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
-index 05085be..ca1e67e 100644
+index 3f35e42..9fed166 100644
 --- a/drivers/tty/tty_io.c
 +++ b/drivers/tty/tty_io.c
-@@ -940,6 +940,14 @@ void start_tty(struct tty_struct *tty)
- 
- EXPORT_SYMBOL(start_tty);
- 
-+static void tty_update_time(struct timespec *time)
-+{
-+	unsigned long sec = get_seconds();
-+	sec -= sec % 60;
-+	if ((long)(sec - time->tv_sec) > 0)
-+		time->tv_sec = sec;
-+}
-+
- /**
-  *	tty_read	-	read method for tty device files
-  *	@file: pointer to tty file
-@@ -976,8 +984,10 @@ static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
- 	else
- 		i = -EIO;
- 	tty_ldisc_deref(ld);
-+
- 	if (i > 0)
--		inode->i_atime = current_fs_time(inode->i_sb);
-+		tty_update_time(&inode->i_atime);
-+
- 	return i;
- }
- 
-@@ -1079,8 +1089,7 @@ static inline ssize_t do_tty_write(
+@@ -1089,7 +1089,7 @@ static inline ssize_t do_tty_write(
  		cond_resched();
  	}
  	if (written) {
--		struct inode *inode = file->f_path.dentry->d_inode;
--		inode->i_mtime = current_fs_time(inode->i_sb);
-+		tty_update_time(&file->f_path.dentry->d_inode->i_mtime);
+-               struct inode *inode = file->f_path.dentry->d_inode;
++		struct inode *inode = file->f_path.dentry->d_inode;
+ 		tty_update_time(&inode->i_mtime);
  		ret = written;
  	}
- out:
-@@ -3240,7 +3249,7 @@ EXPORT_SYMBOL_GPL(get_current_tty);
+@@ -3250,7 +3250,7 @@ EXPORT_SYMBOL_GPL(get_current_tty);
  
  void tty_default_fops(struct file_operations *fops)
  {
@@ -43658,7 +43676,7 @@ index e132157..516db70 100644
  		return rc;
  
 diff --git a/drivers/video/console/fbcon.c b/drivers/video/console/fbcon.c
-index 7a36dff..cbe139a 100644
+index 6b4fb5c..385e560 100644
 --- a/drivers/video/console/fbcon.c
 +++ b/drivers/video/console/fbcon.c
 @@ -450,7 +450,7 @@ static int __init fb_console_setup(char *this_opt)
@@ -43709,7 +43727,7 @@ index 5c3960d..15cf8fc 100644
  		goto out1;
  	}
 diff --git a/drivers/video/fbmem.c b/drivers/video/fbmem.c
-index babbb07..649d8d2 100644
+index 0a22808..130eafe 100644
 --- a/drivers/video/fbmem.c
 +++ b/drivers/video/fbmem.c
 @@ -428,7 +428,7 @@ static void fb_do_show_logo(struct fb_info *info, struct fb_image *image,
@@ -47117,7 +47135,7 @@ index 356dcf0..c0046cd 100644
  static const struct super_operations afs_super_ops = {
  	.statfs		= afs_statfs,
 diff --git a/fs/aio.c b/fs/aio.c
-index 3b65ee7..0e57d2e 100644
+index 8cdd8ea..64197b4 100644
 --- a/fs/aio.c
 +++ b/fs/aio.c
 @@ -119,7 +119,7 @@ static int aio_setup_ring(struct kioctx *ctx)
@@ -47383,7 +47401,7 @@ index a6395bd..f1e376a 100644
  		(unsigned long) create_aout_tables((char __user *) bprm->p, bprm);
  #ifdef __alpha__
 diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
-index 8dd615c..69bb24d 100644
+index 8dd615c..315240a 100644
 --- a/fs/binfmt_elf.c
 +++ b/fs/binfmt_elf.c
 @@ -32,6 +32,7 @@
@@ -47759,11 +47777,11 @@ index 8dd615c..69bb24d 100644
 +
 +#ifdef CONFIG_PAX_XATTR_PAX_FLAGS
 +	ssize_t xattr_size, i;
-+	unsigned char xattr_value[5];
++	unsigned char xattr_value[sizeof("pemrs") - 1];
 +	unsigned long pax_flags_hardmode = 0UL, pax_flags_softmode = 0UL;
 +
-+	xattr_size = vfs_getxattr(file->f_path.dentry, XATTR_NAME_PAX_FLAGS, xattr_value, sizeof xattr_value);
-+	if (xattr_size <= 0 || xattr_size > 5)
++	xattr_size = pax_getxattr(file->f_path.dentry, xattr_value, sizeof xattr_value);
++	if (xattr_size <= 0 || xattr_size > sizeof xattr_value)
 +		return ~0UL;
 +
 +	for (i = 0; i < xattr_size; i++)
@@ -48381,42 +48399,6 @@ index 8d4d53d..d0dec4c 100644
  		num_bytes = max(num_bytes, min_alloc_size);
  		do_chunk_alloc(trans, root->fs_info->extent_root,
  			       num_bytes, data, CHUNK_ALLOC_FORCE);
-diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
-index 1372634..3960bb0 100644
---- a/fs/btrfs/inode.c
-+++ b/fs/btrfs/inode.c
-@@ -17,6 +17,7 @@
-  */
- 
- #include <linux/kernel.h>
-+#include <linux/module.h>
- #include <linux/bio.h>
- #include <linux/buffer_head.h>
- #include <linux/file.h>
-@@ -6909,7 +6910,7 @@ fail:
- 	return -ENOMEM;
- }
- 
--static int btrfs_getattr(struct vfsmount *mnt,
-+int btrfs_getattr(struct vfsmount *mnt,
- 			 struct dentry *dentry, struct kstat *stat)
- {
- 	struct inode *inode = dentry->d_inode;
-@@ -6923,6 +6924,14 @@ static int btrfs_getattr(struct vfsmount *mnt,
- 	return 0;
- }
- 
-+EXPORT_SYMBOL(btrfs_getattr);
-+
-+dev_t get_btrfs_dev_from_inode(struct inode *inode)
-+{
-+	return BTRFS_I(inode)->root->anon_dev;
-+}
-+EXPORT_SYMBOL(get_btrfs_dev_from_inode);
-+
- /*
-  * If a file is moved, it will inherit the cow and compression flags of the new
-  * directory.
 diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
 index c04f02c..f5c9e2e 100644
 --- a/fs/btrfs/ioctl.c
@@ -49283,7 +49265,7 @@ index 739fb59..5385976 100644
  static int __init init_cramfs_fs(void)
  {
 diff --git a/fs/dcache.c b/fs/dcache.c
-index e923bf4..dcc8779 100644
+index d322929..ff57049 100644
 --- a/fs/dcache.c
 +++ b/fs/dcache.c
 @@ -103,11 +103,11 @@ static unsigned int d_hash_shift __read_mostly;
@@ -49302,7 +49284,7 @@ index e923bf4..dcc8779 100644
  	return dentry_hashtable + (hash & D_HASHMASK);
  }
  
-@@ -3055,7 +3055,7 @@ void __init vfs_caches_init(unsigned long mempages)
+@@ -3057,7 +3057,7 @@ void __init vfs_caches_init(unsigned long mempages)
  	mempages -= reserve;
  
  	names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0,
@@ -51943,7 +51925,7 @@ index 3f7a59b..cf196cc 100644
  
  	for (loop = 0; loop < pagevec->nr; loop++) {
 diff --git a/fs/fscache/stats.c b/fs/fscache/stats.c
-index 4765190..2a067f2 100644
+index 73c0bd7..adb2f79 100644
 --- a/fs/fscache/stats.c
 +++ b/fs/fscache/stats.c
 @@ -18,95 +18,95 @@
@@ -52716,7 +52698,7 @@ index f6d411e..e82a08d 100644
  					    next->d_inode->i_ino, 
  					    dt_type(next->d_inode)) < 0)
 diff --git a/fs/lockd/clntproc.c b/fs/lockd/clntproc.c
-index a3a0987..5e151c8 100644
+index 8392cb8..80d6193 100644
 --- a/fs/lockd/clntproc.c
 +++ b/fs/lockd/clntproc.c
 @@ -36,11 +36,11 @@ static const struct rpc_call_ops nlmclnt_cancel_ops;
@@ -53546,7 +53528,7 @@ index 1943898..396c460 100644
 -
  #endif /* CONFIG_NFS_V4 */
 diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
-index fe5c5fb6..638dac1 100644
+index 08921b8..e60b7da 100644
 --- a/fs/nfsd/nfs4proc.c
 +++ b/fs/nfsd/nfs4proc.c
 @@ -1037,7 +1037,7 @@ struct nfsd4_operation {
@@ -53559,10 +53541,10 @@ index fe5c5fb6..638dac1 100644
  static struct nfsd4_operation nfsd4_ops[];
  
 diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
-index 24afa96..a92d930 100644
+index ade5316..f1a6152 100644
 --- a/fs/nfsd/nfs4xdr.c
 +++ b/fs/nfsd/nfs4xdr.c
-@@ -1451,7 +1451,7 @@ nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p)
+@@ -1445,7 +1445,7 @@ nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p)
  
  typedef __be32(*nfsd4_dec)(struct nfsd4_compoundargs *argp, void *);
  
@@ -53571,7 +53553,7 @@ index 24afa96..a92d930 100644
  	[OP_ACCESS]		= (nfsd4_dec)nfsd4_decode_access,
  	[OP_CLOSE]		= (nfsd4_dec)nfsd4_decode_close,
  	[OP_COMMIT]		= (nfsd4_dec)nfsd4_decode_commit,
-@@ -1491,7 +1491,7 @@ static nfsd4_dec nfsd4_dec_ops[] = {
+@@ -1485,7 +1485,7 @@ static nfsd4_dec nfsd4_dec_ops[] = {
  	[OP_RELEASE_LOCKOWNER]	= (nfsd4_dec)nfsd4_decode_release_lockowner,
  };
  
@@ -53580,7 +53562,7 @@ index 24afa96..a92d930 100644
  	[OP_ACCESS]		= (nfsd4_dec)nfsd4_decode_access,
  	[OP_CLOSE]		= (nfsd4_dec)nfsd4_decode_close,
  	[OP_COMMIT]		= (nfsd4_dec)nfsd4_decode_commit,
-@@ -1553,7 +1553,7 @@ static nfsd4_dec nfsd41_dec_ops[] = {
+@@ -1547,7 +1547,7 @@ static nfsd4_dec nfsd41_dec_ops[] = {
  };
  
  struct nfsd4_minorversion_ops {
@@ -53590,10 +53572,16 @@ index 24afa96..a92d930 100644
  };
  
 diff --git a/fs/nfsd/nfscache.c b/fs/nfsd/nfscache.c
-index 2cbac34..6dc3889 100644
+index 2cbac34..06593b2 100644
 --- a/fs/nfsd/nfscache.c
 +++ b/fs/nfsd/nfscache.c
-@@ -264,8 +264,10 @@ nfsd_cache_update(struct svc_rqst *rqstp, int cachetype, __be32 *statp)
+@@ -259,13 +259,15 @@ nfsd_cache_update(struct svc_rqst *rqstp, int cachetype, __be32 *statp)
+ {
+ 	struct svc_cacherep *rp;
+ 	struct kvec	*resv = &rqstp->rq_res.head[0], *cachv;
+-	int		len;
++	long		len;
+ 
  	if (!(rp = rqstp->rq_cacherep) || cache_disabled)
  		return;
  
@@ -56184,7 +56172,7 @@ index a475983..3aab767 100644
  	if (!bb->vm_ops)
  		return -EINVAL;
 diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c
-index 3899e24..4d594a7 100644
+index e756bc4..b530332 100644
 --- a/fs/sysfs/dir.c
 +++ b/fs/sysfs/dir.c
 @@ -642,6 +642,18 @@ static int create_dir(struct kobject *kobj, struct sysfs_dirent *parent_sd,
@@ -56418,10 +56406,38 @@ index ba653f3..06ea4b1 100644
  	error = notify_change(path->dentry, &newattrs);
  	mutex_unlock(&inode->i_mutex);
 diff --git a/fs/xattr.c b/fs/xattr.c
-index 67583de..c5aad14 100644
+index 67583de..21dfff7 100644
 --- a/fs/xattr.c
 +++ b/fs/xattr.c
-@@ -315,7 +315,7 @@ EXPORT_SYMBOL_GPL(vfs_removexattr);
+@@ -225,6 +225,27 @@ int vfs_xattr_cmp(struct dentry *dentry, const char *xattr_name,
+ 	return rc;
+ }
+ 
++#ifdef CONFIG_PAX_XATTR_PAX_FLAGS
++ssize_t
++pax_getxattr(struct dentry *dentry, void *value, size_t size)
++{
++	struct inode *inode = dentry->d_inode;
++	ssize_t error;
++
++	error = inode_permission(inode, MAY_EXEC);
++	if (error)
++		return error;
++
++	if (inode->i_op->getxattr)
++		error = inode->i_op->getxattr(dentry, XATTR_NAME_PAX_FLAGS, value, size);
++	else
++		error = -EOPNOTSUPP;
++
++	return error;
++}
++EXPORT_SYMBOL(pax_getxattr);
++#endif
++
+ ssize_t
+ vfs_getxattr(struct dentry *dentry, const char *name, void *value, size_t size)
+ {
+@@ -315,7 +336,7 @@ EXPORT_SYMBOL_GPL(vfs_removexattr);
   * Extended attribute SET operations
   */
  static long
@@ -56430,7 +56446,7 @@ index 67583de..c5aad14 100644
  	 size_t size, int flags)
  {
  	int error;
-@@ -339,7 +339,13 @@ setxattr(struct dentry *d, const char __user *name, const void __user *value,
+@@ -339,7 +360,13 @@ setxattr(struct dentry *d, const char __user *name, const void __user *value,
  			return PTR_ERR(kvalue);
  	}
  
@@ -56445,7 +56461,7 @@ index 67583de..c5aad14 100644
  	kfree(kvalue);
  	return error;
  }
-@@ -356,7 +362,7 @@ SYSCALL_DEFINE5(setxattr, const char __user *, pathname,
+@@ -356,7 +383,7 @@ SYSCALL_DEFINE5(setxattr, const char __user *, pathname,
  		return error;
  	error = mnt_want_write(path.mnt);
  	if (!error) {
@@ -56454,7 +56470,7 @@ index 67583de..c5aad14 100644
  		mnt_drop_write(path.mnt);
  	}
  	path_put(&path);
-@@ -375,7 +381,7 @@ SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname,
+@@ -375,7 +402,7 @@ SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname,
  		return error;
  	error = mnt_want_write(path.mnt);
  	if (!error) {
@@ -56463,7 +56479,7 @@ index 67583de..c5aad14 100644
  		mnt_drop_write(path.mnt);
  	}
  	path_put(&path);
-@@ -386,17 +392,15 @@ SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name,
+@@ -386,17 +413,15 @@ SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name,
  		const void __user *,value, size_t, size, int, flags)
  {
  	struct file *f;
@@ -57666,10 +57682,10 @@ index 0000000..1b9afa9
 +endif
 diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c
 new file mode 100644
-index 0000000..5ce409b
+index 0000000..59ef60a
 --- /dev/null
 +++ b/grsecurity/gracl.c
-@@ -0,0 +1,4216 @@
+@@ -0,0 +1,4218 @@
 +#include <linux/kernel.h>
 +#include <linux/module.h>
 +#include <linux/sched.h>
@@ -57696,6 +57712,13 @@ index 0000000..5ce409b
 +#include <linux/fdtable.h>
 +#include <linux/percpu.h>
 +#include <linux/posix-timers.h>
++#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE)
++#include <linux/magic.h>
++#include <linux/pagemap.h>
++#include "../fs/btrfs/async-thread.h"
++#include "../fs/btrfs/ctree.h"
++#include "../fs/btrfs/btrfs_inode.h"
++#endif
 +
 +#include <asm/uaccess.h>
 +#include <asm/errno.h>
@@ -57772,19 +57795,14 @@ index 0000000..5ce409b
 +	return (gr_status & GR_READY);
 +}
 +
-+#ifdef CONFIG_BTRFS_FS
-+extern dev_t get_btrfs_dev_from_inode(struct inode *inode);
-+extern int btrfs_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat);
-+#endif
-+
 +static inline dev_t __get_dev(const struct dentry *dentry)
 +{
-+#ifdef CONFIG_BTRFS_FS
-+	if (dentry->d_inode->i_op && dentry->d_inode->i_op->getattr == &btrfs_getattr)
-+		return get_btrfs_dev_from_inode(dentry->d_inode);
++#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE)
++	if (dentry->d_sb->s_magic == BTRFS_SUPER_MAGIC)
++		return BTRFS_I(dentry->d_inode)->root->anon_dev;
 +	else
 +#endif
-+		return dentry->d_inode->i_sb->s_dev;
++		return dentry->d_sb->s_dev;
 +}
 +
 +dev_t gr_get_dev_from_dentry(struct dentry *dentry)
@@ -63223,10 +63241,10 @@ index 0000000..39645c9
 +}
 diff --git a/grsecurity/gracl_segv.c b/grsecurity/gracl_segv.c
 new file mode 100644
-index 0000000..466c527
+index 0000000..42b6af4
 --- /dev/null
 +++ b/grsecurity/gracl_segv.c
-@@ -0,0 +1,299 @@
+@@ -0,0 +1,301 @@
 +#include <linux/kernel.h>
 +#include <linux/mm.h>
 +#include <asm/uaccess.h>
@@ -63244,6 +63262,13 @@ index 0000000..466c527
 +#include <linux/gracl.h>
 +#include <linux/grsecurity.h>
 +#include <linux/grinternal.h>
++#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE)
++#include <linux/magic.h>
++#include <linux/pagemap.h>
++#include "../fs/btrfs/async-thread.h"
++#include "../fs/btrfs/ctree.h"
++#include "../fs/btrfs/btrfs_inode.h"
++#endif
 +
 +static struct crash_uid *uid_set;
 +static unsigned short uid_used;
@@ -63253,19 +63278,14 @@ index 0000000..466c527
 +	lookup_acl_subj_label(const ino_t inode, const dev_t dev,
 +			      struct acl_role_label *role);
 +
-+#ifdef CONFIG_BTRFS_FS
-+extern dev_t get_btrfs_dev_from_inode(struct inode *inode);
-+extern int btrfs_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat);
-+#endif
-+
 +static inline dev_t __get_dev(const struct dentry *dentry)
 +{
-+#ifdef CONFIG_BTRFS_FS
-+	if (dentry->d_inode->i_op && dentry->d_inode->i_op->getattr == &btrfs_getattr)
-+		return get_btrfs_dev_from_inode(dentry->d_inode);
++#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE)
++	if (dentry->d_sb->s_magic == BTRFS_SUPER_MAGIC)
++		return BTRFS_I(dentry->d_inode)->root->anon_dev;
 +	else
 +#endif
-+		return dentry->d_inode->i_sb->s_dev;
++		return dentry->d_sb->s_dev;
 +}
 +
 +int
@@ -63958,7 +63978,7 @@ index 0000000..8124c0d
 +}
 diff --git a/grsecurity/grsec_disabled.c b/grsecurity/grsec_disabled.c
 new file mode 100644
-index 0000000..b79fe50
+index 0000000..ac90ba1
 --- /dev/null
 +++ b/grsecurity/grsec_disabled.c
 @@ -0,0 +1,442 @@
@@ -64390,7 +64410,7 @@ index 0000000..b79fe50
 +
 +dev_t gr_get_dev_from_dentry(struct dentry *dentry)
 +{
-+	return dentry->d_inode->i_sb->s_dev;
++	return dentry->d_sb->s_dev;
 +}
 +
 +void gr_put_exec_file(struct task_struct *task)
@@ -69932,7 +69952,7 @@ index 3797270..7765ede 100644
  struct mca_bus {
  	u64			default_dma_mask;
 diff --git a/include/linux/mm.h b/include/linux/mm.h
-index 4baadd1..b5b424e 100644
+index d0493f6..ce3ea0b 100644
 --- a/include/linux/mm.h
 +++ b/include/linux/mm.h
 @@ -115,7 +115,14 @@ extern unsigned int kobjsize(const void *objp);
@@ -70137,7 +70157,7 @@ index 4baadd1..b5b424e 100644
  struct vm_area_struct *find_extend_vma(struct mm_struct *, unsigned long addr);
  int remap_pfn_range(struct vm_area_struct *, unsigned long addr,
  			unsigned long pfn, unsigned long size, pgprot_t);
-@@ -1534,6 +1545,12 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long);
+@@ -1536,6 +1547,12 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long);
  static inline void vm_stat_account(struct mm_struct *mm,
  			unsigned long flags, struct file *file, long pages)
  {
@@ -70150,7 +70170,7 @@ index 4baadd1..b5b424e 100644
  }
  #endif /* CONFIG_PROC_FS */
  
-@@ -1614,7 +1631,7 @@ extern int unpoison_memory(unsigned long pfn);
+@@ -1616,7 +1633,7 @@ extern int unpoison_memory(unsigned long pfn);
  extern int sysctl_memory_failure_early_kill;
  extern int sysctl_memory_failure_recovery;
  extern void shake_page(struct page *p, int access);
@@ -70159,7 +70179,7 @@ index 4baadd1..b5b424e 100644
  extern int soft_offline_page(struct page *page, int flags);
  
  extern void dump_page(struct page *page);
-@@ -1628,5 +1645,11 @@ extern void copy_user_huge_page(struct page *dst, struct page *src,
+@@ -1630,5 +1647,11 @@ extern void copy_user_huge_page(struct page *dst, struct page *src,
  				unsigned int pages_per_huge_page);
  #endif /* CONFIG_TRANSPARENT_HUGEPAGE || CONFIG_HUGETLBFS */
  
@@ -70511,7 +70531,7 @@ index b299230..4915063 100644
  struct iovec;
  struct kvec;
 diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
-index 00ca32b..60cc3a6 100644
+index 8c43fd1..782342e 100644
 --- a/include/linux/netdevice.h
 +++ b/include/linux/netdevice.h
 @@ -949,6 +949,7 @@ struct net_device_ops {
@@ -70665,7 +70685,7 @@ index 45fc162..01a4068 100644
  /**
   * struct hotplug_slot_info - used to notify the hotplug pci core of the state of the slot
 diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h
-index 9b9b2aa..6a25301 100644
+index 9b9b2aa..22f09dc 100644
 --- a/include/linux/perf_event.h
 +++ b/include/linux/perf_event.h
 @@ -748,8 +748,8 @@ struct perf_event {
@@ -70690,6 +70710,36 @@ index 9b9b2aa..6a25301 100644
  
  	/*
  	 * Protect attach/detach and child_list:
+@@ -1101,7 +1101,7 @@ static inline void perf_callchain_store(struct perf_callchain_entry *entry, u64
+ 		entry->ip[entry->nr++] = ip;
+ }
+ 
+-extern int sysctl_perf_event_paranoid;
++extern int sysctl_perf_event_legitimately_concerned;
+ extern int sysctl_perf_event_mlock;
+ extern int sysctl_perf_event_sample_rate;
+ 
+@@ -1111,17 +1111,17 @@ extern int perf_proc_update_handler(struct ctl_table *table, int write,
+ 
+ static inline bool perf_paranoid_tracepoint_raw(void)
+ {
+-	return sysctl_perf_event_paranoid > -1;
++	return sysctl_perf_event_legitimately_concerned > -1;
+ }
+ 
+ static inline bool perf_paranoid_cpu(void)
+ {
+-	return sysctl_perf_event_paranoid > 0;
++	return sysctl_perf_event_legitimately_concerned > 0;
+ }
+ 
+ static inline bool perf_paranoid_kernel(void)
+ {
+-	return sysctl_perf_event_paranoid > 1;
++	return sysctl_perf_event_legitimately_concerned > 1;
+ }
+ 
+ extern void perf_event_init(void);
 @@ -1199,7 +1199,7 @@ static inline void perf_restore_debug_store(void)			{ }
   */
  #define perf_cpu_notifier(fn)						\
@@ -71427,7 +71477,7 @@ index 92808b8..c28cac4 100644
  
  /* shm_mode upper byte flags */
 diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
-index da65890..987de29 100644
+index efe50af..0d0b145 100644
 --- a/include/linux/skbuff.h
 +++ b/include/linux/skbuff.h
 @@ -538,7 +538,7 @@ extern void consume_skb(struct sk_buff *skb);
@@ -71493,7 +71543,7 @@ index da65890..987de29 100644
 +#endif
  }
  
- /* Note: This doesn't put any conntrack and bridge info in dst. */
+ static inline void nf_reset_trace(struct sk_buff *skb)
 diff --git a/include/linux/slab.h b/include/linux/slab.h
 index 573c809..59fadfb 100644
 --- a/include/linux/slab.h
@@ -72430,7 +72480,7 @@ index 65efb92..137adbb 100644
  
  static inline void __dec_zone_page_state(struct page *page,
 diff --git a/include/linux/xattr.h b/include/linux/xattr.h
-index e5d1220..7ed3f9c 100644
+index e5d1220..5a87d07 100644
 --- a/include/linux/xattr.h
 +++ b/include/linux/xattr.h
 @@ -57,6 +57,11 @@
@@ -72454,6 +72504,16 @@ index e5d1220..7ed3f9c 100644
  
  struct xattr {
  	char *name;
+@@ -82,6 +87,9 @@ struct xattr {
+ };
+ 
+ ssize_t xattr_getsecurity(struct inode *, const char *, void *, size_t);
++#ifdef CONFIG_PAX_XATTR_PAX_FLAGS
++ssize_t pax_getxattr(struct dentry *, void *, size_t);
++#endif
+ ssize_t vfs_getxattr(struct dentry *, const char *, void *, size_t);
+ ssize_t vfs_listxattr(struct dentry *d, char *list, size_t size);
+ int __vfs_setxattr_noperm(struct dentry *, const char *, const void *, size_t, int);
 diff --git a/include/linux/zlib.h b/include/linux/zlib.h
 index 9c5a6b4..09c9438 100644
 --- a/include/linux/zlib.h
@@ -73655,7 +73715,7 @@ index 2531811..040d4d4 100644
  	next_state = Reset;
  	return 0;
 diff --git a/init/main.c b/init/main.c
-index 5d0eb1d..b462edb 100644
+index 5d0eb1d..19ff85b 100644
 --- a/init/main.c
 +++ b/init/main.c
 @@ -96,6 +96,8 @@ static inline void mark_rodata_ro(void) { }
@@ -73667,7 +73727,7 @@ index 5d0eb1d..b462edb 100644
  /*
   * Debug helper: via this flag we know that we are in 'early bootup code'
   * where only the boot processor is running with IRQ disabled.  This means
-@@ -149,6 +151,61 @@ static int __init set_reset_devices(char *str)
+@@ -149,6 +151,64 @@ static int __init set_reset_devices(char *str)
  
  __setup("reset_devices", set_reset_devices);
  
@@ -73682,6 +73742,8 @@ index 5d0eb1d..b462edb 100644
 +#endif
 +
 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
++unsigned long pax_user_shadow_base __read_only = 1UL << TASK_SIZE_MAX_SHIFT;
++EXPORT_SYMBOL(pax_user_shadow_base);
 +extern char pax_enter_kernel_user[];
 +extern char pax_exit_kernel_user[];
 +extern pgdval_t clone_pgd_mask;
@@ -73708,6 +73770,7 @@ index 5d0eb1d..b462edb 100644
 +	memcpy(pax_enter_kernel_user, (unsigned char []){0xc3}, 1);
 +	memcpy(pax_exit_kernel_user, (unsigned char []){0xc3}, 1);
 +	clone_pgd_mask = ~(pgdval_t)0UL;
++	pax_user_shadow_base = 0UL;
 +#endif
 +
 +	return 0;
@@ -73729,7 +73792,7 @@ index 5d0eb1d..b462edb 100644
  static const char * argv_init[MAX_INIT_ARGS+2] = { "init", NULL, };
  const char * envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, };
  static const char *panic_later, *panic_param;
-@@ -678,6 +735,7 @@ int __init_or_module do_one_initcall(initcall_t fn)
+@@ -678,6 +738,7 @@ int __init_or_module do_one_initcall(initcall_t fn)
  {
  	int count = preempt_count();
  	int ret;
@@ -73737,7 +73800,7 @@ index 5d0eb1d..b462edb 100644
  
  	if (initcall_debug)
  		ret = do_one_initcall_debug(fn);
-@@ -690,15 +748,15 @@ int __init_or_module do_one_initcall(initcall_t fn)
+@@ -690,15 +751,15 @@ int __init_or_module do_one_initcall(initcall_t fn)
  		sprintf(msgbuf, "error code %d ", ret);
  
  	if (preempt_count() != count) {
@@ -73757,7 +73820,7 @@ index 5d0eb1d..b462edb 100644
  	}
  
  	return ret;
-@@ -711,8 +769,14 @@ static void __init do_initcalls(void)
+@@ -711,8 +772,14 @@ static void __init do_initcalls(void)
  {
  	initcall_t *fn;
  
@@ -73773,7 +73836,7 @@ index 5d0eb1d..b462edb 100644
  }
  
  /*
-@@ -738,8 +802,14 @@ static void __init do_pre_smp_initcalls(void)
+@@ -738,8 +805,14 @@ static void __init do_pre_smp_initcalls(void)
  {
  	initcall_t *fn;
  
@@ -73789,7 +73852,7 @@ index 5d0eb1d..b462edb 100644
  }
  
  static void run_init_process(const char *init_filename)
-@@ -821,7 +891,7 @@ static int __init kernel_init(void * unused)
+@@ -821,7 +894,7 @@ static int __init kernel_init(void * unused)
  	do_basic_setup();
  
  	/* Open the /dev/console on the rootfs, this should never fail */
@@ -73798,7 +73861,7 @@ index 5d0eb1d..b462edb 100644
  		printk(KERN_WARNING "Warning: unable to open an initial console.\n");
  
  	(void) sys_dup(0);
-@@ -834,11 +904,13 @@ static int __init kernel_init(void * unused)
+@@ -834,11 +907,13 @@ static int __init kernel_init(void * unused)
  	if (!ramdisk_execute_command)
  		ramdisk_execute_command = "/init";
  
@@ -73958,7 +74021,7 @@ index 5215a81..cfc0cac 100644
  	sem_params.flg = semflg;
  	sem_params.u.nsems = nsems;
 diff --git a/ipc/shm.c b/ipc/shm.c
-index b76be5b..859e750 100644
+index 326a20b..62e6b7e 100644
 --- a/ipc/shm.c
 +++ b/ipc/shm.c
 @@ -69,6 +69,14 @@ static void shm_destroy (struct ipc_namespace *ns, struct shmid_kernel *shp);
@@ -74218,7 +74281,7 @@ index b463871..59495fd 100644
   * nsown_capable - Check superior capability to one's own user_ns
   * @cap: The capability in question
 diff --git a/kernel/cgroup.c b/kernel/cgroup.c
-index c0739f8..262bc6f 100644
+index d2a01fe..493cba0 100644
 --- a/kernel/cgroup.c
 +++ b/kernel/cgroup.c
 @@ -5153,7 +5153,7 @@ static int cgroup_css_links_read(struct cgroup *cont,
@@ -74639,10 +74702,23 @@ index 63786e7..0780cac 100644
  #ifdef CONFIG_MODULE_UNLOAD
  		{
 diff --git a/kernel/events/core.c b/kernel/events/core.c
-index 7d1f05e..66d5a8e 100644
+index 9f21915..08e25b4 100644
 --- a/kernel/events/core.c
 +++ b/kernel/events/core.c
-@@ -173,7 +173,7 @@ int perf_proc_update_handler(struct ctl_table *table, int write,
+@@ -146,7 +146,11 @@ static struct srcu_struct pmus_srcu;
+  *   1 - disallow cpu events for unpriv
+  *   2 - disallow kernel profiling for unpriv
+  */
+-int sysctl_perf_event_paranoid __read_mostly = 1;
++#ifdef CONFIG_GRKERNSEC_HIDESYM
++int sysctl_perf_event_legitimately_concerned __read_mostly = 2;
++#else
++int sysctl_perf_event_legitimately_concerned __read_mostly = 1;
++#endif
+ 
+ /* Minimum for 512 kiB + 1 user control page */
+ int sysctl_perf_event_mlock __read_mostly = 512 + (PAGE_SIZE / 1024); /* 'free' kiB per user */
+@@ -173,7 +177,7 @@ int perf_proc_update_handler(struct ctl_table *table, int write,
  	return 0;
  }
  
@@ -74651,7 +74727,7 @@ index 7d1f05e..66d5a8e 100644
  
  static void cpu_ctx_sched_out(struct perf_cpu_context *cpuctx,
  			      enum event_type_t event_type);
-@@ -2540,7 +2540,7 @@ static void __perf_event_read(void *info)
+@@ -2540,7 +2544,7 @@ static void __perf_event_read(void *info)
  
  static inline u64 perf_event_count(struct perf_event *event)
  {
@@ -74660,7 +74736,7 @@ index 7d1f05e..66d5a8e 100644
  }
  
  static u64 perf_event_read(struct perf_event *event)
-@@ -3071,9 +3071,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running)
+@@ -3071,9 +3075,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running)
  	mutex_lock(&event->child_mutex);
  	total += perf_event_read(event);
  	*enabled += event->total_time_enabled +
@@ -74672,7 +74748,7 @@ index 7d1f05e..66d5a8e 100644
  
  	list_for_each_entry(child, &event->child_list, child_list) {
  		total += perf_event_read(child);
-@@ -3482,10 +3482,10 @@ void perf_event_update_userpage(struct perf_event *event)
+@@ -3482,10 +3486,10 @@ void perf_event_update_userpage(struct perf_event *event)
  		userpg->offset -= local64_read(&event->hw.prev_count);
  
  	userpg->time_enabled = enabled +
@@ -74685,7 +74761,7 @@ index 7d1f05e..66d5a8e 100644
  
  	barrier();
  	++userpg->lock;
-@@ -3914,11 +3914,11 @@ static void perf_output_read_one(struct perf_output_handle *handle,
+@@ -3914,11 +3918,11 @@ static void perf_output_read_one(struct perf_output_handle *handle,
  	values[n++] = perf_event_count(event);
  	if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) {
  		values[n++] = enabled +
@@ -74699,7 +74775,7 @@ index 7d1f05e..66d5a8e 100644
  	}
  	if (read_format & PERF_FORMAT_ID)
  		values[n++] = primary_event_id(event);
-@@ -4569,12 +4569,12 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event)
+@@ -4569,12 +4573,12 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event)
  		 * need to add enough zero bytes after the string to handle
  		 * the 64bit alignment we do later.
  		 */
@@ -74714,7 +74790,7 @@ index 7d1f05e..66d5a8e 100644
  		if (IS_ERR(name)) {
  			name = strncpy(tmp, "//toolong", sizeof(tmp));
  			goto got_name;
-@@ -5930,7 +5930,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu,
+@@ -5931,7 +5935,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu,
  	event->parent		= parent_event;
  
  	event->ns		= get_pid_ns(current->nsproxy->pid_ns);
@@ -74723,7 +74799,7 @@ index 7d1f05e..66d5a8e 100644
  
  	event->state		= PERF_EVENT_STATE_INACTIVE;
  
-@@ -6450,10 +6450,10 @@ static void sync_child_event(struct perf_event *child_event,
+@@ -6451,10 +6455,10 @@ static void sync_child_event(struct perf_event *child_event,
  	/*
  	 * Add back the child's count to the parent's count:
  	 */
@@ -75239,10 +75315,10 @@ index 9b22d03..6295b62 100644
  				prev->next = info->next;
  			else
 diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c
-index e4cee8d..f31f503 100644
+index 60f7e32..76ccd96 100644
 --- a/kernel/hrtimer.c
 +++ b/kernel/hrtimer.c
-@@ -1408,7 +1408,7 @@ void hrtimer_peek_ahead_timers(void)
+@@ -1414,7 +1414,7 @@ void hrtimer_peek_ahead_timers(void)
  	local_irq_restore(flags);
  }
  
@@ -75251,7 +75327,7 @@ index e4cee8d..f31f503 100644
  {
  	struct hrtimer_cpu_base *cpu_base = &__get_cpu_var(hrtimer_bases);
  
-@@ -1750,7 +1750,7 @@ static int __cpuinit hrtimer_cpu_notify(struct notifier_block *self,
+@@ -1756,7 +1756,7 @@ static int __cpuinit hrtimer_cpu_notify(struct notifier_block *self,
  	return NOTIFY_OK;
  }
  
@@ -78363,7 +78439,7 @@ index be5fa8b..bb69d33 100644
  				break;
  			}
 diff --git a/kernel/sysctl.c b/kernel/sysctl.c
-index ea7ec7f..3ead220 100644
+index ea7ec7f..b1c7c88 100644
 --- a/kernel/sysctl.c
 +++ b/kernel/sysctl.c
 @@ -86,6 +86,13 @@
@@ -78488,6 +78564,17 @@ index ea7ec7f..3ead220 100644
  	{
  		.procname	= "ngroups_max",
  		.data		= &ngroups_max,
+@@ -957,8 +1002,8 @@ static struct ctl_table kern_table[] = {
+ 	 */
+ 	{
+ 		.procname	= "perf_event_paranoid",
+-		.data		= &sysctl_perf_event_paranoid,
+-		.maxlen		= sizeof(sysctl_perf_event_paranoid),
++		.data		= &sysctl_perf_event_legitimately_concerned,
++		.maxlen		= sizeof(sysctl_perf_event_legitimately_concerned),
+ 		.mode		= 0644,
+ 		.proc_handler	= proc_dointvec,
+ 	},
 @@ -1216,6 +1261,13 @@ static struct ctl_table vm_table[] = {
  		.proc_handler	= proc_dointvec_minmax,
  		.extra1		= &zero,
@@ -78824,10 +78911,10 @@ index 8a46f5d..bbe6f9c 100644
  		.clock_get	= alarm_clock_get,
  		.timer_create	= alarm_timer_create,
 diff --git a/kernel/time/tick-broadcast.c b/kernel/time/tick-broadcast.c
-index cd068b2..b2067ab 100644
+index c3509fb..ebec319 100644
 --- a/kernel/time/tick-broadcast.c
 +++ b/kernel/time/tick-broadcast.c
-@@ -116,7 +116,7 @@ int tick_device_uses_broadcast(struct clock_event_device *dev, int cpu)
+@@ -120,7 +120,7 @@ int tick_device_uses_broadcast(struct clock_event_device *dev, int cpu)
  		 * then clear the broadcast bit.
  		 */
  		if (!(dev->features & CLOCK_EVT_FEAT_C3STOP)) {
@@ -79038,7 +79125,7 @@ index 16fc34a..efd8bb8 100644
  	ret = -EIO;
  	bt->dropped_file = debugfs_create_file("dropped", 0444, dir, bt,
 diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
-index 5527211..04dce85 100644
+index 24b3759..e460d0b 100644
 --- a/kernel/trace/ftrace.c
 +++ b/kernel/trace/ftrace.c
 @@ -1586,12 +1586,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec)
@@ -79070,7 +79157,7 @@ index 5527211..04dce85 100644
  {
  	struct ftrace_func_probe *entry;
  	struct ftrace_page *pg;
-@@ -3981,8 +3986,6 @@ ftrace_enable_sysctl(struct ctl_table *table, int write,
+@@ -3982,8 +3987,6 @@ ftrace_enable_sysctl(struct ctl_table *table, int write,
  #ifdef CONFIG_FUNCTION_GRAPH_TRACER
  
  static int ftrace_graph_active;
@@ -79079,7 +79166,7 @@ index 5527211..04dce85 100644
  int ftrace_graph_entry_stub(struct ftrace_graph_ent *trace)
  {
  	return 0;
-@@ -4126,6 +4129,10 @@ ftrace_suspend_notifier_call(struct notifier_block *bl, unsigned long state,
+@@ -4127,6 +4130,10 @@ ftrace_suspend_notifier_call(struct notifier_block *bl, unsigned long state,
  	return NOTIFY_DONE;
  }
  
@@ -79090,7 +79177,7 @@ index 5527211..04dce85 100644
  int register_ftrace_graph(trace_func_graph_ret_t retfunc,
  			trace_func_graph_ent_t entryfunc)
  {
-@@ -4139,7 +4146,6 @@ int register_ftrace_graph(trace_func_graph_ret_t retfunc,
+@@ -4140,7 +4147,6 @@ int register_ftrace_graph(trace_func_graph_ret_t retfunc,
  		goto out;
  	}
  
@@ -79371,7 +79458,7 @@ index 6fdc629..55739fe 100644
  		*data_page = bpage;
  
 diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
-index 17edb14..8cc9713 100644
+index 0ec6c34..8670e8b 100644
 --- a/kernel/trace/trace.c
 +++ b/kernel/trace/trace.c
 @@ -2645,7 +2645,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set)
@@ -79585,15 +79672,15 @@ index 1dcf253..e1568b3 100644
  	key = event->type & (EVENT_HASHSIZE - 1);
  
 diff --git a/kernel/trace/trace_stack.c b/kernel/trace/trace_stack.c
-index 77575b3..6e623d1 100644
+index c5b20a3..6b38c73 100644
 --- a/kernel/trace/trace_stack.c
 +++ b/kernel/trace/trace_stack.c
-@@ -50,7 +50,7 @@ static inline void check_stack(void)
+@@ -66,7 +66,7 @@ check_stack(unsigned long ip, unsigned long *stack)
  		return;
  
  	/* we do not handle interrupt stacks yet */
--	if (!object_is_on_stack(&this_size))
-+	if (!object_starts_on_stack(&this_size))
+-	if (!object_is_on_stack(stack))
++	if (!object_starts_on_stack(stack))
  		return;
  
  	local_irq_save(flags);
@@ -80775,7 +80862,7 @@ index 1b03878..d62c02b 100644
  	/* keep elevated page count for bad page */
  	return ret;
 diff --git a/mm/memory.c b/mm/memory.c
-index 4f2add1..6af39ff 100644
+index d5f913b..6f403ad 100644
 --- a/mm/memory.c
 +++ b/mm/memory.c
 @@ -462,8 +462,12 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud,
@@ -80902,7 +80989,7 @@ index 4f2add1..6af39ff 100644
  
  	if (addr < vma->vm_start || addr >= vma->vm_end)
  		return -EFAULT;
-@@ -2353,7 +2366,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud,
+@@ -2400,7 +2413,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud,
  
  	BUG_ON(pud_huge(*pud));
  
@@ -80913,7 +81000,7 @@ index 4f2add1..6af39ff 100644
  	if (!pmd)
  		return -ENOMEM;
  	do {
-@@ -2373,7 +2388,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd,
+@@ -2420,7 +2435,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd,
  	unsigned long next;
  	int err;
  
@@ -80924,7 +81011,7 @@ index 4f2add1..6af39ff 100644
  	if (!pud)
  		return -ENOMEM;
  	do {
-@@ -2461,6 +2478,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo
+@@ -2508,6 +2525,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo
  		copy_user_highpage(dst, src, va, vma);
  }
  
@@ -81111,7 +81198,7 @@ index 4f2add1..6af39ff 100644
  /*
   * This routine handles present pages, when users try to write
   * to a shared page. It is done by copying the page to a new address
-@@ -2672,6 +2869,12 @@ gotten:
+@@ -2719,6 +2916,12 @@ gotten:
  	 */
  	page_table = pte_offset_map_lock(mm, pmd, address, &ptl);
  	if (likely(pte_same(*page_table, orig_pte))) {
@@ -81124,7 +81211,7 @@ index 4f2add1..6af39ff 100644
  		if (old_page) {
  			if (!PageAnon(old_page)) {
  				dec_mm_counter_fast(mm, MM_FILEPAGES);
-@@ -2723,6 +2926,10 @@ gotten:
+@@ -2770,6 +2973,10 @@ gotten:
  			page_remove_rmap(old_page);
  		}
  
@@ -81135,7 +81222,7 @@ index 4f2add1..6af39ff 100644
  		/* Free the old page.. */
  		new_page = old_page;
  		ret |= VM_FAULT_WRITE;
-@@ -3002,6 +3209,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3049,6 +3256,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
  	swap_free(entry);
  	if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page))
  		try_to_free_swap(page);
@@ -81147,7 +81234,7 @@ index 4f2add1..6af39ff 100644
  	unlock_page(page);
  	if (swapcache) {
  		/*
-@@ -3025,6 +3237,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3072,6 +3284,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
  
  	/* No need to invalidate - it was non-present before */
  	update_mmu_cache(vma, address, page_table);
@@ -81159,7 +81246,7 @@ index 4f2add1..6af39ff 100644
  unlock:
  	pte_unmap_unlock(page_table, ptl);
  out:
-@@ -3044,40 +3261,6 @@ out_release:
+@@ -3091,40 +3308,6 @@ out_release:
  }
  
  /*
@@ -81200,7 +81287,7 @@ index 4f2add1..6af39ff 100644
   * We enter with non-exclusive mmap_sem (to exclude vma changes,
   * but allow concurrent faults), and pte mapped but not yet locked.
   * We return with mmap_sem still held, but pte unmapped and unlocked.
-@@ -3086,27 +3269,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3133,27 +3316,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
  		unsigned long address, pte_t *page_table, pmd_t *pmd,
  		unsigned int flags)
  {
@@ -81233,7 +81320,7 @@ index 4f2add1..6af39ff 100644
  	if (unlikely(anon_vma_prepare(vma)))
  		goto oom;
  	page = alloc_zeroed_user_highpage_movable(vma, address);
-@@ -3125,6 +3304,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3172,6 +3351,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
  	if (!pte_none(*page_table))
  		goto release;
  
@@ -81245,7 +81332,7 @@ index 4f2add1..6af39ff 100644
  	inc_mm_counter_fast(mm, MM_ANONPAGES);
  	page_add_new_anon_rmap(page, vma, address);
  setpte:
-@@ -3132,6 +3316,12 @@ setpte:
+@@ -3179,6 +3363,12 @@ setpte:
  
  	/* No need to invalidate - it was non-present before */
  	update_mmu_cache(vma, address, page_table);
@@ -81258,7 +81345,7 @@ index 4f2add1..6af39ff 100644
  unlock:
  	pte_unmap_unlock(page_table, ptl);
  	return 0;
-@@ -3275,6 +3465,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3322,6 +3512,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
  	 */
  	/* Only go through if we didn't race with anybody else... */
  	if (likely(pte_same(*page_table, orig_pte))) {
@@ -81271,7 +81358,7 @@ index 4f2add1..6af39ff 100644
  		flush_icache_page(vma, page);
  		entry = mk_pte(page, vma->vm_page_prot);
  		if (flags & FAULT_FLAG_WRITE)
-@@ -3294,6 +3490,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3341,6 +3537,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
  
  		/* no need to invalidate: a not-present page won't be cached */
  		update_mmu_cache(vma, address, page_table);
@@ -81286,7 +81373,7 @@ index 4f2add1..6af39ff 100644
  	} else {
  		if (cow_page)
  			mem_cgroup_uncharge_page(cow_page);
-@@ -3447,6 +3651,12 @@ int handle_pte_fault(struct mm_struct *mm,
+@@ -3494,6 +3698,12 @@ int handle_pte_fault(struct mm_struct *mm,
  		if (flags & FAULT_FLAG_WRITE)
  			flush_tlb_fix_spurious_fault(vma, address);
  	}
@@ -81299,7 +81386,7 @@ index 4f2add1..6af39ff 100644
  unlock:
  	pte_unmap_unlock(pte, ptl);
  	return 0;
-@@ -3463,6 +3673,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3510,6 +3720,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
  	pmd_t *pmd;
  	pte_t *pte;
  
@@ -81310,7 +81397,7 @@ index 4f2add1..6af39ff 100644
  	__set_current_state(TASK_RUNNING);
  
  	count_vm_event(PGFAULT);
-@@ -3474,6 +3688,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3521,6 +3735,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
  	if (unlikely(is_vm_hugetlb_page(vma)))
  		return hugetlb_fault(mm, vma, address, flags);
  
@@ -81345,7 +81432,7 @@ index 4f2add1..6af39ff 100644
  retry:
  	pgd = pgd_offset(mm, address);
  	pud = pud_alloc(mm, pgd, address);
-@@ -3515,7 +3757,7 @@ retry:
+@@ -3562,7 +3804,7 @@ retry:
  	 * run pte_offset_map on the pmd, if an huge pmd could
  	 * materialize from under us from a different thread.
  	 */
@@ -81354,7 +81441,7 @@ index 4f2add1..6af39ff 100644
  		return VM_FAULT_OOM;
  	/* if an huge pmd materialized from under us just retry later */
  	if (unlikely(pmd_trans_huge(*pmd)))
-@@ -3552,6 +3794,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
+@@ -3599,6 +3841,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
  	spin_unlock(&mm->page_table_lock);
  	return 0;
  }
@@ -81378,7 +81465,7 @@ index 4f2add1..6af39ff 100644
  #endif /* __PAGETABLE_PUD_FOLDED */
  
  #ifndef __PAGETABLE_PMD_FOLDED
-@@ -3582,11 +3841,35 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address)
+@@ -3629,11 +3888,35 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address)
  	spin_unlock(&mm->page_table_lock);
  	return 0;
  }
@@ -81416,7 +81503,7 @@ index 4f2add1..6af39ff 100644
  	struct vm_area_struct * vma;
  
  	vma = find_vma(current->mm, addr);
-@@ -3619,7 +3902,7 @@ static int __init gate_vma_init(void)
+@@ -3666,7 +3949,7 @@ static int __init gate_vma_init(void)
  	gate_vma.vm_start = FIXADDR_USER_START;
  	gate_vma.vm_end = FIXADDR_USER_END;
  	gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC;
@@ -81425,7 +81512,7 @@ index 4f2add1..6af39ff 100644
  	/*
  	 * Make sure the vDSO gets into every core dump.
  	 * Dumping its contents makes post-mortem fully interpretable later
-@@ -3759,8 +4042,8 @@ out:
+@@ -3806,8 +4089,8 @@ out:
  	return ret;
  }
  
@@ -81436,7 +81523,7 @@ index 4f2add1..6af39ff 100644
  {
  	resource_size_t phys_addr;
  	unsigned long prot = 0;
-@@ -3785,8 +4068,8 @@ int generic_access_phys(struct vm_area_struct *vma, unsigned long addr,
+@@ -3832,8 +4115,8 @@ int generic_access_phys(struct vm_area_struct *vma, unsigned long addr,
   * Access another process' address space as given in mm.  If non-NULL, use the
   * given task for page fault accounting.
   */
@@ -81447,7 +81534,7 @@ index 4f2add1..6af39ff 100644
  {
  	struct vm_area_struct *vma;
  	void *old_buf = buf;
-@@ -3794,7 +4077,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
+@@ -3841,7 +4124,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
  	down_read(&mm->mmap_sem);
  	/* ignore errors, just check how much was successfully transferred */
  	while (len) {
@@ -81456,7 +81543,7 @@ index 4f2add1..6af39ff 100644
  		void *maddr;
  		struct page *page = NULL;
  
-@@ -3853,8 +4136,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
+@@ -3900,8 +4183,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
   *
   * The caller must hold a reference on @mm.
   */
@@ -81467,7 +81554,7 @@ index 4f2add1..6af39ff 100644
  {
  	return __access_remote_vm(NULL, mm, addr, buf, len, write);
  }
-@@ -3864,11 +4147,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr,
+@@ -3911,11 +4194,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr,
   * Source/target buffer must be kernel space,
   * Do not walk the page table directly, use get_user_pages
   */
@@ -85616,10 +85703,10 @@ index 158887a..1b70c49 100644
  			err = -EFAULT;
  			break;
 diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
-index 14c4864..77ff888 100644
+index 82ce164..00bd057 100644
 --- a/net/bluetooth/rfcomm/sock.c
 +++ b/net/bluetooth/rfcomm/sock.c
-@@ -684,7 +684,7 @@ static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, c
+@@ -685,7 +685,7 @@ static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, c
  	struct sock *sk = sock->sk;
  	struct bt_security sec;
  	int err = 0;
@@ -85628,7 +85715,7 @@ index 14c4864..77ff888 100644
  	u32 opt;
  
  	BT_DBG("sk %p", sk);
-@@ -706,7 +706,7 @@ static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, c
+@@ -707,7 +707,7 @@ static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, c
  
  		sec.level = BT_SECURITY_LOW;
  
@@ -85682,7 +85769,7 @@ index 5864cc4..6ddb362 100644
  			break;
  		}
 diff --git a/net/caif/caif_socket.c b/net/caif/caif_socket.c
-index a986280..13444a1 100644
+index 53a8e37..45c033e 100644
 --- a/net/caif/caif_socket.c
 +++ b/net/caif/caif_socket.c
 @@ -48,19 +48,20 @@ static struct dentry *debugfsdir;
@@ -85787,7 +85874,7 @@ index a986280..13444a1 100644
  			set_rx_flow_on(cf_sk);
  			caif_flow_ctrl(sk, CAIF_MODEMCMD_FLOW_ON_REQ);
  	}
-@@ -854,7 +855,7 @@ static int caif_connect(struct socket *sock, struct sockaddr *uaddr,
+@@ -856,7 +857,7 @@ static int caif_connect(struct socket *sock, struct sockaddr *uaddr,
  	/*ifindex = id of the interface.*/
  	cf_sk->conn_req.ifindex = cf_sk->sk.sk_bound_dev_if;
  
@@ -85796,7 +85883,7 @@ index a986280..13444a1 100644
  	cf_sk->layer.receive = caif_sktrecv_cb;
  
  	err = caif_connect_client(sock_net(sk), &cf_sk->conn_req,
-@@ -943,7 +944,7 @@ static int caif_release(struct socket *sock)
+@@ -945,7 +946,7 @@ static int caif_release(struct socket *sock)
  	spin_unlock_bh(&sk->sk_receive_queue.lock);
  	sock->sk = NULL;
  
@@ -85805,7 +85892,7 @@ index a986280..13444a1 100644
  
  	WARN_ON(IS_ERR(cf_sk->debugfs_socket_dir));
  	if (cf_sk->debugfs_socket_dir != NULL)
-@@ -1122,7 +1123,7 @@ static int caif_create(struct net *net, struct socket *sock, int protocol,
+@@ -1124,7 +1125,7 @@ static int caif_create(struct net *net, struct socket *sock, int protocol,
  	cf_sk->conn_req.protocol = protocol;
  	/* Increase the number of sockets created. */
  	dbfs_atomic_inc(&cnt.caif_nr_socks);
@@ -86129,7 +86216,7 @@ index 68bbf9f..5ef0d12 100644
  
  	return err;
 diff --git a/net/core/dev.c b/net/core/dev.c
-index 720aea0..966cb89 100644
+index 8e455b8..0e05f5f 100644
 --- a/net/core/dev.c
 +++ b/net/core/dev.c
 @@ -1142,10 +1142,14 @@ void dev_load(struct net *net, const char *name)
@@ -86165,7 +86252,7 @@ index 720aea0..966cb89 100644
  		kfree_skb(skb);
  		return NET_RX_DROP;
  	}
-@@ -2046,7 +2050,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb)
+@@ -2047,7 +2051,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb)
  
  struct dev_gso_cb {
  	void (*destructor)(struct sk_buff *skb);
@@ -86174,7 +86261,7 @@ index 720aea0..966cb89 100644
  
  #define DEV_GSO_CB(skb) ((struct dev_gso_cb *)(skb)->cb)
  
-@@ -2966,7 +2970,7 @@ enqueue:
+@@ -2967,7 +2971,7 @@ enqueue:
  
  	local_irq_restore(flags);
  
@@ -86183,7 +86270,7 @@ index 720aea0..966cb89 100644
  	kfree_skb(skb);
  	return NET_RX_DROP;
  }
-@@ -3040,7 +3044,7 @@ int netif_rx_ni(struct sk_buff *skb)
+@@ -3041,7 +3045,7 @@ int netif_rx_ni(struct sk_buff *skb)
  }
  EXPORT_SYMBOL(netif_rx_ni);
  
@@ -86192,7 +86279,7 @@ index 720aea0..966cb89 100644
  {
  	struct softnet_data *sd = &__get_cpu_var(softnet_data);
  
-@@ -3339,7 +3343,7 @@ ncls:
+@@ -3340,7 +3344,7 @@ ncls:
  	if (pt_prev) {
  		ret = pt_prev->func(skb, skb->dev, pt_prev, orig_dev);
  	} else {
@@ -86201,7 +86288,7 @@ index 720aea0..966cb89 100644
  		kfree_skb(skb);
  		/* Jamal, now you will not able to escape explaining
  		 * me how you were going to use this. :-)
-@@ -3904,7 +3908,7 @@ void netif_napi_del(struct napi_struct *napi)
+@@ -3905,7 +3909,7 @@ void netif_napi_del(struct napi_struct *napi)
  }
  EXPORT_SYMBOL(netif_napi_del);
  
@@ -86210,7 +86297,7 @@ index 720aea0..966cb89 100644
  {
  	struct softnet_data *sd = &__get_cpu_var(softnet_data);
  	unsigned long time_limit = jiffies + 2;
-@@ -4374,8 +4378,13 @@ static int ptype_seq_show(struct seq_file *seq, void *v)
+@@ -4375,8 +4379,13 @@ static int ptype_seq_show(struct seq_file *seq, void *v)
  		else
  			seq_printf(seq, "%04x", ntohs(pt->type));
  
@@ -86224,7 +86311,7 @@ index 720aea0..966cb89 100644
  	}
  
  	return 0;
-@@ -4437,7 +4446,7 @@ static void __net_exit dev_proc_net_exit(struct net *net)
+@@ -4438,7 +4447,7 @@ static void __net_exit dev_proc_net_exit(struct net *net)
  	proc_net_remove(net, "dev");
  }
  
@@ -86233,7 +86320,7 @@ index 720aea0..966cb89 100644
  	.init = dev_proc_net_init,
  	.exit = dev_proc_net_exit,
  };
-@@ -5932,7 +5941,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
+@@ -5933,7 +5942,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
  	} else {
  		netdev_stats_to_stats64(storage, &dev->stats);
  	}
@@ -86242,7 +86329,7 @@ index 720aea0..966cb89 100644
  	return storage;
  }
  EXPORT_SYMBOL(dev_get_stats);
-@@ -6511,7 +6520,7 @@ static void __net_exit netdev_exit(struct net *net)
+@@ -6512,7 +6521,7 @@ static void __net_exit netdev_exit(struct net *net)
  	kfree(net->dev_index_head);
  }
  
@@ -86251,7 +86338,7 @@ index 720aea0..966cb89 100644
  	.init = netdev_init,
  	.exit = netdev_exit,
  };
-@@ -6573,7 +6582,7 @@ static void __net_exit default_device_exit_batch(struct list_head *net_list)
+@@ -6574,7 +6583,7 @@ static void __net_exit default_device_exit_batch(struct list_head *net_list)
  	rtnl_unlock();
  }
  
@@ -86261,7 +86348,7 @@ index 720aea0..966cb89 100644
  	.exit_batch = default_device_exit_batch,
  };
 diff --git a/net/core/dev_addr_lists.c b/net/core/dev_addr_lists.c
-index 0387da0..dbfe3a0 100644
+index cd09414..d070f83 100644
 --- a/net/core/dev_addr_lists.c
 +++ b/net/core/dev_addr_lists.c
 @@ -723,7 +723,7 @@ static void __net_exit dev_mc_net_exit(struct net *net)
@@ -86389,7 +86476,7 @@ index dd00b71..74d1779 100644
  	return error;
  }
 diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
-index 3b5e680..ecb9676 100644
+index 5b7d5f2..ecb9676 100644
 --- a/net/core/rtnetlink.c
 +++ b/net/core/rtnetlink.c
 @@ -57,7 +57,7 @@ struct rtnl_link {
@@ -86427,24 +86514,6 @@ index 3b5e680..ecb9676 100644
  }
  EXPORT_SYMBOL_GPL(__rtnl_link_unregister);
  
-@@ -1064,7 +1067,7 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
- 	rcu_read_lock();
- 	cb->seq = net->dev_base_seq;
- 
--	if (nlmsg_parse(cb->nlh, sizeof(struct rtgenmsg), tb, IFLA_MAX,
-+	if (nlmsg_parse(cb->nlh, sizeof(struct ifinfomsg), tb, IFLA_MAX,
- 			ifla_policy) >= 0) {
- 
- 		if (tb[IFLA_EXT_MASK])
-@@ -1907,7 +1910,7 @@ static u16 rtnl_calcit(struct sk_buff *skb, struct nlmsghdr *nlh)
- 	u32 ext_filter_mask = 0;
- 	u16 min_ifinfo_dump_size = 0;
- 
--	if (nlmsg_parse(nlh, sizeof(struct rtgenmsg), tb, IFLA_MAX,
-+	if (nlmsg_parse(nlh, sizeof(struct ifinfomsg), tb, IFLA_MAX,
- 			ifla_policy) >= 0) {
- 		if (tb[IFLA_EXT_MASK])
- 			ext_filter_mask = nla_get_u32(tb[IFLA_EXT_MASK]);
 diff --git a/net/core/scm.c b/net/core/scm.c
 index ff52ad0..aff1c0f 100644
 --- a/net/core/scm.c
@@ -86912,31 +86981,6 @@ index e41c40f..fbed7a7 100644
  	.init = devinet_init_net,
  	.exit = devinet_exit_net,
  };
-diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
-index 530787b..238fc3b 100644
---- a/net/ipv4/esp4.c
-+++ b/net/ipv4/esp4.c
-@@ -137,8 +137,6 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
- 
- 	/* skb is pure payload to encrypt */
- 
--	err = -ENOMEM;
--
- 	esp = x->data;
- 	aead = esp->aead;
- 	alen = crypto_aead_authsize(aead);
-@@ -174,8 +172,10 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
- 	}
- 
- 	tmp = esp_alloc_tmp(aead, nfrags + sglists, seqhilen);
--	if (!tmp)
-+	if (!tmp) {
-+		err = -ENOMEM;
- 		goto error;
-+	}
- 
- 	seqhi = esp_tmp_seqhi(tmp);
- 	iv = esp_tmp_iv(aead, tmp, seqhilen);
 diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
 index 92fc5f6..b790d91 100644
 --- a/net/ipv4/fib_frontend.c
@@ -87114,10 +87158,10 @@ index 86f13c67..59a35b5 100644
  					secure_ip_id(daddr->addr.a4) :
  					secure_ipv6_id(daddr->addr.a6));
 diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
-index b2cfe83..e1fa733 100644
+index 8f441b2..a56d38e 100644
 --- a/net/ipv4/ip_fragment.c
 +++ b/net/ipv4/ip_fragment.c
-@@ -316,7 +316,7 @@ static inline int ip_frag_too_far(struct ipq *qp)
+@@ -315,7 +315,7 @@ static inline int ip_frag_too_far(struct ipq *qp)
  		return 0;
  
  	start = qp->rid;
@@ -87126,7 +87170,7 @@ index b2cfe83..e1fa733 100644
  	qp->rid = end;
  
  	rc = qp->q.fragments && (end - start) > max;
-@@ -766,21 +766,21 @@ static struct ctl_table ip4_frags_ctl_table[] = {
+@@ -773,21 +773,21 @@ static struct ctl_table ip4_frags_ctl_table[] = {
  
  static int __net_init ip4_frags_ns_ctl_register(struct net *net)
  {
@@ -87153,7 +87197,7 @@ index b2cfe83..e1fa733 100644
  	if (hdr == NULL)
  		goto err_reg;
  
-@@ -788,8 +788,7 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net)
+@@ -795,8 +795,7 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net)
  	return 0;
  
  err_reg:
@@ -87565,21 +87609,6 @@ index 94cdbc5..01d3a77 100644
  	.init = rt_genid_init,
  };
  
-diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c
-index 769c0e9..8a1bed2 100644
---- a/net/ipv4/syncookies.c
-+++ b/net/ipv4/syncookies.c
-@@ -347,8 +347,8 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
- 	 * hasn't changed since we received the original syn, but I see
- 	 * no easy way to do this.
- 	 */
--	flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk),
--			   RT_SCOPE_UNIVERSE, IPPROTO_TCP,
-+	flowi4_init_output(&fl4, sk->sk_bound_dev_if, sk->sk_mark,
-+			   RT_CONN_FLAGS(sk), RT_SCOPE_UNIVERSE, IPPROTO_TCP,
- 			   inet_sk_flowi_flags(sk),
- 			   (opt && opt->srr) ? opt->faddr : ireq->rmt_addr,
- 			   ireq->loc_addr, th->source, th->dest);
 diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
 index 5485077..7e37374 100644
 --- a/net/ipv4/sysctl_net_ipv4.c
@@ -87701,10 +87730,10 @@ index 5485077..7e37374 100644
  	hdr = register_sysctl_paths(net_ipv4_ctl_path, ipv4_table);
  	if (hdr == NULL)
 diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
-index 3124e17..a5dd7e1 100644
+index 872b41d..54a02f1 100644
 --- a/net/ipv4/tcp_input.c
 +++ b/net/ipv4/tcp_input.c
-@@ -4729,7 +4729,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb,
+@@ -4736,7 +4736,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb,
   * simplifies code)
   */
  static void
@@ -87713,7 +87742,7 @@ index 3124e17..a5dd7e1 100644
  	     struct sk_buff *head, struct sk_buff *tail,
  	     u32 start, u32 end)
  {
-@@ -5544,6 +5544,9 @@ slow_path:
+@@ -5551,6 +5551,9 @@ slow_path:
  	if (len < (th->doff << 2) || tcp_checksum_complete_user(sk, skb))
  		goto csum_error;
  
@@ -87723,16 +87752,17 @@ index 3124e17..a5dd7e1 100644
  	/*
  	 *	Standard slow path.
  	 */
-@@ -5552,7 +5555,7 @@ slow_path:
+@@ -5559,8 +5562,7 @@ slow_path:
  		return 0;
  
  step5:
--	if (th->ack && tcp_ack(sk, skb, FLAG_SLOWPATH) < 0)
-+	if (tcp_ack(sk, skb, FLAG_SLOWPATH) < 0)
+-	if (th->ack &&
+-	    tcp_ack(sk, skb, FLAG_SLOWPATH | FLAG_UPDATE_TS_RECENT) < 0)
++	if (tcp_ack(sk, skb, FLAG_SLOWPATH | FLAG_UPDATE_TS_RECENT) < 0)
  		goto discard;
  
- 	/* ts_recent update must be made after we are sure that the packet
-@@ -5788,6 +5791,7 @@ discard:
+ 	tcp_rcv_rtt_measure_ts(sk, skb);
+@@ -5791,6 +5793,7 @@ discard:
  	    tcp_paws_reject(&tp->rx_opt, 0))
  		goto discard_and_undo;
  
@@ -87740,7 +87770,7 @@ index 3124e17..a5dd7e1 100644
  	if (th->syn) {
  		/* We see SYN without ACK. It is attempt of
  		 * simultaneous connect with crossed SYNs.
-@@ -5836,6 +5840,7 @@ discard:
+@@ -5839,6 +5842,7 @@ discard:
  		goto discard;
  #endif
  	}
@@ -87748,7 +87778,7 @@ index 3124e17..a5dd7e1 100644
  	/* "fifth, if neither of the SYN or RST bits is set then
  	 * drop the segment and return."
  	 */
-@@ -5879,7 +5884,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
+@@ -5882,7 +5886,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
  			goto discard;
  
  		if (th->syn) {
@@ -87757,7 +87787,7 @@ index 3124e17..a5dd7e1 100644
  				goto discard;
  			if (icsk->icsk_af_ops->conn_request(sk, skb) < 0)
  				return 1;
-@@ -5918,11 +5923,14 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
+@@ -5921,11 +5925,14 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
  		return 0;
  	}
  
@@ -87770,10 +87800,10 @@ index 3124e17..a5dd7e1 100644
  	/* step 5: check the ACK field */
 -	if (th->ack) {
 +	if (true) {
- 		int acceptable = tcp_ack(sk, skb, FLAG_SLOWPATH) > 0;
+ 		int acceptable = tcp_ack(sk, skb, FLAG_SLOWPATH |
+ 						  FLAG_UPDATE_TS_RECENT) > 0;
  
- 		switch (sk->sk_state) {
-@@ -6027,8 +6035,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
+@@ -6031,8 +6038,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
  			}
  			break;
  		}
@@ -87781,8 +87811,8 @@ index 3124e17..a5dd7e1 100644
 -		goto discard;
 +	}
  
- 	/* ts_recent update must be made after we are sure that the packet
- 	 * is in window.
+ 	/* step 6: check the URG bit */
+ 	tcp_urg(sk, skb, th);
 diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
 index a97c9ad..640d986 100644
 --- a/net/ipv4/tcp_ipv4.c
@@ -88076,7 +88106,7 @@ index 5a65eea..bd913a1 100644
  
  int udp4_seq_show(struct seq_file *seq, void *v)
 diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
-index 8589c2d..ca17f68 100644
+index d84033b..a15645a 100644
 --- a/net/ipv6/addrconf.c
 +++ b/net/ipv6/addrconf.c
 @@ -2151,7 +2151,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg)
@@ -88301,10 +88331,10 @@ index 6e6c2c4..942cebf 100644
  
  static int raw6_seq_show(struct seq_file *seq, void *v)
 diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c
-index 2b0a4ca..40ad0d9 100644
+index 411fe2c..cdea3e4 100644
 --- a/net/ipv6/reassembly.c
 +++ b/net/ipv6/reassembly.c
-@@ -637,21 +637,21 @@ static struct ctl_table ip6_frags_ctl_table[] = {
+@@ -646,21 +646,21 @@ static struct ctl_table ip6_frags_ctl_table[] = {
  
  static int __net_init ip6_frags_ns_sysctl_register(struct net *net)
  {
@@ -88331,7 +88361,7 @@ index 2b0a4ca..40ad0d9 100644
  	if (hdr == NULL)
  		goto err_reg;
  
-@@ -659,8 +659,7 @@ static int __net_init ip6_frags_ns_sysctl_register(struct net *net)
+@@ -668,8 +668,7 @@ static int __net_init ip6_frags_ns_sysctl_register(struct net *net)
  	return 0;
  
  err_reg:
@@ -88695,7 +88725,7 @@ index 32e3bb0..a4e5eb8 100644
  	}
  
 diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c
-index cf98d62..7bf2972 100644
+index e836140..f8ec098 100644
 --- a/net/iucv/af_iucv.c
 +++ b/net/iucv/af_iucv.c
 @@ -786,10 +786,10 @@ static int iucv_sock_autobind(struct sock *sk)
@@ -89523,7 +89553,7 @@ index 874f8ff..339bb58 100644
  		}
  	}
 diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c
-index f156382..95ce7ba 100644
+index 3df7c5a..8f324b0 100644
 --- a/net/netrom/af_netrom.c
 +++ b/net/netrom/af_netrom.c
 @@ -839,6 +839,7 @@ static int nr_getname(struct socket *sock, struct sockaddr *uaddr,
@@ -90130,19 +90160,6 @@ index 7635107..4670276 100644
  	_proto("Tx RESPONSE %%%u", ntohl(hdr->serial));
  
  	ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 3, len);
-diff --git a/net/sctp/auth.c b/net/sctp/auth.c
-index bf81204..333926d 100644
---- a/net/sctp/auth.c
-+++ b/net/sctp/auth.c
-@@ -71,7 +71,7 @@ void sctp_auth_key_put(struct sctp_auth_bytes *key)
- 		return;
- 
- 	if (atomic_dec_and_test(&key->refcnt)) {
--		kfree(key);
-+		kzfree(key);
- 		SCTP_DBG_OBJCNT_DEC(keys);
- 	}
- }
 diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
 index 8104278..300d89d 100644
 --- a/net/sctp/ipv6.c
@@ -91035,7 +91052,7 @@ index e728d4c..dffdddf 100644
  	if (!res)
  		eth_started = 1;
 diff --git a/net/tipc/link.c b/net/tipc/link.c
-index ae98a72..7bb6056 100644
+index ae98a72..22f4de0 100644
 --- a/net/tipc/link.c
 +++ b/net/tipc/link.c
 @@ -1203,7 +1203,7 @@ static int link_send_sections_long(struct tipc_port *sender,
@@ -91065,6 +91082,38 @@ index ae98a72..7bb6056 100644
  		sect_crs += sz;
  		sect_rest -= sz;
  		fragm_crs += sz;
+@@ -2367,8 +2367,11 @@ static int link_recv_changeover_msg(struct link **l_ptr,
+ 	struct tipc_msg *tunnel_msg = buf_msg(tunnel_buf);
+ 	u32 msg_typ = msg_type(tunnel_msg);
+ 	u32 msg_count = msg_msgcnt(tunnel_msg);
++	u32 bearer_id = msg_bearer_id(tunnel_msg);
+ 
+-	dest_link = (*l_ptr)->owner->links[msg_bearer_id(tunnel_msg)];
++	if (bearer_id >= MAX_BEARERS)
++		goto exit;
++	dest_link = (*l_ptr)->owner->links[bearer_id];
+ 	if (!dest_link)
+ 		goto exit;
+ 	if (dest_link == *l_ptr) {
+@@ -2601,14 +2604,16 @@ int tipc_link_recv_fragment(struct sk_buff **pending, struct sk_buff **fb,
+ 		struct tipc_msg *imsg = (struct tipc_msg *)msg_data(fragm);
+ 		u32 msg_sz = msg_size(imsg);
+ 		u32 fragm_sz = msg_data_sz(fragm);
+-		u32 exp_fragm_cnt = msg_sz/fragm_sz + !!(msg_sz % fragm_sz);
++		u32 exp_fragm_cnt;
+ 		u32 max =  TIPC_MAX_USER_MSG_SIZE + NAMED_H_SIZE;
++
+ 		if (msg_type(imsg) == TIPC_MCAST_MSG)
+ 			max = TIPC_MAX_USER_MSG_SIZE + MCAST_H_SIZE;
+-		if (msg_size(imsg) > max) {
++		if (fragm_sz == 0 || msg_size(imsg) > max) {
+ 			buf_discard(fbuf);
+ 			return 0;
+ 		}
++		exp_fragm_cnt = msg_sz / fragm_sz + !!(msg_sz % fragm_sz);
+ 		pbuf = tipc_buf_acquire(msg_size(imsg));
+ 		if (pbuf != NULL) {
+ 			pbuf->next = *pending;
 diff --git a/net/tipc/msg.c b/net/tipc/msg.c
 index 83d5096..dcba497 100644
 --- a/net/tipc/msg.c
@@ -91092,7 +91141,7 @@ index 1983717..4d6102c 100644
  
  	sub->evt.event = htohl(event, sub->swap);
 diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
-index 18978b6..911c6c1 100644
+index 5611563..911c6c1 100644
 --- a/net/unix/af_unix.c
 +++ b/net/unix/af_unix.c
 @@ -766,6 +766,12 @@ static struct sock *unix_find_other(struct net *net,
@@ -91141,15 +91190,6 @@ index 18978b6..911c6c1 100644
  		mutex_unlock(&path.dentry->d_inode->i_mutex);
  		dput(path.dentry);
  		path.dentry = dentry;
-@@ -1956,7 +1976,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
- 			if ((UNIXCB(skb).pid  != siocb->scm->pid) ||
- 			    (UNIXCB(skb).cred != siocb->scm->cred))
- 				break;
--		} else {
-+		} else if (test_bit(SOCK_PASSCRED, &sock->flags)) {
- 			/* Copy credentials */
- 			scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred);
- 			check_creds = 1;
 @@ -2260,9 +2280,13 @@ static int unix_seq_show(struct seq_file *seq, void *v)
  		seq_puts(seq, "Num       RefCount Protocol Flags    Type St "
  			 "Inode Path\n");
@@ -93454,7 +93494,7 @@ index 91cdf943..4085161 100644
  	if (err < 0)
  		return err;
 diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c
-index 7ada40e..8c53bfe 100644
+index 638600b..2e6b1fd 100644
 --- a/sound/core/pcm_native.c
 +++ b/sound/core/pcm_native.c
 @@ -2788,11 +2788,11 @@ int snd_pcm_kernel_ioctl(struct snd_pcm_substream *substream,
@@ -93807,7 +93847,7 @@ index ee15337..ab0ec34 100644
  
  	if (playback)
 diff --git a/sound/usb/card.h b/sound/usb/card.h
-index 665e297..ed6b31c 100644
+index 2b7559c..3a42a04 100644
 --- a/sound/usb/card.h
 +++ b/sound/usb/card.h
 @@ -44,6 +44,7 @@ struct snd_urb_ops {
@@ -93818,7 +93858,7 @@ index 665e297..ed6b31c 100644
  
  struct snd_usb_substream {
  	struct snd_usb_stream *stream;
-@@ -94,7 +95,7 @@ struct snd_usb_substream {
+@@ -95,7 +96,7 @@ struct snd_usb_substream {
  	struct snd_pcm_hw_constraint_list rate_list;	/* limited rates */
  	spinlock_t lock;
  
diff --git a/3.2.44/4425_grsec_remove_EI_PAX.patch b/3.2.45/4425_grsec_remove_EI_PAX.patch
index 7d06ac2..7d06ac2 100644
--- a/3.2.44/4425_grsec_remove_EI_PAX.patch
+++ b/3.2.45/4425_grsec_remove_EI_PAX.patch
diff --git a/3.2.44/4430_grsec-remove-localversion-grsec.patch b/3.2.45/4430_grsec-remove-localversion-grsec.patch
index 31cf878..31cf878 100644
--- a/3.2.44/4430_grsec-remove-localversion-grsec.patch
+++ b/3.2.45/4430_grsec-remove-localversion-grsec.patch
diff --git a/3.2.44/4435_grsec-mute-warnings.patch b/3.2.45/4435_grsec-mute-warnings.patch
index f099757..f099757 100644
--- a/3.2.44/4435_grsec-mute-warnings.patch
+++ b/3.2.45/4435_grsec-mute-warnings.patch
diff --git a/3.2.44/4440_grsec-remove-protected-paths.patch b/3.2.45/4440_grsec-remove-protected-paths.patch
index 637934a..637934a 100644
--- a/3.2.44/4440_grsec-remove-protected-paths.patch
+++ b/3.2.45/4440_grsec-remove-protected-paths.patch
diff --git a/3.8.12/4450_grsec-kconfig-default-gids.patch b/3.2.45/4450_grsec-kconfig-default-gids.patch
index 7c20c40..6f5b79b 100644
--- a/3.8.12/4450_grsec-kconfig-default-gids.patch
+++ b/3.2.45/4450_grsec-kconfig-default-gids.patch
@@ -16,7 +16,7 @@ from shooting themselves in the foot.
 diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
 --- a/grsecurity/Kconfig	2012-10-13 09:51:35.000000000 -0400
 +++ b/grsecurity/Kconfig	2012-10-13 09:52:32.000000000 -0400
-@@ -578,7 +578,7 @@
+@@ -588,7 +588,7 @@
  config GRKERNSEC_AUDIT_GID
  	int "GID for auditing"
  	depends on GRKERNSEC_AUDIT_GROUP
@@ -25,7 +25,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
  
  config GRKERNSEC_EXECLOG
  	bool "Exec logging"
-@@ -798,7 +798,7 @@
+@@ -808,7 +808,7 @@
  config GRKERNSEC_TPE_UNTRUSTED_GID
  	int "GID for TPE-untrusted users"
  	depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT
@@ -34,7 +34,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
  	help
  	  Setting this GID determines what group TPE restrictions will be
  	  *enabled* for.  If the sysctl option is enabled, a sysctl option
-@@ -807,7 +807,7 @@
+@@ -817,7 +817,7 @@
  config GRKERNSEC_TPE_TRUSTED_GID
  	int "GID for TPE-trusted users"
  	depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT
@@ -43,7 +43,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
  	help
  	  Setting this GID determines what group TPE restrictions will be
  	  *disabled* for.  If the sysctl option is enabled, a sysctl option
-@@ -900,7 +900,7 @@
+@@ -910,7 +910,7 @@
  config GRKERNSEC_SOCKET_ALL_GID
  	int "GID to deny all sockets for"
  	depends on GRKERNSEC_SOCKET_ALL
@@ -52,7 +52,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
  	help
  	  Here you can choose the GID to disable socket access for. Remember to
  	  add the users you want socket access disabled for to the GID
-@@ -921,7 +921,7 @@
+@@ -931,7 +931,7 @@
  config GRKERNSEC_SOCKET_CLIENT_GID
  	int "GID to deny client sockets for"
  	depends on GRKERNSEC_SOCKET_CLIENT
@@ -61,7 +61,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
  	help
  	  Here you can choose the GID to disable client socket access for.
  	  Remember to add the users you want client socket access disabled for to
-@@ -939,7 +939,7 @@
+@@ -949,7 +949,7 @@
  config GRKERNSEC_SOCKET_SERVER_GID
  	int "GID to deny server sockets for"
  	depends on GRKERNSEC_SOCKET_SERVER
diff --git a/3.2.44/4465_selinux-avc_audit-log-curr_ip.patch b/3.2.45/4465_selinux-avc_audit-log-curr_ip.patch
index 70cc565..47a5787 100644
--- a/3.2.44/4465_selinux-avc_audit-log-curr_ip.patch
+++ b/3.2.45/4465_selinux-avc_audit-log-curr_ip.patch
@@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org>
 diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
 --- a/grsecurity/Kconfig	2011-04-17 19:25:54.000000000 -0400
 +++ b/grsecurity/Kconfig	2011-04-17 19:32:53.000000000 -0400
-@@ -998,6 +998,27 @@
+@@ -1008,6 +1008,27 @@
  menu "Logging Options"
  depends on GRKERNSEC
  
diff --git a/3.2.44/4470_disable-compat_vdso.patch b/3.2.45/4470_disable-compat_vdso.patch
index 99c691b..99c691b 100644
--- a/3.2.44/4470_disable-compat_vdso.patch
+++ b/3.2.45/4470_disable-compat_vdso.patch
diff --git a/3.8.12/1010_linux-3.8.11.patch b/3.8.12/1010_linux-3.8.11.patch
deleted file mode 100644
index 244c734..0000000
--- a/3.8.12/1010_linux-3.8.11.patch
+++ /dev/null
@@ -1,1556 +0,0 @@
-diff --git a/Makefile b/Makefile
-index e2b10b9..7e4eee5 100644
---- a/Makefile
-+++ b/Makefile
-@@ -1,6 +1,6 @@
- VERSION = 3
- PATCHLEVEL = 8
--SUBLEVEL = 10
-+SUBLEVEL = 11
- EXTRAVERSION =
- NAME = Displaced Humerus Anterior
- 
-diff --git a/arch/arm/include/asm/hardware/iop3xx.h b/arch/arm/include/asm/hardware/iop3xx.h
-index 02fe2fb..ed94b1a 100644
---- a/arch/arm/include/asm/hardware/iop3xx.h
-+++ b/arch/arm/include/asm/hardware/iop3xx.h
-@@ -37,7 +37,7 @@ extern int iop3xx_get_init_atu(void);
-  * IOP3XX processor registers
-  */
- #define IOP3XX_PERIPHERAL_PHYS_BASE	0xffffe000
--#define IOP3XX_PERIPHERAL_VIRT_BASE	0xfeffe000
-+#define IOP3XX_PERIPHERAL_VIRT_BASE	0xfedfe000
- #define IOP3XX_PERIPHERAL_SIZE		0x00002000
- #define IOP3XX_PERIPHERAL_UPPER_PA (IOP3XX_PERIPHERAL_PHYS_BASE +\
- 					IOP3XX_PERIPHERAL_SIZE - 1)
-diff --git a/arch/arm/kernel/sched_clock.c b/arch/arm/kernel/sched_clock.c
-index bd6f56b..59d2adb 100644
---- a/arch/arm/kernel/sched_clock.c
-+++ b/arch/arm/kernel/sched_clock.c
-@@ -45,12 +45,12 @@ static u32 notrace jiffy_sched_clock_read(void)
- 
- static u32 __read_mostly (*read_sched_clock)(void) = jiffy_sched_clock_read;
- 
--static inline u64 cyc_to_ns(u64 cyc, u32 mult, u32 shift)
-+static inline u64 notrace cyc_to_ns(u64 cyc, u32 mult, u32 shift)
- {
- 	return (cyc * mult) >> shift;
- }
- 
--static unsigned long long cyc_to_sched_clock(u32 cyc, u32 mask)
-+static unsigned long long notrace cyc_to_sched_clock(u32 cyc, u32 mask)
- {
- 	u64 epoch_ns;
- 	u32 epoch_cyc;
-diff --git a/arch/sparc/include/asm/pgtable_64.h b/arch/sparc/include/asm/pgtable_64.h
-index 08fcce9..7619f2f 100644
---- a/arch/sparc/include/asm/pgtable_64.h
-+++ b/arch/sparc/include/asm/pgtable_64.h
-@@ -915,6 +915,7 @@ static inline int io_remap_pfn_range(struct vm_area_struct *vma,
- 	return remap_pfn_range(vma, from, phys_base >> PAGE_SHIFT, size, prot);
- }
- 
-+#include <asm/tlbflush.h>
- #include <asm-generic/pgtable.h>
- 
- /* We provide our own get_unmapped_area to cope with VA holes and
-diff --git a/arch/sparc/include/asm/switch_to_64.h b/arch/sparc/include/asm/switch_to_64.h
-index cad36f5..c7de332 100644
---- a/arch/sparc/include/asm/switch_to_64.h
-+++ b/arch/sparc/include/asm/switch_to_64.h
-@@ -18,8 +18,7 @@ do {						\
- 	 * and 2 stores in this critical code path.  -DaveM
- 	 */
- #define switch_to(prev, next, last)					\
--do {	flush_tlb_pending();						\
--	save_and_clear_fpu();						\
-+do {	save_and_clear_fpu();						\
- 	/* If you are tempted to conditionalize the following */	\
- 	/* so that ASI is only written if it changes, think again. */	\
- 	__asm__ __volatile__("wr %%g0, %0, %%asi"			\
-diff --git a/arch/sparc/include/asm/tlbflush_64.h b/arch/sparc/include/asm/tlbflush_64.h
-index 2ef4634..f0d6a97 100644
---- a/arch/sparc/include/asm/tlbflush_64.h
-+++ b/arch/sparc/include/asm/tlbflush_64.h
-@@ -11,24 +11,40 @@
- struct tlb_batch {
- 	struct mm_struct *mm;
- 	unsigned long tlb_nr;
-+	unsigned long active;
- 	unsigned long vaddrs[TLB_BATCH_NR];
- };
- 
- extern void flush_tsb_kernel_range(unsigned long start, unsigned long end);
- extern void flush_tsb_user(struct tlb_batch *tb);
-+extern void flush_tsb_user_page(struct mm_struct *mm, unsigned long vaddr);
- 
- /* TLB flush operations. */
- 
--extern void flush_tlb_pending(void);
-+static inline void flush_tlb_mm(struct mm_struct *mm)
-+{
-+}
-+
-+static inline void flush_tlb_page(struct vm_area_struct *vma,
-+				  unsigned long vmaddr)
-+{
-+}
-+
-+static inline void flush_tlb_range(struct vm_area_struct *vma,
-+				   unsigned long start, unsigned long end)
-+{
-+}
-+
-+#define __HAVE_ARCH_ENTER_LAZY_MMU_MODE
- 
--#define flush_tlb_range(vma,start,end)	\
--	do { (void)(start); flush_tlb_pending(); } while (0)
--#define flush_tlb_page(vma,addr)	flush_tlb_pending()
--#define flush_tlb_mm(mm)		flush_tlb_pending()
-+extern void flush_tlb_pending(void);
-+extern void arch_enter_lazy_mmu_mode(void);
-+extern void arch_leave_lazy_mmu_mode(void);
-+#define arch_flush_lazy_mmu_mode()      do {} while (0)
- 
- /* Local cpu only.  */
- extern void __flush_tlb_all(void);
--
-+extern void __flush_tlb_page(unsigned long context, unsigned long vaddr);
- extern void __flush_tlb_kernel_range(unsigned long start, unsigned long end);
- 
- #ifndef CONFIG_SMP
-@@ -38,15 +54,24 @@ do {	flush_tsb_kernel_range(start,end); \
- 	__flush_tlb_kernel_range(start,end); \
- } while (0)
- 
-+static inline void global_flush_tlb_page(struct mm_struct *mm, unsigned long vaddr)
-+{
-+	__flush_tlb_page(CTX_HWBITS(mm->context), vaddr);
-+}
-+
- #else /* CONFIG_SMP */
- 
- extern void smp_flush_tlb_kernel_range(unsigned long start, unsigned long end);
-+extern void smp_flush_tlb_page(struct mm_struct *mm, unsigned long vaddr);
- 
- #define flush_tlb_kernel_range(start, end) \
- do {	flush_tsb_kernel_range(start,end); \
- 	smp_flush_tlb_kernel_range(start, end); \
- } while (0)
- 
-+#define global_flush_tlb_page(mm, vaddr) \
-+	smp_flush_tlb_page(mm, vaddr)
-+
- #endif /* ! CONFIG_SMP */
- 
- #endif /* _SPARC64_TLBFLUSH_H */
-diff --git a/arch/sparc/kernel/smp_64.c b/arch/sparc/kernel/smp_64.c
-index 537eb66..ca64d2a 100644
---- a/arch/sparc/kernel/smp_64.c
-+++ b/arch/sparc/kernel/smp_64.c
-@@ -849,7 +849,7 @@ void smp_tsb_sync(struct mm_struct *mm)
- }
- 
- extern unsigned long xcall_flush_tlb_mm;
--extern unsigned long xcall_flush_tlb_pending;
-+extern unsigned long xcall_flush_tlb_page;
- extern unsigned long xcall_flush_tlb_kernel_range;
- extern unsigned long xcall_fetch_glob_regs;
- extern unsigned long xcall_fetch_glob_pmu;
-@@ -1074,23 +1074,56 @@ local_flush_and_out:
- 	put_cpu();
- }
- 
-+struct tlb_pending_info {
-+	unsigned long ctx;
-+	unsigned long nr;
-+	unsigned long *vaddrs;
-+};
-+
-+static void tlb_pending_func(void *info)
-+{
-+	struct tlb_pending_info *t = info;
-+
-+	__flush_tlb_pending(t->ctx, t->nr, t->vaddrs);
-+}
-+
- void smp_flush_tlb_pending(struct mm_struct *mm, unsigned long nr, unsigned long *vaddrs)
- {
- 	u32 ctx = CTX_HWBITS(mm->context);
-+	struct tlb_pending_info info;
- 	int cpu = get_cpu();
- 
-+	info.ctx = ctx;
-+	info.nr = nr;
-+	info.vaddrs = vaddrs;
-+
- 	if (mm == current->mm && atomic_read(&mm->mm_users) == 1)
- 		cpumask_copy(mm_cpumask(mm), cpumask_of(cpu));
- 	else
--		smp_cross_call_masked(&xcall_flush_tlb_pending,
--				      ctx, nr, (unsigned long) vaddrs,
--				      mm_cpumask(mm));
-+		smp_call_function_many(mm_cpumask(mm), tlb_pending_func,
-+				       &info, 1);
- 
- 	__flush_tlb_pending(ctx, nr, vaddrs);
- 
- 	put_cpu();
- }
- 
-+void smp_flush_tlb_page(struct mm_struct *mm, unsigned long vaddr)
-+{
-+	unsigned long context = CTX_HWBITS(mm->context);
-+	int cpu = get_cpu();
-+
-+	if (mm == current->mm && atomic_read(&mm->mm_users) == 1)
-+		cpumask_copy(mm_cpumask(mm), cpumask_of(cpu));
-+	else
-+		smp_cross_call_masked(&xcall_flush_tlb_page,
-+				      context, vaddr, 0,
-+				      mm_cpumask(mm));
-+	__flush_tlb_page(context, vaddr);
-+
-+	put_cpu();
-+}
-+
- void smp_flush_tlb_kernel_range(unsigned long start, unsigned long end)
- {
- 	start &= PAGE_MASK;
-diff --git a/arch/sparc/mm/tlb.c b/arch/sparc/mm/tlb.c
-index ba6ae7f..83d89bc 100644
---- a/arch/sparc/mm/tlb.c
-+++ b/arch/sparc/mm/tlb.c
-@@ -24,11 +24,17 @@ static DEFINE_PER_CPU(struct tlb_batch, tlb_batch);
- void flush_tlb_pending(void)
- {
- 	struct tlb_batch *tb = &get_cpu_var(tlb_batch);
-+	struct mm_struct *mm = tb->mm;
- 
--	if (tb->tlb_nr) {
--		flush_tsb_user(tb);
-+	if (!tb->tlb_nr)
-+		goto out;
- 
--		if (CTX_VALID(tb->mm->context)) {
-+	flush_tsb_user(tb);
-+
-+	if (CTX_VALID(mm->context)) {
-+		if (tb->tlb_nr == 1) {
-+			global_flush_tlb_page(mm, tb->vaddrs[0]);
-+		} else {
- #ifdef CONFIG_SMP
- 			smp_flush_tlb_pending(tb->mm, tb->tlb_nr,
- 					      &tb->vaddrs[0]);
-@@ -37,12 +43,30 @@ void flush_tlb_pending(void)
- 					    tb->tlb_nr, &tb->vaddrs[0]);
- #endif
- 		}
--		tb->tlb_nr = 0;
- 	}
- 
-+	tb->tlb_nr = 0;
-+
-+out:
- 	put_cpu_var(tlb_batch);
- }
- 
-+void arch_enter_lazy_mmu_mode(void)
-+{
-+	struct tlb_batch *tb = &__get_cpu_var(tlb_batch);
-+
-+	tb->active = 1;
-+}
-+
-+void arch_leave_lazy_mmu_mode(void)
-+{
-+	struct tlb_batch *tb = &__get_cpu_var(tlb_batch);
-+
-+	if (tb->tlb_nr)
-+		flush_tlb_pending();
-+	tb->active = 0;
-+}
-+
- static void tlb_batch_add_one(struct mm_struct *mm, unsigned long vaddr,
- 			      bool exec)
- {
-@@ -60,6 +84,12 @@ static void tlb_batch_add_one(struct mm_struct *mm, unsigned long vaddr,
- 		nr = 0;
- 	}
- 
-+	if (!tb->active) {
-+		global_flush_tlb_page(mm, vaddr);
-+		flush_tsb_user_page(mm, vaddr);
-+		goto out;
-+	}
-+
- 	if (nr == 0)
- 		tb->mm = mm;
- 
-@@ -68,6 +98,7 @@ static void tlb_batch_add_one(struct mm_struct *mm, unsigned long vaddr,
- 	if (nr >= TLB_BATCH_NR)
- 		flush_tlb_pending();
- 
-+out:
- 	put_cpu_var(tlb_batch);
- }
- 
-diff --git a/arch/sparc/mm/tsb.c b/arch/sparc/mm/tsb.c
-index 428982b..2cc3bce 100644
---- a/arch/sparc/mm/tsb.c
-+++ b/arch/sparc/mm/tsb.c
-@@ -7,11 +7,10 @@
- #include <linux/preempt.h>
- #include <linux/slab.h>
- #include <asm/page.h>
--#include <asm/tlbflush.h>
--#include <asm/tlb.h>
--#include <asm/mmu_context.h>
- #include <asm/pgtable.h>
-+#include <asm/mmu_context.h>
- #include <asm/tsb.h>
-+#include <asm/tlb.h>
- #include <asm/oplib.h>
- 
- extern struct tsb swapper_tsb[KERNEL_TSB_NENTRIES];
-@@ -46,23 +45,27 @@ void flush_tsb_kernel_range(unsigned long start, unsigned long end)
- 	}
- }
- 
--static void __flush_tsb_one(struct tlb_batch *tb, unsigned long hash_shift,
--			    unsigned long tsb, unsigned long nentries)
-+static void __flush_tsb_one_entry(unsigned long tsb, unsigned long v,
-+				  unsigned long hash_shift,
-+				  unsigned long nentries)
- {
--	unsigned long i;
-+	unsigned long tag, ent, hash;
- 
--	for (i = 0; i < tb->tlb_nr; i++) {
--		unsigned long v = tb->vaddrs[i];
--		unsigned long tag, ent, hash;
-+	v &= ~0x1UL;
-+	hash = tsb_hash(v, hash_shift, nentries);
-+	ent = tsb + (hash * sizeof(struct tsb));
-+	tag = (v >> 22UL);
- 
--		v &= ~0x1UL;
-+	tsb_flush(ent, tag);
-+}
- 
--		hash = tsb_hash(v, hash_shift, nentries);
--		ent = tsb + (hash * sizeof(struct tsb));
--		tag = (v >> 22UL);
-+static void __flush_tsb_one(struct tlb_batch *tb, unsigned long hash_shift,
-+			    unsigned long tsb, unsigned long nentries)
-+{
-+	unsigned long i;
- 
--		tsb_flush(ent, tag);
--	}
-+	for (i = 0; i < tb->tlb_nr; i++)
-+		__flush_tsb_one_entry(tsb, tb->vaddrs[i], hash_shift, nentries);
- }
- 
- void flush_tsb_user(struct tlb_batch *tb)
-@@ -90,6 +93,30 @@ void flush_tsb_user(struct tlb_batch *tb)
- 	spin_unlock_irqrestore(&mm->context.lock, flags);
- }
- 
-+void flush_tsb_user_page(struct mm_struct *mm, unsigned long vaddr)
-+{
-+	unsigned long nentries, base, flags;
-+
-+	spin_lock_irqsave(&mm->context.lock, flags);
-+
-+	base = (unsigned long) mm->context.tsb_block[MM_TSB_BASE].tsb;
-+	nentries = mm->context.tsb_block[MM_TSB_BASE].tsb_nentries;
-+	if (tlb_type == cheetah_plus || tlb_type == hypervisor)
-+		base = __pa(base);
-+	__flush_tsb_one_entry(base, vaddr, PAGE_SHIFT, nentries);
-+
-+#if defined(CONFIG_HUGETLB_PAGE) || defined(CONFIG_TRANSPARENT_HUGEPAGE)
-+	if (mm->context.tsb_block[MM_TSB_HUGE].tsb) {
-+		base = (unsigned long) mm->context.tsb_block[MM_TSB_HUGE].tsb;
-+		nentries = mm->context.tsb_block[MM_TSB_HUGE].tsb_nentries;
-+		if (tlb_type == cheetah_plus || tlb_type == hypervisor)
-+			base = __pa(base);
-+		__flush_tsb_one_entry(base, vaddr, HPAGE_SHIFT, nentries);
-+	}
-+#endif
-+	spin_unlock_irqrestore(&mm->context.lock, flags);
-+}
-+
- #define HV_PGSZ_IDX_BASE	HV_PGSZ_IDX_8K
- #define HV_PGSZ_MASK_BASE	HV_PGSZ_MASK_8K
- 
-diff --git a/arch/sparc/mm/ultra.S b/arch/sparc/mm/ultra.S
-index f8e13d4..29b9608 100644
---- a/arch/sparc/mm/ultra.S
-+++ b/arch/sparc/mm/ultra.S
-@@ -53,6 +53,33 @@ __flush_tlb_mm:		/* 18 insns */
- 	nop
- 
- 	.align		32
-+	.globl		__flush_tlb_page
-+__flush_tlb_page:	/* 22 insns */
-+	/* %o0 = context, %o1 = vaddr */
-+	rdpr		%pstate, %g7
-+	andn		%g7, PSTATE_IE, %g2
-+	wrpr		%g2, %pstate
-+	mov		SECONDARY_CONTEXT, %o4
-+	ldxa		[%o4] ASI_DMMU, %g2
-+	stxa		%o0, [%o4] ASI_DMMU
-+	andcc		%o1, 1, %g0
-+	andn		%o1, 1, %o3
-+	be,pn		%icc, 1f
-+	 or		%o3, 0x10, %o3
-+	stxa		%g0, [%o3] ASI_IMMU_DEMAP
-+1:	stxa		%g0, [%o3] ASI_DMMU_DEMAP
-+	membar		#Sync
-+	stxa		%g2, [%o4] ASI_DMMU
-+	sethi		%hi(KERNBASE), %o4
-+	flush		%o4
-+	retl
-+	 wrpr		%g7, 0x0, %pstate
-+	nop
-+	nop
-+	nop
-+	nop
-+
-+	.align		32
- 	.globl		__flush_tlb_pending
- __flush_tlb_pending:	/* 26 insns */
- 	/* %o0 = context, %o1 = nr, %o2 = vaddrs[] */
-@@ -203,6 +230,31 @@ __cheetah_flush_tlb_mm: /* 19 insns */
- 	retl
- 	 wrpr		%g7, 0x0, %pstate
- 
-+__cheetah_flush_tlb_page:	/* 22 insns */
-+	/* %o0 = context, %o1 = vaddr */
-+	rdpr		%pstate, %g7
-+	andn		%g7, PSTATE_IE, %g2
-+	wrpr		%g2, 0x0, %pstate
-+	wrpr		%g0, 1, %tl
-+	mov		PRIMARY_CONTEXT, %o4
-+	ldxa		[%o4] ASI_DMMU, %g2
-+	srlx		%g2, CTX_PGSZ1_NUC_SHIFT, %o3
-+	sllx		%o3, CTX_PGSZ1_NUC_SHIFT, %o3
-+	or		%o0, %o3, %o0	/* Preserve nucleus page size fields */
-+	stxa		%o0, [%o4] ASI_DMMU
-+	andcc		%o1, 1, %g0
-+	be,pn		%icc, 1f
-+	 andn		%o1, 1, %o3
-+	stxa		%g0, [%o3] ASI_IMMU_DEMAP
-+1:	stxa		%g0, [%o3] ASI_DMMU_DEMAP
-+	membar		#Sync
-+	stxa		%g2, [%o4] ASI_DMMU
-+	sethi		%hi(KERNBASE), %o4
-+	flush		%o4
-+	wrpr		%g0, 0, %tl
-+	retl
-+	 wrpr		%g7, 0x0, %pstate
-+
- __cheetah_flush_tlb_pending:	/* 27 insns */
- 	/* %o0 = context, %o1 = nr, %o2 = vaddrs[] */
- 	rdpr		%pstate, %g7
-@@ -269,6 +321,20 @@ __hypervisor_flush_tlb_mm: /* 10 insns */
- 	retl
- 	 nop
- 
-+__hypervisor_flush_tlb_page: /* 11 insns */
-+	/* %o0 = context, %o1 = vaddr */
-+	mov		%o0, %g2
-+	mov		%o1, %o0              /* ARG0: vaddr + IMMU-bit */
-+	mov		%g2, %o1	      /* ARG1: mmu context */
-+	mov		HV_MMU_ALL, %o2	      /* ARG2: flags */
-+	srlx		%o0, PAGE_SHIFT, %o0
-+	sllx		%o0, PAGE_SHIFT, %o0
-+	ta		HV_MMU_UNMAP_ADDR_TRAP
-+	brnz,pn		%o0, __hypervisor_tlb_tl0_error
-+	 mov		HV_MMU_UNMAP_ADDR_TRAP, %o1
-+	retl
-+	 nop
-+
- __hypervisor_flush_tlb_pending: /* 16 insns */
- 	/* %o0 = context, %o1 = nr, %o2 = vaddrs[] */
- 	sllx		%o1, 3, %g1
-@@ -339,6 +405,13 @@ cheetah_patch_cachetlbops:
- 	call		tlb_patch_one
- 	 mov		19, %o2
- 
-+	sethi		%hi(__flush_tlb_page), %o0
-+	or		%o0, %lo(__flush_tlb_page), %o0
-+	sethi		%hi(__cheetah_flush_tlb_page), %o1
-+	or		%o1, %lo(__cheetah_flush_tlb_page), %o1
-+	call		tlb_patch_one
-+	 mov		22, %o2
-+
- 	sethi		%hi(__flush_tlb_pending), %o0
- 	or		%o0, %lo(__flush_tlb_pending), %o0
- 	sethi		%hi(__cheetah_flush_tlb_pending), %o1
-@@ -397,10 +470,9 @@ xcall_flush_tlb_mm:	/* 21 insns */
- 	nop
- 	nop
- 
--	.globl		xcall_flush_tlb_pending
--xcall_flush_tlb_pending:	/* 21 insns */
--	/* %g5=context, %g1=nr, %g7=vaddrs[] */
--	sllx		%g1, 3, %g1
-+	.globl		xcall_flush_tlb_page
-+xcall_flush_tlb_page:	/* 17 insns */
-+	/* %g5=context, %g1=vaddr */
- 	mov		PRIMARY_CONTEXT, %g4
- 	ldxa		[%g4] ASI_DMMU, %g2
- 	srlx		%g2, CTX_PGSZ1_NUC_SHIFT, %g4
-@@ -408,20 +480,16 @@ xcall_flush_tlb_pending:	/* 21 insns */
- 	or		%g5, %g4, %g5
- 	mov		PRIMARY_CONTEXT, %g4
- 	stxa		%g5, [%g4] ASI_DMMU
--1:	sub		%g1, (1 << 3), %g1
--	ldx		[%g7 + %g1], %g5
--	andcc		%g5, 0x1, %g0
-+	andcc		%g1, 0x1, %g0
- 	be,pn		%icc, 2f
--
--	 andn		%g5, 0x1, %g5
-+	 andn		%g1, 0x1, %g5
- 	stxa		%g0, [%g5] ASI_IMMU_DEMAP
- 2:	stxa		%g0, [%g5] ASI_DMMU_DEMAP
- 	membar		#Sync
--	brnz,pt		%g1, 1b
--	 nop
- 	stxa		%g2, [%g4] ASI_DMMU
- 	retry
- 	nop
-+	nop
- 
- 	.globl		xcall_flush_tlb_kernel_range
- xcall_flush_tlb_kernel_range:	/* 25 insns */
-@@ -656,15 +724,13 @@ __hypervisor_xcall_flush_tlb_mm: /* 21 insns */
- 	membar		#Sync
- 	retry
- 
--	.globl		__hypervisor_xcall_flush_tlb_pending
--__hypervisor_xcall_flush_tlb_pending: /* 21 insns */
--	/* %g5=ctx, %g1=nr, %g7=vaddrs[], %g2,%g3,%g4,g6=scratch */
--	sllx		%g1, 3, %g1
-+	.globl		__hypervisor_xcall_flush_tlb_page
-+__hypervisor_xcall_flush_tlb_page: /* 17 insns */
-+	/* %g5=ctx, %g1=vaddr */
- 	mov		%o0, %g2
- 	mov		%o1, %g3
- 	mov		%o2, %g4
--1:	sub		%g1, (1 << 3), %g1
--	ldx		[%g7 + %g1], %o0	/* ARG0: virtual address */
-+	mov		%g1, %o0	        /* ARG0: virtual address */
- 	mov		%g5, %o1		/* ARG1: mmu context */
- 	mov		HV_MMU_ALL, %o2		/* ARG2: flags */
- 	srlx		%o0, PAGE_SHIFT, %o0
-@@ -673,8 +739,6 @@ __hypervisor_xcall_flush_tlb_pending: /* 21 insns */
- 	mov		HV_MMU_UNMAP_ADDR_TRAP, %g6
- 	brnz,a,pn	%o0, __hypervisor_tlb_xcall_error
- 	 mov		%o0, %g5
--	brnz,pt		%g1, 1b
--	 nop
- 	mov		%g2, %o0
- 	mov		%g3, %o1
- 	mov		%g4, %o2
-@@ -757,6 +821,13 @@ hypervisor_patch_cachetlbops:
- 	call		tlb_patch_one
- 	 mov		10, %o2
- 
-+	sethi		%hi(__flush_tlb_page), %o0
-+	or		%o0, %lo(__flush_tlb_page), %o0
-+	sethi		%hi(__hypervisor_flush_tlb_page), %o1
-+	or		%o1, %lo(__hypervisor_flush_tlb_page), %o1
-+	call		tlb_patch_one
-+	 mov		11, %o2
-+
- 	sethi		%hi(__flush_tlb_pending), %o0
- 	or		%o0, %lo(__flush_tlb_pending), %o0
- 	sethi		%hi(__hypervisor_flush_tlb_pending), %o1
-@@ -788,12 +859,12 @@ hypervisor_patch_cachetlbops:
- 	call		tlb_patch_one
- 	 mov		21, %o2
- 
--	sethi		%hi(xcall_flush_tlb_pending), %o0
--	or		%o0, %lo(xcall_flush_tlb_pending), %o0
--	sethi		%hi(__hypervisor_xcall_flush_tlb_pending), %o1
--	or		%o1, %lo(__hypervisor_xcall_flush_tlb_pending), %o1
-+	sethi		%hi(xcall_flush_tlb_page), %o0
-+	or		%o0, %lo(xcall_flush_tlb_page), %o0
-+	sethi		%hi(__hypervisor_xcall_flush_tlb_page), %o1
-+	or		%o1, %lo(__hypervisor_xcall_flush_tlb_page), %o1
- 	call		tlb_patch_one
--	 mov		21, %o2
-+	 mov		17, %o2
- 
- 	sethi		%hi(xcall_flush_tlb_kernel_range), %o0
- 	or		%o0, %lo(xcall_flush_tlb_kernel_range), %o0
-diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
-index 27cdf1f..045dc53 100644
---- a/drivers/net/bonding/bond_main.c
-+++ b/drivers/net/bonding/bond_main.c
-@@ -1888,6 +1888,7 @@ err_detach:
- 	write_unlock_bh(&bond->lock);
- 
- err_close:
-+	slave_dev->priv_flags &= ~IFF_BONDING;
- 	dev_close(slave_dev);
- 
- err_unset_master:
-@@ -3379,20 +3380,22 @@ static int bond_xmit_hash_policy_l2(struct sk_buff *skb, int count)
-  */
- static int bond_xmit_hash_policy_l23(struct sk_buff *skb, int count)
- {
--	struct ethhdr *data = (struct ethhdr *)skb->data;
--	struct iphdr *iph;
--	struct ipv6hdr *ipv6h;
-+	const struct ethhdr *data;
-+	const struct iphdr *iph;
-+	const struct ipv6hdr *ipv6h;
- 	u32 v6hash;
--	__be32 *s, *d;
-+	const __be32 *s, *d;
- 
- 	if (skb->protocol == htons(ETH_P_IP) &&
--	    skb_network_header_len(skb) >= sizeof(*iph)) {
-+	    pskb_network_may_pull(skb, sizeof(*iph))) {
- 		iph = ip_hdr(skb);
-+		data = (struct ethhdr *)skb->data;
- 		return ((ntohl(iph->saddr ^ iph->daddr) & 0xffff) ^
- 			(data->h_dest[5] ^ data->h_source[5])) % count;
- 	} else if (skb->protocol == htons(ETH_P_IPV6) &&
--		   skb_network_header_len(skb) >= sizeof(*ipv6h)) {
-+		   pskb_network_may_pull(skb, sizeof(*ipv6h))) {
- 		ipv6h = ipv6_hdr(skb);
-+		data = (struct ethhdr *)skb->data;
- 		s = &ipv6h->saddr.s6_addr32[0];
- 		d = &ipv6h->daddr.s6_addr32[0];
- 		v6hash = (s[1] ^ d[1]) ^ (s[2] ^ d[2]) ^ (s[3] ^ d[3]);
-@@ -3411,33 +3414,36 @@ static int bond_xmit_hash_policy_l23(struct sk_buff *skb, int count)
- static int bond_xmit_hash_policy_l34(struct sk_buff *skb, int count)
- {
- 	u32 layer4_xor = 0;
--	struct iphdr *iph;
--	struct ipv6hdr *ipv6h;
--	__be32 *s, *d;
--	__be16 *layer4hdr;
-+	const struct iphdr *iph;
-+	const struct ipv6hdr *ipv6h;
-+	const __be32 *s, *d;
-+	const __be16 *l4 = NULL;
-+	__be16 _l4[2];
-+	int noff = skb_network_offset(skb);
-+	int poff;
- 
- 	if (skb->protocol == htons(ETH_P_IP) &&
--	    skb_network_header_len(skb) >= sizeof(*iph)) {
-+	    pskb_may_pull(skb, noff + sizeof(*iph))) {
- 		iph = ip_hdr(skb);
--		if (!ip_is_fragment(iph) &&
--		    (iph->protocol == IPPROTO_TCP ||
--		     iph->protocol == IPPROTO_UDP) &&
--		    (skb_headlen(skb) - skb_network_offset(skb) >=
--		     iph->ihl * sizeof(u32) + sizeof(*layer4hdr) * 2)) {
--			layer4hdr = (__be16 *)((u32 *)iph + iph->ihl);
--			layer4_xor = ntohs(*layer4hdr ^ *(layer4hdr + 1));
-+		poff = proto_ports_offset(iph->protocol);
-+
-+		if (!ip_is_fragment(iph) && poff >= 0) {
-+			l4 = skb_header_pointer(skb, noff + (iph->ihl << 2) + poff,
-+						sizeof(_l4), &_l4);
-+			if (l4)
-+				layer4_xor = ntohs(l4[0] ^ l4[1]);
- 		}
- 		return (layer4_xor ^
- 			((ntohl(iph->saddr ^ iph->daddr)) & 0xffff)) % count;
- 	} else if (skb->protocol == htons(ETH_P_IPV6) &&
--		   skb_network_header_len(skb) >= sizeof(*ipv6h)) {
-+		   pskb_may_pull(skb, noff + sizeof(*ipv6h))) {
- 		ipv6h = ipv6_hdr(skb);
--		if ((ipv6h->nexthdr == IPPROTO_TCP ||
--		     ipv6h->nexthdr == IPPROTO_UDP) &&
--		    (skb_headlen(skb) - skb_network_offset(skb) >=
--		     sizeof(*ipv6h) + sizeof(*layer4hdr) * 2)) {
--			layer4hdr = (__be16 *)(ipv6h + 1);
--			layer4_xor = ntohs(*layer4hdr ^ *(layer4hdr + 1));
-+		poff = proto_ports_offset(ipv6h->nexthdr);
-+		if (poff >= 0) {
-+			l4 = skb_header_pointer(skb, noff + sizeof(*ipv6h) + poff,
-+						sizeof(_l4), &_l4);
-+			if (l4)
-+				layer4_xor = ntohs(l4[0] ^ l4[1]);
- 		}
- 		s = &ipv6h->saddr.s6_addr32[0];
- 		d = &ipv6h->daddr.s6_addr32[0];
-@@ -4919,9 +4925,18 @@ static int __net_init bond_net_init(struct net *net)
- static void __net_exit bond_net_exit(struct net *net)
- {
- 	struct bond_net *bn = net_generic(net, bond_net_id);
-+	struct bonding *bond, *tmp_bond;
-+	LIST_HEAD(list);
- 
- 	bond_destroy_sysfs(bn);
- 	bond_destroy_proc_dir(bn);
-+
-+	/* Kill off any bonds created after unregistering bond rtnl ops */
-+	rtnl_lock();
-+	list_for_each_entry_safe(bond, tmp_bond, &bn->dev_list, bond_list)
-+		unregister_netdevice_queue(bond->dev, &list);
-+	unregister_netdevice_many(&list);
-+	rtnl_unlock();
- }
- 
- static struct pernet_operations bond_net_ops = {
-diff --git a/drivers/net/ethernet/atheros/atl1e/atl1e.h b/drivers/net/ethernet/atheros/atl1e/atl1e.h
-index edfdf6b..b5fd934 100644
---- a/drivers/net/ethernet/atheros/atl1e/atl1e.h
-+++ b/drivers/net/ethernet/atheros/atl1e/atl1e.h
-@@ -186,7 +186,7 @@ struct atl1e_tpd_desc {
- /* how about 0x2000 */
- #define MAX_TX_BUF_LEN      0x2000
- #define MAX_TX_BUF_SHIFT    13
--/*#define MAX_TX_BUF_LEN  0x3000 */
-+#define MAX_TSO_SEG_SIZE    0x3c00
- 
- /* rrs word 1 bit 0:31 */
- #define RRS_RX_CSUM_MASK	0xFFFF
-diff --git a/drivers/net/ethernet/atheros/atl1e/atl1e_main.c b/drivers/net/ethernet/atheros/atl1e/atl1e_main.c
-index 35faab7..ca33b28 100644
---- a/drivers/net/ethernet/atheros/atl1e/atl1e_main.c
-+++ b/drivers/net/ethernet/atheros/atl1e/atl1e_main.c
-@@ -2332,6 +2332,7 @@ static int atl1e_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
- 
- 	INIT_WORK(&adapter->reset_task, atl1e_reset_task);
- 	INIT_WORK(&adapter->link_chg_task, atl1e_link_chg_task);
-+	netif_set_gso_max_size(netdev, MAX_TSO_SEG_SIZE);
- 	err = register_netdev(netdev);
- 	if (err) {
- 		netdev_err(netdev, "register netdevice failed\n");
-diff --git a/drivers/net/ethernet/marvell/Kconfig b/drivers/net/ethernet/marvell/Kconfig
-index edfba93..434e33c 100644
---- a/drivers/net/ethernet/marvell/Kconfig
-+++ b/drivers/net/ethernet/marvell/Kconfig
-@@ -33,6 +33,7 @@ config MV643XX_ETH
- 
- config MVMDIO
- 	tristate "Marvell MDIO interface support"
-+	select PHYLIB
- 	---help---
- 	  This driver supports the MDIO interface found in the network
- 	  interface units of the Marvell EBU SoCs (Kirkwood, Orion5x,
-@@ -45,7 +46,6 @@ config MVMDIO
- config MVNETA
- 	tristate "Marvell Armada 370/XP network interface support"
- 	depends on MACH_ARMADA_370_XP
--	select PHYLIB
- 	select MVMDIO
- 	---help---
- 	  This driver supports the network interface units in the
-diff --git a/drivers/net/ethernet/marvell/mvneta.c b/drivers/net/ethernet/marvell/mvneta.c
-index b6025c3..84b312ea 100644
---- a/drivers/net/ethernet/marvell/mvneta.c
-+++ b/drivers/net/ethernet/marvell/mvneta.c
-@@ -375,7 +375,6 @@ static int rxq_number = 8;
- static int txq_number = 8;
- 
- static int rxq_def;
--static int txq_def;
- 
- #define MVNETA_DRIVER_NAME "mvneta"
- #define MVNETA_DRIVER_VERSION "1.0"
-@@ -1476,7 +1475,8 @@ error:
- static int mvneta_tx(struct sk_buff *skb, struct net_device *dev)
- {
- 	struct mvneta_port *pp = netdev_priv(dev);
--	struct mvneta_tx_queue *txq = &pp->txqs[txq_def];
-+	u16 txq_id = skb_get_queue_mapping(skb);
-+	struct mvneta_tx_queue *txq = &pp->txqs[txq_id];
- 	struct mvneta_tx_desc *tx_desc;
- 	struct netdev_queue *nq;
- 	int frags = 0;
-@@ -1486,7 +1486,7 @@ static int mvneta_tx(struct sk_buff *skb, struct net_device *dev)
- 		goto out;
- 
- 	frags = skb_shinfo(skb)->nr_frags + 1;
--	nq    = netdev_get_tx_queue(dev, txq_def);
-+	nq    = netdev_get_tx_queue(dev, txq_id);
- 
- 	/* Get a descriptor for the first part of the packet */
- 	tx_desc = mvneta_txq_next_desc_get(txq);
-@@ -2690,7 +2690,7 @@ static int mvneta_probe(struct platform_device *pdev)
- 		return -EINVAL;
- 	}
- 
--	dev = alloc_etherdev_mq(sizeof(struct mvneta_port), 8);
-+	dev = alloc_etherdev_mqs(sizeof(struct mvneta_port), txq_number, rxq_number);
- 	if (!dev)
- 		return -ENOMEM;
- 
-@@ -2844,4 +2844,3 @@ module_param(rxq_number, int, S_IRUGO);
- module_param(txq_number, int, S_IRUGO);
- 
- module_param(rxq_def, int, S_IRUGO);
--module_param(txq_def, int, S_IRUGO);
-diff --git a/drivers/net/usb/cdc_mbim.c b/drivers/net/usb/cdc_mbim.c
-index 16c8429..6bd9167 100644
---- a/drivers/net/usb/cdc_mbim.c
-+++ b/drivers/net/usb/cdc_mbim.c
-@@ -134,7 +134,7 @@ static struct sk_buff *cdc_mbim_tx_fixup(struct usbnet *dev, struct sk_buff *skb
- 		goto error;
- 
- 	if (skb) {
--		if (skb->len <= sizeof(ETH_HLEN))
-+		if (skb->len <= ETH_HLEN)
- 			goto error;
- 
- 		/* mapping VLANs to MBIM sessions:
-diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
-index da9fde8..892ecda 100644
---- a/drivers/tty/tty_io.c
-+++ b/drivers/tty/tty_io.c
-@@ -941,6 +941,14 @@ void start_tty(struct tty_struct *tty)
- 
- EXPORT_SYMBOL(start_tty);
- 
-+static void tty_update_time(struct timespec *time)
-+{
-+	unsigned long sec = get_seconds();
-+	sec -= sec % 60;
-+	if ((long)(sec - time->tv_sec) > 0)
-+		time->tv_sec = sec;
-+}
-+
- /**
-  *	tty_read	-	read method for tty device files
-  *	@file: pointer to tty file
-@@ -977,8 +985,10 @@ static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
- 	else
- 		i = -EIO;
- 	tty_ldisc_deref(ld);
-+
- 	if (i > 0)
--		inode->i_atime = current_fs_time(inode->i_sb);
-+		tty_update_time(&inode->i_atime);
-+
- 	return i;
- }
- 
-@@ -1081,7 +1091,7 @@ static inline ssize_t do_tty_write(
- 	}
- 	if (written) {
- 		struct inode *inode = file->f_path.dentry->d_inode;
--		inode->i_mtime = current_fs_time(inode->i_sb);
-+		tty_update_time(&inode->i_mtime);
- 		ret = written;
- 	}
- out:
-diff --git a/fs/aio.c b/fs/aio.c
-index 71f613c..ed762ae 100644
---- a/fs/aio.c
-+++ b/fs/aio.c
-@@ -1027,9 +1027,9 @@ static int aio_read_evt(struct kioctx *ioctx, struct io_event *ent)
- 	spin_unlock(&info->ring_lock);
- 
- out:
--	kunmap_atomic(ring);
- 	dprintk("leaving aio_read_evt: %d  h%lu t%lu\n", ret,
- 		 (unsigned long)ring->head, (unsigned long)ring->tail);
-+	kunmap_atomic(ring);
- 	return ret;
- }
- 
-diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
-index 9ef07d0..0e182f9 100644
---- a/include/linux/netdevice.h
-+++ b/include/linux/netdevice.h
-@@ -208,9 +208,9 @@ struct netdev_hw_addr {
- #define NETDEV_HW_ADDR_T_SLAVE		3
- #define NETDEV_HW_ADDR_T_UNICAST	4
- #define NETDEV_HW_ADDR_T_MULTICAST	5
--	bool			synced;
- 	bool			global_use;
- 	int			refcount;
-+	int			synced;
- 	struct rcu_head		rcu_head;
- };
- 
-diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
-index 98399e2..9fe54b6 100644
---- a/include/linux/skbuff.h
-+++ b/include/linux/skbuff.h
-@@ -2597,6 +2597,13 @@ static inline void nf_reset(struct sk_buff *skb)
- #endif
- }
- 
-+static inline void nf_reset_trace(struct sk_buff *skb)
-+{
-+#if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE)
-+	skb->nf_trace = 0;
-+#endif
-+}
-+
- /* Note: This doesn't put any conntrack and bridge info in dst. */
- static inline void __nf_copy(struct sk_buff *dst, const struct sk_buff *src)
- {
-diff --git a/include/net/scm.h b/include/net/scm.h
-index 975cca0..b117081 100644
---- a/include/net/scm.h
-+++ b/include/net/scm.h
-@@ -56,8 +56,8 @@ static __inline__ void scm_set_cred(struct scm_cookie *scm,
- 	scm->pid  = get_pid(pid);
- 	scm->cred = cred ? get_cred(cred) : NULL;
- 	scm->creds.pid = pid_vnr(pid);
--	scm->creds.uid = cred ? cred->euid : INVALID_UID;
--	scm->creds.gid = cred ? cred->egid : INVALID_GID;
-+	scm->creds.uid = cred ? cred->uid : INVALID_UID;
-+	scm->creds.gid = cred ? cred->gid : INVALID_GID;
- }
- 
- static __inline__ void scm_destroy_cred(struct scm_cookie *scm)
-diff --git a/kernel/trace/trace_selftest.c b/kernel/trace/trace_selftest.c
-index 4762316..5fc7aa5 100644
---- a/kernel/trace/trace_selftest.c
-+++ b/kernel/trace/trace_selftest.c
-@@ -452,7 +452,6 @@ trace_selftest_function_recursion(void)
- 	char *func_name;
- 	int len;
- 	int ret;
--	int cnt;
- 
- 	/* The previous test PASSED */
- 	pr_cont("PASSED\n");
-@@ -510,19 +509,10 @@ trace_selftest_function_recursion(void)
- 
- 	unregister_ftrace_function(&test_recsafe_probe);
- 
--	/*
--	 * If arch supports all ftrace features, and no other task
--	 * was on the list, we should be fine.
--	 */
--	if (!ftrace_nr_registered_ops() && !FTRACE_FORCE_LIST_FUNC)
--		cnt = 2; /* Should have recursed */
--	else
--		cnt = 1;
--
- 	ret = -1;
--	if (trace_selftest_recursion_cnt != cnt) {
--		pr_cont("*callback not called expected %d times (%d)* ",
--			cnt, trace_selftest_recursion_cnt);
-+	if (trace_selftest_recursion_cnt != 2) {
-+		pr_cont("*callback not called expected 2 times (%d)* ",
-+			trace_selftest_recursion_cnt);
- 		goto out;
- 	}
- 
-diff --git a/net/atm/common.c b/net/atm/common.c
-index 806fc0a..cf4b7e6 100644
---- a/net/atm/common.c
-+++ b/net/atm/common.c
-@@ -532,6 +532,8 @@ int vcc_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg,
- 	struct sk_buff *skb;
- 	int copied, error = -EINVAL;
- 
-+	msg->msg_namelen = 0;
-+
- 	if (sock->state != SS_CONNECTED)
- 		return -ENOTCONN;
- 
-diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c
-index 779095d..d53a123 100644
---- a/net/ax25/af_ax25.c
-+++ b/net/ax25/af_ax25.c
-@@ -1647,6 +1647,7 @@ static int ax25_recvmsg(struct kiocb *iocb, struct socket *sock,
- 		ax25_address src;
- 		const unsigned char *mac = skb_mac_header(skb);
- 
-+		memset(sax, 0, sizeof(struct full_sockaddr_ax25));
- 		ax25_addr_parse(mac + 1, skb->data - mac - 1, &src, NULL,
- 				&digi, NULL, NULL);
- 		sax->sax25_family = AF_AX25;
-diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c
-index 5355df6..b04795e 100644
---- a/net/bluetooth/af_bluetooth.c
-+++ b/net/bluetooth/af_bluetooth.c
-@@ -230,6 +230,8 @@ int bt_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
- 	if (flags & (MSG_OOB))
- 		return -EOPNOTSUPP;
- 
-+	msg->msg_namelen = 0;
-+
- 	skb = skb_recv_datagram(sk, flags, noblock, &err);
- 	if (!skb) {
- 		if (sk->sk_shutdown & RCV_SHUTDOWN)
-@@ -237,8 +239,6 @@ int bt_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
- 		return err;
- 	}
- 
--	msg->msg_namelen = 0;
--
- 	copied = skb->len;
- 	if (len < copied) {
- 		msg->msg_flags |= MSG_TRUNC;
-diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
-index ce3f665..970fc13 100644
---- a/net/bluetooth/rfcomm/sock.c
-+++ b/net/bluetooth/rfcomm/sock.c
-@@ -610,6 +610,7 @@ static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
- 
- 	if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
- 		rfcomm_dlc_accept(d);
-+		msg->msg_namelen = 0;
- 		return 0;
- 	}
- 
-diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
-index aaf1957..cc16d1b 100644
---- a/net/bluetooth/sco.c
-+++ b/net/bluetooth/sco.c
-@@ -667,6 +667,7 @@ static int sco_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
- 	    test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
- 		hci_conn_accept(pi->conn->hcon, 0);
- 		sk->sk_state = BT_CONFIG;
-+		msg->msg_namelen = 0;
- 
- 		release_sock(sk);
- 		return 0;
-diff --git a/net/caif/caif_socket.c b/net/caif/caif_socket.c
-index 095259f..ff2ff3c 100644
---- a/net/caif/caif_socket.c
-+++ b/net/caif/caif_socket.c
-@@ -286,6 +286,8 @@ static int caif_seqpkt_recvmsg(struct kiocb *iocb, struct socket *sock,
- 	if (m->msg_flags&MSG_OOB)
- 		goto read_error;
- 
-+	m->msg_namelen = 0;
-+
- 	skb = skb_recv_datagram(sk, flags, 0 , &ret);
- 	if (!skb)
- 		goto read_error;
-diff --git a/net/core/dev.c b/net/core/dev.c
-index 5d9c43d..d592214 100644
---- a/net/core/dev.c
-+++ b/net/core/dev.c
-@@ -1737,6 +1737,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
- 	skb->mark = 0;
- 	secpath_reset(skb);
- 	nf_reset(skb);
-+	nf_reset_trace(skb);
- 	return netif_rx(skb);
- }
- EXPORT_SYMBOL_GPL(dev_forward_skb);
-@@ -2017,6 +2018,9 @@ static void skb_warn_bad_offload(const struct sk_buff *skb)
- 	struct net_device *dev = skb->dev;
- 	const char *driver = "";
- 
-+	if (!net_ratelimit())
-+		return;
-+
- 	if (dev && dev->dev.parent)
- 		driver = dev_driver_string(dev->dev.parent);
- 
-diff --git a/net/core/dev_addr_lists.c b/net/core/dev_addr_lists.c
-index b079c7b..7841d87 100644
---- a/net/core/dev_addr_lists.c
-+++ b/net/core/dev_addr_lists.c
-@@ -38,7 +38,7 @@ static int __hw_addr_create_ex(struct netdev_hw_addr_list *list,
- 	ha->type = addr_type;
- 	ha->refcount = 1;
- 	ha->global_use = global;
--	ha->synced = false;
-+	ha->synced = 0;
- 	list_add_tail_rcu(&ha->list, &list->list);
- 	list->count++;
- 
-@@ -166,7 +166,7 @@ int __hw_addr_sync(struct netdev_hw_addr_list *to_list,
- 					    addr_len, ha->type);
- 			if (err)
- 				break;
--			ha->synced = true;
-+			ha->synced++;
- 			ha->refcount++;
- 		} else if (ha->refcount == 1) {
- 			__hw_addr_del(to_list, ha->addr, addr_len, ha->type);
-@@ -187,7 +187,7 @@ void __hw_addr_unsync(struct netdev_hw_addr_list *to_list,
- 		if (ha->synced) {
- 			__hw_addr_del(to_list, ha->addr,
- 				      addr_len, ha->type);
--			ha->synced = false;
-+			ha->synced--;
- 			__hw_addr_del(from_list, ha->addr,
- 				      addr_len, ha->type);
- 		}
-diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
-index 6212ec9..055fb13 100644
---- a/net/core/rtnetlink.c
-+++ b/net/core/rtnetlink.c
-@@ -1068,7 +1068,7 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
- 	rcu_read_lock();
- 	cb->seq = net->dev_base_seq;
- 
--	if (nlmsg_parse(cb->nlh, sizeof(struct rtgenmsg), tb, IFLA_MAX,
-+	if (nlmsg_parse(cb->nlh, sizeof(struct ifinfomsg), tb, IFLA_MAX,
- 			ifla_policy) >= 0) {
- 
- 		if (tb[IFLA_EXT_MASK])
-@@ -1924,7 +1924,7 @@ static u16 rtnl_calcit(struct sk_buff *skb, struct nlmsghdr *nlh)
- 	u32 ext_filter_mask = 0;
- 	u16 min_ifinfo_dump_size = 0;
- 
--	if (nlmsg_parse(nlh, sizeof(struct rtgenmsg), tb, IFLA_MAX,
-+	if (nlmsg_parse(nlh, sizeof(struct ifinfomsg), tb, IFLA_MAX,
- 			ifla_policy) >= 0) {
- 		if (tb[IFLA_EXT_MASK])
- 			ext_filter_mask = nla_get_u32(tb[IFLA_EXT_MASK]);
-diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
-index 3b4f0cd..4cfe34d 100644
---- a/net/ipv4/esp4.c
-+++ b/net/ipv4/esp4.c
-@@ -139,8 +139,6 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
- 
- 	/* skb is pure payload to encrypt */
- 
--	err = -ENOMEM;
--
- 	esp = x->data;
- 	aead = esp->aead;
- 	alen = crypto_aead_authsize(aead);
-@@ -176,8 +174,10 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
- 	}
- 
- 	tmp = esp_alloc_tmp(aead, nfrags + sglists, seqhilen);
--	if (!tmp)
-+	if (!tmp) {
-+		err = -ENOMEM;
- 		goto error;
-+	}
- 
- 	seqhi = esp_tmp_seqhi(tmp);
- 	iv = esp_tmp_iv(aead, tmp, seqhilen);
-diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
-index a8fc332..0fcfee3 100644
---- a/net/ipv4/ip_fragment.c
-+++ b/net/ipv4/ip_fragment.c
-@@ -255,8 +255,7 @@ static void ip_expire(unsigned long arg)
- 		if (!head->dev)
- 			goto out_rcu_unlock;
- 
--		/* skb dst is stale, drop it, and perform route lookup again */
--		skb_dst_drop(head);
-+		/* skb has no dst, perform route lookup again */
- 		iph = ip_hdr(head);
- 		err = ip_route_input_noref(head, iph->daddr, iph->saddr,
- 					   iph->tos, head->dev);
-@@ -525,8 +524,16 @@ found:
- 		qp->q.max_size = skb->len + ihl;
- 
- 	if (qp->q.last_in == (INET_FRAG_FIRST_IN | INET_FRAG_LAST_IN) &&
--	    qp->q.meat == qp->q.len)
--		return ip_frag_reasm(qp, prev, dev);
-+	    qp->q.meat == qp->q.len) {
-+		unsigned long orefdst = skb->_skb_refdst;
-+
-+		skb->_skb_refdst = 0UL;
-+		err = ip_frag_reasm(qp, prev, dev);
-+		skb->_skb_refdst = orefdst;
-+		return err;
-+	}
-+
-+	skb_dst_drop(skb);
- 
- 	write_lock(&ip4_frags.lock);
- 	list_move_tail(&qp->q.lru_list, &qp->q.net->lru_list);
-diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c
-index b236ef0..f962f19 100644
---- a/net/ipv4/syncookies.c
-+++ b/net/ipv4/syncookies.c
-@@ -348,8 +348,8 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
- 	 * hasn't changed since we received the original syn, but I see
- 	 * no easy way to do this.
- 	 */
--	flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk),
--			   RT_SCOPE_UNIVERSE, IPPROTO_TCP,
-+	flowi4_init_output(&fl4, sk->sk_bound_dev_if, sk->sk_mark,
-+			   RT_CONN_FLAGS(sk), RT_SCOPE_UNIVERSE, IPPROTO_TCP,
- 			   inet_sk_flowi_flags(sk),
- 			   (opt && opt->srr) ? opt->faddr : ireq->rmt_addr,
- 			   ireq->loc_addr, th->source, th->dest);
-diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
-index 9841a71..b4e8b79 100644
---- a/net/ipv4/tcp_input.c
-+++ b/net/ipv4/tcp_input.c
-@@ -116,6 +116,7 @@ int sysctl_tcp_early_retrans __read_mostly = 2;
- #define FLAG_DSACKING_ACK	0x800 /* SACK blocks contained D-SACK info */
- #define FLAG_NONHEAD_RETRANS_ACKED	0x1000 /* Non-head rexmitted data was ACKed */
- #define FLAG_SACK_RENEGING	0x2000 /* snd_una advanced to a sacked seq */
-+#define FLAG_UPDATE_TS_RECENT	0x4000 /* tcp_replace_ts_recent() */
- 
- #define FLAG_ACKED		(FLAG_DATA_ACKED|FLAG_SYN_ACKED)
- #define FLAG_NOT_DUP		(FLAG_DATA|FLAG_WIN_UPDATE|FLAG_ACKED)
-@@ -3572,6 +3573,27 @@ static void tcp_send_challenge_ack(struct sock *sk)
- 	}
- }
- 
-+static void tcp_store_ts_recent(struct tcp_sock *tp)
-+{
-+	tp->rx_opt.ts_recent = tp->rx_opt.rcv_tsval;
-+	tp->rx_opt.ts_recent_stamp = get_seconds();
-+}
-+
-+static void tcp_replace_ts_recent(struct tcp_sock *tp, u32 seq)
-+{
-+	if (tp->rx_opt.saw_tstamp && !after(seq, tp->rcv_wup)) {
-+		/* PAWS bug workaround wrt. ACK frames, the PAWS discard
-+		 * extra check below makes sure this can only happen
-+		 * for pure ACK frames.  -DaveM
-+		 *
-+		 * Not only, also it occurs for expired timestamps.
-+		 */
-+
-+		if (tcp_paws_check(&tp->rx_opt, 0))
-+			tcp_store_ts_recent(tp);
-+	}
-+}
-+
- /* This routine deals with incoming acks, but not outgoing ones. */
- static int tcp_ack(struct sock *sk, const struct sk_buff *skb, int flag)
- {
-@@ -3624,6 +3646,12 @@ static int tcp_ack(struct sock *sk, const struct sk_buff *skb, int flag)
- 	prior_fackets = tp->fackets_out;
- 	prior_in_flight = tcp_packets_in_flight(tp);
- 
-+	/* ts_recent update must be made after we are sure that the packet
-+	 * is in window.
-+	 */
-+	if (flag & FLAG_UPDATE_TS_RECENT)
-+		tcp_replace_ts_recent(tp, TCP_SKB_CB(skb)->seq);
-+
- 	if (!(flag & FLAG_SLOWPATH) && after(ack, prior_snd_una)) {
- 		/* Window is constant, pure forward advance.
- 		 * No more checks are required.
-@@ -3940,27 +3968,6 @@ const u8 *tcp_parse_md5sig_option(const struct tcphdr *th)
- EXPORT_SYMBOL(tcp_parse_md5sig_option);
- #endif
- 
--static inline void tcp_store_ts_recent(struct tcp_sock *tp)
--{
--	tp->rx_opt.ts_recent = tp->rx_opt.rcv_tsval;
--	tp->rx_opt.ts_recent_stamp = get_seconds();
--}
--
--static inline void tcp_replace_ts_recent(struct tcp_sock *tp, u32 seq)
--{
--	if (tp->rx_opt.saw_tstamp && !after(seq, tp->rcv_wup)) {
--		/* PAWS bug workaround wrt. ACK frames, the PAWS discard
--		 * extra check below makes sure this can only happen
--		 * for pure ACK frames.  -DaveM
--		 *
--		 * Not only, also it occurs for expired timestamps.
--		 */
--
--		if (tcp_paws_check(&tp->rx_opt, 0))
--			tcp_store_ts_recent(tp);
--	}
--}
--
- /* Sorry, PAWS as specified is broken wrt. pure-ACKs -DaveM
-  *
-  * It is not fatal. If this ACK does _not_ change critical state (seqs, window)
-@@ -5556,14 +5563,9 @@ slow_path:
- 		return 0;
- 
- step5:
--	if (tcp_ack(sk, skb, FLAG_SLOWPATH) < 0)
-+	if (tcp_ack(sk, skb, FLAG_SLOWPATH | FLAG_UPDATE_TS_RECENT) < 0)
- 		goto discard;
- 
--	/* ts_recent update must be made after we are sure that the packet
--	 * is in window.
--	 */
--	tcp_replace_ts_recent(tp, TCP_SKB_CB(skb)->seq);
--
- 	tcp_rcv_rtt_measure_ts(sk, skb);
- 
- 	/* Process urgent data. */
-@@ -5997,7 +5999,8 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
- 
- 	/* step 5: check the ACK field */
- 	if (true) {
--		int acceptable = tcp_ack(sk, skb, FLAG_SLOWPATH) > 0;
-+		int acceptable = tcp_ack(sk, skb, FLAG_SLOWPATH |
-+						  FLAG_UPDATE_TS_RECENT) > 0;
- 
- 		switch (sk->sk_state) {
- 		case TCP_SYN_RECV:
-@@ -6148,11 +6151,6 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
- 		}
- 	}
- 
--	/* ts_recent update must be made after we are sure that the packet
--	 * is in window.
--	 */
--	tcp_replace_ts_recent(tp, TCP_SKB_CB(skb)->seq);
--
- 	/* step 6: check the URG bit */
- 	tcp_urg(sk, skb, th);
- 
-diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
-index 17d659e..a9f50ee 100644
---- a/net/ipv4/tcp_output.c
-+++ b/net/ipv4/tcp_output.c
-@@ -2388,8 +2388,12 @@ int __tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb)
- 	 */
- 	TCP_SKB_CB(skb)->when = tcp_time_stamp;
- 
--	/* make sure skb->data is aligned on arches that require it */
--	if (unlikely(NET_IP_ALIGN && ((unsigned long)skb->data & 3))) {
-+	/* make sure skb->data is aligned on arches that require it
-+	 * and check if ack-trimming & collapsing extended the headroom
-+	 * beyond what csum_start can cover.
-+	 */
-+	if (unlikely((NET_IP_ALIGN && ((unsigned long)skb->data & 3)) ||
-+		     skb_headroom(skb) >= 0xFFFF)) {
- 		struct sk_buff *nskb = __pskb_copy(skb, MAX_TCP_HEADER,
- 						   GFP_ATOMIC);
- 		return nskb ? tcp_transmit_skb(sk, nskb, 0, GFP_ATOMIC) :
-diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
-index a36d17e..e8676c2 100644
---- a/net/ipv6/addrconf.c
-+++ b/net/ipv6/addrconf.c
-@@ -2525,6 +2525,9 @@ static void sit_add_v4_addrs(struct inet6_dev *idev)
- static void init_loopback(struct net_device *dev)
- {
- 	struct inet6_dev  *idev;
-+	struct net_device *sp_dev;
-+	struct inet6_ifaddr *sp_ifa;
-+	struct rt6_info *sp_rt;
- 
- 	/* ::1 */
- 
-@@ -2536,6 +2539,30 @@ static void init_loopback(struct net_device *dev)
- 	}
- 
- 	add_addr(idev, &in6addr_loopback, 128, IFA_HOST);
-+
-+	/* Add routes to other interface's IPv6 addresses */
-+	for_each_netdev(dev_net(dev), sp_dev) {
-+		if (!strcmp(sp_dev->name, dev->name))
-+			continue;
-+
-+		idev = __in6_dev_get(sp_dev);
-+		if (!idev)
-+			continue;
-+
-+		read_lock_bh(&idev->lock);
-+		list_for_each_entry(sp_ifa, &idev->addr_list, if_list) {
-+
-+			if (sp_ifa->flags & (IFA_F_DADFAILED | IFA_F_TENTATIVE))
-+				continue;
-+
-+			sp_rt = addrconf_dst_alloc(idev, &sp_ifa->addr, 0);
-+
-+			/* Failure cases are ignored */
-+			if (!IS_ERR(sp_rt))
-+				ip6_ins_rt(sp_rt);
-+		}
-+		read_unlock_bh(&idev->lock);
-+	}
- }
- 
- static void addrconf_add_linklocal(struct inet6_dev *idev, const struct in6_addr *addr)
-diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c
-index d9ba8a2..7a610a6 100644
---- a/net/ipv6/reassembly.c
-+++ b/net/ipv6/reassembly.c
-@@ -342,8 +342,17 @@ found:
- 	}
- 
- 	if (fq->q.last_in == (INET_FRAG_FIRST_IN | INET_FRAG_LAST_IN) &&
--	    fq->q.meat == fq->q.len)
--		return ip6_frag_reasm(fq, prev, dev);
-+	    fq->q.meat == fq->q.len) {
-+		int res;
-+		unsigned long orefdst = skb->_skb_refdst;
-+
-+		skb->_skb_refdst = 0UL;
-+		res = ip6_frag_reasm(fq, prev, dev);
-+		skb->_skb_refdst = orefdst;
-+		return res;
-+	}
-+
-+	skb_dst_drop(skb);
- 
- 	write_lock(&ip6_frags.lock);
- 	list_move_tail(&fq->q.lru_list, &fq->q.net->lru_list);
-diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
-index 8d19346..89dfedd 100644
---- a/net/ipv6/tcp_ipv6.c
-+++ b/net/ipv6/tcp_ipv6.c
-@@ -386,6 +386,7 @@ static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
- 
- 		if (dst)
- 			dst->ops->redirect(dst, sk, skb);
-+		goto out;
- 	}
- 
- 	if (type == ICMPV6_PKT_TOOBIG) {
-diff --git a/net/irda/af_irda.c b/net/irda/af_irda.c
-index 4d04105..3c9bd59 100644
---- a/net/irda/af_irda.c
-+++ b/net/irda/af_irda.c
-@@ -1386,6 +1386,8 @@ static int irda_recvmsg_dgram(struct kiocb *iocb, struct socket *sock,
- 
- 	IRDA_DEBUG(4, "%s()\n", __func__);
- 
-+	msg->msg_namelen = 0;
-+
- 	skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
- 				flags & MSG_DONTWAIT, &err);
- 	if (!skb)
-diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c
-index cd6f7a9..625bc50 100644
---- a/net/iucv/af_iucv.c
-+++ b/net/iucv/af_iucv.c
-@@ -1331,6 +1331,8 @@ static int iucv_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
- 	struct sk_buff *skb, *rskb, *cskb;
- 	int err = 0;
- 
-+	msg->msg_namelen = 0;
-+
- 	if ((sk->sk_state == IUCV_DISCONN) &&
- 	    skb_queue_empty(&iucv->backlog_skb_q) &&
- 	    skb_queue_empty(&sk->sk_receive_queue) &&
-diff --git a/net/l2tp/l2tp_ip6.c b/net/l2tp/l2tp_ip6.c
-index 8ee4a86..9e1822e 100644
---- a/net/l2tp/l2tp_ip6.c
-+++ b/net/l2tp/l2tp_ip6.c
-@@ -684,6 +684,7 @@ static int l2tp_ip6_recvmsg(struct kiocb *iocb, struct sock *sk,
- 		lsa->l2tp_addr = ipv6_hdr(skb)->saddr;
- 		lsa->l2tp_flowinfo = 0;
- 		lsa->l2tp_scope_id = 0;
-+		lsa->l2tp_conn_id = 0;
- 		if (ipv6_addr_type(&lsa->l2tp_addr) & IPV6_ADDR_LINKLOCAL)
- 			lsa->l2tp_scope_id = IP6CB(skb)->iif;
- 	}
-diff --git a/net/llc/af_llc.c b/net/llc/af_llc.c
-index 8870988..48aaa89 100644
---- a/net/llc/af_llc.c
-+++ b/net/llc/af_llc.c
-@@ -720,6 +720,8 @@ static int llc_ui_recvmsg(struct kiocb *iocb, struct socket *sock,
- 	int target;	/* Read at least this many bytes */
- 	long timeo;
- 
-+	msg->msg_namelen = 0;
-+
- 	lock_sock(sk);
- 	copied = -ENOTCONN;
- 	if (unlikely(sk->sk_type == SOCK_STREAM && sk->sk_state == TCP_LISTEN))
-diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c
-index 7261eb8..14c106b 100644
---- a/net/netrom/af_netrom.c
-+++ b/net/netrom/af_netrom.c
-@@ -1177,6 +1177,7 @@ static int nr_recvmsg(struct kiocb *iocb, struct socket *sock,
- 	}
- 
- 	if (sax != NULL) {
-+		memset(sax, 0, sizeof(sax));
- 		sax->sax25_family = AF_NETROM;
- 		skb_copy_from_linear_data_offset(skb, 7, sax->sax25_call.ax25_call,
- 			      AX25_ADDR_LEN);
-diff --git a/net/nfc/llcp/sock.c b/net/nfc/llcp/sock.c
-index fea22eb..48fb1de 100644
---- a/net/nfc/llcp/sock.c
-+++ b/net/nfc/llcp/sock.c
-@@ -644,6 +644,8 @@ static int llcp_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
- 
- 	pr_debug("%p %zu\n", sk, len);
- 
-+	msg->msg_namelen = 0;
-+
- 	lock_sock(sk);
- 
- 	if (sk->sk_state == LLCP_CLOSED &&
-@@ -684,6 +686,7 @@ static int llcp_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
- 
- 		pr_debug("Datagram socket %d %d\n", ui_cb->dsap, ui_cb->ssap);
- 
-+		memset(&sockaddr, 0, sizeof(sockaddr));
- 		sockaddr.sa_family = AF_NFC;
- 		sockaddr.nfc_protocol = NFC_PROTO_NFC_DEP;
- 		sockaddr.dsap = ui_cb->dsap;
-diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c
-index c4719ce..7f645d1 100644
---- a/net/rose/af_rose.c
-+++ b/net/rose/af_rose.c
-@@ -1257,6 +1257,7 @@ static int rose_recvmsg(struct kiocb *iocb, struct socket *sock,
- 	skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
- 
- 	if (srose != NULL) {
-+		memset(srose, 0, msg->msg_namelen);
- 		srose->srose_family = AF_ROSE;
- 		srose->srose_addr   = rose->dest_addr;
- 		srose->srose_call   = rose->dest_call;
-diff --git a/net/sched/sch_cbq.c b/net/sched/sch_cbq.c
-index 0e19948..ced81a1 100644
---- a/net/sched/sch_cbq.c
-+++ b/net/sched/sch_cbq.c
-@@ -962,8 +962,11 @@ cbq_dequeue(struct Qdisc *sch)
- 		cbq_update(q);
- 		if ((incr -= incr2) < 0)
- 			incr = 0;
-+		q->now += incr;
-+	} else {
-+		if (now > q->now)
-+			q->now = now;
- 	}
--	q->now += incr;
- 	q->now_rt = now;
- 
- 	for (;;) {
-diff --git a/net/tipc/socket.c b/net/tipc/socket.c
-index 9b4e483..fc906d9 100644
---- a/net/tipc/socket.c
-+++ b/net/tipc/socket.c
-@@ -806,6 +806,7 @@ static void set_orig_addr(struct msghdr *m, struct tipc_msg *msg)
- 	if (addr) {
- 		addr->family = AF_TIPC;
- 		addr->addrtype = TIPC_ADDR_ID;
-+		memset(&addr->addr, 0, sizeof(addr->addr));
- 		addr->addr.id.ref = msg_origport(msg);
- 		addr->addr.id.node = msg_orignode(msg);
- 		addr->addr.name.domain = 0;	/* could leave uninitialized */
-@@ -920,6 +921,9 @@ static int recv_msg(struct kiocb *iocb, struct socket *sock,
- 		goto exit;
- 	}
- 
-+	/* will be updated in set_orig_addr() if needed */
-+	m->msg_namelen = 0;
-+
- 	timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
- restart:
- 
-@@ -1029,6 +1033,9 @@ static int recv_stream(struct kiocb *iocb, struct socket *sock,
- 		goto exit;
- 	}
- 
-+	/* will be updated in set_orig_addr() if needed */
-+	m->msg_namelen = 0;
-+
- 	target = sock_rcvlowat(sk, flags & MSG_WAITALL, buf_len);
- 	timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
- 
-diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
-index b45eb65..f347754 100644
---- a/net/unix/af_unix.c
-+++ b/net/unix/af_unix.c
-@@ -1995,7 +1995,7 @@ again:
- 			if ((UNIXCB(skb).pid  != siocb->scm->pid) ||
- 			    (UNIXCB(skb).cred != siocb->scm->cred))
- 				break;
--		} else {
-+		} else if (test_bit(SOCK_PASSCRED, &sock->flags)) {
- 			/* Copy credentials */
- 			scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred);
- 			check_creds = 1;
diff --git a/3.8.12/1011_linux-3.8.12.patch b/3.8.12/1011_linux-3.8.12.patch
deleted file mode 100644
index 4fb38f8..0000000
--- a/3.8.12/1011_linux-3.8.12.patch
+++ /dev/null
@@ -1,3136 +0,0 @@
-diff --git a/Makefile b/Makefile
-index 7e4eee5..902974f 100644
---- a/Makefile
-+++ b/Makefile
-@@ -1,6 +1,6 @@
- VERSION = 3
- PATCHLEVEL = 8
--SUBLEVEL = 11
-+SUBLEVEL = 12
- EXTRAVERSION =
- NAME = Displaced Humerus Anterior
- 
-diff --git a/arch/arm/boot/dts/at91sam9260.dtsi b/arch/arm/boot/dts/at91sam9260.dtsi
-index cb7bcc5..02b70a4 100644
---- a/arch/arm/boot/dts/at91sam9260.dtsi
-+++ b/arch/arm/boot/dts/at91sam9260.dtsi
-@@ -158,8 +158,8 @@
- 				usart1 {
- 					pinctrl_usart1: usart1-0 {
- 						atmel,pins =
--							<2 6 0x1 0x1	/* PB6 periph A with pullup */
--							 2 7 0x1 0x0>;	/* PB7 periph A */
-+							<1 6 0x1 0x1	/* PB6 periph A with pullup */
-+							 1 7 0x1 0x0>;	/* PB7 periph A */
- 					};
- 
- 					pinctrl_usart1_rts: usart1_rts-0 {
-@@ -194,18 +194,18 @@
- 				usart3 {
- 					pinctrl_usart3: usart3-0 {
- 						atmel,pins =
--							<2 10 0x1 0x1	/* PB10 periph A with pullup */
--							 2 11 0x1 0x0>;	/* PB11 periph A */
-+							<1 10 0x1 0x1	/* PB10 periph A with pullup */
-+							 1 11 0x1 0x0>;	/* PB11 periph A */
- 					};
- 
- 					pinctrl_usart3_rts: usart3_rts-0 {
- 						atmel,pins =
--							<3 8 0x2 0x0>;	/* PB8 periph B */
-+							<2 8 0x2 0x0>;	/* PC8 periph B */
- 					};
- 
- 					pinctrl_usart3_cts: usart3_cts-0 {
- 						atmel,pins =
--							<3 10 0x2 0x0>;	/* PB10 periph B */
-+							<2 10 0x2 0x0>;	/* PC10 periph B */
- 					};
- 				};
- 
-@@ -220,8 +220,8 @@
- 				uart1 {
- 					pinctrl_uart1: uart1-0 {
- 						atmel,pins =
--							<2 12 0x1 0x1	/* PB12 periph A with pullup */
--							 2 13 0x1 0x0>;	/* PB13 periph A */
-+							<1 12 0x1 0x1	/* PB12 periph A with pullup */
-+							 1 13 0x1 0x0>;	/* PB13 periph A */
- 					};
- 				};
- 
-diff --git a/arch/arm/boot/dts/at91sam9g15.dtsi b/arch/arm/boot/dts/at91sam9g15.dtsi
-index fbe7a70..28467fd 100644
---- a/arch/arm/boot/dts/at91sam9g15.dtsi
-+++ b/arch/arm/boot/dts/at91sam9g15.dtsi
-@@ -10,7 +10,7 @@
- 
- / {
- 	model = "Atmel AT91SAM9G15 SoC";
--	compatible = "atmel, at91sam9g15, atmel,at91sam9x5";
-+	compatible = "atmel,at91sam9g15", "atmel,at91sam9x5";
- 
- 	ahb {
- 		apb {
-diff --git a/arch/arm/boot/dts/at91sam9g15ek.dts b/arch/arm/boot/dts/at91sam9g15ek.dts
-index 86dd3f6..5427b2d 100644
---- a/arch/arm/boot/dts/at91sam9g15ek.dts
-+++ b/arch/arm/boot/dts/at91sam9g15ek.dts
-@@ -11,6 +11,6 @@
- /include/ "at91sam9x5ek.dtsi"
- 
- / {
--	model = "Atmel AT91SAM9G25-EK";
-+	model = "Atmel AT91SAM9G15-EK";
- 	compatible = "atmel,at91sam9g15ek", "atmel,at91sam9x5ek", "atmel,at91sam9x5", "atmel,at91sam9";
- };
-diff --git a/arch/arm/boot/dts/at91sam9g25.dtsi b/arch/arm/boot/dts/at91sam9g25.dtsi
-index 05a718f..5fd32df 100644
---- a/arch/arm/boot/dts/at91sam9g25.dtsi
-+++ b/arch/arm/boot/dts/at91sam9g25.dtsi
-@@ -10,7 +10,7 @@
- 
- / {
- 	model = "Atmel AT91SAM9G25 SoC";
--	compatible = "atmel, at91sam9g25, atmel,at91sam9x5";
-+	compatible = "atmel,at91sam9g25", "atmel,at91sam9x5";
- 
- 	ahb {
- 		apb {
-diff --git a/arch/arm/boot/dts/at91sam9g35.dtsi b/arch/arm/boot/dts/at91sam9g35.dtsi
-index f9d14a7..d6fa8af 100644
---- a/arch/arm/boot/dts/at91sam9g35.dtsi
-+++ b/arch/arm/boot/dts/at91sam9g35.dtsi
-@@ -10,7 +10,7 @@
- 
- / {
- 	model = "Atmel AT91SAM9G35 SoC";
--	compatible = "atmel, at91sam9g35, atmel,at91sam9x5";
-+	compatible = "atmel,at91sam9g35", "atmel,at91sam9x5";
- 
- 	ahb {
- 		apb {
-diff --git a/arch/arm/boot/dts/at91sam9x25.dtsi b/arch/arm/boot/dts/at91sam9x25.dtsi
-index 54eb33b..9ac2bc2 100644
---- a/arch/arm/boot/dts/at91sam9x25.dtsi
-+++ b/arch/arm/boot/dts/at91sam9x25.dtsi
-@@ -10,7 +10,7 @@
- 
- / {
- 	model = "Atmel AT91SAM9X25 SoC";
--	compatible = "atmel, at91sam9x25, atmel,at91sam9x5";
-+	compatible = "atmel,at91sam9x25", "atmel,at91sam9x5";
- 
- 	ahb {
- 		apb {
-diff --git a/arch/arm/boot/dts/at91sam9x35.dtsi b/arch/arm/boot/dts/at91sam9x35.dtsi
-index fb102d6..ba67d83 100644
---- a/arch/arm/boot/dts/at91sam9x35.dtsi
-+++ b/arch/arm/boot/dts/at91sam9x35.dtsi
-@@ -10,7 +10,7 @@
- 
- / {
- 	model = "Atmel AT91SAM9X35 SoC";
--	compatible = "atmel, at91sam9x35, atmel,at91sam9x5";
-+	compatible = "atmel,at91sam9x35", "atmel,at91sam9x5";
- 
- 	ahb {
- 		apb {
-diff --git a/arch/arm/boot/dts/at91sam9x5ek.dtsi b/arch/arm/boot/dts/at91sam9x5ek.dtsi
-index 8a7cf1d..ccab256 100644
---- a/arch/arm/boot/dts/at91sam9x5ek.dtsi
-+++ b/arch/arm/boot/dts/at91sam9x5ek.dtsi
-@@ -13,7 +13,7 @@
- 	compatible = "atmel,at91sam9x5ek", "atmel,at91sam9x5", "atmel,at91sam9";
- 
- 	chosen {
--		bootargs = "128M console=ttyS0,115200 root=/dev/mtdblock1 rw rootfstype=ubifs ubi.mtd=1 root=ubi0:rootfs";
-+		bootargs = "console=ttyS0,115200 root=/dev/mtdblock1 rw rootfstype=ubifs ubi.mtd=1 root=ubi0:rootfs";
- 	};
- 
- 	ahb {
-diff --git a/arch/arm/configs/at91sam9g45_defconfig b/arch/arm/configs/at91sam9g45_defconfig
-index 606d48f..8aab786 100644
---- a/arch/arm/configs/at91sam9g45_defconfig
-+++ b/arch/arm/configs/at91sam9g45_defconfig
-@@ -173,7 +173,6 @@ CONFIG_MMC=y
- # CONFIG_MMC_BLOCK_BOUNCE is not set
- CONFIG_SDIO_UART=m
- CONFIG_MMC_ATMELMCI=y
--CONFIG_MMC_ATMELMCI_DMA=y
- CONFIG_LEDS_ATMEL_PWM=y
- CONFIG_LEDS_GPIO=y
- CONFIG_LEDS_TRIGGER_TIMER=y
-diff --git a/arch/arm/include/asm/pgtable.h b/arch/arm/include/asm/pgtable.h
-index c094749..26e9ce4 100644
---- a/arch/arm/include/asm/pgtable.h
-+++ b/arch/arm/include/asm/pgtable.h
-@@ -61,6 +61,15 @@ extern void __pgd_error(const char *file, int line, pgd_t);
- #define FIRST_USER_ADDRESS	PAGE_SIZE
- 
- /*
-+ * Use TASK_SIZE as the ceiling argument for free_pgtables() and
-+ * free_pgd_range() to avoid freeing the modules pmd when LPAE is enabled (pmd
-+ * page shared between user and kernel).
-+ */
-+#ifdef CONFIG_ARM_LPAE
-+#define USER_PGTABLES_CEILING	TASK_SIZE
-+#endif
-+
-+/*
-  * The pgprot_* and protection_map entries will be fixed up in runtime
-  * to include the cachable and bufferable bits based on memory policy,
-  * as well as any architecture dependent bits like global/ASID and SMP
-diff --git a/arch/arm/mach-at91/setup.c b/arch/arm/mach-at91/setup.c
-index 4b67847..6b4608d 100644
---- a/arch/arm/mach-at91/setup.c
-+++ b/arch/arm/mach-at91/setup.c
-@@ -333,7 +333,7 @@ static void at91_dt_rstc(void)
- 
- 	of_id = of_match_node(rstc_ids, np);
- 	if (!of_id)
--		panic("AT91: rtsc no restart function availlable\n");
-+		panic("AT91: rtsc no restart function available\n");
- 
- 	arm_pm_restart = of_id->data;
- 
-diff --git a/arch/arm/mach-omap2/cpuidle34xx.c b/arch/arm/mach-omap2/cpuidle34xx.c
-index 22590db..aa20002 100644
---- a/arch/arm/mach-omap2/cpuidle34xx.c
-+++ b/arch/arm/mach-omap2/cpuidle34xx.c
-@@ -265,8 +265,9 @@ static int omap3_enter_idle_bm(struct cpuidle_device *dev,
- static DEFINE_PER_CPU(struct cpuidle_device, omap3_idle_dev);
- 
- static struct cpuidle_driver omap3_idle_driver = {
--	.name =		"omap3_idle",
--	.owner =	THIS_MODULE,
-+	.name             = "omap3_idle",
-+	.owner            = THIS_MODULE,
-+	.en_core_tk_irqen = 1,
- 	.states = {
- 		{
- 			.enter		  = omap3_enter_idle_bm,
-diff --git a/arch/arm/mach-u300/include/mach/u300-regs.h b/arch/arm/mach-u300/include/mach/u300-regs.h
-index 1e49d90..0320495 100644
---- a/arch/arm/mach-u300/include/mach/u300-regs.h
-+++ b/arch/arm/mach-u300/include/mach/u300-regs.h
-@@ -95,7 +95,7 @@
- #define U300_SPI_BASE			(U300_FAST_PER_PHYS_BASE+0x6000)
- 
- /* Fast UART1 on U335 only */
--#define U300_UART1_BASE			(U300_SLOW_PER_PHYS_BASE+0x7000)
-+#define U300_UART1_BASE			(U300_FAST_PER_PHYS_BASE+0x7000)
- 
- /*
-  * SLOW peripherals
-diff --git a/arch/avr32/configs/favr-32_defconfig b/arch/avr32/configs/favr-32_defconfig
-index 0421498..9791820 100644
---- a/arch/avr32/configs/favr-32_defconfig
-+++ b/arch/avr32/configs/favr-32_defconfig
-@@ -122,7 +122,6 @@ CONFIG_USB_G_SERIAL=m
- CONFIG_USB_CDC_COMPOSITE=m
- CONFIG_MMC=y
- CONFIG_MMC_ATMELMCI=y
--CONFIG_MMC_ATMELMCI_DMA=y
- CONFIG_NEW_LEDS=y
- CONFIG_LEDS_CLASS=y
- CONFIG_LEDS_ATMEL_PWM=m
-diff --git a/arch/avr32/configs/merisc_defconfig b/arch/avr32/configs/merisc_defconfig
-index 3befab9..65de443 100644
---- a/arch/avr32/configs/merisc_defconfig
-+++ b/arch/avr32/configs/merisc_defconfig
-@@ -102,7 +102,6 @@ CONFIG_FRAMEBUFFER_CONSOLE=y
- CONFIG_LOGO=y
- CONFIG_MMC=y
- CONFIG_MMC_ATMELMCI=y
--CONFIG_MMC_ATMELMCI_DMA=y
- CONFIG_NEW_LEDS=y
- CONFIG_LEDS_CLASS=y
- CONFIG_LEDS_ATMEL_PWM=y
-diff --git a/arch/ia64/include/asm/futex.h b/arch/ia64/include/asm/futex.h
-index d2bf1fd..76acbcd 100644
---- a/arch/ia64/include/asm/futex.h
-+++ b/arch/ia64/include/asm/futex.h
-@@ -106,16 +106,15 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,
- 		return -EFAULT;
- 
- 	{
--		register unsigned long r8 __asm ("r8");
-+		register unsigned long r8 __asm ("r8") = 0;
- 		unsigned long prev;
- 		__asm__ __volatile__(
- 			"	mf;;					\n"
--			"	mov %0=r0				\n"
- 			"	mov ar.ccv=%4;;				\n"
- 			"[1:]	cmpxchg4.acq %1=[%2],%3,ar.ccv		\n"
- 			"	.xdata4 \"__ex_table\", 1b-., 2f-.	\n"
- 			"[2:]"
--			: "=r" (r8), "=r" (prev)
-+			: "+r" (r8), "=&r" (prev)
- 			: "r" (uaddr), "r" (newval),
- 			  "rO" ((long) (unsigned) oldval)
- 			: "memory");
-diff --git a/arch/ia64/include/asm/mca.h b/arch/ia64/include/asm/mca.h
-index 43f96ab..8c70961 100644
---- a/arch/ia64/include/asm/mca.h
-+++ b/arch/ia64/include/asm/mca.h
-@@ -143,6 +143,7 @@ extern unsigned long __per_cpu_mca[NR_CPUS];
- extern int cpe_vector;
- extern int ia64_cpe_irq;
- extern void ia64_mca_init(void);
-+extern void ia64_mca_irq_init(void);
- extern void ia64_mca_cpu_init(void *);
- extern void ia64_os_mca_dispatch(void);
- extern void ia64_os_mca_dispatch_end(void);
-diff --git a/arch/ia64/kernel/irq.c b/arch/ia64/kernel/irq.c
-index ad69606..f2c41828 100644
---- a/arch/ia64/kernel/irq.c
-+++ b/arch/ia64/kernel/irq.c
-@@ -23,6 +23,8 @@
- #include <linux/interrupt.h>
- #include <linux/kernel_stat.h>
- 
-+#include <asm/mca.h>
-+
- /*
-  * 'what should we do if we get a hw irq event on an illegal vector'.
-  * each architecture has to answer this themselves.
-@@ -83,6 +85,12 @@ bool is_affinity_mask_valid(const struct cpumask *cpumask)
- 
- #endif /* CONFIG_SMP */
- 
-+int __init arch_early_irq_init(void)
-+{
-+	ia64_mca_irq_init();
-+	return 0;
-+}
-+
- #ifdef CONFIG_HOTPLUG_CPU
- unsigned int vectors_in_migration[NR_IRQS];
- 
-diff --git a/arch/ia64/kernel/mca.c b/arch/ia64/kernel/mca.c
-index 65bf9cd..d7396db 100644
---- a/arch/ia64/kernel/mca.c
-+++ b/arch/ia64/kernel/mca.c
-@@ -2074,22 +2074,16 @@ ia64_mca_init(void)
- 	printk(KERN_INFO "MCA related initialization done\n");
- }
- 
-+
- /*
-- * ia64_mca_late_init
-- *
-- *	Opportunity to setup things that require initialization later
-- *	than ia64_mca_init.  Setup a timer to poll for CPEs if the
-- *	platform doesn't support an interrupt driven mechanism.
-- *
-- *  Inputs  :   None
-- *  Outputs :   Status
-+ * These pieces cannot be done in ia64_mca_init() because it is called before
-+ * early_irq_init() which would wipe out our percpu irq registrations. But we
-+ * cannot leave them until ia64_mca_late_init() because by then all the other
-+ * processors have been brought online and have set their own CMC vectors to
-+ * point at a non-existant action. Called from arch_early_irq_init().
-  */
--static int __init
--ia64_mca_late_init(void)
-+void __init ia64_mca_irq_init(void)
- {
--	if (!mca_init)
--		return 0;
--
- 	/*
- 	 *  Configure the CMCI/P vector and handler. Interrupts for CMC are
- 	 *  per-processor, so AP CMC interrupts are setup in smp_callin() (smpboot.c).
-@@ -2108,6 +2102,23 @@ ia64_mca_late_init(void)
- 	/* Setup the CPEI/P handler */
- 	register_percpu_irq(IA64_CPEP_VECTOR, &mca_cpep_irqaction);
- #endif
-+}
-+
-+/*
-+ * ia64_mca_late_init
-+ *
-+ *	Opportunity to setup things that require initialization later
-+ *	than ia64_mca_init.  Setup a timer to poll for CPEs if the
-+ *	platform doesn't support an interrupt driven mechanism.
-+ *
-+ *  Inputs  :   None
-+ *  Outputs :   Status
-+ */
-+static int __init
-+ia64_mca_late_init(void)
-+{
-+	if (!mca_init)
-+		return 0;
- 
- 	register_hotcpu_notifier(&mca_cpu_notifier);
- 
-diff --git a/arch/ia64/kvm/vtlb.c b/arch/ia64/kvm/vtlb.c
-index 4332f7e..a7869f8 100644
---- a/arch/ia64/kvm/vtlb.c
-+++ b/arch/ia64/kvm/vtlb.c
-@@ -256,7 +256,7 @@ u64 guest_vhpt_lookup(u64 iha, u64 *pte)
- 			"srlz.d;;"
- 			"ssm psr.i;;"
- 			"srlz.d;;"
--			: "=r"(ret) : "r"(iha), "r"(pte):"memory");
-+			: "=&r"(ret) : "r"(iha), "r"(pte) : "memory");
- 
- 	return ret;
- }
-diff --git a/arch/powerpc/kernel/cpu_setup_power.S b/arch/powerpc/kernel/cpu_setup_power.S
-index 57cf140..0c0fc7b 100644
---- a/arch/powerpc/kernel/cpu_setup_power.S
-+++ b/arch/powerpc/kernel/cpu_setup_power.S
-@@ -64,6 +64,7 @@ _GLOBAL(__restore_cpu_power8)
- 	mflr	r11
- 	mfmsr	r3
- 	rldicl.	r0,r3,4,63
-+	mtlr	r11
- 	beqlr
- 	li	r0,0
- 	mtspr	SPRN_LPID,r0
-diff --git a/arch/powerpc/kernel/exceptions-64s.S b/arch/powerpc/kernel/exceptions-64s.S
-index 3684cbd..bb11075 100644
---- a/arch/powerpc/kernel/exceptions-64s.S
-+++ b/arch/powerpc/kernel/exceptions-64s.S
-@@ -740,7 +740,7 @@ hardware_interrupt_relon_hv:
- 		_MASKABLE_RELON_EXCEPTION_PSERIES(0x502, hardware_interrupt, EXC_HV, SOFTEN_TEST_HV)
- 	FTR_SECTION_ELSE
- 		_MASKABLE_RELON_EXCEPTION_PSERIES(0x500, hardware_interrupt, EXC_STD, SOFTEN_TEST_PR)
--	ALT_FTR_SECTION_END_IFSET(CPU_FTR_ARCH_206)
-+	ALT_FTR_SECTION_END_IFSET(CPU_FTR_HVMODE)
- 	STD_RELON_EXCEPTION_PSERIES(0x4600, 0x600, alignment)
- 	STD_RELON_EXCEPTION_PSERIES(0x4700, 0x700, program_check)
- 	STD_RELON_EXCEPTION_PSERIES(0x4800, 0x800, fp_unavailable)
-diff --git a/arch/powerpc/kernel/head_64.S b/arch/powerpc/kernel/head_64.S
-index 116f086..1a63feb 100644
---- a/arch/powerpc/kernel/head_64.S
-+++ b/arch/powerpc/kernel/head_64.S
-@@ -490,6 +490,7 @@ _GLOBAL(copy_and_flush)
- 	sync
- 	addi	r5,r5,8
- 	addi	r6,r6,8
-+	isync
- 	blr
- 
- .align 8
-diff --git a/arch/powerpc/platforms/cell/spufs/inode.c b/arch/powerpc/platforms/cell/spufs/inode.c
-index dba1ce2..506dc9f 100644
---- a/arch/powerpc/platforms/cell/spufs/inode.c
-+++ b/arch/powerpc/platforms/cell/spufs/inode.c
-@@ -99,6 +99,7 @@ spufs_new_inode(struct super_block *sb, umode_t mode)
- 	if (!inode)
- 		goto out;
- 
-+	inode->i_ino = get_next_ino();
- 	inode->i_mode = mode;
- 	inode->i_uid = current_fsuid();
- 	inode->i_gid = current_fsgid();
-diff --git a/arch/x86/crypto/crc32c-pcl-intel-asm_64.S b/arch/x86/crypto/crc32c-pcl-intel-asm_64.S
-index 93c6d39..b0f7d39 100644
---- a/arch/x86/crypto/crc32c-pcl-intel-asm_64.S
-+++ b/arch/x86/crypto/crc32c-pcl-intel-asm_64.S
-@@ -42,6 +42,8 @@
-  * SOFTWARE.
-  */
- 
-+#include <asm/inst.h>
-+
- ## ISCSI CRC 32 Implementation with crc32 and pclmulqdq Instruction
- 
- .macro LABEL prefix n
-@@ -224,10 +226,10 @@ LABEL crc_ %i
- 	movdqa  (bufp), %xmm0			# 2 consts: K1:K2
- 
- 	movq    crc_init, %xmm1			# CRC for block 1
--	pclmulqdq $0x00,%xmm0,%xmm1		# Multiply by K2
-+	PCLMULQDQ 0x00,%xmm0,%xmm1		# Multiply by K2
- 
- 	movq    crc1, %xmm2			# CRC for block 2
--	pclmulqdq $0x10, %xmm0, %xmm2		# Multiply by K1
-+	PCLMULQDQ 0x10, %xmm0, %xmm2		# Multiply by K1
- 
- 	pxor    %xmm2,%xmm1
- 	movq    %xmm1, %rax
-diff --git a/arch/x86/kernel/irq.c b/arch/x86/kernel/irq.c
-index e4595f1..84b7789 100644
---- a/arch/x86/kernel/irq.c
-+++ b/arch/x86/kernel/irq.c
-@@ -165,10 +165,6 @@ u64 arch_irq_stat_cpu(unsigned int cpu)
- u64 arch_irq_stat(void)
- {
- 	u64 sum = atomic_read(&irq_err_count);
--
--#ifdef CONFIG_X86_IO_APIC
--	sum += atomic_read(&irq_mis_count);
--#endif
- 	return sum;
- }
- 
-diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
-index a27e763..d330b3c 100644
---- a/arch/x86/kvm/emulate.c
-+++ b/arch/x86/kvm/emulate.c
-@@ -4030,6 +4030,10 @@ static int decode_operand(struct x86_emulate_ctxt *ctxt, struct operand *op,
- 		break;
- 	case OpMem8:
- 		ctxt->memop.bytes = 1;
-+		if (ctxt->memop.type == OP_REG) {
-+			ctxt->memop.addr.reg = decode_register(ctxt, ctxt->modrm_rm, 1);
-+			fetch_register_operand(&ctxt->memop);
-+		}
- 		goto mem_common;
- 	case OpMem16:
- 		ctxt->memop.bytes = 2;
-diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
-index 2262003..08c6511 100644
---- a/arch/x86/xen/enlighten.c
-+++ b/arch/x86/xen/enlighten.c
-@@ -1589,8 +1589,11 @@ static int __cpuinit xen_hvm_cpu_notify(struct notifier_block *self,
- 	switch (action) {
- 	case CPU_UP_PREPARE:
- 		xen_vcpu_setup(cpu);
--		if (xen_have_vector_callback)
-+		if (xen_have_vector_callback) {
- 			xen_init_lock_cpu(cpu);
-+			if (xen_feature(XENFEAT_hvm_safe_pvclock))
-+				xen_setup_timer(cpu);
-+		}
- 		break;
- 	default:
- 		break;
-diff --git a/arch/x86/xen/smp.c b/arch/x86/xen/smp.c
-index 34bc4ce..48d7b2c 100644
---- a/arch/x86/xen/smp.c
-+++ b/arch/x86/xen/smp.c
-@@ -658,6 +658,8 @@ static void xen_hvm_cpu_die(unsigned int cpu)
- 	unbind_from_irqhandler(per_cpu(xen_debug_irq, cpu), NULL);
- 	unbind_from_irqhandler(per_cpu(xen_callfuncsingle_irq, cpu), NULL);
- 	unbind_from_irqhandler(per_cpu(xen_irq_work, cpu), NULL);
-+	xen_uninit_lock_cpu(cpu);
-+	xen_teardown_timer(cpu);
- 	native_cpu_die(cpu);
- }
- 
-diff --git a/arch/x86/xen/time.c b/arch/x86/xen/time.c
-index 0296a95..054cc01 100644
---- a/arch/x86/xen/time.c
-+++ b/arch/x86/xen/time.c
-@@ -497,7 +497,11 @@ static void xen_hvm_setup_cpu_clockevents(void)
- {
- 	int cpu = smp_processor_id();
- 	xen_setup_runstate_info(cpu);
--	xen_setup_timer(cpu);
-+	/*
-+	 * xen_setup_timer(cpu) - snprintf is bad in atomic context. Hence
-+	 * doing it xen_hvm_cpu_notify (which gets called by smp_init during
-+	 * early bootup and also during CPU hotplug events).
-+	 */
- 	xen_setup_cpu_clockevents();
- }
- 
-diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c
-index bd22f86..2999966 100644
---- a/drivers/acpi/osl.c
-+++ b/drivers/acpi/osl.c
-@@ -642,7 +642,7 @@ void __init acpi_initrd_override(void *data, size_t size)
- 	 * Both memblock_reserve and e820_add_region (via arch_reserve_mem_area)
- 	 * works fine.
- 	 */
--	memblock_reserve(acpi_tables_addr, acpi_tables_addr + all_tables_size);
-+	memblock_reserve(acpi_tables_addr, all_tables_size);
- 	arch_reserve_mem_area(acpi_tables_addr, all_tables_size);
- 
- 	p = early_ioremap(acpi_tables_addr, all_tables_size);
-diff --git a/drivers/acpi/pci_root.c b/drivers/acpi/pci_root.c
-index eb73798..77c9a92 100644
---- a/drivers/acpi/pci_root.c
-+++ b/drivers/acpi/pci_root.c
-@@ -240,8 +240,8 @@ static acpi_status acpi_pci_query_osc(struct acpi_pci_root *root,
- 		*control &= OSC_PCI_CONTROL_MASKS;
- 		capbuf[OSC_CONTROL_TYPE] = *control | root->osc_control_set;
- 	} else {
--		/* Run _OSC query for all possible controls. */
--		capbuf[OSC_CONTROL_TYPE] = OSC_PCI_CONTROL_MASKS;
-+		/* Run _OSC query only with existing controls. */
-+		capbuf[OSC_CONTROL_TYPE] = root->osc_control_set;
- 	}
- 
- 	status = acpi_pci_run_osc(root->device->handle, capbuf, &result);
-diff --git a/drivers/acpi/thermal.c b/drivers/acpi/thermal.c
-index 506fbd4..25246e8 100644
---- a/drivers/acpi/thermal.c
-+++ b/drivers/acpi/thermal.c
-@@ -719,9 +719,19 @@ static int thermal_get_trend(struct thermal_zone_device *thermal,
- 		return -EINVAL;
- 
- 	if (type == THERMAL_TRIP_ACTIVE) {
--		/* aggressive active cooling */
--		*trend = THERMAL_TREND_RAISING;
--		return 0;
-+		unsigned long trip_temp;
-+		unsigned long temp = KELVIN_TO_MILLICELSIUS(tz->temperature,
-+							tz->kelvin_offset);
-+		if (thermal_get_trip_temp(thermal, trip, &trip_temp))
-+			return -EINVAL;
-+
-+		if (temp > trip_temp) {
-+			*trend = THERMAL_TREND_RAISING;
-+			return 0;
-+		} else {
-+			/* Fall back on default trend */
-+			return -EINVAL;
-+		}
- 	}
- 
- 	/*
-diff --git a/drivers/ata/libata-acpi.c b/drivers/ata/libata-acpi.c
-index ef01ac0..cc8aa9e 100644
---- a/drivers/ata/libata-acpi.c
-+++ b/drivers/ata/libata-acpi.c
-@@ -60,7 +60,8 @@ acpi_handle ata_ap_acpi_handle(struct ata_port *ap)
- 	if (ap->flags & ATA_FLAG_ACPI_SATA)
- 		return NULL;
- 
--	return acpi_get_child(DEVICE_ACPI_HANDLE(ap->host->dev), ap->port_no);
-+	return ap->scsi_host ?
-+		DEVICE_ACPI_HANDLE(&ap->scsi_host->shost_gendev) : NULL;
- }
- EXPORT_SYMBOL(ata_ap_acpi_handle);
- 
-@@ -239,28 +240,15 @@ void ata_acpi_dissociate(struct ata_host *host)
- 	}
- }
- 
--/**
-- * ata_acpi_gtm - execute _GTM
-- * @ap: target ATA port
-- * @gtm: out parameter for _GTM result
-- *
-- * Evaluate _GTM and store the result in @gtm.
-- *
-- * LOCKING:
-- * EH context.
-- *
-- * RETURNS:
-- * 0 on success, -ENOENT if _GTM doesn't exist, -errno on failure.
-- */
--int ata_acpi_gtm(struct ata_port *ap, struct ata_acpi_gtm *gtm)
-+static int __ata_acpi_gtm(struct ata_port *ap, acpi_handle handle,
-+			  struct ata_acpi_gtm *gtm)
- {
- 	struct acpi_buffer output = { .length = ACPI_ALLOCATE_BUFFER };
- 	union acpi_object *out_obj;
- 	acpi_status status;
- 	int rc = 0;
- 
--	status = acpi_evaluate_object(ata_ap_acpi_handle(ap), "_GTM", NULL,
--				      &output);
-+	status = acpi_evaluate_object(handle, "_GTM", NULL, &output);
- 
- 	rc = -ENOENT;
- 	if (status == AE_NOT_FOUND)
-@@ -294,6 +282,27 @@ int ata_acpi_gtm(struct ata_port *ap, struct ata_acpi_gtm *gtm)
- 	return rc;
- }
- 
-+/**
-+ * ata_acpi_gtm - execute _GTM
-+ * @ap: target ATA port
-+ * @gtm: out parameter for _GTM result
-+ *
-+ * Evaluate _GTM and store the result in @gtm.
-+ *
-+ * LOCKING:
-+ * EH context.
-+ *
-+ * RETURNS:
-+ * 0 on success, -ENOENT if _GTM doesn't exist, -errno on failure.
-+ */
-+int ata_acpi_gtm(struct ata_port *ap, struct ata_acpi_gtm *gtm)
-+{
-+	if (ata_ap_acpi_handle(ap))
-+		return __ata_acpi_gtm(ap, ata_ap_acpi_handle(ap), gtm);
-+	else
-+		return -EINVAL;
-+}
-+
- EXPORT_SYMBOL_GPL(ata_acpi_gtm);
- 
- /**
-@@ -1095,7 +1104,7 @@ static int ata_acpi_bind_host(struct ata_port *ap, acpi_handle *handle)
- 	if (!*handle)
- 		return -ENODEV;
- 
--	if (ata_acpi_gtm(ap, &ap->__acpi_init_gtm) == 0)
-+	if (__ata_acpi_gtm(ap, *handle, &ap->__acpi_init_gtm) == 0)
- 		ap->pflags |= ATA_PFLAG_INIT_GTM_VALID;
- 
- 	return 0;
-diff --git a/drivers/ata/sata_highbank.c b/drivers/ata/sata_highbank.c
-index 5dba77c..b1a664a 100644
---- a/drivers/ata/sata_highbank.c
-+++ b/drivers/ata/sata_highbank.c
-@@ -251,7 +251,7 @@ static const struct ata_port_info ahci_highbank_port_info = {
- };
- 
- static struct scsi_host_template ahci_highbank_platform_sht = {
--	AHCI_SHT("highbank-ahci"),
-+	AHCI_SHT("sata_highbank"),
- };
- 
- static const struct of_device_id ahci_of_match[] = {
-diff --git a/drivers/char/tpm/tpm.c b/drivers/char/tpm/tpm.c
-index 93211df..ba780b7 100644
---- a/drivers/char/tpm/tpm.c
-+++ b/drivers/char/tpm/tpm.c
-@@ -1291,7 +1291,7 @@ int tpm_pm_suspend(struct device *dev)
- {
- 	struct tpm_chip *chip = dev_get_drvdata(dev);
- 	struct tpm_cmd_t cmd;
--	int rc;
-+	int rc, try;
- 
- 	u8 dummy_hash[TPM_DIGEST_SIZE] = { 0 };
- 
-@@ -1309,9 +1309,32 @@ int tpm_pm_suspend(struct device *dev)
- 	}
- 
- 	/* now do the actual savestate */
--	cmd.header.in = savestate_header;
--	rc = transmit_cmd(chip, &cmd, SAVESTATE_RESULT_SIZE,
--			  "sending savestate before suspend");
-+	for (try = 0; try < TPM_RETRY; try++) {
-+		cmd.header.in = savestate_header;
-+		rc = transmit_cmd(chip, &cmd, SAVESTATE_RESULT_SIZE, NULL);
-+
-+		/*
-+		 * If the TPM indicates that it is too busy to respond to
-+		 * this command then retry before giving up.  It can take
-+		 * several seconds for this TPM to be ready.
-+		 *
-+		 * This can happen if the TPM has already been sent the
-+		 * SaveState command before the driver has loaded.  TCG 1.2
-+		 * specification states that any communication after SaveState
-+		 * may cause the TPM to invalidate previously saved state.
-+		 */
-+		if (rc != TPM_WARN_RETRY)
-+			break;
-+		msleep(TPM_TIMEOUT_RETRY);
-+	}
-+
-+	if (rc)
-+		dev_err(chip->dev,
-+			"Error (%d) sending savestate before suspend\n", rc);
-+	else if (try > 0)
-+		dev_warn(chip->dev, "TPM savestate took %dms\n",
-+			 try * TPM_TIMEOUT_RETRY);
-+
- 	return rc;
- }
- EXPORT_SYMBOL_GPL(tpm_pm_suspend);
-diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
-index 8ef7649..9c12a52 100644
---- a/drivers/char/tpm/tpm.h
-+++ b/drivers/char/tpm/tpm.h
-@@ -32,10 +32,12 @@ enum tpm_const {
- 	TPM_MINOR = 224,	/* officially assigned */
- 	TPM_BUFSIZE = 4096,
- 	TPM_NUM_DEVICES = 256,
-+	TPM_RETRY = 50,		/* 5 seconds */
- };
- 
- enum tpm_timeout {
- 	TPM_TIMEOUT = 5,	/* msecs */
-+	TPM_TIMEOUT_RETRY = 100 /* msecs */
- };
- 
- /* TPM addresses */
-@@ -44,6 +46,7 @@ enum tpm_addr {
- 	TPM_ADDR = 0x4E,
- };
- 
-+#define TPM_WARN_RETRY          0x800
- #define TPM_WARN_DOING_SELFTEST 0x802
- #define TPM_ERR_DEACTIVATED     0x6
- #define TPM_ERR_DISABLED        0x7
-diff --git a/drivers/i2c/busses/i2c-xiic.c b/drivers/i2c/busses/i2c-xiic.c
-index f042f6d..fd7d66d 100644
---- a/drivers/i2c/busses/i2c-xiic.c
-+++ b/drivers/i2c/busses/i2c-xiic.c
-@@ -312,10 +312,8 @@ static void xiic_fill_tx_fifo(struct xiic_i2c *i2c)
- 			/* last message in transfer -> STOP */
- 			data |= XIIC_TX_DYN_STOP_MASK;
- 			dev_dbg(i2c->adap.dev.parent, "%s TX STOP\n", __func__);
--
--			xiic_setreg16(i2c, XIIC_DTR_REG_OFFSET, data);
--		} else
--			xiic_setreg8(i2c, XIIC_DTR_REG_OFFSET, data);
-+		}
-+		xiic_setreg16(i2c, XIIC_DTR_REG_OFFSET, data);
- 	}
- }
- 
-diff --git a/drivers/md/md.c b/drivers/md/md.c
-index f363135..0411bde 100644
---- a/drivers/md/md.c
-+++ b/drivers/md/md.c
-@@ -1564,8 +1564,8 @@ static int super_1_load(struct md_rdev *rdev, struct md_rdev *refdev, int minor_
- 					     sector, count, 1) == 0)
- 				return -EINVAL;
- 		}
--	} else if (sb->bblog_offset == 0)
--		rdev->badblocks.shift = -1;
-+	} else if (sb->bblog_offset != 0)
-+		rdev->badblocks.shift = 0;
- 
- 	if (!refdev) {
- 		ret = 1;
-@@ -3221,7 +3221,7 @@ int md_rdev_init(struct md_rdev *rdev)
- 	 * be used - I wonder if that matters
- 	 */
- 	rdev->badblocks.count = 0;
--	rdev->badblocks.shift = 0;
-+	rdev->badblocks.shift = -1; /* disabled until explicitly enabled */
- 	rdev->badblocks.page = kmalloc(PAGE_SIZE, GFP_KERNEL);
- 	seqlock_init(&rdev->badblocks.lock);
- 	if (rdev->badblocks.page == NULL)
-@@ -3293,9 +3293,6 @@ static struct md_rdev *md_import_device(dev_t newdev, int super_format, int supe
- 			goto abort_free;
- 		}
- 	}
--	if (super_format == -1)
--		/* hot-add for 0.90, or non-persistent: so no badblocks */
--		rdev->badblocks.shift = -1;
- 
- 	return rdev;
- 
-diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c
-index fd86b37..6af167f 100644
---- a/drivers/md/raid1.c
-+++ b/drivers/md/raid1.c
-@@ -981,7 +981,12 @@ static void raid1_unplug(struct blk_plug_cb *cb, bool from_schedule)
- 	while (bio) { /* submit pending writes */
- 		struct bio *next = bio->bi_next;
- 		bio->bi_next = NULL;
--		generic_make_request(bio);
-+		if (unlikely((bio->bi_rw & REQ_DISCARD) &&
-+		    !blk_queue_discard(bdev_get_queue(bio->bi_bdev))))
-+			/* Just ignore it */
-+			bio_endio(bio, 0);
-+		else
-+			generic_make_request(bio);
- 		bio = next;
- 	}
- 	kfree(plug);
-diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
-index b3898d4..61ab219 100644
---- a/drivers/md/raid10.c
-+++ b/drivers/md/raid10.c
-@@ -1087,7 +1087,12 @@ static void raid10_unplug(struct blk_plug_cb *cb, bool from_schedule)
- 	while (bio) { /* submit pending writes */
- 		struct bio *next = bio->bi_next;
- 		bio->bi_next = NULL;
--		generic_make_request(bio);
-+		if (unlikely((bio->bi_rw & REQ_DISCARD) &&
-+		    !blk_queue_discard(bdev_get_queue(bio->bi_bdev))))
-+			/* Just ignore it */
-+			bio_endio(bio, 0);
-+		else
-+			generic_make_request(bio);
- 		bio = next;
- 	}
- 	kfree(plug);
-diff --git a/drivers/mfd/adp5520.c b/drivers/mfd/adp5520.c
-index 210dd03..6b40e0c 100644
---- a/drivers/mfd/adp5520.c
-+++ b/drivers/mfd/adp5520.c
-@@ -36,6 +36,7 @@ struct adp5520_chip {
- 	struct blocking_notifier_head notifier_list;
- 	int irq;
- 	unsigned long id;
-+	uint8_t mode;
- };
- 
- static int __adp5520_read(struct i2c_client *client,
-@@ -326,7 +327,10 @@ static int adp5520_suspend(struct device *dev)
- 	struct i2c_client *client = to_i2c_client(dev);
- 	struct adp5520_chip *chip = dev_get_drvdata(&client->dev);
- 
--	adp5520_clr_bits(chip->dev, ADP5520_MODE_STATUS, ADP5520_nSTNBY);
-+	adp5520_read(chip->dev, ADP5520_MODE_STATUS, &chip->mode);
-+	/* All other bits are W1C */
-+	chip->mode &= ADP5520_BL_EN | ADP5520_DIM_EN | ADP5520_nSTNBY;
-+	adp5520_write(chip->dev, ADP5520_MODE_STATUS, 0);
- 	return 0;
- }
- 
-@@ -335,7 +339,7 @@ static int adp5520_resume(struct device *dev)
- 	struct i2c_client *client = to_i2c_client(dev);
- 	struct adp5520_chip *chip = dev_get_drvdata(&client->dev);
- 
--	adp5520_set_bits(chip->dev, ADP5520_MODE_STATUS, ADP5520_nSTNBY);
-+	adp5520_write(chip->dev, ADP5520_MODE_STATUS, chip->mode);
- 	return 0;
- }
- #endif
-diff --git a/drivers/mmc/core/mmc.c b/drivers/mmc/core/mmc.c
-index 089e8ea..2743b7d 100644
---- a/drivers/mmc/core/mmc.c
-+++ b/drivers/mmc/core/mmc.c
-@@ -368,13 +368,13 @@ static int mmc_read_ext_csd(struct mmc_card *card, u8 *ext_csd)
- 		ext_csd[EXT_CSD_SEC_FEATURE_SUPPORT];
- 	card->ext_csd.raw_trim_mult =
- 		ext_csd[EXT_CSD_TRIM_MULT];
-+	card->ext_csd.raw_partition_support = ext_csd[EXT_CSD_PARTITION_SUPPORT];
- 	if (card->ext_csd.rev >= 4) {
- 		/*
- 		 * Enhanced area feature support -- check whether the eMMC
- 		 * card has the Enhanced area enabled.  If so, export enhanced
- 		 * area offset and size to user by adding sysfs interface.
- 		 */
--		card->ext_csd.raw_partition_support = ext_csd[EXT_CSD_PARTITION_SUPPORT];
- 		if ((ext_csd[EXT_CSD_PARTITION_SUPPORT] & 0x2) &&
- 		    (ext_csd[EXT_CSD_PARTITION_ATTRIBUTE] & 0x1)) {
- 			hc_erase_grp_sz =
-diff --git a/drivers/mmc/host/Kconfig b/drivers/mmc/host/Kconfig
-index 8d13c65..009dabd 100644
---- a/drivers/mmc/host/Kconfig
-+++ b/drivers/mmc/host/Kconfig
-@@ -292,16 +292,6 @@ config MMC_ATMELMCI
- 
- 	  If unsure, say N.
- 
--config MMC_ATMELMCI_DMA
--	bool "Atmel MCI DMA support"
--	depends on MMC_ATMELMCI && (AVR32 || ARCH_AT91SAM9G45) && DMA_ENGINE
--	help
--	  Say Y here to have the Atmel MCI driver use a DMA engine to
--	  do data transfers and thus increase the throughput and
--	  reduce the CPU utilization.
--
--	  If unsure, say N.
--
- config MMC_MSM
- 	tristate "Qualcomm SDCC Controller Support"
- 	depends on MMC && ARCH_MSM
-diff --git a/drivers/mmc/host/atmel-mci.c b/drivers/mmc/host/atmel-mci.c
-index 722af1d..e75774f 100644
---- a/drivers/mmc/host/atmel-mci.c
-+++ b/drivers/mmc/host/atmel-mci.c
-@@ -178,6 +178,7 @@ struct atmel_mci {
- 	void __iomem		*regs;
- 
- 	struct scatterlist	*sg;
-+	unsigned int		sg_len;
- 	unsigned int		pio_offset;
- 	unsigned int		*buffer;
- 	unsigned int		buf_size;
-@@ -892,6 +893,7 @@ static u32 atmci_prepare_data(struct atmel_mci *host, struct mmc_data *data)
- 	data->error = -EINPROGRESS;
- 
- 	host->sg = data->sg;
-+	host->sg_len = data->sg_len;
- 	host->data = data;
- 	host->data_chan = NULL;
- 
-@@ -1826,7 +1828,8 @@ static void atmci_read_data_pio(struct atmel_mci *host)
- 			if (offset == sg->length) {
- 				flush_dcache_page(sg_page(sg));
- 				host->sg = sg = sg_next(sg);
--				if (!sg)
-+				host->sg_len--;
-+				if (!sg || !host->sg_len)
- 					goto done;
- 
- 				offset = 0;
-@@ -1839,7 +1842,8 @@ static void atmci_read_data_pio(struct atmel_mci *host)
- 
- 			flush_dcache_page(sg_page(sg));
- 			host->sg = sg = sg_next(sg);
--			if (!sg)
-+			host->sg_len--;
-+			if (!sg || !host->sg_len)
- 				goto done;
- 
- 			offset = 4 - remaining;
-@@ -1890,7 +1894,8 @@ static void atmci_write_data_pio(struct atmel_mci *host)
- 			nbytes += 4;
- 			if (offset == sg->length) {
- 				host->sg = sg = sg_next(sg);
--				if (!sg)
-+				host->sg_len--;
-+				if (!sg || !host->sg_len)
- 					goto done;
- 
- 				offset = 0;
-@@ -1904,7 +1909,8 @@ static void atmci_write_data_pio(struct atmel_mci *host)
- 			nbytes += remaining;
- 
- 			host->sg = sg = sg_next(sg);
--			if (!sg) {
-+			host->sg_len--;
-+			if (!sg || !host->sg_len) {
- 				atmci_writel(host, ATMCI_TDR, value);
- 				goto done;
- 			}
-@@ -2487,10 +2493,8 @@ static int __exit atmci_remove(struct platform_device *pdev)
- 	atmci_readl(host, ATMCI_SR);
- 	clk_disable(host->mck);
- 
--#ifdef CONFIG_MMC_ATMELMCI_DMA
- 	if (host->dma.chan)
- 		dma_release_channel(host->dma.chan);
--#endif
- 
- 	free_irq(platform_get_irq(pdev, 0), host);
- 	iounmap(host->regs);
-diff --git a/drivers/net/ethernet/freescale/gianfar_ptp.c b/drivers/net/ethernet/freescale/gianfar_ptp.c
-index 2e5daee..a3f8a25 100644
---- a/drivers/net/ethernet/freescale/gianfar_ptp.c
-+++ b/drivers/net/ethernet/freescale/gianfar_ptp.c
-@@ -127,7 +127,6 @@ struct gianfar_ptp_registers {
- 
- #define DRIVER		"gianfar_ptp"
- #define DEFAULT_CKSEL	1
--#define N_ALARM		1 /* first alarm is used internally to reset fipers */
- #define N_EXT_TS	2
- #define REG_SIZE	sizeof(struct gianfar_ptp_registers)
- 
-@@ -410,7 +409,7 @@ static struct ptp_clock_info ptp_gianfar_caps = {
- 	.owner		= THIS_MODULE,
- 	.name		= "gianfar clock",
- 	.max_adj	= 512000,
--	.n_alarm	= N_ALARM,
-+	.n_alarm	= 0,
- 	.n_ext_ts	= N_EXT_TS,
- 	.n_per_out	= 0,
- 	.pps		= 1,
-diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
-index 0d03d38..911956e 100644
---- a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
-+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
-@@ -2407,6 +2407,16 @@ static irqreturn_t ixgbe_msix_other(int irq, void *data)
- 	 * with the write to EICR.
- 	 */
- 	eicr = IXGBE_READ_REG(hw, IXGBE_EICS);
-+
-+	/* The lower 16bits of the EICR register are for the queue interrupts
-+	 * which should be masked here in order to not accidently clear them if
-+	 * the bits are high when ixgbe_msix_other is called. There is a race
-+	 * condition otherwise which results in possible performance loss
-+	 * especially if the ixgbe_msix_other interrupt is triggering
-+	 * consistently (as it would when PPS is turned on for the X540 device)
-+	 */
-+	eicr &= 0xFFFF0000;
-+
- 	IXGBE_WRITE_REG(hw, IXGBE_EICR, eicr);
- 
- 	if (eicr & IXGBE_EICR_LSC)
-diff --git a/drivers/net/wireless/iwlwifi/dvm/debugfs.c b/drivers/net/wireless/iwlwifi/dvm/debugfs.c
-index 5b9533e..2c056b1 100644
---- a/drivers/net/wireless/iwlwifi/dvm/debugfs.c
-+++ b/drivers/net/wireless/iwlwifi/dvm/debugfs.c
-@@ -2237,15 +2237,15 @@ static ssize_t iwl_dbgfs_log_event_read(struct file *file,
- 					 size_t count, loff_t *ppos)
- {
- 	struct iwl_priv *priv = file->private_data;
--	char *buf;
--	int pos = 0;
--	ssize_t ret = -ENOMEM;
-+	char *buf = NULL;
-+	ssize_t ret;
- 
--	ret = pos = iwl_dump_nic_event_log(priv, true, &buf, true);
--	if (buf) {
--		ret = simple_read_from_buffer(user_buf, count, ppos, buf, pos);
--		kfree(buf);
--	}
-+	ret = iwl_dump_nic_event_log(priv, true, &buf, true);
-+	if (ret < 0)
-+		goto err;
-+	ret = simple_read_from_buffer(user_buf, count, ppos, buf, ret);
-+err:
-+	kfree(buf);
- 	return ret;
- }
- 
-diff --git a/drivers/net/wireless/iwlwifi/dvm/sta.c b/drivers/net/wireless/iwlwifi/dvm/sta.c
-index bdba954..a8632a4 100644
---- a/drivers/net/wireless/iwlwifi/dvm/sta.c
-+++ b/drivers/net/wireless/iwlwifi/dvm/sta.c
-@@ -707,6 +707,7 @@ void iwl_clear_ucode_stations(struct iwl_priv *priv,
- void iwl_restore_stations(struct iwl_priv *priv, struct iwl_rxon_context *ctx)
- {
- 	struct iwl_addsta_cmd sta_cmd;
-+	static const struct iwl_link_quality_cmd zero_lq = {};
- 	struct iwl_link_quality_cmd lq;
- 	int i;
- 	bool found = false;
-@@ -745,7 +746,9 @@ void iwl_restore_stations(struct iwl_priv *priv, struct iwl_rxon_context *ctx)
- 				else
- 					memcpy(&lq, priv->stations[i].lq,
- 					       sizeof(struct iwl_link_quality_cmd));
--				send_lq = true;
-+
-+				if (!memcmp(&lq, &zero_lq, sizeof(lq)))
-+					send_lq = true;
- 			}
- 			spin_unlock_bh(&priv->sta_lock);
- 			ret = iwl_send_add_sta(priv, &sta_cmd, CMD_SYNC);
-diff --git a/drivers/net/wireless/mwifiex/pcie.c b/drivers/net/wireless/mwifiex/pcie.c
-index 0bbea88..b7a5387 100644
---- a/drivers/net/wireless/mwifiex/pcie.c
-+++ b/drivers/net/wireless/mwifiex/pcie.c
-@@ -1831,9 +1831,9 @@ static void mwifiex_pcie_cleanup(struct mwifiex_adapter *adapter)
- 	if (pdev) {
- 		pci_iounmap(pdev, card->pci_mmap);
- 		pci_iounmap(pdev, card->pci_mmap1);
--
--		pci_release_regions(pdev);
- 		pci_disable_device(pdev);
-+		pci_release_region(pdev, 2);
-+		pci_release_region(pdev, 0);
- 		pci_set_drvdata(pdev, NULL);
- 	}
- }
-diff --git a/drivers/net/wireless/rt2x00/rt2800lib.c b/drivers/net/wireless/rt2x00/rt2800lib.c
-index 197b446..0b55706 100644
---- a/drivers/net/wireless/rt2x00/rt2800lib.c
-+++ b/drivers/net/wireless/rt2x00/rt2800lib.c
-@@ -4386,6 +4386,8 @@ static int rt2800_init_rfcsr(struct rt2x00_dev *rt2x00dev)
- 
- 	if (!rt2x00_rt(rt2x00dev, RT5390) &&
- 	    !rt2x00_rt(rt2x00dev, RT5392)) {
-+		u8 min_gain = rt2x00_rt(rt2x00dev, RT3070) ? 1 : 2;
-+
- 		rt2800_rfcsr_read(rt2x00dev, 17, &rfcsr);
- 		rt2x00_set_field8(&rfcsr, RFCSR17_TX_LO1_EN, 0);
- 		if (rt2x00_rt(rt2x00dev, RT3070) ||
-@@ -4396,8 +4398,10 @@ static int rt2800_init_rfcsr(struct rt2x00_dev *rt2x00dev)
- 				      &rt2x00dev->cap_flags))
- 				rt2x00_set_field8(&rfcsr, RFCSR17_R, 1);
- 		}
--		rt2x00_set_field8(&rfcsr, RFCSR17_TXMIXER_GAIN,
--				  drv_data->txmixer_gain_24g);
-+		if (drv_data->txmixer_gain_24g >= min_gain) {
-+			rt2x00_set_field8(&rfcsr, RFCSR17_TXMIXER_GAIN,
-+					  drv_data->txmixer_gain_24g);
-+		}
- 		rt2800_rfcsr_write(rt2x00dev, 17, rfcsr);
- 	}
- 
-diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c
-index 5cb5820..d1b4e00 100644
---- a/drivers/pci/pci.c
-+++ b/drivers/pci/pci.c
-@@ -651,15 +651,11 @@ static int pci_platform_power_transition(struct pci_dev *dev, pci_power_t state)
- 		error = platform_pci_set_power_state(dev, state);
- 		if (!error)
- 			pci_update_current_state(dev, state);
--		/* Fall back to PCI_D0 if native PM is not supported */
--		if (!dev->pm_cap)
--			dev->current_state = PCI_D0;
--	} else {
-+	} else
- 		error = -ENODEV;
--		/* Fall back to PCI_D0 if native PM is not supported */
--		if (!dev->pm_cap)
--			dev->current_state = PCI_D0;
--	}
-+
-+	if (error && !dev->pm_cap) /* Fall back to PCI_D0 */
-+		dev->current_state = PCI_D0;
- 
- 	return error;
- }
-diff --git a/drivers/rtc/rtc-cmos.c b/drivers/rtc/rtc-cmos.c
-index 16630aa..1c77423 100644
---- a/drivers/rtc/rtc-cmos.c
-+++ b/drivers/rtc/rtc-cmos.c
-@@ -805,9 +805,8 @@ static int cmos_suspend(struct device *dev)
- 			mask = RTC_IRQMASK;
- 		tmp &= ~mask;
- 		CMOS_WRITE(tmp, RTC_CONTROL);
-+		hpet_mask_rtc_irq_bit(mask);
- 
--		/* shut down hpet emulation - we don't need it for alarm */
--		hpet_mask_rtc_irq_bit(RTC_PIE|RTC_AIE|RTC_UIE);
- 		cmos_checkintr(cmos, tmp);
- 	}
- 	spin_unlock_irq(&rtc_lock);
-@@ -872,6 +871,7 @@ static int cmos_resume(struct device *dev)
- 			rtc_update_irq(cmos->rtc, 1, mask);
- 			tmp &= ~RTC_AIE;
- 			hpet_mask_rtc_irq_bit(RTC_AIE);
-+			hpet_rtc_timer_init();
- 		} while (mask & RTC_AIE);
- 		spin_unlock_irq(&rtc_lock);
- 	}
-diff --git a/drivers/s390/char/sclp_cmd.c b/drivers/s390/char/sclp_cmd.c
-index c44d13f..56dcd7c 100644
---- a/drivers/s390/char/sclp_cmd.c
-+++ b/drivers/s390/char/sclp_cmd.c
-@@ -567,6 +567,8 @@ static void __init sclp_add_standby_memory(void)
- 	add_memory_merged(0);
- }
- 
-+#define MEM_SCT_SIZE (1UL << SECTION_SIZE_BITS)
-+
- static void __init insert_increment(u16 rn, int standby, int assigned)
- {
- 	struct memory_increment *incr, *new_incr;
-@@ -579,7 +581,7 @@ static void __init insert_increment(u16 rn, int standby, int assigned)
- 	new_incr->rn = rn;
- 	new_incr->standby = standby;
- 	if (!standby)
--		new_incr->usecount = 1;
-+		new_incr->usecount = rzm > MEM_SCT_SIZE ? rzm/MEM_SCT_SIZE : 1;
- 	last_rn = 0;
- 	prev = &sclp_mem_list;
- 	list_for_each_entry(incr, &sclp_mem_list, list) {
-diff --git a/drivers/staging/zsmalloc/Kconfig b/drivers/staging/zsmalloc/Kconfig
-index 9084565..7fab032 100644
---- a/drivers/staging/zsmalloc/Kconfig
-+++ b/drivers/staging/zsmalloc/Kconfig
-@@ -1,5 +1,5 @@
- config ZSMALLOC
--	tristate "Memory allocator for compressed pages"
-+	bool "Memory allocator for compressed pages"
- 	default n
- 	help
- 	  zsmalloc is a slab-based memory allocator designed to store
-diff --git a/drivers/staging/zsmalloc/zsmalloc-main.c b/drivers/staging/zsmalloc/zsmalloc-main.c
-index 223c736..851a2ff 100644
---- a/drivers/staging/zsmalloc/zsmalloc-main.c
-+++ b/drivers/staging/zsmalloc/zsmalloc-main.c
-@@ -657,11 +657,8 @@ static inline void __zs_unmap_object(struct mapping_area *area,
- 				struct page *pages[2], int off, int size)
- {
- 	unsigned long addr = (unsigned long)area->vm_addr;
--	unsigned long end = addr + (PAGE_SIZE * 2);
- 
--	flush_cache_vunmap(addr, end);
--	unmap_kernel_range_noflush(addr, PAGE_SIZE * 2);
--	flush_tlb_kernel_range(addr, end);
-+	unmap_kernel_range(addr, PAGE_SIZE * 2);
- }
- 
- #else /* USE_PGTABLE_MAPPING */
-diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c
-index ac35c90..c830b60 100644
---- a/drivers/tty/pty.c
-+++ b/drivers/tty/pty.c
-@@ -675,6 +675,9 @@ static int ptmx_open(struct inode *inode, struct file *filp)
- 
- 	nonseekable_open(inode, filp);
- 
-+	/* We refuse fsnotify events on ptmx, since it's a shared resource */
-+	filp->f_mode |= FMODE_NONOTIFY;
-+
- 	retval = tty_alloc_file(filp);
- 	if (retval)
- 		return retval;
-diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c
-index 2c7230a..4293a3e 100644
---- a/drivers/tty/serial/serial_core.c
-+++ b/drivers/tty/serial/serial_core.c
-@@ -1940,6 +1940,8 @@ int uart_suspend_port(struct uart_driver *drv, struct uart_port *uport)
- 		mutex_unlock(&port->mutex);
- 		return 0;
- 	}
-+	put_device(tty_dev);
-+
- 	if (console_suspend_enabled || !uart_console(uport))
- 		uport->suspended = 1;
- 
-@@ -2005,9 +2007,11 @@ int uart_resume_port(struct uart_driver *drv, struct uart_port *uport)
- 			disable_irq_wake(uport->irq);
- 			uport->irq_wake = 0;
- 		}
-+		put_device(tty_dev);
- 		mutex_unlock(&port->mutex);
- 		return 0;
- 	}
-+	put_device(tty_dev);
- 	uport->suspended = 0;
- 
- 	/*
-diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
-index 892ecda..f34f98d 100644
---- a/drivers/tty/tty_io.c
-+++ b/drivers/tty/tty_io.c
-@@ -941,10 +941,10 @@ void start_tty(struct tty_struct *tty)
- 
- EXPORT_SYMBOL(start_tty);
- 
-+/* We limit tty time update visibility to every 8 seconds or so. */
- static void tty_update_time(struct timespec *time)
- {
--	unsigned long sec = get_seconds();
--	sec -= sec % 60;
-+	unsigned long sec = get_seconds() & ~7;
- 	if ((long)(sec - time->tv_sec) > 0)
- 		time->tv_sec = sec;
- }
-diff --git a/drivers/usb/chipidea/udc.c b/drivers/usb/chipidea/udc.c
-index 2f45bba..c0f4066 100644
---- a/drivers/usb/chipidea/udc.c
-+++ b/drivers/usb/chipidea/udc.c
-@@ -461,6 +461,8 @@ static int _hardware_enqueue(struct ci13xxx_ep *mEp, struct ci13xxx_req *mReq)
- 		mReq->ptr->page[i] =
- 			(mReq->req.dma + i * CI13XXX_PAGE_SIZE) & ~TD_RESERVED_MASK;
- 
-+	wmb();
-+
- 	if (!list_empty(&mEp->qh.queue)) {
- 		struct ci13xxx_req *mReqPrev;
- 		int n = hw_ep_bit(mEp->num, mEp->dir);
-@@ -561,6 +563,12 @@ __acquires(mEp->lock)
- 		struct ci13xxx_req *mReq = \
- 			list_entry(mEp->qh.queue.next,
- 				   struct ci13xxx_req, queue);
-+
-+		if (mReq->zptr) {
-+			dma_pool_free(mEp->td_pool, mReq->zptr, mReq->zdma);
-+			mReq->zptr = NULL;
-+		}
-+
- 		list_del_init(&mReq->queue);
- 		mReq->req.status = -ESHUTDOWN;
- 
-diff --git a/drivers/usb/chipidea/udc.h b/drivers/usb/chipidea/udc.h
-index 4ff2384d..d12e8b5 100644
---- a/drivers/usb/chipidea/udc.h
-+++ b/drivers/usb/chipidea/udc.h
-@@ -40,7 +40,7 @@ struct ci13xxx_td {
- #define TD_CURR_OFFSET        (0x0FFFUL <<  0)
- #define TD_FRAME_NUM          (0x07FFUL <<  0)
- #define TD_RESERVED_MASK      (0x0FFFUL <<  0)
--} __attribute__ ((packed));
-+} __attribute__ ((packed, aligned(4)));
- 
- /* DMA layout of queue heads */
- struct ci13xxx_qh {
-@@ -57,7 +57,7 @@ struct ci13xxx_qh {
- 	/* 9 */
- 	u32 RESERVED;
- 	struct usb_ctrlrequest   setup;
--} __attribute__ ((packed));
-+} __attribute__ ((packed, aligned(4)));
- 
- /**
-  * struct ci13xxx_req - usb request representation
-diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c
-index b78fbe2..ea0a9a1 100644
---- a/drivers/usb/core/devio.c
-+++ b/drivers/usb/core/devio.c
-@@ -738,6 +738,8 @@ static int check_ctrlrecip(struct dev_state *ps, unsigned int requesttype,
- 	index &= 0xff;
- 	switch (requesttype & USB_RECIP_MASK) {
- 	case USB_RECIP_ENDPOINT:
-+		if ((index & ~USB_DIR_IN) == 0)
-+			return 0;
- 		ret = findintfep(ps->dev, index);
- 		if (ret >= 0)
- 			ret = checkintf(ps, ret);
-diff --git a/drivers/usb/host/ehci-hcd.c b/drivers/usb/host/ehci-hcd.c
-index 416a6dc..83b5a172 100644
---- a/drivers/usb/host/ehci-hcd.c
-+++ b/drivers/usb/host/ehci-hcd.c
-@@ -670,9 +670,6 @@ int ehci_setup(struct usb_hcd *hcd)
- 	if (retval)
- 		return retval;
- 
--	if (ehci_is_TDI(ehci))
--		tdi_reset(ehci);
--
- 	ehci_reset(ehci);
- 
- 	return 0;
-diff --git a/drivers/usb/misc/appledisplay.c b/drivers/usb/misc/appledisplay.c
-index 0fc6e5f..ba6a5d6 100644
---- a/drivers/usb/misc/appledisplay.c
-+++ b/drivers/usb/misc/appledisplay.c
-@@ -63,6 +63,7 @@ static const struct usb_device_id appledisplay_table[] = {
- 	{ APPLEDISPLAY_DEVICE(0x9219) },
- 	{ APPLEDISPLAY_DEVICE(0x921c) },
- 	{ APPLEDISPLAY_DEVICE(0x921d) },
-+	{ APPLEDISPLAY_DEVICE(0x9236) },
- 
- 	/* Terminating entry */
- 	{ }
-diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c
-index 8e4f40b..77f78ad 100644
---- a/drivers/usb/serial/ftdi_sio.c
-+++ b/drivers/usb/serial/ftdi_sio.c
-@@ -189,6 +189,7 @@ static struct usb_device_id id_table_combined [] = {
- 	{ USB_DEVICE(FTDI_VID, FTDI_OPENDCC_THROTTLE_PID) },
- 	{ USB_DEVICE(FTDI_VID, FTDI_OPENDCC_GATEWAY_PID) },
- 	{ USB_DEVICE(FTDI_VID, FTDI_OPENDCC_GBM_PID) },
-+	{ USB_DEVICE(FTDI_VID, FTDI_OPENDCC_GBM_BOOST_PID) },
- 	{ USB_DEVICE(NEWPORT_VID, NEWPORT_AGILIS_PID) },
- 	{ USB_DEVICE(INTERBIOMETRICS_VID, INTERBIOMETRICS_IOBOARD_PID) },
- 	{ USB_DEVICE(INTERBIOMETRICS_VID, INTERBIOMETRICS_MINI_IOBOARD_PID) },
-@@ -870,7 +871,9 @@ static struct usb_device_id id_table_combined [] = {
- 	{ USB_DEVICE(FTDI_VID, FTDI_DOTEC_PID) },
- 	{ USB_DEVICE(QIHARDWARE_VID, MILKYMISTONE_JTAGSERIAL_PID),
- 		.driver_info = (kernel_ulong_t)&ftdi_jtag_quirk },
--	{ USB_DEVICE(ST_VID, ST_STMCLT1030_PID),
-+	{ USB_DEVICE(ST_VID, ST_STMCLT_2232_PID),
-+		.driver_info = (kernel_ulong_t)&ftdi_jtag_quirk },
-+	{ USB_DEVICE(ST_VID, ST_STMCLT_4232_PID),
- 		.driver_info = (kernel_ulong_t)&ftdi_stmclite_quirk },
- 	{ USB_DEVICE(FTDI_VID, FTDI_RF_R106) },
- 	{ USB_DEVICE(FTDI_VID, FTDI_DISTORTEC_JTAG_LOCK_PICK_PID),
-@@ -1792,20 +1795,24 @@ static int ftdi_8u2232c_probe(struct usb_serial *serial)
- }
- 
- /*
-- * First and second port on STMCLiteadaptors is reserved for JTAG interface
-- * and the forth port for pio
-+ * First two ports on JTAG adaptors using an FT4232 such as STMicroelectronics's
-+ * ST Micro Connect Lite are reserved for JTAG or other non-UART interfaces and
-+ * can be accessed from userspace.
-+ * The next two ports are enabled as UARTs by default, where port 2 is
-+ * a conventional RS-232 UART.
-  */
- static int ftdi_stmclite_probe(struct usb_serial *serial)
- {
- 	struct usb_device *udev = serial->dev;
- 	struct usb_interface *interface = serial->interface;
- 
--	if (interface == udev->actconfig->interface[2])
--		return 0;
--
--	dev_info(&udev->dev, "Ignoring serial port reserved for JTAG\n");
-+	if (interface == udev->actconfig->interface[0] ||
-+	    interface == udev->actconfig->interface[1]) {
-+		dev_info(&udev->dev, "Ignoring serial port reserved for JTAG\n");
-+		return -ENODEV;
-+	}
- 
--	return -ENODEV;
-+	return 0;
- }
- 
- /*
-diff --git a/drivers/usb/serial/ftdi_sio_ids.h b/drivers/usb/serial/ftdi_sio_ids.h
-index e79861e..9852827 100644
---- a/drivers/usb/serial/ftdi_sio_ids.h
-+++ b/drivers/usb/serial/ftdi_sio_ids.h
-@@ -74,6 +74,7 @@
- #define FTDI_OPENDCC_THROTTLE_PID	0xBFDA
- #define FTDI_OPENDCC_GATEWAY_PID	0xBFDB
- #define FTDI_OPENDCC_GBM_PID	0xBFDC
-+#define FTDI_OPENDCC_GBM_BOOST_PID	0xBFDD
- 
- /* NZR SEM 16+ USB (http://www.nzr.de) */
- #define FTDI_NZR_SEM_USB_PID	0xC1E0	/* NZR SEM-LOG16+ */
-@@ -1150,7 +1151,8 @@
-  * STMicroelectonics
-  */
- #define ST_VID			0x0483
--#define ST_STMCLT1030_PID	0x3747 /* ST Micro Connect Lite STMCLT1030 */
-+#define ST_STMCLT_2232_PID	0x3746
-+#define ST_STMCLT_4232_PID	0x3747
- 
- /*
-  * Papouch products (http://www.papouch.com/)
-diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c
-index 558adfc..bff059a 100644
---- a/drivers/usb/serial/option.c
-+++ b/drivers/usb/serial/option.c
-@@ -347,6 +347,7 @@ static void option_instat_callback(struct urb *urb);
- /* Olivetti products */
- #define OLIVETTI_VENDOR_ID			0x0b3c
- #define OLIVETTI_PRODUCT_OLICARD100		0xc000
-+#define OLIVETTI_PRODUCT_OLICARD145		0xc003
- 
- /* Celot products */
- #define CELOT_VENDOR_ID				0x211f
-@@ -1273,6 +1274,7 @@ static const struct usb_device_id option_ids[] = {
- 	{ USB_DEVICE(SIEMENS_VENDOR_ID, CINTERION_PRODUCT_HC28_MDMNET) },
- 
- 	{ USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD100) },
-+	{ USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD145) },
- 	{ USB_DEVICE(CELOT_VENDOR_ID, CELOT_PRODUCT_CT680M) }, /* CT-650 CDMA 450 1xEVDO modem */
- 	{ USB_DEVICE(ONDA_VENDOR_ID, ONDA_MT825UP) }, /* ONDA MT825UP modem */
- 	{ USB_DEVICE_AND_INTERFACE_INFO(SAMSUNG_VENDOR_ID, SAMSUNG_PRODUCT_GT_B3730, USB_CLASS_CDC_DATA, 0x00, 0x00) }, /* Samsung GT-B3730 LTE USB modem.*/
-@@ -1350,6 +1352,12 @@ static const struct usb_device_id option_ids[] = {
- 	{ USB_DEVICE(TPLINK_VENDOR_ID, TPLINK_PRODUCT_MA180),
- 	  .driver_info = (kernel_ulong_t)&net_intf4_blacklist },
- 	{ USB_DEVICE(CHANGHONG_VENDOR_ID, CHANGHONG_PRODUCT_CH690) },
-+	{ USB_DEVICE_AND_INTERFACE_INFO(0x2001, 0x7d01, 0xff, 0x02, 0x01) },	/* D-Link DWM-156 (variant) */
-+	{ USB_DEVICE_AND_INTERFACE_INFO(0x2001, 0x7d01, 0xff, 0x00, 0x00) },	/* D-Link DWM-156 (variant) */
-+	{ USB_DEVICE_AND_INTERFACE_INFO(0x2001, 0x7d02, 0xff, 0x02, 0x01) },
-+	{ USB_DEVICE_AND_INTERFACE_INFO(0x2001, 0x7d02, 0xff, 0x00, 0x00) },
-+	{ USB_DEVICE_AND_INTERFACE_INFO(0x2001, 0x7d03, 0xff, 0x02, 0x01) },
-+	{ USB_DEVICE_AND_INTERFACE_INFO(0x2001, 0x7d03, 0xff, 0x00, 0x00) },
- 	{ } /* Terminating entry */
- };
- MODULE_DEVICE_TABLE(usb, option_ids);
-diff --git a/drivers/usb/storage/cypress_atacb.c b/drivers/usb/storage/cypress_atacb.c
-index 070b5c0..d944088 100644
---- a/drivers/usb/storage/cypress_atacb.c
-+++ b/drivers/usb/storage/cypress_atacb.c
-@@ -248,14 +248,26 @@ static int cypress_probe(struct usb_interface *intf,
- {
- 	struct us_data *us;
- 	int result;
-+	struct usb_device *device;
- 
- 	result = usb_stor_probe1(&us, intf, id,
- 			(id - cypress_usb_ids) + cypress_unusual_dev_list);
- 	if (result)
- 		return result;
- 
--	us->protocol_name = "Transparent SCSI with Cypress ATACB";
--	us->proto_handler = cypress_atacb_passthrough;
-+	/* Among CY7C68300 chips, the A revision does not support Cypress ATACB
-+	 * Filter out this revision from EEPROM default descriptor values
-+	 */
-+	device = interface_to_usbdev(intf);
-+	if (device->descriptor.iManufacturer != 0x38 ||
-+	    device->descriptor.iProduct != 0x4e ||
-+	    device->descriptor.iSerialNumber != 0x64) {
-+		us->protocol_name = "Transparent SCSI with Cypress ATACB";
-+		us->proto_handler = cypress_atacb_passthrough;
-+	} else {
-+		us->protocol_name = "Transparent SCSI";
-+		us->proto_handler = usb_stor_transparent_scsi_command;
-+	}
- 
- 	result = usb_stor_probe2(us);
- 	return result;
-diff --git a/drivers/video/console/fbcon.c b/drivers/video/console/fbcon.c
-index 501c599..6e696e6 100644
---- a/drivers/video/console/fbcon.c
-+++ b/drivers/video/console/fbcon.c
-@@ -1228,6 +1228,8 @@ static void fbcon_deinit(struct vc_data *vc)
- finished:
- 
- 	fbcon_free_font(p, free_font);
-+	if (free_font)
-+		vc->vc_font.data = NULL;
- 
- 	if (!con_is_bound(&fb_con))
- 		fbcon_exit();
-diff --git a/fs/dcache.c b/fs/dcache.c
-index c3bbf85..de73da2 100644
---- a/fs/dcache.c
-+++ b/fs/dcache.c
-@@ -1232,8 +1232,10 @@ void shrink_dcache_parent(struct dentry * parent)
- 	LIST_HEAD(dispose);
- 	int found;
- 
--	while ((found = select_parent(parent, &dispose)) != 0)
-+	while ((found = select_parent(parent, &dispose)) != 0) {
- 		shrink_dentry_list(&dispose);
-+		cond_resched();
-+	}
- }
- EXPORT_SYMBOL(shrink_dcache_parent);
- 
-diff --git a/fs/exec.c b/fs/exec.c
-index 20df02c..ac014f1 100644
---- a/fs/exec.c
-+++ b/fs/exec.c
-@@ -613,7 +613,7 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift)
- 		 * when the old and new regions overlap clear from new_end.
- 		 */
- 		free_pgd_range(&tlb, new_end, old_end, new_end,
--			vma->vm_next ? vma->vm_next->vm_start : 0);
-+			vma->vm_next ? vma->vm_next->vm_start : USER_PGTABLES_CEILING);
- 	} else {
- 		/*
- 		 * otherwise, clean from old_start; this is done to not touch
-@@ -622,7 +622,7 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift)
- 		 * for the others its just a little faster.
- 		 */
- 		free_pgd_range(&tlb, old_start, old_end, new_end,
--			vma->vm_next ? vma->vm_next->vm_start : 0);
-+			vma->vm_next ? vma->vm_next->vm_start : USER_PGTABLES_CEILING);
- 	}
- 	tlb_finish_mmu(&tlb, new_end, old_end);
- 
-@@ -898,11 +898,13 @@ static int de_thread(struct task_struct *tsk)
- 
- 		sig->notify_count = -1;	/* for exit_notify() */
- 		for (;;) {
-+			threadgroup_change_begin(tsk);
- 			write_lock_irq(&tasklist_lock);
- 			if (likely(leader->exit_state))
- 				break;
- 			__set_current_state(TASK_KILLABLE);
- 			write_unlock_irq(&tasklist_lock);
-+			threadgroup_change_end(tsk);
- 			schedule();
- 			if (unlikely(__fatal_signal_pending(tsk)))
- 				goto killed;
-@@ -960,6 +962,7 @@ static int de_thread(struct task_struct *tsk)
- 		if (unlikely(leader->ptrace))
- 			__wake_up_parent(leader, leader->parent);
- 		write_unlock_irq(&tasklist_lock);
-+		threadgroup_change_end(tsk);
- 
- 		release_task(leader);
- 	}
-diff --git a/fs/ext4/Kconfig b/fs/ext4/Kconfig
-index 9873587..efea5d5 100644
---- a/fs/ext4/Kconfig
-+++ b/fs/ext4/Kconfig
-@@ -71,4 +71,5 @@ config EXT4_DEBUG
- 	  Enables run-time debugging support for the ext4 filesystem.
- 
- 	  If you select Y here, then you will be able to turn on debugging
--	  with a command such as "echo 1 > /sys/kernel/debug/ext4/mballoc-debug"
-+	  with a command such as:
-+		echo 1 > /sys/module/ext4/parameters/mballoc_debug
-diff --git a/fs/ext4/ext4_jbd2.h b/fs/ext4/ext4_jbd2.h
-index 7177f9b..dbd9ae1 100644
---- a/fs/ext4/ext4_jbd2.h
-+++ b/fs/ext4/ext4_jbd2.h
-@@ -170,16 +170,20 @@ static inline void ext4_journal_callback_add(handle_t *handle,
-  * ext4_journal_callback_del: delete a registered callback
-  * @handle: active journal transaction handle on which callback was registered
-  * @jce: registered journal callback entry to unregister
-+ * Return true if object was sucessfully removed
-  */
--static inline void ext4_journal_callback_del(handle_t *handle,
-+static inline bool ext4_journal_callback_try_del(handle_t *handle,
- 					     struct ext4_journal_cb_entry *jce)
- {
-+	bool deleted;
- 	struct ext4_sb_info *sbi =
- 			EXT4_SB(handle->h_transaction->t_journal->j_private);
- 
- 	spin_lock(&sbi->s_md_lock);
-+	deleted = !list_empty(&jce->jce_list);
- 	list_del_init(&jce->jce_list);
- 	spin_unlock(&sbi->s_md_lock);
-+	return deleted;
- }
- 
- int
-diff --git a/fs/ext4/fsync.c b/fs/ext4/fsync.c
-index 3278e64..e0ba8a4 100644
---- a/fs/ext4/fsync.c
-+++ b/fs/ext4/fsync.c
-@@ -166,8 +166,7 @@ int ext4_sync_file(struct file *file, loff_t start, loff_t end, int datasync)
- 	if (journal->j_flags & JBD2_BARRIER &&
- 	    !jbd2_trans_will_send_data_barrier(journal, commit_tid))
- 		needs_barrier = true;
--	jbd2_log_start_commit(journal, commit_tid);
--	ret = jbd2_log_wait_commit(journal, commit_tid);
-+	ret = jbd2_complete_transaction(journal, commit_tid);
- 	if (needs_barrier) {
- 		err = blkdev_issue_flush(inode->i_sb->s_bdev, GFP_KERNEL, NULL);
- 		if (!ret)
-diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
-index 22c5c67..c0fbd96 100644
---- a/fs/ext4/inode.c
-+++ b/fs/ext4/inode.c
-@@ -55,21 +55,21 @@ static __u32 ext4_inode_csum(struct inode *inode, struct ext4_inode *raw,
- 	__u16 csum_hi = 0;
- 	__u32 csum;
- 
--	csum_lo = raw->i_checksum_lo;
-+	csum_lo = le16_to_cpu(raw->i_checksum_lo);
- 	raw->i_checksum_lo = 0;
- 	if (EXT4_INODE_SIZE(inode->i_sb) > EXT4_GOOD_OLD_INODE_SIZE &&
- 	    EXT4_FITS_IN_INODE(raw, ei, i_checksum_hi)) {
--		csum_hi = raw->i_checksum_hi;
-+		csum_hi = le16_to_cpu(raw->i_checksum_hi);
- 		raw->i_checksum_hi = 0;
- 	}
- 
- 	csum = ext4_chksum(sbi, ei->i_csum_seed, (__u8 *)raw,
- 			   EXT4_INODE_SIZE(inode->i_sb));
- 
--	raw->i_checksum_lo = csum_lo;
-+	raw->i_checksum_lo = cpu_to_le16(csum_lo);
- 	if (EXT4_INODE_SIZE(inode->i_sb) > EXT4_GOOD_OLD_INODE_SIZE &&
- 	    EXT4_FITS_IN_INODE(raw, ei, i_checksum_hi))
--		raw->i_checksum_hi = csum_hi;
-+		raw->i_checksum_hi = cpu_to_le16(csum_hi);
- 
- 	return csum;
- }
-@@ -216,8 +216,7 @@ void ext4_evict_inode(struct inode *inode)
- 			journal_t *journal = EXT4_SB(inode->i_sb)->s_journal;
- 			tid_t commit_tid = EXT4_I(inode)->i_datasync_tid;
- 
--			jbd2_log_start_commit(journal, commit_tid);
--			jbd2_log_wait_commit(journal, commit_tid);
-+			jbd2_complete_transaction(journal, commit_tid);
- 			filemap_write_and_wait(&inode->i_data);
- 		}
- 		truncate_inode_pages(&inode->i_data, 0);
-diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c
-index 82f8c2d..b443e62 100644
---- a/fs/ext4/mballoc.c
-+++ b/fs/ext4/mballoc.c
-@@ -4449,11 +4449,11 @@ ext4_mb_free_metadata(handle_t *handle, struct ext4_buddy *e4b,
- 	node = rb_prev(new_node);
- 	if (node) {
- 		entry = rb_entry(node, struct ext4_free_data, efd_node);
--		if (can_merge(entry, new_entry)) {
-+		if (can_merge(entry, new_entry) &&
-+		    ext4_journal_callback_try_del(handle, &entry->efd_jce)) {
- 			new_entry->efd_start_cluster = entry->efd_start_cluster;
- 			new_entry->efd_count += entry->efd_count;
- 			rb_erase(node, &(db->bb_free_root));
--			ext4_journal_callback_del(handle, &entry->efd_jce);
- 			kmem_cache_free(ext4_free_data_cachep, entry);
- 		}
- 	}
-@@ -4461,10 +4461,10 @@ ext4_mb_free_metadata(handle_t *handle, struct ext4_buddy *e4b,
- 	node = rb_next(new_node);
- 	if (node) {
- 		entry = rb_entry(node, struct ext4_free_data, efd_node);
--		if (can_merge(new_entry, entry)) {
-+		if (can_merge(new_entry, entry) &&
-+		    ext4_journal_callback_try_del(handle, &entry->efd_jce)) {
- 			new_entry->efd_count += entry->efd_count;
- 			rb_erase(node, &(db->bb_free_root));
--			ext4_journal_callback_del(handle, &entry->efd_jce);
- 			kmem_cache_free(ext4_free_data_cachep, entry);
- 		}
- 	}
-diff --git a/fs/ext4/mmp.c b/fs/ext4/mmp.c
-index 44734f1..fe201c6 100644
---- a/fs/ext4/mmp.c
-+++ b/fs/ext4/mmp.c
-@@ -7,7 +7,7 @@
- #include "ext4.h"
- 
- /* Checksumming functions */
--static __u32 ext4_mmp_csum(struct super_block *sb, struct mmp_struct *mmp)
-+static __le32 ext4_mmp_csum(struct super_block *sb, struct mmp_struct *mmp)
- {
- 	struct ext4_sb_info *sbi = EXT4_SB(sb);
- 	int offset = offsetof(struct mmp_struct, mmp_checksum);
-diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c
-index 9eace36..a2fe9f5 100644
---- a/fs/ext4/resize.c
-+++ b/fs/ext4/resize.c
-@@ -1341,6 +1341,8 @@ static void ext4_update_super(struct super_block *sb,
- 
- 	/* Update the global fs size fields */
- 	sbi->s_groups_count += flex_gd->count;
-+	sbi->s_blockfile_groups = min_t(ext4_group_t, sbi->s_groups_count,
-+			(EXT4_MAX_BLOCK_FILE_PHYS / EXT4_BLOCKS_PER_GROUP(sb)));
- 
- 	/* Update the reserved block counts only once the new group is
- 	 * active. */
-diff --git a/fs/ext4/super.c b/fs/ext4/super.c
-index 24c767d..5575a45 100644
---- a/fs/ext4/super.c
-+++ b/fs/ext4/super.c
-@@ -452,10 +452,13 @@ static void ext4_journal_commit_callback(journal_t *journal, transaction_t *txn)
- 	struct super_block		*sb = journal->j_private;
- 	struct ext4_sb_info		*sbi = EXT4_SB(sb);
- 	int				error = is_journal_aborted(journal);
--	struct ext4_journal_cb_entry	*jce, *tmp;
-+	struct ext4_journal_cb_entry	*jce;
- 
-+	BUG_ON(txn->t_state == T_FINISHED);
- 	spin_lock(&sbi->s_md_lock);
--	list_for_each_entry_safe(jce, tmp, &txn->t_private_list, jce_list) {
-+	while (!list_empty(&txn->t_private_list)) {
-+		jce = list_entry(txn->t_private_list.next,
-+				 struct ext4_journal_cb_entry, jce_list);
- 		list_del_init(&jce->jce_list);
- 		spin_unlock(&sbi->s_md_lock);
- 		jce->jce_func(sb, jce, error);
-diff --git a/fs/fscache/stats.c b/fs/fscache/stats.c
-index 8179e8b..40d13c7 100644
---- a/fs/fscache/stats.c
-+++ b/fs/fscache/stats.c
-@@ -287,5 +287,5 @@ const struct file_operations fscache_stats_fops = {
- 	.open		= fscache_stats_open,
- 	.read		= seq_read,
- 	.llseek		= seq_lseek,
--	.release	= seq_release,
-+	.release        = single_release,
- };
-diff --git a/fs/jbd2/commit.c b/fs/jbd2/commit.c
-index 3091d42..069bf58 100644
---- a/fs/jbd2/commit.c
-+++ b/fs/jbd2/commit.c
-@@ -382,7 +382,7 @@ void jbd2_journal_commit_transaction(journal_t *journal)
- 	int space_left = 0;
- 	int first_tag = 0;
- 	int tag_flag;
--	int i, to_free = 0;
-+	int i;
- 	int tag_bytes = journal_tag_bytes(journal);
- 	struct buffer_head *cbh = NULL; /* For transactional checksums */
- 	__u32 crc32_sum = ~0;
-@@ -1126,7 +1126,7 @@ restart_loop:
- 	journal->j_stats.run.rs_blocks_logged += stats.run.rs_blocks_logged;
- 	spin_unlock(&journal->j_history_lock);
- 
--	commit_transaction->t_state = T_FINISHED;
-+	commit_transaction->t_state = T_COMMIT_CALLBACK;
- 	J_ASSERT(commit_transaction == journal->j_committing_transaction);
- 	journal->j_commit_sequence = commit_transaction->t_tid;
- 	journal->j_committing_transaction = NULL;
-@@ -1141,38 +1141,44 @@ restart_loop:
- 				journal->j_average_commit_time*3) / 4;
- 	else
- 		journal->j_average_commit_time = commit_time;
-+
- 	write_unlock(&journal->j_state_lock);
- 
--	if (commit_transaction->t_checkpoint_list == NULL &&
--	    commit_transaction->t_checkpoint_io_list == NULL) {
--		__jbd2_journal_drop_transaction(journal, commit_transaction);
--		to_free = 1;
-+	if (journal->j_checkpoint_transactions == NULL) {
-+		journal->j_checkpoint_transactions = commit_transaction;
-+		commit_transaction->t_cpnext = commit_transaction;
-+		commit_transaction->t_cpprev = commit_transaction;
- 	} else {
--		if (journal->j_checkpoint_transactions == NULL) {
--			journal->j_checkpoint_transactions = commit_transaction;
--			commit_transaction->t_cpnext = commit_transaction;
--			commit_transaction->t_cpprev = commit_transaction;
--		} else {
--			commit_transaction->t_cpnext =
--				journal->j_checkpoint_transactions;
--			commit_transaction->t_cpprev =
--				commit_transaction->t_cpnext->t_cpprev;
--			commit_transaction->t_cpnext->t_cpprev =
--				commit_transaction;
--			commit_transaction->t_cpprev->t_cpnext =
-+		commit_transaction->t_cpnext =
-+			journal->j_checkpoint_transactions;
-+		commit_transaction->t_cpprev =
-+			commit_transaction->t_cpnext->t_cpprev;
-+		commit_transaction->t_cpnext->t_cpprev =
-+			commit_transaction;
-+		commit_transaction->t_cpprev->t_cpnext =
- 				commit_transaction;
--		}
- 	}
- 	spin_unlock(&journal->j_list_lock);
--
-+	/* Drop all spin_locks because commit_callback may be block.
-+	 * __journal_remove_checkpoint() can not destroy transaction
-+	 * under us because it is not marked as T_FINISHED yet */
- 	if (journal->j_commit_callback)
- 		journal->j_commit_callback(journal, commit_transaction);
- 
- 	trace_jbd2_end_commit(journal, commit_transaction);
- 	jbd_debug(1, "JBD2: commit %d complete, head %d\n",
- 		  journal->j_commit_sequence, journal->j_tail_sequence);
--	if (to_free)
--		jbd2_journal_free_transaction(commit_transaction);
- 
-+	write_lock(&journal->j_state_lock);
-+	spin_lock(&journal->j_list_lock);
-+	commit_transaction->t_state = T_FINISHED;
-+	/* Recheck checkpoint lists after j_list_lock was dropped */
-+	if (commit_transaction->t_checkpoint_list == NULL &&
-+	    commit_transaction->t_checkpoint_io_list == NULL) {
-+		__jbd2_journal_drop_transaction(journal, commit_transaction);
-+		jbd2_journal_free_transaction(commit_transaction);
-+	}
-+	spin_unlock(&journal->j_list_lock);
-+	write_unlock(&journal->j_state_lock);
- 	wake_up(&journal->j_wait_done_commit);
- }
-diff --git a/fs/jbd2/journal.c b/fs/jbd2/journal.c
-index dbf41f9..42f8cf6c 100644
---- a/fs/jbd2/journal.c
-+++ b/fs/jbd2/journal.c
-@@ -698,6 +698,37 @@ int jbd2_log_wait_commit(journal_t *journal, tid_t tid)
- }
- 
- /*
-+ * When this function returns the transaction corresponding to tid
-+ * will be completed.  If the transaction has currently running, start
-+ * committing that transaction before waiting for it to complete.  If
-+ * the transaction id is stale, it is by definition already completed,
-+ * so just return SUCCESS.
-+ */
-+int jbd2_complete_transaction(journal_t *journal, tid_t tid)
-+{
-+	int	need_to_wait = 1;
-+
-+	read_lock(&journal->j_state_lock);
-+	if (journal->j_running_transaction &&
-+	    journal->j_running_transaction->t_tid == tid) {
-+		if (journal->j_commit_request != tid) {
-+			/* transaction not yet started, so request it */
-+			read_unlock(&journal->j_state_lock);
-+			jbd2_log_start_commit(journal, tid);
-+			goto wait_commit;
-+		}
-+	} else if (!(journal->j_committing_transaction &&
-+		     journal->j_committing_transaction->t_tid == tid))
-+		need_to_wait = 0;
-+	read_unlock(&journal->j_state_lock);
-+	if (!need_to_wait)
-+		return 0;
-+wait_commit:
-+	return jbd2_log_wait_commit(journal, tid);
-+}
-+EXPORT_SYMBOL(jbd2_complete_transaction);
-+
-+/*
-  * Log buffer allocation routines:
-  */
- 
-diff --git a/fs/lockd/clntlock.c b/fs/lockd/clntlock.c
-index ca0a080..193f04c 100644
---- a/fs/lockd/clntlock.c
-+++ b/fs/lockd/clntlock.c
-@@ -144,6 +144,9 @@ int nlmclnt_block(struct nlm_wait *block, struct nlm_rqst *req, long timeout)
- 			timeout);
- 	if (ret < 0)
- 		return -ERESTARTSYS;
-+	/* Reset the lock status after a server reboot so we resend */
-+	if (block->b_status == nlm_lck_denied_grace_period)
-+		block->b_status = nlm_lck_blocked;
- 	req->a_res.status = block->b_status;
- 	return 0;
- }
-diff --git a/fs/lockd/clntproc.c b/fs/lockd/clntproc.c
-index 52e5120..54f9e6c 100644
---- a/fs/lockd/clntproc.c
-+++ b/fs/lockd/clntproc.c
-@@ -550,9 +550,6 @@ again:
- 		status = nlmclnt_block(block, req, NLMCLNT_POLL_TIMEOUT);
- 		if (status < 0)
- 			break;
--		/* Resend the blocking lock request after a server reboot */
--		if (resp->status ==  nlm_lck_denied_grace_period)
--			continue;
- 		if (resp->status != nlm_lck_blocked)
- 			break;
- 	}
-diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
-index 3d905e3..51d53a4 100644
---- a/fs/nfs/nfs4proc.c
-+++ b/fs/nfs/nfs4proc.c
-@@ -1374,6 +1374,12 @@ int nfs4_open_delegation_recall(struct nfs_open_context *ctx, struct nfs4_state
- 			case -ENOMEM:
- 				err = 0;
- 				goto out;
-+			case -NFS4ERR_DELAY:
-+			case -NFS4ERR_GRACE:
-+				set_bit(NFS_DELEGATED_STATE, &state->flags);
-+				ssleep(1);
-+				err = -EAGAIN;
-+				goto out;
- 		}
- 		err = nfs4_handle_exception(server, err, &exception);
- 	} while (exception.retry);
-diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
-index 9d1c5db..ec668e1 100644
---- a/fs/nfsd/nfs4proc.c
-+++ b/fs/nfsd/nfs4proc.c
-@@ -931,14 +931,14 @@ nfsd4_write(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
- 	nfs4_lock_state();
- 	status = nfs4_preprocess_stateid_op(SVC_NET(rqstp),
- 					cstate, stateid, WR_STATE, &filp);
--	if (filp)
--		get_file(filp);
--	nfs4_unlock_state();
--
- 	if (status) {
-+		nfs4_unlock_state();
- 		dprintk("NFSD: nfsd4_write: couldn't process stateid!\n");
- 		return status;
- 	}
-+	if (filp)
-+		get_file(filp);
-+	nfs4_unlock_state();
- 
- 	cnt = write->wr_buflen;
- 	write->wr_how_written = write->wr_stable_how;
-diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
-index a8309c6..53a7c64 100644
---- a/fs/nfsd/nfs4state.c
-+++ b/fs/nfsd/nfs4state.c
-@@ -210,13 +210,7 @@ static void __nfs4_file_put_access(struct nfs4_file *fp, int oflag)
- {
- 	if (atomic_dec_and_test(&fp->fi_access[oflag])) {
- 		nfs4_file_put_fd(fp, oflag);
--		/*
--		 * It's also safe to get rid of the RDWR open *if*
--		 * we no longer have need of the other kind of access
--		 * or if we already have the other kind of open:
--		 */
--		if (fp->fi_fds[1-oflag]
--			|| atomic_read(&fp->fi_access[1 - oflag]) == 0)
-+		if (atomic_read(&fp->fi_access[1 - oflag]) == 0)
- 			nfs4_file_put_fd(fp, O_RDWR);
- 	}
- }
-diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
-index d1dd710..cd5e6c1 100644
---- a/fs/nfsd/nfs4xdr.c
-+++ b/fs/nfsd/nfs4xdr.c
-@@ -344,10 +344,7 @@ nfsd4_decode_fattr(struct nfsd4_compoundargs *argp, u32 *bmval,
- 			   all 32 bits of 'nseconds'. */
- 			READ_BUF(12);
- 			len += 12;
--			READ32(dummy32);
--			if (dummy32)
--				return nfserr_inval;
--			READ32(iattr->ia_atime.tv_sec);
-+			READ64(iattr->ia_atime.tv_sec);
- 			READ32(iattr->ia_atime.tv_nsec);
- 			if (iattr->ia_atime.tv_nsec >= (u32)1000000000)
- 				return nfserr_inval;
-@@ -370,10 +367,7 @@ nfsd4_decode_fattr(struct nfsd4_compoundargs *argp, u32 *bmval,
- 			   all 32 bits of 'nseconds'. */
- 			READ_BUF(12);
- 			len += 12;
--			READ32(dummy32);
--			if (dummy32)
--				return nfserr_inval;
--			READ32(iattr->ia_mtime.tv_sec);
-+			READ64(iattr->ia_mtime.tv_sec);
- 			READ32(iattr->ia_mtime.tv_nsec);
- 			if (iattr->ia_mtime.tv_nsec >= (u32)1000000000)
- 				return nfserr_inval;
-@@ -2386,8 +2380,7 @@ out_acl:
- 	if (bmval1 & FATTR4_WORD1_TIME_ACCESS) {
- 		if ((buflen -= 12) < 0)
- 			goto out_resource;
--		WRITE32(0);
--		WRITE32(stat.atime.tv_sec);
-+		WRITE64((s64)stat.atime.tv_sec);
- 		WRITE32(stat.atime.tv_nsec);
- 	}
- 	if (bmval1 & FATTR4_WORD1_TIME_DELTA) {
-@@ -2400,15 +2393,13 @@ out_acl:
- 	if (bmval1 & FATTR4_WORD1_TIME_METADATA) {
- 		if ((buflen -= 12) < 0)
- 			goto out_resource;
--		WRITE32(0);
--		WRITE32(stat.ctime.tv_sec);
-+		WRITE64((s64)stat.ctime.tv_sec);
- 		WRITE32(stat.ctime.tv_nsec);
- 	}
- 	if (bmval1 & FATTR4_WORD1_TIME_MODIFY) {
- 		if ((buflen -= 12) < 0)
- 			goto out_resource;
--		WRITE32(0);
--		WRITE32(stat.mtime.tv_sec);
-+		WRITE64((s64)stat.mtime.tv_sec);
- 		WRITE32(stat.mtime.tv_nsec);
- 	}
- 	if (bmval1 & FATTR4_WORD1_MOUNTED_ON_FILEID) {
-diff --git a/fs/notify/inotify/inotify_user.c b/fs/notify/inotify/inotify_user.c
-index 07f7a92..595343e 100644
---- a/fs/notify/inotify/inotify_user.c
-+++ b/fs/notify/inotify/inotify_user.c
-@@ -574,7 +574,6 @@ static int inotify_update_existing_watch(struct fsnotify_group *group,
- 	int add = (arg & IN_MASK_ADD);
- 	int ret;
- 
--	/* don't allow invalid bits: we don't want flags set */
- 	mask = inotify_arg_to_mask(arg);
- 
- 	fsn_mark = fsnotify_find_inode_mark(group, inode);
-@@ -625,7 +624,6 @@ static int inotify_new_watch(struct fsnotify_group *group,
- 	struct idr *idr = &group->inotify_data.idr;
- 	spinlock_t *idr_lock = &group->inotify_data.idr_lock;
- 
--	/* don't allow invalid bits: we don't want flags set */
- 	mask = inotify_arg_to_mask(arg);
- 
- 	tmp_i_mark = kmem_cache_alloc(inotify_inode_mark_cachep, GFP_KERNEL);
-@@ -753,6 +751,10 @@ SYSCALL_DEFINE3(inotify_add_watch, int, fd, const char __user *, pathname,
- 	int ret;
- 	unsigned flags = 0;
- 
-+	/* don't allow invalid bits: we don't want flags set */
-+	if (unlikely(!(mask & ALL_INOTIFY_BITS)))
-+		return -EINVAL;
-+
- 	f = fdget(fd);
- 	if (unlikely(!f.file))
- 		return -EBADF;
-diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c
-index 1f8c823..d924812 100644
---- a/fs/sysfs/dir.c
-+++ b/fs/sysfs/dir.c
-@@ -1012,6 +1012,7 @@ static int sysfs_readdir(struct file * filp, void * dirent, filldir_t filldir)
- 	enum kobj_ns_type type;
- 	const void *ns;
- 	ino_t ino;
-+	loff_t off;
- 
- 	type = sysfs_ns_type(parent_sd);
- 	ns = sysfs_info(dentry->d_sb)->ns[type];
-@@ -1034,6 +1035,7 @@ static int sysfs_readdir(struct file * filp, void * dirent, filldir_t filldir)
- 			return 0;
- 	}
- 	mutex_lock(&sysfs_mutex);
-+	off = filp->f_pos;
- 	for (pos = sysfs_dir_pos(ns, parent_sd, filp->f_pos, pos);
- 	     pos;
- 	     pos = sysfs_dir_next_pos(ns, parent_sd, filp->f_pos, pos)) {
-@@ -1045,19 +1047,24 @@ static int sysfs_readdir(struct file * filp, void * dirent, filldir_t filldir)
- 		len = strlen(name);
- 		ino = pos->s_ino;
- 		type = dt_type(pos);
--		filp->f_pos = pos->s_hash;
-+		off = filp->f_pos = pos->s_hash;
- 		filp->private_data = sysfs_get(pos);
- 
- 		mutex_unlock(&sysfs_mutex);
--		ret = filldir(dirent, name, len, filp->f_pos, ino, type);
-+		ret = filldir(dirent, name, len, off, ino, type);
- 		mutex_lock(&sysfs_mutex);
- 		if (ret < 0)
- 			break;
- 	}
- 	mutex_unlock(&sysfs_mutex);
--	if ((filp->f_pos > 1) && !pos) { /* EOF */
--		filp->f_pos = INT_MAX;
-+
-+	/* don't reference last entry if its refcount is dropped */
-+	if (!pos) {
- 		filp->private_data = NULL;
-+
-+		/* EOF and not changed as 0 or 1 in read/write path */
-+		if (off == filp->f_pos && off > 1)
-+			filp->f_pos = INT_MAX;
- 	}
- 	return 0;
- }
-diff --git a/include/asm-generic/pgtable.h b/include/asm-generic/pgtable.h
-index 5cf680a..f50a87d 100644
---- a/include/asm-generic/pgtable.h
-+++ b/include/asm-generic/pgtable.h
-@@ -7,6 +7,16 @@
- #include <linux/mm_types.h>
- #include <linux/bug.h>
- 
-+/*
-+ * On almost all architectures and configurations, 0 can be used as the
-+ * upper ceiling to free_pgtables(): on many architectures it has the same
-+ * effect as using TASK_SIZE.  However, there is one configuration which
-+ * must impose a more careful limit, to avoid freeing kernel pgtables.
-+ */
-+#ifndef USER_PGTABLES_CEILING
-+#define USER_PGTABLES_CEILING	0UL
-+#endif
-+
- #ifndef __HAVE_ARCH_PTEP_SET_ACCESS_FLAGS
- extern int ptep_set_access_flags(struct vm_area_struct *vma,
- 				 unsigned long address, pte_t *ptep,
-diff --git a/include/linux/cgroup.h b/include/linux/cgroup.h
-index 7d73905..2322df7 100644
---- a/include/linux/cgroup.h
-+++ b/include/linux/cgroup.h
-@@ -303,9 +303,6 @@ struct cftype {
- 	/* CFTYPE_* flags */
- 	unsigned int flags;
- 
--	/* file xattrs */
--	struct simple_xattrs xattrs;
--
- 	int (*open)(struct inode *inode, struct file *file);
- 	ssize_t (*read)(struct cgroup *cgrp, struct cftype *cft,
- 			struct file *file,
-diff --git a/include/linux/ipc_namespace.h b/include/linux/ipc_namespace.h
-index ae221a7..c4d870b 100644
---- a/include/linux/ipc_namespace.h
-+++ b/include/linux/ipc_namespace.h
-@@ -43,8 +43,8 @@ struct ipc_namespace {
- 
- 	size_t		shm_ctlmax;
- 	size_t		shm_ctlall;
-+	unsigned long	shm_tot;
- 	int		shm_ctlmni;
--	int		shm_tot;
- 	/*
- 	 * Defines whether IPC_RMID is forced for _all_ shm segments regardless
- 	 * of shmctl()
-diff --git a/include/linux/jbd2.h b/include/linux/jbd2.h
-index e30b663..383bef0 100644
---- a/include/linux/jbd2.h
-+++ b/include/linux/jbd2.h
-@@ -498,6 +498,7 @@ struct transaction_s
- 		T_COMMIT,
- 		T_COMMIT_DFLUSH,
- 		T_COMMIT_JFLUSH,
-+		T_COMMIT_CALLBACK,
- 		T_FINISHED
- 	}			t_state;
- 
-@@ -1210,6 +1211,7 @@ int __jbd2_log_start_commit(journal_t *journal, tid_t tid);
- int jbd2_journal_start_commit(journal_t *journal, tid_t *tid);
- int jbd2_journal_force_commit_nested(journal_t *journal);
- int jbd2_log_wait_commit(journal_t *journal, tid_t tid);
-+int jbd2_complete_transaction(journal_t *journal, tid_t tid);
- int jbd2_log_do_checkpoint(journal_t *journal);
- int jbd2_trans_will_send_data_barrier(journal_t *journal, tid_t tid);
- 
-diff --git a/include/linux/sched.h b/include/linux/sched.h
-index 7e49270..f5ad26e 100644
---- a/include/linux/sched.h
-+++ b/include/linux/sched.h
-@@ -2486,27 +2486,18 @@ static inline void threadgroup_change_end(struct task_struct *tsk)
-  *
-  * Lock the threadgroup @tsk belongs to.  No new task is allowed to enter
-  * and member tasks aren't allowed to exit (as indicated by PF_EXITING) or
-- * perform exec.  This is useful for cases where the threadgroup needs to
-- * stay stable across blockable operations.
-+ * change ->group_leader/pid.  This is useful for cases where the threadgroup
-+ * needs to stay stable across blockable operations.
-  *
-  * fork and exit paths explicitly call threadgroup_change_{begin|end}() for
-  * synchronization.  While held, no new task will be added to threadgroup
-  * and no existing live task will have its PF_EXITING set.
-  *
-- * During exec, a task goes and puts its thread group through unusual
-- * changes.  After de-threading, exclusive access is assumed to resources
-- * which are usually shared by tasks in the same group - e.g. sighand may
-- * be replaced with a new one.  Also, the exec'ing task takes over group
-- * leader role including its pid.  Exclude these changes while locked by
-- * grabbing cred_guard_mutex which is used to synchronize exec path.
-+ * de_thread() does threadgroup_change_{begin|end}() when a non-leader
-+ * sub-thread becomes a new leader.
-  */
- static inline void threadgroup_lock(struct task_struct *tsk)
- {
--	/*
--	 * exec uses exit for de-threading nesting group_rwsem inside
--	 * cred_guard_mutex. Grab cred_guard_mutex first.
--	 */
--	mutex_lock(&tsk->signal->cred_guard_mutex);
- 	down_write(&tsk->signal->group_rwsem);
- }
- 
-@@ -2519,7 +2510,6 @@ static inline void threadgroup_lock(struct task_struct *tsk)
- static inline void threadgroup_unlock(struct task_struct *tsk)
- {
- 	up_write(&tsk->signal->group_rwsem);
--	mutex_unlock(&tsk->signal->cred_guard_mutex);
- }
- #else
- static inline void threadgroup_change_begin(struct task_struct *tsk) {}
-diff --git a/include/sound/emu10k1.h b/include/sound/emu10k1.h
-index f841ba4..dfb42ca 100644
---- a/include/sound/emu10k1.h
-+++ b/include/sound/emu10k1.h
-@@ -1787,6 +1787,7 @@ struct snd_emu10k1 {
- 	unsigned int next_free_voice;
- 
- 	const struct firmware *firmware;
-+	const struct firmware *dock_fw;
- 
- #ifdef CONFIG_PM_SLEEP
- 	unsigned int *saved_ptr;
-diff --git a/ipc/shm.c b/ipc/shm.c
-index 4fa6d8f..9bab650 100644
---- a/ipc/shm.c
-+++ b/ipc/shm.c
-@@ -462,7 +462,7 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params)
- 	size_t size = params->u.size;
- 	int error;
- 	struct shmid_kernel *shp;
--	int numpages = (size + PAGE_SIZE -1) >> PAGE_SHIFT;
-+	size_t numpages = (size + PAGE_SIZE - 1) >> PAGE_SHIFT;
- 	struct file * file;
- 	char name[13];
- 	int id;
-diff --git a/kernel/cgroup.c b/kernel/cgroup.c
-index 1e23664..cddf1d9 100644
---- a/kernel/cgroup.c
-+++ b/kernel/cgroup.c
-@@ -162,6 +162,9 @@ struct cfent {
- 	struct list_head		node;
- 	struct dentry			*dentry;
- 	struct cftype			*type;
-+
-+	/* file xattrs */
-+	struct simple_xattrs		xattrs;
- };
- 
- /*
-@@ -908,13 +911,12 @@ static void cgroup_diput(struct dentry *dentry, struct inode *inode)
- 	} else {
- 		struct cfent *cfe = __d_cfe(dentry);
- 		struct cgroup *cgrp = dentry->d_parent->d_fsdata;
--		struct cftype *cft = cfe->type;
- 
- 		WARN_ONCE(!list_empty(&cfe->node) &&
- 			  cgrp != &cgrp->root->top_cgroup,
- 			  "cfe still linked for %s\n", cfe->type->name);
-+		simple_xattrs_free(&cfe->xattrs);
- 		kfree(cfe);
--		simple_xattrs_free(&cft->xattrs);
- 	}
- 	iput(inode);
- }
-@@ -2066,7 +2068,7 @@ static int cgroup_attach_proc(struct cgroup *cgrp, struct task_struct *leader)
- 	if (!group)
- 		return -ENOMEM;
- 	/* pre-allocate to guarantee space while iterating in rcu read-side. */
--	retval = flex_array_prealloc(group, 0, group_size - 1, GFP_KERNEL);
-+	retval = flex_array_prealloc(group, 0, group_size, GFP_KERNEL);
- 	if (retval)
- 		goto out_free_group_list;
- 
-@@ -2553,7 +2555,7 @@ static struct simple_xattrs *__d_xattrs(struct dentry *dentry)
- 	if (S_ISDIR(dentry->d_inode->i_mode))
- 		return &__d_cgrp(dentry)->xattrs;
- 	else
--		return &__d_cft(dentry)->xattrs;
-+		return &__d_cfe(dentry)->xattrs;
- }
- 
- static inline int xattr_enabled(struct dentry *dentry)
-@@ -2729,8 +2731,6 @@ static int cgroup_add_file(struct cgroup *cgrp, struct cgroup_subsys *subsys,
- 	umode_t mode;
- 	char name[MAX_CGROUP_TYPE_NAMELEN + MAX_CFTYPE_NAME + 2] = { 0 };
- 
--	simple_xattrs_init(&cft->xattrs);
--
- 	if (subsys && !test_bit(ROOT_NOPREFIX, &cgrp->root->flags)) {
- 		strcpy(name, subsys->name);
- 		strcat(name, ".");
-@@ -2755,6 +2755,7 @@ static int cgroup_add_file(struct cgroup *cgrp, struct cgroup_subsys *subsys,
- 		cfe->type = (void *)cft;
- 		cfe->dentry = dentry;
- 		dentry->d_fsdata = cfe;
-+		simple_xattrs_init(&cfe->xattrs);
- 		list_add_tail(&cfe->node, &parent->files);
- 		cfe = NULL;
- 	}
-diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c
-index e4cee8d..60f7e32 100644
---- a/kernel/hrtimer.c
-+++ b/kernel/hrtimer.c
-@@ -298,6 +298,10 @@ ktime_t ktime_sub_ns(const ktime_t kt, u64 nsec)
- 	} else {
- 		unsigned long rem = do_div(nsec, NSEC_PER_SEC);
- 
-+		/* Make sure nsec fits into long */
-+		if (unlikely(nsec > KTIME_SEC_MAX))
-+			return (ktime_t){ .tv64 = KTIME_MAX };
-+
- 		tmp = ktime_set((long)nsec, rem);
- 	}
- 
-@@ -1308,6 +1312,8 @@ retry:
- 
- 				expires = ktime_sub(hrtimer_get_expires(timer),
- 						    base->offset);
-+				if (expires.tv64 < 0)
-+					expires.tv64 = KTIME_MAX;
- 				if (expires.tv64 < expires_next.tv64)
- 					expires_next = expires;
- 				break;
-diff --git a/kernel/rcutree_trace.c b/kernel/rcutree_trace.c
-index 0d095dc..93f8e8f 100644
---- a/kernel/rcutree_trace.c
-+++ b/kernel/rcutree_trace.c
-@@ -97,7 +97,7 @@ static const struct file_operations rcubarrier_fops = {
- 	.open = rcubarrier_open,
- 	.read = seq_read,
- 	.llseek = no_llseek,
--	.release = seq_release,
-+	.release = single_release,
- };
- 
- #ifdef CONFIG_RCU_BOOST
-@@ -208,7 +208,7 @@ static const struct file_operations rcuexp_fops = {
- 	.open = rcuexp_open,
- 	.read = seq_read,
- 	.llseek = no_llseek,
--	.release = seq_release,
-+	.release = single_release,
- };
- 
- #ifdef CONFIG_RCU_BOOST
-@@ -308,7 +308,7 @@ static const struct file_operations rcuhier_fops = {
- 	.open = rcuhier_open,
- 	.read = seq_read,
- 	.llseek = no_llseek,
--	.release = seq_release,
-+	.release = single_release,
- };
- 
- static void show_one_rcugp(struct seq_file *m, struct rcu_state *rsp)
-@@ -350,7 +350,7 @@ static const struct file_operations rcugp_fops = {
- 	.open = rcugp_open,
- 	.read = seq_read,
- 	.llseek = no_llseek,
--	.release = seq_release,
-+	.release = single_release,
- };
- 
- static void print_one_rcu_pending(struct seq_file *m, struct rcu_data *rdp)
-diff --git a/kernel/time/tick-broadcast.c b/kernel/time/tick-broadcast.c
-index a13987a..239a323 100644
---- a/kernel/time/tick-broadcast.c
-+++ b/kernel/time/tick-broadcast.c
-@@ -66,6 +66,8 @@ static void tick_broadcast_start_periodic(struct clock_event_device *bc)
-  */
- int tick_check_broadcast_device(struct clock_event_device *dev)
- {
-+	struct clock_event_device *cur = tick_broadcast_device.evtdev;
-+
- 	if ((dev->features & CLOCK_EVT_FEAT_DUMMY) ||
- 	    (tick_broadcast_device.evtdev &&
- 	     tick_broadcast_device.evtdev->rating >= dev->rating) ||
-@@ -73,6 +75,8 @@ int tick_check_broadcast_device(struct clock_event_device *dev)
- 		return 0;
- 
- 	clockevents_exchange_device(tick_broadcast_device.evtdev, dev);
-+	if (cur)
-+		cur->event_handler = clockevents_handle_noop;
- 	tick_broadcast_device.evtdev = dev;
- 	if (!cpumask_empty(tick_get_broadcast_mask()))
- 		tick_broadcast_start_periodic(dev);
-diff --git a/kernel/time/tick-common.c b/kernel/time/tick-common.c
-index b1600a6..7076b3f 100644
---- a/kernel/time/tick-common.c
-+++ b/kernel/time/tick-common.c
-@@ -323,6 +323,7 @@ static void tick_shutdown(unsigned int *cpup)
- 		 */
- 		dev->mode = CLOCK_EVT_MODE_UNUSED;
- 		clockevents_exchange_device(dev, NULL);
-+		dev->event_handler = clockevents_handle_noop;
- 		td->evtdev = NULL;
- 	}
- 	raw_spin_unlock_irqrestore(&tick_device_lock, flags);
-diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
-index 35cc3a8..03dbc77 100644
---- a/kernel/trace/ftrace.c
-+++ b/kernel/trace/ftrace.c
-@@ -650,7 +650,7 @@ int ftrace_profile_pages_init(struct ftrace_profile_stat *stat)
- 
- 	pages = DIV_ROUND_UP(functions, PROFILES_PER_PAGE);
- 
--	for (i = 0; i < pages; i++) {
-+	for (i = 1; i < pages; i++) {
- 		pg->next = (void *)get_zeroed_page(GFP_KERNEL);
- 		if (!pg->next)
- 			goto out_free;
-@@ -3714,7 +3714,8 @@ out:
- 	if (fail)
- 		return -EINVAL;
- 
--	ftrace_graph_filter_enabled = 1;
-+	ftrace_graph_filter_enabled = !!(*idx);
-+
- 	return 0;
- }
- 
-diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
-index fe1d581..1c82852 100644
---- a/kernel/trace/trace.c
-+++ b/kernel/trace/trace.c
-@@ -4885,6 +4885,8 @@ static __init int tracer_init_debugfs(void)
- 	trace_access_lock_init();
- 
- 	d_tracer = tracing_init_dentry();
-+	if (!d_tracer)
-+		return 0;
- 
- 	trace_create_file("trace_options", 0644, d_tracer,
- 			NULL, &tracing_iter_fops);
-diff --git a/kernel/trace/trace_stack.c b/kernel/trace/trace_stack.c
-index 83a8b5b..b20428c 100644
---- a/kernel/trace/trace_stack.c
-+++ b/kernel/trace/trace_stack.c
-@@ -20,13 +20,24 @@
- 
- #define STACK_TRACE_ENTRIES 500
- 
-+#ifdef CC_USING_FENTRY
-+# define fentry		1
-+#else
-+# define fentry		0
-+#endif
-+
- static unsigned long stack_dump_trace[STACK_TRACE_ENTRIES+1] =
- 	 { [0 ... (STACK_TRACE_ENTRIES)] = ULONG_MAX };
- static unsigned stack_dump_index[STACK_TRACE_ENTRIES];
- 
-+/*
-+ * Reserve one entry for the passed in ip. This will allow
-+ * us to remove most or all of the stack size overhead
-+ * added by the stack tracer itself.
-+ */
- static struct stack_trace max_stack_trace = {
--	.max_entries		= STACK_TRACE_ENTRIES,
--	.entries		= stack_dump_trace,
-+	.max_entries		= STACK_TRACE_ENTRIES - 1,
-+	.entries		= &stack_dump_trace[1],
- };
- 
- static unsigned long max_stack_size;
-@@ -39,25 +50,34 @@ static DEFINE_MUTEX(stack_sysctl_mutex);
- int stack_tracer_enabled;
- static int last_stack_tracer_enabled;
- 
--static inline void check_stack(void)
-+static inline void
-+check_stack(unsigned long ip, unsigned long *stack)
- {
- 	unsigned long this_size, flags;
- 	unsigned long *p, *top, *start;
-+	static int tracer_frame;
-+	int frame_size = ACCESS_ONCE(tracer_frame);
- 	int i;
- 
--	this_size = ((unsigned long)&this_size) & (THREAD_SIZE-1);
-+	this_size = ((unsigned long)stack) & (THREAD_SIZE-1);
- 	this_size = THREAD_SIZE - this_size;
-+	/* Remove the frame of the tracer */
-+	this_size -= frame_size;
- 
- 	if (this_size <= max_stack_size)
- 		return;
- 
- 	/* we do not handle interrupt stacks yet */
--	if (!object_is_on_stack(&this_size))
-+	if (!object_is_on_stack(stack))
- 		return;
- 
- 	local_irq_save(flags);
- 	arch_spin_lock(&max_stack_lock);
- 
-+	/* In case another CPU set the tracer_frame on us */
-+	if (unlikely(!frame_size))
-+		this_size -= tracer_frame;
-+
- 	/* a race could have already updated it */
- 	if (this_size <= max_stack_size)
- 		goto out;
-@@ -70,10 +90,18 @@ static inline void check_stack(void)
- 	save_stack_trace(&max_stack_trace);
- 
- 	/*
-+	 * Add the passed in ip from the function tracer.
-+	 * Searching for this on the stack will skip over
-+	 * most of the overhead from the stack tracer itself.
-+	 */
-+	stack_dump_trace[0] = ip;
-+	max_stack_trace.nr_entries++;
-+
-+	/*
- 	 * Now find where in the stack these are.
- 	 */
- 	i = 0;
--	start = &this_size;
-+	start = stack;
- 	top = (unsigned long *)
- 		(((unsigned long)start & ~(THREAD_SIZE-1)) + THREAD_SIZE);
- 
-@@ -97,6 +125,18 @@ static inline void check_stack(void)
- 				found = 1;
- 				/* Start the search from here */
- 				start = p + 1;
-+				/*
-+				 * We do not want to show the overhead
-+				 * of the stack tracer stack in the
-+				 * max stack. If we haven't figured
-+				 * out what that is, then figure it out
-+				 * now.
-+				 */
-+				if (unlikely(!tracer_frame) && i == 1) {
-+					tracer_frame = (p - stack) *
-+						sizeof(unsigned long);
-+					max_stack_size -= tracer_frame;
-+				}
- 			}
- 		}
- 
-@@ -113,6 +153,7 @@ static void
- stack_trace_call(unsigned long ip, unsigned long parent_ip,
- 		 struct ftrace_ops *op, struct pt_regs *pt_regs)
- {
-+	unsigned long stack;
- 	int cpu;
- 
- 	preempt_disable_notrace();
-@@ -122,7 +163,26 @@ stack_trace_call(unsigned long ip, unsigned long parent_ip,
- 	if (per_cpu(trace_active, cpu)++ != 0)
- 		goto out;
- 
--	check_stack();
-+	/*
-+	 * When fentry is used, the traced function does not get
-+	 * its stack frame set up, and we lose the parent.
-+	 * The ip is pretty useless because the function tracer
-+	 * was called before that function set up its stack frame.
-+	 * In this case, we use the parent ip.
-+	 *
-+	 * By adding the return address of either the parent ip
-+	 * or the current ip we can disregard most of the stack usage
-+	 * caused by the stack tracer itself.
-+	 *
-+	 * The function tracer always reports the address of where the
-+	 * mcount call was, but the stack will hold the return address.
-+	 */
-+	if (fentry)
-+		ip = parent_ip;
-+	else
-+		ip += MCOUNT_INSN_SIZE;
-+
-+	check_stack(ip, &stack);
- 
-  out:
- 	per_cpu(trace_active, cpu)--;
-@@ -371,6 +431,8 @@ static __init int stack_trace_init(void)
- 	struct dentry *d_tracer;
- 
- 	d_tracer = tracing_init_dentry();
-+	if (!d_tracer)
-+		return 0;
- 
- 	trace_create_file("stack_max_size", 0644, d_tracer,
- 			&max_stack_size, &stack_max_size_fops);
-diff --git a/kernel/trace/trace_stat.c b/kernel/trace/trace_stat.c
-index 96cffb2..847f88a 100644
---- a/kernel/trace/trace_stat.c
-+++ b/kernel/trace/trace_stat.c
-@@ -307,6 +307,8 @@ static int tracing_stat_init(void)
- 	struct dentry *d_tracing;
- 
- 	d_tracing = tracing_init_dentry();
-+	if (!d_tracing)
-+		return 0;
- 
- 	stat_dir = debugfs_create_dir("trace_stat", d_tracing);
- 	if (!stat_dir)
-diff --git a/lib/oid_registry.c b/lib/oid_registry.c
-index d8de11f..318f382 100644
---- a/lib/oid_registry.c
-+++ b/lib/oid_registry.c
-@@ -9,6 +9,7 @@
-  * 2 of the Licence, or (at your option) any later version.
-  */
- 
-+#include <linux/module.h>
- #include <linux/export.h>
- #include <linux/oid_registry.h>
- #include <linux/kernel.h>
-@@ -16,6 +17,10 @@
- #include <linux/bug.h>
- #include "oid_registry_data.c"
- 
-+MODULE_DESCRIPTION("OID Registry");
-+MODULE_AUTHOR("Red Hat, Inc.");
-+MODULE_LICENSE("GPL");
-+
- /**
-  * look_up_OID - Find an OID registration for the specified data
-  * @data: Binary representation of the OID
-diff --git a/mm/mmap.c b/mm/mmap.c
-index 90db251..32f3372 100644
---- a/mm/mmap.c
-+++ b/mm/mmap.c
-@@ -2289,7 +2289,7 @@ static void unmap_region(struct mm_struct *mm,
- 	update_hiwater_rss(mm);
- 	unmap_vmas(&tlb, vma, start, end);
- 	free_pgtables(&tlb, vma, prev ? prev->vm_end : FIRST_USER_ADDRESS,
--				 next ? next->vm_start : 0);
-+				 next ? next->vm_start : USER_PGTABLES_CEILING);
- 	tlb_finish_mmu(&tlb, start, end);
- }
- 
-@@ -2667,7 +2667,7 @@ void exit_mmap(struct mm_struct *mm)
- 	/* Use -1 here to ensure all VMAs in the mm are unmapped */
- 	unmap_vmas(&tlb, vma, 0, -1);
- 
--	free_pgtables(&tlb, vma, FIRST_USER_ADDRESS, 0);
-+	free_pgtables(&tlb, vma, FIRST_USER_ADDRESS, USER_PGTABLES_CEILING);
- 	tlb_finish_mmu(&tlb, 0, -1);
- 
- 	/*
-diff --git a/mm/page_io.c b/mm/page_io.c
-index 78eee32..6182870 100644
---- a/mm/page_io.c
-+++ b/mm/page_io.c
-@@ -214,6 +214,7 @@ int swap_writepage(struct page *page, struct writeback_control *wbc)
- 		kiocb.ki_left = PAGE_SIZE;
- 		kiocb.ki_nbytes = PAGE_SIZE;
- 
-+		set_page_writeback(page);
- 		unlock_page(page);
- 		ret = mapping->a_ops->direct_IO(KERNEL_WRITE,
- 						&kiocb, &iov,
-@@ -222,7 +223,23 @@ int swap_writepage(struct page *page, struct writeback_control *wbc)
- 		if (ret == PAGE_SIZE) {
- 			count_vm_event(PSWPOUT);
- 			ret = 0;
-+		} else {
-+			/*
-+			 * In the case of swap-over-nfs, this can be a
-+			 * temporary failure if the system has limited
-+			 * memory for allocating transmit buffers.
-+			 * Mark the page dirty and avoid
-+			 * rotate_reclaimable_page but rate-limit the
-+			 * messages but do not flag PageError like
-+			 * the normal direct-to-bio case as it could
-+			 * be temporary.
-+			 */
-+			set_page_dirty(page);
-+			ClearPageReclaim(page);
-+			pr_err_ratelimited("Write error on dio swapfile (%Lu)\n",
-+				page_file_offset(page));
- 		}
-+		end_page_writeback(page);
- 		return ret;
- 	}
- 
-diff --git a/net/mac80211/pm.c b/net/mac80211/pm.c
-index 79a48f3..64619f4 100644
---- a/net/mac80211/pm.c
-+++ b/net/mac80211/pm.c
-@@ -52,8 +52,8 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan)
- 	ieee80211_stop_queues_by_reason(hw,
- 			IEEE80211_QUEUE_STOP_REASON_SUSPEND);
- 
--	/* flush out all packets */
--	synchronize_net();
-+	/* flush out all packets and station cleanup call_rcu()s */
-+	rcu_barrier();
- 
- 	drv_flush(local, false);
- 
-diff --git a/net/wireless/reg.c b/net/wireless/reg.c
-index 82c4fc7..91ef82b 100644
---- a/net/wireless/reg.c
-+++ b/net/wireless/reg.c
-@@ -883,7 +883,7 @@ static void handle_channel(struct wiphy *wiphy,
- 			return;
- 
- 		REG_DBG_PRINT("Disabling freq %d MHz\n", chan->center_freq);
--		chan->flags = IEEE80211_CHAN_DISABLED;
-+		chan->flags |= IEEE80211_CHAN_DISABLED;
- 		return;
- 	}
- 
-diff --git a/scripts/kconfig/streamline_config.pl b/scripts/kconfig/streamline_config.pl
-index 3368939..68b85e1 100644
---- a/scripts/kconfig/streamline_config.pl
-+++ b/scripts/kconfig/streamline_config.pl
-@@ -156,7 +156,6 @@ sub read_kconfig {
- 
-     my $state = "NONE";
-     my $config;
--    my @kconfigs;
- 
-     my $cont = 0;
-     my $line;
-@@ -190,7 +189,13 @@ sub read_kconfig {
- 
- 	# collect any Kconfig sources
- 	if (/^source\s*"(.*)"/) {
--	    $kconfigs[$#kconfigs+1] = $1;
-+	    my $kconfig = $1;
-+	    # prevent reading twice.
-+	    if (!defined($read_kconfigs{$kconfig})) {
-+		$read_kconfigs{$kconfig} = 1;
-+		read_kconfig($kconfig);
-+	    }
-+	    next;
- 	}
- 
- 	# configs found
-@@ -250,14 +255,6 @@ sub read_kconfig {
- 	}
-     }
-     close($kinfile);
--
--    # read in any configs that were found.
--    foreach my $kconfig (@kconfigs) {
--	if (!defined($read_kconfigs{$kconfig})) {
--	    $read_kconfigs{$kconfig} = 1;
--	    read_kconfig($kconfig);
--	}
--    }
- }
- 
- if ($kconfig) {
-diff --git a/sound/pci/emu10k1/emu10k1_main.c b/sound/pci/emu10k1/emu10k1_main.c
-index e6b0166..bdd888e 100644
---- a/sound/pci/emu10k1/emu10k1_main.c
-+++ b/sound/pci/emu10k1/emu10k1_main.c
-@@ -657,14 +657,14 @@ static int snd_emu10k1_cardbus_init(struct snd_emu10k1 *emu)
- 	return 0;
- }
- 
--static int snd_emu1010_load_firmware(struct snd_emu10k1 *emu)
-+static int snd_emu1010_load_firmware(struct snd_emu10k1 *emu,
-+				     const struct firmware *fw_entry)
- {
- 	int n, i;
- 	int reg;
- 	int value;
- 	unsigned int write_post;
- 	unsigned long flags;
--	const struct firmware *fw_entry = emu->firmware;
- 
- 	if (!fw_entry)
- 		return -EIO;
-@@ -725,9 +725,34 @@ static int emu1010_firmware_thread(void *data)
- 			/* Return to Audio Dock programming mode */
- 			snd_printk(KERN_INFO "emu1010: Loading Audio Dock Firmware\n");
- 			snd_emu1010_fpga_write(emu, EMU_HANA_FPGA_CONFIG, EMU_HANA_FPGA_CONFIG_AUDIODOCK);
--			err = snd_emu1010_load_firmware(emu);
--			if (err != 0)
--				continue;
-+
-+			if (!emu->dock_fw) {
-+				const char *filename = NULL;
-+				switch (emu->card_capabilities->emu_model) {
-+				case EMU_MODEL_EMU1010:
-+					filename = DOCK_FILENAME;
-+					break;
-+				case EMU_MODEL_EMU1010B:
-+					filename = MICRO_DOCK_FILENAME;
-+					break;
-+				case EMU_MODEL_EMU1616:
-+					filename = MICRO_DOCK_FILENAME;
-+					break;
-+				}
-+				if (filename) {
-+					err = request_firmware(&emu->dock_fw,
-+							       filename,
-+							       &emu->pci->dev);
-+					if (err)
-+						continue;
-+				}
-+			}
-+
-+			if (emu->dock_fw) {
-+				err = snd_emu1010_load_firmware(emu, emu->dock_fw);
-+				if (err)
-+					continue;
-+			}
- 
- 			snd_emu1010_fpga_write(emu, EMU_HANA_FPGA_CONFIG, 0);
- 			snd_emu1010_fpga_read(emu, EMU_HANA_IRQ_STATUS, &reg);
-@@ -862,7 +887,7 @@ static int snd_emu10k1_emu1010_init(struct snd_emu10k1 *emu)
- 			   filename, emu->firmware->size);
- 	}
- 
--	err = snd_emu1010_load_firmware(emu);
-+	err = snd_emu1010_load_firmware(emu, emu->firmware);
- 	if (err != 0) {
- 		snd_printk(KERN_INFO "emu1010: Loading Firmware failed\n");
- 		return err;
-@@ -1253,6 +1278,8 @@ static int snd_emu10k1_free(struct snd_emu10k1 *emu)
- 		kthread_stop(emu->emu1010.firmware_thread);
- 	if (emu->firmware)
- 		release_firmware(emu->firmware);
-+	if (emu->dock_fw)
-+		release_firmware(emu->dock_fw);
- 	if (emu->irq >= 0)
- 		free_irq(emu->irq, emu);
- 	/* remove reserved page */
-diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
-index ee975a2..7f45d48 100644
---- a/sound/pci/hda/patch_realtek.c
-+++ b/sound/pci/hda/patch_realtek.c
-@@ -5823,6 +5823,7 @@ enum {
- 	ALC269_TYPE_ALC280,
- 	ALC269_TYPE_ALC282,
- 	ALC269_TYPE_ALC284,
-+	ALC269_TYPE_ALC286,
- };
- 
- /*
-@@ -5846,6 +5847,7 @@ static int alc269_parse_auto_config(struct hda_codec *codec)
- 	case ALC269_TYPE_ALC269VB:
- 	case ALC269_TYPE_ALC269VD:
- 	case ALC269_TYPE_ALC282:
-+	case ALC269_TYPE_ALC286:
- 		ssids = alc269_ssids;
- 		break;
- 	default:
-@@ -6451,6 +6453,9 @@ static int patch_alc269(struct hda_codec *codec)
- 	case 0x10ec0292:
- 		spec->codec_variant = ALC269_TYPE_ALC284;
- 		break;
-+	case 0x10ec0286:
-+		spec->codec_variant = ALC269_TYPE_ALC286;
-+		break;
- 	}
- 
- 	/* automatic parse from the BIOS config */
-@@ -7157,6 +7162,7 @@ static const struct hda_codec_preset snd_hda_preset_realtek[] = {
- 	{ .id = 0x10ec0282, .name = "ALC282", .patch = patch_alc269 },
- 	{ .id = 0x10ec0283, .name = "ALC283", .patch = patch_alc269 },
- 	{ .id = 0x10ec0284, .name = "ALC284", .patch = patch_alc269 },
-+	{ .id = 0x10ec0286, .name = "ALC286", .patch = patch_alc269 },
- 	{ .id = 0x10ec0290, .name = "ALC290", .patch = patch_alc269 },
- 	{ .id = 0x10ec0292, .name = "ALC292", .patch = patch_alc269 },
- 	{ .id = 0x10ec0861, .rev = 0x100340, .name = "ALC660",
-diff --git a/sound/soc/codecs/max98088.c b/sound/soc/codecs/max98088.c
-index a4c16fd..5d36319 100644
---- a/sound/soc/codecs/max98088.c
-+++ b/sound/soc/codecs/max98088.c
-@@ -2006,7 +2006,7 @@ static int max98088_probe(struct snd_soc_codec *codec)
-                        ret);
-                goto err_access;
-        }
--       dev_info(codec->dev, "revision %c\n", ret + 'A');
-+       dev_info(codec->dev, "revision %c\n", ret - 0x40 + 'A');
- 
-        snd_soc_write(codec, M98088_REG_51_PWR_SYS, M98088_PWRSV);
- 
-diff --git a/sound/usb/6fire/pcm.c b/sound/usb/6fire/pcm.c
-index e2ca12f..40dd50a 100644
---- a/sound/usb/6fire/pcm.c
-+++ b/sound/usb/6fire/pcm.c
-@@ -575,7 +575,6 @@ static void usb6fire_pcm_init_urb(struct pcm_urb *urb,
- 	urb->instance.pipe = in ? usb_rcvisocpipe(chip->dev, ep)
- 			: usb_sndisocpipe(chip->dev, ep);
- 	urb->instance.interval = 1;
--	urb->instance.transfer_flags = URB_ISO_ASAP;
- 	urb->instance.complete = handler;
- 	urb->instance.context = urb;
- 	urb->instance.number_of_packets = PCM_N_PACKETS_PER_URB;
-diff --git a/sound/usb/caiaq/audio.c b/sound/usb/caiaq/audio.c
-index fde9a7a..b45e29b 100644
---- a/sound/usb/caiaq/audio.c
-+++ b/sound/usb/caiaq/audio.c
-@@ -670,7 +670,6 @@ static void read_completed(struct urb *urb)
- 
- 	if (send_it) {
- 		out->number_of_packets = outframe;
--		out->transfer_flags = URB_ISO_ASAP;
- 		usb_submit_urb(out, GFP_ATOMIC);
- 	} else {
- 		struct snd_usb_caiaq_cb_info *oinfo = out->context;
-@@ -686,7 +685,6 @@ requeue:
- 	}
- 
- 	urb->number_of_packets = FRAMES_PER_URB;
--	urb->transfer_flags = URB_ISO_ASAP;
- 	usb_submit_urb(urb, GFP_ATOMIC);
- }
- 
-@@ -751,7 +749,6 @@ static struct urb **alloc_urbs(struct snd_usb_caiaqdev *dev, int dir, int *ret)
- 						* BYTES_PER_FRAME;
- 		urbs[i]->context = &dev->data_cb_info[i];
- 		urbs[i]->interval = 1;
--		urbs[i]->transfer_flags = URB_ISO_ASAP;
- 		urbs[i]->number_of_packets = FRAMES_PER_URB;
- 		urbs[i]->complete = (dir == SNDRV_PCM_STREAM_CAPTURE) ?
- 					read_completed : write_completed;
-diff --git a/sound/usb/card.c b/sound/usb/card.c
-index ccf95cf..a9d5779 100644
---- a/sound/usb/card.c
-+++ b/sound/usb/card.c
-@@ -612,7 +612,9 @@ int snd_usb_autoresume(struct snd_usb_audio *chip)
- 	int err = -ENODEV;
- 
- 	down_read(&chip->shutdown_rwsem);
--	if (!chip->shutdown && !chip->probing)
-+	if (chip->probing)
-+		err = 0;
-+	else if (!chip->shutdown)
- 		err = usb_autopm_get_interface(chip->pm_intf);
- 	up_read(&chip->shutdown_rwsem);
- 
-diff --git a/sound/usb/card.h b/sound/usb/card.h
-index 8a751b4..d32ea41 100644
---- a/sound/usb/card.h
-+++ b/sound/usb/card.h
-@@ -116,6 +116,7 @@ struct snd_usb_substream {
- 	unsigned int altset_idx;     /* USB data format: index of alternate setting */
- 	unsigned int txfr_quirk:1;	/* allow sub-frame alignment */
- 	unsigned int fmt_type;		/* USB audio format type (1-3) */
-+	unsigned int pkt_offset_adj;	/* Bytes to drop from beginning of packets (for non-compliant devices) */
- 
- 	unsigned int running: 1;	/* running status */
- 
-diff --git a/sound/usb/endpoint.c b/sound/usb/endpoint.c
-index 21049b8..63cca3a 100644
---- a/sound/usb/endpoint.c
-+++ b/sound/usb/endpoint.c
-@@ -677,7 +677,7 @@ static int data_ep_set_params(struct snd_usb_endpoint *ep,
- 		if (!u->urb->transfer_buffer)
- 			goto out_of_memory;
- 		u->urb->pipe = ep->pipe;
--		u->urb->transfer_flags = URB_ISO_ASAP | URB_NO_TRANSFER_DMA_MAP;
-+		u->urb->transfer_flags = URB_NO_TRANSFER_DMA_MAP;
- 		u->urb->interval = 1 << ep->datainterval;
- 		u->urb->context = u;
- 		u->urb->complete = snd_complete_urb;
-@@ -716,8 +716,7 @@ static int sync_ep_set_params(struct snd_usb_endpoint *ep,
- 		u->urb->transfer_dma = ep->sync_dma + i * 4;
- 		u->urb->transfer_buffer_length = 4;
- 		u->urb->pipe = ep->pipe;
--		u->urb->transfer_flags = URB_ISO_ASAP |
--					 URB_NO_TRANSFER_DMA_MAP;
-+		u->urb->transfer_flags = URB_NO_TRANSFER_DMA_MAP;
- 		u->urb->number_of_packets = 1;
- 		u->urb->interval = 1 << ep->syncinterval;
- 		u->urb->context = u;
-diff --git a/sound/usb/midi.c b/sound/usb/midi.c
-index 34b9bb7..e5fee18 100644
---- a/sound/usb/midi.c
-+++ b/sound/usb/midi.c
-@@ -126,7 +126,6 @@ struct snd_usb_midi {
- 		struct snd_usb_midi_in_endpoint *in;
- 	} endpoints[MIDI_MAX_ENDPOINTS];
- 	unsigned long input_triggered;
--	bool autopm_reference;
- 	unsigned int opened[2];
- 	unsigned char disconnected;
- 	unsigned char input_running;
-@@ -1040,7 +1039,6 @@ static int substream_open(struct snd_rawmidi_substream *substream, int dir,
- {
- 	struct snd_usb_midi* umidi = substream->rmidi->private_data;
- 	struct snd_kcontrol *ctl;
--	int err;
- 
- 	down_read(&umidi->disc_rwsem);
- 	if (umidi->disconnected) {
-@@ -1051,13 +1049,6 @@ static int substream_open(struct snd_rawmidi_substream *substream, int dir,
- 	mutex_lock(&umidi->mutex);
- 	if (open) {
- 		if (!umidi->opened[0] && !umidi->opened[1]) {
--			err = usb_autopm_get_interface(umidi->iface);
--			umidi->autopm_reference = err >= 0;
--			if (err < 0 && err != -EACCES) {
--				mutex_unlock(&umidi->mutex);
--				up_read(&umidi->disc_rwsem);
--				return -EIO;
--			}
- 			if (umidi->roland_load_ctl) {
- 				ctl = umidi->roland_load_ctl;
- 				ctl->vd[0].access |= SNDRV_CTL_ELEM_ACCESS_INACTIVE;
-@@ -1080,8 +1071,6 @@ static int substream_open(struct snd_rawmidi_substream *substream, int dir,
- 				snd_ctl_notify(umidi->card,
- 				       SNDRV_CTL_EVENT_MASK_INFO, &ctl->id);
- 			}
--			if (umidi->autopm_reference)
--				usb_autopm_put_interface(umidi->iface);
- 		}
- 	}
- 	mutex_unlock(&umidi->mutex);
-@@ -2256,6 +2245,8 @@ int snd_usbmidi_create(struct snd_card *card,
- 		return err;
- 	}
- 
-+	usb_autopm_get_interface_no_resume(umidi->iface);
-+
- 	list_add_tail(&umidi->list, midi_list);
- 	return 0;
- }
-diff --git a/sound/usb/misc/ua101.c b/sound/usb/misc/ua101.c
-index 8b81cb5..6ad617b 100644
---- a/sound/usb/misc/ua101.c
-+++ b/sound/usb/misc/ua101.c
-@@ -1120,8 +1120,7 @@ static int alloc_stream_urbs(struct ua101 *ua, struct ua101_stream *stream,
- 			usb_init_urb(&urb->urb);
- 			urb->urb.dev = ua->dev;
- 			urb->urb.pipe = stream->usb_pipe;
--			urb->urb.transfer_flags = URB_ISO_ASAP |
--					URB_NO_TRANSFER_DMA_MAP;
-+			urb->urb.transfer_flags = URB_NO_TRANSFER_DMA_MAP;
- 			urb->urb.transfer_buffer = addr;
- 			urb->urb.transfer_dma = dma;
- 			urb->urb.transfer_buffer_length = max_packet_size;
-diff --git a/sound/usb/pcm.c b/sound/usb/pcm.c
-index d82e378..bcc50ed 100644
---- a/sound/usb/pcm.c
-+++ b/sound/usb/pcm.c
-@@ -1161,7 +1161,7 @@ static void retire_capture_urb(struct snd_usb_substream *subs,
- 	stride = runtime->frame_bits >> 3;
- 
- 	for (i = 0; i < urb->number_of_packets; i++) {
--		cp = (unsigned char *)urb->transfer_buffer + urb->iso_frame_desc[i].offset;
-+		cp = (unsigned char *)urb->transfer_buffer + urb->iso_frame_desc[i].offset + subs->pkt_offset_adj;
- 		if (urb->iso_frame_desc[i].status && printk_ratelimit()) {
- 			snd_printdd(KERN_ERR "frame %d active: %d\n", i, urb->iso_frame_desc[i].status);
- 			// continue;
-diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c
-index b9ca776..f581c3e 100644
---- a/sound/usb/quirks.c
-+++ b/sound/usb/quirks.c
-@@ -837,6 +837,7 @@ static void set_format_emu_quirk(struct snd_usb_substream *subs,
- 		break;
- 	}
- 	snd_emuusb_set_samplerate(subs->stream->chip, emu_samplerate_id);
-+	subs->pkt_offset_adj = (emu_samplerate_id >= EMU_QUIRK_SR_176400HZ) ? 4 : 0;
- }
- 
- void snd_usb_set_format_quirk(struct snd_usb_substream *subs,
-diff --git a/sound/usb/stream.c b/sound/usb/stream.c
-index ad181d5..cfc4d4e 100644
---- a/sound/usb/stream.c
-+++ b/sound/usb/stream.c
-@@ -94,6 +94,7 @@ static void snd_usb_init_substream(struct snd_usb_stream *as,
- 	subs->dev = as->chip->dev;
- 	subs->txfr_quirk = as->chip->txfr_quirk;
- 	subs->speed = snd_usb_get_speed(subs->dev);
-+	subs->pkt_offset_adj = 0;
- 
- 	snd_usb_set_pcm_ops(as->pcm, stream);
- 
-@@ -396,6 +397,14 @@ static int parse_uac_endpoint_attributes(struct snd_usb_audio *chip,
- 	if (!csep && altsd->bNumEndpoints >= 2)
- 		csep = snd_usb_find_desc(alts->endpoint[1].extra, alts->endpoint[1].extralen, NULL, USB_DT_CS_ENDPOINT);
- 
-+	/*
-+	 * If we can't locate the USB_DT_CS_ENDPOINT descriptor in the extra
-+	 * bytes after the first endpoint, go search the entire interface.
-+	 * Some devices have it directly *before* the standard endpoint.
-+	 */
-+	if (!csep)
-+		csep = snd_usb_find_desc(alts->extra, alts->extralen, NULL, USB_DT_CS_ENDPOINT);
-+
- 	if (!csep || csep->bLength < 7 ||
- 	    csep->bDescriptorSubtype != UAC_EP_GENERAL) {
- 		snd_printk(KERN_WARNING "%d:%u:%d : no or invalid"
-diff --git a/sound/usb/usx2y/usb_stream.c b/sound/usb/usx2y/usb_stream.c
-index 1e7a47a..bf618e1 100644
---- a/sound/usb/usx2y/usb_stream.c
-+++ b/sound/usb/usx2y/usb_stream.c
-@@ -69,7 +69,6 @@ static void init_pipe_urbs(struct usb_stream_kernel *sk, unsigned use_packsize,
- 	     ++u, transfer += transfer_length) {
- 		struct urb *urb = urbs[u];
- 		struct usb_iso_packet_descriptor *desc;
--		urb->transfer_flags = URB_ISO_ASAP;
- 		urb->transfer_buffer = transfer;
- 		urb->dev = dev;
- 		urb->pipe = pipe;
-diff --git a/sound/usb/usx2y/usbusx2yaudio.c b/sound/usb/usx2y/usbusx2yaudio.c
-index 520ef96..b376532 100644
---- a/sound/usb/usx2y/usbusx2yaudio.c
-+++ b/sound/usb/usx2y/usbusx2yaudio.c
-@@ -503,7 +503,6 @@ static int usX2Y_urbs_start(struct snd_usX2Y_substream *subs)
- 			if (0 == i)
- 				atomic_set(&subs->state, state_STARTING3);
- 			urb->dev = usX2Y->dev;
--			urb->transfer_flags = URB_ISO_ASAP;
- 			for (pack = 0; pack < nr_of_packs(); pack++) {
- 				urb->iso_frame_desc[pack].offset = subs->maxpacksize * pack;
- 				urb->iso_frame_desc[pack].length = subs->maxpacksize;
-diff --git a/sound/usb/usx2y/usx2yhwdeppcm.c b/sound/usb/usx2y/usx2yhwdeppcm.c
-index cc56007..f2a1acd 100644
---- a/sound/usb/usx2y/usx2yhwdeppcm.c
-+++ b/sound/usb/usx2y/usx2yhwdeppcm.c
-@@ -443,7 +443,6 @@ static int usX2Y_usbpcm_urbs_start(struct snd_usX2Y_substream *subs)
- 					if (0 == u)
- 						atomic_set(&subs->state, state_STARTING3);
- 					urb->dev = usX2Y->dev;
--					urb->transfer_flags = URB_ISO_ASAP;
- 					for (pack = 0; pack < nr_of_packs(); pack++) {
- 						urb->iso_frame_desc[pack].offset = subs->maxpacksize * (pack + u * nr_of_packs());
- 						urb->iso_frame_desc[pack].length = subs->maxpacksize;
diff --git a/3.8.12/0000_README b/3.9.2/0000_README
index 00ed718..8bbbbef 100644
--- a/3.8.12/0000_README
+++ b/3.9.2/0000_README
@@ -2,15 +2,7 @@ README
 -----------------------------------------------------------------------------
 Individual Patch Descriptions:
 -----------------------------------------------------------------------------
-Patch:	1010_linux-3.8.11.patch
-From:	http://www.kernel.org
-Desc:	Linux 3.8.11
-
-Patch:	1011_linux-3.8.12.patch
-From:	http://www.kernel.org
-Desc:	Linux 3.8.12
-
-Patch:	4420_grsecurity-2.9.1-3.8.12-201305082215.patch
+Patch:	4420_grsecurity-2.9.1-3.9.2-201305142035.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/3.8.12/4420_grsecurity-2.9.1-3.8.12-201305082215.patch b/3.9.2/4420_grsecurity-2.9.1-3.9.2-201305142035.patch
index 7f22cfc..7808b27 100644
--- a/3.8.12/4420_grsecurity-2.9.1-3.8.12-201305082215.patch
+++ b/3.9.2/4420_grsecurity-2.9.1-3.9.2-201305142035.patch
@@ -225,10 +225,10 @@ index b89a739..b47493f 100644
 +zconf.lex.c
  zoffset.h
 diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
-index 986614d..e8bfedc 100644
+index 8ccbf27..afffeb4 100644
 --- a/Documentation/kernel-parameters.txt
 +++ b/Documentation/kernel-parameters.txt
-@@ -922,6 +922,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
+@@ -948,6 +948,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
  			Format: <unsigned int> such that (rxsize & ~0x1fffc0) == 0.
  			Default: 1024
  
