diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2013-02-24 06:54:47 -0500 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2013-02-24 06:54:47 -0500 |
| commit | 6760f54871a351ed33e572e01c123f1df45c3ff4 (patch) | |
| tree | 744df5ddd533197798313618c0be300b42b2c2a4 | |
| parent | grsecurity-2.9.1-2.6.32.60-201302181144: fix check_heap_stack_gap (diff) | |
| download | hardened-patchset-6760f54871a351ed33e572e01c123f1df45c3ff4.tar.gz hardened-patchset-6760f54871a351ed33e572e01c123f1df45c3ff4.tar.bz2 hardened-patchset-6760f54871a351ed33e572e01c123f1df45c3ff4.zip | |
Grsec/PaX: 2.9.1-{2.6.32.60,3.2.39,3.8.0}-2013022220130222
| -rw-r--r-- | 2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201302222044.patch (renamed from 2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201302181144.patch) | 235 | ||||
| -rw-r--r-- | 3.2.39/0000_README (renamed from 3.2.38/0000_README) | 6 | ||||
| -rw-r--r-- | 3.2.39/1021_linux-3.2.22.patch (renamed from 3.2.38/1021_linux-3.2.22.patch) | 0 | ||||
| -rw-r--r-- | 3.2.39/1022_linux-3.2.23.patch (renamed from 3.2.38/1022_linux-3.2.23.patch) | 0 | ||||
| -rw-r--r-- | 3.2.39/1023_linux-3.2.24.patch (renamed from 3.2.38/1023_linux-3.2.24.patch) | 0 | ||||
| -rw-r--r-- | 3.2.39/1024_linux-3.2.25.patch (renamed from 3.2.38/1024_linux-3.2.25.patch) | 0 | ||||
| -rw-r--r-- | 3.2.39/1025_linux-3.2.26.patch (renamed from 3.2.38/1025_linux-3.2.26.patch) | 0 | ||||
| -rw-r--r-- | 3.2.39/1026_linux-3.2.27.patch (renamed from 3.2.38/1026_linux-3.2.27.patch) | 0 | ||||
| -rw-r--r-- | 3.2.39/1027_linux-3.2.28.patch (renamed from 3.2.38/1027_linux-3.2.28.patch) | 0 | ||||
| -rw-r--r-- | 3.2.39/1028_linux-3.2.29.patch (renamed from 3.2.38/1028_linux-3.2.29.patch) | 0 | ||||
| -rw-r--r-- | 3.2.39/1029_linux-3.2.30.patch (renamed from 3.2.38/1029_linux-3.2.30.patch) | 0 | ||||
| -rw-r--r-- | 3.2.39/1030_linux-3.2.31.patch (renamed from 3.2.38/1030_linux-3.2.31.patch) | 0 | ||||
| -rw-r--r-- | 3.2.39/1031_linux-3.2.32.patch (renamed from 3.2.38/1031_linux-3.2.32.patch) | 0 | ||||
| -rw-r--r-- | 3.2.39/1032_linux-3.2.33.patch (renamed from 3.2.38/1032_linux-3.2.33.patch) | 0 | ||||
| -rw-r--r-- | 3.2.39/1033_linux-3.2.34.patch (renamed from 3.2.38/1033_linux-3.2.34.patch) | 0 | ||||
| -rw-r--r-- | 3.2.39/1034_linux-3.2.35.patch (renamed from 3.2.38/1034_linux-3.2.35.patch) | 0 | ||||
| -rw-r--r-- | 3.2.39/1035_linux-3.2.36.patch (renamed from 3.2.38/1035_linux-3.2.36.patch) | 0 | ||||
| -rw-r--r-- | 3.2.39/1036_linux-3.2.37.patch (renamed from 3.2.38/1036_linux-3.2.37.patch) | 0 | ||||
| -rw-r--r-- | 3.2.39/1037_linux-3.2.38.patch (renamed from 3.2.38/1037_linux-3.2.38.patch) | 0 | ||||
| -rw-r--r-- | 3.2.39/1039_linux-3.2.39.patch | 2660 | ||||
| -rw-r--r-- | 3.2.39/4420_grsecurity-2.9.1-3.2.39-201302222046.patch (renamed from 3.2.38/4420_grsecurity-2.9.1-3.2.38-201302171808.patch) | 1178 | ||||
| -rw-r--r-- | 3.2.39/4425_grsec_remove_EI_PAX.patch (renamed from 3.2.38/4425_grsec_remove_EI_PAX.patch) | 0 | ||||
| -rw-r--r-- | 3.2.39/4430_grsec-remove-localversion-grsec.patch (renamed from 3.2.38/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
| -rw-r--r-- | 3.2.39/4435_grsec-mute-warnings.patch (renamed from 3.2.38/4435_grsec-mute-warnings.patch) | 0 | ||||
| -rw-r--r-- | 3.2.39/4440_grsec-remove-protected-paths.patch (renamed from 3.2.38/4440_grsec-remove-protected-paths.patch) | 0 | ||||
| -rw-r--r-- | 3.2.39/4450_grsec-kconfig-default-gids.patch (renamed from 3.2.38/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
| -rw-r--r-- | 3.2.39/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.2.38/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
| -rw-r--r-- | 3.2.39/4470_disable-compat_vdso.patch (renamed from 3.2.38/4470_disable-compat_vdso.patch) | 0 | ||||
| -rw-r--r-- | 3.8.0/0000_README (renamed from 3.7.9/0000_README) | 2 | ||||
| -rw-r--r-- | 3.8.0/4420_grsecurity-2.9.1-3.8.0-201302231124.patch (renamed from 3.7.9/4420_grsecurity-2.9.1-3.7.9-201302171808.patch) | 10150 | ||||
| -rw-r--r-- | 3.8.0/4425_grsec_remove_EI_PAX.patch (renamed from 3.7.9/4425_grsec_remove_EI_PAX.patch) | 0 | ||||
| -rw-r--r-- | 3.8.0/4430_grsec-remove-localversion-grsec.patch (renamed from 3.7.9/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
| -rw-r--r-- | 3.8.0/4435_grsec-mute-warnings.patch (renamed from 3.7.9/4435_grsec-mute-warnings.patch) | 0 | ||||
| -rw-r--r-- | 3.8.0/4440_grsec-remove-protected-paths.patch (renamed from 3.7.9/4440_grsec-remove-protected-paths.patch) | 0 | ||||
| -rw-r--r-- | 3.8.0/4450_grsec-kconfig-default-gids.patch (renamed from 3.7.9/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
| -rw-r--r-- | 3.8.0/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.7.9/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
| -rw-r--r-- | 3.8.0/4470_disable-compat_vdso.patch (renamed from 3.7.9/4470_disable-compat_vdso.patch) | 0 |
37 files changed, 9252 insertions, 4979 deletions
diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201302181144.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201302222044.patch index 88490c1..f5ba675 100644 --- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201302181144.patch +++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201302222044.patch @@ -265,7 +265,7 @@ index 334258c..1e8f4ff 100644 M: Liam Girdwood <lrg@slimlogic.co.uk> M: Mark Brown <broonie@opensource.wolfsonmicro.com> diff --git a/Makefile b/Makefile -index b0e245e..e5894da 100644 +index b0e245e..1c8b6ed 100644 --- a/Makefile +++ b/Makefile @@ -221,8 +221,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -300,12 +300,16 @@ index b0e245e..e5894da 100644 include/linux/version.h headers_% \ kernelrelease kernelversion -@@ -526,6 +527,60 @@ else +@@ -526,6 +527,64 @@ else KBUILD_CFLAGS += -O2 endif +ifndef DISABLE_PAX_PLUGINS ++ifeq ($(call cc-ifversion, -ge, 0408, y), y) ++PLUGINCC := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCXX)" "$(HOSTCXX)" "$(CC)") ++else +PLUGINCC := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCC)" "$(HOSTCXX)" "$(CC)") ++endif +ifneq ($(PLUGINCC),) +ifndef DISABLE_PAX_CONSTIFY_PLUGIN +ifndef CONFIG_UML @@ -361,7 +365,7 @@ index b0e245e..e5894da 100644 include $(srctree)/arch/$(SRCARCH)/Makefile ifneq ($(CONFIG_FRAME_WARN),0) -@@ -647,7 +702,7 @@ export mod_strip_cmd +@@ -647,7 +706,7 @@ export mod_strip_cmd ifeq ($(KBUILD_EXTMOD),) @@ -370,7 +374,7 @@ index b0e245e..e5894da 100644 vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \ $(core-y) $(core-m) $(drivers-y) $(drivers-m) \ -@@ -868,6 +923,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE +@@ -868,6 +927,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE # The actual objects are generated when descending, # make sure no implicit rule kicks in @@ -379,7 +383,7 @@ index b0e245e..e5894da 100644 $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; # Handle descending into subdirectories listed in $(vmlinux-dirs) -@@ -877,7 +934,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; +@@ -877,7 +938,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; # Error messages still appears in the original language PHONY += $(vmlinux-dirs) @@ -388,7 +392,7 @@ index b0e245e..e5894da 100644 $(Q)$(MAKE) $(build)=$@ # Build the kernel release string -@@ -986,6 +1043,7 @@ prepare0: archprepare FORCE +@@ -986,6 +1047,7 @@ prepare0: archprepare FORCE $(Q)$(MAKE) $(build)=. missing-syscalls # All the preparing.. @@ -396,7 +400,7 @@ index b0e245e..e5894da 100644 prepare: prepare0 # The asm symlink changes when $(ARCH) changes. -@@ -1127,6 +1185,8 @@ all: modules +@@ -1127,6 +1189,8 @@ all: modules # using awk while concatenating to the final file. PHONY += modules @@ -405,7 +409,7 @@ index b0e245e..e5894da 100644 modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order @$(kecho) ' Building modules, stage 2.'; -@@ -1136,7 +1196,7 @@ modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) +@@ -1136,7 +1200,7 @@ modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) # Target to prepare building external modules PHONY += modules_prepare @@ -414,7 +418,7 @@ index b0e245e..e5894da 100644 # Target to install modules PHONY += modules_install -@@ -1199,9 +1259,9 @@ CLEAN_FILES += vmlinux System.map \ +@@ -1199,9 +1263,9 @@ CLEAN_FILES += vmlinux System.map \ MRPROPER_DIRS += include/config include2 usr/include include/generated MRPROPER_FILES += .config .config.old include/asm .version .old_version \ include/linux/autoconf.h include/linux/version.h \ @@ -426,7 +430,7 @@ index b0e245e..e5894da 100644 # clean - Delete most, but leave enough to build external modules # -@@ -1245,7 +1305,7 @@ distclean: mrproper +@@ -1245,7 +1309,7 @@ distclean: mrproper @find $(srctree) $(RCS_FIND_IGNORE) \ \( -name '*.orig' -o -name '*.rej' -o -name '*~' \ -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \ @@ -435,7 +439,7 @@ index b0e245e..e5894da 100644 -o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \ -type f -print | xargs rm -f -@@ -1292,6 +1352,7 @@ help: +@@ -1292,6 +1356,7 @@ help: @echo ' modules_prepare - Set up for building external modules' @echo ' tags/TAGS - Generate tags file for editors' @echo ' cscope - Generate cscope index' @@ -443,7 +447,7 @@ index b0e245e..e5894da 100644 @echo ' kernelrelease - Output the release version string' @echo ' kernelversion - Output the version stored in Makefile' @echo ' headers_install - Install sanitised kernel headers to INSTALL_HDR_PATH'; \ -@@ -1393,6 +1454,8 @@ PHONY += $(module-dirs) modules +@@ -1393,6 +1458,8 @@ PHONY += $(module-dirs) modules $(module-dirs): crmodverdir $(objtree)/Module.symvers $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) @@ -452,7 +456,7 @@ index b0e245e..e5894da 100644 modules: $(module-dirs) @$(kecho) ' Building modules, stage 2.'; $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost -@@ -1448,7 +1511,7 @@ endif # KBUILD_EXTMOD +@@ -1448,7 +1515,7 @@ endif # KBUILD_EXTMOD quiet_cmd_tags = GEN $@ cmd_tags = $(CONFIG_SHELL) $(srctree)/scripts/tags.sh $@ @@ -461,7 +465,7 @@ index b0e245e..e5894da 100644 $(call cmd,tags) # Scripts to check various things for consistency -@@ -1513,17 +1576,21 @@ else +@@ -1513,17 +1580,21 @@ else target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@)) endif @@ -487,7 +491,7 @@ index b0e245e..e5894da 100644 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) %.symtypes: %.c prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) -@@ -1533,11 +1600,15 @@ endif +@@ -1533,11 +1604,15 @@ endif $(cmd_crmodverdir) $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ $(build)=$(build-dir) @@ -13326,7 +13330,7 @@ index 33927d2..ccde329 100644 /* diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h -index af6fd36..60da657 100644 +index af6fd36..a7c3e4d 100644 --- a/arch/x86/include/asm/pgtable.h +++ b/arch/x86/include/asm/pgtable.h @@ -39,6 +39,7 @@ extern struct list_head pgd_list; @@ -13389,7 +13393,7 @@ index af6fd36..60da657 100644 static inline int pte_dirty(pte_t pte) { return pte_flags(pte) & _PAGE_DIRTY; -@@ -130,6 +170,11 @@ static inline unsigned long pmd_pfn(pmd_t pmd) +@@ -130,12 +170,16 @@ static inline unsigned long pmd_pfn(pmd_t pmd) return (pmd_val(pmd) & PTE_PFN_MASK) >> PAGE_SHIFT; } @@ -13401,7 +13405,14 @@ index af6fd36..60da657 100644 #define pte_page(pte) pfn_to_page(pte_pfn(pte)) static inline int pmd_large(pmd_t pte) -@@ -167,9 +212,29 @@ static inline pte_t pte_wrprotect(pte_t pte) + { +- return (pmd_flags(pte) & (_PAGE_PSE | _PAGE_PRESENT)) == +- (_PAGE_PSE | _PAGE_PRESENT); ++ return pmd_flags(pte) & _PAGE_PSE; + } + + static inline pte_t pte_set_flags(pte_t pte, pteval_t set) +@@ -167,9 +211,29 @@ static inline pte_t pte_wrprotect(pte_t pte) return pte_clear_flags(pte, _PAGE_RW); } @@ -13432,7 +13443,7 @@ index af6fd36..60da657 100644 } static inline pte_t pte_mkdirty(pte_t pte) -@@ -302,6 +367,15 @@ pte_t *populate_extra_pte(unsigned long vaddr); +@@ -302,6 +366,15 @@ pte_t *populate_extra_pte(unsigned long vaddr); #endif #ifndef __ASSEMBLY__ @@ -13448,7 +13459,22 @@ index af6fd36..60da657 100644 #include <linux/mm_types.h> static inline int pte_none(pte_t pte) -@@ -472,7 +546,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address) +@@ -327,7 +400,13 @@ static inline int pte_hidden(pte_t pte) + + static inline int pmd_present(pmd_t pmd) + { +- return pmd_flags(pmd) & _PAGE_PRESENT; ++ /* ++ * Checking for _PAGE_PSE is needed too because ++ * split_huge_page will temporarily clear the present bit (but ++ * the _PAGE_PSE flag will remain set at all times while the ++ * _PAGE_PRESENT bit is clear). ++ */ ++ return pmd_flags(pmd) & (_PAGE_PRESENT | _PAGE_PROTNONE | _PAGE_PSE); + } + + static inline int pmd_none(pmd_t pmd) +@@ -472,7 +551,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address) static inline int pgd_bad(pgd_t pgd) { @@ -13457,7 +13483,7 @@ index af6fd36..60da657 100644 } static inline int pgd_none(pgd_t pgd) -@@ -495,7 +569,12 @@ static inline int pgd_none(pgd_t pgd) +@@ -495,7 +574,12 @@ static inline int pgd_none(pgd_t pgd) * pgd_offset() returns a (pgd_t *) * pgd_index() is used get the offset into the pgd page's array of pgd_t's; */ @@ -13471,7 +13497,7 @@ index af6fd36..60da657 100644 /* * a shortcut which implies the use of the kernel's pgd, instead * of a process's -@@ -506,6 +585,20 @@ static inline int pgd_none(pgd_t pgd) +@@ -506,6 +590,20 @@ static inline int pgd_none(pgd_t pgd) #define KERNEL_PGD_BOUNDARY pgd_index(PAGE_OFFSET) #define KERNEL_PGD_PTRS (PTRS_PER_PGD - KERNEL_PGD_BOUNDARY) @@ -13492,7 +13518,7 @@ index af6fd36..60da657 100644 #ifndef __ASSEMBLY__ extern int direct_gbpages; -@@ -611,11 +704,23 @@ static inline void ptep_set_wrprotect(struct mm_struct *mm, +@@ -611,11 +709,23 @@ static inline void ptep_set_wrprotect(struct mm_struct *mm, * dst and src can be on the same page, but the range must not overlap, * and must not cross a page boundary. */ @@ -13898,6 +13924,25 @@ index fa04dea..5f823fc 100644 #define KSTK_EIP(task) (task_pt_regs(task)->ip) /* Get/set a process' ability to use the timestamp counter instruction */ +diff --git a/arch/x86/include/asm/proto.h b/arch/x86/include/asm/proto.h +index 621f56d..f1094fd 100644 +--- a/arch/x86/include/asm/proto.h ++++ b/arch/x86/include/asm/proto.h +@@ -22,14 +22,4 @@ extern int reboot_force; + + long do_arch_prctl(struct task_struct *task, int code, unsigned long addr); + +-/* +- * This looks more complex than it should be. But we need to +- * get the type for the ~ right in round_down (it needs to be +- * as wide as the result!), and we want to evaluate the macro +- * arguments just once each. +- */ +-#define __round_mask(x,y) ((__typeof__(x))((y)-1)) +-#define round_up(x,y) ((((x)-1) | __round_mask(x,y))+1) +-#define round_down(x,y) ((x) & ~__round_mask(x,y)) +- + #endif /* _ASM_X86_PROTO_H */ diff --git a/arch/x86/include/asm/ptrace.h b/arch/x86/include/asm/ptrace.h index 0f0d908..f2e3da2 100644 --- a/arch/x86/include/asm/ptrace.h @@ -98186,10 +98231,27 @@ index 7922742..27306a2 100644 /* This macro allows us to keep printk typechecking */ static void __check_printsym_format(const char *fmt, ...) diff --git a/include/linux/kernel.h b/include/linux/kernel.h -index 3526cd4..99206e2 100644 +index 3526cd4..6835d45 100644 --- a/include/linux/kernel.h +++ b/include/linux/kernel.h -@@ -163,6 +163,11 @@ extern int _cond_resched(void); +@@ -45,6 +45,16 @@ extern const char linux_proc_banner[]; + + #define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]) + __must_be_array(arr)) + ++/* ++ * This looks more complex than it should be. But we need to ++ * get the type for the ~ right in round_down (it needs to be ++ * as wide as the result!), and we want to evaluate the macro ++ * arguments just once each. ++ */ ++#define __round_mask(x, y) ((__typeof__(x))((y)-1)) ++#define round_up(x, y) ((((x)-1) | __round_mask(x, y))+1) ++#define round_down(x, y) ((x) & ~__round_mask(x, y)) ++ + #define FIELD_SIZEOF(t, f) (sizeof(((t*)0)->f)) + #define DIV_ROUND_UP(n,d) (((n) + (d) - 1) / (d)) + #define roundup(x, y) ((((x) + ((y) - 1)) / (y)) * (y)) +@@ -163,6 +173,11 @@ extern int _cond_resched(void); (__x < 0) ? -__x : __x; \ }) @@ -99897,7 +99959,7 @@ index 4e647bb..23b3911 100644 int size); extern int skb_copy_and_csum_datagram_iovec(struct sk_buff *skb, diff --git a/include/linux/slab.h b/include/linux/slab.h -index 2da8372..740c52f 100644 +index 2da8372..aa58826 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h @@ -11,12 +11,20 @@ @@ -99947,26 +100009,15 @@ index 2da8372..740c52f 100644 /* * Allocator specific definitions. These are mainly used to establish optimized -@@ -217,8 +230,18 @@ size_t ksize(const void *); +@@ -217,6 +230,7 @@ size_t ksize(const void *); * for general use, and so are not documented here. For a full list of * potential flags, always refer to linux/gfp.h. */ + -+extern void kcalloc_error(void) -+#if defined(CONFIG_GCOV_KERNEL) && defined(CONFIG_PAX_SIZE_OVERFLOW) -+__compiletime_warning("kcalloc called with swapped arguments?"); -+#else -+__compiletime_error("kcalloc called with swapped arguments?"); -+#endif -+ static inline void *kcalloc(size_t n, size_t size, gfp_t flags) { -+ if (__builtin_constant_p(n) && !__builtin_constant_p(size)) -+ kcalloc_error(); if (size != 0 && n > ULONG_MAX / size) - return NULL; - return __kmalloc(n * size, flags | __GFP_ZERO); -@@ -263,7 +286,7 @@ static inline void *kmem_cache_alloc_node(struct kmem_cache *cachep, +@@ -263,7 +277,7 @@ static inline void *kmem_cache_alloc_node(struct kmem_cache *cachep, * request comes from. */ #if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_SLUB) @@ -99975,7 +100026,7 @@ index 2da8372..740c52f 100644 #define kmalloc_track_caller(size, flags) \ __kmalloc_track_caller(size, flags, _RET_IP_) #else -@@ -281,7 +304,7 @@ extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long); +@@ -281,7 +295,7 @@ extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long); * allocation request comes from. */ #if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_SLUB) @@ -111700,7 +111751,7 @@ index 406e8d4..53970d3 100644 * - not supported under NOMMU conditions */ diff --git a/mm/page_alloc.c b/mm/page_alloc.c -index 3ecab7e..594a471 100644 +index 3ecab7e..be580fc 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -289,7 +289,7 @@ out: @@ -111768,15 +111819,60 @@ index 3ecab7e..594a471 100644 for_each_populated_zone(zone) { show_node(zone); printk("%s per-cpu:\n", zone->name); -@@ -3736,7 +3755,7 @@ static void __init setup_usemap(struct pglist_data *pgdat, +@@ -3715,10 +3734,11 @@ static void __meminit calculate_node_totalpages(struct pglist_data *pgdat, + * round what is now in bits to nearest long in bits, then return it in + * bytes. + */ +-static unsigned long __init usemap_size(unsigned long zonesize) ++static unsigned long __init usemap_size(unsigned long zone_start_pfn, unsigned long zonesize) + { + unsigned long usemapsize; + ++ zonesize += zone_start_pfn & (pageblock_nr_pages-1); + usemapsize = roundup(zonesize, pageblock_nr_pages); + usemapsize = usemapsize >> pageblock_order; + usemapsize *= NR_PAGEBLOCK_BITS; +@@ -3728,16 +3748,18 @@ static unsigned long __init usemap_size(unsigned long zonesize) + } + + static void __init setup_usemap(struct pglist_data *pgdat, +- struct zone *zone, unsigned long zonesize) ++ struct zone *zone, ++ unsigned long zone_start_pfn, ++ unsigned long zonesize) + { +- unsigned long usemapsize = usemap_size(zonesize); ++ unsigned long usemapsize = usemap_size(zone_start_pfn, zonesize); + zone->pageblock_flags = NULL; + if (usemapsize) zone->pageblock_flags = alloc_bootmem_node(pgdat, usemapsize); } #else -static void inline setup_usemap(struct pglist_data *pgdat, -+static inline void setup_usemap(struct pglist_data *pgdat, - struct zone *zone, unsigned long zonesize) {} +- struct zone *zone, unsigned long zonesize) {} ++static inline void setup_usemap(struct pglist_data *pgdat, struct zone *zone, ++ unsigned long zone_start_pfn, unsigned long zonesize) {} #endif /* CONFIG_SPARSEMEM */ + #ifdef CONFIG_HUGETLB_PAGE_SIZE_VARIABLE +@@ -3869,7 +3891,7 @@ static void __paginginit free_area_init_core(struct pglist_data *pgdat, + continue; + + set_pageblock_order(pageblock_default_order()); +- setup_usemap(pgdat, zone, size); ++ setup_usemap(pgdat, zone, zone_start_pfn, size); + ret = init_currently_empty_zone(zone, zone_start_pfn, + size, MEMMAP_EARLY); + BUG_ON(ret); +@@ -4945,7 +4967,7 @@ static inline int pfn_to_bitidx(struct zone *zone, unsigned long pfn) + pfn &= (PAGES_PER_SECTION-1); + return (pfn >> pageblock_order) * NR_PAGEBLOCK_BITS; + #else +- pfn = pfn - zone->zone_start_pfn; ++ pfn = pfn - round_down(zone->zone_start_pfn, pageblock_nr_pages); + return (pfn >> pageblock_order) * NR_PAGEBLOCK_BITS; + #endif /* CONFIG_SPARSEMEM */ + } diff --git a/mm/percpu.c b/mm/percpu.c index c90614a..5f7b7b8 100644 --- a/mm/percpu.c @@ -113913,6 +114009,47 @@ index 30e74ee..bfc6ee0 100644 kfree_skb(skb); return NET_RX_DROP; } +diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c +index 4e80f33..a815e4e 100644 +--- a/net/ipv4/arp.c ++++ b/net/ipv4/arp.c +@@ -909,23 +909,25 @@ static void parp_redo(struct sk_buff *skb) + static int arp_rcv(struct sk_buff *skb, struct net_device *dev, + struct packet_type *pt, struct net_device *orig_dev) + { +- struct arphdr *arp; ++ const struct arphdr *arp; + +- /* ARP header, plus 2 device addresses, plus 2 IP addresses. */ +- if (!pskb_may_pull(skb, arp_hdr_len(dev))) +- goto freeskb; +- +- arp = arp_hdr(skb); +- if (arp->ar_hln != dev->addr_len || +- dev->flags & IFF_NOARP || ++ if (dev->flags & IFF_NOARP || + skb->pkt_type == PACKET_OTHERHOST || +- skb->pkt_type == PACKET_LOOPBACK || +- arp->ar_pln != 4) ++ skb->pkt_type == PACKET_LOOPBACK) + goto freeskb; + +- if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL) ++ skb = skb_share_check(skb, GFP_ATOMIC); ++ if (!skb) + goto out_of_mem; + ++ /* ARP header, plus 2 device addresses, plus 2 IP addresses. */ ++ if (!pskb_may_pull(skb, arp_hdr_len(dev))) ++ goto freeskb; ++ ++ arp = arp_hdr(skb); ++ if (arp->ar_hln != dev->addr_len || arp->ar_pln != 4) ++ goto freeskb; ++ + memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb)); + + return NF_HOOK(NFPROTO_ARP, NF_ARP_IN, skb, dev, NULL, arp_process); diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c index dba56d2..acee5d6 100644 --- a/net/ipv4/inet_diag.c @@ -114420,7 +114557,7 @@ index 1eba160b..c35d91f 100644 } } diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c -index db755c4..07d671b 100644 +index db755c4..4cf3b9d 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -82,6 +82,9 @@ int sysctl_tcp_dsack __read_mostly = 1; @@ -114569,7 +114706,7 @@ index db755c4..07d671b 100644 if (len < (th->doff << 2) || tcp_checksum_complete_user(sk, skb)) goto csum_error; -+ if (!th->ack) ++ if (!th->ack && !th->rst) + goto discard; + /* @@ -114635,7 +114772,7 @@ index db755c4..07d671b 100644 - res = tcp_validate_incoming(sk, skb, th, 0); - if (res <= 0) - return -res; -+ if (!th->ack) ++ if (!th->ack && !th->rst) + goto discard; + + if (!tcp_validate_incoming(sk, skb, th, 0)) @@ -118026,12 +118163,12 @@ index 6bf21f8..c0546b3 100644 fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianess? %#x\n", diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh new file mode 100644 -index 0000000..008ac1a +index 0000000..5e0222d --- /dev/null +++ b/scripts/gcc-plugin.sh @@ -0,0 +1,17 @@ +#!/bin/bash -+plugincc=`$1 -x c -shared - -o /dev/null -I\`$3 -print-file-name=plugin\`/include 2>&1 <<EOF ++plugincc=`$1 -E -shared - -o /dev/null -I\`$3 -print-file-name=plugin\`/include 2>&1 <<EOF +#include "gcc-plugin.h" +#include "tree.h" +#include "tm.h" diff --git a/3.2.38/0000_README b/3.2.39/0000_README index 6ecee87..4b7b629 100644 --- a/3.2.38/0000_README +++ b/3.2.39/0000_README @@ -70,7 +70,11 @@ Patch: 1037_linux-3.2.38.patch From: http://www.kernel.org Desc: Linux 3.2.38 -Patch: 4420_grsecurity-2.9.1-3.2.38-201302171808.patch +Patch: 1039_linux-3.2.39.patch +From: http://www.kernel.org +Desc: Linux 3.2.39 + +Patch: 4420_grsecurity-2.9.1-3.2.39-201302222046.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.38/1021_linux-3.2.22.patch b/3.2.39/1021_linux-3.2.22.patch index e6ad93a..e6ad93a 100644 --- a/3.2.38/1021_linux-3.2.22.patch +++ b/3.2.39/1021_linux-3.2.22.patch diff --git a/3.2.38/1022_linux-3.2.23.patch b/3.2.39/1022_linux-3.2.23.patch index 3d796d0..3d796d0 100644 --- a/3.2.38/1022_linux-3.2.23.patch +++ b/3.2.39/1022_linux-3.2.23.patch diff --git a/3.2.38/1023_linux-3.2.24.patch b/3.2.39/1023_linux-3.2.24.patch index 4692eb4..4692eb4 100644 --- a/3.2.38/1023_linux-3.2.24.patch +++ b/3.2.39/1023_linux-3.2.24.patch diff --git a/3.2.38/1024_linux-3.2.25.patch b/3.2.39/1024_linux-3.2.25.patch index e95c213..e95c213 100644 --- a/3.2.38/1024_linux-3.2.25.patch +++ b/3.2.39/1024_linux-3.2.25.patch diff --git a/3.2.38/1025_linux-3.2.26.patch b/3.2.39/1025_linux-3.2.26.patch index 44065b9..44065b9 100644 --- a/3.2.38/1025_linux-3.2.26.patch +++ b/3.2.39/1025_linux-3.2.26.patch diff --git a/3.2.38/1026_linux-3.2.27.patch b/3.2.39/1026_linux-3.2.27.patch index 5878eb4..5878eb4 100644 --- a/3.2.38/1026_linux-3.2.27.patch +++ b/3.2.39/1026_linux-3.2.27.patch diff --git a/3.2.38/1027_linux-3.2.28.patch b/3.2.39/1027_linux-3.2.28.patch index 4dbba4b..4dbba4b 100644 --- a/3.2.38/1027_linux-3.2.28.patch +++ b/3.2.39/1027_linux-3.2.28.patch diff --git a/3.2.38/1028_linux-3.2.29.patch b/3.2.39/1028_linux-3.2.29.patch index 3c65179..3c65179 100644 --- a/3.2.38/1028_linux-3.2.29.patch +++ b/3.2.39/1028_linux-3.2.29.patch diff --git a/3.2.38/1029_linux-3.2.30.patch b/3.2.39/1029_linux-3.2.30.patch index 86aea4b..86aea4b 100644 --- a/3.2.38/1029_linux-3.2.30.patch +++ b/3.2.39/1029_linux-3.2.30.patch diff --git a/3.2.38/1030_linux-3.2.31.patch b/3.2.39/1030_linux-3.2.31.patch index c6accf5..c6accf5 100644 --- a/3.2.38/1030_linux-3.2.31.patch +++ b/3.2.39/1030_linux-3.2.31.patch diff --git a/3.2.38/1031_linux-3.2.32.patch b/3.2.39/1031_linux-3.2.32.patch index 247fc0b..247fc0b 100644 --- a/3.2.38/1031_linux-3.2.32.patch +++ b/3.2.39/1031_linux-3.2.32.patch diff --git a/3.2.38/1032_linux-3.2.33.patch b/3.2.39/1032_linux-3.2.33.patch index c32fb75..c32fb75 100644 --- a/3.2.38/1032_linux-3.2.33.patch +++ b/3.2.39/1032_linux-3.2.33.patch diff --git a/3.2.38/1033_linux-3.2.34.patch b/3.2.39/1033_linux-3.2.34.patch index d647b38..d647b38 100644 --- a/3.2.38/1033_linux-3.2.34.patch +++ b/3.2.39/1033_linux-3.2.34.patch diff --git a/3.2.38/1034_linux-3.2.35.patch b/3.2.39/1034_linux-3.2.35.patch index 76a9c19..76a9c19 100644 --- a/3.2.38/1034_linux-3.2.35.patch +++ b/3.2.39/1034_linux-3.2.35.patch diff --git a/3.2.38/1035_linux-3.2.36.patch b/3.2.39/1035_linux-3.2.36.patch index 5d192a3..5d192a3 100644 --- a/3.2.38/1035_linux-3.2.36.patch +++ b/3.2.39/1035_linux-3.2.36.patch diff --git a/3.2.38/1036_linux-3.2.37.patch b/3.2.39/1036_linux-3.2.37.patch index ad13251..ad13251 100644 --- a/3.2.38/1036_linux-3.2.37.patch +++ b/3.2.39/1036_linux-3.2.37.patch diff --git a/3.2.38/1037_linux-3.2.38.patch b/3.2.39/1037_linux-3.2.38.patch index a3c106f..a3c106f 100644 --- a/3.2.38/1037_linux-3.2.38.patch +++ b/3.2.39/1037_linux-3.2.38.patch diff --git a/3.2.39/1039_linux-3.2.39.patch b/3.2.39/1039_linux-3.2.39.patch new file mode 100644 index 0000000..5639e92 --- /dev/null +++ b/3.2.39/1039_linux-3.2.39.patch @@ -0,0 +1,2660 @@ +diff --git a/MAINTAINERS b/MAINTAINERS +index 82d7fa6..83f156e 100644 +--- a/MAINTAINERS ++++ b/MAINTAINERS +@@ -2584,7 +2584,7 @@ S: Maintained + F: drivers/net/ethernet/i825xx/eexpress.* + + ETHERNET BRIDGE +-M: Stephen Hemminger <shemminger@vyatta.com> ++M: Stephen Hemminger <stephen@networkplumber.org> + L: bridge@lists.linux-foundation.org + L: netdev@vger.kernel.org + W: http://www.linuxfoundation.org/en/Net:Bridge +@@ -4475,7 +4475,7 @@ S: Supported + F: drivers/infiniband/hw/nes/ + + NETEM NETWORK EMULATOR +-M: Stephen Hemminger <shemminger@vyatta.com> ++M: Stephen Hemminger <stephen@networkplumber.org> + L: netem@lists.linux-foundation.org + S: Maintained + F: net/sched/sch_netem.c +@@ -5993,7 +5993,7 @@ S: Maintained + F: drivers/usb/misc/sisusbvga/ + + SKGE, SKY2 10/100/1000 GIGABIT ETHERNET DRIVERS +-M: Stephen Hemminger <shemminger@vyatta.com> ++M: Stephen Hemminger <stephen@networkplumber.org> + L: netdev@vger.kernel.org + S: Maintained + F: drivers/net/ethernet/marvell/sk* +diff --git a/Makefile b/Makefile +index c8c9d02..0fceb8b 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,6 +1,6 @@ + VERSION = 3 + PATCHLEVEL = 2 +-SUBLEVEL = 38 ++SUBLEVEL = 39 + EXTRAVERSION = + NAME = Saber-toothed Squirrel + +diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S +index a6253ec..95b4eb3 100644 +--- a/arch/x86/ia32/ia32entry.S ++++ b/arch/x86/ia32/ia32entry.S +@@ -208,7 +208,7 @@ sysexit_from_sys_call: + testl $(_TIF_ALLWORK_MASK & ~_TIF_SYSCALL_AUDIT),TI_flags(%r10) + jnz ia32_ret_from_sys_call + TRACE_IRQS_ON +- sti ++ ENABLE_INTERRUPTS(CLBR_NONE) + movl %eax,%esi /* second arg, syscall return value */ + cmpl $0,%eax /* is it < 0? */ + setl %al /* 1 if so, 0 if not */ +@@ -218,7 +218,7 @@ sysexit_from_sys_call: + GET_THREAD_INFO(%r10) + movl RAX-ARGOFFSET(%rsp),%eax /* reload syscall return value */ + movl $(_TIF_ALLWORK_MASK & ~_TIF_SYSCALL_AUDIT),%edi +- cli ++ DISABLE_INTERRUPTS(CLBR_NONE) + TRACE_IRQS_OFF + testl %edi,TI_flags(%r10) + jz \exit +diff --git a/arch/x86/kernel/step.c b/arch/x86/kernel/step.c +index c346d11..d4f278e 100644 +--- a/arch/x86/kernel/step.c ++++ b/arch/x86/kernel/step.c +@@ -157,6 +157,34 @@ static int enable_single_step(struct task_struct *child) + return 1; + } + ++static void set_task_blockstep(struct task_struct *task, bool on) ++{ ++ unsigned long debugctl; ++ ++ /* ++ * Ensure irq/preemption can't change debugctl in between. ++ * Note also that both TIF_BLOCKSTEP and debugctl should ++ * be changed atomically wrt preemption. ++ * ++ * NOTE: this means that set/clear TIF_BLOCKSTEP is only safe if ++ * task is current or it can't be running, otherwise we can race ++ * with __switch_to_xtra(). We rely on ptrace_freeze_traced() but ++ * PTRACE_KILL is not safe. ++ */ ++ local_irq_disable(); ++ debugctl = get_debugctlmsr(); ++ if (on) { ++ debugctl |= DEBUGCTLMSR_BTF; ++ set_tsk_thread_flag(task, TIF_BLOCKSTEP); ++ } else { ++ debugctl &= ~DEBUGCTLMSR_BTF; ++ clear_tsk_thread_flag(task, TIF_BLOCKSTEP); ++ } ++ if (task == current) ++ update_debugctlmsr(debugctl); ++ local_irq_enable(); ++} ++ + /* + * Enable single or block step. + */ +@@ -169,19 +197,10 @@ static void enable_step(struct task_struct *child, bool block) + * So no one should try to use debugger block stepping in a program + * that uses user-mode single stepping itself. + */ +- if (enable_single_step(child) && block) { +- unsigned long debugctl = get_debugctlmsr(); +- +- debugctl |= DEBUGCTLMSR_BTF; +- update_debugctlmsr(debugctl); +- set_tsk_thread_flag(child, TIF_BLOCKSTEP); +- } else if (test_tsk_thread_flag(child, TIF_BLOCKSTEP)) { +- unsigned long debugctl = get_debugctlmsr(); +- +- debugctl &= ~DEBUGCTLMSR_BTF; +- update_debugctlmsr(debugctl); +- clear_tsk_thread_flag(child, TIF_BLOCKSTEP); +- } ++ if (enable_single_step(child) && block) ++ set_task_blockstep(child, true); ++ else if (test_tsk_thread_flag(child, TIF_BLOCKSTEP)) ++ set_task_blockstep(child, false); + } + + void user_enable_single_step(struct task_struct *child) +@@ -199,13 +218,8 @@ void user_disable_single_step(struct task_struct *child) + /* + * Make sure block stepping (BTF) is disabled. + */ +- if (test_tsk_thread_flag(child, TIF_BLOCKSTEP)) { +- unsigned long debugctl = get_debugctlmsr(); +- +- debugctl &= ~DEBUGCTLMSR_BTF; +- update_debugctlmsr(debugctl); +- clear_tsk_thread_flag(child, TIF_BLOCKSTEP); +- } ++ if (test_tsk_thread_flag(child, TIF_BLOCKSTEP)) ++ set_task_blockstep(child, false); + + /* Always clear TIF_SINGLESTEP... */ + clear_tsk_thread_flag(child, TIF_SINGLESTEP); +diff --git a/arch/x86/xen/xen-asm_32.S b/arch/x86/xen/xen-asm_32.S +index b040b0e..7328f71 100644 +--- a/arch/x86/xen/xen-asm_32.S ++++ b/arch/x86/xen/xen-asm_32.S +@@ -88,11 +88,11 @@ ENTRY(xen_iret) + */ + #ifdef CONFIG_SMP + GET_THREAD_INFO(%eax) +- movl TI_cpu(%eax), %eax +- movl __per_cpu_offset(,%eax,4), %eax +- mov xen_vcpu(%eax), %eax ++ movl %ss:TI_cpu(%eax), %eax ++ movl %ss:__per_cpu_offset(,%eax,4), %eax ++ mov %ss:xen_vcpu(%eax), %eax + #else +- movl xen_vcpu, %eax ++ movl %ss:xen_vcpu, %eax + #endif + + /* check IF state we're restoring */ +@@ -105,11 +105,11 @@ ENTRY(xen_iret) + * resuming the code, so we don't have to be worried about + * being preempted to another CPU. + */ +- setz XEN_vcpu_info_mask(%eax) ++ setz %ss:XEN_vcpu_info_mask(%eax) + xen_iret_start_crit: + + /* check for unmasked and pending */ +- cmpw $0x0001, XEN_vcpu_info_pending(%eax) ++ cmpw $0x0001, %ss:XEN_vcpu_info_pending(%eax) + + /* + * If there's something pending, mask events again so we can +@@ -117,7 +117,7 @@ xen_iret_start_crit: + * touch XEN_vcpu_info_mask. + */ + jne 1f +- movb $1, XEN_vcpu_info_mask(%eax) ++ movb $1, %ss:XEN_vcpu_info_mask(%eax) + + 1: popl %eax + +diff --git a/drivers/ata/ahci.c b/drivers/ata/ahci.c +index b07edc4..62c1325 100644 +--- a/drivers/ata/ahci.c ++++ b/drivers/ata/ahci.c +@@ -52,7 +52,9 @@ + #define DRV_VERSION "3.0" + + enum { +- AHCI_PCI_BAR = 5, ++ AHCI_PCI_BAR_STA2X11 = 0, ++ AHCI_PCI_BAR_ENMOTUS = 2, ++ AHCI_PCI_BAR_STANDARD = 5, + }; + + enum board_ids { +@@ -375,6 +377,9 @@ static const struct pci_device_id ahci_pci_tbl[] = { + { PCI_VDEVICE(SI, 0x1185), board_ahci }, /* SiS 968 */ + { PCI_VDEVICE(SI, 0x0186), board_ahci }, /* SiS 968 */ + ++ /* ST Microelectronics */ ++ { PCI_VDEVICE(STMICRO, 0xCC06), board_ahci }, /* ST ConneXt */ ++ + /* Marvell */ + { PCI_VDEVICE(MARVELL, 0x6145), board_ahci_mv }, /* 6145 */ + { PCI_VDEVICE(MARVELL, 0x6121), board_ahci_mv }, /* 6121 */ +@@ -400,6 +405,9 @@ static const struct pci_device_id ahci_pci_tbl[] = { + { PCI_VDEVICE(ASMEDIA, 0x0611), board_ahci }, /* ASM1061 */ + { PCI_VDEVICE(ASMEDIA, 0x0612), board_ahci }, /* ASM1062 */ + ++ /* Enmotus */ ++ { PCI_DEVICE(0x1c44, 0x8000), board_ahci }, ++ + /* Generic, PCI class code for AHCI */ + { PCI_ANY_ID, PCI_ANY_ID, PCI_ANY_ID, PCI_ANY_ID, + PCI_CLASS_STORAGE_SATA_AHCI, 0xffffff, board_ahci }, +@@ -629,6 +637,13 @@ static int ahci_configure_dma_masks(struct pci_dev *pdev, int using_dac) + { + int rc; + ++ /* ++ * If the device fixup already set the dma_mask to some non-standard ++ * value, don't extend it here. This happens on STA2X11, for example. ++ */ ++ if (pdev->dma_mask && pdev->dma_mask < DMA_BIT_MASK(32)) ++ return 0; ++ + if (using_dac && + !pci_set_dma_mask(pdev, DMA_BIT_MASK(64))) { + rc = pci_set_consistent_dma_mask(pdev, DMA_BIT_MASK(64)); +@@ -1033,6 +1048,7 @@ static int ahci_init_one(struct pci_dev *pdev, const struct pci_device_id *ent) + struct ahci_host_priv *hpriv; + struct ata_host *host; + int n_ports, i, rc; ++ int ahci_pci_bar = AHCI_PCI_BAR_STANDARD; + + VPRINTK("ENTER\n"); + +@@ -1064,6 +1080,12 @@ static int ahci_init_one(struct pci_dev *pdev, const struct pci_device_id *ent) + dev_info(&pdev->dev, + "PDC42819 can only drive SATA devices with this driver\n"); + ++ /* Both Connext and Enmotus devices use non-standard BARs */ ++ if (pdev->vendor == PCI_VENDOR_ID_STMICRO && pdev->device == 0xCC06) ++ ahci_pci_bar = AHCI_PCI_BAR_STA2X11; ++ else if (pdev->vendor == 0x1c44 && pdev->device == 0x8000) ++ ahci_pci_bar = AHCI_PCI_BAR_ENMOTUS; ++ + /* acquire resources */ + rc = pcim_enable_device(pdev); + if (rc) +@@ -1072,7 +1094,7 @@ static int ahci_init_one(struct pci_dev *pdev, const struct pci_device_id *ent) + /* AHCI controllers often implement SFF compatible interface. + * Grab all PCI BARs just in case. + */ +- rc = pcim_iomap_regions_request_all(pdev, 1 << AHCI_PCI_BAR, DRV_NAME); ++ rc = pcim_iomap_regions_request_all(pdev, 1 << ahci_pci_bar, DRV_NAME); + if (rc == -EBUSY) + pcim_pin_device(pdev); + if (rc) +@@ -1115,7 +1137,7 @@ static int ahci_init_one(struct pci_dev *pdev, const struct pci_device_id *ent) + if ((hpriv->flags & AHCI_HFLAG_NO_MSI) || pci_enable_msi(pdev)) + pci_intx(pdev, 1); + +- hpriv->mmio = pcim_iomap_table(pdev)[AHCI_PCI_BAR]; ++ hpriv->mmio = pcim_iomap_table(pdev)[ahci_pci_bar]; + + /* save initial config */ + ahci_pci_save_initial_config(pdev, hpriv); +@@ -1179,8 +1201,8 @@ static int ahci_init_one(struct pci_dev *pdev, const struct pci_device_id *ent) + for (i = 0; i < host->n_ports; i++) { + struct ata_port *ap = host->ports[i]; + +- ata_port_pbar_desc(ap, AHCI_PCI_BAR, -1, "abar"); +- ata_port_pbar_desc(ap, AHCI_PCI_BAR, ++ ata_port_pbar_desc(ap, ahci_pci_bar, -1, "abar"); ++ ata_port_pbar_desc(ap, ahci_pci_bar, + 0x100 + ap->port_no * 0x80, "port"); + + /* set enclosure management message type */ +diff --git a/drivers/atm/iphase.h b/drivers/atm/iphase.h +index 6a0955e..53ecac5 100644 +--- a/drivers/atm/iphase.h ++++ b/drivers/atm/iphase.h +@@ -636,82 +636,82 @@ struct rx_buf_desc { + #define SEG_BASE IPHASE5575_FRAG_CONTROL_REG_BASE + #define REASS_BASE IPHASE5575_REASS_CONTROL_REG_BASE + +-typedef volatile u_int freg_t; ++typedef volatile u_int ffreg_t; + typedef u_int rreg_t; + + typedef struct _ffredn_t { +- freg_t idlehead_high; /* Idle cell header (high) */ +- freg_t idlehead_low; /* Idle cell header (low) */ +- freg_t maxrate; /* Maximum rate */ +- freg_t stparms; /* Traffic Management Parameters */ +- freg_t abrubr_abr; /* ABRUBR Priority Byte 1, TCR Byte 0 */ +- freg_t rm_type; /* */ +- u_int filler5[0x17 - 0x06]; +- freg_t cmd_reg; /* Command register */ +- u_int filler18[0x20 - 0x18]; +- freg_t cbr_base; /* CBR Pointer Base */ +- freg_t vbr_base; /* VBR Pointer Base */ +- freg_t abr_base; /* ABR Pointer Base */ +- freg_t ubr_base; /* UBR Pointer Base */ +- u_int filler24; +- freg_t vbrwq_base; /* VBR Wait Queue Base */ +- freg_t abrwq_base; /* ABR Wait Queue Base */ +- freg_t ubrwq_base; /* UBR Wait Queue Base */ +- freg_t vct_base; /* Main VC Table Base */ +- freg_t vcte_base; /* Extended Main VC Table Base */ +- u_int filler2a[0x2C - 0x2A]; +- freg_t cbr_tab_beg; /* CBR Table Begin */ +- freg_t cbr_tab_end; /* CBR Table End */ +- freg_t cbr_pointer; /* CBR Pointer */ +- u_int filler2f[0x30 - 0x2F]; +- freg_t prq_st_adr; /* Packet Ready Queue Start Address */ +- freg_t prq_ed_adr; /* Packet Ready Queue End Address */ +- freg_t prq_rd_ptr; /* Packet Ready Queue read pointer */ +- freg_t prq_wr_ptr; /* Packet Ready Queue write pointer */ +- freg_t tcq_st_adr; /* Transmit Complete Queue Start Address*/ +- freg_t tcq_ed_adr; /* Transmit Complete Queue End Address */ +- freg_t tcq_rd_ptr; /* Transmit Complete Queue read pointer */ +- freg_t tcq_wr_ptr; /* Transmit Complete Queue write pointer*/ +- u_int filler38[0x40 - 0x38]; +- freg_t queue_base; /* Base address for PRQ and TCQ */ +- freg_t desc_base; /* Base address of descriptor table */ +- u_int filler42[0x45 - 0x42]; +- freg_t mode_reg_0; /* Mode register 0 */ +- freg_t mode_reg_1; /* Mode register 1 */ +- freg_t intr_status_reg;/* Interrupt Status register */ +- freg_t mask_reg; /* Mask Register */ +- freg_t cell_ctr_high1; /* Total cell transfer count (high) */ +- freg_t cell_ctr_lo1; /* Total cell transfer count (low) */ +- freg_t state_reg; /* Status register */ +- u_int filler4c[0x58 - 0x4c]; +- freg_t curr_desc_num; /* Contains the current descriptor num */ +- freg_t next_desc; /* Next descriptor */ +- freg_t next_vc; /* Next VC */ +- u_int filler5b[0x5d - 0x5b]; +- freg_t present_slot_cnt;/* Present slot count */ +- u_int filler5e[0x6a - 0x5e]; +- freg_t new_desc_num; /* New descriptor number */ +- freg_t new_vc; /* New VC */ +- freg_t sched_tbl_ptr; /* Schedule table pointer */ +- freg_t vbrwq_wptr; /* VBR wait queue write pointer */ +- freg_t vbrwq_rptr; /* VBR wait queue read pointer */ +- freg_t abrwq_wptr; /* ABR wait queue write pointer */ +- freg_t abrwq_rptr; /* ABR wait queue read pointer */ +- freg_t ubrwq_wptr; /* UBR wait queue write pointer */ +- freg_t ubrwq_rptr; /* UBR wait queue read pointer */ +- freg_t cbr_vc; /* CBR VC */ +- freg_t vbr_sb_vc; /* VBR SB VC */ +- freg_t abr_sb_vc; /* ABR SB VC */ +- freg_t ubr_sb_vc; /* UBR SB VC */ +- freg_t vbr_next_link; /* VBR next link */ +- freg_t abr_next_link; /* ABR next link */ +- freg_t ubr_next_link; /* UBR next link */ +- u_int filler7a[0x7c-0x7a]; +- freg_t out_rate_head; /* Out of rate head */ +- u_int filler7d[0xca-0x7d]; /* pad out to full address space */ +- freg_t cell_ctr_high1_nc;/* Total cell transfer count (high) */ +- freg_t cell_ctr_lo1_nc;/* Total cell transfer count (low) */ +- u_int fillercc[0x100-0xcc]; /* pad out to full address space */ ++ ffreg_t idlehead_high; /* Idle cell header (high) */ ++ ffreg_t idlehead_low; /* Idle cell header (low) */ ++ ffreg_t maxrate; /* Maximum rate */ ++ ffreg_t stparms; /* Traffic Management Parameters */ ++ ffreg_t abrubr_abr; /* ABRUBR Priority Byte 1, TCR Byte 0 */ ++ ffreg_t rm_type; /* */ ++ u_int filler5[0x17 - 0x06]; ++ ffreg_t cmd_reg; /* Command register */ ++ u_int filler18[0x20 - 0x18]; ++ ffreg_t cbr_base; /* CBR Pointer Base */ ++ ffreg_t vbr_base; /* VBR Pointer Base */ ++ ffreg_t abr_base; /* ABR Pointer Base */ ++ ffreg_t ubr_base; /* UBR Pointer Base */ ++ u_int filler24; ++ ffreg_t vbrwq_base; /* VBR Wait Queue Base */ ++ ffreg_t abrwq_base; /* ABR Wait Queue Base */ ++ ffreg_t ubrwq_base; /* UBR Wait Queue Base */ ++ ffreg_t vct_base; /* Main VC Table Base */ ++ ffreg_t vcte_base; /* Extended Main VC Table Base */ ++ u_int filler2a[0x2C - 0x2A]; ++ ffreg_t cbr_tab_beg; /* CBR Table Begin */ ++ ffreg_t cbr_tab_end; /* CBR Table End */ ++ ffreg_t cbr_pointer; /* CBR Pointer */ ++ u_int filler2f[0x30 - 0x2F]; ++ ffreg_t prq_st_adr; /* Packet Ready Queue Start Address */ ++ ffreg_t prq_ed_adr; /* Packet Ready Queue End Address */ ++ ffreg_t prq_rd_ptr; /* Packet Ready Queue read pointer */ ++ ffreg_t prq_wr_ptr; /* Packet Ready Queue write pointer */ ++ ffreg_t tcq_st_adr; /* Transmit Complete Queue Start Address*/ ++ ffreg_t tcq_ed_adr; /* Transmit Complete Queue End Address */ ++ ffreg_t tcq_rd_ptr; /* Transmit Complete Queue read pointer */ ++ ffreg_t tcq_wr_ptr; /* Transmit Complete Queue write pointer*/ ++ u_int filler38[0x40 - 0x38]; ++ ffreg_t queue_base; /* Base address for PRQ and TCQ */ ++ ffreg_t desc_base; /* Base address of descriptor table */ ++ u_int filler42[0x45 - 0x42]; ++ ffreg_t mode_reg_0; /* Mode register 0 */ ++ ffreg_t mode_reg_1; /* Mode register 1 */ ++ ffreg_t intr_status_reg;/* Interrupt Status register */ ++ ffreg_t mask_reg; /* Mask Register */ ++ ffreg_t cell_ctr_high1; /* Total cell transfer count (high) */ ++ ffreg_t cell_ctr_lo1; /* Total cell transfer count (low) */ ++ ffreg_t state_reg; /* Status register */ ++ u_int filler4c[0x58 - 0x4c]; ++ ffreg_t curr_desc_num; /* Contains the current descriptor num */ ++ ffreg_t next_desc; /* Next descriptor */ ++ ffreg_t next_vc; /* Next VC */ ++ u_int filler5b[0x5d - 0x5b]; ++ ffreg_t present_slot_cnt;/* Present slot count */ ++ u_int filler5e[0x6a - 0x5e]; ++ ffreg_t new_desc_num; /* New descriptor number */ ++ ffreg_t new_vc; /* New VC */ ++ ffreg_t sched_tbl_ptr; /* Schedule table pointer */ ++ ffreg_t vbrwq_wptr; /* VBR wait queue write pointer */ ++ ffreg_t vbrwq_rptr; /* VBR wait queue read pointer */ ++ ffreg_t abrwq_wptr; /* ABR wait queue write pointer */ ++ ffreg_t abrwq_rptr; /* ABR wait queue read pointer */ ++ ffreg_t ubrwq_wptr; /* UBR wait queue write pointer */ ++ ffreg_t ubrwq_rptr; /* UBR wait queue read pointer */ ++ ffreg_t cbr_vc; /* CBR VC */ ++ ffreg_t vbr_sb_vc; /* VBR SB VC */ ++ ffreg_t abr_sb_vc; /* ABR SB VC */ ++ ffreg_t ubr_sb_vc; /* UBR SB VC */ ++ ffreg_t vbr_next_link; /* VBR next link */ ++ ffreg_t abr_next_link; /* ABR next link */ ++ ffreg_t ubr_next_link; /* UBR next link */ ++ u_int filler7a[0x7c-0x7a]; ++ ffreg_t out_rate_head; /* Out of rate head */ ++ u_int filler7d[0xca-0x7d]; /* pad out to full address space */ ++ ffreg_t cell_ctr_high1_nc;/* Total cell transfer count (high) */ ++ ffreg_t cell_ctr_lo1_nc;/* Total cell transfer count (low) */ ++ u_int fillercc[0x100-0xcc]; /* pad out to full address space */ + } ffredn_t; + + typedef struct _rfredn_t { +diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c +index 8e3c46d..7795d1e 100644 +--- a/drivers/char/virtio_console.c ++++ b/drivers/char/virtio_console.c +@@ -1789,7 +1789,8 @@ static void virtcons_remove(struct virtio_device *vdev) + /* Disable interrupts for vqs */ + vdev->config->reset(vdev); + /* Finish up work that's lined up */ +- cancel_work_sync(&portdev->control_work); ++ if (use_multiport(portdev)) ++ cancel_work_sync(&portdev->control_work); + + list_for_each_entry_safe(port, port2, &portdev->ports, list) + unplug_port(port); +diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c +index c05e825..7817429 100644 +--- a/drivers/gpu/drm/i915/intel_display.c ++++ b/drivers/gpu/drm/i915/intel_display.c +@@ -7156,8 +7156,6 @@ static int intel_gen4_queue_flip(struct drm_device *dev, + OUT_RING(pf | pipesrc); + + intel_mark_page_flip_active(intel_crtc); +- +- intel_mark_page_flip_active(intel_crtc); + ADVANCE_LP_RING(); + return 0; + +@@ -7193,6 +7191,8 @@ static int intel_gen6_queue_flip(struct drm_device *dev, + pf = I915_READ(PF_CTL(intel_crtc->pipe)) & PF_ENABLE; + pipesrc = I915_READ(PIPESRC(intel_crtc->pipe)) & 0x0fff0fff; + OUT_RING(pf | pipesrc); ++ ++ intel_mark_page_flip_active(intel_crtc); + ADVANCE_LP_RING(); + return 0; + +diff --git a/drivers/gpu/drm/radeon/radeon_combios.c b/drivers/gpu/drm/radeon/radeon_combios.c +index 1b98338..ec36dd9 100644 +--- a/drivers/gpu/drm/radeon/radeon_combios.c ++++ b/drivers/gpu/drm/radeon/radeon_combios.c +@@ -2455,6 +2455,14 @@ bool radeon_get_legacy_connector_info_from_bios(struct drm_device *dev) + 1), + ATOM_DEVICE_CRT1_SUPPORT); + } ++ /* RV100 board with external TDMS bit mis-set. ++ * Actually uses internal TMDS, clear the bit. ++ */ ++ if (dev->pdev->device == 0x5159 && ++ dev->pdev->subsystem_vendor == 0x1014 && ++ dev->pdev->subsystem_device == 0x029A) { ++ tmp &= ~(1 << 4); ++ } + if ((tmp >> 4) & 0x1) { + devices |= ATOM_DEVICE_DFP2_SUPPORT; + radeon_add_legacy_encoder(dev, +diff --git a/drivers/gpu/drm/radeon/radeon_display.c b/drivers/gpu/drm/radeon/radeon_display.c +index aec8e0c..63e7143 100644 +--- a/drivers/gpu/drm/radeon/radeon_display.c ++++ b/drivers/gpu/drm/radeon/radeon_display.c +@@ -1110,8 +1110,10 @@ radeon_user_framebuffer_create(struct drm_device *dev, + } + + radeon_fb = kzalloc(sizeof(*radeon_fb), GFP_KERNEL); +- if (radeon_fb == NULL) ++ if (radeon_fb == NULL) { ++ drm_gem_object_unreference_unlocked(obj); + return ERR_PTR(-ENOMEM); ++ } + + radeon_framebuffer_init(dev, radeon_fb, mode_cmd, obj); + +diff --git a/drivers/gpu/drm/radeon/radeon_ring.c b/drivers/gpu/drm/radeon/radeon_ring.c +index 49d5820..65be5e8 100644 +--- a/drivers/gpu/drm/radeon/radeon_ring.c ++++ b/drivers/gpu/drm/radeon/radeon_ring.c +@@ -306,6 +306,9 @@ int radeon_ring_alloc(struct radeon_device *rdev, unsigned ndw) + { + int r; + ++ /* make sure we aren't trying to allocate more space than there is on the ring */ ++ if (ndw > (rdev->cp.ring_size / 4)) ++ return -ENOMEM; + /* Align requested size with padding so unlock_commit can + * pad safely */ + ndw = (ndw + rdev->cp.align_mask) & ~rdev->cp.align_mask; +diff --git a/drivers/hid/hid-ids.h b/drivers/hid/hid-ids.h +index 2d41336..c15c38e 100644 +--- a/drivers/hid/hid-ids.h ++++ b/drivers/hid/hid-ids.h +@@ -278,6 +278,9 @@ + #define USB_VENDOR_ID_EZKEY 0x0518 + #define USB_DEVICE_ID_BTC_8193 0x0002 + ++#define USB_VENDOR_ID_FORMOSA 0x147a ++#define USB_DEVICE_ID_FORMOSA_IR_RECEIVER 0xe03e ++ + #define USB_VENDOR_ID_FREESCALE 0x15A2 + #define USB_DEVICE_ID_FREESCALE_MX28 0x004F + +diff --git a/drivers/hid/usbhid/hid-quirks.c b/drivers/hid/usbhid/hid-quirks.c +index aec3fa3..e26eddf 100644 +--- a/drivers/hid/usbhid/hid-quirks.c ++++ b/drivers/hid/usbhid/hid-quirks.c +@@ -68,6 +68,7 @@ static const struct hid_blacklist { + { USB_VENDOR_ID_CH, USB_DEVICE_ID_CH_AXIS_295, HID_QUIRK_NOGET }, + { USB_VENDOR_ID_DMI, USB_DEVICE_ID_DMI_ENC, HID_QUIRK_NOGET }, + { USB_VENDOR_ID_ELO, USB_DEVICE_ID_ELO_TS2700, HID_QUIRK_NOGET }, ++ { USB_VENDOR_ID_FORMOSA, USB_DEVICE_ID_FORMOSA_IR_RECEIVER, HID_QUIRK_NO_INIT_REPORTS }, + { USB_VENDOR_ID_FREESCALE, USB_DEVICE_ID_FREESCALE_MX28, HID_QUIRK_NOGET }, + { USB_VENDOR_ID_MGE, USB_DEVICE_ID_MGE_UPS, HID_QUIRK_NOGET }, + { USB_VENDOR_ID_PIXART, USB_DEVICE_ID_PIXART_OPTICAL_TOUCH_SCREEN, HID_QUIRK_NO_INIT_REPORTS }, +diff --git a/drivers/isdn/gigaset/capi.c b/drivers/isdn/gigaset/capi.c +index fd17bb3..08c2329 100644 +--- a/drivers/isdn/gigaset/capi.c ++++ b/drivers/isdn/gigaset/capi.c +@@ -264,6 +264,8 @@ static inline void dump_rawmsg(enum debuglevel level, const char *tag, + CAPIMSG_APPID(data), CAPIMSG_MSGID(data), l, + CAPIMSG_CONTROL(data)); + l -= 12; ++ if (l <= 0) ++ return; + dbgline = kmalloc(3*l, GFP_ATOMIC); + if (!dbgline) + return; +diff --git a/drivers/media/video/gspca/kinect.c b/drivers/media/video/gspca/kinect.c +index 4fe51fd..acaef66 100644 +--- a/drivers/media/video/gspca/kinect.c ++++ b/drivers/media/video/gspca/kinect.c +@@ -390,6 +390,7 @@ static const struct sd_desc sd_desc = { + /* -- module initialisation -- */ + static const struct usb_device_id device_table[] = { + {USB_DEVICE(0x045e, 0x02ae)}, ++ {USB_DEVICE(0x045e, 0x02bf)}, + {} + }; + +diff --git a/drivers/net/can/c_can/c_can.c b/drivers/net/can/c_can/c_can.c +index 21a3d77..64647d4 100644 +--- a/drivers/net/can/c_can/c_can.c ++++ b/drivers/net/can/c_can/c_can.c +@@ -446,8 +446,12 @@ static void c_can_setup_receive_object(struct net_device *dev, int iface, + + priv->write_reg(priv, &priv->regs->ifregs[iface].mask1, + IFX_WRITE_LOW_16BIT(mask)); ++ ++ /* According to C_CAN documentation, the reserved bit ++ * in IFx_MASK2 register is fixed 1 ++ */ + priv->write_reg(priv, &priv->regs->ifregs[iface].mask2, +- IFX_WRITE_HIGH_16BIT(mask)); ++ IFX_WRITE_HIGH_16BIT(mask) | BIT(13)); + + priv->write_reg(priv, &priv->regs->ifregs[iface].arb1, + IFX_WRITE_LOW_16BIT(id)); +diff --git a/drivers/net/ethernet/broadcom/tg3.c b/drivers/net/ethernet/broadcom/tg3.c +index 01bc102..c86fa50 100644 +--- a/drivers/net/ethernet/broadcom/tg3.c ++++ b/drivers/net/ethernet/broadcom/tg3.c +@@ -1135,14 +1135,26 @@ static int tg3_phy_auxctl_write(struct tg3 *tp, int reg, u32 set) + return tg3_writephy(tp, MII_TG3_AUX_CTRL, set | reg); + } + +-#define TG3_PHY_AUXCTL_SMDSP_ENABLE(tp) \ +- tg3_phy_auxctl_write((tp), MII_TG3_AUXCTL_SHDWSEL_AUXCTL, \ +- MII_TG3_AUXCTL_ACTL_SMDSP_ENA | \ +- MII_TG3_AUXCTL_ACTL_TX_6DB) ++static int tg3_phy_toggle_auxctl_smdsp(struct tg3 *tp, bool enable) ++{ ++ u32 val; ++ int err; + +-#define TG3_PHY_AUXCTL_SMDSP_DISABLE(tp) \ +- tg3_phy_auxctl_write((tp), MII_TG3_AUXCTL_SHDWSEL_AUXCTL, \ +- MII_TG3_AUXCTL_ACTL_TX_6DB); ++ err = tg3_phy_auxctl_read(tp, MII_TG3_AUXCTL_SHDWSEL_AUXCTL, &val); ++ ++ if (err) ++ return err; ++ if (enable) ++ ++ val |= MII_TG3_AUXCTL_ACTL_SMDSP_ENA; ++ else ++ val &= ~MII_TG3_AUXCTL_ACTL_SMDSP_ENA; ++ ++ err = tg3_phy_auxctl_write((tp), MII_TG3_AUXCTL_SHDWSEL_AUXCTL, ++ val | MII_TG3_AUXCTL_ACTL_TX_6DB); ++ ++ return err; ++} + + static int tg3_bmcr_reset(struct tg3 *tp) + { +@@ -2087,7 +2099,7 @@ static void tg3_phy_apply_otp(struct tg3 *tp) + + otp = tp->phy_otp; + +- if (TG3_PHY_AUXCTL_SMDSP_ENABLE(tp)) ++ if (tg3_phy_toggle_auxctl_smdsp(tp, true)) + return; + + phy = ((otp & TG3_OTP_AGCTGT_MASK) >> TG3_OTP_AGCTGT_SHIFT); +@@ -2112,7 +2124,7 @@ static void tg3_phy_apply_otp(struct tg3 *tp) + ((otp & TG3_OTP_RCOFF_MASK) >> TG3_OTP_RCOFF_SHIFT); + tg3_phydsp_write(tp, MII_TG3_DSP_EXP97, phy); + +- TG3_PHY_AUXCTL_SMDSP_DISABLE(tp); ++ tg3_phy_toggle_auxctl_smdsp(tp, false); + } + + static void tg3_phy_eee_adjust(struct tg3 *tp, u32 current_link_up) +@@ -2148,9 +2160,9 @@ static void tg3_phy_eee_adjust(struct tg3 *tp, u32 current_link_up) + + if (!tp->setlpicnt) { + if (current_link_up == 1 && +- !TG3_PHY_AUXCTL_SMDSP_ENABLE(tp)) { ++ !tg3_phy_toggle_auxctl_smdsp(tp, true)) { + tg3_phydsp_write(tp, MII_TG3_DSP_TAP26, 0x0000); +- TG3_PHY_AUXCTL_SMDSP_DISABLE(tp); ++ tg3_phy_toggle_auxctl_smdsp(tp, false); + } + + val = tr32(TG3_CPMU_EEE_MODE); +@@ -2166,11 +2178,11 @@ static void tg3_phy_eee_enable(struct tg3 *tp) + (GET_ASIC_REV(tp->pci_chip_rev_id) == ASIC_REV_5717 || + GET_ASIC_REV(tp->pci_chip_rev_id) == ASIC_REV_5719 || + GET_ASIC_REV(tp->pci_chip_rev_id) == ASIC_REV_57765) && +- !TG3_PHY_AUXCTL_SMDSP_ENABLE(tp)) { ++ !tg3_phy_toggle_auxctl_smdsp(tp, true)) { + val = MII_TG3_DSP_TAP26_ALNOKO | + MII_TG3_DSP_TAP26_RMRXSTO; + tg3_phydsp_write(tp, MII_TG3_DSP_TAP26, val); +- TG3_PHY_AUXCTL_SMDSP_DISABLE(tp); ++ tg3_phy_toggle_auxctl_smdsp(tp, false); + } + + val = tr32(TG3_CPMU_EEE_MODE); +@@ -2314,7 +2326,7 @@ static int tg3_phy_reset_5703_4_5(struct tg3 *tp) + tg3_writephy(tp, MII_CTRL1000, + CTL1000_AS_MASTER | CTL1000_ENABLE_MASTER); + +- err = TG3_PHY_AUXCTL_SMDSP_ENABLE(tp); ++ err = tg3_phy_toggle_auxctl_smdsp(tp, true); + if (err) + return err; + +@@ -2335,7 +2347,7 @@ static int tg3_phy_reset_5703_4_5(struct tg3 *tp) + tg3_writephy(tp, MII_TG3_DSP_ADDRESS, 0x8200); + tg3_writephy(tp, MII_TG3_DSP_CONTROL, 0x0000); + +- TG3_PHY_AUXCTL_SMDSP_DISABLE(tp); ++ tg3_phy_toggle_auxctl_smdsp(tp, false); + + tg3_writephy(tp, MII_CTRL1000, phy9_orig); + +@@ -2424,10 +2436,10 @@ static int tg3_phy_reset(struct tg3 *tp) + + out: + if ((tp->phy_flags & TG3_PHYFLG_ADC_BUG) && +- !TG3_PHY_AUXCTL_SMDSP_ENABLE(tp)) { ++ !tg3_phy_toggle_auxctl_smdsp(tp, true)) { + tg3_phydsp_write(tp, 0x201f, 0x2aaa); + tg3_phydsp_write(tp, 0x000a, 0x0323); +- TG3_PHY_AUXCTL_SMDSP_DISABLE(tp); ++ tg3_phy_toggle_auxctl_smdsp(tp, false); + } + + if (tp->phy_flags & TG3_PHYFLG_5704_A0_BUG) { +@@ -2436,14 +2448,14 @@ out: + } + + if (tp->phy_flags & TG3_PHYFLG_BER_BUG) { +- if (!TG3_PHY_AUXCTL_SMDSP_ENABLE(tp)) { ++ if (!tg3_phy_toggle_auxctl_smdsp(tp, true)) { + tg3_phydsp_write(tp, 0x000a, 0x310b); + tg3_phydsp_write(tp, 0x201f, 0x9506); + tg3_phydsp_write(tp, 0x401f, 0x14e2); +- TG3_PHY_AUXCTL_SMDSP_DISABLE(tp); ++ tg3_phy_toggle_auxctl_smdsp(tp, false); + } + } else if (tp->phy_flags & TG3_PHYFLG_JITTER_BUG) { +- if (!TG3_PHY_AUXCTL_SMDSP_ENABLE(tp)) { ++ if (!tg3_phy_toggle_auxctl_smdsp(tp, true)) { + tg3_writephy(tp, MII_TG3_DSP_ADDRESS, 0x000a); + if (tp->phy_flags & TG3_PHYFLG_ADJUST_TRIM) { + tg3_writephy(tp, MII_TG3_DSP_RW_PORT, 0x110b); +@@ -2452,7 +2464,7 @@ out: + } else + tg3_writephy(tp, MII_TG3_DSP_RW_PORT, 0x010b); + +- TG3_PHY_AUXCTL_SMDSP_DISABLE(tp); ++ tg3_phy_toggle_auxctl_smdsp(tp, false); + } + } + +@@ -3639,7 +3651,7 @@ static int tg3_phy_autoneg_cfg(struct tg3 *tp, u32 advertise, u32 flowctrl) + tw32(TG3_CPMU_EEE_MODE, + tr32(TG3_CPMU_EEE_MODE) & ~TG3_CPMU_EEEMD_LPI_ENABLE); + +- err = TG3_PHY_AUXCTL_SMDSP_ENABLE(tp); ++ err = tg3_phy_toggle_auxctl_smdsp(tp, true); + if (!err) { + u32 err2; + +@@ -3671,7 +3683,7 @@ static int tg3_phy_autoneg_cfg(struct tg3 *tp, u32 advertise, u32 flowctrl) + MII_TG3_DSP_CH34TP2_HIBW01); + } + +- err2 = TG3_PHY_AUXCTL_SMDSP_DISABLE(tp); ++ err2 = tg3_phy_toggle_auxctl_smdsp(tp, false); + if (!err) + err = err2; + } +@@ -6353,6 +6365,9 @@ static void tg3_poll_controller(struct net_device *dev) + int i; + struct tg3 *tp = netdev_priv(dev); + ++ if (tg3_irq_sync(tp)) ++ return; ++ + for (i = 0; i < tp->irq_cnt; i++) + tg3_interrupt(tp->napi[i].irq_vec, &tp->napi[i]); + } +@@ -15388,6 +15403,7 @@ static int __devinit tg3_init_one(struct pci_dev *pdev, + tp->pm_cap = pm_cap; + tp->rx_mode = TG3_DEF_RX_MODE; + tp->tx_mode = TG3_DEF_TX_MODE; ++ tp->irq_sync = 1; + + if (tg3_debug > 0) + tp->msg_enable = tg3_debug; +diff --git a/drivers/net/ethernet/qlogic/netxen/netxen_nic_init.c b/drivers/net/ethernet/qlogic/netxen/netxen_nic_init.c +index a8259cc..5674145 100644 +--- a/drivers/net/ethernet/qlogic/netxen/netxen_nic_init.c ++++ b/drivers/net/ethernet/qlogic/netxen/netxen_nic_init.c +@@ -144,7 +144,7 @@ void netxen_release_tx_buffers(struct netxen_adapter *adapter) + buffrag->length, PCI_DMA_TODEVICE); + buffrag->dma = 0ULL; + } +- for (j = 0; j < cmd_buf->frag_count; j++) { ++ for (j = 1; j < cmd_buf->frag_count; j++) { + buffrag++; + if (buffrag->dma) { + pci_unmap_page(adapter->pdev, buffrag->dma, +diff --git a/drivers/net/ethernet/qlogic/netxen/netxen_nic_main.c b/drivers/net/ethernet/qlogic/netxen/netxen_nic_main.c +index da5204d..4a238a4 100644 +--- a/drivers/net/ethernet/qlogic/netxen/netxen_nic_main.c ++++ b/drivers/net/ethernet/qlogic/netxen/netxen_nic_main.c +@@ -1924,10 +1924,12 @@ unwind: + while (--i >= 0) { + nf = &pbuf->frag_array[i+1]; + pci_unmap_page(pdev, nf->dma, nf->length, PCI_DMA_TODEVICE); ++ nf->dma = 0ULL; + } + + nf = &pbuf->frag_array[0]; + pci_unmap_single(pdev, nf->dma, skb_headlen(skb), PCI_DMA_TODEVICE); ++ nf->dma = 0ULL; + + out_err: + return -ENOMEM; +diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c +index b8db4cd..a6153f1 100644 +--- a/drivers/net/ethernet/realtek/r8169.c ++++ b/drivers/net/ethernet/realtek/r8169.c +@@ -5829,13 +5829,6 @@ static int rtl8169_rx_interrupt(struct net_device *dev, + dev->stats.rx_bytes += pkt_size; + dev->stats.rx_packets++; + } +- +- /* Work around for AMD plateform. */ +- if ((desc->opts2 & cpu_to_le32(0xfffe000)) && +- (tp->mac_version == RTL_GIGA_MAC_VER_05)) { +- desc->opts2 = 0; +- cur_rx++; +- } + } + + count = cur_rx - tp->cur_rx; +diff --git a/drivers/net/loopback.c b/drivers/net/loopback.c +index 4ce9e5f..d0893e4 100644 +--- a/drivers/net/loopback.c ++++ b/drivers/net/loopback.c +@@ -78,6 +78,11 @@ static netdev_tx_t loopback_xmit(struct sk_buff *skb, + + skb_orphan(skb); + ++ /* Before queueing this packet to netif_rx(), ++ * make sure dst is refcounted. ++ */ ++ skb_dst_force(skb); ++ + skb->protocol = eth_type_trans(skb, dev); + + /* it's OK to use per_cpu_ptr() because BHs are off */ +diff --git a/drivers/net/wireless/mwifiex/scan.c b/drivers/net/wireless/mwifiex/scan.c +index 8d3ab37..6618dd6 100644 +--- a/drivers/net/wireless/mwifiex/scan.c ++++ b/drivers/net/wireless/mwifiex/scan.c +@@ -1594,7 +1594,7 @@ int mwifiex_ret_802_11_scan(struct mwifiex_private *priv, + dev_err(adapter->dev, "SCAN_RESP: too many AP returned (%d)\n", + scan_rsp->number_of_sets); + ret = -1; +- goto done; ++ goto check_next_scan; + } + + bytes_left = le16_to_cpu(scan_rsp->bss_descript_size); +@@ -1663,7 +1663,8 @@ int mwifiex_ret_802_11_scan(struct mwifiex_private *priv, + if (!beacon_size || beacon_size > bytes_left) { + bss_info += bytes_left; + bytes_left = 0; +- return -1; ++ ret = -1; ++ goto check_next_scan; + } + + /* Initialize the current working beacon pointer for this BSS +@@ -1716,7 +1717,7 @@ int mwifiex_ret_802_11_scan(struct mwifiex_private *priv, + dev_err(priv->adapter->dev, "%s: in processing" + " IE, bytes left < IE length\n", + __func__); +- goto done; ++ goto check_next_scan; + } + if (element_id == WLAN_EID_DS_PARAMS) { + channel = *(u8 *) (current_ptr + +@@ -1782,6 +1783,7 @@ int mwifiex_ret_802_11_scan(struct mwifiex_private *priv, + } + } + ++check_next_scan: + spin_lock_irqsave(&adapter->scan_pending_q_lock, flags); + if (list_empty(&adapter->scan_pending_q)) { + spin_unlock_irqrestore(&adapter->scan_pending_q_lock, flags); +@@ -1812,7 +1814,6 @@ int mwifiex_ret_802_11_scan(struct mwifiex_private *priv, + mwifiex_insert_cmd_to_pending_q(adapter, cmd_node, true); + } + +-done: + return ret; + } + +diff --git a/drivers/net/wireless/rt2x00/rt2500usb.c b/drivers/net/wireless/rt2x00/rt2500usb.c +index 22ed6df..2be9880 100644 +--- a/drivers/net/wireless/rt2x00/rt2500usb.c ++++ b/drivers/net/wireless/rt2x00/rt2500usb.c +@@ -1921,7 +1921,7 @@ static struct usb_device_id rt2500usb_device_table[] = { + { USB_DEVICE(0x0b05, 0x1706) }, + { USB_DEVICE(0x0b05, 0x1707) }, + /* Belkin */ +- { USB_DEVICE(0x050d, 0x7050) }, ++ { USB_DEVICE(0x050d, 0x7050) }, /* FCC ID: K7SF5D7050A ver. 2.x */ + { USB_DEVICE(0x050d, 0x7051) }, + /* Cisco Systems */ + { USB_DEVICE(0x13b1, 0x000d) }, +diff --git a/drivers/net/wireless/rt2x00/rt2800usb.c b/drivers/net/wireless/rt2x00/rt2800usb.c +index b66a61b..3d4ea1f 100644 +--- a/drivers/net/wireless/rt2x00/rt2800usb.c ++++ b/drivers/net/wireless/rt2x00/rt2800usb.c +@@ -959,6 +959,7 @@ static struct usb_device_id rt2800usb_device_table[] = { + { USB_DEVICE(0x07d1, 0x3c15) }, + { USB_DEVICE(0x07d1, 0x3c16) }, + { USB_DEVICE(0x2001, 0x3c1b) }, ++ { USB_DEVICE(0x2001, 0x3c1e) }, + /* Draytek */ + { USB_DEVICE(0x07fa, 0x7712) }, + /* DVICO */ +@@ -1090,6 +1091,7 @@ static struct usb_device_id rt2800usb_device_table[] = { + { USB_DEVICE(0x177f, 0x0153) }, + { USB_DEVICE(0x177f, 0x0302) }, + { USB_DEVICE(0x177f, 0x0313) }, ++ { USB_DEVICE(0x177f, 0x0323) }, + /* U-Media */ + { USB_DEVICE(0x157e, 0x300e) }, + { USB_DEVICE(0x157e, 0x3013) }, +diff --git a/drivers/net/wireless/rt2x00/rt73usb.c b/drivers/net/wireless/rt2x00/rt73usb.c +index 2ad468d..9e724eb 100644 +--- a/drivers/net/wireless/rt2x00/rt73usb.c ++++ b/drivers/net/wireless/rt2x00/rt73usb.c +@@ -2421,6 +2421,7 @@ static struct usb_device_id rt73usb_device_table[] = { + { USB_DEVICE(0x0b05, 0x1723) }, + { USB_DEVICE(0x0b05, 0x1724) }, + /* Belkin */ ++ { USB_DEVICE(0x050d, 0x7050) }, /* FCC ID: K7SF5D7050B ver. 3.x */ + { USB_DEVICE(0x050d, 0x705a) }, + { USB_DEVICE(0x050d, 0x905b) }, + { USB_DEVICE(0x050d, 0x905c) }, +diff --git a/drivers/net/wireless/rtlwifi/usb.c b/drivers/net/wireless/rtlwifi/usb.c +index a49e848..30dd0a9 100644 +--- a/drivers/net/wireless/rtlwifi/usb.c ++++ b/drivers/net/wireless/rtlwifi/usb.c +@@ -503,8 +503,8 @@ static void _rtl_rx_pre_process(struct ieee80211_hw *hw, struct sk_buff *skb) + WARN_ON(skb_queue_empty(&rx_queue)); + while (!skb_queue_empty(&rx_queue)) { + _skb = skb_dequeue(&rx_queue); +- _rtl_usb_rx_process_agg(hw, skb); +- ieee80211_rx_irqsafe(hw, skb); ++ _rtl_usb_rx_process_agg(hw, _skb); ++ ieee80211_rx_irqsafe(hw, _skb); + } + } + +diff --git a/drivers/net/xen-netback/common.h b/drivers/net/xen-netback/common.h +index 94b79c3..9d7f172 100644 +--- a/drivers/net/xen-netback/common.h ++++ b/drivers/net/xen-netback/common.h +@@ -151,6 +151,9 @@ void xen_netbk_queue_tx_skb(struct xenvif *vif, struct sk_buff *skb); + /* Notify xenvif that ring now has space to send an skb to the frontend */ + void xenvif_notify_tx_completion(struct xenvif *vif); + ++/* Prevent the device from generating any further traffic. */ ++void xenvif_carrier_off(struct xenvif *vif); ++ + /* Returns number of ring slots required to send an skb to the frontend */ + unsigned int xen_netbk_count_skb_slots(struct xenvif *vif, struct sk_buff *skb); + +diff --git a/drivers/net/xen-netback/interface.c b/drivers/net/xen-netback/interface.c +index 1825629..5925e0b 100644 +--- a/drivers/net/xen-netback/interface.c ++++ b/drivers/net/xen-netback/interface.c +@@ -342,17 +342,22 @@ err: + return err; + } + +-void xenvif_disconnect(struct xenvif *vif) ++void xenvif_carrier_off(struct xenvif *vif) + { + struct net_device *dev = vif->dev; +- if (netif_carrier_ok(dev)) { +- rtnl_lock(); +- netif_carrier_off(dev); /* discard queued packets */ +- if (netif_running(dev)) +- xenvif_down(vif); +- rtnl_unlock(); +- xenvif_put(vif); +- } ++ ++ rtnl_lock(); ++ netif_carrier_off(dev); /* discard queued packets */ ++ if (netif_running(dev)) ++ xenvif_down(vif); ++ rtnl_unlock(); ++ xenvif_put(vif); ++} ++ ++void xenvif_disconnect(struct xenvif *vif) ++{ ++ if (netif_carrier_ok(vif->dev)) ++ xenvif_carrier_off(vif); + + atomic_dec(&vif->refcnt); + wait_event(vif->waiting_to_free, atomic_read(&vif->refcnt) == 0); +diff --git a/drivers/net/xen-netback/netback.c b/drivers/net/xen-netback/netback.c +index 15e332d..b802bb3 100644 +--- a/drivers/net/xen-netback/netback.c ++++ b/drivers/net/xen-netback/netback.c +@@ -146,7 +146,8 @@ void xen_netbk_remove_xenvif(struct xenvif *vif) + atomic_dec(&netbk->netfront_count); + } + +-static void xen_netbk_idx_release(struct xen_netbk *netbk, u16 pending_idx); ++static void xen_netbk_idx_release(struct xen_netbk *netbk, u16 pending_idx, ++ u8 status); + static void make_tx_response(struct xenvif *vif, + struct xen_netif_tx_request *txp, + s8 st); +@@ -851,7 +852,7 @@ static void netbk_tx_err(struct xenvif *vif, + + do { + make_tx_response(vif, txp, XEN_NETIF_RSP_ERROR); +- if (cons >= end) ++ if (cons == end) + break; + txp = RING_GET_REQUEST(&vif->tx, cons++); + } while (1); +@@ -860,6 +861,13 @@ static void netbk_tx_err(struct xenvif *vif, + xenvif_put(vif); + } + ++static void netbk_fatal_tx_err(struct xenvif *vif) ++{ ++ netdev_err(vif->dev, "fatal error; disabling device\n"); ++ xenvif_carrier_off(vif); ++ xenvif_put(vif); ++} ++ + static int netbk_count_requests(struct xenvif *vif, + struct xen_netif_tx_request *first, + struct xen_netif_tx_request *txp, +@@ -873,19 +881,22 @@ static int netbk_count_requests(struct xenvif *vif, + + do { + if (frags >= work_to_do) { +- netdev_dbg(vif->dev, "Need more frags\n"); ++ netdev_err(vif->dev, "Need more frags\n"); ++ netbk_fatal_tx_err(vif); + return -frags; + } + + if (unlikely(frags >= MAX_SKB_FRAGS)) { +- netdev_dbg(vif->dev, "Too many frags\n"); ++ netdev_err(vif->dev, "Too many frags\n"); ++ netbk_fatal_tx_err(vif); + return -frags; + } + + memcpy(txp, RING_GET_REQUEST(&vif->tx, cons + frags), + sizeof(*txp)); + if (txp->size > first->size) { +- netdev_dbg(vif->dev, "Frags galore\n"); ++ netdev_err(vif->dev, "Frag is bigger than frame.\n"); ++ netbk_fatal_tx_err(vif); + return -frags; + } + +@@ -893,8 +904,9 @@ static int netbk_count_requests(struct xenvif *vif, + frags++; + + if (unlikely((txp->offset + txp->size) > PAGE_SIZE)) { +- netdev_dbg(vif->dev, "txp->offset: %x, size: %u\n", ++ netdev_err(vif->dev, "txp->offset: %x, size: %u\n", + txp->offset, txp->size); ++ netbk_fatal_tx_err(vif); + return -frags; + } + } while ((txp++)->flags & XEN_NETTXF_more_data); +@@ -938,7 +950,7 @@ static struct gnttab_copy *xen_netbk_get_requests(struct xen_netbk *netbk, + pending_idx = netbk->pending_ring[index]; + page = xen_netbk_alloc_page(netbk, skb, pending_idx); + if (!page) +- return NULL; ++ goto err; + + netbk->mmap_pages[pending_idx] = page; + +@@ -962,6 +974,17 @@ static struct gnttab_copy *xen_netbk_get_requests(struct xen_netbk *netbk, + } + + return gop; ++err: ++ /* Unwind, freeing all pages and sending error responses. */ ++ while (i-- > start) { ++ xen_netbk_idx_release(netbk, frag_get_pending_idx(&frags[i]), ++ XEN_NETIF_RSP_ERROR); ++ } ++ /* The head too, if necessary. */ ++ if (start) ++ xen_netbk_idx_release(netbk, pending_idx, XEN_NETIF_RSP_ERROR); ++ ++ return NULL; + } + + static int xen_netbk_tx_check_gop(struct xen_netbk *netbk, +@@ -970,30 +993,20 @@ static int xen_netbk_tx_check_gop(struct xen_netbk *netbk, + { + struct gnttab_copy *gop = *gopp; + u16 pending_idx = *((u16 *)skb->data); +- struct pending_tx_info *pending_tx_info = netbk->pending_tx_info; +- struct xenvif *vif = pending_tx_info[pending_idx].vif; +- struct xen_netif_tx_request *txp; + struct skb_shared_info *shinfo = skb_shinfo(skb); + int nr_frags = shinfo->nr_frags; + int i, err, start; + + /* Check status of header. */ + err = gop->status; +- if (unlikely(err)) { +- pending_ring_idx_t index; +- index = pending_index(netbk->pending_prod++); +- txp = &pending_tx_info[pending_idx].req; +- make_tx_response(vif, txp, XEN_NETIF_RSP_ERROR); +- netbk->pending_ring[index] = pending_idx; +- xenvif_put(vif); +- } ++ if (unlikely(err)) ++ xen_netbk_idx_release(netbk, pending_idx, XEN_NETIF_RSP_ERROR); + + /* Skip first skb fragment if it is on same page as header fragment. */ + start = (frag_get_pending_idx(&shinfo->frags[0]) == pending_idx); + + for (i = start; i < nr_frags; i++) { + int j, newerr; +- pending_ring_idx_t index; + + pending_idx = frag_get_pending_idx(&shinfo->frags[i]); + +@@ -1002,16 +1015,12 @@ static int xen_netbk_tx_check_gop(struct xen_netbk *netbk, + if (likely(!newerr)) { + /* Had a previous error? Invalidate this fragment. */ + if (unlikely(err)) +- xen_netbk_idx_release(netbk, pending_idx); ++ xen_netbk_idx_release(netbk, pending_idx, XEN_NETIF_RSP_OKAY); + continue; + } + + /* Error on this fragment: respond to client with an error. */ +- txp = &netbk->pending_tx_info[pending_idx].req; +- make_tx_response(vif, txp, XEN_NETIF_RSP_ERROR); +- index = pending_index(netbk->pending_prod++); +- netbk->pending_ring[index] = pending_idx; +- xenvif_put(vif); ++ xen_netbk_idx_release(netbk, pending_idx, XEN_NETIF_RSP_ERROR); + + /* Not the first error? Preceding frags already invalidated. */ + if (err) +@@ -1019,10 +1028,10 @@ static int xen_netbk_tx_check_gop(struct xen_netbk *netbk, + + /* First error: invalidate header and preceding fragments. */ + pending_idx = *((u16 *)skb->data); +- xen_netbk_idx_release(netbk, pending_idx); ++ xen_netbk_idx_release(netbk, pending_idx, XEN_NETIF_RSP_OKAY); + for (j = start; j < i; j++) { + pending_idx = frag_get_pending_idx(&shinfo->frags[j]); +- xen_netbk_idx_release(netbk, pending_idx); ++ xen_netbk_idx_release(netbk, pending_idx, XEN_NETIF_RSP_OKAY); + } + + /* Remember the error: invalidate all subsequent fragments. */ +@@ -1056,7 +1065,7 @@ static void xen_netbk_fill_frags(struct xen_netbk *netbk, struct sk_buff *skb) + + /* Take an extra reference to offset xen_netbk_idx_release */ + get_page(netbk->mmap_pages[pending_idx]); +- xen_netbk_idx_release(netbk, pending_idx); ++ xen_netbk_idx_release(netbk, pending_idx, XEN_NETIF_RSP_OKAY); + } + } + +@@ -1069,7 +1078,8 @@ static int xen_netbk_get_extras(struct xenvif *vif, + + do { + if (unlikely(work_to_do-- <= 0)) { +- netdev_dbg(vif->dev, "Missing extra info\n"); ++ netdev_err(vif->dev, "Missing extra info\n"); ++ netbk_fatal_tx_err(vif); + return -EBADR; + } + +@@ -1078,8 +1088,9 @@ static int xen_netbk_get_extras(struct xenvif *vif, + if (unlikely(!extra.type || + extra.type >= XEN_NETIF_EXTRA_TYPE_MAX)) { + vif->tx.req_cons = ++cons; +- netdev_dbg(vif->dev, ++ netdev_err(vif->dev, + "Invalid extra type: %d\n", extra.type); ++ netbk_fatal_tx_err(vif); + return -EINVAL; + } + +@@ -1095,13 +1106,15 @@ static int netbk_set_skb_gso(struct xenvif *vif, + struct xen_netif_extra_info *gso) + { + if (!gso->u.gso.size) { +- netdev_dbg(vif->dev, "GSO size must not be zero.\n"); ++ netdev_err(vif->dev, "GSO size must not be zero.\n"); ++ netbk_fatal_tx_err(vif); + return -EINVAL; + } + + /* Currently only TCPv4 S.O. is supported. */ + if (gso->u.gso.type != XEN_NETIF_GSO_TYPE_TCPV4) { +- netdev_dbg(vif->dev, "Bad GSO type %d.\n", gso->u.gso.type); ++ netdev_err(vif->dev, "Bad GSO type %d.\n", gso->u.gso.type); ++ netbk_fatal_tx_err(vif); + return -EINVAL; + } + +@@ -1238,9 +1251,25 @@ static unsigned xen_netbk_tx_build_gops(struct xen_netbk *netbk) + + /* Get a netif from the list with work to do. */ + vif = poll_net_schedule_list(netbk); ++ /* This can sometimes happen because the test of ++ * list_empty(net_schedule_list) at the top of the ++ * loop is unlocked. Just go back and have another ++ * look. ++ */ + if (!vif) + continue; + ++ if (vif->tx.sring->req_prod - vif->tx.req_cons > ++ XEN_NETIF_TX_RING_SIZE) { ++ netdev_err(vif->dev, ++ "Impossible number of requests. " ++ "req_prod %d, req_cons %d, size %ld\n", ++ vif->tx.sring->req_prod, vif->tx.req_cons, ++ XEN_NETIF_TX_RING_SIZE); ++ netbk_fatal_tx_err(vif); ++ continue; ++ } ++ + RING_FINAL_CHECK_FOR_REQUESTS(&vif->tx, work_to_do); + if (!work_to_do) { + xenvif_put(vif); +@@ -1268,17 +1297,14 @@ static unsigned xen_netbk_tx_build_gops(struct xen_netbk *netbk) + work_to_do = xen_netbk_get_extras(vif, extras, + work_to_do); + idx = vif->tx.req_cons; +- if (unlikely(work_to_do < 0)) { +- netbk_tx_err(vif, &txreq, idx); ++ if (unlikely(work_to_do < 0)) + continue; +- } + } + + ret = netbk_count_requests(vif, &txreq, txfrags, work_to_do); +- if (unlikely(ret < 0)) { +- netbk_tx_err(vif, &txreq, idx - ret); ++ if (unlikely(ret < 0)) + continue; +- } ++ + idx += ret; + + if (unlikely(txreq.size < ETH_HLEN)) { +@@ -1290,11 +1316,11 @@ static unsigned xen_netbk_tx_build_gops(struct xen_netbk *netbk) + + /* No crossing a page as the payload mustn't fragment. */ + if (unlikely((txreq.offset + txreq.size) > PAGE_SIZE)) { +- netdev_dbg(vif->dev, ++ netdev_err(vif->dev, + "txreq.offset: %x, size: %u, end: %lu\n", + txreq.offset, txreq.size, + (txreq.offset&~PAGE_MASK) + txreq.size); +- netbk_tx_err(vif, &txreq, idx); ++ netbk_fatal_tx_err(vif); + continue; + } + +@@ -1322,8 +1348,8 @@ static unsigned xen_netbk_tx_build_gops(struct xen_netbk *netbk) + gso = &extras[XEN_NETIF_EXTRA_TYPE_GSO - 1]; + + if (netbk_set_skb_gso(vif, skb, gso)) { ++ /* Failure in netbk_set_skb_gso is fatal. */ + kfree_skb(skb); +- netbk_tx_err(vif, &txreq, idx); + continue; + } + } +@@ -1424,7 +1450,7 @@ static void xen_netbk_tx_submit(struct xen_netbk *netbk) + txp->size -= data_len; + } else { + /* Schedule a response immediately. */ +- xen_netbk_idx_release(netbk, pending_idx); ++ xen_netbk_idx_release(netbk, pending_idx, XEN_NETIF_RSP_OKAY); + } + + if (txp->flags & XEN_NETTXF_csum_blank) +@@ -1479,7 +1505,8 @@ static void xen_netbk_tx_action(struct xen_netbk *netbk) + + } + +-static void xen_netbk_idx_release(struct xen_netbk *netbk, u16 pending_idx) ++static void xen_netbk_idx_release(struct xen_netbk *netbk, u16 pending_idx, ++ u8 status) + { + struct xenvif *vif; + struct pending_tx_info *pending_tx_info; +@@ -1493,7 +1520,7 @@ static void xen_netbk_idx_release(struct xen_netbk *netbk, u16 pending_idx) + + vif = pending_tx_info->vif; + +- make_tx_response(vif, &pending_tx_info->req, XEN_NETIF_RSP_OKAY); ++ make_tx_response(vif, &pending_tx_info->req, status); + + index = pending_index(netbk->pending_prod++); + netbk->pending_ring[index] = pending_idx; +diff --git a/drivers/rtc/rtc-isl1208.c b/drivers/rtc/rtc-isl1208.c +index da8beb8..627b66a 100644 +--- a/drivers/rtc/rtc-isl1208.c ++++ b/drivers/rtc/rtc-isl1208.c +@@ -494,6 +494,7 @@ isl1208_rtc_interrupt(int irq, void *data) + { + unsigned long timeout = jiffies + msecs_to_jiffies(1000); + struct i2c_client *client = data; ++ struct rtc_device *rtc = i2c_get_clientdata(client); + int handled = 0, sr, err; + + /* +@@ -516,6 +517,8 @@ isl1208_rtc_interrupt(int irq, void *data) + if (sr & ISL1208_REG_SR_ALM) { + dev_dbg(&client->dev, "alarm!\n"); + ++ rtc_update_irq(rtc, 1, RTC_IRQF | RTC_AF); ++ + /* Clear the alarm */ + sr &= ~ISL1208_REG_SR_ALM; + sr = i2c_smbus_write_byte_data(client, ISL1208_REG_SR, sr); +diff --git a/drivers/rtc/rtc-pl031.c b/drivers/rtc/rtc-pl031.c +index 1e80a48..73816d8 100644 +--- a/drivers/rtc/rtc-pl031.c ++++ b/drivers/rtc/rtc-pl031.c +@@ -44,6 +44,7 @@ + #define RTC_YMR 0x34 /* Year match register */ + #define RTC_YLR 0x38 /* Year data load register */ + ++#define RTC_CR_EN (1 << 0) /* counter enable bit */ + #define RTC_CR_CWEN (1 << 26) /* Clockwatch enable bit */ + + #define RTC_TCR_EN (1 << 1) /* Periodic timer enable bit */ +@@ -312,7 +313,7 @@ static int pl031_probe(struct amba_device *adev, const struct amba_id *id) + int ret; + struct pl031_local *ldata; + struct rtc_class_ops *ops = id->data; +- unsigned long time; ++ unsigned long time, data; + + ret = amba_request_regions(adev, NULL); + if (ret) +@@ -339,10 +340,11 @@ static int pl031_probe(struct amba_device *adev, const struct amba_id *id) + dev_dbg(&adev->dev, "designer ID = 0x%02x\n", ldata->hw_designer); + dev_dbg(&adev->dev, "revision = 0x%01x\n", ldata->hw_revision); + ++ data = readl(ldata->base + RTC_CR); + /* Enable the clockwatch on ST Variants */ + if (ldata->hw_designer == AMBA_VENDOR_ST) +- writel(readl(ldata->base + RTC_CR) | RTC_CR_CWEN, +- ldata->base + RTC_CR); ++ data |= RTC_CR_CWEN; ++ writel(data | RTC_CR_EN, ldata->base + RTC_CR); + + /* + * On ST PL031 variants, the RTC reset value does not provide correct +diff --git a/drivers/usb/host/ehci-sched.c b/drivers/usb/host/ehci-sched.c +index 34655d0..08e470f 100644 +--- a/drivers/usb/host/ehci-sched.c ++++ b/drivers/usb/host/ehci-sched.c +@@ -236,7 +236,7 @@ static inline unsigned char tt_start_uframe(struct ehci_hcd *ehci, __hc32 mask) + } + + static const unsigned char +-max_tt_usecs[] = { 125, 125, 125, 125, 125, 125, 30, 0 }; ++max_tt_usecs[] = { 125, 125, 125, 125, 125, 125, 125, 25 }; + + /* carryover low/fullspeed bandwidth that crosses uframe boundries */ + static inline void carryover_tt_bandwidth(unsigned short tt_usecs[8]) +diff --git a/drivers/usb/host/pci-quirks.c b/drivers/usb/host/pci-quirks.c +index 5cc401b..c7cfbce 100644 +--- a/drivers/usb/host/pci-quirks.c ++++ b/drivers/usb/host/pci-quirks.c +@@ -780,6 +780,7 @@ void usb_enable_xhci_ports(struct pci_dev *xhci_pdev) + "defaulting to EHCI.\n"); + dev_warn(&xhci_pdev->dev, + "USB 3.0 devices will work at USB 2.0 speeds.\n"); ++ usb_disable_xhci_ports(xhci_pdev); + return; + } + +diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c +index 2ed591d..5c1f9e7 100644 +--- a/drivers/usb/host/xhci-ring.c ++++ b/drivers/usb/host/xhci-ring.c +@@ -2504,6 +2504,8 @@ cleanup: + (trb_comp_code != COMP_STALL && + trb_comp_code != COMP_BABBLE)) + xhci_urb_free_priv(xhci, urb_priv); ++ else ++ kfree(urb_priv); + + usb_hcd_unlink_urb_from_ep(bus_to_hcd(urb->dev->bus), urb); + if ((urb->actual_length != urb->transfer_buffer_length && +@@ -3032,7 +3034,7 @@ static u32 xhci_v1_0_td_remainder(int running_total, int trb_buff_len, + * running_total. + */ + packets_transferred = (running_total + trb_buff_len) / +- usb_endpoint_maxp(&urb->ep->desc); ++ GET_MAX_PACKET(usb_endpoint_maxp(&urb->ep->desc)); + + if ((total_packet_count - packets_transferred) > 31) + return 31 << 17; +@@ -3594,7 +3596,8 @@ static int xhci_queue_isoc_tx(struct xhci_hcd *xhci, gfp_t mem_flags, + td_len = urb->iso_frame_desc[i].length; + td_remain_len = td_len; + total_packet_count = DIV_ROUND_UP(td_len, +- usb_endpoint_maxp(&urb->ep->desc)); ++ GET_MAX_PACKET( ++ usb_endpoint_maxp(&urb->ep->desc))); + /* A zero-length transfer still involves at least one packet. */ + if (total_packet_count == 0) + total_packet_count++; +@@ -3617,9 +3620,11 @@ static int xhci_queue_isoc_tx(struct xhci_hcd *xhci, gfp_t mem_flags, + td = urb_priv->td[i]; + for (j = 0; j < trbs_per_td; j++) { + u32 remainder = 0; +- field = TRB_TBC(burst_count) | TRB_TLBPC(residue); ++ field = 0; + + if (first_trb) { ++ field = TRB_TBC(burst_count) | ++ TRB_TLBPC(residue); + /* Queue the isoc TRB */ + field |= TRB_TYPE(TRB_ISOC); + /* Assume URB_ISO_ASAP is set */ +diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c +index 2cc7c18..d644a66 100644 +--- a/drivers/usb/serial/ftdi_sio.c ++++ b/drivers/usb/serial/ftdi_sio.c +@@ -590,6 +590,7 @@ static struct usb_device_id id_table_combined [] = { + /* + * ELV devices: + */ ++ { USB_DEVICE(FTDI_ELV_VID, FTDI_ELV_WS300_PID) }, + { USB_DEVICE(FTDI_VID, FTDI_ELV_USR_PID) }, + { USB_DEVICE(FTDI_VID, FTDI_ELV_MSM1_PID) }, + { USB_DEVICE(FTDI_VID, FTDI_ELV_KL100_PID) }, +@@ -676,6 +677,7 @@ static struct usb_device_id id_table_combined [] = { + { USB_DEVICE(FTDI_VID, XSENS_CONVERTER_5_PID) }, + { USB_DEVICE(FTDI_VID, XSENS_CONVERTER_6_PID) }, + { USB_DEVICE(FTDI_VID, XSENS_CONVERTER_7_PID) }, ++ { USB_DEVICE(FTDI_VID, FTDI_OMNI1509) }, + { USB_DEVICE(MOBILITY_VID, MOBILITY_USB_SERIAL_PID) }, + { USB_DEVICE(FTDI_VID, FTDI_ACTIVE_ROBOTS_PID) }, + { USB_DEVICE(FTDI_VID, FTDI_MHAM_KW_PID) }, +diff --git a/drivers/usb/serial/ftdi_sio_ids.h b/drivers/usb/serial/ftdi_sio_ids.h +index dd6edf8..97e0a6b 100644 +--- a/drivers/usb/serial/ftdi_sio_ids.h ++++ b/drivers/usb/serial/ftdi_sio_ids.h +@@ -147,6 +147,11 @@ + #define XSENS_CONVERTER_6_PID 0xD38E + #define XSENS_CONVERTER_7_PID 0xD38F + ++/** ++ * Zolix (www.zolix.com.cb) product ids ++ */ ++#define FTDI_OMNI1509 0xD491 /* Omni1509 embedded USB-serial */ ++ + /* + * NDI (www.ndigital.com) product ids + */ +@@ -204,7 +209,7 @@ + + /* + * ELV USB devices submitted by Christian Abt of ELV (www.elv.de). +- * All of these devices use FTDI's vendor ID (0x0403). ++ * Almost all of these devices use FTDI's vendor ID (0x0403). + * Further IDs taken from ELV Windows .inf file. + * + * The previously included PID for the UO 100 module was incorrect. +@@ -212,6 +217,8 @@ + * + * Armin Laeuger originally sent the PID for the UM 100 module. + */ ++#define FTDI_ELV_VID 0x1B1F /* ELV AG */ ++#define FTDI_ELV_WS300_PID 0xC006 /* eQ3 WS 300 PC II */ + #define FTDI_ELV_USR_PID 0xE000 /* ELV Universal-Sound-Recorder */ + #define FTDI_ELV_MSM1_PID 0xE001 /* ELV Mini-Sound-Modul */ + #define FTDI_ELV_KL100_PID 0xE002 /* ELV Kfz-Leistungsmesser KL 100 */ +diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c +index 9db3e23..52cd814 100644 +--- a/drivers/usb/serial/option.c ++++ b/drivers/usb/serial/option.c +@@ -242,6 +242,7 @@ static void option_instat_callback(struct urb *urb); + #define TELIT_PRODUCT_CC864_DUAL 0x1005 + #define TELIT_PRODUCT_CC864_SINGLE 0x1006 + #define TELIT_PRODUCT_DE910_DUAL 0x1010 ++#define TELIT_PRODUCT_LE920 0x1200 + + /* ZTE PRODUCTS */ + #define ZTE_VENDOR_ID 0x19d2 +@@ -453,6 +454,10 @@ static void option_instat_callback(struct urb *urb); + #define TPLINK_VENDOR_ID 0x2357 + #define TPLINK_PRODUCT_MA180 0x0201 + ++/* Changhong products */ ++#define CHANGHONG_VENDOR_ID 0x2077 ++#define CHANGHONG_PRODUCT_CH690 0x7001 ++ + /* some devices interfaces need special handling due to a number of reasons */ + enum option_blacklist_reason { + OPTION_BLACKLIST_NONE = 0, +@@ -534,6 +539,11 @@ static const struct option_blacklist_info zte_1255_blacklist = { + .reserved = BIT(3) | BIT(4), + }; + ++static const struct option_blacklist_info telit_le920_blacklist = { ++ .sendsetup = BIT(0), ++ .reserved = BIT(1) | BIT(5), ++}; ++ + static const struct usb_device_id option_ids[] = { + { USB_DEVICE(OPTION_VENDOR_ID, OPTION_PRODUCT_COLT) }, + { USB_DEVICE(OPTION_VENDOR_ID, OPTION_PRODUCT_RICOLA) }, +@@ -784,6 +794,8 @@ static const struct usb_device_id option_ids[] = { + { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_CC864_DUAL) }, + { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_CC864_SINGLE) }, + { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_DE910_DUAL) }, ++ { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_LE920), ++ .driver_info = (kernel_ulong_t)&telit_le920_blacklist }, + { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, ZTE_PRODUCT_MF622, 0xff, 0xff, 0xff) }, /* ZTE WCDMA products */ + { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0002, 0xff, 0xff, 0xff), + .driver_info = (kernel_ulong_t)&net_intf1_blacklist }, +@@ -1318,6 +1330,7 @@ static const struct usb_device_id option_ids[] = { + { USB_DEVICE(PETATEL_VENDOR_ID, PETATEL_PRODUCT_NP10T) }, + { USB_DEVICE(TPLINK_VENDOR_ID, TPLINK_PRODUCT_MA180), + .driver_info = (kernel_ulong_t)&net_intf4_blacklist }, ++ { USB_DEVICE(CHANGHONG_VENDOR_ID, CHANGHONG_PRODUCT_CH690) }, + { } /* Terminating entry */ + }; + MODULE_DEVICE_TABLE(usb, option_ids); +diff --git a/drivers/usb/serial/qcserial.c b/drivers/usb/serial/qcserial.c +index 6634477..14c4a82 100644 +--- a/drivers/usb/serial/qcserial.c ++++ b/drivers/usb/serial/qcserial.c +@@ -55,6 +55,7 @@ static const struct usb_device_id id_table[] = { + {DEVICE_G1K(0x05c6, 0x9221)}, /* Generic Gobi QDL device */ + {DEVICE_G1K(0x05c6, 0x9231)}, /* Generic Gobi QDL device */ + {DEVICE_G1K(0x1f45, 0x0001)}, /* Unknown Gobi QDL device */ ++ {DEVICE_G1K(0x1bc7, 0x900e)}, /* Telit Gobi QDL device */ + + /* Gobi 2000 devices */ + {USB_DEVICE(0x1410, 0xa010)}, /* Novatel Gobi 2000 QDL device */ +diff --git a/drivers/usb/storage/initializers.c b/drivers/usb/storage/initializers.c +index 105d900..16b0bf0 100644 +--- a/drivers/usb/storage/initializers.c ++++ b/drivers/usb/storage/initializers.c +@@ -92,8 +92,8 @@ int usb_stor_ucr61s2b_init(struct us_data *us) + return 0; + } + +-/* This places the HUAWEI E220 devices in multi-port mode */ +-int usb_stor_huawei_e220_init(struct us_data *us) ++/* This places the HUAWEI usb dongles in multi-port mode */ ++static int usb_stor_huawei_feature_init(struct us_data *us) + { + int result; + +@@ -104,3 +104,75 @@ int usb_stor_huawei_e220_init(struct us_data *us) + US_DEBUGP("Huawei mode set result is %d\n", result); + return 0; + } ++ ++/* ++ * It will send a scsi switch command called rewind' to huawei dongle. ++ * When the dongle receives this command at the first time, ++ * it will reboot immediately. After rebooted, it will ignore this command. ++ * So it is unnecessary to read its response. ++ */ ++static int usb_stor_huawei_scsi_init(struct us_data *us) ++{ ++ int result = 0; ++ int act_len = 0; ++ struct bulk_cb_wrap *bcbw = (struct bulk_cb_wrap *) us->iobuf; ++ char rewind_cmd[] = {0x11, 0x06, 0x20, 0x00, 0x00, 0x01, 0x01, 0x00, ++ 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; ++ ++ bcbw->Signature = cpu_to_le32(US_BULK_CB_SIGN); ++ bcbw->Tag = 0; ++ bcbw->DataTransferLength = 0; ++ bcbw->Flags = bcbw->Lun = 0; ++ bcbw->Length = sizeof(rewind_cmd); ++ memset(bcbw->CDB, 0, sizeof(bcbw->CDB)); ++ memcpy(bcbw->CDB, rewind_cmd, sizeof(rewind_cmd)); ++ ++ result = usb_stor_bulk_transfer_buf(us, us->send_bulk_pipe, bcbw, ++ US_BULK_CB_WRAP_LEN, &act_len); ++ US_DEBUGP("transfer actual length=%d, result=%d\n", act_len, result); ++ return result; ++} ++ ++/* ++ * It tries to find the supported Huawei USB dongles. ++ * In Huawei, they assign the following product IDs ++ * for all of their mobile broadband dongles, ++ * including the new dongles in the future. ++ * So if the product ID is not included in this list, ++ * it means it is not Huawei's mobile broadband dongles. ++ */ ++static int usb_stor_huawei_dongles_pid(struct us_data *us) ++{ ++ struct usb_interface_descriptor *idesc; ++ int idProduct; ++ ++ idesc = &us->pusb_intf->cur_altsetting->desc; ++ idProduct = us->pusb_dev->descriptor.idProduct; ++ /* The first port is CDROM, ++ * means the dongle in the single port mode, ++ * and a switch command is required to be sent. */ ++ if (idesc && idesc->bInterfaceNumber == 0) { ++ if ((idProduct == 0x1001) ++ || (idProduct == 0x1003) ++ || (idProduct == 0x1004) ++ || (idProduct >= 0x1401 && idProduct <= 0x1500) ++ || (idProduct >= 0x1505 && idProduct <= 0x1600) ++ || (idProduct >= 0x1c02 && idProduct <= 0x2202)) { ++ return 1; ++ } ++ } ++ return 0; ++} ++ ++int usb_stor_huawei_init(struct us_data *us) ++{ ++ int result = 0; ++ ++ if (usb_stor_huawei_dongles_pid(us)) { ++ if (us->pusb_dev->descriptor.idProduct >= 0x1446) ++ result = usb_stor_huawei_scsi_init(us); ++ else ++ result = usb_stor_huawei_feature_init(us); ++ } ++ return result; ++} +diff --git a/drivers/usb/storage/initializers.h b/drivers/usb/storage/initializers.h +index 529327f..5376d4f 100644 +--- a/drivers/usb/storage/initializers.h ++++ b/drivers/usb/storage/initializers.h +@@ -46,5 +46,5 @@ int usb_stor_euscsi_init(struct us_data *us); + * flash reader */ + int usb_stor_ucr61s2b_init(struct us_data *us); + +-/* This places the HUAWEI E220 devices in multi-port mode */ +-int usb_stor_huawei_e220_init(struct us_data *us); ++/* This places the HUAWEI usb dongles in multi-port mode */ ++int usb_stor_huawei_init(struct us_data *us); +diff --git a/drivers/usb/storage/unusual_devs.h b/drivers/usb/storage/unusual_devs.h +index fa8a1b2..12640ef 100644 +--- a/drivers/usb/storage/unusual_devs.h ++++ b/drivers/usb/storage/unusual_devs.h +@@ -1515,335 +1515,10 @@ UNUSUAL_DEV( 0x1210, 0x0003, 0x0100, 0x0100, + /* Reported by fangxiaozhi <huananhu@huawei.com> + * This brings the HUAWEI data card devices into multi-port mode + */ +-UNUSUAL_DEV( 0x12d1, 0x1001, 0x0000, 0x0000, ++UNUSUAL_VENDOR_INTF(0x12d1, 0x08, 0x06, 0x50, + "HUAWEI MOBILE", + "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1003, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1004, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1401, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1402, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1403, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1404, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1405, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1406, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1407, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1408, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1409, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x140A, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x140B, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x140C, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x140D, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x140E, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x140F, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1410, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1411, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1412, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1413, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1414, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1415, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1416, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1417, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1418, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1419, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x141A, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x141B, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x141C, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x141D, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x141E, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x141F, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1420, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1421, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1422, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1423, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1424, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1425, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1426, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1427, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1428, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1429, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x142A, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x142B, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x142C, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x142D, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x142E, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x142F, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1430, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1431, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1432, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1433, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1434, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1435, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1436, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1437, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1438, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1439, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x143A, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x143B, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x143C, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x143D, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x143E, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x143F, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, ++ USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_init, + 0), + + /* Reported by Vilius Bilinkevicius <vilisas AT xxx DOT lt) */ +diff --git a/drivers/usb/storage/usb.c b/drivers/usb/storage/usb.c +index db51ba1..d582af4 100644 +--- a/drivers/usb/storage/usb.c ++++ b/drivers/usb/storage/usb.c +@@ -120,6 +120,17 @@ MODULE_PARM_DESC(quirks, "supplemental list of device IDs and their quirks"); + .useTransport = use_transport, \ + } + ++#define UNUSUAL_VENDOR_INTF(idVendor, cl, sc, pr, \ ++ vendor_name, product_name, use_protocol, use_transport, \ ++ init_function, Flags) \ ++{ \ ++ .vendorName = vendor_name, \ ++ .productName = product_name, \ ++ .useProtocol = use_protocol, \ ++ .useTransport = use_transport, \ ++ .initFunction = init_function, \ ++} ++ + static struct us_unusual_dev us_unusual_dev_list[] = { + # include "unusual_devs.h" + { } /* Terminating entry */ +@@ -128,6 +139,7 @@ static struct us_unusual_dev us_unusual_dev_list[] = { + #undef UNUSUAL_DEV + #undef COMPLIANT_DEV + #undef USUAL_DEV ++#undef UNUSUAL_VENDOR_INTF + + + #ifdef CONFIG_PM /* Minimal support for suspend and resume */ +diff --git a/drivers/usb/storage/usual-tables.c b/drivers/usb/storage/usual-tables.c +index b969279..a9b5f2e 100644 +--- a/drivers/usb/storage/usual-tables.c ++++ b/drivers/usb/storage/usual-tables.c +@@ -46,6 +46,20 @@ + { USB_INTERFACE_INFO(USB_CLASS_MASS_STORAGE, useProto, useTrans), \ + .driver_info = ((useType)<<24) } + ++/* Define the device is matched with Vendor ID and interface descriptors */ ++#define UNUSUAL_VENDOR_INTF(id_vendor, cl, sc, pr, \ ++ vendorName, productName, useProtocol, useTransport, \ ++ initFunction, flags) \ ++{ \ ++ .match_flags = USB_DEVICE_ID_MATCH_INT_INFO \ ++ | USB_DEVICE_ID_MATCH_VENDOR, \ ++ .idVendor = (id_vendor), \ ++ .bInterfaceClass = (cl), \ ++ .bInterfaceSubClass = (sc), \ ++ .bInterfaceProtocol = (pr), \ ++ .driver_info = (flags) \ ++} ++ + struct usb_device_id usb_storage_usb_ids[] = { + # include "unusual_devs.h" + { } /* Terminating entry */ +@@ -57,6 +71,7 @@ MODULE_DEVICE_TABLE(usb, usb_storage_usb_ids); + #undef UNUSUAL_DEV + #undef COMPLIANT_DEV + #undef USUAL_DEV ++#undef UNUSUAL_VENDOR_INTF + + + /* +diff --git a/fs/nilfs2/ioctl.c b/fs/nilfs2/ioctl.c +index c598cfb..2b5e695 100644 +--- a/fs/nilfs2/ioctl.c ++++ b/fs/nilfs2/ioctl.c +@@ -664,8 +664,11 @@ static int nilfs_ioctl_clean_segments(struct inode *inode, struct file *filp, + if (ret < 0) + printk(KERN_ERR "NILFS: GC failed during preparation: " + "cannot read source blocks: err=%d\n", ret); +- else ++ else { ++ if (nilfs_sb_need_update(nilfs)) ++ set_nilfs_discontinued(nilfs); + ret = nilfs_clean_segments(inode->i_sb, argv, kbufs); ++ } + + nilfs_remove_all_gcinodes(nilfs); + clear_nilfs_gc_running(nilfs); +diff --git a/fs/splice.c b/fs/splice.c +index 014fcb4..58ab918 100644 +--- a/fs/splice.c ++++ b/fs/splice.c +@@ -697,8 +697,10 @@ static int pipe_to_sendpage(struct pipe_inode_info *pipe, + return -EINVAL; + + more = (sd->flags & SPLICE_F_MORE) ? MSG_MORE : 0; +- if (sd->len < sd->total_len) ++ ++ if (sd->len < sd->total_len && pipe->nrbufs > 1) + more |= MSG_SENDPAGE_NOTLAST; ++ + return file->f_op->sendpage(file, buf->page, buf->offset, + sd->len, &pos, more); + } +diff --git a/include/linux/sched.h b/include/linux/sched.h +index 1e86bb4..8204898 100644 +--- a/include/linux/sched.h ++++ b/include/linux/sched.h +@@ -2597,7 +2597,16 @@ static inline void thread_group_cputime_init(struct signal_struct *sig) + extern void recalc_sigpending_and_wake(struct task_struct *t); + extern void recalc_sigpending(void); + +-extern void signal_wake_up(struct task_struct *t, int resume_stopped); ++extern void signal_wake_up_state(struct task_struct *t, unsigned int state); ++ ++static inline void signal_wake_up(struct task_struct *t, bool resume) ++{ ++ signal_wake_up_state(t, resume ? TASK_WAKEKILL : 0); ++} ++static inline void ptrace_signal_wake_up(struct task_struct *t, bool resume) ++{ ++ signal_wake_up_state(t, resume ? __TASK_TRACED : 0); ++} + + /* + * Wrappers for p->thread_info->cpu access. No-op on UP. +diff --git a/kernel/ptrace.c b/kernel/ptrace.c +index 78ab24a..67fedad 100644 +--- a/kernel/ptrace.c ++++ b/kernel/ptrace.c +@@ -117,11 +117,45 @@ void __ptrace_unlink(struct task_struct *child) + * TASK_KILLABLE sleeps. + */ + if (child->jobctl & JOBCTL_STOP_PENDING || task_is_traced(child)) +- signal_wake_up(child, task_is_traced(child)); ++ ptrace_signal_wake_up(child, true); + + spin_unlock(&child->sighand->siglock); + } + ++/* Ensure that nothing can wake it up, even SIGKILL */ ++static bool ptrace_freeze_traced(struct task_struct *task) ++{ ++ bool ret = false; ++ ++ /* Lockless, nobody but us can set this flag */ ++ if (task->jobctl & JOBCTL_LISTENING) ++ return ret; ++ ++ spin_lock_irq(&task->sighand->siglock); ++ if (task_is_traced(task) && !__fatal_signal_pending(task)) { ++ task->state = __TASK_TRACED; ++ ret = true; ++ } ++ spin_unlock_irq(&task->sighand->siglock); ++ ++ return ret; ++} ++ ++static void ptrace_unfreeze_traced(struct task_struct *task) ++{ ++ if (task->state != __TASK_TRACED) ++ return; ++ ++ WARN_ON(!task->ptrace || task->parent != current); ++ ++ spin_lock_irq(&task->sighand->siglock); ++ if (__fatal_signal_pending(task)) ++ wake_up_state(task, __TASK_TRACED); ++ else ++ task->state = TASK_TRACED; ++ spin_unlock_irq(&task->sighand->siglock); ++} ++ + /** + * ptrace_check_attach - check whether ptracee is ready for ptrace operation + * @child: ptracee to check for +@@ -151,24 +185,29 @@ int ptrace_check_attach(struct task_struct *child, bool ignore_state) + * be changed by us so it's not changing right after this. + */ + read_lock(&tasklist_lock); +- if ((child->ptrace & PT_PTRACED) && child->parent == current) { ++ if (child->ptrace && child->parent == current) { ++ WARN_ON(child->state == __TASK_TRACED); + /* + * child->sighand can't be NULL, release_task() + * does ptrace_unlink() before __exit_signal(). + */ +- spin_lock_irq(&child->sighand->siglock); +- WARN_ON_ONCE(task_is_stopped(child)); +- if (ignore_state || (task_is_traced(child) && +- !(child->jobctl & JOBCTL_LISTENING))) ++ if (ignore_state || ptrace_freeze_traced(child)) + ret = 0; +- spin_unlock_irq(&child->sighand->siglock); + } + read_unlock(&tasklist_lock); + +- if (!ret && !ignore_state) +- ret = wait_task_inactive(child, TASK_TRACED) ? 