summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnthony G. Basile <blueness@gentoo.org>2013-06-24 08:03:43 -0400
committerAnthony G. Basile <blueness@gentoo.org>2013-06-24 08:03:43 -0400
commit74cd2f49da1b5d3cb08a010a3d1151e2936abf8f (patch)
tree9fd4008ee0a8806f120e2b4b4cc939bd85974bfc
parentGrsec/PaX: 2.9.1-{2.6.32.61,3.2.47,3.9.6}-201306182033 (diff)
downloadhardened-patchset-20130623.tar.gz
hardened-patchset-20130623.tar.bz2
hardened-patchset-20130623.zip
Grsec/PaX: 2.9.1-{3.2.47,3.9.7}-20130623144320130623
-rw-r--r--3.2.47/0000_README2
-rw-r--r--3.2.47/4420_grsecurity-2.9.1-3.2.47-201306231441.patch (renamed from 3.2.47/4420_grsecurity-2.9.1-3.2.47-201306191807.patch)980
-rw-r--r--3.9.7/0000_README (renamed from 3.9.6/0000_README)2
-rw-r--r--3.9.7/4420_grsecurity-2.9.1-3.9.7-201306231443.patch (renamed from 3.9.6/4420_grsecurity-2.9.1-3.9.6-201306182033.patch)1213
-rw-r--r--3.9.7/4425_grsec_remove_EI_PAX.patch (renamed from 3.9.6/4425_grsec_remove_EI_PAX.patch)0
-rw-r--r--3.9.7/4427_force_XATTR_PAX_tmpfs.patch (renamed from 3.9.6/4427_force_XATTR_PAX_tmpfs.patch)0
-rw-r--r--3.9.7/4430_grsec-remove-localversion-grsec.patch (renamed from 3.9.6/4430_grsec-remove-localversion-grsec.patch)0
-rw-r--r--3.9.7/4435_grsec-mute-warnings.patch (renamed from 3.9.6/4435_grsec-mute-warnings.patch)0
-rw-r--r--3.9.7/4440_grsec-remove-protected-paths.patch (renamed from 3.9.6/4440_grsec-remove-protected-paths.patch)0
-rw-r--r--3.9.7/4450_grsec-kconfig-default-gids.patch (renamed from 3.9.6/4450_grsec-kconfig-default-gids.patch)0
-rw-r--r--3.9.7/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.9.6/4465_selinux-avc_audit-log-curr_ip.patch)0
-rw-r--r--3.9.7/4470_disable-compat_vdso.patch (renamed from 3.9.6/4470_disable-compat_vdso.patch)0
-rw-r--r--3.9.7/4475_emutramp_default_on.patch (renamed from 3.9.6/4475_emutramp_default_on.patch)0
13 files changed, 1581 insertions, 616 deletions
diff --git a/3.2.47/0000_README b/3.2.47/0000_README
index 2a74306..b9aefff 100644
--- a/3.2.47/0000_README
+++ b/3.2.47/0000_README
@@ -106,7 +106,7 @@ Patch: 1046_linux-3.2.47.patch
From: http://www.kernel.org
Desc: Linux 3.2.47
-Patch: 4420_grsecurity-2.9.1-3.2.47-201306191807.patch
+Patch: 4420_grsecurity-2.9.1-3.2.47-201306231441.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.2.47/4420_grsecurity-2.9.1-3.2.47-201306191807.patch b/3.2.47/4420_grsecurity-2.9.1-3.2.47-201306231441.patch
index 579f1c1..548030a 100644
--- a/3.2.47/4420_grsecurity-2.9.1-3.2.47-201306191807.patch
+++ b/3.2.47/4420_grsecurity-2.9.1-3.2.47-201306231441.patch
@@ -1,5 +1,5 @@
diff --git a/Documentation/dontdiff b/Documentation/dontdiff
-index dfa6fc6..fad9813 100644
+index dfa6fc6..be27ac3 100644
--- a/Documentation/dontdiff
+++ b/Documentation/dontdiff
@@ -2,9 +2,11 @@
@@ -41,7 +41,7 @@ index dfa6fc6..fad9813 100644
.*.d
.mm
53c700_d.h
-@@ -70,6 +76,7 @@ Kerntypes
+@@ -70,9 +76,11 @@ Kerntypes
Module.markers
Module.symvers
PENDING
@@ -49,7 +49,11 @@ index dfa6fc6..fad9813 100644
SCCS
System.map*
TAGS
-@@ -81,6 +88,7 @@ aic7*seq.h*
++TRACEEVENT-CFLAGS
+ aconf
+ af_names.h
+ aic7*reg.h*
+@@ -81,6 +89,7 @@ aic7*seq.h*
aicasm
aicdb.h*
altivec*.c
@@ -57,7 +61,7 @@ index dfa6fc6..fad9813 100644
asm-offsets.h
asm_offsets.h
autoconf.h*
-@@ -93,19 +101,24 @@ bounds.h
+@@ -93,19 +102,24 @@ bounds.h
bsetup
btfixupprep
build
@@ -82,7 +86,7 @@ index dfa6fc6..fad9813 100644
conmakehash
consolemap_deftbl.c*
cpustr.h
-@@ -116,9 +129,11 @@ devlist.h*
+@@ -116,9 +130,11 @@ devlist.h*
dnotify_test
docproc
dslm
@@ -94,7 +98,7 @@ index dfa6fc6..fad9813 100644
fixdep
flask.h
fore200e_mkfirm
-@@ -126,12 +141,15 @@ fore200e_pca_fw.c*
+@@ -126,12 +142,15 @@ fore200e_pca_fw.c*
gconf
gconf.glade.h
gen-devlist
@@ -110,7 +114,7 @@ index dfa6fc6..fad9813 100644
hpet_example
hugepage-mmap
hugepage-shm
-@@ -146,7 +164,7 @@ int32.c
+@@ -146,7 +165,7 @@ int32.c
int4.c
int8.c
kallsyms
@@ -119,7 +123,7 @@ index dfa6fc6..fad9813 100644
keywords.c
ksym.c*
ksym.h*
-@@ -154,7 +172,7 @@ kxgettext
+@@ -154,7 +173,7 @@ kxgettext
lkc_defs.h
lex.c
lex.*.c
@@ -128,7 +132,7 @@ index dfa6fc6..fad9813 100644
logo_*.c
logo_*_clut224.c
logo_*_mono.c
-@@ -166,14 +184,15 @@ machtypes.h
+@@ -166,14 +185,15 @@ machtypes.h
map
map_hugetlb
maui_boot.h
@@ -145,7 +149,7 @@ index dfa6fc6..fad9813 100644
mkprep
mkregtable
mktables
-@@ -209,6 +228,7 @@ r300_reg_safe.h
+@@ -209,6 +229,7 @@ r300_reg_safe.h
r420_reg_safe.h
r600_reg_safe.h
recordmcount
@@ -153,7 +157,7 @@ index dfa6fc6..fad9813 100644
relocs
rlim_names.h
rn50_reg_safe.h
-@@ -218,7 +238,10 @@ series
+@@ -218,7 +239,10 @@ series
setup
setup.bin
setup.elf
@@ -164,7 +168,7 @@ index dfa6fc6..fad9813 100644
sm_tbl*
split-include
syscalltab.h
-@@ -229,6 +252,7 @@ tftpboot.img
+@@ -229,6 +253,7 @@ tftpboot.img
timeconst.h
times.h*
trix_boot.h
@@ -172,7 +176,7 @@ index dfa6fc6..fad9813 100644
utsrelease.h*
vdso-syms.lds
vdso.lds
-@@ -246,7 +270,9 @@ vmlinux
+@@ -246,7 +271,9 @@ vmlinux
vmlinux-*
vmlinux.aout
vmlinux.bin.all
@@ -182,7 +186,7 @@ index dfa6fc6..fad9813 100644
vmlinuz
voffset.h
vsyscall.lds
-@@ -254,9 +280,12 @@ vsyscall_32.lds
+@@ -254,9 +281,12 @@ vsyscall_32.lds
wanxlfw.inc
uImage
unifdef
@@ -15634,7 +15638,7 @@ index 0e89635..f0a7525 100644
};
diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c
-index 3b67877..bf490b9 100644
+index 3b67877..77e760c 100644
--- a/arch/x86/kernel/cpu/mcheck/mce.c
+++ b/arch/x86/kernel/cpu/mcheck/mce.c
@@ -42,6 +42,7 @@
@@ -15685,6 +15689,15 @@ index 3b67877..bf490b9 100644
return;
}
/* First print corrected ones that are still unlogged */
+@@ -307,7 +308,7 @@ static void mce_panic(char *msg, struct mce *final, char *exp)
+ if (!fake_panic) {
+ if (panic_timeout == 0)
+ panic_timeout = mce_panic_timeout;
+- panic(msg);
++ panic("%s", msg);
+ } else
+ pr_emerg(HW_ERR "Fake kernel panic: %s\n", msg);
+ }
@@ -616,7 +617,7 @@ static int mce_timed_out(u64 *t)
* might have been modified by someone else.
*/
@@ -15901,6 +15914,19 @@ index 13ad899..f642b9a 100644
crash_fixup_ss_esp(&fixed_regs, regs);
regs = &fixed_regs;
}
+diff --git a/arch/x86/kernel/crash_dump_64.c b/arch/x86/kernel/crash_dump_64.c
+index afa64ad..dce67dd 100644
+--- a/arch/x86/kernel/crash_dump_64.c
++++ b/arch/x86/kernel/crash_dump_64.c
+@@ -36,7 +36,7 @@ ssize_t copy_oldmem_page(unsigned long pfn, char *buf,
+ return -ENOMEM;
+
+ if (userbuf) {
+- if (copy_to_user(buf, vaddr + offset, csize)) {
++ if (copy_to_user((char __force_user *)buf, vaddr + offset, csize)) {
+ iounmap(vaddr);
+ return -EFAULT;
+ }
diff --git a/arch/x86/kernel/doublefault_32.c b/arch/x86/kernel/doublefault_32.c
index 37250fe..bf2ec74 100644
--- a/arch/x86/kernel/doublefault_32.c
@@ -16291,6 +16317,21 @@ index 6d728d9..80f1867 100644
+}
+EXPORT_SYMBOL(pax_check_alloca);
+#endif
+diff --git a/arch/x86/kernel/e820.c b/arch/x86/kernel/e820.c
+index 303a0e4..0aad351 100644
+--- a/arch/x86/kernel/e820.c
++++ b/arch/x86/kernel/e820.c
+@@ -829,8 +829,8 @@ unsigned long __init e820_end_of_low_ram_pfn(void)
+
+ static void early_panic(char *msg)
+ {
+- early_printk(msg);
+- panic(msg);
++ early_printk("%s", msg);
++ panic("%s", msg);
+ }
+
+ static int userdef __initdata;
diff --git a/arch/x86/kernel/early_printk.c b/arch/x86/kernel/early_printk.c
index cd28a35..c72ed9a 100644
--- a/arch/x86/kernel/early_printk.c
@@ -17115,7 +17156,7 @@ index d2d488b8..a4f589f 100644
/*
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
-index 6274f5f..7342ebb 100644
+index 6274f5f..7157a62 100644
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
@@ -55,6 +55,8 @@
@@ -17191,7 +17232,7 @@ index 6274f5f..7342ebb 100644
jmp *%rdi
#endif
-@@ -178,6 +186,282 @@ ENTRY(native_usergs_sysret64)
+@@ -178,6 +186,311 @@ ENTRY(native_usergs_sysret64)
ENDPROC(native_usergs_sysret64)
#endif /* CONFIG_PARAVIRT */
@@ -17299,7 +17340,9 @@ index 6274f5f..7342ebb 100644
+#endif
+#ifdef CONFIG_PAX_RANDKSTACK
+ pushq %rax
++ pushq %r11
+ call pax_randomize_kstack
++ popq %r11
+ popq %rax
+#endif
+ .endm
@@ -17362,10 +17405,10 @@ index 6274f5f..7342ebb 100644
+ENDPROC(pax_enter_kernel_user)
+
+ENTRY(pax_exit_kernel_user)
-+ push %rdi
++ pushq %rdi
++ pushq %rbx
+
+#ifdef CONFIG_PARAVIRT
-+ pushq %rbx
+ PV_SAVE_REGS(CLBR_RDI)
+#endif
+
@@ -17377,13 +17420,14 @@ index 6274f5f..7342ebb 100644
+#endif
+
+ GET_CR3_INTO_RDI
-+ add $__START_KERNEL_map,%rdi
-+ sub phys_base(%rip),%rdi
++ mov %rdi,%rbx
++ add $__START_KERNEL_map,%rbx
++ sub phys_base(%rip),%rbx
+
+#ifdef CONFIG_PARAVIRT
++ pushq %rdi
+ cmpl $0, pv_info+PARAVIRT_enabled
+ jz 1f
-+ mov %rdi,%rbx
+ i = 0
+ .rept USER_PGD_PTRS
+ mov i*8(%rbx),%rsi
@@ -17392,21 +17436,23 @@ index 6274f5f..7342ebb 100644
+ call PARA_INDIRECT(pv_mmu_ops+PV_MMU_set_pgd_batched)
+ i = i + 1
+ .endr
++ popq %rdi
++ PV_RESTORE_REGS(CLBR_RDI)
+ jmp 2f
+1:
+#endif
+
+ i = 0
+ .rept USER_PGD_PTRS
-+ movb $0x67,i*8(%rdi)
++ movb $0x67,i*8(%rbx)
+ i = i + 1
+ .endr
+
+#ifdef CONFIG_PARAVIRT
-+2: PV_RESTORE_REGS(CLBR_RDI)
-+ popq %rbx
++2:
+#endif
+
++ popq %rbx
+ popq %rdi
+ pax_force_retaddr
+ retq
@@ -17415,6 +17461,30 @@ index 6274f5f..7342ebb 100644
+ENDPROC(pax_exit_kernel_user)
+#endif
+
++ .macro pax_enter_kernel_nmi
++ pax_set_fptr_mask
++
++#ifdef CONFIG_PAX_KERNEXEC
++ GET_CR0_INTO_RDI
++ bts $16,%rdi
++ SET_RDI_INTO_CR0
++ jc 110f
++ or $2,%ebx
++110:
++#endif
++ .endm
++
++ .macro pax_exit_kernel_nmi
++#ifdef CONFIG_PAX_KERNEXEC
++ test $2,%ebx
++ jz 110f
++ GET_CR0_INTO_RDI
++ btr $16,%rdi
++ SET_RDI_INTO_CR0
++110:
++#endif
++ .endm
++
+.macro pax_erase_kstack
+#ifdef CONFIG_PAX_MEMORY_STACKLEAK
+ call pax_erase_kstack
@@ -17474,7 +17544,7 @@ index 6274f5f..7342ebb 100644
.macro TRACE_IRQS_IRETQ offset=ARGOFFSET
#ifdef CONFIG_TRACE_IRQFLAGS
-@@ -231,8 +515,8 @@ ENDPROC(native_usergs_sysret64)
+@@ -231,8 +544,8 @@ ENDPROC(native_usergs_sysret64)
.endm
.macro UNFAKE_STACK_FRAME
@@ -17485,7 +17555,7 @@ index 6274f5f..7342ebb 100644
.endm
/*
-@@ -319,7 +603,7 @@ ENDPROC(native_usergs_sysret64)
+@@ -319,7 +632,7 @@ ENDPROC(native_usergs_sysret64)
movq %rsp, %rsi
leaq -RBP(%rsp),%rdi /* arg1 for handler */
@@ -17494,7 +17564,7 @@ index 6274f5f..7342ebb 100644
je 1f
SWAPGS
/*
-@@ -355,9 +639,10 @@ ENTRY(save_rest)
+@@ -355,9 +668,10 @@ ENTRY(save_rest)
movq_cfi r15, R15+16
movq %r11, 8(%rsp) /* return address */
FIXUP_TOP_OF_STACK %r11, 16
@@ -17506,7 +17576,7 @@ index 6274f5f..7342ebb 100644
/* save complete stack frame */
.pushsection .kprobes.text, "ax"
-@@ -386,9 +671,10 @@ ENTRY(save_paranoid)
+@@ -386,9 +700,10 @@ ENTRY(save_paranoid)
js 1f /* negative -> in kernel */
SWAPGS
xorl %ebx,%ebx
@@ -17519,7 +17589,7 @@ index 6274f5f..7342ebb 100644
.popsection
/*
-@@ -410,7 +696,7 @@ ENTRY(ret_from_fork)
+@@ -410,7 +725,7 @@ ENTRY(ret_from_fork)
RESTORE_REST
@@ -17528,7 +17598,7 @@ index 6274f5f..7342ebb 100644
je int_ret_from_sys_call
testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET
-@@ -420,7 +706,7 @@ ENTRY(ret_from_fork)
+@@ -420,7 +735,7 @@ ENTRY(ret_from_fork)
jmp ret_from_sys_call # go to the SYSRET fastpath
CFI_ENDPROC
@@ -17537,7 +17607,7 @@ index 6274f5f..7342ebb 100644
/*
* System call entry. Up to 6 arguments in registers are supported.
-@@ -456,7 +742,7 @@ END(ret_from_fork)
+@@ -456,7 +771,7 @@ END(ret_from_fork)
ENTRY(system_call)
CFI_STARTPROC simple
CFI_SIGNAL_FRAME
@@ -17546,7 +17616,7 @@ index 6274f5f..7342ebb 100644
CFI_REGISTER rip,rcx
/*CFI_REGISTER rflags,r11*/
SWAPGS_UNSAFE_STACK
-@@ -469,12 +755,18 @@ ENTRY(system_call_after_swapgs)
+@@ -469,12 +784,18 @@ ENTRY(system_call_after_swapgs)
movq %rsp,PER_CPU_VAR(old_rsp)
movq PER_CPU_VAR(kernel_stack),%rsp
@@ -17566,7 +17636,7 @@ index 6274f5f..7342ebb 100644
movq %rax,ORIG_RAX-ARGOFFSET(%rsp)
movq %rcx,RIP-ARGOFFSET(%rsp)
CFI_REL_OFFSET rip,RIP-ARGOFFSET
-@@ -484,7 +776,7 @@ ENTRY(system_call_after_swapgs)
+@@ -484,7 +805,7 @@ ENTRY(system_call_after_swapgs)
system_call_fastpath:
cmpq $__NR_syscall_max,%rax
ja badsys
@@ -17575,7 +17645,7 @@ index 6274f5f..7342ebb 100644
call *sys_call_table(,%rax,8) # XXX: rip relative
movq %rax,RAX-ARGOFFSET(%rsp)
/*
-@@ -503,6 +795,8 @@ sysret_check:
+@@ -503,6 +824,8 @@ sysret_check:
andl %edi,%edx
jnz sysret_careful
CFI_REMEMBER_STATE
@@ -17584,7 +17654,7 @@ index 6274f5f..7342ebb 100644
/*
* sysretq will re-enable interrupts:
*/
-@@ -554,14 +848,18 @@ badsys:
+@@ -554,14 +877,18 @@ badsys:
* jump back to the normal fast path.
*/
auditsys:
@@ -17604,7 +17674,7 @@ index 6274f5f..7342ebb 100644
jmp system_call_fastpath
/*
-@@ -591,16 +889,20 @@ tracesys:
+@@ -591,16 +918,20 @@ tracesys:
FIXUP_TOP_OF_STACK %rdi
movq %rsp,%rdi
call syscall_trace_enter
@@ -17626,7 +17696,7 @@ index 6274f5f..7342ebb 100644
call *sys_call_table(,%rax,8)
movq %rax,RAX-ARGOFFSET(%rsp)
/* Use IRET because user could have changed frame */
-@@ -612,7 +914,7 @@ tracesys:
+@@ -612,7 +943,7 @@ tracesys:
GLOBAL(int_ret_from_sys_call)
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF
@@ -17635,7 +17705,7 @@ index 6274f5f..7342ebb 100644
je retint_restore_args
movl $_TIF_ALLWORK_MASK,%edi
/* edi: mask to check */
-@@ -623,7 +925,9 @@ GLOBAL(int_with_check)
+@@ -623,7 +954,9 @@ GLOBAL(int_with_check)
andl %edi,%edx
jnz int_careful
andl $~TS_COMPAT,TI_status(%rcx)
@@ -17646,7 +17716,7 @@ index 6274f5f..7342ebb 100644
/* Either reschedule or signal or syscall exit tracking needed. */
/* First do a reschedule test. */
-@@ -669,7 +973,7 @@ int_restore_rest:
+@@ -669,7 +1002,7 @@ int_restore_rest:
TRACE_IRQS_OFF
jmp int_with_check
CFI_ENDPROC
@@ -17655,7 +17725,7 @@ index 6274f5f..7342ebb 100644
/*
* Certain special system calls that need to save a complete full stack frame.
-@@ -685,7 +989,7 @@ ENTRY(\label)
+@@ -685,7 +1018,7 @@ ENTRY(\label)
call \func
jmp ptregscall_common
CFI_ENDPROC
@@ -17664,7 +17734,7 @@ index 6274f5f..7342ebb 100644
.endm
PTREGSCALL stub_clone, sys_clone, %r8
-@@ -703,9 +1007,10 @@ ENTRY(ptregscall_common)
+@@ -703,9 +1036,10 @@ ENTRY(ptregscall_common)
movq_cfi_restore R12+8, r12
movq_cfi_restore RBP+8, rbp
movq_cfi_restore RBX+8, rbx
@@ -17676,7 +17746,7 @@ index 6274f5f..7342ebb 100644
ENTRY(stub_execve)
CFI_STARTPROC
-@@ -720,7 +1025,7 @@ ENTRY(stub_execve)
+@@ -720,7 +1054,7 @@ ENTRY(stub_execve)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -17685,7 +17755,7 @@ index 6274f5f..7342ebb 100644
/*
* sigreturn is special because it needs to restore all registers on return.
-@@ -738,7 +1043,7 @@ ENTRY(stub_rt_sigreturn)
+@@ -738,7 +1072,7 @@ ENTRY(stub_rt_sigreturn)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -17694,7 +17764,7 @@ index 6274f5f..7342ebb 100644
/*
* Build the entry stubs and pointer table with some assembler magic.
-@@ -773,7 +1078,7 @@ vector=vector+1
+@@ -773,7 +1107,7 @@ vector=vector+1
2: jmp common_interrupt
.endr
CFI_ENDPROC
@@ -17703,7 +17773,7 @@ index 6274f5f..7342ebb 100644
.previous
END(interrupt)
-@@ -793,6 +1098,16 @@ END(interrupt)
+@@ -793,6 +1127,16 @@ END(interrupt)
subq $ORIG_RAX-RBP, %rsp
CFI_ADJUST_CFA_OFFSET ORIG_RAX-RBP
SAVE_ARGS_IRQ
@@ -17720,7 +17790,7 @@ index 6274f5f..7342ebb 100644
call \func
.endm
-@@ -824,7 +1139,7 @@ ret_from_intr:
+@@ -824,7 +1168,7 @@ ret_from_intr:
exit_intr:
GET_THREAD_INFO(%rcx)
@@ -17729,7 +17799,7 @@ index 6274f5f..7342ebb 100644
je retint_kernel
/* Interrupt came from user space */
-@@ -846,12 +1161,16 @@ retint_swapgs: /* return to user-space */
+@@ -846,12 +1190,16 @@ retint_swapgs: /* return to user-space */
* The iretq could re-enable interrupts:
*/
DISABLE_INTERRUPTS(CLBR_ANY)
@@ -17746,7 +17816,7 @@ index 6274f5f..7342ebb 100644
/*
* The iretq could re-enable interrupts:
*/
-@@ -940,7 +1259,7 @@ ENTRY(retint_kernel)
+@@ -940,7 +1288,7 @@ ENTRY(retint_kernel)
#endif
CFI_ENDPROC
@@ -17755,7 +17825,7 @@ index 6274f5f..7342ebb 100644
/*
* End of kprobes section
*/
-@@ -956,7 +1275,7 @@ ENTRY(\sym)
+@@ -956,7 +1304,7 @@ ENTRY(\sym)
interrupt \do_sym
jmp ret_from_intr
CFI_ENDPROC
@@ -17764,7 +17834,7 @@ index 6274f5f..7342ebb 100644
.endm
#ifdef CONFIG_SMP
-@@ -1021,12 +1340,22 @@ ENTRY(\sym)
+@@ -1021,12 +1369,22 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call error_entry
DEFAULT_FRAME 0
@@ -17788,7 +17858,7 @@ index 6274f5f..7342ebb 100644
.endm
.macro paranoidzeroentry sym do_sym
-@@ -1038,15 +1367,25 @@ ENTRY(\sym)
+@@ -1038,15 +1396,25 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call save_paranoid
TRACE_IRQS_OFF
@@ -17816,7 +17886,7 @@ index 6274f5f..7342ebb 100644
.macro paranoidzeroentry_ist sym do_sym ist
ENTRY(\sym)
INTR_FRAME
-@@ -1056,14 +1395,30 @@ ENTRY(\sym)
+@@ -1056,14 +1424,30 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call save_paranoid
TRACE_IRQS_OFF
@@ -17848,7 +17918,7 @@ index 6274f5f..7342ebb 100644
.endm
.macro errorentry sym do_sym
-@@ -1074,13 +1429,23 @@ ENTRY(\sym)
+@@ -1074,13 +1458,23 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call error_entry
DEFAULT_FRAME 0
@@ -17873,7 +17943,7 @@ index 6274f5f..7342ebb 100644
.endm
/* error code is on the stack already */
-@@ -1093,13 +1458,23 @@ ENTRY(\sym)
+@@ -1093,13 +1487,23 @@ ENTRY(\sym)
call save_paranoid
DEFAULT_FRAME 0
TRACE_IRQS_OFF
@@ -17898,7 +17968,7 @@ index 6274f5f..7342ebb 100644
.endm
zeroentry divide_error do_divide_error
-@@ -1129,9 +1504,10 @@ gs_change:
+@@ -1129,9 +1533,10 @@ gs_change:
2: mfence /* workaround */
SWAPGS
popfq_cfi
@@ -17910,7 +17980,7 @@ index 6274f5f..7342ebb 100644
.section __ex_table,"a"
.align 8
-@@ -1153,13 +1529,14 @@ ENTRY(kernel_thread_helper)
+@@ -1153,13 +1558,14 @@ ENTRY(kernel_thread_helper)
* Here we are in the child and the registers are set as they were
* at kernel_thread() invocation in the parent.