@@ -239,7 +239,7 @@ index 986614d..e8bfedc 100644
  	hashdist=	[KNL,NUMA] Large hashes allocated during boot
  			are distributed across NUMA nodes.  Defaults on
  			for 64-bit NUMA, off otherwise.
-@@ -2121,6 +2125,18 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
+@@ -2147,6 +2151,18 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
  			the specified number of seconds.  This is to be used if
  			your oopses keep scrolling off the screen.
  
@@ -259,7 +259,7 @@ index 986614d..e8bfedc 100644
  
  	pcd.		[PARIDE]
 diff --git a/Makefile b/Makefile
-index 902974f..3a7c75c 100644
+index 3e71511..8ff502e 100644
 --- a/Makefile
 +++ b/Makefile
 @@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -285,7 +285,7 @@ index 902974f..3a7c75c 100644
  	$(Q)$(MAKE) $(build)=scripts/basic
  	$(Q)rm -f .tmp_quiet_recordmcount
  
-@@ -575,6 +576,65 @@ else
+@@ -576,6 +577,65 @@ else
  KBUILD_CFLAGS	+= -O2
  endif
  
@@ -351,7 +351,7 @@ index 902974f..3a7c75c 100644
  include $(srctree)/arch/$(SRCARCH)/Makefile
  
  ifdef CONFIG_READABLE_ASM
-@@ -731,7 +791,7 @@ export mod_sign_cmd
+@@ -733,7 +793,7 @@ export mod_sign_cmd
  
  
  ifeq ($(KBUILD_EXTMOD),)
@@ -360,7 +360,7 @@ index 902974f..3a7c75c 100644
  
  vmlinux-dirs	:= $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
  		     $(core-y) $(core-m) $(drivers-y) $(drivers-m) \
-@@ -778,6 +838,8 @@ endif
+@@ -780,6 +840,8 @@ endif
  
  # The actual objects are generated when descending, 
  # make sure no implicit rule kicks in
@@ -369,7 +369,7 @@ index 902974f..3a7c75c 100644
  $(sort $(vmlinux-deps)): $(vmlinux-dirs) ;
  
  # Handle descending into subdirectories listed in $(vmlinux-dirs)
-@@ -787,7 +849,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ;
+@@ -789,7 +851,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ;
  # Error messages still appears in the original language
  
  PHONY += $(vmlinux-dirs)
@@ -378,7 +378,7 @@ index 902974f..3a7c75c 100644
  	$(Q)$(MAKE) $(build)=$@
  
  # Store (new) KERNELRELASE string in include/config/kernel.release
-@@ -831,6 +893,7 @@ prepare0: archprepare FORCE
+@@ -833,6 +895,7 @@ prepare0: archprepare FORCE
  	$(Q)$(MAKE) $(build)=.
  
  # All the preparing..
@@ -386,7 +386,7 @@ index 902974f..3a7c75c 100644
  prepare: prepare0
  
  # Generate some files
-@@ -938,6 +1001,8 @@ all: modules
+@@ -940,6 +1003,8 @@ all: modules
  #	using awk while concatenating to the final file.
  
  PHONY += modules
@@ -395,7 +395,7 @@ index 902974f..3a7c75c 100644
  modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin
  	$(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order
  	@$(kecho) '  Building modules, stage 2.';
-@@ -953,7 +1018,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin)
+@@ -955,7 +1020,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin)
  
  # Target to prepare building external modules
  PHONY += modules_prepare
@@ -404,7 +404,7 @@ index 902974f..3a7c75c 100644
  
  # Target to install modules
  PHONY += modules_install
-@@ -1019,7 +1084,7 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \
+@@ -1021,7 +1086,7 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \
  		  Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS \
  		  signing_key.priv signing_key.x509 x509.genkey		\
  		  extra_certificates signing_key.x509.keyid		\
@@ -413,7 +413,7 @@ index 902974f..3a7c75c 100644
  
  # clean - Delete most, but leave enough to build external modules
  #
-@@ -1059,6 +1124,7 @@ distclean: mrproper
+@@ -1061,6 +1126,7 @@ distclean: mrproper
  		\( -name '*.orig' -o -name '*.rej' -o -name '*~' \
  		-o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
  		-o -name '.*.rej' \
@@ -421,7 +421,7 @@ index 902974f..3a7c75c 100644
  		-o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \
  		-type f -print | xargs rm -f
  
-@@ -1219,6 +1285,8 @@ PHONY += $(module-dirs) modules
+@@ -1221,6 +1287,8 @@ PHONY += $(module-dirs) modules
  $(module-dirs): crmodverdir $(objtree)/Module.symvers
  	$(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@)
  
@@ -430,7 +430,7 @@ index 902974f..3a7c75c 100644
  modules: $(module-dirs)
  	@$(kecho) '  Building modules, stage 2.';
  	$(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost
-@@ -1355,17 +1423,21 @@ else
+@@ -1357,17 +1425,21 @@ else
          target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@))
  endif
  
@@ -456,7 +456,7 @@ index 902974f..3a7c75c 100644
  	$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
  %.symtypes: %.c prepare scripts FORCE
  	$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
-@@ -1375,11 +1447,15 @@ endif
+@@ -1377,11 +1449,15 @@ endif
  	$(cmd_crmodverdir)
  	$(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
  	$(build)=$(build-dir)
@@ -592,10 +592,10 @@ index 2fd00b7..cfd5069 100644
  
  	for (i = 0; i < n; i++) {
 diff --git a/arch/alpha/kernel/osf_sys.c b/arch/alpha/kernel/osf_sys.c
-index 14db93e..47bed62 100644
+index b9e37ad..44c24e7 100644
 --- a/arch/alpha/kernel/osf_sys.c
 +++ b/arch/alpha/kernel/osf_sys.c
-@@ -1295,16 +1295,16 @@ SYSCALL_DEFINE1(old_adjtimex, struct timex32 __user *, txc_p)
+@@ -1297,10 +1297,11 @@ SYSCALL_DEFINE1(old_adjtimex, struct timex32 __user *, txc_p)
     generic version except that we know how to honor ADDR_LIMIT_32BIT.  */
  
  static unsigned long
@@ -604,19 +604,20 @@ index 14db93e..47bed62 100644
 +arch_get_unmapped_area_1(struct file *filp, unsigned long addr, unsigned long len,
 +		         unsigned long limit, unsigned long flags)
  {
- 	struct vm_area_struct *vma = find_vma(current->mm, addr);
--
+ 	struct vm_unmapped_area_info info;
 +	unsigned long offset = gr_rand_threadstack_offset(current->mm, filp, flags);
- 	while (1) {
- 		/* At this point:  (!vma || addr < vma->vm_end). */
- 		if (limit - len < addr)
- 			return -ENOMEM;
--		if (!vma || addr + len <= vma->vm_start)
-+		if (check_heap_stack_gap(vma, addr, len, offset))
- 			return addr;
- 		addr = vma->vm_end;
- 		vma = vma->vm_next;
-@@ -1340,20 +1340,24 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
+ 
+ 	info.flags = 0;
+ 	info.length = len;
+@@ -1308,6 +1309,7 @@ arch_get_unmapped_area_1(unsigned long addr, unsigned long len,
+ 	info.high_limit = limit;
+ 	info.align_mask = 0;
+ 	info.align_offset = 0;
++	info.threadstack_offset = offset;
+ 	return vm_unmapped_area(&info);
+ }
+ 
+@@ -1340,20 +1342,24 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
  	   merely specific addresses, but regions of memory -- perhaps
  	   this feature should be incorporated into all ports?  */
  
@@ -806,27 +807,10 @@ index 0c4132d..88f0d53 100644
  		/* Allow reads even for write-only mappings */
  		if (!(vma->vm_flags & (VM_READ | VM_WRITE)))
 diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
-index 67874b8..9aa2d62 100644
+index 1cacda4..2cef624 100644
 --- a/arch/arm/Kconfig
 +++ b/arch/arm/Kconfig
-@@ -1427,6 +1427,16 @@ config ARM_ERRATA_775420
- 	 to deadlock. This workaround puts DSB before executing ISB if
- 	 an abort may occur on cache maintenance.
- 
-+config ARM_ERRATA_798181
-+	bool "ARM errata: TLBI/DSB failure on Cortex-A15"
-+	depends on CPU_V7 && SMP
-+	help
-+	  On Cortex-A15 (r0p0..r3p2) the TLBI*IS/DSB operations are not
-+	  adequately shooting down all use of the old entries. This
-+	  option enables the Linux kernel workaround for this erratum
-+	  which sends an IPI to the CPUs that are running the same ASID
-+	  as the one being invalidated.
-+
- endmenu
- 
- source "arch/arm/common/Kconfig"
-@@ -1813,7 +1823,7 @@ config ALIGNMENT_TRAP
+@@ -1850,7 +1850,7 @@ config ALIGNMENT_TRAP
  
  config UACCESS_WITH_MEMCPY
  	bool "Use kernel mem{cpy,set}() for {copy_to,clear}_user()"
@@ -835,28 +819,6 @@ index 67874b8..9aa2d62 100644
  	default y if CPU_FEROCEON
  	help
  	  Implement faster copy_to_user and clear_user methods for CPU
-diff --git a/arch/arm/common/gic.c b/arch/arm/common/gic.c
-index 87dfa902..3a523fc 100644
---- a/arch/arm/common/gic.c
-+++ b/arch/arm/common/gic.c
-@@ -81,7 +81,7 @@ static u8 gic_cpu_map[NR_GIC_CPU_IF] __read_mostly;
-  * Supported arch specific GIC irq extension.
-  * Default make them NULL.
-  */
--struct irq_chip gic_arch_extn = {
-+irq_chip_no_const gic_arch_extn __read_only = {
- 	.irq_eoi	= NULL,
- 	.irq_mask	= NULL,
- 	.irq_unmask	= NULL,
-@@ -329,7 +329,7 @@ static void gic_handle_cascade_irq(unsigned int irq, struct irq_desc *desc)
- 	chained_irq_exit(chip, desc);
- }
- 
--static struct irq_chip gic_chip = {
-+static irq_chip_no_const gic_chip __read_only = {
- 	.name			= "GIC",
- 	.irq_mask		= gic_mask_irq,
- 	.irq_unmask		= gic_unmask_irq,
 diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic.h
 index c79f61f..9ac0642 100644
 --- a/arch/arm/include/asm/atomic.h
@@ -1719,40 +1681,6 @@ index e42cf59..7b94b8f 100644
  	pagefault_enable();	/* subsumes preempt_enable() */
  
  	if (!ret) {
-diff --git a/arch/arm/include/asm/hardware/gic.h b/arch/arm/include/asm/hardware/gic.h
-index 4b1ce6c..bea3f73 100644
---- a/arch/arm/include/asm/hardware/gic.h
-+++ b/arch/arm/include/asm/hardware/gic.h
-@@ -34,9 +34,10 @@
- 
- #ifndef __ASSEMBLY__
- #include <linux/irqdomain.h>
-+#include <linux/irq.h>
- struct device_node;
- 
--extern struct irq_chip gic_arch_extn;
-+extern irq_chip_no_const gic_arch_extn;
- 
- void gic_init_bases(unsigned int, int, void __iomem *, void __iomem *,
- 		    u32 offset, struct device_node *);
-diff --git a/arch/arm/include/asm/highmem.h b/arch/arm/include/asm/highmem.h
-index 8c5e828..91b99ab 100644
---- a/arch/arm/include/asm/highmem.h
-+++ b/arch/arm/include/asm/highmem.h
-@@ -41,6 +41,13 @@ extern void kunmap_high(struct page *page);
- #endif
- #endif
- 
-+/*
-+ * Needed to be able to broadcast the TLB invalidation for kmap.
-+ */
-+#ifdef CONFIG_ARM_ERRATA_798181
-+#undef ARCH_NEEDS_KMAP_HIGH_GET
-+#endif
-+
- #ifdef ARCH_NEEDS_KMAP_HIGH_GET
- extern void *kmap_high_get(struct page *page);
- #else
 diff --git a/arch/arm/include/asm/kmap_types.h b/arch/arm/include/asm/kmap_types.h
 index 83eb2f7..ed77159 100644
 --- a/arch/arm/include/asm/kmap_types.h
@@ -1801,21 +1729,8 @@ index 2fe141f..192dc01 100644
  
  #ifdef CONFIG_MMU
  extern void iotable_init(struct map_desc *, int);
-diff --git a/arch/arm/include/asm/mmu_context.h b/arch/arm/include/asm/mmu_context.h
-index 863a661..a7b85e0 100644
---- a/arch/arm/include/asm/mmu_context.h
-+++ b/arch/arm/include/asm/mmu_context.h
-@@ -27,6 +27,8 @@ void __check_vmalloc_seq(struct mm_struct *mm);
- void check_and_switch_context(struct mm_struct *mm, struct task_struct *tsk);
- #define init_new_context(tsk,mm)	({ atomic64_set(&mm->context.id, 0); 0; })
- 
-+DECLARE_PER_CPU(atomic64_t, active_asids);
-+
- #else	/* !CONFIG_CPU_HAS_ASID */
- 
- #ifdef CONFIG_MMU
 diff --git a/arch/arm/include/asm/outercache.h b/arch/arm/include/asm/outercache.h
-index 53426c6..c7baff3 100644
+index 12f71a1..04e063c 100644
 --- a/arch/arm/include/asm/outercache.h
 +++ b/arch/arm/include/asm/outercache.h
 @@ -35,7 +35,7 @@ struct outer_cache_fns {
@@ -1950,17 +1865,10 @@ index f97ee02..07f1be5 100644
  /*
   * These are the memory types, defined to be compatible with
 diff --git a/arch/arm/include/asm/pgtable-3level-hwdef.h b/arch/arm/include/asm/pgtable-3level-hwdef.h
-index d795282..a43ea90 100644
+index 18f5cef..25b8f43 100644
 --- a/arch/arm/include/asm/pgtable-3level-hwdef.h
 +++ b/arch/arm/include/asm/pgtable-3level-hwdef.h
-@@ -32,15 +32,18 @@
- #define PMD_TYPE_SECT		(_AT(pmdval_t, 1) << 0)
- #define PMD_BIT4		(_AT(pmdval_t, 0))
- #define PMD_DOMAIN(x)		(_AT(pmdval_t, 0))
-+#define PMD_PXNTABLE		(_AT(pmdval_t, 1) << 59) /* PXNTable */
- 
- /*
-  *   - section
+@@ -41,6 +41,7 @@
   */
  #define PMD_SECT_BUFFERABLE	(_AT(pmdval_t, 1) << 2)
  #define PMD_SECT_CACHEABLE	(_AT(pmdval_t, 1) << 3)
@@ -1968,11 +1876,7 @@ index d795282..a43ea90 100644
  #define PMD_SECT_S		(_AT(pmdval_t, 3) << 8)
  #define PMD_SECT_AF		(_AT(pmdval_t, 1) << 10)
  #define PMD_SECT_nG		(_AT(pmdval_t, 1) << 11)
-+#define PMD_SECT_PXN		(_AT(pmdval_t, 1) << 53)
- #define PMD_SECT_XN		(_AT(pmdval_t, 1) << 54)
- #define PMD_SECT_AP_WRITE	(_AT(pmdval_t, 0))
- #define PMD_SECT_AP_READ	(_AT(pmdval_t, 0))
-@@ -66,6 +69,7 @@
+@@ -71,6 +72,7 @@
  #define PTE_EXT_SHARED		(_AT(pteval_t, 3) << 8)		/* SH[1:0], inner shareable */
  #define PTE_EXT_AF		(_AT(pteval_t, 1) << 10)	/* Access Flag */
  #define PTE_EXT_NG		(_AT(pteval_t, 1) << 11)	/* nG */
@@ -1981,7 +1885,7 @@ index d795282..a43ea90 100644
  
  /*
 diff --git a/arch/arm/include/asm/pgtable-3level.h b/arch/arm/include/asm/pgtable-3level.h
-index a3f3792..7b932a6 100644
+index 86b8fe3..e25f975 100644
 --- a/arch/arm/include/asm/pgtable-3level.h
 +++ b/arch/arm/include/asm/pgtable-3level.h
 @@ -74,6 +74,7 @@
@@ -2001,7 +1905,7 @@ index a3f3792..7b932a6 100644
  #define L_PTE_DIRTY_HIGH	(1 << (55 - 32))
  
 diff --git a/arch/arm/include/asm/pgtable.h b/arch/arm/include/asm/pgtable.h
-index 26e9ce4..461ed7f 100644
+index 9bcd262..fba731c 100644
 --- a/arch/arm/include/asm/pgtable.h
 +++ b/arch/arm/include/asm/pgtable.h
 @@ -30,6 +30,9 @@
@@ -2086,7 +1990,7 @@ index 26e9ce4..461ed7f 100644
   */
  #define _L_PTE_DEFAULT	L_PTE_PRESENT | L_PTE_YOUNG
  
-@@ -250,7 +300,7 @@ static inline pte_t pte_mkspecial(pte_t pte) { return pte; }
+@@ -257,7 +307,7 @@ static inline pte_t pte_mkspecial(pte_t pte) { return pte; }
  static inline pte_t pte_modify(pte_t pte, pgprot_t newprot)
  {
  	const pteval_t mask = L_PTE_XN | L_PTE_RDONLY | L_PTE_USER |
@@ -2180,32 +2084,6 @@ index cddda1f..ff357f7 100644
  
  /*
   * Change these and you break ASM code in entry-common.S
-diff --git a/arch/arm/include/asm/tlbflush.h b/arch/arm/include/asm/tlbflush.h
-index 6e924d3..a9f3ddf 100644
---- a/arch/arm/include/asm/tlbflush.h
-+++ b/arch/arm/include/asm/tlbflush.h
-@@ -430,6 +430,21 @@ static inline void local_flush_tlb_kernel_page(unsigned long kaddr)
- 	}
- }
- 
-+#ifdef CONFIG_ARM_ERRATA_798181
-+static inline void dummy_flush_tlb_a15_erratum(void)
-+{
-+	/*
-+	 * Dummy TLBIMVAIS. Using the unmapped address 0 and ASID 0.
-+	 */
-+	asm("mcr p15, 0, %0, c8, c3, 1" : : "r" (0));
-+	dsb();
-+}
-+#else
-+static inline void dummy_flush_tlb_a15_erratum(void)
-+{
-+}
-+#endif
-+
- /*
-  *	flush_pmd_entry
-  *
 diff --git a/arch/arm/include/asm/uaccess.h b/arch/arm/include/asm/uaccess.h
 index 7e1f760..752fcb7 100644
 --- a/arch/arm/include/asm/uaccess.h
@@ -2603,7 +2481,7 @@ index 0f82098..3dbd3ee 100644
  #endif
  	mov	r5, r0
 diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry-common.S
-index a6c301e..908821b 100644
+index fefd7f9..e6f250e 100644
 --- a/arch/arm/kernel/entry-common.S
 +++ b/arch/arm/kernel/entry-common.S
 @@ -10,18 +10,46 @@
@@ -2656,7 +2534,7 @@ index a6c301e..908821b 100644
  	.align	5
  /*
   * This is the fast syscall return path.  We do as little as
-@@ -339,6 +367,7 @@ ENDPROC(ftrace_stub)
+@@ -351,6 +379,7 @@ ENDPROC(ftrace_stub)
  
  	.align	5
  ENTRY(vector_swi)
@@ -2664,7 +2542,7 @@ index a6c301e..908821b 100644
  	sub	sp, sp, #S_FRAME_SIZE
  	stmia	sp, {r0 - r12}			@ Calling r0 - r12
   ARM(	add	r8, sp, #S_PC		)
-@@ -388,6 +417,12 @@ ENTRY(vector_swi)
+@@ -400,6 +429,12 @@ ENTRY(vector_swi)
  	ldr	scno, [lr, #-4]			@ get SWI instruction
  #endif
  
@@ -2773,7 +2651,7 @@ index 2adda11..7fbe958 100644
  	flush_icache_range(0xffff001c, 0xffff001c + length);
  	if (!vectors_high())
 diff --git a/arch/arm/kernel/head.S b/arch/arm/kernel/head.S
-index e0eb9a1..caee108 100644
+index 8bac553..caee108 100644
 --- a/arch/arm/kernel/head.S
 +++ b/arch/arm/kernel/head.S
 @@ -52,7 +52,9 @@
@@ -2787,15 +2665,6 @@ index e0eb9a1..caee108 100644
  	.endm
  
  /*
-@@ -267,7 +269,7 @@ __create_page_tables:
- 	addne	r6, r6, #1 << SECTION_SHIFT
- 	strne	r6, [r3]
- 
--#if defined(CONFIG_LPAE) && defined(CONFIG_CPU_ENDIAN_BE8)
-+#if defined(CONFIG_ARM_LPAE) && defined(CONFIG_CPU_ENDIAN_BE8)
- 	sub	r4, r4, #4			@ Fixup page table pointer
- 						@ for 64-bit descriptors
- #endif
 @@ -434,7 +436,7 @@ __enable_mmu:
  	mov	r5, #(domain_val(DOMAIN_USER, DOMAIN_MANAGER) | \
  		      domain_val(DOMAIN_KERNEL, DOMAIN_MANAGER) | \
@@ -2806,10 +2675,10 @@ index e0eb9a1..caee108 100644
  	mcr	p15, 0, r4, c2, c0, 0		@ load page table pointer
  #endif
 diff --git a/arch/arm/kernel/hw_breakpoint.c b/arch/arm/kernel/hw_breakpoint.c
-index 5ff2e77..556d030 100644
+index 1fd749e..47adb08 100644
 --- a/arch/arm/kernel/hw_breakpoint.c
 +++ b/arch/arm/kernel/hw_breakpoint.c
-@@ -1011,7 +1011,7 @@ static int __cpuinit dbg_reset_notify(struct notifier_block *self,
+@@ -1029,7 +1029,7 @@ static int __cpuinit dbg_reset_notify(struct notifier_block *self,
  	return NOTIFY_OK;
  }
  
@@ -2883,7 +2752,7 @@ index 07314af..c46655c 100644
  	flush_icache_range((uintptr_t)(addr),
  			   (uintptr_t)(addr) + size);
 diff --git a/arch/arm/kernel/perf_event_cpu.c b/arch/arm/kernel/perf_event_cpu.c
-index 5f66206..dce492f 100644
+index 1f2740e..b36e225 100644
 --- a/arch/arm/kernel/perf_event_cpu.c
 +++ b/arch/arm/kernel/perf_event_cpu.c
 @@ -171,7 +171,7 @@ static int __cpuinit cpu_pmu_notify(struct notifier_block *b,
@@ -2896,7 +2765,7 @@ index 5f66206..dce492f 100644
  };
  
 diff --git a/arch/arm/kernel/process.c b/arch/arm/kernel/process.c
-index c6dec5f..e0fddd1 100644
+index 047d3e4..7e96107 100644
 --- a/arch/arm/kernel/process.c
 +++ b/arch/arm/kernel/process.c
 @@ -28,7 +28,6 @@
@@ -2907,7 +2776,7 @@ index c6dec5f..e0fddd1 100644
  #include <linux/hw_breakpoint.h>
  #include <linux/cpuidle.h>
  #include <linux/leds.h>
-@@ -256,9 +255,10 @@ void machine_power_off(void)
+@@ -251,9 +250,10 @@ void machine_power_off(void)
  	machine_shutdown();
  	if (pm_power_off)
  		pm_power_off();
@@ -2919,7 +2788,7 @@ index c6dec5f..e0fddd1 100644
  {
  	machine_shutdown();
  
-@@ -283,8 +283,8 @@ void __show_regs(struct pt_regs *regs)
+@@ -278,8 +278,8 @@ void __show_regs(struct pt_regs *regs)
  		init_utsname()->release,
  		(int)strcspn(init_utsname()->version, " "),
  		init_utsname()->version);
@@ -2930,7 +2799,7 @@ index c6dec5f..e0fddd1 100644
  	printk("pc : [<%08lx>]    lr : [<%08lx>]    psr: %08lx\n"
  	       "sp : %08lx  ip : %08lx  fp : %08lx\n",
  		regs->ARM_pc, regs->ARM_lr, regs->ARM_cpsr,
-@@ -452,12 +452,6 @@ unsigned long get_wchan(struct task_struct *p)
+@@ -447,12 +447,6 @@ unsigned long get_wchan(struct task_struct *p)
  	return 0;
  }
  
@@ -2943,7 +2812,7 @@ index c6dec5f..e0fddd1 100644
  #ifdef CONFIG_MMU
  /*
   * The vectors page is always readable from user space for the
-@@ -470,9 +464,8 @@ static int __init gate_vma_init(void)
+@@ -465,9 +459,8 @@ static int __init gate_vma_init(void)
  {
  	gate_vma.vm_start	= 0xffff0000;
  	gate_vma.vm_end		= 0xffff0000 + PAGE_SIZE;
@@ -2980,10 +2849,10 @@ index 03deeff..741ce88 100644
  	if (secure_computing(scno) == -1)
  		return -1;
 diff --git a/arch/arm/kernel/setup.c b/arch/arm/kernel/setup.c
-index 3f6cbb2..39305c7 100644
+index 234e339..81264a1 100644
 --- a/arch/arm/kernel/setup.c
 +++ b/arch/arm/kernel/setup.c
-@@ -97,21 +97,23 @@ EXPORT_SYMBOL(system_serial_high);
+@@ -96,21 +96,23 @@ EXPORT_SYMBOL(system_serial_high);
  unsigned int elf_hwcap __read_mostly;
  EXPORT_SYMBOL(elf_hwcap);
  
@@ -3012,7 +2881,7 @@ index 3f6cbb2..39305c7 100644
  EXPORT_SYMBOL(outer_cache);
  #endif
  
-@@ -236,9 +238,13 @@ static int __get_cpu_architecture(void)
+@@ -235,9 +237,13 @@ static int __get_cpu_architecture(void)
  		asm("mrc	p15, 0, %0, c0, c1, 4"
  		    : "=r" (mmfr0));
  		if ((mmfr0 & 0x0000000f) >= 0x00000003 ||
@@ -3028,7 +2897,7 @@ index 3f6cbb2..39305c7 100644
  			 (mmfr0 & 0x000000f0) == 0x00000020)
  			cpu_arch = CPU_ARCH_ARMv6;
  		else
-@@ -462,7 +468,7 @@ static void __init setup_processor(void)
+@@ -478,7 +484,7 @@ static void __init setup_processor(void)
  	__cpu_architecture = __get_cpu_architecture();
  
  #ifdef MULTI_CPU
@@ -3037,20 +2906,11 @@ index 3f6cbb2..39305c7 100644
  #endif
  #ifdef MULTI_TLB
  	cpu_tlb = *list->tlb;
-@@ -524,7 +530,7 @@ int __init arm_add_memory(phys_addr_t start, phys_addr_t size)
- 	size -= start & ~PAGE_MASK;
- 	bank->start = PAGE_ALIGN(start);
- 
--#ifndef CONFIG_LPAE
-+#ifndef CONFIG_ARM_LPAE
- 	if (bank->start + size < bank->start) {
- 		printk(KERN_CRIT "Truncating memory at 0x%08llx to fit in "
- 			"32-bit physical address space\n", (long long)start);
 diff --git a/arch/arm/kernel/signal.c b/arch/arm/kernel/signal.c
-index 56f72d2..6924200 100644
+index 296786b..a8d4dd5 100644
 --- a/arch/arm/kernel/signal.c
 +++ b/arch/arm/kernel/signal.c
-@@ -433,22 +433,14 @@ setup_return(struct pt_regs *regs, struct k_sigaction *ka,
+@@ -396,22 +396,14 @@ setup_return(struct pt_regs *regs, struct ksignal *ksig,
  		    __put_user(sigreturn_codes[idx+1], rc+1))
  			return 1;
  
@@ -3079,9 +2939,9 @@ index 56f72d2..6924200 100644
 +		retcode = ((unsigned long)rc) + thumb;
  	}
  
- 	regs->ARM_r0 = usig;
+ 	regs->ARM_r0 = map_sig(ksig->sig);
 diff --git a/arch/arm/kernel/smp.c b/arch/arm/kernel/smp.c
-index 58af91c..343ce99 100644
+index 1f2cccc..f40c02e 100644
 --- a/arch/arm/kernel/smp.c
 +++ b/arch/arm/kernel/smp.c
 @@ -70,7 +70,7 @@ enum ipi_msg_type {
@@ -3093,132 +2953,8 @@ index 58af91c..343ce99 100644
  
  void __init smp_set_ops(struct smp_operations *ops)
  {
-diff --git a/arch/arm/kernel/smp_tlb.c b/arch/arm/kernel/smp_tlb.c
-index 02c5d2c..e5695ad 100644
---- a/arch/arm/kernel/smp_tlb.c
-+++ b/arch/arm/kernel/smp_tlb.c
-@@ -12,6 +12,7 @@
- 
- #include <asm/smp_plat.h>
- #include <asm/tlbflush.h>
-+#include <asm/mmu_context.h>
- 
- /**********************************************************************/
- 
-@@ -64,12 +65,72 @@ static inline void ipi_flush_tlb_kernel_range(void *arg)
- 	local_flush_tlb_kernel_range(ta->ta_start, ta->ta_end);
- }
- 
-+#ifdef CONFIG_ARM_ERRATA_798181
-+static int erratum_a15_798181(void)
-+{
-+	unsigned int midr = read_cpuid_id();
-+
-+	/* Cortex-A15 r0p0..r3p2 affected */
-+	if ((midr & 0xff0ffff0) != 0x410fc0f0 || midr > 0x413fc0f2)
-+		return 0;
-+	return 1;
-+}
-+#else
-+static int erratum_a15_798181(void)
-+{
-+	return 0;
-+}
-+#endif
-+
-+static void ipi_flush_tlb_a15_erratum(void *arg)
-+{
-+	dmb();
-+}
-+
-+static void broadcast_tlb_a15_erratum(void)
-+{
-+	if (!erratum_a15_798181())
-+		return;
-+
-+	dummy_flush_tlb_a15_erratum();
-+	smp_call_function_many(cpu_online_mask, ipi_flush_tlb_a15_erratum,
-+			       NULL, 1);
-+}
-+
-+static void broadcast_tlb_mm_a15_erratum(struct mm_struct *mm)
-+{
-+	int cpu;
-+	cpumask_t mask = { CPU_BITS_NONE };
-+
-+	if (!erratum_a15_798181())
-+		return;
-+
-+	dummy_flush_tlb_a15_erratum();
-+	for_each_online_cpu(cpu) {
-+		if (cpu == smp_processor_id())
-+			continue;
-+		/*
-+		 * We only need to send an IPI if the other CPUs are running
-+		 * the same ASID as the one being invalidated. There is no
-+		 * need for locking around the active_asids check since the
-+		 * switch_mm() function has at least one dmb() (as required by
-+		 * this workaround) in case a context switch happens on
-+		 * another CPU after the condition below.
-+		 */
-+		if (atomic64_read(&mm->context.id) ==
-+		    atomic64_read(&per_cpu(active_asids, cpu)))
-+			cpumask_set_cpu(cpu, &mask);
-+	}
-+	smp_call_function_many(&mask, ipi_flush_tlb_a15_erratum, NULL, 1);
-+}
-+
- void flush_tlb_all(void)
- {
- 	if (tlb_ops_need_broadcast())
- 		on_each_cpu(ipi_flush_tlb_all, NULL, 1);
- 	else
- 		local_flush_tlb_all();
-+	broadcast_tlb_a15_erratum();
- }
- 
- void flush_tlb_mm(struct mm_struct *mm)
-@@ -78,6 +139,7 @@ void flush_tlb_mm(struct mm_struct *mm)
- 		on_each_cpu_mask(mm_cpumask(mm), ipi_flush_tlb_mm, mm, 1);
- 	else
- 		local_flush_tlb_mm(mm);
-+	broadcast_tlb_mm_a15_erratum(mm);
- }
- 
- void flush_tlb_page(struct vm_area_struct *vma, unsigned long uaddr)
-@@ -90,6 +152,7 @@ void flush_tlb_page(struct vm_area_struct *vma, unsigned long uaddr)
- 					&ta, 1);
- 	} else
- 		local_flush_tlb_page(vma, uaddr);
-+	broadcast_tlb_mm_a15_erratum(vma->vm_mm);
- }
- 
- void flush_tlb_kernel_page(unsigned long kaddr)
-@@ -100,6 +163,7 @@ void flush_tlb_kernel_page(unsigned long kaddr)
- 		on_each_cpu(ipi_flush_tlb_kernel_page, &ta, 1);
- 	} else
- 		local_flush_tlb_kernel_page(kaddr);
-+	broadcast_tlb_a15_erratum();
- }
- 
- void flush_tlb_range(struct vm_area_struct *vma,
-@@ -114,6 +178,7 @@ void flush_tlb_range(struct vm_area_struct *vma,
- 					&ta, 1);
- 	} else
- 		local_flush_tlb_range(vma, start, end);
-+	broadcast_tlb_mm_a15_erratum(vma->vm_mm);
- }
- 
- void flush_tlb_kernel_range(unsigned long start, unsigned long end)
-@@ -125,5 +190,6 @@ void flush_tlb_kernel_range(unsigned long start, unsigned long end)
- 		on_each_cpu(ipi_flush_tlb_kernel_range, &ta, 1);
- 	} else
- 		local_flush_tlb_kernel_range(start, end);
-+	broadcast_tlb_a15_erratum();
- }
- 
 diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c
-index b0179b8..829510e 100644
+index 1c08911..264f009 100644
 --- a/arch/arm/kernel/traps.c
 +++ b/arch/arm/kernel/traps.c
 @@ -57,7 +57,7 @@ static void dump_mem(const char *, const char *, unsigned long, unsigned long);
@@ -3279,7 +3015,7 @@ index b0179b8..829510e 100644
 +
  }
 diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S
-index 11c1785..1b209f4 100644
+index b571484..4b2fc9b 100644
 --- a/arch/arm/kernel/vmlinux.lds.S
 +++ b/arch/arm/kernel/vmlinux.lds.S
 @@ -8,7 +8,11 @@
@@ -3295,7 +3031,7 @@ index 11c1785..1b209f4 100644
  #define PROC_INFO							\
  	. = ALIGN(4);							\
  	VMLINUX_SYMBOL(__proc_info_begin) = .;				\
-@@ -90,6 +94,11 @@ SECTIONS
+@@ -94,6 +98,11 @@ SECTIONS
  		_text = .;
  		HEAD_TEXT
  	}
@@ -3307,7 +3043,7 @@ index 11c1785..1b209f4 100644
  	.text : {			/* Real text segment		*/
  		_stext = .;		/* Text and read-only data	*/
  			__exception_text_start = .;
-@@ -112,6 +121,8 @@ SECTIONS
+@@ -116,6 +125,8 @@ SECTIONS
  			ARM_CPU_KEEP(PROC_INFO)
  	}
  
@@ -3316,7 +3052,7 @@ index 11c1785..1b209f4 100644
  	RO_DATA(PAGE_SIZE)
  
  	. = ALIGN(4);
-@@ -142,7 +153,9 @@ SECTIONS
+@@ -146,7 +157,9 @@ SECTIONS
  
  	NOTES
  
@@ -3327,7 +3063,7 @@ index 11c1785..1b209f4 100644
  
  #ifndef CONFIG_XIP_KERNEL
  	. = ALIGN(PAGE_SIZE);
-@@ -203,6 +216,11 @@ SECTIONS
+@@ -207,6 +220,11 @@ SECTIONS
  	. = PAGE_OFFSET + TEXT_OFFSET;
  #else
  	__init_end = .;
@@ -3451,7 +3187,7 @@ index 7d08b43..f7ca7ea 100644
  #include "csumpartialcopygeneric.S"
  
 diff --git a/arch/arm/lib/delay.c b/arch/arm/lib/delay.c
-index 6b93f6a..4aa5e85 100644
+index 64dbfa5..84a3fd9 100644
 --- a/arch/arm/lib/delay.c
 +++ b/arch/arm/lib/delay.c
 @@ -28,7 +28,7 @@
@@ -3477,7 +3213,7 @@ index 025f742..8432b08 100644
  	/*
  	 * This test is stubbed out of the main function above to keep
 diff --git a/arch/arm/mach-kirkwood/common.c b/arch/arm/mach-kirkwood/common.c
-index bac21a5..b67ef8e 100644
+index 49792a0..f192052 100644
 --- a/arch/arm/mach-kirkwood/common.c
 +++ b/arch/arm/mach-kirkwood/common.c
 @@ -150,7 +150,16 @@ static void clk_gate_fn_disable(struct clk_hw *hw)
@@ -3514,7 +3250,7 @@ index bac21a5..b67ef8e 100644
  
  	if (IS_ERR(clk))
 diff --git a/arch/arm/mach-omap2/board-n8x0.c b/arch/arm/mach-omap2/board-n8x0.c
-index 0abb30f..54064da 100644
+index f6eeb87..cc90868 100644
 --- a/arch/arm/mach-omap2/board-n8x0.c
 +++ b/arch/arm/mach-omap2/board-n8x0.c
 @@ -631,7 +631,7 @@ static int n8x0_menelaus_late_init(struct device *dev)
@@ -3527,10 +3263,10 @@ index 0abb30f..54064da 100644
  };
  
 diff --git a/arch/arm/mach-omap2/gpmc.c b/arch/arm/mach-omap2/gpmc.c
-index 8033cb7..2f7cb62 100644
+index 410e1ba..1d2dd59 100644
 --- a/arch/arm/mach-omap2/gpmc.c
 +++ b/arch/arm/mach-omap2/gpmc.c
-@@ -139,7 +139,6 @@ struct omap3_gpmc_regs {
+@@ -145,7 +145,6 @@ struct omap3_gpmc_regs {
  };
  
  static struct gpmc_client_irq gpmc_client_irq[GPMC_NR_IRQ];
@@ -3538,7 +3274,7 @@ index 8033cb7..2f7cb62 100644
  static unsigned gpmc_irq_start;
  
  static struct resource	gpmc_mem_root;
-@@ -700,6 +699,18 @@ static void gpmc_irq_noop(struct irq_data *data) { }
+@@ -707,6 +706,18 @@ static void gpmc_irq_noop(struct irq_data *data) { }
  
  static unsigned int gpmc_irq_noop_ret(struct irq_data *data) { return 0; }
  
@@ -3557,7 +3293,7 @@ index 8033cb7..2f7cb62 100644
  static int gpmc_setup_irq(void)
  {
  	int i;
-@@ -714,15 +725,6 @@ static int gpmc_setup_irq(void)
+@@ -721,15 +732,6 @@ static int gpmc_setup_irq(void)
  		return gpmc_irq_start;
  	}
  
@@ -3574,10 +3310,10 @@ index 8033cb7..2f7cb62 100644
  	gpmc_client_irq[1].bitmask = GPMC_IRQ_COUNT_EVENT;
  
 diff --git a/arch/arm/mach-omap2/omap-wakeupgen.c b/arch/arm/mach-omap2/omap-wakeupgen.c
-index 5d3b4f4..ddba3c0 100644
+index f8bb3b9..831e7b8 100644
 --- a/arch/arm/mach-omap2/omap-wakeupgen.c
 +++ b/arch/arm/mach-omap2/omap-wakeupgen.c
-@@ -340,7 +340,7 @@ static int __cpuinit irq_cpu_hotplug_notify(struct notifier_block *self,
+@@ -339,7 +339,7 @@ static int __cpuinit irq_cpu_hotplug_notify(struct notifier_block *self,
  	return NOTIFY_OK;
  }
  
@@ -3587,53 +3323,51 @@ index 5d3b4f4..ddba3c0 100644
  };
  
 diff --git a/arch/arm/mach-omap2/omap_device.c b/arch/arm/mach-omap2/omap_device.c
-index e065daa..7b1ad9b 100644
+index 381be7a..89b9c7e 100644
 --- a/arch/arm/mach-omap2/omap_device.c
 +++ b/arch/arm/mach-omap2/omap_device.c
-@@ -686,7 +686,7 @@ void omap_device_delete(struct omap_device *od)
-  * passes along the return value of omap_device_build_ss().
-  */
- struct platform_device __init *omap_device_build(const char *pdev_name, int pdev_id,
--				      struct omap_hwmod *oh, void *pdata,
-+				      struct omap_hwmod *oh, const void *pdata,
- 				      int pdata_len,
- 				      struct omap_device_pm_latency *pm_lats,
- 				      int pm_lats_cnt, int is_early_device)
-@@ -720,7 +720,7 @@ struct platform_device __init *omap_device_build(const char *pdev_name, int pdev
-  */
- struct platform_device __init *omap_device_build_ss(const char *pdev_name, int pdev_id,
- 					 struct omap_hwmod **ohs, int oh_cnt,
--					 void *pdata, int pdata_len,
-+					 const void *pdata, int pdata_len,
- 					 struct omap_device_pm_latency *pm_lats,
- 					 int pm_lats_cnt, int is_early_device)
- {
+@@ -499,7 +499,7 @@ void omap_device_delete(struct omap_device *od)
+ struct platform_device __init *omap_device_build(const char *pdev_name,
+ 						 int pdev_id,
+ 						 struct omap_hwmod *oh,
+-						 void *pdata, int pdata_len)
++						 const void *pdata, int pdata_len)
+ {
+ 	struct omap_hwmod *ohs[] = { oh };
+ 
+@@ -527,7 +527,7 @@ struct platform_device __init *omap_device_build(const char *pdev_name,
+ struct platform_device __init *omap_device_build_ss(const char *pdev_name,
+ 						    int pdev_id,
+ 						    struct omap_hwmod **ohs,
+-						    int oh_cnt, void *pdata,
++						    int oh_cnt, const void *pdata,
+ 						    int pdata_len)
+ {
+ 	int ret = -ENOMEM;
 diff --git a/arch/arm/mach-omap2/omap_device.h b/arch/arm/mach-omap2/omap_device.h
-index 0933c59..42b8e2d 100644
+index 044c31d..2ee0861 100644
 --- a/arch/arm/mach-omap2/omap_device.h
 +++ b/arch/arm/mach-omap2/omap_device.h
-@@ -91,14 +91,14 @@ int omap_device_shutdown(struct platform_device *pdev);
+@@ -72,12 +72,12 @@ int omap_device_idle(struct platform_device *pdev);
  /* Core code interface */
  
  struct platform_device *omap_device_build(const char *pdev_name, int pdev_id,
--				      struct omap_hwmod *oh, void *pdata,
-+				      struct omap_hwmod *oh, const void *pdata,
- 				      int pdata_len,
- 				      struct omap_device_pm_latency *pm_lats,
- 				      int pm_lats_cnt, int is_early_device);
+-					  struct omap_hwmod *oh, void *pdata,
++					  struct omap_hwmod *oh, const void *pdata,
+ 					  int pdata_len);
  
  struct platform_device *omap_device_build_ss(const char *pdev_name, int pdev_id,
  					 struct omap_hwmod **oh, int oh_cnt,
--					 void *pdata, int pdata_len,
-+					 const void *pdata, int pdata_len,
- 					 struct omap_device_pm_latency *pm_lats,
- 					 int pm_lats_cnt, int is_early_device);
+-					 void *pdata, int pdata_len);
++					 const void *pdata, int pdata_len);
  
+ struct omap_device *omap_device_alloc(struct platform_device *pdev,
+ 				      struct omap_hwmod **ohs, int oh_cnt);
 diff --git a/arch/arm/mach-omap2/omap_hwmod.c b/arch/arm/mach-omap2/omap_hwmod.c
-index 4653efb..8c60bf7 100644
+index a202a47..c430564 100644
 --- a/arch/arm/mach-omap2/omap_hwmod.c
 +++ b/arch/arm/mach-omap2/omap_hwmod.c
-@@ -189,10 +189,10 @@ struct omap_hwmod_soc_ops {
+@@ -191,10 +191,10 @@ struct omap_hwmod_soc_ops {
  	int (*init_clkdm)(struct omap_hwmod *oh);
  	void (*update_context_lost)(struct omap_hwmod *oh);
  	int (*get_context_lost)(struct omap_hwmod *oh);
@@ -3647,7 +3381,7 @@ index 4653efb..8c60bf7 100644
  /* omap_hwmod_list contains all registered struct omap_hwmods */
  static LIST_HEAD(omap_hwmod_list);
 diff --git a/arch/arm/mach-omap2/wd_timer.c b/arch/arm/mach-omap2/wd_timer.c
-index 7c2b4ed..b2ea51f 100644
+index d15c7bb..b2d1f0c 100644
 --- a/arch/arm/mach-omap2/wd_timer.c
 +++ b/arch/arm/mach-omap2/wd_timer.c
 @@ -110,7 +110,9 @@ static int __init omap_init_wdt(void)
@@ -3668,13 +3402,13 @@ index 7c2b4ed..b2ea51f 100644
 -	pdata.read_reset_sources = prm_read_reset_sources;
 -
  	pdev = omap_device_build(dev_name, id, oh, &pdata,
- 				 sizeof(struct omap_wd_timer_platform_data),
- 				 NULL, 0, 0);
+ 				 sizeof(struct omap_wd_timer_platform_data));
+ 	WARN(IS_ERR(pdev), "Can't build omap_device for %s:%s.\n",
 diff --git a/arch/arm/mach-ux500/include/mach/setup.h b/arch/arm/mach-ux500/include/mach/setup.h
-index 6be4c4d..32ac32a 100644
+index bddce2b..3eb04e2 100644
 --- a/arch/arm/mach-ux500/include/mach/setup.h
 +++ b/arch/arm/mach-ux500/include/mach/setup.h
-@@ -38,13 +38,6 @@ extern struct sys_timer ux500_timer;
+@@ -37,13 +37,6 @@ extern void ux500_timer_init(void);
  	.type		= MT_DEVICE,		\
  }
  
@@ -3689,7 +3423,7 @@ index 6be4c4d..32ac32a 100644
  extern void ux500_cpu_die(unsigned int cpu);
  
 diff --git a/arch/arm/mm/Kconfig b/arch/arm/mm/Kconfig
-index 3fd629d..8b1aca9 100644
+index 4045c49..4e26c79 100644
 --- a/arch/arm/mm/Kconfig
 +++ b/arch/arm/mm/Kconfig
 @@ -425,7 +425,7 @@ config CPU_32v5
@@ -3701,7 +3435,7 @@ index 3fd629d..8b1aca9 100644
  	select TLS_REG_EMUL if !CPU_32v6K && !MMU
  
  config CPU_32v6K
-@@ -577,6 +577,7 @@ config CPU_CP15_MPU
+@@ -574,6 +574,7 @@ config CPU_CP15_MPU
  
  config CPU_USE_DOMAINS
  	bool
@@ -3774,31 +3508,6 @@ index db26e2e..ee44569 100644
  		if (err)					\
  			goto fault;				\
  	} while (0)
-diff --git a/arch/arm/mm/context.c b/arch/arm/mm/context.c
-index d07df17..59d5493 100644
---- a/arch/arm/mm/context.c
-+++ b/arch/arm/mm/context.c
-@@ -45,7 +45,7 @@ static DEFINE_RAW_SPINLOCK(cpu_asid_lock);
- static atomic64_t asid_generation = ATOMIC64_INIT(ASID_FIRST_VERSION);
- static DECLARE_BITMAP(asid_map, NUM_USER_ASIDS);
- 
--static DEFINE_PER_CPU(atomic64_t, active_asids);
-+DEFINE_PER_CPU(atomic64_t, active_asids);
- static DEFINE_PER_CPU(u64, reserved_asids);
- static cpumask_t tlb_flush_pending;
- 
-@@ -209,8 +209,10 @@ void check_and_switch_context(struct mm_struct *mm, struct task_struct *tsk)
- 		atomic64_set(&mm->context.id, asid);
- 	}
- 
--	if (cpumask_test_and_clear_cpu(cpu, &tlb_flush_pending))
-+	if (cpumask_test_and_clear_cpu(cpu, &tlb_flush_pending)) {
- 		local_flush_tlb_all();
-+		dummy_flush_tlb_a15_erratum();
-+	}
- 
- 	atomic64_set(&per_cpu(active_asids, cpu), asid);
- 	cpumask_set_cpu(cpu, mm_cpumask(mm));
 diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c
 index 5dbf13f..1a60561 100644
 --- a/arch/arm/mm/fault.c
@@ -4044,10 +3753,10 @@ index ad722f1..763fdd3 100644
  	totalram_pages += free_area(__phys_to_pfn(__pa(&__tcm_start)),
  				    __phys_to_pfn(__pa(&__tcm_end)),
 diff --git a/arch/arm/mm/ioremap.c b/arch/arm/mm/ioremap.c
-index 88fd86c..7a224ce 100644
+index 04d9006..c547d85 100644
 --- a/arch/arm/mm/ioremap.c
 +++ b/arch/arm/mm/ioremap.c
-@@ -335,9 +335,9 @@ __arm_ioremap_exec(unsigned long phys_addr, size_t size, bool cached)
+@@ -392,9 +392,9 @@ __arm_ioremap_exec(unsigned long phys_addr, size_t size, bool cached)
  	unsigned int mtype;
  
  	if (cached)
@@ -4060,7 +3769,7 @@ index 88fd86c..7a224ce 100644
  	return __arm_ioremap_caller(phys_addr, size, mtype,
  			__builtin_return_address(0));
 diff --git a/arch/arm/mm/mmap.c b/arch/arm/mm/mmap.c
-index 10062ce..aa96dd7 100644
+index 10062ce..cd34fb9 100644
 --- a/arch/arm/mm/mmap.c
 +++ b/arch/arm/mm/mmap.c
 @@ -59,6 +59,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
@@ -4092,7 +3801,15 @@ index 10062ce..aa96dd7 100644
  			return addr;
  	}
  
-@@ -112,6 +116,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+@@ -99,6 +103,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
+ 	info.high_limit = TASK_SIZE;
+ 	info.align_mask = do_align ? (PAGE_MASK & (SHMLBA - 1)) : 0;
+ 	info.align_offset = pgoff << PAGE_SHIFT;
++	info.threadstack_offset = offset;
+ 	return vm_unmapped_area(&info);
+ }
+ 
+@@ -112,6 +117,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
  	unsigned long addr = addr0;
  	int do_align = 0;
  	int aliasing = cache_is_vipt_aliasing();
@@ -4100,7 +3817,7 @@ index 10062ce..aa96dd7 100644
  	struct vm_unmapped_area_info info;
  
  	/*
-@@ -132,6 +137,10 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+@@ -132,6 +138,10 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
  		return addr;
  	}
  
@@ -4111,7 +3828,7 @@ index 10062ce..aa96dd7 100644
  	/* requesting a specific address */
  	if (addr) {
  		if (do_align)
-@@ -139,8 +148,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+@@ -139,8 +149,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
  		else
  			addr = PAGE_ALIGN(addr);
  		vma = find_vma(mm, addr);
@@ -4121,7 +3838,15 @@ index 10062ce..aa96dd7 100644
  			return addr;
  	}
  
-@@ -162,6 +170,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+@@ -150,6 +159,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+ 	info.high_limit = mm->mmap_base;
+ 	info.align_mask = do_align ? (PAGE_MASK & (SHMLBA - 1)) : 0;
+ 	info.align_offset = pgoff << PAGE_SHIFT;
++	info.threadstack_offset = offset;
+ 	addr = vm_unmapped_area(&info);
+ 
+ 	/*
+@@ -162,6 +172,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
  		VM_BUG_ON(addr != -ENOMEM);
  		info.flags = 0;
  		info.low_limit = mm->mmap_base;
@@ -4134,7 +3859,7 @@ index 10062ce..aa96dd7 100644
  		info.high_limit = TASK_SIZE;
  		addr = vm_unmapped_area(&info);
  	}
-@@ -173,6 +187,10 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
+@@ -173,6 +189,10 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
  {
  	unsigned long random_factor = 0UL;
  
@@ -4145,7 +3870,7 @@ index 10062ce..aa96dd7 100644
  	/* 8 bits of randomness in 20 address space bits */
  	if ((current->flags & PF_RANDOMIZE) &&
  	    !(current->personality & ADDR_NO_RANDOMIZE))
-@@ -180,10 +198,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
+@@ -180,10 +200,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
  
  	if (mmap_is_legacy()) {
  		mm->mmap_base = TASK_UNMAPPED_BASE + random_factor;
@@ -4169,14 +3894,13 @@ index 10062ce..aa96dd7 100644
  		mm->unmap_area = arch_unmap_area_topdown;
  	}
 diff --git a/arch/arm/mm/mmu.c b/arch/arm/mm/mmu.c
-index ce328c7..35b88dc 100644
+index a84ff76..f221c1d 100644
 --- a/arch/arm/mm/mmu.c
 +++ b/arch/arm/mm/mmu.c
-@@ -35,6 +35,23 @@
- 
+@@ -36,6 +36,22 @@
  #include "mm.h"
+ #include "tcm.h"
  
-+
 +#if defined(CONFIG_CPU_USE_DOMAINS) || defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)
 +void modify_domain(unsigned int dom, unsigned int type)
 +{
@@ -4196,7 +3920,7 @@ index ce328c7..35b88dc 100644
  /*
   * empty_zero_page is a special page that is used for
   * zero-initialized data and COW.
-@@ -195,10 +212,18 @@ void adjust_cr(unsigned long mask, unsigned long set)
+@@ -211,10 +227,18 @@ void adjust_cr(unsigned long mask, unsigned long set)
  }
  #endif
  
@@ -4217,7 +3941,7 @@ index ce328c7..35b88dc 100644
  	[MT_DEVICE] = {		  /* Strongly ordered / ARMv6 shared device */
  		.prot_pte	= PROT_PTE_DEVICE | L_PTE_MT_DEV_SHARED |
  				  L_PTE_SHARED,
-@@ -227,16 +252,16 @@ static struct mem_type mem_types[] = {
+@@ -243,16 +267,16 @@ static struct mem_type mem_types[] = {
  	[MT_UNCACHED] = {
  		.prot_pte	= PROT_PTE_DEVICE,
  		.prot_l1	= PMD_TYPE_TABLE,
@@ -4237,7 +3961,7 @@ index ce328c7..35b88dc 100644
  		.domain    = DOMAIN_KERNEL,
  	},
  #endif
-@@ -244,36 +269,54 @@ static struct mem_type mem_types[] = {
+@@ -260,36 +284,54 @@ static struct mem_type mem_types[] = {
  		.prot_pte  = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY |
  				L_PTE_RDONLY,
  		.prot_l1   = PMD_TYPE_TABLE,
@@ -4301,7 +4025,7 @@ index ce328c7..35b88dc 100644
  		.domain    = DOMAIN_KERNEL,
  	},
  	[MT_MEMORY_ITCM] = {
-@@ -283,10 +326,10 @@ static struct mem_type mem_types[] = {
+@@ -299,10 +341,10 @@ static struct mem_type mem_types[] = {
  	},
  	[MT_MEMORY_SO] = {
  		.prot_pte  = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY |
@@ -4314,7 +4038,7 @@ index ce328c7..35b88dc 100644
  		.domain    = DOMAIN_KERNEL,
  	},
  	[MT_MEMORY_DMA_READY] = {
-@@ -371,9 +414,35 @@ static void __init build_mem_type_table(void)
+@@ -388,9 +430,35 @@ static void __init build_mem_type_table(void)
  			 * to prevent speculative instruction fetches.
  			 */
  			mem_types[MT_DEVICE].prot_sect |= PMD_SECT_XN;
@@ -4350,7 +4074,7 @@ index ce328c7..35b88dc 100644
  		}
  		if (cpu_arch >= CPU_ARCH_ARMv7 && (cr & CR_TRE)) {
  			/*
-@@ -432,6 +501,9 @@ static void __init build_mem_type_table(void)
+@@ -451,6 +519,9 @@ static void __init build_mem_type_table(void)
  		 * from SVC mode and no access from userspace.
  		 */
  		mem_types[MT_ROM].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE;
@@ -4360,7 +4084,7 @@ index ce328c7..35b88dc 100644
  		mem_types[MT_MINICLEAN].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE;
  		mem_types[MT_CACHECLEAN].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE;
  #endif
-@@ -448,11 +520,17 @@ static void __init build_mem_type_table(void)
+@@ -468,11 +539,17 @@ static void __init build_mem_type_table(void)
  			mem_types[MT_DEVICE_WC].prot_pte |= L_PTE_SHARED;
  			mem_types[MT_DEVICE_CACHED].prot_sect |= PMD_SECT_S;
  			mem_types[MT_DEVICE_CACHED].prot_pte |= L_PTE_SHARED;
@@ -4382,7 +4106,7 @@ index ce328c7..35b88dc 100644
  		}
  	}
  
-@@ -463,15 +541,20 @@ static void __init build_mem_type_table(void)
+@@ -483,15 +560,20 @@ static void __init build_mem_type_table(void)
  	if (cpu_arch >= CPU_ARCH_ARMv6) {
  		if (cpu_arch >= CPU_ARCH_ARMv7 && (cr & CR_TRE)) {
  			/* Non-cacheable Normal is XCB = 001 */
@@ -4406,7 +4130,7 @@ index ce328c7..35b88dc 100644
  	}
  
  #ifdef CONFIG_ARM_LPAE
-@@ -487,6 +570,8 @@ static void __init build_mem_type_table(void)
+@@ -507,6 +589,8 @@ static void __init build_mem_type_table(void)
  	vecs_pgprot |= PTE_EXT_AF;
  #endif
  
@@ -4415,7 +4139,7 @@ index ce328c7..35b88dc 100644
  	for (i = 0; i < 16; i++) {
  		pteval_t v = pgprot_val(protection_map[i]);
  		protection_map[i] = __pgprot(v | user_pgprot);
-@@ -501,10 +586,15 @@ static void __init build_mem_type_table(void)
+@@ -524,10 +608,15 @@ static void __init build_mem_type_table(void)
  
  	mem_types[MT_LOW_VECTORS].prot_l1 |= ecc_mask;
  	mem_types[MT_HIGH_VECTORS].prot_l1 |= ecc_mask;
@@ -4434,7 +4158,7 @@ index ce328c7..35b88dc 100644
  	mem_types[MT_ROM].prot_sect |= cp->pmd;
  
  	switch (cp->pmd) {
-@@ -1105,18 +1195,15 @@ void __init arm_mm_memblock_reserve(void)
+@@ -1147,18 +1236,15 @@ void __init arm_mm_memblock_reserve(void)
   * called function.  This means you can't use any function or debugging
   * method which may touch any device, otherwise the kernel _will_ crash.
   */
@@ -4457,7 +4181,7 @@ index ce328c7..35b88dc 100644
  
  	for (addr = VMALLOC_START; addr; addr += PMD_SIZE)
  		pmd_clear(pmd_off_k(addr));
-@@ -1156,7 +1243,7 @@ static void __init devicemaps_init(struct machine_desc *mdesc)
+@@ -1198,7 +1284,7 @@ static void __init devicemaps_init(struct machine_desc *mdesc)
  	 * location (0xffff0000).  If we aren't using high-vectors, also
  	 * create a mapping at the low-vectors virtual address.
  	 */
@@ -4466,7 +4190,7 @@ index ce328c7..35b88dc 100644
  	map.virtual = 0xffff0000;
  	map.length = PAGE_SIZE;
  	map.type = MT_HIGH_VECTORS;
-@@ -1214,8 +1301,39 @@ static void __init map_lowmem(void)
+@@ -1256,8 +1342,39 @@ static void __init map_lowmem(void)
  		map.pfn = __phys_to_pfn(start);
  		map.virtual = __phys_to_virt(start);
  		map.length = end - start;
@@ -4508,7 +4232,7 @@ index ce328c7..35b88dc 100644
  	}
  }
 diff --git a/arch/arm/mm/proc-v7-2level.S b/arch/arm/mm/proc-v7-2level.S
-index 6d98c13..3cfb174 100644
+index 78f520b..31f0cb6 100644
 --- a/arch/arm/mm/proc-v7-2level.S
 +++ b/arch/arm/mm/proc-v7-2level.S
 @@ -99,6 +99,9 @@ ENTRY(cpu_v7_set_pte_ext)
@@ -4535,10 +4259,10 @@ index a5bc92d..0bb4730 100644
 +	pax_close_kernel();
  }
 diff --git a/arch/arm/plat-samsung/include/plat/dma-ops.h b/arch/arm/plat-samsung/include/plat/dma-ops.h
-index f5144cd..71f6d1f 100644
+index 1141782..0959d64 100644
 --- a/arch/arm/plat-samsung/include/plat/dma-ops.h
 +++ b/arch/arm/plat-samsung/include/plat/dma-ops.h
-@@ -47,7 +47,7 @@ struct samsung_dma_ops {
+@@ -48,7 +48,7 @@ struct samsung_dma_ops {
  	int (*started)(unsigned ch);
  	int (*flush)(unsigned ch);
  	int (*stop)(unsigned ch);
@@ -4590,7 +4314,7 @@ index c3a58a1..78fbf54 100644
  /*
   * Memory returned by kmalloc() may be used for DMA, so we must make
 diff --git a/arch/avr32/include/asm/elf.h b/arch/avr32/include/asm/elf.h
-index e2c3287..6c4f98c 100644
+index d232888..87c8df1 100644
 --- a/arch/avr32/include/asm/elf.h
 +++ b/arch/avr32/include/asm/elf.h
 @@ -84,8 +84,14 @@ typedef struct user_fpu_struct elf_fpregset_t;
@@ -4775,13 +4499,13 @@ index 43901f2..0d8b865 100644
  
  #endif
 diff --git a/arch/frv/mm/elf-fdpic.c b/arch/frv/mm/elf-fdpic.c
-index 385fd30..3aaf4fe 100644
+index 836f147..4cf23f5 100644
 --- a/arch/frv/mm/elf-fdpic.c
 +++ b/arch/frv/mm/elf-fdpic.c
 @@ -61,6 +61,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi
  {
  	struct vm_area_struct *vma;
- 	unsigned long limit;
+ 	struct vm_unmapped_area_info info;
 +	unsigned long offset = gr_rand_threadstack_offset(current->mm, filp, flags);
  
  	if (len > TASK_SIZE)
@@ -4796,24 +4520,14 @@ index 385fd30..3aaf4fe 100644
  			goto success;
  	}
  
-@@ -89,7 +89,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi
- 			for (; vma; vma = vma->vm_next) {
- 				if (addr > limit)
- 					break;
--				if (addr + len <= vma->vm_start)
-+				if (check_heap_stack_gap(vma, addr, len, offset))
- 					goto success;
- 				addr = vma->vm_end;
- 			}
-@@ -104,7 +104,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi
- 		for (; vma; vma = vma->vm_next) {
- 			if (addr > limit)
- 				break;
--			if (addr + len <= vma->vm_start)
-+			if (check_heap_stack_gap(vma, addr, len, offset))
- 				goto success;
- 			addr = vma->vm_end;
- 		}
+@@ -85,6 +85,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi
+ 	info.high_limit = (current->mm->start_stack - 0x00200000);
+ 	info.align_mask = 0;
+ 	info.align_offset = 0;
++	info.threadstack_offset = offset;
+ 	addr = vm_unmapped_area(&info);
+ 	if (!(addr & ~PAGE_MASK))
+ 		goto success;
 diff --git a/arch/hexagon/include/asm/cache.h b/arch/hexagon/include/asm/cache.h
 index f4ca594..adc72fd6 100644
 --- a/arch/hexagon/include/asm/cache.h
@@ -4875,7 +4589,7 @@ index 988254a..e1ee885 100644
  #ifdef CONFIG_SMP
  # define SMP_CACHE_SHIFT	L1_CACHE_SHIFT
 diff --git a/arch/ia64/include/asm/elf.h b/arch/ia64/include/asm/elf.h
-index b5298eb..67c6e62 100644
+index 5a83c5c..4d7f553 100644
 --- a/arch/ia64/include/asm/elf.h
 +++ b/arch/ia64/include/asm/elf.h
 @@ -42,6 +42,13 @@
@@ -5147,19 +4861,10 @@ index 24603be..948052d 100644
  		DEBUGP("%s: placing gp at 0x%lx\n", __func__, gp);
  	}
 diff --git a/arch/ia64/kernel/palinfo.c b/arch/ia64/kernel/palinfo.c
-index 77597e5..189dd62f 100644
+index 79521d5..43dddff 100644
 --- a/arch/ia64/kernel/palinfo.c
 +++ b/arch/ia64/kernel/palinfo.c
-@@ -977,7 +977,7 @@ create_palinfo_proc_entries(unsigned int cpu)
- 	struct proc_dir_entry **pdir;
- 	struct proc_dir_entry *cpu_dir;
- 	int j;
--	char cpustr[sizeof(CPUSTR)];
-+	char cpustr[3+4+1];
- 
- 
- 	/*
-@@ -1045,7 +1045,7 @@ static int __cpuinit palinfo_cpu_callback(struct notifier_block *nfb,
+@@ -1006,7 +1006,7 @@ static int __cpuinit palinfo_cpu_callback(struct notifier_block *nfb,
  	return NOTIFY_OK;
  }
  
@@ -5169,7 +4874,7 @@ index 77597e5..189dd62f 100644
  	.notifier_call = palinfo_cpu_callback,
  	.priority = 0,
 diff --git a/arch/ia64/kernel/salinfo.c b/arch/ia64/kernel/salinfo.c
-index 79802e5..1a89ec5 100644
+index aa527d7..f237752 100644
 --- a/arch/ia64/kernel/salinfo.c
 +++ b/arch/ia64/kernel/salinfo.c
 @@ -616,7 +616,7 @@ salinfo_cpu_callback(struct notifier_block *nb, unsigned long action, void *hcpu
@@ -5182,13 +4887,13 @@ index 79802e5..1a89ec5 100644
  	.notifier_call = salinfo_cpu_callback,
  	.priority = 0,
 diff --git a/arch/ia64/kernel/sys_ia64.c b/arch/ia64/kernel/sys_ia64.c
-index d9439ef..d0cac6b 100644
+index 41e33f8..65180b2 100644
 --- a/arch/ia64/kernel/sys_ia64.c
 +++ b/arch/ia64/kernel/sys_ia64.c
 @@ -28,6 +28,7 @@ arch_get_unmapped_area (struct file *filp, unsigned long addr, unsigned long len
- 	unsigned long start_addr, align_mask = PAGE_SIZE - 1;
+ 	unsigned long align_mask = 0;
  	struct mm_struct *mm = current->mm;
- 	struct vm_area_struct *vma;
+ 	struct vm_unmapped_area_info info;
 +	unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags);
  
  	if (len > RGN_MAP_LIMIT)
@@ -5205,26 +4910,16 @@ index d9439ef..d0cac6b 100644
 +#endif
 +
  	if (!addr)
- 		addr = mm->free_area_cache;
+ 		addr = TASK_UNMAPPED_BASE;
+ 
+@@ -61,6 +69,7 @@ arch_get_unmapped_area (struct file *filp, unsigned long addr, unsigned long len
+ 	info.high_limit = TASK_SIZE;
+ 	info.align_mask = align_mask;
+ 	info.align_offset = 0;
++	info.threadstack_offset = offset;
+ 	return vm_unmapped_area(&info);
+ }
  
-@@ -61,14 +69,14 @@ arch_get_unmapped_area (struct file *filp, unsigned long addr, unsigned long len
- 	for (vma = find_vma(mm, addr); ; vma = vma->vm_next) {
- 		/* At this point:  (!vma || addr < vma->vm_end). */
- 		if (TASK_SIZE - len < addr || RGN_MAP_LIMIT - len < REGION_OFFSET(addr)) {
--			if (start_addr != TASK_UNMAPPED_BASE) {
-+			if (start_addr != mm->mmap_base) {
- 				/* Start a new search --- just in case we missed some holes.  */
--				addr = TASK_UNMAPPED_BASE;
-+				addr = mm->mmap_base;
- 				goto full_search;
- 			}
- 			return -ENOMEM;
- 		}
--		if (!vma || addr + len <= vma->vm_start) {
-+		if (check_heap_stack_gap(vma, addr, len, offset)) {
- 			/* Remember the address where we stopped this search:  */
- 			mm->free_area_cache = addr + len;
- 			return addr;
 diff --git a/arch/ia64/kernel/topology.c b/arch/ia64/kernel/topology.c
 index dc00b2c..cce53c2 100644
 --- a/arch/ia64/kernel/topology.c
@@ -5303,28 +4998,27 @@ index 6cf0341..d352594 100644
  	/*
  	 * If for any reason at all we couldn't handle the fault, make
 diff --git a/arch/ia64/mm/hugetlbpage.c b/arch/ia64/mm/hugetlbpage.c
-index 5ca674b..127c3cb 100644
+index 76069c1..c2aa816 100644
 --- a/arch/ia64/mm/hugetlbpage.c
 +++ b/arch/ia64/mm/hugetlbpage.c
 @@ -149,6 +149,7 @@ unsigned long hugetlb_get_unmapped_area(struct file *file, unsigned long addr, u
  		unsigned long pgoff, unsigned long flags)
  {
- 	struct vm_area_struct *vmm;
+ 	struct vm_unmapped_area_info info;
 +	unsigned long offset = gr_rand_threadstack_offset(current->mm, file, flags);
  
  	if (len > RGN_MAP_LIMIT)
  		return -ENOMEM;
-@@ -171,7 +172,7 @@ unsigned long hugetlb_get_unmapped_area(struct file *file, unsigned long addr, u
- 		/* At this point:  (!vmm || addr < vmm->vm_end). */
- 		if (REGION_OFFSET(addr) + len > RGN_MAP_LIMIT)
- 			return -ENOMEM;
--		if (!vmm || (addr + len) <= vmm->vm_start)
-+		if (check_heap_stack_gap(vmm, addr, len, offset))
- 			return addr;
- 		addr = ALIGN(vmm->vm_end, HPAGE_SIZE);
- 	}
+@@ -172,6 +173,7 @@ unsigned long hugetlb_get_unmapped_area(struct file *file, unsigned long addr, u
+ 	info.high_limit = HPAGE_REGION_BASE + RGN_MAP_LIMIT;
+ 	info.align_mask = PAGE_MASK & (HPAGE_SIZE - 1);
+ 	info.align_offset = 0;
++	info.threadstack_offset = offset;
+ 	return vm_unmapped_area(&info);
+ }
+ 
 diff --git a/arch/ia64/mm/init.c b/arch/ia64/mm/init.c
-index b755ea9..b9a969e 100644
+index 20bc967..a26993e 100644
 --- a/arch/ia64/mm/init.c
 +++ b/arch/ia64/mm/init.c
 @@ -120,6 +120,19 @@ ia64_init_addr_space (void)
@@ -5404,6 +5098,18 @@ index 0395c51..5f26031 100644
  
  #define ARCH_DMA_MINALIGN	L1_CACHE_BYTES
  
+diff --git a/arch/metag/mm/hugetlbpage.c b/arch/metag/mm/hugetlbpage.c
+index 3c52fa6..11b2ad8 100644
+--- a/arch/metag/mm/hugetlbpage.c
++++ b/arch/metag/mm/hugetlbpage.c
+@@ -200,6 +200,7 @@ hugetlb_get_unmapped_area_new_pmd(unsigned long len)
+ 	info.high_limit = TASK_SIZE;
+ 	info.align_mask = PAGE_MASK & HUGEPT_MASK;
+ 	info.align_offset = 0;
++	info.threadstack_offset = 0;
+ 	return vm_unmapped_area(&info);
+ }
+ 
 diff --git a/arch/microblaze/include/asm/cache.h b/arch/microblaze/include/asm/cache.h
 index 4efe96a..60e8699 100644
 --- a/arch/microblaze/include/asm/cache.h
@@ -5423,7 +5129,7 @@ index 4efe96a..60e8699 100644
  #define SMP_CACHE_BYTES	L1_CACHE_BYTES
  
 diff --git a/arch/mips/include/asm/atomic.h b/arch/mips/include/asm/atomic.h
-index 01cc6ba..bcb7a5d 100644
+index 08b6079..eb272cf 100644
 --- a/arch/mips/include/asm/atomic.h
 +++ b/arch/mips/include/asm/atomic.h
 @@ -21,6 +21,10 @@
@@ -5434,7 +5140,7 @@ index 01cc6ba..bcb7a5d 100644
 +#include <asm-generic/atomic64.h>
 +#endif
 +
- #define ATOMIC_INIT(i)    { (i) }
+ #define ATOMIC_INIT(i)	  { (i) }
  
  /*
 @@ -759,6 +763,16 @@ static __inline__ int atomic64_add_unless(atomic64_t *v, long a, long u)
@@ -5472,11 +5178,11 @@ index b4db69f..8f3b093 100644
  #define SMP_CACHE_SHIFT		L1_CACHE_SHIFT
  #define SMP_CACHE_BYTES		L1_CACHE_BYTES
 diff --git a/arch/mips/include/asm/elf.h b/arch/mips/include/asm/elf.h
-index 455c0ac..ad65fbe 100644
+index cf3ae24..238d22f 100644
 --- a/arch/mips/include/asm/elf.h
 +++ b/arch/mips/include/asm/elf.h
 @@ -372,13 +372,16 @@ extern const char *__elf_platform;
- #define ELF_ET_DYN_BASE         (TASK_SIZE / 3 * 2)
+ #define ELF_ET_DYN_BASE		(TASK_SIZE / 3 * 2)
  #endif
  
 +#ifdef CONFIG_PAX_ASLR
@@ -5509,18 +5215,18 @@ index c1f6afa..38cc6e9 100644
  
  #endif /* _ASM_EXEC_H */
 diff --git a/arch/mips/include/asm/page.h b/arch/mips/include/asm/page.h
-index 21bff32..9f0c3b8 100644
+index eab99e5..607c98e 100644
 --- a/arch/mips/include/asm/page.h
 +++ b/arch/mips/include/asm/page.h
 @@ -96,7 +96,7 @@ extern void copy_user_highpage(struct page *to, struct page *from,
    #ifdef CONFIG_CPU_MIPS32
      typedef struct { unsigned long pte_low, pte_high; } pte_t;
-     #define pte_val(x)    ((x).pte_low | ((unsigned long long)(x).pte_high << 32))
--    #define __pte(x)      ({ pte_t __pte = {(x), ((unsigned long long)(x)) >> 32}; __pte; })
-+    #define __pte(x)      ({ pte_t __pte = {(x), (x) >> 32}; __pte; })
+     #define pte_val(x)	  ((x).pte_low | ((unsigned long long)(x).pte_high << 32))
+-    #define __pte(x)	  ({ pte_t __pte = {(x), ((unsigned long long)(x)) >> 32}; __pte; })
++    #define __pte(x)	  ({ pte_t __pte = {(x), (x) >> 32}; __pte; })
    #else
       typedef struct { unsigned long long pte; } pte_t;
-      #define pte_val(x)	((x).pte)
+      #define pte_val(x) ((x).pte)
 diff --git a/arch/mips/include/asm/pgalloc.h b/arch/mips/include/asm/pgalloc.h
 index 881d18b..cea38bc 100644
 --- a/arch/mips/include/asm/pgalloc.h
@@ -5538,7 +5244,7 @@ index 881d18b..cea38bc 100644
  
  /*
 diff --git a/arch/mips/include/asm/thread_info.h b/arch/mips/include/asm/thread_info.h
-index b2050b9..d71bb1b 100644
+index 178f792..8ebc510 100644
 --- a/arch/mips/include/asm/thread_info.h
 +++ b/arch/mips/include/asm/thread_info.h
 @@ -111,6 +111,8 @@ register struct thread_info *__current_thread_info __asm__("$28");
@@ -5572,12 +5278,12 @@ index b2050b9..d71bb1b 100644
  #endif /* __KERNEL__ */
  
 diff --git a/arch/mips/kernel/binfmt_elfn32.c b/arch/mips/kernel/binfmt_elfn32.c
-index 9fdd8bc..4bd7f1a 100644
+index e06f777..3244284 100644
 --- a/arch/mips/kernel/binfmt_elfn32.c
 +++ b/arch/mips/kernel/binfmt_elfn32.c
 @@ -50,6 +50,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_NFPREG];
  #undef ELF_ET_DYN_BASE
- #define ELF_ET_DYN_BASE         (TASK32_SIZE / 3 * 2)
+ #define ELF_ET_DYN_BASE		(TASK32_SIZE / 3 * 2)
  
 +#ifdef CONFIG_PAX_ASLR
 +#define PAX_ELF_ET_DYN_BASE	(TASK_IS_32BIT_ADDR ? 0x00400000UL : 0x00400000UL)
@@ -5590,12 +5296,12 @@ index 9fdd8bc..4bd7f1a 100644
  #include <linux/module.h>
  #include <linux/elfcore.h>
 diff --git a/arch/mips/kernel/binfmt_elfo32.c b/arch/mips/kernel/binfmt_elfo32.c
-index ff44823..97f8906 100644
+index 556a435..b4fd2e3 100644
 --- a/arch/mips/kernel/binfmt_elfo32.c
 +++ b/arch/mips/kernel/binfmt_elfo32.c
 @@ -52,6 +52,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_NFPREG];
  #undef ELF_ET_DYN_BASE
- #define ELF_ET_DYN_BASE         (TASK32_SIZE / 3 * 2)
+ #define ELF_ET_DYN_BASE		(TASK32_SIZE / 3 * 2)
  
 +#ifdef CONFIG_PAX_ASLR
 +#define PAX_ELF_ET_DYN_BASE	(TASK_IS_32BIT_ADDR ? 0x00400000UL : 0x00400000UL)
@@ -5608,10 +5314,10 @@ index ff44823..97f8906 100644
  
  /*
 diff --git a/arch/mips/kernel/process.c b/arch/mips/kernel/process.c
-index a11c6f9..be5e164 100644
+index 3be4405..a799827 100644
 --- a/arch/mips/kernel/process.c
 +++ b/arch/mips/kernel/process.c
-@@ -460,15 +460,3 @@ unsigned long get_wchan(struct task_struct *task)
+@@ -461,15 +461,3 @@ unsigned long get_wchan(struct task_struct *task)
  out:
  	return pc;
  }
@@ -5628,7 +5334,7 @@ index a11c6f9..be5e164 100644
 -	return sp & ALMASK;
 -}
 diff --git a/arch/mips/kernel/ptrace.c b/arch/mips/kernel/ptrace.c
-index 4812c6d..2069554 100644
+index 9c6299c..2fb4c22 100644
 --- a/arch/mips/kernel/ptrace.c
 +++ b/arch/mips/kernel/ptrace.c
 @@ -528,6 +528,10 @@ static inline int audit_arch(void)
@@ -5655,7 +5361,7 @@ index 4812c6d..2069554 100644
  		goto out;
  
 diff --git a/arch/mips/kernel/scall32-o32.S b/arch/mips/kernel/scall32-o32.S
-index d20a4bc..7096ae5 100644
+index 9ea2964..c4329c3 100644
 --- a/arch/mips/kernel/scall32-o32.S
 +++ b/arch/mips/kernel/scall32-o32.S
 @@ -52,7 +52,7 @@ NESTED(handle_sys, PT_SIZE, sp)
@@ -5665,10 +5371,10 @@ index d20a4bc..7096ae5 100644
 -	li	t1, _TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT
 +	li	t1, _TIF_SYSCALL_WORK
  	and	t0, t1
- 	bnez	t0, syscall_trace_entry	# -> yes
+ 	bnez	t0, syscall_trace_entry # -> yes
  
 diff --git a/arch/mips/kernel/scall64-64.S b/arch/mips/kernel/scall64-64.S
-index b64f642..0fe6eab 100644
+index 36cfd40..b1436e0 100644
 --- a/arch/mips/kernel/scall64-64.S
 +++ b/arch/mips/kernel/scall64-64.S
 @@ -54,7 +54,7 @@ NESTED(handle_sys64, PT_SIZE, sp)
@@ -5681,7 +5387,7 @@ index b64f642..0fe6eab 100644
  	and	t0, t1, t0
  	bnez	t0, syscall_trace_entry
 diff --git a/arch/mips/kernel/scall64-n32.S b/arch/mips/kernel/scall64-n32.S
-index c29ac19..c592d05 100644
+index 693d60b..ae0ba75 100644
 --- a/arch/mips/kernel/scall64-n32.S
 +++ b/arch/mips/kernel/scall64-n32.S
 @@ -47,7 +47,7 @@ NESTED(handle_sysn32, PT_SIZE, sp)
@@ -5694,7 +5400,7 @@ index c29ac19..c592d05 100644
  	and	t0, t1, t0
  	bnez	t0, n32_syscall_trace_entry
 diff --git a/arch/mips/kernel/scall64-o32.S b/arch/mips/kernel/scall64-o32.S
-index cf3e75e..72e93fe 100644
+index af8887f..611ccb6 100644
 --- a/arch/mips/kernel/scall64-o32.S
 +++ b/arch/mips/kernel/scall64-o32.S
 @@ -81,7 +81,7 @@ NESTED(handle_sys, PT_SIZE, sp)
@@ -5707,7 +5413,7 @@ index cf3e75e..72e93fe 100644
  	and	t0, t1, t0
  	bnez	t0, trace_a_syscall
 diff --git a/arch/mips/mm/fault.c b/arch/mips/mm/fault.c
-index ddcec1e..c7f983e 100644
+index 0fead53..a2c0fb5 100644
 --- a/arch/mips/mm/fault.c
 +++ b/arch/mips/mm/fault.c
 @@ -27,6 +27,23 @@
@@ -5735,7 +5441,7 @@ index ddcec1e..c7f983e 100644
   * This routine handles page faults.  It determines the address,
   * and the problem, and then passes it off to one of the appropriate
 diff --git a/arch/mips/mm/mmap.c b/arch/mips/mm/mmap.c
-index 7e5fe27..479a219 100644
+index 7e5fe27..9656513 100644
 --- a/arch/mips/mm/mmap.c
 +++ b/arch/mips/mm/mmap.c
 @@ -59,6 +59,7 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp,
@@ -5758,7 +5464,7 @@ index 7e5fe27..479a219 100644
  	if (addr) {
  		if (do_color_align)
  			addr = COLOUR_ALIGN(addr, pgoff);
-@@ -91,8 +97,7 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp,
+@@ -91,14 +97,14 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp,
  			addr = PAGE_ALIGN(addr);
  
  		vma = find_vma(mm, addr);
@@ -5768,7 +5474,14 @@ index 7e5fe27..479a219 100644
  			return addr;
  	}
  
-@@ -146,6 +151,10 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
+ 	info.length = len;
+ 	info.align_mask = do_color_align ? (PAGE_MASK & shm_align_mask) : 0;
+ 	info.align_offset = pgoff << PAGE_SHIFT;
++	info.threadstack_offset = offset;
+ 
+ 	if (dir == DOWN) {
+ 		info.flags = VM_UNMAPPED_AREA_TOPDOWN;
+@@ -146,6 +152,10 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
  {
  	unsigned long random_factor = 0UL;
  
@@ -5779,7 +5492,7 @@ index 7e5fe27..479a219 100644
  	if (current->flags & PF_RANDOMIZE) {
  		random_factor = get_random_int();
  		random_factor = random_factor << PAGE_SHIFT;
-@@ -157,42 +166,27 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
+@@ -157,42 +167,27 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
  
  	if (mmap_is_legacy()) {
  		mm->mmap_base = TASK_UNMAPPED_BASE + random_factor;
@@ -5895,7 +5608,7 @@ index 4ce7a01..449202a 100644
  
  #endif /* __ASM_OPENRISC_CACHE_H */
 diff --git a/arch/parisc/include/asm/atomic.h b/arch/parisc/include/asm/atomic.h
-index af9cf30..2aae9b2 100644
+index f38e198..4179e38 100644
 --- a/arch/parisc/include/asm/atomic.h
 +++ b/arch/parisc/include/asm/atomic.h
 @@ -229,6 +229,16 @@ static __inline__ int atomic64_add_unless(atomic64_t *v, long a, long u)
@@ -5944,7 +5657,7 @@ index 47f11c7..3420df2 100644
  
  #define SMP_CACHE_BYTES L1_CACHE_BYTES
 diff --git a/arch/parisc/include/asm/elf.h b/arch/parisc/include/asm/elf.h
-index 19f6cb1..6c78cf2 100644
+index ad2b503..bdf1651 100644
 --- a/arch/parisc/include/asm/elf.h
 +++ b/arch/parisc/include/asm/elf.h
 @@ -342,6 +342,13 @@ struct pt_regs;	/* forward declaration... */
@@ -5986,31 +5699,10 @@ index fc987a1..6e068ef 100644
  #endif
  
 diff --git a/arch/parisc/include/asm/pgtable.h b/arch/parisc/include/asm/pgtable.h
-index 7df49fa..a3eb445 100644
+index 1e40d7f..a3eb445 100644
 --- a/arch/parisc/include/asm/pgtable.h
 +++ b/arch/parisc/include/asm/pgtable.h
-@@ -16,6 +16,8 @@
- #include <asm/processor.h>
- #include <asm/cache.h>
- 
-+extern spinlock_t pa_dbit_lock;
-+
- /*
-  * kern_addr_valid(ADDR) tests if ADDR is pointing to valid kernel
-  * memory.  For the return value to be meaningful, ADDR must be >=
-@@ -44,8 +46,11 @@ extern void purge_tlb_entries(struct mm_struct *, unsigned long);
- 
- #define set_pte_at(mm, addr, ptep, pteval)                      \
- 	do {                                                    \
-+		unsigned long flags;				\
-+		spin_lock_irqsave(&pa_dbit_lock, flags);	\
- 		set_pte(ptep, pteval);                          \
- 		purge_tlb_entries(mm, addr);                    \
-+		spin_unlock_irqrestore(&pa_dbit_lock, flags);	\
- 	} while (0)
- 
- #endif /* !__ASSEMBLY__ */
-@@ -218,6 +223,17 @@ extern void purge_tlb_entries(struct mm_struct *, unsigned long);
+@@ -223,6 +223,17 @@ extern void purge_tlb_entries(struct mm_struct *, unsigned long);
  #define PAGE_EXECREAD   __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_EXEC |_PAGE_ACCESSED)
  #define PAGE_COPY       PAGE_EXECREAD
  #define PAGE_RWX        __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_WRITE | _PAGE_EXEC |_PAGE_ACCESSED)
@@ -6028,80 +5720,11 @@ index 7df49fa..a3eb445 100644
  #define PAGE_KERNEL	__pgprot(_PAGE_KERNEL)
  #define PAGE_KERNEL_EXEC	__pgprot(_PAGE_KERNEL_EXEC)
  #define PAGE_KERNEL_RWX	__pgprot(_PAGE_KERNEL_RWX)
-@@ -435,48 +451,46 @@ extern void update_mmu_cache(struct vm_area_struct *, unsigned long, pte_t *);
- 
- static inline int ptep_test_and_clear_young(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep)
- {
--#ifdef CONFIG_SMP
-+	pte_t pte;
-+	unsigned long flags;
-+
- 	if (!pte_young(*ptep))
- 		return 0;
--	return test_and_clear_bit(xlate_pabit(_PAGE_ACCESSED_BIT), &pte_val(*ptep));
--#else
--	pte_t pte = *ptep;
--	if (!pte_young(pte))
-+
-+	spin_lock_irqsave(&pa_dbit_lock, flags);
-+	pte = *ptep;
-+	if (!pte_young(pte)) {
-+		spin_unlock_irqrestore(&pa_dbit_lock, flags);
- 		return 0;
--	set_pte_at(vma->vm_mm, addr, ptep, pte_mkold(pte));
-+	}
-+	set_pte(ptep, pte_mkold(pte));
-+	purge_tlb_entries(vma->vm_mm, addr);
-+	spin_unlock_irqrestore(&pa_dbit_lock, flags);
- 	return 1;
--#endif
- }
- 
--extern spinlock_t pa_dbit_lock;
--
- struct mm_struct;
- static inline pte_t ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, pte_t *ptep)
- {
- 	pte_t old_pte;
-+	unsigned long flags;
- 
--	spin_lock(&pa_dbit_lock);
-+	spin_lock_irqsave(&pa_dbit_lock, flags);
- 	old_pte = *ptep;
- 	pte_clear(mm,addr,ptep);
--	spin_unlock(&pa_dbit_lock);
-+	purge_tlb_entries(mm, addr);
-+	spin_unlock_irqrestore(&pa_dbit_lock, flags);
- 
- 	return old_pte;
- }
- 
- static inline void ptep_set_wrprotect(struct mm_struct *mm, unsigned long addr, pte_t *ptep)
- {
--#ifdef CONFIG_SMP
--	unsigned long new, old;
--
--	do {
--		old = pte_val(*ptep);
--		new = pte_val(pte_wrprotect(__pte (old)));
--	} while (cmpxchg((unsigned long *) ptep, old, new) != old);
-+	unsigned long flags;
-+	spin_lock_irqsave(&pa_dbit_lock, flags);
-+	set_pte(ptep, pte_wrprotect(*ptep));
- 	purge_tlb_entries(mm, addr);
--#else
--	pte_t old_pte = *ptep;
--	set_pte_at(mm, addr, ptep, pte_wrprotect(old_pte));
--#endif
-+	spin_unlock_irqrestore(&pa_dbit_lock, flags);
- }
- 
- #define pte_same(A,B)	(pte_val(A) == pte_val(B))
 diff --git a/arch/parisc/include/asm/uaccess.h b/arch/parisc/include/asm/uaccess.h
-index 4ba2c93..f5e3974 100644
+index e0a8235..ce2f1e1 100644
 --- a/arch/parisc/include/asm/uaccess.h
 +++ b/arch/parisc/include/asm/uaccess.h
-@@ -251,10 +251,10 @@ static inline unsigned long __must_check copy_from_user(void *to,
+@@ -245,10 +245,10 @@ static inline unsigned long __must_check copy_from_user(void *to,
                                            const void __user *from,
                                            unsigned long n)
  {
@@ -6114,26 +5737,6 @@ index 4ba2c93..f5e3974 100644
                  ret = __copy_from_user(to, from, n);
          else
                  copy_from_user_overflow();
-diff --git a/arch/parisc/kernel/cache.c b/arch/parisc/kernel/cache.c
-index b89a85a..a9891fa 100644
---- a/arch/parisc/kernel/cache.c
-+++ b/arch/parisc/kernel/cache.c
-@@ -426,14 +426,11 @@ void purge_tlb_entries(struct mm_struct *mm, unsigned long addr)
- 	/* Note: purge_tlb_entries can be called at startup with
- 	   no context.  */
- 
--	/* Disable preemption while we play with %sr1.  */
--	preempt_disable();
-+	purge_tlb_start(flags);
- 	mtsp(mm->context, 1);
--	purge_tlb_start(flags);
- 	pdtlb(addr);
- 	pitlb(addr);
- 	purge_tlb_end(flags);
--	preempt_enable();
- }
- EXPORT_SYMBOL(purge_tlb_entries);
- 
 diff --git a/arch/parisc/kernel/module.c b/arch/parisc/kernel/module.c
 index 2a625fb..9908930 100644
 --- a/arch/parisc/kernel/module.c
@@ -6238,7 +5841,7 @@ index 2a625fb..9908930 100644
  	DEBUGP("register_unwind_table(), sect = %d at 0x%p - 0x%p (gp=0x%lx)\n",
  	       me->arch.unwind_section, table, end, gp);
 diff --git a/arch/parisc/kernel/sys_parisc.c b/arch/parisc/kernel/sys_parisc.c
-index f76c108..92bad82 100644
+index 5dfd248..64914ac 100644
 --- a/arch/parisc/kernel/sys_parisc.c
 +++ b/arch/parisc/kernel/sys_parisc.c
 @@ -33,9 +33,11 @@
@@ -6247,24 +5850,23 @@ index f76c108..92bad82 100644
  
 -static unsigned long get_unshared_area(unsigned long addr, unsigned long len)
 +static unsigned long get_unshared_area(struct file *filp, unsigned long addr, unsigned long len,
-+				       unsigned long flags)
++					unsigned long flags)
  {
- 	struct vm_area_struct *vma;
+ 	struct vm_unmapped_area_info info;
 +	unsigned long offset = gr_rand_threadstack_offset(current->mm, filp, flags);
  
- 	addr = PAGE_ALIGN(addr);
+ 	info.flags = 0;
+ 	info.length = len;
+@@ -43,6 +45,7 @@ static unsigned long get_unshared_area(unsigned long addr, unsigned long len)
+ 	info.high_limit = TASK_SIZE;
+ 	info.align_mask = 0;
+ 	info.align_offset = 0;
++	info.threadstack_offset = offset;
+ 	return vm_unmapped_area(&info);
+ }
  
-@@ -43,7 +45,7 @@ static unsigned long get_unshared_area(unsigned long addr, unsigned long len)
- 		/* At this point:  (!vma || addr < vma->vm_end). */
- 		if (TASK_SIZE - len < addr)
- 			return -ENOMEM;
--		if (!vma || addr + len <= vma->vm_start)
-+		if (check_heap_stack_gap(vma, addr, len, offset))
- 			return addr;
- 		addr = vma->vm_end;
- 	}
-@@ -67,11 +69,12 @@ static int get_offset(struct address_space *mapping)
- 	return offset & 0x3FF000;
+@@ -61,10 +64,11 @@ static int get_offset(struct address_space *mapping)
+ 	return (unsigned long) mapping >> 8;
  }
  
 -static unsigned long get_shared_area(struct address_space *mapping,
@@ -6272,28 +5874,34 @@ index f76c108..92bad82 100644
 +static unsigned long get_shared_area(struct file *filp, struct address_space *mapping,
 +		unsigned long addr, unsigned long len, unsigned long pgoff, unsigned long flags)
  {
- 	struct vm_area_struct *vma;
- 	int offset = mapping ? get_offset(mapping) : 0;
-+	unsigned long rand_offset = gr_rand_threadstack_offset(current->mm, filp, flags);
+ 	struct vm_unmapped_area_info info;
++	unsigned long offset = gr_rand_threadstack_offset(current->mm, filp, flags);
  
- 	offset = (offset + (pgoff << PAGE_SHIFT)) & 0x3FF000;
+ 	info.flags = 0;
+ 	info.length = len;
+@@ -72,6 +76,7 @@ static unsigned long get_shared_area(struct address_space *mapping,
+ 	info.high_limit = TASK_SIZE;
+ 	info.align_mask = PAGE_MASK & (SHMLBA - 1);
+ 	info.align_offset = (get_offset(mapping) + pgoff) << PAGE_SHIFT;
++	info.threadstack_offset = offset;
+ 	return vm_unmapped_area(&info);
+ }
  
-@@ -81,7 +84,7 @@ static unsigned long get_shared_area(struct address_space *mapping,
- 		/* At this point:  (!vma || addr < vma->vm_end). */
- 		if (TASK_SIZE - len < addr)
- 			return -ENOMEM;
--		if (!vma || addr + len <= vma->vm_start)
-+		if (check_heap_stack_gap(vma, addr, len, rand_offset))
- 			return addr;
- 		addr = DCACHE_ALIGN(vma->vm_end - offset) + offset;
- 		if (addr < vma->vm_end) /* handle wraparound */
-@@ -100,14 +103,14 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr,
- 	if (flags & MAP_FIXED)
+@@ -86,15 +91,22 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr,
+ 			return -EINVAL;
  		return addr;
- 	if (!addr)
--		addr = TASK_UNMAPPED_BASE;
-+		addr = current->mm->mmap_base;
+ 	}
+-	if (!addr)
++	if (!addr) {
+ 		addr = TASK_UNMAPPED_BASE;
  
++#ifdef CONFIG_PAX_RANDMMAP
++		if (current->mm->pax_flags & MF_PAX_RANDMMAP)
++			addr += current->mm->delta_mmap;
++#endif
++
++	}
++
  	if (filp) {
 -		addr = get_shared_area(filp->f_mapping, addr, len, pgoff);
 +		addr = get_shared_area(filp, filp->f_mapping, addr, len, pgoff, flags);
@@ -6307,7 +5915,7 @@ index f76c108..92bad82 100644
  	return addr;
  }
 diff --git a/arch/parisc/kernel/traps.c b/arch/parisc/kernel/traps.c
-index 45ba99f..8e22c33 100644
+index aeb8f8f..27a6c2f 100644
 --- a/arch/parisc/kernel/traps.c
 +++ b/arch/parisc/kernel/traps.c
 @@ -732,9 +732,7 @@ void notrace handle_interruption(int code, struct pt_regs *regs)
@@ -6322,7 +5930,7 @@ index 45ba99f..8e22c33 100644
  				fault_space = regs->iasq[0];
  
 diff --git a/arch/parisc/mm/fault.c b/arch/parisc/mm/fault.c
-index 18162ce..94de376 100644
+index f247a34..dc0f219 100644
 --- a/arch/parisc/mm/fault.c
 +++ b/arch/parisc/mm/fault.c
 @@ -15,6 +15,7 @@
@@ -6459,7 +6067,7 @@ index 18162ce..94de376 100644
  int fixup_exception(struct pt_regs *regs)
  {
  	const struct exception_table_entry *fix;
-@@ -192,8 +303,33 @@ good_area:
+@@ -194,8 +305,33 @@ good_area:
  
  	acc_type = parisc_acctyp(code,regs->iir);
  
@@ -6537,7 +6145,7 @@ index 9e495c9..b6878e5 100644
  #define	SMP_CACHE_BYTES		L1_CACHE_BYTES
  
 diff --git a/arch/powerpc/include/asm/elf.h b/arch/powerpc/include/asm/elf.h
-index 6abf0a1..459d0f1 100644
+index ac9790f..6d30741 100644
 --- a/arch/powerpc/include/asm/elf.h
 +++ b/arch/powerpc/include/asm/elf.h
 @@ -28,8 +28,19 @@
@@ -6562,7 +6170,7 @@ index 6abf0a1..459d0f1 100644
  
  /*
   * Our registers are always unsigned longs, whether we're a 32 bit
-@@ -124,10 +135,6 @@ extern int arch_setup_additional_pages(struct linux_binprm *bprm,
+@@ -122,10 +133,6 @@ extern int arch_setup_additional_pages(struct linux_binprm *bprm,
  	(0x7ff >> (PAGE_SHIFT - 12)) : \
  	(0x3ffff >> (PAGE_SHIFT - 12)))
  
@@ -6719,10 +6327,10 @@ index 4aad413..85d86bf 100644
  #define _PAGE_NO_CACHE	0x020	/* I: cache inhibit */
  #define _PAGE_WRITETHRU	0x040	/* W: cache write-through */
 diff --git a/arch/powerpc/include/asm/reg.h b/arch/powerpc/include/asm/reg.h
-index 3d5c9dc..62f8414 100644
+index c9c67fc..e10c012 100644
 --- a/arch/powerpc/include/asm/reg.h
 +++ b/arch/powerpc/include/asm/reg.h
-@@ -215,6 +215,7 @@
+@@ -245,6 +245,7 @@
  #define SPRN_DBCR	0x136	/* e300 Data Breakpoint Control Reg */
  #define SPRN_DSISR	0x012	/* Data Storage Interrupt Status Register */
  #define   DSISR_NOHPTE		0x40000000	/* no translation found */
@@ -6950,10 +6558,10 @@ index 4db4959..aba5c41 100644
  
  static inline unsigned long clear_user(void __user *addr, unsigned long size)
 diff --git a/arch/powerpc/kernel/exceptions-64e.S b/arch/powerpc/kernel/exceptions-64e.S
-index 4684e33..acc4d19e 100644
+index ae54553..cf2184d 100644
 --- a/arch/powerpc/kernel/exceptions-64e.S
 +++ b/arch/powerpc/kernel/exceptions-64e.S
-@@ -715,6 +715,7 @@ storage_fault_common:
+@@ -716,6 +716,7 @@ storage_fault_common:
  	std	r14,_DAR(r1)
  	std	r15,_DSISR(r1)
  	addi	r3,r1,STACK_FRAME_OVERHEAD
@@ -6961,7 +6569,7 @@ index 4684e33..acc4d19e 100644
  	mr	r4,r14
  	mr	r5,r15
  	ld	r14,PACA_EXGEN+EX_R14(r13)
-@@ -723,8 +724,7 @@ storage_fault_common:
+@@ -724,8 +725,7 @@ storage_fault_common:
  	cmpdi	r3,0
  	bne-	1f
  	b	.ret_from_except_lite
@@ -6972,10 +6580,10 @@ index 4684e33..acc4d19e 100644
  	ld	r4,_DAR(r1)
  	bl	.bad_page_fault
 diff --git a/arch/powerpc/kernel/exceptions-64s.S b/arch/powerpc/kernel/exceptions-64s.S
-index bb11075..2d00a2a 100644
+index 3bbe7ed..14ec3eb 100644
 --- a/arch/powerpc/kernel/exceptions-64s.S
 +++ b/arch/powerpc/kernel/exceptions-64s.S
-@@ -1206,10 +1206,10 @@ handle_page_fault:
+@@ -1390,10 +1390,10 @@ handle_page_fault:
  11:	ld	r4,_DAR(r1)
  	ld	r5,_DSISR(r1)
  	addi	r3,r1,STACK_FRAME_OVERHEAD
@@ -7021,10 +6629,10 @@ index 2e3200c..72095ce 100644
  	/* Find this entry, or if that fails, the next avail. entry */
  	while (entry->jump[0]) {
 diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c
-index 8143067..21ae55b 100644
+index 16e77a8..4501b41 100644
 --- a/arch/powerpc/kernel/process.c
 +++ b/arch/powerpc/kernel/process.c
-@@ -680,8 +680,8 @@ void show_regs(struct pt_regs * regs)
+@@ -870,8 +870,8 @@ void show_regs(struct pt_regs * regs)
  	 * Lookup NIP late so we have the best change of getting the
  	 * above info out without failing
  	 */
@@ -7033,9 +6641,9 @@ index 8143067..21ae55b 100644
 +	printk("NIP ["REG"] %pA\n", regs->nip, (void *)regs->nip);
 +	printk("LR ["REG"] %pA\n", regs->link, (void *)regs->link);
  #endif
- 	show_stack(current, (unsigned long *) regs->gpr[1]);
- 	if (!user_mode(regs))
-@@ -1129,10 +1129,10 @@ void show_stack(struct task_struct *tsk, unsigned long *stack)
+ #ifdef CONFIG_PPC_TRANSACTIONAL_MEM
+ 	printk("PACATMSCRATCH [%llx]\n", get_paca()->tm_scratch);
+@@ -1330,10 +1330,10 @@ void show_stack(struct task_struct *tsk, unsigned long *stack)
  		newsp = stack[0];
  		ip = stack[STACK_FRAME_LR_SAVE];
  		if (!firstframe || ip != lr) {
@@ -7048,7 +6656,7 @@ index 8143067..21ae55b 100644
  				       (void *)current->ret_stack[curr_frame].ret);
  				curr_frame--;
  			}
-@@ -1152,7 +1152,7 @@ void show_stack(struct task_struct *tsk, unsigned long *stack)
+@@ -1353,7 +1353,7 @@ void show_stack(struct task_struct *tsk, unsigned long *stack)
  			struct pt_regs *regs = (struct pt_regs *)
  				(sp + STACK_FRAME_OVERHEAD);
  			lr = regs->link;
@@ -7057,7 +6665,7 @@ index 8143067..21ae55b 100644
  			       regs->trap, (void *)regs->nip, (void *)lr);
  			firstframe = 1;
  		}
-@@ -1194,58 +1194,3 @@ void __ppc64_runlatch_off(void)
+@@ -1395,58 +1395,3 @@ void __ppc64_runlatch_off(void)
  	mtspr(SPRN_CTRLT, ctrl);
  }
  #endif /* CONFIG_PPC64 */
@@ -7117,10 +6725,10 @@ index 8143067..21ae55b 100644
 -	return ret;
 -}
 diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c
-index c497000..8fde506 100644
+index f9b30c6..d72e7a3 100644
 --- a/arch/powerpc/kernel/ptrace.c
 +++ b/arch/powerpc/kernel/ptrace.c
-@@ -1737,6 +1737,10 @@ long arch_ptrace(struct task_struct *child, long request,
+@@ -1771,6 +1771,10 @@ long arch_ptrace(struct task_struct *child, long request,
  	return ret;
  }
  
@@ -7131,7 +6739,7 @@ index c497000..8fde506 100644
  /*
   * We must return the syscall number to actually look up in the table.
   * This can be -1L to skip running any syscall at all.
-@@ -1747,6 +1751,11 @@ long do_syscall_trace_enter(struct pt_regs *regs)
+@@ -1781,6 +1785,11 @@ long do_syscall_trace_enter(struct pt_regs *regs)
  
  	secure_computing_strict(regs->gpr[0]);
  
@@ -7143,7 +6751,7 @@ index c497000..8fde506 100644
  	if (test_thread_flag(TIF_SYSCALL_TRACE) &&
  	    tracehook_report_syscall_entry(regs))
  		/*
-@@ -1781,6 +1790,11 @@ void do_syscall_trace_leave(struct pt_regs *regs)
+@@ -1815,6 +1824,11 @@ void do_syscall_trace_leave(struct pt_regs *regs)
  {
  	int step;
  
@@ -7156,24 +6764,24 @@ index c497000..8fde506 100644
  
  	if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
 diff --git a/arch/powerpc/kernel/signal_32.c b/arch/powerpc/kernel/signal_32.c
-index 804e323..79181c1 100644
+index 95068bf..9ba1814 100644
 --- a/arch/powerpc/kernel/signal_32.c
 +++ b/arch/powerpc/kernel/signal_32.c
-@@ -851,7 +851,7 @@ int handle_rt_signal32(unsigned long sig, struct k_sigaction *ka,
+@@ -982,7 +982,7 @@ int handle_rt_signal32(unsigned long sig, struct k_sigaction *ka,
  	/* Save user registers on the stack */
  	frame = &rt_sf->uc.uc_mcontext;
  	addr = frame;
 -	if (vdso32_rt_sigtramp && current->mm->context.vdso_base) {
 +	if (vdso32_rt_sigtramp && current->mm->context.vdso_base != ~0UL) {
- 		if (save_user_regs(regs, frame, 0, 1))
- 			goto badframe;
- 		regs->link = current->mm->context.vdso_base + vdso32_rt_sigtramp;
+ 		sigret = 0;
+ 		tramp = current->mm->context.vdso_base + vdso32_rt_sigtramp;
+ 	} else {
 diff --git a/arch/powerpc/kernel/signal_64.c b/arch/powerpc/kernel/signal_64.c
-index 1ca045d..139c3f7 100644
+index c179428..58acdaa 100644
 --- a/arch/powerpc/kernel/signal_64.c
 +++ b/arch/powerpc/kernel/signal_64.c
-@@ -430,7 +430,7 @@ int handle_rt_signal64(int signr, struct k_sigaction *ka, siginfo_t *info,
- 	current->thread.fpscr.val = 0;
+@@ -758,7 +758,7 @@ int handle_rt_signal64(int signr, struct k_sigaction *ka, siginfo_t *info,
+ #endif
  
  	/* Set up to return from userspace. */
 -	if (vdso64_rt_sigtramp && current->mm->context.vdso_base) {
@@ -7195,10 +6803,10 @@ index 3ce1f86..c30e629 100644
  };
  
 diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c
-index 3251840..3f7c77a 100644
+index 83efa2f..6bb5839 100644
 --- a/arch/powerpc/kernel/traps.c
 +++ b/arch/powerpc/kernel/traps.c
-@@ -133,6 +133,8 @@ static unsigned __kprobes long oops_begin(struct pt_regs *regs)
+@@ -141,6 +141,8 @@ static unsigned __kprobes long oops_begin(struct pt_regs *regs)
  	return flags;
  }
  
@@ -7207,7 +6815,7 @@ index 3251840..3f7c77a 100644
  static void __kprobes oops_end(unsigned long flags, struct pt_regs *regs,
  			       int signr)
  {
-@@ -182,6 +184,9 @@ static void __kprobes oops_end(unsigned long flags, struct pt_regs *regs,
+@@ -190,6 +192,9 @@ static void __kprobes oops_end(unsigned long flags, struct pt_regs *regs,
  		panic("Fatal exception in interrupt");
  	if (panic_on_oops)
  		panic("Fatal exception");
@@ -7283,7 +6891,7 @@ index 5eea6f3..5d10396 100644
  EXPORT_SYMBOL(copy_in_user);
  
 diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c
-index 3a8489a..6a63b3b 100644
+index 229951f..cdeca42 100644
 --- a/arch/powerpc/mm/fault.c
 +++ b/arch/powerpc/mm/fault.c
 @@ -32,6 +32,10 @@
@@ -7434,7 +7042,7 @@ index e779642..e5bb889 100644
  };
  
 diff --git a/arch/powerpc/mm/numa.c b/arch/powerpc/mm/numa.c
-index bba87ca..c346a33 100644
+index 6a252c4..3024d81 100644
 --- a/arch/powerpc/mm/numa.c
 +++ b/arch/powerpc/mm/numa.c
 @@ -932,7 +932,7 @@ static void __init *careful_zallocation(int nid, unsigned long size,
@@ -7517,7 +7125,7 @@ index cf9dada..241529f 100644
  	if (!fixed && addr) {
  		addr = _ALIGN_UP(addr, 1ul << pshift);
 diff --git a/arch/powerpc/platforms/cell/spufs/file.c b/arch/powerpc/platforms/cell/spufs/file.c
-index 0cfece4..2f1a0e5 100644
+index 68c57d3..1fdcfb2 100644
 --- a/arch/powerpc/platforms/cell/spufs/file.c
 +++ b/arch/powerpc/platforms/cell/spufs/file.c
 @@ -281,9 +281,9 @@ spufs_mem_mmap_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
@@ -7583,7 +7191,7 @@ index 4d7ccac..d03d0ad 100644
  
  #define __read_mostly __attribute__((__section__(".data..read_mostly")))
 diff --git a/arch/s390/include/asm/elf.h b/arch/s390/include/asm/elf.h
-index 178ff96..8c93bd1 100644
+index 1bfdf24..9c9ab2e 100644
 --- a/arch/s390/include/asm/elf.h
 +++ b/arch/s390/include/asm/elf.h
 @@ -160,8 +160,14 @@ extern unsigned int vdso_enabled;
@@ -7603,7 +7211,7 @@ index 178ff96..8c93bd1 100644
  
  /* This yields a mask that user programs can use to figure out what
     instruction set this CPU supports. */
-@@ -210,9 +216,6 @@ struct linux_binprm;
+@@ -207,9 +213,6 @@ struct linux_binprm;
  #define ARCH_HAS_SETUP_ADDITIONAL_PAGES 1
  int arch_setup_additional_pages(struct linux_binprm *, int);
  
@@ -7626,7 +7234,7 @@ index c4a93d6..4d2a9b4 100644
  
  #endif /* __ASM_EXEC_H */
 diff --git a/arch/s390/include/asm/uaccess.h b/arch/s390/include/asm/uaccess.h
-index 34268df..ea97318 100644
+index 9c33ed4..e40cbef 100644
 --- a/arch/s390/include/asm/uaccess.h
 +++ b/arch/s390/include/asm/uaccess.h
 @@ -252,6 +252,10 @@ static inline unsigned long __must_check
@@ -7637,10 +7245,10 @@ index 34268df..ea97318 100644
 +	if ((long)n < 0)
 +		return n;
 +
- 	if (access_ok(VERIFY_WRITE, to, n))
- 		n = __copy_to_user(to, from, n);
- 	return n;
-@@ -277,6 +281,9 @@ copy_to_user(void __user *to, const void *from, unsigned long n)
+ 	return __copy_to_user(to, from, n);
+ }
+ 
+@@ -275,6 +279,9 @@ copy_to_user(void __user *to, const void *from, unsigned long n)
  static inline unsigned long __must_check
  __copy_from_user(void *to, const void __user *from, unsigned long n)
  {
@@ -7650,7 +7258,7 @@ index 34268df..ea97318 100644
  	if (__builtin_constant_p(n) && (n <= 256))
  		return uaccess.copy_from_user_small(n, from, to);
  	else
-@@ -308,10 +315,14 @@ __compiletime_warning("copy_from_user() buffer size is not provably correct")
+@@ -306,10 +313,14 @@ __compiletime_warning("copy_from_user() buffer size is not provably correct")
  static inline unsigned long __must_check
  copy_from_user(void *to, const void __user *from, unsigned long n)
  {
@@ -7668,10 +7276,10 @@ index 34268df..ea97318 100644
  		return n;
  	}
 diff --git a/arch/s390/kernel/module.c b/arch/s390/kernel/module.c
-index 4610dea..cf0af21 100644
+index 7845e15..59c4353 100644
 --- a/arch/s390/kernel/module.c
 +++ b/arch/s390/kernel/module.c
-@@ -171,11 +171,11 @@ module_frob_arch_sections(Elf_Ehdr *hdr, Elf_Shdr *sechdrs,
+@@ -169,11 +169,11 @@ int module_frob_arch_sections(Elf_Ehdr *hdr, Elf_Shdr *sechdrs,
  
  	/* Increase core size by size of got & plt and set start
  	   offsets for got and plt. */
@@ -7688,7 +7296,7 @@ index 4610dea..cf0af21 100644
  	return 0;
  }
  
-@@ -252,7 +252,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab,
+@@ -289,7 +289,7 @@ static int apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab,
  		if (info->got_initialized == 0) {
  			Elf_Addr *gotent;
  
@@ -7697,16 +7305,16 @@ index 4610dea..cf0af21 100644
  				info->got_offset;
  			*gotent = val;
  			info->got_initialized = 1;
-@@ -276,7 +276,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab,
+@@ -312,7 +312,7 @@ static int apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab,
+ 			rc = apply_rela_bits(loc, val, 0, 64, 0);
  		else if (r_type == R_390_GOTENT ||
- 			 r_type == R_390_GOTPLTENT)
- 			*(unsigned int *) loc =
--				(val + (Elf_Addr) me->module_core - loc) >> 1;
-+				(val + (Elf_Addr) me->module_core_rw - loc) >> 1;
- 		else if (r_type == R_390_GOT64 ||
- 			 r_type == R_390_GOTPLT64)
- 			*(unsigned long *) loc = val;
-@@ -290,7 +290,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab,
+ 			 r_type == R_390_GOTPLTENT) {
+-			val += (Elf_Addr) me->module_core - loc;
++			val += (Elf_Addr) me->module_core_rw - loc;
+ 			rc = apply_rela_bits(loc, val, 1, 32, 1);
+ 		}
+ 		break;
+@@ -325,7 +325,7 @@ static int apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab,
  	case R_390_PLTOFF64:	/* 16 bit offset from GOT to PLT. */
  		if (info->plt_initialized == 0) {
  			unsigned int *ip;
@@ -7715,7 +7323,7 @@ index 4610dea..cf0af21 100644
  				info->plt_offset;
  #ifndef CONFIG_64BIT
  			ip[0] = 0x0d105810; /* basr 1,0; l 1,6(1); br 1 */
-@@ -315,7 +315,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab,
+@@ -350,7 +350,7 @@ static int apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab,
  			       val - loc + 0xffffUL < 0x1ffffeUL) ||
  			      (r_type == R_390_PLT32DBL &&
  			       val - loc + 0xffffffffULL < 0x1fffffffeULL)))
@@ -7724,16 +7332,16 @@ index 4610dea..cf0af21 100644
  					me->arch.plt_offset +
  					info->plt_offset;
  			val += rela->r_addend - loc;
-@@ -337,7 +337,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab,
+@@ -372,7 +372,7 @@ static int apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab,
  	case R_390_GOTOFF32:	/* 32 bit offset to GOT.  */
  	case R_390_GOTOFF64:	/* 64 bit offset to GOT. */
  		val = val + rela->r_addend -
 -			((Elf_Addr) me->module_core + me->arch.got_offset);
 +			((Elf_Addr) me->module_core_rw + me->arch.got_offset);
  		if (r_type == R_390_GOTOFF16)
- 			*(unsigned short *) loc = val;
+ 			rc = apply_rela_bits(loc, val, 0, 16, 0);
  		else if (r_type == R_390_GOTOFF32)
-@@ -347,7 +347,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab,
+@@ -382,7 +382,7 @@ static int apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab,
  		break;
  	case R_390_GOTPC:	/* 32 bit PC relative offset to GOT. */
  	case R_390_GOTPCDBL:	/* 32 bit PC rel. off. to GOT shifted by 1. */
@@ -7741,7 +7349,7 @@ index 4610dea..cf0af21 100644
 +		val = (Elf_Addr) me->module_core_rw + me->arch.got_offset +
  			rela->r_addend - loc;
  		if (r_type == R_390_GOTPC)
- 			*(unsigned int *) loc = val;
+ 			rc = apply_rela_bits(loc, val, 1, 32, 0);
 diff --git a/arch/s390/kernel/process.c b/arch/s390/kernel/process.c
 index 536d645..4a5bd9e 100644
 --- a/arch/s390/kernel/process.c
@@ -7787,7 +7395,7 @@ index 536d645..4a5bd9e 100644
 -	return ret;
 -}
 diff --git a/arch/s390/mm/mmap.c b/arch/s390/mm/mmap.c
-index c59a5ef..3fae59c 100644
+index 06bafec..2bca531 100644
 --- a/arch/s390/mm/mmap.c
 +++ b/arch/s390/mm/mmap.c
 @@ -90,10 +90,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
@@ -7813,7 +7421,7 @@ index c59a5ef..3fae59c 100644
  		mm->get_unmapped_area = arch_get_unmapped_area_topdown;
  		mm->unmap_area = arch_unmap_area_topdown;
  	}
-@@ -172,10 +184,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
+@@ -175,10 +187,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
  	 */
  	if (mmap_is_legacy()) {
  		mm->mmap_base = TASK_UNMAPPED_BASE;
@@ -8197,7 +7805,7 @@ index 5bb6991..5c2132e 100644
  #ifdef CONFIG_SPARC32
  #define SMP_CACHE_BYTES_SHIFT 5
 diff --git a/arch/sparc/include/asm/elf_32.h b/arch/sparc/include/asm/elf_32.h
-index ac74a2c..a9e58af 100644
+index a24e41f..47677ff 100644
 --- a/arch/sparc/include/asm/elf_32.h
 +++ b/arch/sparc/include/asm/elf_32.h
 @@ -114,6 +114,13 @@ typedef struct {
@@ -8596,10 +8204,10 @@ index 6cf591b..b49e65a 100644
  extra-y     := head_$(BITS).o
  
 diff --git a/arch/sparc/kernel/process_32.c b/arch/sparc/kernel/process_32.c
-index be8e862..5b50b12 100644
+index 62eede1..9c5b904 100644
 --- a/arch/sparc/kernel/process_32.c
 +++ b/arch/sparc/kernel/process_32.c
-@@ -126,14 +126,14 @@ void show_regs(struct pt_regs *r)
+@@ -125,14 +125,14 @@ void show_regs(struct pt_regs *r)
  
          printk("PSR: %08lx PC: %08lx NPC: %08lx Y: %08lx    %s\n",
  	       r->psr, r->pc, r->npc, r->y, print_tainted());
@@ -8616,7 +8224,7 @@ index be8e862..5b50b12 100644
  
  	printk("%%L: %08lx %08lx  %08lx %08lx  %08lx %08lx  %08lx %08lx\n",
  	       rw->locals[0], rw->locals[1], rw->locals[2], rw->locals[3],
-@@ -168,7 +168,7 @@ void show_stack(struct task_struct *tsk, unsigned long *_ksp)
+@@ -167,7 +167,7 @@ void show_stack(struct task_struct *tsk, unsigned long *_ksp)
  		rw = (struct reg_window32 *) fp;
  		pc = rw->ins[7];
  		printk("[%08lx : ", pc);
@@ -8665,7 +8273,7 @@ index cdb80b2..5ca141d 100644
  			       (void *) gp->o7,
  			       (void *) gp->i7,
 diff --git a/arch/sparc/kernel/prom_common.c b/arch/sparc/kernel/prom_common.c
-index 1303021..c2a6321 100644
+index 9f20566..67eb41b 100644
 --- a/arch/sparc/kernel/prom_common.c
 +++ b/arch/sparc/kernel/prom_common.c
 @@ -143,7 +143,7 @@ static int __init prom_common_nextprop(phandle node, char *prev, char *buf)
@@ -8717,7 +8325,7 @@ index 7ff45e4..a58f271 100644
  
  	if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
 diff --git a/arch/sparc/kernel/sys_sparc_32.c b/arch/sparc/kernel/sys_sparc_32.c
-index 2da0bdc..79128d2 100644
+index 3a8d184..49498a8 100644
 --- a/arch/sparc/kernel/sys_sparc_32.c
 +++ b/arch/sparc/kernel/sys_sparc_32.c
 @@ -52,7 +52,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi
@@ -8730,7 +8338,7 @@ index 2da0bdc..79128d2 100644
  	info.flags = 0;
  	info.length = len;
 diff --git a/arch/sparc/kernel/sys_sparc_64.c b/arch/sparc/kernel/sys_sparc_64.c
-index 708bc29..f0129cb 100644
+index 708bc29..6bfdfad 100644
 --- a/arch/sparc/kernel/sys_sparc_64.c
 +++ b/arch/sparc/kernel/sys_sparc_64.c
 @@ -90,13 +90,14 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi
@@ -8760,7 +8368,7 @@ index 708bc29..f0129cb 100644
  	if (addr) {
  		if (do_color_align)
  			addr = COLOR_ALIGN(addr, pgoff);
-@@ -118,14 +123,13 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi
+@@ -118,22 +123,28 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi
  			addr = PAGE_ALIGN(addr);
  
  		vma = find_vma(mm, addr);
@@ -8777,7 +8385,9 @@ index 708bc29..f0129cb 100644
  	info.high_limit = min(task_size, VA_EXCLUDE_START);
  	info.align_mask = do_color_align ? (PAGE_MASK & (SHMLBA - 1)) : 0;
  	info.align_offset = pgoff << PAGE_SHIFT;
-@@ -134,6 +138,12 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi
++	info.threadstack_offset = offset;
+ 	addr = vm_unmapped_area(&info);
+ 
  	if ((addr & ~PAGE_MASK) && task_size > VA_EXCLUDE_END) {
  		VM_BUG_ON(addr != -ENOMEM);
  		info.low_limit = VA_EXCLUDE_END;
@@ -8790,7 +8400,7 @@ index 708bc29..f0129cb 100644
  		info.high_limit = task_size;
  		addr = vm_unmapped_area(&info);
  	}
-@@ -151,6 +161,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+@@ -151,6 +162,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
  	unsigned long task_size = STACK_TOP32;
  	unsigned long addr = addr0;
  	int do_color_align;
@@ -8798,7 +8408,7 @@ index 708bc29..f0129cb 100644
  	struct vm_unmapped_area_info info;
  