0 : -ESRCH; ++ if (!ret && !ignore_state) { ++ if (!wait_task_inactive(child, __TASK_TRACED)) { ++ /* ++ * This can only happen if may_ptrace_stop() fails and ++ * ptrace_stop() changes ->state back to TASK_RUNNING, ++ * so we should not worry about leaking __TASK_TRACED. ++ */ ++ WARN_ON(child->state == __TASK_TRACED); ++ ret = -ESRCH; ++ } ++ } + +- /* All systems go.. */ + return ret; + } + +@@ -307,7 +346,7 @@ static int ptrace_attach(struct task_struct *task, long request, + */ + if (task_is_stopped(task) && + task_set_jobctl_pending(task, JOBCTL_TRAP_STOP | JOBCTL_TRAPPING)) +- signal_wake_up(task, 1); ++ signal_wake_up_state(task, __TASK_STOPPED); + + spin_unlock(&task->sighand->siglock); + +@@ -736,7 +775,7 @@ int ptrace_request(struct task_struct *child, long request, + * tracee into STOP. + */ + if (likely(task_set_jobctl_pending(child, JOBCTL_TRAP_STOP))) +- signal_wake_up(child, child->jobctl & JOBCTL_LISTENING); ++ ptrace_signal_wake_up(child, child->jobctl & JOBCTL_LISTENING); + + unlock_task_sighand(child, &flags); + ret = 0; +@@ -762,7 +801,7 @@ int ptrace_request(struct task_struct *child, long request, + * start of this trap and now. Trigger re-trap. + */ + if (child->jobctl & JOBCTL_TRAP_NOTIFY) +- signal_wake_up(child, true); ++ ptrace_signal_wake_up(child, true); + ret = 0; + } + unlock_task_sighand(child, &flags); +@@ -899,6 +938,8 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr, + goto out_put_task_struct; + + ret = arch_ptrace(child, request, addr, data); ++ if (ret || request != PTRACE_DETACH) ++ ptrace_unfreeze_traced(child); + + out_put_task_struct: + put_task_struct(child); +@@ -1038,8 +1079,11 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid, + + ret = ptrace_check_attach(child, request == PTRACE_KILL || + request == PTRACE_INTERRUPT); +- if (!ret) ++ if (!ret) { + ret = compat_arch_ptrace(child, request, addr, data); ++ if (ret || request != PTRACE_DETACH) ++ ptrace_unfreeze_traced(child); ++ } + + out_put_task_struct: + put_task_struct(child); +diff --git a/kernel/resource.c b/kernel/resource.c +index 7640b3a..08aa28e 100644 +--- a/kernel/resource.c ++++ b/kernel/resource.c +@@ -757,6 +757,7 @@ static void __init __reserve_region_with_split(struct resource *root, + struct resource *parent = root; + struct resource *conflict; + struct resource *res = kzalloc(sizeof(*res), GFP_ATOMIC); ++ struct resource *next_res = NULL; + + if (!res) + return; +@@ -766,21 +767,46 @@ static void __init __reserve_region_with_split(struct resource *root, + res->end = end; + res->flags = IORESOURCE_BUSY; + +- conflict = __request_resource(parent, res); +- if (!conflict) +- return; ++ while (1) { + +- /* failed, split and try again */ +- kfree(res); ++ conflict = __request_resource(parent, res); ++ if (!conflict) { ++ if (!next_res) ++ break; ++ res = next_res; ++ next_res = NULL; ++ continue; ++ } + +- /* conflict covered whole area */ +- if (conflict->start <= start && conflict->end >= end) +- return; ++ /* conflict covered whole area */ ++ if (conflict->start <= res->start && ++ conflict->end >= res->end) { ++ kfree(res); ++ WARN_ON(next_res); ++ break; ++ } ++ ++ /* failed, split and try again */ ++ if (conflict->start > res->start) { ++ end = res->end; ++ res->end = conflict->start - 1; ++ if (conflict->end < end) { ++ next_res = kzalloc(sizeof(*next_res), ++ GFP_ATOMIC); ++ if (!next_res) { ++ kfree(res); ++ break; ++ } ++ next_res->name = name; ++ next_res->start = conflict->end + 1; ++ next_res->end = end; ++ next_res->flags = IORESOURCE_BUSY; ++ } ++ } else { ++ res->start = conflict->end + 1; ++ } ++ } + +- if (conflict->start > start) +- __reserve_region_with_split(root, start, conflict->start-1, name); +- if (conflict->end < end) +- __reserve_region_with_split(root, conflict->end+1, end, name); + } + + void __init reserve_region_with_split(struct resource *root, +diff --git a/kernel/sched.c b/kernel/sched.c +index fcc893f..eeeec4e 100644 +--- a/kernel/sched.c ++++ b/kernel/sched.c +@@ -2924,7 +2924,8 @@ out: + */ + int wake_up_process(struct task_struct *p) + { +- return try_to_wake_up(p, TASK_ALL, 0); ++ WARN_ON(task_is_stopped_or_traced(p)); ++ return try_to_wake_up(p, TASK_NORMAL, 0); + } + EXPORT_SYMBOL(wake_up_process); + +diff --git a/kernel/sched_rt.c b/kernel/sched_rt.c +index 78fcacf..6ad4fb3 100644 +--- a/kernel/sched_rt.c ++++ b/kernel/sched_rt.c +@@ -384,7 +384,7 @@ static inline struct rt_bandwidth *sched_rt_bandwidth(struct rt_rq *rt_rq) + static int do_balance_runtime(struct rt_rq *rt_rq) + { + struct rt_bandwidth *rt_b = sched_rt_bandwidth(rt_rq); +- struct root_domain *rd = cpu_rq(smp_processor_id())->rd; ++ struct root_domain *rd = rq_of_rt_rq(rt_rq)->rd; + int i, weight, more = 0; + u64 rt_period; + +diff --git a/kernel/signal.c b/kernel/signal.c +index 08e0b97..d2f55ea 100644 +--- a/kernel/signal.c ++++ b/kernel/signal.c +@@ -676,23 +676,17 @@ int dequeue_signal(struct task_struct *tsk, sigset_t *mask, siginfo_t *info) + * No need to set need_resched since signal event passing + * goes through ->blocked + */ +-void signal_wake_up(struct task_struct *t, int resume) ++void signal_wake_up_state(struct task_struct *t, unsigned int state) + { +- unsigned int mask; +- + set_tsk_thread_flag(t, TIF_SIGPENDING); +- + /* +- * For SIGKILL, we want to wake it up in the stopped/traced/killable ++ * TASK_WAKEKILL also means wake it up in the stopped/traced/killable + * case. We don't check t->state here because there is a race with it + * executing another processor and just now entering stopped state. + * By using wake_up_state, we ensure the process will wake up and + * handle its death signal. + */ +- mask = TASK_INTERRUPTIBLE; +- if (resume) +- mask |= TASK_WAKEKILL; +- if (!wake_up_state(t, mask)) ++ if (!wake_up_state(t, state | TASK_INTERRUPTIBLE)) + kick_process(t); + } + +@@ -841,7 +835,7 @@ static void ptrace_trap_notify(struct task_struct *t) + assert_spin_locked(&t->sighand->siglock); + + task_set_jobctl_pending(t, JOBCTL_TRAP_NOTIFY); +- signal_wake_up(t, t->jobctl & JOBCTL_LISTENING); ++ ptrace_signal_wake_up(t, t->jobctl & JOBCTL_LISTENING); + } + + /* +@@ -1765,6 +1759,10 @@ static inline int may_ptrace_stop(void) + * If SIGKILL was already sent before the caller unlocked + * ->siglock we must see ->core_state != NULL. Otherwise it + * is safe to enter schedule(). ++ * ++ * This is almost outdated, a task with the pending SIGKILL can't ++ * block in TASK_TRACED. But PTRACE_EVENT_EXIT can be reported ++ * after SIGKILL was already dequeued. + */ + if (unlikely(current->mm->core_state) && + unlikely(current->mm == current->parent->mm)) +@@ -1890,6 +1888,7 @@ static void ptrace_stop(int exit_code, int why, int clear_code, siginfo_t *info) + if (gstop_done) + do_notify_parent_cldstop(current, false, why); + ++ /* tasklist protects us from ptrace_freeze_traced() */ + __set_current_state(TASK_RUNNING); + if (clear_code) + current->exit_code = 0; +diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c +index 6033f02..7a157b3 100644 +--- a/net/bluetooth/hci_event.c ++++ b/net/bluetooth/hci_event.c +@@ -1972,7 +1972,7 @@ static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *sk + if (ev->opcode != HCI_OP_NOP) + del_timer(&hdev->cmd_timer); + +- if (ev->ncmd) { ++ if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) { + atomic_set(&hdev->cmd_cnt, 1); + if (!skb_queue_empty(&hdev->cmd_q)) + tasklet_schedule(&hdev->cmd_task); +diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c +index 1849ee0..9ab60e6 100644 +--- a/net/bluetooth/smp.c ++++ b/net/bluetooth/smp.c +@@ -642,6 +642,19 @@ int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb) + + skb_pull(skb, sizeof(code)); + ++ /* ++ * The SMP context must be initialized for all other PDUs except ++ * pairing and security requests. If we get any other PDU when ++ * not initialized simply disconnect (done if this function ++ * returns an error). ++ */ ++ if (code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ && ++ !conn->smp_chan) { ++ BT_ERR("Unexpected SMP command 0x%02x. Disconnecting.", code); ++ kfree_skb(skb); ++ return -ENOTSUPP; ++ } ++ + switch (code) { + case SMP_CMD_PAIRING_REQ: + reason = smp_cmd_pairing_req(conn, skb); +diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c +index 577ea5d..7c1745d 100644 +--- a/net/bridge/br_netfilter.c ++++ b/net/bridge/br_netfilter.c +@@ -245,6 +245,9 @@ static int br_parse_ip_options(struct sk_buff *skb) + struct net_device *dev = skb->dev; + u32 len; + ++ if (!pskb_may_pull(skb, sizeof(struct iphdr))) ++ goto inhdr_error; ++ + iph = ip_hdr(skb); + opt = &(IPCB(skb)->opt); + +diff --git a/net/core/pktgen.c b/net/core/pktgen.c +index 7bc9991..2ef7da0 100644 +--- a/net/core/pktgen.c ++++ b/net/core/pktgen.c +@@ -1803,10 +1803,13 @@ static ssize_t pktgen_thread_write(struct file *file, + return -EFAULT; + i += len; + mutex_lock(&pktgen_thread_lock); +- pktgen_add_device(t, f); ++ ret = pktgen_add_device(t, f); + mutex_unlock(&pktgen_thread_lock); +- ret = count; +- sprintf(pg_result, "OK: add_device=%s", f); ++ if (!ret) { ++ ret = count; ++ sprintf(pg_result, "OK: add_device=%s", f); ++ } else ++ sprintf(pg_result, "ERROR: can not add device %s", f); + goto out; + } + +diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c +index 0106d25..3b36002 100644 +--- a/net/ipv4/ip_sockglue.c ++++ b/net/ipv4/ip_sockglue.c +@@ -600,7 +600,7 @@ static int do_ip_setsockopt(struct sock *sk, int level, + case IP_TTL: + if (optlen < 1) + goto e_inval; +- if (val != -1 && (val < 0 || val > 255)) ++ if (val != -1 && (val < 1 || val > 255)) + goto e_inval; + inet->uc_ttl = val; + break; +diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c +index aab8f08..e865ed1 100644 +--- a/net/ipv4/tcp_input.c ++++ b/net/ipv4/tcp_input.c +@@ -3655,6 +3655,11 @@ static int tcp_process_frto(struct sock *sk, int flag) + } + } else { + if (!(flag & FLAG_DATA_ACKED) && (tp->frto_counter == 1)) { ++ if (!tcp_packets_in_flight(tp)) { ++ tcp_enter_frto_loss(sk, 2, flag); ++ return true; ++ } ++ + /* Prevent sending of new data. */ + tp->snd_cwnd = min(tp->snd_cwnd, + tcp_packets_in_flight(tp)); +diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c +index aef80d7..b27baed 100644 +--- a/net/ipv6/addrconf.c ++++ b/net/ipv6/addrconf.c +@@ -1739,7 +1739,7 @@ static struct rt6_info *addrconf_get_prefix_route(const struct in6_addr *pfx, + continue; + if ((rt->rt6i_flags & flags) != flags) + continue; +- if ((noflags != 0) && ((rt->rt6i_flags & flags) != 0)) ++ if ((rt->rt6i_flags & noflags) != 0) + continue; + dst_hold(&rt->dst); + break; +diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c +index ae98e09..3ccd9b2 100644 +--- a/net/ipv6/ip6_output.c ++++ b/net/ipv6/ip6_output.c +@@ -1284,10 +1284,10 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to, + cork->length = 0; + sk->sk_sndmsg_page = NULL; + sk->sk_sndmsg_off = 0; +- exthdrlen = (opt ? opt->opt_flen : 0) - rt->rt6i_nfheader_len; ++ exthdrlen = (opt ? opt->opt_flen : 0); + length += exthdrlen; + transhdrlen += exthdrlen; +- dst_exthdrlen = rt->dst.header_len; ++ dst_exthdrlen = rt->dst.header_len - rt->rt6i_nfheader_len; + } else { + rt = (struct rt6_info *)cork->dst; + fl6 = &inet->cork.fl.u.ip6; +diff --git a/net/ipv6/route.c b/net/ipv6/route.c +index 19724bd..791c1fa 100644 +--- a/net/ipv6/route.c ++++ b/net/ipv6/route.c +@@ -819,7 +819,8 @@ restart: + dst_hold(&rt->dst); + read_unlock_bh(&table->tb6_lock); + +- if (!dst_get_neighbour_raw(&rt->dst) && !(rt->rt6i_flags & RTF_NONEXTHOP)) ++ if (!dst_get_neighbour_raw(&rt->dst) ++ && !(rt->rt6i_flags & (RTF_NONEXTHOP | RTF_LOCAL))) + nrt = rt6_alloc_cow(rt, &fl6->daddr, &fl6->saddr); + else if (!(rt->dst.flags & DST_HOST)) + nrt = rt6_alloc_clone(rt, &fl6->daddr); +diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c +index 85afc13..835fcea 100644 +--- a/net/packet/af_packet.c ++++ b/net/packet/af_packet.c +@@ -2422,13 +2422,15 @@ static int packet_release(struct socket *sock) + + packet_flush_mclist(sk); + +- memset(&req_u, 0, sizeof(req_u)); +- +- if (po->rx_ring.pg_vec) ++ if (po->rx_ring.pg_vec) { ++ memset(&req_u, 0, sizeof(req_u)); + packet_set_ring(sk, &req_u, 1, 0); ++ } + +- if (po->tx_ring.pg_vec) ++ if (po->tx_ring.pg_vec) { ++ memset(&req_u, 0, sizeof(req_u)); + packet_set_ring(sk, &req_u, 1, 1); ++ } + + fanout_release(sk); + +diff --git a/net/sctp/endpointola.c b/net/sctp/endpointola.c +index c8cc24e..dbe5870a 100644 +--- a/net/sctp/endpointola.c ++++ b/net/sctp/endpointola.c +@@ -248,6 +248,8 @@ void sctp_endpoint_free(struct sctp_endpoint *ep) + /* Final destructor for endpoint. */ + static void sctp_endpoint_destroy(struct sctp_endpoint *ep) + { ++ int i; ++ + SCTP_ASSERT(ep->base.dead, "Endpoint is not dead", return); + + /* Free up the HMAC transform. */ +@@ -270,6 +272,9 @@ static void sctp_endpoint_destroy(struct sctp_endpoint *ep) + sctp_inq_free(&ep->base.inqueue); + sctp_bind_addr_free(&ep->base.bind_addr); + ++ for (i = 0; i < SCTP_HOW_MANY_SECRETS; ++i) ++ memset(&ep->secret_key[i], 0, SCTP_SECRET_SIZE); ++ + /* Remove and free the port */ + if (sctp_sk(ep->base.sk)->bind_hash) + sctp_put_port(ep->base.sk); +diff --git a/net/sctp/outqueue.c b/net/sctp/outqueue.c +index cfeb1d4..96eb168 100644 +--- a/net/sctp/outqueue.c ++++ b/net/sctp/outqueue.c +@@ -223,7 +223,7 @@ void sctp_outq_init(struct sctp_association *asoc, struct sctp_outq *q) + + /* Free the outqueue structure and any related pending chunks. + */ +-void sctp_outq_teardown(struct sctp_outq *q) ++static void __sctp_outq_teardown(struct sctp_outq *q) + { + struct sctp_transport *transport; + struct list_head *lchunk, *temp; +@@ -276,8 +276,6 @@ void sctp_outq_teardown(struct sctp_outq *q) + sctp_chunk_free(chunk); + } + +- q->error = 0; +- + /* Throw away any leftover control chunks. */ + list_for_each_entry_safe(chunk, tmp, &q->control_chunk_list, list) { + list_del_init(&chunk->list); +@@ -285,11 +283,17 @@ void sctp_outq_teardown(struct sctp_outq *q) + } + } + ++void sctp_outq_teardown(struct sctp_outq *q) ++{ ++ __sctp_outq_teardown(q); ++ sctp_outq_init(q->asoc, q); ++} ++ + /* Free the outqueue structure and any related pending chunks. */ + void sctp_outq_free(struct sctp_outq *q) + { + /* Throw away leftover chunks. */ +- sctp_outq_teardown(q); ++ __sctp_outq_teardown(q); + + /* If we were kmalloc()'d, free the memory. */ + if (q->malloced) +diff --git a/net/sctp/socket.c b/net/sctp/socket.c +index fa8333b..5e0d86e 100644 +--- a/net/sctp/socket.c ++++ b/net/sctp/socket.c +@@ -3375,7 +3375,7 @@ static int sctp_setsockopt_auth_key(struct sock *sk, + + ret = sctp_auth_set_key(sctp_sk(sk)->ep, asoc, authkey); + out: +- kfree(authkey); ++ kzfree(authkey); + return ret; + } + diff --git a/3.2.38/4420_grsecurity-2.9.1-3.2.38-201302171808.patch b/3.2.39/4420_grsecurity-2.9.1-3.2.39-201302222046.patch index ce8c16c..ed3c4f5 100644 --- a/3.2.38/4420_grsecurity-2.9.1-3.2.38-201302171808.patch +++ b/3.2.39/4420_grsecurity-2.9.1-3.2.39-201302222046.patch @@ -255,7 +255,7 @@ index 88fd7f5..b318a78 100644 ============================================================== diff --git a/Makefile b/Makefile -index c8c9d02..7e79e3e 100644 +index 0fceb8b..feec909 100644 --- a/Makefile +++ b/Makefile @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -281,12 +281,16 @@ index c8c9d02..7e79e3e 100644 $(Q)$(MAKE) $(build)=scripts/basic $(Q)rm -f .tmp_quiet_recordmcount -@@ -564,6 +565,60 @@ else +@@ -564,6 +565,64 @@ else KBUILD_CFLAGS += -O2 endif +ifndef DISABLE_PAX_PLUGINS ++ifeq ($(call cc-ifversion, -ge, 0408, y), y) ++PLUGINCC := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCXX)" "$(HOSTCXX)" "$(CC)") ++else +PLUGINCC := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCC)" "$(HOSTCXX)" "$(CC)") ++endif +ifneq ($(PLUGINCC),) +ifndef DISABLE_PAX_CONSTIFY_PLUGIN +ifndef CONFIG_UML @@ -342,7 +346,7 @@ index c8c9d02..7e79e3e 100644 include $(srctree)/arch/$(SRCARCH)/Makefile ifneq ($(CONFIG_FRAME_WARN),0) -@@ -708,7 +763,7 @@ export mod_strip_cmd +@@ -708,7 +767,7 @@ export mod_strip_cmd ifeq ($(KBUILD_EXTMOD),) @@ -351,7 +355,7 @@ index c8c9d02..7e79e3e 100644 vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \ $(core-y) $(core-m) $(drivers-y) $(drivers-m) \ -@@ -932,6 +987,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE +@@ -932,6 +991,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE # The actual objects are generated when descending, # make sure no implicit rule kicks in @@ -360,7 +364,7 @@ index c8c9d02..7e79e3e 100644 $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; # Handle descending into subdirectories listed in $(vmlinux-dirs) -@@ -941,7 +998,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; +@@ -941,7 +1002,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; # Error messages still appears in the original language PHONY += $(vmlinux-dirs) @@ -369,7 +373,7 @@ index c8c9d02..7e79e3e 100644 $(Q)$(MAKE) $(build)=$@ # Store (new) KERNELRELASE string in include/config/kernel.release -@@ -985,6 +1042,7 @@ prepare0: archprepare FORCE +@@ -985,6 +1046,7 @@ prepare0: archprepare FORCE $(Q)$(MAKE) $(build)=. # All the preparing.. @@ -377,7 +381,7 @@ index c8c9d02..7e79e3e 100644 prepare: prepare0 # Generate some files -@@ -1089,6 +1147,8 @@ all: modules +@@ -1089,6 +1151,8 @@ all: modules # using awk while concatenating to the final file. PHONY += modules @@ -386,7 +390,7 @@ index c8c9d02..7e79e3e 100644 modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order @$(kecho) ' Building modules, stage 2.'; -@@ -1104,7 +1164,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) +@@ -1104,7 +1168,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) # Target to prepare building external modules PHONY += modules_prepare @@ -395,7 +399,7 @@ index c8c9d02..7e79e3e 100644 # Target to install modules PHONY += modules_install -@@ -1163,7 +1223,7 @@ CLEAN_FILES += vmlinux System.map \ +@@ -1163,7 +1227,7 @@ CLEAN_FILES += vmlinux System.map \ MRPROPER_DIRS += include/config usr/include include/generated \ arch/*/include/generated MRPROPER_FILES += .config .config.old .version .old_version \ @@ -404,7 +408,7 @@ index c8c9d02..7e79e3e 100644 Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS # clean - Delete most, but leave enough to build external modules -@@ -1201,6 +1261,7 @@ distclean: mrproper +@@ -1201,6 +1265,7 @@ distclean: mrproper \( -name '*.orig' -o -name '*.rej' -o -name '*~' \ -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \ -o -name '.*.rej' \ @@ -412,7 +416,7 @@ index c8c9d02..7e79e3e 100644 -o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \ -type f -print | xargs rm -f -@@ -1361,6 +1422,8 @@ PHONY += $(module-dirs) modules +@@ -1361,6 +1426,8 @@ PHONY += $(module-dirs) modules $(module-dirs): crmodverdir $(objtree)/Module.symvers $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) @@ -421,7 +425,7 @@ index c8c9d02..7e79e3e 100644 modules: $(module-dirs) @$(kecho) ' Building modules, stage 2.'; $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost -@@ -1487,17 +1550,21 @@ else +@@ -1487,17 +1554,21 @@ else target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@)) endif @@ -447,7 +451,7 @@ index c8c9d02..7e79e3e 100644 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) %.symtypes: %.c prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) -@@ -1507,11 +1574,15 @@ endif +@@ -1507,11 +1578,15 @@ endif $(cmd_crmodverdir) $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ $(build)=$(build-dir) @@ -1690,6 +1694,19 @@ index 3606e85..44ba19d 100644 .endm #ifdef CONFIG_XIP_KERNEL +diff --git a/arch/arm/kernel/hw_breakpoint.c b/arch/arm/kernel/hw_breakpoint.c +index 2bc1a8e..f433c88 100644 +--- a/arch/arm/kernel/hw_breakpoint.c ++++ b/arch/arm/kernel/hw_breakpoint.c +@@ -986,7 +986,7 @@ static int __cpuinit dbg_reset_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata dbg_reset_nb = { ++static struct notifier_block dbg_reset_nb = { + .notifier_call = dbg_reset_notify, + }; + diff --git a/arch/arm/kernel/module.c b/arch/arm/kernel/module.c index 1e9be5d..4e0f470 100644 --- a/arch/arm/kernel/module.c @@ -2600,6 +2617,32 @@ index 449c8c0..50cdf87 100644 __cu_len; \ }) +diff --git a/arch/ia64/kernel/err_inject.c b/arch/ia64/kernel/err_inject.c +index c539c68..c95d3db 100644 +--- a/arch/ia64/kernel/err_inject.c ++++ b/arch/ia64/kernel/err_inject.c +@@ -256,7 +256,7 @@ static int __cpuinit err_inject_cpu_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata err_inject_cpu_notifier = ++static struct notifier_block err_inject_cpu_notifier = + { + .notifier_call = err_inject_cpu_callback, + }; +diff --git a/arch/ia64/kernel/mca.c b/arch/ia64/kernel/mca.c +index 84fb405..7f52920 100644 +--- a/arch/ia64/kernel/mca.c ++++ b/arch/ia64/kernel/mca.c +@@ -1919,7 +1919,7 @@ static int __cpuinit mca_cpu_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block mca_cpu_notifier __cpuinitdata = { ++static struct notifier_block mca_cpu_notifier = { + .notifier_call = mca_cpu_callback + }; + diff --git a/arch/ia64/kernel/module.c b/arch/ia64/kernel/module.c index 24603be..948052d 100644 --- a/arch/ia64/kernel/module.c @@ -2692,6 +2735,32 @@ index 24603be..948052d 100644 mod->arch.gp = gp; DEBUGP("%s: placing gp at 0x%lx\n", __func__, gp); } +diff --git a/arch/ia64/kernel/palinfo.c b/arch/ia64/kernel/palinfo.c +index 77597e5..6f28f3f 100644 +--- a/arch/ia64/kernel/palinfo.c ++++ b/arch/ia64/kernel/palinfo.c +@@ -1045,7 +1045,7 @@ static int __cpuinit palinfo_cpu_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block __refdata palinfo_cpu_notifier = ++static struct notifier_block palinfo_cpu_notifier = + { + .notifier_call = palinfo_cpu_callback, + .priority = 0, +diff --git a/arch/ia64/kernel/salinfo.c b/arch/ia64/kernel/salinfo.c +index 79802e5..1a89ec5 100644 +--- a/arch/ia64/kernel/salinfo.c ++++ b/arch/ia64/kernel/salinfo.c +@@ -616,7 +616,7 @@ salinfo_cpu_callback(struct notifier_block *nb, unsigned long action, void *hcpu + return NOTIFY_OK; + } + +-static struct notifier_block salinfo_cpu_notifier __cpuinitdata = ++static struct notifier_block salinfo_cpu_notifier = + { + .notifier_call = salinfo_cpu_callback, + .priority = 0, diff --git a/arch/ia64/kernel/sys_ia64.c b/arch/ia64/kernel/sys_ia64.c index 609d500..acd0429 100644 --- a/arch/ia64/kernel/sys_ia64.c @@ -2736,6 +2805,19 @@ index 609d500..acd0429 100644 /* Remember the address where we stopped this search: */ mm->free_area_cache = addr + len; return addr; +diff --git a/arch/ia64/kernel/topology.c b/arch/ia64/kernel/topology.c +index 9be1f11..f2eef30 100644 +--- a/arch/ia64/kernel/topology.c ++++ b/arch/ia64/kernel/topology.c +@@ -444,7 +444,7 @@ static int __cpuinit cache_cpu_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata cache_cpu_notifier = ++static struct notifier_block cache_cpu_notifier = + { + .notifier_call = cache_cpu_callback + }; diff --git a/arch/ia64/kernel/vmlinux.lds.S b/arch/ia64/kernel/vmlinux.lds.S index 53c0ba0..2accdde 100644 --- a/arch/ia64/kernel/vmlinux.lds.S @@ -4663,6 +4745,19 @@ index f2496f2..4e3cc47 100644 return ret; } #endif +diff --git a/arch/powerpc/kernel/sysfs.c b/arch/powerpc/kernel/sysfs.c +index 55be64d..94d8783 100644 +--- a/arch/powerpc/kernel/sysfs.c ++++ b/arch/powerpc/kernel/sysfs.c +@@ -517,7 +517,7 @@ static int __cpuinit sysfs_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata sysfs_cpu_nb = { ++static struct notifier_block sysfs_cpu_nb = { + .notifier_call = sysfs_cpu_notify, + }; + diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c index 82dcd4d..a80088a 100644 --- a/arch/powerpc/kernel/traps.c @@ -4896,6 +4991,32 @@ index 5a783d8..fbe4c8b 100644 mm->get_unmapped_area = arch_get_unmapped_area_topdown; mm->unmap_area = arch_unmap_area_topdown; } +diff --git a/arch/powerpc/mm/mmu_context_nohash.c b/arch/powerpc/mm/mmu_context_nohash.c +index 5b63bd3..248942d 100644 +--- a/arch/powerpc/mm/mmu_context_nohash.c ++++ b/arch/powerpc/mm/mmu_context_nohash.c +@@ -370,7 +370,7 @@ static int __cpuinit mmu_context_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata mmu_context_cpu_nb = { ++static struct notifier_block mmu_context_cpu_nb = { + .notifier_call = mmu_context_cpu_notify, + }; + +diff --git a/arch/powerpc/mm/numa.c b/arch/powerpc/mm/numa.c +index b22a83a..e55f74f 100644 +--- a/arch/powerpc/mm/numa.c ++++ b/arch/powerpc/mm/numa.c +@@ -964,7 +964,7 @@ static void __init *careful_zallocation(int nid, unsigned long size, + return ret; + } + +-static struct notifier_block __cpuinitdata ppc64_numa_nb = { ++static struct notifier_block ppc64_numa_nb = { + .notifier_call = cpu_numa_callback, + .priority = 1 /* Must run before sched domains notifier. */ + }; diff --git a/arch/powerpc/mm/slice.c b/arch/powerpc/mm/slice.c index 73709f7..63db0f7 100644 --- a/arch/powerpc/mm/slice.c @@ -4966,6 +5087,32 @@ index 73709f7..63db0f7 100644 /* If hint, make sure it matches our alignment restrictions */ if (!fixed && addr) { addr = _ALIGN_UP(addr, 1ul << pshift); +diff --git a/arch/powerpc/platforms/powermac/smp.c b/arch/powerpc/platforms/powermac/smp.c +index 3394254..8c6825c 100644 +--- a/arch/powerpc/platforms/powermac/smp.c ++++ b/arch/powerpc/platforms/powermac/smp.c +@@ -886,7 +886,7 @@ static int smp_core99_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata smp_core99_cpu_nb = { ++static struct notifier_block smp_core99_cpu_nb = { + .notifier_call = smp_core99_cpu_notify, + }; + #endif /* CONFIG_HOTPLUG_CPU */ +diff --git a/arch/s390/appldata/appldata_base.c b/arch/s390/appldata/appldata_base.c +index 24bff4f..0248123 100644 +--- a/arch/s390/appldata/appldata_base.c ++++ b/arch/s390/appldata/appldata_base.c +@@ -610,7 +610,7 @@ static int __cpuinit appldata_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata appldata_nb = { ++static struct notifier_block appldata_nb = { + .notifier_call = appldata_cpu_notify, + }; + diff --git a/arch/s390/include/asm/atomic.h b/arch/s390/include/asm/atomic.h index 8517d2a..d2738d4 100644 --- a/arch/s390/include/asm/atomic.h @@ -5216,6 +5363,19 @@ index 53088e2..9f44a36 100644 - return base; - return ret; -} +diff --git a/arch/s390/kernel/smp.c b/arch/s390/kernel/smp.c +index 1df64a8..aea2a39 100644 +--- a/arch/s390/kernel/smp.c ++++ b/arch/s390/kernel/smp.c +@@ -1035,7 +1035,7 @@ static int __cpuinit smp_cpu_notify(struct notifier_block *self, + return notifier_from_errno(err); + } + +-static struct notifier_block __cpuinitdata smp_cpu_nb = { ++static struct notifier_block smp_cpu_nb = { + .notifier_call = smp_cpu_notify, + }; + diff --git a/arch/s390/mm/mmap.c b/arch/s390/mm/mmap.c index c70b3d8..d01c6b3 100644 --- a/arch/s390/mm/mmap.c @@ -5324,6 +5484,19 @@ index ef9e555..331bd29 100644 #define __read_mostly __attribute__((__section__(".data..read_mostly"))) +diff --git a/arch/sh/kernel/cpu/sh4a/smp-shx3.c b/arch/sh/kernel/cpu/sh4a/smp-shx3.c +index 03f2b55..b027032 100644 +--- a/arch/sh/kernel/cpu/sh4a/smp-shx3.c ++++ b/arch/sh/kernel/cpu/sh4a/smp-shx3.c +@@ -143,7 +143,7 @@ shx3_cpu_callback(struct notifier_block *nfb, unsigned long action, void *hcpu) + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata shx3_cpu_notifier = { ++static struct notifier_block shx3_cpu_notifier = { + .notifier_call = shx3_cpu_callback, + }; + diff --git a/arch/sh/mm/mmap.c b/arch/sh/mm/mmap.c index afeb710..e8366ef 100644 --- a/arch/sh/mm/mmap.c @@ -6464,6 +6637,19 @@ index 7f5f65d..3308382 100644 ldx [%sp + PTREGS_OFF + PT_V9_TNPC], %l1 ! pc = npc 2: +diff --git a/arch/sparc/kernel/sysfs.c b/arch/sparc/kernel/sysfs.c +index 7408201..b349841 100644 +--- a/arch/sparc/kernel/sysfs.c ++++ b/arch/sparc/kernel/sysfs.c +@@ -266,7 +266,7 @@ static int __cpuinit sysfs_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata sysfs_cpu_nb = { ++static struct notifier_block sysfs_cpu_nb = { + .notifier_call = sysfs_cpu_notify, + }; + diff --git a/arch/sparc/kernel/traps_32.c b/arch/sparc/kernel/traps_32.c index 591f20c..0f1b925 100644 --- a/arch/sparc/kernel/traps_32.c @@ -9071,7 +9257,7 @@ index 6557769..ef6ae89 100644 if (err) diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S -index a6253ec..0a325de 100644 +index 95b4eb3..ccdcbb6 100644 --- a/arch/x86/ia32/ia32entry.S +++ b/arch/x86/ia32/ia32entry.S @@ -13,7 +13,9 @@ @@ -9218,7 +9404,7 @@ index a6253ec..0a325de 100644 + testl $(_TIF_ALLWORK_MASK & ~_TIF_SYSCALL_AUDIT),TI_flags(%r11) jnz ia32_ret_from_sys_call TRACE_IRQS_ON - sti + ENABLE_INTERRUPTS(CLBR_NONE) @@ -215,12 +261,12 @@ sysexit_from_sys_call: movzbl %al,%edi /* zero-extend that into %edi */ inc %edi /* first arg, 0->1(AUDITSC_SUCCESS), 1->2(AUDITSC_FAILURE) */ @@ -9227,7 +9413,7 @@ index a6253ec..0a325de 100644 + GET_THREAD_INFO(%r11) movl RAX-ARGOFFSET(%rsp),%eax /* reload syscall return value */ movl $(_TIF_ALLWORK_MASK & ~_TIF_SYSCALL_AUDIT),%edi - cli + DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF - testl %edi,TI_flags(%r10) + testl %edi,TI_flags(%r11) @@ -14451,9 +14637,18 @@ index 1911442..2424a83 100644 .name = "summit", .probe = probe_summit, diff --git a/arch/x86/kernel/apic/x2apic_cluster.c b/arch/x86/kernel/apic/x2apic_cluster.c -index 5007958..7a534f0 100644 +index 5007958..2eba140 100644 --- a/arch/x86/kernel/apic/x2apic_cluster.c +++ b/arch/x86/kernel/apic/x2apic_cluster.c +@@ -182,7 +182,7 @@ update_clusterinfo(struct notifier_block *nfb, unsigned long action, void *hcpu) + return notifier_from_errno(err); + } + +-static struct notifier_block __refdata x2apic_cpu_notifier = { ++static struct notifier_block x2apic_cpu_notifier = { + .notifier_call = update_clusterinfo, + }; + @@ -208,7 +208,7 @@ static int x2apic_cluster_probe(void) return 0; } @@ -14806,7 +15001,7 @@ index 3e6ff6c..54b4992 100644 } #endif diff --git a/arch/x86/kernel/cpu/intel_cacheinfo.c b/arch/x86/kernel/cpu/intel_cacheinfo.c -index 0e89635..279dd37 100644 +index 0e89635..f0a7525 100644 --- a/arch/x86/kernel/cpu/intel_cacheinfo.c +++ b/arch/x86/kernel/cpu/intel_cacheinfo.c @@ -984,6 +984,22 @@ static struct attribute *default_attrs[] = { @@ -14896,8 +15091,17 @@ index 0e89635..279dd37 100644 per_cpu(ici_cache_kobject, cpu), "index%1lu", i); if (unlikely(retval)) { +@@ -1189,7 +1207,7 @@ static int __cpuinit cacheinfo_cpu_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata cacheinfo_cpu_notifier = { ++static struct notifier_block cacheinfo_cpu_notifier = { + .notifier_call = cacheinfo_cpu_callback, + }; + diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c -index 3b67877..6e11450 100644 +index 3b67877..e41ede1 100644 --- a/arch/x86/kernel/cpu/mcheck/mce.c +++ b/arch/x86/kernel/cpu/mcheck/mce.c @@ -42,6 +42,7 @@ @@ -15017,7 +15221,7 @@ index 3b67877..6e11450 100644 } -static struct notifier_block mce_cpu_notifier __cpuinitdata = { -+static struct notifier_block mce_cpu_notifier __cpuinitconst = { ++static struct notifier_block mce_cpu_notifier = { .notifier_call = mce_cpu_callback, }; @@ -15052,6 +15256,19 @@ index 5c0e653..0882b0a 100644 /* Make sure the vector pointer is visible before we enable MCEs: */ wmb(); +diff --git a/arch/x86/kernel/cpu/mcheck/therm_throt.c b/arch/x86/kernel/cpu/mcheck/therm_throt.c +index ce04b58..b84acbd 100644 +--- a/arch/x86/kernel/cpu/mcheck/therm_throt.c ++++ b/arch/x86/kernel/cpu/mcheck/therm_throt.c +@@ -290,7 +290,7 @@ thermal_throttle_cpu_callback(struct notifier_block *nfb, + return notifier_from_errno(err); + } + +-static struct notifier_block thermal_throttle_cpu_notifier __cpuinitdata = ++static struct notifier_block thermal_throttle_cpu_notifier = + { + .notifier_call = thermal_throttle_cpu_callback, + }; diff --git a/arch/x86/kernel/cpu/mcheck/winchip.c b/arch/x86/kernel/cpu/mcheck/winchip.c index 54060f5..c1a7577 100644 --- a/arch/x86/kernel/cpu/mcheck/winchip.c @@ -15113,6 +15330,19 @@ index 2bda212..78cc605 100644 } } +diff --git a/arch/x86/kernel/cpuid.c b/arch/x86/kernel/cpuid.c +index 212a6a4..322f5d9 100644 +--- a/arch/x86/kernel/cpuid.c ++++ b/arch/x86/kernel/cpuid.c +@@ -172,7 +172,7 @@ static int __cpuinit cpuid_class_cpu_callback(struct notifier_block *nfb, + return notifier_from_errno(err); + } + +-static struct notifier_block __refdata cpuid_class_cpu_notifier = ++static struct notifier_block cpuid_class_cpu_notifier = + { + .notifier_call = cpuid_class_cpu_callback, + }; diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c index 13ad899..f642b9a 100644 --- a/arch/x86/kernel/crash.c @@ -18754,7 +18984,7 @@ index 7da647d..c828808 100644 reset_current_kprobe(); preempt_enable_no_resched(); diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c -index a9c2116..a52d4fc 100644 +index a9c2116..94c1e1a 100644 --- a/arch/x86/kernel/kvm.c +++ b/arch/x86/kernel/kvm.c @@ -437,6 +437,7 @@ static void __init paravirt_ops_setup(void) @@ -18765,6 +18995,15 @@ index a9c2116..a52d4fc 100644 #endif #endif pv_mmu_ops.flush_tlb_user = kvm_flush_tlb; +@@ -579,7 +580,7 @@ static int __cpuinit kvm_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata kvm_cpu_notifier = { ++static struct notifier_block kvm_cpu_notifier = { + .notifier_call = kvm_cpu_notify, + }; + #endif diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c index ea69726..604d066 100644 --- a/arch/x86/kernel/ldt.c @@ -18864,6 +19103,19 @@ index a3fa43b..8966f4c 100644 relocate_kernel_ptr = control_page; page_list[PA_CONTROL_PAGE] = __pa(control_page); +diff --git a/arch/x86/kernel/microcode_core.c b/arch/x86/kernel/microcode_core.c +index 29c95d7..97b7b1b 100644 +--- a/arch/x86/kernel/microcode_core.c ++++ b/arch/x86/kernel/microcode_core.c +@@ -507,7 +507,7 @@ mc_cpu_callback(struct notifier_block *nb, unsigned long action, void *hcpu) + return NOTIFY_OK; + } + +-static struct notifier_block __refdata mc_cpu_notifier = { ++static struct notifier_block mc_cpu_notifier = { + .notifier_call = mc_cpu_callback, + }; + diff --git a/arch/x86/kernel/microcode_intel.c b/arch/x86/kernel/microcode_intel.c index 3ca42d0..7cff8cc 100644 --- a/arch/x86/kernel/microcode_intel.c @@ -19024,6 +19276,19 @@ index 925179f..6794bbb 100644 #if 0 if ((s64)val != *(s32 *)loc) goto overflow; +diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c +index f7d1a64..399615a 100644 +--- a/arch/x86/kernel/msr.c ++++ b/arch/x86/kernel/msr.c +@@ -235,7 +235,7 @@ static int __cpuinit msr_class_cpu_callback(struct notifier_block *nfb, + return notifier_from_errno(err); + } + +-static struct notifier_block __refdata msr_class_cpu_notifier = { ++static struct notifier_block msr_class_cpu_notifier = { + .notifier_call = msr_class_cpu_callback, + }; + diff --git a/arch/x86/kernel/nmi.c b/arch/x86/kernel/nmi.c index e88f37b..1353db6 100644 --- a/arch/x86/kernel/nmi.c @@ -20085,7 +20350,7 @@ index 9f548cb..caf76f7 100644 if (err) { pr_debug("do_boot_cpu failed %d\n", err); diff --git a/arch/x86/kernel/step.c b/arch/x86/kernel/step.c -index c346d11..d43b163 100644 +index d4f278e..86c58c0 100644 --- a/arch/x86/kernel/step.c +++ b/arch/x86/kernel/step.c @@ -27,10 +27,10 @@ unsigned long convert_ip_to_linear(struct task_struct *child, struct pt_regs *re @@ -20521,7 +20786,7 @@ index 9a0e312..e6f66f2 100644 .long sys_restart_syscall /* 0 - old "setup()" system call, used for restarting */ .long sys_exit diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c -index e2410e2..4fe3fbc 100644 +index e2410e2..b98a4fd 100644 --- a/arch/x86/kernel/tboot.c +++ b/arch/x86/kernel/tboot.c @@ -219,7 +219,7 @@ static int tboot_setup_sleep(void) @@ -20551,7 +20816,7 @@ index e2410e2..4fe3fbc 100644 static int tboot_wait_for_aps(int num_aps) { -@@ -322,9 +322,9 @@ static int __cpuinit tboot_cpu_callback(struct notifier_block *nfb, +@@ -322,16 +322,16 @@ static int __cpuinit tboot_cpu_callback(struct notifier_block *nfb, { switch (action) { case CPU_DYING: @@ -20563,6 +20828,14 @@ index e2410e2..4fe3fbc 100644 return NOTIFY_BAD; break; } + return NOTIFY_OK; + } + +-static struct notifier_block tboot_cpu_notifier __cpuinitdata = ++static struct notifier_block tboot_cpu_notifier = + { + .notifier_call = tboot_cpu_callback, + }; @@ -343,7 +343,7 @@ static __init int tboot_late_init(void) tboot_create_trampoline(); @@ -27418,6 +27691,19 @@ index bff89df..377758a 100644 unsigned long stack = kernel_stack_pointer(regs); if (depth) dump_trace(NULL, regs, (unsigned long *)stack, 0, +diff --git a/arch/x86/pci/amd_bus.c b/arch/x86/pci/amd_bus.c +index 385a940..b11662d 100644 +--- a/arch/x86/pci/amd_bus.c ++++ b/arch/x86/pci/amd_bus.c +@@ -355,7 +355,7 @@ static int __cpuinit amd_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata amd_cpu_notifier = { ++static struct notifier_block amd_cpu_notifier = { + .notifier_call = amd_cpu_notify, + }; + diff --git a/arch/x86/pci/mrst.c b/arch/x86/pci/mrst.c index cb29191..036766d 100644 --- a/arch/x86/pci/mrst.c @@ -28415,7 +28701,7 @@ index 153407c..611cba9 100644 -} -__setup("vdso=", vdso_setup); diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c -index 69b9ef6..c76f1fe 100644 +index 69b9ef6..30a09b1 100644 --- a/arch/x86/xen/enlighten.c +++ b/arch/x86/xen/enlighten.c @@ -86,8 +86,6 @@ EXPORT_SYMBOL_GPL(xen_start_info); @@ -28520,6 +28806,15 @@ index 69b9ef6..c76f1fe 100644 xen_smp_init(); +@@ -1400,7 +1399,7 @@ static int __cpuinit xen_hvm_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block xen_hvm_cpu_notifier __cpuinitdata = { ++static struct notifier_block xen_hvm_cpu_notifier = { + .notifier_call = xen_hvm_cpu_notify, + }; + diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c index 2b8b0de..0787f8a 100644 --- a/arch/x86/xen/mmu.c @@ -28620,10 +28915,10 @@ index 9a23fff..c05e794 100644 xen_init_spinlocks(); } diff --git a/arch/x86/xen/xen-asm_32.S b/arch/x86/xen/xen-asm_32.S -index b040b0e..c457aa7 100644 +index 7328f71..c457aa7 100644 --- a/arch/x86/xen/xen-asm_32.S +++ b/arch/x86/xen/xen-asm_32.S -@@ -83,16 +83,16 @@ ENTRY(xen_iret) +@@ -83,14 +83,14 @@ ENTRY(xen_iret) ESP_OFFSET=4 # bytes pushed onto stack /* @@ -28633,43 +28928,17 @@ index b040b0e..c457aa7 100644 */ #ifdef CONFIG_SMP - GET_THREAD_INFO(%eax) -- movl TI_cpu(%eax), %eax -- movl __per_cpu_offset(,%eax,4), %eax -- mov xen_vcpu(%eax), %eax +- movl %ss:TI_cpu(%eax), %eax +- movl %ss:__per_cpu_offset(,%eax,4), %eax +- mov %ss:xen_vcpu(%eax), %eax + push %fs + mov $(__KERNEL_PERCPU), %eax + mov %eax, %fs + mov PER_CPU_VAR(xen_vcpu), %eax + pop %fs #else -- movl xen_vcpu, %eax -+ movl %ss:xen_vcpu, %eax + movl %ss:xen_vcpu, %eax #endif - - /* check IF state we're restoring */ -@@ -105,11 +105,11 @@ ENTRY(xen_iret) - * resuming the code, so we don't have to be worried about - * being preempted to another CPU. - */ -- setz XEN_vcpu_info_mask(%eax) -+ setz %ss:XEN_vcpu_info_mask(%eax) - xen_iret_start_crit: - - /* check for unmasked and pending */ -- cmpw $0x0001, XEN_vcpu_info_pending(%eax) -+ cmpw $0x0001, %ss:XEN_vcpu_info_pending(%eax) - - /* - * If there's something pending, mask events again so we can -@@ -117,7 +117,7 @@ xen_iret_start_crit: - * touch XEN_vcpu_info_mask. - */ - jne 1f -- movb $1, XEN_vcpu_info_mask(%eax) -+ movb $1, %ss:XEN_vcpu_info_mask(%eax) - - 1: popl %eax - diff --git a/arch/x86/xen/xen-head.S b/arch/x86/xen/xen-head.S index aaa7291..3f77960 100644 --- a/arch/x86/xen/xen-head.S @@ -28767,7 +29036,7 @@ index af00795..2bb8105 100644 #define XCHAL_ICACHE_SIZE 32768 /* I-cache size in bytes or 0 */ #define XCHAL_DCACHE_SIZE 32768 /* D-cache size in bytes or 0 */ diff --git a/block/blk-iopoll.c b/block/blk-iopoll.c -index 58916af..9cb880b 100644 +index 58916af..eb9dbcf6 100644 --- a/block/blk-iopoll.c +++ b/block/blk-iopoll.c @@ -77,7 +77,7 @@ void blk_iopoll_complete(struct blk_iopoll *iopoll) @@ -28779,6 +29048,15 @@ index 58916af..9cb880b 100644 { struct list_head *list = &__get_cpu_var(blk_cpu_iopoll); int rearm = 0, budget = blk_iopoll_budget; +@@ -209,7 +209,7 @@ static int __cpuinit blk_iopoll_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata blk_iopoll_cpu_notifier = { ++static struct notifier_block blk_iopoll_cpu_notifier = { + .notifier_call = blk_iopoll_cpu_notify, + }; + diff --git a/block/blk-map.c b/block/blk-map.c index 623e1cd..ca1e109 100644 --- a/block/blk-map.c @@ -28793,7 +29071,7 @@ index 623e1cd..ca1e109 100644 bio = bio_copy_kern(q, kbuf, len, gfp_mask, reading); else diff --git a/block/blk-softirq.c b/block/blk-softirq.c -index 1366a89..e17f54b 100644 +index 1366a89..dfb3871 100644 --- a/block/blk-softirq.c +++ b/block/blk-softirq.c @@ -17,7 +17,7 @@ static DEFINE_PER_CPU(struct list_head, blk_cpu_done); @@ -28805,6 +29083,15 @@ index 1366a89..e17f54b 100644 { struct list_head *cpu_list, local_list; +@@ -97,7 +97,7 @@ static int __cpuinit blk_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata blk_cpu_notifier = { ++static struct notifier_block blk_cpu_notifier = { + .notifier_call = blk_cpu_notify, + }; + diff --git a/block/bsg.c b/block/bsg.c index c0ab25c..9d49f8f 100644 --- a/block/bsg.c @@ -31529,7 +31816,7 @@ index 0636520..169c1d0 100644 acpi_os_unmap_memory(virt, len); return 0; diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c -index 8e3c46d..c139b99 100644 +index 7795d1e..bc6d80a 100644 --- a/drivers/char/virtio_console.c +++ b/drivers/char/virtio_console.c @@ -563,7 +563,7 @@ static ssize_t fill_readbuf(struct port *port, char *out_buf, size_t out_count, @@ -31550,6 +31837,32 @@ index 8e3c46d..c139b99 100644 } static ssize_t port_fops_write(struct file *filp, const char __user *ubuf, +diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c +index 987a165..4620e42 100644 +--- a/drivers/cpufreq/cpufreq.c ++++ b/drivers/cpufreq/cpufreq.c +@@ -1790,7 +1790,7 @@ static int __cpuinit cpufreq_cpu_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block __refdata cpufreq_cpu_notifier = { ++static struct notifier_block cpufreq_cpu_notifier = { + .notifier_call = cpufreq_cpu_callback, + }; + +diff --git a/drivers/cpufreq/cpufreq_stats.c b/drivers/cpufreq/cpufreq_stats.c +index c5072a9..d5f3bf1 100644 +--- a/drivers/cpufreq/cpufreq_stats.c ++++ b/drivers/cpufreq/cpufreq_stats.c +@@ -341,7 +341,7 @@ static int __cpuinit cpufreq_stat_cpu_callback(struct notifier_block *nfb, + } + + /* priority=1 so this will get called before cpufreq_remove_dev */ +-static struct notifier_block cpufreq_stat_cpu_notifier __refdata = { ++static struct notifier_block cpufreq_stat_cpu_notifier = { + .notifier_call = cpufreq_stat_cpu_callback, + .priority = 1, + }; diff --git a/drivers/dma/dmatest.c b/drivers/dma/dmatest.c index eb1d864..39ee5a7 100644 --- a/drivers/dma/dmatest.c @@ -31563,6 +31876,19 @@ index eb1d864..39ee5a7 100644 } pr_info("dmatest: Started %u threads using %s\n", +diff --git a/drivers/dma/shdma.c b/drivers/dma/shdma.c +index 81809c2..6409470 100644 +--- a/drivers/dma/shdma.c ++++ b/drivers/dma/shdma.c +@@ -1054,7 +1054,7 @@ static int sh_dmae_nmi_handler(struct notifier_block *self, + return ret; + } + +-static struct notifier_block sh_dmae_nmi_notifier __read_mostly = { ++static struct notifier_block sh_dmae_nmi_notifier = { + .notifier_call = sh_dmae_nmi_handler, + + /* Run before NMI debug handler and KGDB */ diff --git a/drivers/edac/amd64_edac.c b/drivers/edac/amd64_edac.c index a9d5482..376077f 100644 --- a/drivers/edac/amd64_edac.c @@ -32531,7 +32857,7 @@ index 93e74fb..4a1182d 100644 INIT_WORK(&dev_priv->hotplug_work, i915_hotplug_work_func); INIT_WORK(&dev_priv->error_work, i915_error_work_func); diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c -index c05e825..b086c8c 100644 +index 7817429..b6d75d8 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c @@ -2214,7 +2214,7 @@ intel_finish_fb(struct drm_framebuffer *old_fb) @@ -32553,7 +32879,7 @@ index c05e825..b086c8c 100644 wake_up(&dev_priv->pending_flip_queue); schedule_work(&work->work); -@@ -7190,7 +7189,13 @@ static int intel_gen6_queue_flip(struct drm_device *dev, +@@ -7188,7 +7187,13 @@ static int intel_gen6_queue_flip(struct drm_device *dev, OUT_RING(fb->pitch | obj->tiling_mode); OUT_RING(obj->gtt_offset); @@ -32567,7 +32893,7 @@ index c05e825..b086c8c 100644 + pf = 0; pipesrc = I915_READ(PIPESRC(intel_crtc->pipe)) & 0x0fff0fff; OUT_RING(pf | pipesrc); - ADVANCE_LP_RING(); + @@ -7324,7 +7329,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, /* Block clients from rendering to the new back buffer until * the flip occurs and the object is no longer visible. @@ -33524,6 +33850,19 @@ index 66f6729..2d6de0a 100644 mutex_lock(&resource->lock); resource->trip[attr->index - 7] = temp; +diff --git a/drivers/hwmon/coretemp.c b/drivers/hwmon/coretemp.c +index 3d630bb..77756d7 100644 +--- a/drivers/hwmon/coretemp.c ++++ b/drivers/hwmon/coretemp.c +@@ -787,7 +787,7 @@ static int __cpuinit coretemp_cpu_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block coretemp_cpu_notifier __refdata = { ++static struct notifier_block coretemp_cpu_notifier = { + .notifier_call = coretemp_cpu_callback, + }; + diff --git a/drivers/hwmon/sht15.c b/drivers/hwmon/sht15.c index 5357925..6cf0418 100644 --- a/drivers/hwmon/sht15.c @@ -33576,6 +33915,19 @@ index 5357925..6cf0418 100644 return; } +diff --git a/drivers/hwmon/via-cputemp.c b/drivers/hwmon/via-cputemp.c +index 8eac67d..d7b2fa5 100644 +--- a/drivers/hwmon/via-cputemp.c ++++ b/drivers/hwmon/via-cputemp.c +@@ -304,7 +304,7 @@ static int __cpuinit via_cputemp_cpu_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block via_cputemp_cpu_notifier __refdata = { ++static struct notifier_block via_cputemp_cpu_notifier = { + .notifier_call = via_cputemp_cpu_callback, + }; + diff --git a/drivers/i2c/busses/i2c-amd756-s4882.c b/drivers/i2c/busses/i2c-amd756-s4882.c index 378fcb5..5e91fa8 100644 --- a/drivers/i2c/busses/i2c-amd756-s4882.c @@ -34379,6 +34731,19 @@ index 40c8353..946b0e4 100644 } PDBG("%s stag_state 0x%0x type 0x%0x pdid 0x%0x, stag_idx 0x%x\n", __func__, stag_state, type, pdid, stag_idx); +diff --git a/drivers/infiniband/hw/ehca/ehca_irq.c b/drivers/infiniband/hw/ehca/ehca_irq.c +index e571e60..523c505 100644 +--- a/drivers/infiniband/hw/ehca/ehca_irq.c ++++ b/drivers/infiniband/hw/ehca/ehca_irq.c +@@ -883,7 +883,7 @@ static int __cpuinit comp_pool_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block comp_pool_callback_nb __cpuinitdata = { ++static struct notifier_block comp_pool_callback_nb = { + .notifier_call = comp_pool_callback, + .priority = 0, + }; diff --git a/drivers/infiniband/hw/ipath/ipath_rc.c b/drivers/infiniband/hw/ipath/ipath_rc.c index 79b3dbc..96e5fcc 100644 --- a/drivers/infiniband/hw/ipath/ipath_rc.c @@ -37105,6 +37470,19 @@ index 61d2bdd..7f1154a 100644 { "100/10M Ethernet PCI Adapter", HAS_MII_XCVR }, { "100/10M Ethernet PCI Adapter", HAS_CHIP_XCVR }, { "1000/100/10M Ethernet PCI Adapter", HAS_MII_XCVR }, +diff --git a/drivers/net/ethernet/ibm/emac/core.c b/drivers/net/ethernet/ibm/emac/core.c +index ed79b2d..b17b19d 100644 +--- a/drivers/net/ethernet/ibm/emac/core.c ++++ b/drivers/net/ethernet/ibm/emac/core.c +@@ -2309,7 +2309,7 @@ static int __devinit emac_of_bus_notify(struct notifier_block *nb, + return 0; + } + +-static struct notifier_block emac_of_bus_notifier __devinitdata = { ++static struct notifier_block emac_of_bus_notifier = { + .notifier_call = emac_of_bus_notify + }; + diff --git a/drivers/net/ethernet/intel/e1000e/80003es2lan.c b/drivers/net/ethernet/intel/e1000e/80003es2lan.c index e1159e5..34efe3e 100644 --- a/drivers/net/ethernet/intel/e1000e/80003es2lan.c @@ -37348,7 +37726,7 @@ index 49b549f..13d648c 100644 mac->phydev = phydev; diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c -index b8db4cd..41bf50c 100644 +index a6153f1..4bdf0c8 100644 --- a/drivers/net/ethernet/realtek/r8169.c +++ b/drivers/net/ethernet/realtek/r8169.c @@ -704,17 +704,17 @@ struct rtl8169_private { @@ -37422,6 +37800,19 @@ index d4d2bc1..14b8672 100644 }; static int stmmac_init_fs(struct net_device *dev) +diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c +index 97f342e..63fee4d 100644 +--- a/drivers/net/macvlan.c ++++ b/drivers/net/macvlan.c +@@ -850,7 +850,7 @@ static int macvlan_device_event(struct notifier_block *unused, + return NOTIFY_DONE; + } + +-static struct notifier_block macvlan_notifier_block __read_mostly = { ++static struct notifier_block macvlan_notifier_block = { + .notifier_call = macvlan_device_event, + }; + diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c index 26106c0..4046553 100644 --- a/drivers/net/macvtap.c @@ -38429,6 +38820,19 @@ index 2f0aa0f..90fab02 100644 { return __oprofilefs_create_file(sb, root, name, &atomic_ro_fops, 0444, val); +diff --git a/drivers/oprofile/timer_int.c b/drivers/oprofile/timer_int.c +index 878fba1..2084bcf 100644 +--- a/drivers/oprofile/timer_int.c ++++ b/drivers/oprofile/timer_int.c +@@ -93,7 +93,7 @@ static int __cpuinit oprofile_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __refdata oprofile_cpu_notifier = { ++static struct notifier_block oprofile_cpu_notifier = { + .notifier_call = oprofile_cpu_notify, + }; + diff --git a/drivers/parport/procfs.c b/drivers/parport/procfs.c index 3f56bc0..707d642 100644 --- a/drivers/parport/procfs.c @@ -52461,7 +52865,7 @@ index dba43c3..7511af2 100644 if (op) { diff --git a/fs/splice.c b/fs/splice.c -index 014fcb4..980206f 100644 +index 58ab918..e471089 100644 --- a/fs/splice.c +++ b/fs/splice.c @@ -195,7 +195,7 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe, @@ -52512,7 +52916,7 @@ index 014fcb4..980206f 100644 vec[i].iov_len = this_len; spd.pages[i] = page; spd.nr_pages++; -@@ -853,10 +853,10 @@ EXPORT_SYMBOL(splice_from_pipe_feed); +@@ -855,10 +855,10 @@ EXPORT_SYMBOL(splice_from_pipe_feed); int splice_from_pipe_next(struct pipe_inode_info *pipe, struct splice_desc *sd) { while (!pipe->nrbufs) { @@ -52525,7 +52929,7 @@ index 014fcb4..980206f 100644 return 0; if (sd->flags & SPLICE_F_NONBLOCK) -@@ -1189,7 +1189,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd, +@@ -1191,7 +1191,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd, * out of the pipe right after the splice_to_pipe(). So set * PIPE_READERS appropriately. */ @@ -52534,7 +52938,7 @@ index 014fcb4..980206f 100644 current->splice_pipe = pipe; } -@@ -1742,9 +1742,9 @@ static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags) +@@ -1744,9 +1744,9 @@ static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags) ret = -ERESTARTSYS; break; } @@ -52546,7 +52950,7 @@ index 014fcb4..980206f 100644 if (flags & SPLICE_F_NONBLOCK) { ret = -EAGAIN; break; -@@ -1776,7 +1776,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) +@@ -1778,7 +1778,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) pipe_lock(pipe); while (pipe->nrbufs >= pipe->buffers) { @@ -52555,7 +52959,7 @@ index 014fcb4..980206f 100644 send_sig(SIGPIPE, current, 0); ret = -EPIPE; break; -@@ -1789,9 +1789,9 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) +@@ -1791,9 +1791,9 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) ret = -ERESTARTSYS; break; } @@ -52567,7 +52971,7 @@ index 014fcb4..980206f 100644 } pipe_unlock(pipe); -@@ -1827,14 +1827,14 @@ retry: +@@ -1829,14 +1829,14 @@ retry: pipe_double_lock(ipipe, opipe); do { @@ -52584,7 +52988,7 @@ index 014fcb4..980206f 100644 break; /* -@@ -1931,7 +1931,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, +@@ -1933,7 +1933,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, pipe_double_lock(ipipe, opipe); do { @@ -52593,7 +52997,7 @@ index 014fcb4..980206f 100644 send_sig(SIGPIPE, current, 0); if (!ret) ret = -EPIPE; -@@ -1976,7 +1976,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, +@@ -1978,7 +1978,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, * return EAGAIN if we have the potential of some data in the * future, otherwise just return 0 */ @@ -64013,6 +64417,19 @@ index 320d6c9..89f1e77 100644 +#define ACCESS_ONCE_RW(x) (*(volatile typeof(x) *)&(x)) #endif /* __LINUX_COMPILER_H */ +diff --git a/include/linux/cpu.h b/include/linux/cpu.h +index c692acc..95bcc75 100644 +--- a/include/linux/cpu.h ++++ b/include/linux/cpu.h +@@ -108,7 +108,7 @@ enum { + /* Need to know about CPUs going up/down? */ + #if defined(CONFIG_HOTPLUG_CPU) || !defined(MODULE) + #define cpu_notifier(fn, pri) { \ +- static struct notifier_block fn##_nb __cpuinitdata = \ ++ static struct notifier_block fn##_nb = \ + { .notifier_call = fn, .priority = pri }; \ + register_cpu_notifier(&fn##_nb); \ + } diff --git a/include/linux/crash_dump.h b/include/linux/crash_dump.h index b936763..48685ee 100644 --- a/include/linux/crash_dump.h @@ -66467,7 +66884,7 @@ index 4633b2f..988bc08 100644 atomic_t refcnt; unsigned int max_seq_nr; diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h -index b669be6..8335421 100644 +index b669be6..22773f5 100644 --- a/include/linux/perf_event.h +++ b/include/linux/perf_event.h @@ -748,8 +748,8 @@ struct perf_event { @@ -66492,6 +66909,15 @@ index b669be6..8335421 100644 /* * Protect attach/detach and child_list: +@@ -1193,7 +1193,7 @@ static inline void perf_event_task_tick(void) { } + */ + #define perf_cpu_notifier(fn) \ + do { \ +- static struct notifier_block fn##_nb __cpuinitdata = \ ++ static struct notifier_block fn##_nb = \ + { .notifier_call = fn, .priority = CPU_PRI_PERF }; \ + fn(&fn##_nb, (unsigned long)CPU_UP_PREPARE, \ + (void *)(unsigned long)smp_processor_id()); \ diff --git a/include/linux/personality.h b/include/linux/personality.h index 8fc7dd1a..c19d89e 100644 --- a/include/linux/personality.h @@ -66770,7 +67196,7 @@ index 2148b12..519b820 100644 static inline void anon_vma_merge(struct vm_area_struct *vma, diff --git a/include/linux/sched.h b/include/linux/sched.h -index 1e86bb4..bcc2c30 100644 +index 8204898..bcc2c30 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -101,6 +101,7 @@ struct bio_list; @@ -67033,24 +67459,6 @@ index 1e86bb4..bcc2c30 100644 return (obj >= stack) && (obj < (stack + THREAD_SIZE)); } -@@ -2597,7 +2713,16 @@ static inline void thread_group_cputime_init(struct signal_struct *sig) - extern void recalc_sigpending_and_wake(struct task_struct *t); - extern void recalc_sigpending(void); - --extern void signal_wake_up(struct task_struct *t, int resume_stopped); -+extern void signal_wake_up_state(struct task_struct *t, unsigned int state); -+ -+static inline void signal_wake_up(struct task_struct *t, bool resume) -+{ -+ signal_wake_up_state(t, resume ? TASK_WAKEKILL : 0); -+} -+static inline void ptrace_signal_wake_up(struct task_struct *t, bool resume) -+{ -+ signal_wake_up_state(t, resume ? __TASK_TRACED : 0); -+} - - /* - * Wrappers for p->thread_info->cpu access. No-op on UP. diff --git a/include/linux/screen_info.h b/include/linux/screen_info.h index 899fbb4..1cb4138 100644 --- a/include/linux/screen_info.h @@ -67195,7 +67603,7 @@ index 53dc7e7..e353d6b 100644 int size); extern int skb_copy_and_csum_datagram_iovec(struct sk_buff *skb, diff --git a/include/linux/slab.h b/include/linux/slab.h -index 573c809..0ae46e1 100644 +index 573c809..d11cea2 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h @@ -11,12 +11,20 @@ @@ -67252,26 +67660,15 @@ index 573c809..0ae46e1 100644 /* * Allocator specific definitions. These are mainly used to establish optimized -@@ -240,8 +253,18 @@ size_t ksize(const void *); +@@ -240,6 +253,7 @@ size_t ksize(const void *); * for general use, and so are not documented here. For a full list of * potential flags, always refer to linux/gfp.h. */ + -+extern void kcalloc_error(void) -+#if defined(CONFIG_GCOV_KERNEL) && defined(CONFIG_PAX_SIZE_OVERFLOW) -+__compiletime_warning("kcalloc called with swapped arguments?"); -+#else -+__compiletime_error("kcalloc called with swapped arguments?"); -+#endif -+ static inline void *kcalloc(size_t n, size_t size, gfp_t flags) { -+ if (__builtin_constant_p(n) && !__builtin_constant_p(size)) -+ kcalloc_error(); if (size != 0 && n > ULONG_MAX / size) - return NULL; - return __kmalloc(n * size, flags | __GFP_ZERO); -@@ -287,7 +310,7 @@ static inline void *kmem_cache_alloc_node(struct kmem_cache *cachep, +@@ -287,7 +301,7 @@ static inline void *kmem_cache_alloc_node(struct kmem_cache *cachep, */ #if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_SLUB) || \ (defined(CONFIG_SLAB) && defined(CONFIG_TRACING)) @@ -67280,7 +67677,7 @@ index 573c809..0ae46e1 100644 #define kmalloc_track_caller(size, flags) \ __kmalloc_track_caller(size, flags, _RET_IP_) #else -@@ -306,7 +329,7 @@ extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long); +@@ -306,7 +320,7 @@ extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long); */ #if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_SLUB) || \ (defined(CONFIG_SLAB) && defined(CONFIG_TRACING)) @@ -70469,7 +70866,7 @@ index 9b22d03..6295b62 100644 prev->next = info->next; else diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c -index 6db7a5e..25b6648 100644 +index 6db7a5e..0d600bd 100644 --- a/kernel/hrtimer.c +++ b/kernel/hrtimer.c @@ -1407,7 +1407,7 @@ void hrtimer_peek_ahead_timers(void) @@ -70481,6 +70878,15 @@ index 6db7a5e..25b6648 100644 { struct hrtimer_cpu_base *cpu_base = &__get_cpu_var(hrtimer_bases); +@@ -1751,7 +1751,7 @@ static int __cpuinit hrtimer_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata hrtimers_nb = { ++static struct notifier_block hrtimers_nb = { + .notifier_call = hrtimer_cpu_notify, + }; + diff --git a/kernel/jump_label.c b/kernel/jump_label.c index 66ff710..794bc5a 100644 --- a/kernel/jump_label.c @@ -72221,92 +72627,10 @@ index 76b8e77..a2930e8 100644 } diff --git a/kernel/ptrace.c b/kernel/ptrace.c -index 78ab24a..5333587 100644 +index 67fedad..5333587 100644 --- a/kernel/ptrace.c +++ b/kernel/ptrace.c -@@ -117,11 +117,45 @@ void __ptrace_unlink(struct task_struct *child) - * TASK_KILLABLE sleeps. - */ - if (child->jobctl & JOBCTL_STOP_PENDING || task_is_traced(child)) -- signal_wake_up(child, task_is_traced(child)); -+ ptrace_signal_wake_up(child, true); - - spin_unlock(&child->sighand->siglock); - } - -+/* Ensure that nothing can wake it up, even SIGKILL */ -+static bool ptrace_freeze_traced(struct task_struct *task) -+{ -+ bool ret = false; -+ -+ /* Lockless, nobody but us can set this flag */ -+ if (task->jobctl & JOBCTL_LISTENING) -+ return ret; -+ -+ spin_lock_irq(&task->sighand->siglock); -+ if (task_is_traced(task) && !__fatal_signal_pending(task)) { -+ task->state = __TASK_TRACED; -+ ret = true; -+ } -+ spin_unlock_irq(&task->sighand->siglock); -+ -+ return ret; -+} -+ -+static void ptrace_unfreeze_traced(struct task_struct *task) -+{ -+ if (task->state != __TASK_TRACED) -+ return; -+ -+ WARN_ON(!task->ptrace || task->parent != current); -+ -+ spin_lock_irq(&task->sighand->siglock); -+ if (__fatal_signal_pending(task)) -+ wake_up_state(task, __TASK_TRACED); -+ else -+ task->state = TASK_TRACED; -+ spin_unlock_irq(&task->sighand->siglock); -+} -+ - /** - * ptrace_check_attach - check whether ptracee is ready for ptrace operation - * @child: ptracee to check for -@@ -151,28 +185,34 @@ int ptrace_check_attach(struct task_struct *child, bool ignore_state) - * be changed by us so it's not changing right after this. - */ - read_lock(&tasklist_lock); -- if ((child->ptrace & PT_PTRACED) && child->parent == current) { -+ if (child->ptrace && child->parent == current) { -+ WARN_ON(child->state == __TASK_TRACED); - /* - * child->sighand can't be NULL, release_task() - * does ptrace_unlink() before __exit_signal(). - */ -- spin_lock_irq(&child->sighand->siglock); -- WARN_ON_ONCE(task_is_stopped(child)); -- if (ignore_state || (task_is_traced(child) && -- !(child->jobctl & JOBCTL_LISTENING))) -+ if (ignore_state || ptrace_freeze_traced(child)) - ret = 0; -- spin_unlock_irq(&child->sighand->siglock); - } - read_unlock(&tasklist_lock); - -- if (!ret && !ignore_state) -- ret = wait_task_inactive(child, TASK_TRACED) ? 0 : -ESRCH; -+ if (!ret && !ignore_state) { -+ if (!wait_task_inactive(child, __TASK_TRACED)) { -+ /* -+ * This can only happen if may_ptrace_stop() fails and -+ * ptrace_stop() changes ->state back to TASK_RUNNING, -+ * so we should not worry about leaking __TASK_TRACED. -+ */ -+ WARN_ON(child->state == __TASK_TRACED); -+ ret = -ESRCH; -+ } -+ } - -- /* All systems go.. */ +@@ -211,7 +211,8 @@ int ptrace_check_attach(struct task_struct *child, bool ignore_state) return ret; } @@ -72316,7 +72640,7 @@ index 78ab24a..5333587 100644 { const struct cred *cred = current_cred(), *tcred; -@@ -198,7 +238,8 @@ int __ptrace_may_access(struct task_struct *task, unsigned int mode) +@@ -237,7 +238,8 @@ int __ptrace_may_access(struct task_struct *task, unsigned int mode) cred->gid == tcred->sgid && cred->gid == tcred->gid)) goto ok; @@ -72326,7 +72650,7 @@ index 78ab24a..5333587 100644 goto ok; rcu_read_unlock(); return -EPERM; -@@ -207,7 +248,9 @@ ok: +@@ -246,7 +248,9 @@ ok: smp_rmb(); if (task->mm) dumpable = get_dumpable(task->mm); @@ -72337,7 +72661,7 @@ index 78ab24a..5333587 100644 return -EPERM; return security_ptrace_access_check(task, mode); -@@ -217,7 +260,21 @@ bool ptrace_may_access(struct task_struct *task, unsigned int mode) +@@ -256,7 +260,21 @@ bool ptrace_may_access(struct task_struct *task, unsigned int mode) { int err; task_lock(task); @@ -72360,7 +72684,7 @@ index 78ab24a..5333587 100644 task_unlock(task); return !err; } -@@ -262,7 +319,7 @@ static int ptrace_attach(struct task_struct *task, long request, +@@ -301,7 +319,7 @@ static int ptrace_attach(struct task_struct *task, long request, goto out; task_lock(task); @@ -72369,7 +72693,7 @@ index 78ab24a..5333587 100644 task_unlock(task); if (retval) goto unlock_creds; -@@ -277,7 +334,7 @@ static int ptrace_attach(struct task_struct *task, long request, +@@ -316,7 +334,7 @@ static int ptrace_attach(struct task_struct *task, long request, task->ptrace = PT_PTRACED; if (seize) task->ptrace |= PT_SEIZED; @@ -72378,16 +72702,7 @@ index 78ab24a..5333587 100644 task->ptrace |= PT_PTRACE_CAP; __ptrace_link(task, current); -@@ -307,7 +364,7 @@ static int ptrace_attach(struct task_struct *task, long request, - */ - if (task_is_stopped(task) && - task_set_jobctl_pending(task, JOBCTL_TRAP_STOP | JOBCTL_TRAPPING)) -- signal_wake_up(task, 1); -+ signal_wake_up_state(task, __TASK_STOPPED); - - spin_unlock(&task->sighand->siglock); - -@@ -483,7 +540,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst +@@ -522,7 +540,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst break; return -EIO; } @@ -72396,7 +72711,7 @@ index 78ab24a..5333587 100644 return -EFAULT; copied += retval; src += retval; -@@ -680,7 +737,7 @@ int ptrace_request(struct task_struct *child, long request, +@@ -719,7 +737,7 @@ int ptrace_request(struct task_struct *child, long request, bool seized = child->ptrace & PT_SEIZED; int ret = -EIO; siginfo_t siginfo, *si; @@ -72405,25 +72720,7 @@ index 78ab24a..5333587 100644 unsigned long __user *datalp = datavp; unsigned long flags; -@@ -736,7 +793,7 @@ int ptrace_request(struct task_struct *child, long request, - * tracee into STOP. - */ - if (likely(task_set_jobctl_pending(child, JOBCTL_TRAP_STOP))) -- signal_wake_up(child, child->jobctl & JOBCTL_LISTENING); -+ ptrace_signal_wake_up(child, child->jobctl & JOBCTL_LISTENING); - - unlock_task_sighand(child, &flags); - ret = 0; -@@ -762,7 +819,7 @@ int ptrace_request(struct task_struct *child, long request, - * start of this trap and now. Trigger re-trap. - */ - if (child->jobctl & JOBCTL_TRAP_NOTIFY) -- signal_wake_up(child, true); -+ ptrace_signal_wake_up(child, true); - ret = 0; - } - unlock_task_sighand(child, &flags); -@@ -882,14 +939,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr, +@@ -921,14 +939,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr, goto out; } @@ -72446,16 +72743,7 @@ index 78ab24a..5333587 100644 goto out_put_task_struct; } -@@ -899,6 +963,8 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr, - goto out_put_task_struct; - - ret = arch_ptrace(child, request, addr, data); -+ if (ret || request != PTRACE_DETACH) -+ ptrace_unfreeze_traced(child); - - out_put_task_struct: - put_task_struct(child); -@@ -915,7 +981,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr, +@@ -956,7 +981,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr, copied = access_process_vm(tsk, addr, &tmp, sizeof(tmp), 0); if (copied != sizeof(tmp)) return -EIO; @@ -72464,7 +72752,7 @@ index 78ab24a..5333587 100644 } int generic_ptrace_pokedata(struct task_struct *tsk, unsigned long addr, -@@ -1025,21 +1091,31 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid, +@@ -1066,14 +1091,21 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid, goto out; } @@ -72487,17 +72775,6 @@ index 78ab24a..5333587 100644 goto out_put_task_struct; } - ret = ptrace_check_attach(child, request == PTRACE_KILL || - request == PTRACE_INTERRUPT); -- if (!ret) -+ if (!ret) { - ret = compat_arch_ptrace(child, request, addr, data); -+ if (ret || request != PTRACE_DETACH) -+ ptrace_unfreeze_traced(child); -+ } - - out_put_task_struct: - put_task_struct(child); diff --git a/kernel/rcutiny.c b/kernel/rcutiny.c index 636af6d..8af70ab 100644 --- a/kernel/rcutiny.c @@ -72894,7 +73171,7 @@ index 9feffa4..54058df 100644 rdp->dynticks->dynticks_nmi_nesting, rdp->dynticks_fqs); diff --git a/kernel/resource.c b/kernel/resource.c -index 7640b3a..5879283 100644 +index 08aa28e..b958c1c 100644 --- a/kernel/resource.c +++ b/kernel/resource.c @@ -141,8 +141,18 @@ static const struct file_operations proc_iomem_operations = { @@ -73011,20 +73288,10 @@ index 3d9f31c..7fefc9e 100644 default: diff --git a/kernel/sched.c b/kernel/sched.c -index fcc893f..223b418 100644 +index eeeec4e..403ccf3 100644 --- a/kernel/sched.c +++ b/kernel/sched.c -@@ -2924,7 +2924,8 @@ out: - */ - int wake_up_process(struct task_struct *p) - { -- return try_to_wake_up(p, TASK_ALL, 0); -+ WARN_ON(task_is_stopped_or_traced(p)); -+ return try_to_wake_up(p, TASK_NORMAL, 0); - } - EXPORT_SYMBOL(wake_up_process); - -@@ -5290,6 +5291,8 @@ int can_nice(const struct task_struct *p, const int nice) +@@ -5291,6 +5291,8 @@ int can_nice(const struct task_struct *p, const int nice) /* convert nice value [19,-20] to rlimit style value [1,40] */ int nice_rlim = 20 - nice; @@ -73033,7 +73300,7 @@ index fcc893f..223b418 100644 return (nice_rlim <= task_rlimit(p, RLIMIT_NICE) || capable(CAP_SYS_NICE)); } -@@ -5323,7 +5326,8 @@ SYSCALL_DEFINE1(nice, int, increment) +@@ -5324,7 +5326,8 @@ SYSCALL_DEFINE1(nice, int, increment) if (nice > 19) nice = 19; @@ -73043,7 +73310,7 @@ index fcc893f..223b418 100644 return -EPERM; retval = security_task_setnice(current, nice); -@@ -5480,6 +5484,7 @@ recheck: +@@ -5481,6 +5484,7 @@ recheck: unsigned long rlim_rtprio = task_rlimit(p, RLIMIT_RTPRIO); @@ -73051,6 +73318,15 @@ index fcc893f..223b418 100644 /* can't set/change the rt policy */ if (policy != p->policy && !rlim_rtprio) return -EPERM; +@@ -6875,7 +6879,7 @@ migration_call(struct notifier_block *nfb, unsigned long action, void *hcpu) + * happens before everything else. This has to be lower priority than + * the notifier in the perf_event subsystem, though. + */ +-static struct notifier_block __cpuinitdata migration_notifier = { ++static struct notifier_block migration_notifier = { + .notifier_call = migration_call, + .priority = CPU_PRI_MIGRATION, + }; diff --git a/kernel/sched_autogroup.c b/kernel/sched_autogroup.c index f280df1..da1281d 100644 --- a/kernel/sched_autogroup.c @@ -73087,7 +73363,7 @@ index 66e4576..d05c6d5 100644 int this_cpu = smp_processor_id(); struct rq *this_rq = cpu_rq(this_cpu); diff --git a/kernel/signal.c b/kernel/signal.c -index 08e0b97..4dc47a0 100644 +index d2f55ea..4dc47a0 100644 --- a/kernel/signal.c +++ b/kernel/signal.c @@ -45,12 +45,12 @@ static struct kmem_cache *sigqueue_cachep; @@ -73133,34 +73409,7 @@ index 08e0b97..4dc47a0 100644 if (is_global_init(tsk)) return 1; if (handler != SIG_IGN && handler != SIG_DFL) -@@ -676,23 +679,17 @@ int dequeue_signal(struct task_struct *tsk, sigset_t *mask, siginfo_t *info) - * No need to set need_resched since signal event passing - * goes through ->blocked - */ --void signal_wake_up(struct task_struct *t, int resume) -+void signal_wake_up_state(struct task_struct *t, unsigned int state) - { -- unsigned int mask; -- - set_tsk_thread_flag(t, TIF_SIGPENDING); -- - /* -- * For SIGKILL, we want to wake it up in the stopped/traced/killable -+ * TASK_WAKEKILL also means wake it up in the stopped/traced/killable - * case. We don't check t->state here because there is a race with it - * executing another processor and just now entering stopped state. - * By using wake_up_state, we ensure the process will wake up and - * handle its death signal. - */ -- mask = TASK_INTERRUPTIBLE; -- if (resume) -- mask |= TASK_WAKEKILL; -- if (!wake_up_state(t, mask)) -+ if (!wake_up_state(t, state | TASK_INTERRUPTIBLE)) - kick_process(t); - } - -@@ -815,6 +812,13 @@ static int check_kill_permission(int sig, struct siginfo *info, +@@ -809,6 +812,13 @@ static int check_kill_permission(int sig, struct siginfo *info, } } @@ -73174,16 +73423,7 @@ index 08e0b97..4dc47a0 100644 return security_task_kill(t, info, sig, 0); } -@@ -841,7 +845,7 @@ static void ptrace_trap_notify(struct task_struct *t) - assert_spin_locked(&t->sighand->siglock); - - task_set_jobctl_pending(t, JOBCTL_TRAP_NOTIFY); -- signal_wake_up(t, t->jobctl & JOBCTL_LISTENING); -+ ptrace_signal_wake_up(t, t->jobctl & JOBCTL_LISTENING); - } - - /* -@@ -1165,7 +1169,7 @@ __group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p) +@@ -1159,7 +1169,7 @@ __group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p) return send_signal(sig, info, p, 1); } @@ -73192,7 +73432,7 @@ index 08e0b97..4dc47a0 100644 specific_send_sig_info(int sig, struct siginfo *info, struct task_struct *t) { return send_signal(sig, info, t, 0); -@@ -1202,6 +1206,7 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t) +@@ -1196,6 +1206,7 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t) unsigned long int flags; int ret, blocked, ignored; struct k_sigaction *action; @@ -73200,7 +73440,7 @@ index 08e0b97..4dc47a0 100644 spin_lock_irqsave(&t->sighand->siglock, flags); action = &t->sighand->action[sig-1]; -@@ -1216,9 +1221,18 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t) +@@ -1210,9 +1221,18 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t) } if (action->sa.sa_handler == SIG_DFL) t->signal->flags &= ~SIGNAL_UNKILLABLE; @@ -73219,7 +73459,7 @@ index 08e0b97..4dc47a0 100644 return ret; } -@@ -1285,8 +1299,11 @@ int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p) +@@ -1279,8 +1299,11 @@ int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p) ret = check_kill_permission(sig, info, p); rcu_read_unlock(); @@ -73232,26 +73472,7 @@ index 08e0b97..4dc47a0 100644 return ret; } -@@ -1765,6 +1782,10 @@ static inline int may_ptrace_stop(void) - * If SIGKILL was already sent before the caller unlocked - * ->siglock we must see ->core_state != NULL. Otherwise it - * is safe to enter schedule(). -+ * -+ * This is almost outdated, a task with the pending SIGKILL can't -+ * block in TASK_TRACED. But PTRACE_EVENT_EXIT can be reported -+ * after SIGKILL was already dequeued. - */ - if (unlikely(current->mm->core_state) && - unlikely(current->mm == current->parent->mm)) -@@ -1890,6 +1911,7 @@ static void ptrace_stop(int exit_code, int why, int clear_code, siginfo_t *info) - if (gstop_done) - do_notify_parent_cldstop(current, false, why); - -+ /* tasklist protects us from ptrace_freeze_traced() */ - __set_current_state(TASK_RUNNING); - if (clear_code) - current->exit_code = 0; -@@ -2763,7 +2785,15 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info) +@@ -2762,7 +2785,15 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info) int error = -ESRCH; rcu_read_lock(); @@ -73269,9 +73490,18 @@ index 08e0b97..4dc47a0 100644 error = check_kill_permission(sig, info, p); /* diff --git a/kernel/smp.c b/kernel/smp.c -index 9e800b2..451c00b 100644 +index 9e800b2..1533ba5 100644 --- a/kernel/smp.c +++ b/kernel/smp.c +@@ -75,7 +75,7 @@ hotplug_cfd(struct notifier_block *nfb, unsigned long action, void *hcpu) + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata hotplug_cfd_notifier = { ++static struct notifier_block hotplug_cfd_notifier = { + .notifier_call = hotplug_cfd, + }; + @@ -591,22 +591,22 @@ int smp_call_function(smp_call_func_t func, void *info, int wait) } EXPORT_SYMBOL(smp_call_function); @@ -73300,7 +73530,7 @@ index 9e800b2..451c00b 100644 raw_spin_unlock_irq(&call_function.lock); } diff --git a/kernel/softirq.c b/kernel/softirq.c -index 2c71d91..2c2ecef 100644 +index 2c71d91..f6c64a4 100644 --- a/kernel/softirq.c +++ b/kernel/softirq.c @@ -52,11 +52,11 @@ irq_cpustat_t irq_stat[NR_CPUS] ____cacheline_aligned; @@ -73353,6 +73583,37 @@ index 2c71d91..2c2ecef 100644 { struct tasklet_struct *list; +@@ -712,7 +712,7 @@ static int __cpuinit remote_softirq_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata remote_softirq_cpu_notifier = { ++static struct notifier_block remote_softirq_cpu_notifier = { + .notifier_call = remote_softirq_cpu_notify, + }; + +@@ -894,7 +894,7 @@ static int __cpuinit cpu_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata cpu_nfb = { ++static struct notifier_block cpu_nfb = { + .notifier_call = cpu_callback + }; + +diff --git a/kernel/stop_machine.c b/kernel/stop_machine.c +index 2f194e9..2c05ea9 100644 +--- a/kernel/stop_machine.c ++++ b/kernel/stop_machine.c +@@ -362,7 +362,7 @@ static int __cpuinit cpu_stop_cpu_callback(struct notifier_block *nfb, + * cpu notifiers. It currently shares the same priority as sched + * migration_notifier. + */ +-static struct notifier_block __cpuinitdata cpu_stop_cpu_notifier = { ++static struct notifier_block cpu_stop_cpu_notifier = { + .notifier_call = cpu_stop_cpu_callback, + .priority = 10, + }; diff --git a/kernel/sys.c b/kernel/sys.c index f5939c2..110dc5d 100644 --- a/kernel/sys.c @@ -74078,7 +74339,7 @@ index 0b537f2..40d6c20 100644 return -ENOMEM; return 0; diff --git a/kernel/timer.c b/kernel/timer.c -index c219db6..815c225 100644 +index c219db6..90f3084 100644 --- a/kernel/timer.c +++ b/kernel/timer.c @@ -1306,7 +1306,7 @@ void update_process_times(int user_tick) @@ -74095,7 +74356,7 @@ index c219db6..815c225 100644 } -static struct notifier_block __cpuinitdata timers_nb = { -+static struct notifier_block __cpuinitconst timers_nb = { ++static struct notifier_block timers_nb = { .notifier_call = timer_cpu_notify, }; @@ -74699,6 +74960,19 @@ index 209b379..7f76423 100644 tsk->comm); put_task_struct(tsk); } +diff --git a/kernel/watchdog.c b/kernel/watchdog.c +index a8bc4d9..eae8357 100644 +--- a/kernel/watchdog.c ++++ b/kernel/watchdog.c +@@ -574,7 +574,7 @@ cpu_callback(struct notifier_block *nfb, unsigned long action, void *hcpu) + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata cpu_nfb = { ++static struct notifier_block cpu_nfb = { + .notifier_call = cpu_callback + }; + diff --git a/kernel/workqueue.c b/kernel/workqueue.c index 7bf068a..1323074 100644 --- a/kernel/workqueue.c @@ -78315,8 +78589,21 @@ index f59e170..34e2a2b 100644 *region = *vma->vm_region; new->vm_region = region; +diff --git a/mm/page-writeback.c b/mm/page-writeback.c +index 50f0824..97710b4 100644 +--- a/mm/page-writeback.c ++++ b/mm/page-writeback.c +@@ -1380,7 +1380,7 @@ ratelimit_handler(struct notifier_block *self, unsigned long u, void *v) + return NOTIFY_DONE; + } + +-static struct notifier_block __cpuinitdata ratelimit_nb = { ++static struct notifier_block ratelimit_nb = { + .notifier_call = ratelimit_handler, + .next = NULL, + }; diff --git a/mm/page_alloc.c b/mm/page_alloc.c -index 4d3a697..29ecee3 100644 +index 4d3a697..4f0e54f 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -341,7 +341,7 @@ out: @@ -78377,6 +78664,52 @@ index 4d3a697..29ecee3 100644 return 1; } return 0; +@@ -4253,10 +4271,11 @@ static void __meminit calculate_node_totalpages(struct pglist_data *pgdat, + * round what is now in bits to nearest long in bits, then return it in + * bytes. + */ +-static unsigned long __init usemap_size(unsigned long zonesize) ++static unsigned long __init usemap_size(unsigned long zone_start_pfn, unsigned long zonesize) + { + unsigned long usemapsize; + ++ zonesize += zone_start_pfn & (pageblock_nr_pages-1); + usemapsize = roundup(zonesize, pageblock_nr_pages); + usemapsize = usemapsize >> pageblock_order; + usemapsize *= NR_PAGEBLOCK_BITS; +@@ -4266,17 +4285,19 @@ static unsigned long __init usemap_size(unsigned long zonesize) + } + + static void __init setup_usemap(struct pglist_data *pgdat, +- struct zone *zone, unsigned long zonesize) ++ struct zone *zone, ++ unsigned long zone_start_pfn, ++ unsigned long zonesize) + { +- unsigned long usemapsize = usemap_size(zonesize); ++ unsigned long usemapsize = usemap_size(zone_start_pfn, zonesize); + zone->pageblock_flags = NULL; + if (usemapsize) + zone->pageblock_flags = alloc_bootmem_node_nopanic(pgdat, + usemapsize); + } + #else +-static inline void setup_usemap(struct pglist_data *pgdat, +- struct zone *zone, unsigned long zonesize) {} ++static inline void setup_usemap(struct pglist_data *pgdat, struct zone *zone, ++ unsigned long zone_start_pfn, unsigned long zonesize) {} + #endif /* CONFIG_SPARSEMEM */ + + #ifdef CONFIG_HUGETLB_PAGE_SIZE_VARIABLE +@@ -4401,7 +4422,7 @@ static void __paginginit free_area_init_core(struct pglist_data *pgdat, + continue; + + set_pageblock_order(); +- setup_usemap(pgdat, zone, size); ++ setup_usemap(pgdat, zone, zone_start_pfn, size); + ret = init_currently_empty_zone(zone, zone_start_pfn, + size, MEMMAP_EARLY); + BUG_ON(ret); diff --git a/mm/percpu.c b/mm/percpu.c index 5c29750..99f6386 100644 --- a/mm/percpu.c @@ -78617,7 +78950,7 @@ index 12b9e80..5118865 100644 return -ENOMEM; diff --git a/mm/slab.c b/mm/slab.c -index 4c3b671..fb969ec 100644 +index 4c3b671..40fa2eb 100644 --- a/mm/slab.c +++ b/mm/slab.c @@ -151,7 +151,7 @@ @@ -78700,6 +79033,15 @@ index 4c3b671..fb969ec 100644 return csizep->cs_cachep; } +@@ -1370,7 +1377,7 @@ static int __cpuinit cpuup_callback(struct notifier_block *nfb, + return notifier_from_errno(err); + } + +-static struct notifier_block __cpuinitdata cpucache_notifier = { ++static struct notifier_block cpucache_notifier = { + &cpuup_callback, NULL, 0 + }; + @@ -1572,7 +1579,7 @@ void __init kmem_cache_init(void) sizes[INDEX_AC].cs_cachep = kmem_cache_create(names[INDEX_AC].name, sizes[INDEX_AC].cs_size, @@ -79186,7 +79528,7 @@ index 8105be4..8d6cd07 100644 EXPORT_SYMBOL(kmem_cache_free); diff --git a/mm/slub.c b/mm/slub.c -index 5710788..dffead9 100644 +index 5710788..dbb5d49 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -208,7 +208,7 @@ struct track { @@ -79409,6 +79751,15 @@ index 5710788..dffead9 100644 goto err; } up_write(&slub_lock); +@@ -3979,7 +4060,7 @@ static int __cpuinit slab_cpuup_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata slab_notifier = { ++static struct notifier_block slab_notifier = { + .notifier_call = slab_cpuup_callback + }; + @@ -4037,7 +4118,7 @@ void *__kmalloc_node_track_caller(size_t size, gfp_t gfpflags, } #endif @@ -79800,7 +80151,7 @@ index eeba3bb..8555cab 100644 if (v->nr_pages) seq_printf(m, " pages=%d", v->nr_pages); diff --git a/mm/vmstat.c b/mm/vmstat.c -index 8fd603b..cf0d930 100644 +index 8fd603b..495a5a1 100644 --- a/mm/vmstat.c +++ b/mm/vmstat.c @@ -78,7 +78,7 @@ void vm_events_fold_cpu(int cpu) @@ -79830,6 +80181,15 @@ index 8fd603b..cf0d930 100644 } #endif +@@ -1193,7 +1193,7 @@ static int __cpuinit vmstat_cpuup_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata vmstat_notifier = ++static struct notifier_block vmstat_notifier = + { &vmstat_cpuup_callback, NULL, 0 }; + #endif + @@ -1208,10 +1208,20 @@ static int __init setup_vmstat(void) start_cpu_timer(cpu); #endif @@ -81068,6 +81428,47 @@ index 39a2d29..f39c0fe 100644 ---help--- Econet is a fairly old and slow networking protocol mainly used by Acorn computers to access file and print servers. It uses native +diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c +index 59a7041..060976d 100644 +--- a/net/ipv4/arp.c ++++ b/net/ipv4/arp.c +@@ -945,24 +945,25 @@ static void parp_redo(struct sk_buff *skb) + static int arp_rcv(struct sk_buff *skb, struct net_device *dev, + struct packet_type *pt, struct net_device *orig_dev) + { +- struct arphdr *arp; ++ const struct arphdr *arp; + +- /* ARP header, plus 2 device addresses, plus 2 IP addresses. */ +- if (!pskb_may_pull(skb, arp_hdr_len(dev))) +- goto freeskb; +- +- arp = arp_hdr(skb); +- if (arp->ar_hln != dev->addr_len || +- dev->flags & IFF_NOARP || ++ if (dev->flags & IFF_NOARP || + skb->pkt_type == PACKET_OTHERHOST || +- skb->pkt_type == PACKET_LOOPBACK || +- arp->ar_pln != 4) ++ skb->pkt_type == PACKET_LOOPBACK) + goto freeskb; + + skb = skb_share_check(skb, GFP_ATOMIC); +- if (skb == NULL) ++ if (!skb) + goto out_of_mem; + ++ /* ARP header, plus 2 device addresses, plus 2 IP addresses. */ ++ if (!pskb_may_pull(skb, arp_hdr_len(dev))) ++ goto freeskb; ++ ++ arp = arp_hdr(skb); ++ if (arp->ar_hln != dev->addr_len || arp->ar_pln != 4) ++ goto freeskb; ++ + memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb)); + + return NF_HOOK(NFPROTO_ARP, NF_ARP_IN, skb, dev, NULL, arp_process); diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c index e41c40f..26d7e03 100644 --- a/net/ipv4/devinet.c @@ -81248,7 +81649,7 @@ index a4e7131..fe66a18f 100644 rc = qp->q.fragments && (end - start) > max; diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c -index 0106d25..cc0b33e 100644 +index 3b36002..27e6634 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -1120,7 +1120,8 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname, @@ -81520,10 +81921,10 @@ index 94cdbc5..0cb0063 100644 ts = peer->tcp_ts; tsage = get_seconds() - peer->tcp_ts_stamp; diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c -index aab8f08..36092b1 100644 +index e865ed1..457805b 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c -@@ -4727,7 +4727,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb, +@@ -4732,7 +4732,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb, * simplifies code) */ static void @@ -81532,17 +81933,17 @@ index aab8f08..36092b1 100644 struct sk_buff *head, struct sk_buff *tail, u32 start, u32 end) { -@@ -5542,6 +5542,9 @@ slow_path: +@@ -5547,6 +5547,9 @@ slow_path: if (len < (th->doff << 2) || tcp_checksum_complete_user(sk, skb)) goto csum_error; -+ if (!th->ack) ++ if (!th->ack && !th->rst) + goto discard; + /* * Standard slow path. */ -@@ -5550,7 +5553,7 @@ slow_path: +@@ -5555,7 +5558,7 @@ slow_path: return 0; step5: @@ -81551,7 +81952,7 @@ index aab8f08..36092b1 100644 goto discard; /* ts_recent update must be made after we are sure that the packet -@@ -5786,6 +5789,7 @@ discard: +@@ -5791,6 +5794,7 @@ discard: tcp_paws_reject(&tp->rx_opt, 0)) goto discard_and_undo; @@ -81559,7 +81960,7 @@ index aab8f08..36092b1 100644 if (th->syn) { /* We see SYN without ACK. It is attempt of * simultaneous connect with crossed SYNs. -@@ -5834,6 +5838,7 @@ discard: +@@ -5839,6 +5843,7 @@ discard: goto discard; #endif } @@ -81567,7 +81968,7 @@ index aab8f08..36092b1 100644 /* "fifth, if neither of the SYN or RST bits is set then * drop the segment and return." */ -@@ -5877,7 +5882,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, +@@ -5882,7 +5887,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, goto discard; if (th->syn) { @@ -81576,11 +81977,11 @@ index aab8f08..36092b1 100644 goto discard; if (icsk->icsk_af_ops->conn_request(sk, skb) < 0) return 1; -@@ -5916,11 +5921,14 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, +@@ -5921,11 +5926,14 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, return 0; } -+ if (!th->ack) ++ if (!th->ack && !th->rst) + goto discard; + if (!tcp_validate_incoming(sk, skb, th, 0)) @@ -81592,7 +81993,7 @@ index aab8f08..36092b1 100644 int acceptable = tcp_ack(sk, skb, FLAG_SLOWPATH) > 0; switch (sk->sk_state) { -@@ -6025,8 +6033,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, +@@ -6030,8 +6038,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, } break; } @@ -81886,7 +82287,7 @@ index 5a65eea..bd913a1 100644 int udp4_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c -index aef80d7..1624eee 100644 +index b27baed..5c4d458 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -2151,7 +2151,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) @@ -82423,6 +82824,19 @@ index cf98d62..7bf2972 100644 } write_unlock_bh(&iucv_sk_list.lock); +diff --git a/net/iucv/iucv.c b/net/iucv/iucv.c +index 403be43..87f09da 100644 +--- a/net/iucv/iucv.c ++++ b/net/iucv/iucv.c +@@ -690,7 +690,7 @@ static int __cpuinit iucv_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __refdata iucv_cpu_notifier = { ++static struct notifier_block iucv_cpu_notifier = { + .notifier_call = iucv_cpu_notify, + }; + diff --git a/net/key/af_key.c b/net/key/af_key.c index 1e733e9..3d73c9f 100644 --- a/net/key/af_key.c @@ -83014,7 +83428,7 @@ index f156382..95ce7ba 100644 *uaddr_len = sizeof(struct sockaddr_ax25); } diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c -index 85afc13..d9fb2db 100644 +index 835fcea..d9fb2db 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c @@ -1684,7 +1684,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, @@ -83035,27 +83449,7 @@ index 85afc13..d9fb2db 100644 spin_unlock(&sk->sk_receive_queue.lock); drop_n_restore: -@@ -2422,13 +2422,15 @@ static int packet_release(struct socket *sock) - - packet_flush_mclist(sk); - -- memset(&req_u, 0, sizeof(req_u)); -- -- if (po->rx_ring.pg_vec) -+ if (po->rx_ring.pg_vec) { -+ memset(&req_u, 0, sizeof(req_u)); - packet_set_ring(sk, &req_u, 1, 0); -+ } - -- if (po->tx_ring.pg_vec) -+ if (po->tx_ring.pg_vec) { -+ memset(&req_u, 0, sizeof(req_u)); - packet_set_ring(sk, &req_u, 1, 1); -+ } - - fanout_release(sk); - -@@ -2621,6 +2623,7 @@ out: +@@ -2623,6 +2623,7 @@ out: static int packet_recv_error(struct sock *sk, struct msghdr *msg, int len) { @@ -83063,7 +83457,7 @@ index 85afc13..d9fb2db 100644 struct sock_exterr_skb *serr; struct sk_buff *skb, *skb2; int copied, err; -@@ -2642,8 +2645,9 @@ static int packet_recv_error(struct sock *sk, struct msghdr *msg, int len) +@@ -2644,8 +2645,9 @@ static int packet_recv_error(struct sock *sk, struct msghdr *msg, int len) sock_recv_timestamp(msg, sk, skb); serr = SKB_EXT_ERR(skb); @@ -83074,7 +83468,7 @@ index 85afc13..d9fb2db 100644 msg->msg_flags |= MSG_ERRQUEUE; err = copied; -@@ -3274,7 +3278,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, +@@ -3276,7 +3278,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, case PACKET_HDRLEN: if (len > sizeof(int)) len = sizeof(int); @@ -83083,7 +83477,7 @@ index 85afc13..d9fb2db 100644 return -EFAULT; switch (val) { case TPACKET_V1: -@@ -3324,7 +3328,11 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, +@@ -3326,7 +3328,11 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, if (put_user(len, optlen)) return -EFAULT; @@ -83617,29 +84011,6 @@ index bf81204..333926d 100644 SCTP_DBG_OBJCNT_DEC(keys); } } -diff --git a/net/sctp/endpointola.c b/net/sctp/endpointola.c -index c8cc24e..dbe5870a 100644 ---- a/net/sctp/endpointola.c -+++ b/net/sctp/endpointola.c -@@ -248,6 +248,8 @@ void sctp_endpoint_free(struct sctp_endpoint *ep) - /* Final destructor for endpoint. */ - static void sctp_endpoint_destroy(struct sctp_endpoint *ep) - { -+ int i; -+ - SCTP_ASSERT(ep->base.dead, "Endpoint is not dead", return); - - /* Free up the HMAC transform. */ -@@ -270,6 +272,9 @@ static void sctp_endpoint_destroy(struct sctp_endpoint *ep) - sctp_inq_free(&ep->base.inqueue); - sctp_bind_addr_free(&ep->base.bind_addr); - -+ for (i = 0; i < SCTP_HOW_MANY_SECRETS; ++i) -+ memset(&ep->secret_key[i], 0, SCTP_SECRET_SIZE); -+ - /* Remove and free the port */ - if (sctp_sk(ep->base.sk)->bind_hash) - sctp_put_port(ep->base.sk); diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c index 8104278..631330b 100644 --- a/net/sctp/ipv6.c @@ -83694,18 +84065,9 @@ index 6f6ad86..f80bd85 100644 static int sctp_v4_protosw_init(void) diff --git a/net/sctp/socket.c b/net/sctp/socket.c -index fa8333b..8633998 100644 +index 5e0d86e..8633998 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c -@@ -3375,7 +3375,7 @@ static int sctp_setsockopt_auth_key(struct sock *sk, - - ret = sctp_auth_set_key(sctp_sk(sk)->ep, asoc, authkey); - out: -- kfree(authkey); -+ kzfree(authkey); - return ret; - } - @@ -4583,6 +4583,8 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len, addrlen = sctp_get_af_specific(temp.sa.sa_family)->sockaddr_len; if (space_left < addrlen) @@ -84705,12 +85067,12 @@ index cb1f50c..cef2a7c 100644 fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianess? %#x\n", diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh new file mode 100644 -index 0000000..008ac1a +index 0000000..5e0222d --- /dev/null +++ b/scripts/gcc-plugin.sh @@ -0,0 +1,17 @@ +#!/bin/bash -+plugincc=`$1 -x c -shared - -o /dev/null -I\`$3 -print-file-name=plugin\`/include 2>&1 <<EOF ++plugincc=`$1 -E -shared - -o /dev/null -I\`$3 -print-file-name=plugin\`/include 2>&1 <<EOF +#include "gcc-plugin.h" +#include "tree.h" +#include "tm.h" diff --git a/3.2.38/4425_grsec_remove_EI_PAX.patch b/3.2.39/4425_grsec_remove_EI_PAX.patch index 97e6951..97e6951 100644 --- a/3.2.38/4425_grsec_remove_EI_PAX.patch +++ b/3.2.39/4425_grsec_remove_EI_PAX.patch diff --git a/3.2.38/4430_grsec-remove-localversion-grsec.patch b/3.2.39/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.2.38/4430_grsec-remove-localversion-grsec.patch +++ b/3.2.39/4430_grsec-remove-localversion-grsec.patch diff --git a/3.2.38/4435_grsec-mute-warnings.patch b/3.2.39/4435_grsec-mute-warnings.patch index e85abd6..e85abd6 100644 --- a/3.2.38/4435_grsec-mute-warnings.patch +++ b/3.2.39/4435_grsec-mute-warnings.patch diff --git a/3.2.38/4440_grsec-remove-protected-paths.patch b/3.2.39/4440_grsec-remove-protected-paths.patch index 637934a..637934a 100644 --- a/3.2.38/4440_grsec-remove-protected-paths.patch +++ b/3.2.39/4440_grsec-remove-protected-paths.patch diff --git a/3.2.38/4450_grsec-kconfig-default-gids.patch b/3.2.39/4450_grsec-kconfig-default-gids.patch index 3dfdc8f..3dfdc8f 100644 --- a/3.2.38/4450_grsec-kconfig-default-gids.patch +++ b/3.2.39/4450_grsec-kconfig-default-gids.patch diff --git a/3.2.38/4465_selinux-avc_audit-log-curr_ip.patch b/3.2.39/4465_selinux-avc_audit-log-curr_ip.patch index a7cc9cd..a7cc9cd 100644 --- a/3.2.38/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.2.39/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.2.38/4470_disable-compat_vdso.patch b/3.2.39/4470_disable-compat_vdso.patch index c06bd8b..c06bd8b 100644 --- a/3.2.38/4470_disable-compat_vdso.patch +++ b/3.2.39/4470_disable-compat_vdso.patch diff --git a/3.7.9/0000_README b/3.8.0/0000_README index bd6a050..8d7fe2e 100644 --- a/3.7.9/0000_README +++ b/3.8.0/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-2.9.1-3.7.9-201302171808.patch +Patch: 4420_grsecurity-2.9.1-3.8.0-201302231124.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.7.9/4420_grsecurity-2.9.1-3.7.9-201302171808.patch b/3.8.0/4420_grsecurity-2.9.1-3.8.0-201302231124.patch index f81b3df..c065fb8 100644 --- a/3.7.9/4420_grsecurity-2.9.1-3.7.9-201302171808.patch +++ b/3.8.0/4420_grsecurity-2.9.1-3.8.0-201302231124.patch @@ -1,5 +1,5 @@ diff --git a/Documentation/dontdiff b/Documentation/dontdiff -index 74c25c8..deadba2 100644 +index b89a739..dba90c5 100644 --- a/Documentation/dontdiff +++ b/Documentation/dontdiff @@ -2,9 +2,11 @@ @@ -144,7 +144,7 @@ index 74c25c8..deadba2 100644 mkprep mkregtable mktables -@@ -186,6 +205,8 @@ oui.c* +@@ -185,6 +204,8 @@ oui.c* page-types parse.c parse.h @@ -153,7 +153,7 @@ index 74c25c8..deadba2 100644 patches* pca200e.bin pca200e_ecd.bin2 -@@ -195,6 +216,7 @@ perf-archive +@@ -194,6 +215,7 @@ perf-archive piggyback piggy.gzip piggy.S @@ -161,7 +161,7 @@ index 74c25c8..deadba2 100644 pnmtologo ppc_defs.h* pss_boot.h -@@ -204,7 +226,10 @@ r200_reg_safe.h +@@ -203,7 +225,10 @@ r200_reg_safe.h r300_reg_safe.h r420_reg_safe.h r600_reg_safe.h @@ -172,7 +172,7 @@ index 74c25c8..deadba2 100644 relocs rlim_names.h rn50_reg_safe.h -@@ -214,8 +239,11 @@ series +@@ -213,8 +238,11 @@ series setup setup.bin setup.elf @@ -184,7 +184,7 @@ index 74c25c8..deadba2 100644 split-include syscalltab.h tables.c -@@ -225,6 +253,7 @@ tftpboot.img +@@ -224,6 +252,7 @@ tftpboot.img timeconst.h times.h* trix_boot.h @@ -192,7 +192,7 @@ index 74c25c8..deadba2 100644 utsrelease.h* vdso-syms.lds vdso.lds -@@ -236,13 +265,17 @@ vdso32.lds +@@ -235,13 +264,17 @@ vdso32.lds vdso32.so.dbg vdso64.lds vdso64.so.dbg @@ -210,7 +210,7 @@ index 74c25c8..deadba2 100644 vmlinuz voffset.h vsyscall.lds -@@ -250,9 +283,11 @@ vsyscall_32.lds +@@ -249,9 +282,11 @@ vsyscall_32.lds wanxlfw.inc uImage unifdef @@ -223,20 +223,21 @@ index 74c25c8..deadba2 100644 +zconf.lex.c zoffset.h diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt -index 9776f06..18b1856 100644 +index 6c72381..2fe9ae4 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt -@@ -905,6 +905,9 @@ bytes respectively. Such letter suffixes can also be entirely omitted. - gpt [EFI] Forces disk with valid GPT signature but - invalid Protective MBR to be treated as GPT. +@@ -917,6 +917,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted. + Format: <unsigned int> such that (rxsize & ~0x1fffc0) == 0. + Default: 1024 -+ grsec_proc_gid= [GRKERNSEC_PROC_USERGROUP] Chooses GID to ++ grsec_proc_gid= [GRKERNSEC_PROC_USERGROUP] Chooses GID to + ignore grsecurity's /proc restrictions + ++ hashdist= [KNL,NUMA] Large hashes allocated during boot are distributed across NUMA nodes. Defaults on for 64-bit NUMA, off otherwise. -@@ -2082,6 +2085,13 @@ bytes respectively. Such letter suffixes can also be entirely omitted. +@@ -2116,6 +2120,13 @@ bytes respectively. Such letter suffixes can also be entirely omitted. the specified number of seconds. This is to be used if your oopses keep scrolling off the screen. @@ -251,7 +252,7 @@ index 9776f06..18b1856 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 5634228..b54a897 100644 +index d69266c..e4f6593 100644 --- a/Makefile +++ b/Makefile @@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -277,12 +278,16 @@ index 5634228..b54a897 100644 $(Q)$(MAKE) $(build)=scripts/basic $(Q)rm -f .tmp_quiet_recordmcount -@@ -575,6 +576,60 @@ else +@@ -575,6 +576,64 @@ else KBUILD_CFLAGS += -O2 endif +ifndef DISABLE_PAX_PLUGINS ++ifeq ($(call cc-ifversion, -ge, 0408, y), y) ++PLUGINCC := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCXX)" "$(HOSTCXX)" "$(CC)") ++else +PLUGINCC := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCC)" "$(HOSTCXX)" "$(CC)") ++endif +ifneq ($(PLUGINCC),) +ifndef DISABLE_PAX_CONSTIFY_PLUGIN +ifndef CONFIG_UML @@ -338,7 +343,7 @@ index 5634228..b54a897 100644 include $(srctree)/arch/$(SRCARCH)/Makefile ifdef CONFIG_READABLE_ASM -@@ -731,7 +786,7 @@ export mod_sign_cmd +@@ -731,7 +790,7 @@ export mod_sign_cmd ifeq ($(KBUILD_EXTMOD),) @@ -347,7 +352,7 @@ index 5634228..b54a897 100644 vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \ $(core-y) $(core-m) $(drivers-y) $(drivers-m) \ -@@ -778,6 +833,8 @@ endif +@@ -778,6 +837,8 @@ endif # The actual objects are generated when descending, # make sure no implicit rule kicks in @@ -356,7 +361,7 @@ index 5634228..b54a897 100644 $(sort $(vmlinux-deps)): $(vmlinux-dirs) ; # Handle descending into subdirectories listed in $(vmlinux-dirs) -@@ -787,7 +844,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ; +@@ -787,7 +848,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ; # Error messages still appears in the original language PHONY += $(vmlinux-dirs) @@ -365,7 +370,7 @@ index 5634228..b54a897 100644 $(Q)$(MAKE) $(build)=$@ # Store (new) KERNELRELASE string in include/config/kernel.release -@@ -831,6 +888,7 @@ prepare0: archprepare FORCE +@@ -831,6 +892,7 @@ prepare0: archprepare FORCE $(Q)$(MAKE) $(build)=. # All the preparing.. @@ -373,7 +378,7 @@ index 5634228..b54a897 100644 prepare: prepare0 # Generate some files -@@ -938,6 +996,8 @@ all: modules +@@ -938,6 +1000,8 @@ all: modules # using awk while concatenating to the final file. PHONY += modules @@ -382,7 +387,7 @@ index 5634228..b54a897 100644 modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order @$(kecho) ' Building modules, stage 2.'; -@@ -953,7 +1013,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) +@@ -953,7 +1017,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) # Target to prepare building external modules PHONY += modules_prepare @@ -391,7 +396,7 @@ index 5634228..b54a897 100644 # Target to install modules PHONY += modules_install -@@ -1013,7 +1073,7 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \ +@@ -1019,7 +1083,7 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \ Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS \ signing_key.priv signing_key.x509 x509.genkey \ extra_certificates signing_key.x509.keyid \ @@ -400,7 +405,7 @@ index 5634228..b54a897 100644 # clean - Delete most, but leave enough to build external modules # -@@ -1053,6 +1113,7 @@ distclean: mrproper +@@ -1059,6 +1123,7 @@ distclean: mrproper \( -name '*.orig' -o -name '*.rej' -o -name '*~' \ -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \ -o -name '.*.rej' \ @@ -408,7 +413,7 @@ index 5634228..b54a897 100644 -o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \ -type f -print | xargs rm -f -@@ -1213,6 +1274,8 @@ PHONY += $(module-dirs) modules +@@ -1219,6 +1284,8 @@ PHONY += $(module-dirs) modules $(module-dirs): crmodverdir $(objtree)/Module.symvers $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) @@ -417,7 +422,7 @@ index 5634228..b54a897 100644 modules: $(module-dirs) @$(kecho) ' Building modules, stage 2.'; $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost -@@ -1349,17 +1412,21 @@ else +@@ -1355,17 +1422,21 @@ else target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@)) endif @@ -443,7 +448,7 @@ index 5634228..b54a897 100644 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) %.symtypes: %.c prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) -@@ -1369,11 +1436,15 @@ endif +@@ -1375,11 +1446,15 @@ endif $(cmd_crmodverdir) $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ $(build)=$(build-dir) @@ -792,6 +797,19 @@ index 0c4132d..88f0d53 100644 } else if (!cause) { /* Allow reads even for write-only mappings */ if (!