*/
@@ -17926,7 +17996,7 @@ index 6274f5f..7342ebb 100644
/*
* execve(). This function needs to use IRET, not SYSRET, to set up all state properly.
-@@ -1186,11 +1563,11 @@ ENTRY(kernel_execve)
+@@ -1186,11 +1592,11 @@ ENTRY(kernel_execve)
RESTORE_REST
testq %rax,%rax
je int_ret_from_sys_call
@@ -17940,7 +18010,7 @@ index 6274f5f..7342ebb 100644
/* Call softirq on interrupt stack. Interrupts are off. */
ENTRY(call_softirq)
-@@ -1208,9 +1585,10 @@ ENTRY(call_softirq)
+@@ -1208,9 +1614,10 @@ ENTRY(call_softirq)
CFI_DEF_CFA_REGISTER rsp
CFI_ADJUST_CFA_OFFSET -8
decl PER_CPU_VAR(irq_count)
@@ -17952,7 +18022,7 @@ index 6274f5f..7342ebb 100644
#ifdef CONFIG_XEN
zeroentry xen_hypervisor_callback xen_do_hypervisor_callback
-@@ -1248,7 +1626,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
+@@ -1248,7 +1655,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
decl PER_CPU_VAR(irq_count)
jmp error_exit
CFI_ENDPROC
@@ -17961,7 +18031,7 @@ index 6274f5f..7342ebb 100644
/*
* Hypervisor uses this for application faults while it executes.
-@@ -1307,7 +1685,7 @@ ENTRY(xen_failsafe_callback)
+@@ -1307,7 +1714,7 @@ ENTRY(xen_failsafe_callback)
SAVE_ALL
jmp error_exit
CFI_ENDPROC
@@ -17970,7 +18040,7 @@ index 6274f5f..7342ebb 100644
apicinterrupt XEN_HVM_EVTCHN_CALLBACK \
xen_hvm_callback_vector xen_evtchn_do_upcall
-@@ -1356,16 +1734,31 @@ ENTRY(paranoid_exit)
+@@ -1356,16 +1763,31 @@ ENTRY(paranoid_exit)
TRACE_IRQS_OFF
testl %ebx,%ebx /* swapgs needed? */
jnz paranoid_restore
@@ -18003,7 +18073,7 @@ index 6274f5f..7342ebb 100644
jmp irq_return
paranoid_userspace:
GET_THREAD_INFO(%rcx)
-@@ -1394,7 +1787,7 @@ paranoid_schedule:
+@@ -1394,7 +1816,7 @@ paranoid_schedule:
TRACE_IRQS_OFF
jmp paranoid_userspace
CFI_ENDPROC
@@ -18012,7 +18082,7 @@ index 6274f5f..7342ebb 100644
/*
* Exception entry point. This expects an error code/orig_rax on the stack.
-@@ -1421,12 +1814,13 @@ ENTRY(error_entry)
+@@ -1421,12 +1843,13 @@ ENTRY(error_entry)
movq_cfi r14, R14+8
movq_cfi r15, R15+8
xorl %ebx,%ebx
@@ -18027,7 +18097,7 @@ index 6274f5f..7342ebb 100644
ret
/*
-@@ -1453,7 +1847,7 @@ bstep_iret:
+@@ -1453,7 +1876,7 @@ bstep_iret:
movq %rcx,RIP+8(%rsp)
jmp error_swapgs
CFI_ENDPROC
@@ -18036,7 +18106,7 @@ index 6274f5f..7342ebb 100644
/* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */
-@@ -1473,7 +1867,7 @@ ENTRY(error_exit)
+@@ -1473,7 +1896,7 @@ ENTRY(error_exit)
jnz retint_careful
jmp retint_swapgs
CFI_ENDPROC
@@ -18045,54 +18115,38 @@ index 6274f5f..7342ebb 100644
/* runs on exception stack */
-@@ -1485,6 +1879,16 @@ ENTRY(nmi)
+@@ -1485,6 +1908,8 @@ ENTRY(nmi)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call save_paranoid
DEFAULT_FRAME 0
-+#ifdef CONFIG_PAX_MEMORY_UDEREF
-+ testb $3, CS(%rsp)
-+ jnz 1f
-+ pax_enter_kernel
-+ jmp 2f
-+1: pax_enter_kernel_user
-+2:
-+#else
-+ pax_enter_kernel
-+#endif
++ pax_enter_kernel_nmi
++
/* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
movq %rsp,%rdi
movq $-1,%rsi
-@@ -1495,12 +1899,28 @@ ENTRY(nmi)
+@@ -1493,15 +1918,19 @@ ENTRY(nmi)
+ /* paranoidexit; without TRACE_IRQS_OFF */
+ /* ebx: no swapgs flag */
DISABLE_INTERRUPTS(CLBR_NONE)
- testl %ebx,%ebx /* swapgs needed? */
+- testl %ebx,%ebx /* swapgs needed? */
++ testl $1,%ebx /* swapgs needed? */
jnz nmi_restore
-- testl $3,CS(%rsp)
-+ testb $3,CS(%rsp)
+ testl $3,CS(%rsp)
jnz nmi_userspace
-+#ifdef CONFIG_PAX_MEMORY_UDEREF
-+ pax_exit_kernel
-+ SWAPGS_UNSAFE_STACK
-+ RESTORE_ALL 8
-+ pax_force_retaddr_bts
-+ jmp irq_return
-+#endif
nmi_swapgs:
-+#ifdef CONFIG_PAX_MEMORY_UDEREF
-+ pax_exit_kernel_user
-+#else
-+ pax_exit_kernel
-+#endif
SWAPGS_UNSAFE_STACK
-+ RESTORE_ALL 8
-+ jmp irq_return
nmi_restore:
-+ pax_exit_kernel
++ pax_exit_kernel_nmi
RESTORE_ALL 8
+- jmp irq_return
++ testb $3, 8(%rsp)
++ jnz 1f
+ pax_force_retaddr_bts
- jmp irq_return
++1: jmp irq_return
nmi_userspace:
GET_THREAD_INFO(%rcx)
-@@ -1529,14 +1949,14 @@ nmi_schedule:
+ movl TI_flags(%rcx),%ebx
+@@ -1529,14 +1958,14 @@ nmi_schedule:
jmp paranoid_exit
CFI_ENDPROC
#endif
@@ -21872,7 +21926,7 @@ index 04b8726..0c35b29 100644
goto cannot_handle;
if ((segoffs >> 16) == BIOSSEG)
diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
-index 0f703f1..3b426f3 100644
+index 0f703f1..cd7e91b 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -26,6 +26,13 @@
@@ -21957,7 +22011,7 @@ index 0f703f1..3b426f3 100644
+ . = ALIGN(PAGE_SIZE);
+ .module.text : AT(ADDR(.module.text) - LOAD_OFFSET) {
+
-+#if defined(CONFIG_PAX_KERNEXEC) && defined(CONFIG_MODULES)
++#ifdef CONFIG_PAX_KERNEXEC
+ MODULES_EXEC_VADDR = .;
+ BYTE(0)
+ . += (CONFIG_PAX_KERNEXEC_MODULE_TEXT * 1024 * 1024);
@@ -29985,6 +30039,47 @@ index 7b72502..646105c 100644
if (err) {
err = -EFAULT;
goto out;
+diff --git a/block/genhd.c b/block/genhd.c
+index 6edf228..078f68b9 100644
+--- a/block/genhd.c
++++ b/block/genhd.c
+@@ -474,21 +474,24 @@ static char *bdevt_str(dev_t devt, char *buf)
+
+ /*
+ * Register device numbers dev..(dev+range-1)
+- * range must be nonzero
++ * Noop if @range is zero.
+ * The hash chain is sorted on range, so that subranges can override.
+ */
+ void blk_register_region(dev_t devt, unsigned long range, struct module *module,
+ struct kobject *(*probe)(dev_t, int *, void *),
+ int (*lock)(dev_t, void *), void *data)
+ {
+- kobj_map(bdev_map, devt, range, module, probe, lock, data);
++ if (range)
++ kobj_map(bdev_map, devt, range, module, probe, lock, data);
+ }
+
+ EXPORT_SYMBOL(blk_register_region);
+
++/* undo blk_register_region(), noop if @range is zero */
+ void blk_unregister_region(dev_t devt, unsigned long range)
+ {
+- kobj_unmap(bdev_map, devt, range);
++ if (range)
++ kobj_unmap(bdev_map, devt, range);
+ }
+
+ EXPORT_SYMBOL(blk_unregister_region);
+@@ -519,7 +522,7 @@ void register_disk(struct gendisk *disk)
+
+ ddev->parent = disk->driverfs_dev;
+
+- dev_set_name(ddev, disk->disk_name);
++ dev_set_name(ddev, "%s", disk->disk_name);
+
+ /* delay uevents, until we scanned partition table */
+ dev_set_uevent_suppress(ddev, 1);
diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c
index 9e76a32..48d7145 100644
--- a/block/scsi_ioctl.c
@@ -30040,6 +30135,19 @@ index 9e76a32..48d7145 100644
if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len))
goto error;
+diff --git a/crypto/algapi.c b/crypto/algapi.c
+index 54dd4e3..27ea1b0 100644
+--- a/crypto/algapi.c
++++ b/crypto/algapi.c
+@@ -477,7 +477,7 @@ static struct crypto_template *__crypto_lookup_template(const char *name)
+
+ struct crypto_template *crypto_lookup_template(const char *name)
+ {
+- return try_then_request_module(__crypto_lookup_template(name), name);
++ return try_then_request_module(__crypto_lookup_template(name), "%s", name);
+ }
+ EXPORT_SYMBOL_GPL(crypto_lookup_template);
+
diff --git a/crypto/cryptd.c b/crypto/cryptd.c
index 7bdd61b..afec999 100644
--- a/crypto/cryptd.c
@@ -30117,6 +30225,19 @@ index 5b63b8d..6f46ba0 100644
if (strlen(p->cru_driver_name))
exact = 1;
+diff --git a/crypto/pcrypt.c b/crypto/pcrypt.c
+index 29a89da..7e23990 100644
+--- a/crypto/pcrypt.c
++++ b/crypto/pcrypt.c
+@@ -440,7 +440,7 @@ static int pcrypt_sysfs_add(struct padata_instance *pinst, const char *name)
+ int ret;
+
+ pinst->kobj.kset = pcrypt_kset;
+- ret = kobject_add(&pinst->kobj, NULL, name);
++ ret = kobject_add(&pinst->kobj, NULL, "%s", name);
+ if (!ret)
+ kobject_uevent(&pinst->kobj, KOBJ_ADD);
+
diff --git a/drivers/acpi/apei/apei-internal.h b/drivers/acpi/apei/apei-internal.h
index f57050e..7ccfc74 100644
--- a/drivers/acpi/apei/apei-internal.h
@@ -31369,8 +31490,21 @@ index d889f56..17eb71e 100644
wake_up(&zatm_vcc->tx_wait);
}
+diff --git a/drivers/base/attribute_container.c b/drivers/base/attribute_container.c
+index 8fc200b..32763bb 100644
+--- a/drivers/base/attribute_container.c
++++ b/drivers/base/attribute_container.c
+@@ -167,7 +167,7 @@ attribute_container_add_device(struct device *dev,
+ ic->classdev.parent = get_device(dev);
+ ic->classdev.class = cont->class;
+ cont->class->dev_release = attribute_container_release;
+- dev_set_name(&ic->classdev, dev_name(dev));
++ dev_set_name(&ic->classdev, "%s", dev_name(dev));
+ if (fn)
+ fn(cont, dev, &ic->classdev);
+ else
diff --git a/drivers/base/devtmpfs.c b/drivers/base/devtmpfs.c
-index a4760e0..51283cf 100644
+index a4760e0..ea524a0 100644
--- a/drivers/base/devtmpfs.c
+++ b/drivers/base/devtmpfs.c
@@ -368,7 +368,7 @@ int devtmpfs_mount(const char *mntdir)
@@ -31382,6 +31516,21 @@ index a4760e0..51283cf 100644
if (err)
printk(KERN_INFO "devtmpfs: error mounting %i\n", err);
else
+@@ -393,11 +393,11 @@ static int devtmpfsd(void *p)
+ *err = sys_unshare(CLONE_NEWNS);
+ if (*err)
+ goto out;
+- *err = sys_mount("devtmpfs", "/", "devtmpfs", MS_SILENT, options);
++ *err = sys_mount((char __force_user *)"devtmpfs", (char __force_user *)"/", (char __force_user *)"devtmpfs", MS_SILENT, (char __force_user *)options);
+ if (*err)
+ goto out;
+- sys_chdir("/.."); /* will traverse into overmounted root */
+- sys_chroot(".");
++ sys_chdir((char __force_user *)"/.."); /* will traverse into overmounted root */
++ sys_chroot((char __force_user *)".");
+ complete(&setup_done);
+ while (1) {
+ spin_lock(&req_lock);
diff --git a/drivers/base/node.c b/drivers/base/node.c
index 5693ece..e39a621 100644
--- a/drivers/base/node.c
@@ -31409,6 +31558,19 @@ index 5693ece..e39a621 100644
static ssize_t show_node_state(struct sysdev_class *class,
struct sysdev_class_attribute *attr, char *buf)
+diff --git a/drivers/base/power/sysfs.c b/drivers/base/power/sysfs.c
+index adf41be0..b044daf 100644
+--- a/drivers/base/power/sysfs.c
++++ b/drivers/base/power/sysfs.c
+@@ -184,7 +184,7 @@ static ssize_t rtpm_status_show(struct device *dev,
+ return -EIO;
+ }
+ }
+- return sprintf(buf, p);
++ return sprintf(buf, "%s", p);
+ }
+
+ static DEVICE_ATTR(runtime_status, 0444, rtpm_status_show, NULL);
diff --git a/drivers/base/power/wakeup.c b/drivers/base/power/wakeup.c
index caf995f..6f76697 100644
--- a/drivers/base/power/wakeup.c
@@ -32024,6 +32186,19 @@ index a365562..933bbbd 100644
set_fs(old_fs);
if (likely(bw == len))
return 0;
+diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c
+index 40a0fcb..556767c 100644
+--- a/drivers/block/nbd.c
++++ b/drivers/block/nbd.c
+@@ -675,7 +675,7 @@ static int __nbd_ioctl(struct block_device *bdev, struct nbd_device *lo,
+
+ mutex_unlock(&lo->tx_lock);
+
+- thread = kthread_create(nbd_thread, lo, lo->disk->disk_name);
++ thread = kthread_create(nbd_thread, lo, "%s", lo->disk->disk_name);
+ if (IS_ERR(thread)) {
+ mutex_lock(&lo->tx_lock);
+ return PTR_ERR(thread);
diff --git a/drivers/block/pktcdvd.c b/drivers/block/pktcdvd.c
index a63b0a2..30228d1 100644
--- a/drivers/block/pktcdvd.c
@@ -32038,7 +32213,7 @@ index a63b0a2..30228d1 100644
static DEFINE_MUTEX(pktcdvd_mutex);
static struct pktcdvd_device *pkt_devs[MAX_WRITERS];
diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c
-index 2678b6f..d82ca54 100644
+index 2678b6f..a691234 100644
--- a/drivers/cdrom/cdrom.c
+++ b/drivers/cdrom/cdrom.c
@@ -419,7 +419,6 @@ int register_cdrom(struct cdrom_device_info *cdi)
@@ -32089,6 +32264,15 @@ index 2678b6f..d82ca54 100644
if (cgc->buffer == NULL)
return -ENOMEM;
+@@ -3432,7 +3433,7 @@ static int cdrom_print_info(const char *header, int val, char *info,
+ struct cdrom_device_info *cdi;
+ int ret;
+
+- ret = scnprintf(info + *pos, max_size - *pos, header);
++ ret = scnprintf(info + *pos, max_size - *pos, "%s", header);
+ if (!ret)
+ return 1;
+
diff --git a/drivers/cdrom/gdrom.c b/drivers/cdrom/gdrom.c
index 3ceaf00..e3c3d38 100644
--- a/drivers/cdrom/gdrom.c
@@ -32123,8 +32307,21 @@ index 4364303..9adf4ee 100644
default y
source "drivers/s390/char/Kconfig"
+diff --git a/drivers/char/agp/compat_ioctl.c b/drivers/char/agp/compat_ioctl.c
+index a48e05b..6bac831 100644
+--- a/drivers/char/agp/compat_ioctl.c
++++ b/drivers/char/agp/compat_ioctl.c
+@@ -108,7 +108,7 @@ static int compat_agpioc_reserve_wrap(struct agp_file_private *priv, void __user
+ return -ENOMEM;
+ }
+
+- if (copy_from_user(usegment, (void __user *) ureserve.seg_list,
++ if (copy_from_user(usegment, (void __force_user *) ureserve.seg_list,
+ sizeof(*usegment) * ureserve.seg_count)) {
+ kfree(usegment);
+ kfree(ksegment);
diff --git a/drivers/char/agp/frontend.c b/drivers/char/agp/frontend.c
-index 2e04433..22afc64 100644
+index 2e04433..771f2cc 100644
--- a/drivers/char/agp/frontend.c
+++ b/drivers/char/agp/frontend.c
@@ -817,7 +817,7 @@ static int agpioc_reserve_wrap(struct agp_file_private *priv, void __user *arg)
@@ -32136,6 +32333,15 @@ index 2e04433..22afc64 100644
return -EFAULT;
client = agp_find_client_by_pid(reserve.pid);
+@@ -847,7 +847,7 @@ static int agpioc_reserve_wrap(struct agp_file_private *priv, void __user *arg)
+ if (segment == NULL)
+ return -ENOMEM;
+
+- if (copy_from_user(segment, (void __user *) reserve.seg_list,
++ if (copy_from_user(segment, (void __force_user *) reserve.seg_list,
+ sizeof(struct agp_segment) * reserve.seg_count)) {
+ kfree(segment);
+ return -EFAULT;
diff --git a/drivers/char/briq_panel.c b/drivers/char/briq_panel.c
index 095ab90..afad0a4 100644
--- a/drivers/char/briq_panel.c
@@ -32206,6 +32412,19 @@ index 14d49e4..d331fd8 100644
struct hpet_info *info)
{
struct hpet_timer __iomem *timer;
+diff --git a/drivers/char/hw_random/intel-rng.c b/drivers/char/hw_random/intel-rng.c
+index 86fe45c..c0ea948 100644
+--- a/drivers/char/hw_random/intel-rng.c
++++ b/drivers/char/hw_random/intel-rng.c
+@@ -314,7 +314,7 @@ PFX "RNG, try using the 'no_fwh_detect' option.\n";
+
+ if (no_fwh_detect)
+ return -ENODEV;
+- printk(warning);
++ printk("%s", warning);
+ return -EBUSY;
+ }
+
diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c
index 58c0e63..46c16bf 100644
--- a/drivers/char/ipmi/ipmi_msghandler.c
@@ -32288,7 +32507,7 @@ index 1aeaaba..e018570 100644
.part_num = MBCS_PART_NUM,
.mfg_num = MBCS_MFG_NUM,
diff --git a/drivers/char/mem.c b/drivers/char/mem.c
-index 1451790..d42d89d 100644
+index 1451790..046b083 100644
--- a/drivers/char/mem.c
+++ b/drivers/char/mem.c
@@ -18,6 +18,7 @@
@@ -32369,6 +32588,15 @@ index 1451790..d42d89d 100644
unxlate_dev_mem_ptr(p, ptr);
if (remaining)
return -EFAULT;
+@@ -376,7 +407,7 @@ static ssize_t read_oldmem(struct file *file, char __user *buf,
+ else
+ csize = count;
+
+- rc = copy_oldmem_page(pfn, buf, csize, offset, 1);
++ rc = copy_oldmem_page(pfn, (char __force_kernel *)buf, csize, offset, 1);
+ if (rc < 0)
+ return rc;
+ buf += csize;
@@ -396,9 +427,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf,
size_t count, loff_t *ppos)
{
@@ -32435,6 +32663,15 @@ index 1451790..d42d89d 100644
};
static int memory_open(struct inode *inode, struct file *filp)
+@@ -931,7 +986,7 @@ static int __init chr_dev_init(void)
+ if (!devlist[minor].name)
+ continue;
+ device_create(mem_class, NULL, MKDEV(MEM_MAJOR, minor),
+- NULL, devlist[minor].name);
++ NULL, "%s", devlist[minor].name);
+ }
+
+ return tty_init();
diff --git a/drivers/char/mwave/tp3780i.c b/drivers/char/mwave/tp3780i.c
index c689697..04e6d6a2 100644
--- a/drivers/char/mwave/tp3780i.c
@@ -32937,6 +33174,19 @@ index 1e756e1..6f7ead5 100644
.attrs = cpuclass_default_attrs,
.name = "cpuidle",
};
+diff --git a/drivers/devfreq/devfreq.c b/drivers/devfreq/devfreq.c
+index 59d24e9..0d20240 100644
+--- a/drivers/devfreq/devfreq.c
++++ b/drivers/devfreq/devfreq.c
+@@ -372,7 +372,7 @@ struct devfreq *devfreq_add_device(struct device *dev,
+ = msecs_to_jiffies(devfreq->profile->polling_ms);
+ devfreq->nb.notifier_call = devfreq_notifier_call;
+
+- dev_set_name(&devfreq->dev, dev_name(dev));
++ dev_set_name(&devfreq->dev, "%s", dev_name(dev));
+ err = device_register(&devfreq->dev);
+ if (err) {
+ put_device(&devfreq->dev);
diff --git a/drivers/dma/dmatest.c b/drivers/dma/dmatest.c
index eb1d864..39ee5a7 100644
--- a/drivers/dma/dmatest.c
@@ -33598,6 +33848,28 @@ index 40c187c..59da444 100644
++file_priv->ioctl_count;
DRM_DEBUG("pid=%d, cmd=0x%02x, nr=0x%02x, dev 0x%lx, auth=%d\n",
+diff --git a/drivers/gpu/drm/drm_encoder_slave.c b/drivers/gpu/drm/drm_encoder_slave.c
+index fb94355..e1fcec5 100644
+--- a/drivers/gpu/drm/drm_encoder_slave.c
++++ b/drivers/gpu/drm/drm_encoder_slave.c
+@@ -54,16 +54,12 @@ int drm_i2c_encoder_init(struct drm_device *dev,
+ struct i2c_adapter *adap,
+ const struct i2c_board_info *info)
+ {
+- char modalias[sizeof(I2C_MODULE_PREFIX)
+- + I2C_NAME_SIZE];
+ struct module *module = NULL;
+ struct i2c_client *client;
+ struct drm_i2c_encoder_driver *encoder_drv;
+ int err = 0;
+
+- snprintf(modalias, sizeof(modalias),
+- "%s%s", I2C_MODULE_PREFIX, info->type);
+- request_module(modalias);
++ request_module("%s%s", I2C_MODULE_PREFIX, info->type);
+
+ client = i2c_new_device(adap, info);
+ if (!client) {
diff --git a/drivers/gpu/drm/drm_fops.c b/drivers/gpu/drm/drm_fops.c
index 020b103..68ae292 100644
--- a/drivers/gpu/drm/drm_fops.c
@@ -33847,6 +34119,19 @@ index 632ae24..244cf4a 100644
if (drm_lock_free(&master->lock, lock->context)) {
/* FIXME: Should really bail out here. */
+diff --git a/drivers/gpu/drm/drm_sysfs.c b/drivers/gpu/drm/drm_sysfs.c
+index 0f9ef9b..48bd695 100644
+--- a/drivers/gpu/drm/drm_sysfs.c
++++ b/drivers/gpu/drm/drm_sysfs.c
+@@ -495,7 +495,7 @@ EXPORT_SYMBOL(drm_sysfs_hotplug_event);
+ int drm_sysfs_device_add(struct drm_minor *minor)
+ {
+ int err;
+- char *minor_str;
++ const char *minor_str;
+
+ minor->kdev.parent = minor->dev->dev;
+
diff --git a/drivers/gpu/drm/i810/i810_dma.c b/drivers/gpu/drm/i810/i810_dma.c
index 8f371e8..9f85d52 100644
--- a/drivers/gpu/drm/i810/i810_dma.c
@@ -34939,6 +35224,28 @@ index 63db75d..999004d 100644
dev_warn(rdev->dev, "failed blitter (%d) falling back to memcpy\n", r);
}
+diff --git a/drivers/gpu/drm/ttm/ttm_memory.c b/drivers/gpu/drm/ttm/ttm_memory.c
+index e70ddd8..ddfa1cd 100644
+--- a/drivers/gpu/drm/ttm/ttm_memory.c
++++ b/drivers/gpu/drm/ttm/ttm_memory.c
+@@ -263,7 +263,7 @@ static int ttm_mem_init_kernel_zone(struct ttm_mem_global *glob,
+ zone->glob = glob;
+ glob->zone_kernel = zone;
+ ret = kobject_init_and_add(
+- &zone->kobj, &ttm_mem_zone_kobj_type, &glob->kobj, zone->name);
++ &zone->kobj, &ttm_mem_zone_kobj_type, &glob->kobj, "%s", zone->name);
+ if (unlikely(ret != 0)) {
+ kobject_put(&zone->kobj);
+ return ret;
+@@ -346,7 +346,7 @@ static int ttm_mem_init_dma32_zone(struct ttm_mem_global *glob,
+ zone->glob = glob;
+ glob->zone_dma32 = zone;
+ ret = kobject_init_and_add(
+- &zone->kobj, &ttm_mem_zone_kobj_type, &glob->kobj, zone->name);
++ &zone->kobj, &ttm_mem_zone_kobj_type, &glob->kobj, "%s", zone->name);
+ if (unlikely(ret != 0)) {
+ kobject_put(&zone->kobj);
+ return ret;
diff --git a/drivers/gpu/drm/ttm/ttm_page_alloc.c b/drivers/gpu/drm/ttm/ttm_page_alloc.c
index 9e4313e..46fad36 100644
--- a/drivers/gpu/drm/ttm/ttm_page_alloc.c
@@ -35104,6 +35411,28 @@ index a0c2f12..68ae6cb 100644
} while (*seqno == 0);
if (!(fifo_state->capabilities & SVGA_FIFO_CAP_FENCE)) {
+diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ioctl.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ioctl.c
+index 66917c6..2dcc8ae 100644
+--- a/drivers/gpu/drm/vmwgfx/vmwgfx_ioctl.c
++++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ioctl.c
+@@ -135,7 +135,7 @@ int vmw_present_ioctl(struct drm_device *dev, void *data,
+ int ret;
+
+ num_clips = arg->num_clips;
+- clips_ptr = (struct drm_vmw_rect *)(unsigned long)arg->clips_ptr;
++ clips_ptr = (struct drm_vmw_rect __user *)(unsigned long)arg->clips_ptr;
+
+ if (unlikely(num_clips == 0))
+ return 0;
+@@ -221,7 +221,7 @@ int vmw_present_readback_ioctl(struct drm_device *dev, void *data,
+ int ret;
+
+ num_clips = arg->num_clips;
+- clips_ptr = (struct drm_vmw_rect *)(unsigned long)arg->clips_ptr;
++ clips_ptr = (struct drm_vmw_rect __user *)(unsigned long)arg->clips_ptr;
+
+ if (unlikely(num_clips == 0))
+ return 0;
diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_irq.c b/drivers/gpu/drm/vmwgfx/vmwgfx_irq.c
index cabc95f..14b3d77 100644
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_irq.c
@@ -35443,6 +35772,19 @@ index 29015eb..af2d8e9 100644
/* Wrapper access functions for multiplexed SMBus */
static DEFINE_MUTEX(nforce2_lock);
+diff --git a/drivers/i2c/i2c-dev.c b/drivers/i2c/i2c-dev.c
+index 57a45ce8..51bd6c1 100644