  	/* This should only ever run for 32-bit processes.  */
-@@ -160,7 +171,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+@@ -160,7 +172,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
  		/* We do not accept a shared mapping if it would violate
  		 * cache aliasing constraints.
  		 */
@@ -8807,7 +8417,7 @@ index 708bc29..f0129cb 100644
  		    ((addr - (pgoff << PAGE_SHIFT)) & (SHMLBA - 1)))
  			return -EINVAL;
  		return addr;
-@@ -173,6 +184,10 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+@@ -173,6 +185,10 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
  	if (filp || (flags & MAP_SHARED))
  		do_color_align = 1;
  
@@ -8818,7 +8428,7 @@ index 708bc29..f0129cb 100644
  	/* requesting a specific address */
  	if (addr) {
  		if (do_color_align)
-@@ -181,8 +196,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+@@ -181,8 +197,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
  			addr = PAGE_ALIGN(addr);
  
  		vma = find_vma(mm, addr);
@@ -8828,7 +8438,15 @@ index 708bc29..f0129cb 100644
  			return addr;
  	}
  
-@@ -204,6 +218,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+@@ -192,6 +207,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+ 	info.high_limit = mm->mmap_base;
+ 	info.align_mask = do_color_align ? (PAGE_MASK & (SHMLBA - 1)) : 0;
+ 	info.align_offset = pgoff << PAGE_SHIFT;
++	info.threadstack_offset = offset;
+ 	addr = vm_unmapped_area(&info);
+ 
+ 	/*
+@@ -204,6 +220,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
  		VM_BUG_ON(addr != -ENOMEM);
  		info.flags = 0;
  		info.low_limit = TASK_UNMAPPED_BASE;
@@ -8841,7 +8459,7 @@ index 708bc29..f0129cb 100644
  		info.high_limit = STACK_TOP32;
  		addr = vm_unmapped_area(&info);
  	}
-@@ -264,6 +284,10 @@ static unsigned long mmap_rnd(void)
+@@ -264,6 +286,10 @@ static unsigned long mmap_rnd(void)
  {
  	unsigned long rnd = 0UL;
  
@@ -8852,7 +8470,7 @@ index 708bc29..f0129cb 100644
  	if (current->flags & PF_RANDOMIZE) {
  		unsigned long val = get_random_int();
  		if (test_thread_flag(TIF_32BIT))
-@@ -289,6 +313,12 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
+@@ -289,6 +315,12 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
  	    gap == RLIM_INFINITY ||
  	    sysctl_legacy_va_layout) {
  		mm->mmap_base = TASK_UNMAPPED_BASE + random_factor;
@@ -8865,7 +8483,7 @@ index 708bc29..f0129cb 100644
  		mm->get_unmapped_area = arch_get_unmapped_area;
  		mm->unmap_area = arch_unmap_area;
  	} else {
-@@ -301,6 +331,12 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
+@@ -301,6 +333,12 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
  			gap = (task_size / 6 * 5);
  
  		mm->mmap_base = PAGE_ALIGN(task_size - gap - random_factor);
@@ -8879,10 +8497,10 @@ index 708bc29..f0129cb 100644
  		mm->unmap_area = arch_unmap_area_topdown;
  	}
 diff --git a/arch/sparc/kernel/syscalls.S b/arch/sparc/kernel/syscalls.S
-index e0fed77..604a7e5 100644
+index 22a1098..6255eb9 100644
 --- a/arch/sparc/kernel/syscalls.S
 +++ b/arch/sparc/kernel/syscalls.S
-@@ -58,7 +58,7 @@ sys32_rt_sigreturn:
+@@ -52,7 +52,7 @@ sys32_rt_sigreturn:
  #endif
  	.align	32
  1:	ldx	[%g6 + TI_FLAGS], %l5
@@ -8891,7 +8509,7 @@ index e0fed77..604a7e5 100644
  	be,pt	%icc, rtrap
  	 nop
  	call	syscall_trace_leave
-@@ -190,7 +190,7 @@ linux_sparc_syscall32:
+@@ -184,7 +184,7 @@ linux_sparc_syscall32:
  
  	srl	%i5, 0, %o5				! IEU1
  	srl	%i2, 0, %o2				! IEU0	Group
@@ -8900,7 +8518,7 @@ index e0fed77..604a7e5 100644
  	bne,pn	%icc, linux_syscall_trace32		! CTI
  	 mov	%i0, %l5				! IEU1
  	call	%l7					! CTI	Group brk forced
-@@ -213,7 +213,7 @@ linux_sparc_syscall:
+@@ -207,7 +207,7 @@ linux_sparc_syscall:
  
  	mov	%i3, %o3				! IEU1
  	mov	%i4, %o4				! IEU0	Group
@@ -8909,7 +8527,7 @@ index e0fed77..604a7e5 100644
  	bne,pn	%icc, linux_syscall_trace		! CTI	Group
  	 mov	%i0, %l5				! IEU0
  2:	call	%l7					! CTI	Group brk forced
-@@ -229,7 +229,7 @@ ret_sys_call:
+@@ -223,7 +223,7 @@ ret_sys_call:
  
  	cmp	%o0, -ERESTART_RESTARTBLOCK
  	bgeu,pn	%xcc, 1f
@@ -8932,7 +8550,7 @@ index 654e8aa..45f431b 100644
  };
  
 diff --git a/arch/sparc/kernel/traps_32.c b/arch/sparc/kernel/traps_32.c
-index a5785ea..405c5f7 100644
+index 6629829..036032d 100644
 --- a/arch/sparc/kernel/traps_32.c
 +++ b/arch/sparc/kernel/traps_32.c
 @@ -44,6 +44,8 @@ static void instruction_dump(unsigned long *pc)
@@ -8965,7 +8583,7 @@ index a5785ea..405c5f7 100644
  }
  
 diff --git a/arch/sparc/kernel/traps_64.c b/arch/sparc/kernel/traps_64.c
-index e7ecf15..6520e65 100644
+index 8d38ca9..845b1d6 100644
 --- a/arch/sparc/kernel/traps_64.c
 +++ b/arch/sparc/kernel/traps_64.c
 @@ -76,7 +76,7 @@ static void dump_tl1_traplog(struct tl1_traplog *p)
@@ -9119,7 +8737,7 @@ index 8201c25e..072a2a7 100644
  	}
  }
 diff --git a/arch/sparc/kernel/us3_cpufreq.c b/arch/sparc/kernel/us3_cpufreq.c
-index eb1624b..f9f4ddb 100644
+index eb1624b..55100de 100644
 --- a/arch/sparc/kernel/us3_cpufreq.c
 +++ b/arch/sparc/kernel/us3_cpufreq.c
 @@ -18,14 +18,12 @@
@@ -9209,7 +8827,7 @@ index eb1624b..f9f4ddb 100644
 -		return ret;
 -	}
 +	     impl == PANTHER_IMPL))
-+		return cpufreq_register_driver(cpufreq_us3_driver);
++		return cpufreq_register_driver(&cpufreq_us3_driver);
  
  	return -ENODEV;
  }
@@ -9223,7 +8841,7 @@ index eb1624b..f9f4ddb 100644
 -		kfree(us3_freq_table);
 -		us3_freq_table = NULL;
 -	}
-+	cpufreq_unregister_driver(cpufreq_us3_driver);
++	cpufreq_unregister_driver(&cpufreq_us3_driver);
  }
  
  MODULE_AUTHOR("David S. Miller <davem@redhat.com>");
@@ -10446,6 +10064,26 @@ index 9ab078a..d6635c2 100644
  		n = _copy_from_user(to, from, n);
  	else
  		copy_from_user_overflow();
+diff --git a/arch/tile/mm/hugetlbpage.c b/arch/tile/mm/hugetlbpage.c
+index 650ccff..45fe2d6 100644
+--- a/arch/tile/mm/hugetlbpage.c
++++ b/arch/tile/mm/hugetlbpage.c
+@@ -239,6 +239,7 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *file,
+ 	info.high_limit = TASK_SIZE;
+ 	info.align_mask = PAGE_MASK & ~huge_page_mask(h);
+ 	info.align_offset = 0;
++	info.threadstack_offset = 0;
+ 	return vm_unmapped_area(&info);
+ }
+ 
+@@ -256,6 +257,7 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file,
+ 	info.high_limit = current->mm->mmap_base;
+ 	info.align_mask = PAGE_MASK & ~huge_page_mask(h);
+ 	info.align_offset = 0;
++	info.threadstack_offset = 0;
+ 	addr = vm_unmapped_area(&info);
+ 
+ 	/*
 diff --git a/arch/um/Makefile b/arch/um/Makefile
 index 133f7de..1d6f2f1 100644
 --- a/arch/um/Makefile
@@ -10576,10 +10214,10 @@ index ad8f795..2c7eec6 100644
  /*
   * Memory returned by kmalloc() may be used for DMA, so we must make
 diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index 0694d09..58ea1a1 100644
+index 15b5cef..173babc 100644
 --- a/arch/x86/Kconfig
 +++ b/arch/x86/Kconfig
-@@ -238,7 +238,7 @@ config X86_HT
+@@ -244,7 +244,7 @@ config X86_HT
  
  config X86_32_LAZY_GS
  	def_bool y
@@ -10588,7 +10226,7 @@ index 0694d09..58ea1a1 100644
  
  config ARCH_HWEIGHT_CFLAGS
  	string
-@@ -1031,6 +1031,7 @@ config MICROCODE_OLD_INTERFACE
+@@ -1077,6 +1077,7 @@ config MICROCODE_EARLY
  
  config X86_MSR
  	tristate "/dev/cpu/*/msr - Model-specific register support"
@@ -10596,7 +10234,7 @@ index 0694d09..58ea1a1 100644
  	---help---
  	  This device gives privileged processes access to the x86
  	  Model-Specific Registers (MSRs).  It is a character device with
-@@ -1054,7 +1055,7 @@ choice
+@@ -1100,7 +1101,7 @@ choice
  
  config NOHIGHMEM
  	bool "off"
@@ -10605,7 +10243,7 @@ index 0694d09..58ea1a1 100644
  	---help---
  	  Linux can use up to 64 Gigabytes of physical memory on x86 systems.
  	  However, the address space of 32-bit x86 processors is only 4
-@@ -1091,7 +1092,7 @@ config NOHIGHMEM
+@@ -1137,7 +1138,7 @@ config NOHIGHMEM
  
  config HIGHMEM4G
  	bool "4GB"
@@ -10614,7 +10252,7 @@ index 0694d09..58ea1a1 100644
  	---help---
  	  Select this if you have a 32-bit processor and between 1 and 4
  	  gigabytes of physical RAM.
-@@ -1145,7 +1146,7 @@ config PAGE_OFFSET
+@@ -1190,7 +1191,7 @@ config PAGE_OFFSET
  	hex
  	default 0xB0000000 if VMSPLIT_3G_OPT
  	default 0x80000000 if VMSPLIT_2G
@@ -10623,7 +10261,7 @@ index 0694d09..58ea1a1 100644
  	default 0x40000000 if VMSPLIT_1G
  	default 0xC0000000
  	depends on X86_32
-@@ -1542,6 +1543,7 @@ config SECCOMP
+@@ -1588,6 +1589,7 @@ config SECCOMP
  
  config CC_STACKPROTECTOR
  	bool "Enable -fstack-protector buffer overflow detection"
@@ -10631,7 +10269,7 @@ index 0694d09..58ea1a1 100644
  	---help---
  	  This option turns on the -fstack-protector GCC feature. This
  	  feature puts, at the beginning of functions, a canary value on
-@@ -1662,6 +1664,8 @@ config X86_NEED_RELOCS
+@@ -1707,6 +1709,8 @@ config X86_NEED_RELOCS
  config PHYSICAL_ALIGN
  	hex "Alignment value to which kernel should be aligned" if X86_32
  	default "0x1000000"
@@ -10640,7 +10278,7 @@ index 0694d09..58ea1a1 100644
  	range 0x2000 0x1000000
  	---help---
  	  This value puts the alignment restrictions on physical address
-@@ -1737,9 +1741,10 @@ config DEBUG_HOTPLUG_CPU0
+@@ -1782,9 +1786,10 @@ config DEBUG_HOTPLUG_CPU0
  	  If unsure, say N.
  
  config COMPAT_VDSO
@@ -10715,10 +10353,10 @@ index b322f12..652d0d9 100644
  	  Enabling this option turns a certain set of sanity checks for user
  	  copy operations into compile time failures.
 diff --git a/arch/x86/Makefile b/arch/x86/Makefile
-index e71fc42..7829607 100644
+index 5c47726..8c4fa67 100644
 --- a/arch/x86/Makefile
 +++ b/arch/x86/Makefile
-@@ -50,6 +50,7 @@ else
+@@ -54,6 +54,7 @@ else
          UTS_MACHINE := x86_64
          CHECKFLAGS += -D__x86_64__ -m64
  
@@ -10726,7 +10364,7 @@ index e71fc42..7829607 100644
          KBUILD_AFLAGS += -m64
          KBUILD_CFLAGS += -m64
  
-@@ -230,3 +231,12 @@ define archhelp
+@@ -234,3 +235,12 @@ define archhelp
    echo  '                  FDARGS="..."  arguments for the booted kernel'
    echo  '                  FDINITRD=file initrd for the booted kernel'
  endef
@@ -10776,7 +10414,7 @@ index 878e4b9..20537ab 100644
  
  #endif /* BOOT_BITOPS_H */
 diff --git a/arch/x86/boot/boot.h b/arch/x86/boot/boot.h
-index 18997e5..83d9c67 100644
+index 5b75319..331a4ca 100644
 --- a/arch/x86/boot/boot.h
 +++ b/arch/x86/boot/boot.h
 @@ -85,7 +85,7 @@ static inline void io_delay(void)
@@ -10812,7 +10450,7 @@ index 5ef205c..342191d 100644
  KBUILD_AFLAGS  := $(KBUILD_CFLAGS) -D__ASSEMBLY__
  GCOV_PROFILE := n
 diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
-index c205035..5853587 100644
+index 35ee62f..b6609b6 100644
 --- a/arch/x86/boot/compressed/eboot.c
 +++ b/arch/x86/boot/compressed/eboot.c
 @@ -150,7 +150,6 @@ again:
@@ -10864,10 +10502,10 @@ index 1e3184f..0d11e2e 100644
  	jmp	1b
  2:
 diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S
-index f5d1aaa..cce11dc 100644
+index c1d383d..57ab51c 100644
 --- a/arch/x86/boot/compressed/head_64.S
 +++ b/arch/x86/boot/compressed/head_64.S
-@@ -91,7 +91,7 @@ ENTRY(startup_32)
+@@ -97,7 +97,7 @@ ENTRY(startup_32)
  	notl	%eax
  	andl	%eax, %ebx
  #else
@@ -10876,7 +10514,7 @@ index f5d1aaa..cce11dc 100644
  #endif
  
  	/* Target address to relocate to for decompression */
-@@ -273,7 +273,7 @@ preferred_addr:
+@@ -272,7 +272,7 @@ preferred_addr:
  	notq	%rax
  	andq	%rax, %rbp
  #else
@@ -10885,8 +10523,19 @@ index f5d1aaa..cce11dc 100644
  #endif
  
  	/* Target address to relocate to for decompression */
+@@ -363,8 +363,8 @@ gdt:
+ 	.long	gdt
+ 	.word	0
+ 	.quad	0x0000000000000000	/* NULL descriptor */
+-	.quad	0x00af9a000000ffff	/* __KERNEL_CS */
+-	.quad	0x00cf92000000ffff	/* __KERNEL_DS */
++	.quad	0x00af9b000000ffff	/* __KERNEL_CS */
++	.quad	0x00cf93000000ffff	/* __KERNEL_DS */
+ 	.quad	0x0080890000000000	/* TS descriptor */
+ 	.quad   0x0000000000000000	/* TS continued */
+ gdt_end:
 diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c
-index 88f7ff6..ed695dd 100644
+index 7cb56c6..d382d84 100644
 --- a/arch/x86/boot/compressed/misc.c
 +++ b/arch/x86/boot/compressed/misc.c
 @@ -303,7 +303,7 @@ static void parse_elf(void *output)
@@ -10898,7 +10547,7 @@ index 88f7ff6..ed695dd 100644
  #else
  			dest = (void *)(phdr->p_paddr);
  #endif
-@@ -352,7 +352,7 @@ asmlinkage void decompress_kernel(void *rmode, memptr heap,
+@@ -354,7 +354,7 @@ asmlinkage void decompress_kernel(void *rmode, memptr heap,
  		error("Destination address too large");
  #endif
  #ifndef CONFIG_RELOCATABLE
@@ -11007,10 +10656,10 @@ index 4d3ff03..e4972ff 100644
  		err = check_flags();
  	}
 diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S
-index 944ce59..87ee37a 100644
+index 9ec06a1..2c25e79 100644
 --- a/arch/x86/boot/header.S
 +++ b/arch/x86/boot/header.S
-@@ -401,10 +401,14 @@ setup_data:		.quad 0			# 64-bit physical pointer to
+@@ -409,10 +409,14 @@ setup_data:		.quad 0			# 64-bit physical pointer to
  						# single linked list of
  						# struct setup_data
  
@@ -11065,7 +10714,7 @@ index 43eda28..5ab5fdb 100644
  	unsigned int v;
  
 diff --git a/arch/x86/crypto/aes-x86_64-asm_64.S b/arch/x86/crypto/aes-x86_64-asm_64.S
-index 5b577d5..3c1fed4 100644
+index 9105655..5e37f27 100644
 --- a/arch/x86/crypto/aes-x86_64-asm_64.S
 +++ b/arch/x86/crypto/aes-x86_64-asm_64.S
 @@ -8,6 +8,8 @@
@@ -11077,17 +10726,17 @@ index 5b577d5..3c1fed4 100644
  .extern crypto_ft_tab
  .extern crypto_it_tab
  .extern crypto_fl_tab
-@@ -71,6 +73,8 @@ FUNC:	movq	r1,r2;			\
+@@ -70,6 +72,8 @@
  	je	B192;			\
  	leaq	32(r9),r9;
  
 +#define ret	pax_force_retaddr 0, 1; ret
 +
- #define epilogue(r1,r2,r3,r4,r5,r6,r7,r8,r9) \
+ #define epilogue(FUNC,r1,r2,r3,r4,r5,r6,r7,r8,r9) \
  	movq	r1,r2;			\
  	movq	r3,r4;			\
 diff --git a/arch/x86/crypto/aesni-intel_asm.S b/arch/x86/crypto/aesni-intel_asm.S
-index 3470624..201259d 100644
+index 04b7977..402f223 100644
 --- a/arch/x86/crypto/aesni-intel_asm.S
 +++ b/arch/x86/crypto/aesni-intel_asm.S
 @@ -31,6 +31,7 @@
@@ -11098,427 +10747,408 @@ index 3470624..201259d 100644
  
  #ifdef __x86_64__
  .data
-@@ -1436,7 +1437,9 @@ _return_T_done_decrypt:
+@@ -1435,6 +1436,7 @@ _return_T_done_decrypt:
  	pop	%r14
  	pop	%r13
  	pop	%r12
 +	pax_force_retaddr 0, 1
  	ret
-+ENDPROC(aesni_gcm_dec)
- 
+ ENDPROC(aesni_gcm_dec)
  
- /*****************************************************************************
-@@ -1699,7 +1702,9 @@ _return_T_done_encrypt:
+@@ -1699,6 +1701,7 @@ _return_T_done_encrypt:
  	pop	%r14
  	pop	%r13
  	pop	%r12
 +	pax_force_retaddr 0, 1
  	ret
-+ENDPROC(aesni_gcm_enc)
- 
- #endif
+ ENDPROC(aesni_gcm_enc)
  
-@@ -1714,6 +1719,7 @@ _key_expansion_256a:
+@@ -1716,6 +1719,7 @@ _key_expansion_256a:
  	pxor %xmm1, %xmm0
  	movaps %xmm0, (TKEYP)
  	add $0x10, TKEYP
 +	pax_force_retaddr_bts
  	ret
- 
- .align 4
-@@ -1738,6 +1744,7 @@ _key_expansion_192a:
+ ENDPROC(_key_expansion_128)
+ ENDPROC(_key_expansion_256a)
+@@ -1742,6 +1746,7 @@ _key_expansion_192a:
  	shufps $0b01001110, %xmm2, %xmm1
  	movaps %xmm1, 0x10(TKEYP)
  	add $0x20, TKEYP
 +	pax_force_retaddr_bts
  	ret
+ ENDPROC(_key_expansion_192a)
  
- .align 4
-@@ -1757,6 +1764,7 @@ _key_expansion_192b:
+@@ -1762,6 +1767,7 @@ _key_expansion_192b:
  
  	movaps %xmm0, (TKEYP)
  	add $0x10, TKEYP
 +	pax_force_retaddr_bts
  	ret
+ ENDPROC(_key_expansion_192b)
  
- .align 4
-@@ -1769,6 +1777,7 @@ _key_expansion_256b:
+@@ -1775,6 +1781,7 @@ _key_expansion_256b:
  	pxor %xmm1, %xmm2
  	movaps %xmm2, (TKEYP)
  	add $0x10, TKEYP
 +	pax_force_retaddr_bts
  	ret
+ ENDPROC(_key_expansion_256b)
  
- /*
-@@ -1881,7 +1890,9 @@ ENTRY(aesni_set_key)
+@@ -1888,6 +1895,7 @@ ENTRY(aesni_set_key)
  #ifndef __x86_64__
  	popl KEYP
  #endif
 +	pax_force_retaddr 0, 1
  	ret
-+ENDPROC(aesni_set_key)
+ ENDPROC(aesni_set_key)
  
- /*
-  * void aesni_enc(struct crypto_aes_ctx *ctx, u8 *dst, const u8 *src)
-@@ -1902,7 +1913,9 @@ ENTRY(aesni_enc)
+@@ -1910,6 +1918,7 @@ ENTRY(aesni_enc)
  	popl KLEN
  	popl KEYP
  #endif
 +	pax_force_retaddr 0, 1
  	ret
-+ENDPROC(aesni_enc)
+ ENDPROC(aesni_enc)
  
- /*
-  * _aesni_enc1:		internal ABI
-@@ -1959,6 +1972,7 @@ _aesni_enc1:
+@@ -1968,6 +1977,7 @@ _aesni_enc1:
  	AESENC KEY STATE
  	movaps 0x70(TKEYP), KEY
  	AESENCLAST KEY STATE
 +	pax_force_retaddr_bts
  	ret
+ ENDPROC(_aesni_enc1)
  
- /*
-@@ -2067,6 +2081,7 @@ _aesni_enc4:
+@@ -2077,6 +2087,7 @@ _aesni_enc4:
  	AESENCLAST KEY STATE2
  	AESENCLAST KEY STATE3
  	AESENCLAST KEY STATE4
 +	pax_force_retaddr_bts
  	ret
+ ENDPROC(_aesni_enc4)
  
- /*
-@@ -2089,7 +2104,9 @@ ENTRY(aesni_dec)
+@@ -2100,6 +2111,7 @@ ENTRY(aesni_dec)
  	popl KLEN
  	popl KEYP
  #endif
 +	pax_force_retaddr 0, 1
  	ret
-+ENDPROC(aesni_dec)
+ ENDPROC(aesni_dec)
  
- /*
-  * _aesni_dec1:		internal ABI
-@@ -2146,6 +2163,7 @@ _aesni_dec1:
+@@ -2158,6 +2170,7 @@ _aesni_dec1:
  	AESDEC KEY STATE
  	movaps 0x70(TKEYP), KEY
  	AESDECLAST KEY STATE
 +	pax_force_retaddr_bts
  	ret
+ ENDPROC(_aesni_dec1)
  
- /*
-@@ -2254,6 +2272,7 @@ _aesni_dec4:
+@@ -2267,6 +2280,7 @@ _aesni_dec4:
  	AESDECLAST KEY STATE2
  	AESDECLAST KEY STATE3
  	AESDECLAST KEY STATE4
 +	pax_force_retaddr_bts
  	ret
+ ENDPROC(_aesni_dec4)
  
- /*
-@@ -2311,7 +2330,9 @@ ENTRY(aesni_ecb_enc)
+@@ -2325,6 +2339,7 @@ ENTRY(aesni_ecb_enc)
  	popl KEYP
  	popl LEN
  #endif
 +	pax_force_retaddr 0, 1
  	ret
-+ENDPROC(aesni_ecb_enc)
+ ENDPROC(aesni_ecb_enc)
  
- /*
-  * void aesni_ecb_dec(struct crypto_aes_ctx *ctx, const u8 *dst, u8 *src,
-@@ -2369,7 +2390,9 @@ ENTRY(aesni_ecb_dec)
+@@ -2384,6 +2399,7 @@ ENTRY(aesni_ecb_dec)
  	popl KEYP
  	popl LEN
  #endif
 +	pax_force_retaddr 0, 1
  	ret
-+ENDPROC(aesni_ecb_dec)
+ ENDPROC(aesni_ecb_dec)
  
- /*
-  * void aesni_cbc_enc(struct crypto_aes_ctx *ctx, const u8 *dst, u8 *src,
-@@ -2410,7 +2433,9 @@ ENTRY(aesni_cbc_enc)
+@@ -2426,6 +2442,7 @@ ENTRY(aesni_cbc_enc)
  	popl LEN
  	popl IVP
  #endif
 +	pax_force_retaddr 0, 1
  	ret
-+ENDPROC(aesni_cbc_enc)
+ ENDPROC(aesni_cbc_enc)
  
- /*
-  * void aesni_cbc_dec(struct crypto_aes_ctx *ctx, const u8 *dst, u8 *src,
-@@ -2500,7 +2525,9 @@ ENTRY(aesni_cbc_dec)
+@@ -2517,6 +2534,7 @@ ENTRY(aesni_cbc_dec)
  	popl LEN
  	popl IVP
  #endif
 +	pax_force_retaddr 0, 1
  	ret
-+ENDPROC(aesni_cbc_dec)
+ ENDPROC(aesni_cbc_dec)
  
- #ifdef __x86_64__
- .align 16
-@@ -2526,6 +2553,7 @@ _aesni_inc_init:
+@@ -2544,6 +2562,7 @@ _aesni_inc_init:
  	mov $1, TCTR_LOW
  	MOVQ_R64_XMM TCTR_LOW INC
  	MOVQ_R64_XMM CTR TCTR_LOW
 +	pax_force_retaddr_bts
  	ret
+ ENDPROC(_aesni_inc_init)
  
- /*
-@@ -2554,6 +2582,7 @@ _aesni_inc:
+@@ -2573,6 +2592,7 @@ _aesni_inc:
  .Linc_low:
  	movaps CTR, IV
  	PSHUFB_XMM BSWAP_MASK IV
 +	pax_force_retaddr_bts
  	ret
+ ENDPROC(_aesni_inc)
  
- /*
-@@ -2614,5 +2643,7 @@ ENTRY(aesni_ctr_enc)
+@@ -2634,6 +2654,7 @@ ENTRY(aesni_ctr_enc)
  .Lctr_enc_ret:
  	movups IV, (IVP)
  .Lctr_enc_just_ret:
 +	pax_force_retaddr 0, 1
  	ret
-+ENDPROC(aesni_ctr_enc)
+ ENDPROC(aesni_ctr_enc)
  #endif
 diff --git a/arch/x86/crypto/blowfish-x86_64-asm_64.S b/arch/x86/crypto/blowfish-x86_64-asm_64.S
-index 391d245..67f35c2 100644
+index 246c670..4d1ed00 100644
 --- a/arch/x86/crypto/blowfish-x86_64-asm_64.S
 +++ b/arch/x86/crypto/blowfish-x86_64-asm_64.S
-@@ -20,6 +20,8 @@
-  *
+@@ -21,6 +21,7 @@
   */
  
+ #include <linux/linkage.h>
 +#include <asm/alternative-asm.h>
-+
+ 
  .file "blowfish-x86_64-asm.S"
  .text
- 
-@@ -151,9 +153,11 @@ __blowfish_enc_blk:
- 	jnz __enc_xor;
+@@ -149,9 +150,11 @@ ENTRY(__blowfish_enc_blk)
+ 	jnz .L__enc_xor;
  
  	write_block();
 +	pax_force_retaddr 0, 1
  	ret;
- __enc_xor:
+ .L__enc_xor:
  	xor_block();
 +	pax_force_retaddr 0, 1
  	ret;
+ ENDPROC(__blowfish_enc_blk)
  
- .align 8
-@@ -188,6 +192,7 @@ blowfish_dec_blk:
+@@ -183,6 +186,7 @@ ENTRY(blowfish_dec_blk)
  
  	movq %r11, %rbp;
  
 +	pax_force_retaddr 0, 1
  	ret;
+ ENDPROC(blowfish_dec_blk)
  
- /**********************************************************************
-@@ -342,6 +347,7 @@ __blowfish_enc_blk_4way:
+@@ -334,6 +338,7 @@ ENTRY(__blowfish_enc_blk_4way)
  
  	popq %rbx;
  	popq %rbp;
 +	pax_force_retaddr 0, 1
  	ret;
  
- __enc_xor4:
-@@ -349,6 +355,7 @@ __enc_xor4:
+ .L__enc_xor4:
+@@ -341,6 +346,7 @@ ENTRY(__blowfish_enc_blk_4way)
  
  	popq %rbx;
  	popq %rbp;
 +	pax_force_retaddr 0, 1
  	ret;
+ ENDPROC(__blowfish_enc_blk_4way)
  
- .align 8
-@@ -386,5 +393,6 @@ blowfish_dec_blk_4way:
+@@ -375,5 +381,6 @@ ENTRY(blowfish_dec_blk_4way)
  	popq %rbx;
  	popq %rbp;
  
 +	pax_force_retaddr 0, 1
  	ret;
- 
+ ENDPROC(blowfish_dec_blk_4way)
 diff --git a/arch/x86/crypto/camellia-x86_64-asm_64.S b/arch/x86/crypto/camellia-x86_64-asm_64.S
-index 0b33743..7a56206 100644
+index 310319c..ce174a4 100644
 --- a/arch/x86/crypto/camellia-x86_64-asm_64.S
 +++ b/arch/x86/crypto/camellia-x86_64-asm_64.S
-@@ -20,6 +20,8 @@
-  *
+@@ -21,6 +21,7 @@
   */
  
+ #include <linux/linkage.h>
 +#include <asm/alternative-asm.h>
-+
+ 
  .file "camellia-x86_64-asm_64.S"
  .text
- 
-@@ -229,12 +231,14 @@ __enc_done:
+@@ -228,12 +229,14 @@ ENTRY(__camellia_enc_blk)
  	enc_outunpack(mov, RT1);
  
  	movq RRBP, %rbp;
 +	pax_force_retaddr 0, 1
  	ret;
  
- __enc_xor:
+ .L__enc_xor:
  	enc_outunpack(xor, RT1);
  
  	movq RRBP, %rbp;
 +	pax_force_retaddr 0, 1
  	ret;
+ ENDPROC(__camellia_enc_blk)
  
- .global camellia_dec_blk;
-@@ -275,6 +279,7 @@ __dec_rounds16:
+@@ -272,6 +275,7 @@ ENTRY(camellia_dec_blk)
  	dec_outunpack();
  
  	movq RRBP, %rbp;
 +	pax_force_retaddr 0, 1
  	ret;
+ ENDPROC(camellia_dec_blk)
  
- /**********************************************************************
-@@ -468,6 +473,7 @@ __enc2_done:
+@@ -463,6 +467,7 @@ ENTRY(__camellia_enc_blk_2way)
  
  	movq RRBP, %rbp;
  	popq %rbx;
 +	pax_force_retaddr 0, 1
  	ret;
  
- __enc2_xor:
-@@ -475,6 +481,7 @@ __enc2_xor:
+ .L__enc2_xor:
+@@ -470,6 +475,7 @@ ENTRY(__camellia_enc_blk_2way)
  
  	movq RRBP, %rbp;
  	popq %rbx;
 +	pax_force_retaddr 0, 1
  	ret;
+ ENDPROC(__camellia_enc_blk_2way)
  
- .global camellia_dec_blk_2way;
-@@ -517,4 +524,5 @@ __dec2_rounds16:
+@@ -510,5 +516,6 @@ ENTRY(camellia_dec_blk_2way)
  
  	movq RRBP, %rbp;
  	movq RXOR, %rbx;
 +	pax_force_retaddr 0, 1
  	ret;
+ ENDPROC(camellia_dec_blk_2way)
 diff --git a/arch/x86/crypto/cast5-avx-x86_64-asm_64.S b/arch/x86/crypto/cast5-avx-x86_64-asm_64.S
-index 15b00ac..2071784 100644
+index c35fd5d..c1ee236 100644
 --- a/arch/x86/crypto/cast5-avx-x86_64-asm_64.S
 +++ b/arch/x86/crypto/cast5-avx-x86_64-asm_64.S
-@@ -23,6 +23,8 @@
-  *
+@@ -24,6 +24,7 @@
   */
  
+ #include <linux/linkage.h>
 +#include <asm/alternative-asm.h>
-+
+ 
  .file "cast5-avx-x86_64-asm_64.S"
  
- .extern cast_s1
-@@ -281,6 +283,7 @@ __skip_enc:
+@@ -281,6 +282,7 @@ __cast5_enc_blk16:
  	outunpack_blocks(RR3, RL3, RTMP, RX, RKM);
  	outunpack_blocks(RR4, RL4, RTMP, RX, RKM);
  
 +	pax_force_retaddr 0, 1
  	ret;
+ ENDPROC(__cast5_enc_blk16)
  
- .align 16
-@@ -353,6 +356,7 @@ __dec_tail:
+@@ -352,6 +354,7 @@ __cast5_dec_blk16:
  	outunpack_blocks(RR3, RL3, RTMP, RX, RKM);
  	outunpack_blocks(RR4, RL4, RTMP, RX, RKM);
  
 +	pax_force_retaddr 0, 1
  	ret;
  
- __skip_dec:
-@@ -392,6 +396,7 @@ cast5_ecb_enc_16way:
+ .L__skip_dec:
+@@ -388,6 +391,7 @@ ENTRY(cast5_ecb_enc_16way)
  	vmovdqu RR4, (6*4*4)(%r11);
  	vmovdqu RL4, (7*4*4)(%r11);
  
 +	pax_force_retaddr
  	ret;
+ ENDPROC(cast5_ecb_enc_16way)
  
- .align 16
-@@ -427,6 +432,7 @@ cast5_ecb_dec_16way:
+@@ -420,6 +424,7 @@ ENTRY(cast5_ecb_dec_16way)
  	vmovdqu RR4, (6*4*4)(%r11);
  	vmovdqu RL4, (7*4*4)(%r11);
  
 +	pax_force_retaddr
  	ret;
+ ENDPROC(cast5_ecb_dec_16way)
  
- .align 16
-@@ -479,6 +485,7 @@ cast5_cbc_dec_16way:
+@@ -469,6 +474,7 @@ ENTRY(cast5_cbc_dec_16way)
  
  	popq %r12;
  
 +	pax_force_retaddr
  	ret;
+ ENDPROC(cast5_cbc_dec_16way)
  
- .align 16
-@@ -555,4 +562,5 @@ cast5_ctr_16way:
+@@ -542,5 +548,6 @@ ENTRY(cast5_ctr_16way)
  
  	popq %r12;
  
 +	pax_force_retaddr
  	ret;
+ ENDPROC(cast5_ctr_16way)
 diff --git a/arch/x86/crypto/cast6-avx-x86_64-asm_64.S b/arch/x86/crypto/cast6-avx-x86_64-asm_64.S
-index 2569d0d..637c289 100644
+index f93b610..c09bf40 100644
 --- a/arch/x86/crypto/cast6-avx-x86_64-asm_64.S
 +++ b/arch/x86/crypto/cast6-avx-x86_64-asm_64.S
-@@ -23,6 +23,8 @@
-  *
+@@ -24,6 +24,7 @@
   */
  
+ #include <linux/linkage.h>
 +#include <asm/alternative-asm.h>
-+
  #include "glue_helper-asm-avx.S"
  
  .file "cast6-avx-x86_64-asm_64.S"
-@@ -294,6 +296,7 @@ __cast6_enc_blk8:
+@@ -293,6 +294,7 @@ __cast6_enc_blk8:
  	outunpack_blocks(RA1, RB1, RC1, RD1, RTMP, RX, RKRF, RKM);
  	outunpack_blocks(RA2, RB2, RC2, RD2, RTMP, RX, RKRF, RKM);
  
 +	pax_force_retaddr 0, 1
  	ret;
+ ENDPROC(__cast6_enc_blk8)
  
- .align 8
-@@ -340,6 +343,7 @@ __cast6_dec_blk8:
+@@ -338,6 +340,7 @@ __cast6_dec_blk8:
  	outunpack_blocks(RA1, RB1, RC1, RD1, RTMP, RX, RKRF, RKM);
  	outunpack_blocks(RA2, RB2, RC2, RD2, RTMP, RX, RKRF, RKM);
  
 +	pax_force_retaddr 0, 1
  	ret;
+ ENDPROC(__cast6_dec_blk8)
  
- .align 8
-@@ -361,6 +365,7 @@ cast6_ecb_enc_8way:
+@@ -356,6 +359,7 @@ ENTRY(cast6_ecb_enc_8way)
  
  	store_8way(%r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
  
 +	pax_force_retaddr
  	ret;
+ ENDPROC(cast6_ecb_enc_8way)
  
- .align 8
-@@ -382,6 +387,7 @@ cast6_ecb_dec_8way:
+@@ -374,6 +378,7 @@ ENTRY(cast6_ecb_dec_8way)
  
  	store_8way(%r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
  
 +	pax_force_retaddr
  	ret;
+ ENDPROC(cast6_ecb_dec_8way)
  
- .align 8
-@@ -408,6 +414,7 @@ cast6_cbc_dec_8way:
+@@ -397,6 +402,7 @@ ENTRY(cast6_cbc_dec_8way)
  
  	popq %r12;
  
 +	pax_force_retaddr
  	ret;
+ ENDPROC(cast6_cbc_dec_8way)
  
- .align 8
-@@ -436,4 +443,5 @@ cast6_ctr_8way:
+@@ -422,5 +428,6 @@ ENTRY(cast6_ctr_8way)
  
  	popq %r12;
  
 +	pax_force_retaddr
  	ret;
+ ENDPROC(cast6_ctr_8way)
 diff --git a/arch/x86/crypto/salsa20-x86_64-asm_64.S b/arch/x86/crypto/salsa20-x86_64-asm_64.S
-index 6214a9b..1f4fc9a 100644
+index 9279e0b..9270820 100644
 --- a/arch/x86/crypto/salsa20-x86_64-asm_64.S
 +++ b/arch/x86/crypto/salsa20-x86_64-asm_64.S
-@@ -1,3 +1,5 @@
+@@ -1,4 +1,5 @@
+ #include <linux/linkage.h>
 +#include <asm/alternative-asm.h>
-+
- # enter ECRYPT_encrypt_bytes
- .text
- .p2align 5
-@@ -790,6 +792,7 @@ ECRYPT_encrypt_bytes:
+ 
+ # enter salsa20_encrypt_bytes
+ ENTRY(salsa20_encrypt_bytes)
+@@ -789,6 +790,7 @@ ENTRY(salsa20_encrypt_bytes)
  	add	%r11,%rsp
  	mov	%rdi,%rax
  	mov	%rsi,%rdx
@@ -11526,257 +11156,257 @@ index 6214a9b..1f4fc9a 100644
  	ret
  #   bytesatleast65:
  ._bytesatleast65:
-@@ -891,6 +894,7 @@ ECRYPT_keysetup:
+@@ -889,6 +891,7 @@ ENTRY(salsa20_keysetup)
  	add	%r11,%rsp
  	mov	%rdi,%rax
  	mov	%rsi,%rdx
 +	pax_force_retaddr
  	ret
- # enter ECRYPT_ivsetup
- .text
-@@ -917,4 +921,5 @@ ECRYPT_ivsetup:
+ ENDPROC(salsa20_keysetup)
+ 
+@@ -914,5 +917,6 @@ ENTRY(salsa20_ivsetup)
  	add	%r11,%rsp
  	mov	%rdi,%rax
  	mov	%rsi,%rdx
 +	pax_force_retaddr
  	ret
+ ENDPROC(salsa20_ivsetup)
 diff --git a/arch/x86/crypto/serpent-avx-x86_64-asm_64.S b/arch/x86/crypto/serpent-avx-x86_64-asm_64.S
-index 02b0e9f..cf4cf5c 100644
+index 43c9386..a0e2d60 100644
 --- a/arch/x86/crypto/serpent-avx-x86_64-asm_64.S
 +++ b/arch/x86/crypto/serpent-avx-x86_64-asm_64.S
-@@ -24,6 +24,8 @@
-  *
+@@ -25,6 +25,7 @@
   */
  
+ #include <linux/linkage.h>
 +#include <asm/alternative-asm.h>
-+
  #include "glue_helper-asm-avx.S"
  
  .file "serpent-avx-x86_64-asm_64.S"
-@@ -618,6 +620,7 @@ __serpent_enc_blk8_avx:
+@@ -617,6 +618,7 @@ __serpent_enc_blk8_avx:
  	write_blocks(RA1, RB1, RC1, RD1, RK0, RK1, RK2);
  	write_blocks(RA2, RB2, RC2, RD2, RK0, RK1, RK2);
  
 +	pax_force_retaddr
  	ret;
+ ENDPROC(__serpent_enc_blk8_avx)
  
- .align 8
-@@ -673,6 +676,7 @@ __serpent_dec_blk8_avx:
+@@ -671,6 +673,7 @@ __serpent_dec_blk8_avx:
  	write_blocks(RC1, RD1, RB1, RE1, RK0, RK1, RK2);
  	write_blocks(RC2, RD2, RB2, RE2, RK0, RK1, RK2);
  
 +	pax_force_retaddr
  	ret;
+ ENDPROC(__serpent_dec_blk8_avx)
  
- .align 8
-@@ -692,6 +696,7 @@ serpent_ecb_enc_8way_avx:
+@@ -687,6 +690,7 @@ ENTRY(serpent_ecb_enc_8way_avx)
  
  	store_8way(%rsi, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
  
 +	pax_force_retaddr
  	ret;
+ ENDPROC(serpent_ecb_enc_8way_avx)
  
- .align 8
-@@ -711,6 +716,7 @@ serpent_ecb_dec_8way_avx:
+@@ -703,6 +707,7 @@ ENTRY(serpent_ecb_dec_8way_avx)
  
  	store_8way(%rsi, RC1, RD1, RB1, RE1, RC2, RD2, RB2, RE2);
  
 +	pax_force_retaddr
  	ret;
+ ENDPROC(serpent_ecb_dec_8way_avx)
  
- .align 8
-@@ -730,6 +736,7 @@ serpent_cbc_dec_8way_avx:
+@@ -719,6 +724,7 @@ ENTRY(serpent_cbc_dec_8way_avx)
  
  	store_cbc_8way(%rdx, %rsi, RC1, RD1, RB1, RE1, RC2, RD2, RB2, RE2);
  
 +	pax_force_retaddr
  	ret;
+ ENDPROC(serpent_cbc_dec_8way_avx)
  
- .align 8
-@@ -751,4 +758,5 @@ serpent_ctr_8way_avx:
+@@ -737,5 +743,6 @@ ENTRY(serpent_ctr_8way_avx)
  
  	store_ctr_8way(%rdx, %rsi, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
  
 +	pax_force_retaddr
  	ret;
+ ENDPROC(serpent_ctr_8way_avx)
 diff --git a/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S b/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S
-index 3ee1ff0..cbc568b 100644
+index acc066c..1559cc4 100644
 --- a/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S
 +++ b/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S
-@@ -24,6 +24,8 @@
-  *
+@@ -25,6 +25,7 @@
   */
  
+ #include <linux/linkage.h>
 +#include <asm/alternative-asm.h>
-+
+ 
  .file "serpent-sse2-x86_64-asm_64.S"
  .text
- 
-@@ -692,12 +694,14 @@ __serpent_enc_blk_8way:
+@@ -690,12 +691,14 @@ ENTRY(__serpent_enc_blk_8way)
  	write_blocks(%rsi, RA1, RB1, RC1, RD1, RK0, RK1, RK2);
  	write_blocks(%rax, RA2, RB2, RC2, RD2, RK0, RK1, RK2);
  
 +	pax_force_retaddr
  	ret;
  
- __enc_xor8:
+ .L__enc_xor8:
  	xor_blocks(%rsi, RA1, RB1, RC1, RD1, RK0, RK1, RK2);
  	xor_blocks(%rax, RA2, RB2, RC2, RD2, RK0, RK1, RK2);
  
 +	pax_force_retaddr
  	ret;
+ ENDPROC(__serpent_enc_blk_8way)
  
- .align 8
-@@ -755,4 +759,5 @@ serpent_dec_blk_8way:
+@@ -750,5 +753,6 @@ ENTRY(serpent_dec_blk_8way)
  	write_blocks(%rsi, RC1, RD1, RB1, RE1, RK0, RK1, RK2);
  	write_blocks(%rax, RC2, RD2, RB2, RE2, RK0, RK1, RK2);
  
 +	pax_force_retaddr
  	ret;
+ ENDPROC(serpent_dec_blk_8way)
 diff --git a/arch/x86/crypto/sha1_ssse3_asm.S b/arch/x86/crypto/sha1_ssse3_asm.S
-index 49d6987..df66bd4 100644
+index a410950..3356d42 100644
 --- a/arch/x86/crypto/sha1_ssse3_asm.S
 +++ b/arch/x86/crypto/sha1_ssse3_asm.S
-@@ -28,6 +28,8 @@
-  * (at your option) any later version.
+@@ -29,6 +29,7 @@
   */
  
+ #include <linux/linkage.h>
 +#include <asm/alternative-asm.h>
-+
+ 
  #define CTX	%rdi	// arg1
  #define BUF	%rsi	// arg2
- #define CNT	%rdx	// arg3
-@@ -104,6 +106,7 @@
+@@ -104,6 +105,7 @@
  	pop	%r12
  	pop	%rbp
  	pop	%rbx
 +	pax_force_retaddr 0, 1
  	ret
  
- 	.size	\name, .-\name
+ 	ENDPROC(\name)
 diff --git a/arch/x86/crypto/twofish-avx-x86_64-asm_64.S b/arch/x86/crypto/twofish-avx-x86_64-asm_64.S
-index ebac16b..8092eb9 100644
+index 8d3e113..898b161 100644
 --- a/arch/x86/crypto/twofish-avx-x86_64-asm_64.S
 +++ b/arch/x86/crypto/twofish-avx-x86_64-asm_64.S
-@@ -23,6 +23,8 @@
-  *
+@@ -24,6 +24,7 @@
   */
  
+ #include <linux/linkage.h>
 +#include <asm/alternative-asm.h>
-+
  #include "glue_helper-asm-avx.S"
  
  .file "twofish-avx-x86_64-asm_64.S"
-@@ -283,6 +285,7 @@ __twofish_enc_blk8:
+@@ -282,6 +283,7 @@ __twofish_enc_blk8:
  	outunpack_blocks(RC1, RD1, RA1, RB1, RK1, RX0, RY0, RK2);
  	outunpack_blocks(RC2, RD2, RA2, RB2, RK1, RX0, RY0, RK2);
  
 +	pax_force_retaddr 0, 1
  	ret;
+ ENDPROC(__twofish_enc_blk8)
  
- .align 8
-@@ -324,6 +327,7 @@ __twofish_dec_blk8:
+@@ -322,6 +324,7 @@ __twofish_dec_blk8:
  	outunpack_blocks(RA1, RB1, RC1, RD1, RK1, RX0, RY0, RK2);
  	outunpack_blocks(RA2, RB2, RC2, RD2, RK1, RX0, RY0, RK2);
  
 +	pax_force_retaddr 0, 1
  	ret;
+ ENDPROC(__twofish_dec_blk8)
  
- .align 8
-@@ -345,6 +349,7 @@ twofish_ecb_enc_8way:
+@@ -340,6 +343,7 @@ ENTRY(twofish_ecb_enc_8way)
  
  	store_8way(%r11, RC1, RD1, RA1, RB1, RC2, RD2, RA2, RB2);
  
 +	pax_force_retaddr 0, 1
  	ret;
+ ENDPROC(twofish_ecb_enc_8way)
  
- .align 8
-@@ -366,6 +371,7 @@ twofish_ecb_dec_8way:
+@@ -358,6 +362,7 @@ ENTRY(twofish_ecb_dec_8way)
  
  	store_8way(%r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
  
 +	pax_force_retaddr 0, 1
  	ret;
+ ENDPROC(twofish_ecb_dec_8way)
  
- .align 8
-@@ -392,6 +398,7 @@ twofish_cbc_dec_8way:
+@@ -381,6 +386,7 @@ ENTRY(twofish_cbc_dec_8way)
  
  	popq %r12;
  
 +	pax_force_retaddr 0, 1
  	ret;
+ ENDPROC(twofish_cbc_dec_8way)
  
- .align 8
-@@ -420,4 +427,5 @@ twofish_ctr_8way:
+@@ -406,5 +412,6 @@ ENTRY(twofish_ctr_8way)
  
  	popq %r12;
  
 +	pax_force_retaddr 0, 1
  	ret;
+ ENDPROC(twofish_ctr_8way)
 diff --git a/arch/x86/crypto/twofish-x86_64-asm_64-3way.S b/arch/x86/crypto/twofish-x86_64-asm_64-3way.S
-index 5b012a2..36d5364 100644
+index 1c3b7ce..b365c5e 100644
 --- a/arch/x86/crypto/twofish-x86_64-asm_64-3way.S
 +++ b/arch/x86/crypto/twofish-x86_64-asm_64-3way.S
-@@ -20,6 +20,8 @@
-  *
+@@ -21,6 +21,7 @@
   */
  
+ #include <linux/linkage.h>
 +#include <asm/alternative-asm.h>
-+
+ 
  .file "twofish-x86_64-asm-3way.S"
  .text
- 
-@@ -260,6 +262,7 @@ __twofish_enc_blk_3way:
+@@ -258,6 +259,7 @@ ENTRY(__twofish_enc_blk_3way)
  	popq %r13;
  	popq %r14;
  	popq %r15;
 +	pax_force_retaddr 0, 1
  	ret;
  
- __enc_xor3:
-@@ -271,6 +274,7 @@ __enc_xor3:
+ .L__enc_xor3:
+@@ -269,6 +271,7 @@ ENTRY(__twofish_enc_blk_3way)
  	popq %r13;
  	popq %r14;
  	popq %r15;
 +	pax_force_retaddr 0, 1
  	ret;
+ ENDPROC(__twofish_enc_blk_3way)
  
- .global twofish_dec_blk_3way
-@@ -312,5 +316,6 @@ twofish_dec_blk_3way:
+@@ -308,5 +311,6 @@ ENTRY(twofish_dec_blk_3way)
  	popq %r13;
  	popq %r14;
  	popq %r15;
 +	pax_force_retaddr 0, 1
  	ret;
- 
+ ENDPROC(twofish_dec_blk_3way)
 diff --git a/arch/x86/crypto/twofish-x86_64-asm_64.S b/arch/x86/crypto/twofish-x86_64-asm_64.S
-index 7bcf3fc..f53832f 100644
+index a039d21..29e7615 100644
 --- a/arch/x86/crypto/twofish-x86_64-asm_64.S
 +++ b/arch/x86/crypto/twofish-x86_64-asm_64.S
-@@ -21,6 +21,7 @@
- .text
+@@ -22,6 +22,7 @@
  
+ #include <linux/linkage.h>
  #include <asm/asm-offsets.h>
 +#include <asm/alternative-asm.h>
  
  #define a_offset	0
  #define b_offset	4
-@@ -268,6 +269,7 @@ twofish_enc_blk:
+@@ -265,6 +266,7 @@ ENTRY(twofish_enc_blk)
  
  	popq	R1
  	movq	$1,%rax
 +	pax_force_retaddr 0, 1
  	ret
+ ENDPROC(twofish_enc_blk)
  
- twofish_dec_blk:
-@@ -319,4 +321,5 @@ twofish_dec_blk:
+@@ -317,5 +319,6 @@ ENTRY(twofish_dec_blk)
  
  	popq	R1
  	movq	$1,%rax
 +	pax_force_retaddr 0, 1
  	ret
+ ENDPROC(twofish_dec_blk)
 diff --git a/arch/x86/ia32/ia32_aout.c b/arch/x86/ia32/ia32_aout.c
-index a703af1..f5b9c36 100644
+index 03abf9b..a42ba29 100644
 --- a/arch/x86/ia32/ia32_aout.c
 +++ b/arch/x86/ia32/ia32_aout.c
 @@ -159,6 +159,8 @@ static int aout_core_dump(long signr, struct pt_regs *regs, struct file *file,
@@ -11789,10 +11419,10 @@ index a703af1..f5b9c36 100644
  	set_fs(KERNEL_DS);
  	has_dumped = 1;
 diff --git a/arch/x86/ia32/ia32_signal.c b/arch/x86/ia32/ia32_signal.c
-index a1daf4a..f8c4537 100644
+index cf1a471..3bc4cf8 100644
 --- a/arch/x86/ia32/ia32_signal.c
 +++ b/arch/x86/ia32/ia32_signal.c
-@@ -348,7 +348,7 @@ static void __user *get_sigframe(struct k_sigaction *ka, struct pt_regs *regs,
+@@ -340,7 +340,7 @@ static void __user *get_sigframe(struct ksignal *ksig, struct pt_regs *regs,
  	sp -= frame_size;
  	/* Align the stack pointer according to the i386 ABI,
  	 * i.e. so that on function entry ((sp + 4) & 15) == 0. */
@@ -11801,7 +11431,7 @@ index a1daf4a..f8c4537 100644
  	return (void __user *) sp;
  }
  
-@@ -406,7 +406,7 @@ int ia32_setup_frame(int sig, struct k_sigaction *ka,
+@@ -398,7 +398,7 @@ int ia32_setup_frame(int sig, struct ksignal *ksig,
  		 * These are actually not used anymore, but left because some
  		 * gdb versions depend on them as a marker.
  		 */
@@ -11810,7 +11440,7 @@ index a1daf4a..f8c4537 100644
  	} put_user_catch(err);
  
  	if (err)
-@@ -448,7 +448,7 @@ int ia32_setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info,
+@@ -440,7 +440,7 @@ int ia32_setup_rt_frame(int sig, struct ksignal *ksig,
  		0xb8,
  		__NR_ia32_rt_sigreturn,
  		0x80cd,
@@ -11818,11 +11448,11 @@ index a1daf4a..f8c4537 100644
 +		0
  	};
  
- 	frame = get_sigframe(ka, regs, sizeof(*frame), &fpstate);
-@@ -471,16 +471,18 @@ int ia32_setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info,
+ 	frame = get_sigframe(ksig, regs, sizeof(*frame), &fpstate);
+@@ -463,16 +463,18 @@ int ia32_setup_rt_frame(int sig, struct ksignal *ksig,
  
- 		if (ka->sa.sa_flags & SA_RESTORER)
- 			restorer = ka->sa.sa_restorer;
+ 		if (ksig->ka.sa.sa_flags & SA_RESTORER)
+ 			restorer = ksig->ka.sa.sa_restorer;
 +		else if (current->mm->context.vdso)
 +			/* Return stub is in 32bit vsyscall page */
 +			restorer = VDSO32_SYMBOL(current->mm->context.vdso, rt_sigreturn);
@@ -11840,9 +11470,9 @@ index a1daf4a..f8c4537 100644
 +		put_user_ex(*((const u64 *)&code), (u64 __user *)frame->retcode);
  	} put_user_catch(err);
  
- 	err |= copy_siginfo_to_user32(&frame->info, info);
+ 	err |= copy_siginfo_to_user32(&frame->info, &ksig->info);
 diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S
-index 142c4ce..19b683f 100644
+index 474dc1b..be7bff5 100644
 --- a/arch/x86/ia32/ia32entry.S
 +++ b/arch/x86/ia32/ia32entry.S
 @@ -15,8 +15,10 @@
@@ -11936,7 +11566,7 @@ index 142c4ce..19b683f 100644
   	   32bit zero extended */ 
 +
 +#ifdef CONFIG_PAX_MEMORY_UDEREF
-+	mov $PAX_USER_SHADOW_BASE,%r11
++	mov pax_user_shadow_base,%r11
 +	add %r11,%rbp
 +#endif
 +
@@ -12056,7 +11686,7 @@ index 142c4ce..19b683f 100644
  	/* hardware stack frame is complete now */	
 +
 +#ifdef CONFIG_PAX_MEMORY_UDEREF
-+	mov $PAX_USER_SHADOW_BASE,%r11
++	mov pax_user_shadow_base,%r11
 +	add %r11,%r8
 +#endif
 +
@@ -12154,7 +11784,7 @@ index 142c4ce..19b683f 100644
  END(ia32_syscall)
  
 diff --git a/arch/x86/ia32/sys_ia32.c b/arch/x86/ia32/sys_ia32.c
-index d0b689b..6811ddc 100644
+index ad7a20c..1ffa3c1 100644
 --- a/arch/x86/ia32/sys_ia32.c
 +++ b/arch/x86/ia32/sys_ia32.c
 @@ -69,8 +69,8 @@ asmlinkage long sys32_ftruncate64(unsigned int fd, unsigned long offset_low,
@@ -12168,41 +11798,7 @@ index d0b689b..6811ddc 100644
  	SET_UID(uid, from_kuid_munged(current_user_ns(), stat->uid));
  	SET_GID(gid, from_kgid_munged(current_user_ns(), stat->gid));
  	if (!access_ok(VERIFY_WRITE, ubuf, sizeof(struct stat64)) ||
-@@ -303,7 +303,7 @@ asmlinkage long sys32_sched_rr_get_interval(compat_pid_t pid,
- 	mm_segment_t old_fs = get_fs();
- 
- 	set_fs(KERNEL_DS);
--	ret = sys_sched_rr_get_interval(pid, (struct timespec __user *)&t);
-+	ret = sys_sched_rr_get_interval(pid, (struct timespec __force_user *)&t);
- 	set_fs(old_fs);
- 	if (put_compat_timespec(&t, interval))
- 		return -EFAULT;
-@@ -313,13 +313,13 @@ asmlinkage long sys32_sched_rr_get_interval(compat_pid_t pid,
- asmlinkage long sys32_rt_sigpending(compat_sigset_t __user *set,
- 				    compat_size_t sigsetsize)
- {
--	sigset_t s;
-+	sigset_t s = { };
- 	compat_sigset_t s32;
- 	int ret;
- 	mm_segment_t old_fs = get_fs();
- 
- 	set_fs(KERNEL_DS);
--	ret = sys_rt_sigpending((sigset_t __user *)&s, sigsetsize);
-+	ret = sys_rt_sigpending((sigset_t __force_user *)&s, sigsetsize);
- 	set_fs(old_fs);
- 	if (!ret) {
- 		switch (_NSIG_WORDS) {
-@@ -344,7 +344,7 @@ asmlinkage long sys32_rt_sigqueueinfo(int pid, int sig,
- 	if (copy_siginfo_from_user32(&info, uinfo))
- 		return -EFAULT;
- 	set_fs(KERNEL_DS);
--	ret = sys_rt_sigqueueinfo(pid, sig, (siginfo_t __user *)&info);
-+	ret = sys_rt_sigqueueinfo(pid, sig, (siginfo_t __force_user *)&info);
- 	set_fs(old_fs);
- 	return ret;
- }
-@@ -376,7 +376,7 @@ asmlinkage long sys32_sendfile(int out_fd, int in_fd,
+@@ -205,7 +205,7 @@ asmlinkage long sys32_sendfile(int out_fd, int in_fd,
  		return -EFAULT;
  
  	set_fs(KERNEL_DS);
@@ -13423,10 +13019,10 @@ index 59c6c40..5e0b22c 100644
  struct compat_timespec {
  	compat_time_t	tv_sec;
 diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h
-index 2d9075e..b75a844 100644
+index 93fe929..90858b7 100644
 --- a/arch/x86/include/asm/cpufeature.h
 +++ b/arch/x86/include/asm/cpufeature.h
-@@ -206,7 +206,7 @@
+@@ -207,7 +207,7 @@
  #define X86_FEATURE_BMI1	(9*32+ 3) /* 1st group bit manipulation extensions */
  #define X86_FEATURE_HLE		(9*32+ 4) /* Hardware Lock Elision */
  #define X86_FEATURE_AVX2	(9*32+ 5) /* AVX2 instructions */
@@ -13435,7 +13031,7 @@ index 2d9075e..b75a844 100644
  #define X86_FEATURE_BMI2	(9*32+ 8) /* 2nd group bit manipulation extensions */
  #define X86_FEATURE_ERMS	(9*32+ 9) /* Enhanced REP MOVSB/STOSB */
  #define X86_FEATURE_INVPCID	(9*32+10) /* Invalidate Processor Context ID */
-@@ -375,7 +375,7 @@ static __always_inline __pure bool __static_cpu_has(u16 bit)
+@@ -377,7 +377,7 @@ static __always_inline __pure bool __static_cpu_has(u16 bit)
  			     ".section .discard,\"aw\",@progbits\n"
  			     " .byte 0xff + (4f-3f) - (2b-1b)\n" /* size check */
  			     ".previous\n"
@@ -13758,10 +13354,10 @@ index 75ce3f4..882e801 100644
  
  #endif /* _ASM_X86_EMERGENCY_RESTART_H */
 diff --git a/arch/x86/include/asm/fpu-internal.h b/arch/x86/include/asm/fpu-internal.h
-index 41ab26e..a88c9e6 100644
+index e25cc33..425d099 100644
 --- a/arch/x86/include/asm/fpu-internal.h
 +++ b/arch/x86/include/asm/fpu-internal.h
-@@ -126,7 +126,9 @@ static inline void sanitize_i387_state(struct task_struct *tsk)
+@@ -127,7 +127,9 @@ static inline void sanitize_i387_state(struct task_struct *tsk)
  ({									\
  	int err;							\
  	asm volatile(ASM_STAC "\n"					\
@@ -13772,7 +13368,7 @@ index 41ab26e..a88c9e6 100644
  		     "2: " ASM_CLAC "\n"				\
  		     ".section .fixup,\"ax\"\n"				\
  		     "3:  movl $-1,%[err]\n"				\
-@@ -299,7 +301,7 @@ static inline int restore_fpu_checking(struct task_struct *tsk)
+@@ -300,7 +302,7 @@ static inline int restore_fpu_checking(struct task_struct *tsk)
  		"emms\n\t"		/* clear stack tags */
  		"fildl %P[addr]",	/* set F?P to defined value */
  		X86_FEATURE_FXSAVE_LEAK,
@@ -13852,10 +13448,10 @@ index be27ba1..8f13ff9 100644
  		     : "memory"
  	);
 diff --git a/arch/x86/include/asm/hw_irq.h b/arch/x86/include/asm/hw_irq.h
-index eb92a6e..b98b2f4 100644
+index 10a78c3..cc77143 100644
 --- a/arch/x86/include/asm/hw_irq.h
 +++ b/arch/x86/include/asm/hw_irq.h
-@@ -136,8 +136,8 @@ extern void setup_ioapic_dest(void);
+@@ -147,8 +147,8 @@ extern void setup_ioapic_dest(void);
  extern void enable_IO_APIC(void);
  
  /* Statistics */
@@ -13944,7 +13540,7 @@ index bba3cf8..06bc8da 100644
  #define INTERRUPT_RETURN		iret
  #define ENABLE_INTERRUPTS_SYSEXIT	sti; sysexit
 diff --git a/arch/x86/include/asm/kprobes.h b/arch/x86/include/asm/kprobes.h
-index d3ddd17..c9fb0cc 100644
+index 5a6d287..f815789 100644
 --- a/arch/x86/include/asm/kprobes.h
 +++ b/arch/x86/include/asm/kprobes.h
 @@ -38,13 +38,8 @@ typedef u8 kprobe_opcode_t;
@@ -14422,19 +14018,19 @@ index c0fa356..07a498a 100644
  
  void unregister_nmi_handler(unsigned int, const char *);
  
-diff --git a/arch/x86/include/asm/page_64_types.h b/arch/x86/include/asm/page_64_types.h
-index 320f7bb..e89f8f8 100644
---- a/arch/x86/include/asm/page_64_types.h
-+++ b/arch/x86/include/asm/page_64_types.h
-@@ -56,7 +56,7 @@ void copy_page(void *to, void *from);
+diff --git a/arch/x86/include/asm/page_64.h b/arch/x86/include/asm/page_64.h
+index 0f1ddee..e56bec9 100644
+--- a/arch/x86/include/asm/page_64.h
++++ b/arch/x86/include/asm/page_64.h
+@@ -7,7 +7,7 @@
  
  /* duplicated to the one in bootmem.h */
  extern unsigned long max_pfn;
 -extern unsigned long phys_base;
 +extern const unsigned long phys_base;
  
- extern unsigned long __phys_addr(unsigned long);
- #define __phys_reloc_hide(x)	(x)
+ static inline unsigned long __phys_addr_nodebug(unsigned long x)
+ {
 diff --git a/arch/x86/include/asm/paravirt.h b/arch/x86/include/asm/paravirt.h
 index 7361e47..16dc226 100644
 --- a/arch/x86/include/asm/paravirt.h
@@ -14680,7 +14276,7 @@ index 4cc9f2b..5fd9226 100644
  
  /*
 diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h
-index 1c1a955..50f828c 100644
+index 1e67223..9183226 100644
 --- a/arch/x86/include/asm/pgtable.h
 +++ b/arch/x86/include/asm/pgtable.h
 @@ -44,6 +44,7 @@ extern struct mm_struct *pgd_page_get_mm(struct page *page);
@@ -14788,9 +14384,9 @@ index 1c1a955..50f828c 100644
 +#endif
 +
  #include <linux/mm_types.h>
+ #include <linux/log2.h>
  
- static inline int pte_none(pte_t pte)
-@@ -583,7 +652,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address)
+@@ -584,7 +653,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address)
  
  static inline int pgd_bad(pgd_t pgd)
  {
@@ -14799,7 +14395,7 @@ index 1c1a955..50f828c 100644
  }
  
  static inline int pgd_none(pgd_t pgd)
-@@ -606,7 +675,12 @@ static inline int pgd_none(pgd_t pgd)
+@@ -607,7 +676,12 @@ static inline int pgd_none(pgd_t pgd)
   * pgd_offset() returns a (pgd_t *)
   * pgd_index() is used get the offset into the pgd page's array of pgd_t's;
   */
@@ -14813,7 +14409,7 @@ index 1c1a955..50f828c 100644
  /*
   * a shortcut which implies the use of the kernel's pgd, instead
   * of a process's
-@@ -617,6 +691,20 @@ static inline int pgd_none(pgd_t pgd)
+@@ -618,6 +692,22 @@ static inline int pgd_none(pgd_t pgd)
  #define KERNEL_PGD_BOUNDARY	pgd_index(PAGE_OFFSET)
  #define KERNEL_PGD_PTRS		(PTRS_PER_PGD - KERNEL_PGD_BOUNDARY)
  
@@ -14824,9 +14420,11 @@ index 1c1a955..50f828c 100644
 +#define USER_PGD_PTRS		(_AC(1,UL) << (TASK_SIZE_MAX_SHIFT - PGDIR_SHIFT))
 +
 +#ifdef CONFIG_PAX_MEMORY_UDEREF
-+#define PAX_USER_SHADOW_BASE	(_AC(1,UL) << TASK_SIZE_MAX_SHIFT)
++#ifdef __ASSEMBLY__
++#define pax_user_shadow_base	pax_user_shadow_base(%rip)
 +#else
-+#define PAX_USER_SHADOW_BASE	(_AC(0,UL))
++extern unsigned long pax_user_shadow_base;
++#endif
 +#endif
 +
 +#endif
@@ -14834,7 +14432,7 @@ index 1c1a955..50f828c 100644
  #ifndef __ASSEMBLY__
  
  extern int direct_gbpages;
-@@ -781,11 +869,23 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm,
+@@ -784,11 +874,24 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm,
   * dst and src can be on the same page, but the range must not overlap,
   * and must not cross a page boundary.
   */
@@ -14857,11 +14455,12 @@ index 1c1a955..50f828c 100644
 +#else
 +static inline void __shadow_user_pgds(pgd_t *dst, const pgd_t *src) {}
 +#endif
- 
- #include <asm-generic/pgtable.h>
- #endif	/* __ASSEMBLY__ */
++
+ #define PTE_SHIFT ilog2(PTRS_PER_PTE)
+ static inline int page_level_shift(enum pg_level level)
+ {
 diff --git a/arch/x86/include/asm/pgtable_32.h b/arch/x86/include/asm/pgtable_32.h
-index 8faa215..a8a17ea 100644
+index 9ee3221..b979c6b 100644
 --- a/arch/x86/include/asm/pgtable_32.h
 +++ b/arch/x86/include/asm/pgtable_32.h
 @@ -25,9 +25,6 @@
@@ -14887,7 +14486,7 @@ index 8faa215..a8a17ea 100644
  #if defined(CONFIG_HIGHPTE)
  #define pte_offset_map(dir, address)					\
  	((pte_t *)kmap_atomic(pmd_page(*(dir))) +		\
-@@ -62,7 +65,9 @@ extern void set_pmd_pfn(unsigned long, unsigned long, pgprot_t);
+@@ -62,12 +65,17 @@ extern void set_pmd_pfn(unsigned long, unsigned long, pgprot_t);
  /* Clear a kernel PTE and flush it from the TLB */
  #define kpte_clear_flush(ptep, vaddr)		\
  do {						\
@@ -14897,8 +14496,6 @@ index 8faa215..a8a17ea 100644
  	__flush_tlb_one((vaddr));		\
  } while (0)
  
-@@ -75,6 +80,9 @@ do {						\
- 
  #endif /* !__ASSEMBLY__ */
  
 +#define HAVE_ARCH_UNMAPPED_AREA
@@ -14941,7 +14538,7 @@ index ed5903b..c7fe163 100644
  #define MODULES_END	VMALLOC_END
  #define MODULES_LEN	(MODULES_VADDR - MODULES_END)
 diff --git a/arch/x86/include/asm/pgtable_64.h b/arch/x86/include/asm/pgtable_64.h
-index 47356f9..deb94a2 100644
+index e22c1db..23a625a 100644
 --- a/arch/x86/include/asm/pgtable_64.h
 +++ b/arch/x86/include/asm/pgtable_64.h
 @@ -16,10 +16,14 @@
@@ -14996,10 +14593,10 @@ index 47356f9..deb94a2 100644
  }
  
 diff --git a/arch/x86/include/asm/pgtable_64_types.h b/arch/x86/include/asm/pgtable_64_types.h
-index 766ea16..5b96cb3 100644
+index 2d88344..4679fc3 100644
 --- a/arch/x86/include/asm/pgtable_64_types.h
 +++ b/arch/x86/include/asm/pgtable_64_types.h
-@@ -59,5 +59,10 @@ typedef struct { pteval_t pte; } pte_t;
+@@ -61,6 +61,11 @@ typedef struct { pteval_t pte; } pte_t;
  #define MODULES_VADDR    _AC(0xffffffffa0000000, UL)
  #define MODULES_END      _AC(0xffffffffff000000, UL)
  #define MODULES_LEN   (MODULES_END - MODULES_VADDR)
@@ -15009,9 +14606,10 @@ index 766ea16..5b96cb3 100644
 +#define ktla_ktva(addr)		(addr)
 +#define ktva_ktla(addr)		(addr)
  
- #endif /* _ASM_X86_PGTABLE_64_DEFS_H */
+ #define EARLY_DYNAMIC_PAGE_TABLES	64
+ 
 diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h
-index 3c32db8..1ddccf5 100644
+index 567b5d0..bd91d64 100644
 --- a/arch/x86/include/asm/pgtable_types.h
 +++ b/arch/x86/include/asm/pgtable_types.h
 @@ -16,13 +16,12 @@
@@ -15126,10 +14724,10 @@ index 3c32db8..1ddccf5 100644
  #define pgprot_writecombine	pgprot_writecombine
  extern pgprot_t pgprot_writecombine(pgprot_t prot);
 diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
-index 888184b..a07ac89 100644
+index 3270116..8d99d82 100644
 --- a/arch/x86/include/asm/processor.h
 +++ b/arch/x86/include/asm/processor.h
-@@ -287,7 +287,7 @@ struct tss_struct {
+@@ -285,7 +285,7 @@ struct tss_struct {
  
  } ____cacheline_aligned;
  
@@ -15138,7 +14736,7 @@ index 888184b..a07ac89 100644
  
  /*
   * Save the original ist values for checking stack pointers during debugging
-@@ -827,11 +827,18 @@ static inline void spin_lock_prefetch(const void *x)
+@@ -826,11 +826,18 @@ static inline void spin_lock_prefetch(const void *x)
   */
  #define TASK_SIZE		PAGE_OFFSET
  #define TASK_SIZE_MAX		TASK_SIZE
@@ -15159,7 +14757,7 @@ index 888184b..a07ac89 100644
  	.vm86_info		= NULL,					  \
  	.sysenter_cs		= __KERNEL_CS,				  \
  	.io_bitmap_ptr		= NULL,					  \
-@@ -845,7 +852,7 @@ static inline void spin_lock_prefetch(const void *x)
+@@ -844,7 +851,7 @@ static inline void spin_lock_prefetch(const void *x)
   */
  #define INIT_TSS  {							  \
  	.x86_tss = {							  \
@@ -15168,7 +14766,7 @@ index 888184b..a07ac89 100644
  		.ss0		= __KERNEL_DS,				  \
  		.ss1		= __KERNEL_CS,				  \
  		.io_bitmap_base	= INVALID_IO_BITMAP_OFFSET,		  \
-@@ -856,11 +863,7 @@ static inline void spin_lock_prefetch(const void *x)
+@@ -855,11 +862,7 @@ static inline void spin_lock_prefetch(const void *x)
  extern unsigned long thread_saved_pc(struct task_struct *tsk);
  
  #define THREAD_SIZE_LONGS      (THREAD_SIZE/sizeof(unsigned long))
@@ -15181,7 +14779,7 @@ index 888184b..a07ac89 100644
  
  /*
   * The below -8 is to reserve 8 bytes on top of the ring0 stack.
-@@ -875,7 +878,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
+@@ -874,7 +877,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
  #define task_pt_regs(task)                                             \
  ({                                                                     \
         struct pt_regs *__regs__;                                       \
@@ -15190,7 +14788,7 @@ index 888184b..a07ac89 100644
         __regs__ - 1;                                                   \
  })
  
-@@ -885,13 +888,13 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
+@@ -884,13 +887,13 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
  /*
   * User space process size. 47bits minus one guard page.
   */
@@ -15206,7 +14804,7 @@ index 888184b..a07ac89 100644
  
  #define TASK_SIZE		(test_thread_flag(TIF_ADDR32) ? \
  					IA32_PAGE_OFFSET : TASK_SIZE_MAX)
-@@ -902,11 +905,11 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
+@@ -901,11 +904,11 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
  #define STACK_TOP_MAX		TASK_SIZE_MAX
  
  #define INIT_THREAD  { \
@@ -15220,7 +14818,7 @@ index 888184b..a07ac89 100644
  }
  
  /*
-@@ -934,6 +937,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip,
+@@ -933,6 +936,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip,
   */
  #define TASK_UNMAPPED_BASE	(PAGE_ALIGN(TASK_SIZE / 3))
  
@@ -15231,7 +14829,7 @@ index 888184b..a07ac89 100644
  #define KSTK_EIP(task)		(task_pt_regs(task)->ip)
  
  /* Get/set a process' ability to use the timestamp counter instruction */
-@@ -994,12 +1001,12 @@ extern bool cpu_has_amd_erratum(const int *);
+@@ -993,7 +1000,7 @@ extern bool cpu_has_amd_erratum(const int *);
  #define cpu_has_amd_erratum(x)	(false)
  #endif /* CONFIG_CPU_SUP_AMD */
  
@@ -15240,7 +14838,9 @@ index 888184b..a07ac89 100644
  extern void free_init_pages(char *what, unsigned long begin, unsigned long end);
  
  void default_idle(void);
- bool set_pm_idle_to_default(void);
+@@ -1003,6 +1010,6 @@ bool xen_set_default_idle(void);
+ #define xen_set_default_idle 0
+ #endif
  
 -void stop_this_cpu(void *dummy);
 +void stop_this_cpu(void *dummy) __noreturn;
@@ -15321,7 +14921,7 @@ index 942a086..6c26446 100644
  	return *(unsigned long *)((unsigned long)regs + offset);
  }
 diff --git a/arch/x86/include/asm/realmode.h b/arch/x86/include/asm/realmode.h
-index fe1ec5b..dc5c3fe 100644
+index 9c6b890..5305f53 100644
 --- a/arch/x86/include/asm/realmode.h
 +++ b/arch/x86/include/asm/realmode.h
 @@ -22,16 +22,14 @@ struct real_mode_header {
@@ -15767,7 +15367,7 @@ index 4ec45b3..a4f0a8a 100644
  	       __switch_canary_iparam					  \
  	     : "memory", "cc" __EXTRA_CLOBBER)
 diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h
-index 2d946e6..e453ec4 100644
+index 2cd056e..0224df8 100644
 --- a/arch/x86/include/asm/thread_info.h
 +++ b/arch/x86/include/asm/thread_info.h
 @@ -10,6 +10,7 @@
@@ -15778,7 +15378,7 @@ index 2d946e6..e453ec4 100644
  
  /*
   * low level task data that entry.S needs immediate access to
-@@ -24,7 +25,6 @@ struct exec_domain;
+@@ -23,7 +24,6 @@ struct exec_domain;
  #include <linux/atomic.h>
  
  struct thread_info {
@@ -15786,7 +15386,7 @@ index 2d946e6..e453ec4 100644
  	struct exec_domain	*exec_domain;	/* execution domain */
  	__u32			flags;		/* low level flags */
  	__u32			status;		/* thread synchronous flags */
-@@ -34,19 +34,13 @@ struct thread_info {
+@@ -33,19 +33,13 @@ struct thread_info {
  	mm_segment_t		addr_limit;
  	struct restart_block    restart_block;
  	void __user		*sysenter_return;
@@ -15808,7 +15408,7 @@ index 2d946e6..e453ec4 100644
  	.exec_domain	= &default_exec_domain,	\
  	.flags		= 0,			\
  	.cpu		= 0,			\
-@@ -57,7 +51,7 @@ struct thread_info {
+@@ -56,7 +50,7 @@ struct thread_info {
  	},					\
  }
  
@@ -15817,7 +15417,7 @@ index 2d946e6..e453ec4 100644
  #define init_stack		(init_thread_union.stack)
  
  #else /* !__ASSEMBLY__ */
-@@ -98,6 +92,7 @@ struct thread_info {
+@@ -97,6 +91,7 @@ struct thread_info {
  #define TIF_SYSCALL_TRACEPOINT	28	/* syscall tracepoint instrumentation */
  #define TIF_ADDR32		29	/* 32-bit address space on 64 bits */
  #define TIF_X32			30	/* 32-bit native x86-64 binary */
@@ -15825,7 +15425,7 @@ index 2d946e6..e453ec4 100644
  
  #define _TIF_SYSCALL_TRACE	(1 << TIF_SYSCALL_TRACE)
  #define _TIF_NOTIFY_RESUME	(1 << TIF_NOTIFY_RESUME)
-@@ -122,17 +117,18 @@ struct thread_info {
+@@ -121,17 +116,18 @@ struct thread_info {
  #define _TIF_SYSCALL_TRACEPOINT	(1 << TIF_SYSCALL_TRACEPOINT)
  #define _TIF_ADDR32		(1 << TIF_ADDR32)
  #define _TIF_X32		(1 << TIF_X32)
@@ -15846,7 +15446,7 @@ index 2d946e6..e453ec4 100644
  
  /* work to do on interrupt/exception return */
  #define _TIF_WORK_MASK							\
-@@ -143,7 +139,7 @@ struct thread_info {
+@@ -142,7 +138,7 @@ struct thread_info {
  /* work to do on any return to user space */
  #define _TIF_ALLWORK_MASK						\
  	((0x0000FFFF & ~_TIF_SECCOMP) | _TIF_SYSCALL_TRACEPOINT |	\
@@ -15855,7 +15455,7 @@ index 2d946e6..e453ec4 100644
  
  /* Only used for 64 bit */
  #define _TIF_DO_NOTIFY_MASK						\
-@@ -159,45 +155,40 @@ struct thread_info {
+@@ -158,45 +154,40 @@ struct thread_info {
  
  #define PREEMPT_ACTIVE		0x10000000
  
@@ -15926,7 +15526,7 @@ index 2d946e6..e453ec4 100644
  /*
   * macros/functions for gaining access to the thread information structure
   * preempt_count needs to be 1 initially, until the scheduler is functional.
-@@ -205,27 +196,8 @@ static inline struct thread_info *current_thread_info(void)
+@@ -204,27 +195,8 @@ static inline struct thread_info *current_thread_info(void)
  #ifndef __ASSEMBLY__
  DECLARE_PER_CPU(unsigned long, kernel_stack);
  
@@ -15956,7 +15556,7 @@ index 2d946e6..e453ec4 100644
  #endif
  
  #endif /* !X86_32 */
-@@ -286,5 +258,12 @@ static inline bool is_ia32_task(void)
+@@ -285,5 +257,12 @@ static inline bool is_ia32_task(void)
  extern void arch_task_cache_init(void);
  extern int arch_dup_task_struct(struct task_struct *dst, struct task_struct *src);
  extern void arch_release_task_struct(struct task_struct *tsk);
@@ -15970,7 +15570,7 @@ index 2d946e6..e453ec4 100644
  #endif
  #endif /* _ASM_X86_THREAD_INFO_H */
 diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h
-index 1709801..0a60f2f 100644
+index 5ee2687..70d5895 100644
 --- a/arch/x86/include/asm/uaccess.h
 +++ b/arch/x86/include/asm/uaccess.h
 @@ -7,6 +7,7 @@
@@ -16030,7 +15630,7 @@ index 1709801..0a60f2f 100644
  
  /*
   * The exception table consists of pairs of addresses relative to the
-@@ -189,13 +220,21 @@ extern int __get_user_bad(void);
+@@ -176,13 +207,21 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL))
  	asm volatile("call __put_user_" #size : "=a" (__ret_pu)	\
  		     : "0" ((typeof(*(ptr)))(x)), "c" (ptr) : "ebx")
  
@@ -16055,7 +15655,7 @@ index 1709801..0a60f2f 100644
  		     "3: " ASM_CLAC "\n"				\
  		     ".section .fixup,\"ax\"\n"				\
  		     "4:	movl %3,%0\n"				\
-@@ -208,8 +247,8 @@ extern int __get_user_bad(void);
+@@ -195,8 +234,8 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL))
  
  #define __put_user_asm_ex_u64(x, addr)					\
  	asm volatile(ASM_STAC "\n"					\
@@ -16066,7 +15666,7 @@ index 1709801..0a60f2f 100644
  		     "3: " ASM_CLAC "\n"				\
  		     _ASM_EXTABLE_EX(1b, 2b)				\
  		     _ASM_EXTABLE_EX(2b, 3b)				\
-@@ -259,7 +298,7 @@ extern void __put_user_8(void);
+@@ -246,7 +285,7 @@ extern void __put_user_8(void);
  	__typeof__(*(ptr)) __pu_val;				\
  	__chk_user_ptr(ptr);					\
  	might_fault();						\
@@ -16075,7 +15675,7 @@ index 1709801..0a60f2f 100644
  	switch (sizeof(*(ptr))) {				\
  	case 1:							\
  		__put_user_x(1, __pu_val, ptr, __ret_pu);	\
-@@ -358,7 +397,7 @@ do {									\
+@@ -345,7 +384,7 @@ do {									\
  
  #define __get_user_asm(x, addr, err, itype, rtype, ltype, errret)	\
  	asm volatile(ASM_STAC "\n"					\
@@ -16084,7 +15684,7 @@ index 1709801..0a60f2f 100644
  		     "2: " ASM_CLAC "\n"				\
  		     ".section .fixup,\"ax\"\n"				\
  		     "3:	mov %3,%0\n"				\
-@@ -366,7 +405,7 @@ do {									\
+@@ -353,7 +392,7 @@ do {									\
  		     "	jmp 2b\n"					\
  		     ".previous\n"					\
  		     _ASM_EXTABLE(1b, 3b)				\
@@ -16093,7 +15693,7 @@ index 1709801..0a60f2f 100644
  		     : "m" (__m(addr)), "i" (errret), "0" (err))
  
  #define __get_user_size_ex(x, ptr, size)				\
-@@ -391,7 +430,7 @@ do {									\
+@@ -378,7 +417,7 @@ do {									\
  } while (0)
  
  #define __get_user_asm_ex(x, addr, itype, rtype, ltype)			\
@@ -16102,7 +15702,7 @@ index 1709801..0a60f2f 100644
  		     "2:\n"						\
  		     _ASM_EXTABLE_EX(1b, 2b)				\
  		     : ltype(x) : "m" (__m(addr)))
-@@ -408,13 +447,24 @@ do {									\
+@@ -395,13 +434,24 @@ do {									\
  	int __gu_err;							\
  	unsigned long __gu_val;						\
  	__get_user_size(__gu_val, (ptr), (size), __gu_err, -EFAULT);	\
@@ -16118,9 +15718,9 @@ index 1709801..0a60f2f 100644
 +#define ____m(x)					\
 +({							\
 +	unsigned long ____x = (unsigned long)(x);	\
-+	if (____x < PAX_USER_SHADOW_BASE)		\
-+		____x += PAX_USER_SHADOW_BASE;		\
-+	(void __user *)____x;				\
++	if (____x < pax_user_shadow_base)		\
++		____x += pax_user_shadow_base;		\
++	(typeof(x))____x;				\
 +})
 +#else
 +#define ____m(x) (x)
@@ -16129,7 +15729,7 @@ index 1709801..0a60f2f 100644
  
  /*
   * Tell gcc we read from memory instead of writing: this is because
-@@ -423,7 +473,7 @@ struct __large_struct { unsigned long buf[100]; };
+@@ -410,7 +460,7 @@ struct __large_struct { unsigned long buf[100]; };
   */
  #define __put_user_asm(x, addr, err, itype, rtype, ltype, errret)	\
  	asm volatile(ASM_STAC "\n"					\
@@ -16138,7 +15738,7 @@ index 1709801..0a60f2f 100644
  		     "2: " ASM_CLAC "\n"				\
  		     ".section .fixup,\"ax\"\n"				\
  		     "3:	mov %3,%0\n"				\
-@@ -431,10 +481,10 @@ struct __large_struct { unsigned long buf[100]; };
+@@ -418,10 +468,10 @@ struct __large_struct { unsigned long buf[100]; };
  		     ".previous\n"					\
  		     _ASM_EXTABLE(1b, 3b)				\
  		     : "=r"(err)					\
@@ -16151,7 +15751,7 @@ index 1709801..0a60f2f 100644
  		     "2:\n"						\
  		     _ASM_EXTABLE_EX(1b, 2b)				\
  		     : : ltype(x), "m" (__m(addr)))
-@@ -473,8 +523,12 @@ struct __large_struct { unsigned long buf[100]; };
+@@ -460,8 +510,12 @@ struct __large_struct { unsigned long buf[100]; };
   * On error, the variable @x is set to zero.
   */
  
@@ -16164,7 +15764,7 @@ index 1709801..0a60f2f 100644
  
  /**
   * __put_user: - Write a simple value into user space, with less checking.
-@@ -496,8 +550,12 @@ struct __large_struct { unsigned long buf[100]; };
+@@ -483,8 +537,12 @@ struct __large_struct { unsigned long buf[100]; };
   * Returns zero on success, or -EFAULT on error.
   */
  
@@ -16177,7 +15777,7 @@ index 1709801..0a60f2f 100644
  
  #define __get_user_unaligned __get_user
  #define __put_user_unaligned __put_user
-@@ -515,7 +573,7 @@ struct __large_struct { unsigned long buf[100]; };
+@@ -502,7 +560,7 @@ struct __large_struct { unsigned long buf[100]; };
  #define get_user_ex(x, ptr)	do {					\
  	unsigned long __gue_val;					\
  	__get_user_size_ex((__gue_val), (ptr), (sizeof(*(ptr))));	\
@@ -16186,7 +15786,7 @@ index 1709801..0a60f2f 100644
  } while (0)
  
  #define put_user_try		uaccess_try
-@@ -532,8 +590,8 @@ strncpy_from_user(char *dst, const char __user *src, long count);
+@@ -519,8 +577,8 @@ strncpy_from_user(char *dst, const char __user *src, long count);
  extern __must_check long strlen_user(const char __user *str);
  extern __must_check long strnlen_user(const char __user *str, long n);
  
@@ -16783,10 +16383,10 @@ index 5b238981..77fdd78 100644
  
  #define WORD_AT_A_TIME_CONSTANTS { REPEAT_BYTE(0x01), REPEAT_BYTE(0x80) }
 diff --git a/arch/x86/include/asm/x86_init.h b/arch/x86/include/asm/x86_init.h
-index 5769349..a3d3e2a 100644
+index d8d9922..bf6cecb 100644
 --- a/arch/x86/include/asm/x86_init.h
 +++ b/arch/x86/include/asm/x86_init.h
-@@ -141,7 +141,7 @@ struct x86_init_ops {
+@@ -129,7 +129,7 @@ struct x86_init_ops {
  	struct x86_init_timers		timers;
  	struct x86_init_iommu		iommu;
  	struct x86_init_pci		pci;
@@ -16795,7 +16395,7 @@ index 5769349..a3d3e2a 100644
  
  /**
   * struct x86_cpuinit_ops - platform specific cpu hotplug setups
-@@ -152,7 +152,7 @@ struct x86_cpuinit_ops {
+@@ -140,7 +140,7 @@ struct x86_cpuinit_ops {
  	void (*setup_percpu_clockev)(void);
  	void (*early_percpu_clock_init)(void);
  	void (*fixup_cpu_id)(struct cpuinfo_x86 *c, int node);
@@ -16804,7 +16404,7 @@ index 5769349..a3d3e2a 100644
  
  /**
   * struct x86_platform_ops - platform specific runtime functions
-@@ -178,7 +178,7 @@ struct x86_platform_ops {
+@@ -166,7 +166,7 @@ struct x86_platform_ops {
  	void (*save_sched_clock_state)(void);
  	void (*restore_sched_clock_state)(void);
  	void (*apic_post_init)(void);
@@ -16812,19 +16412,20 @@ index 5769349..a3d3e2a 100644
 +} __no_const;
  
  struct pci_dev;
- 
-@@ -187,14 +187,14 @@ struct x86_msi_ops {
- 	void (*teardown_msi_irq)(unsigned int irq);
+ struct msi_msg;
+@@ -180,7 +180,7 @@ struct x86_msi_ops {
  	void (*teardown_msi_irqs)(struct pci_dev *dev);
  	void (*restore_msi_irqs)(struct pci_dev *dev, int irq);
+ 	int  (*setup_hpet_msi)(unsigned int irq, unsigned int id);
 -};
 +} __no_const;
  
- struct x86_io_apic_ops {
- 	void		(*init)  (void);
- 	unsigned int	(*read)  (unsigned int apic, unsigned int reg);
- 	void		(*write) (unsigned int apic, unsigned int reg, unsigned int value);
- 	void		(*modify)(unsigned int apic, unsigned int reg, unsigned int value);
+ struct IO_APIC_route_entry;
+ struct io_apic_irq_attr;
+@@ -201,7 +201,7 @@ struct x86_io_apic_ops {
+ 				       unsigned int destination, int vector,
+ 				       struct io_apic_irq_attr *attr);
+ 	void		(*eoi_ioapic_pin)(int apic, int pin, int vector);
 -};
 +} __no_const;
  
@@ -16876,7 +16477,7 @@ index bbae024..e1528f9 100644
  
  #define BIOS_ROM_BASE		0xffe00000
 diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
-index 34e923a..0c6bb6e 100644
+index 7bd3bd3..5dac791 100644
 --- a/arch/x86/kernel/Makefile
 +++ b/arch/x86/kernel/Makefile
 @@ -22,7 +22,7 @@ obj-y			+= time.o ioport.o ldt.o dumpstack.o nmi.o
@@ -16889,10 +16490,10 @@ index 34e923a..0c6bb6e 100644
  obj-y			+= syscall_$(BITS).o
  obj-$(CONFIG_X86_64)	+= vsyscall_64.o
 diff --git a/arch/x86/kernel/acpi/boot.c b/arch/x86/kernel/acpi/boot.c
-index bacf4b0..4ede72e 100644
+index 230c8ea..f915130 100644
 --- a/arch/x86/kernel/acpi/boot.c
 +++ b/arch/x86/kernel/acpi/boot.c
-@@ -1358,7 +1358,7 @@ static int __init dmi_ignore_irq0_timer_override(const struct dmi_system_id *d)
+@@ -1361,7 +1361,7 @@ static int __init dmi_ignore_irq0_timer_override(const struct dmi_system_id *d)
   * If your system is blacklisted here, but you find that acpi=force
   * works for you, please contact linux-acpi@vger.kernel.org
   */
@@ -16901,7 +16502,7 @@ index bacf4b0..4ede72e 100644
  	/*
  	 * Boxes that need ACPI disabled
  	 */
-@@ -1433,7 +1433,7 @@ static struct dmi_system_id __initdata acpi_dmi_table[] = {
+@@ -1436,7 +1436,7 @@ static struct dmi_system_id __initdata acpi_dmi_table[] = {
  };
  
  /* second table for DMI checks that should run after early-quirks */
@@ -16911,7 +16512,7 @@ index bacf4b0..4ede72e 100644
  	 * HP laptops which use a DSDT reporting as HP/SB400/10000,
  	 * which includes some code which overrides all temperature
 diff --git a/arch/x86/kernel/acpi/sleep.c b/arch/x86/kernel/acpi/sleep.c
-index d5e0d71..6533e08 100644
+index 0532f5d..36afc0a 100644
 --- a/arch/x86/kernel/acpi/sleep.c
 +++ b/arch/x86/kernel/acpi/sleep.c
 @@ -74,8 +74,12 @@ int acpi_suspend_lowlevel(void)
@@ -17085,7 +16686,7 @@ index ef5ccca..bd83949 100644
  }
  
 diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c
-index cbf5121..812b537 100644
+index 904611b..004dde6 100644
 --- a/arch/x86/kernel/apic/apic.c
 +++ b/arch/x86/kernel/apic/apic.c
 @@ -189,7 +189,7 @@ int first_system_vector = 0xfe;
@@ -17097,7 +16698,7 @@ index cbf5121..812b537 100644
  
  int pic_mode;
  
-@@ -1956,7 +1956,7 @@ void smp_error_interrupt(struct pt_regs *regs)
+@@ -1955,7 +1955,7 @@ void smp_error_interrupt(struct pt_regs *regs)
  	apic_write(APIC_ESR, 0);
  	v1 = apic_read(APIC_ESR);
  	ack_APIC_irq();
@@ -17178,10 +16779,10 @@ index 0874799..a7a7892 100644
  	.name				= "es7000",
  	.probe				= probe_es7000,
 diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c
-index b739d39..aebc14c 100644
+index 9ed796c..e930fe4 100644
 --- a/arch/x86/kernel/apic/io_apic.c
 +++ b/arch/x86/kernel/apic/io_apic.c
-@@ -1084,7 +1084,7 @@ int IO_APIC_get_PCI_irq_vector(int bus, int slot, int pin,
+@@ -1060,7 +1060,7 @@ int IO_APIC_get_PCI_irq_vector(int bus, int slot, int pin,
  }
  EXPORT_SYMBOL(IO_APIC_get_PCI_irq_vector);
  
@@ -17190,7 +16791,7 @@ index b739d39..aebc14c 100644
  {
  	/* Used to the online set of cpus does not change
  	 * during assign_irq_vector.
-@@ -1092,7 +1092,7 @@ void lock_vector_lock(void)
+@@ -1068,7 +1068,7 @@ void lock_vector_lock(void)
  	raw_spin_lock(&vector_lock);
  }
  
@@ -17199,7 +16800,7 @@ index b739d39..aebc14c 100644
  {
  	raw_spin_unlock(&vector_lock);
  }
-@@ -2399,7 +2399,7 @@ static void ack_apic_edge(struct irq_data *data)
+@@ -2362,7 +2362,7 @@ static void ack_apic_edge(struct irq_data *data)
  	ack_APIC_irq();
  }
  
@@ -17208,7 +16809,7 @@ index b739d39..aebc14c 100644
  
  #ifdef CONFIG_GENERIC_PENDING_IRQ
  static bool io_apic_level_ack_pending(struct irq_cfg *cfg)
-@@ -2540,7 +2540,7 @@ static void ack_apic_level(struct irq_data *data)
+@@ -2503,7 +2503,7 @@ static void ack_apic_level(struct irq_data *data)
  	 * at the cpu.
  	 */
  	if (!(v & (1 << (i & 0x1f)))) {
@@ -17217,24 +16818,6 @@ index b739d39..aebc14c 100644
  
  		eoi_ioapic_irq(irq, cfg);
  	}
-@@ -2567,11 +2567,13 @@ static void ir_print_prefix(struct irq_data *data, struct seq_file *p)
- 
- static void irq_remap_modify_chip_defaults(struct irq_chip *chip)
- {
--	chip->irq_print_chip = ir_print_prefix;
--	chip->irq_ack = ir_ack_apic_edge;
--	chip->irq_eoi = ir_ack_apic_level;
-+	pax_open_kernel();
-+	*(void **)&chip->irq_print_chip = ir_print_prefix;
-+	*(void **)&chip->irq_ack = ir_ack_apic_edge;
-+	*(void **)&chip->irq_eoi = ir_ack_apic_level;
- 
--	chip->irq_set_affinity = set_remapped_irq_affinity;
-+	*(void **)&chip->irq_set_affinity = set_remapped_irq_affinity;
-+	pax_close_kernel();
- }
- #endif /* CONFIG_IRQ_REMAP */
- 
 diff --git a/arch/x86/kernel/apic/numaq_32.c b/arch/x86/kernel/apic/numaq_32.c
 index d661ee9..791fd33 100644
 --- a/arch/x86/kernel/apic/numaq_32.c
@@ -17311,10 +16894,10 @@ index 562a76d..a003c0f 100644
  	.name				= "physical x2apic",
  	.probe				= x2apic_phys_probe,
 diff --git a/arch/x86/kernel/apic/x2apic_uv_x.c b/arch/x86/kernel/apic/x2apic_uv_x.c
-index 8cfade9..b9d04fc 100644
+index 794f6eb..67e1db2 100644
 --- a/arch/x86/kernel/apic/x2apic_uv_x.c
 +++ b/arch/x86/kernel/apic/x2apic_uv_x.c
-@@ -333,7 +333,7 @@ static int uv_probe(void)
+@@ -342,7 +342,7 @@ static int uv_probe(void)
  	return apic == &apic_x2apic_uv_x;
  }
  
@@ -17324,10 +16907,10 @@ index 8cfade9..b9d04fc 100644
  	.name				= "UV large system",
  	.probe				= uv_probe,
 diff --git a/arch/x86/kernel/apm_32.c b/arch/x86/kernel/apm_32.c
-index d65464e..1035d31 100644
+index 66b5faf..3442423 100644
 --- a/arch/x86/kernel/apm_32.c
 +++ b/arch/x86/kernel/apm_32.c
-@@ -412,7 +412,7 @@ static DEFINE_MUTEX(apm_mutex);
+@@ -434,7 +434,7 @@ static DEFINE_MUTEX(apm_mutex);
   * This is for buggy BIOS's that refer to (real mode) segment 0x40
   * even though they are called in protected mode.
   */
@@ -17336,7 +16919,7 @@ index d65464e..1035d31 100644
  			(unsigned long)__va(0x400UL), PAGE_SIZE - 0x400 - 1);
  
  static const char driver_version[] = "1.16ac";	/* no spaces */
-@@ -590,7 +590,10 @@ static long __apm_bios_call(void *_call)
+@@ -612,7 +612,10 @@ static long __apm_bios_call(void *_call)
  	BUG_ON(cpu != 0);
  	gdt = get_cpu_gdt_table(cpu);
  	save_desc_40 = gdt[0x40 / 8];
@@ -17347,7 +16930,7 @@ index d65464e..1035d31 100644
  
  	apm_irq_save(flags);
  	APM_DO_SAVE_SEGS;
-@@ -599,7 +602,11 @@ static long __apm_bios_call(void *_call)
+@@ -621,7 +624,11 @@ static long __apm_bios_call(void *_call)
  			  &call->esi);
  	APM_DO_RESTORE_SEGS;
  	apm_irq_restore(flags);
@@ -17359,7 +16942,7 @@ index d65464e..1035d31 100644
  	put_cpu();
  
  	return call->eax & 0xff;
-@@ -666,7 +673,10 @@ static long __apm_bios_call_simple(void *_call)
+@@ -688,7 +695,10 @@ static long __apm_bios_call_simple(void *_call)
  	BUG_ON(cpu != 0);
  	gdt = get_cpu_gdt_table(cpu);
  	save_desc_40 = gdt[0x40 / 8];
@@ -17370,7 +16953,7 @@ index d65464e..1035d31 100644
  
  	apm_irq_save(flags);
  	APM_DO_SAVE_SEGS;
-@@ -674,7 +684,11 @@ static long __apm_bios_call_simple(void *_call)
+@@ -696,7 +706,11 @@ static long __apm_bios_call_simple(void *_call)
  					 &call->eax);
  	APM_DO_RESTORE_SEGS;
  	apm_irq_restore(flags);
@@ -17382,7 +16965,7 @@ index d65464e..1035d31 100644
  	put_cpu();
  	return error;
  }
-@@ -2345,12 +2359,15 @@ static int __init apm_init(void)
+@@ -2363,12 +2377,15 @@ static int __init apm_init(void)
  	 * code to that CPU.
  	 */
  	gdt = get_cpu_gdt_table(0);
@@ -17466,10 +17049,10 @@ index a0e067d..9c7db16 100644
  obj-y			+= proc.o capflags.o powerflags.o common.o
  obj-y			+= vmware.o hypervisor.o mshyperv.o
 diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
-index 15239ff..e23e04e 100644
+index fa96eb0..03efe73 100644
 --- a/arch/x86/kernel/cpu/amd.c
 +++ b/arch/x86/kernel/cpu/amd.c
-@@ -733,7 +733,7 @@ static unsigned int __cpuinit amd_size_cache(struct cpuinfo_x86 *c,
+@@ -737,7 +737,7 @@ static unsigned int __cpuinit amd_size_cache(struct cpuinfo_x86 *c,
  							unsigned int size)
  {
  	/* AMD errata T13 (order #21922) */
@@ -17479,10 +17062,10 @@ index 15239ff..e23e04e 100644
  		if (c->x86_model == 3 && c->x86_mask == 0)
  			size = 64;
 diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
-index 9c3ab43..51e6366 100644
+index d814772..c615653 100644
 --- a/arch/x86/kernel/cpu/common.c
 +++ b/arch/x86/kernel/cpu/common.c
-@@ -86,60 +86,6 @@ static const struct cpu_dev __cpuinitconst default_cpu = {
+@@ -88,60 +88,6 @@ static const struct cpu_dev __cpuinitconst default_cpu = {
  
  static const struct cpu_dev *this_cpu __cpuinitdata = &default_cpu;
  
@@ -17543,7 +17126,7 @@ index 9c3ab43..51e6366 100644
  static int __init x86_xsave_setup(char *s)
  {
  	setup_clear_cpu_cap(X86_FEATURE_XSAVE);
-@@ -389,7 +335,7 @@ void switch_to_new_gdt(int cpu)
+@@ -386,7 +332,7 @@ void switch_to_new_gdt(int cpu)
  {
  	struct desc_ptr gdt_descr;
  
@@ -17552,7 +17135,7 @@ index 9c3ab43..51e6366 100644
  	gdt_descr.size = GDT_SIZE - 1;
  	load_gdt(&gdt_descr);
  	/* Reload the per-cpu base */
-@@ -885,6 +831,10 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c)
+@@ -882,6 +828,10 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c)
  	/* Filter out anything that depends on CPUID levels we don't have */
  	filter_cpuid_features(c, true);
  
@@ -17563,7 +17146,7 @@ index 9c3ab43..51e6366 100644
  	/* If the model name is still unset, do table lookup. */
  	if (!c->x86_model_id[0]) {
  		const char *p;
-@@ -1068,10 +1018,12 @@ static __init int setup_disablecpuid(char *arg)
+@@ -1065,10 +1015,12 @@ static __init int setup_disablecpuid(char *arg)
  }
  __setup("clearcpuid=", setup_disablecpuid);
  
@@ -17578,7 +17161,7 @@ index 9c3ab43..51e6366 100644
  
  DEFINE_PER_CPU_FIRST(union irq_stack_union,
  		     irq_stack_union) __aligned(PAGE_SIZE);
-@@ -1085,7 +1037,7 @@ DEFINE_PER_CPU(struct task_struct *, current_task) ____cacheline_aligned =
+@@ -1082,7 +1034,7 @@ DEFINE_PER_CPU(struct task_struct *, current_task) ____cacheline_aligned =
  EXPORT_PER_CPU_SYMBOL(current_task);
  
  DEFINE_PER_CPU(unsigned long, kernel_stack) =
@@ -17587,8 +17170,8 @@ index 9c3ab43..51e6366 100644
  EXPORT_PER_CPU_SYMBOL(kernel_stack);
  
  DEFINE_PER_CPU(char *, irq_stack_ptr) =
-@@ -1224,7 +1176,7 @@ void __cpuinit cpu_init(void)
- 	int i;
+@@ -1227,7 +1179,7 @@ void __cpuinit cpu_init(void)
+ 	load_ucode_ap();
  
  	cpu = stack_smp_processor_id();
 -	t = &per_cpu(init_tss, cpu);
@@ -17596,7 +17179,7 @@ index 9c3ab43..51e6366 100644
  	oist = &per_cpu(orig_ist, cpu);
  
  #ifdef CONFIG_NUMA
-@@ -1250,7 +1202,7 @@ void __cpuinit cpu_init(void)
+@@ -1253,7 +1205,7 @@ void __cpuinit cpu_init(void)
  	switch_to_new_gdt(cpu);
  	loadsegment(fs, 0);
  
@@ -17605,7 +17188,7 @@ index 9c3ab43..51e6366 100644
  
  	memset(me->thread.tls_array, 0, GDT_ENTRY_TLS_ENTRIES * 8);
  	syscall_init();
-@@ -1259,7 +1211,6 @@ void __cpuinit cpu_init(void)
+@@ -1262,7 +1214,6 @@ void __cpuinit cpu_init(void)
  	wrmsrl(MSR_KERNEL_GS_BASE, 0);
  	barrier();
  
@@ -17613,7 +17196,7 @@ index 9c3ab43..51e6366 100644
  	enable_x2apic();
  
  	/*
-@@ -1311,7 +1262,7 @@ void __cpuinit cpu_init(void)
+@@ -1314,7 +1265,7 @@ void __cpuinit cpu_init(void)
  {
  	int cpu = smp_processor_id();
  	struct task_struct *curr = current;
@@ -17621,12 +17204,12 @@ index 9c3ab43..51e6366 100644
 +	struct tss_struct *t = init_tss + cpu;
  	struct thread_struct *thread = &curr->thread;
  
- 	if (cpumask_test_and_set_cpu(cpu, cpu_initialized_mask)) {
+ 	show_ucode_info_early();
 diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c
-index fcaabd0..7b55a26 100644
+index 1905ce9..a7ac587 100644
 --- a/arch/x86/kernel/cpu/intel.c
 +++ b/arch/x86/kernel/cpu/intel.c
-@@ -174,7 +174,7 @@ static void __cpuinit trap_init_f00f_bug(void)
+@@ -173,7 +173,7 @@ static void __cpuinit trap_init_f00f_bug(void)
  	 * Update the IDT descriptor and reload the IDT so that
  	 * it uses the read-only mapped virtual address.
  	 */
@@ -17636,7 +17219,7 @@ index fcaabd0..7b55a26 100644
  }
  #endif
 diff --git a/arch/x86/kernel/cpu/intel_cacheinfo.c b/arch/x86/kernel/cpu/intel_cacheinfo.c
-index 84c1309..39b7224 100644
+index 7c6f7d5..8cac382 100644
 --- a/arch/x86/kernel/cpu/intel_cacheinfo.c
 +++ b/arch/x86/kernel/cpu/intel_cacheinfo.c
 @@ -1017,6 +1017,22 @@ static struct attribute *default_attrs[] = {
@@ -17736,7 +17319,7 @@ index 84c1309..39b7224 100644
  };
  
 diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c
-index 80dbda8..be16652 100644
+index 7bc1263..ce2cbfb 100644
 --- a/arch/x86/kernel/cpu/mcheck/mce.c
 +++ b/arch/x86/kernel/cpu/mcheck/mce.c
 @@ -45,6 +45,7 @@
@@ -17787,7 +17370,7 @@ index 80dbda8..be16652 100644
  			return;
  	}
  	/* First print corrected ones that are still unlogged */
-@@ -686,7 +687,7 @@ static int mce_timed_out(u64 *t)
+@@ -683,7 +684,7 @@ static int mce_timed_out(u64 *t)
  	 * might have been modified by someone else.
  	 */
  	rmb();
@@ -17796,7 +17379,7 @@ index 80dbda8..be16652 100644
  		wait_for_panic();
  	if (!mca_cfg.monarch_timeout)
  		goto out;
-@@ -1662,7 +1663,7 @@ static void unexpected_machine_check(struct pt_regs *regs, long error_code)
+@@ -1654,7 +1655,7 @@ static void unexpected_machine_check(struct pt_regs *regs, long error_code)
  }
  
  /* Call the installed machine check handler for this CPU setup. */
@@ -17805,7 +17388,7 @@ index 80dbda8..be16652 100644
  						unexpected_machine_check;
  
  /*
-@@ -1685,7 +1686,9 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c)
+@@ -1677,7 +1678,9 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c)
  		return;
  	}
  
@@ -17815,7 +17398,7 @@ index 80dbda8..be16652 100644
  
  	__mcheck_cpu_init_generic();
  	__mcheck_cpu_init_vendor(c);
-@@ -1699,7 +1702,7 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c)
+@@ -1691,7 +1694,7 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c)
   */
  
  static DEFINE_SPINLOCK(mce_chrdev_state_lock);
@@ -17824,7 +17407,7 @@ index 80dbda8..be16652 100644
  static int mce_chrdev_open_exclu;	/* already open exclusive? */
  
  static int mce_chrdev_open(struct inode *inode, struct file *file)
-@@ -1707,7 +1710,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file)
+@@ -1699,7 +1702,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file)
  	spin_lock(&mce_chrdev_state_lock);
  
  	if (mce_chrdev_open_exclu ||
@@ -17833,7 +17416,7 @@ index 80dbda8..be16652 100644
  		spin_unlock(&mce_chrdev_state_lock);
  
  		return -EBUSY;
-@@ -1715,7 +1718,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file)
+@@ -1707,7 +1710,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file)
  
  	if (file->f_flags & O_EXCL)
  		mce_chrdev_open_exclu = 1;
@@ -17842,7 +17425,7 @@ index 80dbda8..be16652 100644
  
  	spin_unlock(&mce_chrdev_state_lock);
  
-@@ -1726,7 +1729,7 @@ static int mce_chrdev_release(struct inode *inode, struct file *file)
+@@ -1718,7 +1721,7 @@ static int mce_chrdev_release(struct inode *inode, struct file *file)
  {
  	spin_lock(&mce_chrdev_state_lock);
  
@@ -17851,7 +17434,7 @@ index 80dbda8..be16652 100644
  	mce_chrdev_open_exclu = 0;
  
  	spin_unlock(&mce_chrdev_state_lock);
-@@ -2372,7 +2375,7 @@ mce_cpu_callback(struct notifier_block *nfb, unsigned long action, void *hcpu)
+@@ -2364,7 +2367,7 @@ mce_cpu_callback(struct notifier_block *nfb, unsigned long action, void *hcpu)
  	return NOTIFY_OK;
  }
  
@@ -17860,7 +17443,7 @@ index 80dbda8..be16652 100644
  	.notifier_call = mce_cpu_callback,
  };
  
-@@ -2382,7 +2385,7 @@ static __init void mce_init_banks(void)
+@@ -2374,7 +2377,7 @@ static __init void mce_init_banks(void)
  
  	for (i = 0; i < mca_cfg.banks; i++) {
  		struct mce_bank *b = &mce_banks[i];
@@ -17869,7 +17452,7 @@ index 80dbda8..be16652 100644
  
  		sysfs_attr_init(&a->attr);
  		a->attr.name	= b->attrname;
-@@ -2450,7 +2453,7 @@ struct dentry *mce_get_debugfs_dir(void)
+@@ -2442,7 +2445,7 @@ struct dentry *mce_get_debugfs_dir(void)
  static void mce_reset(void)
  {
  	cpu_missing = 0;
@@ -17879,7 +17462,7 @@ index 80dbda8..be16652 100644
  	atomic_set(&mce_callin, 0);
  	atomic_set(&global_nwo, 0);
 diff --git a/arch/x86/kernel/cpu/mcheck/p5.c b/arch/x86/kernel/cpu/mcheck/p5.c
-index 2d5454c..51987eb 100644
+index 1c044b1..37a2a43 100644
 --- a/arch/x86/kernel/cpu/mcheck/p5.c
 +++ b/arch/x86/kernel/cpu/mcheck/p5.c
 @@ -11,6 +11,7 @@
@@ -17914,7 +17497,7 @@ index 47a1870..8c019a7 100644
  	.notifier_call = thermal_throttle_cpu_callback,
  };
 diff --git a/arch/x86/kernel/cpu/mcheck/winchip.c b/arch/x86/kernel/cpu/mcheck/winchip.c
-index 2d7998f..17c9de1 100644
+index e9a701a..35317d6 100644
 --- a/arch/x86/kernel/cpu/mcheck/winchip.c
 +++ b/arch/x86/kernel/cpu/mcheck/winchip.c
 @@ -10,6 +10,7 @@
@@ -17962,7 +17545,7 @@ index df5e41f..816c719 100644
  extern int generic_get_free_region(unsigned long base, unsigned long size,
  				   int replace_reg);
 diff --git a/arch/x86/kernel/cpu/perf_event.c b/arch/x86/kernel/cpu/perf_event.c
-index 6774c17..72c1b22 100644
+index bf0f01a..9adfee1 100644
 --- a/arch/x86/kernel/cpu/perf_event.c
 +++ b/arch/x86/kernel/cpu/perf_event.c
 @@ -1305,7 +1305,7 @@ static void __init pmu_check_apic(void)
@@ -17974,16 +17557,7 @@ index 6774c17..72c1b22 100644
  	.name = "format",
  	.attrs = NULL,
  };
-@@ -1313,7 +1313,7 @@ static struct attribute_group x86_pmu_format_group = {
- struct perf_pmu_events_attr {
- 	struct device_attribute attr;
- 	u64 id;
--};
-+} __do_const;
- 
- /*
-  * Remove all undefined events (x86_pmu.event_map(id) == 0)
-@@ -1381,7 +1381,7 @@ static struct attribute *events_attr[] = {
+@@ -1374,7 +1374,7 @@ static struct attribute *events_attr[] = {
  	NULL,
  };
  
@@ -17992,7 +17566,7 @@ index 6774c17..72c1b22 100644
  	.name = "events",
  	.attrs = events_attr,
  };
-@@ -1880,7 +1880,7 @@ static unsigned long get_segment_base(unsigned int segment)
+@@ -1873,7 +1873,7 @@ static unsigned long get_segment_base(unsigned int segment)
  		if (idx > GDT_ENTRIES)
  			return 0;
  
@@ -18001,7 +17575,7 @@ index 6774c17..72c1b22 100644
  	}
  
  	return get_desc_base(desc + idx);
-@@ -1970,7 +1970,7 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs)
+@@ -1963,7 +1963,7 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs)
  			break;
  
  		perf_callchain_store(entry, frame.return_address);
@@ -18011,10 +17585,10 @@ index 6774c17..72c1b22 100644
  }
  
 diff --git a/arch/x86/kernel/cpu/perf_event_intel.c b/arch/x86/kernel/cpu/perf_event_intel.c
-index 70602f8..9d9edb7 100644
+index 4a0a462..be3b204 100644
 --- a/arch/x86/kernel/cpu/perf_event_intel.c
 +++ b/arch/x86/kernel/cpu/perf_event_intel.c
-@@ -1964,10 +1964,10 @@ __init int intel_pmu_init(void)
+@@ -1994,10 +1994,10 @@ __init int intel_pmu_init(void)
  	 * v2 and above have a perf capabilities MSR
  	 */
  	if (version > 1) {
@@ -18028,92 +17602,19 @@ index 70602f8..9d9edb7 100644
  	}
  
  	intel_ds_init();
-diff --git a/arch/x86/kernel/cpu/perf_event_intel_lbr.c b/arch/x86/kernel/cpu/perf_event_intel_lbr.c
-index da02e9c..94db951 100644
---- a/arch/x86/kernel/cpu/perf_event_intel_lbr.c
-+++ b/arch/x86/kernel/cpu/perf_event_intel_lbr.c
-@@ -310,7 +310,7 @@ void intel_pmu_lbr_read(void)
-  * - in case there is no HW filter
-  * - in case the HW filter has errata or limitations
-  */
--static void intel_pmu_setup_sw_lbr_filter(struct perf_event *event)
-+static int intel_pmu_setup_sw_lbr_filter(struct perf_event *event)
- {
- 	u64 br_type = event->attr.branch_sample_type;
- 	int mask = 0;
-@@ -318,8 +318,11 @@ static void intel_pmu_setup_sw_lbr_filter(struct perf_event *event)
- 	if (br_type & PERF_SAMPLE_BRANCH_USER)
- 		mask |= X86_BR_USER;
- 
--	if (br_type & PERF_SAMPLE_BRANCH_KERNEL)
-+	if (br_type & PERF_SAMPLE_BRANCH_KERNEL) {
-+		if (perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN))
-+			return -EACCES;
- 		mask |= X86_BR_KERNEL;
-+	}
- 
- 	/* we ignore BRANCH_HV here */
- 
-@@ -339,6 +342,8 @@ static void intel_pmu_setup_sw_lbr_filter(struct perf_event *event)
- 	 * be used by fixup code for some CPU
- 	 */
- 	event->hw.branch_reg.reg = mask;
-+
-+	return 0;
- }
- 
- /*
-@@ -386,7 +391,9 @@ int intel_pmu_setup_lbr_filter(struct perf_event *event)
- 	/*
- 	 * setup SW LBR filter
- 	 */
--	intel_pmu_setup_sw_lbr_filter(event);
-+	ret = intel_pmu_setup_sw_lbr_filter(event);
-+	if (ret)
-+		return ret;
- 
- 	/*
- 	 * setup HW LBR filter, if any
 diff --git a/arch/x86/kernel/cpu/perf_event_intel_uncore.c b/arch/x86/kernel/cpu/perf_event_intel_uncore.c
-index b43200d..d235b3e 100644
+index 3e091f0..d2dc8d6 100644
 --- a/arch/x86/kernel/cpu/perf_event_intel_uncore.c
 +++ b/arch/x86/kernel/cpu/perf_event_intel_uncore.c
 @@ -2428,7 +2428,7 @@ static void __init uncore_types_exit(struct intel_uncore_type **types)
  static int __init uncore_type_init(struct intel_uncore_type *type)
  {
  	struct intel_uncore_pmu *pmus;
--	struct attribute_group *events_group;
+-	struct attribute_group *attr_group;
 +	attribute_group_no_const *attr_group;
  	struct attribute **attrs;
  	int i, j;
  
-@@ -2455,19 +2455,19 @@ static int __init uncore_type_init(struct intel_uncore_type *type)
- 		while (type->event_descs[i].attr.attr.name)
- 			i++;
- 
--		events_group = kzalloc(sizeof(struct attribute *) * (i + 1) +
--					sizeof(*events_group), GFP_KERNEL);
--		if (!events_group)
-+		attr_group = kzalloc(sizeof(struct attribute *) * (i + 1) +
-+					sizeof(*attr_group), GFP_KERNEL);
-+		if (!attr_group)
- 			goto fail;
- 
--		attrs = (struct attribute **)(events_group + 1);
--		events_group->name = "events";
--		events_group->attrs = attrs;
-+		attrs = (struct attribute **)(attr_group + 1);
-+		attr_group->name = "events";
-+		attr_group->attrs = attrs;
- 
- 		for (j = 0; j < i; j++)
- 			attrs[j] = &type->event_descs[j].attr.attr;
- 
--		type->events_group = events_group;
-+		type->events_group = attr_group;
- 	}
- 
- 	type->pmu_group = &uncore_pmu_attr_group;
 @@ -2826,7 +2826,7 @@ static int
  	return NOTIFY_OK;
  }
@@ -18137,7 +17638,7 @@ index e68a455..975a932 100644
  #define INTEL_UNCORE_EVENT_DESC(_name, _config)			\
  {								\
 diff --git a/arch/x86/kernel/cpuid.c b/arch/x86/kernel/cpuid.c
-index 60c7891..9e911d3 100644
+index 1e4dbcf..b9a34c2 100644
 --- a/arch/x86/kernel/cpuid.c
 +++ b/arch/x86/kernel/cpuid.c
 @@ -171,7 +171,7 @@ static int __cpuinit cpuid_class_cpu_callback(struct notifier_block *nfb,
@@ -18201,7 +17702,7 @@ index 37250fe..bf2ec74 100644
  
  		.__cr3		= __pa_nodebug(swapper_pg_dir),
 diff --git a/arch/x86/kernel/dumpstack.c b/arch/x86/kernel/dumpstack.c
-index ae42418b..787c16b 100644
+index c8797d5..c605e53 100644
 --- a/arch/x86/kernel/dumpstack.c
 +++ b/arch/x86/kernel/dumpstack.c
 @@ -2,6 +2,9 @@
@@ -18584,7 +18085,7 @@ index 9b9f18b..9fcaa04 100644
  #include <asm/processor.h>
  #include <asm/fcntl.h>
 diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S
-index 6ed91d9..6cc365b 100644
+index 8f3e2de..934870f 100644
 --- a/arch/x86/kernel/entry_32.S
 +++ b/arch/x86/kernel/entry_32.S
 @@ -177,13 +177,153 @@
@@ -19058,7 +18559,7 @@ index 6ed91d9..6cc365b 100644
  	CFI_ENDPROC
  /*
   * End of kprobes section
-@@ -753,8 +985,15 @@ PTREGSCALL1(vm86old)
+@@ -708,8 +940,15 @@ END(syscall_badsys)
   * normal stack and adjusts ESP with the matching offset.
   */
  	/* fixup the stack */
@@ -19076,7 +18577,7 @@ index 6ed91d9..6cc365b 100644
  	shl $16, %eax
  	addl %esp, %eax			/* the adjusted stack pointer */
  	pushl_cfi $__KERNEL_DS
-@@ -807,7 +1046,7 @@ vector=vector+1
+@@ -762,7 +1001,7 @@ vector=vector+1
    .endr
  2:	jmp common_interrupt
  .endr
@@ -19085,7 +18586,7 @@ index 6ed91d9..6cc365b 100644
  
  .previous
  END(interrupt)
-@@ -858,7 +1097,7 @@ ENTRY(coprocessor_error)
+@@ -813,7 +1052,7 @@ ENTRY(coprocessor_error)
  	pushl_cfi $do_coprocessor_error
  	jmp error_code
  	CFI_ENDPROC
@@ -19094,7 +18595,7 @@ index 6ed91d9..6cc365b 100644
  
  ENTRY(simd_coprocessor_error)
  	RING0_INT_FRAME
-@@ -880,7 +1119,7 @@ ENTRY(simd_coprocessor_error)
+@@ -835,7 +1074,7 @@ ENTRY(simd_coprocessor_error)
  #endif
  	jmp error_code
  	CFI_ENDPROC
@@ -19103,7 +18604,7 @@ index 6ed91d9..6cc365b 100644
  
  ENTRY(device_not_available)
  	RING0_INT_FRAME
-@@ -889,18 +1128,18 @@ ENTRY(device_not_available)
+@@ -844,18 +1083,18 @@ ENTRY(device_not_available)
  	pushl_cfi $do_device_not_available
  	jmp error_code
  	CFI_ENDPROC
@@ -19125,7 +18626,7 @@ index 6ed91d9..6cc365b 100644
  #endif
  
  ENTRY(overflow)
-@@ -910,7 +1149,7 @@ ENTRY(overflow)
+@@ -865,7 +1104,7 @@ ENTRY(overflow)
  	pushl_cfi $do_overflow
  	jmp error_code
  	CFI_ENDPROC
@@ -19134,7 +18635,7 @@ index 6ed91d9..6cc365b 100644
  
  ENTRY(bounds)
  	RING0_INT_FRAME
-@@ -919,7 +1158,7 @@ ENTRY(bounds)
+@@ -874,7 +1113,7 @@ ENTRY(bounds)
  	pushl_cfi $do_bounds
  	jmp error_code
  	CFI_ENDPROC
@@ -19143,7 +18644,7 @@ index 6ed91d9..6cc365b 100644
  
  ENTRY(invalid_op)
  	RING0_INT_FRAME
-@@ -928,7 +1167,7 @@ ENTRY(invalid_op)
+@@ -883,7 +1122,7 @@ ENTRY(invalid_op)
  	pushl_cfi $do_invalid_op
  	jmp error_code
  	CFI_ENDPROC
@@ -19152,7 +18653,7 @@ index 6ed91d9..6cc365b 100644
  
  ENTRY(coprocessor_segment_overrun)
  	RING0_INT_FRAME
-@@ -937,7 +1176,7 @@ ENTRY(coprocessor_segment_overrun)
+@@ -892,7 +1131,7 @@ ENTRY(coprocessor_segment_overrun)
  	pushl_cfi $do_coprocessor_segment_overrun
  	jmp error_code
  	CFI_ENDPROC
@@ -19161,7 +18662,7 @@ index 6ed91d9..6cc365b 100644
  
  ENTRY(invalid_TSS)
  	RING0_EC_FRAME
-@@ -945,7 +1184,7 @@ ENTRY(invalid_TSS)
+@@ -900,7 +1139,7 @@ ENTRY(invalid_TSS)
  	pushl_cfi $do_invalid_TSS
  	jmp error_code
  	CFI_ENDPROC
@@ -19170,7 +18671,7 @@ index 6ed91d9..6cc365b 100644
  
  ENTRY(segment_not_present)
  	RING0_EC_FRAME
-@@ -953,7 +1192,7 @@ ENTRY(segment_not_present)
+@@ -908,7 +1147,7 @@ ENTRY(segment_not_present)
  	pushl_cfi $do_segment_not_present
  	jmp error_code
  	CFI_ENDPROC
@@ -19179,7 +18680,7 @@ index 6ed91d9..6cc365b 100644
  
  ENTRY(stack_segment)
  	RING0_EC_FRAME
-@@ -961,7 +1200,7 @@ ENTRY(stack_segment)
+@@ -916,7 +1155,7 @@ ENTRY(stack_segment)
  	pushl_cfi $do_stack_segment
  	jmp error_code
  	CFI_ENDPROC
@@ -19188,7 +18689,7 @@ index 6ed91d9..6cc365b 100644
  
  ENTRY(alignment_check)
  	RING0_EC_FRAME
-@@ -969,7 +1208,7 @@ ENTRY(alignment_check)
+@@ -924,7 +1163,7 @@ ENTRY(alignment_check)
  	pushl_cfi $do_alignment_check
  	jmp error_code
  	CFI_ENDPROC
@@ -19197,7 +18698,7 @@ index 6ed91d9..6cc365b 100644
  
  ENTRY(divide_error)
  	RING0_INT_FRAME
-@@ -978,7 +1217,7 @@ ENTRY(divide_error)
+@@ -933,7 +1172,7 @@ ENTRY(divide_error)
  	pushl_cfi $do_divide_error
  	jmp error_code
  	CFI_ENDPROC
@@ -19206,7 +18707,7 @@ index 6ed91d9..6cc365b 100644
  
  #ifdef CONFIG_X86_MCE
  ENTRY(machine_check)
-@@ -988,7 +1227,7 @@ ENTRY(machine_check)
+@@ -943,7 +1182,7 @@ ENTRY(machine_check)
  	pushl_cfi machine_check_vector
  	jmp error_code
  	CFI_ENDPROC
@@ -19215,7 +18716,7 @@ index 6ed91d9..6cc365b 100644
  #endif
  
  ENTRY(spurious_interrupt_bug)
-@@ -998,7 +1237,7 @@ ENTRY(spurious_interrupt_bug)
+@@ -953,7 +1192,7 @@ ENTRY(spurious_interrupt_bug)
  	pushl_cfi $do_spurious_interrupt_bug
  	jmp error_code
  	CFI_ENDPROC
@@ -19224,7 +18725,7 @@ index 6ed91d9..6cc365b 100644
  /*
   * End of kprobes section
   */
-@@ -1101,7 +1340,7 @@ BUILD_INTERRUPT3(xen_hvm_callback_vector, XEN_HVM_EVTCHN_CALLBACK,
+@@ -1063,7 +1302,7 @@ BUILD_INTERRUPT3(hyperv_callback_vector, HYPERVISOR_CALLBACK_VECTOR,
  
  ENTRY(mcount)
  	ret
@@ -19233,7 +18734,7 @@ index 6ed91d9..6cc365b 100644
  
  ENTRY(ftrace_caller)
  	cmpl $0, function_trace_stop
-@@ -1134,7 +1373,7 @@ ftrace_graph_call:
+@@ -1096,7 +1335,7 @@ ftrace_graph_call:
  .globl ftrace_stub
  ftrace_stub:
  	ret
@@ -19242,7 +18743,7 @@ index 6ed91d9..6cc365b 100644
  
  ENTRY(ftrace_regs_caller)
  	pushf	/* push flags before compare (in cs location) */
-@@ -1235,7 +1474,7 @@ trace:
+@@ -1197,7 +1436,7 @@ trace:
  	popl %ecx
  	popl %eax
  	jmp ftrace_stub
@@ -19251,7 +18752,7 @@ index 6ed91d9..6cc365b 100644
  #endif /* CONFIG_DYNAMIC_FTRACE */
  #endif /* CONFIG_FUNCTION_TRACER */
  
-@@ -1253,7 +1492,7 @@ ENTRY(ftrace_graph_caller)
+@@ -1215,7 +1454,7 @@ ENTRY(ftrace_graph_caller)
  	popl %ecx
  	popl %eax
  	ret
@@ -19260,7 +18761,7 @@ index 6ed91d9..6cc365b 100644
  
  .globl return_to_handler
  return_to_handler:
-@@ -1309,15 +1548,18 @@ error_code:
+@@ -1271,15 +1510,18 @@ error_code:
  	movl $-1, PT_ORIG_EAX(%esp)	# no syscall to restart
  	REG_TO_PTGS %ecx
  	SET_KERNEL_GS %ecx
@@ -19281,7 +18782,7 @@ index 6ed91d9..6cc365b 100644
  
  /*
   * Debug traps and NMI can happen at the one SYSENTER instruction
-@@ -1360,7 +1602,7 @@ debug_stack_correct:
+@@ -1322,7 +1564,7 @@ debug_stack_correct:
  	call do_debug
  	jmp ret_from_exception
  	CFI_ENDPROC
@@ -19290,7 +18791,7 @@ index 6ed91d9..6cc365b 100644
  
  /*
   * NMI is doubly nasty. It can happen _while_ we're handling
-@@ -1398,6 +1640,9 @@ nmi_stack_correct:
+@@ -1360,6 +1602,9 @@ nmi_stack_correct:
  	xorl %edx,%edx		# zero error code
  	movl %esp,%eax		# pt_regs pointer
  	call do_nmi
@@ -19300,7 +18801,7 @@ index 6ed91d9..6cc365b 100644
  	jmp restore_all_notrace
  	CFI_ENDPROC
  
-@@ -1434,12 +1679,15 @@ nmi_espfix_stack:
+@@ -1396,12 +1641,15 @@ nmi_espfix_stack:
  	FIXUP_ESPFIX_STACK		# %eax == %esp
  	xorl %edx,%edx			# zero error code
  	call do_nmi
@@ -19317,7 +18818,7 @@ index 6ed91d9..6cc365b 100644
  
  ENTRY(int3)
  	RING0_INT_FRAME
-@@ -1452,14 +1700,14 @@ ENTRY(int3)
+@@ -1414,14 +1662,14 @@ ENTRY(int3)
  	call do_int3
  	jmp ret_from_exception
  	CFI_ENDPROC
@@ -19334,7 +18835,7 @@ index 6ed91d9..6cc365b 100644
  
  #ifdef CONFIG_KVM_GUEST
  ENTRY(async_page_fault)
-@@ -1468,7 +1716,7 @@ ENTRY(async_page_fault)
+@@ -1430,7 +1678,7 @@ ENTRY(async_page_fault)
  	pushl_cfi $do_async_page_fault
  	jmp error_code
  	CFI_ENDPROC
@@ -19344,7 +18845,7 @@ index 6ed91d9..6cc365b 100644
  
  /*
 diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
-index cb3c591..0617fa7 100644
+index c1d01e6..5625dce 100644
 --- a/arch/x86/kernel/entry_64.S
 +++ b/arch/x86/kernel/entry_64.S
 @@ -59,6 +59,8 @@
@@ -19909,18 +19410,9 @@ index cb3c591..0617fa7 100644
 -END(system_call)
 +ENDPROC(system_call)
  
- /*
-  * Certain special system calls that need to save a complete full stack frame.
-@@ -842,7 +1149,7 @@ ENTRY(\label)
- 	call \func
- 	jmp ptregscall_common
- 	CFI_ENDPROC
--END(\label)
-+ENDPROC(\label)
- 	.endm
- 
  	.macro FORK_LIKE func
-@@ -856,9 +1163,10 @@ ENTRY(stub_\func)
+ ENTRY(stub_\func)
+@@ -839,9 +1146,10 @@ ENTRY(stub_\func)
  	DEFAULT_FRAME 0 8		/* offset 8: return address */
  	call sys_\func
  	RESTORE_TOP_OF_STACK %r11, 8
@@ -19931,8 +19423,20 @@ index cb3c591..0617fa7 100644
 +ENDPROC(stub_\func)
  	.endm
  
+ 	.macro FIXED_FRAME label,func
+@@ -851,9 +1159,10 @@ ENTRY(\label)
+ 	FIXUP_TOP_OF_STACK %r11, 8-ARGOFFSET
+ 	call \func
+ 	RESTORE_TOP_OF_STACK %r11, 8-ARGOFFSET
++	pax_force_retaddr
+ 	ret
+ 	CFI_ENDPROC
+-END(\label)
++ENDPROC(\label)
+ 	.endm
+ 
  	FORK_LIKE  clone
-@@ -875,9 +1183,10 @@ ENTRY(ptregscall_common)
+@@ -870,9 +1179,10 @@ ENTRY(ptregscall_common)
  	movq_cfi_restore R12+8, r12
  	movq_cfi_restore RBP+8, rbp
  	movq_cfi_restore RBX+8, rbx
@@ -19944,7 +19448,7 @@ index cb3c591..0617fa7 100644
  
  ENTRY(stub_execve)
  	CFI_STARTPROC
-@@ -891,7 +1200,7 @@ ENTRY(stub_execve)
+@@ -885,7 +1195,7 @@ ENTRY(stub_execve)
  	RESTORE_REST
  	jmp int_ret_from_sys_call
  	CFI_ENDPROC
@@ -19953,7 +19457,7 @@ index cb3c591..0617fa7 100644
  
  /*
   * sigreturn is special because it needs to restore all registers on return.
-@@ -909,7 +1218,7 @@ ENTRY(stub_rt_sigreturn)
+@@ -902,7 +1212,7 @@ ENTRY(stub_rt_sigreturn)
  	RESTORE_REST
  	jmp int_ret_from_sys_call
  	CFI_ENDPROC
@@ -19962,7 +19466,25 @@ index cb3c591..0617fa7 100644
  
  #ifdef CONFIG_X86_X32_ABI
  ENTRY(stub_x32_rt_sigreturn)
-@@ -975,7 +1284,7 @@ vector=vector+1
+@@ -916,7 +1226,7 @@ ENTRY(stub_x32_rt_sigreturn)
+ 	RESTORE_REST
+ 	jmp int_ret_from_sys_call
+ 	CFI_ENDPROC
+-END(stub_x32_rt_sigreturn)
++ENDPROC(stub_x32_rt_sigreturn)
+ 
+ ENTRY(stub_x32_execve)
+ 	CFI_STARTPROC
+@@ -930,7 +1240,7 @@ ENTRY(stub_x32_execve)
+ 	RESTORE_REST
+ 	jmp int_ret_from_sys_call
+ 	CFI_ENDPROC
+-END(stub_x32_execve)
++ENDPROC(stub_x32_execve)
+ 
+ #endif
+ 
+@@ -967,7 +1277,7 @@ vector=vector+1
  2:	jmp common_interrupt
  .endr
  	CFI_ENDPROC
@@ -19971,7 +19493,7 @@ index cb3c591..0617fa7 100644
  
  .previous
  END(interrupt)
-@@ -995,6 +1304,16 @@ END(interrupt)
+@@ -987,6 +1297,16 @@ END(interrupt)
  	subq $ORIG_RAX-RBP, %rsp
  	CFI_ADJUST_CFA_OFFSET ORIG_RAX-RBP
  	SAVE_ARGS_IRQ
@@ -19988,7 +19510,7 @@ index cb3c591..0617fa7 100644
  	call \func
  	.endm
  
-@@ -1027,7 +1346,7 @@ ret_from_intr:
+@@ -1019,7 +1339,7 @@ ret_from_intr:
  
  exit_intr:
  	GET_THREAD_INFO(%rcx)
@@ -19997,7 +19519,7 @@ index cb3c591..0617fa7 100644
  	je retint_kernel
  
  	/* Interrupt came from user space */
-@@ -1049,12 +1368,16 @@ retint_swapgs:		/* return to user-space */
+@@ -1041,12 +1361,16 @@ retint_swapgs:		/* return to user-space */
  	 * The iretq could re-enable interrupts:
  	 */
  	DISABLE_INTERRUPTS(CLBR_ANY)
@@ -20014,7 +19536,7 @@ index cb3c591..0617fa7 100644
  	/*
  	 * The iretq could re-enable interrupts:
  	 */
-@@ -1137,7 +1460,7 @@ ENTRY(retint_kernel)
+@@ -1129,7 +1453,7 @@ ENTRY(retint_kernel)
  #endif
  
  	CFI_ENDPROC
@@ -20023,7 +19545,7 @@ index cb3c591..0617fa7 100644
  /*
   * End of kprobes section
   */
-@@ -1155,7 +1478,7 @@ ENTRY(\sym)
+@@ -1147,7 +1471,7 @@ ENTRY(\sym)
  	interrupt \do_sym
  	jmp ret_from_intr
  	CFI_ENDPROC
@@ -20032,7 +19554,7 @@ index cb3c591..0617fa7 100644
  .endm
  
  #ifdef CONFIG_SMP
-@@ -1211,12 +1534,22 @@ ENTRY(\sym)
+@@ -1203,12 +1527,22 @@ ENTRY(\sym)
  	CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
  	call error_entry
  	DEFAULT_FRAME 0
@@ -20056,7 +19578,7 @@ index cb3c591..0617fa7 100644
  .endm
  
  .macro paranoidzeroentry sym do_sym
-@@ -1229,15 +1562,25 @@ ENTRY(\sym)
+@@ -1221,15 +1555,25 @@ ENTRY(\sym)
  	CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
  	call save_paranoid
  	TRACE_IRQS_OFF
@@ -20084,7 +19606,7 @@ index cb3c591..0617fa7 100644
  .macro paranoidzeroentry_ist sym do_sym ist
  ENTRY(\sym)
  	INTR_FRAME
-@@ -1248,14 +1591,30 @@ ENTRY(\sym)
+@@ -1240,14 +1584,30 @@ ENTRY(\sym)
  	CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
  	call save_paranoid
  	TRACE_IRQS_OFF_DEBUG
@@ -20116,7 +19638,7 @@ index cb3c591..0617fa7 100644
  .endm
  
  .macro errorentry sym do_sym
-@@ -1267,13 +1626,23 @@ ENTRY(\sym)
+@@ -1259,13 +1619,23 @@ ENTRY(\sym)
  	CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
  	call error_entry
  	DEFAULT_FRAME 0
@@ -20141,7 +19663,7 @@ index cb3c591..0617fa7 100644
  .endm
  
  	/* error code is on the stack already */
-@@ -1287,13 +1656,23 @@ ENTRY(\sym)
+@@ -1279,13 +1649,23 @@ ENTRY(\sym)
  	call save_paranoid
  	DEFAULT_FRAME 0
  	TRACE_IRQS_OFF
@@ -20166,7 +19688,7 @@ index cb3c591..0617fa7 100644
  .endm
  
  zeroentry divide_error do_divide_error
-@@ -1323,9 +1702,10 @@ gs_change:
+@@ -1315,9 +1695,10 @@ gs_change:
  2:	mfence		/* workaround */
  	SWAPGS
  	popfq_cfi
@@ -20178,7 +19700,7 @@ index cb3c591..0617fa7 100644
  
  	_ASM_EXTABLE(gs_change,bad_gs)
  	.section .fixup,"ax"
-@@ -1353,9 +1733,10 @@ ENTRY(call_softirq)
+@@ -1345,9 +1726,10 @@ ENTRY(call_softirq)
  	CFI_DEF_CFA_REGISTER	rsp
  	CFI_ADJUST_CFA_OFFSET   -8
  	decl PER_CPU_VAR(irq_count)
@@ -20190,7 +19712,7 @@ index cb3c591..0617fa7 100644
  
  #ifdef CONFIG_XEN
  zeroentry xen_hypervisor_callback xen_do_hypervisor_callback
-@@ -1393,7 +1774,7 @@ ENTRY(xen_do_hypervisor_callback)   # do_hypervisor_callback(struct *pt_regs)
+@@ -1385,7 +1767,7 @@ ENTRY(xen_do_hypervisor_callback)   # do_hypervisor_callback(struct *pt_regs)
  	decl PER_CPU_VAR(irq_count)
  	jmp  error_exit
  	CFI_ENDPROC
@@ -20199,16 +19721,16 @@ index cb3c591..0617fa7 100644
  
  /*
   * Hypervisor uses this for application faults while it executes.
-@@ -1452,7 +1833,7 @@ ENTRY(xen_failsafe_callback)
+@@ -1444,7 +1826,7 @@ ENTRY(xen_failsafe_callback)
  	SAVE_ALL
  	jmp error_exit
  	CFI_ENDPROC
 -END(xen_failsafe_callback)
 +ENDPROC(xen_failsafe_callback)
  
- apicinterrupt XEN_HVM_EVTCHN_CALLBACK \
+ apicinterrupt HYPERVISOR_CALLBACK_VECTOR \
  	xen_hvm_callback_vector xen_evtchn_do_upcall
-@@ -1501,16 +1882,31 @@ ENTRY(paranoid_exit)
+@@ -1498,16 +1880,31 @@ ENTRY(paranoid_exit)
  	TRACE_IRQS_OFF_DEBUG
  	testl %ebx,%ebx				/* swapgs needed? */
  	jnz paranoid_restore
@@ -20241,7 +19763,7 @@ index cb3c591..0617fa7 100644
  	jmp irq_return
  paranoid_userspace:
  	GET_THREAD_INFO(%rcx)
-@@ -1539,7 +1935,7 @@ paranoid_schedule:
+@@ -1536,7 +1933,7 @@ paranoid_schedule:
  	TRACE_IRQS_OFF
  	jmp paranoid_userspace
  	CFI_ENDPROC
@@ -20250,7 +19772,7 @@ index cb3c591..0617fa7 100644
  
  /*
   * Exception entry point. This expects an error code/orig_rax on the stack.
-@@ -1566,12 +1962,13 @@ ENTRY(error_entry)
+@@ -1563,12 +1960,13 @@ ENTRY(error_entry)
  	movq_cfi r14, R14+8
  	movq_cfi r15, R15+8
  	xorl %ebx,%ebx
@@ -20265,7 +19787,7 @@ index cb3c591..0617fa7 100644
  	ret
  
  /*
-@@ -1598,7 +1995,7 @@ bstep_iret:
+@@ -1595,7 +1993,7 @@ bstep_iret:
  	movq %rcx,RIP+8(%rsp)
  	jmp error_swapgs
  	CFI_ENDPROC
@@ -20274,7 +19796,7 @@ index cb3c591..0617fa7 100644
  
  
  /* ebx:	no swapgs flag (1: don't need swapgs, 0: need it) */
-@@ -1618,7 +2015,7 @@ ENTRY(error_exit)
+@@ -1615,7 +2013,7 @@ ENTRY(error_exit)
  	jnz retint_careful
  	jmp retint_swapgs
  	CFI_ENDPROC
@@ -20283,7 +19805,7 @@ index cb3c591..0617fa7 100644
  
  /*
   * Test if a given stack is an NMI stack or not.
-@@ -1676,9 +2073,11 @@ ENTRY(nmi)
+@@ -1673,9 +2071,11 @@ ENTRY(nmi)
  	 * If %cs was not the kernel segment, then the NMI triggered in user
  	 * space, which means it is definitely not nested.
  	 */
@@ -20296,7 +19818,7 @@ index cb3c591..0617fa7 100644
  	/*
  	 * Check the special variable on the stack to see if NMIs are
  	 * executing.
-@@ -1712,8 +2111,7 @@ nested_nmi:
+@@ -1709,8 +2109,7 @@ nested_nmi:
  
  1:
  	/* Set up the interrupted NMIs stack to jump to repeat_nmi */
@@ -20306,7 +19828,7 @@ index cb3c591..0617fa7 100644
  	CFI_ADJUST_CFA_OFFSET 1*8
  	leaq -10*8(%rsp), %rdx
  	pushq_cfi $__KERNEL_DS
-@@ -1731,6 +2129,7 @@ nested_nmi_out:
+@@ -1728,6 +2127,7 @@ nested_nmi_out:
  	CFI_RESTORE rdx
  
  	/* No need to check faults here */
@@ -20314,7 +19836,7 @@ index cb3c591..0617fa7 100644
  	INTERRUPT_RETURN
  
  	CFI_RESTORE_STATE
-@@ -1847,6 +2246,17 @@ end_repeat_nmi:
+@@ -1844,6 +2244,17 @@ end_repeat_nmi:
  	 */
  	movq %cr2, %r12
  
@@ -20332,7 +19854,7 @@ index cb3c591..0617fa7 100644
  	/* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
  	movq %rsp,%rdi
  	movq $-1,%rsi
-@@ -1862,23 +2272,34 @@ end_repeat_nmi:
+@@ -1859,23 +2270,34 @@ end_repeat_nmi:
  	testl %ebx,%ebx				/* swapgs needed? */
  	jnz nmi_restore
  nmi_swapgs:
@@ -20370,7 +19892,7 @@ index cb3c591..0617fa7 100644
  /*
   * End of kprobes section
 diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c
-index 1d41402..af9a46a 100644
+index 42a392a..fbbd930 100644
 --- a/arch/x86/kernel/ftrace.c
 +++ b/arch/x86/kernel/ftrace.c
 @@ -105,6 +105,8 @@ ftrace_modify_code_direct(unsigned long ip, unsigned const char *old_code,
@@ -20404,8 +19926,8 @@ index 1d41402..af9a46a 100644
  	 * kernel identity mapping to modify code.
  	 */
  	if (within(ip, (unsigned long)_text, (unsigned long)_etext))
--		ip = (unsigned long)__va(__pa(ip));
-+		ip = (unsigned long)__va(__pa(ktla_ktva(ip)));
+-		ip = (unsigned long)__va(__pa_symbol(ip));
++		ip = (unsigned long)__va(__pa_symbol(ktla_ktva(ip)));
  
  	return probe_kernel_write((void *)ip, val, size);
  }
@@ -20436,30 +19958,20 @@ index 1d41402..af9a46a 100644
  	if (probe_kernel_read(code, (void *)ip, MCOUNT_INSN_SIZE))
  		return -EFAULT;
  
-diff --git a/arch/x86/kernel/head32.c b/arch/x86/kernel/head32.c
-index c18f59d..9c0c9f6 100644
---- a/arch/x86/kernel/head32.c
-+++ b/arch/x86/kernel/head32.c
-@@ -18,6 +18,7 @@
- #include <asm/io_apic.h>
- #include <asm/bios_ebda.h>
- #include <asm/tlbflush.h>
-+#include <asm/boot.h>
- 
- static void __init i386_default_early_setup(void)
- {
-@@ -30,8 +31,7 @@ static void __init i386_default_early_setup(void)
+diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c
+index 1c68ccb..b4bc15c 100644
+--- a/arch/x86/kernel/head64.c
++++ b/arch/x86/kernel/head64.c
+@@ -175,7 +175,6 @@ void __init x86_64_start_kernel(char * real_mode_data)
+ 	if (console_loglevel == 10)
+ 		early_printk("Kernel alive\n");
  
- void __init i386_start_kernel(void)
- {
--	memblock_reserve(__pa_symbol(&_text),
--			 __pa_symbol(&__bss_stop) - __pa_symbol(&_text));
-+	memblock_reserve(LOAD_PHYSICAL_ADDR, __pa_symbol(&__bss_stop) - LOAD_PHYSICAL_ADDR);
+-	clear_page(init_level4_pgt);
+ 	/* set init_level4_pgt kernel high mapping*/
+ 	init_level4_pgt[511] = early_level4_pgt[511];
  
- #ifdef CONFIG_BLK_DEV_INITRD
- 	/* Reserve INITRD */
 diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S
-index c8932c7..d56b622 100644
+index 73afd11..d1670f5 100644
 --- a/arch/x86/kernel/head_32.S
 +++ b/arch/x86/kernel/head_32.S
 @@ -26,6 +26,12 @@
@@ -20575,7 +20087,7 @@ index c8932c7..d56b622 100644
  /*
   * Clear BSS first so that there are no surprises...
   */
-@@ -196,8 +264,11 @@ ENTRY(startup_32)
+@@ -201,8 +269,11 @@ ENTRY(startup_32)
  	movl %eax, pa(max_pfn_mapped)
  
  	/* Do early initialization of the fixmap area */
@@ -20589,7 +20101,7 @@ index c8932c7..d56b622 100644
  #else	/* Not PAE */
  
  page_pde_offset = (__PAGE_OFFSET >> 20);
-@@ -227,8 +298,11 @@ page_pde_offset = (__PAGE_OFFSET >> 20);
+@@ -232,8 +303,11 @@ page_pde_offset = (__PAGE_OFFSET >> 20);
  	movl %eax, pa(max_pfn_mapped)
  
  	/* Do early initialization of the fixmap area */
@@ -20603,7 +20115,7 @@ index c8932c7..d56b622 100644
  #endif
  
  #ifdef CONFIG_PARAVIRT
-@@ -242,9 +316,7 @@ page_pde_offset = (__PAGE_OFFSET >> 20);
+@@ -247,9 +321,7 @@ page_pde_offset = (__PAGE_OFFSET >> 20);
  	cmpl $num_subarch_entries, %eax
  	jae bad_subarch
  
@@ -20614,7 +20126,7 @@ index c8932c7..d56b622 100644
  
  bad_subarch:
  WEAK(lguest_entry)
-@@ -256,10 +328,10 @@ WEAK(xen_entry)
+@@ -261,10 +333,10 @@ WEAK(xen_entry)
  	__INITDATA
  
  subarch_entries:
@@ -20629,25 +20141,25 @@ index c8932c7..d56b622 100644
  num_subarch_entries = (. - subarch_entries) / 4
  .previous
  #else
-@@ -335,6 +407,7 @@ default_entry:
+@@ -355,6 +427,7 @@ default_entry:
  	movl pa(mmu_cr4_features),%eax
  	movl %eax,%cr4
  
 +#ifdef CONFIG_X86_PAE
  	testb $X86_CR4_PAE, %al		# check if PAE is enabled
- 	jz 6f
+ 	jz enable_paging
  
-@@ -363,6 +436,9 @@ default_entry:
+@@ -383,6 +456,9 @@ default_entry:
  	/* Make changes effective */
  	wrmsr
  
 +	btsl $_PAGE_BIT_NX-32,pa(__supported_pte_mask+4)
 +#endif
 +
- 6:
+ enable_paging:
  
  /*
-@@ -460,14 +536,20 @@ is386:	movl $2,%ecx		# set MP
+@@ -451,14 +527,20 @@ is486:
  1:	movl $(__KERNEL_DS),%eax	# reload all the segment registers
  	movl %eax,%ss			# after changing gdt.
  
@@ -20669,7 +20181,7 @@ index c8932c7..d56b622 100644
  	movl %eax,%gs
  
  	xorl %eax,%eax			# Clear LDT
-@@ -544,8 +626,11 @@ setup_once:
+@@ -534,8 +616,11 @@ setup_once:
  	 * relocation.  Manually set base address in stack canary
  	 * segment descriptor.
  	 */
@@ -20682,7 +20194,7 @@ index c8932c7..d56b622 100644
  	movw %cx, 8 * GDT_ENTRY_STACK_CANARY + 2(%eax)
  	shrl $16, %ecx
  	movb %cl, 8 * GDT_ENTRY_STACK_CANARY + 4(%eax)
-@@ -576,7 +661,7 @@ ENDPROC(early_idt_handlers)
+@@ -566,7 +651,7 @@ ENDPROC(early_idt_handlers)
  	/* This is global to keep gas from relaxing the jumps */
  ENTRY(early_idt_handler)
  	cld
@@ -20691,7 +20203,7 @@ index c8932c7..d56b622 100644
  	je hlt_loop
  	incl %ss:early_recursion_flag
  
-@@ -614,8 +699,8 @@ ENTRY(early_idt_handler)
+@@ -604,8 +689,8 @@ ENTRY(early_idt_handler)
  	pushl (20+6*4)(%esp)	/* trapno */
  	pushl $fault_msg
  	call printk
@@ -20701,7 +20213,7 @@ index c8932c7..d56b622 100644
  hlt_loop:
  	hlt
  	jmp hlt_loop
-@@ -634,8 +719,11 @@ ENDPROC(early_idt_handler)
+@@ -624,8 +709,11 @@ ENDPROC(early_idt_handler)
  /* This is the default interrupt "handler" :-) */
  	ALIGN
  ignore_int:
@@ -20714,7 +20226,7 @@ index c8932c7..d56b622 100644
  	pushl %eax
  	pushl %ecx
  	pushl %edx
-@@ -644,9 +732,6 @@ ignore_int:
+@@ -634,9 +722,6 @@ ignore_int:
  	movl $(__KERNEL_DS),%eax
  	movl %eax,%ds
  	movl %eax,%es
@@ -20724,7 +20236,7 @@ index c8932c7..d56b622 100644
  	pushl 16(%esp)
  	pushl 24(%esp)
  	pushl 32(%esp)
-@@ -680,29 +765,43 @@ ENTRY(setup_once_ref)
+@@ -670,29 +755,43 @@ ENTRY(setup_once_ref)
  /*
   * BSS section
   */
@@ -20773,7 +20285,7 @@ index c8932c7..d56b622 100644
  ENTRY(initial_page_table)
  	.long	pa(initial_pg_pmd+PGD_IDENT_ATTR),0	/* low identity map */
  # if KPMDS == 3
-@@ -721,12 +820,20 @@ ENTRY(initial_page_table)
+@@ -711,12 +810,20 @@ ENTRY(initial_page_table)
  #  error "Kernel PMDs should be 1, 2 or 3"
  # endif
  	.align PAGE_SIZE		/* needs to be page-sized too */
@@ -20795,7 +20307,7 @@ index c8932c7..d56b622 100644
  
  __INITRODATA
  int_msg:
-@@ -754,7 +861,7 @@ fault_msg:
+@@ -744,7 +851,7 @@ fault_msg:
   * segment size, and 32-bit linear address value:
   */
  
@@ -20804,7 +20316,7 @@ index c8932c7..d56b622 100644
  .globl boot_gdt_descr
  .globl idt_descr
  
-@@ -763,7 +870,7 @@ fault_msg:
+@@ -753,7 +860,7 @@ fault_msg:
  	.word 0				# 32 bit align gdt_desc.address
  boot_gdt_descr:
  	.word __BOOT_DS+7
@@ -20813,7 +20325,7 @@ index c8932c7..d56b622 100644
  
  	.word 0				# 32-bit align idt_desc.address
  idt_descr:
-@@ -774,7 +881,7 @@ idt_descr:
+@@ -764,7 +871,7 @@ idt_descr:
  	.word 0				# 32 bit align gdt_desc.address
  ENTRY(early_gdt_descr)
  	.word GDT_ENTRIES*8-1
@@ -20822,7 +20334,7 @@ index c8932c7..d56b622 100644
  
  /*
   * The boot_gdt must mirror the equivalent in setup.S and is
-@@ -783,5 +890,65 @@ ENTRY(early_gdt_descr)
+@@ -773,5 +880,65 @@ ENTRY(early_gdt_descr)
  	.align L1_CACHE_BYTES
  ENTRY(boot_gdt)
  	.fill GDT_ENTRY_BOOT_CS,8,0
@@ -20891,7 +20403,7 @@ index c8932c7..d56b622 100644
 +	.fill PAGE_SIZE_asm - GDT_SIZE,1,0
 +	.endr
 diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
-index 980053c..74d3b44 100644
+index 08f7e80..40cbed5 100644
 --- a/arch/x86/kernel/head_64.S
 +++ b/arch/x86/kernel/head_64.S
 @@ -20,6 +20,8 @@
@@ -20916,65 +20428,34 @@ index 980053c..74d3b44 100644
  
  	.text
  	__HEAD
-@@ -88,35 +96,23 @@ startup_64:
+@@ -89,11 +97,15 @@ startup_64:
+ 	 * Fixup the physical addresses in the page table
  	 */
- 	addq	%rbp, init_level4_pgt + 0(%rip)
- 	addq	%rbp, init_level4_pgt + (L4_PAGE_OFFSET*8)(%rip)
+ 	addq	%rbp, early_level4_pgt + (L4_START_KERNEL*8)(%rip)
 +	addq	%rbp, init_level4_pgt + (L4_VMALLOC_START*8)(%rip)
 +	addq	%rbp, init_level4_pgt + (L4_VMALLOC_END*8)(%rip)
 +	addq	%rbp, init_level4_pgt + (L4_VMEMMAP_START*8)(%rip)
- 	addq	%rbp, init_level4_pgt + (L4_START_KERNEL*8)(%rip)
- 
- 	addq	%rbp, level3_ident_pgt + 0(%rip)
-+#ifndef CONFIG_XEN
-+	addq	%rbp, level3_ident_pgt + 8(%rip)
-+#endif
  
--	addq	%rbp, level3_kernel_pgt + (510*8)(%rip)
--	addq	%rbp, level3_kernel_pgt + (511*8)(%rip)
-+	addq	%rbp, level3_vmemmap_pgt + (L3_VMEMMAP_START*8)(%rip)
-+
-+	addq	%rbp, level3_kernel_pgt + (L3_START_KERNEL*8)(%rip)
-+	addq	%rbp, level3_kernel_pgt + (L3_START_KERNEL*8+8)(%rip)
+ 	addq	%rbp, level3_kernel_pgt + (510*8)(%rip)
+ 	addq	%rbp, level3_kernel_pgt + (511*8)(%rip)
  
  	addq	%rbp, level2_fixmap_pgt + (506*8)(%rip)
--
--	/* Add an Identity mapping if I am above 1G */
--	leaq	_text(%rip), %rdi
--	andq	$PMD_PAGE_MASK, %rdi
--
--	movq	%rdi, %rax
--	shrq	$PUD_SHIFT, %rax
--	andq	$(PTRS_PER_PUD - 1), %rax
--	jz	ident_complete
--
--	leaq	(level2_spare_pgt - __START_KERNEL_map + _KERNPG_TABLE)(%rbp), %rdx
--	leaq	level3_ident_pgt(%rip), %rbx
--	movq	%rdx, 0(%rbx, %rax, 8)
--
--	movq	%rdi, %rax
--	shrq	$PMD_SHIFT, %rax
--	andq	$(PTRS_PER_PMD - 1), %rax
--	leaq	__PAGE_KERNEL_IDENT_LARGE_EXEC(%rdi), %rdx
--	leaq	level2_spare_pgt(%rip), %rbx
--	movq	%rdx, 0(%rbx, %rax, 8)
--ident_complete:
 +	addq	%rbp, level2_fixmap_pgt + (507*8)(%rip)
  
  	/*
- 	 * Fixup the kernel text+data virtual addresses. Note that
-@@ -159,8 +155,8 @@ ENTRY(secondary_startup_64)
- 	 * after the boot processor executes this code.
- 	 */
+ 	 * Set up the identity mapping for the switchover.  These
+@@ -175,8 +187,8 @@ ENTRY(secondary_startup_64)
+ 	movq	$(init_level4_pgt - __START_KERNEL_map), %rax
+ 1:
  
 -	/* Enable PAE mode and PGE */
--	movl	$(X86_CR4_PAE | X86_CR4_PGE), %eax
+-	movl	$(X86_CR4_PAE | X86_CR4_PGE), %ecx
 +	/* Enable PAE mode and PSE/PGE */
-+	movl	$(X86_CR4_PSE | X86_CR4_PAE | X86_CR4_PGE), %eax
- 	movq	%rax, %cr4
++	movl	$(X86_CR4_PSE | X86_CR4_PAE | X86_CR4_PGE), %ecx
+ 	movq	%rcx, %cr4
  
  	/* Setup early boot stage 4 level pagetables. */
-@@ -182,9 +178,17 @@ ENTRY(secondary_startup_64)
+@@ -197,10 +209,18 @@ ENTRY(secondary_startup_64)
  	movl	$MSR_EFER, %ecx
  	rdmsr
  	btsl	$_EFER_SCE, %eax	/* Enable System Call */
@@ -20982,6 +20463,7 @@ index 980053c..74d3b44 100644
 +	btl	$(X86_FEATURE_NX & 31),%edi	/* No Execute supported? */
  	jnc     1f
  	btsl	$_EFER_NX, %eax
+ 	btsq	$_PAGE_BIT_NX,early_pmd_flags(%rip)
 +	leaq	init_level4_pgt(%rip), %rdi
 +#ifndef CONFIG_EFI
 +	btsq	$_PAGE_BIT_NX, 8*L4_PAGE_OFFSET(%rdi)
@@ -20993,24 +20475,15 @@ index 980053c..74d3b44 100644
  1:	wrmsr				/* Make changes effective */
  
  	/* Setup cr0 */
-@@ -246,6 +250,7 @@ ENTRY(secondary_startup_64)
- 	 * jump.  In addition we need to ensure %cs is set so we make this
- 	 * a far return.
+@@ -280,6 +300,7 @@ ENTRY(secondary_startup_64)
+ 	 *	REX.W + FF /5 JMP m16:64 Jump far, absolute indirect,
+ 	 *		address given in m16:64.
  	 */
 +	pax_set_fptr_mask
  	movq	initial_code(%rip),%rax
  	pushq	$0		# fake return address to stop unwinder
  	pushq	$__KERNEL_CS	# set correct cs
-@@ -284,7 +289,7 @@ ENDPROC(start_cpu0)
- bad_address:
- 	jmp bad_address
- 
--	.section ".init.text","ax"
-+	__INIT
- 	.globl early_idt_handlers
- early_idt_handlers:
- 	# 104(%rsp) %rflags
-@@ -343,7 +348,7 @@ ENTRY(early_idt_handler)
+@@ -386,7 +407,7 @@ ENTRY(early_idt_handler)
  	call dump_stack
  #ifdef CONFIG_KALLSYMS	
  	leaq early_idt_ripmsg(%rip),%rdi
@@ -21019,51 +20492,35 @@ index 980053c..74d3b44 100644
  	call __print_symbol
  #endif
  #endif /* EARLY_PRINTK */
-@@ -363,11 +368,15 @@ ENTRY(early_idt_handler)
- 	addq $16,%rsp		# drop vector number and error code
- 	decl early_recursion_flag(%rip)
- 	INTERRUPT_RETURN
-+	.previous
- 
-+	__INITDATA
- 	.balign 4
+@@ -414,6 +435,7 @@ ENDPROC(early_idt_handler)
  early_recursion_flag:
  	.long 0
-+	.previous
  
 +	.section .rodata,"a",@progbits
  #ifdef CONFIG_EARLY_PRINTK
  early_idt_msg:
  	.asciz "PANIC: early exception %02lx rip %lx:%lx error %lx cr2 %lx\n"
-@@ -376,6 +385,7 @@ early_idt_ripmsg:
- #endif /* CONFIG_EARLY_PRINTK */
- 	.previous
+@@ -443,27 +465,50 @@ NEXT_PAGE(early_dynamic_pgts)
  
-+	.section .rodata,"a",@progbits
- #define NEXT_PAGE(name) \
- 	.balign	PAGE_SIZE; \
- ENTRY(name)
-@@ -388,7 +398,6 @@ ENTRY(name)
- 	i = i + 1 ;					\
- 	.endr
+ 	.data
  
--	.data
- 	/*
- 	 * This default setting generates an ident mapping at address 0x100000
- 	 * and a mapping for the kernel that precisely maps virtual address
-@@ -399,13 +408,41 @@ NEXT_PAGE(init_level4_pgt)
- 	.quad	level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE
- 	.org	init_level4_pgt + L4_PAGE_OFFSET*8, 0
- 	.quad	level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE
+-#ifndef CONFIG_XEN
+ NEXT_PAGE(init_level4_pgt)
+-	.fill	512,8,0
+-#else
+-NEXT_PAGE(init_level4_pgt)
+-	.quad   level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE
+ 	.org    init_level4_pgt + L4_PAGE_OFFSET*8, 0
+ 	.quad   level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE
 +	.org	init_level4_pgt + L4_VMALLOC_START*8, 0
 +	.quad	level3_vmalloc_start_pgt - __START_KERNEL_map + _KERNPG_TABLE
 +	.org	init_level4_pgt + L4_VMALLOC_END*8, 0
 +	.quad	level3_vmalloc_end_pgt - __START_KERNEL_map + _KERNPG_TABLE
 +	.org	init_level4_pgt + L4_VMEMMAP_START*8, 0
 +	.quad	level3_vmemmap_pgt - __START_KERNEL_map + _KERNPG_TABLE
- 	.org	init_level4_pgt + L4_START_KERNEL*8, 0
+ 	.org    init_level4_pgt + L4_START_KERNEL*8, 0
  	/* (2^48-(2*1024*1024*1024))/(2^39) = 511 */
- 	.quad	level3_kernel_pgt - __START_KERNEL_map + _PAGE_TABLE
+ 	.quad   level3_kernel_pgt - __START_KERNEL_map + _PAGE_TABLE
  
 +#ifdef CONFIG_PAX_PER_CPU_PGD
 +NEXT_PAGE(cpu_pgd)
@@ -21075,7 +20532,7 @@ index 980053c..74d3b44 100644
  NEXT_PAGE(level3_ident_pgt)
  	.quad	level2_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE
 +#ifdef CONFIG_XEN
- 	.fill	511,8,0
+ 	.fill	511, 8, 0
 +#else
 +	.quad	level2_ident_pgt + PAGE_SIZE - __START_KERNEL_map + _KERNPG_TABLE
 +	.fill	510,8,0
@@ -21090,16 +20547,31 @@ index 980053c..74d3b44 100644
 +NEXT_PAGE(level3_vmemmap_pgt)
 +	.fill	L3_VMEMMAP_START,8,0
 +	.quad	level2_vmemmap_pgt - __START_KERNEL_map + _KERNPG_TABLE
++
+ NEXT_PAGE(level2_ident_pgt)
+-	/* Since I easily can, map the first 1G.
++	/* Since I easily can, map the first 2G.
+ 	 * Don't set NX because code runs from these pages.
+ 	 */
+-	PMDS(0, __PAGE_KERNEL_IDENT_LARGE_EXEC, PTRS_PER_PMD)
+-#endif
++	PMDS(0, __PAGE_KERNEL_IDENT_LARGE_EXEC, 2*PTRS_PER_PMD)
  
  NEXT_PAGE(level3_kernel_pgt)
  	.fill	L3_START_KERNEL,8,0
-@@ -413,20 +450,23 @@ NEXT_PAGE(level3_kernel_pgt)
+@@ -471,6 +516,9 @@ NEXT_PAGE(level3_kernel_pgt)
  	.quad	level2_kernel_pgt - __START_KERNEL_map + _KERNPG_TABLE
  	.quad	level2_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE
  
 +NEXT_PAGE(level2_vmemmap_pgt)
 +	.fill	512,8,0
 +
+ NEXT_PAGE(level2_kernel_pgt)
+ 	/*
+ 	 * 512 MB kernel mapping. We spend a full page on this pagetable
+@@ -486,38 +534,64 @@ NEXT_PAGE(level2_kernel_pgt)
+ 		KERNEL_IMAGE_SIZE/PMD_SIZE)
+ 
  NEXT_PAGE(level2_fixmap_pgt)
 -	.fill	506,8,0
 -	.quad	level1_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE
@@ -21114,30 +20586,7 @@ index 980053c..74d3b44 100644
 +NEXT_PAGE(level1_vsyscall_pgt)
  	.fill	512,8,0
  
--NEXT_PAGE(level2_ident_pgt)
--	/* Since I easily can, map the first 1G.
-+	/* Since I easily can, map the first 2G.
- 	 * Don't set NX because code runs from these pages.
- 	 */
--	PMDS(0, __PAGE_KERNEL_IDENT_LARGE_EXEC, PTRS_PER_PMD)
-+NEXT_PAGE(level2_ident_pgt)
-+	PMDS(0, __PAGE_KERNEL_IDENT_LARGE_EXEC, 2*PTRS_PER_PMD)
- 
- NEXT_PAGE(level2_kernel_pgt)
- 	/*
-@@ -439,37 +479,59 @@ NEXT_PAGE(level2_kernel_pgt)
- 	 *  If you want to increase this then increase MODULES_VADDR
- 	 *  too.)
- 	 */
--	PMDS(0, __PAGE_KERNEL_LARGE_EXEC,
--		KERNEL_IMAGE_SIZE/PMD_SIZE)
--
--NEXT_PAGE(level2_spare_pgt)
--	.fill   512, 8, 0
-+	PMDS(0, __PAGE_KERNEL_LARGE_EXEC, KERNEL_IMAGE_SIZE/PMD_SIZE)
- 
  #undef PMDS
- #undef NEXT_PAGE
  
 -	.data
 +	.align PAGE_SIZE
@@ -21195,9 +20644,9 @@ index 980053c..74d3b44 100644
 +	.fill 512,8,0
  
  	__PAGE_ALIGNED_BSS
- 	.align PAGE_SIZE
+ NEXT_PAGE(empty_zero_page)
 diff --git a/arch/x86/kernel/i386_ksyms_32.c b/arch/x86/kernel/i386_ksyms_32.c
-index 9c3bd4a..e1d9b35 100644
+index 0fa6912..37fce70 100644
 --- a/arch/x86/kernel/i386_ksyms_32.c
 +++ b/arch/x86/kernel/i386_ksyms_32.c
 @@ -20,8 +20,12 @@ extern void cmpxchg8b_emu(void);
@@ -21213,7 +20662,7 @@ index 9c3bd4a..e1d9b35 100644
  
  EXPORT_SYMBOL(__get_user_1);
  EXPORT_SYMBOL(__get_user_2);
-@@ -36,3 +40,7 @@ EXPORT_SYMBOL(strstr);
+@@ -37,3 +41,7 @@ EXPORT_SYMBOL(strstr);
  
  EXPORT_SYMBOL(csum_partial);
  EXPORT_SYMBOL(empty_zero_page);
@@ -21289,7 +20738,7 @@ index a979b5b..1d6db75 100644
  		.callback	= dmi_io_delay_0xed_port,
  		.ident		= "Compaq Presario V6000",
 diff --git a/arch/x86/kernel/ioport.c b/arch/x86/kernel/ioport.c
-index 8c96897..be66bfa 100644
+index 4ddaf66..6292f4e 100644
 --- a/arch/x86/kernel/ioport.c
 +++ b/arch/x86/kernel/ioport.c
 @@ -6,6 +6,7 @@
@@ -21322,7 +20771,7 @@ index 8c96897..be66bfa 100644
  
  	if (turn_on)
  		bitmap_clear(t->io_bitmap_ptr, from, num);
-@@ -102,6 +109,12 @@ long sys_iopl(unsigned int level, struct pt_regs *regs)
+@@ -103,6 +110,12 @@ SYSCALL_DEFINE1(iopl, unsigned int, level)
  		return -EINVAL;
  	/* Trying to gain more privileges? */
  	if (level > old) {
@@ -21638,64 +21087,13 @@ index 836f832..a8bda67 100644
  				  (char *)bpt->saved_instr, BREAK_INSTR_SIZE);
  }
  
-diff --git a/arch/x86/kernel/kprobes-opt.c b/arch/x86/kernel/kprobes-opt.c
-index c5e410e..ed5a7f0 100644
---- a/arch/x86/kernel/kprobes-opt.c
-+++ b/arch/x86/kernel/kprobes-opt.c
-@@ -338,7 +338,7 @@ int __kprobes arch_prepare_optimized_kprobe(struct optimized_kprobe *op)
- 	 * Verify if the address gap is in 2GB range, because this uses
- 	 * a relative jump.
- 	 */
--	rel = (long)op->optinsn.insn - (long)op->kp.addr + RELATIVEJUMP_SIZE;
-+	rel = (long)op->optinsn.insn - ktla_ktva((long)op->kp.addr) + RELATIVEJUMP_SIZE;
- 	if (abs(rel) > 0x7fffffff)
- 		return -ERANGE;
- 
-@@ -353,16 +353,16 @@ int __kprobes arch_prepare_optimized_kprobe(struct optimized_kprobe *op)
- 	op->optinsn.size = ret;
- 
- 	/* Copy arch-dep-instance from template */
--	memcpy(buf, &optprobe_template_entry, TMPL_END_IDX);
-+	memcpy(buf, ktla_ktva(&optprobe_template_entry), TMPL_END_IDX);
- 
- 	/* Set probe information */
- 	synthesize_set_arg1(buf + TMPL_MOVE_IDX, (unsigned long)op);
- 
- 	/* Set probe function call */
--	synthesize_relcall(buf + TMPL_CALL_IDX, optimized_callback);
-+	synthesize_relcall(ktva_ktla(buf) + TMPL_CALL_IDX, optimized_callback);
- 
- 	/* Set returning jmp instruction at the tail of out-of-line buffer */
--	synthesize_reljump(buf + TMPL_END_IDX + op->optinsn.size,
-+	synthesize_reljump(ktva_ktla(buf) + TMPL_END_IDX + op->optinsn.size,
- 			   (u8 *)op->kp.addr + op->optinsn.size);
- 
- 	flush_icache_range((unsigned long) buf,
-@@ -385,7 +385,7 @@ static void __kprobes setup_optimize_kprobe(struct text_poke_param *tprm,
- 			((long)op->kp.addr + RELATIVEJUMP_SIZE));
- 
- 	/* Backup instructions which will be replaced by jump address */
--	memcpy(op->optinsn.copied_insn, op->kp.addr + INT3_SIZE,
-+	memcpy(op->optinsn.copied_insn, ktla_ktva(op->kp.addr) + INT3_SIZE,
- 	       RELATIVE_ADDR_SIZE);
- 
- 	insn_buf[0] = RELATIVEJUMP_OPCODE;
-@@ -483,7 +483,7 @@ setup_detour_execution(struct kprobe *p, struct pt_regs *regs, int reenter)
- 		/* This kprobe is really able to run optimized path. */
- 		op = container_of(p, struct optimized_kprobe, kp);
- 		/* Detour through copied instructions */
--		regs->ip = (unsigned long)op->optinsn.insn + TMPL_END_IDX;
-+		regs->ip = ktva_ktla((unsigned long)op->optinsn.insn) + TMPL_END_IDX;
- 		if (!reenter)
- 			reset_current_kprobe();
- 		preempt_enable_no_resched();
-diff --git a/arch/x86/kernel/kprobes.c b/arch/x86/kernel/kprobes.c
-index 57916c0..9e0b9d0 100644
---- a/arch/x86/kernel/kprobes.c
-+++ b/arch/x86/kernel/kprobes.c
+diff --git a/arch/x86/kernel/kprobes/core.c b/arch/x86/kernel/kprobes/core.c
+index 7bfe318..383d238 100644
+--- a/arch/x86/kernel/kprobes/core.c
++++ b/arch/x86/kernel/kprobes/core.c
 @@ -119,9 +119,12 @@ static void __kprobes __synthesize_relative_insn(void *from, void *to, u8 op)
  		s32 raddr;
- 	} __attribute__((packed)) *insn;
+ 	} __packed *insn;
  
 -	insn = (struct __arch_relative_insn *)from;
 +	insn = (struct __arch_relative_insn *)ktla_ktva(from);
@@ -21748,7 +21146,7 @@ index 57916c0..9e0b9d0 100644
  	}
  #endif
  	return insn.length;
-@@ -485,7 +492,7 @@ setup_singlestep(struct kprobe *p, struct pt_regs *regs, struct kprobe_ctlblk *k
+@@ -488,7 +495,7 @@ setup_singlestep(struct kprobe *p, struct pt_regs *regs, struct kprobe_ctlblk *k
  		 * nor set current_kprobe, because it doesn't use single
  		 * stepping.
  		 */
@@ -21757,7 +21155,7 @@ index 57916c0..9e0b9d0 100644
  		preempt_enable_no_resched();
  		return;
  	}
-@@ -502,9 +509,9 @@ setup_singlestep(struct kprobe *p, struct pt_regs *regs, struct kprobe_ctlblk *k
+@@ -505,9 +512,9 @@ setup_singlestep(struct kprobe *p, struct pt_regs *regs, struct kprobe_ctlblk *k
  	regs->flags &= ~X86_EFLAGS_IF;
  	/* single step inline if the instruction is an int3 */
  	if (p->opcode == BREAKPOINT_INSTRUCTION)
@@ -21769,7 +21167,7 @@ index 57916c0..9e0b9d0 100644
  }
  
  /*
-@@ -600,7 +607,7 @@ static int __kprobes kprobe_handler(struct pt_regs *regs)
+@@ -586,7 +593,7 @@ static int __kprobes kprobe_handler(struct pt_regs *regs)
  				setup_singlestep(p, regs, kcb, 0);
  			return 1;
  		}
@@ -21778,7 +21176,7 @@ index 57916c0..9e0b9d0 100644
  		/*
  		 * The breakpoint instruction was removed right
  		 * after we hit it.  Another cpu has removed
-@@ -651,6 +658,9 @@ static void __used __kprobes kretprobe_trampoline_holder(void)
+@@ -632,6 +639,9 @@ static void __used __kprobes kretprobe_trampoline_holder(void)
  			"	movq %rax, 152(%rsp)\n"
  			RESTORE_REGS_STRING
  			"	popfq\n"
@@ -21788,7 +21186,7 @@ index 57916c0..9e0b9d0 100644
  #else
  			"	pushf\n"
  			SAVE_REGS_STRING
-@@ -788,7 +798,7 @@ static void __kprobes
+@@ -769,7 +779,7 @@ static void __kprobes
  resume_execution(struct kprobe *p, struct pt_regs *regs, struct kprobe_ctlblk *kcb)
  {
  	unsigned long *tos = stack_addr(regs);
@@ -21797,7 +21195,7 @@ index 57916c0..9e0b9d0 100644
  	unsigned long orig_ip = (unsigned long)p->addr;
  	kprobe_opcode_t *insn = p->ainsn.insn;
  
-@@ -970,7 +980,7 @@ kprobe_exceptions_notify(struct notifier_block *self, unsigned long val, void *d
+@@ -951,7 +961,7 @@ kprobe_exceptions_notify(struct notifier_block *self, unsigned long val, void *d
  	struct die_args *args = data;
  	int ret = NOTIFY_DONE;
  
@@ -21806,11 +21204,80 @@ index 57916c0..9e0b9d0 100644
  		return ret;
  
  	switch (val) {
+diff --git a/arch/x86/kernel/kprobes/opt.c b/arch/x86/kernel/kprobes/opt.c
+index 76dc6f0..66bdfc3 100644
+--- a/arch/x86/kernel/kprobes/opt.c
++++ b/arch/x86/kernel/kprobes/opt.c
+@@ -79,6 +79,7 @@ found:
+ /* Insert a move instruction which sets a pointer to eax/rdi (1st arg). */
+ static void __kprobes synthesize_set_arg1(kprobe_opcode_t *addr, unsigned long val)
+ {
++	pax_open_kernel();
+ #ifdef CONFIG_X86_64
+ 	*addr++ = 0x48;
+ 	*addr++ = 0xbf;
+@@ -86,6 +87,7 @@ static void __kprobes synthesize_set_arg1(kprobe_opcode_t *addr, unsigned long v
+ 	*addr++ = 0xb8;
+ #endif
+ 	*(unsigned long *)addr = val;
++	pax_close_kernel();
+ }
+ 
+ static void __used __kprobes kprobes_optinsn_template_holder(void)
+@@ -338,7 +340,7 @@ int __kprobes arch_prepare_optimized_kprobe(struct optimized_kprobe *op)
+ 	 * Verify if the address gap is in 2GB range, because this uses
+ 	 * a relative jump.
+ 	 */
+-	rel = (long)op->optinsn.insn - (long)op->kp.addr + RELATIVEJUMP_SIZE;
++	rel = (long)op->optinsn.insn - ktla_ktva((long)op->kp.addr) + RELATIVEJUMP_SIZE;
+ 	if (abs(rel) > 0x7fffffff)
+ 		return -ERANGE;
+ 
+@@ -353,16 +355,18 @@ int __kprobes arch_prepare_optimized_kprobe(struct optimized_kprobe *op)
+ 	op->optinsn.size = ret;
+ 
+ 	/* Copy arch-dep-instance from template */
+-	memcpy(buf, &optprobe_template_entry, TMPL_END_IDX);
++	pax_open_kernel();
++	memcpy(buf, ktla_ktva(&optprobe_template_entry), TMPL_END_IDX);
++	pax_close_kernel();
+ 
+ 	/* Set probe information */
+ 	synthesize_set_arg1(buf + TMPL_MOVE_IDX, (unsigned long)op);
+ 
+ 	/* Set probe function call */
+-	synthesize_relcall(buf + TMPL_CALL_IDX, optimized_callback);
++	synthesize_relcall(ktva_ktla(buf) + TMPL_CALL_IDX, optimized_callback);
+ 
+ 	/* Set returning jmp instruction at the tail of out-of-line buffer */
+-	synthesize_reljump(buf + TMPL_END_IDX + op->optinsn.size,
++	synthesize_reljump(ktva_ktla(buf) + TMPL_END_IDX + op->optinsn.size,
+ 			   (u8 *)op->kp.addr + op->optinsn.size);
+ 
+ 	flush_icache_range((unsigned long) buf,
+@@ -385,7 +389,7 @@ static void __kprobes setup_optimize_kprobe(struct text_poke_param *tprm,
+ 			((long)op->kp.addr + RELATIVEJUMP_SIZE));
+ 
+ 	/* Backup instructions which will be replaced by jump address */
+-	memcpy(op->optinsn.copied_insn, op->kp.addr + INT3_SIZE,
++	memcpy(op->optinsn.copied_insn, ktla_ktva(op->kp.addr) + INT3_SIZE,
+ 	       RELATIVE_ADDR_SIZE);
+ 
+ 	insn_buf[0] = RELATIVEJUMP_OPCODE;
+@@ -483,7 +487,7 @@ setup_detour_execution(struct kprobe *p, struct pt_regs *regs, int reenter)
+ 		/* This kprobe is really able to run optimized path. */
+ 		op = container_of(p, struct optimized_kprobe, kp);
+ 		/* Detour through copied instructions */
+-		regs->ip = (unsigned long)op->optinsn.insn + TMPL_END_IDX;
++		regs->ip = ktva_ktla((unsigned long)op->optinsn.insn) + TMPL_END_IDX;
+ 		if (!reenter)
+ 			reset_current_kprobe();
+ 		preempt_enable_no_resched();
 diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c
-index 9c2bd8b..bb1131c 100644
+index b686a90..60d36fb 100644
 --- a/arch/x86/kernel/kvm.c
 +++ b/arch/x86/kernel/kvm.c
-@@ -452,7 +452,7 @@ static int __cpuinit kvm_cpu_notify(struct notifier_block *self,
+@@ -453,7 +453,7 @@ static int __cpuinit kvm_cpu_notify(struct notifier_block *self,
  	return NOTIFY_OK;
  }
  
@@ -21919,10 +21386,10 @@ index 5b19e4d..6476a76 100644
  	relocate_kernel_ptr = control_page;
  	page_list[PA_CONTROL_PAGE] = __pa(control_page);
 diff --git a/arch/x86/kernel/microcode_core.c b/arch/x86/kernel/microcode_core.c
-index 3a04b22..1d2eb09 100644
+index 22db92b..d546bec 100644
 --- a/arch/x86/kernel/microcode_core.c
 +++ b/arch/x86/kernel/microcode_core.c
-@@ -512,7 +512,7 @@ mc_cpu_callback(struct notifier_block *nb, unsigned long action, void *hcpu)
+@@ -513,7 +513,7 @@ mc_cpu_callback(struct notifier_block *nb, unsigned long action, void *hcpu)
  	return NOTIFY_OK;
  }
  
@@ -21932,10 +21399,10 @@ index 3a04b22..1d2eb09 100644
  };
  
 diff --git a/arch/x86/kernel/microcode_intel.c b/arch/x86/kernel/microcode_intel.c
-index 3544aed..01ddc1c 100644
+index 5fb2ceb..3ae90bb 100644
 --- a/arch/x86/kernel/microcode_intel.c
 +++ b/arch/x86/kernel/microcode_intel.c
-@@ -431,13 +431,13 @@ static enum ucode_state request_microcode_fw(int cpu, struct device *device,
+@@ -293,13 +293,13 @@ static enum ucode_state request_microcode_fw(int cpu, struct device *device,
  
  static int get_ucode_user(void *to, const void *from, size_t n)
  {
@@ -22089,10 +21556,10 @@ index 216a4d7..228255a 100644
  			if ((s64)val != *(s32 *)loc)
  				goto overflow;
 diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c
-index 4929502..686c291 100644
+index ce13049..e2e9c3c 100644
 --- a/arch/x86/kernel/msr.c
 +++ b/arch/x86/kernel/msr.c
-@@ -234,7 +234,7 @@ static int __cpuinit msr_class_cpu_callback(struct notifier_block *nfb,
+@@ -233,7 +233,7 @@ static int __cpuinit msr_class_cpu_callback(struct notifier_block *nfb,
  	return notifier_from_errno(err);
  }
  
@@ -22102,7 +21569,7 @@ index 4929502..686c291 100644
  };
  
 diff --git a/arch/x86/kernel/nmi.c b/arch/x86/kernel/nmi.c
-index f84f5c5..f404e81 100644
+index 6030805..2d33f21 100644
 --- a/arch/x86/kernel/nmi.c
 +++ b/arch/x86/kernel/nmi.c
 @@ -105,7 +105,7 @@ static int __kprobes nmi_handle(unsigned int type, struct pt_regs *regs, bool b2
@@ -22363,7 +21830,7 @@ index 6c483ba..d10ce2f 100644
  
  static struct dma_map_ops swiotlb_dma_ops = {
 diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
-index 2ed787f..f70c9f6 100644
+index 14ae100..752a4f6 100644
 --- a/arch/x86/kernel/process.c
 +++ b/arch/x86/kernel/process.c
 @@ -36,7 +36,8 @@
@@ -22413,7 +21880,7 @@ index 2ed787f..f70c9f6 100644
  	flush_ptrace_hw_breakpoint(tsk);
  	memset(tsk->thread.tls_array, 0, sizeof(tsk->thread.tls_array));
  	drop_init_fpu(tsk);
-@@ -301,7 +305,7 @@ static void __exit_idle(void)
+@@ -295,7 +299,7 @@ static void __exit_idle(void)
  void exit_idle(void)
  {
  	/* idle loop has pid 0 */
@@ -22422,16 +21889,16 @@ index 2ed787f..f70c9f6 100644
  		return;
  	__exit_idle();
  }
-@@ -404,7 +408,7 @@ bool set_pm_idle_to_default(void)
- 
+@@ -398,7 +402,7 @@ bool xen_set_default_idle(void)
  	return ret;
  }
+ #endif
 -void stop_this_cpu(void *dummy)
 +__noreturn void stop_this_cpu(void *dummy)
  {
  	local_irq_disable();
  	/*
-@@ -632,16 +636,37 @@ static int __init idle_setup(char *str)
+@@ -544,16 +548,37 @@ static int __init idle_setup(char *str)
  }
  early_param("idle", idle_setup);
  
@@ -22587,7 +22054,7 @@ index b5a8905..d9cacac 100644
  }
 -
 diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
-index 6e68a61..955a9a5 100644
+index 0f49677..fcbf88c 100644
 --- a/arch/x86/kernel/process_64.c
 +++ b/arch/x86/kernel/process_64.c
 @@ -152,10 +152,11 @@ int copy_thread(unsigned long clone_flags, unsigned long sp,
@@ -22641,7 +22108,7 @@ index 6e68a61..955a9a5 100644
  		ip = *(u64 *)(fp+8);
  		if (!in_sched_functions(ip))
 diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c
-index b629bbe..0fa615a 100644
+index 29a8120..a50b5ee 100644
 --- a/arch/x86/kernel/ptrace.c
 +++ b/arch/x86/kernel/ptrace.c
 @@ -184,14 +184,13 @@ unsigned long kernel_stack_pointer(struct pt_regs *regs)
@@ -22941,10 +22408,18 @@ index 7a6f3b3..bed145d7 100644
  
  1:
 diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
-index 8b24289..d37b58b 100644
+index fae9134..b7d4a57 100644
 --- a/arch/x86/kernel/setup.c
 +++ b/arch/x86/kernel/setup.c
-@@ -437,7 +437,7 @@ static void __init parse_setup_data(void)
+@@ -111,6 +111,7 @@
+ #include <asm/mce.h>
+ #include <asm/alternative.h>
+ #include <asm/prom.h>
++#include <asm/boot.h>
+ 
+ /*
+  * max_low_pfn_mapped: highest direct mapped pfn under 4GB
+@@ -447,7 +448,7 @@ static void __init parse_setup_data(void)
  
  		switch (data->type) {
  		case SETUP_E820_EXT:
@@ -22953,7 +22428,7 @@ index 8b24289..d37b58b 100644
  			break;
  		case SETUP_DTB:
  			add_dtb(pa_data);
-@@ -706,7 +706,7 @@ static void __init trim_bios_range(void)
+@@ -774,7 +775,7 @@ static void __init trim_bios_range(void)
  	 * area (640->1Mb) as ram even though it is not.
  	 * take them out.
  	 */
@@ -22962,7 +22437,20 @@ index 8b24289..d37b58b 100644
  
  	sanitize_e820_map(e820.map, ARRAY_SIZE(e820.map), &e820.nr_map);
  }
-@@ -830,14 +830,14 @@ void __init setup_arch(char **cmdline_p)
+@@ -844,8 +845,12 @@ static void __init trim_low_memory_range(void)
+ 
+ void __init setup_arch(char **cmdline_p)
+ {
++#ifdef CONFIG_X86_32
++	memblock_reserve(LOAD_PHYSICAL_ADDR, __pa_symbol(__bss_stop) - ____LOAD_PHYSICAL_ADDR);
++#else
+ 	memblock_reserve(__pa_symbol(_text),
+ 			 (unsigned long)__bss_stop - (unsigned long)_text);
++#endif
+ 
+ 	early_reserve_initrd();
+ 
+@@ -937,14 +942,14 @@ void __init setup_arch(char **cmdline_p)
  
  	if (!boot_params.hdr.root_flags)
  		root_mountflags &= ~MS_RDONLY;
@@ -22973,15 +22461,15 @@ index 8b24289..d37b58b 100644
  	init_mm.end_data = (unsigned long) _edata;
  	init_mm.brk = _brk_end;
  
--	code_resource.start = virt_to_phys(_text);
--	code_resource.end = virt_to_phys(_etext)-1;
--	data_resource.start = virt_to_phys(_etext);
-+	code_resource.start = virt_to_phys(ktla_ktva(_text));
-+	code_resource.end = virt_to_phys(ktla_ktva(_etext))-1;
-+	data_resource.start = virt_to_phys(_sdata);
- 	data_resource.end = virt_to_phys(_edata)-1;
- 	bss_resource.start = virt_to_phys(&__bss_start);
- 	bss_resource.end = virt_to_phys(&__bss_stop)-1;
+-	code_resource.start = __pa_symbol(_text);
+-	code_resource.end = __pa_symbol(_etext)-1;
+-	data_resource.start = __pa_symbol(_etext);
++	code_resource.start = __pa_symbol(ktla_ktva(_text));
++	code_resource.end = __pa_symbol(ktla_ktva(_etext))-1;
++	data_resource.start = __pa_symbol(_sdata);
+ 	data_resource.end = __pa_symbol(_edata)-1;
+ 	bss_resource.start = __pa_symbol(__bss_start);
+ 	bss_resource.end = __pa_symbol(__bss_stop)-1;
 diff --git a/arch/x86/kernel/setup_percpu.c b/arch/x86/kernel/setup_percpu.c
 index 5cdff03..80fa283 100644
 --- a/arch/x86/kernel/setup_percpu.c
@@ -23059,7 +22547,7 @@ index 5cdff03..80fa283 100644
  		 * Up to this point, the boot CPU has been using .init.data
  		 * area.  Reload any changed state for the boot CPU.
 diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c
-index d6bf1f3..3ffce5a 100644
+index 6956299..6797253 100644
 --- a/arch/x86/kernel/signal.c
 +++ b/arch/x86/kernel/signal.c
 @@ -196,7 +196,7 @@ static unsigned long align_sigframe(unsigned long sp)
@@ -23071,7 +22559,7 @@ index d6bf1f3..3ffce5a 100644
  #else /* !CONFIG_X86_32 */
  	sp = round_down(sp, 16) - 8;
  #endif
-@@ -304,9 +304,9 @@ __setup_frame(int sig, struct k_sigaction *ka, sigset_t *set,
+@@ -304,9 +304,9 @@ __setup_frame(int sig, struct ksignal *ksig, sigset_t *set,
  	}
  
  	if (current->mm->context.vdso)
@@ -23080,10 +22568,10 @@ index d6bf1f3..3ffce5a 100644
  	else
 -		restorer = &frame->retcode;
 +		restorer = (void __user *)&frame->retcode;
- 	if (ka->sa.sa_flags & SA_RESTORER)
- 		restorer = ka->sa.sa_restorer;
+ 	if (ksig->ka.sa.sa_flags & SA_RESTORER)
+ 		restorer = ksig->ka.sa.sa_restorer;
  
-@@ -320,7 +320,7 @@ __setup_frame(int sig, struct k_sigaction *ka, sigset_t *set,
+@@ -320,7 +320,7 @@ __setup_frame(int sig, struct ksignal *ksig, sigset_t *set,
  	 * reasons and because gdb uses it as a signature to notice
  	 * signal handler stack frames.
  	 */
@@ -23092,7 +22580,7 @@ index d6bf1f3..3ffce5a 100644
  
  	if (err)
  		return -EFAULT;
-@@ -367,7 +367,10 @@ static int __setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info,
+@@ -367,7 +367,10 @@ static int __setup_rt_frame(int sig, struct ksignal *ksig,
  		err |= __save_altstack(&frame->uc.uc_stack, regs->sp);
  
  		/* Set up to return from userspace.  */
@@ -23100,11 +22588,11 @@ index d6bf1f3..3ffce5a 100644
 +		if (current->mm->context.vdso)
 +			restorer = (__force void __user *)VDSO32_SYMBOL(current->mm->context.vdso, rt_sigreturn);
 +		else
-+			restorer = (void __user *)&frame->retcode;
- 		if (ka->sa.sa_flags & SA_RESTORER)
- 			restorer = ka->sa.sa_restorer;
++		restorer = (void __user *)&frame->retcode;
+ 		if (ksig->ka.sa.sa_flags & SA_RESTORER)
+ 			restorer = ksig->ka.sa.sa_restorer;
  		put_user_ex(restorer, &frame->pretcode);
-@@ -379,7 +382,7 @@ static int __setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info,
+@@ -379,7 +382,7 @@ static int __setup_rt_frame(int sig, struct ksignal *ksig,
  		 * reasons and because gdb uses it as a signature to notice
  		 * signal handler stack frames.
  		 */
@@ -23112,7 +22600,7 @@ index d6bf1f3..3ffce5a 100644
 +		put_user_ex(*((u64 *)&rt_retcode), (u64 __user *)frame->retcode);
  	} put_user_catch(err);
  	
- 	err |= copy_siginfo_to_user(&frame->info, info);
+ 	err |= copy_siginfo_to_user(&frame->info, &ksig->info);
 diff --git a/arch/x86/kernel/smp.c b/arch/x86/kernel/smp.c
 index 48d2b7d..90d328a 100644
 --- a/arch/x86/kernel/smp.c
@@ -23127,7 +22615,7 @@ index 48d2b7d..90d328a 100644
  	.smp_prepare_cpus	= native_smp_prepare_cpus,
  	.smp_cpus_done		= native_smp_cpus_done,
 diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
-index ed0fe38..87fc692 100644
+index 9f190a2..90a0688 100644
 --- a/arch/x86/kernel/smpboot.c
 +++ b/arch/x86/kernel/smpboot.c
 @@ -748,6 +748,7 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu, struct task_struct *idle)
@@ -23465,7 +22953,7 @@ index 0000000..207bec6
 +	return addr;
 +}
 diff --git a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c
-index 97ef74b..57a1882 100644
+index dbded5a..7916f74 100644
 --- a/arch/x86/kernel/sys_x86_64.c
 +++ b/arch/x86/kernel/sys_x86_64.c
 @@ -81,8 +81,8 @@ out:
@@ -23516,7 +23004,23 @@ index 97ef74b..57a1882 100644
  			return addr;
  	}
  
-@@ -161,6 +165,10 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+@@ -137,6 +141,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
+ 	info.high_limit = end;
+ 	info.align_mask = filp ? get_align_mask() : 0;
+ 	info.align_offset = pgoff << PAGE_SHIFT;
++	info.threadstack_offset = offset;
+ 	return vm_unmapped_area(&info);
+ }
+ 
+@@ -149,6 +154,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+ 	struct mm_struct *mm = current->mm;
+ 	unsigned long addr = addr0;
+ 	struct vm_unmapped_area_info info;
++	unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags);
+ 
+ 	/* requested length too big for entire address space */
+ 	if (len > TASK_SIZE)
+@@ -161,6 +167,10 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
  	if (!test_thread_flag(TIF_ADDR32) && (flags & MAP_32BIT))
  		goto bottomup;
  
@@ -23527,6 +23031,14 @@ index 97ef74b..57a1882 100644
  	/* requesting a specific address */
  	if (addr) {
  		addr = PAGE_ALIGN(addr);
+@@ -176,6 +186,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+ 	info.high_limit = mm->mmap_base;
+ 	info.align_mask = filp ? get_align_mask() : 0;
+ 	info.align_offset = pgoff << PAGE_SHIFT;
++	info.threadstack_offset = offset;
+ 	addr = vm_unmapped_area(&info);
+ 	if (!(addr & ~PAGE_MASK))
+ 		return addr;
 diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c
 index f84fe00..f41d9f1 100644
 --- a/arch/x86/kernel/tboot.c
@@ -23647,7 +23159,7 @@ index 9d9d2f9..cad418a 100644
  	else
  		info = infobuf;
 diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c
-index ecffca1..95c4d13 100644
+index 68bda7a..3ec7bb7 100644
 --- a/arch/x86/kernel/traps.c
 +++ b/arch/x86/kernel/traps.c
 @@ -68,12 +68,6 @@
@@ -23803,7 +23315,7 @@ index ecffca1..95c4d13 100644
  		if (!fixup_exception(regs)) {
  			task->thread.error_code = error_code;
 diff --git a/arch/x86/kernel/uprobes.c b/arch/x86/kernel/uprobes.c
-index c71025b..b117501 100644
+index 0ba4cfb..4596bec 100644
 --- a/arch/x86/kernel/uprobes.c
 +++ b/arch/x86/kernel/uprobes.c
 @@ -629,7 +629,7 @@ int arch_uprobe_exception_notify(struct notifier_block *self, unsigned long val,
@@ -23828,7 +23340,7 @@ index b9242ba..50c5edd 100644
   *	verify_cpu, returns the status of longmode and SSE in register %eax.
   *		0: Success    1: Failure
 diff --git a/arch/x86/kernel/vm86_32.c b/arch/x86/kernel/vm86_32.c
-index 1dfe69c..a3df6f6 100644
+index 1cf5766..c0d9de7 100644
 --- a/arch/x86/kernel/vm86_32.c
 +++ b/arch/x86/kernel/vm86_32.c
 @@ -43,6 +43,7 @@
@@ -23848,7 +23360,7 @@ index 1dfe69c..a3df6f6 100644
  	current->thread.sp0 = current->thread.saved_sp0;
  	current->thread.sysenter_cs = __KERNEL_CS;
  	load_sp0(tss, &current->thread);
-@@ -212,6 +213,13 @@ int sys_vm86old(struct vm86_struct __user *v86, struct pt_regs *regs)
+@@ -212,6 +213,13 @@ int sys_vm86old(struct vm86_struct __user *v86)
  	struct task_struct *tsk;
  	int tmp, ret = -EPERM;
  
@@ -23862,7 +23374,7 @@ index 1dfe69c..a3df6f6 100644
  	tsk = current;
  	if (tsk->thread.saved_sp0)
  		goto out;
-@@ -242,6 +250,14 @@ int sys_vm86(unsigned long cmd, unsigned long arg, struct pt_regs *regs)
+@@ -242,6 +250,14 @@ int sys_vm86(unsigned long cmd, unsigned long arg)
  	int tmp, ret;
  	struct vm86plus_struct __user *v86;
  
@@ -24204,7 +23716,7 @@ index 9a907a6..f83f921 100644
  		     (unsigned long)VSYSCALL_START);
  
 diff --git a/arch/x86/kernel/x8664_ksyms_64.c b/arch/x86/kernel/x8664_ksyms_64.c
-index 1330dd1..d220b99 100644
+index b014d94..6d6ca7b 100644
 --- a/arch/x86/kernel/x8664_ksyms_64.c
 +++ b/arch/x86/kernel/x8664_ksyms_64.c
 @@ -34,8 +34,6 @@ EXPORT_SYMBOL(copy_user_generic_string);
@@ -24217,10 +23729,10 @@ index 1330dd1..d220b99 100644
  EXPORT_SYMBOL(copy_page);
  EXPORT_SYMBOL(clear_page);
 diff --git a/arch/x86/kernel/x86_init.c b/arch/x86/kernel/x86_init.c
-index 7a3d075..6cb373d 100644
+index 45a14db..075bb9b 100644
 --- a/arch/x86/kernel/x86_init.c
 +++ b/arch/x86/kernel/x86_init.c
-@@ -88,7 +88,7 @@ struct x86_init_ops x86_init __initdata = {
+@@ -85,7 +85,7 @@ struct x86_init_ops x86_init __initdata = {
  	},
  };
  
@@ -24229,7 +23741,7 @@ index 7a3d075..6cb373d 100644
  	.early_percpu_clock_init	= x86_init_noop,
  	.setup_percpu_clockev		= setup_secondary_APIC_clock,
  };
-@@ -96,7 +96,7 @@ struct x86_cpuinit_ops x86_cpuinit __cpuinitdata = {
+@@ -93,7 +93,7 @@ struct x86_cpuinit_ops x86_cpuinit __cpuinitdata = {
  static void default_nmi_init(void) { };
  static int default_i8042_detect(void) { return 1; };
  
@@ -24238,23 +23750,24 @@ index 7a3d075..6cb373d 100644
  	.calibrate_tsc			= native_calibrate_tsc,
  	.get_wallclock			= mach_get_cmos_time,
  	.set_wallclock			= mach_set_rtc_mmss,
-@@ -110,14 +110,14 @@ struct x86_platform_ops x86_platform = {
+@@ -107,7 +107,7 @@ struct x86_platform_ops x86_platform = {
  };
  
  EXPORT_SYMBOL_GPL(x86_platform);
 -struct x86_msi_ops x86_msi = {
 +struct x86_msi_ops x86_msi __read_only = {
- 	.setup_msi_irqs = native_setup_msi_irqs,
- 	.teardown_msi_irq = native_teardown_msi_irq,
- 	.teardown_msi_irqs = default_teardown_msi_irqs,
- 	.restore_msi_irqs = default_restore_msi_irqs,
+ 	.setup_msi_irqs		= native_setup_msi_irqs,
+ 	.compose_msi_msg	= native_compose_msi_msg,
+ 	.teardown_msi_irq	= native_teardown_msi_irq,
+@@ -116,7 +116,7 @@ struct x86_msi_ops x86_msi = {
+ 	.setup_hpet_msi		= default_setup_hpet_msi,
  };
  
 -struct x86_io_apic_ops x86_io_apic_ops = {
 +struct x86_io_apic_ops x86_io_apic_ops __read_only = {
- 	.init	= native_io_apic_init_mappings,
- 	.read	= native_io_apic_read,
- 	.write	= native_io_apic_write,
+ 	.init			= native_io_apic_init_mappings,
+ 	.read			= native_io_apic_read,
+ 	.write			= native_io_apic_write,
 diff --git a/arch/x86/kernel/xsave.c b/arch/x86/kernel/xsave.c
 index ada87a3..afea76d 100644
 --- a/arch/x86/kernel/xsave.c
@@ -24327,10 +23840,10 @@ index a20ecb5..d0e2194 100644
  
  out:
 diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
-index d330b3c..101a42b 100644
+index a9c9d3e..9fe214f 100644
 --- a/arch/x86/kvm/emulate.c
 +++ b/arch/x86/kvm/emulate.c
-@@ -292,6 +292,7 @@ static void invalidate_registers(struct x86_emulate_ctxt *ctxt)
+@@ -326,6 +326,7 @@ static void invalidate_registers(struct x86_emulate_ctxt *ctxt)
  