(vma->vm_flags & (VM_READ | VM_WRITE))) +diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig +index 67874b8..0e40765 100644 +--- a/arch/arm/Kconfig ++++ b/arch/arm/Kconfig +@@ -1813,7 +1813,7 @@ config ALIGNMENT_TRAP + + config UACCESS_WITH_MEMCPY + bool "Use kernel mem{cpy,set}() for {copy_to,clear}_user()" +- depends on MMU ++ depends on MMU && !PAX_MEMORY_UDEREF + default y if CPU_FEROCEON + help + Implement faster copy_to_user and clear_user methods for CPU diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic.h index c79f61f..9ac0642 100644 --- a/arch/arm/include/asm/atomic.h @@ -1456,6 +1474,31 @@ index e1489c5..d418304 100644 /* * Select the calling method +diff --git a/arch/arm/include/asm/checksum.h b/arch/arm/include/asm/checksum.h +index 6dcc164..b14d917 100644 +--- a/arch/arm/include/asm/checksum.h ++++ b/arch/arm/include/asm/checksum.h +@@ -37,7 +37,19 @@ __wsum + csum_partial_copy_nocheck(const void *src, void *dst, int len, __wsum sum); + + __wsum +-csum_partial_copy_from_user(const void __user *src, void *dst, int len, __wsum sum, int *err_ptr); ++__csum_partial_copy_from_user(const void __user *src, void *dst, int len, __wsum sum, int *err_ptr); ++ ++static inline __wsum ++csum_partial_copy_from_user(const void __user *src, void *dst, int len, __wsum sum, int *err_ptr) ++{ ++ __wsum ret; ++ pax_open_userland(); ++ ret = __csum_partial_copy_from_user(src, dst, len, sum, err_ptr); ++ pax_close_userland(); ++ return ret; ++} ++ ++ + + /* + * Fold a partial checksum without adding pseudo headers diff --git a/arch/arm/include/asm/cmpxchg.h b/arch/arm/include/asm/cmpxchg.h index 7eb18c1..e38b6d2 100644 --- a/arch/arm/include/asm/cmpxchg.h @@ -1496,6 +1539,67 @@ index ab98fdd..6b19938 100644 #define udelay(n) \ (__builtin_constant_p(n) ? \ +diff --git a/arch/arm/include/asm/domain.h b/arch/arm/include/asm/domain.h +index 6ddbe44..758b5f2 100644 +--- a/arch/arm/include/asm/domain.h ++++ b/arch/arm/include/asm/domain.h +@@ -48,18 +48,37 @@ + * Domain types + */ + #define DOMAIN_NOACCESS 0 +-#define DOMAIN_CLIENT 1 + #ifdef CONFIG_CPU_USE_DOMAINS ++#define DOMAIN_USERCLIENT 1 ++#define DOMAIN_KERNELCLIENT 1 + #define DOMAIN_MANAGER 3 ++#define DOMAIN_VECTORS DOMAIN_USER + #else ++ ++#ifdef CONFIG_PAX_KERNEXEC + #define DOMAIN_MANAGER 1 ++#define DOMAIN_KERNEXEC 3 ++#else ++#define DOMAIN_MANAGER 1 ++#endif ++ ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++#define DOMAIN_USERCLIENT 0 ++#define DOMAIN_UDEREF 1 ++#define DOMAIN_VECTORS DOMAIN_KERNEL ++#else ++#define DOMAIN_USERCLIENT 1 ++#define DOMAIN_VECTORS DOMAIN_USER ++#endif ++#define DOMAIN_KERNELCLIENT 1 ++ + #endif + + #define domain_val(dom,type) ((type) << (2*(dom))) + + #ifndef __ASSEMBLY__ + +-#ifdef CONFIG_CPU_USE_DOMAINS ++#if defined(CONFIG_CPU_USE_DOMAINS) || defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF) + static inline void set_domain(unsigned val) + { + asm volatile( +@@ -68,15 +87,7 @@ static inline void set_domain(unsigned val) + isb(); + } + +-#define modify_domain(dom,type) \ +- do { \ +- struct thread_info *thread = current_thread_info(); \ +- unsigned int domain = thread->cpu_domain; \ +- domain &= ~domain_val(dom, DOMAIN_MANAGER); \ +- thread->cpu_domain = domain | domain_val(dom, type); \ +- set_domain(thread->cpu_domain); \ +- } while (0) +- ++extern void modify_domain(unsigned int dom, unsigned int type); + #else + static inline void set_domain(unsigned val) { } + static inline void modify_domain(unsigned dom, unsigned type) { } diff --git a/arch/arm/include/asm/elf.h b/arch/arm/include/asm/elf.h index 38050b1..9d90e8b 100644 --- a/arch/arm/include/asm/elf.h @@ -1525,6 +1629,76 @@ index 38050b1..9d90e8b 100644 -#define arch_randomize_brk arch_randomize_brk - #endif +diff --git a/arch/arm/include/asm/fncpy.h b/arch/arm/include/asm/fncpy.h +index de53547..52b9a28 100644 +--- a/arch/arm/include/asm/fncpy.h ++++ b/arch/arm/include/asm/fncpy.h +@@ -81,7 +81,9 @@ + BUG_ON((uintptr_t)(dest_buf) & (FNCPY_ALIGN - 1) || \ + (__funcp_address & ~(uintptr_t)1 & (FNCPY_ALIGN - 1))); \ + \ ++ pax_open_kernel(); \ + memcpy(dest_buf, (void const *)(__funcp_address & ~1), size); \ ++ pax_close_kernel(); \ + flush_icache_range((unsigned long)(dest_buf), \ + (unsigned long)(dest_buf) + (size)); \ + \ +diff --git a/arch/arm/include/asm/futex.h b/arch/arm/include/asm/futex.h +index e42cf59..7b94b8f 100644 +--- a/arch/arm/include/asm/futex.h ++++ b/arch/arm/include/asm/futex.h +@@ -50,6 +50,8 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr, + if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32))) + return -EFAULT; + ++ pax_open_userland(); ++ + smp_mb(); + __asm__ __volatile__("@futex_atomic_cmpxchg_inatomic\n" + "1: ldrex %1, [%4]\n" +@@ -65,6 +67,8 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr, + : "cc", "memory"); + smp_mb(); + ++ pax_close_userland(); ++ + *uval = val; + return ret; + } +@@ -95,6 +99,8 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr, + if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32))) + return -EFAULT; + ++ pax_open_userland(); ++ + __asm__ __volatile__("@futex_atomic_cmpxchg_inatomic\n" + "1: " TUSER(ldr) " %1, [%4]\n" + " teq %1, %2\n" +@@ -105,6 +111,8 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr, + : "r" (oldval), "r" (newval), "r" (uaddr), "Ir" (-EFAULT) + : "cc", "memory"); + ++ pax_close_userland(); ++ + *uval = val; + return ret; + } +@@ -127,6 +135,7 @@ futex_atomic_op_inuser (int encoded_op, u32 __user *uaddr) + return -EFAULT; + + pagefault_disable(); /* implies preempt_disable() */ ++ pax_open_userland(); + + switch (op) { + case FUTEX_OP_SET: +@@ -148,6 +157,7 @@ futex_atomic_op_inuser (int encoded_op, u32 __user *uaddr) + ret = -ENOSYS; + } + ++ pax_close_userland(); + pagefault_enable(); /* subsumes preempt_enable() */ + + if (!ret) { diff --git a/arch/arm/include/asm/kmap_types.h b/arch/arm/include/asm/kmap_types.h index 83eb2f7..ed77159 100644 --- a/arch/arm/include/asm/kmap_types.h @@ -1551,16 +1725,25 @@ index 9e614a1..3302cca 100644 struct dma_struct { void *addr; /* single DMA address */ diff --git a/arch/arm/include/asm/mach/map.h b/arch/arm/include/asm/mach/map.h -index 195ac2f..2272f0d 100644 +index 2fe141f..192dc01 100644 --- a/arch/arm/include/asm/mach/map.h +++ b/arch/arm/include/asm/mach/map.h -@@ -34,6 +34,9 @@ struct map_desc { +@@ -27,13 +27,16 @@ struct map_desc { + #define MT_MINICLEAN 6 + #define MT_LOW_VECTORS 7 + #define MT_HIGH_VECTORS 8 +-#define MT_MEMORY 9 ++#define MT_MEMORY_RWX 9 + #define MT_ROM 10 +-#define MT_MEMORY_NONCACHED 11 ++#define MT_MEMORY_NONCACHED_RX 11 + #define MT_MEMORY_DTCM 12 #define MT_MEMORY_ITCM 13 #define MT_MEMORY_SO 14 #define MT_MEMORY_DMA_READY 15 -+#define MT_MEMORY_R 16 -+#define MT_MEMORY_RW 17 -+#define MT_MEMORY_RX 18 ++#define MT_MEMORY_RW 16 ++#define MT_MEMORY_RX 17 ++#define MT_MEMORY_NONCACHED_RW 18 #ifdef CONFIG_MMU extern void iotable_init(struct map_desc *, int); @@ -1591,7 +1774,7 @@ index 812a494..71fc0b6 100644 #ifdef MULTI_USER extern struct cpu_user_fns cpu_user; diff --git a/arch/arm/include/asm/pgalloc.h b/arch/arm/include/asm/pgalloc.h -index 943504f..84d0f84 100644 +index 943504f..c37a730 100644 --- a/arch/arm/include/asm/pgalloc.h +++ b/arch/arm/include/asm/pgalloc.h @@ -17,6 +17,7 @@ @@ -1622,16 +1805,19 @@ index 943504f..84d0f84 100644 #endif /* CONFIG_ARM_LPAE */ -@@ -126,6 +133,16 @@ static inline void pte_free(struct mm_struct *mm, pgtable_t pte) +@@ -126,6 +133,19 @@ static inline void pte_free(struct mm_struct *mm, pgtable_t pte) __free_page(pte); } -+static inline void __pmd_update(pmd_t *pmdp, pmdval_t prot) ++static inline void __section_update(pmd_t *pmdp, unsigned long addr, pmdval_t prot) +{ -+ pmdval_t pmdval = pmd_val(*pmdp) | prot; -+ pmdp[0] = __pmd(pmdval); -+#ifndef CONFIG_ARM_LPAE -+ pmdp[1] = __pmd(pmdval + 256 * sizeof(pte_t)); ++#ifdef CONFIG_ARM_LPAE ++ pmdp[0] = __pmd(pmd_val(pmdp[0]) | prot); ++#else ++ if (addr & SECTION_SIZE) ++ pmdp[1] = __pmd(pmd_val(pmdp[1]) | prot); ++ else ++ pmdp[0] = __pmd(pmd_val(pmdp[0]) | prot); +#endif + flush_pmd_entry(pmdp); +} @@ -1639,7 +1825,7 @@ index 943504f..84d0f84 100644 static inline void __pmd_populate(pmd_t *pmdp, phys_addr_t pte, pmdval_t prot) { -@@ -155,7 +172,7 @@ pmd_populate_kernel(struct mm_struct *mm, pmd_t *pmdp, pte_t *ptep) +@@ -155,7 +175,7 @@ pmd_populate_kernel(struct mm_struct *mm, pmd_t *pmdp, pte_t *ptep) static inline void pmd_populate(struct mm_struct *mm, pmd_t *pmdp, pgtable_t ptep) { @@ -1649,14 +1835,14 @@ index 943504f..84d0f84 100644 #define pmd_pgtable(pmd) pmd_page(pmd) diff --git a/arch/arm/include/asm/pgtable-2level-hwdef.h b/arch/arm/include/asm/pgtable-2level-hwdef.h -index 5cfba15..d437dc2 100644 +index 5cfba15..f415e1a 100644 --- a/arch/arm/include/asm/pgtable-2level-hwdef.h +++ b/arch/arm/include/asm/pgtable-2level-hwdef.h @@ -20,12 +20,15 @@ #define PMD_TYPE_FAULT (_AT(pmdval_t, 0) << 0) #define PMD_TYPE_TABLE (_AT(pmdval_t, 1) << 0) #define PMD_TYPE_SECT (_AT(pmdval_t, 2) << 0) -+#define PMD_PXNTABLE (_AT(pmdval_t, 1) << 2) /* PXN */ ++#define PMD_PXNTABLE (_AT(pmdval_t, 1) << 2) /* v7 */ #define PMD_BIT4 (_AT(pmdval_t, 1) << 4) #define PMD_DOMAIN(x) (_AT(pmdval_t, (x)) << 5) #define PMD_PROTECTION (_AT(pmdval_t, 1) << 9) /* v5 */ @@ -1664,7 +1850,7 @@ index 5cfba15..d437dc2 100644 /* * - section */ -+#define PMD_SECT_PXN (_AT(pmdval_t, 1) << 0) ++#define PMD_SECT_PXN (_AT(pmdval_t, 1) << 0) /* v7 */ #define PMD_SECT_BUFFERABLE (_AT(pmdval_t, 1) << 2) #define PMD_SECT_CACHEABLE (_AT(pmdval_t, 1) << 3) #define PMD_SECT_XN (_AT(pmdval_t, 1) << 4) /* v6 */ @@ -1672,27 +1858,35 @@ index 5cfba15..d437dc2 100644 #define PMD_SECT_nG (_AT(pmdval_t, 1) << 17) /* v6 */ #define PMD_SECT_SUPER (_AT(pmdval_t, 1) << 18) /* v6 */ #define PMD_SECT_AF (_AT(pmdval_t, 0)) -+#define PMD_SECT_AP_RDONLY (_AT(pmdval_t, 0)) ++#define PMD_SECT_RDONLY (_AT(pmdval_t, 0)) #define PMD_SECT_UNCACHED (_AT(pmdval_t, 0)) #define PMD_SECT_BUFFERED (PMD_SECT_BUFFERABLE) +@@ -66,6 +70,7 @@ + * - extended small page/tiny page + */ + #define PTE_EXT_XN (_AT(pteval_t, 1) << 0) /* v6 */ ++#define PTE_EXT_PXN (_AT(pteval_t, 1) << 2) /* v7 */ + #define PTE_EXT_AP_MASK (_AT(pteval_t, 3) << 4) + #define PTE_EXT_AP0 (_AT(pteval_t, 1) << 4) + #define PTE_EXT_AP1 (_AT(pteval_t, 2) << 4) diff --git a/arch/arm/include/asm/pgtable-2level.h b/arch/arm/include/asm/pgtable-2level.h -index 2317a71..1897391 100644 +index f97ee02..07f1be5 100644 --- a/arch/arm/include/asm/pgtable-2level.h +++ b/arch/arm/include/asm/pgtable-2level.h -@@ -123,6 +123,7 @@ - #define L_PTE_USER (_AT(pteval_t, 1) << 8) +@@ -125,6 +125,7 @@ #define L_PTE_XN (_AT(pteval_t, 1) << 9) #define L_PTE_SHARED (_AT(pteval_t, 1) << 10) /* shared(v6), coherent(xsc3) */ -+#define L_PTE_PXN (_AT(pteval_t, 1) << 11) /* v7*/ + #define L_PTE_NONE (_AT(pteval_t, 1) << 11) ++#define L_PTE_PXN (_AT(pteval_t, 1) << 12) /* v7*/ /* * These are the memory types, defined to be compatible with diff --git a/arch/arm/include/asm/pgtable-3level-hwdef.h b/arch/arm/include/asm/pgtable-3level-hwdef.h -index d795282..d82ff13 100644 +index d795282..a43ea90 100644 --- a/arch/arm/include/asm/pgtable-3level-hwdef.h +++ b/arch/arm/include/asm/pgtable-3level-hwdef.h -@@ -32,6 +32,7 @@ +@@ -32,15 +32,18 @@ #define PMD_TYPE_SECT (_AT(pmdval_t, 1) << 0) #define PMD_BIT4 (_AT(pmdval_t, 0)) #define PMD_DOMAIN(x) (_AT(pmdval_t, 0)) @@ -1700,7 +1894,10 @@ index d795282..d82ff13 100644 /* * - section -@@ -41,9 +42,11 @@ + */ + #define PMD_SECT_BUFFERABLE (_AT(pmdval_t, 1) << 2) + #define PMD_SECT_CACHEABLE (_AT(pmdval_t, 1) << 3) ++#define PMD_SECT_RDONLY (_AT(pmdval_t, 1) << 7) #define PMD_SECT_S (_AT(pmdval_t, 3) << 8) #define PMD_SECT_AF (_AT(pmdval_t, 1) << 10) #define PMD_SECT_nG (_AT(pmdval_t, 1) << 11) @@ -1708,10 +1905,6 @@ index d795282..d82ff13 100644 #define PMD_SECT_XN (_AT(pmdval_t, 1) << 54) #define PMD_SECT_AP_WRITE (_AT(pmdval_t, 0)) #define PMD_SECT_AP_READ (_AT(pmdval_t, 0)) -+#define PMD_SECT_AP_RDONLY (_AT(pmdval_t, 1) << 7) - #define PMD_SECT_TEX(x) (_AT(pmdval_t, 0)) - - /* @@ -66,6 +69,7 @@ #define PTE_EXT_SHARED (_AT(pteval_t, 3) << 8) /* SH[1:0], inner shareable */ #define PTE_EXT_AF (_AT(pteval_t, 1) << 10) /* Access Flag */ @@ -1721,10 +1914,10 @@ index d795282..d82ff13 100644 /* diff --git a/arch/arm/include/asm/pgtable-3level.h b/arch/arm/include/asm/pgtable-3level.h -index b249035..4ab204b 100644 +index a3f3792..7b932a6 100644 --- a/arch/arm/include/asm/pgtable-3level.h +++ b/arch/arm/include/asm/pgtable-3level.h -@@ -73,6 +73,7 @@ +@@ -74,6 +74,7 @@ #define L_PTE_RDONLY (_AT(pteval_t, 1) << 7) /* AP[2] */ #define L_PTE_SHARED (_AT(pteval_t, 3) << 8) /* SH[1:0], inner shareable */ #define L_PTE_YOUNG (_AT(pteval_t, 1) << 10) /* AF */ @@ -1732,7 +1925,7 @@ index b249035..4ab204b 100644 #define L_PTE_XN (_AT(pteval_t, 1) << 54) /* XN */ #define L_PTE_DIRTY (_AT(pteval_t, 1) << 55) /* unused */ #define L_PTE_SPECIAL (_AT(pteval_t, 1) << 56) /* unused */ -@@ -80,6 +81,7 @@ +@@ -82,6 +83,7 @@ /* * To be used in assembly code with the upper page attributes. */ @@ -1741,7 +1934,7 @@ index b249035..4ab204b 100644 #define L_PTE_DIRTY_HIGH (1 << (55 - 32)) diff --git a/arch/arm/include/asm/pgtable.h b/arch/arm/include/asm/pgtable.h -index 08c1231..1031bb4 100644 +index 9c82f988..514705a 100644 --- a/arch/arm/include/asm/pgtable.h +++ b/arch/arm/include/asm/pgtable.h @@ -30,6 +30,9 @@ @@ -1764,7 +1957,7 @@ index 08c1231..1031bb4 100644 extern void __pte_error(const char *file, int line, pte_t); extern void __pmd_error(const char *file, int line, pmd_t); extern void __pgd_error(const char *file, int line, pgd_t); -@@ -53,6 +59,17 @@ extern void __pgd_error(const char *file, int line, pgd_t); +@@ -53,6 +59,50 @@ extern void __pgd_error(const char *file, int line, pgd_t); #define pmd_ERROR(pmd) __pmd_error(__FILE__, __LINE__, pmd) #define pgd_ERROR(pgd) __pgd_error(__FILE__, __LINE__, pgd) @@ -1772,8 +1965,41 @@ index 08c1231..1031bb4 100644 +#define __HAVE_ARCH_PAX_CLOSE_KERNEL + +#ifdef CONFIG_PAX_KERNEXEC -+static inline unsigned long pax_open_kernel(void) { return 0; /* TODO */ } -+static inline unsigned long pax_close_kernel(void) { return 0; /* TODO */ } ++#include <asm/domain.h> ++#include <linux/thread_info.h> ++#include <linux/preempt.h> ++#endif ++ ++#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF) ++static inline int test_domain(int domain, int domaintype) ++{ ++ return ((current_thread_info()->cpu_domain) & domain_val(domain, 3)) == domain_val(domain, domaintype); ++} ++#endif ++ ++#ifdef CONFIG_PAX_KERNEXEC ++static inline unsigned long pax_open_kernel(void) { ++#ifdef CONFIG_ARM_LPAE ++ /* TODO */ ++#else ++ preempt_disable(); ++ BUG_ON(test_domain(DOMAIN_KERNEL, DOMAIN_KERNEXEC)); ++ modify_domain(DOMAIN_KERNEL, DOMAIN_KERNEXEC); ++#endif ++ return 0; ++} ++ ++static inline unsigned long pax_close_kernel(void) { ++#ifdef CONFIG_ARM_LPAE ++ /* TODO */ ++#else ++ BUG_ON(test_domain(DOMAIN_KERNEL, DOMAIN_MANAGER)); ++ /* DOMAIN_MANAGER = "client" under KERNEXEC */ ++ modify_domain(DOMAIN_KERNEL, DOMAIN_MANAGER); ++ preempt_enable_no_resched(); ++#endif ++ return 0; ++} +#else +static inline unsigned long pax_open_kernel(void) { return 0; } +static inline unsigned long pax_close_kernel(void) { return 0; } @@ -1782,7 +2008,7 @@ index 08c1231..1031bb4 100644 /* * This is the lowest virtual address we can permit any user space * mapping to be mapped at. This is particularly important for -@@ -63,8 +80,8 @@ extern void __pgd_error(const char *file, int line, pgd_t); +@@ -63,8 +113,8 @@ extern void __pgd_error(const char *file, int line, pgd_t); /* * The pgprot_* and protection_map entries will be fixed up in runtime * to include the cachable and bufferable bits based on memory policy, @@ -1793,12 +2019,12 @@ index 08c1231..1031bb4 100644 */ #define _L_PTE_DEFAULT L_PTE_PRESENT | L_PTE_YOUNG -@@ -242,7 +259,7 @@ static inline pte_t pte_mkspecial(pte_t pte) { return pte; } +@@ -240,7 +290,7 @@ static inline pte_t pte_mkspecial(pte_t pte) { return pte; } static inline pte_t pte_modify(pte_t pte, pgprot_t newprot) { -- const pteval_t mask = L_PTE_XN | L_PTE_RDONLY | L_PTE_USER; -+ const pteval_t mask = L_PTE_XN | L_PTE_RDONLY | L_PTE_USER | __supported_pte_mask; +- const pteval_t mask = L_PTE_XN | L_PTE_RDONLY | L_PTE_USER | L_PTE_NONE; ++ const pteval_t mask = L_PTE_XN | L_PTE_RDONLY | L_PTE_USER | L_PTE_NONE | __supported_pte_mask; pte_val(pte) = (pte_val(pte) & ~mask) | (pgprot_val(newprot) & mask); return pte; } @@ -1815,11 +2041,27 @@ index f3628fb..a0672dd 100644 #ifndef MULTI_CPU extern void cpu_proc_init(void); +diff --git a/arch/arm/include/asm/processor.h b/arch/arm/include/asm/processor.h +index 06e7d50..8a8e251 100644 +--- a/arch/arm/include/asm/processor.h ++++ b/arch/arm/include/asm/processor.h +@@ -65,9 +65,8 @@ struct thread_struct { + regs->ARM_cpsr |= PSR_ENDSTATE; \ + regs->ARM_pc = pc & ~1; /* pc */ \ + regs->ARM_sp = sp; /* sp */ \ +- regs->ARM_r2 = stack[2]; /* r2 (envp) */ \ +- regs->ARM_r1 = stack[1]; /* r1 (argv) */ \ +- regs->ARM_r0 = stack[0]; /* r0 (argc) */ \ ++ /* r2 (envp), r1 (argv), r0 (argc) */ \ ++ (void)copy_from_user(®s->ARM_r0, (const char __user *)stack, 3 * sizeof(unsigned long)); \ + nommu_start_thread(regs); \ + }) + diff --git a/arch/arm/include/asm/smp.h b/arch/arm/include/asm/smp.h -index 2e3be16..4dc90fc 100644 +index d3a22be..3a69ad5 100644 --- a/arch/arm/include/asm/smp.h +++ b/arch/arm/include/asm/smp.h -@@ -106,7 +106,7 @@ struct smp_operations { +@@ -107,7 +107,7 @@ struct smp_operations { int (*cpu_disable)(unsigned int cpu); #endif #endif @@ -1829,40 +2071,161 @@ index 2e3be16..4dc90fc 100644 /* * set platform specific SMP operations diff --git a/arch/arm/include/asm/thread_info.h b/arch/arm/include/asm/thread_info.h -index 8477b4c..801a6a9 100644 +index cddda1f..ff357f7 100644 --- a/arch/arm/include/asm/thread_info.h +++ b/arch/arm/include/asm/thread_info.h -@@ -151,6 +151,12 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *, - #define TIF_SYSCALL_TRACE 8 +@@ -77,9 +77,9 @@ struct thread_info { + .flags = 0, \ + .preempt_count = INIT_PREEMPT_COUNT, \ + .addr_limit = KERNEL_DS, \ +- .cpu_domain = domain_val(DOMAIN_USER, DOMAIN_MANAGER) | \ +- domain_val(DOMAIN_KERNEL, DOMAIN_MANAGER) | \ +- domain_val(DOMAIN_IO, DOMAIN_CLIENT), \ ++ .cpu_domain = domain_val(DOMAIN_USER, DOMAIN_USERCLIENT) | \ ++ domain_val(DOMAIN_KERNEL, DOMAIN_KERNELCLIENT) | \ ++ domain_val(DOMAIN_IO, DOMAIN_KERNELCLIENT), \ + .restart_block = { \ + .fn = do_no_restart_syscall, \ + }, \ +@@ -152,6 +152,12 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *, #define TIF_SYSCALL_AUDIT 9 #define TIF_SYSCALL_TRACEPOINT 10 + #define TIF_SECCOMP 11 /* seccomp syscall filtering active */ + +/* within 8 bits of TIF_SYSCALL_TRACE -+ to meet flexible second operand requirements -+*/ -+#define TIF_GRSEC_SETXID 11 ++ * to meet flexible second operand requirements ++ */ ++#define TIF_GRSEC_SETXID 12 + #define TIF_USING_IWMMXT 17 #define TIF_MEMDIE 18 /* is terminating due to OOM killer */ #define TIF_RESTORE_SIGMASK 20 -@@ -165,9 +171,11 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *, +@@ -165,10 +171,11 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *, #define _TIF_SYSCALL_TRACEPOINT (1 << TIF_SYSCALL_TRACEPOINT) - #define _TIF_USING_IWMMXT (1 << TIF_USING_IWMMXT) #define _TIF_SECCOMP (1 << TIF_SECCOMP) + #define _TIF_USING_IWMMXT (1 << TIF_USING_IWMMXT) +#define _TIF_GRSEC_SETXID (1 << TIF_GRSEC_SETXID) /* Checks for any syscall work in entry-common.S */ --#define _TIF_SYSCALL_WORK (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | _TIF_SYSCALL_TRACEPOINT) -+#define _TIF_SYSCALL_WORK (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | _TIF_SYSCALL_TRACEPOINT | \ -+ _TIF_GRSEC_SETXID) + #define _TIF_SYSCALL_WORK (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | \ +- _TIF_SYSCALL_TRACEPOINT | _TIF_SECCOMP) ++ _TIF_SYSCALL_TRACEPOINT | _TIF_SECCOMP | _TIF_GRSEC_SETXID) /* * Change these and you break ASM code in entry-common.S diff --git a/arch/arm/include/asm/uaccess.h b/arch/arm/include/asm/uaccess.h -index 7e1f760..f2c37b1 100644 +index 7e1f760..752fcb7 100644 --- a/arch/arm/include/asm/uaccess.h +++ b/arch/arm/include/asm/uaccess.h -@@ -418,8 +418,23 @@ do { \ +@@ -18,6 +18,7 @@ + #include <asm/domain.h> + #include <asm/unified.h> + #include <asm/compiler.h> ++#include <asm/pgtable.h> + + #define VERIFY_READ 0 + #define VERIFY_WRITE 1 +@@ -60,10 +61,34 @@ extern int __put_user_bad(void); + #define USER_DS TASK_SIZE + #define get_fs() (current_thread_info()->addr_limit) + ++static inline void pax_open_userland(void) ++{ ++ ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++ if (get_fs() == USER_DS) { ++ BUG_ON(test_domain(DOMAIN_USER, DOMAIN_UDEREF)); ++ modify_domain(DOMAIN_USER, DOMAIN_UDEREF); ++ } ++#endif ++ ++} ++ ++static inline void pax_close_userland(void) ++{ ++ ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++ if (get_fs() == USER_DS) { ++ BUG_ON(test_domain(DOMAIN_USER, DOMAIN_NOACCESS)); ++ modify_domain(DOMAIN_USER, DOMAIN_NOACCESS); ++ } ++#endif ++ ++} ++ + static inline void set_fs(mm_segment_t fs) + { + current_thread_info()->addr_limit = fs; +- modify_domain(DOMAIN_KERNEL, fs ? DOMAIN_CLIENT : DOMAIN_MANAGER); ++ modify_domain(DOMAIN_KERNEL, fs ? DOMAIN_KERNELCLIENT : DOMAIN_MANAGER); + } + + #define segment_eq(a,b) ((a) == (b)) +@@ -143,8 +168,12 @@ extern int __get_user_4(void *); + + #define get_user(x,p) \ + ({ \ ++ int __e; \ + might_fault(); \ +- __get_user_check(x,p); \ ++ pax_open_userland(); \ ++ __e = __get_user_check(x,p); \ ++ pax_close_userland(); \ ++ __e; \ + }) + + extern int __put_user_1(void *, unsigned int); +@@ -188,8 +217,12 @@ extern int __put_user_8(void *, unsigned long long); + + #define put_user(x,p) \ + ({ \ ++ int __e; \ + might_fault(); \ +- __put_user_check(x,p); \ ++ pax_open_userland(); \ ++ __e = __put_user_check(x,p); \ ++ pax_close_userland(); \ ++ __e; \ + }) + + #else /* CONFIG_MMU */ +@@ -230,13 +263,17 @@ static inline void set_fs(mm_segment_t fs) + #define __get_user(x,ptr) \ + ({ \ + long __gu_err = 0; \ ++ pax_open_userland(); \ + __get_user_err((x),(ptr),__gu_err); \ ++ pax_close_userland(); \ + __gu_err; \ + }) + + #define __get_user_error(x,ptr,err) \ + ({ \ ++ pax_open_userland(); \ + __get_user_err((x),(ptr),err); \ ++ pax_close_userland(); \ + (void) 0; \ + }) + +@@ -312,13 +349,17 @@ do { \ + #define __put_user(x,ptr) \ + ({ \ + long __pu_err = 0; \ ++ pax_open_userland(); \ + __put_user_err((x),(ptr),__pu_err); \ ++ pax_close_userland(); \ + __pu_err; \ + }) + + #define __put_user_error(x,ptr,err) \ + ({ \ ++ pax_open_userland(); \ + __put_user_err((x),(ptr),err); \ ++ pax_close_userland(); \ + (void) 0; \ + }) + +@@ -418,11 +459,44 @@ do { \ #ifdef CONFIG_MMU @@ -1873,22 +2236,44 @@ index 7e1f760..f2c37b1 100644 + +static inline unsigned long __must_check __copy_from_user(void *to, const void __user *from, unsigned long n) +{ -+ check_object_size(to, n, false); ++ unsigned long ret; + -+ return ___copy_from_user(to, from, n); ++ check_object_size(to, n, false); ++ pax_open_userland(); ++ ret = ___copy_from_user(to, from, n); ++ pax_close_userland(); ++ return ret; +} + +static inline unsigned long __must_check __copy_to_user(void __user *to, const void *from, unsigned long n) +{ -+ check_object_size(from, n, true); ++ unsigned long ret; + -+ return ___copy_to_user(to, from, n); ++ check_object_size(from, n, true); ++ pax_open_userland(); ++ ret = ___copy_to_user(to, from, n); ++ pax_close_userland(); ++ return ret; +} + extern unsigned long __must_check __copy_to_user_std(void __user *to, const void *from, unsigned long n); - extern unsigned long __must_check __clear_user(void __user *addr, unsigned long n); +-extern unsigned long __must_check __clear_user(void __user *addr, unsigned long n); ++extern unsigned long __must_check ___clear_user(void __user *addr, unsigned long n); extern unsigned long __must_check __clear_user_std(void __user *addr, unsigned long n); -@@ -431,6 +446,9 @@ extern unsigned long __must_check __clear_user_std(void __user *addr, unsigned l ++ ++static inline unsigned long __must_check __clear_user(void __user *addr, unsigned long n) ++{ ++ unsigned long ret; ++ pax_open_userland(); ++ ret = ___clear_user(addr, n); ++ pax_close_userland(); ++ return ret; ++} ++ + #else + #define __copy_from_user(to,from,n) (memcpy(to, (void __force *)from, n), 0) + #define __copy_to_user(to,from,n) (memcpy((void __force *)to, from, n), 0) +@@ -431,6 +505,9 @@ extern unsigned long __must_check __clear_user_std(void __user *addr, unsigned l static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n) { @@ -1898,7 +2283,7 @@ index 7e1f760..f2c37b1 100644 if (access_ok(VERIFY_READ, from, n)) n = __copy_from_user(to, from, n); else /* security hole - plug it */ -@@ -440,6 +458,9 @@ static inline unsigned long __must_check copy_from_user(void *to, const void __u +@@ -440,6 +517,9 @@ static inline unsigned long __must_check copy_from_user(void *to, const void __u static inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n) { @@ -1936,8 +2321,364 @@ index 60d3b73..9168db0 100644 EXPORT_SYMBOL(__clear_user); EXPORT_SYMBOL(__get_user_1); +diff --git a/arch/arm/kernel/entry-armv.S b/arch/arm/kernel/entry-armv.S +index 0f82098..3dbd3ee 100644 +--- a/arch/arm/kernel/entry-armv.S ++++ b/arch/arm/kernel/entry-armv.S +@@ -47,6 +47,87 @@ + 9997: + .endm + ++ .macro pax_enter_kernel ++#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF) ++ @ make aligned space for saved DACR ++ sub sp, sp, #8 ++ @ save regs ++ stmdb sp!, {r1, r2} ++ @ read DACR from cpu_domain into r1 ++ mov r2, sp ++ @ assume 8K pages, since we have to split the immediate in two ++ bic r2, r2, #(0x1fc0) ++ bic r2, r2, #(0x3f) ++ ldr r1, [r2, #TI_CPU_DOMAIN] ++ @ store old DACR on stack ++ str r1, [sp, #8] ++#ifdef CONFIG_PAX_KERNEXEC ++ @ set type of DOMAIN_KERNEL to DOMAIN_KERNELCLIENT ++ bic r1, r1, #(domain_val(DOMAIN_KERNEL, 3)) ++ orr r1, r1, #(domain_val(DOMAIN_KERNEL, DOMAIN_KERNELCLIENT)) ++#endif ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++ @ set current DOMAIN_USER to DOMAIN_NOACCESS ++ bic r1, r1, #(domain_val(DOMAIN_USER, 3)) ++#endif ++ @ write r1 to current_thread_info()->cpu_domain ++ str r1, [r2, #TI_CPU_DOMAIN] ++ @ write r1 to DACR ++ mcr p15, 0, r1, c3, c0, 0 ++ @ instruction sync ++ instr_sync ++ @ restore regs ++ ldmia sp!, {r1, r2} ++#endif ++ .endm ++ ++ .macro pax_open_userland ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++ @ save regs ++ stmdb sp!, {r0, r1} ++ @ read DACR from cpu_domain into r1 ++ mov r0, sp ++ @ assume 8K pages, since we have to split the immediate in two ++ bic r0, r0, #(0x1fc0) ++ bic r0, r0, #(0x3f) ++ ldr r1, [r0, #TI_CPU_DOMAIN] ++ @ set current DOMAIN_USER to DOMAIN_CLIENT ++ bic r1, r1, #(domain_val(DOMAIN_USER, 3)) ++ orr r1, r1, #(domain_val(DOMAIN_USER, DOMAIN_UDEREF)) ++ @ write r1 to current_thread_info()->cpu_domain ++ str r1, [r0, #TI_CPU_DOMAIN] ++ @ write r1 to DACR ++ mcr p15, 0, r1, c3, c0, 0 ++ @ instruction sync ++ instr_sync ++ @ restore regs ++ ldmia sp!, {r0, r1} ++#endif ++ .endm ++ ++ .macro pax_close_userland ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++ @ save regs ++ stmdb sp!, {r0, r1} ++ @ read DACR from cpu_domain into r1 ++ mov r0, sp ++ @ assume 8K pages, since we have to split the immediate in two ++ bic r0, r0, #(0x1fc0) ++ bic r0, r0, #(0x3f) ++ ldr r1, [r0, #TI_CPU_DOMAIN] ++ @ set current DOMAIN_USER to DOMAIN_NOACCESS ++ bic r1, r1, #(domain_val(DOMAIN_USER, 3)) ++ @ write r1 to current_thread_info()->cpu_domain ++ str r1, [r0, #TI_CPU_DOMAIN] ++ @ write r1 to DACR ++ mcr p15, 0, r1, c3, c0, 0 ++ @ instruction sync ++ instr_sync ++ @ restore regs ++ ldmia sp!, {r0, r1} ++#endif ++ .endm ++ + .macro pabt_helper + @ PABORT handler takes pt_regs in r2, fault address in r4 and psr in r5 + #ifdef MULTI_PABORT +@@ -89,11 +170,15 @@ + * Invalid mode handlers + */ + .macro inv_entry, reason ++ ++ pax_enter_kernel ++ + sub sp, sp, #S_FRAME_SIZE + ARM( stmib sp, {r1 - lr} ) + THUMB( stmia sp, {r0 - r12} ) + THUMB( str sp, [sp, #S_SP] ) + THUMB( str lr, [sp, #S_LR] ) ++ + mov r1, #\reason + .endm + +@@ -149,7 +234,11 @@ ENDPROC(__und_invalid) + .macro svc_entry, stack_hole=0 + UNWIND(.fnstart ) + UNWIND(.save {r0 - pc} ) ++ ++ pax_enter_kernel ++ + sub sp, sp, #(S_FRAME_SIZE + \stack_hole - 4) ++ + #ifdef CONFIG_THUMB2_KERNEL + SPFIX( str r0, [sp] ) @ temporarily saved + SPFIX( mov r0, sp ) +@@ -164,7 +253,12 @@ ENDPROC(__und_invalid) + ldmia r0, {r3 - r5} + add r7, sp, #S_SP - 4 @ here for interlock avoidance + mov r6, #-1 @ "" "" "" "" ++#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF) ++ @ offset sp by 8 as done in pax_enter_kernel ++ add r2, sp, #(S_FRAME_SIZE + \stack_hole + 4) ++#else + add r2, sp, #(S_FRAME_SIZE + \stack_hole - 4) ++#endif + SPFIX( addeq r2, r2, #4 ) + str r3, [sp, #-4]! @ save the "real" r0 copied + @ from the exception stack +@@ -359,6 +453,9 @@ ENDPROC(__pabt_svc) + .macro usr_entry + UNWIND(.fnstart ) + UNWIND(.cantunwind ) @ don't unwind the user space ++ ++ pax_enter_kernel_user ++ + sub sp, sp, #S_FRAME_SIZE + ARM( stmib sp, {r1 - r12} ) + THUMB( stmia sp, {r0 - r12} ) +@@ -456,7 +553,9 @@ __und_usr: + tst r3, #PSR_T_BIT @ Thumb mode? + bne __und_usr_thumb + sub r4, r2, #4 @ ARM instr at LR - 4 ++ pax_open_userland + 1: ldrt r0, [r4] ++ pax_close_userland + #ifdef CONFIG_CPU_ENDIAN_BE8 + rev r0, r0 @ little endian instruction + #endif +@@ -491,10 +590,14 @@ __und_usr_thumb: + */ + .arch armv6t2 + #endif ++ pax_open_userland + 2: ldrht r5, [r4] ++ pax_close_userland + cmp r5, #0xe800 @ 32bit instruction if xx != 0 + blo __und_usr_fault_16 @ 16bit undefined instruction ++ pax_open_userland + 3: ldrht r0, [r2] ++ pax_close_userland + add r2, r2, #2 @ r2 is PC + 2, make it PC + 4 + str r2, [sp, #S_PC] @ it's a 2x16bit instr, update + orr r0, r0, r5, lsl #16 +@@ -733,7 +836,7 @@ ENTRY(__switch_to) + THUMB( stmia ip!, {r4 - sl, fp} ) @ Store most regs on stack + THUMB( str sp, [ip], #4 ) + THUMB( str lr, [ip], #4 ) +-#ifdef CONFIG_CPU_USE_DOMAINS ++#if defined(CONFIG_CPU_USE_DOMAINS) || defined(CONFIG_PAX_KERNEXEC) + ldr r6, [r2, #TI_CPU_DOMAIN] + #endif + set_tls r3, r4, r5 +@@ -742,7 +845,7 @@ ENTRY(__switch_to) + ldr r8, =__stack_chk_guard + ldr r7, [r7, #TSK_STACK_CANARY] + #endif +-#ifdef CONFIG_CPU_USE_DOMAINS ++#if defined(CONFIG_CPU_USE_DOMAINS) || defined(CONFIG_PAX_KERNEXEC) + mcr p15, 0, r6, c3, c0, 0 @ Set domain register + #endif + mov r5, r0 +diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry-common.S +index a6c301e..908821b 100644 +--- a/arch/arm/kernel/entry-common.S ++++ b/arch/arm/kernel/entry-common.S +@@ -10,18 +10,46 @@ + + #include <asm/unistd.h> + #include <asm/ftrace.h> ++#include <asm/domain.h> + #include <asm/unwind.h> + ++#include "entry-header.S" ++ + #ifdef CONFIG_NEED_RET_TO_USER + #include <mach/entry-macro.S> + #else + .macro arch_ret_to_user, tmp1, tmp2 ++#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF) ++ @ save regs ++ stmdb sp!, {r1, r2} ++ @ read DACR from cpu_domain into r1 ++ mov r2, sp ++ @ assume 8K pages, since we have to split the immediate in two ++ bic r2, r2, #(0x1fc0) ++ bic r2, r2, #(0x3f) ++ ldr r1, [r2, #TI_CPU_DOMAIN] ++#ifdef CONFIG_PAX_KERNEXEC ++ @ set type of DOMAIN_KERNEL to DOMAIN_KERNELCLIENT ++ bic r1, r1, #(domain_val(DOMAIN_KERNEL, 3)) ++ orr r1, r1, #(domain_val(DOMAIN_KERNEL, DOMAIN_KERNELCLIENT)) ++#endif ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++ @ set current DOMAIN_USER to DOMAIN_UDEREF ++ bic r1, r1, #(domain_val(DOMAIN_USER, 3)) ++ orr r1, r1, #(domain_val(DOMAIN_USER, DOMAIN_UDEREF)) ++#endif ++ @ write r1 to current_thread_info()->cpu_domain ++ str r1, [r2, #TI_CPU_DOMAIN] ++ @ write r1 to DACR ++ mcr p15, 0, r1, c3, c0, 0 ++ @ instruction sync ++ instr_sync ++ @ restore regs ++ ldmia sp!, {r1, r2} ++#endif + .endm + #endif + +-#include "entry-header.S" +- +- + .align 5 + /* + * This is the fast syscall return path. We do as little as +@@ -339,6 +367,7 @@ ENDPROC(ftrace_stub) + + .align 5 + ENTRY(vector_swi) ++ + sub sp, sp, #S_FRAME_SIZE + stmia sp, {r0 - r12} @ Calling r0 - r12 + ARM( add r8, sp, #S_PC ) +@@ -388,6 +417,12 @@ ENTRY(vector_swi) + ldr scno, [lr, #-4] @ get SWI instruction + #endif + ++ /* ++ * do this here to avoid a performance hit of wrapping the code above ++ * that directly dereferences userland to parse the SWI instruction ++ */ ++ pax_enter_kernel_user ++ + #ifdef CONFIG_ALIGNMENT_TRAP + ldr ip, __cr_alignment + ldr ip, [ip] +diff --git a/arch/arm/kernel/entry-header.S b/arch/arm/kernel/entry-header.S +index 9a8531e..812e287 100644 +--- a/arch/arm/kernel/entry-header.S ++++ b/arch/arm/kernel/entry-header.S +@@ -73,9 +73,66 @@ + msr cpsr_c, \rtemp @ switch back to the SVC mode + .endm + ++ .macro pax_enter_kernel_user ++#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF) ++ @ save regs ++ stmdb sp!, {r0, r1} ++ @ read DACR from cpu_domain into r1 ++ mov r0, sp ++ @ assume 8K pages, since we have to split the immediate in two ++ bic r0, r0, #(0x1fc0) ++ bic r0, r0, #(0x3f) ++ ldr r1, [r0, #TI_CPU_DOMAIN] ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++ @ set current DOMAIN_USER to DOMAIN_NOACCESS ++ bic r1, r1, #(domain_val(DOMAIN_USER, 3)) ++#endif ++#ifdef CONFIG_PAX_KERNEXEC ++ @ set current DOMAIN_KERNEL to DOMAIN_KERNELCLIENT ++ bic r1, r1, #(domain_val(DOMAIN_KERNEL, 3)) ++ orr r1, r1, #(domain_val(DOMAIN_KERNEL, DOMAIN_KERNELCLIENT)) ++#endif ++ @ write r1 to current_thread_info()->cpu_domain ++ str r1, [r0, #TI_CPU_DOMAIN] ++ @ write r1 to DACR ++ mcr p15, 0, r1, c3, c0, 0 ++ @ instruction sync ++ instr_sync ++ @ restore regs ++ ldmia sp!, {r0, r1} ++#endif ++ .endm ++ ++ .macro pax_exit_kernel ++#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF) ++ @ save regs ++ stmdb sp!, {r0, r1} ++ @ read old DACR from stack into r1 ++ ldr r1, [sp, #(8 + S_SP)] ++ sub r1, r1, #8 ++ ldr r1, [r1] ++ ++ @ write r1 to current_thread_info()->cpu_domain ++ mov r0, sp ++ @ assume 8K pages, since we have to split the immediate in two ++ bic r0, r0, #(0x1fc0) ++ bic r0, r0, #(0x3f) ++ str r1, [r0, #TI_CPU_DOMAIN] ++ @ write r1 to DACR ++ mcr p15, 0, r1, c3, c0, 0 ++ @ instruction sync ++ instr_sync ++ @ restore regs ++ ldmia sp!, {r0, r1} ++#endif ++ .endm ++ + #ifndef CONFIG_THUMB2_KERNEL + .macro svc_exit, rpsr + msr spsr_cxsf, \rpsr ++ ++ pax_exit_kernel ++ + #if defined(CONFIG_CPU_V6) + ldr r0, [sp] + strex r1, r2, [sp] @ clear the exclusive monitor +@@ -121,6 +178,9 @@ + .endm + #else /* CONFIG_THUMB2_KERNEL */ + .macro svc_exit, rpsr ++ ++ pax_exit_kernel ++ + ldr lr, [sp, #S_SP] @ top of the stack + ldrd r0, r1, [sp, #S_LR] @ calling lr and pc + clrex @ clear the exclusive monitor +diff --git a/arch/arm/kernel/fiq.c b/arch/arm/kernel/fiq.c +index 2adda11..7fbe958 100644 +--- a/arch/arm/kernel/fiq.c ++++ b/arch/arm/kernel/fiq.c +@@ -82,7 +82,9 @@ void set_fiq_handler(void *start, unsigned int length) + #if defined(CONFIG_CPU_USE_DOMAINS) + memcpy((void *)0xffff001c, start, length); + #else ++ pax_open_kernel(); + memcpy(vectors_page + 0x1c, start, length); ++ pax_close_kernel(); + #endif + flush_icache_range(0xffff001c, 0xffff001c + length); + if (!vectors_high()) diff --git a/arch/arm/kernel/head.S b/arch/arm/kernel/head.S -index 486a15a..d95523a 100644 +index 486a15a..2d6880e 100644 --- a/arch/arm/kernel/head.S +++ b/arch/arm/kernel/head.S @@ -52,7 +52,9 @@ @@ -1951,6 +2692,28 @@ index 486a15a..d95523a 100644 .endm /* +@@ -416,7 +418,7 @@ __enable_mmu: + mov r5, #(domain_val(DOMAIN_USER, DOMAIN_MANAGER) | \ + domain_val(DOMAIN_KERNEL, DOMAIN_MANAGER) | \ + domain_val(DOMAIN_TABLE, DOMAIN_MANAGER) | \ +- domain_val(DOMAIN_IO, DOMAIN_CLIENT)) ++ domain_val(DOMAIN_IO, DOMAIN_KERNELCLIENT)) + mcr p15, 0, r5, c3, c0, 0 @ load domain access register + mcr p15, 0, r4, c2, c0, 0 @ load page table pointer + #endif +diff --git a/arch/arm/kernel/hw_breakpoint.c b/arch/arm/kernel/hw_breakpoint.c +index 5ff2e77..556d030 100644 +--- a/arch/arm/kernel/hw_breakpoint.c ++++ b/arch/arm/kernel/hw_breakpoint.c +@@ -1011,7 +1011,7 @@ static int __cpuinit dbg_reset_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata dbg_reset_nb = { ++static struct notifier_block dbg_reset_nb = { + .notifier_call = dbg_reset_notify, + }; + diff --git a/arch/arm/kernel/module.c b/arch/arm/kernel/module.c index 1e9be5d..03edbc2 100644 --- a/arch/arm/kernel/module.c @@ -1995,8 +2758,21 @@ index 1e9be5d..03edbc2 100644 #endif int +diff --git a/arch/arm/kernel/perf_event_cpu.c b/arch/arm/kernel/perf_event_cpu.c +index 5f66206..dce492f 100644 +--- a/arch/arm/kernel/perf_event_cpu.c ++++ b/arch/arm/kernel/perf_event_cpu.c +@@ -171,7 +171,7 @@ static int __cpuinit cpu_pmu_notify(struct notifier_block *b, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata cpu_pmu_hotplug_notifier = { ++static struct notifier_block cpu_pmu_hotplug_notifier = { + .notifier_call = cpu_pmu_notify, + }; + diff --git a/arch/arm/kernel/process.c b/arch/arm/kernel/process.c -index 90084a6..a8b26bc 100644 +index c6dec5f..f853532 100644 --- a/arch/arm/kernel/process.c +++ b/arch/arm/kernel/process.c @@ -28,7 +28,6 @@ @@ -2030,7 +2806,7 @@ index 90084a6..a8b26bc 100644 printk("pc : [<%08lx>] lr : [<%08lx>] psr: %08lx\n" "sp : %08lx ip : %08lx fp : %08lx\n", regs->ARM_pc, regs->ARM_lr, regs->ARM_cpsr, -@@ -451,12 +451,6 @@ unsigned long get_wchan(struct task_struct *p) +@@ -452,12 +452,6 @@ unsigned long get_wchan(struct task_struct *p) return 0; } @@ -2044,22 +2820,19 @@ index 90084a6..a8b26bc 100644 /* * The vectors page is always readable from user space for the diff --git a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c -index 739db3a..7f4a272 100644 +index 03deeff..741ce88 100644 --- a/arch/arm/kernel/ptrace.c +++ b/arch/arm/kernel/ptrace.c -@@ -916,6 +916,10 @@ enum ptrace_syscall_dir { - PTRACE_SYSCALL_EXIT, - }; +@@ -937,10 +937,19 @@ static int tracehook_report_syscall(struct pt_regs *regs, + return current_thread_info()->syscall; + } +#ifdef CONFIG_GRKERNSEC_SETXID +extern void gr_delayed_cred_worker(void); +#endif + - static int ptrace_syscall_trace(struct pt_regs *regs, int scno, - enum ptrace_syscall_dir dir) + asmlinkage int syscall_trace_enter(struct pt_regs *regs, int scno) { -@@ -923,6 +927,11 @@ static int ptrace_syscall_trace(struct pt_regs *regs, int scno, - current_thread_info()->syscall = scno; +#ifdef CONFIG_GRKERNSEC_SETXID @@ -2067,11 +2840,11 @@ index 739db3a..7f4a272 100644 + gr_delayed_cred_worker(); +#endif + - if (!test_thread_flag(TIF_SYSCALL_TRACE)) - return scno; - + /* Do the secure computing check first; failures should be fast. */ + if (secure_computing(scno) == -1) + return -1; diff --git a/arch/arm/kernel/setup.c b/arch/arm/kernel/setup.c -index da1d1aa..ef9bc58 100644 +index 3f6cbb2..6d856f5 100644 --- a/arch/arm/kernel/setup.c +++ b/arch/arm/kernel/setup.c @@ -97,21 +97,23 @@ EXPORT_SYMBOL(system_serial_high); @@ -2119,7 +2892,7 @@ index da1d1aa..ef9bc58 100644 (mmfr0 & 0x000000f0) == 0x00000020) cpu_arch = CPU_ARCH_ARMv6; else -@@ -455,7 +461,7 @@ static void __init setup_processor(void) +@@ -462,7 +468,7 @@ static void __init setup_processor(void) __cpu_architecture = __get_cpu_architecture(); #ifdef MULTI_CPU @@ -2129,7 +2902,7 @@ index da1d1aa..ef9bc58 100644 #ifdef MULTI_TLB cpu_tlb = *list->tlb; diff --git a/arch/arm/kernel/smp.c b/arch/arm/kernel/smp.c -index fbc8b26..000ded0 100644 +index 84f4cbf..672f5b8 100644 --- a/arch/arm/kernel/smp.c +++ b/arch/arm/kernel/smp.c @@ -70,7 +70,7 @@ enum ipi_msg_type { @@ -2142,7 +2915,7 @@ index fbc8b26..000ded0 100644 void __init smp_set_ops(struct smp_operations *ops) { diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c -index b0179b8..7713948 100644 +index b0179b8..b7b16c7 100644 --- a/arch/arm/kernel/traps.c +++ b/arch/arm/kernel/traps.c @@ -57,7 +57,7 @@ static void dump_mem(const char *, const char *, unsigned long, unsigned long); @@ -2173,8 +2946,29 @@ index b0179b8..7713948 100644 if (signr) do_exit(signr); } +@@ -601,7 +606,9 @@ asmlinkage int arm_syscall(int no, struct pt_regs *regs) + * The user helper at 0xffff0fe0 must be used instead. + * (see entry-armv.S for details) + */ ++ pax_open_kernel(); + *((unsigned int *)0xffff0ff0) = regs->ARM_r0; ++ pax_close_kernel(); + } + return 0; + +@@ -849,5 +856,9 @@ void __init early_trap_init(void *vectors_base) + sigreturn_codes, sizeof(sigreturn_codes)); + + flush_icache_range(vectors, vectors + PAGE_SIZE); +- modify_domain(DOMAIN_USER, DOMAIN_CLIENT); ++ ++#ifndef CONFIG_PAX_MEMORY_UDEREF ++ modify_domain(DOMAIN_USER, DOMAIN_USERCLIENT); ++#endif ++ + } diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S -index 36ff15b..75d9e9d 100644 +index 11c1785..c67d54c 100644 --- a/arch/arm/kernel/vmlinux.lds.S +++ b/arch/arm/kernel/vmlinux.lds.S @@ -8,7 +8,11 @@ @@ -2202,7 +2996,7 @@ index 36ff15b..75d9e9d 100644 .text : { /* Real text segment */ _stext = .; /* Text and read-only data */ __exception_text_start = .; -@@ -133,6 +142,10 @@ SECTIONS +@@ -144,6 +153,10 @@ SECTIONS _etext = .; /* End of text and rodata section */ @@ -2213,7 +3007,7 @@ index 36ff15b..75d9e9d 100644 #ifndef CONFIG_XIP_KERNEL . = ALIGN(PAGE_SIZE); __init_begin = .; -@@ -192,6 +205,11 @@ SECTIONS +@@ -203,6 +216,11 @@ SECTIONS . = PAGE_OFFSET + TEXT_OFFSET; #else __init_end = .; @@ -2225,6 +3019,36 @@ index 36ff15b..75d9e9d 100644 . = ALIGN(THREAD_SIZE); __data_loc = .; #endif +diff --git a/arch/arm/lib/clear_user.S b/arch/arm/lib/clear_user.S +index 14a0d98..7771a7d 100644 +--- a/arch/arm/lib/clear_user.S ++++ b/arch/arm/lib/clear_user.S +@@ -12,14 +12,14 @@ + + .text + +-/* Prototype: int __clear_user(void *addr, size_t sz) ++/* Prototype: int ___clear_user(void *addr, size_t sz) + * Purpose : clear some user memory + * Params : addr - user memory address to clear + * : sz - number of bytes to clear + * Returns : number of bytes NOT cleared + */ + ENTRY(__clear_user_std) +-WEAK(__clear_user) ++WEAK(___clear_user) + stmfd sp!, {r1, lr} + mov r2, #0 + cmp r1, #4 +@@ -44,7 +44,7 @@ WEAK(__clear_user) + USER( strnebt r2, [r0]) + mov r0, #0 + ldmfd sp!, {r1, pc} +-ENDPROC(__clear_user) ++ENDPROC(___clear_user) + ENDPROC(__clear_user_std) + + .pushsection .fixup,"ax" diff --git a/arch/arm/lib/copy_from_user.S b/arch/arm/lib/copy_from_user.S index 66a477a..bee61d3 100644 --- a/arch/arm/lib/copy_from_user.S @@ -2291,6 +3115,21 @@ index d066df6..df28194 100644 ENDPROC(__copy_to_user_std) .pushsection .fixup,"ax" +diff --git a/arch/arm/lib/csumpartialcopyuser.S b/arch/arm/lib/csumpartialcopyuser.S +index 7d08b43..f7ca7ea 100644 +--- a/arch/arm/lib/csumpartialcopyuser.S ++++ b/arch/arm/lib/csumpartialcopyuser.S +@@ -57,8 +57,8 @@ + * Returns : r0 = checksum, [[sp, #0], #0] = 0 or -EFAULT + */ + +-#define FN_ENTRY ENTRY(csum_partial_copy_from_user) +-#define FN_EXIT ENDPROC(csum_partial_copy_from_user) ++#define FN_ENTRY ENTRY(__csum_partial_copy_from_user) ++#define FN_EXIT ENDPROC(__csum_partial_copy_from_user) + + #include "csumpartialcopygeneric.S" + diff --git a/arch/arm/lib/delay.c b/arch/arm/lib/delay.c index 0dc5385..45833ef 100644 --- a/arch/arm/lib/delay.c @@ -2349,7 +3188,7 @@ index 025f742..8432b08 100644 /* * This test is stubbed out of the main function above to keep diff --git a/arch/arm/mach-kirkwood/common.c b/arch/arm/mach-kirkwood/common.c -index 2c6c218..2b87c2d 100644 +index bac21a5..b67ef8e 100644 --- a/arch/arm/mach-kirkwood/common.c +++ b/arch/arm/mach-kirkwood/common.c @@ -150,7 +150,16 @@ static void clk_gate_fn_disable(struct clk_hw *hw) @@ -2386,10 +3225,10 @@ index 2c6c218..2b87c2d 100644 if (IS_ERR(clk)) diff --git a/arch/arm/mach-omap2/board-n8x0.c b/arch/arm/mach-omap2/board-n8x0.c -index d95f727..12f10dd 100644 +index 0abb30f..54064da 100644 --- a/arch/arm/mach-omap2/board-n8x0.c +++ b/arch/arm/mach-omap2/board-n8x0.c -@@ -589,7 +589,7 @@ static int n8x0_menelaus_late_init(struct device *dev) +@@ -631,7 +631,7 @@ static int n8x0_menelaus_late_init(struct device *dev) } #endif @@ -2398,14 +3237,27 @@ index d95f727..12f10dd 100644 .late_init = n8x0_menelaus_late_init, }; +diff --git a/arch/arm/mach-omap2/omap-wakeupgen.c b/arch/arm/mach-omap2/omap-wakeupgen.c +index 5d3b4f4..ddba3c0 100644 +--- a/arch/arm/mach-omap2/omap-wakeupgen.c ++++ b/arch/arm/mach-omap2/omap-wakeupgen.c +@@ -340,7 +340,7 @@ static int __cpuinit irq_cpu_hotplug_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __refdata irq_hotplug_notifier = { ++static struct notifier_block irq_hotplug_notifier = { + .notifier_call = irq_cpu_hotplug_notify, + }; + diff --git a/arch/arm/mach-omap2/omap_hwmod.c b/arch/arm/mach-omap2/omap_hwmod.c -index 87cc6d0..fd4f248 100644 +index 4653efb..8c60bf7 100644 --- a/arch/arm/mach-omap2/omap_hwmod.c +++ b/arch/arm/mach-omap2/omap_hwmod.c @@ -189,10 +189,10 @@ struct omap_hwmod_soc_ops { - int (*is_hardreset_asserted)(struct omap_hwmod *oh, - struct omap_hwmod_rst_info *ohri); int (*init_clkdm)(struct omap_hwmod *oh); + void (*update_context_lost)(struct omap_hwmod *oh); + int (*get_context_lost)(struct omap_hwmod *oh); -}; +} __no_const; @@ -2415,8 +3267,47 @@ index 87cc6d0..fd4f248 100644 /* omap_hwmod_list contains all registered struct omap_hwmods */ static LIST_HEAD(omap_hwmod_list); +diff --git a/arch/arm/mach-ux500/include/mach/setup.h b/arch/arm/mach-ux500/include/mach/setup.h +index 6be4c4d..32ac32a 100644 +--- a/arch/arm/mach-ux500/include/mach/setup.h ++++ b/arch/arm/mach-ux500/include/mach/setup.h +@@ -38,13 +38,6 @@ extern struct sys_timer ux500_timer; + .type = MT_DEVICE, \ + } + +-#define __MEM_DEV_DESC(x, sz) { \ +- .virtual = IO_ADDRESS(x), \ +- .pfn = __phys_to_pfn(x), \ +- .length = sz, \ +- .type = MT_MEMORY, \ +-} +- + extern struct smp_operations ux500_smp_ops; + extern void ux500_cpu_die(unsigned int cpu); + +diff --git a/arch/arm/mm/Kconfig b/arch/arm/mm/Kconfig +index 3fd629d..8b1aca9 100644 +--- a/arch/arm/mm/Kconfig ++++ b/arch/arm/mm/Kconfig +@@ -425,7 +425,7 @@ config CPU_32v5 + + config CPU_32v6 + bool +- select CPU_USE_DOMAINS if CPU_V6 && MMU ++ select CPU_USE_DOMAINS if CPU_V6 && MMU && !PAX_KERNEXEC + select TLS_REG_EMUL if !CPU_32v6K && !MMU + + config CPU_32v6K +@@ -577,6 +577,7 @@ config CPU_CP15_MPU + + config CPU_USE_DOMAINS + bool ++ depends on !ARM_LPAE && !PAX_KERNEXEC + help + This option enables or disables the use of domain switching + via the set_fs() function. diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c -index 5dbf13f..9be36fd 100644 +index 5dbf13f..6393f55 100644 --- a/arch/arm/mm/fault.c +++ b/arch/arm/mm/fault.c @@ -25,6 +25,7 @@ @@ -2427,27 +3318,28 @@ index 5dbf13f..9be36fd 100644 #include "fault.h" -@@ -138,6 +139,19 @@ __do_kernel_fault(struct mm_struct *mm, unsigned long addr, unsigned int fsr, +@@ -138,6 +139,20 @@ __do_kernel_fault(struct mm_struct *mm, unsigned long addr, unsigned int fsr, if (fixup_exception(regs)) return; +#ifdef CONFIG_PAX_KERNEXEC -+ if (fsr & FSR_WRITE) { -+ if (((unsigned long)_stext <= addr && addr < init_mm.end_code) || (MODULES_VADDR <= addr && addr < MODULES_END)) { -+ if (current->signal->curr_ip) -+ printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", -+ ¤t->signal->curr_ip, current->comm, task_pid_nr(current), current_uid(), current_euid()); -+ else -+ printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", -+ current->comm, task_pid_nr(current), current_uid(), current_euid()); -+ } ++ if ((fsr & FSR_WRITE) && ++ (((unsigned long)_stext <= addr && addr < init_mm.end_code) || ++ (MODULES_VADDR <= addr && addr < MODULES_END))) ++ { ++ if (current->signal->curr_ip) ++ printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", ¤t->signal->curr_ip, current->comm, task_pid_nr(current), ++ from_kuid(&init_user_ns, current_uid()), from_kuid(&init_user_ns, current_euid())); ++ else ++ printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", current->comm, task_pid_nr(current), ++ from_kuid(&init_user_ns, current_uid()), from_kuid(&init_user_ns, current_euid())); + } +#endif + /* * No handler, we'll have to terminate things with extreme prejudice. */ -@@ -174,6 +188,13 @@ __do_user_fault(struct task_struct *tsk, unsigned long addr, +@@ -174,6 +189,13 @@ __do_user_fault(struct task_struct *tsk, unsigned long addr, } #endif @@ -2461,7 +3353,7 @@ index 5dbf13f..9be36fd 100644 tsk->thread.address = addr; tsk->thread.error_code = fsr; tsk->thread.trap_no = 14; -@@ -398,6 +419,33 @@ do_page_fault(unsigned long addr, unsigned int fsr, struct pt_regs *regs) +@@ -398,6 +420,33 @@ do_page_fault(unsigned long addr, unsigned int fsr, struct pt_regs *regs) } #endif /* CONFIG_MMU */ @@ -2495,20 +3387,43 @@ index 5dbf13f..9be36fd 100644 /* * First Level Translation Fault Handler * -@@ -575,12 +623,41 @@ do_PrefetchAbort(unsigned long addr, unsigned int ifsr, struct pt_regs *regs) +@@ -543,9 +592,22 @@ do_DataAbort(unsigned long addr, unsigned int fsr, struct pt_regs *regs) + const struct fsr_info *inf = fsr_info + fsr_fs(fsr); + struct siginfo info; + ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++ if (addr < TASK_SIZE && is_domain_fault(fsr)) { ++ if (current->signal->curr_ip) ++ printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", ¤t->signal->curr_ip, current->comm, task_pid_nr(current), ++ from_kuid(&init_user_ns, current_uid()), from_kuid(&init_user_ns, current_euid()), addr); ++ else ++ printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", current->comm, task_pid_nr(current), ++ from_kuid(&init_user_ns, current_uid()), from_kuid(&init_user_ns, current_euid()), addr); ++ goto die; ++ } ++#endif ++ + if (!inf->fn(addr, fsr & ~FSR_LNX_PF, regs)) + return; + ++die: + printk(KERN_ALERT "Unhandled fault: %s (0x%03x) at 0x%08lx\n", + inf->name, fsr, addr); + +@@ -575,9 +637,38 @@ do_PrefetchAbort(unsigned long addr, unsigned int ifsr, struct pt_regs *regs) const struct fsr_info *inf = ifsr_info + fsr_fs(ifsr); struct siginfo info; -+#ifdef CONFIG_PAX_KERNEXEC -+ if (!user_mode(regs) && is_xn_fault(ifsr)) { ++#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF) ++ if (!user_mode(regs) && (is_domain_fault(ifsr) || is_xn_fault(ifsr))) { + if (current->signal->curr_ip) -+ printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to execute %s memory at %08lx\n", -+ ¤t->signal->curr_ip, current->comm, task_pid_nr(current), current_uid(), current_euid(), -+ addr >= TASK_SIZE ? "non-executable kernel" : "userland", addr); ++ printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to execute %s memory at %08lx\n", ¤t->signal->curr_ip, current->comm, task_pid_nr(current), ++ from_kuid(&init_user_ns, current_uid()), from_kuid(&init_user_ns, current_euid()), ++ addr >= TASK_SIZE ? "non-executable kernel" : "userland", addr); + else -+ printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to execute %s memory at %08lx\n", -+ current->comm, task_pid_nr(current), current_uid(), current_euid(), -+ addr >= TASK_SIZE ? "non-executable kernel" : "userland", addr); ++ printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to execute %s memory at %08lx\n", current->comm, task_pid_nr(current), ++ from_kuid(&init_user_ns, current_uid()), from_kuid(&init_user_ns, current_euid()), ++ addr >= TASK_SIZE ? "non-executable kernel" : "userland", addr); + goto die; + } +#endif @@ -2530,15 +3445,12 @@ index 5dbf13f..9be36fd 100644 if (!inf->fn(addr, ifsr | FSR_LNX_PF, regs)) return; ++die: printk(KERN_ALERT "Unhandled prefetch abort: %s (0x%03x) at 0x%08lx\n", inf->name, ifsr, addr); -+die: - info.si_signo = inf->sig; - info.si_errno = 0; - info.si_code = inf->code; diff --git a/arch/arm/mm/fault.h b/arch/arm/mm/fault.h -index cf08bdf..f1a0383 100644 +index cf08bdf..772656c 100644 --- a/arch/arm/mm/fault.h +++ b/arch/arm/mm/fault.h @@ -3,6 +3,7 @@ @@ -2549,7 +3461,7 @@ index cf08bdf..f1a0383 100644 */ #define FSR_LNX_PF (1 << 31) #define FSR_WRITE (1 << 11) -@@ -22,6 +23,12 @@ static inline int fsr_fs(unsigned int fsr) +@@ -22,6 +23,17 @@ static inline int fsr_fs(unsigned int fsr) } #endif @@ -2559,50 +3471,67 @@ index cf08bdf..f1a0383 100644 + return ((fsr_fs(fsr) & 0x3c) == 0xc); +} + ++static inline int is_domain_fault(unsigned int fsr) ++{ ++ return ((fsr_fs(fsr) & 0xD) == 0x9); ++} ++ void do_bad_area(unsigned long addr, unsigned int fsr, struct pt_regs *regs); unsigned long search_exception_table(unsigned long addr); diff --git a/arch/arm/mm/init.c b/arch/arm/mm/init.c -index ad722f1..46b670e 100644 +index ad722f1..763fdd3 100644 --- a/arch/arm/mm/init.c +++ b/arch/arm/mm/init.c -@@ -734,9 +734,43 @@ void __init mem_init(void) +@@ -30,6 +30,8 @@ + #include <asm/setup.h> + #include <asm/tlb.h> + #include <asm/fixmap.h> ++#include <asm/system_info.h> ++#include <asm/cp15.h> - void free_initmem(void) + #include <asm/mach/arch.h> + #include <asm/mach/map.h> +@@ -736,7 +738,46 @@ void free_initmem(void) { -+ + #ifdef CONFIG_HAVE_TCM + extern char __tcm_start, __tcm_end; ++#endif + +#ifdef CONFIG_PAX_KERNEXEC + unsigned long addr; + pgd_t *pgd; + pud_t *pud; + pmd_t *pmd; -+#endif ++ int cpu_arch = cpu_architecture(); ++ unsigned int cr = get_cr(); + - #ifdef CONFIG_HAVE_TCM - extern char __tcm_start, __tcm_end; ++ if (cpu_arch >= CPU_ARCH_ARMv6 && (cr & CR_XP)) { ++ /* make pages tables, etc before .text NX */ ++ for (addr = PAGE_OFFSET; addr < (unsigned long)_stext; addr += SECTION_SIZE) { ++ pgd = pgd_offset_k(addr); ++ pud = pud_offset(pgd, addr); ++ pmd = pmd_offset(pud, addr); ++ __section_update(pmd, addr, PMD_SECT_XN); ++ } ++ /* make init NX */ ++ for (addr = (unsigned long)__init_begin; addr < (unsigned long)_sdata; addr += SECTION_SIZE) { ++ pgd = pgd_offset_k(addr); ++ pud = pud_offset(pgd, addr); ++ pmd = pmd_offset(pud, addr); ++ __section_update(pmd, addr, PMD_SECT_XN); ++ } ++ /* make kernel code/rodata RX */ ++ for (addr = (unsigned long)_stext; addr < (unsigned long)__init_begin; addr += SECTION_SIZE) { ++ pgd = pgd_offset_k(addr); ++ pud = pud_offset(pgd, addr); ++ pmd = pmd_offset(pud, addr); ++#ifdef CONFIG_ARM_LPAE ++ __section_update(pmd, addr, PMD_SECT_RDONLY); ++#else ++ __section_update(pmd, addr, PMD_SECT_APX|PMD_SECT_AP_WRITE); +#endif - -+#ifdef CONFIG_PAX_KERNEXEC -+ /* make pages tables, etc before .text NX */ -+ for (addr = PAGE_OFFSET; addr < (unsigned long)_stext; addr += PMD_SIZE) { -+ pgd = pgd_offset_k(addr); -+ pud = pud_offset(pgd, addr); -+ pmd = pmd_offset(pud, addr); -+ __pmd_update(pmd, PMD_SECT_XN); -+ } -+ /* make init NX */ -+ for (addr = (unsigned long)__init_begin; addr < (unsigned long)_sdata; addr += PMD_SIZE) { -+ pgd = pgd_offset_k(addr); -+ pud = pud_offset(pgd, addr); -+ pmd = pmd_offset(pud, addr); -+ __pmd_update(pmd, PMD_SECT_XN); -+ } -+ /* make kernel code/rodata read-only */ -+ for (addr = (unsigned long)_stext; addr < (unsigned long)__init_begin; addr += PMD_SIZE) { -+ pgd = pgd_offset_k(addr); -+ pud = pud_offset(pgd, addr); -+ pmd = pmd_offset(pud, addr); -+ __pmd_update(pmd, PMD_SECT_AP_RDONLY); ++ } + } +#endif + @@ -2610,19 +3539,35 @@ index ad722f1..46b670e 100644 poison_init_mem(&__tcm_start, &__tcm_end - &__tcm_start); totalram_pages += free_area(__phys_to_pfn(__pa(&__tcm_start)), __phys_to_pfn(__pa(&__tcm_end)), +diff --git a/arch/arm/mm/ioremap.c b/arch/arm/mm/ioremap.c +index 88fd86c..7a224ce 100644 +--- a/arch/arm/mm/ioremap.c ++++ b/arch/arm/mm/ioremap.c +@@ -335,9 +335,9 @@ __arm_ioremap_exec(unsigned long phys_addr, size_t size, bool cached) + unsigned int mtype; + + if (cached) +- mtype = MT_MEMORY; ++ mtype = MT_MEMORY_RX; + else +- mtype = MT_MEMORY_NONCACHED; ++ mtype = MT_MEMORY_NONCACHED_RX; + + return __arm_ioremap_caller(phys_addr, size, mtype, + __builtin_return_address(0)); diff --git a/arch/arm/mm/mmap.c b/arch/arm/mm/mmap.c -index ce8cb19..061aa14 100644 +index 10062ce..aa96dd7 100644 --- a/arch/arm/mm/mmap.c +++ b/arch/arm/mm/mmap.c -@@ -72,6 +72,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, - unsigned long start_addr; +@@ -59,6 +59,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, + struct vm_area_struct *vma; int do_align = 0; int aliasing = cache_is_vipt_aliasing(); + unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); + struct vm_unmapped_area_info info; /* - * We only need to do colour alignment if either the I or D -@@ -93,6 +94,10 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -81,6 +82,10 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, if (len > TASK_SIZE) return -ENOMEM; @@ -2633,7 +3578,7 @@ index ce8cb19..061aa14 100644 if (addr) { if (do_align) addr = COLOUR_ALIGN(addr, pgoff); -@@ -100,15 +105,14 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -88,8 +93,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, addr = PAGE_ALIGN(addr); vma = find_vma(mm, addr); @@ -2642,44 +3587,16 @@ index ce8cb19..061aa14 100644 + if (TASK_SIZE - len >= addr && check_heap_stack_gap(vma, addr, len, offset)) return addr; } - if (len > mm->cached_hole_size) { -- start_addr = addr = mm->free_area_cache; -+ start_addr = addr = mm->free_area_cache; - } else { -- start_addr = addr = mm->mmap_base; -- mm->cached_hole_size = 0; -+ start_addr = addr = mm->mmap_base; -+ mm->cached_hole_size = 0; - } - full_search: -@@ -124,14 +128,14 @@ full_search: - * Start a new search - just in case we missed - * some holes. - */ -- if (start_addr != TASK_UNMAPPED_BASE) { -- start_addr = addr = TASK_UNMAPPED_BASE; -+ if (start_addr != mm->mmap_base) { -+ start_addr = addr = mm->mmap_base; - mm->cached_hole_size = 0; - goto full_search; - } - return -ENOMEM; - } -- if (!vma || addr + len <= vma->vm_start) { -+ if (check_heap_stack_gap(vma, addr, len, offset)) { - /* - * Remember the place where we stopped the search: - */ -@@ -156,6 +160,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -112,6 +116,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, unsigned long addr = addr0; int do_align = 0; int aliasing = cache_is_vipt_aliasing(); + unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); + struct vm_unmapped_area_info info; /* - * We only need to do colour alignment if either the I or D -@@ -175,6 +180,10 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -132,6 +137,10 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, return addr; } @@ -2690,7 +3607,7 @@ index ce8cb19..061aa14 100644 /* requesting a specific address */ if (addr) { if (do_align) -@@ -182,8 +191,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -139,8 +148,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, else addr = PAGE_ALIGN(addr); vma = find_vma(mm, addr); @@ -2700,61 +3617,31 @@ index ce8cb19..061aa14 100644 return addr; } -@@ -203,7 +211,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - /* make sure it can fit in the remaining address space */ - if (addr > len) { - vma = find_vma(mm, addr-len); -- if (!vma || addr <= vma->vm_start) -+ if (check_heap_stack_gap(vma, addr - len, len, offset)) - /* remember the address as a hint for next time */ - return (mm->free_area_cache = addr-len); +@@ -162,6 +170,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, + VM_BUG_ON(addr != -ENOMEM); + info.flags = 0; + info.low_limit = mm->mmap_base; ++ ++#ifdef CONFIG_PAX_RANDMMAP ++ if (mm->pax_flags & MF_PAX_RANDMMAP) ++ info.low_limit += mm->delta_mmap; ++#endif ++ + info.high_limit = TASK_SIZE; + addr = vm_unmapped_area(&info); } -@@ -212,17 +220,17 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - goto bottomup; - - addr = mm->mmap_base - len; -- if (do_align) -- addr = COLOUR_ALIGN_DOWN(addr, pgoff); - - do { -+ if (do_align) -+ addr = COLOUR_ALIGN_DOWN(addr, pgoff); - /* - * Lookup failure means no vma is above this address, - * else if new region fits below vma->vm_start, - * return with success: - */ - vma = find_vma(mm, addr); -- if (!vma || addr+len <= vma->vm_start) -+ if (check_heap_stack_gap(vma, addr, len, offset)) - /* remember the address as a hint for next time */ - return (mm->free_area_cache = addr); - -@@ -231,10 +239,8 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - mm->cached_hole_size = vma->vm_start - addr; - - /* try just below the current vma->vm_start */ -- addr = vma->vm_start - len; -- if (do_align) -- addr = COLOUR_ALIGN_DOWN(addr, pgoff); -- } while (len < vma->vm_start); -+ addr = skip_heap_stack_gap(vma, len, offset); -+ } while (!IS_ERR_VALUE(addr)); - - bottomup: - /* -@@ -259,6 +265,10 @@ void arch_pick_mmap_layout(struct mm_struct *mm) +@@ -173,6 +187,10 @@ void arch_pick_mmap_layout(struct mm_struct *mm) { unsigned long random_factor = 0UL; +#ifdef CONFIG_PAX_RANDMMAP -+ if (!(current->mm->pax_flags & MF_PAX_RANDMMAP)) ++ if (!(mm->pax_flags & MF_PAX_RANDMMAP)) +#endif + /* 8 bits of randomness in 20 address space bits */ if ((current->flags & PF_RANDOMIZE) && !(current->personality & ADDR_NO_RANDOMIZE)) -@@ -266,10 +276,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) +@@ -180,10 +198,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) if (mmap_is_legacy()) { mm->mmap_base = TASK_UNMAPPED_BASE + random_factor; @@ -2778,89 +3665,243 @@ index ce8cb19..061aa14 100644 mm->unmap_area = arch_unmap_area_topdown; } diff --git a/arch/arm/mm/mmu.c b/arch/arm/mm/mmu.c -index 99b47b9..579b667 100644 +index ce328c7..f82bebb 100644 --- a/arch/arm/mm/mmu.c +++ b/arch/arm/mm/mmu.c -@@ -227,16 +227,16 @@ static struct mem_type mem_types[] = { +@@ -35,6 +35,23 @@ + + #include "mm.h" + ++ ++#if defined(CONFIG_CPU_USE_DOMAINS) || defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF) ++void modify_domain(unsigned int dom, unsigned int type) ++{ ++ struct thread_info *thread = current_thread_info(); ++ unsigned int domain = thread->cpu_domain; ++ /* ++ * DOMAIN_MANAGER might be defined to some other value, ++ * use the arch-defined constant ++ */ ++ domain &= ~domain_val(dom, 3); ++ thread->cpu_domain = domain | domain_val(dom, type); ++ set_domain(thread->cpu_domain); ++} ++EXPORT_SYMBOL(modify_domain); ++#endif ++ + /* + * empty_zero_page is a special page that is used for + * zero-initialized data and COW. +@@ -195,10 +212,18 @@ void adjust_cr(unsigned long mask, unsigned long set) + } + #endif + +-#define PROT_PTE_DEVICE L_PTE_PRESENT|L_PTE_YOUNG|L_PTE_DIRTY|L_PTE_XN ++#define PROT_PTE_DEVICE L_PTE_PRESENT|L_PTE_YOUNG|L_PTE_DIRTY + #define PROT_SECT_DEVICE PMD_TYPE_SECT|PMD_SECT_AP_WRITE + +-static struct mem_type mem_types[] = { ++#ifdef CONFIG_PAX_KERNEXEC ++#define L_PTE_KERNEXEC L_PTE_RDONLY ++#define PMD_SECT_KERNEXEC PMD_SECT_RDONLY ++#else ++#define L_PTE_KERNEXEC L_PTE_DIRTY ++#define PMD_SECT_KERNEXEC PMD_SECT_AP_WRITE ++#endif ++ ++static struct mem_type mem_types[] __read_only = { + [MT_DEVICE] = { /* Strongly ordered / ARMv6 shared device */ + .prot_pte = PROT_PTE_DEVICE | L_PTE_MT_DEV_SHARED | + L_PTE_SHARED, +@@ -227,16 +252,16 @@ static struct mem_type mem_types[] = { [MT_UNCACHED] = { .prot_pte = PROT_PTE_DEVICE, .prot_l1 = PMD_TYPE_TABLE, - .prot_sect = PMD_TYPE_SECT | PMD_SECT_XN, -+ .prot_sect = PROT_SECT_DEVICE | PMD_SECT_XN, ++ .prot_sect = PROT_SECT_DEVICE, .domain = DOMAIN_IO, }, [MT_CACHECLEAN] = { - .prot_sect = PMD_TYPE_SECT | PMD_SECT_XN, -+ .prot_sect = PMD_TYPE_SECT | PMD_SECT_XN | PMD_SECT_AP_RDONLY, ++ .prot_sect = PMD_TYPE_SECT | PMD_SECT_RDONLY, .domain = DOMAIN_KERNEL, }, #ifndef CONFIG_ARM_LPAE [MT_MINICLEAN] = { - .prot_sect = PMD_TYPE_SECT | PMD_SECT_XN | PMD_SECT_MINICACHE, -+ .prot_sect = PMD_TYPE_SECT | PMD_SECT_XN | PMD_SECT_MINICACHE | PMD_SECT_AP_RDONLY, ++ .prot_sect = PMD_TYPE_SECT | PMD_SECT_MINICACHE | PMD_SECT_RDONLY, .domain = DOMAIN_KERNEL, }, #endif -@@ -258,8 +258,26 @@ static struct mem_type mem_types[] = { +@@ -244,36 +269,54 @@ static struct mem_type mem_types[] = { + .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY | + L_PTE_RDONLY, + .prot_l1 = PMD_TYPE_TABLE, +- .domain = DOMAIN_USER, ++ .domain = DOMAIN_VECTORS, + }, + [MT_HIGH_VECTORS] = { + .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY | + L_PTE_USER | L_PTE_RDONLY, + .prot_l1 = PMD_TYPE_TABLE, +- .domain = DOMAIN_USER, ++ .domain = DOMAIN_VECTORS, + }, +- [MT_MEMORY] = { ++ [MT_MEMORY_RWX] = { + .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY, + .prot_l1 = PMD_TYPE_TABLE, .prot_sect = PMD_TYPE_SECT | PMD_SECT_AP_WRITE, .domain = DOMAIN_KERNEL, }, -+ [MT_MEMORY_R] = { -+ .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_RDONLY | L_PTE_XN, -+ .prot_l1 = PMD_TYPE_TABLE, -+ .prot_sect = PMD_TYPE_SECT | PMD_SECT_AP_RDONLY | PMD_SECT_XN, -+ .domain = DOMAIN_KERNEL, -+ }, + [MT_MEMORY_RW] = { -+ .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY | L_PTE_XN, ++ .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY, + .prot_l1 = PMD_TYPE_TABLE, -+ .prot_sect = PMD_TYPE_SECT | PMD_SECT_AP_WRITE | PMD_SECT_XN, ++ .prot_sect = PMD_TYPE_SECT | PMD_SECT_AP_WRITE, + .domain = DOMAIN_KERNEL, + }, + [MT_MEMORY_RX] = { -+ .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_RDONLY, ++ .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_KERNEXEC, + .prot_l1 = PMD_TYPE_TABLE, -+ .prot_sect = PMD_TYPE_SECT | PMD_SECT_AP_RDONLY, ++ .prot_sect = PMD_TYPE_SECT | PMD_SECT_KERNEXEC, + .domain = DOMAIN_KERNEL, + }, [MT_ROM] = { - .prot_sect = PMD_TYPE_SECT, -+ .prot_sect = PMD_TYPE_SECT | PMD_SECT_AP_RDONLY, ++ .prot_sect = PMD_TYPE_SECT | PMD_SECT_RDONLY, .domain = DOMAIN_KERNEL, }, - [MT_MEMORY_NONCACHED] = { -@@ -273,7 +291,7 @@ static struct mem_type mem_types[] = { +- [MT_MEMORY_NONCACHED] = { ++ [MT_MEMORY_NONCACHED_RW] = { .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY | - L_PTE_XN, + L_PTE_MT_BUFFERABLE, + .prot_l1 = PMD_TYPE_TABLE, + .prot_sect = PMD_TYPE_SECT | PMD_SECT_AP_WRITE, + .domain = DOMAIN_KERNEL, + }, ++ [MT_MEMORY_NONCACHED_RX] = { ++ .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_KERNEXEC | ++ L_PTE_MT_BUFFERABLE, ++ .prot_l1 = PMD_TYPE_TABLE, ++ .prot_sect = PMD_TYPE_SECT | PMD_SECT_KERNEXEC, ++ .domain = DOMAIN_KERNEL, ++ }, + [MT_MEMORY_DTCM] = { +- .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY | +- L_PTE_XN, ++ .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY, .prot_l1 = PMD_TYPE_TABLE, - .prot_sect = PMD_TYPE_SECT | PMD_SECT_XN, -+ .prot_sect = PMD_TYPE_SECT | PMD_SECT_XN | PMD_SECT_AP_RDONLY, ++ .prot_sect = PMD_TYPE_SECT | PMD_SECT_RDONLY, .domain = DOMAIN_KERNEL, }, [MT_MEMORY_ITCM] = { -@@ -432,6 +450,8 @@ static void __init build_mem_type_table(void) +@@ -283,10 +326,10 @@ static struct mem_type mem_types[] = { + }, + [MT_MEMORY_SO] = { + .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY | +- L_PTE_MT_UNCACHED | L_PTE_XN, ++ L_PTE_MT_UNCACHED, + .prot_l1 = PMD_TYPE_TABLE, + .prot_sect = PMD_TYPE_SECT | PMD_SECT_AP_WRITE | PMD_SECT_S | +- PMD_SECT_UNCACHED | PMD_SECT_XN, ++ PMD_SECT_UNCACHED, + .domain = DOMAIN_KERNEL, + }, + [MT_MEMORY_DMA_READY] = { +@@ -371,9 +414,35 @@ static void __init build_mem_type_table(void) + * to prevent speculative instruction fetches. + */ + mem_types[MT_DEVICE].prot_sect |= PMD_SECT_XN; ++ mem_types[MT_DEVICE].prot_pte |= L_PTE_XN; + mem_types[MT_DEVICE_NONSHARED].prot_sect |= PMD_SECT_XN; ++ mem_types[MT_DEVICE_NONSHARED].prot_pte |= L_PTE_XN; + mem_types[MT_DEVICE_CACHED].prot_sect |= PMD_SECT_XN; ++ mem_types[MT_DEVICE_CACHED].prot_pte |= L_PTE_XN; + mem_types[MT_DEVICE_WC].prot_sect |= PMD_SECT_XN; ++ mem_types[MT_DEVICE_WC].prot_pte |= L_PTE_XN; ++ ++ /* Mark other regions on ARMv6+ as execute-never */ ++ ++#ifdef CONFIG_PAX_KERNEXEC ++ mem_types[MT_UNCACHED].prot_sect |= PMD_SECT_XN; ++ mem_types[MT_UNCACHED].prot_pte |= L_PTE_XN; ++ mem_types[MT_CACHECLEAN].prot_sect |= PMD_SECT_XN; ++ mem_types[MT_CACHECLEAN].prot_pte |= L_PTE_XN; ++#ifndef CONFIG_ARM_LPAE ++ mem_types[MT_MINICLEAN].prot_sect |= PMD_SECT_XN; ++ mem_types[MT_MINICLEAN].prot_pte |= L_PTE_XN; ++#endif ++ mem_types[MT_MEMORY_RW].prot_sect |= PMD_SECT_XN; ++ mem_types[MT_MEMORY_RW].prot_pte |= L_PTE_XN; ++ mem_types[MT_MEMORY_NONCACHED_RW].prot_sect |= PMD_SECT_XN; ++ mem_types[MT_MEMORY_NONCACHED_RW].prot_pte |= PMD_SECT_XN; ++ mem_types[MT_MEMORY_DTCM].prot_sect |= PMD_SECT_XN; ++ mem_types[MT_MEMORY_DTCM].prot_pte |= L_PTE_XN; ++#endif ++ ++ mem_types[MT_MEMORY_SO].prot_sect |= PMD_SECT_XN; ++ mem_types[MT_MEMORY_SO].prot_pte |= L_PTE_XN; + } + if (cpu_arch >= CPU_ARCH_ARMv7 && (cr & CR_TRE)) { + /* +@@ -432,6 +501,9 @@ static void __init build_mem_type_table(void) * from SVC mode and no access from userspace. */ mem_types[MT_ROM].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE; ++#ifdef CONFIG_PAX_KERNEXEC + mem_types[MT_MEMORY_RX].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE; -+ mem_types[MT_MEMORY_R].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE; ++#endif mem_types[MT_MINICLEAN].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE; mem_types[MT_CACHECLEAN].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE; #endif -@@ -450,6 +470,12 @@ static void __init build_mem_type_table(void) +@@ -448,11 +520,17 @@ static void __init build_mem_type_table(void) + mem_types[MT_DEVICE_WC].prot_pte |= L_PTE_SHARED; + mem_types[MT_DEVICE_CACHED].prot_sect |= PMD_SECT_S; mem_types[MT_DEVICE_CACHED].prot_pte |= L_PTE_SHARED; - mem_types[MT_MEMORY].prot_sect |= PMD_SECT_S; - mem_types[MT_MEMORY].prot_pte |= L_PTE_SHARED; -+ mem_types[MT_MEMORY_R].prot_sect |= PMD_SECT_S; -+ mem_types[MT_MEMORY_R].prot_pte |= L_PTE_SHARED; +- mem_types[MT_MEMORY].prot_sect |= PMD_SECT_S; +- mem_types[MT_MEMORY].prot_pte |= L_PTE_SHARED; ++ mem_types[MT_MEMORY_RWX].prot_sect |= PMD_SECT_S; ++ mem_types[MT_MEMORY_RWX].prot_pte |= L_PTE_SHARED; + mem_types[MT_MEMORY_RW].prot_sect |= PMD_SECT_S; + mem_types[MT_MEMORY_RW].prot_pte |= L_PTE_SHARED; + mem_types[MT_MEMORY_RX].prot_sect |= PMD_SECT_S; + mem_types[MT_MEMORY_RX].prot_pte |= L_PTE_SHARED; mem_types[MT_MEMORY_DMA_READY].prot_pte |= L_PTE_SHARED; - mem_types[MT_MEMORY_NONCACHED].prot_sect |= PMD_SECT_S; - mem_types[MT_MEMORY_NONCACHED].prot_pte |= L_PTE_SHARED; -@@ -487,6 +513,8 @@ static void __init build_mem_type_table(void) +- mem_types[MT_MEMORY_NONCACHED].prot_sect |= PMD_SECT_S; +- mem_types[MT_MEMORY_NONCACHED].prot_pte |= L_PTE_SHARED; ++ mem_types[MT_MEMORY_NONCACHED_RW].prot_sect |= PMD_SECT_S; ++ mem_types[MT_MEMORY_NONCACHED_RW].prot_pte |= L_PTE_SHARED; ++ mem_types[MT_MEMORY_NONCACHED_RX].prot_sect |= PMD_SECT_S; ++ mem_types[MT_MEMORY_NONCACHED_RX].prot_pte |= L_PTE_SHARED; + } + } + +@@ -463,15 +541,20 @@ static void __init build_mem_type_table(void) + if (cpu_arch >= CPU_ARCH_ARMv6) { + if (cpu_arch >= CPU_ARCH_ARMv7 && (cr & CR_TRE)) { + /* Non-cacheable Normal is XCB = 001 */ +- mem_types[MT_MEMORY_NONCACHED].prot_sect |= ++ mem_types[MT_MEMORY_NONCACHED_RW].prot_sect |= ++ PMD_SECT_BUFFERED; ++ mem_types[MT_MEMORY_NONCACHED_RX].prot_sect |= + PMD_SECT_BUFFERED; + } else { + /* For both ARMv6 and non-TEX-remapping ARMv7 */ +- mem_types[MT_MEMORY_NONCACHED].prot_sect |= ++ mem_types[MT_MEMORY_NONCACHED_RW].prot_sect |= ++ PMD_SECT_TEX(1); ++ mem_types[MT_MEMORY_NONCACHED_RX].prot_sect |= + PMD_SECT_TEX(1); + } + } else { +- mem_types[MT_MEMORY_NONCACHED].prot_sect |= PMD_SECT_BUFFERABLE; ++ mem_types[MT_MEMORY_NONCACHED_RW].prot_sect |= PMD_SECT_BUFFERABLE; ++ mem_types[MT_MEMORY_NONCACHED_RX].prot_sect |= PMD_SECT_BUFFERABLE; + } + + #ifdef CONFIG_ARM_LPAE +@@ -487,6 +570,8 @@ static void __init build_mem_type_table(void) vecs_pgprot |= PTE_EXT_AF; #endif @@ -2869,24 +3910,63 @@ index 99b47b9..579b667 100644 for (i = 0; i < 16; i++) { pteval_t v = pgprot_val(protection_map[i]); protection_map[i] = __pgprot(v | user_pgprot); -@@ -503,6 +531,12 @@ static void __init build_mem_type_table(void) +@@ -501,10 +586,15 @@ static void __init build_mem_type_table(void) + + mem_types[MT_LOW_VECTORS].prot_l1 |= ecc_mask; mem_types[MT_HIGH_VECTORS].prot_l1 |= ecc_mask; - mem_types[MT_MEMORY].prot_sect |= ecc_mask | cp->pmd; - mem_types[MT_MEMORY].prot_pte |= kern_pgprot; -+ mem_types[MT_MEMORY_R].prot_sect |= ecc_mask | cp->pmd; -+ mem_types[MT_MEMORY_R].prot_pte |= kern_pgprot; +- mem_types[MT_MEMORY].prot_sect |= ecc_mask | cp->pmd; +- mem_types[MT_MEMORY].prot_pte |= kern_pgprot; ++ mem_types[MT_MEMORY_RWX].prot_sect |= ecc_mask | cp->pmd; ++ mem_types[MT_MEMORY_RWX].prot_pte |= kern_pgprot; + mem_types[MT_MEMORY_RW].prot_sect |= ecc_mask | cp->pmd; + mem_types[MT_MEMORY_RW].prot_pte |= kern_pgprot; + mem_types[MT_MEMORY_RX].prot_sect |= ecc_mask | cp->pmd; + mem_types[MT_MEMORY_RX].prot_pte |= kern_pgprot; mem_types[MT_MEMORY_DMA_READY].prot_pte |= kern_pgprot; - mem_types[MT_MEMORY_NONCACHED].prot_sect |= ecc_mask; +- mem_types[MT_MEMORY_NONCACHED].prot_sect |= ecc_mask; ++ mem_types[MT_MEMORY_NONCACHED_RW].prot_sect |= ecc_mask; ++ mem_types[MT_MEMORY_NONCACHED_RX].prot_sect |= ecc_mask; mem_types[MT_ROM].prot_sect |= cp->pmd; -@@ -1198,7 +1232,41 @@ static void __init map_lowmem(void) + + switch (cp->pmd) { +@@ -1105,18 +1195,15 @@ void __init arm_mm_memblock_reserve(void) + * called function. This means you can't use any function or debugging + * method which may touch any device, otherwise the kernel _will_ crash. + */ ++ ++static char vectors[PAGE_SIZE] __read_only __aligned(PAGE_SIZE); ++ + static void __init devicemaps_init(struct machine_desc *mdesc) + { + struct map_desc map; + unsigned long addr; +- void *vectors; + +- /* +- * Allocate the vector page early. +- */ +- vectors = early_alloc(PAGE_SIZE); +- +- early_trap_init(vectors); ++ early_trap_init(&vectors); + + for (addr = VMALLOC_START; addr; addr += PMD_SIZE) + pmd_clear(pmd_off_k(addr)); +@@ -1156,7 +1243,7 @@ static void __init devicemaps_init(struct machine_desc *mdesc) + * location (0xffff0000). If we aren't using high-vectors, also + * create a mapping at the low-vectors virtual address. + */ +- map.pfn = __phys_to_pfn(virt_to_phys(vectors)); ++ map.pfn = __phys_to_pfn(virt_to_phys(&vectors)); + map.virtual = 0xffff0000; + map.length = PAGE_SIZE; + map.type = MT_HIGH_VECTORS; +@@ -1214,8 +1301,39 @@ static void __init map_lowmem(void) map.pfn = __phys_to_pfn(start); map.virtual = __phys_to_virt(start); map.length = end - start; -+ +- map.type = MT_MEMORY; + +#ifdef CONFIG_PAX_KERNEXEC + if (map.virtual <= (unsigned long)_stext && ((unsigned long)_end < (map.virtual + map.length))) { + struct map_desc kernel; @@ -2896,19 +3976,19 @@ index 99b47b9..579b667 100644 + initmap.pfn = __phys_to_pfn(__pa(__init_begin)); + initmap.virtual = (unsigned long)__init_begin; + initmap.length = _sdata - __init_begin; -+ initmap.type = MT_MEMORY; ++ initmap.type = MT_MEMORY_RWX; + create_mapping(&initmap); + + /* when freeing initmem we will make this RX */ + kernel.pfn = __phys_to_pfn(__pa(_stext)); + kernel.virtual = (unsigned long)_stext; + kernel.length = __init_begin - _stext; -+ kernel.type = MT_MEMORY; ++ kernel.type = MT_MEMORY_RWX; + create_mapping(&kernel); + + if (map.virtual < (unsigned long)_stext) { + map.length = (unsigned long)_stext - map.virtual; -+ map.type = MT_MEMORY; ++ map.type = MT_MEMORY_RWX; + create_mapping(&map); + } + @@ -2916,19 +3996,44 @@ index 99b47b9..579b667 100644 + map.virtual = (unsigned long)_sdata; + map.length = end - __pa(_sdata); + } ++#endif + + map.type = MT_MEMORY_RW; -+#else - map.type = MT_MEMORY; -+#endif - create_mapping(&map); } + } +diff --git a/arch/arm/mm/proc-v7-2level.S b/arch/arm/mm/proc-v7-2level.S +index 6d98c13..3cfb174 100644 +--- a/arch/arm/mm/proc-v7-2level.S ++++ b/arch/arm/mm/proc-v7-2level.S +@@ -99,6 +99,9 @@ ENTRY(cpu_v7_set_pte_ext) + tst r1, #L_PTE_XN + orrne r3, r3, #PTE_EXT_XN + ++ tst r1, #L_PTE_PXN ++ orrne r3, r3, #PTE_EXT_PXN ++ + tst r1, #L_PTE_YOUNG + tstne r1, #L_PTE_VALID + #ifndef CONFIG_CPU_USE_DOMAINS +diff --git a/arch/arm/plat-omap/sram.c b/arch/arm/plat-omap/sram.c +index a5bc92d..0bb4730 100644 +--- a/arch/arm/plat-omap/sram.c ++++ b/arch/arm/plat-omap/sram.c +@@ -93,6 +93,8 @@ void __init omap_map_sram(unsigned long start, unsigned long size, + * Looks like we need to preserve some bootloader code at the + * beginning of SRAM for jumping to flash for reboot to work... + */ ++ pax_open_kernel(); + memset_io(omap_sram_base + omap_sram_skip, 0, + omap_sram_size - omap_sram_skip); ++ pax_close_kernel(); + } diff --git a/arch/arm/plat-orion/include/plat/addr-map.h b/arch/arm/plat-orion/include/plat/addr-map.h -index ec63e4a..62aa5f1d 100644 +index b76c065..b6e766b 100644 --- a/arch/arm/plat-orion/include/plat/addr-map.h +++ b/arch/arm/plat-orion/include/plat/addr-map.h -@@ -26,7 +26,7 @@ struct orion_addr_map_cfg { +@@ -27,7 +27,7 @@ struct orion_addr_map_cfg { value in bridge_virt_base */ void __iomem *(*win_cfg_base) (const struct orion_addr_map_cfg *cfg, const int win); @@ -2950,6 +4055,32 @@ index f5144cd..71f6d1f 100644 extern void *samsung_dmadev_get_ops(void); extern void *s3c_dma_get_ops(void); +diff --git a/arch/arm64/kernel/debug-monitors.c b/arch/arm64/kernel/debug-monitors.c +index 0c3ba9f..95722b3 100644 +--- a/arch/arm64/kernel/debug-monitors.c ++++ b/arch/arm64/kernel/debug-monitors.c +@@ -151,7 +151,7 @@ static int __cpuinit os_lock_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata os_lock_nb = { ++static struct notifier_block os_lock_nb = { + .notifier_call = os_lock_notify, + }; + +diff --git a/arch/arm64/kernel/hw_breakpoint.c b/arch/arm64/kernel/hw_breakpoint.c +index 5ab825c..96aaec8 100644 +--- a/arch/arm64/kernel/hw_breakpoint.c ++++ b/arch/arm64/kernel/hw_breakpoint.c +@@ -831,7 +831,7 @@ static int __cpuinit hw_breakpoint_reset_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata hw_breakpoint_reset_nb = { ++static struct notifier_block hw_breakpoint_reset_nb = { + .notifier_call = hw_breakpoint_reset_notify, + }; + diff --git a/arch/avr32/include/asm/cache.h b/arch/avr32/include/asm/cache.h index c3a58a1..78fbf54 100644 --- a/arch/avr32/include/asm/cache.h @@ -3414,6 +4545,32 @@ index 449c8c0..50cdf87 100644 __cu_len; \ }) +diff --git a/arch/ia64/kernel/err_inject.c b/arch/ia64/kernel/err_inject.c +index 2d67317..07d8bfa 100644 +--- a/arch/ia64/kernel/err_inject.c ++++ b/arch/ia64/kernel/err_inject.c +@@ -256,7 +256,7 @@ static int __cpuinit err_inject_cpu_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata err_inject_cpu_notifier = ++static struct notifier_block err_inject_cpu_notifier = + { + .notifier_call = err_inject_cpu_callback, + }; +diff --git a/arch/ia64/kernel/mca.c b/arch/ia64/kernel/mca.c +index 65bf9cd..794f06b 100644 +--- a/arch/ia64/kernel/mca.c ++++ b/arch/ia64/kernel/mca.c +@@ -1922,7 +1922,7 @@ static int __cpuinit mca_cpu_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block mca_cpu_notifier __cpuinitdata = { ++static struct notifier_block mca_cpu_notifier = { + .notifier_call = mca_cpu_callback + }; + diff --git a/arch/ia64/kernel/module.c b/arch/ia64/kernel/module.c index 24603be..948052d 100644 --- a/arch/ia64/kernel/module.c @@ -3506,6 +4663,32 @@ index 24603be..948052d 100644 mod->arch.gp = gp; DEBUGP("%s: placing gp at 0x%lx\n", __func__, gp); } +diff --git a/arch/ia64/kernel/palinfo.c b/arch/ia64/kernel/palinfo.c +index 77597e5..6f28f3f 100644 +--- a/arch/ia64/kernel/palinfo.c ++++ b/arch/ia64/kernel/palinfo.c +@@ -1045,7 +1045,7 @@ static int __cpuinit palinfo_cpu_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block __refdata palinfo_cpu_notifier = ++static struct notifier_block palinfo_cpu_notifier = + { + .notifier_call = palinfo_cpu_callback, + .priority = 0, +diff --git a/arch/ia64/kernel/salinfo.c b/arch/ia64/kernel/salinfo.c +index 79802e5..1a89ec5 100644 +--- a/arch/ia64/kernel/salinfo.c ++++ b/arch/ia64/kernel/salinfo.c +@@ -616,7 +616,7 @@ salinfo_cpu_callback(struct notifier_block *nb, unsigned long action, void *hcpu + return NOTIFY_OK; + } + +-static struct notifier_block salinfo_cpu_notifier __cpuinitdata = ++static struct notifier_block salinfo_cpu_notifier = + { + .notifier_call = salinfo_cpu_callback, + .priority = 0, diff --git a/arch/ia64/kernel/sys_ia64.c b/arch/ia64/kernel/sys_ia64.c index d9439ef..d0cac6b 100644 --- a/arch/ia64/kernel/sys_ia64.c @@ -3551,7 +4734,7 @@ index d9439ef..d0cac6b 100644 mm->free_area_cache = addr + len; return addr; diff --git a/arch/ia64/kernel/topology.c b/arch/ia64/kernel/topology.c -index c64460b..4d250a6 100644 +index dc00b2c..cce53c2 100644 --- a/arch/ia64/kernel/topology.c +++ b/arch/ia64/kernel/topology.c @@ -445,7 +445,7 @@ static int __cpuinit cache_cpu_callback(struct notifier_block *nfb, @@ -3649,7 +4832,7 @@ index 5ca674b..127c3cb 100644 addr = ALIGN(vmm->vm_end, HPAGE_SIZE); } diff --git a/arch/ia64/mm/init.c b/arch/ia64/mm/init.c -index 082e383..fb7be80 100644 +index b755ea9..b9a969e 100644 --- a/arch/ia64/mm/init.c +++ b/arch/ia64/mm/init.c @@ -120,6 +120,19 @@ ia64_init_addr_space (void) @@ -3834,10 +5017,10 @@ index c1f6afa..38cc6e9 100644 #endif /* _ASM_EXEC_H */ diff --git a/arch/mips/include/asm/page.h b/arch/mips/include/asm/page.h -index da9bd7d..91aa7ab 100644 +index dbaec94..6a14935 100644 --- a/arch/mips/include/asm/page.h +++ b/arch/mips/include/asm/page.h -@@ -98,7 +98,7 @@ extern void copy_user_highpage(struct page *to, struct page *from, +@@ -96,7 +96,7 @@ extern void copy_user_highpage(struct page *to, struct page *from, #ifdef CONFIG_CPU_MIPS32 typedef struct { unsigned long pte_low, pte_high; } pte_t; #define pte_val(x) ((x).pte_low | ((unsigned long long)(x).pte_high << 32)) @@ -3863,10 +5046,10 @@ index 881d18b..cea38bc 100644 /* diff --git a/arch/mips/include/asm/thread_info.h b/arch/mips/include/asm/thread_info.h -index 18806a5..141ffcf 100644 +index b2050b9..d71bb1b 100644 --- a/arch/mips/include/asm/thread_info.h +++ b/arch/mips/include/asm/thread_info.h -@@ -110,6 +110,8 @@ register struct thread_info *__current_thread_info __asm__("$28"); +@@ -111,6 +111,8 @@ register struct thread_info *__current_thread_info __asm__("$28"); #define TIF_32BIT_ADDR 23 /* 32-bit address space (o32/n32) */ #define TIF_FPUBOUND 24 /* thread bound to FPU-full CPU set */ #define TIF_LOAD_WATCH 25 /* If set, load watch registers */ @@ -3875,7 +5058,7 @@ index 18806a5..141ffcf 100644 #define TIF_SYSCALL_TRACE 31 /* syscall trace active */ #define _TIF_SYSCALL_TRACE (1<<TIF_SYSCALL_TRACE) -@@ -125,15 +127,18 @@ register struct thread_info *__current_thread_info __asm__("$28"); +@@ -126,15 +128,18 @@ register struct thread_info *__current_thread_info __asm__("$28"); #define _TIF_32BIT_ADDR (1<<TIF_32BIT_ADDR) #define _TIF_FPUBOUND (1<<TIF_FPUBOUND) #define _TIF_LOAD_WATCH (1<<TIF_LOAD_WATCH) @@ -3933,10 +5116,10 @@ index ff44823..97f8906 100644 /* diff --git a/arch/mips/kernel/process.c b/arch/mips/kernel/process.c -index 69b17a9..9db82f9 100644 +index a11c6f9..be5e164 100644 --- a/arch/mips/kernel/process.c +++ b/arch/mips/kernel/process.c -@@ -478,15 +478,3 @@ unsigned long get_wchan(struct task_struct *task) +@@ -460,15 +460,3 @@ unsigned long get_wchan(struct task_struct *task) out: return pc; } @@ -3980,7 +5163,7 @@ index 4812c6d..2069554 100644 goto out; diff --git a/arch/mips/kernel/scall32-o32.S b/arch/mips/kernel/scall32-o32.S -index 374f66e..1c882a0 100644 +index d20a4bc..7096ae5 100644 --- a/arch/mips/kernel/scall32-o32.S +++ b/arch/mips/kernel/scall32-o32.S @@ -52,7 +52,7 @@ NESTED(handle_sys, PT_SIZE, sp) @@ -3993,7 +5176,7 @@ index 374f66e..1c882a0 100644 bnez t0, syscall_trace_entry # -> yes diff --git a/arch/mips/kernel/scall64-64.S b/arch/mips/kernel/scall64-64.S -index 169de6a..f594a89 100644 +index b64f642..0fe6eab 100644 --- a/arch/mips/kernel/scall64-64.S +++ b/arch/mips/kernel/scall64-64.S @@ -54,7 +54,7 @@ NESTED(handle_sys64, PT_SIZE, sp) @@ -4006,10 +5189,10 @@ index 169de6a..f594a89 100644 and t0, t1, t0 bnez t0, syscall_trace_entry diff --git a/arch/mips/kernel/scall64-n32.S b/arch/mips/kernel/scall64-n32.S -index 86ec03f..1235baf 100644 +index c29ac19..c592d05 100644 --- a/arch/mips/kernel/scall64-n32.S +++ b/arch/mips/kernel/scall64-n32.S -@@ -53,7 +53,7 @@ NESTED(handle_sysn32, PT_SIZE, sp) +@@ -47,7 +47,7 @@ NESTED(handle_sysn32, PT_SIZE, sp) sd a3, PT_R26(sp) # save a3 for syscall restarting @@ -4019,7 +5202,7 @@ index 86ec03f..1235baf 100644 and t0, t1, t0 bnez t0, n32_syscall_trace_entry diff --git a/arch/mips/kernel/scall64-o32.S b/arch/mips/kernel/scall64-o32.S -index 53c2d72..3734584 100644 +index cf3e75e..72e93fe 100644 --- a/arch/mips/kernel/scall64-o32.S +++ b/arch/mips/kernel/scall64-o32.S @@ -81,7 +81,7 @@ NESTED(handle_sys, PT_SIZE, sp) @@ -4060,18 +5243,18 @@ index ddcec1e..c7f983e 100644 * This routine handles page faults. It determines the address, * and the problem, and then passes it off to one of the appropriate diff --git a/arch/mips/mm/mmap.c b/arch/mips/mm/mmap.c -index 302d779..6459dc0 100644 +index 7e5fe27..479a219 100644 --- a/arch/mips/mm/mmap.c +++ b/arch/mips/mm/mmap.c -@@ -71,6 +71,7 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp, +@@ -59,6 +59,7 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp, struct vm_area_struct *vma; unsigned long addr = addr0; int do_color_align; + unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); + struct vm_unmapped_area_info info; if (unlikely(len > TASK_SIZE)) - return -ENOMEM; -@@ -95,6 +96,11 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp, +@@ -84,6 +85,11 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp, do_color_align = 1; /* requesting a specific address */ @@ -4083,7 +5266,7 @@ index 302d779..6459dc0 100644 if (addr) { if (do_color_align) addr = COLOUR_ALIGN(addr, pgoff); -@@ -102,8 +108,7 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp, +@@ -91,8 +97,7 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp, addr = PAGE_ALIGN(addr); vma = find_vma(mm, addr); @@ -4093,70 +5276,18 @@ index 302d779..6459dc0 100644 return addr; } -@@ -118,7 +123,7 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp, - /* At this point: (!vma || addr < vma->vm_end). */ - if (TASK_SIZE - len < addr) - return -ENOMEM; -- if (!vma || addr + len <= vma->vm_start) -+ if (check_heap_stack_gap(vmm, addr, len, offset)) - return addr; - addr = vma->vm_end; - if (do_color_align) -@@ -145,7 +150,7 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp, - /* make sure it can fit in the remaining address space */ - if (likely(addr > len)) { - vma = find_vma(mm, addr - len); -- if (!vma || addr <= vma->vm_start) { -+ if (check_heap_stack_gap(vmm, addr - len, len, offset)) - /* cache the address as a hint for next time */ - return mm->free_area_cache = addr - len; - } -@@ -155,17 +160,17 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp, - goto bottomup; - - addr = mm->mmap_base - len; -- if (do_color_align) -- addr = COLOUR_ALIGN_DOWN(addr, pgoff); - - do { -+ if (do_color_align) -+ addr = COLOUR_ALIGN_DOWN(addr, pgoff); - /* - * Lookup failure means no vma is above this address, - * else if new region fits below vma->vm_start, - * return with success: - */ - vma = find_vma(mm, addr); -- if (likely(!vma || addr + len <= vma->vm_start)) { -+ if (check_heap_stack_gap(vmm, addr, len, offset)) { - /* cache the address as a hint for next time */ - return mm->free_area_cache = addr; - } -@@ -175,10 +180,8 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp, - mm->cached_hole_size = vma->vm_start - addr; - - /* try just below the current vma->vm_start */ -- addr = vma->vm_start - len; -- if (do_color_align) -- addr = COLOUR_ALIGN_DOWN(addr, pgoff); -- } while (likely(len < vma->vm_start)); -+ addr = skip_heap_stack_gap(vma, len, offset); -+ } while (!IS_ERR_VALUE(addr)); - - bottomup: - /* -@@ -223,6 +226,10 @@ void arch_pick_mmap_layout(struct mm_struct *mm) +@@ -146,6 +151,10 @@ void arch_pick_mmap_layout(struct mm_struct *mm) { unsigned long random_factor = 0UL; +#ifdef CONFIG_PAX_RANDMMAP -+ if (!(current->mm->pax_flags & MF_PAX_RANDMMAP)) ++ if (!(mm->pax_flags & MF_PAX_RANDMMAP)) +#endif + if (current->flags & PF_RANDOMIZE) { random_factor = get_random_int(); random_factor = random_factor << PAGE_SHIFT; -@@ -234,38 +241,23 @@ void arch_pick_mmap_layout(struct mm_struct *mm) +@@ -157,42 +166,27 @@ void arch_pick_mmap_layout(struct mm_struct *mm) if (mmap_is_legacy()) { mm->mmap_base = TASK_UNMAPPED_BASE + random_factor; @@ -4180,7 +5311,7 @@ index 302d779..6459dc0 100644 mm->unmap_area = arch_unmap_area_topdown; } } -- + -static inline unsigned long brk_rnd(void) -{ - unsigned long rnd = get_random_int(); @@ -4207,6 +5338,10 @@ index 302d779..6459dc0 100644 - - return ret; -} +- + int __virt_addr_valid(const volatile void *kaddr) + { + return pfn_valid(PFN_DOWN(virt_to_phys(kaddr))); diff --git a/arch/mn10300/proc-mn103e010/include/proc/cache.h b/arch/mn10300/proc-mn103e010/include/proc/cache.h index 967d144..db12197 100644 --- a/arch/mn10300/proc-mn103e010/include/proc/cache.h @@ -4398,7 +5533,7 @@ index 4ba2c93..f5e3974 100644 else copy_from_user_overflow(); diff --git a/arch/parisc/kernel/module.c b/arch/parisc/kernel/module.c -index 5e34ccf..672bc9c 100644 +index 2a625fb..9908930 100644 --- a/arch/parisc/kernel/module.c +++ b/arch/parisc/kernel/module.c @@ -98,16 +98,38 @@ @@ -4444,7 +5579,7 @@ index 5e34ccf..672bc9c 100644 } static inline int in_local(struct module *me, void *loc) -@@ -373,13 +395,13 @@ int module_frob_arch_sections(CONST Elf_Ehdr *hdr, +@@ -371,13 +393,13 @@ int module_frob_arch_sections(CONST Elf_Ehdr *hdr, } /* align things a bit */ @@ -4464,7 +5599,7 @@ index 5e34ccf..672bc9c 100644 me->arch.got_max = gots; me->arch.fdesc_max = fdescs; -@@ -397,7 +419,7 @@ static Elf64_Word get_got(struct module *me, unsigned long value, long addend) +@@ -395,7 +417,7 @@ static Elf64_Word get_got(struct module *me, unsigned long value, long addend) BUG_ON(value == 0); @@ -4473,7 +5608,7 @@ index 5e34ccf..672bc9c 100644 for (i = 0; got[i].addr; i++) if (got[i].addr == value) goto out; -@@ -415,7 +437,7 @@ static Elf64_Word get_got(struct module *me, unsigned long value, long addend) +@@ -413,7 +435,7 @@ static Elf64_Word get_got(struct module *me, unsigned long value, long addend) #ifdef CONFIG_64BIT static Elf_Addr get_fdesc(struct module *me, unsigned long value) { @@ -4482,7 +5617,7 @@ index 5e34ccf..672bc9c 100644 if (!value) { printk(KERN_ERR "%s: zero OPD requested!\n", me->name); -@@ -433,7 +455,7 @@ static Elf_Addr get_fdesc(struct module *me, unsigned long value) +@@ -431,7 +453,7 @@ static Elf_Addr get_fdesc(struct module *me, unsigned long value) /* Create new one */ fdesc->addr = value; @@ -4491,7 +5626,7 @@ index 5e34ccf..672bc9c 100644 return (Elf_Addr)fdesc; } #endif /* CONFIG_64BIT */ -@@ -845,7 +867,7 @@ register_unwind_table(struct module *me, +@@ -843,7 +865,7 @@ register_unwind_table(struct module *me, table = (unsigned char *)sechdrs[me->arch.unwind_section].sh_addr; end = table + sechdrs[me->arch.unwind_section].sh_size; @@ -4982,7 +6117,7 @@ index 4aad413..85d86bf 100644 #define _PAGE_NO_CACHE 0x020 /* I: cache inhibit */ #define _PAGE_WRITETHRU 0x040 /* W: cache write-through */ diff --git a/arch/powerpc/include/asm/reg.h b/arch/powerpc/include/asm/reg.h -index d24c141..b60696e 100644 +index 3d5c9dc..62f8414 100644 --- a/arch/powerpc/include/asm/reg.h +++ b/arch/powerpc/include/asm/reg.h @@ -215,6 +215,7 @@ @@ -5231,10 +6366,10 @@ index 4684e33..acc4d19e 100644 ld r4,_DAR(r1) bl .bad_page_fault diff --git a/arch/powerpc/kernel/exceptions-64s.S b/arch/powerpc/kernel/exceptions-64s.S -index 10b658a..e542888 100644 +index 4665e82..080ea99 100644 --- a/arch/powerpc/kernel/exceptions-64s.S +++ b/arch/powerpc/kernel/exceptions-64s.S -@@ -1013,10 +1013,10 @@ handle_page_fault: +@@ -1206,10 +1206,10 @@ handle_page_fault: 11: ld r4,_DAR(r1) ld r5,_DSISR(r1) addi r3,r1,STACK_FRAME_OVERHEAD @@ -5280,7 +6415,7 @@ index 2e3200c..72095ce 100644 /* Find this entry, or if that fails, the next avail. entry */ while (entry->jump[0]) { diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c -index ba48233..16ac31d 100644 +index 8143067..21ae55b 100644 --- a/arch/powerpc/kernel/process.c +++ b/arch/powerpc/kernel/process.c @@ -680,8 +680,8 @@ void show_regs(struct pt_regs * regs) @@ -5294,7 +6429,7 @@ index ba48233..16ac31d 100644 #endif show_stack(current, (unsigned long *) regs->gpr[1]); if (!user_mode(regs)) -@@ -1175,10 +1175,10 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) +@@ -1129,10 +1129,10 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) newsp = stack[0]; ip = stack[STACK_FRAME_LR_SAVE]; if (!firstframe || ip != lr) { @@ -5307,7 +6442,7 @@ index ba48233..16ac31d 100644 (void *)current->ret_stack[curr_frame].ret); curr_frame--; } -@@ -1198,7 +1198,7 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) +@@ -1152,7 +1152,7 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) struct pt_regs *regs = (struct pt_regs *) (sp + STACK_FRAME_OVERHEAD); lr = regs->link; @@ -5316,7 +6451,7 @@ index ba48233..16ac31d 100644 regs->trap, (void *)regs->nip, (void *)lr); firstframe = 1; } -@@ -1240,58 +1240,3 @@ void __ppc64_runlatch_off(void) +@@ -1194,58 +1194,3 @@ void __ppc64_runlatch_off(void) mtspr(SPRN_CTRLT, ctrl); } #endif /* CONFIG_PPC64 */ @@ -5376,10 +6511,10 @@ index ba48233..16ac31d 100644 - return ret; -} diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c -index 79d8e56..38ffcbb 100644 +index c497000..8fde506 100644 --- a/arch/powerpc/kernel/ptrace.c +++ b/arch/powerpc/kernel/ptrace.c -@@ -1663,6 +1663,10 @@ long arch_ptrace(struct task_struct *child, long request, +@@ -1737,6 +1737,10 @@ long arch_ptrace(struct task_struct *child, long request, return ret; } @@ -5390,7 +6525,7 @@ index 79d8e56..38ffcbb 100644 /* * We must return the syscall number to actually look up in the table. * This can be -1L to skip running any syscall at all. -@@ -1673,6 +1677,11 @@ long do_syscall_trace_enter(struct pt_regs *regs) +@@ -1747,6 +1751,11 @@ long do_syscall_trace_enter(struct pt_regs *regs) secure_computing_strict(regs->gpr[0]); @@ -5402,7 +6537,7 @@ index 79d8e56..38ffcbb 100644 if (test_thread_flag(TIF_SYSCALL_TRACE) && tracehook_report_syscall_entry(regs)) /* -@@ -1707,6 +1716,11 @@ void do_syscall_trace_leave(struct pt_regs *regs) +@@ -1781,6 +1790,11 @@ void do_syscall_trace_leave(struct pt_regs *regs) { int step; @@ -5428,7 +6563,7 @@ index 804e323..79181c1 100644 goto badframe; regs->link = current->mm->context.vdso_base + vdso32_rt_sigtramp; diff --git a/arch/powerpc/kernel/signal_64.c b/arch/powerpc/kernel/signal_64.c -index d183f87..1867f1a 100644 +index 1ca045d..139c3f7 100644 --- a/arch/powerpc/kernel/signal_64.c +++ b/arch/powerpc/kernel/signal_64.c @@ -430,7 +430,7 @@ int handle_rt_signal64(int signr, struct k_sigaction *ka, siginfo_t *info, @@ -5440,6 +6575,19 @@ index d183f87..1867f1a 100644 regs->link = current->mm->context.vdso_base + vdso64_rt_sigtramp; } else { err |= setup_trampoline(__NR_rt_sigreturn, &frame->tramp[0]); +diff --git a/arch/powerpc/kernel/sysfs.c b/arch/powerpc/kernel/sysfs.c +index 3ce1f86..c30e629 100644 +--- a/arch/powerpc/kernel/sysfs.c ++++ b/arch/powerpc/kernel/sysfs.c +@@ -522,7 +522,7 @@ static int __cpuinit sysfs_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata sysfs_cpu_nb = { ++static struct notifier_block sysfs_cpu_nb = { + .notifier_call = sysfs_cpu_notify, + }; + diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c index 3251840..3f7c77a 100644 --- a/arch/powerpc/kernel/traps.c @@ -5529,7 +6677,7 @@ index 5eea6f3..5d10396 100644 EXPORT_SYMBOL(copy_in_user); diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c -index 0a6b283..7674925 100644 +index 3a8489a..6a63b3b 100644 --- a/arch/powerpc/mm/fault.c +++ b/arch/powerpc/mm/fault.c @@ -32,6 +32,10 @@ @@ -5577,7 +6725,7 @@ index 0a6b283..7674925 100644 /* * Check whether the instruction at regs->nip is a store using * an update addressing form which will update r1. -@@ -216,7 +247,7 @@ int __kprobes do_page_fault(struct pt_regs *regs, unsigned long address, +@@ -213,7 +244,7 @@ int __kprobes do_page_fault(struct pt_regs *regs, unsigned long address, * indicate errors in DSISR but can validly be set in SRR1. */ if (trap == 0x400) @@ -5586,7 +6734,7 @@ index 0a6b283..7674925 100644 else is_write = error_code & DSISR_ISSTORE; #else -@@ -367,7 +398,7 @@ good_area: +@@ -364,7 +395,7 @@ good_area: * "undefined". Of those that can be set, this is the only * one which seems bad. */ @@ -5595,7 +6743,7 @@ index 0a6b283..7674925 100644 /* Guarded storage error. */ goto bad_area; #endif /* CONFIG_8xx */ -@@ -382,7 +413,7 @@ good_area: +@@ -379,7 +410,7 @@ good_area: * processors use the same I/D cache coherency mechanism * as embedded. */ @@ -5604,7 +6752,7 @@ index 0a6b283..7674925 100644 goto bad_area; #endif /* CONFIG_PPC_STD_MMU */ -@@ -465,6 +496,23 @@ bad_area: +@@ -462,6 +493,23 @@ bad_area: bad_area_nosemaphore: /* User mode accesses cause a SIGSEGV */ if (user_mode(regs)) { @@ -5629,7 +6777,7 @@ index 0a6b283..7674925 100644 return 0; } diff --git a/arch/powerpc/mm/mmap_64.c b/arch/powerpc/mm/mmap_64.c -index 67a42ed..c16ef80 100644 +index 67a42ed..cd463e0 100644 --- a/arch/powerpc/mm/mmap_64.c +++ b/arch/powerpc/mm/mmap_64.c @@ -57,6 +57,10 @@ static unsigned long mmap_rnd(void) @@ -5637,7 +6785,7 @@ index 67a42ed..c16ef80 100644 unsigned long rnd = 0; +#ifdef CONFIG_PAX_RANDMMAP -+ if (!(current->mm->pax_flags & MF_PAX_RANDMMAP)) ++ if (!(mm->pax_flags & MF_PAX_RANDMMAP)) +#endif + if (current->flags & PF_RANDOMIZE) { @@ -5666,8 +6814,34 @@ index 67a42ed..c16ef80 100644 mm->get_unmapped_area = arch_get_unmapped_area_topdown; mm->unmap_area = arch_unmap_area_topdown; } +diff --git a/arch/powerpc/mm/mmu_context_nohash.c b/arch/powerpc/mm/mmu_context_nohash.c +index e779642..e5bb889 100644 +--- a/arch/powerpc/mm/mmu_context_nohash.c ++++ b/arch/powerpc/mm/mmu_context_nohash.c +@@ -363,7 +363,7 @@ static int __cpuinit mmu_context_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata mmu_context_cpu_nb = { ++static struct notifier_block mmu_context_cpu_nb = { + .notifier_call = mmu_context_cpu_notify, + }; + +diff --git a/arch/powerpc/mm/numa.c b/arch/powerpc/mm/numa.c +index bba87ca..c346a33 100644 +--- a/arch/powerpc/mm/numa.c ++++ b/arch/powerpc/mm/numa.c +@@ -932,7 +932,7 @@ static void __init *careful_zallocation(int nid, unsigned long size, + return ret; + } + +-static struct notifier_block __cpuinitdata ppc64_numa_nb = { ++static struct notifier_block ppc64_numa_nb = { + .notifier_call = cpu_numa_callback, + .priority = 1 /* Must run before sched domains notifier. */ + }; diff --git a/arch/powerpc/mm/slice.c b/arch/powerpc/mm/slice.c -index 5829d2a..af84242 100644 +index cf9dada..241529f 100644 --- a/arch/powerpc/mm/slice.c +++ b/arch/powerpc/mm/slice.c @@ -103,7 +103,7 @@ static int slice_area_is_free(struct mm_struct *mm, unsigned long addr, @@ -5736,6 +6910,19 @@ index 5829d2a..af84242 100644 /* If hint, make sure it matches our alignment restrictions */ if (!fixed && addr) { addr = _ALIGN_UP(addr, 1ul << pshift); +diff --git a/arch/powerpc/platforms/powermac/smp.c b/arch/powerpc/platforms/powermac/smp.c +index bdb738a..49c9f95 100644 +--- a/arch/powerpc/platforms/powermac/smp.c ++++ b/arch/powerpc/platforms/powermac/smp.c +@@ -885,7 +885,7 @@ static int smp_core99_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata smp_core99_cpu_nb = { ++static struct notifier_block smp_core99_cpu_nb = { + .notifier_call = smp_core99_cpu_notify, + }; + #endif /* CONFIG_HOTPLUG_CPU */ diff --git a/arch/s390/include/asm/atomic.h b/arch/s390/include/asm/atomic.h index c797832..ce575c8 100644 --- a/arch/s390/include/asm/atomic.h @@ -5934,10 +7121,10 @@ index 4610dea..cf0af21 100644 if (r_type == R_390_GOTPC) *(unsigned int *) loc = val; diff --git a/arch/s390/kernel/process.c b/arch/s390/kernel/process.c -index cd31ad4..201c5a3 100644 +index 536d645..4a5bd9e 100644 --- a/arch/s390/kernel/process.c +++ b/arch/s390/kernel/process.c -@@ -283,39 +283,3 @@ unsigned long get_wchan(struct task_struct *p) +@@ -250,39 +250,3 @@ unsigned long get_wchan(struct task_struct *p) } return 0; } @@ -6055,10 +7242,10 @@ index f9f3cd5..58ff438 100644 #endif /* _ASM_SCORE_EXEC_H */ diff --git a/arch/score/kernel/process.c b/arch/score/kernel/process.c -index 637970c..0b6556b 100644 +index 7956846..5f37677 100644 --- a/arch/score/kernel/process.c +++ b/arch/score/kernel/process.c -@@ -161,8 +161,3 @@ unsigned long get_wchan(struct task_struct *task) +@@ -134,8 +134,3 @@ unsigned long get_wchan(struct task_struct *task) return task_pt_regs(task)->cp0_epc; } @@ -6084,19 +7271,43 @@ index ef9e555..331bd29 100644 #define __read_mostly __attribute__((__section__(".data..read_mostly"))) +diff --git a/arch/sh/kernel/cpu/sh4a/smp-shx3.c b/arch/sh/kernel/cpu/sh4a/smp-shx3.c +index 03f2b55..b027032 100644 +--- a/arch/sh/kernel/cpu/sh4a/smp-shx3.c ++++ b/arch/sh/kernel/cpu/sh4a/smp-shx3.c +@@ -143,7 +143,7 @@ shx3_cpu_callback(struct notifier_block *nfb, unsigned long action, void *hcpu) + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata shx3_cpu_notifier = { ++static struct notifier_block shx3_cpu_notifier = { + .notifier_call = shx3_cpu_callback, + }; + diff --git a/arch/sh/mm/mmap.c b/arch/sh/mm/mmap.c -index afeb710..e8366ef 100644 +index 6777177..cb5e44f 100644 --- a/arch/sh/mm/mmap.c +++ b/arch/sh/mm/mmap.c -@@ -49,6 +49,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -36,6 +36,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, + struct mm_struct *mm = current->mm; struct vm_area_struct *vma; - unsigned long start_addr; int do_colour_align; + unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); + struct vm_unmapped_area_info info; if (flags & MAP_FIXED) { - /* We do not accept a shared mapping if it would violate -@@ -74,8 +75,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -55,6 +56,10 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, + if (filp || (flags & MAP_SHARED)) + do_colour_align = 1; + ++#ifdef CONFIG_PAX_RANDMMAP ++ if (!(mm->pax_flags & MF_PAX_RANDMMAP)) ++#endif ++ + if (addr) { + if (do_colour_align) + addr = COLOUR_ALIGN(addr, pgoff); +@@ -62,14 +67,13 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, addr = PAGE_ALIGN(addr); vma = find_vma(mm, addr); @@ -6106,24 +7317,33 @@ index afeb710..e8366ef 100644 return addr; } -@@ -106,7 +106,7 @@ full_search: - } - return -ENOMEM; - } -- if (likely(!vma || addr + len <= vma->vm_start)) { -+ if (likely(check_heap_stack_gap(vma, addr, len, offset))) { - /* - * Remember the place where we stopped the search: - */ -@@ -131,6 +131,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, + info.flags = 0; + info.length = len; +- info.low_limit = TASK_UNMAPPED_BASE; ++ info.low_limit = mm->mmap_base; + info.high_limit = TASK_SIZE; + info.align_mask = do_colour_align ? (PAGE_MASK & shm_align_mask) : 0; + info.align_offset = pgoff << PAGE_SHIFT; +@@ -85,6 +89,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, struct mm_struct *mm = current->mm; unsigned long addr = addr0; int do_colour_align; + unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); + struct vm_unmapped_area_info info; if (flags & MAP_FIXED) { - /* We do not accept a shared mapping if it would violate -@@ -157,8 +158,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -104,6 +109,10 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, + if (filp || (flags & MAP_SHARED)) + do_colour_align = 1; + ++#ifdef CONFIG_PAX_RANDMMAP ++ if (!