+--- a/drivers/i2c/i2c-dev.c
++++ b/drivers/i2c/i2c-dev.c
+@@ -276,7 +276,7 @@ static noinline int i2cdev_ioctl_rdrw(struct i2c_client *client,
+ res = -EINVAL;
+ break;
+ }
+- data_ptrs[i] = (u8 __user *)rdwr_pa[i].buf;
++ data_ptrs[i] = (u8 __force_user *)rdwr_pa[i].buf;
+ rdwr_pa[i].buf = memdup_user(data_ptrs[i], rdwr_pa[i].len);
+ if (IS_ERR(rdwr_pa[i].buf)) {
+ res = PTR_ERR(rdwr_pa[i].buf);
diff --git a/drivers/ide/aec62xx.c b/drivers/ide/aec62xx.c
index 57d00ca..0145194 100644
--- a/drivers/ide/aec62xx.c
@@ -38106,6 +38448,59 @@ index a0895bf..b451f5b 100644
.owner = THIS_MODULE,
.open = timblogiw_open,
.release = timblogiw_close,
+diff --git a/drivers/media/video/v4l2-compat-ioctl32.c b/drivers/media/video/v4l2-compat-ioctl32.c
+index c68531b..82a9ea0 100644
+--- a/drivers/media/video/v4l2-compat-ioctl32.c
++++ b/drivers/media/video/v4l2-compat-ioctl32.c
+@@ -332,7 +332,7 @@ struct v4l2_buffer32 {
+ __u32 reserved;
+ };
+
+-static int get_v4l2_plane32(struct v4l2_plane *up, struct v4l2_plane32 *up32,
++static int get_v4l2_plane32(struct v4l2_plane __user *up, struct v4l2_plane32 __user *up32,
+ enum v4l2_memory memory)
+ {
+ void __user *up_pln;
+@@ -358,7 +358,7 @@ static int get_v4l2_plane32(struct v4l2_plane *up, struct v4l2_plane32 *up32,
+ return 0;
+ }
+
+-static int put_v4l2_plane32(struct v4l2_plane *up, struct v4l2_plane32 *up32,
++static int put_v4l2_plane32(struct v4l2_plane __user *up, struct v4l2_plane32 __user *up32,
+ enum v4l2_memory memory)
+ {
+ if (copy_in_user(up32, up, 2 * sizeof(__u32)) ||
+diff --git a/drivers/media/video/v4l2-ioctl.c b/drivers/media/video/v4l2-ioctl.c
+index 639abee..e2336f4 100644
+--- a/drivers/media/video/v4l2-ioctl.c
++++ b/drivers/media/video/v4l2-ioctl.c
+@@ -2197,7 +2197,7 @@ static unsigned long cmd_input_size(unsigned int cmd)
+ }
+
+ static int check_array_args(unsigned int cmd, void *parg, size_t *array_size,
+- void * __user *user_ptr, void ***kernel_ptr)
++ void __user **user_ptr, void ***kernel_ptr)
+ {
+ int ret = 0;
+
+@@ -2212,7 +2212,7 @@ static int check_array_args(unsigned int cmd, void *parg, size_t *array_size,
+ ret = -EINVAL;
+ break;
+ }
+- *user_ptr = (void __user *)buf->m.planes;
++ *user_ptr = (void __force_user *)buf->m.planes;
+ *kernel_ptr = (void *)&buf->m.planes;
+ *array_size = sizeof(struct v4l2_plane) * buf->length;
+ ret = 1;
+@@ -2230,7 +2230,7 @@ static int check_array_args(unsigned int cmd, void *parg, size_t *array_size,
+ ret = -EINVAL;
+ break;
+ }
+- *user_ptr = (void __user *)ctrls->controls;
++ *user_ptr = (void __force_user *)ctrls->controls;
+ *kernel_ptr = (void *)&ctrls->controls;
+ *array_size = sizeof(struct v4l2_ext_control)
+ * ctrls->count;
diff --git a/drivers/memstick/host/r592.c b/drivers/memstick/host/r592.c
index 668f5c6..65df5f2 100644
--- a/drivers/memstick/host/r592.c
@@ -46886,6 +47281,19 @@ index 081dc47..6e20d0b 100644
info->var.accel_flags = (!noaccel);
+diff --git a/drivers/video/output.c b/drivers/video/output.c
+index 0d6f2cd..6285b97 100644
+--- a/drivers/video/output.c
++++ b/drivers/video/output.c
+@@ -97,7 +97,7 @@ struct output_device *video_output_register(const char *name,
+ new_dev->props = op;
+ new_dev->dev.class = &video_output_class;
+ new_dev->dev.parent = dev;
+- dev_set_name(&new_dev->dev, name);
++ dev_set_name(&new_dev->dev, "%s", name);
+ dev_set_drvdata(&new_dev->dev, devdata);
+ ret_code = device_register(&new_dev->dev);
+ if (ret_code) {
diff --git a/drivers/video/s1d13xxxfb.c b/drivers/video/s1d13xxxfb.c
index 28b1c6c..b9939d9 100644
--- a/drivers/video/s1d13xxxfb.c
@@ -47311,6 +47719,19 @@ index fef20db..d28b1ab 100644
if (!file->private_data)
return -ENOMEM;
return 0;
+diff --git a/fs/9p/vfs_addr.c b/fs/9p/vfs_addr.c
+index 2524e4c..2962cc6a 100644
+--- a/fs/9p/vfs_addr.c
++++ b/fs/9p/vfs_addr.c
+@@ -185,7 +185,7 @@ static int v9fs_vfs_writepage_locked(struct page *page)
+
+ retval = v9fs_file_write_internal(inode,
+ v9inode->writeback_fid,
+- (__force const char __user *)buffer,
++ (const char __force_user *)buffer,
+ len, &offset, 0);
+ if (retval > 0)
+ retval = 0;
diff --git a/fs/9p/vfs_inode.c b/fs/9p/vfs_inode.c
index 879ed88..bc03a01 100644
--- a/fs/9p/vfs_inode.c
@@ -47649,7 +48070,7 @@ index a6395bd..f1e376a 100644
(unsigned long) create_aout_tables((char __user *) bprm->p, bprm);
#ifdef __alpha__
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
-index 8dd615c..315240a 100644
+index 8dd615c..ff7ac04 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -32,6 +32,7 @@
@@ -47884,7 +48305,7 @@ index 8dd615c..315240a 100644
+#endif
+
+#ifdef CONFIG_PAX_EMUTRAMP
-+ if (pax_flags_softmode & MF_PAX_EMUTRAMP)
++ if ((pax_flags_softmode & MF_PAX_EMUTRAMP) && (pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)))
+ pax_flags |= MF_PAX_EMUTRAMP;
+#endif
+
@@ -49414,7 +49835,7 @@ index 112e45a..b59845b 100644
/*
diff --git a/fs/compat_ioctl.c b/fs/compat_ioctl.c
-index f854cf9..93292ff 100644
+index f854cf9..d513829 100644
--- a/fs/compat_ioctl.c
+++ b/fs/compat_ioctl.c
@@ -623,7 +623,7 @@ static int serial_struct_ioctl(unsigned fd, unsigned cmd,
@@ -49426,6 +49847,17 @@ index f854cf9..93292ff 100644
if (__get_user(ss.iomem_reg_shift, &ss32->iomem_reg_shift) ||
__get_user(ss.port_high, &ss32->port_high))
return -EFAULT;
+@@ -704,8 +704,8 @@ static int do_i2c_rdwr_ioctl(unsigned int fd, unsigned int cmd,
+ for (i = 0; i < nmsgs; i++) {
+ if (copy_in_user(&tmsgs[i].addr, &umsgs[i].addr, 3*sizeof(u16)))
+ return -EFAULT;
+- if (get_user(datap, &umsgs[i].buf) ||
+- put_user(compat_ptr(datap), &tmsgs[i].buf))
++ if (get_user(datap, (u8 __user * __user *)&umsgs[i].buf) ||
++ put_user(compat_ptr(datap), (u8 __user * __user *)&tmsgs[i].buf))
+ return -EFAULT;
+ }
+ return sys_ioctl(fd, cmd, (unsigned long)tdata);
@@ -798,7 +798,7 @@ static int compat_ioctl_preallocate(struct file *file,
copy_in_user(&p->l_len, &p32->l_len, sizeof(s64)) ||
copy_in_user(&p->l_sysid, &p32->l_sysid, sizeof(s32)) ||
@@ -49670,7 +50102,7 @@ index 451b9b8..12e5a03 100644
out_free_fd:
diff --git a/fs/exec.c b/fs/exec.c
-index 312e297..4c133f2 100644
+index 312e297..699f362 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -55,12 +55,35 @@
@@ -49864,7 +50296,7 @@ index 312e297..4c133f2 100644
mm_segment_t oldfs = get_fs();
struct user_arg_ptr argv = {
- .ptr.native = (const char __user *const __user *)__argv,
-+ .ptr.native = (const char __force_user *const __force_user *)__argv,
++ .ptr.native = (const char __force_user * const __force_user *)__argv,
};
set_fs(KERNEL_DS);
@@ -50897,8 +51329,21 @@ index 9243103..750691a 100644
trace_ext4_mballoc_discard(sb, NULL, group, bit, pa->pa_len);
return 0;
+diff --git a/fs/ext4/mmp.c b/fs/ext4/mmp.c
+index f3358ab..fbb1d90 100644
+--- a/fs/ext4/mmp.c
++++ b/fs/ext4/mmp.c
+@@ -73,7 +73,7 @@ static int read_mmp_block(struct super_block *sb, struct buffer_head **bh,
+ void __dump_mmp_msg(struct super_block *sb, struct mmp_struct *mmp,
+ const char *function, unsigned int line, const char *msg)
+ {
+- __ext4_warning(sb, function, line, msg);
++ __ext4_warning(sb, function, line, "%s", msg);
+ __ext4_warning(sb, function, line,
+ "MMP failure info: last update time: %llu, last update "
+ "node: %s, last update device: %s\n",
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
-index 259e950..ee9c9f3 100644
+index 259e950..2d40e76 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -92,6 +92,8 @@ static struct file_system_type ext2_fs_type = {
@@ -50919,6 +51364,15 @@ index 259e950..ee9c9f3 100644
#define IS_EXT3_SB(sb) ((sb)->s_bdev->bd_holder == &ext3_fs_type)
#else
#define IS_EXT3_SB(sb) (0)
+@@ -1438,7 +1442,7 @@ static ext4_fsblk_t get_sb_block(void **data)
+ }
+
+ #define DEFAULT_JOURNAL_IOPRIO (IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 3))
+-static char deprecated_msg[] = "Mount option \"%s\" will be removed by %s\n"
++static const char deprecated_msg[] = "Mount option \"%s\" will be removed by %s\n"
+ "Contact linux-ext4@vger.kernel.org if you think we should keep it.\n";
+
+ #ifdef CONFIG_QUOTA
@@ -2469,7 +2473,7 @@ struct ext4_attr {
ssize_t (*store)(struct ext4_attr *, struct ext4_sb_info *,
const char *, size_t);
@@ -52976,6 +53430,19 @@ index 8392cb8..80d6193 100644
memcpy(c->data, &cookie, 4);
c->len=4;
+diff --git a/fs/lockd/svc.c b/fs/lockd/svc.c
+index 2444780..2544030 100644
+--- a/fs/lockd/svc.c
++++ b/fs/lockd/svc.c
+@@ -295,7 +295,7 @@ int lockd_up(void)
+ svc_sock_update_bufs(serv);
+ serv->sv_maxconn = nlm_max_connections;
+
+- nlmsvc_task = kthread_run(lockd, nlmsvc_rqst, serv->sv_name);
++ nlmsvc_task = kthread_run(lockd, nlmsvc_rqst, "%s", serv->sv_name);
+ if (IS_ERR(nlmsvc_task)) {
+ error = PTR_ERR(nlmsvc_task);
+ svc_exit_thread(nlmsvc_rqst);
diff --git a/fs/locks.c b/fs/locks.c
index fcc50ab..c3dacf26 100644
--- a/fs/locks.c
@@ -53617,7 +54084,7 @@ index 9680cef..36c9152 100644
out:
return len;
diff --git a/fs/namespace.c b/fs/namespace.c
-index ca4913a..8d4cf9e 100644
+index ca4913a..4d493ac 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -1327,6 +1327,9 @@ static int do_umount(struct vfsmount *mnt, int flags)
@@ -53640,6 +54107,24 @@ index ca4913a..8d4cf9e 100644
return retval;
}
+@@ -1357,7 +1363,7 @@ static int do_umount(struct vfsmount *mnt, int flags)
+ * unixes. Our API is identical to OSF/1 to avoid making a mess of AMD
+ */
+
+-SYSCALL_DEFINE2(umount, char __user *, name, int, flags)
++SYSCALL_DEFINE2(umount, const char __user *, name, int, flags)
+ {
+ struct path path;
+ int retval;
+@@ -1396,7 +1402,7 @@ out:
+ /*
+ * The 2.0 compatible umount. No flags.
+ */
+-SYSCALL_DEFINE1(oldumount, char __user *, name)
++SYSCALL_DEFINE1(oldumount, const char __user *, name)
+ {
+ return sys_umount(name, 0);
+ }
@@ -2337,6 +2343,16 @@ long do_mount(char *dev_name, char *dir_name, char *type_page,
MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT |
MS_STRICTATIME);
@@ -53667,6 +54152,17 @@ index ca4913a..8d4cf9e 100644
return retval;
}
+@@ -2518,8 +2537,8 @@ struct dentry *mount_subtree(struct vfsmount *mnt, const char *name)
+ }
+ EXPORT_SYMBOL(mount_subtree);
+
+-SYSCALL_DEFINE5(mount, char __user *, dev_name, char __user *, dir_name,
+- char __user *, type, unsigned long, flags, void __user *, data)
++SYSCALL_DEFINE5(mount, const char __user *, dev_name, const char __user *, dir_name,
++ const char __user *, type, unsigned long, flags, void __user *, data)
+ {
+ int ret;
+ char *kernel_type;
@@ -2606,6 +2625,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root,
if (error)
goto out2;
@@ -53691,6 +54187,30 @@ index cbd1a61..b43f68b 100644
static int __init init_ncp_fs(void)
{
+diff --git a/fs/nfs/callback.c b/fs/nfs/callback.c
+index 516f337..82a82df 100644
+--- a/fs/nfs/callback.c
++++ b/fs/nfs/callback.c
+@@ -250,7 +250,6 @@ int nfs_callback_up(u32 minorversion, struct rpc_xprt *xprt)
+ struct svc_rqst *rqstp;
+ int (*callback_svc)(void *vrqstp);
+ struct nfs_callback_data *cb_info = &nfs_callback_info[minorversion];
+- char svc_name[12];
+ int ret = 0;
+ int minorversion_setup;
+
+@@ -280,10 +279,9 @@ int nfs_callback_up(u32 minorversion, struct rpc_xprt *xprt)
+
+ svc_sock_update_bufs(serv);
+
+- sprintf(svc_name, "nfsv4.%u-svc", minorversion);
+ cb_info->serv = serv;
+ cb_info->rqst = rqstp;
+- cb_info->task = kthread_run(callback_svc, cb_info->rqst, svc_name);
++ cb_info->task = kthread_run(callback_svc, cb_info->rqst, "nfsv4.%u-svc", minorversion);
+ if (IS_ERR(cb_info->task)) {
+ ret = PTR_ERR(cb_info->task);
+ svc_exit_thread(cb_info->rqst);
diff --git a/fs/nfs/callback_xdr.c b/fs/nfs/callback_xdr.c
index 168cb93..20486571 100644
--- a/fs/nfs/callback_xdr.c
@@ -53846,10 +54366,10 @@ index ade5316..f1a6152 100644
};
diff --git a/fs/nfsd/nfscache.c b/fs/nfsd/nfscache.c
-index 2cbac34..06593b2 100644
+index 2cbac34..21c9120 100644
--- a/fs/nfsd/nfscache.c
+++ b/fs/nfsd/nfscache.c
-@@ -259,13 +259,15 @@ nfsd_cache_update(struct svc_rqst *rqstp, int cachetype, __be32 *statp)
+@@ -259,13 +259,16 @@ nfsd_cache_update(struct svc_rqst *rqstp, int cachetype, __be32 *statp)
{
struct svc_cacherep *rp;
struct kvec *resv = &rqstp->rq_res.head[0], *cachv;
@@ -53862,7 +54382,8 @@ index 2cbac34..06593b2 100644
- len = resv->iov_len - ((char*)statp - (char*)resv->iov_base);
- len >>= 2;
+ if (statp) {
-+ len = resv->iov_len - ((char*)statp - (char*)resv->iov_base);
++ len = (char*)statp - (char*)resv->iov_base;
++ len = resv->iov_len - len;
+ len >>= 2;
+ }
@@ -55943,6 +56464,36 @@ index 980de54..78b2faa 100644
if (!mm || IS_ERR(mm)) {
put_task_struct(priv->task);
priv->task = NULL;
+diff --git a/fs/proc/vmcore.c b/fs/proc/vmcore.c
+index b0f450a..8ba3e5d 100644
+--- a/fs/proc/vmcore.c
++++ b/fs/proc/vmcore.c
+@@ -97,9 +97,13 @@ static ssize_t read_from_oldmem(char *buf, size_t count,
+ nr_bytes = count;
+
+ /* If pfn is not ram, return zeros for sparse dump files */
+- if (pfn_is_ram(pfn) == 0)
+- memset(buf, 0, nr_bytes);
+- else {
++ if (pfn_is_ram(pfn) == 0) {
++ if (userbuf) {
++ if (clear_user((char __force_user *)buf, nr_bytes))
++ return -EFAULT;
++ } else
++ memset(buf, 0, nr_bytes);
++ } else {
+ tmp = copy_oldmem_page(pfn, buf, nr_bytes,
+ offset, userbuf);
+ if (tmp < 0)
+@@ -184,7 +188,7 @@ static ssize_t read_vmcore(struct file *file, char __user *buffer,
+ tsz = nr_bytes;
+
+ while (buflen) {
+- tmp = read_from_oldmem(buffer, tsz, &start, 1);
++ tmp = read_from_oldmem((char __force_kernel *)buffer, tsz, &start, 1);
+ if (tmp < 0)
+ return tmp;
+ buflen -= tsz;
diff --git a/fs/qnx4/inode.c b/fs/qnx4/inode.c
index 3bdd214..e570832 100644
--- a/fs/qnx4/inode.c
@@ -72401,9 +72952,25 @@ index ea0c02f..0eed39d 100644
#ifdef __arch_swab64
return __arch_swab64(val);
diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h
-index 86a24b1..5991c65 100644
+index 86a24b1..58153f1 100644
--- a/include/linux/syscalls.h
+++ b/include/linux/syscalls.h
+@@ -392,11 +392,11 @@ asmlinkage long sys_sync(void);
+ asmlinkage long sys_fsync(unsigned int fd);
+ asmlinkage long sys_fdatasync(unsigned int fd);
+ asmlinkage long sys_bdflush(int func, long data);
+-asmlinkage long sys_mount(char __user *dev_name, char __user *dir_name,
+- char __user *type, unsigned long flags,
++asmlinkage long sys_mount(const char __user *dev_name, const char __user *dir_name,
++ const char __user *type, unsigned long flags,
+ void __user *data);
+-asmlinkage long sys_umount(char __user *name, int flags);
+-asmlinkage long sys_oldumount(char __user *name);
++asmlinkage long sys_umount(const char __user *name, int flags);
++asmlinkage long sys_oldumount(const char __user *name);
+ asmlinkage long sys_truncate(const char __user *path, long length);
+ asmlinkage long sys_ftruncate(unsigned int fd, unsigned long length);
+ asmlinkage long sys_stat(const char __user *filename,
@@ -608,7 +608,7 @@ asmlinkage long sys_getsockname(int, struct sockaddr __user *, int __user *);
asmlinkage long sys_getpeername(int, struct sockaddr __user *, int __user *);
asmlinkage long sys_send(int, void __user *, size_t, unsigned);
@@ -72829,7 +73396,7 @@ index 6f8fbcf..8259001 100644
+ MODULE_GRSEC
diff --git a/include/linux/vmalloc.h b/include/linux/vmalloc.h
-index 4bde182..86b5ac7 100644
+index 4bde182..dff01df 100644
--- a/include/linux/vmalloc.h
+++ b/include/linux/vmalloc.h
@@ -14,6 +14,11 @@ struct vm_area_struct; /* vma defining user mapping in mm_types.h */
@@ -72837,7 +73404,7 @@ index 4bde182..86b5ac7 100644
#define VM_VPAGES 0x00000010 /* buffer for pages was vmalloc'ed */
#define VM_UNLIST 0x00000020 /* vm_struct is not listed in vmlist */
+
-+#if defined(CONFIG_MODULES) && defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC)
++#if defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC)
+#define VM_KERNEXEC 0x00000040 /* allocate from executable kernel memory range */
+#endif
+
@@ -74055,7 +74622,7 @@ index 32c4799..c27ee74 100644
sys_ioctl(fd, RAID_AUTORUN, raid_autopart);
sys_close(fd);
diff --git a/init/initramfs.c b/init/initramfs.c
-index 2531811..040d4d4 100644
+index 2531811..4f036c4 100644
--- a/init/initramfs.c
+++ b/init/initramfs.c
@@ -74,7 +74,7 @@ static void __init free_hash(void)
@@ -74166,6 +74733,15 @@ index 2531811..040d4d4 100644
state = SkipIt;
next_state = Reset;
return 0;
+@@ -573,7 +573,7 @@ static int __init populate_rootfs(void)
+ {
+ char *err = unpack_to_rootfs(__initramfs_start, __initramfs_size);
+ if (err)
+- panic(err); /* Failed to decompress INTERNAL initramfs */
++ panic("%s", err); /* Failed to decompress INTERNAL initramfs */
+ if (initrd_start) {
+ #ifdef CONFIG_BLK_DEV_RAM
+ int fd;
diff --git a/init/main.c b/init/main.c
index 5d0eb1d..19ff85b 100644
--- a/init/main.c
@@ -80553,9 +81129,18 @@ index bd2bea9..6b3c95e 100644
return false;
diff --git a/lib/kobject.c b/lib/kobject.c
-index 83bd5b3..a0de35f 100644
+index 83bd5b3..8a0c75f 100644
--- a/lib/kobject.c
+++ b/lib/kobject.c
+@@ -844,7 +844,7 @@ static struct kset *kset_create(const char *name,
+ kset = kzalloc(sizeof(*kset), GFP_KERNEL);
+ if (!kset)
+ return NULL;
+- retval = kobject_set_name(&kset->kobj, name);
++ retval = kobject_set_name(&kset->kobj, "%s", name);
+ if (retval) {
+ kfree(kset);
+ return NULL;
@@ -898,9 +898,9 @@ EXPORT_SYMBOL_GPL(kset_create_and_add);
@@ -80926,6 +81511,28 @@ index 011b110..fad8776 100644
select PROC_PAGE_MONITOR
config NOMMU_INITIAL_TRIM_EXCESS
+diff --git a/mm/backing-dev.c b/mm/backing-dev.c
+index 2b49dd2..00bdcdb 100644
+--- a/mm/backing-dev.c
++++ b/mm/backing-dev.c
+@@ -759,7 +759,6 @@ EXPORT_SYMBOL(bdi_destroy);
+ int bdi_setup_and_register(struct backing_dev_info *bdi, char *name,
+ unsigned int cap)
+ {
+- char tmp[32];
+ int err;
+
+ bdi->name = name;
+@@ -768,8 +767,7 @@ int bdi_setup_and_register(struct backing_dev_info *bdi, char *name,
+ if (err)
+ return err;
+
+- sprintf(tmp, "%.28s%s", name, "-%d");
+- err = bdi_register(bdi, NULL, tmp, atomic_long_inc_return(&bdi_seq));
++ err = bdi_register(bdi, NULL, "%.28s-%ld", name, atomic_long_inc_return(&bdi_seq));
+ if (err) {
+ bdi_destroy(bdi);
+ return err;
diff --git a/mm/filemap.c b/mm/filemap.c
index 556858c..ec09758 100644
--- a/mm/filemap.c
@@ -85105,7 +85712,7 @@ index 8105be4..e1af823 100644
EXPORT_SYMBOL(kmem_cache_free);
diff --git a/mm/slub.c b/mm/slub.c
-index 5710788..431fdf8 100644
+index 5710788..12ea6c9 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -186,7 +186,7 @@ static enum {
@@ -85395,6 +86002,15 @@ index 5710788..431fdf8 100644
static int sysfs_slab_add(struct kmem_cache *s)
{
int err;
+@@ -5265,7 +5348,7 @@ static int sysfs_slab_add(struct kmem_cache *s)
+ }
+
+ s->kobj.kset = slab_kset;
+- err = kobject_init_and_add(&s->kobj, &slab_ktype, NULL, name);
++ err = kobject_init_and_add(&s->kobj, &slab_ktype, NULL, "%s", name);
+ if (err) {
+ kobject_put(&s->kobj);
+ return err;
@@ -5299,6 +5382,7 @@ static void sysfs_slab_remove(struct kmem_cache *s)
kobject_del(&s->kobj);
kobject_put(&s->kobj);
@@ -85531,7 +86147,7 @@ index 136ac4f..f917fa9 100644
mm->unmap_area = arch_unmap_area;
}
diff --git a/mm/vmalloc.c b/mm/vmalloc.c
-index eeba3bb..8555cab 100644
+index eeba3bb..5ebaf67 100644
--- a/mm/vmalloc.c
+++ b/mm/vmalloc.c
@@ -39,8 +39,19 @@ static void vunmap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end)
@@ -85541,7 +86157,7 @@ index eeba3bb..8555cab 100644
- pte_t ptent = ptep_get_and_clear(&init_mm, addr, pte);
- WARN_ON(!pte_none(ptent) && !pte_present(ptent));
+
-+#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
++#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
+ if ((unsigned long)MODULES_EXEC_VADDR <= addr && addr < (unsigned long)MODULES_EXEC_END) {
+ BUG_ON(!pte_exec(*pte));
+ set_pte_at(&init_mm, addr, pte, pfn_pte(__pa(addr) >> PAGE_SHIFT, PAGE_KERNEL_EXEC));
@@ -85566,7 +86182,7 @@ index eeba3bb..8555cab 100644
struct page *page = pages[*nr];
- if (WARN_ON(!pte_none(*pte)))
-+#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
++#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
+ if (pgprot_val(prot) & _PAGE_NX)
+#endif
+
@@ -85606,14 +86222,7 @@ index eeba3bb..8555cab 100644
if (!pud)
return -ENOMEM;
do {
-@@ -191,11 +215,20 @@ int is_vmalloc_or_module_addr(const void *x)
- * and fall back on vmalloc() if that fails. Others
- * just put it in the vmalloc space.