  #define ____emulate_2op(ctxt, _op, _x, _y, _suffix, _dsttype)	\
  	do {								\
@@ -24338,7 +23851,7 @@ index d330b3c..101a42b 100644
  		__asm__ __volatile__ (					\
  			_PRE_EFLAGS("0", "4", "2")			\
  			_op _suffix " %"_x"3,%1; "			\
-@@ -306,8 +307,6 @@ static void invalidate_registers(struct x86_emulate_ctxt *ctxt)
+@@ -340,8 +341,6 @@ static void invalidate_registers(struct x86_emulate_ctxt *ctxt)
  /* Raw emulation: instruction has two explicit operands. */
  #define __emulate_2op_nobyte(ctxt,_op,_wx,_wy,_lx,_ly,_qx,_qy)		\
  	do {								\
@@ -24347,7 +23860,7 @@ index d330b3c..101a42b 100644
  		switch ((ctxt)->dst.bytes) {				\
  		case 2:							\
  			____emulate_2op(ctxt,_op,_wx,_wy,"w",u16);	\
-@@ -323,7 +322,6 @@ static void invalidate_registers(struct x86_emulate_ctxt *ctxt)
+@@ -357,7 +356,6 @@ static void invalidate_registers(struct x86_emulate_ctxt *ctxt)
  
  #define __emulate_2op(ctxt,_op,_bx,_by,_wx,_wy,_lx,_ly,_qx,_qy)		     \
  	do {								     \
@@ -24356,7 +23869,7 @@ index d330b3c..101a42b 100644
  		case 1:							     \
  			____emulate_2op(ctxt,_op,_bx,_by,"b",u8);	     \
 diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
-index a2f492c..899e107 100644
+index f77df1c..6f20690 100644
 --- a/arch/x86/kvm/lapic.c
 +++ b/arch/x86/kvm/lapic.c
 @@ -55,7 +55,7 @@
@@ -24369,7 +23882,7 @@ index a2f492c..899e107 100644
  #define APIC_LVT_NUM			6
  /* 14 is the version for Xeon and Pentium 8.4.8*/
 diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h
-index 891eb6d..e027900 100644
+index 105dd5b..1b0ccc2 100644
 --- a/arch/x86/kvm/paging_tmpl.h
 +++ b/arch/x86/kvm/paging_tmpl.h
 @@ -208,7 +208,7 @@ retry_walk:
@@ -24382,7 +23895,7 @@ index 891eb6d..e027900 100644
  			goto error;
  		walker->ptep_user[walker->level - 1] = ptep_user;
 diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
-index d29d3cd..ec9d522 100644
+index e1b1ce2..f7b4b43 100644
 --- a/arch/x86/kvm/svm.c
 +++ b/arch/x86/kvm/svm.c
 @@ -3507,7 +3507,11 @@ static void reload_tss(struct kvm_vcpu *vcpu)
@@ -24397,7 +23910,7 @@ index d29d3cd..ec9d522 100644
  	load_TR_desc();
  }
  
-@@ -3881,6 +3885,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -3901,6 +3905,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)
  #endif
  #endif
  
@@ -24409,10 +23922,10 @@ index d29d3cd..ec9d522 100644
  
  	local_irq_disable();
 diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
-index 9120ae1..aca46d0 100644
+index 6667042..b47ece4 100644
 --- a/arch/x86/kvm/vmx.c
 +++ b/arch/x86/kvm/vmx.c
-@@ -1164,12 +1164,12 @@ static void vmcs_write64(unsigned long field, u64 value)
+@@ -1184,12 +1184,12 @@ static void vmcs_write64(unsigned long field, u64 value)
  #endif
  }
  
@@ -24427,7 +23940,7 @@ index 9120ae1..aca46d0 100644
  {
  	vmcs_writel(field, vmcs_readl(field) | mask);
  }
-@@ -1370,7 +1370,11 @@ static void reload_tss(void)
+@@ -1390,7 +1390,11 @@ static void reload_tss(void)
  	struct desc_struct *descs;
  
  	descs = (void *)gdt->address;
@@ -24439,7 +23952,7 @@ index 9120ae1..aca46d0 100644
  	load_TR_desc();
  }
  
-@@ -1594,6 +1598,10 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
+@@ -1614,6 +1618,10 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
  		vmcs_writel(HOST_TR_BASE, kvm_read_tr_base()); /* 22.2.4 */
  		vmcs_writel(HOST_GDTR_BASE, gdt->address);   /* 22.2.4 */
  
@@ -24450,7 +23963,7 @@ index 9120ae1..aca46d0 100644
  		rdmsrl(MSR_IA32_SYSENTER_ESP, sysenter_esp);
  		vmcs_writel(HOST_IA32_SYSENTER_ESP, sysenter_esp); /* 22.2.3 */
  		vmx->loaded_vmcs->cpu = cpu;
-@@ -2738,8 +2746,11 @@ static __init int hardware_setup(void)
+@@ -2779,8 +2787,11 @@ static __init int hardware_setup(void)
  	if (!cpu_has_vmx_flexpriority())
  		flexpriority_enabled = 0;
  
@@ -24464,7 +23977,22 @@ index 9120ae1..aca46d0 100644
  
  	if (enable_ept && !cpu_has_vmx_ept_2m_page())
  		kvm_disable_largepages();
-@@ -3782,7 +3793,10 @@ static void vmx_set_constant_host_state(void)
+@@ -2792,10 +2803,12 @@ static __init int hardware_setup(void)
+ 				!cpu_has_vmx_virtual_intr_delivery())
+ 		enable_apicv_reg_vid = 0;
+ 
++	pax_open_kernel();
+ 	if (enable_apicv_reg_vid)
+-		kvm_x86_ops->update_cr8_intercept = NULL;
++		*(void **)&kvm_x86_ops->update_cr8_intercept = NULL;
+ 	else
+-		kvm_x86_ops->hwapic_irr_update = NULL;
++		*(void **)&kvm_x86_ops->hwapic_irr_update = NULL;
++	pax_close_kernel();
+ 
+ 	if (nested)
+ 		nested_vmx_setup_ctls_msrs();
+@@ -3883,7 +3896,10 @@ static void vmx_set_constant_host_state(void)
  
  	vmcs_writel(HOST_CR0, read_cr0() & ~X86_CR0_TS);  /* 22.2.3 */
  	vmcs_writel(HOST_CR4, read_cr4());  /* 22.2.3, 22.2.5 */
@@ -24475,7 +24003,7 @@ index 9120ae1..aca46d0 100644
  
  	vmcs_write16(HOST_CS_SELECTOR, __KERNEL_CS);  /* 22.2.4 */
  #ifdef CONFIG_X86_64
-@@ -3803,7 +3817,7 @@ static void vmx_set_constant_host_state(void)
+@@ -3904,7 +3920,7 @@ static void vmx_set_constant_host_state(void)
  	native_store_idt(&dt);
  	vmcs_writel(HOST_IDTR_BASE, dt.address);   /* 22.2.4 */
  
@@ -24484,7 +24012,7 @@ index 9120ae1..aca46d0 100644
  
  	rdmsr(MSR_IA32_SYSENTER_CS, low32, high32);
  	vmcs_write32(HOST_IA32_SYSENTER_CS, low32);
-@@ -6355,6 +6369,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -6574,6 +6590,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
  		"jmp 2f \n\t"
  		"1: " __ex(ASM_VMX_VMRESUME) "\n\t"
  		"2: "
@@ -24497,7 +24025,7 @@ index 9120ae1..aca46d0 100644
  		/* Save guest registers, load host registers, keep flags */
  		"mov %0, %c[wordsize](%%" _ASM_SP ") \n\t"
  		"pop %0 \n\t"
-@@ -6407,6 +6427,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -6626,6 +6648,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
  #endif
  		[cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)),
  		[wordsize]"i"(sizeof(ulong))
@@ -24509,7 +24037,7 @@ index 9120ae1..aca46d0 100644
  	      : "cc", "memory"
  #ifdef CONFIG_X86_64
  		, "rax", "rbx", "rdi", "rsi"
-@@ -6420,7 +6445,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -6639,7 +6666,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
  	if (debugctlmsr)
  		update_debugctlmsr(debugctlmsr);
  
@@ -24518,7 +24046,7 @@ index 9120ae1..aca46d0 100644
  	/*
  	 * The sysexit path does not restore ds/es, so we must set them to
  	 * a reasonable value ourselves.
-@@ -6429,8 +6454,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -6648,8 +6675,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
  	 * may be executed in interrupt context, which saves and restore segments
  	 * around it, nullifying its effect.
  	 */
@@ -24540,10 +24068,10 @@ index 9120ae1..aca46d0 100644
  
  	vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP)
 diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index 9a51121..f739a79 100644
+index e172132..c3d3e27 100644
 --- a/arch/x86/kvm/x86.c
 +++ b/arch/x86/kvm/x86.c
-@@ -1688,8 +1688,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data)
+@@ -1686,8 +1686,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data)
  {
  	struct kvm *kvm = vcpu->kvm;
  	int lm = is_long_mode(vcpu);
@@ -24572,7 +24100,7 @@ index 9a51121..f739a79 100644
  		return -EINVAL;
  	if (irqchip_in_kernel(vcpu->kvm))
  		return -ENXIO;
-@@ -5209,7 +5211,7 @@ static struct notifier_block pvclock_gtod_notifier = {
+@@ -5247,7 +5249,7 @@ static struct notifier_block pvclock_gtod_notifier = {
  };
  #endif
  
@@ -24582,10 +24110,10 @@ index 9a51121..f739a79 100644
  	int r;
  	struct kvm_x86_ops *ops = (struct kvm_x86_ops *)opaque;
 diff --git a/arch/x86/lguest/boot.c b/arch/x86/lguest/boot.c
-index 20a4fd4..d806083 100644
+index 7114c63..a1018fc 100644
 --- a/arch/x86/lguest/boot.c
 +++ b/arch/x86/lguest/boot.c
-@@ -1200,9 +1200,10 @@ static __init int early_put_chars(u32 vtermno, const char *buf, int count)
+@@ -1201,9 +1201,10 @@ static __init int early_put_chars(u32 vtermno, const char *buf, int count)
   * Rebooting also tells the Host we're finished, but the RESTART flag tells the
   * Launcher to reboot us.
   */
@@ -25593,7 +25121,7 @@ index a30ca15..d25fab6 100644
  
  	.section .fixup,"ax"
 diff --git a/arch/x86/lib/copy_user_nocache_64.S b/arch/x86/lib/copy_user_nocache_64.S
-index 6a4f43c..f5f9e26 100644
+index 6a4f43c..f08b4a2 100644
 --- a/arch/x86/lib/copy_user_nocache_64.S
 +++ b/arch/x86/lib/copy_user_nocache_64.S
 @@ -8,6 +8,7 @@
@@ -25618,7 +25146,7 @@ index 6a4f43c..f5f9e26 100644
  	CFI_STARTPROC
 +
 +#ifdef CONFIG_PAX_MEMORY_UDEREF
-+	mov $PAX_USER_SHADOW_BASE,%rcx
++	mov pax_user_shadow_base,%rcx
 +	cmp %rcx,%rsi
 +	jae 1f
 +	add %rcx,%rsi
@@ -25703,10 +25231,10 @@ index 25b7ae8..169fafc 100644
  }
  EXPORT_SYMBOL(csum_partial_copy_to_user);
 diff --git a/arch/x86/lib/getuser.S b/arch/x86/lib/getuser.S
-index 156b9c8..b144132 100644
+index a451235..79fb5cf 100644
 --- a/arch/x86/lib/getuser.S
 +++ b/arch/x86/lib/getuser.S
-@@ -34,17 +34,40 @@
+@@ -33,17 +33,40 @@
  #include <asm/thread_info.h>
  #include <asm/asm.h>
  #include <asm/smap.h>
@@ -25729,10 +25257,10 @@ index 156b9c8..b144132 100644
  	cmp TI_addr_limit(%_ASM_DX),%_ASM_AX
  	jae bad_get_user
  	ASM_STAC
--1:	movzb (%_ASM_AX),%edx
+-1:	movzbl (%_ASM_AX),%edx
 +
 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
-+	mov $PAX_USER_SHADOW_BASE,%_ASM_DX
++	mov pax_user_shadow_base,%_ASM_DX
 +	cmp %_ASM_DX,%_ASM_AX
 +	jae 1234f
 +	add %_ASM_DX,%_ASM_AX
@@ -25741,14 +25269,14 @@ index 156b9c8..b144132 100644
 +
 +#endif
 +
-+1:	__copyuser_seg movzb (%_ASM_AX),%edx
++1:	__copyuser_seg movzbl (%_ASM_AX),%edx
  	xor %eax,%eax
  	ASM_CLAC
 +	pax_force_retaddr
  	ret
  	CFI_ENDPROC
  ENDPROC(__get_user_1)
-@@ -52,14 +75,28 @@ ENDPROC(__get_user_1)
+@@ -51,14 +74,28 @@ ENDPROC(__get_user_1)
  ENTRY(__get_user_2)
  	CFI_STARTPROC
  	add $1,%_ASM_AX
@@ -25762,7 +25290,7 @@ index 156b9c8..b144132 100644
 -2:	movzwl -1(%_ASM_AX),%edx
 +
 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
-+	mov $PAX_USER_SHADOW_BASE,%_ASM_DX
++	mov pax_user_shadow_base,%_ASM_DX
 +	cmp %_ASM_DX,%_ASM_AX
 +	jae 1234f
 +	add %_ASM_DX,%_ASM_AX
@@ -25778,7 +25306,7 @@ index 156b9c8..b144132 100644
  	ret
  	CFI_ENDPROC
  ENDPROC(__get_user_2)
-@@ -67,14 +104,28 @@ ENDPROC(__get_user_2)
+@@ -66,14 +103,28 @@ ENDPROC(__get_user_2)
  ENTRY(__get_user_4)
  	CFI_STARTPROC
  	add $3,%_ASM_AX
@@ -25789,10 +25317,10 @@ index 156b9c8..b144132 100644
  	cmp TI_addr_limit(%_ASM_DX),%_ASM_AX
  	jae bad_get_user
  	ASM_STAC
--3:	mov -3(%_ASM_AX),%edx
+-3:	movl -3(%_ASM_AX),%edx
 +
 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
-+	mov $PAX_USER_SHADOW_BASE,%_ASM_DX
++	mov pax_user_shadow_base,%_ASM_DX
 +	cmp %_ASM_DX,%_ASM_AX
 +	jae 1234f
 +	add %_ASM_DX,%_ASM_AX
@@ -25801,20 +25329,20 @@ index 156b9c8..b144132 100644
 +
 +#endif
 +
-+3:	__copyuser_seg mov -3(%_ASM_AX),%edx
++3:	__copyuser_seg movl -3(%_ASM_AX),%edx
  	xor %eax,%eax
  	ASM_CLAC
 +	pax_force_retaddr
  	ret
  	CFI_ENDPROC
  ENDPROC(__get_user_4)
-@@ -87,10 +138,20 @@ ENTRY(__get_user_8)
+@@ -86,10 +137,20 @@ ENTRY(__get_user_8)
  	GET_THREAD_INFO(%_ASM_DX)
  	cmp TI_addr_limit(%_ASM_DX),%_ASM_AX
- 	jae	bad_get_user
+ 	jae bad_get_user
 +
 +#ifdef CONFIG_PAX_MEMORY_UDEREF
-+	mov $PAX_USER_SHADOW_BASE,%_ASM_DX
++	mov pax_user_shadow_base,%_ASM_DX
 +	cmp %_ASM_DX,%_ASM_AX
 +	jae 1234f
 +	add %_ASM_DX,%_ASM_AX
@@ -25822,14 +25350,22 @@ index 156b9c8..b144132 100644
 +#endif
 +
  	ASM_STAC
- 4:	movq -7(%_ASM_AX),%_ASM_DX
+ 4:	movq -7(%_ASM_AX),%rdx
  	xor %eax,%eax
  	ASM_CLAC
 +	pax_force_retaddr
  	ret
+ #else
+ 	add $7,%_ASM_AX
+@@ -102,6 +163,7 @@ ENTRY(__get_user_8)
+ 5:	movl -3(%_ASM_AX),%ecx
+ 	xor %eax,%eax
+ 	ASM_CLAC
++	pax_force_retaddr
+ 	ret
+ #endif
  	CFI_ENDPROC
- ENDPROC(__get_user_8)
-@@ -101,6 +162,7 @@ bad_get_user:
+@@ -113,6 +175,7 @@ bad_get_user:
  	xor %edx,%edx
  	mov $(-EFAULT),%_ASM_AX
  	ASM_CLAC
@@ -25837,6 +25373,14 @@ index 156b9c8..b144132 100644
  	ret
  	CFI_ENDPROC
  END(bad_get_user)
+@@ -124,6 +187,7 @@ bad_get_user_8:
+ 	xor %ecx,%ecx
+ 	mov $(-EFAULT),%_ASM_AX
+ 	ASM_CLAC
++	pax_force_retaddr
+ 	ret
+ 	CFI_ENDPROC
+ END(bad_get_user_8)
 diff --git a/arch/x86/lib/insn.c b/arch/x86/lib/insn.c
 index 54fcffe..7be149e 100644
 --- a/arch/x86/lib/insn.c
@@ -26511,7 +26055,7 @@ index f6d13ee..aca5f0b 100644
  3:
  	CFI_RESTORE_STATE
 diff --git a/arch/x86/lib/putuser.S b/arch/x86/lib/putuser.S
-index fc6ba17..04471c5 100644
+index fc6ba17..d4d989d 100644
 --- a/arch/x86/lib/putuser.S
 +++ b/arch/x86/lib/putuser.S
 @@ -16,7 +16,9 @@
@@ -26563,7 +26107,7 @@ index fc6ba17..04471c5 100644
 -1:	movb %al,(%_ASM_CX)
 +
 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
-+	mov $PAX_USER_SHADOW_BASE,%_ASM_BX
++	mov pax_user_shadow_base,%_ASM_BX
 +	cmp %_ASM_BX,%_ASM_CX
 +	jb 1234f
 +	xor %ebx,%ebx
@@ -26590,7 +26134,7 @@ index fc6ba17..04471c5 100644
 -2:	movw %ax,(%_ASM_CX)
 +
 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
-+	mov $PAX_USER_SHADOW_BASE,%_ASM_BX
++	mov pax_user_shadow_base,%_ASM_BX
 +	cmp %_ASM_BX,%_ASM_CX
 +	jb 1234f
 +	xor %ebx,%ebx
@@ -26617,7 +26161,7 @@ index fc6ba17..04471c5 100644
 -3:	movl %eax,(%_ASM_CX)
 +
 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
-+	mov $PAX_USER_SHADOW_BASE,%_ASM_BX
++	mov pax_user_shadow_base,%_ASM_BX
 +	cmp %_ASM_BX,%_ASM_CX
 +	jb 1234f
 +	xor %ebx,%ebx
@@ -26644,7 +26188,7 @@ index fc6ba17..04471c5 100644
 -4:	mov %_ASM_AX,(%_ASM_CX)
 +
 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
-+	mov $PAX_USER_SHADOW_BASE,%_ASM_BX
++	mov pax_user_shadow_base,%_ASM_BX
 +	cmp %_ASM_BX,%_ASM_CX
 +	jb 1234f
 +	xor %ebx,%ebx
@@ -27523,7 +27067,7 @@ index 903ec1e..c4166b2 100644
  }
  
 diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
-index 4f7d793..165a8be 100644
+index 0e88336..2bb9777 100644
 --- a/arch/x86/mm/fault.c
 +++ b/arch/x86/mm/fault.c
 @@ -13,12 +13,19 @@
@@ -27860,7 +27404,7 @@ index 4f7d793..165a8be 100644
  /*
   * Handle a spurious fault caused by a stale TLB entry.
   *
-@@ -970,6 +1162,9 @@ int show_unhandled_signals = 1;
+@@ -964,6 +1156,9 @@ int show_unhandled_signals = 1;
  static inline int
  access_error(unsigned long error_code, struct vm_area_struct *vma)
  {
@@ -27870,7 +27414,7 @@ index 4f7d793..165a8be 100644
  	if (error_code & PF_WRITE) {
  		/* write, present and write, not present: */
  		if (unlikely(!(vma->vm_flags & VM_WRITE)))
-@@ -998,7 +1193,7 @@ static inline bool smap_violation(int error_code, struct pt_regs *regs)
+@@ -992,7 +1187,7 @@ static inline bool smap_violation(int error_code, struct pt_regs *regs)
  	if (error_code & PF_USER)
  		return false;
  
@@ -27879,7 +27423,7 @@ index 4f7d793..165a8be 100644
  		return false;
  
  	return true;
-@@ -1014,18 +1209,33 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code)
+@@ -1008,18 +1203,33 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code)
  {
  	struct vm_area_struct *vma;
  	struct task_struct *tsk;
@@ -27898,18 +27442,18 @@ index 4f7d793..165a8be 100644
 +	unsigned long address = read_cr2();
 +
 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
-+	if (!user_mode(regs) && address < 2 * PAX_USER_SHADOW_BASE) {
++	if (!user_mode(regs) && address < 2 * pax_user_shadow_base) {
 +		if (!search_exception_tables(regs->ip)) {
 +			printk(KERN_ERR "PAX: please report this to pageexec@freemail.hu\n");
 +			bad_area_nosemaphore(regs, error_code, address);
 +			return;
 +		}
-+		if (address < PAX_USER_SHADOW_BASE) {
++		if (address < pax_user_shadow_base) {
 +			printk(KERN_ERR "PAX: please report this to pageexec@freemail.hu\n");
 +			printk(KERN_ERR "PAX: faulting IP: %pS\n", (void *)regs->ip);
 +			show_trace_log_lvl(NULL, NULL, (void *)regs->sp, regs->bp, KERN_ERR);
 +		} else
-+			address -= PAX_USER_SHADOW_BASE;
++			address -= pax_user_shadow_base;
 +	}
 +#endif
 +
@@ -27918,7 +27462,7 @@ index 4f7d793..165a8be 100644
  
  	/*
  	 * Detect and handle instructions that would cause a page fault for
-@@ -1086,7 +1296,7 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code)
+@@ -1080,7 +1290,7 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code)
  	 * User-mode registers count as a user access even for any
  	 * potential system fault or CPU buglet:
  	 */
@@ -27927,7 +27471,7 @@ index 4f7d793..165a8be 100644
  		local_irq_enable();
  		error_code |= PF_USER;
  	} else {
-@@ -1148,6 +1358,11 @@ retry:
+@@ -1142,6 +1352,11 @@ retry:
  		might_sleep();
  	}
  
@@ -27939,7 +27483,7 @@ index 4f7d793..165a8be 100644
  	vma = find_vma(mm, address);
  	if (unlikely(!vma)) {
  		bad_area(regs, error_code, address);
-@@ -1159,18 +1374,24 @@ retry:
+@@ -1153,18 +1368,24 @@ retry:
  		bad_area(regs, error_code, address);
  		return;
  	}
@@ -27975,7 +27519,7 @@ index 4f7d793..165a8be 100644
  	if (unlikely(expand_stack(vma, address))) {
  		bad_area(regs, error_code, address);
  		return;
-@@ -1234,3 +1455,292 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code)
+@@ -1228,3 +1449,292 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code)
  	__do_page_fault(regs, error_code);
  	exception_exit(regs);
  }
@@ -28298,10 +27842,20 @@ index 6f31ee5..8ee4164 100644
  
  	return (void *)vaddr;
 diff --git a/arch/x86/mm/hugetlbpage.c b/arch/x86/mm/hugetlbpage.c
-index ae1aa71..56316db 100644
+index ae1aa71..d9bea75 100644
 --- a/arch/x86/mm/hugetlbpage.c
 +++ b/arch/x86/mm/hugetlbpage.c
-@@ -279,6 +279,12 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *file,
+@@ -271,23 +271,30 @@ follow_huge_pud(struct mm_struct *mm, unsigned long address,
+ #ifdef HAVE_ARCH_HUGETLB_UNMAPPED_AREA
+ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *file,
+ 		unsigned long addr, unsigned long len,
+-		unsigned long pgoff, unsigned long flags)
++		unsigned long pgoff, unsigned long flags, unsigned long offset)
+ {
+ 	struct hstate *h = hstate_file(file);
+ 	struct vm_unmapped_area_info info;
+-
++	
  	info.flags = 0;
  	info.length = len;
  	info.low_limit = TASK_UNMAPPED_BASE;
@@ -28314,7 +27868,26 @@ index ae1aa71..56316db 100644
  	info.high_limit = TASK_SIZE;
  	info.align_mask = PAGE_MASK & ~huge_page_mask(h);
  	info.align_offset = 0;
-@@ -311,6 +317,12 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file,
++	info.threadstack_offset = offset;
+ 	return vm_unmapped_area(&info);
+ }
+ 
+ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file,
+ 		unsigned long addr0, unsigned long len,
+-		unsigned long pgoff, unsigned long flags)
++		unsigned long pgoff, unsigned long flags, unsigned long offset)
+ {
+ 	struct hstate *h = hstate_file(file);
+ 	struct vm_unmapped_area_info info;
+@@ -299,6 +306,7 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file,
+ 	info.high_limit = current->mm->mmap_base;
+ 	info.align_mask = PAGE_MASK & ~huge_page_mask(h);
+ 	info.align_offset = 0;
++	info.threadstack_offset = offset;
+ 	addr = vm_unmapped_area(&info);
+ 
+ 	/*
+@@ -311,6 +319,12 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file,
  		VM_BUG_ON(addr != -ENOMEM);
  		info.flags = 0;
  		info.low_limit = TASK_UNMAPPED_BASE;
@@ -28327,7 +27900,7 @@ index ae1aa71..56316db 100644
  		info.high_limit = TASK_SIZE;
  		addr = vm_unmapped_area(&info);
  	}
-@@ -325,10 +337,20 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
+@@ -325,10 +339,20 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
  	struct hstate *h = hstate_file(file);
  	struct mm_struct *mm = current->mm;
  	struct vm_area_struct *vma;
@@ -28349,7 +27922,7 @@ index ae1aa71..56316db 100644
  		return -ENOMEM;
  
  	if (flags & MAP_FIXED) {
-@@ -337,11 +359,14 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
+@@ -337,19 +361,22 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
  		return addr;
  	}
  
@@ -28366,8 +27939,18 @@ index ae1aa71..56316db 100644
  			return addr;
  	}
  	if (mm->get_unmapped_area == arch_get_unmapped_area)
+ 		return hugetlb_get_unmapped_area_bottomup(file, addr, len,
+-				pgoff, flags);
++				pgoff, flags, offset);
+ 	else
+ 		return hugetlb_get_unmapped_area_topdown(file, addr, len,
+-				pgoff, flags);
++				pgoff, flags, offset);
+ }
+ 
+ #endif /*HAVE_ARCH_HUGETLB_UNMAPPED_AREA*/
 diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
-index d7aea41..0fc945b 100644
+index 59b7fc4..b1dd75f 100644
 --- a/arch/x86/mm/init.c
 +++ b/arch/x86/mm/init.c
 @@ -4,6 +4,7 @@
@@ -28378,25 +27961,16 @@ index d7aea41..0fc945b 100644
  
  #include <asm/cacheflush.h>
  #include <asm/e820.h>
-@@ -16,6 +17,8 @@
- #include <asm/tlb.h>
+@@ -17,6 +18,8 @@
  #include <asm/proto.h>
  #include <asm/dma.h>		/* for MAX_DMA_PFN */
+ #include <asm/microcode.h>
 +#include <asm/desc.h>
 +#include <asm/bios_ebda.h>
  
- unsigned long __initdata pgt_buf_start;
- unsigned long __meminitdata pgt_buf_end;
-@@ -44,7 +47,7 @@ static void __init find_early_table_space(struct map_range *mr, int nr_range)
- {
- 	int i;
- 	unsigned long puds = 0, pmds = 0, ptes = 0, tables;
--	unsigned long start = 0, good_end;
-+	unsigned long start = 0x100000, good_end;
- 	phys_addr_t base;
+ #include "mm_internal.h"
  
- 	for (i = 0; i < nr_range; i++) {
-@@ -321,10 +324,40 @@ unsigned long __init_refok init_memory_mapping(unsigned long start,
+@@ -464,10 +467,40 @@ void __init init_mem_mapping(void)
   * Access has to be given to non-kernel-ram areas as well, these contain the PCI
   * mmio resources as well as potential bios/acpi data regions.
   */
@@ -28438,7 +28012,7 @@ index d7aea41..0fc945b 100644
  	if (iomem_is_exclusive(pagenr << PAGE_SHIFT))
  		return 0;
  	if (!page_is_ram(pagenr))
-@@ -381,8 +414,117 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
+@@ -524,8 +557,117 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
  #endif
  }
  
@@ -28557,11 +28131,11 @@ index d7aea41..0fc945b 100644
  			(unsigned long)(&__init_begin),
  			(unsigned long)(&__init_end));
 diff --git a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c
-index 745d66b..56bf568 100644
+index 2d19001..6a1046c 100644
 --- a/arch/x86/mm/init_32.c
 +++ b/arch/x86/mm/init_32.c
-@@ -73,36 +73,6 @@ static __init void *alloc_low_page(void)
- }
+@@ -62,33 +62,6 @@ static noinline int do_test_wp_bit(void);
+ bool __read_mostly __vmalloc_start_set = false;
  
  /*
 - * Creates a middle page table and puts a pointer to it in the
@@ -28575,10 +28149,7 @@ index 745d66b..56bf568 100644
 -
 -#ifdef CONFIG_X86_PAE
 -	if (!(pgd_val(*pgd) & _PAGE_PRESENT)) {
--		if (after_bootmem)
--			pmd_table = (pmd_t *)alloc_bootmem_pages(PAGE_SIZE);
--		else
--			pmd_table = (pmd_t *)alloc_low_page();
+-		pmd_table = (pmd_t *)alloc_low_page();
 -		paravirt_alloc_pmd(&init_mm, __pa(pmd_table) >> PAGE_SHIFT);
 -		set_pgd(pgd, __pgd(__pa(pmd_table) | _PAGE_PRESENT));
 -		pud = pud_offset(pgd, 0);
@@ -28597,8 +28168,8 @@ index 745d66b..56bf568 100644
   * Create a page table and place a pointer to it in a middle page
   * directory entry:
   */
-@@ -122,13 +92,28 @@ static pte_t * __init one_page_table_init(pmd_t *pmd)
- 			page_table = (pte_t *)alloc_low_page();
+@@ -98,13 +71,28 @@ static pte_t * __init one_page_table_init(pmd_t *pmd)
+ 		pte_t *page_table = (pte_t *)alloc_low_page();
  
  		paravirt_alloc_pte(&init_mm, __pa(page_table) >> PAGE_SHIFT);
 +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
@@ -28626,15 +28197,15 @@ index 745d66b..56bf568 100644
  pmd_t * __init populate_extra_pmd(unsigned long vaddr)
  {
  	int pgd_idx = pgd_index(vaddr);
-@@ -202,6 +187,7 @@ page_table_range_init(unsigned long start, unsigned long end, pgd_t *pgd_base)
+@@ -208,6 +196,7 @@ page_table_range_init(unsigned long start, unsigned long end, pgd_t *pgd_base)
  	int pgd_idx, pmd_idx;
  	unsigned long vaddr;
  	pgd_t *pgd;
 +	pud_t *pud;
  	pmd_t *pmd;
  	pte_t *pte = NULL;
- 
-@@ -211,8 +197,13 @@ page_table_range_init(unsigned long start, unsigned long end, pgd_t *pgd_base)
+ 	unsigned long count = page_table_range_init_count(start, end);
+@@ -222,8 +211,13 @@ page_table_range_init(unsigned long start, unsigned long end, pgd_t *pgd_base)
  	pgd = pgd_base + pgd_idx;
  
  	for ( ; (pgd_idx < PTRS_PER_PGD) && (vaddr != end); pgd++, pgd_idx++) {
@@ -28650,7 +28221,7 @@ index 745d66b..56bf568 100644
  		for (; (pmd_idx < PTRS_PER_PMD) && (vaddr != end);
  							pmd++, pmd_idx++) {
  			pte = page_table_kmap_check(one_page_table_init(pmd),
-@@ -224,11 +215,20 @@ page_table_range_init(unsigned long start, unsigned long end, pgd_t *pgd_base)
+@@ -235,11 +229,20 @@ page_table_range_init(unsigned long start, unsigned long end, pgd_t *pgd_base)
  	}
  }
  
@@ -28675,7 +28246,7 @@ index 745d66b..56bf568 100644
  }
  
  /*
-@@ -245,9 +245,10 @@ kernel_physical_mapping_init(unsigned long start,
+@@ -256,9 +259,10 @@ kernel_physical_mapping_init(unsigned long start,
  	unsigned long last_map_addr = end;
  	unsigned long start_pfn, end_pfn;
  	pgd_t *pgd_base = swapper_pg_dir;
@@ -28687,7 +28258,7 @@ index 745d66b..56bf568 100644
  	pmd_t *pmd;
  	pte_t *pte;
  	unsigned pages_2m, pages_4k;
-@@ -280,8 +281,13 @@ repeat:
+@@ -291,8 +295,13 @@ repeat:
  	pfn = start_pfn;
  	pgd_idx = pgd_index((pfn<<PAGE_SHIFT) + PAGE_OFFSET);
  	pgd = pgd_base + pgd_idx;
@@ -28703,7 +28274,7 @@ index 745d66b..56bf568 100644
  
  		if (pfn >= end_pfn)
  			continue;
-@@ -293,14 +299,13 @@ repeat:
+@@ -304,14 +313,13 @@ repeat:
  #endif
  		for (; pmd_idx < PTRS_PER_PMD && pfn < end_pfn;
  		     pmd++, pmd_idx++) {
@@ -28719,10 +28290,10 @@ index 745d66b..56bf568 100644
  				pgprot_t prot = PAGE_KERNEL_LARGE;
  				/*
  				 * first pass will use the same initial
-@@ -310,11 +315,7 @@ repeat:
- 					__pgprot(PTE_IDENT_ATTR |
+@@ -322,11 +330,7 @@ repeat:
  						 _PAGE_PSE);
  
+ 				pfn &= PMD_MASK >> PAGE_SHIFT;
 -				addr2 = (pfn + PTRS_PER_PTE-1) * PAGE_SIZE +
 -					PAGE_OFFSET + PAGE_SIZE-1;
 -
@@ -28732,7 +28303,7 @@ index 745d66b..56bf568 100644
  					prot = PAGE_KERNEL_LARGE_EXEC;
  
  				pages_2m++;
-@@ -331,7 +332,7 @@ repeat:
+@@ -343,7 +347,7 @@ repeat:
  			pte_ofs = pte_index((pfn<<PAGE_SHIFT) + PAGE_OFFSET);
  			pte += pte_ofs;
  			for (; pte_ofs < PTRS_PER_PTE && pfn < end_pfn;
@@ -28741,7 +28312,7 @@ index 745d66b..56bf568 100644
  				pgprot_t prot = PAGE_KERNEL;
  				/*
  				 * first pass will use the same initial
-@@ -339,7 +340,7 @@ repeat:
+@@ -351,7 +355,7 @@ repeat:
  				 */
  				pgprot_t init_prot = __pgprot(PTE_IDENT_ATTR);
  
@@ -28750,16 +28321,16 @@ index 745d66b..56bf568 100644
  					prot = PAGE_KERNEL_EXEC;
  
  				pages_4k++;
-@@ -465,7 +466,7 @@ void __init native_pagetable_init(void)
+@@ -482,7 +486,7 @@ void __init native_pagetable_init(void)
  
  		pud = pud_offset(pgd, va);
  		pmd = pmd_offset(pud, va);
 -		if (!pmd_present(*pmd))
-+		if (!pmd_present(*pmd) || pmd_huge(*pmd))
++		if (!pmd_present(*pmd)) // PAX TODO || pmd_large(*pmd))
  			break;
  
- 		pte = pte_offset_kernel(pmd, va);
-@@ -514,12 +515,10 @@ void __init early_ioremap_page_table_range_init(void)
+ 		/* should not be large page here */
+@@ -540,12 +544,10 @@ void __init early_ioremap_page_table_range_init(void)
  
  static void __init pagetable_init(void)
  {
@@ -28774,7 +28345,7 @@ index 745d66b..56bf568 100644
  EXPORT_SYMBOL_GPL(__supported_pte_mask);
  
  /* user-defined highmem size */
-@@ -728,6 +727,12 @@ void __init mem_init(void)
+@@ -752,6 +754,12 @@ void __init mem_init(void)
  
  	pci_iommu_alloc();
  
@@ -28787,8 +28358,8 @@ index 745d66b..56bf568 100644
  #ifdef CONFIG_FLATMEM
  	BUG_ON(!mem_map);
  #endif
-@@ -754,7 +759,7 @@ void __init mem_init(void)
- 			reservedpages++;
+@@ -780,7 +788,7 @@ void __init mem_init(void)
+ 	after_bootmem = 1;
  
  	codesize =  (unsigned long) &_etext - (unsigned long) &_text;
 -	datasize =  (unsigned long) &_edata - (unsigned long) &_etext;
@@ -28796,7 +28367,7 @@ index 745d66b..56bf568 100644
  	initsize =  (unsigned long) &__init_end - (unsigned long) &__init_begin;
  
  	printk(KERN_INFO "Memory: %luk/%luk available (%dk kernel code, "
-@@ -795,10 +800,10 @@ void __init mem_init(void)
+@@ -821,10 +829,10 @@ void __init mem_init(void)
  		((unsigned long)&__init_end -
  		 (unsigned long)&__init_begin) >> 10,
  
@@ -28810,7 +28381,7 @@ index 745d66b..56bf568 100644
  		((unsigned long)&_etext - (unsigned long)&_text) >> 10);
  
  	/*
-@@ -876,6 +881,7 @@ void set_kernel_text_rw(void)
+@@ -914,6 +922,7 @@ void set_kernel_text_rw(void)
  	if (!kernel_set_to_readonly)
  		return;
  
@@ -28818,7 +28389,7 @@ index 745d66b..56bf568 100644
  	pr_debug("Set kernel text: %lx - %lx for read write\n",
  		 start, start+size);
  
-@@ -890,6 +896,7 @@ void set_kernel_text_ro(void)
+@@ -928,6 +937,7 @@ void set_kernel_text_ro(void)
  	if (!kernel_set_to_readonly)
  		return;
  
@@ -28826,7 +28397,7 @@ index 745d66b..56bf568 100644
  	pr_debug("Set kernel text: %lx - %lx for read only\n",
  		 start, start+size);
  
-@@ -918,6 +925,7 @@ void mark_rodata_ro(void)
+@@ -956,6 +966,7 @@ void mark_rodata_ro(void)
  	unsigned long start = PFN_ALIGN(_text);
  	unsigned long size = PFN_ALIGN(_etext) - start;
  
@@ -28835,10 +28406,10 @@ index 745d66b..56bf568 100644
  	printk(KERN_INFO "Write protecting the kernel text: %luk\n",
  		size >> 10);
 diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
-index 75c9a6a..498d677 100644
+index 474e28f..647dd12 100644
 --- a/arch/x86/mm/init_64.c
 +++ b/arch/x86/mm/init_64.c
-@@ -74,7 +74,7 @@ early_param("gbpages", parse_direct_gbpages_on);
+@@ -150,7 +150,7 @@ early_param("gbpages", parse_direct_gbpages_on);
   * around without checking the pgd every time.
   */
  
@@ -28847,7 +28418,7 @@ index 75c9a6a..498d677 100644
  EXPORT_SYMBOL_GPL(__supported_pte_mask);
  
  int force_personality32;
-@@ -107,12 +107,22 @@ void sync_global_pgds(unsigned long start, unsigned long end)
+@@ -183,12 +183,22 @@ void sync_global_pgds(unsigned long start, unsigned long end)
  
  	for (address = start; address <= end; address += PGDIR_SIZE) {
  		const pgd_t *pgd_ref = pgd_offset_k(address);
@@ -28870,7 +28441,7 @@ index 75c9a6a..498d677 100644
  		list_for_each_entry(page, &pgd_list, lru) {
  			pgd_t *pgd;
  			spinlock_t *pgt_lock;
-@@ -121,6 +131,7 @@ void sync_global_pgds(unsigned long start, unsigned long end)
+@@ -197,6 +207,7 @@ void sync_global_pgds(unsigned long start, unsigned long end)
  			/* the pgt_lock only for Xen */
  			pgt_lock = &pgd_page_get_mm(page)->page_table_lock;
  			spin_lock(pgt_lock);
@@ -28878,7 +28449,7 @@ index 75c9a6a..498d677 100644
  
  			if (pgd_none(*pgd))
  				set_pgd(pgd, *pgd_ref);
-@@ -128,7 +139,10 @@ void sync_global_pgds(unsigned long start, unsigned long end)
+@@ -204,7 +215,10 @@ void sync_global_pgds(unsigned long start, unsigned long end)
  				BUG_ON(pgd_page_vaddr(*pgd)
  				       != pgd_page_vaddr(*pgd_ref));
  
@@ -28889,7 +28460,7 @@ index 75c9a6a..498d677 100644
  		}
  		spin_unlock(&pgd_lock);
  	}
-@@ -161,7 +175,7 @@ static pud_t *fill_pud(pgd_t *pgd, unsigned long vaddr)
+@@ -237,7 +251,7 @@ static pud_t *fill_pud(pgd_t *pgd, unsigned long vaddr)
  {
  	if (pgd_none(*pgd)) {
  		pud_t *pud = (pud_t *)spp_getpage();
@@ -28898,7 +28469,7 @@ index 75c9a6a..498d677 100644
  		if (pud != pud_offset(pgd, 0))
  			printk(KERN_ERR "PAGETABLE BUG #00! %p <-> %p\n",
  			       pud, pud_offset(pgd, 0));
-@@ -173,7 +187,7 @@ static pmd_t *fill_pmd(pud_t *pud, unsigned long vaddr)
+@@ -249,7 +263,7 @@ static pmd_t *fill_pmd(pud_t *pud, unsigned long vaddr)
  {
  	if (pud_none(*pud)) {
  		pmd_t *pmd = (pmd_t *) spp_getpage();
@@ -28907,7 +28478,7 @@ index 75c9a6a..498d677 100644
  		if (pmd != pmd_offset(pud, 0))
  			printk(KERN_ERR "PAGETABLE BUG #01! %p <-> %p\n",
  			       pmd, pmd_offset(pud, 0));
-@@ -202,7 +216,9 @@ void set_pte_vaddr_pud(pud_t *pud_page, unsigned long vaddr, pte_t new_pte)
+@@ -278,7 +292,9 @@ void set_pte_vaddr_pud(pud_t *pud_page, unsigned long vaddr, pte_t new_pte)
  	pmd = fill_pmd(pud, vaddr);
  	pte = fill_pte(pmd, vaddr);
  
@@ -28917,7 +28488,7 @@ index 75c9a6a..498d677 100644
  
  	/*
  	 * It's enough to flush this one mapping.
-@@ -261,14 +277,12 @@ static void __init __init_extra_mapping(unsigned long phys, unsigned long size,
+@@ -337,14 +353,12 @@ static void __init __init_extra_mapping(unsigned long phys, unsigned long size,
  		pgd = pgd_offset_k((unsigned long)__va(phys));
  		if (pgd_none(*pgd)) {
  			pud = (pud_t *) spp_getpage();
@@ -28934,43 +28505,25 @@ index 75c9a6a..498d677 100644
  		}
  		pmd = pmd_offset(pud, phys);
  		BUG_ON(!pmd_none(*pmd));
-@@ -329,7 +343,7 @@ static __ref void *alloc_low_page(unsigned long *phys)
- 	if (pfn >= pgt_buf_top)
- 		panic("alloc_low_page: ran out of memory");
- 
--	adr = early_memremap(pfn * PAGE_SIZE, PAGE_SIZE);
-+	adr = (void __force_kernel *)early_memremap(pfn * PAGE_SIZE, PAGE_SIZE);
- 	clear_page(adr);
- 	*phys  = pfn * PAGE_SIZE;
- 	return adr;
-@@ -345,7 +359,7 @@ static __ref void *map_low_page(void *virt)
- 
- 	phys = __pa(virt);
- 	left = phys & (PAGE_SIZE - 1);
--	adr = early_memremap(phys & PAGE_MASK, PAGE_SIZE);
-+	adr = (void __force_kernel *)early_memremap(phys & PAGE_MASK, PAGE_SIZE);
- 	adr = (void *)(((unsigned long)adr) | left);
- 
- 	return adr;
-@@ -553,7 +567,7 @@ phys_pud_init(pud_t *pud_page, unsigned long addr, unsigned long end,
- 		unmap_low_page(pmd);
+@@ -585,7 +599,7 @@ phys_pud_init(pud_t *pud_page, unsigned long addr, unsigned long end,
+ 					      prot);
  
  		spin_lock(&init_mm.page_table_lock);
--		pud_populate(&init_mm, pud, __va(pmd_phys));
-+		pud_populate_kernel(&init_mm, pud, __va(pmd_phys));
+-		pud_populate(&init_mm, pud, pmd);
++		pud_populate_kernel(&init_mm, pud, pmd);
  		spin_unlock(&init_mm.page_table_lock);
  	}
  	__flush_tlb_all();
-@@ -599,7 +613,7 @@ kernel_physical_mapping_init(unsigned long start,
- 		unmap_low_page(pud);
+@@ -626,7 +640,7 @@ kernel_physical_mapping_init(unsigned long start,
+ 						 page_size_mask);
  
  		spin_lock(&init_mm.page_table_lock);
--		pgd_populate(&init_mm, pgd, __va(pud_phys));
-+		pgd_populate_kernel(&init_mm, pgd, __va(pud_phys));
+-		pgd_populate(&init_mm, pgd, pud);
++		pgd_populate_kernel(&init_mm, pgd, pud);
  		spin_unlock(&init_mm.page_table_lock);
  		pgd_changed = true;
  	}
-@@ -693,6 +707,12 @@ void __init mem_init(void)
+@@ -1065,6 +1079,12 @@ void __init mem_init(void)
  
  	pci_iommu_alloc();
  
@@ -28983,7 +28536,7 @@ index 75c9a6a..498d677 100644
  	/* clear_bss() already clear the empty_zero_page */
  
  	reservedpages = 0;
-@@ -856,8 +876,8 @@ int kern_addr_valid(unsigned long addr)
+@@ -1224,8 +1244,8 @@ int kern_addr_valid(unsigned long addr)
  static struct vm_area_struct gate_vma = {
  	.vm_start	= VSYSCALL_START,
  	.vm_end		= VSYSCALL_START + (VSYSCALL_MAPPED_PAGES * PAGE_SIZE),
@@ -28994,7 +28547,7 @@ index 75c9a6a..498d677 100644
  };
  
  struct vm_area_struct *get_gate_vma(struct mm_struct *mm)
-@@ -891,7 +911,7 @@ int in_gate_area_no_mm(unsigned long addr)
+@@ -1259,7 +1279,7 @@ int in_gate_area_no_mm(unsigned long addr)
  
  const char *arch_vma_name(struct vm_area_struct *vma)
  {
@@ -29231,10 +28784,10 @@ index dc0b727..f612039 100644
  	might_sleep();
  	if (is_enabled()) /* recheck and proper locking in *_core() */
 diff --git a/arch/x86/mm/numa.c b/arch/x86/mm/numa.c
-index 8504f36..5fc68f2 100644
+index 72fe01e..f1a8daa 100644
 --- a/arch/x86/mm/numa.c
 +++ b/arch/x86/mm/numa.c
-@@ -478,7 +478,7 @@ static bool __init numa_meminfo_cover_memory(const struct numa_meminfo *mi)
+@@ -477,7 +477,7 @@ static bool __init numa_meminfo_cover_memory(const struct numa_meminfo *mi)
  	return true;
  }
  
@@ -29244,7 +28797,7 @@ index 8504f36..5fc68f2 100644
  	unsigned long uninitialized_var(pfn_align);
  	int i, nid;
 diff --git a/arch/x86/mm/pageattr-test.c b/arch/x86/mm/pageattr-test.c
-index b008656..773eac2 100644
+index 0e38951..4ca8458 100644
 --- a/arch/x86/mm/pageattr-test.c
 +++ b/arch/x86/mm/pageattr-test.c
 @@ -36,7 +36,7 @@ enum {
@@ -29257,7 +28810,7 @@ index b008656..773eac2 100644
  
  struct split_state {
 diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c
-index a718e0d..77419bc 100644
+index fb4e73e..43f7238 100644
 --- a/arch/x86/mm/pageattr.c
 +++ b/arch/x86/mm/pageattr.c
 @@ -261,7 +261,7 @@ static inline pgprot_t static_protections(pgprot_t prot, unsigned long address,
@@ -29283,8 +28836,8 @@ index a718e0d..77419bc 100644
  	 * The .rodata section needs to be read-only. Using the pfn
  	 * catches all aliases.
 @@ -279,6 +280,7 @@ static inline pgprot_t static_protections(pgprot_t prot, unsigned long address,
- 	if (within(pfn, __pa((unsigned long)__start_rodata) >> PAGE_SHIFT,
- 		   __pa((unsigned long)__end_rodata) >> PAGE_SHIFT))
+ 	if (within(pfn, __pa_symbol(__start_rodata) >> PAGE_SHIFT,
+ 		   __pa_symbol(__end_rodata) >> PAGE_SHIFT))
  		pgprot_val(forbidden) |= _PAGE_RW;
 +#endif
  
@@ -29304,7 +28857,7 @@ index a718e0d..77419bc 100644
  	prot = __pgprot(pgprot_val(prot) & ~pgprot_val(forbidden));
  
  	return prot;
-@@ -369,23 +378,37 @@ EXPORT_SYMBOL_GPL(lookup_address);
+@@ -400,23 +409,37 @@ EXPORT_SYMBOL_GPL(slow_virt_to_phys);
  static void __set_pmd_pte(pte_t *kpte, unsigned long address, pte_t pte)
  {
  	/* change init_mm */
@@ -29345,7 +28898,7 @@ index a718e0d..77419bc 100644
  
  static int
 diff --git a/arch/x86/mm/pat.c b/arch/x86/mm/pat.c
-index 0eb572e..92f5c1e 100644
+index 6574388..87e9bef 100644
 --- a/arch/x86/mm/pat.c
 +++ b/arch/x86/mm/pat.c
 @@ -376,7 +376,7 @@ int free_memtype(u64 start, u64 end)
@@ -29368,7 +28921,7 @@ index 0eb572e..92f5c1e 100644
  			return 0;
  		}
  		cursor += PAGE_SIZE;
-@@ -570,7 +570,7 @@ int kernel_map_sync_memtype(u64 base, unsigned long size, unsigned long flags)
+@@ -577,7 +577,7 @@ int kernel_map_sync_memtype(u64 base, unsigned long size, unsigned long flags)
  	if (ioremap_change_attr((unsigned long)__va(base), id_sz, flags) < 0) {
  		printk(KERN_INFO "%s:%d ioremap_change_attr failed %s "
  			"for [mem %#010Lx-%#010Lx]\n",
@@ -29377,7 +28930,7 @@ index 0eb572e..92f5c1e 100644
  			cattr_name(flags),
  			base, (unsigned long long)(base + size-1));
  		return -EINVAL;
-@@ -605,7 +605,7 @@ static int reserve_pfn_range(u64 paddr, unsigned long size, pgprot_t *vma_prot,
+@@ -612,7 +612,7 @@ static int reserve_pfn_range(u64 paddr, unsigned long size, pgprot_t *vma_prot,
  		flags = lookup_memtype(paddr);
  		if (want_flags != flags) {
  			printk(KERN_WARNING "%s:%d map pfn RAM range req %s for [mem %#010Lx-%#010Lx], got %s\n",
@@ -29386,7 +28939,7 @@ index 0eb572e..92f5c1e 100644
  				cattr_name(want_flags),
  				(unsigned long long)paddr,
  				(unsigned long long)(paddr + size - 1),
-@@ -627,7 +627,7 @@ static int reserve_pfn_range(u64 paddr, unsigned long size, pgprot_t *vma_prot,
+@@ -634,7 +634,7 @@ static int reserve_pfn_range(u64 paddr, unsigned long size, pgprot_t *vma_prot,
  			free_memtype(paddr, paddr + size);
  			printk(KERN_ERR "%s:%d map pfn expected mapping type %s"
  				" for [mem %#010Lx-%#010Lx], got %s\n",
@@ -29445,7 +28998,7 @@ index 9f0614d..92ae64a 100644
  	p += get_opcode(p, &opcode);
  	for (i = 0; i < ARRAY_SIZE(imm_wop); i++)
 diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c
-index 395b3b4a..213e72b 100644
+index 17fda6a..489c74a 100644
 --- a/arch/x86/mm/pgtable.c
 +++ b/arch/x86/mm/pgtable.c
 @@ -91,10 +91,64 @@ static inline void pgd_list_del(pgd_t *pgd)
@@ -29724,27 +29277,27 @@ index a69bcb8..19068ab 100644
  	/*
  	 * It's enough to flush this one mapping.
 diff --git a/arch/x86/mm/physaddr.c b/arch/x86/mm/physaddr.c
-index d2e2735..5c6586f 100644
+index e666cbb..61788c45 100644
 --- a/arch/x86/mm/physaddr.c
 +++ b/arch/x86/mm/physaddr.c
-@@ -8,7 +8,7 @@
- 
+@@ -10,7 +10,7 @@
  #ifdef CONFIG_X86_64
  
+ #ifdef CONFIG_DEBUG_VIRTUAL
 -unsigned long __phys_addr(unsigned long x)
 +unsigned long __intentional_overflow(-1) __phys_addr(unsigned long x)
  {
- 	if (x >= __START_KERNEL_map) {
- 		x -= __START_KERNEL_map;
-@@ -45,7 +45,7 @@ EXPORT_SYMBOL(__virt_addr_valid);
+ 	unsigned long y = x - __START_KERNEL_map;
+ 
+@@ -67,7 +67,7 @@ EXPORT_SYMBOL(__virt_addr_valid);
  #else
  
  #ifdef CONFIG_DEBUG_VIRTUAL
 -unsigned long __phys_addr(unsigned long x)
 +unsigned long __intentional_overflow(-1) __phys_addr(unsigned long x)
  {
+ 	unsigned long phys_addr = x - PAGE_OFFSET;
  	/* VMALLOC_* aren't constants  */
- 	VIRTUAL_BUG_ON(x < PAGE_OFFSET);
 diff --git a/arch/x86/mm/setup_nx.c b/arch/x86/mm/setup_nx.c
 index 410531d..0f16030 100644
 --- a/arch/x86/mm/setup_nx.c
@@ -29779,7 +29332,7 @@ index 410531d..0f16030 100644
  }
  
 diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c
-index 13a6b29..c2fff23 100644
+index 282375f..e03a98f 100644
 --- a/arch/x86/mm/tlb.c
 +++ b/arch/x86/mm/tlb.c
 @@ -48,7 +48,11 @@ void leave_mm(int cpu)
@@ -29908,7 +29461,7 @@ index 877b9a1..a8ecf42 100644
 +	pax_force_retaddr
  	ret
 diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c
-index d11a470..3f9adff3 100644
+index 3cbe4538..fd756dc 100644
 --- a/arch/x86/net/bpf_jit_comp.c
 +++ b/arch/x86/net/bpf_jit_comp.c
 @@ -12,6 +12,7 @@
@@ -30040,7 +29593,7 @@ index d11a470..3f9adff3 100644
  	}							\
  } while (0)
  
-@@ -121,12 +215,17 @@ static inline void bpf_flush_icache(void *start, void *end)
+@@ -121,6 +215,11 @@ static inline void bpf_flush_icache(void *start, void *end)
  	set_fs(old_fs);
  }
  
@@ -30052,6 +29605,8 @@ index d11a470..3f9adff3 100644
  #define CHOOSE_LOAD_FUNC(K, func) \
  	((int)K < 0 ? ((int)K >= SKF_LL_OFF ? func##_negative_offset : func) : func##_positive_offset)
  
+@@ -146,7 +245,7 @@ static int pkt_type_offset(void)
+ 
  void bpf_jit_compile(struct sk_filter *fp)
  {
 -	u8 temp[64];
@@ -30059,7 +29614,7 @@ index d11a470..3f9adff3 100644
  	u8 *prog;
  	unsigned int proglen, oldproglen = 0;
  	int ilen, i;
-@@ -139,6 +238,9 @@ void bpf_jit_compile(struct sk_filter *fp)
+@@ -159,6 +258,9 @@ void bpf_jit_compile(struct sk_filter *fp)
  	unsigned int *addrs;
  	const struct sock_filter *filter = fp->insns;
  	int flen = fp->len;
@@ -30069,7 +29624,7 @@ index d11a470..3f9adff3 100644
  
  	if (!bpf_jit_enable)
  		return;
-@@ -147,11 +249,19 @@ void bpf_jit_compile(struct sk_filter *fp)
+@@ -167,11 +269,19 @@ void bpf_jit_compile(struct sk_filter *fp)
  	if (addrs == NULL)
  		return;
  
@@ -30091,7 +29646,7 @@ index d11a470..3f9adff3 100644
  		addrs[i] = proglen;
  	}
  	cleanup_addr = proglen; /* epilogue address */
-@@ -261,10 +371,8 @@ void bpf_jit_compile(struct sk_filter *fp)
+@@ -282,10 +392,8 @@ void bpf_jit_compile(struct sk_filter *fp)
  			case BPF_S_ALU_MUL_K: /* A *= K */
  				if (is_imm8(K))
  					EMIT3(0x6b, 0xc0, K); /* imul imm8,%eax,%eax */
@@ -30104,7 +29659,7 @@ index d11a470..3f9adff3 100644
  				break;
  			case BPF_S_ALU_DIV_X: /* A /= X; */
  				seen |= SEEN_XREG;
-@@ -304,13 +412,23 @@ void bpf_jit_compile(struct sk_filter *fp)
+@@ -325,13 +433,23 @@ void bpf_jit_compile(struct sk_filter *fp)
  				break;
  			case BPF_S_ALU_MOD_K: /* A %= K; */
  				EMIT2(0x31, 0xd2);	/* xor %edx,%edx */
@@ -30128,7 +29683,7 @@ index d11a470..3f9adff3 100644
  				EMIT4(0x48, 0xc1, 0xe8, 0x20); /* shr $0x20,%rax */
  				break;
  			case BPF_S_ALU_AND_X:
-@@ -564,8 +682,7 @@ common_load_ind:		seen |= SEEN_DATAREF | SEEN_XREG;
+@@ -602,8 +720,7 @@ common_load_ind:		seen |= SEEN_DATAREF | SEEN_XREG;
  					if (is_imm8(K)) {
  						EMIT3(0x8d, 0x73, K); /* lea imm8(%rbx), %esi */
  					} else {
@@ -30138,7 +29693,7 @@ index d11a470..3f9adff3 100644
  					}
  				} else {
  					EMIT2(0x89,0xde); /* mov %ebx,%esi */
-@@ -648,17 +765,18 @@ cond_branch:			f_offset = addrs[i + filter[i].jf] - addrs[i];
+@@ -686,17 +803,18 @@ cond_branch:			f_offset = addrs[i + filter[i].jf] - addrs[i];
  				break;
  			default:
  				/* hmm, too complex filter, give up with jit compiler */
@@ -30161,7 +29716,7 @@ index d11a470..3f9adff3 100644
  			}
  			proglen += ilen;
  			addrs[i] = proglen;
-@@ -679,11 +797,9 @@ cond_branch:			f_offset = addrs[i + filter[i].jf] - addrs[i];
+@@ -717,11 +835,9 @@ cond_branch:			f_offset = addrs[i + filter[i].jf] - addrs[i];
  			break;
  		}
  		if (proglen == oldproglen) {
@@ -30175,7 +29730,7 @@ index d11a470..3f9adff3 100644
  		}
  		oldproglen = proglen;
  	}
-@@ -699,7 +815,10 @@ cond_branch:			f_offset = addrs[i + filter[i].jf] - addrs[i];
+@@ -737,7 +853,10 @@ cond_branch:			f_offset = addrs[i + filter[i].jf] - addrs[i];
  		bpf_flush_icache(image, image + proglen);
  
  		fp->bpf_func = (void *)image;
@@ -30187,7 +29742,7 @@ index d11a470..3f9adff3 100644
  out:
  	kfree(addrs);
  	return;
-@@ -707,18 +826,20 @@ out:
+@@ -745,18 +864,20 @@ out:
  
  static void jit_free_defer(struct work_struct *arg)
  {
@@ -30996,15 +30551,15 @@ index 3c68768..07e82b8 100644
  #endif
  	load_TR_desc();				/* This does ltr */
 diff --git a/arch/x86/realmode/init.c b/arch/x86/realmode/init.c
-index cbca565..bae7133 100644
+index a44f457..9140171 100644
 --- a/arch/x86/realmode/init.c
 +++ b/arch/x86/realmode/init.c
-@@ -62,7 +62,13 @@ void __init setup_real_mode(void)
+@@ -70,7 +70,13 @@ void __init setup_real_mode(void)
  		__va(real_mode_header->trampoline_header);
  
  #ifdef CONFIG_X86_32
--	trampoline_header->start = __pa(startup_32_smp);
-+	trampoline_header->start = __pa(ktla_ktva(startup_32_smp));
+-	trampoline_header->start = __pa_symbol(startup_32_smp);
++	trampoline_header->start = __pa_symbol(ktla_ktva(startup_32_smp));
 +
 +#ifdef CONFIG_PAX_KERNEXEC
 +	trampoline_header->start -= LOAD_PHYSICAL_ADDR;
@@ -31012,8 +30567,17 @@ index cbca565..bae7133 100644
 +
 +	trampoline_header->boot_cs = __BOOT_CS;
  	trampoline_header->gdt_limit = __BOOT_DS + 7;
- 	trampoline_header->gdt_base = __pa(boot_gdt);
+ 	trampoline_header->gdt_base = __pa_symbol(boot_gdt);
  #else
+@@ -86,7 +92,7 @@ void __init setup_real_mode(void)
+ 	*trampoline_cr4_features = read_cr4();
+ 
+ 	trampoline_pgd = (u64 *) __va(real_mode_header->trampoline_pgd);
+-	trampoline_pgd[0] = init_level4_pgt[pgd_index(__PAGE_OFFSET)].pgd;
++	trampoline_pgd[0] = init_level4_pgt[pgd_index(__PAGE_OFFSET)].pgd & ~_PAGE_NX;
+ 	trampoline_pgd[511] = init_level4_pgt[511].pgd;
+ #endif
+ }
 diff --git a/arch/x86/realmode/rm/Makefile b/arch/x86/realmode/rm/Makefile
 index 8869287..d577672 100644
 --- a/arch/x86/realmode/rm/Makefile
@@ -31483,7 +31047,7 @@ index 431e875..cbb23f3 100644
 -}
 -__setup("vdso=", vdso_setup);
 diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
-index 08c6511..d946c4a 100644
+index 2363127..ec09d96 100644
 --- a/arch/x86/xen/enlighten.c
 +++ b/arch/x86/xen/enlighten.c
 @@ -100,8 +100,6 @@ EXPORT_SYMBOL_GPL(xen_start_info);
@@ -31614,46 +31178,10 @@ index 08c6511..d946c4a 100644
  };
  
 diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c
-index cab96b6..8c629ba 100644
+index e006c18..b9a7d6c 100644
 --- a/arch/x86/xen/mmu.c
 +++ b/arch/x86/xen/mmu.c
-@@ -1739,14 +1739,18 @@ static void *m2v(phys_addr_t maddr)
- }
- 
- /* Set the page permissions on an identity-mapped pages */
--static void set_page_prot(void *addr, pgprot_t prot)
-+static void set_page_prot_flags(void *addr, pgprot_t prot, unsigned long flags)
- {
- 	unsigned long pfn = __pa(addr) >> PAGE_SHIFT;
- 	pte_t pte = pfn_pte(pfn, prot);
- 
--	if (HYPERVISOR_update_va_mapping((unsigned long)addr, pte, 0))
-+	if (HYPERVISOR_update_va_mapping((unsigned long)addr, pte, flags))
- 		BUG();
- }
-+static void set_page_prot(void *addr, pgprot_t prot)
-+{
-+	return set_page_prot_flags(addr, prot, UVMF_NONE);
-+}
- #ifdef CONFIG_X86_32
- static void __init xen_map_identity_early(pmd_t *pmd, unsigned long max_pfn)
- {
-@@ -1830,12 +1834,12 @@ static void __init check_pt_base(unsigned long *pt_base, unsigned long *pt_end,
- 				 unsigned long addr)
- {
- 	if (*pt_base == PFN_DOWN(__pa(addr))) {
--		set_page_prot((void *)addr, PAGE_KERNEL);
-+		set_page_prot_flags((void *)addr, PAGE_KERNEL, UVMF_INVLPG);
- 		clear_page((void *)addr);
- 		(*pt_base)++;
- 	}
- 	if (*pt_end == PFN_DOWN(__pa(addr))) {
--		set_page_prot((void *)addr, PAGE_KERNEL);
-+		set_page_prot_flags((void *)addr, PAGE_KERNEL, UVMF_INVLPG);
- 		clear_page((void *)addr);
- 		(*pt_end)--;
- 	}
-@@ -1881,6 +1885,9 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn)
+@@ -1894,6 +1894,9 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn)
  	/* L3_k[510] -> level2_kernel_pgt
  	 * L3_i[511] -> level2_fixmap_pgt */
  	convert_pfn_mfn(level3_kernel_pgt);
@@ -31663,7 +31191,7 @@ index cab96b6..8c629ba 100644
  
  	/* We get [511][511] and have Xen's version of level2_kernel_pgt */
  	l3 = m2v(pgd[pgd_index(__START_KERNEL_map)].pgd);
-@@ -1910,8 +1917,12 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn)
+@@ -1923,8 +1926,12 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn)
  	set_page_prot(init_level4_pgt, PAGE_KERNEL_RO);
  	set_page_prot(level3_ident_pgt, PAGE_KERNEL_RO);
  	set_page_prot(level3_kernel_pgt, PAGE_KERNEL_RO);
@@ -31676,7 +31204,7 @@ index cab96b6..8c629ba 100644
  	set_page_prot(level2_kernel_pgt, PAGE_KERNEL_RO);
  	set_page_prot(level2_fixmap_pgt, PAGE_KERNEL_RO);
  
-@@ -2097,6 +2108,7 @@ static void __init xen_post_allocator_init(void)
+@@ -2110,6 +2117,7 @@ static void __init xen_post_allocator_init(void)
  	pv_mmu_ops.set_pud = xen_set_pud;
  #if PAGETABLE_LEVELS == 4
  	pv_mmu_ops.set_pgd = xen_set_pgd;
@@ -31684,7 +31212,7 @@ index cab96b6..8c629ba 100644
  #endif
  
  	/* This will work as long as patching hasn't happened yet
-@@ -2178,6 +2190,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = {
+@@ -2188,6 +2196,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = {
  	.pud_val = PV_CALLEE_SAVE(xen_pud_val),
  	.make_pud = PV_CALLEE_SAVE(xen_make_pud),
  	.set_pgd = xen_set_pgd_hyper,
@@ -31693,7 +31221,7 @@ index cab96b6..8c629ba 100644
  	.alloc_pud = xen_alloc_pmd_init,
  	.release_pud = xen_release_pmd_init,
 diff --git a/arch/x86/xen/smp.c b/arch/x86/xen/smp.c
-index 48d7b2c..20fed27 100644
+index 22c800a..8915f1e 100644
 --- a/arch/x86/xen/smp.c
 +++ b/arch/x86/xen/smp.c
 @@ -229,11 +229,6 @@ static void __init xen_smp_prepare_boot_cpu(void)
@@ -31708,14 +31236,7 @@ index 48d7b2c..20fed27 100644
  	xen_filter_cpu_maps();
  	xen_setup_vcpu_info_placement();
  }
-@@ -300,12 +295,12 @@ cpu_initialize_context(unsigned int cpu, struct task_struct *idle)
- 	gdt = get_cpu_gdt_table(cpu);
- 
- 	ctxt->flags = VGCF_IN_KERNEL;
--	ctxt->user_regs.ds = __USER_DS;
--	ctxt->user_regs.es = __USER_DS;
-+	ctxt->user_regs.ds = __KERNEL_DS;
-+	ctxt->user_regs.es = __KERNEL_DS;
+@@ -303,7 +298,7 @@ cpu_initialize_context(unsigned int cpu, struct task_struct *idle)
  	ctxt->user_regs.ss = __KERNEL_DS;
  #ifdef CONFIG_X86_32
  	ctxt->user_regs.fs = __KERNEL_PERCPU;
@@ -31724,7 +31245,18 @@ index 48d7b2c..20fed27 100644
  #else
  	ctxt->gs_base_kernel = per_cpu_offset(cpu);
  #endif
-@@ -355,13 +350,12 @@ static int __cpuinit xen_cpu_up(unsigned int cpu, struct task_struct *idle)
+@@ -313,8 +308,8 @@ cpu_initialize_context(unsigned int cpu, struct task_struct *idle)
+ 
+ 	{
+ 		ctxt->user_regs.eflags = 0x1000; /* IOPL_RING1 */
+-		ctxt->user_regs.ds = __USER_DS;
+-		ctxt->user_regs.es = __USER_DS;
++		ctxt->user_regs.ds = __KERNEL_DS;
++		ctxt->user_regs.es = __KERNEL_DS;
+ 
+ 		xen_copy_trap_info(ctxt->trap_ctxt);
+ 
+@@ -359,13 +354,12 @@ static int __cpuinit xen_cpu_up(unsigned int cpu, struct task_struct *idle)
  	int rc;
  
  	per_cpu(current_task, cpu) = idle;
@@ -31740,7 +31272,7 @@ index 48d7b2c..20fed27 100644
  #endif
  	xen_setup_runstate_info(cpu);
  	xen_setup_timer(cpu);
-@@ -630,7 +624,7 @@ static const struct smp_ops xen_smp_ops __initconst = {
+@@ -634,7 +628,7 @@ static const struct smp_ops xen_smp_ops __initconst = {
  
  void __init xen_smp_init(void)
  {
@@ -31928,7 +31460,7 @@ index 467c8de..f3628c5 100644
  };
  
 diff --git a/block/bsg.c b/block/bsg.c
-index ff64ae3..593560c 100644
+index 420a5a9..23834aa 100644
 --- a/block/bsg.c
 +++ b/block/bsg.c
 @@ -176,16 +176,24 @@ static int blk_fill_sgv4_hdr_rq(struct request_queue *q, struct request *rq,
@@ -31972,7 +31504,7 @@ index 7c668c8..db3521c 100644
  			err = -EFAULT;
  			goto out;
 diff --git a/block/partitions/efi.c b/block/partitions/efi.c
-index b62fb88..bdab4c4 100644
+index ff5804e..a88acad 100644
 --- a/block/partitions/efi.c
 +++ b/block/partitions/efi.c
 @@ -234,14 +234,14 @@ static gpt_entry *alloc_read_gpt_entries(struct parsed_partitions *state,
@@ -32073,61 +31605,6 @@ index 7bdd61b..afec999 100644
  
  static void cryptd_queue_worker(struct work_struct *work);
  
-diff --git a/crypto/crypto_user.c b/crypto/crypto_user.c
-index f6d9baf..dfd511f 100644
---- a/crypto/crypto_user.c
-+++ b/crypto/crypto_user.c
-@@ -30,6 +30,8 @@
- 
- #include "internal.h"
- 
-+#define null_terminated(x)	(strnlen(x, sizeof(x)) < sizeof(x))
-+
- static DEFINE_MUTEX(crypto_cfg_mutex);
- 
- /* The crypto netlink socket */
-@@ -196,7 +198,10 @@ static int crypto_report(struct sk_buff *in_skb, struct nlmsghdr *in_nlh,
- 	struct crypto_dump_info info;
- 	int err;
- 
--	if (!p->cru_driver_name)
-+	if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name))
-+		return -EINVAL;
-+
-+	if (!p->cru_driver_name[0])
- 		return -EINVAL;
- 
- 	alg = crypto_alg_match(p, 1);
-@@ -260,6 +265,9 @@ static int crypto_update_alg(struct sk_buff *skb, struct nlmsghdr *nlh,
- 	struct nlattr *priority = attrs[CRYPTOCFGA_PRIORITY_VAL];
- 	LIST_HEAD(list);
- 
-+	if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name))
-+		return -EINVAL;
-+
- 	if (priority && !strlen(p->cru_driver_name))
- 		return -EINVAL;
- 
-@@ -287,6 +295,9 @@ static int crypto_del_alg(struct sk_buff *skb, struct nlmsghdr *nlh,
- 	struct crypto_alg *alg;
- 	struct crypto_user_alg *p = nlmsg_data(nlh);
- 
-+	if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name))
-+		return -EINVAL;
-+
- 	alg = crypto_alg_match(p, 1);
- 	if (!alg)
- 		return -ENOENT;
-@@ -368,6 +379,9 @@ static int crypto_add_alg(struct sk_buff *skb, struct nlmsghdr *nlh,
- 	struct crypto_user_alg *p = nlmsg_data(nlh);
- 	struct nlattr *priority = attrs[CRYPTOCFGA_PRIORITY_VAL];
- 
-+	if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name))
-+		return -EINVAL;
-+
- 	if (strlen(p->cru_driver_name))
- 		exact = 1;
- 
 diff --git a/drivers/acpi/apei/apei-internal.h b/drivers/acpi/apei/apei-internal.h
 index f220d64..d359ad6 100644
 --- a/drivers/acpi/apei/apei-internal.h
@@ -32142,10 +31619,10 @@ index f220d64..d359ad6 100644
  struct apei_exec_context {
  	u32 ip;
 diff --git a/drivers/acpi/apei/cper.c b/drivers/acpi/apei/cper.c
-index e6defd8..c26a225 100644
+index fefc2ca..12a535d 100644
 --- a/drivers/acpi/apei/cper.c
 +++ b/drivers/acpi/apei/cper.c
-@@ -38,12 +38,12 @@
+@@ -39,12 +39,12 @@
   */
  u64 cper_next_record_id(void)
  {
@@ -32254,24 +31731,11 @@ index 7586544..636a2f0 100644
  		err = ec_write(*off, byte_write);
  		if (err)
  			return err;
-diff --git a/drivers/acpi/processor_driver.c b/drivers/acpi/processor_driver.c
-index e83311b..142b5cc 100644
---- a/drivers/acpi/processor_driver.c
-+++ b/drivers/acpi/processor_driver.c
-@@ -558,7 +558,7 @@ static int __cpuinit acpi_processor_add(struct acpi_device *device)
- 		return 0;
- #endif
- 
--	BUG_ON((pr->id >= nr_cpu_ids) || (pr->id < 0));
-+	BUG_ON(pr->id >= nr_cpu_ids);
- 
- 	/*
- 	 * Buggy BIOS check
 diff --git a/drivers/acpi/processor_idle.c b/drivers/acpi/processor_idle.c
-index ed9a1cc..f4a354c 100644
+index ee255c6..747c68b 100644
 --- a/drivers/acpi/processor_idle.c
 +++ b/drivers/acpi/processor_idle.c
-@@ -1005,7 +1005,7 @@ static int acpi_processor_setup_cpuidle_states(struct acpi_processor *pr)
+@@ -986,7 +986,7 @@ static int acpi_processor_setup_cpuidle_states(struct acpi_processor *pr)
  {
  	int i, count = CPUIDLE_DRIVER_STATE_START;
  	struct acpi_processor_cx *cx;
@@ -32281,7 +31745,7 @@ index ed9a1cc..f4a354c 100644
  
  	if (!pr->flags.power_setup_done)
 diff --git a/drivers/acpi/sysfs.c b/drivers/acpi/sysfs.c
-index ea61ca9..3fdd70d 100644
+index 41c0504..f8c0836 100644
 --- a/drivers/acpi/sysfs.c
 +++ b/drivers/acpi/sysfs.c
 @@ -420,11 +420,11 @@ static u32 num_counters;
@@ -32299,7 +31763,7 @@ index ea61ca9..3fdd70d 100644
  static void delete_gpe_attr_array(void)
  {
 diff --git a/drivers/ata/libahci.c b/drivers/ata/libahci.c
-index 6cd7805..07facb3 100644
+index 34c8216..f56c828 100644
 --- a/drivers/ata/libahci.c
 +++ b/drivers/ata/libahci.c
 @@ -1230,7 +1230,7 @@ int ahci_kick_engine(struct ata_port *ap)
@@ -32312,10 +31776,10 @@ index 6cd7805..07facb3 100644
  				unsigned long timeout_msec)
  {
 diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c
-index 501c209..5f28b4d 100644
+index 63c743b..0422dc6 100644
 --- a/drivers/ata/libata-core.c
 +++ b/drivers/ata/libata-core.c
-@@ -4784,7 +4784,7 @@ void ata_qc_free(struct ata_queued_cmd *qc)
+@@ -4786,7 +4786,7 @@ void ata_qc_free(struct ata_queued_cmd *qc)
  	struct ata_port *ap;
  	unsigned int tag;
  
@@ -32324,7 +31788,7 @@ index 501c209..5f28b4d 100644
  	ap = qc->ap;
  
  	qc->flags = 0;
-@@ -4800,7 +4800,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc)
+@@ -4802,7 +4802,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc)
  	struct ata_port *ap;
  	struct ata_link *link;
  
@@ -32333,7 +31797,7 @@ index 501c209..5f28b4d 100644
  	WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE));
  	ap = qc->ap;
  	link = qc->dev->link;
-@@ -5896,6 +5896,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
+@@ -5920,6 +5920,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
  		return;
  
  	spin_lock(&lock);
@@ -32341,7 +31805,7 @@ index 501c209..5f28b4d 100644
  
  	for (cur = ops->inherits; cur; cur = cur->inherits) {
  		void **inherit = (void **)cur;
-@@ -5909,8 +5910,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
+@@ -5933,8 +5934,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
  		if (IS_ERR(*pp))
  			*pp = NULL;
  
@@ -32421,10 +31885,10 @@ index 77a7480..05cde58 100644
    }
    
 diff --git a/drivers/atm/atmtcp.c b/drivers/atm/atmtcp.c
-index b22d71c..d6e1049 100644
+index 0e3f8f9..765a7a5 100644
 --- a/drivers/atm/atmtcp.c
 +++ b/drivers/atm/atmtcp.c
-@@ -207,7 +207,7 @@ static int atmtcp_v_send(struct atm_vcc *vcc,struct sk_buff *skb)
+@@ -206,7 +206,7 @@ static int atmtcp_v_send(struct atm_vcc *vcc,struct sk_buff *skb)
  		if (vcc->pop) vcc->pop(vcc,skb);
  		else dev_kfree_skb(skb);
  		if (dev_data) return 0;
@@ -32433,7 +31897,7 @@ index b22d71c..d6e1049 100644
  		return -ENOLINK;
  	}
  	size = skb->len+sizeof(struct atmtcp_hdr);
-@@ -215,7 +215,7 @@ static int atmtcp_v_send(struct atm_vcc *vcc,struct sk_buff *skb)
+@@ -214,7 +214,7 @@ static int atmtcp_v_send(struct atm_vcc *vcc,struct sk_buff *skb)
  	if (!new_skb) {
  		if (vcc->pop) vcc->pop(vcc,skb);
  		else dev_kfree_skb(skb);
@@ -32442,7 +31906,7 @@ index b22d71c..d6e1049 100644
  		return -ENOBUFS;
  	}
  	hdr = (void *) skb_put(new_skb,sizeof(struct atmtcp_hdr));
-@@ -226,8 +226,8 @@ static int atmtcp_v_send(struct atm_vcc *vcc,struct sk_buff *skb)
+@@ -225,8 +225,8 @@ static int atmtcp_v_send(struct atm_vcc *vcc,struct sk_buff *skb)
  	if (vcc->pop) vcc->pop(vcc,skb);
  	else dev_kfree_skb(skb);
  	out_vcc->push(out_vcc,new_skb);
@@ -32453,7 +31917,7 @@ index b22d71c..d6e1049 100644
  	return 0;
  }
  
-@@ -301,7 +301,7 @@ static int atmtcp_c_send(struct atm_vcc *vcc,struct sk_buff *skb)
+@@ -299,7 +299,7 @@ static int atmtcp_c_send(struct atm_vcc *vcc,struct sk_buff *skb)
  	out_vcc = find_vcc(dev, ntohs(hdr->vpi), ntohs(hdr->vci));
  	read_unlock(&vcc_sklist_lock);
  	if (!out_vcc) {
@@ -32462,7 +31926,7 @@ index b22d71c..d6e1049 100644
  		goto done;
  	}
  	skb_pull(skb,sizeof(struct atmtcp_hdr));
-@@ -313,8 +313,8 @@ static int atmtcp_c_send(struct atm_vcc *vcc,struct sk_buff *skb)
+@@ -311,8 +311,8 @@ static int atmtcp_c_send(struct atm_vcc *vcc,struct sk_buff *skb)
  	__net_timestamp(new_skb);
  	skb_copy_from_linear_data(skb, skb_put(new_skb, skb->len), skb->len);
  	out_vcc->push(out_vcc,new_skb);
@@ -32474,7 +31938,7 @@ index b22d71c..d6e1049 100644
  	if (vcc->pop) vcc->pop(vcc,skb);
  	else dev_kfree_skb(skb);
 diff --git a/drivers/atm/eni.c b/drivers/atm/eni.c
-index c1eb6fa..4c71be9 100644
+index b1955ba..b179940 100644
 --- a/drivers/atm/eni.c
 +++ b/drivers/atm/eni.c
 @@ -522,7 +522,7 @@ static int rx_aal0(struct atm_vcc *vcc)
@@ -32620,10 +32084,10 @@ index 204814e..cede831 100644
  	    fore200e->tx_sat++;
  	    DPRINTK(2, "tx queue of device %s is saturated, PDU dropped - heartbeat is %08x\n",
 diff --git a/drivers/atm/he.c b/drivers/atm/he.c
-index 72b6960..cf9167a 100644
+index d689126..e78e412 100644
 --- a/drivers/atm/he.c
 +++ b/drivers/atm/he.c
-@@ -1699,7 +1699,7 @@ he_service_rbrq(struct he_dev *he_dev, int group)
+@@ -1698,7 +1698,7 @@ he_service_rbrq(struct he_dev *he_dev, int group)
  
  		if (RBRQ_HBUF_ERR(he_dev->rbrq_head)) {
  			hprintk("HBUF_ERR!  (cid 0x%x)\n", cid);
@@ -32632,7 +32096,7 @@ index 72b6960..cf9167a 100644
  			goto return_host_buffers;
  		}
  
-@@ -1726,7 +1726,7 @@ he_service_rbrq(struct he_dev *he_dev, int group)
+@@ -1725,7 +1725,7 @@ he_service_rbrq(struct he_dev *he_dev, int group)
  				RBRQ_LEN_ERR(he_dev->rbrq_head)
  							? "LEN_ERR" : "",
  							vcc->vpi, vcc->vci);
@@ -32641,7 +32105,7 @@ index 72b6960..cf9167a 100644
  			goto return_host_buffers;
  		}
  
-@@ -1778,7 +1778,7 @@ he_service_rbrq(struct he_dev *he_dev, int group)
+@@ -1777,7 +1777,7 @@ he_service_rbrq(struct he_dev *he_dev, int group)
  		vcc->push(vcc, skb);
  		spin_lock(&he_dev->global_lock);
  
@@ -32650,7 +32114,7 @@ index 72b6960..cf9167a 100644
  
  return_host_buffers:
  		++pdus_assembled;
-@@ -2104,7 +2104,7 @@ __enqueue_tpd(struct he_dev *he_dev, struct he_tpd *tpd, unsigned cid)
+@@ -2103,7 +2103,7 @@ __enqueue_tpd(struct he_dev *he_dev, struct he_tpd *tpd, unsigned cid)
  					tpd->vcc->pop(tpd->vcc, tpd->skb);
  				else
  					dev_kfree_skb_any(tpd->skb);
@@ -32659,7 +32123,7 @@ index 72b6960..cf9167a 100644
  			}
  			pci_pool_free(he_dev->tpd_pool, tpd, TPD_ADDR(tpd->status));
  			return;
-@@ -2516,7 +2516,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb)
+@@ -2515,7 +2515,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb)
  			vcc->pop(vcc, skb);
  		else
  			dev_kfree_skb_any(skb);
@@ -32668,7 +32132,7 @@ index 72b6960..cf9167a 100644
  		return -EINVAL;
  	}
  
-@@ -2527,7 +2527,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb)
+@@ -2526,7 +2526,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb)
  			vcc->pop(vcc, skb);
  		else
  			dev_kfree_skb_any(skb);
@@ -32677,7 +32141,7 @@ index 72b6960..cf9167a 100644
  		return -EINVAL;
  	}
  #endif
-@@ -2539,7 +2539,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb)
+@@ -2538,7 +2538,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb)
  			vcc->pop(vcc, skb);
  		else
  			dev_kfree_skb_any(skb);
@@ -32686,7 +32150,7 @@ index 72b6960..cf9167a 100644
  		spin_unlock_irqrestore(&he_dev->global_lock, flags);
  		return -ENOMEM;
  	}
-@@ -2581,7 +2581,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb)
+@@ -2580,7 +2580,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb)
  					vcc->pop(vcc, skb);
  				else
  					dev_kfree_skb_any(skb);
@@ -32695,7 +32159,7 @@ index 72b6960..cf9167a 100644
  				spin_unlock_irqrestore(&he_dev->global_lock, flags);
  				return -ENOMEM;
  			}
-@@ -2612,7 +2612,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb)
+@@ -2611,7 +2611,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb)
  	__enqueue_tpd(he_dev, tpd, cid);
  	spin_unlock_irqrestore(&he_dev->global_lock, flags);
  
@@ -33043,10 +32507,10 @@ index fa7d701..1e404c7 100644
  	lvcc->rx.buf.ptr = &lvcc->rx.buf.start[SERVICE_GET_END(s) * 4];
  	cardvcc_write(lvcc, SERVICE_GET_END(s), vcc_rxreadptr);
 diff --git a/drivers/atm/nicstar.c b/drivers/atm/nicstar.c
-index ed1d2b7..8cffc1f 100644
+index 6587dc2..149833d 100644
 --- a/drivers/atm/nicstar.c
 +++ b/drivers/atm/nicstar.c
-@@ -1654,7 +1654,7 @@ static int ns_send(struct atm_vcc *vcc, struct sk_buff *skb)
+@@ -1641,7 +1641,7 @@ static int ns_send(struct atm_vcc *vcc, struct sk_buff *skb)
  	if ((vc = (vc_map *) vcc->dev_data) == NULL) {
  		printk("nicstar%d: vcc->dev_data == NULL on ns_send().\n",
  		       card->index);
@@ -33055,7 +32519,7 @@ index ed1d2b7..8cffc1f 100644
  		dev_kfree_skb_any(skb);
  		return -EINVAL;
  	}
-@@ -1662,7 +1662,7 @@ static int ns_send(struct atm_vcc *vcc, struct sk_buff *skb)
+@@ -1649,7 +1649,7 @@ static int ns_send(struct atm_vcc *vcc, struct sk_buff *skb)
  	if (!vc->tx) {
  		printk("nicstar%d: Trying to transmit on a non-tx VC.\n",
  		       card->index);
@@ -33064,7 +32528,7 @@ index ed1d2b7..8cffc1f 100644
  		dev_kfree_skb_any(skb);
  		return -EINVAL;
  	}
-@@ -1670,14 +1670,14 @@ static int ns_send(struct atm_vcc *vcc, struct sk_buff *skb)
+@@ -1657,14 +1657,14 @@ static int ns_send(struct atm_vcc *vcc, struct sk_buff *skb)
  	if (vcc->qos.aal != ATM_AAL5 && vcc->qos.aal != ATM_AAL0) {
  		printk("nicstar%d: Only AAL0 and AAL5 are supported.\n",
  		       card->index);
@@ -33081,7 +32545,7 @@ index ed1d2b7..8cffc1f 100644
  		dev_kfree_skb_any(skb);
  		return -EINVAL;
  	}
-@@ -1725,11 +1725,11 @@ static int ns_send(struct atm_vcc *vcc, struct sk_buff *skb)
+@@ -1712,11 +1712,11 @@ static int ns_send(struct atm_vcc *vcc, struct sk_buff *skb)
  	}
  
  	if (push_scqe(card, vc, scq, &scqe, skb) != 0) {
@@ -33095,7 +32559,7 @@ index ed1d2b7..8cffc1f 100644
  
  	return 0;
  }
-@@ -2046,14 +2046,14 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe)
+@@ -2033,14 +2033,14 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe)
  				printk
  				    ("nicstar%d: Can't allocate buffers for aal0.\n",
  				     card->index);
@@ -33112,7 +32576,7 @@ index ed1d2b7..8cffc1f 100644
  				dev_kfree_skb_any(sb);
  				break;
  			}
-@@ -2068,7 +2068,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe)
+@@ -2055,7 +2055,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe)
  			ATM_SKB(sb)->vcc = vcc;
  			__net_timestamp(sb);
  			vcc->push(vcc, sb);
@@ -33121,7 +32585,7 @@ index ed1d2b7..8cffc1f 100644
  			cell += ATM_CELL_PAYLOAD;
  		}
  
-@@ -2085,7 +2085,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe)
+@@ -2072,7 +2072,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe)
  			if (iovb == NULL) {
  				printk("nicstar%d: Out of iovec buffers.\n",
  				       card->index);
@@ -33130,7 +32594,7 @@ index ed1d2b7..8cffc1f 100644
  				recycle_rx_buf(card, skb);
  				return;
  			}
-@@ -2109,7 +2109,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe)
+@@ -2096,7 +2096,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe)
  		   small or large buffer itself. */
  	} else if (NS_PRV_IOVCNT(iovb) >= NS_MAX_IOVECS) {
  		printk("nicstar%d: received too big AAL5 SDU.\n", card->index);
@@ -33139,7 +32603,7 @@ index ed1d2b7..8cffc1f 100644
  		recycle_iovec_rx_bufs(card, (struct iovec *)iovb->data,
  				      NS_MAX_IOVECS);
  		NS_PRV_IOVCNT(iovb) = 0;
-@@ -2129,7 +2129,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe)
+@@ -2116,7 +2116,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe)
  			    ("nicstar%d: Expected a small buffer, and this is not one.\n",
  			     card->index);
  			which_list(card, skb);
@@ -33148,7 +32612,7 @@ index ed1d2b7..8cffc1f 100644
  			recycle_rx_buf(card, skb);
  			vc->rx_iov = NULL;
  			recycle_iov_buf(card, iovb);
-@@ -2142,7 +2142,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe)
+@@ -2129,7 +2129,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe)
  			    ("nicstar%d: Expected a large buffer, and this is not one.\n",
  			     card->index);
  			which_list(card, skb);
@@ -33157,7 +32621,7 @@ index ed1d2b7..8cffc1f 100644
  			recycle_iovec_rx_bufs(card, (struct iovec *)iovb->data,
  					      NS_PRV_IOVCNT(iovb));
  			vc->rx_iov = NULL;
-@@ -2165,7 +2165,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe)
+@@ -2152,7 +2152,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe)
  				printk(" - PDU size mismatch.\n");
  			else
  				printk(".\n");
@@ -33166,7 +32630,7 @@ index ed1d2b7..8cffc1f 100644
  			recycle_iovec_rx_bufs(card, (struct iovec *)iovb->data,
  					      NS_PRV_IOVCNT(iovb));
  			vc->rx_iov = NULL;
-@@ -2179,7 +2179,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe)
+@@ -2166,7 +2166,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe)
  			/* skb points to a small buffer */
  			if (!atm_charge(vcc, skb->truesize)) {
  				push_rxbufs(card, skb);
@@ -33175,7 +32639,7 @@ index ed1d2b7..8cffc1f 100644
  			} else {
  				skb_put(skb, len);
  				dequeue_sm_buf(card, skb);
-@@ -2189,7 +2189,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe)
+@@ -2176,7 +2176,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe)
  				ATM_SKB(skb)->vcc = vcc;
  				__net_timestamp(skb);
  				vcc->push(vcc, skb);
@@ -33184,7 +32648,7 @@ index ed1d2b7..8cffc1f 100644
  			}
  		} else if (NS_PRV_IOVCNT(iovb) == 2) {	/* One small plus one large buffer */
  			struct sk_buff *sb;
-@@ -2200,7 +2200,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe)
+@@ -2187,7 +2187,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe)
  			if (len <= NS_SMBUFSIZE) {
  				if (!atm_charge(vcc, sb->truesize)) {
  					push_rxbufs(card, sb);
@@ -33193,7 +32657,7 @@ index ed1d2b7..8cffc1f 100644
  				} else {
  					skb_put(sb, len);
  					dequeue_sm_buf(card, sb);
-@@ -2210,7 +2210,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe)
+@@ -2197,7 +2197,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe)
  					ATM_SKB(sb)->vcc = vcc;
  					__net_timestamp(sb);
  					vcc->push(vcc, sb);
@@ -33202,7 +32666,7 @@ index ed1d2b7..8cffc1f 100644
  				}
  
  				push_rxbufs(card, skb);
-@@ -2219,7 +2219,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe)
+@@ -2206,7 +2206,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe)
  
  				if (!atm_charge(vcc, skb->truesize)) {
  					push_rxbufs(card, skb);
@@ -33211,7 +32675,7 @@ index ed1d2b7..8cffc1f 100644
  				} else {
  					dequeue_lg_buf(card, skb);
  #ifdef NS_USE_DESTRUCTORS
-@@ -2232,7 +2232,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe)
+@@ -2219,7 +2219,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe)
  					ATM_SKB(skb)->vcc = vcc;
  					__net_timestamp(skb);
  					vcc->push(vcc, skb);
@@ -33220,7 +32684,7 @@ index ed1d2b7..8cffc1f 100644
  				}
  
  				push_rxbufs(card, sb);
-@@ -2253,7 +2253,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe)
+@@ -2240,7 +2240,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe)
  					printk
  					    ("nicstar%d: Out of huge buffers.\n",
  					     card->index);
@@ -33229,7 +32693,7 @@ index ed1d2b7..8cffc1f 100644
  					recycle_iovec_rx_bufs(card,
  							      (struct iovec *)
  							      iovb->data,
-@@ -2304,7 +2304,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe)
+@@ -2291,7 +2291,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe)
  					card->hbpool.count++;
  				} else
  					dev_kfree_skb_any(hb);
@@ -33238,7 +32702,7 @@ index ed1d2b7..8cffc1f 100644
  			} else {
  				/* Copy the small buffer to the huge buffer */
  				sb = (struct sk_buff *)iov->iov_base;
-@@ -2341,7 +2341,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe)
+@@ -2328,7 +2328,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe)
  #endif /* NS_USE_DESTRUCTORS */
  				__net_timestamp(hb);
  				vcc->push(vcc, hb);
@@ -33248,7 +32712,7 @@ index ed1d2b7..8cffc1f 100644
  		}
  
 diff --git a/drivers/atm/solos-pci.c b/drivers/atm/solos-pci.c
-index 0474a89..06ea4a1 100644
+index 32784d1..4a8434a 100644
 --- a/drivers/atm/solos-pci.c
 +++ b/drivers/atm/solos-pci.c
 @@ -838,7 +838,7 @@ void solos_bh(unsigned long card_arg)
@@ -33260,7 +32724,7 @@ index 0474a89..06ea4a1 100644
  				break;
  
  			case PKT_STATUS:
-@@ -1117,7 +1117,7 @@ static uint32_t fpga_tx(struct solos_card *card)
+@@ -1116,7 +1116,7 @@ static uint32_t fpga_tx(struct solos_card *card)
  			vcc = SKB_CB(oldskb)->vcc;
  
  			if (vcc) {
@@ -33364,7 +32828,7 @@ index 969c3c2..9b72956 100644
  }
  
 diff --git a/drivers/base/bus.c b/drivers/base/bus.c
-index 6856303..0602d70 100644
+index 519865b..e540db3 100644
 --- a/drivers/base/bus.c
 +++ b/drivers/base/bus.c
 @@ -1163,7 +1163,7 @@ int subsys_interface_register(struct subsys_interface *sif)
@@ -33386,10 +32850,10 @@ index 6856303..0602d70 100644
  		subsys_dev_iter_init(&iter, subsys, NULL, NULL);
  		while ((dev = subsys_dev_iter_next(&iter)))
 diff --git a/drivers/base/devtmpfs.c b/drivers/base/devtmpfs.c
-index 17cf7ca..7e553e1 100644
+index 01fc5b0..d0ed716 100644
 --- a/drivers/base/devtmpfs.c
 +++ b/drivers/base/devtmpfs.c
-@@ -347,7 +347,7 @@ int devtmpfs_mount(const char *mntdir)
+@@ -348,7 +348,7 @@ int devtmpfs_mount(const char *mntdir)
  	if (!thread)
  		return 0;
  
@@ -33412,10 +32876,10 @@ index fac124a..66bd4ab 100644
  static ssize_t show_node_state(struct device *dev,
  			       struct device_attribute *attr, char *buf)
 diff --git a/drivers/base/power/domain.c b/drivers/base/power/domain.c
-index acc3a8d..981c236 100644
+index 9a6b05a..2fc8fb9 100644
 --- a/drivers/base/power/domain.c
 +++ b/drivers/base/power/domain.c
-@@ -1851,7 +1851,7 @@ int pm_genpd_attach_cpuidle(struct generic_pm_domain *genpd, int state)
+@@ -1850,7 +1850,7 @@ int pm_genpd_attach_cpuidle(struct generic_pm_domain *genpd, int state)
  {
  	struct cpuidle_driver *cpuidle_drv;
  	struct gpd_cpu_data *cpu_data;
@@ -33424,7 +32888,7 @@ index acc3a8d..981c236 100644
  	int ret = 0;
  
  	if (IS_ERR_OR_NULL(genpd) || state < 0)
-@@ -1919,7 +1919,7 @@ int pm_genpd_name_attach_cpuidle(const char *name, int state)
+@@ -1918,7 +1918,7 @@ int pm_genpd_name_attach_cpuidle(const char *name, int state)
  int pm_genpd_detach_cpuidle(struct generic_pm_domain *genpd)
  {
  	struct gpd_cpu_data *cpu_data;
@@ -33434,7 +32898,7 @@ index acc3a8d..981c236 100644
  
  	if (IS_ERR_OR_NULL(genpd))
 diff --git a/drivers/base/power/wakeup.c b/drivers/base/power/wakeup.c
-index e6ee5e8..98ad7fc 100644
+index 79715e7..df06b3b 100644
 --- a/drivers/base/power/wakeup.c
 +++ b/drivers/base/power/wakeup.c
 @@ -29,14 +29,14 @@ bool events_check_enabled __read_mostly;
@@ -33454,7 +32918,7 @@ index e6ee5e8..98ad7fc 100644
  
  	*cnt = (comb >> IN_PROGRESS_BITS);
  	*inpr = comb & MAX_IN_PROGRESS;
-@@ -389,7 +389,7 @@ static void wakeup_source_activate(struct wakeup_source *ws)
+@@ -395,7 +395,7 @@ static void wakeup_source_activate(struct wakeup_source *ws)
  		ws->start_prevent_time = ws->last_time;
  
  	/* Increment the counter of events in progress. */
@@ -33463,7 +32927,7 @@ index e6ee5e8..98ad7fc 100644
  
  	trace_wakeup_source_activate(ws->name, cec);
  }
-@@ -515,7 +515,7 @@ static void wakeup_source_deactivate(struct wakeup_source *ws)
+@@ -521,7 +521,7 @@ static void wakeup_source_deactivate(struct wakeup_source *ws)
  	 * Increment the counter of registered wakeup events and decrement the
  	 * couter of wakeup events in progress simultaneously.
  	 */
@@ -33495,7 +32959,7 @@ index e8d11b6..7b1b36f 100644
  }
  EXPORT_SYMBOL_GPL(unregister_syscore_ops);
 diff --git a/drivers/block/cciss.c b/drivers/block/cciss.c
-index ade58bc..867143d 100644
+index 1c1b8e5..b7fc681 100644
 --- a/drivers/block/cciss.c
 +++ b/drivers/block/cciss.c
 @@ -1196,6 +1196,8 @@ static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode,
@@ -33799,7 +33263,7 @@ index 6b51afa..17e1191 100644
  	set_fs(KERNEL_DS);
  	if (level == SOL_SOCKET)
 diff --git a/drivers/block/drbd/drbd_main.c b/drivers/block/drbd/drbd_main.c
-index 8c13eeb..217adee 100644
+index e98da67..1181716b 100644
 --- a/drivers/block/drbd/drbd_main.c
 +++ b/drivers/block/drbd/drbd_main.c
 @@ -1317,7 +1317,7 @@ static int _drbd_send_ack(struct drbd_conf *mdev, enum drbd_packet cmd,
@@ -33931,10 +33395,10 @@ index a9eccfc..f5efe87 100644
  static struct asender_cmd asender_tbl[] = {
  	[P_PING]	    = { 0, got_Ping },
 diff --git a/drivers/block/loop.c b/drivers/block/loop.c
-index f74f2c0..bb668af 100644
+index dfe7583..83768bb 100644
 --- a/drivers/block/loop.c
 +++ b/drivers/block/loop.c
-@@ -226,7 +226,7 @@ static int __do_lo_send_write(struct file *file,
+@@ -231,7 +231,7 @@ static int __do_lo_send_write(struct file *file,
  	mm_segment_t old_fs = get_fs();
  
  	set_fs(get_ds());
@@ -34003,7 +33467,7 @@ index d59cdcb..11afddf 100644
  
  static int gdrom_bdops_open(struct block_device *bdev, fmode_t mode)
 diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig
-index 72bedad..8181ce1 100644
+index 3bb6fa3..34013fb 100644
 --- a/drivers/char/Kconfig
 +++ b/drivers/char/Kconfig
 @@ -8,7 +8,8 @@ source "drivers/tty/Kconfig"
@@ -34016,7 +33480,7 @@ index 72bedad..8181ce1 100644
  	help
  	  Say Y here if you want to support the /dev/kmem device. The
  	  /dev/kmem device is rarely used, but can be used for certain
-@@ -581,6 +582,7 @@ config DEVPORT
+@@ -582,6 +583,7 @@ config DEVPORT
  	bool
  	depends on !M68K
  	depends on ISA || PCI
@@ -34050,7 +33514,7 @@ index 21cb980..f15107c 100644
  	 	    return -EINVAL;
  	    else
 diff --git a/drivers/char/hpet.c b/drivers/char/hpet.c
-index 615d262..15d5c9d 100644
+index d784650..e8bfd69 100644
 --- a/drivers/char/hpet.c
 +++ b/drivers/char/hpet.c
 @@ -559,7 +559,7 @@ static inline unsigned long hpet_time_div(struct hpets *hpets,
@@ -34097,7 +33561,7 @@ index 053201b0..8335cce 100644
  	intf->proc_dir = NULL;
  
 diff --git a/drivers/char/ipmi/ipmi_si_intf.c b/drivers/char/ipmi/ipmi_si_intf.c
-index 1c7fdcd..4899100 100644
+index 0ac9b45..6179fb5 100644
 --- a/drivers/char/ipmi/ipmi_si_intf.c
 +++ b/drivers/char/ipmi/ipmi_si_intf.c
 @@ -275,7 +275,7 @@ struct smi_info {
@@ -34121,7 +33585,7 @@ index 1c7fdcd..4899100 100644
  
  #define SI_MAX_PARMS 4
  
-@@ -3225,7 +3225,7 @@ static int try_smi_init(struct smi_info *new_smi)
+@@ -3254,7 +3254,7 @@ static int try_smi_init(struct smi_info *new_smi)
  	atomic_set(&new_smi->req_events, 0);
  	new_smi->run_to_completion = 0;
  	for (i = 0; i < SI_NUM_STATS; i++)
@@ -34131,7 +33595,7 @@ index 1c7fdcd..4899100 100644
  	new_smi->interrupt_disabled = 1;
  	atomic_set(&new_smi->stop_operation, 0);
 diff --git a/drivers/char/mem.c b/drivers/char/mem.c
-index c6fa3bc..4ca3e42 100644
+index 2c644af..b867b3e 100644
 --- a/drivers/char/mem.c
 +++ b/drivers/char/mem.c
 @@ -18,6 +18,7 @@
@@ -34218,7 +33682,7 @@ index c6fa3bc..4ca3e42 100644
  	unsigned long p = *ppos;
 -	ssize_t low_count, read, sz;
 +	ssize_t low_count, read, sz, err = 0;
- 	char * kbuf; /* k-addr because vread() takes vmlist_lock rwlock */
+ 	char *kbuf; /* k-addr because vread() takes vmlist_lock rwlock */
 -	int err = 0;
  
  	read = 0;
@@ -34280,40 +33744,40 @@ index 9df78e2..01ba9ae 100644
  
  	*ppos = i;
 diff --git a/drivers/char/pcmcia/synclink_cs.c b/drivers/char/pcmcia/synclink_cs.c
-index b66eaa0..2619d1b 100644
+index 5c5cc00..ac9edb7 100644
 --- a/drivers/char/pcmcia/synclink_cs.c
 +++ b/drivers/char/pcmcia/synclink_cs.c
-@@ -2348,9 +2348,9 @@ static void mgslpc_close(struct tty_struct *tty, struct file * filp)
+@@ -2345,9 +2345,9 @@ static void mgslpc_close(struct tty_struct *tty, struct file * filp)
  
  	if (debug_level >= DEBUG_LEVEL_INFO)
  		printk("%s(%d):mgslpc_close(%s) entry, count=%d\n",
--			 __FILE__,__LINE__, info->device_name, port->count);
-+			 __FILE__,__LINE__, info->device_name, atomic_read(&port->count));
+-			 __FILE__, __LINE__, info->device_name, port->count);
++			 __FILE__, __LINE__, info->device_name, atomic_read(&port->count));
  
 -	WARN_ON(!port->count);
 +	WARN_ON(!atomic_read(&port->count));
  
  	if (tty_port_close_start(port, tty, filp) == 0)
  		goto cleanup;
-@@ -2368,7 +2368,7 @@ static void mgslpc_close(struct tty_struct *tty, struct file * filp)
+@@ -2365,7 +2365,7 @@ static void mgslpc_close(struct tty_struct *tty, struct file * filp)
  cleanup:
  	if (debug_level >= DEBUG_LEVEL_INFO)
- 		printk("%s(%d):mgslpc_close(%s) exit, count=%d\n", __FILE__,__LINE__,
+ 		printk("%s(%d):mgslpc_close(%s) exit, count=%d\n", __FILE__, __LINE__,
 -			tty->driver->name, port->count);
 +			tty->driver->name, atomic_read(&port->count));
  }
  
  /* Wait until the transmitter is empty.
-@@ -2510,7 +2510,7 @@ static int mgslpc_open(struct tty_struct *tty, struct file * filp)
+@@ -2507,7 +2507,7 @@ static int mgslpc_open(struct tty_struct *tty, struct file * filp)
  
  	if (debug_level >= DEBUG_LEVEL_INFO)
  		printk("%s(%d):mgslpc_open(%s), old ref count = %d\n",
--			 __FILE__,__LINE__,tty->driver->name, port->count);
-+			 __FILE__,__LINE__,tty->driver->name, atomic_read(&port->count));
+-			 __FILE__, __LINE__, tty->driver->name, port->count);
++			 __FILE__, __LINE__, tty->driver->name, atomic_read(&port->count));
  
  	/* If port is closing, signal caller to try again */
  	if (tty_hung_up_p(filp) || port->flags & ASYNC_CLOSING){
-@@ -2530,11 +2530,11 @@ static int mgslpc_open(struct tty_struct *tty, struct file * filp)
+@@ -2527,11 +2527,11 @@ static int mgslpc_open(struct tty_struct *tty, struct file * filp)
  		goto cleanup;
  	}
  	spin_lock(&port->lock);
@@ -34327,7 +33791,7 @@ index b66eaa0..2619d1b 100644
  		/* 1st open on this device, init hardware */
  		retval = startup(info, tty);
  		if (retval < 0)
-@@ -3889,7 +3889,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding,
+@@ -3920,7 +3920,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding,
  	unsigned short new_crctype;
  
  	/* return error if TTY interface open */
@@ -34336,7 +33800,7 @@ index b66eaa0..2619d1b 100644
  		return -EBUSY;
  
  	switch (encoding)
-@@ -3992,7 +3992,7 @@ static int hdlcdev_open(struct net_device *dev)
+@@ -4024,7 +4024,7 @@ static int hdlcdev_open(struct net_device *dev)
  
  	/* arbitrate between network and tty opens */
  	spin_lock_irqsave(&info->netlock, flags);
@@ -34345,8 +33809,8 @@ index b66eaa0..2619d1b 100644
  		printk(KERN_WARNING "%s: hdlc_open returning busy\n", dev->name);
  		spin_unlock_irqrestore(&info->netlock, flags);
  		return -EBUSY;
-@@ -4081,7 +4081,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
- 		printk("%s:hdlcdev_ioctl(%s)\n",__FILE__,dev->name);
+@@ -4114,7 +4114,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
+ 		printk("%s:hdlcdev_ioctl(%s)\n", __FILE__, dev->name);
  
  	/* return error if TTY interface open */
 -	if (info->port.count)
@@ -34355,7 +33819,7 @@ index b66eaa0..2619d1b 100644
  
  	if (cmd != SIOCWANDEV)
 diff --git a/drivers/char/random.c b/drivers/char/random.c
-index 57d4b15..253207b 100644
+index 32a6c57..e7f0f7b 100644
 --- a/drivers/char/random.c
 +++ b/drivers/char/random.c
 @@ -272,8 +272,13 @@
@@ -34429,7 +33893,7 @@ index 57d4b15..253207b 100644
  
  	uuid = table->data;
 diff --git a/drivers/char/sonypi.c b/drivers/char/sonypi.c
-index d780295..b29f3a8 100644
+index bf2349db..5456d53 100644
 --- a/drivers/char/sonypi.c
 +++ b/drivers/char/sonypi.c
 @@ -54,6 +54,7 @@
@@ -34470,21 +33934,8 @@ index d780295..b29f3a8 100644
  	mutex_unlock(&sonypi_device.lock);
  
  	return 0;
-diff --git a/drivers/char/tpm/tpm.c b/drivers/char/tpm/tpm.c
-index ba780b7..cdb8a9c 100644
---- a/drivers/char/tpm/tpm.c
-+++ b/drivers/char/tpm/tpm.c
-@@ -410,7 +410,7 @@ static ssize_t tpm_transmit(struct tpm_chip *chip, const char *buf,
- 		    chip->vendor.req_complete_val)
- 			goto out_recv;
- 
--		if ((status == chip->vendor.req_canceled)) {
-+		if (status == chip->vendor.req_canceled) {
- 			dev_err(chip->dev, "Operation Canceled\n");
- 			rc = -ECANCELED;
- 			goto out;
 diff --git a/drivers/char/tpm/tpm_acpi.c b/drivers/char/tpm/tpm_acpi.c
-index 56051d0..11cf3b7 100644
+index 64420b3..5c40b56 100644
 --- a/drivers/char/tpm/tpm_acpi.c
 +++ b/drivers/char/tpm/tpm_acpi.c
 @@ -98,11 +98,12 @@ int read_log(struct tpm_bios_log *log)
@@ -34534,10 +33985,10 @@ index 84ddc55..1d32f1e 100644
  	return 0;
  }
 diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c
-index a4b7aa0..2faa0bc 100644
+index ce5f3fc..e2d3e55 100644
 --- a/drivers/char/virtio_console.c
 +++ b/drivers/char/virtio_console.c
-@@ -685,7 +685,7 @@ static ssize_t fill_readbuf(struct port *port, char *out_buf, size_t out_count,
+@@ -679,7 +679,7 @@ static ssize_t fill_readbuf(struct port *port, char *out_buf, size_t out_count,
  	if (to_user) {
  		ssize_t ret;
  
@@ -34546,7 +33997,7 @@ index a4b7aa0..2faa0bc 100644
  		if (ret)
  			return -EFAULT;
  	} else {
-@@ -784,7 +784,7 @@ static ssize_t port_fops_read(struct file *filp, char __user *ubuf,
+@@ -778,7 +778,7 @@ static ssize_t port_fops_read(struct file *filp, char __user *ubuf,
  	if (!port_has_data(port) && !port->host_connected)
  		return 0;
  
@@ -34555,11 +34006,24 @@ index a4b7aa0..2faa0bc 100644
  }
  
  static int wait_port_writable(struct port *port, bool nonblock)
-diff --git a/drivers/clocksource/arm_generic.c b/drivers/clocksource/arm_generic.c
-index 8ae1a61..9c00613 100644
---- a/drivers/clocksource/arm_generic.c
-+++ b/drivers/clocksource/arm_generic.c
-@@ -181,7 +181,7 @@ static int __cpuinit arch_timer_cpu_notify(struct notifier_block *self,
+diff --git a/drivers/clocksource/arm_arch_timer.c b/drivers/clocksource/arm_arch_timer.c
+index d7ad425..3e3f81f 100644
+--- a/drivers/clocksource/arm_arch_timer.c
++++ b/drivers/clocksource/arm_arch_timer.c
+@@ -262,7 +262,7 @@ static int __cpuinit arch_timer_cpu_notify(struct notifier_block *self,
+ 	return NOTIFY_OK;
+ }
+ 
+-static struct notifier_block arch_timer_cpu_nb __cpuinitdata = {
++static struct notifier_block arch_timer_cpu_nb = {
+ 	.notifier_call = arch_timer_cpu_notify,
+ };
+ 
+diff --git a/drivers/clocksource/metag_generic.c b/drivers/clocksource/metag_generic.c
+index ade7513..069445f 100644
+--- a/drivers/clocksource/metag_generic.c
++++ b/drivers/clocksource/metag_generic.c
+@@ -169,7 +169,7 @@ static int __cpuinit arch_timer_cpu_notify(struct notifier_block *self,
  	return NOTIFY_OK;
  }
  
@@ -34569,7 +34033,7 @@ index 8ae1a61..9c00613 100644
  };
  
 diff --git a/drivers/cpufreq/acpi-cpufreq.c b/drivers/cpufreq/acpi-cpufreq.c
-index 7b0d49d..134fac9 100644
+index 57a8774..545e993 100644
 --- a/drivers/cpufreq/acpi-cpufreq.c
 +++ b/drivers/cpufreq/acpi-cpufreq.c
 @@ -172,7 +172,7 @@ static ssize_t show_global_boost(struct kobject *kobj,
@@ -34595,7 +34059,7 @@ index 7b0d49d..134fac9 100644
  
  	result = acpi_processor_register_performance(data->acpi_data, cpu);
  	if (result)
-@@ -835,7 +838,9 @@ static int acpi_cpufreq_cpu_init(struct cpufreq_policy *policy)
+@@ -839,7 +842,9 @@ static int acpi_cpufreq_cpu_init(struct cpufreq_policy *policy)
  		policy->cur = acpi_cpufreq_guess_freq(data, policy->cpu);
  		break;
  	case ACPI_ADR_SPACE_FIXED_HARDWARE:
@@ -34606,7 +34070,7 @@ index 7b0d49d..134fac9 100644
  		policy->cur = get_cur_freq_on_cpu(cpu);
  		break;
  	default:
-@@ -846,8 +851,11 @@ static int acpi_cpufreq_cpu_init(struct cpufreq_policy *policy)
+@@ -850,8 +855,11 @@ static int acpi_cpufreq_cpu_init(struct cpufreq_policy *policy)
  	acpi_processor_notify_smm(THIS_MODULE);
  
  	/* Check for APERF/MPERF support in hardware */
@@ -34621,10 +34085,10 @@ index 7b0d49d..134fac9 100644
  	pr_debug("CPU%u - ACPI performance management activated.\n", cpu);
  	for (i = 0; i < perf->state_count; i++)
 diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c
-index 1f93dbd..305cef1 100644
+index b02824d..51e44aa 100644
 --- a/drivers/cpufreq/cpufreq.c
 +++ b/drivers/cpufreq/cpufreq.c
-@@ -1843,7 +1843,7 @@ static int __cpuinit cpufreq_cpu_callback(struct notifier_block *nfb,
+@@ -1813,7 +1813,7 @@ static int __cpuinit cpufreq_cpu_callback(struct notifier_block *nfb,
  	return NOTIFY_OK;
  }
  
@@ -34633,7 +34097,7 @@ index 1f93dbd..305cef1 100644
      .notifier_call = cpufreq_cpu_callback,
  };
  
-@@ -1875,8 +1875,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data)
+@@ -1845,8 +1845,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data)
  
  	pr_debug("trying to register driver %s\n", driver_data->name);
  
@@ -34648,47 +34112,22 @@ index 1f93dbd..305cef1 100644
  	spin_lock_irqsave(&cpufreq_driver_lock, flags);
  	if (cpufreq_driver) {
 diff --git a/drivers/cpufreq/cpufreq_governor.c b/drivers/cpufreq/cpufreq_governor.c
-index 6c5f1d3..c7e2f35e 100644
+index 5a76086..0f4d394 100644
 --- a/drivers/cpufreq/cpufreq_governor.c
 +++ b/drivers/cpufreq/cpufreq_governor.c
-@@ -243,7 +243,7 @@ int cpufreq_governor_dbs(struct dbs_data *dbs_data,
- 		 * governor, thus we are bound to jiffes/HZ
- 		 */
- 		if (dbs_data->governor == GOV_CONSERVATIVE) {
--			struct cs_ops *ops = dbs_data->gov_ops;
-+			const struct cs_ops *ops = dbs_data->gov_ops;
- 
- 			cpufreq_register_notifier(ops->notifier_block,
- 					CPUFREQ_TRANSITION_NOTIFIER);
-@@ -251,7 +251,7 @@ int cpufreq_governor_dbs(struct dbs_data *dbs_data,
- 			dbs_data->min_sampling_rate = MIN_SAMPLING_RATE_RATIO *
- 				jiffies_to_usecs(10);
- 		} else {
--			struct od_ops *ops = dbs_data->gov_ops;
-+			const struct od_ops *ops = dbs_data->gov_ops;
- 
- 			od_tuners->io_is_busy = ops->io_busy();
- 		}
-@@ -268,7 +268,7 @@ second_time:
- 			cs_dbs_info->enable = 1;
- 			cs_dbs_info->requested_freq = policy->cur;
- 		} else {
--			struct od_ops *ops = dbs_data->gov_ops;
-+			const struct od_ops *ops = dbs_data->gov_ops;
- 			od_dbs_info->rate_mult = 1;
- 			od_dbs_info->sample_type = OD_NORMAL_SAMPLE;
- 			ops->powersave_bias_init_cpu(cpu);
-@@ -289,7 +289,7 @@ second_time:
- 		mutex_destroy(&cpu_cdbs->timer_mutex);
- 		dbs_data->enable--;
- 		if (!dbs_data->enable) {
--			struct cs_ops *ops = dbs_data->gov_ops;
-+			const struct cs_ops *ops = dbs_data->gov_ops;
- 
- 			sysfs_remove_group(cpufreq_global_kobject,
- 					dbs_data->attr_group);
+@@ -201,8 +201,8 @@ int cpufreq_governor_dbs(struct dbs_data *dbs_data,
+ {
+ 	struct od_cpu_dbs_info_s *od_dbs_info = NULL;
+ 	struct cs_cpu_dbs_info_s *cs_dbs_info = NULL;
+-	struct cs_ops *cs_ops = NULL;
+-	struct od_ops *od_ops = NULL;
++	const struct cs_ops *cs_ops = NULL;
++	const struct od_ops *od_ops = NULL;
+ 	struct od_dbs_tuners *od_tuners = dbs_data->tuners;
+ 	struct cs_dbs_tuners *cs_tuners = dbs_data->tuners;
+ 	struct cpu_dbs_common_info *cpu_cdbs;
 diff --git a/drivers/cpufreq/cpufreq_governor.h b/drivers/cpufreq/cpufreq_governor.h
-index f661654..6c8e638 100644
+index cc4bd2f..ad142bc 100644
 --- a/drivers/cpufreq/cpufreq_governor.h
 +++ b/drivers/cpufreq/cpufreq_governor.h
 @@ -142,7 +142,7 @@ struct dbs_data {
@@ -34701,10 +34140,10 @@ index f661654..6c8e638 100644
  
  /* Governor specific ops, will be passed to dbs_data->gov_ops */
 diff --git a/drivers/cpufreq/cpufreq_stats.c b/drivers/cpufreq/cpufreq_stats.c
-index 9d7732b..0b1a793 100644
+index bfd6273..e39dd63 100644
 --- a/drivers/cpufreq/cpufreq_stats.c
 +++ b/drivers/cpufreq/cpufreq_stats.c
-@@ -340,7 +340,7 @@ static int __cpuinit cpufreq_stat_cpu_callback(struct notifier_block *nfb,
+@@ -365,7 +365,7 @@ static int __cpuinit cpufreq_stat_cpu_callback(struct notifier_block *nfb,
  }
  
  /* priority=1 so this will get called before cpufreq_remove_dev */
@@ -34764,10 +34203,10 @@ index 3a953d5..f5993f6 100644
  	if (policy->cpu != 0)
  		return -ENODEV;
 diff --git a/drivers/cpuidle/cpuidle.c b/drivers/cpuidle/cpuidle.c
-index e1f6860..f8de20b 100644
+index eba6929..0f53baf 100644
 --- a/drivers/cpuidle/cpuidle.c
 +++ b/drivers/cpuidle/cpuidle.c
-@@ -279,7 +279,7 @@ static int poll_idle(struct cpuidle_device *dev,
+@@ -277,7 +277,7 @@ static int poll_idle(struct cpuidle_device *dev,
  
  static void poll_idle_init(struct cpuidle_driver *drv)
  {
@@ -34847,7 +34286,7 @@ index b70709b..1d8d02a 100644
  
  	/* Run before NMI debug handler and KGDB */
 diff --git a/drivers/edac/edac_mc_sysfs.c b/drivers/edac/edac_mc_sysfs.c
-index 0ca1ca7..6e6f454 100644
+index 769d92e..a3dcc1e 100644
 --- a/drivers/edac/edac_mc_sysfs.c
 +++ b/drivers/edac/edac_mc_sysfs.c
 @@ -148,7 +148,7 @@ static const char *edac_caps[] = {
@@ -34859,8 +34298,29 @@ index 0ca1ca7..6e6f454 100644
  
  #define DEVICE_CHANNEL(_name, _mode, _show, _store, _var) \
  	struct dev_ch_attribute dev_attr_legacy_##_name = \
+@@ -1003,14 +1003,16 @@ int edac_create_sysfs_mci_device(struct mem_ctl_info *mci)
+ 	}
+ 
+ 	if (mci->set_sdram_scrub_rate || mci->get_sdram_scrub_rate) {
++		pax_open_kernel();
+ 		if (mci->get_sdram_scrub_rate) {
+-			dev_attr_sdram_scrub_rate.attr.mode |= S_IRUGO;
+-			dev_attr_sdram_scrub_rate.show = &mci_sdram_scrub_rate_show;
++			*(umode_t *)&dev_attr_sdram_scrub_rate.attr.mode |= S_IRUGO;
++			*(void **)&dev_attr_sdram_scrub_rate.show = &mci_sdram_scrub_rate_show;
+ 		}
+ 		if (mci->set_sdram_scrub_rate) {
+-			dev_attr_sdram_scrub_rate.attr.mode |= S_IWUSR;
+-			dev_attr_sdram_scrub_rate.store = &mci_sdram_scrub_rate_store;
++			*(umode_t *)&dev_attr_sdram_scrub_rate.attr.mode |= S_IWUSR;
++			*(void **)&dev_attr_sdram_scrub_rate.store = &mci_sdram_scrub_rate_store;
+ 		}
++		pax_close_kernel();
+ 		err = device_create_file(&mci->dev,
+ 					 &dev_attr_sdram_scrub_rate);
+ 		if (err) {
 diff --git a/drivers/edac/edac_pci_sysfs.c b/drivers/edac/edac_pci_sysfs.c
-index 0056c4d..23b54d9 100644
+index e8658e4..22746d6 100644
 --- a/drivers/edac/edac_pci_sysfs.c
 +++ b/drivers/edac/edac_pci_sysfs.c
 @@ -26,8 +26,8 @@ static int edac_pci_log_pe = 1;		/* log PCI parity errors */
@@ -34956,13 +34416,13 @@ index 0056c4d..23b54d9 100644
  	}
  }
 diff --git a/drivers/edac/mce_amd.h b/drivers/edac/mce_amd.h
-index 6796799..99e8377 100644
+index 51b7e3a..aa8a3e8 100644
 --- a/drivers/edac/mce_amd.h
 +++ b/drivers/edac/mce_amd.h
-@@ -78,7 +78,7 @@ extern const char * const ii_msgs[];
- struct amd_decoder_ops {
+@@ -77,7 +77,7 @@ struct amd_decoder_ops {
  	bool (*mc0_mce)(u16, u8);
  	bool (*mc1_mce)(u16, u8);
+ 	bool (*mc2_mce)(u16, u8);
 -};
 +} __no_const;
  
@@ -34982,10 +34442,10 @@ index 57ea7f4..789e3c3 100644
  	card->driver->update_phy_reg(card, 4,
  				     PHY_LINK_ACTIVE | PHY_CONTENDER, 0);
 diff --git a/drivers/firewire/core-cdev.c b/drivers/firewire/core-cdev.c
-index f8d2287..5aaf4db 100644
+index 27ac423..13573e8 100644
 --- a/drivers/firewire/core-cdev.c
 +++ b/drivers/firewire/core-cdev.c
-@@ -1365,8 +1365,7 @@ static int init_iso_resource(struct client *client,
+@@ -1366,8 +1366,7 @@ static int init_iso_resource(struct client *client,
  	int ret;
  
  	if ((request->channels == 0 && request->bandwidth == 0) ||
@@ -34996,7 +34456,7 @@ index f8d2287..5aaf4db 100644
  
  	r  = kmalloc(sizeof(*r), GFP_KERNEL);
 diff --git a/drivers/firewire/core-device.c b/drivers/firewire/core-device.c
-index af3e8aa..eb2f227 100644
+index 03ce7d9..b70f5da 100644
 --- a/drivers/firewire/core-device.c
 +++ b/drivers/firewire/core-device.c
 @@ -232,7 +232,7 @@ EXPORT_SYMBOL(fw_device_enable_phys_dma);
@@ -35071,10 +34531,10 @@ index 4cd392d..4b629e1 100644
  	iounmap(buf);
  	return 0;
 diff --git a/drivers/firmware/efivars.c b/drivers/firmware/efivars.c
-index b07cb37..2a51037 100644
+index f4baa11..7970c3a 100644
 --- a/drivers/firmware/efivars.c
 +++ b/drivers/firmware/efivars.c
-@@ -138,7 +138,7 @@ struct efivar_attribute {
+@@ -139,7 +139,7 @@ struct efivar_attribute {
  };
  
  static struct efivars __efivars;
@@ -35083,7 +34543,7 @@ index b07cb37..2a51037 100644
  
  #define PSTORE_EFI_ATTRIBUTES \
  	(EFI_VARIABLE_NON_VOLATILE | \
-@@ -1834,7 +1834,7 @@ efivar_create_sysfs_entry(struct efivars *efivars,
+@@ -1844,7 +1844,7 @@ efivar_create_sysfs_entry(struct efivars *efivars,
  static int
  create_efivars_bin_attributes(struct efivars *efivars)
  {
@@ -35108,7 +34568,7 @@ index 2a90ba6..07f3733 100644
  	ret = sysfs_create_bin_file(firmware_kobj, &memconsole_bin_attr);
  
 diff --git a/drivers/gpio/gpio-ich.c b/drivers/gpio/gpio-ich.c
-index 6f2306d..af9476a 100644
+index de3c317..b7cd029 100644
 --- a/drivers/gpio/gpio-ich.c
 +++ b/drivers/gpio/gpio-ich.c
 @@ -69,7 +69,7 @@ struct ichx_desc {
@@ -35147,10 +34607,10 @@ index 7b2d378..cc947ea 100644
  	dev = crtc->dev;
  
 diff --git a/drivers/gpu/drm/drm_drv.c b/drivers/gpu/drm/drm_drv.c
-index be174ca..7f38143 100644
+index 25f91cd..a376f55 100644
 --- a/drivers/gpu/drm/drm_drv.c
 +++ b/drivers/gpu/drm/drm_drv.c
-@@ -307,7 +307,7 @@ module_exit(drm_core_exit);
+@@ -306,7 +306,7 @@ module_exit(drm_core_exit);
  /**
   * Copy and IOCTL return string to user space
   */
@@ -35159,7 +34619,7 @@ index be174ca..7f38143 100644
  {
  	int len;
  
-@@ -377,7 +377,7 @@ long drm_ioctl(struct file *filp,
+@@ -376,7 +376,7 @@ long drm_ioctl(struct file *filp,
  	struct drm_file *file_priv = filp->private_data;
  	struct drm_device *dev;
  	struct drm_ioctl_desc *ioctl;
@@ -35168,7 +34628,7 @@ index be174ca..7f38143 100644
  	unsigned int nr = DRM_IOCTL_NR(cmd);
  	int retcode = -EINVAL;
  	char stack_kdata[128];
-@@ -390,7 +390,7 @@ long drm_ioctl(struct file *filp,
+@@ -389,7 +389,7 @@ long drm_ioctl(struct file *filp,
  		return -ENODEV;
  
  	atomic_inc(&dev->ioctl_count);
@@ -35178,7 +34638,7 @@ index be174ca..7f38143 100644
  
  	DRM_DEBUG("pid=%d, cmd=0x%02x, nr=0x%02x, dev 0x%lx, auth=%d\n",
 diff --git a/drivers/gpu/drm/drm_fops.c b/drivers/gpu/drm/drm_fops.c
-index 32d7775..c8be5e1 100644
+index 429e07d..e681a2c 100644
 --- a/drivers/gpu/drm/drm_fops.c
 +++ b/drivers/gpu/drm/drm_fops.c
 @@ -71,7 +71,7 @@ static int drm_setup(struct drm_device * dev)
@@ -35217,7 +34677,7 @@ index 32d7775..c8be5e1 100644
  	return retcode;
  }
  EXPORT_SYMBOL(drm_open);
-@@ -440,7 +440,7 @@ int drm_release(struct inode *inode, struct file *filp)
+@@ -441,7 +441,7 @@ int drm_release(struct inode *inode, struct file *filp)
  
  	mutex_lock(&drm_global_mutex);
  
@@ -35226,7 +34686,7 @@ index 32d7775..c8be5e1 100644
  
  	if (dev->driver->preclose)
  		dev->driver->preclose(dev, file_priv);
-@@ -449,10 +449,10 @@ int drm_release(struct inode *inode, struct file *filp)
+@@ -450,10 +450,10 @@ int drm_release(struct inode *inode, struct file *filp)
  	 * Begin inline drm_release
  	 */
  
@@ -35239,7 +34699,7 @@ index 32d7775..c8be5e1 100644
  
  	/* Release any auth tokens that might point to this file_priv,
  	   (do that under the drm_global_mutex) */
-@@ -549,8 +549,8 @@ int drm_release(struct inode *inode, struct file *filp)
+@@ -550,8 +550,8 @@ int drm_release(struct inode *inode, struct file *filp)
  	 * End inline drm_release
  	 */
  
@@ -35443,10 +34903,10 @@ index d752c96..fe08455 100644
  	if (drm_lock_free(&master->lock, lock->context)) {
  		/* FIXME: Should really bail out here. */
 diff --git a/drivers/gpu/drm/drm_stub.c b/drivers/gpu/drm/drm_stub.c
-index 200e104..59facda 100644
+index 7d30802..42c6cbb 100644
 --- a/drivers/gpu/drm/drm_stub.c
 +++ b/drivers/gpu/drm/drm_stub.c
-@@ -516,7 +516,7 @@ void drm_unplug_dev(struct drm_device *dev)
+@@ -501,7 +501,7 @@ void drm_unplug_dev(struct drm_device *dev)
  
  	drm_device_set_unplugged(dev);
  
@@ -35497,10 +34957,10 @@ index 6e0acad..93c8289 100644
  	int front_offset;
  } drm_i810_private_t;
 diff --git a/drivers/gpu/drm/i915/i915_debugfs.c b/drivers/gpu/drm/i915/i915_debugfs.c
-index 261efc8e..27af8a5 100644
+index 7299ea4..5314487 100644
 --- a/drivers/gpu/drm/i915/i915_debugfs.c
 +++ b/drivers/gpu/drm/i915/i915_debugfs.c
-@@ -496,7 +496,7 @@ static int i915_interrupt_info(struct seq_file *m, void *data)
+@@ -499,7 +499,7 @@ static int i915_interrupt_info(struct seq_file *m, void *data)
  			   I915_READ(GTIMR));
  	}
  	seq_printf(m, "Interrupts received: %d\n",
@@ -35510,10 +34970,10 @@ index 261efc8e..27af8a5 100644
  		if (IS_GEN6(dev) || IS_GEN7(dev)) {
  			seq_printf(m,
 diff --git a/drivers/gpu/drm/i915/i915_dma.c b/drivers/gpu/drm/i915/i915_dma.c
-index 99daa89..84ebd44 100644
+index 4fa6beb..f930fec 100644
 --- a/drivers/gpu/drm/i915/i915_dma.c
 +++ b/drivers/gpu/drm/i915/i915_dma.c
-@@ -1253,7 +1253,7 @@ static bool i915_switcheroo_can_switch(struct pci_dev *pdev)
+@@ -1259,7 +1259,7 @@ static bool i915_switcheroo_can_switch(struct pci_dev *pdev)
  	bool can_switch;
  
  	spin_lock(&dev->count_lock);
@@ -35523,10 +34983,10 @@ index 99daa89..84ebd44 100644
  	return can_switch;
  }
 diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h
-index 7339a4b..445aaba 100644
+index ef99b1c..09ce7fb 100644
 --- a/drivers/gpu/drm/i915/i915_drv.h
 +++ b/drivers/gpu/drm/i915/i915_drv.h
-@@ -656,7 +656,7 @@ typedef struct drm_i915_private {
+@@ -893,7 +893,7 @@ typedef struct drm_i915_private {
  	drm_dma_handle_t *status_page_dmah;
  	struct resource mch_res;
  
@@ -35535,16 +34995,7 @@ index 7339a4b..445aaba 100644
  
  	/* protects the irq masks */
  	spinlock_t irq_lock;
-@@ -1102,7 +1102,7 @@ struct drm_i915_gem_object {
- 	 * will be page flipped away on the next vblank.  When it
- 	 * reaches 0, dev_priv->pending_flip_queue will be woken up.
- 	 */
--	atomic_t pending_flip;
-+	atomic_unchecked_t pending_flip;
- };
- #define to_gem_object(obj) (&((struct drm_i915_gem_object *)(obj))->base)
- 
-@@ -1633,7 +1633,7 @@ extern struct i2c_adapter *intel_gmbus_get_adapter(
+@@ -1775,7 +1775,7 @@ extern struct i2c_adapter *intel_gmbus_get_adapter(
  		struct drm_i915_private *dev_priv, unsigned port);
  extern void intel_gmbus_set_speed(struct i2c_adapter *adapter, int speed);
  extern void intel_gmbus_force_bit(struct i2c_adapter *adapter, bool force_bit);
@@ -35554,19 +35005,10 @@ index 7339a4b..445aaba 100644
  	return container_of(adapter, struct intel_gmbus, adapter)->force_bit;
  }
 diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
-index ba8805a..39d5330 100644
+index 9a48e1a..f0cbc3e 100644
 --- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c
 +++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
-@@ -672,7 +672,7 @@ i915_gem_execbuffer_move_to_gpu(struct intel_ring_buffer *ring,
- 			i915_gem_clflush_object(obj);
- 
- 		if (obj->base.pending_write_domain)
--			flips |= atomic_read(&obj->pending_flip);
-+			flips |= atomic_read_unchecked(&obj->pending_flip);
- 
- 		flush_domains |= obj->base.write_domain;
- 	}
-@@ -703,9 +703,9 @@ i915_gem_check_execbuffer(struct drm_i915_gem_execbuffer2 *exec)
+@@ -729,9 +729,9 @@ i915_gem_check_execbuffer(struct drm_i915_gem_execbuffer2 *exec)
  
  static int
  validate_exec_list(struct drm_i915_gem_exec_object2 *exec,
@@ -35578,7 +35020,7 @@ index ba8805a..39d5330 100644
  	int relocs_total = 0;
  	int relocs_max = INT_MAX / sizeof(struct drm_i915_gem_relocation_entry);
  
-@@ -1202,7 +1202,7 @@ i915_gem_execbuffer2(struct drm_device *dev, void *data,
+@@ -1195,7 +1195,7 @@ i915_gem_execbuffer2(struct drm_device *dev, void *data,
  		return -ENOMEM;
  	}
  	ret = copy_from_user(exec2_list,
@@ -35623,19 +35065,19 @@ index 3c59584..500f2e9 100644
  
  	return ret;
 diff --git a/drivers/gpu/drm/i915/i915_irq.c b/drivers/gpu/drm/i915/i915_irq.c
-index fe84338..a863190 100644
+index 3c7bb04..182e049 100644
 --- a/drivers/gpu/drm/i915/i915_irq.c
 +++ b/drivers/gpu/drm/i915/i915_irq.c
-@@ -535,7 +535,7 @@ static irqreturn_t valleyview_irq_handler(int irq, void *arg)
+@@ -549,7 +549,7 @@ static irqreturn_t valleyview_irq_handler(int irq, void *arg)
+ 	int pipe;
  	u32 pipe_stats[I915_MAX_PIPES];
- 	bool blc_event;
  
 -	atomic_inc(&dev_priv->irq_received);
 +	atomic_inc_unchecked(&dev_priv->irq_received);
  
  	while (true) {
  		iir = I915_READ(VLV_IIR);
-@@ -688,7 +688,7 @@ static irqreturn_t ivybridge_irq_handler(int irq, void *arg)
+@@ -705,7 +705,7 @@ static irqreturn_t ivybridge_irq_handler(int irq, void *arg)
  	irqreturn_t ret = IRQ_NONE;
  	int i;
  
@@ -35644,16 +35086,16 @@ index fe84338..a863190 100644
  
  	/* disable master interrupt before clearing iir  */
  	de_ier = I915_READ(DEIER);
-@@ -760,7 +760,7 @@ static irqreturn_t ironlake_irq_handler(int irq, void *arg)
+@@ -791,7 +791,7 @@ static irqreturn_t ironlake_irq_handler(int irq, void *arg)
  	int ret = IRQ_NONE;
- 	u32 de_iir, gt_iir, de_ier, pch_iir, pm_iir;
+ 	u32 de_iir, gt_iir, de_ier, pm_iir, sde_ier;
  
 -	atomic_inc(&dev_priv->irq_received);
 +	atomic_inc_unchecked(&dev_priv->irq_received);
  
  	/* disable master interrupt before clearing iir  */
  	de_ier = I915_READ(DEIER);
-@@ -1787,7 +1787,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev)
+@@ -1886,7 +1886,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev)
  {
  	drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
  
@@ -35662,7 +35104,7 @@ index fe84338..a863190 100644
  
  	I915_WRITE(HWSTAM, 0xeffe);
  
-@@ -1813,7 +1813,7 @@ static void valleyview_irq_preinstall(struct drm_device *dev)
+@@ -1912,7 +1912,7 @@ static void valleyview_irq_preinstall(struct drm_device *dev)
  	drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
  	int pipe;
  
@@ -35671,7 +35113,7 @@ index fe84338..a863190 100644
  
  	/* VLV magic */
  	I915_WRITE(VLV_IMR, 0);
-@@ -2108,7 +2108,7 @@ static void i8xx_irq_preinstall(struct drm_device * dev)
+@@ -2208,7 +2208,7 @@ static void i8xx_irq_preinstall(struct drm_device * dev)
  	drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
  	int pipe;
  
@@ -35680,7 +35122,7 @@ index fe84338..a863190 100644
  
  	for_each_pipe(pipe)
  		I915_WRITE(PIPESTAT(pipe), 0);
-@@ -2159,7 +2159,7 @@ static irqreturn_t i8xx_irq_handler(int irq, void *arg)
+@@ -2259,7 +2259,7 @@ static irqreturn_t i8xx_irq_handler(int irq, void *arg)
  		I915_DISPLAY_PLANE_A_FLIP_PENDING_INTERRUPT |
  		I915_DISPLAY_PLANE_B_FLIP_PENDING_INTERRUPT;
  
@@ -35689,7 +35131,7 @@ index fe84338..a863190 100644
  
  	iir = I915_READ16(IIR);
  	if (iir == 0)
-@@ -2244,7 +2244,7 @@ static void i915_irq_preinstall(struct drm_device * dev)
+@@ -2344,7 +2344,7 @@ static void i915_irq_preinstall(struct drm_device * dev)
  	drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
  	int pipe;
  
@@ -35698,7 +35140,7 @@ index fe84338..a863190 100644
  
  	if (I915_HAS_HOTPLUG(dev)) {
  		I915_WRITE(PORT_HOTPLUG_EN, 0);
-@@ -2339,7 +2339,7 @@ static irqreturn_t i915_irq_handler(int irq, void *arg)
+@@ -2448,7 +2448,7 @@ static irqreturn_t i915_irq_handler(int irq, void *arg)
  	};
  	int pipe, ret = IRQ_NONE;
  
@@ -35707,7 +35149,7 @@ index fe84338..a863190 100644
  
  	iir = I915_READ(IIR);
  	do {
-@@ -2465,7 +2465,7 @@ static void i965_irq_preinstall(struct drm_device * dev)
+@@ -2574,7 +2574,7 @@ static void i965_irq_preinstall(struct drm_device * dev)
  	drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
  	int pipe;
  
@@ -35716,7 +35158,7 @@ index fe84338..a863190 100644
  
  	I915_WRITE(PORT_HOTPLUG_EN, 0);
  	I915_WRITE(PORT_HOTPLUG_STAT, I915_READ(PORT_HOTPLUG_STAT));
-@@ -2572,7 +2572,7 @@ static irqreturn_t i965_irq_handler(int irq, void *arg)
+@@ -2690,7 +2690,7 @@ static irqreturn_t i965_irq_handler(int irq, void *arg)
  	int irq_received;
  	int ret = IRQ_NONE, pipe;
  
@@ -35726,47 +35168,10 @@ index fe84338..a863190 100644
  	iir = I915_READ(IIR);
  
 diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
-index d3f834a..0ad1b37 100644
+index c2d173a..f4357cc 100644
 --- a/drivers/gpu/drm/i915/intel_display.c
 +++ b/drivers/gpu/drm/i915/intel_display.c
-@@ -2255,7 +2255,7 @@ intel_finish_fb(struct drm_framebuffer *old_fb)
- 
- 	wait_event(dev_priv->pending_flip_queue,
- 		   atomic_read(&dev_priv->mm.wedged) ||
--		   atomic_read(&obj->pending_flip) == 0);
-+		   atomic_read_unchecked(&obj->pending_flip) == 0);
- 
- 	/* Big Hammer, we also need to ensure that any pending
- 	 * MI_WAIT_FOR_EVENT inside a user batch buffer on the
-@@ -7122,8 +7122,7 @@ static void do_intel_finish_page_flip(struct drm_device *dev,
- 
- 	obj = work->old_fb_obj;
- 
--	atomic_clear_mask(1 << intel_crtc->plane,
--			  &obj->pending_flip.counter);
-+	atomic_clear_mask_unchecked(1 << intel_crtc->plane, &obj->pending_flip);
- 	wake_up(&dev_priv->pending_flip_queue);
- 
- 	queue_work(dev_priv->wq, &work->work);
-@@ -7486,7 +7485,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc,
- 	/* Block clients from rendering to the new back buffer until
- 	 * the flip occurs and the object is no longer visible.
- 	 */
--	atomic_add(1 << intel_crtc->plane, &work->old_fb_obj->pending_flip);
-+	atomic_add_unchecked(1 << intel_crtc->plane, &work->old_fb_obj->pending_flip);
- 	atomic_inc(&intel_crtc->unpin_work_count);
- 
- 	ret = dev_priv->display.queue_flip(dev, crtc, fb, obj);
-@@ -7504,7 +7503,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc,
- cleanup_pending:
- 	atomic_dec(&intel_crtc->unpin_work_count);
- 	crtc->fb = old_fb;
--	atomic_sub(1 << intel_crtc->plane, &work->old_fb_obj->pending_flip);
-+	atomic_sub_unchecked(1 << intel_crtc->plane, &work->old_fb_obj->pending_flip);
- 	drm_gem_object_unreference(&work->old_fb_obj->base);
- 	drm_gem_object_unreference(&obj->base);
- 	mutex_unlock(&dev->struct_mutex);
-@@ -8846,13 +8845,13 @@ struct intel_quirk {
+@@ -8722,13 +8722,13 @@ struct intel_quirk {
  	int subsystem_vendor;
  	int subsystem_device;
  	void (*hook)(struct drm_device *dev);
@@ -35782,22 +35187,12 @@ index d3f834a..0ad1b37 100644
  
  static int intel_dmi_reverse_brightness(const struct dmi_system_id *id)
  {
-@@ -8860,18 +8859,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id)
+@@ -8736,18 +8736,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id)
  	return 1;
  }
  
+-static const struct intel_dmi_quirk intel_dmi_quirks[] = {
 +static const struct dmi_system_id intel_dmi_quirks_table[] = {
-+	{
-+		.callback = intel_dmi_reverse_brightness,
-+		.ident = "NCR Corporation",
-+		.matches = {DMI_MATCH(DMI_SYS_VENDOR, "NCR Corporation"),
-+			    DMI_MATCH(DMI_PRODUCT_NAME, ""),
-+		},
-+	},
-+	{ }  /* terminating entry */
-+};
-+
- static const struct intel_dmi_quirk intel_dmi_quirks[] = {
  	{
 -		.dmi_id_list = &(const struct dmi_system_id[]) {
 -			{
@@ -35808,7 +35203,17 @@ index d3f834a..0ad1b37 100644
 -				},
 -			},
 -			{ }  /* terminating entry */
--		},
++		.callback = intel_dmi_reverse_brightness,
++		.ident = "NCR Corporation",
++		.matches = {DMI_MATCH(DMI_SYS_VENDOR, "NCR Corporation"),
++			    DMI_MATCH(DMI_PRODUCT_NAME, ""),
+ 		},
++	},
++	{ }  /* terminating entry */
++};
++
++static const struct intel_dmi_quirk intel_dmi_quirks[] = {
++	{
 +		.dmi_id_list = &intel_dmi_quirks_table,
  		.hook = quirk_invert_brightness,
  	},
@@ -35905,10 +35310,10 @@ index 598c281..60d590e 100644
  
  	*sequence = cur_fence;
 diff --git a/drivers/gpu/drm/nouveau/nouveau_bios.c b/drivers/gpu/drm/nouveau/nouveau_bios.c
-index 865eddf..62c4cc3 100644
+index 50a6dd0..ea66ed8 100644
 --- a/drivers/gpu/drm/nouveau/nouveau_bios.c
 +++ b/drivers/gpu/drm/nouveau/nouveau_bios.c
-@@ -1015,7 +1015,7 @@ static int parse_bit_tmds_tbl_entry(struct drm_device *dev, struct nvbios *bios,
+@@ -965,7 +965,7 @@ static int parse_bit_tmds_tbl_entry(struct drm_device *dev, struct nvbios *bios,
  struct bit_table {
  	const char id;
  	int (* const parse_fn)(struct drm_device *, struct nvbios *, struct bit_entry *);
@@ -35918,10 +35323,10 @@ index 865eddf..62c4cc3 100644
  #define BIT_TABLE(id, funcid) ((struct bit_table){ id, parse_bit_##funcid##_tbl_entry })
  
 diff --git a/drivers/gpu/drm/nouveau/nouveau_drm.h b/drivers/gpu/drm/nouveau/nouveau_drm.h
-index aa89eb9..d45d38b 100644
+index 9c39baf..30a22be 100644
 --- a/drivers/gpu/drm/nouveau/nouveau_drm.h
 +++ b/drivers/gpu/drm/nouveau/nouveau_drm.h
-@@ -80,7 +80,7 @@ struct nouveau_drm {
+@@ -81,7 +81,7 @@ struct nouveau_drm {
  		struct drm_global_reference mem_global_ref;
  		struct ttm_bo_global_ref bo_global_ref;
  		struct ttm_bo_device bdev;
@@ -35930,32 +35335,28 @@ index aa89eb9..d45d38b 100644
  		int (*move)(struct nouveau_channel *,
  			    struct ttm_buffer_object *,
  			    struct ttm_mem_reg *, struct ttm_mem_reg *);
-diff --git a/drivers/gpu/drm/nouveau/nouveau_fence.h b/drivers/gpu/drm/nouveau/nouveau_fence.h
-index cdb83ac..27f0a16 100644
---- a/drivers/gpu/drm/nouveau/nouveau_fence.h
-+++ b/drivers/gpu/drm/nouveau/nouveau_fence.h
-@@ -43,7 +43,7 @@ struct nouveau_fence_priv {
- 	int  (*sync)(struct nouveau_fence *, struct nouveau_channel *,
- 		     struct nouveau_channel *);
- 	u32  (*read)(struct nouveau_channel *);
--};
-+} __no_const;
- 
- #define nouveau_fence(drm) ((struct nouveau_fence_priv *)(drm)->fence)
- 
 diff --git a/drivers/gpu/drm/nouveau/nouveau_gem.c b/drivers/gpu/drm/nouveau/nouveau_gem.c
-index 8bf695c..9fbc90a 100644
+index b4b4d0c..b7edc15 100644
 --- a/drivers/gpu/drm/nouveau/nouveau_gem.c
 +++ b/drivers/gpu/drm/nouveau/nouveau_gem.c
-@@ -321,7 +321,7 @@ validate_init(struct nouveau_channel *chan, struct drm_file *file_priv,
- 	int trycnt = 0;
+@@ -322,7 +322,7 @@ validate_init(struct nouveau_channel *chan, struct drm_file *file_priv,
  	int ret, i;
+ 	struct nouveau_bo *res_bo = NULL;
  
 -	sequence = atomic_add_return(1, &drm->ttm.validate_sequence);
 +	sequence = atomic_add_return_unchecked(1, &drm->ttm.validate_sequence);
  retry:
  	if (++trycnt > 100000) {
- 		NV_ERROR(drm, "%s failed and gave up.\n", __func__);
+ 		NV_ERROR(cli, "%s failed and gave up.\n", __func__);
+@@ -359,7 +359,7 @@ retry:
+ 		if (ret) {
+ 			validate_fini(op, NULL);
+ 			if (unlikely(ret == -EAGAIN)) {
+-				sequence = atomic_add_return(1, &drm->ttm.validate_sequence);
++				sequence = atomic_add_return_unchecked(1, &drm->ttm.validate_sequence);
+ 				ret = ttm_bo_reserve_slowpath(&nvbo->bo, true,
+ 							      sequence);
+ 				if (!ret)
 diff --git a/drivers/gpu/drm/nouveau/nouveau_ioc32.c b/drivers/gpu/drm/nouveau/nouveau_ioc32.c
 index 08214bc..9208577 100644
 --- a/drivers/gpu/drm/nouveau/nouveau_ioc32.c
@@ -36112,10 +35513,10 @@ index 5a82b6b..9e69c73 100644
  	if (regcomp
  	    (&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) {
 diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c
-index 0d6562b..a154330 100644
+index 44b8034..cc722fd 100644
 --- a/drivers/gpu/drm/radeon/radeon_device.c
 +++ b/drivers/gpu/drm/radeon/radeon_device.c
-@@ -969,7 +969,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev)
+@@ -977,7 +977,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev)
  	bool can_switch;
  
  	spin_lock(&dev->count_lock);
@@ -36125,10 +35526,10 @@ index 0d6562b..a154330 100644
  	return can_switch;
  }
 diff --git a/drivers/gpu/drm/radeon/radeon_drv.h b/drivers/gpu/drm/radeon/radeon_drv.h
-index e7fdf16..f4f6490 100644
+index b369d42..8dd04eb 100644
 --- a/drivers/gpu/drm/radeon/radeon_drv.h
 +++ b/drivers/gpu/drm/radeon/radeon_drv.h
-@@ -255,7 +255,7 @@ typedef struct drm_radeon_private {
+@@ -258,7 +258,7 @@ typedef struct drm_radeon_private {
  
  	/* SW interrupt */
  	wait_queue_head_t swi_queue;
@@ -36182,10 +35583,10 @@ index c180df8..5fd8186 100644
  
  	return ret;
 diff --git a/drivers/gpu/drm/radeon/radeon_irq.c b/drivers/gpu/drm/radeon/radeon_irq.c
-index e771033..a0bc6b3 100644
+index 8d68e97..9dcfed8 100644
 --- a/drivers/gpu/drm/radeon/radeon_irq.c
 +++ b/drivers/gpu/drm/radeon/radeon_irq.c
-@@ -224,8 +224,8 @@ static int radeon_emit_irq(struct drm_device * dev)
+@@ -226,8 +226,8 @@ static int radeon_emit_irq(struct drm_device * dev)
  	unsigned int ret;
  	RING_LOCALS;
  
@@ -36196,7 +35597,7 @@ index e771033..a0bc6b3 100644
  
  	BEGIN_RING(4);
  	OUT_RING_REG(RADEON_LAST_SWI_REG, ret);
-@@ -351,7 +351,7 @@ int radeon_driver_irq_postinstall(struct drm_device *dev)
+@@ -353,7 +353,7 @@ int radeon_driver_irq_postinstall(struct drm_device *dev)
  	drm_radeon_private_t *dev_priv =
  	    (drm_radeon_private_t *) dev->dev_private;
  
@@ -36206,10 +35607,10 @@ index e771033..a0bc6b3 100644
  
  	dev->max_vblank_count = 0x001fffff;
 diff --git a/drivers/gpu/drm/radeon/radeon_state.c b/drivers/gpu/drm/radeon/radeon_state.c
-index 8e9057b..af6dacb 100644
+index 4d20910..6726b6d 100644
 --- a/drivers/gpu/drm/radeon/radeon_state.c
 +++ b/drivers/gpu/drm/radeon/radeon_state.c
-@@ -2166,7 +2166,7 @@ static int radeon_cp_clear(struct drm_device *dev, void *data, struct drm_file *
+@@ -2168,7 +2168,7 @@ static int radeon_cp_clear(struct drm_device *dev, void *data, struct drm_file *
  	if (sarea_priv->nbox > RADEON_NR_SAREA_CLIPRECTS)
  		sarea_priv->nbox = RADEON_NR_SAREA_CLIPRECTS;
  
@@ -36218,7 +35619,7 @@ index 8e9057b..af6dacb 100644
  			       sarea_priv->nbox * sizeof(depth_boxes[0])))
  		return -EFAULT;
  
-@@ -3029,7 +3029,7 @@ static int radeon_cp_getparam(struct drm_device *dev, void *data, struct drm_fil
+@@ -3031,7 +3031,7 @@ static int radeon_cp_getparam(struct drm_device *dev, void *data, struct drm_fil
  {
  	drm_radeon_private_t *dev_priv = dev->dev_private;
  	drm_radeon_getparam_t *param = data;
@@ -36333,7 +35734,7 @@ index bd2a3b4..122d9ad 100644
  	int shrink_pages = sc->nr_to_scan;
  
 diff --git a/drivers/gpu/drm/udl/udl_fb.c b/drivers/gpu/drm/udl/udl_fb.c
-index 1eb060c..188b1fc 100644
+index 9f4be3d..cbc9fcc 100644
 --- a/drivers/gpu/drm/udl/udl_fb.c
 +++ b/drivers/gpu/drm/udl/udl_fb.c
 @@ -367,7 +367,6 @@ static int udl_fb_release(struct fb_info *info, int user)
@@ -36529,10 +35930,10 @@ index 8a8725c..afed796 100644
  			marker = list_first_entry(&queue->head,
  						 struct vmw_marker, head);
 diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
-index ceb3040..6160c5c 100644
+index aa341d1..ef07090 100644
 --- a/drivers/hid/hid-core.c
 +++ b/drivers/hid/hid-core.c
-@@ -2242,7 +2242,7 @@ EXPORT_SYMBOL_GPL(hid_ignore);
+@@ -2267,7 +2267,7 @@ EXPORT_SYMBOL_GPL(hid_ignore);
  
  int hid_add_device(struct hid_device *hdev)
  {
@@ -36541,7 +35942,7 @@ index ceb3040..6160c5c 100644
  	int ret;
  
  	if (WARN_ON(hdev->status & HID_STAT_ADDED))
-@@ -2276,7 +2276,7 @@ int hid_add_device(struct hid_device *hdev)
+@@ -2301,7 +2301,7 @@ int hid_add_device(struct hid_device *hdev)
  	/* XXX hack, any other cleaner solution after the driver core
  	 * is converted to allow more than 20 bytes as the device name? */
  	dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus,
@@ -36551,7 +35952,7 @@ index ceb3040..6160c5c 100644
  	hid_debug_register(hdev, dev_name(&hdev->dev));
  	ret = device_add(&hdev->dev);
 diff --git a/drivers/hid/hid-wiimote-debug.c b/drivers/hid/hid-wiimote-debug.c
-index eec3291..8ed706b 100644
+index 90124ff..3761764 100644
 --- a/drivers/hid/hid-wiimote-debug.c
 +++ b/drivers/hid/hid-wiimote-debug.c
 @@ -66,7 +66,7 @@ static ssize_t wiidebug_eeprom_read(struct file *f, char __user *u, size_t s,
@@ -36564,7 +35965,7 @@ index eec3291..8ed706b 100644
  
  	*off += size;
 diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c
-index 773a2f2..7ce08bc 100644
+index 0b122f8..b1d8160 100644
 --- a/drivers/hv/channel.c
 +++ b/drivers/hv/channel.c
 @@ -394,8 +394,8 @@ int vmbus_establish_gpadl(struct vmbus_channel *channel, void *kbuffer,
@@ -36579,10 +35980,10 @@ index 773a2f2..7ce08bc 100644
  	ret = create_gpadl_header(kbuffer, size, &msginfo, &msgcount);
  	if (ret)
 diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c
-index 3648f8f..30ef30d 100644
+index 7311589..861e9ef 100644
 --- a/drivers/hv/hv.c
 +++ b/drivers/hv/hv.c
-@@ -111,7 +111,7 @@ static u64 do_hypercall(u64 control, void *input, void *output)
+@@ -112,7 +112,7 @@ static u64 do_hypercall(u64 control, void *input, void *output)
  	u64 output_address = (output) ? virt_to_phys(output) : 0;
  	u32 output_address_hi = output_address >> 32;
  	u32 output_address_lo = output_address & 0xFFFFFFFF;
@@ -36592,10 +35993,10 @@ index 3648f8f..30ef30d 100644
  	__asm__ __volatile__ ("call *%8" : "=d"(hv_status_hi),
  			      "=a"(hv_status_lo) : "d" (control_hi),
 diff --git a/drivers/hv/hyperv_vmbus.h b/drivers/hv/hyperv_vmbus.h
-index d8d1fad..b91caf7 100644
+index 12f2f9e..679603c 100644
 --- a/drivers/hv/hyperv_vmbus.h
 +++ b/drivers/hv/hyperv_vmbus.h
-@@ -594,7 +594,7 @@ enum vmbus_connect_state {
+@@ -591,7 +591,7 @@ enum vmbus_connect_state {
  struct vmbus_connection {
  	enum vmbus_connect_state conn_state;
  
@@ -36605,10 +36006,10 @@ index d8d1fad..b91caf7 100644
  	/*
  	 * Represents channel interrupts. Each bit position represents a
 diff --git a/drivers/hv/vmbus_drv.c b/drivers/hv/vmbus_drv.c
-index 8e1a9ec..4687821 100644
+index bf421e0..ce2c897 100644
 --- a/drivers/hv/vmbus_drv.c
 +++ b/drivers/hv/vmbus_drv.c
-@@ -629,10 +629,10 @@ int vmbus_device_register(struct hv_device *child_device_obj)
+@@ -668,10 +668,10 @@ int vmbus_device_register(struct hv_device *child_device_obj)
  {
  	int ret = 0;
  
@@ -36622,7 +36023,7 @@ index 8e1a9ec..4687821 100644
  	child_device_obj->device.bus = &hv_bus;
  	child_device_obj->device.parent = &hv_acpi_dev->dev;
 diff --git a/drivers/hwmon/acpi_power_meter.c b/drivers/hwmon/acpi_power_meter.c
-index 1672e2a..4a6297c 100644
+index 6351aba..dc4aaf4 100644
 --- a/drivers/hwmon/acpi_power_meter.c
 +++ b/drivers/hwmon/acpi_power_meter.c
 @@ -117,7 +117,7 @@ struct sensor_template {
@@ -36657,7 +36058,7 @@ index b41baff..4953e4d 100644
  
  	for (grp = groups; grp->format; grp++) {
 diff --git a/drivers/hwmon/asus_atk0110.c b/drivers/hwmon/asus_atk0110.c
-index 56dbcfb..9874bf1 100644
+index b25c643..a13460d 100644
 --- a/drivers/hwmon/asus_atk0110.c
 +++ b/drivers/hwmon/asus_atk0110.c
 @@ -152,10 +152,10 @@ MODULE_DEVICE_TABLE(acpi, atk_ids);
@@ -36685,10 +36086,10 @@ index 56dbcfb..9874bf1 100644
  {
  	sysfs_attr_init(&attr->attr);
 diff --git a/drivers/hwmon/coretemp.c b/drivers/hwmon/coretemp.c
-index d64923d..72591e8 100644
+index 3f1e297..a6cafb5 100644
 --- a/drivers/hwmon/coretemp.c
 +++ b/drivers/hwmon/coretemp.c
-@@ -790,7 +790,7 @@ static int __cpuinit coretemp_cpu_callback(struct notifier_block *nfb,
+@@ -791,7 +791,7 @@ static int __cpuinit coretemp_cpu_callback(struct notifier_block *nfb,
  	return NOTIFY_OK;
  }
  
@@ -36710,36 +36111,23 @@ index a14f634..2916ee2 100644
  	int err;
  
  	/* Set up read-only sensors */
-diff --git a/drivers/hwmon/pmbus/pmbus_core.c b/drivers/hwmon/pmbus/pmbus_core.c
-index 7d19b1b..8fdaaac 100644
---- a/drivers/hwmon/pmbus/pmbus_core.c
-+++ b/drivers/hwmon/pmbus/pmbus_core.c
-@@ -811,7 +811,7 @@ static ssize_t pmbus_show_label(struct device *dev,
- 
- #define PMBUS_ADD_ATTR(data, _name, _idx, _mode, _type, _show, _set)	\
- do {									\
--	struct sensor_device_attribute *a				\
-+	sensor_device_attribute_no_const *a				\
- 	    = &data->_type##s[data->num_##_type##s].attribute;		\
- 	BUG_ON(data->num_attributes >= data->max_attributes);		\
- 	sysfs_attr_init(&a->dev_attr.attr);				\
 diff --git a/drivers/hwmon/sht15.c b/drivers/hwmon/sht15.c
-index 8047fed..1e956f0 100644
+index 2507f90..1645765 100644
 --- a/drivers/hwmon/sht15.c
 +++ b/drivers/hwmon/sht15.c
 @@ -169,7 +169,7 @@ struct sht15_data {
- 	int				supply_uV;
- 	bool				supply_uV_valid;
+ 	int				supply_uv;
+ 	bool				supply_uv_valid;
  	struct work_struct		update_supply_work;
 -	atomic_t			interrupt_handled;
 +	atomic_unchecked_t		interrupt_handled;
  };
  
  /**
-@@ -512,13 +512,13 @@ static int sht15_measurement(struct sht15_data *data,
+@@ -542,13 +542,13 @@ static int sht15_measurement(struct sht15_data *data,
+ 	ret = gpio_direction_input(data->pdata->gpio_data);
+ 	if (ret)
  		return ret;
- 
- 	gpio_direction_input(data->pdata->gpio_data);
 -	atomic_set(&data->interrupt_handled, 0);
 +	atomic_set_unchecked(&data->interrupt_handled, 0);
  
@@ -36752,7 +36140,7 @@ index 8047fed..1e956f0 100644
  			schedule_work(&data->read_work);
  	}
  	ret = wait_event_timeout(data->wait_queue,
-@@ -785,7 +785,7 @@ static irqreturn_t sht15_interrupt_fired(int irq, void *d)
+@@ -820,7 +820,7 @@ static irqreturn_t sht15_interrupt_fired(int irq, void *d)
  
  	/* First disable the interrupt */
  	disable_irq_nosync(irq);
@@ -36761,7 +36149,7 @@ index 8047fed..1e956f0 100644
  	/* Then schedule a reading work struct */
  	if (data->state != SHT15_READING_NOTHING)
  		schedule_work(&data->read_work);
-@@ -807,11 +807,11 @@ static void sht15_bh_read_data(struct work_struct *work_s)
+@@ -842,11 +842,11 @@ static void sht15_bh_read_data(struct work_struct *work_s)
  		 * If not, then start the interrupt again - care here as could
  		 * have gone low in meantime so verify it hasn't!
  		 */
@@ -36841,7 +36229,7 @@ index 8848f16..f8e6dd8 100644
  			   struct iio_chan_spec const *chan,
  			   ssize_t (*readfunc)(struct device *dev,
 diff --git a/drivers/infiniband/core/cm.c b/drivers/infiniband/core/cm.c
-index 394fea2..c833880 100644
+index 784b97c..c9ceadf 100644
 --- a/drivers/infiniband/core/cm.c
 +++ b/drivers/infiniband/core/cm.c
 @@ -114,7 +114,7 @@ static char const counter_group_names[CM_COUNTER_GROUPS]
@@ -36853,7 +36241,7 @@ index 394fea2..c833880 100644
  };
  
  struct cm_counter_attribute {
-@@ -1394,7 +1394,7 @@ static void cm_dup_req_handler(struct cm_work *work,
+@@ -1395,7 +1395,7 @@ static void cm_dup_req_handler(struct cm_work *work,
  	struct ib_mad_send_buf *msg = NULL;
  	int ret;
  
@@ -36862,7 +36250,7 @@ index 394fea2..c833880 100644
  			counter[CM_REQ_COUNTER]);
  
  	/* Quick state check to discard duplicate REQs. */
-@@ -1778,7 +1778,7 @@ static void cm_dup_rep_handler(struct cm_work *work)
+@@ -1779,7 +1779,7 @@ static void cm_dup_rep_handler(struct cm_work *work)
  	if (!cm_id_priv)
  		return;
  
@@ -36871,7 +36259,7 @@ index 394fea2..c833880 100644
  			counter[CM_REP_COUNTER]);
  	ret = cm_alloc_response_msg(work->port, work->mad_recv_wc, &msg);
  	if (ret)
-@@ -1945,7 +1945,7 @@ static int cm_rtu_handler(struct cm_work *work)
+@@ -1946,7 +1946,7 @@ static int cm_rtu_handler(struct cm_work *work)
  	if (cm_id_priv->id.state != IB_CM_REP_SENT &&
  	    cm_id_priv->id.state != IB_CM_MRA_REP_RCVD) {
  		spin_unlock_irq(&cm_id_priv->lock);
@@ -36880,7 +36268,7 @@ index 394fea2..c833880 100644
  				counter[CM_RTU_COUNTER]);
  		goto out;
  	}
-@@ -2128,7 +2128,7 @@ static int cm_dreq_handler(struct cm_work *work)
+@@ -2129,7 +2129,7 @@ static int cm_dreq_handler(struct cm_work *work)
  	cm_id_priv = cm_acquire_id(dreq_msg->remote_comm_id,
  				   dreq_msg->local_comm_id);
  	if (!cm_id_priv) {
@@ -36889,7 +36277,7 @@ index 394fea2..c833880 100644
  				counter[CM_DREQ_COUNTER]);
  		cm_issue_drep(work->port, work->mad_recv_wc);
  		return -EINVAL;
-@@ -2153,7 +2153,7 @@ static int cm_dreq_handler(struct cm_work *work)
+@@ -2154,7 +2154,7 @@ static int cm_dreq_handler(struct cm_work *work)
  	case IB_CM_MRA_REP_RCVD:
  		break;
  	case IB_CM_TIMEWAIT:
@@ -36898,7 +36286,7 @@ index 394fea2..c833880 100644
  				counter[CM_DREQ_COUNTER]);
  		if (cm_alloc_response_msg(work->port, work->mad_recv_wc, &msg))
  			goto unlock;
-@@ -2167,7 +2167,7 @@ static int cm_dreq_handler(struct cm_work *work)
+@@ -2168,7 +2168,7 @@ static int cm_dreq_handler(struct cm_work *work)
  			cm_free_msg(msg);
  		goto deref;
  	case IB_CM_DREQ_RCVD:
@@ -36907,7 +36295,7 @@ index 394fea2..c833880 100644
  				counter[CM_DREQ_COUNTER]);
  		goto unlock;
  	default:
-@@ -2534,7 +2534,7 @@ static int cm_mra_handler(struct cm_work *work)
+@@ -2535,7 +2535,7 @@ static int cm_mra_handler(struct cm_work *work)
  		    ib_modify_mad(cm_id_priv->av.port->mad_agent,
  				  cm_id_priv->msg, timeout)) {
  			if (cm_id_priv->id.lap_state == IB_CM_MRA_LAP_RCVD)
@@ -36916,7 +36304,7 @@ index 394fea2..c833880 100644
  						counter_group[CM_RECV_DUPLICATES].
  						counter[CM_MRA_COUNTER]);
  			goto out;
-@@ -2543,7 +2543,7 @@ static int cm_mra_handler(struct cm_work *work)
+@@ -2544,7 +2544,7 @@ static int cm_mra_handler(struct cm_work *work)
  		break;
  	case IB_CM_MRA_REQ_RCVD:
  	case IB_CM_MRA_REP_RCVD:
@@ -36925,7 +36313,7 @@ index 394fea2..c833880 100644
  				counter[CM_MRA_COUNTER]);
  		/* fall through */
  	default:
-@@ -2705,7 +2705,7 @@ static int cm_lap_handler(struct cm_work *work)
+@@ -2706,7 +2706,7 @@ static int cm_lap_handler(struct cm_work *work)
  	case IB_CM_LAP_IDLE:
  		break;
  	case IB_CM_MRA_LAP_SENT:
@@ -36934,7 +36322,7 @@ index 394fea2..c833880 100644
  				counter[CM_LAP_COUNTER]);
  		if (cm_alloc_response_msg(work->port, work->mad_recv_wc, &msg))
  			goto unlock;
-@@ -2721,7 +2721,7 @@ static int cm_lap_handler(struct cm_work *work)
+@@ -2722,7 +2722,7 @@ static int cm_lap_handler(struct cm_work *work)
  			cm_free_msg(msg);
  		goto deref;
  	case IB_CM_LAP_RCVD:
@@ -36943,7 +36331,7 @@ index 394fea2..c833880 100644
  				counter[CM_LAP_COUNTER]);
  		goto unlock;
  	default:
-@@ -3005,7 +3005,7 @@ static int cm_sidr_req_handler(struct cm_work *work)
+@@ -3006,7 +3006,7 @@ static int cm_sidr_req_handler(struct cm_work *work)
  	cur_cm_id_priv = cm_insert_remote_sidr(cm_id_priv);
  	if (cur_cm_id_priv) {
  		spin_unlock_irq(&cm.lock);
@@ -36952,7 +36340,7 @@ index 394fea2..c833880 100644
  				counter[CM_SIDR_REQ_COUNTER]);
  		goto out; /* Duplicate message. */
  	}
-@@ -3217,10 +3217,10 @@ static void cm_send_handler(struct ib_mad_agent *mad_agent,
+@@ -3218,10 +3218,10 @@ static void cm_send_handler(struct ib_mad_agent *mad_agent,
  	if (!msg->context[0] && (attr_index != CM_REJ_COUNTER))
  		msg->retries = 1;
  
@@ -36965,7 +36353,7 @@ index 394fea2..c833880 100644
  				&port->counter_group[CM_XMIT_RETRIES].
  				counter[attr_index]);
  
-@@ -3430,7 +3430,7 @@ static void cm_recv_handler(struct ib_mad_agent *mad_agent,
+@@ -3431,7 +3431,7 @@ static void cm_recv_handler(struct ib_mad_agent *mad_agent,
  	}
  
  	attr_id = be16_to_cpu(mad_recv_wc->recv_buf.mad->mad_hdr.attr_id);
@@ -36974,7 +36362,7 @@ index 394fea2..c833880 100644
  			counter[attr_id - CM_ATTR_ID_OFFSET]);
  
  	work = kmalloc(sizeof *work + sizeof(struct ib_sa_path_rec) * paths,
-@@ -3635,7 +3635,7 @@ static ssize_t cm_show_counter(struct kobject *obj, struct attribute *attr,
+@@ -3636,7 +3636,7 @@ static ssize_t cm_show_counter(struct kobject *obj, struct attribute *attr,
  	cm_attr = container_of(attr, struct cm_counter_attribute, attr);
  
  	return sprintf(buf, "%ld\n",
@@ -36984,7 +36372,7 @@ index 394fea2..c833880 100644
  
  static const struct sysfs_ops cm_counter_ops = {
 diff --git a/drivers/infiniband/core/fmr_pool.c b/drivers/infiniband/core/fmr_pool.c
-index 176c8f9..2627b62 100644
+index 9f5ad7c..588cd84 100644
 --- a/drivers/infiniband/core/fmr_pool.c
 +++ b/drivers/infiniband/core/fmr_pool.c
 @@ -98,8 +98,8 @@ struct ib_fmr_pool {
@@ -36998,7 +36386,7 @@ index 176c8f9..2627b62 100644
  
  	wait_queue_head_t         force_wait;
  };
-@@ -180,10 +180,10 @@ static int ib_fmr_cleanup_thread(void *pool_ptr)
+@@ -179,10 +179,10 @@ static int ib_fmr_cleanup_thread(void *pool_ptr)
  	struct ib_fmr_pool *pool = pool_ptr;
  
  	do {
@@ -37011,7 +36399,7 @@ index 176c8f9..2627b62 100644
  			wake_up_interruptible(&pool->force_wait);
  
  			if (pool->flush_function)
-@@ -191,7 +191,7 @@ static int ib_fmr_cleanup_thread(void *pool_ptr)
+@@ -190,7 +190,7 @@ static int ib_fmr_cleanup_thread(void *pool_ptr)
  		}
  
  		set_current_state(TASK_INTERRUPTIBLE);
@@ -37020,7 +36408,7 @@ index 176c8f9..2627b62 100644
  		    !kthread_should_stop())
  			schedule();
  		__set_current_state(TASK_RUNNING);
-@@ -283,8 +283,8 @@ struct ib_fmr_pool *ib_create_fmr_pool(struct ib_pd             *pd,
+@@ -282,8 +282,8 @@ struct ib_fmr_pool *ib_create_fmr_pool(struct ib_pd             *pd,
  	pool->dirty_watermark = params->dirty_watermark;
  	pool->dirty_len       = 0;
  	spin_lock_init(&pool->pool_lock);
@@ -37031,7 +36419,7 @@ index 176c8f9..2627b62 100644
  	init_waitqueue_head(&pool->force_wait);
  
  	pool->thread = kthread_run(ib_fmr_cleanup_thread,
-@@ -412,11 +412,11 @@ int ib_flush_fmr_pool(struct ib_fmr_pool *pool)
+@@ -411,11 +411,11 @@ int ib_flush_fmr_pool(struct ib_fmr_pool *pool)
  	}
  	spin_unlock_irq(&pool->pool_lock);
  
@@ -37045,7 +36433,7 @@ index 176c8f9..2627b62 100644
  		return -EINTR;
  
  	return 0;
-@@ -526,7 +526,7 @@ int ib_fmr_pool_unmap(struct ib_pool_fmr *fmr)
+@@ -525,7 +525,7 @@ int ib_fmr_pool_unmap(struct ib_pool_fmr *fmr)
  		} else {
  			list_add_tail(&fmr->list, &pool->dirty_list);
  			if (++pool->dirty_len >= pool->dirty_watermark) {
@@ -37055,7 +36443,7 @@ index 176c8f9..2627b62 100644
  			}
  		}
 diff --git a/drivers/infiniband/hw/cxgb4/mem.c b/drivers/infiniband/hw/cxgb4/mem.c
-index afd8179..598063f 100644
+index 903a92d..9262548 100644
 --- a/drivers/infiniband/hw/cxgb4/mem.c
 +++ b/drivers/infiniband/hw/cxgb4/mem.c
 @@ -122,7 +122,7 @@ static int write_tpt_entry(struct c4iw_rdev *rdev, u32 reset_tpt_entry,
@@ -37157,7 +36545,7 @@ index ed9a989..e0c5871 100644
  {
  	struct mthca_mailbox *mailbox;
 diff --git a/drivers/infiniband/hw/nes/nes.c b/drivers/infiniband/hw/nes/nes.c
-index 5b152a3..c1f3e83 100644
+index 4291410..d2ab1fb 100644
 --- a/drivers/infiniband/hw/nes/nes.c
 +++ b/drivers/infiniband/hw/nes/nes.c
 @@ -98,7 +98,7 @@ MODULE_PARM_DESC(limit_maxrdreqsz, "Limit max read request size to 256 Bytes");
@@ -37169,7 +36557,7 @@ index 5b152a3..c1f3e83 100644
  
  static unsigned int ee_flsh_adapter;
  static unsigned int sysfs_nonidx_addr;
-@@ -267,7 +267,7 @@ static void nes_cqp_rem_ref_callback(struct nes_device *nesdev, struct nes_cqp_r
+@@ -269,7 +269,7 @@ static void nes_cqp_rem_ref_callback(struct nes_device *nesdev, struct nes_cqp_r
  	struct nes_qp *nesqp = cqp_request->cqp_callback_pointer;
  	struct nes_adapter *nesadapter = nesdev->nesadapter;
  
@@ -37238,7 +36626,7 @@ index 33cc589..3bd6538 100644
  extern u32 int_mod_timer_init;
  extern u32 int_mod_cq_depth_256;
 diff --git a/drivers/infiniband/hw/nes/nes_cm.c b/drivers/infiniband/hw/nes/nes_cm.c
-index 22ea67e..dcbe3bc 100644
+index 24b9f1a..00fd004 100644
 --- a/drivers/infiniband/hw/nes/nes_cm.c
 +++ b/drivers/infiniband/hw/nes/nes_cm.c
 @@ -68,14 +68,14 @@ u32 cm_packets_dropped;
@@ -37471,7 +36859,7 @@ index 4166452..fc952c3 100644
  			}
  
 diff --git a/drivers/infiniband/hw/nes/nes_nic.c b/drivers/infiniband/hw/nes/nes_nic.c
-index 9542e16..a008c40 100644
+index 85cf4d1..05d8e71 100644
 --- a/drivers/infiniband/hw/nes/nes_nic.c
 +++ b/drivers/infiniband/hw/nes/nes_nic.c
 @@ -1273,39 +1273,39 @@ static void nes_netdev_get_ethtool_stats(struct net_device *netdev,
@@ -37535,7 +36923,7 @@ index 9542e16..a008c40 100644
  
  /**
 diff --git a/drivers/infiniband/hw/nes/nes_verbs.c b/drivers/infiniband/hw/nes/nes_verbs.c
-index 07e4fba..685f041 100644
+index 8f67fe2..8960859 100644
 --- a/drivers/infiniband/hw/nes/nes_verbs.c
 +++ b/drivers/infiniband/hw/nes/nes_verbs.c
 @@ -46,9 +46,9 @@
@@ -37551,7 +36939,7 @@ index 07e4fba..685f041 100644
  
  static void nes_unregister_ofa_device(struct nes_ib_device *nesibdev);
  
-@@ -1131,7 +1131,7 @@ static struct ib_qp *nes_create_qp(struct ib_pd *ibpd,
+@@ -1134,7 +1134,7 @@ static struct ib_qp *nes_create_qp(struct ib_pd *ibpd,
  	if (init_attr->create_flags)
  		return ERR_PTR(-EINVAL);
  
@@ -37560,7 +36948,7 @@ index 07e4fba..685f041 100644
  	switch (init_attr->qp_type) {
  		case IB_QPT_RC:
  			if (nes_drv_opt & NES_DRV_OPT_NO_INLINE_DATA) {
-@@ -1462,7 +1462,7 @@ static int nes_destroy_qp(struct ib_qp *ibqp)
+@@ -1465,7 +1465,7 @@ static int nes_destroy_qp(struct ib_qp *ibqp)
  	struct iw_cm_event cm_event;
  	int ret = 0;
  
@@ -37659,10 +37047,10 @@ index d6cbfe9..6225402 100644
  	snprintf(led->name, sizeof(led->name), "xpad%ld", led_no);
  	led->xpad = xpad;
 diff --git a/drivers/input/mouse/psmouse.h b/drivers/input/mouse/psmouse.h
-index fe1df23..5b710f3 100644
+index 2f0b39d..7370f13 100644
 --- a/drivers/input/mouse/psmouse.h
 +++ b/drivers/input/mouse/psmouse.h
-@@ -115,7 +115,7 @@ struct psmouse_attribute {
+@@ -116,7 +116,7 @@ struct psmouse_attribute {
  	ssize_t (*set)(struct psmouse *psmouse, void *data,
  			const char *buf, size_t count);
  	bool protect;
@@ -37685,7 +37073,7 @@ index 4c842c3..590b0bf 100644
  
  	return count;
 diff --git a/drivers/input/serio/serio.c b/drivers/input/serio/serio.c
-index 25fc597..558bf3b 100644
+index 25fc597..558bf3b3 100644
 --- a/drivers/input/serio/serio.c
 +++ b/drivers/input/serio/serio.c
 @@ -496,7 +496,7 @@ static void serio_release_port(struct device *dev)
@@ -37707,7 +37095,7 @@ index 25fc597..558bf3b 100644
  	serio->dev.release = serio_release_port;
  	serio->dev.groups = serio_device_attr_groups;
 diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
-index ddbdaca..be18a78 100644
+index b972d43..8943713 100644
 --- a/drivers/iommu/iommu.c
 +++ b/drivers/iommu/iommu.c
 @@ -554,7 +554,7 @@ static struct notifier_block iommu_bus_nb = {
@@ -37719,6 +37107,49 @@ index ddbdaca..be18a78 100644
  }
  
  /**
+diff --git a/drivers/iommu/irq_remapping.c b/drivers/iommu/irq_remapping.c
+index 7c11ff3..5b2d7a7 100644
+--- a/drivers/iommu/irq_remapping.c
++++ b/drivers/iommu/irq_remapping.c
+@@ -369,10 +369,12 @@ static void ir_print_prefix(struct irq_data *data, struct seq_file *p)
+ 
+ void irq_remap_modify_chip_defaults(struct irq_chip *chip)
+ {
+-	chip->irq_print_chip = ir_print_prefix;
+-	chip->irq_ack = ir_ack_apic_edge;
+-	chip->irq_eoi = ir_ack_apic_level;
+-	chip->irq_set_affinity = x86_io_apic_ops.set_affinity;
++	pax_open_kernel();
++	*(void **)&chip->irq_print_chip = ir_print_prefix;
++	*(void **)&chip->irq_ack = ir_ack_apic_edge;
++	*(void **)&chip->irq_eoi = ir_ack_apic_level;
++	*(void **)&chip->irq_set_affinity = x86_io_apic_ops.set_affinity;
++	pax_close_kernel();
+ }
+ 
+ bool setup_remapped_irq(int irq, struct irq_cfg *cfg, struct irq_chip *chip)
+diff --git a/drivers/irqchip/irq-gic.c b/drivers/irqchip/irq-gic.c
+index fc6aebf..94d5248 100644
+--- a/drivers/irqchip/irq-gic.c
++++ b/drivers/irqchip/irq-gic.c
+@@ -83,7 +83,7 @@ static u8 gic_cpu_map[NR_GIC_CPU_IF] __read_mostly;
+  * Supported arch specific GIC irq extension.
+  * Default make them NULL.
+  */
+-struct irq_chip gic_arch_extn = {
++irq_chip_no_const gic_arch_extn __read_only = {
+ 	.irq_eoi	= NULL,
+ 	.irq_mask	= NULL,
+ 	.irq_unmask	= NULL,
+@@ -332,7 +332,7 @@ static void gic_handle_cascade_irq(unsigned int irq, struct irq_desc *desc)
+ 	chained_irq_exit(chip, desc);
+ }
+ 
+-static struct irq_chip gic_chip = {
++static irq_chip_no_const gic_chip __read_only = {
+ 	.name			= "GIC",
+ 	.irq_mask		= gic_mask_irq,
+ 	.irq_unmask		= gic_unmask_irq,
 diff --git a/drivers/isdn/capi/capi.c b/drivers/isdn/capi/capi.c
 index 89562a8..218999b 100644
 --- a/drivers/isdn/capi/capi.c
@@ -37761,10 +37192,10 @@ index 89562a8..218999b 100644
  		capimsg_setu32(skb->data, 12, (u32)(long)skb->data);/* Data32 */
  		capimsg_setu16(skb->data, 16, len);	/* Data length */
 diff --git a/drivers/isdn/gigaset/interface.c b/drivers/isdn/gigaset/interface.c
-index 67abf3f..076b3a6 100644
+index e2b5396..c5486dc 100644
 --- a/drivers/isdn/gigaset/interface.c
 +++ b/drivers/isdn/gigaset/interface.c
-@@ -160,9 +160,9 @@ static int if_open(struct tty_struct *tty, struct file *filp)
+@@ -130,9 +130,9 @@ static int if_open(struct tty_struct *tty, struct file *filp)
  	}
  	tty->driver_data = cs;
  
@@ -37774,9 +37205,9 @@ index 67abf3f..076b3a6 100644
 -	if (cs->port.count == 1) {
 +	if (atomic_read(&cs->port.count) == 1) {
  		tty_port_tty_set(&cs->port, tty);
- 		tty->low_latency = 1;
+ 		cs->port.low_latency = 1;
  	}
-@@ -186,9 +186,9 @@ static void if_close(struct tty_struct *tty, struct file *filp)
+@@ -156,9 +156,9 @@ static void if_close(struct tty_struct *tty, struct file *filp)
  
  	if (!cs->connected)
  		gig_dbg(DEBUG_IF, "not connected");	/* nothing to do */
@@ -37811,10 +37242,10 @@ index 821f7ac..28d4030 100644
  		} else {
  			memcpy(buf, dp, left);
 diff --git a/drivers/isdn/i4l/isdn_tty.c b/drivers/isdn/i4l/isdn_tty.c
-index e09dc8a..15e2efb 100644
+index ebaebdf..acd4405 100644
 --- a/drivers/isdn/i4l/isdn_tty.c
 +++ b/drivers/isdn/i4l/isdn_tty.c
-@@ -1513,9 +1513,9 @@ isdn_tty_open(struct tty_struct *tty, struct file *filp)
+@@ -1511,9 +1511,9 @@ isdn_tty_open(struct tty_struct *tty, struct file *filp)
  
  #ifdef ISDN_DEBUG_MODEM_OPEN
  	printk(KERN_DEBUG "isdn_tty_open %s, count = %d\n", tty->name,
@@ -37826,7 +37257,7 @@ index e09dc8a..15e2efb 100644
  	port->tty = tty;
  	/*
  	 * Start up serial port
-@@ -1559,7 +1559,7 @@ isdn_tty_close(struct tty_struct *tty, struct file *filp)
+@@ -1557,7 +1557,7 @@ isdn_tty_close(struct tty_struct *tty, struct file *filp)
  #endif
  		return;
  	}
@@ -37835,7 +37266,7 @@ index e09dc8a..15e2efb 100644
  		/*
  		 * Uh, oh.  tty->count is 1, which means that the tty
  		 * structure will be freed.  Info->count should always
-@@ -1568,15 +1568,15 @@ isdn_tty_close(struct tty_struct *tty, struct file *filp)
+@@ -1566,15 +1566,15 @@ isdn_tty_close(struct tty_struct *tty, struct file *filp)
  		 * serial port won't be shutdown.
  		 */
  		printk(KERN_ERR "isdn_tty_close: bad port count; tty->count is 1, "
@@ -37857,7 +37288,7 @@ index e09dc8a..15e2efb 100644
  #ifdef ISDN_DEBUG_MODEM_OPEN
  		printk(KERN_DEBUG "isdn_tty_close after info->count != 0\n");
  #endif
-@@ -1630,7 +1630,7 @@ isdn_tty_hangup(struct tty_struct *tty)
+@@ -1628,7 +1628,7 @@ isdn_tty_hangup(struct tty_struct *tty)
  	if (isdn_tty_paranoia_check(info, tty->name, "isdn_tty_hangup"))
  		return;
  	isdn_tty_shutdown(info);
@@ -37866,7 +37297,7 @@ index e09dc8a..15e2efb 100644
  	port->flags &= ~ASYNC_NORMAL_ACTIVE;
  	port->tty = NULL;
  	wake_up_interruptible(&port->open_wait);
-@@ -1975,7 +1975,7 @@ isdn_tty_find_icall(int di, int ch, setup_parm *setup)
+@@ -1973,7 +1973,7 @@ isdn_tty_find_icall(int di, int ch, setup_parm *setup)
  	for (i = 0; i < ISDN_MAX_CHANNELS; i++) {
  		modem_info *info = &dev->mdm.info[i];
  
@@ -37902,10 +37333,10 @@ index 6a8405d..0bd1c7e 100644
  		.callback = clevo_mail_led_dmi_callback,
  		.ident = "Clevo D410J",
 diff --git a/drivers/leds/leds-ss4200.c b/drivers/leds/leds-ss4200.c
-index ec9b287..65c9bf4 100644
+index 64e204e..c6bf189 100644
 --- a/drivers/leds/leds-ss4200.c
 +++ b/drivers/leds/leds-ss4200.c
-@@ -92,7 +92,7 @@ MODULE_PARM_DESC(nodetect, "Skip DMI-based hardware detection");
+@@ -91,7 +91,7 @@ MODULE_PARM_DESC(nodetect, "Skip DMI-based hardware detection");
   * detected as working, but in reality it is not) as low as
   * possible.
   */
@@ -38066,7 +37497,7 @@ index 40634b0..4f5855e 100644
  // Every interrupt can come to us here
  // But we must truly tell each apart.
 diff --git a/drivers/md/bitmap.c b/drivers/md/bitmap.c
-index 7155945..4bcc562 100644
+index 4fd9d6a..834fa03 100644
 --- a/drivers/md/bitmap.c
 +++ b/drivers/md/bitmap.c
 @@ -1779,7 +1779,7 @@ void bitmap_status(struct seq_file *seq, struct bitmap *bitmap)
@@ -38079,10 +37510,10 @@ index 7155945..4bcc562 100644
  
  	seq_printf(seq, "\n");
 diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c
-index eee353d..74504c4 100644
+index aa04f02..2a1309e 100644
 --- a/drivers/md/dm-ioctl.c
 +++ b/drivers/md/dm-ioctl.c
-@@ -1632,7 +1632,7 @@ static int validate_params(uint cmd, struct dm_ioctl *param)
+@@ -1694,7 +1694,7 @@ static int validate_params(uint cmd, struct dm_ioctl *param)
  	    cmd == DM_LIST_VERSIONS_CMD)
  		return 0;
  
@@ -38092,7 +37523,7 @@ index eee353d..74504c4 100644
  			DMWARN("name not supplied when creating device");
  			return -EINVAL;
 diff --git a/drivers/md/dm-raid1.c b/drivers/md/dm-raid1.c
-index 7f24190..0e18099 100644
+index d053098..05cc375 100644
 --- a/drivers/md/dm-raid1.c
 +++ b/drivers/md/dm-raid1.c
 @@ -40,7 +40,7 @@ enum dm_raid1_error {
@@ -38104,7 +37535,7 @@ index 7f24190..0e18099 100644
  	unsigned long error_type;
  	struct dm_dev *dev;
  	sector_t offset;
-@@ -183,7 +183,7 @@ static struct mirror *get_valid_mirror(struct mirror_set *ms)
+@@ -186,7 +186,7 @@ static struct mirror *get_valid_mirror(struct mirror_set *ms)
  	struct mirror *m;
  
  	for (m = ms->mirror; m < ms->mirror + ms->nr_mirrors; m++)
@@ -38113,7 +37544,7 @@ index 7f24190..0e18099 100644
  			return m;
  
  	return NULL;
-@@ -215,7 +215,7 @@ static void fail_mirror(struct mirror *m, enum dm_raid1_error error_type)
+@@ -218,7 +218,7 @@ static void fail_mirror(struct mirror *m, enum dm_raid1_error error_type)
  	 * simple way to tell if a device has encountered
  	 * errors.
  	 */
@@ -38122,7 +37553,7 @@ index 7f24190..0e18099 100644
  
  	if (test_and_set_bit(error_type, &m->error_type))
  		return;
-@@ -406,7 +406,7 @@ static struct mirror *choose_mirror(struct mirror_set *ms, sector_t sector)
+@@ -409,7 +409,7 @@ static struct mirror *choose_mirror(struct mirror_set *ms, sector_t sector)
  	struct mirror *m = get_default_mirror(ms);
  
  	do {
@@ -38131,7 +37562,7 @@ index 7f24190..0e18099 100644
  			return m;
  
  		if (m-- == ms->mirror)
-@@ -420,7 +420,7 @@ static int default_ok(struct mirror *m)
+@@ -423,7 +423,7 @@ static int default_ok(struct mirror *m)
  {
  	struct mirror *default_mirror = get_default_mirror(m->ms);
  
@@ -38140,7 +37571,7 @@ index 7f24190..0e18099 100644
  }
  
  static int mirror_available(struct mirror_set *ms, struct bio *bio)
-@@ -557,7 +557,7 @@ static void do_reads(struct mirror_set *ms, struct bio_list *reads)
+@@ -560,7 +560,7 @@ static void do_reads(struct mirror_set *ms, struct bio_list *reads)
  		 */
  		if (likely(region_in_sync(ms, region, 1)))
  			m = choose_mirror(ms, bio->bi_sector);
@@ -38149,7 +37580,7 @@ index 7f24190..0e18099 100644
  			m = NULL;
  
  		if (likely(m))
-@@ -924,7 +924,7 @@ static int get_mirror(struct mirror_set *ms, struct dm_target *ti,
+@@ -927,7 +927,7 @@ static int get_mirror(struct mirror_set *ms, struct dm_target *ti,
  	}
  
  	ms->mirror[mirror].ms = ms;
@@ -38158,7 +37589,7 @@ index 7f24190..0e18099 100644
  	ms->mirror[mirror].error_type = 0;
  	ms->mirror[mirror].offset = offset;
  
-@@ -1337,7 +1337,7 @@ static void mirror_resume(struct dm_target *ti)
+@@ -1340,7 +1340,7 @@ static void mirror_resume(struct dm_target *ti)
   */
  static char device_status_char(struct mirror *m)
  {
@@ -38168,7 +37599,7 @@ index 7f24190..0e18099 100644
  
  	return (test_bit(DM_RAID1_FLUSH_ERROR, &(m->error_type))) ? 'F' :
 diff --git a/drivers/md/dm-stripe.c b/drivers/md/dm-stripe.c
-index aaecefa..23b3026 100644
+index d8837d3..1f7c341 100644
 --- a/drivers/md/dm-stripe.c
 +++ b/drivers/md/dm-stripe.c
 @@ -20,7 +20,7 @@ struct stripe {
@@ -38210,10 +37641,10 @@ index aaecefa..23b3026 100644
  				schedule_work(&sc->trigger_event);
  		}
 diff --git a/drivers/md/dm-table.c b/drivers/md/dm-table.c
-index daf25d0..d74f49f 100644
+index e50dad0..d9575e2 100644
 --- a/drivers/md/dm-table.c
 +++ b/drivers/md/dm-table.c
-@@ -390,7 +390,7 @@ static int device_area_is_invalid(struct dm_target *ti, struct dm_dev *dev,
+@@ -389,7 +389,7 @@ static int device_area_is_invalid(struct dm_target *ti, struct dm_dev *dev,
  	if (!dev_size)
  		return 0;
  
@@ -38223,7 +37654,7 @@ index daf25d0..d74f49f 100644
  		       "start=%llu, len=%llu, dev_size=%llu",
  		       dm_device_name(ti->table->md), bdevname(bdev, b),
 diff --git a/drivers/md/dm-thin-metadata.c b/drivers/md/dm-thin-metadata.c
-index 4d6e853..a234157 100644
+index 00cee02..b89a29d 100644
 --- a/drivers/md/dm-thin-metadata.c
 +++ b/drivers/md/dm-thin-metadata.c
 @@ -397,7 +397,7 @@ static void __setup_btree_details(struct dm_pool_metadata *pmd)
@@ -38245,10 +37676,10 @@ index 4d6e853..a234157 100644
  	pmd->bl_info.value_type.inc = data_block_inc;
  	pmd->bl_info.value_type.dec = data_block_dec;
 diff --git a/drivers/md/dm.c b/drivers/md/dm.c
-index 0d8f086..f5a91d5 100644
+index 9a0bdad..4df9543 100644
 --- a/drivers/md/dm.c
 +++ b/drivers/md/dm.c
-@@ -170,9 +170,9 @@ struct mapped_device {
+@@ -169,9 +169,9 @@ struct mapped_device {
  	/*
  	 * Event handling.
  	 */
@@ -38260,7 +37691,7 @@ index 0d8f086..f5a91d5 100644
  	struct list_head uevent_list;
  	spinlock_t uevent_lock; /* Protect access to uevent_list */
  
-@@ -1872,8 +1872,8 @@ static struct mapped_device *alloc_dev(int minor)
+@@ -1879,8 +1879,8 @@ static struct mapped_device *alloc_dev(int minor)
  	rwlock_init(&md->map_lock);
  	atomic_set(&md->holders, 1);
  	atomic_set(&md->open_count, 0);
@@ -38271,7 +37702,7 @@ index 0d8f086..f5a91d5 100644
  	INIT_LIST_HEAD(&md->uevent_list);
  	spin_lock_init(&md->uevent_lock);
  
-@@ -2026,7 +2026,7 @@ static void event_callback(void *context)
+@@ -2028,7 +2028,7 @@ static void event_callback(void *context)
  
  	dm_send_uevents(&uevents, &disk_to_dev(md->disk)->kobj);
  
@@ -38280,7 +37711,7 @@ index 0d8f086..f5a91d5 100644
  	wake_up(&md->eventq);
  }
  
-@@ -2683,18 +2683,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action,
+@@ -2685,18 +2685,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action,
  
  uint32_t dm_next_uevent_seq(struct mapped_device *md)
  {
@@ -38303,7 +37734,7 @@ index 0d8f086..f5a91d5 100644
  
  void dm_uevent_add(struct mapped_device *md, struct list_head *elist)
 diff --git a/drivers/md/md.c b/drivers/md/md.c
-index 0411bde..5a023ff 100644
+index a4a93b9..4747b63 100644
 --- a/drivers/md/md.c
 +++ b/drivers/md/md.c
 @@ -240,10 +240,10 @@ EXPORT_SYMBOL_GPL(md_trim_bio);
@@ -38375,7 +37806,7 @@ index 0411bde..5a023ff 100644
  
  	INIT_LIST_HEAD(&rdev->same_set);
  	init_waitqueue_head(&rdev->blocked_wait);
-@@ -6984,7 +6984,7 @@ static int md_seq_show(struct seq_file *seq, void *v)
+@@ -6994,7 +6994,7 @@ static int md_seq_show(struct seq_file *seq, void *v)
  
  		spin_unlock(&pers_lock);
  		seq_printf(seq, "\n");
@@ -38384,7 +37815,7 @@ index 0411bde..5a023ff 100644
  		return 0;
  	}
  	if (v == (void*)2) {
-@@ -7087,7 +7087,7 @@ static int md_seq_open(struct inode *inode, struct file *file)
+@@ -7097,7 +7097,7 @@ static int md_seq_open(struct inode *inode, struct file *file)
  		return error;
  
  	seq = file->private_data;
@@ -38393,7 +37824,7 @@ index 0411bde..5a023ff 100644
  	return error;
  }
  
-@@ -7101,7 +7101,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait)
+@@ -7111,7 +7111,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait)
  	/* always allow read */
  	mask = POLLIN | POLLRDNORM;
  
@@ -38402,7 +37833,7 @@ index 0411bde..5a023ff 100644
  		mask |= POLLERR | POLLPRI;
  	return mask;
  }
-@@ -7145,7 +7145,7 @@ static int is_mddev_idle(struct mddev *mddev, int init)
+@@ -7155,7 +7155,7 @@ static int is_mddev_idle(struct mddev *mddev, int init)
  		struct gendisk *disk = rdev->bdev->bd_contains->bd_disk;
  		curr_events = (int)part_stat_read(&disk->part0, sectors[0]) +
  			      (int)part_stat_read(&disk->part0, sectors[1]) -
@@ -38412,7 +37843,7 @@ index 0411bde..5a023ff 100644
  		 * as sync_io is counted when a request starts, and
  		 * disk_stats is counted when it completes.
 diff --git a/drivers/md/md.h b/drivers/md/md.h
-index eca59c3..7c42285 100644
+index d90fb1a..4174a2b 100644
 --- a/drivers/md/md.h
 +++ b/drivers/md/md.h
 @@ -94,13 +94,13 @@ struct md_rdev {
@@ -38475,10 +37906,10 @@ index 6af167f..40c25a1 100644
  					       "md/raid1:%s: read error corrected "
  					       "(%d sectors at %llu on %s)\n",
 diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
-index 61ab219..7b232b3 100644
+index 46c14e5..4db5966 100644
 --- a/drivers/md/raid10.c
 +++ b/drivers/md/raid10.c
-@@ -1886,7 +1886,7 @@ static void end_sync_read(struct bio *bio, int error)
+@@ -1932,7 +1932,7 @@ static void end_sync_read(struct bio *bio, int error)
  		/* The write handler will notice the lack of
  		 * R10BIO_Uptodate and record any errors etc
  		 */
@@ -38487,7 +37918,7 @@ index 61ab219..7b232b3 100644
  			   &conf->mirrors[d].rdev->corrected_errors);
  
  	/* for reconstruct, we always reschedule after a read.
-@@ -2235,7 +2235,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev)
+@@ -2281,7 +2281,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev)
  {
  	struct timespec cur_time_mon;
  	unsigned long hours_since_last;
@@ -38496,7 +37927,7 @@ index 61ab219..7b232b3 100644
  
  	ktime_get_ts(&cur_time_mon);
  
-@@ -2257,9 +2257,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev)
+@@ -2303,9 +2303,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev)
  	 * overflowing the shift of read_errors by hours_since_last.
  	 */
  	if (hours_since_last >= 8 * sizeof(read_errors))
@@ -38508,7 +37939,7 @@ index 61ab219..7b232b3 100644
  }
  
  static int r10_sync_page_io(struct md_rdev *rdev, sector_t sector,
-@@ -2313,8 +2313,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
+@@ -2359,8 +2359,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
  		return;
  
  	check_decay_read_errors(mddev, rdev);
@@ -38519,7 +37950,7 @@ index 61ab219..7b232b3 100644
  		char b[BDEVNAME_SIZE];
  		bdevname(rdev->bdev, b);
  
-@@ -2322,7 +2322,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
+@@ -2368,7 +2368,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
  		       "md/raid10:%s: %s: Raid device exceeded "
  		       "read_error threshold [cur %d:max %d]\n",
  		       mdname(mddev), b,
@@ -38528,7 +37959,7 @@ index 61ab219..7b232b3 100644
  		printk(KERN_NOTICE
  		       "md/raid10:%s: %s: Failing raid device\n",
  		       mdname(mddev), b);
-@@ -2477,7 +2477,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
+@@ -2523,7 +2523,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
  					       sect +
  					       choose_data_offset(r10_bio, rdev)),
  				       bdevname(rdev->bdev, b));
@@ -38538,10 +37969,10 @@ index 61ab219..7b232b3 100644
  
  			rdev_dec_pending(rdev, mddev);
 diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
-index 94ce78e..df99e24 100644
+index f4e87bf..0d4ad3f 100644
 --- a/drivers/md/raid5.c
 +++ b/drivers/md/raid5.c
-@@ -1800,21 +1800,21 @@ static void raid5_end_read_request(struct bio * bi, int error)
+@@ -1763,21 +1763,21 @@ static void raid5_end_read_request(struct bio * bi, int error)
  				mdname(conf->mddev), STRIPE_SECTORS,
  				(unsigned long long)s,
  				bdevname(rdev->bdev, b));
@@ -38567,7 +37998,7 @@ index 94ce78e..df99e24 100644
  		if (test_bit(R5_ReadRepl, &sh->dev[i].flags))
  			printk_ratelimited(
  				KERN_WARNING
-@@ -1842,7 +1842,7 @@ static void raid5_end_read_request(struct bio * bi, int error)
+@@ -1805,7 +1805,7 @@ static void raid5_end_read_request(struct bio * bi, int error)
  				mdname(conf->mddev),
  				(unsigned long long)s,
  				bdn);
@@ -38577,7 +38008,7 @@ index 94ce78e..df99e24 100644
  			printk(KERN_WARNING
  			       "md/raid:%s: Too many read errors, failing device %s.\n",
 diff --git a/drivers/media/dvb-core/dvbdev.c b/drivers/media/dvb-core/dvbdev.c
-index d33101a..6b13069 100644
+index 401ef64..836e563 100644
 --- a/drivers/media/dvb-core/dvbdev.c
 +++ b/drivers/media/dvb-core/dvbdev.c
 @@ -192,7 +192,7 @@ int dvb_register_device(struct dvb_adapter *adap, struct dvb_device **pdvbdev,
@@ -38590,7 +38021,7 @@ index d33101a..6b13069 100644
  	int minor;
  	int id;
 diff --git a/drivers/media/dvb-frontends/dib3000.h b/drivers/media/dvb-frontends/dib3000.h
-index 404f63a..4796533 100644
+index 9b6c3bb..baeb5c7 100644
 --- a/drivers/media/dvb-frontends/dib3000.h
 +++ b/drivers/media/dvb-frontends/dib3000.h
 @@ -39,7 +39,7 @@ struct dib_fe_xfer_ops
@@ -38600,7 +38031,7 @@ index 404f63a..4796533 100644
 -};
 +} __no_const;
  
- #if defined(CONFIG_DVB_DIB3000MB) || (defined(CONFIG_DVB_DIB3000MB_MODULE) && defined(MODULE))
+ #if IS_ENABLED(CONFIG_DVB_DIB3000MB)
  extern struct dvb_frontend* dib3000mb_attach(const struct dib3000_config* config,
 diff --git a/drivers/media/pci/cx88/cx88-video.c b/drivers/media/pci/cx88/cx88-video.c
 index bc78354..42c9459 100644
@@ -38620,7 +38051,7 @@ index bc78354..42c9459 100644
  module_param_array(video_nr, int, NULL, 0444);
  module_param_array(vbi_nr,   int, NULL, 0444);
 diff --git a/drivers/media/platform/omap/omap_vout.c b/drivers/media/platform/omap/omap_vout.c
-index 8e9a668..78d6310 100644
+index 96c4a17..1305a79 100644
 --- a/drivers/media/platform/omap/omap_vout.c
 +++ b/drivers/media/platform/omap/omap_vout.c
 @@ -63,7 +63,6 @@ enum omap_vout_channels {
@@ -38656,10 +38087,10 @@ index 8e9a668..78d6310 100644
  
  	videobuf_queue_dma_contig_init(q, &video_vbq_ops, q->dev,
 diff --git a/drivers/media/platform/s5p-tv/mixer.h b/drivers/media/platform/s5p-tv/mixer.h
-index b671e20..34088b7 100644
+index 04e6490..2df65bf 100644
 --- a/drivers/media/platform/s5p-tv/mixer.h
 +++ b/drivers/media/platform/s5p-tv/mixer.h
-@@ -155,7 +155,7 @@ struct mxr_layer {
+@@ -156,7 +156,7 @@ struct mxr_layer {
  	/** layer index (unique identifier) */
  	int idx;
  	/** callbacks for layer methods */
@@ -38682,7 +38113,7 @@ index b93a21f..2535195 100644
  		.buffer_set = mxr_graph_buffer_set,
  		.stream_set = mxr_graph_stream_set,
 diff --git a/drivers/media/platform/s5p-tv/mixer_reg.c b/drivers/media/platform/s5p-tv/mixer_reg.c
-index 3b1670a..595c939 100644
+index b713403..53cb5ad 100644
 --- a/drivers/media/platform/s5p-tv/mixer_reg.c
 +++ b/drivers/media/platform/s5p-tv/mixer_reg.c
 @@ -276,7 +276,7 @@ static void mxr_irq_layer_handle(struct mxr_layer *layer)
@@ -38695,10 +38126,10 @@ index 3b1670a..595c939 100644
  	if (done && done != layer->shadow_buf)
  		vb2_buffer_done(&done->vb, VB2_BUF_STATE_DONE);
 diff --git a/drivers/media/platform/s5p-tv/mixer_video.c b/drivers/media/platform/s5p-tv/mixer_video.c
-index 1f3b743..e839271 100644
+index 82142a2..6de47e8 100644
 --- a/drivers/media/platform/s5p-tv/mixer_video.c
 +++ b/drivers/media/platform/s5p-tv/mixer_video.c
-@@ -208,7 +208,7 @@ static void mxr_layer_default_geo(struct mxr_layer *layer)
+@@ -209,7 +209,7 @@ static void mxr_layer_default_geo(struct mxr_layer *layer)
  	layer->geo.src.height = layer->geo.src.full_height;
  
  	mxr_geometry_dump(mdev, &layer->geo);
@@ -38707,7 +38138,7 @@ index 1f3b743..e839271 100644
  	mxr_geometry_dump(mdev, &layer->geo);
  }
  