(mm->pax_flags & MF_PAX_RANDMMAP)) ++#endif ++ + /* requesting a specific address */ + if (addr) { + if (do_colour_align) +@@ -112,8 +121,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, addr = PAGE_ALIGN(addr); vma = find_vma(mm, addr); @@ -6133,51 +7353,19 @@ index afeb710..e8366ef 100644 return addr; } -@@ -179,7 +179,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - /* make sure it can fit in the remaining address space */ - if (likely(addr > len)) { - vma = find_vma(mm, addr-len); -- if (!vma || addr <= vma->vm_start) { -+ if (check_heap_stack_gap(vma, addr - len, len, offset)) { - /* remember the address as a hint for next time */ - return (mm->free_area_cache = addr-len); - } -@@ -188,18 +188,18 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - if (unlikely(mm->mmap_base < len)) - goto bottomup; - -- addr = mm->mmap_base-len; -- if (do_colour_align) -- addr = COLOUR_ALIGN_DOWN(addr, pgoff); -+ addr = mm->mmap_base - len; - - do { -+ if (do_colour_align) -+ addr = COLOUR_ALIGN_DOWN(addr, pgoff); - /* - * Lookup failure means no vma is above this address, - * else if new region fits below vma->vm_start, - * return with success: - */ - vma = find_vma(mm, addr); -- if (likely(!vma || addr+len <= vma->vm_start)) { -+ if (likely(check_heap_stack_gap(vma, addr, len, offset))) { - /* remember the address as a hint for next time */ - return (mm->free_area_cache = addr); - } -@@ -209,10 +209,8 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - mm->cached_hole_size = vma->vm_start - addr; - - /* try just below the current vma->vm_start */ -- addr = vma->vm_start-len; -- if (do_colour_align) -- addr = COLOUR_ALIGN_DOWN(addr, pgoff); -- } while (likely(len < vma->vm_start)); -+ addr = skip_heap_stack_gap(vma, len, offset); -+ } while (!IS_ERR_VALUE(addr)); - - bottomup: - /* +@@ -135,6 +143,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, + VM_BUG_ON(addr != -ENOMEM); + info.flags = 0; + info.low_limit = TASK_UNMAPPED_BASE; ++ ++#ifdef CONFIG_PAX_RANDMMAP ++ if (mm->pax_flags & MF_PAX_RANDMMAP) ++ info.low_limit += mm->delta_mmap; ++#endif ++ + info.high_limit = TASK_SIZE; + addr = vm_unmapped_area(&info); + } diff --git a/arch/sparc/include/asm/atomic_64.h b/arch/sparc/include/asm/atomic_64.h index be56a24..443328f 100644 --- a/arch/sparc/include/asm/atomic_64.h @@ -6616,7 +7804,7 @@ index 25849ae..924c54b 100644 /* diff --git a/arch/sparc/include/asm/thread_info_64.h b/arch/sparc/include/asm/thread_info_64.h -index a3fe4dc..cae132a 100644 +index 269bd92..e46a9b8 100644 --- a/arch/sparc/include/asm/thread_info_64.h +++ b/arch/sparc/include/asm/thread_info_64.h @@ -63,6 +63,8 @@ struct thread_info { @@ -6628,7 +7816,7 @@ index a3fe4dc..cae132a 100644 unsigned long fpregs[0] __attribute__ ((aligned(64))); }; -@@ -193,10 +195,11 @@ register struct thread_info *current_thread_info_reg asm("g6"); +@@ -192,10 +194,11 @@ register struct thread_info *current_thread_info_reg asm("g6"); #define TIF_UNALIGNED 5 /* allowed to do unaligned accesses */ /* flag bit 6 is available */ #define TIF_32BIT 7 /* 32-bit binary */ @@ -6641,7 +7829,7 @@ index a3fe4dc..cae132a 100644 /* NOTE: Thread flags >= 12 should be ones we have no interest * in using in assembly, else we can't use the mask as * an immediate value in instructions such as andcc. -@@ -215,12 +218,18 @@ register struct thread_info *current_thread_info_reg asm("g6"); +@@ -214,12 +217,18 @@ register struct thread_info *current_thread_info_reg asm("g6"); #define _TIF_SYSCALL_AUDIT (1<<TIF_SYSCALL_AUDIT) #define _TIF_SYSCALL_TRACEPOINT (1<<TIF_SYSCALL_TRACEPOINT) #define _TIF_POLLING_NRFLAG (1<<TIF_POLLING_NRFLAG) @@ -6734,7 +7922,7 @@ index 53a28dd..50c38c3 100644 } diff --git a/arch/sparc/include/asm/uaccess_64.h b/arch/sparc/include/asm/uaccess_64.h -index 73083e1..2bc62a6 100644 +index e562d3c..191f176 100644 --- a/arch/sparc/include/asm/uaccess_64.h +++ b/arch/sparc/include/asm/uaccess_64.h @@ -10,6 +10,7 @@ @@ -6793,7 +7981,7 @@ index 6cf591b..b49e65a 100644 extra-y := head_$(BITS).o diff --git a/arch/sparc/kernel/process_32.c b/arch/sparc/kernel/process_32.c -index 487bffb..955a925 100644 +index be8e862..5b50b12 100644 --- a/arch/sparc/kernel/process_32.c +++ b/arch/sparc/kernel/process_32.c @@ -126,14 +126,14 @@ void show_regs(struct pt_regs *r) @@ -6823,7 +8011,7 @@ index 487bffb..955a925 100644 } while (++count < 16); printk("\n"); diff --git a/arch/sparc/kernel/process_64.c b/arch/sparc/kernel/process_64.c -index c6e0c29..052832b 100644 +index cdb80b2..5ca141d 100644 --- a/arch/sparc/kernel/process_64.c +++ b/arch/sparc/kernel/process_64.c @@ -181,14 +181,14 @@ static void show_regwindow(struct pt_regs *regs) @@ -6901,44 +8089,28 @@ index 7ff45e4..a58f271 100644 if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) diff --git a/arch/sparc/kernel/sys_sparc_32.c b/arch/sparc/kernel/sys_sparc_32.c -index 0c9b31b..55a8ba6 100644 +index 2da0bdc..79128d2 100644 --- a/arch/sparc/kernel/sys_sparc_32.c +++ b/arch/sparc/kernel/sys_sparc_32.c -@@ -39,6 +39,7 @@ asmlinkage unsigned long sys_getpagesize(void) - unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsigned long len, unsigned long pgoff, unsigned long flags) - { - struct vm_area_struct * vmm; -+ unsigned long offset = gr_rand_threadstack_offset(current->mm, filp, flags); - - if (flags & MAP_FIXED) { - /* We do not accept a shared mapping if it would violate -@@ -54,7 +55,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi +@@ -52,7 +52,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi if (len > TASK_SIZE - PAGE_SIZE) return -ENOMEM; if (!addr) - addr = TASK_UNMAPPED_BASE; + addr = current->mm->mmap_base; - if (flags & MAP_SHARED) - addr = COLOUR_ALIGN(addr); -@@ -65,7 +66,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi - /* At this point: (!vmm || addr < vmm->vm_end). */ - if (TASK_SIZE - PAGE_SIZE - len < addr) - return -ENOMEM; -- if (!vmm || addr + len <= vmm->vm_start) -+ if (check_heap_stack_gap(vmm, addr, len, offset)) - return addr; - addr = vmm->vm_end; - if (flags & MAP_SHARED) + info.flags = 0; + info.length = len; diff --git a/arch/sparc/kernel/sys_sparc_64.c b/arch/sparc/kernel/sys_sparc_64.c -index 878ef3d..f100719 100644 +index 708bc29..f0129cb 100644 --- a/arch/sparc/kernel/sys_sparc_64.c +++ b/arch/sparc/kernel/sys_sparc_64.c -@@ -102,12 +102,13 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi +@@ -90,13 +90,14 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi + struct vm_area_struct * vma; unsigned long task_size = TASK_SIZE; - unsigned long start_addr; int do_color_align; + unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); + struct vm_unmapped_area_info info; if (flags & MAP_FIXED) { /* We do not accept a shared mapping if it would violate @@ -6949,7 +8121,7 @@ index 878ef3d..f100719 100644 ((addr - (pgoff << PAGE_SHIFT)) & (SHMLBA - 1))) return -EINVAL; return addr; -@@ -122,6 +123,10 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi +@@ -111,6 +112,10 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi if (filp || (flags & MAP_SHARED)) do_color_align = 1; @@ -6959,8 +8131,8 @@ index 878ef3d..f100719 100644 + if (addr) { if (do_color_align) - addr = COLOUR_ALIGN(addr, pgoff); -@@ -129,15 +134,14 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi + addr = COLOR_ALIGN(addr, pgoff); +@@ -118,14 +123,13 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi addr = PAGE_ALIGN(addr); vma = find_vma(mm, addr); @@ -6970,42 +8142,35 @@ index 878ef3d..f100719 100644 return addr; } - if (len > mm->cached_hole_size) { -- start_addr = addr = mm->free_area_cache; -+ start_addr = addr = mm->free_area_cache; - } else { -- start_addr = addr = TASK_UNMAPPED_BASE; -+ start_addr = addr = mm->mmap_base; - mm->cached_hole_size = 0; + info.flags = 0; + info.length = len; +- info.low_limit = TASK_UNMAPPED_BASE; ++ info.low_limit = mm->mmap_base; + info.high_limit = min(task_size, VA_EXCLUDE_START); + info.align_mask = do_color_align ? (PAGE_MASK & (SHMLBA - 1)) : 0; + info.align_offset = pgoff << PAGE_SHIFT; +@@ -134,6 +138,12 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi + if ((addr & ~PAGE_MASK) && task_size > VA_EXCLUDE_END) { + VM_BUG_ON(addr != -ENOMEM); + info.low_limit = VA_EXCLUDE_END; ++ ++#ifdef CONFIG_PAX_RANDMMAP ++ if (mm->pax_flags & MF_PAX_RANDMMAP) ++ info.low_limit += mm->delta_mmap; ++#endif ++ + info.high_limit = task_size; + addr = vm_unmapped_area(&info); } - -@@ -157,14 +161,14 @@ full_search: - vma = find_vma(mm, VA_EXCLUDE_END); - } - if (unlikely(task_size < addr)) { -- if (start_addr != TASK_UNMAPPED_BASE) { -- start_addr = addr = TASK_UNMAPPED_BASE; -+ if (start_addr != mm->mmap_base) { -+ start_addr = addr = mm->mmap_base; - mm->cached_hole_size = 0; - goto full_search; - } - return -ENOMEM; - } -- if (likely(!vma || addr + len <= vma->vm_start)) { -+ if (likely(check_heap_stack_gap(vma, addr, len, offset))) { - /* - * Remember the place where we stopped the search: - */ -@@ -190,6 +194,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -151,6 +161,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, unsigned long task_size = STACK_TOP32; unsigned long addr = addr0; int do_color_align; + unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); + struct vm_unmapped_area_info info; /* This should only ever run for 32-bit processes. */ - BUG_ON(!test_thread_flag(TIF_32BIT)); -@@ -198,7 +203,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -160,7 +171,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, /* We do not accept a shared mapping if it would violate * cache aliasing constraints. */ @@ -7014,7 +8179,18 @@ index 878ef3d..f100719 100644 ((addr - (pgoff << PAGE_SHIFT)) & (SHMLBA - 1))) return -EINVAL; return addr; -@@ -219,8 +224,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -173,6 +184,10 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, + if (filp || (flags & MAP_SHARED)) + do_color_align = 1; + ++#ifdef CONFIG_PAX_RANDMMAP ++ if (!(mm->pax_flags & MF_PAX_RANDMMAP)) ++#endif ++ + /* requesting a specific address */ + if (addr) { + if (do_color_align) +@@ -181,8 +196,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, addr = PAGE_ALIGN(addr); vma = find_vma(mm, addr); @@ -7024,63 +8200,31 @@ index 878ef3d..f100719 100644 return addr; } -@@ -241,7 +245,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - /* make sure it can fit in the remaining address space */ - if (likely(addr > len)) { - vma = find_vma(mm, addr-len); -- if (!vma || addr <= vma->vm_start) { -+ if (check_heap_stack_gap(vma, addr - len, len, offset)) { - /* remember the address as a hint for next time */ - return (mm->free_area_cache = addr-len); - } -@@ -250,18 +254,18 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - if (unlikely(mm->mmap_base < len)) - goto bottomup; - -- addr = mm->mmap_base-len; -- if (do_color_align) -- addr = COLOUR_ALIGN_DOWN(addr, pgoff); -+ addr = mm->mmap_base - len; - - do { -+ if (do_color_align) -+ addr = COLOUR_ALIGN_DOWN(addr, pgoff); - /* - * Lookup failure means no vma is above this address, - * else if new region fits below vma->vm_start, - * return with success: - */ - vma = find_vma(mm, addr); -- if (likely(!vma || addr+len <= vma->vm_start)) { -+ if (likely(check_heap_stack_gap(vma, addr, len, offset))) { - /* remember the address as a hint for next time */ - return (mm->free_area_cache = addr); - } -@@ -271,10 +275,8 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - mm->cached_hole_size = vma->vm_start - addr; - - /* try just below the current vma->vm_start */ -- addr = vma->vm_start-len; -- if (do_color_align) -- addr = COLOUR_ALIGN_DOWN(addr, pgoff); -- } while (likely(len < vma->vm_start)); -+ addr = skip_heap_stack_gap(vma, len, offset); -+ } while (!IS_ERR_VALUE(addr)); - - bottomup: - /* -@@ -348,6 +350,10 @@ static unsigned long mmap_rnd(void) +@@ -204,6 +218,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, + VM_BUG_ON(addr != -ENOMEM); + info.flags = 0; + info.low_limit = TASK_UNMAPPED_BASE; ++ ++#ifdef CONFIG_PAX_RANDMMAP ++ if (mm->pax_flags & MF_PAX_RANDMMAP) ++ info.low_limit += mm->delta_mmap; ++#endif ++ + info.high_limit = STACK_TOP32; + addr = vm_unmapped_area(&info); + } +@@ -264,6 +284,10 @@ static unsigned long mmap_rnd(void) { unsigned long rnd = 0UL; +#ifdef CONFIG_PAX_RANDMMAP -+ if (!(current->mm->pax_flags & MF_PAX_RANDMMAP)) ++ if (!(mm->pax_flags & MF_PAX_RANDMMAP)) +#endif + if (current->flags & PF_RANDOMIZE) { unsigned long val = get_random_int(); if (test_thread_flag(TIF_32BIT)) -@@ -373,6 +379,12 @@ void arch_pick_mmap_layout(struct mm_struct *mm) +@@ -289,6 +313,12 @@ void arch_pick_mmap_layout(struct mm_struct *mm) gap == RLIM_INFINITY || sysctl_legacy_va_layout) { mm->mmap_base = TASK_UNMAPPED_BASE + random_factor; @@ -7093,7 +8237,7 @@ index 878ef3d..f100719 100644 mm->get_unmapped_area = arch_get_unmapped_area; mm->unmap_area = arch_unmap_area; } else { -@@ -385,6 +397,12 @@ void arch_pick_mmap_layout(struct mm_struct *mm) +@@ -301,6 +331,12 @@ void arch_pick_mmap_layout(struct mm_struct *mm) gap = (task_size / 6 * 5); mm->mmap_base = PAGE_ALIGN(task_size - gap - random_factor); @@ -7107,10 +8251,10 @@ index 878ef3d..f100719 100644 mm->unmap_area = arch_unmap_area_topdown; } diff --git a/arch/sparc/kernel/syscalls.S b/arch/sparc/kernel/syscalls.S -index bf23477..b7425a6 100644 +index e0fed77..604a7e5 100644 --- a/arch/sparc/kernel/syscalls.S +++ b/arch/sparc/kernel/syscalls.S -@@ -62,7 +62,7 @@ sys32_rt_sigreturn: +@@ -58,7 +58,7 @@ sys32_rt_sigreturn: #endif .align 32 1: ldx [%g6 + TI_FLAGS], %l5 @@ -7119,7 +8263,7 @@ index bf23477..b7425a6 100644 be,pt %icc, rtrap nop call syscall_trace_leave -@@ -189,7 +189,7 @@ linux_sparc_syscall32: +@@ -190,7 +190,7 @@ linux_sparc_syscall32: srl %i5, 0, %o5 ! IEU1 srl %i2, 0, %o2 ! IEU0 Group @@ -7128,7 +8272,7 @@ index bf23477..b7425a6 100644 bne,pn %icc, linux_syscall_trace32 ! CTI mov %i0, %l5 ! IEU1 call %l7 ! CTI Group brk forced -@@ -212,7 +212,7 @@ linux_sparc_syscall: +@@ -213,7 +213,7 @@ linux_sparc_syscall: mov %i3, %o3 ! IEU1 mov %i4, %o4 ! IEU0 Group @@ -7137,7 +8281,7 @@ index bf23477..b7425a6 100644 bne,pn %icc, linux_syscall_trace ! CTI Group mov %i0, %l5 ! IEU0 2: call %l7 ! CTI Group brk forced -@@ -228,7 +228,7 @@ ret_sys_call: +@@ -229,7 +229,7 @@ ret_sys_call: cmp %o0, -ERESTART_RESTARTBLOCK bgeu,pn %xcc, 1f @@ -7146,6 +8290,19 @@ index bf23477..b7425a6 100644 ldx [%sp + PTREGS_OFF + PT_V9_TNPC], %l1 ! pc = npc 2: +diff --git a/arch/sparc/kernel/sysfs.c b/arch/sparc/kernel/sysfs.c +index 654e8aa..45f431b 100644 +--- a/arch/sparc/kernel/sysfs.c ++++ b/arch/sparc/kernel/sysfs.c +@@ -266,7 +266,7 @@ static int __cpuinit sysfs_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata sysfs_cpu_nb = { ++static struct notifier_block sysfs_cpu_nb = { + .notifier_call = sysfs_cpu_notify, + }; + diff --git a/arch/sparc/kernel/traps_32.c b/arch/sparc/kernel/traps_32.c index a5785ea..405c5f7 100644 --- a/arch/sparc/kernel/traps_32.c @@ -7180,7 +8337,7 @@ index a5785ea..405c5f7 100644 } diff --git a/arch/sparc/kernel/traps_64.c b/arch/sparc/kernel/traps_64.c -index b66a779..8e8d66c 100644 +index e7ecf15..6520e65 100644 --- a/arch/sparc/kernel/traps_64.c +++ b/arch/sparc/kernel/traps_64.c @@ -76,7 +76,7 @@ static void dump_tl1_traplog(struct tl1_traplog *p) @@ -8434,83 +9591,60 @@ index 097aee7..5ca6697 100644 * load/store/atomic was a write or not, it only says that there * was no match. So in such a case we (carefully) read the diff --git a/arch/sparc/mm/hugetlbpage.c b/arch/sparc/mm/hugetlbpage.c -index f76f83d..ee0d859 100644 +index d2b5944..bd813f2 100644 --- a/arch/sparc/mm/hugetlbpage.c +++ b/arch/sparc/mm/hugetlbpage.c -@@ -34,6 +34,7 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *filp, - struct vm_area_struct * vma; - unsigned long task_size = TASK_SIZE; - unsigned long start_addr; -+ unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); - - if (test_thread_flag(TIF_32BIT)) - task_size = STACK_TOP32; -@@ -67,7 +68,7 @@ full_search: - } - return -ENOMEM; - } -- if (likely(!vma || addr + len <= vma->vm_start)) { -+ if (likely(check_heap_stack_gap(vma, addr, len, offset))) { - /* - * Remember the place where we stopped the search: - */ -@@ -90,6 +91,7 @@ hugetlb_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - struct vm_area_struct *vma; - struct mm_struct *mm = current->mm; - unsigned long addr = addr0; -+ unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); - - /* This should only ever run for 32-bit processes. */ - BUG_ON(!test_thread_flag(TIF_32BIT)); -@@ -106,7 +108,7 @@ hugetlb_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - /* make sure it can fit in the remaining address space */ - if (likely(addr > len)) { - vma = find_vma(mm, addr-len); -- if (!vma || addr <= vma->vm_start) { -+ if (check_heap_stack_gap(vma, addr - len, len, offset)) { - /* remember the address as a hint for next time */ - return (mm->free_area_cache = addr-len); - } -@@ -115,16 +117,17 @@ hugetlb_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - if (unlikely(mm->mmap_base < len)) - goto bottomup; - -- addr = (mm->mmap_base-len) & HPAGE_MASK; -+ addr = mm->mmap_base - len; - - do { -+ addr &= HPAGE_MASK; - /* - * Lookup failure means no vma is above this address, - * else if new region fits below vma->vm_start, - * return with success: - */ - vma = find_vma(mm, addr); -- if (likely(!vma || addr+len <= vma->vm_start)) { -+ if (likely(check_heap_stack_gap(vma, addr, len, offset))) { - /* remember the address as a hint for next time */ - return (mm->free_area_cache = addr); - } -@@ -134,8 +137,8 @@ hugetlb_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - mm->cached_hole_size = vma->vm_start - addr; - - /* try just below the current vma->vm_start */ -- addr = (vma->vm_start-len) & HPAGE_MASK; -- } while (likely(len < vma->vm_start)); -+ addr = skip_heap_stack_gap(vma, len, offset); -+ } while (!IS_ERR_VALUE(addr)); - - bottomup: - /* -@@ -163,6 +166,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, +@@ -38,7 +38,7 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *filp, + + info.flags = 0; + info.length = len; +- info.low_limit = TASK_UNMAPPED_BASE; ++ info.low_limit = mm->mmap_base; + info.high_limit = min(task_size, VA_EXCLUDE_START); + info.align_mask = PAGE_MASK & ~HPAGE_MASK; + info.align_offset = 0; +@@ -47,6 +47,12 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *filp, + if ((addr & ~PAGE_MASK) && task_size > VA_EXCLUDE_END) { + VM_BUG_ON(addr != -ENOMEM); + info.low_limit = VA_EXCLUDE_END; ++ ++#ifdef CONFIG_PAX_RANDMMAP ++ if (mm->pax_flags & MF_PAX_RANDMMAP) ++ info.low_limit += mm->delta_mmap; ++#endif ++ + info.high_limit = task_size; + addr = vm_unmapped_area(&info); + } +@@ -85,6 +91,12 @@ hugetlb_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, + VM_BUG_ON(addr != -ENOMEM); + info.flags = 0; + info.low_limit = TASK_UNMAPPED_BASE; ++ ++#ifdef CONFIG_PAX_RANDMMAP ++ if (mm->pax_flags & MF_PAX_RANDMMAP) ++ info.low_limit += mm->delta_mmap; ++#endif ++ + info.high_limit = STACK_TOP32; + addr = vm_unmapped_area(&info); + } +@@ -99,6 +111,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, struct mm_struct *mm = current->mm; struct vm_area_struct *vma; unsigned long task_size = TASK_SIZE; -+ unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); ++ unsigned long offset = gr_rand_threadstack_offset(mm, file, flags); if (test_thread_flag(TIF_32BIT)) task_size = STACK_TOP32; -@@ -181,8 +185,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, +@@ -114,11 +127,14 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, + return addr; + } + ++#ifdef CONFIG_PAX_RANDMMAP ++ if (!(mm->pax_flags & MF_PAX_RANDMMAP)) ++#endif ++ if (addr) { addr = ALIGN(addr, HPAGE_SIZE); vma = find_vma(mm, addr); @@ -8649,10 +9783,10 @@ index 0032f92..cd151e0 100644 #ifdef CONFIG_64BIT #define set_pud(pudptr, pudval) set_64bit((u64 *) (pudptr), pud_val(pudval)) diff --git a/arch/um/kernel/process.c b/arch/um/kernel/process.c -index b6d699c..df7ac1d 100644 +index b462b13..e7a19aa 100644 --- a/arch/um/kernel/process.c +++ b/arch/um/kernel/process.c -@@ -387,22 +387,6 @@ int singlestepping(void * t) +@@ -386,22 +386,6 @@ int singlestepping(void * t) return 2; } @@ -8693,10 +9827,10 @@ index ad8f795..2c7eec6 100644 /* * Memory returned by kmalloc() may be used for DMA, so we must make diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index 46c3bff..b82f26b 100644 +index 225543b..f12405b 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig -@@ -241,7 +241,7 @@ config X86_HT +@@ -238,7 +238,7 @@ config X86_HT config X86_32_LAZY_GS def_bool y @@ -8705,7 +9839,7 @@ index 46c3bff..b82f26b 100644 config ARCH_HWEIGHT_CFLAGS string -@@ -1033,6 +1033,7 @@ config MICROCODE_OLD_INTERFACE +@@ -1031,6 +1031,7 @@ config MICROCODE_OLD_INTERFACE config X86_MSR tristate "/dev/cpu/*/msr - Model-specific register support" @@ -8713,7 +9847,7 @@ index 46c3bff..b82f26b 100644 ---help--- This device gives privileged processes access to the x86 Model-Specific Registers (MSRs). It is a character device with -@@ -1056,7 +1057,7 @@ choice +@@ -1054,7 +1055,7 @@ choice config NOHIGHMEM bool "off" @@ -8722,7 +9856,7 @@ index 46c3bff..b82f26b 100644 ---help--- Linux can use up to 64 Gigabytes of physical memory on x86 systems. However, the address space of 32-bit x86 processors is only 4 -@@ -1093,7 +1094,7 @@ config NOHIGHMEM +@@ -1091,7 +1092,7 @@ config NOHIGHMEM config HIGHMEM4G bool "4GB" @@ -8731,7 +9865,7 @@ index 46c3bff..b82f26b 100644 ---help--- Select this if you have a 32-bit processor and between 1 and 4 gigabytes of physical RAM. -@@ -1147,7 +1148,7 @@ config PAGE_OFFSET +@@ -1145,7 +1146,7 @@ config PAGE_OFFSET hex default 0xB0000000 if VMSPLIT_3G_OPT default 0x80000000 if VMSPLIT_2G @@ -8740,7 +9874,7 @@ index 46c3bff..b82f26b 100644 default 0x40000000 if VMSPLIT_1G default 0xC0000000 depends on X86_32 -@@ -1548,6 +1549,7 @@ config SECCOMP +@@ -1546,6 +1547,7 @@ config SECCOMP config CC_STACKPROTECTOR bool "Enable -fstack-protector buffer overflow detection" @@ -8748,7 +9882,7 @@ index 46c3bff..b82f26b 100644 ---help--- This option turns on the -fstack-protector GCC feature. This feature puts, at the beginning of functions, a canary value on -@@ -1605,6 +1607,7 @@ config KEXEC_JUMP +@@ -1603,6 +1605,7 @@ config KEXEC_JUMP config PHYSICAL_START hex "Physical address where the kernel is loaded" if (EXPERT || CRASH_DUMP) default "0x1000000" @@ -8756,7 +9890,7 @@ index 46c3bff..b82f26b 100644 ---help--- This gives the physical address where the kernel is loaded. -@@ -1668,6 +1671,7 @@ config X86_NEED_RELOCS +@@ -1666,6 +1669,7 @@ config X86_NEED_RELOCS config PHYSICAL_ALIGN hex "Alignment value to which kernel should be aligned" if X86_32 default "0x1000000" @@ -8764,8 +9898,8 @@ index 46c3bff..b82f26b 100644 range 0x2000 0x1000000 ---help--- This value puts the alignment restrictions on physical address -@@ -1699,9 +1703,10 @@ config HOTPLUG_CPU - Say N if you want to disable CPU hotplug. +@@ -1741,9 +1745,10 @@ config DEBUG_HOTPLUG_CPU0 + If unsure, say N. config COMPAT_VDSO - def_bool y @@ -8777,19 +9911,19 @@ index 46c3bff..b82f26b 100644 Map the 32-bit VDSO to the predictable old-style address too. diff --git a/arch/x86/Kconfig.cpu b/arch/x86/Kconfig.cpu -index f3b86d0..17fd30f 100644 +index c026cca..14657ae 100644 --- a/arch/x86/Kconfig.cpu +++ b/arch/x86/Kconfig.cpu -@@ -335,7 +335,7 @@ config X86_PPRO_FENCE +@@ -319,7 +319,7 @@ config X86_PPRO_FENCE config X86_F00F_BUG def_bool y -- depends on M586MMX || M586TSC || M586 || M486 || M386 -+ depends on (M586MMX || M586TSC || M586 || M486 || M386) && !PAX_KERNEXEC +- depends on M586MMX || M586TSC || M586 || M486 ++ depends on (M586MMX || M586TSC || M586 || M486) && !PAX_KERNEXEC config X86_INVD_BUG def_bool y -@@ -359,7 +359,7 @@ config X86_POPAD_OK +@@ -327,7 +327,7 @@ config X86_INVD_BUG config X86_ALIGNMENT_16 def_bool y @@ -8798,7 +9932,7 @@ index f3b86d0..17fd30f 100644 config X86_INTEL_USERCOPY def_bool y -@@ -405,7 +405,7 @@ config X86_CMPXCHG64 +@@ -373,7 +373,7 @@ config X86_CMPXCHG64 # generates cmov. config X86_CMOV def_bool y @@ -8839,7 +9973,7 @@ index b322f12..652d0d9 100644 Enabling this option turns a certain set of sanity checks for user copy operations into compile time failures. diff --git a/arch/x86/Makefile b/arch/x86/Makefile -index 05afcca..b6ecb51 100644 +index e71fc42..7829607 100644 --- a/arch/x86/Makefile +++ b/arch/x86/Makefile @@ -50,6 +50,7 @@ else @@ -8850,7 +9984,7 @@ index 05afcca..b6ecb51 100644 KBUILD_AFLAGS += -m64 KBUILD_CFLAGS += -m64 -@@ -229,3 +230,12 @@ define archhelp +@@ -230,3 +231,12 @@ define archhelp echo ' FDARGS="..." arguments for the booted kernel' echo ' FDINITRD=file initrd for the booted kernel' endef @@ -8864,7 +9998,7 @@ index 05afcca..b6ecb51 100644 +archprepare: + $(if $(LDFLAGS_BUILD_ID),,$(error $(OLD_LD))) diff --git a/arch/x86/boot/Makefile b/arch/x86/boot/Makefile -index ccce0ed..fd9da25 100644 +index 379814b..add62ce 100644 --- a/arch/x86/boot/Makefile +++ b/arch/x86/boot/Makefile @@ -65,6 +65,9 @@ KBUILD_CFLAGS := $(USERINCLUDE) -g -Os -D_SETUP -D__KERNEL__ \ @@ -8936,10 +10070,10 @@ index 8a84501..b2d165f 100644 KBUILD_AFLAGS := $(KBUILD_CFLAGS) -D__ASSEMBLY__ GCOV_PROFILE := n diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c -index ccae7e2..8ac70be 100644 +index f8fa411..c570c53 100644 --- a/arch/x86/boot/compressed/eboot.c +++ b/arch/x86/boot/compressed/eboot.c -@@ -144,7 +144,6 @@ again: +@@ -145,7 +145,6 @@ again: *addr = max_addr; } @@ -8947,7 +10081,7 @@ index ccae7e2..8ac70be 100644 efi_call_phys1(sys_table->boottime->free_pool, map); fail: -@@ -208,7 +207,6 @@ static efi_status_t low_alloc(unsigned long size, unsigned long align, +@@ -209,7 +208,6 @@ static efi_status_t low_alloc(unsigned long size, unsigned long align, if (i == map_size / desc_size) status = EFI_NOT_FOUND; @@ -8956,7 +10090,7 @@ index ccae7e2..8ac70be 100644 fail: return status; diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/head_32.S -index ccb2f4a..e49b20e 100644 +index 1e3184f..0d11e2e 100644 --- a/arch/x86/boot/compressed/head_32.S +++ b/arch/x86/boot/compressed/head_32.S @@ -118,7 +118,7 @@ preferred_addr: @@ -8988,7 +10122,7 @@ index ccb2f4a..e49b20e 100644 jmp 1b 2: diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S -index 2c4b171..e1fa5b1 100644 +index f5d1aaa..cce11dc 100644 --- a/arch/x86/boot/compressed/head_64.S +++ b/arch/x86/boot/compressed/head_64.S @@ -91,7 +91,7 @@ ENTRY(startup_32) @@ -9131,10 +10265,10 @@ index 4d3ff03..e4972ff 100644 err = check_flags(); } diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S -index 8c132a6..13e5c96 100644 +index 944ce59..87ee37a 100644 --- a/arch/x86/boot/header.S +++ b/arch/x86/boot/header.S -@@ -387,10 +387,14 @@ setup_data: .quad 0 # 64-bit physical pointer to +@@ -401,10 +401,14 @@ setup_data: .quad 0 # 64-bit physical pointer to # single linked list of # struct setup_data @@ -9515,7 +10649,7 @@ index 0b33743..7a56206 100644 + pax_force_retaddr 0, 1 ret; diff --git a/arch/x86/crypto/cast5-avx-x86_64-asm_64.S b/arch/x86/crypto/cast5-avx-x86_64-asm_64.S -index a41a3aa..bdf5753 100644 +index 15b00ac..2071784 100644 --- a/arch/x86/crypto/cast5-avx-x86_64-asm_64.S +++ b/arch/x86/crypto/cast5-avx-x86_64-asm_64.S @@ -23,6 +23,8 @@ @@ -9526,33 +10660,55 @@ index a41a3aa..bdf5753 100644 + .file "cast5-avx-x86_64-asm_64.S" - .extern cast5_s1 -@@ -293,6 +295,7 @@ __skip_enc: - leaq 3*(2*4*4)(%r11), %rax; - outunpack_blocks(%rax, RR4, RL4, RTMP, RX, RKM); + .extern cast_s1 +@@ -281,6 +283,7 @@ __skip_enc: + outunpack_blocks(RR3, RL3, RTMP, RX, RKM); + outunpack_blocks(RR4, RL4, RTMP, RX, RKM); + pax_force_retaddr 0, 1 ret; - __enc_xor16: -@@ -303,6 +306,7 @@ __enc_xor16: - leaq 3*(2*4*4)(%r11), %rax; - outunpack_xor_blocks(%rax, RR4, RL4, RTMP, RX, RKM); + .align 16 +@@ -353,6 +356,7 @@ __dec_tail: + outunpack_blocks(RR3, RL3, RTMP, RX, RKM); + outunpack_blocks(RR4, RL4, RTMP, RX, RKM); + pax_force_retaddr 0, 1 ret; + __skip_dec: +@@ -392,6 +396,7 @@ cast5_ecb_enc_16way: + vmovdqu RR4, (6*4*4)(%r11); + vmovdqu RL4, (7*4*4)(%r11); + ++ pax_force_retaddr + ret; + .align 16 -@@ -369,6 +373,7 @@ __dec_tail: - leaq 3*(2*4*4)(%r11), %rax; - outunpack_blocks(%rax, RR4, RL4, RTMP, RX, RKM); +@@ -427,6 +432,7 @@ cast5_ecb_dec_16way: + vmovdqu RR4, (6*4*4)(%r11); + vmovdqu RL4, (7*4*4)(%r11); -+ pax_force_retaddr 0, 1 ++ pax_force_retaddr ret; - __skip_dec: + .align 16 +@@ -479,6 +485,7 @@ cast5_cbc_dec_16way: + + popq %r12; + ++ pax_force_retaddr + ret; + + .align 16 +@@ -555,4 +562,5 @@ cast5_ctr_16way: + + popq %r12; + ++ pax_force_retaddr + ret; diff --git a/arch/x86/crypto/cast6-avx-x86_64-asm_64.S b/arch/x86/crypto/cast6-avx-x86_64-asm_64.S -index 218d283..819e6da 100644 +index 2569d0d..637c289 100644 --- a/arch/x86/crypto/cast6-avx-x86_64-asm_64.S +++ b/arch/x86/crypto/cast6-avx-x86_64-asm_64.S @@ -23,6 +23,8 @@ @@ -9561,29 +10717,54 @@ index 218d283..819e6da 100644 +#include <asm/alternative-asm.h> + - .file "cast6-avx-x86_64-asm_64.S" + #include "glue_helper-asm-avx.S" - .extern cast6_s1 -@@ -324,12 +326,14 @@ __cast6_enc_blk_8way: - outunpack_blocks(%r11, RA1, RB1, RC1, RD1, RTMP, RX, RKRF, RKM); - outunpack_blocks(%rax, RA2, RB2, RC2, RD2, RTMP, RX, RKRF, RKM); + .file "cast6-avx-x86_64-asm_64.S" +@@ -294,6 +296,7 @@ __cast6_enc_blk8: + outunpack_blocks(RA1, RB1, RC1, RD1, RTMP, RX, RKRF, RKM); + outunpack_blocks(RA2, RB2, RC2, RD2, RTMP, RX, RKRF, RKM); + pax_force_retaddr 0, 1 ret; - __enc_xor8: - outunpack_xor_blocks(%r11, RA1, RB1, RC1, RD1, RTMP, RX, RKRF, RKM); - outunpack_xor_blocks(%rax, RA2, RB2, RC2, RD2, RTMP, RX, RKRF, RKM); + .align 8 +@@ -340,6 +343,7 @@ __cast6_dec_blk8: + outunpack_blocks(RA1, RB1, RC1, RD1, RTMP, RX, RKRF, RKM); + outunpack_blocks(RA2, RB2, RC2, RD2, RTMP, RX, RKRF, RKM); + pax_force_retaddr 0, 1 ret; - .align 16 -@@ -380,4 +384,5 @@ cast6_dec_blk_8way: - outunpack_blocks(%r11, RA1, RB1, RC1, RD1, RTMP, RX, RKRF, RKM); - outunpack_blocks(%rax, RA2, RB2, RC2, RD2, RTMP, RX, RKRF, RKM); + .align 8 +@@ -361,6 +365,7 @@ cast6_ecb_enc_8way: -+ pax_force_retaddr 0, 1 + store_8way(%r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2); + ++ pax_force_retaddr + ret; + + .align 8 +@@ -382,6 +387,7 @@ cast6_ecb_dec_8way: + + store_8way(%r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2); + ++ pax_force_retaddr + ret; + + .align 8 +@@ -408,6 +414,7 @@ cast6_cbc_dec_8way: + + popq %r12; + ++ pax_force_retaddr + ret; + + .align 8 +@@ -436,4 +443,5 @@ cast6_ctr_8way: + + popq %r12; + ++ pax_force_retaddr ret; diff --git a/arch/x86/crypto/salsa20-x86_64-asm_64.S b/arch/x86/crypto/salsa20-x86_64-asm_64.S index 6214a9b..1f4fc9a 100644 @@ -9618,7 +10799,7 @@ index 6214a9b..1f4fc9a 100644 + pax_force_retaddr ret diff --git a/arch/x86/crypto/serpent-avx-x86_64-asm_64.S b/arch/x86/crypto/serpent-avx-x86_64-asm_64.S -index 504106b..4e50951 100644 +index 02b0e9f..cf4cf5c 100644 --- a/arch/x86/crypto/serpent-avx-x86_64-asm_64.S +++ b/arch/x86/crypto/serpent-avx-x86_64-asm_64.S @@ -24,6 +24,8 @@ @@ -9627,27 +10808,52 @@ index 504106b..4e50951 100644 +#include <asm/alternative-asm.h> + + #include "glue_helper-asm-avx.S" + .file "serpent-avx-x86_64-asm_64.S" - .text +@@ -618,6 +620,7 @@ __serpent_enc_blk8_avx: + write_blocks(RA1, RB1, RC1, RD1, RK0, RK1, RK2); + write_blocks(RA2, RB2, RC2, RD2, RK0, RK1, RK2); -@@ -638,12 +640,14 @@ __serpent_enc_blk_8way_avx: - write_blocks(%rsi, RA1, RB1, RC1, RD1, RK0, RK1, RK2); - write_blocks(%rax, RA2, RB2, RC2, RD2, RK0, RK1, RK2); ++ pax_force_retaddr + ret; + + .align 8 +@@ -673,6 +676,7 @@ __serpent_dec_blk8_avx: + write_blocks(RC1, RD1, RB1, RE1, RK0, RK1, RK2); + write_blocks(RC2, RD2, RB2, RE2, RK0, RK1, RK2); + pax_force_retaddr ret; - __enc_xor8: - xor_blocks(%rsi, RA1, RB1, RC1, RD1, RK0, RK1, RK2); - xor_blocks(%rax, RA2, RB2, RC2, RD2, RK0, RK1, RK2); + .align 8 +@@ -692,6 +696,7 @@ serpent_ecb_enc_8way_avx: + + store_8way(%rsi, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2); + pax_force_retaddr ret; .align 8 -@@ -701,4 +705,5 @@ serpent_dec_blk_8way_avx: - write_blocks(%rsi, RC1, RD1, RB1, RE1, RK0, RK1, RK2); - write_blocks(%rax, RC2, RD2, RB2, RE2, RK0, RK1, RK2); +@@ -711,6 +716,7 @@ serpent_ecb_dec_8way_avx: + + store_8way(%rsi, RC1, RD1, RB1, RE1, RC2, RD2, RB2, RE2); + ++ pax_force_retaddr + ret; + + .align 8 +@@ -730,6 +736,7 @@ serpent_cbc_dec_8way_avx: + + store_cbc_8way(%rdx, %rsi, RC1, RD1, RB1, RE1, RC2, RD2, RB2, RE2); + ++ pax_force_retaddr + ret; + + .align 8 +@@ -751,4 +758,5 @@ serpent_ctr_8way_avx: + + store_ctr_8way(%rdx, %rsi, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2); + pax_force_retaddr ret; @@ -9707,7 +10913,7 @@ index 49d6987..df66bd4 100644 .size \name, .-\name diff --git a/arch/x86/crypto/twofish-avx-x86_64-asm_64.S b/arch/x86/crypto/twofish-avx-x86_64-asm_64.S -index 1585abb..1ff9d9b 100644 +index ebac16b..8092eb9 100644 --- a/arch/x86/crypto/twofish-avx-x86_64-asm_64.S +++ b/arch/x86/crypto/twofish-avx-x86_64-asm_64.S @@ -23,6 +23,8 @@ @@ -9716,27 +10922,52 @@ index 1585abb..1ff9d9b 100644 +#include <asm/alternative-asm.h> + + #include "glue_helper-asm-avx.S" + .file "twofish-avx-x86_64-asm_64.S" - .text +@@ -283,6 +285,7 @@ __twofish_enc_blk8: + outunpack_blocks(RC1, RD1, RA1, RB1, RK1, RX0, RY0, RK2); + outunpack_blocks(RC2, RD2, RA2, RB2, RK1, RX0, RY0, RK2); + ++ pax_force_retaddr 0, 1 + ret; -@@ -303,12 +305,14 @@ __twofish_enc_blk_8way: - outunpack_blocks(%r11, RC1, RD1, RA1, RB1, RK1, RX0, RY0, RK2); - outunpack_blocks(%rax, RC2, RD2, RA2, RB2, RK1, RX0, RY0, RK2); + .align 8 +@@ -324,6 +327,7 @@ __twofish_dec_blk8: + outunpack_blocks(RA1, RB1, RC1, RD1, RK1, RX0, RY0, RK2); + outunpack_blocks(RA2, RB2, RC2, RD2, RK1, RX0, RY0, RK2); + pax_force_retaddr 0, 1 ret; - __enc_xor8: - outunpack_xor_blocks(%r11, RC1, RD1, RA1, RB1, RK1, RX0, RY0, RK2); - outunpack_xor_blocks(%rax, RC2, RD2, RA2, RB2, RK1, RX0, RY0, RK2); + .align 8 +@@ -345,6 +349,7 @@ twofish_ecb_enc_8way: + + store_8way(%r11, RC1, RD1, RA1, RB1, RC2, RD2, RA2, RB2); + ++ pax_force_retaddr 0, 1 + ret; + + .align 8 +@@ -366,6 +371,7 @@ twofish_ecb_dec_8way: + + store_8way(%r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2); + ++ pax_force_retaddr 0, 1 + ret; + + .align 8 +@@ -392,6 +398,7 @@ twofish_cbc_dec_8way: + + popq %r12; + pax_force_retaddr 0, 1 ret; .align 8 -@@ -354,4 +358,5 @@ twofish_dec_blk_8way: - outunpack_blocks(%r11, RA1, RB1, RC1, RD1, RK1, RX0, RY0, RK2); - outunpack_blocks(%rax, RA2, RB2, RC2, RD2, RK1, RX0, RY0, RK2); +@@ -420,4 +427,5 @@ twofish_ctr_8way: + + popq %r12; + pax_force_retaddr 0, 1 ret; @@ -9803,7 +11034,7 @@ index 7bcf3fc..f53832f 100644 + pax_force_retaddr 0, 1 ret diff --git a/arch/x86/ia32/ia32_aout.c b/arch/x86/ia32/ia32_aout.c -index 07b3a68..bd2a388 100644 +index a703af1..f5b9c36 100644 --- a/arch/x86/ia32/ia32_aout.c +++ b/arch/x86/ia32/ia32_aout.c @@ -159,6 +159,8 @@ static int aout_core_dump(long signr, struct pt_regs *regs, struct file *file, @@ -9816,21 +11047,10 @@ index 07b3a68..bd2a388 100644 set_fs(KERNEL_DS); has_dumped = 1; diff --git a/arch/x86/ia32/ia32_signal.c b/arch/x86/ia32/ia32_signal.c -index efc6a95..95abfe2 100644 +index a1daf4a..f8c4537 100644 --- a/arch/x86/ia32/ia32_signal.c +++ b/arch/x86/ia32/ia32_signal.c -@@ -163,8 +163,8 @@ asmlinkage long sys32_sigaltstack(const stack_ia32_t __user *uss_ptr, - } - seg = get_fs(); - set_fs(KERNEL_DS); -- ret = do_sigaltstack((stack_t __force __user *) (uss_ptr ? &uss : NULL), -- (stack_t __force __user *) &uoss, regs->sp); -+ ret = do_sigaltstack((stack_t __force_user *) (uss_ptr ? &uss : NULL), -+ (stack_t __force_user *) &uoss, regs->sp); - set_fs(seg); - if (ret >= 0 && uoss_ptr) { - if (!access_ok(VERIFY_WRITE, uoss_ptr, sizeof(stack_ia32_t))) -@@ -396,7 +396,7 @@ static void __user *get_sigframe(struct k_sigaction *ka, struct pt_regs *regs, +@@ -348,7 +348,7 @@ static void __user *get_sigframe(struct k_sigaction *ka, struct pt_regs *regs, sp -= frame_size; /* Align the stack pointer according to the i386 ABI, * i.e. so that on function entry ((sp + 4) & 15) == 0. */ @@ -9839,7 +11059,7 @@ index efc6a95..95abfe2 100644 return (void __user *) sp; } -@@ -454,7 +454,7 @@ int ia32_setup_frame(int sig, struct k_sigaction *ka, +@@ -406,7 +406,7 @@ int ia32_setup_frame(int sig, struct k_sigaction *ka, * These are actually not used anymore, but left because some * gdb versions depend on them as a marker. */ @@ -9848,7 +11068,7 @@ index efc6a95..95abfe2 100644 } put_user_catch(err); if (err) -@@ -496,7 +496,7 @@ int ia32_setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, +@@ -448,7 +448,7 @@ int ia32_setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, 0xb8, __NR_ia32_rt_sigreturn, 0x80cd, @@ -9857,7 +11077,7 @@ index efc6a95..95abfe2 100644 }; frame = get_sigframe(ka, regs, sizeof(*frame), &fpstate); -@@ -522,16 +522,18 @@ int ia32_setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, +@@ -471,16 +471,18 @@ int ia32_setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, if (ka->sa.sa_flags & SA_RESTORER) restorer = ka->sa.sa_restorer; @@ -9880,7 +11100,7 @@ index efc6a95..95abfe2 100644 err |= copy_siginfo_to_user32(&frame->info, info); diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S -index e7fa545..9e6fe1a 100644 +index 142c4ce..19b683f 100644 --- a/arch/x86/ia32/ia32entry.S +++ b/arch/x86/ia32/ia32entry.S @@ -15,8 +15,10 @@ @@ -10192,7 +11412,7 @@ index e7fa545..9e6fe1a 100644 END(ia32_syscall) diff --git a/arch/x86/ia32/sys_ia32.c b/arch/x86/ia32/sys_ia32.c -index 86d68d1..f9960fe 100644 +index d0b689b..34be51d 100644 --- a/arch/x86/ia32/sys_ia32.c +++ b/arch/x86/ia32/sys_ia32.c @@ -69,8 +69,8 @@ asmlinkage long sys32_ftruncate64(unsigned int fd, unsigned long offset_low, @@ -10350,7 +11570,7 @@ index 20370c6..a2eb9b0 100644 "popl %%ebp\n\t" "popl %%edi\n\t" diff --git a/arch/x86/include/asm/atomic.h b/arch/x86/include/asm/atomic.h -index b6c3b82..b4c077a 100644 +index 722aa3b..3a0bb27 100644 --- a/arch/x86/include/asm/atomic.h +++ b/arch/x86/include/asm/atomic.h @@ -22,7 +22,18 @@ @@ -10603,19 +11823,14 @@ index b6c3b82..b4c077a 100644 : "+m" (v->counter), "=qm" (c) : "ir" (i) : "memory"); return c; -@@ -179,7 +341,7 @@ static inline int atomic_add_return(int i, atomic_t *v) - goto no_xadd; - #endif - /* Modern 486+ processor */ -- return i + xadd(&v->counter, i); +@@ -172,6 +334,18 @@ static inline int atomic_add_negative(int i, atomic_t *v) + */ + static inline int atomic_add_return(int i, atomic_t *v) + { + return i + xadd_check_overflow(&v->counter, i); - - #ifdef CONFIG_M386 - no_xadd: /* Legacy 386 processor */ -@@ -192,6 +354,34 @@ no_xadd: /* Legacy 386 processor */ - } - - /** ++} ++ ++/** + * atomic_add_return_unchecked - add integer and return + * @i: integer value to add + * @v: pointer of type atomic_unchecked_t @@ -10624,30 +11839,10 @@ index b6c3b82..b4c077a 100644 + */ +static inline int atomic_add_return_unchecked(int i, atomic_unchecked_t *v) +{ -+#ifdef CONFIG_M386 -+ int __i; -+ unsigned long flags; -+ if (unlikely(boot_cpu_data.x86 <= 3)) -+ goto no_xadd; -+#endif -+ /* Modern 486+ processor */ -+ return i + xadd(&v->counter, i); -+ -+#ifdef CONFIG_M386 -+no_xadd: /* Legacy 386 processor */ -+ raw_local_irq_save(flags); -+ __i = atomic_read_unchecked(v); -+ atomic_set_unchecked(v, i + __i); -+ raw_local_irq_restore(flags); -+ return i + __i; -+#endif -+} -+ -+/** - * atomic_sub_return - subtract integer and return - * @v: pointer of type atomic_t - * @i: integer value to subtract -@@ -204,6 +394,10 @@ static inline int atomic_sub_return(int i, atomic_t *v) + return i + xadd(&v->counter, i); + } + +@@ -188,6 +362,10 @@ static inline int atomic_sub_return(int i, atomic_t *v) } #define atomic_inc_return(v) (atomic_add_return(1, v)) @@ -10658,7 +11853,7 @@ index b6c3b82..b4c077a 100644 #define atomic_dec_return(v) (atomic_sub_return(1, v)) static inline int atomic_cmpxchg(atomic_t *v, int old, int new) -@@ -211,11 +405,21 @@ static inline int atomic_cmpxchg(atomic_t *v, int old, int new) +@@ -195,11 +373,21 @@ static inline int atomic_cmpxchg(atomic_t *v, int old, int new) return cmpxchg(&v->counter, old, new); } @@ -10680,7 +11875,7 @@ index b6c3b82..b4c077a 100644 /** * __atomic_add_unless - add unless the number is already a given value * @v: pointer of type atomic_t -@@ -227,12 +431,25 @@ static inline int atomic_xchg(atomic_t *v, int new) +@@ -211,12 +399,25 @@ static inline int atomic_xchg(atomic_t *v, int new) */ static inline int __atomic_add_unless(atomic_t *v, int a, int u) { @@ -10709,7 +11904,7 @@ index b6c3b82..b4c077a 100644 if (likely(old == c)) break; c = old; -@@ -241,6 +458,49 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u) +@@ -225,6 +426,49 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u) } /** @@ -10759,7 +11954,7 @@ index b6c3b82..b4c077a 100644 * atomic_inc_short - increment of a short integer * @v: pointer to type int * -@@ -269,14 +529,37 @@ static inline void atomic_or_long(unsigned long *v1, unsigned long v2) +@@ -253,14 +497,37 @@ static inline void atomic_or_long(unsigned long *v1, unsigned long v2) #endif /* These are x86-specific, used by some header files */ @@ -11304,11 +12499,11 @@ index 6dfd019..0c6699f 100644 /** diff --git a/arch/x86/include/asm/boot.h b/arch/x86/include/asm/boot.h -index b13fe63..0dab13a 100644 +index 4fa687a..60f2d39 100644 --- a/arch/x86/include/asm/boot.h +++ b/arch/x86/include/asm/boot.h -@@ -11,10 +11,15 @@ - #include <asm/pgtable_types.h> +@@ -6,10 +6,15 @@ + #include <uapi/asm/boot.h> /* Physical address where kernel should be loaded. */ -#define LOAD_PHYSICAL_ADDR ((CONFIG_PHYSICAL_START \ @@ -11457,10 +12652,10 @@ index 8d871ea..c1a0dc9 100644 ({ \ __typeof__ (*(ptr)) __ret = (inc); \ diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h -index 8c297aa..7a90f03 100644 +index 2d9075e..b75a844 100644 --- a/arch/x86/include/asm/cpufeature.h +++ b/arch/x86/include/asm/cpufeature.h -@@ -205,7 +205,7 @@ +@@ -206,7 +206,7 @@ #define X86_FEATURE_BMI1 (9*32+ 3) /* 1st group bit manipulation extensions */ #define X86_FEATURE_HLE (9*32+ 4) /* Hardware Lock Elision */ #define X86_FEATURE_AVX2 (9*32+ 5) /* AVX2 instructions */ @@ -11469,7 +12664,7 @@ index 8c297aa..7a90f03 100644 #define X86_FEATURE_BMI2 (9*32+ 8) /* 2nd group bit manipulation extensions */ #define X86_FEATURE_ERMS (9*32+ 9) /* Enhanced REP MOVSB/STOSB */ #define X86_FEATURE_INVPCID (9*32+10) /* Invalidate Processor Context ID */ -@@ -379,7 +379,7 @@ static __always_inline __pure bool __static_cpu_has(u16 bit) +@@ -375,7 +375,7 @@ static __always_inline __pure bool __static_cpu_has(u16 bit) ".section .discard,\"aw\",@progbits\n" " .byte 0xff + (4f-3f) - (2b-1b)\n" /* size check */ ".previous\n" @@ -11689,21 +12884,8 @@ index 278441f..b95a174 100644 }; } __attribute__((packed)); -diff --git a/arch/x86/include/asm/e820.h b/arch/x86/include/asm/e820.h -index 3778256..c5d4fce 100644 ---- a/arch/x86/include/asm/e820.h -+++ b/arch/x86/include/asm/e820.h -@@ -69,7 +69,7 @@ struct e820map { - #define ISA_START_ADDRESS 0xa0000 - #define ISA_END_ADDRESS 0x100000 - --#define BIOS_BEGIN 0x000a0000 -+#define BIOS_BEGIN 0x000c0000 - #define BIOS_END 0x00100000 - - #define BIOS_ROM_BASE 0xffe00000 diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h -index 5939f44..f8845f6 100644 +index 9c999c1..3860cb8 100644 --- a/arch/x86/include/asm/elf.h +++ b/arch/x86/include/asm/elf.h @@ -243,7 +243,25 @@ extern int force_personality32; @@ -11807,7 +12989,7 @@ index 41ab26e..a88c9e6 100644 return fpu_restore_checking(&tsk->thread.fpu); } diff --git a/arch/x86/include/asm/futex.h b/arch/x86/include/asm/futex.h -index f373046..02653e2 100644 +index be27ba1..8f13ff9 100644 --- a/arch/x86/include/asm/futex.h +++ b/arch/x86/include/asm/futex.h @@ -12,6 +12,7 @@ @@ -11846,7 +13028,7 @@ index f373046..02653e2 100644 : "r" (oparg), "i" (-EFAULT), "1" (0)) static inline int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr) -@@ -65,10 +67,10 @@ static inline int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr) +@@ -59,10 +61,10 @@ static inline int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr) switch (op) { case FUTEX_OP_SET: @@ -11859,7 +13041,7 @@ index f373046..02653e2 100644 uaddr, oparg); break; case FUTEX_OP_OR: -@@ -128,14 +130,14 @@ static inline int futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr, +@@ -116,14 +118,14 @@ static inline int futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr, return -EFAULT; asm volatile("\t" ASM_STAC "\n" @@ -11959,7 +13141,7 @@ index d3ddd17..c9fb0cc 100644 #define flush_insn_slot(p) do { } while (0) diff --git a/arch/x86/include/asm/local.h b/arch/x86/include/asm/local.h -index c8bed0d..85c03fd 100644 +index 2d89e39..baee879 100644 --- a/arch/x86/include/asm/local.h +++ b/arch/x86/include/asm/local.h @@ -10,33 +10,97 @@ typedef struct { @@ -12136,11 +13318,10 @@ index c8bed0d..85c03fd 100644 : "+m" (l->a.counter), "=qm" (c) : "ir" (i) : "memory"); return c; -@@ -132,7 +232,15 @@ static inline long local_add_return(long i, local_t *l) - #endif - /* Modern 486+ processor */ - __i = i; -- asm volatile(_ASM_XADD "%0, %1;" +@@ -125,6 +225,30 @@ static inline int local_add_negative(long i, local_t *l) + static inline long local_add_return(long i, local_t *l) + { + long __i = i; + asm volatile(_ASM_XADD "%0, %1\n" + +#ifdef CONFIG_PAX_REFCOUNT @@ -12150,13 +13331,11 @@ index c8bed0d..85c03fd 100644 + _ASM_EXTABLE(0b, 0b) +#endif + - : "+r" (i), "+m" (l->a.counter) - : : "memory"); - return i + __i; -@@ -147,6 +255,38 @@ no_xadd: /* Legacy 386 processor */ - #endif - } - ++ : "+r" (i), "+m" (l->a.counter) ++ : : "memory"); ++ return i + __i; ++} ++ +/** + * local_add_return_unchecked - add and return + * @i: integer value to add @@ -12166,33 +13345,11 @@ index c8bed0d..85c03fd 100644 + */ +static inline long local_add_return_unchecked(long i, local_unchecked_t *l) +{ -+ long __i; -+#ifdef CONFIG_M386 -+ unsigned long flags; -+ if (unlikely(boot_cpu_data.x86 <= 3)) -+ goto no_xadd; -+#endif -+ /* Modern 486+ processor */ -+ __i = i; -+ asm volatile(_ASM_XADD "%0, %1\n" -+ : "+r" (i), "+m" (l->a.counter) -+ : : "memory"); -+ return i + __i; -+ -+#ifdef CONFIG_M386 -+no_xadd: /* Legacy 386 processor */ -+ local_irq_save(flags); -+ __i = local_read_unchecked(l); -+ local_set_unchecked(l, i + __i); -+ local_irq_restore(flags); -+ return i + __i; -+#endif -+} -+ - static inline long local_sub_return(long i, local_t *l) - { - return local_add_return(-i, l); -@@ -157,6 +297,8 @@ static inline long local_sub_return(long i, local_t *l) ++ long __i = i; + asm volatile(_ASM_XADD "%0, %1;" + : "+r" (i), "+m" (l->a.counter) + : : "memory"); +@@ -141,6 +265,8 @@ static inline long local_sub_return(long i, local_t *l) #define local_cmpxchg(l, o, n) \ (cmpxchg_local(&((l)->a.counter), (o), (n))) @@ -12202,24 +13359,26 @@ index c8bed0d..85c03fd 100644 #define local_xchg(l, n) (xchg(&((l)->a.counter), (n))) diff --git a/arch/x86/include/asm/mman.h b/arch/x86/include/asm/mman.h -index 593e51d..fa69c9a 100644 ---- a/arch/x86/include/asm/mman.h +new file mode 100644 +index 0000000..2bfd3ba +--- /dev/null +++ b/arch/x86/include/asm/mman.h -@@ -5,4 +5,14 @@ - - #include <asm-generic/mman.h> - +@@ -0,0 +1,15 @@ ++#ifndef _X86_MMAN_H ++#define _X86_MMAN_H ++ ++#include <uapi/asm/mman.h> ++ +#ifdef __KERNEL__ +#ifndef __ASSEMBLY__ +#ifdef CONFIG_X86_32 +#define arch_mmap_check i386_mmap_check -+int i386_mmap_check(unsigned long addr, unsigned long len, -+ unsigned long flags); ++int i386_mmap_check(unsigned long addr, unsigned long len, unsigned long flags); +#endif +#endif +#endif + - #endif /* _ASM_X86_MMAN_H */ ++#endif /* X86_MMAN_H */ diff --git a/arch/x86/include/asm/mmu.h b/arch/x86/include/asm/mmu.h index 5f55e69..e20bfb1 100644 --- a/arch/x86/include/asm/mmu.h @@ -12379,7 +13538,7 @@ index cdbf367..adb37ac 100644 #define activate_mm(prev, next) \ diff --git a/arch/x86/include/asm/module.h b/arch/x86/include/asm/module.h -index 9eae775..c914fea 100644 +index e3b7819..b257c64 100644 --- a/arch/x86/include/asm/module.h +++ b/arch/x86/include/asm/module.h @@ -5,6 +5,7 @@ @@ -12387,10 +13546,10 @@ index 9eae775..c914fea 100644 #ifdef CONFIG_X86_64 /* X86_64 does not define MODULE_PROC_FAMILY */ +#define MODULE_PROC_FAMILY "" - #elif defined CONFIG_M386 - #define MODULE_PROC_FAMILY "386 " #elif defined CONFIG_M486 -@@ -59,8 +60,20 @@ + #define MODULE_PROC_FAMILY "486 " + #elif defined CONFIG_M586 +@@ -57,8 +58,20 @@ #error unknown processor family #endif @@ -12427,10 +13586,10 @@ index 320f7bb..e89f8f8 100644 extern unsigned long __phys_addr(unsigned long); #define __phys_reloc_hide(x) (x) diff --git a/arch/x86/include/asm/paravirt.h b/arch/x86/include/asm/paravirt.h -index a0facf3..c017b15 100644 +index 5edd174..9cf5821 100644 --- a/arch/x86/include/asm/paravirt.h +++ b/arch/x86/include/asm/paravirt.h -@@ -632,6 +632,18 @@ static inline void set_pgd(pgd_t *pgdp, pgd_t pgd) +@@ -630,6 +630,18 @@ static inline void set_pgd(pgd_t *pgdp, pgd_t pgd) val); } @@ -12449,7 +13608,7 @@ index a0facf3..c017b15 100644 static inline void pgd_clear(pgd_t *pgdp) { set_pgd(pgdp, __pgd(0)); -@@ -713,6 +725,21 @@ static inline void __set_fixmap(unsigned /* enum fixed_addresses */ idx, +@@ -711,6 +723,21 @@ static inline void __set_fixmap(unsigned /* enum fixed_addresses */ idx, pv_mmu_ops.set_fixmap(idx, phys, flags); } @@ -12471,7 +13630,7 @@ index a0facf3..c017b15 100644 #if defined(CONFIG_SMP) && defined(CONFIG_PARAVIRT_SPINLOCKS) static inline int arch_spin_is_locked(struct arch_spinlock *lock) -@@ -929,7 +956,7 @@ extern void default_banner(void); +@@ -927,7 +954,7 @@ extern void default_banner(void); #define PARA_PATCH(struct, off) ((PARAVIRT_PATCH_##struct + (off)) / 4) #define PARA_SITE(ptype, clobbers, ops) _PVSITE(ptype, clobbers, ops, .long, 4) @@ -12480,7 +13639,7 @@ index a0facf3..c017b15 100644 #endif #define INTERRUPT_RETURN \ -@@ -1004,6 +1031,21 @@ extern void default_banner(void); +@@ -1002,6 +1029,21 @@ extern void default_banner(void); PARA_SITE(PARA_PATCH(pv_cpu_ops, PV_CPU_irq_enable_sysexit), \ CLBR_NONE, \ jmp PARA_INDIRECT(pv_cpu_ops+PV_CPU_irq_enable_sysexit)) @@ -12662,7 +13821,7 @@ index 4cc9f2b..5fd9226 100644 /* diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h -index 796ed83..9f6c8dd 100644 +index 1c1a955..50f828c 100644 --- a/arch/x86/include/asm/pgtable.h +++ b/arch/x86/include/asm/pgtable.h @@ -44,6 +44,7 @@ extern struct mm_struct *pgd_page_get_mm(struct page *page); @@ -12772,7 +13931,7 @@ index 796ed83..9f6c8dd 100644 #include <linux/mm_types.h> static inline int pte_none(pte_t pte) -@@ -570,7 +639,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address) +@@ -583,7 +652,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address) static inline int pgd_bad(pgd_t pgd) { @@ -12781,7 +13940,7 @@ index 796ed83..9f6c8dd 100644 } static inline int pgd_none(pgd_t pgd) -@@ -593,7 +662,12 @@ static inline int pgd_none(pgd_t pgd) +@@ -606,7 +675,12 @@ static inline int pgd_none(pgd_t pgd) * pgd_offset() returns a (pgd_t *) * pgd_index() is used get the offset into the pgd page's array of pgd_t's; */ @@ -12795,7 +13954,7 @@ index 796ed83..9f6c8dd 100644 /* * a shortcut which implies the use of the kernel's pgd, instead * of a process's -@@ -604,6 +678,20 @@ static inline int pgd_none(pgd_t pgd) +@@ -617,6 +691,20 @@ static inline int pgd_none(pgd_t pgd) #define KERNEL_PGD_BOUNDARY pgd_index(PAGE_OFFSET) #define KERNEL_PGD_PTRS (PTRS_PER_PGD - KERNEL_PGD_BOUNDARY) @@ -12816,7 +13975,7 @@ index 796ed83..9f6c8dd 100644 #ifndef __ASSEMBLY__ extern int direct_gbpages; -@@ -768,11 +856,23 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm, +@@ -781,11 +869,23 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm, * dst and src can be on the same page, but the range must not overlap, * and must not cross a page boundary. */ @@ -12993,7 +14152,7 @@ index 766ea16..5b96cb3 100644 #endif /* _ASM_X86_PGTABLE_64_DEFS_H */ diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h -index ec8a1fc..7ccb593 100644 +index 3c32db8..1ddccf5 100644 --- a/arch/x86/include/asm/pgtable_types.h +++ b/arch/x86/include/asm/pgtable_types.h @@ -16,13 +16,12 @@ @@ -13033,7 +14192,7 @@ index ec8a1fc..7ccb593 100644 #endif #define _PAGE_FILE (_AT(pteval_t, 1) << _PAGE_BIT_FILE) -@@ -96,6 +96,9 @@ +@@ -116,6 +116,9 @@ #define PAGE_READONLY_EXEC __pgprot(_PAGE_PRESENT | _PAGE_USER | \ _PAGE_ACCESSED) @@ -13043,7 +14202,7 @@ index ec8a1fc..7ccb593 100644 #define __PAGE_KERNEL_EXEC \ (_PAGE_PRESENT | _PAGE_RW | _PAGE_DIRTY | _PAGE_ACCESSED | _PAGE_GLOBAL) #define __PAGE_KERNEL (__PAGE_KERNEL_EXEC | _PAGE_NX) -@@ -106,7 +109,7 @@ +@@ -126,7 +129,7 @@ #define __PAGE_KERNEL_WC (__PAGE_KERNEL | _PAGE_CACHE_WC) #define __PAGE_KERNEL_NOCACHE (__PAGE_KERNEL | _PAGE_PCD | _PAGE_PWT) #define __PAGE_KERNEL_UC_MINUS (__PAGE_KERNEL | _PAGE_PCD) @@ -13052,7 +14211,7 @@ index ec8a1fc..7ccb593 100644 #define __PAGE_KERNEL_VVAR (__PAGE_KERNEL_RO | _PAGE_USER) #define __PAGE_KERNEL_VVAR_NOCACHE (__PAGE_KERNEL_VVAR | _PAGE_PCD | _PAGE_PWT) #define __PAGE_KERNEL_LARGE (__PAGE_KERNEL | _PAGE_PSE) -@@ -168,8 +171,8 @@ +@@ -188,8 +191,8 @@ * bits are combined, this will alow user to access the high address mapped * VDSO in the presence of CONFIG_COMPAT_VDSO */ @@ -13063,7 +14222,7 @@ index ec8a1fc..7ccb593 100644 #define PGD_IDENT_ATTR 0x001 /* PRESENT (no other attributes) */ #endif -@@ -207,7 +210,17 @@ static inline pgdval_t pgd_flags(pgd_t pgd) +@@ -227,7 +230,17 @@ static inline pgdval_t pgd_flags(pgd_t pgd) { return native_pgd_val(pgd) & PTE_FLAGS_MASK; } @@ -13081,7 +14240,7 @@ index ec8a1fc..7ccb593 100644 #if PAGETABLE_LEVELS > 3 typedef struct { pudval_t pud; } pud_t; -@@ -221,8 +234,6 @@ static inline pudval_t native_pud_val(pud_t pud) +@@ -241,8 +254,6 @@ static inline pudval_t native_pud_val(pud_t pud) return pud.pud; } #else @@ -13090,7 +14249,7 @@ index ec8a1fc..7ccb593 100644 static inline pudval_t native_pud_val(pud_t pud) { return native_pgd_val(pud.pgd); -@@ -242,8 +253,6 @@ static inline pmdval_t native_pmd_val(pmd_t pmd) +@@ -262,8 +273,6 @@ static inline pmdval_t native_pmd_val(pmd_t pmd) return pmd.pmd; } #else @@ -13099,7 +14258,7 @@ index ec8a1fc..7ccb593 100644 static inline pmdval_t native_pmd_val(pmd_t pmd) { return native_pgd_val(pmd.pud.pgd); -@@ -283,7 +292,6 @@ typedef struct page *pgtable_t; +@@ -303,7 +312,6 @@ typedef struct page *pgtable_t; extern pteval_t __supported_pte_mask; extern void set_nx(void); @@ -13108,10 +14267,10 @@ index ec8a1fc..7ccb593 100644 #define pgprot_writecombine pgprot_writecombine extern pgprot_t pgprot_writecombine(pgprot_t prot); diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h -index ad1fc85..0b15fe1 100644 +index 888184b..a07ac89 100644 --- a/arch/x86/include/asm/processor.h +++ b/arch/x86/include/asm/processor.h -@@ -289,7 +289,7 @@ struct tss_struct { +@@ -287,7 +287,7 @@ struct tss_struct { } ____cacheline_aligned; @@ -13120,7 +14279,7 @@ index ad1fc85..0b15fe1 100644 /* * Save the original ist values for checking stack pointers during debugging -@@ -818,11 +818,18 @@ static inline void spin_lock_prefetch(const void *x) +@@ -827,11 +827,18 @@ static inline void spin_lock_prefetch(const void *x) */ #define TASK_SIZE PAGE_OFFSET #define TASK_SIZE_MAX TASK_SIZE @@ -13141,7 +14300,7 @@ index ad1fc85..0b15fe1 100644 .vm86_info = NULL, \ .sysenter_cs = __KERNEL_CS, \ .io_bitmap_ptr = NULL, \ -@@ -836,7 +843,7 @@ static inline void spin_lock_prefetch(const void *x) +@@ -845,7 +852,7 @@ static inline void spin_lock_prefetch(const void *x) */ #define INIT_TSS { \ .x86_tss = { \ @@ -13150,7 +14309,7 @@ index ad1fc85..0b15fe1 100644 .ss0 = __KERNEL_DS, \ .ss1 = __KERNEL_CS, \ .io_bitmap_base = INVALID_IO_BITMAP_OFFSET, \ -@@ -847,11 +854,7 @@ static inline void spin_lock_prefetch(const void *x) +@@ -856,11 +863,7 @@ static inline void spin_lock_prefetch(const void *x) extern unsigned long thread_saved_pc(struct task_struct *tsk); #define THREAD_SIZE_LONGS (THREAD_SIZE/sizeof(unsigned long)) @@ -13163,7 +14322,7 @@ index ad1fc85..0b15fe1 100644 /* * The below -8 is to reserve 8 bytes on top of the ring0 stack. -@@ -866,7 +869,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); +@@ -875,7 +878,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); #define task_pt_regs(task) \ ({ \ struct pt_regs *__regs__; \ @@ -13172,7 +14331,7 @@ index ad1fc85..0b15fe1 100644 __regs__ - 1; \ }) -@@ -876,13 +879,13 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); +@@ -885,13 +888,13 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); /* * User space process size. 47bits minus one guard page. */ @@ -13188,7 +14347,7 @@ index ad1fc85..0b15fe1 100644 #define TASK_SIZE (test_thread_flag(TIF_ADDR32) ? \ IA32_PAGE_OFFSET : TASK_SIZE_MAX) -@@ -893,11 +896,11 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); +@@ -902,11 +905,11 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); #define STACK_TOP_MAX TASK_SIZE_MAX #define INIT_THREAD { \ @@ -13202,7 +14361,7 @@ index ad1fc85..0b15fe1 100644 } /* -@@ -925,6 +928,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip, +@@ -934,6 +937,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip, */ #define TASK_UNMAPPED_BASE (PAGE_ALIGN(TASK_SIZE / 3)) @@ -13213,7 +14372,7 @@ index ad1fc85..0b15fe1 100644 #define KSTK_EIP(task) (task_pt_regs(task)->ip) /* Get/set a process' ability to use the timestamp counter instruction */ -@@ -985,12 +992,12 @@ extern bool cpu_has_amd_erratum(const int *); +@@ -994,12 +1001,12 @@ extern bool cpu_has_amd_erratum(const int *); #define cpu_has_amd_erratum(x) (false) #endif /* CONFIG_CPU_SUP_AMD */ @@ -13229,10 +14388,10 @@ index ad1fc85..0b15fe1 100644 #endif /* _ASM_X86_PROCESSOR_H */ diff --git a/arch/x86/include/asm/ptrace.h b/arch/x86/include/asm/ptrace.h -index 19f16eb..b50624b 100644 +index 942a086..6c26446 100644 --- a/arch/x86/include/asm/ptrace.h +++ b/arch/x86/include/asm/ptrace.h -@@ -155,28 +155,29 @@ static inline unsigned long regs_return_value(struct pt_regs *regs) +@@ -85,28 +85,29 @@ static inline unsigned long regs_return_value(struct pt_regs *regs) } /* @@ -13268,7 +14427,7 @@ index 19f16eb..b50624b 100644 #endif } -@@ -192,15 +193,16 @@ static inline int v8086_mode(struct pt_regs *regs) +@@ -122,15 +123,16 @@ static inline int v8086_mode(struct pt_regs *regs) #ifdef CONFIG_X86_64 static inline bool user_64bit_mode(struct pt_regs *regs) { @@ -13286,7 +14445,22 @@ index 19f16eb..b50624b 100644 + return cs == __USER_CS || cs == pv_info.extra_user_64bit_cs; #endif } + +@@ -181,9 +183,11 @@ static inline unsigned long regs_get_register(struct pt_regs *regs, + * Traps from the kernel do not save sp and ss. + * Use the helper function to retrieve sp. + */ +- if (offset == offsetof(struct pt_regs, sp) && +- regs->cs == __KERNEL_CS) +- return kernel_stack_pointer(regs); ++ if (offset == offsetof(struct pt_regs, sp)) { ++ unsigned long cs = regs->cs & 0xffff; ++ if (cs == __KERNEL_CS || cs == __KERNEXEC_KERNEL_CS) ++ return kernel_stack_pointer(regs); ++ } #endif + return *(unsigned long *)((unsigned long)regs + offset); + } diff --git a/arch/x86/include/asm/realmode.h b/arch/x86/include/asm/realmode.h index fe1ec5b..dc5c3fe 100644 --- a/arch/x86/include/asm/realmode.h @@ -13532,7 +14706,7 @@ index c48a950..c6d7468 100644 #endif /* !__ASSEMBLY__ */ diff --git a/arch/x86/include/asm/smp.h b/arch/x86/include/asm/smp.h -index 4f19a15..9e14f27 100644 +index b073aae..39f9bdd 100644 --- a/arch/x86/include/asm/smp.h +++ b/arch/x86/include/asm/smp.h @@ -36,7 +36,7 @@ DECLARE_PER_CPU_READ_MOSTLY(cpumask_var_t, cpu_core_map); @@ -13553,7 +14727,7 @@ index 4f19a15..9e14f27 100644 /* Globals due to paravirt */ extern void set_cpu_sibling_map(int cpu); -@@ -190,14 +190,8 @@ extern unsigned disabled_cpus __cpuinitdata; +@@ -191,14 +191,8 @@ extern unsigned disabled_cpus __cpuinitdata; extern int safe_smp_processor_id(void); #elif defined(CONFIG_X86_64_SMP) @@ -13937,7 +15111,7 @@ index 2d946e6..e453ec4 100644 #endif #endif /* _ASM_X86_THREAD_INFO_H */ diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h -index 7ccf8d1..9a18110 100644 +index 1709801..0a60f2f 100644 --- a/arch/x86/include/asm/uaccess.h +++ b/arch/x86/include/asm/uaccess.h @@ -7,6 +7,7 @@ @@ -14033,7 +15207,7 @@ index 7ccf8d1..9a18110 100644 "3: " ASM_CLAC "\n" \ _ASM_EXTABLE_EX(1b, 2b) \ _ASM_EXTABLE_EX(2b, 3b) \ -@@ -261,7 +300,7 @@ extern void __put_user_8(void); +@@ -259,7 +298,7 @@ extern void __put_user_8(void); __typeof__(*(ptr)) __pu_val; \ __chk_user_ptr(ptr); \ might_fault(); \ @@ -14042,7 +15216,7 @@ index 7ccf8d1..9a18110 100644 switch (sizeof(*(ptr))) { \ case 1: \ __put_user_x(1, __pu_val, ptr, __ret_pu); \ -@@ -383,7 +422,7 @@ do { \ +@@ -358,7 +397,7 @@ do { \ #define __get_user_asm(x, addr, err, itype, rtype, ltype, errret) \ asm volatile(ASM_STAC "\n" \ @@ -14051,7 +15225,7 @@ index 7ccf8d1..9a18110 100644 "2: " ASM_CLAC "\n" \ ".section .fixup,\"ax\"\n" \ "3: mov %3,%0\n" \ -@@ -391,7 +430,7 @@ do { \ +@@ -366,7 +405,7 @@ do { \ " jmp 2b\n" \ ".previous\n" \ _ASM_EXTABLE(1b, 3b) \ @@ -14060,7 +15234,7 @@ index 7ccf8d1..9a18110 100644 : "m" (__m(addr)), "i" (errret), "0" (err)) #define __get_user_size_ex(x, ptr, size) \ -@@ -416,7 +455,7 @@ do { \ +@@ -391,7 +430,7 @@ do { \ } while (0) #define __get_user_asm_ex(x, addr, itype, rtype, ltype) \ @@ -14069,7 +15243,7 @@ index 7ccf8d1..9a18110 100644 "2:\n" \ _ASM_EXTABLE_EX(1b, 2b) \ : ltype(x) : "m" (__m(addr))) -@@ -433,13 +472,24 @@ do { \ +@@ -408,13 +447,24 @@ do { \ int __gu_err; \ unsigned long __gu_val; \ __get_user_size(__gu_val, (ptr), (size), __gu_err, -EFAULT); \ @@ -14096,7 +15270,7 @@ index 7ccf8d1..9a18110 100644 /* * Tell gcc we read from memory instead of writing: this is because -@@ -448,7 +498,7 @@ struct __large_struct { unsigned long buf[100]; }; +@@ -423,7 +473,7 @@ struct __large_struct { unsigned long buf[100]; }; */ #define __put_user_asm(x, addr, err, itype, rtype, ltype, errret) \ asm volatile(ASM_STAC "\n" \ @@ -14105,7 +15279,7 @@ index 7ccf8d1..9a18110 100644 "2: " ASM_CLAC "\n" \ ".section .fixup,\"ax\"\n" \ "3: mov %3,%0\n" \ -@@ -456,10 +506,10 @@ struct __large_struct { unsigned long buf[100]; }; +@@ -431,10 +481,10 @@ struct __large_struct { unsigned long buf[100]; }; ".previous\n" \ _ASM_EXTABLE(1b, 3b) \ : "=r"(err) \ @@ -14118,7 +15292,7 @@ index 7ccf8d1..9a18110 100644 "2:\n" \ _ASM_EXTABLE_EX(1b, 2b) \ : : ltype(x), "m" (__m(addr))) -@@ -498,8 +548,12 @@ struct __large_struct { unsigned long buf[100]; }; +@@ -473,8 +523,12 @@ struct __large_struct { unsigned long buf[100]; }; * On error, the variable @x is set to zero. */ @@ -14131,7 +15305,7 @@ index 7ccf8d1..9a18110 100644 /** * __put_user: - Write a simple value into user space, with less checking. -@@ -521,8 +575,12 @@ struct __large_struct { unsigned long buf[100]; }; +@@ -496,8 +550,12 @@ struct __large_struct { unsigned long buf[100]; }; * Returns zero on success, or -EFAULT on error. */ @@ -14144,7 +15318,7 @@ index 7ccf8d1..9a18110 100644 #define __get_user_unaligned __get_user #define __put_user_unaligned __put_user -@@ -540,7 +598,7 @@ struct __large_struct { unsigned long buf[100]; }; +@@ -515,7 +573,7 @@ struct __large_struct { unsigned long buf[100]; }; #define get_user_ex(x, ptr) do { \ unsigned long __gue_val; \ __get_user_size_ex((__gue_val), (ptr), (sizeof(*(ptr)))); \ @@ -14152,8 +15326,8 @@ index 7ccf8d1..9a18110 100644 + (x) = (__typeof__(*(ptr)))__gue_val; \ } while (0) - #ifdef CONFIG_X86_WP_WORKS_OK -@@ -574,8 +632,8 @@ strncpy_from_user(char *dst, const char __user *src, long count); + #define put_user_try uaccess_try +@@ -532,8 +590,8 @@ strncpy_from_user(char *dst, const char __user *src, long count); extern __must_check long strlen_user(const char __user *str); extern __must_check long strnlen_user(const char __user *str, long n); @@ -14339,7 +15513,7 @@ index 7f760a9..04b1c65 100644 } diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h -index 142810c..4b68a3e 100644 +index 142810c..747941a 100644 --- a/arch/x86/include/asm/uaccess_64.h +++ b/arch/x86/include/asm/uaccess_64.h @@ -10,6 +10,9 @@ @@ -14370,7 +15544,7 @@ index 142810c..4b68a3e 100644 copy_user_generic(void *to, const void *from, unsigned len) { unsigned ret; -@@ -41,142 +44,203 @@ copy_user_generic(void *to, const void *from, unsigned len) +@@ -41,142 +44,204 @@ copy_user_generic(void *to, const void *from, unsigned len) ASM_OUTPUT2("=a" (ret), "=D" (to), "=S" (from), "=d" (len)), "1" (to), "2" (from), "3" (len) @@ -14422,6 +15596,7 @@ index 142810c..4b68a3e 100644 -#endif + + check_object_size(to, n, false); ++ + if (access_ok(VERIFY_READ, from, n)) + n = __copy_from_user(to, from, n); + else if (n < INT_MAX) @@ -14619,7 +15794,7 @@ index 142810c..4b68a3e 100644 ret, "b", "b", "=q", 1); if (likely(!ret)) __put_user_asm(tmp, (u8 __user *)dst, -@@ -185,7 +249,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) +@@ -185,7 +250,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) } case 2: { u16 tmp; @@ -14628,7 +15803,7 @@ index 142810c..4b68a3e 100644 ret, "w", "w", "=r", 2); if (likely(!ret)) __put_user_asm(tmp, (u16 __user *)dst, -@@ -195,7 +259,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) +@@ -195,7 +260,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) case 4: { u32 tmp; @@ -14637,7 +15812,7 @@ index 142810c..4b68a3e 100644 ret, "l", "k", "=r", 4); if (likely(!ret)) __put_user_asm(tmp, (u32 __user *)dst, -@@ -204,7 +268,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) +@@ -204,7 +269,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) } case 8: { u64 tmp; @@ -14646,7 +15821,7 @@ index 142810c..4b68a3e 100644 ret, "q", "", "=r", 8); if (likely(!ret)) __put_user_asm(tmp, (u64 __user *)dst, -@@ -212,41 +276,72 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) +@@ -212,41 +277,72 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) return ret; } default: @@ -14828,11 +16003,24 @@ index 0415cda..b43d877 100644 "2: " ASM_CLAC "\n" ".section .fixup,\"ax\"\n" "3: movl $-1,%[err]\n" +diff --git a/arch/x86/include/uapi/asm/e820.h b/arch/x86/include/uapi/asm/e820.h +index bbae024..e1528f9 100644 +--- a/arch/x86/include/uapi/asm/e820.h ++++ b/arch/x86/include/uapi/asm/e820.h +@@ -63,7 +63,7 @@ struct e820map { + #define ISA_START_ADDRESS 0xa0000 + #define ISA_END_ADDRESS 0x100000 + +-#define BIOS_BEGIN 0x000a0000 ++#define BIOS_BEGIN 0x000c0000 + #define BIOS_END 0x00100000 + + #define BIOS_ROM_BASE 0xffe00000 diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile -index 91ce48f..a48ea05 100644 +index 34e923a..0c6bb6e 100644 --- a/arch/x86/kernel/Makefile +++ b/arch/x86/kernel/Makefile -@@ -23,7 +23,7 @@ obj-y += time.o ioport.o ldt.o dumpstack.o nmi.o +@@ -22,7 +22,7 @@ obj-y += time.o ioport.o ldt.o dumpstack.o nmi.o obj-y += setup.o x86_init.o i8259.o irqinit.o jump_label.o obj-$(CONFIG_IRQ_WORK) += irq_work.o obj-y += probe_roms.o @@ -14842,7 +16030,7 @@ index 91ce48f..a48ea05 100644 obj-y += syscall_$(BITS).o obj-$(CONFIG_X86_64) += vsyscall_64.o diff --git a/arch/x86/kernel/acpi/sleep.c b/arch/x86/kernel/acpi/sleep.c -index 11676cf..a8cf3ec 100644 +index d5e0d71..6533e08 100644 --- a/arch/x86/kernel/acpi/sleep.c +++ b/arch/x86/kernel/acpi/sleep.c @@ -74,8 +74,12 @@ int acpi_suspend_lowlevel(void) @@ -15016,10 +16204,19 @@ index ef5ccca..bd83949 100644 } diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c -index b17416e..5ed0f3e 100644 +index b994cc8..812b537 100644 --- a/arch/x86/kernel/apic/apic.c +++ b/arch/x86/kernel/apic/apic.c -@@ -185,7 +185,7 @@ int first_system_vector = 0xfe; +@@ -131,7 +131,7 @@ static int __init parse_lapic(char *arg) + { + if (config_enabled(CONFIG_X86_32) && !arg) + force_enable_local_apic = 1; +- else if (!strncmp(arg, "notscdeadline", 13)) ++ else if (arg && !strncmp(arg, "notscdeadline", 13)) + setup_clear_cpu_cap(X86_FEATURE_TSC_DEADLINE_TIMER); + return 0; + } +@@ -189,7 +189,7 @@ int first_system_vector = 0xfe; /* * Debug level, exported for io_apic.c */ @@ -15028,7 +16225,7 @@ index b17416e..5ed0f3e 100644 int pic_mode; -@@ -1923,7 +1923,7 @@ void smp_error_interrupt(struct pt_regs *regs) +@@ -1956,7 +1956,7 @@ void smp_error_interrupt(struct pt_regs *regs) apic_write(APIC_ESR, 0); v1 = apic_read(APIC_ESR); ack_APIC_irq(); @@ -15096,7 +16293,7 @@ index 0874799..24a836e 100644 .name = "es7000", .probe = probe_es7000, diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c -index 1817fa9..7bff097 100644 +index b739d39..6e4f1db 100644 --- a/arch/x86/kernel/apic/io_apic.c +++ b/arch/x86/kernel/apic/io_apic.c @@ -1084,7 +1084,7 @@ int IO_APIC_get_PCI_irq_vector(int bus, int slot, int pin, @@ -15117,7 +16314,7 @@ index 1817fa9..7bff097 100644 { raw_spin_unlock(&vector_lock); } -@@ -2411,7 +2411,7 @@ static void ack_apic_edge(struct irq_data *data) +@@ -2399,7 +2399,7 @@ static void ack_apic_edge(struct irq_data *data) ack_APIC_irq(); } @@ -15126,7 +16323,7 @@ index 1817fa9..7bff097 100644 #ifdef CONFIG_GENERIC_PENDING_IRQ static bool io_apic_level_ack_pending(struct irq_cfg *cfg) -@@ -2552,7 +2552,7 @@ static void ack_apic_level(struct irq_data *data) +@@ -2540,7 +2540,7 @@ static void ack_apic_level(struct irq_data *data) * at the cpu. */ if (!(v & (1 << (i & 0x1f)))) { @@ -15176,9 +16373,18 @@ index 77c95c0..434f8a4 100644 .name = "summit", .probe = probe_summit, diff --git a/arch/x86/kernel/apic/x2apic_cluster.c b/arch/x86/kernel/apic/x2apic_cluster.c -index c88baa4..a89def0 100644 +index c88baa4..757aee1 100644 --- a/arch/x86/kernel/apic/x2apic_cluster.c +++ b/arch/x86/kernel/apic/x2apic_cluster.c +@@ -183,7 +183,7 @@ update_clusterinfo(struct notifier_block *nfb, unsigned long action, void *hcpu) + return notifier_from_errno(err); + } + +-static struct notifier_block __refdata x2apic_cpu_notifier = { ++static struct notifier_block x2apic_cpu_notifier = { + .notifier_call = update_clusterinfo, + }; + @@ -235,7 +235,7 @@ static void cluster_vector_allocation_domain(int cpu, struct cpumask *retmask, cpumask_and(retmask, mask, per_cpu(cpus_in_cluster, cpu)); } @@ -15357,10 +16563,10 @@ index a0e067d..9c7db16 100644 obj-y += proc.o capflags.o powerflags.o common.o obj-y += vmware.o hypervisor.o mshyperv.o diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c -index 1b7d165..b9e2627 100644 +index 15239ff..e23e04e 100644 --- a/arch/x86/kernel/cpu/amd.c +++ b/arch/x86/kernel/cpu/amd.c -@@ -738,7 +738,7 @@ static unsigned int __cpuinit amd_size_cache(struct cpuinfo_x86 *c, +@@ -733,7 +733,7 @@ static unsigned int __cpuinit amd_size_cache(struct cpuinfo_x86 *c, unsigned int size) { /* AMD errata T13 (order #21922) */ @@ -15370,7 +16576,7 @@ index 1b7d165..b9e2627 100644 if (c->x86_model == 3 && c->x86_mask == 0) size = 64; diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c -index 7505f7b..d59dac0 100644 +index 9c3ab43..51e6366 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -86,60 +86,6 @@ static const struct cpu_dev __cpuinitconst default_cpu = { @@ -15478,16 +16684,7 @@ index 7505f7b..d59dac0 100644 EXPORT_PER_CPU_SYMBOL(kernel_stack); DEFINE_PER_CPU(char *, irq_stack_ptr) = -@@ -1178,7 +1130,7 @@ struct pt_regs * __cpuinit idle_regs(struct pt_regs *regs) - { - memset(regs, 0, sizeof(struct pt_regs)); - regs->fs = __KERNEL_PERCPU; -- regs->gs = __KERNEL_STACK_CANARY; -+ savesegment(gs, regs->gs); - - return regs; - } -@@ -1233,7 +1185,7 @@ void __cpuinit cpu_init(void) +@@ -1224,7 +1176,7 @@ void __cpuinit cpu_init(void) int i; cpu = stack_smp_processor_id(); @@ -15496,7 +16693,7 @@ index 7505f7b..d59dac0 100644 oist = &per_cpu(orig_ist, cpu); #ifdef CONFIG_NUMA -@@ -1259,7 +1211,7 @@ void __cpuinit cpu_init(void) +@@ -1250,7 +1202,7 @@ void __cpuinit cpu_init(void) switch_to_new_gdt(cpu); loadsegment(fs, 0); @@ -15505,15 +16702,15 @@ index 7505f7b..d59dac0 100644 memset(me->thread.tls_array, 0, GDT_ENTRY_TLS_ENTRIES * 8); syscall_init(); -@@ -1268,7 +1220,6 @@ void __cpuinit cpu_init(void) +@@ -1259,7 +1211,6 @@ void __cpuinit cpu_init(void) wrmsrl(MSR_KERNEL_GS_BASE, 0); barrier(); - x86_configure_nx(); - if (cpu != 0) - enable_x2apic(); + enable_x2apic(); -@@ -1321,7 +1272,7 @@ void __cpuinit cpu_init(void) + /* +@@ -1311,7 +1262,7 @@ void __cpuinit cpu_init(void) { int cpu = smp_processor_id(); struct task_struct *curr = current; @@ -15523,7 +16720,7 @@ index 7505f7b..d59dac0 100644 if (cpumask_test_and_set_cpu(cpu, cpu_initialized_mask)) { diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c -index 198e019..867575e 100644 +index fcaabd0..7b55a26 100644 --- a/arch/x86/kernel/cpu/intel.c +++ b/arch/x86/kernel/cpu/intel.c @@ -174,7 +174,7 @@ static void __cpuinit trap_init_f00f_bug(void) @@ -15536,10 +16733,10 @@ index 198e019..867575e 100644 } #endif diff --git a/arch/x86/kernel/cpu/intel_cacheinfo.c b/arch/x86/kernel/cpu/intel_cacheinfo.c -index 93c5451..3887433 100644 +index 84c1309..39b7224 100644 --- a/arch/x86/kernel/cpu/intel_cacheinfo.c +++ b/arch/x86/kernel/cpu/intel_cacheinfo.c -@@ -983,6 +983,22 @@ static struct attribute *default_attrs[] = { +@@ -1017,6 +1017,22 @@ static struct attribute *default_attrs[] = { }; #ifdef CONFIG_AMD_NB @@ -15562,7 +16759,7 @@ index 93c5451..3887433 100644 static struct attribute ** __cpuinit amd_l3_attrs(void) { static struct attribute **attrs; -@@ -993,18 +1009,7 @@ static struct attribute ** __cpuinit amd_l3_attrs(void) +@@ -1027,18 +1043,7 @@ static struct attribute ** __cpuinit amd_l3_attrs(void) n = ARRAY_SIZE(default_attrs); @@ -15582,7 +16779,7 @@ index 93c5451..3887433 100644 if (amd_nb_has_feature(AMD_NB_L3_INDEX_DISABLE)) { attrs[n++] = &cache_disable_0.attr; -@@ -1055,6 +1060,13 @@ static struct kobj_type ktype_cache = { +@@ -1089,6 +1094,13 @@ static struct kobj_type ktype_cache = { .default_attrs = default_attrs, }; @@ -15596,7 +16793,7 @@ index 93c5451..3887433 100644 static struct kobj_type ktype_percpu_entry = { .sysfs_ops = &sysfs_ops, }; -@@ -1120,20 +1132,26 @@ static int __cpuinit cache_add_dev(struct device *dev) +@@ -1154,20 +1166,26 @@ static int __cpuinit cache_add_dev(struct device *dev) return retval; } @@ -15626,8 +16823,17 @@ index 93c5451..3887433 100644 per_cpu(ici_cache_kobject, cpu), "index%1lu", i); if (unlikely(retval)) { +@@ -1222,7 +1240,7 @@ static int __cpuinit cacheinfo_cpu_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata cacheinfo_cpu_notifier = { ++static struct notifier_block cacheinfo_cpu_notifier = { + .notifier_call = cacheinfo_cpu_callback, + }; + diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c -index 46cbf86..55c7292 100644 +index 80dbda8..b45ebad 100644 --- a/arch/x86/kernel/cpu/mcheck/mce.c +++ b/arch/x86/kernel/cpu/mcheck/mce.c @@ -45,6 +45,7 @@ @@ -15638,7 +16844,7 @@ index 46cbf86..55c7292 100644 #include "mce-internal.h" -@@ -254,7 +255,7 @@ static void print_mce(struct mce *m) +@@ -246,7 +247,7 @@ static void print_mce(struct mce *m) !(m->mcgstatus & MCG_STATUS_EIPV) ? " !INEXACT!" : "", m->cs, m->ip); @@ -15647,7 +16853,7 @@ index 46cbf86..55c7292 100644 print_symbol("{%s}", m->ip); pr_cont("\n"); } -@@ -287,10 +288,10 @@ static void print_mce(struct mce *m) +@@ -279,10 +280,10 @@ static void print_mce(struct mce *m) #define PANIC_TIMEOUT 5 /* 5 seconds */ @@ -15660,7 +16866,7 @@ index 46cbf86..55c7292 100644 /* Panic in progress. Enable interrupts and wait for final IPI */ static void wait_for_panic(void) -@@ -314,7 +315,7 @@ static void mce_panic(char *msg, struct mce *final, char *exp) +@@ -306,7 +307,7 @@ static void mce_panic(char *msg, struct mce *final, char *exp) /* * Make sure only one CPU runs in machine check panic */ @@ -15669,7 +16875,7 @@ index 46cbf86..55c7292 100644 wait_for_panic(); barrier(); -@@ -322,7 +323,7 @@ static void mce_panic(char *msg, struct mce *final, char *exp) +@@ -314,7 +315,7 @@ static void mce_panic(char *msg, struct mce *final, char *exp) console_verbose(); } else { /* Don't log too much for fake panic */ @@ -15678,16 +16884,16 @@ index 46cbf86..55c7292 100644 return; } /* First print corrected ones that are still unlogged */ -@@ -694,7 +695,7 @@ static int mce_timed_out(u64 *t) +@@ -686,7 +687,7 @@ static int mce_timed_out(u64 *t) * might have been modified by someone else. */ rmb(); - if (atomic_read(&mce_paniced)) + if (atomic_read_unchecked(&mce_paniced)) wait_for_panic(); - if (!monarch_timeout) + if (!mca_cfg.monarch_timeout) goto out; -@@ -1659,7 +1660,7 @@ static void unexpected_machine_check(struct pt_regs *regs, long error_code) +@@ -1662,7 +1663,7 @@ static void unexpected_machine_check(struct pt_regs *regs, long error_code) } /* Call the installed machine check handler for this CPU setup. */ @@ -15696,7 +16902,7 @@ index 46cbf86..55c7292 100644 unexpected_machine_check; /* -@@ -1682,7 +1683,9 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c) +@@ -1685,7 +1686,9 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c) return; } @@ -15706,7 +16912,7 @@ index 46cbf86..55c7292 100644 __mcheck_cpu_init_generic(); __mcheck_cpu_init_vendor(c); -@@ -1696,7 +1699,7 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c) +@@ -1699,7 +1702,7 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c) */ static DEFINE_SPINLOCK(mce_chrdev_state_lock); @@ -15715,7 +16921,7 @@ index 46cbf86..55c7292 100644 static int mce_chrdev_open_exclu; /* already open exclusive? */ static int mce_chrdev_open(struct inode *inode, struct file *file) -@@ -1704,7 +1707,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file) +@@ -1707,7 +1710,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file) spin_lock(&mce_chrdev_state_lock); if (mce_chrdev_open_exclu || @@ -15724,7 +16930,7 @@ index 46cbf86..55c7292 100644 spin_unlock(&mce_chrdev_state_lock); return -EBUSY; -@@ -1712,7 +1715,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file) +@@ -1715,7 +1718,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file) if (file->f_flags & O_EXCL) mce_chrdev_open_exclu = 1; @@ -15733,7 +16939,7 @@ index 46cbf86..55c7292 100644 spin_unlock(&mce_chrdev_state_lock); -@@ -1723,7 +1726,7 @@ static int mce_chrdev_release(struct inode *inode, struct file *file) +@@ -1726,7 +1729,7 @@ static int mce_chrdev_release(struct inode *inode, struct file *file) { spin_lock(&mce_chrdev_state_lock); @@ -15742,16 +16948,16 @@ index 46cbf86..55c7292 100644 mce_chrdev_open_exclu = 0; spin_unlock(&mce_chrdev_state_lock); -@@ -2367,7 +2370,7 @@ mce_cpu_callback(struct notifier_block *nfb, unsigned long action, void *hcpu) +@@ -2372,7 +2375,7 @@ mce_cpu_callback(struct notifier_block *nfb, unsigned long action, void *hcpu) return NOTIFY_OK; } -static struct notifier_block mce_cpu_notifier __cpuinitdata = { -+static struct notifier_block mce_cpu_notifier __cpuinitconst = { ++static struct notifier_block mce_cpu_notifier = { .notifier_call = mce_cpu_callback, }; -@@ -2445,7 +2448,7 @@ struct dentry *mce_get_debugfs_dir(void) +@@ -2450,7 +2453,7 @@ struct dentry *mce_get_debugfs_dir(void) static void mce_reset(void) { cpu_missing = 0; @@ -15782,6 +16988,19 @@ index 2d5454c..51987eb 100644 /* Make sure the vector pointer is visible before we enable MCEs: */ wmb(); +diff --git a/arch/x86/kernel/cpu/mcheck/therm_throt.c b/arch/x86/kernel/cpu/mcheck/therm_throt.c +index 47a1870..8c019a7 100644 +--- a/arch/x86/kernel/cpu/mcheck/therm_throt.c ++++ b/arch/x86/kernel/cpu/mcheck/therm_throt.c +@@ -288,7 +288,7 @@ thermal_throttle_cpu_callback(struct notifier_block *nfb, + return notifier_from_errno(err); + } + +-static struct notifier_block thermal_throttle_cpu_notifier __cpuinitdata = ++static struct notifier_block thermal_throttle_cpu_notifier = + { + .notifier_call = thermal_throttle_cpu_callback, + }; diff --git a/arch/x86/kernel/cpu/mcheck/winchip.c b/arch/x86/kernel/cpu/mcheck/winchip.c index 2d7998f..17c9de1 100644 --- a/arch/x86/kernel/cpu/mcheck/winchip.c @@ -15805,7 +17024,7 @@ index 2d7998f..17c9de1 100644 wmb(); diff --git a/arch/x86/kernel/cpu/mtrr/main.c b/arch/x86/kernel/cpu/mtrr/main.c -index 6b96110..0da73eb 100644 +index 726bf96..81f0526 100644 --- a/arch/x86/kernel/cpu/mtrr/main.c +++ b/arch/x86/kernel/cpu/mtrr/main.c @@ -62,7 +62,7 @@ static DEFINE_MUTEX(mtrr_mutex); @@ -15831,10 +17050,10 @@ index df5e41f..816c719 100644 extern int generic_get_free_region(unsigned long base, unsigned long size, int replace_reg); diff --git a/arch/x86/kernel/cpu/perf_event.c b/arch/x86/kernel/cpu/perf_event.c -index d18b2b8..d3b834c 100644 +index 6774c17..a691911 100644 --- a/arch/x86/kernel/cpu/perf_event.c +++ b/arch/x86/kernel/cpu/perf_event.c -@@ -1759,7 +1759,7 @@ static unsigned long get_segment_base(unsigned int segment) +@@ -1880,7 +1880,7 @@ static unsigned long get_segment_base(unsigned int segment) if (idx > GDT_ENTRIES) return 0; @@ -15843,7 +17062,7 @@ index d18b2b8..d3b834c 100644 } return get_desc_base(desc + idx); -@@ -1849,7 +1849,7 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs) +@@ -1970,7 +1970,7 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs) break; perf_callchain_store(entry, frame.return_address); @@ -15853,10 +17072,10 @@ index d18b2b8..d3b834c 100644 } diff --git a/arch/x86/kernel/cpu/perf_event_intel.c b/arch/x86/kernel/cpu/perf_event_intel.c -index 324bb52..1a93d85 100644 +index 4914e94..60b06e3 100644 --- a/arch/x86/kernel/cpu/perf_event_intel.c +++ b/arch/x86/kernel/cpu/perf_event_intel.c -@@ -1949,10 +1949,10 @@ __init int intel_pmu_init(void) +@@ -1958,10 +1958,10 @@ __init int intel_pmu_init(void) * v2 and above have a perf capabilities MSR */ if (version > 1) { @@ -15870,11 +17089,37 @@ index 324bb52..1a93d85 100644 } intel_ds_init(); +diff --git a/arch/x86/kernel/cpu/perf_event_intel_uncore.c b/arch/x86/kernel/cpu/perf_event_intel_uncore.c +index b43200d..62cddfe 100644 +--- a/arch/x86/kernel/cpu/perf_event_intel_uncore.c ++++ b/arch/x86/kernel/cpu/perf_event_intel_uncore.c +@@ -2826,7 +2826,7 @@ static int + return NOTIFY_OK; + } + +-static struct notifier_block uncore_cpu_nb __cpuinitdata = { ++static struct notifier_block uncore_cpu_nb = { + .notifier_call = uncore_cpu_notifier, + /* + * to migrate uncore events, our notifier should be executed +diff --git a/arch/x86/kernel/cpuid.c b/arch/x86/kernel/cpuid.c +index 60c7891..9e911d3 100644 +--- a/arch/x86/kernel/cpuid.c ++++ b/arch/x86/kernel/cpuid.c +@@ -171,7 +171,7 @@ static int __cpuinit cpuid_class_cpu_callback(struct notifier_block *nfb, + return notifier_from_errno(err); + } + +-static struct notifier_block __refdata cpuid_class_cpu_notifier = ++static struct notifier_block cpuid_class_cpu_notifier = + { + .notifier_call = cpuid_class_cpu_callback, + }; diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c -index 13ad899..f642b9a 100644 +index 74467fe..18793d5 100644 --- a/arch/x86/kernel/crash.c +++ b/arch/x86/kernel/crash.c -@@ -36,10 +36,8 @@ static void kdump_nmi_callback(int cpu, struct pt_regs *regs) +@@ -58,10 +58,8 @@ static void kdump_nmi_callback(int cpu, struct pt_regs *regs) { #ifdef CONFIG_X86_32 struct pt_regs fixed_regs; @@ -16305,7 +17550,7 @@ index 9b9f18b..9fcaa04 100644 #include <asm/processor.h> #include <asm/fcntl.h> diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S -index cf8639b..6c6a674 100644 +index 6ed91d9..6cc365b 100644 --- a/arch/x86/kernel/entry_32.S +++ b/arch/x86/kernel/entry_32.S @@ -177,13 +177,153 @@ @@ -16779,7 +18024,7 @@ index cf8639b..6c6a674 100644 CFI_ENDPROC /* * End of kprobes section -@@ -772,8 +1004,15 @@ ENDPROC(ptregs_clone) +@@ -753,8 +985,15 @@ PTREGSCALL1(vm86old) * normal stack and adjusts ESP with the matching offset. */ /* fixup the stack */ @@ -16797,7 +18042,7 @@ index cf8639b..6c6a674 100644 shl $16, %eax addl %esp, %eax /* the adjusted stack pointer */ pushl_cfi $__KERNEL_DS -@@ -826,7 +1065,7 @@ vector=vector+1 +@@ -807,7 +1046,7 @@ vector=vector+1 .endr 2: jmp common_interrupt .endr @@ -16806,7 +18051,7 @@ index cf8639b..6c6a674 100644 .previous END(interrupt) -@@ -877,7 +1116,7 @@ ENTRY(coprocessor_error) +@@ -858,7 +1097,7 @@ ENTRY(coprocessor_error) pushl_cfi $do_coprocessor_error jmp error_code CFI_ENDPROC @@ -16815,7 +18060,7 @@ index cf8639b..6c6a674 100644 ENTRY(simd_coprocessor_error) RING0_INT_FRAME -@@ -899,7 +1138,7 @@ ENTRY(simd_coprocessor_error) +@@ -880,7 +1119,7 @@ ENTRY(simd_coprocessor_error) #endif jmp error_code CFI_ENDPROC @@ -16824,7 +18069,7 @@ index cf8639b..6c6a674 100644 ENTRY(device_not_available) RING0_INT_FRAME -@@ -908,18 +1147,18 @@ ENTRY(device_not_available) +@@ -889,18 +1128,18 @@ ENTRY(device_not_available) pushl_cfi $do_device_not_available jmp error_code CFI_ENDPROC @@ -16846,7 +18091,7 @@ index cf8639b..6c6a674 100644 #endif ENTRY(overflow) -@@ -929,7 +1168,7 @@ ENTRY(overflow) +@@ -910,7 +1149,7 @@ ENTRY(overflow) pushl_cfi $do_overflow jmp error_code CFI_ENDPROC @@ -16855,7 +18100,7 @@ index cf8639b..6c6a674 100644 ENTRY(bounds) RING0_INT_FRAME -@@ -938,7 +1177,7 @@ ENTRY(bounds) +@@ -919,7 +1158,7 @@ ENTRY(bounds) pushl_cfi $do_bounds jmp error_code CFI_ENDPROC @@ -16864,7 +18109,7 @@ index cf8639b..6c6a674 100644 ENTRY(invalid_op) RING0_INT_FRAME -@@ -947,7 +1186,7 @@ ENTRY(invalid_op) +@@ -928,7 +1167,7 @@ ENTRY(invalid_op) pushl_cfi $do_invalid_op jmp error_code CFI_ENDPROC @@ -16873,7 +18118,7 @@ index cf8639b..6c6a674 100644 ENTRY(coprocessor_segment_overrun) RING0_INT_FRAME -@@ -956,7 +1195,7 @@ ENTRY(coprocessor_segment_overrun) +@@ -937,7 +1176,7 @@ ENTRY(coprocessor_segment_overrun) pushl_cfi $do_coprocessor_segment_overrun jmp error_code CFI_ENDPROC @@ -16882,7 +18127,7 @@ index cf8639b..6c6a674 100644 ENTRY(invalid_TSS) RING0_EC_FRAME -@@ -964,7 +1203,7 @@ ENTRY(invalid_TSS) +@@ -945,7 +1184,7 @@ ENTRY(invalid_TSS) pushl_cfi $do_invalid_TSS jmp error_code CFI_ENDPROC @@ -16891,7 +18136,7 @@ index cf8639b..6c6a674 100644 ENTRY(segment_not_present) RING0_EC_FRAME -@@ -972,7 +1211,7 @@ ENTRY(segment_not_present) +@@ -953,7 +1192,7 @@ ENTRY(segment_not_present) pushl_cfi $do_segment_not_present jmp error_code CFI_ENDPROC @@ -16900,7 +18145,7 @@ index cf8639b..6c6a674 100644 ENTRY(stack_segment) RING0_EC_FRAME -@@ -980,7 +1219,7 @@ ENTRY(stack_segment) +@@ -961,7 +1200,7 @@ ENTRY(stack_segment) pushl_cfi $do_stack_segment jmp error_code CFI_ENDPROC @@ -16909,7 +18154,7 @@ index cf8639b..6c6a674 100644 ENTRY(alignment_check) RING0_EC_FRAME -@@ -988,7 +1227,7 @@ ENTRY(alignment_check) +@@ -969,7 +1208,7 @@ ENTRY(alignment_check) pushl_cfi $do_alignment_check jmp error_code CFI_ENDPROC @@ -16918,7 +18163,7 @@ index cf8639b..6c6a674 100644 ENTRY(divide_error) RING0_INT_FRAME -@@ -997,7 +1236,7 @@ ENTRY(divide_error) +@@ -978,7 +1217,7 @@ ENTRY(divide_error) pushl_cfi $do_divide_error jmp error_code CFI_ENDPROC @@ -16927,7 +18172,7 @@ index cf8639b..6c6a674 100644 #ifdef CONFIG_X86_MCE ENTRY(machine_check) -@@ -1007,7 +1246,7 @@ ENTRY(machine_check) +@@ -988,7 +1227,7 @@ ENTRY(machine_check) pushl_cfi machine_check_vector jmp error_code CFI_ENDPROC @@ -16936,7 +18181,7 @@ index cf8639b..6c6a674 100644 #endif ENTRY(spurious_interrupt_bug) -@@ -1017,7 +1256,7 @@ ENTRY(spurious_interrupt_bug) +@@ -998,7 +1237,7 @@ ENTRY(spurious_interrupt_bug) pushl_cfi $do_spurious_interrupt_bug jmp error_code CFI_ENDPROC @@ -16945,7 +18190,7 @@ index cf8639b..6c6a674 100644 /* * End of kprobes section */ -@@ -1120,7 +1359,7 @@ BUILD_INTERRUPT3(xen_hvm_callback_vector, XEN_HVM_EVTCHN_CALLBACK, +@@ -1101,7 +1340,7 @@ BUILD_INTERRUPT3(xen_hvm_callback_vector, XEN_HVM_EVTCHN_CALLBACK, ENTRY(mcount) ret @@ -16954,7 +18199,7 @@ index cf8639b..6c6a674 100644 ENTRY(ftrace_caller) cmpl $0, function_trace_stop -@@ -1153,7 +1392,7 @@ ftrace_graph_call: +@@ -1134,7 +1373,7 @@ ftrace_graph_call: .globl ftrace_stub ftrace_stub: ret @@ -16963,7 +18208,7 @@ index cf8639b..6c6a674 100644 ENTRY(ftrace_regs_caller) pushf /* push flags before compare (in cs location) */ -@@ -1254,7 +1493,7 @@ trace: +@@ -1235,7 +1474,7 @@ trace: popl %ecx popl %eax jmp ftrace_stub @@ -16972,7 +18217,7 @@ index cf8639b..6c6a674 100644 #endif /* CONFIG_DYNAMIC_FTRACE */ #endif /* CONFIG_FUNCTION_TRACER */ -@@ -1272,7 +1511,7 @@ ENTRY(ftrace_graph_caller) +@@ -1253,7 +1492,7 @@ ENTRY(ftrace_graph_caller) popl %ecx popl %eax ret @@ -16981,7 +18226,7 @@ index cf8639b..6c6a674 100644 .globl return_to_handler return_to_handler: -@@ -1328,15 +1567,18 @@ error_code: +@@ -1309,15 +1548,18 @@ error_code: movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart REG_TO_PTGS %ecx SET_KERNEL_GS %ecx @@ -17002,7 +18247,7 @@ index cf8639b..6c6a674 100644 /* * Debug traps and NMI can happen at the one SYSENTER instruction -@@ -1379,7 +1621,7 @@ debug_stack_correct: +@@ -1360,7 +1602,7 @@ debug_stack_correct: call do_debug jmp ret_from_exception CFI_ENDPROC @@ -17011,7 +18256,7 @@ index cf8639b..6c6a674 100644 /* * NMI is doubly nasty. It can happen _while_ we're handling -@@ -1417,6 +1659,9 @@ nmi_stack_correct: +@@ -1398,6 +1640,9 @@ nmi_stack_correct: xorl %edx,%edx # zero error code movl %esp,%eax # pt_regs pointer call do_nmi @@ -17021,7 +18266,7 @@ index cf8639b..6c6a674 100644 jmp restore_all_notrace CFI_ENDPROC -@@ -1453,12 +1698,15 @@ nmi_espfix_stack: +@@ -1434,12 +1679,15 @@ nmi_espfix_stack: FIXUP_ESPFIX_STACK # %eax == %esp xorl %edx,%edx # zero error code call do_nmi @@ -17038,7 +18283,7 @@ index cf8639b..6c6a674 100644 ENTRY(int3) RING0_INT_FRAME -@@ -1471,14 +1719,14 @@ ENTRY(int3) +@@ -1452,14 +1700,14 @@ ENTRY(int3) call do_int3 jmp ret_from_exception CFI_ENDPROC @@ -17055,7 +18300,7 @@ index cf8639b..6c6a674 100644 #ifdef CONFIG_KVM_GUEST ENTRY(async_page_fault) -@@ -1487,7 +1735,7 @@ ENTRY(async_page_fault) +@@ -1468,7 +1716,7 @@ ENTRY(async_page_fault) pushl_cfi $do_async_page_fault jmp error_code CFI_ENDPROC @@ -17065,11 +18310,11 @@ index cf8639b..6c6a674 100644 /* diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S -index 1328fe4..cb03298 100644 +index cb3c591..bc63707 100644 --- a/arch/x86/kernel/entry_64.S +++ b/arch/x86/kernel/entry_64.S @@ -59,6 +59,8 @@ - #include <asm/rcu.h> + #include <asm/context_tracking.h> #include <asm/smap.h> #include <linux/err.h> +#include <asm/pgtable.h> @@ -17631,8 +18876,20 @@ index 1328fe4..cb03298 100644 +ENDPROC(\label) .endm - PTREGSCALL stub_clone, sys_clone, %r8 -@@ -860,9 +1158,10 @@ ENTRY(ptregscall_common) + .macro FORK_LIKE func +@@ -856,9 +1154,10 @@ ENTRY(stub_\func) + DEFAULT_FRAME 0 8 /* offset 8: return address */ + call sys_\func + RESTORE_TOP_OF_STACK %r11, 8 ++ pax_force_retaddr + ret $REST_SKIP /* pop extended registers */ + CFI_ENDPROC +-END(stub_\func) ++ENDPROC(stub_\func) + .endm + + FORK_LIKE clone +@@ -875,9 +1174,10 @@ ENTRY(ptregscall_common) movq_cfi_restore R12+8, r12 movq_cfi_restore RBP+8, rbp movq_cfi_restore RBX+8, rbx @@ -17644,7 +18901,7 @@ index 1328fe4..cb03298 100644 ENTRY(stub_execve) CFI_STARTPROC -@@ -876,7 +1175,7 @@ ENTRY(stub_execve) +@@ -891,7 +1191,7 @@ ENTRY(stub_execve) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -17653,7 +18910,7 @@ index 1328fe4..cb03298 100644 /* * sigreturn is special because it needs to restore all registers on return. -@@ -894,7 +1193,7 @@ ENTRY(stub_rt_sigreturn) +@@ -909,7 +1209,7 @@ ENTRY(stub_rt_sigreturn) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -17661,8 +18918,8 @@ index 1328fe4..cb03298 100644 +ENDPROC(stub_rt_sigreturn) #ifdef CONFIG_X86_X32_ABI - PTREGSCALL stub_x32_sigaltstack, sys32_sigaltstack, %rdx -@@ -962,7 +1261,7 @@ vector=vector+1 + ENTRY(stub_x32_rt_sigreturn) +@@ -975,7 +1275,7 @@ vector=vector+1 2: jmp common_interrupt .endr CFI_ENDPROC @@ -17671,7 +18928,7 @@ index 1328fe4..cb03298 100644 .previous END(interrupt) -@@ -982,6 +1281,16 @@ END(interrupt) +@@ -995,6 +1295,16 @@ END(interrupt) subq $ORIG_RAX-RBP, %rsp CFI_ADJUST_CFA_OFFSET ORIG_RAX-RBP SAVE_ARGS_IRQ @@ -17688,7 +18945,7 @@ index 1328fe4..cb03298 100644 call \func .endm -@@ -1014,7 +1323,7 @@ ret_from_intr: +@@ -1027,7 +1337,7 @@ ret_from_intr: exit_intr: GET_THREAD_INFO(%rcx) @@ -17697,7 +18954,7 @@ index 1328fe4..cb03298 100644 je retint_kernel /* Interrupt came from user space */ -@@ -1036,12 +1345,16 @@ retint_swapgs: /* return to user-space */ +@@ -1049,12 +1359,16 @@ retint_swapgs: /* return to user-space */ * The iretq could re-enable interrupts: */ DISABLE_INTERRUPTS(CLBR_ANY) @@ -17714,7 +18971,7 @@ index 1328fe4..cb03298 100644 /* * The iretq could re-enable interrupts: */ -@@ -1124,7 +1437,7 @@ ENTRY(retint_kernel) +@@ -1137,7 +1451,7 @@ ENTRY(retint_kernel) #endif CFI_ENDPROC @@ -17723,7 +18980,7 @@ index 1328fe4..cb03298 100644 /* * End of kprobes section */ -@@ -1142,7 +1455,7 @@ ENTRY(\sym) +@@ -1155,7 +1469,7 @@ ENTRY(\sym) interrupt \do_sym jmp ret_from_intr CFI_ENDPROC @@ -17732,7 +18989,7 @@ index 1328fe4..cb03298 100644 .endm #ifdef CONFIG_SMP -@@ -1198,12 +1511,22 @@ ENTRY(\sym) +@@ -1211,12 +1525,22 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call error_entry DEFAULT_FRAME 0 @@ -17756,7 +19013,7 @@ index 1328fe4..cb03298 100644 .endm .macro paranoidzeroentry sym do_sym -@@ -1216,15 +1539,25 @@ ENTRY(\sym) +@@ -1229,15 +1553,25 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid TRACE_IRQS_OFF @@ -17784,7 +19041,7 @@ index 1328fe4..cb03298 100644 .macro paranoidzeroentry_ist sym do_sym ist ENTRY(\sym) INTR_FRAME -@@ -1235,14 +1568,30 @@ ENTRY(\sym) +@@ -1248,14 +1582,30 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid TRACE_IRQS_OFF_DEBUG @@ -17816,7 +19073,7 @@ index 1328fe4..cb03298 100644 .endm .macro errorentry sym do_sym -@@ -1254,13 +1603,23 @@ ENTRY(\sym) +@@ -1267,13 +1617,23 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call error_entry DEFAULT_FRAME 0 @@ -17841,7 +19098,7 @@ index 1328fe4..cb03298 100644 .endm /* error code is on the stack already */ -@@ -1274,13 +1633,23 @@ ENTRY(\sym) +@@ -1287,13 +1647,23 @@ ENTRY(\sym) call save_paranoid DEFAULT_FRAME 0 TRACE_IRQS_OFF @@ -17866,7 +19123,7 @@ index 1328fe4..cb03298 100644 .endm zeroentry divide_error do_divide_error -@@ -1310,9 +1679,10 @@ gs_change: +@@ -1323,9 +1693,10 @@ gs_change: 2: mfence /* workaround */ SWAPGS popfq_cfi @@ -17878,7 +19135,7 @@ index 1328fe4..cb03298 100644 _ASM_EXTABLE(gs_change,bad_gs) .section .fixup,"ax" -@@ -1340,9 +1710,10 @@ ENTRY(call_softirq) +@@ -1353,9 +1724,10 @@ ENTRY(call_softirq) CFI_DEF_CFA_REGISTER rsp CFI_ADJUST_CFA_OFFSET -8 decl PER_CPU_VAR(irq_count) @@ -17890,7 +19147,7 @@ index 1328fe4..cb03298 100644 #ifdef CONFIG_XEN zeroentry xen_hypervisor_callback xen_do_hypervisor_callback -@@ -1380,7 +1751,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) +@@ -1393,7 +1765,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) decl PER_CPU_VAR(irq_count) jmp error_exit CFI_ENDPROC @@ -17899,7 +19156,7 @@ index 1328fe4..cb03298 100644 /* * Hypervisor uses this for application faults while it executes. -@@ -1439,7 +1810,7 @@ ENTRY(xen_failsafe_callback) +@@ -1452,7 +1824,7 @@ ENTRY(xen_failsafe_callback) SAVE_ALL jmp error_exit CFI_ENDPROC @@ -17908,7 +19165,7 @@ index 1328fe4..cb03298 100644 apicinterrupt XEN_HVM_EVTCHN_CALLBACK \ xen_hvm_callback_vector xen_evtchn_do_upcall -@@ -1488,16 +1859,31 @@ ENTRY(paranoid_exit) +@@ -1501,16 +1873,31 @@ ENTRY(paranoid_exit) TRACE_IRQS_OFF_DEBUG testl %ebx,%ebx /* swapgs needed? */ jnz paranoid_restore @@ -17941,7 +19198,7 @@ index 1328fe4..cb03298 100644 jmp irq_return paranoid_userspace: GET_THREAD_INFO(%rcx) -@@ -1526,7 +1912,7 @@ paranoid_schedule: +@@ -1539,7 +1926,7 @@ paranoid_schedule: TRACE_IRQS_OFF jmp paranoid_userspace CFI_ENDPROC @@ -17950,7 +19207,7 @@ index 1328fe4..cb03298 100644 /* * Exception entry point. This expects an error code/orig_rax on the stack. -@@ -1553,12 +1939,13 @@ ENTRY(error_entry) +@@ -1566,12 +1953,13 @@ ENTRY(error_entry) movq_cfi r14, R14+8 movq_cfi r15, R15+8 xorl %ebx,%ebx @@ -17965,7 +19222,7 @@ index 1328fe4..cb03298 100644 ret /* -@@ -1585,7 +1972,7 @@ bstep_iret: +@@ -1598,7 +1986,7 @@ bstep_iret: movq %rcx,RIP+8(%rsp) jmp error_swapgs CFI_ENDPROC @@ -17974,7 +19231,7 @@ index 1328fe4..cb03298 100644 /* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */ -@@ -1605,7 +1992,7 @@ ENTRY(error_exit) +@@ -1618,7 +2006,7 @@ ENTRY(error_exit) jnz retint_careful jmp retint_swapgs CFI_ENDPROC @@ -17983,7 +19240,7 @@ index 1328fe4..cb03298 100644 /* * Test if a given stack is an NMI stack or not. -@@ -1663,9 +2050,11 @@ ENTRY(nmi) +@@ -1676,9 +2064,11 @@ ENTRY(nmi) * If %cs was not the kernel segment, then the NMI triggered in user * space, which means it is definitely not nested. */ @@ -17996,7 +19253,7 @@ index 1328fe4..cb03298 100644 /* * Check the special variable on the stack to see if NMIs are * executing. -@@ -1824,6 +2213,17 @@ end_repeat_nmi: +@@ -1847,6 +2237,17 @@ end_repeat_nmi: */ movq %cr2, %r12 @@ -18014,7 +19271,7 @@ index 1328fe4..cb03298 100644 /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ movq %rsp,%rdi movq $-1,%rsi -@@ -1839,21 +2239,32 @@ end_repeat_nmi: +@@ -1862,23 +2263,34 @@ end_repeat_nmi: testl %ebx,%ebx /* swapgs needed? */ jnz nmi_restore nmi_swapgs: @@ -18024,16 +19281,18 @@ index 1328fe4..cb03298 100644 + pax_exit_kernel +#endif SWAPGS_UNSAFE_STACK -+ RESTORE_ALL 8 ++ RESTORE_ALL 6*8 + /* Clear the NMI executing stack variable */ -+ movq $0, 10*8(%rsp) ++ movq $0, 5*8(%rsp) + jmp irq_return nmi_restore: + pax_exit_kernel - RESTORE_ALL 8 + /* Pop the extra iret frame at once */ + RESTORE_ALL 6*8 + pax_force_retaddr_bts + /* Clear the NMI executing stack variable */ - movq $0, 10*8(%rsp) + movq $0, 5*8(%rsp) jmp irq_return CFI_ENDPROC -END(nmi) @@ -18139,7 +19398,7 @@ index c18f59d..9c0c9f6 100644 #ifdef CONFIG_BLK_DEV_INITRD /* Reserve INITRD */ diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S -index 4dac2f6..bc6a335 100644 +index c8932c7..d56b622 100644 --- a/arch/x86/kernel/head_32.S +++ b/arch/x86/kernel/head_32.S @@ -26,6 +26,12 @@ @@ -18309,7 +19568,7 @@ index 4dac2f6..bc6a335 100644 num_subarch_entries = (. - subarch_entries) / 4 .previous #else -@@ -316,6 +388,7 @@ default_entry: +@@ -335,6 +407,7 @@ default_entry: movl pa(mmu_cr4_features),%eax movl %eax,%cr4 @@ -18317,7 +19576,7 @@ index 4dac2f6..bc6a335 100644 testb $X86_CR4_PAE, %al # check if PAE is enabled jz 6f -@@ -344,6 +417,9 @@ default_entry: +@@ -363,6 +436,9 @@ default_entry: /* Make changes effective */ wrmsr @@ -18327,7 +19586,7 @@ index 4dac2f6..bc6a335 100644 6: /* -@@ -442,14 +518,20 @@ is386: movl $2,%ecx # set MP +@@ -460,14 +536,20 @@ is386: movl $2,%ecx # set MP 1: movl $(__KERNEL_DS),%eax # reload all the segment registers movl %eax,%ss # after changing gdt. @@ -18349,7 +19608,7 @@ index 4dac2f6..bc6a335 100644 movl %eax,%gs xorl %eax,%eax # Clear LDT -@@ -526,8 +608,11 @@ setup_once: +@@ -544,8 +626,11 @@ setup_once: * relocation. Manually set base address in stack canary * segment descriptor. */ @@ -18362,7 +19621,7 @@ index 4dac2f6..bc6a335 100644 movw %cx, 8 * GDT_ENTRY_STACK_CANARY + 2(%eax) shrl $16, %ecx movb %cl, 8 * GDT_ENTRY_STACK_CANARY + 4(%eax) -@@ -558,7 +643,7 @@ ENDPROC(early_idt_handlers) +@@ -576,7 +661,7 @@ ENDPROC(early_idt_handlers) /* This is global to keep gas from relaxing the jumps */ ENTRY(early_idt_handler) cld @@ -18371,7 +19630,7 @@ index 4dac2f6..bc6a335 100644 je hlt_loop incl %ss:early_recursion_flag -@@ -596,8 +681,8 @@ ENTRY(early_idt_handler) +@@ -614,8 +699,8 @@ ENTRY(early_idt_handler) pushl (20+6*4)(%esp) /* trapno */ pushl $fault_msg call printk @@ -18381,7 +19640,7 @@ index 4dac2f6..bc6a335 100644 hlt_loop: hlt jmp hlt_loop -@@ -616,8 +701,11 @@ ENDPROC(early_idt_handler) +@@ -634,8 +719,11 @@ ENDPROC(early_idt_handler) /* This is the default interrupt "handler" :-) */ ALIGN ignore_int: @@ -18394,7 +19653,7 @@ index 4dac2f6..bc6a335 100644 pushl %eax pushl %ecx pushl %edx -@@ -626,9 +714,6 @@ ignore_int: +@@ -644,9 +732,6 @@ ignore_int: movl $(__KERNEL_DS),%eax movl %eax,%ds movl %eax,%es @@ -18404,7 +19663,7 @@ index 4dac2f6..bc6a335 100644 pushl 16(%esp) pushl 24(%esp) pushl 32(%esp) -@@ -662,29 +747,43 @@ ENTRY(setup_once_ref) +@@ -680,29 +765,43 @@ ENTRY(setup_once_ref) /* * BSS section */ @@ -18453,7 +19712,7 @@ index 4dac2f6..bc6a335 100644 ENTRY(initial_page_table) .long pa(initial_pg_pmd+PGD_IDENT_ATTR),0 /* low identity map */ # if KPMDS == 3 -@@ -703,12 +802,20 @@ ENTRY(initial_page_table) +@@ -721,12 +820,20 @@ ENTRY(initial_page_table) # error "Kernel PMDs should be 1, 2 or 3" # endif .align PAGE_SIZE /* needs to be page-sized too */ @@ -18475,7 +19734,7 @@ index 4dac2f6..bc6a335 100644 __INITRODATA int_msg: -@@ -736,7 +843,7 @@ fault_msg: +@@ -754,7 +861,7 @@ fault_msg: * segment size, and 32-bit linear address value: */ @@ -18484,7 +19743,7 @@ index 4dac2f6..bc6a335 100644 .globl boot_gdt_descr .globl idt_descr -@@ -745,7 +852,7 @@ fault_msg: +@@ -763,7 +870,7 @@ fault_msg: .word 0 # 32 bit align gdt_desc.address boot_gdt_descr: .word __BOOT_DS+7 @@ -18493,7 +19752,7 @@ index 4dac2f6..bc6a335 100644 .word 0 # 32-bit align idt_desc.address idt_descr: -@@ -756,7 +863,7 @@ idt_descr: +@@ -774,7 +881,7 @@ idt_descr: .word 0 # 32 bit align gdt_desc.address ENTRY(early_gdt_descr) .word GDT_ENTRIES*8-1 @@ -18502,7 +19761,7 @@ index 4dac2f6..bc6a335 100644 /* * The boot_gdt must mirror the equivalent in setup.S and is -@@ -765,5 +872,65 @@ ENTRY(early_gdt_descr) +@@ -783,5 +890,65 @@ ENTRY(early_gdt_descr) .align L1_CACHE_BYTES ENTRY(boot_gdt) .fill GDT_ENTRY_BOOT_CS,8,0 @@ -18571,7 +19830,7 @@ index 