- */
--#if defined(CONFIG_MODULES) && defined(MODULES_VADDR)
-+#ifdef CONFIG_MODULES
-+#ifdef MODULES_VADDR
- unsigned long addr = (unsigned long)x;
+@@ -196,6 +220,12 @@ int is_vmalloc_or_module_addr(const void *x)
if (addr >= MODULES_VADDR && addr < MODULES_END)
return 1;
#endif
@@ -85623,12 +86232,10 @@ index eeba3bb..8555cab 100644
+ return 1;
+#endif
+
-+#endif
-+
return is_vmalloc_addr(x);
}
-@@ -216,8 +249,14 @@ struct page *vmalloc_to_page(const void *vmalloc_addr)
+@@ -216,8 +246,14 @@ struct page *vmalloc_to_page(const void *vmalloc_addr)
if (!pgd_none(*pgd)) {
pud_t *pud = pud_offset(pgd, addr);
@@ -85643,7 +86250,7 @@ index eeba3bb..8555cab 100644
if (!pmd_none(*pmd)) {
pte_t *ptep, pte;
-@@ -329,7 +368,7 @@ static void purge_vmap_area_lazy(void);
+@@ -329,7 +365,7 @@ static void purge_vmap_area_lazy(void);
* Allocate a region of KVA of the specified size and alignment, within the
* vstart and vend.
*/
@@ -85652,12 +86259,12 @@ index eeba3bb..8555cab 100644
unsigned long align,
unsigned long vstart, unsigned long vend,
int node, gfp_t gfp_mask)
-@@ -1295,6 +1334,16 @@ static struct vm_struct *__get_vm_area_node(unsigned long size,
+@@ -1295,6 +1331,16 @@ static struct vm_struct *__get_vm_area_node(unsigned long size,
struct vm_struct *area;
BUG_ON(in_interrupt());
+
-+#if defined(CONFIG_MODULES) && defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC)
++#if defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC)
+ if (flags & VM_KERNEXEC) {
+ if (start != VMALLOC_START || end != VMALLOC_END)
+ return NULL;
@@ -85669,11 +86276,11 @@ index eeba3bb..8555cab 100644
if (flags & VM_IOREMAP) {
int bit = fls(size);
-@@ -1527,6 +1576,11 @@ void *vmap(struct page **pages, unsigned int count,
+@@ -1527,6 +1573,11 @@ void *vmap(struct page **pages, unsigned int count,
if (count > totalram_pages)
return NULL;
-+#if defined(CONFIG_MODULES) && defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC)
++#if defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC)
+ if (!(pgprot_val(prot) & _PAGE_NX))
+ flags |= VM_KERNEXEC;
+#endif
@@ -85681,11 +86288,11 @@ index eeba3bb..8555cab 100644
area = get_vm_area_caller((count << PAGE_SHIFT), flags,
__builtin_return_address(0));
if (!area)
-@@ -1628,6 +1682,13 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align,
+@@ -1628,6 +1679,13 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align,
if (!size || (size >> PAGE_SHIFT) > totalram_pages)
goto fail;
-+#if defined(CONFIG_MODULES) && defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC)
++#if defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC)
+ if (!(pgprot_val(prot) & _PAGE_NX))
+ area = __get_vm_area_node(size, align, VM_ALLOC | VM_UNLIST | VM_KERNEXEC,
+ VMALLOC_START, VMALLOC_END, node, gfp_mask, caller);
@@ -85695,7 +86302,7 @@ index eeba3bb..8555cab 100644
area = __get_vm_area_node(size, align, VM_ALLOC | VM_UNLIST,
start, end, node, gfp_mask, caller);
if (!area)
-@@ -1801,10 +1862,9 @@ EXPORT_SYMBOL(vzalloc_node);
+@@ -1801,10 +1859,9 @@ EXPORT_SYMBOL(vzalloc_node);
* For tight control over page level allocator and protection flags
* use __vmalloc() instead.
*/
@@ -85707,7 +86314,7 @@ index eeba3bb..8555cab 100644
-1, __builtin_return_address(0));
}
-@@ -2099,6 +2159,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr,
+@@ -2099,6 +2156,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr,
unsigned long uaddr = vma->vm_start;
unsigned long usize = vma->vm_end - vma->vm_start;
@@ -85716,7 +86323,7 @@ index eeba3bb..8555cab 100644
if ((PAGE_SIZE-1) & (unsigned long)addr)
return -EINVAL;
-@@ -2351,8 +2413,8 @@ struct vm_struct **pcpu_get_vm_areas(const unsigned long *offsets,
+@@ -2351,8 +2410,8 @@ struct vm_struct **pcpu_get_vm_areas(const unsigned long *offsets,
return NULL;
}
@@ -85727,7 +86334,7 @@ index eeba3bb..8555cab 100644
if (!vas || !vms)
goto err_free;
-@@ -2536,11 +2598,15 @@ static int s_show(struct seq_file *m, void *p)
+@@ -2536,11 +2595,15 @@ static int s_show(struct seq_file *m, void *p)
{
struct vm_struct *v = p;
@@ -89859,7 +90466,7 @@ index 14af632..9914188 100644
table = kmemdup(event_sysctl_table, sizeof(event_sysctl_table),
GFP_KERNEL);
diff --git a/net/netfilter/nf_conntrack_proto_dccp.c b/net/netfilter/nf_conntrack_proto_dccp.c
-index 2e664a6..0c3e635 100644
+index 2e664a6..4264602 100644
--- a/net/netfilter/nf_conntrack_proto_dccp.c
+++ b/net/netfilter/nf_conntrack_proto_dccp.c
@@ -391,7 +391,7 @@ struct dccp_net {
@@ -89871,6 +90478,24 @@ index 2e664a6..0c3e635 100644
#endif
};
+@@ -459,7 +459,7 @@ static bool dccp_new(struct nf_conn *ct, const struct sk_buff *skb,
+
+ out_invalid:
+ if (LOG_INVALID(net, IPPROTO_DCCP))
+- nf_log_packet(nf_ct_l3num(ct), 0, skb, NULL, NULL, NULL, msg);
++ nf_log_packet(nf_ct_l3num(ct), 0, skb, NULL, NULL, NULL, "%s", msg);
+ return false;
+ }
+
+@@ -612,7 +612,7 @@ static int dccp_error(struct net *net, struct nf_conn *tmpl,
+
+ out_invalid:
+ if (LOG_INVALID(net, IPPROTO_DCCP))
+- nf_log_packet(pf, 0, skb, NULL, NULL, NULL, msg);
++ nf_log_packet(pf, 0, skb, NULL, NULL, NULL, "%s", msg);
+ return -NF_ACCEPT;
+ }
+
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
index 05e9feb..3b519f3 100644
--- a/net/netfilter/nf_conntrack_standalone.c
@@ -91415,9 +92040,18 @@ index 206c61e..e3641fb 100644
#else
static inline void rpc_task_set_debuginfo(struct rpc_task *task)
diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c
-index c80c162..8bf128b 100644
+index c80c162..83a1e28 100644
--- a/net/sunrpc/svc.c
+++ b/net/sunrpc/svc.c
+@@ -732,7 +732,7 @@ svc_set_num_threads(struct svc_serv *serv, struct svc_pool *pool, int nrservs)
+
+ __module_get(serv->sv_module);
+ task = kthread_create_on_node(serv->sv_function, rqstp,
+- node, serv->sv_name);
++ node, "%s", serv->sv_name);
+ if (IS_ERR(task)) {
+ error = PTR_ERR(task);
+ module_put(serv->sv_module);
@@ -1145,7 +1145,9 @@ svc_process_common(struct svc_rqst *rqstp, struct kvec *argv, struct kvec *resv)
svc_putnl(resv, RPC_SUCCESS);
@@ -92597,10 +93231,10 @@ index 38f6617..e70b72b 100755
exuberant()
diff --git a/security/Kconfig b/security/Kconfig
-index 51bd5a0..7b71be9 100644
+index 51bd5a0..999fbad 100644
--- a/security/Kconfig
+++ b/security/Kconfig
-@@ -4,6 +4,944 @@
+@@ -4,6 +4,945 @@
menu "Security options"
@@ -93224,15 +93858,16 @@ index 51bd5a0..7b71be9 100644
+ int "Minimum amount of memory reserved for module code"
+ default "4" if (!GRKERNSEC_CONFIG_AUTO || GRKERNSEC_CONFIG_SERVER)
+ default "12" if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_DESKTOP)
-+ depends on PAX_KERNEXEC && X86_32 && MODULES
++ depends on PAX_KERNEXEC && X86_32
+ help
+ Due to implementation details the kernel must reserve a fixed
-+ amount of memory for module code at compile time that cannot be
-+ changed at runtime. Here you can specify the minimum amount
-+ in MB that will be reserved. Due to the same implementation
-+ details this size will always be rounded up to the next 2/4 MB
-+ boundary (depends on PAE) so the actually available memory for
-+ module code will usually be more than this minimum.
++ amount of memory for runtime allocated code (such as modules)
++ at compile time that cannot be changed at runtime. Here you
++ can specify the minimum amount in MB that will be reserved.
++ Due to the same implementation details this size will always
++ be rounded up to the next 2/4 MB boundary (depends on PAE) so
++ the actually available memory for runtime allocated code will
++ usually be more than this minimum.
+
+ The default 4 MB should be enough for most users but if you have
+ an excessive number of modules (e.g., most distribution configs
@@ -93545,7 +94180,7 @@ index 51bd5a0..7b71be9 100644
config KEYS
bool "Enable access key retention support"
help
-@@ -169,7 +1107,7 @@ config INTEL_TXT
+@@ -169,7 +1108,7 @@ config INTEL_TXT
config LSM_MMAP_MIN_ADDR
int "Low address space for LSM to protect from user allocation"
depends on SECURITY && SECURITY_SELINUX
@@ -95099,6 +95734,19 @@ index 5cf8d65..912a79c 100644
dev->status = SNDRV_SEQ_DEVICE_FREE;
dev->driver_data = NULL;
ops->num_init_devices--;
+diff --git a/sound/core/sound.c b/sound/core/sound.c
+index 8e17b4d..6819e80 100644
+--- a/sound/core/sound.c
++++ b/sound/core/sound.c
+@@ -87,7 +87,7 @@ static void snd_request_other(int minor)
+ case SNDRV_MINOR_TIMER: str = "snd-timer"; break;
+ default: return;
+ }
+- request_module(str);
++ request_module("%s", str);
+ }
+
+ #endif /* modular kernel */
diff --git a/sound/drivers/mts64.c b/sound/drivers/mts64.c
index f24bf9a..1f7b67c 100644
--- a/sound/drivers/mts64.c
@@ -95407,6 +96055,19 @@ index ee15337..ab0ec34 100644
}
if (playback)
+diff --git a/sound/sound_core.c b/sound/sound_core.c
+index 6ce2778..f25c378 100644
+--- a/sound/sound_core.c
++++ b/sound/sound_core.c
+@@ -293,7 +293,7 @@ retry:
+ }
+
+ device_create(sound_class, dev, MKDEV(SOUND_MAJOR, s->unit_minor),
+- NULL, s->name+6);
++ NULL, "%s", s->name+6);
+ return s->unit_minor;
+
+ fail:
diff --git a/sound/usb/card.h b/sound/usb/card.h
index 0a7ca6c..f4b948c 100644
--- a/sound/usb/card.h
@@ -95488,10 +96149,10 @@ index 0000000..144dbee
+targets += size_overflow_hash.h
diff --git a/tools/gcc/checker_plugin.c b/tools/gcc/checker_plugin.c
new file mode 100644
-index 0000000..d41b5af
+index 0000000..22f03c0
--- /dev/null
+++ b/tools/gcc/checker_plugin.c
-@@ -0,0 +1,171 @@
+@@ -0,0 +1,172 @@
+/*
+ * Copyright 2011 by the PaX Team <pageexec@freemail.hu>
+ * Licensed under the GPL v2
@@ -95545,6 +96206,7 @@ index 0000000..d41b5af
+
+static struct plugin_info checker_plugin_info = {
+ .version = "201111150100",
++ .help = NULL,
+};
+
+#define ADDR_SPACE_KERNEL 0
diff --git a/3.9.6/0000_README b/3.9.7/0000_README
index 39efc0a..ad315b8 100644
--- a/3.9.6/0000_README
+++ b/3.9.7/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-2.9.1-3.9.6-201306182033.patch
+Patch: 4420_grsecurity-2.9.1-3.9.7-201306231443.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.9.6/4420_grsecurity-2.9.1-3.9.6-201306182033.patch b/3.9.7/4420_grsecurity-2.9.1-3.9.7-201306231443.patch
index 5702fad..5af3232 100644
--- a/3.9.6/4420_grsecurity-2.9.1-3.9.6-201306182033.patch
+++ b/3.9.7/4420_grsecurity-2.9.1-3.9.7-201306231443.patch
@@ -1,5 +1,5 @@
diff --git a/Documentation/dontdiff b/Documentation/dontdiff
-index b89a739..b47493f 100644
+index b89a739..79768fb 100644
--- a/Documentation/dontdiff
+++ b/Documentation/dontdiff
@@ -2,9 +2,11 @@
@@ -41,7 +41,7 @@ index b89a739..b47493f 100644
.*.d
.mm
53c700_d.h
-@@ -69,6 +75,7 @@ Image
+@@ -69,9 +75,11 @@ Image
Module.markers
Module.symvers
PENDING
@@ -49,7 +49,11 @@ index b89a739..b47493f 100644
SCCS
System.map*
TAGS
-@@ -80,6 +87,7 @@ aic7*seq.h*
++TRACEEVENT-CFLAGS
+ aconf
+ af_names.h
+ aic7*reg.h*
+@@ -80,6 +88,7 @@ aic7*seq.h*
aicasm
aicdb.h*
altivec*.c
@@ -57,7 +61,7 @@ index b89a739..b47493f 100644
asm-offsets.h
asm_offsets.h
autoconf.h*
-@@ -92,19 +100,24 @@ bounds.h
+@@ -92,19 +101,24 @@ bounds.h
bsetup
btfixupprep
build
@@ -82,7 +86,7 @@ index b89a739..b47493f 100644
conmakehash
consolemap_deftbl.c*
cpustr.h
-@@ -115,9 +128,11 @@ devlist.h*
+@@ -115,9 +129,11 @@ devlist.h*
dnotify_test
docproc
dslm
@@ -94,7 +98,7 @@ index b89a739..b47493f 100644
fixdep
flask.h
fore200e_mkfirm
-@@ -125,12 +140,15 @@ fore200e_pca_fw.c*
+@@ -125,12 +141,15 @@ fore200e_pca_fw.c*
gconf
gconf.glade.h
gen-devlist
@@ -110,7 +114,7 @@ index b89a739..b47493f 100644
hpet_example
hugepage-mmap
hugepage-shm
-@@ -145,14 +163,14 @@ int32.c
+@@ -145,14 +164,14 @@ int32.c
int4.c
int8.c
kallsyms
@@ -127,7 +131,7 @@ index b89a739..b47493f 100644
logo_*.c
logo_*_clut224.c
logo_*_mono.c
-@@ -162,14 +180,15 @@ mach-types.h
+@@ -162,14 +181,15 @@ mach-types.h
machtypes.h
map
map_hugetlb
@@ -144,7 +148,7 @@ index b89a739..b47493f 100644
mkprep
mkregtable
mktables
-@@ -185,6 +204,8 @@ oui.c*
+@@ -185,6 +205,8 @@ oui.c*
page-types
parse.c
parse.h
@@ -153,7 +157,7 @@ index b89a739..b47493f 100644
patches*
pca200e.bin
pca200e_ecd.bin2
-@@ -194,6 +215,7 @@ perf-archive
+@@ -194,6 +216,7 @@ perf-archive
piggyback
piggy.gzip
piggy.S
@@ -161,7 +165,7 @@ index b89a739..b47493f 100644
pnmtologo
ppc_defs.h*
pss_boot.h
-@@ -203,7 +225,10 @@ r200_reg_safe.h
+@@ -203,7 +226,10 @@ r200_reg_safe.h
r300_reg_safe.h
r420_reg_safe.h
r600_reg_safe.h
@@ -172,7 +176,7 @@ index b89a739..b47493f 100644
relocs
rlim_names.h
rn50_reg_safe.h
-@@ -213,8 +238,12 @@ series
+@@ -213,8 +239,12 @@ series
setup
setup.bin
setup.elf
@@ -185,7 +189,7 @@ index b89a739..b47493f 100644
split-include
syscalltab.h
tables.c
-@@ -224,6 +253,7 @@ tftpboot.img
+@@ -224,6 +254,7 @@ tftpboot.img
timeconst.h
times.h*
trix_boot.h
@@ -193,7 +197,7 @@ index b89a739..b47493f 100644
utsrelease.h*
vdso-syms.lds
vdso.lds
-@@ -235,13 +265,17 @@ vdso32.lds
+@@ -235,13 +266,17 @@ vdso32.lds
vdso32.so.dbg
vdso64.lds
vdso64.so.dbg
@@ -211,7 +215,7 @@ index b89a739..b47493f 100644
vmlinuz
voffset.h
vsyscall.lds
-@@ -249,9 +283,12 @@ vsyscall_32.lds
+@@ -249,9 +284,12 @@ vsyscall_32.lds
wanxlfw.inc
uImage
unifdef
@@ -259,7 +263,7 @@ index 8ccbf27..afffeb4 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index 4a40307..9ac699b 100644
+index a129b15..548231d 100644
--- a/Makefile
+++ b/Makefile
@@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -6633,7 +6637,7 @@ index ae54553..cf2184d 100644
ld r4,_DAR(r1)
bl .bad_page_fault
diff --git a/arch/powerpc/kernel/exceptions-64s.S b/arch/powerpc/kernel/exceptions-64s.S
-index 3bbe7ed..14ec3eb 100644
+index 644378e..b6f2c26 100644
--- a/arch/powerpc/kernel/exceptions-64s.S
+++ b/arch/powerpc/kernel/exceptions-64s.S
@@ -1390,10 +1390,10 @@ handle_page_fault:
@@ -6682,7 +6686,7 @@ index 2e3200c..72095ce 100644
/* Find this entry, or if that fails, the next avail. entry */
while (entry->jump[0]) {
diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c
-index 9600c36..0c156d7 100644
+index 0d86c8a..df4c5f2 100644
--- a/arch/powerpc/kernel/process.c
+++ b/arch/powerpc/kernel/process.c
@@ -871,8 +871,8 @@ void show_regs(struct pt_regs * regs)
@@ -6718,7 +6722,7 @@ index 9600c36..0c156d7 100644
regs->trap, (void *)regs->nip, (void *)lr);
firstframe = 1;
}
-@@ -1396,58 +1396,3 @@ void __ppc64_runlatch_off(void)
+@@ -1396,58 +1396,3 @@ void notrace __ppc64_runlatch_off(void)
mtspr(SPRN_CTRLT, ctrl);
}
#endif /* CONFIG_PPC64 */
@@ -6856,7 +6860,7 @@ index 3ce1f86..c30e629 100644
};
diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c
-index 29857c6..bd31e27 100644
+index bf33ace..e836d8b 100644
--- a/arch/powerpc/kernel/traps.c
+++ b/arch/powerpc/kernel/traps.c
@@ -142,6 +142,8 @@ static unsigned __kprobes long oops_begin(struct pt_regs *regs)
@@ -10062,6 +10066,20 @@ index d2b5944..bd813f2 100644
return addr;
}
if (mm->get_unmapped_area == arch_get_unmapped_area)
+diff --git a/arch/sparc/mm/tlb.c b/arch/sparc/mm/tlb.c
+index 83d89bc..37e7bc4 100644
+--- a/arch/sparc/mm/tlb.c
++++ b/arch/sparc/mm/tlb.c
+@@ -85,8 +85,8 @@ static void tlb_batch_add_one(struct mm_struct *mm, unsigned long vaddr,
+ }
+
+ if (!tb->active) {
+- global_flush_tlb_page(mm, vaddr);
+ flush_tsb_user_page(mm, vaddr);
++ global_flush_tlb_page(mm, vaddr);
+ goto out;
+ }
+
diff --git a/arch/tile/include/asm/atomic_64.h b/arch/tile/include/asm/atomic_64.h
index f4500c6..889656c 100644
--- a/arch/tile/include/asm/atomic_64.h
@@ -10503,7 +10521,7 @@ index 5ef205c..342191d 100644
KBUILD_AFLAGS := $(KBUILD_CFLAGS) -D__ASSEMBLY__
GCOV_PROFILE := n
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
-index 35ee62f..b6609b6 100644
+index c205035..5853587 100644
--- a/arch/x86/boot/compressed/eboot.c
+++ b/arch/x86/boot/compressed/eboot.c
@@ -150,7 +150,6 @@ again:
@@ -10522,6 +10540,48 @@ index 35ee62f..b6609b6 100644
efi_call_phys1(sys_table->boottime->free_pool, map);
fail:
return status;
+diff --git a/arch/x86/boot/compressed/efi_stub_32.S b/arch/x86/boot/compressed/efi_stub_32.S
+index a53440e..c3dbf1e 100644
+--- a/arch/x86/boot/compressed/efi_stub_32.S
++++ b/arch/x86/boot/compressed/efi_stub_32.S
+@@ -46,16 +46,13 @@ ENTRY(efi_call_phys)
+ * parameter 2, ..., param n. To make things easy, we save the return
+ * address of efi_call_phys in a global variable.