-@@ -226,7 +226,7 @@ static void mxr_layer_update_output(struct mxr_layer *layer)
+@@ -227,7 +227,7 @@ static void mxr_layer_update_output(struct mxr_layer *layer)
  	layer->geo.dst.full_width = mbus_fmt.width;
  	layer->geo.dst.full_height = mbus_fmt.height;
  	layer->geo.dst.field = mbus_fmt.field;
@@ -38716,7 +38147,7 @@ index 1f3b743..e839271 100644
  
  	mxr_geometry_dump(mdev, &layer->geo);
  }
-@@ -332,7 +332,7 @@ static int mxr_s_fmt(struct file *file, void *priv,
+@@ -333,7 +333,7 @@ static int mxr_s_fmt(struct file *file, void *priv,
  	/* set source size to highest accepted value */
  	geo->src.full_width = max(geo->dst.full_width, pix->width);
  	geo->src.full_height = max(geo->dst.full_height, pix->height);
@@ -38725,7 +38156,7 @@ index 1f3b743..e839271 100644
  	mxr_geometry_dump(mdev, &layer->geo);
  	/* set cropping to total visible screen */
  	geo->src.width = pix->width;
-@@ -340,12 +340,12 @@ static int mxr_s_fmt(struct file *file, void *priv,
+@@ -341,12 +341,12 @@ static int mxr_s_fmt(struct file *file, void *priv,
  	geo->src.x_offset = 0;
  	geo->src.y_offset = 0;
  	/* assure consistency of geometry */
@@ -38740,7 +38171,7 @@ index 1f3b743..e839271 100644
  	mxr_geometry_dump(mdev, &layer->geo);
  
  	/* returning results */
-@@ -472,7 +472,7 @@ static int mxr_s_selection(struct file *file, void *fh,
+@@ -473,7 +473,7 @@ static int mxr_s_selection(struct file *file, void *fh,
  		target->width = s->r.width;
  		target->height = s->r.height;
  
@@ -38749,7 +38180,7 @@ index 1f3b743..e839271 100644
  
  		/* retrieve update selection rectangle */
  		res.left = target->x_offset;
-@@ -937,13 +937,13 @@ static int start_streaming(struct vb2_queue *vq, unsigned int count)
+@@ -938,13 +938,13 @@ static int start_streaming(struct vb2_queue *vq, unsigned int count)
  	mxr_output_get(mdev);
  
  	mxr_layer_update_output(layer);
@@ -38765,7 +38196,7 @@ index 1f3b743..e839271 100644
  	mxr_streamer_get(mdev);
  
  	return 0;
-@@ -1013,7 +1013,7 @@ static int stop_streaming(struct vb2_queue *vq)
+@@ -1014,7 +1014,7 @@ static int stop_streaming(struct vb2_queue *vq)
  	spin_unlock_irqrestore(&layer->enq_slock, flags);
  
  	/* disabling layer in hardware */
@@ -38774,7 +38205,7 @@ index 1f3b743..e839271 100644
  	/* remove one streamer */
  	mxr_streamer_put(mdev);
  	/* allow changes in output configuration */
-@@ -1052,8 +1052,8 @@ void mxr_base_layer_unregister(struct mxr_layer *layer)
+@@ -1053,8 +1053,8 @@ void mxr_base_layer_unregister(struct mxr_layer *layer)
  
  void mxr_layer_release(struct mxr_layer *layer)
  {
@@ -38785,7 +38216,7 @@ index 1f3b743..e839271 100644
  }
  
  void mxr_base_layer_release(struct mxr_layer *layer)
-@@ -1079,7 +1079,7 @@ struct mxr_layer *mxr_base_layer_create(struct mxr_device *mdev,
+@@ -1080,7 +1080,7 @@ struct mxr_layer *mxr_base_layer_create(struct mxr_device *mdev,
  
  	layer->mdev = mdev;
  	layer->idx = idx;
@@ -38843,10 +38274,10 @@ index 3940bb0..fb3952a 100644
  static int dib7070_set_param_override(struct dvb_frontend *fe)
  {
 diff --git a/drivers/media/usb/dvb-usb/dw2102.c b/drivers/media/usb/dvb-usb/dw2102.c
-index 9382895..ac8093c 100644
+index 9578a67..31aa652 100644
 --- a/drivers/media/usb/dvb-usb/dw2102.c
 +++ b/drivers/media/usb/dvb-usb/dw2102.c
-@@ -95,7 +95,7 @@ struct su3000_state {
+@@ -115,7 +115,7 @@ struct su3000_state {
  
  struct s6x0_state {
  	int (*old_set_voltage)(struct dvb_frontend *f, fe_sec_voltage_t v);
@@ -38878,27 +38309,6 @@ index aa6e7c7..4cd8061 100644
  	const struct v4l2_ioctl_info *info;
  	void *fh = file->private_data;
  	struct v4l2_fh *vfh = NULL;
-diff --git a/drivers/memstick/host/r592.c b/drivers/memstick/host/r592.c
-index 29b2172..a7c5b31 100644
---- a/drivers/memstick/host/r592.c
-+++ b/drivers/memstick/host/r592.c
-@@ -454,7 +454,7 @@ static int r592_transfer_fifo_pio(struct r592_device *dev)
- /* Executes one TPC (data is read/written from small or large fifo) */
- static void r592_execute_tpc(struct r592_device *dev)
- {
--	bool is_write = dev->req->tpc >= MS_TPC_SET_RW_REG_ADRS;
-+	bool is_write;
- 	int len, error;
- 	u32 status, reg;
- 
-@@ -463,6 +463,7 @@ static void r592_execute_tpc(struct r592_device *dev)
- 		return;
- 	}
- 
-+	is_write = dev->req->tpc >= MS_TPC_SET_RW_REG_ADRS;
- 	len = dev->req->long_data ?
- 		dev->req->sg.length : dev->req->data_len;
- 
 diff --git a/drivers/message/fusion/mptbase.c b/drivers/message/fusion/mptbase.c
 index fb69baa..3aeea2e 100644
 --- a/drivers/message/fusion/mptbase.c
@@ -39231,10 +38641,10 @@ index 277a8db..0e0b754 100644
  	for (i = irq_base; i < irq_end; i++) {
  		irq_set_chip_and_handler(i, &twl6030_irq_chip,
 diff --git a/drivers/misc/c2port/core.c b/drivers/misc/c2port/core.c
-index f428d86..274c368 100644
+index f32550a..e3e52a2 100644
 --- a/drivers/misc/c2port/core.c
 +++ b/drivers/misc/c2port/core.c
-@@ -924,7 +924,9 @@ struct c2port_device *c2port_device_register(char *name,
+@@ -920,7 +920,9 @@ struct c2port_device *c2port_device_register(char *name,
  	mutex_init(&c2dev->mutex);
  
  	/* Create binary file */
@@ -39246,10 +38656,10 @@ index f428d86..274c368 100644
  	if (unlikely(ret))
  		goto error_device_create_bin_file;
 diff --git a/drivers/misc/kgdbts.c b/drivers/misc/kgdbts.c
-index 3aa9a96..59cf685 100644
+index 36f5d52..32311c3 100644
 --- a/drivers/misc/kgdbts.c
 +++ b/drivers/misc/kgdbts.c
-@@ -832,7 +832,7 @@ static void run_plant_and_detach_test(int is_early)
+@@ -834,7 +834,7 @@ static void run_plant_and_detach_test(int is_early)
  	char before[BREAK_INSTR_SIZE];
  	char after[BREAK_INSTR_SIZE];
  
@@ -39258,7 +38668,7 @@ index 3aa9a96..59cf685 100644
  	  BREAK_INSTR_SIZE);
  	init_simple_test();
  	ts.tst = plant_and_detach_test;
-@@ -840,7 +840,7 @@ static void run_plant_and_detach_test(int is_early)
+@@ -842,7 +842,7 @@ static void run_plant_and_detach_test(int is_early)
  	/* Activate test with initial breakpoint */
  	if (!is_early)
  		kgdb_breakpoint();
@@ -39600,7 +39010,7 @@ index d971817..33bdca5 100644
  
  		break;
 diff --git a/drivers/mmc/core/mmc_ops.c b/drivers/mmc/core/mmc_ops.c
-index 6d8f701..35b6369 100644
+index 49f04bc..65660c2 100644
 --- a/drivers/mmc/core/mmc_ops.c
 +++ b/drivers/mmc/core/mmc_ops.c
 @@ -247,7 +247,7 @@ mmc_send_cxd_data(struct mmc_card *card, struct mmc_host *host,
@@ -39624,10 +39034,10 @@ index 53b8fd9..615b462 100644
 +} __do_const;
  #endif /* _DW_MMC_H_ */
 diff --git a/drivers/mmc/host/sdhci-s3c.c b/drivers/mmc/host/sdhci-s3c.c
-index 82a8de1..3c56ccb 100644
+index 7363efe..681558e 100644
 --- a/drivers/mmc/host/sdhci-s3c.c
 +++ b/drivers/mmc/host/sdhci-s3c.c
-@@ -721,9 +721,11 @@ static int sdhci_s3c_probe(struct platform_device *pdev)
+@@ -720,9 +720,11 @@ static int sdhci_s3c_probe(struct platform_device *pdev)
  	 * we can use overriding functions instead of default.
  	 */
  	if (host->quirks & SDHCI_QUIRK_NONSTANDARD_CLOCK) {
@@ -39693,10 +39103,10 @@ index 8dd6ba5..419cc1d 100644
  	struct sm_sysfs_attribute *vendor_attribute;
  
 diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
-index 045dc53..b1e5473 100644
+index dbbea0e..3f4a0b1 100644
 --- a/drivers/net/bonding/bond_main.c
 +++ b/drivers/net/bonding/bond_main.c
-@@ -4865,7 +4865,7 @@ static unsigned int bond_get_num_tx_queues(void)
+@@ -4822,7 +4822,7 @@ static unsigned int bond_get_num_tx_queues(void)
  	return tx_queues;
  }
  
@@ -39705,7 +39115,7 @@ index 045dc53..b1e5473 100644
  	.kind			= "bond",
  	.priv_size		= sizeof(struct bonding),
  	.setup			= bond_setup,
-@@ -4990,8 +4990,8 @@ static void __exit bonding_exit(void)
+@@ -4947,8 +4947,8 @@ static void __exit bonding_exit(void)
  
  	bond_destroy_debugfs();
  
@@ -39716,7 +39126,7 @@ index 045dc53..b1e5473 100644
  #ifdef CONFIG_NET_POLL_CONTROLLER
  	/*
 diff --git a/drivers/net/ethernet/8390/ax88796.c b/drivers/net/ethernet/8390/ax88796.c
-index 70dba5d..11a0919 100644
+index e1d2643..7f4133b 100644
 --- a/drivers/net/ethernet/8390/ax88796.c
 +++ b/drivers/net/ethernet/8390/ax88796.c
 @@ -872,9 +872,11 @@ static int ax_probe(struct platform_device *pdev)
@@ -39733,10 +39143,10 @@ index 70dba5d..11a0919 100644
  
  	if (!request_mem_region(mem->start, mem_size, pdev->name)) {
 diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h
-index 0991534..8098e92 100644
+index aee7671..3ca2651 100644
 --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h
 +++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h
-@@ -1094,7 +1094,7 @@ static inline u8 bnx2x_get_path_func_num(struct bnx2x *bp)
+@@ -1093,7 +1093,7 @@ static inline u8 bnx2x_get_path_func_num(struct bnx2x *bp)
  static inline void bnx2x_init_bp_objs(struct bnx2x *bp)
  {
  	/* RX_MODE controlling object */
@@ -39745,105 +39155,11 @@ index 0991534..8098e92 100644
  
  	/* multicast configuration controlling object */
  	bnx2x_init_mcast_obj(bp, &bp->mcast_obj, bp->fp->cl_id, bp->fp->cid,
-diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_dcb.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_dcb.c
-index 10bc093..a2fb42a 100644
---- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_dcb.c
-+++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_dcb.c
-@@ -2136,12 +2136,12 @@ static u8 bnx2x_dcbnl_get_cap(struct net_device *netdev, int capid, u8 *cap)
- 			break;
- 		default:
- 			BNX2X_ERR("Non valid capability ID\n");
--			rval = -EINVAL;
-+			rval = 1;
- 			break;
- 		}
- 	} else {
- 		DP(BNX2X_MSG_DCB, "DCB disabled\n");
--		rval = -EINVAL;
-+		rval = 1;
- 	}
- 
- 	DP(BNX2X_MSG_DCB, "capid %d:%x\n", capid, *cap);
-@@ -2167,12 +2167,12 @@ static int bnx2x_dcbnl_get_numtcs(struct net_device *netdev, int tcid, u8 *num)
- 			break;
- 		default:
- 			BNX2X_ERR("Non valid TC-ID\n");
--			rval = -EINVAL;
-+			rval = 1;
- 			break;
- 		}
- 	} else {
- 		DP(BNX2X_MSG_DCB, "DCB disabled\n");
--		rval = -EINVAL;
-+		rval = 1;
- 	}
- 
- 	return rval;
-@@ -2185,7 +2185,7 @@ static int bnx2x_dcbnl_set_numtcs(struct net_device *netdev, int tcid, u8 num)
- 	return -EINVAL;
- }
- 
--static u8  bnx2x_dcbnl_get_pfc_state(struct net_device *netdev)
-+static u8 bnx2x_dcbnl_get_pfc_state(struct net_device *netdev)
- {
- 	struct bnx2x *bp = netdev_priv(netdev);
- 	DP(BNX2X_MSG_DCB, "state = %d\n", bp->dcbx_local_feat.pfc.enabled);
-@@ -2387,12 +2387,12 @@ static u8 bnx2x_dcbnl_get_featcfg(struct net_device *netdev, int featid,
- 			break;
- 		default:
- 			BNX2X_ERR("Non valid featrue-ID\n");
--			rval = -EINVAL;
-+			rval = 1;
- 			break;
- 		}
- 	} else {
- 		DP(BNX2X_MSG_DCB, "DCB disabled\n");
--		rval = -EINVAL;
-+		rval = 1;
- 	}
- 
- 	return rval;
-@@ -2428,12 +2428,12 @@ static u8 bnx2x_dcbnl_set_featcfg(struct net_device *netdev, int featid,
- 			break;
- 		default:
- 			BNX2X_ERR("Non valid featrue-ID\n");
--			rval = -EINVAL;
-+			rval = 1;
- 			break;
- 		}
- 	} else {
- 		DP(BNX2X_MSG_DCB, "dcbnl call not valid\n");
--		rval = -EINVAL;
-+		rval = 1;
- 	}
- 
- 	return rval;
-diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
-index 5523da3..4fcf274 100644
---- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
-+++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
-@@ -4767,7 +4767,7 @@ static void bnx2x_after_function_update(struct bnx2x *bp)
- 				  q);
- 	}
- 
--	if (!NO_FCOE(bp)) {
-+	if (!NO_FCOE(bp) && CNIC_ENABLED(bp)) {
- 		fp = &bp->fp[FCOE_IDX(bp)];
- 		queue_params.q_obj = &bnx2x_sp_obj(bp, fp).q_obj;
- 
-@@ -13047,6 +13047,7 @@ static int bnx2x_unregister_cnic(struct net_device *dev)
- 	RCU_INIT_POINTER(bp->cnic_ops, NULL);
- 	mutex_unlock(&bp->cnic_mutex);
- 	synchronize_rcu();
-+	bp->cnic_enabled = false;
- 	kfree(bp->cnic_kwq);
- 	bp->cnic_kwq = NULL;
- 
 diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c
-index 09b625e..15b16fe 100644
+index 7306416..5fb7fb5 100644
 --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c
 +++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c
-@@ -2375,15 +2375,14 @@ int bnx2x_config_rx_mode(struct bnx2x *bp,
+@@ -2381,15 +2381,14 @@ int bnx2x_config_rx_mode(struct bnx2x *bp,
  	return rc;
  }
  
@@ -39865,10 +39181,10 @@ index 09b625e..15b16fe 100644
  }
  
 diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h
-index adbd91b..58ec94a 100644
+index ff90760..08d8aed 100644
 --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h
 +++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h
-@@ -1293,8 +1293,7 @@ int bnx2x_vlan_mac_move(struct bnx2x *bp,
+@@ -1306,8 +1306,7 @@ int bnx2x_vlan_mac_move(struct bnx2x *bp,
  
  /********************* RX MODE ****************/
  
@@ -39879,10 +39195,10 @@ index adbd91b..58ec94a 100644
  /**
   * bnx2x_config_rx_mode - Send and RX_MODE ramrod according to the provided parameters.
 diff --git a/drivers/net/ethernet/broadcom/tg3.h b/drivers/net/ethernet/broadcom/tg3.h
-index 6f9b74c..7f219b8 100644
+index 8d7d4c2..95f7681 100644
 --- a/drivers/net/ethernet/broadcom/tg3.h
 +++ b/drivers/net/ethernet/broadcom/tg3.h
-@@ -146,6 +146,7 @@
+@@ -147,6 +147,7 @@
  #define  CHIPREV_ID_5750_A0		 0x4000
  #define  CHIPREV_ID_5750_A1		 0x4001
  #define  CHIPREV_ID_5750_A3		 0x4003
@@ -39926,7 +39242,7 @@ index 4c83003..2a2a5b9 100644
  	break;
      }
 diff --git a/drivers/net/ethernet/emulex/benet/be_main.c b/drivers/net/ethernet/emulex/benet/be_main.c
-index 4d6f3c5..449bc5c 100644
+index 2886c9b..db71673 100644
 --- a/drivers/net/ethernet/emulex/benet/be_main.c
 +++ b/drivers/net/ethernet/emulex/benet/be_main.c
 @@ -455,7 +455,7 @@ static void accumulate_16bit_val(u32 *acc, u16 val)
@@ -39938,20 +39254,8 @@ index 4d6f3c5..449bc5c 100644
  }
  
  void be_parse_stats(struct be_adapter *adapter)
-@@ -759,8 +759,9 @@ static struct sk_buff *be_insert_vlan_in_pkt(struct be_adapter *adapter,
- 
- 	if (vlan_tx_tag_present(skb)) {
- 		vlan_tag = be_get_tx_vlan_tag(adapter, skb);
--		__vlan_put_tag(skb, vlan_tag);
--		skb->vlan_tci = 0;
-+		skb = __vlan_put_tag(skb, vlan_tag);
-+		if (skb)
-+			skb->vlan_tci = 0;
- 	}
- 
- 	return skb;
 diff --git a/drivers/net/ethernet/faraday/ftgmac100.c b/drivers/net/ethernet/faraday/ftgmac100.c
-index 74d749e..eefb1bd 100644
+index 7c361d1..57e3ff1 100644
 --- a/drivers/net/ethernet/faraday/ftgmac100.c
 +++ b/drivers/net/ethernet/faraday/ftgmac100.c
 @@ -31,6 +31,8 @@
@@ -39964,7 +39268,7 @@ index 74d749e..eefb1bd 100644
  
  #include "ftgmac100.h"
 diff --git a/drivers/net/ethernet/faraday/ftmac100.c b/drivers/net/ethernet/faraday/ftmac100.c
-index b901a01..1ff32ee 100644
+index b5ea8fb..bd25e9a 100644
 --- a/drivers/net/ethernet/faraday/ftmac100.c
 +++ b/drivers/net/ethernet/faraday/ftmac100.c
 @@ -31,6 +31,8 @@
@@ -39976,147 +39280,11 @@ index b901a01..1ff32ee 100644
  
  #include "ftmac100.h"
  
-diff --git a/drivers/net/ethernet/intel/e100.c b/drivers/net/ethernet/intel/e100.c
-index a59f077..7925d77 100644
---- a/drivers/net/ethernet/intel/e100.c
-+++ b/drivers/net/ethernet/intel/e100.c
-@@ -870,7 +870,7 @@ err_unlock:
- }
- 
- static int e100_exec_cb(struct nic *nic, struct sk_buff *skb,
--	void (*cb_prepare)(struct nic *, struct cb *, struct sk_buff *))
-+	int (*cb_prepare)(struct nic *, struct cb *, struct sk_buff *))
- {
- 	struct cb *cb;
- 	unsigned long flags;
-@@ -888,10 +888,13 @@ static int e100_exec_cb(struct nic *nic, struct sk_buff *skb,
- 	nic->cbs_avail--;
- 	cb->skb = skb;
- 
-+	err = cb_prepare(nic, cb, skb);
-+	if (err)
-+		goto err_unlock;
-+
- 	if (unlikely(!nic->cbs_avail))
- 		err = -ENOSPC;
- 
--	cb_prepare(nic, cb, skb);
- 
- 	/* Order is important otherwise we'll be in a race with h/w:
- 	 * set S-bit in current first, then clear S-bit in previous. */
-@@ -1091,7 +1094,7 @@ static void e100_get_defaults(struct nic *nic)
- 	nic->mii.mdio_write = mdio_write;
- }
- 
--static void e100_configure(struct nic *nic, struct cb *cb, struct sk_buff *skb)
-+static int e100_configure(struct nic *nic, struct cb *cb, struct sk_buff *skb)
- {
- 	struct config *config = &cb->u.config;
- 	u8 *c = (u8 *)config;
-@@ -1181,6 +1184,7 @@ static void e100_configure(struct nic *nic, struct cb *cb, struct sk_buff *skb)
- 	netif_printk(nic, hw, KERN_DEBUG, nic->netdev,
- 		     "[16-23]=%02X:%02X:%02X:%02X:%02X:%02X:%02X:%02X\n",
- 		     c[16], c[17], c[18], c[19], c[20], c[21], c[22], c[23]);
-+	return 0;
- }
- 
- /*************************************************************************
-@@ -1331,7 +1335,7 @@ static const struct firmware *e100_request_firmware(struct nic *nic)
- 	return fw;
- }
- 
--static void e100_setup_ucode(struct nic *nic, struct cb *cb,
-+static int e100_setup_ucode(struct nic *nic, struct cb *cb,
- 			     struct sk_buff *skb)
- {
- 	const struct firmware *fw = (void *)skb;
-@@ -1358,6 +1362,7 @@ static void e100_setup_ucode(struct nic *nic, struct cb *cb,
- 	cb->u.ucode[min_size] |= cpu_to_le32((BUNDLESMALL) ? 0xFFFF : 0xFF80);
- 
- 	cb->command = cpu_to_le16(cb_ucode | cb_el);
-+	return 0;
- }
- 
- static inline int e100_load_ucode_wait(struct nic *nic)
-@@ -1400,18 +1405,20 @@ static inline int e100_load_ucode_wait(struct nic *nic)
- 	return err;
- }
- 
--static void e100_setup_iaaddr(struct nic *nic, struct cb *cb,
-+static int e100_setup_iaaddr(struct nic *nic, struct cb *cb,
- 	struct sk_buff *skb)
- {
- 	cb->command = cpu_to_le16(cb_iaaddr);
- 	memcpy(cb->u.iaaddr, nic->netdev->dev_addr, ETH_ALEN);
-+	return 0;
- }
- 
--static void e100_dump(struct nic *nic, struct cb *cb, struct sk_buff *skb)
-+static int e100_dump(struct nic *nic, struct cb *cb, struct sk_buff *skb)
- {
- 	cb->command = cpu_to_le16(cb_dump);
- 	cb->u.dump_buffer_addr = cpu_to_le32(nic->dma_addr +
- 		offsetof(struct mem, dump_buf));
-+	return 0;
- }
- 
- static int e100_phy_check_without_mii(struct nic *nic)
-@@ -1581,7 +1588,7 @@ static int e100_hw_init(struct nic *nic)
- 	return 0;
- }
- 
--static void e100_multi(struct nic *nic, struct cb *cb, struct sk_buff *skb)
-+static int e100_multi(struct nic *nic, struct cb *cb, struct sk_buff *skb)
- {
- 	struct net_device *netdev = nic->netdev;
- 	struct netdev_hw_addr *ha;
-@@ -1596,6 +1603,7 @@ static void e100_multi(struct nic *nic, struct cb *cb, struct sk_buff *skb)
- 		memcpy(&cb->u.multi.addr[i++ * ETH_ALEN], &ha->addr,
- 			ETH_ALEN);
- 	}
-+	return 0;
- }
- 
- static void e100_set_multicast_list(struct net_device *netdev)
-@@ -1756,11 +1764,18 @@ static void e100_watchdog(unsigned long data)
- 		  round_jiffies(jiffies + E100_WATCHDOG_PERIOD));
- }
- 
--static void e100_xmit_prepare(struct nic *nic, struct cb *cb,
-+static int e100_xmit_prepare(struct nic *nic, struct cb *cb,
- 	struct sk_buff *skb)
- {
-+	dma_addr_t dma_addr;
- 	cb->command = nic->tx_command;
- 
-+	dma_addr = pci_map_single(nic->pdev,
-+				  skb->data, skb->len, PCI_DMA_TODEVICE);
-+	/* If we can't map the skb, have the upper layer try later */
-+	if (pci_dma_mapping_error(nic->pdev, dma_addr))
-+		return -ENOMEM;
-+
- 	/*
- 	 * Use the last 4 bytes of the SKB payload packet as the CRC, used for
- 	 * testing, ie sending frames with bad CRC.
-@@ -1777,11 +1792,10 @@ static void e100_xmit_prepare(struct nic *nic, struct cb *cb,
- 	cb->u.tcb.tcb_byte_count = 0;
- 	cb->u.tcb.threshold = nic->tx_threshold;
- 	cb->u.tcb.tbd_count = 1;
--	cb->u.tcb.tbd.buf_addr = cpu_to_le32(pci_map_single(nic->pdev,
--		skb->data, skb->len, PCI_DMA_TODEVICE));
--	/* check for mapping failure? */
-+	cb->u.tcb.tbd.buf_addr = cpu_to_le32(dma_addr);
- 	cb->u.tcb.tbd.size = cpu_to_le16(skb->len);
- 	skb_tx_timestamp(skb);
-+	return 0;
- }
- 
- static netdev_tx_t e100_xmit_frame(struct sk_buff *skb,
 diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c
-index bb9256a..56d8752 100644
+index 331987d..3be1135 100644
 --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c
 +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c
-@@ -806,7 +806,7 @@ void ixgbe_ptp_start_cyclecounter(struct ixgbe_adapter *adapter)
+@@ -776,7 +776,7 @@ void ixgbe_ptp_start_cyclecounter(struct ixgbe_adapter *adapter)
  	}
  
  	/* update the base incval used to calculate frequency adjustment */
@@ -40125,19 +39293,6 @@ index bb9256a..56d8752 100644
  	smp_mb();
  
  	/* need lock to prevent incorrect read while modifying cyclecounter */
-diff --git a/drivers/net/ethernet/lantiq_etop.c b/drivers/net/ethernet/lantiq_etop.c
-index c124e67..db9b897 100644
---- a/drivers/net/ethernet/lantiq_etop.c
-+++ b/drivers/net/ethernet/lantiq_etop.c
-@@ -769,7 +769,7 @@ ltq_etop_probe(struct platform_device *pdev)
- 	return 0;
- 
- err_free:
--	kfree(dev);
-+	free_netdev(dev);
- err_out:
- 	return err;
- }
 diff --git a/drivers/net/ethernet/neterion/vxge/vxge-config.c b/drivers/net/ethernet/neterion/vxge/vxge-config.c
 index fbe5363..266b4e3 100644
 --- a/drivers/net/ethernet/neterion/vxge/vxge-config.c
@@ -40164,10 +39319,10 @@ index fbe5363..266b4e3 100644
  		__vxge_hw_mempool_create(vpath->hldev,
  			fifo->config->memblock_size,
 diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c
-index 2d849da..23bba3b 100644
+index 15ba8c4..3f56838 100644
 --- a/drivers/net/ethernet/realtek/r8169.c
 +++ b/drivers/net/ethernet/realtek/r8169.c
-@@ -741,22 +741,22 @@ struct rtl8169_private {
+@@ -740,22 +740,22 @@ struct rtl8169_private {
  	struct mdio_ops {
  		void (*write)(struct rtl8169_private *, int, int);
  		int (*read)(struct rtl8169_private *, int);
@@ -40208,7 +39363,7 @@ index 3f93624..cf01144 100644
  			   MC_CMD_PTP_IN_SYNCHRONIZE_LEN);
  
 diff --git a/drivers/net/ethernet/stmicro/stmmac/mmc_core.c b/drivers/net/ethernet/stmicro/stmmac/mmc_core.c
-index 0c74a70..3bc6f68 100644
+index 50617c5..b13724c 100644
 --- a/drivers/net/ethernet/stmicro/stmmac/mmc_core.c
 +++ b/drivers/net/ethernet/stmicro/stmmac/mmc_core.c
 @@ -140,8 +140,8 @@ void dwmac_mmc_ctrl(void __iomem *ioaddr, unsigned int mode)
@@ -40236,10 +39391,10 @@ index e6fe0d8..2b7d752 100644
  	spinlock_t request_lock;
  	struct list_head req_list;
 diff --git a/drivers/net/hyperv/rndis_filter.c b/drivers/net/hyperv/rndis_filter.c
-index 2b657d4..9903bc0 100644
+index 0775f0a..d4fb316 100644
 --- a/drivers/net/hyperv/rndis_filter.c
 +++ b/drivers/net/hyperv/rndis_filter.c
-@@ -107,7 +107,7 @@ static struct rndis_request *get_rndis_request(struct rndis_device *dev,
+@@ -104,7 +104,7 @@ static struct rndis_request *get_rndis_request(struct rndis_device *dev,
  	 * template
  	 */
  	set = &rndis_msg->msg.set_req;
@@ -40248,7 +39403,7 @@ index 2b657d4..9903bc0 100644
  
  	/* Add to the request list */
  	spin_lock_irqsave(&dev->request_lock, flags);
-@@ -758,7 +758,7 @@ static void rndis_filter_halt_device(struct rndis_device *dev)
+@@ -752,7 +752,7 @@ static void rndis_filter_halt_device(struct rndis_device *dev)
  
  	/* Setup the rndis set */
  	halt = &request->request_msg.msg.halt_req;
@@ -40258,10 +39413,10 @@ index 2b657d4..9903bc0 100644
  	/* Ignore return since this msg is optional. */
  	rndis_filter_send_request(dev, request);
 diff --git a/drivers/net/ieee802154/fakehard.c b/drivers/net/ieee802154/fakehard.c
-index 1e9cb0b..7839125 100644
+index 8f1c256..a2991d1 100644
 --- a/drivers/net/ieee802154/fakehard.c
 +++ b/drivers/net/ieee802154/fakehard.c
-@@ -386,7 +386,7 @@ static int ieee802154fake_probe(struct platform_device *pdev)
+@@ -385,7 +385,7 @@ static int ieee802154fake_probe(struct platform_device *pdev)
  	phy->transmit_power = 0xbf;
  
  	dev->netdev_ops = &fake_ops;
@@ -40271,10 +39426,10 @@ index 1e9cb0b..7839125 100644
  	priv = netdev_priv(dev);
  	priv->phy = phy;
 diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c
-index e5cb723..1fc0461 100644
+index 73abbc1..f25db7c 100644
 --- a/drivers/net/macvlan.c
 +++ b/drivers/net/macvlan.c
-@@ -852,13 +852,15 @@ static const struct nla_policy macvlan_policy[IFLA_MACVLAN_MAX + 1] = {
+@@ -891,13 +891,15 @@ static const struct nla_policy macvlan_policy[IFLA_MACVLAN_MAX + 1] = {
  int macvlan_link_register(struct rtnl_link_ops *ops)
  {
  	/* common fields */
@@ -40297,7 +39452,7 @@ index e5cb723..1fc0461 100644
  
  	return rtnl_link_register(ops);
  };
-@@ -914,7 +916,7 @@ static int macvlan_device_event(struct notifier_block *unused,
+@@ -953,7 +955,7 @@ static int macvlan_device_event(struct notifier_block *unused,
  	return NOTIFY_DONE;
  }
  
@@ -40307,10 +39462,10 @@ index e5cb723..1fc0461 100644
  };
  
 diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c
-index 0f0f9ce..0ca5819 100644
+index a449439..1e468fe 100644
 --- a/drivers/net/macvtap.c
 +++ b/drivers/net/macvtap.c
-@@ -1100,7 +1100,7 @@ static int macvtap_device_event(struct notifier_block *unused,
+@@ -1090,7 +1090,7 @@ static int macvtap_device_event(struct notifier_block *unused,
  	return NOTIFY_DONE;
  }
  
@@ -40332,7 +39487,7 @@ index daec9b0..6428fcb 100644
  }
  EXPORT_SYMBOL(free_mdio_bitbang);
 diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c
-index 508570e..f706dc7 100644
+index 72ff14b..11d442d 100644
 --- a/drivers/net/ppp/ppp_generic.c
 +++ b/drivers/net/ppp/ppp_generic.c
 @@ -999,7 +999,6 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
@@ -40353,11 +39508,24 @@ index 508570e..f706dc7 100644
  			break;
  		err = 0;
  		break;
+diff --git a/drivers/net/slip/slhc.c b/drivers/net/slip/slhc.c
+index 1252d9c..80e660b 100644
+--- a/drivers/net/slip/slhc.c
++++ b/drivers/net/slip/slhc.c
+@@ -488,7 +488,7 @@ slhc_uncompress(struct slcompress *comp, unsigned char *icp, int isize)
+ 	register struct tcphdr *thp;
+ 	register struct iphdr *ip;
+ 	register struct cstate *cs;
+-	int len, hdrlen;
++	long len, hdrlen;
+ 	unsigned char *cp = icp;
+ 
+ 	/* We've got a compressed packet; read the change byte */
 diff --git a/drivers/net/team/team.c b/drivers/net/team/team.c
-index 8efe47a..a8075c5 100644
+index bf34192..fba3500 100644
 --- a/drivers/net/team/team.c
 +++ b/drivers/net/team/team.c
-@@ -2603,7 +2603,7 @@ static int team_device_event(struct notifier_block *unused,
+@@ -2668,7 +2668,7 @@ static int team_device_event(struct notifier_block *unused,
  	return NOTIFY_DONE;
  }
  
@@ -40367,18 +39535,9 @@ index 8efe47a..a8075c5 100644
  };
  
 diff --git a/drivers/net/tun.c b/drivers/net/tun.c
-index cb95fe5..16909e2 100644
+index 729ed53..9453f99 100644
 --- a/drivers/net/tun.c
 +++ b/drivers/net/tun.c
-@@ -1594,7 +1594,7 @@ static int tun_set_iff(struct net *net, struct file *file, struct ifreq *ifr)
- 
- 		if (tun->flags & TUN_TAP_MQ &&
- 		    (tun->numqueues + tun->numdisabled > 1))
--			return err;
-+			return -EBUSY;
- 	}
- 	else {
- 		char *name;
 @@ -1838,7 +1838,7 @@ unlock:
  }
  
@@ -40399,7 +39558,7 @@ index cb95fe5..16909e2 100644
  		if (copy_from_user(&ifr, argp, ifreq_len))
  			return -EFAULT;
 diff --git a/drivers/net/usb/hso.c b/drivers/net/usb/hso.c
-index cd8ccb2..cff5144 100644
+index e2dd324..be92fcf 100644
 --- a/drivers/net/usb/hso.c
 +++ b/drivers/net/usb/hso.c
 @@ -71,7 +71,7 @@
@@ -40480,7 +39639,7 @@ index cd8ccb2..cff5144 100644
  					/* Setup and send a ctrl req read on
  					 * port i */
  					if (!serial->rx_urb_filled[0]) {
-@@ -3079,7 +3078,7 @@ static int hso_resume(struct usb_interface *iface)
+@@ -3066,7 +3065,7 @@ static int hso_resume(struct usb_interface *iface)
  	/* Start all serial ports */
  	for (i = 0; i < HSO_SERIAL_TTY_MINORS; i++) {
  		if (serial_table[i] && (serial_table[i]->interface == iface)) {
@@ -40490,10 +39649,10 @@ index cd8ccb2..cff5144 100644
  				    hso_start_serial_device(serial_table[i], GFP_NOIO);
  				hso_kick_transmit(dev2ser(serial_table[i]));
 diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
-index 6993bfa..9053a34 100644
+index 7cee7a3..1eb9f3b 100644
 --- a/drivers/net/vxlan.c
 +++ b/drivers/net/vxlan.c
-@@ -1428,7 +1428,7 @@ nla_put_failure:
+@@ -1443,7 +1443,7 @@ nla_put_failure:
  	return -EMSGSIZE;
  }
  
@@ -40503,7 +39662,7 @@ index 6993bfa..9053a34 100644
  	.maxtype	= IFLA_VXLAN_MAX,
  	.policy		= vxlan_policy,
 diff --git a/drivers/net/wireless/at76c50x-usb.c b/drivers/net/wireless/at76c50x-usb.c
-index 77fa428..996b355 100644
+index 5ac5f7a..5f82012 100644
 --- a/drivers/net/wireless/at76c50x-usb.c
 +++ b/drivers/net/wireless/at76c50x-usb.c
 @@ -353,7 +353,7 @@ static int at76_dfu_get_state(struct usb_device *udev, u8 *state)
@@ -40721,10 +39880,10 @@ index 301bf72..3f5654f 100644
  
  static u16 ar9003_calc_ptr_chksum(struct ar9003_txc *ads)
 diff --git a/drivers/net/wireless/ath/ath9k/hw.h b/drivers/net/wireless/ath/ath9k/hw.h
-index 9d26fc5..60d9f14 100644
+index 784e81c..349e01e 100644
 --- a/drivers/net/wireless/ath/ath9k/hw.h
 +++ b/drivers/net/wireless/ath/ath9k/hw.h
-@@ -658,7 +658,7 @@ struct ath_hw_private_ops {
+@@ -653,7 +653,7 @@ struct ath_hw_private_ops {
  
  	/* ANI */
  	void (*ani_cache_ini_regs)(struct ath_hw *ah);
@@ -40732,21 +39891,21 @@ index 9d26fc5..60d9f14 100644
 +} __no_const;
  
  /**
-  * struct ath_hw_ops - callbacks used by hardware code and driver code
-@@ -688,7 +688,7 @@ struct ath_hw_ops {
- 	void (*antdiv_comb_conf_set)(struct ath_hw *ah,
- 			struct ath_hw_antcomb_conf *antconf);
- 	void (*antctrl_shared_chain_lnadiv)(struct ath_hw *hw, bool enable);
+  * struct ath_spec_scan - parameters for Atheros spectral scan
+@@ -722,7 +722,7 @@ struct ath_hw_ops {
+ 				     struct ath_spec_scan *param);
+ 	void (*spectral_scan_trigger)(struct ath_hw *ah);
+ 	void (*spectral_scan_wait)(struct ath_hw *ah);
 -};
 +} __no_const;
  
  struct ath_nf_limits {
  	s16 max;
 diff --git a/drivers/net/wireless/iwlegacy/3945-mac.c b/drivers/net/wireless/iwlegacy/3945-mac.c
-index 3726cd6..b655808 100644
+index c353b5f..62aaca2 100644
 --- a/drivers/net/wireless/iwlegacy/3945-mac.c
 +++ b/drivers/net/wireless/iwlegacy/3945-mac.c
-@@ -3615,7 +3615,9 @@ il3945_pci_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
+@@ -3639,7 +3639,9 @@ il3945_pci_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
  	 */
  	if (il3945_mod_params.disable_hw_scan) {
  		D_INFO("Disabling hw_scan\n");
@@ -40758,7 +39917,7 @@ index 3726cd6..b655808 100644
  
  	D_INFO("*** LOAD DRIVER ***\n");
 diff --git a/drivers/net/wireless/iwlwifi/dvm/debugfs.c b/drivers/net/wireless/iwlwifi/dvm/debugfs.c
-index 2c056b1..698efa9 100644
+index 81d4071..f2071ea 100644
 --- a/drivers/net/wireless/iwlwifi/dvm/debugfs.c
 +++ b/drivers/net/wireless/iwlwifi/dvm/debugfs.c
 @@ -203,7 +203,7 @@ static ssize_t iwl_dbgfs_sram_write(struct file *file,
@@ -40879,10 +40038,10 @@ index 2c056b1..698efa9 100644
  	memset(buf, 0, sizeof(buf));
  	buf_size = min(count, sizeof(buf) - 1);
 diff --git a/drivers/net/wireless/iwlwifi/pcie/trans.c b/drivers/net/wireless/iwlwifi/pcie/trans.c
-index 35708b9..31f7754 100644
+index 12c4f31..484d948 100644
 --- a/drivers/net/wireless/iwlwifi/pcie/trans.c
 +++ b/drivers/net/wireless/iwlwifi/pcie/trans.c
-@@ -1100,7 +1100,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file,
+@@ -1328,7 +1328,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file,
  	struct isr_statistics *isr_stats = &trans_pcie->isr_stats;
  
  	char buf[8];
@@ -40891,7 +40050,7 @@ index 35708b9..31f7754 100644
  	u32 reset_flag;
  
  	memset(buf, 0, sizeof(buf));
-@@ -1121,7 +1121,7 @@ static ssize_t iwl_dbgfs_csr_write(struct file *file,
+@@ -1349,7 +1349,7 @@ static ssize_t iwl_dbgfs_csr_write(struct file *file,
  {
  	struct iwl_trans *trans = file->private_data;
  	char buf[8];
@@ -40901,10 +40060,10 @@ index 35708b9..31f7754 100644
  
  	memset(buf, 0, sizeof(buf));
 diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c
-index ff90855..e46d223 100644
+index cffdf4f..7cefb69 100644
 --- a/drivers/net/wireless/mac80211_hwsim.c
 +++ b/drivers/net/wireless/mac80211_hwsim.c
-@@ -2062,25 +2062,19 @@ static int __init init_mac80211_hwsim(void)
+@@ -2144,25 +2144,19 @@ static int __init init_mac80211_hwsim(void)
  
  	if (channels > 1) {
  		hwsim_if_comb.num_different_channels = channels;
@@ -40944,7 +40103,7 @@ index ff90855..e46d223 100644
  
  	spin_lock_init(&hwsim_radio_lock);
 diff --git a/drivers/net/wireless/rndis_wlan.c b/drivers/net/wireless/rndis_wlan.c
-index abe1d03..fb02c22 100644
+index 525fd75..6c9f791 100644
 --- a/drivers/net/wireless/rndis_wlan.c
 +++ b/drivers/net/wireless/rndis_wlan.c
 @@ -1238,7 +1238,7 @@ static int set_rts_threshold(struct usbnet *usbdev, u32 rts_threshold)
@@ -40957,10 +40116,10 @@ index abe1d03..fb02c22 100644
  
  	tmp = cpu_to_le32(rts_threshold);
 diff --git a/drivers/net/wireless/rt2x00/rt2x00.h b/drivers/net/wireless/rt2x00/rt2x00.h
-index 0751b35..246ba3e 100644
+index 086abb4..8279c30 100644
 --- a/drivers/net/wireless/rt2x00/rt2x00.h
 +++ b/drivers/net/wireless/rt2x00/rt2x00.h
-@@ -398,7 +398,7 @@ struct rt2x00_intf {
+@@ -396,7 +396,7 @@ struct rt2x00_intf {
  	 * for hardware which doesn't support hardware
  	 * sequence counting.
  	 */
@@ -40970,10 +40129,10 @@ index 0751b35..246ba3e 100644
  
  static inline struct rt2x00_intf* vif_to_intf(struct ieee80211_vif *vif)
 diff --git a/drivers/net/wireless/rt2x00/rt2x00queue.c b/drivers/net/wireless/rt2x00/rt2x00queue.c
-index e488b94..14b6a0c 100644
+index 4d91795..62fccff 100644
 --- a/drivers/net/wireless/rt2x00/rt2x00queue.c
 +++ b/drivers/net/wireless/rt2x00/rt2x00queue.c
-@@ -240,9 +240,9 @@ static void rt2x00queue_create_tx_descriptor_seq(struct rt2x00_dev *rt2x00dev,
+@@ -251,9 +251,9 @@ static void rt2x00queue_create_tx_descriptor_seq(struct rt2x00_dev *rt2x00dev,
  	 * sequence counter given by mac80211.
  	 */
  	if (test_bit(ENTRY_TXD_FIRST_FRAGMENT, &txdesc->flags))
@@ -41012,10 +40171,10 @@ index e57ee48..541cf6c 100644
  		wl1251_info("using SDIO interrupt");
  	}
 diff --git a/drivers/net/wireless/ti/wl12xx/main.c b/drivers/net/wireless/ti/wl12xx/main.c
-index e5f5f8f..fdf15b7 100644
+index 09694e3..24ccec7 100644
 --- a/drivers/net/wireless/ti/wl12xx/main.c
 +++ b/drivers/net/wireless/ti/wl12xx/main.c
-@@ -644,7 +644,9 @@ static int wl12xx_identify_chip(struct wl1271 *wl)
+@@ -656,7 +656,9 @@ static int wl12xx_identify_chip(struct wl1271 *wl)
  		       sizeof(wl->conf.mem));
  
  		/* read data preparation is only needed by wl127x */
@@ -41024,9 +40183,9 @@ index e5f5f8f..fdf15b7 100644
 +		*(void **)&wl->ops->prepare_read = wl127x_prepare_read;
 +		pax_close_kernel();
  
- 		wlcore_set_min_fw_ver(wl, WL127X_CHIP_VER, WL127X_IFTYPE_VER,
- 				      WL127X_MAJOR_VER, WL127X_SUBTYPE_VER,
-@@ -665,7 +667,9 @@ static int wl12xx_identify_chip(struct wl1271 *wl)
+ 		wlcore_set_min_fw_ver(wl, WL127X_CHIP_VER,
+ 			      WL127X_IFTYPE_SR_VER,  WL127X_MAJOR_SR_VER,
+@@ -681,7 +683,9 @@ static int wl12xx_identify_chip(struct wl1271 *wl)
  		       sizeof(wl->conf.mem));
  
  		/* read data preparation is only needed by wl127x */
@@ -41035,13 +40194,13 @@ index e5f5f8f..fdf15b7 100644
 +		*(void **)&wl->ops->prepare_read = wl127x_prepare_read;
 +		pax_close_kernel();
  
- 		wlcore_set_min_fw_ver(wl, WL127X_CHIP_VER, WL127X_IFTYPE_VER,
- 				      WL127X_MAJOR_VER, WL127X_SUBTYPE_VER,
+ 		wlcore_set_min_fw_ver(wl, WL127X_CHIP_VER,
+ 			      WL127X_IFTYPE_SR_VER,  WL127X_MAJOR_SR_VER,
 diff --git a/drivers/net/wireless/ti/wl18xx/main.c b/drivers/net/wireless/ti/wl18xx/main.c
-index 8d8c1f8..e754844 100644
+index da3ef1b..4790b95 100644
 --- a/drivers/net/wireless/ti/wl18xx/main.c
 +++ b/drivers/net/wireless/ti/wl18xx/main.c
-@@ -1489,8 +1489,10 @@ static int wl18xx_setup(struct wl1271 *wl)
+@@ -1664,8 +1664,10 @@ static int wl18xx_setup(struct wl1271 *wl)
  	}
  
  	if (!checksum_param) {
@@ -41055,10 +40214,10 @@ index 8d8c1f8..e754844 100644
  
  	/* Enable 11a Band only if we have 5G antennas */
 diff --git a/drivers/net/wireless/zd1211rw/zd_usb.c b/drivers/net/wireless/zd1211rw/zd_usb.c
-index ef2b171..bb513a6 100644
+index 7ef0b4a..ff65c28 100644
 --- a/drivers/net/wireless/zd1211rw/zd_usb.c
 +++ b/drivers/net/wireless/zd1211rw/zd_usb.c
-@@ -387,7 +387,7 @@ static inline void handle_regs_int(struct urb *urb)
+@@ -386,7 +386,7 @@ static inline void handle_regs_int(struct urb *urb)
  {
  	struct zd_usb *usb = urb->context;
  	struct zd_usb_interrupt *intr = &usb->intr;
@@ -41188,10 +40347,10 @@ index 38b6fc0..b5cbfce 100644
  
  extern struct oprofile_stat_struct oprofile_stats;
 diff --git a/drivers/oprofile/oprofilefs.c b/drivers/oprofile/oprofilefs.c
-index 849357c..b83c1e0 100644
+index 7c12d9c..558bf3bb 100644
 --- a/drivers/oprofile/oprofilefs.c
 +++ b/drivers/oprofile/oprofilefs.c
-@@ -185,7 +185,7 @@ static const struct file_operations atomic_ro_fops = {
+@@ -190,7 +190,7 @@ static const struct file_operations atomic_ro_fops = {
  
  
  int oprofilefs_create_ro_atomic(struct super_block *sb, struct dentry *root,
@@ -41362,7 +40521,7 @@ index 202f4a9..8ee47d0 100644
  	mutex_lock(&pci_hp_mutex);
  	/*
 diff --git a/drivers/pci/hotplug/pciehp_core.c b/drivers/pci/hotplug/pciehp_core.c
-index 939bd1d..a1459c9 100644
+index 7d72c5e..edce02c 100644
 --- a/drivers/pci/hotplug/pciehp_core.c
 +++ b/drivers/pci/hotplug/pciehp_core.c
 @@ -91,7 +91,7 @@ static int init_slot(struct controller *ctrl)
@@ -41406,10 +40565,10 @@ index 9c6e9bb..2916736 100644
  	if (!sysfs_initialized)
  		return -EACCES;
 diff --git a/drivers/pci/pci.h b/drivers/pci/pci.h
-index e851829..a1a7196 100644
+index 7346ee6..41520eb 100644
 --- a/drivers/pci/pci.h
 +++ b/drivers/pci/pci.h
-@@ -98,7 +98,7 @@ struct pci_vpd_ops {
+@@ -93,7 +93,7 @@ struct pci_vpd_ops {
  struct pci_vpd {
  	unsigned int len;
  	const struct pci_vpd_ops *ops;
@@ -41419,7 +40578,7 @@ index e851829..a1a7196 100644
  
  extern int pci_vpd_pci22_init(struct pci_dev *dev);
 diff --git a/drivers/pci/pcie/aspm.c b/drivers/pci/pcie/aspm.c
-index 8474b6a..ee81993 100644
+index d320df6..ca9a8f6 100644
 --- a/drivers/pci/pcie/aspm.c
 +++ b/drivers/pci/pcie/aspm.c
 @@ -27,9 +27,9 @@
@@ -41436,7 +40595,7 @@ index 8474b6a..ee81993 100644
  #define ASPM_STATE_ALL		(ASPM_STATE_L0S | ASPM_STATE_L1)
  
 diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c
-index 6186f03..1a78714 100644
+index 5427787..8df273b 100644
 --- a/drivers/pci/probe.c
 +++ b/drivers/pci/probe.c
 @@ -173,7 +173,7 @@ int __pci_read_base(struct pci_dev *dev, enum pci_bar_type type,
@@ -41449,7 +40608,7 @@ index 6186f03..1a78714 100644
  	/* No printks while decoding is disabled! */
  	if (!dev->mmio_always_on) {
 diff --git a/drivers/pci/proc.c b/drivers/pci/proc.c
-index 9b8505c..f00870a 100644
+index 0b00947..64f7c0a 100644
 --- a/drivers/pci/proc.c
 +++ b/drivers/pci/proc.c
 @@ -465,7 +465,16 @@ static const struct file_operations proc_bus_pci_dev_operations = {
@@ -41470,35 +40629,35 @@ index 9b8505c..f00870a 100644
  		    &proc_bus_pci_dev_operations);
  	proc_initialized = 1;
 diff --git a/drivers/platform/x86/msi-laptop.c b/drivers/platform/x86/msi-laptop.c
-index 2111dbb..79e434b 100644
+index 6b22938..bc9700e 100644
 --- a/drivers/platform/x86/msi-laptop.c
 +++ b/drivers/platform/x86/msi-laptop.c
-@@ -820,12 +820,14 @@ static int __init load_scm_model_init(struct platform_device *sdev)
- 	int result;
- 
- 	/* allow userland write sysfs file  */
--	dev_attr_bluetooth.store = store_bluetooth;
--	dev_attr_wlan.store = store_wlan;
--	dev_attr_threeg.store = store_threeg;
--	dev_attr_bluetooth.attr.mode |= S_IWUSR;
--	dev_attr_wlan.attr.mode |= S_IWUSR;
--	dev_attr_threeg.attr.mode |= S_IWUSR;
-+	pax_open_kernel();
-+	*(void **)&dev_attr_bluetooth.store = store_bluetooth;
-+	*(void **)&dev_attr_wlan.store = store_wlan;
-+	*(void **)&dev_attr_threeg.store = store_threeg;
-+	*(umode_t *)&dev_attr_bluetooth.attr.mode |= S_IWUSR;
-+	*(umode_t *)&dev_attr_wlan.attr.mode |= S_IWUSR;
-+	*(umode_t *)&dev_attr_threeg.attr.mode |= S_IWUSR;
-+	pax_close_kernel();
+@@ -1000,12 +1000,14 @@ static int __init load_scm_model_init(struct platform_device *sdev)
+ 
+ 	if (!quirks->ec_read_only) {
+ 		/* allow userland write sysfs file  */
+-		dev_attr_bluetooth.store = store_bluetooth;
+-		dev_attr_wlan.store = store_wlan;
+-		dev_attr_threeg.store = store_threeg;
+-		dev_attr_bluetooth.attr.mode |= S_IWUSR;
+-		dev_attr_wlan.attr.mode |= S_IWUSR;
+-		dev_attr_threeg.attr.mode |= S_IWUSR;
++		pax_open_kernel();
++		*(void **)&dev_attr_bluetooth.store = store_bluetooth;
++		*(void **)&dev_attr_wlan.store = store_wlan;
++		*(void **)&dev_attr_threeg.store = store_threeg;
++		*(umode_t *)&dev_attr_bluetooth.attr.mode |= S_IWUSR;
++		*(umode_t *)&dev_attr_wlan.attr.mode |= S_IWUSR;
++		*(umode_t *)&dev_attr_threeg.attr.mode |= S_IWUSR;
++		pax_close_kernel();
+ 	}
  
  	/* disable hardware control by fn key */
- 	result = ec_read(MSI_STANDARD_EC_SCM_LOAD_ADDRESS, &data);
 diff --git a/drivers/platform/x86/sony-laptop.c b/drivers/platform/x86/sony-laptop.c
-index 0fe987f..6f3d5c3 100644
+index 14d4dce..b129917 100644
 --- a/drivers/platform/x86/sony-laptop.c
 +++ b/drivers/platform/x86/sony-laptop.c
-@@ -2356,7 +2356,7 @@ static void sony_nc_lid_resume_cleanup(struct platform_device *pd)
+@@ -2465,7 +2465,7 @@ static void sony_nc_gfx_switch_cleanup(struct platform_device *pd)
  }
  
  /* High speed charging function */
@@ -41508,10 +40667,10 @@ index 0fe987f..6f3d5c3 100644
  static ssize_t sony_nc_highspeed_charging_store(struct device *dev,
  		struct device_attribute *attr,
 diff --git a/drivers/platform/x86/thinkpad_acpi.c b/drivers/platform/x86/thinkpad_acpi.c
-index f946ca7..f25c833 100644
+index edec135..59a24a3 100644
 --- a/drivers/platform/x86/thinkpad_acpi.c
 +++ b/drivers/platform/x86/thinkpad_acpi.c
-@@ -2097,7 +2097,7 @@ static int hotkey_mask_get(void)
+@@ -2093,7 +2093,7 @@ static int hotkey_mask_get(void)
  	return 0;
  }
  
@@ -41520,7 +40679,7 @@ index f946ca7..f25c833 100644
  {
  	/* log only what the user can fix... */
  	const u32 wantedmask = hotkey_driver_mask &
-@@ -2328,11 +2328,6 @@ static void hotkey_read_nvram(struct tp_nvram_state *n, const u32 m)
+@@ -2324,11 +2324,6 @@ static void hotkey_read_nvram(struct tp_nvram_state *n, const u32 m)
  	}
  }
  
@@ -41532,7 +40691,7 @@ index f946ca7..f25c833 100644
  #define TPACPI_COMPARE_KEY(__scancode, __member) \
  	do { \
  		if ((event_mask & (1 << __scancode)) && \
-@@ -2346,36 +2341,42 @@ static void hotkey_compare_and_issue_event(struct tp_nvram_state *oldn,
+@@ -2342,36 +2337,42 @@ static void hotkey_compare_and_issue_event(struct tp_nvram_state *oldn,
  			tpacpi_hotkey_send_key(__scancode); \
  	} while (0)
  
@@ -41599,7 +40758,7 @@ index f946ca7..f25c833 100644
  	TPACPI_COMPARE_KEY(TP_ACPI_HOTKEYSCAN_THINKPAD, thinkpad_toggle);
  	TPACPI_COMPARE_KEY(TP_ACPI_HOTKEYSCAN_FNSPACE, zoom_toggle);
  	TPACPI_COMPARE_KEY(TP_ACPI_HOTKEYSCAN_FNF7, display_toggle);
-@@ -2409,7 +2410,7 @@ static void hotkey_compare_and_issue_event(struct tp_nvram_state *oldn,
+@@ -2405,7 +2406,7 @@ static void hotkey_compare_and_issue_event(struct tp_nvram_state *oldn,
  		    oldn->volume_level != newn->volume_level) {
  			/* recently muted, or repeated mute keypress, or
  			 * multiple presses ending in mute */
@@ -41608,7 +40767,7 @@ index f946ca7..f25c833 100644
  			TPACPI_MAY_SEND_KEY(TP_ACPI_HOTKEYSCAN_MUTE);
  		}
  	} else {
-@@ -2419,7 +2420,7 @@ static void hotkey_compare_and_issue_event(struct tp_nvram_state *oldn,
+@@ -2415,7 +2416,7 @@ static void hotkey_compare_and_issue_event(struct tp_nvram_state *oldn,
  			TPACPI_MAY_SEND_KEY(TP_ACPI_HOTKEYSCAN_VOLUMEUP);
  		}
  		if (oldn->volume_level != newn->volume_level) {
@@ -41617,7 +40776,7 @@ index f946ca7..f25c833 100644
  		} else if (oldn->volume_toggle != newn->volume_toggle) {
  			/* repeated vol up/down keypress at end of scale ? */
  			if (newn->volume_level == 0)
-@@ -2432,7 +2433,8 @@ static void hotkey_compare_and_issue_event(struct tp_nvram_state *oldn,
+@@ -2428,7 +2429,8 @@ static void hotkey_compare_and_issue_event(struct tp_nvram_state *oldn,
  	/* handle brightness */
  	if (oldn->brightness_level != newn->brightness_level) {
  		issue_brightnesschange(oldn->brightness_level,
@@ -41627,7 +40786,7 @@ index f946ca7..f25c833 100644
  	} else if (oldn->brightness_toggle != newn->brightness_toggle) {
  		/* repeated key presses that didn't change state */
  		if (newn->brightness_level == 0)
-@@ -2441,10 +2443,10 @@ static void hotkey_compare_and_issue_event(struct tp_nvram_state *oldn,
+@@ -2437,10 +2439,10 @@ static void hotkey_compare_and_issue_event(struct tp_nvram_state *oldn,
  				&& !tp_features.bright_unkfw)
  			TPACPI_MAY_SEND_KEY(TP_ACPI_HOTKEYSCAN_FNHOME);
  	}
@@ -41766,7 +40925,7 @@ index cc439fd..8fa30df 100644
  
  #endif /* CONFIG_SYSFS */
 diff --git a/drivers/power/power_supply_core.c b/drivers/power/power_supply_core.c
-index 8a7cfb3..72e6e9b 100644
+index 5deac43..608c5ff 100644
 --- a/drivers/power/power_supply_core.c
 +++ b/drivers/power/power_supply_core.c
 @@ -24,7 +24,10 @@
@@ -41791,10 +40950,10 @@ index 8a7cfb3..72e6e9b 100644
  	return 0;
  }
 diff --git a/drivers/power/power_supply_sysfs.c b/drivers/power/power_supply_sysfs.c
-index 40fa3b7..d9c2e0e 100644
+index 29178f7..c65f324 100644
 --- a/drivers/power/power_supply_sysfs.c
 +++ b/drivers/power/power_supply_sysfs.c
-@@ -229,17 +229,15 @@ static struct attribute_group power_supply_attr_group = {
+@@ -230,17 +230,15 @@ static struct attribute_group power_supply_attr_group = {
  	.is_visible = power_supply_attr_is_visible,
  };
  
@@ -41851,10 +41010,10 @@ index 9a8ea91..c483dd9 100644
  
  	max->enable_external_control = pdata->enable_ext_control;
 diff --git a/drivers/regulator/mc13892-regulator.c b/drivers/regulator/mc13892-regulator.c
-index 0d84b1f..c2da6ac 100644
+index 9891aec..beb3083 100644
 --- a/drivers/regulator/mc13892-regulator.c
 +++ b/drivers/regulator/mc13892-regulator.c
-@@ -540,10 +540,12 @@ static int mc13892_regulator_probe(struct platform_device *pdev)
+@@ -583,10 +583,12 @@ static int mc13892_regulator_probe(struct platform_device *pdev)
  	}
  	mc13xxx_unlock(mc13892);
  
@@ -41868,9 +41027,9 @@ index 0d84b1f..c2da6ac 100644
 +	pax_close_kernel();
  
  	mc13xxx_data = mc13xxx_parse_regulators_dt(pdev, mc13892_regulators,
- 					ARRAY_SIZE(mc13892_regulators));
+ 					ARRAY_SIZE(mc13892_regulators),
 diff --git a/drivers/rtc/rtc-cmos.c b/drivers/rtc/rtc-cmos.c
-index 1c77423..2971d18 100644
+index cc5bea9..689f7d9 100644
 --- a/drivers/rtc/rtc-cmos.c
 +++ b/drivers/rtc/rtc-cmos.c
 @@ -724,7 +724,9 @@ cmos_do_probe(struct device *dev, struct resource *ports, int rtc_irq)
@@ -41885,10 +41044,10 @@ index 1c77423..2971d18 100644
  	if (retval < 0) {
  		dev_dbg(dev, "can't create nvram file? %d\n", retval);
 diff --git a/drivers/rtc/rtc-dev.c b/drivers/rtc/rtc-dev.c
-index 9a86b4b..3a383dc 100644
+index d049393..bb20be0 100644
 --- a/drivers/rtc/rtc-dev.c
 +++ b/drivers/rtc/rtc-dev.c
-@@ -14,6 +14,7 @@
+@@ -16,6 +16,7 @@
  #include <linux/module.h>
  #include <linux/rtc.h>
  #include <linux/sched.h>
@@ -41896,7 +41055,7 @@ index 9a86b4b..3a383dc 100644
  #include "rtc-core.h"
  
  static dev_t rtc_devt;
-@@ -345,6 +346,8 @@ static long rtc_dev_ioctl(struct file *file,
+@@ -347,6 +348,8 @@ static long rtc_dev_ioctl(struct file *file,
  		if (copy_from_user(&tm, uarg, sizeof(tm)))
  			return -EFAULT;
  
@@ -41906,7 +41065,7 @@ index 9a86b4b..3a383dc 100644
  
  	case RTC_PIE_ON:
 diff --git a/drivers/rtc/rtc-ds1307.c b/drivers/rtc/rtc-ds1307.c
-index e0d0ba4..3c65868 100644
+index 970a236..3613169 100644
 --- a/drivers/rtc/rtc-ds1307.c
 +++ b/drivers/rtc/rtc-ds1307.c
 @@ -106,7 +106,7 @@ struct ds1307 {
@@ -41969,7 +41128,7 @@ index 23a90e7..9cf04ee 100644
  /*
   * Queue element to wait for room in request queue. FIFO order is
 diff --git a/drivers/scsi/hosts.c b/drivers/scsi/hosts.c
-index 593085a..47aa999 100644
+index df0c3c7..b00e1d0 100644
 --- a/drivers/scsi/hosts.c
 +++ b/drivers/scsi/hosts.c
 @@ -42,7 +42,7 @@
@@ -41991,7 +41150,7 @@ index 593085a..47aa999 100644
  
  	/* These three are default values which can be overridden */
 diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c
-index 4f33806..afd6f60 100644
+index 7f4f790..b75b92a 100644
 --- a/drivers/scsi/hpsa.c
 +++ b/drivers/scsi/hpsa.c
 @@ -554,7 +554,7 @@ static inline u32 next_command(struct ctlr_info *h, u8 q)
@@ -42003,7 +41162,7 @@ index 4f33806..afd6f60 100644
  
  	if ((rq->head[rq->current_entry] & 1) == rq->wraparound) {
  		a = rq->head[rq->current_entry];
-@@ -3374,7 +3374,7 @@ static void start_io(struct ctlr_info *h)
+@@ -3422,7 +3422,7 @@ static void start_io(struct ctlr_info *h)
  	while (!list_empty(&h->reqQ)) {
  		c = list_entry(h->reqQ.next, struct CommandList, list);
  		/* can't do anything if fifo is full */
@@ -42012,7 +41171,7 @@ index 4f33806..afd6f60 100644
  			dev_warn(&h->pdev->dev, "fifo full\n");
  			break;
  		}
-@@ -3396,7 +3396,7 @@ static void start_io(struct ctlr_info *h)
+@@ -3444,7 +3444,7 @@ static void start_io(struct ctlr_info *h)
  
  		/* Tell the controller execute command */
  		spin_unlock_irqrestore(&h->lock, flags);
@@ -42021,7 +41180,7 @@ index 4f33806..afd6f60 100644
  		spin_lock_irqsave(&h->lock, flags);
  	}
  	spin_unlock_irqrestore(&h->lock, flags);
-@@ -3404,17 +3404,17 @@ static void start_io(struct ctlr_info *h)
+@@ -3452,17 +3452,17 @@ static void start_io(struct ctlr_info *h)
  
  static inline unsigned long get_next_completion(struct ctlr_info *h, u8 q)
  {
@@ -42042,7 +41201,7 @@ index 4f33806..afd6f60 100644
  		(h->interrupts_enabled == 0);
  }
  
-@@ -4316,7 +4316,7 @@ static int hpsa_pci_init(struct ctlr_info *h)
+@@ -4364,7 +4364,7 @@ static int hpsa_pci_init(struct ctlr_info *h)
  	if (prod_index < 0)
  		return -ENODEV;
  	h->product_name = products[prod_index].product_name;
@@ -42051,7 +41210,7 @@ index 4f33806..afd6f60 100644
  
  	pci_disable_link_state(h->pdev, PCIE_LINK_STATE_L0S |
  			       PCIE_LINK_STATE_L1 | PCIE_LINK_STATE_CLKPM);
-@@ -4598,7 +4598,7 @@ static void controller_lockup_detected(struct ctlr_info *h)
+@@ -4646,7 +4646,7 @@ static void controller_lockup_detected(struct ctlr_info *h)
  
  	assert_spin_locked(&lockup_detector_lock);
  	remove_ctlr_from_lockup_detector_list(h);
@@ -42060,7 +41219,7 @@ index 4f33806..afd6f60 100644
  	spin_lock_irqsave(&h->lock, flags);
  	h->lockup_detected = readl(h->vaddr + SA5_SCRATCHPAD_OFFSET);
  	spin_unlock_irqrestore(&h->lock, flags);
-@@ -4775,7 +4775,7 @@ reinit_after_soft_reset:
+@@ -4823,7 +4823,7 @@ reinit_after_soft_reset:
  	}
  
  	/* make sure the board interrupts are off */
@@ -42069,7 +41228,7 @@ index 4f33806..afd6f60 100644
  
  	if (hpsa_request_irq(h, do_hpsa_intr_msi, do_hpsa_intr_intx))
  		goto clean2;
-@@ -4809,7 +4809,7 @@ reinit_after_soft_reset:
+@@ -4857,7 +4857,7 @@ reinit_after_soft_reset:
  		 * fake ones to scoop up any residual completions.
  		 */
  		spin_lock_irqsave(&h->lock, flags);
@@ -42078,7 +41237,7 @@ index 4f33806..afd6f60 100644
  		spin_unlock_irqrestore(&h->lock, flags);
  		free_irqs(h);
  		rc = hpsa_request_irq(h, hpsa_msix_discard_completions,
-@@ -4828,9 +4828,9 @@ reinit_after_soft_reset:
+@@ -4876,9 +4876,9 @@ reinit_after_soft_reset:
  		dev_info(&h->pdev->dev, "Board READY.\n");
  		dev_info(&h->pdev->dev,
  			"Waiting for stale completions to drain.\n");
@@ -42090,7 +41249,7 @@ index 4f33806..afd6f60 100644
  
  		rc = controller_reset_failed(h->cfgtable);
  		if (rc)
-@@ -4851,7 +4851,7 @@ reinit_after_soft_reset:
+@@ -4899,7 +4899,7 @@ reinit_after_soft_reset:
  	}
  
  	/* Turn the interrupts on so we can service requests */
@@ -42099,7 +41258,7 @@ index 4f33806..afd6f60 100644
  
  	hpsa_hba_inquiry(h);
  	hpsa_register_scsi(h);	/* hook ourselves into SCSI subsystem */
-@@ -4903,7 +4903,7 @@ static void hpsa_shutdown(struct pci_dev *pdev)
+@@ -4954,7 +4954,7 @@ static void hpsa_shutdown(struct pci_dev *pdev)
  	 * To write all data in the battery backed cache to disks
  	 */
  	hpsa_flush_cache(h);
@@ -42108,7 +41267,7 @@ index 4f33806..afd6f60 100644
  	hpsa_free_irqs_and_disable_msix(h);
  }
  
-@@ -5071,7 +5071,7 @@ static void hpsa_enter_performant_mode(struct ctlr_info *h, u32 use_short_tags)
+@@ -5122,7 +5122,7 @@ static void hpsa_enter_performant_mode(struct ctlr_info *h, u32 use_short_tags)
  		return;
  	}
  	/* Change the access methods to the performant access methods */
@@ -42289,7 +41448,7 @@ index bdb81cd..d3c7c2c 100644
  	.qc_issue		= sas_ata_qc_issue,
  	.qc_fill_rtf		= sas_ata_qc_fill_rtf,
 diff --git a/drivers/scsi/lpfc/lpfc.h b/drivers/scsi/lpfc/lpfc.h
-index df4c13a..a51e90c 100644
+index 7706c99..3b4fc0c 100644
 --- a/drivers/scsi/lpfc/lpfc.h
 +++ b/drivers/scsi/lpfc/lpfc.h
 @@ -424,7 +424,7 @@ struct lpfc_vport {
@@ -42301,7 +41460,7 @@ index df4c13a..a51e90c 100644
  #endif
  	uint8_t stat_data_enabled;
  	uint8_t stat_data_blocked;
-@@ -842,8 +842,8 @@ struct lpfc_hba {
+@@ -853,8 +853,8 @@ struct lpfc_hba {
  	struct timer_list fabric_block_timer;
  	unsigned long bit_flags;
  #define	FABRIC_COMANDS_BLOCKED	0
@@ -42312,7 +41471,7 @@ index df4c13a..a51e90c 100644
  	unsigned long last_rsrc_error_time;
  	unsigned long last_ramp_down_time;
  	unsigned long last_ramp_up_time;
-@@ -879,7 +879,7 @@ struct lpfc_hba {
+@@ -890,7 +890,7 @@ struct lpfc_hba {
  
  	struct dentry *debug_slow_ring_trc;
  	struct lpfc_debugfs_trc *slow_ring_trc;
@@ -42405,10 +41564,10 @@ index f63f5ff..de29189 100644
  	snprintf(name, sizeof(name), "discovery_trace");
  	vport->debug_disc_trc =
 diff --git a/drivers/scsi/lpfc/lpfc_init.c b/drivers/scsi/lpfc/lpfc_init.c
-index 89ad558..76956c4 100644
+index 314b4f6..7005d10 100644
 --- a/drivers/scsi/lpfc/lpfc_init.c
 +++ b/drivers/scsi/lpfc/lpfc_init.c
-@@ -10618,8 +10618,10 @@ lpfc_init(void)
+@@ -10551,8 +10551,10 @@ lpfc_init(void)
  			"misc_register returned with status %d", error);
  
  	if (lpfc_enable_npiv) {
@@ -42422,10 +41581,10 @@ index 89ad558..76956c4 100644
  	lpfc_transport_template =
  				fc_attach_transport(&lpfc_transport_functions);
 diff --git a/drivers/scsi/lpfc/lpfc_scsi.c b/drivers/scsi/lpfc/lpfc_scsi.c
-index 60e5a17..ff7a793 100644
+index 98af07c..7625fb5 100644
 --- a/drivers/scsi/lpfc/lpfc_scsi.c
 +++ b/drivers/scsi/lpfc/lpfc_scsi.c
-@@ -305,7 +305,7 @@ lpfc_rampdown_queue_depth(struct lpfc_hba *phba)
+@@ -325,7 +325,7 @@ lpfc_rampdown_queue_depth(struct lpfc_hba *phba)
  	uint32_t evt_posted;
  
  	spin_lock_irqsave(&phba->hbalock, flags);
@@ -42434,7 +41593,7 @@ index 60e5a17..ff7a793 100644
  	phba->last_rsrc_error_time = jiffies;
  
  	if ((phba->last_ramp_down_time + QUEUE_RAMP_DOWN_INTERVAL) > jiffies) {
-@@ -346,7 +346,7 @@ lpfc_rampup_queue_depth(struct lpfc_vport  *vport,
+@@ -366,7 +366,7 @@ lpfc_rampup_queue_depth(struct lpfc_vport  *vport,
  	unsigned long flags;
  	struct lpfc_hba *phba = vport->phba;
  	uint32_t evt_posted;
@@ -42443,7 +41602,7 @@ index 60e5a17..ff7a793 100644
  
  	if (vport->cfg_lun_queue_depth <= queue_depth)
  		return;
-@@ -390,8 +390,8 @@ lpfc_ramp_down_queue_handler(struct lpfc_hba *phba)
+@@ -410,8 +410,8 @@ lpfc_ramp_down_queue_handler(struct lpfc_hba *phba)
  	unsigned long num_rsrc_err, num_cmd_success;
  	int i;
  
@@ -42454,7 +41613,7 @@ index 60e5a17..ff7a793 100644
  
  	/*
  	 * The error and success command counters are global per
-@@ -419,8 +419,8 @@ lpfc_ramp_down_queue_handler(struct lpfc_hba *phba)
+@@ -439,8 +439,8 @@ lpfc_ramp_down_queue_handler(struct lpfc_hba *phba)
  			}
  		}
  	lpfc_destroy_vport_work_array(phba, vports);
@@ -42465,7 +41624,7 @@ index 60e5a17..ff7a793 100644
  }
  
  /**
-@@ -454,8 +454,8 @@ lpfc_ramp_up_queue_handler(struct lpfc_hba *phba)
+@@ -474,8 +474,8 @@ lpfc_ramp_up_queue_handler(struct lpfc_hba *phba)
  			}
  		}
  	lpfc_destroy_vport_work_array(phba, vports);
@@ -42584,10 +41743,10 @@ index e1d150f..6c6df44 100644
  	/* To indicate add/delete/modify during CCN */
  	u8 change_detected;
 diff --git a/drivers/scsi/qla2xxx/qla_attr.c b/drivers/scsi/qla2xxx/qla_attr.c
-index 83d7984..a27d947 100644
+index b3db9dc..c3b1756 100644
 --- a/drivers/scsi/qla2xxx/qla_attr.c
 +++ b/drivers/scsi/qla2xxx/qla_attr.c
-@@ -1969,7 +1969,7 @@ qla24xx_vport_disable(struct fc_vport *fc_vport, bool disable)
+@@ -1971,7 +1971,7 @@ qla24xx_vport_disable(struct fc_vport *fc_vport, bool disable)
  	return 0;
  }
  
@@ -42596,7 +41755,7 @@ index 83d7984..a27d947 100644
  
  	.show_host_node_name = 1,
  	.show_host_port_name = 1,
-@@ -2016,7 +2016,7 @@ struct fc_function_template qla2xxx_transport_functions = {
+@@ -2018,7 +2018,7 @@ struct fc_function_template qla2xxx_transport_functions = {
  	.bsg_timeout = qla24xx_bsg_timeout,
  };
  
@@ -42606,10 +41765,10 @@ index 83d7984..a27d947 100644
  	.show_host_node_name = 1,
  	.show_host_port_name = 1,
 diff --git a/drivers/scsi/qla2xxx/qla_gbl.h b/drivers/scsi/qla2xxx/qla_gbl.h
-index 2411d1a..4673766 100644
+index b310fa9..b9b3944 100644
 --- a/drivers/scsi/qla2xxx/qla_gbl.h
 +++ b/drivers/scsi/qla2xxx/qla_gbl.h
-@@ -515,8 +515,8 @@ extern void qla2x00_get_sym_node_name(scsi_qla_host_t *, uint8_t *);
+@@ -523,8 +523,8 @@ extern void qla2x00_get_sym_node_name(scsi_qla_host_t *, uint8_t *);
  struct device_attribute;
  extern struct device_attribute *qla2x00_host_attrs[];
  struct fc_function_template;
@@ -42621,10 +41780,10 @@ index 2411d1a..4673766 100644
  extern void qla2x00_free_sysfs_attr(scsi_qla_host_t *);
  extern void qla2x00_init_host_attr(scsi_qla_host_t *);
 diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c
-index 10d23f8..a7d5d4c 100644
+index 2c6dd3d..e5ecd82 100644
 --- a/drivers/scsi/qla2xxx/qla_os.c
 +++ b/drivers/scsi/qla2xxx/qla_os.c
-@@ -1472,8 +1472,10 @@ qla2x00_config_dma_addressing(struct qla_hw_data *ha)
+@@ -1554,8 +1554,10 @@ qla2x00_config_dma_addressing(struct qla_hw_data *ha)
  		    !pci_set_consistent_dma_mask(ha->pdev, DMA_BIT_MASK(64))) {
  			/* Ok, a 64bit DMA mask is applicable. */
  			ha->flags.enable_64bit_addressing = 1;
@@ -42638,10 +41797,10 @@ index 10d23f8..a7d5d4c 100644
  		}
  	}
 diff --git a/drivers/scsi/qla4xxx/ql4_def.h b/drivers/scsi/qla4xxx/ql4_def.h
-index 329d553..f20d31d 100644
+index 129f5dd..ade53e8 100644
 --- a/drivers/scsi/qla4xxx/ql4_def.h
 +++ b/drivers/scsi/qla4xxx/ql4_def.h
-@@ -273,7 +273,7 @@ struct ddb_entry {
+@@ -275,7 +275,7 @@ struct ddb_entry {
  					   * (4000 only) */
  	atomic_t relogin_timer;		  /* Max Time to wait for
  					   * relogin to complete */
@@ -42651,10 +41810,10 @@ index 329d553..f20d31d 100644
  	uint32_t default_time2wait;	  /* Default Min time between
  					   * relogins (+aens) */
 diff --git a/drivers/scsi/qla4xxx/ql4_os.c b/drivers/scsi/qla4xxx/ql4_os.c
-index 4cec123..7c1329f 100644
+index 6142729..b6a85c9 100644
 --- a/drivers/scsi/qla4xxx/ql4_os.c
 +++ b/drivers/scsi/qla4xxx/ql4_os.c
-@@ -2621,12 +2621,12 @@ static void qla4xxx_check_relogin_flash_ddb(struct iscsi_cls_session *cls_sess)
+@@ -2622,12 +2622,12 @@ static void qla4xxx_check_relogin_flash_ddb(struct iscsi_cls_session *cls_sess)
  		 */
  		if (!iscsi_is_session_online(cls_sess)) {
  			/* Reset retry relogin timer */
@@ -42669,7 +41828,7 @@ index 4cec123..7c1329f 100644
  				ddb_entry->default_time2wait + 4));
  			set_bit(DPC_RELOGIN_DEVICE, &ha->dpc_flags);
  			atomic_set(&ddb_entry->retry_relogin_timer,
-@@ -4738,7 +4738,7 @@ static void qla4xxx_setup_flash_ddb_entry(struct scsi_qla_host *ha,
+@@ -4742,7 +4742,7 @@ static void qla4xxx_setup_flash_ddb_entry(struct scsi_qla_host *ha,
  
  	atomic_set(&ddb_entry->retry_relogin_timer, INVALID_ENTRY);
  	atomic_set(&ddb_entry->relogin_timer, 0);
@@ -42692,10 +41851,10 @@ index 2c0d0ec..4e8681a 100644
  	/* check if the device is still usable */
  	if (unlikely(cmd->device->sdev_state == SDEV_DEL)) {
 diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
-index f1bf5af..f67e943 100644
+index c31187d..0ead8c3 100644
 --- a/drivers/scsi/scsi_lib.c
 +++ b/drivers/scsi/scsi_lib.c
-@@ -1454,7 +1454,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q)
+@@ -1459,7 +1459,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q)
  	shost = sdev->host;
  	scsi_init_cmd_errh(cmd);
  	cmd->result = DID_NO_CONNECT << 16;
@@ -42704,7 +41863,7 @@ index f1bf5af..f67e943 100644
  
  	/*
  	 * SCSI request completion path will do scsi_device_unbusy(),
-@@ -1480,9 +1480,9 @@ static void scsi_softirq_done(struct request *rq)
+@@ -1485,9 +1485,9 @@ static void scsi_softirq_done(struct request *rq)
  
  	INIT_LIST_HEAD(&cmd->eh_entry);
  
@@ -42783,7 +41942,7 @@ index e894ca7..de9d7660 100644
  	/*
  	 * Check for overflow; dev_loss_tmo is u32
 diff --git a/drivers/scsi/scsi_transport_iscsi.c b/drivers/scsi/scsi_transport_iscsi.c
-index 31969f2..2b348f0 100644
+index 0a74b97..fa8d648 100644
 --- a/drivers/scsi/scsi_transport_iscsi.c
 +++ b/drivers/scsi/scsi_transport_iscsi.c
 @@ -79,7 +79,7 @@ struct iscsi_internal {
@@ -42804,7 +41963,7 @@ index 31969f2..2b348f0 100644
  
  	if (target_id == ISCSI_MAX_TARGET) {
  		id = ida_simple_get(&iscsi_sess_ida, 0, 0, GFP_KERNEL);
-@@ -2943,7 +2943,7 @@ static __init int iscsi_transport_init(void)
+@@ -2955,7 +2955,7 @@ static __init int iscsi_transport_init(void)
  	printk(KERN_INFO "Loading iSCSI transport class v%s.\n",
  		ISCSI_TRANSPORT_VERSION);
  
@@ -42858,7 +42017,7 @@ index 7992635..609faf8 100644
  	if (!sdp->request_queue->rq_timeout) {
  		if (sdp->type != TYPE_MOD)
 diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c
-index be2c9a6..275525c 100644
+index 9f0c465..47194ee 100644
 --- a/drivers/scsi/sg.c
 +++ b/drivers/scsi/sg.c
 @@ -1101,7 +1101,7 @@ sg_ioctl(struct file *filp, unsigned int cmd_in, unsigned long arg)
@@ -42871,10 +42030,10 @@ index be2c9a6..275525c 100644
  		return blk_trace_startstop(sdp->device->request_queue, 1);
  	case BLKTRACESTOP:
 diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c
-index 19ee901..6e8c2ef 100644
+index 004b10f..7c98d51 100644
 --- a/drivers/spi/spi.c
 +++ b/drivers/spi/spi.c
-@@ -1616,7 +1616,7 @@ int spi_bus_unlock(struct spi_master *master)
+@@ -1620,7 +1620,7 @@ int spi_bus_unlock(struct spi_master *master)
  EXPORT_SYMBOL_GPL(spi_bus_unlock);
  
  /* portable code must never pass more than 32 bytes */
@@ -42884,12 +42043,12 @@ index 19ee901..6e8c2ef 100644
  static u8	*buf;
  
 diff --git a/drivers/staging/iio/iio_hwmon.c b/drivers/staging/iio/iio_hwmon.c
-index c7a5f97..71ecd35 100644
+index 93af756..a4bc5bf 100644
 --- a/drivers/staging/iio/iio_hwmon.c
 +++ b/drivers/staging/iio/iio_hwmon.c
-@@ -72,7 +72,7 @@ static void iio_hwmon_free_attrs(struct iio_hwmon_state *st)
- static int iio_hwmon_probe(struct platform_device *pdev)
+@@ -67,7 +67,7 @@ static int iio_hwmon_probe(struct platform_device *pdev)
  {
+ 	struct device *dev = &pdev->dev;
  	struct iio_hwmon_state *st;
 -	struct sensor_device_attribute *a;
 +	sensor_device_attribute_no_const *a;
@@ -42929,7 +42088,7 @@ index 34afc16..ffe44dd 100644
  				dev_kfree_skb_irq(skb);
  			}
 diff --git a/drivers/staging/octeon/ethernet.c b/drivers/staging/octeon/ethernet.c
-index ef32dc1..a159d68 100644
+index c3a90e7..023619a 100644
 --- a/drivers/staging/octeon/ethernet.c
 +++ b/drivers/staging/octeon/ethernet.c
 @@ -252,11 +252,11 @@ static struct net_device_stats *cvm_oct_common_get_stats(struct net_device *dev)
@@ -42948,227 +42107,6 @@ index ef32dc1..a159d68 100644
  #endif
  	}
  
-diff --git a/drivers/staging/ramster/tmem.c b/drivers/staging/ramster/tmem.c
-index a2b7e03..aaf3630 100644
---- a/drivers/staging/ramster/tmem.c
-+++ b/drivers/staging/ramster/tmem.c
-@@ -50,25 +50,25 @@
-  * A tmem host implementation must use this function to register callbacks
-  * for memory allocation.
-  */
--static struct tmem_hostops tmem_hostops;
-+static struct tmem_hostops *tmem_hostops;
- 
- static void tmem_objnode_tree_init(void);
- 
- void tmem_register_hostops(struct tmem_hostops *m)
- {
- 	tmem_objnode_tree_init();
--	tmem_hostops = *m;
-+	tmem_hostops = m;
- }
- 
- /*
-  * A tmem host implementation must use this function to register
-  * callbacks for a page-accessible memory (PAM) implementation.
-  */
--static struct tmem_pamops tmem_pamops;
-+static struct tmem_pamops *tmem_pamops;
- 
- void tmem_register_pamops(struct tmem_pamops *m)
- {
--	tmem_pamops = *m;
-+	tmem_pamops = m;
- }
- 
- /*
-@@ -174,7 +174,7 @@ static void tmem_obj_init(struct tmem_obj *obj, struct tmem_hashbucket *hb,
- 	obj->pampd_count = 0;
- #ifdef CONFIG_RAMSTER
- 	if (tmem_pamops.new_obj != NULL)
--		(*tmem_pamops.new_obj)(obj);
-+		(tmem_pamops->new_obj)(obj);
- #endif
- 	SET_SENTINEL(obj, OBJ);
- 
-@@ -210,7 +210,7 @@ static void tmem_pool_flush(struct tmem_pool *pool, bool destroy)
- 			rbnode = rb_next(rbnode);
- 			tmem_pampd_destroy_all_in_obj(obj, true);
- 			tmem_obj_free(obj, hb);
--			(*tmem_hostops.obj_free)(obj, pool);
-+			(tmem_hostops->obj_free)(obj, pool);
- 		}
- 		spin_unlock(&hb->lock);
- 	}
-@@ -261,7 +261,7 @@ static struct tmem_objnode *tmem_objnode_alloc(struct tmem_obj *obj)
- 	ASSERT_SENTINEL(obj, OBJ);
- 	BUG_ON(obj->pool == NULL);
- 	ASSERT_SENTINEL(obj->pool, POOL);
--	objnode = (*tmem_hostops.objnode_alloc)(obj->pool);
-+	objnode = (tmem_hostops->objnode_alloc)(obj->pool);
- 	if (unlikely(objnode == NULL))
- 		goto out;
- 	objnode->obj = obj;
-@@ -290,7 +290,7 @@ static void tmem_objnode_free(struct tmem_objnode *objnode)
- 	ASSERT_SENTINEL(pool, POOL);
- 	objnode->obj->objnode_count--;
- 	objnode->obj = NULL;
--	(*tmem_hostops.objnode_free)(objnode, pool);
-+	(tmem_hostops->objnode_free)(objnode, pool);
- }
- 
- /*
-@@ -348,7 +348,7 @@ static void *tmem_pampd_replace_in_obj(struct tmem_obj *obj, uint32_t index,
- 		void *old_pampd = *(void **)slot;
- 		*(void **)slot = new_pampd;
- 		if (!no_free)
--			(*tmem_pamops.free)(old_pampd, obj->pool,
-+			(tmem_pamops->free)(old_pampd, obj->pool,
- 						NULL, 0, false);
- 		ret = new_pampd;
- 	}
-@@ -505,7 +505,7 @@ static void tmem_objnode_node_destroy(struct tmem_obj *obj,
- 		if (objnode->slots[i]) {
- 			if (ht == 1) {
- 				obj->pampd_count--;
--				(*tmem_pamops.free)(objnode->slots[i],
-+				(tmem_pamops->free)(objnode->slots[i],
- 						obj->pool, NULL, 0, true);
- 				objnode->slots[i] = NULL;
- 				continue;
-@@ -524,7 +524,7 @@ static void tmem_pampd_destroy_all_in_obj(struct tmem_obj *obj,
- 		return;
- 	if (obj->objnode_tree_height == 0) {
- 		obj->pampd_count--;
--		(*tmem_pamops.free)(obj->objnode_tree_root,
-+		(tmem_pamops->free)(obj->objnode_tree_root,
- 					obj->pool, NULL, 0, true);
- 	} else {
- 		tmem_objnode_node_destroy(obj, obj->objnode_tree_root,
-@@ -535,7 +535,7 @@ static void tmem_pampd_destroy_all_in_obj(struct tmem_obj *obj,
- 	obj->objnode_tree_root = NULL;
- #ifdef CONFIG_RAMSTER
- 	if (tmem_pamops.free_obj != NULL)
--		(*tmem_pamops.free_obj)(obj->pool, obj, pool_destroy);
-+		(tmem_pamops->free_obj)(obj->pool, obj, pool_destroy);
- #endif
- }
- 
-@@ -574,7 +574,7 @@ int tmem_put(struct tmem_pool *pool, struct tmem_oid *oidp, uint32_t index,
- 			/* if found, is a dup put, flush the old one */
- 			pampd_del = tmem_pampd_delete_from_obj(obj, index);
- 			BUG_ON(pampd_del != pampd);
--			(*tmem_pamops.free)(pampd, pool, oidp, index, true);
-+			(tmem_pamops->free)(pampd, pool, oidp, index, true);
- 			if (obj->pampd_count == 0) {
- 				objnew = obj;
- 				objfound = NULL;
-@@ -582,7 +582,7 @@ int tmem_put(struct tmem_pool *pool, struct tmem_oid *oidp, uint32_t index,
- 			pampd = NULL;
- 		}
- 	} else {
--		obj = objnew = (*tmem_hostops.obj_alloc)(pool);
-+		obj = objnew = (tmem_hostops->obj_alloc)(pool);
- 		if (unlikely(obj == NULL)) {
- 			ret = -ENOMEM;
- 			goto out;
-@@ -597,16 +597,16 @@ int tmem_put(struct tmem_pool *pool, struct tmem_oid *oidp, uint32_t index,
- 	if (unlikely(ret == -ENOMEM))
- 		/* may have partially built objnode tree ("stump") */
- 		goto delete_and_free;
--	(*tmem_pamops.create_finish)(pampd, is_ephemeral(pool));
-+	(tmem_pamops->create_finish)(pampd, is_ephemeral(pool));
- 	goto out;
- 
- delete_and_free:
- 	(void)tmem_pampd_delete_from_obj(obj, index);
- 	if (pampd)
--		(*tmem_pamops.free)(pampd, pool, NULL, 0, true);
-+		(tmem_pamops->free)(pampd, pool, NULL, 0, true);
- 	if (objnew) {
- 		tmem_obj_free(objnew, hb);
--		(*tmem_hostops.obj_free)(objnew, pool);
-+		(tmem_hostops->obj_free)(objnew, pool);
- 	}
- out:
- 	spin_unlock(&hb->lock);
-@@ -651,7 +651,7 @@ void tmem_localify_finish(struct tmem_obj *obj, uint32_t index,
- 	if (pampd != NULL) {
- 		BUG_ON(obj == NULL);
- 		(void)tmem_pampd_replace_in_obj(obj, index, pampd, 1);
--		(*tmem_pamops.create_finish)(pampd, is_ephemeral(obj->pool));
-+		(tmem_pamops->create_finish)(pampd, is_ephemeral(obj->pool));
- 	} else if (delete) {
- 		BUG_ON(obj == NULL);
- 		(void)tmem_pampd_delete_from_obj(obj, index);
-@@ -671,7 +671,7 @@ static int tmem_repatriate(void **ppampd, struct tmem_hashbucket *hb,
- 	int ret = 0;
- 
- 	if (!is_ephemeral(pool))
--		new_pampd = (*tmem_pamops.repatriate_preload)(
-+		new_pampd = (tmem_pamops->repatriate_preload)(
- 				old_pampd, pool, oidp, index, &intransit);
- 	if (intransit)
- 		ret = -EAGAIN;
-@@ -680,7 +680,7 @@ static int tmem_repatriate(void **ppampd, struct tmem_hashbucket *hb,
- 	/* must release the hb->lock else repatriate can't sleep */
- 	spin_unlock(&hb->lock);
- 	if (!intransit)
--		ret = (*tmem_pamops.repatriate)(old_pampd, new_pampd, pool,
-+		ret = (tmem_pamops->repatriate)(old_pampd, new_pampd, pool,
- 						oidp, index, free, data);
- 	if (ret == -EAGAIN) {
- 		/* rare I think, but should cond_resched()??? */
-@@ -714,7 +714,7 @@ int tmem_replace(struct tmem_pool *pool, struct tmem_oid *oidp,
- 	new_pampd = tmem_pampd_replace_in_obj(obj, index, new_pampd, 0);
- 	/* if we bug here, pamops wasn't properly set up for ramster */
- 	BUG_ON(tmem_pamops.replace_in_obj == NULL);
--	ret = (*tmem_pamops.replace_in_obj)(new_pampd, obj);
-+	ret = (tmem_pamops->replace_in_obj)(new_pampd, obj);
- out:
- 	spin_unlock(&hb->lock);
- 	return ret;
-@@ -776,15 +776,15 @@ int tmem_get(struct tmem_pool *pool, struct tmem_oid *oidp, uint32_t index,
- 	if (free) {
- 		if (obj->pampd_count == 0) {
- 			tmem_obj_free(obj, hb);
--			(*tmem_hostops.obj_free)(obj, pool);
-+			(tmem_hostops->obj_free)(obj, pool);
- 			obj = NULL;
- 		}
- 	}
- 	if (free)
--		ret = (*tmem_pamops.get_data_and_free)(
-+		ret = (tmem_pamops->get_data_and_free)(
- 				data, sizep, raw, pampd, pool, oidp, index);
- 	else
--		ret = (*tmem_pamops.get_data)(
-+		ret = (tmem_pamops->get_data)(
- 				data, sizep, raw, pampd, pool, oidp, index);
- 	if (ret < 0)
- 		goto out;
-@@ -816,10 +816,10 @@ int tmem_flush_page(struct tmem_pool *pool,
- 	pampd = tmem_pampd_delete_from_obj(obj, index);
- 	if (pampd == NULL)
- 		goto out;
--	(*tmem_pamops.free)(pampd, pool, oidp, index, true);
-+	(tmem_pamops->free)(pampd, pool, oidp, index, true);
- 	if (obj->pampd_count == 0) {
- 		tmem_obj_free(obj, hb);
--		(*tmem_hostops.obj_free)(obj, pool);
-+		(tmem_hostops->obj_free)(obj, pool);
- 	}
- 	ret = 0;
- 
-@@ -844,7 +844,7 @@ int tmem_flush_object(struct tmem_pool *pool, struct tmem_oid *oidp)
- 		goto out;
- 	tmem_pampd_destroy_all_in_obj(obj, false);
- 	tmem_obj_free(obj, hb);
--	(*tmem_hostops.obj_free)(obj, pool);
-+	(tmem_hostops->obj_free)(obj, pool);
- 	ret = 0;
- 
- out:
 diff --git a/drivers/staging/rtl8712/rtl871x_io.h b/drivers/staging/rtl8712/rtl871x_io.h
 index dc23395..cf7e9b1 100644
 --- a/drivers/staging/rtl8712/rtl871x_io.h
@@ -43209,19 +42147,19 @@ index 5dddc4d..34fcb2f 100644
  	/*
  	 * NOTE:
 diff --git a/drivers/staging/usbip/vhci_hcd.c b/drivers/staging/usbip/vhci_hcd.c
-index c3aa219..bf8b3de 100644
+index f1ca084..7b5c0c3 100644
 --- a/drivers/staging/usbip/vhci_hcd.c
 +++ b/drivers/staging/usbip/vhci_hcd.c
-@@ -451,7 +451,7 @@ static void vhci_tx_urb(struct urb *urb)
- 		return;
- 	}
+@@ -441,7 +441,7 @@ static void vhci_tx_urb(struct urb *urb)
+ 
+ 	spin_lock(&vdev->priv_lock);
  
 -	priv->seqnum = atomic_inc_return(&the_controller->seqnum);
 +	priv->seqnum = atomic_inc_return_unchecked(&the_controller->seqnum);
  	if (priv->seqnum == 0xffff)
  		dev_info(&urb->dev->dev, "seqnum max\n");
  
-@@ -703,7 +703,7 @@ static int vhci_urb_dequeue(struct usb_hcd *hcd, struct urb *urb, int status)
+@@ -687,7 +687,7 @@ static int vhci_urb_dequeue(struct usb_hcd *hcd, struct urb *urb, int status)
  			return -ENOMEM;
  		}
  
@@ -43230,7 +42168,7 @@ index c3aa219..bf8b3de 100644
  		if (unlink->seqnum == 0xffff)
  			pr_info("seqnum max\n");
  
-@@ -907,7 +907,7 @@ static int vhci_start(struct usb_hcd *hcd)
+@@ -891,7 +891,7 @@ static int vhci_start(struct usb_hcd *hcd)
  		vdev->rhport = rhport;
  	}
  
@@ -43240,10 +42178,10 @@ index c3aa219..bf8b3de 100644
  
  	hcd->power_budget = 0; /* no limit */
 diff --git a/drivers/staging/usbip/vhci_rx.c b/drivers/staging/usbip/vhci_rx.c
-index ba5f1c0..11d8122 100644
+index faf8e60..c46f8ab 100644
 --- a/drivers/staging/usbip/vhci_rx.c
 +++ b/drivers/staging/usbip/vhci_rx.c
-@@ -77,7 +77,7 @@ static void vhci_recv_ret_submit(struct vhci_device *vdev,
+@@ -76,7 +76,7 @@ static void vhci_recv_ret_submit(struct vhci_device *vdev,
  	if (!urb) {
  		pr_err("cannot find a urb of seqnum %u\n", pdu->base.seqnum);
  		pr_info("max seqnum %d\n",
@@ -43283,7 +42221,7 @@ index 5f13890..36a044b 100644
  
  	pDevice->apdev->type = ARPHRD_IEEE80211;
 diff --git a/drivers/staging/vt6656/hostap.c b/drivers/staging/vt6656/hostap.c
-index 26a7d0e..897b083 100644
+index bc5e9da..dacd556 100644
 --- a/drivers/staging/vt6656/hostap.c
 +++ b/drivers/staging/vt6656/hostap.c
 @@ -60,14 +60,13 @@ static int          msglevel                =MSG_LEVEL_INFO;
@@ -43292,18 +42230,18 @@ index 26a7d0e..897b083 100644
  
 +static net_device_ops_no_const apdev_netdev_ops;
 +
- static int hostap_enable_hostapd(PSDevice pDevice, int rtnl_locked)
+ static int hostap_enable_hostapd(struct vnt_private *pDevice, int rtnl_locked)
  {
-     PSDevice apdev_priv;
+ 	struct vnt_private *apdev_priv;
  	struct net_device *dev = pDevice->dev;
  	int ret;
 -	const struct net_device_ops apdev_netdev_ops = {
--		.ndo_start_xmit         = pDevice->tx_80211,
+-		.ndo_start_xmit = pDevice->tx_80211,
 -	};
  
      DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "%s: Enabling hostapd mode\n", dev->name);
  
-@@ -79,6 +78,8 @@ static int hostap_enable_hostapd(PSDevice pDevice, int rtnl_locked)
+@@ -79,6 +78,8 @@ static int hostap_enable_hostapd(struct vnt_private *pDevice, int rtnl_locked)
      *apdev_priv = *pDevice;
  	memcpy(pDevice->apdev->dev_addr, dev->dev_addr, ETH_ALEN);
  
@@ -43313,10 +42251,10 @@ index 26a7d0e..897b083 100644
  
  	pDevice->apdev->type = ARPHRD_IEEE80211;
 diff --git a/drivers/staging/zcache/tmem.c b/drivers/staging/zcache/tmem.c
-index 56c8e60..1920c63 100644
+index a2b7e03..9ff4bbd 100644
 --- a/drivers/staging/zcache/tmem.c
 +++ b/drivers/staging/zcache/tmem.c
-@@ -39,7 +39,7 @@
+@@ -50,7 +50,7 @@
   * A tmem host implementation must use this function to register callbacks
   * for memory allocation.
   */
@@ -43325,9 +42263,9 @@ index 56c8e60..1920c63 100644
  
  static void tmem_objnode_tree_init(void);
  
-@@ -53,7 +53,7 @@ void tmem_register_hostops(struct tmem_hostops *m)
+@@ -64,7 +64,7 @@ void tmem_register_hostops(struct tmem_hostops *m)
   * A tmem host implementation must use this function to register
-  * callbacks for a page-accessible memory (PAM) implementation
+  * callbacks for a page-accessible memory (PAM) implementation.
   */
 -static struct tmem_pamops tmem_pamops;
 +static tmem_pamops_no_const tmem_pamops;
@@ -43335,18 +42273,18 @@ index 56c8e60..1920c63 100644
  void tmem_register_pamops(struct tmem_pamops *m)
  {
 diff --git a/drivers/staging/zcache/tmem.h b/drivers/staging/zcache/tmem.h
-index 0d4aa82..f7832d4 100644
+index adbe5a8..d387359 100644
 --- a/drivers/staging/zcache/tmem.h
 +++ b/drivers/staging/zcache/tmem.h
-@@ -180,6 +180,7 @@ struct tmem_pamops {
- 	void (*new_obj)(struct tmem_obj *);
+@@ -226,6 +226,7 @@ struct tmem_pamops {
  	int (*replace_in_obj)(void *, struct tmem_obj *);
+ #endif
  };
 +typedef struct tmem_pamops __no_const tmem_pamops_no_const;
  extern void tmem_register_pamops(struct tmem_pamops *m);
  
  /* memory allocation methods provided by the host implementation */
-@@ -189,6 +190,7 @@ struct tmem_hostops {
+@@ -235,6 +236,7 @@ struct tmem_hostops {
  	struct tmem_objnode *(*objnode_alloc)(struct tmem_pool *);
  	void (*objnode_free)(struct tmem_objnode *, struct tmem_pool *);
  };
@@ -43355,10 +42293,10 @@ index 0d4aa82..f7832d4 100644
  
  /* core tmem accessor functions */
 diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c
-index 96f4981..4daaa7e 100644
+index 2e4d655..fd72e68 100644
 --- a/drivers/target/target_core_device.c
 +++ b/drivers/target/target_core_device.c
-@@ -1370,7 +1370,7 @@ struct se_device *target_alloc_device(struct se_hba *hba, const char *name)
+@@ -1414,7 +1414,7 @@ struct se_device *target_alloc_device(struct se_hba *hba, const char *name)
  	spin_lock_init(&dev->se_port_lock);
  	spin_lock_init(&dev->se_tmr_lock);
  	spin_lock_init(&dev->qf_cmd_lock);
@@ -43368,10 +42306,10 @@ index 96f4981..4daaa7e 100644
  	spin_lock_init(&dev->t10_wwn.t10_vpd_lock);
  	INIT_LIST_HEAD(&dev->t10_pr.registration_list);
 diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c
-index fcf880f..a4d1e8f 100644
+index 3243ea7..4f19a6e 100644
 --- a/drivers/target/target_core_transport.c
 +++ b/drivers/target/target_core_transport.c
-@@ -1077,7 +1077,7 @@ transport_check_alloc_task_attr(struct se_cmd *cmd)
+@@ -1080,7 +1080,7 @@ transport_check_alloc_task_attr(struct se_cmd *cmd)
  	 * Used to determine when ORDERED commands should go from
  	 * Dormant to Active status.
  	 */
@@ -43381,10 +42319,10 @@ index fcf880f..a4d1e8f 100644
  	pr_debug("Allocated se_ordered_id: %u for Task Attr: 0x%02x on %s\n",
  			cmd->se_ordered_id, cmd->sam_task_attr,
 diff --git a/drivers/tty/cyclades.c b/drivers/tty/cyclades.c
-index b09c8d1f..c4225c0 100644
+index 345bd0e..61d5375 100644
 --- a/drivers/tty/cyclades.c
 +++ b/drivers/tty/cyclades.c
-@@ -1589,10 +1589,10 @@ static int cy_open(struct tty_struct *tty, struct file *filp)
+@@ -1576,10 +1576,10 @@ static int cy_open(struct tty_struct *tty, struct file *filp)
  	printk(KERN_DEBUG "cyc:cy_open ttyC%d, count = %d\n", info->line,
  			info->port.count);
  #endif
@@ -43397,7 +42335,7 @@ index b09c8d1f..c4225c0 100644
  #endif
  
  	/*
-@@ -3991,7 +3991,7 @@ static int cyclades_proc_show(struct seq_file *m, void *v)
+@@ -3978,7 +3978,7 @@ static int cyclades_proc_show(struct seq_file *m, void *v)
  		for (j = 0; j < cy_card[i].nports; j++) {
  			info = &cy_card[i].ports[j];
  
@@ -43407,7 +42345,7 @@ index b09c8d1f..c4225c0 100644
  				struct tty_struct *tty;
  				struct tty_ldisc *ld;
 diff --git a/drivers/tty/hvc/hvc_console.c b/drivers/tty/hvc/hvc_console.c
-index 13ee53b..418d164 100644
+index eb255e8..f637a57 100644
 --- a/drivers/tty/hvc/hvc_console.c
 +++ b/drivers/tty/hvc/hvc_console.c
 @@ -338,7 +338,7 @@ static int hvc_open(struct tty_struct *tty, struct file * filp)
@@ -43465,7 +42403,7 @@ index 13ee53b..418d164 100644
  
  	spin_lock_irqsave(&hp->lock, flags);
 diff --git a/drivers/tty/hvc/hvcs.c b/drivers/tty/hvc/hvcs.c
-index 8776357..b2d4afd 100644
+index 81e939e..95ead10 100644
 --- a/drivers/tty/hvc/hvcs.c
 +++ b/drivers/tty/hvc/hvcs.c
 @@ -83,6 +83,7 @@
@@ -43485,7 +42423,7 @@ index 8776357..b2d4afd 100644
  		spin_unlock_irqrestore(&hvcsd->lock, flags);
  		printk(KERN_INFO "HVCS: vterm state unchanged.  "
  				"The hvcs device node is still in use.\n");
-@@ -1132,7 +1133,7 @@ static int hvcs_install(struct tty_driver *driver, struct tty_struct *tty)
+@@ -1127,7 +1128,7 @@ static int hvcs_install(struct tty_driver *driver, struct tty_struct *tty)
  		}
  	}
  
@@ -43494,7 +42432,7 @@ index 8776357..b2d4afd 100644
  	hvcsd->port.tty = tty;
  	tty->driver_data = hvcsd;
  
-@@ -1185,7 +1186,7 @@ static int hvcs_open(struct tty_struct *tty, struct file *filp)
+@@ -1180,7 +1181,7 @@ static int hvcs_open(struct tty_struct *tty, struct file *filp)
  	unsigned long flags;
  
  	spin_lock_irqsave(&hvcsd->lock, flags);
@@ -43503,7 +42441,7 @@ index 8776357..b2d4afd 100644
  	hvcsd->todo_mask |= HVCS_SCHED_READ;
  	spin_unlock_irqrestore(&hvcsd->lock, flags);
  
-@@ -1221,7 +1222,7 @@ static void hvcs_close(struct tty_struct *tty, struct file *filp)
+@@ -1216,7 +1217,7 @@ static void hvcs_close(struct tty_struct *tty, struct file *filp)
  	hvcsd = tty->driver_data;
  
  	spin_lock_irqsave(&hvcsd->lock, flags);
@@ -43512,7 +42450,7 @@ index 8776357..b2d4afd 100644
  
  		vio_disable_interrupts(hvcsd->vdev);
  
-@@ -1246,10 +1247,10 @@ static void hvcs_close(struct tty_struct *tty, struct file *filp)
+@@ -1241,10 +1242,10 @@ static void hvcs_close(struct tty_struct *tty, struct file *filp)
  
  		free_irq(irq, hvcsd);
  		return;
@@ -43525,7 +42463,7 @@ index 8776357..b2d4afd 100644
  	}
  
  	spin_unlock_irqrestore(&hvcsd->lock, flags);
-@@ -1271,7 +1272,7 @@ static void hvcs_hangup(struct tty_struct * tty)
+@@ -1266,7 +1267,7 @@ static void hvcs_hangup(struct tty_struct * tty)
  
  	spin_lock_irqsave(&hvcsd->lock, flags);
  	/* Preserve this so that we know how many kref refs to put */
@@ -43534,7 +42472,7 @@ index 8776357..b2d4afd 100644
  
  	/*
  	 * Don't kref put inside the spinlock because the destruction
-@@ -1286,7 +1287,7 @@ static void hvcs_hangup(struct tty_struct * tty)
+@@ -1281,7 +1282,7 @@ static void hvcs_hangup(struct tty_struct * tty)
  	tty->driver_data = NULL;
  	hvcsd->port.tty = NULL;
  
@@ -43543,7 +42481,7 @@ index 8776357..b2d4afd 100644
  
  	/* This will drop any buffered data on the floor which is OK in a hangup
  	 * scenario. */
-@@ -1357,7 +1358,7 @@ static int hvcs_write(struct tty_struct *tty,
+@@ -1352,7 +1353,7 @@ static int hvcs_write(struct tty_struct *tty,
  	 * the middle of a write operation?  This is a crummy place to do this
  	 * but we want to keep it all in the spinlock.
  	 */
@@ -43552,7 +42490,7 @@ index 8776357..b2d4afd 100644
  		spin_unlock_irqrestore(&hvcsd->lock, flags);
  		return -ENODEV;
  	}
-@@ -1431,7 +1432,7 @@ static int hvcs_write_room(struct tty_struct *tty)
+@@ -1426,7 +1427,7 @@ static int hvcs_write_room(struct tty_struct *tty)
  {
  	struct hvcs_struct *hvcsd = tty->driver_data;
  
@@ -43562,7 +42500,7 @@ index 8776357..b2d4afd 100644
  
  	return HVCS_BUFF_LEN - hvcsd->chars_in_buffer;
 diff --git a/drivers/tty/ipwireless/tty.c b/drivers/tty/ipwireless/tty.c
-index 2cde13d..645d78f 100644
+index 8fd72ff..34a0bed 100644
 --- a/drivers/tty/ipwireless/tty.c
 +++ b/drivers/tty/ipwireless/tty.c
 @@ -29,6 +29,7 @@
@@ -43606,16 +42544,16 @@ index 2cde13d..645d78f 100644
  		mutex_unlock(&tty->ipw_tty_mutex);
  		return;
  	}
-@@ -170,7 +169,7 @@ void ipwireless_tty_received(struct ipw_tty *tty, unsigned char *data,
- 		return;
- 	}
+@@ -164,7 +163,7 @@ void ipwireless_tty_received(struct ipw_tty *tty, unsigned char *data,
+ 
+ 	mutex_lock(&tty->ipw_tty_mutex);
  
 -	if (!tty->port.count) {
 +	if (!atomic_read(&tty->port.count)) {
  		mutex_unlock(&tty->ipw_tty_mutex);
  		return;
  	}
-@@ -212,7 +211,7 @@ static int ipw_write(struct tty_struct *linux_tty,
+@@ -206,7 +205,7 @@ static int ipw_write(struct tty_struct *linux_tty,
  		return -ENODEV;
  
  	mutex_lock(&tty->ipw_tty_mutex);
@@ -43624,7 +42562,7 @@ index 2cde13d..645d78f 100644
  		mutex_unlock(&tty->ipw_tty_mutex);
  		return -EINVAL;
  	}
-@@ -252,7 +251,7 @@ static int ipw_write_room(struct tty_struct *linux_tty)
+@@ -246,7 +245,7 @@ static int ipw_write_room(struct tty_struct *linux_tty)
  	if (!tty)
  		return -ENODEV;
  
@@ -43633,7 +42571,7 @@ index 2cde13d..645d78f 100644
  		return -EINVAL;
  
  	room = IPWIRELESS_TX_QUEUE_SIZE - tty->tx_bytes_queued;
-@@ -294,7 +293,7 @@ static int ipw_chars_in_buffer(struct tty_struct *linux_tty)
+@@ -288,7 +287,7 @@ static int ipw_chars_in_buffer(struct tty_struct *linux_tty)
  	if (!tty)
  		return 0;
  
@@ -43642,7 +42580,7 @@ index 2cde13d..645d78f 100644
  		return 0;
  
  	return tty->tx_bytes_queued;
-@@ -375,7 +374,7 @@ static int ipw_tiocmget(struct tty_struct *linux_tty)
+@@ -369,7 +368,7 @@ static int ipw_tiocmget(struct tty_struct *linux_tty)
  	if (!tty)
  		return -ENODEV;
  
@@ -43651,7 +42589,7 @@ index 2cde13d..645d78f 100644
  		return -EINVAL;
  
  	return get_control_lines(tty);
-@@ -391,7 +390,7 @@ ipw_tiocmset(struct tty_struct *linux_tty,
+@@ -385,7 +384,7 @@ ipw_tiocmset(struct tty_struct *linux_tty,
  	if (!tty)
  		return -ENODEV;
  
@@ -43660,7 +42598,7 @@ index 2cde13d..645d78f 100644
  		return -EINVAL;
  
  	return set_control_lines(tty, set, clear);
-@@ -405,7 +404,7 @@ static int ipw_ioctl(struct tty_struct *linux_tty,
+@@ -399,7 +398,7 @@ static int ipw_ioctl(struct tty_struct *linux_tty,
  	if (!tty)
  		return -ENODEV;
  
@@ -43669,7 +42607,7 @@ index 2cde13d..645d78f 100644
  		return -EINVAL;
  
  	/* FIXME: Exactly how is the tty object locked here .. */
-@@ -561,7 +560,7 @@ void ipwireless_tty_free(struct ipw_tty *tty)
+@@ -555,7 +554,7 @@ void ipwireless_tty_free(struct ipw_tty *tty)
  				 * are gone */
  				mutex_lock(&ttyj->ipw_tty_mutex);
  			}
@@ -43679,7 +42617,7 @@ index 2cde13d..645d78f 100644
  			ipwireless_disassociate_network_ttys(network,
  							     ttyj->channel_idx);
 diff --git a/drivers/tty/moxa.c b/drivers/tty/moxa.c
-index f9d2850..b006f04 100644
+index adeac25..787a0a1 100644
 --- a/drivers/tty/moxa.c
 +++ b/drivers/tty/moxa.c
 @@ -1193,7 +1193,7 @@ static int moxa_open(struct tty_struct *tty, struct file *filp)
@@ -43692,7 +42630,7 @@ index f9d2850..b006f04 100644
  	tty_port_tty_set(&ch->port, tty);
  	mutex_lock(&ch->port.mutex);
 diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c
-index bfd6771..e0d93c4 100644
+index 4a43ef5d7..aa71f27 100644
 --- a/drivers/tty/n_gsm.c
 +++ b/drivers/tty/n_gsm.c
 @@ -1636,7 +1636,7 @@ static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr)
@@ -43714,10 +42652,10 @@ index bfd6771..e0d93c4 100644
  	dlci_get(dlci->gsm->dlci[0]);
  	mux_get(dlci->gsm);
 diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c
-index 19083ef..6e34e97 100644
+index 05e72be..67f6a0f 100644
 --- a/drivers/tty/n_tty.c
 +++ b/drivers/tty/n_tty.c
-@@ -2196,6 +2196,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
+@@ -2197,6 +2197,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
  {
  	*ops = tty_ldisc_N_TTY;
  	ops->owner = NULL;
@@ -43727,10 +42665,10 @@ index 19083ef..6e34e97 100644
  }
  EXPORT_SYMBOL_GPL(n_tty_inherit_ops);
 diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c
-index c830b60..b239698 100644
+index 125e0fd..8c50690 100644
 --- a/drivers/tty/pty.c
 +++ b/drivers/tty/pty.c
-@@ -793,8 +793,10 @@ static void __init unix98_pty_init(void)
+@@ -800,8 +800,10 @@ static void __init unix98_pty_init(void)
  		panic("Couldn't register Unix98 pts driver");
  
  	/* Now create the /dev/ptmx special device */
@@ -43743,10 +42681,10 @@ index c830b60..b239698 100644
  	cdev_init(&ptmx_cdev, &ptmx_fops);
  	if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) ||
 diff --git a/drivers/tty/rocket.c b/drivers/tty/rocket.c
-index e42009a..566a036 100644
+index 1d27003..959f452 100644
 --- a/drivers/tty/rocket.c
 +++ b/drivers/tty/rocket.c
-@@ -925,7 +925,7 @@ static int rp_open(struct tty_struct *tty, struct file *filp)
+@@ -923,7 +923,7 @@ static int rp_open(struct tty_struct *tty, struct file *filp)
  	tty->driver_data = info;
  	tty_port_tty_set(port, tty);
  
@@ -43755,7 +42693,7 @@ index e42009a..566a036 100644
  		atomic_inc(&rp_num_ports_open);
  
  #ifdef ROCKET_DEBUG_OPEN
-@@ -934,7 +934,7 @@ static int rp_open(struct tty_struct *tty, struct file *filp)
+@@ -932,7 +932,7 @@ static int rp_open(struct tty_struct *tty, struct file *filp)
  #endif
  	}
  #ifdef ROCKET_DEBUG_OPEN
@@ -43764,7 +42702,7 @@ index e42009a..566a036 100644
  #endif
  
  	/*
-@@ -1529,7 +1529,7 @@ static void rp_hangup(struct tty_struct *tty)
+@@ -1527,7 +1527,7 @@ static void rp_hangup(struct tty_struct *tty)
  		spin_unlock_irqrestore(&info->port.lock, flags);
  		return;
  	}
@@ -43880,10 +42818,10 @@ index 1002054..dd644a8 100644
  /* This is only available if kgdboc is a built in for early debugging */
  static int __init kgdboc_early_init(char *opt)
 diff --git a/drivers/tty/serial/samsung.c b/drivers/tty/serial/samsung.c
-index e514b3a..c73d614 100644
+index 2769a38..f3dbe48 100644
 --- a/drivers/tty/serial/samsung.c
 +++ b/drivers/tty/serial/samsung.c
-@@ -453,11 +453,16 @@ static void s3c24xx_serial_shutdown(struct uart_port *port)
+@@ -451,11 +451,16 @@ static void s3c24xx_serial_shutdown(struct uart_port *port)
  	}
  }
  
@@ -43900,7 +42838,7 @@ index e514b3a..c73d614 100644
  	dbg("s3c24xx_serial_startup: port=%p (%08lx,%p)\n",
  	    port->mapbase, port->membase);
  
-@@ -1122,10 +1127,6 @@ static int s3c24xx_serial_init_port(struct s3c24xx_uart_port *ourport,
+@@ -1120,10 +1125,6 @@ static int s3c24xx_serial_init_port(struct s3c24xx_uart_port *ourport,
  	/* setup info for port */
  	port->dev	= &platdev->dev;
  
@@ -43912,10 +42850,10 @@ index e514b3a..c73d614 100644
  
  	if (cfg->uart_flags & UPF_CONS_FLOW) {
 diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c
-index 4293a3e..7227e42 100644
+index 8fbb6d2..822a9e6 100644
 --- a/drivers/tty/serial/serial_core.c
 +++ b/drivers/tty/serial/serial_core.c
-@@ -1455,7 +1455,7 @@ static void uart_hangup(struct tty_struct *tty)
+@@ -1454,7 +1454,7 @@ static void uart_hangup(struct tty_struct *tty)
  		uart_flush_buffer(tty);
  		uart_shutdown(tty, state);
  		spin_lock_irqsave(&port->lock, flags);
@@ -43924,7 +42862,7 @@ index 4293a3e..7227e42 100644
  		clear_bit(ASYNCB_NORMAL_ACTIVE, &port->flags);
  		spin_unlock_irqrestore(&port->lock, flags);
  		tty_port_tty_set(port, NULL);
-@@ -1551,7 +1551,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp)
+@@ -1550,7 +1550,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp)
  		goto end;
  	}
  
@@ -43939,7 +42877,7 @@ index 4293a3e..7227e42 100644
  	 */
 -	if (port->count == 1)
 +	if (atomic_read(&port->count) == 1)
- 		uart_change_pm(state, 0);
+ 		uart_change_pm(state, UART_PM_STATE_ON);
  
  	/*
 @@ -1596,7 +1596,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp)
@@ -43952,10 +42890,10 @@ index 4293a3e..7227e42 100644
  	goto end;
  }
 diff --git a/drivers/tty/synclink.c b/drivers/tty/synclink.c
-index 9e071f6..f30ae69 100644
+index 8983276..72a4090 100644
 --- a/drivers/tty/synclink.c
 +++ b/drivers/tty/synclink.c
-@@ -3095,7 +3095,7 @@ static void mgsl_close(struct tty_struct *tty, struct file * filp)
+@@ -3093,7 +3093,7 @@ static void mgsl_close(struct tty_struct *tty, struct file * filp)
  	
  	if (debug_level >= DEBUG_LEVEL_INFO)
  		printk("%s(%d):mgsl_close(%s) entry, count=%d\n",
@@ -43964,7 +42902,7 @@ index 9e071f6..f30ae69 100644
  
  	if (tty_port_close_start(&info->port, tty, filp) == 0)			 
  		goto cleanup;
-@@ -3113,7 +3113,7 @@ static void mgsl_close(struct tty_struct *tty, struct file * filp)
+@@ -3111,7 +3111,7 @@ static void mgsl_close(struct tty_struct *tty, struct file * filp)
  cleanup:			
  	if (debug_level >= DEBUG_LEVEL_INFO)
  		printk("%s(%d):mgsl_close(%s) exit, count=%d\n", __FILE__,__LINE__,
@@ -43973,7 +42911,7 @@ index 9e071f6..f30ae69 100644
  			
  }	/* end of mgsl_close() */
  
-@@ -3212,8 +3212,8 @@ static void mgsl_hangup(struct tty_struct *tty)
+@@ -3210,8 +3210,8 @@ static void mgsl_hangup(struct tty_struct *tty)
  
  	mgsl_flush_buffer(tty);
  	shutdown(info);
@@ -43984,7 +42922,7 @@ index 9e071f6..f30ae69 100644
  	info->port.flags &= ~ASYNC_NORMAL_ACTIVE;
  	info->port.tty = NULL;
  
-@@ -3302,12 +3302,12 @@ static int block_til_ready(struct tty_struct *tty, struct file * filp,
+@@ -3300,12 +3300,12 @@ static int block_til_ready(struct tty_struct *tty, struct file * filp,
  	
  	if (debug_level >= DEBUG_LEVEL_INFO)
  		printk("%s(%d):block_til_ready before block on %s count=%d\n",
@@ -43999,7 +42937,7 @@ index 9e071f6..f30ae69 100644
  	}
  	spin_unlock_irqrestore(&info->irq_spinlock, flags);
  	port->blocked_open++;
-@@ -3336,7 +3336,7 @@ static int block_til_ready(struct tty_struct *tty, struct file * filp,
+@@ -3334,7 +3334,7 @@ static int block_til_ready(struct tty_struct *tty, struct file * filp,
  		
  		if (debug_level >= DEBUG_LEVEL_INFO)
  			printk("%s(%d):block_til_ready blocking on %s count=%d\n",
@@ -44008,7 +42946,7 @@ index 9e071f6..f30ae69 100644
  				 
  		tty_unlock(tty);
  		schedule();
-@@ -3348,12 +3348,12 @@ static int block_til_ready(struct tty_struct *tty, struct file * filp,
+@@ -3346,12 +3346,12 @@ static int block_til_ready(struct tty_struct *tty, struct file * filp,
  	
  	/* FIXME: Racy on hangup during close wait */
  	if (extra_count)
@@ -44023,7 +42961,7 @@ index 9e071f6..f30ae69 100644
  			 
  	if (!retval)
  		port->flags |= ASYNC_NORMAL_ACTIVE;
-@@ -3405,7 +3405,7 @@ static int mgsl_open(struct tty_struct *tty, struct file * filp)
+@@ -3403,7 +3403,7 @@ static int mgsl_open(struct tty_struct *tty, struct file * filp)
  		
  	if (debug_level >= DEBUG_LEVEL_INFO)
  		printk("%s(%d):mgsl_open(%s), old ref count = %d\n",
@@ -44032,7 +42970,7 @@ index 9e071f6..f30ae69 100644
  
  	/* If port is closing, signal caller to try again */
  	if (tty_hung_up_p(filp) || info->port.flags & ASYNC_CLOSING){
-@@ -3424,10 +3424,10 @@ static int mgsl_open(struct tty_struct *tty, struct file * filp)
+@@ -3422,10 +3422,10 @@ static int mgsl_open(struct tty_struct *tty, struct file * filp)
  		spin_unlock_irqrestore(&info->netlock, flags);
  		goto cleanup;
  	}
@@ -44045,7 +42983,7 @@ index 9e071f6..f30ae69 100644
  		/* 1st open on this device, init hardware */
  		retval = startup(info);
  		if (retval < 0)
-@@ -3451,8 +3451,8 @@ cleanup:
+@@ -3449,8 +3449,8 @@ cleanup:
  	if (retval) {
  		if (tty->count == 1)
  			info->port.tty = NULL; /* tty layer will release tty struct */
@@ -44056,7 +42994,7 @@ index 9e071f6..f30ae69 100644
  	}
  	
  	return retval;
-@@ -7662,7 +7662,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding,
+@@ -7668,7 +7668,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding,
  	unsigned short new_crctype;
  
  	/* return error if TTY interface open */
@@ -44065,7 +43003,7 @@ index 9e071f6..f30ae69 100644
  		return -EBUSY;
  
  	switch (encoding)
-@@ -7757,7 +7757,7 @@ static int hdlcdev_open(struct net_device *dev)
+@@ -7763,7 +7763,7 @@ static int hdlcdev_open(struct net_device *dev)
  
  	/* arbitrate between network and tty opens */
  	spin_lock_irqsave(&info->netlock, flags);
@@ -44074,7 +43012,7 @@ index 9e071f6..f30ae69 100644
  		printk(KERN_WARNING "%s: hdlc_open returning busy\n", dev->name);
  		spin_unlock_irqrestore(&info->netlock, flags);
  		return -EBUSY;
-@@ -7843,7 +7843,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
+@@ -7849,7 +7849,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
  		printk("%s:hdlcdev_ioctl(%s)\n",__FILE__,dev->name);
  
  	/* return error if TTY interface open */
@@ -44084,10 +43022,10 @@ index 9e071f6..f30ae69 100644
  
  	if (cmd != SIOCWANDEV)
 diff --git a/drivers/tty/synclink_gt.c b/drivers/tty/synclink_gt.c
-index aba1e59..877ac33 100644
+index aa9eece..d8baaec 100644
 --- a/drivers/tty/synclink_gt.c
 +++ b/drivers/tty/synclink_gt.c
-@@ -671,7 +671,7 @@ static int open(struct tty_struct *tty, struct file *filp)
+@@ -670,7 +670,7 @@ static int open(struct tty_struct *tty, struct file *filp)
  	tty->driver_data = info;
  	info->port.tty = tty;
  
@@ -44096,7 +43034,7 @@ index aba1e59..877ac33 100644
  
  	/* If port is closing, signal caller to try again */
  	if (tty_hung_up_p(filp) || info->port.flags & ASYNC_CLOSING){
-@@ -692,10 +692,10 @@ static int open(struct tty_struct *tty, struct file *filp)
+@@ -691,10 +691,10 @@ static int open(struct tty_struct *tty, struct file *filp)
  		mutex_unlock(&info->port.mutex);
  		goto cleanup;
  	}
@@ -44109,7 +43047,7 @@ index aba1e59..877ac33 100644
  		/* 1st open on this device, init hardware */
  		retval = startup(info);
  		if (retval < 0) {
-@@ -716,8 +716,8 @@ cleanup:
+@@ -715,8 +715,8 @@ cleanup:
  	if (retval) {
  		if (tty->count == 1)
  			info->port.tty = NULL; /* tty layer will release tty struct */
@@ -44120,7 +43058,7 @@ index aba1e59..877ac33 100644
  	}
  
  	DBGINFO(("%s open rc=%d\n", info->device_name, retval));
-@@ -730,7 +730,7 @@ static void close(struct tty_struct *tty, struct file *filp)
+@@ -729,7 +729,7 @@ static void close(struct tty_struct *tty, struct file *filp)
  
  	if (sanity_check(info, tty->name, "close"))
  		return;
@@ -44129,7 +43067,7 @@ index aba1e59..877ac33 100644
  
  	if (tty_port_close_start(&info->port, tty, filp) == 0)
  		goto cleanup;
-@@ -747,7 +747,7 @@ static void close(struct tty_struct *tty, struct file *filp)
+@@ -746,7 +746,7 @@ static void close(struct tty_struct *tty, struct file *filp)
  	tty_port_close_end(&info->port, tty);
  	info->port.tty = NULL;
  cleanup:
@@ -44138,7 +43076,7 @@ index aba1e59..877ac33 100644
  }
  
  static void hangup(struct tty_struct *tty)
-@@ -765,7 +765,7 @@ static void hangup(struct tty_struct *tty)
+@@ -764,7 +764,7 @@ static void hangup(struct tty_struct *tty)
  	shutdown(info);
  
  	spin_lock_irqsave(&info->port.lock, flags);
@@ -44147,7 +43085,7 @@ index aba1e59..877ac33 100644
  	info->port.flags &= ~ASYNC_NORMAL_ACTIVE;
  	info->port.tty = NULL;
  	spin_unlock_irqrestore(&info->port.lock, flags);
-@@ -1450,7 +1450,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding,
+@@ -1449,7 +1449,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding,
  	unsigned short new_crctype;
  
  	/* return error if TTY interface open */
@@ -44156,7 +43094,7 @@ index aba1e59..877ac33 100644
  		return -EBUSY;
  
  	DBGINFO(("%s hdlcdev_attach\n", info->device_name));
-@@ -1545,7 +1545,7 @@ static int hdlcdev_open(struct net_device *dev)
+@@ -1544,7 +1544,7 @@ static int hdlcdev_open(struct net_device *dev)
  
  	/* arbitrate between network and tty opens */
  	spin_lock_irqsave(&info->netlock, flags);
@@ -44165,7 +43103,7 @@ index aba1e59..877ac33 100644
  		DBGINFO(("%s hdlc_open busy\n", dev->name));
  		spin_unlock_irqrestore(&info->netlock, flags);
  		return -EBUSY;
-@@ -1630,7 +1630,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
+@@ -1629,7 +1629,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
  	DBGINFO(("%s hdlcdev_ioctl\n", dev->name));
  
  	/* return error if TTY interface open */
@@ -44174,7 +43112,7 @@ index aba1e59..877ac33 100644
  		return -EBUSY;
  
  	if (cmd != SIOCWANDEV)
-@@ -2419,7 +2419,7 @@ static irqreturn_t slgt_interrupt(int dummy, void *dev_id)
+@@ -2413,7 +2413,7 @@ static irqreturn_t slgt_interrupt(int dummy, void *dev_id)
  		if (port == NULL)
  			continue;
  		spin_lock(&port->lock);
@@ -44183,7 +43121,7 @@ index aba1e59..877ac33 100644
  		    port->pending_bh && !port->bh_running &&
  		    !port->bh_requested) {
  			DBGISR(("%s bh queued\n", port->device_name));
-@@ -3308,7 +3308,7 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp,
+@@ -3302,7 +3302,7 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp,
  	spin_lock_irqsave(&info->lock, flags);
  	if (!tty_hung_up_p(filp)) {
  		extra_count = true;
@@ -44192,7 +43130,7 @@ index aba1e59..877ac33 100644
  	}
  	spin_unlock_irqrestore(&info->lock, flags);
  	port->blocked_open++;
-@@ -3345,7 +3345,7 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp,
+@@ -3339,7 +3339,7 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp,
  	remove_wait_queue(&port->open_wait, &wait);
  
  	if (extra_count)
@@ -44202,10 +43140,10 @@ index aba1e59..877ac33 100644
  
  	if (!retval)
 diff --git a/drivers/tty/synclinkmp.c b/drivers/tty/synclinkmp.c
-index fd43fb6..34704ad 100644
+index 6d5780c..aa4d8cd 100644
 --- a/drivers/tty/synclinkmp.c
 +++ b/drivers/tty/synclinkmp.c
-@@ -751,7 +751,7 @@ static int open(struct tty_struct *tty, struct file *filp)
+@@ -750,7 +750,7 @@ static int open(struct tty_struct *tty, struct file *filp)
  
  	if (debug_level >= DEBUG_LEVEL_INFO)
  		printk("%s(%d):%s open(), old ref count = %d\n",
@@ -44214,7 +43152,7 @@ index fd43fb6..34704ad 100644
  
  	/* If port is closing, signal caller to try again */
  	if (tty_hung_up_p(filp) || info->port.flags & ASYNC_CLOSING){
-@@ -770,10 +770,10 @@ static int open(struct tty_struct *tty, struct file *filp)
+@@ -769,10 +769,10 @@ static int open(struct tty_struct *tty, struct file *filp)
  		spin_unlock_irqrestore(&info->netlock, flags);
  		goto cleanup;
  	}
@@ -44227,7 +43165,7 @@ index fd43fb6..34704ad 100644
  		/* 1st open on this device, init hardware */
  		retval = startup(info);
  		if (retval < 0)
-@@ -797,8 +797,8 @@ cleanup:
+@@ -796,8 +796,8 @@ cleanup:
  	if (retval) {
  		if (tty->count == 1)
  			info->port.tty = NULL; /* tty layer will release tty struct */
@@ -44238,7 +43176,7 @@ index fd43fb6..34704ad 100644
  	}
  
  	return retval;
-@@ -816,7 +816,7 @@ static void close(struct tty_struct *tty, struct file *filp)
+@@ -815,7 +815,7 @@ static void close(struct tty_struct *tty, struct file *filp)
  
  	if (debug_level >= DEBUG_LEVEL_INFO)
  		printk("%s(%d):%s close() entry, count=%d\n",
@@ -44247,7 +43185,7 @@ index fd43fb6..34704ad 100644
  
  	if (tty_port_close_start(&info->port, tty, filp) == 0)
  		goto cleanup;
-@@ -835,7 +835,7 @@ static void close(struct tty_struct *tty, struct file *filp)
+@@ -834,7 +834,7 @@ static void close(struct tty_struct *tty, struct file *filp)
  cleanup:
  	if (debug_level >= DEBUG_LEVEL_INFO)
  		printk("%s(%d):%s close() exit, count=%d\n", __FILE__,__LINE__,
@@ -44256,7 +43194,7 @@ index fd43fb6..34704ad 100644
  }
  
  /* Called by tty_hangup() when a hangup is signaled.
-@@ -858,7 +858,7 @@ static void hangup(struct tty_struct *tty)
+@@ -857,7 +857,7 @@ static void hangup(struct tty_struct *tty)
  	shutdown(info);
  
  	spin_lock_irqsave(&info->port.lock, flags);
@@ -44265,7 +43203,7 @@ index fd43fb6..34704ad 100644
  	info->port.flags &= ~ASYNC_NORMAL_ACTIVE;
  	info->port.tty = NULL;
  	spin_unlock_irqrestore(&info->port.lock, flags);
-@@ -1566,7 +1566,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding,
+@@ -1565,7 +1565,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding,
  	unsigned short new_crctype;
  
  	/* return error if TTY interface open */
@@ -44274,7 +43212,7 @@ index fd43fb6..34704ad 100644
  		return -EBUSY;
  
  	switch (encoding)
-@@ -1661,7 +1661,7 @@ static int hdlcdev_open(struct net_device *dev)
+@@ -1660,7 +1660,7 @@ static int hdlcdev_open(struct net_device *dev)
  
  	/* arbitrate between network and tty opens */
  	spin_lock_irqsave(&info->netlock, flags);
@@ -44283,7 +43221,7 @@ index fd43fb6..34704ad 100644
  		printk(KERN_WARNING "%s: hdlc_open returning busy\n", dev->name);
  		spin_unlock_irqrestore(&info->netlock, flags);
  		return -EBUSY;
-@@ -1747,7 +1747,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
+@@ -1746,7 +1746,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
  		printk("%s:hdlcdev_ioctl(%s)\n",__FILE__,dev->name);
  
  	/* return error if TTY interface open */
@@ -44292,7 +43230,7 @@ index fd43fb6..34704ad 100644
  		return -EBUSY;
  
  	if (cmd != SIOCWANDEV)
-@@ -2632,7 +2632,7 @@ static irqreturn_t synclinkmp_interrupt(int dummy, void *dev_id)
+@@ -2620,7 +2620,7 @@ static irqreturn_t synclinkmp_interrupt(int dummy, void *dev_id)
  		 * do not request bottom half processing if the
  		 * device is not open in a normal mode.
  		 */
@@ -44301,7 +43239,7 @@ index fd43fb6..34704ad 100644
  		     port->pending_bh && !port->bh_running &&
  		     !port->bh_requested ) {
  			if ( debug_level >= DEBUG_LEVEL_ISR )
-@@ -3330,12 +3330,12 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp,
+@@ -3318,12 +3318,12 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp,
  
  	if (debug_level >= DEBUG_LEVEL_INFO)
  		printk("%s(%d):%s block_til_ready() before block, count=%d\n",
@@ -44316,7 +43254,7 @@ index fd43fb6..34704ad 100644
  	}
  	spin_unlock_irqrestore(&info->lock, flags);
  	port->blocked_open++;
-@@ -3364,7 +3364,7 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp,
+@@ -3352,7 +3352,7 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp,
  
  		if (debug_level >= DEBUG_LEVEL_INFO)
  			printk("%s(%d):%s block_til_ready() count=%d\n",
@@ -44325,7 +43263,7 @@ index fd43fb6..34704ad 100644
  
  		tty_unlock(tty);
  		schedule();
-@@ -3375,12 +3375,12 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp,
+@@ -3363,12 +3363,12 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp,
  	remove_wait_queue(&port->open_wait, &wait);
  
  	if (extra_count)
@@ -44341,10 +43279,10 @@ index fd43fb6..34704ad 100644
  	if (!retval)
  		port->flags |= ASYNC_NORMAL_ACTIVE;
 diff --git a/drivers/tty/sysrq.c b/drivers/tty/sysrq.c
-index b3c4a25..723916f 100644
+index 3687f0c..6b9b808 100644
 --- a/drivers/tty/sysrq.c
 +++ b/drivers/tty/sysrq.c
-@@ -867,7 +867,7 @@ EXPORT_SYMBOL(unregister_sysrq_key);
+@@ -995,7 +995,7 @@ EXPORT_SYMBOL(unregister_sysrq_key);
  static ssize_t write_sysrq_trigger(struct file *file, const char __user *buf,
  				   size_t count, loff_t *ppos)
  {
@@ -44354,10 +43292,10 @@ index b3c4a25..723916f 100644
  
  		if (get_user(c, buf))
 diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
-index f34f98d..73c6c42 100644
+index a9cd0b9..47b9336 100644
 --- a/drivers/tty/tty_io.c
 +++ b/drivers/tty/tty_io.c
-@@ -3401,7 +3401,7 @@ EXPORT_SYMBOL_GPL(get_current_tty);
+@@ -3398,7 +3398,7 @@ EXPORT_SYMBOL_GPL(get_current_tty);
  
  void tty_default_fops(struct file_operations *fops)
  {
@@ -44367,7 +43305,7 @@ index f34f98d..73c6c42 100644
  
  /*
 diff --git a/drivers/tty/tty_ldisc.c b/drivers/tty/tty_ldisc.c
-index 78f1be2..3e98910 100644
+index d794087..e4f49e5 100644
 --- a/drivers/tty/tty_ldisc.c
 +++ b/drivers/tty/tty_ldisc.c
 @@ -56,7 +56,7 @@ static void put_ldisc(struct tty_ldisc *ld)
@@ -44379,7 +43317,7 @@ index 78f1be2..3e98910 100644
  		module_put(ldo->owner);
  		raw_spin_unlock_irqrestore(&tty_ldisc_lock, flags);
  
-@@ -91,7 +91,7 @@ int tty_register_ldisc(int disc, struct tty_ldisc_ops *new_ldisc)
+@@ -93,7 +93,7 @@ int tty_register_ldisc(int disc, struct tty_ldisc_ops *new_ldisc)
  	raw_spin_lock_irqsave(&tty_ldisc_lock, flags);
  	tty_ldiscs[disc] = new_ldisc;
  	new_ldisc->num = disc;
@@ -44388,7 +43326,7 @@ index 78f1be2..3e98910 100644
  	raw_spin_unlock_irqrestore(&tty_ldisc_lock, flags);
  
  	return ret;
-@@ -119,7 +119,7 @@ int tty_unregister_ldisc(int disc)
+@@ -121,7 +121,7 @@ int tty_unregister_ldisc(int disc)
  		return -EINVAL;
  
  	raw_spin_lock_irqsave(&tty_ldisc_lock, flags);
@@ -44397,7 +43335,7 @@ index 78f1be2..3e98910 100644
  		ret = -EBUSY;
  	else
  		tty_ldiscs[disc] = NULL;
-@@ -140,7 +140,7 @@ static struct tty_ldisc_ops *get_ldops(int disc)
+@@ -142,7 +142,7 @@ static struct tty_ldisc_ops *get_ldops(int disc)
  	if (ldops) {
  		ret = ERR_PTR(-EAGAIN);
  		if (try_module_get(ldops->owner)) {
@@ -44406,7 +43344,7 @@ index 78f1be2..3e98910 100644
  			ret = ldops;
  		}
  	}
-@@ -153,7 +153,7 @@ static void put_ldops(struct tty_ldisc_ops *ldops)
+@@ -155,7 +155,7 @@ static void put_ldops(struct tty_ldisc_ops *ldops)
  	unsigned long flags;
  
  	raw_spin_lock_irqsave(&tty_ldisc_lock, flags);
@@ -44483,10 +43421,10 @@ index b7ff59d..7c6105e 100644
  	tty_port_tty_set(port, tty);
  
 diff --git a/drivers/tty/vt/keyboard.c b/drivers/tty/vt/keyboard.c
-index 681765b..d3ccdf2 100644
+index a9af1b9a..1e08e7f 100644
 --- a/drivers/tty/vt/keyboard.c
 +++ b/drivers/tty/vt/keyboard.c
-@@ -660,6 +660,16 @@ static void k_spec(struct vc_data *vc, unsigned char value, char up_flag)
+@@ -647,6 +647,16 @@ static void k_spec(struct vc_data *vc, unsigned char value, char up_flag)
  	     kbd->kbdmode == VC_OFF) &&
  	     value != KVAL(K_SAK))
  		return;		/* SAK is allowed even in raw mode */
@@ -44503,7 +43441,7 @@ index 681765b..d3ccdf2 100644
  	fn_handler[value](vc);
  }
  
-@@ -1808,9 +1818,6 @@ int vt_do_kdsk_ioctl(int cmd, struct kbentry __user *user_kbe, int perm,
+@@ -1795,9 +1805,6 @@ int vt_do_kdsk_ioctl(int cmd, struct kbentry __user *user_kbe, int perm,
  	if (copy_from_user(&tmp, user_kbe, sizeof(struct kbentry)))
  		return -EFAULT;
  
@@ -44513,7 +43451,7 @@ index 681765b..d3ccdf2 100644
  	switch (cmd) {
  	case KDGKBENT:
  		/* Ensure another thread doesn't free it under us */
-@@ -1825,6 +1832,9 @@ int vt_do_kdsk_ioctl(int cmd, struct kbentry __user *user_kbe, int perm,
+@@ -1812,6 +1819,9 @@ int vt_do_kdsk_ioctl(int cmd, struct kbentry __user *user_kbe, int perm,
  		spin_unlock_irqrestore(&kbd_event_lock, flags);
  		return put_user(val, &user_kbe->kb_value);
  	case KDSKBENT:
@@ -44523,7 +43461,7 @@ index 681765b..d3ccdf2 100644
  		if (!perm)
  			return -EPERM;
  		if (!i && v == K_NOSUCHMAP) {
-@@ -1915,9 +1925,6 @@ int vt_do_kdgkb_ioctl(int cmd, struct kbsentry __user *user_kdgkb, int perm)
+@@ -1902,9 +1912,6 @@ int vt_do_kdgkb_ioctl(int cmd, struct kbsentry __user *user_kdgkb, int perm)
  	int i, j, k;
  	int ret;
  
@@ -44533,7 +43471,7 @@ index 681765b..d3ccdf2 100644
  	kbs = kmalloc(sizeof(*kbs), GFP_KERNEL);
  	if (!kbs) {
  		ret = -ENOMEM;
-@@ -1951,6 +1958,9 @@ int vt_do_kdgkb_ioctl(int cmd, struct kbsentry __user *user_kdgkb, int perm)
+@@ -1938,6 +1945,9 @@ int vt_do_kdgkb_ioctl(int cmd, struct kbsentry __user *user_kdgkb, int perm)
  		kfree(kbs);
  		return ((p && *p) ? -EOVERFLOW : 0);
  	case KDSKBSENT:
@@ -44544,7 +43482,7 @@ index 681765b..d3ccdf2 100644
  			ret = -EPERM;
  			goto reterr;
 diff --git a/drivers/uio/uio.c b/drivers/uio/uio.c
-index 5110f36..8dc0a74 100644
+index c8b9262..7e824e6 100644
 --- a/drivers/uio/uio.c
 +++ b/drivers/uio/uio.c
 @@ -25,6 +25,7 @@
@@ -44577,7 +43515,7 @@ index 5110f36..8dc0a74 100644
  }
  
  static struct device_attribute uio_class_attributes[] = {
-@@ -408,7 +409,7 @@ void uio_event_notify(struct uio_info *info)
+@@ -397,7 +398,7 @@ void uio_event_notify(struct uio_info *info)
  {
  	struct uio_device *idev = info->uio_dev;
  
@@ -44586,7 +43524,7 @@ index 5110f36..8dc0a74 100644
  	wake_up_interruptible(&idev->wait);
  	kill_fasync(&idev->async_queue, SIGIO, POLL_IN);
  }
-@@ -461,7 +462,7 @@ static int uio_open(struct inode *inode, struct file *filep)
+@@ -450,7 +451,7 @@ static int uio_open(struct inode *inode, struct file *filep)
  	}
  
  	listener->dev = idev;
@@ -44595,7 +43533,7 @@ index 5110f36..8dc0a74 100644
  	filep->private_data = listener;
  
  	if (idev->info->open) {
-@@ -512,7 +513,7 @@ static unsigned int uio_poll(struct file *filep, poll_table *wait)
+@@ -501,7 +502,7 @@ static unsigned int uio_poll(struct file *filep, poll_table *wait)
  		return -EIO;
  
  	poll_wait(filep, &idev->wait, wait);
@@ -44604,7 +43542,7 @@ index 5110f36..8dc0a74 100644
  		return POLLIN | POLLRDNORM;
  	return 0;
  }
-@@ -537,7 +538,7 @@ static ssize_t uio_read(struct file *filep, char __user *buf,
+@@ -526,7 +527,7 @@ static ssize_t uio_read(struct file *filep, char __user *buf,
  	do {
  		set_current_state(TASK_INTERRUPTIBLE);
  
@@ -44613,7 +43551,7 @@ index 5110f36..8dc0a74 100644
  		if (event_count != listener->event_count) {
  			if (copy_to_user(buf, &event_count, count))
  				retval = -EFAULT;
-@@ -606,13 +607,13 @@ static int uio_find_mem_index(struct vm_area_struct *vma)
+@@ -595,13 +596,13 @@ static int uio_find_mem_index(struct vm_area_struct *vma)
  static void uio_vma_open(struct vm_area_struct *vma)
  {
  	struct uio_device *idev = vma->vm_private_data;
@@ -44629,7 +43567,7 @@ index 5110f36..8dc0a74 100644
  }
  
  static int uio_vma_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
-@@ -819,7 +820,7 @@ int __uio_register_device(struct module *owner,
+@@ -808,7 +809,7 @@ int __uio_register_device(struct module *owner,
  	idev->owner = owner;
  	idev->info = info;
  	init_waitqueue_head(&idev->wait);
@@ -44735,7 +43673,7 @@ index 35f10bf..6a38a0b 100644
  	if (!left--) {
  		if (instance->disconnected)
 diff --git a/drivers/usb/core/devices.c b/drivers/usb/core/devices.c
-index cbacea9..246cccd 100644
+index 2a3bbdf..91d72cf 100644
 --- a/drivers/usb/core/devices.c
 +++ b/drivers/usb/core/devices.c
 @@ -126,7 +126,7 @@ static const char format_endpt[] =
@@ -44756,7 +43694,7 @@ index cbacea9..246cccd 100644
  	wake_up(&device_event.wait);
  }
  
-@@ -645,7 +645,7 @@ static unsigned int usb_device_poll(struct file *file,
+@@ -652,7 +652,7 @@ static unsigned int usb_device_poll(struct file *file,
  
  	poll_wait(file, &device_event.wait, wait);
  
@@ -44766,10 +43704,10 @@ index cbacea9..246cccd 100644
  		file->f_version = event_count;
  		return POLLIN | POLLRDNORM;
 diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c
-index 8e64adf..9a33a3c 100644
+index f9ec44c..eb5779f 100644
 --- a/drivers/usb/core/hcd.c
 +++ b/drivers/usb/core/hcd.c
-@@ -1522,7 +1522,7 @@ int usb_hcd_submit_urb (struct urb *urb, gfp_t mem_flags)
+@@ -1526,7 +1526,7 @@ int usb_hcd_submit_urb (struct urb *urb, gfp_t mem_flags)
  	 */
  	usb_get_urb(urb);
  	atomic_inc(&urb->use_count);
@@ -44778,7 +43716,7 @@ index 8e64adf..9a33a3c 100644
  	usbmon_urb_submit(&hcd->self, urb);
  
  	/* NOTE requirements on root-hub callers (usbfs and the hub
-@@ -1549,7 +1549,7 @@ int usb_hcd_submit_urb (struct urb *urb, gfp_t mem_flags)
+@@ -1553,7 +1553,7 @@ int usb_hcd_submit_urb (struct urb *urb, gfp_t mem_flags)
  		urb->hcpriv = NULL;
  		INIT_LIST_HEAD(&urb->urb_list);
  		atomic_dec(&urb->use_count);
@@ -44788,7 +43726,7 @@ index 8e64adf..9a33a3c 100644
  			wake_up(&usb_kill_urb_queue);
  		usb_put_urb(urb);
 diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c
-index 131f736..99004c3 100644
+index 444d30e..f15c850 100644
 --- a/drivers/usb/core/message.c
 +++ b/drivers/usb/core/message.c
 @@ -129,7 +129,7 @@ static int usb_internal_control_msg(struct usb_device *usb_dev,
@@ -44801,10 +43739,10 @@ index 131f736..99004c3 100644
  		    __u16 size, int timeout)
  {
 diff --git a/drivers/usb/core/sysfs.c b/drivers/usb/core/sysfs.c
-index 818e4a0..0fc9589 100644
+index 3f81a3d..a3aa993 100644
 --- a/drivers/usb/core/sysfs.c
 +++ b/drivers/usb/core/sysfs.c
-@@ -226,7 +226,7 @@ show_urbnum(struct device *dev, struct device_attribute *attr, char *buf)
+@@ -239,7 +239,7 @@ show_urbnum(struct device *dev, struct device_attribute *attr, char *buf)
  	struct usb_device *udev;
  
  	udev = to_usb_device(dev);
@@ -44868,10 +43806,10 @@ index 5e29dde..eca992f 100644
  	return 0;
  }
 diff --git a/drivers/usb/gadget/u_serial.c b/drivers/usb/gadget/u_serial.c
-index 598dcc1..032dd4f 100644
+index b369292..9f3ba40 100644
 --- a/drivers/usb/gadget/u_serial.c
 +++ b/drivers/usb/gadget/u_serial.c
-@@ -735,9 +735,9 @@ static int gs_open(struct tty_struct *tty, struct file *file)
+@@ -733,9 +733,9 @@ static int gs_open(struct tty_struct *tty, struct file *file)
  			spin_lock_irq(&port->port_lock);
  
  			/* already open?  Great. */
@@ -44883,7 +43821,7 @@ index 598dcc1..032dd4f 100644
  
  			/* currently opening/closing? wait ... */
  			} else if (port->openclose) {
-@@ -796,7 +796,7 @@ static int gs_open(struct tty_struct *tty, struct file *file)
+@@ -794,7 +794,7 @@ static int gs_open(struct tty_struct *tty, struct file *file)
  	tty->driver_data = port;
  	port->port.tty = tty;
  
@@ -44892,7 +43830,7 @@ index 598dcc1..032dd4f 100644
  	port->openclose = false;
  
  	/* if connected, start the I/O stream */
-@@ -838,11 +838,11 @@ static void gs_close(struct tty_struct *tty, struct file *file)
+@@ -836,11 +836,11 @@ static void gs_close(struct tty_struct *tty, struct file *file)
  
  	spin_lock_irq(&port->port_lock);
  
@@ -44907,7 +43845,7 @@ index 598dcc1..032dd4f 100644
  		goto exit;
  	}
  
-@@ -852,7 +852,7 @@ static void gs_close(struct tty_struct *tty, struct file *file)
+@@ -850,7 +850,7 @@ static void gs_close(struct tty_struct *tty, struct file *file)
  	 * and sleep if necessary
  	 */
  	port->openclose = true;
@@ -44916,7 +43854,7 @@ index 598dcc1..032dd4f 100644
  
  	gser = port->port_usb;
  	if (gser && gser->disconnect)
-@@ -1159,7 +1159,7 @@ static int gs_closed(struct gs_port *port)
+@@ -1066,7 +1066,7 @@ static int gs_closed(struct gs_port *port)
  	int cond;
  
  	spin_lock_irq(&port->port_lock);
@@ -44925,7 +43863,7 @@ index 598dcc1..032dd4f 100644
  	spin_unlock_irq(&port->port_lock);
  	return cond;
  }
-@@ -1273,7 +1273,7 @@ int gserial_connect(struct gserial *gser, u8 port_num)
+@@ -1209,7 +1209,7 @@ int gserial_connect(struct gserial *gser, u8 port_num)
  	/* if it's already open, start I/O ... and notify the serial
  	 * protocol about open/close status (connect/disconnect).
  	 */
@@ -44934,7 +43872,7 @@ index 598dcc1..032dd4f 100644
  		pr_debug("gserial_connect: start ttyGS%d\n", port->port_num);
  		gs_start_io(port);
  		if (gser->connect)
-@@ -1320,7 +1320,7 @@ void gserial_disconnect(struct gserial *gser)
+@@ -1256,7 +1256,7 @@ void gserial_disconnect(struct gserial *gser)
  
  	port->port_usb = NULL;
  	gser->ioport = NULL;
@@ -44943,7 +43881,7 @@ index 598dcc1..032dd4f 100644
  		wake_up_interruptible(&port->drain_wait);
  		if (port->port.tty)
  			tty_hangup(port->port.tty);
-@@ -1336,7 +1336,7 @@ void gserial_disconnect(struct gserial *gser)
+@@ -1272,7 +1272,7 @@ void gserial_disconnect(struct gserial *gser)
  
  	/* finally, free any unused/unusable I/O buffers */
  	spin_lock_irqsave(&port->port_lock, flags);
@@ -45032,7 +43970,7 @@ index d6bea3e..60b250e 100644
  
  /**
 diff --git a/drivers/usb/wusbcore/wa-xfer.c b/drivers/usb/wusbcore/wa-xfer.c
-index 57c01ab..8a05959 100644
+index 6ef94bc..1b41265 100644
 --- a/drivers/usb/wusbcore/wa-xfer.c
 +++ b/drivers/usb/wusbcore/wa-xfer.c
 @@ -296,7 +296,7 @@ out:
@@ -45115,7 +44053,7 @@ index 6c5ed6b..b727c88 100644
  		.ident = "Sahara Touch-iT",
  		.matches = {
 diff --git a/drivers/video/fb_defio.c b/drivers/video/fb_defio.c
-index 88cad6b..dd746c7 100644
+index 900aa4e..6d49418 100644
 --- a/drivers/video/fb_defio.c
 +++ b/drivers/video/fb_defio.c
 @@ -206,7 +206,9 @@ void fb_deferred_io_init(struct fb_info *info)
@@ -45153,7 +44091,7 @@ index 5c3960d..15cf8fc 100644
  		goto out1;
  	}
 diff --git a/drivers/video/fbmem.c b/drivers/video/fbmem.c
-index 0a49456..fd5be1b 100644
+index 86291dc..7cc5962 100644
 --- a/drivers/video/fbmem.c
 +++ b/drivers/video/fbmem.c
 @@ -428,7 +428,7 @@ static void fb_do_show_logo(struct fb_info *info, struct fb_image *image,
@@ -48134,7 +47072,7 @@ index 86d449e..8e04dc5 100644
  	return count;
  }
 diff --git a/drivers/video/uvesafb.c b/drivers/video/uvesafb.c
-index b75db01..ad2f34a 100644
+index d428445..79a78df 100644
 --- a/drivers/video/uvesafb.c
 +++ b/drivers/video/uvesafb.c
 @@ -19,6 +19,7 @@
@@ -48399,10 +47337,10 @@ index fef20db..d28b1ab 100644
  		return -ENOMEM;
  	return 0;
 diff --git a/fs/9p/vfs_inode.c b/fs/9p/vfs_inode.c
-index 890bed5..17ae73e 100644
+index d86edc8..40ff2fb 100644
 --- a/fs/9p/vfs_inode.c
 +++ b/fs/9p/vfs_inode.c
-@@ -1329,7 +1329,7 @@ static void *v9fs_vfs_follow_link(struct dentry *dentry, struct nameidata *nd)
+@@ -1314,7 +1314,7 @@ static void *v9fs_vfs_follow_link(struct dentry *dentry, struct nameidata *nd)
  void
  v9fs_vfs_put_link(struct dentry *dentry, struct nameidata *nd, void *p)
  {
@@ -48425,7 +47363,7 @@ index 0efd152..b5802ad 100644
  	  A.out (Assembler.OUTput) is a set of formats for libraries and
  	  executables used in the earliest versions of UNIX.  Linux used
 diff --git a/fs/aio.c b/fs/aio.c
-index ed762ae..ee07789 100644
+index 1dc8786..d3b29e8 100644
 --- a/fs/aio.c
 +++ b/fs/aio.c
 @@ -111,7 +111,7 @@ static int aio_setup_ring(struct kioctx *ctx)
@@ -48437,7 +47375,7 @@ index ed762ae..ee07789 100644
  		return -EINVAL;
  
  	nr_events = (PAGE_SIZE * nr_pages - sizeof(struct aio_ring)) / sizeof(struct io_event);
-@@ -1373,18 +1373,19 @@ static ssize_t aio_fsync(struct kiocb *iocb)
+@@ -1375,18 +1375,19 @@ static ssize_t aio_fsync(struct kiocb *iocb)
  static ssize_t aio_setup_vectored_rw(int type, struct kiocb *kiocb, bool compat)
  {
  	ssize_t ret;
@@ -48459,7 +47397,7 @@ index ed762ae..ee07789 100644
  				&kiocb->ki_iovec);
  	if (ret < 0)
  		goto out;
-@@ -1393,6 +1394,10 @@ static ssize_t aio_setup_vectored_rw(int type, struct kiocb *kiocb, bool compat)
+@@ -1395,6 +1396,10 @@ static ssize_t aio_setup_vectored_rw(int type, struct kiocb *kiocb, bool compat)
  	if (ret < 0)
  		goto out;
  
@@ -48483,10 +47421,10 @@ index 1449adb..a2038c2 100644
  			goto out_sig;
  		if (offset > inode->i_sb->s_maxbytes)
 diff --git a/fs/autofs4/waitq.c b/fs/autofs4/waitq.c
-index 03bc1d3..6205356 100644
+index 3db70da..7aeec5b 100644
 --- a/fs/autofs4/waitq.c
 +++ b/fs/autofs4/waitq.c
-@@ -61,7 +61,7 @@ static int autofs4_write(struct autofs_sb_info *sbi,
+@@ -59,7 +59,7 @@ static int autofs4_write(struct autofs_sb_info *sbi,
  {
  	unsigned long sigpipe, flags;
  	mm_segment_t fs;
@@ -48495,7 +47433,7 @@ index 03bc1d3..6205356 100644
  	ssize_t wr = 0;
  
  	sigpipe = sigismember(&current->pending.signal, SIGPIPE);
-@@ -348,6 +348,10 @@ static int validate_request(struct autofs_wait_queue **wait,
+@@ -346,6 +346,10 @@ static int validate_request(struct autofs_wait_queue **wait,
  	return 1;
  }
  
@@ -48506,7 +47444,7 @@ index 03bc1d3..6205356 100644
  int autofs4_wait(struct autofs_sb_info *sbi, struct dentry *dentry,
  		enum autofs_notify notify)
  {
-@@ -381,7 +385,12 @@ int autofs4_wait(struct autofs_sb_info *sbi, struct dentry *dentry,
+@@ -379,7 +383,12 @@ int autofs4_wait(struct autofs_sb_info *sbi, struct dentry *dentry,
  
  	/* If this is a direct mount request create a dummy name */
  	if (IS_ROOT(dentry) && autofs_type_trigger(sbi->type))
@@ -48542,7 +47480,7 @@ index 2722387..c8dd2a7 100644
  {
  	if (BEFS_SB(sb)->byte_order == BEFS_BYTESEX_LE)
 diff --git a/fs/befs/linuxvfs.c b/fs/befs/linuxvfs.c
-index 2b3bda8..6a2d4be 100644
+index 8615ee8..388ed68 100644
 --- a/fs/befs/linuxvfs.c
 +++ b/fs/befs/linuxvfs.c
 @@ -510,7 +510,7 @@ static void befs_put_link(struct dentry *dentry, struct nameidata *nd, void *p)
@@ -48555,7 +47493,7 @@ index 2b3bda8..6a2d4be 100644
  			kfree(link);
  	}
 diff --git a/fs/binfmt_aout.c b/fs/binfmt_aout.c
-index 6043567..16a9239 100644
+index bbc8f88..7c7ac97 100644
 --- a/fs/binfmt_aout.c
 +++ b/fs/binfmt_aout.c
 @@ -16,6 +16,7 @@
@@ -48635,18 +47573,18 @@ index 6043567..16a9239 100644
  				fd_offset + ex.a_text);
  		if (error != N_DATADDR(ex)) {
 diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
-index 5843a47..160fbe2 100644
+index 86af964..8a1da7e 100644
 --- a/fs/binfmt_elf.c
 +++ b/fs/binfmt_elf.c
-@@ -33,6 +33,7 @@
- #include <linux/elf.h>
+@@ -34,6 +34,7 @@
  #include <linux/utsname.h>
  #include <linux/coredump.h>
+ #include <linux/sched.h>
 +#include <linux/xattr.h>
  #include <asm/uaccess.h>
  #include <asm/param.h>
  #include <asm/page.h>
-@@ -59,6 +60,10 @@ static int elf_core_dump(struct coredump_params *cprm);
+@@ -60,6 +61,10 @@ static int elf_core_dump(struct coredump_params *cprm);
  #define elf_core_dump	NULL
  #endif
  
@@ -48657,7 +47595,7 @@ index 5843a47..160fbe2 100644
  #if ELF_EXEC_PAGESIZE > PAGE_SIZE
  #define ELF_MIN_ALIGN	ELF_EXEC_PAGESIZE
  #else
-@@ -78,6 +83,11 @@ static struct linux_binfmt elf_format = {
+@@ -79,6 +84,11 @@ static struct linux_binfmt elf_format = {
  	.load_binary	= load_elf_binary,
  	.load_shlib	= load_elf_library,
  	.core_dump	= elf_core_dump,
@@ -48669,7 +47607,7 @@ index 5843a47..160fbe2 100644
  	.min_coredump	= ELF_EXEC_PAGESIZE,
  };
  
-@@ -85,6 +95,8 @@ static struct linux_binfmt elf_format = {
+@@ -86,6 +96,8 @@ static struct linux_binfmt elf_format = {
  
  static int set_brk(unsigned long start, unsigned long end)
  {
@@ -48678,7 +47616,7 @@ index 5843a47..160fbe2 100644
  	start = ELF_PAGEALIGN(start);
  	end = ELF_PAGEALIGN(end);
  	if (end > start) {
-@@ -93,7 +105,7 @@ static int set_brk(unsigned long start, unsigned long end)
+@@ -94,7 +106,7 @@ static int set_brk(unsigned long start, unsigned long end)
  		if (BAD_ADDR(addr))
  			return addr;
  	}
@@ -48687,7 +47625,7 @@ index 5843a47..160fbe2 100644
  	return 0;
  }
  
-@@ -154,12 +166,13 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
+@@ -155,12 +167,13 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
  	elf_addr_t __user *u_rand_bytes;
  	const char *k_platform = ELF_PLATFORM;
  	const char *k_base_platform = ELF_BASE_PLATFORM;
@@ -48702,7 +47640,7 @@ index 5843a47..160fbe2 100644
  
  	/*
  	 * In some cases (e.g. Hyper-Threading), we want to avoid L1
-@@ -201,8 +214,12 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
+@@ -202,8 +215,12 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
  	 * Generate 16 random bytes for userspace PRNG seeding.
  	 */
  	get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes));
@@ -48717,7 +47655,7 @@ index 5843a47..160fbe2 100644
  	if (__copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes)))
  		return -EFAULT;
  
-@@ -314,9 +331,11 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
+@@ -315,9 +332,11 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
  		return -EFAULT;
  	current->mm->env_end = p;
  
@@ -48730,7 +47668,7 @@ index 5843a47..160fbe2 100644
  		return -EFAULT;
  	return 0;
  }
-@@ -380,15 +399,14 @@ static unsigned long total_mapping_size(struct elf_phdr *cmds, int nr)
+@@ -385,15 +404,14 @@ static unsigned long total_mapping_size(struct elf_phdr *cmds, int nr)
     an ELF header */
  
  static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
@@ -48749,7 +47687,7 @@ index 5843a47..160fbe2 100644
  	unsigned long total_size;
  	int retval, i, size;
  
-@@ -434,6 +452,11 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
+@@ -439,6 +457,11 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
  		goto out_close;
  	}
  
@@ -48761,7 +47699,7 @@ index 5843a47..160fbe2 100644
  	eppnt = elf_phdata;
  	for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) {
  		if (eppnt->p_type == PT_LOAD) {
-@@ -457,8 +480,6 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
+@@ -462,8 +485,6 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
  			map_addr = elf_map(interpreter, load_addr + vaddr,
  					eppnt, elf_prot, elf_type, total_size);
  			total_size = 0;
@@ -48770,7 +47708,7 @@ index 5843a47..160fbe2 100644
  			error = map_addr;
  			if (BAD_ADDR(map_addr))
  				goto out_close;
-@@ -477,8 +498,8 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
+@@ -482,8 +503,8 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
  			k = load_addr + eppnt->p_vaddr;
  			if (BAD_ADDR(k) ||
  			    eppnt->p_filesz > eppnt->p_memsz ||
@@ -48781,7 +47719,7 @@ index 5843a47..160fbe2 100644
  				error = -ENOMEM;
  				goto out_close;
  			}
-@@ -530,6 +551,315 @@ out:
+@@ -535,6 +556,315 @@ out:
  	return error;
  }
  
@@ -49011,11 +47949,11 @@ index 5843a47..160fbe2 100644
 +
 +#ifdef CONFIG_PAX_XATTR_PAX_FLAGS
 +	ssize_t xattr_size, i;
-+	unsigned char xattr_value[5];
++	unsigned char xattr_value[sizeof("pemrs") - 1];
 +	unsigned long pax_flags_hardmode = 0UL, pax_flags_softmode = 0UL;
 +
-+	xattr_size = vfs_getxattr(file->f_path.dentry, XATTR_NAME_PAX_FLAGS, xattr_value, sizeof xattr_value);
-+	if (xattr_size <= 0 || xattr_size > 5)
++	xattr_size = pax_getxattr(file->f_path.dentry, xattr_value, sizeof xattr_value);
++	if (xattr_size <= 0 || xattr_size > sizeof xattr_value)
 +		return ~0UL;
 +
 +	for (i = 0; i < xattr_size; i++)
@@ -49097,7 +48035,7 @@ index 5843a47..160fbe2 100644
  /*
   * These are the functions used to load ELF style executables and shared
   * libraries.  There is no binary dependent code anywhere else.
-@@ -546,6 +876,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top)
+@@ -551,6 +881,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top)
  {
  	unsigned int random_variable = 0;
  
@@ -49109,7 +48047,7 @@ index 5843a47..160fbe2 100644
  	if ((current->flags & PF_RANDOMIZE) &&
  		!(current->personality & ADDR_NO_RANDOMIZE)) {
  		random_variable = get_random_int() & STACK_RND_MASK;
-@@ -564,7 +899,7 @@ static int load_elf_binary(struct linux_binprm *bprm)
+@@ -569,7 +904,7 @@ static int load_elf_binary(struct linux_binprm *bprm)
   	unsigned long load_addr = 0, load_bias = 0;
  	int load_addr_set = 0;
  	char * elf_interpreter = NULL;
@@ -49118,7 +48056,7 @@ index 5843a47..160fbe2 100644
  	struct elf_phdr *elf_ppnt, *elf_phdata;
  	unsigned long elf_bss, elf_brk;
  	int retval, i;
-@@ -574,12 +909,12 @@ static int load_elf_binary(struct linux_binprm *bprm)
+@@ -579,12 +914,12 @@ static int load_elf_binary(struct linux_binprm *bprm)
  	unsigned long start_code, end_code, start_data, end_data;
  	unsigned long reloc_func_desc __maybe_unused = 0;
  	int executable_stack = EXSTACK_DEFAULT;
@@ -49132,7 +48070,7 @@ index 5843a47..160fbe2 100644
  
  	loc = kmalloc(sizeof(*loc), GFP_KERNEL);
  	if (!loc) {
-@@ -715,11 +1050,81 @@ static int load_elf_binary(struct linux_binprm *bprm)
+@@ -720,11 +1055,81 @@ static int load_elf_binary(struct linux_binprm *bprm)
  		goto out_free_dentry;
  
  	/* OK, This is the point of no return */
@@ -49215,7 +48153,7 @@ index 5843a47..160fbe2 100644
  	if (elf_read_implies_exec(loc->elf_ex, executable_stack))
  		current->personality |= READ_IMPLIES_EXEC;
  
-@@ -810,6 +1215,20 @@ static int load_elf_binary(struct linux_binprm *bprm)
+@@ -815,6 +1220,20 @@ static int load_elf_binary(struct linux_binprm *bprm)
  #else
  			load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
  #endif
@@ -49236,7 +48174,7 @@ index 5843a47..160fbe2 100644
  		}
  
  		error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
-@@ -842,9 +1261,9 @@ static int load_elf_binary(struct linux_binprm *bprm)
+@@ -847,9 +1266,9 @@ static int load_elf_binary(struct linux_binprm *bprm)
  		 * allowed task size. Note that p_filesz must always be
  		 * <= p_memsz so it is only necessary to check p_memsz.
  		 */
@@ -49249,7 +48187,7 @@ index 5843a47..160fbe2 100644
  			/* set_brk can never work. Avoid overflows. */
  			send_sig(SIGKILL, current, 0);
  			retval = -EINVAL;
-@@ -883,17 +1302,44 @@ static int load_elf_binary(struct linux_binprm *bprm)
+@@ -888,17 +1307,45 @@ static int load_elf_binary(struct linux_binprm *bprm)
  		goto out_free_dentry;
  	}
  	if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
@@ -49265,7 +48203,8 @@ index 5843a47..160fbe2 100644
  
 +#ifdef CONFIG_PAX_RANDMMAP
 +	if (current->mm->pax_flags & MF_PAX_RANDMMAP) {
-+		unsigned long start, size, flags, vm_flags;
++		unsigned long start, size, flags;
++		vm_flags_t vm_flags;
 +
 +		start = ELF_PAGEALIGN(elf_brk);
 +		size = PAGE_SIZE + ((pax_get_random_long() & ((1UL << 22) - 1UL)) << 4);
@@ -49278,7 +48217,7 @@ index 5843a47..160fbe2 100644
 +		if (!IS_ERR_VALUE(start) && !find_vma_intersection(current->mm, start, start + size + PAGE_SIZE)) {
 +//			if (current->personality & ADDR_NO_RANDOMIZE)
 +//				vm_flags |= VM_READ | VM_MAYREAD;
-+			start = mmap_region(NULL, start, PAGE_ALIGN(size), flags, vm_flags, 0);
++			start = mmap_region(NULL, start, PAGE_ALIGN(size), vm_flags, 0);
 +			retval = IS_ERR_VALUE(start) ? start : 0;
 +		}
 +		up_write(&current->mm->mmap_sem);
@@ -49300,7 +48239,7 @@ index 5843a47..160fbe2 100644
  					    load_bias);
  		if (!IS_ERR((void *)elf_entry)) {
  			/*
-@@ -1115,7 +1561,7 @@ static bool always_dump_vma(struct vm_area_struct *vma)
+@@ -1120,7 +1567,7 @@ static bool always_dump_vma(struct vm_area_struct *vma)
   * Decide what to dump of a segment, part, all or none.
   */
  static unsigned long vma_dump_size(struct vm_area_struct *vma,
@@ -49309,7 +48248,7 @@ index 5843a47..160fbe2 100644
  {
  #define FILTER(type)	(mm_flags & (1UL << MMF_DUMP_##type))
  
-@@ -1153,7 +1599,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
+@@ -1158,7 +1605,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
  	if (vma->vm_file == NULL)
  		return 0;
  
@@ -49318,7 +48257,7 @@ index 5843a47..160fbe2 100644
  		goto whole;
  
  	/*
-@@ -1375,9 +1821,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
+@@ -1383,9 +1830,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
  {
  	elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
  	int i = 0;
@@ -49330,7 +48269,7 @@ index 5843a47..160fbe2 100644
  	fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
  }
  
-@@ -2007,14 +2453,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
+@@ -2015,14 +2462,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
  }
  
  static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma,
@@ -49347,7 +48286,7 @@ index 5843a47..160fbe2 100644
  	return size;
  }
  
-@@ -2108,7 +2554,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2116,7 +2563,7 @@ static int elf_core_dump(struct coredump_params *cprm)
  
  	dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
  
@@ -49356,7 +48295,7 @@ index 5843a47..160fbe2 100644
  	offset += elf_core_extra_data_size();
  	e_shoff = offset;
  
-@@ -2122,10 +2568,12 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2130,10 +2577,12 @@ static int elf_core_dump(struct coredump_params *cprm)
  	offset = dataoff;
  
  	size += sizeof(*elf);
@@ -49369,7 +48308,7 @@ index 5843a47..160fbe2 100644
  	if (size > cprm->limit
  	    || !dump_write(cprm->file, phdr4note, sizeof(*phdr4note)))
  		goto end_coredump;
-@@ -2139,7 +2587,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2147,7 +2596,7 @@ static int elf_core_dump(struct coredump_params *cprm)
  		phdr.p_offset = offset;
  		phdr.p_vaddr = vma->vm_start;
  		phdr.p_paddr = 0;
@@ -49378,7 +48317,7 @@ index 5843a47..160fbe2 100644
  		phdr.p_memsz = vma->vm_end - vma->vm_start;
  		offset += phdr.p_filesz;
  		phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
-@@ -2150,6 +2598,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2158,6 +2607,7 @@ static int elf_core_dump(struct coredump_params *cprm)
  		phdr.p_align = ELF_EXEC_PAGESIZE;
  
  		size += sizeof(phdr);
@@ -49386,7 +48325,7 @@ index 5843a47..160fbe2 100644
  		if (size > cprm->limit
  		    || !dump_write(cprm->file, &phdr, sizeof(phdr)))
  			goto end_coredump;
-@@ -2174,7 +2623,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2182,7 +2632,7 @@ static int elf_core_dump(struct coredump_params *cprm)
  		unsigned long addr;
  		unsigned long end;
  
@@ -49395,7 +48334,7 @@ index 5843a47..160fbe2 100644
  
  		for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
  			struct page *page;
-@@ -2183,6 +2632,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2191,6 +2641,7 @@ static int elf_core_dump(struct coredump_params *cprm)
  			page = get_dump_page(addr);
  			if (page) {
  				void *kaddr = kmap(page);
@@ -49403,7 +48342,7 @@ index 5843a47..160fbe2 100644
  				stop = ((size += PAGE_SIZE) > cprm->limit) ||
  					!dump_write(cprm->file, kaddr,
  						    PAGE_SIZE);
-@@ -2200,6 +2650,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2208,6 +2659,7 @@ static int elf_core_dump(struct coredump_params *cprm)
  
  	if (e_phnum == PN_XNUM) {
  		size += sizeof(*shdr4extnum);
@@ -49411,7 +48350,7 @@ index 5843a47..160fbe2 100644
  		if (size > cprm->limit
  		    || !dump_write(cprm->file, shdr4extnum,
  				   sizeof(*shdr4extnum)))
-@@ -2220,6 +2671,97 @@ out:
+@@ -2228,6 +2680,97 @@ out:
  
  #endif		/* CONFIG_ELF_CORE */
  
@@ -49510,7 +48449,7 @@ index 5843a47..160fbe2 100644
  {
  	register_binfmt(&elf_format);
 diff --git a/fs/binfmt_flat.c b/fs/binfmt_flat.c
-index b563719..3868998 100644
+index 2036d21..b0430d0 100644
 --- a/fs/binfmt_flat.c
 +++ b/fs/binfmt_flat.c
 @@ -562,7 +562,9 @@ static int load_flat_file(struct linux_binprm * bprm,
@@ -49577,7 +48516,7 @@ index b96fc6c..431d628 100644
  	__bio_for_each_segment(bvec, bio, i, 0) {
  		char *addr = page_address(bvec->bv_page);
 diff --git a/fs/block_dev.c b/fs/block_dev.c
-index 883dc49..f27794a 100644
+index aae187a..fd790ba 100644
 --- a/fs/block_dev.c
 +++ b/fs/block_dev.c
 @@ -652,7 +652,7 @@ static bool bd_may_claim(struct block_device *bdev, struct block_device *whole,
@@ -49590,7 +48529,7 @@ index 883dc49..f27794a 100644
  	else if (whole->bd_holder != NULL)
  		return false;	 /* is a partition of a held device */
 diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c
-index ce1c169..1ef484f 100644
+index ca9d8f1..8c0142d 100644
 --- a/fs/btrfs/ctree.c
 +++ b/fs/btrfs/ctree.c
 @@ -1036,9 +1036,12 @@ static noinline int __btrfs_cow_block(struct btrfs_trans_handle *trans,
@@ -49609,60 +48548,11 @@ index ce1c169..1ef484f 100644
  			parent_start = 0;
  
  		WARN_ON(trans->transid != btrfs_header_generation(parent));
-diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c
-index d170412..a575d77 100644
---- a/fs/btrfs/extent-tree.c
-+++ b/fs/btrfs/extent-tree.c
-@@ -6019,7 +6019,7 @@ again:
- 	if (ret == -ENOSPC) {
- 		if (!final_tried) {
- 			num_bytes = num_bytes >> 1;
--			num_bytes = num_bytes & ~(root->sectorsize - 1);
-+			num_bytes = num_bytes & ~((u64)root->sectorsize - 1);
- 			num_bytes = max(num_bytes, min_alloc_size);
- 			if (num_bytes == min_alloc_size)
- 				final_tried = true;
-diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
-index 7c4e6cc..8ad78b2 100644
---- a/fs/btrfs/inode.c
-+++ b/fs/btrfs/inode.c
-@@ -17,6 +17,7 @@
-  */
- 
- #include <linux/kernel.h>
-+#include <linux/module.h>
- #include <linux/bio.h>
- #include <linux/buffer_head.h>
- #include <linux/file.h>
-@@ -7314,7 +7315,7 @@ fail:
- 	return -ENOMEM;
- }
- 
--static int btrfs_getattr(struct vfsmount *mnt,
-+int btrfs_getattr(struct vfsmount *mnt,
- 			 struct dentry *dentry, struct kstat *stat)
- {
- 	struct inode *inode = dentry->d_inode;
-@@ -7328,6 +7329,14 @@ static int btrfs_getattr(struct vfsmount *mnt,
- 	return 0;
- }
- 
-+EXPORT_SYMBOL(btrfs_getattr);
-+
-+dev_t get_btrfs_dev_from_inode(struct inode *inode)
-+{
-+	return BTRFS_I(inode)->root->anon_dev;
-+}
-+EXPORT_SYMBOL(get_btrfs_dev_from_inode);
-+
- /*
-  * If a file is moved, it will inherit the cow and compression flags of the new
-  * directory.
 diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
-index 338f259..b657640 100644
+index 2c02310..a0c895e 100644
 --- a/fs/btrfs/ioctl.c
 +++ b/fs/btrfs/ioctl.c
-@@ -3033,9 +3033,12 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
+@@ -3077,9 +3077,12 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
  	for (i = 0; i < num_types; i++) {
  		struct btrfs_space_info *tmp;
  
@@ -49675,7 +48565,7 @@ index 338f259..b657640 100644
  		info = NULL;
  		rcu_read_lock();
  		list_for_each_entry_rcu(tmp, &root->fs_info->space_info,
-@@ -3057,10 +3060,7 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
+@@ -3101,10 +3104,7 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
  				memcpy(dest, &space, sizeof(space));
  				dest++;
  				space_args.total_spaces++;
@@ -49686,24 +48576,11 @@ index 338f259..b657640 100644
  		}
  		up_read(&info->groups_sem);
  	}
-diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c
-index 300e09a..9fe4539 100644
---- a/fs/btrfs/relocation.c
-+++ b/fs/btrfs/relocation.c
-@@ -1269,7 +1269,7 @@ static int __update_reloc_root(struct btrfs_root *root, int del)
- 	}
- 	spin_unlock(&rc->reloc_root_tree.lock);
- 
--	BUG_ON((struct btrfs_root *)node->data != root);
-+	BUG_ON(!node || (struct btrfs_root *)node->data != root);
- 
- 	if (!del) {
- 		spin_lock(&rc->reloc_root_tree.lock);
 diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c
-index d8982e9..29a85fa 100644
+index f6b8859..54fe8c5 100644
 --- a/fs/btrfs/super.c
 +++ b/fs/btrfs/super.c
-@@ -267,7 +267,7 @@ void __btrfs_abort_transaction(struct btrfs_trans_handle *trans,
+@@ -266,7 +266,7 @@ void __btrfs_abort_transaction(struct btrfs_trans_handle *trans,
  			     function, line, errstr);
  		return;
  	}
@@ -49867,7 +48744,7 @@ index 4809922..aab2c39 100644
  			kunmap(page);
  			if (ret != len)
 diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c
-index 8c1aabe..bbf856a 100644
+index 6d797f4..0ace2e5 100644
 --- a/fs/ceph/dir.c
 +++ b/fs/ceph/dir.c
 @@ -243,7 +243,7 @@ static int ceph_readdir(struct file *filp, void *dirent, filldir_t filldir)
@@ -49924,10 +48801,10 @@ index d9ea6ed..1e6c8ac 100644
  					server->ops->print_stats(m, tcon);
  			}
 diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c
-index b9db388..9a73d6d 100644
+index 345fc89..b2acae5 100644
 --- a/fs/cifs/cifsfs.c
 +++ b/fs/cifs/cifsfs.c
-@@ -1026,7 +1026,7 @@ cifs_init_request_bufs(void)
+@@ -1033,7 +1033,7 @@ cifs_init_request_bufs(void)
  /*	cERROR(1, "CIFSMaxBufSize %d 0x%x",CIFSMaxBufSize,CIFSMaxBufSize); */
  	cifs_req_cachep = kmem_cache_create("cifs_request",
  					    CIFSMaxBufSize + max_hdr_size, 0,
@@ -49936,7 +48813,7 @@ index b9db388..9a73d6d 100644
  	if (cifs_req_cachep == NULL)
  		return -ENOMEM;
  
-@@ -1053,7 +1053,7 @@ cifs_init_request_bufs(void)
+@@ -1060,7 +1060,7 @@ cifs_init_request_bufs(void)
  	efficient to alloc 1 per page off the slab compared to 17K (5page)
  	alloc of large cifs buffers even when page debugging is on */
  	cifs_sm_req_cachep = kmem_cache_create("cifs_small_rq",
@@ -49945,7 +48822,7 @@ index b9db388..9a73d6d 100644
  			NULL);
  	if (cifs_sm_req_cachep == NULL) {
  		mempool_destroy(cifs_req_poolp);
-@@ -1138,8 +1138,8 @@ init_cifs(void)
+@@ -1145,8 +1145,8 @@ init_cifs(void)
  	atomic_set(&bufAllocCount, 0);
  	atomic_set(&smBufAllocCount, 0);
  #ifdef CONFIG_CIFS_STATS2
@@ -49957,7 +48834,7 @@ index b9db388..9a73d6d 100644
  
  	atomic_set(&midCount, 0);
 diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
-index e6899ce..d6b2920 100644
+index 4f07f6f..55de8ce 100644
 --- a/fs/cifs/cifsglob.h
 +++ b/fs/cifs/cifsglob.h
 @@ -751,35 +751,35 @@ struct cifs_tcon {
@@ -50041,7 +48918,7 @@ index e6899ce..d6b2920 100644
  GLOBAL_EXTERN atomic_t smBufAllocCount;
  GLOBAL_EXTERN atomic_t midCount;
 diff --git a/fs/cifs/link.c b/fs/cifs/link.c
-index 51dc2fb..1e12a33 100644
+index 9f6c4c4..8de307a 100644
 --- a/fs/cifs/link.c
 +++ b/fs/cifs/link.c
 @@ -616,7 +616,7 @@ symlink_exit:
@@ -50054,7 +48931,7 @@ index 51dc2fb..1e12a33 100644
  		kfree(p);
  }
 diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c
-index 3a00c0d..42d901c 100644
+index 1b15bf8..1ce489e 100644
 --- a/fs/cifs/misc.c
 +++ b/fs/cifs/misc.c
 @@ -169,7 +169,7 @@ cifs_buf_get(void)
@@ -50321,7 +49198,7 @@ index 41d9d07..dbb4772 100644
  
  	req->FileIndex = cpu_to_le32(index);
 diff --git a/fs/coda/cache.c b/fs/coda/cache.c
-index 958ae0e..505c9d0 100644
+index 1da168c..8bc7ff6 100644
 --- a/fs/coda/cache.c
 +++ b/fs/coda/cache.c
 @@ -24,7 +24,7 @@
@@ -50339,7 +49216,7 @@ index 958ae0e..505c9d0 100644
  	spin_lock(&cii->c_lock);
 -	cii->c_cached_epoch = atomic_read(&permission_epoch);
 +	cii->c_cached_epoch = atomic_read_unchecked(&permission_epoch);
- 	if (cii->c_uid != current_fsuid()) {
+ 	if (!uid_eq(cii->c_uid, current_fsuid())) {
  		cii->c_uid = current_fsuid();
                  cii->c_cached_perm = mask;
 @@ -46,14 +46,14 @@ void coda_cache_clear_inode(struct inode *inode)
@@ -50362,14 +49239,14 @@ index 958ae0e..505c9d0 100644
 @@ -66,7 +66,7 @@ int coda_cache_check(struct inode *inode, int mask)
  	spin_lock(&cii->c_lock);
  	hit = (mask & cii->c_cached_perm) == mask &&
- 	    cii->c_uid == current_fsuid() &&
+ 	    uid_eq(cii->c_uid, current_fsuid()) &&
 -	    cii->c_cached_epoch == atomic_read(&permission_epoch);
 +	    cii->c_cached_epoch == atomic_read_unchecked(&permission_epoch);
  	spin_unlock(&cii->c_lock);
  
  	return hit;
 diff --git a/fs/compat.c b/fs/compat.c
-index a06dcbc..dacb6d3 100644
+index d487985..c9e04b1 100644
 --- a/fs/compat.c
 +++ b/fs/compat.c
 @@ -54,7 +54,7 @@
@@ -50507,7 +49384,7 @@ index a81147e..20bf2b5 100644
  
  /*
 diff --git a/fs/compat_ioctl.c b/fs/compat_ioctl.c
-index e2f57a0..3c78771 100644
+index 3ced75f..1eeca06 100644
 --- a/fs/compat_ioctl.c
 +++ b/fs/compat_ioctl.c
 @@ -623,7 +623,7 @@ static int serial_struct_ioctl(unsigned fd, unsigned cmd,
@@ -50540,24 +49417,10 @@ index e2f57a0..3c78771 100644
  		return 1;
  	if (a < b)
 diff --git a/fs/configfs/dir.c b/fs/configfs/dir.c
-index 712b10f..c33c4ca 100644
+index 7aabc6a..34c1197 100644
 --- a/fs/configfs/dir.c
 +++ b/fs/configfs/dir.c
-@@ -1037,10 +1037,11 @@ static int configfs_dump(struct configfs_dirent *sd, int level)
- static int configfs_depend_prep(struct dentry *origin,
- 				struct config_item *target)
- {
--	struct configfs_dirent *child_sd, *sd = origin->d_fsdata;
-+	struct configfs_dirent *child_sd, *sd;
- 	int ret = 0;
- 
--	BUG_ON(!origin || !sd);
-+	BUG_ON(!origin || !origin->d_fsdata);
-+	sd = origin->d_fsdata;
- 
- 	if (sd->s_element == target)  /* Boo-yah */
- 		goto out;
-@@ -1564,7 +1565,8 @@ static int configfs_readdir(struct file * filp, void * dirent, filldir_t filldir
+@@ -1565,7 +1565,8 @@ static int configfs_readdir(struct file * filp, void * dirent, filldir_t filldir
  			}
  			for (p=q->next; p!= &parent_sd->s_children; p=p->next) {
  				struct configfs_dirent *next;
@@ -50567,7 +49430,7 @@ index 712b10f..c33c4ca 100644
  				int len;
  				struct inode *inode = NULL;
  
-@@ -1574,7 +1576,12 @@ static int configfs_readdir(struct file * filp, void * dirent, filldir_t filldir
+@@ -1575,7 +1576,12 @@ static int configfs_readdir(struct file * filp, void * dirent, filldir_t filldir
  					continue;
  
  				name = configfs_get_name(next);
@@ -50582,7 +49445,7 @@ index 712b10f..c33c4ca 100644
  				/*
  				 * We'll have a dentry and an inode for
 diff --git a/fs/coredump.c b/fs/coredump.c
-index 1774932..5812106 100644
+index c647965..a77bff3 100644
 --- a/fs/coredump.c
 +++ b/fs/coredump.c
 @@ -52,7 +52,7 @@ struct core_name {
@@ -50613,7 +49476,7 @@ index 1774932..5812106 100644
  	cn->used = 0;
  
 @@ -414,17 +414,17 @@ static void wait_for_dump_helpers(struct file *file)
- 	pipe = file->f_path.dentry->d_inode->i_pipe;
+ 	pipe = file_inode(file)->i_pipe;
  
  	pipe_lock(pipe);
 -	pipe->readers++;
@@ -50703,10 +49566,10 @@ index 1774932..5812106 100644
  EXPORT_SYMBOL(dump_write);
  
 diff --git a/fs/dcache.c b/fs/dcache.c
-index de73da2..2ed907b 100644
+index e689268..f36956e 100644
 --- a/fs/dcache.c
 +++ b/fs/dcache.c
-@@ -3141,7 +3141,7 @@ void __init vfs_caches_init(unsigned long mempages)
+@@ -3100,7 +3100,7 @@ void __init vfs_caches_init(unsigned long mempages)
  	mempages -= reserve;
  
  	names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0,
@@ -50716,7 +49579,7 @@ index de73da2..2ed907b 100644
  	dcache_init();
  	inode_init();
 diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c
-index a5f12b7..4ee8a6f 100644
+index 4888cb3..e0f7cf8 100644
 --- a/fs/debugfs/inode.c
 +++ b/fs/debugfs/inode.c
 @@ -415,7 +415,11 @@ EXPORT_SYMBOL_GPL(debugfs_create_file);
@@ -50732,7 +49595,7 @@ index a5f12b7..4ee8a6f 100644
  }
  EXPORT_SYMBOL_GPL(debugfs_create_dir);
 diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
-index cc7709e..7e7211f 100644
+index 5eab400..810a3f5 100644
 --- a/fs/ecryptfs/inode.c
 +++ b/fs/ecryptfs/inode.c
 @@ -674,7 +674,7 @@ static int ecryptfs_readlink_lower(struct dentry *dentry, char **buf,
@@ -50754,51 +49617,10 @@ index cc7709e..7e7211f 100644
  		/* Free the char* */
  		kfree(buf);
 diff --git a/fs/ecryptfs/miscdev.c b/fs/ecryptfs/miscdev.c
-index 412e6ed..d8263e8 100644
+index e4141f2..d8263e8 100644
 --- a/fs/ecryptfs/miscdev.c
 +++ b/fs/ecryptfs/miscdev.c
-@@ -80,13 +80,6 @@ ecryptfs_miscdev_open(struct inode *inode, struct file *file)
- 	int rc;
- 
- 	mutex_lock(&ecryptfs_daemon_hash_mux);
--	rc = try_module_get(THIS_MODULE);
--	if (rc == 0) {
--		rc = -EIO;
--		printk(KERN_ERR "%s: Error attempting to increment module use "
--		       "count; rc = [%d]\n", __func__, rc);
--		goto out_unlock_daemon_list;
--	}
- 	rc = ecryptfs_find_daemon_by_euid(&daemon);
- 	if (!rc) {
- 		rc = -EINVAL;
-@@ -96,7 +89,7 @@ ecryptfs_miscdev_open(struct inode *inode, struct file *file)
- 	if (rc) {
- 		printk(KERN_ERR "%s: Error attempting to spawn daemon; "
- 		       "rc = [%d]\n", __func__, rc);
--		goto out_module_put_unlock_daemon_list;
-+		goto out_unlock_daemon_list;
- 	}
- 	mutex_lock(&daemon->mux);
- 	if (daemon->flags & ECRYPTFS_DAEMON_MISCDEV_OPEN) {
-@@ -108,9 +101,6 @@ ecryptfs_miscdev_open(struct inode *inode, struct file *file)
- 	atomic_inc(&ecryptfs_num_miscdev_opens);
- out_unlock_daemon:
- 	mutex_unlock(&daemon->mux);
--out_module_put_unlock_daemon_list:
--	if (rc)
--		module_put(THIS_MODULE);
- out_unlock_daemon_list:
- 	mutex_unlock(&ecryptfs_daemon_hash_mux);
- 	return rc;
-@@ -147,7 +137,6 @@ ecryptfs_miscdev_release(struct inode *inode, struct file *file)
- 		       "bug.\n", __func__, rc);
- 		BUG();
- 	}
--	module_put(THIS_MODULE);
- 	return rc;
- }
- 
-@@ -315,7 +304,7 @@ check_list:
+@@ -304,7 +304,7 @@ check_list:
  		goto out_unlock_msg_ctx;
  	i = PKT_TYPE_SIZE + PKT_CTR_SIZE;
  	if (msg_ctx->msg) {
@@ -50807,28 +49629,11 @@ index 412e6ed..d8263e8 100644
  			goto out_unlock_msg_ctx;
  		i += packet_length_size;
  		if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))
-@@ -471,6 +460,7 @@ out_free:
- 
- 
- static const struct file_operations ecryptfs_miscdev_fops = {
-+	.owner   = THIS_MODULE,
- 	.open    = ecryptfs_miscdev_open,
- 	.poll    = ecryptfs_miscdev_poll,
- 	.read    = ecryptfs_miscdev_read,
 diff --git a/fs/ecryptfs/read_write.c b/fs/ecryptfs/read_write.c
-index b2a34a1..162fa69 100644
+index 6a16053..2155147 100644
 --- a/fs/ecryptfs/read_write.c
 +++ b/fs/ecryptfs/read_write.c
-@@ -48,7 +48,7 @@ int ecryptfs_write_lower(struct inode *ecryptfs_inode, char *data,
- 		return -EIO;
- 	fs_save = get_fs();
- 	set_fs(get_ds());
--	rc = vfs_write(lower_file, data, size, &offset);
-+	rc = vfs_write(lower_file, (const char __force_user *)data, size, &offset);
- 	set_fs(fs_save);
- 	mark_inode_dirty_sync(ecryptfs_inode);
- 	return rc;
-@@ -244,7 +244,7 @@ int ecryptfs_read_lower(char *data, loff_t offset, size_t size,
+@@ -240,7 +240,7 @@ int ecryptfs_read_lower(char *data, loff_t offset, size_t size,
  		return -EIO;
  	fs_save = get_fs();
  	set_fs(get_ds());
@@ -50838,7 +49643,7 @@ index b2a34a1..162fa69 100644
  	return rc;
  }
 diff --git a/fs/exec.c b/fs/exec.c
-index ac014f1..0bfe729 100644
+index 6d56ff2..b56586d 100644
 --- a/fs/exec.c
 +++ b/fs/exec.c
 @@ -55,8 +55,20 @@
@@ -51101,18 +49906,18 @@ index ac014f1..0bfe729 100644
 +
 +#if !defined(CONFIG_STACK_GROWSUP) && defined(CONFIG_PAX_RANDMMAP)
 +	if (!ret && (mm->pax_flags & MF_PAX_RANDMMAP) && STACK_TOP <= 0xFFFFFFFFU && STACK_TOP > vma->vm_end) {
-+		unsigned long size, flags, vm_flags;
++		unsigned long size;
++		vm_flags_t vm_flags;
 +
 +		size = STACK_TOP - vma->vm_end;
-+		flags = MAP_FIXED | MAP_PRIVATE;
 +		vm_flags = VM_NONE | VM_DONTEXPAND | VM_DONTDUMP;
 +
-+		ret = vma->vm_end != mmap_region(NULL, vma->vm_end, size, flags, vm_flags, 0);
++		ret = vma->vm_end != mmap_region(NULL, vma->vm_end, size, vm_flags, 0);
 +
 +#ifdef CONFIG_X86
 +		if (!ret) {
 +			size = mmap_min_addr + ((mm->delta_mmap ^ mm->delta_stack) & (0xFFUL << PAGE_SHIFT));
-+			ret = 0 != mmap_region(NULL, 0, PAGE_ALIGN(size), flags, vm_flags, 0);
++			ret = 0 != mmap_region(NULL, 0, PAGE_ALIGN(size), vm_flags, 0);
 +		}
 +#endif
 +
@@ -51222,7 +50027,7 @@ index ac014f1..0bfe729 100644
 +		goto out_file;
 +	}
 +
-+	if (!gr_acl_handle_execve(file->f_dentry, file->f_vfsmnt)) {
++	if (!gr_acl_handle_execve(file->f_path.dentry, file->f_path.mnt)) {
 +		retval = -EACCES;
 +		goto out_file;
 +	}
@@ -51260,7 +50065,7 @@ index ac014f1..0bfe729 100644
 +		goto out_fail;
 +	}
 +
-+	retval = gr_set_proc_label(file->f_dentry, file->f_vfsmnt,
++	retval = gr_set_proc_label(file->f_path.dentry, file->f_path.mnt,
 +					bprm->unsafe);
 +	if (retval < 0)
 +		goto out_fail;
@@ -51281,7 +50086,7 @@ index ac014f1..0bfe729 100644
 -		goto out;
 +		goto out_fail;
 +
-+	gr_log_chroot_exec(file->f_dentry, file->f_vfsmnt);
++	gr_log_chroot_exec(file->f_path.dentry, file->f_path.mnt);
 +
 +	gr_handle_exec_args(bprm, argv);
  
@@ -51315,7 +50120,7 @@ index ac014f1..0bfe729 100644
  out:
  	if (bprm->mm) {
  		acct_arg_size(bprm, 0);
-@@ -1700,3 +1871,278 @@ asmlinkage long compat_sys_execve(const char __user * filename,
+@@ -1700,3 +1871,283 @@ asmlinkage long compat_sys_execve(const char __user * filename,
  	return error;
  }
  #endif
@@ -51532,13 +50337,18 @@ index ac014f1..0bfe729 100644
 +{
 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
 +	unsigned long textlow = ktla_ktva((unsigned long)_stext);
++#ifdef CONFIG_MODULES
++	unsigned long texthigh = (unsigned long)MODULES_EXEC_VADDR;
++#else
 +	unsigned long texthigh = ktla_ktva((unsigned long)_etext);
++#endif
++
 +#else
 +	unsigned long textlow = _stext;
 +	unsigned long texthigh = _etext;	
 +#endif
 +
-+	if (high < textlow || low > texthigh)
++	if (high <= textlow || low > texthigh)
 +		return false;
 +	else
 +		return true;
@@ -51595,10 +50405,10 @@ index ac014f1..0bfe729 100644
 +EXPORT_SYMBOL(report_size_overflow);
 +#endif
 diff --git a/fs/ext2/balloc.c b/fs/ext2/balloc.c
-index 2616d0e..2ffdec9 100644
+index 9f9992b..8b59411 100644
 --- a/fs/ext2/balloc.c
 +++ b/fs/ext2/balloc.c
-@@ -1190,10 +1190,10 @@ static int ext2_has_free_blocks(struct ext2_sb_info *sbi)
+@@ -1184,10 +1184,10 @@ static int ext2_has_free_blocks(struct ext2_sb_info *sbi)
  
  	free_blocks = percpu_counter_read_positive(&sbi->s_freeblocks_counter);
  	root_blocks = le32_to_cpu(sbi->s_es->s_r_blocks_count);
@@ -51644,10 +50454,10 @@ index 92e68b3..115d987 100644
  		if (free_clusters >= (nclusters + dirty_clusters))
  			return 1;
 diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
-index bbcd6a0..2824592 100644
+index 3b83cd6..0f34dcd 100644
 --- a/fs/ext4/ext4.h
 +++ b/fs/ext4/ext4.h
-@@ -1265,19 +1265,19 @@ struct ext4_sb_info {
+@@ -1254,19 +1254,19 @@ struct ext4_sb_info {
  	unsigned long s_mb_last_start;
  
  	/* stats for buddy allocator */
@@ -51678,10 +50488,10 @@ index bbcd6a0..2824592 100644
  
  	/* locality groups */
 diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c
-index b443e62..a2109f6 100644
+index cf3025c..cac6011 100644
 --- a/fs/ext4/mballoc.c
 +++ b/fs/ext4/mballoc.c
-@@ -1747,7 +1747,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac,
+@@ -1754,7 +1754,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac,
  		BUG_ON(ac->ac_b_ex.fe_len != ac->ac_g_ex.fe_len);
  
  		if (EXT4_SB(sb)->s_mb_stats)
@@ -51690,7 +50500,7 @@ index b443e62..a2109f6 100644
  
  		break;
  	}
-@@ -2044,7 +2044,7 @@ repeat:
+@@ -2055,7 +2055,7 @@ repeat:
  			ac->ac_status = AC_STATUS_CONTINUE;
  			ac->ac_flags |= EXT4_MB_HINT_FIRST;
  			cr = 3;
@@ -51699,7 +50509,7 @@ index b443e62..a2109f6 100644
  			goto repeat;
  		}
  	}
-@@ -2552,25 +2552,25 @@ int ext4_mb_release(struct super_block *sb)
+@@ -2563,25 +2563,25 @@ int ext4_mb_release(struct super_block *sb)
  	if (sbi->s_mb_stats) {
  		ext4_msg(sb, KERN_INFO,
  		       "mballoc: %u blocks %u reqs (%u success)",
@@ -51735,7 +50545,7 @@ index b443e62..a2109f6 100644
  	}
  
  	free_percpu(sbi->s_locality_groups);
-@@ -3060,16 +3060,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac)
+@@ -3035,16 +3035,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac)
  	struct ext4_sb_info *sbi = EXT4_SB(ac->ac_sb);
  
  	if (sbi->s_mb_stats && ac->ac_g_ex.fe_len > 1) {
@@ -51758,7 +50568,7 @@ index b443e62..a2109f6 100644
  	}
  
  	if (ac->ac_op == EXT4_MB_HISTORY_ALLOC)
-@@ -3469,7 +3469,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac)
+@@ -3444,7 +3444,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac)
  	trace_ext4_mb_new_inode_pa(ac, pa);
  
  	ext4_mb_use_inode_pa(ac, pa);
@@ -51767,7 +50577,7 @@ index b443e62..a2109f6 100644
  
  	ei = EXT4_I(ac->ac_inode);
  	grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group);
-@@ -3529,7 +3529,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac)
+@@ -3504,7 +3504,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac)
  	trace_ext4_mb_new_group_pa(ac, pa);
  
  	ext4_mb_use_group_pa(ac, pa);
@@ -51776,7 +50586,7 @@ index b443e62..a2109f6 100644
  
  	grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group);
  	lg = ac->ac_lg;
-@@ -3618,7 +3618,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh,
+@@ -3593,7 +3593,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh,
  		 * from the bitmap and continue.
  		 */
  	}
@@ -51785,7 +50595,7 @@ index b443e62..a2109f6 100644
  
  	return err;
  }
-@@ -3636,7 +3636,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b,
+@@ -3611,7 +3611,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b,
  	ext4_get_group_no_and_offset(sb, pa->pa_pstart, &group, &bit);
  	BUG_ON(group != e4b->bd_group && pa->pa_len != 0);
  	mb_free_blocks(pa->pa_inode, e4b, bit, pa->pa_len);
@@ -51795,10 +50605,10 @@ index b443e62..a2109f6 100644
  
  	return 0;
 diff --git a/fs/ext4/super.c b/fs/ext4/super.c
-index 5575a45..12f7424 100644
+index febbe0e..782c4fd 100644
 --- a/fs/ext4/super.c
 +++ b/fs/ext4/super.c
-@@ -2432,7 +2432,7 @@ struct ext4_attr {
+@@ -2380,7 +2380,7 @@ struct ext4_attr {
  	ssize_t (*store)(struct ext4_attr *, struct ext4_sb_info *,
  			 const char *, size_t);
  	int offset;
@@ -51808,7 +50618,7 @@ index 5575a45..12f7424 100644
  static int parse_strtoul(const char *buf,
  		unsigned long max, unsigned long *value)
 diff --git a/fs/fcntl.c b/fs/fcntl.c
-index 71a600a..20d87b1 100644
+index 6599222..e7bf0de 100644
 --- a/fs/fcntl.c
 +++ b/fs/fcntl.c
 @@ -107,6 +107,11 @@ int __f_setown(struct file *filp, struct pid *pid, enum pid_type type,
@@ -51912,7 +50722,7 @@ index cf6f434..3d7942c 100644
  
  err_nocleanup:
 diff --git a/fs/file.c b/fs/file.c
-index 2b3570b..c57924b 100644
+index 3906d95..5fe379b 100644
 --- a/fs/file.c
 +++ b/fs/file.c
 @@ -16,6 +16,7 @@
@@ -51948,24 +50758,23 @@ index 2b3570b..c57924b 100644
  		return -EINVAL;
  	err = alloc_fd(from, flags);
 diff --git a/fs/filesystems.c b/fs/filesystems.c
-index da165f6..3671bdb 100644
+index 92567d9..fcd8cbf 100644
 --- a/fs/filesystems.c
 +++ b/fs/filesystems.c
-@@ -273,7 +273,12 @@ struct file_system_type *get_fs_type(const char *name)
+@@ -273,7 +273,11 @@ struct file_system_type *get_fs_type(const char *name)
  	int len = dot ? dot - name : strlen(name);
  
  	fs = __get_fs_type(name, len);
-+	
 +#ifdef CONFIG_GRKERNSEC_MODHARDEN
-+	if (!fs && (___request_module(true, "grsec_modharden_fs", "%.*s", len, name) == 0))
++	if (!fs && (___request_module(true, "grsec_modharden_fs", "fs-%.*s", len, name) == 0))
 +#else
- 	if (!fs && (request_module("%.*s", len, name) == 0))
+ 	if (!fs && (request_module("fs-%.*s", len, name) == 0))
 +#endif
  		fs = __get_fs_type(name, len);
  
  	if (dot && fs && !(fs->fs_flags & FS_HAS_SUBTYPE)) {
 diff --git a/fs/fs_struct.c b/fs/fs_struct.c
-index fe6ca58..65318cf 100644
+index d8ac61d..79a36f0 100644
 --- a/fs/fs_struct.c
 +++ b/fs/fs_struct.c
 @@ -4,6 +4,7 @@
@@ -51976,7 +50785,7 @@ index fe6ca58..65318cf 100644
  #include "internal.h"
  