4dac2f6..bc6a335 100644 + .fill PAGE_SIZE_asm - GDT_SIZE,1,0 + .endr diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S -index 94bf9cc..400455a 100644 +index 980053c..74d3b44 100644 --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S @@ -20,6 +20,8 @@ @@ -18681,7 +19940,7 @@ index 94bf9cc..400455a 100644 movq initial_code(%rip),%rax pushq $0 # fake return address to stop unwinder pushq $__KERNEL_CS # set correct cs -@@ -268,7 +273,7 @@ ENTRY(secondary_startup_64) +@@ -284,7 +289,7 @@ ENDPROC(start_cpu0) bad_address: jmp bad_address @@ -18690,7 +19949,16 @@ index 94bf9cc..400455a 100644 .globl early_idt_handlers early_idt_handlers: # 104(%rsp) %rflags -@@ -347,11 +352,15 @@ ENTRY(early_idt_handler) +@@ -343,7 +348,7 @@ ENTRY(early_idt_handler) + call dump_stack + #ifdef CONFIG_KALLSYMS + leaq early_idt_ripmsg(%rip),%rdi +- movq 40(%rsp),%rsi # %rip again ++ movq 88(%rsp),%rsi # %rip again + call __print_symbol + #endif + #endif /* EARLY_PRINTK */ +@@ -363,11 +368,15 @@ ENTRY(early_idt_handler) addq $16,%rsp # drop vector number and error code decl early_recursion_flag(%rip) INTERRUPT_RETURN @@ -18706,7 +19974,7 @@ index 94bf9cc..400455a 100644 #ifdef CONFIG_EARLY_PRINTK early_idt_msg: .asciz "PANIC: early exception %02lx rip %lx:%lx error %lx cr2 %lx\n" -@@ -360,6 +369,7 @@ early_idt_ripmsg: +@@ -376,6 +385,7 @@ early_idt_ripmsg: #endif /* CONFIG_EARLY_PRINTK */ .previous @@ -18714,7 +19982,7 @@ index 94bf9cc..400455a 100644 #define NEXT_PAGE(name) \ .balign PAGE_SIZE; \ ENTRY(name) -@@ -372,7 +382,6 @@ ENTRY(name) +@@ -388,7 +398,6 @@ ENTRY(name) i = i + 1 ; \ .endr @@ -18722,7 +19990,7 @@ index 94bf9cc..400455a 100644 /* * This default setting generates an ident mapping at address 0x100000 * and a mapping for the kernel that precisely maps virtual address -@@ -383,13 +392,41 @@ NEXT_PAGE(init_level4_pgt) +@@ -399,13 +408,41 @@ NEXT_PAGE(init_level4_pgt) .quad level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE .org init_level4_pgt + L4_PAGE_OFFSET*8, 0 .quad level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE @@ -18764,7 +20032,7 @@ index 94bf9cc..400455a 100644 NEXT_PAGE(level3_kernel_pgt) .fill L3_START_KERNEL,8,0 -@@ -397,20 +434,23 @@ NEXT_PAGE(level3_kernel_pgt) +@@ -413,20 +450,23 @@ NEXT_PAGE(level3_kernel_pgt) .quad level2_kernel_pgt - __START_KERNEL_map + _KERNPG_TABLE .quad level2_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE @@ -18796,7 +20064,7 @@ index 94bf9cc..400455a 100644 NEXT_PAGE(level2_kernel_pgt) /* -@@ -423,37 +463,59 @@ NEXT_PAGE(level2_kernel_pgt) +@@ -439,37 +479,59 @@ NEXT_PAGE(level2_kernel_pgt) * If you want to increase this then increase MODULES_VADDR * too.) */ @@ -18893,7 +20161,7 @@ index 9c3bd4a..e1d9b35 100644 +EXPORT_SYMBOL(__LOAD_PHYSICAL_ADDR); +#endif diff --git a/arch/x86/kernel/i387.c b/arch/x86/kernel/i387.c -index 675a050..95febfd 100644 +index 245a71d..89d9ce4 100644 --- a/arch/x86/kernel/i387.c +++ b/arch/x86/kernel/i387.c @@ -55,7 +55,7 @@ static inline bool interrupted_kernel_fpu_idle(void) @@ -19440,6 +20708,19 @@ index 57916c0..9e0b9d0 100644 return ret; switch (val) { +diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c +index 9c2bd8b..bb1131c 100644 +--- a/arch/x86/kernel/kvm.c ++++ b/arch/x86/kernel/kvm.c +@@ -452,7 +452,7 @@ static int __cpuinit kvm_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata kvm_cpu_notifier = { ++static struct notifier_block kvm_cpu_notifier = { + .notifier_call = kvm_cpu_notify, + }; + #endif diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c index ebc9873..1b9724b 100644 --- a/arch/x86/kernel/ldt.c @@ -19539,6 +20820,19 @@ index 5b19e4d..6476a76 100644 relocate_kernel_ptr = control_page; page_list[PA_CONTROL_PAGE] = __pa(control_page); +diff --git a/arch/x86/kernel/microcode_core.c b/arch/x86/kernel/microcode_core.c +index 3a04b22..1d2eb09 100644 +--- a/arch/x86/kernel/microcode_core.c ++++ b/arch/x86/kernel/microcode_core.c +@@ -512,7 +512,7 @@ mc_cpu_callback(struct notifier_block *nb, unsigned long action, void *hcpu) + return NOTIFY_OK; + } + +-static struct notifier_block __refdata mc_cpu_notifier = { ++static struct notifier_block mc_cpu_notifier = { + .notifier_call = mc_cpu_callback, + }; + diff --git a/arch/x86/kernel/microcode_intel.c b/arch/x86/kernel/microcode_intel.c index 3544aed..01ddc1c 100644 --- a/arch/x86/kernel/microcode_intel.c @@ -19696,6 +20990,19 @@ index 216a4d7..228255a 100644 #if 0 if ((s64)val != *(s32 *)loc) goto overflow; +diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c +index 4929502..686c291 100644 +--- a/arch/x86/kernel/msr.c ++++ b/arch/x86/kernel/msr.c +@@ -234,7 +234,7 @@ static int __cpuinit msr_class_cpu_callback(struct notifier_block *nfb, + return notifier_from_errno(err); + } + +-static struct notifier_block __refdata msr_class_cpu_notifier = { ++static struct notifier_block msr_class_cpu_notifier = { + .notifier_call = msr_class_cpu_callback, + }; + diff --git a/arch/x86/kernel/nmi.c b/arch/x86/kernel/nmi.c index f84f5c5..e27e54b 100644 --- a/arch/x86/kernel/nmi.c @@ -19880,7 +21187,7 @@ index 35ccf75..7a15747 100644 #define DEBUG 1 diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c -index b644e1c..4a6d379 100644 +index 2ed787f..f70c9f6 100644 --- a/arch/x86/kernel/process.c +++ b/arch/x86/kernel/process.c @@ -36,7 +36,8 @@ @@ -19930,7 +21237,7 @@ index b644e1c..4a6d379 100644 flush_ptrace_hw_breakpoint(tsk); memset(tsk->thread.tls_array, 0, sizeof(tsk->thread.tls_array)); drop_init_fpu(tsk); -@@ -336,7 +340,7 @@ static void __exit_idle(void) +@@ -301,7 +305,7 @@ static void __exit_idle(void) void exit_idle(void) { /* idle loop has pid 0 */ @@ -19939,7 +21246,7 @@ index b644e1c..4a6d379 100644 return; __exit_idle(); } -@@ -445,7 +449,7 @@ bool set_pm_idle_to_default(void) +@@ -404,7 +408,7 @@ bool set_pm_idle_to_default(void) return ret; } @@ -19948,7 +21255,7 @@ index b644e1c..4a6d379 100644 { local_irq_disable(); /* -@@ -673,16 +677,37 @@ static int __init idle_setup(char *str) +@@ -632,16 +636,37 @@ static int __init idle_setup(char *str) } early_param("idle", idle_setup); @@ -19997,7 +21304,7 @@ index b644e1c..4a6d379 100644 +} +#endif diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c -index 44e0bff..5ceb99c 100644 +index b5a8905..d9cacac 100644 --- a/arch/x86/kernel/process_32.c +++ b/arch/x86/kernel/process_32.c @@ -65,6 +65,7 @@ asmlinkage void ret_from_kernel_thread(void) __asm__("ret_from_kernel_thread"); @@ -20033,9 +21340,9 @@ index 44e0bff..5ceb99c 100644 print_symbol("EIP is at %s\n", regs->ip); printk(KERN_DEFAULT "EAX: %08lx EBX: %08lx ECX: %08lx EDX: %08lx\n", -@@ -131,20 +131,21 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, - unsigned long arg, - struct task_struct *p, struct pt_regs *regs) +@@ -130,20 +130,21 @@ void release_thread(struct task_struct *dead_task) + int copy_thread(unsigned long clone_flags, unsigned long sp, + unsigned long arg, struct task_struct *p) { - struct pt_regs *childregs = task_pt_regs(p); + struct pt_regs *childregs = task_stack_page(p) + THREAD_SIZE - sizeof(struct pt_regs) - 8; @@ -20046,7 +21353,7 @@ index 44e0bff..5ceb99c 100644 p->thread.sp0 = (unsigned long) (childregs+1); + p->tinfo.lowest_stack = (unsigned long)task_stack_page(p); - if (unlikely(!regs)) { + if (unlikely(p->flags & PF_KTHREAD)) { /* kernel thread */ memset(childregs, 0, sizeof(struct pt_regs)); p->thread.ip = (unsigned long) ret_from_kernel_thread; @@ -20104,10 +21411,10 @@ index 44e0bff..5ceb99c 100644 } - diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c -index 16c6365..5d32218 100644 +index 6e68a61..955a9a5 100644 --- a/arch/x86/kernel/process_64.c +++ b/arch/x86/kernel/process_64.c -@@ -153,10 +153,11 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, +@@ -152,10 +152,11 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, struct pt_regs *childregs; struct task_struct *me = current; @@ -20158,10 +21465,10 @@ index 16c6365..5d32218 100644 ip = *(u64 *)(fp+8); if (!in_sched_functions(ip)) diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c -index 974b67e..53bdb6c 100644 +index b629bbe..0fa615a 100644 --- a/arch/x86/kernel/ptrace.c +++ b/arch/x86/kernel/ptrace.c -@@ -183,14 +183,13 @@ unsigned long kernel_stack_pointer(struct pt_regs *regs) +@@ -184,14 +184,13 @@ unsigned long kernel_stack_pointer(struct pt_regs *regs) { unsigned long context = (unsigned long)regs & ~(THREAD_SIZE - 1); unsigned long sp = (unsigned long)®s->sp; @@ -20180,7 +21487,7 @@ index 974b67e..53bdb6c 100644 return (unsigned long)regs; } -@@ -587,7 +586,7 @@ static void ptrace_triggered(struct perf_event *bp, +@@ -588,7 +587,7 @@ static void ptrace_triggered(struct perf_event *bp, static unsigned long ptrace_get_dr7(struct perf_event *bp[]) { int i; @@ -20189,7 +21496,7 @@ index 974b67e..53bdb6c 100644 struct arch_hw_breakpoint *info; for (i = 0; i < HBP_NUM; i++) { -@@ -855,7 +854,7 @@ long arch_ptrace(struct task_struct *child, long request, +@@ -856,7 +855,7 @@ long arch_ptrace(struct task_struct *child, long request, unsigned long addr, unsigned long data) { int ret; @@ -20198,7 +21505,7 @@ index 974b67e..53bdb6c 100644 switch (request) { /* read the word at location addr in the USER area. */ -@@ -940,14 +939,14 @@ long arch_ptrace(struct task_struct *child, long request, +@@ -941,14 +940,14 @@ long arch_ptrace(struct task_struct *child, long request, if ((int) addr < 0) return -EIO; ret = do_get_thread_area(child, addr, @@ -20215,7 +21522,7 @@ index 974b67e..53bdb6c 100644 break; #endif -@@ -1325,7 +1324,7 @@ long compat_arch_ptrace(struct task_struct *child, compat_long_t request, +@@ -1326,7 +1325,7 @@ long compat_arch_ptrace(struct task_struct *child, compat_long_t request, #ifdef CONFIG_X86_64 @@ -20224,7 +21531,7 @@ index 974b67e..53bdb6c 100644 [REGSET_GENERAL] = { .core_note_type = NT_PRSTATUS, .n = sizeof(struct user_regs_struct) / sizeof(long), -@@ -1366,7 +1365,7 @@ static const struct user_regset_view user_x86_64_view = { +@@ -1367,7 +1366,7 @@ static const struct user_regset_view user_x86_64_view = { #endif /* CONFIG_X86_64 */ #if defined CONFIG_X86_32 || defined CONFIG_IA32_EMULATION @@ -20233,7 +21540,7 @@ index 974b67e..53bdb6c 100644 [REGSET_GENERAL] = { .core_note_type = NT_PRSTATUS, .n = sizeof(struct user_regs_struct32) / sizeof(u32), -@@ -1419,7 +1418,7 @@ static const struct user_regset_view user_x86_32_view = { +@@ -1420,7 +1419,7 @@ static const struct user_regset_view user_x86_32_view = { */ u64 xstate_fx_sw_bytes[USER_XSTATE_FX_SW_WORDS]; @@ -20242,7 +21549,7 @@ index 974b67e..53bdb6c 100644 { #ifdef CONFIG_X86_64 x86_64_regsets[REGSET_XSTATE].n = size / sizeof(u64); -@@ -1454,7 +1453,7 @@ static void fill_sigtrap_info(struct task_struct *tsk, +@@ -1455,7 +1454,7 @@ static void fill_sigtrap_info(struct task_struct *tsk, memset(info, 0, sizeof(*info)); info->si_signo = SIGTRAP; info->si_code = si_code; @@ -20251,7 +21558,7 @@ index 974b67e..53bdb6c 100644 } void user_single_step_siginfo(struct task_struct *tsk, -@@ -1483,6 +1482,10 @@ void send_sigtrap(struct task_struct *tsk, struct pt_regs *regs, +@@ -1484,6 +1483,10 @@ void send_sigtrap(struct task_struct *tsk, struct pt_regs *regs, # define IS_IA32 0 #endif @@ -20262,9 +21569,9 @@ index 974b67e..53bdb6c 100644 /* * We must return the syscall number to actually look up in the table. * This can be -1L to skip running any syscall at all. -@@ -1493,6 +1496,11 @@ long syscall_trace_enter(struct pt_regs *regs) +@@ -1494,6 +1497,11 @@ long syscall_trace_enter(struct pt_regs *regs) - rcu_user_exit(); + user_exit(); +#ifdef CONFIG_GRKERNSEC_SETXID + if (unlikely(test_and_clear_thread_flag(TIF_GRSEC_SETXID))) @@ -20274,9 +21581,9 @@ index 974b67e..53bdb6c 100644 /* * If we stepped into a sysenter/syscall insn, it trapped in * kernel mode; do_debug() cleared TF and set TIF_SINGLESTEP. -@@ -1548,6 +1556,11 @@ void syscall_trace_leave(struct pt_regs *regs) +@@ -1549,6 +1557,11 @@ void syscall_trace_leave(struct pt_regs *regs) */ - rcu_user_exit(); + user_exit(); +#ifdef CONFIG_GRKERNSEC_SETXID + if (unlikely(test_and_clear_thread_flag(TIF_GRSEC_SETXID))) @@ -20287,10 +21594,10 @@ index 974b67e..53bdb6c 100644 if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) diff --git a/arch/x86/kernel/pvclock.c b/arch/x86/kernel/pvclock.c -index 42eb330..139955c 100644 +index 85c3959..76b89f9 100644 --- a/arch/x86/kernel/pvclock.c +++ b/arch/x86/kernel/pvclock.c -@@ -81,11 +81,11 @@ unsigned long pvclock_tsc_khz(struct pvclock_vcpu_time_info *src) +@@ -43,11 +43,11 @@ unsigned long pvclock_tsc_khz(struct pvclock_vcpu_time_info *src) return pv_tsc_khz; } @@ -20303,8 +21610,8 @@ index 42eb330..139955c 100644 + atomic64_set_unchecked(&last_value, 0); } - cycle_t pvclock_clocksource_read(struct pvclock_vcpu_time_info *src) -@@ -121,11 +121,11 @@ cycle_t pvclock_clocksource_read(struct pvclock_vcpu_time_info *src) + u8 pvclock_read_flags(struct pvclock_vcpu_time_info *src) +@@ -92,11 +92,11 @@ cycle_t pvclock_clocksource_read(struct pvclock_vcpu_time_info *src) * updating at the same time, and one of them could be slightly behind, * making the assumption that last_value always go forward fail to hold. */ @@ -20458,10 +21765,10 @@ index 7a6f3b3..bed145d7 100644 1: diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index aeacb0e..f9d4c02 100644 +index 8b24289..d37b58b 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c -@@ -441,7 +441,7 @@ static void __init parse_setup_data(void) +@@ -437,7 +437,7 @@ static void __init parse_setup_data(void) switch (data->type) { case SETUP_E820_EXT: @@ -20470,7 +21777,7 @@ index aeacb0e..f9d4c02 100644 break; case SETUP_DTB: add_dtb(pa_data); -@@ -710,7 +710,7 @@ static void __init trim_bios_range(void) +@@ -706,7 +706,7 @@ static void __init trim_bios_range(void) * area (640->1Mb) as ram even though it is not. * take them out. */ @@ -20479,7 +21786,7 @@ index aeacb0e..f9d4c02 100644 sanitize_e820_map(e820.map, ARRAY_SIZE(e820.map), &e820.nr_map); } -@@ -834,14 +834,14 @@ void __init setup_arch(char **cmdline_p) +@@ -830,14 +830,14 @@ void __init setup_arch(char **cmdline_p) if (!boot_params.hdr.root_flags) root_mountflags &= ~MS_RDONLY; @@ -20567,10 +21874,10 @@ index 5cdff03..5810740 100644 * Up to this point, the boot CPU has been using .init.data * area. Reload any changed state for the boot CPU. diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c -index 70b27ee..fcf827f 100644 +index d6bf1f3..3ffce5a 100644 --- a/arch/x86/kernel/signal.c +++ b/arch/x86/kernel/signal.c -@@ -195,7 +195,7 @@ static unsigned long align_sigframe(unsigned long sp) +@@ -196,7 +196,7 @@ static unsigned long align_sigframe(unsigned long sp) * Align the stack pointer according to the i386 ABI, * i.e. so that on function entry ((sp + 4) & 15) == 0. */ @@ -20579,7 +21886,7 @@ index 70b27ee..fcf827f 100644 #else /* !CONFIG_X86_32 */ sp = round_down(sp, 16) - 8; #endif -@@ -303,9 +303,9 @@ __setup_frame(int sig, struct k_sigaction *ka, sigset_t *set, +@@ -304,9 +304,9 @@ __setup_frame(int sig, struct k_sigaction *ka, sigset_t *set, } if (current->mm->context.vdso) @@ -20591,7 +21898,7 @@ index 70b27ee..fcf827f 100644 if (ka->sa.sa_flags & SA_RESTORER) restorer = ka->sa.sa_restorer; -@@ -319,7 +319,7 @@ __setup_frame(int sig, struct k_sigaction *ka, sigset_t *set, +@@ -320,7 +320,7 @@ __setup_frame(int sig, struct k_sigaction *ka, sigset_t *set, * reasons and because gdb uses it as a signature to notice * signal handler stack frames. */ @@ -20600,8 +21907,8 @@ index 70b27ee..fcf827f 100644 if (err) return -EFAULT; -@@ -369,7 +369,10 @@ static int __setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, - put_user_ex(current->sas_ss_size, &frame->uc.uc_stack.ss_size); +@@ -367,7 +367,10 @@ static int __setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, + err |= __save_altstack(&frame->uc.uc_stack, regs->sp); /* Set up to return from userspace. */ - restorer = VDSO32_SYMBOL(current->mm->context.vdso, rt_sigreturn); @@ -20612,7 +21919,7 @@ index 70b27ee..fcf827f 100644 if (ka->sa.sa_flags & SA_RESTORER) restorer = ka->sa.sa_restorer; put_user_ex(restorer, &frame->pretcode); -@@ -381,7 +384,7 @@ static int __setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, +@@ -379,7 +382,7 @@ static int __setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, * reasons and because gdb uses it as a signature to notice * signal handler stack frames. */ @@ -20635,10 +21942,10 @@ index 48d2b7d..90d328a 100644 .smp_prepare_cpus = native_smp_prepare_cpus, .smp_cpus_done = native_smp_cpus_done, diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c -index f3e2ec8..ad5287a 100644 +index ed0fe38..87fc692 100644 --- a/arch/x86/kernel/smpboot.c +++ b/arch/x86/kernel/smpboot.c -@@ -673,6 +673,7 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu, struct task_struct *idle) +@@ -748,6 +748,7 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu, struct task_struct *idle) idle->thread.sp = (unsigned long) (((struct pt_regs *) (THREAD_SIZE + task_stack_page(idle))) - 1); per_cpu(current_task, cpu) = idle; @@ -20646,7 +21953,7 @@ index f3e2ec8..ad5287a 100644 #ifdef CONFIG_X86_32 /* Stack for startup_32 can be just as for start_secondary onwards */ -@@ -680,11 +681,13 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu, struct task_struct *idle) +@@ -755,11 +756,13 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu, struct task_struct *idle) #else clear_tsk_thread_flag(idle, TIF_FORK); initial_gs = per_cpu_offset(cpu); @@ -20663,7 +21970,7 @@ index f3e2ec8..ad5287a 100644 initial_code = (unsigned long)start_secondary; stack_start = idle->thread.sp; -@@ -823,6 +826,15 @@ int __cpuinit native_cpu_up(unsigned int cpu, struct task_struct *tidle) +@@ -908,6 +911,15 @@ int __cpuinit native_cpu_up(unsigned int cpu, struct task_struct *tidle) /* the FPU context is blank, nobody can own it */ __cpu_disable_lazy_restore(cpu); @@ -20972,10 +22279,10 @@ index 0000000..26bb1af + return addr; +} diff --git a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c -index b4d3c39..d699d77 100644 +index 97ef74b..57a1882 100644 --- a/arch/x86/kernel/sys_x86_64.c +++ b/arch/x86/kernel/sys_x86_64.c -@@ -95,8 +95,8 @@ out: +@@ -81,8 +81,8 @@ out: return error; } @@ -20986,7 +22293,7 @@ index b4d3c39..d699d77 100644 { if (!test_thread_flag(TIF_ADDR32) && (flags & MAP_32BIT)) { unsigned long new_begin; -@@ -115,7 +115,7 @@ static void find_start_end(unsigned long flags, unsigned long *begin, +@@ -101,7 +101,7 @@ static void find_start_end(unsigned long flags, unsigned long *begin, *begin = new_begin; } } else { @@ -20995,9 +22302,9 @@ index b4d3c39..d699d77 100644 *end = TASK_SIZE; } } -@@ -128,20 +128,24 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -114,20 +114,24 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, struct vm_area_struct *vma; - unsigned long start_addr; + struct vm_unmapped_area_info info; unsigned long begin, end; + unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); @@ -21022,27 +22329,8 @@ index b4d3c39..d699d77 100644 + if (end - len >= addr && check_heap_stack_gap(vma, addr, len, offset)) return addr; } - if (((flags & MAP_32BIT) || test_thread_flag(TIF_ADDR32)) -@@ -172,7 +176,7 @@ full_search: - } - return -ENOMEM; - } -- if (!vma || addr + len <= vma->vm_start) { -+ if (check_heap_stack_gap(vma, addr, len, offset)) { - /* - * Remember the place where we stopped the search: - */ -@@ -195,7 +199,8 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - { - struct vm_area_struct *vma; - struct mm_struct *mm = current->mm; -- unsigned long addr = addr0, start_addr; -+ unsigned long base = mm->mmap_base, addr = addr0, start_addr; -+ unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); - /* requested length too big for entire address space */ - if (len > TASK_SIZE) -@@ -208,13 +213,18 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -161,6 +165,10 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, if (!test_thread_flag(TIF_ADDR32) && (flags & MAP_32BIT)) goto bottomup; @@ -21053,64 +22341,8 @@ index b4d3c39..d699d77 100644 /* requesting a specific address */ if (addr) { addr = PAGE_ALIGN(addr); -- vma = find_vma(mm, addr); -- if (TASK_SIZE - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -- return addr; -+ if (TASK_SIZE - len >= addr) { -+ vma = find_vma(mm, addr); -+ if (check_heap_stack_gap(vma, addr, len, offset)) -+ return addr; -+ } - } - - /* check if free_area_cache is useful for us */ -@@ -240,7 +250,7 @@ try_again: - * return with success: - */ - vma = find_vma(mm, addr); -- if (!vma || addr+len <= vma->vm_start) -+ if (check_heap_stack_gap(vma, addr, len, offset)) - /* remember the address as a hint for next time */ - return mm->free_area_cache = addr; - -@@ -249,8 +259,8 @@ try_again: - mm->cached_hole_size = vma->vm_start - addr; - - /* try just below the current vma->vm_start */ -- addr = vma->vm_start-len; -- } while (len < vma->vm_start); -+ addr = skip_heap_stack_gap(vma, len, offset); -+ } while (!IS_ERR_VALUE(addr)); - - fail: - /* -@@ -270,13 +280,21 @@ bottomup: - * can happen with large stack limits and large mmap() - * allocations. - */ -+ mm->mmap_base = TASK_UNMAPPED_BASE; -+ -+#ifdef CONFIG_PAX_RANDMMAP -+ if (mm->pax_flags & MF_PAX_RANDMMAP) -+ mm->mmap_base += mm->delta_mmap; -+#endif -+ -+ mm->free_area_cache = mm->mmap_base; - mm->cached_hole_size = ~0UL; -- mm->free_area_cache = TASK_UNMAPPED_BASE; - addr = arch_get_unmapped_area(filp, addr0, len, pgoff, flags); - /* - * Restore the topdown base: - */ -- mm->free_area_cache = mm->mmap_base; -+ mm->mmap_base = base; -+ mm->free_area_cache = base; - mm->cached_hole_size = ~0UL; - - return addr; diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c -index f84fe00..93fe08f 100644 +index f84fe00..f41d9f1 100644 --- a/arch/x86/kernel/tboot.c +++ b/arch/x86/kernel/tboot.c @@ -220,7 +220,7 @@ static int tboot_setup_sleep(void) @@ -21140,7 +22372,7 @@ index f84fe00..93fe08f 100644 static int tboot_wait_for_aps(int num_aps) { -@@ -324,9 +324,9 @@ static int __cpuinit tboot_cpu_callback(struct notifier_block *nfb, +@@ -324,16 +324,16 @@ static int __cpuinit tboot_cpu_callback(struct notifier_block *nfb, { switch (action) { case CPU_DYING: @@ -21152,6 +22384,14 @@ index f84fe00..93fe08f 100644 return NOTIFY_BAD; break; } + return NOTIFY_OK; + } + +-static struct notifier_block tboot_cpu_notifier __cpuinitdata = ++static struct notifier_block tboot_cpu_notifier = + { + .notifier_call = tboot_cpu_callback, + }; @@ -345,7 +345,7 @@ static __init int tboot_late_init(void) tboot_create_trampoline(); @@ -21221,13 +22461,13 @@ index 9d9d2f9..cad418a 100644 else info = infobuf; diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c -index 8276dc6..4ca48a2 100644 +index ecffca1..95c4d13 100644 --- a/arch/x86/kernel/traps.c +++ b/arch/x86/kernel/traps.c -@@ -71,12 +71,6 @@ asmlinkage int system_call(void); +@@ -68,12 +68,6 @@ + #include <asm/setup.h> - /* Do we ignore FPU interrupts ? */ - char ignore_fpu_irq; + asmlinkage int system_call(void); - -/* - * The IDT has to be page-aligned to simplify the Pentium @@ -21237,7 +22477,7 @@ index 8276dc6..4ca48a2 100644 #endif DECLARE_BITMAP(used_vectors, NR_VECTORS); -@@ -109,11 +103,11 @@ static inline void preempt_conditional_cli(struct pt_regs *regs) +@@ -106,11 +100,11 @@ static inline void preempt_conditional_cli(struct pt_regs *regs) } static int __kprobes @@ -21251,7 +22491,7 @@ index 8276dc6..4ca48a2 100644 /* * Traps 0, 1, 3, 4, and 5 should be forwarded to vm86. * On nmi (interrupt 2), do_trap should not be called. -@@ -126,12 +120,24 @@ do_trap_no_signal(struct task_struct *tsk, int trapnr, char *str, +@@ -123,12 +117,24 @@ do_trap_no_signal(struct task_struct *tsk, int trapnr, char *str, return -1; } #endif @@ -21277,7 +22517,7 @@ index 8276dc6..4ca48a2 100644 return 0; } -@@ -139,7 +145,7 @@ do_trap_no_signal(struct task_struct *tsk, int trapnr, char *str, +@@ -136,7 +142,7 @@ do_trap_no_signal(struct task_struct *tsk, int trapnr, char *str, } static void __kprobes @@ -21286,7 +22526,7 @@ index 8276dc6..4ca48a2 100644 long error_code, siginfo_t *info) { struct task_struct *tsk = current; -@@ -163,7 +169,7 @@ do_trap(int trapnr, int signr, char *str, struct pt_regs *regs, +@@ -160,7 +166,7 @@ do_trap(int trapnr, int signr, char *str, struct pt_regs *regs, if (show_unhandled_signals && unhandled_signal(tsk, signr) && printk_ratelimit()) { pr_info("%s[%d] trap %s ip:%lx sp:%lx error:%lx", @@ -21295,7 +22535,7 @@ index 8276dc6..4ca48a2 100644 regs->ip, regs->sp, error_code); print_vma_addr(" in ", regs->ip); pr_cont("\n"); -@@ -269,7 +275,7 @@ do_general_protection(struct pt_regs *regs, long error_code) +@@ -266,7 +272,7 @@ do_general_protection(struct pt_regs *regs, long error_code) conditional_sti(regs); #ifdef CONFIG_X86_32 @@ -21304,7 +22544,7 @@ index 8276dc6..4ca48a2 100644 local_irq_enable(); handle_vm86_fault((struct kernel_vm86_regs *) regs, error_code); goto exit; -@@ -277,18 +283,42 @@ do_general_protection(struct pt_regs *regs, long error_code) +@@ -274,18 +280,42 @@ do_general_protection(struct pt_regs *regs, long error_code) #endif tsk = current; @@ -21349,7 +22589,7 @@ index 8276dc6..4ca48a2 100644 tsk->thread.error_code = error_code; tsk->thread.trap_nr = X86_TRAP_GP; -@@ -443,7 +473,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code) +@@ -440,7 +470,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code) /* It's safe to allow irq's after DR6 has been saved */ preempt_conditional_sti(regs); @@ -21358,7 +22598,7 @@ index 8276dc6..4ca48a2 100644 handle_vm86_trap((struct kernel_vm86_regs *) regs, error_code, X86_TRAP_DB); preempt_conditional_cli(regs); -@@ -458,7 +488,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code) +@@ -455,7 +485,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code) * We already checked v86 mode above, so we can check for kernel mode * by just checking the CPL of CS. */ @@ -21367,7 +22607,7 @@ index 8276dc6..4ca48a2 100644 tsk->thread.debugreg6 &= ~DR_STEP; set_tsk_thread_flag(tsk, TIF_SINGLESTEP); regs->flags &= ~X86_EFLAGS_TF; -@@ -490,7 +520,7 @@ void math_error(struct pt_regs *regs, int error_code, int trapnr) +@@ -487,7 +517,7 @@ void math_error(struct pt_regs *regs, int error_code, int trapnr) return; conditional_sti(regs); @@ -21377,10 +22617,10 @@ index 8276dc6..4ca48a2 100644 if (!fixup_exception(regs)) { task->thread.error_code = error_code; diff --git a/arch/x86/kernel/uprobes.c b/arch/x86/kernel/uprobes.c -index aafa555..a04691a 100644 +index c71025b..b117501 100644 --- a/arch/x86/kernel/uprobes.c +++ b/arch/x86/kernel/uprobes.c -@@ -614,7 +614,7 @@ int arch_uprobe_exception_notify(struct notifier_block *self, unsigned long val, +@@ -629,7 +629,7 @@ int arch_uprobe_exception_notify(struct notifier_block *self, unsigned long val, int ret = NOTIFY_DONE; /* We are only interested in userspace traps */ @@ -21402,7 +22642,7 @@ index b9242ba..50c5edd 100644 * verify_cpu, returns the status of longmode and SSE in register %eax. * 0: Success 1: Failure diff --git a/arch/x86/kernel/vm86_32.c b/arch/x86/kernel/vm86_32.c -index 5c9687b..5f857d3 100644 +index 1dfe69c..a3df6f6 100644 --- a/arch/x86/kernel/vm86_32.c +++ b/arch/x86/kernel/vm86_32.c @@ -43,6 +43,7 @@ @@ -21735,7 +22975,7 @@ index 22a1530..8fbaaad 100644 #ifdef CONFIG_SMP diff --git a/arch/x86/kernel/vsyscall_64.c b/arch/x86/kernel/vsyscall_64.c -index 3a3e8c9..1af9465 100644 +index 9a907a6..f83f921 100644 --- a/arch/x86/kernel/vsyscall_64.c +++ b/arch/x86/kernel/vsyscall_64.c @@ -56,15 +56,13 @@ @@ -21755,7 +22995,7 @@ index 3a3e8c9..1af9465 100644 else if (!strcmp("none", str)) vsyscall_mode = NONE; else -@@ -315,8 +313,7 @@ done: +@@ -323,8 +321,7 @@ do_ret: return true; sigsegv: @@ -21765,7 +23005,7 @@ index 3a3e8c9..1af9465 100644 } /* -@@ -369,10 +366,7 @@ void __init map_vsyscall(void) +@@ -377,10 +374,7 @@ void __init map_vsyscall(void) extern char __vvar_page; unsigned long physaddr_vvar_page = __pa_symbol(&__vvar_page); @@ -21850,7 +23090,7 @@ index ada87a3..afea76d 100644 if ((unsigned long)buf % 64 || fx_only) { u64 init_bv = pcntxt_mask & ~XSTATE_FPSSE; diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c -index ec79e77..420f5cc 100644 +index a20ecb5..d0e2194 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -124,15 +124,20 @@ int kvm_vcpu_ioctl_set_cpuid2(struct kvm_vcpu *vcpu, @@ -21901,7 +23141,7 @@ index ec79e77..420f5cc 100644 out: diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c -index bba39bf..296540a 100644 +index a27e763..54bfe43 100644 --- a/arch/x86/kvm/emulate.c +++ b/arch/x86/kvm/emulate.c @@ -292,6 +292,7 @@ static void invalidate_registers(struct x86_emulate_ctxt *ctxt) @@ -21930,7 +23170,7 @@ index bba39bf..296540a 100644 case 1: \ ____emulate_2op(ctxt,_op,_bx,_by,"b",u8); \ diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c -index 43e9fad..3b7c059 100644 +index 9392f52..0e56d77 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -55,7 +55,7 @@ @@ -21943,7 +23183,7 @@ index 43e9fad..3b7c059 100644 #define APIC_LVT_NUM 6 /* 14 is the version for Xeon and Pentium 8.4.8*/ diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h -index 714e2c0..3f7a086 100644 +index 891eb6d..e027900 100644 --- a/arch/x86/kvm/paging_tmpl.h +++ b/arch/x86/kvm/paging_tmpl.h @@ -208,7 +208,7 @@ retry_walk: @@ -21956,10 +23196,10 @@ index 714e2c0..3f7a086 100644 goto error; walker->ptep_user[walker->level - 1] = ptep_user; diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c -index d017df3..61ae42e 100644 +index d29d3cd..ec9d522 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c -@@ -3500,7 +3500,11 @@ static void reload_tss(struct kvm_vcpu *vcpu) +@@ -3507,7 +3507,11 @@ static void reload_tss(struct kvm_vcpu *vcpu) int cpu = raw_smp_processor_id(); struct svm_cpu_data *sd = per_cpu(svm_data, cpu); @@ -21971,7 +23211,7 @@ index d017df3..61ae42e 100644 load_TR_desc(); } -@@ -3874,6 +3878,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) +@@ -3881,6 +3885,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) #endif #endif @@ -21983,10 +23223,10 @@ index d017df3..61ae42e 100644 local_irq_disable(); diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c -index f858159..4ab7dba 100644 +index 9120ae1..238abc0 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c -@@ -1332,7 +1332,11 @@ static void reload_tss(void) +@@ -1370,7 +1370,11 @@ static void reload_tss(void) struct desc_struct *descs; descs = (void *)gdt->address; @@ -21998,7 +23238,7 @@ index f858159..4ab7dba 100644 load_TR_desc(); } -@@ -1546,6 +1550,10 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu) +@@ -1594,6 +1598,10 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu) vmcs_writel(HOST_TR_BASE, kvm_read_tr_base()); /* 22.2.4 */ vmcs_writel(HOST_GDTR_BASE, gdt->address); /* 22.2.4 */ @@ -22009,7 +23249,7 @@ index f858159..4ab7dba 100644 rdmsrl(MSR_IA32_SYSENTER_ESP, sysenter_esp); vmcs_writel(HOST_IA32_SYSENTER_ESP, sysenter_esp); /* 22.2.3 */ vmx->loaded_vmcs->cpu = cpu; -@@ -2669,8 +2677,11 @@ static __init int hardware_setup(void) +@@ -2738,8 +2746,11 @@ static __init int hardware_setup(void) if (!cpu_has_vmx_flexpriority()) flexpriority_enabled = 0; @@ -22023,7 +23263,7 @@ index f858159..4ab7dba 100644 if (enable_ept && !cpu_has_vmx_ept_2m_page()) kvm_disable_largepages(); -@@ -3712,7 +3723,10 @@ static void vmx_set_constant_host_state(void) +@@ -3782,7 +3793,10 @@ static void vmx_set_constant_host_state(void) vmcs_writel(HOST_CR0, read_cr0() & ~X86_CR0_TS); /* 22.2.3 */ vmcs_writel(HOST_CR4, read_cr4()); /* 22.2.3, 22.2.5 */ @@ -22034,7 +23274,7 @@ index f858159..4ab7dba 100644 vmcs_write16(HOST_CS_SELECTOR, __KERNEL_CS); /* 22.2.4 */ #ifdef CONFIG_X86_64 -@@ -3733,7 +3747,7 @@ static void vmx_set_constant_host_state(void) +@@ -3803,7 +3817,7 @@ static void vmx_set_constant_host_state(void) native_store_idt(&dt); vmcs_writel(HOST_IDTR_BASE, dt.address); /* 22.2.4 */ @@ -22043,7 +23283,7 @@ index f858159..4ab7dba 100644 rdmsr(MSR_IA32_SYSENTER_CS, low32, high32); vmcs_write32(HOST_IA32_SYSENTER_CS, low32); -@@ -6279,6 +6293,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6355,6 +6369,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) "jmp 2f \n\t" "1: " __ex(ASM_VMX_VMRESUME) "\n\t" "2: " @@ -22056,7 +23296,7 @@ index f858159..4ab7dba 100644 /* Save guest registers, load host registers, keep flags */ "mov %0, %c[wordsize](%%" _ASM_SP ") \n\t" "pop %0 \n\t" -@@ -6331,6 +6351,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6407,6 +6427,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) #endif [cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)), [wordsize]"i"(sizeof(ulong)) @@ -22068,7 +23308,7 @@ index f858159..4ab7dba 100644 : "cc", "memory" #ifdef CONFIG_X86_64 , "rax", "rbx", "rdi", "rsi" -@@ -6344,7 +6369,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6420,7 +6445,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) if (debugctlmsr) update_debugctlmsr(debugctlmsr); @@ -22077,7 +23317,7 @@ index f858159..4ab7dba 100644 /* * The sysexit path does not restore ds/es, so we must set them to * a reasonable value ourselves. -@@ -6353,8 +6378,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6429,8 +6454,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) * may be executed in interrupt context, which saves and restore segments * around it, nullifying its effect. */ @@ -22099,10 +23339,10 @@ index f858159..4ab7dba 100644 vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c -index 4f76417..93429b5 100644 +index c243b81..9eb193f 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c -@@ -1390,8 +1390,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) +@@ -1692,8 +1692,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) { struct kvm *kvm = vcpu->kvm; int lm = is_long_mode(vcpu); @@ -22113,7 +23353,7 @@ index 4f76417..93429b5 100644 u8 blob_size = lm ? kvm->arch.xen_hvm_config.blob_size_64 : kvm->arch.xen_hvm_config.blob_size_32; u32 page_num = data & ~PAGE_MASK; -@@ -2255,6 +2255,8 @@ long kvm_arch_dev_ioctl(struct file *filp, +@@ -2571,6 +2571,8 @@ long kvm_arch_dev_ioctl(struct file *filp, if (n < msr_list.nmsrs) goto out; r = -EFAULT; @@ -22122,7 +23362,7 @@ index 4f76417..93429b5 100644 if (copy_to_user(user_msr_list->indices, &msrs_to_save, num_msrs_to_save * sizeof(u32))) goto out; -@@ -2379,7 +2381,7 @@ static int kvm_vcpu_ioctl_set_lapic(struct kvm_vcpu *vcpu, +@@ -2700,7 +2702,7 @@ static int kvm_vcpu_ioctl_set_lapic(struct kvm_vcpu *vcpu, static int kvm_vcpu_ioctl_interrupt(struct kvm_vcpu *vcpu, struct kvm_interrupt *irq) { @@ -22131,9 +23371,9 @@ index 4f76417..93429b5 100644 return -EINVAL; if (irqchip_in_kernel(vcpu->kvm)) return -ENXIO; -@@ -4881,7 +4883,7 @@ static void kvm_set_mmio_spte_mask(void) - kvm_mmu_set_mmio_spte_mask(mask); - } +@@ -5213,7 +5215,7 @@ static struct notifier_block pvclock_gtod_notifier = { + }; + #endif -int kvm_arch_init(void *opaque) +int kvm_arch_init(const void *opaque) @@ -22141,7 +23381,7 @@ index 4f76417..93429b5 100644 int r; struct kvm_x86_ops *ops = (struct kvm_x86_ops *)opaque; diff --git a/arch/x86/lguest/boot.c b/arch/x86/lguest/boot.c -index 642d880..44e0f3f 100644 +index df4176c..23ce092 100644 --- a/arch/x86/lguest/boot.c +++ b/arch/x86/lguest/boot.c @@ -1200,9 +1200,10 @@ static __init int early_put_chars(u32 vtermno, const char *buf, int count) @@ -22944,92 +24184,92 @@ index 1e572c5..2a162cd 100644 CFI_ENDPROC diff --git a/arch/x86/lib/copy_page_64.S b/arch/x86/lib/copy_page_64.S -index 6b34d04..dccb07f 100644 +index 176cca6..1166c50 100644 --- a/arch/x86/lib/copy_page_64.S +++ b/arch/x86/lib/copy_page_64.S -@@ -9,6 +9,7 @@ copy_page_c: +@@ -9,6 +9,7 @@ copy_page_rep: CFI_STARTPROC - movl $4096/8,%ecx - rep movsq + movl $4096/8, %ecx + rep movsq + pax_force_retaddr ret CFI_ENDPROC - ENDPROC(copy_page_c) -@@ -20,12 +21,14 @@ ENDPROC(copy_page_c) + ENDPROC(copy_page_rep) +@@ -20,12 +21,14 @@ ENDPROC(copy_page_rep) ENTRY(copy_page) CFI_STARTPROC -- subq $2*8,%rsp +- subq $2*8, %rsp - CFI_ADJUST_CFA_OFFSET 2*8 -+ subq $3*8,%rsp ++ subq $3*8, %rsp + CFI_ADJUST_CFA_OFFSET 3*8 - movq %rbx,(%rsp) + movq %rbx, (%rsp) CFI_REL_OFFSET rbx, 0 - movq %r12,1*8(%rsp) + movq %r12, 1*8(%rsp) CFI_REL_OFFSET r12, 1*8 -+ movq %r13,2*8(%rsp) ++ movq %r13, 2*8(%rsp) + CFI_REL_OFFSET r13, 2*8 - movl $(4096/64)-5,%ecx + movl $(4096/64)-5, %ecx .p2align 4 -@@ -37,7 +40,7 @@ ENTRY(copy_page) - movq 16 (%rsi), %rdx - movq 24 (%rsi), %r8 - movq 32 (%rsi), %r9 -- movq 40 (%rsi), %r10 -+ movq 40 (%rsi), %r13 - movq 48 (%rsi), %r11 - movq 56 (%rsi), %r12 - -@@ -48,7 +51,7 @@ ENTRY(copy_page) - movq %rdx, 16 (%rdi) - movq %r8, 24 (%rdi) - movq %r9, 32 (%rdi) -- movq %r10, 40 (%rdi) -+ movq %r13, 40 (%rdi) - movq %r11, 48 (%rdi) - movq %r12, 56 (%rdi) - -@@ -67,7 +70,7 @@ ENTRY(copy_page) - movq 16 (%rsi), %rdx - movq 24 (%rsi), %r8 - movq 32 (%rsi), %r9 -- movq 40 (%rsi), %r10 -+ movq 40 (%rsi), %r13 - movq 48 (%rsi), %r11 - movq 56 (%rsi), %r12 - -@@ -76,7 +79,7 @@ ENTRY(copy_page) - movq %rdx, 16 (%rdi) - movq %r8, 24 (%rdi) - movq %r9, 32 (%rdi) -- movq %r10, 40 (%rdi) -+ movq %r13, 40 (%rdi) - movq %r11, 48 (%rdi) - movq %r12, 56 (%rdi) - -@@ -89,8 +92,11 @@ ENTRY(copy_page) +@@ -36,7 +39,7 @@ ENTRY(copy_page) + movq 0x8*2(%rsi), %rdx + movq 0x8*3(%rsi), %r8 + movq 0x8*4(%rsi), %r9 +- movq 0x8*5(%rsi), %r10 ++ movq 0x8*5(%rsi), %r13 + movq 0x8*6(%rsi), %r11 + movq 0x8*7(%rsi), %r12 + +@@ -47,7 +50,7 @@ ENTRY(copy_page) + movq %rdx, 0x8*2(%rdi) + movq %r8, 0x8*3(%rdi) + movq %r9, 0x8*4(%rdi) +- movq %r10, 0x8*5(%rdi) ++ movq %r13, 0x8*5(%rdi) + movq %r11, 0x8*6(%rdi) + movq %r12, 0x8*7(%rdi) + +@@ -66,7 +69,7 @@ ENTRY(copy_page) + movq 0x8*2(%rsi), %rdx + movq 0x8*3(%rsi), %r8 + movq 0x8*4(%rsi), %r9 +- movq 0x8*5(%rsi), %r10 ++ movq 0x8*5(%rsi), %r13 + movq 0x8*6(%rsi), %r11 + movq 0x8*7(%rsi), %r12 + +@@ -75,7 +78,7 @@ ENTRY(copy_page) + movq %rdx, 0x8*2(%rdi) + movq %r8, 0x8*3(%rdi) + movq %r9, 0x8*4(%rdi) +- movq %r10, 0x8*5(%rdi) ++ movq %r13, 0x8*5(%rdi) + movq %r11, 0x8*6(%rdi) + movq %r12, 0x8*7(%rdi) + +@@ -87,8 +90,11 @@ ENTRY(copy_page) CFI_RESTORE rbx - movq 1*8(%rsp),%r12 + movq 1*8(%rsp), %r12 CFI_RESTORE r12 -- addq $2*8,%rsp +- addq $2*8, %rsp - CFI_ADJUST_CFA_OFFSET -2*8 -+ movq 2*8(%rsp),%r13 ++ movq 2*8(%rsp), %r13 + CFI_RESTORE r13 -+ addq $3*8,%rsp ++ addq $3*8, %rsp + CFI_ADJUST_CFA_OFFSET -3*8 + pax_force_retaddr ret .Lcopy_page_end: CFI_ENDPROC -@@ -101,7 +107,7 @@ ENDPROC(copy_page) +@@ -99,7 +105,7 @@ ENDPROC(copy_page) #include <asm/cpufeature.h> - .section .altinstr_replacement,"ax" + .section .altinstr_replacement,"a" 1: .byte 0xeb /* jmp <disp8> */ - .byte (copy_page_c - copy_page) - (2f - 1b) /* offset */ + .byte (copy_page_rep - copy_page) - (2f - 1b) /* offset */ 2: diff --git a/arch/x86/lib/copy_user_64.S b/arch/x86/lib/copy_user_64.S index a30ca15..d25fab6 100644 @@ -24351,7 +25591,7 @@ index a63efd6..ccecad8 100644 ret CFI_ENDPROC diff --git a/arch/x86/lib/usercopy_32.c b/arch/x86/lib/usercopy_32.c -index 98f6d6b6..d27f045 100644 +index f0312d7..9c39d63 100644 --- a/arch/x86/lib/usercopy_32.c +++ b/arch/x86/lib/usercopy_32.c @@ -42,11 +42,13 @@ do { \ @@ -24844,8 +26084,8 @@ index 98f6d6b6..d27f045 100644 "2:\n" \ ".section .fixup,\"ax\"\n" \ "5: addl %3,%0\n" \ -@@ -629,9 +741,9 @@ survive: - #endif +@@ -572,9 +684,9 @@ unsigned long __copy_to_user_ll(void __user *to, const void *from, + { stac(); if (movsl_is_ok(to, from, n)) - __copy_user(to, from, n); @@ -24856,7 +26096,7 @@ index 98f6d6b6..d27f045 100644 clac(); return n; } -@@ -655,10 +767,9 @@ unsigned long __copy_from_user_ll_nozero(void *to, const void __user *from, +@@ -598,10 +710,9 @@ unsigned long __copy_from_user_ll_nozero(void *to, const void __user *from, { stac(); if (movsl_is_ok(to, from, n)) @@ -24869,7 +26109,7 @@ index 98f6d6b6..d27f045 100644 clac(); return n; } -@@ -689,66 +800,51 @@ unsigned long __copy_from_user_ll_nocache_nozero(void *to, const void __user *fr +@@ -632,66 +743,51 @@ unsigned long __copy_from_user_ll_nocache_nozero(void *to, const void __user *fr if (n > 64 && cpu_has_xmm2) n = __copy_user_intel_nocache(to, from, n); else @@ -25082,7 +26322,7 @@ index 903ec1e..c4166b2 100644 } diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c -index 79ff7da..610cf70 100644 +index fb674fd..272f369 100644 --- a/arch/x86/mm/fault.c +++ b/arch/x86/mm/fault.c @@ -13,12 +13,19 @@ @@ -25096,7 +26336,7 @@ index 79ff7da..610cf70 100644 #include <asm/pgalloc.h> /* pgd_*(), ... */ #include <asm/kmemcheck.h> /* kmemcheck_*(), ... */ #include <asm/fixmap.h> /* VSYSCALL_START */ - #include <asm/rcu.h> /* exception_enter(), ... */ + #include <asm/context_tracking.h> /* exception_enter(), ... */ +#include <asm/tlbflush.h> + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) @@ -25309,7 +26549,7 @@ index 79ff7da..610cf70 100644 /* Kernel addresses are always protection faults: */ if (address >= TASK_SIZE) error_code |= PF_PROT; -@@ -847,7 +945,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address, +@@ -833,7 +931,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address, if (fault & (VM_FAULT_HWPOISON|VM_FAULT_HWPOISON_LARGE)) { printk(KERN_ERR "MCE: Killing %s:%d due to hardware memory corruption fault at %lx\n", @@ -25318,7 +26558,7 @@ index 79ff7da..610cf70 100644 code = BUS_MCEERR_AR; } #endif -@@ -903,6 +1001,99 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte) +@@ -896,6 +994,99 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte) return 1; } @@ -25418,7 +26658,7 @@ index 79ff7da..610cf70 100644 /* * Handle a spurious fault caused by a stale TLB entry. * -@@ -975,6 +1166,9 @@ int show_unhandled_signals = 1; +@@ -968,6 +1159,9 @@ int show_unhandled_signals = 1; static inline int access_error(unsigned long error_code, struct vm_area_struct *vma) { @@ -25428,7 +26668,7 @@ index 79ff7da..610cf70 100644 if (error_code & PF_WRITE) { /* write, present and write, not present: */ if (unlikely(!(vma->vm_flags & VM_WRITE))) -@@ -1003,7 +1197,7 @@ static inline bool smap_violation(int error_code, struct pt_regs *regs) +@@ -996,7 +1190,7 @@ static inline bool smap_violation(int error_code, struct pt_regs *regs) if (error_code & PF_USER) return false; @@ -25437,7 +26677,7 @@ index 79ff7da..610cf70 100644 return false; return true; -@@ -1019,18 +1213,33 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code) +@@ -1012,18 +1206,33 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code) { struct vm_area_struct *vma; struct task_struct *tsk; @@ -25476,7 +26716,7 @@ index 79ff7da..610cf70 100644 /* * Detect and handle instructions that would cause a page fault for -@@ -1091,7 +1300,7 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code) +@@ -1084,7 +1293,7 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code) * User-mode registers count as a user access even for any * potential system fault or CPU buglet: */ @@ -25485,7 +26725,7 @@ index 79ff7da..610cf70 100644 local_irq_enable(); error_code |= PF_USER; } else { -@@ -1153,6 +1362,11 @@ retry: +@@ -1146,6 +1355,11 @@ retry: might_sleep(); } @@ -25497,7 +26737,7 @@ index 79ff7da..610cf70 100644 vma = find_vma(mm, address); if (unlikely(!vma)) { bad_area(regs, error_code, address); -@@ -1164,18 +1378,24 @@ retry: +@@ -1157,18 +1371,24 @@ retry: bad_area(regs, error_code, address); return; } @@ -25533,7 +26773,7 @@ index 79ff7da..610cf70 100644 if (unlikely(expand_stack(vma, address))) { bad_area(regs, error_code, address); return; -@@ -1239,3 +1459,292 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code) +@@ -1232,3 +1452,292 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code) __do_page_fault(regs, error_code); exception_exit(regs); } @@ -25856,172 +27096,36 @@ index 6f31ee5..8ee4164 100644 return (void *)vaddr; diff --git a/arch/x86/mm/hugetlbpage.c b/arch/x86/mm/hugetlbpage.c -index 937bff5..dce75ff 100644 +index ae1aa71..56316db 100644 --- a/arch/x86/mm/hugetlbpage.c +++ b/arch/x86/mm/hugetlbpage.c -@@ -276,13 +276,21 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *file, - struct hstate *h = hstate_file(file); - struct mm_struct *mm = current->mm; - struct vm_area_struct *vma; -- unsigned long start_addr; -+ unsigned long start_addr, pax_task_size = TASK_SIZE; -+ unsigned long offset = gr_rand_threadstack_offset(mm, file, flags); -+ -+#ifdef CONFIG_PAX_SEGMEXEC -+ if (mm->pax_flags & MF_PAX_SEGMEXEC) -+ pax_task_size = SEGMEXEC_TASK_SIZE; -+#endif -+ -+ pax_task_size -= PAGE_SIZE; - - if (len > mm->cached_hole_size) { -- start_addr = mm->free_area_cache; -+ start_addr = mm->free_area_cache; - } else { -- start_addr = TASK_UNMAPPED_BASE; -- mm->cached_hole_size = 0; -+ start_addr = mm->mmap_base; -+ mm->cached_hole_size = 0; - } - - full_search: -@@ -290,26 +298,27 @@ full_search: - - for (vma = find_vma(mm, addr); ; vma = vma->vm_next) { - /* At this point: (!vma || addr < vma->vm_end). */ -- if (TASK_SIZE - len < addr) { -+ if (pax_task_size - len < addr) { - /* - * Start a new search - just in case we missed - * some holes. - */ -- if (start_addr != TASK_UNMAPPED_BASE) { -- start_addr = TASK_UNMAPPED_BASE; -+ if (start_addr != mm->mmap_base) { -+ start_addr = mm->mmap_base; - mm->cached_hole_size = 0; - goto full_search; - } - return -ENOMEM; - } -- if (!vma || addr + len <= vma->vm_start) { -- mm->free_area_cache = addr + len; -- return addr; -- } -+ if (check_heap_stack_gap(vma, addr, len, offset)) -+ break; - if (addr + mm->cached_hole_size < vma->vm_start) - mm->cached_hole_size = vma->vm_start - addr; - addr = ALIGN(vma->vm_end, huge_page_size(h)); - } +@@ -279,6 +279,12 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *file, + info.flags = 0; + info.length = len; + info.low_limit = TASK_UNMAPPED_BASE; + -+ mm->free_area_cache = addr + len; -+ return addr; - } - - static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file, -@@ -320,9 +329,9 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file, - struct mm_struct *mm = current->mm; - struct vm_area_struct *vma; - unsigned long base = mm->mmap_base; -- unsigned long addr = addr0; -+ unsigned long addr; - unsigned long largest_hole = mm->cached_hole_size; -- unsigned long start_addr; -+ unsigned long offset = gr_rand_threadstack_offset(mm, file, flags); - - /* don't allow allocations above current base */ - if (mm->free_area_cache > base) -@@ -332,16 +341,15 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file, - largest_hole = 0; - mm->free_area_cache = base; - } --try_again: -- start_addr = mm->free_area_cache; - - /* make sure it can fit in the remaining address space */ - if (mm->free_area_cache < len) - goto fail; - - /* either no address requested or can't fit in requested address hole */ -- addr = (mm->free_area_cache - len) & huge_page_mask(h); -+ addr = mm->free_area_cache - len; - do { -+ addr &= huge_page_mask(h); - /* - * Lookup failure means no vma is above this address, - * i.e. return with success: -@@ -350,10 +358,10 @@ try_again: - if (!vma) - return addr; - -- if (addr + len <= vma->vm_start) { -+ if (check_heap_stack_gap(vma, addr, len, offset)) { - /* remember the address as a hint for next time */ -- mm->cached_hole_size = largest_hole; -- return (mm->free_area_cache = addr); -+ mm->cached_hole_size = largest_hole; -+ return (mm->free_area_cache = addr); - } else if (mm->free_area_cache == vma->vm_end) { - /* pull free_area_cache down to the first hole */ - mm->free_area_cache = vma->vm_start; -@@ -362,29 +370,34 @@ try_again: - - /* remember the largest hole we saw so far */ - if (addr + largest_hole < vma->vm_start) -- largest_hole = vma->vm_start - addr; -+ largest_hole = vma->vm_start - addr; - - /* try just below the current vma->vm_start */ -- addr = (vma->vm_start - len) & huge_page_mask(h); -- } while (len <= vma->vm_start); -+ addr = skip_heap_stack_gap(vma, len, offset); -+ } while (!IS_ERR_VALUE(addr)); - - fail: - /* -- * if hint left us with no space for the requested -- * mapping then try again: -- */ -- if (start_addr != base) { -- mm->free_area_cache = base; -- largest_hole = 0; -- goto try_again; -- } -- /* - * A failed mmap() very likely causes application failure, - * so fall back to the bottom-up function here. This scenario - * can happen with large stack limits and large mmap() - * allocations. - */ -- mm->free_area_cache = TASK_UNMAPPED_BASE; -+ -+#ifdef CONFIG_PAX_SEGMEXEC -+ if (mm->pax_flags & MF_PAX_SEGMEXEC) -+ mm->mmap_base = SEGMEXEC_TASK_UNMAPPED_BASE; -+ else ++#ifdef CONFIG_PAX_RANDMMAP ++ if (current->mm->pax_flags & MF_PAX_RANDMMAP) ++ info.low_limit += current->mm->delta_mmap; +#endif + -+ mm->mmap_base = TASK_UNMAPPED_BASE; + info.high_limit = TASK_SIZE; + info.align_mask = PAGE_MASK & ~huge_page_mask(h); + info.align_offset = 0; +@@ -311,6 +317,12 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file, + VM_BUG_ON(addr != -ENOMEM); + info.flags = 0; + info.low_limit = TASK_UNMAPPED_BASE; + +#ifdef CONFIG_PAX_RANDMMAP -+ if (mm->pax_flags & MF_PAX_RANDMMAP) -+ mm->mmap_base += mm->delta_mmap; ++ if (current->mm->pax_flags & MF_PAX_RANDMMAP) ++ info.low_limit += current->mm->delta_mmap; +#endif + -+ mm->free_area_cache = mm->mmap_base; - mm->cached_hole_size = ~0UL; - addr = hugetlb_get_unmapped_area_bottomup(file, addr0, - len, pgoff, flags); -@@ -392,6 +405,7 @@ fail: - /* - * Restore the topdown base: - */ -+ mm->mmap_base = base; - mm->free_area_cache = base; - mm->cached_hole_size = ~0UL; - -@@ -405,10 +419,20 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, + info.high_limit = TASK_SIZE; + addr = vm_unmapped_area(&info); + } +@@ -325,10 +337,20 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, struct hstate *h = hstate_file(file); struct mm_struct *mm = current->mm; struct vm_area_struct *vma; @@ -26043,7 +27147,7 @@ index 937bff5..dce75ff 100644 return -ENOMEM; if (flags & MAP_FIXED) { -@@ -417,11 +441,14 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, +@@ -337,11 +359,14 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, return addr; } @@ -26251,7 +27355,7 @@ index d7aea41..0fc945b 100644 (unsigned long)(&__init_begin), (unsigned long)(&__init_end)); diff --git a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c -index 11a5800..4bd9977 100644 +index 745d66b..56bf568 100644 --- a/arch/x86/mm/init_32.c +++ b/arch/x86/mm/init_32.c @@ -73,36 +73,6 @@ static __init void *alloc_low_page(void) @@ -26468,7 +27572,7 @@ index 11a5800..4bd9977 100644 EXPORT_SYMBOL_GPL(__supported_pte_mask); /* user-defined highmem size */ -@@ -731,6 +730,12 @@ void __init mem_init(void) +@@ -728,6 +727,12 @@ void __init mem_init(void) pci_iommu_alloc(); @@ -26481,7 +27585,7 @@ index 11a5800..4bd9977 100644 #ifdef CONFIG_FLATMEM BUG_ON(!mem_map); #endif -@@ -757,7 +762,7 @@ void __init mem_init(void) +@@ -754,7 +759,7 @@ void __init mem_init(void) reservedpages++; codesize = (unsigned long) &_etext - (unsigned long) &_text; @@ -26490,7 +27594,7 @@ index 11a5800..4bd9977 100644 initsize = (unsigned long) &__init_end - (unsigned long) &__init_begin; printk(KERN_INFO "Memory: %luk/%luk available (%dk kernel code, " -@@ -798,10 +803,10 @@ void __init mem_init(void) +@@ -795,10 +800,10 @@ void __init mem_init(void) ((unsigned long)&__init_end - (unsigned long)&__init_begin) >> 10, @@ -26504,7 +27608,7 @@ index 11a5800..4bd9977 100644 ((unsigned long)&_etext - (unsigned long)&_text) >> 10); /* -@@ -879,6 +884,7 @@ void set_kernel_text_rw(void) +@@ -876,6 +881,7 @@ void set_kernel_text_rw(void) if (!kernel_set_to_readonly) return; @@ -26512,7 +27616,7 @@ index 11a5800..4bd9977 100644 pr_debug("Set kernel text: %lx - %lx for read write\n", start, start+size); -@@ -893,6 +899,7 @@ void set_kernel_text_ro(void) +@@ -890,6 +896,7 @@ void set_kernel_text_ro(void) if (!kernel_set_to_readonly) return; @@ -26520,7 +27624,7 @@ index 11a5800..4bd9977 100644 pr_debug("Set kernel text: %lx - %lx for read only\n", start, start+size); -@@ -921,6 +928,7 @@ void mark_rodata_ro(void) +@@ -918,6 +925,7 @@ void mark_rodata_ro(void) unsigned long start = PFN_ALIGN(_text); unsigned long size = PFN_ALIGN(_etext) - start; @@ -26529,7 +27633,7 @@ index 11a5800..4bd9977 100644 printk(KERN_INFO "Write protecting the kernel text: %luk\n", size >> 10); diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c -index ce42da7..678a54e 100644 +index 75c9a6a..498d677 100644 --- a/arch/x86/mm/init_64.c +++ b/arch/x86/mm/init_64.c @@ -74,7 +74,7 @@ early_param("gbpages", parse_direct_gbpages_on); @@ -26664,7 +27768,7 @@ index ce42da7..678a54e 100644 spin_unlock(&init_mm.page_table_lock); pgd_changed = true; } -@@ -691,6 +705,12 @@ void __init mem_init(void) +@@ -693,6 +707,12 @@ void __init mem_init(void) pci_iommu_alloc(); @@ -26677,7 +27781,7 @@ index ce42da7..678a54e 100644 /* clear_bss() already clear the empty_zero_page */ reservedpages = 0; -@@ -854,8 +874,8 @@ int kern_addr_valid(unsigned long addr) +@@ -856,8 +876,8 @@ int kern_addr_valid(unsigned long addr) static struct vm_area_struct gate_vma = { .vm_start = VSYSCALL_START, .vm_end = VSYSCALL_START + (VSYSCALL_MAPPED_PAGES * PAGE_SIZE), @@ -26688,7 +27792,7 @@ index ce42da7..678a54e 100644 }; struct vm_area_struct *get_gate_vma(struct mm_struct *mm) -@@ -889,7 +909,7 @@ int in_gate_area_no_mm(unsigned long addr) +@@ -891,7 +911,7 @@ int in_gate_area_no_mm(unsigned long addr) const char *arch_vma_name(struct vm_area_struct *vma) { @@ -27116,7 +28220,7 @@ index 9f0614d..92ae64a 100644 p += get_opcode(p, &opcode); for (i = 0; i < ARRAY_SIZE(imm_wop); i++) diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c -index 8573b83..4f3ed7e 100644 +index e27fbf8..8b56dc9 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c @@ -84,10 +84,64 @@ static inline void pgd_list_del(pgd_t *pgd) @@ -27195,7 +28299,7 @@ index 8573b83..4f3ed7e 100644 /* * List of all pgd's needed for non-PAE so it can invalidate entries @@ -140,7 +195,7 @@ static void pgd_dtor(pgd_t *pgd) - * -- wli + * -- nyc */ -#ifdef CONFIG_X86_PAE @@ -27428,7 +28532,7 @@ index 410531d..0f16030 100644 } diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c -index 60f926c..a710970 100644 +index 13a6b29..c2fff23 100644 --- a/arch/x86/mm/tlb.c +++ b/arch/x86/mm/tlb.c @@ -48,7 +48,11 @@ void leave_mm(int cpu) @@ -27557,18 +28661,18 @@ index 877b9a1..a8ecf42 100644 + pax_force_retaddr ret diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c -index 520d2bd..b895ef4 100644 +index d11a470..3f9adff3 100644 --- a/arch/x86/net/bpf_jit_comp.c +++ b/arch/x86/net/bpf_jit_comp.c -@@ -11,6 +11,7 @@ - #include <asm/cacheflush.h> +@@ -12,6 +12,7 @@ #include <linux/netdevice.h> #include <linux/filter.h> + #include <linux/if_vlan.h> +#include <linux/random.h> /* * Conventions : -@@ -48,13 +49,87 @@ static inline u8 *emit_code(u8 *ptr, u32 bytes, unsigned int len) +@@ -49,13 +50,87 @@ static inline u8 *emit_code(u8 *ptr, u32 bytes, unsigned int len) return ptr + len; } @@ -27656,7 +28760,7 @@ index 520d2bd..b895ef4 100644 #define CLEAR_A() EMIT2(0x31, 0xc0) /* xor %eax,%eax */ #define CLEAR_X() EMIT2(0x31, 0xdb) /* xor %ebx,%ebx */ -@@ -89,6 +164,24 @@ do { \ +@@ -90,6 +165,24 @@ do { \ #define X86_JBE 0x76 #define X86_JA 0x77 @@ -27681,7 +28785,7 @@ index 520d2bd..b895ef4 100644 #define EMIT_COND_JMP(op, offset) \ do { \ if (is_near(offset)) \ -@@ -96,6 +189,7 @@ do { \ +@@ -97,6 +190,7 @@ do { \ else { \ EMIT2(0x0f, op + 0x10); \ EMIT(offset, 4); /* jxx .+off32 */ \ @@ -27689,7 +28793,7 @@ index 520d2bd..b895ef4 100644 } \ } while (0) -@@ -120,12 +214,17 @@ static inline void bpf_flush_icache(void *start, void *end) +@@ -121,12 +215,17 @@ static inline void bpf_flush_icache(void *start, void *end) set_fs(old_fs); } @@ -27708,7 +28812,7 @@ index 520d2bd..b895ef4 100644 u8 *prog; unsigned int proglen, oldproglen = 0; int ilen, i; -@@ -138,6 +237,9 @@ void bpf_jit_compile(struct sk_filter *fp) +@@ -139,6 +238,9 @@ void bpf_jit_compile(struct sk_filter *fp) unsigned int *addrs; const struct sock_filter *filter = fp->insns; int flen = fp->len; @@ -27718,7 +28822,7 @@ index 520d2bd..b895ef4 100644 if (!bpf_jit_enable) return; -@@ -146,11 +248,19 @@ void bpf_jit_compile(struct sk_filter *fp) +@@ -147,11 +249,19 @@ void bpf_jit_compile(struct sk_filter *fp) if (addrs == NULL) return; @@ -27740,7 +28844,7 @@ index 520d2bd..b895ef4 100644 addrs[i] = proglen; } cleanup_addr = proglen; /* epilogue address */ -@@ -258,10 +368,8 @@ void bpf_jit_compile(struct sk_filter *fp) +@@ -261,10 +371,8 @@ void bpf_jit_compile(struct sk_filter *fp) case BPF_S_ALU_MUL_K: /* A *= K */ if (is_imm8(K)) EMIT3(0x6b, 0xc0, K); /* imul imm8,%eax,%eax */ @@ -27753,7 +28857,7 @@ index 520d2bd..b895ef4 100644 break; case BPF_S_ALU_DIV_X: /* A /= X; */ seen |= SEEN_XREG; -@@ -301,13 +409,23 @@ void bpf_jit_compile(struct sk_filter *fp) +@@ -304,13 +412,23 @@ void bpf_jit_compile(struct sk_filter *fp) break; case BPF_S_ALU_MOD_K: /* A %= K; */ EMIT2(0x31, 0xd2); /* xor %edx,%edx */ @@ -27777,7 +28881,7 @@ index 520d2bd..b895ef4 100644 EMIT4(0x48, 0xc1, 0xe8, 0x20); /* shr $0x20,%rax */ break; case BPF_S_ALU_AND_X: -@@ -543,8 +661,7 @@ common_load_ind: seen |= SEEN_DATAREF | SEEN_XREG; +@@ -564,8 +682,7 @@ common_load_ind: seen |= SEEN_DATAREF | SEEN_XREG; if (is_imm8(K)) { EMIT3(0x8d, 0x73, K); /* lea imm8(%rbx), %esi */ } else { @@ -27787,7 +28891,7 @@ index 520d2bd..b895ef4 100644 } } else { EMIT2(0x89,0xde); /* mov %ebx,%esi */ -@@ -627,17 +744,18 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; +@@ -648,17 +765,18 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; break; default: /* hmm, too complex filter, give up with jit compiler */ @@ -27810,7 +28914,7 @@ index 520d2bd..b895ef4 100644 } proglen += ilen; addrs[i] = proglen; -@@ -658,11 +776,9 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; +@@ -679,11 +797,9 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; break; } if (proglen == oldproglen) { @@ -27824,7 +28928,7 @@ index 520d2bd..b895ef4 100644 } oldproglen = proglen; } -@@ -678,7 +794,10 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; +@@ -699,7 +815,10 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; bpf_flush_icache(image, image + proglen); fp->bpf_func = (void *)image; @@ -27836,7 +28940,7 @@ index 520d2bd..b895ef4 100644 out: kfree(addrs); return; -@@ -686,18 +805,20 @@ out: +@@ -707,18 +826,20 @@ out: static void jit_free_defer(struct work_struct *arg) { @@ -27896,8 +29000,21 @@ index d6aa6e8..266395a 100644 unsigned long stack = kernel_stack_pointer(regs); if (depth) dump_trace(NULL, regs, (unsigned long *)stack, 0, +diff --git a/arch/x86/pci/amd_bus.c b/arch/x86/pci/amd_bus.c +index e9e6ed5..e47ae67 100644 +--- a/arch/x86/pci/amd_bus.c ++++ b/arch/x86/pci/amd_bus.c +@@ -337,7 +337,7 @@ static int __cpuinit amd_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata amd_cpu_notifier = { ++static struct notifier_block amd_cpu_notifier = { + .notifier_call = amd_cpu_notify, + }; + diff --git a/arch/x86/pci/mrst.c b/arch/x86/pci/mrst.c -index e14a2ff..3fd6b58 100644 +index 6eb18c4..20d83de 100644 --- a/arch/x86/pci/mrst.c +++ b/arch/x86/pci/mrst.c @@ -238,7 +238,9 @@ int __init pci_mrst_init(void) @@ -27912,10 +29029,10 @@ index e14a2ff..3fd6b58 100644 /* Continue with standard init */ return 1; diff --git a/arch/x86/pci/pcbios.c b/arch/x86/pci/pcbios.c -index da8fe05..7ee6704 100644 +index c77b24a..c979855 100644 --- a/arch/x86/pci/pcbios.c +++ b/arch/x86/pci/pcbios.c -@@ -79,50 +79,93 @@ union bios32 { +@@ -79,7 +79,7 @@ union bios32 { static struct { unsigned long address; unsigned short segment; @@ -27924,13 +29041,7 @@ index da8fe05..7ee6704 100644 /* * Returns the entry point for the given service, NULL on error - */ - --static unsigned long bios32_service(unsigned long service) -+static unsigned long __devinit bios32_service(unsigned long service) - { - unsigned char return_code; /* %al */ - unsigned long address; /* %ebx */ +@@ -92,37 +92,80 @@ static unsigned long bios32_service(unsigned long service) unsigned long length; /* %ecx */ unsigned long entry; /* %edx */ unsigned long flags; @@ -28021,9 +29132,9 @@ index da8fe05..7ee6704 100644 -static int pci_bios_present; +static int pci_bios_present __read_only; - static int __devinit check_pcibios(void) + static int check_pcibios(void) { -@@ -131,11 +174,13 @@ static int __devinit check_pcibios(void) +@@ -131,11 +174,13 @@ static int check_pcibios(void) unsigned long flags, pcibios_entry; if ((pcibios_entry = bios32_service(PCI_SERVICE))) { @@ -28040,7 +29151,7 @@ index da8fe05..7ee6704 100644 "jc 1f\n\t" "xor %%ah, %%ah\n" "1:" -@@ -144,7 +189,8 @@ static int __devinit check_pcibios(void) +@@ -144,7 +189,8 @@ static int check_pcibios(void) "=b" (ebx), "=c" (ecx) : "1" (PCIBIOS_PCI_BIOS_PRESENT), @@ -28458,7 +29569,7 @@ index 4c07cca..2c8427d 100644 ret ENDPROC(efi_call6) diff --git a/arch/x86/platform/mrst/mrst.c b/arch/x86/platform/mrst/mrst.c -index fd41a92..9c33628 100644 +index e31bcd8..f12dc46 100644 --- a/arch/x86/platform/mrst/mrst.c +++ b/arch/x86/platform/mrst/mrst.c @@ -78,13 +78,15 @@ struct sfi_rtc_table_entry sfi_mrtc_array[SFI_MRTC_MAX]; @@ -28493,10 +29604,10 @@ index d6ee929..3637cb5 100644 .getproplen = olpc_dt_getproplen, .getproperty = olpc_dt_getproperty, diff --git a/arch/x86/power/cpu.c b/arch/x86/power/cpu.c -index 218cdb1..c1178eb 100644 +index 120cee1..b2db75a 100644 --- a/arch/x86/power/cpu.c +++ b/arch/x86/power/cpu.c -@@ -132,7 +132,7 @@ static void do_fpu_end(void) +@@ -133,7 +133,7 @@ static void do_fpu_end(void) static void fix_processor_context(void) { int cpu = smp_processor_id(); @@ -28505,7 +29616,7 @@ index 218cdb1..c1178eb 100644 set_tss_desc(cpu, t); /* * This just modifies memory; should not be -@@ -142,8 +142,6 @@ static void fix_processor_context(void) +@@ -143,8 +143,6 @@ static void fix_processor_context(void) */ #ifdef CONFIG_X86_64 @@ -28619,7 +29730,7 @@ index bb360dc..3e5945f 100644 /* diff --git a/arch/x86/tools/relocs.c b/arch/x86/tools/relocs.c -index 5a1847d..deccb30 100644 +index 79d67bd..c7e1b90 100644 --- a/arch/x86/tools/relocs.c +++ b/arch/x86/tools/relocs.c @@ -12,10 +12,13 @@ @@ -28828,7 +29939,7 @@ index 5a1847d..deccb30 100644 + read_relocs(fp, use_real_mode); if (show_absolute_syms) { print_absolute_symbols(); - return 0; + goto out; diff --git a/arch/x86/vdso/Makefile b/arch/x86/vdso/Makefile index fd14be1..e3c79c0 100644 --- a/arch/x86/vdso/Makefile @@ -28929,7 +30040,7 @@ index 0faad64..39ef157 100644 return NULL; } diff --git a/arch/x86/vdso/vma.c b/arch/x86/vdso/vma.c -index 00aaf04..4a26505 100644 +index 431e875..cbb23f3 100644 --- a/arch/x86/vdso/vma.c +++ b/arch/x86/vdso/vma.c @@ -16,8 +16,6 @@ @@ -28945,7 +30056,7 @@ index 00aaf04..4a26505 100644 * unaligned here as a result of stack start randomization. */ addr = PAGE_ALIGN(addr); -- addr = align_addr(addr, NULL, ALIGN_VDSO); +- addr = align_vdso_addr(addr); return addr; } @@ -28967,7 +30078,7 @@ index 00aaf04..4a26505 100644 +#endif + addr = vdso_addr(mm->start_stack, size); -+ addr = align_addr(addr, NULL, ALIGN_VDSO); ++ addr = align_vdso_addr(addr); addr = get_unmapped_area(NULL, addr, size, 0, 0); if (IS_ERR_VALUE(addr)) { ret = addr; @@ -29002,7 +30113,7 @@ index 00aaf04..4a26505 100644 -} -__setup("vdso=", vdso_setup); diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c -index 586d838..e883209 100644 +index e014092..c76ab69 100644 --- a/arch/x86/xen/enlighten.c +++ b/arch/x86/xen/enlighten.c @@ -99,8 +99,6 @@ EXPORT_SYMBOL_GPL(xen_start_info); @@ -29014,7 +30125,7 @@ index 586d838..e883209 100644 RESERVE_BRK(shared_info_page_brk, PAGE_SIZE); __read_mostly int xen_have_vector_callback; EXPORT_SYMBOL_GPL(xen_have_vector_callback); -@@ -473,8 +471,7 @@ static void xen_load_gdt(const struct desc_ptr *dtr) +@@ -495,8 +493,7 @@ static void xen_load_gdt(const struct desc_ptr *dtr) { unsigned long va = dtr->address; unsigned int size = dtr->size + 1; @@ -29024,7 +30135,7 @@ index 586d838..e883209 100644 int f; /* -@@ -522,8 +519,7 @@ static void __init xen_load_gdt_boot(const struct desc_ptr *dtr) +@@ -544,8 +541,7 @@ static void __init xen_load_gdt_boot(const struct desc_ptr *dtr) { unsigned long va = dtr->address; unsigned int size = dtr->size + 1; @@ -29034,7 +30145,7 @@ index 586d838..e883209 100644 int f; /* -@@ -916,7 +912,7 @@ static u32 xen_safe_apic_wait_icr_idle(void) +@@ -938,7 +934,7 @@ static u32 xen_safe_apic_wait_icr_idle(void) return 0; } @@ -29043,7 +30154,7 @@ index 586d838..e883209 100644 { apic->read = xen_apic_read; apic->write = xen_apic_write; -@@ -1222,30 +1218,30 @@ static const struct pv_apic_ops xen_apic_ops __initconst = { +@@ -1244,30 +1240,30 @@ static const struct pv_apic_ops xen_apic_ops __initconst = { #endif }; @@ -29081,7 +30192,7 @@ index 586d838..e883209 100644 { if (pm_power_off) pm_power_off(); -@@ -1347,7 +1343,17 @@ asmlinkage void __init xen_start_kernel(void) +@@ -1369,7 +1365,17 @@ asmlinkage void __init xen_start_kernel(void) __userpte_alloc_gfp &= ~__GFP_HIGHMEM; /* Work out if we support NX */ @@ -29100,7 +30211,7 @@ index 586d838..e883209 100644 xen_setup_features(); -@@ -1376,14 +1382,7 @@ asmlinkage void __init xen_start_kernel(void) +@@ -1398,14 +1404,7 @@ asmlinkage void __init xen_start_kernel(void) pv_mmu_ops.ptep_modify_prot_commit = xen_ptep_modify_prot_commit; } @@ -29116,8 +30227,17 @@ index 586d838..e883209 100644 xen_smp_init(); +@@ -1590,7 +1589,7 @@ static int __cpuinit xen_hvm_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block xen_hvm_cpu_notifier __cpuinitdata = { ++static struct notifier_block xen_hvm_cpu_notifier = { + .notifier_call = xen_hvm_cpu_notify, + }; + diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c -index dcf5f2d..d804c25 100644 +index 01de35c..0bda07b 100644 --- a/arch/x86/xen/mmu.c +++ b/arch/x86/xen/mmu.c @@ -1881,6 +1881,9 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn) @@ -29160,7 +30280,7 @@ index dcf5f2d..d804c25 100644 .alloc_pud = xen_alloc_pmd_init, .release_pud = xen_release_pmd_init, diff --git a/arch/x86/xen/smp.c b/arch/x86/xen/smp.c -index 353c50f..8f3c179 100644 +index 34bc4ce..c34aa24 100644 --- a/arch/x86/xen/smp.c +++ b/arch/x86/xen/smp.c @@ -229,11 +229,6 @@ static void __init xen_smp_prepare_boot_cpu(void) @@ -29207,7 +30327,7 @@ index 353c50f..8f3c179 100644 #endif xen_setup_runstate_info(cpu); xen_setup_timer(cpu); -@@ -637,7 +631,7 @@ static const struct smp_ops xen_smp_ops __initconst = { +@@ -630,7 +624,7 @@ static const struct smp_ops xen_smp_ops __initconst = { void __init xen_smp_init(void) { @@ -29338,7 +30458,7 @@ index af00795..2bb8105 100644 #define XCHAL_ICACHE_SIZE 32768 /* I-cache size in bytes or 0 */ #define XCHAL_DCACHE_SIZE 32768 /* D-cache size in bytes or 0 */ diff --git a/block/blk-iopoll.c b/block/blk-iopoll.c -index 58916af..9cb880b 100644 +index 58916af..eb9dbcf6 100644 --- a/block/blk-iopoll.c +++ b/block/blk-iopoll.c @@ -77,7 +77,7 @@ void blk_iopoll_complete(struct blk_iopoll *iopoll) @@ -29350,6 +30470,15 @@ index 58916af..9cb880b 100644 { struct list_head *list = &__get_cpu_var(blk_cpu_iopoll); int rearm = 0, budget = blk_iopoll_budget; +@@ -209,7 +209,7 @@ static int __cpuinit blk_iopoll_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata blk_iopoll_cpu_notifier = { ++static struct notifier_block blk_iopoll_cpu_notifier = { + .notifier_call = blk_iopoll_cpu_notify, + }; + diff --git a/block/blk-map.c b/block/blk-map.c index 623e1cd..ca1e109 100644 --- a/block/blk-map.c @@ -29364,7 +30493,7 @@ index 623e1cd..ca1e109 100644 bio = bio_copy_kern(q, kbuf, len, gfp_mask, reading); else diff --git a/block/blk-softirq.c b/block/blk-softirq.c -index 467c8de..4bddc6d 100644 +index 467c8de..f3628c5 100644 --- a/block/blk-softirq.c +++ b/block/blk-softirq.c @@ -18,7 +18,7 @@ static DEFINE_PER_CPU(struct list_head, blk_cpu_done); @@ -29376,6 +30505,15 @@ index 467c8de..4bddc6d 100644 { struct list_head *cpu_list, local_list; +@@ -98,7 +98,7 @@ static int __cpuinit blk_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata blk_cpu_notifier = { ++static struct notifier_block blk_cpu_notifier = { + .notifier_call = blk_cpu_notify, + }; + diff --git a/block/bsg.c b/block/bsg.c index ff64ae3..593560c 100644 --- a/block/bsg.c @@ -29421,7 +30559,7 @@ index 7c668c8..db3521c 100644 err = -EFAULT; goto out; diff --git a/block/partitions/efi.c b/block/partitions/efi.c -index 6296b40..417c00f 100644 +index b62fb88..bdab4c4 100644 --- a/block/partitions/efi.c +++ b/block/partitions/efi.c @@ -234,14 +234,14 @@ static gpt_entry *alloc_read_gpt_entries(struct parsed_partitions *state, @@ -29828,36 +30966,11 @@ index 7586544..636a2f0 100644 err = ec_write(*off, byte_write); if (err) return err; -diff --git a/drivers/acpi/proc.c b/drivers/acpi/proc.c -index 27adb09..ef98796b 100644 ---- a/drivers/acpi/proc.c -+++ b/drivers/acpi/proc.c -@@ -362,16 +362,13 @@ acpi_system_write_wakeup_device(struct file *file, - struct list_head *node, *next; - char strbuf[5]; - char str[5] = ""; -- unsigned int len = count; - -- if (len > 4) -- len = 4; -- if (len < 0) -- return -EFAULT; -+ if (count > 4) -+ count = 4; - -- if (copy_from_user(strbuf, buffer, len)) -+ if (copy_from_user(strbuf, buffer, count)) - return -EFAULT; -- strbuf[len] = '\0'; -+ strbuf[count] = '\0'; - sscanf(strbuf, "%s", str); - - mutex_lock(&acpi_device_lock); diff --git a/drivers/acpi/processor_driver.c b/drivers/acpi/processor_driver.c -index bd4e5dc..0497b66 100644 +index e83311b..142b5cc 100644 --- a/drivers/acpi/processor_driver.c +++ b/drivers/acpi/processor_driver.c -@@ -552,7 +552,7 @@ static int __cpuinit acpi_processor_add(struct acpi_device *device) +@@ -558,7 +558,7 @@ static int __cpuinit acpi_processor_add(struct acpi_device *device) return 0; #endif @@ -29867,10 +30980,10 @@ index bd4e5dc..0497b66 100644 /* * Buggy BIOS check diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c -index c8ac4fe..631818e 100644 +index 46cd3f4..0871ad0 100644 --- a/drivers/ata/libata-core.c +++ b/drivers/ata/libata-core.c -@@ -4779,7 +4779,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) +@@ -4780,7 +4780,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) struct ata_port *ap; unsigned int tag; @@ -29879,7 +30992,7 @@ index c8ac4fe..631818e 100644 ap = qc->ap; qc->flags = 0; -@@ -4795,7 +4795,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) +@@ -4796,7 +4796,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) struct ata_port *ap; struct ata_link *link; @@ -29888,7 +31001,7 @@ index c8ac4fe..631818e 100644 WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE)); ap = qc->ap; link = qc->dev->link; -@@ -5891,6 +5891,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) +@@ -5892,6 +5892,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) return; spin_lock(&lock); @@ -29896,7 +31009,7 @@ index c8ac4fe..631818e 100644 for (cur = ops->inherits; cur; cur = cur->inherits) { void **inherit = (void **)cur; -@@ -5904,8 +5905,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) +@@ -5905,8 +5906,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) if (IS_ERR(*pp)) *pp = NULL; @@ -29908,10 +31021,10 @@ index c8ac4fe..631818e 100644 } diff --git a/drivers/ata/pata_arasan_cf.c b/drivers/ata/pata_arasan_cf.c -index 371fd2c..0836c78 100644 +index 405022d..fb70e53 100644 --- a/drivers/ata/pata_arasan_cf.c +++ b/drivers/ata/pata_arasan_cf.c -@@ -861,7 +861,9 @@ static int __devinit arasan_cf_probe(struct platform_device *pdev) +@@ -864,7 +864,9 @@ static int arasan_cf_probe(struct platform_device *pdev) /* Handle platform specific quirks */ if (pdata->quirk) { if (pdata->quirk & CF_BROKEN_PIO) { @@ -29936,7 +31049,7 @@ index f9b983a..887b9d8 100644 return 0; } diff --git a/drivers/atm/ambassador.c b/drivers/atm/ambassador.c -index ff7bb8a..568fc0b 100644 +index 77a7480..05cde58 100644 --- a/drivers/atm/ambassador.c +++ b/drivers/atm/ambassador.c @@ -454,7 +454,7 @@ static void tx_complete (amb_dev * dev, tx_out * tx) { @@ -30029,7 +31142,7 @@ index b22d71c..d6e1049 100644 if (vcc->pop) vcc->pop(vcc,skb); else dev_kfree_skb(skb); diff --git a/drivers/atm/eni.c b/drivers/atm/eni.c -index 81e44f7..498ea36 100644 +index c1eb6fa..4c71be9 100644 --- a/drivers/atm/eni.c +++ b/drivers/atm/eni.c @@ -522,7 +522,7 @@ static int rx_aal0(struct atm_vcc *vcc) @@ -30078,7 +31191,7 @@ index 81e44f7..498ea36 100644 dma_complete++; } diff --git a/drivers/atm/firestream.c b/drivers/atm/firestream.c -index 86fed1b..6dc4721 100644 +index b41c948..a002b17 100644 --- a/drivers/atm/firestream.c +++ b/drivers/atm/firestream.c @@ -749,7 +749,7 @@ static void process_txdone_queue (struct fs_dev *dev, struct queue *q) @@ -30115,10 +31228,10 @@ index 86fed1b..6dc4721 100644 default: /* Hmm. Haven't written the code to handle the others yet... -- REW */ printk (KERN_WARNING "Don't know what to do with RX status %x: %s.\n", diff --git a/drivers/atm/fore200e.c b/drivers/atm/fore200e.c -index 361f5ae..7fc552d 100644 +index 204814e..cede831 100644 --- a/drivers/atm/fore200e.c +++ b/drivers/atm/fore200e.c -@@ -933,9 +933,9 @@ fore200e_tx_irq(struct fore200e* fore200e) +@@ -931,9 +931,9 @@ fore200e_tx_irq(struct fore200e* fore200e) #endif /* check error condition */ if (*entry->status & STATUS_ERROR) @@ -30130,7 +31243,7 @@ index 361f5ae..7fc552d 100644 } } -@@ -1084,7 +1084,7 @@ fore200e_push_rpd(struct fore200e* fore200e, struct atm_vcc* vcc, struct rpd* rp +@@ -1082,7 +1082,7 @@ fore200e_push_rpd(struct fore200e* fore200e, struct atm_vcc* vcc, struct rpd* rp if (skb == NULL) { DPRINTK(2, "unable to alloc new skb, rx PDU length = %d\n", pdu_len); @@ -30139,7 +31252,7 @@ index 361f5ae..7fc552d 100644 return -ENOMEM; } -@@ -1127,14 +1127,14 @@ fore200e_push_rpd(struct fore200e* fore200e, struct atm_vcc* vcc, struct rpd* rp +@@ -1125,14 +1125,14 @@ fore200e_push_rpd(struct fore200e* fore200e, struct atm_vcc* vcc, struct rpd* rp dev_kfree_skb_any(skb); @@ -30156,7 +31269,7 @@ index 361f5ae..7fc552d 100644 ASSERT(atomic_read(&sk_atm(vcc)->sk_wmem_alloc) >= 0); -@@ -1212,7 +1212,7 @@ fore200e_rx_irq(struct fore200e* fore200e) +@@ -1210,7 +1210,7 @@ fore200e_rx_irq(struct fore200e* fore200e) DPRINTK(2, "damaged PDU on %d.%d.%d\n", fore200e->atm_dev->number, entry->rpd->atm_header.vpi, entry->rpd->atm_header.vci); @@ -30165,7 +31278,7 @@ index 361f5ae..7fc552d 100644 } } -@@ -1657,7 +1657,7 @@ fore200e_send(struct atm_vcc *vcc, struct sk_buff *skb) +@@ -1655,7 +1655,7 @@ fore200e_send(struct atm_vcc *vcc, struct sk_buff *skb) goto retry_here; } @@ -30175,10 +31288,10 @@ index 361f5ae..7fc552d 100644 fore200e->tx_sat++; DPRINTK(2, "tx queue of device %s is saturated, PDU dropped - heartbeat is %08x\n", diff --git a/drivers/atm/he.c b/drivers/atm/he.c -index b182c2f..1c6fa8a 100644 +index 72b6960..cf9167a 100644 --- a/drivers/atm/he.c +++ b/drivers/atm/he.c -@@ -1709,7 +1709,7 @@ he_service_rbrq(struct he_dev *he_dev, int group) +@@ -1699,7 +1699,7 @@ he_service_rbrq(struct he_dev *he_dev, int group) if (RBRQ_HBUF_ERR(he_dev->rbrq_head)) { hprintk("HBUF_ERR! (cid 0x%x)\n", cid); @@ -30187,7 +31300,7 @@ index b182c2f..1c6fa8a 100644 goto return_host_buffers; } -@@ -1736,7 +1736,7 @@ he_service_rbrq(struct he_dev *he_dev, int group) +@@ -1726,7 +1726,7 @@ he_service_rbrq(struct he_dev *he_dev, int group) RBRQ_LEN_ERR(he_dev->rbrq_head) ? "LEN_ERR" : "", vcc->vpi, vcc->vci); @@ -30196,7 +31309,7 @@ index b182c2f..1c6fa8a 100644 goto return_host_buffers; } -@@ -1788,7 +1788,7 @@ he_service_rbrq(struct he_dev *he_dev, int group) +@@ -1778,7 +1778,7 @@ he_service_rbrq(struct he_dev *he_dev, int group) vcc->push(vcc, skb); spin_lock(&he_dev->global_lock); @@ -30205,7 +31318,7 @@ index b182c2f..1c6fa8a 100644 return_host_buffers: ++pdus_assembled; -@@ -2114,7 +2114,7 @@ __enqueue_tpd(struct he_dev *he_dev, struct he_tpd *tpd, unsigned cid) +@@ -2104,7 +2104,7 @@ __enqueue_tpd(struct he_dev *he_dev, struct he_tpd *tpd, unsigned cid) tpd->vcc->pop(tpd->vcc, tpd->skb); else dev_kfree_skb_any(tpd->skb); @@ -30214,7 +31327,7 @@ index b182c2f..1c6fa8a 100644 } pci_pool_free(he_dev->tpd_pool, tpd, TPD_ADDR(tpd->status)); return; -@@ -2526,7 +2526,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) +@@ -2516,7 +2516,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) vcc->pop(vcc, skb); else dev_kfree_skb_any(skb); @@ -30223,7 +31336,7 @@ index b182c2f..1c6fa8a 100644 return -EINVAL; } -@@ -2537,7 +2537,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) +@@ -2527,7 +2527,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) vcc->pop(vcc, skb); else dev_kfree_skb_any(skb); @@ -30232,7 +31345,7 @@ index b182c2f..1c6fa8a 100644 return -EINVAL; } #endif -@@ -2549,7 +2549,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) +@@ -2539,7 +2539,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) vcc->pop(vcc, skb); else dev_kfree_skb_any(skb); @@ -30241,7 +31354,7 @@ index b182c2f..1c6fa8a 100644 spin_unlock_irqrestore(&he_dev->global_lock, flags); return -ENOMEM; } -@@ -2591,7 +2591,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) +@@ -2581,7 +2581,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) vcc->pop(vcc, skb); else dev_kfree_skb_any(skb); @@ -30250,7 +31363,7 @@ index b182c2f..1c6fa8a 100644 spin_unlock_irqrestore(&he_dev->global_lock, flags); return -ENOMEM; } -@@ -2622,7 +2622,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) +@@ -2612,7 +2612,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) __enqueue_tpd(he_dev, tpd, cid); spin_unlock_irqrestore(&he_dev->global_lock, flags); @@ -30260,7 +31373,7 @@ index b182c2f..1c6fa8a 100644 return 0; } diff --git a/drivers/atm/horizon.c b/drivers/atm/horizon.c -index 7d01c2a..4e3ac01 100644 +index 1dc0519..1aadaf7 100644 --- a/drivers/atm/horizon.c +++ b/drivers/atm/horizon.c @@ -1034,7 +1034,7 @@ static void rx_schedule (hrz_dev * dev, int irq) { @@ -30282,7 +31395,7 @@ index 7d01c2a..4e3ac01 100644 // free the skb hrz_kfree_skb (skb); diff --git a/drivers/atm/idt77252.c b/drivers/atm/idt77252.c -index 8974bd2..b856f85 100644 +index 272f009..a18ba55 100644 --- a/drivers/atm/idt77252.c +++ b/drivers/atm/idt77252.c @@ -812,7 +812,7 @@ drain_scq(struct idt77252_dev *card, struct vc_map *vc) @@ -30440,7 +31553,7 @@ index 8974bd2..b856f85 100644 } atomic_add(skb->truesize, &sk_atm(vcc)->sk_wmem_alloc); diff --git a/drivers/atm/iphase.c b/drivers/atm/iphase.c -index 96cce6d..62c3ec5 100644 +index 4217f29..88f547a 100644 --- a/drivers/atm/iphase.c +++ b/drivers/atm/iphase.c @@ -1145,7 +1145,7 @@ static int rx_pkt(struct atm_dev *dev) @@ -30540,7 +31653,7 @@ index 96cce6d..62c3ec5 100644 vcc->tx_quota = vcc->tx_quota * 3 / 4; printk("Tx1: vcc->tx_quota = %d \n", (u32)vcc->tx_quota ); diff --git a/drivers/atm/lanai.c b/drivers/atm/lanai.c -index 68c7588..7036683 100644 +index fa7d701..1e404c7 100644 --- a/drivers/atm/lanai.c +++ b/drivers/atm/lanai.c @@ -1303,7 +1303,7 @@ static void lanai_send_one_aal5(struct lanai_dev *lanai, @@ -30598,7 +31711,7 @@ index 68c7588..7036683 100644 lvcc->rx.buf.ptr = &lvcc->rx.buf.start[SERVICE_GET_END(s) * 4]; cardvcc_write(lvcc, SERVICE_GET_END(s), vcc_rxreadptr); diff --git a/drivers/atm/nicstar.c b/drivers/atm/nicstar.c -index 1c70c45..300718d 100644 +index ed1d2b7..8cffc1f 100644 --- a/drivers/atm/nicstar.c +++ b/drivers/atm/nicstar.c @@ -1654,7 +1654,7 @@ static int ns_send(struct atm_vcc *vcc, struct sk_buff *skb) @@ -30803,10 +31916,10 @@ index 1c70c45..300718d 100644 } diff --git a/drivers/atm/solos-pci.c b/drivers/atm/solos-pci.c -index 1853a45..cf2426d 100644 +index 0474a89..06ea4a1 100644 --- a/drivers/atm/solos-pci.c +++ b/drivers/atm/solos-pci.c -@@ -714,7 +714,7 @@ void solos_bh(unsigned long card_arg) +@@ -838,7 +838,7 @@ void solos_bh(unsigned long card_arg) } atm_charge(vcc, skb->truesize); vcc->push(vcc, skb); @@ -30815,14 +31928,14 @@ index 1853a45..cf2426d 100644 break; case PKT_STATUS: -@@ -1010,7 +1010,7 @@ static uint32_t fpga_tx(struct solos_card *card) +@@ -1117,7 +1117,7 @@ static uint32_t fpga_tx(struct solos_card *card) vcc = SKB_CB(oldskb)->vcc; if (vcc) { - atomic_inc(&vcc->stats->tx); + atomic_inc_unchecked(&vcc->stats->tx); solos_pop(vcc, oldskb); - } else + } else { dev_kfree_skb_irq(oldskb); diff --git a/drivers/atm/suni.c b/drivers/atm/suni.c index 0215934..ce9f5b1 100644 @@ -30888,7 +32001,7 @@ index 5120a96..e2572bd 100644 } diff --git a/drivers/atm/zatm.c b/drivers/atm/zatm.c -index abe4e20..83c4727 100644 +index 969c3c2..9b72956 100644 --- a/drivers/atm/zatm.c +++ b/drivers/atm/zatm.c @@ -459,7 +459,7 @@ printk("dummy: 0x%08lx, 0x%08lx\n",dummy[0],dummy[1]); @@ -30919,7 +32032,7 @@ index abe4e20..83c4727 100644 } diff --git a/drivers/base/devtmpfs.c b/drivers/base/devtmpfs.c -index 147d1a4..d0fd4b0 100644 +index 17cf7ca..7e553e1 100644 --- a/drivers/base/devtmpfs.c +++ b/drivers/base/devtmpfs.c @@ -347,7 +347,7 @@ int devtmpfs_mount(const char *mntdir) @@ -30971,10 +32084,10 @@ index e6ee5e8..98ad7fc 100644 split_counters(&cnt, &inpr); diff --git a/drivers/block/cciss.c b/drivers/block/cciss.c -index ca83f96..69d4ea9 100644 +index ade58bc..867143d 100644 --- a/drivers/block/cciss.c +++ b/drivers/block/cciss.c -@@ -1198,6 +1198,8 @@ static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode, +@@ -1196,6 +1196,8 @@ static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode, int err; u32 cp; @@ -30983,7 +32096,7 @@ index ca83f96..69d4ea9 100644 err = 0; err |= copy_from_user(&arg64.LUN_info, &arg32->LUN_info, -@@ -3007,7 +3009,7 @@ static void start_io(ctlr_info_t *h) +@@ -3005,7 +3007,7 @@ static void start_io(ctlr_info_t *h) while (!list_empty(&h->reqQ)) { c = list_entry(h->reqQ.next, CommandList_struct, list); /* can't do anything if fifo is full */ @@ -30992,7 +32105,7 @@ index ca83f96..69d4ea9 100644 dev_warn(&h->pdev->dev, "fifo full\n"); break; } -@@ -3017,7 +3019,7 @@ static void start_io(ctlr_info_t *h) +@@ -3015,7 +3017,7 @@ static void start_io(ctlr_info_t *h) h->Qdepth--; /* Tell the controller execute command */ @@ -31001,7 +32114,7 @@ index ca83f96..69d4ea9 100644 /* Put job onto the completed Q */ addQ(&h->cmpQ, c); -@@ -3443,17 +3445,17 @@ startio: +@@ -3441,17 +3443,17 @@ startio: static inline unsigned long get_next_completion(ctlr_info_t *h) { @@ -31022,7 +32135,7 @@ index ca83f96..69d4ea9 100644 (h->interrupts_enabled == 0)); } -@@ -3486,7 +3488,7 @@ static inline u32 next_command(ctlr_info_t *h) +@@ -3484,7 +3486,7 @@ static inline u32 next_command(ctlr_info_t *h) u32 a; if (unlikely(!(h->transMethod & CFGTBL_Trans_Performant))) @@ -31031,7 +32144,7 @@ index ca83f96..69d4ea9 100644 if ((*(h->reply_pool_head) & 1) == (h->reply_pool_wraparound)) { a = *(h->reply_pool_head); /* Next cmd in ring buffer */ -@@ -4044,7 +4046,7 @@ static void __devinit cciss_put_controller_into_performant_mode(ctlr_info_t *h) +@@ -4041,7 +4043,7 @@ static void cciss_put_controller_into_performant_mode(ctlr_info_t *h) trans_support & CFGTBL_Trans_use_short_tags); /* Change the access methods to the performant access methods */ @@ -31040,7 +32153,7 @@ index ca83f96..69d4ea9 100644 h->transMethod = CFGTBL_Trans_Performant; return; -@@ -4316,7 +4318,7 @@ static int __devinit cciss_pci_init(ctlr_info_t *h) +@@ -4310,7 +4312,7 @@ static int cciss_pci_init(ctlr_info_t *h) if (prod_index < 0) return -ENODEV; h->product_name = products[prod_index].product_name; @@ -31049,7 +32162,7 @@ index ca83f96..69d4ea9 100644 if (cciss_board_disabled(h)) { dev_warn(&h->pdev->dev, "controller appears to be disabled\n"); -@@ -5041,7 +5043,7 @@ reinit_after_soft_reset: +@@ -5032,7 +5034,7 @@ reinit_after_soft_reset: } /* make sure the board interrupts are off */ @@ -31058,7 +32171,7 @@ index ca83f96..69d4ea9 100644 rc = cciss_request_irq(h, do_cciss_msix_intr, do_cciss_intx); if (rc) goto clean2; -@@ -5093,7 +5095,7 @@ reinit_after_soft_reset: +@@ -5082,7 +5084,7 @@ reinit_after_soft_reset: * fake ones to scoop up any residual completions. */ spin_lock_irqsave(&h->lock, flags); @@ -31067,7 +32180,7 @@ index ca83f96..69d4ea9 100644 spin_unlock_irqrestore(&h->lock, flags); free_irq(h->intr[h->intr_mode], h); rc = cciss_request_irq(h, cciss_msix_discard_completions, -@@ -5113,9 +5115,9 @@ reinit_after_soft_reset: +@@ -5102,9 +5104,9 @@ reinit_after_soft_reset: dev_info(&h->pdev->dev, "Board READY.\n"); dev_info(&h->pdev->dev, "Waiting for stale completions to drain.\n"); @@ -31079,7 +32192,7 @@ index ca83f96..69d4ea9 100644 rc = controller_reset_failed(h->cfgtable); if (rc) -@@ -5138,7 +5140,7 @@ reinit_after_soft_reset: +@@ -5127,7 +5129,7 @@ reinit_after_soft_reset: cciss_scsi_setup(h); /* Turn the interrupts on so we can service requests */ @@ -31088,7 +32201,7 @@ index ca83f96..69d4ea9 100644 /* Get the firmware version */ inq_buff = kzalloc(sizeof(InquiryData_struct), GFP_KERNEL); -@@ -5210,7 +5212,7 @@ static void cciss_shutdown(struct pci_dev *pdev) +@@ -5199,7 +5201,7 @@ static void cciss_shutdown(struct pci_dev *pdev) kfree(flush_buf); if (return_code != IO_OK) dev_warn(&h->pdev->dev, "Error flushing cache\n"); @@ -31111,10 +32224,10 @@ index 7fda30e..eb5dfe0 100644 /* queue and queue Info */ struct list_head reqQ; diff --git a/drivers/block/cpqarray.c b/drivers/block/cpqarray.c -index 9125bbe..eede5c8 100644 +index 3f08713..56a586a 100644 --- a/drivers/block/cpqarray.c +++ b/drivers/block/cpqarray.c -@@ -404,7 +404,7 @@ static int __devinit cpqarray_register_ctlr( int i, struct pci_dev *pdev) +@@ -404,7 +404,7 @@ static int cpqarray_register_ctlr(int i, struct pci_dev *pdev) if (register_blkdev(COMPAQ_SMART2_MAJOR+i, hba[i]->devname)) { goto Enomem4; } @@ -31123,7 +32236,7 @@ index 9125bbe..eede5c8 100644 if (request_irq(hba[i]->intr, do_ida_intr, IRQF_DISABLED|IRQF_SHARED, hba[i]->devname, hba[i])) { -@@ -459,7 +459,7 @@ static int __devinit cpqarray_register_ctlr( int i, struct pci_dev *pdev) +@@ -459,7 +459,7 @@ static int cpqarray_register_ctlr(int i, struct pci_dev *pdev) add_timer(&hba[i]->timer); /* Enable IRQ now that spinlock and rate limit timer are set up */ @@ -31141,7 +32254,7 @@ index 9125bbe..eede5c8 100644 break; } } -@@ -792,7 +792,7 @@ static int __devinit cpqarray_eisa_detect(void) +@@ -792,7 +792,7 @@ static int cpqarray_eisa_detect(void) hba[ctlr]->intr = intr; sprintf(hba[ctlr]->devname, "ida%d", nr_ctlr); hba[ctlr]->product_name = products[j].product_name; @@ -31244,11 +32357,11 @@ index be73e9d..7fbf140 100644 cmdlist_t *reqQ; cmdlist_t *cmpQ; diff --git a/drivers/block/drbd/drbd_int.h b/drivers/block/drbd/drbd_int.h -index b953cc7..e3dc580 100644 +index 6b51afa..17e1191 100644 --- a/drivers/block/drbd/drbd_int.h +++ b/drivers/block/drbd/drbd_int.h -@@ -735,7 +735,7 @@ struct drbd_request; - struct drbd_epoch { +@@ -582,7 +582,7 @@ struct drbd_epoch { + struct drbd_tconn *tconn; struct list_head list; unsigned int barrier_nr; - atomic_t epoch_size; /* increased on every request added. */ @@ -31256,159 +32369,71 @@ index b953cc7..e3dc580 100644 atomic_t active; /* increased on every req. added, and dec on every finished. */ unsigned long flags; }; -@@ -1116,7 +1116,7 @@ struct drbd_conf { - void *int_dig_in; - void *int_dig_vv; +@@ -1011,7 +1011,7 @@ struct drbd_conf { + int al_tr_cycle; + int al_tr_pos; /* position of the next transaction in the journal */ wait_queue_head_t seq_wait; - atomic_t packet_seq; + atomic_unchecked_t packet_seq; unsigned int peer_seq; spinlock_t peer_seq_lock; unsigned int minor; -@@ -1658,30 +1658,30 @@ static inline int drbd_setsockopt(struct socket *sock, int level, int optname, - - static inline void drbd_tcp_cork(struct socket *sock) - { -- int __user val = 1; -+ int val = 1; - (void) drbd_setsockopt(sock, SOL_TCP, TCP_CORK, -- (char __user *)&val, sizeof(val)); -+ (char __force_user *)&val, sizeof(val)); - } - - static inline void drbd_tcp_uncork(struct socket *sock) - { -- int __user val = 0; -+ int val = 0; - (void) drbd_setsockopt(sock, SOL_TCP, TCP_CORK, -- (char __user *)&val, sizeof(val)); -+ (char __force_user *)&val, sizeof(val)); - } - - static inline void drbd_tcp_nodelay(struct socket *sock) - { -- int __user val = 1; -+ int val = 1; - (void) drbd_setsockopt(sock, SOL_TCP, TCP_NODELAY, -- (char __user *)&val, sizeof(val)); -+ (char __force_user *)&val, sizeof(val)); - } +@@ -1527,7 +1527,7 @@ static inline int drbd_setsockopt(struct socket *sock, int level, int optname, + char __user *uoptval; + int err; - static inline void drbd_tcp_quickack(struct socket *sock) - { -- int __user val = 2; -+ int val = 2; - (void) drbd_setsockopt(sock, SOL_TCP, TCP_QUICKACK, -- (char __user *)&val, sizeof(val)); -+ (char __force_user *)&val, sizeof(val)); - } +- uoptval = (char __user __force *)optval; ++ uoptval = (char __force_user *)optval; - void drbd_bump_write_ordering(struct drbd_conf *mdev, enum write_ordering_e wo); + set_fs(KERNEL_DS); + if (level == SOL_SOCKET) diff --git a/drivers/block/drbd/drbd_main.c b/drivers/block/drbd/drbd_main.c -index f55683a..2101b96 100644 +index 8c13eeb..217adee 100644 --- a/drivers/block/drbd/drbd_main.c +++ b/drivers/block/drbd/drbd_main.c -@@ -2556,7 +2556,7 @@ static int _drbd_send_ack(struct drbd_conf *mdev, enum drbd_packets cmd, - p.sector = sector; - p.block_id = block_id; - p.blksize = blksize; -- p.seq_num = cpu_to_be32(atomic_add_return(1, &mdev->packet_seq)); -+ p.seq_num = cpu_to_be32(atomic_add_return_unchecked(1, &mdev->packet_seq)); - - if (!mdev->meta.socket || mdev->state.conn < C_CONNECTED) - return false; -@@ -2854,7 +2854,7 @@ int drbd_send_dblock(struct drbd_conf *mdev, struct drbd_request *req) - - p.sector = cpu_to_be64(req->sector); - p.block_id = (unsigned long)req; -- p.seq_num = cpu_to_be32(atomic_add_return(1, &mdev->packet_seq)); -+ p.seq_num = cpu_to_be32(atomic_add_return_unchecked(1, &mdev->packet_seq)); +@@ -1317,7 +1317,7 @@ static int _drbd_send_ack(struct drbd_conf *mdev, enum drbd_packet cmd, + p->sector = sector; + p->block_id = block_id; + p->blksize = blksize; +- p->seq_num = cpu_to_be32(atomic_inc_return(&mdev->packet_seq)); ++ p->seq_num = cpu_to_be32(atomic_inc_return_unchecked(&mdev->packet_seq)); + return drbd_send_command(mdev, sock, cmd, sizeof(*p), NULL, 0); + } +@@ -1619,7 +1619,7 @@ int drbd_send_dblock(struct drbd_conf *mdev, struct drbd_request *req) + return -EIO; + p->sector = cpu_to_be64(req->i.sector); + p->block_id = (unsigned long)req; +- p->seq_num = cpu_to_be32(atomic_inc_return(&mdev->packet_seq)); ++ p->seq_num = cpu_to_be32(atomic_inc_return_unchecked(&mdev->packet_seq)); dp_flags = bio_flags_to_wire(mdev, req->master_bio->bi_rw); + if (mdev->state.conn >= C_SYNC_SOURCE && + mdev->state.conn <= C_PAUSED_SYNC_T) +@@ -2574,8 +2574,8 @@ void conn_destroy(struct kref *kref) + { + struct drbd_tconn *tconn = container_of(kref, struct drbd_tconn, kref); -@@ -3139,7 +3139,7 @@ void drbd_init_set_defaults(struct drbd_conf *mdev) - atomic_set(&mdev->unacked_cnt, 0); - atomic_set(&mdev->local_cnt, 0); - atomic_set(&mdev->net_cnt, 0); -- atomic_set(&mdev->packet_seq, 0); -+ atomic_set_unchecked(&mdev->packet_seq, 0); - atomic_set(&mdev->pp_in_use, 0); - atomic_set(&mdev->pp_in_use_by_net, 0); - atomic_set(&mdev->rs_sect_in, 0); -@@ -3221,8 +3221,8 @@ void drbd_mdev_cleanup(struct drbd_conf *mdev) - mdev->receiver.t_state); - - /* no need to lock it, I'm the only thread alive */ -- if (atomic_read(&mdev->current_epoch->epoch_size) != 0) -- dev_err(DEV, "epoch_size:%d\n", atomic_read(&mdev->current_epoch->epoch_size)); -+ if (atomic_read_unchecked(&mdev->current_epoch->epoch_size) != 0) -+ dev_err(DEV, "epoch_size:%d\n", atomic_read_unchecked(&mdev->current_epoch->epoch_size)); - mdev->al_writ_cnt = - mdev->bm_writ_cnt = - mdev->read_cnt = -diff --git a/drivers/block/drbd/drbd_nl.c b/drivers/block/drbd/drbd_nl.c -index edb490a..ecd69da 100644 ---- a/drivers/block/drbd/drbd_nl.c -+++ b/drivers/block/drbd/drbd_nl.c -@@ -2407,7 +2407,7 @@ static void drbd_connector_callback(struct cn_msg *req, struct netlink_skb_parms - module_put(THIS_MODULE); - } - --static atomic_t drbd_nl_seq = ATOMIC_INIT(2); /* two. */ -+static atomic_unchecked_t drbd_nl_seq = ATOMIC_INIT(2); /* two. */ - - static unsigned short * - __tl_add_blob(unsigned short *tl, enum drbd_tags tag, const void *data, -@@ -2478,7 +2478,7 @@ void drbd_bcast_state(struct drbd_conf *mdev, union drbd_state state) - cn_reply->id.idx = CN_IDX_DRBD; - cn_reply->id.val = CN_VAL_DRBD; - -- cn_reply->seq = atomic_add_return(1, &drbd_nl_seq); -+ cn_reply->seq = atomic_add_return_unchecked(1, &drbd_nl_seq); - cn_reply->ack = 0; /* not used here. */ - cn_reply->len = sizeof(struct drbd_nl_cfg_reply) + - (int)((char *)tl - (char *)reply->tag_list); -@@ -2510,7 +2510,7 @@ void drbd_bcast_ev_helper(struct drbd_conf *mdev, char *helper_name) - cn_reply->id.idx = CN_IDX_DRBD; - cn_reply->id.val = CN_VAL_DRBD; - -- cn_reply->seq = atomic_add_return(1, &drbd_nl_seq); -+ cn_reply->seq = atomic_add_return_unchecked(1, &drbd_nl_seq); - cn_reply->ack = 0; /* not used here. */ - cn_reply->len = sizeof(struct drbd_nl_cfg_reply) + - (int)((char *)tl - (char *)reply->tag_list); -@@ -2588,7 +2588,7 @@ void drbd_bcast_ee(struct drbd_conf *mdev, - cn_reply->id.idx = CN_IDX_DRBD; - cn_reply->id.val = CN_VAL_DRBD; - -- cn_reply->seq = atomic_add_return(1,&drbd_nl_seq); -+ cn_reply->seq = atomic_add_return_unchecked(1,&drbd_nl_seq); - cn_reply->ack = 0; // not used here. - cn_reply->len = sizeof(struct drbd_nl_cfg_reply) + - (int)((char*)tl - (char*)reply->tag_list); -@@ -2627,7 +2627,7 @@ void drbd_bcast_sync_progress(struct drbd_conf *mdev) - cn_reply->id.idx = CN_IDX_DRBD; - cn_reply->id.val = CN_VAL_DRBD; - -- cn_reply->seq = atomic_add_return(1, &drbd_nl_seq); -+ cn_reply->seq = atomic_add_return_unchecked(1, &drbd_nl_seq); - cn_reply->ack = 0; /* not used here. */ - cn_reply->len = sizeof(struct drbd_nl_cfg_reply) + - (int)((char *)tl - (char *)reply->tag_list); +- if (atomic_read(&tconn->current_epoch->epoch_size) != 0) +- conn_err(tconn, "epoch_size:%d\n", atomic_read(&tconn->current_epoch->epoch_size)); ++ if (atomic_read_unchecked(&tconn->current_epoch->epoch_size) != 0) ++ conn_err(tconn, "epoch_size:%d\n", atomic_read_unchecked(&tconn->current_epoch->epoch_size)); + kfree(tconn->current_epoch); + + idr_destroy(&tconn->volumes); diff --git a/drivers/block/drbd/drbd_receiver.c b/drivers/block/drbd/drbd_receiver.c -index c74ca2d..860c819 100644 +index a9eccfc..68e4533 100644 --- a/drivers/block/drbd/drbd_receiver.c +++ b/drivers/block/drbd/drbd_receiver.c -@@ -898,7 +898,7 @@ retry: - sock->sk->sk_sndtimeo = mdev->net_conf->timeout*HZ/10; - sock->sk->sk_rcvtimeo = MAX_SCHEDULE_TIMEOUT; +@@ -833,7 +833,7 @@ int drbd_connected(struct drbd_conf *mdev) + { + int err; - atomic_set(&mdev->packet_seq, 0); + atomic_set_unchecked(&mdev->packet_seq, 0); mdev->peer_seq = 0; - if (drbd_send_protocol(mdev) == -1) -@@ -999,7 +999,7 @@ static enum finish_epoch drbd_may_finish_epoch(struct drbd_conf *mdev, + mdev->state_mutex = mdev->tconn->agreed_pro_version < 100 ? +@@ -1191,7 +1191,7 @@ static enum finish_epoch drbd_may_finish_epoch(struct drbd_tconn *tconn, do { next_epoch = NULL; @@ -31417,7 +32442,7 @@ index c74ca2d..860c819 100644 switch (ev & ~EV_CLEANUP) { case EV_PUT: -@@ -1035,7 +1035,7 @@ static enum finish_epoch drbd_may_finish_epoch(struct drbd_conf *mdev, +@@ -1231,7 +1231,7 @@ static enum finish_epoch drbd_may_finish_epoch(struct drbd_tconn *tconn, rv = FE_DESTROYED; } else { epoch->flags = 0; @@ -31426,24 +32451,16 @@ index c74ca2d..860c819 100644 /* atomic_set(&epoch->active, 0); is already zero */ if (rv == FE_STILL_LIVE) rv = FE_RECYCLED; -@@ -1210,14 +1210,14 @@ static int receive_Barrier(struct drbd_conf *mdev, enum drbd_packets cmd, unsign - drbd_wait_ee_list_empty(mdev, &mdev->active_ee); - drbd_flush(mdev); +@@ -1449,7 +1449,7 @@ static int receive_Barrier(struct drbd_tconn *tconn, struct packet_info *pi) + conn_wait_active_ee_empty(tconn); + drbd_flush(tconn); -- if (atomic_read(&mdev->current_epoch->epoch_size)) { -+ if (atomic_read_unchecked(&mdev->current_epoch->epoch_size)) { +- if (atomic_read(&tconn->current_epoch->epoch_size)) { ++ if (atomic_read_unchecked(&tconn->current_epoch->epoch_size)) { epoch = kmalloc(sizeof(struct drbd_epoch), GFP_NOIO); if (epoch) break; - } - - epoch = mdev->current_epoch; -- wait_event(mdev->ee_wait, atomic_read(&epoch->epoch_size) == 0); -+ wait_event(mdev->ee_wait, atomic_read_unchecked(&epoch->epoch_size) == 0); - - D_ASSERT(atomic_read(&epoch->active) == 0); - D_ASSERT(epoch->flags == 0); -@@ -1229,11 +1229,11 @@ static int receive_Barrier(struct drbd_conf *mdev, enum drbd_packets cmd, unsign +@@ -1462,11 +1462,11 @@ static int receive_Barrier(struct drbd_tconn *tconn, struct packet_info *pi) } epoch->flags = 0; @@ -31451,41 +32468,41 @@ index c74ca2d..860c819 100644 + atomic_set_unchecked(&epoch->epoch_size, 0); atomic_set(&epoch->active, 0); - spin_lock(&mdev->epoch_lock); -- if (atomic_read(&mdev->current_epoch->epoch_size)) { -+ if (atomic_read_unchecked(&mdev->current_epoch->epoch_size)) { - list_add(&epoch->list, &mdev->current_epoch->list); - mdev->current_epoch = epoch; - mdev->epochs++; -@@ -1702,7 +1702,7 @@ static int receive_Data(struct drbd_conf *mdev, enum drbd_packets cmd, unsigned - spin_unlock(&mdev->peer_seq_lock); - - drbd_send_ack_dp(mdev, P_NEG_ACK, p, data_size); -- atomic_inc(&mdev->current_epoch->epoch_size); -+ atomic_inc_unchecked(&mdev->current_epoch->epoch_size); - return drbd_drain_block(mdev, data_size); - } - -@@ -1732,7 +1732,7 @@ static int receive_Data(struct drbd_conf *mdev, enum drbd_packets cmd, unsigned - - spin_lock(&mdev->epoch_lock); - e->epoch = mdev->current_epoch; -- atomic_inc(&e->epoch->epoch_size); -+ atomic_inc_unchecked(&e->epoch->epoch_size); - atomic_inc(&e->epoch->active); - spin_unlock(&mdev->epoch_lock); - -@@ -3954,7 +3954,7 @@ static void drbd_disconnect(struct drbd_conf *mdev) - D_ASSERT(list_empty(&mdev->done_ee)); - + spin_lock(&tconn->epoch_lock); +- if (atomic_read(&tconn->current_epoch->epoch_size)) { ++ if (atomic_read_unchecked(&tconn->current_epoch->epoch_size)) { + list_add(&epoch->list, &tconn->current_epoch->list); + tconn->current_epoch = epoch; + tconn->epochs++; +@@ -2170,7 +2170,7 @@ static int receive_Data(struct drbd_tconn *tconn, struct packet_info *pi) + + err = wait_for_and_update_peer_seq(mdev, peer_seq); + drbd_send_ack_dp(mdev, P_NEG_ACK, p, pi->size); +- atomic_inc(&tconn->current_epoch->epoch_size); ++ atomic_inc_unchecked(&tconn->current_epoch->epoch_size); + err2 = drbd_drain_block(mdev, pi->size); + if (!err) + err = err2; +@@ -2204,7 +2204,7 @@ static int receive_Data(struct drbd_tconn *tconn, struct packet_info *pi) + + spin_lock(&tconn->epoch_lock); + peer_req->epoch = tconn->current_epoch; +- atomic_inc(&peer_req->epoch->epoch_size); ++ atomic_inc_unchecked(&peer_req->epoch->epoch_size); + atomic_inc(&peer_req->epoch->active); + spin_unlock(&tconn->epoch_lock); + +@@ -4466,7 +4466,7 @@ static void conn_disconnect(struct drbd_tconn *tconn) + if (!list_empty(&tconn->current_epoch->list)) + conn_err(tconn, "ASSERTION FAILED: tconn->current_epoch->list not empty\n"); /* ok, no more ee's on the fly, it is safe to reset the epoch_size */ -- atomic_set(&mdev->current_epoch->epoch_size, 0); -+ atomic_set_unchecked(&mdev->current_epoch->epoch_size, 0); - D_ASSERT(list_empty(&mdev->current_epoch->list)); - } +- atomic_set(&tconn->current_epoch->epoch_size, 0); ++ atomic_set_unchecked(&tconn->current_epoch->epoch_size, 0); + tconn->send.seen_any_write_yet = false; + conn_info(tconn, "Connection closed\n"); diff --git a/drivers/block/loop.c b/drivers/block/loop.c -index 54046e5..7759c55 100644 +index ae12512..37fa397 100644 --- a/drivers/block/loop.c +++ b/drivers/block/loop.c @@ -226,7 +226,7 @@ static int __do_lo_send_write(struct file *file, @@ -31532,7 +32549,7 @@ index d620b44..587561e 100644 } diff --git a/drivers/cdrom/gdrom.c b/drivers/cdrom/gdrom.c -index 75d485a..2809958 100644 +index d59cdcb..11afddf 100644 --- a/drivers/cdrom/gdrom.c +++ b/drivers/cdrom/gdrom.c @@ -491,7 +491,6 @@ static struct cdrom_device_ops gdrom_ops = { @@ -31591,7 +32608,7 @@ index 21cb980..f15107c 100644 return -EINVAL; else diff --git a/drivers/char/hpet.c b/drivers/char/hpet.c -index dfd7876..c0b0885 100644 +index fe6d4be..89f32100 100644 --- a/drivers/char/hpet.c +++ b/drivers/char/hpet.c @@ -571,7 +571,7 @@ static inline unsigned long hpet_time_div(struct hpets *hpets, @@ -31604,7 +32621,7 @@ index dfd7876..c0b0885 100644 { struct hpet_timer __iomem *timer; diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c -index a0c84bb..9edcf60 100644 +index 053201b0..8335cce 100644 --- a/drivers/char/ipmi/ipmi_msghandler.c +++ b/drivers/char/ipmi/ipmi_msghandler.c @@ -420,7 +420,7 @@ struct ipmi_smi { @@ -31638,7 +32655,7 @@ index a0c84bb..9edcf60 100644 intf->proc_dir = NULL; diff --git a/drivers/char/ipmi/ipmi_si_intf.c b/drivers/char/ipmi/ipmi_si_intf.c -index 32a6c7e..f6966a9 100644 +index 1c7fdcd..4899100 100644 --- a/drivers/char/ipmi/ipmi_si_intf.c +++ b/drivers/char/ipmi/ipmi_si_intf.c @@ -275,7 +275,7 @@ struct smi_info { @@ -31672,7 +32689,7 @@ index 32a6c7e..f6966a9 100644 new_smi->interrupt_disabled = 1; atomic_set(&new_smi->stop_operation, 0); diff --git a/drivers/char/mem.c b/drivers/char/mem.c -index 0537903..121c699 100644 +index c6fa3bc..4ca3e42 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c @@ -18,6 +18,7 @@ @@ -31821,10 +32838,10 @@ index 9df78e2..01ba9ae 100644 *ppos = i; diff --git a/drivers/char/pcmcia/synclink_cs.c b/drivers/char/pcmcia/synclink_cs.c -index 21721d2..4e98777 100644 +index b66eaa0..2619d1b 100644 --- a/drivers/char/pcmcia/synclink_cs.c +++ b/drivers/char/pcmcia/synclink_cs.c -@@ -2346,9 +2346,9 @@ static void mgslpc_close(struct tty_struct *tty, struct file * filp) +@@ -2348,9 +2348,9 @@ static void mgslpc_close(struct tty_struct *tty, struct file * filp) if (debug_level >= DEBUG_LEVEL_INFO) printk("%s(%d):mgslpc_close(%s) entry, count=%d\n", @@ -31836,7 +32853,7 @@ index 21721d2..4e98777 100644 if (tty_port_close_start(port, tty, filp) == 0) goto cleanup; -@@ -2366,7 +2366,7 @@ static void mgslpc_close(struct tty_struct *tty, struct file * filp) +@@ -2368,7 +2368,7 @@ static void mgslpc_close(struct tty_struct *tty, struct file * filp) cleanup: if (debug_level >= DEBUG_LEVEL_INFO) printk("%s(%d):mgslpc_close(%s) exit, count=%d\n", __FILE__,__LINE__, @@ -31845,7 +32862,7 @@ index 21721d2..4e98777 100644 } /* Wait until the transmitter is empty. -@@ -2508,7 +2508,7 @@ static int mgslpc_open(struct tty_struct *tty, struct file * filp) +@@ -2510,7 +2510,7 @@ static int mgslpc_open(struct tty_struct *tty, struct file * filp) if (debug_level >= DEBUG_LEVEL_INFO) printk("%s(%d):mgslpc_open(%s), old ref count = %d\n", @@ -31854,7 +32871,7 @@ index 21721d2..4e98777 100644 /* If port is closing, signal caller to try again */ if (tty_hung_up_p(filp) || port->flags & ASYNC_CLOSING){ -@@ -2528,11 +2528,11 @@ static int mgslpc_open(struct tty_struct *tty, struct file * filp) +@@ -2530,11 +2530,11 @@ static int mgslpc_open(struct tty_struct *tty, struct file * filp) goto cleanup; } spin_lock(&port->lock); @@ -31868,7 +32885,7 @@ index 21721d2..4e98777 100644 /* 1st open on this device, init hardware */ retval = startup(info, tty); if (retval < 0) -@@ -3886,7 +3886,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding, +@@ -3889,7 +3889,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding, unsigned short new_crctype; /* return error if TTY interface open */ @@ -31877,7 +32894,7 @@ index 21721d2..4e98777 100644 return -EBUSY; switch (encoding) -@@ -3989,7 +3989,7 @@ static int hdlcdev_open(struct net_device *dev) +@@ -3992,7 +3992,7 @@ static int hdlcdev_open(struct net_device *dev) /* arbitrate between network and tty opens */ spin_lock_irqsave(&info->netlock, flags); @@ -31886,7 +32903,7 @@ index 21721d2..4e98777 100644 printk(KERN_WARNING "%s: hdlc_open returning busy\n", dev->name); spin_unlock_irqrestore(&info->netlock, flags); return -EBUSY; -@@ -4078,7 +4078,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) +@@ -4081,7 +4081,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) printk("%s:hdlcdev_ioctl(%s)\n",__FILE__,dev->name); /* return error if TTY interface open */ @@ -31896,7 +32913,7 @@ index 21721d2..4e98777 100644 if (cmd != SIOCWANDEV) diff --git a/drivers/char/random.c b/drivers/char/random.c -index b86eae9..b9c2ed7 100644 +index 85e81ec..bce8b97 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -272,8 +272,13 @@ @@ -31931,15 +32948,7 @@ index b86eae9..b9c2ed7 100644 #if 0 /* x^2048 + x^1638 + x^1231 + x^819 + x^411 + x + 1 -- 115 */ { 2048, 1638, 1231, 819, 411, 1 }, -@@ -437,6 +449,7 @@ struct entropy_store { - int entropy_count; - int entropy_total; - unsigned int initialized:1; -+ bool last_data_init; - __u8 last_data[EXTRACT_SIZE]; - }; - -@@ -527,8 +540,8 @@ static void _mix_pool_bytes(struct entropy_store *r, const void *in, +@@ -524,8 +536,8 @@ static void _mix_pool_bytes(struct entropy_store *r, const void *in, input_rotate += i ? 