+ */
+- popl %ecx
+- movl %ecx, saved_return_addr(%edx)
+- /* get the function pointer into ECX*/
+- popl %ecx
+- movl %ecx, efi_rt_function_ptr(%edx)
++ popl saved_return_addr(%edx)
++ popl efi_rt_function_ptr(%edx)
+
+ /*
+ * 3. Call the physical function.
+ */
+- call *%ecx
++ call *efi_rt_function_ptr(%edx)
+
+ /*
+ * 4. Balance the stack. And because EAX contain the return value,
+@@ -67,15 +64,12 @@ ENTRY(efi_call_phys)
+ 1: popl %edx
+ subl $1b, %edx
+
+- movl efi_rt_function_ptr(%edx), %ecx
+- pushl %ecx
++ pushl efi_rt_function_ptr(%edx)
+
+ /*
+ * 10. Push the saved return address onto the stack and return.
+ */
+- movl saved_return_addr(%edx), %ecx
+- pushl %ecx
+- ret
++ jmpl *saved_return_addr(%edx)
+ ENDPROC(efi_call_phys)
+ .previous
+
diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/head_32.S
index 1e3184f..0d11e2e 100644
--- a/arch/x86/boot/compressed/head_32.S
@@ -17405,7 +17465,7 @@ index 7c6f7d5..8cac382 100644
};
diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c
-index 7bc1263..ce2cbfb 100644
+index 7bc1263..bff5686 100644
--- a/arch/x86/kernel/cpu/mcheck/mce.c
+++ b/arch/x86/kernel/cpu/mcheck/mce.c
@@ -45,6 +45,7 @@
@@ -17456,6 +17516,15 @@ index 7bc1263..ce2cbfb 100644
return;
}
/* First print corrected ones that are still unlogged */
+@@ -353,7 +354,7 @@ static void mce_panic(char *msg, struct mce *final, char *exp)
+ if (!fake_panic) {
+ if (panic_timeout == 0)
+ panic_timeout = mca_cfg.panic_timeout;
+- panic(msg);
++ panic("%s", msg);
+ } else
+ pr_emerg(HW_ERR "Fake kernel panic: %s\n", msg);
+ }
@@ -683,7 +684,7 @@ static int mce_timed_out(u64 *t)
* might have been modified by someone else.
*/
@@ -18171,6 +18240,21 @@ index b653675..51cc8c0 100644
+}
+EXPORT_SYMBOL(pax_check_alloca);
+#endif
+diff --git a/arch/x86/kernel/e820.c b/arch/x86/kernel/e820.c
+index d32abea..74daf4f 100644
+--- a/arch/x86/kernel/e820.c
++++ b/arch/x86/kernel/e820.c
+@@ -800,8 +800,8 @@ unsigned long __init e820_end_of_low_ram_pfn(void)
+
+ static void early_panic(char *msg)
+ {
+- early_printk(msg);
+- panic(msg);
++ early_printk("%s", msg);
++ panic("%s", msg);
+ }
+
+ static int userdef __initdata;
diff --git a/arch/x86/kernel/early_printk.c b/arch/x86/kernel/early_printk.c
index 9b9f18b..9fcaa04 100644
--- a/arch/x86/kernel/early_printk.c
@@ -18944,7 +19028,7 @@ index 8f3e2de..934870f 100644
/*
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
-index c1d01e6..5625dce 100644
+index c1d01e6..1bef85a 100644
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
@@ -59,6 +59,8 @@
@@ -19031,7 +19115,7 @@ index c1d01e6..5625dce 100644
#endif
-@@ -284,6 +293,282 @@ ENTRY(native_usergs_sysret64)
+@@ -284,6 +293,311 @@ ENTRY(native_usergs_sysret64)
ENDPROC(native_usergs_sysret64)
#endif /* CONFIG_PARAVIRT */
@@ -19139,7 +19223,9 @@ index c1d01e6..5625dce 100644
+#endif
+#ifdef CONFIG_PAX_RANDKSTACK
+ pushq %rax
++ pushq %r11
+ call pax_randomize_kstack
++ popq %r11
+ popq %rax
+#endif
+ .endm
@@ -19202,10 +19288,10 @@ index c1d01e6..5625dce 100644
+ENDPROC(pax_enter_kernel_user)
+
+ENTRY(pax_exit_kernel_user)
-+ push %rdi
++ pushq %rdi
++ pushq %rbx
+
+#ifdef CONFIG_PARAVIRT
-+ pushq %rbx
+ PV_SAVE_REGS(CLBR_RDI)
+#endif
+
@@ -19217,13 +19303,14 @@ index c1d01e6..5625dce 100644
+#endif
+
+ GET_CR3_INTO_RDI
-+ add $__START_KERNEL_map,%rdi
-+ sub phys_base(%rip),%rdi
++ mov %rdi,%rbx
++ add $__START_KERNEL_map,%rbx
++ sub phys_base(%rip),%rbx
+
+#ifdef CONFIG_PARAVIRT
++ pushq %rdi
+ cmpl $0, pv_info+PARAVIRT_enabled
+ jz 1f
-+ mov %rdi,%rbx
+ i = 0
+ .rept USER_PGD_PTRS
+ mov i*8(%rbx),%rsi
@@ -19232,21 +19319,23 @@ index c1d01e6..5625dce 100644
+ call PARA_INDIRECT(pv_mmu_ops+PV_MMU_set_pgd_batched)
+ i = i + 1
+ .endr
++ popq %rdi
++ PV_RESTORE_REGS(CLBR_RDI)
+ jmp 2f
+1:
+#endif
+
+ i = 0
+ .rept USER_PGD_PTRS
-+ movb $0x67,i*8(%rdi)
++ movb $0x67,i*8(%rbx)
+ i = i + 1
+ .endr
+
+#ifdef CONFIG_PARAVIRT
-+2: PV_RESTORE_REGS(CLBR_RDI)
-+ popq %rbx
++2:
+#endif
+
++ popq %rbx
+ popq %rdi
+ pax_force_retaddr
+ retq
@@ -19255,6 +19344,30 @@ index c1d01e6..5625dce 100644
+ENDPROC(pax_exit_kernel_user)
+#endif
+
++ .macro pax_enter_kernel_nmi
++ pax_set_fptr_mask
++
++#ifdef CONFIG_PAX_KERNEXEC
++ GET_CR0_INTO_RDI
++ bts $16,%rdi
++ SET_RDI_INTO_CR0
++ jc 110f
++ or $2,%ebx
++110:
++#endif
++ .endm
++
++ .macro pax_exit_kernel_nmi
++#ifdef CONFIG_PAX_KERNEXEC
++ test $2,%ebx
++ jz 110f
++ GET_CR0_INTO_RDI
++ btr $16,%rdi
++ SET_RDI_INTO_CR0
++110:
++#endif
++ .endm
++
+.macro pax_erase_kstack
+#ifdef CONFIG_PAX_MEMORY_STACKLEAK
+ call pax_erase_kstack
@@ -19314,7 +19427,7 @@ index c1d01e6..5625dce 100644
.macro TRACE_IRQS_IRETQ offset=ARGOFFSET
#ifdef CONFIG_TRACE_IRQFLAGS
-@@ -375,8 +660,8 @@ ENDPROC(native_usergs_sysret64)
+@@ -375,8 +689,8 @@ ENDPROC(native_usergs_sysret64)
.endm
.macro UNFAKE_STACK_FRAME
@@ -19325,7 +19438,7 @@ index c1d01e6..5625dce 100644
.endm
/*
-@@ -463,7 +748,7 @@ ENDPROC(native_usergs_sysret64)
+@@ -463,7 +777,7 @@ ENDPROC(native_usergs_sysret64)
movq %rsp, %rsi
leaq -RBP(%rsp),%rdi /* arg1 for handler */
@@ -19334,7 +19447,7 @@ index c1d01e6..5625dce 100644
je 1f
SWAPGS
/*
-@@ -498,9 +783,10 @@ ENTRY(save_rest)
+@@ -498,9 +812,10 @@ ENTRY(save_rest)
movq_cfi r15, R15+16
movq %r11, 8(%rsp) /* return address */
FIXUP_TOP_OF_STACK %r11, 16
@@ -19346,7 +19459,7 @@ index c1d01e6..5625dce 100644
/* save complete stack frame */
.pushsection .kprobes.text, "ax"
-@@ -529,9 +815,10 @@ ENTRY(save_paranoid)
+@@ -529,9 +844,10 @@ ENTRY(save_paranoid)
js 1f /* negative -> in kernel */
SWAPGS
xorl %ebx,%ebx
@@ -19359,7 +19472,7 @@ index c1d01e6..5625dce 100644
.popsection
/*
-@@ -553,7 +840,7 @@ ENTRY(ret_from_fork)
+@@ -553,7 +869,7 @@ ENTRY(ret_from_fork)
RESTORE_REST
@@ -19368,7 +19481,7 @@ index c1d01e6..5625dce 100644
jz 1f
testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET
-@@ -571,7 +858,7 @@ ENTRY(ret_from_fork)
+@@ -571,7 +887,7 @@ ENTRY(ret_from_fork)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -19377,7 +19490,7 @@ index c1d01e6..5625dce 100644
/*
* System call entry. Up to 6 arguments in registers are supported.
-@@ -608,7 +895,7 @@ END(ret_from_fork)
+@@ -608,7 +924,7 @@ END(ret_from_fork)
ENTRY(system_call)
CFI_STARTPROC simple
CFI_SIGNAL_FRAME
@@ -19386,7 +19499,7 @@ index c1d01e6..5625dce 100644
CFI_REGISTER rip,rcx
/*CFI_REGISTER rflags,r11*/
SWAPGS_UNSAFE_STACK
-@@ -621,16 +908,23 @@ GLOBAL(system_call_after_swapgs)
+@@ -621,16 +937,23 @@ GLOBAL(system_call_after_swapgs)
movq %rsp,PER_CPU_VAR(old_rsp)
movq PER_CPU_VAR(kernel_stack),%rsp
@@ -19412,7 +19525,7 @@ index c1d01e6..5625dce 100644
jnz tracesys
system_call_fastpath:
#if __SYSCALL_MASK == ~0
-@@ -640,7 +934,7 @@ system_call_fastpath:
+@@ -640,7 +963,7 @@ system_call_fastpath:
cmpl $__NR_syscall_max,%eax
#endif
ja badsys
@@ -19421,7 +19534,7 @@ index c1d01e6..5625dce 100644
call *sys_call_table(,%rax,8) # XXX: rip relative
movq %rax,RAX-ARGOFFSET(%rsp)
/*
-@@ -654,10 +948,13 @@ sysret_check:
+@@ -654,10 +977,13 @@ sysret_check:
LOCKDEP_SYS_EXIT
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF
@@ -19436,7 +19549,7 @@ index c1d01e6..5625dce 100644
/*
* sysretq will re-enable interrupts:
*/
-@@ -709,14 +1006,18 @@ badsys:
+@@ -709,14 +1035,18 @@ badsys:
* jump back to the normal fast path.
*/
auditsys:
@@ -19456,7 +19569,7 @@ index c1d01e6..5625dce 100644
jmp system_call_fastpath
/*
-@@ -737,7 +1038,7 @@ sysret_audit:
+@@ -737,7 +1067,7 @@ sysret_audit:
/* Do syscall tracing */
tracesys:
#ifdef CONFIG_AUDITSYSCALL
@@ -19465,7 +19578,7 @@ index c1d01e6..5625dce 100644
jz auditsys
#endif
SAVE_REST
-@@ -745,12 +1046,16 @@ tracesys:
+@@ -745,12 +1075,16 @@ tracesys:
FIXUP_TOP_OF_STACK %rdi
movq %rsp,%rdi
call syscall_trace_enter
@@ -19482,7 +19595,7 @@ index c1d01e6..5625dce 100644
RESTORE_REST
#if __SYSCALL_MASK == ~0
cmpq $__NR_syscall_max,%rax
-@@ -759,7 +1064,7 @@ tracesys:
+@@ -759,7 +1093,7 @@ tracesys:
cmpl $__NR_syscall_max,%eax
#endif
ja int_ret_from_sys_call /* RAX(%rsp) set to -ENOSYS above */
@@ -19491,7 +19604,7 @@ index c1d01e6..5625dce 100644
call *sys_call_table(,%rax,8)
movq %rax,RAX-ARGOFFSET(%rsp)
/* Use IRET because user could have changed frame */
-@@ -780,7 +1085,9 @@ GLOBAL(int_with_check)
+@@ -780,7 +1114,9 @@ GLOBAL(int_with_check)
andl %edi,%edx
jnz int_careful
andl $~TS_COMPAT,TI_status(%rcx)
@@ -19502,7 +19615,7 @@ index c1d01e6..5625dce 100644
/* Either reschedule or signal or syscall exit tracking needed. */
/* First do a reschedule test. */
-@@ -826,7 +1133,7 @@ int_restore_rest:
+@@ -826,7 +1162,7 @@ int_restore_rest:
TRACE_IRQS_OFF
jmp int_with_check
CFI_ENDPROC
@@ -19511,7 +19624,7 @@ index c1d01e6..5625dce 100644
.macro FORK_LIKE func
ENTRY(stub_\func)
-@@ -839,9 +1146,10 @@ ENTRY(stub_\func)
+@@ -839,9 +1175,10 @@ ENTRY(stub_\func)
DEFAULT_FRAME 0 8 /* offset 8: return address */
call sys_\func
RESTORE_TOP_OF_STACK %r11, 8
@@ -19523,7 +19636,7 @@ index c1d01e6..5625dce 100644
.endm
.macro FIXED_FRAME label,func
-@@ -851,9 +1159,10 @@ ENTRY(\label)
+@@ -851,9 +1188,10 @@ ENTRY(\label)
FIXUP_TOP_OF_STACK %r11, 8-ARGOFFSET
call \func
RESTORE_TOP_OF_STACK %r11, 8-ARGOFFSET
@@ -19535,7 +19648,7 @@ index c1d01e6..5625dce 100644
.endm
FORK_LIKE clone
-@@ -870,9 +1179,10 @@ ENTRY(ptregscall_common)
+@@ -870,9 +1208,10 @@ ENTRY(ptregscall_common)
movq_cfi_restore R12+8, r12
movq_cfi_restore RBP+8, rbp
movq_cfi_restore RBX+8, rbx
@@ -19547,7 +19660,7 @@ index c1d01e6..5625dce 100644
ENTRY(stub_execve)
CFI_STARTPROC
-@@ -885,7 +1195,7 @@ ENTRY(stub_execve)
+@@ -885,7 +1224,7 @@ ENTRY(stub_execve)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -19556,7 +19669,7 @@ index c1d01e6..5625dce 100644
/*
* sigreturn is special because it needs to restore all registers on return.
-@@ -902,7 +1212,7 @@ ENTRY(stub_rt_sigreturn)
+@@ -902,7 +1241,7 @@ ENTRY(stub_rt_sigreturn)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -19565,7 +19678,7 @@ index c1d01e6..5625dce 100644
#ifdef CONFIG_X86_X32_ABI
ENTRY(stub_x32_rt_sigreturn)
-@@ -916,7 +1226,7 @@ ENTRY(stub_x32_rt_sigreturn)
+@@ -916,7 +1255,7 @@ ENTRY(stub_x32_rt_sigreturn)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -19574,7 +19687,7 @@ index c1d01e6..5625dce 100644
ENTRY(stub_x32_execve)
CFI_STARTPROC
-@@ -930,7 +1240,7 @@ ENTRY(stub_x32_execve)
+@@ -930,7 +1269,7 @@ ENTRY(stub_x32_execve)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -19583,7 +19696,7 @@ index c1d01e6..5625dce 100644
#endif
-@@ -967,7 +1277,7 @@ vector=vector+1
+@@ -967,7 +1306,7 @@ vector=vector+1
2: jmp common_interrupt
.endr
CFI_ENDPROC
@@ -19592,7 +19705,7 @@ index c1d01e6..5625dce 100644
.previous
END(interrupt)
-@@ -987,6 +1297,16 @@ END(interrupt)
+@@ -987,6 +1326,16 @@ END(interrupt)
subq $ORIG_RAX-RBP, %rsp
CFI_ADJUST_CFA_OFFSET ORIG_RAX-RBP
SAVE_ARGS_IRQ
@@ -19609,7 +19722,7 @@ index c1d01e6..5625dce 100644
call \func
.endm
-@@ -1019,7 +1339,7 @@ ret_from_intr:
+@@ -1019,7 +1368,7 @@ ret_from_intr:
exit_intr:
GET_THREAD_INFO(%rcx)
@@ -19618,7 +19731,7 @@ index c1d01e6..5625dce 100644
je retint_kernel
/* Interrupt came from user space */
-@@ -1041,12 +1361,16 @@ retint_swapgs: /* return to user-space */
+@@ -1041,12 +1390,16 @@ retint_swapgs: /* return to user-space */
* The iretq could re-enable interrupts:
*/
DISABLE_INTERRUPTS(CLBR_ANY)
@@ -19635,7 +19748,7 @@ index c1d01e6..5625dce 100644
/*
* The iretq could re-enable interrupts:
*/
-@@ -1129,7 +1453,7 @@ ENTRY(retint_kernel)
+@@ -1129,7 +1482,7 @@ ENTRY(retint_kernel)
#endif
CFI_ENDPROC
@@ -19644,7 +19757,7 @@ index c1d01e6..5625dce 100644
/*
* End of kprobes section
*/
-@@ -1147,7 +1471,7 @@ ENTRY(\sym)
+@@ -1147,7 +1500,7 @@ ENTRY(\sym)
interrupt \do_sym
jmp ret_from_intr
CFI_ENDPROC
@@ -19653,7 +19766,7 @@ index c1d01e6..5625dce 100644
.endm
#ifdef CONFIG_SMP
-@@ -1203,12 +1527,22 @@ ENTRY(\sym)
+@@ -1203,12 +1556,22 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call error_entry
DEFAULT_FRAME 0
@@ -19677,7 +19790,7 @@ index c1d01e6..5625dce 100644
.endm
.macro paranoidzeroentry sym do_sym
-@@ -1221,15 +1555,25 @@ ENTRY(\sym)
+@@ -1221,15 +1584,25 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call save_paranoid
TRACE_IRQS_OFF
@@ -19705,7 +19818,7 @@ index c1d01e6..5625dce 100644
.macro paranoidzeroentry_ist sym do_sym ist
ENTRY(\sym)
INTR_FRAME
-@@ -1240,14 +1584,30 @@ ENTRY(\sym)
+@@ -1240,14 +1613,30 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call save_paranoid
TRACE_IRQS_OFF_DEBUG
@@ -19737,7 +19850,7 @@ index c1d01e6..5625dce 100644
.endm
.macro errorentry sym do_sym
-@@ -1259,13 +1619,23 @@ ENTRY(\sym)
+@@ -1259,13 +1648,23 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call error_entry
DEFAULT_FRAME 0
@@ -19762,7 +19875,7 @@ index c1d01e6..5625dce 100644
.endm
/* error code is on the stack already */
-@@ -1279,13 +1649,23 @@ ENTRY(\sym)
+@@ -1279,13 +1678,23 @@ ENTRY(\sym)
call save_paranoid
DEFAULT_FRAME 0
TRACE_IRQS_OFF
@@ -19787,7 +19900,7 @@ index c1d01e6..5625dce 100644
.endm
zeroentry divide_error do_divide_error
-@@ -1315,9 +1695,10 @@ gs_change:
+@@ -1315,9 +1724,10 @@ gs_change:
2: mfence /* workaround */
SWAPGS
popfq_cfi
@@ -19799,7 +19912,7 @@ index c1d01e6..5625dce 100644
_ASM_EXTABLE(gs_change,bad_gs)
.section .fixup,"ax"
-@@ -1345,9 +1726,10 @@ ENTRY(call_softirq)
+@@ -1345,9 +1755,10 @@ ENTRY(call_softirq)
CFI_DEF_CFA_REGISTER rsp
CFI_ADJUST_CFA_OFFSET -8
decl PER_CPU_VAR(irq_count)
@@ -19811,7 +19924,7 @@ index c1d01e6..5625dce 100644
#ifdef CONFIG_XEN
zeroentry xen_hypervisor_callback xen_do_hypervisor_callback
-@@ -1385,7 +1767,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
+@@ -1385,7 +1796,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
decl PER_CPU_VAR(irq_count)
jmp error_exit
CFI_ENDPROC
@@ -19820,7 +19933,7 @@ index c1d01e6..5625dce 100644
/*
* Hypervisor uses this for application faults while it executes.
-@@ -1444,7 +1826,7 @@ ENTRY(xen_failsafe_callback)
+@@ -1444,7 +1855,7 @@ ENTRY(xen_failsafe_callback)
SAVE_ALL
jmp error_exit
CFI_ENDPROC
@@ -19829,7 +19942,7 @@ index c1d01e6..5625dce 100644
apicinterrupt HYPERVISOR_CALLBACK_VECTOR \
xen_hvm_callback_vector xen_evtchn_do_upcall
-@@ -1498,16 +1880,31 @@ ENTRY(paranoid_exit)
+@@ -1498,16 +1909,31 @@ ENTRY(paranoid_exit)
TRACE_IRQS_OFF_DEBUG
testl %ebx,%ebx /* swapgs needed? */
jnz paranoid_restore
@@ -19862,7 +19975,7 @@ index c1d01e6..5625dce 100644
jmp irq_return
paranoid_userspace:
GET_THREAD_INFO(%rcx)
-@@ -1536,7 +1933,7 @@ paranoid_schedule:
+@@ -1536,7 +1962,7 @@ paranoid_schedule:
TRACE_IRQS_OFF
jmp paranoid_userspace
CFI_ENDPROC
@@ -19871,7 +19984,7 @@ index c1d01e6..5625dce 100644
/*
* Exception entry point. This expects an error code/orig_rax on the stack.
-@@ -1563,12 +1960,13 @@ ENTRY(error_entry)
+@@ -1563,12 +1989,13 @@ ENTRY(error_entry)
movq_cfi r14, R14+8
movq_cfi r15, R15+8
xorl %ebx,%ebx
@@ -19886,7 +19999,7 @@ index c1d01e6..5625dce 100644
ret
/*
-@@ -1595,7 +1993,7 @@ bstep_iret:
+@@ -1595,7 +2022,7 @@ bstep_iret:
movq %rcx,RIP+8(%rsp)
jmp error_swapgs
CFI_ENDPROC
@@ -19895,7 +20008,7 @@ index c1d01e6..5625dce 100644
/* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */
-@@ -1615,7 +2013,7 @@ ENTRY(error_exit)
+@@ -1615,7 +2042,7 @@ ENTRY(error_exit)
jnz retint_careful
jmp retint_swapgs
CFI_ENDPROC
@@ -19904,7 +20017,7 @@ index c1d01e6..5625dce 100644
/*
* Test if a given stack is an NMI stack or not.
-@@ -1673,9 +2071,11 @@ ENTRY(nmi)
+@@ -1673,9 +2100,11 @@ ENTRY(nmi)
* If %cs was not the kernel segment, then the NMI triggered in user
* space, which means it is definitely not nested.
*/
@@ -19917,7 +20030,7 @@ index c1d01e6..5625dce 100644
/*
* Check the special variable on the stack to see if NMIs are
* executing.