  /*
-@@ -19,6 +20,7 @@ void set_fs_root(struct fs_struct *fs, struct path *path)
+@@ -19,6 +20,7 @@ void set_fs_root(struct fs_struct *fs, const struct path *path)
  	write_seqcount_begin(&fs->seq);
  	old_root = fs->root;
  	fs->root = *path;
@@ -51984,38 +50793,18 @@ index fe6ca58..65318cf 100644
  	write_seqcount_end(&fs->seq);
  	spin_unlock(&fs->lock);
  	if (old_root.dentry)
-@@ -53,6 +55,21 @@ static inline int replace_path(struct path *p, const struct path *old, const str
- 	return 1;
- }
- 
-+static inline int replace_root_path(struct task_struct *task, struct path *p, const struct path *old, struct path *new)
-+{
-+	if (likely(p->dentry != old->dentry || p->mnt != old->mnt))
-+		return 0;
-+	*p = *new;
-+
-+	/* This function is only called from pivot_root().  Leave our
-+	   gr_chroot_dentry and is_chrooted flags as-is, so that a
-+	   pivoted root isn't treated as a chroot
-+	*/
-+	//gr_set_chroot_entries(task, new);
-+
-+	return 1;
-+}
-+
- void chroot_fs_refs(struct path *old_root, struct path *new_root)
- {
- 	struct task_struct *g, *p;
-@@ -67,7 +84,7 @@ void chroot_fs_refs(struct path *old_root, struct path *new_root)
+@@ -67,6 +69,10 @@ void chroot_fs_refs(const struct path *old_root, const struct path *new_root)
  			int hits = 0;
  			spin_lock(&fs->lock);
  			write_seqcount_begin(&fs->seq);
--			hits += replace_path(&fs->root, old_root, new_root);
-+			hits += replace_root_path(p, &fs->root, old_root, new_root);
++			/* this root replacement is only done by pivot_root,
++			   leave grsec's chroot tagging alone for this task
++			   so that a pivoted root isn't treated as a chroot
++			*/
+ 			hits += replace_path(&fs->root, old_root, new_root);
  			hits += replace_path(&fs->pwd, old_root, new_root);
  			write_seqcount_end(&fs->seq);
- 			while (hits--) {
-@@ -99,7 +116,8 @@ void exit_fs(struct task_struct *tsk)
+@@ -99,7 +105,8 @@ void exit_fs(struct task_struct *tsk)
  		task_lock(tsk);
  		spin_lock(&fs->lock);
  		tsk->fs = NULL;
@@ -52025,7 +50814,7 @@ index fe6ca58..65318cf 100644
  		spin_unlock(&fs->lock);
  		task_unlock(tsk);
  		if (kill)
-@@ -112,7 +130,7 @@ struct fs_struct *copy_fs_struct(struct fs_struct *old)
+@@ -112,7 +119,7 @@ struct fs_struct *copy_fs_struct(struct fs_struct *old)
  	struct fs_struct *fs = kmem_cache_alloc(fs_cachep, GFP_KERNEL);
  	/* We don't need to lock fs - think why ;-) */
  	if (fs) {
@@ -52034,7 +50823,7 @@ index fe6ca58..65318cf 100644
  		fs->in_exec = 0;
  		spin_lock_init(&fs->lock);
  		seqcount_init(&fs->seq);
-@@ -121,6 +139,9 @@ struct fs_struct *copy_fs_struct(struct fs_struct *old)
+@@ -121,6 +128,9 @@ struct fs_struct *copy_fs_struct(struct fs_struct *old)
  		spin_lock(&old->lock);
  		fs->root = old->root;
  		path_get(&fs->root);
@@ -52044,7 +50833,7 @@ index fe6ca58..65318cf 100644
  		fs->pwd = old->pwd;
  		path_get(&fs->pwd);
  		spin_unlock(&old->lock);
-@@ -139,8 +160,9 @@ int unshare_fs_struct(void)
+@@ -139,8 +149,9 @@ int unshare_fs_struct(void)
  
  	task_lock(current);
  	spin_lock(&fs->lock);
@@ -52055,7 +50844,7 @@ index fe6ca58..65318cf 100644
  	spin_unlock(&fs->lock);
  	task_unlock(current);
  
-@@ -153,13 +175,13 @@ EXPORT_SYMBOL_GPL(unshare_fs_struct);
+@@ -153,13 +164,13 @@ EXPORT_SYMBOL_GPL(unshare_fs_struct);
  
  int current_umask(void)
  {
@@ -52072,7 +50861,7 @@ index fe6ca58..65318cf 100644
  	.seq		= SEQCNT_ZERO,
  	.umask		= 0022,
 diff --git a/fs/fscache/cookie.c b/fs/fscache/cookie.c
-index 8dcb114..b1072e2 100644
+index e2cba1f..17a25bb 100644
 --- a/fs/fscache/cookie.c
 +++ b/fs/fscache/cookie.c
 @@ -68,11 +68,11 @@ struct fscache_cookie *__fscache_acquire_cookie(
@@ -52140,7 +50929,7 @@ index 8dcb114..b1072e2 100644
  		_leave(" = -ENOMEDIUM [no cache]");
  		return -ENOMEDIUM;
  	}
-@@ -256,12 +256,12 @@ static int fscache_alloc_object(struct fscache_cache *cache,
+@@ -255,12 +255,12 @@ static int fscache_alloc_object(struct fscache_cache *cache,
  	object = cache->ops->alloc_object(cache, cookie);
  	fscache_stat_d(&fscache_n_cop_alloc_object);
  	if (IS_ERR(object)) {
@@ -52155,7 +50944,7 @@ index 8dcb114..b1072e2 100644
  
  	object->debug_id = atomic_inc_return(&fscache_object_debug_id);
  
-@@ -378,7 +378,7 @@ void __fscache_invalidate(struct fscache_cookie *cookie)
+@@ -376,7 +376,7 @@ void __fscache_invalidate(struct fscache_cookie *cookie)
  
  	_enter("{%s}", cookie->def->name);
  
@@ -52164,9 +50953,9 @@ index 8dcb114..b1072e2 100644
  
  	/* Only permit invalidation of data files.  Invalidating an index will
  	 * require the caller to release all its attachments to the tree rooted
-@@ -437,10 +437,10 @@ void __fscache_update_cookie(struct fscache_cookie *cookie)
+@@ -434,10 +434,10 @@ void __fscache_update_cookie(struct fscache_cookie *cookie)
+ {
  	struct fscache_object *object;
- 	struct hlist_node *_p;
  
 -	fscache_stat(&fscache_n_updates);
 +	fscache_stat_unchecked(&fscache_n_updates);
@@ -52177,7 +50966,7 @@ index 8dcb114..b1072e2 100644
  		_leave(" [no cookie]");
  		return;
  	}
-@@ -474,12 +474,12 @@ void __fscache_relinquish_cookie(struct fscache_cookie *cookie, int retire)
+@@ -471,12 +471,12 @@ void __fscache_relinquish_cookie(struct fscache_cookie *cookie, int retire)
  	struct fscache_object *object;
  	unsigned long event;
  
@@ -52193,7 +50982,7 @@ index 8dcb114..b1072e2 100644
  		_leave(" [no cookie]");
  		return;
  	}
-@@ -495,7 +495,7 @@ void __fscache_relinquish_cookie(struct fscache_cookie *cookie, int retire)
+@@ -492,7 +492,7 @@ void __fscache_relinquish_cookie(struct fscache_cookie *cookie, int retire)
  
  	/* wait for the cookie to finish being instantiated (or to fail) */
  	if (test_bit(FSCACHE_COOKIE_CREATING, &cookie->flags)) {
@@ -53444,10 +52233,10 @@ index 40d13c7..ddf52b9 100644
  	seq_printf(m, "CacheOp: alo=%d luo=%d luc=%d gro=%d\n",
  		   atomic_read(&fscache_n_cop_alloc_object),
 diff --git a/fs/fuse/cuse.c b/fs/fuse/cuse.c
-index e397b67..b0d8709 100644
+index 6f96a8d..6019bb9 100644
 --- a/fs/fuse/cuse.c
 +++ b/fs/fuse/cuse.c
-@@ -593,10 +593,12 @@ static int __init cuse_init(void)
+@@ -597,10 +597,12 @@ static int __init cuse_init(void)
  		INIT_LIST_HEAD(&cuse_conntbl[i]);
  
  	/* inherit and extend fuse_dev_operations */
@@ -53465,10 +52254,10 @@ index e397b67..b0d8709 100644
  	cuse_class = class_create(THIS_MODULE, "cuse");
  	if (IS_ERR(cuse_class))
 diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c
-index e83351a..41e3c9c 100644
+index 11dfa0c..6f64416 100644
 --- a/fs/fuse/dev.c
 +++ b/fs/fuse/dev.c
-@@ -1236,7 +1236,7 @@ static ssize_t fuse_dev_splice_read(struct file *in, loff_t *ppos,
+@@ -1294,7 +1294,7 @@ static ssize_t fuse_dev_splice_read(struct file *in, loff_t *ppos,
  	ret = 0;
  	pipe_lock(pipe);
  
@@ -53478,10 +52267,10 @@ index e83351a..41e3c9c 100644
  		if (!ret)
  			ret = -EPIPE;
 diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c
-index 315e1f8..91f890c 100644
+index ff15522..092a0f6 100644
 --- a/fs/fuse/dir.c
 +++ b/fs/fuse/dir.c
-@@ -1233,7 +1233,7 @@ static char *read_link(struct dentry *dentry)
+@@ -1409,7 +1409,7 @@ static char *read_link(struct dentry *dentry)
  	return link;
  }
  
@@ -53491,10 +52280,10 @@ index 315e1f8..91f890c 100644
  	if (!IS_ERR(link))
  		free_page((unsigned long) link);
 diff --git a/fs/gfs2/inode.c b/fs/gfs2/inode.c
-index 2b6f569..fcb4d1f 100644
+index cc00bd1..3edb692 100644
 --- a/fs/gfs2/inode.c
 +++ b/fs/gfs2/inode.c
-@@ -1499,7 +1499,7 @@ out:
+@@ -1500,7 +1500,7 @@ out:
  
  static void gfs2_put_link(struct dentry *dentry, struct nameidata *nd, void *p)
  {
@@ -53504,7 +52293,7 @@ index 2b6f569..fcb4d1f 100644
  		kfree(s);
  }
 diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c
-index ccee8cc..144b5d7 100644
+index a3f868a..bb308ae 100644
 --- a/fs/hugetlbfs/inode.c
 +++ b/fs/hugetlbfs/inode.c
 @@ -152,6 +152,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
@@ -53544,9 +52333,9 @@ index ccee8cc..144b5d7 100644
  	info.high_limit = TASK_SIZE;
  	info.align_mask = PAGE_MASK & ~huge_page_mask(h);
  	info.align_offset = 0;
-@@ -897,7 +907,7 @@ static struct file_system_type hugetlbfs_fs_type = {
- 	.kill_sb	= kill_litter_super,
+@@ -898,7 +908,7 @@ static struct file_system_type hugetlbfs_fs_type = {
  };
+ MODULE_ALIAS_FS("hugetlbfs");
  
 -static struct vfsmount *hugetlbfs_vfsmount[HUGE_MAX_HSTATE];
 +struct vfsmount *hugetlbfs_vfsmount[HUGE_MAX_HSTATE];
@@ -53554,10 +52343,10 @@ index ccee8cc..144b5d7 100644
  static int can_do_hugetlb_shm(void)
  {
 diff --git a/fs/inode.c b/fs/inode.c
-index b98540e..6a439ea 100644
+index a898b3d..9b5a214 100644
 --- a/fs/inode.c
 +++ b/fs/inode.c
-@@ -880,8 +880,8 @@ unsigned int get_next_ino(void)
+@@ -878,8 +878,8 @@ unsigned int get_next_ino(void)
  
  #ifdef CONFIG_SMP
  	if (unlikely((res & (LAST_INO_BATCH-1)) == 0)) {
@@ -53597,7 +52386,7 @@ index a6597d6..41b30ec 100644
  
  /*
 diff --git a/fs/jfs/super.c b/fs/jfs/super.c
-index 1a543be..a4e1363 100644
+index 2003e83..5e1975d 100644
 --- a/fs/jfs/super.c
 +++ b/fs/jfs/super.c
 @@ -225,7 +225,7 @@ static const match_table_t tokens = {
@@ -53618,7 +52407,7 @@ index 1a543be..a4e1363 100644
  				unload_nls(nls_map);
  			if (!strcmp(args[0].from, "none"))
  				nls_map = NULL;
-@@ -855,7 +855,7 @@ static int __init init_jfs_fs(void)
+@@ -856,7 +856,7 @@ static int __init init_jfs_fs(void)
  
  	jfs_inode_cachep =
  	    kmem_cache_create("jfs_ip", sizeof(struct jfs_inode_info), 0,
@@ -53656,7 +52445,7 @@ index 916da8c..1588998 100644
  					    next->d_inode->i_ino, 
  					    dt_type(next->d_inode)) < 0)
 diff --git a/fs/lockd/clntproc.c b/fs/lockd/clntproc.c
-index 54f9e6c..9ed908c 100644
+index 9760ecb..9b838ef 100644
 --- a/fs/lockd/clntproc.c
 +++ b/fs/lockd/clntproc.c
 @@ -36,11 +36,11 @@ static const struct rpc_call_ops nlmclnt_cancel_ops;
@@ -53674,7 +52463,7 @@ index 54f9e6c..9ed908c 100644
  	memcpy(c->data, &cookie, 4);
  	c->len=4;
 diff --git a/fs/locks.c b/fs/locks.c
-index a94e331..060bce3 100644
+index cb424a4..850e4dd 100644
 --- a/fs/locks.c
 +++ b/fs/locks.c
 @@ -2064,16 +2064,16 @@ void locks_remove_flock(struct file *filp)
@@ -53699,7 +52488,7 @@ index a94e331..060bce3 100644
  
  	lock_flocks();
 diff --git a/fs/namei.c b/fs/namei.c
-index ec97aef..e67718d 100644
+index 57ae9c8..b018eba 100644
 --- a/fs/namei.c
 +++ b/fs/namei.c
 @@ -319,16 +319,32 @@ int generic_permission(struct inode *inode, int mask)
@@ -53753,7 +52542,7 @@ index ec97aef..e67718d 100644
  	return -EACCES;
  }
  
-@@ -824,7 +832,7 @@ follow_link(struct path *link, struct nameidata *nd, void **p)
+@@ -820,7 +828,7 @@ follow_link(struct path *link, struct nameidata *nd, void **p)
  {
  	struct dentry *dentry = link->dentry;
  	int error;
@@ -53762,7 +52551,7 @@ index ec97aef..e67718d 100644
  
  	BUG_ON(nd->flags & LOOKUP_RCU);
  
-@@ -845,6 +853,12 @@ follow_link(struct path *link, struct nameidata *nd, void **p)
+@@ -841,6 +849,12 @@ follow_link(struct path *link, struct nameidata *nd, void **p)
  	if (error)
  		goto out_put_nd_path;
  
@@ -53775,16 +52564,16 @@ index ec97aef..e67718d 100644
  	nd->last_type = LAST_BIND;
  	*p = dentry->d_inode->i_op->follow_link(dentry, nd);
  	error = PTR_ERR(*p);
-@@ -1594,6 +1608,8 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd)
+@@ -1588,6 +1602,8 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd)
+ 		if (res)
  			break;
- 		res = walk_component(nd, path, &nd->last,
- 				     nd->last_type, LOOKUP_FOLLOW);
+ 		res = walk_component(nd, path, LOOKUP_FOLLOW);
 +		if (res >= 0 && gr_handle_symlink_owner(&link, nd->inode))
 +			res = -EACCES;
  		put_link(nd, &link, cookie);
  	} while (res > 0);
  
-@@ -1692,7 +1708,7 @@ EXPORT_SYMBOL(full_name_hash);
+@@ -1686,7 +1702,7 @@ EXPORT_SYMBOL(full_name_hash);
  static inline unsigned long hash_name(const char *name, unsigned int *hashp)
  {
  	unsigned long a, b, adata, bdata, mask, hash, len;
@@ -53793,7 +52582,7 @@ index ec97aef..e67718d 100644
  
  	hash = a = 0;
  	len = -sizeof(unsigned long);
-@@ -1977,6 +1993,8 @@ static int path_lookupat(int dfd, const char *name,
+@@ -1968,6 +1984,8 @@ static int path_lookupat(int dfd, const char *name,
  			if (err)
  				break;
  			err = lookup_last(nd, &path);
@@ -53802,7 +52591,7 @@ index ec97aef..e67718d 100644
  			put_link(nd, &link, cookie);
  		}
  	}
-@@ -1984,6 +2002,13 @@ static int path_lookupat(int dfd, const char *name,
+@@ -1975,6 +1993,13 @@ static int path_lookupat(int dfd, const char *name,
  	if (!err)
  		err = complete_walk(nd);
  
@@ -53816,7 +52605,7 @@ index ec97aef..e67718d 100644
  	if (!err && nd->flags & LOOKUP_DIRECTORY) {
  		if (!nd->inode->i_op->lookup) {
  			path_put(&nd->path);
-@@ -2011,8 +2036,15 @@ static int filename_lookup(int dfd, struct filename *name,
+@@ -2002,8 +2027,15 @@ static int filename_lookup(int dfd, struct filename *name,
  		retval = path_lookupat(dfd, name->name,
  						flags | LOOKUP_REVAL, nd);
  
@@ -53833,7 +52622,7 @@ index ec97aef..e67718d 100644
  	return retval;
  }
  
-@@ -2390,6 +2422,13 @@ static int may_open(struct path *path, int acc_mode, int flag)
+@@ -2381,6 +2413,13 @@ static int may_open(struct path *path, int acc_mode, int flag)
  	if (flag & O_NOATIME && !inode_owner_or_capable(inode))
  		return -EPERM;
  
@@ -53847,7 +52636,7 @@ index ec97aef..e67718d 100644
  	return 0;
  }
  
-@@ -2611,7 +2650,7 @@ looked_up:
+@@ -2602,7 +2641,7 @@ looked_up:
   * cleared otherwise prior to returning.
   */
  static int lookup_open(struct nameidata *nd, struct path *path,
@@ -53856,7 +52645,7 @@ index ec97aef..e67718d 100644
  			const struct open_flags *op,
  			bool got_write, int *opened)
  {
-@@ -2646,6 +2685,17 @@ static int lookup_open(struct nameidata *nd, struct path *path,
+@@ -2637,6 +2676,17 @@ static int lookup_open(struct nameidata *nd, struct path *path,
  	/* Negative dentry, just create the file */
  	if (!dentry->d_inode && (op->open_flag & O_CREAT)) {
  		umode_t mode = op->mode;
@@ -53874,7 +52663,7 @@ index ec97aef..e67718d 100644
  		if (!IS_POSIXACL(dir->d_inode))
  			mode &= ~current_umask();
  		/*
-@@ -2667,6 +2717,8 @@ static int lookup_open(struct nameidata *nd, struct path *path,
+@@ -2658,6 +2708,8 @@ static int lookup_open(struct nameidata *nd, struct path *path,
  				   nd->flags & LOOKUP_EXCL);
  		if (error)
  			goto out_dput;
@@ -53883,7 +52672,7 @@ index ec97aef..e67718d 100644
  	}
  out_no_open:
  	path->dentry = dentry;
-@@ -2681,7 +2733,7 @@ out_dput:
+@@ -2672,7 +2724,7 @@ out_dput:
  /*
   * Handle the last step of open()
   */
@@ -53892,7 +52681,7 @@ index ec97aef..e67718d 100644
  		   struct file *file, const struct open_flags *op,
  		   int *opened, struct filename *name)
  {
-@@ -2710,16 +2762,32 @@ static int do_last(struct nameidata *nd, struct path *path,
+@@ -2701,16 +2753,32 @@ static int do_last(struct nameidata *nd, struct path *path,
  		error = complete_walk(nd);
  		if (error)
  			return error;
@@ -53925,7 +52714,7 @@ index ec97aef..e67718d 100644
  		audit_inode(name, dir, 0);
  		goto finish_open;
  	}
-@@ -2768,7 +2836,7 @@ retry_lookup:
+@@ -2759,7 +2827,7 @@ retry_lookup:
  		 */
  	}
  	mutex_lock(&dir->d_inode->i_mutex);
@@ -53934,7 +52723,7 @@ index ec97aef..e67718d 100644
  	mutex_unlock(&dir->d_inode->i_mutex);
  
  	if (error <= 0) {
-@@ -2792,11 +2860,28 @@ retry_lookup:
+@@ -2783,11 +2851,28 @@ retry_lookup:
  		goto finish_open_created;
  	}
  
@@ -53964,7 +52753,7 @@ index ec97aef..e67718d 100644
  
  	/*
  	 * If atomic_open() acquired write access it is dropped now due to
-@@ -2837,6 +2922,11 @@ finish_lookup:
+@@ -2828,6 +2913,11 @@ finish_lookup:
  			}
  		}
  		BUG_ON(inode != path->dentry->d_inode);
@@ -53976,7 +52765,7 @@ index ec97aef..e67718d 100644
  		return 1;
  	}
  
-@@ -2846,7 +2936,6 @@ finish_lookup:
+@@ -2837,7 +2927,6 @@ finish_lookup:
  		save_parent.dentry = nd->path.dentry;
  		save_parent.mnt = mntget(path->mnt);
  		nd->path.dentry = path->dentry;
@@ -53984,7 +52773,7 @@ index ec97aef..e67718d 100644
  	}
  	nd->inode = inode;
  	/* Why this, you ask?  _Now_ we might have grown LOOKUP_JUMPED... */
-@@ -2855,6 +2944,16 @@ finish_lookup:
+@@ -2846,6 +2935,16 @@ finish_lookup:
  		path_put(&save_parent);
  		return error;
  	}
@@ -54001,7 +52790,7 @@ index ec97aef..e67718d 100644
  	error = -EISDIR;
  	if ((open_flag & O_CREAT) && S_ISDIR(nd->inode->i_mode))
  		goto out;
-@@ -2953,7 +3052,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,
+@@ -2944,7 +3043,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,
  	if (unlikely(error))
  		goto out;
  
@@ -54010,7 +52799,7 @@ index ec97aef..e67718d 100644
  	while (unlikely(error > 0)) { /* trailing symlink */
  		struct path link = path;
  		void *cookie;
-@@ -2971,7 +3070,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,
+@@ -2962,7 +3061,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,
  		error = follow_link(&link, nd, &cookie);
  		if (unlikely(error))
  			break;
@@ -54019,7 +52808,7 @@ index ec97aef..e67718d 100644
  		put_link(nd, &link, cookie);
  	}
  out:
-@@ -3071,8 +3170,12 @@ struct dentry *kern_path_create(int dfd, const char *pathname,
+@@ -3062,8 +3161,12 @@ struct dentry *kern_path_create(int dfd, const char *pathname,
  		goto unlock;
  
  	error = -EEXIST;
@@ -54033,7 +52822,7 @@ index ec97aef..e67718d 100644
  	/*
  	 * Special case - lookup gave negative, but... we had foo/bar/
  	 * From the vfs_mknod() POV we just have a negative dentry -
-@@ -3124,6 +3227,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname,
+@@ -3115,6 +3218,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname,
  }
  EXPORT_SYMBOL(user_path_create);
  
@@ -54054,7 +52843,7 @@ index ec97aef..e67718d 100644
  int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
  {
  	int error = may_create(dir, dentry);
-@@ -3186,6 +3303,17 @@ retry:
+@@ -3177,6 +3294,17 @@ retry:
  
  	if (!IS_POSIXACL(path.dentry->d_inode))
  		mode &= ~current_umask();
@@ -54072,7 +52861,7 @@ index ec97aef..e67718d 100644
  	error = security_path_mknod(&path, dentry, mode, dev);
  	if (error)
  		goto out;
-@@ -3202,6 +3330,8 @@ retry:
+@@ -3193,6 +3321,8 @@ retry:
  			break;
  	}
  out:
@@ -54081,7 +52870,7 @@ index ec97aef..e67718d 100644
  	done_path_create(&path, dentry);
  	if (retry_estale(error, lookup_flags)) {
  		lookup_flags |= LOOKUP_REVAL;
-@@ -3254,9 +3384,16 @@ retry:
+@@ -3245,9 +3375,16 @@ retry:
  
  	if (!IS_POSIXACL(path.dentry->d_inode))
  		mode &= ~current_umask();
@@ -54098,7 +52887,7 @@ index ec97aef..e67718d 100644
  	done_path_create(&path, dentry);
  	if (retry_estale(error, lookup_flags)) {
  		lookup_flags |= LOOKUP_REVAL;
-@@ -3337,6 +3474,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
+@@ -3328,6 +3465,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
  	struct filename *name;
  	struct dentry *dentry;
  	struct nameidata nd;
@@ -54107,7 +52896,7 @@ index ec97aef..e67718d 100644
  	unsigned int lookup_flags = 0;
  retry:
  	name = user_path_parent(dfd, pathname, &nd, lookup_flags);
-@@ -3369,10 +3508,21 @@ retry:
+@@ -3360,10 +3499,21 @@ retry:
  		error = -ENOENT;
  		goto exit3;
  	}
@@ -54129,7 +52918,7 @@ index ec97aef..e67718d 100644
  exit3:
  	dput(dentry);
  exit2:
-@@ -3438,6 +3588,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
+@@ -3429,6 +3579,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
  	struct dentry *dentry;
  	struct nameidata nd;
  	struct inode *inode = NULL;
@@ -54138,7 +52927,7 @@ index ec97aef..e67718d 100644
  	unsigned int lookup_flags = 0;
  retry:
  	name = user_path_parent(dfd, pathname, &nd, lookup_flags);
-@@ -3464,10 +3616,22 @@ retry:
+@@ -3455,10 +3607,22 @@ retry:
  		if (!inode)
  			goto slashes;
  		ihold(inode);
@@ -54161,7 +52950,7 @@ index ec97aef..e67718d 100644
  exit2:
  		dput(dentry);
  	}
-@@ -3545,9 +3709,17 @@ retry:
+@@ -3536,9 +3700,17 @@ retry:
  	if (IS_ERR(dentry))
  		goto out_putname;
  
@@ -54179,7 +52968,7 @@ index ec97aef..e67718d 100644
  	done_path_create(&path, dentry);
  	if (retry_estale(error, lookup_flags)) {
  		lookup_flags |= LOOKUP_REVAL;
-@@ -3621,6 +3793,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
+@@ -3612,6 +3784,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
  {
  	struct dentry *new_dentry;
  	struct path old_path, new_path;
@@ -54187,7 +52976,7 @@ index ec97aef..e67718d 100644
  	int how = 0;
  	int error;
  
-@@ -3644,7 +3817,7 @@ retry:
+@@ -3635,7 +3808,7 @@ retry:
  	if (error)
  		return error;
  
@@ -54196,7 +52985,7 @@ index ec97aef..e67718d 100644
  					(how & LOOKUP_REVAL));
  	error = PTR_ERR(new_dentry);
  	if (IS_ERR(new_dentry))
-@@ -3656,11 +3829,28 @@ retry:
+@@ -3647,11 +3820,28 @@ retry:
  	error = may_linkat(&old_path);
  	if (unlikely(error))
  		goto out_dput;
@@ -54225,7 +53014,7 @@ index ec97aef..e67718d 100644
  	done_path_create(&new_path, new_dentry);
  	if (retry_estale(error, how)) {
  		how |= LOOKUP_REVAL;
-@@ -3906,12 +4096,21 @@ retry:
+@@ -3897,12 +4087,21 @@ retry:
  	if (new_dentry == trap)
  		goto exit5;
  
@@ -54247,7 +53036,7 @@ index ec97aef..e67718d 100644
  exit5:
  	dput(new_dentry);
  exit4:
-@@ -3943,6 +4142,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna
+@@ -3934,6 +4133,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna
  
  int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link)
  {
@@ -54256,7 +53045,7 @@ index ec97aef..e67718d 100644
  	int len;
  
  	len = PTR_ERR(link);
-@@ -3952,7 +4153,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c
+@@ -3943,7 +4144,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c
  	len = strlen(link);
  	if (len > (unsigned) buflen)
  		len = buflen;
@@ -54273,7 +53062,7 @@ index ec97aef..e67718d 100644
  out:
  	return len;
 diff --git a/fs/namespace.c b/fs/namespace.c
-index 5dd7709..6f64e9c 100644
+index e945b81..1dd8104 100644
 --- a/fs/namespace.c
 +++ b/fs/namespace.c
 @@ -1219,6 +1219,9 @@ static int do_umount(struct mount *mnt, int flags)
@@ -54296,16 +53085,7 @@ index 5dd7709..6f64e9c 100644
  	return retval;
  }
  
-@@ -1713,7 +1719,7 @@ static int do_loopback(struct path *path, const char *old_name,
- 
- 	if (IS_ERR(mnt)) {
- 		err = PTR_ERR(mnt);
--		goto out;
-+		goto out2;
- 	}
- 
- 	err = graft_tree(mnt, path);
-@@ -2294,6 +2300,16 @@ long do_mount(const char *dev_name, const char *dir_name,
+@@ -2267,6 +2273,16 @@ long do_mount(const char *dev_name, const char *dir_name,
  		   MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT |
  		   MS_STRICTATIME);
  
@@ -54322,7 +53102,7 @@ index 5dd7709..6f64e9c 100644
  	if (flags & MS_REMOUNT)
  		retval = do_remount(&path, flags & ~MS_REMOUNT, mnt_flags,
  				    data_page);
-@@ -2308,6 +2324,9 @@ long do_mount(const char *dev_name, const char *dir_name,
+@@ -2281,6 +2297,9 @@ long do_mount(const char *dev_name, const char *dir_name,
  				      dev_name, data_page);
  dput_out:
  	path_put(&path);
@@ -54332,7 +53112,7 @@ index 5dd7709..6f64e9c 100644
  	return retval;
  }
  
-@@ -2594,6 +2613,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root,
+@@ -2567,6 +2586,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root,
  	if (error)
  		goto out2;
  
@@ -54344,7 +53124,7 @@ index 5dd7709..6f64e9c 100644
  	get_fs_root(current->fs, &root);
  	error = lock_mount(&old);
  	if (error)
-@@ -2842,7 +2866,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns)
+@@ -2815,7 +2839,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns)
  	    !nsown_capable(CAP_SYS_ADMIN))
  		return -EPERM;
  
@@ -54367,10 +53147,10 @@ index 59461c9..b17c57e 100644
  static struct callback_op callback_ops[];
  
 diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c
-index ebeb94c..ff35337 100644
+index 1f94167..79c4ce4 100644
 --- a/fs/nfs/inode.c
 +++ b/fs/nfs/inode.c
-@@ -1042,16 +1042,16 @@ static int nfs_size_need_update(const struct inode *inode, const struct nfs_fatt
+@@ -1041,16 +1041,16 @@ static int nfs_size_need_update(const struct inode *inode, const struct nfs_fatt
  	return nfs_size_to_loff_t(fattr->size) > i_size_read(inode);
  }
  
@@ -54391,10 +53171,10 @@ index ebeb94c..ff35337 100644
  
  void nfs_fattr_init(struct nfs_fattr *fattr)
 diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
-index ec668e1..831ae05 100644
+index 8288b08..4a140d4 100644
 --- a/fs/nfsd/nfs4proc.c
 +++ b/fs/nfsd/nfs4proc.c
-@@ -1097,7 +1097,7 @@ struct nfsd4_operation {
+@@ -1098,7 +1098,7 @@ struct nfsd4_operation {
  	nfsd4op_rsize op_rsize_bop;
  	stateid_getter op_get_currentstateid;
  	stateid_setter op_set_currentstateid;
@@ -54404,10 +53184,10 @@ index ec668e1..831ae05 100644
  static struct nfsd4_operation nfsd4_ops[];
  
 diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
-index cd5e6c1..4183d56 100644
+index 6eb0dc5..29067a9 100644
 --- a/fs/nfsd/nfs4xdr.c
 +++ b/fs/nfsd/nfs4xdr.c
-@@ -1450,7 +1450,7 @@ nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p)
+@@ -1457,7 +1457,7 @@ nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p)
  
  typedef __be32(*nfsd4_dec)(struct nfsd4_compoundargs *argp, void *);
  
@@ -54416,7 +53196,7 @@ index cd5e6c1..4183d56 100644
  	[OP_ACCESS]		= (nfsd4_dec)nfsd4_decode_access,
  	[OP_CLOSE]		= (nfsd4_dec)nfsd4_decode_close,
  	[OP_COMMIT]		= (nfsd4_dec)nfsd4_decode_commit,
-@@ -1490,7 +1490,7 @@ static nfsd4_dec nfsd4_dec_ops[] = {
+@@ -1497,7 +1497,7 @@ static nfsd4_dec nfsd4_dec_ops[] = {
  	[OP_RELEASE_LOCKOWNER]	= (nfsd4_dec)nfsd4_decode_release_lockowner,
  };
  
@@ -54425,7 +53205,7 @@ index cd5e6c1..4183d56 100644
  	[OP_ACCESS]		= (nfsd4_dec)nfsd4_decode_access,
  	[OP_CLOSE]		= (nfsd4_dec)nfsd4_decode_close,
  	[OP_COMMIT]		= (nfsd4_dec)nfsd4_decode_commit,
-@@ -1552,7 +1552,7 @@ static nfsd4_dec nfsd41_dec_ops[] = {
+@@ -1559,7 +1559,7 @@ static nfsd4_dec nfsd41_dec_ops[] = {
  };
  
  struct nfsd4_minorversion_ops {
@@ -54435,11 +53215,17 @@ index cd5e6c1..4183d56 100644
  };
  
 diff --git a/fs/nfsd/nfscache.c b/fs/nfsd/nfscache.c
-index 2cbac34..6dc3889 100644
+index ca05f6d..411a576 100644
 --- a/fs/nfsd/nfscache.c
 +++ b/fs/nfsd/nfscache.c
-@@ -264,8 +264,10 @@ nfsd_cache_update(struct svc_rqst *rqstp, int cachetype, __be32 *statp)
- 	if (!(rp = rqstp->rq_cacherep) || cache_disabled)
+@@ -461,13 +461,15 @@ nfsd_cache_update(struct svc_rqst *rqstp, int cachetype, __be32 *statp)
+ {
+ 	struct svc_cacherep *rp = rqstp->rq_cacherep;
+ 	struct kvec	*resv = &rqstp->rq_res.head[0], *cachv;
+-	int		len;
++	long		len;
+ 
+ 	if (!rp)
  		return;
  
 -	len = resv->iov_len - ((char*)statp - (char*)resv->iov_base);
@@ -54452,7 +53238,7 @@ index 2cbac34..6dc3889 100644
  	/* Don't cache excessive amounts of data and XDR failures */
  	if (!statp || len > (256 >> 2)) {
 diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
-index 69c6413..c0408d2 100644
+index 2b2e239..c915b48 100644
 --- a/fs/nfsd/vfs.c
 +++ b/fs/nfsd/vfs.c
 @@ -939,7 +939,7 @@ nfsd_vfs_read(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file,
@@ -54566,7 +53352,7 @@ index e7bc1d7..06bd4bb 100644
  	}
  
 diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c
-index 9ff4a5e..deb1f0f 100644
+index 5d84442..bf24453 100644
 --- a/fs/notify/fanotify/fanotify_user.c
 +++ b/fs/notify/fanotify/fanotify_user.c
 @@ -251,8 +251,8 @@ static ssize_t copy_event_to_user(struct fsnotify_group *group,
@@ -54603,7 +53389,7 @@ index 7b51b05..5ea5ef6 100644
  EXPORT_SYMBOL_GPL(fsnotify_get_cookie);
  
 diff --git a/fs/ntfs/dir.c b/fs/ntfs/dir.c
-index 99e3610..02c1068 100644
+index aa411c3..c260a84 100644
 --- a/fs/ntfs/dir.c
 +++ b/fs/ntfs/dir.c
 @@ -1329,7 +1329,7 @@ find_next_index_buffer:
@@ -54629,10 +53415,10 @@ index 5b2d4f0..c6de396 100644
 -const struct inode_operations ntfs_empty_inode_ops = {};
 +const struct inode_operations ntfs_empty_inode_ops __read_only;
 diff --git a/fs/ocfs2/localalloc.c b/fs/ocfs2/localalloc.c
-index a9f78c7..ed8a381 100644
+index aebeacd..0dcdd26 100644
 --- a/fs/ocfs2/localalloc.c
 +++ b/fs/ocfs2/localalloc.c
-@@ -1279,7 +1279,7 @@ static int ocfs2_local_alloc_slide_window(struct ocfs2_super *osb,
+@@ -1278,7 +1278,7 @@ static int ocfs2_local_alloc_slide_window(struct ocfs2_super *osb,
  		goto bail;
  	}
  
@@ -54721,7 +53507,7 @@ index b7e74b5..19c6536 100644
  		}
  	}
 diff --git a/fs/ocfs2/super.c b/fs/ocfs2/super.c
-index 0e91ec2..f4b3fc6 100644
+index 01b8516..579c4df 100644
 --- a/fs/ocfs2/super.c
 +++ b/fs/ocfs2/super.c
 @@ -301,11 +301,11 @@ static int ocfs2_osb_dump(struct ocfs2_super *osb, char *buf, int len)
@@ -54741,7 +53527,7 @@ index 0e91ec2..f4b3fc6 100644
  
  	out += snprintf(buf + out, len - out,
  			"%10s => State: %u  Descriptor: %llu  Size: %u bits  "
-@@ -2121,11 +2121,11 @@ static int ocfs2_initialize_super(struct super_block *sb,
+@@ -2122,11 +2122,11 @@ static int ocfs2_initialize_super(struct super_block *sb,
  	spin_lock_init(&osb->osb_xattr_lock);
  	ocfs2_init_steal_slots(osb);
  
@@ -54759,19 +53545,19 @@ index 0e91ec2..f4b3fc6 100644
  	/* Copy the blockcheck stats from the superblock probe */
  	osb->osb_ecc_stats = *stats;
 diff --git a/fs/open.c b/fs/open.c
-index 9b33c0c..2ffcca2 100644
+index 6835446..eadf09f 100644
 --- a/fs/open.c
 +++ b/fs/open.c
-@@ -31,6 +31,8 @@
- #include <linux/ima.h>
+@@ -32,6 +32,8 @@
  #include <linux/dnotify.h>
+ #include <linux/compat.h>
  
 +#define CREATE_TRACE_POINTS
 +#include <trace/events/fs.h>
  #include "internal.h"
  
  int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs,
-@@ -101,6 +103,8 @@ long vfs_truncate(struct path *path, loff_t length)
+@@ -102,6 +104,8 @@ long vfs_truncate(struct path *path, loff_t length)
  	error = locks_verify_truncate(inode, NULL, length);
  	if (!error)
  		error = security_path_truncate(path);
@@ -54780,7 +53566,7 @@ index 9b33c0c..2ffcca2 100644
  	if (!error)
  		error = do_truncate(path->dentry, length, 0, NULL);
  
-@@ -178,6 +182,8 @@ static long do_sys_ftruncate(unsigned int fd, loff_t length, int small)
+@@ -186,6 +190,8 @@ static long do_sys_ftruncate(unsigned int fd, loff_t length, int small)
  	error = locks_verify_truncate(inode, f.file, length);
  	if (!error)
  		error = security_path_truncate(&f.file->f_path);
@@ -54789,7 +53575,7 @@ index 9b33c0c..2ffcca2 100644
  	if (!error)
  		error = do_truncate(dentry, length, ATTR_MTIME|ATTR_CTIME, f.file);
  	sb_end_write(inode->i_sb);
-@@ -373,6 +379,9 @@ retry:
+@@ -388,6 +394,9 @@ retry:
  	if (__mnt_is_readonly(path.mnt))
  		res = -EROFS;
  
@@ -54799,7 +53585,7 @@ index 9b33c0c..2ffcca2 100644
  out_path_release:
  	path_put(&path);
  	if (retry_estale(res, lookup_flags)) {
-@@ -404,6 +413,8 @@ retry:
+@@ -419,6 +428,8 @@ retry:
  	if (error)
  		goto dput_and_out;
  
@@ -54808,7 +53594,7 @@ index 9b33c0c..2ffcca2 100644
  	set_fs_pwd(current->fs, &path);
  
  dput_and_out:
-@@ -433,6 +444,13 @@ SYSCALL_DEFINE1(fchdir, unsigned int, fd)
+@@ -448,6 +459,13 @@ SYSCALL_DEFINE1(fchdir, unsigned int, fd)
  		goto out_putf;
  
  	error = inode_permission(inode, MAY_EXEC | MAY_CHDIR);
@@ -54822,7 +53608,7 @@ index 9b33c0c..2ffcca2 100644
  	if (!error)
  		set_fs_pwd(current->fs, &f.file->f_path);
  out_putf:
-@@ -462,7 +480,13 @@ retry:
+@@ -477,7 +495,13 @@ retry:
  	if (error)
  		goto dput_and_out;
  
@@ -54836,7 +53622,7 @@ index 9b33c0c..2ffcca2 100644
  	error = 0;
  dput_and_out:
  	path_put(&path);
-@@ -484,6 +508,16 @@ static int chmod_common(struct path *path, umode_t mode)
+@@ -499,6 +523,16 @@ static int chmod_common(struct path *path, umode_t mode)
  	if (error)
  		return error;
  	mutex_lock(&inode->i_mutex);
@@ -54853,7 +53639,7 @@ index 9b33c0c..2ffcca2 100644
  	error = security_path_chmod(path, mode);
  	if (error)
  		goto out_unlock;
-@@ -544,6 +578,9 @@ static int chown_common(struct path *path, uid_t user, gid_t group)
+@@ -559,6 +593,9 @@ static int chown_common(struct path *path, uid_t user, gid_t group)
  	uid = make_kuid(current_user_ns(), user);
  	gid = make_kgid(current_user_ns(), group);
  
@@ -54863,7 +53649,7 @@ index 9b33c0c..2ffcca2 100644
  	newattrs.ia_valid =  ATTR_CTIME;
  	if (user != (uid_t) -1) {
  		if (!uid_valid(uid))
-@@ -960,6 +997,7 @@ long do_sys_open(int dfd, const char __user *filename, int flags, umode_t mode)
+@@ -974,6 +1011,7 @@ long do_sys_open(int dfd, const char __user *filename, int flags, umode_t mode)
  			} else {
  				fsnotify_open(f);
  				fd_install(fd, f);
@@ -54872,7 +53658,7 @@ index 9b33c0c..2ffcca2 100644
  		}
  		putname(tmp);
 diff --git a/fs/pipe.c b/fs/pipe.c
-index 8e2e73f..1ef1048 100644
+index 2234f3f..f9083a1 100644
 --- a/fs/pipe.c
 +++ b/fs/pipe.c
 @@ -438,9 +438,9 @@ redo:
@@ -55030,7 +53816,7 @@ index 15af622..0e9f4467 100644
   	help
  	  Various /proc files exist to monitor process memory utilization:
 diff --git a/fs/proc/array.c b/fs/proc/array.c
-index be3c22f..0df1564 100644
+index cbd0f1b..adec3f0 100644
 --- a/fs/proc/array.c
 +++ b/fs/proc/array.c
 @@ -60,6 +60,7 @@
@@ -55103,7 +53889,7 @@ index be3c22f..0df1564 100644
  	vsize = eip = esp = 0;
  	permitted = ptrace_may_access(task, PTRACE_MODE_READ | PTRACE_MODE_NOAUDIT);
 @@ -476,6 +514,19 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
- 		gtime = task->gtime;
+ 		gtime = task_gtime(task);
  	}
  
 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
@@ -55183,10 +53969,10 @@ index be3c22f..0df1564 100644
  static struct pid *
  get_children_pid(struct inode *inode, struct pid *pid_prev, loff_t pos)
 diff --git a/fs/proc/base.c b/fs/proc/base.c
-index 9b43ff77..0fa9564 100644
+index 69078c7..3e12a75 100644
 --- a/fs/proc/base.c
 +++ b/fs/proc/base.c
-@@ -111,6 +111,14 @@ struct pid_entry {
+@@ -112,6 +112,14 @@ struct pid_entry {
  	union proc_op op;
  };
  
@@ -55201,7 +53987,7 @@ index 9b43ff77..0fa9564 100644
  #define NOD(NAME, MODE, IOP, FOP, OP) {			\
  	.name = (NAME),					\
  	.len  = sizeof(NAME) - 1,			\
-@@ -208,6 +216,9 @@ static int proc_pid_cmdline(struct task_struct *task, char * buffer)
+@@ -209,6 +217,9 @@ static int proc_pid_cmdline(struct task_struct *task, char * buffer)
  	if (!mm->arg_end)
  		goto out_mm;	/* Shh! No looking before we're done */
  
@@ -55211,7 +53997,7 @@ index 9b43ff77..0fa9564 100644
   	len = mm->arg_end - mm->arg_start;
   
  	if (len > PAGE_SIZE)
-@@ -235,12 +246,28 @@ out:
+@@ -236,12 +247,28 @@ out:
  	return res;
  }
  
@@ -55240,7 +54026,7 @@ index 9b43ff77..0fa9564 100644
  		do {
  			nwords += 2;
  		} while (mm->saved_auxv[nwords - 2] != 0); /* AT_NULL */
-@@ -254,7 +281,7 @@ static int proc_pid_auxv(struct task_struct *task, char *buffer)
+@@ -255,7 +282,7 @@ static int proc_pid_auxv(struct task_struct *task, char *buffer)
  }
  
  
@@ -55249,7 +54035,7 @@ index 9b43ff77..0fa9564 100644
  /*
   * Provides a wchan file via kallsyms in a proper one-value-per-file format.
   * Returns the resolved symbol.  If that fails, simply return the address.
-@@ -293,7 +320,7 @@ static void unlock_trace(struct task_struct *task)
+@@ -294,7 +321,7 @@ static void unlock_trace(struct task_struct *task)
  	mutex_unlock(&task->signal->cred_guard_mutex);
  }
  
@@ -55258,7 +54044,7 @@ index 9b43ff77..0fa9564 100644
  
  #define MAX_STACK_TRACE_DEPTH	64
  
-@@ -485,7 +512,7 @@ static int proc_pid_limits(struct task_struct *task, char *buffer)
+@@ -486,7 +513,7 @@ static int proc_pid_limits(struct task_struct *task, char *buffer)
  	return count;
  }
  
@@ -55267,7 +54053,7 @@ index 9b43ff77..0fa9564 100644
  static int proc_pid_syscall(struct task_struct *task, char *buffer)
  {
  	long nr;
-@@ -514,7 +541,7 @@ static int proc_pid_syscall(struct task_struct *task, char *buffer)
+@@ -515,7 +542,7 @@ static int proc_pid_syscall(struct task_struct *task, char *buffer)
  /************************************************************************/
  
  /* permission checks */
@@ -55276,7 +54062,7 @@ index 9b43ff77..0fa9564 100644
  {
  	struct task_struct *task;
  	int allowed = 0;
-@@ -524,7 +551,10 @@ static int proc_fd_access_allowed(struct inode *inode)
+@@ -525,7 +552,10 @@ static int proc_fd_access_allowed(struct inode *inode)
  	 */
  	task = get_proc_task(inode);
  	if (task) {
@@ -55288,7 +54074,7 @@ index 9b43ff77..0fa9564 100644
  		put_task_struct(task);
  	}
  	return allowed;
-@@ -555,10 +585,35 @@ static bool has_pid_permissions(struct pid_namespace *pid,
+@@ -556,10 +586,35 @@ static bool has_pid_permissions(struct pid_namespace *pid,
  				 struct task_struct *task,
  				 int hide_pid_min)
  {
@@ -55324,7 +54110,7 @@ index 9b43ff77..0fa9564 100644
  	return ptrace_may_access(task, PTRACE_MODE_READ);
  }
  
-@@ -576,7 +631,11 @@ static int proc_pid_permission(struct inode *inode, int mask)
+@@ -577,7 +632,11 @@ static int proc_pid_permission(struct inode *inode, int mask)
  	put_task_struct(task);
  
  	if (!has_perms) {
@@ -55336,7 +54122,7 @@ index 9b43ff77..0fa9564 100644
  			/*
  			 * Let's make getdents(), stat(), and open()
  			 * consistent with each other.  If a process
-@@ -674,6 +733,11 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode)
+@@ -675,6 +734,11 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode)
  	if (!task)
  		return -ESRCH;
  
@@ -55348,7 +54134,7 @@ index 9b43ff77..0fa9564 100644
  	mm = mm_access(task, mode);
  	put_task_struct(task);
  
-@@ -689,6 +753,10 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode)
+@@ -690,6 +754,10 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode)
  
  	file->private_data = mm;
  
@@ -55359,7 +54145,7 @@ index 9b43ff77..0fa9564 100644
  	return 0;
  }
  
-@@ -710,6 +778,17 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
+@@ -711,6 +779,17 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
  	ssize_t copied;
  	char *page;
  
@@ -55377,7 +54163,7 @@ index 9b43ff77..0fa9564 100644
  	if (!mm)
  		return 0;
  
-@@ -722,7 +801,7 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
+@@ -723,7 +802,7 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
  		goto free;
  
  	while (count > 0) {
@@ -55386,7 +54172,7 @@ index 9b43ff77..0fa9564 100644
  
  		if (write && copy_from_user(page, buf, this_len)) {
  			copied = -EFAULT;
-@@ -814,6 +893,13 @@ static ssize_t environ_read(struct file *file, char __user *buf,
+@@ -815,6 +894,13 @@ static ssize_t environ_read(struct file *file, char __user *buf,
  	if (!mm)
  		return 0;
  
@@ -55400,7 +54186,7 @@ index 9b43ff77..0fa9564 100644
  	page = (char *)__get_free_page(GFP_TEMPORARY);
  	if (!page)
  		return -ENOMEM;
-@@ -823,7 +909,7 @@ static ssize_t environ_read(struct file *file, char __user *buf,
+@@ -824,7 +910,7 @@ static ssize_t environ_read(struct file *file, char __user *buf,
  		goto free;
  	while (count > 0) {
  		size_t this_len, max_len;
@@ -55409,7 +54195,7 @@ index 9b43ff77..0fa9564 100644
  
  		if (src >= (mm->env_end - mm->env_start))
  			break;
-@@ -1429,7 +1515,7 @@ static void *proc_pid_follow_link(struct dentry *dentry, struct nameidata *nd)
+@@ -1430,7 +1516,7 @@ static void *proc_pid_follow_link(struct dentry *dentry, struct nameidata *nd)
  	int error = -EACCES;
  
  	/* Are we allowed to snoop on the tasks file descriptors? */
@@ -55418,7 +54204,7 @@ index 9b43ff77..0fa9564 100644
  		goto out;
  
  	error = PROC_I(inode)->op.proc_get_link(dentry, &path);
-@@ -1473,8 +1559,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b
+@@ -1474,8 +1560,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b
  	struct path path;
  
  	/* Are we allowed to snoop on the tasks file descriptors? */
@@ -55439,7 +54225,7 @@ index 9b43ff77..0fa9564 100644
  
  	error = PROC_I(inode)->op.proc_get_link(dentry, &path);
  	if (error)
-@@ -1524,7 +1620,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t
+@@ -1525,7 +1621,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t
  		rcu_read_lock();
  		cred = __task_cred(task);
  		inode->i_uid = cred->euid;
@@ -55451,7 +54237,7 @@ index 9b43ff77..0fa9564 100644
  		rcu_read_unlock();
  	}
  	security_task_to_inode(task, inode);
-@@ -1560,10 +1660,19 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat)
+@@ -1561,10 +1661,19 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat)
  			return -ENOENT;
  		}
  		if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
@@ -55471,7 +54257,7 @@ index 9b43ff77..0fa9564 100644
  		}
  	}
  	rcu_read_unlock();
-@@ -1601,11 +1710,20 @@ int pid_revalidate(struct dentry *dentry, unsigned int flags)
+@@ -1602,11 +1711,20 @@ int pid_revalidate(struct dentry *dentry, unsigned int flags)
  
  	if (task) {
  		if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
@@ -55492,7 +54278,7 @@ index 9b43ff77..0fa9564 100644
  			rcu_read_unlock();
  		} else {
  			inode->i_uid = GLOBAL_ROOT_UID;
-@@ -2058,6 +2176,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir,
+@@ -2059,6 +2177,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir,
  	if (!task)
  		goto out_no_task;
  
@@ -55502,7 +54288,7 @@ index 9b43ff77..0fa9564 100644
  	/*
  	 * Yes, it does not scale. And it should not. Don't add
  	 * new entries into /proc/<tgid>/ without very good reasons.
-@@ -2102,6 +2223,9 @@ static int proc_pident_readdir(struct file *filp,
+@@ -2103,6 +2224,9 @@ static int proc_pident_readdir(struct file *filp,
  	if (!task)
  		goto out_no_task;
  
@@ -55512,7 +54298,7 @@ index 9b43ff77..0fa9564 100644
  	ret = 0;
  	i = filp->f_pos;
  	switch (i) {
-@@ -2515,7 +2639,7 @@ static const struct pid_entry tgid_base_stuff[] = {
+@@ -2516,7 +2640,7 @@ static const struct pid_entry tgid_base_stuff[] = {
  	REG("autogroup",  S_IRUGO|S_IWUSR, proc_pid_sched_autogroup_operations),
  #endif
  	REG("comm",      S_IRUGO|S_IWUSR, proc_pid_set_comm_operations),
@@ -55521,7 +54307,7 @@ index 9b43ff77..0fa9564 100644
  	INF("syscall",    S_IRUGO, proc_pid_syscall),
  #endif
  	INF("cmdline",    S_IRUGO, proc_pid_cmdline),
-@@ -2540,10 +2664,10 @@ static const struct pid_entry tgid_base_stuff[] = {
+@@ -2541,10 +2665,10 @@ static const struct pid_entry tgid_base_stuff[] = {
  #ifdef CONFIG_SECURITY
  	DIR("attr",       S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
  #endif
@@ -55534,7 +54320,7 @@ index 9b43ff77..0fa9564 100644
  	ONE("stack",      S_IRUGO, proc_pid_stack),
  #endif
  #ifdef CONFIG_SCHEDSTATS
-@@ -2577,6 +2701,9 @@ static const struct pid_entry tgid_base_stuff[] = {
+@@ -2578,6 +2702,9 @@ static const struct pid_entry tgid_base_stuff[] = {
  #ifdef CONFIG_HARDWALL
  	INF("hardwall",   S_IRUGO, proc_pid_hardwall),
  #endif
@@ -55544,7 +54330,7 @@ index 9b43ff77..0fa9564 100644
  #ifdef CONFIG_USER_NS
  	REG("uid_map",    S_IRUGO|S_IWUSR, proc_uid_map_operations),
  	REG("gid_map",    S_IRUGO|S_IWUSR, proc_gid_map_operations),
-@@ -2705,7 +2832,14 @@ static struct dentry *proc_pid_instantiate(struct inode *dir,
+@@ -2707,7 +2834,14 @@ static struct dentry *proc_pid_instantiate(struct inode *dir,
  	if (!inode)
  		goto out;
  
@@ -55559,7 +54345,7 @@ index 9b43ff77..0fa9564 100644
  	inode->i_op = &proc_tgid_base_inode_operations;
  	inode->i_fop = &proc_tgid_base_operations;
  	inode->i_flags|=S_IMMUTABLE;
-@@ -2743,7 +2877,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign
+@@ -2745,7 +2879,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign
  	if (!task)
  		goto out;
  
@@ -55571,7 +54357,7 @@ index 9b43ff77..0fa9564 100644
  	put_task_struct(task);
  out:
  	return result;
-@@ -2806,6 +2944,8 @@ static int proc_pid_fill_cache(struct file *filp, void *dirent, filldir_t filldi
+@@ -2808,6 +2946,8 @@ static int proc_pid_fill_cache(struct file *filp, void *dirent, filldir_t filldi
  static int fake_filldir(void *buf, const char *name, int namelen,
  			loff_t offset, u64 ino, unsigned d_type)
  {
@@ -55580,7 +54366,7 @@ index 9b43ff77..0fa9564 100644
  	return 0;
  }
  
-@@ -2857,7 +2997,7 @@ static const struct pid_entry tid_base_stuff[] = {
+@@ -2859,7 +2999,7 @@ static const struct pid_entry tid_base_stuff[] = {
  	REG("sched",     S_IRUGO|S_IWUSR, proc_pid_sched_operations),
  #endif
  	REG("comm",      S_IRUGO|S_IWUSR, proc_pid_set_comm_operations),
@@ -55589,7 +54375,7 @@ index 9b43ff77..0fa9564 100644
  	INF("syscall",   S_IRUGO, proc_pid_syscall),
  #endif
  	INF("cmdline",   S_IRUGO, proc_pid_cmdline),
-@@ -2884,10 +3024,10 @@ static const struct pid_entry tid_base_stuff[] = {
+@@ -2886,10 +3026,10 @@ static const struct pid_entry tid_base_stuff[] = {
  #ifdef CONFIG_SECURITY
  	DIR("attr",      S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
  #endif
@@ -55673,10 +54459,10 @@ index d7a4a28..0201742 100644
  }
  
 diff --git a/fs/proc/inode.c b/fs/proc/inode.c
-index 0ac1e1b..0497e58 100644
+index 869116c..820cb27 100644
 --- a/fs/proc/inode.c
 +++ b/fs/proc/inode.c
-@@ -21,11 +21,17 @@
+@@ -22,11 +22,17 @@
  #include <linux/seq_file.h>
  #include <linux/slab.h>
  #include <linux/mount.h>
@@ -55694,7 +54480,7 @@ index 0ac1e1b..0497e58 100644
  static void proc_evict_inode(struct inode *inode)
  {
  	struct proc_dir_entry *de;
-@@ -53,6 +59,13 @@ static void proc_evict_inode(struct inode *inode)
+@@ -54,6 +60,13 @@ static void proc_evict_inode(struct inode *inode)
  	ns = PROC_I(inode)->ns;
  	if (ns_ops && ns)
  		ns_ops->put(ns);
@@ -55708,7 +54494,7 @@ index 0ac1e1b..0497e58 100644
  }
  
  static struct kmem_cache * proc_inode_cachep;
-@@ -455,7 +468,11 @@ struct inode *proc_get_inode(struct super_block *sb, struct proc_dir_entry *de)
+@@ -456,7 +469,11 @@ struct inode *proc_get_inode(struct super_block *sb, struct proc_dir_entry *de)
  		if (de->mode) {
  			inode->i_mode = de->mode;
  			inode->i_uid = de->uid;
@@ -55721,10 +54507,10 @@ index 0ac1e1b..0497e58 100644
  		if (de->size)
  			inode->i_size = de->size;
 diff --git a/fs/proc/internal.h b/fs/proc/internal.h
-index 252544c..04395b9 100644
+index 85ff3a4..a512bd8 100644
 --- a/fs/proc/internal.h
 +++ b/fs/proc/internal.h
-@@ -55,6 +55,9 @@ extern int proc_pid_status(struct seq_file *m, struct pid_namespace *ns,
+@@ -56,6 +56,9 @@ extern int proc_pid_status(struct seq_file *m, struct pid_namespace *ns,
  				struct pid *pid, struct task_struct *task);
  extern int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns,
  				struct pid *pid, struct task_struct *task);
@@ -55735,10 +54521,10 @@ index 252544c..04395b9 100644
  
  extern const struct file_operations proc_tid_children_operations;
 diff --git a/fs/proc/kcore.c b/fs/proc/kcore.c
-index e96d4f1..8b116ed 100644
+index eda6f01..006ae24 100644
 --- a/fs/proc/kcore.c
 +++ b/fs/proc/kcore.c
-@@ -480,9 +480,10 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos)
+@@ -481,9 +481,10 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos)
  	 * the addresses in the elf_phdr on our list.
  	 */
  	start = kc_offset_to_vaddr(*fpos - elf_buflen);
@@ -55751,7 +54537,7 @@ index e96d4f1..8b116ed 100644
  	while (buflen) {
  		struct kcore_list *m;
  
-@@ -511,20 +512,23 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos)
+@@ -512,20 +513,23 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos)
  			kfree(elf_buf);
  		} else {
  			if (kern_addr_valid(start)) {
@@ -55786,7 +54572,7 @@ index e96d4f1..8b116ed 100644
  			} else {
  				if (clear_user(buffer, tsz))
  					return -EFAULT;
-@@ -544,6 +548,9 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos)
+@@ -545,6 +549,9 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos)
  
  static int open_kcore(struct inode *inode, struct file *filp)
  {
@@ -55797,20 +54583,20 @@ index e96d4f1..8b116ed 100644
  		return -EPERM;
  	if (kcore_need_update)
 diff --git a/fs/proc/meminfo.c b/fs/proc/meminfo.c
-index 80e4645..53e5fcf 100644
+index 1efaaa1..834e49a 100644
 --- a/fs/proc/meminfo.c
 +++ b/fs/proc/meminfo.c
 @@ -158,7 +158,7 @@ static int meminfo_proc_show(struct seq_file *m, void *v)
  		vmi.used >> 10,
  		vmi.largest_chunk >> 10
  #ifdef CONFIG_MEMORY_FAILURE
--		,atomic_long_read(&mce_bad_pages) << (PAGE_SHIFT - 10)
-+		,atomic_long_read_unchecked(&mce_bad_pages) << (PAGE_SHIFT - 10)
+-		,atomic_long_read(&num_poisoned_pages) << (PAGE_SHIFT - 10)
++		,atomic_long_read_unchecked(&num_poisoned_pages) << (PAGE_SHIFT - 10)
  #endif
  #ifdef CONFIG_TRANSPARENT_HUGEPAGE
  		,K(global_page_state(NR_ANON_TRANSPARENT_HUGEPAGES) *
 diff --git a/fs/proc/nommu.c b/fs/proc/nommu.c
-index b1822dd..df622cb 100644
+index ccfd99b..1b7e255 100644
 --- a/fs/proc/nommu.c
 +++ b/fs/proc/nommu.c
 @@ -66,7 +66,7 @@ static int nommu_region_show(struct seq_file *m, struct vm_region *region)
@@ -55823,7 +54609,7 @@ index b1822dd..df622cb 100644
  
  	seq_putc(m, '\n');
 diff --git a/fs/proc/proc_net.c b/fs/proc/proc_net.c
-index fe72cd0..21b52ff 100644
+index b4ac657..0842bd2 100644
 --- a/fs/proc/proc_net.c
 +++ b/fs/proc/proc_net.c
 @@ -23,6 +23,7 @@
@@ -55853,10 +54639,10 @@ index fe72cd0..21b52ff 100644
  	rcu_read_lock();
  	task = pid_task(proc_pid(dir), PIDTYPE_PID);
 diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
-index 1827d88..43b0279 100644
+index ac05f33..1e6dc7e 100644
 --- a/fs/proc/proc_sysctl.c
 +++ b/fs/proc/proc_sysctl.c
-@@ -12,11 +12,15 @@
+@@ -13,11 +13,15 @@
  #include <linux/module.h>
  #include "internal.h"
  
@@ -55874,7 +54660,7 @@ index 1827d88..43b0279 100644
  
  void proc_sys_poll_notify(struct ctl_table_poll *poll)
  {
-@@ -466,6 +470,9 @@ static struct dentry *proc_sys_lookup(struct inode *dir, struct dentry *dentry,
+@@ -467,6 +471,9 @@ static struct dentry *proc_sys_lookup(struct inode *dir, struct dentry *dentry,
  
  	err = NULL;
  	d_set_d_op(dentry, &proc_sys_dentry_operations);
@@ -55884,15 +54670,15 @@ index 1827d88..43b0279 100644
  	d_add(dentry, inode);
  
  out:
-@@ -481,6 +488,7 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *buf,
- 	struct inode *inode = filp->f_path.dentry->d_inode;
+@@ -482,6 +489,7 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *buf,
+ 	struct inode *inode = file_inode(filp);
  	struct ctl_table_header *head = grab_header(inode);
  	struct ctl_table *table = PROC_I(inode)->sysctl_entry;
 +	int op = write ? MAY_WRITE : MAY_READ;
  	ssize_t error;
  	size_t res;
  
-@@ -492,7 +500,7 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *buf,
+@@ -493,7 +501,7 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *buf,
  	 * and won't be until we finish.
  	 */
  	error = -EPERM;
@@ -55901,7 +54687,7 @@ index 1827d88..43b0279 100644
  		goto out;
  
  	/* if that can happen at all, it should be -EINVAL, not -EISDIR */
-@@ -500,6 +508,22 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *buf,
+@@ -501,6 +509,22 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *buf,
  	if (!table->proc_handler)
  		goto out;
  
@@ -55924,7 +54710,7 @@ index 1827d88..43b0279 100644
  	/* careful: calling conventions are nasty here */
  	res = count;
  	error = table->proc_handler(table, write, buf, &res, ppos);
-@@ -597,6 +621,9 @@ static int proc_sys_fill_cache(struct file *filp, void *dirent,
+@@ -598,6 +622,9 @@ static int proc_sys_fill_cache(struct file *filp, void *dirent,
  				return -ENOMEM;
  			} else {
  				d_set_d_op(child, &proc_sys_dentry_operations);
@@ -55934,7 +54720,7 @@ index 1827d88..43b0279 100644
  				d_add(child, inode);
  			}
  		} else {
-@@ -640,6 +667,9 @@ static int scan(struct ctl_table_header *head, ctl_table *table,
+@@ -641,6 +668,9 @@ static int scan(struct ctl_table_header *head, ctl_table *table,
  	if ((*pos)++ < file->f_pos)
  		return 0;
  
@@ -55944,7 +54730,7 @@ index 1827d88..43b0279 100644
  	if (unlikely(S_ISLNK(table->mode)))
  		res = proc_sys_link_fill_cache(file, dirent, filldir, head, table);
  	else
-@@ -750,6 +780,9 @@ static int proc_sys_getattr(struct vfsmount *mnt, struct dentry *dentry, struct
+@@ -751,6 +781,9 @@ static int proc_sys_getattr(struct vfsmount *mnt, struct dentry *dentry, struct
  	if (IS_ERR(head))
  		return PTR_ERR(head);
  
@@ -55954,7 +54740,7 @@ index 1827d88..43b0279 100644
  	generic_fillattr(inode, stat);
  	if (table)
  		stat->mode = (stat->mode & S_IFMT) | table->mode;
-@@ -772,13 +805,13 @@ static const struct file_operations proc_sys_dir_file_operations = {
+@@ -773,13 +806,13 @@ static const struct file_operations proc_sys_dir_file_operations = {
  	.llseek		= generic_file_llseek,
  };
  
@@ -55970,7 +54756,7 @@ index 1827d88..43b0279 100644
  	.lookup		= proc_sys_lookup,
  	.permission	= proc_sys_permission,
  	.setattr	= proc_sys_setattr,
-@@ -854,7 +887,7 @@ static struct ctl_dir *find_subdir(struct ctl_dir *dir,
+@@ -855,7 +888,7 @@ static struct ctl_dir *find_subdir(struct ctl_dir *dir,
  static struct ctl_dir *new_dir(struct ctl_table_set *set,
  			       const char *name, int namelen)
  {
@@ -55979,7 +54765,7 @@ index 1827d88..43b0279 100644
  	struct ctl_dir *new;
  	struct ctl_node *node;
  	char *new_name;
-@@ -866,7 +899,7 @@ static struct ctl_dir *new_dir(struct ctl_table_set *set,
+@@ -867,7 +900,7 @@ static struct ctl_dir *new_dir(struct ctl_table_set *set,
  		return NULL;
  
  	node = (struct ctl_node *)(new + 1);
@@ -55988,7 +54774,7 @@ index 1827d88..43b0279 100644
  	new_name = (char *)(table + 2);
  	memcpy(new_name, name, namelen);
  	new_name[namelen] = '\0';
-@@ -1035,7 +1068,8 @@ static int sysctl_check_table(const char *path, struct ctl_table *table)
+@@ -1036,7 +1069,8 @@ static int sysctl_check_table(const char *path, struct ctl_table *table)
  static struct ctl_table_header *new_links(struct ctl_dir *dir, struct ctl_table *table,
  	struct ctl_table_root *link_root)
  {
@@ -55998,7 +54784,7 @@ index 1827d88..43b0279 100644
  	struct ctl_table_header *links;
  	struct ctl_node *node;
  	char *link_name;
-@@ -1058,7 +1092,7 @@ static struct ctl_table_header *new_links(struct ctl_dir *dir, struct ctl_table
+@@ -1059,7 +1093,7 @@ static struct ctl_table_header *new_links(struct ctl_dir *dir, struct ctl_table
  		return NULL;
  
  	node = (struct ctl_node *)(links + 1);
@@ -56007,7 +54793,7 @@ index 1827d88..43b0279 100644
  	link_name = (char *)&link_table[nr_entries + 1];
  
  	for (link = link_table, entry = table; entry->procname; link++, entry++) {
-@@ -1306,8 +1340,8 @@ static int register_leaf_sysctl_tables(const char *path, char *pos,
+@@ -1307,8 +1341,8 @@ static int register_leaf_sysctl_tables(const char *path, char *pos,
  	struct ctl_table_header ***subheader, struct ctl_table_set *set,
  	struct ctl_table *table)
  {
@@ -56018,7 +54804,7 @@ index 1827d88..43b0279 100644
  	int nr_files = 0;
  	int nr_dirs = 0;
  	int err = -ENOMEM;
-@@ -1319,10 +1353,9 @@ static int register_leaf_sysctl_tables(const char *path, char *pos,
+@@ -1320,10 +1354,9 @@ static int register_leaf_sysctl_tables(const char *path, char *pos,
  			nr_files++;
  	}
  
@@ -56030,7 +54816,7 @@ index 1827d88..43b0279 100644
  		files = kzalloc(sizeof(struct ctl_table) * (nr_files + 1),
  				GFP_KERNEL);
  		if (!files)
-@@ -1340,7 +1373,7 @@ static int register_leaf_sysctl_tables(const char *path, char *pos,
+@@ -1341,7 +1374,7 @@ static int register_leaf_sysctl_tables(const char *path, char *pos,
  	/* Register everything except a directory full of subdirectories */
  	if (nr_files || !nr_dirs) {
  		struct ctl_table_header *header;
@@ -56073,7 +54859,7 @@ index aa5cc3b..c91a5d0 100644
  		kfree(s);
  }
 diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
-index ca5ce7f..02c1cf0 100644
+index 3e636d8..83e3b71 100644
 --- a/fs/proc/task_mmu.c
 +++ b/fs/proc/task_mmu.c
 @@ -11,12 +11,19 @@
@@ -56272,7 +55058,7 @@ index ca5ce7f..02c1cf0 100644
  		seq_printf(m, " heap");
  	} else {
 diff --git a/fs/proc/task_nommu.c b/fs/proc/task_nommu.c
-index 1ccfa53..0848f95 100644
+index 56123a6..5a2f6ec 100644
 --- a/fs/proc/task_nommu.c
 +++ b/fs/proc/task_nommu.c
 @@ -51,7 +51,7 @@ void task_mem(struct seq_file *m, struct mm_struct *mm)
@@ -56338,7 +55124,7 @@ index 16e8abb..2dcf914 100644
  	if (!msg_head) {
  		printk(KERN_ERR
 diff --git a/fs/readdir.c b/fs/readdir.c
-index 5e69ef5..e5d9099 100644
+index fee38e0..12fdf47 100644
 --- a/fs/readdir.c
 +++ b/fs/readdir.c
 @@ -17,6 +17,7 @@
@@ -56453,7 +55239,7 @@ index 2b7882b..1c5ef48 100644
  
  	/* balance leaf returns 0 except if combining L R and S into
 diff --git a/fs/reiserfs/procfs.c b/fs/reiserfs/procfs.c
-index e60e870..f40ac16 100644
+index 9cc0740a..46bf953 100644
 --- a/fs/reiserfs/procfs.c
 +++ b/fs/reiserfs/procfs.c
 @@ -112,7 +112,7 @@ static int show_super(struct seq_file *m, struct super_block *sb)
@@ -56488,7 +55274,7 @@ index 157e474..65a6114 100644
  #define __fs_changed(gen,s) (gen != get_generation (s))
  #define fs_changed(gen,s)		\
 diff --git a/fs/select.c b/fs/select.c
-index 2ef72d9..f213b17 100644
+index 8c1c96c..a0f9b6d 100644
 --- a/fs/select.c
 +++ b/fs/select.c
 @@ -20,6 +20,7 @@
@@ -56499,7 +55285,7 @@ index 2ef72d9..f213b17 100644
  #include <linux/personality.h> /* for STICKY_TIMEOUTS */
  #include <linux/file.h>
  #include <linux/fdtable.h>
-@@ -826,6 +827,7 @@ int do_sys_poll(struct pollfd __user *ufds, unsigned int nfds,
+@@ -827,6 +828,7 @@ int do_sys_poll(struct pollfd __user *ufds, unsigned int nfds,
   	struct poll_list *walk = head;
   	unsigned long todo = nfds;
  
@@ -56508,7 +55294,7 @@ index 2ef72d9..f213b17 100644
  		return -EINVAL;
  
 diff --git a/fs/seq_file.c b/fs/seq_file.c
-index f2bc3df..239d4f6 100644
+index 38bb59f..a304f9d 100644
 --- a/fs/seq_file.c
 +++ b/fs/seq_file.c
 @@ -10,6 +10,7 @@
@@ -56575,10 +55361,10 @@ index f2bc3df..239d4f6 100644
  
  	if (op) {
 diff --git a/fs/splice.c b/fs/splice.c
-index 6909d89..5b2e8f9 100644
+index 29e394e..b13c247 100644
 --- a/fs/splice.c
 +++ b/fs/splice.c
-@@ -194,7 +194,7 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe,
+@@ -195,7 +195,7 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe,
  	pipe_lock(pipe);
  
  	for (;;) {
@@ -56587,7 +55373,7 @@ index 6909d89..5b2e8f9 100644
  			send_sig(SIGPIPE, current, 0);
  			if (!ret)
  				ret = -EPIPE;
-@@ -248,9 +248,9 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe,
+@@ -249,9 +249,9 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe,
  			do_wakeup = 0;
  		}
  
@@ -56599,7 +55385,7 @@ index 6909d89..5b2e8f9 100644
  	}
  
  	pipe_unlock(pipe);
-@@ -563,7 +563,7 @@ static ssize_t kernel_readv(struct file *file, const struct iovec *vec,
+@@ -564,7 +564,7 @@ static ssize_t kernel_readv(struct file *file, const struct iovec *vec,
  	old_fs = get_fs();
  	set_fs(get_ds());
  	/* The cast to a user pointer is valid due to the set_fs() */
@@ -56608,16 +55394,16 @@ index 6909d89..5b2e8f9 100644
  	set_fs(old_fs);
  
  	return res;
-@@ -578,7 +578,7 @@ static ssize_t kernel_write(struct file *file, const char *buf, size_t count,
+@@ -579,7 +579,7 @@ ssize_t kernel_write(struct file *file, const char *buf, size_t count,
  	old_fs = get_fs();
  	set_fs(get_ds());
  	/* The cast to a user pointer is valid due to the set_fs() */
--	res = vfs_write(file, (const char __user *)buf, count, &pos);
+-	res = vfs_write(file, (__force const char __user *)buf, count, &pos);
 +	res = vfs_write(file, (const char __force_user *)buf, count, &pos);
  	set_fs(old_fs);
  
  	return res;
-@@ -630,7 +630,7 @@ ssize_t default_file_splice_read(struct file *in, loff_t *ppos,
+@@ -632,7 +632,7 @@ ssize_t default_file_splice_read(struct file *in, loff_t *ppos,
  			goto err;
  
  		this_len = min_t(size_t, len, PAGE_CACHE_SIZE - offset);
@@ -56626,7 +55412,7 @@ index 6909d89..5b2e8f9 100644
  		vec[i].iov_len = this_len;
  		spd.pages[i] = page;
  		spd.nr_pages++;
-@@ -851,10 +851,10 @@ EXPORT_SYMBOL(splice_from_pipe_feed);
+@@ -853,10 +853,10 @@ EXPORT_SYMBOL(splice_from_pipe_feed);
  int splice_from_pipe_next(struct pipe_inode_info *pipe, struct splice_desc *sd)
  {
  	while (!pipe->nrbufs) {
@@ -56639,7 +55425,7 @@ index 6909d89..5b2e8f9 100644
  			return 0;
  
  		if (sd->flags & SPLICE_F_NONBLOCK)
-@@ -1189,7 +1189,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd,
+@@ -1192,7 +1192,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd,
  		 * out of the pipe right after the splice_to_pipe(). So set
  		 * PIPE_READERS appropriately.
  		 */
@@ -56648,7 +55434,7 @@ index 6909d89..5b2e8f9 100644
  
  		current->splice_pipe = pipe;
  	}
-@@ -1738,9 +1738,9 @@ static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
+@@ -1741,9 +1741,9 @@ static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
  			ret = -ERESTARTSYS;
  			break;
  		}
@@ -56660,7 +55446,7 @@ index 6909d89..5b2e8f9 100644
  			if (flags & SPLICE_F_NONBLOCK) {
  				ret = -EAGAIN;
  				break;
-@@ -1772,7 +1772,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
+@@ -1775,7 +1775,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
  	pipe_lock(pipe);
  
  	while (pipe->nrbufs >= pipe->buffers) {
@@ -56669,7 +55455,7 @@ index 6909d89..5b2e8f9 100644
  			send_sig(SIGPIPE, current, 0);
  			ret = -EPIPE;
  			break;
-@@ -1785,9 +1785,9 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
+@@ -1788,9 +1788,9 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
  			ret = -ERESTARTSYS;
  			break;
  		}
@@ -56681,7 +55467,7 @@ index 6909d89..5b2e8f9 100644
  	}
  
  	pipe_unlock(pipe);
-@@ -1823,14 +1823,14 @@ retry:
+@@ -1826,14 +1826,14 @@ retry:
  	pipe_double_lock(ipipe, opipe);
  
  	do {
@@ -56698,7 +55484,7 @@ index 6909d89..5b2e8f9 100644
  			break;
  
  		/*
-@@ -1927,7 +1927,7 @@ static int link_pipe(struct pipe_inode_info *ipipe,
+@@ -1930,7 +1930,7 @@ static int link_pipe(struct pipe_inode_info *ipipe,
  	pipe_double_lock(ipipe, opipe);
  
  	do {
@@ -56707,7 +55493,7 @@ index 6909d89..5b2e8f9 100644
  			send_sig(SIGPIPE, current, 0);
  			if (!ret)
  				ret = -EPIPE;
-@@ -1972,7 +1972,7 @@ static int link_pipe(struct pipe_inode_info *ipipe,
+@@ -1975,7 +1975,7 @@ static int link_pipe(struct pipe_inode_info *ipipe,
  	 * return EAGAIN if we have the potential of some data in the
  	 * future, otherwise just return 0
  	 */
@@ -56717,7 +55503,7 @@ index 6909d89..5b2e8f9 100644
  
  	pipe_unlock(ipipe);
 diff --git a/fs/stat.c b/fs/stat.c
-index 14f4545..9b7f55b 100644
+index 04ce1ac..a13dd1e 100644
 --- a/fs/stat.c
 +++ b/fs/stat.c
 @@ -28,8 +28,13 @@ void generic_fillattr(struct inode *inode, struct kstat *stat)
@@ -56736,14 +55522,14 @@ index 14f4545..9b7f55b 100644
  	stat->ctime = inode->i_ctime;
  	stat->blksize = (1 << inode->i_blkbits);
  	stat->blocks = inode->i_blocks;
-@@ -46,8 +51,14 @@ int vfs_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat)
+@@ -46,8 +51,14 @@ int vfs_getattr(struct path *path, struct kstat *stat)
  	if (retval)
  		return retval;
  
 -	if (inode->i_op->getattr)
--		return inode->i_op->getattr(mnt, dentry, stat);
+-		return inode->i_op->getattr(path->mnt, path->dentry, stat);
 +	if (inode->i_op->getattr) {
-+		retval = inode->i_op->getattr(mnt, dentry, stat);
++		retval = inode->i_op->getattr(path->mnt, path->dentry, stat);
 +		if (!retval && is_sidechannel_device(inode) && !capable_nolog(CAP_MKNOD)) {
 +			stat->atime = stat->ctime;
 +			stat->mtime = stat->ctime;
@@ -56754,7 +55540,7 @@ index 14f4545..9b7f55b 100644
  	generic_fillattr(inode, stat);
  	return 0;
 diff --git a/fs/sysfs/bin.c b/fs/sysfs/bin.c
-index 614b2b5..4d321e6 100644
+index 15c68f9..36a8b3e 100644
 --- a/fs/sysfs/bin.c
 +++ b/fs/sysfs/bin.c
 @@ -235,13 +235,13 @@ static int bin_page_mkwrite(struct vm_area_struct *vma, struct vm_fault *vmf)
@@ -56775,7 +55561,7 @@ index 614b2b5..4d321e6 100644
  	if (!bb->vm_ops)
  		return -EINVAL;
 diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c
-index d924812..97a74e3 100644
+index 6f31590..3c87c8a 100644
 --- a/fs/sysfs/dir.c
 +++ b/fs/sysfs/dir.c
 @@ -40,7 +40,7 @@ static DEFINE_IDA(sysfs_ino_ida);
@@ -56856,10 +55642,10 @@ index 602f56d..6853db8 100644
  	}
  
 diff --git a/fs/sysfs/symlink.c b/fs/sysfs/symlink.c
-index 3c9eb56..9dea5be 100644
+index 8c940df..25b733e 100644
 --- a/fs/sysfs/symlink.c
 +++ b/fs/sysfs/symlink.c
-@@ -286,7 +286,7 @@ static void *sysfs_follow_link(struct dentry *dentry, struct nameidata *nd)
+@@ -305,7 +305,7 @@ static void *sysfs_follow_link(struct dentry *dentry, struct nameidata *nd)
  
  static void sysfs_put_link(struct dentry *dentry, struct nameidata *nd, void *cookie)
  {
@@ -56955,10 +55741,38 @@ index f4fb7ec..3fe03c0 100644
  	error = notify_change(path->dentry, &newattrs);
  	mutex_unlock(&inode->i_mutex);
 diff --git a/fs/xattr.c b/fs/xattr.c
-index 3377dff..4feded6 100644
+index 3377dff..4d074d9 100644
 --- a/fs/xattr.c
 +++ b/fs/xattr.c
-@@ -319,7 +319,7 @@ EXPORT_SYMBOL_GPL(vfs_removexattr);
+@@ -227,6 +227,27 @@ int vfs_xattr_cmp(struct dentry *dentry, const char *xattr_name,
+ 	return rc;
+ }
+ 
++#ifdef CONFIG_PAX_XATTR_PAX_FLAGS
++ssize_t
++pax_getxattr(struct dentry *dentry, void *value, size_t size)
++{
++	struct inode *inode = dentry->d_inode;
++	ssize_t error;
++
++	error = inode_permission(inode, MAY_EXEC);
++	if (error)
++		return error;
++
++	if (inode->i_op->getxattr)
++		error = inode->i_op->getxattr(dentry, XATTR_NAME_PAX_FLAGS, value, size);
++	else
++		error = -EOPNOTSUPP;
++
++	return error;
++}
++EXPORT_SYMBOL(pax_getxattr);
++#endif
++
+ ssize_t
+ vfs_getxattr(struct dentry *dentry, const char *name, void *value, size_t size)
+ {
+@@ -319,7 +340,7 @@ EXPORT_SYMBOL_GPL(vfs_removexattr);
   * Extended attribute SET operations
   */
  static long
@@ -56967,7 +55781,7 @@ index 3377dff..4feded6 100644
  	 size_t size, int flags)
  {
  	int error;
-@@ -355,7 +355,12 @@ setxattr(struct dentry *d, const char __user *name, const void __user *value,
+@@ -355,7 +376,12 @@ setxattr(struct dentry *d, const char __user *name, const void __user *value,
  			posix_acl_fix_xattr_from_user(kvalue, size);
  	}
  
@@ -56981,7 +55795,7 @@ index 3377dff..4feded6 100644
  out:
  	if (vvalue)
  		vfree(vvalue);
-@@ -377,7 +382,7 @@ retry:
+@@ -377,7 +403,7 @@ retry:
  		return error;
  	error = mnt_want_write(path.mnt);
  	if (!error) {
@@ -56990,7 +55804,7 @@ index 3377dff..4feded6 100644
  		mnt_drop_write(path.mnt);
  	}
  	path_put(&path);
-@@ -401,7 +406,7 @@ retry:
+@@ -401,7 +427,7 @@ retry:
  		return error;
  	error = mnt_want_write(path.mnt);
  	if (!error) {
@@ -56999,7 +55813,7 @@ index 3377dff..4feded6 100644
  		mnt_drop_write(path.mnt);
  	}
  	path_put(&path);
-@@ -416,16 +421,14 @@ SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name,
+@@ -416,16 +442,14 @@ SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name,
  		const void __user *,value, size_t, size, int, flags)
  {
  	struct fd f = fdget(fd);
@@ -57034,7 +55848,7 @@ index 9fbea87..6b19972 100644
  	struct posix_acl *acl;
  	struct posix_acl_entry *acl_e;
 diff --git a/fs/xfs/xfs_bmap.c b/fs/xfs/xfs_bmap.c
-index 572a858..12a9b0d 100644
+index b44af92..06073da 100644
 --- a/fs/xfs/xfs_bmap.c
 +++ b/fs/xfs/xfs_bmap.c
 @@ -192,7 +192,7 @@ xfs_bmap_validate_ret(
@@ -57068,7 +55882,7 @@ index 1b9fc3e..e1bdde0 100644
  			*offset = off & 0x7fffffff;
  			return 0;
 diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c
-index c1c3ef8..0952438 100644
+index d681e34..2a3f5ab 100644
 --- a/fs/xfs/xfs_ioctl.c
 +++ b/fs/xfs/xfs_ioctl.c
 @@ -127,7 +127,7 @@ xfs_find_handle(
@@ -57095,7 +55909,7 @@ index d82efaa..0904a8e 100644
  		kfree(s);
 diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig
 new file mode 100644
-index 0000000..829d8fb
+index 0000000..7174794
 --- /dev/null
 +++ b/grsecurity/Kconfig
 @@ -0,0 +1,1031 @@
@@ -57187,7 +56001,7 @@ index 0000000..829d8fb
 +config GRKERNSEC_RAND_THREADSTACK
 +	bool "Insert random gaps between thread stacks"
 +	default y if GRKERNSEC_CONFIG_AUTO
-+	depends on PAX_RANDMMAP && !PPC
++	depends on PAX_RANDMMAP && !PPC && BROKEN
 +	help
 +	  If you say Y here, a random-sized gap will be enforced between allocated
 +	  thread stacks.  Glibc's NPTL and other threading libraries that
@@ -58176,10 +56990,10 @@ index 0000000..1b9afa9
 +endif
 diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c
 new file mode 100644
-index 0000000..b306b36
+index 0000000..1248ee0
 --- /dev/null
 +++ b/grsecurity/gracl.c
-@@ -0,0 +1,4071 @@
+@@ -0,0 +1,4073 @@
 +#include <linux/kernel.h>
 +#include <linux/module.h>
 +#include <linux/sched.h>
@@ -58208,6 +57022,13 @@ index 0000000..b306b36
 +#include <linux/lglock.h>
 +#include <linux/hugetlb.h>
 +#include <linux/posix-timers.h>
++#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE)
++#include <linux/magic.h>
++#include <linux/pagemap.h>
++#include "../fs/btrfs/async-thread.h"
++#include "../fs/btrfs/ctree.h"
++#include "../fs/btrfs/btrfs_inode.h"
++#endif
 +#include "../fs/mount.h"
 +
 +#include <asm/uaccess.h>
@@ -58281,19 +57102,14 @@ index 0000000..b306b36
 +	return (gr_status & GR_READY);
 +}
 +
-+#ifdef CONFIG_BTRFS_FS
-+extern dev_t get_btrfs_dev_from_inode(struct inode *inode);
-+extern int btrfs_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat);
-+#endif
-+
 +static inline dev_t __get_dev(const struct dentry *dentry)
 +{
-+#ifdef CONFIG_BTRFS_FS
-+	if (dentry->d_inode->i_op && dentry->d_inode->i_op->getattr == &btrfs_getattr)
-+		return get_btrfs_dev_from_inode(dentry->d_inode);
++#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE)
++	if (dentry->d_sb->s_magic == BTRFS_SUPER_MAGIC)
++		return BTRFS_I(dentry->d_inode)->root->anon_dev;
 +	else
 +#endif
-+		return dentry->d_inode->i_sb->s_dev;
++		return dentry->d_sb->s_dev;
 +}
 +
 +dev_t gr_get_dev_from_dentry(struct dentry *dentry)
@@ -63597,10 +62413,10 @@ index 0000000..39645c9
 +}
 diff --git a/grsecurity/gracl_segv.c b/grsecurity/gracl_segv.c
 new file mode 100644
-index 0000000..cb1e5ab
+index 0000000..4dcc92a
 --- /dev/null
 +++ b/grsecurity/gracl_segv.c
-@@ -0,0 +1,303 @@
+@@ -0,0 +1,305 @@
 +#include <linux/kernel.h>
 +#include <linux/mm.h>
 +#include <asm/uaccess.h>
@@ -63618,6 +62434,13 @@ index 0000000..cb1e5ab
 +#include <linux/gracl.h>
 +#include <linux/grsecurity.h>
 +#include <linux/grinternal.h>
++#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE)
++#include <linux/magic.h>
++#include <linux/pagemap.h>
++#include "../fs/btrfs/async-thread.h"
++#include "../fs/btrfs/ctree.h"
++#include "../fs/btrfs/btrfs_inode.h"
++#endif
 +
 +static struct crash_uid *uid_set;
 +static unsigned short uid_used;
@@ -63627,19 +62450,14 @@ index 0000000..cb1e5ab
 +	lookup_acl_subj_label(const ino_t inode, const dev_t dev,
 +			      struct acl_role_label *role);
 +
-+#ifdef CONFIG_BTRFS_FS
-+extern dev_t get_btrfs_dev_from_inode(struct inode *inode);
-+extern int btrfs_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat);
-+#endif
-+
 +static inline dev_t __get_dev(const struct dentry *dentry)
 +{
-+#ifdef CONFIG_BTRFS_FS
-+	if (dentry->d_inode->i_op && dentry->d_inode->i_op->getattr == &btrfs_getattr)
-+		return get_btrfs_dev_from_inode(dentry->d_inode);
++#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE)
++	if (dentry->d_sb->s_magic == BTRFS_SUPER_MAGIC)
++		return BTRFS_I(dentry->d_inode)->root->anon_dev;
 +	else
 +#endif
-+		return dentry->d_inode->i_sb->s_dev;
++		return dentry->d_sb->s_dev;
 +}
 +
 +int
@@ -63977,7 +62795,7 @@ index 0000000..bc0be01
 +}
 diff --git a/grsecurity/grsec_chroot.c b/grsecurity/grsec_chroot.c
 new file mode 100644
-index 0000000..8b4c803
+index 0000000..bd6e105
 --- /dev/null
 +++ b/grsecurity/grsec_chroot.c
 @@ -0,0 +1,370 @@
@@ -63996,7 +62814,7 @@ index 0000000..8b4c803
 +static int gr_init_ran;
 +#endif
 +
-+void gr_set_chroot_entries(struct task_struct *task, struct path *path)
++void gr_set_chroot_entries(struct task_struct *task, const struct path *path)
 +{
 +#ifdef CONFIG_GRKERNSEC
 +	if (task_pid_nr(task) > 1 && path->dentry != init_task.fs->root.dentry &&
@@ -64327,7 +63145,7 @@ index 0000000..8b4c803
 +}
 +
 +void
-+gr_handle_chroot_chdir(struct path *path)
++gr_handle_chroot_chdir(const struct path *path)
 +{
 +#ifdef CONFIG_GRKERNSEC_CHROOT_CHDIR
 +	if (grsec_enable_chroot_chdir)
@@ -64353,7 +63171,7 @@ index 0000000..8b4c803
 +}
 diff --git a/grsecurity/grsec_disabled.c b/grsecurity/grsec_disabled.c
 new file mode 100644
-index 0000000..207d409
+index 0000000..ce65ceb
 --- /dev/null
 +++ b/grsecurity/grsec_disabled.c
 @@ -0,0 +1,434 @@
@@ -64778,7 +63596,7 @@ index 0000000..207d409
 +
 +dev_t gr_get_dev_from_dentry(struct dentry *dentry)
 +{
-+	return dentry->d_inode->i_sb->s_dev;
++	return dentry->d_sb->s_dev;
 +}
 +
 +void gr_put_exec_file(struct task_struct *task)
@@ -67402,10 +66220,10 @@ index b7babf0..04ad282 100644
 +
  #endif  /*  _ASM_GENERIC_ATOMIC_LONG_H  */
 diff --git a/include/asm-generic/atomic.h b/include/asm-generic/atomic.h
-index 1ced641..c896ee8 100644
+index 33bd2de..f31bff97 100644
 --- a/include/asm-generic/atomic.h
 +++ b/include/asm-generic/atomic.h
-@@ -159,7 +159,7 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u)
+@@ -153,7 +153,7 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u)
   * Atomically clears the bits set in @mask from @v
   */
  #ifndef atomic_clear_mask
@@ -67610,10 +66428,10 @@ index 810431d..0ec4804f 100644
   * (puds are folded into pgds so this doesn't get actually called,
   * but the define is needed for a generic inline function.)
 diff --git a/include/asm-generic/pgtable.h b/include/asm-generic/pgtable.h
-index f50a87d..3860a22 100644
+index a59ff51..2594a70 100644
 --- a/include/asm-generic/pgtable.h
 +++ b/include/asm-generic/pgtable.h
-@@ -698,6 +698,14 @@ static inline pmd_t pmd_mknuma(pmd_t pmd)
+@@ -688,6 +688,14 @@ static inline pmd_t pmd_mknuma(pmd_t pmd)
  }
  #endif /* CONFIG_NUMA_BALANCING */
  
@@ -67629,10 +66447,10 @@ index f50a87d..3860a22 100644
  
  #endif /* !__ASSEMBLY__ */
 diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
-index d1ea7ce..b1ebf2a 100644
+index afa12c7..99d4da0 100644
 --- a/include/asm-generic/vmlinux.lds.h
 +++ b/include/asm-generic/vmlinux.lds.h
-@@ -218,6 +218,7 @@
+@@ -245,6 +245,7 @@
  	.rodata           : AT(ADDR(.rodata) - LOAD_OFFSET) {		\
  		VMLINUX_SYMBOL(__start_rodata) = .;			\
  		*(.rodata) *(.rodata.*)					\
@@ -67640,7 +66458,7 @@ index d1ea7ce..b1ebf2a 100644
  		*(__vermagic)		/* Kernel version magic */	\
  		. = ALIGN(8);						\
  		VMLINUX_SYMBOL(__start___tracepoints_ptrs) = .;		\
-@@ -725,17 +726,18 @@
+@@ -755,17 +756,18 @@
   * section in the linker script will go there too.  @phdr should have
   * a leading colon.
   *
@@ -67677,7 +66495,7 @@ index 418d270..bfd2794 100644
  struct crypto_instance {
  	struct crypto_alg alg;
 diff --git a/include/drm/drmP.h b/include/drm/drmP.h
-index fad21c9..ab858bc 100644
+index f1ce786..086a7a5 100644
 --- a/include/drm/drmP.h
 +++ b/include/drm/drmP.h
 @@ -72,6 +72,7 @@
@@ -67688,7 +66506,7 @@ index fad21c9..ab858bc 100644
  #include <drm/drm.h>
  #include <drm/drm_sarea.h>
  
-@@ -293,10 +294,12 @@ do {										\
+@@ -296,10 +297,12 @@ do {										\
   * \param cmd command.
   * \param arg argument.
   */
@@ -67703,7 +66521,7 @@ index fad21c9..ab858bc 100644
  			       unsigned long arg);
  
  #define DRM_IOCTL_NR(n)                _IOC_NR(n)
-@@ -311,9 +314,9 @@ typedef int drm_ioctl_compat_t(struct file *filp, unsigned int cmd,
+@@ -314,9 +317,9 @@ typedef int drm_ioctl_compat_t(struct file *filp, unsigned int cmd,
  struct drm_ioctl_desc {
  	unsigned int cmd;
  	int flags;
@@ -67715,7 +66533,7 @@ index fad21c9..ab858bc 100644
  
  /**
   * Creates a driver or general drm_ioctl_desc array entry for the given
-@@ -995,7 +998,7 @@ struct drm_info_list {
+@@ -1014,7 +1017,7 @@ struct drm_info_list {
  	int (*show)(struct seq_file*, void*); /** show callback */
  	u32 driver_features; /**< Required driver features for this entry */
  	void *data;
@@ -67724,7 +66542,7 @@ index fad21c9..ab858bc 100644
  
  /**
   * debugfs node structure. This structure represents a debugfs file.
-@@ -1068,7 +1071,7 @@ struct drm_device {
+@@ -1087,7 +1090,7 @@ struct drm_device {
  
  	/** \name Usage Counters */
  	/*@{ */
@@ -67733,7 +66551,7 @@ index fad21c9..ab858bc 100644
  	atomic_t ioctl_count;		/**< Outstanding IOCTLs pending */
  	atomic_t vma_count;		/**< Outstanding vma areas open */
  	int buf_use;			/**< Buffers in use -- cannot alloc */
-@@ -1079,7 +1082,7 @@ struct drm_device {
+@@ -1098,7 +1101,7 @@ struct drm_device {
  	/*@{ */
  	unsigned long counters;
  	enum drm_stat_type types[15];
@@ -67804,7 +66622,7 @@ index c1da539..1dcec55 100644
  struct atmphy_ops {
  	int (*start)(struct atm_dev *dev);
 diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h
-index 0530b98..96a8ac0 100644
+index c3a0914..ec5d48a 100644
 --- a/include/linux/binfmts.h
 +++ b/include/linux/binfmts.h
 @@ -73,8 +73,9 @@ struct linux_binfmt {
@@ -67819,10 +66637,10 @@ index 0530b98..96a8ac0 100644
  extern void __register_binfmt(struct linux_binfmt *fmt, int insert);
  
 diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h
-index f94bc83..62b9cfe 100644
+index 33f358f..7f2c27f 100644
 --- a/include/linux/blkdev.h
 +++ b/include/linux/blkdev.h
-@@ -1498,7 +1498,7 @@ struct block_device_operations {
+@@ -1499,7 +1499,7 @@ struct block_device_operations {
  	/* this callback is with swap_lock and sometimes page table lock held */
  	void (*swap_slot_free_notify) (struct block_device *, unsigned long);
  	struct module *owner;
@@ -67903,10 +66721,10 @@ index 42e55de..1cd0e66 100644
  extern struct cleancache_ops
  	cleancache_register_ops(struct cleancache_ops *ops);
 diff --git a/include/linux/compat.h b/include/linux/compat.h
-index dec7e2d..45db13f 100644
+index 377cd8c..2479845 100644
 --- a/include/linux/compat.h
 +++ b/include/linux/compat.h
-@@ -311,14 +311,14 @@ long compat_sys_msgsnd(int first, int second, int third, void __user *uptr);
+@@ -332,14 +332,14 @@ long compat_sys_msgsnd(int first, int second, int third, void __user *uptr);
  long compat_sys_msgrcv(int first, int second, int msgtyp, int third,
  		int version, void __user *uptr);
  long compat_sys_shmat(int first, int second, compat_uptr_t third, int version,
@@ -67923,7 +66741,7 @@ index dec7e2d..45db13f 100644
  #endif
  long compat_sys_msgctl(int first, int second, void __user *uptr);
  long compat_sys_shmctl(int first, int second, void __user *uptr);
-@@ -414,7 +414,7 @@ extern int compat_ptrace_request(struct task_struct *child,
+@@ -442,7 +442,7 @@ extern int compat_ptrace_request(struct task_struct *child,
  extern long compat_arch_ptrace(struct task_struct *child, compat_long_t request,
  			       compat_ulong_t addr, compat_ulong_t data);
  asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid,
@@ -67933,13 +66751,21 @@ index dec7e2d..45db13f 100644
  /*
   * epoll (fs/eventpoll.c) compat bits follow ...
 diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h
-index 662fd1b..e801992 100644
+index 68b162d..660f5f0 100644
 --- a/include/linux/compiler-gcc4.h
 +++ b/include/linux/compiler-gcc4.h
-@@ -34,6 +34,21 @@
- #define __UNIQUE_ID(prefix) __PASTE(__PASTE(__UNIQUE_ID_, prefix), __COUNTER__)
+@@ -39,9 +39,29 @@
+ # define __compiletime_warning(message) __attribute__((warning(message)))
+ # define __compiletime_error(message) __attribute__((error(message)))
+ #endif /* __CHECKER__ */
++
++#define __alloc_size(...)	__attribute((alloc_size(__VA_ARGS__)))
++#define __bos(ptr, arg)		__builtin_object_size((ptr), (arg))
++#define __bos0(ptr)		__bos((ptr), 0)
++#define __bos1(ptr)		__bos((ptr), 1)
+ #endif /* GCC_VERSION >= 40300 */
  
- #if __GNUC_MINOR__ >= 5
+ #if GCC_VERSION >= 40500
 +
 +#ifdef CONSTIFY_PLUGIN
 +#define __no_const __attribute__((no_const))
@@ -67958,20 +66784,8 @@ index 662fd1b..e801992 100644
  /*
   * Mark a position in code as unreachable.  This can be used to
   * suppress control flow warnings after asm blocks that transfer
-@@ -49,6 +64,11 @@
- #define __noclone	__attribute__((__noclone__))
- 
- #endif
-+
-+#define __alloc_size(...)	__attribute((alloc_size(__VA_ARGS__)))
-+#define __bos(ptr, arg)		__builtin_object_size((ptr), (arg))
-+#define __bos0(ptr)		__bos((ptr), 0)
-+#define __bos1(ptr)		__bos((ptr), 1)
- #endif
- 
- #if __GNUC_MINOR__ >= 6
 diff --git a/include/linux/compiler.h b/include/linux/compiler.h
-index dd852b7..1ad5fba 100644
+index 10b8f23..5e0b083 100644
 --- a/include/linux/compiler.h
 +++ b/include/linux/compiler.h
 @@ -5,11 +5,14 @@
@@ -68089,7 +66903,7 @@ index dd852b7..1ad5fba 100644
  /* Simple shorthand for a section definition */
  #ifndef __section
  # define __section(S) __attribute__ ((__section__(#S)))
-@@ -323,6 +381,7 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect);
+@@ -349,6 +407,7 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect);
   * use is to mediate communication between process-level code and irq/NMI
   * handlers, all running on the same CPU.
   */
@@ -68099,17 +66913,19 @@ index dd852b7..1ad5fba 100644
  
  #endif /* __LINUX_COMPILER_H */
 diff --git a/include/linux/completion.h b/include/linux/completion.h
-index 51494e6..0fd1b61 100644
+index 33f0280..35c6568 100644
 --- a/include/linux/completion.h
 +++ b/include/linux/completion.h
-@@ -78,13 +78,13 @@ static inline void init_completion(struct completion *x)
- 
+@@ -79,15 +79,15 @@ static inline void init_completion(struct completion *x)
  extern void wait_for_completion(struct completion *);
+ extern void wait_for_completion_io(struct completion *);
  extern int wait_for_completion_interruptible(struct completion *x);
 -extern int wait_for_completion_killable(struct completion *x);
 +extern int wait_for_completion_killable(struct completion *x) __intentional_overflow(-1);
  extern unsigned long wait_for_completion_timeout(struct completion *x,
  						   unsigned long timeout);
+ extern unsigned long wait_for_completion_io_timeout(struct completion *x,
+ 						    unsigned long timeout);
  extern long wait_for_completion_interruptible_timeout(
 -	struct completion *x, unsigned long timeout);
 +	struct completion *x, unsigned long timeout) __intentional_overflow(-1);
@@ -68146,10 +66962,10 @@ index ce7a074..01ab8ac 100644
  	register_cpu_notifier(&fn##_nb);			\
  }
 diff --git a/include/linux/cpufreq.h b/include/linux/cpufreq.h
-index a55b88e..fba90c5 100644
+index a22944c..4e695fe 100644
 --- a/include/linux/cpufreq.h
 +++ b/include/linux/cpufreq.h
-@@ -240,7 +240,7 @@ struct cpufreq_driver {
+@@ -252,7 +252,7 @@ struct cpufreq_driver {
  	int	(*suspend)	(struct cpufreq_policy *policy);
  	int	(*resume)	(struct cpufreq_policy *policy);
  	struct freq_attr	**attr;
@@ -68158,7 +66974,7 @@ index a55b88e..fba90c5 100644
  
  /* flags */
  
-@@ -299,6 +299,7 @@ struct global_attr {
+@@ -311,6 +311,7 @@ struct global_attr {
  	ssize_t (*store)(struct kobject *a, struct attribute *b,
  			 const char *c, size_t count);
  };
@@ -68167,10 +66983,10 @@ index a55b88e..fba90c5 100644
  #define define_one_global_ro(_name)		\
  static struct global_attr _name =		\
 diff --git a/include/linux/cpuidle.h b/include/linux/cpuidle.h
-index 24cd1037..20a63aae 100644
+index 480c14d..552896f 100644
 --- a/include/linux/cpuidle.h
 +++ b/include/linux/cpuidle.h
-@@ -54,7 +54,8 @@ struct cpuidle_state {
+@@ -52,7 +52,8 @@ struct cpuidle_state {
  			int index);
  
  	int (*enter_dead) (struct cpuidle_device *dev, int index);
@@ -68180,7 +66996,7 @@ index 24cd1037..20a63aae 100644
  
  /* Idle State Flags */
  #define CPUIDLE_FLAG_TIME_VALID	(0x01) /* is residency time measurable? */
-@@ -216,7 +217,7 @@ struct cpuidle_governor {
+@@ -194,7 +195,7 @@ struct cpuidle_governor {
  	void (*reflect)		(struct cpuidle_device *dev, int index);
  
  	struct module 		*owner;
@@ -68311,7 +67127,7 @@ index 7925bf0..d5143d2 100644
  
  #define large_malloc(a) vmalloc(a)
 diff --git a/include/linux/devfreq.h b/include/linux/devfreq.h
-index e83ef39..33e0eb3 100644
+index fe8c447..bdc1f33 100644
 --- a/include/linux/devfreq.h
 +++ b/include/linux/devfreq.h
 @@ -114,7 +114,7 @@ struct devfreq_governor {
@@ -68324,10 +67140,10 @@ index e83ef39..33e0eb3 100644
  /**
   * struct devfreq - Device devfreq structure
 diff --git a/include/linux/device.h b/include/linux/device.h
-index 43dcda9..7a1fb65 100644
+index 9d6464e..8a5cc92 100644
 --- a/include/linux/device.h
 +++ b/include/linux/device.h
-@@ -294,7 +294,7 @@ struct subsys_interface {
+@@ -295,7 +295,7 @@ struct subsys_interface {
  	struct list_head node;
  	int (*add_dev)(struct device *dev, struct subsys_interface *sif);
  	int (*remove_dev)(struct device *dev, struct subsys_interface *sif);
@@ -68336,7 +67152,7 @@ index 43dcda9..7a1fb65 100644
  
  int subsys_interface_register(struct subsys_interface *sif);
  void subsys_interface_unregister(struct subsys_interface *sif);
-@@ -474,7 +474,7 @@ struct device_type {
+@@ -475,7 +475,7 @@ struct device_type {
  	void (*release)(struct device *dev);
  
  	const struct dev_pm_ops *pm;
@@ -68345,7 +67161,7 @@ index 43dcda9..7a1fb65 100644
  
  /* interface for exporting device attributes */
  struct device_attribute {
-@@ -484,11 +484,12 @@ struct device_attribute {
+@@ -485,11 +485,12 @@ struct device_attribute {
  	ssize_t (*store)(struct device *dev, struct device_attribute *attr,
  			 const char *buf, size_t count);
  };
@@ -68373,10 +67189,10 @@ index 94af418..b1ca7a2 100644
  #define DMA_BIT_MASK(n)	(((n) == 64) ? ~0ULL : ((1ULL<<(n))-1))
  
 diff --git a/include/linux/dmaengine.h b/include/linux/dmaengine.h
-index d3201e4..8281e63 100644
+index 91ac8da..a841318 100644
 --- a/include/linux/dmaengine.h
 +++ b/include/linux/dmaengine.h
-@@ -1018,9 +1018,9 @@ struct dma_pinned_list {
+@@ -1034,9 +1034,9 @@ struct dma_pinned_list {
  struct dma_pinned_list *dma_pin_iovec_pages(struct iovec *iov, size_t len);
  void dma_unpin_iovec_pages(struct dma_pinned_list* pinned_list);
  
@@ -68389,22 +67205,22 @@ index d3201e4..8281e63 100644
  	unsigned int offset, size_t len);
  
 diff --git a/include/linux/efi.h b/include/linux/efi.h
-index 7a9498a..155713d 100644
+index 3d7df3d..301f024 100644
 --- a/include/linux/efi.h
 +++ b/include/linux/efi.h
-@@ -733,6 +733,7 @@ struct efivar_operations {
+@@ -740,6 +740,7 @@ struct efivar_operations {
  	efi_set_variable_t *set_variable;
- 	efi_query_variable_info_t *query_variable_info;
+ 	efi_query_variable_store_t *query_variable_store;
  };
 +typedef struct efivar_operations __no_const efivar_operations_no_const;
  
  struct efivars {
  	/*
 diff --git a/include/linux/elf.h b/include/linux/elf.h
-index 8c9048e..16a4665 100644
+index 40a3c0e..4c45a38 100644
 --- a/include/linux/elf.h
 +++ b/include/linux/elf.h
-@@ -20,6 +20,7 @@ extern Elf32_Dyn _DYNAMIC [];
+@@ -24,6 +24,7 @@ extern Elf32_Dyn _DYNAMIC [];
  #define elf_note	elf32_note
  #define elf_addr_t	Elf32_Off
  #define Elf_Half	Elf32_Half
@@ -68412,7 +67228,7 @@ index 8c9048e..16a4665 100644
  
  #else
  
-@@ -30,6 +31,7 @@ extern Elf64_Dyn _DYNAMIC [];
+@@ -34,6 +35,7 @@ extern Elf64_Dyn _DYNAMIC [];
  #define elf_note	elf64_note
  #define elf_addr_t	Elf64_Off
  #define Elf_Half	Elf64_Half
@@ -68453,10 +67269,10 @@ index fcb51c8..bdafcf6 100644
  
  /**
 diff --git a/include/linux/fb.h b/include/linux/fb.h
-index c7a9571..02eeffe 100644
+index 58b9860..58e5516 100644
 --- a/include/linux/fb.h
 +++ b/include/linux/fb.h
-@@ -302,7 +302,7 @@ struct fb_ops {
+@@ -304,7 +304,7 @@ struct fb_ops {
  	/* called at KDB enter and leave time to prepare the console */
  	int (*fb_debug_enter)(struct fb_info *info);
  	int (*fb_debug_leave)(struct fb_info *info);
@@ -68501,7 +67317,7 @@ index 3044254..9767f41 100644
  extern bool frontswap_enabled;
  extern struct frontswap_ops
 diff --git a/include/linux/fs.h b/include/linux/fs.h
-index 7617ee0..b575199 100644
+index 2c28271..8d3d74c 100644
 --- a/include/linux/fs.h
 +++ b/include/linux/fs.h
 @@ -1541,7 +1541,8 @@ struct file_operations {
@@ -68514,7 +67330,7 @@ index 7617ee0..b575199 100644
  
  struct inode_operations {
  	struct dentry * (*lookup) (struct inode *,struct dentry *, unsigned int);
-@@ -2665,4 +2666,14 @@ static inline void inode_has_no_xattr(struct inode *inode)
+@@ -2672,4 +2673,14 @@ static inline void inode_has_no_xattr(struct inode *inode)
  		inode->i_flags |= S_NOSEC;
  }
  
@@ -68530,7 +67346,7 @@ index 7617ee0..b575199 100644
 +
  #endif /* _LINUX_FS_H */
 diff --git a/include/linux/fs_struct.h b/include/linux/fs_struct.h
-index 324f931..f292b65 100644
+index 2b93a9a..855d94a 100644
 --- a/include/linux/fs_struct.h
 +++ b/include/linux/fs_struct.h
 @@ -6,7 +6,7 @@
@@ -68578,7 +67394,7 @@ index 7a08623..4c07b0f 100644
  /*
   * fscache cached network filesystem type
 diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h
-index 0fbfb46..508eb0d 100644
+index a78680a..87bd73e 100644
 --- a/include/linux/fsnotify.h
 +++ b/include/linux/fsnotify.h
 @@ -195,6 +195,9 @@ static inline void fsnotify_access(struct file *file)
@@ -68611,20 +67427,20 @@ index 0fbfb46..508eb0d 100644
  
  /*
 diff --git a/include/linux/ftrace_event.h b/include/linux/ftrace_event.h
-index a3d4895..ddd2a50 100644
+index 13a54d0..c6ce2a7 100644
 --- a/include/linux/ftrace_event.h
 +++ b/include/linux/ftrace_event.h
-@@ -272,7 +272,7 @@ extern int trace_define_field(struct ftrace_event_call *call, const char *type,
+@@ -274,7 +274,7 @@ extern int trace_define_field(struct ftrace_event_call *call, const char *type,
  extern int trace_add_event_call(struct ftrace_event_call *call);
  extern void trace_remove_event_call(struct ftrace_event_call *call);
  
--#define is_signed_type(type)	(((type)(-1)) < 0)
+-#define is_signed_type(type)	(((type)(-1)) < (type)0)
 +#define is_signed_type(type)	(((type)(-1)) < (type)1)
  
  int trace_set_clr_event(const char *system, const char *event, int set);
  
 diff --git a/include/linux/genhd.h b/include/linux/genhd.h
-index 79b8bba..86b539e 100644
+index 9f3c275..911b591 100644
 --- a/include/linux/genhd.h
 +++ b/include/linux/genhd.h
 @@ -194,7 +194,7 @@ struct gendisk {
@@ -69181,7 +67997,7 @@ index 0000000..be66033
 +#endif
 diff --git a/include/linux/grinternal.h b/include/linux/grinternal.h
 new file mode 100644
-index 0000000..9bb6662
+index 0000000..5402bce
 --- /dev/null
 +++ b/include/linux/grinternal.h
 @@ -0,0 +1,215 @@
@@ -69280,19 +68096,19 @@ index 0000000..9bb6662
 +
 +#define gr_task_fullpath(tsk) ((tsk)->exec_file ? \
 +			gr_to_filename2((tsk)->exec_file->f_path.dentry, \
-+			(tsk)->exec_file->f_vfsmnt) : "/")
++			(tsk)->exec_file->f_path.mnt) : "/")
 +
 +#define gr_parent_task_fullpath(tsk) ((tsk)->real_parent->exec_file ? \
 +			gr_to_filename3((tsk)->real_parent->exec_file->f_path.dentry, \
-+			(tsk)->real_parent->exec_file->f_vfsmnt) : "/")
++			(tsk)->real_parent->exec_file->f_path.mnt) : "/")
 +
 +#define gr_task_fullpath0(tsk) ((tsk)->exec_file ? \
 +			gr_to_filename((tsk)->exec_file->f_path.dentry, \
-+			(tsk)->exec_file->f_vfsmnt) : "/")
++			(tsk)->exec_file->f_path.mnt) : "/")
 +
 +#define gr_parent_task_fullpath0(tsk) ((tsk)->real_parent->exec_file ? \
 +			gr_to_filename1((tsk)->real_parent->exec_file->f_path.dentry, \
-+			(tsk)->real_parent->exec_file->f_vfsmnt) : "/")
++			(tsk)->real_parent->exec_file->f_path.mnt) : "/")
 +
 +#define proc_is_chrooted(tsk_a)  ((tsk_a)->gr_is_chrooted)
 +
@@ -69519,7 +68335,7 @@ index 0000000..2bd4c8d
 +#define GR_BRUTE_DAEMON_MSG "bruteforce prevention initiated for the next 30 minutes or until service restarted, stalling each fork 30 seconds.  Please investigate the crash report for "
 diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h
 new file mode 100644
-index 0000000..8da63a4
+index 0000000..d7ef0ac
 --- /dev/null
 +++ b/include/linux/grsecurity.h
 @@ -0,0 +1,242 @@
@@ -69567,7 +68383,7 @@ index 0000000..8da63a4
 +int gr_chroot_fchdir(struct dentry *u_dentry, struct vfsmount *u_mnt);
 +int gr_handle_chroot_chroot(const struct dentry *dentry,
 +				   const struct vfsmount *mnt);
-+void gr_handle_chroot_chdir(struct path *path);
++void gr_handle_chroot_chdir(const struct path *path);
 +int gr_handle_chroot_chmod(const struct dentry *dentry,
 +				  const struct vfsmount *mnt, const int mode);
 +int gr_handle_chroot_mknod(const struct dentry *dentry,
@@ -69587,7 +68403,7 @@ index 0000000..8da63a4
 +
 +int gr_tpe_allow(const struct file *file);
 +
-+void gr_set_chroot_entries(struct task_struct *task, struct path *path);
++void gr_set_chroot_entries(struct task_struct *task, const struct path *path);
 +void gr_clear_chroot_entries(struct task_struct *task);
 +
 +void gr_log_forkfail(const int retval);
@@ -69791,7 +68607,7 @@ index 0000000..e7ffaaf
 +
 +#endif
 diff --git a/include/linux/highmem.h b/include/linux/highmem.h
-index ef788b5..ac41b7b 100644
+index 7fb31da..08b5114 100644
 --- a/include/linux/highmem.h
 +++ b/include/linux/highmem.h
 @@ -189,6 +189,18 @@ static inline void clear_highpage(struct page *page)
@@ -69875,7 +68691,7 @@ index aff7ad8..3942bbd 100644
  extern int register_pppox_proto(int proto_num, const struct pppox_proto *pp);
  extern void unregister_pppox_proto(int proto_num);
 diff --git a/include/linux/init.h b/include/linux/init.h
-index 10ed4f4..8e8490d 100644
+index 8618147..0821126 100644
 --- a/include/linux/init.h
 +++ b/include/linux/init.h
 @@ -39,9 +39,36 @@
@@ -69935,10 +68751,10 @@ index 10ed4f4..8e8490d 100644
  #define __meminitconst   __constsection(.meminit.rodata)
  #define __memexit        __section(.memexit.text) __exitused __cold notrace
 diff --git a/include/linux/init_task.h b/include/linux/init_task.h
-index 6d087c5..401cab8 100644
+index 5cd0f09..c9f67cc 100644
 --- a/include/linux/init_task.h
 +++ b/include/linux/init_task.h
-@@ -143,6 +143,12 @@ extern struct task_group root_task_group;
+@@ -154,6 +154,12 @@ extern struct task_group root_task_group;
  
  #define INIT_TASK_COMM "swapper"
  
@@ -69951,7 +68767,7 @@ index 6d087c5..401cab8 100644
  /*
   *  INIT_TASK is used to set up the first task table, touch at
   * your own risk!. Base=0, limit=0x1fffff (=2MB)
-@@ -182,6 +188,7 @@ extern struct task_group root_task_group;
+@@ -193,6 +199,7 @@ extern struct task_group root_task_group;
  	RCU_POINTER_INITIALIZER(cred, &init_cred),			\
  	.comm		= INIT_TASK_COMM,				\
  	.thread		= INIT_THREAD,					\
@@ -69989,12 +68805,12 @@ index 5fa5afe..ac55b25 100644
  extern void __raise_softirq_irqoff(unsigned int nr);
  
 diff --git a/include/linux/iommu.h b/include/linux/iommu.h
-index f3b99e1..9b73cee 100644
+index ba3b8a9..7e14ed8 100644
 --- a/include/linux/iommu.h
 +++ b/include/linux/iommu.h
-@@ -101,7 +101,7 @@ struct iommu_ops {
- 	int (*domain_set_attr)(struct iommu_domain *domain,
- 			       enum iommu_attr attr, void *data);
+@@ -113,7 +113,7 @@ struct iommu_ops {
+ 	u32 (*domain_get_windows)(struct iommu_domain *domain);
+ 
  	unsigned long pgsize_bitmap;
 -};
 +} __do_const;
@@ -70015,7 +68831,7 @@ index 85ac9b9b..e5759ab 100644
  	return res->end - res->start + 1;
  }
 diff --git a/include/linux/irq.h b/include/linux/irq.h
-index fdf2c4a..5332486 100644
+index bc4e066..50468a9 100644
 --- a/include/linux/irq.h
 +++ b/include/linux/irq.h
 @@ -328,7 +328,8 @@ struct irq_chip {
@@ -70028,6 +68844,19 @@ index fdf2c4a..5332486 100644
  
  /*
   * irq_chip specific flags
+diff --git a/include/linux/irqchip/arm-gic.h b/include/linux/irqchip/arm-gic.h
+index 3fd8e42..d5403e1 100644
+--- a/include/linux/irqchip/arm-gic.h
++++ b/include/linux/irqchip/arm-gic.h
+@@ -61,7 +61,7 @@
+ 
+ struct device_node;
+ 
+-extern struct irq_chip gic_arch_extn;
++extern irq_chip_no_const gic_arch_extn;
+ 
+ void gic_init_bases(unsigned int, int, void __iomem *, void __iomem *,
+ 		    u32 offset, struct device_node *);
 diff --git a/include/linux/kallsyms.h b/include/linux/kallsyms.h
 index 6883e19..06992b1 100644
 --- a/include/linux/kallsyms.h
@@ -70074,10 +68903,10 @@ index 518a53a..5e28358 100644
  extern struct key_type key_type_keyring;
  
 diff --git a/include/linux/kgdb.h b/include/linux/kgdb.h
-index 4dff0c6..1ca9b72 100644
+index c6e091b..a940adf 100644
 --- a/include/linux/kgdb.h
 +++ b/include/linux/kgdb.h
-@@ -53,7 +53,7 @@ extern int kgdb_connected;
+@@ -52,7 +52,7 @@ extern int kgdb_connected;
  extern int kgdb_io_module_registered;
  
  extern atomic_t			kgdb_setting_breakpoint;
@@ -70086,7 +68915,7 @@ index 4dff0c6..1ca9b72 100644
  
  extern struct task_struct	*kgdb_usethread;
  extern struct task_struct	*kgdb_contthread;
-@@ -255,7 +255,7 @@ struct kgdb_arch {
+@@ -254,7 +254,7 @@ struct kgdb_arch {
  	void	(*correct_hw_break)(void);
  
  	void	(*enable_nmi)(bool on);
@@ -70095,7 +68924,7 @@ index 4dff0c6..1ca9b72 100644
  
  /**
   * struct kgdb_io - Describe the interface for an I/O driver to talk with KGDB.
-@@ -280,7 +280,7 @@ struct kgdb_io {
+@@ -279,7 +279,7 @@ struct kgdb_io {
  	void			(*pre_exception) (void);
  	void			(*post_exception) (void);
  	int			is_console;
@@ -70165,10 +68994,10 @@ index 4972e6e..de4d19b 100644
  	if (atomic_sub_and_test((int) count, &kref->refcount)) {
  		release(kref);
 diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
-index ffdf8b7..1f91d0e 100644
+index c139582..0b5b102 100644
 --- a/include/linux/kvm_host.h
 +++ b/include/linux/kvm_host.h
-@@ -418,7 +418,7 @@ void kvm_vcpu_uninit(struct kvm_vcpu *vcpu);
+@@ -424,7 +424,7 @@ void kvm_vcpu_uninit(struct kvm_vcpu *vcpu);
  int __must_check vcpu_load(struct kvm_vcpu *vcpu);
  void vcpu_put(struct kvm_vcpu *vcpu);
  
@@ -70177,7 +69006,7 @@ index ffdf8b7..1f91d0e 100644
  		  struct module *module);
  void kvm_exit(void);
  
-@@ -574,7 +574,7 @@ int kvm_arch_vcpu_ioctl_set_guest_debug(struct kvm_vcpu *vcpu,
+@@ -582,7 +582,7 @@ int kvm_arch_vcpu_ioctl_set_guest_debug(struct kvm_vcpu *vcpu,
  					struct kvm_guest_debug *dbg);
  int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run);
  
@@ -70187,10 +69016,10 @@ index ffdf8b7..1f91d0e 100644
  
  int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu);
 diff --git a/include/linux/libata.h b/include/linux/libata.h
-index 0621bca..24d6851 100644
+index eae7a05..2cdd875 100644
 --- a/include/linux/libata.h
 +++ b/include/linux/libata.h
-@@ -916,7 +916,7 @@ struct ata_port_operations {
+@@ -919,7 +919,7 @@ struct ata_port_operations {
  	 * fields must be pointers.
  	 */
  	const struct ata_port_operations	*inherits;
@@ -70200,7 +69029,7 @@ index 0621bca..24d6851 100644
  struct ata_port_info {
  	unsigned long		flags;
 diff --git a/include/linux/list.h b/include/linux/list.h
-index cc6d2aa..c10ee83 100644
+index 6a1f8df..eaec1ff 100644
 --- a/include/linux/list.h
 +++ b/include/linux/list.h
 @@ -112,6 +112,19 @@ extern void __list_del_entry(struct list_head *entry);
@@ -70264,7 +69093,7 @@ index b8ba855..0148090 100644
  	u32 remainder;
  	return div_u64_rem(dividend, divisor, &remainder);
 diff --git a/include/linux/mm.h b/include/linux/mm.h
-index 9568b90..6cc79f9 100644
+index e2091b8..821db54 100644
 --- a/include/linux/mm.h
 +++ b/include/linux/mm.h
 @@ -101,6 +101,11 @@ extern unsigned int kobjsize(const void *objp);
@@ -70279,7 +69108,7 @@ index 9568b90..6cc79f9 100644
  #define VM_DONTDUMP	0x04000000	/* Do not include in the core dump */
  
  #define VM_MIXEDMAP	0x10000000	/* Can contain "struct page" and pure PFN pages */
-@@ -200,8 +205,8 @@ struct vm_operations_struct {
+@@ -202,8 +207,8 @@ struct vm_operations_struct {
  	/* called by access_process_vm when get_user_pages() fails, typically
  	 * for use by special VMAs that can switch between memory and hardware
  	 */
@@ -70290,7 +69119,7 @@ index 9568b90..6cc79f9 100644
  #ifdef CONFIG_NUMA
  	/*
  	 * set_policy() op must add a reference to any non-NULL @new mempolicy
-@@ -231,6 +236,7 @@ struct vm_operations_struct {
+@@ -233,6 +238,7 @@ struct vm_operations_struct {
  	int (*remap_pages)(struct vm_area_struct *vma, unsigned long addr,
  			   unsigned long size, pgoff_t pgoff);
  };
@@ -70298,7 +69127,7 @@ index 9568b90..6cc79f9 100644
  
  struct mmu_gather;
  struct inode;
-@@ -995,8 +1001,8 @@ int follow_pfn(struct vm_area_struct *vma, unsigned long address,
+@@ -970,8 +976,8 @@ int follow_pfn(struct vm_area_struct *vma, unsigned long address,
  	unsigned long *pfn);
  int follow_phys(struct vm_area_struct *vma, unsigned long address,
  		unsigned int flags, unsigned long *prot, resource_size_t *phys);
@@ -70309,22 +69138,20 @@ index 9568b90..6cc79f9 100644
  
  static inline void unmap_shared_mapping_range(struct address_space *mapping,
  		loff_t const holebegin, loff_t const holelen)
-@@ -1035,10 +1041,10 @@ static inline int fixup_user_fault(struct task_struct *tsk,
+@@ -1010,9 +1016,9 @@ static inline int fixup_user_fault(struct task_struct *tsk,
  }
  #endif
  
--extern int make_pages_present(unsigned long addr, unsigned long end);
 -extern int access_process_vm(struct task_struct *tsk, unsigned long addr, void *buf, int len, int write);
 -extern int access_remote_vm(struct mm_struct *mm, unsigned long addr,
 -		void *buf, int len, int write);
-+extern ssize_t make_pages_present(unsigned long addr, unsigned long end);
 +extern ssize_t access_process_vm(struct task_struct *tsk, unsigned long addr, void *buf, size_t len, int write);
 +extern ssize_t access_remote_vm(struct mm_struct *mm, unsigned long addr,
 +		void *buf, size_t len, int write);
  
- int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
- 		     unsigned long start, int len, unsigned int foll_flags,
-@@ -1068,34 +1074,6 @@ int set_page_dirty(struct page *page);
+ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
+ 		      unsigned long start, unsigned long nr_pages,
+@@ -1043,34 +1049,6 @@ int set_page_dirty(struct page *page);
  int set_page_dirty_lock(struct page *page);
  int clear_page_dirty_for_io(struct page *page);
  
@@ -70359,7 +69186,7 @@ index 9568b90..6cc79f9 100644
  extern pid_t
  vm_is_stack(struct task_struct *task, struct vm_area_struct *vma, int in_group);
  
-@@ -1198,6 +1176,15 @@ static inline void sync_mm_rss(struct mm_struct *mm)
+@@ -1173,6 +1151,15 @@ static inline void sync_mm_rss(struct mm_struct *mm)
  }
  #endif
  
@@ -70375,7 +69202,7 @@ index 9568b90..6cc79f9 100644
  int vma_wants_writenotify(struct vm_area_struct *vma);
  
  extern pte_t *__get_locked_pte(struct mm_struct *mm, unsigned long addr,
-@@ -1216,8 +1203,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd,
+@@ -1191,8 +1178,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd,
  {
  	return 0;
  }
@@ -70391,7 +69218,7 @@ index 9568b90..6cc79f9 100644
  #endif
  
  #ifdef __PAGETABLE_PMD_FOLDED
-@@ -1226,8 +1220,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud,
+@@ -1201,8 +1195,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud,
  {
  	return 0;
  }
@@ -70407,7 +69234,7 @@ index 9568b90..6cc79f9 100644
  #endif
  
  int __pte_alloc(struct mm_struct *mm, struct vm_area_struct *vma,
-@@ -1245,11 +1246,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a
+@@ -1220,11 +1221,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a
  		NULL: pud_offset(pgd, address);
  }
  
@@ -70431,15 +69258,23 @@ index 9568b90..6cc79f9 100644
  #endif /* CONFIG_MMU && !__ARCH_HAS_4LEVEL_HACK */
  
  #if USE_SPLIT_PTLOCKS
-@@ -1479,6 +1492,7 @@ extern unsigned long do_mmap_pgoff(struct file *, unsigned long,
-         unsigned long, unsigned long,
-         unsigned long, unsigned long);
+@@ -1455,6 +1468,7 @@ extern unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
+ 	unsigned long len, unsigned long prot, unsigned long flags,
+ 	unsigned long pgoff, unsigned long *populate);
  extern int do_munmap(struct mm_struct *, unsigned long, size_t);
 +extern int __do_munmap(struct mm_struct *, unsigned long, size_t);
  
- /* These take the mm semaphore themselves */
- extern unsigned long vm_brk(unsigned long, unsigned long);
-@@ -1573,6 +1587,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add
+ #ifdef CONFIG_MMU
+ extern int __mm_populate(unsigned long addr, unsigned long len,
+@@ -1483,6 +1497,7 @@ struct vm_unmapped_area_info {
+ 	unsigned long high_limit;
+ 	unsigned long align_mask;
+ 	unsigned long align_offset;
++	unsigned long threadstack_offset;
+ };
+ 
+ extern unsigned long unmapped_area(struct vm_unmapped_area_info *info);
+@@ -1561,6 +1576,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add
  extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr,
  					     struct vm_area_struct **pprev);
  
@@ -70450,7 +69285,7 @@ index 9568b90..6cc79f9 100644
  /* Look up the first VMA which intersects the interval start_addr..end_addr-1,
     NULL if none.  Assume start_addr < end_addr. */
  static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * mm, unsigned long start_addr, unsigned long end_addr)
-@@ -1601,15 +1619,6 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm,
+@@ -1589,15 +1608,6 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm,
  	return vma;
  }
  
@@ -70466,7 +69301,7 @@ index 9568b90..6cc79f9 100644
  #ifdef CONFIG_ARCH_USES_NUMA_PROT_NONE
  unsigned long change_prot_numa(struct vm_area_struct *vma,
  			unsigned long start, unsigned long end);
-@@ -1651,6 +1660,11 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long);
+@@ -1649,6 +1659,11 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long);
  static inline void vm_stat_account(struct mm_struct *mm,
  			unsigned long flags, struct file *file, long pages)
  {
@@ -70478,16 +69313,16 @@ index 9568b90..6cc79f9 100644
  	mm->total_vm += pages;
  }
  #endif /* CONFIG_PROC_FS */
-@@ -1723,7 +1737,7 @@ extern int unpoison_memory(unsigned long pfn);
+@@ -1725,7 +1740,7 @@ extern int unpoison_memory(unsigned long pfn);
  extern int sysctl_memory_failure_early_kill;
  extern int sysctl_memory_failure_recovery;
  extern void shake_page(struct page *p, int access);
--extern atomic_long_t mce_bad_pages;
-+extern atomic_long_unchecked_t mce_bad_pages;
+-extern atomic_long_t num_poisoned_pages;
++extern atomic_long_unchecked_t num_poisoned_pages;
  extern int soft_offline_page(struct page *page, int flags);
  
  extern void dump_page(struct page *page);
-@@ -1754,5 +1768,11 @@ static inline unsigned int debug_guardpage_minorder(void) { return 0; }
+@@ -1756,5 +1771,11 @@ static inline unsigned int debug_guardpage_minorder(void) { return 0; }
  static inline bool page_is_guard(struct page *page) { return false; }
  #endif /* CONFIG_DEBUG_PAGEALLOC */
  
@@ -70500,10 +69335,10 @@ index 9568b90..6cc79f9 100644
  #endif /* __KERNEL__ */
  #endif /* _LINUX_MM_H */
 diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h
-index f8f5162..3aaf20f 100644
+index ace9a5f..81bdb59 100644
 --- a/include/linux/mm_types.h
 +++ b/include/linux/mm_types.h
-@@ -288,6 +288,8 @@ struct vm_area_struct {
+@@ -289,6 +289,8 @@ struct vm_area_struct {
  #ifdef CONFIG_NUMA
  	struct mempolicy *vm_policy;	/* NUMA policy for the VMA */
  #endif
@@ -70512,7 +69347,7 @@ index f8f5162..3aaf20f 100644
  };
  
  struct core_thread {
-@@ -436,6 +438,24 @@ struct mm_struct {
+@@ -437,6 +439,24 @@ struct mm_struct {
  	int first_nid;
  #endif
  	struct uprobes_state uprobes_state;
@@ -70560,10 +69395,10 @@ index c5d5278..f0b68c8 100644
  }
  
 diff --git a/include/linux/mmzone.h b/include/linux/mmzone.h
-index 73b64a3..6562925 100644
+index c74092e..b663967 100644
 --- a/include/linux/mmzone.h
 +++ b/include/linux/mmzone.h
-@@ -412,7 +412,7 @@ struct zone {
+@@ -396,7 +396,7 @@ struct zone {
  	unsigned long		flags;		   /* zone flags, see below */
  
  	/* Zone statistics */
@@ -70573,7 +69408,7 @@ index 73b64a3..6562925 100644
  	/*
  	 * The target ratio of ACTIVE_ANON to INACTIVE_ANON pages on
 diff --git a/include/linux/mod_devicetable.h b/include/linux/mod_devicetable.h
-index fed3def..c933f99 100644
+index 779cf7c..e6768240 100644
 --- a/include/linux/mod_devicetable.h
 +++ b/include/linux/mod_devicetable.h
 @@ -12,7 +12,7 @@
@@ -70585,7 +69420,7 @@ index fed3def..c933f99 100644
  
  struct pci_device_id {
  	__u32 vendor, device;		/* Vendor and device ID or PCI_ANY_ID*/
-@@ -139,7 +139,7 @@ struct usb_device_id {
+@@ -138,7 +138,7 @@ struct usb_device_id {
  #define USB_DEVICE_ID_MATCH_INT_PROTOCOL	0x0200
  #define USB_DEVICE_ID_MATCH_INT_NUMBER		0x0400
  
@@ -70594,7 +69429,7 @@ index fed3def..c933f99 100644
  #define HID_BUS_ANY				0xffff
  #define HID_GROUP_ANY				0x0000
  
-@@ -498,7 +498,7 @@ struct dmi_system_id {
+@@ -464,7 +464,7 @@ struct dmi_system_id {
  	const char *ident;
  	struct dmi_strmatch matches[4];
  	void *driver_data;
@@ -70604,7 +69439,7 @@ index fed3def..c933f99 100644
   * struct dmi_device_id appears during expansion of
   * "MODULE_DEVICE_TABLE(dmi, x)". Compiler doesn't look inside it
 diff --git a/include/linux/module.h b/include/linux/module.h
-index 1375ee3..ced8177 100644
+index ead1b57..81a3b6c 100644
 --- a/include/linux/module.h
 +++ b/include/linux/module.h
 @@ -17,9 +17,11 @@
@@ -70694,34 +69529,34 @@ index 1375ee3..ced8177 100644
 +	return ((void *)addr >= start && (void *)addr < start + size);
 +}
 +
-+static inline int within_module_core_rx(unsigned long addr, struct module *mod)
++static inline int within_module_core_rx(unsigned long addr, const struct module *mod)
 +{
 +	return within_module_range(addr, mod->module_core_rx, mod->core_size_rx);
 +}
 +
-+static inline int within_module_core_rw(unsigned long addr, struct module *mod)
++static inline int within_module_core_rw(unsigned long addr, const struct module *mod)
 +{
 +	return within_module_range(addr, mod->module_core_rw, mod->core_size_rw);
 +}
 +
-+static inline int within_module_init_rx(unsigned long addr, struct module *mod)
++static inline int within_module_init_rx(unsigned long addr, const struct module *mod)
 +{
 +	return within_module_range(addr, mod->module_init_rx, mod->init_size_rx);
 +}
 +
-+static inline int within_module_init_rw(unsigned long addr, struct module *mod)
++static inline int within_module_init_rw(unsigned long addr, const struct module *mod)
 +{
 +	return within_module_range(addr, mod->module_init_rw, mod->init_size_rw);
 +}
 +
- static inline int within_module_core(unsigned long addr, struct module *mod)
+ static inline int within_module_core(unsigned long addr, const struct module *mod)
  {
 -	return (unsigned long)mod->module_core <= addr &&
 -	       addr < (unsigned long)mod->module_core + mod->core_size;
 +	return within_module_core_rx(addr, mod) || within_module_core_rw(addr, mod);
  }
  
- static inline int within_module_init(unsigned long addr, struct module *mod)
+ static inline int within_module_init(unsigned long addr, const struct module *mod)
  {
 -	return (unsigned long)mod->module_init <= addr &&
 -	       addr < (unsigned long)mod->module_init + mod->init_size;
@@ -70839,18 +69674,18 @@ index aa16731..514b875 100644
  struct iovec;
  struct kvec;
 diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
-index 0e182f9..bd5d452 100644
+index 6151e90..2e0afb0 100644
 --- a/include/linux/netdevice.h
 +++ b/include/linux/netdevice.h
-@@ -1012,6 +1012,7 @@ struct net_device_ops {
- 						      u32 pid, u32 seq,
- 						      struct net_device *dev);
+@@ -1028,6 +1028,7 @@ struct net_device_ops {
+ 	int			(*ndo_change_carrier)(struct net_device *dev,
+ 						      bool new_carrier);
  };
 +typedef struct net_device_ops __no_const net_device_ops_no_const;
  
  /*
   *	The DEVICE structure.
-@@ -1078,7 +1079,7 @@ struct net_device {
+@@ -1094,7 +1095,7 @@ struct net_device {
  	int			iflink;
  
  	struct net_device_stats	stats;
@@ -70886,7 +69721,7 @@ index 7958e84..ed74d7a 100644
  /* The core set type structure */
  struct ip_set_type {
 diff --git a/include/linux/netfilter/nfnetlink.h b/include/linux/netfilter/nfnetlink.h
-index 4966dde..7d8ce06 100644
+index ecbb8e4..8a1c4e1 100644
 --- a/include/linux/netfilter/nfnetlink.h
 +++ b/include/linux/netfilter/nfnetlink.h
 @@ -16,7 +16,7 @@ struct nfnl_callback {
@@ -70971,10 +69806,10 @@ index 45fc162..01a4068 100644
  /**
   * struct hotplug_slot_info - used to notify the hotplug pci core of the state of the slot
 diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h
-index a280650..2b67b91 100644
+index 1d795df..727aa7b 100644
 --- a/include/linux/perf_event.h
 +++ b/include/linux/perf_event.h
-@@ -328,8 +328,8 @@ struct perf_event {
+@@ -333,8 +333,8 @@ struct perf_event {
  
  	enum perf_event_active_state	state;
  	unsigned int			attach_state;
@@ -70985,7 +69820,7 @@ index a280650..2b67b91 100644
  
  	/*
  	 * These are the total time in nanoseconds that the event
-@@ -380,8 +380,8 @@ struct perf_event {
+@@ -385,8 +385,8 @@ struct perf_event {
  	 * These accumulate total time (in nanoseconds) that children
  	 * events have been enabled and running, respectively.
  	 */
@@ -70996,7 +69831,37 @@ index a280650..2b67b91 100644
  
  	/*
  	 * Protect attach/detach and child_list:
-@@ -807,7 +807,7 @@ static inline void perf_restore_debug_store(void)			{ }
+@@ -704,7 +704,7 @@ static inline void perf_callchain_store(struct perf_callchain_entry *entry, u64
+ 		entry->ip[entry->nr++] = ip;
+ }
+ 
+-extern int sysctl_perf_event_paranoid;
++extern int sysctl_perf_event_legitimately_concerned;
+ extern int sysctl_perf_event_mlock;
+ extern int sysctl_perf_event_sample_rate;
+ 
+@@ -714,17 +714,17 @@ extern int perf_proc_update_handler(struct ctl_table *table, int write,
+ 
+ static inline bool perf_paranoid_tracepoint_raw(void)
+ {
+-	return sysctl_perf_event_paranoid > -1;
++	return sysctl_perf_event_legitimately_concerned > -1;
+ }
+ 
+ static inline bool perf_paranoid_cpu(void)
+ {
+-	return sysctl_perf_event_paranoid > 0;
++	return sysctl_perf_event_legitimately_concerned > 0;
+ }
+ 
+ static inline bool perf_paranoid_kernel(void)
+ {
+-	return sysctl_perf_event_paranoid > 1;
++	return sysctl_perf_event_legitimately_concerned > 1;
+ }
+ 
+ extern void perf_event_init(void);
+@@ -812,7 +812,7 @@ static inline void perf_restore_debug_store(void)			{ }
   */
  #define perf_cpu_notifier(fn)						\
  do {									\
@@ -71005,6 +69870,15 @@ index a280650..2b67b91 100644
  		{ .notifier_call = fn, .priority = CPU_PRI_PERF };	\
  	unsigned long cpu = smp_processor_id();				\
  	unsigned long flags;						\
+@@ -831,7 +831,7 @@ do {									\
+ struct perf_pmu_events_attr {
+ 	struct device_attribute attr;
+ 	u64 id;
+-};
++} __do_const;
+ 
+ #define PMU_EVENT_ATTR(_name, _var, _id, _show)				\
+ static struct perf_pmu_events_attr _var = {				\
 diff --git a/include/linux/pipe_fs_i.h b/include/linux/pipe_fs_i.h
 index ad1a427..6419649 100644
 --- a/include/linux/pipe_fs_i.h
@@ -71062,10 +69936,10 @@ index 7c1d252..c5c773e 100644
  
  struct generic_pm_domain {
 diff --git a/include/linux/pm_runtime.h b/include/linux/pm_runtime.h
-index f271860..6b3bec5 100644
+index 7d7e09e..8671ef8 100644
 --- a/include/linux/pm_runtime.h
 +++ b/include/linux/pm_runtime.h
-@@ -97,7 +97,7 @@ static inline bool pm_runtime_callbacks_present(struct device *dev)
+@@ -104,7 +104,7 @@ static inline bool pm_runtime_callbacks_present(struct device *dev)
  
  static inline void pm_runtime_mark_last_busy(struct device *dev)
  {
@@ -71129,31 +70003,31 @@ index 4ea1d37..80f4b33 100644
  /*
   * The return value from decompress routine is the length of the
 diff --git a/include/linux/printk.h b/include/linux/printk.h
-index 9afc01e..92c32e8 100644
+index 822171f..12b30e8 100644
 --- a/include/linux/printk.h
 +++ b/include/linux/printk.h
-@@ -101,6 +101,8 @@ void early_printk(const char *fmt, ...);
- extern int printk_needs_cpu(int cpu);
- extern void printk_tick(void);
+@@ -98,6 +98,8 @@ int no_printk(const char *fmt, ...)
+ extern asmlinkage __printf(1, 2)
+ void early_printk(const char *fmt, ...);
  
 +extern int kptr_restrict;
 +
  #ifdef CONFIG_PRINTK
  asmlinkage __printf(5, 0)
  int vprintk_emit(int facility, int level,
-@@ -135,7 +137,6 @@ extern bool printk_timed_ratelimit(unsigned long *caller_jiffies,
+@@ -132,7 +134,6 @@ extern bool printk_timed_ratelimit(unsigned long *caller_jiffies,
  
  extern int printk_delay_msec;
  extern int dmesg_restrict;
 -extern int kptr_restrict;
  
- void log_buf_kexec_setup(void);
- void __init setup_log_buf(int early);
+ extern void wake_up_klogd(void);
+ 
 diff --git a/include/linux/proc_fs.h b/include/linux/proc_fs.h
-index 32676b3..e46f2c0 100644
+index 94dfb2a..88b9d3b 100644
 --- a/include/linux/proc_fs.h
 +++ b/include/linux/proc_fs.h
-@@ -159,6 +159,18 @@ static inline struct proc_dir_entry *proc_create(const char *name, umode_t mode,
+@@ -165,6 +165,18 @@ static inline struct proc_dir_entry *proc_create(const char *name, umode_t mode,
  	return proc_create_data(name, mode, parent, proc_fops, NULL);
  }
  
@@ -71172,7 +70046,7 @@ index 32676b3..e46f2c0 100644
  static inline struct proc_dir_entry *create_proc_read_entry(const char *name,
  	umode_t mode, struct proc_dir_entry *base, 
  	read_proc_t *read_proc, void * data)
-@@ -268,7 +280,7 @@ struct proc_ns_operations {
+@@ -266,7 +278,7 @@ struct proc_ns_operations {
  	void (*put)(void *ns);
  	int (*install)(struct nsproxy *nsproxy, void *ns);
  	unsigned int (*inum)(void *ns);
@@ -71182,7 +70056,7 @@ index 32676b3..e46f2c0 100644
  extern const struct proc_ns_operations utsns_operations;
  extern const struct proc_ns_operations ipcns_operations;
 diff --git a/include/linux/random.h b/include/linux/random.h
-index d984608..d6f0042 100644
+index 347ce55..880f97c 100644
 --- a/include/linux/random.h
 +++ b/include/linux/random.h
 @@ -39,6 +39,11 @@ void prandom_seed(u32 seed);
@@ -71198,7 +70072,7 @@ index d984608..d6f0042 100644
   * Handle minimum values for seeds
   */
 diff --git a/include/linux/rculist.h b/include/linux/rculist.h
-index c92dd28..08f4eab 100644
+index 8089e35..3a0d59a 100644
 --- a/include/linux/rculist.h
 +++ b/include/linux/rculist.h
 @@ -44,6 +44,9 @@ extern void __list_add_rcu(struct list_head *new,
@@ -71325,7 +70199,7 @@ index a3e7842..d973ca6 100644
  #define RIO_RESOURCE_MEM	0x00000100
  #define RIO_RESOURCE_DOORBELL	0x00000200
 diff --git a/include/linux/rmap.h b/include/linux/rmap.h
-index c20635c..2f5def4 100644
+index 6dacb93..6174423 100644
 --- a/include/linux/rmap.h
 +++ b/include/linux/rmap.h
 @@ -145,8 +145,8 @@ static inline void anon_vma_unlock_read(struct anon_vma *anon_vma)
@@ -71340,10 +70214,10 @@ index c20635c..2f5def4 100644
  static inline void anon_vma_merge(struct vm_area_struct *vma,
  				  struct vm_area_struct *next)
 diff --git a/include/linux/sched.h b/include/linux/sched.h
-index f5ad26e..aa97a06 100644
+index be4e742..7f9d593 100644
 --- a/include/linux/sched.h
 +++ b/include/linux/sched.h
-@@ -61,6 +61,7 @@ struct bio_list;
+@@ -62,6 +62,7 @@ struct bio_list;
  struct fs_struct;
  struct perf_event_context;
  struct blk_plug;
@@ -71351,7 +70225,7 @@ index f5ad26e..aa97a06 100644
  
  /*
   * List of flags we want to share for kernel threads,
-@@ -328,7 +329,7 @@ extern char __sched_text_start[], __sched_text_end[];
+@@ -315,7 +316,7 @@ extern char __sched_text_start[], __sched_text_end[];
  extern int in_sched_functions(unsigned long addr);
  
  #define	MAX_SCHEDULE_TIMEOUT	LONG_MAX
@@ -71360,12 +70234,7 @@ index f5ad26e..aa97a06 100644
  extern signed long schedule_timeout_interruptible(signed long timeout);
  extern signed long schedule_timeout_killable(signed long timeout);
  extern signed long schedule_timeout_uninterruptible(signed long timeout);
-@@ -355,10 +356,23 @@ struct user_namespace;
- #define DEFAULT_MAX_MAP_COUNT	(USHRT_MAX - MAPCOUNT_ELF_CORE_MARGIN)
- 
- extern int sysctl_max_map_count;
-+extern unsigned long sysctl_heap_stack_gap;
- 
+@@ -329,6 +330,18 @@ struct user_namespace;
  #include <linux/aio.h>
  
  #ifdef CONFIG_MMU
@@ -71384,7 +70253,7 @@ index f5ad26e..aa97a06 100644
  extern void arch_pick_mmap_layout(struct mm_struct *mm);
  extern unsigned long
  arch_get_unmapped_area(struct file *, unsigned long, unsigned long,
-@@ -640,6 +654,17 @@ struct signal_struct {
+@@ -605,6 +618,17 @@ struct signal_struct {
  #ifdef CONFIG_TASKSTATS
  	struct taskstats *stats;
  #endif
@@ -71402,7 +70271,7 @@ index f5ad26e..aa97a06 100644
  #ifdef CONFIG_AUDIT
  	unsigned audit_tty;
  	struct tty_audit_buf *tty_audit_buf;
-@@ -718,6 +743,11 @@ struct user_struct {
+@@ -683,6 +707,11 @@ struct user_struct {
  	struct key *session_keyring;	/* UID's default session keyring */
  #endif
  
@@ -71414,7 +70283,7 @@ index f5ad26e..aa97a06 100644
  	/* Hash table maintenance information */
  	struct hlist_node uidhash_node;
  	kuid_t uid;
-@@ -1117,7 +1147,7 @@ struct sched_class {
+@@ -1082,7 +1111,7 @@ struct sched_class {
  #ifdef CONFIG_FAIR_GROUP_SCHED
  	void (*task_move_group) (struct task_struct *p, int on_rq);
  #endif
@@ -71423,7 +70292,7 @@ index f5ad26e..aa97a06 100644
  
  struct load_weight {
  	unsigned long weight, inv_weight;
-@@ -1361,8 +1391,8 @@ struct task_struct {
+@@ -1323,8 +1352,8 @@ struct task_struct {
  	struct list_head thread_group;
  
  	struct completion *vfork_done;		/* for vfork() */
@@ -71434,7 +70303,7 @@ index f5ad26e..aa97a06 100644
  
  	cputime_t utime, stime, utimescaled, stimescaled;
  	cputime_t gtime;
-@@ -1378,11 +1408,6 @@ struct task_struct {
+@@ -1349,11 +1378,6 @@ struct task_struct {
  	struct task_cputime cputime_expires;
  	struct list_head cpu_timers[3];
  
@@ -71446,7 +70315,7 @@ index f5ad26e..aa97a06 100644
  	char comm[TASK_COMM_LEN]; /* executable name excluding path
  				     - access with [gs]et_task_comm (which lock
  				       it with task_lock())
-@@ -1399,6 +1424,10 @@ struct task_struct {
+@@ -1370,6 +1394,10 @@ struct task_struct {
  #endif
  /* CPU-specific state of this task */
  	struct thread_struct thread;
@@ -71457,7 +70326,7 @@ index f5ad26e..aa97a06 100644
  /* filesystem information */
  	struct fs_struct *fs;
  /* open file information */
-@@ -1472,6 +1501,10 @@ struct task_struct {
+@@ -1443,6 +1471,10 @@ struct task_struct {
  	gfp_t lockdep_reclaim_gfp;
  #endif
  
@@ -71468,7 +70337,7 @@ index f5ad26e..aa97a06 100644
  /* journalling filesystem info */
  	void *journal_info;
  
-@@ -1510,6 +1543,10 @@ struct task_struct {
+@@ -1481,6 +1513,10 @@ struct task_struct {
  	/* cg_list protected by css_set_lock and tsk->alloc_lock */
  	struct list_head cg_list;
  #endif
@@ -71479,7 +70348,7 @@ index f5ad26e..aa97a06 100644
  #ifdef CONFIG_FUTEX
  	struct robust_list_head __user *robust_list;
  #ifdef CONFIG_COMPAT
-@@ -1606,8 +1643,74 @@ struct task_struct {
+@@ -1577,8 +1613,74 @@ struct task_struct {
  #ifdef CONFIG_UPROBES
  	struct uprobe_task *utask;
  #endif
@@ -71554,7 +70423,7 @@ index f5ad26e..aa97a06 100644
  /* Future-safe accessor for struct task_struct's cpus_allowed. */
  #define tsk_cpus_allowed(tsk) (&(tsk)->cpus_allowed)
  
-@@ -1697,7 +1800,7 @@ struct pid_namespace;
+@@ -1637,7 +1739,7 @@ struct pid_namespace;
  pid_t __task_pid_nr_ns(struct task_struct *task, enum pid_type type,
  			struct pid_namespace *ns);
  
@@ -71563,7 +70432,7 @@ index f5ad26e..aa97a06 100644
  {
  	return tsk->pid;
  }
-@@ -2156,7 +2259,9 @@ void yield(void);
+@@ -2073,7 +2175,9 @@ void yield(void);
  extern struct exec_domain	default_exec_domain;
  
  union thread_union {
@@ -71573,7 +70442,7 @@ index f5ad26e..aa97a06 100644
  	unsigned long stack[THREAD_SIZE/sizeof(long)];
  };
  
-@@ -2189,6 +2294,7 @@ extern struct pid_namespace init_pid_ns;
+@@ -2106,6 +2210,7 @@ extern struct pid_namespace init_pid_ns;
   */
  
  extern struct task_struct *find_task_by_vpid(pid_t nr);
@@ -71581,7 +70450,7 @@ index f5ad26e..aa97a06 100644
  extern struct task_struct *find_task_by_pid_ns(pid_t nr,
  		struct pid_namespace *ns);
  
-@@ -2345,7 +2451,7 @@ extern void __cleanup_sighand(struct sighand_struct *);
+@@ -2272,7 +2377,7 @@ extern void __cleanup_sighand(struct sighand_struct *);
  extern void exit_itimers(struct signal_struct *);
  extern void flush_itimer_signals(void);
  
@@ -71590,7 +70459,7 @@ index f5ad26e..aa97a06 100644
  
  extern int allow_signal(int);
  extern int disallow_signal(int);
-@@ -2536,9 +2642,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
+@@ -2463,9 +2568,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
  
  #endif
  
@@ -71602,8 +70471,20 @@ index f5ad26e..aa97a06 100644
  
  	return (obj >= stack) && (obj < (stack + THREAD_SIZE));
  }
+diff --git a/include/linux/sched/sysctl.h b/include/linux/sched/sysctl.h
+index bf8086b..962b035 100644
+--- a/include/linux/sched/sysctl.h
++++ b/include/linux/sched/sysctl.h
+@@ -30,6 +30,7 @@ enum { sysctl_hung_task_timeout_secs = 0 };
+ #define DEFAULT_MAX_MAP_COUNT	(USHRT_MAX - MAPCOUNT_ELF_CORE_MARGIN)
+ 
+ extern int sysctl_max_map_count;
++extern unsigned long sysctl_heap_stack_gap;
+ 
+ extern unsigned int sysctl_sched_latency;
+ extern unsigned int sysctl_sched_min_granularity;
 diff --git a/include/linux/security.h b/include/linux/security.h
-index eee7478..290f7ba 100644
+index 032c366..2c1c2dc2 100644
 --- a/include/linux/security.h
 +++ b/include/linux/security.h
 @@ -26,6 +26,7 @@
@@ -71652,10 +70533,10 @@ index 429c199..4d42e38 100644
  
  /* shm_mode upper byte flags */
 diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
-index 9fe54b6..a9de68d 100644
+index b8292d8..96db310 100644
 --- a/include/linux/skbuff.h
 +++ b/include/linux/skbuff.h
-@@ -590,7 +590,7 @@ extern bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from,
+@@ -599,7 +599,7 @@ extern bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from,
  extern struct sk_buff *__alloc_skb(unsigned int size,
  				   gfp_t priority, int flags, int node);
  extern struct sk_buff *build_skb(void *data, unsigned int frag_size);
@@ -71664,7 +70545,7 @@ index 9fe54b6..a9de68d 100644
  					gfp_t priority)
  {
  	return __alloc_skb(size, priority, 0, NUMA_NO_NODE);
-@@ -700,7 +700,7 @@ static inline struct skb_shared_hwtstamps *skb_hwtstamps(struct sk_buff *skb)
+@@ -709,7 +709,7 @@ static inline struct skb_shared_hwtstamps *skb_hwtstamps(struct sk_buff *skb)
   */
  static inline int skb_queue_empty(const struct sk_buff_head *list)
  {
@@ -71673,7 +70554,7 @@ index 9fe54b6..a9de68d 100644
  }
  
  /**
-@@ -713,7 +713,7 @@ static inline int skb_queue_empty(const struct sk_buff_head *list)
+@@ -722,7 +722,7 @@ static inline int skb_queue_empty(const struct sk_buff_head *list)
  static inline bool skb_queue_is_last(const struct sk_buff_head *list,
  				     const struct sk_buff *skb)
  {
@@ -71682,7 +70563,7 @@ index 9fe54b6..a9de68d 100644
  }
  
  /**
-@@ -726,7 +726,7 @@ static inline bool skb_queue_is_last(const struct sk_buff_head *list,
+@@ -735,7 +735,7 @@ static inline bool skb_queue_is_last(const struct sk_buff_head *list,
  static inline bool skb_queue_is_first(const struct sk_buff_head *list,
  				      const struct sk_buff *skb)
  {
@@ -71691,7 +70572,7 @@ index 9fe54b6..a9de68d 100644
  }
  
  /**
-@@ -1727,7 +1727,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len)
+@@ -1756,7 +1756,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len)
   * NET_IP_ALIGN(2) + ethernet_header(14) + IP_header(20/40) + ports(8)
   */
  #ifndef NET_SKB_PAD
@@ -71700,7 +70581,7 @@ index 9fe54b6..a9de68d 100644
  #endif
  
  extern int ___pskb_trim(struct sk_buff *skb, unsigned int len);
-@@ -2305,7 +2305,7 @@ extern struct sk_buff *skb_recv_datagram(struct sock *sk, unsigned flags,
+@@ -2351,7 +2351,7 @@ extern struct sk_buff *skb_recv_datagram(struct sock *sk, unsigned flags,
  					 int noblock, int *err);
  extern unsigned int    datagram_poll(struct file *file, struct socket *sock,
  				     struct poll_table_struct *wait);
@@ -71709,7 +70590,7 @@ index 9fe54b6..a9de68d 100644
  					       int offset, struct iovec *to,
  					       int size);
  extern int	       skb_copy_and_csum_datagram_iovec(struct sk_buff *skb,
-@@ -2595,6 +2595,9 @@ static inline void nf_reset(struct sk_buff *skb)
+@@ -2641,6 +2641,9 @@ static inline void nf_reset(struct sk_buff *skb)
  	nf_bridge_put(skb->nf_bridge);
  	skb->nf_bridge = NULL;
  #endif
@@ -71986,20 +70867,11 @@ index 680f9a3..f13aeb0 100644
  	__SONET_ITEMS
  #undef __HANDLE_ITEM
  };
-diff --git a/include/linux/sunrpc/clnt.h b/include/linux/sunrpc/clnt.h
-index 34206b8..3db7f1c 100644
---- a/include/linux/sunrpc/clnt.h
-+++ b/include/linux/sunrpc/clnt.h
-@@ -96,7 +96,7 @@ struct rpc_procinfo {
- 	unsigned int		p_timer;	/* Which RTT timer to use */
- 	u32			p_statidx;	/* Which procedure to account */
- 	const char *		p_name;		/* name of procedure */
--};
-+} __do_const;
- 
- #ifdef __KERNEL__
- 
-@@ -176,9 +176,9 @@ static inline unsigned short rpc_get_port(const struct sockaddr *sap)
+diff --git a/include/linux/sunrpc/addr.h b/include/linux/sunrpc/addr.h
+index 07d8e53..dc934c9 100644
+--- a/include/linux/sunrpc/addr.h
++++ b/include/linux/sunrpc/addr.h
+@@ -23,9 +23,9 @@ static inline unsigned short rpc_get_port(const struct sockaddr *sap)
  {
  	switch (sap->sa_family) {
  	case AF_INET:
@@ -72011,7 +70883,7 @@ index 34206b8..3db7f1c 100644
  	}
  	return 0;
  }
-@@ -211,7 +211,7 @@ static inline bool __rpc_cmp_addr4(const struct sockaddr *sap1,
+@@ -58,7 +58,7 @@ static inline bool __rpc_cmp_addr4(const struct sockaddr *sap1,
  static inline bool __rpc_copy_addr4(struct sockaddr *dst,
  				    const struct sockaddr *src)
  {
@@ -72020,7 +70892,7 @@ index 34206b8..3db7f1c 100644
  	struct sockaddr_in *dsin = (struct sockaddr_in *) dst;
  
  	dsin->sin_family = ssin->sin_family;
-@@ -314,7 +314,7 @@ static inline u32 rpc_get_scope_id(const struct sockaddr *sa)
+@@ -164,7 +164,7 @@ static inline u32 rpc_get_scope_id(const struct sockaddr *sa)
  	if (sa->sa_family != AF_INET6)
  		return 0;
  
@@ -72028,12 +70900,25 @@ index 34206b8..3db7f1c 100644
 +	return ((const struct sockaddr_in6 *) sa)->sin6_scope_id;
  }
  
- #endif /* __KERNEL__ */
+ #endif /* _LINUX_SUNRPC_ADDR_H */
+diff --git a/include/linux/sunrpc/clnt.h b/include/linux/sunrpc/clnt.h
+index 2cf4ffa..470d140 100644
+--- a/include/linux/sunrpc/clnt.h
++++ b/include/linux/sunrpc/clnt.h
+@@ -96,7 +96,7 @@ struct rpc_procinfo {
+ 	unsigned int		p_timer;	/* Which RTT timer to use */
+ 	u32			p_statidx;	/* Which procedure to account */
+ 	const char *		p_name;		/* name of procedure */
+-};
++} __do_const;
+ 
+ #ifdef __KERNEL__
+ 
 diff --git a/include/linux/sunrpc/svc.h b/include/linux/sunrpc/svc.h
-index 676ddf5..4c519a1 100644
+index 1f0216b..6a4fa50 100644
 --- a/include/linux/sunrpc/svc.h
 +++ b/include/linux/sunrpc/svc.h
-@@ -410,7 +410,7 @@ struct svc_procedure {
+@@ -411,7 +411,7 @@ struct svc_procedure {
  	unsigned int		pc_count;	/* call count */
  	unsigned int		pc_cachetype;	/* cache info (NFS) */
  	unsigned int		pc_xdrressize;	/* maximum size of XDR reply */
@@ -72072,7 +70957,7 @@ index 0b8e3e6..33e0a01 100644
  #define RPCRDMA_VERSION 1
  
 diff --git a/include/linux/sunrpc/svcauth.h b/include/linux/sunrpc/svcauth.h
-index dd74084a..7f509d5 100644
+index ff374ab..7fd2ecb 100644
 --- a/include/linux/sunrpc/svcauth.h
 +++ b/include/linux/sunrpc/svcauth.h
 @@ -109,7 +109,7 @@ struct auth_ops {
@@ -72085,10 +70970,10 @@ index dd74084a..7f509d5 100644
  #define	SVC_GARBAGE	1
  #define	SVC_SYSERR	2
 diff --git a/include/linux/swiotlb.h b/include/linux/swiotlb.h
-index 071d62c..4ccc7ac 100644
+index a5ffd32..0935dea 100644
 --- a/include/linux/swiotlb.h
 +++ b/include/linux/swiotlb.h
-@@ -59,7 +59,8 @@ extern void
+@@ -60,7 +60,8 @@ extern void
  
  extern void
  swiotlb_free_coherent(struct device *hwdev, size_t size,
@@ -72099,10 +70984,10 @@ index 071d62c..4ccc7ac 100644
  extern dma_addr_t swiotlb_map_page(struct device *dev, struct page *page,
  				   unsigned long offset, size_t size,
 diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h
-index 45e2db2..1635156a 100644
+index 313a8e0..1da8fc6 100644
 --- a/include/linux/syscalls.h
 +++ b/include/linux/syscalls.h
-@@ -615,7 +615,7 @@ asmlinkage long sys_getsockname(int, struct sockaddr __user *, int __user *);
+@@ -634,7 +634,7 @@ asmlinkage long sys_getsockname(int, struct sockaddr __user *, int __user *);
  asmlinkage long sys_getpeername(int, struct sockaddr __user *, int __user *);
  asmlinkage long sys_send(int, void __user *, size_t, unsigned);
  asmlinkage long sys_sendto(int, void __user *, size_t, unsigned,
@@ -72156,7 +71041,7 @@ index 14a8ff2..af52bad 100644
  struct ctl_node {
  	struct rb_node node;
 diff --git a/include/linux/sysfs.h b/include/linux/sysfs.h
-index 381f06d..dc16cc7 100644
+index e2cee22..3ddb921 100644
 --- a/include/linux/sysfs.h
 +++ b/include/linux/sysfs.h
 @@ -31,7 +31,8 @@ struct attribute {
@@ -72232,7 +71117,7 @@ index e7e0473..7989295 100644
  
  #endif /* _LINUX_THREAD_INFO_H */
 diff --git a/include/linux/tty.h b/include/linux/tty.h
-index 8db1b56..c16a040 100644
+index c75d886..04cb148 100644
 --- a/include/linux/tty.h
 +++ b/include/linux/tty.h
 @@ -194,7 +194,7 @@ struct tty_port {
@@ -72244,7 +71129,7 @@ index 8db1b56..c16a040 100644
  	wait_queue_head_t	open_wait;	/* Open waiters */
  	wait_queue_head_t	close_wait;	/* Close waiters */
  	wait_queue_head_t	delta_msr_wait;	/* Modem status change */
-@@ -490,7 +490,7 @@ extern int tty_port_open(struct tty_port *port,
+@@ -515,7 +515,7 @@ extern int tty_port_open(struct tty_port *port,
  				struct tty_struct *tty, struct file *filp);
  static inline int tty_port_users(struct tty_port *port)
  {
@@ -72254,10 +71139,10 @@ index 8db1b56..c16a040 100644
  
  extern int tty_register_ldisc(int disc, struct tty_ldisc_ops *new_ldisc);
 diff --git a/include/linux/tty_driver.h b/include/linux/tty_driver.h
-index dd976cf..e272742 100644
+index 756a609..b302dd6 100644
 --- a/include/linux/tty_driver.h
 +++ b/include/linux/tty_driver.h
-@@ -284,7 +284,7 @@ struct tty_operations {
+@@ -285,7 +285,7 @@ struct tty_operations {
  	void (*poll_put_char)(struct tty_driver *driver, int line, char ch);
  #endif
  	const struct file_operations *proc_fops;
@@ -72267,10 +71152,10 @@ index dd976cf..e272742 100644
  struct tty_driver {
  	int	magic;		/* magic number for this structure */
 diff --git a/include/linux/tty_ldisc.h b/include/linux/tty_ldisc.h
-index fb79dd8d..07d4773 100644
+index 455a0d7..bf97ff5 100644
 --- a/include/linux/tty_ldisc.h
 +++ b/include/linux/tty_ldisc.h
-@@ -149,7 +149,7 @@ struct tty_ldisc_ops {
+@@ -146,7 +146,7 @@ struct tty_ldisc_ops {
  
  	struct  module *owner;
  	
@@ -72429,42 +71314,6 @@ index c5d36c6..108f4f9 100644
  
  /*
   * callback functions for platform
-diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h
-index 5209cfe..b6b215f 100644
---- a/include/linux/user_namespace.h
-+++ b/include/linux/user_namespace.h
-@@ -21,7 +21,7 @@ struct user_namespace {
- 	struct uid_gid_map	uid_map;
- 	struct uid_gid_map	gid_map;
- 	struct uid_gid_map	projid_map;
--	struct kref		kref;
-+	atomic_t		count;
- 	struct user_namespace	*parent;
- 	kuid_t			owner;
- 	kgid_t			group;
-@@ -37,18 +37,18 @@ extern struct user_namespace init_user_ns;
- static inline struct user_namespace *get_user_ns(struct user_namespace *ns)
- {
- 	if (ns)
--		kref_get(&ns->kref);
-+		atomic_inc(&ns->count);
- 	return ns;
- }
- 
- extern int create_user_ns(struct cred *new);
- extern int unshare_userns(unsigned long unshare_flags, struct cred **new_cred);
--extern void free_user_ns(struct kref *kref);
-+extern void free_user_ns(struct user_namespace *ns);
- 
- static inline void put_user_ns(struct user_namespace *ns)
- {
--	if (ns)
--		kref_put(&ns->kref, free_user_ns);
-+	if (ns && atomic_dec_and_test(&ns->count))
-+		free_user_ns(ns);
- }
- 
- struct seq_operations;
 diff --git a/include/linux/vermagic.h b/include/linux/vermagic.h
 index 6f8fbcf..8259001 100644
 --- a/include/linux/vermagic.h
@@ -72543,7 +71392,7 @@ index 6071e91..ca6a489 100644
  /*
   *	Internals.  Dont't use..
 diff --git a/include/linux/vmstat.h b/include/linux/vmstat.h
-index a13291f..af51fa3 100644
+index 5fd71a7..e5ef9a9 100644
 --- a/include/linux/vmstat.h
 +++ b/include/linux/vmstat.h
 @@ -95,18 +95,18 @@ static inline void vm_events_fold_cpu(int cpu)
@@ -72610,7 +71459,7 @@ index a13291f..af51fa3 100644
  
  static inline void __dec_zone_page_state(struct page *page,
 diff --git a/include/linux/xattr.h b/include/linux/xattr.h
-index fdbafc6..b7ffd47 100644
+index fdbafc6..49dfe4f 100644
 --- a/include/linux/xattr.h
 +++ b/include/linux/xattr.h
 @@ -28,7 +28,7 @@ struct xattr_handler {
@@ -72622,6 +71471,16 @@ index fdbafc6..b7ffd47 100644
  
  struct xattr {
  	char *name;
+@@ -37,6 +37,9 @@ struct xattr {
+ };
+ 
+ ssize_t xattr_getsecurity(struct inode *, const char *, void *, size_t);
++#ifdef CONFIG_PAX_XATTR_PAX_FLAGS
++ssize_t pax_getxattr(struct dentry *, void *, size_t);
++#endif
+ ssize_t vfs_getxattr(struct dentry *, const char *, void *, size_t);
+ ssize_t vfs_listxattr(struct dentry *d, char *list, size_t size);
+ int __vfs_setxattr_noperm(struct dentry *, const char *, const void *, size_t, int);
 diff --git a/include/linux/zlib.h b/include/linux/zlib.h
 index 9c5a6b4..09c9438 100644
 --- a/include/linux/zlib.h
@@ -72682,10 +71541,10 @@ index adcbb20..62c2559 100644
  void v9fs_register_trans(struct p9_trans_module *m);
  void v9fs_unregister_trans(struct p9_trans_module *m);
 diff --git a/include/net/bluetooth/l2cap.h b/include/net/bluetooth/l2cap.h
-index 7588ef4..e62d35f 100644
+index cdd3302..76f8ede 100644
 --- a/include/net/bluetooth/l2cap.h
 +++ b/include/net/bluetooth/l2cap.h
-@@ -552,7 +552,7 @@ struct l2cap_ops {
+@@ -551,7 +551,7 @@ struct l2cap_ops {
  	void			(*defer) (struct l2cap_chan *chan);
  	struct sk_buff		*(*alloc_skb) (struct l2cap_chan *chan,
  					       unsigned long len, int nb);
@@ -72744,7 +71603,7 @@ index bdfbe68..4402ebe 100644
  extern int genl_register_family(struct genl_family *family);
  extern int genl_register_family_with_ops(struct genl_family *family,
 diff --git a/include/net/gro_cells.h b/include/net/gro_cells.h
-index e5062c9..48a9a4b 100644
+index 734d9b5..48a9a4b 100644
 --- a/include/net/gro_cells.h
 +++ b/include/net/gro_cells.h
 @@ -29,7 +29,7 @@ static inline void gro_cells_receive(struct gro_cells *gcells, struct sk_buff *s
@@ -72756,17 +71615,6 @@ index e5062c9..48a9a4b 100644
  		kfree_skb(skb);
  		return;
  	}
-@@ -73,8 +73,8 @@ static inline int gro_cells_init(struct gro_cells *gcells, struct net_device *de
- 	int i;
- 
- 	gcells->gro_cells_mask = roundup_pow_of_two(netif_get_num_default_rss_queues()) - 1;
--	gcells->cells = kcalloc(sizeof(struct gro_cell),
--				gcells->gro_cells_mask + 1,
-+	gcells->cells = kcalloc(gcells->gro_cells_mask + 1,
-+				sizeof(struct gro_cell),
- 				GFP_KERNEL);
- 	if (!gcells->cells)
- 		return -ENOMEM;
 diff --git a/include/net/inet_connection_sock.h b/include/net/inet_connection_sock.h
 index 1832927..ce39aea 100644
 --- a/include/net/inet_connection_sock.h
@@ -72836,7 +71684,7 @@ index e49db91..76a81de 100644
  	 fib_info_update_nh_saddr((net), &FIB_RES_NH(res)))
  #define FIB_RES_GW(res)			(FIB_RES_NH(res).nh_gw)
 diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
-index 68c69d5..bdab192 100644
+index fce8e6b..3ca4916 100644
 --- a/include/net/ip_vs.h
 +++ b/include/net/ip_vs.h
 @@ -599,7 +599,7 @@ struct ip_vs_conn {
@@ -72857,7 +71705,7 @@ index 68c69d5..bdab192 100644
  	atomic_t		weight;		/* server weight */
  
  	atomic_t		refcnt;		/* reference counter */
-@@ -980,11 +980,11 @@ struct netns_ipvs {
+@@ -981,11 +981,11 @@ struct netns_ipvs {
  	/* ip_vs_lblc */
  	int			sysctl_lblc_expiration;
  	struct ctl_table_header	*lblc_ctl_header;
@@ -72884,10 +71732,10 @@ index 80ffde3..968b0f4 100644
  #include <net/irda/irias_object.h>
  #include <net/irda/ircomm_core.h>
 diff --git a/include/net/iucv/af_iucv.h b/include/net/iucv/af_iucv.h
-index cc7c197..9f2da2a 100644
+index 714cc9a..ea05f3e 100644
 --- a/include/net/iucv/af_iucv.h
 +++ b/include/net/iucv/af_iucv.h
-@@ -141,7 +141,7 @@ struct iucv_sock {
+@@ -149,7 +149,7 @@ struct iucv_skb_cb {
  struct iucv_sock_list {
  	struct hlist_head head;
  	rwlock_t	  lock;
@@ -72964,10 +71812,10 @@ index 567c681..cd73ac0 100644
  struct llc_sap_state {
  	u8			   curr_state;
 diff --git a/include/net/mac80211.h b/include/net/mac80211.h
-index ee50c5e..1bc3b1a 100644
+index f7eba13..91ed983 100644
 --- a/include/net/mac80211.h
 +++ b/include/net/mac80211.h
-@@ -3996,7 +3996,7 @@ struct rate_control_ops {
+@@ -4119,7 +4119,7 @@ struct rate_control_ops {
  	void (*add_sta_debugfs)(void *priv, void *priv_sta,
  				struct dentry *dir);
  	void (*remove_sta_debugfs)(void *priv, void *priv_sta);
@@ -72977,7 +71825,7 @@ index ee50c5e..1bc3b1a 100644
  static inline int rate_supported(struct ieee80211_sta *sta,
  				 enum ieee80211_band band,
 diff --git a/include/net/neighbour.h b/include/net/neighbour.h
-index 0dab173..1b76af0 100644
+index 7e748ad..5c6229b 100644
 --- a/include/net/neighbour.h
 +++ b/include/net/neighbour.h
 @@ -123,7 +123,7 @@ struct neigh_ops {
@@ -73065,7 +71913,7 @@ index 9690b0f..87aded7 100644
  
  /**
 diff --git a/include/net/netns/conntrack.h b/include/net/netns/conntrack.h
-index 923cb20..deae816 100644
+index c9c0c53..53f24c3 100644
 --- a/include/net/netns/conntrack.h
 +++ b/include/net/netns/conntrack.h
 @@ -12,10 +12,10 @@ struct nf_conntrack_ecache;
@@ -73091,10 +71939,10 @@ index 923cb20..deae816 100644
  };
  
 diff --git a/include/net/netns/ipv4.h b/include/net/netns/ipv4.h
-index 2ae2b83..dbdc85e 100644
+index 2ba9de8..47bd6c7 100644
 --- a/include/net/netns/ipv4.h
 +++ b/include/net/netns/ipv4.h
-@@ -64,7 +64,7 @@ struct netns_ipv4 {
+@@ -67,7 +67,7 @@ struct netns_ipv4 {
  	kgid_t sysctl_ping_group_range[2];
  	long sysctl_tcp_mem[3];
  
@@ -73139,7 +71987,7 @@ index 5a15fab..d799ea7 100644
  extern int	__rtnl_link_register(struct rtnl_link_ops *ops);
  extern void	__rtnl_link_unregister(struct rtnl_link_ops *ops);
 diff --git a/include/net/sctp/sctp.h b/include/net/sctp/sctp.h
-index 7fdf298..197e9f7 100644
+index df85a0c..19ac300 100644
 --- a/include/net/sctp/sctp.h
 +++ b/include/net/sctp/sctp.h
 @@ -330,9 +330,9 @@ do {									\
@@ -73178,7 +72026,7 @@ index 2a82d13..62a31c2 100644
  
  /* Get the size of a DATA chunk payload. */
 diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h
-index fdeb85a..1329d95 100644
+index 0e0f9d2..cd05ebb 100644
 --- a/include/net/sctp/structs.h
 +++ b/include/net/sctp/structs.h
 @@ -517,7 +517,7 @@ struct sctp_pf {
@@ -73203,10 +72051,10 @@ index c2e542b..6ca975b 100644
  extern __u32 secure_ipv6_id(const __be32 daddr[4]);
  extern u32 secure_ipv4_port_ephemeral(__be32 saddr, __be32 daddr, __be16 dport);
 diff --git a/include/net/sock.h b/include/net/sock.h
-index 25afaa0..8bb0070 100644
+index 14f6e9d..7cd56d0 100644
 --- a/include/net/sock.h
 +++ b/include/net/sock.h
-@@ -322,7 +322,7 @@ struct sock {
+@@ -325,7 +325,7 @@ struct sock {
  #ifdef CONFIG_RPS
  	__u32			sk_rxhash;
  #endif
@@ -73215,7 +72063,7 @@ index 25afaa0..8bb0070 100644
  	int			sk_rcvbuf;
  
  	struct sk_filter __rcu	*sk_filter;
-@@ -1781,7 +1781,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags)
+@@ -1784,7 +1784,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags)
  }
  
  static inline int skb_do_copy_data_nocache(struct sock *sk, struct sk_buff *skb,
@@ -73224,7 +72072,7 @@ index 25afaa0..8bb0070 100644
  					   int copy, int offset)
  {
  	if (skb->ip_summed == CHECKSUM_NONE) {
-@@ -2040,7 +2040,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk)
+@@ -2043,7 +2043,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk)
  	}
  }
  
@@ -73234,10 +72082,10 @@ index 25afaa0..8bb0070 100644
  /**
   * sk_page_frag - return an appropriate page_frag
 diff --git a/include/net/tcp.h b/include/net/tcp.h
-index aed42c7..43890c6 100644
+index cf0694d..52a6881 100644
 --- a/include/net/tcp.h
 +++ b/include/net/tcp.h
-@@ -530,7 +530,7 @@ extern void tcp_retransmit_timer(struct sock *sk);
+@@ -529,7 +529,7 @@ extern void tcp_retransmit_timer(struct sock *sk);
  extern void tcp_xmit_retransmit_queue(struct sock *);
  extern void tcp_simple_retransmit(struct sock *);
  extern int tcp_trim_head(struct sock *, struct sk_buff *, u32);
@@ -73246,7 +72094,7 @@ index aed42c7..43890c6 100644
  
  extern void tcp_send_probe0(struct sock *);
  extern void tcp_send_partial(struct sock *);
-@@ -701,8 +701,8 @@ struct tcp_skb_cb {
+@@ -700,8 +700,8 @@ struct tcp_skb_cb {
  		struct inet6_skb_parm	h6;
  #endif
  	} header;	/* For incoming frames		*/
@@ -73257,7 +72105,7 @@ index aed42c7..43890c6 100644
  	__u32		when;		/* used to compute rtt's	*/
  	__u8		tcp_flags;	/* TCP header flags. (tcp[13])	*/
  
-@@ -716,7 +716,7 @@ struct tcp_skb_cb {
+@@ -715,7 +715,7 @@ struct tcp_skb_cb {
  
  	__u8		ip_dsfield;	/* IPv4 tos or IPv6 dsfield	*/
  	/* 1 byte hole */
@@ -73267,7 +72115,7 @@ index aed42c7..43890c6 100644
  
  #define TCP_SKB_CB(__skb)	((struct tcp_skb_cb *)&((__skb)->cb[0]))
 diff --git a/include/net/xfrm.h b/include/net/xfrm.h
-index 63445ed..d6fc34f 100644
+index 24c8886..e6fb816 100644
 --- a/include/net/xfrm.h
 +++ b/include/net/xfrm.h
 @@ -304,7 +304,7 @@ struct xfrm_policy_afinfo {
@@ -73297,7 +72145,7 @@ index 63445ed..d6fc34f 100644
  
  /* Flags for xfrm_mode. */
  enum {
-@@ -514,7 +514,7 @@ struct xfrm_policy {
+@@ -520,7 +520,7 @@ struct xfrm_policy {
  	struct timer_list	timer;
  
  	struct flow_cache_object flo;
@@ -73320,7 +72168,7 @@ index 1a046b1..ee0bef0 100644
  /**
   * iw_create_cm_id - Create an IW CM identifier.
 diff --git a/include/scsi/libfc.h b/include/scsi/libfc.h
-index 399162b..b337f1a 100644
+index e1379b4..67eafbe 100644
 --- a/include/scsi/libfc.h
 +++ b/include/scsi/libfc.h
 @@ -762,6 +762,7 @@ struct libfc_function_template {
@@ -73341,10 +72189,10 @@ index 399162b..b337f1a 100644
  	u8			       qfull;
  	enum fc_lport_state	       state;
 diff --git a/include/scsi/scsi_device.h b/include/scsi/scsi_device.h
-index e65c62e..aa2e5a2 100644
+index a7f9cba..b1f44d0 100644
 --- a/include/scsi/scsi_device.h
 +++ b/include/scsi/scsi_device.h
-@@ -170,9 +170,9 @@ struct scsi_device {
+@@ -171,9 +171,9 @@ struct scsi_device {
  	unsigned int max_device_blocked; /* what device_blocked counts down from  */
  #define SCSI_DEFAULT_DEVICE_BLOCKED	3
  
@@ -73372,7 +72220,7 @@ index b797e8f..8e2c3aa 100644
  
  /**
 diff --git a/include/sound/soc.h b/include/sound/soc.h
-index bc56738..a4be132 100644
+index a6a059c..2243336 100644
 --- a/include/sound/soc.h
 +++ b/include/sound/soc.h
 @@ -771,7 +771,7 @@ struct snd_soc_codec_driver {
@@ -73394,10 +72242,10 @@ index bc56738..a4be132 100644
  struct snd_soc_platform {
  	const char *name;
 diff --git a/include/target/target_core_base.h b/include/target/target_core_base.h
-index 663e34a..91b306a 100644
+index c4af592..20c52d2 100644
 --- a/include/target/target_core_base.h
 +++ b/include/target/target_core_base.h
-@@ -654,7 +654,7 @@ struct se_device {
+@@ -657,7 +657,7 @@ struct se_device {
  	spinlock_t		stats_lock;
  	/* Active commands on this virtual SE device */
  	atomic_t		simple_cmds;
@@ -73577,7 +72425,7 @@ index d876736..ccce5c0 100644
  #define __cpu_to_le64s(x) do { (void)(x); } while (0)
  #define __le64_to_cpus(x) do { (void)(x); } while (0)
 diff --git a/include/uapi/linux/elf.h b/include/uapi/linux/elf.h
-index 126a817..d522bd1 100644
+index 8072d35..e77aeb8 100644
 --- a/include/uapi/linux/elf.h
 +++ b/include/uapi/linux/elf.h
 @@ -37,6 +37,17 @@ typedef __s64	Elf64_Sxword;
@@ -73711,10 +72559,10 @@ index 6d67213..8dab561 100644
  /* CTL_VM names: */
  enum
 diff --git a/include/uapi/linux/xattr.h b/include/uapi/linux/xattr.h
-index 26607bd..588b65f 100644
+index e4629b9..6958086 100644
 --- a/include/uapi/linux/xattr.h
 +++ b/include/uapi/linux/xattr.h
-@@ -60,5 +60,9 @@
+@@ -63,5 +63,9 @@
  #define XATTR_POSIX_ACL_DEFAULT  "posix_acl_default"
  #define XATTR_NAME_POSIX_ACL_DEFAULT XATTR_SYSTEM_PREFIX XATTR_POSIX_ACL_DEFAULT
  
@@ -73744,10 +72592,10 @@ index f9466fa..f4e2b81 100644
  
  #define NR_USB_REQUEST_I2C_SUB_IO 0x02
 diff --git a/include/video/uvesafb.h b/include/video/uvesafb.h
-index 0993a22..32ba2fe 100644
+index 1a91850..28573f8 100644
 --- a/include/video/uvesafb.h
 +++ b/include/video/uvesafb.h
-@@ -177,6 +177,7 @@ struct uvesafb_par {
+@@ -122,6 +122,7 @@ struct uvesafb_par {
  	u8 ypan;			/* 0 - nothing, 1 - ypan, 2 - ywrap */
  	u8 pmi_setpal;			/* PMI for palette changes */
  	u16 *pmi_base;			/* protected mode interface location */
@@ -73756,10 +72604,10 @@ index 0993a22..32ba2fe 100644
  	void *pmi_pal;
  	u8 *vbe_state_orig;		/*
 diff --git a/init/Kconfig b/init/Kconfig
-index be8b7f5..1eeca9b 100644
+index 5341d72..153f24f 100644
 --- a/init/Kconfig
 +++ b/init/Kconfig
-@@ -990,6 +990,7 @@ endif # CGROUPS
+@@ -984,6 +984,7 @@ endif # CGROUPS
  
  config CHECKPOINT_RESTORE
  	bool "Checkpoint/restore support" if EXPERT
@@ -73767,7 +72615,7 @@ index be8b7f5..1eeca9b 100644
  	default n
  	help
  	  Enables additional kernel features in a sake of checkpoint/restore.
-@@ -1468,7 +1469,7 @@ config SLUB_DEBUG
+@@ -1471,7 +1472,7 @@ config SLUB_DEBUG
  
  config COMPAT_BRK
  	bool "Disable heap randomization"
@@ -73776,7 +72624,7 @@ index be8b7f5..1eeca9b 100644
  	help
  	  Randomizing heap placement makes heap exploits harder, but it
  	  also breaks ancient binaries (including anything libc5 based).
-@@ -1711,7 +1712,7 @@ config INIT_ALL_POSSIBLE
+@@ -1734,7 +1735,7 @@ config INIT_ALL_POSSIBLE
  config STOP_MACHINE
  	bool
  	default y
@@ -73800,7 +72648,7 @@ index 7bc47ee..6da2dc7 100644
  ifneq ($(CONFIG_BLK_DEV_INITRD),y)
  obj-y                          += noinitramfs.o
 diff --git a/init/do_mounts.c b/init/do_mounts.c
-index 1d1b634..a1c810f 100644
+index a2b49f2..03a0e17c 100644
 --- a/init/do_mounts.c
 +++ b/init/do_mounts.c
 @@ -355,11 +355,11 @@ static void __init get_fs_names(char *page)
@@ -73881,7 +72729,7 @@ index f5b978a..69dbfe8 100644
  	if (!S_ISBLK(stat.st_mode))
  		return 0;
 diff --git a/init/do_mounts_initrd.c b/init/do_mounts_initrd.c
-index f9acf71..1e19144 100644
+index a32ec1c..ac08811 100644
 --- a/init/do_mounts_initrd.c
 +++ b/init/do_mounts_initrd.c
 @@ -58,8 +58,8 @@ static void __init handle_initrd(void)
@@ -73893,9 +72741,9 @@ index f9acf71..1e19144 100644
 +	sys_mkdir((const char __force_user *)"/old", 0700);
 +	sys_chdir((const char __force_user *)"/old");
  
- 	/*
- 	 * In case that a resume from disk is carried out by linuxrc or one of
-@@ -73,31 +73,31 @@ static void __init handle_initrd(void)
+ 	/* try loading default modules from initrd */
+ 	load_default_modules();
+@@ -76,31 +76,31 @@ static void __init handle_initrd(void)
  	current->flags &= ~PF_FREEZER_SKIP;
  
  	/* move initrd to rootfs' /old */
@@ -73934,7 +72782,7 @@ index f9acf71..1e19144 100644
  		printk(KERN_NOTICE "Trying to free ramdisk memory ... ");
  		if (fd < 0) {
  			error = fd;
-@@ -120,11 +120,11 @@ int __init initrd_load(void)
+@@ -123,11 +123,11 @@ int __init initrd_load(void)
  		 * mounted in the normal path.
  		 */
  		if (rd_load_image("/initrd.image") && ROOT_DEV != Root_RAM0) {
@@ -73980,10 +72828,10 @@ index 8cb6db5..d729f50 100644
  		sys_ioctl(fd, RAID_AUTORUN, raid_autopart);
  		sys_close(fd);
 diff --git a/init/init_task.c b/init/init_task.c
-index 8b2f399..f0797c9 100644
+index ba0a7f36..2bcf1d5 100644
 --- a/init/init_task.c
 +++ b/init/init_task.c
-@@ -20,5 +20,9 @@ EXPORT_SYMBOL(init_task);
+@@ -22,5 +22,9 @@ EXPORT_SYMBOL(init_task);
   * Initial thread structure. Alignment of this is handled by a special
   * linker map entry.
   */
@@ -73994,7 +72842,7 @@ index 8b2f399..f0797c9 100644
  	{ INIT_THREAD_INFO(init_task) };
 +#endif
 diff --git a/init/initramfs.c b/init/initramfs.c
-index 84c6bf1..8899338 100644
+index a67ef9d..3d88592 100644
 --- a/init/initramfs.c
 +++ b/init/initramfs.c
 @@ -84,7 +84,7 @@ static void __init free_hash(void)
@@ -74106,10 +72954,10 @@ index 84c6bf1..8899338 100644
  	next_state = Reset;
  	return 0;
 diff --git a/init/main.c b/init/main.c
-index cee4b5c..360e10a 100644
+index 63534a1..8abcaf1 100644
 --- a/init/main.c
 +++ b/init/main.c
-@@ -96,6 +96,8 @@ static inline void mark_rodata_ro(void) { }
+@@ -98,6 +98,8 @@ static inline void mark_rodata_ro(void) { }
  extern void tc_init(void);
  #endif
  
@@ -74118,7 +72966,7 @@ index cee4b5c..360e10a 100644
  /*
   * Debug helper: via this flag we know that we are in 'early bootup code'
   * where only the boot processor is running with IRQ disabled.  This means
-@@ -149,6 +151,61 @@ static int __init set_reset_devices(char *str)
+@@ -151,6 +153,64 @@ static int __init set_reset_devices(char *str)
  
  __setup("reset_devices", set_reset_devices);
  
@@ -74133,6 +72981,8 @@ index cee4b5c..360e10a 100644
 +#endif
 +
 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
++unsigned long pax_user_shadow_base __read_only = 1UL << TASK_SIZE_MAX_SHIFT;
++EXPORT_SYMBOL(pax_user_shadow_base);
 +extern char pax_enter_kernel_user[];
 +extern char pax_exit_kernel_user[];
 +extern pgdval_t clone_pgd_mask;
@@ -74159,6 +73009,7 @@ index cee4b5c..360e10a 100644
 +	memcpy(pax_enter_kernel_user, (unsigned char []){0xc3}, 1);
 +	memcpy(pax_exit_kernel_user, (unsigned char []){0xc3}, 1);
 +	clone_pgd_mask = ~(pgdval_t)0UL;
++	pax_user_shadow_base = 0UL;
 +#endif
 +
 +	return 0;
@@ -74180,7 +73031,7 @@ index cee4b5c..360e10a 100644
  static const char * argv_init[MAX_INIT_ARGS+2] = { "init", NULL, };
  const char * envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, };
  static const char *panic_later, *panic_param;
-@@ -681,6 +738,7 @@ int __init_or_module do_one_initcall(initcall_t fn)
+@@ -683,6 +743,7 @@ int __init_or_module do_one_initcall(initcall_t fn)
  {
  	int count = preempt_count();
  	int ret;
@@ -74188,7 +73039,7 @@ index cee4b5c..360e10a 100644
  
  	if (initcall_debug)
  		ret = do_one_initcall_debug(fn);
-@@ -693,15 +751,15 @@ int __init_or_module do_one_initcall(initcall_t fn)
+@@ -695,15 +756,15 @@ int __init_or_module do_one_initcall(initcall_t fn)
  		sprintf(msgbuf, "error code %d ", ret);
  
  	if (preempt_count() != count) {
@@ -74208,7 +73059,7 @@ index cee4b5c..360e10a 100644
  	}
  
  	return ret;
-@@ -755,8 +813,14 @@ static void __init do_initcall_level(int level)
+@@ -757,8 +818,14 @@ static void __init do_initcall_level(int level)
  		   level, level,
  		   &repair_env_string);
  
@@ -74224,7 +73075,7 @@ index cee4b5c..360e10a 100644
  }
  
  static void __init do_initcalls(void)
-@@ -790,8 +854,14 @@ static void __init do_pre_smp_initcalls(void)
+@@ -792,8 +859,14 @@ static void __init do_pre_smp_initcalls(void)
  {
  	initcall_t *fn;
  
@@ -74239,8 +73090,8 @@ index cee4b5c..360e10a 100644
 +	}
  }
  
- static int run_init_process(const char *init_filename)
-@@ -877,7 +947,7 @@ static noinline void __init kernel_init_freeable(void)
+ /*
+@@ -890,7 +963,7 @@ static noinline void __init kernel_init_freeable(void)
  	do_basic_setup();
  
  	/* Open the /dev/console on the rootfs, this should never fail */
@@ -74249,7 +73100,7 @@ index cee4b5c..360e10a 100644
  		printk(KERN_WARNING "Warning: unable to open an initial console.\n");
  
  	(void) sys_dup(0);
-@@ -890,11 +960,13 @@ static noinline void __init kernel_init_freeable(void)
+@@ -903,11 +976,13 @@ static noinline void __init kernel_init_freeable(void)
  	if (!ramdisk_execute_command)
  		ramdisk_execute_command = "/init";
  
@@ -74327,7 +73178,7 @@ index 383d638..943fdbb 100644
  	mq_table.data = get_mq(table);
  
 diff --git a/ipc/mqueue.c b/ipc/mqueue.c
-index f3f40dc..ffe5a3a 100644
+index e4e47f6..a85e0ad 100644
 --- a/ipc/mqueue.c
 +++ b/ipc/mqueue.c
 @@ -278,6 +278,7 @@ static struct inode *mqueue_get_inode(struct super_block *sb,
@@ -74400,7 +73251,7 @@ index 58d31f1..cce7a55 100644
  	sem_params.flg = semflg;
  	sem_params.u.nsems = nsems;
 diff --git a/ipc/shm.c b/ipc/shm.c
-index 9bab650..1ce68a5 100644
+index 34af1fe..85fc1aa 100644
 --- a/ipc/shm.c
 +++ b/ipc/shm.c
 @@ -69,6 +69,14 @@ static void shm_destroy (struct ipc_namespace *ns, struct shmid_kernel *shp);
@@ -74418,7 +73269,7 @@ index 9bab650..1ce68a5 100644
  void shm_init_ns(struct ipc_namespace *ns)
  {
  	ns->shm_ctlmax = SHMMAX;
-@@ -521,6 +529,14 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params)
+@@ -525,6 +533,14 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params)
  	shp->shm_lprid = 0;
  	shp->shm_atim = shp->shm_dtim = 0;
  	shp->shm_ctim = get_seconds();
@@ -74433,7 +73284,7 @@ index 9bab650..1ce68a5 100644
  	shp->shm_segsz = size;
  	shp->shm_nattch = 0;
  	shp->shm_file = file;
-@@ -572,18 +588,19 @@ static inline int shm_more_checks(struct kern_ipc_perm *ipcp,
+@@ -576,18 +592,19 @@ static inline int shm_more_checks(struct kern_ipc_perm *ipcp,
  	return 0;
  }
  
@@ -74458,7 +73309,7 @@ index 9bab650..1ce68a5 100644
  	shm_params.key = key;
  	shm_params.flg = shmflg;
  	shm_params.u.size = size;
-@@ -1004,6 +1021,12 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr,
+@@ -1008,6 +1025,12 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr,
  		f_mode = FMODE_READ | FMODE_WRITE;
  	}
  	if (shmflg & SHM_EXEC) {
@@ -74471,7 +73322,7 @@ index 9bab650..1ce68a5 100644
  		prot |= PROT_EXEC;
  		acc_mode |= S_IXUGO;
  	}
-@@ -1027,9 +1050,21 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr,
+@@ -1031,9 +1054,21 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr,
  	if (err)
  		goto out_unlock;
  
@@ -74494,7 +73345,7 @@ index 9bab650..1ce68a5 100644
  	shm_unlock(shp);
  
 diff --git a/kernel/acct.c b/kernel/acct.c
-index 051e071..15e0920 100644
+index b9bd7f0..1762b4a 100644
 --- a/kernel/acct.c
 +++ b/kernel/acct.c
 @@ -550,7 +550,7 @@ static void do_acct_process(struct bsd_acct_struct *acct,
@@ -74665,10 +73516,10 @@ index f6c2ce5..982c0f9 100644
 +	return ns_capable_nolog(ns, cap) && kuid_has_mapping(ns, inode->i_uid);
 +}
 diff --git a/kernel/cgroup.c b/kernel/cgroup.c
-index cddf1d9..34e9721 100644
+index ba1f977..f840d9c 100644
 --- a/kernel/cgroup.c
 +++ b/kernel/cgroup.c
-@@ -5544,7 +5544,7 @@ static int cgroup_css_links_read(struct cgroup *cont,
+@@ -5569,7 +5569,7 @@ static int cgroup_css_links_read(struct cgroup *cont,
  		struct css_set *cg = link->cg;
  		struct task_struct *task;
  		int count = 0;
@@ -74678,7 +73529,7 @@ index cddf1d9..34e9721 100644
  			if (count++ > MAX_TASKS_SHOWN_PER_CSS) {
  				seq_puts(seq, "  ...\n");
 diff --git a/kernel/compat.c b/kernel/compat.c
-index 36700e9..73d770c 100644
+index 19971d8..02fe2df 100644
 --- a/kernel/compat.c
 +++ b/kernel/compat.c
 @@ -13,6 +13,7 @@
@@ -75002,10 +73853,10 @@ index e0573a4..3874e41 100644
  
  /**
 diff --git a/kernel/debug/debug_core.c b/kernel/debug/debug_core.c
-index 9a61738..c5c8f3a 100644
+index c26278f..e323fb8 100644
 --- a/kernel/debug/debug_core.c
 +++ b/kernel/debug/debug_core.c
-@@ -122,7 +122,7 @@ static DEFINE_RAW_SPINLOCK(dbg_slave_lock);
+@@ -123,7 +123,7 @@ static DEFINE_RAW_SPINLOCK(dbg_slave_lock);
   */
  static atomic_t			masters_in_kgdb;
  static atomic_t			slaves_in_kgdb;
@@ -75014,7 +73865,7 @@ index 9a61738..c5c8f3a 100644
  atomic_t			kgdb_setting_breakpoint;
  
  struct task_struct		*kgdb_usethread;
-@@ -132,7 +132,7 @@ int				kgdb_single_step;
+@@ -133,7 +133,7 @@ int				kgdb_single_step;
  static pid_t			kgdb_sstep_pid;
  
  /* to keep track of the CPU which is doing the single stepping*/
@@ -75023,7 +73874,7 @@ index 9a61738..c5c8f3a 100644
  
  /*
   * If you are debugging a problem where roundup (the collection of
-@@ -540,7 +540,7 @@ return_normal:
+@@ -541,7 +541,7 @@ return_normal:
  	 * kernel will only try for the value of sstep_tries before
  	 * giving up and continuing on.
  	 */
@@ -75032,7 +73883,7 @@ index 9a61738..c5c8f3a 100644
  	    (kgdb_info[cpu].task &&
  	     kgdb_info[cpu].task->pid != kgdb_sstep_pid) && --sstep_tries) {
  		atomic_set(&kgdb_active, -1);
-@@ -634,8 +634,8 @@ cpu_master_loop:
+@@ -635,8 +635,8 @@ cpu_master_loop:
  	}
  
  kgdb_restore:
@@ -75043,7 +73894,7 @@ index 9a61738..c5c8f3a 100644
  		if (kgdb_info[sstep_cpu].task)
  			kgdb_sstep_pid = kgdb_info[sstep_cpu].task->pid;
  		else
-@@ -887,18 +887,18 @@ static void kgdb_unregister_callbacks(void)
+@@ -888,18 +888,18 @@ static void kgdb_unregister_callbacks(void)
  static void kgdb_tasklet_bpt(unsigned long ing)
  {
  	kgdb_breakpoint();
@@ -75066,7 +73917,7 @@ index 9a61738..c5c8f3a 100644
  }
  EXPORT_SYMBOL_GPL(kgdb_schedule_breakpoint);
 diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c
-index 8875254..7cf4928 100644
+index 00eb8f7..d7e3244 100644
 --- a/kernel/debug/kdb/kdb_main.c
 +++ b/kernel/debug/kdb/kdb_main.c
 @@ -1974,7 +1974,7 @@ static int kdb_lsmod(int argc, const char **argv)
@@ -75088,10 +73939,23 @@ index 8875254..7cf4928 100644
  #ifdef CONFIG_MODULE_UNLOAD
  		{
 diff --git a/kernel/events/core.c b/kernel/events/core.c
-index 0600d3b..742ab1b 100644
+index 9fcb094..5c06aeb 100644
 --- a/kernel/events/core.c
 +++ b/kernel/events/core.c
-@@ -182,7 +182,7 @@ int perf_proc_update_handler(struct ctl_table *table, int write,
+@@ -155,7 +155,11 @@ static struct srcu_struct pmus_srcu;
+  *   1 - disallow cpu events for unpriv
+  *   2 - disallow kernel profiling for unpriv
+  */
+-int sysctl_perf_event_paranoid __read_mostly = 1;
++#ifdef CONFIG_GRKERNSEC_HIDESYM
++int sysctl_perf_event_legitimately_concerned __read_mostly = 2;
++#else
++int sysctl_perf_event_legitimately_concerned __read_mostly = 1;
++#endif
+ 
+ /* Minimum for 512 kiB + 1 user control page */
+ int sysctl_perf_event_mlock __read_mostly = 512 + (PAGE_SIZE / 1024); /* 'free' kiB per user */
+@@ -182,7 +186,7 @@ int perf_proc_update_handler(struct ctl_table *table, int write,
  	return 0;
  }
  
@@ -75100,7 +73964,7 @@ index 0600d3b..742ab1b 100644
  
  static void cpu_ctx_sched_out(struct perf_cpu_context *cpuctx,
  			      enum event_type_t event_type);
-@@ -2677,7 +2677,7 @@ static void __perf_event_read(void *info)
+@@ -2677,7 +2681,7 @@ static void __perf_event_read(void *info)
  
  static inline u64 perf_event_count(struct perf_event *event)
  {
@@ -75109,7 +73973,7 @@ index 0600d3b..742ab1b 100644
  }
  
  static u64 perf_event_read(struct perf_event *event)
-@@ -3007,9 +3007,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running)
+@@ -3007,9 +3011,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running)
  	mutex_lock(&event->child_mutex);
  	total += perf_event_read(event);
  	*enabled += event->total_time_enabled +
@@ -75121,7 +73985,7 @@ index 0600d3b..742ab1b 100644
  
  	list_for_each_entry(child, &event->child_list, child_list) {
  		total += perf_event_read(child);
-@@ -3412,10 +3412,10 @@ void perf_event_update_userpage(struct perf_event *event)
+@@ -3412,10 +3416,10 @@ void perf_event_update_userpage(struct perf_event *event)
  		userpg->offset -= local64_read(&event->hw.prev_count);
  
  	userpg->time_enabled = enabled +
@@ -75134,7 +73998,7 @@ index 0600d3b..742ab1b 100644
  
  	arch_perf_update_userpage(userpg, now);
  
-@@ -3974,11 +3974,11 @@ static void perf_output_read_one(struct perf_output_handle *handle,
+@@ -3974,11 +3978,11 @@ static void perf_output_read_one(struct perf_output_handle *handle,
  	values[n++] = perf_event_count(event);
  	if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) {
  		values[n++] = enabled +
@@ -75148,7 +74012,7 @@ index 0600d3b..742ab1b 100644
  	}
  	if (read_format & PERF_FORMAT_ID)
  		values[n++] = primary_event_id(event);
-@@ -4721,12 +4721,12 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event)
+@@ -4726,12 +4730,12 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event)
  		 * need to add enough zero bytes after the string to handle
  		 * the 64bit alignment we do later.
  		 */
@@ -75163,7 +74027,7 @@ index 0600d3b..742ab1b 100644
  		if (IS_ERR(name)) {
  			name = strncpy(tmp, "//toolong", sizeof(tmp));
  			goto got_name;
-@@ -6165,7 +6165,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu,
+@@ -6167,7 +6171,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu,
  	event->parent		= parent_event;
  
  	event->ns		= get_pid_ns(task_active_pid_ns(current));
@@ -75172,7 +74036,7 @@ index 0600d3b..742ab1b 100644
  
  	event->state		= PERF_EVENT_STATE_INACTIVE;
  
-@@ -6790,10 +6790,10 @@ static void sync_child_event(struct perf_event *child_event,
+@@ -6795,10 +6799,10 @@ static void sync_child_event(struct perf_event *child_event,
  	/*
  	 * Add back the child's count to the parent's count:
  	 */
@@ -75187,10 +74051,10 @@ index 0600d3b..742ab1b 100644
  
  	/*
 diff --git a/kernel/exit.c b/kernel/exit.c
-index b4df219..f13c02d 100644
+index 60bc027..ca6d727 100644
 --- a/kernel/exit.c
 +++ b/kernel/exit.c
-@@ -170,6 +170,10 @@ void release_task(struct task_struct * p)
+@@ -172,6 +172,10 @@ void release_task(struct task_struct * p)
  	struct task_struct *leader;
  	int zap_leader;
  repeat:
@@ -75201,7 +74065,7 @@ index b4df219..f13c02d 100644
  	/* don't need to get the RCU readlock here - the process is dead and
  	 * can't be modifying its own credentials. But shut RCU-lockdep up */
  	rcu_read_lock();
-@@ -338,7 +342,7 @@ int allow_signal(int sig)
+@@ -340,7 +344,7 @@ int allow_signal(int sig)
  	 * know it'll be handled, so that they don't get converted to
  	 * SIGKILL or just silently dropped.
  	 */
@@ -75210,7 +74074,7 @@ index b4df219..f13c02d 100644
  	recalc_sigpending();
  	spin_unlock_irq(&current->sighand->siglock);
  	return 0;
-@@ -708,6 +712,8 @@ void do_exit(long code)
+@@ -710,6 +714,8 @@ void do_exit(long code)
  	struct task_struct *tsk = current;
  	int group_dead;
  
@@ -75219,7 +74083,7 @@ index b4df219..f13c02d 100644
  	profile_task_exit(tsk);
  
  	WARN_ON(blk_needs_flush_plug(tsk));
-@@ -724,7 +730,6 @@ void do_exit(long code)
+@@ -726,7 +732,6 @@ void do_exit(long code)
  	 * mm_release()->clear_child_tid() from writing to a user-controlled
  	 * kernel address.
  	 */
@@ -75227,7 +74091,7 @@ index b4df219..f13c02d 100644
  
  	ptrace_event(PTRACE_EVENT_EXIT, code);
  
-@@ -783,6 +788,9 @@ void do_exit(long code)
+@@ -785,6 +790,9 @@ void do_exit(long code)
  	tsk->exit_code = code;
  	taskstats_exit(tsk, group_dead);
  
@@ -75237,7 +74101,7 @@ index b4df219..f13c02d 100644
  	exit_mm(tsk);
  
  	if (group_dead)
-@@ -903,7 +911,7 @@ SYSCALL_DEFINE1(exit, int, error_code)
+@@ -905,7 +913,7 @@ SYSCALL_DEFINE1(exit, int, error_code)
   * Take down every thread in the group.  This is called by fatal signals
   * as well as by sys_exit_group (below).
   */
@@ -75247,7 +74111,7 @@ index b4df219..f13c02d 100644
  {
  	struct signal_struct *sig = current->signal;
 diff --git a/kernel/fork.c b/kernel/fork.c
-index 5630e52..0cee608 100644
+index 1766d32..c0e44e2 100644
 --- a/kernel/fork.c
 +++ b/kernel/fork.c
 @@ -318,7 +318,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig)
@@ -75295,7 +74159,7 @@ index 5630e52..0cee608 100644
 +	tmp->vm_mirror = NULL;
 +	file = tmp->vm_file;
 +	if (file) {
-+		struct inode *inode = file->f_path.dentry->d_inode;
++		struct inode *inode = file_inode(file);
 +		struct address_space *mapping = file->f_mapping;
 +
 +		get_file(file);
@@ -75390,7 +74254,7 @@ index 5630e52..0cee608 100644
 -		tmp->vm_next = tmp->vm_prev = NULL;
 -		file = tmp->vm_file;
 -		if (file) {
--			struct inode *inode = file->f_path.dentry->d_inode;
+-			struct inode *inode = file_inode(file);
 -			struct address_space *mapping = file->f_mapping;
 -
 -			get_file(file);
@@ -75506,7 +74370,7 @@ index 5630e52..0cee608 100644
  	if (atomic_read(&p->real_cred->user->processes) >=
  			task_rlimit(p, RLIMIT_NPROC)) {
  		if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) &&
-@@ -1435,6 +1488,11 @@ static struct task_struct *copy_process(unsigned long clone_flags,
+@@ -1441,6 +1494,11 @@ static struct task_struct *copy_process(unsigned long clone_flags,
  		goto bad_fork_free_pid;
  	}
  