7 : 14; } @@ -31950,36 +32959,7 @@ index b86eae9..b9c2ed7 100644 smp_wmb(); if (out) -@@ -957,6 +970,10 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf, - ssize_t ret = 0, i; - __u8 tmp[EXTRACT_SIZE]; - -+ /* if last_data isn't primed, we need EXTRACT_SIZE extra bytes */ -+ if (fips_enabled && !r->last_data_init) -+ nbytes += EXTRACT_SIZE; -+ - trace_extract_entropy(r->name, nbytes, r->entropy_count, _RET_IP_); - xfer_secondary_pool(r, nbytes); - nbytes = account(r, nbytes, min, reserved); -@@ -967,6 +984,17 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf, - if (fips_enabled) { - unsigned long flags; - -+ -+ /* prime last_data value if need be, per fips 140-2 */ -+ if (!r->last_data_init) { -+ spin_lock_irqsave(&r->lock, flags); -+ memcpy(r->last_data, tmp, EXTRACT_SIZE); -+ r->last_data_init = true; -+ nbytes -= EXTRACT_SIZE; -+ spin_unlock_irqrestore(&r->lock, flags); -+ extract_buf(r, tmp); -+ } -+ - spin_lock_irqsave(&r->lock, flags); - if (!memcmp(tmp, r->last_data, EXTRACT_SIZE)) - panic("Hardware RNG duplicated output!\n"); -@@ -1008,7 +1036,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf, +@@ -1020,7 +1032,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf, extract_buf(r, tmp); i = min_t(int, nbytes, EXTRACT_SIZE); @@ -31988,15 +32968,7 @@ index b86eae9..b9c2ed7 100644 ret = -EFAULT; break; } -@@ -1086,6 +1114,7 @@ static void init_std_data(struct entropy_store *r) - - r->entropy_count = 0; - r->entropy_total = 0; -+ r->last_data_init = false; - mix_pool_bytes(r, &now, sizeof(now), NULL); - for (i = r->poolinfo->POOLBYTES; i > 0; i -= sizeof(rv)) { - if (!arch_get_random_long(&rv)) -@@ -1342,7 +1371,7 @@ EXPORT_SYMBOL(generate_random_uuid); +@@ -1356,7 +1368,7 @@ EXPORT_SYMBOL(generate_random_uuid); #include <linux/sysctl.h> static int min_read_thresh = 8, min_write_thresh; @@ -32006,7 +32978,7 @@ index b86eae9..b9c2ed7 100644 static char sysctl_bootid[16]; diff --git a/drivers/char/sonypi.c b/drivers/char/sonypi.c -index 9b4f011..b7e0a1a 100644 +index d780295..b29f3a8 100644 --- a/drivers/char/sonypi.c +++ b/drivers/char/sonypi.c @@ -54,6 +54,7 @@ @@ -32111,10 +33083,10 @@ index 84ddc55..1d32f1e 100644 return 0; } diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c -index 088c8fd..774c5a5 100644 +index ee4dbea..69c817b 100644 --- a/drivers/char/virtio_console.c +++ b/drivers/char/virtio_console.c -@@ -622,7 +622,7 @@ static ssize_t fill_readbuf(struct port *port, char *out_buf, size_t out_count, +@@ -681,7 +681,7 @@ static ssize_t fill_readbuf(struct port *port, char *out_buf, size_t out_count, if (to_user) { ssize_t ret; @@ -32123,7 +33095,7 @@ index 088c8fd..774c5a5 100644 if (ret) return -EFAULT; } else { -@@ -721,7 +721,7 @@ static ssize_t port_fops_read(struct file *filp, char __user *ubuf, +@@ -780,7 +780,7 @@ static ssize_t port_fops_read(struct file *filp, char __user *ubuf, if (!port_has_data(port) && !port->host_connected) return 0; @@ -32132,39 +33104,60 @@ index 088c8fd..774c5a5 100644 } static int wait_port_writable(struct port *port, bool nonblock) -diff --git a/drivers/edac/edac_mc.c b/drivers/edac/edac_mc.c -index 75c0a1a..96ba8f6 100644 ---- a/drivers/edac/edac_mc.c -+++ b/drivers/edac/edac_mc.c -@@ -340,7 +340,7 @@ struct mem_ctl_info *edac_mc_alloc(unsigned mc_num, - /* - * Alocate and fill the csrow/channels structs - */ -- mci->csrows = kcalloc(sizeof(*mci->csrows), tot_csrows, GFP_KERNEL); -+ mci->csrows = kcalloc(tot_csrows, sizeof(*mci->csrows), GFP_KERNEL); - if (!mci->csrows) - goto error; - for (row = 0; row < tot_csrows; row++) { -@@ -351,7 +351,7 @@ struct mem_ctl_info *edac_mc_alloc(unsigned mc_num, - csr->csrow_idx = row; - csr->mci = mci; - csr->nr_channels = tot_channels; -- csr->channels = kcalloc(sizeof(*csr->channels), tot_channels, -+ csr->channels = kcalloc(tot_channels, sizeof(*csr->channels), - GFP_KERNEL); - if (!csr->channels) - goto error; -@@ -369,7 +369,7 @@ struct mem_ctl_info *edac_mc_alloc(unsigned mc_num, - /* - * Allocate and fill the dimm structs - */ -- mci->dimms = kcalloc(sizeof(*mci->dimms), tot_dimms, GFP_KERNEL); -+ mci->dimms = kcalloc(tot_dimms, sizeof(*mci->dimms), GFP_KERNEL); - if (!mci->dimms) - goto error; +diff --git a/drivers/clocksource/arm_generic.c b/drivers/clocksource/arm_generic.c +index 8ae1a61..9c00613 100644 +--- a/drivers/clocksource/arm_generic.c ++++ b/drivers/clocksource/arm_generic.c +@@ -181,7 +181,7 @@ static int __cpuinit arch_timer_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata arch_timer_cpu_nb = { ++static struct notifier_block arch_timer_cpu_nb = { + .notifier_call = arch_timer_cpu_notify, + }; + +diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c +index 1f93dbd..edf95ff 100644 +--- a/drivers/cpufreq/cpufreq.c ++++ b/drivers/cpufreq/cpufreq.c +@@ -1843,7 +1843,7 @@ static int __cpuinit cpufreq_cpu_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block __refdata cpufreq_cpu_notifier = { ++static struct notifier_block cpufreq_cpu_notifier = { + .notifier_call = cpufreq_cpu_callback, + }; + +diff --git a/drivers/cpufreq/cpufreq_stats.c b/drivers/cpufreq/cpufreq_stats.c +index 9d7732b..0b1a793 100644 +--- a/drivers/cpufreq/cpufreq_stats.c ++++ b/drivers/cpufreq/cpufreq_stats.c +@@ -340,7 +340,7 @@ static int __cpuinit cpufreq_stat_cpu_callback(struct notifier_block *nfb, + } + /* priority=1 so this will get called before cpufreq_remove_dev */ +-static struct notifier_block cpufreq_stat_cpu_notifier __refdata = { ++static struct notifier_block cpufreq_stat_cpu_notifier = { + .notifier_call = cpufreq_stat_cpu_callback, + .priority = 1, + }; +diff --git a/drivers/dma/sh/shdma.c b/drivers/dma/sh/shdma.c +index 3315e4b..fc38316 100644 +--- a/drivers/dma/sh/shdma.c ++++ b/drivers/dma/sh/shdma.c +@@ -476,7 +476,7 @@ static int sh_dmae_nmi_handler(struct notifier_block *self, + return ret; + } + +-static struct notifier_block sh_dmae_nmi_notifier __read_mostly = { ++static struct notifier_block sh_dmae_nmi_notifier = { + .notifier_call = sh_dmae_nmi_handler, + + /* Run before NMI debug handler and KGDB */ diff --git a/drivers/edac/edac_pci_sysfs.c b/drivers/edac/edac_pci_sysfs.c -index 1bfb207..0d059c2 100644 +index 0056c4d..725934f 100644 --- a/drivers/edac/edac_pci_sysfs.c +++ b/drivers/edac/edac_pci_sysfs.c @@ -26,8 +26,8 @@ static int edac_pci_log_pe = 1; /* log PCI parity errors */ @@ -32232,7 +33225,7 @@ index 1bfb207..0d059c2 100644 } } } -@@ -676,7 +676,7 @@ void edac_pci_do_parity_check(void) +@@ -672,7 +672,7 @@ void edac_pci_do_parity_check(void) if (!check_pci_errors) return; @@ -32241,7 +33234,7 @@ index 1bfb207..0d059c2 100644 /* scan all PCI devices looking for a Parity Error on devices and * bridges. -@@ -688,7 +688,7 @@ void edac_pci_do_parity_check(void) +@@ -684,7 +684,7 @@ void edac_pci_do_parity_check(void) /* Only if operator has selected panic on PCI Error */ if (edac_pci_get_panic_on_pe()) { /* If the count is different 'after' from 'before' */ @@ -32251,13 +33244,13 @@ index 1bfb207..0d059c2 100644 } } diff --git a/drivers/edac/mce_amd.h b/drivers/edac/mce_amd.h -index 8c87a5e..a19cbd7 100644 +index 6796799..99e8377 100644 --- a/drivers/edac/mce_amd.h +++ b/drivers/edac/mce_amd.h -@@ -80,7 +80,7 @@ extern const char * const ii_msgs[]; +@@ -78,7 +78,7 @@ extern const char * const ii_msgs[]; struct amd_decoder_ops { - bool (*dc_mce)(u16, u8); - bool (*ic_mce)(u16, u8); + bool (*mc0_mce)(u16, u8); + bool (*mc1_mce)(u16, u8); -}; +} __no_const; @@ -32340,20 +33333,20 @@ index 982f1f5..d21e5da 100644 iounmap(buf); return 0; diff --git a/drivers/firmware/efivars.c b/drivers/firmware/efivars.c -index bfd8f43..b1fe1f8 100644 +index f5596db..9355ce6 100644 --- a/drivers/firmware/efivars.c +++ b/drivers/firmware/efivars.c -@@ -1206,7 +1206,7 @@ out: - EXPORT_SYMBOL_GPL(register_efivars); +@@ -132,7 +132,7 @@ struct efivar_attribute { + }; static struct efivars __efivars; -static struct efivar_operations ops; +static efivar_operations_no_const ops __read_only; - /* - * For now we register the efi subsystem with the firmware subsystem + #define PSTORE_EFI_ATTRIBUTES \ + (EFI_VARIABLE_NON_VOLATILE | \ diff --git a/drivers/gpio/gpio-vr41xx.c b/drivers/gpio/gpio-vr41xx.c -index 82d5c20..44a7177 100644 +index 9902732..64b62dd 100644 --- a/drivers/gpio/gpio-vr41xx.c +++ b/drivers/gpio/gpio-vr41xx.c @@ -204,7 +204,7 @@ static int giu_get_irq(unsigned int irq) @@ -32366,10 +33359,10 @@ index 82d5c20..44a7177 100644 return -EINVAL; } diff --git a/drivers/gpu/drm/drm_crtc_helper.c b/drivers/gpu/drm/drm_crtc_helper.c -index 1227adf..f2301c2 100644 +index 7b2d378..cc947ea 100644 --- a/drivers/gpu/drm/drm_crtc_helper.c +++ b/drivers/gpu/drm/drm_crtc_helper.c -@@ -286,7 +286,7 @@ static bool drm_encoder_crtc_ok(struct drm_encoder *encoder, +@@ -319,7 +319,7 @@ static bool drm_encoder_crtc_ok(struct drm_encoder *encoder, struct drm_crtc *tmp; int crtc_mask = 1; @@ -32601,7 +33594,7 @@ index 2f4c434..764794b 100644 if (__put_user(count, &request->count) || __put_user(list, &request->list)) diff --git a/drivers/gpu/drm/drm_ioctl.c b/drivers/gpu/drm/drm_ioctl.c -index 23dd975..63e9801 100644 +index e77bd8b..1571b85 100644 --- a/drivers/gpu/drm/drm_ioctl.c +++ b/drivers/gpu/drm/drm_ioctl.c @@ -252,7 +252,7 @@ int drm_getstats(struct drm_device *dev, void *data, @@ -32636,10 +33629,10 @@ index d752c96..fe08455 100644 if (drm_lock_free(&master->lock, lock->context)) { /* FIXME: Should really bail out here. */ diff --git a/drivers/gpu/drm/drm_stub.c b/drivers/gpu/drm/drm_stub.c -index c236fd2..6b5f2e7 100644 +index 200e104..59facda 100644 --- a/drivers/gpu/drm/drm_stub.c +++ b/drivers/gpu/drm/drm_stub.c -@@ -511,7 +511,7 @@ void drm_unplug_dev(struct drm_device *dev) +@@ -516,7 +516,7 @@ void drm_unplug_dev(struct drm_device *dev) drm_device_set_unplugged(dev); @@ -32690,7 +33683,7 @@ index 6e0acad..93c8289 100644 int front_offset; } drm_i810_private_t; diff --git a/drivers/gpu/drm/i915/i915_debugfs.c b/drivers/gpu/drm/i915/i915_debugfs.c -index 3a1a495..995c093 100644 +index 9d4a2c2..32a119f 100644 --- a/drivers/gpu/drm/i915/i915_debugfs.c +++ b/drivers/gpu/drm/i915/i915_debugfs.c @@ -496,7 +496,7 @@ static int i915_interrupt_info(struct seq_file *m, void *data) @@ -32703,10 +33696,10 @@ index 3a1a495..995c093 100644 if (IS_GEN6(dev) || IS_GEN7(dev)) { seq_printf(m, diff --git a/drivers/gpu/drm/i915/i915_dma.c b/drivers/gpu/drm/i915/i915_dma.c -index 61ae104..f8a4bc1 100644 +index 99daa89..84ebd44 100644 --- a/drivers/gpu/drm/i915/i915_dma.c +++ b/drivers/gpu/drm/i915/i915_dma.c -@@ -1274,7 +1274,7 @@ static bool i915_switcheroo_can_switch(struct pci_dev *pdev) +@@ -1253,7 +1253,7 @@ static bool i915_switcheroo_can_switch(struct pci_dev *pdev) bool can_switch; spin_lock(&dev->count_lock); @@ -32716,11 +33709,11 @@ index 61ae104..f8a4bc1 100644 return can_switch; } diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h -index 92f1750..3beba74 100644 +index 12ab3bd..b3bed3b 100644 --- a/drivers/gpu/drm/i915/i915_drv.h +++ b/drivers/gpu/drm/i915/i915_drv.h -@@ -430,7 +430,7 @@ typedef struct drm_i915_private { - +@@ -656,7 +656,7 @@ typedef struct drm_i915_private { + drm_dma_handle_t *status_page_dmah; struct resource mch_res; - atomic_t irq_received; @@ -32728,16 +33721,16 @@ index 92f1750..3beba74 100644 /* protects the irq masks */ spinlock_t irq_lock; -@@ -1055,7 +1055,7 @@ struct drm_i915_gem_object { +@@ -1102,7 +1102,7 @@ struct drm_i915_gem_object { * will be page flipped away on the next vblank. When it * reaches 0, dev_priv->pending_flip_queue will be woken up. */ - atomic_t pending_flip; + atomic_unchecked_t pending_flip; }; + #define to_gem_object(obj) (&((struct drm_i915_gem_object *)(obj))->base) - #define to_intel_bo(x) container_of(x, struct drm_i915_gem_object, base) -@@ -1558,7 +1558,7 @@ extern struct i2c_adapter *intel_gmbus_get_adapter( +@@ -1633,7 +1633,7 @@ extern struct i2c_adapter *intel_gmbus_get_adapter( struct drm_i915_private *dev_priv, unsigned port); extern void intel_gmbus_set_speed(struct i2c_adapter *adapter, int speed); extern void intel_gmbus_force_bit(struct i2c_adapter *adapter, bool force_bit); @@ -32747,10 +33740,10 @@ index 92f1750..3beba74 100644 return container_of(adapter, struct intel_gmbus, adapter)->force_bit; } diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c -index 67036e9..b9f1357 100644 +index 26d08bb..fccb984 100644 --- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c +++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c -@@ -681,7 +681,7 @@ i915_gem_execbuffer_move_to_gpu(struct intel_ring_buffer *ring, +@@ -672,7 +672,7 @@ i915_gem_execbuffer_move_to_gpu(struct intel_ring_buffer *ring, i915_gem_clflush_object(obj); if (obj->base.pending_write_domain) @@ -32759,7 +33752,7 @@ index 67036e9..b9f1357 100644 flush_domains |= obj->base.write_domain; } -@@ -712,9 +712,9 @@ i915_gem_check_execbuffer(struct drm_i915_gem_execbuffer2 *exec) +@@ -703,9 +703,9 @@ i915_gem_check_execbuffer(struct drm_i915_gem_execbuffer2 *exec) static int validate_exec_list(struct drm_i915_gem_exec_object2 *exec, @@ -32772,10 +33765,10 @@ index 67036e9..b9f1357 100644 for (i = 0; i < count; i++) { char __user *ptr = (char __user *)(uintptr_t)exec[i].relocs_ptr; diff --git a/drivers/gpu/drm/i915/i915_irq.c b/drivers/gpu/drm/i915/i915_irq.c -index dc29ace..137d83a 100644 +index fe84338..a863190 100644 --- a/drivers/gpu/drm/i915/i915_irq.c +++ b/drivers/gpu/drm/i915/i915_irq.c -@@ -531,7 +531,7 @@ static irqreturn_t valleyview_irq_handler(DRM_IRQ_ARGS) +@@ -535,7 +535,7 @@ static irqreturn_t valleyview_irq_handler(int irq, void *arg) u32 pipe_stats[I915_MAX_PIPES]; bool blc_event; @@ -32784,7 +33777,7 @@ index dc29ace..137d83a 100644 while (true) { iir = I915_READ(VLV_IIR); -@@ -678,7 +678,7 @@ static irqreturn_t ivybridge_irq_handler(DRM_IRQ_ARGS) +@@ -688,7 +688,7 @@ static irqreturn_t ivybridge_irq_handler(int irq, void *arg) irqreturn_t ret = IRQ_NONE; int i; @@ -32793,16 +33786,16 @@ index dc29ace..137d83a 100644 /* disable master interrupt before clearing iir */ de_ier = I915_READ(DEIER); -@@ -753,7 +753,7 @@ static irqreturn_t ironlake_irq_handler(DRM_IRQ_ARGS) +@@ -760,7 +760,7 @@ static irqreturn_t ironlake_irq_handler(int irq, void *arg) + int ret = IRQ_NONE; u32 de_iir, gt_iir, de_ier, pch_iir, pm_iir; - u32 hotplug_mask; - atomic_inc(&dev_priv->irq_received); + atomic_inc_unchecked(&dev_priv->irq_received); /* disable master interrupt before clearing iir */ de_ier = I915_READ(DEIER); -@@ -1762,7 +1762,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev) +@@ -1787,7 +1787,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev) { drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; @@ -32811,7 +33804,7 @@ index dc29ace..137d83a 100644 I915_WRITE(HWSTAM, 0xeffe); -@@ -1788,7 +1788,7 @@ static void valleyview_irq_preinstall(struct drm_device *dev) +@@ -1813,7 +1813,7 @@ static void valleyview_irq_preinstall(struct drm_device *dev) drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; int pipe; @@ -32820,7 +33813,7 @@ index dc29ace..137d83a 100644 /* VLV magic */ I915_WRITE(VLV_IMR, 0); -@@ -2093,7 +2093,7 @@ static void i8xx_irq_preinstall(struct drm_device * dev) +@@ -2108,7 +2108,7 @@ static void i8xx_irq_preinstall(struct drm_device * dev) drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; int pipe; @@ -32829,7 +33822,7 @@ index dc29ace..137d83a 100644 for_each_pipe(pipe) I915_WRITE(PIPESTAT(pipe), 0); -@@ -2144,7 +2144,7 @@ static irqreturn_t i8xx_irq_handler(DRM_IRQ_ARGS) +@@ -2159,7 +2159,7 @@ static irqreturn_t i8xx_irq_handler(int irq, void *arg) I915_DISPLAY_PLANE_A_FLIP_PENDING_INTERRUPT | I915_DISPLAY_PLANE_B_FLIP_PENDING_INTERRUPT; @@ -32838,7 +33831,7 @@ index dc29ace..137d83a 100644 iir = I915_READ16(IIR); if (iir == 0) -@@ -2229,7 +2229,7 @@ static void i915_irq_preinstall(struct drm_device * dev) +@@ -2244,7 +2244,7 @@ static void i915_irq_preinstall(struct drm_device * dev) drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; int pipe; @@ -32847,7 +33840,7 @@ index dc29ace..137d83a 100644 if (I915_HAS_HOTPLUG(dev)) { I915_WRITE(PORT_HOTPLUG_EN, 0); -@@ -2324,7 +2324,7 @@ static irqreturn_t i915_irq_handler(DRM_IRQ_ARGS) +@@ -2339,7 +2339,7 @@ static irqreturn_t i915_irq_handler(int irq, void *arg) }; int pipe, ret = IRQ_NONE; @@ -32856,7 +33849,7 @@ index dc29ace..137d83a 100644 iir = I915_READ(IIR); do { -@@ -2450,7 +2450,7 @@ static void i965_irq_preinstall(struct drm_device * dev) +@@ -2465,7 +2465,7 @@ static void i965_irq_preinstall(struct drm_device * dev) drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; int pipe; @@ -32865,7 +33858,7 @@ index dc29ace..137d83a 100644 I915_WRITE(PORT_HOTPLUG_EN, 0); I915_WRITE(PORT_HOTPLUG_STAT, I915_READ(PORT_HOTPLUG_STAT)); -@@ -2557,7 +2557,7 @@ static irqreturn_t i965_irq_handler(DRM_IRQ_ARGS) +@@ -2572,7 +2572,7 @@ static irqreturn_t i965_irq_handler(int irq, void *arg) int irq_received; int ret = IRQ_NONE, pipe; @@ -32875,10 +33868,10 @@ index dc29ace..137d83a 100644 iir = I915_READ(IIR); diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c -index 4d3c7c6..eaac87b 100644 +index da1ad9c..10d368b 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c -@@ -2131,7 +2131,7 @@ intel_finish_fb(struct drm_framebuffer *old_fb) +@@ -2244,7 +2244,7 @@ intel_finish_fb(struct drm_framebuffer *old_fb) wait_event(dev_priv->pending_flip_queue, atomic_read(&dev_priv->mm.wedged) || @@ -32887,7 +33880,7 @@ index 4d3c7c6..eaac87b 100644 /* Big Hammer, we also need to ensure that any pending * MI_WAIT_FOR_EVENT inside a user batch buffer on the -@@ -6221,8 +6221,7 @@ static void do_intel_finish_page_flip(struct drm_device *dev, +@@ -7109,8 +7109,7 @@ static void do_intel_finish_page_flip(struct drm_device *dev, obj = work->old_fb_obj; @@ -32897,7 +33890,7 @@ index 4d3c7c6..eaac87b 100644 wake_up(&dev_priv->pending_flip_queue); queue_work(dev_priv->wq, &work->work); -@@ -6589,7 +6588,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, +@@ -7477,7 +7476,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, /* Block clients from rendering to the new back buffer until * the flip occurs and the object is no longer visible. */ @@ -32906,7 +33899,7 @@ index 4d3c7c6..eaac87b 100644 atomic_inc(&intel_crtc->unpin_work_count); ret = dev_priv->display.queue_flip(dev, crtc, fb, obj); -@@ -6606,7 +6605,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, +@@ -7494,7 +7493,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, cleanup_pending: atomic_dec(&intel_crtc->unpin_work_count); @@ -32972,10 +33965,10 @@ index 598c281..60d590e 100644 *sequence = cur_fence; diff --git a/drivers/gpu/drm/nouveau/nouveau_bios.c b/drivers/gpu/drm/nouveau/nouveau_bios.c -index 09fdef2..57f5c3b 100644 +index 865eddf..62c4cc3 100644 --- a/drivers/gpu/drm/nouveau/nouveau_bios.c +++ b/drivers/gpu/drm/nouveau/nouveau_bios.c -@@ -1240,7 +1240,7 @@ parse_bit_U_tbl_entry(struct drm_device *dev, struct nvbios *bios, +@@ -1015,7 +1015,7 @@ static int parse_bit_tmds_tbl_entry(struct drm_device *dev, struct nvbios *bios, struct bit_table { const char id; int (* const parse_fn)(struct drm_device *, struct nvbios *, struct bit_entry *); @@ -32985,7 +33978,7 @@ index 09fdef2..57f5c3b 100644 #define BIT_TABLE(id, funcid) ((struct bit_table){ id, parse_bit_##funcid##_tbl_entry }) diff --git a/drivers/gpu/drm/nouveau/nouveau_drm.h b/drivers/gpu/drm/nouveau/nouveau_drm.h -index a101699..a163f0a 100644 +index aa89eb9..d45d38b 100644 --- a/drivers/gpu/drm/nouveau/nouveau_drm.h +++ b/drivers/gpu/drm/nouveau/nouveau_drm.h @@ -80,7 +80,7 @@ struct nouveau_drm { @@ -33011,7 +34004,7 @@ index cdb83ac..27f0a16 100644 #define nouveau_fence(drm) ((struct nouveau_fence_priv *)(drm)->fence) diff --git a/drivers/gpu/drm/nouveau/nouveau_gem.c b/drivers/gpu/drm/nouveau/nouveau_gem.c -index 5e2f521..0d21436 100644 +index 8bf695c..9fbc90a 100644 --- a/drivers/gpu/drm/nouveau/nouveau_gem.c +++ b/drivers/gpu/drm/nouveau/nouveau_gem.c @@ -321,7 +321,7 @@ validate_init(struct nouveau_channel *chan, struct drm_file *file_priv, @@ -33024,10 +34017,10 @@ index 5e2f521..0d21436 100644 if (++trycnt > 100000) { NV_ERROR(drm, "%s failed and gave up.\n", __func__); diff --git a/drivers/gpu/drm/nouveau/nouveau_vga.c b/drivers/gpu/drm/nouveau/nouveau_vga.c -index 6f0ac64..9c2dfb4 100644 +index 25d3495..d81aaf6 100644 --- a/drivers/gpu/drm/nouveau/nouveau_vga.c +++ b/drivers/gpu/drm/nouveau/nouveau_vga.c -@@ -63,7 +63,7 @@ nouveau_switcheroo_can_switch(struct pci_dev *pdev) +@@ -62,7 +62,7 @@ nouveau_switcheroo_can_switch(struct pci_dev *pdev) bool can_switch; spin_lock(&dev->count_lock); @@ -33036,49 +34029,6 @@ index 6f0ac64..9c2dfb4 100644 spin_unlock(&dev->count_lock); return can_switch; } -diff --git a/drivers/gpu/drm/nouveau/nv50_evo.c b/drivers/gpu/drm/nouveau/nv50_evo.c -index 9f6f55c..30e3a29 100644 ---- a/drivers/gpu/drm/nouveau/nv50_evo.c -+++ b/drivers/gpu/drm/nouveau/nv50_evo.c -@@ -152,9 +152,9 @@ nv50_evo_channel_new(struct drm_device *dev, int chid, - kzalloc(sizeof(*evo->object->oclass), GFP_KERNEL); - evo->object->oclass->ofuncs = - kzalloc(sizeof(*evo->object->oclass->ofuncs), GFP_KERNEL); -- evo->object->oclass->ofuncs->rd32 = nv50_evo_rd32; -- evo->object->oclass->ofuncs->wr32 = nv50_evo_wr32; -- evo->object->oclass->ofuncs->rd08 = -+ *(void**)&evo->object->oclass->ofuncs->rd32 = nv50_evo_rd32; -+ *(void**)&evo->object->oclass->ofuncs->wr32 = nv50_evo_wr32; -+ *(void**)&evo->object->oclass->ofuncs->rd08 = - ioremap(pci_resource_start(dev->pdev, 0) + - NV50_PDISPLAY_USER(evo->handle), PAGE_SIZE); - return 0; -diff --git a/drivers/gpu/drm/nouveau/nv50_sor.c b/drivers/gpu/drm/nouveau/nv50_sor.c -index b562b59..9d725a8 100644 ---- a/drivers/gpu/drm/nouveau/nv50_sor.c -+++ b/drivers/gpu/drm/nouveau/nv50_sor.c -@@ -317,7 +317,7 @@ nv50_sor_dpms(struct drm_encoder *encoder, int mode) - } - - if (nv_encoder->dcb->type == DCB_OUTPUT_DP) { -- struct dp_train_func func = { -+ static struct dp_train_func func = { - .link_set = nv50_sor_dp_link_set, - .train_set = nv50_sor_dp_train_set, - .train_adj = nv50_sor_dp_train_adj -diff --git a/drivers/gpu/drm/nouveau/nvd0_display.c b/drivers/gpu/drm/nouveau/nvd0_display.c -index c402fca..f1d694b 100644 ---- a/drivers/gpu/drm/nouveau/nvd0_display.c -+++ b/drivers/gpu/drm/nouveau/nvd0_display.c -@@ -1389,7 +1389,7 @@ nvd0_sor_dpms(struct drm_encoder *encoder, int mode) - nv_wait(device, 0x61c030 + (or * 0x0800), 0x10000000, 0x00000000); - - if (nv_encoder->dcb->type == DCB_OUTPUT_DP) { -- struct dp_train_func func = { -+ static struct dp_train_func func = { - .link_set = nvd0_sor_dp_link_set, - .train_set = nvd0_sor_dp_train_set, - .train_adj = nvd0_sor_dp_train_adj diff --git a/drivers/gpu/drm/r128/r128_cce.c b/drivers/gpu/drm/r128/r128_cce.c index d4660cf..70dbe65 100644 --- a/drivers/gpu/drm/r128/r128_cce.c @@ -33174,10 +34124,10 @@ index 5a82b6b..9e69c73 100644 if (regcomp (&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) { diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c -index 008d645..de03849 100644 +index 0d6562b..a154330 100644 --- a/drivers/gpu/drm/radeon/radeon_device.c +++ b/drivers/gpu/drm/radeon/radeon_device.c -@@ -941,7 +941,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev) +@@ -969,7 +969,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev) bool can_switch; spin_lock(&dev->count_lock); @@ -33187,7 +34137,7 @@ index 008d645..de03849 100644 return can_switch; } diff --git a/drivers/gpu/drm/radeon/radeon_drv.h b/drivers/gpu/drm/radeon/radeon_drv.h -index a1b59ca..86f2d44 100644 +index e7fdf16..f4f6490 100644 --- a/drivers/gpu/drm/radeon/radeon_drv.h +++ b/drivers/gpu/drm/radeon/radeon_drv.h @@ -255,7 +255,7 @@ typedef struct drm_radeon_private { @@ -33259,10 +34209,10 @@ index 8e9057b..af6dacb 100644 DRM_DEBUG("pid=%d\n", DRM_CURRENTPID); diff --git a/drivers/gpu/drm/radeon/radeon_ttm.c b/drivers/gpu/drm/radeon/radeon_ttm.c -index 5ebe1b3..cf69ba0 100644 +index 93f760e..33d9839 100644 --- a/drivers/gpu/drm/radeon/radeon_ttm.c +++ b/drivers/gpu/drm/radeon/radeon_ttm.c -@@ -781,7 +781,7 @@ void radeon_ttm_set_active_vram_size(struct radeon_device *rdev, u64 size) +@@ -782,7 +782,7 @@ void radeon_ttm_set_active_vram_size(struct radeon_device *rdev, u64 size) man->size = size >> PAGE_SHIFT; } @@ -33271,7 +34221,7 @@ index 5ebe1b3..cf69ba0 100644 static const struct vm_operations_struct *ttm_vm_ops = NULL; static int radeon_ttm_fault(struct vm_area_struct *vma, struct vm_fault *vmf) -@@ -822,8 +822,10 @@ int radeon_mmap(struct file *filp, struct vm_area_struct *vma) +@@ -823,8 +823,10 @@ int radeon_mmap(struct file *filp, struct vm_area_struct *vma) } if (unlikely(ttm_vm_ops == NULL)) { ttm_vm_ops = vma->vm_ops; @@ -33412,10 +34362,10 @@ index ac98964..5dbf512 100644 case VIA_IRQ_ABSOLUTE: break; diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h -index 88a179e..57fe50481c 100644 +index 13aeda7..4a952d1 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h -@@ -263,7 +263,7 @@ struct vmw_private { +@@ -290,7 +290,7 @@ struct vmw_private { * Fencing and IRQs. */ @@ -33500,10 +34450,10 @@ index 8a8725c..afed796 100644 marker = list_first_entry(&queue->head, struct vmw_marker, head); diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c -index 52146db..ae33762 100644 +index eb2ee11..6cc50ab 100644 --- a/drivers/hid/hid-core.c +++ b/drivers/hid/hid-core.c -@@ -2201,7 +2201,7 @@ static bool hid_ignore(struct hid_device *hdev) +@@ -2240,7 +2240,7 @@ EXPORT_SYMBOL_GPL(hid_ignore); int hid_add_device(struct hid_device *hdev) { @@ -33512,7 +34462,7 @@ index 52146db..ae33762 100644 int ret; if (WARN_ON(hdev->status & HID_STAT_ADDED)) -@@ -2236,7 +2236,7 @@ int hid_add_device(struct hid_device *hdev) +@@ -2274,7 +2274,7 @@ int hid_add_device(struct hid_device *hdev) /* XXX hack, any other cleaner solution after the driver core * is converted to allow more than 20 bytes as the device name? */ dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus, @@ -33534,24 +34484,11 @@ index eec3291..8ed706b 100644 return -EFAULT; *off += size; -diff --git a/drivers/hid/usbhid/hiddev.c b/drivers/hid/usbhid/hiddev.c -index 14599e2..711c965 100644 ---- a/drivers/hid/usbhid/hiddev.c -+++ b/drivers/hid/usbhid/hiddev.c -@@ -625,7 +625,7 @@ static long hiddev_ioctl(struct file *file, unsigned int cmd, unsigned long arg) - break; - - case HIDIOCAPPLICATION: -- if (arg < 0 || arg >= hid->maxapplication) -+ if (arg >= hid->maxapplication) - break; - - for (i = 0; i < hid->maxcollection; i++) diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c -index f4c3d28..82f45a9 100644 +index 773a2f2..7ce08bc 100644 --- a/drivers/hv/channel.c +++ b/drivers/hv/channel.c -@@ -402,8 +402,8 @@ int vmbus_establish_gpadl(struct vmbus_channel *channel, void *kbuffer, +@@ -394,8 +394,8 @@ int vmbus_establish_gpadl(struct vmbus_channel *channel, void *kbuffer, int ret = 0; int t; @@ -33605,8 +34542,21 @@ index 8e1a9ec..4687821 100644 child_device_obj->device.bus = &hv_bus; child_device_obj->device.parent = &hv_acpi_dev->dev; +diff --git a/drivers/hwmon/coretemp.c b/drivers/hwmon/coretemp.c +index d64923d..72591e8 100644 +--- a/drivers/hwmon/coretemp.c ++++ b/drivers/hwmon/coretemp.c +@@ -790,7 +790,7 @@ static int __cpuinit coretemp_cpu_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block coretemp_cpu_notifier __refdata = { ++static struct notifier_block coretemp_cpu_notifier = { + .notifier_call = coretemp_cpu_callback, + }; + diff --git a/drivers/hwmon/sht15.c b/drivers/hwmon/sht15.c -index 07a0c1a..0cac334 100644 +index 1c85d39..55ed3cf 100644 --- a/drivers/hwmon/sht15.c +++ b/drivers/hwmon/sht15.c @@ -169,7 +169,7 @@ struct sht15_data { @@ -33657,6 +34607,19 @@ index 07a0c1a..0cac334 100644 return; } +diff --git a/drivers/hwmon/via-cputemp.c b/drivers/hwmon/via-cputemp.c +index 76f157b..9c0db1b 100644 +--- a/drivers/hwmon/via-cputemp.c ++++ b/drivers/hwmon/via-cputemp.c +@@ -296,7 +296,7 @@ static int __cpuinit via_cputemp_cpu_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block via_cputemp_cpu_notifier __refdata = { ++static struct notifier_block via_cputemp_cpu_notifier = { + .notifier_call = via_cputemp_cpu_callback, + }; + diff --git a/drivers/i2c/busses/i2c-amd756-s4882.c b/drivers/i2c/busses/i2c-amd756-s4882.c index 378fcb5..5e91fa8 100644 --- a/drivers/i2c/busses/i2c-amd756-s4882.c @@ -33987,7 +34950,7 @@ index 1f95bba..9530f87 100644 sdata, wqe->wr.wr.atomic.swap); goto send_comp; diff --git a/drivers/infiniband/hw/nes/nes.c b/drivers/infiniband/hw/nes/nes.c -index 748db2d..5f75cc3 100644 +index 5b152a3..c1f3e83 100644 --- a/drivers/infiniband/hw/nes/nes.c +++ b/drivers/infiniband/hw/nes/nes.c @@ -98,7 +98,7 @@ MODULE_PARM_DESC(limit_maxrdreqsz, "Limit max read request size to 256 Bytes"); @@ -34068,7 +35031,7 @@ index 33cc589..3bd6538 100644 extern u32 int_mod_timer_init; extern u32 int_mod_cq_depth_256; diff --git a/drivers/infiniband/hw/nes/nes_cm.c b/drivers/infiniband/hw/nes/nes_cm.c -index cfaacaf..fa0722e 100644 +index 22ea67e..dcbe3bc 100644 --- a/drivers/infiniband/hw/nes/nes_cm.c +++ b/drivers/infiniband/hw/nes/nes_cm.c @@ -68,14 +68,14 @@ u32 cm_packets_dropped; @@ -34114,7 +35077,7 @@ index cfaacaf..fa0722e 100644 int nes_add_ref_cm_node(struct nes_cm_node *cm_node) { -@@ -1281,7 +1281,7 @@ static int mini_cm_dec_refcnt_listen(struct nes_cm_core *cm_core, +@@ -1272,7 +1272,7 @@ static int mini_cm_dec_refcnt_listen(struct nes_cm_core *cm_core, kfree(listener); listener = NULL; ret = 0; @@ -34123,7 +35086,7 @@ index cfaacaf..fa0722e 100644 } else { spin_unlock_irqrestore(&cm_core->listen_list_lock, flags); } -@@ -1480,7 +1480,7 @@ static struct nes_cm_node *make_cm_node(struct nes_cm_core *cm_core, +@@ -1466,7 +1466,7 @@ static struct nes_cm_node *make_cm_node(struct nes_cm_core *cm_core, cm_node->rem_mac); add_hte_node(cm_core, cm_node); @@ -34132,7 +35095,7 @@ index cfaacaf..fa0722e 100644 return cm_node; } -@@ -1538,7 +1538,7 @@ static int rem_ref_cm_node(struct nes_cm_core *cm_core, +@@ -1524,7 +1524,7 @@ static int rem_ref_cm_node(struct nes_cm_core *cm_core, } atomic_dec(&cm_core->node_cnt); @@ -34141,7 +35104,7 @@ index cfaacaf..fa0722e 100644 nesqp = cm_node->nesqp; if (nesqp) { nesqp->cm_node = NULL; -@@ -1602,7 +1602,7 @@ static int process_options(struct nes_cm_node *cm_node, u8 *optionsloc, +@@ -1588,7 +1588,7 @@ static int process_options(struct nes_cm_node *cm_node, u8 *optionsloc, static void drop_packet(struct sk_buff *skb) { @@ -34150,7 +35113,7 @@ index cfaacaf..fa0722e 100644 dev_kfree_skb_any(skb); } -@@ -1665,7 +1665,7 @@ static void handle_rst_pkt(struct nes_cm_node *cm_node, struct sk_buff *skb, +@@ -1651,7 +1651,7 @@ static void handle_rst_pkt(struct nes_cm_node *cm_node, struct sk_buff *skb, { int reset = 0; /* whether to send reset in case of err.. */ @@ -34159,7 +35122,7 @@ index cfaacaf..fa0722e 100644 nes_debug(NES_DBG_CM, "Received Reset, cm_node = %p, state = %u." " refcnt=%d\n", cm_node, cm_node->state, atomic_read(&cm_node->ref_count)); -@@ -2306,7 +2306,7 @@ static struct nes_cm_node *mini_cm_connect(struct nes_cm_core *cm_core, +@@ -2292,7 +2292,7 @@ static struct nes_cm_node *mini_cm_connect(struct nes_cm_core *cm_core, rem_ref_cm_node(cm_node->cm_core, cm_node); return NULL; } @@ -34168,7 +35131,7 @@ index cfaacaf..fa0722e 100644 loopbackremotenode->loopbackpartner = cm_node; loopbackremotenode->tcp_cntxt.rcv_wscale = NES_CM_DEFAULT_RCV_WND_SCALE; -@@ -2581,7 +2581,7 @@ static int mini_cm_recv_pkt(struct nes_cm_core *cm_core, +@@ -2567,7 +2567,7 @@ static int mini_cm_recv_pkt(struct nes_cm_core *cm_core, nes_queue_mgt_skbs(skb, nesvnic, cm_node->nesqp); else { rem_ref_cm_node(cm_core, cm_node); @@ -34177,7 +35140,7 @@ index cfaacaf..fa0722e 100644 dev_kfree_skb_any(skb); } break; -@@ -2889,7 +2889,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp) +@@ -2875,7 +2875,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp) if ((cm_id) && (cm_id->event_handler)) { if (issue_disconn) { @@ -34186,7 +35149,7 @@ index cfaacaf..fa0722e 100644 cm_event.event = IW_CM_EVENT_DISCONNECT; cm_event.status = disconn_status; cm_event.local_addr = cm_id->local_addr; -@@ -2911,7 +2911,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp) +@@ -2897,7 +2897,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp) } if (issue_close) { @@ -34195,7 +35158,7 @@ index cfaacaf..fa0722e 100644 nes_disconnect(nesqp, 1); cm_id->provider_data = nesqp; -@@ -3047,7 +3047,7 @@ int nes_accept(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param) +@@ -3033,7 +3033,7 @@ int nes_accept(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param) nes_debug(NES_DBG_CM, "QP%u, cm_node=%p, jiffies = %lu listener = %p\n", nesqp->hwqp.qp_id, cm_node, jiffies, cm_node->listener); @@ -34204,7 +35167,7 @@ index cfaacaf..fa0722e 100644 nes_debug(NES_DBG_CM, "netdev refcnt = %u.\n", netdev_refcnt_read(nesvnic->netdev)); -@@ -3242,7 +3242,7 @@ int nes_reject(struct iw_cm_id *cm_id, const void *pdata, u8 pdata_len) +@@ -3228,7 +3228,7 @@ int nes_reject(struct iw_cm_id *cm_id, const void *pdata, u8 pdata_len) struct nes_cm_core *cm_core; u8 *start_buff; @@ -34213,7 +35176,7 @@ index cfaacaf..fa0722e 100644 cm_node = (struct nes_cm_node *)cm_id->provider_data; loopback = cm_node->loopbackpartner; cm_core = cm_node->cm_core; -@@ -3302,7 +3302,7 @@ int nes_connect(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param) +@@ -3288,7 +3288,7 @@ int nes_connect(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param) ntohl(cm_id->local_addr.sin_addr.s_addr), ntohs(cm_id->local_addr.sin_port)); @@ -34222,7 +35185,7 @@ index cfaacaf..fa0722e 100644 nesqp->active_conn = 1; /* cache the cm_id in the qp */ -@@ -3412,7 +3412,7 @@ int nes_create_listen(struct iw_cm_id *cm_id, int backlog) +@@ -3398,7 +3398,7 @@ int nes_create_listen(struct iw_cm_id *cm_id, int backlog) g_cm_core->api->stop_listener(g_cm_core, (void *)cm_node); return err; } @@ -34231,7 +35194,7 @@ index cfaacaf..fa0722e 100644 } cm_id->add_ref(cm_id); -@@ -3513,7 +3513,7 @@ static void cm_event_connected(struct nes_cm_event *event) +@@ -3499,7 +3499,7 @@ static void cm_event_connected(struct nes_cm_event *event) if (nesqp->destroyed) return; @@ -34240,7 +35203,7 @@ index cfaacaf..fa0722e 100644 nes_debug(NES_DBG_CM, "QP%u attempting to connect to 0x%08X:0x%04X on" " local port 0x%04X. jiffies = %lu.\n", nesqp->hwqp.qp_id, -@@ -3693,7 +3693,7 @@ static void cm_event_reset(struct nes_cm_event *event) +@@ -3679,7 +3679,7 @@ static void cm_event_reset(struct nes_cm_event *event) cm_id->add_ref(cm_id); ret = cm_id->event_handler(cm_id, &cm_event); @@ -34249,7 +35212,7 @@ index cfaacaf..fa0722e 100644 cm_event.event = IW_CM_EVENT_CLOSE; cm_event.status = 0; cm_event.provider_data = cm_id->provider_data; -@@ -3729,7 +3729,7 @@ static void cm_event_mpa_req(struct nes_cm_event *event) +@@ -3715,7 +3715,7 @@ static void cm_event_mpa_req(struct nes_cm_event *event) return; cm_id = cm_node->cm_id; @@ -34258,7 +35221,7 @@ index cfaacaf..fa0722e 100644 nes_debug(NES_DBG_CM, "cm_node = %p - cm_id = %p, jiffies = %lu\n", cm_node, cm_id, jiffies); -@@ -3769,7 +3769,7 @@ static void cm_event_mpa_reject(struct nes_cm_event *event) +@@ -3755,7 +3755,7 @@ static void cm_event_mpa_reject(struct nes_cm_event *event) return; cm_id = cm_node->cm_id; @@ -34268,7 +35231,7 @@ index cfaacaf..fa0722e 100644 cm_node, cm_id, jiffies); diff --git a/drivers/infiniband/hw/nes/nes_mgt.c b/drivers/infiniband/hw/nes/nes_mgt.c -index 3ba7be3..c81f6ff 100644 +index 4166452..fc952c3 100644 --- a/drivers/infiniband/hw/nes/nes_mgt.c +++ b/drivers/infiniband/hw/nes/nes_mgt.c @@ -40,8 +40,8 @@ @@ -34291,7 +35254,7 @@ index 3ba7be3..c81f6ff 100644 /* Free packets that have not yet been forwarded */ /* Lock is acquired by skb_dequeue when removing the skb */ -@@ -812,7 +812,7 @@ static void nes_mgt_ce_handler(struct nes_device *nesdev, struct nes_hw_nic_cq * +@@ -810,7 +810,7 @@ static void nes_mgt_ce_handler(struct nes_device *nesdev, struct nes_hw_nic_cq * cq->cq_vbase[head].cqe_words[NES_NIC_CQE_HASH_RCVNXT]); skb_queue_head_init(&nesqp->pau_list); spin_lock_init(&nesqp->pau_lock); @@ -34301,10 +35264,10 @@ index 3ba7be3..c81f6ff 100644 } diff --git a/drivers/infiniband/hw/nes/nes_nic.c b/drivers/infiniband/hw/nes/nes_nic.c -index 0564be7..f68b0f1 100644 +index 9542e16..a008c40 100644 --- a/drivers/infiniband/hw/nes/nes_nic.c +++ b/drivers/infiniband/hw/nes/nes_nic.c -@@ -1272,39 +1272,39 @@ static void nes_netdev_get_ethtool_stats(struct net_device *netdev, +@@ -1273,39 +1273,39 @@ static void nes_netdev_get_ethtool_stats(struct net_device *netdev, target_stat_values[++index] = mh_detected; target_stat_values[++index] = mh_pauses_sent; target_stat_values[++index] = nesvnic->endnode_ipv4_tcp_retransmits; @@ -34433,19 +35396,19 @@ index da739d9..da1c7f4 100644 gameport->dev.release = gameport_release_port; if (gameport->parent) diff --git a/drivers/input/input.c b/drivers/input/input.c -index 53a0dde..abffda7 100644 +index c044699..174d71a 100644 --- a/drivers/input/input.c +++ b/drivers/input/input.c -@@ -1902,7 +1902,7 @@ static void input_cleanse_bitmasks(struct input_dev *dev) +@@ -2019,7 +2019,7 @@ static void devm_input_device_unregister(struct device *dev, void *res) */ int input_register_device(struct input_dev *dev) { - static atomic_t input_no = ATOMIC_INIT(0); + static atomic_unchecked_t input_no = ATOMIC_INIT(0); + struct input_devres *devres = NULL; struct input_handler *handler; unsigned int packet_size; - const char *path; -@@ -1945,7 +1945,7 @@ int input_register_device(struct input_dev *dev) +@@ -2074,7 +2074,7 @@ int input_register_device(struct input_dev *dev) dev->setkeycode = input_default_setkeycode; dev_set_name(&dev->dev, "input%ld", @@ -34467,10 +35430,10 @@ index 04c69af..5f92d00 100644 #include <linux/input.h> #include <linux/gameport.h> diff --git a/drivers/input/joystick/xpad.c b/drivers/input/joystick/xpad.c -index 83811e4..0822b90 100644 +index d6cbfe9..6225402 100644 --- a/drivers/input/joystick/xpad.c +++ b/drivers/input/joystick/xpad.c -@@ -726,7 +726,7 @@ static void xpad_led_set(struct led_classdev *led_cdev, +@@ -735,7 +735,7 @@ static void xpad_led_set(struct led_classdev *led_cdev, static int xpad_led_probe(struct usb_xpad *xpad) { @@ -34479,7 +35442,7 @@ index 83811e4..0822b90 100644 long led_no; struct xpad_led *led; struct led_classdev *led_cdev; -@@ -739,7 +739,7 @@ static int xpad_led_probe(struct usb_xpad *xpad) +@@ -748,7 +748,7 @@ static int xpad_led_probe(struct usb_xpad *xpad) if (!led) return -ENOMEM; @@ -34502,7 +35465,7 @@ index 4c842c3..590b0bf 100644 return count; diff --git a/drivers/input/serio/serio.c b/drivers/input/serio/serio.c -index d0f7533..fb8215b 100644 +index 25fc597..558bf3b 100644 --- a/drivers/input/serio/serio.c +++ b/drivers/input/serio/serio.c @@ -496,7 +496,7 @@ static void serio_release_port(struct device *dev) @@ -34524,10 +35487,10 @@ index d0f7533..fb8215b 100644 serio->dev.release = serio_release_port; serio->dev.groups = serio_device_attr_groups; diff --git a/drivers/isdn/capi/capi.c b/drivers/isdn/capi/capi.c -index c679867..6e2e34d 100644 +index 89562a8..218999b 100644 --- a/drivers/isdn/capi/capi.c +++ b/drivers/isdn/capi/capi.c -@@ -83,8 +83,8 @@ struct capiminor { +@@ -81,8 +81,8 @@ struct capiminor { struct capi20_appl *ap; u32 ncci; @@ -34538,7 +35501,7 @@ index c679867..6e2e34d 100644 struct tty_port port; int ttyinstop; -@@ -393,7 +393,7 @@ gen_data_b3_resp_for(struct capiminor *mp, struct sk_buff *skb) +@@ -391,7 +391,7 @@ gen_data_b3_resp_for(struct capiminor *mp, struct sk_buff *skb) capimsg_setu16(s, 2, mp->ap->applid); capimsg_setu8 (s, 4, CAPI_DATA_B3); capimsg_setu8 (s, 5, CAPI_RESP); @@ -34547,7 +35510,7 @@ index c679867..6e2e34d 100644 capimsg_setu32(s, 8, mp->ncci); capimsg_setu16(s, 12, datahandle); } -@@ -514,14 +514,14 @@ static void handle_minor_send(struct capiminor *mp) +@@ -512,14 +512,14 @@ static void handle_minor_send(struct capiminor *mp) mp->outbytes -= len; spin_unlock_bh(&mp->outlock); @@ -34615,7 +35578,7 @@ index 821f7ac..28d4030 100644 } else { memcpy(buf, dp, left); diff --git a/drivers/isdn/i4l/isdn_tty.c b/drivers/isdn/i4l/isdn_tty.c -index b817809..409caff 100644 +index e09dc8a..15e2efb 100644 --- a/drivers/isdn/i4l/isdn_tty.c +++ b/drivers/isdn/i4l/isdn_tty.c @@ -1513,9 +1513,9 @@ isdn_tty_open(struct tty_struct *tty, struct file *filp) @@ -34670,7 +35633,7 @@ index b817809..409caff 100644 port->flags &= ~ASYNC_NORMAL_ACTIVE; port->tty = NULL; wake_up_interruptible(&port->open_wait); -@@ -1971,7 +1971,7 @@ isdn_tty_find_icall(int di, int ch, setup_parm *setup) +@@ -1975,7 +1975,7 @@ isdn_tty_find_icall(int di, int ch, setup_parm *setup) for (i = 0; i < ISDN_MAX_CHANNELS; i++) { modem_info *info = &dev->mdm.info[i]; @@ -34693,7 +35656,7 @@ index e74df7c..03a03ba 100644 } else memcpy(msg, buf, count); diff --git a/drivers/lguest/core.c b/drivers/lguest/core.c -index b5fdcb7..5b6c59f 100644 +index a5ebc00..982886f 100644 --- a/drivers/lguest/core.c +++ b/drivers/lguest/core.c @@ -92,9 +92,17 @@ static __init int map_switcher(void) @@ -34844,10 +35807,10 @@ index 7155945..4bcc562 100644 seq_printf(seq, "\n"); diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c -index a651d52..82f8a95 100644 +index 0666b5d..ed82cb4 100644 --- a/drivers/md/dm-ioctl.c +++ b/drivers/md/dm-ioctl.c -@@ -1601,7 +1601,7 @@ static int validate_params(uint cmd, struct dm_ioctl *param) +@@ -1628,7 +1628,7 @@ static int validate_params(uint cmd, struct dm_ioctl *param) cmd == DM_LIST_VERSIONS_CMD) return 0; @@ -34857,7 +35820,7 @@ index a651d52..82f8a95 100644 DMWARN("name not supplied when creating device"); return -EINVAL; diff --git a/drivers/md/dm-raid1.c b/drivers/md/dm-raid1.c -index fd61f98..8050783 100644 +index fa51918..c26253c 100644 --- a/drivers/md/dm-raid1.c +++ b/drivers/md/dm-raid1.c @@ -40,7 +40,7 @@ enum dm_raid1_error { @@ -34869,7 +35832,7 @@ index fd61f98..8050783 100644 unsigned long error_type; struct dm_dev *dev; sector_t offset; -@@ -185,7 +185,7 @@ static struct mirror *get_valid_mirror(struct mirror_set *ms) +@@ -183,7 +183,7 @@ static struct mirror *get_valid_mirror(struct mirror_set *ms) struct mirror *m; for (m = ms->mirror; m < ms->mirror + ms->nr_mirrors; m++) @@ -34878,7 +35841,7 @@ index fd61f98..8050783 100644 return m; return NULL; -@@ -217,7 +217,7 @@ static void fail_mirror(struct mirror *m, enum dm_raid1_error error_type) +@@ -215,7 +215,7 @@ static void fail_mirror(struct mirror *m, enum dm_raid1_error error_type) * simple way to tell if a device has encountered * errors. */ @@ -34887,7 +35850,7 @@ index fd61f98..8050783 100644 if (test_and_set_bit(error_type, &m->error_type)) return; -@@ -408,7 +408,7 @@ static struct mirror *choose_mirror(struct mirror_set *ms, sector_t sector) +@@ -406,7 +406,7 @@ static struct mirror *choose_mirror(struct mirror_set *ms, sector_t sector) struct mirror *m = get_default_mirror(ms); do { @@ -34896,7 +35859,7 @@ index fd61f98..8050783 100644 return m; if (m-- == ms->mirror) -@@ -422,7 +422,7 @@ static int default_ok(struct mirror *m) +@@ -420,7 +420,7 @@ static int default_ok(struct mirror *m) { struct mirror *default_mirror = get_default_mirror(m->ms); @@ -34905,7 +35868,7 @@ index fd61f98..8050783 100644 } static int mirror_available(struct mirror_set *ms, struct bio *bio) -@@ -559,7 +559,7 @@ static void do_reads(struct mirror_set *ms, struct bio_list *reads) +@@ -557,7 +557,7 @@ static void do_reads(struct mirror_set *ms, struct bio_list *reads) */ if (likely(region_in_sync(ms, region, 1))) m = choose_mirror(ms, bio->bi_sector); @@ -34914,7 +35877,7 @@ index fd61f98..8050783 100644 m = NULL; if (likely(m)) -@@ -938,7 +938,7 @@ static int get_mirror(struct mirror_set *ms, struct dm_target *ti, +@@ -924,7 +924,7 @@ static int get_mirror(struct mirror_set *ms, struct dm_target *ti, } ms->mirror[mirror].ms = ms; @@ -34923,7 +35886,7 @@ index fd61f98..8050783 100644 ms->mirror[mirror].error_type = 0; ms->mirror[mirror].offset = offset; -@@ -1356,7 +1356,7 @@ static void mirror_resume(struct dm_target *ti) +@@ -1337,7 +1337,7 @@ static void mirror_resume(struct dm_target *ti) */ static char device_status_char(struct mirror *m) { @@ -34933,7 +35896,7 @@ index fd61f98..8050783 100644 return (test_bit(DM_RAID1_FLUSH_ERROR, &(m->error_type))) ? 'F' : diff --git a/drivers/md/dm-stripe.c b/drivers/md/dm-stripe.c -index e2f87653..f279abe 100644 +index c89cde8..9d184cf 100644 --- a/drivers/md/dm-stripe.c +++ b/drivers/md/dm-stripe.c @@ -20,7 +20,7 @@ struct stripe { @@ -34945,7 +35908,7 @@ index e2f87653..f279abe 100644 }; struct stripe_c { -@@ -183,7 +183,7 @@ static int stripe_ctr(struct dm_target *ti, unsigned int argc, char **argv) +@@ -184,7 +184,7 @@ static int stripe_ctr(struct dm_target *ti, unsigned int argc, char **argv) kfree(sc); return r; } @@ -34954,7 +35917,7 @@ index e2f87653..f279abe 100644 } ti->private = sc; -@@ -324,7 +324,7 @@ static int stripe_status(struct dm_target *ti, status_type_t type, +@@ -325,7 +325,7 @@ static int stripe_status(struct dm_target *ti, status_type_t type, DMEMIT("%d ", sc->stripes); for (i = 0; i < sc->stripes; i++) { DMEMIT("%s ", sc->stripe[i].dev->name); @@ -34963,7 +35926,7 @@ index e2f87653..f279abe 100644 'D' : 'A'; } buffer[i] = '\0'; -@@ -371,8 +371,8 @@ static int stripe_end_io(struct dm_target *ti, struct bio *bio, +@@ -371,8 +371,8 @@ static int stripe_end_io(struct dm_target *ti, struct bio *bio, int error) */ for (i = 0; i < sc->stripes; i++) if (!strcmp(sc->stripe[i].dev->name, major_minor)) { @@ -34975,7 +35938,7 @@ index e2f87653..f279abe 100644 schedule_work(&sc->trigger_event); } diff --git a/drivers/md/dm-table.c b/drivers/md/dm-table.c -index fa29557..d24a5b7 100644 +index daf25d0..d74f49f 100644 --- a/drivers/md/dm-table.c +++ b/drivers/md/dm-table.c @@ -390,7 +390,7 @@ static int device_area_is_invalid(struct dm_target *ti, struct dm_dev *dev, @@ -34988,7 +35951,7 @@ index fa29557..d24a5b7 100644 "start=%llu, len=%llu, dev_size=%llu", dm_device_name(ti->table->md), bdevname(bdev, b), diff --git a/drivers/md/dm-thin-metadata.c b/drivers/md/dm-thin-metadata.c -index 693e149..b7e0fde 100644 +index 4d6e853..a234157 100644 --- a/drivers/md/dm-thin-metadata.c +++ b/drivers/md/dm-thin-metadata.c @@ -397,7 +397,7 @@ static void __setup_btree_details(struct dm_pool_metadata *pmd) @@ -35010,10 +35973,10 @@ index 693e149..b7e0fde 100644 pmd->bl_info.value_type.inc = data_block_inc; pmd->bl_info.value_type.dec = data_block_dec; diff --git a/drivers/md/dm.c b/drivers/md/dm.c -index 77e6eff..913d695 100644 +index 314a0e2..1376406 100644 --- a/drivers/md/dm.c +++ b/drivers/md/dm.c -@@ -182,9 +182,9 @@ struct mapped_device { +@@ -170,9 +170,9 @@ struct mapped_device { /* * Event handling. */ @@ -35025,7 +35988,7 @@ index 77e6eff..913d695 100644 struct list_head uevent_list; spinlock_t uevent_lock; /* Protect access to uevent_list */ -@@ -1847,8 +1847,8 @@ static struct mapped_device *alloc_dev(int minor) +@@ -1872,8 +1872,8 @@ static struct mapped_device *alloc_dev(int minor) rwlock_init(&md->map_lock); atomic_set(&md->holders, 1); atomic_set(&md->open_count, 0); @@ -35036,7 +35999,7 @@ index 77e6eff..913d695 100644 INIT_LIST_HEAD(&md->uevent_list); spin_lock_init(&md->uevent_lock); -@@ -1982,7 +1982,7 @@ static void event_callback(void *context) +@@ -2014,7 +2014,7 @@ static void event_callback(void *context) dm_send_uevents(&uevents, &disk_to_dev(md->disk)->kobj); @@ -35045,7 +36008,7 @@ index 77e6eff..913d695 100644 wake_up(&md->eventq); } -@@ -2637,18 +2637,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action, +@@ -2669,18 +2669,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action, uint32_t dm_next_uevent_seq(struct mapped_device *md) { @@ -35068,7 +36031,7 @@ index 77e6eff..913d695 100644 void dm_uevent_add(struct mapped_device *md, struct list_head *elist) diff --git a/drivers/md/md.c b/drivers/md/md.c -index 6120071..31d9be2 100644 +index 3db3d1b..9487468 100644 --- a/drivers/md/md.c +++ b/drivers/md/md.c @@ -240,10 +240,10 @@ EXPORT_SYMBOL_GPL(md_trim_bio); @@ -35093,7 +36056,7 @@ index 6120071..31d9be2 100644 wake_up(&md_event_waiters); } -@@ -1504,7 +1504,7 @@ static int super_1_load(struct md_rdev *rdev, struct md_rdev *refdev, int minor_ +@@ -1503,7 +1503,7 @@ static int super_1_load(struct md_rdev *rdev, struct md_rdev *refdev, int minor_ if ((le32_to_cpu(sb->feature_map) & MD_FEATURE_RESHAPE_ACTIVE) && (le32_to_cpu(sb->feature_map) & MD_FEATURE_NEW_OFFSET)) rdev->new_data_offset += (s32)le32_to_cpu(sb->new_offset); @@ -35102,7 +36065,7 @@ index 6120071..31d9be2 100644 rdev->sb_size = le32_to_cpu(sb->max_dev) * 2 + 256; bmask = queue_logical_block_size(rdev->bdev->bd_disk->queue)-1; -@@ -1748,7 +1748,7 @@ static void super_1_sync(struct mddev *mddev, struct md_rdev *rdev) +@@ -1747,7 +1747,7 @@ static void super_1_sync(struct mddev *mddev, struct md_rdev *rdev) else sb->resync_offset = cpu_to_le64(0); @@ -35111,7 +36074,7 @@ index 6120071..31d9be2 100644 sb->raid_disks = cpu_to_le32(mddev->raid_disks); sb->size = cpu_to_le64(mddev->dev_sectors); -@@ -2748,7 +2748,7 @@ __ATTR(state, S_IRUGO|S_IWUSR, state_show, state_store); +@@ -2747,7 +2747,7 @@ __ATTR(state, S_IRUGO|S_IWUSR, state_show, state_store); static ssize_t errors_show(struct md_rdev *rdev, char *page) { @@ -35120,7 +36083,7 @@ index 6120071..31d9be2 100644 } static ssize_t -@@ -2757,7 +2757,7 @@ errors_store(struct md_rdev *rdev, const char *buf, size_t len) +@@ -2756,7 +2756,7 @@ errors_store(struct md_rdev *rdev, const char *buf, size_t len) char *e; unsigned long n = simple_strtoul(buf, &e, 10); if (*buf && (*e == 0 || *e == '\n')) { @@ -35129,7 +36092,7 @@ index 6120071..31d9be2 100644 return len; } return -EINVAL; -@@ -3204,8 +3204,8 @@ int md_rdev_init(struct md_rdev *rdev) +@@ -3203,8 +3203,8 @@ int md_rdev_init(struct md_rdev *rdev) rdev->sb_loaded = 0; rdev->bb_page = NULL; atomic_set(&rdev->nr_pending, 0); @@ -35140,7 +36103,7 @@ index 6120071..31d9be2 100644 INIT_LIST_HEAD(&rdev->same_set); init_waitqueue_head(&rdev->blocked_wait); -@@ -6984,7 +6984,7 @@ static int md_seq_show(struct seq_file *seq, void *v) +@@ -6980,7 +6980,7 @@ static int md_seq_show(struct seq_file *seq, void *v) spin_unlock(&pers_lock); seq_printf(seq, "\n"); @@ -35149,7 +36112,7 @@ index 6120071..31d9be2 100644 return 0; } if (v == (void*)2) { -@@ -7087,7 +7087,7 @@ static int md_seq_open(struct inode *inode, struct file *file) +@@ -7083,7 +7083,7 @@ static int md_seq_open(struct inode *inode, struct file *file) return error; seq = file->private_data; @@ -35158,7 +36121,7 @@ index 6120071..31d9be2 100644 return error; } -@@ -7101,7 +7101,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait) +@@ -7097,7 +7097,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait) /* always allow read */ mask = POLLIN | POLLRDNORM; @@ -35167,7 +36130,7 @@ index 6120071..31d9be2 100644 mask |= POLLERR | POLLPRI; return mask; } -@@ -7145,7 +7145,7 @@ static int is_mddev_idle(struct mddev *mddev, int init) +@@ -7141,7 +7141,7 @@ static int is_mddev_idle(struct mddev *mddev, int init) struct gendisk *disk = rdev->bdev->bd_contains->bd_disk; curr_events = (int)part_stat_read(&disk->part0, sectors[0]) + (int)part_stat_read(&disk->part0, sectors[1]) - @@ -35177,7 +36140,7 @@ index 6120071..31d9be2 100644 * as sync_io is counted when a request starts, and * disk_stats is counted when it completes. diff --git a/drivers/md/md.h b/drivers/md/md.h -index af443ab..0f93be3 100644 +index eca59c3..7c42285 100644 --- a/drivers/md/md.h +++ b/drivers/md/md.h @@ -94,13 +94,13 @@ struct md_rdev { @@ -35196,7 +36159,7 @@ index af443ab..0f93be3 100644 * for reporting to userspace and storing * in superblock. */ -@@ -432,7 +432,7 @@ static inline void rdev_dec_pending(struct md_rdev *rdev, struct mddev *mddev) +@@ -434,7 +434,7 @@ static inline void rdev_dec_pending(struct md_rdev *rdev, struct mddev *mddev) static inline void md_sync_acct(struct block_device *bdev, unsigned long nr_sectors) { @@ -35218,10 +36181,10 @@ index 1cbfc6b..56e1dbb 100644 /*----------------------------------------------------------------*/ diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c -index a0f7309..5599dbc 100644 +index d5bddfc..b079b4b 100644 --- a/drivers/md/raid1.c +++ b/drivers/md/raid1.c -@@ -1819,7 +1819,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio) +@@ -1818,7 +1818,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio) if (r1_sync_page_io(rdev, sect, s, bio->bi_io_vec[idx].bv_page, READ) != 0) @@ -35230,7 +36193,7 @@ index a0f7309..5599dbc 100644 } sectors -= s; sect += s; -@@ -2041,7 +2041,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk, +@@ -2040,7 +2040,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk, test_bit(In_sync, &rdev->flags)) { if (r1_sync_page_io(rdev, sect, s, conf->tmppage, READ)) { @@ -35240,10 +36203,10 @@ index a0f7309..5599dbc 100644 "md/raid1:%s: read error corrected " "(%d sectors at %llu on %s)\n", diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c -index c9acbd7..386cd3e 100644 +index 64d4824..8b9ea57 100644 --- a/drivers/md/raid10.c +++ b/drivers/md/raid10.c -@@ -1878,7 +1878,7 @@ static void end_sync_read(struct bio *bio, int error) +@@ -1877,7 +1877,7 @@ static void end_sync_read(struct bio *bio, int error) /* The write handler will notice the lack of * R10BIO_Uptodate and record any errors etc */ @@ -35252,7 +36215,7 @@ index c9acbd7..386cd3e 100644 &conf->mirrors[d].rdev->corrected_errors); /* for reconstruct, we always reschedule after a read. -@@ -2227,7 +2227,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) +@@ -2226,7 +2226,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) { struct timespec cur_time_mon; unsigned long hours_since_last; @@ -35261,7 +36224,7 @@ index c9acbd7..386cd3e 100644 ktime_get_ts(&cur_time_mon); -@@ -2249,9 +2249,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) +@@ -2248,9 +2248,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) * overflowing the shift of read_errors by hours_since_last. */ if (hours_since_last >= 8 * sizeof(read_errors)) @@ -35273,7 +36236,7 @@ index c9acbd7..386cd3e 100644 } static int r10_sync_page_io(struct md_rdev *rdev, sector_t sector, -@@ -2305,8 +2305,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 +@@ -2304,8 +2304,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 return; check_decay_read_errors(mddev, rdev); @@ -35284,7 +36247,7 @@ index c9acbd7..386cd3e 100644 char b[BDEVNAME_SIZE]; bdevname(rdev->bdev, b); -@@ -2314,7 +2314,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 +@@ -2313,7 +2313,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 "md/raid10:%s: %s: Raid device exceeded " "read_error threshold [cur %d:max %d]\n", mdname(mddev), b, @@ -35293,7 +36256,7 @@ index c9acbd7..386cd3e 100644 printk(KERN_NOTICE "md/raid10:%s: %s: Failing raid device\n", mdname(mddev), b); -@@ -2469,7 +2469,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 +@@ -2468,7 +2468,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 sect + choose_data_offset(r10_bio, rdev)), bdevname(rdev->bdev, b)); @@ -35303,10 +36266,10 @@ index c9acbd7..386cd3e 100644 rdev_dec_pending(rdev, mddev); diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c -index a450268..c4168a9 100644 +index 19d77a0..56051b92 100644 --- a/drivers/md/raid5.c +++ b/drivers/md/raid5.c -@@ -1789,21 +1789,21 @@ static void raid5_end_read_request(struct bio * bi, int error) +@@ -1797,21 +1797,21 @@ static void raid5_end_read_request(struct bio * bi, int error) mdname(conf->mddev), STRIPE_SECTORS, (unsigned long long)s, bdevname(rdev->bdev, b)); @@ -35332,7 +36295,7 @@ index a450268..c4168a9 100644 if (test_bit(R5_ReadRepl, &sh->dev[i].flags)) printk_ratelimited( KERN_WARNING -@@ -1831,7 +1831,7 @@ static void raid5_end_read_request(struct bio * bi, int error) +@@ -1839,7 +1839,7 @@ static void raid5_end_read_request(struct bio * bi, int error) mdname(conf->mddev), (unsigned long long)s, bdn); @@ -35367,50 +36330,11 @@ index 404f63a..4796533 100644 #if defined(CONFIG_DVB_DIB3000MB) || (defined(CONFIG_DVB_DIB3000MB_MODULE) && defined(MODULE)) extern struct dvb_frontend* dib3000mb_attach(const struct dib3000_config* config, -diff --git a/drivers/media/pci/cx88/cx88-alsa.c b/drivers/media/pci/cx88/cx88-alsa.c -index 3aa6856..435ad25 100644 ---- a/drivers/media/pci/cx88/cx88-alsa.c -+++ b/drivers/media/pci/cx88/cx88-alsa.c -@@ -749,7 +749,7 @@ static struct snd_kcontrol_new snd_cx88_alc_switch = { - * Only boards with eeprom and byte 1 at eeprom=1 have it - */ - --static const struct pci_device_id cx88_audio_pci_tbl[] __devinitdata = { -+static const struct pci_device_id cx88_audio_pci_tbl[] __devinitconst = { - {0x14f1,0x8801,PCI_ANY_ID,PCI_ANY_ID,0,0,0}, - {0x14f1,0x8811,PCI_ANY_ID,PCI_ANY_ID,0,0,0}, - {0, } -diff --git a/drivers/media/pci/ddbridge/ddbridge-core.c b/drivers/media/pci/ddbridge/ddbridge-core.c -index feff57e..66a2c67 100644 ---- a/drivers/media/pci/ddbridge/ddbridge-core.c -+++ b/drivers/media/pci/ddbridge/ddbridge-core.c -@@ -1679,7 +1679,7 @@ static struct ddb_info ddb_v6 = { - .subvendor = _subvend, .subdevice = _subdev, \ - .driver_data = (unsigned long)&_driverdata } - --static const struct pci_device_id ddb_id_tbl[] __devinitdata = { -+static const struct pci_device_id ddb_id_tbl[] __devinitconst = { - DDB_ID(DDVID, 0x0002, DDVID, 0x0001, ddb_octopus), - DDB_ID(DDVID, 0x0003, DDVID, 0x0001, ddb_octopus), - DDB_ID(DDVID, 0x0003, DDVID, 0x0002, ddb_octopus_le), -diff --git a/drivers/media/pci/ngene/ngene-cards.c b/drivers/media/pci/ngene/ngene-cards.c -index 96a13ed..6df45b4 100644 ---- a/drivers/media/pci/ngene/ngene-cards.c -+++ b/drivers/media/pci/ngene/ngene-cards.c -@@ -741,7 +741,7 @@ static struct ngene_info ngene_info_terratec = { - - /****************************************************************************/ - --static const struct pci_device_id ngene_id_tbl[] __devinitdata = { -+static const struct pci_device_id ngene_id_tbl[] __devinitconst = { - NGENE_ID(0x18c3, 0xabc3, ngene_info_cineS2), - NGENE_ID(0x18c3, 0xabc4, ngene_info_cineS2), - NGENE_ID(0x18c3, 0xdb01, ngene_info_satixS2), diff --git a/drivers/media/platform/omap/omap_vout.c b/drivers/media/platform/omap/omap_vout.c -index a3b1a34..71ce0e3 100644 +index 35cc526..9d90d83 100644 --- a/drivers/media/platform/omap/omap_vout.c +++ b/drivers/media/platform/omap/omap_vout.c -@@ -65,7 +65,6 @@ enum omap_vout_channels { +@@ -63,7 +63,6 @@ enum omap_vout_channels { OMAP_VIDEO2, }; @@ -35418,7 +36342,7 @@ index a3b1a34..71ce0e3 100644 /* Variables configurable through module params*/ static u32 video1_numbuffers = 3; static u32 video2_numbuffers = 3; -@@ -1012,6 +1011,12 @@ static int omap_vout_open(struct file *file) +@@ -1010,6 +1009,12 @@ static int omap_vout_open(struct file *file) { struct videobuf_queue *q; struct omap_vout_device *vout = NULL; @@ -35431,7 +36355,7 @@ index a3b1a34..71ce0e3 100644 vout = video_drvdata(file); v4l2_dbg(1, debug, &vout->vid_dev->v4l2_dev, "Entering %s\n", __func__); -@@ -1029,10 +1034,6 @@ static int omap_vout_open(struct file *file) +@@ -1027,10 +1032,6 @@ static int omap_vout_open(struct file *file) vout->type = V4L2_BUF_TYPE_VIDEO_OUTPUT; q = &vout->vbq; @@ -35443,7 +36367,7 @@ index a3b1a34..71ce0e3 100644 videobuf_queue_dma_contig_init(q, &video_vbq_ops, q->dev, diff --git a/drivers/media/platform/s5p-tv/mixer.h b/drivers/media/platform/s5p-tv/mixer.h -index ddb422e..8cf008e 100644 +index b671e20..34088b7 100644 --- a/drivers/media/platform/s5p-tv/mixer.h +++ b/drivers/media/platform/s5p-tv/mixer.h @@ -155,7 +155,7 @@ struct mxr_layer { @@ -35482,10 +36406,10 @@ index 3b1670a..595c939 100644 if (done && done != layer->shadow_buf) vb2_buffer_done(&done->vb, VB2_BUF_STATE_DONE); diff --git a/drivers/media/platform/s5p-tv/mixer_video.c b/drivers/media/platform/s5p-tv/mixer_video.c -index 0c1cd89..6574647 100644 +index 1f3b743..e839271 100644 --- a/drivers/media/platform/s5p-tv/mixer_video.c +++ b/drivers/media/platform/s5p-tv/mixer_video.c -@@ -209,7 +209,7 @@ static void mxr_layer_default_geo(struct mxr_layer *layer) +@@ -208,7 +208,7 @@ static void mxr_layer_default_geo(struct mxr_layer *layer) layer->geo.src.height = layer->geo.src.full_height; mxr_geometry_dump(mdev, &layer->geo); @@ -35494,7 +36418,7 @@ index 0c1cd89..6574647 100644 mxr_geometry_dump(mdev, &layer->geo); } -@@ -227,7 +227,7 @@ static void mxr_layer_update_output(struct mxr_layer *layer) +@@ -226,7 +226,7 @@ static void mxr_layer_update_output(struct mxr_layer *layer) layer->geo.dst.full_width = mbus_fmt.width; layer->geo.dst.full_height = mbus_fmt.height; layer->geo.dst.field = mbus_fmt.field; @@ -35503,7 +36427,7 @@ index 0c1cd89..6574647 100644 mxr_geometry_dump(mdev, &layer->geo); } -@@ -333,7 +333,7 @@ static int mxr_s_fmt(struct file *file, void *priv, +@@ -332,7 +332,7 @@ static int mxr_s_fmt(struct file *file, void *priv, /* set source size to highest accepted value */ geo->src.full_width = max(geo->dst.full_width, pix->width); geo->src.full_height = max(geo->dst.full_height, pix->height); @@ -35512,7 +36436,7 @@ index 0c1cd89..6574647 100644 mxr_geometry_dump(mdev, &layer->geo); /* set cropping to total visible screen */ geo->src.width = pix->width; -@@ -341,12 +341,12 @@ static int mxr_s_fmt(struct file *file, void *priv, +@@ -340,12 +340,12 @@ static int mxr_s_fmt(struct file *file, void *priv, geo->src.x_offset = 0; geo->src.y_offset = 0; /* assure consistency of geometry */ @@ -35527,7 +36451,7 @@ index 0c1cd89..6574647 100644 mxr_geometry_dump(mdev, &layer->geo); /* returning results */ -@@ -473,7 +473,7 @@ static int mxr_s_selection(struct file *file, void *fh, +@@ -472,7 +472,7 @@ static int mxr_s_selection(struct file *file, void *fh, target->width = s->r.width; target->height = s->r.height; @@ -35536,7 +36460,7 @@ index 0c1cd89..6574647 100644 /* retrieve update selection rectangle */ res.left = target->x_offset; -@@ -928,13 +928,13 @@ static int start_streaming(struct vb2_queue *vq, unsigned int count) +@@ -937,13 +937,13 @@ static int start_streaming(struct vb2_queue *vq, unsigned int count) mxr_output_get(mdev); mxr_layer_update_output(layer); @@ -35552,7 +36476,7 @@ index 0c1cd89..6574647 100644 mxr_streamer_get(mdev); return 0; -@@ -1004,7 +1004,7 @@ static int stop_streaming(struct vb2_queue *vq) +@@ -1013,7 +1013,7 @@ static int stop_streaming(struct vb2_queue *vq) spin_unlock_irqrestore(&layer->enq_slock, flags); /* disabling layer in hardware */ @@ -35561,7 +36485,7 @@ index 0c1cd89..6574647 100644 /* remove one streamer */ mxr_streamer_put(mdev); /* allow changes in output configuration */ -@@ -1043,8 +1043,8 @@ void mxr_base_layer_unregister(struct mxr_layer *layer) +@@ -1052,8 +1052,8 @@ void mxr_base_layer_unregister(struct mxr_layer *layer) void mxr_layer_release(struct mxr_layer *layer) { @@ -35572,7 +36496,7 @@ index 0c1cd89..6574647 100644 } void mxr_base_layer_release(struct mxr_layer *layer) -@@ -1070,7 +1070,7 @@ struct mxr_layer *mxr_base_layer_create(struct mxr_device *mdev, +@@ -1079,7 +1079,7 @@ struct mxr_layer *mxr_base_layer_create(struct mxr_device *mdev, layer->mdev = mdev; layer->idx = idx; @@ -35594,30 +36518,8 @@ index 3d13a63..da31bf1 100644 .release = mxr_vp_layer_release, .buffer_set = mxr_vp_buffer_set, .stream_set = mxr_vp_stream_set, -diff --git a/drivers/media/platform/timblogiw.c b/drivers/media/platform/timblogiw.c -index 02194c0..36d69c1 100644 ---- a/drivers/media/platform/timblogiw.c -+++ b/drivers/media/platform/timblogiw.c -@@ -745,7 +745,7 @@ static int timblogiw_mmap(struct file *file, struct vm_area_struct *vma) - - /* Platform device functions */ - --static __devinitconst struct v4l2_ioctl_ops timblogiw_ioctl_ops = { -+static struct v4l2_ioctl_ops timblogiw_ioctl_ops = { - .vidioc_querycap = timblogiw_querycap, - .vidioc_enum_fmt_vid_cap = timblogiw_enum_fmt, - .vidioc_g_fmt_vid_cap = timblogiw_g_fmt, -@@ -767,7 +767,7 @@ static __devinitconst struct v4l2_ioctl_ops timblogiw_ioctl_ops = { - .vidioc_enum_framesizes = timblogiw_enum_framesizes, - }; - --static __devinitconst struct v4l2_file_operations timblogiw_fops = { -+static struct v4l2_file_operations timblogiw_fops = { - .owner = THIS_MODULE, - .open = timblogiw_open, - .release = timblogiw_close, diff --git a/drivers/media/radio/radio-cadet.c b/drivers/media/radio/radio-cadet.c -index 697a421..16c5a5f 100644 +index 643d80a..56bb96b 100644 --- a/drivers/media/radio/radio-cadet.c +++ b/drivers/media/radio/radio-cadet.c @@ -302,6 +302,8 @@ static ssize_t cadet_read(struct file *file, char __user *data, size_t count, lo @@ -35683,7 +36585,7 @@ index fb69baa..cf7ad22 100644 * Rounding UP to nearest 4-kB boundary here... */ diff --git a/drivers/message/fusion/mptsas.c b/drivers/message/fusion/mptsas.c -index 551262e..7551198 100644 +index fa43c39..daeb158 100644 --- a/drivers/message/fusion/mptsas.c +++ b/drivers/message/fusion/mptsas.c @@ -446,6 +446,23 @@ mptsas_is_end_device(struct mptsas_devinfo * attached) @@ -35735,10 +36637,10 @@ index 551262e..7551198 100644 mptsas_get_port(struct mptsas_phyinfo *phy_info) { diff --git a/drivers/message/fusion/mptscsih.c b/drivers/message/fusion/mptscsih.c -index 0c3ced7..1fe34ec 100644 +index 164afa7..b6b2e74 100644 --- a/drivers/message/fusion/mptscsih.c +++ b/drivers/message/fusion/mptscsih.c -@@ -1270,15 +1270,16 @@ mptscsih_info(struct Scsi_Host *SChost) +@@ -1271,15 +1271,16 @@ mptscsih_info(struct Scsi_Host *SChost) h = shost_priv(SChost); @@ -35923,7 +36825,7 @@ index a8c08f3..155fe3d 100644 #endif diff --git a/drivers/mfd/janz-cmodio.c b/drivers/mfd/janz-cmodio.c -index 965c480..71f2db9 100644 +index 45ece11..8efa218 100644 --- a/drivers/mfd/janz-cmodio.c +++ b/drivers/mfd/janz-cmodio.c @@ -13,6 +13,7 @@ @@ -36289,10 +37191,10 @@ index d971817..33bdca5 100644 break; diff --git a/drivers/mmc/core/mmc_ops.c b/drivers/mmc/core/mmc_ops.c -index a0e1720..ee63d0b 100644 +index 6d8f701..35b6369 100644 --- a/drivers/mmc/core/mmc_ops.c +++ b/drivers/mmc/core/mmc_ops.c -@@ -245,7 +245,7 @@ mmc_send_cxd_data(struct mmc_card *card, struct mmc_host *host, +@@ -247,7 +247,7 @@ mmc_send_cxd_data(struct mmc_card *card, struct mmc_host *host, void *data_buf; int is_on_stack; @@ -36313,10 +37215,10 @@ index 53b8fd9..615b462 100644 +} __do_const; #endif /* _DW_MMC_H_ */ diff --git a/drivers/mmc/host/sdhci-s3c.c b/drivers/mmc/host/sdhci-s3c.c -index c9ec725..178e79a 100644 +index 82a8de1..3c56ccb 100644 --- a/drivers/mmc/host/sdhci-s3c.c +++ b/drivers/mmc/host/sdhci-s3c.c -@@ -719,9 +719,11 @@ static int __devinit sdhci_s3c_probe(struct platform_device *pdev) +@@ -721,9 +721,11 @@ static int sdhci_s3c_probe(struct platform_device *pdev) * we can use overriding functions instead of default. */ if (host->quirks & SDHCI_QUIRK_NONSTANDARD_CLOCK) { @@ -36345,11 +37247,11 @@ index a4eb8b5..8c0628f 100644 "ECC needs a full sector write (adr: %lx size %lx)\n", (long) to, (long) len); diff --git a/drivers/mtd/nand/denali.c b/drivers/mtd/nand/denali.c -index e706a23..b3d262f 100644 +index 0c8bb6b..6f35deb 100644 --- a/drivers/mtd/nand/denali.c +++ b/drivers/mtd/nand/denali.c -@@ -26,6 +26,7 @@ - #include <linux/pci.h> +@@ -24,6 +24,7 @@ + #include <linux/slab.h> #include <linux/mtd/mtd.h> #include <linux/module.h> +#include <linux/slab.h> @@ -36369,7 +37271,7 @@ index 51b9d6a..52af9a7 100644 #include <linux/mtd/nand.h> #include <linux/mtd/nftl.h> diff --git a/drivers/net/ethernet/8390/ax88796.c b/drivers/net/ethernet/8390/ax88796.c -index 203ff9d..0968ca8 100644 +index 70dba5d..11a0919 100644 --- a/drivers/net/ethernet/8390/ax88796.c +++ b/drivers/net/ethernet/8390/ax88796.c @@ -872,9 +872,11 @@ static int ax_probe(struct platform_device *pdev) @@ -36386,10 +37288,10 @@ index 203ff9d..0968ca8 100644 if (!request_mem_region(mem->start, mem_size, pdev->name)) { diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h -index 9c5ea6c..eaad276 100644 +index 0991534..8098e92 100644 --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h +++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h -@@ -1046,7 +1046,7 @@ static inline u8 bnx2x_get_path_func_num(struct bnx2x *bp) +@@ -1094,7 +1094,7 @@ static inline u8 bnx2x_get_path_func_num(struct bnx2x *bp) static inline void bnx2x_init_bp_objs(struct bnx2x *bp) { /* RX_MODE controlling object */ @@ -36399,7 +37301,7 @@ index 9c5ea6c..eaad276 100644 /* multicast configuration controlling object */ bnx2x_init_mcast_obj(bp, &bp->mcast_obj, bp->fp->cl_id, bp->fp->cid, diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c -index 614981c..11216c7 100644 +index 09b625e..15b16fe 100644 --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c +++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c @@ -2375,15 +2375,14 @@ int bnx2x_config_rx_mode(struct bnx2x *bp, @@ -36424,10 +37326,10 @@ index 614981c..11216c7 100644 } diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h -index acf2fe4..efb96df 100644 +index adbd91b..58ec94a 100644 --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h +++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h -@@ -1281,8 +1281,7 @@ int bnx2x_vlan_mac_move(struct bnx2x *bp, +@@ -1293,8 +1293,7 @@ int bnx2x_vlan_mac_move(struct bnx2x *bp, /********************* RX MODE ****************/ @@ -36438,10 +37340,10 @@ index acf2fe4..efb96df 100644 /** * bnx2x_config_rx_mode - Send and RX_MODE ramrod according to the provided parameters. diff --git a/drivers/net/ethernet/broadcom/tg3.h b/drivers/net/ethernet/broadcom/tg3.h -index d9308c32..d87b824 100644 +index d330e81..ce1fb9a 100644 --- a/drivers/net/ethernet/broadcom/tg3.h +++ b/drivers/net/ethernet/broadcom/tg3.h -@@ -140,6 +140,7 @@ +@@ -146,6 +146,7 @@ #define CHIPREV_ID_5750_A0 0x4000 #define CHIPREV_ID_5750_A1 0x4001 #define CHIPREV_ID_5750_A3 0x4003 @@ -36463,7 +37365,7 @@ index 8cffcdf..aadf043 100644 #define L2T_SKB_CB(skb) ((struct l2t_skb_cb *)(skb)->cb) diff --git a/drivers/net/ethernet/dec/tulip/de4x5.c b/drivers/net/ethernet/dec/tulip/de4x5.c -index f879e92..726f20f 100644 +index 4c83003..2a2a5b9 100644 --- a/drivers/net/ethernet/dec/tulip/de4x5.c +++ b/drivers/net/ethernet/dec/tulip/de4x5.c @@ -5388,7 +5388,7 @@ de4x5_ioctl(struct net_device *dev, struct ifreq *rq, int cmd) @@ -36485,10 +37387,10 @@ index f879e92..726f20f 100644 break; } diff --git a/drivers/net/ethernet/emulex/benet/be_main.c b/drivers/net/ethernet/emulex/benet/be_main.c -index d1b6cc5..cde0d97 100644 +index 4d6f3c5..6169e60 100644 --- a/drivers/net/ethernet/emulex/benet/be_main.c +++ b/drivers/net/ethernet/emulex/benet/be_main.c -@@ -403,7 +403,7 @@ static void accumulate_16bit_val(u32 *acc, u16 val) +@@ -455,7 +455,7 @@ static void accumulate_16bit_val(u32 *acc, u16 val) if (wrapped) newacc += 65536; @@ -36524,20 +37426,20 @@ index b901a01..1ff32ee 100644 #include "ftmac100.h" diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c -index d929131..aed108f 100644 +index bb9256a..56d8752 100644 --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c -@@ -865,7 +865,7 @@ void ixgbe_ptp_start_cyclecounter(struct ixgbe_adapter *adapter) - /* store the new cycle speed */ - adapter->cycle_speed = cycle_speed; +@@ -806,7 +806,7 @@ void ixgbe_ptp_start_cyclecounter(struct ixgbe_adapter *adapter) + } + /* update the base incval used to calculate frequency adjustment */ - ACCESS_ONCE(adapter->base_incval) = incval; + ACCESS_ONCE_RW(adapter->base_incval) = incval; smp_mb(); - /* grab the ptp lock */ + /* need lock to prevent incorrect read while modifying cyclecounter */ diff --git a/drivers/net/ethernet/neterion/vxge/vxge-config.c b/drivers/net/ethernet/neterion/vxge/vxge-config.c -index c2e420a..26a75e0 100644 +index fbe5363..266b4e3 100644 --- a/drivers/net/ethernet/neterion/vxge/vxge-config.c +++ b/drivers/net/ethernet/neterion/vxge/vxge-config.c @@ -3461,7 +3461,10 @@ __vxge_hw_fifo_create(struct __vxge_hw_vpath_handle *vp, @@ -36562,10 +37464,10 @@ index c2e420a..26a75e0 100644 __vxge_hw_mempool_create(vpath->hldev, fifo->config->memblock_size, diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c -index 6afe74e..2e2950f 100644 +index 998974f..ecd26db 100644 --- a/drivers/net/ethernet/realtek/r8169.c +++ b/drivers/net/ethernet/realtek/r8169.c -@@ -747,22 +747,22 @@ struct rtl8169_private { +@@ -741,22 +741,22 @@ struct rtl8169_private { struct mdio_ops { void (*write)(struct rtl8169_private *, int, int); int (*read)(struct rtl8169_private *, int); @@ -36621,7 +37523,7 @@ index 0c74a70..3bc6f68 100644 /* To mask all all interrupts.*/ diff --git a/drivers/net/hyperv/hyperv_net.h b/drivers/net/hyperv/hyperv_net.h -index 5fd6f46..ee1f265 100644 +index e6fe0d8..2b7d752 100644 --- a/drivers/net/hyperv/hyperv_net.h +++ b/drivers/net/hyperv/hyperv_net.h @@ -101,7 +101,7 @@ struct rndis_device { @@ -36634,7 +37536,7 @@ index 5fd6f46..ee1f265 100644 spinlock_t request_lock; struct list_head req_list; diff --git a/drivers/net/hyperv/rndis_filter.c b/drivers/net/hyperv/rndis_filter.c -index 928148c..d83298e 100644 +index 2b657d4..9903bc0 100644 --- a/drivers/net/hyperv/rndis_filter.c +++ b/drivers/net/hyperv/rndis_filter.c @@ -107,7 +107,7 @@ static struct rndis_request *get_rndis_request(struct rndis_device *dev, @@ -36646,7 +37548,7 @@ index 928148c..d83298e 100644 /* Add to the request list */ spin_lock_irqsave(&dev->request_lock, flags); -@@ -760,7 +760,7 @@ static void rndis_filter_halt_device(struct rndis_device *dev) +@@ -758,7 +758,7 @@ static void rndis_filter_halt_device(struct rndis_device *dev) /* Setup the rndis set */ halt = &request->request_msg.msg.halt_req; @@ -36656,10 +37558,10 @@ index 928148c..d83298e 100644 /* Ignore return since this msg is optional. */ rndis_filter_send_request(dev, request); diff --git a/drivers/net/ieee802154/fakehard.c b/drivers/net/ieee802154/fakehard.c -index 7d39add..037e1da 100644 +index 1e9cb0b..7839125 100644 --- a/drivers/net/ieee802154/fakehard.c +++ b/drivers/net/ieee802154/fakehard.c -@@ -386,7 +386,7 @@ static int __devinit ieee802154fake_probe(struct platform_device *pdev) +@@ -386,7 +386,7 @@ static int ieee802154fake_probe(struct platform_device *pdev) phy->transmit_power = 0xbf; dev->netdev_ops = &fake_ops; @@ -36668,6 +37570,19 @@ index 7d39add..037e1da 100644 priv = netdev_priv(dev); priv->phy = phy; +diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c +index d3fb97d..e229d3e 100644 +--- a/drivers/net/macvlan.c ++++ b/drivers/net/macvlan.c +@@ -913,7 +913,7 @@ static int macvlan_device_event(struct notifier_block *unused, + return NOTIFY_DONE; + } + +-static struct notifier_block macvlan_notifier_block __read_mostly = { ++static struct notifier_block macvlan_notifier_block = { + .notifier_call = macvlan_device_event, + }; + diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c index 0f0f9ce..0ca5819 100644 --- a/drivers/net/macvtap.c @@ -36694,7 +37609,7 @@ index daec9b0..6428fcb 100644 } EXPORT_SYMBOL(free_mdio_bitbang); diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c -index eb3f5ce..d773730 100644 +index 0b2706a..ba1430d 100644 --- a/drivers/net/ppp/ppp_generic.c +++ b/drivers/net/ppp/ppp_generic.c @@ -999,7 +999,6 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) @@ -36729,10 +37644,10 @@ index ad86660..9fd0884 100644 }; diff --git a/drivers/net/tun.c b/drivers/net/tun.c -index 0873cdc..ddb178e 100644 +index 2917a86..edd463f 100644 --- a/drivers/net/tun.c +++ b/drivers/net/tun.c -@@ -1374,7 +1374,7 @@ static int set_offload(struct tun_struct *tun, unsigned long arg) +@@ -1836,7 +1836,7 @@ unlock: } static long __tun_chr_ioctl(struct file *file, unsigned int cmd, @@ -36741,18 +37656,18 @@ index 0873cdc..ddb178e 100644 { struct tun_file *tfile = file->private_data; struct tun_struct *tun; -@@ -1387,6 +1387,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd, +@@ -1848,6 +1848,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd, int vnet_hdr_sz; int ret; + if (ifreq_len > sizeof ifr) + return -EFAULT; + - if (cmd == TUNSETIFF || _IOC_TYPE(cmd) == 0x89) { + if (cmd == TUNSETIFF || cmd == TUNSETQUEUE || _IOC_TYPE(cmd) == 0x89) { if (copy_from_user(&ifr, argp, ifreq_len)) return -EFAULT; diff --git a/drivers/net/usb/hso.c b/drivers/net/usb/hso.c -index 605a4ba..a883dd1 100644 +index cd8ccb2..cff5144 100644 --- a/drivers/net/usb/hso.c +++ b/drivers/net/usb/hso.c @@ -71,7 +71,7 @@ @@ -36833,7 +37748,7 @@ index 605a4ba..a883dd1 100644 /* Setup and send a ctrl req read on * port i */ if (!serial->rx_urb_filled[0]) { -@@ -3078,7 +3077,7 @@ static int hso_resume(struct usb_interface *iface) +@@ -3079,7 +3078,7 @@ static int hso_resume(struct usb_interface *iface) /* Start all serial ports */ for (i = 0; i < HSO_SERIAL_TTY_MINORS; i++) { if (serial_table[i] && (serial_table[i]->interface == iface)) { @@ -36842,63 +37757,6 @@ index 605a4ba..a883dd1 100644 result = hso_start_serial_device(serial_table[i], GFP_NOIO); hso_kick_transmit(dev2ser(serial_table[i])); -diff --git a/drivers/net/usb/usbnet.c b/drivers/net/usb/usbnet.c -index edb81ed..ab8931c 100644 ---- a/drivers/net/usb/usbnet.c -+++ b/drivers/net/usb/usbnet.c -@@ -380,6 +380,12 @@ static int rx_submit (struct usbnet *dev, struct urb *urb, gfp_t flags) - unsigned long lockflags; - size_t size = dev->rx_urb_size; - -+ /* prevent rx skb allocation when error ratio is high */ -+ if (test_bit(EVENT_RX_KILL, &dev->flags)) { -+ usb_free_urb(urb); -+ return -ENOLINK; -+ } -+ - skb = __netdev_alloc_skb_ip_align(dev->net, size, flags); - if (!skb) { - netif_dbg(dev, rx_err, dev->net, "no rx skb\n"); -@@ -539,6 +545,17 @@ block: - break; - } - -+ /* stop rx if packet error rate is high */ -+ if (++dev->pkt_cnt > 30) { -+ dev->pkt_cnt = 0; -+ dev->pkt_err = 0; -+ } else { -+ if (state == rx_cleanup) -+ dev->pkt_err++; -+ if (dev->pkt_err > 20) -+ set_bit(EVENT_RX_KILL, &dev->flags); -+ } -+ - state = defer_bh(dev, skb, &dev->rxq, state); - - if (urb) { -@@ -790,6 +807,11 @@ int usbnet_open (struct net_device *net) - (dev->driver_info->flags & FLAG_FRAMING_AX) ? "ASIX" : - "simple"); - -+ /* reset rx error state */ -+ dev->pkt_cnt = 0; -+ dev->pkt_err = 0; -+ clear_bit(EVENT_RX_KILL, &dev->flags); -+ - // delay posting reads until we're fully open - tasklet_schedule (&dev->bh); - if (info->manage_power) { -@@ -1253,6 +1275,9 @@ static void usbnet_bh (unsigned long param) - } - } - -+ /* restart RX again after disabling due to high error rate */ -+ clear_bit(EVENT_RX_KILL, &dev->flags); -+ - // waiting for all pending urbs to complete? - if (dev->wait) { - if ((dev->txq.qlen + dev->rxq.qlen + dev->done.qlen) == 0) { diff --git a/drivers/net/wireless/ath/ath9k/ar9002_mac.c b/drivers/net/wireless/ath/ath9k/ar9002_mac.c index 8d78253..bebbb68 100644 --- a/drivers/net/wireless/ath/ath9k/ar9002_mac.c @@ -37105,10 +37963,10 @@ index 301bf72..3f5654f 100644 static u16 ar9003_calc_ptr_chksum(struct ar9003_txc *ads) diff --git a/drivers/net/wireless/ath/ath9k/hw.h b/drivers/net/wireless/ath/ath9k/hw.h -index b68aaf5..fb20845 100644 +index 9d26fc5..60d9f14 100644 --- a/drivers/net/wireless/ath/ath9k/hw.h +++ b/drivers/net/wireless/ath/ath9k/hw.h -@@ -657,7 +657,7 @@ struct ath_hw_private_ops { +@@ -658,7 +658,7 @@ struct ath_hw_private_ops { /* ANI */ void (*ani_cache_ini_regs)(struct ath_hw *ah); @@ -37117,7 +37975,7 @@ index b68aaf5..fb20845 100644 /** * struct ath_hw_ops - callbacks used by hardware code and driver code -@@ -687,7 +687,7 @@ struct ath_hw_ops { +@@ -688,7 +688,7 @@ struct ath_hw_ops { void (*antdiv_comb_conf_set)(struct ath_hw *ah, struct ath_hw_antcomb_conf *antconf); void (*antctrl_shared_chain_lnadiv)(struct ath_hw *hw, bool enable); @@ -37126,30 +37984,8 @@ index b68aaf5..fb20845 100644 struct ath_nf_limits { s16 max; -diff --git a/drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.h b/drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.h -index 71ced17..cd82b12 100644 ---- a/drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.h -+++ b/drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.h -@@ -184,7 +184,7 @@ struct brcmf_cfg80211_event_loop { - struct net_device *ndev, - const struct brcmf_event_msg *e, - void *data); --}; -+} __no_const; - - /* basic structure of scan request */ - struct brcmf_cfg80211_scan_req { -@@ -239,7 +239,7 @@ struct brcmf_cfg80211_profile { - struct brcmf_cfg80211_iscan_eloop { - s32 (*handler[WL_SCAN_ERSULTS_LAST]) - (struct brcmf_cfg80211_info *cfg); --}; -+} __no_const; - - /* dongle iscan controller */ - struct brcmf_cfg80211_iscan_ctrl { diff --git a/drivers/net/wireless/iwlegacy/3945-mac.c b/drivers/net/wireless/iwlegacy/3945-mac.c -index e252acb..6ad1e65 100644 +index 3726cd6..b655808 100644 --- a/drivers/net/wireless/iwlegacy/3945-mac.c +++ b/drivers/net/wireless/iwlegacy/3945-mac.c @@ -3615,7 +3615,9 @@ il3945_pci_probe(struct pci_dev *pdev, const struct pci_device_id *ent) @@ -37164,7 +38000,7 @@ index e252acb..6ad1e65 100644 D_INFO("*** LOAD DRIVER ***\n"); diff --git a/drivers/net/wireless/iwlwifi/dvm/debugfs.c b/drivers/net/wireless/iwlwifi/dvm/debugfs.c -index 1a98fa3..51e6661 100644 +index 5b9533e..7733880 100644 --- a/drivers/net/wireless/iwlwifi/dvm/debugfs.c +++ b/drivers/net/wireless/iwlwifi/dvm/debugfs.c @@ -203,7 +203,7 @@ static ssize_t iwl_dbgfs_sram_write(struct file *file, @@ -37285,10 +38121,10 @@ index 1a98fa3..51e6661 100644 memset(buf, 0, sizeof(buf)); buf_size = min(count, sizeof(buf) - 1); diff --git a/drivers/net/wireless/iwlwifi/pcie/trans.c b/drivers/net/wireless/iwlwifi/pcie/trans.c -index fe0fffd..b4c5724 100644 +index 35708b9..31f7754 100644 --- a/drivers/net/wireless/iwlwifi/pcie/trans.c +++ b/drivers/net/wireless/iwlwifi/pcie/trans.c -@@ -1967,7 +1967,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file, +@@ -1100,7 +1100,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file, struct isr_statistics *isr_stats = &trans_pcie->isr_stats; char buf[8]; @@ -37297,7 +38133,7 @@ index fe0fffd..b4c5724 100644 u32 reset_flag; memset(buf, 0, sizeof(buf)); -@@ -1988,7 +1988,7 @@ static ssize_t iwl_dbgfs_csr_write(struct file *file, +@@ -1121,7 +1121,7 @@ static ssize_t iwl_dbgfs_csr_write(struct file *file, { struct iwl_trans *trans = file->private_data; char buf[8]; @@ -37307,29 +38143,53 @@ index fe0fffd..b4c5724 100644 memset(buf, 0, sizeof(buf)); diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c -index 429ca32..f86236b 100644 +index ff90855..e46d223 100644 --- a/drivers/net/wireless/mac80211_hwsim.c +++ b/drivers/net/wireless/mac80211_hwsim.c -@@ -1751,9 +1751,11 @@ static int __init init_mac80211_hwsim(void) - return -EINVAL; +@@ -2062,25 +2062,19 @@ static int __init init_mac80211_hwsim(void) - if (fake_hw_scan) { + if (channels > 1) { + hwsim_if_comb.num_different_channels = channels; - mac80211_hwsim_ops.hw_scan = mac80211_hwsim_hw_scan; +- mac80211_hwsim_ops.cancel_hw_scan = +- mac80211_hwsim_cancel_hw_scan; - mac80211_hwsim_ops.sw_scan_start = NULL; - mac80211_hwsim_ops.sw_scan_complete = NULL; +- mac80211_hwsim_ops.remain_on_channel = +- mac80211_hwsim_roc; +- mac80211_hwsim_ops.cancel_remain_on_channel = +- mac80211_hwsim_croc; +- mac80211_hwsim_ops.add_chanctx = +- mac80211_hwsim_add_chanctx; +- mac80211_hwsim_ops.remove_chanctx = +- mac80211_hwsim_remove_chanctx; +- mac80211_hwsim_ops.change_chanctx = +- mac80211_hwsim_change_chanctx; +- mac80211_hwsim_ops.assign_vif_chanctx = +- mac80211_hwsim_assign_vif_chanctx; +- mac80211_hwsim_ops.unassign_vif_chanctx = +- mac80211_hwsim_unassign_vif_chanctx; + pax_open_kernel(); + *(void **)&mac80211_hwsim_ops.hw_scan = mac80211_hwsim_hw_scan; ++ *(void **)&mac80211_hwsim_ops.cancel_hw_scan = mac80211_hwsim_cancel_hw_scan; + *(void **)&mac80211_hwsim_ops.sw_scan_start = NULL; + *(void **)&mac80211_hwsim_ops.sw_scan_complete = NULL; ++ *(void **)&mac80211_hwsim_ops.remain_on_channel = mac80211_hwsim_roc; ++ *(void **)&mac80211_hwsim_ops.cancel_remain_on_channel = mac80211_hwsim_croc; ++ *(void **)&mac80211_hwsim_ops.add_chanctx = mac80211_hwsim_add_chanctx; ++ *(void **)&mac80211_hwsim_ops.remove_chanctx = mac80211_hwsim_remove_chanctx; ++ *(void **)&mac80211_hwsim_ops.change_chanctx = mac80211_hwsim_change_chanctx; ++ *(void **)&mac80211_hwsim_ops.assign_vif_chanctx = mac80211_hwsim_assign_vif_chanctx; ++ *(void **)&mac80211_hwsim_ops.unassign_vif_chanctx = mac80211_hwsim_unassign_vif_chanctx; + pax_close_kernel(); } spin_lock_init(&hwsim_radio_lock); diff --git a/drivers/net/wireless/rndis_wlan.c b/drivers/net/wireless/rndis_wlan.c -index bd1f0cb..db85ab0 100644 +index abe1d03..fb02c22 100644 --- a/drivers/net/wireless/rndis_wlan.c +++ b/drivers/net/wireless/rndis_wlan.c -@@ -1235,7 +1235,7 @@ static int set_rts_threshold(struct usbnet *usbdev, u32 rts_threshold) +@@ -1238,7 +1238,7 @@ static int set_rts_threshold(struct usbnet *usbdev, u32 rts_threshold) netdev_dbg(usbdev->net, "%s(): %i\n", __func__, rts_threshold); @@ -37368,7 +38228,7 @@ index e488b94..14b6a0c 100644 hdr->seq_ctrl &= cpu_to_le16(IEEE80211_SCTL_FRAG); hdr->seq_ctrl |= cpu_to_le16(seqno); diff --git a/drivers/net/wireless/ti/wl1251/sdio.c b/drivers/net/wireless/ti/wl1251/sdio.c -index e2750a1..797e179 100644 +index e57ee48..541cf6c 100644 --- a/drivers/net/wireless/ti/wl1251/sdio.c +++ b/drivers/net/wireless/ti/wl1251/sdio.c @@ -269,13 +269,17 @@ static int wl1251_sdio_probe(struct sdio_func *func, @@ -37394,7 +38254,7 @@ index e2750a1..797e179 100644 wl1251_info("using SDIO interrupt"); } diff --git a/drivers/net/wireless/ti/wl12xx/main.c b/drivers/net/wireless/ti/wl12xx/main.c -index dadf1db..d9db7a7 100644 +index e5f5f8f..fdf15b7 100644 --- a/drivers/net/wireless/ti/wl12xx/main.c +++ b/drivers/net/wireless/ti/wl12xx/main.c @@ -644,7 +644,9 @@ static int wl12xx_identify_chip(struct wl1271 *wl) @@ -37420,7 +38280,7 @@ index dadf1db..d9db7a7 100644 wlcore_set_min_fw_ver(wl, WL127X_CHIP_VER, WL127X_IFTYPE_VER, WL127X_MAJOR_VER, WL127X_SUBTYPE_VER, diff --git a/drivers/net/wireless/ti/wl18xx/main.c b/drivers/net/wireless/ti/wl18xx/main.c -index a39682a..1e8220c 100644 +index 8d8c1f8..e754844 100644 --- a/drivers/net/wireless/ti/wl18xx/main.c +++ b/drivers/net/wireless/ti/wl18xx/main.c @@ -1489,8 +1489,10 @@ static int wl18xx_setup(struct wl1271 *wl) @@ -37556,6 +38416,19 @@ index 849357c..b83c1e0 100644 { return __oprofilefs_create_file(sb, root, name, &atomic_ro_fops, 0444, val); +diff --git a/drivers/oprofile/timer_int.c b/drivers/oprofile/timer_int.c +index 93404f7..4a313d8 100644 +--- a/drivers/oprofile/timer_int.c ++++ b/drivers/oprofile/timer_int.c +@@ -93,7 +93,7 @@ static int __cpuinit oprofile_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __refdata oprofile_cpu_notifier = { ++static struct notifier_block oprofile_cpu_notifier = { + .notifier_call = oprofile_cpu_notify, + }; + diff --git a/drivers/parport/procfs.c b/drivers/parport/procfs.c index 3f56bc0..707d642 100644 --- a/drivers/parport/procfs.c @@ -37610,7 +38483,7 @@ index a6a71c4..c91097b 100644 status = cpci_hp_register_controller(&generic_hpc); diff --git a/drivers/pci/hotplug/cpcihp_zt5550.c b/drivers/pci/hotplug/cpcihp_zt5550.c -index 6bf8d2a..9711ce0 100644 +index 449b4bb..257e2e8 100644 --- a/drivers/pci/hotplug/cpcihp_zt5550.c +++ b/drivers/pci/hotplug/cpcihp_zt5550.c @@ -59,7 +59,6 @@ @@ -37673,7 +38546,7 @@ index 76ba8a1..20ca857 100644 /* initialize our int15 lock */ diff --git a/drivers/pci/pcie/aspm.c b/drivers/pci/pcie/aspm.c -index 449f257..0731e96 100644 +index 8474b6a..ee81993 100644 --- a/drivers/pci/pcie/aspm.c +++ b/drivers/pci/pcie/aspm.c @@ -27,9 +27,9 @@ @@ -37690,7 +38563,7 @@ index 449f257..0731e96 100644 #define ASPM_STATE_ALL (ASPM_STATE_L0S | ASPM_STATE_L1) diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c -index ec909af..e7517f3 100644 +index 6186f03..1a78714 100644 --- a/drivers/pci/probe.c +++ b/drivers/pci/probe.c @@ -173,7 +173,7 @@ int __pci_read_base(struct pci_dev *dev, enum pci_bar_type type, @@ -37724,7 +38597,7 @@ index 9b8505c..f00870a 100644 &proc_bus_pci_dev_operations); proc_initialized = 1; diff --git a/drivers/platform/x86/thinkpad_acpi.c b/drivers/platform/x86/thinkpad_acpi.c -index 75dd651..2af4c9a 100644 +index f946ca7..f25c833 100644 --- a/drivers/platform/x86/thinkpad_acpi.c +++ b/drivers/platform/x86/thinkpad_acpi.c @@ -2097,7 +2097,7 @@ static int hotkey_mask_get(void) @@ -37916,7 +38789,7 @@ index 769d265..a3a05ca 100644 + pax_close_kernel(); } diff --git a/drivers/pnp/resource.c b/drivers/pnp/resource.c -index b0ecacb..7c9da2e 100644 +index 3e6db1c..1fbbdae 100644 --- a/drivers/pnp/resource.c +++ b/drivers/pnp/resource.c @@ -360,7 +360,7 @@ int pnp_check_irq(struct pnp_dev *dev, struct resource *res) @@ -37963,10 +38836,10 @@ index 7df7c5f..bd48c47 100644 if (ret) { dev_err(dev, "failure to register otg notifier\n"); diff --git a/drivers/regulator/max8660.c b/drivers/regulator/max8660.c -index 8d53174..04c65de 100644 +index 4d7c635..9860196 100644 --- a/drivers/regulator/max8660.c +++ b/drivers/regulator/max8660.c -@@ -333,8 +333,10 @@ static int __devinit max8660_probe(struct i2c_client *client, +@@ -333,8 +333,10 @@ static int max8660_probe(struct i2c_client *client, max8660->shadow_regs[MAX8660_OVER1] = 5; } else { /* Otherwise devices can be toggled via software */ @@ -37979,11 +38852,30 @@ index 8d53174..04c65de 100644 } /* +diff --git a/drivers/regulator/max8973-regulator.c b/drivers/regulator/max8973-regulator.c +index 9a8ea91..c483dd9 100644 +--- a/drivers/regulator/max8973-regulator.c ++++ b/drivers/regulator/max8973-regulator.c +@@ -401,9 +401,11 @@ static int max8973_probe(struct i2c_client *client, + if (!pdata->enable_ext_control) { + max->desc.enable_reg = MAX8973_VOUT; + max->desc.enable_mask = MAX8973_VOUT_ENABLE; +- max8973_dcdc_ops.enable = regulator_enable_regmap; +- max8973_dcdc_ops.disable = regulator_disable_regmap; +- max8973_dcdc_ops.is_enabled = regulator_is_enabled_regmap; ++ pax_open_kernel(); ++ *(void **)&max8973_dcdc_ops.enable = regulator_enable_regmap; ++ *(void **)&max8973_dcdc_ops.disable = regulator_disable_regmap; ++ *(void **)&max8973_dcdc_ops.is_enabled = regulator_is_enabled_regmap; ++ pax_close_kernel(); + } + + max->enable_external_control = pdata->enable_ext_control; diff --git a/drivers/regulator/mc13892-regulator.c b/drivers/regulator/mc13892-regulator.c -index 1fa6381..f58834e 100644 +index 0d84b1f..c2da6ac 100644 --- a/drivers/regulator/mc13892-regulator.c +++ b/drivers/regulator/mc13892-regulator.c -@@ -540,10 +540,12 @@ static int __devinit mc13892_regulator_probe(struct platform_device *pdev) +@@ -540,10 +540,12 @@ static int mc13892_regulator_probe(struct platform_device *pdev) } mc13xxx_unlock(mc13892); @@ -37999,7 +38891,7 @@ index 1fa6381..f58834e 100644 mc13xxx_data = mc13xxx_parse_regulators_dt(pdev, mc13892_regulators, ARRAY_SIZE(mc13892_regulators)); diff --git a/drivers/rtc/rtc-dev.c b/drivers/rtc/rtc-dev.c -index cace6d3..f623fda 100644 +index 9a86b4b..3a383dc 100644 --- a/drivers/rtc/rtc-dev.c +++ b/drivers/rtc/rtc-dev.c @@ -14,6 +14,7 @@ @@ -38090,7 +38982,7 @@ index 593085a..47aa999 100644 /* These three are default values which can be overridden */ diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c -index 4217e49..9c77e3e 100644 +index 4f33806..afd6f60 100644 --- a/drivers/scsi/hpsa.c +++ b/drivers/scsi/hpsa.c @@ -554,7 +554,7 @@ static inline u32 next_command(struct ctlr_info *h, u8 q) @@ -38141,7 +39033,7 @@ index 4217e49..9c77e3e 100644 (h->interrupts_enabled == 0); } -@@ -4318,7 +4318,7 @@ static int __devinit hpsa_pci_init(struct ctlr_info *h) +@@ -4316,7 +4316,7 @@ static int hpsa_pci_init(struct ctlr_info *h) if (prod_index < 0) return -ENODEV; h->product_name = products[prod_index].product_name; @@ -38150,7 +39042,7 @@ index 4217e49..9c77e3e 100644 pci_disable_link_state(h->pdev, PCIE_LINK_STATE_L0S | PCIE_LINK_STATE_L1 | PCIE_LINK_STATE_CLKPM); -@@ -4600,7 +4600,7 @@ static void controller_lockup_detected(struct ctlr_info *h) +@@ -4598,7 +4598,7 @@ static void controller_lockup_detected(struct ctlr_info *h) assert_spin_locked(&lockup_detector_lock); remove_ctlr_from_lockup_detector_list(h); @@ -38159,7 +39051,7 @@ index 4217e49..9c77e3e 100644 spin_lock_irqsave(&h->lock, flags); h->lockup_detected = readl(h->vaddr + SA5_SCRATCHPAD_OFFSET); spin_unlock_irqrestore(&h->lock, flags); -@@ -4778,7 +4778,7 @@ reinit_after_soft_reset: +@@ -4775,7 +4775,7 @@ reinit_after_soft_reset: } /* make sure the board interrupts are off */ @@ -38168,7 +39060,7 @@ index 4217e49..9c77e3e 100644 if (hpsa_request_irq(h, do_hpsa_intr_msi, do_hpsa_intr_intx)) goto clean2; -@@ -4812,7 +4812,7 @@ reinit_after_soft_reset: +@@ -4809,7 +4809,7 @@ reinit_after_soft_reset: * fake ones to scoop up any residual completions. */ spin_lock_irqsave(&h->lock, flags); @@ -38177,7 +39069,7 @@ index 4217e49..9c77e3e 100644 spin_unlock_irqrestore(&h->lock, flags); free_irqs(h); rc = hpsa_request_irq(h, hpsa_msix_discard_completions, -@@ -4831,9 +4831,9 @@ reinit_after_soft_reset: +@@ -4828,9 +4828,9 @@ reinit_after_soft_reset: dev_info(&h->pdev->dev, "Board READY.\n"); dev_info(&h->pdev->dev, "Waiting for stale completions to drain.