-@@ -1709,8 +2109,7 @@ nested_nmi:
+@@ -1709,8 +2138,7 @@ nested_nmi:
1:
/* Set up the interrupted NMIs stack to jump to repeat_nmi */
@@ -19927,51 +20040,40 @@ index c1d01e6..5625dce 100644
CFI_ADJUST_CFA_OFFSET 1*8
leaq -10*8(%rsp), %rdx
pushq_cfi $__KERNEL_DS
-@@ -1728,6 +2127,7 @@ nested_nmi_out:
+@@ -1728,6 +2156,7 @@ nested_nmi_out:
CFI_RESTORE rdx
/* No need to check faults here */
-+ pax_force_retaddr_bts
++# pax_force_retaddr_bts
INTERRUPT_RETURN
CFI_RESTORE_STATE
-@@ -1844,6 +2244,17 @@ end_repeat_nmi:
+@@ -1844,6 +2273,8 @@ end_repeat_nmi:
*/
movq %cr2, %r12
-+#ifdef CONFIG_PAX_MEMORY_UDEREF
-+ testb $3, CS(%rsp)
-+ jnz 1f
-+ pax_enter_kernel
-+ jmp 2f
-+1: pax_enter_kernel_user
-+2:
-+#else
-+ pax_enter_kernel
-+#endif
++ pax_enter_kernel_nmi
+
/* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
movq %rsp,%rdi
movq $-1,%rsi
-@@ -1859,23 +2270,34 @@ end_repeat_nmi:
- testl %ebx,%ebx /* swapgs needed? */
+@@ -1856,26 +2287,31 @@ end_repeat_nmi:
+ movq %r12, %cr2
+ 1:
+
+- testl %ebx,%ebx /* swapgs needed? */
++ testl $1,%ebx /* swapgs needed? */
jnz nmi_restore
nmi_swapgs:
-+#ifdef CONFIG_PAX_MEMORY_UDEREF
-+ pax_exit_kernel_user
-+#else
-+ pax_exit_kernel
-+#endif
SWAPGS_UNSAFE_STACK
-+ RESTORE_ALL 6*8
-+ /* Clear the NMI executing stack variable */
-+ movq $0, 5*8(%rsp)
-+ jmp irq_return
nmi_restore:
-+ pax_exit_kernel
++ pax_exit_kernel_nmi
/* Pop the extra iret frame at once */
RESTORE_ALL 6*8
++ testb $3, 8(%rsp)
++ jnz 1f
+ pax_force_retaddr_bts
++1:
/* Clear the NMI executing stack variable */
movq $0, 5*8(%rsp)
@@ -22479,7 +22581,7 @@ index 76fa1e9..abf09ea 100644
.shutdown = native_machine_shutdown,
.emergency_restart = native_machine_emergency_restart,
diff --git a/arch/x86/kernel/relocate_kernel_64.S b/arch/x86/kernel/relocate_kernel_64.S
-index 7a6f3b3..bed145d7 100644
+index f2bb9c9..bed145d7 100644
--- a/arch/x86/kernel/relocate_kernel_64.S
+++ b/arch/x86/kernel/relocate_kernel_64.S
@@ -11,6 +11,7 @@
@@ -22490,15 +22592,7 @@ index 7a6f3b3..bed145d7 100644
/*
* Must be relocatable PIC code callable as a C function
-@@ -160,13 +161,14 @@ identity_mapped:
- xorq %rbp, %rbp
- xorq %r8, %r8
- xorq %r9, %r9
-- xorq %r10, %r9
-+ xorq %r10, %r10
- xorq %r11, %r11
- xorq %r12, %r12
- xorq %r13, %r13
+@@ -167,6 +168,7 @@ identity_mapped:
xorq %r14, %r14
xorq %r15, %r15
@@ -23547,7 +23641,7 @@ index 3dbdd9c..888b14e 100644
goto cannot_handle;
if ((segoffs >> 16) == BIOSSEG)
diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
-index 22a1530..8fbaaad 100644
+index 22a1530..5efafbf 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -26,6 +26,13 @@
@@ -23632,7 +23726,7 @@ index 22a1530..8fbaaad 100644
+ . = ALIGN(PAGE_SIZE);
+ .module.text : AT(ADDR(.module.text) - LOAD_OFFSET) {
+
-+#if defined(CONFIG_PAX_KERNEXEC) && defined(CONFIG_MODULES)
++#ifdef CONFIG_PAX_KERNEXEC
+ MODULES_EXEC_VADDR = .;
+ BYTE(0)
+ . += (CONFIG_PAX_KERNEXEC_MODULE_TEXT * 1024 * 1024);
@@ -28089,7 +28183,7 @@ index ae1aa71..d9bea75 100644
#endif /*HAVE_ARCH_HUGETLB_UNMAPPED_AREA*/
diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
-index 59b7fc4..b1dd75f 100644
+index 0c13708..689fe7f 100644
--- a/arch/x86/mm/init.c
+++ b/arch/x86/mm/init.c
@@ -4,6 +4,7 @@
@@ -30397,6 +30491,31 @@ index c77b24a..c979855 100644
return !(ret & 0xff00);
}
EXPORT_SYMBOL(pcibios_set_irq_routing);
+diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c
+index 90f3a52..714e825 100644
+--- a/arch/x86/platform/efi/efi.c
++++ b/arch/x86/platform/efi/efi.c
+@@ -1059,7 +1059,10 @@ efi_status_t efi_query_variable_store(u32 attributes, unsigned long size)
+ * that by attempting to use more space than is available.
+ */
+ unsigned long dummy_size = remaining_size + 1024;
+- void *dummy = kmalloc(dummy_size, GFP_ATOMIC);
++ void *dummy = kzalloc(dummy_size, GFP_ATOMIC);
++
++ if (!dummy)
++ return EFI_OUT_OF_RESOURCES;
+
+ status = efi.set_variable(efi_dummy_name, &EFI_DUMMY_GUID,
+ EFI_VARIABLE_NON_VOLATILE |
+@@ -1079,6 +1082,8 @@ efi_status_t efi_query_variable_store(u32 attributes, unsigned long size)
+ 0, dummy);
+ }
+
++ kfree(dummy);
++
+ /*
+ * The runtime code may now have triggered a garbage collection
+ * run, so check the variable info again
diff --git a/arch/x86/platform/efi/efi_32.c b/arch/x86/platform/efi/efi_32.c
index 40e4469..1ab536e 100644
--- a/arch/x86/platform/efi/efi_32.c
@@ -31645,6 +31764,47 @@ index 7c668c8..db3521c 100644
if (err) {
err = -EFAULT;
goto out;
+diff --git a/block/genhd.c b/block/genhd.c
+index 3c001fb..d15a9e8 100644
+--- a/block/genhd.c
++++ b/block/genhd.c
+@@ -467,21 +467,24 @@ static char *bdevt_str(dev_t devt, char *buf)
+
+ /*
+ * Register device numbers dev..(dev+range-1)
+- * range must be nonzero
++ * Noop if @range is zero.
+ * The hash chain is sorted on range, so that subranges can override.
+ */
+ void blk_register_region(dev_t devt, unsigned long range, struct module *module,
+ struct kobject *(*probe)(dev_t, int *, void *),
+ int (*lock)(dev_t, void *), void *data)
+ {
+- kobj_map(bdev_map, devt, range, module, probe, lock, data);
++ if (range)
++ kobj_map(bdev_map, devt, range, module, probe, lock, data);
+ }
+
+ EXPORT_SYMBOL(blk_register_region);
+
++/* undo blk_register_region(), noop if @range is zero */
+ void blk_unregister_region(dev_t devt, unsigned long range)
+ {
+- kobj_unmap(bdev_map, devt, range);
++ if (range)
++ kobj_unmap(bdev_map, devt, range);
+ }
+
+ EXPORT_SYMBOL(blk_unregister_region);
+@@ -512,7 +515,7 @@ static void register_disk(struct gendisk *disk)
+
+ ddev->parent = disk->driverfs_dev;
+
+- dev_set_name(ddev, disk->disk_name);
++ dev_set_name(ddev, "%s", disk->disk_name);
+
+ /* delay uevents, until we scanned partition table */
+ dev_set_uevent_suppress(ddev, 1);
diff --git a/block/partitions/efi.c b/block/partitions/efi.c
index ff5804e..a88acad 100644
--- a/block/partitions/efi.c
@@ -31725,6 +31885,19 @@ index 9a87daa..fb17486 100644
if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len))
goto error;
+diff --git a/crypto/algapi.c b/crypto/algapi.c
+index 6149a6e..55ed50d 100644
+--- a/crypto/algapi.c
++++ b/crypto/algapi.c
+@@ -495,7 +495,7 @@ static struct crypto_template *__crypto_lookup_template(const char *name)
+
+ struct crypto_template *crypto_lookup_template(const char *name)
+ {
+- return try_then_request_module(__crypto_lookup_template(name), name);
++ return try_then_request_module(__crypto_lookup_template(name), "%s", name);
+ }
+ EXPORT_SYMBOL_GPL(crypto_lookup_template);
+
diff --git a/crypto/cryptd.c b/crypto/cryptd.c
index 7bdd61b..afec999 100644
--- a/crypto/cryptd.c
@@ -31747,6 +31920,30 @@ index 7bdd61b..afec999 100644
static void cryptd_queue_worker(struct work_struct *work);
+diff --git a/crypto/pcrypt.c b/crypto/pcrypt.c
+index b2c99dc..476c9fb 100644
+--- a/crypto/pcrypt.c
++++ b/crypto/pcrypt.c
+@@ -440,7 +440,7 @@ static int pcrypt_sysfs_add(struct padata_instance *pinst, const char *name)
+ int ret;
+
+ pinst->kobj.kset = pcrypt_kset;
+- ret = kobject_add(&pinst->kobj, NULL, name);
++ ret = kobject_add(&pinst->kobj, NULL, "%s", name);
+ if (!ret)
+ kobject_uevent(&pinst->kobj, KOBJ_ADD);
+
+@@ -455,8 +455,8 @@ static int pcrypt_init_padata(struct padata_pcrypt *pcrypt,
+
+ get_online_cpus();
+
+- pcrypt->wq = alloc_workqueue(name,
+- WQ_MEM_RECLAIM | WQ_CPU_INTENSIVE, 1);
++ pcrypt->wq = alloc_workqueue("%s",
++ WQ_MEM_RECLAIM | WQ_CPU_INTENSIVE, 1, name);
+ if (!pcrypt->wq)
+ goto err;
+
diff --git a/drivers/acpi/apei/apei-internal.h b/drivers/acpi/apei/apei-internal.h
index f220d64..d359ad6 100644
--- a/drivers/acpi/apei/apei-internal.h
@@ -32969,6 +33166,19 @@ index 969c3c2..9b72956 100644
wake_up(&zatm_vcc->tx_wait);
}
+diff --git a/drivers/base/attribute_container.c b/drivers/base/attribute_container.c
+index d78b204..ecc1929 100644
+--- a/drivers/base/attribute_container.c
++++ b/drivers/base/attribute_container.c
+@@ -167,7 +167,7 @@ attribute_container_add_device(struct device *dev,
+ ic->classdev.parent = get_device(dev);
+ ic->classdev.class = cont->class;
+ cont->class->dev_release = attribute_container_release;
+- dev_set_name(&ic->classdev, dev_name(dev));
++ dev_set_name(&ic->classdev, "%s", dev_name(dev));
+ if (fn)
+ fn(cont, dev, &ic->classdev);
+ else
diff --git a/drivers/base/bus.c b/drivers/base/bus.c
index 519865b..e540db3 100644
--- a/drivers/base/bus.c
@@ -33054,6 +33264,19 @@ index 9a6b05a..2fc8fb9 100644
int ret = 0;
if (IS_ERR_OR_NULL(genpd))
+diff --git a/drivers/base/power/sysfs.c b/drivers/base/power/sysfs.c
+index a53ebd2..8f73eeb 100644
+--- a/drivers/base/power/sysfs.c
++++ b/drivers/base/power/sysfs.c
+@@ -185,7 +185,7 @@ static ssize_t rtpm_status_show(struct device *dev,
+ return -EIO;
+ }
+ }
+- return sprintf(buf, p);
++ return sprintf(buf, "%s", p);
+ }
+
+ static DEVICE_ATTR(runtime_status, 0444, rtpm_status_show, NULL);
diff --git a/drivers/base/power/wakeup.c b/drivers/base/power/wakeup.c
index 79715e7..df06b3b 100644
--- a/drivers/base/power/wakeup.c
@@ -33116,10 +33339,10 @@ index e8d11b6..7b1b36f 100644
}
EXPORT_SYMBOL_GPL(unregister_syscore_ops);
diff --git a/drivers/block/cciss.c b/drivers/block/cciss.c
-index 1c1b8e5..b7fc681 100644
+index dadea48..a1f3835 100644
--- a/drivers/block/cciss.c
+++ b/drivers/block/cciss.c
-@@ -1196,6 +1196,8 @@ static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode,
+@@ -1184,6 +1184,8 @@ static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode,
int err;
u32 cp;
@@ -33572,6 +33795,19 @@ index dfe7583..83768bb 100644
set_fs(old_fs);
if (likely(bw == len))
return 0;
+diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c
+index 7fecc78..84d217c 100644
+--- a/drivers/block/nbd.c
++++ b/drivers/block/nbd.c
+@@ -714,7 +714,7 @@ static int __nbd_ioctl(struct block_device *bdev, struct nbd_device *nbd,
+ else
+ blk_queue_flush(nbd->disk->queue, 0);
+
+- thread = kthread_create(nbd_thread, nbd, nbd->disk->disk_name);
++ thread = kthread_create(nbd_thread, nbd, "%s", nbd->disk->disk_name);
+ if (IS_ERR(thread)) {
+ mutex_lock(&nbd->tx_lock);
+ return PTR_ERR(thread);
diff --git a/drivers/block/pktcdvd.c b/drivers/block/pktcdvd.c
index 2e7de7a..ed86dc0 100644
--- a/drivers/block/pktcdvd.c
@@ -33586,7 +33822,7 @@ index 2e7de7a..ed86dc0 100644
static DEFINE_MUTEX(pktcdvd_mutex);
static struct pktcdvd_device *pkt_devs[MAX_WRITERS];
diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c
-index d620b44..e9abc80 100644
+index d620b44..d7538c2 100644
--- a/drivers/cdrom/cdrom.c
+++ b/drivers/cdrom/cdrom.c
@@ -416,7 +416,6 @@ int register_cdrom(struct cdrom_device_info *cdi)
@@ -33637,6 +33873,15 @@ index d620b44..e9abc80 100644
if (cgc->buffer == NULL)
return -ENOMEM;
+@@ -3429,7 +3430,7 @@ static int cdrom_print_info(const char *header, int val, char *info,
+ struct cdrom_device_info *cdi;
+ int ret;
+
+- ret = scnprintf(info + *pos, max_size - *pos, header);
++ ret = scnprintf(info + *pos, max_size - *pos, "%s", header);
+ if (!ret)
+ return 1;
+
diff --git a/drivers/cdrom/gdrom.c b/drivers/cdrom/gdrom.c
index d59cdcb..11afddf 100644
--- a/drivers/cdrom/gdrom.c
@@ -33731,6 +33976,19 @@ index d784650..e8bfd69 100644
struct hpet_info *info)
{
struct hpet_timer __iomem *timer;
+diff --git a/drivers/char/hw_random/intel-rng.c b/drivers/char/hw_random/intel-rng.c
+index 86fe45c..c0ea948 100644
+--- a/drivers/char/hw_random/intel-rng.c
++++ b/drivers/char/hw_random/intel-rng.c
+@@ -314,7 +314,7 @@ PFX "RNG, try using the 'no_fwh_detect' option.\n";
+
+ if (no_fwh_detect)
+ return -ENODEV;
+- printk(warning);
++ printk("%s", warning);
+ return -EBUSY;
+ }
+
diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c
index 053201b0..8335cce 100644
--- a/drivers/char/ipmi/ipmi_msghandler.c
@@ -33800,7 +34058,7 @@ index 0ac9b45..6179fb5 100644
new_smi->interrupt_disabled = 1;
atomic_set(&new_smi->stop_operation, 0);
diff --git a/drivers/char/mem.c b/drivers/char/mem.c
-index 2c644af..d4d7f17 100644
+index 2c644af..4b7aede 100644
--- a/drivers/char/mem.c
+++ b/drivers/char/mem.c
@@ -18,6 +18,7 @@
@@ -33944,6 +34202,15 @@ index 2c644af..d4d7f17 100644
};
static int memory_open(struct inode *inode, struct file *filp)
+@@ -904,7 +954,7 @@ static int __init chr_dev_init(void)
+ continue;
+
+ device_create(mem_class, NULL, MKDEV(MEM_MAJOR, minor),
+- NULL, devlist[minor].name);
++ NULL, "%s", devlist[minor].name);
+ }
+
+ return tty_init();
diff --git a/drivers/char/mwave/tp3780i.c b/drivers/char/mwave/tp3780i.c
index c689697..04e6d6a2 100644
--- a/drivers/char/mwave/tp3780i.c
@@ -34477,9 +34744,18 @@ index 428754a..8bdf9cc 100644
.name = "cpuidle",
};
diff --git a/drivers/devfreq/devfreq.c b/drivers/devfreq/devfreq.c
-index 3b36797..289c16a 100644
+index 3b36797..db0b0c0 100644
--- a/drivers/devfreq/devfreq.c
+++ b/drivers/devfreq/devfreq.c
+@@ -477,7 +477,7 @@ struct devfreq *devfreq_add_device(struct device *dev,
+ GFP_KERNEL);
+ devfreq->last_stat_updated = jiffies;
+
+- dev_set_name(&devfreq->dev, dev_name(dev));
++ dev_set_name(&devfreq->dev, "%s", dev_name(dev));
+ err = device_register(&devfreq->dev);
+ if (err) {
+ put_device(&devfreq->dev);
@@ -588,7 +588,7 @@ int devfreq_add_governor(struct devfreq_governor *governor)
goto err_out;
}
@@ -34863,6 +35139,28 @@ index 25f91cd..a376f55 100644
++file_priv->ioctl_count;
DRM_DEBUG("pid=%d, cmd=0x%02x, nr=0x%02x, dev 0x%lx, auth=%d\n",
+diff --git a/drivers/gpu/drm/drm_encoder_slave.c b/drivers/gpu/drm/drm_encoder_slave.c
+index 48c52f7..0cfb60f 100644
+--- a/drivers/gpu/drm/drm_encoder_slave.c
++++ b/drivers/gpu/drm/drm_encoder_slave.c
+@@ -54,16 +54,12 @@ int drm_i2c_encoder_init(struct drm_device *dev,
+ struct i2c_adapter *adap,
+ const struct i2c_board_info *info)
+ {
+- char modalias[sizeof(I2C_MODULE_PREFIX)
+- + I2C_NAME_SIZE];
+ struct module *module = NULL;
+ struct i2c_client *client;
+ struct drm_i2c_encoder_driver *encoder_drv;
+ int err = 0;
+
+- snprintf(modalias, sizeof(modalias),
+- "%s%s", I2C_MODULE_PREFIX, info->type);
+- request_module(modalias);
++ request_module("%s%s", I2C_MODULE_PREFIX, info->type);
+
+ client = i2c_new_device(adap, info);
+ if (!client) {
diff --git a/drivers/gpu/drm/drm_fops.c b/drivers/gpu/drm/drm_fops.c
index 429e07d..e681a2c 100644
--- a/drivers/gpu/drm/drm_fops.c
@@ -35141,6 +35439,19 @@ index 7d30802..42c6cbb 100644
drm_put_dev(dev);
}
mutex_unlock(&drm_global_mutex);
+diff --git a/drivers/gpu/drm/drm_sysfs.c b/drivers/gpu/drm/drm_sysfs.c
+index 0229665..f61329c 100644
+--- a/drivers/gpu/drm/drm_sysfs.c
++++ b/drivers/gpu/drm/drm_sysfs.c
+@@ -499,7 +499,7 @@ EXPORT_SYMBOL(drm_sysfs_hotplug_event);
+ int drm_sysfs_device_add(struct drm_minor *minor)
+ {
+ int err;
+- char *minor_str;
++ const char *minor_str;
+
+ minor->kdev.parent = minor->dev->dev;
+
diff --git a/drivers/gpu/drm/i810/i810_dma.c b/drivers/gpu/drm/i810/i810_dma.c
index 004ecdf..db1f6e0 100644
--- a/drivers/gpu/drm/i810/i810_dma.c
@@ -35943,6 +36254,28 @@ index fad6633..4ff94de 100644
} else {
if (rdev->pm.max_bandwidth.full > rdev->pm.k8_bandwidth.full &&
rdev->pm.k8_bandwidth.full)
+diff --git a/drivers/gpu/drm/ttm/ttm_memory.c b/drivers/gpu/drm/ttm/ttm_memory.c
+index dbc2def..0a9f710 100644
+--- a/drivers/gpu/drm/ttm/ttm_memory.c
++++ b/drivers/gpu/drm/ttm/ttm_memory.c
+@@ -264,7 +264,7 @@ static int ttm_mem_init_kernel_zone(struct ttm_mem_global *glob,
+ zone->glob = glob;
+ glob->zone_kernel = zone;
+ ret = kobject_init_and_add(
+- &zone->kobj, &ttm_mem_zone_kobj_type, &glob->kobj, zone->name);
++ &zone->kobj, &ttm_mem_zone_kobj_type, &glob->kobj, "%s", zone->name);
+ if (unlikely(ret != 0)) {
+ kobject_put(&zone->kobj);
+ return ret;
+@@ -347,7 +347,7 @@ static int ttm_mem_init_dma32_zone(struct ttm_mem_global *glob,
+ zone->glob = glob;
+ glob->zone_dma32 = zone;
+ ret = kobject_init_and_add(
+- &zone->kobj, &ttm_mem_zone_kobj_type, &glob->kobj, zone->name);
++ &zone->kobj, &ttm_mem_zone_kobj_type, &glob->kobj, "%s", zone->name);
+ if (unlikely(ret != 0)) {
+ kobject_put(&zone->kobj);
+ return ret;
diff --git a/drivers/gpu/drm/ttm/ttm_page_alloc.c b/drivers/gpu/drm/ttm/ttm_page_alloc.c
index bd2a3b4..122d9ad 100644
--- a/drivers/gpu/drm/ttm/ttm_page_alloc.c
@@ -37418,9 +37751,18 @@ index b972d43..8943713 100644
/**
diff --git a/drivers/iommu/irq_remapping.c b/drivers/iommu/irq_remapping.c
-index 7c11ff3..5b2d7a7 100644
+index 7c11ff3..a2a0457 100644
--- a/drivers/iommu/irq_remapping.c
+++ b/drivers/iommu/irq_remapping.c
+@@ -348,7 +348,7 @@ int setup_hpet_msi_remapped(unsigned int irq, unsigned int id)
+ void panic_if_irq_remap(const char *msg)
+ {
+ if (irq_remapping_enabled)
+- panic(msg);
++ panic("%s", msg);
+ }
+
+ static void ir_ack_apic_edge(struct irq_data *data)
@@ -369,10 +369,12 @@ static void ir_print_prefix(struct irq_data *data, struct seq_file *p)
void irq_remap_modify_chip_defaults(struct irq_chip *chip)
@@ -38225,10 +38567,10 @@ index 1cbfc6b..56e1dbb 100644
/*----------------------------------------------------------------*/
diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c
-index 6af167f..40c25a1 100644
+index 7116798..c81390c 100644
--- a/drivers/md/raid1.c
+++ b/drivers/md/raid1.c
-@@ -1826,7 +1826,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio)
+@@ -1836,7 +1836,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio)
if (r1_sync_page_io(rdev, sect, s,
bio->bi_io_vec[idx].bv_page,
READ) != 0)
@@ -38237,7 +38579,7 @@ index 6af167f..40c25a1 100644
}
sectors -= s;
sect += s;
-@@ -2048,7 +2048,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk,
+@@ -2058,7 +2058,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk,
test_bit(In_sync, &rdev->flags)) {
if (r1_sync_page_io(rdev, sect, s,
conf->tmppage, READ)) {
@@ -38247,10 +38589,10 @@ index 6af167f..40c25a1 100644
"md/raid1:%s: read error corrected "
"(%d sectors at %llu on %s)\n",
diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
-index 46c14e5..4db5966 100644
+index e4ea992..d234520 100644
--- a/drivers/md/raid10.c
+++ b/drivers/md/raid10.c
-@@ -1932,7 +1932,7 @@ static void end_sync_read(struct bio *bio, int error)
+@@ -1942,7 +1942,7 @@ static void end_sync_read(struct bio *bio, int error)
/* The write handler will notice the lack of
* R10BIO_Uptodate and record any errors etc
*/
@@ -38259,7 +38601,7 @@ index 46c14e5..4db5966 100644
&conf->mirrors[d].rdev->corrected_errors);
/* for reconstruct, we always reschedule after a read.
-@@ -2281,7 +2281,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev)
+@@ -2291,7 +2291,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev)
{
struct timespec cur_time_mon;
unsigned long hours_since_last;
@@ -38268,7 +38610,7 @@ index 46c14e5..4db5966 100644
ktime_get_ts(&cur_time_mon);
-@@ -2303,9 +2303,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev)
+@@ -2313,9 +2313,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev)
* overflowing the shift of read_errors by hours_since_last.