@@ -75518,7 +74382,7 @@ index 5630e52..0cee608 100644
  	if (clone_flags & CLONE_THREAD) {
  		current->signal->nr_threads++;
  		atomic_inc(&current->signal->live);
-@@ -1518,6 +1576,8 @@ bad_fork_cleanup_count:
+@@ -1524,6 +1582,8 @@ bad_fork_cleanup_count:
  bad_fork_free:
  	free_task(p);
  fork_out:
@@ -75527,7 +74391,7 @@ index 5630e52..0cee608 100644
  	return ERR_PTR(retval);
  }
  
-@@ -1568,6 +1628,23 @@ long do_fork(unsigned long clone_flags,
+@@ -1574,6 +1634,23 @@ long do_fork(unsigned long clone_flags,
  			return -EINVAL;
  	}
  
@@ -75551,7 +74415,7 @@ index 5630e52..0cee608 100644
  	/*
  	 * Determine whether and which event to report to ptracer.  When
  	 * called from kernel_thread or CLONE_UNTRACED is explicitly
-@@ -1602,6 +1679,8 @@ long do_fork(unsigned long clone_flags,
+@@ -1608,6 +1685,8 @@ long do_fork(unsigned long clone_flags,
  		if (clone_flags & CLONE_PARENT_SETTID)
  			put_user(nr, parent_tidptr);
  
@@ -75560,7 +74424,7 @@ index 5630e52..0cee608 100644
  		if (clone_flags & CLONE_VFORK) {
  			p->vfork_done = &vfork;
  			init_completion(&vfork);
-@@ -1755,7 +1834,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp)
+@@ -1761,7 +1840,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp)
  		return 0;
  
  	/* don't need lock here; in the worst case we'll do useless copy */
@@ -75569,7 +74433,7 @@ index 5630e52..0cee608 100644
  		return 0;
  
  	*new_fsp = copy_fs_struct(fs);
-@@ -1869,7 +1948,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
+@@ -1873,7 +1952,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
  			fs = current->fs;
  			spin_lock(&fs->lock);
  			current->fs = new_fs;
@@ -75580,7 +74444,7 @@ index 5630e52..0cee608 100644
  			else
  				new_fs = fs;
 diff --git a/kernel/futex.c b/kernel/futex.c
-index 8879430..31696f1 100644
+index b26dcfc..39e266a 100644
 --- a/kernel/futex.c
 +++ b/kernel/futex.c
 @@ -54,6 +54,7 @@
@@ -75591,7 +74455,7 @@ index 8879430..31696f1 100644
  #include <linux/signal.h>
  #include <linux/export.h>
  #include <linux/magic.h>
-@@ -239,6 +240,11 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw)
+@@ -241,6 +242,11 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw)
  	struct page *page, *page_head;
  	int err, ro = 0;
  
@@ -75603,7 +74467,7 @@ index 8879430..31696f1 100644
  	/*
  	 * The futex address must be "naturally" aligned.
  	 */
-@@ -2731,6 +2737,7 @@ static int __init futex_init(void)
+@@ -2732,6 +2738,7 @@ static int __init futex_init(void)
  {
  	u32 curval;
  	int i;
@@ -75611,7 +74475,7 @@ index 8879430..31696f1 100644
  
  	/*
  	 * This will fail and we want it. Some arch implementations do
-@@ -2742,8 +2749,11 @@ static int __init futex_init(void)
+@@ -2743,8 +2750,11 @@ static int __init futex_init(void)
  	 * implementation, the non-functional ones will return
  	 * -ENOSYS.
  	 */
@@ -75624,10 +74488,10 @@ index 8879430..31696f1 100644
  	for (i = 0; i < ARRAY_SIZE(futex_queues); i++) {
  		plist_head_init(&futex_queues[i].chain);
 diff --git a/kernel/futex_compat.c b/kernel/futex_compat.c
-index a9642d5..51eb98c 100644
+index f9f44fd..29885e4 100644
 --- a/kernel/futex_compat.c
 +++ b/kernel/futex_compat.c
-@@ -31,7 +31,7 @@ fetch_robust_entry(compat_uptr_t *uentry, struct robust_list __user **entry,
+@@ -32,7 +32,7 @@ fetch_robust_entry(compat_uptr_t *uentry, struct robust_list __user **entry,
  	return 0;
  }
  
@@ -75662,10 +74526,10 @@ index 9b22d03..6295b62 100644
  				prev->next = info->next;
  			else
 diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c
-index 60f7e32..76ccd96 100644
+index 7ef5556..8247f11 100644
 --- a/kernel/hrtimer.c
 +++ b/kernel/hrtimer.c
-@@ -1414,7 +1414,7 @@ void hrtimer_peek_ahead_timers(void)
+@@ -1416,7 +1416,7 @@ void hrtimer_peek_ahead_timers(void)
  	local_irq_restore(flags);
  }
  
@@ -75674,7 +74538,7 @@ index 60f7e32..76ccd96 100644
  {
  	struct hrtimer_cpu_base *cpu_base = &__get_cpu_var(hrtimer_bases);
  
-@@ -1756,7 +1756,7 @@ static int __cpuinit hrtimer_cpu_notify(struct notifier_block *self,
+@@ -1758,7 +1758,7 @@ static int __cpuinit hrtimer_cpu_notify(struct notifier_block *self,
  	return NOTIFY_OK;
  }
  
@@ -75683,6 +74547,27 @@ index 60f7e32..76ccd96 100644
  	.notifier_call = hrtimer_cpu_notify,
  };
  
+diff --git a/kernel/irq_work.c b/kernel/irq_work.c
+index 55fcce6..0e4cf34 100644
+--- a/kernel/irq_work.c
++++ b/kernel/irq_work.c
+@@ -189,12 +189,13 @@ static int irq_work_cpu_notify(struct notifier_block *self,
+ 	return NOTIFY_OK;
+ }
+ 
+-static struct notifier_block cpu_notify;
++static struct notifier_block cpu_notify = {
++	.notifier_call = irq_work_cpu_notify,
++	.priority = 0,
++};
+ 
+ static __init int irq_work_init_cpu_notifier(void)
+ {
+-	cpu_notify.notifier_call = irq_work_cpu_notify;
+-	cpu_notify.priority = 0;
+ 	register_cpu_notifier(&cpu_notify);
+ 	return 0;
+ }
 diff --git a/kernel/jump_label.c b/kernel/jump_label.c
 index 60f48fa..7f3a770 100644
 --- a/kernel/jump_label.c
@@ -75848,10 +74733,10 @@ index e30ac0f..3528cac 100644
  
  	/*
 diff --git a/kernel/kexec.c b/kernel/kexec.c
-index 5e4bd78..00c5b91 100644
+index ffd4e11..c3ff6bf 100644
 --- a/kernel/kexec.c
 +++ b/kernel/kexec.c
-@@ -1045,7 +1045,8 @@ asmlinkage long compat_sys_kexec_load(unsigned long entry,
+@@ -1048,7 +1048,8 @@ asmlinkage long compat_sys_kexec_load(unsigned long entry,
  				unsigned long flags)
  {
  	struct compat_kexec_segment in;
@@ -75862,10 +74747,10 @@ index 5e4bd78..00c5b91 100644
  
  	/* Don't allow clients that don't understand the native
 diff --git a/kernel/kmod.c b/kernel/kmod.c
-index 0023a87..9c0c068 100644
+index 56dd349..336e1dc 100644
 --- a/kernel/kmod.c
 +++ b/kernel/kmod.c
-@@ -74,7 +74,7 @@ static void free_modprobe_argv(struct subprocess_info *info)
+@@ -75,7 +75,7 @@ static void free_modprobe_argv(struct subprocess_info *info)
  	kfree(info->argv);
  }
  
@@ -75874,7 +74759,7 @@ index 0023a87..9c0c068 100644
  {
  	static char *envp[] = {
  		"HOME=/",
-@@ -83,7 +83,7 @@ static int call_modprobe(char *module_name, int wait)
+@@ -84,7 +84,7 @@ static int call_modprobe(char *module_name, int wait)
  		NULL
  	};
  
@@ -75883,7 +74768,7 @@ index 0023a87..9c0c068 100644
  	if (!argv)
  		goto out;
  
-@@ -95,7 +95,8 @@ static int call_modprobe(char *module_name, int wait)
+@@ -96,7 +96,8 @@ static int call_modprobe(char *module_name, int wait)
  	argv[1] = "-q";
  	argv[2] = "--";
  	argv[3] = module_name;	/* check free_modprobe_argv() */
@@ -75893,7 +74778,7 @@ index 0023a87..9c0c068 100644
  
  	return call_usermodehelper_fns(modprobe_path, argv, envp,
  		wait | UMH_KILLABLE, NULL, free_modprobe_argv, NULL);
-@@ -120,9 +121,8 @@ out:
+@@ -121,9 +122,8 @@ out:
   * If module auto-loading support is disabled then this function
   * becomes a no-operation.
   */
@@ -75904,9 +74789,9 @@ index 0023a87..9c0c068 100644
  	char module_name[MODULE_NAME_LEN];
  	unsigned int max_modprobes;
  	int ret;
-@@ -130,9 +130,7 @@ int __request_module(bool wait, const char *fmt, ...)
- #define MAX_KMOD_CONCURRENT 50	/* Completely arbitrary value - KAO */
- 	static int kmod_loop_msg;
+@@ -139,9 +139,7 @@ int __request_module(bool wait, const char *fmt, ...)
+ 	 */
+ 	WARN_ON_ONCE(wait && current_is_async());
  
 -	va_start(args, fmt);
 -	ret = vsnprintf(module_name, MODULE_NAME_LEN, fmt, args);
@@ -75915,7 +74800,7 @@ index 0023a87..9c0c068 100644
  	if (ret >= MODULE_NAME_LEN)
  		return -ENAMETOOLONG;
  
-@@ -140,6 +138,20 @@ int __request_module(bool wait, const char *fmt, ...)
+@@ -149,6 +147,20 @@ int __request_module(bool wait, const char *fmt, ...)
  	if (ret)
  		return ret;
  
@@ -75936,7 +74821,7 @@ index 0023a87..9c0c068 100644
  	/* If modprobe needs a service that is in a module, we get a recursive
  	 * loop.  Limit the number of running kmod threads to max_threads/2 or
  	 * MAX_KMOD_CONCURRENT, whichever is the smaller.  A cleaner method
-@@ -168,11 +180,52 @@ int __request_module(bool wait, const char *fmt, ...)
+@@ -177,11 +189,52 @@ int __request_module(bool wait, const char *fmt, ...)
  
  	trace_module_request(module_name, wait, _RET_IP_);
  
@@ -75990,7 +74875,7 @@ index 0023a87..9c0c068 100644
  EXPORT_SYMBOL(__request_module);
  #endif /* CONFIG_MODULES */
  
-@@ -283,7 +336,7 @@ static int wait_for_helper(void *data)
+@@ -292,7 +345,7 @@ static int wait_for_helper(void *data)
  		 *
  		 * Thus the __user pointer cast is valid here.
  		 */
@@ -75999,7 +74884,7 @@ index 0023a87..9c0c068 100644
  
  		/*
  		 * If ret is 0, either ____call_usermodehelper failed and the
-@@ -635,7 +688,7 @@ EXPORT_SYMBOL(call_usermodehelper_fns);
+@@ -644,7 +697,7 @@ EXPORT_SYMBOL(call_usermodehelper_fns);
  static int proc_cap_handler(struct ctl_table *table, int write,
  			 void __user *buffer, size_t *lenp, loff_t *ppos)
  {
@@ -76009,7 +74894,7 @@ index 0023a87..9c0c068 100644
  	kernel_cap_t new_cap;
  	int err, i;
 diff --git a/kernel/kprobes.c b/kernel/kprobes.c
-index 098f396..fe85ff1 100644
+index 3fed7f0..a3f95ed 100644
 --- a/kernel/kprobes.c
 +++ b/kernel/kprobes.c
 @@ -185,7 +185,7 @@ static kprobe_opcode_t __kprobes *__get_insn_slot(struct kprobe_insn_cache *c)
@@ -76030,7 +74915,7 @@ index 098f396..fe85ff1 100644
  			kfree(kip);
  		}
  		return 1;
-@@ -2063,7 +2063,7 @@ static int __init init_kprobes(void)
+@@ -2073,7 +2073,7 @@ static int __init init_kprobes(void)
  {
  	int i, err = 0;
  	unsigned long offset = 0, size = 0;
@@ -76039,7 +74924,7 @@ index 098f396..fe85ff1 100644
  	const char *symbol_name;
  	void *addr;
  	struct kprobe_blackpoint *kb;
-@@ -2148,11 +2148,11 @@ static void __kprobes report_probe(struct seq_file *pi, struct kprobe *p,
+@@ -2158,11 +2158,11 @@ static void __kprobes report_probe(struct seq_file *pi, struct kprobe *p,
  		kprobe_type = "k";
  
  	if (sym)
@@ -76053,7 +74938,7 @@ index 098f396..fe85ff1 100644
  			p->addr, kprobe_type, p->addr);
  
  	if (!pp)
-@@ -2190,7 +2190,7 @@ static int __kprobes show_kprobe_addr(struct seq_file *pi, void *v)
+@@ -2199,7 +2199,7 @@ static int __kprobes show_kprobe_addr(struct seq_file *pi, void *v)
  	const char *sym = NULL;
  	unsigned int i = *(loff_t *) v;
  	unsigned long offset = 0;
@@ -76085,7 +74970,7 @@ index 6ada93c..dce7d5d 100644
  		.name = "notes",
  		.mode = S_IRUGO,
 diff --git a/kernel/lockdep.c b/kernel/lockdep.c
-index 7981e5b..7f2105c 100644
+index 8a0efac..56f1e2d 100644
 --- a/kernel/lockdep.c
 +++ b/kernel/lockdep.c
 @@ -590,6 +590,10 @@ static int static_obj(void *obj)
@@ -76166,7 +75051,7 @@ index b2c71c5..7b88d63 100644
  		seq_printf(m, "%40s %14lu %29s %pS\n",
  			   name, stats->contending_point[i],
 diff --git a/kernel/module.c b/kernel/module.c
-index eab0827..f488603 100644
+index 0925c9a..6b044ac 100644
 --- a/kernel/module.c
 +++ b/kernel/module.c
 @@ -61,6 +61,7 @@
@@ -76187,7 +75072,7 @@ index eab0827..f488603 100644
  
  int register_module_notifier(struct notifier_block * nb)
  {
-@@ -322,7 +324,7 @@ bool each_symbol_section(bool (*fn)(const struct symsearch *arr,
+@@ -323,7 +325,7 @@ bool each_symbol_section(bool (*fn)(const struct symsearch *arr,
  		return true;
  
  	list_for_each_entry_rcu(mod, &modules, list) {
@@ -76196,7 +75081,7 @@ index eab0827..f488603 100644
  			{ mod->syms, mod->syms + mod->num_syms, mod->crcs,
  			  NOT_GPL_ONLY, false },
  			{ mod->gpl_syms, mod->gpl_syms + mod->num_gpl_syms,
-@@ -347,7 +349,7 @@ bool each_symbol_section(bool (*fn)(const struct symsearch *arr,
+@@ -348,7 +350,7 @@ bool each_symbol_section(bool (*fn)(const struct symsearch *arr,
  		if (mod->state == MODULE_STATE_UNFORMED)
  			continue;
  
@@ -76205,7 +75090,7 @@ index eab0827..f488603 100644
  			return true;
  	}
  	return false;
-@@ -484,7 +486,7 @@ static inline void __percpu *mod_percpu(struct module *mod)
+@@ -485,7 +487,7 @@ static inline void __percpu *mod_percpu(struct module *mod)
  static int percpu_modalloc(struct module *mod,
  			   unsigned long size, unsigned long align)
  {
@@ -76214,7 +75099,7 @@ index eab0827..f488603 100644
  		printk(KERN_WARNING "%s: per-cpu alignment %li > %li\n",
  		       mod->name, align, PAGE_SIZE);
  		align = PAGE_SIZE;
-@@ -1088,7 +1090,7 @@ struct module_attribute module_uevent =
+@@ -1089,7 +1091,7 @@ struct module_attribute module_uevent =
  static ssize_t show_coresize(struct module_attribute *mattr,
  			     struct module_kobject *mk, char *buffer)
  {
@@ -76223,7 +75108,7 @@ index eab0827..f488603 100644
  }
  
  static struct module_attribute modinfo_coresize =
-@@ -1097,7 +1099,7 @@ static struct module_attribute modinfo_coresize =
+@@ -1098,7 +1100,7 @@ static struct module_attribute modinfo_coresize =
  static ssize_t show_initsize(struct module_attribute *mattr,
  			     struct module_kobject *mk, char *buffer)
  {
@@ -76232,7 +75117,7 @@ index eab0827..f488603 100644
  }
  
  static struct module_attribute modinfo_initsize =
-@@ -1311,7 +1313,7 @@ resolve_symbol_wait(struct module *mod,
+@@ -1312,7 +1314,7 @@ resolve_symbol_wait(struct module *mod,
   */
  #ifdef CONFIG_SYSFS
  
@@ -76241,7 +75126,7 @@ index eab0827..f488603 100644
  static inline bool sect_empty(const Elf_Shdr *sect)
  {
  	return !(sect->sh_flags & SHF_ALLOC) || sect->sh_size == 0;
-@@ -1451,7 +1453,7 @@ static void add_notes_attrs(struct module *mod, const struct load_info *info)
+@@ -1452,7 +1454,7 @@ static void add_notes_attrs(struct module *mod, const struct load_info *info)
  {
  	unsigned int notes, loaded, i;
  	struct module_notes_attrs *notes_attrs;
@@ -76250,7 +75135,7 @@ index eab0827..f488603 100644
  
  	/* failed to create section attributes, so can't create notes */
  	if (!mod->sect_attrs)
-@@ -1563,7 +1565,7 @@ static void del_usage_links(struct module *mod)
+@@ -1564,7 +1566,7 @@ static void del_usage_links(struct module *mod)
  static int module_add_modinfo_attrs(struct module *mod)
  {
  	struct module_attribute *attr;
@@ -76259,7 +75144,7 @@ index eab0827..f488603 100644
  	int error = 0;
  	int i;
  
-@@ -1777,21 +1779,21 @@ static void set_section_ro_nx(void *base,
+@@ -1778,21 +1780,21 @@ static void set_section_ro_nx(void *base,
  
  static void unset_module_core_ro_nx(struct module *mod)
  {
@@ -76289,7 +75174,7 @@ index eab0827..f488603 100644
  		set_memory_rw);
  }
  
-@@ -1804,14 +1806,14 @@ void set_all_modules_text_rw(void)
+@@ -1805,14 +1807,14 @@ void set_all_modules_text_rw(void)
  	list_for_each_entry_rcu(mod, &modules, list) {
  		if (mod->state == MODULE_STATE_UNFORMED)
  			continue;
@@ -76310,7 +75195,7 @@ index eab0827..f488603 100644
  						set_memory_rw);
  		}
  	}
-@@ -1827,14 +1829,14 @@ void set_all_modules_text_ro(void)
+@@ -1828,14 +1830,14 @@ void set_all_modules_text_ro(void)
  	list_for_each_entry_rcu(mod, &modules, list) {
  		if (mod->state == MODULE_STATE_UNFORMED)
  			continue;
@@ -76331,7 +75216,7 @@ index eab0827..f488603 100644
  						set_memory_ro);
  		}
  	}
-@@ -1880,16 +1882,19 @@ static void free_module(struct module *mod)
+@@ -1881,16 +1883,19 @@ static void free_module(struct module *mod)
  
  	/* This may be NULL, but that's OK */
  	unset_module_init_ro_nx(mod);
@@ -76354,7 +75239,7 @@ index eab0827..f488603 100644
  
  #ifdef CONFIG_MPU
  	update_protections(current->mm);
-@@ -1959,9 +1964,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
+@@ -1960,9 +1965,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
  	int ret = 0;
  	const struct kernel_symbol *ksym;
  
@@ -76386,7 +75271,7 @@ index eab0827..f488603 100644
  		switch (sym[i].st_shndx) {
  		case SHN_COMMON:
  			/* We compiled with -fno-common.  These are not
-@@ -1982,7 +2009,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
+@@ -1983,7 +2010,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
  			ksym = resolve_symbol_wait(mod, info, name);
  			/* Ok if resolved.  */
  			if (ksym && !IS_ERR(ksym)) {
@@ -76396,7 +75281,7 @@ index eab0827..f488603 100644
  				break;
  			}
  
-@@ -2001,11 +2030,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
+@@ -2002,11 +2031,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
  				secbase = (unsigned long)mod_percpu(mod);
  			else
  				secbase = info->sechdrs[sym[i].st_shndx].sh_addr;
@@ -76417,7 +75302,7 @@ index eab0827..f488603 100644
  	return ret;
  }
  
-@@ -2089,22 +2127,12 @@ static void layout_sections(struct module *mod, struct load_info *info)
+@@ -2090,22 +2128,12 @@ static void layout_sections(struct module *mod, struct load_info *info)
  			    || s->sh_entsize != ~0UL
  			    || strstarts(sname, ".init"))
  				continue;
@@ -76444,7 +75329,7 @@ index eab0827..f488603 100644
  	}
  
  	pr_debug("Init section allocation order:\n");
-@@ -2118,23 +2146,13 @@ static void layout_sections(struct module *mod, struct load_info *info)
+@@ -2119,23 +2147,13 @@ static void layout_sections(struct module *mod, struct load_info *info)
  			    || s->sh_entsize != ~0UL
  			    || !strstarts(sname, ".init"))
  				continue;
@@ -76473,7 +75358,7 @@ index eab0827..f488603 100644
  	}
  }
  
-@@ -2306,7 +2324,7 @@ static void layout_symtab(struct module *mod, struct load_info *info)
+@@ -2308,7 +2326,7 @@ static void layout_symtab(struct module *mod, struct load_info *info)
  
  	/* Put symbol section at end of init part of module. */
  	symsect->sh_flags |= SHF_ALLOC;
@@ -76482,7 +75367,7 @@ index eab0827..f488603 100644
  					 info->index.sym) | INIT_OFFSET_MASK;
  	pr_debug("\t%s\n", info->secstrings + symsect->sh_name);
  
-@@ -2323,13 +2341,13 @@ static void layout_symtab(struct module *mod, struct load_info *info)
+@@ -2325,13 +2343,13 @@ static void layout_symtab(struct module *mod, struct load_info *info)
  	}
  
  	/* Append room for core symbols at end of core part. */
@@ -76500,7 +75385,7 @@ index eab0827..f488603 100644
  					 info->index.str) | INIT_OFFSET_MASK;
  	pr_debug("\t%s\n", info->secstrings + strsect->sh_name);
  }
-@@ -2347,12 +2365,14 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
+@@ -2349,12 +2367,14 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
  	/* Make sure we get permanent strtab: don't use info->strtab. */
  	mod->strtab = (void *)info->sechdrs[info->index.str].sh_addr;
  
@@ -76517,7 +75402,7 @@ index eab0827..f488603 100644
  	src = mod->symtab;
  	for (ndst = i = 0; i < mod->num_symtab; i++) {
  		if (i == 0 ||
-@@ -2364,6 +2384,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
+@@ -2366,6 +2386,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
  		}
  	}
  	mod->core_num_syms = ndst;
@@ -76526,7 +75411,7 @@ index eab0827..f488603 100644
  }
  #else
  static inline void layout_symtab(struct module *mod, struct load_info *info)
-@@ -2397,17 +2419,33 @@ void * __weak module_alloc(unsigned long size)
+@@ -2399,17 +2421,33 @@ void * __weak module_alloc(unsigned long size)
  	return vmalloc_exec(size);
  }
  
@@ -76565,7 +75450,7 @@ index eab0827..f488603 100644
  		mutex_unlock(&module_mutex);
  	}
  	return ret;
-@@ -2683,8 +2721,14 @@ static struct module *setup_load_info(struct load_info *info, int flags)
+@@ -2685,8 +2723,14 @@ static struct module *setup_load_info(struct load_info *info, int flags)
  static int check_modinfo(struct module *mod, struct load_info *info, int flags)
  {
  	const char *modmagic = get_modinfo(info, "vermagic");
@@ -76580,7 +75465,7 @@ index eab0827..f488603 100644
  	if (flags & MODULE_INIT_IGNORE_VERMAGIC)
  		modmagic = NULL;
  
-@@ -2710,7 +2754,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags)
+@@ -2712,7 +2756,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags)
  	}
  
  	/* Set up license info based on the info section */
@@ -76589,7 +75474,7 @@ index eab0827..f488603 100644
  
  	return 0;
  }
-@@ -2804,7 +2848,7 @@ static int move_module(struct module *mod, struct load_info *info)
+@@ -2806,7 +2850,7 @@ static int move_module(struct module *mod, struct load_info *info)
  	void *ptr;
  
  	/* Do the allocs. */
@@ -76598,7 +75483,7 @@ index eab0827..f488603 100644
  	/*
  	 * The pointer to this block is stored in the module structure
  	 * which is inside the block. Just mark it as not being a
-@@ -2814,11 +2858,11 @@ static int move_module(struct module *mod, struct load_info *info)
+@@ -2816,11 +2860,11 @@ static int move_module(struct module *mod, struct load_info *info)
  	if (!ptr)
  		return -ENOMEM;
  
@@ -76614,7 +75499,7 @@ index eab0827..f488603 100644
  		/*
  		 * The pointer to this block is stored in the module structure
  		 * which is inside the block. This block doesn't need to be
-@@ -2827,13 +2871,45 @@ static int move_module(struct module *mod, struct load_info *info)
+@@ -2829,13 +2873,45 @@ static int move_module(struct module *mod, struct load_info *info)
  		 */
  		kmemleak_ignore(ptr);
  		if (!ptr) {
@@ -76664,7 +75549,7 @@ index eab0827..f488603 100644
  
  	/* Transfer each section which specifies SHF_ALLOC */
  	pr_debug("final section addresses:\n");
-@@ -2844,16 +2920,45 @@ static int move_module(struct module *mod, struct load_info *info)
+@@ -2846,16 +2922,45 @@ static int move_module(struct module *mod, struct load_info *info)
  		if (!(shdr->sh_flags & SHF_ALLOC))
  			continue;
  
@@ -76717,7 +75602,7 @@ index eab0827..f488603 100644
  		pr_debug("\t0x%lx %s\n",
  			 (long)shdr->sh_addr, info->secstrings + shdr->sh_name);
  	}
-@@ -2908,12 +3013,12 @@ static void flush_module_icache(const struct module *mod)
+@@ -2912,12 +3017,12 @@ static void flush_module_icache(const struct module *mod)
  	 * Do it before processing of module parameters, so the module
  	 * can provide parameter accessor functions of its own.
  	 */
@@ -76736,7 +75621,7 @@ index eab0827..f488603 100644
  
  	set_fs(old_fs);
  }
-@@ -2983,8 +3088,10 @@ out:
+@@ -2987,8 +3092,10 @@ out:
  static void module_deallocate(struct module *mod, struct load_info *info)
  {
  	percpu_modfree(mod);
@@ -76749,7 +75634,7 @@ index eab0827..f488603 100644
  }
  
  int __weak module_finalize(const Elf_Ehdr *hdr,
-@@ -2997,7 +3104,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr,
+@@ -3001,7 +3108,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr,
  static int post_relocation(struct module *mod, const struct load_info *info)
  {
  	/* Sort exception table now relocations are done. */
@@ -76759,7 +75644,7 @@ index eab0827..f488603 100644
  
  	/* Copy relocated percpu area over. */
  	percpu_modcopy(mod, (void *)info->sechdrs[info->index.pcpu].sh_addr,
-@@ -3051,16 +3160,16 @@ static int do_init_module(struct module *mod)
+@@ -3055,16 +3164,16 @@ static int do_init_module(struct module *mod)
  			MODULE_STATE_COMING, mod);
  
  	/* Set RO and NX regions for core */
@@ -76784,7 +75669,7 @@ index eab0827..f488603 100644
  
  	do_mod_ctors(mod);
  	/* Start the module */
-@@ -3122,11 +3231,12 @@ static int do_init_module(struct module *mod)
+@@ -3126,11 +3235,12 @@ static int do_init_module(struct module *mod)
  	mod->strtab = mod->core_strtab;
  #endif
  	unset_module_init_ro_nx(mod);
@@ -76802,7 +75687,7 @@ index eab0827..f488603 100644
  	mutex_unlock(&module_mutex);
  	wake_up_all(&module_wq);
  
-@@ -3209,9 +3319,38 @@ again:
+@@ -3257,9 +3367,38 @@ static int load_module(struct load_info *info, const char __user *uargs,
  	if (err)
  		goto free_unload;
  
@@ -76841,7 +75726,7 @@ index eab0827..f488603 100644
  	/* Fix up syms, so that st_value is a pointer to location. */
  	err = simplify_symbols(mod, info);
  	if (err < 0)
-@@ -3227,13 +3366,6 @@ again:
+@@ -3275,13 +3414,6 @@ static int load_module(struct load_info *info, const char __user *uargs,
  
  	flush_module_icache(mod);
  
@@ -76854,9 +75739,9 @@ index eab0827..f488603 100644
 -
  	dynamic_debug_setup(info->debug, info->num_debug);
  
- 	mutex_lock(&module_mutex);
-@@ -3278,11 +3410,10 @@ again:
- 	mutex_unlock(&module_mutex);
+ 	/* Finally it's fully formed, ready to start executing. */
+@@ -3316,11 +3448,10 @@ static int load_module(struct load_info *info, const char __user *uargs,
+  ddebug_cleanup:
  	dynamic_debug_remove(info->debug);
  	synchronize_sched();
 -	kfree(mod->args);
@@ -76868,7 +75753,7 @@ index eab0827..f488603 100644
   free_unload:
  	module_unload_free(mod);
   unlink_mod:
-@@ -3365,10 +3496,16 @@ static const char *get_ksymbol(struct module *mod,
+@@ -3403,10 +3534,16 @@ static const char *get_ksymbol(struct module *mod,
  	unsigned long nextval;
  
  	/* At worse, next value is at end of module */
@@ -76888,7 +75773,7 @@ index eab0827..f488603 100644
  
  	/* Scan for closest preceding symbol, and next symbol. (ELF
  	   starts real symbols at 1). */
-@@ -3621,7 +3758,7 @@ static int m_show(struct seq_file *m, void *p)
+@@ -3659,7 +3796,7 @@ static int m_show(struct seq_file *m, void *p)
  		return 0;
  
  	seq_printf(m, "%s %u",
@@ -76897,7 +75782,7 @@ index eab0827..f488603 100644
  	print_unload_info(m, mod);
  
  	/* Informative for users. */
-@@ -3630,7 +3767,7 @@ static int m_show(struct seq_file *m, void *p)
+@@ -3668,7 +3805,7 @@ static int m_show(struct seq_file *m, void *p)
  		   mod->state == MODULE_STATE_COMING ? "Loading":
  		   "Live");
  	/* Used by oprofile and other similar tools. */
@@ -76906,7 +75791,7 @@ index eab0827..f488603 100644
  
  	/* Taints info */
  	if (mod->taints)
-@@ -3666,7 +3803,17 @@ static const struct file_operations proc_modules_operations = {
+@@ -3704,7 +3841,17 @@ static const struct file_operations proc_modules_operations = {
  
  static int __init proc_modules_init(void)
  {
@@ -76924,7 +75809,7 @@ index eab0827..f488603 100644
  	return 0;
  }
  module_init(proc_modules_init);
-@@ -3727,14 +3874,14 @@ struct module *__module_address(unsigned long addr)
+@@ -3765,14 +3912,14 @@ struct module *__module_address(unsigned long addr)
  {
  	struct module *mod;
  
@@ -76942,7 +75827,7 @@ index eab0827..f488603 100644
  			return mod;
  	}
  	return NULL;
-@@ -3769,11 +3916,20 @@ bool is_module_text_address(unsigned long addr)
+@@ -3807,11 +3954,20 @@ bool is_module_text_address(unsigned long addr)
   */
  struct module *__module_text_address(unsigned long addr)
  {
@@ -77015,10 +75900,10 @@ index 0799fd3..d06ae3b 100644
  extern void debug_mutex_init(struct mutex *lock, const char *name,
  			     struct lock_class_key *key);
 diff --git a/kernel/mutex.c b/kernel/mutex.c
-index a307cc9..27fd2e9 100644
+index 52f2301..73f7528 100644
 --- a/kernel/mutex.c
 +++ b/kernel/mutex.c
-@@ -198,7 +198,7 @@ __mutex_lock_common(struct mutex *lock, long state, unsigned int subclass,
+@@ -199,7 +199,7 @@ __mutex_lock_common(struct mutex *lock, long state, unsigned int subclass,
  	spin_lock_mutex(&lock->wait_lock, flags);
  
  	debug_mutex_lock_common(lock, &waiter);
@@ -77027,7 +75912,7 @@ index a307cc9..27fd2e9 100644
  
  	/* add waiting tasks to the end of the waitqueue (FIFO): */
  	list_add_tail(&waiter.list, &lock->wait_list);
-@@ -227,8 +227,7 @@ __mutex_lock_common(struct mutex *lock, long state, unsigned int subclass,
+@@ -228,8 +228,7 @@ __mutex_lock_common(struct mutex *lock, long state, unsigned int subclass,
  		 * TASK_UNINTERRUPTIBLE case.)
  		 */
  		if (unlikely(signal_pending_state(state, task))) {
@@ -77037,7 +75922,7 @@ index a307cc9..27fd2e9 100644
  			mutex_release(&lock->dep_map, 1, ip);
  			spin_unlock_mutex(&lock->wait_lock, flags);
  
-@@ -247,7 +246,7 @@ __mutex_lock_common(struct mutex *lock, long state, unsigned int subclass,
+@@ -248,7 +247,7 @@ __mutex_lock_common(struct mutex *lock, long state, unsigned int subclass,
  done:
  	lock_acquired(&lock->dep_map, ip);
  	/* got the lock - rejoice! */
@@ -77103,10 +75988,10 @@ index 2d5cc4c..d9ea600 100644
  	return -ENOENT;
  }
 diff --git a/kernel/panic.c b/kernel/panic.c
-index e1b2822..5edc1d9 100644
+index 7c57cc9..28f1b3f 100644
 --- a/kernel/panic.c
 +++ b/kernel/panic.c
-@@ -410,7 +410,7 @@ static void warn_slowpath_common(const char *file, int line, void *caller,
+@@ -403,7 +403,7 @@ static void warn_slowpath_common(const char *file, int line, void *caller,
  	const char *board;
  
  	printk(KERN_WARNING "------------[ cut here ]------------\n");
@@ -77115,7 +76000,7 @@ index e1b2822..5edc1d9 100644
  	board = dmi_get_system_info(DMI_PRODUCT_NAME);
  	if (board)
  		printk(KERN_WARNING "Hardware name: %s\n", board);
-@@ -465,7 +465,8 @@ EXPORT_SYMBOL(warn_slowpath_null);
+@@ -459,7 +459,8 @@ EXPORT_SYMBOL(warn_slowpath_null);
   */
  void __stack_chk_fail(void)
  {
@@ -77126,7 +76011,7 @@ index e1b2822..5edc1d9 100644
  }
  EXPORT_SYMBOL(__stack_chk_fail);
 diff --git a/kernel/pid.c b/kernel/pid.c
-index f2c6a68..4922d97 100644
+index 047dc62..418d74b 100644
 --- a/kernel/pid.c
 +++ b/kernel/pid.c
 @@ -33,6 +33,7 @@
@@ -77146,7 +76031,7 @@ index f2c6a68..4922d97 100644
  
  int pid_max_min = RESERVED_PIDS + 1;
  int pid_max_max = PID_MAX_LIMIT;
-@@ -441,10 +442,18 @@ EXPORT_SYMBOL(pid_task);
+@@ -440,10 +441,18 @@ EXPORT_SYMBOL(pid_task);
   */
  struct task_struct *find_task_by_pid_ns(pid_t nr, struct pid_namespace *ns)
  {
@@ -77166,7 +76051,7 @@ index f2c6a68..4922d97 100644
  }
  
  struct task_struct *find_task_by_vpid(pid_t vnr)
-@@ -452,6 +461,14 @@ struct task_struct *find_task_by_vpid(pid_t vnr)
+@@ -451,6 +460,14 @@ struct task_struct *find_task_by_vpid(pid_t vnr)
  	return find_task_by_pid_ns(vnr, task_active_pid_ns(current));
  }
  
@@ -77195,10 +76080,10 @@ index bea15bd..789f3d0 100644
  	if (write && !ns_capable(pid_ns->user_ns, CAP_SYS_ADMIN))
  		return -EPERM;
 diff --git a/kernel/posix-cpu-timers.c b/kernel/posix-cpu-timers.c
-index 942ca27..111e609 100644
+index 8fd709c..542bf4b 100644
 --- a/kernel/posix-cpu-timers.c
 +++ b/kernel/posix-cpu-timers.c
-@@ -1576,14 +1576,14 @@ struct k_clock clock_posix_cpu = {
+@@ -1592,14 +1592,14 @@ struct k_clock clock_posix_cpu = {
  
  static __init int init_posix_cpu_timers(void)
  {
@@ -77216,7 +76101,7 @@ index 942ca27..111e609 100644
  		.clock_get	= thread_cpu_clock_get,
  		.timer_create	= thread_cpu_timer_create,
 diff --git a/kernel/posix-timers.c b/kernel/posix-timers.c
-index e885be1..380fe76 100644
+index 6edbb2c..334f085 100644
 --- a/kernel/posix-timers.c
 +++ b/kernel/posix-timers.c
 @@ -43,6 +43,7 @@
@@ -77299,7 +76184,7 @@ index e885be1..380fe76 100644
  }
  
  static int common_timer_create(struct k_itimer *new_timer)
-@@ -966,6 +967,13 @@ SYSCALL_DEFINE2(clock_settime, const clockid_t, which_clock,
+@@ -964,6 +965,13 @@ SYSCALL_DEFINE2(clock_settime, const clockid_t, which_clock,
  	if (copy_from_user(&new_tp, tp, sizeof (*tp)))
  		return -EFAULT;
  
@@ -77314,7 +76199,7 @@ index e885be1..380fe76 100644
  }
  
 diff --git a/kernel/power/process.c b/kernel/power/process.c
-index d5a258b..4271191 100644
+index 98088e0..aaf95c0 100644
 --- a/kernel/power/process.c
 +++ b/kernel/power/process.c
 @@ -33,6 +33,7 @@ static int try_to_freeze_tasks(bool user_only)
@@ -77357,10 +76242,10 @@ index d5a258b..4271191 100644
  
  		if (pm_wakeup_pending()) {
 diff --git a/kernel/printk.c b/kernel/printk.c
-index 267ce78..2487112 100644
+index abbdd9e..f294251 100644
 --- a/kernel/printk.c
 +++ b/kernel/printk.c
-@@ -609,11 +609,17 @@ static unsigned int devkmsg_poll(struct file *file, poll_table *wait)
+@@ -615,11 +615,17 @@ static unsigned int devkmsg_poll(struct file *file, poll_table *wait)
  	return ret;
  }
  
@@ -77378,7 +76263,7 @@ index 267ce78..2487112 100644
  	/* write-only does not need any file context */
  	if ((file->f_flags & O_ACCMODE) == O_WRONLY)
  		return 0;
-@@ -822,7 +828,7 @@ static int syslog_action_restricted(int type)
+@@ -828,7 +834,7 @@ static int syslog_action_restricted(int type)
  	if (dmesg_restrict)
  		return 1;
  	/* Unless restricted, we allow "read all" and "get buffer size" for everybody */
@@ -77387,7 +76272,7 @@ index 267ce78..2487112 100644
  }
  
  static int check_syslog_permissions(int type, bool from_file)
-@@ -834,6 +840,11 @@ static int check_syslog_permissions(int type, bool from_file)
+@@ -840,6 +846,11 @@ static int check_syslog_permissions(int type, bool from_file)
  	if (from_file && type != SYSLOG_ACTION_OPEN)
  		return 0;
  
@@ -77400,19 +76285,19 @@ index 267ce78..2487112 100644
  		if (capable(CAP_SYSLOG))
  			return 0;
 diff --git a/kernel/profile.c b/kernel/profile.c
-index 1f39181..86093471 100644
+index dc3384e..0de5b49 100644
 --- a/kernel/profile.c
 +++ b/kernel/profile.c
-@@ -40,7 +40,7 @@ struct profile_hit {
- /* Oprofile timer tick hook */
- static int (*timer_hook)(struct pt_regs *) __read_mostly;
+@@ -37,7 +37,7 @@ struct profile_hit {
+ #define NR_PROFILE_HIT		(PAGE_SIZE/sizeof(struct profile_hit))
+ #define NR_PROFILE_GRP		(NR_PROFILE_HIT/PROFILE_GRPSZ)
  
 -static atomic_t *prof_buffer;
 +static atomic_unchecked_t *prof_buffer;
  static unsigned long prof_len, prof_shift;
  
  int prof_on __read_mostly;
-@@ -282,7 +282,7 @@ static void profile_flip_buffers(void)
+@@ -260,7 +260,7 @@ static void profile_flip_buffers(void)
  					hits[i].pc = 0;
  				continue;
  			}
@@ -77421,7 +76306,7 @@ index 1f39181..86093471 100644
  			hits[i].hits = hits[i].pc = 0;
  		}
  	}
-@@ -343,9 +343,9 @@ static void do_profile_hits(int type, void *__pc, unsigned int nr_hits)
+@@ -321,9 +321,9 @@ static void do_profile_hits(int type, void *__pc, unsigned int nr_hits)
  	 * Add the current hit(s) and flush the write-queue out
  	 * to the global buffer:
  	 */
@@ -77433,7 +76318,7 @@ index 1f39181..86093471 100644
  		hits[i].pc = hits[i].hits = 0;
  	}
  out:
-@@ -420,7 +420,7 @@ static void do_profile_hits(int type, void *__pc, unsigned int nr_hits)
+@@ -398,7 +398,7 @@ static void do_profile_hits(int type, void *__pc, unsigned int nr_hits)
  {
  	unsigned long pc;
  	pc = ((unsigned long)__pc - (unsigned long)_stext) >> prof_shift;
@@ -77442,7 +76327,7 @@ index 1f39181..86093471 100644
  }
  #endif /* !CONFIG_SMP */
  
-@@ -518,7 +518,7 @@ read_profile(struct file *file, char __user *buf, size_t count, loff_t *ppos)
+@@ -494,7 +494,7 @@ read_profile(struct file *file, char __user *buf, size_t count, loff_t *ppos)
  			return -EFAULT;
  		buf++; p++; count--; read++;
  	}
@@ -77451,7 +76336,7 @@ index 1f39181..86093471 100644
  	if (copy_to_user(buf, (void *)pnt, count))
  		return -EFAULT;
  	read += count;
-@@ -549,7 +549,7 @@ static ssize_t write_profile(struct file *file, const char __user *buf,
+@@ -525,7 +525,7 @@ static ssize_t write_profile(struct file *file, const char __user *buf,
  	}
  #endif
  	profile_discard_flip_buffers();
@@ -77461,7 +76346,7 @@ index 1f39181..86093471 100644
  }
  
 diff --git a/kernel/ptrace.c b/kernel/ptrace.c
-index 6cbeaae..cfe7ff0 100644
+index acbd284..00bb0c9 100644
 --- a/kernel/ptrace.c
 +++ b/kernel/ptrace.c
 @@ -324,7 +324,7 @@ static int ptrace_attach(struct task_struct *task, long request,
@@ -77482,7 +76367,7 @@ index 6cbeaae..cfe7ff0 100644
  			return -EFAULT;
  		copied += retval;
  		src += retval;
-@@ -720,7 +720,7 @@ int ptrace_request(struct task_struct *child, long request,
+@@ -726,7 +726,7 @@ int ptrace_request(struct task_struct *child, long request,
  	bool seized = child->ptrace & PT_SEIZED;
  	int ret = -EIO;
  	siginfo_t siginfo, *si;
@@ -77491,7 +76376,7 @@ index 6cbeaae..cfe7ff0 100644
  	unsigned long __user *datalp = datavp;
  	unsigned long flags;
  
-@@ -922,14 +922,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr,
+@@ -928,14 +928,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr,
  		goto out;
  	}
  
@@ -77514,7 +76399,7 @@ index 6cbeaae..cfe7ff0 100644
  		goto out_put_task_struct;
  	}
  
-@@ -957,7 +964,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr,
+@@ -963,7 +970,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr,
  	copied = access_process_vm(tsk, addr, &tmp, sizeof(tmp), 0);
  	if (copied != sizeof(tmp))
  		return -EIO;
@@ -77523,7 +76408,7 @@ index 6cbeaae..cfe7ff0 100644
  }
  
  int generic_ptrace_pokedata(struct task_struct *tsk, unsigned long addr,
-@@ -1051,7 +1058,7 @@ int compat_ptrace_request(struct task_struct *child, compat_long_t request,
+@@ -1057,7 +1064,7 @@ int compat_ptrace_request(struct task_struct *child, compat_long_t request,
  }
  
  asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid,
@@ -77532,7 +76417,7 @@ index 6cbeaae..cfe7ff0 100644
  {
  	struct task_struct *child;
  	long ret;
-@@ -1067,14 +1074,21 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid,
+@@ -1073,14 +1080,21 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid,
  		goto out;
  	}
  
@@ -77555,8 +76440,25 @@ index 6cbeaae..cfe7ff0 100644
  		goto out_put_task_struct;
  	}
  
+diff --git a/kernel/rcupdate.c b/kernel/rcupdate.c
+index 48ab703..07561d4 100644
+--- a/kernel/rcupdate.c
++++ b/kernel/rcupdate.c
+@@ -439,10 +439,10 @@ int rcu_jiffies_till_stall_check(void)
+ 	 * for CONFIG_RCU_CPU_STALL_TIMEOUT.
+ 	 */
+ 	if (till_stall_check < 3) {
+-		ACCESS_ONCE(rcu_cpu_stall_timeout) = 3;
++		ACCESS_ONCE_RW(rcu_cpu_stall_timeout) = 3;
+ 		till_stall_check = 3;
+ 	} else if (till_stall_check > 300) {
+-		ACCESS_ONCE(rcu_cpu_stall_timeout) = 300;
++		ACCESS_ONCE_RW(rcu_cpu_stall_timeout) = 300;
+ 		till_stall_check = 300;
+ 	}
+ 	return till_stall_check * HZ + RCU_STALL_DELAY_DELTA;
 diff --git a/kernel/rcutiny.c b/kernel/rcutiny.c
-index e7dce58..ad0d7b7 100644
+index a0714a5..2ab5e34 100644
 --- a/kernel/rcutiny.c
 +++ b/kernel/rcutiny.c
 @@ -46,7 +46,7 @@
@@ -77568,7 +76470,7 @@ index e7dce58..ad0d7b7 100644
  static void __call_rcu(struct rcu_head *head,
  		       void (*func)(struct rcu_head *rcu),
  		       struct rcu_ctrlblk *rcp);
-@@ -310,7 +310,7 @@ static void __rcu_process_callbacks(struct rcu_ctrlblk *rcp)
+@@ -312,7 +312,7 @@ static void __rcu_process_callbacks(struct rcu_ctrlblk *rcp)
  				      rcu_is_callbacks_kthread()));
  }
  
@@ -77578,10 +76480,10 @@ index e7dce58..ad0d7b7 100644
  	__rcu_process_callbacks(&rcu_sched_ctrlblk);
  	__rcu_process_callbacks(&rcu_bh_ctrlblk);
 diff --git a/kernel/rcutiny_plugin.h b/kernel/rcutiny_plugin.h
-index f85016a..91cb03b 100644
+index 8a23300..4255818 100644
 --- a/kernel/rcutiny_plugin.h
 +++ b/kernel/rcutiny_plugin.h
-@@ -896,7 +896,7 @@ static int rcu_kthread(void *arg)
+@@ -945,7 +945,7 @@ static int rcu_kthread(void *arg)
  		have_rcu_kthread_work = morework;
  		local_irq_restore(flags);
  		if (work)
@@ -77591,10 +76493,10 @@ index f85016a..91cb03b 100644
  	}
  
 diff --git a/kernel/rcutorture.c b/kernel/rcutorture.c
-index 31dea01..ad91ffb 100644
+index e1f3a8c..42c94a2 100644
 --- a/kernel/rcutorture.c
 +++ b/kernel/rcutorture.c
-@@ -163,12 +163,12 @@ static DEFINE_PER_CPU(long [RCU_TORTURE_PIPE_LEN + 1], rcu_torture_count) =
+@@ -164,12 +164,12 @@ static DEFINE_PER_CPU(long [RCU_TORTURE_PIPE_LEN + 1], rcu_torture_count) =
  	{ 0 };
  static DEFINE_PER_CPU(long [RCU_TORTURE_PIPE_LEN + 1], rcu_torture_batch) =
  	{ 0 };
@@ -77613,7 +76515,7 @@ index 31dea01..ad91ffb 100644
  static long n_rcu_torture_barrier_error;
  static long n_rcu_torture_boost_ktrerror;
  static long n_rcu_torture_boost_rterror;
-@@ -272,11 +272,11 @@ rcu_torture_alloc(void)
+@@ -287,11 +287,11 @@ rcu_torture_alloc(void)
  
  	spin_lock_bh(&rcu_torture_lock);
  	if (list_empty(&rcu_torture_freelist)) {
@@ -77627,7 +76529,7 @@ index 31dea01..ad91ffb 100644
  	p = rcu_torture_freelist.next;
  	list_del_init(p);
  	spin_unlock_bh(&rcu_torture_lock);
-@@ -289,7 +289,7 @@ rcu_torture_alloc(void)
+@@ -304,7 +304,7 @@ rcu_torture_alloc(void)
  static void
  rcu_torture_free(struct rcu_torture *p)
  {
@@ -77636,7 +76538,7 @@ index 31dea01..ad91ffb 100644
  	spin_lock_bh(&rcu_torture_lock);
  	list_add_tail(&p->rtort_free, &rcu_torture_freelist);
  	spin_unlock_bh(&rcu_torture_lock);
-@@ -409,7 +409,7 @@ rcu_torture_cb(struct rcu_head *p)
+@@ -424,7 +424,7 @@ rcu_torture_cb(struct rcu_head *p)
  	i = rp->rtort_pipe_count;
  	if (i > RCU_TORTURE_PIPE_LEN)
  		i = RCU_TORTURE_PIPE_LEN;
@@ -77645,7 +76547,7 @@ index 31dea01..ad91ffb 100644
  	if (++rp->rtort_pipe_count >= RCU_TORTURE_PIPE_LEN) {
  		rp->rtort_mbtest = 0;
  		rcu_torture_free(rp);
-@@ -457,7 +457,7 @@ static void rcu_sync_torture_deferred_free(struct rcu_torture *p)
+@@ -472,7 +472,7 @@ static void rcu_sync_torture_deferred_free(struct rcu_torture *p)
  		i = rp->rtort_pipe_count;
  		if (i > RCU_TORTURE_PIPE_LEN)
  			i = RCU_TORTURE_PIPE_LEN;
@@ -77654,7 +76556,7 @@ index 31dea01..ad91ffb 100644
  		if (++rp->rtort_pipe_count >= RCU_TORTURE_PIPE_LEN) {
  			rp->rtort_mbtest = 0;
  			list_del(&rp->rtort_free);
-@@ -975,7 +975,7 @@ rcu_torture_writer(void *arg)
+@@ -990,7 +990,7 @@ rcu_torture_writer(void *arg)
  			i = old_rp->rtort_pipe_count;
  			if (i > RCU_TORTURE_PIPE_LEN)
  				i = RCU_TORTURE_PIPE_LEN;
@@ -77663,25 +76565,25 @@ index 31dea01..ad91ffb 100644
  			old_rp->rtort_pipe_count++;
  			cur_ops->deferred_free(old_rp);
  		}
-@@ -1060,7 +1060,7 @@ static void rcu_torture_timer(unsigned long unused)
+@@ -1076,7 +1076,7 @@ static void rcu_torture_timer(unsigned long unused)
+ 		return;
  	}
- 	do_trace_rcu_torture_read(cur_ops->name, &p->rtort_rcu);
  	if (p->rtort_mbtest == 0)
 -		atomic_inc(&n_rcu_torture_mberror);
 +		atomic_inc_unchecked(&n_rcu_torture_mberror);
  	spin_lock(&rand_lock);
  	cur_ops->read_delay(&rand);
  	n_rcu_torture_timers++;
-@@ -1124,7 +1124,7 @@ rcu_torture_reader(void *arg)
+@@ -1146,7 +1146,7 @@ rcu_torture_reader(void *arg)
+ 			continue;
  		}
- 		do_trace_rcu_torture_read(cur_ops->name, &p->rtort_rcu);
  		if (p->rtort_mbtest == 0)
 -			atomic_inc(&n_rcu_torture_mberror);
 +			atomic_inc_unchecked(&n_rcu_torture_mberror);
  		cur_ops->read_delay(&rand);
  		preempt_disable();
  		pipe_count = p->rtort_pipe_count;
-@@ -1183,11 +1183,11 @@ rcu_torture_printk(char *page)
+@@ -1209,11 +1209,11 @@ rcu_torture_printk(char *page)
  		       rcu_torture_current,
  		       rcu_torture_current_version,
  		       list_empty(&rcu_torture_freelist),
@@ -77697,7 +76599,7 @@ index 31dea01..ad91ffb 100644
  		       n_rcu_torture_boost_ktrerror,
  		       n_rcu_torture_boost_rterror);
  	cnt += sprintf(&page[cnt], "rtbf: %ld rtb: %ld nt: %ld ",
-@@ -1206,14 +1206,14 @@ rcu_torture_printk(char *page)
+@@ -1232,14 +1232,14 @@ rcu_torture_printk(char *page)
  		       n_barrier_attempts,
  		       n_rcu_torture_barrier_error);
  	cnt += sprintf(&page[cnt], "\n%s%s ", torture_type, TORTURE_FLAG);
@@ -77714,7 +76616,7 @@ index 31dea01..ad91ffb 100644
  		WARN_ON_ONCE(1);
  	}
  	cnt += sprintf(&page[cnt], "Reader Pipe: ");
-@@ -1227,7 +1227,7 @@ rcu_torture_printk(char *page)
+@@ -1253,7 +1253,7 @@ rcu_torture_printk(char *page)
  	cnt += sprintf(&page[cnt], "Free-Block Circulation: ");
  	for (i = 0; i < RCU_TORTURE_PIPE_LEN + 1; i++) {
  		cnt += sprintf(&page[cnt], " %d",
@@ -77723,7 +76625,7 @@ index 31dea01..ad91ffb 100644
  	}
  	cnt += sprintf(&page[cnt], "\n");
  	if (cur_ops->stats)
-@@ -1920,7 +1920,7 @@ rcu_torture_cleanup(void)
+@@ -1962,7 +1962,7 @@ rcu_torture_cleanup(void)
  
  	rcu_torture_stats_print();  /* -After- the stats thread is stopped! */
  
@@ -77732,7 +76634,7 @@ index 31dea01..ad91ffb 100644
  		rcu_torture_print_module_parms(cur_ops, "End of test: FAILURE");
  	else if (n_online_successes != n_online_attempts ||
  		 n_offline_successes != n_offline_attempts)
-@@ -1989,18 +1989,18 @@ rcu_torture_init(void)
+@@ -2031,18 +2031,18 @@ rcu_torture_init(void)
  
  	rcu_torture_current = NULL;
  	rcu_torture_current_version = 0;
@@ -77758,10 +76660,10 @@ index 31dea01..ad91ffb 100644
  		for (i = 0; i < RCU_TORTURE_PIPE_LEN + 1; i++) {
  			per_cpu(rcu_torture_count, cpu)[i] = 0;
 diff --git a/kernel/rcutree.c b/kernel/rcutree.c
-index e441b77..dd54f17 100644
+index 5b8ad82..17274d1 100644
 --- a/kernel/rcutree.c
 +++ b/kernel/rcutree.c
-@@ -349,9 +349,9 @@ static void rcu_eqs_enter_common(struct rcu_dynticks *rdtp, long long oldval,
+@@ -353,9 +353,9 @@ static void rcu_eqs_enter_common(struct rcu_dynticks *rdtp, long long oldval,
  	rcu_prepare_for_idle(smp_processor_id());
  	/* CPUs seeing atomic_inc() must see prior RCU read-side crit sects */
  	smp_mb__before_atomic_inc();  /* See above. */
@@ -77773,7 +76675,7 @@ index e441b77..dd54f17 100644
  
  	/*
  	 * It is illegal to enter an extended quiescent state while
-@@ -487,10 +487,10 @@ static void rcu_eqs_exit_common(struct rcu_dynticks *rdtp, long long oldval,
+@@ -491,10 +491,10 @@ static void rcu_eqs_exit_common(struct rcu_dynticks *rdtp, long long oldval,
  			       int user)
  {
  	smp_mb__before_atomic_inc();  /* Force ordering w/previous sojourn. */
@@ -77786,7 +76688,7 @@ index e441b77..dd54f17 100644
  	rcu_cleanup_after_idle(smp_processor_id());
  	trace_rcu_dyntick("End", oldval, rdtp->dynticks_nesting);
  	if (!user && !is_idle_task(current)) {
-@@ -629,14 +629,14 @@ void rcu_nmi_enter(void)
+@@ -633,14 +633,14 @@ void rcu_nmi_enter(void)
  	struct rcu_dynticks *rdtp = &__get_cpu_var(rcu_dynticks);
  
  	if (rdtp->dynticks_nmi_nesting == 0 &&
@@ -77804,7 +76706,7 @@ index e441b77..dd54f17 100644
  }
  
  /**
-@@ -655,9 +655,9 @@ void rcu_nmi_exit(void)
+@@ -659,9 +659,9 @@ void rcu_nmi_exit(void)
  		return;
  	/* CPUs seeing atomic_inc() must see prior RCU read-side crit sects */
  	smp_mb__before_atomic_inc();  /* See above. */
@@ -77816,7 +76718,7 @@ index e441b77..dd54f17 100644
  }
  
  /**
-@@ -671,7 +671,7 @@ int rcu_is_cpu_idle(void)
+@@ -675,7 +675,7 @@ int rcu_is_cpu_idle(void)
  	int ret;
  
  	preempt_disable();
@@ -77825,7 +76727,7 @@ index e441b77..dd54f17 100644
  	preempt_enable();
  	return ret;
  }
-@@ -739,7 +739,7 @@ int rcu_is_cpu_rrupt_from_idle(void)
+@@ -743,7 +743,7 @@ static int rcu_is_cpu_rrupt_from_idle(void)
   */
  static int dyntick_save_progress_counter(struct rcu_data *rdp)
  {
@@ -77834,7 +76736,7 @@ index e441b77..dd54f17 100644
  	return (rdp->dynticks_snap & 0x1) == 0;
  }
  
-@@ -754,7 +754,7 @@ static int rcu_implicit_dynticks_qs(struct rcu_data *rdp)
+@@ -758,7 +758,7 @@ static int rcu_implicit_dynticks_qs(struct rcu_data *rdp)
  	unsigned int curr;
  	unsigned int snap;
  
@@ -77843,20 +76745,7 @@ index e441b77..dd54f17 100644
  	snap = (unsigned int)rdp->dynticks_snap;
  
  	/*
-@@ -802,10 +802,10 @@ static int jiffies_till_stall_check(void)
- 	 * for CONFIG_RCU_CPU_STALL_TIMEOUT.
- 	 */
- 	if (till_stall_check < 3) {
--		ACCESS_ONCE(rcu_cpu_stall_timeout) = 3;
-+		ACCESS_ONCE_RW(rcu_cpu_stall_timeout) = 3;
- 		till_stall_check = 3;
- 	} else if (till_stall_check > 300) {
--		ACCESS_ONCE(rcu_cpu_stall_timeout) = 300;
-+		ACCESS_ONCE_RW(rcu_cpu_stall_timeout) = 300;
- 		till_stall_check = 300;
- 	}
- 	return till_stall_check * HZ + RCU_STALL_DELAY_DELTA;
-@@ -1592,7 +1592,7 @@ rcu_send_cbs_to_orphanage(int cpu, struct rcu_state *rsp,
+@@ -1698,7 +1698,7 @@ rcu_send_cbs_to_orphanage(int cpu, struct rcu_state *rsp,
  		rsp->qlen += rdp->qlen;
  		rdp->n_cbs_orphaned += rdp->qlen;
  		rdp->qlen_lazy = 0;
@@ -77865,7 +76754,7 @@ index e441b77..dd54f17 100644
  	}
  
  	/*
-@@ -1838,7 +1838,7 @@ static void rcu_do_batch(struct rcu_state *rsp, struct rcu_data *rdp)
+@@ -1944,7 +1944,7 @@ static void rcu_do_batch(struct rcu_state *rsp, struct rcu_data *rdp)
  	}
  	smp_mb(); /* List handling before counting for rcu_barrier(). */
  	rdp->qlen_lazy -= count_lazy;
@@ -77874,7 +76763,7 @@ index e441b77..dd54f17 100644
  	rdp->n_cbs_invoked += count;
  
  	/* Reinstate batch limit if we have worked down the excess. */
-@@ -2031,7 +2031,7 @@ __rcu_process_callbacks(struct rcu_state *rsp)
+@@ -2137,7 +2137,7 @@ __rcu_process_callbacks(struct rcu_state *rsp)
  /*
   * Do RCU core processing for the current CPU.
   */
@@ -77883,7 +76772,7 @@ index e441b77..dd54f17 100644
  {
  	struct rcu_state *rsp;
  
-@@ -2154,7 +2154,7 @@ __call_rcu(struct rcu_head *head, void (*func)(struct rcu_head *rcu),
+@@ -2260,7 +2260,7 @@ __call_rcu(struct rcu_head *head, void (*func)(struct rcu_head *rcu),
  		local_irq_restore(flags);
  		return;
  	}
@@ -77892,7 +76781,7 @@ index e441b77..dd54f17 100644
  	if (lazy)
  		rdp->qlen_lazy++;
  	else
-@@ -2363,11 +2363,11 @@ void synchronize_sched_expedited(void)
+@@ -2469,11 +2469,11 @@ void synchronize_sched_expedited(void)
  	 * counter wrap on a 32-bit system.  Quite a few more CPUs would of
  	 * course be required on a 64-bit system.
  	 */
@@ -77906,7 +76795,7 @@ index e441b77..dd54f17 100644
  		return;
  	}
  
-@@ -2375,7 +2375,7 @@ void synchronize_sched_expedited(void)
+@@ -2481,7 +2481,7 @@ void synchronize_sched_expedited(void)
  	 * Take a ticket.  Note that atomic_inc_return() implies a
  	 * full memory barrier.
  	 */
@@ -77915,7 +76804,7 @@ index e441b77..dd54f17 100644
  	firstsnap = snap;
  	get_online_cpus();
  	WARN_ON_ONCE(cpu_is_offline(raw_smp_processor_id()));
-@@ -2388,14 +2388,14 @@ void synchronize_sched_expedited(void)
+@@ -2494,14 +2494,14 @@ void synchronize_sched_expedited(void)
  			     synchronize_sched_expedited_cpu_stop,
  			     NULL) == -EAGAIN) {
  		put_online_cpus();
@@ -77932,7 +76821,7 @@ index e441b77..dd54f17 100644
  			return;
  		}
  
-@@ -2404,7 +2404,7 @@ void synchronize_sched_expedited(void)
+@@ -2510,7 +2510,7 @@ void synchronize_sched_expedited(void)
  			udelay(trycount * num_online_cpus());
  		} else {
  			wait_rcu_gp(call_rcu_sched);
@@ -77941,7 +76830,7 @@ index e441b77..dd54f17 100644
  			return;
  		}
  
-@@ -2413,7 +2413,7 @@ void synchronize_sched_expedited(void)
+@@ -2519,7 +2519,7 @@ void synchronize_sched_expedited(void)
  		if (ULONG_CMP_GE((ulong)s, (ulong)firstsnap)) {
  			/* ensure test happens before caller kfree */
  			smp_mb__before_atomic_inc(); /* ^^^ */
@@ -77950,7 +76839,7 @@ index e441b77..dd54f17 100644
  			return;
  		}
  
-@@ -2425,10 +2425,10 @@ void synchronize_sched_expedited(void)
+@@ -2531,10 +2531,10 @@ void synchronize_sched_expedited(void)
  		 * period works for us.
  		 */
  		get_online_cpus();
@@ -77963,7 +76852,7 @@ index e441b77..dd54f17 100644
  
  	/*
  	 * Everyone up to our most recent fetch is covered by our grace
-@@ -2437,16 +2437,16 @@ void synchronize_sched_expedited(void)
+@@ -2543,16 +2543,16 @@ void synchronize_sched_expedited(void)
  	 * than we did already did their update.
  	 */
  	do {
@@ -77983,7 +76872,7 @@ index e441b77..dd54f17 100644
  
  	put_online_cpus();
  }
-@@ -2620,7 +2620,7 @@ static void _rcu_barrier(struct rcu_state *rsp)
+@@ -2726,7 +2726,7 @@ static void _rcu_barrier(struct rcu_state *rsp)
  	 * ACCESS_ONCE() to prevent the compiler from speculating
  	 * the increment to precede the early-exit check.
  	 */
@@ -77992,7 +76881,7 @@ index e441b77..dd54f17 100644
  	WARN_ON_ONCE((rsp->n_barrier_done & 0x1) != 1);
  	_rcu_barrier_trace(rsp, "Inc1", -1, rsp->n_barrier_done);
  	smp_mb(); /* Order ->n_barrier_done increment with below mechanism. */
-@@ -2670,7 +2670,7 @@ static void _rcu_barrier(struct rcu_state *rsp)
+@@ -2776,7 +2776,7 @@ static void _rcu_barrier(struct rcu_state *rsp)
  
  	/* Increment ->n_barrier_done to prevent duplicate work. */
  	smp_mb(); /* Keep increment after above mechanism. */
@@ -78001,7 +76890,7 @@ index e441b77..dd54f17 100644
  	WARN_ON_ONCE((rsp->n_barrier_done & 0x1) != 0);
  	_rcu_barrier_trace(rsp, "Inc2", -1, rsp->n_barrier_done);
  	smp_mb(); /* Keep increment before caller's subsequent code. */
-@@ -2715,10 +2715,10 @@ rcu_boot_init_percpu_data(int cpu, struct rcu_state *rsp)
+@@ -2821,10 +2821,10 @@ rcu_boot_init_percpu_data(int cpu, struct rcu_state *rsp)
  	rdp->grpmask = 1UL << (cpu - rdp->mynode->grplo);
  	init_callback_list(rdp);
  	rdp->qlen_lazy = 0;
@@ -78011,10 +76900,10 @@ index e441b77..dd54f17 100644
  	WARN_ON_ONCE(rdp->dynticks->dynticks_nesting != DYNTICK_TASK_EXIT_IDLE);
 -	WARN_ON_ONCE(atomic_read(&rdp->dynticks->dynticks) != 1);
 +	WARN_ON_ONCE(atomic_read_unchecked(&rdp->dynticks->dynticks) != 1);
- #ifdef CONFIG_RCU_USER_QS
- 	WARN_ON_ONCE(rdp->dynticks->in_user);
- #endif
-@@ -2754,8 +2754,8 @@ rcu_init_percpu_data(int cpu, struct rcu_state *rsp, int preemptible)
+ 	rdp->cpu = cpu;
+ 	rdp->rsp = rsp;
+ 	rcu_boot_init_nocb_percpu_data(rdp);
+@@ -2857,8 +2857,8 @@ rcu_init_percpu_data(int cpu, struct rcu_state *rsp, int preemptible)
  	rdp->blimit = blimit;
  	init_callback_list(rdp);  /* Re-enable callbacks on this CPU. */
  	rdp->dynticks->dynticks_nesting = DYNTICK_TASK_EXIT_IDLE;
@@ -78026,7 +76915,7 @@ index e441b77..dd54f17 100644
  	raw_spin_unlock(&rnp->lock);		/* irqs remain disabled. */
  
 diff --git a/kernel/rcutree.h b/kernel/rcutree.h
-index 4b69291..704c92e 100644
+index c896b50..c357252 100644
 --- a/kernel/rcutree.h
 +++ b/kernel/rcutree.h
 @@ -86,7 +86,7 @@ struct rcu_dynticks {
@@ -78038,7 +76927,7 @@ index 4b69291..704c92e 100644
  #ifdef CONFIG_RCU_FAST_NO_HZ
  	int dyntick_drain;	    /* Prepare-for-idle state variable. */
  	unsigned long dyntick_holdoff;
-@@ -423,17 +423,17 @@ struct rcu_state {
+@@ -416,17 +416,17 @@ struct rcu_state {
  						/*  _rcu_barrier(). */
  	/* End of fields guarded by barrier_mutex. */
  
@@ -78208,10 +77097,10 @@ index 73f35d4..4684fc4 100644
  }
  __initcall(ioresources_init);
 diff --git a/kernel/rtmutex-tester.c b/kernel/rtmutex-tester.c
-index 98ec494..4241d6d 100644
+index 7890b10..8b68605f 100644
 --- a/kernel/rtmutex-tester.c
 +++ b/kernel/rtmutex-tester.c
-@@ -20,7 +20,7 @@
+@@ -21,7 +21,7 @@
  #define MAX_RT_TEST_MUTEXES	8
  
  static spinlock_t rttest_lock;
@@ -78220,7 +77109,7 @@ index 98ec494..4241d6d 100644
  
  struct test_thread_data {
  	int			opcode;
-@@ -61,7 +61,7 @@ static int handle_op(struct test_thread_data *td, int lockwakeup)
+@@ -62,7 +62,7 @@ static int handle_op(struct test_thread_data *td, int lockwakeup)
  
  	case RTTEST_LOCKCONT:
  		td->mutexes[td->opdata] = 1;
@@ -78229,7 +77118,7 @@ index 98ec494..4241d6d 100644
  		return 0;
  
  	case RTTEST_RESET:
-@@ -74,7 +74,7 @@ static int handle_op(struct test_thread_data *td, int lockwakeup)
+@@ -75,7 +75,7 @@ static int handle_op(struct test_thread_data *td, int lockwakeup)
  		return 0;
  
  	case RTTEST_RESETEVENT:
@@ -78238,7 +77127,7 @@ index 98ec494..4241d6d 100644
  		return 0;
  
  	default:
-@@ -91,9 +91,9 @@ static int handle_op(struct test_thread_data *td, int lockwakeup)
+@@ -92,9 +92,9 @@ static int handle_op(struct test_thread_data *td, int lockwakeup)
  			return ret;
  
  		td->mutexes[id] = 1;
@@ -78250,7 +77139,7 @@ index 98ec494..4241d6d 100644
  		td->mutexes[id] = 4;
  		return 0;
  
-@@ -104,9 +104,9 @@ static int handle_op(struct test_thread_data *td, int lockwakeup)
+@@ -105,9 +105,9 @@ static int handle_op(struct test_thread_data *td, int lockwakeup)
  			return ret;
  
  		td->mutexes[id] = 1;
@@ -78262,7 +77151,7 @@ index 98ec494..4241d6d 100644
  		td->mutexes[id] = ret ? 0 : 4;
  		return ret ? -EINTR : 0;
  
-@@ -115,9 +115,9 @@ static int handle_op(struct test_thread_data *td, int lockwakeup)
+@@ -116,9 +116,9 @@ static int handle_op(struct test_thread_data *td, int lockwakeup)
  		if (id < 0 || id >= MAX_RT_TEST_MUTEXES || td->mutexes[id] != 4)
  			return ret;
  
@@ -78274,7 +77163,7 @@ index 98ec494..4241d6d 100644
  		td->mutexes[id] = 0;
  		return 0;
  
-@@ -164,7 +164,7 @@ void schedule_rt_mutex_test(struct rt_mutex *mutex)
+@@ -165,7 +165,7 @@ void schedule_rt_mutex_test(struct rt_mutex *mutex)
  			break;
  
  		td->mutexes[dat] = 2;
@@ -78283,7 +77172,7 @@ index 98ec494..4241d6d 100644
  		break;
  
  	default:
-@@ -184,7 +184,7 @@ void schedule_rt_mutex_test(struct rt_mutex *mutex)
+@@ -185,7 +185,7 @@ void schedule_rt_mutex_test(struct rt_mutex *mutex)
  			return;
  
  		td->mutexes[dat] = 3;
@@ -78292,7 +77181,7 @@ index 98ec494..4241d6d 100644
  		break;
  
  	case RTTEST_LOCKNOWAIT:
-@@ -196,7 +196,7 @@ void schedule_rt_mutex_test(struct rt_mutex *mutex)
+@@ -197,7 +197,7 @@ void schedule_rt_mutex_test(struct rt_mutex *mutex)
  			return;
  
  		td->mutexes[dat] = 1;
@@ -78302,7 +77191,7 @@ index 98ec494..4241d6d 100644
  
  	default:
 diff --git a/kernel/sched/auto_group.c b/kernel/sched/auto_group.c
-index 0984a21..939f183 100644
+index 64de5f8..7735e12 100644
 --- a/kernel/sched/auto_group.c
 +++ b/kernel/sched/auto_group.c
 @@ -11,7 +11,7 @@
@@ -78314,7 +77203,7 @@ index 0984a21..939f183 100644
  
  void __init autogroup_init(struct task_struct *init_task)
  {
-@@ -78,7 +78,7 @@ static inline struct autogroup *autogroup_create(void)
+@@ -81,7 +81,7 @@ static inline struct autogroup *autogroup_create(void)
  
  	kref_init(&ag->kref);
  	init_rwsem(&ag->lock);
@@ -78324,10 +77213,10 @@ index 0984a21..939f183 100644
  #ifdef CONFIG_RT_GROUP_SCHED
  	/*
 diff --git a/kernel/sched/core.c b/kernel/sched/core.c
-index 5e2f7c3..4002d41 100644
+index 67d0465..4cf9361 100644
 --- a/kernel/sched/core.c
 +++ b/kernel/sched/core.c
-@@ -3369,7 +3369,7 @@ EXPORT_SYMBOL(wait_for_completion_interruptible);
+@@ -3406,7 +3406,7 @@ EXPORT_SYMBOL(wait_for_completion_interruptible);
   * The return value is -ERESTARTSYS if interrupted, 0 if timed out,
   * positive (at least 1, or number of jiffies left till timeout) if completed.
   */
@@ -78336,7 +77225,7 @@ index 5e2f7c3..4002d41 100644
  wait_for_completion_interruptible_timeout(struct completion *x,
  					  unsigned long timeout)
  {
-@@ -3386,7 +3386,7 @@ EXPORT_SYMBOL(wait_for_completion_interruptible_timeout);
+@@ -3423,7 +3423,7 @@ EXPORT_SYMBOL(wait_for_completion_interruptible_timeout);
   *
   * The return value is -ERESTARTSYS if interrupted, 0 if completed.
   */
@@ -78345,7 +77234,7 @@ index 5e2f7c3..4002d41 100644
  {
  	long t = wait_for_common(x, MAX_SCHEDULE_TIMEOUT, TASK_KILLABLE);
  	if (t == -ERESTARTSYS)
-@@ -3407,7 +3407,7 @@ EXPORT_SYMBOL(wait_for_completion_killable);
+@@ -3444,7 +3444,7 @@ EXPORT_SYMBOL(wait_for_completion_killable);
   * The return value is -ERESTARTSYS if interrupted, 0 if timed out,
   * positive (at least 1, or number of jiffies left till timeout) if completed.
   */
@@ -78354,7 +77243,7 @@ index 5e2f7c3..4002d41 100644
  wait_for_completion_killable_timeout(struct completion *x,
  				     unsigned long timeout)
  {
-@@ -3633,6 +3633,8 @@ int can_nice(const struct task_struct *p, const int nice)
+@@ -3670,6 +3670,8 @@ int can_nice(const struct task_struct *p, const int nice)
  	/* convert nice value [19,-20] to rlimit style value [1,40] */
  	int nice_rlim = 20 - nice;
  
@@ -78363,7 +77252,7 @@ index 5e2f7c3..4002d41 100644
  	return (nice_rlim <= task_rlimit(p, RLIMIT_NICE) ||
  		capable(CAP_SYS_NICE));
  }
-@@ -3666,7 +3668,8 @@ SYSCALL_DEFINE1(nice, int, increment)
+@@ -3703,7 +3705,8 @@ SYSCALL_DEFINE1(nice, int, increment)
  	if (nice > 19)
  		nice = 19;
  
@@ -78373,7 +77262,7 @@ index 5e2f7c3..4002d41 100644
  		return -EPERM;
  
  	retval = security_task_setnice(current, nice);
-@@ -3820,6 +3823,7 @@ recheck:
+@@ -3857,6 +3860,7 @@ recheck:
  			unsigned long rlim_rtprio =
  					task_rlimit(p, RLIMIT_RTPRIO);
  
@@ -78381,7 +77270,7 @@ index 5e2f7c3..4002d41 100644
  			/* can't set/change the rt policy */
  			if (policy != p->policy && !rlim_rtprio)
  				return -EPERM;
-@@ -4903,7 +4907,7 @@ static void migrate_tasks(unsigned int dead_cpu)
+@@ -4954,7 +4958,7 @@ static void migrate_tasks(unsigned int dead_cpu)
  
  #if defined(CONFIG_SCHED_DEBUG) && defined(CONFIG_SYSCTL)
  
@@ -78390,7 +77279,7 @@ index 5e2f7c3..4002d41 100644
  	{
  		.procname	= "sched_domain",
  		.mode		= 0555,
-@@ -4920,17 +4924,17 @@ static struct ctl_table sd_ctl_root[] = {
+@@ -4971,17 +4975,17 @@ static struct ctl_table sd_ctl_root[] = {
  	{}
  };
  
@@ -78412,7 +77301,7 @@ index 5e2f7c3..4002d41 100644
  
  	/*
  	 * In the intermediate directories, both the child directory and
-@@ -4938,22 +4942,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep)
+@@ -4989,22 +4993,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep)
  	 * will always be set. In the lowest directory the names are
  	 * static strings and all have proc handlers.
  	 */
@@ -78444,7 +77333,7 @@ index 5e2f7c3..4002d41 100644
  		const char *procname, void *data, int maxlen,
  		umode_t mode, proc_handler *proc_handler,
  		bool load_idx)
-@@ -4973,7 +4980,7 @@ set_table_entry(struct ctl_table *entry,
+@@ -5024,7 +5031,7 @@ set_table_entry(struct ctl_table *entry,
  static struct ctl_table *
  sd_alloc_ctl_domain_table(struct sched_domain *sd)
  {
@@ -78453,7 +77342,7 @@ index 5e2f7c3..4002d41 100644
  
  	if (table == NULL)
  		return NULL;
-@@ -5008,9 +5015,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd)
+@@ -5059,9 +5066,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd)
  	return table;
  }
  
@@ -78465,7 +77354,7 @@ index 5e2f7c3..4002d41 100644
  	struct sched_domain *sd;
  	int domain_num = 0, i;
  	char buf[32];
-@@ -5037,11 +5044,13 @@ static struct ctl_table_header *sd_sysctl_header;
+@@ -5088,11 +5095,13 @@ static struct ctl_table_header *sd_sysctl_header;
  static void register_sched_domain_sysctl(void)
  {
  	int i, cpu_num = num_possible_cpus();
@@ -78480,7 +77369,7 @@ index 5e2f7c3..4002d41 100644
  
  	if (entry == NULL)
  		return;
-@@ -5064,8 +5073,12 @@ static void unregister_sched_domain_sysctl(void)
+@@ -5115,8 +5124,12 @@ static void unregister_sched_domain_sysctl(void)
  	if (sd_sysctl_header)
  		unregister_sysctl_table(sd_sysctl_header);
  	sd_sysctl_header = NULL;
@@ -78495,7 +77384,7 @@ index 5e2f7c3..4002d41 100644
  }
  #else
  static void register_sched_domain_sysctl(void)
-@@ -5164,7 +5177,7 @@ migration_call(struct notifier_block *nfb, unsigned long action, void *hcpu)
+@@ -5215,7 +5228,7 @@ migration_call(struct notifier_block *nfb, unsigned long action, void *hcpu)
   * happens before everything else.  This has to be lower priority than
   * the notifier in the perf_event subsystem, though.
   */
@@ -78505,7 +77394,7 @@ index 5e2f7c3..4002d41 100644
  	.priority = CPU_PRI_MIGRATION,
  };
 diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
-index 81fa536..6ccf96a 100644
+index 7a33e59..2f7730c 100644
 --- a/kernel/sched/fair.c
 +++ b/kernel/sched/fair.c
 @@ -830,7 +830,7 @@ void task_numa_fault(int node, int pages, bool migrated)
@@ -78517,48 +77406,7 @@ index 81fa536..6ccf96a 100644
  	p->mm->numa_scan_offset = 0;
  }
  
-@@ -3254,25 +3254,18 @@ find_idlest_cpu(struct sched_group *group, struct task_struct *p, int this_cpu)
-  */
- static int select_idle_sibling(struct task_struct *p, int target)
- {
--	int cpu = smp_processor_id();
--	int prev_cpu = task_cpu(p);
- 	struct sched_domain *sd;
- 	struct sched_group *sg;
--	int i;
-+	int i = task_cpu(p);
- 
--	/*
--	 * If the task is going to be woken-up on this cpu and if it is
--	 * already idle, then it is the right target.
--	 */
--	if (target == cpu && idle_cpu(cpu))
--		return cpu;
-+	if (idle_cpu(target))
-+		return target;
- 
- 	/*
--	 * If the task is going to be woken-up on the cpu where it previously
--	 * ran and if it is currently idle, then it the right target.
-+	 * If the prevous cpu is cache affine and idle, don't be stupid.
- 	 */
--	if (target == prev_cpu && idle_cpu(prev_cpu))
--		return prev_cpu;
-+	if (i != target && cpus_share_cache(i, target) && idle_cpu(i))
-+		return i;
- 
- 	/*
- 	 * Otherwise, iterate the domains and find an elegible idle cpu.
-@@ -3286,7 +3279,7 @@ static int select_idle_sibling(struct task_struct *p, int target)
- 				goto next;
- 
- 			for_each_cpu(i, sched_group_cpus(sg)) {
--				if (!idle_cpu(i))
-+				if (i == target || !idle_cpu(i))
- 					goto next;
- 			}
- 
-@@ -5663,7 +5656,7 @@ static void nohz_idle_balance(int this_cpu, enum cpu_idle_type idle) { }
+@@ -5654,7 +5654,7 @@ static void nohz_idle_balance(int this_cpu, enum cpu_idle_type idle) { }
   * run_rebalance_domains is triggered when needed from the scheduler tick.
   * Also triggered for nohz idle balancing (with nohz_balancing_kick set).
   */
@@ -78568,7 +77416,7 @@ index 81fa536..6ccf96a 100644
  	int this_cpu = smp_processor_id();
  	struct rq *this_rq = cpu_rq(this_cpu);
 diff --git a/kernel/signal.c b/kernel/signal.c
-index 50e425c..92c8f65 100644
+index 598dc06..471310a 100644
 --- a/kernel/signal.c
 +++ b/kernel/signal.c
 @@ -50,12 +50,12 @@ static struct kmem_cache *sigqueue_cachep;
@@ -78677,7 +77525,7 @@ index 50e425c..92c8f65 100644
  
  	return ret;
  }
-@@ -2855,7 +2878,15 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info)
+@@ -2923,7 +2946,15 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info)
  	int error = -ESRCH;
  
  	rcu_read_lock();
@@ -78694,7 +77542,7 @@ index 50e425c..92c8f65 100644
  	if (p && (tgid <= 0 || task_tgid_vnr(p) == tgid)) {
  		error = check_kill_permission(sig, info, p);
  		/*
-@@ -3138,8 +3169,8 @@ COMPAT_SYSCALL_DEFINE2(sigaltstack,
+@@ -3237,8 +3268,8 @@ COMPAT_SYSCALL_DEFINE2(sigaltstack,
  	}
  	seg = get_fs();
  	set_fs(KERNEL_DS);
@@ -78706,10 +77554,10 @@ index 50e425c..92c8f65 100644
  	set_fs(seg);
  	if (ret >= 0 && uoss_ptr)  {
 diff --git a/kernel/smp.c b/kernel/smp.c
-index 69f38bd..77bbf12 100644
+index 8e451f3..8322029 100644
 --- a/kernel/smp.c
 +++ b/kernel/smp.c
-@@ -77,7 +77,7 @@ hotplug_cfd(struct notifier_block *nfb, unsigned long action, void *hcpu)
+@@ -73,7 +73,7 @@ hotplug_cfd(struct notifier_block *nfb, unsigned long action, void *hcpu)
  	return NOTIFY_OK;
  }
  
@@ -78719,10 +77567,10 @@ index 69f38bd..77bbf12 100644
  };
  
 diff --git a/kernel/smpboot.c b/kernel/smpboot.c
-index d6c5fc0..530560c 100644
+index 02fc5c9..e54c335 100644
 --- a/kernel/smpboot.c
 +++ b/kernel/smpboot.c
-@@ -275,7 +275,7 @@ int smpboot_register_percpu_thread(struct smp_hotplug_thread *plug_thread)
+@@ -288,7 +288,7 @@ int smpboot_register_percpu_thread(struct smp_hotplug_thread *plug_thread)
  		}
  		smpboot_unpark_thread(plug_thread, cpu);
  	}
@@ -78731,7 +77579,7 @@ index d6c5fc0..530560c 100644
  out:
  	mutex_unlock(&smpboot_threads_lock);
  	return ret;
-@@ -292,7 +292,7 @@ void smpboot_unregister_percpu_thread(struct smp_hotplug_thread *plug_thread)
+@@ -305,7 +305,7 @@ void smpboot_unregister_percpu_thread(struct smp_hotplug_thread *plug_thread)
  {
  	get_online_cpus();
  	mutex_lock(&smpboot_threads_lock);
@@ -78741,7 +77589,7 @@ index d6c5fc0..530560c 100644
  	mutex_unlock(&smpboot_threads_lock);
  	put_online_cpus();
 diff --git a/kernel/softirq.c b/kernel/softirq.c
-index ed567ba..e71dabf 100644
+index 14d7758..012121f 100644
 --- a/kernel/softirq.c
 +++ b/kernel/softirq.c
 @@ -53,11 +53,11 @@ irq_cpustat_t irq_stat[NR_CPUS] ____cacheline_aligned;
@@ -78767,7 +77615,7 @@ index ed567ba..e71dabf 100644
  			trace_softirq_exit(vec_nr);
  			if (unlikely(prev_count != preempt_count())) {
  				printk(KERN_ERR "huh, entered softirq %u %s %p"
-@@ -391,7 +391,7 @@ void __raise_softirq_irqoff(unsigned int nr)
+@@ -389,7 +389,7 @@ void __raise_softirq_irqoff(unsigned int nr)
  	or_softirq_pending(1UL << nr);
  }
  
@@ -78776,7 +77624,7 @@ index ed567ba..e71dabf 100644
  {
  	softirq_vec[nr].action = action;
  }
-@@ -447,7 +447,7 @@ void __tasklet_hi_schedule_first(struct tasklet_struct *t)
+@@ -445,7 +445,7 @@ void __tasklet_hi_schedule_first(struct tasklet_struct *t)
  
  EXPORT_SYMBOL(__tasklet_hi_schedule_first);
  
@@ -78785,7 +77633,7 @@ index ed567ba..e71dabf 100644
  {
  	struct tasklet_struct *list;
  
-@@ -482,7 +482,7 @@ static void tasklet_action(struct softirq_action *a)
+@@ -480,7 +480,7 @@ static void tasklet_action(struct softirq_action *a)
  	}
  }
  
@@ -78794,7 +77642,7 @@ index ed567ba..e71dabf 100644
  {
  	struct tasklet_struct *list;
  
-@@ -718,7 +718,7 @@ static int __cpuinit remote_softirq_cpu_notify(struct notifier_block *self,
+@@ -716,7 +716,7 @@ static int __cpuinit remote_softirq_cpu_notify(struct notifier_block *self,
  	return NOTIFY_OK;
  }
  
@@ -78803,7 +77651,7 @@ index ed567ba..e71dabf 100644
  	.notifier_call	= remote_softirq_cpu_notify,
  };
  
-@@ -835,11 +835,11 @@ static int __cpuinit cpu_callback(struct notifier_block *nfb,
+@@ -833,11 +833,11 @@ static int __cpuinit cpu_callback(struct notifier_block *nfb,
  	return NOTIFY_OK;
  }
  
@@ -78818,13 +77666,13 @@ index ed567ba..e71dabf 100644
  	.thread_should_run	= ksoftirqd_should_run,
  	.thread_fn		= run_ksoftirqd,
 diff --git a/kernel/srcu.c b/kernel/srcu.c
-index 2b85982..d52ab26 100644
+index 01d5ccb..cdcbee6 100644
 --- a/kernel/srcu.c
 +++ b/kernel/srcu.c
-@@ -305,9 +305,9 @@ int __srcu_read_lock(struct srcu_struct *sp)
+@@ -300,9 +300,9 @@ int __srcu_read_lock(struct srcu_struct *sp)
+ 
+ 	idx = ACCESS_ONCE(sp->completed) & 0x1;
  	preempt_disable();
- 	idx = rcu_dereference_index_check(sp->completed,
- 					  rcu_read_lock_sched_held()) & 0x1;
 -	ACCESS_ONCE(this_cpu_ptr(sp->per_cpu_ref)->c[idx]) += 1;
 +	ACCESS_ONCE_RW(this_cpu_ptr(sp->per_cpu_ref)->c[idx]) += 1;
  	smp_mb(); /* B */  /* Avoid leaking the critical section. */
@@ -78833,33 +77681,11 @@ index 2b85982..d52ab26 100644
  	preempt_enable();
  	return idx;
  }
-@@ -323,7 +323,7 @@ void __srcu_read_unlock(struct srcu_struct *sp, int idx)
- {
- 	preempt_disable();
- 	smp_mb(); /* C */  /* Avoid leaking the critical section. */
--	ACCESS_ONCE(this_cpu_ptr(sp->per_cpu_ref)->c[idx]) -= 1;
-+	ACCESS_ONCE_RW(this_cpu_ptr(sp->per_cpu_ref)->c[idx]) -= 1;
- 	preempt_enable();
- }
- EXPORT_SYMBOL_GPL(__srcu_read_unlock);
-diff --git a/kernel/stop_machine.c b/kernel/stop_machine.c
-index 2f194e9..2c05ea9 100644
---- a/kernel/stop_machine.c
-+++ b/kernel/stop_machine.c
-@@ -362,7 +362,7 @@ static int __cpuinit cpu_stop_cpu_callback(struct notifier_block *nfb,
-  * cpu notifiers.  It currently shares the same priority as sched
-  * migration_notifier.
-  */
--static struct notifier_block __cpuinitdata cpu_stop_cpu_notifier = {
-+static struct notifier_block cpu_stop_cpu_notifier = {
- 	.notifier_call	= cpu_stop_cpu_callback,
- 	.priority	= 10,
- };
 diff --git a/kernel/sys.c b/kernel/sys.c
-index 47f1d1b..8651bd9 100644
+index 0da73cf..a22106a 100644
 --- a/kernel/sys.c
 +++ b/kernel/sys.c
-@@ -157,6 +157,12 @@ static int set_one_prio(struct task_struct *p, int niceval, int error)
+@@ -158,6 +158,12 @@ static int set_one_prio(struct task_struct *p, int niceval, int error)
  		error = -EACCES;
  		goto out;
  	}
@@ -78872,7 +77698,7 @@ index 47f1d1b..8651bd9 100644
  	no_nice = security_task_setnice(p, niceval);
  	if (no_nice) {
  		error = no_nice;
-@@ -596,6 +602,9 @@ SYSCALL_DEFINE2(setregid, gid_t, rgid, gid_t, egid)
+@@ -598,6 +604,9 @@ SYSCALL_DEFINE2(setregid, gid_t, rgid, gid_t, egid)
  			goto error;
  	}
  
@@ -78882,7 +77708,7 @@ index 47f1d1b..8651bd9 100644
  	if (rgid != (gid_t) -1 ||
  	    (egid != (gid_t) -1 && !gid_eq(kegid, old->gid)))
  		new->sgid = new->egid;
-@@ -631,6 +640,10 @@ SYSCALL_DEFINE1(setgid, gid_t, gid)
+@@ -633,6 +642,10 @@ SYSCALL_DEFINE1(setgid, gid_t, gid)
  	old = current_cred();
  
  	retval = -EPERM;
@@ -78893,7 +77719,7 @@ index 47f1d1b..8651bd9 100644
  	if (nsown_capable(CAP_SETGID))
  		new->gid = new->egid = new->sgid = new->fsgid = kgid;
  	else if (gid_eq(kgid, old->gid) || gid_eq(kgid, old->sgid))
-@@ -648,7 +661,7 @@ error:
+@@ -650,7 +663,7 @@ error:
  /*
   * change the user struct in a credentials set to match the new UID
   */
@@ -78902,7 +77728,7 @@ index 47f1d1b..8651bd9 100644
  {
  	struct user_struct *new_user;
  
-@@ -728,6 +741,9 @@ SYSCALL_DEFINE2(setreuid, uid_t, ruid, uid_t, euid)
+@@ -730,6 +743,9 @@ SYSCALL_DEFINE2(setreuid, uid_t, ruid, uid_t, euid)
  			goto error;
  	}
  
@@ -78912,7 +77738,7 @@ index 47f1d1b..8651bd9 100644
  	if (!uid_eq(new->uid, old->uid)) {
  		retval = set_user(new);
  		if (retval < 0)
-@@ -778,6 +794,12 @@ SYSCALL_DEFINE1(setuid, uid_t, uid)
+@@ -780,6 +796,12 @@ SYSCALL_DEFINE1(setuid, uid_t, uid)
  	old = current_cred();
  
  	retval = -EPERM;
@@ -78925,7 +77751,7 @@ index 47f1d1b..8651bd9 100644
  	if (nsown_capable(CAP_SETUID)) {
  		new->suid = new->uid = kuid;
  		if (!uid_eq(kuid, old->uid)) {
-@@ -847,6 +869,9 @@ SYSCALL_DEFINE3(setresuid, uid_t, ruid, uid_t, euid, uid_t, suid)
+@@ -849,6 +871,9 @@ SYSCALL_DEFINE3(setresuid, uid_t, ruid, uid_t, euid, uid_t, suid)
  			goto error;
  	}
  
@@ -78935,7 +77761,7 @@ index 47f1d1b..8651bd9 100644
  	if (ruid != (uid_t) -1) {
  		new->uid = kruid;
  		if (!uid_eq(kruid, old->uid)) {
-@@ -929,6 +954,9 @@ SYSCALL_DEFINE3(setresgid, gid_t, rgid, gid_t, egid, gid_t, sgid)
+@@ -931,6 +956,9 @@ SYSCALL_DEFINE3(setresgid, gid_t, rgid, gid_t, egid, gid_t, sgid)
  			goto error;
  	}
  
@@ -78945,7 +77771,7 @@ index 47f1d1b..8651bd9 100644
  	if (rgid != (gid_t) -1)
  		new->gid = krgid;
  	if (egid != (gid_t) -1)
-@@ -990,12 +1018,16 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid)
+@@ -992,12 +1020,16 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid)
  	    uid_eq(kuid, old->suid) || uid_eq(kuid, old->fsuid) ||
  	    nsown_capable(CAP_SETUID)) {
  		if (!uid_eq(kuid, old->fsuid)) {
@@ -78962,7 +77788,7 @@ index 47f1d1b..8651bd9 100644
  	abort_creds(new);
  	return old_fsuid;
  
-@@ -1028,12 +1060,16 @@ SYSCALL_DEFINE1(setfsgid, gid_t, gid)
+@@ -1030,12 +1062,16 @@ SYSCALL_DEFINE1(setfsgid, gid_t, gid)
  	if (gid_eq(kgid, old->gid)  || gid_eq(kgid, old->egid)  ||
  	    gid_eq(kgid, old->sgid) || gid_eq(kgid, old->fsgid) ||
  	    nsown_capable(CAP_SETGID)) {
@@ -78979,7 +77805,7 @@ index 47f1d1b..8651bd9 100644
  	abort_creds(new);
  	return old_fsgid;
  
-@@ -1341,19 +1377,19 @@ SYSCALL_DEFINE1(olduname, struct oldold_utsname __user *, name)
+@@ -1343,19 +1379,19 @@ SYSCALL_DEFINE1(olduname, struct oldold_utsname __user *, name)
  		return -EFAULT;
  
  	down_read(&uts_sem);
@@ -79004,7 +77830,7 @@ index 47f1d1b..8651bd9 100644
  				__OLD_UTS_LEN);
  	error |= __put_user(0, name->machine + __OLD_UTS_LEN);
  	up_read(&uts_sem);
-@@ -1555,6 +1591,13 @@ int do_prlimit(struct task_struct *tsk, unsigned int resource,
+@@ -1557,6 +1593,13 @@ int do_prlimit(struct task_struct *tsk, unsigned int resource,
  			 */
  			new_rlim->rlim_cur = 1;
  		}
@@ -79018,20 +77844,11 @@ index 47f1d1b..8651bd9 100644
  	}
  	if (!retval) {
  		if (old_rlim)
-@@ -2027,7 +2070,7 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,
- 			error = get_dumpable(me->mm);
- 			break;
- 		case PR_SET_DUMPABLE:
--			if (arg2 < 0 || arg2 > 1) {
-+			if (arg2 > 1) {
- 				error = -EINVAL;
- 				break;
- 			}
 diff --git a/kernel/sysctl.c b/kernel/sysctl.c
-index c88878d..e4fa5d1 100644
+index afc1dc6..5e28bbf 100644
 --- a/kernel/sysctl.c
 +++ b/kernel/sysctl.c
-@@ -92,7 +92,6 @@
+@@ -93,7 +93,6 @@
  
  
  #if defined(CONFIG_SYSCTL)
@@ -79039,7 +77856,7 @@ index c88878d..e4fa5d1 100644
  /* External variables not in a header file. */
  extern int sysctl_overcommit_memory;
  extern int sysctl_overcommit_ratio;
-@@ -172,10 +171,8 @@ static int proc_taint(struct ctl_table *table, int write,
+@@ -178,10 +177,8 @@ static int proc_taint(struct ctl_table *table, int write,
  			       void __user *buffer, size_t *lenp, loff_t *ppos);
  #endif
  
@@ -79050,7 +77867,7 @@ index c88878d..e4fa5d1 100644
  
  static int proc_dointvec_minmax_coredump(struct ctl_table *table, int write,
  		void __user *buffer, size_t *lenp, loff_t *ppos);
-@@ -206,6 +203,8 @@ static int sysrq_sysctl_handler(ctl_table *table, int write,
+@@ -212,6 +209,8 @@ static int sysrq_sysctl_handler(ctl_table *table, int write,
  
  #endif
  
@@ -79059,7 +77876,7 @@ index c88878d..e4fa5d1 100644
  static struct ctl_table kern_table[];
  static struct ctl_table vm_table[];
  static struct ctl_table fs_table[];
-@@ -220,6 +219,20 @@ extern struct ctl_table epoll_table[];
+@@ -226,6 +225,20 @@ extern struct ctl_table epoll_table[];
  int sysctl_legacy_va_layout;
  #endif
  
@@ -79080,7 +77897,7 @@ index c88878d..e4fa5d1 100644
  /* The default sysctl tables: */
  
  static struct ctl_table sysctl_base_table[] = {
-@@ -268,6 +281,22 @@ static int max_extfrag_threshold = 1000;
+@@ -274,6 +287,22 @@ static int max_extfrag_threshold = 1000;
  #endif
  
  static struct ctl_table kern_table[] = {
@@ -79103,7 +77920,7 @@ index c88878d..e4fa5d1 100644
  	{
  		.procname	= "sched_child_runs_first",
  		.data		= &sysctl_sched_child_runs_first,
-@@ -593,7 +622,7 @@ static struct ctl_table kern_table[] = {
+@@ -608,7 +637,7 @@ static struct ctl_table kern_table[] = {
  		.data		= &modprobe_path,
  		.maxlen		= KMOD_PATH_LEN,
  		.mode		= 0644,
@@ -79112,7 +77929,7 @@ index c88878d..e4fa5d1 100644
  	},
  	{
  		.procname	= "modules_disabled",
-@@ -760,16 +789,20 @@ static struct ctl_table kern_table[] = {
+@@ -775,16 +804,20 @@ static struct ctl_table kern_table[] = {
  		.extra1		= &zero,
  		.extra2		= &one,
  	},
@@ -79134,7 +77951,18 @@ index c88878d..e4fa5d1 100644
  	{
  		.procname	= "ngroups_max",
  		.data		= &ngroups_max,
-@@ -1266,6 +1299,13 @@ static struct ctl_table vm_table[] = {
+@@ -1026,8 +1059,8 @@ static struct ctl_table kern_table[] = {
+ 	 */
+ 	{
+ 		.procname	= "perf_event_paranoid",
+-		.data		= &sysctl_perf_event_paranoid,
+-		.maxlen		= sizeof(sysctl_perf_event_paranoid),
++		.data		= &sysctl_perf_event_legitimately_concerned,
++		.maxlen		= sizeof(sysctl_perf_event_legitimately_concerned),
+ 		.mode		= 0644,
+ 		.proc_handler	= proc_dointvec,
+ 	},
+@@ -1283,6 +1316,13 @@ static struct ctl_table vm_table[] = {
  		.proc_handler	= proc_dointvec_minmax,
  		.extra1		= &zero,
  	},
@@ -79148,7 +77976,7 @@ index c88878d..e4fa5d1 100644
  #else
  	{
  		.procname	= "nr_trim_pages",
-@@ -1716,6 +1756,16 @@ int proc_dostring(struct ctl_table *table, int write,
+@@ -1733,6 +1773,16 @@ int proc_dostring(struct ctl_table *table, int write,
  			       buffer, lenp, ppos);
  }
  
@@ -79165,7 +77993,7 @@ index c88878d..e4fa5d1 100644
  static size_t proc_skip_spaces(char **buf)
  {
  	size_t ret;
-@@ -1821,6 +1871,8 @@ static int proc_put_long(void __user **buf, size_t *size, unsigned long val,
+@@ -1838,6 +1888,8 @@ static int proc_put_long(void __user **buf, size_t *size, unsigned long val,
  	len = strlen(tmp);
  	if (len > *size)
  		len = *size;
@@ -79174,7 +78002,7 @@ index c88878d..e4fa5d1 100644
  	if (copy_to_user(*buf, tmp, len))
  		return -EFAULT;
  	*size -= len;
-@@ -1985,7 +2037,7 @@ int proc_dointvec(struct ctl_table *table, int write,
+@@ -2002,7 +2054,7 @@ int proc_dointvec(struct ctl_table *table, int write,
  static int proc_taint(struct ctl_table *table, int write,
  			       void __user *buffer, size_t *lenp, loff_t *ppos)
  {
@@ -79183,7 +78011,7 @@ index c88878d..e4fa5d1 100644
  	unsigned long tmptaint = get_taint();
  	int err;
  
-@@ -2013,7 +2065,6 @@ static int proc_taint(struct ctl_table *table, int write,
+@@ -2030,7 +2082,6 @@ static int proc_taint(struct ctl_table *table, int write,
  	return err;
  }
  
@@ -79191,7 +78019,7 @@ index c88878d..e4fa5d1 100644
  static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write,
  				void __user *buffer, size_t *lenp, loff_t *ppos)
  {
-@@ -2022,7 +2073,6 @@ static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write,
+@@ -2039,7 +2090,6 @@ static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write,
  
  	return proc_dointvec_minmax(table, write, buffer, lenp, ppos);
  }
@@ -79199,7 +78027,7 @@ index c88878d..e4fa5d1 100644
  
  struct do_proc_dointvec_minmax_conv_param {
  	int *min;
-@@ -2169,8 +2219,11 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int
+@@ -2186,8 +2236,11 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int
  			*i = val;
  		} else {
  			val = convdiv * (*i) / convmul;
@@ -79212,7 +78040,7 @@ index c88878d..e4fa5d1 100644
  			err = proc_put_long(&buffer, &left, val, false);
  			if (err)
  				break;
-@@ -2562,6 +2615,12 @@ int proc_dostring(struct ctl_table *table, int write,
+@@ -2579,6 +2632,12 @@ int proc_dostring(struct ctl_table *table, int write,
  	return -ENOSYS;
  }
  
@@ -79225,80 +78053,13 @@ index c88878d..e4fa5d1 100644
  int proc_dointvec(struct ctl_table *table, int write,
  		  void __user *buffer, size_t *lenp, loff_t *ppos)
  {
-@@ -2618,5 +2677,6 @@ EXPORT_SYMBOL(proc_dointvec_minmax);
+@@ -2635,5 +2694,6 @@ EXPORT_SYMBOL(proc_dointvec_minmax);
  EXPORT_SYMBOL(proc_dointvec_userhz_jiffies);
  EXPORT_SYMBOL(proc_dointvec_ms_jiffies);
  EXPORT_SYMBOL(proc_dostring);
 +EXPORT_SYMBOL(proc_dostring_modpriv);
  EXPORT_SYMBOL(proc_doulongvec_minmax);
  EXPORT_SYMBOL(proc_doulongvec_ms_jiffies_minmax);
-diff --git a/kernel/sysctl_binary.c b/kernel/sysctl_binary.c
-index 0ddf3a0..a199f50 100644
---- a/kernel/sysctl_binary.c
-+++ b/kernel/sysctl_binary.c
-@@ -989,7 +989,7 @@ static ssize_t bin_intvec(struct file *file,
- 		int i;
- 
- 		set_fs(KERNEL_DS);
--		result = vfs_read(file, buffer, BUFSZ - 1, &pos);
-+		result = vfs_read(file, (char __force_user *)buffer, BUFSZ - 1, &pos);
- 		set_fs(old_fs);
- 		if (result < 0)
- 			goto out_kfree;
-@@ -1034,7 +1034,7 @@ static ssize_t bin_intvec(struct file *file,
- 		}
- 
- 		set_fs(KERNEL_DS);
--		result = vfs_write(file, buffer, str - buffer, &pos);
-+		result = vfs_write(file, (const char __force_user *)buffer, str - buffer, &pos);
- 		set_fs(old_fs);
- 		if (result < 0)
- 			goto out_kfree;
-@@ -1067,7 +1067,7 @@ static ssize_t bin_ulongvec(struct file *file,
- 		int i;
- 
- 		set_fs(KERNEL_DS);
--		result = vfs_read(file, buffer, BUFSZ - 1, &pos);
-+		result = vfs_read(file, (char __force_user *)buffer, BUFSZ - 1, &pos);
- 		set_fs(old_fs);
- 		if (result < 0)
- 			goto out_kfree;
-@@ -1112,7 +1112,7 @@ static ssize_t bin_ulongvec(struct file *file,
- 		}
- 
- 		set_fs(KERNEL_DS);
--		result = vfs_write(file, buffer, str - buffer, &pos);
-+		result = vfs_write(file, (const char __force_user *)buffer, str - buffer, &pos);
- 		set_fs(old_fs);
- 		if (result < 0)
- 			goto out_kfree;
-@@ -1138,7 +1138,7 @@ static ssize_t bin_uuid(struct file *file,
- 		int i;
- 
- 		set_fs(KERNEL_DS);
--		result = vfs_read(file, buf, sizeof(buf) - 1, &pos);
-+		result = vfs_read(file, (char __force_user *)buf, sizeof(buf) - 1, &pos);
- 		set_fs(old_fs);
- 		if (result < 0)
- 			goto out;
-@@ -1185,7 +1185,7 @@ static ssize_t bin_dn_node_address(struct file *file,
- 		__le16 dnaddr;
- 
- 		set_fs(KERNEL_DS);
--		result = vfs_read(file, buf, sizeof(buf) - 1, &pos);
-+		result = vfs_read(file, (char __force_user *)buf, sizeof(buf) - 1, &pos);
- 		set_fs(old_fs);
- 		if (result < 0)
- 			goto out;
-@@ -1234,7 +1234,7 @@ static ssize_t bin_dn_node_address(struct file *file,
- 				le16_to_cpu(dnaddr) & 0x3ff);
- 
- 		set_fs(KERNEL_DS);
--		result = vfs_write(file, buf, len, &pos);
-+		result = vfs_write(file, (const char __force_user *)buf, len, &pos);
- 		set_fs(old_fs);
- 		if (result < 0)
- 			goto out;
 diff --git a/kernel/taskstats.c b/kernel/taskstats.c
 index 145bb4d..b2aa969 100644
 --- a/kernel/taskstats.c
@@ -79327,10 +78088,10 @@ index 145bb4d..b2aa969 100644
  		return cmd_attr_register_cpumask(info);
  	else if (info->attrs[TASKSTATS_CMD_ATTR_DEREGISTER_CPUMASK])
 diff --git a/kernel/time.c b/kernel/time.c
-index d226c6a..2f0d217 100644
+index f8342a4..288f13b 100644
 --- a/kernel/time.c
 +++ b/kernel/time.c
-@@ -163,6 +163,11 @@ int do_sys_settimeofday(const struct timespec *tv, const struct timezone *tz)
+@@ -171,6 +171,11 @@ int do_sys_settimeofday(const struct timespec *tv, const struct timezone *tz)
  		return error;
  
  	if (tz) {
@@ -79342,7 +78103,7 @@ index d226c6a..2f0d217 100644
  		sys_tz = *tz;
  		update_vsyscall_tz();
  		if (firsttime) {
-@@ -493,7 +498,7 @@ EXPORT_SYMBOL(usecs_to_jiffies);
+@@ -501,7 +506,7 @@ EXPORT_SYMBOL(usecs_to_jiffies);
   * The >> (NSEC_JIFFIE_SC - SEC_JIFFIE_SC) converts the scaled nsec
   * value to a scaled second value.
   */
@@ -79365,20 +78126,20 @@ index f11d83b..d016d91 100644
  		.clock_get	= alarm_clock_get,
  		.timer_create	= alarm_timer_create,
 diff --git a/kernel/time/tick-broadcast.c b/kernel/time/tick-broadcast.c
-index 239a323..2c78cf0 100644
+index 90ad470..1814e9a 100644
 --- a/kernel/time/tick-broadcast.c
 +++ b/kernel/time/tick-broadcast.c
-@@ -120,7 +120,7 @@ int tick_device_uses_broadcast(struct clock_event_device *dev, int cpu)
+@@ -138,7 +138,7 @@ int tick_device_uses_broadcast(struct clock_event_device *dev, int cpu)
  		 * then clear the broadcast bit.
  		 */
  		if (!(dev->features & CLOCK_EVT_FEAT_C3STOP)) {
 -			int cpu = smp_processor_id();
 +			cpu = smp_processor_id();
- 
  			cpumask_clear_cpu(cpu, tick_get_broadcast_mask());
  			tick_broadcast_clear_oneshot(cpu);
+ 		} else {
 diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c
-index cbc6acb..3a77191 100644
+index 9a0bc98..fceb7d0 100644
 --- a/kernel/time/timekeeping.c
 +++ b/kernel/time/timekeeping.c
 @@ -15,6 +15,7 @@
@@ -79389,7 +78150,7 @@ index cbc6acb..3a77191 100644
  #include <linux/syscore_ops.h>
  #include <linux/clocksource.h>
  #include <linux/jiffies.h>
-@@ -412,6 +413,8 @@ int do_settimeofday(const struct timespec *tv)
+@@ -448,6 +449,8 @@ int do_settimeofday(const struct timespec *tv)
  	if (!timespec_valid_strict(tv))
  		return -EINVAL;
  
@@ -79517,7 +78278,7 @@ index 0b537f2..40d6c20 100644
  		return -ENOMEM;
  	return 0;
 diff --git a/kernel/timer.c b/kernel/timer.c
-index 367d008..5dee98f 100644
+index dbf7a78..e2148f0 100644
 --- a/kernel/timer.c
 +++ b/kernel/timer.c
 @@ -1363,7 +1363,7 @@ void update_process_times(int user_tick)
@@ -79548,7 +78309,7 @@ index 367d008..5dee98f 100644
  };
  
 diff --git a/kernel/trace/blktrace.c b/kernel/trace/blktrace.c
-index c0bd030..62a1927 100644
+index 5a0f781..1497f95 100644
 --- a/kernel/trace/blktrace.c
 +++ b/kernel/trace/blktrace.c
 @@ -317,7 +317,7 @@ static ssize_t blk_dropped_read(struct file *filp, char __user *buffer,
@@ -79579,10 +78340,10 @@ index c0bd030..62a1927 100644
  	ret = -EIO;
  	bt->dropped_file = debugfs_create_file("dropped", 0444, dir, bt,
 diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
-index 03dbc77..e6bd484 100644
+index 0a0e2a6..943495e 100644
 --- a/kernel/trace/ftrace.c
 +++ b/kernel/trace/ftrace.c
-@@ -1886,12 +1886,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec)
+@@ -1909,12 +1909,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec)
  	if (unlikely(ftrace_disabled))
  		return 0;
  
@@ -79602,7 +78363,7 @@ index 03dbc77..e6bd484 100644
  }
  
  /*
-@@ -2964,7 +2969,7 @@ static void ftrace_free_entry_rcu(struct rcu_head *rhp)
+@@ -2986,7 +2991,7 @@ static void ftrace_free_entry_rcu(struct rcu_head *rhp)
  
  int
  register_ftrace_function_probe(char *glob, struct ftrace_probe_ops *ops,
@@ -79611,7 +78372,7 @@ index 03dbc77..e6bd484 100644
  {
  	struct ftrace_func_probe *entry;
  	struct ftrace_page *pg;
-@@ -3832,8 +3837,10 @@ static int ftrace_process_locs(struct module *mod,
+@@ -3854,8 +3859,10 @@ static int ftrace_process_locs(struct module *mod,
  	if (!count)
  		return 0;
  
@@ -79622,7 +78383,7 @@ index 03dbc77..e6bd484 100644
  
  	start_pg = ftrace_allocate_pages(count);
  	if (!start_pg)
-@@ -4555,8 +4562,6 @@ ftrace_enable_sysctl(struct ctl_table *table, int write,
+@@ -4574,8 +4581,6 @@ ftrace_enable_sysctl(struct ctl_table *table, int write,
  #ifdef CONFIG_FUNCTION_GRAPH_TRACER
  
  static int ftrace_graph_active;
@@ -79631,7 +78392,7 @@ index 03dbc77..e6bd484 100644
  int ftrace_graph_entry_stub(struct ftrace_graph_ent *trace)
  {
  	return 0;
-@@ -4700,6 +4705,10 @@ ftrace_suspend_notifier_call(struct notifier_block *bl, unsigned long state,
+@@ -4719,6 +4724,10 @@ ftrace_suspend_notifier_call(struct notifier_block *bl, unsigned long state,
  	return NOTIFY_DONE;
  }
  
@@ -79642,7 +78403,7 @@ index 03dbc77..e6bd484 100644
  int register_ftrace_graph(trace_func_graph_ret_t retfunc,
  			trace_func_graph_ent_t entryfunc)
  {
-@@ -4713,7 +4722,6 @@ int register_ftrace_graph(trace_func_graph_ret_t retfunc,
+@@ -4732,7 +4741,6 @@ int register_ftrace_graph(trace_func_graph_ret_t retfunc,
  		goto out;
  	}
  
@@ -79651,10 +78412,10 @@ index 03dbc77..e6bd484 100644
  
  	ftrace_graph_active++;
 diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
-index ce8514f..8233573 100644
+index 6989df2..c2265cf 100644
 --- a/kernel/trace/ring_buffer.c
 +++ b/kernel/trace/ring_buffer.c
-@@ -346,9 +346,9 @@ struct buffer_data_page {
+@@ -349,9 +349,9 @@ struct buffer_data_page {
   */
  struct buffer_page {
  	struct list_head list;		/* list of buffer pages */
@@ -79666,7 +78427,7 @@ index ce8514f..8233573 100644
  	unsigned long	 real_end;	/* real end of data */
  	struct buffer_data_page *page;	/* Actual data page */
  };
-@@ -461,8 +461,8 @@ struct ring_buffer_per_cpu {
+@@ -464,8 +464,8 @@ struct ring_buffer_per_cpu {
  	unsigned long			last_overrun;
  	local_t				entries_bytes;
  	local_t				entries;
@@ -79677,7 +78438,7 @@ index ce8514f..8233573 100644
  	local_t				dropped_events;
  	local_t				committing;
  	local_t				commits;
-@@ -861,8 +861,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -864,8 +864,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer,
  	 *
  	 * We add a counter to the write field to denote this.
  	 */
@@ -79688,7 +78449,7 @@ index ce8514f..8233573 100644
  
  	/*
  	 * Just make sure we have seen our old_write and synchronize
-@@ -890,8 +890,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -893,8 +893,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer,
  		 * cmpxchg to only update if an interrupt did not already
  		 * do it for us. If the cmpxchg fails, we don't care.
  		 */
@@ -79699,7 +78460,7 @@ index ce8514f..8233573 100644
  
  		/*
  		 * No need to worry about races with clearing out the commit.
-@@ -1250,12 +1250,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer);
+@@ -1253,12 +1253,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer);
  
  static inline unsigned long rb_page_entries(struct buffer_page *bpage)
  {
@@ -79714,7 +78475,7 @@ index ce8514f..8233573 100644
  }
  
  static int
-@@ -1350,7 +1350,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned int nr_pages)
+@@ -1353,7 +1353,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned int nr_pages)
  			 * bytes consumed in ring buffer from here.
  			 * Increment overrun to account for the lost events.
  			 */
@@ -79723,7 +78484,7 @@ index ce8514f..8233573 100644
  			local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes);
  		}
  
-@@ -1906,7 +1906,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -1909,7 +1909,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer,
  		 * it is our responsibility to update
  		 * the counters.
  		 */
@@ -79732,7 +78493,7 @@ index ce8514f..8233573 100644
  		local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes);
  
  		/*
-@@ -2056,7 +2056,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2059,7 +2059,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
  		if (tail == BUF_PAGE_SIZE)
  			tail_page->real_end = 0;
  
@@ -79741,7 +78502,7 @@ index ce8514f..8233573 100644
  		return;
  	}
  
-@@ -2091,7 +2091,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2094,7 +2094,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
  		rb_event_set_padding(event);
  
  		/* Set the write back to the previous setting */
@@ -79750,7 +78511,7 @@ index ce8514f..8233573 100644
  		return;
  	}
  
-@@ -2103,7 +2103,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2106,7 +2106,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
  
  	/* Set write to end of buffer */
  	length = (tail + length) - BUF_PAGE_SIZE;
@@ -79759,7 +78520,7 @@ index ce8514f..8233573 100644
  }
  
  /*
-@@ -2129,7 +2129,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2132,7 +2132,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
  	 * about it.
  	 */
  	if (unlikely(next_page == commit_page)) {
@@ -79768,7 +78529,7 @@ index ce8514f..8233573 100644
  		goto out_reset;
  	}
  
-@@ -2185,7 +2185,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2188,7 +2188,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
  				      cpu_buffer->tail_page) &&
  				     (cpu_buffer->commit_page ==
  				      cpu_buffer->reader_page))) {
@@ -79777,7 +78538,7 @@ index ce8514f..8233573 100644
  				goto out_reset;
  			}
  		}
-@@ -2233,7 +2233,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2236,7 +2236,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
  		length += RB_LEN_TIME_EXTEND;
  
  	tail_page = cpu_buffer->tail_page;
@@ -79786,7 +78547,7 @@ index ce8514f..8233573 100644
  
  	/* set write to only the index of the write */
  	write &= RB_WRITE_MASK;
-@@ -2250,7 +2250,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2253,7 +2253,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
  	kmemcheck_annotate_bitfield(event, bitfield);
  	rb_update_event(cpu_buffer, event, length, add_timestamp, delta);
  
@@ -79795,7 +78556,7 @@ index ce8514f..8233573 100644
  
  	/*
  	 * If this is the first commit on the page, then update
-@@ -2283,7 +2283,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2286,7 +2286,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
  
  	if (bpage->page == (void *)addr && rb_page_write(bpage) == old_index) {
  		unsigned long write_mask =
@@ -79804,7 +78565,7 @@ index ce8514f..8233573 100644
  		unsigned long event_length = rb_event_length(event);
  		/*
  		 * This is on the tail page. It is possible that
-@@ -2293,7 +2293,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2296,7 +2296,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
  		 */
  		old_index += write_mask;
  		new_index += write_mask;
@@ -79813,7 +78574,7 @@ index ce8514f..8233573 100644
  		if (index == old_index) {
  			/* update counters */
  			local_sub(event_length, &cpu_buffer->entries_bytes);
-@@ -2632,7 +2632,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2670,7 +2670,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
  
  	/* Do the likely case first */
  	if (likely(bpage->page == (void *)addr)) {
@@ -79822,7 +78583,7 @@ index ce8514f..8233573 100644
  		return;
  	}
  
-@@ -2644,7 +2644,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2682,7 +2682,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
  	start = bpage;
  	do {
  		if (bpage->page == (void *)addr) {
@@ -79831,7 +78592,7 @@ index ce8514f..8233573 100644
  			return;
  		}
  		rb_inc_page(cpu_buffer, &bpage);
-@@ -2926,7 +2926,7 @@ static inline unsigned long
+@@ -2964,7 +2964,7 @@ static inline unsigned long
  rb_num_of_entries(struct ring_buffer_per_cpu *cpu_buffer)
  {
  	return local_read(&cpu_buffer->entries) -
@@ -79840,7 +78601,7 @@ index ce8514f..8233573 100644
  }
  
  /**
-@@ -3015,7 +3015,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu)
+@@ -3053,7 +3053,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu)
  		return 0;
  
  	cpu_buffer = buffer->buffers[cpu];
@@ -79849,7 +78610,7 @@ index ce8514f..8233573 100644
  
  	return ret;
  }
-@@ -3038,7 +3038,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu)
+@@ -3076,7 +3076,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu)
  		return 0;
  
  	cpu_buffer = buffer->buffers[cpu];
@@ -79858,7 +78619,7 @@ index ce8514f..8233573 100644
  
  	return ret;
  }
-@@ -3105,7 +3105,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer)
+@@ -3161,7 +3161,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer)
  	/* if you care about this being correct, lock the buffer */
  	for_each_buffer_cpu(buffer, cpu) {
  		cpu_buffer = buffer->buffers[cpu];
@@ -79867,7 +78628,7 @@ index ce8514f..8233573 100644
  	}
  
  	return overruns;
-@@ -3281,8 +3281,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
+@@ -3337,8 +3337,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
  	/*
  	 * Reset the reader page to size zero.
  	 */
@@ -79878,7 +78639,7 @@ index ce8514f..8233573 100644
  	local_set(&cpu_buffer->reader_page->page->commit, 0);
  	cpu_buffer->reader_page->real_end = 0;
  
-@@ -3316,7 +3316,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
+@@ -3372,7 +3372,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
  	 * want to compare with the last_overrun.
  	 */
  	smp_mb();
@@ -79887,7 +78648,7 @@ index ce8514f..8233573 100644
  
  	/*
  	 * Here's the tricky part.
-@@ -3886,8 +3886,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
+@@ -3942,8 +3942,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
  
  	cpu_buffer->head_page
  		= list_entry(cpu_buffer->pages, struct buffer_page, list);
@@ -79898,7 +78659,7 @@ index ce8514f..8233573 100644
  	local_set(&cpu_buffer->head_page->page->commit, 0);
  
  	cpu_buffer->head_page->read = 0;
-@@ -3897,14 +3897,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
+@@ -3953,14 +3953,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
  
  	INIT_LIST_HEAD(&cpu_buffer->reader_page->list);
  	INIT_LIST_HEAD(&cpu_buffer->new_pages);
@@ -79917,7 +78678,7 @@ index ce8514f..8233573 100644
  	local_set(&cpu_buffer->dropped_events, 0);
  	local_set(&cpu_buffer->entries, 0);
  	local_set(&cpu_buffer->committing, 0);
-@@ -4308,8 +4308,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer,
+@@ -4364,8 +4364,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer,
  		rb_init_page(bpage);
  		bpage = reader->page;
  		reader->page = *data_page;
@@ -79929,10 +78690,10 @@ index ce8514f..8233573 100644
  		*data_page = bpage;
  
 diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
-index 1c82852..1cd5af2 100644
+index 3f28192..a29e8b0 100644
 --- a/kernel/trace/trace.c
 +++ b/kernel/trace/trace.c
-@@ -2845,7 +2845,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set)
+@@ -2893,7 +2893,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set)
  	return 0;
  }
  
@@ -79941,7 +78702,7 @@ index 1c82852..1cd5af2 100644
  {
  	/* do nothing if flag is already set */
  	if (!!(trace_flags & mask) == !!enabled)
-@@ -4494,10 +4494,9 @@ static const struct file_operations tracing_dyn_info_fops = {
+@@ -4637,10 +4637,9 @@ static const struct file_operations tracing_dyn_info_fops = {
  };
  #endif
  
@@ -79953,23 +78714,23 @@ index 1c82852..1cd5af2 100644
  	static int once;
  
  	if (d_tracer)
-@@ -4517,10 +4516,9 @@ struct dentry *tracing_init_dentry(void)
+@@ -4660,10 +4659,9 @@ struct dentry *tracing_init_dentry(void)
  	return d_tracer;
  }
  
 -static struct dentry *d_percpu;
 -
- struct dentry *tracing_dentry_percpu(void)
+ static struct dentry *tracing_dentry_percpu(void)
  {
 +	static struct dentry *d_percpu;
  	static int once;
  	struct dentry *d_tracer;
  
 diff --git a/kernel/trace/trace.h b/kernel/trace/trace.h
-index 23f1d2c..6ca7a9b 100644
+index 2081971..09f861e 100644
 --- a/kernel/trace/trace.h
 +++ b/kernel/trace/trace.h
-@@ -840,7 +840,7 @@ extern const char *__stop___trace_bprintk_fmt[];
+@@ -948,7 +948,7 @@ extern const char *__stop___trace_bprintk_fmt[];
  void trace_printk_init_buffers(void);
  void trace_printk_start_comm(void);
  int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set);
@@ -79979,10 +78740,10 @@ index 23f1d2c..6ca7a9b 100644
  #undef FTRACE_ENTRY
  #define FTRACE_ENTRY(call, struct_name, id, tstruct, print, filter)	\
 diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c
-index 880073d..42db7c3 100644
+index 57e9b28..eebe41c 100644
 --- a/kernel/trace/trace_events.c
 +++ b/kernel/trace/trace_events.c
-@@ -1330,10 +1330,6 @@ static LIST_HEAD(ftrace_module_file_list);
+@@ -1329,10 +1329,6 @@ static LIST_HEAD(ftrace_module_file_list);
  struct ftrace_module_file_ops {
  	struct list_head		list;
  	struct module			*mod;
@@ -79993,7 +78754,7 @@ index 880073d..42db7c3 100644
  };
  
  static struct ftrace_module_file_ops *
-@@ -1354,17 +1350,12 @@ trace_create_file_ops(struct module *mod)
+@@ -1353,17 +1349,12 @@ trace_create_file_ops(struct module *mod)
  
  	file_ops->mod = mod;
  
@@ -80017,7 +78778,7 @@ index 880073d..42db7c3 100644
  
  	list_add(&file_ops->list, &ftrace_module_file_list);
  
-@@ -1388,8 +1379,8 @@ static void trace_module_add_events(struct module *mod)
+@@ -1387,8 +1378,8 @@ static void trace_module_add_events(struct module *mod)
  
  	for_each_event(call, start, end) {
  		__trace_add_event_call(*call, mod,
@@ -80069,7 +78830,7 @@ index fd3c8aa..5f324a6 100644
  	}
  	entry	= ring_buffer_event_data(event);
 diff --git a/kernel/trace/trace_output.c b/kernel/trace/trace_output.c
-index 194d796..76edb8f 100644
+index 697e88d..1a79993 100644
 --- a/kernel/trace/trace_output.c
 +++ b/kernel/trace/trace_output.c
 @@ -278,7 +278,7 @@ int trace_seq_path(struct trace_seq *s, const struct path *path)
@@ -80081,7 +78842,7 @@ index 194d796..76edb8f 100644
  		if (p) {
  			s->len = p - s->buffer;
  			return 1;
-@@ -852,14 +852,16 @@ int register_ftrace_event(struct trace_event *event)
+@@ -851,14 +851,16 @@ int register_ftrace_event(struct trace_event *event)
  			goto out;
  	}
  
@@ -80115,59 +78876,11 @@ index b20428c..4845a10 100644
  		return;
  
  	local_irq_save(flags);
-diff --git a/kernel/user.c b/kernel/user.c
-index 7f6ff2b..1ac8f18 100644
---- a/kernel/user.c
-+++ b/kernel/user.c
-@@ -47,9 +47,7 @@ struct user_namespace init_user_ns = {
- 			.count = 4294967295U,
- 		},
- 	},
--	.kref = {
--		.refcount	= ATOMIC_INIT(3),
--	},
-+	.count = ATOMIC_INIT(3),
- 	.owner = GLOBAL_ROOT_UID,
- 	.group = GLOBAL_ROOT_GID,
- 	.proc_inum = PROC_USER_INIT_INO,
 diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
-index f359dc7..ddc606a 100644
+index e134d8f..a018cdd 100644
 --- a/kernel/user_namespace.c
 +++ b/kernel/user_namespace.c
-@@ -89,7 +89,7 @@ int create_user_ns(struct cred *new)
- 		return ret;
- 	}
- 
--	kref_init(&ns->kref);
-+	atomic_set(&ns->count, 1);
- 	/* Leave the new->user_ns reference with the new user namespace. */
- 	ns->parent = parent_ns;
- 	ns->owner = owner;
-@@ -117,15 +117,16 @@ int unshare_userns(unsigned long unshare_flags, struct cred **new_cred)
- 	return create_user_ns(cred);
- }
- 
--void free_user_ns(struct kref *kref)
-+void free_user_ns(struct user_namespace *ns)
- {
--	struct user_namespace *parent, *ns =
--		container_of(kref, struct user_namespace, kref);
-+	struct user_namespace *parent;
- 
--	parent = ns->parent;
--	proc_free_inum(ns->proc_inum);
--	kmem_cache_free(user_ns_cachep, ns);
--	put_user_ns(parent);
-+	do {
-+		parent = ns->parent;
-+		proc_free_inum(ns->proc_inum);
-+		kmem_cache_free(user_ns_cachep, ns);
-+		ns = parent;
-+	} while (atomic_dec_and_test(&parent->count));
- }
- EXPORT_SYMBOL(free_user_ns);
- 
-@@ -819,7 +820,7 @@ static int userns_install(struct nsproxy *nsproxy, void *ns)
+@@ -853,7 +853,7 @@ static int userns_install(struct nsproxy *nsproxy, void *ns)
  	if (atomic_read(&current->mm->mm_users) > 1)
  		return -EINVAL;
  
@@ -80177,10 +78890,10 @@ index f359dc7..ddc606a 100644
  
  	if (!ns_capable(user_ns, CAP_SYS_ADMIN))
 diff --git a/kernel/utsname_sysctl.c b/kernel/utsname_sysctl.c
-index 63da38c..639904e 100644
+index 4f69f9a..7c6f8f8 100644
 --- a/kernel/utsname_sysctl.c
 +++ b/kernel/utsname_sysctl.c
-@@ -46,7 +46,7 @@ static void put_uts(ctl_table *table, int write, void *which)
+@@ -47,7 +47,7 @@ static void put_uts(ctl_table *table, int write, void *which)
  static int proc_do_uts_string(ctl_table *table, int write,
  		  void __user *buffer, size_t *lenp, loff_t *ppos)
  {
@@ -80190,10 +78903,10 @@ index 63da38c..639904e 100644
  	memcpy(&uts_table, table, sizeof(uts_table));
  	uts_table.data = get_uts(table, write);
 diff --git a/kernel/watchdog.c b/kernel/watchdog.c
-index 75a2ab3..5961da7 100644
+index 4a94467..80a6f9c 100644
 --- a/kernel/watchdog.c
 +++ b/kernel/watchdog.c
-@@ -527,7 +527,7 @@ int proc_dowatchdog(struct ctl_table *table, int write,
+@@ -526,7 +526,7 @@ int proc_dowatchdog(struct ctl_table *table, int write,
  }
  #endif /* CONFIG_SYSCTL */
  
@@ -80203,10 +78916,10 @@ index 75a2ab3..5961da7 100644
  	.thread_should_run	= watchdog_should_run,
  	.thread_fn		= watchdog,
 diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
-index 67604e5..fe94fb1 100644
+index 28be08c..47bab92 100644
 --- a/lib/Kconfig.debug
 +++ b/lib/Kconfig.debug
-@@ -550,7 +550,7 @@ config DEBUG_MUTEXES
+@@ -549,7 +549,7 @@ config DEBUG_MUTEXES
  
  config DEBUG_LOCK_ALLOC
  	bool "Lock debugging: detect incorrect freeing of live locks"
@@ -80215,7 +78928,7 @@ index 67604e5..fe94fb1 100644
  	select DEBUG_SPINLOCK
  	select DEBUG_MUTEXES
  	select LOCKDEP
-@@ -564,7 +564,7 @@ config DEBUG_LOCK_ALLOC
+@@ -563,7 +563,7 @@ config DEBUG_LOCK_ALLOC
  
  config PROVE_LOCKING
  	bool "Lock debugging: prove locking correctness"
@@ -80224,7 +78937,7 @@ index 67604e5..fe94fb1 100644
  	select LOCKDEP
  	select DEBUG_SPINLOCK
  	select DEBUG_MUTEXES
-@@ -670,7 +670,7 @@ config LOCKDEP
+@@ -614,7 +614,7 @@ config LOCKDEP
  
  config LOCK_STAT
  	bool "Lock usage statistics"
@@ -80233,7 +78946,7 @@ index 67604e5..fe94fb1 100644
  	select LOCKDEP
  	select DEBUG_SPINLOCK
  	select DEBUG_MUTEXES
-@@ -1278,6 +1278,7 @@ config LATENCYTOP
+@@ -1282,6 +1282,7 @@ config LATENCYTOP
  	depends on DEBUG_KERNEL
  	depends on STACKTRACE_SUPPORT
  	depends on PROC_FS
@@ -80241,7 +78954,7 @@ index 67604e5..fe94fb1 100644
  	select FRAME_POINTER if !MIPS && !PPC && !S390 && !MICROBLAZE && !ARM_UNWIND
  	select KALLSYMS
  	select KALLSYMS_ALL
-@@ -1306,7 +1307,7 @@ config INTERVAL_TREE_TEST
+@@ -1310,7 +1311,7 @@ config INTERVAL_TREE_TEST
  
  config PROVIDE_OHCI1394_DMA_INIT
  	bool "Remote debugging over FireWire early on boot"
@@ -80250,7 +78963,7 @@ index 67604e5..fe94fb1 100644
  	help
  	  If you want to debug problems which hang or crash the kernel early
  	  on boot and the crashing machine has a FireWire port, you can use
-@@ -1335,7 +1336,7 @@ config PROVIDE_OHCI1394_DMA_INIT
+@@ -1339,7 +1340,7 @@ config PROVIDE_OHCI1394_DMA_INIT
  
  config FIREWIRE_OHCI_REMOTE_DMA
  	bool "Remote debugging over FireWire with firewire-ohci"
@@ -80260,7 +78973,7 @@ index 67604e5..fe94fb1 100644
  	  This option lets you use the FireWire bus for remote debugging
  	  with help of the firewire-ohci driver. It enables unfiltered
 diff --git a/lib/Makefile b/lib/Makefile
-index 02ed6c0..bd243da 100644
+index 6e2cc56..9b13738 100644
 --- a/lib/Makefile
 +++ b/lib/Makefile
 @@ -47,7 +47,7 @@ obj-$(CONFIG_GENERIC_HWEIGHT) += hweight.o
@@ -80313,7 +79026,7 @@ index 06f7e4f..f3cf2b0 100644
  }
  EXPORT_SYMBOL(bitmap_parselist_user);
 diff --git a/lib/bug.c b/lib/bug.c
-index d0cdf14..4d07bd2 100644
+index 1686034..a9c00c8 100644
 --- a/lib/bug.c
 +++ b/lib/bug.c
 @@ -134,6 +134,8 @@ enum bug_trap_type report_bug(unsigned long bugaddr, struct pt_regs *regs)
@@ -80326,10 +79039,10 @@ index d0cdf14..4d07bd2 100644
  	file = NULL;
  	line = 0;
 diff --git a/lib/debugobjects.c b/lib/debugobjects.c
-index d11808c..dc2d6f8 100644
+index 37061ed..da83f48 100644
 --- a/lib/debugobjects.c
 +++ b/lib/debugobjects.c
-@@ -287,7 +287,7 @@ static void debug_object_is_on_stack(void *addr, int onstack)
+@@ -286,7 +286,7 @@ static void debug_object_is_on_stack(void *addr, int onstack)
  	if (limit > 4)
  		return;
  
@@ -80339,10 +79052,10 @@ index d11808c..dc2d6f8 100644
  		return;
  
 diff --git a/lib/devres.c b/lib/devres.c
-index 80b9c76..9e32279 100644
+index 8235331..5881053 100644
 --- a/lib/devres.c
 +++ b/lib/devres.c
-@@ -80,7 +80,7 @@ EXPORT_SYMBOL(devm_ioremap_nocache);
+@@ -81,7 +81,7 @@ EXPORT_SYMBOL(devm_ioremap_nocache);
  void devm_iounmap(struct device *dev, void __iomem *addr)
  {
  	WARN_ON(devres_destroy(dev, devm_ioremap_release, devm_ioremap_match,
@@ -80351,7 +79064,7 @@ index 80b9c76..9e32279 100644
  	iounmap(addr);
  }
  EXPORT_SYMBOL(devm_iounmap);
-@@ -192,7 +192,7 @@ void devm_ioport_unmap(struct device *dev, void __iomem *addr)
+@@ -224,7 +224,7 @@ void devm_ioport_unmap(struct device *dev, void __iomem *addr)
  {
  	ioport_unmap(addr);
  	WARN_ON(devres_destroy(dev, devm_ioport_map_release,
@@ -80359,7 +79072,7 @@ index 80b9c76..9e32279 100644
 +			       devm_ioport_map_match, (void __force *)addr));
  }
  EXPORT_SYMBOL(devm_ioport_unmap);
- 
+ #endif /* CONFIG_HAS_IOPORT */
 diff --git a/lib/div64.c b/lib/div64.c
 index a163b6c..9618fa5 100644
 --- a/lib/div64.c
@@ -80383,7 +79096,7 @@ index a163b6c..9618fa5 100644
  	u32 high = divisor >> 32;
  	u64 quot;
 diff --git a/lib/dma-debug.c b/lib/dma-debug.c
-index 5e396ac..58d5de1 100644
+index d87a17a..ac0d79a 100644
 --- a/lib/dma-debug.c
 +++ b/lib/dma-debug.c
 @@ -768,7 +768,7 @@ static int dma_debug_device_change(struct notifier_block *nb, unsigned long acti
@@ -80395,7 +79108,7 @@ index 5e396ac..58d5de1 100644
  
  	if (global_disable)
  		return;
-@@ -942,7 +942,7 @@ out:
+@@ -945,7 +945,7 @@ static void check_unmap(struct dma_debug_entry *ref)
  
  static void check_for_stack(struct device *dev, void *addr)
  {
@@ -80685,10 +79398,10 @@ index a28df52..3d55877 100644
  	unsigned long c;
  
 diff --git a/lib/swiotlb.c b/lib/swiotlb.c
-index 196b069..358f342 100644
+index d23762e..e21eab2 100644
 --- a/lib/swiotlb.c
 +++ b/lib/swiotlb.c
-@@ -642,7 +642,7 @@ EXPORT_SYMBOL(swiotlb_alloc_coherent);
+@@ -664,7 +664,7 @@ EXPORT_SYMBOL(swiotlb_alloc_coherent);
  
  void
  swiotlb_free_coherent(struct device *hwdev, size_t size, void *vaddr,
@@ -80698,7 +79411,7 @@ index 196b069..358f342 100644
  	phys_addr_t paddr = dma_to_phys(hwdev, dev_addr);
  
 diff --git a/lib/vsprintf.c b/lib/vsprintf.c
-index fab33a9..3b5fe68 100644
+index 0d62fd7..b7bc911 100644
 --- a/lib/vsprintf.c
 +++ b/lib/vsprintf.c
 @@ -16,6 +16,9 @@
@@ -80711,15 +79424,6 @@ index fab33a9..3b5fe68 100644
  #include <stdarg.h>
  #include <linux/module.h>	/* for KSYM_SYMBOL_LEN */
  #include <linux/types.h>
-@@ -541,7 +544,7 @@ char *symbol_string(char *buf, char *end, void *ptr,
- 	char sym[KSYM_SYMBOL_LEN];
- 	if (ext == 'B')
- 		sprint_backtrace(sym, value);
--	else if (ext != 'f' && ext != 's')
-+	else if (ext != 'f' && ext != 's' && ext != 'a')
- 		sprint_symbol(sym, value);
- 	else
- 		sprint_symbol_no_offset(sym, value);
 @@ -974,7 +977,11 @@ char *netdev_feature_string(char *buf, char *end, const u8 *addr,
  	return number(buf, end, *(const netdev_features_t *)addr, spec);
  }
@@ -80741,7 +79445,7 @@ index fab33a9..3b5fe68 100644
   * - 'R' For decoded struct resource, e.g., [mem 0x0-0x1f 64bit pref]
   * - 'r' For raw struct resource, e.g., [mem 0x0-0x1f flags 0x201]
   * - 'M' For a 6-byte MAC address, it prints the address in the
-@@ -1043,12 +1052,12 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
+@@ -1044,12 +1053,12 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
  
  	if (!ptr && *fmt != 'K') {
  		/*
@@ -80756,7 +79460,7 @@ index fab33a9..3b5fe68 100644
  	}
  
  	switch (*fmt) {
-@@ -1058,6 +1067,13 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
+@@ -1059,6 +1068,12 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
  		/* Fallthrough */
  	case 'S':
  	case 's':
@@ -80766,11 +79470,10 @@ index fab33a9..3b5fe68 100644
 +		return symbol_string(buf, end, ptr, spec, *fmt);
 +#endif
 +	case 'A':
-+	case 'a':
  	case 'B':
  		return symbol_string(buf, end, ptr, spec, *fmt);
  	case 'R':
-@@ -1098,6 +1114,8 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
+@@ -1099,6 +1114,8 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
  			va_end(va);
  			return buf;
  		}
@@ -80779,9 +79482,9 @@ index fab33a9..3b5fe68 100644
  	case 'K':
  		/*
  		 * %pK cannot be used in IRQ context because its test
-@@ -1121,6 +1139,21 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
- 		}
- 		break;
+@@ -1128,6 +1145,21 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
+ 		return number(buf, end,
+ 			      (unsigned long long) *((phys_addr_t *)ptr), spec);
  	}
 +
 +#ifdef CONFIG_GRKERNSEC_HIDESYM
@@ -80801,7 +79504,7 @@ index fab33a9..3b5fe68 100644
  	spec.flags |= SMALL;
  	if (spec.field_width == -1) {
  		spec.field_width = default_width;
-@@ -1842,11 +1875,11 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf)
+@@ -1849,11 +1881,11 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf)
  	typeof(type) value;						\
  	if (sizeof(type) == 8) {					\
  		args = PTR_ALIGN(args, sizeof(u32));			\
@@ -80816,7 +79519,7 @@ index fab33a9..3b5fe68 100644
  	}								\
  	args += sizeof(type);						\
  	value;								\
-@@ -1909,7 +1942,7 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf)
+@@ -1916,7 +1948,7 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf)
  		case FORMAT_TYPE_STR: {
  			const char *str_arg = args;
  			args += strlen(str_arg) + 1;
@@ -80833,10 +79536,10 @@ index 0000000..7cd6065
 @@ -0,0 +1 @@
 +-grsec
 diff --git a/mm/Kconfig b/mm/Kconfig
-index 278e3ab..87c384d 100644
+index 3bea74f..e821c99 100644
 --- a/mm/Kconfig
 +++ b/mm/Kconfig
-@@ -286,10 +286,10 @@ config KSM
+@@ -311,10 +311,10 @@ config KSM
  	  root has set /sys/kernel/mm/ksm/run to 1 (if CONFIG_SYSFS is set).
  
  config DEFAULT_MMAP_MIN_ADDR
@@ -80850,7 +79553,7 @@ index 278e3ab..87c384d 100644
  	  This is the portion of low virtual memory which should be protected
  	  from userspace allocation.  Keeping a user from writing to low pages
  	  can help reduce the impact of kernel NULL pointer bugs.
-@@ -320,7 +320,7 @@ config MEMORY_FAILURE
+@@ -345,7 +345,7 @@ config MEMORY_FAILURE
  
  config HWPOISON_INJECT
  	tristate "HWPoison pages injector"
@@ -80860,10 +79563,10 @@ index 278e3ab..87c384d 100644
  
  config NOMMU_INITIAL_TRIM_EXCESS
 diff --git a/mm/filemap.c b/mm/filemap.c
-index 83efee7..3f99381 100644
+index e1979fd..dda5120 100644
 --- a/mm/filemap.c
 +++ b/mm/filemap.c
-@@ -1747,7 +1747,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma)
+@@ -1748,7 +1748,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma)
  	struct address_space *mapping = file->f_mapping;
  
  	if (!mapping->a_ops->readpage)
@@ -80872,7 +79575,7 @@ index 83efee7..3f99381 100644
  	file_accessed(file);
  	vma->vm_ops = &generic_file_vm_ops;
  	return 0;
-@@ -2087,6 +2087,7 @@ inline int generic_write_checks(struct file *file, loff_t *pos, size_t *count, i
+@@ -2088,6 +2088,7 @@ inline int generic_write_checks(struct file *file, loff_t *pos, size_t *count, i
                          *pos = i_size_read(inode);
  
  		if (limit != RLIM_INFINITY) {
@@ -80881,10 +79584,10 @@ index 83efee7..3f99381 100644
  				send_sig(SIGXFSZ, current, 0);
  				return -EFBIG;
 diff --git a/mm/fremap.c b/mm/fremap.c
-index a0aaf0e..20325c3 100644
+index 87da359..3f41cb1 100644
 --- a/mm/fremap.c
 +++ b/mm/fremap.c
-@@ -157,6 +157,11 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
+@@ -158,6 +158,11 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
   retry:
  	vma = find_vma(mm, start);
  
@@ -80925,10 +79628,10 @@ index b32b70c..e512eb0 100644
  	set_page_address(page, (void *)vaddr);
  
 diff --git a/mm/hugetlb.c b/mm/hugetlb.c
-index 88eb939..0bd9e7d 100644
+index 1a12f5b..a85b8fc 100644
 --- a/mm/hugetlb.c
 +++ b/mm/hugetlb.c
-@@ -2008,15 +2008,17 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy,
+@@ -2005,15 +2005,17 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy,
  	struct hstate *h = &default_hstate;
  	unsigned long tmp;
  	int ret;
@@ -80949,7 +79652,7 @@ index 88eb939..0bd9e7d 100644
  	if (ret)
  		goto out;
  
-@@ -2073,15 +2075,17 @@ int hugetlb_overcommit_handler(struct ctl_table *table, int write,
+@@ -2070,15 +2072,17 @@ int hugetlb_overcommit_handler(struct ctl_table *table, int write,
  	struct hstate *h = &default_hstate;
  	unsigned long tmp;
  	int ret;
@@ -80970,7 +79673,7 @@ index 88eb939..0bd9e7d 100644
  	if (ret)
  		goto out;
  
-@@ -2515,6 +2519,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2512,6 +2516,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma,
  	return 1;
  }
  
@@ -80998,7 +79701,7 @@ index 88eb939..0bd9e7d 100644
  /*
   * Hugetlb_cow() should be called with page lock of the original hugepage held.
   * Called with hugetlb_instantiation_mutex held and pte_page locked so we
-@@ -2633,6 +2658,11 @@ retry_avoidcopy:
+@@ -2630,6 +2655,11 @@ retry_avoidcopy:
  				make_huge_pte(vma, new_page, 1));
  		page_remove_rmap(old_page);
  		hugepage_add_new_anon_rmap(new_page, vma, address);
@@ -81010,7 +79713,7 @@ index 88eb939..0bd9e7d 100644
  		/* Make the old page be freed below */
  		new_page = old_page;
  	}
-@@ -2792,6 +2822,10 @@ retry:
+@@ -2788,6 +2818,10 @@ retry:
  				&& (vma->vm_flags & VM_SHARED)));
  	set_huge_pte_at(mm, address, ptep, new_pte);
  
@@ -81021,7 +79724,7 @@ index 88eb939..0bd9e7d 100644
  	if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) {
  		/* Optimization, do the COW without a second fault */
  		ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page);
-@@ -2821,6 +2855,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2817,6 +2851,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
  	static DEFINE_MUTEX(hugetlb_instantiation_mutex);
  	struct hstate *h = hstate_vma(vma);
  
@@ -81032,7 +79735,7 @@ index 88eb939..0bd9e7d 100644
  	address &= huge_page_mask(h);
  
  	ptep = huge_pte_offset(mm, address);
-@@ -2834,6 +2872,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2830,6 +2868,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
  				VM_FAULT_SET_HINDEX(hstate_index(h));
  	}
  
@@ -81060,7 +79763,7 @@ index 88eb939..0bd9e7d 100644
  	if (!ptep)
  		return VM_FAULT_OOM;
 diff --git a/mm/internal.h b/mm/internal.h
-index 9ba2110..eaf0674 100644
+index 8562de0..7fdfe92 100644
 --- a/mm/internal.h
 +++ b/mm/internal.h
 @@ -100,6 +100,7 @@ extern pmd_t *mm_find_pmd(struct mm_struct *mm, unsigned long address);
@@ -81072,7 +79775,7 @@ index 9ba2110..eaf0674 100644
  #ifdef CONFIG_MEMORY_FAILURE
  extern bool is_free_buddy_page(struct page *page);
 diff --git a/mm/kmemleak.c b/mm/kmemleak.c
-index 752a705..6c3102e 100644
+index c8d7f31..2dbeffd 100644
 --- a/mm/kmemleak.c
 +++ b/mm/kmemleak.c
 @@ -363,7 +363,7 @@ static void print_unreferenced(struct seq_file *seq,
@@ -81084,7 +79787,7 @@ index 752a705..6c3102e 100644
  	}
  }
  
-@@ -1853,7 +1853,7 @@ static int __init kmemleak_late_init(void)
+@@ -1851,7 +1851,7 @@ static int __init kmemleak_late_init(void)
  		return -ENOMEM;
  	}
  
@@ -81116,10 +79819,10 @@ index d53adf9..03a24bf 100644
  	set_fs(old_fs);
  
 diff --git a/mm/madvise.c b/mm/madvise.c
-index 03dfa5c..b032917 100644
+index c58c94b..86ec14e 100644
 --- a/mm/madvise.c
 +++ b/mm/madvise.c
-@@ -48,6 +48,10 @@ static long madvise_behavior(struct vm_area_struct * vma,
+@@ -51,6 +51,10 @@ static long madvise_behavior(struct vm_area_struct * vma,
  	pgoff_t pgoff;
  	unsigned long new_flags = vma->vm_flags;
  
@@ -81130,7 +79833,7 @@ index 03dfa5c..b032917 100644
  	switch (behavior) {
  	case MADV_NORMAL:
  		new_flags = new_flags & ~VM_RAND_READ & ~VM_SEQ_READ;
-@@ -123,6 +127,13 @@ success:
+@@ -126,6 +130,13 @@ success:
  	/*
  	 * vm_flags is protected by the mmap_sem held in write mode.
  	 */
@@ -81144,7 +79847,7 @@ index 03dfa5c..b032917 100644
  	vma->vm_flags = new_flags;
  
  out:
-@@ -181,6 +192,11 @@ static long madvise_dontneed(struct vm_area_struct * vma,
+@@ -274,6 +285,11 @@ static long madvise_dontneed(struct vm_area_struct * vma,
  			     struct vm_area_struct ** prev,
  			     unsigned long start, unsigned long end)
  {
@@ -81156,7 +79859,7 @@ index 03dfa5c..b032917 100644
  	*prev = vma;
  	if (vma->vm_flags & (VM_LOCKED|VM_HUGETLB|VM_PFNMAP))
  		return -EINVAL;
-@@ -193,6 +209,21 @@ static long madvise_dontneed(struct vm_area_struct * vma,
+@@ -286,6 +302,21 @@ static long madvise_dontneed(struct vm_area_struct * vma,
  		zap_page_range(vma, start, end - start, &details);
  	} else
  		zap_page_range(vma, start, end - start, NULL);
@@ -81178,7 +79881,7 @@ index 03dfa5c..b032917 100644
  	return 0;
  }
  
-@@ -397,6 +428,16 @@ SYSCALL_DEFINE3(madvise, unsigned long, start, size_t, len_in, int, behavior)
+@@ -491,6 +522,16 @@ SYSCALL_DEFINE3(madvise, unsigned long, start, size_t, len_in, int, behavior)
  	if (end < start)
  		goto out;
  
@@ -81196,15 +79899,15 @@ index 03dfa5c..b032917 100644
  	if (end == start)
  		goto out;
 diff --git a/mm/memory-failure.c b/mm/memory-failure.c
-index c6e4dd3..1f41988 100644
+index df0694c..bc95539 100644
 --- a/mm/memory-failure.c
 +++ b/mm/memory-failure.c
 @@ -61,7 +61,7 @@ int sysctl_memory_failure_early_kill __read_mostly = 0;
  
  int sysctl_memory_failure_recovery __read_mostly = 1;
  
--atomic_long_t mce_bad_pages __read_mostly = ATOMIC_LONG_INIT(0);
-+atomic_long_unchecked_t mce_bad_pages __read_mostly = ATOMIC_LONG_INIT(0);
+-atomic_long_t num_poisoned_pages __read_mostly = ATOMIC_LONG_INIT(0);
++atomic_long_unchecked_t num_poisoned_pages __read_mostly = ATOMIC_LONG_INIT(0);
  
  #if defined(CONFIG_HWPOISON_INJECT) || defined(CONFIG_HWPOISON_INJECT_MODULE)
  
@@ -81226,74 +79929,97 @@ index c6e4dd3..1f41988 100644
  	{ reserved,	reserved,	"reserved kernel",	me_kernel },
  	/*
  	 * free pages are specially detected outside this table:
-@@ -1040,7 +1040,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags)
- 	}
- 
- 	nr_pages = 1 << compound_trans_order(hpage);
--	atomic_long_add(nr_pages, &mce_bad_pages);
-+	atomic_long_add_unchecked(nr_pages, &mce_bad_pages);
+@@ -1051,7 +1051,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags)
+ 		nr_pages = 1 << compound_order(hpage);
+ 	else /* normal page or thp */
+ 		nr_pages = 1;
+-	atomic_long_add(nr_pages, &num_poisoned_pages);
++	atomic_long_add_unchecked(nr_pages, &num_poisoned_pages);
  
  	/*
  	 * We need/can do nothing about count=0 pages.
-@@ -1070,7 +1070,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags)
+@@ -1081,7 +1081,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags)
  			if (!PageHWPoison(hpage)
  			    || (hwpoison_filter(p) && TestClearPageHWPoison(p))
  			    || (p != hpage && TestSetPageHWPoison(hpage))) {
--				atomic_long_sub(nr_pages, &mce_bad_pages);
-+				atomic_long_sub_unchecked(nr_pages, &mce_bad_pages);
+-				atomic_long_sub(nr_pages, &num_poisoned_pages);
++				atomic_long_sub_unchecked(nr_pages, &num_poisoned_pages);
  				return 0;
  			}
  			set_page_hwpoison_huge_page(hpage);
-@@ -1128,7 +1128,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags)
+@@ -1148,7 +1148,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags)
  	}
  	if (hwpoison_filter(p)) {
  		if (TestClearPageHWPoison(p))
--			atomic_long_sub(nr_pages, &mce_bad_pages);
-+			atomic_long_sub_unchecked(nr_pages, &mce_bad_pages);
+-			atomic_long_sub(nr_pages, &num_poisoned_pages);
++			atomic_long_sub_unchecked(nr_pages, &num_poisoned_pages);
  		unlock_page(hpage);
  		put_page(hpage);
  		return 0;
-@@ -1323,7 +1323,7 @@ int unpoison_memory(unsigned long pfn)
+@@ -1350,7 +1350,7 @@ int unpoison_memory(unsigned long pfn)
  			return 0;
  		}
  		if (TestClearPageHWPoison(p))
--			atomic_long_sub(nr_pages, &mce_bad_pages);
-+			atomic_long_sub_unchecked(nr_pages, &mce_bad_pages);
+-			atomic_long_sub(nr_pages, &num_poisoned_pages);
++			atomic_long_sub_unchecked(nr_pages, &num_poisoned_pages);
  		pr_info("MCE: Software-unpoisoned free page %#lx\n", pfn);
  		return 0;
  	}
-@@ -1337,7 +1337,7 @@ int unpoison_memory(unsigned long pfn)
+@@ -1364,7 +1364,7 @@ int unpoison_memory(unsigned long pfn)
  	 */
  	if (TestClearPageHWPoison(page)) {
  		pr_info("MCE: Software-unpoisoned page %#lx\n", pfn);
--		atomic_long_sub(nr_pages, &mce_bad_pages);
-+		atomic_long_sub_unchecked(nr_pages, &mce_bad_pages);
+-		atomic_long_sub(nr_pages, &num_poisoned_pages);
++		atomic_long_sub_unchecked(nr_pages, &num_poisoned_pages);
  		freeit = 1;
  		if (PageHuge(page))
  			clear_page_hwpoison_huge_page(page);
-@@ -1442,7 +1442,7 @@ static int soft_offline_huge_page(struct page *page, int flags)
- 	}
- done:
- 	if (!PageHWPoison(hpage))
+@@ -1491,7 +1491,7 @@ static int soft_offline_huge_page(struct page *page, int flags)
+ 	} else {
+ 		set_page_hwpoison_huge_page(hpage);
+ 		dequeue_hwpoisoned_huge_page(hpage);
 -		atomic_long_add(1 << compound_trans_order(hpage),
 +		atomic_long_add_unchecked(1 << compound_trans_order(hpage),
- 				&mce_bad_pages);
- 	set_page_hwpoison_huge_page(hpage);
- 	dequeue_hwpoisoned_huge_page(hpage);
-@@ -1583,7 +1583,7 @@ int soft_offline_page(struct page *page, int flags)
- 		return ret;
- 
- done:
--	atomic_long_add(1, &mce_bad_pages);
-+	atomic_long_add_unchecked(1, &mce_bad_pages);
- 	SetPageHWPoison(page);
+ 				&num_poisoned_pages);
+ 	}
  	/* keep elevated page count for bad page */
- 	return ret;
+@@ -1552,11 +1552,11 @@ int soft_offline_page(struct page *page, int flags)
+ 		if (PageHuge(page)) {
+ 			set_page_hwpoison_huge_page(hpage);
+ 			dequeue_hwpoisoned_huge_page(hpage);
+-			atomic_long_add(1 << compound_trans_order(hpage),
++			atomic_long_add_unchecked(1 << compound_trans_order(hpage),
+ 					&num_poisoned_pages);
+ 		} else {
+ 			SetPageHWPoison(page);
+-			atomic_long_inc(&num_poisoned_pages);
++			atomic_long_inc_unchecked(&num_poisoned_pages);
+ 		}
+ 	}
+ 	/* keep elevated page count for bad page */
+@@ -1596,7 +1596,7 @@ static int __soft_offline_page(struct page *page, int flags)
+ 		put_page(page);
+ 		pr_info("soft_offline: %#lx: invalidated\n", pfn);
+ 		SetPageHWPoison(page);
+-		atomic_long_inc(&num_poisoned_pages);
++		atomic_long_inc_unchecked(&num_poisoned_pages);
+ 		return 0;
+ 	}
+ 
+@@ -1626,7 +1626,7 @@ static int __soft_offline_page(struct page *page, int flags)
+ 				ret = -EIO;
+ 		} else {
+ 			SetPageHWPoison(page);
+-			atomic_long_inc(&num_poisoned_pages);
++			atomic_long_inc_unchecked(&num_poisoned_pages);
+ 		}
+ 	} else {
+ 		pr_info("soft offline: %#lx: isolation failed: %d, page count %d, type %lx\n",
 diff --git a/mm/memory.c b/mm/memory.c
-index 32a495a..8042dce 100644
+index ba94dec..08ffe0d 100644
 --- a/mm/memory.c
 +++ b/mm/memory.c
-@@ -434,6 +434,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud,
+@@ -438,6 +438,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud,
  		free_pte_range(tlb, pmd, addr);
  	} while (pmd++, addr = next, addr != end);
  
@@ -81301,7 +80027,7 @@ index 32a495a..8042dce 100644
  	start &= PUD_MASK;
  	if (start < floor)
  		return;
-@@ -448,6 +449,8 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud,
+@@ -452,6 +453,8 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud,
  	pmd = pmd_offset(pud, start);
  	pud_clear(pud);
  	pmd_free_tlb(tlb, pmd, start);
@@ -81310,7 +80036,7 @@ index 32a495a..8042dce 100644
  }
  
  static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd,
-@@ -467,6 +470,7 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd,
+@@ -471,6 +474,7 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd,
  		free_pmd_range(tlb, pud, addr, next, floor, ceiling);
  	} while (pud++, addr = next, addr != end);
  
@@ -81318,7 +80044,7 @@ index 32a495a..8042dce 100644
  	start &= PGDIR_MASK;
  	if (start < floor)
  		return;
-@@ -481,6 +485,8 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd,
+@@ -485,6 +489,8 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd,
  	pud = pud_offset(pgd, start);
  	pgd_clear(pgd);
  	pud_free_tlb(tlb, pud, start);
@@ -81327,7 +80053,7 @@ index 32a495a..8042dce 100644
  }
  
  /*
-@@ -1619,12 +1625,6 @@ no_page_table:
+@@ -1644,12 +1650,6 @@ no_page_table:
  	return page;
  }
  
@@ -81340,7 +80066,7 @@ index 32a495a..8042dce 100644
  /**
   * __get_user_pages() - pin user pages in memory
   * @tsk:	task_struct of target task
-@@ -1710,10 +1710,10 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
+@@ -1736,10 +1736,10 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
  
  	i = 0;
  
@@ -81353,7 +80079,7 @@ index 32a495a..8042dce 100644
  		if (!vma && in_gate_area(mm, start)) {
  			unsigned long pg = start & PAGE_MASK;
  			pgd_t *pgd;
-@@ -1761,7 +1761,7 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
+@@ -1788,7 +1788,7 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
  			goto next_page;
  		}
  
@@ -81362,7 +80088,7 @@ index 32a495a..8042dce 100644
  		    (vma->vm_flags & (VM_IO | VM_PFNMAP)) ||
  		    !(vm_flags & vma->vm_flags))
  			return i ? : -EFAULT;
-@@ -1788,11 +1788,6 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
+@@ -1817,11 +1817,6 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
  				int ret;
  				unsigned int fault_flags = 0;
  
@@ -81374,16 +80100,16 @@ index 32a495a..8042dce 100644
  				if (foll_flags & FOLL_WRITE)
  					fault_flags |= FAULT_FLAG_WRITE;
  				if (nonblocking)
-@@ -1866,7 +1861,7 @@ next_page:
- 			start += PAGE_SIZE;
- 			nr_pages--;
+@@ -1901,7 +1896,7 @@ next_page:
+ 			start += page_increm * PAGE_SIZE;
+ 			nr_pages -= page_increm;
  		} while (nr_pages && start < vma->vm_end);
 -	} while (nr_pages);
 +	}
  	return i;
  }
  EXPORT_SYMBOL(__get_user_pages);
-@@ -2073,6 +2068,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr,
+@@ -2108,6 +2103,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr,
  	page_add_file_rmap(page);
  	set_pte_at(mm, addr, pte, mk_pte(page, prot));
  
@@ -81394,7 +80120,7 @@ index 32a495a..8042dce 100644
  	retval = 0;
  	pte_unmap_unlock(pte, ptl);
  	return retval;
-@@ -2117,9 +2116,21 @@ int vm_insert_page(struct vm_area_struct *vma, unsigned long addr,
+@@ -2152,9 +2151,21 @@ int vm_insert_page(struct vm_area_struct *vma, unsigned long addr,
  	if (!page_count(page))
  		return -EINVAL;
  	if (!(vma->vm_flags & VM_MIXEDMAP)) {
@@ -81416,7 +80142,7 @@ index 32a495a..8042dce 100644
  	}
  	return insert_page(vma, addr, page, vma->vm_page_prot);
  }
-@@ -2202,6 +2213,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr,
+@@ -2237,6 +2248,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr,
  			unsigned long pfn)
  {
  	BUG_ON(!(vma->vm_flags & VM_MIXEDMAP));
@@ -81424,7 +80150,7 @@ index 32a495a..8042dce 100644
  
  	if (addr < vma->vm_start || addr >= vma->vm_end)
  		return -EFAULT;
-@@ -2449,7 +2461,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud,
+@@ -2484,7 +2496,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud,
  
  	BUG_ON(pud_huge(*pud));
  
@@ -81435,7 +80161,7 @@ index 32a495a..8042dce 100644
  	if (!pmd)
  		return -ENOMEM;
  	do {
-@@ -2469,7 +2483,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd,
+@@ -2504,7 +2518,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd,
  	unsigned long next;
  	int err;
  
@@ -81446,7 +80172,7 @@ index 32a495a..8042dce 100644
  	if (!pud)
  		return -ENOMEM;
  	do {
-@@ -2557,6 +2573,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo
+@@ -2592,6 +2608,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo
  		copy_user_highpage(dst, src, va, vma);
  }
  
@@ -81522,7 +80248,7 @@ index 32a495a..8042dce 100644
 +	page_add_anon_rmap(page_m, vma_m, address_m);
 +	inc_mm_counter_fast(mm, MM_ANONPAGES);
 +	set_pte_at(mm, address_m, pte_m, entry_m);
-+	update_mmu_cache(vma_m, address_m, entry_m);
++	update_mmu_cache(vma_m, address_m, pte_m);
 +out:
 +	if (ptl != ptl_m)
 +		spin_unlock(ptl_m);
@@ -81561,7 +80287,7 @@ index 32a495a..8042dce 100644
 +	page_add_file_rmap(page_m);
 +	inc_mm_counter_fast(mm, MM_FILEPAGES);
 +	set_pte_at(mm, address_m, pte_m, entry_m);
-+	update_mmu_cache(vma_m, address_m, entry_m);
++	update_mmu_cache(vma_m, address_m, pte_m);
 +out:
 +	if (ptl != ptl_m)
 +		spin_unlock(ptl_m);
@@ -81633,7 +80359,7 @@ index 32a495a..8042dce 100644
  /*
   * This routine handles present pages, when users try to write
   * to a shared page. It is done by copying the page to a new address
-@@ -2773,6 +2969,12 @@ gotten:
+@@ -2808,6 +3004,12 @@ gotten:
  	 */
  	page_table = pte_offset_map_lock(mm, pmd, address, &ptl);
  	if (likely(pte_same(*page_table, orig_pte))) {
@@ -81646,7 +80372,7 @@ index 32a495a..8042dce 100644
  		if (old_page) {
  			if (!PageAnon(old_page)) {
  				dec_mm_counter_fast(mm, MM_FILEPAGES);
-@@ -2824,6 +3026,10 @@ gotten:
+@@ -2859,6 +3061,10 @@ gotten:
  			page_remove_rmap(old_page);
  		}
  
@@ -81657,7 +80383,7 @@ index 32a495a..8042dce 100644
  		/* Free the old page.. */
  		new_page = old_page;
  		ret |= VM_FAULT_WRITE;
-@@ -3099,6 +3305,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3134,6 +3340,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
  	swap_free(entry);
  	if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page))
  		try_to_free_swap(page);
@@ -81667,9 +80393,9 @@ index 32a495a..8042dce 100644
 +#endif
 +
  	unlock_page(page);
- 	if (swapcache) {
+ 	if (page != swapcache) {
  		/*
-@@ -3122,6 +3333,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3157,6 +3368,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
  
  	/* No need to invalidate - it was non-present before */
  	update_mmu_cache(vma, address, page_table);
@@ -81681,7 +80407,7 @@ index 32a495a..8042dce 100644
  unlock:
  	pte_unmap_unlock(page_table, ptl);
  out:
-@@ -3141,40 +3357,6 @@ out_release:
+@@ -3176,40 +3392,6 @@ out_release:
  }
  
  /*
@@ -81722,7 +80448,7 @@ index 32a495a..8042dce 100644
   * We enter with non-exclusive mmap_sem (to exclude vma changes,
   * but allow concurrent faults), and pte mapped but not yet locked.
   * We return with mmap_sem still held, but pte unmapped and unlocked.
-@@ -3183,27 +3365,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3218,27 +3400,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
  		unsigned long address, pte_t *page_table, pmd_t *pmd,
  		unsigned int flags)
  {
@@ -81755,7 +80481,7 @@ index 32a495a..8042dce 100644
  	if (unlikely(anon_vma_prepare(vma)))
  		goto oom;
  	page = alloc_zeroed_user_highpage_movable(vma, address);
-@@ -3222,6 +3400,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3257,6 +3435,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
  	if (!pte_none(*page_table))
  		goto release;
  
@@ -81767,7 +80493,7 @@ index 32a495a..8042dce 100644
  	inc_mm_counter_fast(mm, MM_ANONPAGES);
  	page_add_new_anon_rmap(page, vma, address);
  setpte:
-@@ -3229,6 +3412,12 @@ setpte:
+@@ -3264,6 +3447,12 @@ setpte:
  
  	/* No need to invalidate - it was non-present before */
  	update_mmu_cache(vma, address, page_table);
@@ -81780,7 +80506,7 @@ index 32a495a..8042dce 100644
  unlock:
  	pte_unmap_unlock(page_table, ptl);
  	return 0;
-@@ -3372,6 +3561,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3407,6 +3596,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
  	 */
  	/* Only go through if we didn't race with anybody else... */
  	if (likely(pte_same(*page_table, orig_pte))) {
@@ -81793,7 +80519,7 @@ index 32a495a..8042dce 100644
  		flush_icache_page(vma, page);
  		entry = mk_pte(page, vma->vm_page_prot);
  		if (flags & FAULT_FLAG_WRITE)
-@@ -3391,6 +3586,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3426,6 +3621,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
  
  		/* no need to invalidate: a not-present page won't be cached */
  		update_mmu_cache(vma, address, page_table);
@@ -81808,7 +80534,7 @@ index 32a495a..8042dce 100644
  	} else {
  		if (cow_page)
  			mem_cgroup_uncharge_page(cow_page);
-@@ -3712,6 +3915,12 @@ int handle_pte_fault(struct mm_struct *mm,
+@@ -3747,6 +3950,12 @@ int handle_pte_fault(struct mm_struct *mm,
  		if (flags & FAULT_FLAG_WRITE)
  			flush_tlb_fix_spurious_fault(vma, address);
  	}
@@ -81821,7 +80547,7 @@ index 32a495a..8042dce 100644
  unlock:
  	pte_unmap_unlock(pte, ptl);
  	return 0;
-@@ -3728,6 +3937,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3763,6 +3972,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
  	pmd_t *pmd;
  	pte_t *pte;
  
@@ -81832,7 +80558,7 @@ index 32a495a..8042dce 100644
  	__set_current_state(TASK_RUNNING);
  
  	count_vm_event(PGFAULT);
-@@ -3739,6 +3952,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3774,6 +3987,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
  	if (unlikely(is_vm_hugetlb_page(vma)))
  		return hugetlb_fault(mm, vma, address, flags);
  
@@ -81867,7 +80593,7 @@ index 32a495a..8042dce 100644
  retry:
  	pgd = pgd_offset(mm, address);
  	pud = pud_alloc(mm, pgd, address);
-@@ -3837,6 +4078,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
+@@ -3872,6 +4113,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
  	spin_unlock(&mm->page_table_lock);
  	return 0;
  }
@@ -81891,7 +80617,7 @@ index 32a495a..8042dce 100644
  #endif /* __PAGETABLE_PUD_FOLDED */
  
  #ifndef __PAGETABLE_PMD_FOLDED
-@@ -3867,11 +4125,35 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address)
+@@ -3902,6 +4160,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address)
  	spin_unlock(&mm->page_table_lock);
  	return 0;
  }
@@ -81921,15 +80647,8 @@ index 32a495a..8042dce 100644
 +}
  #endif /* __PAGETABLE_PMD_FOLDED */
  
--int make_pages_present(unsigned long addr, unsigned long end)
-+ssize_t make_pages_present(unsigned long addr, unsigned long end)
- {
--	int ret, len, write;
-+	ssize_t ret, len, write;
- 	struct vm_area_struct * vma;
- 
- 	vma = find_vma(current->mm, addr);
-@@ -3904,7 +4186,7 @@ static int __init gate_vma_init(void)
+ #if !defined(__HAVE_ARCH_GATE_AREA)
+@@ -3915,7 +4197,7 @@ static int __init gate_vma_init(void)
  	gate_vma.vm_start = FIXADDR_USER_START;
  	gate_vma.vm_end = FIXADDR_USER_END;
  	gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC;
@@ -81938,7 +80657,7 @@ index 32a495a..8042dce 100644
  
  	return 0;
  }
-@@ -4038,8 +4320,8 @@ out:
+@@ -4049,8 +4331,8 @@ out:
  	return ret;
  }
  
@@ -81949,7 +80668,7 @@ index 32a495a..8042dce 100644
  {
  	resource_size_t phys_addr;
  	unsigned long prot = 0;
-@@ -4064,8 +4346,8 @@ int generic_access_phys(struct vm_area_struct *vma, unsigned long addr,
+@@ -4075,8 +4357,8 @@ int generic_access_phys(struct vm_area_struct *vma, unsigned long addr,
   * Access another process' address space as given in mm.  If non-NULL, use the
   * given task for page fault accounting.
   */
@@ -81960,7 +80679,7 @@ index 32a495a..8042dce 100644
  {
  	struct vm_area_struct *vma;
  	void *old_buf = buf;
-@@ -4073,7 +4355,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
+@@ -4084,7 +4366,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
  	down_read(&mm->mmap_sem);
  	/* ignore errors, just check how much was successfully transferred */
  	while (len) {
@@ -81969,7 +80688,7 @@ index 32a495a..8042dce 100644
  		void *maddr;
  		struct page *page = NULL;
  
-@@ -4132,8 +4414,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
+@@ -4143,8 +4425,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
   *
   * The caller must hold a reference on @mm.
   */
@@ -81980,7 +80699,7 @@ index 32a495a..8042dce 100644
  {
  	return __access_remote_vm(NULL, mm, addr, buf, len, write);
  }
-@@ -4143,11 +4425,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr,
+@@ -4154,11 +4436,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr,
   * Source/target buffer must be kernel space,
   * Do not walk the page table directly, use get_user_pages
   */
@@ -81996,10 +80715,10 @@ index 32a495a..8042dce 100644
  	mm = get_task_mm(tsk);
  	if (!mm)
 diff --git a/mm/mempolicy.c b/mm/mempolicy.c
-index 3df6d12..a11056a 100644
+index 7431001..0f8344e 100644
 --- a/mm/mempolicy.c
 +++ b/mm/mempolicy.c
-@@ -721,6 +721,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start,
+@@ -708,6 +708,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start,
  	unsigned long vmstart;
  	unsigned long vmend;
  
@@ -82010,7 +80729,7 @@ index 3df6d12..a11056a 100644
  	vma = find_vma(mm, start);
  	if (!vma || vma->vm_start > start)
  		return -EFAULT;
-@@ -757,9 +761,20 @@ static int mbind_range(struct mm_struct *mm, unsigned long start,
+@@ -744,9 +748,20 @@ static int mbind_range(struct mm_struct *mm, unsigned long start,
  			if (err)
  				goto out;
  		}
@@ -82031,7 +80750,7 @@ index 3df6d12..a11056a 100644
  	}
  
   out:
-@@ -1216,6 +1231,17 @@ static long do_mbind(unsigned long start, unsigned long len,
+@@ -1202,6 +1217,17 @@ static long do_mbind(unsigned long start, unsigned long len,
  
  	if (end < start)
  		return -EINVAL;
@@ -82049,7 +80768,7 @@ index 3df6d12..a11056a 100644
  	if (end == start)
  		return 0;
  
-@@ -1445,8 +1471,7 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode,
+@@ -1430,8 +1456,7 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode,
  	 */
  	tcred = __task_cred(task);
  	if (!uid_eq(cred->euid, tcred->suid) && !uid_eq(cred->euid, tcred->uid) &&
@@ -82059,7 +80778,7 @@ index 3df6d12..a11056a 100644
  		rcu_read_unlock();
  		err = -EPERM;
  		goto out_put;
-@@ -1477,6 +1502,15 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode,
+@@ -1462,6 +1487,15 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode,
  		goto out;
  	}
  
@@ -82076,10 +80795,10 @@ index 3df6d12..a11056a 100644
  		capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE);
  
 diff --git a/mm/migrate.c b/mm/migrate.c
-index 2fd8b4a..d70358f 100644
+index 3bbaf5d..299b0e9 100644
 --- a/mm/migrate.c
 +++ b/mm/migrate.c
-@@ -1401,8 +1401,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages,
+@@ -1382,8 +1382,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages,
  	 */
  	tcred = __task_cred(task);
  	if (!uid_eq(cred->euid, tcred->suid) && !uid_eq(cred->euid, tcred->uid) &&
@@ -82090,7 +80809,7 @@ index 2fd8b4a..d70358f 100644
  		err = -EPERM;
  		goto out;
 diff --git a/mm/mlock.c b/mm/mlock.c
-index c9bd528..da8d069 100644
+index 79b7cf7..c60424f 100644
 --- a/mm/mlock.c
 +++ b/mm/mlock.c
 @@ -13,6 +13,7 @@
@@ -82101,7 +80820,7 @@ index c9bd528..da8d069 100644
  #include <linux/sched.h>
  #include <linux/export.h>
  #include <linux/rmap.h>
-@@ -369,7 +370,7 @@ static int do_mlock(unsigned long start, size_t len, int on)
+@@ -334,7 +335,7 @@ static int do_mlock(unsigned long start, size_t len, int on)
  {
  	unsigned long nstart, end, tmp;
  	struct vm_area_struct * vma, * prev;
@@ -82110,7 +80829,7 @@ index c9bd528..da8d069 100644
  
  	VM_BUG_ON(start & ~PAGE_MASK);
  	VM_BUG_ON(len != PAGE_ALIGN(len));
-@@ -378,6 +379,9 @@ static int do_mlock(unsigned long start, size_t len, int on)
+@@ -343,6 +344,9 @@ static int do_mlock(unsigned long start, size_t len, int on)
  		return -EINVAL;
  	if (end == start)
  		return 0;
@@ -82120,7 +80839,7 @@ index c9bd528..da8d069 100644
  	vma = find_vma(current->mm, start);
  	if (!vma || vma->vm_start > start)
  		return -ENOMEM;
-@@ -389,6 +393,11 @@ static int do_mlock(unsigned long start, size_t len, int on)
+@@ -354,6 +358,11 @@ static int do_mlock(unsigned long start, size_t len, int on)
  	for (nstart = start ; ; ) {
  		vm_flags_t newflags;
  
@@ -82131,8 +80850,8 @@ index c9bd528..da8d069 100644
 +
  		/* Here we know that  vma->vm_start <= nstart < vma->vm_end. */
  
- 		newflags = vma->vm_flags | VM_LOCKED;
-@@ -494,6 +503,7 @@ SYSCALL_DEFINE2(mlock, unsigned long, start, size_t, len)
+ 		newflags = vma->vm_flags & ~VM_LOCKED;
+@@ -466,6 +475,7 @@ SYSCALL_DEFINE2(mlock, unsigned long, start, size_t, len)
  	lock_limit >>= PAGE_SHIFT;
  
  	/* check against resource limits */
@@ -82140,7 +80859,7 @@ index c9bd528..da8d069 100644
  	if ((locked <= lock_limit) || capable(CAP_IPC_LOCK))
  		error = do_mlock(start, len, 1);
  	up_write(&current->mm->mmap_sem);
-@@ -528,6 +538,12 @@ static int do_mlockall(int flags)
+@@ -500,6 +510,12 @@ static int do_mlockall(int flags)
  	for (vma = current->mm->mmap; vma ; vma = prev->vm_next) {
  		vm_flags_t newflags;
  
@@ -82150,10 +80869,10 @@ index c9bd528..da8d069 100644
 +#endif
 +
 +		BUG_ON(vma->vm_end > TASK_SIZE);
- 		newflags = vma->vm_flags | VM_LOCKED;
- 		if (!(flags & MCL_CURRENT))
- 			newflags &= ~VM_LOCKED;
-@@ -560,6 +576,7 @@ SYSCALL_DEFINE1(mlockall, int, flags)
+ 		newflags = vma->vm_flags & ~VM_LOCKED;
+ 		if (flags & MCL_CURRENT)
+ 			newflags |= VM_LOCKED;
+@@ -532,6 +548,7 @@ SYSCALL_DEFINE1(mlockall, int, flags)
  	lock_limit >>= PAGE_SHIFT;
  
  	ret = -ENOMEM;
@@ -82162,18 +80881,18 @@ index c9bd528..da8d069 100644
  	    capable(CAP_IPC_LOCK))
  		ret = do_mlockall(flags);
 diff --git a/mm/mmap.c b/mm/mmap.c
-index 32f3372..254d5f3 100644
+index e17fc06..72fc5fd 100644
 --- a/mm/mmap.c
 +++ b/mm/mmap.c
-@@ -32,6 +32,7 @@
- #include <linux/khugepaged.h>
+@@ -33,6 +33,7 @@
  #include <linux/uprobes.h>
  #include <linux/rbtree_augmented.h>
+ #include <linux/sched/sysctl.h>
 +#include <linux/random.h>
  
  #include <asm/uaccess.h>
  #include <asm/cacheflush.h>
-@@ -48,6 +49,16 @@
+@@ -49,6 +50,16 @@
  #define arch_rebalance_pgtables(addr, len)		(addr)
  #endif
  
@@ -82190,7 +80909,7 @@ index 32f3372..254d5f3 100644
  static void unmap_region(struct mm_struct *mm,
  		struct vm_area_struct *vma, struct vm_area_struct *prev,
  		unsigned long start, unsigned long end);
-@@ -67,22 +78,32 @@ static void unmap_region(struct mm_struct *mm,
+@@ -68,22 +79,32 @@ static void unmap_region(struct mm_struct *mm,
   *		x: (no) no	x: (no) yes	x: (no) yes	x: (yes) yes
   *
   */
@@ -82226,7 +80945,7 @@ index 32f3372..254d5f3 100644
  /*
   * Make sure vm_committed_as in one cacheline and not cacheline shared with
   * other variables. It can be updated by several CPUs frequently.
-@@ -238,6 +259,7 @@ static struct vm_area_struct *remove_vma(struct vm_area_struct *vma)
+@@ -239,6 +260,7 @@ static struct vm_area_struct *remove_vma(struct vm_area_struct *vma)
  	struct vm_area_struct *next = vma->vm_next;
  
  	might_sleep();
@@ -82234,7 +80953,7 @@ index 32f3372..254d5f3 100644
  	if (vma->vm_ops && vma->vm_ops->close)
  		vma->vm_ops->close(vma);
  	if (vma->vm_file)
-@@ -281,6 +303,7 @@ SYSCALL_DEFINE1(brk, unsigned long, brk)
+@@ -283,6 +305,7 @@ SYSCALL_DEFINE1(brk, unsigned long, brk)
  	 * not page aligned -Ram Gupta
  	 */
  	rlim = rlimit(RLIMIT_DATA);
@@ -82242,7 +80961,7 @@ index 32f3372..254d5f3 100644
  	if (rlim < RLIM_INFINITY && (brk - mm->start_brk) +
  			(mm->end_data - mm->start_data) > rlim)
  		goto out;
-@@ -888,6 +911,12 @@ static int
+@@ -897,6 +920,12 @@ static int
  can_vma_merge_before(struct vm_area_struct *vma, unsigned long vm_flags,
  	struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff)
  {
@@ -82255,7 +80974,7 @@ index 32f3372..254d5f3 100644
  	if (is_mergeable_vma(vma, file, vm_flags) &&
  	    is_mergeable_anon_vma(anon_vma, vma->anon_vma, vma)) {
  		if (vma->vm_pgoff == vm_pgoff)
-@@ -907,6 +936,12 @@ static int
+@@ -916,6 +945,12 @@ static int
  can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags,
  	struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff)
  {
@@ -82268,7 +80987,7 @@ index 32f3372..254d5f3 100644
  	if (is_mergeable_vma(vma, file, vm_flags) &&
  	    is_mergeable_anon_vma(anon_vma, vma->anon_vma, vma)) {
  		pgoff_t vm_pglen;
-@@ -949,13 +984,20 @@ can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags,
+@@ -958,13 +993,20 @@ can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags,
  struct vm_area_struct *vma_merge(struct mm_struct *mm,
  			struct vm_area_struct *prev, unsigned long addr,
  			unsigned long end, unsigned long vm_flags,
@@ -82290,7 +81009,7 @@ index 32f3372..254d5f3 100644
  	/*
  	 * We later require that vma->vm_flags == vm_flags,
  	 * so this tests vma->vm_flags & VM_SPECIAL, too.
-@@ -971,6 +1013,15 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
+@@ -980,6 +1022,15 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
  	if (next && next->vm_end == end)		/* cases 6, 7, 8 */
  		next = next->vm_next;
  
@@ -82306,7 +81025,7 @@ index 32f3372..254d5f3 100644
  	/*
  	 * Can it merge with the predecessor?
  	 */
-@@ -990,9 +1041,24 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
+@@ -999,9 +1050,24 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
  							/* cases 1, 6 */
  			err = vma_adjust(prev, prev->vm_start,
  				next->vm_end, prev->vm_pgoff, NULL);
@@ -82332,7 +81051,7 @@ index 32f3372..254d5f3 100644
  		if (err)
  			return NULL;
  		khugepaged_enter_vma_merge(prev);
-@@ -1006,12 +1072,27 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
+@@ -1015,12 +1081,27 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
   			mpol_equal(policy, vma_policy(next)) &&
  			can_vma_merge_before(next, vm_flags,
  					anon_vma, file, pgoff+pglen)) {
@@ -82362,7 +81081,7 @@ index 32f3372..254d5f3 100644
  		if (err)
  			return NULL;
  		khugepaged_enter_vma_merge(area);
-@@ -1120,8 +1201,10 @@ none:
+@@ -1129,8 +1210,10 @@ none:
  void vm_stat_account(struct mm_struct *mm, unsigned long flags,
  						struct file *file, long pages)
  {
@@ -82375,7 +81094,7 @@ index 32f3372..254d5f3 100644
  
  	mm->total_vm += pages;
  
-@@ -1129,7 +1212,7 @@ void vm_stat_account(struct mm_struct *mm, unsigned long flags,
+@@ -1138,7 +1221,7 @@ void vm_stat_account(struct mm_struct *mm, unsigned long flags,
  		mm->shared_vm += pages;
  		if ((flags & (VM_EXEC|VM_WRITE)) == VM_EXEC)
  			mm->exec_vm += pages;
@@ -82384,7 +81103,7 @@ index 32f3372..254d5f3 100644
  		mm->stack_vm += pages;
  }
  #endif /* CONFIG_PROC_FS */
-@@ -1165,7 +1248,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
+@@ -1177,7 +1260,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
  	 * (the exception is when the underlying filesystem is noexec
  	 *  mounted, in which case we dont add PROT_EXEC.)
  	 */
@@ -82393,7 +81112,7 @@ index 32f3372..254d5f3 100644
  		if (!(file && (file->f_path.mnt->mnt_flags & MNT_NOEXEC)))
  			prot |= PROT_EXEC;
  
-@@ -1191,7 +1274,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
+@@ -1203,7 +1286,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
  	/* Obtain the address to map to. we verify (or select) it and ensure
  	 * that it represents a valid section of the address space.
  	 */
@@ -82402,7 +81121,7 @@ index 32f3372..254d5f3 100644
  	if (addr & ~PAGE_MASK)
  		return addr;
  
-@@ -1202,6 +1285,36 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
+@@ -1214,6 +1297,36 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
  	vm_flags = calc_vm_prot_bits(prot) | calc_vm_flag_bits(flags) |
  			mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC;
  
@@ -82439,7 +81158,7 @@ index 32f3372..254d5f3 100644
  	if (flags & MAP_LOCKED)
  		if (!can_do_mlock())
  			return -EPERM;
-@@ -1213,6 +1326,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
+@@ -1225,6 +1338,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
  		locked += mm->locked_vm;
  		lock_limit = rlimit(RLIMIT_MEMLOCK);
  		lock_limit >>= PAGE_SHIFT;
@@ -82447,17 +81166,17 @@ index 32f3372..254d5f3 100644
  		if (locked > lock_limit && !capable(CAP_IPC_LOCK))
  			return -EAGAIN;
  	}
-@@ -1279,6 +1393,9 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
- 		}
+@@ -1305,6 +1419,9 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
+ 			vm_flags |= VM_NORESERVE;
  	}
  
 +	if (!gr_acl_handle_mmap(file, prot))
 +		return -EACCES;
-+
- 	return mmap_region(file, addr, len, flags, vm_flags, pgoff);
- }
- 
-@@ -1356,7 +1473,7 @@ int vma_wants_writenotify(struct vm_area_struct *vma)
++	
+ 	addr = mmap_region(file, addr, len, vm_flags, pgoff);
+ 	if (!IS_ERR_VALUE(addr) &&
+ 	    ((vm_flags & VM_LOCKED) ||
+@@ -1392,7 +1509,7 @@ int vma_wants_writenotify(struct vm_area_struct *vma)
  	vm_flags_t vm_flags = vma->vm_flags;
  
  	/* If it was private or non-writable, the write bit is already clear */
@@ -82466,9 +81185,9 @@ index 32f3372..254d5f3 100644
  		return 0;
  
  	/* The backer wishes to know when pages are first written to? */
-@@ -1405,16 +1522,30 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
+@@ -1440,16 +1557,30 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
  	unsigned long charged = 0;
- 	struct inode *inode =  file ? file->f_path.dentry->d_inode : NULL;
+ 	struct inode *inode =  file ? file_inode(file) : NULL;
  
 +#ifdef CONFIG_PAX_SEGMEXEC
 +	struct vm_area_struct *vma_m = NULL;
@@ -82499,7 +81218,7 @@ index 32f3372..254d5f3 100644
  	if (!may_expand_vm(mm, len >> PAGE_SHIFT))
  		return -ENOMEM;
  
-@@ -1460,6 +1591,16 @@ munmap_back:
+@@ -1481,6 +1612,16 @@ munmap_back:
  		goto unacct_error;
  	}
  
@@ -82516,7 +81235,7 @@ index 32f3372..254d5f3 100644
  	vma->vm_mm = mm;
  	vma->vm_start = addr;
  	vma->vm_end = addr + len;
-@@ -1484,6 +1625,13 @@ munmap_back:
+@@ -1505,6 +1646,13 @@ munmap_back:
  		if (error)
  			goto unmap_and_free_vma;
  
@@ -82530,7 +81249,7 @@ index 32f3372..254d5f3 100644
  		/* Can addr have changed??
  		 *
  		 * Answer: Yes, several device drivers can do it in their
-@@ -1522,6 +1670,11 @@ munmap_back:
+@@ -1543,6 +1691,11 @@ munmap_back:
  	vma_link(mm, vma, prev, rb_link, rb_parent);
  	file = vma->vm_file;
  
@@ -82542,15 +81261,15 @@ index 32f3372..254d5f3 100644
  	/* Once vma denies write, undo our temporary denial count */
  	if (correct_wcount)
  		atomic_inc(&inode->i_writecount);
-@@ -1529,6 +1682,7 @@ out:
+@@ -1550,6 +1703,7 @@ out:
  	perf_event_mmap(vma);
  
  	vm_stat_account(mm, vm_flags, file, len >> PAGE_SHIFT);
 +	track_exec_limit(mm, addr, addr + len, vm_flags);
  	if (vm_flags & VM_LOCKED) {
- 		if (!mlock_vma_pages_range(vma, addr, addr + len))
- 			mm->locked_vm += (len >> PAGE_SHIFT);
-@@ -1550,6 +1704,12 @@ unmap_and_free_vma:
+ 		if (!((vm_flags & VM_SPECIAL) || is_vm_hugetlb_page(vma) ||
+ 					vma == get_gate_vma(current->mm)))
+@@ -1573,6 +1727,12 @@ unmap_and_free_vma:
  	unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end);
  	charged = 0;
  free_vma:
@@ -82563,7 +81282,7 @@ index 32f3372..254d5f3 100644
  	kmem_cache_free(vm_area_cachep, vma);
  unacct_error:
  	if (charged)
-@@ -1557,6 +1717,62 @@ unacct_error:
+@@ -1580,6 +1740,62 @@ unacct_error:
  	return error;
  }
  
@@ -82626,7 +81345,7 @@ index 32f3372..254d5f3 100644
  unsigned long unmapped_area(struct vm_unmapped_area_info *info)
  {
  	/*
-@@ -1776,6 +1992,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
+@@ -1799,6 +2015,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
  	struct mm_struct *mm = current->mm;
  	struct vm_area_struct *vma;
  	struct vm_unmapped_area_info info;
@@ -82634,7 +81353,7 @@ index 32f3372..254d5f3 100644
  
  	if (len > TASK_SIZE)
  		return -ENOMEM;
-@@ -1783,17 +2000,26 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
+@@ -1806,29 +2023,45 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
  	if (flags & MAP_FIXED)
  		return addr;
  
@@ -82662,8 +81381,10 @@ index 32f3372..254d5f3 100644
 +
  	info.high_limit = TASK_SIZE;
  	info.align_mask = 0;
++	info.threadstack_offset = offset;
  	return vm_unmapped_area(&info);
-@@ -1802,10 +2028,16 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
+ }
+ #endif	
  
  void arch_unmap_area(struct mm_struct *mm, unsigned long addr)
  {
@@ -82681,7 +81402,7 @@ index 32f3372..254d5f3 100644
  		mm->free_area_cache = addr;
  }
  
-@@ -1823,6 +2055,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+@@ -1846,6 +2079,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
  	struct mm_struct *mm = current->mm;
  	unsigned long addr = addr0;
  	struct vm_unmapped_area_info info;
@@ -82689,7 +81410,7 @@ index 32f3372..254d5f3 100644
  
  	/* requested length too big for entire address space */
  	if (len > TASK_SIZE)
-@@ -1831,12 +2064,15 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+@@ -1854,12 +2088,15 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
  	if (flags & MAP_FIXED)
  		return addr;
  
@@ -82707,7 +81428,15 @@ index 32f3372..254d5f3 100644
  			return addr;
  	}
  
-@@ -1857,6 +2093,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+@@ -1868,6 +2105,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+ 	info.low_limit = PAGE_SIZE;
+ 	info.high_limit = mm->mmap_base;
+ 	info.align_mask = 0;
++	info.threadstack_offset = offset;
+ 	addr = vm_unmapped_area(&info);
+ 
+ 	/*
+@@ -1880,6 +2118,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
  		VM_BUG_ON(addr != -ENOMEM);
  		info.flags = 0;
  		info.low_limit = TASK_UNMAPPED_BASE;
@@ -82720,7 +81449,7 @@ index 32f3372..254d5f3 100644
  		info.high_limit = TASK_SIZE;
  		addr = vm_unmapped_area(&info);
  	}
-@@ -1867,6 +2109,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+@@ -1890,6 +2134,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
  
  void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr)
  {
@@ -82733,7 +81462,7 @@ index 32f3372..254d5f3 100644
  	/*
  	 * Is this a new hole at the highest possible address?
  	 */
-@@ -1874,8 +2122,10 @@ void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr)
+@@ -1897,8 +2147,10 @@ void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr)
  		mm->free_area_cache = addr;
  
  	/* dont allow allocations above current base */
@@ -82745,7 +81474,7 @@ index 32f3372..254d5f3 100644
  }
  
  unsigned long
-@@ -1974,6 +2224,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr,
+@@ -1997,6 +2249,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr,
  	return vma;
  }
  
@@ -82774,7 +81503,7 @@ index 32f3372..254d5f3 100644
  /*
   * Verify that the stack growth is acceptable and
   * update accounting. This is shared with both the
-@@ -1990,6 +2262,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
+@@ -2013,6 +2287,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
  		return -ENOMEM;
  
  	/* Stack limit test */
@@ -82782,7 +81511,7 @@ index 32f3372..254d5f3 100644
  	if (size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur))
  		return -ENOMEM;
  
-@@ -2000,6 +2273,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
+@@ -2023,6 +2298,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
  		locked = mm->locked_vm + grow;
  		limit = ACCESS_ONCE(rlim[RLIMIT_MEMLOCK].rlim_cur);
  		limit >>= PAGE_SHIFT;
@@ -82790,7 +81519,7 @@ index 32f3372..254d5f3 100644
  		if (locked > limit && !capable(CAP_IPC_LOCK))
  			return -ENOMEM;
  	}
-@@ -2029,37 +2303,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
+@@ -2052,37 +2328,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
   * PA-RISC uses this for its stack; IA64 for its Register Backing Store.
   * vma is the last one with address > vma->vm_end.  Have to extend vma.
   */
@@ -82848,7 +81577,7 @@ index 32f3372..254d5f3 100644
  		unsigned long size, grow;
  
  		size = address - vma->vm_start;
-@@ -2094,6 +2379,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address)
+@@ -2117,6 +2404,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address)
  			}
  		}
  	}
@@ -82857,7 +81586,7 @@ index 32f3372..254d5f3 100644
  	vma_unlock_anon_vma(vma);
  	khugepaged_enter_vma_merge(vma);
  	validate_mm(vma->vm_mm);
-@@ -2108,6 +2395,8 @@ int expand_downwards(struct vm_area_struct *vma,
+@@ -2131,6 +2420,8 @@ int expand_downwards(struct vm_area_struct *vma,
  				   unsigned long address)
  {
  	int error;
@@ -82866,7 +81595,7 @@ index 32f3372..254d5f3 100644
  
  	/*
  	 * We must make sure the anon_vma is allocated
-@@ -2121,6 +2410,15 @@ int expand_downwards(struct vm_area_struct *vma,
+@@ -2144,6 +2435,15 @@ int expand_downwards(struct vm_area_struct *vma,
  	if (error)
  		return error;
  
@@ -82882,7 +81611,7 @@ index 32f3372..254d5f3 100644
  	vma_lock_anon_vma(vma);
  
  	/*
-@@ -2130,9 +2428,17 @@ int expand_downwards(struct vm_area_struct *vma,
+@@ -2153,9 +2453,17 @@ int expand_downwards(struct vm_area_struct *vma,
  	 */
  
  	/* Somebody else might have raced and expanded it already */
@@ -82901,7 +81630,7 @@ index 32f3372..254d5f3 100644
  		size = vma->vm_end - address;
  		grow = (vma->vm_start - address) >> PAGE_SHIFT;
  
-@@ -2157,6 +2463,18 @@ int expand_downwards(struct vm_area_struct *vma,
+@@ -2180,6 +2488,18 @@ int expand_downwards(struct vm_area_struct *vma,
  				vma->vm_pgoff -= grow;
  				anon_vma_interval_tree_post_update_vma(vma);
  				vma_gap_update(vma);
@@ -82920,7 +81649,7 @@ index 32f3372..254d5f3 100644
  				spin_unlock(&vma->vm_mm->page_table_lock);
  
  				perf_event_mmap(vma);
-@@ -2263,6 +2581,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma)
+@@ -2284,6 +2604,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma)
  	do {
  		long nrpages = vma_pages(vma);
  
@@ -82934,7 +81663,7 @@ index 32f3372..254d5f3 100644
  		if (vma->vm_flags & VM_ACCOUNT)
  			nr_accounted += nrpages;
  		vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages);
-@@ -2308,6 +2633,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2329,6 +2656,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma,
  	insertion_point = (prev ? &prev->vm_next : &mm->mmap);
  	vma->vm_prev = NULL;
  	do {
@@ -82951,7 +81680,7 @@ index 32f3372..254d5f3 100644
  		vma_rb_erase(vma, &mm->mm_rb);
  		mm->map_count--;
  		tail_vma = vma;
-@@ -2339,14 +2674,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
+@@ -2360,14 +2697,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
  	struct vm_area_struct *new;
  	int err = -ENOMEM;
  
@@ -82985,7 +81714,7 @@ index 32f3372..254d5f3 100644
  	/* most fields are the same, copy all, and then fixup */
  	*new = *vma;
  
-@@ -2359,6 +2713,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
+@@ -2380,6 +2736,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
  		new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT);
  	}
  
@@ -83008,7 +81737,7 @@ index 32f3372..254d5f3 100644
  	pol = mpol_dup(vma_policy(vma));
  	if (IS_ERR(pol)) {
  		err = PTR_ERR(pol);
-@@ -2381,6 +2751,36 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
+@@ -2402,6 +2774,36 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
  	else
  		err = vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new);
  
@@ -83045,7 +81774,7 @@ index 32f3372..254d5f3 100644
  	/* Success. */
  	if (!err)
  		return 0;
-@@ -2390,10 +2790,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
+@@ -2411,10 +2813,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
  		new->vm_ops->close(new);
  	if (new->vm_file)
  		fput(new->vm_file);
@@ -83065,7 +81794,7 @@ index 32f3372..254d5f3 100644
  	kmem_cache_free(vm_area_cachep, new);
   out_err:
  	return err;
-@@ -2406,6 +2814,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
+@@ -2427,6 +2837,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
  int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
  	      unsigned long addr, int new_below)
  {
@@ -83081,7 +81810,7 @@ index 32f3372..254d5f3 100644
  	if (mm->map_count >= sysctl_max_map_count)
  		return -ENOMEM;
  
-@@ -2417,11 +2834,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2438,11 +2857,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
   * work.  This now handles partial unmappings.
   * Jeremy Fitzhardinge <jeremy@goop.org>
   */
@@ -83112,7 +81841,7 @@ index 32f3372..254d5f3 100644
  	if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start)
  		return -EINVAL;
  
-@@ -2496,6 +2932,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
+@@ -2517,6 +2955,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
  	/* Fix up all other VM information */
  	remove_vma_list(mm, vma);
  
@@ -83121,7 +81850,7 @@ index 32f3372..254d5f3 100644
  	return 0;
  }
  
-@@ -2504,6 +2942,13 @@ int vm_munmap(unsigned long start, size_t len)
+@@ -2525,6 +2965,13 @@ int vm_munmap(unsigned long start, size_t len)
  	int ret;
  	struct mm_struct *mm = current->mm;
  
@@ -83135,7 +81864,7 @@ index 32f3372..254d5f3 100644
  	down_write(&mm->mmap_sem);
  	ret = do_munmap(mm, start, len);
  	up_write(&mm->mmap_sem);
-@@ -2517,16 +2962,6 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len)
+@@ -2538,16 +2985,6 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len)
  	return vm_munmap(addr, len);
  }
  
@@ -83152,7 +81881,7 @@ index 32f3372..254d5f3 100644
  /*
   *  this is really a simplified "do_mmap".  it only handles
   *  anonymous maps.  eventually we may be able to do some
-@@ -2540,6 +2975,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
+@@ -2561,6 +2998,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
  	struct rb_node ** rb_link, * rb_parent;
  	pgoff_t pgoff = addr >> PAGE_SHIFT;
  	int error;
@@ -83160,7 +81889,7 @@ index 32f3372..254d5f3 100644
  
  	len = PAGE_ALIGN(len);
  	if (!len)
-@@ -2547,16 +2983,30 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
+@@ -2568,16 +3006,30 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
  
  	flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags;
  
@@ -83192,7 +81921,7 @@ index 32f3372..254d5f3 100644
  		locked += mm->locked_vm;
  		lock_limit = rlimit(RLIMIT_MEMLOCK);
  		lock_limit >>= PAGE_SHIFT;
-@@ -2573,21 +3023,20 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
+@@ -2594,21 +3046,20 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
  	/*
  	 * Clear old maps.  this also does some error checking for us
  	 */
@@ -83217,7 +81946,7 @@ index 32f3372..254d5f3 100644
  		return -ENOMEM;
  
  	/* Can we just expand an old private anonymous mapping? */
-@@ -2601,7 +3050,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
+@@ -2622,7 +3073,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
  	 */
  	vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
  	if (!vma) {
@@ -83226,22 +81955,20 @@ index 32f3372..254d5f3 100644
  		return -ENOMEM;
  	}
  
-@@ -2615,11 +3064,12 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
+@@ -2636,9 +3087,10 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
  	vma_link(mm, vma, prev, rb_link, rb_parent);
  out:
  	perf_event_mmap(vma);
 -	mm->total_vm += len >> PAGE_SHIFT;
 +	mm->total_vm += charged;
- 	if (flags & VM_LOCKED) {
- 		if (!mlock_vma_pages_range(vma, addr, addr + len))
--			mm->locked_vm += (len >> PAGE_SHIFT);
-+			mm->locked_vm += charged;
- 	}
+ 	if (flags & VM_LOCKED)
+-		mm->locked_vm += (len >> PAGE_SHIFT);
++		mm->locked_vm += charged;
 +	track_exec_limit(mm, addr, addr + len, flags);
  	return addr;
  }
  
-@@ -2677,6 +3127,7 @@ void exit_mmap(struct mm_struct *mm)
+@@ -2700,6 +3152,7 @@ void exit_mmap(struct mm_struct *mm)
  	while (vma) {
  		if (vma->vm_flags & VM_ACCOUNT)
  			nr_accounted += vma_pages(vma);
@@ -83249,7 +81976,7 @@ index 32f3372..254d5f3 100644
  		vma = remove_vma(vma);
  	}
  	vm_unacct_memory(nr_accounted);
-@@ -2693,6 +3144,13 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma)
+@@ -2716,6 +3169,13 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma)
  	struct vm_area_struct *prev;
  	struct rb_node **rb_link, *rb_parent;
  
@@ -83263,7 +81990,7 @@ index 32f3372..254d5f3 100644
  	/*
  	 * The vm_pgoff of a purely anonymous vma should be irrelevant
  	 * until its first write fault, when page's anon_vma and index
-@@ -2716,7 +3174,21 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma)
+@@ -2739,7 +3199,21 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma)
  	     security_vm_enough_memory_mm(mm, vma_pages(vma)))
  		return -ENOMEM;
  
@@ -83285,7 +82012,7 @@ index 32f3372..254d5f3 100644
  	return 0;
  }
  
-@@ -2736,6 +3208,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
+@@ -2759,6 +3233,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
  	struct mempolicy *pol;
  	bool faulted_in_anon_vma = true;
  
@@ -83294,7 +82021,7 @@ index 32f3372..254d5f3 100644
  	/*
  	 * If anonymous vma has not yet been faulted, update new pgoff
  	 * to match new location, to increase its chance of merging.
-@@ -2802,6 +3276,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
+@@ -2825,6 +3301,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
  	return NULL;
  }
  
@@ -83334,7 +82061,7 @@ index 32f3372..254d5f3 100644
  /*
   * Return true if the calling process may expand its vm space by the passed
   * number of pages
-@@ -2813,6 +3320,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages)
+@@ -2836,6 +3345,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages)
  
  	lim = rlimit(RLIMIT_AS) >> PAGE_SHIFT;
  
@@ -83342,7 +82069,7 @@ index 32f3372..254d5f3 100644
  	if (cur + npages > lim)
  		return 0;
  	return 1;
-@@ -2883,6 +3391,22 @@ int install_special_mapping(struct mm_struct *mm,
+@@ -2906,6 +3416,22 @@ int install_special_mapping(struct mm_struct *mm,
  	vma->vm_start = addr;
  	vma->vm_end = addr + len;
  
@@ -83366,13 +82093,14 @@ index 32f3372..254d5f3 100644
  	vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
  
 diff --git a/mm/mprotect.c b/mm/mprotect.c
-index 94722a4..9837984 100644
+index 94722a4..07d9926 100644
 --- a/mm/mprotect.c
 +++ b/mm/mprotect.c
-@@ -23,10 +23,17 @@
+@@ -23,10 +23,18 @@
  #include <linux/mmu_notifier.h>
  #include <linux/migrate.h>
  #include <linux/perf_event.h>
++#include <linux/sched/sysctl.h>
 +
 +#ifdef CONFIG_PAX_MPROTECT
 +#include <linux/elf.h>
@@ -83387,7 +82115,7 @@ index 94722a4..9837984 100644
  
  #ifndef pgprot_modify
  static inline pgprot_t pgprot_modify(pgprot_t oldprot, pgprot_t newprot)
-@@ -233,6 +240,48 @@ unsigned long change_protection(struct vm_area_struct *vma, unsigned long start,
+@@ -233,6 +241,48 @@ unsigned long change_protection(struct vm_area_struct *vma, unsigned long start,
  	return pages;
  }
  
@@ -83436,7 +82164,7 @@ index 94722a4..9837984 100644
  int
  mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev,
  	unsigned long start, unsigned long end, unsigned long newflags)
-@@ -245,11 +294,29 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev,
+@@ -245,11 +295,29 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev,
  	int error;
  	int dirty_accountable = 0;
  
@@ -83466,7 +82194,7 @@ index 94722a4..9837984 100644
  	/*
  	 * If we make a private mapping writable we increase our commit;
  	 * but (without finer accounting) cannot reduce our commit if we
-@@ -266,6 +333,42 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev,
+@@ -266,6 +334,42 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev,
  		}
  	}
  