\n"); @@ -38189,7 +39081,7 @@ index 4217e49..9c77e3e 100644 rc = controller_reset_failed(h->cfgtable); if (rc) -@@ -4854,7 +4854,7 @@ reinit_after_soft_reset: +@@ -4851,7 +4851,7 @@ reinit_after_soft_reset: } /* Turn the interrupts on so we can service requests */ @@ -38198,7 +39090,7 @@ index 4217e49..9c77e3e 100644 hpsa_hba_inquiry(h); hpsa_register_scsi(h); /* hook ourselves into SCSI subsystem */ -@@ -4906,7 +4906,7 @@ static void hpsa_shutdown(struct pci_dev *pdev) +@@ -4903,7 +4903,7 @@ static void hpsa_shutdown(struct pci_dev *pdev) * To write all data in the battery backed cache to disks */ hpsa_flush_cache(h); @@ -38207,7 +39099,7 @@ index 4217e49..9c77e3e 100644 hpsa_free_irqs_and_disable_msix(h); } -@@ -5075,7 +5075,7 @@ static __devinit void hpsa_enter_performant_mode(struct ctlr_info *h, +@@ -5071,7 +5071,7 @@ static void hpsa_enter_performant_mode(struct ctlr_info *h, u32 use_short_tags) return; } /* Change the access methods to the performant access methods */ @@ -38388,7 +39280,7 @@ index bdb81cd..d3c7c2c 100644 .qc_issue = sas_ata_qc_issue, .qc_fill_rtf = sas_ata_qc_fill_rtf, diff --git a/drivers/scsi/lpfc/lpfc.h b/drivers/scsi/lpfc/lpfc.h -index 69b5993..1ac9dce 100644 +index df4c13a..a51e90c 100644 --- a/drivers/scsi/lpfc/lpfc.h +++ b/drivers/scsi/lpfc/lpfc.h @@ -424,7 +424,7 @@ struct lpfc_vport { @@ -38400,7 +39292,7 @@ index 69b5993..1ac9dce 100644 #endif uint8_t stat_data_enabled; uint8_t stat_data_blocked; -@@ -840,8 +840,8 @@ struct lpfc_hba { +@@ -842,8 +842,8 @@ struct lpfc_hba { struct timer_list fabric_block_timer; unsigned long bit_flags; #define FABRIC_COMANDS_BLOCKED 0 @@ -38411,7 +39303,7 @@ index 69b5993..1ac9dce 100644 unsigned long last_rsrc_error_time; unsigned long last_ramp_down_time; unsigned long last_ramp_up_time; -@@ -877,7 +877,7 @@ struct lpfc_hba { +@@ -879,7 +879,7 @@ struct lpfc_hba { struct dentry *debug_slow_ring_trc; struct lpfc_debugfs_trc *slow_ring_trc; @@ -38504,10 +39396,10 @@ index f63f5ff..de29189 100644 snprintf(name, sizeof(name), "discovery_trace"); vport->debug_disc_trc = diff --git a/drivers/scsi/lpfc/lpfc_init.c b/drivers/scsi/lpfc/lpfc_init.c -index 7dc4218..3436f08 100644 +index 89ad558..76956c4 100644 --- a/drivers/scsi/lpfc/lpfc_init.c +++ b/drivers/scsi/lpfc/lpfc_init.c -@@ -10589,8 +10589,10 @@ lpfc_init(void) +@@ -10618,8 +10618,10 @@ lpfc_init(void) "misc_register returned with status %d", error); if (lpfc_enable_npiv) { @@ -38521,7 +39413,7 @@ index 7dc4218..3436f08 100644 lpfc_transport_template = fc_attach_transport(&lpfc_transport_functions); diff --git a/drivers/scsi/lpfc/lpfc_scsi.c b/drivers/scsi/lpfc/lpfc_scsi.c -index 7f45ac9..cf62eda 100644 +index 60e5a17..ff7a793 100644 --- a/drivers/scsi/lpfc/lpfc_scsi.c +++ b/drivers/scsi/lpfc/lpfc_scsi.c @@ -305,7 +305,7 @@ lpfc_rampdown_queue_depth(struct lpfc_hba *phba) @@ -38576,7 +39468,7 @@ index 7f45ac9..cf62eda 100644 /** diff --git a/drivers/scsi/pmcraid.c b/drivers/scsi/pmcraid.c -index af763ea..41904f7 100644 +index b46f5e9..c4c4ccb 100644 --- a/drivers/scsi/pmcraid.c +++ b/drivers/scsi/pmcraid.c @@ -200,8 +200,8 @@ static int pmcraid_slave_alloc(struct scsi_device *scsi_dev) @@ -38629,7 +39521,7 @@ index af763ea..41904f7 100644 return; fw_version = be16_to_cpu(pinstance->inq_data->fw_version); -@@ -5331,8 +5331,8 @@ static int __devinit pmcraid_init_instance( +@@ -5324,8 +5324,8 @@ static int pmcraid_init_instance(struct pci_dev *pdev, struct Scsi_Host *host, init_waitqueue_head(&pinstance->reset_wait_q); atomic_set(&pinstance->outstanding_cmds, 0); @@ -38640,7 +39532,7 @@ index af763ea..41904f7 100644 INIT_LIST_HEAD(&pinstance->free_res_q); INIT_LIST_HEAD(&pinstance->used_res_q); -@@ -6047,7 +6047,7 @@ static int __devinit pmcraid_probe( +@@ -6038,7 +6038,7 @@ static int pmcraid_probe(struct pci_dev *pdev, /* Schedule worker thread to handle CCN and take care of adding and * removing devices to OS */ @@ -38705,7 +39597,7 @@ index 83d7984..a27d947 100644 .show_host_node_name = 1, .show_host_port_name = 1, diff --git a/drivers/scsi/qla2xxx/qla_gbl.h b/drivers/scsi/qla2xxx/qla_gbl.h -index 6acb397..d86e3e0 100644 +index 2411d1a..4673766 100644 --- a/drivers/scsi/qla2xxx/qla_gbl.h +++ b/drivers/scsi/qla2xxx/qla_gbl.h @@ -515,8 +515,8 @@ extern void qla2x00_get_sym_node_name(scsi_qla_host_t *, uint8_t *); @@ -38720,10 +39612,10 @@ index 6acb397..d86e3e0 100644 extern void qla2x00_free_sysfs_attr(scsi_qla_host_t *); extern void qla2x00_init_host_attr(scsi_qla_host_t *); diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c -index f4b1fc8..a1ce4dd 100644 +index 10d23f8..a7d5d4c 100644 --- a/drivers/scsi/qla2xxx/qla_os.c +++ b/drivers/scsi/qla2xxx/qla_os.c -@@ -1462,8 +1462,10 @@ qla2x00_config_dma_addressing(struct qla_hw_data *ha) +@@ -1472,8 +1472,10 @@ qla2x00_config_dma_addressing(struct qla_hw_data *ha) !pci_set_consistent_dma_mask(ha->pdev, DMA_BIT_MASK(64))) { /* Ok, a 64bit DMA mask is applicable. */ ha->flags.enable_64bit_addressing = 1; @@ -38750,7 +39642,7 @@ index 329d553..f20d31d 100644 uint32_t default_time2wait; /* Default Min time between * relogins (+aens) */ diff --git a/drivers/scsi/qla4xxx/ql4_os.c b/drivers/scsi/qla4xxx/ql4_os.c -index fbc546e..c7d1b48 100644 +index 4cec123..7c1329f 100644 --- a/drivers/scsi/qla4xxx/ql4_os.c +++ b/drivers/scsi/qla4xxx/ql4_os.c @@ -2621,12 +2621,12 @@ static void qla4xxx_check_relogin_flash_ddb(struct iscsi_cls_session *cls_sess) @@ -38791,7 +39683,7 @@ index 2c0d0ec..4e8681a 100644 /* check if the device is still usable */ if (unlikely(cmd->device->sdev_state == SDEV_DEL)) { diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c -index 9032e91..7a805d0 100644 +index f1bf5af..f67e943 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c @@ -1454,7 +1454,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q) @@ -38913,7 +39805,7 @@ index 31969f2..2b348f0 100644 err = class_register(&iscsi_transport_class); if (err) diff --git a/drivers/scsi/scsi_transport_srp.c b/drivers/scsi/scsi_transport_srp.c -index 21a045e..ec89e03 100644 +index f379c7f..e8fc69c 100644 --- a/drivers/scsi/scsi_transport_srp.c +++ b/drivers/scsi/scsi_transport_srp.c @@ -33,7 +33,7 @@ @@ -38925,7 +39817,7 @@ index 21a045e..ec89e03 100644 }; #define to_srp_host_attrs(host) ((struct srp_host_attrs *)(host)->shost_data) -@@ -62,7 +62,7 @@ static int srp_host_setup(struct transport_container *tc, struct device *dev, +@@ -61,7 +61,7 @@ static int srp_host_setup(struct transport_container *tc, struct device *dev, struct Scsi_Host *shost = dev_to_shost(dev); struct srp_host_attrs *srp_host = to_srp_host_attrs(shost); @@ -38934,7 +39826,7 @@ index 21a045e..ec89e03 100644 return 0; } -@@ -211,7 +211,7 @@ struct srp_rport *srp_rport_add(struct Scsi_Host *shost, +@@ -210,7 +210,7 @@ struct srp_rport *srp_rport_add(struct Scsi_Host *shost, memcpy(rport->port_id, ids->port_id, sizeof(rport->port_id)); rport->roles = ids->roles; @@ -38944,10 +39836,10 @@ index 21a045e..ec89e03 100644 transport_setup_device(&rport->dev); diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c -index a45e12a..d9120cb 100644 +index 7992635..609faf8 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c -@@ -2899,7 +2899,7 @@ static int sd_probe(struct device *dev) +@@ -2909,7 +2909,7 @@ static int sd_probe(struct device *dev) sdkp->disk = gd; sdkp->index = index; atomic_set(&sdkp->openers, 0); @@ -38970,10 +39862,10 @@ index be2c9a6..275525c 100644 return blk_trace_startstop(sdp->device->request_queue, 1); case BLKTRACESTOP: diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c -index 84c2861..ece0a31 100644 +index 19ee901..6e8c2ef 100644 --- a/drivers/spi/spi.c +++ b/drivers/spi/spi.c -@@ -1453,7 +1453,7 @@ int spi_bus_unlock(struct spi_master *master) +@@ -1616,7 +1616,7 @@ int spi_bus_unlock(struct spi_master *master) EXPORT_SYMBOL_GPL(spi_bus_unlock); /* portable code must never pass more than 32 bytes */ @@ -39015,7 +39907,7 @@ index 34afc16..ffe44dd 100644 dev_kfree_skb_irq(skb); } diff --git a/drivers/staging/octeon/ethernet.c b/drivers/staging/octeon/ethernet.c -index 683bedc..86dba9a 100644 +index ef32dc1..a159d68 100644 --- a/drivers/staging/octeon/ethernet.c +++ b/drivers/staging/octeon/ethernet.c @@ -252,11 +252,11 @@ static struct net_device_stats *cvm_oct_common_get_stats(struct net_device *dev) @@ -39269,7 +40161,7 @@ index dc23395..cf7e9b1 100644 struct io_req { struct list_head list; diff --git a/drivers/staging/sbe-2t3e3/netdev.c b/drivers/staging/sbe-2t3e3/netdev.c -index 180c963..1f18377 100644 +index 1f5088b..0e59820 100644 --- a/drivers/staging/sbe-2t3e3/netdev.c +++ b/drivers/staging/sbe-2t3e3/netdev.c @@ -51,7 +51,7 @@ static int t3e3_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) @@ -39282,7 +40174,7 @@ index 180c963..1f18377 100644 return 0; diff --git a/drivers/staging/usbip/vhci.h b/drivers/staging/usbip/vhci.h -index c66b8b3..a4a035b 100644 +index 5dddc4d..34fcb2f 100644 --- a/drivers/staging/usbip/vhci.h +++ b/drivers/staging/usbip/vhci.h @@ -83,7 +83,7 @@ struct vhci_hcd { @@ -39295,10 +40187,10 @@ index c66b8b3..a4a035b 100644 /* * NOTE: diff --git a/drivers/staging/usbip/vhci_hcd.c b/drivers/staging/usbip/vhci_hcd.c -index 620d1be..1cd6711 100644 +index c3aa219..bf8b3de 100644 --- a/drivers/staging/usbip/vhci_hcd.c +++ b/drivers/staging/usbip/vhci_hcd.c -@@ -471,7 +471,7 @@ static void vhci_tx_urb(struct urb *urb) +@@ -451,7 +451,7 @@ static void vhci_tx_urb(struct urb *urb) return; } @@ -39307,7 +40199,7 @@ index 620d1be..1cd6711 100644 if (priv->seqnum == 0xffff) dev_info(&urb->dev->dev, "seqnum max\n"); -@@ -723,7 +723,7 @@ static int vhci_urb_dequeue(struct usb_hcd *hcd, struct urb *urb, int status) +@@ -703,7 +703,7 @@ static int vhci_urb_dequeue(struct usb_hcd *hcd, struct urb *urb, int status) return -ENOMEM; } @@ -39316,7 +40208,7 @@ index 620d1be..1cd6711 100644 if (unlink->seqnum == 0xffff) pr_info("seqnum max\n"); -@@ -924,7 +924,7 @@ static int vhci_start(struct usb_hcd *hcd) +@@ -907,7 +907,7 @@ static int vhci_start(struct usb_hcd *hcd) vdev->rhport = rhport; } @@ -39326,7 +40218,7 @@ index 620d1be..1cd6711 100644 hcd->power_budget = 0; /* no limit */ diff --git a/drivers/staging/usbip/vhci_rx.c b/drivers/staging/usbip/vhci_rx.c -index f0eaf04..5a82e06 100644 +index ba5f1c0..11d8122 100644 --- a/drivers/staging/usbip/vhci_rx.c +++ b/drivers/staging/usbip/vhci_rx.c @@ -77,7 +77,7 @@ static void vhci_recv_ret_submit(struct vhci_device *vdev, @@ -39339,7 +40231,7 @@ index f0eaf04..5a82e06 100644 return; } diff --git a/drivers/staging/vt6655/hostap.c b/drivers/staging/vt6655/hostap.c -index 67b1b88..6392fe9 100644 +index 5f13890..36a044b 100644 --- a/drivers/staging/vt6655/hostap.c +++ b/drivers/staging/vt6655/hostap.c @@ -73,14 +73,13 @@ static int msglevel =MSG_LEVEL_INFO; @@ -39369,7 +40261,7 @@ index 67b1b88..6392fe9 100644 pDevice->apdev->type = ARPHRD_IEEE80211; diff --git a/drivers/staging/vt6656/hostap.c b/drivers/staging/vt6656/hostap.c -index 0a73d40..6fda560 100644 +index 26a7d0e..897b083 100644 --- a/drivers/staging/vt6656/hostap.c +++ b/drivers/staging/vt6656/hostap.c @@ -60,14 +60,13 @@ static int msglevel =MSG_LEVEL_INFO; @@ -39440,30 +40332,34 @@ index 0d4aa82..f7832d4 100644 extern void tmem_register_hostops(struct tmem_hostops *m); /* core tmem accessor functions */ -diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c -index 13fe16c..cbdc39a 100644 ---- a/drivers/target/target_core_transport.c -+++ b/drivers/target/target_core_transport.c -@@ -1085,7 +1085,7 @@ struct se_device *transport_add_device_to_core_hba( +diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c +index f2aa754..11337b1 100644 +--- a/drivers/target/target_core_device.c ++++ b/drivers/target/target_core_device.c +@@ -1375,7 +1375,7 @@ struct se_device *target_alloc_device(struct se_hba *hba, const char *name) spin_lock_init(&dev->se_port_lock); spin_lock_init(&dev->se_tmr_lock); spin_lock_init(&dev->qf_cmd_lock); - atomic_set(&dev->dev_ordered_id, 0); + atomic_set_unchecked(&dev->dev_ordered_id, 0); - - se_dev_set_default_attribs(dev, dev_limits); - -@@ -1275,7 +1275,7 @@ static int transport_check_alloc_task_attr(struct se_cmd *cmd) + INIT_LIST_HEAD(&dev->t10_wwn.t10_vpd_list); + spin_lock_init(&dev->t10_wwn.t10_vpd_lock); + INIT_LIST_HEAD(&dev->t10_pr.registration_list); +diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c +index bd587b7..173daf3 100644 +--- a/drivers/target/target_core_transport.c ++++ b/drivers/target/target_core_transport.c +@@ -1077,7 +1077,7 @@ transport_check_alloc_task_attr(struct se_cmd *cmd) * Used to determine when ORDERED commands should go from * Dormant to Active status. */ -- cmd->se_ordered_id = atomic_inc_return(&cmd->se_dev->dev_ordered_id); -+ cmd->se_ordered_id = atomic_inc_return_unchecked(&cmd->se_dev->dev_ordered_id); +- cmd->se_ordered_id = atomic_inc_return(&dev->dev_ordered_id); ++ cmd->se_ordered_id = atomic_inc_return_unchecked(&dev->dev_ordered_id); smp_mb__after_atomic_inc(); pr_debug("Allocated se_ordered_id: %u for Task Attr: 0x%02x on %s\n", cmd->se_ordered_id, cmd->sam_task_attr, diff --git a/drivers/tty/cyclades.c b/drivers/tty/cyclades.c -index 0a6a0bc..5501b06 100644 +index b09c8d1f..c4225c0 100644 --- a/drivers/tty/cyclades.c +++ b/drivers/tty/cyclades.c @@ -1589,10 +1589,10 @@ static int cy_open(struct tty_struct *tty, struct file *filp) @@ -39479,7 +40375,7 @@ index 0a6a0bc..5501b06 100644 #endif /* -@@ -3989,7 +3989,7 @@ static int cyclades_proc_show(struct seq_file *m, void *v) +@@ -3991,7 +3991,7 @@ static int cyclades_proc_show(struct seq_file *m, void *v) for (j = 0; j < cy_card[i].nports; j++) { info = &cy_card[i].ports[j]; @@ -39547,7 +40443,7 @@ index 13ee53b..418d164 100644 spin_lock_irqsave(&hp->lock, flags); diff --git a/drivers/tty/hvc/hvcs.c b/drivers/tty/hvc/hvcs.c -index cab5c7a..4cc66ea 100644 +index 8776357..b2d4afd 100644 --- a/drivers/tty/hvc/hvcs.c +++ b/drivers/tty/hvc/hvcs.c @@ -83,6 +83,7 @@ @@ -39644,7 +40540,7 @@ index cab5c7a..4cc66ea 100644 return HVCS_BUFF_LEN - hvcsd->chars_in_buffer; diff --git a/drivers/tty/ipwireless/tty.c b/drivers/tty/ipwireless/tty.c -index 160f0ad..588b853 100644 +index 2cde13d..645d78f 100644 --- a/drivers/tty/ipwireless/tty.c +++ b/drivers/tty/ipwireless/tty.c @@ -29,6 +29,7 @@ @@ -39761,10 +40657,10 @@ index 160f0ad..588b853 100644 ipwireless_disassociate_network_ttys(network, ttyj->channel_idx); diff --git a/drivers/tty/moxa.c b/drivers/tty/moxa.c -index 56e616b..9d9f10a 100644 +index f9d2850..b006f04 100644 --- a/drivers/tty/moxa.c +++ b/drivers/tty/moxa.c -@@ -1189,7 +1189,7 @@ static int moxa_open(struct tty_struct *tty, struct file *filp) +@@ -1193,7 +1193,7 @@ static int moxa_open(struct tty_struct *tty, struct file *filp) } ch = &brd->ports[port % MAX_PORTS_PER_BOARD]; @@ -39774,11 +40670,11 @@ index 56e616b..9d9f10a 100644 tty_port_tty_set(&ch->port, tty); mutex_lock(&ch->port.mutex); diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c -index 1e8e8ce..a9efc93 100644 +index dcc0430..040bef9 100644 --- a/drivers/tty/n_gsm.c +++ b/drivers/tty/n_gsm.c -@@ -1638,7 +1638,7 @@ static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr) - kref_init(&dlci->ref); +@@ -1636,7 +1636,7 @@ static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr) + spin_lock_init(&dlci->lock); mutex_init(&dlci->mutex); dlci->fifo = &dlci->_fifo; - if (kfifo_alloc(&dlci->_fifo, 4096, GFP_KERNEL) < 0) { @@ -39786,7 +40682,7 @@ index 1e8e8ce..a9efc93 100644 kfree(dlci); return NULL; } -@@ -2925,7 +2925,7 @@ static int gsmtty_open(struct tty_struct *tty, struct file *filp) +@@ -2924,7 +2924,7 @@ static int gsmtty_open(struct tty_struct *tty, struct file *filp) struct gsm_dlci *dlci = tty->driver_data; struct tty_port *port = &dlci->port; @@ -39796,10 +40692,10 @@ index 1e8e8ce..a9efc93 100644 dlci_get(dlci->gsm->dlci[0]); mux_get(dlci->gsm); diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c -index 8c0b7b4..e88f052 100644 +index 19083ef..6e34e97 100644 --- a/drivers/tty/n_tty.c +++ b/drivers/tty/n_tty.c -@@ -2142,6 +2142,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops) +@@ -2196,6 +2196,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops) { *ops = tty_ldisc_N_TTY; ops->owner = NULL; @@ -39809,10 +40705,10 @@ index 8c0b7b4..e88f052 100644 } EXPORT_SYMBOL_GPL(n_tty_inherit_ops); diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c -index 8cf8d0a..4ef9ed0 100644 +index 79ff3a5..1fe9399 100644 --- a/drivers/tty/pty.c +++ b/drivers/tty/pty.c -@@ -730,8 +730,10 @@ static void __init unix98_pty_init(void) +@@ -791,8 +791,10 @@ static void __init unix98_pty_init(void) panic("Couldn't register Unix98 pts driver"); /* Now create the /dev/ptmx special device */ @@ -39825,10 +40721,10 @@ index 8cf8d0a..4ef9ed0 100644 cdev_init(&ptmx_cdev, &ptmx_fops); if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) || diff --git a/drivers/tty/rocket.c b/drivers/tty/rocket.c -index 9700d34..df7520c 100644 +index e42009a..566a036 100644 --- a/drivers/tty/rocket.c +++ b/drivers/tty/rocket.c -@@ -924,7 +924,7 @@ static int rp_open(struct tty_struct *tty, struct file *filp) +@@ -925,7 +925,7 @@ static int rp_open(struct tty_struct *tty, struct file *filp) tty->driver_data = info; tty_port_tty_set(port, tty); @@ -39837,7 +40733,7 @@ index 9700d34..df7520c 100644 atomic_inc(&rp_num_ports_open); #ifdef ROCKET_DEBUG_OPEN -@@ -933,7 +933,7 @@ static int rp_open(struct tty_struct *tty, struct file *filp) +@@ -934,7 +934,7 @@ static int rp_open(struct tty_struct *tty, struct file *filp) #endif } #ifdef ROCKET_DEBUG_OPEN @@ -39846,7 +40742,7 @@ index 9700d34..df7520c 100644 #endif /* -@@ -1528,7 +1528,7 @@ static void rp_hangup(struct tty_struct *tty) +@@ -1529,7 +1529,7 @@ static void rp_hangup(struct tty_struct *tty) spin_unlock_irqrestore(&info->port.lock, flags); return; } @@ -39962,10 +40858,10 @@ index 1002054..dd644a8 100644 /* This is only available if kgdboc is a built in for early debugging */ static int __init kgdboc_early_init(char *opt) diff --git a/drivers/tty/serial/samsung.c b/drivers/tty/serial/samsung.c -index 7f04717..0f3794f 100644 +index e514b3a..c73d614 100644 --- a/drivers/tty/serial/samsung.c +++ b/drivers/tty/serial/samsung.c -@@ -445,11 +445,16 @@ static void s3c24xx_serial_shutdown(struct uart_port *port) +@@ -453,11 +453,16 @@ static void s3c24xx_serial_shutdown(struct uart_port *port) } } @@ -39982,7 +40878,7 @@ index 7f04717..0f3794f 100644 dbg("s3c24xx_serial_startup: port=%p (%08lx,%p)\n", port->mapbase, port->membase); -@@ -1115,10 +1120,6 @@ static int s3c24xx_serial_init_port(struct s3c24xx_uart_port *ourport, +@@ -1122,10 +1127,6 @@ static int s3c24xx_serial_init_port(struct s3c24xx_uart_port *ourport, /* setup info for port */ port->dev = &platdev->dev; @@ -39994,10 +40890,10 @@ index 7f04717..0f3794f 100644 if (cfg->uart_flags & UPF_CONS_FLOW) { diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c -index 0fcfd98..8244fce 100644 +index 2c7230a..2104f16 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c -@@ -1408,7 +1408,7 @@ static void uart_hangup(struct tty_struct *tty) +@@ -1455,7 +1455,7 @@ static void uart_hangup(struct tty_struct *tty) uart_flush_buffer(tty); uart_shutdown(tty, state); spin_lock_irqsave(&port->lock, flags); @@ -40006,7 +40902,7 @@ index 0fcfd98..8244fce 100644 clear_bit(ASYNCB_NORMAL_ACTIVE, &port->flags); spin_unlock_irqrestore(&port->lock, flags); tty_port_tty_set(port, NULL); -@@ -1504,7 +1504,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp) +@@ -1551,7 +1551,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp) goto end; } @@ -40015,7 +40911,7 @@ index 0fcfd98..8244fce 100644 if (!state->uart_port || state->uart_port->flags & UPF_DEAD) { retval = -ENXIO; goto err_dec_count; -@@ -1531,7 +1531,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp) +@@ -1578,7 +1578,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp) /* * Make sure the device is in D0 state. */ @@ -40024,7 +40920,7 @@ index 0fcfd98..8244fce 100644 uart_change_pm(state, 0); /* -@@ -1549,7 +1549,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp) +@@ -1596,7 +1596,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp) end: return retval; err_dec_count: @@ -40034,7 +40930,7 @@ index 0fcfd98..8244fce 100644 goto end; } diff --git a/drivers/tty/synclink.c b/drivers/tty/synclink.c -index 70e3a52..5742052 100644 +index 9e071f6..f30ae69 100644 --- a/drivers/tty/synclink.c +++ b/drivers/tty/synclink.c @@ -3095,7 +3095,7 @@ static void mgsl_close(struct tty_struct *tty, struct file * filp) @@ -40138,7 +41034,7 @@ index 70e3a52..5742052 100644 } return retval; -@@ -7661,7 +7661,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding, +@@ -7662,7 +7662,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding, unsigned short new_crctype; /* return error if TTY interface open */ @@ -40147,7 +41043,7 @@ index 70e3a52..5742052 100644 return -EBUSY; switch (encoding) -@@ -7756,7 +7756,7 @@ static int hdlcdev_open(struct net_device *dev) +@@ -7757,7 +7757,7 @@ static int hdlcdev_open(struct net_device *dev) /* arbitrate between network and tty opens */ spin_lock_irqsave(&info->netlock, flags); @@ -40156,7 +41052,7 @@ index 70e3a52..5742052 100644 printk(KERN_WARNING "%s: hdlc_open returning busy\n", dev->name); spin_unlock_irqrestore(&info->netlock, flags); return -EBUSY; -@@ -7842,7 +7842,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) +@@ -7843,7 +7843,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) printk("%s:hdlcdev_ioctl(%s)\n",__FILE__,dev->name); /* return error if TTY interface open */ @@ -40166,7 +41062,7 @@ index 70e3a52..5742052 100644 if (cmd != SIOCWANDEV) diff --git a/drivers/tty/synclink_gt.c b/drivers/tty/synclink_gt.c -index b38e954..ce45b38 100644 +index aba1e59..877ac33 100644 --- a/drivers/tty/synclink_gt.c +++ b/drivers/tty/synclink_gt.c @@ -671,7 +671,7 @@ static int open(struct tty_struct *tty, struct file *filp) @@ -40284,7 +41180,7 @@ index b38e954..ce45b38 100644 if (!retval) diff --git a/drivers/tty/synclinkmp.c b/drivers/tty/synclinkmp.c -index f17d9f3..27a041b 100644 +index fd43fb6..34704ad 100644 --- a/drivers/tty/synclinkmp.c +++ b/drivers/tty/synclinkmp.c @@ -751,7 +751,7 @@ static int open(struct tty_struct *tty, struct file *filp) @@ -40423,10 +41319,10 @@ index f17d9f3..27a041b 100644 if (!retval) port->flags |= ASYNC_NORMAL_ACTIVE; diff --git a/drivers/tty/sysrq.c b/drivers/tty/sysrq.c -index 16ee6ce..bfcac57 100644 +index b3c4a25..723916f 100644 --- a/drivers/tty/sysrq.c +++ b/drivers/tty/sysrq.c -@@ -866,7 +866,7 @@ EXPORT_SYMBOL(unregister_sysrq_key); +@@ -867,7 +867,7 @@ EXPORT_SYMBOL(unregister_sysrq_key); static ssize_t write_sysrq_trigger(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { @@ -40436,10 +41332,10 @@ index 16ee6ce..bfcac57 100644 if (get_user(c, buf)) diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c -index 2ea176b..2877bc8 100644 +index da9fde8..c07975f 100644 --- a/drivers/tty/tty_io.c +++ b/drivers/tty/tty_io.c -@@ -3395,7 +3395,7 @@ EXPORT_SYMBOL_GPL(get_current_tty); +@@ -3391,7 +3391,7 @@ EXPORT_SYMBOL_GPL(get_current_tty); void tty_default_fops(struct file_operations *fops) { @@ -40449,31 +41345,31 @@ index 2ea176b..2877bc8 100644 /* diff --git a/drivers/tty/tty_ldisc.c b/drivers/tty/tty_ldisc.c -index 0f2a2c5..471e228 100644 +index c578229..45aa9ee 100644 --- a/drivers/tty/tty_ldisc.c +++ b/drivers/tty/tty_ldisc.c @@ -56,7 +56,7 @@ static void put_ldisc(struct tty_ldisc *ld) - if (atomic_dec_and_lock(&ld->users, &tty_ldisc_lock)) { + if (atomic_dec_and_test(&ld->users)) { struct tty_ldisc_ops *ldo = ld->ops; - ldo->refcount--; + atomic_dec(&ldo->refcount); module_put(ldo->owner); - spin_unlock_irqrestore(&tty_ldisc_lock, flags); + raw_spin_unlock_irqrestore(&tty_ldisc_lock, flags); @@ -91,7 +91,7 @@ int tty_register_ldisc(int disc, struct tty_ldisc_ops *new_ldisc) - spin_lock_irqsave(&tty_ldisc_lock, flags); + raw_spin_lock_irqsave(&tty_ldisc_lock, flags); tty_ldiscs[disc] = new_ldisc; new_ldisc->num = disc; - new_ldisc->refcount = 0; + atomic_set(&new_ldisc->refcount, 0); - spin_unlock_irqrestore(&tty_ldisc_lock, flags); + raw_spin_unlock_irqrestore(&tty_ldisc_lock, flags); return ret; @@ -119,7 +119,7 @@ int tty_unregister_ldisc(int disc) return -EINVAL; - spin_lock_irqsave(&tty_ldisc_lock, flags); + raw_spin_lock_irqsave(&tty_ldisc_lock, flags); - if (tty_ldiscs[disc]->refcount) + if (atomic_read(&tty_ldiscs[disc]->refcount)) ret = -EBUSY; @@ -40491,17 +41387,17 @@ index 0f2a2c5..471e228 100644 @@ -153,7 +153,7 @@ static void put_ldops(struct tty_ldisc_ops *ldops) unsigned long flags; - spin_lock_irqsave(&tty_ldisc_lock, flags); + raw_spin_lock_irqsave(&tty_ldisc_lock, flags); - ldops->refcount--; + atomic_dec(&ldops->refcount); module_put(ldops->owner); - spin_unlock_irqrestore(&tty_ldisc_lock, flags); + raw_spin_unlock_irqrestore(&tty_ldisc_lock, flags); } diff --git a/drivers/tty/tty_port.c b/drivers/tty/tty_port.c -index d7bdd8d..feaef30 100644 +index b7ff59d..7c6105e 100644 --- a/drivers/tty/tty_port.c +++ b/drivers/tty/tty_port.c -@@ -202,7 +202,7 @@ void tty_port_hangup(struct tty_port *port) +@@ -218,7 +218,7 @@ void tty_port_hangup(struct tty_port *port) unsigned long flags; spin_lock_irqsave(&port->lock, flags); @@ -40510,7 +41406,7 @@ index d7bdd8d..feaef30 100644 port->flags &= ~ASYNC_NORMAL_ACTIVE; if (port->tty) { set_bit(TTY_IO_ERROR, &port->tty->flags); -@@ -328,7 +328,7 @@ int tty_port_block_til_ready(struct tty_port *port, +@@ -344,7 +344,7 @@ int tty_port_block_til_ready(struct tty_port *port, /* The port lock protects the port counts */ spin_lock_irqsave(&port->lock, flags); if (!tty_hung_up_p(filp)) @@ -40519,7 +41415,7 @@ index d7bdd8d..feaef30 100644 port->blocked_open++; spin_unlock_irqrestore(&port->lock, flags); -@@ -370,7 +370,7 @@ int tty_port_block_til_ready(struct tty_port *port, +@@ -386,7 +386,7 @@ int tty_port_block_til_ready(struct tty_port *port, we must not mess that up further */ spin_lock_irqsave(&port->lock, flags); if (!tty_hung_up_p(filp)) @@ -40528,7 +41424,7 @@ index d7bdd8d..feaef30 100644 port->blocked_open--; if (retval == 0) port->flags |= ASYNC_NORMAL_ACTIVE; -@@ -390,19 +390,19 @@ int tty_port_close_start(struct tty_port *port, +@@ -406,19 +406,19 @@ int tty_port_close_start(struct tty_port *port, return 0; } @@ -40555,7 +41451,7 @@ index d7bdd8d..feaef30 100644 spin_unlock_irqrestore(&port->lock, flags); if (port->ops->drop) port->ops->drop(port); -@@ -500,7 +500,7 @@ int tty_port_open(struct tty_port *port, struct tty_struct *tty, +@@ -516,7 +516,7 @@ int tty_port_open(struct tty_port *port, struct tty_struct *tty, { spin_lock_irq(&port->lock); if (!tty_hung_up_p(filp)) @@ -40817,7 +41713,7 @@ index 35f10bf..6a38a0b 100644 if (!left--) { if (instance->disconnected) diff --git a/drivers/usb/core/devices.c b/drivers/usb/core/devices.c -index f460de3..95ba1f6 100644 +index cbacea9..246cccd 100644 --- a/drivers/usb/core/devices.c +++ b/drivers/usb/core/devices.c @@ -126,7 +126,7 @@ static const char format_endpt[] = @@ -40838,7 +41734,7 @@ index f460de3..95ba1f6 100644 wake_up(&device_event.wait); } -@@ -647,7 +647,7 @@ static unsigned int usb_device_poll(struct file *file, +@@ -645,7 +645,7 @@ static unsigned int usb_device_poll(struct file *file, poll_wait(file, &device_event.wait, wait); @@ -40848,10 +41744,10 @@ index f460de3..95ba1f6 100644 file->f_version = event_count; return POLLIN | POLLRDNORM; diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c -index f034716..aed0368 100644 +index 8e64adf..9a33a3c 100644 --- a/drivers/usb/core/hcd.c +++ b/drivers/usb/core/hcd.c -@@ -1478,7 +1478,7 @@ int usb_hcd_submit_urb (struct urb *urb, gfp_t mem_flags) +@@ -1522,7 +1522,7 @@ int usb_hcd_submit_urb (struct urb *urb, gfp_t mem_flags) */ usb_get_urb(urb); atomic_inc(&urb->use_count); @@ -40860,7 +41756,7 @@ index f034716..aed0368 100644 usbmon_urb_submit(&hcd->self, urb); /* NOTE requirements on root-hub callers (usbfs and the hub -@@ -1505,7 +1505,7 @@ int usb_hcd_submit_urb (struct urb *urb, gfp_t mem_flags) +@@ -1549,7 +1549,7 @@ int usb_hcd_submit_urb (struct urb *urb, gfp_t mem_flags) urb->hcpriv = NULL; INIT_LIST_HEAD(&urb->urb_list); atomic_dec(&urb->use_count); @@ -40883,10 +41779,10 @@ index 818e4a0..0fc9589 100644 static DEVICE_ATTR(urbnum, S_IRUGO, show_urbnum, NULL); diff --git a/drivers/usb/core/usb.c b/drivers/usb/core/usb.c -index cd8fb44..17fbe0c 100644 +index f81b925..78d22ec 100644 --- a/drivers/usb/core/usb.c +++ b/drivers/usb/core/usb.c -@@ -397,7 +397,7 @@ struct usb_device *usb_alloc_dev(struct usb_device *parent, +@@ -388,7 +388,7 @@ struct usb_device *usb_alloc_dev(struct usb_device *parent, set_dev_node(&dev->dev, dev_to_node(bus->controller)); dev->state = USB_STATE_ATTACHED; dev->lpm_disable_count = 1; @@ -40896,7 +41792,7 @@ index cd8fb44..17fbe0c 100644 INIT_LIST_HEAD(&dev->ep0.urb_list); dev->ep0.desc.bLength = USB_DT_ENDPOINT_SIZE; diff --git a/drivers/usb/early/ehci-dbgp.c b/drivers/usb/early/ehci-dbgp.c -index 4bfa78a..902bfbd 100644 +index 5e29dde..eca992f 100644 --- a/drivers/usb/early/ehci-dbgp.c +++ b/drivers/usb/early/ehci-dbgp.c @@ -98,7 +98,8 @@ static inline u32 dbgp_len_update(u32 x, u32 len) @@ -40937,7 +41833,7 @@ index 4bfa78a..902bfbd 100644 return 0; } diff --git a/drivers/usb/gadget/u_serial.c b/drivers/usb/gadget/u_serial.c -index f173952..83d6ec0 100644 +index 598dcc1..032dd4f 100644 --- a/drivers/usb/gadget/u_serial.c +++ b/drivers/usb/gadget/u_serial.c @@ -735,9 +735,9 @@ static int gs_open(struct tty_struct *tty, struct file *file) @@ -40985,7 +41881,7 @@ index f173952..83d6ec0 100644 gser = port->port_usb; if (gser && gser->disconnect) -@@ -1157,7 +1157,7 @@ static int gs_closed(struct gs_port *port) +@@ -1159,7 +1159,7 @@ static int gs_closed(struct gs_port *port) int cond; spin_lock_irq(&port->port_lock); @@ -40994,7 +41890,7 @@ index f173952..83d6ec0 100644 spin_unlock_irq(&port->port_lock); return cond; } -@@ -1270,7 +1270,7 @@ int gserial_connect(struct gserial *gser, u8 port_num) +@@ -1273,7 +1273,7 @@ int gserial_connect(struct gserial *gser, u8 port_num) /* if it's already open, start I/O ... and notify the serial * protocol about open/close status (connect/disconnect). */ @@ -41003,7 +41899,7 @@ index f173952..83d6ec0 100644 pr_debug("gserial_connect: start ttyGS%d\n", port->port_num); gs_start_io(port); if (gser->connect) -@@ -1317,7 +1317,7 @@ void gserial_disconnect(struct gserial *gser) +@@ -1320,7 +1320,7 @@ void gserial_disconnect(struct gserial *gser) port->port_usb = NULL; gser->ioport = NULL; @@ -41012,7 +41908,7 @@ index f173952..83d6ec0 100644 wake_up_interruptible(&port->drain_wait); if (port->port.tty) tty_hangup(port->port.tty); -@@ -1333,7 +1333,7 @@ void gserial_disconnect(struct gserial *gser) +@@ -1336,7 +1336,7 @@ void gserial_disconnect(struct gserial *gser) /* finally, free any unused/unusable I/O buffers */ spin_lock_irqsave(&port->port_lock, flags); @@ -41087,29 +41983,16 @@ index 57c01ab..8a05959 100644 } /* -diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c -index dedaf81..b0f11ab 100644 ---- a/drivers/vhost/vhost.c -+++ b/drivers/vhost/vhost.c -@@ -634,7 +634,7 @@ static long vhost_set_memory(struct vhost_dev *d, struct vhost_memory __user *m) - return 0; - } - --static long vhost_set_vring(struct vhost_dev *d, int ioctl, void __user *argp) -+static long vhost_set_vring(struct vhost_dev *d, unsigned int ioctl, void __user *argp) - { - struct file *eventfp, *filep = NULL; - bool pollstart = false, pollstop = false; diff --git a/drivers/video/aty/aty128fb.c b/drivers/video/aty/aty128fb.c -index 0fefa84..7a9d581 100644 +index 8c55011..eed4ae1a 100644 --- a/drivers/video/aty/aty128fb.c +++ b/drivers/video/aty/aty128fb.c @@ -149,7 +149,7 @@ enum { }; /* Must match above enum */ --static char * const r128_family[] __devinitconst = { -+static const char * const r128_family[] __devinitconst = { +-static char * const r128_family[] = { ++static const char * const r128_family[] = { "AGP", "PCI", "PRO AGP", @@ -43987,7 +44870,7 @@ index 86d449e..af6a7f7 100644 return count; } diff --git a/drivers/video/uvesafb.c b/drivers/video/uvesafb.c -index 2f8f82d..191de37 100644 +index b75db01..5631c6d 100644 --- a/drivers/video/uvesafb.c +++ b/drivers/video/uvesafb.c @@ -19,6 +19,7 @@ @@ -43998,7 +44881,7 @@ index 2f8f82d..191de37 100644 #include <video/edid.h> #include <video/uvesafb.h> #ifdef CONFIG_X86 -@@ -569,10 +570,32 @@ static int __devinit uvesafb_vbe_getpmi(struct uvesafb_ktask *task, +@@ -569,10 +570,32 @@ static int uvesafb_vbe_getpmi(struct uvesafb_ktask *task, if ((task->t.regs.eax & 0xffff) != 0x4f || task->t.regs.es < 0xc000) { par->pmi_setpal = par->ypan = 0; } else { @@ -44031,7 +44914,7 @@ index 2f8f82d..191de37 100644 printk(KERN_INFO "uvesafb: protected mode interface info at " "%04x:%04x\n", (u16)task->t.regs.es, (u16)task->t.regs.edi); -@@ -818,13 +841,14 @@ static int __devinit uvesafb_vbe_init(struct fb_info *info) +@@ -817,13 +840,14 @@ static int uvesafb_vbe_init(struct fb_info *info) par->ypan = ypan; if (par->pmi_setpal || par->ypan) { @@ -44048,7 +44931,7 @@ index 2f8f82d..191de37 100644 } #else /* The protected mode interface is not available on non-x86. */ -@@ -1838,6 +1862,11 @@ out: +@@ -1836,6 +1860,11 @@ out: if (par->vbe_modes) kfree(par->vbe_modes); @@ -44060,7 +44943,7 @@ index 2f8f82d..191de37 100644 framebuffer_release(info); return err; } -@@ -1864,6 +1893,12 @@ static int uvesafb_remove(struct platform_device *dev) +@@ -1862,6 +1891,12 @@ static int uvesafb_remove(struct platform_device *dev) kfree(par->vbe_state_orig); if (par->vbe_state_saved) kfree(par->vbe_state_saved); @@ -44192,19 +45075,6 @@ index 88714ae..16c2e11 100644 static inline u32 get_pll_internal_frequency(u32 ref_freq, -diff --git a/drivers/virtio/virtio_mmio.c b/drivers/virtio/virtio_mmio.c -index 6b1b7e1..b2fa4d5 100644 ---- a/drivers/virtio/virtio_mmio.c -+++ b/drivers/virtio/virtio_mmio.c -@@ -530,7 +530,7 @@ static int vm_cmdline_set(const char *device, - - resources[0].end = memparse(device, &str) - 1; - -- processed = sscanf(str, "@%lli:%u%n:%d%n", -+ processed = sscanf(str, "@%lli:%llu%n:%d%n", - &base, &resources[1].start, &consumed, - &vm_cmdline_id, &consumed); - diff --git a/drivers/xen/xenfs/xenstored.c b/drivers/xen/xenfs/xenstored.c index fef20db..d28b1ab 100644 --- a/drivers/xen/xenfs/xenstored.c @@ -44295,10 +45165,10 @@ index 71f613c..9d01f1f 100644 kiocb->ki_cur_seg = 0; /* ki_nbytes/left now reflect bytes instead of segs */ diff --git a/fs/attr.c b/fs/attr.c -index cce7df5..eaa2731 100644 +index 1449adb..a2038c2 100644 --- a/fs/attr.c +++ b/fs/attr.c -@@ -100,6 +100,7 @@ int inode_newsize_ok(const struct inode *inode, loff_t offset) +@@ -102,6 +102,7 @@ int inode_newsize_ok(const struct inode *inode, loff_t offset) unsigned long limit; limit = rlimit(RLIMIT_FSIZE); @@ -44307,7 +45177,7 @@ index cce7df5..eaa2731 100644 goto out_sig; if (offset > inode->i_sb->s_maxbytes) diff --git a/fs/autofs4/waitq.c b/fs/autofs4/waitq.c -index dce436e..55e670d 100644 +index 03bc1d3..6205356 100644 --- a/fs/autofs4/waitq.c +++ b/fs/autofs4/waitq.c @@ -61,7 +61,7 @@ static int autofs4_write(struct autofs_sb_info *sbi, @@ -44319,7 +45189,7 @@ index dce436e..55e670d 100644 ssize_t wr = 0; sigpipe = sigismember(¤t->pending.signal, SIGPIPE); -@@ -347,6 +347,10 @@ static int validate_request(struct autofs_wait_queue **wait, +@@ -348,6 +348,10 @@ static int validate_request(struct autofs_wait_queue **wait, return 1; } @@ -44330,7 +45200,7 @@ index dce436e..55e670d 100644 int autofs4_wait(struct autofs_sb_info *sbi, struct dentry *dentry, enum autofs_notify notify) { -@@ -380,7 +384,12 @@ int autofs4_wait(struct autofs_sb_info *sbi, struct dentry *dentry, +@@ -381,7 +385,12 @@ int autofs4_wait(struct autofs_sb_info *sbi, struct dentry *dentry, /* If this is a direct mount request create a dummy name */ if (IS_ROOT(dentry) && autofs_type_trigger(sbi->type)) @@ -44357,7 +45227,7 @@ index 2b3bda8..6a2d4be 100644 kfree(link); } diff --git a/fs/binfmt_aout.c b/fs/binfmt_aout.c -index 0e7a6f8..332b1ca 100644 +index 6043567..16a9239 100644 --- a/fs/binfmt_aout.c +++ b/fs/binfmt_aout.c @@ -16,6 +16,7 @@ @@ -44390,7 +45260,7 @@ index 0e7a6f8..332b1ca 100644 if ((dump.u_ssize + 1) * PAGE_SIZE > cprm->limit) dump.u_ssize = 0; -@@ -233,6 +238,8 @@ static int load_aout_binary(struct linux_binprm * bprm, struct pt_regs * regs) +@@ -234,6 +239,8 @@ static int load_aout_binary(struct linux_binprm * bprm) rlim = rlimit(RLIMIT_DATA); if (rlim >= RLIM_INFINITY) rlim = ~0; @@ -44399,7 +45269,7 @@ index 0e7a6f8..332b1ca 100644 if (ex.a_data + ex.a_bss > rlim) return -ENOMEM; -@@ -267,6 +274,27 @@ static int load_aout_binary(struct linux_binprm * bprm, struct pt_regs * regs) +@@ -268,6 +275,27 @@ static int load_aout_binary(struct linux_binprm * bprm) install_exec_creds(bprm); @@ -44427,7 +45297,7 @@ index 0e7a6f8..332b1ca 100644 if (N_MAGIC(ex) == OMAGIC) { unsigned long text_addr, map_size; loff_t pos; -@@ -332,7 +360,7 @@ static int load_aout_binary(struct linux_binprm * bprm, struct pt_regs * regs) +@@ -333,7 +361,7 @@ static int load_aout_binary(struct linux_binprm * bprm) } error = vm_mmap(bprm->file, N_DATADDR(ex), ex.a_data, @@ -44437,7 +45307,7 @@ index 0e7a6f8..332b1ca 100644 fd_offset + ex.a_text); if (error != N_DATADDR(ex)) { diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c -index fbd9f60..0b845dd 100644 +index 0c42cdb..f4be023 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -33,6 +33,7 @@ @@ -44911,7 +45781,7 @@ index fbd9f60..0b845dd 100644 if ((current->flags & PF_RANDOMIZE) && !(current->personality & ADDR_NO_RANDOMIZE)) { random_variable = get_random_int() & STACK_RND_MASK; -@@ -564,7 +899,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -564,7 +899,7 @@ static int load_elf_binary(struct linux_binprm *bprm) unsigned long load_addr = 0, load_bias = 0; int load_addr_set = 0; char * elf_interpreter = NULL; @@ -44920,11 +45790,12 @@ index fbd9f60..0b845dd 100644 struct elf_phdr *elf_ppnt, *elf_phdata; unsigned long elf_bss, elf_brk; int retval, i; -@@ -574,11 +909,11 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -574,12 +909,12 @@ static int load_elf_binary(struct linux_binprm *bprm) unsigned long start_code, end_code, start_data, end_data; unsigned long reloc_func_desc __maybe_unused = 0; int executable_stack = EXSTACK_DEFAULT; - unsigned long def_flags = 0; + struct pt_regs *regs = current_pt_regs(); struct { struct elfhdr elf_ex; struct elfhdr interp_elf_ex; @@ -44933,7 +45804,7 @@ index fbd9f60..0b845dd 100644 loc = kmalloc(sizeof(*loc), GFP_KERNEL); if (!loc) { -@@ -714,11 +1049,81 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -715,11 +1050,81 @@ static int load_elf_binary(struct linux_binprm *bprm) goto out_free_dentry; /* OK, This is the point of no return */ @@ -45016,7 +45887,7 @@ index fbd9f60..0b845dd 100644 if (elf_read_implies_exec(loc->elf_ex, executable_stack)) current->personality |= READ_IMPLIES_EXEC; -@@ -809,6 +1214,20 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -810,6 +1215,20 @@ static int load_elf_binary(struct linux_binprm *bprm) #else load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr); #endif @@ -45037,7 +45908,7 @@ index fbd9f60..0b845dd 100644 } error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, -@@ -841,9 +1260,9 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -842,9 +1261,9 @@ static int load_elf_binary(struct linux_binprm *bprm) * allowed task size. Note that p_filesz must always be * <= p_memsz so it is only necessary to check p_memsz. */ @@ -45050,7 +45921,7 @@ index fbd9f60..0b845dd 100644 /* set_brk can never work. Avoid overflows. */ send_sig(SIGKILL, current, 0); retval = -EINVAL; -@@ -882,17 +1301,44 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -883,17 +1302,44 @@ static int load_elf_binary(struct linux_binprm *bprm) goto out_free_dentry; } if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) { @@ -45101,7 +45972,7 @@ index fbd9f60..0b845dd 100644 load_bias); if (!IS_ERR((void *)elf_entry)) { /* -@@ -1114,7 +1560,7 @@ static bool always_dump_vma(struct vm_area_struct *vma) +@@ -1115,7 +1561,7 @@ static bool always_dump_vma(struct vm_area_struct *vma) * Decide what to dump of a segment, part, all or none. */ static unsigned long vma_dump_size(struct vm_area_struct *vma, @@ -45110,7 +45981,7 @@ index fbd9f60..0b845dd 100644 { #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type)) -@@ -1151,7 +1597,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, +@@ -1152,7 +1598,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, if (vma->vm_file == NULL) return 0; @@ -45119,7 +45990,7 @@ index fbd9f60..0b845dd 100644 goto whole; /* -@@ -1373,9 +1819,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) +@@ -1374,9 +1820,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) { elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv; int i = 0; @@ -45131,7 +46002,7 @@ index fbd9f60..0b845dd 100644 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv); } -@@ -2003,14 +2449,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, +@@ -2006,14 +2452,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, } static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma, @@ -45148,7 +46019,7 @@ index fbd9f60..0b845dd 100644 return size; } -@@ -2104,7 +2550,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2107,7 +2553,7 @@ static int elf_core_dump(struct coredump_params *cprm) dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE); @@ -45157,7 +46028,7 @@ index fbd9f60..0b845dd 100644 offset += elf_core_extra_data_size(); e_shoff = offset; -@@ -2118,10 +2564,12 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2121,10 +2567,12 @@ static int elf_core_dump(struct coredump_params *cprm) offset = dataoff; size += sizeof(*elf); @@ -45170,7 +46041,7 @@ index fbd9f60..0b845dd 100644 if (size > cprm->limit || !dump_write(cprm->file, phdr4note, sizeof(*phdr4note))) goto end_coredump; -@@ -2135,7 +2583,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2138,7 +2586,7 @@ static int elf_core_dump(struct coredump_params *cprm) phdr.p_offset = offset; phdr.p_vaddr = vma->vm_start; phdr.p_paddr = 0; @@ -45179,7 +46050,7 @@ index fbd9f60..0b845dd 100644 phdr.p_memsz = vma->vm_end - vma->vm_start; offset += phdr.p_filesz; phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0; -@@ -2146,6 +2594,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2149,6 +2597,7 @@ static int elf_core_dump(struct coredump_params *cprm) phdr.p_align = ELF_EXEC_PAGESIZE; size += sizeof(phdr); @@ -45187,7 +46058,7 @@ index fbd9f60..0b845dd 100644 if (size > cprm->limit || !dump_write(cprm->file, &phdr, sizeof(phdr))) goto end_coredump; -@@ -2170,7 +2619,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2173,7 +2622,7 @@ static int elf_core_dump(struct coredump_params *cprm) unsigned long addr; unsigned long end; @@ -45196,7 +46067,7 @@ index fbd9f60..0b845dd 100644 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) { struct page *page; -@@ -2179,6 +2628,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2182,6 +2631,7 @@ static int elf_core_dump(struct coredump_params *cprm) page = get_dump_page(addr); if (page) { void *kaddr = kmap(page); @@ -45204,7 +46075,7 @@ index fbd9f60..0b845dd 100644 stop = ((size += PAGE_SIZE) > cprm->limit) || !dump_write(cprm->file, kaddr, PAGE_SIZE); -@@ -2196,6 +2646,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2199,6 +2649,7 @@ static int elf_core_dump(struct coredump_params *cprm) if (e_phnum == PN_XNUM) { size += sizeof(*shdr4extnum); @@ -45212,7 +46083,7 @@ index fbd9f60..0b845dd 100644 if (size > cprm->limit || !dump_write(cprm->file, shdr4extnum, sizeof(*shdr4extnum))) -@@ -2216,6 +2667,97 @@ out: +@@ -2219,6 +2670,97 @@ out: #endif /* CONFIG_ELF_CORE */ @@ -45311,7 +46182,7 @@ index fbd9f60..0b845dd 100644 { register_binfmt(&elf_format); diff --git a/fs/binfmt_flat.c b/fs/binfmt_flat.c -index e280352..7b2f231 100644 +index b563719..3868998 100644 --- a/fs/binfmt_flat.c +++ b/fs/binfmt_flat.c @@ -562,7 +562,9 @@ static int load_flat_file(struct linux_binprm * bprm, @@ -45378,7 +46249,7 @@ index b96fc6c..431d628 100644 __bio_for_each_segment(bvec, bio, i, 0) { char *addr = page_address(bvec->bv_page); diff --git a/fs/block_dev.c b/fs/block_dev.c -index ab3a456..7da538b 100644 +index 172f849..6efbf24 100644 --- a/fs/block_dev.c +++ b/fs/block_dev.c @@ -651,7 +651,7 @@ static bool bd_may_claim(struct block_device *bdev, struct block_device *whole, @@ -45391,10 +46262,10 @@ index ab3a456..7da538b 100644 else if (whole->bd_holder != NULL) return false; /* is a partition of a held device */ diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c -index cdfb4c4..da736d4 100644 +index eea5da7..88fead70 100644 --- a/fs/btrfs/ctree.c +++ b/fs/btrfs/ctree.c -@@ -1035,9 +1035,12 @@ static noinline int __btrfs_cow_block(struct btrfs_trans_handle *trans, +@@ -1033,9 +1033,12 @@ static noinline int __btrfs_cow_block(struct btrfs_trans_handle *trans, free_extent_buffer(buf); add_root_to_dirty_list(root); } else { @@ -45411,10 +46282,10 @@ index cdfb4c4..da736d4 100644 WARN_ON(trans->transid != btrfs_header_generation(parent)); diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c -index 95542a1..95a8727 100644 +index cc93b23..f3c42bf 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c -@@ -7243,7 +7243,7 @@ fail: +@@ -7296,7 +7296,7 @@ fail: return -ENOMEM; } @@ -45423,7 +46294,7 @@ index 95542a1..95a8727 100644 struct dentry *dentry, struct kstat *stat) { struct inode *inode = dentry->d_inode; -@@ -7257,6 +7257,14 @@ static int btrfs_getattr(struct vfsmount *mnt, +@@ -7310,6 +7310,14 @@ static int btrfs_getattr(struct vfsmount *mnt, return 0; } @@ -45439,10 +46310,10 @@ index 95542a1..95a8727 100644 * If a file is moved, it will inherit the cow and compression flags of the new * directory. diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c -index 8fcf9a5..a200000 100644 +index 338f259..b657640 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c -@@ -2965,9 +2965,12 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg) +@@ -3033,9 +3033,12 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg) for (i = 0; i < num_types; i++) { struct btrfs_space_info *tmp; @@ -45455,7 +46326,7 @@ index 8fcf9a5..a200000 100644 info = NULL; rcu_read_lock(); list_for_each_entry_rcu(tmp, &root->fs_info->space_info, -@@ -2989,10 +2992,7 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg) +@@ -3057,10 +3060,7 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg) memcpy(dest, &space, sizeof(space)); dest++; space_args.total_spaces++; @@ -45467,7 +46338,7 @@ index 8fcf9a5..a200000 100644 up_read(&info->groups_sem); } diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c -index 776f0aa..3aad281 100644 +index 300e09a..9fe4539 100644 --- a/fs/btrfs/relocation.c +++ b/fs/btrfs/relocation.c @@ -1269,7 +1269,7 @@ static int __update_reloc_root(struct btrfs_root *root, int del) @@ -45479,6 +46350,19 @@ index 776f0aa..3aad281 100644 if (!del) { spin_lock(&rc->reloc_root_tree.lock); +diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c +index d8982e9..29a85fa 100644 +--- a/fs/btrfs/super.c ++++ b/fs/btrfs/super.c +@@ -267,7 +267,7 @@ void __btrfs_abort_transaction(struct btrfs_trans_handle *trans, + function, line, errstr); + return; + } +- ACCESS_ONCE(trans->transaction->aborted) = errno; ++ ACCESS_ONCE_RW(trans->transaction->aborted) = errno; + __btrfs_std_error(root->fs_info, function, line, errno, NULL); + } + /* diff --git a/fs/cachefiles/bind.c b/fs/cachefiles/bind.c index 622f469..e8d2d55 100644 --- a/fs/cachefiles/bind.c @@ -45540,10 +46424,10 @@ index 0a1467b..6a53245 100644 cache->bstop_percent = bstop; diff --git a/fs/cachefiles/internal.h b/fs/cachefiles/internal.h -index bd6bc1b..b627b53 100644 +index 4938251..7e01445 100644 --- a/fs/cachefiles/internal.h +++ b/fs/cachefiles/internal.h -@@ -57,7 +57,7 @@ struct cachefiles_cache { +@@ -59,7 +59,7 @@ struct cachefiles_cache { wait_queue_head_t daemon_pollwq; /* poll waitqueue for daemon */ struct rb_root active_nodes; /* active nodes (can't be culled) */ rwlock_t active_lock; /* lock for active_nodes */ @@ -45552,7 +46436,7 @@ index bd6bc1b..b627b53 100644 unsigned frun_percent; /* when to stop culling (% files) */ unsigned fcull_percent; /* when to start culling (% files) */ unsigned fstop_percent; /* when to stop allocating (% files) */ -@@ -169,19 +169,19 @@ extern int cachefiles_check_in_use(struct cachefiles_cache *cache, +@@ -171,19 +171,19 @@ extern int cachefiles_check_in_use(struct cachefiles_cache *cache, * proc.c */ #ifdef CONFIG_CACHEFILES_HISTOGRAM @@ -45578,10 +46462,10 @@ index bd6bc1b..b627b53 100644 #else diff --git a/fs/cachefiles/namei.c b/fs/cachefiles/namei.c -index b0b5f7c..039bb26 100644 +index 8c01c5fc..15f982e 100644 --- a/fs/cachefiles/namei.c +++ b/fs/cachefiles/namei.c -@@ -318,7 +318,7 @@ try_again: +@@ -317,7 +317,7 @@ try_again: /* first step is to make up a grave dentry in the graveyard */ sprintf(nbuffer, "%08x%08x", (uint32_t) get_seconds(), @@ -45621,10 +46505,10 @@ index eccd339..4c1d995 100644 return 0; diff --git a/fs/cachefiles/rdwr.c b/fs/cachefiles/rdwr.c -index c994691..2a1537f 100644 +index 4809922..aab2c39 100644 --- a/fs/cachefiles/rdwr.c +++ b/fs/cachefiles/rdwr.c -@@ -945,7 +945,7 @@ int cachefiles_write_page(struct fscache_storage *op, struct page *page) +@@ -965,7 +965,7 @@ int cachefiles_write_page(struct fscache_storage *op, struct page *page) old_fs = get_fs(); set_fs(KERNEL_DS); ret = file->f_op->write( @@ -45634,7 +46518,7 @@ index c994691..2a1537f 100644 kunmap(page); if (ret != len) diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c -index e5b7731..b9c59fb 100644 +index 8c1aabe..bbf856a 100644 --- a/fs/ceph/dir.c +++ b/fs/ceph/dir.c @@ -243,7 +243,7 @@ static int ceph_readdir(struct file *filp, void *dirent, filldir_t filldir) @@ -45691,10 +46575,10 @@ index d9ea6ed..1e6c8ac 100644 server->ops->print_stats(m, tcon); } diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c -index e7931cc..76a1ab9 100644 +index de7f916..6cb22a9 100644 --- a/fs/cifs/cifsfs.c +++ b/fs/cifs/cifsfs.c -@@ -999,7 +999,7 @@ cifs_init_request_bufs(void) +@@ -997,7 +997,7 @@ cifs_init_request_bufs(void) /* cERROR(1, "CIFSMaxBufSize %d 0x%x",CIFSMaxBufSize,CIFSMaxBufSize); */ cifs_req_cachep = kmem_cache_create("cifs_request", CIFSMaxBufSize + max_hdr_size, 0, @@ -45703,7 +46587,7 @@ index e7931cc..76a1ab9 100644 if (cifs_req_cachep == NULL) return -ENOMEM; -@@ -1026,7 +1026,7 @@ cifs_init_request_bufs(void) +@@ -1024,7 +1024,7 @@ cifs_init_request_bufs(void) efficient to alloc 1 per page off the slab compared to 17K (5page) alloc of large cifs buffers even when page debugging is on */ cifs_sm_req_cachep = kmem_cache_create("cifs_small_rq", @@ -45712,7 +46596,7 @@ index e7931cc..76a1ab9 100644 NULL); if (cifs_sm_req_cachep == NULL) { mempool_destroy(cifs_req_poolp); -@@ -1111,8 +1111,8 @@ init_cifs(void) +@@ -1109,8 +1109,8 @@ init_cifs(void) atomic_set(&bufAllocCount, 0); atomic_set(&smBufAllocCount, 0); #ifdef CONFIG_CIFS_STATS2 @@ -45724,7 +46608,7 @@ index e7931cc..76a1ab9 100644 atomic_set(&midCount, 0); diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h -index f5af252..489b5f2 100644 +index e6899ce..d6b2920 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h @@ -751,35 +751,35 @@ struct cifs_tcon { @@ -45787,7 +46671,7 @@ index f5af252..489b5f2 100644 } smb2_stats; #endif /* CONFIG_CIFS_SMB2 */ } stats; -@@ -1094,7 +1094,7 @@ build_path_to_root(struct smb_vol *vol, struct cifs_sb_info *cifs_sb, +@@ -1080,7 +1080,7 @@ convert_delimiter(char *path, char delim) } #ifdef CONFIG_CIFS_STATS @@ -45796,7 +46680,7 @@ index f5af252..489b5f2 100644 static inline void cifs_stats_bytes_written(struct cifs_tcon *tcon, unsigned int bytes) -@@ -1459,8 +1459,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount; +@@ -1445,8 +1445,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount; /* Various Debug counters */ GLOBAL_EXTERN atomic_t bufAllocCount; /* current number allocated */ #ifdef CONFIG_CIFS_STATS2 @@ -45843,10 +46727,10 @@ index 3a00c0d..42d901c 100644 } diff --git a/fs/cifs/smb1ops.c b/fs/cifs/smb1ops.c -index 591bf19..690d600 100644 +index 47bc5a8..10decbe 100644 --- a/fs/cifs/smb1ops.c +++ b/fs/cifs/smb1ops.c -@@ -617,27 +617,27 @@ static void +@@ -586,27 +586,27 @@ static void cifs_clear_stats(struct cifs_tcon *tcon) { #ifdef CONFIG_CIFS_STATS @@ -45895,7 +46779,7 @@ index 591bf19..690d600 100644 #endif } -@@ -646,36 +646,36 @@ cifs_print_stats(struct seq_file *m, struct cifs_tcon *tcon) +@@ -615,36 +615,36 @@ cifs_print_stats(struct seq_file *m, struct cifs_tcon *tcon) { #ifdef CONFIG_CIFS_STATS seq_printf(m, " Oplocks breaks: %d", @@ -45952,10 +46836,10 @@ index 591bf19..690d600 100644 } diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c -index 4d9dbe0..0af4601 100644 +index c9c7aa7..065056a 100644 --- a/fs/cifs/smb2ops.c +++ b/fs/cifs/smb2ops.c -@@ -291,8 +291,8 @@ smb2_clear_stats(struct cifs_tcon *tcon) +@@ -274,8 +274,8 @@ smb2_clear_stats(struct cifs_tcon *tcon) #ifdef CONFIG_CIFS_STATS int i; for (i = 0; i < NUMBER_OF_SMB2_COMMANDS; i++) { @@ -45966,7 +46850,7 @@ index 4d9dbe0..0af4601 100644 } #endif } -@@ -301,66 +301,66 @@ static void +@@ -284,66 +284,66 @@ static void smb2_print_stats(struct seq_file *m, struct cifs_tcon *tcon) { #ifdef CONFIG_CIFS_STATS @@ -46073,6 +46957,20 @@ index 4d9dbe0..0af4601 100644 #endif } +diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c +index 41d9d07..dbb4772 100644 +--- a/fs/cifs/smb2pdu.c ++++ b/fs/cifs/smb2pdu.c +@@ -1761,8 +1761,7 @@ SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon, + default: + cERROR(1, "info level %u isn't supported", + srch_inf->info_level); +- rc = -EINVAL; +- goto qdir_exit; ++ return -EINVAL; + } + + req->FileIndex = cpu_to_le32(index); diff --git a/fs/coda/cache.c b/fs/coda/cache.c index 958ae0e..505c9d0 100644 --- a/fs/coda/cache.c @@ -46251,7 +47149,7 @@ index a81147e..20bf2b5 100644 /* diff --git a/fs/compat_ioctl.c b/fs/compat_ioctl.c -index 4c6285f..b7a2411 100644 +index e2f57a0..3c78771 100644 --- a/fs/compat_ioctl.c +++ b/fs/compat_ioctl.c @@ -623,7 +623,7 @@ static int serial_struct_ioctl(unsigned fd, unsigned cmd, @@ -46272,7 +47170,7 @@ index 4c6285f..b7a2411 100644 return -EFAULT; return ioctl_preallocate(file, p); -@@ -1617,8 +1617,8 @@ asmlinkage long compat_sys_ioctl(unsigned int fd, unsigned int cmd, +@@ -1620,8 +1620,8 @@ asmlinkage long compat_sys_ioctl(unsigned int fd, unsigned int cmd, static int __init init_sys32_ioctl_cmp(const void *p, const void *q) { unsigned int a, b; @@ -46284,7 +47182,7 @@ index 4c6285f..b7a2411 100644 return 1; if (a < b) diff --git a/fs/configfs/dir.c b/fs/configfs/dir.c -index 7414ae2..d98ad6d 100644 +index 712b10f..6b54d7b 100644 --- a/fs/configfs/dir.c +++ b/fs/configfs/dir.c @@ -1564,7 +1564,8 @@ static int configfs_readdir(struct file * filp, void * dirent, filldir_t filldir @@ -46312,7 +47210,7 @@ index 7414ae2..d98ad6d 100644 /* * We'll have a dentry and an inode for diff --git a/fs/coredump.c b/fs/coredump.c -index ce47379..68c8e43 100644 +index 1774932..5812106 100644 --- a/fs/coredump.c +++ b/fs/coredump.c @@ -52,7 +52,7 @@ struct core_name { @@ -46365,7 +47263,7 @@ index ce47379..68c8e43 100644 pipe_unlock(pipe); } -@@ -471,7 +471,8 @@ void do_coredump(siginfo_t *siginfo, struct pt_regs *regs) +@@ -471,7 +471,8 @@ void do_coredump(siginfo_t *siginfo) int ispipe; struct files_struct *displaced; bool need_nonrelative = false; @@ -46374,8 +47272,8 @@ index ce47379..68c8e43 100644 + long signr = siginfo->si_signo; struct coredump_params cprm = { .siginfo = siginfo, - .regs = regs, -@@ -484,7 +485,10 @@ void do_coredump(siginfo_t *siginfo, struct pt_regs *regs) + .regs = signal_pt_regs(), +@@ -484,7 +485,10 @@ void do_coredump(siginfo_t *siginfo) .mm_flags = mm->flags, }; @@ -46387,7 +47285,7 @@ index ce47379..68c8e43 100644 binfmt = mm->binfmt; if (!binfmt || !binfmt->core_dump) -@@ -508,7 +512,7 @@ void do_coredump(siginfo_t *siginfo, struct pt_regs *regs) +@@ -508,7 +512,7 @@ void do_coredump(siginfo_t *siginfo) need_nonrelative = true; } @@ -46396,7 +47294,7 @@ index ce47379..68c8e43 100644 if (retval < 0) goto fail_creds; -@@ -556,7 +560,7 @@ void do_coredump(siginfo_t *siginfo, struct pt_regs *regs) +@@ -556,7 +560,7 @@ void do_coredump(siginfo_t *siginfo) } cprm.limit = RLIM_INFINITY; @@ -46405,7 +47303,7 @@ index ce47379..68c8e43 100644 if (core_pipe_limit && (core_pipe_limit < dump_count)) { printk(KERN_WARNING "Pid %d(%s) over core_pipe_limit\n", task_tgid_vnr(current), current->comm); -@@ -583,6 +587,8 @@ void do_coredump(siginfo_t *siginfo, struct pt_regs *regs) +@@ -583,6 +587,8 @@ void do_coredump(siginfo_t *siginfo) } else { struct inode *inode; @@ -46433,10 +47331,10 @@ index ce47379..68c8e43 100644 EXPORT_SYMBOL(dump_write); diff --git a/fs/dcache.c b/fs/dcache.c -index 0d0adb6..f4646e9 100644 +index 19153a0..428c2f5 100644 --- a/fs/dcache.c +++ b/fs/dcache.c -@@ -3164,7 +3164,7 @@ void __init vfs_caches_init(unsigned long mempages) +@@ -3133,7 +3133,7 @@ void __init vfs_caches_init(unsigned long mempages) mempages -= reserve; names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0, @@ -46446,10 +47344,10 @@ index 0d0adb6..f4646e9 100644 dcache_init(); inode_init(); diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c -index b607d92..41fda09 100644 +index a5f12b7..4ee8a6f 100644 --- a/fs/debugfs/inode.c +++ b/fs/debugfs/inode.c -@@ -416,7 +416,11 @@ EXPORT_SYMBOL_GPL(debugfs_create_file); +@@ -415,7 +415,11 @@ EXPORT_SYMBOL_GPL(debugfs_create_file); */ struct dentry *debugfs_create_dir(const char *name, struct dentry *parent) { @@ -46519,7 +47417,7 @@ index b2a34a1..162fa69 100644 return rc; } diff --git a/fs/exec.c b/fs/exec.c -index c6e6de4..45e71ad 100644 +index 20df02c..1dff97d 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -55,6 +55,17 @@ @@ -46662,7 +47560,7 @@ index c6e6de4..45e71ad 100644 return native; } -@@ -431,11 +456,12 @@ static int count(struct user_arg_ptr argv, int max) +@@ -431,7 +456,7 @@ static int count(struct user_arg_ptr argv, int max) if (!p) break; @@ -46670,14 +47568,8 @@ index c6e6de4..45e71ad 100644 + if (IS_ERR((const char __force_kernel *)p)) return -EFAULT; -- if (i++ >= max) -+ if (i >= max) - return -E2BIG; -+ ++i; - - if (fatal_signal_pending(current)) - return -ERESTARTNOHAND; -@@ -465,7 +491,7 @@ static int copy_strings(int argc, struct user_arg_ptr argv, + if (i >= max) +@@ -466,7 +491,7 @@ static int copy_strings(int argc, struct user_arg_ptr argv, ret = -EFAULT; str = get_user_arg_ptr(argv, argc); @@ -46686,7 +47578,7 @@ index c6e6de4..45e71ad 100644 goto out; len = strnlen_user(str, MAX_ARG_STRLEN); -@@ -547,7 +573,7 @@ int copy_strings_kernel(int argc, const char *const *__argv, +@@ -548,7 +573,7 @@ int copy_strings_kernel(int argc, const char *const *__argv, int r; mm_segment_t oldfs = get_fs(); struct user_arg_ptr argv = { @@ -46695,7 +47587,7 @@ index c6e6de4..45e71ad 100644 }; set_fs(KERNEL_DS); -@@ -582,7 +608,8 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) +@@ -583,7 +608,8 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) unsigned long new_end = old_end - shift; struct mmu_gather tlb; @@ -46705,7 +47597,7 @@ index c6e6de4..45e71ad 100644 /* * ensure there are no vmas between where we want to go -@@ -591,6 +618,10 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) +@@ -592,6 +618,10 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) if (vma != find_vma(mm, new_start)) return -EFAULT; @@ -46716,7 +47608,7 @@ index c6e6de4..45e71ad 100644 /* * cover the whole range: [new_start, old_end) */ -@@ -671,10 +702,6 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -672,10 +702,6 @@ int setup_arg_pages(struct linux_binprm *bprm, stack_top = arch_align_stack(stack_top); stack_top = PAGE_ALIGN(stack_top); @@ -46727,7 +47619,7 @@ index c6e6de4..45e71ad 100644 stack_shift = vma->vm_end - stack_top; bprm->p -= stack_shift; -@@ -686,8 +713,28 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -687,8 +713,28 @@ int setup_arg_pages(struct linux_binprm *bprm, bprm->exec -= stack_shift; down_write(&mm->mmap_sem); @@ -46756,7 +47648,7 @@ index c6e6de4..45e71ad 100644 /* * Adjust stack execute permissions; explicitly enable for * EXSTACK_ENABLE_X, disable for EXSTACK_DISABLE_X and leave alone -@@ -706,13 +753,6 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -707,13 +753,6 @@ int setup_arg_pages(struct linux_binprm *bprm, goto out_unlock; BUG_ON(prev != vma); @@ -46770,7 +47662,7 @@ index c6e6de4..45e71ad 100644 /* mprotect_fixup is overkill to remove the temporary stack flags */ vma->vm_flags &= ~VM_STACK_INCOMPLETE_SETUP; -@@ -736,6 +776,27 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -737,6 +776,27 @@ int setup_arg_pages(struct linux_binprm *bprm, #endif current->mm->start_stack = bprm->p; ret = expand_stack(vma, stack_base); @@ -46798,7 +47690,7 @@ index c6e6de4..45e71ad 100644 if (ret) ret = -EFAULT; -@@ -771,6 +832,8 @@ struct file *open_exec(const char *name) +@@ -772,6 +832,8 @@ struct file *open_exec(const char *name) fsnotify_open(file); @@ -46807,7 +47699,7 @@ index c6e6de4..45e71ad 100644 err = deny_write_access(file); if (err) goto exit; -@@ -794,7 +857,7 @@ int kernel_read(struct file *file, loff_t offset, +@@ -795,7 +857,7 @@ int kernel_read(struct file *file, loff_t offset, old_fs = get_fs(); set_fs(get_ds()); /* The cast to a user pointer is valid due to the set_fs() */ @@ -46816,7 +47708,7 @@ index c6e6de4..45e71ad 100644 set_fs(old_fs); return result; } -@@ -1246,7 +1309,7 @@ static int check_unsafe_exec(struct linux_binprm *bprm) +@@ -1247,7 +1309,7 @@ static int check_unsafe_exec(struct linux_binprm *bprm) } rcu_read_unlock(); @@ -46825,7 +47717,7 @@ index c6e6de4..45e71ad 100644 bprm->unsafe |= LSM_UNSAFE_SHARE; } else { res = -EAGAIN; -@@ -1449,6 +1512,28 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs) +@@ -1447,6 +1509,28 @@ int search_binary_handler(struct linux_binprm *bprm) EXPORT_SYMBOL(search_binary_handler); @@ -46854,9 +47746,9 @@ index c6e6de4..45e71ad 100644 /* * sys_execve() executes a new program. */ -@@ -1457,6 +1542,11 @@ static int do_execve_common(const char *filename, - struct user_arg_ptr envp, - struct pt_regs *regs) +@@ -1454,6 +1538,11 @@ static int do_execve_common(const char *filename, + struct user_arg_ptr argv, + struct user_arg_ptr envp) { +#ifdef CONFIG_GRKERNSEC + struct file *old_exec_file; @@ -46866,7 +47758,7 @@ index c6e6de4..45e71ad 100644 struct linux_binprm *bprm; struct file *file; struct files_struct *displaced; -@@ -1464,6 +1554,8 @@ static int do_execve_common(const char *filename, +@@ -1461,6 +1550,8 @@ static int do_execve_common(const char *filename, int retval; const struct cred *cred = current_cred(); @@ -46875,7 +47767,7 @@ index c6e6de4..45e71ad 100644 /* * We move the actual failure in case of RLIMIT_NPROC excess from * set*uid() to execve() because too many poorly written programs -@@ -1504,12 +1596,27 @@ static int do_execve_common(const char *filename, +@@ -1501,12 +1592,27 @@ static int do_execve_common(const char *filename, if (IS_ERR(file)) goto out_unmark; @@ -46903,7 +47795,7 @@ index c6e6de4..45e71ad 100644 retval = bprm_mm_init(bprm); if (retval) goto out_file; -@@ -1526,24 +1633,65 @@ static int do_execve_common(const char *filename, +@@ -1523,24 +1629,65 @@ static int do_execve_common(const char *filename, if (retval < 0) goto out; @@ -46916,8 +47808,8 @@ index c6e6de4..45e71ad 100644 +#endif +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP + /* limit suid stack to 8MB -+ we saved the old limits above and will restore them if this exec fails -+ */ ++ * we saved the old limits above and will restore them if this exec fails ++ */ + if (((bprm->cred->euid != current_euid()) || (bprm->cred->egid != current_egid())) && + (old_rlim[RLIMIT_STACK].rlim_cur > (8 * 1024 * 1024))) + current->signal->rlim[RLIMIT_STACK].rlim_cur = 8 * 1024 * 1024; @@ -46958,7 +47850,7 @@ index c6e6de4..45e71ad 100644 + + gr_handle_exec_args(bprm, argv); - retval = search_binary_handler(bprm,regs); + retval = search_binary_handler(bprm); if (retval < 0) - goto out; + goto out_fail; @@ -46973,7 +47865,7 @@ index c6e6de4..45e71ad 100644 current->fs->in_exec = 0; current->in_execve = 0; acct_update_integrals(current); -@@ -1552,6 +1700,14 @@ static int do_execve_common(const char *filename, +@@ -1549,6 +1696,14 @@ static int do_execve_common(const char *filename, put_files_struct(displaced); return retval; @@ -46988,8 +47880,8 @@ index c6e6de4..45e71ad 100644 out: if (bprm->mm) { acct_arg_size(bprm, 0); -@@ -1727,3 +1883,253 @@ int kernel_execve(const char *filename, - ret_from_kernel_execve(p); +@@ -1697,3 +1852,253 @@ asmlinkage long compat_sys_execve(const char __user * filename, + return error; } #endif + @@ -47001,7 +47893,7 @@ index c6e6de4..45e71ad 100644 + if (*flags & MF_PAX_SEGMEXEC) + { + *flags &= ~MF_PAX_SEGMEXEC; -+ retval = -EINVAL; ++ retval = -EINVAL; + } +#endif + @@ -47026,7 +47918,7 @@ index c6e6de4..45e71ad 100644 + ) + { + *flags &= ~MF_PAX_MPROTECT; -+ retval = -EINVAL; ++ retval = -EINVAL; + } + + if ((*flags & MF_PAX_EMUTRAMP) @@ -47118,7 +48010,7 @@ index c6e6de4..45e71ad 100644 + info.si_code = SI_KERNEL; + info.si_pid = 0; + info.si_uid = 0; -+ do_coredump(&info, regs); ++ do_coredump(&info); +} +#endif + @@ -47292,10 +48184,10 @@ index cf18217..8f6b9c3 100644 if (free_clusters >= (nclusters + dirty_clusters)) return 1; diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h -index 3c20de1..6ff2460 100644 +index 8462eb3..4a71af6 100644 --- a/fs/ext4/ext4.h +++ b/fs/ext4/ext4.h -@@ -1247,19 +1247,19 @@ struct ext4_sb_info { +@@ -1265,19 +1265,19 @@ struct ext4_sb_info { unsigned long s_mb_last_start; /* stats for buddy allocator */ @@ -47326,7 +48218,7 @@ index 3c20de1..6ff2460 100644 /* locality groups */ diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c -index 526e553..3f2de85 100644 +index 1bf6fe7..1a5bdef 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -1747,7 +1747,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac, @@ -47383,7 +48275,7 @@ index 526e553..3f2de85 100644 } free_percpu(sbi->s_locality_groups); -@@ -3052,16 +3052,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac) +@@ -3060,16 +3060,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac) struct ext4_sb_info *sbi = EXT4_SB(ac->ac_sb); if (sbi->s_mb_stats && ac->ac_g_ex.fe_len > 1) { @@ -47406,7 +48298,7 @@ index 526e553..3f2de85 100644 } if (ac->ac_op == EXT4_MB_HISTORY_ALLOC) -@@ -3461,7 +3461,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac) +@@ -3469,7 +3469,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac) trace_ext4_mb_new_inode_pa(ac, pa); ext4_mb_use_inode_pa(ac, pa); @@ -47415,7 +48307,7 @@ index 526e553..3f2de85 100644 ei = EXT4_I(ac->ac_inode); grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group); -@@ -3521,7 +3521,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac) +@@ -3529,7 +3529,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac) trace_ext4_mb_new_group_pa(ac, pa); ext4_mb_use_group_pa(ac, pa); @@ -47424,7 +48316,7 @@ index 526e553..3f2de85 100644 grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group); lg = ac->ac_lg; -@@ -3610,7 +3610,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh, +@@ -3618,7 +3618,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh, * from the bitmap and continue. */ } @@ -47433,7 +48325,7 @@ index 526e553..3f2de85 100644 return err; } -@@ -3628,7 +3628,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b, +@@ -3636,7 +3636,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b, ext4_get_group_no_and_offset(sb, pa->pa_pstart, &group, &bit); BUG_ON(group != e4b->bd_group && pa->pa_len != 0); mb_free_blocks(pa->pa_inode, e4b, bit, pa->pa_len); @@ -47442,18 +48334,6 @@ index 526e553..3f2de85 100644 trace_ext4_mballoc_discard(sb, NULL, group, bit, pa->pa_len); return 0; -diff --git a/fs/ext4/super.c b/fs/ext4/super.c -index d59b351..775f8c8 100644 ---- a/fs/ext4/super.c -+++ b/fs/ext4/super.c -@@ -3212,7 +3212,6 @@ int ext4_calculate_overhead(struct super_block *sb) - ext4_fsblk_t overhead = 0; - char *buf = (char *) get_zeroed_page(GFP_KERNEL); - -- memset(buf, 0, PAGE_SIZE); - if (!buf) - return -ENOMEM; - diff --git a/fs/fcntl.c b/fs/fcntl.c index 71a600a..20d87b1 100644 --- a/fs/fcntl.c @@ -47471,7 +48351,7 @@ index 71a600a..20d87b1 100644 return 0; } diff --git a/fs/fhandle.c b/fs/fhandle.c -index f775bfd..629bd4c 100644 +index 999ff5c..41f4109 100644 --- a/fs/fhandle.c +++ b/fs/fhandle.c @@ -67,8 +67,7 @@ static long do_sys_name_to_handle(struct path *path, @@ -47559,7 +48439,7 @@ index cf6f434..3d7942c 100644 err_nocleanup: diff --git a/fs/file.c b/fs/file.c -index eff2316..8c8930c 100644 +index 2b3570b..c57924b 100644 --- a/fs/file.c +++ b/fs/file.c @@ -16,6 +16,7 @@ @@ -47570,7 +48450,7 @@ index eff2316..8c8930c 100644 #include <linux/fdtable.h> #include <linux/bitops.h> #include <linux/interrupt.h> -@@ -898,6 +899,7 @@ int replace_fd(unsigned fd, struct file *file, unsigned flags) +@@ -892,6 +893,7 @@ int replace_fd(unsigned fd, struct file *file, unsigned flags) if (!file) return __close_fd(files, fd); @@ -47578,7 +48458,7 @@ index eff2316..8c8930c 100644 if (fd >= rlimit(RLIMIT_NOFILE)) return -EBADF; -@@ -924,6 +926,7 @@ SYSCALL_DEFINE3(dup3, unsigned int, oldfd, unsigned int, newfd, int, flags) +@@ -918,6 +920,7 @@ SYSCALL_DEFINE3(dup3, unsigned int, oldfd, unsigned int, newfd, int, flags) if (unlikely(oldfd == newfd)) return -EINVAL; @@ -47586,7 +48466,7 @@ index eff2316..8c8930c 100644 if (newfd >= rlimit(RLIMIT_NOFILE)) return -EBADF; -@@ -979,6 +982,7 @@ SYSCALL_DEFINE1(dup, unsigned int, fildes) +@@ -973,6 +976,7 @@ SYSCALL_DEFINE1(dup, unsigned int, fildes) int f_dupfd(unsigned int from, struct file *file, unsigned flags) { int err; @@ -47612,7 +48492,7 @@ index da165f6..3671bdb 100644 if (dot && fs && !(fs->fs_flags & FS_HAS_SUBTYPE)) { diff --git a/fs/fs_struct.c b/fs/fs_struct.c -index 5df4775..9d9336f 100644 +index fe6ca58..65318cf 100644 --- a/fs/fs_struct.c +++ b/fs/fs_struct.c @@ -4,6 +4,7 @@ @@ -47718,24 +48598,8 @@ index 5df4775..9d9336f 100644 .lock = __SPIN_LOCK_UNLOCKED(init_fs.lock), .seq = SEQCNT_ZERO, .umask = 0022, -@@ -175,12 +197,13 @@ void daemonize_fs_struct(void) - task_lock(current); - - spin_lock(&init_fs.lock); -- init_fs.users++; -+ atomic_inc(&init_fs.users); - spin_unlock(&init_fs.lock); - - spin_lock(&fs->lock); - current->fs = &init_fs; -- kill = !--fs->users; -+ gr_set_chroot_entries(current, ¤t->fs->root); -+ kill = !atomic_dec_return(&fs->users); - spin_unlock(&fs->lock); - - task_unlock(current); diff --git a/fs/fscache/cookie.c b/fs/fscache/cookie.c -index 9905350..02eaec4 100644 +index 8dcb114..b1072e2 100644 --- a/fs/fscache/cookie.c +++ b/fs/fscache/cookie.c @@ -68,11 +68,11 @@ struct fscache_cookie *__fscache_acquire_cookie( @@ -47818,7 +48682,16 @@ index 9905350..02eaec4 100644 object->debug_id = atomic_inc_return(&fscache_object_debug_id); -@@ -377,10 +377,10 @@ void __fscache_update_cookie(struct fscache_cookie *cookie) +@@ -378,7 +378,7 @@ void __fscache_invalidate(struct fscache_cookie *cookie) + + _enter("{%s}", cookie->def->name); + +- fscache_stat(&fscache_n_invalidates); ++ fscache_stat_unchecked(&fscache_n_invalidates); + + /* Only permit invalidation of data files. Invalidating an index will + * require the caller to release all its attachments to the tree rooted +@@ -437,10 +437,10 @@ void __fscache_update_cookie(struct fscache_cookie *cookie) struct fscache_object *object; struct hlist_node *_p; @@ -47831,7 +48704,7 @@ index 9905350..02eaec4 100644 _leave(" [no cookie]"); return; } -@@ -414,12 +414,12 @@ void __fscache_relinquish_cookie(struct fscache_cookie *cookie, int retire) +@@ -474,12 +474,12 @@ void __fscache_relinquish_cookie(struct fscache_cookie *cookie, int retire) struct fscache_object *object; unsigned long event; @@ -47847,7 +48720,7 @@ index 9905350..02eaec4 100644 _leave(" [no cookie]"); return; } -@@ -435,7 +435,7 @@ void __fscache_relinquish_cookie(struct fscache_cookie *cookie, int retire) +@@ -495,7 +495,7 @@ void __fscache_relinquish_cookie(struct fscache_cookie *cookie, int retire) /* wait for the cookie to finish being instantiated (or to fail) */ if (test_bit(FSCACHE_COOKIE_CREATING, &cookie->flags)) { @@ -47857,12 +48730,17 @@ index 9905350..02eaec4 100644 fscache_wait_bit, TASK_UNINTERRUPTIBLE); } diff --git a/fs/fscache/internal.h b/fs/fscache/internal.h -index f6aad48..88dcf26 100644 +index ee38fef..0a326d4 100644 --- a/fs/fscache/internal.h +++ b/fs/fscache/internal.h -@@ -144,94 +144,94 @@ extern void fscache_proc_cleanup(void); - extern atomic_t fscache_n_ops_processed[FSCACHE_MAX_THREADS]; - extern atomic_t fscache_n_objs_processed[FSCACHE_MAX_THREADS]; +@@ -148,101 +148,101 @@ extern void fscache_proc_cleanup(void); + * stats.c + */ + #ifdef CONFIG_FSCACHE_STATS +-extern atomic_t fscache_n_ops_processed[FSCACHE_MAX_THREADS]; +-extern atomic_t fscache_n_objs_processed[FSCACHE_MAX_THREADS]; ++extern atomic_unchecked_t fscache_n_ops_processed[FSCACHE_MAX_THREADS]; ++extern atomic_unchecked_t fscache_n_objs_processed[FSCACHE_MAX_THREADS]; -extern atomic_t fscache_n_op_pend; -extern atomic_t fscache_n_op_run; @@ -47955,10 +48833,12 @@ index f6aad48..88dcf26 100644 -extern atomic_t fscache_n_store_vmscan_gone; -extern atomic_t fscache_n_store_vmscan_busy; -extern atomic_t fscache_n_store_vmscan_cancelled; +-extern atomic_t fscache_n_store_vmscan_wait; +extern atomic_unchecked_t fscache_n_store_vmscan_not_storing; +extern atomic_unchecked_t fscache_n_store_vmscan_gone; +extern atomic_unchecked_t fscache_n_store_vmscan_busy; +extern atomic_unchecked_t fscache_n_store_vmscan_cancelled; ++extern atomic_unchecked_t fscache_n_store_vmscan_wait; -extern atomic_t fscache_n_marks; -extern atomic_t fscache_n_uncaches; @@ -47978,6 +48858,11 @@ index f6aad48..88dcf26 100644 +extern atomic_unchecked_t fscache_n_acquires_nobufs; +extern atomic_unchecked_t fscache_n_acquires_oom; +-extern atomic_t fscache_n_invalidates; +-extern atomic_t fscache_n_invalidates_run; ++extern atomic_unchecked_t fscache_n_invalidates; ++extern atomic_unchecked_t fscache_n_invalidates_run; + -extern atomic_t fscache_n_updates; -extern atomic_t fscache_n_updates_null; -extern atomic_t fscache_n_updates_run; @@ -48031,7 +48916,7 @@ index f6aad48..88dcf26 100644 extern atomic_t fscache_n_cop_alloc_object; extern atomic_t fscache_n_cop_lookup_object; -@@ -255,6 +255,11 @@ static inline void fscache_stat(atomic_t *stat) +@@ -267,6 +267,11 @@ static inline void fscache_stat(atomic_t *stat) atomic_inc(stat); } @@ -48043,7 +48928,7 @@ index f6aad48..88dcf26 100644 static inline void fscache_stat_d(atomic_t *stat) { atomic_dec(stat); -@@ -267,6 +272,7 @@ extern const struct file_operations fscache_stats_fops; +@@ -279,6 +284,7 @@ extern const struct file_operations fscache_stats_fops; #define __fscache_stat(stat) (NULL) #define fscache_stat(stat) do {} while (0) @@ -48052,10 +48937,19 @@ index f6aad48..88dcf26 100644 #endif diff --git a/fs/fscache/object.c b/fs/fscache/object.c -index b6b897c..0ffff9c 100644 +index 50d41c1..10ee117 100644 --- a/fs/fscache/object.c +++ b/fs/fscache/object.c -@@ -128,7 +128,7 @@ static void fscache_object_state_machine(struct fscache_object *object) +@@ -143,7 +143,7 @@ static void fscache_object_state_machine(struct fscache_object *object) + /* Invalidate an object on disk */ + case FSCACHE_OBJECT_INVALIDATING: + clear_bit(FSCACHE_OBJECT_EV_INVALIDATE, &object->events); +- fscache_stat(&fscache_n_invalidates_run); ++ fscache_stat_unchecked(&fscache_n_invalidates_run); + fscache_stat(&fscache_n_cop_invalidate_object); + fscache_invalidate_object(object); + fscache_stat_d(&fscache_n_cop_invalidate_object); +@@ -153,7 +153,7 @@ static void fscache_object_state_machine(struct fscache_object *object) /* update the object metadata on disk */ case FSCACHE_OBJECT_UPDATING: clear_bit(FSCACHE_OBJECT_EV_UPDATE, &object->events); @@ -48064,7 +48958,7 @@ index b6b897c..0ffff9c 100644 fscache_stat(&fscache_n_cop_update_object); object->cache->ops->update_object(object); fscache_stat_d(&fscache_n_cop_update_object); -@@ -217,7 +217,7 @@ static void fscache_object_state_machine(struct fscache_object *object) +@@ -242,7 +242,7 @@ static void fscache_object_state_machine(struct fscache_object *object) spin_lock(&object->lock); object->state = FSCACHE_OBJECT_DEAD; spin_unlock(&object->lock); @@ -48073,7 +48967,7 @@ index b6b897c..0ffff9c 100644 goto terminal_transit; /* handle the parent cache of this object being withdrawn from -@@ -232,7 +232,7 @@ static void fscache_object_state_machine(struct fscache_object *object) +@@ -257,7 +257,7 @@ static void fscache_object_state_machine(struct fscache_object *object) spin_lock(&object->lock); object->state = FSCACHE_OBJECT_DEAD; spin_unlock(&object->lock); @@ -48082,7 +48976,7 @@ index b6b897c..0ffff9c 100644 goto terminal_transit; /* complain about the object being woken up once it is -@@ -461,7 +461,7 @@ static void fscache_lookup_object(struct fscache_object *object) +@@ -495,7 +495,7 @@ static void fscache_lookup_object(struct fscache_object *object) parent->cookie->def->name, cookie->def->name, object->cache->tag->name); @@ -48091,7 +48985,7 @@ index b6b897c..0ffff9c 100644 fscache_stat(&fscache_n_cop_lookup_object); ret = object->cache->ops->lookup_object(object); fscache_stat_d(&fscache_n_cop_lookup_object); -@@ -472,7 +472,7 @@ static void fscache_lookup_object(struct fscache_object *object) +@@ -506,7 +506,7 @@ static void fscache_lookup_object(struct fscache_object *object) if (ret == -ETIMEDOUT) { /* probably stuck behind another object, so move this one to * the back of the queue */ @@ -48100,7 +48994,7 @@ index b6b897c..0ffff9c 100644 set_bit(FSCACHE_OBJECT_EV_REQUEUE, &object->events); } -@@ -495,7 +495,7 @@ void fscache_object_lookup_negative(struct fscache_object *object) +@@ -529,7 +529,7 @@ void fscache_object_lookup_negative(struct fscache_object *object) spin_lock(&object->lock); if (object->state == FSCACHE_OBJECT_LOOKING_UP) { @@ -48109,7 +49003,7 @@ index b6b897c..0ffff9c 100644 /* transit here to allow write requests to begin stacking up * and read requests to begin returning ENODATA */ -@@ -541,7 +541,7 @@ void fscache_obtained_object(struct fscache_object *object) +@@ -575,7 +575,7 @@ void fscache_obtained_object(struct fscache_object *object) * result, in which case there may be data available */ spin_lock(&object->lock); if (object->state == FSCACHE_OBJECT_LOOKING_UP) { @@ -48118,7 +49012,7 @@ index b6b897c..0ffff9c 100644 clear_bit(FSCACHE_COOKIE_NO_DATA_YET, &cookie->flags); -@@ -555,7 +555,7 @@ void fscache_obtained_object(struct fscache_object *object) +@@ -589,7 +589,7 @@ void fscache_obtained_object(struct fscache_object *object) set_bit(FSCACHE_OBJECT_EV_REQUEUE, &object->events); } else { ASSERTCMP(object->state, ==, FSCACHE_OBJECT_CREATING); @@ -48127,7 +49021,7 @@ index b6b897c..0ffff9c 100644 object->state = FSCACHE_OBJECT_AVAILABLE; spin_unlock(&object->lock); -@@ -602,7 +602,7 @@ static void fscache_object_available(struct fscache_object *object) +@@ -634,7 +634,7 @@ static void fscache_object_available(struct fscache_object *object) fscache_enqueue_dependents(object); fscache_hist(fscache_obj_instantiate_histogram, object->lookup_jif); @@ -48136,7 +49030,7 @@ index b6b897c..0ffff9c 100644 _leave(""); } -@@ -861,7 +861,7 @@ enum fscache_checkaux fscache_check_aux(struct fscache_object *object, +@@ -894,7 +894,7 @@ enum fscache_checkaux fscache_check_aux(struct fscache_object *object, enum fscache_checkaux result; if (!object->cookie->def->check_aux) { @@ -48145,7 +49039,7 @@ index b6b897c..0ffff9c 100644 return FSCACHE_CHECKAUX_OKAY; } -@@ -870,17 +870,17 @@ enum fscache_checkaux fscache_check_aux(struct fscache_object *object, +@@ -903,17 +903,17 @@ enum fscache_checkaux fscache_check_aux(struct fscache_object *object, switch (result) { /* entry okay as is */ case FSCACHE_CHECKAUX_OKAY: @@ -48167,7 +49061,7 @@ index b6b897c..0ffff9c 100644 default: diff --git a/fs/fscache/operation.c b/fs/fscache/operation.c -index 30afdfa..2256596 100644 +index 762a9ec..2023284 100644 --- a/fs/fscache/operation.c +++ b/fs/fscache/operation.c @@ -17,7 +17,7 @@ @@ -48179,16 +49073,16 @@ index 30afdfa..2256596 100644 EXPORT_SYMBOL(fscache_op_debug_id); /** -@@ -38,7 +38,7 @@ void fscache_enqueue_operation(struct fscache_operation *op) - ASSERTCMP(op->object->state, >=, FSCACHE_OBJECT_AVAILABLE); +@@ -39,7 +39,7 @@ void fscache_enqueue_operation(struct fscache_operation *op) ASSERTCMP(atomic_read(&op->usage), >, 0); + ASSERTCMP(op->state, ==, FSCACHE_OP_ST_IN_PROGRESS); - fscache_stat(&fscache_n_op_enqueue); + fscache_stat_unchecked(&fscache_n_op_enqueue); switch (op->flags & FSCACHE_OP_TYPE) { case FSCACHE_OP_ASYNC: _debug("queue async"); -@@ -69,7 +69,7 @@ static void fscache_run_op(struct fscache_object *object, +@@ -73,7 +73,7 @@ static void fscache_run_op(struct fscache_object *object, wake_up_bit(&op->flags, FSCACHE_OP_WAITING); if (op->processor) fscache_enqueue_operation(op); @@ -48197,8 +49091,8 @@ index 30afdfa..2256596 100644 } /* -@@ -98,11 +98,11 @@ int fscache_submit_exclusive_op(struct fscache_object *object, - if (object->n_ops > 1) { +@@ -105,11 +105,11 @@ int fscache_submit_exclusive_op(struct fscache_object *object, + if (object->n_in_progress > 0) { atomic_inc(&op->usage); list_add_tail(&op->pend_link, &object->pending_ops); - fscache_stat(&fscache_n_op_pend); @@ -48211,7 +49105,7 @@ index 30afdfa..2256596 100644 fscache_start_operations(object); } else { ASSERTCMP(object->n_in_progress, ==, 0); -@@ -118,7 +118,7 @@ int fscache_submit_exclusive_op(struct fscache_object *object, +@@ -125,7 +125,7 @@ int fscache_submit_exclusive_op(struct fscache_object *object, object->n_exclusive++; /* reads and writes must wait */ atomic_inc(&op->usage); list_add_tail(&op->pend_link, &object->pending_ops); @@ -48219,8 +49113,8 @@ index 30afdfa..2256596 100644 + fscache_stat_unchecked(&fscache_n_op_pend); ret = 0; } else { - /* not allowed to submit ops in any other state */ -@@ -203,11 +203,11 @@ int fscache_submit_op(struct fscache_object *object, + /* If we're in any other state, there must have been an I/O +@@ -215,11 +215,11 @@ int fscache_submit_op(struct fscache_object *object, if (object->n_exclusive > 0) { atomic_inc(&op->usage); list_add_tail(&op->pend_link, &object->pending_ops); @@ -48234,7 +49128,7 @@ index 30afdfa..2256596 100644 fscache_start_operations(object); } else { ASSERTCMP(object->n_exclusive, ==, 0); -@@ -219,12 +219,12 @@ int fscache_submit_op(struct fscache_object *object, +@@ -231,12 +231,12 @@ int fscache_submit_op(struct fscache_object *object, object->n_ops++; atomic_inc(&op->usage); list_add_tail(&op->pend_link, &object->pending_ops); @@ -48246,28 +49140,37 @@ index 30afdfa..2256596 100644 object->state == FSCACHE_OBJECT_WITHDRAWING) { - fscache_stat(&fscache_n_op_rejected); + fscache_stat_unchecked(&fscache_n_op_rejected); + op->state = FSCACHE_OP_ST_CANCELLED; ret = -ENOBUFS; } else if (!test_bit(FSCACHE_IOERROR, &object->cache->flags)) { - fscache_report_unexpected_submission(object, op, ostate); -@@ -294,7 +294,7 @@ int fscache_cancel_op(struct fscache_operation *op) - +@@ -315,7 +315,7 @@ int fscache_cancel_op(struct fscache_operation *op, ret = -EBUSY; - if (!list_empty(&op->pend_link)) { + if (op->state == FSCACHE_OP_ST_PENDING) { + ASSERT(!list_empty(&op->pend_link)); +- fscache_stat(&fscache_n_op_cancelled); ++ fscache_stat_unchecked(&fscache_n_op_cancelled); + list_del_init(&op->pend_link); + if (do_cancel) + do_cancel(op); +@@ -347,7 +347,7 @@ void fscache_cancel_all_ops(struct fscache_object *object) + while (!list_empty(&object->pending_ops)) { + op = list_entry(object->pending_ops.next, + struct fscache_operation, pend_link); - fscache_stat(&fscache_n_op_cancelled); + fscache_stat_unchecked(&fscache_n_op_cancelled); list_del_init(&op->pend_link); - object->n_ops--; - if (test_bit(FSCACHE_OP_EXCLUSIVE, &op->flags)) -@@ -331,7 +331,7 @@ void fscache_put_operation(struct fscache_operation *op) - if (test_and_set_bit(FSCACHE_OP_DEAD, &op->flags)) - BUG(); + + ASSERTCMP(op->state, ==, FSCACHE_OP_ST_PENDING); +@@ -419,7 +419,7 @@ void fscache_put_operation(struct fscache_operation *op) + op->state, ==, FSCACHE_OP_ST_CANCELLED); + op->state = FSCACHE_OP_ST_DEAD; - fscache_stat(&fscache_n_op_release); + fscache_stat_unchecked(&fscache_n_op_release); if (op->release) { op->release(op); -@@ -348,7 +348,7 @@ void fscache_put_operation(struct fscache_operation *op) +@@ -442,7 +442,7 @@ void fscache_put_operation(struct fscache_operation *op) * lock, and defer it otherwise */ if (!spin_trylock(&object->lock)) { _debug("defer put"); @@ -48276,7 +49179,7 @@ index 30afdfa..2256596 100644 cache = object->cache; spin_lock(&cache->op_gc_list_lock); -@@ -410,7 +410,7 @@ void fscache_operation_gc(struct work_struct *work) +@@ -495,7 +495,7 @@ void fscache_operation_gc(struct work_struct *work) _debug("GC DEFERRED REL OBJ%x OP%x", object->debug_id, op->debug_id); @@ -48284,12 +49187,12 @@ index 30afdfa..2256596 100644 + fscache_stat_unchecked(&fscache_n_op_gc); ASSERTCMP(atomic_read(&op->usage), ==, 0); - + ASSERTCMP(op->state, ==, FSCACHE_OP_ST_DEAD); diff --git a/fs/fscache/page.c b/fs/fscache/page.c -index 3f7a59b..cf196cc 100644 +index ff000e5..c44ec6d 100644 --- a/fs/fscache/page.c +++ b/fs/fscache/page.c -@@ -60,7 +60,7 @@ bool __fscache_maybe_release_page(struct fscache_cookie *cookie, +@@ -61,7 +61,7 @@ try_again: val = radix_tree_lookup(&cookie->stores, page->index); if (!val) { rcu_read_unlock(); @@ -48298,7 +49201,7 @@ index 3f7a59b..cf196cc 100644 __fscache_uncache_page(cookie, page); return true; } -@@ -90,11 +90,11 @@ bool __fscache_maybe_release_page(struct fscache_cookie *cookie, +@@ -91,11 +91,11 @@ try_again: spin_unlock(&cookie->stores_lock); if (xpage) { @@ -48313,16 +49216,21 @@ index 3f7a59b..cf196cc 100644 } wake_up_bit(&cookie->flags, 0); -@@ -107,7 +107,7 @@ page_busy: - /* we might want to wait here, but that could deadlock the allocator as - * the work threads writing to the cache may all end up sleeping - * on memory allocation */ -- fscache_stat(&fscache_n_store_vmscan_busy); -+ fscache_stat_unchecked(&fscache_n_store_vmscan_busy); - return false; - } - EXPORT_SYMBOL(__fscache_maybe_release_page); -@@ -131,7 +131,7 @@ static void fscache_end_page_write(struct fscache_object *object, +@@ -110,11 +110,11 @@ page_busy: + * sleeping on memory allocation, so we may need to impose a timeout + * too. */ + if (!(gfp & __GFP_WAIT)) { +- fscache_stat(&fscache_n_store_vmscan_busy); ++ fscache_stat_unchecked(&fscache_n_store_vmscan_busy); + return false; + } + +- fscache_stat(&fscache_n_store_vmscan_wait); ++ fscache_stat_unchecked(&fscache_n_store_vmscan_wait); + __fscache_wait_on_page_write(cookie, page); + gfp &= ~__GFP_WAIT; + goto try_again; +@@ -140,7 +140,7 @@ static void fscache_end_page_write(struct fscache_object *object, FSCACHE_COOKIE_STORING_TAG); if (!radix_tree_tag_get(&cookie->stores, page->index, FSCACHE_COOKIE_PENDING_TAG)) { @@ -48331,7 +49239,7 @@ index 3f7a59b..cf196cc 100644 xpage = radix_tree_delete(&cookie->stores, page->index); } spin_unlock(&cookie->stores_lock); -@@ -152,7 +152,7 @@ static void fscache_attr_changed_op(struct fscache_operation *op) +@@ -161,7 +161,7 @@ static void fscache_attr_changed_op(struct fscache_operation *op) _enter("{OBJ%x OP%x}", object->debug_id, op->debug_id); @@ -48340,7 +49248,7 @@ index 3f7a59b..cf196cc 100644 if (fscache_object_is_active(object)) { fscache_stat(&fscache_n_cop_attr_changed); -@@ -177,11 +177,11 @@ int __fscache_attr_changed(struct fscache_cookie *cookie) +@@ -187,11 +187,11 @@ int __fscache_attr_changed(struct fscache_cookie *cookie) ASSERTCMP(cookie->def->type, !=, FSCACHE_COOKIE_TYPE_INDEX); @@ -48354,7 +49262,7 @@ index 3f7a59b..cf196cc 100644 _leave(" = -ENOMEM"); return -ENOMEM; } -@@ -199,7 +199,7 @@ int __fscache_attr_changed(struct fscache_cookie *cookie) +@@ -209,7 +209,7 @@ int __fscache_attr_changed(struct fscache_cookie *cookie) if (fscache_submit_exclusive_op(object, op) < 0) goto nobufs; spin_unlock(&cookie->lock); @@ -48363,7 +49271,7 @@ index 3f7a59b..cf196cc 100644 fscache_put_operation(op); _leave(" = 0"); return 0; -@@ -207,7 +207,7 @@ int __fscache_attr_changed(struct fscache_cookie *cookie) +@@ -217,7 +217,7 @@ int __fscache_attr_changed(struct fscache_cookie *cookie) nobufs: spin_unlock(&cookie->lock); kfree(op); @@ -48372,7 +49280,7 @@ index 3f7a59b..cf196cc 100644 _leave(" = %d", -ENOBUFS); return -ENOBUFS; } -@@ -243,7 +243,7 @@ static struct fscache_retrieval *fscache_alloc_retrieval( +@@ -255,7 +255,7 @@ static struct fscache_retrieval *fscache_alloc_retrieval( /* allocate a retrieval operation and attempt to submit it */ op = kzalloc(sizeof(*op), GFP_NOIO); if (!op) { @@ -48381,7 +49289,7 @@ index 3f7a59b..cf196cc 100644 return NULL; } -@@ -271,13 +271,13 @@ static int fscache_wait_for_deferred_lookup(struct fscache_cookie *cookie) +@@ -283,13 +283,13 @@ static int fscache_wait_for_deferred_lookup(struct fscache_cookie *cookie) return 0; } @@ -48397,7 +49305,7 @@ index 3f7a59b..cf196cc 100644 _leave(" = -ERESTARTSYS"); return -ERESTARTSYS; } -@@ -295,8 +295,8 @@ static int fscache_wait_for_deferred_lookup(struct fscache_cookie *cookie) +@@ -318,8 +318,8 @@ static void fscache_do_cancel_retrieval(struct fscache_operation *_op) */ static int fscache_wait_for_retrieval_activation(struct fscache_object *object, struct fscache_retrieval *op, @@ -48408,7 +49316,7 @@ index 3f7a59b..cf196cc 100644 { int ret; -@@ -304,7 +304,7 @@ static int fscache_wait_for_retrieval_activation(struct fscache_object *object, +@@ -327,7 +327,7 @@ static int fscache_wait_for_retrieval_activation(struct fscache_object *object, goto check_if_dead; _debug(">>> WT"); @@ -48416,17 +49324,25 @@ index 3f7a59b..cf196cc 100644 + fscache_stat_unchecked(stat_op_waits); if (wait_on_bit(&op->op.flags, FSCACHE_OP_WAITING, fscache_wait_bit_interruptible, - TASK_INTERRUPTIBLE) < 0) { -@@ -321,7 +321,7 @@ static int fscache_wait_for_retrieval_activation(struct fscache_object *object, + TASK_INTERRUPTIBLE) != 0) { +@@ -344,14 +344,14 @@ static int fscache_wait_for_retrieval_activation(struct fscache_object *object, check_if_dead: + if (op->op.state == FSCACHE_OP_ST_CANCELLED) { +- fscache_stat(stat_object_dead); ++ fscache_stat_unchecked(stat_object_dead); + _leave(" = -ENOBUFS [cancelled]"); + return -ENOBUFS; + } if (unlikely(fscache_object_is_dead(object))) { + pr_err("%s() = -ENOBUFS [obj dead %d]\n", __func__, op->op.state); + fscache_cancel_op(&op->op, fscache_do_cancel_retrieval); - fscache_stat(stat_object_dead); + fscache_stat_unchecked(stat_object_dead); return -ENOBUFS; } return 0; -@@ -348,7 +348,7 @@ int __fscache_read_or_alloc_page(struct fscache_cookie *cookie, +@@ -378,7 +378,7 @@ int __fscache_read_or_alloc_page(struct fscache_cookie *cookie, _enter("%p,%p,,,", cookie, page); @@ -48435,8 +49351,8 @@ index 3f7a59b..cf196cc 100644 if (hlist_empty(&cookie->backing_objects)) goto nobufs; -@@ -381,7 +381,7 @@ int __fscache_read_or_alloc_page(struct fscache_cookie *cookie, - goto nobufs_unlock; +@@ -417,7 +417,7 @@ int __fscache_read_or_alloc_page(struct fscache_cookie *cookie, + goto nobufs_unlock_dec; spin_unlock(&cookie->lock); - fscache_stat(&fscache_n_retrieval_ops); @@ -48444,7 +49360,7 @@ index 3f7a59b..cf196cc 100644 /* pin the netfs read context in case we need to do the actual netfs * read because we've encountered a cache read failure */ -@@ -411,15 +411,15 @@ int __fscache_read_or_alloc_page(struct fscache_cookie *cookie, +@@ -447,15 +447,15 @@ int __fscache_read_or_alloc_page(struct fscache_cookie *cookie, error: if (ret == -ENOMEM) @@ -48465,7 +49381,7 @@ index 3f7a59b..cf196cc 100644 fscache_put_retrieval(op); _leave(" = %d", ret); -@@ -429,7 +429,7 @@ nobufs_unlock: +@@ -467,7 +467,7 @@ nobufs_unlock: spin_unlock(&cookie->lock); kfree(op); nobufs: @@ -48474,7 +49390,7 @@ index 3f7a59b..cf196cc 100644 _leave(" = -ENOBUFS"); return -ENOBUFS; } -@@ -467,7 +467,7 @@ int __fscache_read_or_alloc_pages(struct fscache_cookie *cookie, +@@ -505,7 +505,7 @@ int __fscache_read_or_alloc_pages(struct fscache_cookie *cookie, _enter("%p,,%d,,,", cookie, *nr_pages); @@ -48483,8 +49399,8 @@ index 3f7a59b..cf196cc 100644 if (hlist_empty(&cookie->backing_objects)) goto nobufs; -@@ -497,7 +497,7 @@ int __fscache_read_or_alloc_pages(struct fscache_cookie *cookie, - goto nobufs_unlock; +@@ -541,7 +541,7 @@ int __fscache_read_or_alloc_pages(struct fscache_cookie *cookie, + goto nobufs_unlock_dec; spin_unlock(&cookie->lock); - fscache_stat(&fscache_n_retrieval_ops); @@ -48492,7 +49408,7 @@ index 3f7a59b..cf196cc 100644 /* pin the netfs read context in case we need to do the actual netfs * read because we've encountered a cache read failure */ -@@ -527,15 +527,15 @@ int __fscache_read_or_alloc_pages(struct fscache_cookie *cookie, +@@ -571,15 +571,15 @@ int __fscache_read_or_alloc_pages(struct fscache_cookie *cookie, error: if (ret == -ENOMEM) @@ -48513,7 +49429,7 @@ index 3f7a59b..cf196cc 100644 fscache_put_retrieval(op); _leave(" = %d", ret); -@@ -545,7 +545,7 @@ nobufs_unlock: +@@ -591,7 +591,7 @@ nobufs_unlock: spin_unlock(&cookie->lock); kfree(op); nobufs: @@ -48522,7 +49438,7 @@ index 3f7a59b..cf196cc 100644 _leave(" = -ENOBUFS"); return -ENOBUFS; } -@@ -569,7 +569,7 @@ int __fscache_alloc_page(struct fscache_cookie *cookie, +@@ -615,7 +615,7 @@ int __fscache_alloc_page(struct fscache_cookie *cookie, _enter("%p,%p,,,", cookie, page); @@ -48531,7 +49447,7 @@ index 3f7a59b..cf196cc 100644 if (hlist_empty(&cookie->backing_objects)) goto nobufs; -@@ -595,7 +595,7 @@ int __fscache_alloc_page(struct fscache_cookie *cookie, +@@ -647,7 +647,7 @@ int __fscache_alloc_page(struct fscache_cookie *cookie, goto nobufs_unlock; spin_unlock(&cookie->lock); @@ -48540,7 +49456,7 @@ index 3f7a59b..cf196cc 100644 ret = fscache_wait_for_retrieval_activation( object, op, -@@ -611,11 +611,11 @@ int __fscache_alloc_page(struct fscache_cookie *cookie, +@@ -663,11 +663,11 @@ int __fscache_alloc_page(struct fscache_cookie *cookie, error: if (ret == -ERESTARTSYS) @@ -48555,7 +49471,7 @@ index 3f7a59b..cf196cc 100644 fscache_put_retrieval(op); _leave(" = %d", ret); -@@ -625,7 +625,7 @@ nobufs_unlock: +@@ -677,7 +677,7 @@ nobufs_unlock: spin_unlock(&cookie->lock); kfree(op); nobufs: @@ -48564,7 +49480,7 @@ index 3f7a59b..cf196cc 100644 _leave(" = -ENOBUFS"); return -ENOBUFS; } -@@ -666,7 +666,7 @@ static void fscache_write_op(struct fscache_operation *_op) +@@ -736,7 +736,7 @@ static void fscache_write_op(struct fscache_operation *_op) spin_lock(&cookie->stores_lock); @@ -48573,7 +49489,7 @@ index 3f7a59b..cf196cc 100644 /* find a page to store */ page = NULL; -@@ -677,7 +677,7 @@ static void fscache_write_op(struct fscache_operation *_op) +@@ -747,7 +747,7 @@ static void fscache_write_op(struct fscache_operation *_op) page = results[0]; _debug("gang %d [%lx]", n, page->index); if (page->index > op->store_limit) { @@ -48582,7 +49498,7 @@ index 3f7a59b..cf196cc 100644 goto superseded; } -@@ -689,7 +689,7 @@ static void fscache_write_op(struct fscache_operation *_op) +@@ -759,7 +759,7 @@ static void fscache_write_op(struct fscache_operation *_op) spin_unlock(&cookie->stores_lock); spin_unlock(&object->lock); @@ -48591,16 +49507,16 @@ index 3f7a59b..cf196cc 100644 fscache_stat(&fscache_n_cop_write_page); ret = object->cache->ops->write_page(op, page); fscache_stat_d(&fscache_n_cop_write_page); -@@ -757,7 +757,7 @@ int __fscache_write_page(struct fscache_cookie *cookie, +@@ -860,7 +860,7 @@ int __fscache_write_page(struct fscache_cookie *cookie, ASSERTCMP(cookie->def->type, !=, FSCACHE_COOKIE_TYPE_INDEX); ASSERT(PageFsCache(page)); - fscache_stat(&fscache_n_stores); + fscache_stat_unchecked(&fscache_n_stores); - op = kzalloc(sizeof(*op), GFP_NOIO); - if (!op) -@@ -808,7 +808,7 @@ int __fscache_write_page(struct fscache_cookie *cookie, + if (test_bit(FSCACHE_COOKIE_INVALIDATING, &cookie->flags)) { + _leave(" = -ENOBUFS [invalidating]"); +@@ -916,7 +916,7 @@ int __fscache_write_page(struct fscache_cookie *cookie, spin_unlock(&cookie->stores_lock); spin_unlock(&object->lock); @@ -48609,7 +49525,7 @@ index 3f7a59b..cf196cc 100644 op->store_limit = object->store_limit; if (fscache_submit_op(object, &op->op) < 0) -@@ -816,8 +816,8 @@ int __fscache_write_page(struct fscache_cookie *cookie, +@@ -924,8 +924,8 @@ int __fscache_write_page(struct fscache_cookie *cookie, spin_unlock(&cookie->lock); radix_tree_preload_end(); @@ -48620,7 +49536,7 @@ index 3f7a59b..cf196cc 100644 /* the work queue now carries its own ref on the object */ fscache_put_operation(&op->op); -@@ -825,14 +825,14 @@ int __fscache_write_page(struct fscache_cookie *cookie, +@@ -933,14 +933,14 @@ int __fscache_write_page(struct fscache_cookie *cookie, return 0; already_queued: @@ -48637,7 +49553,7 @@ index 3f7a59b..cf196cc 100644 _leave(" = 0"); return 0; -@@ -851,14 +851,14 @@ nobufs: +@@ -959,14 +959,14 @@ nobufs: spin_unlock(&cookie->lock); radix_tree_preload_end(); kfree(op); @@ -48654,7 +49570,7 @@ index 3f7a59b..cf196cc 100644 _leave(" = -ENOMEM"); return -ENOMEM; } -@@ -876,7 +876,7 @@ void __fscache_uncache_page(struct fscache_cookie *cookie, struct page *page) +@@ -984,7 +984,7 @@ void __fscache_uncache_page(struct fscache_cookie *cookie, struct page *page) ASSERTCMP(cookie->def->type, !=, FSCACHE_COOKIE_TYPE_INDEX); ASSERTCMP(page, !