*/
if (hours_since_last >= 8 * sizeof(read_errors))
@@ -38280,7 +38622,7 @@ index 46c14e5..4db5966 100644
}
static int r10_sync_page_io(struct md_rdev *rdev, sector_t sector,
-@@ -2359,8 +2359,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
+@@ -2369,8 +2369,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
return;
check_decay_read_errors(mddev, rdev);
@@ -38291,7 +38633,7 @@ index 46c14e5..4db5966 100644
char b[BDEVNAME_SIZE];
bdevname(rdev->bdev, b);
-@@ -2368,7 +2368,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
+@@ -2378,7 +2378,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
"md/raid10:%s: %s: Raid device exceeded "
"read_error threshold [cur %d:max %d]\n",
mdname(mddev), b,
@@ -38300,7 +38642,7 @@ index 46c14e5..4db5966 100644
printk(KERN_NOTICE
"md/raid10:%s: %s: Failing raid device\n",
mdname(mddev), b);
-@@ -2523,7 +2523,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
+@@ -2533,7 +2533,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
sect +
choose_data_offset(r10_bio, rdev)),
bdevname(rdev->bdev, b));
@@ -38310,7 +38652,7 @@ index 46c14e5..4db5966 100644
rdev_dec_pending(rdev, mddev);
diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
-index f4e87bf..0d4ad3f 100644
+index 251ab64..ed23a18 100644
--- a/drivers/md/raid5.c
+++ b/drivers/md/raid5.c
@@ -1763,21 +1763,21 @@ static void raid5_end_read_request(struct bio * bi, int error)
@@ -40387,19 +40729,6 @@ index 784e81c..349e01e 100644
struct ath_nf_limits {
s16 max;
-diff --git a/drivers/net/wireless/b43/main.c b/drivers/net/wireless/b43/main.c
-index 64b637a..911c4c0 100644
---- a/drivers/net/wireless/b43/main.c
-+++ b/drivers/net/wireless/b43/main.c
-@@ -2451,7 +2451,7 @@ static void b43_request_firmware(struct work_struct *work)
- for (i = 0; i < B43_NR_FWTYPES; i++) {
- errmsg = ctx->errors[i];
- if (strlen(errmsg))
-- b43err(dev->wl, errmsg);
-+ b43err(dev->wl, "%s", errmsg);
- }
- b43_print_fw_helptext(dev->wl, 1);
- goto out;
diff --git a/drivers/net/wireless/iwlegacy/3945-mac.c b/drivers/net/wireless/iwlegacy/3945-mac.c
index c353b5f..62aaca2 100644
--- a/drivers/net/wireless/iwlegacy/3945-mac.c
@@ -47528,6 +47857,19 @@ index ff22871..b129bed 100644
info->var.accel_flags = (!noaccel);
+diff --git a/drivers/video/output.c b/drivers/video/output.c
+index 0d6f2cd..6285b97 100644
+--- a/drivers/video/output.c
++++ b/drivers/video/output.c
+@@ -97,7 +97,7 @@ struct output_device *video_output_register(const char *name,
+ new_dev->props = op;
+ new_dev->dev.class = &video_output_class;
+ new_dev->dev.parent = dev;
+- dev_set_name(&new_dev->dev, name);
++ dev_set_name(&new_dev->dev, "%s", name);
+ dev_set_drvdata(&new_dev->dev, devdata);
+ ret_code = device_register(&new_dev->dev);
+ if (ret_code) {
diff --git a/drivers/video/s1d13xxxfb.c b/drivers/video/s1d13xxxfb.c
index 76d9053..dec2bfd 100644
--- a/drivers/video/s1d13xxxfb.c
@@ -51224,6 +51566,19 @@ index f3190ab..84ffb21 100644
trace_ext4_mballoc_discard(sb, NULL, group, bit, pa->pa_len);
return 0;
+diff --git a/fs/ext4/mmp.c b/fs/ext4/mmp.c
+index b3b1f7d..cff51d5 100644
+--- a/fs/ext4/mmp.c
++++ b/fs/ext4/mmp.c
+@@ -113,7 +113,7 @@ static int read_mmp_block(struct super_block *sb, struct buffer_head **bh,
+ void __dump_mmp_msg(struct super_block *sb, struct mmp_struct *mmp,
+ const char *function, unsigned int line, const char *msg)
+ {
+- __ext4_warning(sb, function, line, msg);
++ __ext4_warning(sb, function, line, "%s", msg);
+ __ext4_warning(sb, function, line,
+ "MMP failure info: last update time: %llu, last update "
+ "node: %s, last update device: %s\n",
diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c
index 3beae6a..8cc5637 100644
--- a/fs/ext4/resize.c
@@ -51264,9 +51619,18 @@ index 3beae6a..8cc5637 100644
else if (input->reserved_blocks > input->blocks_count / 5)
ext4_warning(sb, "Reserved blocks too high (%u)",
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
-index febbe0e..782c4fd 100644
+index febbe0e..d0cdc02 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
+@@ -1238,7 +1238,7 @@ static ext4_fsblk_t get_sb_block(void **data)
+ }
+
+ #define DEFAULT_JOURNAL_IOPRIO (IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 3))
+-static char deprecated_msg[] = "Mount option \"%s\" will be removed by %s\n"
++static const char deprecated_msg[] = "Mount option \"%s\" will be removed by %s\n"
+ "Contact linux-ext4@vger.kernel.org if you think we should keep it.\n";
+
+ #ifdef CONFIG_QUOTA
@@ -2380,7 +2380,7 @@ struct ext4_attr {
ssize_t (*store)(struct ext4_attr *, struct ext4_sb_info *,
const char *, size_t);
@@ -53103,6 +53467,19 @@ index 9760ecb..9b838ef 100644
memcpy(c->data, &cookie, 4);
c->len=4;
+diff --git a/fs/lockd/svc.c b/fs/lockd/svc.c
+index a2aa97d..10d6c41 100644
+--- a/fs/lockd/svc.c
++++ b/fs/lockd/svc.c
+@@ -305,7 +305,7 @@ static int lockd_start_svc(struct svc_serv *serv)
+ svc_sock_update_bufs(serv);
+ serv->sv_maxconn = nlm_max_connections;
+
+- nlmsvc_task = kthread_run(lockd, nlmsvc_rqst, serv->sv_name);
++ nlmsvc_task = kthread_run(lockd, nlmsvc_rqst, "%s", serv->sv_name);
+ if (IS_ERR(nlmsvc_task)) {
+ error = PTR_ERR(nlmsvc_task);
+ printk(KERN_WARNING
diff --git a/fs/locks.c b/fs/locks.c
index cb424a4..850e4dd 100644
--- a/fs/locks.c
@@ -53803,6 +54180,30 @@ index e945b81..fc018e2 100644
return -EINVAL;
get_mnt_ns(mnt_ns);
+diff --git a/fs/nfs/callback.c b/fs/nfs/callback.c
+index 5088b57..eabd719 100644
+--- a/fs/nfs/callback.c
++++ b/fs/nfs/callback.c
+@@ -208,7 +208,6 @@ static int nfs_callback_start_svc(int minorversion, struct rpc_xprt *xprt,
+ struct svc_rqst *rqstp;
+ int (*callback_svc)(void *vrqstp);
+ struct nfs_callback_data *cb_info = &nfs_callback_info[minorversion];
+- char svc_name[12];
+ int ret;
+
+ nfs_callback_bc_serv(minorversion, xprt, serv);
+@@ -232,10 +231,9 @@ static int nfs_callback_start_svc(int minorversion, struct rpc_xprt *xprt,
+
+ svc_sock_update_bufs(serv);
+
+- sprintf(svc_name, "nfsv4.%u-svc", minorversion);
+ cb_info->serv = serv;
+ cb_info->rqst = rqstp;
+- cb_info->task = kthread_run(callback_svc, cb_info->rqst, svc_name);
++ cb_info->task = kthread_run(callback_svc, cb_info->rqst, "nfsv4.%u-svc", minorversion);
+ if (IS_ERR(cb_info->task)) {
+ ret = PTR_ERR(cb_info->task);
+ svc_exit_thread(cb_info->rqst);
diff --git a/fs/nfs/callback_xdr.c b/fs/nfs/callback_xdr.c
index 59461c9..b17c57e 100644
--- a/fs/nfs/callback_xdr.c
@@ -53840,6 +54241,19 @@ index 1f94167..79c4ce4 100644
}
void nfs_fattr_init(struct nfs_fattr *fattr)
+diff --git a/fs/nfs/nfs4state.c b/fs/nfs/nfs4state.c
+index d41a351..7899577 100644
+--- a/fs/nfs/nfs4state.c
++++ b/fs/nfs/nfs4state.c
+@@ -1182,7 +1182,7 @@ void nfs4_schedule_state_manager(struct nfs_client *clp)
+ snprintf(buf, sizeof(buf), "%s-manager",
+ rpc_peeraddr2str(clp->cl_rpcclient, RPC_DISPLAY_ADDR));
+ rcu_read_unlock();
+- task = kthread_run(nfs4_run_state_manager, clp, buf);
++ task = kthread_run(nfs4_run_state_manager, clp, "%s", buf);
+ if (IS_ERR(task)) {
+ printk(KERN_ERR "%s: kthread_run: %ld\n",
+ __func__, PTR_ERR(task));
diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
index d401d01..10b3e62 100644
--- a/fs/nfsd/nfs4proc.c
@@ -53885,10 +54299,10 @@ index 6eb0dc5..29067a9 100644
};
diff --git a/fs/nfsd/nfscache.c b/fs/nfsd/nfscache.c
-index ca05f6d..411a576 100644
+index ca05f6d..b88c3a7 100644
--- a/fs/nfsd/nfscache.c
+++ b/fs/nfsd/nfscache.c
-@@ -461,13 +461,15 @@ nfsd_cache_update(struct svc_rqst *rqstp, int cachetype, __be32 *statp)
+@@ -461,13 +461,16 @@ nfsd_cache_update(struct svc_rqst *rqstp, int cachetype, __be32 *statp)
{
struct svc_cacherep *rp = rqstp->rq_cacherep;
struct kvec *resv = &rqstp->rq_res.head[0], *cachv;
@@ -53901,7 +54315,8 @@ index ca05f6d..411a576 100644
- len = resv->iov_len - ((char*)statp - (char*)resv->iov_base);
- len >>= 2;
+ if (statp) {
-+ len = resv->iov_len - ((char*)statp - (char*)resv->iov_base);
++ len = (char*)statp - (char*)resv->iov_base;
++ len = resv->iov_len - len;
+ len >>= 2;
+ }
@@ -67692,7 +68107,7 @@ index 34025df..d94bbbc 100644
/*
* Users often need to create attribute structures for their configurable
diff --git a/include/linux/cpu.h b/include/linux/cpu.h
-index ce7a074..01ab8ac 100644
+index 714e792..e6130d9 100644
--- a/include/linux/cpu.h
+++ b/include/linux/cpu.h
@@ -115,7 +115,7 @@ enum {
@@ -72140,7 +72555,7 @@ index 6f8fbcf..8259001 100644
+ MODULE_GRSEC
diff --git a/include/linux/vmalloc.h b/include/linux/vmalloc.h
-index 6071e91..ca6a489 100644
+index 6071e91..4c73b47 100644
--- a/include/linux/vmalloc.h
+++ b/include/linux/vmalloc.h
@@ -14,6 +14,11 @@ struct vm_area_struct; /* vma defining user mapping in mm_types.h */
@@ -72148,7 +72563,7 @@ index 6071e91..ca6a489 100644
#define VM_VPAGES 0x00000010 /* buffer for pages was vmalloc'ed */
#define VM_UNLIST 0x00000020 /* vm_struct is not listed in vmlist */
+
-+#if defined(CONFIG_MODULES) && defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC)
++#if defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC)
+#define VM_KERNEXEC 0x00000040 /* allocate from executable kernel memory range */
+#endif
+
@@ -73657,7 +74072,7 @@ index ba0a7f36..2bcf1d5 100644
{ INIT_THREAD_INFO(init_task) };
+#endif
diff --git a/init/initramfs.c b/init/initramfs.c
-index a67ef9d..3d88592 100644
+index a67ef9d..2d17ed9 100644
--- a/init/initramfs.c
+++ b/init/initramfs.c
@@ -84,7 +84,7 @@ static void __init free_hash(void)
@@ -73768,6 +74183,15 @@ index a67ef9d..3d88592 100644
state = SkipIt;
next_state = Reset;
return 0;
+@@ -583,7 +583,7 @@ static int __init populate_rootfs(void)
+ {
+ char *err = unpack_to_rootfs(__initramfs_start, __initramfs_size);
+ if (err)
+- panic(err); /* Failed to decompress INTERNAL initramfs */
++ panic("%s", err); /* Failed to decompress INTERNAL initramfs */
+ if (initrd_start) {
+ #ifdef CONFIG_BLK_DEV_RAM
+ int fd;
diff --git a/init/main.c b/init/main.c
index 63534a1..85feae2 100644
--- a/init/main.c
@@ -74184,7 +74608,7 @@ index b9bd7f0..1762b4a 100644
current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim;
set_fs(fs);
diff --git a/kernel/audit.c b/kernel/audit.c
-index d596e53..dbef3c3 100644
+index 8a667f10..7375e3f 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -116,7 +116,7 @@ u32 audit_sig_sid = 0;
@@ -77131,37 +77555,10 @@ index 98088e0..aaf95c0 100644
if (pm_wakeup_pending()) {
diff --git a/kernel/printk.c b/kernel/printk.c
-index abbdd9e..f294251 100644
+index 0e4eba6a..d58ebf0 100644
--- a/kernel/printk.c
+++ b/kernel/printk.c
-@@ -615,11 +615,17 @@ static unsigned int devkmsg_poll(struct file *file, poll_table *wait)
- return ret;
- }
-
-+static int check_syslog_permissions(int type, bool from_file);
-+
- static int devkmsg_open(struct inode *inode, struct file *file)
- {
- struct devkmsg_user *user;
- int err;
-
-+ err = check_syslog_permissions(SYSLOG_ACTION_OPEN, SYSLOG_FROM_FILE);
-+ if (err)
-+ return err;
-+
- /* write-only does not need any file context */
- if ((file->f_flags & O_ACCMODE) == O_WRONLY)
- return 0;
-@@ -828,7 +834,7 @@ static int syslog_action_restricted(int type)
- if (dmesg_restrict)
- return 1;
- /* Unless restricted, we allow "read all" and "get buffer size" for everybody */
-- return type != SYSLOG_ACTION_READ_ALL && type != SYSLOG_ACTION_SIZE_BUFFER;
-+ return type != SYSLOG_ACTION_OPEN && type != SYSLOG_ACTION_READ_ALL && type != SYSLOG_ACTION_SIZE_BUFFER;
- }
-
- static int check_syslog_permissions(int type, bool from_file)
-@@ -840,6 +846,11 @@ static int check_syslog_permissions(int type, bool from_file)
+@@ -395,6 +395,11 @@ static int check_syslog_permissions(int type, bool from_file)
if (from_file && type != SYSLOG_ACTION_OPEN)
return 0;
@@ -77549,7 +77946,7 @@ index e1f3a8c..42c94a2 100644
for (i = 0; i < RCU_TORTURE_PIPE_LEN + 1; i++) {
per_cpu(rcu_torture_count, cpu)[i] = 0;
diff --git a/kernel/rcutree.c b/kernel/rcutree.c
-index 5b8ad82..17274d1 100644
+index 5b8ad82..59e1f64 100644
--- a/kernel/rcutree.c
+++ b/kernel/rcutree.c
@@ -353,9 +353,9 @@ static void rcu_eqs_enter_common(struct rcu_dynticks *rdtp, long long oldval,
@@ -77803,6 +78200,15 @@ index 5b8ad82..17274d1 100644
rcu_prepare_for_idle_init(cpu);
raw_spin_unlock(&rnp->lock); /* irqs remain disabled. */
+@@ -2964,7 +2964,7 @@ static int __init rcu_spawn_gp_kthread(void)
+ struct task_struct *t;
+
+ for_each_rcu_flavor(rsp) {
+- t = kthread_run(rcu_gp_kthread, rsp, rsp->name);
++ t = kthread_run(rcu_gp_kthread, rsp, "%s", rsp->name);
+ BUG_ON(IS_ERR(t));
+ rnp = rcu_get_root(rsp);
+ raw_spin_lock_irqsave(&rnp->lock, flags);
diff --git a/kernel/rcutree.h b/kernel/rcutree.h
index c896b50..c357252 100644
--- a/kernel/rcutree.h
@@ -78571,7 +78977,7 @@ index 01d5ccb..cdcbee6 100644
return idx;
}
diff --git a/kernel/sys.c b/kernel/sys.c
-index 0da73cf..5c2af3c 100644
+index e5f0aca..8d58b1f 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -158,6 +158,12 @@ static int set_one_prio(struct task_struct *p, int niceval, int error)
@@ -78587,7 +78993,7 @@ index 0da73cf..5c2af3c 100644
no_nice = security_task_setnice(p, niceval);
if (no_nice) {
error = no_nice;
-@@ -598,6 +604,9 @@ SYSCALL_DEFINE2(setregid, gid_t, rgid, gid_t, egid)
+@@ -621,6 +627,9 @@ SYSCALL_DEFINE2(setregid, gid_t, rgid, gid_t, egid)
goto error;
}
@@ -78597,7 +79003,7 @@ index 0da73cf..5c2af3c 100644
if (rgid != (gid_t) -1 ||
(egid != (gid_t) -1 && !gid_eq(kegid, old->gid)))
new->sgid = new->egid;
-@@ -633,6 +642,10 @@ SYSCALL_DEFINE1(setgid, gid_t, gid)
+@@ -656,6 +665,10 @@ SYSCALL_DEFINE1(setgid, gid_t, gid)
old = current_cred();
retval = -EPERM;
@@ -78608,7 +79014,7 @@ index 0da73cf..5c2af3c 100644
if (nsown_capable(CAP_SETGID))
new->gid = new->egid = new->sgid = new->fsgid = kgid;
else if (gid_eq(kgid, old->gid) || gid_eq(kgid, old->sgid))
-@@ -650,7 +663,7 @@ error:
+@@ -673,7 +686,7 @@ error:
/*
* change the user struct in a credentials set to match the new UID
*/
@@ -78617,7 +79023,7 @@ index 0da73cf..5c2af3c 100644
{
struct user_struct *new_user;
-@@ -730,6 +743,9 @@ SYSCALL_DEFINE2(setreuid, uid_t, ruid, uid_t, euid)
+@@ -753,6 +766,9 @@ SYSCALL_DEFINE2(setreuid, uid_t, ruid, uid_t, euid)
goto error;
}
@@ -78627,7 +79033,7 @@ index 0da73cf..5c2af3c 100644
if (!uid_eq(new->uid, old->uid)) {
retval = set_user(new);
if (retval < 0)
-@@ -780,6 +796,12 @@ SYSCALL_DEFINE1(setuid, uid_t, uid)
+@@ -803,6 +819,12 @@ SYSCALL_DEFINE1(setuid, uid_t, uid)
old = current_cred();
retval = -EPERM;
@@ -78640,7 +79046,7 @@ index 0da73cf..5c2af3c 100644
if (nsown_capable(CAP_SETUID)) {
new->suid = new->uid = kuid;
if (!uid_eq(kuid, old->uid)) {
-@@ -849,6 +871,9 @@ SYSCALL_DEFINE3(setresuid, uid_t, ruid, uid_t, euid, uid_t, suid)
+@@ -872,6 +894,9 @@ SYSCALL_DEFINE3(setresuid, uid_t, ruid, uid_t, euid, uid_t, suid)
goto error;
}
@@ -78650,7 +79056,7 @@ index 0da73cf..5c2af3c 100644
if (ruid != (uid_t) -1) {
new->uid = kruid;
if (!uid_eq(kruid, old->uid)) {
-@@ -931,6 +956,9 @@ SYSCALL_DEFINE3(setresgid, gid_t, rgid, gid_t, egid, gid_t, sgid)
+@@ -954,6 +979,9 @@ SYSCALL_DEFINE3(setresgid, gid_t, rgid, gid_t, egid, gid_t, sgid)
goto error;
}
@@ -78660,7 +79066,7 @@ index 0da73cf..5c2af3c 100644
if (rgid != (gid_t) -1)
new->gid = krgid;
if (egid != (gid_t) -1)
-@@ -992,12 +1020,16 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid)
+@@ -1015,12 +1043,16 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid)
uid_eq(kuid, old->suid) || uid_eq(kuid, old->fsuid) ||
nsown_capable(CAP_SETUID)) {
if (!uid_eq(kuid, old->fsuid)) {
@@ -78677,7 +79083,7 @@ index 0da73cf..5c2af3c 100644
abort_creds(new);
return old_fsuid;
-@@ -1030,12 +1062,16 @@ SYSCALL_DEFINE1(setfsgid, gid_t, gid)
+@@ -1053,12 +1085,16 @@ SYSCALL_DEFINE1(setfsgid, gid_t, gid)
if (gid_eq(kgid, old->gid) || gid_eq(kgid, old->egid) ||
gid_eq(kgid, old->sgid) || gid_eq(kgid, old->fsgid) ||
nsown_capable(CAP_SETGID)) {
@@ -78694,7 +79100,7 @@ index 0da73cf..5c2af3c 100644
abort_creds(new);
return old_fsgid;
-@@ -1343,19 +1379,19 @@ SYSCALL_DEFINE1(olduname, struct oldold_utsname __user *, name)
+@@ -1366,19 +1402,19 @@ SYSCALL_DEFINE1(olduname, struct oldold_utsname __user *, name)
return -EFAULT;
down_read(&uts_sem);
@@ -78719,7 +79125,7 @@ index 0da73cf..5c2af3c 100644
__OLD_UTS_LEN);
error |= __put_user(0, name->machine + __OLD_UTS_LEN);
up_read(&uts_sem);
-@@ -1557,6 +1593,13 @@ int do_prlimit(struct task_struct *tsk, unsigned int resource,
+@@ -1580,6 +1616,13 @@ int do_prlimit(struct task_struct *tsk, unsigned int resource,
*/
new_rlim->rlim_cur = 1;
}
@@ -80094,9 +80500,18 @@ index bd2bea9..6b3c95e 100644
return false;
diff --git a/lib/kobject.c b/lib/kobject.c
-index a654866..a4fd13d 100644
+index a654866..d8bb115 100644
--- a/lib/kobject.c
+++ b/lib/kobject.c
+@@ -805,7 +805,7 @@ static struct kset *kset_create(const char *name,
+ kset = kzalloc(sizeof(*kset), GFP_KERNEL);
+ if (!kset)
+ return NULL;
+- retval = kobject_set_name(&kset->kobj, name);
++ retval = kobject_set_name(&kset->kobj, "%s", name);
+ if (retval) {
+ kfree(kset);
+ return NULL;
@@ -859,9 +859,9 @@ EXPORT_SYMBOL_GPL(kset_create_and_add);
@@ -80489,6 +80904,28 @@ index 3bea74f..e821c99 100644
select PROC_PAGE_MONITOR
config NOMMU_INITIAL_TRIM_EXCESS
+diff --git a/mm/backing-dev.c b/mm/backing-dev.c
+index 41733c5..d80d7a9 100644
+--- a/mm/backing-dev.c
++++ b/mm/backing-dev.c
+@@ -716,7 +716,6 @@ EXPORT_SYMBOL(bdi_destroy);
+ int bdi_setup_and_register(struct backing_dev_info *bdi, char *name,
+ unsigned int cap)
+ {
+- char tmp[32];
+ int err;
+
+ bdi->name = name;
+@@ -725,8 +724,7 @@ int bdi_setup_and_register(struct backing_dev_info *bdi, char *name,
+ if (err)
+ return err;
+
+- sprintf(tmp, "%.28s%s", name, "-%d");
+- err = bdi_register(bdi, NULL, tmp, atomic_long_inc_return(&bdi_seq));
++ err = bdi_register(bdi, NULL, "%.28s-%ld", name, atomic_long_inc_return(&bdi_seq));
+ if (err) {
+ bdi_destroy(bdi);
+ return err;
diff --git a/mm/filemap.c b/mm/filemap.c
index e1979fd..dda5120 100644
--- a/mm/filemap.c
@@ -80555,7 +80992,7 @@ index b32b70c..e512eb0 100644
set_page_address(page, (void *)vaddr);
diff --git a/mm/hugetlb.c b/mm/hugetlb.c
-index 1a12f5b..a85b8fc 100644
+index ce4cb19..93899ef 100644
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -2005,15 +2005,17 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy,
@@ -81722,10 +82159,10 @@ index 7431001..0f8344e 100644
capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE);
diff --git a/mm/migrate.c b/mm/migrate.c
-index 22ed5c1..87c424c 100644
+index c04d9af..0b41805 100644
--- a/mm/migrate.c
+++ b/mm/migrate.c
-@@ -1382,8 +1382,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages,
+@@ -1395,8 +1395,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages,
*/
tcred = __task_cred(task);
if (!uid_eq(cred->euid, tcred->suid) && !uid_eq(cred->euid, tcred->uid) &&
@@ -83456,7 +83893,7 @@ index efe6814..64b4701 100644
.next = NULL,
};
diff --git a/mm/page_alloc.c b/mm/page_alloc.c
-index 8fcced7..ebcd481 100644
+index 0d4fef2..8870335 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -59,6 +59,7 @@
@@ -84423,7 +84860,7 @@ index eeed4a0..6ee34ec 100644
EXPORT_SYMBOL(kmem_cache_free);
diff --git a/mm/slub.c b/mm/slub.c
-index 4aec537..a64753d 100644
+index 4aec537..8043df1 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -197,7 +197,7 @@ struct track {
@@ -84667,6 +85104,15 @@ index 4aec537..a64753d 100644
static int sysfs_slab_add(struct kmem_cache *s)
{
int err;
+@@ -5289,7 +5371,7 @@ static int sysfs_slab_add(struct kmem_cache *s)
+ }
+
+ s->kobj.kset = slab_kset;
+- err = kobject_init_and_add(&s->kobj, &slab_ktype, NULL, name);
++ err = kobject_init_and_add(&s->kobj, &slab_ktype, NULL, "%s", name);
+ if (err) {
+ kobject_put(&s->kobj);
+ return err;
@@ -5323,6 +5405,7 @@ static void sysfs_slab_remove(struct kmem_cache *s)
kobject_del(&s->kobj);
kobject_put(&s->kobj);
@@ -84816,7 +85262,7 @@ index ab1424d..7c5bd5a 100644
mm->unmap_area = arch_unmap_area;
}
diff --git a/mm/vmalloc.c b/mm/vmalloc.c
-index 0f751f2..ef398a0 100644
+index 0f751f2..2bc3bd1 100644
--- a/mm/vmalloc.c
+++ b/mm/vmalloc.c
@@ -39,8 +39,19 @@ static void vunmap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end)
@@ -84826,7 +85272,7 @@ index 0f751f2..ef398a0 100644
- pte_t ptent = ptep_get_and_clear(&init_mm, addr, pte);
- WARN_ON(!pte_none(ptent) && !pte_present(ptent));
+
-+#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
++#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
+ if ((unsigned long)MODULES_EXEC_VADDR <= addr && addr < (unsigned long)MODULES_EXEC_END) {
+ BUG_ON(!pte_exec(*pte));
+ set_pte_at(&init_mm, addr, pte, pfn_pte(__pa(addr) >> PAGE_SHIFT, PAGE_KERNEL_EXEC));
@@ -84851,7 +85297,7 @@ index 0f751f2..ef398a0 100644
struct page *page = pages[*nr];
- if (WARN_ON(!pte_none(*pte)))
-+#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
++#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
+ if (pgprot_val(prot) & _PAGE_NX)
+#endif
+
@@ -84891,14 +85337,7 @@ index 0f751f2..ef398a0 100644
if (!pud)
return -ENOMEM;
do {
-@@ -191,11 +215,20 @@ int is_vmalloc_or_module_addr(const void *x)
- * and fall back on vmalloc() if that fails. Others
- * just put it in the vmalloc space.