@@ -83509,7 +82237,7 @@ index 94722a4..9837984 100644
  	/*
  	 * First try to merge with previous and/or next vma.
  	 */
-@@ -296,9 +399,21 @@ success:
+@@ -296,9 +400,21 @@ success:
  	 * vm_flags and vm_page_prot are protected by the mmap_sem
  	 * held in write mode.
  	 */
@@ -83532,7 +82260,7 @@ index 94722a4..9837984 100644
  
  	if (vma_wants_writenotify(vma)) {
  		vma->vm_page_prot = vm_get_page_prot(newflags & ~VM_SHARED);
-@@ -337,6 +452,17 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
+@@ -337,6 +453,17 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
  	end = start + len;
  	if (end <= start)
  		return -ENOMEM;
@@ -83550,7 +82278,7 @@ index 94722a4..9837984 100644
  	if (!arch_validate_prot(prot))
  		return -EINVAL;
  
-@@ -344,7 +470,7 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
+@@ -344,7 +471,7 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
  	/*
  	 * Does the application expect PROT_READ to imply PROT_EXEC:
  	 */
@@ -83559,7 +82287,7 @@ index 94722a4..9837984 100644
  		prot |= PROT_EXEC;
  
  	vm_flags = calc_vm_prot_bits(prot);
-@@ -376,6 +502,11 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
+@@ -376,6 +503,11 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
  	if (start > vma->vm_start)
  		prev = vma;
  
@@ -83571,7 +82299,7 @@ index 94722a4..9837984 100644
  	for (nstart = start ; ; ) {
  		unsigned long newflags;
  
-@@ -386,6 +517,14 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
+@@ -386,6 +518,14 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
  
  		/* newflags >> 4 shift VM_MAY% in place of VM_% */
  		if ((newflags & ~(newflags >> 4)) & (VM_READ | VM_WRITE | VM_EXEC)) {
@@ -83586,7 +82314,7 @@ index 94722a4..9837984 100644
  			error = -EACCES;
  			goto out;
  		}
-@@ -400,6 +539,9 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
+@@ -400,6 +540,9 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
  		error = mprotect_fixup(vma, &prev, nstart, tmp, newflags);
  		if (error)
  			goto out;
@@ -83597,10 +82325,10 @@ index 94722a4..9837984 100644
  
  		if (nstart < prev->vm_end)
 diff --git a/mm/mremap.c b/mm/mremap.c
-index e1031e1..1f2a0a1 100644
+index 463a257..c0c7a92 100644
 --- a/mm/mremap.c
 +++ b/mm/mremap.c
-@@ -125,6 +125,12 @@ static void move_ptes(struct vm_area_struct *vma, pmd_t *old_pmd,
+@@ -126,6 +126,12 @@ static void move_ptes(struct vm_area_struct *vma, pmd_t *old_pmd,
  			continue;
  		pte = ptep_get_and_clear(mm, old_addr, old_pte);
  		pte = move_pte(pte, new_vma->vm_page_prot, old_addr, new_addr);
@@ -83613,7 +82341,7 @@ index e1031e1..1f2a0a1 100644
  		set_pte_at(mm, new_addr, new_pte, pte);
  	}
  
-@@ -319,6 +325,11 @@ static struct vm_area_struct *vma_to_resize(unsigned long addr,
+@@ -318,6 +324,11 @@ static struct vm_area_struct *vma_to_resize(unsigned long addr,
  	if (is_vm_hugetlb_page(vma))
  		goto Einval;
  
@@ -83625,7 +82353,7 @@ index e1031e1..1f2a0a1 100644
  	/* We can't remap across vm area boundaries */
  	if (old_len > vma->vm_end - addr)
  		goto Efault;
-@@ -375,20 +386,25 @@ static unsigned long mremap_to(unsigned long addr,
+@@ -373,20 +384,25 @@ static unsigned long mremap_to(unsigned long addr, unsigned long old_len,
  	unsigned long ret = -EINVAL;
  	unsigned long charged = 0;
  	unsigned long map_flags;
@@ -83656,15 +82384,15 @@ index e1031e1..1f2a0a1 100644
  		goto out;
  
  	ret = do_munmap(mm, new_addr, new_len);
-@@ -456,6 +472,7 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len,
- 	struct vm_area_struct *vma;
+@@ -455,6 +471,7 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len,
  	unsigned long ret = -EINVAL;
  	unsigned long charged = 0;
+ 	bool locked = false;
 +	unsigned long pax_task_size = TASK_SIZE;
  
  	down_write(&current->mm->mmap_sem);
  
-@@ -476,6 +493,17 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len,
+@@ -475,6 +492,17 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len,
  	if (!new_len)
  		goto out;
  
@@ -83681,9 +82409,9 @@ index e1031e1..1f2a0a1 100644
 +
  	if (flags & MREMAP_FIXED) {
  		if (flags & MREMAP_MAYMOVE)
- 			ret = mremap_to(addr, old_len, new_addr, new_len);
+ 			ret = mremap_to(addr, old_len, new_addr, new_len,
 @@ -524,6 +552,7 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len,
- 						   addr + new_len);
+ 				new_addr = addr;
  			}
  			ret = addr;
 +			track_exec_limit(vma->vm_mm, vma->vm_start, addr + new_len, vma->vm_flags);
@@ -83695,7 +82423,7 @@ index e1031e1..1f2a0a1 100644
  		}
  
 +		map_flags = vma->vm_flags;
- 		ret = move_vma(vma, addr, old_len, new_len, new_addr);
+ 		ret = move_vma(vma, addr, old_len, new_len, new_addr, &locked);
 +		if (!(ret & ~PAGE_MASK)) {
 +			track_exec_limit(current->mm, addr, addr + old_len, 0UL);
 +			track_exec_limit(current->mm, new_addr, new_addr + new_len, map_flags);
@@ -83704,10 +82432,10 @@ index e1031e1..1f2a0a1 100644
  out:
  	if (ret & ~PAGE_MASK)
 diff --git a/mm/nommu.c b/mm/nommu.c
-index bbe1f3f..b2601ea 100644
+index e001768..9b52b30 100644
 --- a/mm/nommu.c
 +++ b/mm/nommu.c
-@@ -62,7 +62,6 @@ int sysctl_overcommit_memory = OVERCOMMIT_GUESS; /* heuristic overcommit */
+@@ -63,7 +63,6 @@ int sysctl_overcommit_memory = OVERCOMMIT_GUESS; /* heuristic overcommit */
  int sysctl_overcommit_ratio = 50; /* default is 50% */
  int sysctl_max_map_count = DEFAULT_MAX_MAP_COUNT;
  int sysctl_nr_trim_pages = CONFIG_NOMMU_INITIAL_TRIM_EXCESS;
@@ -83715,7 +82443,7 @@ index bbe1f3f..b2601ea 100644
  
  atomic_long_t mmap_pages_allocated;
  
-@@ -839,15 +838,6 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr)
+@@ -841,15 +840,6 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr)
  EXPORT_SYMBOL(find_vma);
  
  /*
@@ -83731,7 +82459,7 @@ index bbe1f3f..b2601ea 100644
   * expand a stack to a given address
   * - not supported under NOMMU conditions
   */
-@@ -1555,6 +1545,7 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -1560,6 +1550,7 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
  
  	/* most fields are the same, copy all, and then fixup */
  	*new = *vma;
@@ -83739,7 +82467,7 @@ index bbe1f3f..b2601ea 100644
  	*region = *vma->vm_region;
  	new->vm_region = region;
  
-@@ -1975,8 +1966,8 @@ int generic_file_remap_pages(struct vm_area_struct *vma, unsigned long addr,
+@@ -1992,8 +1983,8 @@ int generic_file_remap_pages(struct vm_area_struct *vma, unsigned long addr,
  }
  EXPORT_SYMBOL(generic_file_remap_pages);
  
@@ -83750,7 +82478,7 @@ index bbe1f3f..b2601ea 100644
  {
  	struct vm_area_struct *vma;
  
-@@ -2017,8 +2008,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
+@@ -2034,8 +2025,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
   *
   * The caller must hold a reference on @mm.
   */
@@ -83761,7 +82489,7 @@ index bbe1f3f..b2601ea 100644
  {
  	return __access_remote_vm(NULL, mm, addr, buf, len, write);
  }
-@@ -2027,7 +2018,7 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr,
+@@ -2044,7 +2035,7 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr,
   * Access another process' address space.
   * - source/target buffer must be kernel space
   */
@@ -83771,10 +82499,10 @@ index bbe1f3f..b2601ea 100644
  	struct mm_struct *mm;
  
 diff --git a/mm/page-writeback.c b/mm/page-writeback.c
-index 0713bfb..b95bb87 100644
+index efe6814..64b4701 100644
 --- a/mm/page-writeback.c
 +++ b/mm/page-writeback.c
-@@ -655,7 +655,7 @@ unsigned long bdi_dirty_limit(struct backing_dev_info *bdi, unsigned long dirty)
+@@ -659,7 +659,7 @@ unsigned long bdi_dirty_limit(struct backing_dev_info *bdi, unsigned long dirty)
   *   card's bdi_dirty may rush to many times higher than bdi_setpoint.
   * - the bdi dirty thresh drops quickly due to change of JBOD workload
   */
@@ -83783,7 +82511,7 @@ index 0713bfb..b95bb87 100644
  					unsigned long thresh,
  					unsigned long bg_thresh,
  					unsigned long dirty,
-@@ -1630,7 +1630,7 @@ ratelimit_handler(struct notifier_block *self, unsigned long action,
+@@ -1634,7 +1634,7 @@ ratelimit_handler(struct notifier_block *self, unsigned long action,
  	}
  }
  
@@ -83793,18 +82521,18 @@ index 0713bfb..b95bb87 100644
  	.next		= NULL,
  };
 diff --git a/mm/page_alloc.c b/mm/page_alloc.c
-index 6a83cd3..4cc7b16 100644
+index 8fcced7..ebcd481 100644
 --- a/mm/page_alloc.c
 +++ b/mm/page_alloc.c
-@@ -58,6 +58,7 @@
- #include <linux/prefetch.h>
+@@ -59,6 +59,7 @@
  #include <linux/migrate.h>
  #include <linux/page-debug-flags.h>
+ #include <linux/sched/rt.h>
 +#include <linux/random.h>
  
  #include <asm/tlbflush.h>
  #include <asm/div64.h>
-@@ -338,7 +339,7 @@ out:
+@@ -344,7 +345,7 @@ out:
   * This usage means that zero-order pages may not be compound.
   */
  
@@ -83813,7 +82541,7 @@ index 6a83cd3..4cc7b16 100644
  {
  	__free_pages_ok(page, compound_order(page));
  }
-@@ -693,6 +694,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order)
+@@ -701,6 +702,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order)
  	int i;
  	int bad = 0;
  
@@ -83824,7 +82552,7 @@ index 6a83cd3..4cc7b16 100644
  	trace_mm_page_free(page, order);
  	kmemcheck_free_shadow(page, order);
  
-@@ -708,6 +713,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order)
+@@ -716,6 +721,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order)
  		debug_check_no_obj_freed(page_address(page),
  					   PAGE_SIZE << order);
  	}
@@ -83837,7 +82565,7 @@ index 6a83cd3..4cc7b16 100644
  	arch_free_page(page, order);
  	kernel_map_pages(page, 1 << order, 0);
  
-@@ -730,6 +741,19 @@ static void __free_pages_ok(struct page *page, unsigned int order)
+@@ -738,6 +749,19 @@ static void __free_pages_ok(struct page *page, unsigned int order)
  	local_irq_restore(flags);
  }
  
@@ -83857,7 +82585,7 @@ index 6a83cd3..4cc7b16 100644
  /*
   * Read access to zone->managed_pages is safe because it's unsigned long,
   * but we still need to serialize writers. Currently all callers of
-@@ -752,6 +776,19 @@ void __meminit __free_pages_bootmem(struct page *page, unsigned int order)
+@@ -760,6 +784,19 @@ void __meminit __free_pages_bootmem(struct page *page, unsigned int order)
  		set_page_count(p, 0);
  	}
  
@@ -83877,7 +82605,7 @@ index 6a83cd3..4cc7b16 100644
  	page_zone(page)->managed_pages += 1 << order;
  	set_page_refcounted(page);
  	__free_pages(page, order);
-@@ -861,8 +898,10 @@ static int prep_new_page(struct page *page, int order, gfp_t gfp_flags)
+@@ -869,8 +906,10 @@ static int prep_new_page(struct page *page, int order, gfp_t gfp_flags)
  	arch_alloc_page(page, order);
  	kernel_map_pages(page, 1 << order, 1);
  
@@ -83953,7 +82681,7 @@ index fd26d04..0cea1b0 100644
  	if (!mm || IS_ERR(mm)) {
  		rc = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH;
 diff --git a/mm/rmap.c b/mm/rmap.c
-index 2c78f8c..9e9c624 100644
+index 807c96b..0e05279 100644
 --- a/mm/rmap.c
 +++ b/mm/rmap.c
 @@ -163,6 +163,10 @@ int anon_vma_prepare(struct vm_area_struct *vma)
@@ -84043,7 +82771,7 @@ index 2c78f8c..9e9c624 100644
  	struct anon_vma_chain *avc;
  	struct anon_vma *anon_vma;
 diff --git a/mm/shmem.c b/mm/shmem.c
-index efd0b3a..994b702 100644
+index 1c44af7..cefe9a6 100644
 --- a/mm/shmem.c
 +++ b/mm/shmem.c
 @@ -31,7 +31,7 @@
@@ -84064,7 +82792,7 @@ index efd0b3a..994b702 100644
  
  /*
   * shmem_fallocate and shmem_writepage communicate via inode->i_private
-@@ -2202,6 +2202,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = {
+@@ -2201,6 +2201,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = {
  static int shmem_xattr_validate(const char *name)
  {
  	struct { const char *prefix; size_t len; } arr[] = {
@@ -84076,7 +82804,7 @@ index efd0b3a..994b702 100644
  		{ XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN },
  		{ XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN }
  	};
-@@ -2257,6 +2262,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name,
+@@ -2256,6 +2261,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name,
  	if (err)
  		return err;
  
@@ -84092,7 +82820,7 @@ index efd0b3a..994b702 100644
  	return simple_xattr_set(&info->xattrs, name, value, size, flags);
  }
  
-@@ -2562,8 +2576,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent)
+@@ -2568,8 +2582,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent)
  	int err = -ENOMEM;
  
  	/* Round up to L1_CACHE_BYTES to resist false sharing */
@@ -84103,7 +82831,7 @@ index efd0b3a..994b702 100644
  		return -ENOMEM;
  
 diff --git a/mm/slab.c b/mm/slab.c
-index e7667a3..a48e73b 100644
+index 856e4a1..fafb820 100644
 --- a/mm/slab.c
 +++ b/mm/slab.c
 @@ -306,7 +306,7 @@ struct kmem_list3 {
@@ -84384,7 +83112,7 @@ index 3f3cd97..93b0236 100644
  }
  
 diff --git a/mm/slob.c b/mm/slob.c
-index a99fdf7..6ee34ec 100644
+index eeed4a0..6ee34ec 100644
 --- a/mm/slob.c
 +++ b/mm/slob.c
 @@ -157,7 +157,7 @@ static void set_slob(slob_t *s, slobidx_t size, slob_t *next)
@@ -84470,7 +83198,7 @@ index a99fdf7..6ee34ec 100644
  			clear_slob_page_free(sp);
  		spin_unlock_irqrestore(&slob_lock, flags);
 -		__ClearPageSlab(sp);
--		reset_page_mapcount(sp);
+-		page_mapcount_reset(sp);
 -		slob_free_pages(b, 0);
 +		slob_free_pages(sp, 0);
  		return;
@@ -84747,7 +83475,7 @@ index a99fdf7..6ee34ec 100644
  EXPORT_SYMBOL(kmem_cache_free);
  
 diff --git a/mm/slub.c b/mm/slub.c
-index ba2ca53..991c4f7 100644
+index 4aec537..a64753d 100644
 --- a/mm/slub.c
 +++ b/mm/slub.c
 @@ -197,7 +197,7 @@ struct track {
@@ -85038,20 +83766,20 @@ index 1b7e22a..3fcd4f3 100644
  	return pgd;
  }
 diff --git a/mm/sparse.c b/mm/sparse.c
-index 6b5fb76..db0c190 100644
+index 7ca6dc8..6472aa1 100644
 --- a/mm/sparse.c
 +++ b/mm/sparse.c
-@@ -782,7 +782,7 @@ static void clear_hwpoisoned_pages(struct page *memmap, int nr_pages)
+@@ -783,7 +783,7 @@ static void clear_hwpoisoned_pages(struct page *memmap, int nr_pages)
  
  	for (i = 0; i < PAGES_PER_SECTION; i++) {
  		if (PageHWPoison(&memmap[i])) {
--			atomic_long_sub(1, &mce_bad_pages);
-+			atomic_long_sub_unchecked(1, &mce_bad_pages);
+-			atomic_long_sub(1, &num_poisoned_pages);
++			atomic_long_sub_unchecked(1, &num_poisoned_pages);
  			ClearPageHWPoison(&memmap[i]);
  		}
  	}
 diff --git a/mm/swap.c b/mm/swap.c
-index 6310dc2..3662b3f 100644
+index 8a529a0..154ef26 100644
 --- a/mm/swap.c
 +++ b/mm/swap.c
 @@ -30,6 +30,7 @@
@@ -85072,10 +83800,10 @@ index 6310dc2..3662b3f 100644
  }
  
 diff --git a/mm/swapfile.c b/mm/swapfile.c
-index e97a0e5..b50e796 100644
+index a1f7772..9e982ac 100644
 --- a/mm/swapfile.c
 +++ b/mm/swapfile.c
-@@ -64,7 +64,7 @@ static DEFINE_MUTEX(swapon_mutex);
+@@ -66,7 +66,7 @@ static DEFINE_MUTEX(swapon_mutex);
  
  static DECLARE_WAIT_QUEUE_HEAD(proc_poll_wait);
  /* Activity counter to indicate that a swapon or swapoff has occurred */
@@ -85084,7 +83812,7 @@ index e97a0e5..b50e796 100644
  
  static inline unsigned char swap_count(unsigned char ent)
  {
-@@ -1608,7 +1608,7 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile)
+@@ -1683,7 +1683,7 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile)
  	}
  	filp_close(swap_file, NULL);
  	err = 0;
@@ -85093,7 +83821,7 @@ index e97a0e5..b50e796 100644
  	wake_up_interruptible(&proc_poll_wait);
  
  out_dput:
-@@ -1625,8 +1625,8 @@ static unsigned swaps_poll(struct file *file, poll_table *wait)
+@@ -1700,8 +1700,8 @@ static unsigned swaps_poll(struct file *file, poll_table *wait)
  
  	poll_wait(file, &proc_poll_wait, wait);
  
@@ -85104,7 +83832,7 @@ index e97a0e5..b50e796 100644
  		return POLLIN | POLLRDNORM | POLLERR | POLLPRI;
  	}
  
-@@ -1724,7 +1724,7 @@ static int swaps_open(struct inode *inode, struct file *file)
+@@ -1799,7 +1799,7 @@ static int swaps_open(struct inode *inode, struct file *file)
  		return ret;
  
  	seq = file->private_data;
@@ -85113,7 +83841,7 @@ index e97a0e5..b50e796 100644
  	return 0;
  }
  
-@@ -2066,7 +2066,7 @@ SYSCALL_DEFINE2(swapon, const char __user *, specialfile, int, swap_flags)
+@@ -2142,7 +2142,7 @@ SYSCALL_DEFINE2(swapon, const char __user *, specialfile, int, swap_flags)
  		(frontswap_map) ? "FS" : "");
  
  	mutex_unlock(&swapon_mutex);
@@ -85123,10 +83851,10 @@ index e97a0e5..b50e796 100644
  
  	if (S_ISREG(inode->i_mode))
 diff --git a/mm/util.c b/mm/util.c
-index c55e26b..3f913a9 100644
+index ab1424d..7c5bd5a 100644
 --- a/mm/util.c
 +++ b/mm/util.c
-@@ -292,6 +292,12 @@ done:
+@@ -294,6 +294,12 @@ done:
  void arch_pick_mmap_layout(struct mm_struct *mm)
  {
  	mm->mmap_base = TASK_UNMAPPED_BASE;
@@ -85140,7 +83868,7 @@ index c55e26b..3f913a9 100644
  	mm->unmap_area = arch_unmap_area;
  }
 diff --git a/mm/vmalloc.c b/mm/vmalloc.c
-index 5123a16..f234a48 100644
+index 0f751f2..ef398a0 100644
 --- a/mm/vmalloc.c
 +++ b/mm/vmalloc.c
 @@ -39,8 +39,19 @@ static void vunmap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end)
@@ -85278,7 +84006,7 @@ index 5123a16..f234a48 100644
  	if (flags & VM_IOREMAP) {
  		int bit = fls(size);
  
-@@ -1568,6 +1617,11 @@ void *vmap(struct page **pages, unsigned int count,
+@@ -1569,6 +1618,11 @@ void *vmap(struct page **pages, unsigned int count,
  	if (count > totalram_pages)
  		return NULL;
  
@@ -85290,7 +84018,7 @@ index 5123a16..f234a48 100644
  	area = get_vm_area_caller((count << PAGE_SHIFT), flags,
  					__builtin_return_address(0));
  	if (!area)
-@@ -1669,6 +1723,13 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align,
+@@ -1670,6 +1724,13 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align,
  	if (!size || (size >> PAGE_SHIFT) > totalram_pages)
  		goto fail;
  
@@ -85304,7 +84032,7 @@ index 5123a16..f234a48 100644
  	area = __get_vm_area_node(size, align, VM_ALLOC | VM_UNLIST,
  				  start, end, node, gfp_mask, caller);
  	if (!area)
-@@ -1842,10 +1903,9 @@ EXPORT_SYMBOL(vzalloc_node);
+@@ -1845,10 +1906,9 @@ EXPORT_SYMBOL(vzalloc_node);
   *	For tight control over page level allocator and protection flags
   *	use __vmalloc() instead.
   */
@@ -85313,10 +84041,10 @@ index 5123a16..f234a48 100644
  {
 -	return __vmalloc_node(size, 1, GFP_KERNEL | __GFP_HIGHMEM, PAGE_KERNEL_EXEC,
 +	return __vmalloc_node(size, 1, GFP_KERNEL | __GFP_HIGHMEM | __GFP_ZERO, PAGE_KERNEL_EXEC,
- 			      -1, __builtin_return_address(0));
+ 			      NUMA_NO_NODE, __builtin_return_address(0));
  }
  
-@@ -2136,6 +2196,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr,
+@@ -2139,6 +2199,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr,
  	unsigned long uaddr = vma->vm_start;
  	unsigned long usize = vma->vm_end - vma->vm_start;
  
@@ -85325,7 +84053,7 @@ index 5123a16..f234a48 100644
  	if ((PAGE_SIZE-1) & (unsigned long)addr)
  		return -EINVAL;
  
-@@ -2575,7 +2637,11 @@ static int s_show(struct seq_file *m, void *p)
+@@ -2578,7 +2640,11 @@ static int s_show(struct seq_file *m, void *p)
  		v->addr, v->addr + v->size, v->size);
  
  	if (v->caller)
@@ -85338,7 +84066,7 @@ index 5123a16..f234a48 100644
  	if (v->nr_pages)
  		seq_printf(m, " pages=%d", v->nr_pages);
 diff --git a/mm/vmstat.c b/mm/vmstat.c
-index 9800306..76b4b27 100644
+index e1d8ed1..253fa3c 100644
 --- a/mm/vmstat.c
 +++ b/mm/vmstat.c
 @@ -78,7 +78,7 @@ void vm_events_fold_cpu(int cpu)
@@ -85379,7 +84107,7 @@ index 9800306..76b4b27 100644
  		}
  }
  #endif
-@@ -1223,7 +1223,7 @@ static int __cpuinit vmstat_cpuup_callback(struct notifier_block *nfb,
+@@ -1224,7 +1224,7 @@ static int __cpuinit vmstat_cpuup_callback(struct notifier_block *nfb,
  	return NOTIFY_OK;
  }
  
@@ -85388,7 +84116,7 @@ index 9800306..76b4b27 100644
  	{ &vmstat_cpuup_callback, NULL, 0 };
  #endif
  
-@@ -1238,10 +1238,20 @@ static int __init setup_vmstat(void)
+@@ -1239,10 +1239,20 @@ static int __init setup_vmstat(void)
  		start_cpu_timer(cpu);
  #endif
  #ifdef CONFIG_PROC_FS
@@ -85414,10 +84142,10 @@ index 9800306..76b4b27 100644
  	return 0;
  }
 diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c
-index acc74ad..be02639 100644
+index 85addcd..c429a13 100644
 --- a/net/8021q/vlan.c
 +++ b/net/8021q/vlan.c
-@@ -108,6 +108,13 @@ void unregister_vlan_dev(struct net_device *dev, struct list_head *head)
+@@ -114,6 +114,13 @@ void unregister_vlan_dev(struct net_device *dev, struct list_head *head)
  	if (vlan_id)
  		vlan_vid_del(real_dev, vlan_id);
  
@@ -85431,7 +84159,7 @@ index acc74ad..be02639 100644
  	/* Get rid of the vlan's reference to real_dev */
  	dev_put(real_dev);
  }
-@@ -485,7 +492,7 @@ out:
+@@ -496,7 +503,7 @@ out:
  	return NOTIFY_DONE;
  }
  
@@ -85440,7 +84168,7 @@ index acc74ad..be02639 100644
  	.notifier_call = vlan_device_event,
  };
  
-@@ -560,8 +567,7 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg)
+@@ -571,8 +578,7 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg)
  		err = -EPERM;
  		if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
  			break;
@@ -85539,7 +84267,7 @@ index a86aff9..3a0d6f6 100644
  /*
   * ATM LAN Emulation supports both LLC & Dix Ethernet EtherType
 diff --git a/net/atm/proc.c b/net/atm/proc.c
-index 0d020de..011c7bb 100644
+index 6ac35ff..ac0e136 100644
 --- a/net/atm/proc.c
 +++ b/net/atm/proc.c
 @@ -45,9 +45,9 @@ static void add_stats(struct seq_file *seq, const char *aal,
@@ -85591,7 +84319,7 @@ index d5744b7..506bae3 100644
  	table = kmemdup(ax25_param_table, sizeof(ax25_param_table), GFP_KERNEL);
  	if (!table)
 diff --git a/net/batman-adv/bat_iv_ogm.c b/net/batman-adv/bat_iv_ogm.c
-index 1ee94d0..14beea2 100644
+index a5bb0a7..e1d8b97 100644
 --- a/net/batman-adv/bat_iv_ogm.c
 +++ b/net/batman-adv/bat_iv_ogm.c
 @@ -63,7 +63,7 @@ static int batadv_iv_ogm_iface_enable(struct batadv_hard_iface *hard_iface)
@@ -85603,7 +84331,7 @@ index 1ee94d0..14beea2 100644
  
  	hard_iface->bat_iv.ogm_buff_len = BATADV_OGM_HLEN;
  	ogm_buff = kmalloc(hard_iface->bat_iv.ogm_buff_len, GFP_ATOMIC);
-@@ -615,9 +615,9 @@ static void batadv_iv_ogm_schedule(struct batadv_hard_iface *hard_iface)
+@@ -611,9 +611,9 @@ static void batadv_iv_ogm_schedule(struct batadv_hard_iface *hard_iface)
  	batadv_ogm_packet = (struct batadv_ogm_packet *)(*ogm_buff);
  
  	/* change sequence number to network order */
@@ -85615,7 +84343,7 @@ index 1ee94d0..14beea2 100644
  
  	batadv_ogm_packet->ttvn = atomic_read(&bat_priv->tt.vn);
  	batadv_ogm_packet->tt_crc = htons(bat_priv->tt.local_crc);
-@@ -1022,7 +1022,7 @@ static void batadv_iv_ogm_process(const struct ethhdr *ethhdr,
+@@ -1013,7 +1013,7 @@ static void batadv_iv_ogm_process(const struct ethhdr *ethhdr,
  		return;
  
  	/* could be changed by schedule_own_packet() */
@@ -85625,7 +84353,7 @@ index 1ee94d0..14beea2 100644
  	if (batadv_ogm_packet->flags & BATADV_DIRECTLINK)
  		has_directlink_flag = 1;
 diff --git a/net/batman-adv/hard-interface.c b/net/batman-adv/hard-interface.c
-index f1d37cd..4190879 100644
+index 368219e..53f56f9 100644
 --- a/net/batman-adv/hard-interface.c
 +++ b/net/batman-adv/hard-interface.c
 @@ -370,7 +370,7 @@ int batadv_hardif_enable_interface(struct batadv_hard_iface *hard_iface,
@@ -85637,7 +84365,7 @@ index f1d37cd..4190879 100644
  	batadv_info(hard_iface->soft_iface, "Adding interface: %s\n",
  		    hard_iface->net_dev->name);
  
-@@ -493,7 +493,7 @@ batadv_hardif_add_interface(struct net_device *net_dev)
+@@ -514,7 +514,7 @@ batadv_hardif_add_interface(struct net_device *net_dev)
  	/* This can't be called via a bat_priv callback because
  	 * we have no bat_priv yet.
  	 */
@@ -85647,7 +84375,7 @@ index f1d37cd..4190879 100644
  
  	return hard_iface;
 diff --git a/net/batman-adv/soft-interface.c b/net/batman-adv/soft-interface.c
-index 6b548fd..fc32c8d 100644
+index 2711e87..4ca48fa 100644
 --- a/net/batman-adv/soft-interface.c
 +++ b/net/batman-adv/soft-interface.c
 @@ -252,7 +252,7 @@ static int batadv_interface_tx(struct sk_buff *skb,
@@ -85659,7 +84387,7 @@ index 6b548fd..fc32c8d 100644
  		bcast_packet->seqno = htonl(seqno);
  
  		batadv_add_bcast_packet_to_list(bat_priv, skb, brd_delay);
-@@ -497,7 +497,7 @@ struct net_device *batadv_softif_create(const char *name)
+@@ -527,7 +527,7 @@ struct net_device *batadv_softif_create(const char *name)
  	atomic_set(&bat_priv->batman_queue_left, BATADV_BATMAN_QUEUE_LEN);
  
  	atomic_set(&bat_priv->mesh_state, BATADV_MESH_INACTIVE);
@@ -85669,10 +84397,10 @@ index 6b548fd..fc32c8d 100644
  	atomic_set(&bat_priv->tt.local_changes, 0);
  	atomic_set(&bat_priv->tt.ogm_append_cnt, 0);
 diff --git a/net/batman-adv/types.h b/net/batman-adv/types.h
-index ae9ac9a..11e0fe7 100644
+index 4cd87a0..348e705 100644
 --- a/net/batman-adv/types.h
 +++ b/net/batman-adv/types.h
-@@ -48,7 +48,7 @@
+@@ -51,7 +51,7 @@
  struct batadv_hard_iface_bat_iv {
  	unsigned char *ogm_buff;
  	int ogm_buff_len;
@@ -85680,8 +84408,8 @@ index ae9ac9a..11e0fe7 100644
 +	atomic_unchecked_t ogm_seqno;
  };
  
- struct batadv_hard_iface {
-@@ -56,7 +56,7 @@ struct batadv_hard_iface {
+ /**
+@@ -75,7 +75,7 @@ struct batadv_hard_iface {
  	int16_t if_num;
  	char if_status;
  	struct net_device *net_dev;
@@ -85690,20 +84418,20 @@ index ae9ac9a..11e0fe7 100644
  	struct kobject *hardif_obj;
  	atomic_t refcount;
  	struct packet_type batman_adv_ptype;
-@@ -284,7 +284,7 @@ struct batadv_priv {
- 	atomic_t orig_interval;		/* uint */
- 	atomic_t hop_penalty;		/* uint */
- 	atomic_t log_level;		/* uint */
+@@ -495,7 +495,7 @@ struct batadv_priv {
+ #ifdef CONFIG_BATMAN_ADV_DEBUG
+ 	atomic_t log_level;
+ #endif
 -	atomic_t bcast_seqno;
 +	atomic_unchecked_t bcast_seqno;
  	atomic_t bcast_queue_left;
  	atomic_t batman_queue_left;
  	char num_ifaces;
 diff --git a/net/batman-adv/unicast.c b/net/batman-adv/unicast.c
-index 10aff49..ea8e021 100644
+index 50e079f..49ce2d2 100644
 --- a/net/batman-adv/unicast.c
 +++ b/net/batman-adv/unicast.c
-@@ -272,7 +272,7 @@ int batadv_frag_send_skb(struct sk_buff *skb, struct batadv_priv *bat_priv,
+@@ -270,7 +270,7 @@ int batadv_frag_send_skb(struct sk_buff *skb, struct batadv_priv *bat_priv,
  	frag1->flags = BATADV_UNI_FRAG_HEAD | large_tail;
  	frag2->flags = large_tail;
  
@@ -85713,10 +84441,10 @@ index 10aff49..ea8e021 100644
  	frag2->seqno = htons(seqno);
  
 diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
-index 07f0739..3c42e34 100644
+index 6a93614..1415549 100644
 --- a/net/bluetooth/hci_sock.c
 +++ b/net/bluetooth/hci_sock.c
-@@ -934,7 +934,7 @@ static int hci_sock_setsockopt(struct socket *sock, int level, int optname,
+@@ -929,7 +929,7 @@ static int hci_sock_setsockopt(struct socket *sock, int level, int optname,
  			uf.event_mask[1] = *((u32 *) f->event_mask + 1);
  		}
  
@@ -85726,10 +84454,10 @@ index 07f0739..3c42e34 100644
  			err = -EFAULT;
  			break;
 diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
-index 22e6583..426e2f3 100644
+index 7c7e932..7a7815d 100644
 --- a/net/bluetooth/l2cap_core.c
 +++ b/net/bluetooth/l2cap_core.c
-@@ -3400,8 +3400,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len,
+@@ -3395,8 +3395,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len,
  			break;
  
  		case L2CAP_CONF_RFC:
@@ -85794,10 +84522,10 @@ index 1bcfb84..dad9f98 100644
  			err = -EFAULT;
  			break;
 diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
-index 970fc13..cf0161d 100644
+index 7c9224b..381009e 100644
 --- a/net/bluetooth/rfcomm/sock.c
 +++ b/net/bluetooth/rfcomm/sock.c
-@@ -668,7 +668,7 @@ static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, c
+@@ -666,7 +666,7 @@ static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, c
  	struct sock *sk = sock->sk;
  	struct bt_security sec;
  	int err = 0;
@@ -85806,7 +84534,7 @@ index 970fc13..cf0161d 100644
  	u32 opt;
  
  	BT_DBG("sk %p", sk);
-@@ -690,7 +690,7 @@ static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, c
+@@ -688,7 +688,7 @@ static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, c
  
  		sec.level = BT_SECURITY_LOW;
  
@@ -85816,7 +84544,7 @@ index 970fc13..cf0161d 100644
  			err = -EFAULT;
  			break;
 diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c
-index bd6fd0f..6492cba 100644
+index b6e44ad..5b0d514 100644
 --- a/net/bluetooth/rfcomm/tty.c
 +++ b/net/bluetooth/rfcomm/tty.c
 @@ -309,7 +309,7 @@ static void rfcomm_dev_del(struct rfcomm_dev *dev)
@@ -85828,7 +84556,7 @@ index bd6fd0f..6492cba 100644
  		spin_unlock_irqrestore(&dev->port.lock, flags);
  		return;
  	}
-@@ -664,10 +664,10 @@ static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp)
+@@ -659,10 +659,10 @@ static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp)
  		return -ENODEV;
  
  	BT_DBG("dev %p dst %pMR channel %d opened %d", dev, &dev->dst,
@@ -85841,7 +84569,7 @@ index bd6fd0f..6492cba 100644
  		spin_unlock_irqrestore(&dev->port.lock, flags);
  		return 0;
  	}
-@@ -732,10 +732,10 @@ static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp)
+@@ -727,10 +727,10 @@ static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp)
  		return;
  
  	BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc,
@@ -85854,24 +84582,11 @@ index bd6fd0f..6492cba 100644
  		spin_unlock_irqrestore(&dev->port.lock, flags);
  		if (dev->tty_dev->parent)
  			device_move(dev->tty_dev, NULL, DPM_ORDER_DEV_LAST);
-diff --git a/net/bridge/br_fdb.c b/net/bridge/br_fdb.c
-index d9576e6..85f4f4e 100644
---- a/net/bridge/br_fdb.c
-+++ b/net/bridge/br_fdb.c
-@@ -386,7 +386,7 @@ static int fdb_insert(struct net_bridge *br, struct net_bridge_port *source,
- 			return 0;
- 		br_warn(br, "adding interface %s with same address "
- 		       "as a received packet\n",
--		       source->dev->name);
-+		       source ? source->dev->name : br->dev->name);
- 		fdb_delete(br, fdb);
- 	}
- 
 diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
-index 5fe2ff3..121d696 100644
+index 8d493c9..3849e49 100644
 --- a/net/bridge/netfilter/ebtables.c
 +++ b/net/bridge/netfilter/ebtables.c
-@@ -1523,7 +1523,7 @@ static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
+@@ -1525,7 +1525,7 @@ static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
  			tmp.valid_hooks = t->table->valid_hooks;
  		}
  		mutex_unlock(&ebt_mutex);
@@ -85880,7 +84595,7 @@ index 5fe2ff3..121d696 100644
  			BUGPRINT("c2u Didn't work\n");
  			ret = -EFAULT;
  			break;
-@@ -2327,7 +2327,7 @@ static int compat_do_ebt_get_ctl(struct sock *sk, int cmd,
+@@ -2331,7 +2331,7 @@ static int compat_do_ebt_get_ctl(struct sock *sk, int cmd,
  			goto out;
  		tmp.valid_hooks = t->valid_hooks;
  
@@ -85889,7 +84604,7 @@ index 5fe2ff3..121d696 100644
  			ret = -EFAULT;
  			break;
  		}
-@@ -2338,7 +2338,7 @@ static int compat_do_ebt_get_ctl(struct sock *sk, int cmd,
+@@ -2342,7 +2342,7 @@ static int compat_do_ebt_get_ctl(struct sock *sk, int cmd,
  		tmp.entries_size = t->table->entries_size;
  		tmp.valid_hooks = t->table->valid_hooks;
  
@@ -85942,10 +84657,10 @@ index a376ec1..1fbd6be 100644
  			list_del(&p->list);
  			goto out;
 diff --git a/net/can/af_can.c b/net/can/af_can.c
-index ddac1ee..3ee0a78 100644
+index c48e522..1223690 100644
 --- a/net/can/af_can.c
 +++ b/net/can/af_can.c
-@@ -872,7 +872,7 @@ static const struct net_proto_family can_family_ops = {
+@@ -870,7 +870,7 @@ static const struct net_proto_family can_family_ops = {
  };
  
  /* notifier block for netdevice event */
@@ -85955,18 +84670,18 @@ index ddac1ee..3ee0a78 100644
  };
  
 diff --git a/net/can/gw.c b/net/can/gw.c
-index 28e7bdc..d42c4cd 100644
+index 117814a..ad4fb73 100644
 --- a/net/can/gw.c
 +++ b/net/can/gw.c
-@@ -67,7 +67,6 @@ MODULE_AUTHOR("Oliver Hartkopp <oliver.hartkopp@volkswagen.de>");
- MODULE_ALIAS("can-gw");
+@@ -80,7 +80,6 @@ MODULE_PARM_DESC(max_hops,
+ 		 "default: " __stringify(CGW_DEFAULT_HOPS) ")");
  
  static HLIST_HEAD(cgw_list);
 -static struct notifier_block notifier;
  
  static struct kmem_cache *cgw_cache __read_mostly;
  
-@@ -893,6 +892,10 @@ static int cgw_remove_job(struct sk_buff *skb,  struct nlmsghdr *nlh, void *arg)
+@@ -928,6 +927,10 @@ static int cgw_remove_job(struct sk_buff *skb,  struct nlmsghdr *nlh, void *arg)
  	return err;
  }
  
@@ -85976,8 +84691,8 @@ index 28e7bdc..d42c4cd 100644
 +
  static __init int cgw_module_init(void)
  {
- 	printk(banner);
-@@ -904,7 +907,6 @@ static __init int cgw_module_init(void)
+ 	/* sanitize given module parameter */
+@@ -943,7 +946,6 @@ static __init int cgw_module_init(void)
  		return -ENOMEM;
  
  	/* set notifier */
@@ -86139,24 +84854,10 @@ index 368f9c3..f82d4a3 100644
  
  	return err;
 diff --git a/net/core/dev.c b/net/core/dev.c
-index d592214..2764363 100644
+index b24ab0e9..1c424bc 100644
 --- a/net/core/dev.c
 +++ b/net/core/dev.c
-@@ -1250,9 +1250,13 @@ void dev_load(struct net *net, const char *name)
- 	if (no_module && capable(CAP_NET_ADMIN))
- 		no_module = request_module("netdev-%s", name);
- 	if (no_module && capable(CAP_SYS_MODULE)) {
-+#ifdef CONFIG_GRKERNSEC_MODHARDEN
-+		___request_module(true, "grsec_modharden_netdev", "%s", name);
-+#else
- 		if (!request_module("%s", name))
- 			pr_warn("Loading kernel module for a network device with CAP_SYS_MODULE (deprecated).  Use CAP_NET_ADMIN and alias netdev-%s instead.\n",
- 				name);
-+#endif
- 	}
- }
- EXPORT_SYMBOL(dev_load);
-@@ -1714,7 +1718,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
+@@ -1617,7 +1617,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
  {
  	if (skb_shinfo(skb)->tx_flags & SKBTX_DEV_ZEROCOPY) {
  		if (skb_copy_ubufs(skb, GFP_ATOMIC)) {
@@ -86165,8 +84866,8 @@ index d592214..2764363 100644
  			kfree_skb(skb);
  			return NET_RX_DROP;
  		}
-@@ -1724,7 +1728,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
- 	nf_reset(skb);
+@@ -1626,7 +1626,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
+ 	skb_orphan(skb);
  
  	if (unlikely(!is_skb_forwardable(dev, skb))) {
 -		atomic_long_inc(&dev->rx_dropped);
@@ -86174,7 +84875,7 @@ index d592214..2764363 100644
  		kfree_skb(skb);
  		return NET_RX_DROP;
  	}
-@@ -2183,7 +2187,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb)
+@@ -2351,7 +2351,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb)
  
  struct dev_gso_cb {
  	void (*destructor)(struct sk_buff *skb);
@@ -86183,7 +84884,7 @@ index d592214..2764363 100644
  
  #define DEV_GSO_CB(skb) ((struct dev_gso_cb *)(skb)->cb)
  
-@@ -3056,7 +3060,7 @@ enqueue:
+@@ -3093,7 +3093,7 @@ enqueue:
  
  	local_irq_restore(flags);
  
@@ -86192,7 +84893,7 @@ index d592214..2764363 100644
  	kfree_skb(skb);
  	return NET_RX_DROP;
  }
-@@ -3128,7 +3132,7 @@ int netif_rx_ni(struct sk_buff *skb)
+@@ -3165,7 +3165,7 @@ int netif_rx_ni(struct sk_buff *skb)
  }
  EXPORT_SYMBOL(netif_rx_ni);
  
@@ -86201,7 +84902,7 @@ index d592214..2764363 100644
  {
  	struct softnet_data *sd = &__get_cpu_var(softnet_data);
  
-@@ -3466,7 +3470,7 @@ ncls:
+@@ -3490,7 +3490,7 @@ ncls:
  			ret = pt_prev->func(skb, skb->dev, pt_prev, orig_dev);
  	} else {
  drop:
@@ -86210,7 +84911,7 @@ index d592214..2764363 100644
  		kfree_skb(skb);
  		/* Jamal, now you will not able to escape explaining
  		 * me how you were going to use this. :-)
-@@ -4049,7 +4053,7 @@ void netif_napi_del(struct napi_struct *napi)
+@@ -4095,7 +4095,7 @@ void netif_napi_del(struct napi_struct *napi)
  }
  EXPORT_SYMBOL(netif_napi_del);
  
@@ -86219,21 +84920,7 @@ index d592214..2764363 100644
  {
  	struct softnet_data *sd = &__get_cpu_var(softnet_data);
  	unsigned long time_limit = jiffies + 2;
-@@ -4533,8 +4537,13 @@ static int ptype_seq_show(struct seq_file *seq, void *v)
- 		else
- 			seq_printf(seq, "%04x", ntohs(pt->type));
- 
-+#ifdef CONFIG_GRKERNSEC_HIDESYM
-+		seq_printf(seq, " %-8s %p\n",
-+			   pt->dev ? pt->dev->name : "", NULL);
-+#else
- 		seq_printf(seq, " %-8s %pF\n",
- 			   pt->dev ? pt->dev->name : "", pt->func);
-+#endif
- 	}
- 
- 	return 0;
-@@ -6106,7 +6115,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
+@@ -5522,7 +5522,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
  	} else {
  		netdev_stats_to_stats64(storage, &dev->stats);
  	}
@@ -86242,8 +84929,26 @@ index d592214..2764363 100644
  	return storage;
  }
  EXPORT_SYMBOL(dev_get_stats);
+diff --git a/net/core/dev_ioctl.c b/net/core/dev_ioctl.c
+index 6cc0481..59cfb00 100644
+--- a/net/core/dev_ioctl.c
++++ b/net/core/dev_ioctl.c
+@@ -376,9 +376,13 @@ void dev_load(struct net *net, const char *name)
+ 	if (no_module && capable(CAP_NET_ADMIN))
+ 		no_module = request_module("netdev-%s", name);
+ 	if (no_module && capable(CAP_SYS_MODULE)) {
++#ifdef CONFIG_GRKERNSEC_MODHARDEN
++		___request_module(true, "grsec_modharden_netdev", "%s", name);
++#else
+ 		if (!request_module("%s", name))
+ 			pr_warn("Loading kernel module for a network device with CAP_SYS_MODULE (deprecated).  Use CAP_NET_ADMIN and alias netdev-%s instead.\n",
+ 				name);
++#endif
+ 	}
+ }
+ EXPORT_SYMBOL(dev_load);
 diff --git a/net/core/flow.c b/net/core/flow.c
-index 3bad824..2071a55 100644
+index 2bfd081..53c6058 100644
 --- a/net/core/flow.c
 +++ b/net/core/flow.c
 @@ -61,7 +61,7 @@ struct flow_cache {
@@ -86264,7 +84969,7 @@ index 3bad824..2071a55 100644
  		return 0;
  	if (fle->object && !fle->object->ops->check(fle->object))
  		return 0;
-@@ -259,7 +259,7 @@ flow_cache_lookup(struct net *net, const struct flowi *key, u16 family, u8 dir,
+@@ -258,7 +258,7 @@ flow_cache_lookup(struct net *net, const struct flowi *key, u16 family, u8 dir,
  			hlist_add_head(&fle->u.hlist, &fcp->hash_table[hash]);
  			fcp->hash_count++;
  		}
@@ -86273,7 +84978,7 @@ index 3bad824..2071a55 100644
  		flo = fle->object;
  		if (!flo)
  			goto ret_object;
-@@ -280,7 +280,7 @@ nocache:
+@@ -279,7 +279,7 @@ nocache:
  	}
  	flo = resolver(net, key, family, dir, flo, ctx);
  	if (fle) {
@@ -86305,10 +85010,10 @@ index 7e7aeb0..2a998cb 100644
  
  	m->msg_iov = iov;
 diff --git a/net/core/neighbour.c b/net/core/neighbour.c
-index c815f28..e6403f2 100644
+index 3863b8f..85c99a6 100644
 --- a/net/core/neighbour.c
 +++ b/net/core/neighbour.c
-@@ -2776,7 +2776,7 @@ static int proc_unres_qlen(ctl_table *ctl, int write, void __user *buffer,
+@@ -2778,7 +2778,7 @@ static int proc_unres_qlen(ctl_table *ctl, int write, void __user *buffer,
  			   size_t *lenp, loff_t *ppos)
  {
  	int size, ret;
@@ -86317,11 +85022,29 @@ index c815f28..e6403f2 100644
  
  	tmp.extra1 = &zero;
  	tmp.extra2 = &unres_qlen_max;
+diff --git a/net/core/net-procfs.c b/net/core/net-procfs.c
+index 3174f19..5810985 100644
+--- a/net/core/net-procfs.c
++++ b/net/core/net-procfs.c
+@@ -271,8 +271,13 @@ static int ptype_seq_show(struct seq_file *seq, void *v)
+ 		else
+ 			seq_printf(seq, "%04x", ntohs(pt->type));
+ 
++#ifdef CONFIG_GRKERNSEC_HIDESYM
++		seq_printf(seq, " %-8s %pF\n",
++			   pt->dev ? pt->dev->name : "", NULL);
++#else
+ 		seq_printf(seq, " %-8s %pF\n",
+ 			   pt->dev ? pt->dev->name : "", pt->func);
++#endif
+ 	}
+ 
+ 	return 0;
 diff --git a/net/core/net-sysfs.c b/net/core/net-sysfs.c
-index 28c5f5a..7edf2e2 100644
+index 7427ab5..389f411 100644
 --- a/net/core/net-sysfs.c
 +++ b/net/core/net-sysfs.c
-@@ -1455,7 +1455,7 @@ void netdev_class_remove_file(struct class_attribute *class_attr)
+@@ -1321,7 +1321,7 @@ void netdev_class_remove_file(struct class_attribute *class_attr)
  }
  EXPORT_SYMBOL(netdev_class_remove_file);
  
@@ -86331,7 +85054,7 @@ index 28c5f5a..7edf2e2 100644
  	kobj_ns_type_register(&net_ns_type_operations);
  	return class_register(&net_class);
 diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
-index 8acce01..2e306bb 100644
+index 80e271d..2980cc2 100644
 --- a/net/core/net_namespace.c
 +++ b/net/core/net_namespace.c
 @@ -442,7 +442,7 @@ static int __register_pernet_operations(struct list_head *list,
@@ -86371,7 +85094,7 @@ index 8acce01..2e306bb 100644
  	return error;
  }
 diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
-index 055fb13..5ee16b2 100644
+index 23854b5..ff4fda4 100644
 --- a/net/core/rtnetlink.c
 +++ b/net/core/rtnetlink.c
 @@ -58,7 +58,7 @@ struct rtnl_link {
@@ -86468,10 +85191,10 @@ index e61a8bb..6a2f13c 100644
  #ifdef CONFIG_INET
  static u32 seq_scale(u32 seq)
 diff --git a/net/core/sock.c b/net/core/sock.c
-index bc131d4..029e378 100644
+index b261a79..8fe17ab 100644
 --- a/net/core/sock.c
 +++ b/net/core/sock.c
-@@ -388,7 +388,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
+@@ -390,7 +390,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
  	struct sk_buff_head *list = &sk->sk_receive_queue;
  
  	if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) {
@@ -86480,7 +85203,7 @@ index bc131d4..029e378 100644
  		trace_sock_rcvqueue_full(sk, skb);
  		return -ENOMEM;
  	}
-@@ -398,7 +398,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
+@@ -400,7 +400,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
  		return err;
  
  	if (!sk_rmem_schedule(sk, skb, skb->truesize)) {
@@ -86489,7 +85212,7 @@ index bc131d4..029e378 100644
  		return -ENOBUFS;
  	}
  
-@@ -418,7 +418,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
+@@ -420,7 +420,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
  	skb_dst_force(skb);
  
  	spin_lock_irqsave(&list->lock, flags);
@@ -86498,7 +85221,7 @@ index bc131d4..029e378 100644
  	__skb_queue_tail(list, skb);
  	spin_unlock_irqrestore(&list->lock, flags);
  
-@@ -438,7 +438,7 @@ int sk_receive_skb(struct sock *sk, struct sk_buff *skb, const int nested)
+@@ -440,7 +440,7 @@ int sk_receive_skb(struct sock *sk, struct sk_buff *skb, const int nested)
  	skb->dev = NULL;
  
  	if (sk_rcvqueues_full(sk, skb, sk->sk_rcvbuf)) {
@@ -86507,7 +85230,7 @@ index bc131d4..029e378 100644
  		goto discard_and_relse;
  	}
  	if (nested)
-@@ -456,7 +456,7 @@ int sk_receive_skb(struct sock *sk, struct sk_buff *skb, const int nested)
+@@ -458,7 +458,7 @@ int sk_receive_skb(struct sock *sk, struct sk_buff *skb, const int nested)
  		mutex_release(&sk->sk_lock.dep_map, 1, _RET_IP_);
  	} else if (sk_add_backlog(sk, skb, sk->sk_rcvbuf)) {
  		bh_unlock_sock(sk);
@@ -86516,7 +85239,7 @@ index bc131d4..029e378 100644
  		goto discard_and_relse;
  	}
  
-@@ -930,12 +930,12 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
+@@ -942,12 +942,12 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
  		struct timeval tm;
  	} v;
  
@@ -86532,7 +85255,7 @@ index bc131d4..029e378 100644
  		return -EINVAL;
  
  	memset(&v, 0, sizeof(v));
-@@ -1083,11 +1083,11 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
+@@ -1099,11 +1099,11 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
  
  	case SO_PEERNAME:
  	{
@@ -86546,7 +85269,7 @@ index bc131d4..029e378 100644
  			return -EINVAL;
  		if (copy_to_user(optval, address, len))
  			return -EFAULT;
-@@ -1146,7 +1146,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
+@@ -1166,7 +1166,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
  
  	if (len > lv)
  		len = lv;
@@ -86555,7 +85278,7 @@ index bc131d4..029e378 100644
  		return -EFAULT;
  lenout:
  	if (put_user(len, optlen))
-@@ -2276,7 +2276,7 @@ void sock_init_data(struct socket *sock, struct sock *sk)
+@@ -2296,7 +2296,7 @@ void sock_init_data(struct socket *sock, struct sock *sk)
  	 */
  	smp_wmb();
  	atomic_set(&sk->sk_refcnt, 1);
@@ -86565,7 +85288,7 @@ index bc131d4..029e378 100644
  EXPORT_SYMBOL(sock_init_data);
  
 diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c
-index 750f44f..922399c 100644
+index a29e90c..922399c 100644
 --- a/net/core/sock_diag.c
 +++ b/net/core/sock_diag.c
 @@ -9,26 +9,33 @@
@@ -86616,7 +85339,7 @@ index 750f44f..922399c 100644
  	mutex_unlock(&sock_diag_table_mutex);
  
  	return err;
-@@ -92,26 +102,13 @@ void sock_diag_unregister(const struct sock_diag_handler *hnld)
+@@ -92,7 +102,9 @@ void sock_diag_unregister(const struct sock_diag_handler *hnld)
  
  	mutex_lock(&sock_diag_table_mutex);
  	BUG_ON(sock_diag_handlers[family] != hnld);
@@ -86626,50 +85349,11 @@ index 750f44f..922399c 100644
  	mutex_unlock(&sock_diag_table_mutex);
  }
  EXPORT_SYMBOL_GPL(sock_diag_unregister);
- 
--static const inline struct sock_diag_handler *sock_diag_lock_handler(int family)
--{
--	if (sock_diag_handlers[family] == NULL)
--		request_module("net-pf-%d-proto-%d-type-%d", PF_NETLINK,
--				NETLINK_SOCK_DIAG, family);
--
--	mutex_lock(&sock_diag_table_mutex);
--	return sock_diag_handlers[family];
--}
--
--static inline void sock_diag_unlock_handler(const struct sock_diag_handler *h)
--{
--	mutex_unlock(&sock_diag_table_mutex);
--}
--
- static int __sock_diag_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
- {
- 	int err;
-@@ -124,12 +121,17 @@ static int __sock_diag_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
- 	if (req->sdiag_family >= AF_MAX)
- 		return -EINVAL;
- 
--	hndl = sock_diag_lock_handler(req->sdiag_family);
-+	if (sock_diag_handlers[req->sdiag_family] == NULL)
-+		request_module("net-pf-%d-proto-%d-type-%d", PF_NETLINK,
-+				NETLINK_SOCK_DIAG, req->sdiag_family);
-+
-+	mutex_lock(&sock_diag_table_mutex);
-+	hndl = sock_diag_handlers[req->sdiag_family];
- 	if (hndl == NULL)
- 		err = -ENOENT;
- 	else
- 		err = hndl->dump(skb, nlh);
--	sock_diag_unlock_handler(hndl);
-+	mutex_unlock(&sock_diag_table_mutex);
- 
- 	return err;
- }
 diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c
-index d1b0804..98cf5f7 100644
+index cfdb46a..cef55e1 100644
 --- a/net/core/sysctl_net_core.c
 +++ b/net/core/sysctl_net_core.c
-@@ -26,7 +26,7 @@ static int rps_sock_flow_sysctl(ctl_table *table, int write,
+@@ -28,7 +28,7 @@ static int rps_sock_flow_sysctl(ctl_table *table, int write,
  {
  	unsigned int orig_size, size;
  	int ret, i;
@@ -86678,7 +85362,7 @@ index d1b0804..98cf5f7 100644
  		.data = &size,
  		.maxlen = sizeof(size),
  		.mode = table->mode
-@@ -205,13 +205,12 @@ static struct ctl_table netns_core_table[] = {
+@@ -211,13 +211,12 @@ static struct ctl_table netns_core_table[] = {
  
  static __net_init int sysctl_core_net_init(struct net *net)
  {
@@ -86694,7 +85378,7 @@ index d1b0804..98cf5f7 100644
  		if (tbl == NULL)
  			goto err_dup;
  
-@@ -221,17 +220,16 @@ static __net_init int sysctl_core_net_init(struct net *net)
+@@ -227,17 +226,16 @@ static __net_init int sysctl_core_net_init(struct net *net)
  		if (net->user_ns != &init_user_ns) {
  			tbl[0].procname = NULL;
  		}
@@ -86716,7 +85400,7 @@ index d1b0804..98cf5f7 100644
  err_dup:
  	return -ENOMEM;
  }
-@@ -246,7 +244,7 @@ static __net_exit void sysctl_core_net_exit(struct net *net)
+@@ -252,7 +250,7 @@ static __net_exit void sysctl_core_net_exit(struct net *net)
  	kfree(tbl);
  }
  
@@ -86726,10 +85410,10 @@ index d1b0804..98cf5f7 100644
  	.exit = sysctl_core_net_exit,
  };
 diff --git a/net/decnet/af_decnet.c b/net/decnet/af_decnet.c
-index 307c322..78a4c6f 100644
+index c21f200..bc4565b 100644
 --- a/net/decnet/af_decnet.c
 +++ b/net/decnet/af_decnet.c
-@@ -468,6 +468,7 @@ static struct proto dn_proto = {
+@@ -465,6 +465,7 @@ static struct proto dn_proto = {
  	.sysctl_rmem		= sysctl_decnet_rmem,
  	.max_header		= DN_MAX_NSP_DATA_HEADER + 64,
  	.obj_size		= sizeof(struct dn_sock),
@@ -86760,7 +85444,7 @@ index a55eecc..dd8428c 100644
  
  	*lenp = len;
 diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
-index fcf104e..6b748ea 100644
+index c929d9c..df10cde 100644
 --- a/net/ipv4/af_inet.c
 +++ b/net/ipv4/af_inet.c
 @@ -115,6 +115,7 @@
@@ -86783,9 +85467,9 @@ index fcf104e..6b748ea 100644
  }
  EXPORT_SYMBOL(build_ehash_secret);
  
-@@ -1717,13 +1720,9 @@ static int __init inet_init(void)
+@@ -1699,13 +1702,9 @@ static int __init inet_init(void)
  
- 	BUILD_BUG_ON(sizeof(struct inet_skb_parm) > sizeof(dummy_skb->cb));
+ 	BUILD_BUG_ON(sizeof(struct inet_skb_parm) > FIELD_SIZEOF(struct sk_buff, cb));
  
 -	sysctl_local_reserved_ports = kzalloc(65536 / 8, GFP_KERNEL);
 -	if (!sysctl_local_reserved_ports)
@@ -86798,7 +85482,7 @@ index fcf104e..6b748ea 100644
  
  	rc = proto_register(&udp_prot, 1);
  	if (rc)
-@@ -1832,8 +1831,6 @@ out_unregister_udp_proto:
+@@ -1814,8 +1813,6 @@ out_unregister_udp_proto:
  	proto_unregister(&udp_prot);
  out_unregister_tcp_proto:
  	proto_unregister(&tcp_prot);
@@ -86808,10 +85492,10 @@ index fcf104e..6b748ea 100644
  }
  
 diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c
-index a69b4e4..dbccba5 100644
+index 2e7f194..0fa4d6d 100644
 --- a/net/ipv4/ah4.c
 +++ b/net/ipv4/ah4.c
-@@ -421,7 +421,7 @@ static void ah4_err(struct sk_buff *skb, u32 info)
+@@ -420,7 +420,7 @@ static void ah4_err(struct sk_buff *skb, u32 info)
  		return;
  
  	if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH) {
@@ -86821,10 +85505,10 @@ index a69b4e4..dbccba5 100644
  
  		ipv4_update_pmtu(skb, net, info, 0, 0, IPPROTO_AH, 0);
 diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
-index a8e4f26..25e5f40 100644
+index c6287cd..e9bc96a 100644
 --- a/net/ipv4/devinet.c
 +++ b/net/ipv4/devinet.c
-@@ -1763,7 +1763,7 @@ static int ipv4_doint_and_flush(ctl_table *ctl, int write,
+@@ -1992,7 +1992,7 @@ static int ipv4_doint_and_flush(ctl_table *ctl, int write,
  #define DEVINET_SYSCTL_FLUSHING_ENTRY(attr, name) \
  	DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, ipv4_doint_and_flush)
  
@@ -86833,7 +85517,7 @@ index a8e4f26..25e5f40 100644
  	struct ctl_table_header *sysctl_header;
  	struct ctl_table devinet_vars[__IPV4_DEVCONF_MAX];
  } devinet_sysctl = {
-@@ -1881,7 +1881,7 @@ static __net_init int devinet_init_net(struct net *net)
+@@ -2110,7 +2110,7 @@ static __net_init int devinet_init_net(struct net *net)
  	int err;
  	struct ipv4_devconf *all, *dflt;
  #ifdef CONFIG_SYSCTL
@@ -86842,7 +85526,7 @@ index a8e4f26..25e5f40 100644
  	struct ctl_table_header *forw_hdr;
  #endif
  
-@@ -1899,7 +1899,7 @@ static __net_init int devinet_init_net(struct net *net)
+@@ -2128,7 +2128,7 @@ static __net_init int devinet_init_net(struct net *net)
  			goto err_alloc_dflt;
  
  #ifdef CONFIG_SYSCTL
@@ -86851,7 +85535,7 @@ index a8e4f26..25e5f40 100644
  		if (tbl == NULL)
  			goto err_alloc_ctl;
  
-@@ -1919,7 +1919,10 @@ static __net_init int devinet_init_net(struct net *net)
+@@ -2148,7 +2148,10 @@ static __net_init int devinet_init_net(struct net *net)
  		goto err_reg_dflt;
  
  	err = -ENOMEM;
@@ -86863,7 +85547,7 @@ index a8e4f26..25e5f40 100644
  	if (forw_hdr == NULL)
  		goto err_reg_ctl;
  	net->ipv4.forw_hdr = forw_hdr;
-@@ -1935,8 +1938,7 @@ err_reg_ctl:
+@@ -2164,8 +2167,7 @@ err_reg_ctl:
  err_reg_dflt:
  	__devinet_sysctl_unregister(all);
  err_reg_all:
@@ -86887,10 +85571,10 @@ index 4cfe34d..a6ba66e 100644
  
  		ipv4_update_pmtu(skb, net, info, 0, 0, IPPROTO_ESP, 0);
 diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
-index 5cd75e2..f57ef39 100644
+index eb4bb12..ee4ec7d 100644
 --- a/net/ipv4/fib_frontend.c
 +++ b/net/ipv4/fib_frontend.c
-@@ -1020,12 +1020,12 @@ static int fib_inetaddr_event(struct notifier_block *this, unsigned long event,
+@@ -1017,12 +1017,12 @@ static int fib_inetaddr_event(struct notifier_block *this, unsigned long event,
  #ifdef CONFIG_IP_ROUTE_MULTIPATH
  		fib_sync_up(dev);
  #endif
@@ -86905,7 +85589,7 @@ index 5cd75e2..f57ef39 100644
  		if (ifa->ifa_dev->ifa_list == NULL) {
  			/* Last address was deleted from this interface.
  			 * Disable IP.
-@@ -1061,7 +1061,7 @@ static int fib_netdev_event(struct notifier_block *this, unsigned long event, vo
+@@ -1058,7 +1058,7 @@ static int fib_netdev_event(struct notifier_block *this, unsigned long event, vo
  #ifdef CONFIG_IP_ROUTE_MULTIPATH
  		fib_sync_up(dev);
  #endif
@@ -86915,10 +85599,10 @@ index 5cd75e2..f57ef39 100644
  		break;
  	case NETDEV_DOWN:
 diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c
-index 4797a80..2bd54e9 100644
+index 8f6cb7a..34507f9 100644
 --- a/net/ipv4/fib_semantics.c
 +++ b/net/ipv4/fib_semantics.c
-@@ -767,7 +767,7 @@ __be32 fib_info_update_nh_saddr(struct net *net, struct fib_nh *nh)
+@@ -765,7 +765,7 @@ __be32 fib_info_update_nh_saddr(struct net *net, struct fib_nh *nh)
  	nh->nh_saddr = inet_select_addr(nh->nh_dev,
  					nh->nh_gw,
  					nh->nh_parent->fib_scope);
@@ -86928,7 +85612,7 @@ index 4797a80..2bd54e9 100644
  	return nh->nh_saddr;
  }
 diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c
-index d0670f0..744ac80 100644
+index 786d97a..1889c0d 100644
 --- a/net/ipv4/inet_connection_sock.c
 +++ b/net/ipv4/inet_connection_sock.c
 @@ -37,7 +37,7 @@ struct local_ports sysctl_local_ports __read_mostly = {
@@ -86941,7 +85625,7 @@ index d0670f0..744ac80 100644
  
  void inet_get_local_port_range(int *low, int *high)
 diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c
-index fa3ae81..0dbe6b8 100644
+index 6af375a..c493c74 100644
 --- a/net/ipv4/inet_hashtables.c
 +++ b/net/ipv4/inet_hashtables.c
 @@ -18,12 +18,15 @@
@@ -86960,7 +85644,7 @@ index fa3ae81..0dbe6b8 100644
  /*
   * Allocate and initialize a new local port bind bucket.
   * The bindhash mutex for snum's hash chain must be held here.
-@@ -540,6 +543,8 @@ ok:
+@@ -554,6 +557,8 @@ ok:
  			twrefcnt += inet_twsk_bind_unhash(tw, hinfo);
  		spin_unlock(&head->lock);
  
@@ -86985,10 +85669,10 @@ index 000e3d2..5472da3 100644
  					secure_ip_id(daddr->addr.a4) :
  					secure_ipv6_id(daddr->addr.a6));
 diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
-index 0fcfee3..66e86c9 100644
+index 52c273e..579060b 100644
 --- a/net/ipv4/ip_fragment.c
 +++ b/net/ipv4/ip_fragment.c
-@@ -318,7 +318,7 @@ static inline int ip_frag_too_far(struct ipq *qp)
+@@ -311,7 +311,7 @@ static inline int ip_frag_too_far(struct ipq *qp)
  		return 0;
  
  	start = qp->rid;
@@ -86997,7 +85681,7 @@ index 0fcfee3..66e86c9 100644
  	qp->rid = end;
  
  	rc = qp->q.fragments && (end - start) > max;
-@@ -793,12 +793,11 @@ static struct ctl_table ip4_frags_ctl_table[] = {
+@@ -788,12 +788,11 @@ static struct ctl_table ip4_frags_ctl_table[] = {
  
  static int __net_init ip4_frags_ns_ctl_register(struct net *net)
  {
@@ -87012,7 +85696,7 @@ index 0fcfee3..66e86c9 100644
  		if (table == NULL)
  			goto err_alloc;
  
-@@ -809,9 +808,10 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net)
+@@ -804,9 +803,10 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net)
  		/* Don't export sysctls to unprivileged users */
  		if (net->user_ns != &init_user_ns)
  			table[0].procname = NULL;
@@ -87025,7 +85709,7 @@ index 0fcfee3..66e86c9 100644
  	if (hdr == NULL)
  		goto err_reg;
  
-@@ -819,8 +819,7 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net)
+@@ -814,8 +814,7 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net)
  	return 0;
  
  err_reg:
@@ -87036,7 +85720,7 @@ index 0fcfee3..66e86c9 100644
  	return -ENOMEM;
  }
 diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
-index a85062b..2958a9b 100644
+index 91d66db..4af7d99 100644
 --- a/net/ipv4/ip_gre.c
 +++ b/net/ipv4/ip_gre.c
 @@ -124,7 +124,7 @@ static bool log_ecn_error = true;
@@ -87048,7 +85732,7 @@ index a85062b..2958a9b 100644
  static int ipgre_tunnel_init(struct net_device *dev);
  static void ipgre_tunnel_setup(struct net_device *dev);
  static int ipgre_tunnel_bind_dev(struct net_device *dev);
-@@ -1753,7 +1753,7 @@ static const struct nla_policy ipgre_policy[IFLA_GRE_MAX + 1] = {
+@@ -1823,7 +1823,7 @@ static const struct nla_policy ipgre_policy[IFLA_GRE_MAX + 1] = {
  	[IFLA_GRE_PMTUDISC]	= { .type = NLA_U8 },
  };
  
@@ -87057,7 +85741,7 @@ index a85062b..2958a9b 100644
  	.kind		= "gre",
  	.maxtype	= IFLA_GRE_MAX,
  	.policy		= ipgre_policy,
-@@ -1766,7 +1766,7 @@ static struct rtnl_link_ops ipgre_link_ops __read_mostly = {
+@@ -1836,7 +1836,7 @@ static struct rtnl_link_ops ipgre_link_ops __read_mostly = {
  	.fill_info	= ipgre_fill_info,
  };
  
@@ -87112,7 +85796,7 @@ index c3a4233..1412161 100644
  	.maxtype	= IFLA_VTI_MAX,
  	.policy		= vti_policy,
 diff --git a/net/ipv4/ipcomp.c b/net/ipv4/ipcomp.c
-index 9a46dae..5f793a0 100644
+index f01d1b1..8fe03ad 100644
 --- a/net/ipv4/ipcomp.c
 +++ b/net/ipv4/ipcomp.c
 @@ -48,7 +48,7 @@ static void ipcomp4_err(struct sk_buff *skb, u32 info)
@@ -87125,7 +85809,7 @@ index 9a46dae..5f793a0 100644
  
  		ipv4_update_pmtu(skb, net, info, 0, 0, IPPROTO_COMP, 0);
 diff --git a/net/ipv4/ipconfig.c b/net/ipv4/ipconfig.c
-index a2e50ae..e152b7c 100644
+index bf6c5cf..ab2e9c6 100644
 --- a/net/ipv4/ipconfig.c
 +++ b/net/ipv4/ipconfig.c
 @@ -323,7 +323,7 @@ static int __init ic_devinet_ioctl(unsigned int cmd, struct ifreq *arg)
@@ -87156,7 +85840,7 @@ index a2e50ae..e152b7c 100644
  	return res;
  }
 diff --git a/net/ipv4/ipip.c b/net/ipv4/ipip.c
-index 191fc24..1b3b804 100644
+index 8f024d4..8b3500c 100644
 --- a/net/ipv4/ipip.c
 +++ b/net/ipv4/ipip.c
 @@ -138,7 +138,7 @@ struct ipip_net {
@@ -87168,7 +85852,7 @@ index 191fc24..1b3b804 100644
  
  static struct rtnl_link_stats64 *ipip_get_stats64(struct net_device *dev,
  						  struct rtnl_link_stats64 *tot)
-@@ -972,7 +972,7 @@ static const struct nla_policy ipip_policy[IFLA_IPTUN_MAX + 1] = {
+@@ -974,7 +974,7 @@ static const struct nla_policy ipip_policy[IFLA_IPTUN_MAX + 1] = {
  	[IFLA_IPTUN_PMTUDISC]		= { .type = NLA_U8 },
  };
  
@@ -87178,7 +85862,7 @@ index 191fc24..1b3b804 100644
  	.maxtype	= IFLA_IPTUN_MAX,
  	.policy		= ipip_policy,
 diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
-index 3ea4127..849297b 100644
+index 7dc6a97..229c61b 100644
 --- a/net/ipv4/netfilter/arp_tables.c
 +++ b/net/ipv4/netfilter/arp_tables.c
 @@ -879,14 +879,14 @@ static int compat_table_info(const struct xt_table_info *info,
@@ -87227,7 +85911,7 @@ index 3ea4127..849297b 100644
  
  	case ARPT_SO_GET_ENTRIES:
 diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
-index 17c5e06..1b91206 100644
+index 3efcf87..5247916 100644
 --- a/net/ipv4/netfilter/ip_tables.c
 +++ b/net/ipv4/netfilter/ip_tables.c
 @@ -1068,14 +1068,14 @@ static int compat_table_info(const struct xt_table_info *info,
@@ -87276,7 +85960,7 @@ index 17c5e06..1b91206 100644
  
  	case IPT_SO_GET_ENTRIES:
 diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c
-index dc454cc..5bb917f 100644
+index 2e91006..f084394 100644
 --- a/net/ipv4/ping.c
 +++ b/net/ipv4/ping.c
 @@ -844,7 +844,7 @@ static void ping_format_sock(struct sock *sp, struct seq_file *f,
@@ -87289,10 +85973,10 @@ index dc454cc..5bb917f 100644
  
  static int ping_seq_show(struct seq_file *seq, void *v)
 diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c
-index 6f08991..55867ad 100644
+index dd44e0a..06dcca4 100644
 --- a/net/ipv4/raw.c
 +++ b/net/ipv4/raw.c
-@@ -311,7 +311,7 @@ static int raw_rcv_skb(struct sock *sk, struct sk_buff *skb)
+@@ -309,7 +309,7 @@ static int raw_rcv_skb(struct sock *sk, struct sk_buff *skb)
  int raw_rcv(struct sock *sk, struct sk_buff *skb)
  {
  	if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb)) {
@@ -87301,7 +85985,7 @@ index 6f08991..55867ad 100644
  		kfree_skb(skb);
  		return NET_RX_DROP;
  	}
-@@ -747,16 +747,20 @@ static int raw_init(struct sock *sk)
+@@ -745,16 +745,20 @@ static int raw_init(struct sock *sk)
  
  static int raw_seticmpfilter(struct sock *sk, char __user *optval, int optlen)
  {
@@ -87323,7 +86007,7 @@ index 6f08991..55867ad 100644
  
  	if (get_user(len, optlen))
  		goto out;
-@@ -766,8 +770,8 @@ static int raw_geticmpfilter(struct sock *sk, char __user *optval, int __user *o
+@@ -764,8 +768,8 @@ static int raw_geticmpfilter(struct sock *sk, char __user *optval, int __user *o
  	if (len > sizeof(struct icmp_filter))
  		len = sizeof(struct icmp_filter);
  	ret = -EFAULT;
@@ -87334,7 +86018,7 @@ index 6f08991..55867ad 100644
  		goto out;
  	ret = 0;
  out:	return ret;
-@@ -998,7 +1002,7 @@ static void raw_sock_seq_show(struct seq_file *seq, struct sock *sp, int i)
+@@ -994,7 +998,7 @@ static void raw_sock_seq_show(struct seq_file *seq, struct sock *sp, int i)
  		0, 0L, 0,
  		from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)),
  		0, sock_i_ino(sp),
@@ -87344,10 +86028,10 @@ index 6f08991..55867ad 100644
  
  static int raw_seq_show(struct seq_file *seq, void *v)
 diff --git a/net/ipv4/route.c b/net/ipv4/route.c
-index a0fcc47..32e2c89 100644
+index 6e28514..5e1b055 100644
 --- a/net/ipv4/route.c
 +++ b/net/ipv4/route.c
-@@ -2552,34 +2552,34 @@ static struct ctl_table ipv4_route_flush_table[] = {
+@@ -2553,34 +2553,34 @@ static struct ctl_table ipv4_route_flush_table[] = {
  		.maxlen		= sizeof(int),
  		.mode		= 0200,
  		.proc_handler	= ipv4_sysctl_rtcache_flush,
@@ -87390,7 +86074,7 @@ index a0fcc47..32e2c89 100644
  err_dup:
  	return -ENOMEM;
  }
-@@ -2602,7 +2602,7 @@ static __net_initdata struct pernet_operations sysctl_route_ops = {
+@@ -2603,7 +2603,7 @@ static __net_initdata struct pernet_operations sysctl_route_ops = {
  
  static __net_init int rt_genid_init(struct net *net)
  {
@@ -87400,10 +86084,10 @@ index a0fcc47..32e2c89 100644
  			 sizeof(net->ipv4.dev_addr_genid));
  	return 0;
 diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
-index d84400b..62e066e 100644
+index 960fd29..d55bf64 100644
 --- a/net/ipv4/sysctl_net_ipv4.c
 +++ b/net/ipv4/sysctl_net_ipv4.c
-@@ -54,7 +54,7 @@ static int ipv4_local_port_range(ctl_table *table, int write,
+@@ -55,7 +55,7 @@ static int ipv4_local_port_range(ctl_table *table, int write,
  {
  	int ret;
  	int range[2];
@@ -87412,7 +86096,7 @@ index d84400b..62e066e 100644
  		.data = &range,
  		.maxlen = sizeof(range),
  		.mode = table->mode,
-@@ -107,7 +107,7 @@ static int ipv4_ping_group_range(ctl_table *table, int write,
+@@ -108,7 +108,7 @@ static int ipv4_ping_group_range(ctl_table *table, int write,
  	int ret;
  	gid_t urange[2];
  	kgid_t low, high;
@@ -87421,7 +86105,7 @@ index d84400b..62e066e 100644
  		.data = &urange,
  		.maxlen = sizeof(urange),
  		.mode = table->mode,
-@@ -138,7 +138,7 @@ static int proc_tcp_congestion_control(ctl_table *ctl, int write,
+@@ -139,7 +139,7 @@ static int proc_tcp_congestion_control(ctl_table *ctl, int write,
  				       void __user *buffer, size_t *lenp, loff_t *ppos)
  {
  	char val[TCP_CA_NAME_MAX];
@@ -87430,7 +86114,7 @@ index d84400b..62e066e 100644
  		.data = val,
  		.maxlen = TCP_CA_NAME_MAX,
  	};
-@@ -157,7 +157,7 @@ static int proc_tcp_available_congestion_control(ctl_table *ctl,
+@@ -158,7 +158,7 @@ static int proc_tcp_available_congestion_control(ctl_table *ctl,
  						 void __user *buffer, size_t *lenp,
  						 loff_t *ppos)
  {
@@ -87439,7 +86123,7 @@ index d84400b..62e066e 100644
  	int ret;
  
  	tbl.data = kmalloc(tbl.maxlen, GFP_USER);
-@@ -174,7 +174,7 @@ static int proc_allowed_congestion_control(ctl_table *ctl,
+@@ -175,7 +175,7 @@ static int proc_allowed_congestion_control(ctl_table *ctl,
  					   void __user *buffer, size_t *lenp,
  					   loff_t *ppos)
  {
@@ -87448,7 +86132,7 @@ index d84400b..62e066e 100644
  	int ret;
  
  	tbl.data = kmalloc(tbl.maxlen, GFP_USER);
-@@ -200,15 +200,17 @@ static int ipv4_tcp_mem(ctl_table *ctl, int write,
+@@ -201,15 +201,17 @@ static int ipv4_tcp_mem(ctl_table *ctl, int write,
  	struct mem_cgroup *memcg;
  #endif
  
@@ -87469,16 +86153,16 @@ index d84400b..62e066e 100644
  	}
  
  	ret = proc_doulongvec_minmax(&tmp, write, buffer, lenp, ppos);
-@@ -235,7 +237,7 @@ static int ipv4_tcp_mem(ctl_table *ctl, int write,
- int proc_tcp_fastopen_key(ctl_table *ctl, int write, void __user *buffer,
- 			  size_t *lenp, loff_t *ppos)
+@@ -236,7 +238,7 @@ static int ipv4_tcp_mem(ctl_table *ctl, int write,
+ static int proc_tcp_fastopen_key(ctl_table *ctl, int write, void __user *buffer,
+ 				 size_t *lenp, loff_t *ppos)
  {
 -	ctl_table tbl = { .maxlen = (TCP_FASTOPEN_KEY_LENGTH * 2 + 10) };
 +	ctl_table_no_const tbl = { .maxlen = (TCP_FASTOPEN_KEY_LENGTH * 2 + 10) };
  	struct tcp_fastopen_context *ctxt;
  	int ret;
  	u32  user_key[4]; /* 16 bytes, matching TCP_FASTOPEN_KEY_LENGTH */
-@@ -476,7 +478,7 @@ static struct ctl_table ipv4_table[] = {
+@@ -477,7 +479,7 @@ static struct ctl_table ipv4_table[] = {
  	},
  	{
  		.procname	= "ip_local_reserved_ports",
@@ -87487,7 +86171,7 @@ index d84400b..62e066e 100644
  		.maxlen		= 65536,
  		.mode		= 0644,
  		.proc_handler	= proc_do_large_bitmap,
-@@ -860,11 +862,10 @@ static struct ctl_table ipv4_net_table[] = {
+@@ -856,11 +858,10 @@ static struct ctl_table ipv4_net_table[] = {
  
  static __net_init int ipv4_sysctl_init_net(struct net *net)
  {
@@ -87501,7 +86185,7 @@ index d84400b..62e066e 100644
  		if (table == NULL)
  			goto err_alloc;
  
-@@ -897,15 +898,17 @@ static __net_init int ipv4_sysctl_init_net(struct net *net)
+@@ -895,15 +896,17 @@ static __net_init int ipv4_sysctl_init_net(struct net *net)
  
  	tcp_init_mem(net);
  
@@ -87522,7 +86206,7 @@ index d84400b..62e066e 100644
  err_alloc:
  	return -ENOMEM;
  }
-@@ -927,16 +930,6 @@ static __net_initdata struct pernet_operations ipv4_sysctl_ops = {
+@@ -925,16 +928,6 @@ static __net_initdata struct pernet_operations ipv4_sysctl_ops = {
  static __init int sysctl_ipv4_init(void)
  {
  	struct ctl_table_header *hdr;
@@ -87540,10 +86224,10 @@ index d84400b..62e066e 100644
  	hdr = register_net_sysctl(&init_net, "net/ipv4", ipv4_table);
  	if (hdr == NULL)
 diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
-index b4e8b79..617d6aa 100644
+index 13b9c08..d33a8d0 100644
 --- a/net/ipv4/tcp_input.c
 +++ b/net/ipv4/tcp_input.c
-@@ -4737,7 +4737,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb,
+@@ -4724,7 +4724,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb,
   * simplifies code)
   */
  static void
@@ -87552,7 +86236,7 @@ index b4e8b79..617d6aa 100644
  	     struct sk_buff *head, struct sk_buff *tail,
  	     u32 start, u32 end)
  {
-@@ -5849,6 +5849,7 @@ discard:
+@@ -5838,6 +5838,7 @@ discard:
  	    tcp_paws_reject(&tp->rx_opt, 0))
  		goto discard_and_undo;
  
@@ -87560,7 +86244,7 @@ index b4e8b79..617d6aa 100644
  	if (th->syn) {
  		/* We see SYN without ACK. It is attempt of
  		 * simultaneous connect with crossed SYNs.
-@@ -5899,6 +5900,7 @@ discard:
+@@ -5888,6 +5889,7 @@ discard:
  		goto discard;
  #endif
  	}
@@ -87568,7 +86252,7 @@ index b4e8b79..617d6aa 100644
  	/* "fifth, if neither of the SYN or RST bits is set then
  	 * drop the segment and return."
  	 */
-@@ -5943,7 +5945,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
+@@ -5932,7 +5934,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
  			goto discard;
  
  		if (th->syn) {
@@ -87578,7 +86262,7 @@ index b4e8b79..617d6aa 100644
  			if (icsk->icsk_af_ops->conn_request(sk, skb) < 0)
  				return 1;
 diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
-index d9130a9..00328ff 100644
+index d09203c..fd5cc91 100644
 --- a/net/ipv4/tcp_ipv4.c
 +++ b/net/ipv4/tcp_ipv4.c
 @@ -90,6 +90,10 @@ int sysctl_tcp_low_latency __read_mostly;
@@ -87592,7 +86276,7 @@ index d9130a9..00328ff 100644
  #ifdef CONFIG_TCP_MD5SIG
  static int tcp_v4_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key,
  			       __be32 daddr, __be32 saddr, const struct tcphdr *th);
-@@ -1895,6 +1899,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb)
+@@ -1897,6 +1901,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb)
  	return 0;
  
  reset:
@@ -87602,7 +86286,7 @@ index d9130a9..00328ff 100644
  	tcp_v4_send_reset(rsk, skb);
  discard:
  	kfree_skb(skb);
-@@ -1994,12 +2001,19 @@ int tcp_v4_rcv(struct sk_buff *skb)
+@@ -1996,12 +2003,19 @@ int tcp_v4_rcv(struct sk_buff *skb)
  	TCP_SKB_CB(skb)->sacked	 = 0;
  
  	sk = __inet_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
@@ -87625,7 +86309,7 @@ index d9130a9..00328ff 100644
  
  	if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) {
  		NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
-@@ -2050,6 +2064,10 @@ no_tcp_socket:
+@@ -2052,6 +2066,10 @@ no_tcp_socket:
  bad_packet:
  		TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
  	} else {
@@ -87637,7 +86321,7 @@ index d9130a9..00328ff 100644
  	}
  
 diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c
-index f35f2df..ccb5ca6 100644
+index b83a49c..6c562a7 100644
 --- a/net/ipv4/tcp_minisocks.c
 +++ b/net/ipv4/tcp_minisocks.c
 @@ -27,6 +27,10 @@
@@ -87651,7 +86335,7 @@ index f35f2df..ccb5ca6 100644
  int sysctl_tcp_syncookies __read_mostly = 1;
  EXPORT_SYMBOL(sysctl_tcp_syncookies);
  
-@@ -742,7 +746,10 @@ embryonic_reset:
+@@ -744,7 +748,10 @@ embryonic_reset:
  		 * avoid becoming vulnerable to outside attack aiming at
  		 * resetting legit local connections.
  		 */
@@ -87664,7 +86348,7 @@ index f35f2df..ccb5ca6 100644
  		reqsk_fastopen_remove(sk, req, true);
  		tcp_reset(sk);
 diff --git a/net/ipv4/tcp_probe.c b/net/ipv4/tcp_probe.c
-index 4526fe6..1a34e43 100644
+index d4943f6..e7a74a5 100644
 --- a/net/ipv4/tcp_probe.c
 +++ b/net/ipv4/tcp_probe.c
 @@ -204,7 +204,7 @@ static ssize_t tcpprobe_read(struct file *file, char __user *buf,
@@ -87706,7 +86390,7 @@ index b78aac3..e18230b 100644
  				  syn_set ? 0 : icsk->icsk_user_timeout, syn_set)) {
  		/* Has it gone just too far? */
 diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
-index 1f4d405..3524677 100644
+index 0a073a2..ddf6279 100644
 --- a/net/ipv4/udp.c
 +++ b/net/ipv4/udp.c
 @@ -87,6 +87,7 @@
@@ -87728,7 +86412,7 @@ index 1f4d405..3524677 100644
  struct udp_table udp_table __read_mostly;
  EXPORT_SYMBOL(udp_table);
  
-@@ -569,6 +574,9 @@ found:
+@@ -594,6 +599,9 @@ found:
  	return s;
  }
  
@@ -87738,7 +86422,7 @@ index 1f4d405..3524677 100644
  /*
   * This routine is called by the ICMP module when it gets some
   * sort of error condition.  If err < 0 then the socket should
-@@ -864,9 +872,18 @@ int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
+@@ -889,9 +897,18 @@ int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
  		dport = usin->sin_port;
  		if (dport == 0)
  			return -EINVAL;
@@ -87757,7 +86441,7 @@ index 1f4d405..3524677 100644
  		daddr = inet->inet_daddr;
  		dport = inet->inet_dport;
  		/* Open fast path for connected socket.
-@@ -1108,7 +1125,7 @@ static unsigned int first_packet_length(struct sock *sk)
+@@ -1133,7 +1150,7 @@ static unsigned int first_packet_length(struct sock *sk)
  		udp_lib_checksum_complete(skb)) {
  		UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS,
  				 IS_UDPLITE(sk));
@@ -87766,7 +86450,7 @@ index 1f4d405..3524677 100644
  		__skb_unlink(skb, rcvq);
  		__skb_queue_tail(&list_kill, skb);
  	}
-@@ -1194,6 +1211,10 @@ try_again:
+@@ -1219,6 +1236,10 @@ try_again:
  	if (!skb)
  		goto out;
  
@@ -87777,7 +86461,7 @@ index 1f4d405..3524677 100644
  	ulen = skb->len - sizeof(struct udphdr);
  	copied = len;
  	if (copied > ulen)
-@@ -1227,7 +1248,7 @@ try_again:
+@@ -1252,7 +1273,7 @@ try_again:
  	if (unlikely(err)) {
  		trace_kfree_skb(skb, udp_recvmsg);
  		if (!peeked) {
@@ -87786,7 +86470,7 @@ index 1f4d405..3524677 100644
  			UDP_INC_STATS_USER(sock_net(sk),
  					   UDP_MIB_INERRORS, is_udplite);
  		}
-@@ -1510,7 +1531,7 @@ int udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
+@@ -1535,7 +1556,7 @@ int udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
  
  drop:
  	UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, is_udplite);
@@ -87795,7 +86479,7 @@ index 1f4d405..3524677 100644
  	kfree_skb(skb);
  	return -1;
  }
-@@ -1529,7 +1550,7 @@ static void flush_stack(struct sock **stack, unsigned int count,
+@@ -1554,7 +1575,7 @@ static void flush_stack(struct sock **stack, unsigned int count,
  			skb1 = (i == final) ? skb : skb_clone(skb, GFP_ATOMIC);
  
  		if (!skb1) {
@@ -87804,7 +86488,7 @@ index 1f4d405..3524677 100644
  			UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_RCVBUFERRORS,
  					 IS_UDPLITE(sk));
  			UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS,
-@@ -1698,6 +1719,9 @@ int __udp4_lib_rcv(struct sk_buff *skb, struct udp_table *udptable,
+@@ -1723,6 +1744,9 @@ int __udp4_lib_rcv(struct sk_buff *skb, struct udp_table *udptable,
  		goto csum_error;
  
  	UDP_INC_STATS_BH(net, UDP_MIB_NOPORTS, proto == IPPROTO_UDPLITE);
@@ -87814,7 +86498,7 @@ index 1f4d405..3524677 100644
  	icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
  
  	/*
-@@ -2120,7 +2144,7 @@ static void udp4_format_sock(struct sock *sp, struct seq_file *f,
+@@ -2152,7 +2176,7 @@ static void udp4_format_sock(struct sock *sp, struct seq_file *f,
  		from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)),
  		0, sock_i_ino(sp),
  		atomic_read(&sp->sk_refcnt), sp,
@@ -87823,11 +86507,50 @@ index 1f4d405..3524677 100644
  }
  
  int udp4_seq_show(struct seq_file *seq, void *v)
+diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
+index 9a459be..086b866 100644
+--- a/net/ipv4/xfrm4_policy.c
++++ b/net/ipv4/xfrm4_policy.c
+@@ -264,19 +264,18 @@ static struct ctl_table xfrm4_policy_table[] = {
+ 
+ static int __net_init xfrm4_net_init(struct net *net)
+ {
+-	struct ctl_table *table;
++	ctl_table_no_const *table = NULL;
+ 	struct ctl_table_header *hdr;
+ 
+-	table = xfrm4_policy_table;
+ 	if (!net_eq(net, &init_net)) {
+-		table = kmemdup(table, sizeof(xfrm4_policy_table), GFP_KERNEL);
++		table = kmemdup(xfrm4_policy_table, sizeof(xfrm4_policy_table), GFP_KERNEL);
+ 		if (!table)
+ 			goto err_alloc;
+ 
+ 		table[0].data = &net->xfrm.xfrm4_dst_ops.gc_thresh;
+-	}
+-
+-	hdr = register_net_sysctl(net, "net/ipv4", table);
++		hdr = register_net_sysctl(net, "net/ipv4", table);
++	} else
++		hdr = register_net_sysctl(net, "net/ipv4", xfrm4_policy_table);
+ 	if (!hdr)
+ 		goto err_reg;
+ 
+@@ -284,8 +283,7 @@ static int __net_init xfrm4_net_init(struct net *net)
+ 	return 0;
+ 
+ err_reg:
+-	if (!net_eq(net, &init_net))
+-		kfree(table);
++	kfree(table);
+ err_alloc:
+ 	return -ENOMEM;
+ }
 diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
-index e8676c2..0a164f6 100644
+index dae802c..bfa4baa 100644
 --- a/net/ipv6/addrconf.c
 +++ b/net/ipv6/addrconf.c
-@@ -2272,7 +2272,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg)
+@@ -2274,7 +2274,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg)
  		p.iph.ihl = 5;
  		p.iph.protocol = IPPROTO_IPV6;
  		p.iph.ttl = 64;
@@ -87836,7 +86559,7 @@ index e8676c2..0a164f6 100644
  
  		if (ops->ndo_do_ioctl) {
  			mm_segment_t oldfs = get_fs();
-@@ -4415,7 +4415,7 @@ int addrconf_sysctl_forward(ctl_table *ctl, int write,
+@@ -4410,7 +4410,7 @@ int addrconf_sysctl_forward(ctl_table *ctl, int write,
  	int *valp = ctl->data;
  	int val = *valp;
  	loff_t pos = *ppos;
@@ -87845,7 +86568,7 @@ index e8676c2..0a164f6 100644
  	int ret;
  
  	/*
-@@ -4497,7 +4497,7 @@ int addrconf_sysctl_disable(ctl_table *ctl, int write,
+@@ -4492,7 +4492,7 @@ int addrconf_sysctl_disable(ctl_table *ctl, int write,
  	int *valp = ctl->data;
  	int val = *valp;
  	loff_t pos = *ppos;
@@ -87868,7 +86591,7 @@ index fff5bdd..15194fb 100644
  	table = kmemdup(ipv6_icmp_table_template,
  			sizeof(ipv6_icmp_table_template),
 diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c
-index 131dd09..f7ed64f 100644
+index e4efffe..791fe2f 100644
 --- a/net/ipv6/ip6_gre.c
 +++ b/net/ipv6/ip6_gre.c
 @@ -73,7 +73,7 @@ struct ip6gre_net {
@@ -87880,7 +86603,23 @@ index 131dd09..f7ed64f 100644
  static int ip6gre_tunnel_init(struct net_device *dev);
  static void ip6gre_tunnel_setup(struct net_device *dev);
  static void ip6gre_tunnel_link(struct ip6gre_net *ign, struct ip6_tnl *t);
-@@ -1337,7 +1337,7 @@ static void ip6gre_fb_tunnel_init(struct net_device *dev)
+@@ -1135,6 +1135,7 @@ static int ip6gre_tunnel_ioctl(struct net_device *dev,
+ 		}
+ 		if (t == NULL)
+ 			t = netdev_priv(dev);
++		memset(&p, 0, sizeof(p));
+ 		ip6gre_tnl_parm_to_user(&p, &t->parms);
+ 		if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
+ 			err = -EFAULT;
+@@ -1182,6 +1183,7 @@ static int ip6gre_tunnel_ioctl(struct net_device *dev,
+ 		if (t) {
+ 			err = 0;
+ 
++			memset(&p, 0, sizeof(p));
+ 			ip6gre_tnl_parm_to_user(&p, &t->parms);
+ 			if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
+ 				err = -EFAULT;
+@@ -1335,7 +1337,7 @@ static void ip6gre_fb_tunnel_init(struct net_device *dev)
  }
  
  
@@ -87889,7 +86628,7 @@ index 131dd09..f7ed64f 100644
  	.handler     = ip6gre_rcv,
  	.err_handler = ip6gre_err,
  	.flags       = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
-@@ -1671,7 +1671,7 @@ static const struct nla_policy ip6gre_policy[IFLA_GRE_MAX + 1] = {
+@@ -1669,7 +1671,7 @@ static const struct nla_policy ip6gre_policy[IFLA_GRE_MAX + 1] = {
  	[IFLA_GRE_FLAGS]       = { .type = NLA_U32 },
  };
  
@@ -87898,7 +86637,7 @@ index 131dd09..f7ed64f 100644
  	.kind		= "ip6gre",
  	.maxtype	= IFLA_GRE_MAX,
  	.policy		= ip6gre_policy,
-@@ -1684,7 +1684,7 @@ static struct rtnl_link_ops ip6gre_link_ops __read_mostly = {
+@@ -1682,7 +1684,7 @@ static struct rtnl_link_ops ip6gre_link_ops __read_mostly = {
  	.fill_info	= ip6gre_fill_info,
  };
  
@@ -87908,7 +86647,7 @@ index 131dd09..f7ed64f 100644
  	.maxtype	= IFLA_GRE_MAX,
  	.policy		= ip6gre_policy,
 diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
-index a14f28b..b4b8956 100644
+index fff83cb..82d49dd 100644
 --- a/net/ipv6/ip6_tunnel.c
 +++ b/net/ipv6/ip6_tunnel.c
 @@ -87,7 +87,7 @@ static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2)
@@ -87920,7 +86659,7 @@ index a14f28b..b4b8956 100644
  
  static int ip6_tnl_net_id __read_mostly;
  struct ip6_tnl_net {
-@@ -1686,7 +1686,7 @@ static const struct nla_policy ip6_tnl_policy[IFLA_IPTUN_MAX + 1] = {
+@@ -1684,7 +1684,7 @@ static const struct nla_policy ip6_tnl_policy[IFLA_IPTUN_MAX + 1] = {
  	[IFLA_IPTUN_PROTO]		= { .type = NLA_U8 },
  };
  
@@ -87943,7 +86682,7 @@ index d1e2e8e..51c19ae 100644
  		msg.msg_flags = flags;
  
 diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
-index 125a90d..2a11f36 100644
+index 341b54a..591e8ed 100644
 --- a/net/ipv6/netfilter/ip6_tables.c
 +++ b/net/ipv6/netfilter/ip6_tables.c
 @@ -1076,14 +1076,14 @@ static int compat_table_info(const struct xt_table_info *info,
@@ -87991,21 +86730,8 @@ index 125a90d..2a11f36 100644
  		break;
  
  	case IP6T_SO_GET_ENTRIES:
-diff --git a/net/ipv6/netfilter/ip6t_NPT.c b/net/ipv6/netfilter/ip6t_NPT.c
-index 83acc14..0ea43c7 100644
---- a/net/ipv6/netfilter/ip6t_NPT.c
-+++ b/net/ipv6/netfilter/ip6t_NPT.c
-@@ -57,7 +57,7 @@ static bool ip6t_npt_map_pfx(const struct ip6t_npt_tginfo *npt,
- 		if (pfx_len - i >= 32)
- 			mask = 0;
- 		else
--			mask = htonl(~((1 << (pfx_len - i)) - 1));
-+			mask = htonl((1 << (i - pfx_len + 32)) - 1);
- 
- 		idx = i / 32;
- 		addr->s6_addr32[idx] &= mask;
 diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
-index 2f3a018..8bca195 100644
+index 6700069..1e50f42 100644
 --- a/net/ipv6/netfilter/nf_conntrack_reasm.c
 +++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
 @@ -89,12 +89,11 @@ static struct ctl_table nf_ct_frag6_sysctl_table[] = {
@@ -88024,9 +86750,9 @@ index 2f3a018..8bca195 100644
  		if (table == NULL)
  			goto err_alloc;
 @@ -102,9 +101,9 @@ static int nf_ct_frag6_sysctl_register(struct net *net)
- 		table[0].data = &net->ipv6.frags.high_thresh;
- 		table[1].data = &net->ipv6.frags.low_thresh;
- 		table[2].data = &net->ipv6.frags.timeout;
+ 		table[0].data = &net->nf_frag.frags.timeout;
+ 		table[1].data = &net->nf_frag.frags.low_thresh;
+ 		table[2].data = &net->nf_frag.frags.high_thresh;
 -	}
 -
 -	hdr = register_net_sysctl(net, "net/netfilter", table);
@@ -88047,10 +86773,10 @@ index 2f3a018..8bca195 100644
  	return -ENOMEM;
  }
 diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
-index 70fa814..d70c28c 100644
+index 330b5e7..796fbf1 100644
 --- a/net/ipv6/raw.c
 +++ b/net/ipv6/raw.c
-@@ -379,7 +379,7 @@ static inline int rawv6_rcv_skb(struct sock *sk, struct sk_buff *skb)
+@@ -378,7 +378,7 @@ static inline int rawv6_rcv_skb(struct sock *sk, struct sk_buff *skb)
  {
  	if ((raw6_sk(sk)->checksum || rcu_access_pointer(sk->sk_filter)) &&
  	    skb_checksum_complete(skb)) {
@@ -88059,7 +86785,7 @@ index 70fa814..d70c28c 100644
  		kfree_skb(skb);
  		return NET_RX_DROP;
  	}
-@@ -407,7 +407,7 @@ int rawv6_rcv(struct sock *sk, struct sk_buff *skb)
+@@ -406,7 +406,7 @@ int rawv6_rcv(struct sock *sk, struct sk_buff *skb)
  	struct raw6_sock *rp = raw6_sk(sk);
  
  	if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb)) {
@@ -88068,7 +86794,7 @@ index 70fa814..d70c28c 100644
  		kfree_skb(skb);
  		return NET_RX_DROP;
  	}
-@@ -431,7 +431,7 @@ int rawv6_rcv(struct sock *sk, struct sk_buff *skb)
+@@ -430,7 +430,7 @@ int rawv6_rcv(struct sock *sk, struct sk_buff *skb)
  
  	if (inet->hdrincl) {
  		if (skb_checksum_complete(skb)) {
@@ -88077,7 +86803,7 @@ index 70fa814..d70c28c 100644
  			kfree_skb(skb);
  			return NET_RX_DROP;
  		}
-@@ -604,7 +604,7 @@ out:
+@@ -603,7 +603,7 @@ out:
  	return err;
  }
  
@@ -88086,7 +86812,7 @@ index 70fa814..d70c28c 100644
  			struct flowi6 *fl6, struct dst_entry **dstp,
  			unsigned int flags)
  {
-@@ -916,12 +916,15 @@ do_confirm:
+@@ -915,12 +915,15 @@ do_confirm:
  static int rawv6_seticmpfilter(struct sock *sk, int level, int optname,
  			       char __user *optval, int optlen)
  {
@@ -88103,7 +86829,7 @@ index 70fa814..d70c28c 100644
  		return 0;
  	default:
  		return -ENOPROTOOPT;
-@@ -934,6 +937,7 @@ static int rawv6_geticmpfilter(struct sock *sk, int level, int optname,
+@@ -933,6 +936,7 @@ static int rawv6_geticmpfilter(struct sock *sk, int level, int optname,
  			       char __user *optval, int __user *optlen)
  {
  	int len;
@@ -88111,7 +86837,7 @@ index 70fa814..d70c28c 100644
  
  	switch (optname) {
  	case ICMPV6_FILTER:
-@@ -945,7 +949,8 @@ static int rawv6_geticmpfilter(struct sock *sk, int level, int optname,
+@@ -944,7 +948,8 @@ static int rawv6_geticmpfilter(struct sock *sk, int level, int optname,
  			len = sizeof(struct icmp6_filter);
  		if (put_user(len, optlen))
  			return -EFAULT;
@@ -88121,7 +86847,7 @@ index 70fa814..d70c28c 100644
  			return -EFAULT;
  		return 0;
  	default:
-@@ -1253,7 +1258,7 @@ static void raw6_sock_seq_show(struct seq_file *seq, struct sock *sp, int i)
+@@ -1252,7 +1257,7 @@ static void raw6_sock_seq_show(struct seq_file *seq, struct sock *sp, int i)
  		   from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)),
  		   0,
  		   sock_i_ino(sp),
@@ -88131,10 +86857,10 @@ index 70fa814..d70c28c 100644
  
  static int raw6_seq_show(struct seq_file *seq, void *v)
 diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c
-index 7a610a6..202dff9 100644
+index 0ba10e5..c14a4f6 100644
 --- a/net/ipv6/reassembly.c
 +++ b/net/ipv6/reassembly.c
-@@ -617,12 +617,11 @@ static struct ctl_table ip6_frags_ctl_table[] = {
+@@ -602,12 +602,11 @@ static struct ctl_table ip6_frags_ctl_table[] = {
  
  static int __net_init ip6_frags_ns_sysctl_register(struct net *net)
  {
@@ -88149,7 +86875,7 @@ index 7a610a6..202dff9 100644
  		if (table == NULL)
  			goto err_alloc;
  
-@@ -633,9 +632,10 @@ static int __net_init ip6_frags_ns_sysctl_register(struct net *net)
+@@ -618,9 +617,10 @@ static int __net_init ip6_frags_ns_sysctl_register(struct net *net)
  		/* Don't export sysctls to unprivileged users */
  		if (net->user_ns != &init_user_ns)
  			table[0].procname = NULL;
@@ -88162,7 +86888,7 @@ index 7a610a6..202dff9 100644
  	if (hdr == NULL)
  		goto err_reg;
  
-@@ -643,8 +643,7 @@ static int __net_init ip6_frags_ns_sysctl_register(struct net *net)
+@@ -628,8 +628,7 @@ static int __net_init ip6_frags_ns_sysctl_register(struct net *net)
  	return 0;
  
  err_reg:
@@ -88173,10 +86899,10 @@ index 7a610a6..202dff9 100644
  	return -ENOMEM;
  }
 diff --git a/net/ipv6/route.c b/net/ipv6/route.c
-index 5845613..3af8fc7 100644
+index e5fe004..9fe3e8e 100644
 --- a/net/ipv6/route.c
 +++ b/net/ipv6/route.c
-@@ -2966,7 +2966,7 @@ ctl_table ipv6_route_table_template[] = {
+@@ -2881,7 +2881,7 @@ ctl_table ipv6_route_table_template[] = {
  
  struct ctl_table * __net_init ipv6_route_sysctl_init(struct net *net)
  {
@@ -88186,19 +86912,19 @@ index 5845613..3af8fc7 100644
  	table = kmemdup(ipv6_route_table_template,
  			sizeof(ipv6_route_table_template),
 diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
-index cfba99b..20ca511 100644
+index 02f96dc..4a5a6e5 100644
 --- a/net/ipv6/sit.c
 +++ b/net/ipv6/sit.c
-@@ -72,7 +72,7 @@ MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN");
- static int ipip6_tunnel_init(struct net_device *dev);
- static void ipip6_tunnel_setup(struct net_device *dev);
+@@ -74,7 +74,7 @@ static void ipip6_tunnel_setup(struct net_device *dev);
  static void ipip6_dev_free(struct net_device *dev);
+ static bool check_6rd(struct ip_tunnel *tunnel, const struct in6_addr *v6dst,
+ 		      __be32 *v4dst);
 -static struct rtnl_link_ops sit_link_ops __read_mostly;
 +static struct rtnl_link_ops sit_link_ops;
  
  static int sit_net_id __read_mostly;
  struct sit_net {
-@@ -1463,7 +1463,7 @@ static const struct nla_policy ipip6_policy[IFLA_IPTUN_MAX + 1] = {
+@@ -1486,7 +1486,7 @@ static const struct nla_policy ipip6_policy[IFLA_IPTUN_MAX + 1] = {
  #endif
  };
  
@@ -88221,7 +86947,7 @@ index e85c48b..b8268d3 100644
  	struct ctl_table *ipv6_icmp_table;
  	int err;
 diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
-index 89dfedd..f122ba5 100644
+index 46a5be8..415688d 100644
 --- a/net/ipv6/tcp_ipv6.c
 +++ b/net/ipv6/tcp_ipv6.c
 @@ -103,6 +103,10 @@ static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
@@ -88235,7 +86961,7 @@ index 89dfedd..f122ba5 100644
  static void tcp_v6_hash(struct sock *sk)
  {
  	if (sk->sk_state != TCP_CLOSE) {
-@@ -1441,6 +1445,9 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
+@@ -1446,6 +1450,9 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
  	return 0;
  
  reset:
@@ -88245,7 +86971,7 @@ index 89dfedd..f122ba5 100644
  	tcp_v6_send_reset(sk, skb);
  discard:
  	if (opt_skb)
-@@ -1522,12 +1529,20 @@ static int tcp_v6_rcv(struct sk_buff *skb)
+@@ -1527,12 +1534,20 @@ static int tcp_v6_rcv(struct sk_buff *skb)
  	TCP_SKB_CB(skb)->sacked = 0;
  
  	sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
@@ -88268,7 +86994,7 @@ index 89dfedd..f122ba5 100644
  
  	if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) {
  		NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
-@@ -1576,6 +1591,10 @@ no_tcp_socket:
+@@ -1581,6 +1596,10 @@ no_tcp_socket:
  bad_packet:
  		TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
  	} else {
@@ -88280,10 +87006,10 @@ index 89dfedd..f122ba5 100644
  	}
  
 diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
-index fb08329..2d6919e 100644
+index d8e5e85..5a447f4 100644
 --- a/net/ipv6/udp.c
 +++ b/net/ipv6/udp.c
-@@ -51,6 +51,10 @@
+@@ -52,6 +52,10 @@
  #include <trace/events/skb.h>
  #include "udp_impl.h"
  
@@ -88294,7 +87020,7 @@ index fb08329..2d6919e 100644
  int ipv6_rcv_saddr_equal(const struct sock *sk, const struct sock *sk2)
  {
  	const struct in6_addr *sk_rcv_saddr6 = &inet6_sk(sk)->rcv_saddr;
-@@ -395,7 +399,7 @@ try_again:
+@@ -419,7 +423,7 @@ try_again:
  	if (unlikely(err)) {
  		trace_kfree_skb(skb, udpv6_recvmsg);
  		if (!peeked) {
@@ -88303,7 +87029,7 @@ index fb08329..2d6919e 100644
  			if (is_udp4)
  				UDP_INC_STATS_USER(sock_net(sk),
  						   UDP_MIB_INERRORS,
-@@ -633,7 +637,7 @@ int udpv6_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
+@@ -657,7 +661,7 @@ int udpv6_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
  	return rc;
  drop:
  	UDP6_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, is_udplite);
@@ -88312,7 +87038,7 @@ index fb08329..2d6919e 100644
  	kfree_skb(skb);
  	return -1;
  }
-@@ -691,7 +695,7 @@ static void flush_stack(struct sock **stack, unsigned int count,
+@@ -715,7 +719,7 @@ static void flush_stack(struct sock **stack, unsigned int count,
  		if (likely(skb1 == NULL))
  			skb1 = (i == final) ? skb : skb_clone(skb, GFP_ATOMIC);
  		if (!skb1) {
@@ -88321,7 +87047,7 @@ index fb08329..2d6919e 100644
  			UDP6_INC_STATS_BH(sock_net(sk), UDP_MIB_RCVBUFERRORS,
  					  IS_UDPLITE(sk));
  			UDP6_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS,
-@@ -862,6 +866,9 @@ int __udp6_lib_rcv(struct sk_buff *skb, struct udp_table *udptable,
+@@ -852,6 +856,9 @@ int __udp6_lib_rcv(struct sk_buff *skb, struct udp_table *udptable,
  		goto discard;
  
  	UDP6_INC_STATS_BH(net, UDP_MIB_NOPORTS, proto == IPPROTO_UDPLITE);
@@ -88331,7 +87057,7 @@ index fb08329..2d6919e 100644
  	icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_PORT_UNREACH, 0);
  
  	kfree_skb(skb);
-@@ -1379,7 +1386,7 @@ static void udp6_sock_seq_show(struct seq_file *seq, struct sock *sp, int bucket
+@@ -1377,7 +1384,7 @@ static void udp6_sock_seq_show(struct seq_file *seq, struct sock *sp, int bucket
  		   0,
  		   sock_i_ino(sp),
  		   atomic_read(&sp->sk_refcnt), sp,
@@ -88340,11 +87066,50 @@ index fb08329..2d6919e 100644
  }
  
  int udp6_seq_show(struct seq_file *seq, void *v)
+diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
+index 4ef7bdb..9e97017 100644
+--- a/net/ipv6/xfrm6_policy.c
++++ b/net/ipv6/xfrm6_policy.c
+@@ -322,19 +322,19 @@ static struct ctl_table xfrm6_policy_table[] = {
+ 
+ static int __net_init xfrm6_net_init(struct net *net)
+ {
+-	struct ctl_table *table;
++	ctl_table_no_const *table = NULL;
+ 	struct ctl_table_header *hdr;
+ 
+-	table = xfrm6_policy_table;
+ 	if (!net_eq(net, &init_net)) {
+-		table = kmemdup(table, sizeof(xfrm6_policy_table), GFP_KERNEL);
++		table = kmemdup(xfrm6_policy_table, sizeof(xfrm6_policy_table), GFP_KERNEL);
+ 		if (!table)
+ 			goto err_alloc;
+ 
+ 		table[0].data = &net->xfrm.xfrm6_dst_ops.gc_thresh;
+-	}
++		hdr = register_net_sysctl(net, "net/ipv6", table);
++	} else
++		hdr = register_net_sysctl(net, "net/ipv6", xfrm6_policy_table);
+ 
+-	hdr = register_net_sysctl(net, "net/ipv6", table);
+ 	if (!hdr)
+ 		goto err_reg;
+ 
+@@ -342,8 +342,7 @@ static int __net_init xfrm6_net_init(struct net *net)
+ 	return 0;
+ 
+ err_reg:
+-	if (!net_eq(net, &init_net))
+-		kfree(table);
++	kfree(table);
+ err_alloc:
+ 	return -ENOMEM;
+ }
 diff --git a/net/irda/ircomm/ircomm_tty.c b/net/irda/ircomm/ircomm_tty.c
-index a68c88c..d55b0c5 100644
+index 362ba47..66196f4 100644
 --- a/net/irda/ircomm/ircomm_tty.c
 +++ b/net/irda/ircomm/ircomm_tty.c
-@@ -312,12 +312,12 @@ static int ircomm_tty_block_til_ready(struct ircomm_tty_cb *self,
+@@ -319,11 +319,11 @@ static int ircomm_tty_block_til_ready(struct ircomm_tty_cb *self,
  	add_wait_queue(&port->open_wait, &wait);
  
  	IRDA_DEBUG(2, "%s(%d):block_til_ready before block on %s open_count=%d\n",
@@ -88352,14 +87117,13 @@ index a68c88c..d55b0c5 100644
 +	      __FILE__, __LINE__, tty->driver->name, atomic_read(&port->count));
  
  	spin_lock_irqsave(&port->lock, flags);
- 	if (!tty_hung_up_p(filp)) {
- 		extra_count = 1;
+ 	if (!tty_hung_up_p(filp))
 -		port->count--;
 +		atomic_dec(&port->count);
- 	}
- 	spin_unlock_irqrestore(&port->lock, flags);
  	port->blocked_open++;
-@@ -353,7 +353,7 @@ static int ircomm_tty_block_til_ready(struct ircomm_tty_cb *self,
+ 	spin_unlock_irqrestore(&port->lock, flags);
+ 
+@@ -358,7 +358,7 @@ static int ircomm_tty_block_til_ready(struct ircomm_tty_cb *self,
  		}
  
  		IRDA_DEBUG(1, "%s(%d):block_til_ready blocking on %s open_count=%d\n",
@@ -88368,15 +87132,14 @@ index a68c88c..d55b0c5 100644
  
  		schedule();
  	}
-@@ -364,13 +364,13 @@ static int ircomm_tty_block_til_ready(struct ircomm_tty_cb *self,
- 	if (extra_count) {
- 		/* ++ is not atomic, so this should be protected - Jean II */
- 		spin_lock_irqsave(&port->lock, flags);
+@@ -368,12 +368,12 @@ static int ircomm_tty_block_til_ready(struct ircomm_tty_cb *self,
+ 
+ 	spin_lock_irqsave(&port->lock, flags);
+ 	if (!tty_hung_up_p(filp))
 -		port->count++;
 +		atomic_inc(&port->count);
- 		spin_unlock_irqrestore(&port->lock, flags);
- 	}
  	port->blocked_open--;
+ 	spin_unlock_irqrestore(&port->lock, flags);
  
  	IRDA_DEBUG(1, "%s(%d):block_til_ready after blocking on %s open_count=%d\n",
 -	      __FILE__, __LINE__, tty->driver->name, port->count);
@@ -88384,7 +87147,7 @@ index a68c88c..d55b0c5 100644
  
  	if (!retval)
  		port->flags |= ASYNC_NORMAL_ACTIVE;
-@@ -444,12 +444,12 @@ static int ircomm_tty_open(struct tty_struct *tty, struct file *filp)
+@@ -447,12 +447,12 @@ static int ircomm_tty_open(struct tty_struct *tty, struct file *filp)
  
  	/* ++ is not atomic, so this should be protected - Jean II */
  	spin_lock_irqsave(&self->port.lock, flags);
@@ -88398,8 +87161,8 @@ index a68c88c..d55b0c5 100644
 +		   self->line, atomic_read(&self->port.count));
  
  	/* Not really used by us, but lets do it anyway */
- 	tty->low_latency = (self->port.flags & ASYNC_LOW_LATENCY) ? 1 : 0;
-@@ -986,7 +986,7 @@ static void ircomm_tty_hangup(struct tty_struct *tty)
+ 	self->port.low_latency = (self->port.flags & ASYNC_LOW_LATENCY) ? 1 : 0;
+@@ -989,7 +989,7 @@ static void ircomm_tty_hangup(struct tty_struct *tty)
  		tty_kref_put(port->tty);
  	}
  	port->tty = NULL;
@@ -88408,7 +87171,7 @@ index a68c88c..d55b0c5 100644
  	spin_unlock_irqrestore(&port->lock, flags);
  
  	wake_up_interruptible(&port->open_wait);
-@@ -1343,7 +1343,7 @@ static void ircomm_tty_line_info(struct ircomm_tty_cb *self, struct seq_file *m)
+@@ -1346,7 +1346,7 @@ static void ircomm_tty_line_info(struct ircomm_tty_cb *self, struct seq_file *m)
  	seq_putc(m, '\n');
  
  	seq_printf(m, "Role: %s\n", self->client ? "client" : "server");
@@ -88417,29 +87180,11 @@ index a68c88c..d55b0c5 100644
  	seq_printf(m, "Max data size: %d\n", self->max_data_size);
  	seq_printf(m, "Max header size: %d\n", self->max_header_size);
  
-diff --git a/net/irda/iriap.c b/net/irda/iriap.c
-index e71e85b..29340a9 100644
---- a/net/irda/iriap.c
-+++ b/net/irda/iriap.c
-@@ -495,8 +495,11 @@ static void iriap_getvaluebyclass_confirm(struct iriap_cb *self,
- /*		case CS_ISO_8859_9: */
- /*		case CS_UNICODE: */
- 		default:
--			IRDA_DEBUG(0, "%s(), charset %s, not supported\n",
--				   __func__, ias_charset_types[charset]);
-+			IRDA_DEBUG(0, "%s(), charset [%d] %s, not supported\n",
-+				   __func__, charset,
-+				   charset < ARRAY_SIZE(ias_charset_types) ?
-+					ias_charset_types[charset] :
-+					"(unknown)");
- 
- 			/* Aborting, close connection! */
- 			iriap_disconnect_request(self);
 diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c
-index 625bc50..ac6eef9 100644
+index 206ce6d..cfb27cd 100644
 --- a/net/iucv/af_iucv.c
 +++ b/net/iucv/af_iucv.c
-@@ -782,10 +782,10 @@ static int iucv_sock_autobind(struct sock *sk)
+@@ -773,10 +773,10 @@ static int iucv_sock_autobind(struct sock *sk)
  
  	write_lock_bh(&iucv_sk_list.lock);
  
@@ -88453,7 +87198,7 @@ index 625bc50..ac6eef9 100644
  
  	write_unlock_bh(&iucv_sk_list.lock);
 diff --git a/net/iucv/iucv.c b/net/iucv/iucv.c
-index df08250..02021fe 100644
+index 4fe76ff..426a904 100644
 --- a/net/iucv/iucv.c
 +++ b/net/iucv/iucv.c
 @@ -690,7 +690,7 @@ static int __cpuinit iucv_cpu_notify(struct notifier_block *self,
@@ -88466,10 +87211,10 @@ index df08250..02021fe 100644
  };
  
 diff --git a/net/key/af_key.c b/net/key/af_key.c
-index 5b426a6..970032b 100644
+index 5b1e5af..2358147 100644
 --- a/net/key/af_key.c
 +++ b/net/key/af_key.c
-@@ -3019,10 +3019,10 @@ static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, const struc
+@@ -3041,10 +3041,10 @@ static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, const struc
  static u32 get_acqseq(void)
  {
  	u32 res;
@@ -88483,10 +87228,10 @@ index 5b426a6..970032b 100644
  	return res;
  }
 diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
-index 49c48c6..9e72ff4 100644
+index 843d8c4..6e0a0ff 100644
 --- a/net/mac80211/cfg.c
 +++ b/net/mac80211/cfg.c
-@@ -790,7 +790,7 @@ static int ieee80211_set_monitor_channel(struct wiphy *wiphy,
+@@ -799,7 +799,7 @@ static int ieee80211_set_monitor_channel(struct wiphy *wiphy,
  			ret = ieee80211_vif_use_channel(sdata, chandef,
  					IEEE80211_CHANCTX_EXCLUSIVE);
  		}
@@ -88495,7 +87240,7 @@ index 49c48c6..9e72ff4 100644
  		local->_oper_channel = chandef->chan;
  		local->_oper_channel_type = cfg80211_get_chandef_type(chandef);
  		ieee80211_hw_config(local, 0);
-@@ -2718,7 +2718,7 @@ static void ieee80211_mgmt_frame_register(struct wiphy *wiphy,
+@@ -2834,7 +2834,7 @@ static void ieee80211_mgmt_frame_register(struct wiphy *wiphy,
  		else
  			local->probe_req_reg--;
  
@@ -88504,8 +87249,19 @@ index 49c48c6..9e72ff4 100644
  			break;
  
  		ieee80211_queue_work(&local->hw, &local->reconfig_filter);
+@@ -3297,8 +3297,8 @@ static int ieee80211_cfg_get_channel(struct wiphy *wiphy,
+ 	if (chanctx_conf) {
+ 		*chandef = chanctx_conf->def;
+ 		ret = 0;
+-	} else if (local->open_count > 0 &&
+-		   local->open_count == local->monitors &&
++	} else if (atomic_read(&local->open_count) > 0 &&
++		   atomic_read(&local->open_count) == local->monitors &&
+ 		   sdata->vif.type == NL80211_IFTYPE_MONITOR) {
+ 		if (local->use_chanctx)
+ 			*chandef = local->monitor_chandef;
 diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
-index 55d8f89..bec0c2b 100644
+index 5672533..6738c93 100644
 --- a/net/mac80211/ieee80211_i.h
 +++ b/net/mac80211/ieee80211_i.h
 @@ -28,6 +28,7 @@
@@ -88516,7 +87272,7 @@ index 55d8f89..bec0c2b 100644
  #include "key.h"
  #include "sta_info.h"
  #include "debug.h"
-@@ -910,7 +911,7 @@ struct ieee80211_local {
+@@ -897,7 +898,7 @@ struct ieee80211_local {
  	/* also used to protect ampdu_ac_queue and amdpu_ac_stop_refcnt */
  	spinlock_t queue_stop_reason_lock;
  
@@ -88526,10 +87282,10 @@ index 55d8f89..bec0c2b 100644
  	/* number of interfaces with corresponding FIF_ flags */
  	int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll,
 diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
-index 8be854e..ad72a69 100644
+index d51ca9d..042c35f 100644
 --- a/net/mac80211/iface.c
 +++ b/net/mac80211/iface.c
-@@ -546,7 +546,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up)
+@@ -495,7 +495,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up)
  		break;
  	}
  
@@ -88538,7 +87294,7 @@ index 8be854e..ad72a69 100644
  		res = drv_start(local);
  		if (res)
  			goto err_del_bss;
-@@ -591,7 +591,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up)
+@@ -540,7 +540,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up)
  			break;
  		}
  
@@ -88547,8 +87303,8 @@ index 8be854e..ad72a69 100644
  			res = ieee80211_add_virtual_monitor(local);
  			if (res)
  				goto err_stop;
-@@ -699,7 +699,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up)
- 	mutex_unlock(&local->mtx);
+@@ -649,7 +649,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up)
+ 		atomic_inc(&local->iff_promiscs);
  
  	if (coming_up)
 -		local->open_count++;
@@ -88556,7 +87312,7 @@ index 8be854e..ad72a69 100644
  
  	if (hw_reconf_flags)
  		ieee80211_hw_config(local, hw_reconf_flags);
-@@ -713,7 +713,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up)
+@@ -663,7 +663,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up)
   err_del_interface:
  	drv_remove_interface(local, sdata);
   err_stop:
@@ -88565,7 +87321,7 @@ index 8be854e..ad72a69 100644
  		drv_stop(local);
   err_del_bss:
  	sdata->bss = NULL;
-@@ -827,7 +827,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
+@@ -806,7 +806,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
  	}
  
  	if (going_down)
@@ -88574,7 +87330,7 @@ index 8be854e..ad72a69 100644
  
  	switch (sdata->vif.type) {
  	case NL80211_IFTYPE_AP_VLAN:
-@@ -884,7 +884,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
+@@ -871,7 +871,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
  
  	ieee80211_recalc_ps(local, -1);
  
@@ -88583,7 +87339,7 @@ index 8be854e..ad72a69 100644
  		if (local->ops->napi_poll)
  			napi_disable(&local->napi);
  		ieee80211_clear_tx_pending(local);
-@@ -910,7 +910,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
+@@ -897,7 +897,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
  	}
  	spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
  
@@ -88593,10 +87349,10 @@ index 8be854e..ad72a69 100644
  }
  
 diff --git a/net/mac80211/main.c b/net/mac80211/main.c
-index 1b087ff..bf600e9 100644
+index 1a8591b..ef5db54 100644
 --- a/net/mac80211/main.c
 +++ b/net/mac80211/main.c
-@@ -181,7 +181,7 @@ int ieee80211_hw_config(struct ieee80211_local *local, u32 changed)
+@@ -180,7 +180,7 @@ int ieee80211_hw_config(struct ieee80211_local *local, u32 changed)
  		changed &= ~(IEEE80211_CONF_CHANGE_CHANNEL |
  			     IEEE80211_CONF_CHANGE_POWER);
  
@@ -88606,10 +87362,10 @@ index 1b087ff..bf600e9 100644
  		/*
  		 * Goal:
 diff --git a/net/mac80211/pm.c b/net/mac80211/pm.c
-index 64619f4..c497f0f 100644
+index 835584c..be46e67 100644
 --- a/net/mac80211/pm.c
 +++ b/net/mac80211/pm.c
-@@ -35,7 +35,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan)
+@@ -33,7 +33,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan)
  	struct sta_info *sta;
  	struct ieee80211_chanctx *ctx;
  
@@ -88618,7 +87374,7 @@ index 64619f4..c497f0f 100644
  		goto suspend;
  
  	ieee80211_scan_cancel(local);
-@@ -73,7 +73,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan)
+@@ -75,7 +75,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan)
  	cancel_work_sync(&local->dynamic_ps_enable_work);
  	del_timer_sync(&local->dynamic_ps_timer);
  
@@ -88627,7 +87383,7 @@ index 64619f4..c497f0f 100644
  	if (local->wowlan) {
  		int err = drv_suspend(local, wowlan);
  		if (err < 0) {
-@@ -187,7 +187,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan)
+@@ -214,7 +214,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan)
  	mutex_unlock(&local->chanctx_mtx);
  
  	/* stop hardware - this must stop RX */
@@ -88663,10 +87419,10 @@ index c97a065..ff61928 100644
  
  	return p;
 diff --git a/net/mac80211/util.c b/net/mac80211/util.c
-index f11e8c5..08d0013 100644
+index 0f38f43..e53d4a8 100644
 --- a/net/mac80211/util.c
 +++ b/net/mac80211/util.c
-@@ -1380,7 +1380,7 @@ int ieee80211_reconfig(struct ieee80211_local *local)
+@@ -1388,7 +1388,7 @@ int ieee80211_reconfig(struct ieee80211_local *local)
  	}
  #endif
  	/* everything else happens only if HW was up & running */
@@ -88676,10 +87432,10 @@ index f11e8c5..08d0013 100644
  
  	/*
 diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
-index 49e96df..63a51c3 100644
+index 56d22ca..87c778f 100644
 --- a/net/netfilter/Kconfig
 +++ b/net/netfilter/Kconfig
-@@ -936,6 +936,16 @@ config NETFILTER_XT_MATCH_ESP
+@@ -958,6 +958,16 @@ config NETFILTER_XT_MATCH_ESP
  
  	  To compile it as a module, choose M here.  If unsure, say N.
  
@@ -88697,10 +87453,10 @@ index 49e96df..63a51c3 100644
  	tristate '"hashlimit" match support'
  	depends on (IP6_NF_IPTABLES || IP6_NF_IPTABLES=n)
 diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile
-index 3259697..54d5393 100644
+index a1abf87..dbcb7ee 100644
 --- a/net/netfilter/Makefile
 +++ b/net/netfilter/Makefile
-@@ -109,6 +109,7 @@ obj-$(CONFIG_NETFILTER_XT_MATCH_DEVGROUP) += xt_devgroup.o
+@@ -112,6 +112,7 @@ obj-$(CONFIG_NETFILTER_XT_MATCH_DEVGROUP) += xt_devgroup.o
  obj-$(CONFIG_NETFILTER_XT_MATCH_DSCP) += xt_dscp.o
  obj-$(CONFIG_NETFILTER_XT_MATCH_ECN) += xt_ecn.o
  obj-$(CONFIG_NETFILTER_XT_MATCH_ESP) += xt_esp.o
@@ -88709,10 +87465,10 @@ index 3259697..54d5393 100644
  obj-$(CONFIG_NETFILTER_XT_MATCH_HELPER) += xt_helper.o
  obj-$(CONFIG_NETFILTER_XT_MATCH_HL) += xt_hl.o
 diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c
-index 6d6d8f2..a676749 100644
+index 1ba9dbc..e39f4ca 100644
 --- a/net/netfilter/ipset/ip_set_core.c
 +++ b/net/netfilter/ipset/ip_set_core.c
-@@ -1800,7 +1800,7 @@ done:
+@@ -1801,7 +1801,7 @@ done:
  	return ret;
  }
  
@@ -88722,10 +87478,10 @@ index 6d6d8f2..a676749 100644
  	.get_optmin	= SO_IP_SET,
  	.get_optmax	= SO_IP_SET + 1,
 diff --git a/net/netfilter/ipvs/ip_vs_conn.c b/net/netfilter/ipvs/ip_vs_conn.c
-index 30e764a..c3b6a9d 100644
+index 704e514..d644cc2 100644
 --- a/net/netfilter/ipvs/ip_vs_conn.c
 +++ b/net/netfilter/ipvs/ip_vs_conn.c
-@@ -554,7 +554,7 @@ ip_vs_bind_dest(struct ip_vs_conn *cp, struct ip_vs_dest *dest)
+@@ -551,7 +551,7 @@ ip_vs_bind_dest(struct ip_vs_conn *cp, struct ip_vs_dest *dest)
  	/* Increase the refcnt counter of the dest */
  	atomic_inc(&dest->refcnt);
  
@@ -88734,7 +87490,7 @@ index 30e764a..c3b6a9d 100644
  	if (cp->protocol != IPPROTO_UDP)
  		conn_flags &= ~IP_VS_CONN_F_ONE_PACKET;
  	flags = cp->flags;
-@@ -899,7 +899,7 @@ ip_vs_conn_new(const struct ip_vs_conn_param *p,
+@@ -895,7 +895,7 @@ ip_vs_conn_new(const struct ip_vs_conn_param *p,
  	atomic_set(&cp->refcnt, 1);
  
  	atomic_set(&cp->n_control, 0);
@@ -88743,7 +87499,7 @@ index 30e764a..c3b6a9d 100644
  
  	atomic_inc(&ipvs->conn_count);
  	if (flags & IP_VS_CONN_F_NO_CPORT)
-@@ -1180,7 +1180,7 @@ static inline int todrop_entry(struct ip_vs_conn *cp)
+@@ -1174,7 +1174,7 @@ static inline int todrop_entry(struct ip_vs_conn *cp)
  
  	/* Don't drop the entry if its number of incoming packets is not
  	   located in [0, 8] */
@@ -88753,7 +87509,7 @@ index 30e764a..c3b6a9d 100644
  
  	if (!todrop_rate[i]) return 0;
 diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
-index 47edf5a..235b07d 100644
+index 61f49d2..6c8c5bc 100644
 --- a/net/netfilter/ipvs/ip_vs_core.c
 +++ b/net/netfilter/ipvs/ip_vs_core.c
 @@ -559,7 +559,7 @@ int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb,
@@ -88765,7 +87521,7 @@ index 47edf5a..235b07d 100644
  		ip_vs_conn_put(cp);
  		return ret;
  	}
-@@ -1691,7 +1691,7 @@ ip_vs_in(unsigned int hooknum, struct sk_buff *skb, int af)
+@@ -1689,7 +1689,7 @@ ip_vs_in(unsigned int hooknum, struct sk_buff *skb, int af)
  	if (cp->flags & IP_VS_CONN_F_ONE_PACKET)
  		pkts = sysctl_sync_threshold(ipvs);
  	else
@@ -88775,7 +87531,7 @@ index 47edf5a..235b07d 100644
  	if (ipvs->sync_state & IP_VS_STATE_MASTER)
  		ip_vs_sync_conn(net, cp, pkts);
 diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
-index ec664cb..7f34a77 100644
+index 9e2d1cc..7f8f569 100644
 --- a/net/netfilter/ipvs/ip_vs_ctl.c
 +++ b/net/netfilter/ipvs/ip_vs_ctl.c
 @@ -787,7 +787,7 @@ __ip_vs_update_dest(struct ip_vs_service *svc, struct ip_vs_dest *dest,
@@ -88796,7 +87552,7 @@ index ec664cb..7f34a77 100644
  	{
  		.procname	= "amemthresh",
  		.maxlen		= sizeof(int),
-@@ -2081,7 +2081,7 @@ static int ip_vs_info_seq_show(struct seq_file *seq, void *v)
+@@ -2087,7 +2087,7 @@ static int ip_vs_info_seq_show(struct seq_file *seq, void *v)
  					   "      %-7s %-6d %-10d %-10d\n",
  					   &dest->addr.in6,
  					   ntohs(dest->port),
@@ -88805,7 +87561,7 @@ index ec664cb..7f34a77 100644
  					   atomic_read(&dest->weight),
  					   atomic_read(&dest->activeconns),
  					   atomic_read(&dest->inactconns));
-@@ -2092,7 +2092,7 @@ static int ip_vs_info_seq_show(struct seq_file *seq, void *v)
+@@ -2098,7 +2098,7 @@ static int ip_vs_info_seq_show(struct seq_file *seq, void *v)
  					   "%-7s %-6d %-10d %-10d\n",
  					   ntohl(dest->addr.ip),
  					   ntohs(dest->port),
@@ -88814,7 +87570,7 @@ index ec664cb..7f34a77 100644
  					   atomic_read(&dest->weight),
  					   atomic_read(&dest->activeconns),
  					   atomic_read(&dest->inactconns));
-@@ -2562,7 +2562,7 @@ __ip_vs_get_dest_entries(struct net *net, const struct ip_vs_get_dests *get,
+@@ -2568,7 +2568,7 @@ __ip_vs_get_dest_entries(struct net *net, const struct ip_vs_get_dests *get,
  
  			entry.addr = dest->addr.ip;
  			entry.port = dest->port;
@@ -88823,7 +87579,7 @@ index ec664cb..7f34a77 100644
  			entry.weight = atomic_read(&dest->weight);
  			entry.u_threshold = dest->u_threshold;
  			entry.l_threshold = dest->l_threshold;
-@@ -3098,7 +3098,7 @@ static int ip_vs_genl_fill_dest(struct sk_buff *skb, struct ip_vs_dest *dest)
+@@ -3104,7 +3104,7 @@ static int ip_vs_genl_fill_dest(struct sk_buff *skb, struct ip_vs_dest *dest)
  	if (nla_put(skb, IPVS_DEST_ATTR_ADDR, sizeof(dest->addr), &dest->addr) ||
  	    nla_put_u16(skb, IPVS_DEST_ATTR_PORT, dest->port) ||
  	    nla_put_u32(skb, IPVS_DEST_ATTR_FWD_METHOD,
@@ -88832,7 +87588,7 @@ index ec664cb..7f34a77 100644
  			 IP_VS_CONN_F_FWD_MASK)) ||
  	    nla_put_u32(skb, IPVS_DEST_ATTR_WEIGHT,
  			atomic_read(&dest->weight)) ||
-@@ -3688,7 +3688,7 @@ static int __net_init ip_vs_control_net_init_sysctl(struct net *net)
+@@ -3694,7 +3694,7 @@ static int __net_init ip_vs_control_net_init_sysctl(struct net *net)
  {
  	int idx;
  	struct netns_ipvs *ipvs = net_ipvs(net);
@@ -88921,7 +87677,7 @@ index ee6b7a9..f9a89f6 100644
  	}
  
 diff --git a/net/netfilter/nf_conntrack_acct.c b/net/netfilter/nf_conntrack_acct.c
-index 7df424e..a527b02 100644
+index 2d3030a..7ba1c0a 100644
 --- a/net/netfilter/nf_conntrack_acct.c
 +++ b/net/netfilter/nf_conntrack_acct.c
 @@ -60,7 +60,7 @@ static struct nf_ct_ext_type acct_extend __read_mostly = {
@@ -88934,10 +87690,10 @@ index 7df424e..a527b02 100644
  	table = kmemdup(acct_sysctl_table, sizeof(acct_sysctl_table),
  			GFP_KERNEL);
 diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
-index e4a0c4f..c263f28 100644
+index c8e001a..f842a8b 100644
 --- a/net/netfilter/nf_conntrack_core.c
 +++ b/net/netfilter/nf_conntrack_core.c
-@@ -1529,6 +1529,10 @@ err_extend:
+@@ -1594,6 +1594,10 @@ void nf_conntrack_init_end(void)
  #define DYING_NULLS_VAL		((1<<30)+1)
  #define TEMPLATE_NULLS_VAL	((1<<30)+2)
  
@@ -88945,10 +87701,10 @@ index e4a0c4f..c263f28 100644
 +static atomic_unchecked_t conntrack_cache_id = ATOMIC_INIT(0);
 +#endif
 +
- static int nf_conntrack_init_net(struct net *net)
+ int nf_conntrack_init_net(struct net *net)
  {
  	int ret;
-@@ -1543,7 +1547,11 @@ static int nf_conntrack_init_net(struct net *net)
+@@ -1608,7 +1612,11 @@ int nf_conntrack_init_net(struct net *net)
  		goto err_stat;
  	}
  
@@ -88961,7 +87717,7 @@ index e4a0c4f..c263f28 100644
  		ret = -ENOMEM;
  		goto err_slabname;
 diff --git a/net/netfilter/nf_conntrack_ecache.c b/net/netfilter/nf_conntrack_ecache.c
-index faa978f..1afb18f 100644
+index b5d2eb8..61ef19a 100644
 --- a/net/netfilter/nf_conntrack_ecache.c
 +++ b/net/netfilter/nf_conntrack_ecache.c
 @@ -186,7 +186,7 @@ static struct nf_ct_ext_type event_extend __read_mostly = {
@@ -88974,10 +87730,10 @@ index faa978f..1afb18f 100644
  	table = kmemdup(event_sysctl_table, sizeof(event_sysctl_table),
  			GFP_KERNEL);
 diff --git a/net/netfilter/nf_conntrack_helper.c b/net/netfilter/nf_conntrack_helper.c
-index 884f2b3..d53b33a 100644
+index 94b4b98..97cf0ad 100644
 --- a/net/netfilter/nf_conntrack_helper.c
 +++ b/net/netfilter/nf_conntrack_helper.c
-@@ -55,7 +55,7 @@ static struct ctl_table helper_sysctl_table[] = {
+@@ -56,7 +56,7 @@ static struct ctl_table helper_sysctl_table[] = {
  
  static int nf_conntrack_helper_init_sysctl(struct net *net)
  {
@@ -88987,7 +87743,7 @@ index 884f2b3..d53b33a 100644
  	table = kmemdup(helper_sysctl_table, sizeof(helper_sysctl_table),
  			GFP_KERNEL);
 diff --git a/net/netfilter/nf_conntrack_proto.c b/net/netfilter/nf_conntrack_proto.c
-index 51e928d..72a413a 100644
+index 58ab405..50eb8d3 100644
 --- a/net/netfilter/nf_conntrack_proto.c
 +++ b/net/netfilter/nf_conntrack_proto.c
 @@ -51,7 +51,7 @@ nf_ct_register_sysctl(struct net *net,
@@ -89000,7 +87756,7 @@ index 51e928d..72a413a 100644
  {
  	if (users > 0)
 diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
-index e7185c6..4ad6c9c 100644
+index fedee39..d62a93d 100644
 --- a/net/netfilter/nf_conntrack_standalone.c
 +++ b/net/netfilter/nf_conntrack_standalone.c
 @@ -470,7 +470,7 @@ static ctl_table nf_ct_netfilter_table[] = {
@@ -89010,10 +87766,10 @@ index e7185c6..4ad6c9c 100644
 -	struct ctl_table *table;
 +	ctl_table_no_const *table;
  
- 	if (net_eq(net, &init_net)) {
- 		nf_ct_netfilter_header =
+ 	table = kmemdup(nf_ct_sysctl_table, sizeof(nf_ct_sysctl_table),
+ 			GFP_KERNEL);
 diff --git a/net/netfilter/nf_conntrack_timestamp.c b/net/netfilter/nf_conntrack_timestamp.c
-index 7ea8026..bc9512d 100644
+index 902fb0a..87f7fdb 100644
 --- a/net/netfilter/nf_conntrack_timestamp.c
 +++ b/net/netfilter/nf_conntrack_timestamp.c
 @@ -42,7 +42,7 @@ static struct nf_ct_ext_type tstamp_extend __read_mostly = {
@@ -89080,21 +87836,8 @@ index f042ae5..30ea486 100644
  	mutex_unlock(&nf_sockopt_mutex);
  }
  EXPORT_SYMBOL(nf_unregister_sockopt);
-diff --git a/net/netfilter/nfnetlink_acct.c b/net/netfilter/nfnetlink_acct.c
-index 589d686..dc3fd5d 100644
---- a/net/netfilter/nfnetlink_acct.c
-+++ b/net/netfilter/nfnetlink_acct.c
-@@ -49,6 +49,8 @@ nfnl_acct_new(struct sock *nfnl, struct sk_buff *skb,
- 		return -EINVAL;
- 
- 	acct_name = nla_data(tb[NFACCT_NAME]);
-+	if (strlen(acct_name) == 0)
-+		return -EINVAL;
- 
- 	list_for_each_entry(nfacct, &nfnl_acct_list, head) {
- 		if (strncmp(nfacct->name, acct_name, NFACCT_NAME_MAX) != 0)
 diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
-index 92fd8ec..3f6ea4b 100644
+index f248db5..3778ad9 100644
 --- a/net/netfilter/nfnetlink_log.c
 +++ b/net/netfilter/nfnetlink_log.c
 @@ -72,7 +72,7 @@ struct nfulnl_instance {
@@ -89106,7 +87849,7 @@ index 92fd8ec..3f6ea4b 100644
  
  #define INSTANCE_BUCKETS	16
  static struct hlist_head instance_table[INSTANCE_BUCKETS];
-@@ -537,7 +537,7 @@ __build_packet_message(struct nfulnl_instance *inst,
+@@ -536,7 +536,7 @@ __build_packet_message(struct nfulnl_instance *inst,
  	/* global sequence number */
  	if ((inst->flags & NFULNL_CFG_F_SEQ_GLOBAL) &&
  	    nla_put_be32(inst->skb, NFULA_SEQ_GLOBAL,
@@ -89115,22 +87858,6 @@ index 92fd8ec..3f6ea4b 100644
  		goto nla_put_failure;
  
  	if (data_len) {
-diff --git a/net/netfilter/nfnetlink_queue_core.c b/net/netfilter/nfnetlink_queue_core.c
-index 3158d87..39006c9 100644
---- a/net/netfilter/nfnetlink_queue_core.c
-+++ b/net/netfilter/nfnetlink_queue_core.c
-@@ -1064,8 +1064,10 @@ static int __init nfnetlink_queue_init(void)
- 
- #ifdef CONFIG_PROC_FS
- 	if (!proc_create("nfnetlink_queue", 0440,
--			 proc_net_netfilter, &nfqnl_file_ops))
-+			 proc_net_netfilter, &nfqnl_file_ops)) {
-+		status = -ENOMEM;
- 		goto cleanup_subsys;
-+	}
- #endif
- 
- 	register_netdevice_notifier(&nfqnl_dev_notifier);
 diff --git a/net/netfilter/xt_gradm.c b/net/netfilter/xt_gradm.c
 new file mode 100644
 index 0000000..c566332
@@ -89223,10 +87950,10 @@ index 4fe4fb4..87a89e5 100644
  	return 0;
  }
 diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
-index c0353d5..fcb0270 100644
+index 1e3fd5b..ad397ea 100644
 --- a/net/netlink/af_netlink.c
 +++ b/net/netlink/af_netlink.c
-@@ -785,7 +785,7 @@ static void netlink_overrun(struct sock *sk)
+@@ -781,7 +781,7 @@ static void netlink_overrun(struct sock *sk)
  			sk->sk_error_report(sk);
  		}
  	}
@@ -89235,7 +87962,7 @@ index c0353d5..fcb0270 100644
  }
  
  static struct sock *netlink_getsockbyportid(struct sock *ssk, u32 portid)
-@@ -2071,7 +2071,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v)
+@@ -2063,7 +2063,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v)
  			   sk_wmem_alloc_get(s),
  			   nlk->cb,
  			   atomic_read(&s->sk_refcnt),
@@ -89287,10 +88014,10 @@ index 5a55be3..7630745 100644
  		}
  	}
 diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c
-index 14c106b..2d58b38 100644
+index 103bd70..f21aad3 100644
 --- a/net/netrom/af_netrom.c
 +++ b/net/netrom/af_netrom.c
-@@ -838,6 +838,7 @@ static int nr_getname(struct socket *sock, struct sockaddr *uaddr,
+@@ -834,6 +834,7 @@ static int nr_getname(struct socket *sock, struct sockaddr *uaddr,
  	struct sock *sk = sock->sk;
  	struct nr_sock *nr = nr_sk(sk);
  
@@ -89298,7 +88025,7 @@ index 14c106b..2d58b38 100644
  	lock_sock(sk);
  	if (peer != 0) {
  		if (sk->sk_state != TCP_ESTABLISHED) {
-@@ -852,7 +853,6 @@ static int nr_getname(struct socket *sock, struct sockaddr *uaddr,
+@@ -848,7 +849,6 @@ static int nr_getname(struct socket *sock, struct sockaddr *uaddr,
  		*uaddr_len = sizeof(struct full_sockaddr_ax25);
  	} else {
  		sax->fsa_ax25.sax25_family = AF_NETROM;
@@ -89307,7 +88034,7 @@ index 14c106b..2d58b38 100644
  		*uaddr_len = sizeof(struct sockaddr_ax25);
  	}
 diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
-index c111bd0..7788ff7 100644
+index 1d6793d..056b191 100644
 --- a/net/packet/af_packet.c
 +++ b/net/packet/af_packet.c
 @@ -1578,7 +1578,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
@@ -89379,7 +88106,7 @@ index 5a940db..d6a502d 100644
  
  	err = proto_register(pp->prot, 1);
 diff --git a/net/phonet/pep.c b/net/phonet/pep.c
-index 576f22c..bc7a71b 100644
+index e774117..900b8b7 100644
 --- a/net/phonet/pep.c
 +++ b/net/phonet/pep.c
 @@ -388,7 +388,7 @@ static int pipe_do_rcv(struct sock *sk, struct sk_buff *skb)
@@ -89410,10 +88137,10 @@ index 576f22c..bc7a71b 100644
  			break;
  		}
 diff --git a/net/phonet/socket.c b/net/phonet/socket.c
-index b7e9827..c264c85 100644
+index 1afd138..0b42453 100644
 --- a/net/phonet/socket.c
 +++ b/net/phonet/socket.c
-@@ -615,7 +615,7 @@ static int pn_sock_seq_show(struct seq_file *seq, void *v)
+@@ -612,7 +612,7 @@ static int pn_sock_seq_show(struct seq_file *seq, void *v)
  			from_kuid_munged(seq_user_ns(seq), sock_i_uid(sk)),
  			sock_i_ino(sk),
  			atomic_read(&sk->sk_refcnt), sk,
@@ -89602,10 +88329,10 @@ index 81cf5a4..b5826ff 100644
  	set_fs(oldfs);
  }
 diff --git a/net/rxrpc/af_rxrpc.c b/net/rxrpc/af_rxrpc.c
-index 05996d0..5a1dfe0 100644
+index e61aa60..f07cc89 100644
 --- a/net/rxrpc/af_rxrpc.c
 +++ b/net/rxrpc/af_rxrpc.c
-@@ -39,7 +39,7 @@ static const struct proto_ops rxrpc_rpc_ops;
+@@ -40,7 +40,7 @@ static const struct proto_ops rxrpc_rpc_ops;
  __be32 rxrpc_epoch;
  
  /* current debugging ID */
@@ -89893,7 +88620,7 @@ index 391a245..296b3d7 100644
  
  /* Initialize IPv6 support and register with socket layer.  */
 diff --git a/net/sctp/probe.c b/net/sctp/probe.c
-index 5f7518d..9b91f6c 100644
+index ad0dba8..e62c225 100644
 --- a/net/sctp/probe.c
 +++ b/net/sctp/probe.c
 @@ -63,7 +63,7 @@ static struct {
@@ -89906,10 +88633,10 @@ index 5f7518d..9b91f6c 100644
  	va_list args;
  	int len;
 diff --git a/net/sctp/proc.c b/net/sctp/proc.c
-index 8c19e97..16264b8 100644
+index ab3bba8..2fbab4e 100644
 --- a/net/sctp/proc.c
 +++ b/net/sctp/proc.c
-@@ -338,7 +338,8 @@ static int sctp_assocs_seq_show(struct seq_file *seq, void *v)
+@@ -336,7 +336,8 @@ static int sctp_assocs_seq_show(struct seq_file *seq, void *v)
  		seq_printf(seq,
  			   "%8pK %8pK %-3d %-3d %-2d %-4d "
  			   "%4d %8d %8d %7d %5lu %-5d %5d ",
@@ -89920,7 +88647,7 @@ index 8c19e97..16264b8 100644
  			   assoc->assoc_id,
  			   assoc->sndbuf_used,
 diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c
-index f898b1c..a2d0fe8 100644
+index 1c2e46c..f91cf5e 100644
 --- a/net/sctp/protocol.c
 +++ b/net/sctp/protocol.c
 @@ -834,8 +834,10 @@ int sctp_register_af(struct sctp_af *af)
@@ -89963,7 +88690,7 @@ index f898b1c..a2d0fe8 100644
  
  static int sctp_v4_protosw_init(void)
 diff --git a/net/sctp/sm_sideeffect.c b/net/sctp/sm_sideeffect.c
-index c957775..6d4593a 100644
+index 8aab894..f6b7e7d 100644
 --- a/net/sctp/sm_sideeffect.c
 +++ b/net/sctp/sm_sideeffect.c
 @@ -447,7 +447,7 @@ static void sctp_generate_sack_event(unsigned long data)
@@ -89976,7 +88703,7 @@ index c957775..6d4593a 100644
  	sctp_generate_t1_cookie_event,
  	sctp_generate_t1_init_event,
 diff --git a/net/sctp/socket.c b/net/sctp/socket.c
-index 9ef5c73..1e9a9a9 100644
+index b907073..57fef6c 100644
 --- a/net/sctp/socket.c
 +++ b/net/sctp/socket.c
 @@ -2166,11 +2166,13 @@ static int sctp_setsockopt_events(struct sock *sk, char __user *optval,
@@ -90057,46 +88784,6 @@ index 9ef5c73..1e9a9a9 100644
  		if (copy_to_user(to, &temp, addrlen))
  			return -EFAULT;
  		to += addrlen;
-diff --git a/net/sctp/ssnmap.c b/net/sctp/ssnmap.c
-index 442ad4e..825ea94 100644
---- a/net/sctp/ssnmap.c
-+++ b/net/sctp/ssnmap.c
-@@ -41,8 +41,6 @@
- #include <net/sctp/sctp.h>
- #include <net/sctp/sm.h>
- 
--#define MAX_KMALLOC_SIZE	131072
--
- static struct sctp_ssnmap *sctp_ssnmap_init(struct sctp_ssnmap *map, __u16 in,
- 					    __u16 out);
- 
-@@ -65,7 +63,7 @@ struct sctp_ssnmap *sctp_ssnmap_new(__u16 in, __u16 out,
- 	int size;
- 
- 	size = sctp_ssnmap_size(in, out);
--	if (size <= MAX_KMALLOC_SIZE)
-+	if (size <= KMALLOC_MAX_SIZE)
- 		retval = kmalloc(size, gfp);
- 	else
- 		retval = (struct sctp_ssnmap *)
-@@ -82,7 +80,7 @@ struct sctp_ssnmap *sctp_ssnmap_new(__u16 in, __u16 out,
- 	return retval;
- 
- fail_map:
--	if (size <= MAX_KMALLOC_SIZE)
-+	if (size <= KMALLOC_MAX_SIZE)
- 		kfree(retval);
- 	else
- 		free_pages((unsigned long)retval, get_order(size));
-@@ -124,7 +122,7 @@ void sctp_ssnmap_free(struct sctp_ssnmap *map)
- 		int size;
- 
- 		size = sctp_ssnmap_size(map->in.len, map->out.len);
--		if (size <= MAX_KMALLOC_SIZE)
-+		if (size <= KMALLOC_MAX_SIZE)
- 			kfree(map);
- 		else
- 			free_pages((unsigned long)map, get_order(size));
 diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c
 index bf3c6e8..376d8d0 100644
 --- a/net/sctp/sysctl.c
@@ -90120,10 +88807,10 @@ index bf3c6e8..376d8d0 100644
  
  	table = kmemdup(sctp_net_table, sizeof(sctp_net_table), GFP_KERNEL);
 diff --git a/net/socket.c b/net/socket.c
-index 2ca51c7..ee5feb5 100644
+index 88f759a..c6933de 100644
 --- a/net/socket.c
 +++ b/net/socket.c
-@@ -89,6 +89,7 @@
+@@ -88,6 +88,7 @@
  #include <linux/magic.h>
  #include <linux/slab.h>
  #include <linux/xattr.h>
@@ -90131,7 +88818,7 @@ index 2ca51c7..ee5feb5 100644
  
  #include <asm/uaccess.h>
  #include <asm/unistd.h>
-@@ -106,6 +107,8 @@
+@@ -105,6 +106,8 @@
  #include <linux/sockios.h>
  #include <linux/atalk.h>
  
@@ -90140,7 +88827,7 @@ index 2ca51c7..ee5feb5 100644
  static int sock_no_open(struct inode *irrelevant, struct file *dontcare);
  static ssize_t sock_aio_read(struct kiocb *iocb, const struct iovec *iov,
  			 unsigned long nr_segs, loff_t pos);
-@@ -322,7 +325,7 @@ static struct dentry *sockfs_mount(struct file_system_type *fs_type,
+@@ -321,7 +324,7 @@ static struct dentry *sockfs_mount(struct file_system_type *fs_type,
  		&sockfs_dentry_operations, SOCKFS_MAGIC);
  }
  
@@ -90149,7 +88836,7 @@ index 2ca51c7..ee5feb5 100644
  
  static struct file_system_type sock_fs_type = {
  	.name =		"sockfs",
-@@ -1270,6 +1273,8 @@ int __sock_create(struct net *net, int family, int type, int protocol,
+@@ -1268,6 +1271,8 @@ int __sock_create(struct net *net, int family, int type, int protocol,
  		return -EAFNOSUPPORT;
  	if (type < 0 || type >= SOCK_MAX)
  		return -EINVAL;
@@ -90158,7 +88845,7 @@ index 2ca51c7..ee5feb5 100644
  
  	/* Compatibility.
  
-@@ -1401,6 +1406,16 @@ SYSCALL_DEFINE3(socket, int, family, int, type, int, protocol)
+@@ -1399,6 +1404,16 @@ SYSCALL_DEFINE3(socket, int, family, int, type, int, protocol)
  	if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
  		flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
  
@@ -90175,7 +88862,7 @@ index 2ca51c7..ee5feb5 100644
  	retval = sock_create(family, type, protocol, &sock);
  	if (retval < 0)
  		goto out;
-@@ -1528,6 +1543,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen)
+@@ -1526,6 +1541,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen)
  	if (sock) {
  		err = move_addr_to_kernel(umyaddr, addrlen, &address);
  		if (err >= 0) {
@@ -90190,7 +88877,7 @@ index 2ca51c7..ee5feb5 100644
  			err = security_socket_bind(sock,
  						   (struct sockaddr *)&address,
  						   addrlen);
-@@ -1536,6 +1559,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen)
+@@ -1534,6 +1557,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen)
  						      (struct sockaddr *)
  						      &address, addrlen);
  		}
@@ -90198,7 +88885,7 @@ index 2ca51c7..ee5feb5 100644
  		fput_light(sock->file, fput_needed);
  	}
  	return err;
-@@ -1559,10 +1583,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, backlog)
+@@ -1557,10 +1581,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, backlog)
  		if ((unsigned int)backlog > somaxconn)
  			backlog = somaxconn;
  
@@ -90219,7 +88906,7 @@ index 2ca51c7..ee5feb5 100644
  		fput_light(sock->file, fput_needed);
  	}
  	return err;
-@@ -1606,6 +1640,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr,
+@@ -1604,6 +1638,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr,
  	newsock->type = sock->type;
  	newsock->ops = sock->ops;
  
@@ -90238,7 +88925,7 @@ index 2ca51c7..ee5feb5 100644
  	/*
  	 * We don't need try_module_get here, as the listening socket (sock)
  	 * has the protocol module (sock->ops->owner) held.
-@@ -1651,6 +1697,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr,
+@@ -1649,6 +1695,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr,
  	fd_install(newfd, newfile);
  	err = newfd;
  
@@ -90247,7 +88934,7 @@ index 2ca51c7..ee5feb5 100644
  out_put:
  	fput_light(sock->file, fput_needed);
  out:
-@@ -1683,6 +1731,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr,
+@@ -1681,6 +1729,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr,
  		int, addrlen)
  {
  	struct socket *sock;
@@ -90255,7 +88942,7 @@ index 2ca51c7..ee5feb5 100644
  	struct sockaddr_storage address;
  	int err, fput_needed;
  
-@@ -1693,6 +1742,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr,
+@@ -1691,6 +1740,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr,
  	if (err < 0)
  		goto out_put;
  
@@ -90273,7 +88960,7 @@ index 2ca51c7..ee5feb5 100644
  	err =
  	    security_socket_connect(sock, (struct sockaddr *)&address, addrlen);
  	if (err)
-@@ -1774,6 +1834,8 @@ SYSCALL_DEFINE3(getpeername, int, fd, struct sockaddr __user *, usockaddr,
+@@ -1772,6 +1832,8 @@ SYSCALL_DEFINE3(getpeername, int, fd, struct sockaddr __user *, usockaddr,
   *	the protocol.
   */
  
@@ -90282,7 +88969,7 @@ index 2ca51c7..ee5feb5 100644
  SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len,
  		unsigned int, flags, struct sockaddr __user *, addr,
  		int, addr_len)
-@@ -1840,7 +1902,7 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size,
+@@ -1838,7 +1900,7 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size,
  	struct socket *sock;
  	struct iovec iov;
  	struct msghdr msg;
@@ -90291,7 +88978,7 @@ index 2ca51c7..ee5feb5 100644
  	int err, err2;
  	int fput_needed;
  
-@@ -2047,7 +2109,7 @@ static int __sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
+@@ -2045,7 +2107,7 @@ static int __sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
  		 * checking falls down on this.
  		 */
  		if (copy_from_user(ctl_buf,
@@ -90300,7 +88987,7 @@ index 2ca51c7..ee5feb5 100644
  				   ctl_len))
  			goto out_freectl;
  		msg_sys->msg_control = ctl_buf;
-@@ -2187,7 +2249,7 @@ static int __sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
+@@ -2185,7 +2247,7 @@ static int __sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
  	int err, total_len, len;
  
  	/* kernel mode address */
@@ -90309,7 +88996,7 @@ index 2ca51c7..ee5feb5 100644
  
  	/* user mode address pointers */
  	struct sockaddr __user *uaddr;
-@@ -2215,7 +2277,7 @@ static int __sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
+@@ -2213,7 +2275,7 @@ static int __sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
  	 *      kernel msghdr to use the kernel address space)
  	 */
  
@@ -90318,50 +89005,7 @@ index 2ca51c7..ee5feb5 100644
  	uaddr_len = COMPAT_NAMELEN(msg);
  	if (MSG_CMSG_COMPAT & flags) {
  		err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE);
-@@ -2838,7 +2900,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
- 	}
- 
- 	ifr = compat_alloc_user_space(buf_size);
--	rxnfc = (void *)ifr + ALIGN(sizeof(struct ifreq), 8);
-+	rxnfc = (void __user *)ifr + ALIGN(sizeof(struct ifreq), 8);
- 
- 	if (copy_in_user(&ifr->ifr_name, &ifr32->ifr_name, IFNAMSIZ))
- 		return -EFAULT;
-@@ -2862,12 +2924,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
- 			offsetof(struct ethtool_rxnfc, fs.ring_cookie));
- 
- 		if (copy_in_user(rxnfc, compat_rxnfc,
--				 (void *)(&rxnfc->fs.m_ext + 1) -
--				 (void *)rxnfc) ||
-+				 (void __user *)(&rxnfc->fs.m_ext + 1) -
-+				 (void __user *)rxnfc) ||
- 		    copy_in_user(&rxnfc->fs.ring_cookie,
- 				 &compat_rxnfc->fs.ring_cookie,
--				 (void *)(&rxnfc->fs.location + 1) -
--				 (void *)&rxnfc->fs.ring_cookie) ||
-+				 (void __user *)(&rxnfc->fs.location + 1) -
-+				 (void __user *)&rxnfc->fs.ring_cookie) ||
- 		    copy_in_user(&rxnfc->rule_cnt, &compat_rxnfc->rule_cnt,
- 				 sizeof(rxnfc->rule_cnt)))
- 			return -EFAULT;
-@@ -2879,12 +2941,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
- 
- 	if (convert_out) {
- 		if (copy_in_user(compat_rxnfc, rxnfc,
--				 (const void *)(&rxnfc->fs.m_ext + 1) -
--				 (const void *)rxnfc) ||
-+				 (const void __user *)(&rxnfc->fs.m_ext + 1) -
-+				 (const void __user *)rxnfc) ||
- 		    copy_in_user(&compat_rxnfc->fs.ring_cookie,
- 				 &rxnfc->fs.ring_cookie,
--				 (const void *)(&rxnfc->fs.location + 1) -
--				 (const void *)&rxnfc->fs.ring_cookie) ||
-+				 (const void __user *)(&rxnfc->fs.location + 1) -
-+				 (const void __user *)&rxnfc->fs.ring_cookie) ||
- 		    copy_in_user(&compat_rxnfc->rule_cnt, &rxnfc->rule_cnt,
- 				 sizeof(rxnfc->rule_cnt)))
- 			return -EFAULT;
-@@ -2954,7 +3016,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd,
+@@ -2952,7 +3014,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd,
  		old_fs = get_fs();
  		set_fs(KERNEL_DS);
  		err = dev_ioctl(net, cmd,
@@ -90370,7 +89014,7 @@ index 2ca51c7..ee5feb5 100644
  		set_fs(old_fs);
  
  		return err;
-@@ -3063,7 +3125,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
+@@ -3061,7 +3123,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
  
  	old_fs = get_fs();
  	set_fs(KERNEL_DS);
@@ -90379,7 +89023,7 @@ index 2ca51c7..ee5feb5 100644
  	set_fs(old_fs);
  
  	if (cmd == SIOCGIFMAP && !err) {
-@@ -3168,7 +3230,7 @@ static int routing_ioctl(struct net *net, struct socket *sock,
+@@ -3166,7 +3228,7 @@ static int routing_ioctl(struct net *net, struct socket *sock,
  		ret |= __get_user(rtdev, &(ur4->rt_dev));
  		if (rtdev) {
  			ret |= copy_from_user(devname, compat_ptr(rtdev), 15);
@@ -90388,7 +89032,7 @@ index 2ca51c7..ee5feb5 100644
  			devname[15] = 0;
  		} else
  			r4.rt_dev = NULL;
-@@ -3394,8 +3456,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname,
+@@ -3392,8 +3454,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname,
  	int __user *uoptlen;
  	int err;
  
@@ -90399,7 +89043,7 @@ index 2ca51c7..ee5feb5 100644
  
  	set_fs(KERNEL_DS);
  	if (level == SOL_SOCKET)
-@@ -3415,7 +3477,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname,
+@@ -3413,7 +3475,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname,
  	char __user *uoptval;
  	int err;
  
@@ -90409,34 +89053,10 @@ index 2ca51c7..ee5feb5 100644
  	set_fs(KERNEL_DS);
  	if (level == SOL_SOCKET)
 diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c
-index 716aa41..75e88ea 100644
+index d5f35f1..da2680b5 100644
 --- a/net/sunrpc/clnt.c
 +++ b/net/sunrpc/clnt.c
-@@ -303,10 +303,8 @@ static struct rpc_clnt * rpc_new_client(const struct rpc_create_args *args, stru
- 	err = rpciod_up();
- 	if (err)
- 		goto out_no_rpciod;
-+
- 	err = -EINVAL;
--	if (!xprt)
--		goto out_no_xprt;
--
- 	if (args->version >= program->nrvers)
- 		goto out_err;
- 	version = program->version[args->version];
-@@ -381,10 +379,9 @@ out_no_principal:
- out_no_stats:
- 	kfree(clnt);
- out_err:
--	xprt_put(xprt);
--out_no_xprt:
- 	rpciod_down();
- out_no_rpciod:
-+	xprt_put(xprt);
- 	return ERR_PTR(err);
- }
- 
-@@ -1270,7 +1267,9 @@ call_start(struct rpc_task *task)
+@@ -1283,7 +1283,9 @@ call_start(struct rpc_task *task)
  			(RPC_IS_ASYNC(task) ? "async" : "sync"));
  
  	/* Increment call count */
@@ -90464,10 +89084,10 @@ index f8529fc..ce8c643 100644
  #else
  static inline void rpc_task_set_debuginfo(struct rpc_task *task)
 diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c
-index 2d34b6b..e2d584d 100644
+index 89a588b..ba2cef8 100644
 --- a/net/sunrpc/svc.c
 +++ b/net/sunrpc/svc.c
-@@ -1156,7 +1156,9 @@ svc_process_common(struct svc_rqst *rqstp, struct kvec *argv, struct kvec *resv)
+@@ -1160,7 +1160,9 @@ svc_process_common(struct svc_rqst *rqstp, struct kvec *argv, struct kvec *resv)
  	svc_putnl(resv, RPC_SUCCESS);
  
  	/* Bump per-procedure stats counter */
@@ -90696,7 +89316,7 @@ index 9bc6db0..47ac8c0 100644
  		int mode = (table->mode >> 6) & 7;
  		return (mode << 6) | (mode << 3) | mode;
 diff --git a/net/tipc/link.c b/net/tipc/link.c
-index daa6080..02d357f 100644
+index daa6080..2bbbe70 100644
 --- a/net/tipc/link.c
 +++ b/net/tipc/link.c
 @@ -1201,7 +1201,7 @@ static int link_send_sections_long(struct tipc_port *sender,
@@ -90726,6 +89346,38 @@ index daa6080..02d357f 100644
  		sect_crs += sz;
  		sect_rest -= sz;
  		fragm_crs += sz;
+@@ -2306,8 +2306,11 @@ static int link_recv_changeover_msg(struct tipc_link **l_ptr,
+ 	struct tipc_msg *tunnel_msg = buf_msg(tunnel_buf);
+ 	u32 msg_typ = msg_type(tunnel_msg);
+ 	u32 msg_count = msg_msgcnt(tunnel_msg);
++	u32 bearer_id = msg_bearer_id(tunnel_msg);
+ 
+-	dest_link = (*l_ptr)->owner->links[msg_bearer_id(tunnel_msg)];
++	if (bearer_id >= MAX_BEARERS)
++		goto exit;
++	dest_link = (*l_ptr)->owner->links[bearer_id];
+ 	if (!dest_link)
+ 		goto exit;
+ 	if (dest_link == *l_ptr) {
+@@ -2521,14 +2524,16 @@ int tipc_link_recv_fragment(struct sk_buff **pending, struct sk_buff **fb,
+ 		struct tipc_msg *imsg = (struct tipc_msg *)msg_data(fragm);
+ 		u32 msg_sz = msg_size(imsg);
+ 		u32 fragm_sz = msg_data_sz(fragm);
+-		u32 exp_fragm_cnt = msg_sz/fragm_sz + !!(msg_sz % fragm_sz);
++		u32 exp_fragm_cnt;
+ 		u32 max =  TIPC_MAX_USER_MSG_SIZE + NAMED_H_SIZE;
++
+ 		if (msg_type(imsg) == TIPC_MCAST_MSG)
+ 			max = TIPC_MAX_USER_MSG_SIZE + MCAST_H_SIZE;
+-		if (msg_size(imsg) > max) {
++		if (fragm_sz == 0 || msg_size(imsg) > max) {
+ 			kfree_skb(fbuf);
+ 			return 0;
+ 		}
++		exp_fragm_cnt = msg_sz / fragm_sz + !!(msg_sz % fragm_sz);
+ 		pbuf = tipc_buf_acquire(msg_size(imsg));
+ 		if (pbuf != NULL) {
+ 			pbuf->next = *pending;
 diff --git a/net/tipc/msg.c b/net/tipc/msg.c
 index f2db8a8..9245aa4 100644
 --- a/net/tipc/msg.c
@@ -90753,10 +89405,10 @@ index 6b42d47..2ac24d5 100644
  
  	sub->evt.event = htohl(event, sub->swap);
 diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
-index f347754..bb4b223 100644
+index 2db702d..09a77488 100644
 --- a/net/unix/af_unix.c
 +++ b/net/unix/af_unix.c
-@@ -785,6 +785,12 @@ static struct sock *unix_find_other(struct net *net,
+@@ -783,6 +783,12 @@ static struct sock *unix_find_other(struct net *net,
  		err = -ECONNREFUSED;
  		if (!S_ISSOCK(inode->i_mode))
  			goto put_fail;
@@ -90769,7 +89421,7 @@ index f347754..bb4b223 100644
  		u = unix_find_socket_byinode(inode);
  		if (!u)
  			goto put_fail;
-@@ -805,6 +811,13 @@ static struct sock *unix_find_other(struct net *net,
+@@ -803,6 +809,13 @@ static struct sock *unix_find_other(struct net *net,
  		if (u) {
  			struct dentry *dentry;
  			dentry = unix_sk(u)->path.dentry;
@@ -90783,7 +89435,7 @@ index f347754..bb4b223 100644
  			if (dentry)
  				touch_atime(&unix_sk(u)->path);
  		} else
-@@ -838,12 +851,18 @@ static int unix_mknod(const char *sun_path, umode_t mode, struct path *res)
+@@ -836,12 +849,18 @@ static int unix_mknod(const char *sun_path, umode_t mode, struct path *res)
  	 */
  	err = security_path_mknod(&path, dentry, mode, 0);
  	if (!err) {
@@ -90802,7 +89454,7 @@ index f347754..bb4b223 100644
  	done_path_create(&path, dentry);
  	return err;
  }
-@@ -2325,9 +2344,13 @@ static int unix_seq_show(struct seq_file *seq, void *v)
+@@ -2323,9 +2342,13 @@ static int unix_seq_show(struct seq_file *seq, void *v)
  		seq_puts(seq, "Num       RefCount Protocol Flags    Type St "
  			 "Inode Path\n");
  	else {
@@ -90817,7 +89469,7 @@ index f347754..bb4b223 100644
  
  		seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu",
  			s,
-@@ -2354,8 +2377,10 @@ static int unix_seq_show(struct seq_file *seq, void *v)
+@@ -2352,8 +2375,10 @@ static int unix_seq_show(struct seq_file *seq, void *v)
  			}
  			for ( ; i < len; i++)
  				seq_putc(seq, u->addr->name->sun_path[i]);
@@ -90843,20 +89495,6 @@ index 8800604..0526440 100644
  
  	table = kmemdup(unix_table, sizeof(unix_table), GFP_KERNEL);
  	if (table == NULL)
-diff --git a/net/wireless/trace.h b/net/wireless/trace.h
-index 2134576..5d71a5a 100644
---- a/net/wireless/trace.h
-+++ b/net/wireless/trace.h
-@@ -27,7 +27,8 @@
- #define WIPHY_PR_ARG	__entry->wiphy_name
- 
- #define WDEV_ENTRY	__field(u32, id)
--#define WDEV_ASSIGN	(__entry->id) = (wdev ? wdev->identifier : 0)
-+#define WDEV_ASSIGN	(__entry->id) = (!IS_ERR_OR_NULL(wdev)	\
-+					 ? wdev->identifier : 0)
- #define WDEV_PR_FMT	"wdev(%u)"
- #define WDEV_PR_ARG	(__entry->id)
- 
 diff --git a/net/wireless/wext-core.c b/net/wireless/wext-core.c
 index c8717c1..08539f5 100644
 --- a/net/wireless/wext-core.c
@@ -90895,28 +89533,28 @@ index c8717c1..08539f5 100644
  
  	iwp->length += essid_compat;
 diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
-index 07c5857..fde4018 100644
+index 167c67d..3f2ae427 100644
 --- a/net/xfrm/xfrm_policy.c
 +++ b/net/xfrm/xfrm_policy.c
-@@ -317,7 +317,7 @@ static void xfrm_policy_kill(struct xfrm_policy *policy)
+@@ -334,7 +334,7 @@ static void xfrm_policy_kill(struct xfrm_policy *policy)
  {
  	policy->walk.dead = 1;
  
 -	atomic_inc(&policy->genid);
 +	atomic_inc_unchecked(&policy->genid);
  
- 	if (del_timer(&policy->timer))
- 		xfrm_pol_put(policy);
-@@ -601,7 +601,7 @@ int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl)
+ 	del_timer(&policy->polq.hold_timer);
+ 	xfrm_queue_purge(&policy->polq.hold_queue);
+@@ -659,7 +659,7 @@ int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl)
  		hlist_add_head(&policy->bydst, chain);
  	xfrm_pol_hold(policy);
  	net->xfrm.policy_count[dir]++;
 -	atomic_inc(&flow_cache_genid);
 +	atomic_inc_unchecked(&flow_cache_genid);
  	rt_genid_bump(net);
- 	if (delpol)
- 		__xfrm_policy_unlink(delpol, dir);
-@@ -1550,7 +1550,7 @@ free_dst:
+ 	if (delpol) {
+ 		xfrm_policy_requeue(delpol, policy);
+@@ -1611,7 +1611,7 @@ free_dst:
  	goto out;
  }
  
@@ -90925,7 +89563,7 @@ index 07c5857..fde4018 100644
  xfrm_dst_alloc_copy(void **target, const void *src, int size)
  {
  	if (!*target) {
-@@ -1562,7 +1562,7 @@ xfrm_dst_alloc_copy(void **target, const void *src, int size)
+@@ -1623,7 +1623,7 @@ xfrm_dst_alloc_copy(void **target, const void *src, int size)
  	return 0;
  }
  
@@ -90934,7 +89572,7 @@ index 07c5857..fde4018 100644
  xfrm_dst_update_parent(struct dst_entry *dst, const struct xfrm_selector *sel)
  {
  #ifdef CONFIG_XFRM_SUB_POLICY
-@@ -1574,7 +1574,7 @@ xfrm_dst_update_parent(struct dst_entry *dst, const struct xfrm_selector *sel)
+@@ -1635,7 +1635,7 @@ xfrm_dst_update_parent(struct dst_entry *dst, const struct xfrm_selector *sel)
  #endif
  }
  
@@ -90943,7 +89581,7 @@ index 07c5857..fde4018 100644
  xfrm_dst_update_origin(struct dst_entry *dst, const struct flowi *fl)
  {
  #ifdef CONFIG_XFRM_SUB_POLICY
-@@ -1668,7 +1668,7 @@ xfrm_resolve_and_create_bundle(struct xfrm_policy **pols, int num_pols,
+@@ -1729,7 +1729,7 @@ xfrm_resolve_and_create_bundle(struct xfrm_policy **pols, int num_pols,
  
  	xdst->num_pols = num_pols;
  	memcpy(xdst->pols, pols, sizeof(struct xfrm_policy*) * num_pols);
@@ -90952,7 +89590,7 @@ index 07c5857..fde4018 100644
  
  	return xdst;
  }
-@@ -2369,7 +2369,7 @@ static int xfrm_bundle_ok(struct xfrm_dst *first)
+@@ -2598,7 +2598,7 @@ static int xfrm_bundle_ok(struct xfrm_dst *first)
  		if (xdst->xfrm_genid != dst->xfrm->genid)
  			return 0;
  		if (xdst->num_pols > 0 &&
@@ -90961,7 +89599,7 @@ index 07c5857..fde4018 100644
  			return 0;
  
  		mtu = dst_mtu(dst->child);
-@@ -2457,8 +2457,11 @@ int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo)
+@@ -2686,8 +2686,11 @@ int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo)
  			dst_ops->link_failure = xfrm_link_failure;
  		if (likely(dst_ops->neigh_lookup == NULL))
  			dst_ops->neigh_lookup = xfrm_neigh_lookup;
@@ -90975,7 +89613,7 @@ index 07c5857..fde4018 100644
  		rcu_assign_pointer(xfrm_policy_afinfo[afinfo->family], afinfo);
  	}
  	spin_unlock(&xfrm_policy_afinfo_lock);
-@@ -2512,7 +2515,9 @@ int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo)
+@@ -2741,7 +2744,9 @@ int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo)
  		dst_ops->check = NULL;
  		dst_ops->negative_advice = NULL;
  		dst_ops->link_failure = NULL;
@@ -90986,7 +89624,7 @@ index 07c5857..fde4018 100644
  	}
  	return err;
  }
-@@ -2896,7 +2901,7 @@ static int xfrm_policy_migrate(struct xfrm_policy *pol,
+@@ -3124,7 +3129,7 @@ static int xfrm_policy_migrate(struct xfrm_policy *pol,
  			       sizeof(pol->xfrm_vec[i].saddr));
  			pol->xfrm_vec[i].encap_family = mp->new_family;
  			/* flush bundles */
@@ -90996,15 +89634,16 @@ index 07c5857..fde4018 100644
  	}
  
 diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
-index 3459692..e7cdb1a 100644
+index 2c341bd..4404211 100644
 --- a/net/xfrm/xfrm_state.c
 +++ b/net/xfrm/xfrm_state.c
-@@ -194,11 +194,13 @@ int xfrm_register_type(const struct xfrm_type *type, unsigned short family)
+@@ -177,12 +177,14 @@ int xfrm_register_type(const struct xfrm_type *type, unsigned short family)
  
  	if (unlikely(afinfo == NULL))
  		return -EAFNOSUPPORT;
 -	typemap = afinfo->type_map;
 +	typemap = (const struct xfrm_type **)afinfo->type_map;
+ 	spin_lock_bh(&xfrm_type_lock);
  
 -	if (likely(typemap[type->proto] == NULL))
 +	if (likely(typemap[type->proto] == NULL)) {
@@ -91014,14 +89653,15 @@ index 3459692..e7cdb1a 100644
 +		pax_close_kernel();
 +	} else
  		err = -EEXIST;
- 	xfrm_state_unlock_afinfo(afinfo);
- 	return err;
-@@ -213,12 +215,15 @@ int xfrm_unregister_type(const struct xfrm_type *type, unsigned short family)
+ 	spin_unlock_bh(&xfrm_type_lock);
+ 	xfrm_state_put_afinfo(afinfo);
+@@ -198,13 +200,16 @@ int xfrm_unregister_type(const struct xfrm_type *type, unsigned short family)
  
  	if (unlikely(afinfo == NULL))
  		return -EAFNOSUPPORT;
 -	typemap = afinfo->type_map;
 +	typemap = (const struct xfrm_type **)afinfo->type_map;
+ 	spin_lock_bh(&xfrm_type_lock);
  
  	if (unlikely(typemap[type->proto] != type))
  		err = -ENOENT;
@@ -91031,10 +89671,10 @@ index 3459692..e7cdb1a 100644
  		typemap[type->proto] = NULL;
 +		pax_close_kernel();
 +	}
- 	xfrm_state_unlock_afinfo(afinfo);
+ 	spin_unlock_bh(&xfrm_type_lock);
+ 	xfrm_state_put_afinfo(afinfo);
  	return err;
- }
-@@ -227,7 +232,6 @@ EXPORT_SYMBOL(xfrm_unregister_type);
+@@ -214,7 +219,6 @@ EXPORT_SYMBOL(xfrm_unregister_type);
  static const struct xfrm_type *xfrm_get_type(u8 proto, unsigned short family)
  {
  	struct xfrm_state_afinfo *afinfo;
@@ -91042,7 +89682,7 @@ index 3459692..e7cdb1a 100644
  	const struct xfrm_type *type;
  	int modload_attempted = 0;
  
-@@ -235,9 +239,8 @@ retry:
+@@ -222,9 +226,8 @@ retry:
  	afinfo = xfrm_state_get_afinfo(family);
  	if (unlikely(afinfo == NULL))
  		return NULL;
@@ -91053,16 +89693,16 @@ index 3459692..e7cdb1a 100644
  	if (unlikely(type && !try_module_get(type->owner)))
  		type = NULL;
  	if (!type && !modload_attempted) {
-@@ -270,7 +273,7 @@ int xfrm_register_mode(struct xfrm_mode *mode, int family)
+@@ -258,7 +261,7 @@ int xfrm_register_mode(struct xfrm_mode *mode, int family)
  		return -EAFNOSUPPORT;
  
  	err = -EEXIST;
 -	modemap = afinfo->mode_map;
 +	modemap = (struct xfrm_mode **)afinfo->mode_map;
+ 	spin_lock_bh(&xfrm_mode_lock);
  	if (modemap[mode->encap])
  		goto out;
- 
-@@ -278,8 +281,10 @@ int xfrm_register_mode(struct xfrm_mode *mode, int family)
+@@ -267,8 +270,10 @@ int xfrm_register_mode(struct xfrm_mode *mode, int family)
  	if (!try_module_get(afinfo->owner))
  		goto out;
  
@@ -91074,12 +89714,13 @@ index 3459692..e7cdb1a 100644
  	err = 0;
  
  out:
-@@ -302,9 +307,11 @@ int xfrm_unregister_mode(struct xfrm_mode *mode, int family)
+@@ -292,10 +297,12 @@ int xfrm_unregister_mode(struct xfrm_mode *mode, int family)
  		return -EAFNOSUPPORT;
  
  	err = -ENOENT;
 -	modemap = afinfo->mode_map;
 +	modemap = (struct xfrm_mode **)afinfo->mode_map;
+ 	spin_lock_bh(&xfrm_mode_lock);
  	if (likely(modemap[mode->encap] == mode)) {
 +		pax_open_kernel();
  		modemap[mode->encap] = NULL;
@@ -91199,7 +89840,7 @@ index 1ac414f..38575f7 100644
 +	   $(host-cxxmulti) $(host-cxxobjs) $(host-cshlib) $(host-cshobjs) $(host-cxxshlib) $(host-cxxshobjs)
  
 diff --git a/scripts/basic/fixdep.c b/scripts/basic/fixdep.c
-index cb1f50c..cef2a7c 100644
+index 7f6425e..9864506 100644
 --- a/scripts/basic/fixdep.c
 +++ b/scripts/basic/fixdep.c
 @@ -161,7 +161,7 @@ static unsigned int strhash(const char *str, unsigned int sz)
@@ -91244,7 +89885,7 @@ index cb1f50c..cef2a7c 100644
 +	unsigned int *p = (unsigned int *)test;
  
  	if (*p != INT_CONF) {
- 		fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianess? %#x\n",
+ 		fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianness? %#x\n",
 diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh
 new file mode 100644
 index 0000000..5e0222d
@@ -91281,10 +89922,10 @@ index 581ca99..a6ff02e 100644
  		$line =~ s/\s__attribute_const__$//g;
  		$line =~ s/\b__packed\b/__attribute__((packed))/g;
 diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh
-index b3d907e..a4782ab 100644
+index 3d569d6..0c09522 100644
 --- a/scripts/link-vmlinux.sh
 +++ b/scripts/link-vmlinux.sh
-@@ -152,7 +152,7 @@ else
+@@ -159,7 +159,7 @@ else
  fi;
  
  # final build of init/
@@ -91294,10 +89935,10 @@ index b3d907e..a4782ab 100644
  kallsymso=""
  kallsyms_vmlinux=""
 diff --git a/scripts/mod/file2alias.c b/scripts/mod/file2alias.c
-index df4fc23..0ea719d 100644
+index 771ac17..9f0d3ee 100644
 --- a/scripts/mod/file2alias.c
 +++ b/scripts/mod/file2alias.c
-@@ -128,7 +128,7 @@ static void device_id_check(const char *modname, const char *device_id,
+@@ -140,7 +140,7 @@ static void device_id_check(const char *modname, const char *device_id,
  			    unsigned long size, unsigned long id_size,
  			    void *symval)
  {
@@ -91305,66 +89946,66 @@ index df4fc23..0ea719d 100644
 +	unsigned int i;
  
  	if (size % id_size || size < id_size) {
- 		if (cross_build != 0)
-@@ -158,7 +158,7 @@ static void device_id_check(const char *modname, const char *device_id,
+ 		fatal("%s: sizeof(struct %s_device_id)=%lu is not a modulo "
+@@ -168,7 +168,7 @@ static void device_id_check(const char *modname, const char *device_id,
  /* USB is special because the bcdDevice can be matched against a numeric range */
  /* Looks like "usb:vNpNdNdcNdscNdpNicNiscNipNinN" */
- static void do_usb_entry(struct usb_device_id *id,
+ static void do_usb_entry(void *symval,
 -			 unsigned int bcdDevice_initial, int bcdDevice_initial_digits,
 +			 unsigned int bcdDevice_initial, unsigned int bcdDevice_initial_digits,
  			 unsigned char range_lo, unsigned char range_hi,
  			 unsigned char max, struct module *mod)
  {
-@@ -262,7 +262,7 @@ static void do_usb_entry_multi(struct usb_device_id *id, struct module *mod)
+@@ -278,7 +278,7 @@ static void do_usb_entry_multi(void *symval, struct module *mod)
  {
  	unsigned int devlo, devhi;
  	unsigned char chi, clo, max;
 -	int ndigits;
 +	unsigned int ndigits;
  
- 	id->match_flags = TO_NATIVE(id->match_flags);
- 	id->idVendor = TO_NATIVE(id->idVendor);
-@@ -507,7 +507,7 @@ static void do_pnp_device_entry(void *symval, unsigned long size,
+ 	DEF_FIELD(symval, usb_device_id, match_flags);
+ 	DEF_FIELD(symval, usb_device_id, idVendor);
+@@ -531,7 +531,7 @@ static void do_pnp_device_entry(void *symval, unsigned long size,
  	for (i = 0; i < count; i++) {
- 		const char *id = (char *)devs[i].id;
- 		char acpi_id[sizeof(devs[0].id)];
+ 		DEF_FIELD_ADDR(symval + i*id_size, pnp_device_id, id);
+ 		char acpi_id[sizeof(*id)];
 -		int j;
 +		unsigned int j;
  
  		buf_printf(&mod->dev_table_buf,
- 			   "MODULE_ALIAS(\"pnp:d%s*\");\n", id);
-@@ -537,7 +537,7 @@ static void do_pnp_card_entries(void *symval, unsigned long size,
+ 			   "MODULE_ALIAS(\"pnp:d%s*\");\n", *id);
+@@ -560,7 +560,7 @@ static void do_pnp_card_entries(void *symval, unsigned long size,
  
  		for (j = 0; j < PNP_MAX_DEVICES; j++) {
- 			const char *id = (char *)card->devs[j].id;
+ 			const char *id = (char *)(*devs)[j].id;
 -			int i2, j2;
 +			unsigned int i2, j2;
  			int dup = 0;
  
  			if (!id[0])
-@@ -563,7 +563,7 @@ static void do_pnp_card_entries(void *symval, unsigned long size,
+@@ -586,7 +586,7 @@ static void do_pnp_card_entries(void *symval, unsigned long size,
  			/* add an individual alias for every device entry */
  			if (!dup) {
- 				char acpi_id[sizeof(card->devs[0].id)];
+ 				char acpi_id[PNP_ID_LEN];
 -				int k;
 +				unsigned int k;
  
  				buf_printf(&mod->dev_table_buf,
  					   "MODULE_ALIAS(\"pnp:d%s*\");\n", id);
-@@ -888,7 +888,7 @@ static void dmi_ascii_filter(char *d, const char *s)
- static int do_dmi_entry(const char *filename, struct dmi_system_id *id,
+@@ -938,7 +938,7 @@ static void dmi_ascii_filter(char *d, const char *s)
+ static int do_dmi_entry(const char *filename, void *symval,
  			char *alias)
  {
 -	int i, j;
 +	unsigned int i, j;
- 
+ 	DEF_FIELD_ADDR(symval, dmi_system_id, matches);
  	sprintf(alias, "dmi*");
  
 diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
-index ff36c50..7ab4fa9 100644
+index 78b30c1..536850d 100644
 --- a/scripts/mod/modpost.c
 +++ b/scripts/mod/modpost.c
-@@ -929,6 +929,7 @@ enum mismatch {
+@@ -931,6 +931,7 @@ enum mismatch {
  	ANY_INIT_TO_ANY_EXIT,
  	ANY_EXIT_TO_ANY_INIT,
  	EXPORT_TO_INIT_EXIT,
@@ -91372,7 +90013,7 @@ index ff36c50..7ab4fa9 100644
  };
  
  struct sectioncheck {
-@@ -1043,6 +1044,12 @@ const struct sectioncheck sectioncheck[] = {
+@@ -1045,6 +1046,12 @@ const struct sectioncheck sectioncheck[] = {
  	.tosec   = { INIT_SECTIONS, EXIT_SECTIONS, NULL },
  	.mismatch = EXPORT_TO_INIT_EXIT,
  	.symbol_white_list = { DEFAULT_SYMBOL_WHITE_LIST, NULL },
@@ -91385,7 +90026,7 @@ index ff36c50..7ab4fa9 100644
  }
  };
  
-@@ -1165,10 +1172,10 @@ static Elf_Sym *find_elf_symbol(struct elf_info *elf, Elf64_Sword addr,
+@@ -1167,10 +1174,10 @@ static Elf_Sym *find_elf_symbol(struct elf_info *elf, Elf64_Sword addr,
  			continue;
  		if (ELF_ST_TYPE(sym->st_info) == STT_SECTION)
  			continue;
@@ -91398,7 +90039,7 @@ index ff36c50..7ab4fa9 100644
  		if (d < 0)
  			d = addr - sym->st_value;
  		if (d < distance) {
-@@ -1447,6 +1454,14 @@ static void report_sec_mismatch(const char *modname,
+@@ -1449,6 +1456,14 @@ static void report_sec_mismatch(const char *modname,
  		tosym, prl_to, prl_to, tosym);
  		free(prl_to);
  		break;
@@ -91413,7 +90054,7 @@ index ff36c50..7ab4fa9 100644
  	}
  	fprintf(stderr, "\n");
  }
-@@ -1681,7 +1696,7 @@ static void section_rel(const char *modname, struct elf_info *elf,
+@@ -1683,7 +1698,7 @@ static void section_rel(const char *modname, struct elf_info *elf,
  static void check_sec_ref(struct module *mod, const char *modname,
                            struct elf_info *elf)
  {
@@ -91422,7 +90063,7 @@ index ff36c50..7ab4fa9 100644
  	Elf_Shdr *sechdrs = elf->sechdrs;
  
  	/* Walk through all sections */
-@@ -1779,7 +1794,7 @@ void __attribute__((format(printf, 2, 3))) buf_printf(struct buffer *buf,
+@@ -1781,7 +1796,7 @@ void __attribute__((format(printf, 2, 3))) buf_printf(struct buffer *buf,
  	va_end(ap);
  }
  
@@ -91431,7 +90072,7 @@ index ff36c50..7ab4fa9 100644
  {
  	if (buf->size - buf->pos < len) {
  		buf->size += len + SZ;
-@@ -1997,7 +2012,7 @@ static void write_if_changed(struct buffer *b, const char *fname)
+@@ -1999,7 +2014,7 @@ static void write_if_changed(struct buffer *b, const char *fname)
  	if (fstat(fileno(file), &st) < 0)
  		goto close_write;
  
@@ -91519,7 +90160,7 @@ index 68bb4ef..2f419e1 100644
      write_hex_cnt = 0;
      for (i = 0; i < logo_clutsize; i++) {
 diff --git a/scripts/sortextable.h b/scripts/sortextable.h
-index e4fd45b..2eeb5c4 100644
+index f5eb43d..1814de8 100644
 --- a/scripts/sortextable.h
 +++ b/scripts/sortextable.h
 @@ -106,9 +106,9 @@ do_func(Elf_Ehdr *ehdr, char const *const fname, table_sort_t custom_sort)
@@ -92493,7 +91134,7 @@ index e9c6ac7..eef8ada 100644
  	help
  	  This is the portion of low virtual memory which should be protected
 diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
-index 8c2a7f6..b133ac9 100644
+index b21830e..a7d1a17 100644
 --- a/security/apparmor/lsm.c
 +++ b/security/apparmor/lsm.c
 @@ -614,7 +614,7 @@ static int apparmor_task_setrlimit(struct task_struct *task,
@@ -92506,7 +91147,7 @@ index 8c2a7f6..b133ac9 100644
  
  	.ptrace_access_check =		apparmor_ptrace_access_check,
 diff --git a/security/commoncap.c b/security/commoncap.c
-index 7ee08c7..8d1a9d6 100644
+index c44b6fe..932df30 100644
 --- a/security/commoncap.c
 +++ b/security/commoncap.c
 @@ -424,6 +424,32 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data
@@ -92553,10 +91194,10 @@ index 7ee08c7..8d1a9d6 100644
  		if (bprm->cap_effective)
  			return 1;
 diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
-index 079a85d..12e93f8 100644
+index a41c9c1..83da6dd 100644
 --- a/security/integrity/ima/ima.h
 +++ b/security/integrity/ima/ima.h
-@@ -96,8 +96,8 @@ void ima_add_violation(struct inode *inode, const unsigned char *filename,
+@@ -97,8 +97,8 @@ int ima_init_crypto(void);
  extern spinlock_t ima_queue_lock;
  
  struct ima_h_table {
@@ -92568,7 +91209,7 @@ index 079a85d..12e93f8 100644
  };
  extern struct ima_h_table ima_htable;
 diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
-index 0cea3db..2f0ef77 100644
+index 1c03e8f1..398a941 100644
 --- a/security/integrity/ima/ima_api.c
 +++ b/security/integrity/ima/ima_api.c
 @@ -79,7 +79,7 @@ void ima_add_violation(struct inode *inode, const unsigned char *filename,
@@ -92600,10 +91241,10 @@ index 38477c9..87a60c7 100644
  }
  
 diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c
-index 55a6271..ad829c3 100644
+index ff63fe0..809cd96 100644
 --- a/security/integrity/ima/ima_queue.c
 +++ b/security/integrity/ima/ima_queue.c
-@@ -81,7 +81,7 @@ static int ima_add_digest_entry(struct ima_template_entry *entry)
+@@ -80,7 +80,7 @@ static int ima_add_digest_entry(struct ima_template_entry *entry)
  	INIT_LIST_HEAD(&qe->later);
  	list_add_tail_rcu(&qe->later, &ima_measurements);
  
@@ -92767,7 +91408,7 @@ index f728728..6457a0c 100644
  
  /*
 diff --git a/security/security.c b/security/security.c
-index 7b88c6a..1e3ea8f 100644
+index 03f248b..5710c33 100644
 --- a/security/security.c
 +++ b/security/security.c
 @@ -20,6 +20,7 @@
@@ -92800,10 +91441,10 @@ index 7b88c6a..1e3ea8f 100644
  
  /* Save user chosen LSM */
 diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
-index ef26e96..642fb78 100644
+index 7171a95..c35e879 100644
 --- a/security/selinux/hooks.c
 +++ b/security/selinux/hooks.c
-@@ -95,8 +95,6 @@
+@@ -96,8 +96,6 @@
  
  #define NUM_SEL_MNT_OPTS 5
  
@@ -92812,7 +91453,7 @@ index ef26e96..642fb78 100644
  /* SECMARK reference count */
  static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
  
-@@ -5501,7 +5499,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer)
+@@ -5498,7 +5496,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer)
  
  #endif
  
@@ -92835,10 +91476,10 @@ index 65f67cb..3f141ef 100644
  }
  #else
 diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
-index 38be92c..21f49ee 100644
+index fa64740..bc95b74 100644
 --- a/security/smack/smack_lsm.c
 +++ b/security/smack/smack_lsm.c
-@@ -3398,7 +3398,7 @@ static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
+@@ -3392,7 +3392,7 @@ static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
  	return 0;
  }
  
@@ -92888,22 +91529,10 @@ index 20ef514..4182bed 100644
  	select SECURITY_PATH
  	default n
 diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c
-index 23414b9..f8c115e 100644
+index 13c88fbc..f8c115e 100644
 --- a/security/yama/yama_lsm.c
 +++ b/security/yama/yama_lsm.c
-@@ -347,10 +347,8 @@ int yama_ptrace_traceme(struct task_struct *parent)
- 	/* Only disallow PTRACE_TRACEME on more aggressive settings. */
- 	switch (ptrace_scope) {
- 	case YAMA_SCOPE_CAPABILITY:
--		rcu_read_lock();
--		if (!ns_capable(__task_cred(parent)->user_ns, CAP_SYS_PTRACE))
-+		if (!has_ns_capability(parent, current_user_ns(), CAP_SYS_PTRACE))
- 			rc = -EPERM;
--		rcu_read_unlock();
- 		break;
- 	case YAMA_SCOPE_NO_ATTACH:
- 		rc = -EPERM;
-@@ -367,7 +365,7 @@ int yama_ptrace_traceme(struct task_struct *parent)
+@@ -365,7 +365,7 @@ int yama_ptrace_traceme(struct task_struct *parent)
  }
  
  #ifndef CONFIG_SECURITY_YAMA_STACKED
@@ -92912,7 +91541,7 @@ index 23414b9..f8c115e 100644
  	.name =			"yama",
  
  	.ptrace_access_check =	yama_ptrace_access_check,
-@@ -378,28 +376,24 @@ static struct security_operations yama_ops = {
+@@ -376,28 +376,24 @@ static struct security_operations yama_ops = {
  #endif
  
  #ifdef CONFIG_SYSCTL
@@ -93082,7 +91711,7 @@ index af49721..e85058e 100644
  	if (err < 0)
  		return err;
 diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c
-index f4aaf5a..3b04e3b 100644
+index eb560fa..69a4995 100644
 --- a/sound/core/pcm_native.c
 +++ b/sound/core/pcm_native.c
 @@ -2806,11 +2806,11 @@ int snd_pcm_kernel_ioctl(struct snd_pcm_substream *substream,
@@ -104096,7 +102725,7 @@ index 96b919d..c49bb74 100644
 +
  #endif
 diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
-index 10afa34..f29c524 100644
+index f18013f..90421df 100644
 --- a/virt/kvm/kvm_main.c
 +++ b/virt/kvm/kvm_main.c
 @@ -75,12 +75,17 @@ LIST_HEAD(vm_list);
@@ -104119,7 +102748,7 @@ index 10afa34..f29c524 100644
  
  struct dentry *kvm_debugfs_dir;
  
-@@ -731,7 +736,7 @@ int __kvm_set_memory_region(struct kvm *kvm,
+@@ -769,7 +774,7 @@ int __kvm_set_memory_region(struct kvm *kvm,
  	/* We can read the guest memory with __xxx_user() later on. */
  	if (user_alloc &&
  	    ((mem->userspace_addr & (PAGE_SIZE - 1)) ||
@@ -104128,7 +102757,7 @@ index 10afa34..f29c524 100644
  			(void __user *)(unsigned long)mem->userspace_addr,
  			mem->memory_size)))
  		goto out;
-@@ -1810,7 +1815,7 @@ static int kvm_vcpu_release(struct inode *inode, struct file *filp)
+@@ -1881,7 +1886,7 @@ static int kvm_vcpu_release(struct inode *inode, struct file *filp)
  	return 0;
  }
  
@@ -104137,7 +102766,7 @@ index 10afa34..f29c524 100644
  	.release        = kvm_vcpu_release,
  	.unlocked_ioctl = kvm_vcpu_ioctl,
  #ifdef CONFIG_COMPAT
-@@ -2331,7 +2336,7 @@ static int kvm_vm_mmap(struct file *file, struct vm_area_struct *vma)
+@@ -2402,7 +2407,7 @@ static int kvm_vm_mmap(struct file *file, struct vm_area_struct *vma)
  	return 0;
  }
  
@@ -104146,7 +102775,7 @@ index 10afa34..f29c524 100644
  	.release        = kvm_vm_release,
  	.unlocked_ioctl = kvm_vm_ioctl,
  #ifdef CONFIG_COMPAT
-@@ -2429,7 +2434,7 @@ out:
+@@ -2500,7 +2505,7 @@ out:
  	return r;
  }
  
@@ -104155,7 +102784,7 @@ index 10afa34..f29c524 100644
  	.unlocked_ioctl = kvm_dev_ioctl,
  	.compat_ioctl   = kvm_dev_ioctl,
  	.llseek		= noop_llseek,
-@@ -2455,7 +2460,7 @@ static void hardware_enable_nolock(void *junk)
+@@ -2526,7 +2531,7 @@ static void hardware_enable_nolock(void *junk)
  
  	if (r) {
  		cpumask_clear_cpu(cpu, cpus_hardware_enabled);
@@ -104164,7 +102793,7 @@ index 10afa34..f29c524 100644
  		printk(KERN_INFO "kvm: enabling virtualization on "
  				 "CPU%d failed\n", cpu);
  	}
-@@ -2509,10 +2514,10 @@ static int hardware_enable_all(void)
+@@ -2580,10 +2585,10 @@ static int hardware_enable_all(void)
  
  	kvm_usage_count++;
  	if (kvm_usage_count == 1) {
@@ -104177,7 +102806,7 @@ index 10afa34..f29c524 100644
  			hardware_disable_all_nolock();
  			r = -EBUSY;
  		}
-@@ -2870,7 +2875,7 @@ static void kvm_sched_out(struct preempt_notifier *pn,
+@@ -2941,7 +2946,7 @@ static void kvm_sched_out(struct preempt_notifier *pn,
  	kvm_arch_vcpu_put(vcpu);
  }
  
@@ -104186,7 +102815,7 @@ index 10afa34..f29c524 100644
  		  struct module *module)
  {
  	int r;
-@@ -2906,7 +2911,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
+@@ -2977,7 +2982,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
  	if (!vcpu_align)
  		vcpu_align = __alignof__(struct kvm_vcpu);
  	kvm_vcpu_cache = kmem_cache_create("kvm_vcpu", vcpu_size, vcpu_align,
@@ -104195,7 +102824,7 @@ index 10afa34..f29c524 100644
  	if (!kvm_vcpu_cache) {
  		r = -ENOMEM;
  		goto out_free_3;
-@@ -2916,9 +2921,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
+@@ -2987,9 +2992,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
  	if (r)
  		goto out_free;
  
@@ -104207,7 +102836,7 @@ index 10afa34..f29c524 100644
  
  	r = misc_register(&kvm_dev);
  	if (r) {
-@@ -2928,9 +2935,6 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
+@@ -2999,9 +3006,6 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
  
  	register_syscore_ops(&kvm_syscore_ops);
  
diff --git a/3.8.12/4425_grsec_remove_EI_PAX.patch b/3.9.2/4425_grsec_remove_EI_PAX.patch
index 7d06ac2..7d06ac2 100644
--- a/3.8.12/4425_grsec_remove_EI_PAX.patch
+++ b/3.9.2/4425_grsec_remove_EI_PAX.patch
diff --git a/3.8.12/4430_grsec-remove-localversion-grsec.patch b/3.9.2/4430_grsec-remove-localversion-grsec.patch
index 31cf878..31cf878 100644
--- a/3.8.12/4430_grsec-remove-localversion-grsec.patch
+++ b/3.9.2/4430_grsec-remove-localversion-grsec.patch
diff --git a/3.8.12/4435_grsec-mute-warnings.patch b/3.9.2/4435_grsec-mute-warnings.patch
index ed941d5..ed941d5 100644
--- a/3.8.12/4435_grsec-mute-warnings.patch
+++ b/3.9.2/4435_grsec-mute-warnings.patch
diff --git a/3.8.12/4440_grsec-remove-protected-paths.patch b/3.9.2/4440_grsec-remove-protected-paths.patch
index 637934a..637934a 100644
--- a/3.8.12/4440_grsec-remove-protected-paths.patch
+++ b/3.9.2/4440_grsec-remove-protected-paths.patch
diff --git a/3.2.44/4450_grsec-kconfig-default-gids.patch b/3.9.2/4450_grsec-kconfig-default-gids.patch
index 7c20c40..6f5b79b 100644
--- a/3.2.44/4450_grsec-kconfig-default-gids.patch
+++ b/3.9.2/4450_grsec-kconfig-default-gids.patch
@@ -16,7 +16,7 @@ from shooting themselves in the foot.
 diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
 --- a/grsecurity/Kconfig	2012-10-13 09:51:35.000000000 -0400
 +++ b/grsecurity/Kconfig	2012-10-13 09:52:32.000000000 -0400
-@@ -578,7 +578,7 @@
+@@ -588,7 +588,7 @@
  config GRKERNSEC_AUDIT_GID
  	int "GID for auditing"
  	depends on GRKERNSEC_AUDIT_GROUP
@@ -25,7 +25,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
  
  config GRKERNSEC_EXECLOG
  	bool "Exec logging"
-@@ -798,7 +798,7 @@
+@@ -808,7 +808,7 @@
  config GRKERNSEC_TPE_UNTRUSTED_GID
  	int "GID for TPE-untrusted users"
  	depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT
@@ -34,7 +34,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
  	help
  	  Setting this GID determines what group TPE restrictions will be
  	  *enabled* for.  If the sysctl option is enabled, a sysctl option
-@@ -807,7 +807,7 @@
+@@ -817,7 +817,7 @@
  config GRKERNSEC_TPE_TRUSTED_GID
  	int "GID for TPE-trusted users"
  	depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT
@@ -43,7 +43,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
  	help
  	  Setting this GID determines what group TPE restrictions will be
  	  *disabled* for.  If the sysctl option is enabled, a sysctl option
-@@ -900,7 +900,7 @@
+@@ -910,7 +910,7 @@
  config GRKERNSEC_SOCKET_ALL_GID
  	int "GID to deny all sockets for"
  	depends on GRKERNSEC_SOCKET_ALL
@@ -52,7 +52,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
  	help
  	  Here you can choose the GID to disable socket access for. Remember to
  	  add the users you want socket access disabled for to the GID
-@@ -921,7 +921,7 @@
+@@ -931,7 +931,7 @@
  config GRKERNSEC_SOCKET_CLIENT_GID
  	int "GID to deny client sockets for"
  	depends on GRKERNSEC_SOCKET_CLIENT
@@ -61,7 +61,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
  	help
  	  Here you can choose the GID to disable client socket access for.
  	  Remember to add the users you want client socket access disabled for to
-@@ -939,7 +939,7 @@
+@@ -949,7 +949,7 @@
  config GRKERNSEC_SOCKET_SERVER_GID
  	int "GID to deny server sockets for"
  	depends on GRKERNSEC_SOCKET_SERVER
diff --git a/3.8.12/4465_selinux-avc_audit-log-curr_ip.patch b/3.9.2/4465_selinux-avc_audit-log-curr_ip.patch
index 0a309c8..b25a23f 100644
--- a/3.8.12/4465_selinux-avc_audit-log-curr_ip.patch
+++ b/3.9.2/4465_selinux-avc_audit-log-curr_ip.patch
@@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org>
 diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
 --- a/grsecurity/Kconfig	2011-04-17 19:25:54.000000000 -0400
 +++ b/grsecurity/Kconfig	2011-04-17 19:32:53.000000000 -0400
-@@ -998,6 +998,27 @@
+@@ -1008,6 +1008,27 @@
  menu "Logging Options"
  depends on GRKERNSEC
  
diff --git a/3.8.12/4470_disable-compat_vdso.patch b/3.9.2/4470_disable-compat_vdso.patch
index 3ef36aa..fed959f 100644
--- a/3.8.12/4470_disable-compat_vdso.patch
+++ b/3.9.2/4470_disable-compat_vdso.patch
@@ -26,7 +26,7 @@ Closes bug: http://bugs.gentoo.org/show_bug.cgi?id=210138
 diff -urp a/arch/x86/Kconfig b/arch/x86/Kconfig
 --- a/arch/x86/Kconfig	2009-07-31 01:36:57.323857684 +0100
 +++ b/arch/x86/Kconfig	2009-07-31 01:51:39.395749681 +0100
-@@ -1742,17 +1742,8 @@
+@@ -1787,17 +1787,8 @@
  
  config COMPAT_VDSO
  	def_bool n