- */
--#if defined(CONFIG_MODULES) && defined(MODULES_VADDR)
-+#ifdef CONFIG_MODULES
-+#ifdef MODULES_VADDR
- unsigned long addr = (unsigned long)x;
+@@ -196,6 +220,12 @@ int is_vmalloc_or_module_addr(const void *x)
if (addr >= MODULES_VADDR && addr < MODULES_END)
return 1;
#endif
@@ -84908,12 +85347,10 @@ index 0f751f2..ef398a0 100644
+ return 1;
+#endif
+
-+#endif
-+
return is_vmalloc_addr(x);
}
-@@ -216,8 +249,14 @@ struct page *vmalloc_to_page(const void *vmalloc_addr)
+@@ -216,8 +246,14 @@ struct page *vmalloc_to_page(const void *vmalloc_addr)
if (!pgd_none(*pgd)) {
pud_t *pud = pud_offset(pgd, addr);
@@ -84928,7 +85365,7 @@ index 0f751f2..ef398a0 100644
if (!pmd_none(*pmd)) {
pte_t *ptep, pte;
-@@ -329,7 +368,7 @@ static void purge_vmap_area_lazy(void);
+@@ -329,7 +365,7 @@ static void purge_vmap_area_lazy(void);
* Allocate a region of KVA of the specified size and alignment, within the
* vstart and vend.
*/
@@ -84937,12 +85374,12 @@ index 0f751f2..ef398a0 100644
unsigned long align,
unsigned long vstart, unsigned long vend,
int node, gfp_t gfp_mask)
-@@ -1328,6 +1367,16 @@ static struct vm_struct *__get_vm_area_node(unsigned long size,
+@@ -1328,6 +1364,16 @@ static struct vm_struct *__get_vm_area_node(unsigned long size,
struct vm_struct *area;
BUG_ON(in_interrupt());
+
-+#if defined(CONFIG_MODULES) && defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC)
++#if defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC)
+ if (flags & VM_KERNEXEC) {
+ if (start != VMALLOC_START || end != VMALLOC_END)
+ return NULL;
@@ -84954,11 +85391,11 @@ index 0f751f2..ef398a0 100644
if (flags & VM_IOREMAP) {
int bit = fls(size);
-@@ -1569,6 +1618,11 @@ void *vmap(struct page **pages, unsigned int count,
+@@ -1569,6 +1615,11 @@ void *vmap(struct page **pages, unsigned int count,
if (count > totalram_pages)
return NULL;
-+#if defined(CONFIG_MODULES) && defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC)
++#if defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC)
+ if (!(pgprot_val(prot) & _PAGE_NX))
+ flags |= VM_KERNEXEC;
+#endif
@@ -84966,11 +85403,11 @@ index 0f751f2..ef398a0 100644
area = get_vm_area_caller((count << PAGE_SHIFT), flags,
__builtin_return_address(0));
if (!area)
-@@ -1670,6 +1724,13 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align,
+@@ -1670,6 +1721,13 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align,
if (!size || (size >> PAGE_SHIFT) > totalram_pages)
goto fail;
-+#if defined(CONFIG_MODULES) && defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC)
++#if defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC)
+ if (!(pgprot_val(prot) & _PAGE_NX))
+ area = __get_vm_area_node(size, align, VM_ALLOC | VM_UNLIST | VM_KERNEXEC,
+ VMALLOC_START, VMALLOC_END, node, gfp_mask, caller);
@@ -84980,7 +85417,7 @@ index 0f751f2..ef398a0 100644
area = __get_vm_area_node(size, align, VM_ALLOC | VM_UNLIST,
start, end, node, gfp_mask, caller);
if (!area)
-@@ -1845,10 +1906,9 @@ EXPORT_SYMBOL(vzalloc_node);
+@@ -1845,10 +1903,9 @@ EXPORT_SYMBOL(vzalloc_node);
* For tight control over page level allocator and protection flags
* use __vmalloc() instead.
*/
@@ -84992,7 +85429,7 @@ index 0f751f2..ef398a0 100644
NUMA_NO_NODE, __builtin_return_address(0));
}
-@@ -2139,6 +2199,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr,
+@@ -2139,6 +2196,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr,
unsigned long uaddr = vma->vm_start;
unsigned long usize = vma->vm_end - vma->vm_start;
@@ -85001,7 +85438,7 @@ index 0f751f2..ef398a0 100644
if ((PAGE_SIZE-1) & (unsigned long)addr)
return -EINVAL;
-@@ -2578,7 +2640,11 @@ static int s_show(struct seq_file *m, void *p)
+@@ -2578,7 +2637,11 @@ static int s_show(struct seq_file *m, void *p)
v->addr, v->addr + v->size, v->size);
if (v->caller)
@@ -85388,6 +85825,31 @@ index 50e079f..49ce2d2 100644
frag1->seqno = htons(seqno - 1);
frag2->seqno = htons(seqno);
+diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
+index b88605f..958e3e2 100644
+--- a/net/bluetooth/hci_core.c
++++ b/net/bluetooth/hci_core.c
+@@ -1793,16 +1793,16 @@ int hci_register_dev(struct hci_dev *hdev)
+ list_add(&hdev->list, &hci_dev_list);
+ write_unlock(&hci_dev_list_lock);
+
+- hdev->workqueue = alloc_workqueue(hdev->name, WQ_HIGHPRI | WQ_UNBOUND |
+- WQ_MEM_RECLAIM, 1);
++ hdev->workqueue = alloc_workqueue("%s", WQ_HIGHPRI | WQ_UNBOUND |
++ WQ_MEM_RECLAIM, 1, hdev->name);
+ if (!hdev->workqueue) {
+ error = -ENOMEM;
+ goto err;
+ }
+
+- hdev->req_workqueue = alloc_workqueue(hdev->name,
++ hdev->req_workqueue = alloc_workqueue("%s",
+ WQ_HIGHPRI | WQ_UNBOUND |
+- WQ_MEM_RECLAIM, 1);
++ WQ_MEM_RECLAIM, 1, hdev->name);
+ if (!hdev->req_workqueue) {
+ destroy_workqueue(hdev->workqueue);
+ error = -ENOMEM;
diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
index 6a93614..1415549 100644
--- a/net/bluetooth/hci_sock.c
@@ -85402,7 +85864,7 @@ index 6a93614..1415549 100644
err = -EFAULT;
break;
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
-index 7c7e932..8d23158 100644
+index c5f9cd6..8d23158 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -3395,8 +3395,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len,
@@ -85418,223 +85880,6 @@ index 7c7e932..8d23158 100644
if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) &&
rfc.mode != chan->mode)
-@@ -3568,10 +3570,14 @@ static void l2cap_conf_rfc_get(struct l2cap_chan *chan, void *rsp, int len)
- }
-
- static inline int l2cap_command_rej(struct l2cap_conn *conn,
-- struct l2cap_cmd_hdr *cmd, u8 *data)
-+ struct l2cap_cmd_hdr *cmd, u16 cmd_len,
-+ u8 *data)
- {
- struct l2cap_cmd_rej_unk *rej = (struct l2cap_cmd_rej_unk *) data;
-
-+ if (cmd_len < sizeof(*rej))
-+ return -EPROTO;
-+
- if (rej->reason != L2CAP_REJ_NOT_UNDERSTOOD)
- return 0;
-
-@@ -3720,11 +3726,14 @@ sendresp:
- }
-
- static int l2cap_connect_req(struct l2cap_conn *conn,
-- struct l2cap_cmd_hdr *cmd, u8 *data)
-+ struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
- {
- struct hci_dev *hdev = conn->hcon->hdev;
- struct hci_conn *hcon = conn->hcon;
-
-+ if (cmd_len < sizeof(struct l2cap_conn_req))
-+ return -EPROTO;
-+
- hci_dev_lock(hdev);
- if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
- !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &hcon->flags))
-@@ -3738,7 +3747,8 @@ static int l2cap_connect_req(struct l2cap_conn *conn,
- }
-
- static int l2cap_connect_create_rsp(struct l2cap_conn *conn,
-- struct l2cap_cmd_hdr *cmd, u8 *data)
-+ struct l2cap_cmd_hdr *cmd, u16 cmd_len,
-+ u8 *data)
- {
- struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
- u16 scid, dcid, result, status;
-@@ -3746,6 +3756,9 @@ static int l2cap_connect_create_rsp(struct l2cap_conn *conn,
- u8 req[128];
- int err;
-
-+ if (cmd_len < sizeof(*rsp))
-+ return -EPROTO;
-+
- scid = __le16_to_cpu(rsp->scid);
- dcid = __le16_to_cpu(rsp->dcid);
- result = __le16_to_cpu(rsp->result);
-@@ -3843,6 +3856,9 @@ static inline int l2cap_config_req(struct l2cap_conn *conn,
- struct l2cap_chan *chan;
- int len, err = 0;
-
-+ if (cmd_len < sizeof(*req))
-+ return -EPROTO;
-+
- dcid = __le16_to_cpu(req->dcid);
- flags = __le16_to_cpu(req->flags);
-
-@@ -3866,7 +3882,7 @@ static inline int l2cap_config_req(struct l2cap_conn *conn,
-
- /* Reject if config buffer is too small. */
- len = cmd_len - sizeof(*req);
-- if (len < 0 || chan->conf_len + len > sizeof(chan->conf_req)) {
-+ if (chan->conf_len + len > sizeof(chan->conf_req)) {
- l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
- l2cap_build_conf_rsp(chan, rsp,
- L2CAP_CONF_REJECT, flags), rsp);
-@@ -3944,14 +3960,18 @@ unlock:
- }
-
- static inline int l2cap_config_rsp(struct l2cap_conn *conn,
-- struct l2cap_cmd_hdr *cmd, u8 *data)
-+ struct l2cap_cmd_hdr *cmd, u16 cmd_len,
-+ u8 *data)
- {
- struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
- u16 scid, flags, result;
- struct l2cap_chan *chan;
-- int len = le16_to_cpu(cmd->len) - sizeof(*rsp);
-+ int len = cmd_len - sizeof(*rsp);
- int err = 0;
-
-+ if (cmd_len < sizeof(*rsp))
-+ return -EPROTO;
-+
- scid = __le16_to_cpu(rsp->scid);
- flags = __le16_to_cpu(rsp->flags);
- result = __le16_to_cpu(rsp->result);
-@@ -4052,7 +4072,8 @@ done:
- }
-
- static inline int l2cap_disconnect_req(struct l2cap_conn *conn,
-- struct l2cap_cmd_hdr *cmd, u8 *data)
-+ struct l2cap_cmd_hdr *cmd, u16 cmd_len,
-+ u8 *data)
- {
- struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
- struct l2cap_disconn_rsp rsp;
-@@ -4060,6 +4081,9 @@ static inline int l2cap_disconnect_req(struct l2cap_conn *conn,
- struct l2cap_chan *chan;
- struct sock *sk;
-
-+ if (cmd_len != sizeof(*req))
-+ return -EPROTO;
-+
- scid = __le16_to_cpu(req->scid);
- dcid = __le16_to_cpu(req->dcid);
-
-@@ -4099,12 +4123,16 @@ static inline int l2cap_disconnect_req(struct l2cap_conn *conn,
- }
-
- static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn,
-- struct l2cap_cmd_hdr *cmd, u8 *data)
-+ struct l2cap_cmd_hdr *cmd, u16 cmd_len,
-+ u8 *data)
- {
- struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
- u16 dcid, scid;
- struct l2cap_chan *chan;
-
-+ if (cmd_len != sizeof(*rsp))
-+ return -EPROTO;
-+
- scid = __le16_to_cpu(rsp->scid);
- dcid = __le16_to_cpu(rsp->dcid);
-
-@@ -4134,11 +4162,15 @@ static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn,
- }
-
- static inline int l2cap_information_req(struct l2cap_conn *conn,
-- struct l2cap_cmd_hdr *cmd, u8 *data)
-+ struct l2cap_cmd_hdr *cmd, u16 cmd_len,
-+ u8 *data)
- {
- struct l2cap_info_req *req = (struct l2cap_info_req *) data;
- u16 type;
-
-+ if (cmd_len != sizeof(*req))
-+ return -EPROTO;
-+
- type = __le16_to_cpu(req->type);
-
- BT_DBG("type 0x%4.4x", type);
-@@ -4185,11 +4217,15 @@ static inline int l2cap_information_req(struct l2cap_conn *conn,
- }
-
- static inline int l2cap_information_rsp(struct l2cap_conn *conn,
-- struct l2cap_cmd_hdr *cmd, u8 *data)
-+ struct l2cap_cmd_hdr *cmd, u16 cmd_len,
-+ u8 *data)
- {
- struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
- u16 type, result;
-
-+ if (cmd_len != sizeof(*rsp))
-+ return -EPROTO;
-+
- type = __le16_to_cpu(rsp->type);
- result = __le16_to_cpu(rsp->result);
-
-@@ -5055,16 +5091,16 @@ static inline int l2cap_bredr_sig_cmd(struct l2cap_conn *conn,
-
- switch (cmd->code) {
- case L2CAP_COMMAND_REJ:
-- l2cap_command_rej(conn, cmd, data);
-+ l2cap_command_rej(conn, cmd, cmd_len, data);
- break;
-
- case L2CAP_CONN_REQ:
-- err = l2cap_connect_req(conn, cmd, data);
-+ err = l2cap_connect_req(conn, cmd, cmd_len, data);
- break;
-
- case L2CAP_CONN_RSP:
- case L2CAP_CREATE_CHAN_RSP:
-- err = l2cap_connect_create_rsp(conn, cmd, data);
-+ err = l2cap_connect_create_rsp(conn, cmd, cmd_len, data);
- break;
-
- case L2CAP_CONF_REQ:
-@@ -5072,15 +5108,15 @@ static inline int l2cap_bredr_sig_cmd(struct l2cap_conn *conn,
- break;
-
- case L2CAP_CONF_RSP:
-- err = l2cap_config_rsp(conn, cmd, data);
-+ err = l2cap_config_rsp(conn, cmd, cmd_len, data);
- break;
-
- case L2CAP_DISCONN_REQ:
-- err = l2cap_disconnect_req(conn, cmd, data);
-+ err = l2cap_disconnect_req(conn, cmd, cmd_len, data);
- break;
-
- case L2CAP_DISCONN_RSP:
-- err = l2cap_disconnect_rsp(conn, cmd, data);
-+ err = l2cap_disconnect_rsp(conn, cmd, cmd_len, data);
- break;
-
- case L2CAP_ECHO_REQ:
-@@ -5091,11 +5127,11 @@ static inline int l2cap_bredr_sig_cmd(struct l2cap_conn *conn,
- break;
-
- case L2CAP_INFO_REQ:
-- err = l2cap_information_req(conn, cmd, data);
-+ err = l2cap_information_req(conn, cmd, cmd_len, data);
- break;
-
- case L2CAP_INFO_RSP:
-- err = l2cap_information_rsp(conn, cmd, data);
-+ err = l2cap_information_rsp(conn, cmd, cmd_len, data);
- break;
-
- case L2CAP_CREATE_CHAN_REQ:
diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c
index 1bcfb84..dad9f98 100644
--- a/net/bluetooth/l2cap_sock.c
@@ -89030,6 +89275,28 @@ index 58ab405..50eb8d3 100644
unsigned int users)
{
if (users > 0)
+diff --git a/net/netfilter/nf_conntrack_proto_dccp.c b/net/netfilter/nf_conntrack_proto_dccp.c
+index ba65b20..2a4d937 100644
+--- a/net/netfilter/nf_conntrack_proto_dccp.c
++++ b/net/netfilter/nf_conntrack_proto_dccp.c
+@@ -456,7 +456,7 @@ static bool dccp_new(struct nf_conn *ct, const struct sk_buff *skb,
+
+ out_invalid:
+ if (LOG_INVALID(net, IPPROTO_DCCP))
+- nf_log_packet(nf_ct_l3num(ct), 0, skb, NULL, NULL, NULL, msg);
++ nf_log_packet(nf_ct_l3num(ct), 0, skb, NULL, NULL, NULL, "%s", msg);
+ return false;
+ }
+
+@@ -613,7 +613,7 @@ static int dccp_error(struct net *net, struct nf_conn *tmpl,
+
+ out_invalid:
+ if (LOG_INVALID(net, IPPROTO_DCCP))
+- nf_log_packet(pf, 0, skb, NULL, NULL, NULL, msg);
++ nf_log_packet(pf, 0, skb, NULL, NULL, NULL, "%s", msg);
+ return -NF_ACCEPT;
+ }
+
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
index fedee39..d62a93d 100644
--- a/net/netfilter/nf_conntrack_standalone.c
@@ -90576,9 +90843,18 @@ index 5356b12..c0f4c29 100644
#else
static inline void rpc_task_set_debuginfo(struct rpc_task *task)
diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c
-index 89a588b..ba2cef8 100644
+index 89a588b..678ed90 100644
--- a/net/sunrpc/svc.c
+++ b/net/sunrpc/svc.c
+@@ -740,7 +740,7 @@ svc_set_num_threads(struct svc_serv *serv, struct svc_pool *pool, int nrservs)
+
+ __module_get(serv->sv_module);
+ task = kthread_create_on_node(serv->sv_function, rqstp,
+- node, serv->sv_name);
++ node, "%s", serv->sv_name);
+ if (IS_ERR(task)) {
+ error = PTR_ERR(task);
+ module_put(serv->sv_module);
@@ -1160,7 +1160,9 @@ svc_process_common(struct svc_rqst *rqstp, struct kvec *argv, struct kvec *resv)
svc_putnl(resv, RPC_SUCCESS);
@@ -91681,10 +91957,10 @@ index f5eb43d..1814de8 100644
shdr = (Elf_Shdr *)((char *)ehdr + _r(&ehdr->e_shoff));
shstrtab_sec = shdr + r2(&ehdr->e_shstrndx);
diff --git a/security/Kconfig b/security/Kconfig
-index e9c6ac7..e6254cf 100644
+index e9c6ac7..66bf8e9 100644
--- a/security/Kconfig
+++ b/security/Kconfig
-@@ -4,6 +4,944 @@
+@@ -4,6 +4,945 @@
menu "Security options"
@@ -92309,15 +92585,16 @@ index e9c6ac7..e6254cf 100644
+ int "Minimum amount of memory reserved for module code"
+ default "4" if (!GRKERNSEC_CONFIG_AUTO || GRKERNSEC_CONFIG_SERVER)
+ default "12" if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_DESKTOP)
-+ depends on PAX_KERNEXEC && X86_32 && MODULES
++ depends on PAX_KERNEXEC && X86_32
+ help
+ Due to implementation details the kernel must reserve a fixed
-+ amount of memory for module code at compile time that cannot be
-+ changed at runtime. Here you can specify the minimum amount
-+ in MB that will be reserved. Due to the same implementation
-+ details this size will always be rounded up to the next 2/4 MB
-+ boundary (depends on PAE) so the actually available memory for
-+ module code will usually be more than this minimum.
++ amount of memory for runtime allocated code (such as modules)
++ at compile time that cannot be changed at runtime. Here you
++ can specify the minimum amount in MB that will be reserved.
++ Due to the same implementation details this size will always
++ be rounded up to the next 2/4 MB boundary (depends on PAE) so
++ the actually available memory for runtime allocated code will
++ usually be more than this minimum.
+
+ The default 4 MB should be enough for most users but if you have
+ an excessive number of modules (e.g., most distribution configs
@@ -92629,7 +92906,7 @@ index e9c6ac7..e6254cf 100644
source security/keys/Kconfig
config SECURITY_DMESG_RESTRICT
-@@ -103,7 +1041,7 @@ config INTEL_TXT
+@@ -103,7 +1042,7 @@ config INTEL_TXT
config LSM_MMAP_MIN_ADDR
int "Low address space for LSM to protect from user allocation"
depends on SECURITY && SECURITY_SELINUX
@@ -93552,6 +93829,19 @@ index 040c60e..989a19a 100644
dev->status = SNDRV_SEQ_DEVICE_FREE;
dev->driver_data = NULL;
ops->num_init_devices--;
+diff --git a/sound/core/sound.c b/sound/core/sound.c
+index 70ccdab..50f2e10 100644
+--- a/sound/core/sound.c
++++ b/sound/core/sound.c
+@@ -86,7 +86,7 @@ static void snd_request_other(int minor)
+ case SNDRV_MINOR_TIMER: str = "snd-timer"; break;
+ default: return;
+ }
+- request_module(str);
++ request_module("%s", str);
+ }
+
+ #endif /* modular kernel */
diff --git a/sound/drivers/mts64.c b/sound/drivers/mts64.c
index 4e0dd22..7a1f32c 100644
--- a/sound/drivers/mts64.c
@@ -93879,6 +94169,19 @@ index 7decbd9..d17d9d0 100644
struct device_node *np = pdev->dev.of_node;
const char *p, *sprop;
const uint32_t *iprop;
+diff --git a/sound/sound_core.c b/sound/sound_core.c
+index bb23009..db346c2 100644
+--- a/sound/sound_core.c
++++ b/sound/sound_core.c
+@@ -292,7 +292,7 @@ retry:
+ }
+
+ device_create(sound_class, dev, MKDEV(SOUND_MAJOR, s->unit_minor),
+- NULL, s->name+6);
++ NULL, "%s", s->name+6);
+ return s->unit_minor;
+
+ fail:
diff --git a/tools/gcc/.gitignore b/tools/gcc/.gitignore
new file mode 100644
index 0000000..50f2f2f
diff --git a/3.9.6/4425_grsec_remove_EI_PAX.patch b/3.9.7/4425_grsec_remove_EI_PAX.patch
index 415fda5..415fda5 100644
--- a/3.9.6/4425_grsec_remove_EI_PAX.patch
+++ b/3.9.7/4425_grsec_remove_EI_PAX.patch
diff --git a/3.9.6/4427_force_XATTR_PAX_tmpfs.patch b/3.9.7/4427_force_XATTR_PAX_tmpfs.patch
index e2a9551..e2a9551 100644
--- a/3.9.6/4427_force_XATTR_PAX_tmpfs.patch
+++ b/3.9.7/4427_force_XATTR_PAX_tmpfs.patch
diff --git a/3.9.6/4430_grsec-remove-localversion-grsec.patch b/3.9.7/4430_grsec-remove-localversion-grsec.patch
index 31cf878..31cf878 100644
--- a/3.9.6/4430_grsec-remove-localversion-grsec.patch
+++ b/3.9.7/4430_grsec-remove-localversion-grsec.patch
diff --git a/3.9.6/4435_grsec-mute-warnings.patch b/3.9.7/4435_grsec-mute-warnings.patch
index ed941d5..ed941d5 100644
--- a/3.9.6/4435_grsec-mute-warnings.patch
+++ b/3.9.7/4435_grsec-mute-warnings.patch
diff --git a/3.9.6/4440_grsec-remove-protected-paths.patch b/3.9.7/4440_grsec-remove-protected-paths.patch
index 637934a..637934a 100644
--- a/3.9.6/4440_grsec-remove-protected-paths.patch
+++ b/3.9.7/4440_grsec-remove-protected-paths.patch
diff --git a/3.9.6/4450_grsec-kconfig-default-gids.patch b/3.9.7/4450_grsec-kconfig-default-gids.patch
index f144c0e..f144c0e 100644
--- a/3.9.6/4450_grsec-kconfig-default-gids.patch
+++ b/3.9.7/4450_grsec-kconfig-default-gids.patch
diff --git a/3.9.6/4465_selinux-avc_audit-log-curr_ip.patch b/3.9.7/4465_selinux-avc_audit-log-curr_ip.patch
index b0786d4..b0786d4 100644
--- a/3.9.6/4465_selinux-avc_audit-log-curr_ip.patch
+++ b/3.9.7/4465_selinux-avc_audit-log-curr_ip.patch
diff --git a/3.9.6/4470_disable-compat_vdso.patch b/3.9.7/4470_disable-compat_vdso.patch
index 424d91f..424d91f 100644
--- a/3.9.6/4470_disable-compat_vdso.patch
+++ b/3.9.7/4470_disable-compat_vdso.patch
diff --git a/3.9.6/4475_emutramp_default_on.patch b/3.9.7/4475_emutramp_default_on.patch
index 27bfc2d..27bfc2d 100644
--- a/3.9.6/4475_emutramp_default_on.patch
+++ b/3.9.7/4475_emutramp_default_on.patch