=, NULL); @@ -48663,20 +49579,20 @@ index 3f7a59b..cf196cc 100644 /* cache withdrawal may beat us to it */ if (!PageFsCache(page)) -@@ -929,7 +929,7 @@ void fscache_mark_pages_cached(struct fscache_retrieval *op, - unsigned long loop; +@@ -1035,7 +1035,7 @@ void fscache_mark_page_cached(struct fscache_retrieval *op, struct page *page) + struct fscache_cookie *cookie = op->op.object->cookie; #ifdef CONFIG_FSCACHE_STATS -- atomic_add(pagevec->nr, &fscache_n_marks); -+ atomic_add_unchecked(pagevec->nr, &fscache_n_marks); +- atomic_inc(&fscache_n_marks); ++ atomic_inc_unchecked(&fscache_n_marks); #endif - for (loop = 0; loop < pagevec->nr; loop++) { + _debug("- mark %p{%lx}", page, page->index); diff --git a/fs/fscache/stats.c b/fs/fscache/stats.c -index 4765190..2a067f2 100644 +index 8179e8b..5072cc7 100644 --- a/fs/fscache/stats.c +++ b/fs/fscache/stats.c -@@ -18,95 +18,95 @@ +@@ -18,99 +18,99 @@ /* * operation counters */ @@ -48773,10 +49689,12 @@ index 4765190..2a067f2 100644 -atomic_t fscache_n_store_vmscan_gone; -atomic_t fscache_n_store_vmscan_busy; -atomic_t fscache_n_store_vmscan_cancelled; +-atomic_t fscache_n_store_vmscan_wait; +atomic_unchecked_t fscache_n_store_vmscan_not_storing; +atomic_unchecked_t fscache_n_store_vmscan_gone; +atomic_unchecked_t fscache_n_store_vmscan_busy; +atomic_unchecked_t fscache_n_store_vmscan_cancelled; ++atomic_unchecked_t fscache_n_store_vmscan_wait; -atomic_t fscache_n_marks; -atomic_t fscache_n_uncaches; @@ -48796,6 +49714,11 @@ index 4765190..2a067f2 100644 +atomic_unchecked_t fscache_n_acquires_nobufs; +atomic_unchecked_t fscache_n_acquires_oom; +-atomic_t fscache_n_invalidates; +-atomic_t fscache_n_invalidates_run; ++atomic_unchecked_t fscache_n_invalidates; ++atomic_unchecked_t fscache_n_invalidates_run; + -atomic_t fscache_n_updates; -atomic_t fscache_n_updates_null; -atomic_t fscache_n_updates_run; @@ -48849,7 +49772,7 @@ index 4765190..2a067f2 100644 atomic_t fscache_n_cop_alloc_object; atomic_t fscache_n_cop_lookup_object; -@@ -133,113 +133,113 @@ static int fscache_stats_show(struct seq_file *m, void *v) +@@ -138,118 +138,118 @@ static int fscache_stats_show(struct seq_file *m, void *v) seq_puts(m, "FS-Cache statistics\n"); seq_printf(m, "Cookies: idx=%u dat=%u spc=%u\n", @@ -48912,6 +49835,12 @@ index 4765190..2a067f2 100644 + atomic_read_unchecked(&fscache_n_object_created), + atomic_read_unchecked(&fscache_n_object_lookups_timed_out)); + seq_printf(m, "Invals : n=%u run=%u\n", +- atomic_read(&fscache_n_invalidates), +- atomic_read(&fscache_n_invalidates_run)); ++ atomic_read_unchecked(&fscache_n_invalidates), ++ atomic_read_unchecked(&fscache_n_invalidates_run)); + seq_printf(m, "Updates: n=%u nul=%u run=%u\n", - atomic_read(&fscache_n_updates), - atomic_read(&fscache_n_updates_null), @@ -49008,15 +49937,17 @@ index 4765190..2a067f2 100644 + atomic_read_unchecked(&fscache_n_store_radix_deletes), + atomic_read_unchecked(&fscache_n_store_pages_over_limit)); - seq_printf(m, "VmScan : nos=%u gon=%u bsy=%u can=%u\n", + seq_printf(m, "VmScan : nos=%u gon=%u bsy=%u can=%u wt=%u\n", - atomic_read(&fscache_n_store_vmscan_not_storing), - atomic_read(&fscache_n_store_vmscan_gone), - atomic_read(&fscache_n_store_vmscan_busy), -- atomic_read(&fscache_n_store_vmscan_cancelled)); +- atomic_read(&fscache_n_store_vmscan_cancelled), +- atomic_read(&fscache_n_store_vmscan_wait)); + atomic_read_unchecked(&fscache_n_store_vmscan_not_storing), + atomic_read_unchecked(&fscache_n_store_vmscan_gone), + atomic_read_unchecked(&fscache_n_store_vmscan_busy), -+ atomic_read_unchecked(&fscache_n_store_vmscan_cancelled)); ++ atomic_read_unchecked(&fscache_n_store_vmscan_cancelled), ++ atomic_read_unchecked(&fscache_n_store_vmscan_wait)); seq_printf(m, "Ops : pend=%u run=%u enq=%u can=%u rej=%u\n", - atomic_read(&fscache_n_op_pend), @@ -49040,10 +49971,10 @@ index 4765190..2a067f2 100644 seq_printf(m, "CacheOp: alo=%d luo=%d luc=%d gro=%d\n", atomic_read(&fscache_n_cop_alloc_object), diff --git a/fs/fuse/cuse.c b/fs/fuse/cuse.c -index ee8d550..7189d8c 100644 +index e397b67..b0d8709 100644 --- a/fs/fuse/cuse.c +++ b/fs/fuse/cuse.c -@@ -585,10 +585,12 @@ static int __init cuse_init(void) +@@ -593,10 +593,12 @@ static int __init cuse_init(void) INIT_LIST_HEAD(&cuse_conntbl[i]); /* inherit and extend fuse_dev_operations */ @@ -49061,10 +49992,10 @@ index ee8d550..7189d8c 100644 cuse_class = class_create(THIS_MODULE, "cuse"); if (IS_ERR(cuse_class)) diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c -index 8c23fa7..0e3aac7 100644 +index e83351a..41e3c9c 100644 --- a/fs/fuse/dev.c +++ b/fs/fuse/dev.c -@@ -1241,7 +1241,7 @@ static ssize_t fuse_dev_splice_read(struct file *in, loff_t *ppos, +@@ -1236,7 +1236,7 @@ static ssize_t fuse_dev_splice_read(struct file *in, loff_t *ppos, ret = 0; pipe_lock(pipe); @@ -49074,7 +50005,7 @@ index 8c23fa7..0e3aac7 100644 if (!ret) ret = -EPIPE; diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c -index 324bc08..4fdd56e 100644 +index b7c09f9..3eff736 100644 --- a/fs/fuse/dir.c +++ b/fs/fuse/dir.c @@ -1226,7 +1226,7 @@ static char *read_link(struct dentry *dentry) @@ -49087,10 +50018,10 @@ index 324bc08..4fdd56e 100644 if (!IS_ERR(link)) free_page((unsigned long) link); diff --git a/fs/gfs2/inode.c b/fs/gfs2/inode.c -index 381893c..3793318 100644 +index 2b6f569..fcb4d1f 100644 --- a/fs/gfs2/inode.c +++ b/fs/gfs2/inode.c -@@ -1490,7 +1490,7 @@ out: +@@ -1499,7 +1499,7 @@ out: static void gfs2_put_link(struct dentry *dentry, struct nameidata *nd, void *p) { @@ -49100,18 +50031,18 @@ index 381893c..3793318 100644 kfree(s); } diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c -index c5bc355..163a13e 100644 +index 78bde32..767e906 100644 --- a/fs/hugetlbfs/inode.c +++ b/fs/hugetlbfs/inode.c -@@ -153,6 +153,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, +@@ -152,6 +152,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, + struct mm_struct *mm = current->mm; struct vm_area_struct *vma; - unsigned long start_addr; struct hstate *h = hstate_file(file); + unsigned long offset = gr_rand_threadstack_offset(mm, file, flags); + struct vm_unmapped_area_info info; if (len & ~huge_page_mask(h)) - return -EINVAL; -@@ -165,18 +166,21 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, +@@ -165,17 +166,26 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, return addr; } @@ -49128,44 +50059,29 @@ index c5bc355..163a13e 100644 return addr; } - if (len > mm->cached_hole_size) - start_addr = mm->free_area_cache; - else { -- start_addr = TASK_UNMAPPED_BASE; -+ start_addr = mm->mmap_base; - mm->cached_hole_size = 0; - } - -@@ -190,15 +194,15 @@ full_search: - * Start a new search - just in case we missed - * some holes. - */ -- if (start_addr != TASK_UNMAPPED_BASE) { -- start_addr = TASK_UNMAPPED_BASE; -+ if (start_addr != mm->mmap_base) { -+ start_addr = mm->mmap_base; - mm->cached_hole_size = 0; - goto full_search; - } - return -ENOMEM; - } - -- if (!vma || addr + len <= vma->vm_start) { -+ if (check_heap_stack_gap(vma, addr, len, offset)) { - mm->free_area_cache = addr + len; - return addr; - } -@@ -923,7 +927,7 @@ static struct file_system_type hugetlbfs_fs_type = { + info.flags = 0; + info.length = len; + info.low_limit = TASK_UNMAPPED_BASE; ++ ++#ifdef CONFIG_PAX_RANDMMAP ++ if (mm->pax_flags & MF_PAX_RANDMMAP) ++ info.low_limit += mm->delta_mmap; ++#endif ++ + info.high_limit = TASK_SIZE; + info.align_mask = PAGE_MASK & ~huge_page_mask(h); + info.align_offset = 0; +@@ -897,7 +907,7 @@ static struct file_system_type hugetlbfs_fs_type = { .kill_sb = kill_litter_super, }; --static struct vfsmount *hugetlbfs_vfsmount; -+struct vfsmount *hugetlbfs_vfsmount; +-static struct vfsmount *hugetlbfs_vfsmount[HUGE_MAX_HSTATE]; ++struct vfsmount *hugetlbfs_vfsmount[HUGE_MAX_HSTATE]; static int can_do_hugetlb_shm(void) { diff --git a/fs/inode.c b/fs/inode.c -index 64999f1..8fad608 100644 +index 14084b7..29af1d9 100644 --- a/fs/inode.c +++ b/fs/inode.c @@ -880,8 +880,8 @@ unsigned int get_next_ino(void) @@ -49221,7 +50137,7 @@ index 1a543be..d803c40 100644 if (jfs_inode_cachep == NULL) return -ENOMEM; diff --git a/fs/libfs.c b/fs/libfs.c -index 7cc37ca..b3e3eec 100644 +index 916da8c..1588998 100644 --- a/fs/libfs.c +++ b/fs/libfs.c @@ -165,6 +165,9 @@ int dcache_readdir(struct file * filp, void * dirent, filldir_t filldir) @@ -49249,7 +50165,7 @@ index 7cc37ca..b3e3eec 100644 next->d_inode->i_ino, dt_type(next->d_inode)) < 0) diff --git a/fs/lockd/clntproc.c b/fs/lockd/clntproc.c -index 05d2912..760abfa 100644 +index 54f9e6c..9ed908c 100644 --- a/fs/lockd/clntproc.c +++ b/fs/lockd/clntproc.c @@ -36,11 +36,11 @@ static const struct rpc_call_ops nlmclnt_cancel_ops; @@ -49292,7 +50208,7 @@ index a94e331..060bce3 100644 lock_flocks(); diff --git a/fs/namei.c b/fs/namei.c -index 5f4cdf3..959a013 100644 +index 43a97ee..ff3f601 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -319,16 +319,32 @@ int generic_permission(struct inode *inode, int mask) @@ -49368,7 +50284,7 @@ index 5f4cdf3..959a013 100644 nd->last_type = LAST_BIND; *p = dentry->d_inode->i_op->follow_link(dentry, nd); error = PTR_ERR(*p); -@@ -1605,6 +1619,8 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd) +@@ -1596,6 +1610,8 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd) break; res = walk_component(nd, path, &nd->last, nd->last_type, LOOKUP_FOLLOW); @@ -49377,7 +50293,7 @@ index 5f4cdf3..959a013 100644 put_link(nd, &link, cookie); } while (res > 0); -@@ -1703,7 +1719,7 @@ EXPORT_SYMBOL(full_name_hash); +@@ -1694,7 +1710,7 @@ EXPORT_SYMBOL(full_name_hash); static inline unsigned long hash_name(const char *name, unsigned int *hashp) { unsigned long a, b, adata, bdata, mask, hash, len; @@ -49386,7 +50302,7 @@ index 5f4cdf3..959a013 100644 hash = a = 0; len = -sizeof(unsigned long); -@@ -1993,6 +2009,8 @@ static int path_lookupat(int dfd, const char *name, +@@ -1979,6 +1995,8 @@ static int path_lookupat(int dfd, const char *name, if (err) break; err = lookup_last(nd, &path); @@ -49395,7 +50311,7 @@ index 5f4cdf3..959a013 100644 put_link(nd, &link, cookie); } } -@@ -2000,6 +2018,21 @@ static int path_lookupat(int dfd, const char *name, +@@ -1986,6 +2004,21 @@ static int path_lookupat(int dfd, const char *name, if (!err) err = complete_walk(nd); @@ -49417,7 +50333,7 @@ index 5f4cdf3..959a013 100644 if (!err && nd->flags & LOOKUP_DIRECTORY) { if (!nd->inode->i_op->lookup) { path_put(&nd->path); -@@ -2027,8 +2060,17 @@ static int filename_lookup(int dfd, struct filename *name, +@@ -2013,8 +2046,17 @@ static int filename_lookup(int dfd, struct filename *name, retval = path_lookupat(dfd, name->name, flags | LOOKUP_REVAL, nd); @@ -49436,7 +50352,7 @@ index 5f4cdf3..959a013 100644 return retval; } -@@ -2402,6 +2444,13 @@ static int may_open(struct path *path, int acc_mode, int flag) +@@ -2392,6 +2434,13 @@ static int may_open(struct path *path, int acc_mode, int flag) if (flag & O_NOATIME && !inode_owner_or_capable(inode)) return -EPERM; @@ -49450,7 +50366,7 @@ index 5f4cdf3..959a013 100644 return 0; } -@@ -2623,7 +2672,7 @@ looked_up: +@@ -2613,7 +2662,7 @@ looked_up: * cleared otherwise prior to returning. */ static int lookup_open(struct nameidata *nd, struct path *path, @@ -49459,7 +50375,7 @@ index 5f4cdf3..959a013 100644 const struct open_flags *op, bool got_write, int *opened) { -@@ -2658,6 +2707,17 @@ static int lookup_open(struct nameidata *nd, struct path *path, +@@ -2648,6 +2697,17 @@ static int lookup_open(struct nameidata *nd, struct path *path, /* Negative dentry, just create the file */ if (!dentry->d_inode && (op->open_flag & O_CREAT)) { umode_t mode = op->mode; @@ -49477,7 +50393,7 @@ index 5f4cdf3..959a013 100644 if (!IS_POSIXACL(dir->d_inode)) mode &= ~current_umask(); /* -@@ -2679,6 +2739,8 @@ static int lookup_open(struct nameidata *nd, struct path *path, +@@ -2669,6 +2729,8 @@ static int lookup_open(struct nameidata *nd, struct path *path, nd->flags & LOOKUP_EXCL); if (error) goto out_dput; @@ -49486,7 +50402,7 @@ index 5f4cdf3..959a013 100644 } out_no_open: path->dentry = dentry; -@@ -2693,7 +2755,7 @@ out_dput: +@@ -2683,7 +2745,7 @@ out_dput: /* * Handle the last step of open() */ @@ -49495,7 +50411,7 @@ index 5f4cdf3..959a013 100644 struct file *file, const struct open_flags *op, int *opened, struct filename *name) { -@@ -2722,16 +2784,44 @@ static int do_last(struct nameidata *nd, struct path *path, +@@ -2712,16 +2774,44 @@ static int do_last(struct nameidata *nd, struct path *path, error = complete_walk(nd); if (error) return error; @@ -49540,7 +50456,7 @@ index 5f4cdf3..959a013 100644 audit_inode(name, dir, 0); goto finish_open; } -@@ -2780,7 +2870,7 @@ retry_lookup: +@@ -2770,7 +2860,7 @@ retry_lookup: */ } mutex_lock(&dir->d_inode->i_mutex); @@ -49549,7 +50465,7 @@ index 5f4cdf3..959a013 100644 mutex_unlock(&dir->d_inode->i_mutex); if (error <= 0) { -@@ -2804,11 +2894,28 @@ retry_lookup: +@@ -2794,11 +2884,28 @@ retry_lookup: goto finish_open_created; } @@ -49579,7 +50495,7 @@ index 5f4cdf3..959a013 100644 /* * If atomic_open() acquired write access it is dropped now due to -@@ -2849,6 +2956,11 @@ finish_lookup: +@@ -2839,6 +2946,11 @@ finish_lookup: } } BUG_ON(inode != path->dentry->d_inode); @@ -49591,7 +50507,7 @@ index 5f4cdf3..959a013 100644 return 1; } -@@ -2858,7 +2970,6 @@ finish_lookup: +@@ -2848,7 +2960,6 @@ finish_lookup: save_parent.dentry = nd->path.dentry; save_parent.mnt = mntget(path->mnt); nd->path.dentry = path->dentry; @@ -49599,7 +50515,7 @@ index 5f4cdf3..959a013 100644 } nd->inode = inode; /* Why this, you ask? _Now_ we might have grown LOOKUP_JUMPED... */ -@@ -2867,6 +2978,22 @@ finish_lookup: +@@ -2857,6 +2968,22 @@ finish_lookup: path_put(&save_parent); return error; } @@ -49622,7 +50538,7 @@ index 5f4cdf3..959a013 100644 error = -EISDIR; if ((open_flag & O_CREAT) && S_ISDIR(nd->inode->i_mode)) goto out; -@@ -2965,7 +3092,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, +@@ -2955,7 +3082,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, if (unlikely(error)) goto out; @@ -49631,7 +50547,7 @@ index 5f4cdf3..959a013 100644 while (unlikely(error > 0)) { /* trailing symlink */ struct path link = path; void *cookie; -@@ -2983,7 +3110,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, +@@ -2973,7 +3100,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, error = follow_link(&link, nd, &cookie); if (unlikely(error)) break; @@ -49640,7 +50556,7 @@ index 5f4cdf3..959a013 100644 put_link(nd, &link, cookie); } out: -@@ -3073,8 +3200,12 @@ struct dentry *kern_path_create(int dfd, const char *pathname, struct path *path +@@ -3073,8 +3200,12 @@ struct dentry *kern_path_create(int dfd, const char *pathname, goto unlock; error = -EEXIST; @@ -49654,7 +50570,7 @@ index 5f4cdf3..959a013 100644 /* * Special case - lookup gave negative, but... we had foo/bar/ * From the vfs_mknod() POV we just have a negative dentry - -@@ -3125,6 +3256,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, struct pat +@@ -3126,6 +3257,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, } EXPORT_SYMBOL(user_path_create); @@ -49675,7 +50591,7 @@ index 5f4cdf3..959a013 100644 int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev) { int error = may_create(dir, dentry); -@@ -3186,6 +3331,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, umode_t, mode, +@@ -3188,6 +3333,17 @@ retry: if (!IS_POSIXACL(path.dentry->d_inode)) mode &= ~current_umask(); @@ -49693,25 +50609,23 @@ index 5f4cdf3..959a013 100644 error = security_path_mknod(&path, dentry, mode, dev); if (error) goto out; -@@ -3202,6 +3358,8 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, umode_t, mode, +@@ -3204,6 +3360,8 @@ retry: break; } out: + if (!error) + gr_handle_create(dentry, path.mnt); done_path_create(&path, dentry); - return error; - } -@@ -3248,9 +3406,18 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, umode_t, mode) + if (retry_estale(error, lookup_flags)) { + lookup_flags |= LOOKUP_REVAL; +@@ -3256,9 +3414,16 @@ retry: if (!IS_POSIXACL(path.dentry->d_inode)) mode &= ~current_umask(); -+ + if (!gr_acl_handle_mkdir(dentry, path.dentry, path.mnt)) { + error = -EACCES; + goto out; + } -+ error = security_path_mkdir(&path, dentry, mode); if (!error) error = vfs_mkdir(path.dentry->d_inode, dentry, mode); @@ -49719,18 +50633,18 @@ index 5f4cdf3..959a013 100644 + gr_handle_create(dentry, path.mnt); +out: done_path_create(&path, dentry); - return error; - } -@@ -3327,6 +3494,8 @@ static long do_rmdir(int dfd, const char __user *pathname) + if (retry_estale(error, lookup_flags)) { + lookup_flags |= LOOKUP_REVAL; +@@ -3339,6 +3504,8 @@ static long do_rmdir(int dfd, const char __user *pathname) struct filename *name; struct dentry *dentry; struct nameidata nd; + ino_t saved_ino = 0; + dev_t saved_dev = 0; - - name = user_path_parent(dfd, pathname, &nd); - if (IS_ERR(name)) -@@ -3358,10 +3527,21 @@ static long do_rmdir(int dfd, const char __user *pathname) + unsigned int lookup_flags = 0; + retry: + name = user_path_parent(dfd, pathname, &nd, lookup_flags); +@@ -3371,10 +3538,21 @@ retry: error = -ENOENT; goto exit3; } @@ -49752,16 +50666,16 @@ index 5f4cdf3..959a013 100644 exit3: dput(dentry); exit2: -@@ -3423,6 +3603,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) +@@ -3440,6 +3618,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) struct dentry *dentry; struct nameidata nd; struct inode *inode = NULL; + ino_t saved_ino = 0; + dev_t saved_dev = 0; - - name = user_path_parent(dfd, pathname, &nd); - if (IS_ERR(name)) -@@ -3448,10 +3630,22 @@ static long do_unlinkat(int dfd, const char __user *pathname) + unsigned int lookup_flags = 0; + retry: + name = user_path_parent(dfd, pathname, &nd, lookup_flags); +@@ -3466,10 +3646,22 @@ retry: if (!inode) goto slashes; ihold(inode); @@ -49784,7 +50698,7 @@ index 5f4cdf3..959a013 100644 exit2: dput(dentry); } -@@ -3523,9 +3717,17 @@ SYSCALL_DEFINE3(symlinkat, const char __user *, oldname, +@@ -3547,9 +3739,17 @@ retry: if (IS_ERR(dentry)) goto out_putname; @@ -49800,9 +50714,9 @@ index 5f4cdf3..959a013 100644 + gr_handle_create(dentry, path.mnt); +out: done_path_create(&path, dentry); - out_putname: - putname(from); -@@ -3595,6 +3797,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, + if (retry_estale(error, lookup_flags)) { + lookup_flags |= LOOKUP_REVAL; +@@ -3623,6 +3823,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, { struct dentry *new_dentry; struct path old_path, new_path; @@ -49810,16 +50724,16 @@ index 5f4cdf3..959a013 100644 int how = 0; int error; -@@ -3618,7 +3821,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, +@@ -3646,7 +3847,7 @@ retry: if (error) return error; -- new_dentry = user_path_create(newdfd, newname, &new_path, 0); -+ new_dentry = user_path_create_with_name(newdfd, newname, &new_path, &to, 0); +- new_dentry = user_path_create(newdfd, newname, &new_path, ++ new_dentry = user_path_create_with_name(newdfd, newname, &new_path, &to, + (how & LOOKUP_REVAL)); error = PTR_ERR(new_dentry); if (IS_ERR(new_dentry)) - goto out; -@@ -3629,11 +3832,28 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, +@@ -3658,11 +3859,28 @@ retry: error = may_linkat(&old_path); if (unlikely(error)) goto out_dput; @@ -49846,9 +50760,9 @@ index 5f4cdf3..959a013 100644 out_dput: + putname(to); done_path_create(&new_path, new_dentry); - out: - path_put(&old_path); -@@ -3873,12 +4093,21 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname, + if (retry_estale(error, how)) { + how |= LOOKUP_REVAL; +@@ -3908,12 +4126,21 @@ retry: if (new_dentry == trap) goto exit5; @@ -49870,7 +50784,7 @@ index 5f4cdf3..959a013 100644 exit5: dput(new_dentry); exit4: -@@ -3903,6 +4132,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna +@@ -3945,6 +4172,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link) { @@ -49879,7 +50793,7 @@ index 5f4cdf3..959a013 100644 int len; len = PTR_ERR(link); -@@ -3912,7 +4143,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c +@@ -3954,7 +4183,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c len = strlen(link); if (len > (unsigned) buflen) len = buflen; @@ -49896,10 +50810,10 @@ index 5f4cdf3..959a013 100644 out: return len; diff --git a/fs/namespace.c b/fs/namespace.c -index 2496062..e26f6d6 100644 +index 55605c5..22e9a03 100644 --- a/fs/namespace.c +++ b/fs/namespace.c -@@ -1212,6 +1212,9 @@ static int do_umount(struct mount *mnt, int flags) +@@ -1215,6 +1215,9 @@ static int do_umount(struct mount *mnt, int flags) if (!(sb->s_flags & MS_RDONLY)) retval = do_remount_sb(sb, MS_RDONLY, NULL, 0); up_write(&sb->s_umount); @@ -49909,7 +50823,7 @@ index 2496062..e26f6d6 100644 return retval; } -@@ -1231,6 +1234,9 @@ static int do_umount(struct mount *mnt, int flags) +@@ -1234,6 +1237,9 @@ static int do_umount(struct mount *mnt, int flags) br_write_unlock(&vfsmount_lock); up_write(&namespace_sem); release_mounts(&umount_list); @@ -49919,7 +50833,7 @@ index 2496062..e26f6d6 100644 return retval; } -@@ -2244,6 +2250,16 @@ long do_mount(const char *dev_name, const char *dir_name, +@@ -2282,6 +2288,16 @@ long do_mount(const char *dev_name, const char *dir_name, MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT | MS_STRICTATIME); @@ -49936,7 +50850,7 @@ index 2496062..e26f6d6 100644 if (flags & MS_REMOUNT) retval = do_remount(&path, flags & ~MS_REMOUNT, mnt_flags, data_page); -@@ -2258,6 +2274,9 @@ long do_mount(const char *dev_name, const char *dir_name, +@@ -2296,6 +2312,9 @@ long do_mount(const char *dev_name, const char *dir_name, dev_name, data_page); dput_out: path_put(&path); @@ -49946,7 +50860,7 @@ index 2496062..e26f6d6 100644 return retval; } -@@ -2516,6 +2535,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, +@@ -2582,6 +2601,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, if (error) goto out2; @@ -49958,11 +50872,20 @@ index 2496062..e26f6d6 100644 get_fs_root(current->fs, &root); error = lock_mount(&old); if (error) +@@ -2785,7 +2809,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns) + !nsown_capable(CAP_SYS_ADMIN)) + return -EPERM; + +- if (fs->users != 1) ++ if (atomic_read(&fs->users) != 1) + return -EINVAL; + + get_mnt_ns(mnt_ns); diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c -index 6fa01ae..2790820 100644 +index ebeb94c..ff35337 100644 --- a/fs/nfs/inode.c +++ b/fs/nfs/inode.c -@@ -1029,16 +1029,16 @@ static int nfs_size_need_update(const struct inode *inode, const struct nfs_fatt +@@ -1042,16 +1042,16 @@ static int nfs_size_need_update(const struct inode *inode, const struct nfs_fatt return nfs_size_to_loff_t(fattr->size) > i_size_read(inode); } @@ -49983,10 +50906,10 @@ index 6fa01ae..2790820 100644 void nfs_fattr_init(struct nfs_fattr *fattr) diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c -index f59169e..fd7d359 100644 +index d586117..143d568 100644 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c -@@ -941,7 +941,7 @@ nfsd_vfs_read(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file, +@@ -939,7 +939,7 @@ nfsd_vfs_read(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file, } else { oldfs = get_fs(); set_fs(KERNEL_DS); @@ -49995,7 +50918,7 @@ index f59169e..fd7d359 100644 set_fs(oldfs); } -@@ -1045,7 +1045,7 @@ nfsd_vfs_write(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file, +@@ -1025,7 +1025,7 @@ nfsd_vfs_write(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file, /* Write the data. */ oldfs = get_fs(); set_fs(KERNEL_DS); @@ -50004,7 +50927,7 @@ index f59169e..fd7d359 100644 set_fs(oldfs); if (host_err < 0) goto out_nfserr; -@@ -1587,7 +1587,7 @@ nfsd_readlink(struct svc_rqst *rqstp, struct svc_fh *fhp, char *buf, int *lenp) +@@ -1571,7 +1571,7 @@ nfsd_readlink(struct svc_rqst *rqstp, struct svc_fh *fhp, char *buf, int *lenp) */ oldfs = get_fs(); set_fs(KERNEL_DS); @@ -50014,10 +50937,10 @@ index f59169e..fd7d359 100644 if (host_err < 0) diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c -index 6fcaeb8..9d16d04 100644 +index 9ff4a5e..deb1f0f 100644 --- a/fs/notify/fanotify/fanotify_user.c +++ b/fs/notify/fanotify/fanotify_user.c -@@ -250,8 +250,8 @@ static ssize_t copy_event_to_user(struct fsnotify_group *group, +@@ -251,8 +251,8 @@ static ssize_t copy_event_to_user(struct fsnotify_group *group, fd = fanotify_event_metadata.fd; ret = -EFAULT; @@ -50029,7 +50952,7 @@ index 6fcaeb8..9d16d04 100644 ret = prepare_for_access_response(group, event, fd); diff --git a/fs/notify/notification.c b/fs/notify/notification.c -index c887b13..0fdf472 100644 +index 7b51b05..5ea5ef6 100644 --- a/fs/notify/notification.c +++ b/fs/notify/notification.c @@ -57,7 +57,7 @@ static struct kmem_cache *fsnotify_event_holder_cachep; @@ -50064,10 +50987,10 @@ index 99e3610..02c1068 100644 "inode 0x%lx or driver bug.", vdir->i_ino); goto err_out; diff --git a/fs/ntfs/file.c b/fs/ntfs/file.c -index 1ecf464..e1ff8bf 100644 +index 5b2d4f0..c6de396 100644 --- a/fs/ntfs/file.c +++ b/fs/ntfs/file.c -@@ -2232,6 +2232,6 @@ const struct inode_operations ntfs_file_inode_ops = { +@@ -2242,6 +2242,6 @@ const struct inode_operations ntfs_file_inode_ops = { #endif /* NTFS_RW */ }; @@ -50207,7 +51130,7 @@ index 0e91ec2..f4b3fc6 100644 /* Copy the blockcheck stats from the superblock probe */ osb->osb_ecc_stats = *stats; diff --git a/fs/open.c b/fs/open.c -index 59071f5..c6229a0 100644 +index 9b33c0c..2ffcca2 100644 --- a/fs/open.c +++ b/fs/open.c @@ -31,6 +31,8 @@ @@ -50219,18 +51142,25 @@ index 59071f5..c6229a0 100644 #include "internal.h" int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs, -@@ -112,6 +114,10 @@ static long do_sys_truncate(const char __user *pathname, loff_t length) +@@ -101,6 +103,8 @@ long vfs_truncate(struct path *path, loff_t length) error = locks_verify_truncate(inode, NULL, length); if (!error) - error = security_path_truncate(&path); -+ -+ if (!error && !gr_acl_handle_truncate(path.dentry, path.mnt)) + error = security_path_truncate(path); ++ if (!error && !gr_acl_handle_truncate(path->dentry, path->mnt)) + error = -EACCES; -+ if (!error) - error = do_truncate(path.dentry, length, 0, NULL); + error = do_truncate(path->dentry, length, 0, NULL); -@@ -362,6 +368,9 @@ SYSCALL_DEFINE3(faccessat, int, dfd, const char __user *, filename, int, mode) +@@ -178,6 +182,8 @@ static long do_sys_ftruncate(unsigned int fd, loff_t length, int small) + error = locks_verify_truncate(inode, f.file, length); + if (!error) + error = security_path_truncate(&f.file->f_path); ++ if (!error && !gr_acl_handle_truncate(f.file->f_path.dentry, f.file->f_path.mnt)) ++ error = -EACCES; + if (!error) + error = do_truncate(dentry, length, ATTR_MTIME|ATTR_CTIME, f.file); + sb_end_write(inode->i_sb); +@@ -373,6 +379,9 @@ retry: if (__mnt_is_readonly(path.mnt)) res = -EROFS; @@ -50239,8 +51169,8 @@ index 59071f5..c6229a0 100644 + out_path_release: path_put(&path); - out: -@@ -388,6 +397,8 @@ SYSCALL_DEFINE1(chdir, const char __user *, filename) + if (retry_estale(res, lookup_flags)) { +@@ -404,6 +413,8 @@ retry: if (error) goto dput_and_out; @@ -50249,7 +51179,7 @@ index 59071f5..c6229a0 100644 set_fs_pwd(current->fs, &path); dput_and_out: -@@ -413,6 +424,13 @@ SYSCALL_DEFINE1(fchdir, unsigned int, fd) +@@ -433,6 +444,13 @@ SYSCALL_DEFINE1(fchdir, unsigned int, fd) goto out_putf; error = inode_permission(inode, MAY_EXEC | MAY_CHDIR); @@ -50263,7 +51193,7 @@ index 59071f5..c6229a0 100644 if (!error) set_fs_pwd(current->fs, &f.file->f_path); out_putf: -@@ -441,7 +459,13 @@ SYSCALL_DEFINE1(chroot, const char __user *, filename) +@@ -462,7 +480,13 @@ retry: if (error) goto dput_and_out; @@ -50277,7 +51207,7 @@ index 59071f5..c6229a0 100644 error = 0; dput_and_out: path_put(&path); -@@ -459,6 +483,16 @@ static int chmod_common(struct path *path, umode_t mode) +@@ -484,6 +508,16 @@ static int chmod_common(struct path *path, umode_t mode) if (error) return error; mutex_lock(&inode->i_mutex); @@ -50294,7 +51224,7 @@ index 59071f5..c6229a0 100644 error = security_path_chmod(path, mode); if (error) goto out_unlock; -@@ -514,6 +548,9 @@ static int chown_common(struct path *path, uid_t user, gid_t group) +@@ -544,6 +578,9 @@ static int chown_common(struct path *path, uid_t user, gid_t group) uid = make_kuid(current_user_ns(), user); gid = make_kgid(current_user_ns(), group); @@ -50304,7 +51234,7 @@ index 59071f5..c6229a0 100644 newattrs.ia_valid = ATTR_CTIME; if (user != (uid_t) -1) { if (!uid_valid(uid)) -@@ -925,6 +962,7 @@ long do_sys_open(int dfd, const char __user *filename, int flags, umode_t mode) +@@ -960,6 +997,7 @@ long do_sys_open(int dfd, const char __user *filename, int flags, umode_t mode) } else { fsnotify_open(f); fd_install(fd, f); @@ -50471,7 +51401,7 @@ index 15af622..0e9f4467 100644 help Various /proc files exist to monitor process memory utilization: diff --git a/fs/proc/array.c b/fs/proc/array.c -index bd31e02..15cae71 100644 +index 6a91e6f..e54dbc14 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c @@ -60,6 +60,7 @@ @@ -50482,7 +51412,7 @@ index bd31e02..15cae71 100644 #include <linux/proc_fs.h> #include <linux/ioport.h> #include <linux/uaccess.h> -@@ -346,6 +347,21 @@ static void task_cpus_allowed(struct seq_file *m, struct task_struct *task) +@@ -362,6 +363,21 @@ static void task_cpus_allowed(struct seq_file *m, struct task_struct *task) seq_putc(m, '\n'); } @@ -50504,7 +51434,7 @@ index bd31e02..15cae71 100644 int proc_pid_status(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task) { -@@ -363,9 +379,24 @@ int proc_pid_status(struct seq_file *m, struct pid_namespace *ns, +@@ -380,9 +396,24 @@ int proc_pid_status(struct seq_file *m, struct pid_namespace *ns, task_cpus_allowed(m, task); cpuset_task_status_allowed(m, task); task_context_switch_counts(m, task); @@ -50529,7 +51459,7 @@ index bd31e02..15cae71 100644 static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task, int whole) { -@@ -387,6 +418,13 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, +@@ -404,6 +435,13 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, char tcomm[sizeof(task->comm)]; unsigned long flags; @@ -50543,7 +51473,7 @@ index bd31e02..15cae71 100644 state = *get_task_state(task); vsize = eip = esp = 0; permitted = ptrace_may_access(task, PTRACE_MODE_READ | PTRACE_MODE_NOAUDIT); -@@ -458,6 +496,19 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, +@@ -475,6 +513,19 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, gtime = task->gtime; } @@ -50563,7 +51493,7 @@ index bd31e02..15cae71 100644 /* scale priority and nice values from timeslices to -20..20 */ /* to make it look like a "normal" Unix priority/nice value */ priority = task_prio(task); -@@ -494,9 +545,15 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, +@@ -511,9 +562,15 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, seq_put_decimal_ull(m, ' ', vsize); seq_put_decimal_ull(m, ' ', mm ? get_mm_rss(mm) : 0); seq_put_decimal_ull(m, ' ', rsslim); @@ -50579,7 +51509,7 @@ index bd31e02..15cae71 100644 seq_put_decimal_ull(m, ' ', esp); seq_put_decimal_ull(m, ' ', eip); /* The signal information here is obsolete. -@@ -518,7 +575,11 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, +@@ -535,7 +592,11 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, seq_put_decimal_ull(m, ' ', cputime_to_clock_t(gtime)); seq_put_decimal_ll(m, ' ', cputime_to_clock_t(cgtime)); @@ -50592,7 +51522,7 @@ index bd31e02..15cae71 100644 seq_put_decimal_ull(m, ' ', mm->start_data); seq_put_decimal_ull(m, ' ', mm->end_data); seq_put_decimal_ull(m, ' ', mm->start_brk); -@@ -556,8 +617,15 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, +@@ -573,8 +634,15 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task) { unsigned long size = 0, resident = 0, shared = 0, text = 0, data = 0; @@ -50609,7 +51539,7 @@ index bd31e02..15cae71 100644 if (mm) { size = task_statm(mm, &shared, &text, &data, &resident); mmput(mm); -@@ -580,6 +648,13 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, +@@ -597,6 +665,13 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, return 0; } @@ -50624,7 +51554,7 @@ index bd31e02..15cae71 100644 static struct pid * get_children_pid(struct inode *inode, struct pid *pid_prev, loff_t pos) diff --git a/fs/proc/base.c b/fs/proc/base.c -index 9e28356..c485b3c 100644 +index 9b43ff77..3d6a99f 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -111,6 +111,14 @@ struct pid_entry { @@ -50729,7 +51659,7 @@ index 9e28356..c485b3c 100644 put_task_struct(task); } return allowed; -@@ -562,10 +592,35 @@ static bool has_pid_permissions(struct pid_namespace *pid, +@@ -555,10 +585,35 @@ static bool has_pid_permissions(struct pid_namespace *pid, struct task_struct *task, int hide_pid_min) { @@ -50765,7 +51695,7 @@ index 9e28356..c485b3c 100644 return ptrace_may_access(task, PTRACE_MODE_READ); } -@@ -583,7 +638,11 @@ static int proc_pid_permission(struct inode *inode, int mask) +@@ -576,7 +631,11 @@ static int proc_pid_permission(struct inode *inode, int mask) put_task_struct(task); if (!has_perms) { @@ -50777,7 +51707,7 @@ index 9e28356..c485b3c 100644 /* * Let's make getdents(), stat(), and open() * consistent with each other. If a process -@@ -681,6 +740,11 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode) +@@ -674,6 +733,11 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode) if (!task) return -ESRCH; @@ -50789,7 +51719,7 @@ index 9e28356..c485b3c 100644 mm = mm_access(task, mode); put_task_struct(task); -@@ -696,6 +760,10 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode) +@@ -689,6 +753,10 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode) file->private_data = mm; @@ -50800,7 +51730,7 @@ index 9e28356..c485b3c 100644 return 0; } -@@ -717,6 +785,17 @@ static ssize_t mem_rw(struct file *file, char __user *buf, +@@ -710,6 +778,17 @@ static ssize_t mem_rw(struct file *file, char __user *buf, ssize_t copied; char *page; @@ -50818,7 +51748,7 @@ index 9e28356..c485b3c 100644 if (!mm) return 0; -@@ -821,6 +900,13 @@ static ssize_t environ_read(struct file *file, char __user *buf, +@@ -814,6 +893,13 @@ static ssize_t environ_read(struct file *file, char __user *buf, if (!mm) return 0; @@ -50832,7 +51762,7 @@ index 9e28356..c485b3c 100644 page = (char *)__get_free_page(GFP_TEMPORARY); if (!page) return -ENOMEM; -@@ -1436,7 +1522,7 @@ static void *proc_pid_follow_link(struct dentry *dentry, struct nameidata *nd) +@@ -1429,7 +1515,7 @@ static void *proc_pid_follow_link(struct dentry *dentry, struct nameidata *nd) int error = -EACCES; /* Are we allowed to snoop on the tasks file descriptors? */ @@ -50841,7 +51771,7 @@ index 9e28356..c485b3c 100644 goto out; error = PROC_I(inode)->op.proc_get_link(dentry, &path); -@@ -1480,8 +1566,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b +@@ -1473,8 +1559,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b struct path path; /* Are we allowed to snoop on the tasks file descriptors? */ @@ -50862,7 +51792,7 @@ index 9e28356..c485b3c 100644 error = PROC_I(inode)->op.proc_get_link(dentry, &path); if (error) -@@ -1531,7 +1627,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t +@@ -1524,7 +1620,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t rcu_read_lock(); cred = __task_cred(task); inode->i_uid = cred->euid; @@ -50874,7 +51804,7 @@ index 9e28356..c485b3c 100644 rcu_read_unlock(); } security_task_to_inode(task, inode); -@@ -1567,10 +1667,19 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat) +@@ -1560,10 +1660,19 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat) return -ENOENT; } if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || @@ -50894,7 +51824,7 @@ index 9e28356..c485b3c 100644 } } rcu_read_unlock(); -@@ -1608,11 +1717,20 @@ int pid_revalidate(struct dentry *dentry, unsigned int flags) +@@ -1601,11 +1710,20 @@ int pid_revalidate(struct dentry *dentry, unsigned int flags) if (task) { if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || @@ -50915,7 +51845,7 @@ index 9e28356..c485b3c 100644 rcu_read_unlock(); } else { inode->i_uid = GLOBAL_ROOT_UID; -@@ -2065,6 +2183,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir, +@@ -2058,6 +2176,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir, if (!task) goto out_no_task; @@ -50925,7 +51855,7 @@ index 9e28356..c485b3c 100644 /* * Yes, it does not scale. And it should not. Don't add * new entries into /proc/<tgid>/ without very good reasons. -@@ -2109,6 +2230,9 @@ static int proc_pident_readdir(struct file *filp, +@@ -2102,6 +2223,9 @@ static int proc_pident_readdir(struct file *filp, if (!task) goto out_no_task; @@ -50935,16 +51865,7 @@ index 9e28356..c485b3c 100644 ret = 0; i = filp->f_pos; switch (i) { -@@ -2380,7 +2504,7 @@ static void *proc_self_follow_link(struct dentry *dentry, struct nameidata *nd) - static void proc_self_put_link(struct dentry *dentry, struct nameidata *nd, - void *cookie) - { -- char *s = nd_get_link(nd); -+ const char *s = nd_get_link(nd); - if (!IS_ERR(s)) - kfree(s); - } -@@ -2662,7 +2786,7 @@ static const struct pid_entry tgid_base_stuff[] = { +@@ -2515,7 +2639,7 @@ static const struct pid_entry tgid_base_stuff[] = { REG("autogroup", S_IRUGO|S_IWUSR, proc_pid_sched_autogroup_operations), #endif REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations), @@ -50953,7 +51874,7 @@ index 9e28356..c485b3c 100644 INF("syscall", S_IRUGO, proc_pid_syscall), #endif INF("cmdline", S_IRUGO, proc_pid_cmdline), -@@ -2687,10 +2811,10 @@ static const struct pid_entry tgid_base_stuff[] = { +@@ -2540,10 +2664,10 @@ static const struct pid_entry tgid_base_stuff[] = { #ifdef CONFIG_SECURITY DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), #endif @@ -50966,7 +51887,7 @@ index 9e28356..c485b3c 100644 ONE("stack", S_IRUGO, proc_pid_stack), #endif #ifdef CONFIG_SCHEDSTATS -@@ -2724,6 +2848,9 @@ static const struct pid_entry tgid_base_stuff[] = { +@@ -2577,6 +2701,9 @@ static const struct pid_entry tgid_base_stuff[] = { #ifdef CONFIG_HARDWALL INF("hardwall", S_IRUGO, proc_pid_hardwall), #endif @@ -50976,7 +51897,7 @@ index 9e28356..c485b3c 100644 #ifdef CONFIG_USER_NS REG("uid_map", S_IRUGO|S_IWUSR, proc_uid_map_operations), REG("gid_map", S_IRUGO|S_IWUSR, proc_gid_map_operations), -@@ -2856,7 +2983,14 @@ static struct dentry *proc_pid_instantiate(struct inode *dir, +@@ -2705,7 +2832,14 @@ static struct dentry *proc_pid_instantiate(struct inode *dir, if (!inode) goto out; @@ -50991,7 +51912,7 @@ index 9e28356..c485b3c 100644 inode->i_op = &proc_tgid_base_inode_operations; inode->i_fop = &proc_tgid_base_operations; inode->i_flags|=S_IMMUTABLE; -@@ -2898,7 +3032,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign +@@ -2743,7 +2877,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign if (!task) goto out; @@ -51003,7 +51924,7 @@ index 9e28356..c485b3c 100644 put_task_struct(task); out: return result; -@@ -2961,6 +3099,8 @@ static int proc_pid_fill_cache(struct file *filp, void *dirent, filldir_t filldi +@@ -2806,6 +2944,8 @@ static int proc_pid_fill_cache(struct file *filp, void *dirent, filldir_t filldi static int fake_filldir(void *buf, const char *name, int namelen, loff_t offset, u64 ino, unsigned d_type) { @@ -51012,7 +51933,7 @@ index 9e28356..c485b3c 100644 return 0; } -@@ -3027,7 +3167,7 @@ static const struct pid_entry tid_base_stuff[] = { +@@ -2857,7 +2997,7 @@ static const struct pid_entry tid_base_stuff[] = { REG("sched", S_IRUGO|S_IWUSR, proc_pid_sched_operations), #endif REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations), @@ -51021,7 +51942,7 @@ index 9e28356..c485b3c 100644 INF("syscall", S_IRUGO, proc_pid_syscall), #endif INF("cmdline", S_IRUGO, proc_pid_cmdline), -@@ -3054,10 +3194,10 @@ static const struct pid_entry tid_base_stuff[] = { +@@ -2884,10 +3024,10 @@ static const struct pid_entry tid_base_stuff[] = { #ifdef CONFIG_SECURITY DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), #endif @@ -51067,7 +51988,7 @@ index b143471..bb105e5 100644 } module_init(proc_devices_init); diff --git a/fs/proc/fd.c b/fs/proc/fd.c -index f28a875..c467953 100644 +index d7a4a28..0201742 100644 --- a/fs/proc/fd.c +++ b/fs/proc/fd.c @@ -25,7 +25,8 @@ static int seq_show(struct seq_file *m, void *v) @@ -51080,7 +52001,7 @@ index f28a875..c467953 100644 put_task_struct(task); if (files) { -@@ -300,11 +301,21 @@ static struct dentry *proc_lookupfd(struct inode *dir, struct dentry *dentry, +@@ -302,11 +303,21 @@ static struct dentry *proc_lookupfd(struct inode *dir, struct dentry *dentry, */ int proc_fd_permission(struct inode *inode, int mask) { @@ -51105,7 +52026,7 @@ index f28a875..c467953 100644 } diff --git a/fs/proc/inode.c b/fs/proc/inode.c -index 3b22bbd..895b58c 100644 +index 439ae688..c21ac36 100644 --- a/fs/proc/inode.c +++ b/fs/proc/inode.c @@ -21,11 +21,17 @@ @@ -51126,10 +52047,10 @@ index 3b22bbd..895b58c 100644 static void proc_evict_inode(struct inode *inode) { struct proc_dir_entry *de; -@@ -51,6 +57,13 @@ static void proc_evict_inode(struct inode *inode) - ns_ops = PROC_I(inode)->ns_ops; - if (ns_ops && ns_ops->put) - ns_ops->put(PROC_I(inode)->ns); +@@ -53,6 +59,13 @@ static void proc_evict_inode(struct inode *inode) + ns = PROC_I(inode)->ns; + if (ns_ops && ns) + ns_ops->put(ns); + +#ifdef CONFIG_PROC_SYSCTL + if (inode->i_op == &proc_sys_inode_operations || @@ -51140,7 +52061,7 @@ index 3b22bbd..895b58c 100644 } static struct kmem_cache * proc_inode_cachep; -@@ -455,7 +468,11 @@ struct inode *proc_get_inode(struct super_block *sb, struct proc_dir_entry *de) +@@ -457,7 +470,11 @@ struct inode *proc_get_inode(struct super_block *sb, struct proc_dir_entry *de) if (de->mode) { inode->i_mode = de->mode; inode->i_uid = de->uid; @@ -51153,10 +52074,10 @@ index 3b22bbd..895b58c 100644 if (de->size) inode->i_size = de->size; diff --git a/fs/proc/internal.h b/fs/proc/internal.h -index 43973b0..a20e704 100644 +index 252544c..04395b9 100644 --- a/fs/proc/internal.h +++ b/fs/proc/internal.h -@@ -54,6 +54,9 @@ extern int proc_pid_status(struct seq_file *m, struct pid_namespace *ns, +@@ -55,6 +55,9 @@ extern int proc_pid_status(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task); extern int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task); @@ -51167,7 +52088,7 @@ index 43973b0..a20e704 100644 extern const struct file_operations proc_tid_children_operations; diff --git a/fs/proc/kcore.c b/fs/proc/kcore.c -index 86c67ee..cdca321 100644 +index e96d4f1..8b116ed 100644 --- a/fs/proc/kcore.c +++ b/fs/proc/kcore.c @@ -480,9 +480,10 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos) @@ -51285,7 +52206,7 @@ index fe72cd0..cb9b67d 100644 rcu_read_lock(); task = pid_task(proc_pid(dir), PIDTYPE_PID); diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c -index a781bdf..6665284 100644 +index 1827d88..9a60b01 100644 --- a/fs/proc/proc_sysctl.c +++ b/fs/proc/proc_sysctl.c @@ -12,11 +12,15 @@ @@ -51306,7 +52227,7 @@ index a781bdf..6665284 100644 void proc_sys_poll_notify(struct ctl_table_poll *poll) { -@@ -465,6 +469,9 @@ static struct dentry *proc_sys_lookup(struct inode *dir, struct dentry *dentry, +@@ -466,6 +470,9 @@ static struct dentry *proc_sys_lookup(struct inode *dir, struct dentry *dentry, err = NULL; d_set_d_op(dentry, &proc_sys_dentry_operations); @@ -51316,7 +52237,7 @@ index a781bdf..6665284 100644 d_add(dentry, inode); out: -@@ -480,18 +487,20 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *buf, +@@ -481,6 +488,7 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *buf, struct inode *inode = filp->f_path.dentry->d_inode; struct ctl_table_header *head = grab_header(inode); struct ctl_table *table = PROC_I(inode)->sysctl_entry; @@ -51324,21 +52245,16 @@ index a781bdf..6665284 100644 ssize_t error; size_t res; - if (IS_ERR(head)) - return PTR_ERR(head); - -+ - /* - * At this point we know that the sysctl was not unregistered +@@ -492,7 +500,7 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *buf, * and won't be until we finish. */ error = -EPERM; -- if (sysctl_perm(head->root, table, write ? MAY_WRITE : MAY_READ)) -+ if (sysctl_perm(head->root, table, op)) +- if (sysctl_perm(head, table, write ? MAY_WRITE : MAY_READ)) ++ if (sysctl_perm(head, table, op)) goto out; /* if that can happen at all, it should be -EINVAL, not -EISDIR */ -@@ -499,6 +508,22 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *buf, +@@ -500,6 +508,22 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *buf, if (!table->proc_handler) goto out; @@ -51361,7 +52277,7 @@ index a781bdf..6665284 100644 /* careful: calling conventions are nasty here */ res = count; error = table->proc_handler(table, write, buf, &res, ppos); -@@ -596,6 +621,9 @@ static int proc_sys_fill_cache(struct file *filp, void *dirent, +@@ -597,6 +621,9 @@ static int proc_sys_fill_cache(struct file *filp, void *dirent, return -ENOMEM; } else { d_set_d_op(child, &proc_sys_dentry_operations); @@ -51371,7 +52287,7 @@ index a781bdf..6665284 100644 d_add(child, inode); } } else { -@@ -639,6 +667,9 @@ static int scan(struct ctl_table_header *head, ctl_table *table, +@@ -640,6 +667,9 @@ static int scan(struct ctl_table_header *head, ctl_table *table, if ((*pos)++ < file->f_pos) return 0; @@ -51381,7 +52297,7 @@ index a781bdf..6665284 100644 if (unlikely(S_ISLNK(table->mode))) res = proc_sys_link_fill_cache(file, dirent, filldir, head, table); else -@@ -756,6 +787,9 @@ static int proc_sys_getattr(struct vfsmount *mnt, struct dentry *dentry, struct +@@ -750,6 +780,9 @@ static int proc_sys_getattr(struct vfsmount *mnt, struct dentry *dentry, struct if (IS_ERR(head)) return PTR_ERR(head); @@ -51391,7 +52307,7 @@ index a781bdf..6665284 100644 generic_fillattr(inode, stat); if (table) stat->mode = (stat->mode & S_IFMT) | table->mode; -@@ -778,13 +812,13 @@ static const struct file_operations proc_sys_dir_file_operations = { +@@ -772,13 +805,13 @@ static const struct file_operations proc_sys_dir_file_operations = { .llseek = generic_file_llseek, }; @@ -51408,10 +52324,10 @@ index a781bdf..6665284 100644 .permission = proc_sys_permission, .setattr = proc_sys_setattr, diff --git a/fs/proc/root.c b/fs/proc/root.c -index 9889a92..2613b48 100644 +index c6e9fac..a740964 100644 --- a/fs/proc/root.c +++ b/fs/proc/root.c -@@ -187,7 +187,15 @@ void __init proc_root_init(void) +@@ -176,7 +176,15 @@ void __init proc_root_init(void) #ifdef CONFIG_PROC_DEVICETREE proc_device_tree_init(); #endif @@ -51427,8 +52343,21 @@ index 9889a92..2613b48 100644 proc_sys_init(); } +diff --git a/fs/proc/self.c b/fs/proc/self.c +index aa5cc3b..c91a5d0 100644 +--- a/fs/proc/self.c ++++ b/fs/proc/self.c +@@ -37,7 +37,7 @@ static void *proc_self_follow_link(struct dentry *dentry, struct nameidata *nd) + static void proc_self_put_link(struct dentry *dentry, struct nameidata *nd, + void *cookie) + { +- char *s = nd_get_link(nd); ++ const char *s = nd_get_link(nd); + if (!IS_ERR(s)) + kfree(s); + } diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c -index 90c63f9..e662cfc 100644 +index ca5ce7f..02c1cf0 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c @@ -11,12 +11,19 @@ @@ -51554,7 +52483,7 @@ index 90c63f9..e662cfc 100644 show_map_vma(m, vma, is_pid); if (m->count < m->size) /* vma is copied successfully */ -@@ -538,12 +574,23 @@ static int show_smap(struct seq_file *m, void *v, int is_pid) +@@ -589,12 +625,23 @@ static int show_smap(struct seq_file *m, void *v, int is_pid) .private = &mss, }; @@ -51583,7 +52512,7 @@ index 90c63f9..e662cfc 100644 show_map_vma(m, vma, is_pid); seq_printf(m, -@@ -561,7 +608,11 @@ static int show_smap(struct seq_file *m, void *v, int is_pid) +@@ -612,7 +659,11 @@ static int show_smap(struct seq_file *m, void *v, int is_pid) "KernelPageSize: %8lu kB\n" "MMUPageSize: %8lu kB\n" "Locked: %8lu kB\n", @@ -51595,7 +52524,7 @@ index 90c63f9..e662cfc 100644 mss.resident >> 10, (unsigned long)(mss.pss >> (10 + PSS_SHIFT)), mss.shared_clean >> 10, -@@ -1211,6 +1262,13 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) +@@ -1264,6 +1315,13 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) int n; char buffer[50]; @@ -51609,8 +52538,8 @@ index 90c63f9..e662cfc 100644 if (!mm) return 0; -@@ -1228,11 +1286,15 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) - mpol_to_str(buffer, sizeof(buffer), pol, 0); +@@ -1281,11 +1339,15 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) + mpol_to_str(buffer, sizeof(buffer), pol); mpol_cond_put(pol); +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP @@ -51648,21 +52577,6 @@ index 1ccfa53..0848f95 100644 } else if (mm) { pid_t tid = vm_is_stack(priv->task, vma, is_pid); -diff --git a/fs/pstore/ftrace.c b/fs/pstore/ftrace.c -index 2d57e1a..43b1280 100644 ---- a/fs/pstore/ftrace.c -+++ b/fs/pstore/ftrace.c -@@ -28,7 +28,9 @@ - #include "internal.h" - - static void notrace pstore_ftrace_call(unsigned long ip, -- unsigned long parent_ip) -+ unsigned long parent_ip, -+ struct ftrace_ops *op, -+ struct pt_regs *regs) - { - unsigned long flags; - struct pstore_ftrace_record rec = {}; diff --git a/fs/quota/netlink.c b/fs/quota/netlink.c index 16e8abb..2dcf914 100644 --- a/fs/quota/netlink.c @@ -51685,19 +52599,6 @@ index 16e8abb..2dcf914 100644 "a_genl_family, 0, QUOTA_NL_C_WARNING); if (!msg_head) { printk(KERN_ERR -diff --git a/fs/read_write.c b/fs/read_write.c -index d065348..8e2b43d 100644 ---- a/fs/read_write.c -+++ b/fs/read_write.c -@@ -935,6 +935,8 @@ ssize_t do_sendfile(int out_fd, int in_fd, loff_t *ppos, size_t count, - if (retval > 0) { - add_rchar(current, retval); - add_wchar(current, retval); -+ fsnotify_access(in.file); -+ fsnotify_modify(out.file); - } - - inc_syscr(current); diff --git a/fs/readdir.c b/fs/readdir.c index 5e69ef5..e5d9099 100644 --- a/fs/readdir.c @@ -51827,7 +52728,7 @@ index e60e870..f40ac16 100644 SF(s_do_balance), SF(s_unneeded_left_neighbor), SF(s_good_search_by_key_reada), SF(s_bmaps), diff --git a/fs/reiserfs/reiserfs.h b/fs/reiserfs/reiserfs.h -index 33215f5..c5d427a 100644 +index 157e474..65a6114 100644 --- a/fs/reiserfs/reiserfs.h +++ b/fs/reiserfs/reiserfs.h @@ -453,7 +453,7 @@ struct reiserfs_sb_info { @@ -51869,7 +52770,7 @@ index 2ef72d9..f213b17 100644 return -EINVAL; diff --git a/fs/seq_file.c b/fs/seq_file.c -index 99dffab..e4fcb71 100644 +index f2bc3df..239d4f6 100644 --- a/fs/seq_file.c +++ b/fs/seq_file.c @@ -10,6 +10,7 @@ @@ -51936,7 +52837,7 @@ index 99dffab..e4fcb71 100644 if (op) { diff --git a/fs/splice.c b/fs/splice.c -index 48c7bd1..d0740e4 100644 +index 6909d89..5b2e8f9 100644 --- a/fs/splice.c +++ b/fs/splice.c @@ -194,7 +194,7 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe, @@ -52000,7 +52901,7 @@ index 48c7bd1..d0740e4 100644 return 0; if (sd->flags & SPLICE_F_NONBLOCK) -@@ -1192,7 +1192,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd, +@@ -1189,7 +1189,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd, * out of the pipe right after the splice_to_pipe(). So set * PIPE_READERS appropriately. */ @@ -52009,7 +52910,7 @@ index 48c7bd1..d0740e4 100644 current->splice_pipe = pipe; } -@@ -1741,9 +1741,9 @@ static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags) +@@ -1738,9 +1738,9 @@ static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags) ret = -ERESTARTSYS; break; } @@ -52021,7 +52922,7 @@ index 48c7bd1..d0740e4 100644 if (flags & SPLICE_F_NONBLOCK) { ret = -EAGAIN; break; -@@ -1775,7 +1775,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) +@@ -1772,7 +1772,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) pipe_lock(pipe); while (pipe->nrbufs >= pipe->buffers) { @@ -52030,7 +52931,7 @@ index 48c7bd1..d0740e4 100644 send_sig(SIGPIPE, current, 0); ret = -EPIPE; break; -@@ -1788,9 +1788,9 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) +@@ -1785,9 +1785,9 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) ret = -ERESTARTSYS; break; } @@ -52042,7 +52943,7 @@ index 48c7bd1..d0740e4 100644 } pipe_unlock(pipe); -@@ -1826,14 +1826,14 @@ retry: +@@ -1823,14 +1823,14 @@ retry: pipe_double_lock(ipipe, opipe); do { @@ -52059,7 +52960,7 @@ index 48c7bd1..d0740e4 100644 break; /* -@@ -1930,7 +1930,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, +@@ -1927,7 +1927,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, pipe_double_lock(ipipe, opipe); do { @@ -52068,7 +52969,7 @@ index 48c7bd1..d0740e4 100644 send_sig(SIGPIPE, current, 0); if (!ret) ret = -EPIPE; -@@ -1975,7 +1975,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, +@@ -1972,7 +1972,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, * return EAGAIN if we have the potential of some data in the * future, otherwise just return 0 */ @@ -52078,7 +52979,7 @@ index 48c7bd1..d0740e4 100644 pipe_unlock(ipipe); diff --git a/fs/stat.c b/fs/stat.c -index eae4946..6198f55 100644 +index 14f4545..9b7f55b 100644 --- a/fs/stat.c +++ b/fs/stat.c @@ -28,8 +28,13 @@ void generic_fillattr(struct inode *inode, struct kstat *stat) @@ -52138,7 +53039,7 @@ index 2fbdff6..5530a61 100644 sd = sysfs_new_dirent(name, mode, SYSFS_DIR); if (!sd) diff --git a/fs/sysfs/file.c b/fs/sysfs/file.c -index 00012e3..8392349 100644 +index 602f56d..6853db8 100644 --- a/fs/sysfs/file.c +++ b/fs/sysfs/file.c @@ -37,7 +37,7 @@ static DEFINE_SPINLOCK(sysfs_open_dirent_lock); @@ -52213,7 +53114,7 @@ index c175b4d..8f36a16 100644 int i; for (i = 0; i < sizeof(struct tag); ++i) diff --git a/fs/utimes.c b/fs/utimes.c -index bb0696a..552054b 100644 +index f4fb7ec..3fe03c0 100644 --- a/fs/utimes.c +++ b/fs/utimes.c @@ -1,6 +1,7 @@ @@ -52238,7 +53139,7 @@ index bb0696a..552054b 100644 error = notify_change(path->dentry, &newattrs); mutex_unlock(&inode->i_mutex); diff --git a/fs/xattr.c b/fs/xattr.c -index e21c119..21dfc7c 100644 +index 3377dff..4feded6 100644 --- a/fs/xattr.c +++ b/fs/xattr.c @@ -319,7 +319,7 @@ EXPORT_SYMBOL_GPL(vfs_removexattr); @@ -52264,7 +53165,7 @@ index e21c119..21dfc7c 100644 out: if (vvalue) vfree(vvalue); -@@ -376,7 +381,7 @@ SYSCALL_DEFINE5(setxattr, const char __user *, pathname, +@@ -377,7 +382,7 @@ retry: return error; error = mnt_want_write(path.mnt); if (!error) { @@ -52273,7 +53174,7 @@ index e21c119..21dfc7c 100644 mnt_drop_write(path.mnt); } path_put(&path); -@@ -395,7 +400,7 @@ SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname, +@@ -401,7 +406,7 @@ retry: return error; error = mnt_want_write(path.mnt); if (!error) { @@ -52282,7 +53183,7 @@ index e21c119..21dfc7c 100644 mnt_drop_write(path.mnt); } path_put(&path); -@@ -406,16 +411,14 @@ SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name, +@@ -416,16 +421,14 @@ SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name, const void __user *,value, size_t, size, int, flags) { struct fd f = fdget(fd); @@ -52317,7 +53218,7 @@ index 9fbea87..6b19972 100644 struct posix_acl *acl; struct posix_acl_entry *acl_e; diff --git a/fs/xfs/xfs_bmap.c b/fs/xfs/xfs_bmap.c -index 83d0cf3..2ef526b 100644 +index cdb2d33..704ce7f 100644 --- a/fs/xfs/xfs_bmap.c +++ b/fs/xfs/xfs_bmap.c @@ -189,7 +189,7 @@ xfs_bmap_validate_ret( @@ -52351,10 +53252,10 @@ index 1b9fc3e..e1bdde0 100644 *offset = off & 0x7fffffff; return 0; diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c -index c1df3c6..f987db6 100644 +index c1c3ef8..0952438 100644 --- a/fs/xfs/xfs_ioctl.c +++ b/fs/xfs/xfs_ioctl.c -@@ -126,7 +126,7 @@ xfs_find_handle( +@@ -127,7 +127,7 @@ xfs_find_handle( } error = -EFAULT; @@ -52364,10 +53265,10 @@ index c1df3c6..f987db6 100644 goto out_put; diff --git a/fs/xfs/xfs_iops.c b/fs/xfs/xfs_iops.c -index 4e00cf0..3374374 100644 +index d82efaa..0904a8e 100644 --- a/fs/xfs/xfs_iops.c +++ b/fs/xfs/xfs_iops.c -@@ -394,7 +394,7 @@ xfs_vn_put_link( +@@ -395,7 +395,7 @@ xfs_vn_put_link( struct nameidata *nd, void *p) { @@ -53449,10 +54350,10 @@ index 0000000..1b9afa9 +endif diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c new file mode 100644 -index 0000000..960766a +index 0000000..69e1320 --- /dev/null +++ b/grsecurity/gracl.c -@@ -0,0 +1,4003 @@ +@@ -0,0 +1,4019 @@ +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/sched.h> @@ -53479,6 +54380,7 @@ index 0000000..960766a +#include <linux/fdtable.h> +#include <linux/percpu.h> +#include <linux/lglock.h> ++#include <linux/hugetlb.h> +#include "../fs/mount.h" + +#include <asm/uaccess.h> @@ -53533,8 +54435,9 @@ index 0000000..960766a + +extern struct vfsmount *pipe_mnt; +extern struct vfsmount *shm_mnt; ++ +#ifdef CONFIG_HUGETLBFS -+extern struct vfsmount *hugetlbfs_vfsmount; ++extern struct vfsmount *hugetlbfs_vfsmount[HUGE_MAX_HSTATE]; +#endif + +static struct acl_object_label *fakefs_obj_rw; @@ -55309,6 +56212,20 @@ index 0000000..960766a + return __full_lookup(orig_dentry, orig_mnt, inode, device, subj, path, newglob); +} + ++#ifdef CONFIG_HUGETLBFS ++static inline bool ++is_hugetlbfs_mnt(const struct vfsmount *mnt) ++{ ++ int i; ++ for (i = 0; i < HUGE_MAX_HSTATE; i++) { ++ if (unlikely(hugetlbfs_vfsmount[i] == mnt)) ++ return true; ++ } ++ ++ return false; ++} ++#endif ++ +static struct acl_object_label * +__chk_obj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt, + const struct acl_subject_label *subj, char *path, const int checkglob) @@ -55327,7 +56244,7 @@ index 0000000..960766a + mnt == sock_mnt || +#endif +#ifdef CONFIG_HUGETLBFS -+ (mnt == hugetlbfs_vfsmount && dentry->d_inode->i_nlink == 0) || ++ (is_hugetlbfs_mnt(mnt) && dentry->d_inode->i_nlink == 0) || +#endif + /* ignore Eric Biederman */ + IS_PRIVATE(l_dentry->d_inode))) { @@ -62785,12 +63702,12 @@ index 810431d..0ec4804f 100644 * (puds are folded into pgds so this doesn't get actually called, * but the define is needed for a generic inline function.) diff --git a/include/asm-generic/pgtable.h b/include/asm-generic/pgtable.h -index b36ce40..019426d 100644 +index 5cf680a..4b74d62 100644 --- a/include/asm-generic/pgtable.h +++ b/include/asm-generic/pgtable.h -@@ -554,6 +554,14 @@ static inline int pmd_trans_unstable(pmd_t *pmd) - #endif +@@ -688,6 +688,14 @@ static inline pmd_t pmd_mknuma(pmd_t pmd) } + #endif /* CONFIG_NUMA_BALANCING */ +#ifndef __HAVE_ARCH_PAX_OPEN_KERNEL +static inline unsigned long pax_open_kernel(void) { return 0; } @@ -62852,7 +63769,7 @@ index 418d270..bfd2794 100644 struct crypto_instance { struct crypto_alg alg; diff --git a/include/drm/drmP.h b/include/drm/drmP.h -index 3fd8280..2b3c415 100644 +index fad21c9..3fff955 100644 --- a/include/drm/drmP.h +++ b/include/drm/drmP.h @@ -72,6 +72,7 @@ @@ -62882,7 +63799,7 @@ index 3fd8280..2b3c415 100644 struct list_head filelist; diff --git a/include/drm/drm_crtc_helper.h b/include/drm/drm_crtc_helper.h -index e01cc80..6fb6f25 100644 +index f43d556..94d9343 100644 --- a/include/drm/drm_crtc_helper.h +++ b/include/drm/drm_crtc_helper.h @@ -109,7 +109,7 @@ struct drm_encoder_helper_funcs { @@ -62895,7 +63812,7 @@ index e01cc80..6fb6f25 100644 /** * drm_connector_helper_funcs - helper operations for connectors diff --git a/include/drm/ttm/ttm_memory.h b/include/drm/ttm/ttm_memory.h -index d6d1da4..fdd1ac5 100644 +index 72dcbe8..8db58d7 100644 --- a/include/drm/ttm/ttm_memory.h +++ b/include/drm/ttm/ttm_memory.h @@ -48,7 +48,7 @@ @@ -62908,7 +63825,7 @@ index d6d1da4..fdd1ac5 100644 /** * struct ttm_mem_global - Global memory accounting structure. diff --git a/include/linux/atmdev.h b/include/linux/atmdev.h -index 22ef21c..75904ba 100644 +index c1da539..4db35ec 100644 --- a/include/linux/atmdev.h +++ b/include/linux/atmdev.h @@ -28,7 +28,7 @@ struct compat_atm_iobuf { @@ -62921,11 +63838,11 @@ index 22ef21c..75904ba 100644 #undef __HANDLE_ITEM }; diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h -index de0628e..38f42eb 100644 +index 0530b98..b127a9e 100644 --- a/include/linux/binfmts.h +++ b/include/linux/binfmts.h -@@ -75,6 +75,7 @@ struct linux_binfmt { - int (*load_binary)(struct linux_binprm *, struct pt_regs * regs); +@@ -73,6 +73,7 @@ struct linux_binfmt { + int (*load_binary)(struct linux_binprm *); int (*load_shlib)(struct file *); int (*core_dump)(struct coredump_params *cprm); + void (*handle_mprotect)(struct vm_area_struct *vma, unsigned long newflags); @@ -62933,10 +63850,10 @@ index de0628e..38f42eb 100644 }; diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h -index 1756001..ab117ec 100644 +index f94bc83..62b9cfe 100644 --- a/include/linux/blkdev.h +++ b/include/linux/blkdev.h -@@ -1478,7 +1478,7 @@ struct block_device_operations { +@@ -1498,7 +1498,7 @@ struct block_device_operations { /* this callback is with swap_lock and sometimes page table lock held */ void (*swap_slot_free_notify) (struct block_device *, unsigned long); struct module *owner; @@ -63017,11 +63934,11 @@ index 42e55de..1cd0e66 100644 extern struct cleancache_ops cleancache_register_ops(struct cleancache_ops *ops); diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h -index 412bc6c..c31666e 100644 +index 662fd1b..e801992 100644 --- a/include/linux/compiler-gcc4.h +++ b/include/linux/compiler-gcc4.h -@@ -32,6 +32,21 @@ - #define __linktime_error(message) __attribute__((__error__(message))) +@@ -34,6 +34,21 @@ + #define __UNIQUE_ID(prefix) __PASTE(__PASTE(__UNIQUE_ID_, prefix), __COUNTER__) #if __GNUC_MINOR__ >= 5 + @@ -63042,7 +63959,7 @@ index 412bc6c..c31666e 100644 /* * Mark a position in code as unreachable. This can be used to * suppress control flow warnings after asm blocks that transfer -@@ -47,6 +62,11 @@ +@@ -49,6 +64,11 @@ #define __noclone __attribute__((__noclone__)) #endif @@ -63055,10 +63972,10 @@ index 412bc6c..c31666e 100644 #if __GNUC_MINOR__ >= 6 diff --git a/include/linux/compiler.h b/include/linux/compiler.h -index f430e41..38be90f 100644 +index dd852b7..72924c0 100644 --- a/include/linux/compiler.h +++ b/include/linux/compiler.h -@@ -5,31 +5,62 @@ +@@ -5,11 +5,14 @@ #ifdef __CHECKER__ # define __user __attribute__((noderef, address_space(1))) @@ -63070,9 +63987,10 @@ index f430e41..38be90f 100644 # define __nocast __attribute__((nocast)) # define __iomem __attribute__((noderef, address_space(2))) +# define __force_iomem __force __iomem + # define __must_hold(x) __attribute__((context(x,1,1))) # define __acquires(x) __attribute__((context(x,0,1))) # define __releases(x) __attribute__((context(x,1,0))) - # define __acquire(x) __context__(x,1) +@@ -17,20 +20,48 @@ # define __release(x) __context__(x,-1) # define __cond_lock(x,c) ((c) ? ({ __acquire(x); 1; }) : 0) # define __percpu __attribute__((noderef, address_space(3))) @@ -63121,7 +64039,7 @@ index f430e41..38be90f 100644 # define __chk_user_ptr(x) (void)0 # define __chk_io_ptr(x) (void)0 # define __builtin_warning(x, y...) (1) -@@ -39,7 +70,9 @@ extern void __chk_io_ptr(const volatile void __iomem *); +@@ -41,7 +72,9 @@ extern void __chk_io_ptr(const volatile void __iomem *); # define __release(x) (void)0 # define __cond_lock(x,c) (c) # define __percpu @@ -63130,8 +64048,8 @@ index f430e41..38be90f 100644 +# define __force_rcu #endif - #ifdef __KERNEL__ -@@ -264,6 +297,26 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); + /* Indirect macros required for expanded argument pasting, eg. __LINE__. */ +@@ -275,6 +308,26 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); # define __attribute_const__ /* unimplemented */ #endif @@ -63158,7 +64076,7 @@ index f430e41..38be90f 100644 /* * Tell gcc if a function is cold. The compiler will assume any path * directly leading to the call is unlikely. -@@ -273,6 +326,22 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); +@@ -284,6 +337,22 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); #define __cold #endif @@ -63181,7 +64099,7 @@ index f430e41..38be90f 100644 /* Simple shorthand for a section definition */ #ifndef __section # define __section(S) __attribute__ ((__section__(#S))) -@@ -312,6 +381,7 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); +@@ -323,6 +392,7 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); * use is to mediate communication between process-level code and irq/NMI * handlers, all running on the same CPU. */ @@ -63190,11 +64108,24 @@ index f430e41..38be90f 100644 +#define ACCESS_ONCE_RW(x) (*(volatile typeof(x) *)&(x)) #endif /* __LINUX_COMPILER_H */ +diff --git a/include/linux/cpu.h b/include/linux/cpu.h +index ce7a074..01ab8ac 100644 +--- a/include/linux/cpu.h ++++ b/include/linux/cpu.h +@@ -115,7 +115,7 @@ enum { + /* Need to know about CPUs going up/down? */ + #if defined(CONFIG_HOTPLUG_CPU) || !defined(MODULE) + #define cpu_notifier(fn, pri) { \ +- static struct notifier_block fn##_nb __cpuinitdata = \ ++ static struct notifier_block fn##_nb = \ + { .notifier_call = fn, .priority = pri }; \ + register_cpu_notifier(&fn##_nb); \ + } diff --git a/include/linux/cred.h b/include/linux/cred.h -index ebbed2c..908cc2c 100644 +index 04421e8..6bce4ef 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h -@@ -208,6 +208,9 @@ static inline void validate_creds_for_do_exit(struct task_struct *tsk) +@@ -194,6 +194,9 @@ static inline void validate_creds_for_do_exit(struct task_struct *tsk) static inline void validate_process_creds(void) { } @@ -63276,12 +64207,12 @@ index d3201e4..8281e63 100644 unsigned int offset, size_t len); diff --git a/include/linux/efi.h b/include/linux/efi.h -index b424f64..fd36c1b 100644 +index 7a9498a..155713d 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h -@@ -656,6 +656,7 @@ struct efivar_operations { - efi_get_next_variable_t *get_next_variable; +@@ -733,6 +733,7 @@ struct efivar_operations { efi_set_variable_t *set_variable; + efi_query_variable_info_t *query_variable_info; }; +typedef struct efivar_operations __no_const efivar_operations_no_const; @@ -63308,7 +64239,7 @@ index 8c9048e..16a4665 100644 #endif diff --git a/include/linux/filter.h b/include/linux/filter.h -index 24d251f..7afb83d 100644 +index c45eabc..baa0be5 100644 --- a/include/linux/filter.h +++ b/include/linux/filter.h @@ -20,6 +20,7 @@ struct compat_sock_fprog { @@ -63343,20 +64274,20 @@ index 3044254..9767f41 100644 extern bool frontswap_enabled; extern struct frontswap_ops diff --git a/include/linux/fs.h b/include/linux/fs.h -index 75fe9a1..8417cac 100644 +index 7617ee0..b575199 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h -@@ -1543,7 +1543,8 @@ struct file_operations { - int (*setlease)(struct file *, long, struct file_lock **); +@@ -1541,7 +1541,8 @@ struct file_operations { long (*fallocate)(struct file *file, int mode, loff_t offset, loff_t len); + int (*show_fdinfo)(struct seq_file *m, struct file *f); -}; +} __do_const; +typedef struct file_operations __no_const file_operations_no_const; struct inode_operations { struct dentry * (*lookup) (struct inode *,struct dentry *, unsigned int); -@@ -2667,4 +2668,14 @@ static inline void inode_has_no_xattr(struct inode *inode) +@@ -2665,4 +2666,14 @@ static inline void inode_has_no_xattr(struct inode *inode) inode->i_flags |= S_NOSEC; } @@ -63372,7 +64303,7 @@ index 75fe9a1..8417cac 100644 + #endif /* _LINUX_FS_H */ diff --git a/include/linux/fs_struct.h b/include/linux/fs_struct.h -index 003dc0f..3c4ea97 100644 +index d0ae3a8..0244b34 100644 --- a/include/linux/fs_struct.h +++ b/include/linux/fs_struct.h @@ -6,7 +6,7 @@ @@ -63385,10 +64316,10 @@ index 003dc0f..3c4ea97 100644 seqcount_t seq; int umask; diff --git a/include/linux/fscache-cache.h b/include/linux/fscache-cache.h -index ce31408..b1ad003 100644 +index 5dfa0aa..6acf322 100644 --- a/include/linux/fscache-cache.h +++ b/include/linux/fscache-cache.h -@@ -102,7 +102,7 @@ struct fscache_operation { +@@ -112,7 +112,7 @@ struct fscache_operation { fscache_operation_release_t release; }; @@ -63397,10 +64328,10 @@ index ce31408..b1ad003 100644 extern void fscache_op_work_func(struct work_struct *work); extern void fscache_enqueue_operation(struct fscache_operation *); -@@ -122,7 +122,7 @@ static inline void fscache_operation_init(struct fscache_operation *op, - { +@@ -134,7 +134,7 @@ static inline void fscache_operation_init(struct fscache_operation *op, INIT_WORK(&op->work, fscache_op_work_func); atomic_set(&op->usage, 1); + op->state = FSCACHE_OP_ST_INITIALISED; - op->debug_id = atomic_inc_return(&fscache_op_debug_id); + op->debug_id = atomic_inc_return_unchecked(&fscache_op_debug_id); op->processor = processor; @@ -63440,10 +64371,10 @@ index 0fbfb46..508eb0d 100644 /* diff --git a/include/linux/ftrace_event.h b/include/linux/ftrace_event.h -index 642928c..93afe6a 100644 +index a3d4895..ddd2a50 100644 --- a/include/linux/ftrace_event.h +++ b/include/linux/ftrace_event.h -@@ -266,7 +266,7 @@ extern int trace_define_field(struct ftrace_event_call *call, const char *type, +@@ -272,7 +272,7 @@ extern int trace_define_field(struct ftrace_event_call *call, const char *type, extern int trace_add_event_call(struct ftrace_event_call *call); extern void trace_remove_event_call(struct ftrace_event_call *call); @@ -63453,10 +64384,10 @@ index 642928c..93afe6a 100644 int trace_set_clr_event(const char *system, const char *event, int set); diff --git a/include/linux/genhd.h b/include/linux/genhd.h -index 4f440b3..342233a 100644 +index 79b8bba..86b539e 100644 --- a/include/linux/genhd.h +++ b/include/linux/genhd.h -@@ -190,7 +190,7 @@ struct gendisk { +@@ -194,7 +194,7 @@ struct gendisk { struct kobject *slave_dir; struct timer_rand_state *random; @@ -63466,31 +64397,32 @@ index 4f440b3..342233a 100644 #ifdef CONFIG_BLK_DEV_INTEGRITY struct blk_integrity *integrity; diff --git a/include/linux/gfp.h b/include/linux/gfp.h -index d0a7967..63c4c47 100644 +index 0f615eb..5c3832f 100644 --- a/include/linux/gfp.h +++ b/include/linux/gfp.h -@@ -35,6 +35,12 @@ struct vm_area_struct; +@@ -35,6 +35,13 @@ struct vm_area_struct; + #define ___GFP_NO_KSWAPD 0x400000u #define ___GFP_OTHER_NODE 0x800000u #define ___GFP_WRITE 0x1000000u - ++ +#ifdef CONFIG_PAX_USERCOPY_SLABS +#define ___GFP_USERCOPY 0x2000000u +#else +#define ___GFP_USERCOPY 0 +#endif + + /* If the above are modified, __GFP_BITS_SHIFT may need updating */ + /* - * GFP bitmasks.. - * -@@ -89,6 +95,7 @@ struct vm_area_struct; - #define __GFP_NO_KSWAPD ((__force gfp_t)___GFP_NO_KSWAPD) +@@ -92,6 +99,7 @@ struct vm_area_struct; #define __GFP_OTHER_NODE ((__force gfp_t)___GFP_OTHER_NODE) /* On behalf of other node */ + #define __GFP_KMEMCG ((__force gfp_t)___GFP_KMEMCG) /* Allocation comes from a memcg-accounted resource */ #define __GFP_WRITE ((__force gfp_t)___GFP_WRITE) /* Allocator intends to dirty page */ +#define __GFP_USERCOPY ((__force gfp_t)___GFP_USERCOPY)/* Allocator intends to copy page to/from userland */ /* * This may seem redundant, but it's a way of annotating false positives vs. -@@ -96,7 +103,7 @@ struct vm_area_struct; +@@ -99,7 +107,7 @@ struct vm_area_struct; */ #define __GFP_NOTRACK_FALSE_POSITIVE (__GFP_NOTRACK) @@ -63499,7 +64431,7 @@ index d0a7967..63c4c47 100644 #define __GFP_BITS_MASK ((__force gfp_t)((1 << __GFP_BITS_SHIFT) - 1)) /* This equals 0, but use constants in case they ever change */ -@@ -150,6 +157,8 @@ struct vm_area_struct; +@@ -153,6 +161,8 @@ struct vm_area_struct; /* 4GB DMA on some platforms */ #define GFP_DMA32 __GFP_DMA32 @@ -64644,10 +65576,10 @@ index ef788b5..ac41b7b 100644 unsigned start1, unsigned end1, unsigned start2, unsigned end2) diff --git a/include/linux/i2c.h b/include/linux/i2c.h -index 800de22..7a2fa46 100644 +index d0c4db7..61b3577 100644 --- a/include/linux/i2c.h +++ b/include/linux/i2c.h -@@ -367,6 +367,7 @@ struct i2c_algorithm { +@@ -369,6 +369,7 @@ struct i2c_algorithm { /* To determine what the adapter supports */ u32 (*functionality) (struct i2c_adapter *); }; @@ -64682,7 +65614,7 @@ index aff7ad8..3942bbd 100644 extern int register_pppox_proto(int proto_num, const struct pppox_proto *pp); extern void unregister_pppox_proto(int proto_num); diff --git a/include/linux/init.h b/include/linux/init.h -index e59041e..df0a975 100644 +index 10ed4f4..8e8490d 100644 --- a/include/linux/init.h +++ b/include/linux/init.h @@ -39,9 +39,36 @@ @@ -64726,22 +65658,13 @@ index e59041e..df0a975 100644 @@ -94,7 +121,7 @@ #define __exit __section(.exit.text) __exitused __cold notrace - /* Used for HOTPLUG */ --#define __devinit __section(.devinit.text) __cold notrace -+#define __devinit __section(.devinit.text) __cold notrace add_devinit_latent_entropy - #define __devinitdata __section(.devinit.data) - #define __devinitconst __constsection(.devinit.rodata) - #define __devexit __section(.devexit.text) __exitused __cold notrace -@@ -102,7 +129,7 @@ - #define __devexitconst __constsection(.devexit.rodata) - /* Used for HOTPLUG_CPU */ -#define __cpuinit __section(.cpuinit.text) __cold notrace +#define __cpuinit __section(.cpuinit.text) __cold notrace add_cpuinit_latent_entropy #define __cpuinitdata __section(.cpuinit.data) #define __cpuinitconst __constsection(.cpuinit.rodata) #define __cpuexit __section(.cpuexit.text) __exitused __cold notrace -@@ -110,7 +137,7 @@ +@@ -102,7 +129,7 @@ #define __cpuexitconst __constsection(.cpuexit.rodata) /* Used for MEMORY_HOTPLUG */ @@ -64776,10 +65699,10 @@ index 6d087c5..401cab8 100644 .files = &init_files, \ .signal = &init_signals, \ diff --git a/include/linux/interrupt.h b/include/linux/interrupt.h -index 5e4e617..073b866 100644 +index 5fa5afe..ac55b25 100644 --- a/include/linux/interrupt.h +++ b/include/linux/interrupt.h -@@ -435,7 +435,7 @@ enum +@@ -430,7 +430,7 @@ enum /* map softirq index to softirq name. update 'softirq_to_name' in * kernel/softirq.c when adding a new softirq. */ @@ -64788,7 +65711,7 @@ index 5e4e617..073b866 100644 /* softirq mask and active fields moved to irq_cpustat_t in * asm/hardirq.h to get better cache usage. KAO -@@ -443,12 +443,12 @@ extern char *softirq_to_name[NR_SOFTIRQS]; +@@ -438,12 +438,12 @@ extern char *softirq_to_name[NR_SOFTIRQS]; struct softirq_action { @@ -64881,7 +65804,7 @@ index 5398d58..5883a34 100644 #define request_module_nowait(mod...) __request_module(false, mod) #define try_then_request_module(x, mod...) \ diff --git a/include/linux/kobject.h b/include/linux/kobject.h -index 1e57449..4fede7b 100644 +index 939b112..90b7f44 100644 --- a/include/linux/kobject.h +++ b/include/linux/kobject.h @@ -111,7 +111,7 @@ struct kobj_type { @@ -64894,7 +65817,7 @@ index 1e57449..4fede7b 100644 struct kobj_uevent_env { char *envp[UEVENT_NUM_ENVP]; diff --git a/include/linux/kref.h b/include/linux/kref.h -index 65af688..0592677 100644 +index 4972e6e..de4d19b 100644 --- a/include/linux/kref.h +++ b/include/linux/kref.h @@ -64,7 +64,7 @@ static inline void kref_get(struct kref *kref) @@ -64907,10 +65830,10 @@ index 65af688..0592677 100644 if (atomic_sub_and_test((int) count, &kref->refcount)) { release(kref); diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h -index ecc5543..0e96bcc 100644 +index 2c497ab..afe32f5 100644 --- a/include/linux/kvm_host.h +++ b/include/linux/kvm_host.h -@@ -403,7 +403,7 @@ void kvm_vcpu_uninit(struct kvm_vcpu *vcpu); +@@ -418,7 +418,7 @@ void kvm_vcpu_uninit(struct kvm_vcpu *vcpu); int __must_check vcpu_load(struct kvm_vcpu *vcpu); void vcpu_put(struct kvm_vcpu *vcpu); @@ -64919,7 +65842,7 @@ index ecc5543..0e96bcc 100644 struct module *module); void kvm_exit(void); -@@ -558,7 +558,7 @@ int kvm_arch_vcpu_ioctl_set_guest_debug(struct kvm_vcpu *vcpu, +@@ -574,7 +574,7 @@ int kvm_arch_vcpu_ioctl_set_guest_debug(struct kvm_vcpu *vcpu, struct kvm_guest_debug *dbg); int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run); @@ -64929,7 +65852,7 @@ index ecc5543..0e96bcc 100644 int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu); diff --git a/include/linux/libata.h b/include/linux/libata.h -index 1e36c63..0c5046e 100644 +index 649e5f8..ead5194 100644 --- a/include/linux/libata.h +++ b/include/linux/libata.h @@ -915,7 +915,7 @@ struct ata_port_operations { @@ -64956,7 +65879,7 @@ index cc6d2aa..71febca 100644 * list_replace - replace old entry by new one * @old : the element to be replaced diff --git a/include/linux/mm.h b/include/linux/mm.h -index 280dae5..baea6c8 100644 +index 66e2f7c..ea88001 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -101,6 +101,11 @@ extern unsigned int kobjsize(const void *objp); @@ -64979,7 +65902,7 @@ index 280dae5..baea6c8 100644 struct mmu_gather; struct inode; -@@ -1039,34 +1045,6 @@ int set_page_dirty(struct page *page); +@@ -1068,34 +1074,6 @@ int set_page_dirty(struct page *page); int set_page_dirty_lock(struct page *page); int clear_page_dirty_for_io(struct page *page); @@ -65014,7 +65937,7 @@ index 280dae5..baea6c8 100644 extern pid_t vm_is_stack(struct task_struct *task, struct vm_area_struct *vma, int in_group); -@@ -1166,6 +1144,15 @@ static inline void sync_mm_rss(struct mm_struct *mm) +@@ -1198,6 +1176,15 @@ static inline void sync_mm_rss(struct mm_struct *mm) } #endif @@ -65030,7 +65953,7 @@ index 280dae5..baea6c8 100644 int vma_wants_writenotify(struct vm_area_struct *vma); extern pte_t *__get_locked_pte(struct mm_struct *mm, unsigned long addr, -@@ -1184,8 +1171,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, +@@ -1216,8 +1203,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, { return 0; } @@ -65046,7 +65969,7 @@ index 280dae5..baea6c8 100644 #endif #ifdef __PAGETABLE_PMD_FOLDED -@@ -1194,8 +1188,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud, +@@ -1226,8 +1220,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud, { return 0; } @@ -65062,7 +65985,7 @@ index 280dae5..baea6c8 100644 #endif int __pte_alloc(struct mm_struct *mm, struct vm_area_struct *vma, -@@ -1213,11 +1214,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a +@@ -1245,11 +1246,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a NULL: pud_offset(pgd, address); } @@ -65086,7 +66009,7 @@ index 280dae5..baea6c8 100644 #endif /* CONFIG_MMU && !__ARCH_HAS_4LEVEL_HACK */ #if USE_SPLIT_PTLOCKS -@@ -1447,6 +1460,7 @@ extern unsigned long do_mmap_pgoff(struct file *, unsigned long, +@@ -1479,6 +1492,7 @@ extern unsigned long do_mmap_pgoff(struct file *, unsigned long, unsigned long, unsigned long, unsigned long, unsigned long); extern int do_munmap(struct mm_struct *, unsigned long, size_t); @@ -65094,7 +66017,7 @@ index 280dae5..baea6c8 100644 /* These take the mm semaphore themselves */ extern unsigned long vm_brk(unsigned long, unsigned long); -@@ -1510,6 +1524,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add +@@ -1573,6 +1587,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr, struct vm_area_struct **pprev); @@ -65105,7 +66028,7 @@ index 280dae5..baea6c8 100644 /* Look up the first VMA which intersects the interval start_addr..end_addr-1, NULL if none. Assume start_addr < end_addr. */ static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * mm, unsigned long start_addr, unsigned long end_addr) -@@ -1538,15 +1556,6 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm, +@@ -1601,15 +1619,6 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm, return vma; } @@ -65118,10 +66041,10 @@ index 280dae5..baea6c8 100644 -} -#endif - - struct vm_area_struct *find_extend_vma(struct mm_struct *, unsigned long addr); - int remap_pfn_range(struct vm_area_struct *, unsigned long addr, - unsigned long pfn, unsigned long size, pgprot_t); -@@ -1652,7 +1661,7 @@ extern int unpoison_memory(unsigned long pfn); + #ifdef CONFIG_ARCH_USES_NUMA_PROT_NONE + unsigned long change_prot_numa(struct vm_area_struct *vma, + unsigned long start, unsigned long end); +@@ -1721,7 +1730,7 @@ extern int unpoison_memory(unsigned long pfn); extern int sysctl_memory_failure_early_kill; extern int sysctl_memory_failure_recovery; extern void shake_page(struct page *p, int access); @@ -65130,7 +66053,7 @@ index 280dae5..baea6c8 100644 extern int soft_offline_page(struct page *page, int flags); extern void dump_page(struct page *page); -@@ -1683,5 +1692,11 @@ static inline unsigned int debug_guardpage_minorder(void) { return 0; } +@@ -1752,5 +1761,11 @@ static inline unsigned int debug_guardpage_minorder(void) { return 0; } static inline bool page_is_guard(struct page *page) { return false; } #endif /* CONFIG_DEBUG_PAGEALLOC */ @@ -65143,10 +66066,10 @@ index 280dae5..baea6c8 100644 #endif /* __KERNEL__ */ #endif /* _LINUX_MM_H */ diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h -index 31f8a3a..499f1db 100644 +index f8f5162..6276a36 100644 --- a/include/linux/mm_types.h +++ b/include/linux/mm_types.h -@@ -275,6 +275,8 @@ struct vm_area_struct { +@@ -288,6 +288,8 @@ struct vm_area_struct { #ifdef CONFIG_NUMA struct mempolicy *vm_policy; /* NUMA policy for the VMA */ #endif @@ -65155,7 +66078,7 @@ index 31f8a3a..499f1db 100644 }; struct core_thread { -@@ -348,7 +350,7 @@ struct mm_struct { +@@ -362,7 +364,7 @@ struct mm_struct { unsigned long def_flags; unsigned long nr_ptes; /* Page table pages */ unsigned long start_code, end_code, start_data, end_data; @@ -65164,8 +66087,8 @@ index 31f8a3a..499f1db 100644 unsigned long arg_start, arg_end, env_start, env_end; unsigned long saved_auxv[AT_VECTOR_SIZE]; /* for /proc/PID/auxv */ -@@ -399,6 +401,24 @@ struct mm_struct { - struct cpumask cpumask_allocation; +@@ -436,6 +438,24 @@ struct mm_struct { + int first_nid; #endif struct uprobes_state uprobes_state; + @@ -65188,7 +66111,7 @@ index 31f8a3a..499f1db 100644 + }; - static inline void mm_init_cpumask(struct mm_struct *mm) + /* first nid will either be a valid NID or one of these values */ diff --git a/include/linux/mmiotrace.h b/include/linux/mmiotrace.h index c5d5278..f0b68c8 100644 --- a/include/linux/mmiotrace.h @@ -65212,10 +66135,10 @@ index c5d5278..f0b68c8 100644 } diff --git a/include/linux/mmzone.h b/include/linux/mmzone.h -index a23923b..073fee4 100644 +index 73b64a3..6562925 100644 --- a/include/linux/mmzone.h +++ b/include/linux/mmzone.h -@@ -421,7 +421,7 @@ struct zone { +@@ -412,7 +412,7 @@ struct zone { unsigned long flags; /* zone flags, see below */ /* Zone statistics */ @@ -65398,10 +66321,10 @@ index 560ca53..5ee8d73 100644 } #endif diff --git a/include/linux/moduleparam.h b/include/linux/moduleparam.h -index d6a5806..7c13347 100644 +index 137b419..fe663ec 100644 --- a/include/linux/moduleparam.h +++ b/include/linux/moduleparam.h -@@ -286,7 +286,7 @@ static inline void __kernel_param_unlock(void) +@@ -284,7 +284,7 @@ static inline void __kernel_param_unlock(void) * @len is usually just sizeof(string). */ #define module_param_string(name, string, len, perm) \ @@ -65410,7 +66333,7 @@ index d6a5806..7c13347 100644 = { len, string }; \ __module_param_call(MODULE_PARAM_PREFIX, name, \ ¶m_ops_string, \ -@@ -425,7 +425,7 @@ extern int param_set_bint(const char *val, const struct kernel_param *kp); +@@ -423,7 +423,7 @@ extern int param_set_bint(const char *val, const struct kernel_param *kp); */ #define module_param_array_named(name, array, type, nump, perm) \ param_check_##type(name, &(array)[0]); \ @@ -65420,10 +66343,10 @@ index d6a5806..7c13347 100644 .ops = ¶m_ops_##type, \ .elemsize = sizeof(array[0]), .elem = array }; \ diff --git a/include/linux/namei.h b/include/linux/namei.h -index 4bf19d8..5268cea 100644 +index 5a5ff57..5ae5070 100644 --- a/include/linux/namei.h +++ b/include/linux/namei.h -@@ -18,7 +18,7 @@ struct nameidata { +@@ -19,7 +19,7 @@ struct nameidata { unsigned seq; int last_type; unsigned depth; @@ -65432,7 +66355,7 @@ index 4bf19d8..5268cea 100644 }; /* -@@ -83,12 +83,12 @@ extern void unlock_rename(struct dentry *, struct dentry *); +@@ -84,12 +84,12 @@ extern void unlock_rename(struct dentry *, struct dentry *); extern void nd_jump_link(struct nameidata *nd, struct path *path); @@ -65448,18 +66371,18 @@ index 4bf19d8..5268cea 100644 return nd->saved_names[nd->depth]; } diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h -index 825fb7e..24cdd41 100644 +index 9ef07d0..130a5d9 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h -@@ -1002,6 +1002,7 @@ struct net_device_ops { - struct net_device *dev, - int idx); +@@ -1012,6 +1012,7 @@ struct net_device_ops { + u32 pid, u32 seq, + struct net_device *dev); }; +typedef struct net_device_ops __no_const net_device_ops_no_const; /* * The DEVICE structure. -@@ -1062,7 +1063,7 @@ struct net_device { +@@ -1078,7 +1079,7 @@ struct net_device { int iflink; struct net_device_stats stats; @@ -65540,7 +66463,7 @@ index a4c5624..79d6d88 100644 /** create a directory */ struct dentry * oprofilefs_mkdir(struct super_block * sb, struct dentry * root, diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h -index 6bfb2faa..1204767 100644 +index 6bfb2faa..e5bc5e5 100644 --- a/include/linux/perf_event.h +++ b/include/linux/perf_event.h @@ -328,8 +328,8 @@ struct perf_event { @@ -65565,6 +66488,15 @@ index 6bfb2faa..1204767 100644 /* * Protect attach/detach and child_list: +@@ -801,7 +801,7 @@ static inline void perf_event_task_tick(void) { } + */ + #define perf_cpu_notifier(fn) \ + do { \ +- static struct notifier_block fn##_nb __cpuinitdata = \ ++ static struct notifier_block fn##_nb = \ + { .notifier_call = fn, .priority = CPU_PRI_PERF }; \ + unsigned long cpu = smp_processor_id(); \ + unsigned long flags; \ diff --git a/include/linux/pipe_fs_i.h b/include/linux/pipe_fs_i.h index ad1a427..6419649 100644 --- a/include/linux/pipe_fs_i.h @@ -65624,7 +66556,7 @@ index 2110a81..13a11bb 100644 /********** include/linux/timer.h **********/ /* diff --git a/include/linux/power/smartreflex.h b/include/linux/power/smartreflex.h -index 4a496eb..d9c5659 100644 +index c0f44c2..1572583 100644 --- a/include/linux/power/smartreflex.h +++ b/include/linux/power/smartreflex.h @@ -238,7 +238,7 @@ struct omap_sr_class_data { @@ -65658,10 +66590,10 @@ index 9afc01e..92c32e8 100644 void log_buf_kexec_setup(void); void __init setup_log_buf(int early); diff --git a/include/linux/proc_fs.h b/include/linux/proc_fs.h -index 3fd2e87..75db910 100644 +index 32676b3..8f7a182 100644 --- a/include/linux/proc_fs.h +++ b/include/linux/proc_fs.h -@@ -155,6 +155,18 @@ static inline struct proc_dir_entry *proc_create(const char *name, umode_t mode, +@@ -159,6 +159,18 @@ static inline struct proc_dir_entry *proc_create(const char *name, umode_t mode, return proc_create_data(name, mode, parent, proc_fops, NULL); } @@ -65681,28 +66613,21 @@ index 3fd2e87..75db910 100644 umode_t mode, struct proc_dir_entry *base, read_proc_t *read_proc, void * data) diff --git a/include/linux/random.h b/include/linux/random.h -index 6330ed4..419c6c3 100644 +index d984608..d6f0042 100644 --- a/include/linux/random.h +++ b/include/linux/random.h -@@ -30,12 +30,17 @@ void srandom32(u32 seed); - - u32 prandom32(struct rnd_state *); +@@ -39,6 +39,11 @@ void prandom_seed(u32 seed); + u32 prandom_u32_state(struct rnd_state *); + void prandom_bytes_state(struct rnd_state *state, void *buf, int nbytes); +static inline unsigned long pax_get_random_long(void) +{ -+ return random32() + (sizeof(long) > 4 ? (unsigned long)random32() << 32 : 0); ++ return prandom_u32() + (sizeof(long) > 4 ? (unsigned long)prandom_u32() << 32 : 0); +} + /* * Handle minimum values for seeds */ - static inline u32 __seed(u32 x, u32 m) - { -- return (x < m) ? x + m : x; -+ return (x <= m) ? x + m + 1 : x; - } - - /** diff --git a/include/linux/reboot.h b/include/linux/reboot.h index 23b3630..e1bc12b 100644 --- a/include/linux/reboot.h @@ -65783,10 +66708,10 @@ index a3e7842..d973ca6 100644 #define RIO_RESOURCE_MEM 0x00000100 #define RIO_RESOURCE_DOORBELL 0x00000200 diff --git a/include/linux/rmap.h b/include/linux/rmap.h -index bfe1f47..6a33ee3 100644 +index c20635c..2f5def4 100644 --- a/include/linux/rmap.h +++ b/include/linux/rmap.h -@@ -134,8 +134,8 @@ static inline void anon_vma_unlock(struct anon_vma *anon_vma) +@@ -145,8 +145,8 @@ static inline void anon_vma_unlock_read(struct anon_vma *anon_vma) void anon_vma_init(void); /* create anon_vma_cachep */ int anon_vma_prepare(struct vm_area_struct *); void unlink_anon_vmas(struct vm_area_struct *); @@ -65798,7 +66723,7 @@ index bfe1f47..6a33ee3 100644 static inline void anon_vma_merge(struct vm_area_struct *vma, struct vm_area_struct *next) diff --git a/include/linux/sched.h b/include/linux/sched.h -index 3e63925..6c93b17 100644 +index d211247..d64a165 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -61,6 +61,7 @@ struct bio_list; @@ -65809,7 +66734,7 @@ index 3e63925..6c93b17 100644 /* * List of flags we want to share for kernel threads, -@@ -344,10 +345,23 @@ struct user_namespace; +@@ -354,10 +355,23 @@ struct user_namespace; #define DEFAULT_MAX_MAP_COUNT (USHRT_MAX - MAPCOUNT_ELF_CORE_MARGIN) extern int sysctl_max_map_count; @@ -65833,7 +66758,7 @@ index 3e63925..6c93b17 100644 extern void arch_pick_mmap_layout(struct mm_struct *mm); extern unsigned long arch_get_unmapped_area(struct file *, unsigned long, unsigned long, -@@ -614,6 +628,17 @@ struct signal_struct { +@@ -639,6 +653,17 @@ struct signal_struct { #ifdef CONFIG_TASKSTATS struct taskstats *stats; #endif @@ -65851,7 +66776,7 @@ index 3e63925..6c93b17 100644 #ifdef CONFIG_AUDIT unsigned audit_tty; struct tty_audit_buf *tty_audit_buf; -@@ -691,6 +716,11 @@ struct user_struct { +@@ -717,6 +742,11 @@ struct user_struct { struct key *session_keyring; /* UID's default session keyring */ #endif @@ -65863,7 +66788,7 @@ index 3e63925..6c93b17 100644 /* Hash table maintenance information */ struct hlist_node uidhash_node; kuid_t uid; -@@ -1312,8 +1342,8 @@ struct task_struct { +@@ -1360,8 +1390,8 @@ struct task_struct { struct list_head thread_group; struct completion *vfork_done; /* for vfork() */ @@ -65874,7 +66799,7 @@ index 3e63925..6c93b17 100644 cputime_t utime, stime, utimescaled, stimescaled; cputime_t gtime; -@@ -1329,11 +1359,6 @@ struct task_struct { +@@ -1377,11 +1407,6 @@ struct task_struct { struct task_cputime cputime_expires; struct list_head cpu_timers[3]; @@ -65886,7 +66811,7 @@ index 3e63925..6c93b17 100644 char comm[TASK_COMM_LEN]; /* executable name excluding path - access with [gs]et_task_comm (which lock it with task_lock()) -@@ -1350,6 +1375,10 @@ struct task_struct { +@@ -1398,6 +1423,10 @@ struct task_struct { #endif /* CPU-specific state of this task */ struct thread_struct thread; @@ -65897,7 +66822,7 @@ index 3e63925..6c93b17 100644 /* filesystem information */ struct fs_struct *fs; /* open file information */ -@@ -1423,6 +1452,10 @@ struct task_struct { +@@ -1471,6 +1500,10 @@ struct task_struct { gfp_t lockdep_reclaim_gfp; #endif @@ -65908,7 +66833,7 @@ index 3e63925..6c93b17 100644 /* journalling filesystem info */ void *journal_info; -@@ -1461,6 +1494,10 @@ struct task_struct { +@@ -1509,6 +1542,10 @@ struct task_struct { /* cg_list protected by css_set_lock and tsk->alloc_lock */ struct list_head cg_list; #endif @@ -65919,7 +66844,7 @@ index 3e63925..6c93b17 100644 #ifdef CONFIG_FUTEX struct robust_list_head __user *robust_list; #ifdef CONFIG_COMPAT -@@ -1548,8 +1585,74 @@ struct task_struct { +@@ -1605,8 +1642,74 @@ struct task_struct { #ifdef CONFIG_UPROBES struct uprobe_task *utask; #endif @@ -65994,7 +66919,7 @@ index 3e63925..6c93b17 100644 /* Future-safe accessor for struct task_struct's cpus_allowed. */ #define tsk_cpus_allowed(tsk) (&(tsk)->cpus_allowed) -@@ -2092,7 +2195,9 @@ void yield(void); +@@ -2155,7 +2258,9 @@ void yield(void); extern struct exec_domain default_exec_domain; union thread_union { @@ -66004,7 +66929,7 @@ index 3e63925..6c93b17 100644 unsigned long stack[THREAD_SIZE/sizeof(long)]; }; -@@ -2125,6 +2230,7 @@ extern struct pid_namespace init_pid_ns; +@@ -2188,6 +2293,7 @@ extern struct pid_namespace init_pid_ns; */ extern struct task_struct *find_task_by_vpid(pid_t nr); @@ -66012,16 +66937,16 @@ index 3e63925..6c93b17 100644 extern struct task_struct *find_task_by_pid_ns(pid_t nr, struct pid_namespace *ns); -@@ -2281,7 +2387,7 @@ extern void __cleanup_sighand(struct sighand_struct *); +@@ -2344,7 +2450,7 @@ extern void __cleanup_sighand(struct sighand_struct *); extern void exit_itimers(struct signal_struct *); extern void flush_itimer_signals(void); -extern void do_group_exit(int); +extern __noreturn void do_group_exit(int); - extern void daemonize(const char *, ...); extern int allow_signal(int); -@@ -2485,9 +2591,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p) + extern int disallow_signal(int); +@@ -2545,9 +2651,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p) #endif @@ -66034,7 +66959,7 @@ index 3e63925..6c93b17 100644 return (obj >= stack) && (obj < (stack + THREAD_SIZE)); } diff --git a/include/linux/security.h b/include/linux/security.h -index 05e88bd..5cda002 100644 +index eee7478..290f7ba 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -26,6 +26,7 @@ @@ -66068,7 +66993,7 @@ index 68a04a3..866e6a1 100644 #define SEQ_SKIP 1 diff --git a/include/linux/shm.h b/include/linux/shm.h -index bcf8a6a..4d0af77 100644 +index 429c199..4d42e38 100644 --- a/include/linux/shm.h +++ b/include/linux/shm.h @@ -21,6 +21,10 @@ struct shmid_kernel /* private to the kernel */ @@ -66083,10 +67008,10 @@ index bcf8a6a..4d0af77 100644 /* shm_mode upper byte flags */ diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h -index 6a2c34e..a1f320f 100644 +index 320e976..fd52553 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h -@@ -577,7 +577,7 @@ extern bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from, +@@ -590,7 +590,7 @@ extern bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from, extern struct sk_buff *__alloc_skb(unsigned int size, gfp_t priority, int flags, int node); extern struct sk_buff *build_skb(void *data, unsigned int frag_size); @@ -66095,7 +67020,7 @@ index 6a2c34e..a1f320f 100644 gfp_t priority) { return __alloc_skb(size, priority, 0, NUMA_NO_NODE); -@@ -687,7 +687,7 @@ static inline struct skb_shared_hwtstamps *skb_hwtstamps(struct sk_buff *skb) +@@ -700,7 +700,7 @@ static inline struct skb_shared_hwtstamps *skb_hwtstamps(struct sk_buff *skb) */ static inline int skb_queue_empty(const struct sk_buff_head *list) { @@ -66104,7 +67029,7 @@ index 6a2c34e..a1f320f 100644 } /** -@@ -700,7 +700,7 @@ static inline int skb_queue_empty(const struct sk_buff_head *list) +@@ -713,7 +713,7 @@ static inline int skb_queue_empty(const struct sk_buff_head *list) static inline bool skb_queue_is_last(const struct sk_buff_head *list, const struct sk_buff *skb) { @@ -66113,7 +67038,7 @@ index 6a2c34e..a1f320f 100644 } /** -@@ -713,7 +713,7 @@ static inline bool skb_queue_is_last(const struct sk_buff_head *list, +@@ -726,7 +726,7 @@ static inline bool skb_queue_is_last(const struct sk_buff_head *list, static inline bool skb_queue_is_first(const struct sk_buff_head *list, const struct sk_buff *skb) { @@ -66122,7 +67047,7 @@ index 6a2c34e..a1f320f 100644 } /** -@@ -1626,7 +1626,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len) +@@ -1722,7 +1722,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len) * NET_IP_ALIGN(2) + ethernet_header(14) + IP_header(20/40) + ports(8) */ #ifndef NET_SKB_PAD @@ -66131,7 +67056,7 @@ index 6a2c34e..a1f320f 100644 #endif extern int ___pskb_trim(struct sk_buff *skb, unsigned int len); -@@ -2204,7 +2204,7 @@ extern struct sk_buff *skb_recv_datagram(struct sock *sk, unsigned flags, +@@ -2300,7 +2300,7 @@ extern struct sk_buff *skb_recv_datagram(struct sock *sk, unsigned flags, int noblock, int *err); extern unsigned int datagram_poll(struct file *file, struct socket *sock, struct poll_table_struct *wait); @@ -66141,13 +67066,14 @@ index 6a2c34e..a1f320f 100644 int size); extern int skb_copy_and_csum_datagram_iovec(struct sk_buff *skb, diff --git a/include/linux/slab.h b/include/linux/slab.h -index 83d1a14..e23d723 100644 +index 5d168d7..720bff3 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h -@@ -11,12 +11,20 @@ - +@@ -12,13 +12,20 @@ #include <linux/gfp.h> #include <linux/types.h> + #include <linux/workqueue.h> +- +#include <linux/err.h> /* @@ -66165,7 +67091,7 @@ index 83d1a14..e23d723 100644 #define SLAB_RED_ZONE 0x00000400UL /* DEBUG: Red zone objs in a cache */ #define SLAB_POISON 0x00000800UL /* DEBUG: Poison objects */ #define SLAB_HWCACHE_ALIGN 0x00002000UL /* Align objs on cache lines */ -@@ -87,10 +95,13 @@ +@@ -89,10 +96,13 @@ * ZERO_SIZE_PTR can be passed to kfree though in the same way that NULL can. * Both make kfree a no-op. */ @@ -66182,7 +67108,7 @@ index 83d1a14..e23d723 100644 /* * Common fields provided in kmem_cache by all slab allocators -@@ -110,7 +121,7 @@ struct kmem_cache { +@@ -112,7 +122,7 @@ struct kmem_cache { unsigned int align; /* Alignment as calculated */ unsigned long flags; /* Active flags on the slab */ const char *name; /* Slab name for sysfs */ @@ -66191,7 +67117,7 @@ index 83d1a14..e23d723 100644 void (*ctor)(void *); /* Called on object slot creation */ struct list_head list; /* List of all slab caches on the system */ }; -@@ -185,6 +196,8 @@ void * __must_check krealloc(const void *, size_t, gfp_t); +@@ -232,6 +242,8 @@ void * __must_check krealloc(const void *, size_t, gfp_t); void kfree(const void *); void kzfree(const void *); size_t ksize(const void *); @@ -66200,26 +67126,15 @@ index 83d1a14..e23d723 100644 /* * Allocator specific definitions. These are mainly used to establish optimized -@@ -264,8 +277,18 @@ size_t ksize(const void *); +@@ -311,6 +323,7 @@ size_t ksize(const void *); * for general use, and so are not documented here. For a full list of * potential flags, always refer to linux/gfp.h. */ + -+extern void kmalloc_array_error(void) -+#if defined(CONFIG_GCOV_KERNEL) && defined(CONFIG_PAX_SIZE_OVERFLOW) -+__compiletime_warning("kmalloc_array called with swapped arguments?"); -+#else -+__compiletime_error("kmalloc_array called with swapped arguments?"); -+#endif -+ static inline void *kmalloc_array(size_t n, size_t size, gfp_t flags) { -+ if (__builtin_constant_p(n) && !__builtin_constant_p(size)) -+ kmalloc_array_error(); if (size != 0 && n > SIZE_MAX / size) - return NULL; - return __kmalloc(n * size, flags); -@@ -323,7 +346,7 @@ static inline void *kmem_cache_alloc_node(struct kmem_cache *cachep, +@@ -370,7 +383,7 @@ static inline void *kmem_cache_alloc_node(struct kmem_cache *cachep, #if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_SLUB) || \ (defined(CONFIG_SLAB) && defined(CONFIG_TRACING)) || \ (defined(CONFIG_SLOB) && defined(CONFIG_TRACING)) @@ -66228,7 +67143,7 @@ index 83d1a14..e23d723 100644 #define kmalloc_track_caller(size, flags) \ __kmalloc_track_caller(size, flags, _RET_IP_) #else -@@ -343,7 +366,7 @@ extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long); +@@ -390,7 +403,7 @@ extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long); #if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_SLUB) || \ (defined(CONFIG_SLAB) && defined(CONFIG_TRACING)) || \ (defined(CONFIG_SLOB) && defined(CONFIG_TRACING)) @@ -66238,7 +67153,7 @@ index 83d1a14..e23d723 100644 __kmalloc_node_track_caller(size, flags, node, \ _RET_IP_) diff --git a/include/linux/slab_def.h b/include/linux/slab_def.h -index cc290f0..0ba60931 100644 +index 8bb6e0e..8eb0dbe 100644 --- a/include/linux/slab_def.h +++ b/include/linux/slab_def.h @@ -52,7 +52,7 @@ struct kmem_cache { @@ -66265,7 +67180,7 @@ index cc290f0..0ba60931 100644 /* * If debugging is enabled, then the allocator can add additional -@@ -104,11 +104,16 @@ struct cache_sizes { +@@ -111,11 +111,16 @@ struct cache_sizes { #ifdef CONFIG_ZONE_DMA struct kmem_cache *cs_dmacachep; #endif @@ -66283,7 +67198,7 @@ index cc290f0..0ba60931 100644 #ifdef CONFIG_TRACING extern void *kmem_cache_alloc_trace(struct kmem_cache *, gfp_t, size_t); -@@ -145,6 +150,13 @@ found: +@@ -152,6 +157,13 @@ found: cachep = malloc_sizes[i].cs_dmacachep; else #endif @@ -66297,7 +67212,7 @@ index cc290f0..0ba60931 100644 cachep = malloc_sizes[i].cs_cachep; ret = kmem_cache_alloc_trace(cachep, flags, size); -@@ -155,7 +167,7 @@ found: +@@ -162,7 +174,7 @@ found: } #ifdef CONFIG_NUMA @@ -66306,7 +67221,7 @@ index cc290f0..0ba60931 100644 extern void *kmem_cache_alloc_node(struct kmem_cache *, gfp_t flags, int node); #ifdef CONFIG_TRACING -@@ -198,6 +210,13 @@ found: +@@ -205,6 +217,13 @@ found: cachep = malloc_sizes[i].cs_dmacachep; else #endif @@ -66343,7 +67258,7 @@ index f28e14a..7831211 100644 return kmalloc(size, flags); } diff --git a/include/linux/slub_def.h b/include/linux/slub_def.h -index df448ad..b99e7f6 100644 +index 9db4825..ed42fb5 100644 --- a/include/linux/slub_def.h +++ b/include/linux/slub_def.h @@ -91,7 +91,7 @@ struct kmem_cache { @@ -66355,7 +67270,7 @@ index df448ad..b99e7f6 100644 void (*ctor)(void *); int inuse; /* Offset to metadata */ int align; /* Alignment */ -@@ -152,7 +152,7 @@ extern struct kmem_cache *kmalloc_caches[SLUB_PAGE_SHIFT]; +@@ -156,7 +156,7 @@ extern struct kmem_cache *kmalloc_caches[SLUB_PAGE_SHIFT]; * Sorry that the following has to be that ugly but some versions of GCC * have trouble with constant propagation and loops. */ @@ -66364,7 +67279,7 @@ index df448ad..b99e7f6 100644 { if (!size) return 0; -@@ -217,7 +217,7 @@ static __always_inline struct kmem_cache *kmalloc_slab(size_t size) +@@ -221,7 +221,7 @@ static __always_inline struct kmem_cache *kmalloc_slab(size_t size) } void *kmem_cache_alloc(struct kmem_cache *, gfp_t); @@ -66373,7 +67288,7 @@ index df448ad..b99e7f6 100644 static __always_inline void * kmalloc_order(size_t size, gfp_t flags, unsigned int order) -@@ -258,7 +258,7 @@ kmalloc_order_trace(size_t size, gfp_t flags, unsigned int order) +@@ -265,7 +265,7 @@ kmalloc_order_trace(size_t size, gfp_t flags, unsigned int order) } #endif @@ -66382,7 +67297,7 @@ index df448ad..b99e7f6 100644 { unsigned int order = get_order(size); return kmalloc_order_trace(size, flags, order); -@@ -283,7 +283,7 @@ static __always_inline void *kmalloc(size_t size, gfp_t flags) +@@ -290,7 +290,7 @@ static __always_inline void *kmalloc(size_t size, gfp_t flags) } #ifdef CONFIG_NUMA @@ -66468,7 +67383,7 @@ index 0b8e3e6..33e0a01 100644 #define RPCRDMA_VERSION 1 diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h -index cd844a6..3ca3592 100644 +index 14a8ff2..21fe4c7 100644 --- a/include/linux/sysctl.h +++ b/include/linux/sysctl.h @@ -41,6 +41,8 @@ typedef int proc_handler (struct ctl_table *ctl, int write, @@ -66494,10 +67409,10 @@ index 7faf933..eb6f5e3 100644 #ifdef CONFIG_MAGIC_SYSRQ diff --git a/include/linux/thread_info.h b/include/linux/thread_info.h -index ccc1899..b1aaceb 100644 +index e7e0473..39b7b52 100644 --- a/include/linux/thread_info.h +++ b/include/linux/thread_info.h -@@ -146,6 +146,15 @@ static inline bool test_and_clear_restore_sigmask(void) +@@ -148,6 +148,15 @@ static inline bool test_and_clear_restore_sigmask(void) #error "no set_restore_sigmask() provided and default one won't work" #endif @@ -66514,10 +67429,10 @@ index ccc1899..b1aaceb 100644 #endif /* _LINUX_THREAD_INFO_H */ diff --git a/include/linux/tty.h b/include/linux/tty.h -index f0b4eb4..1c4854e 100644 +index 8db1b56..c16a040 100644 --- a/include/linux/tty.h +++ b/include/linux/tty.h -@@ -192,7 +192,7 @@ struct tty_port { +@@ -194,7 +194,7 @@ struct tty_port { const struct tty_port_operations *ops; /* Port operations */ spinlock_t lock; /* Lock protecting tty field */ int blocked_open; /* Waiting to open */ @@ -66526,7 +67441,7 @@ index f0b4eb4..1c4854e 100644 wait_queue_head_t open_wait; /* Open waiters */ wait_queue_head_t close_wait; /* Close waiters */ wait_queue_head_t delta_msr_wait; /* Modem status change */ -@@ -513,7 +513,7 @@ extern int tty_port_open(struct tty_port *port, +@@ -490,7 +490,7 @@ extern int tty_port_open(struct tty_port *port, struct tty_struct *tty, struct file *filp); static inline int tty_port_users(struct tty_port *port) { @@ -66562,10 +67477,10 @@ index fb79dd8d..07d4773 100644 struct tty_ldisc { diff --git a/include/linux/types.h b/include/linux/types.h -index 1cc0e4b..0d50edf 100644 +index 4d118ba..c3ee9bf 100644 --- a/include/linux/types.h +++ b/include/linux/types.h -@@ -175,10 +175,26 @@ typedef struct { +@@ -176,10 +176,26 @@ typedef struct { int counter; } atomic_t; @@ -66655,10 +67570,10 @@ index 99c1b4d..bb94261 100644 static inline void put_unaligned_le16(u16 val, void *p) diff --git a/include/linux/usb.h b/include/linux/usb.h -index 10278d1..e21ec3c 100644 +index 4d22d0f..ac43c2f 100644 --- a/include/linux/usb.h +++ b/include/linux/usb.h -@@ -551,7 +551,7 @@ struct usb_device { +@@ -554,7 +554,7 @@ struct usb_device { int maxchild; u32 quirks; @@ -66680,27 +67595,6 @@ index c5d36c6..108f4f9 100644 /* * callback functions for platform -diff --git a/include/linux/usb/usbnet.h b/include/linux/usb/usbnet.h -index ddbbb7d..9134611 100644 ---- a/include/linux/usb/usbnet.h -+++ b/include/linux/usb/usbnet.h -@@ -33,6 +33,7 @@ struct usbnet { - wait_queue_head_t *wait; - struct mutex phy_mutex; - unsigned char suspend_count; -+ unsigned char pkt_cnt, pkt_err; - - /* i/o info: pipes etc */ - unsigned in, out; -@@ -69,6 +70,8 @@ struct usbnet { - # define EVENT_DEV_ASLEEP 6 - # define EVENT_DEV_OPEN 7 - # define EVENT_DEVICE_REPORT_IDLE 8 -+# define EVENT_NO_RUNTIME_PM 9 -+# define EVENT_RX_KILL 10 - }; - - static inline struct usb_driver *driver_of(struct usb_interface *intf) diff --git a/include/linux/vermagic.h b/include/linux/vermagic.h index 6f8fbcf..8259001 100644 --- a/include/linux/vermagic.h @@ -66779,10 +67673,10 @@ index 6071e91..ca6a489 100644 /* * Internals. Dont't use.. diff --git a/include/linux/vmstat.h b/include/linux/vmstat.h -index 92a86b2..1d9eb3c 100644 +index a13291f..af51fa3 100644 --- a/include/linux/vmstat.h +++ b/include/linux/vmstat.h -@@ -87,18 +87,18 @@ static inline void vm_events_fold_cpu(int cpu) +@@ -95,18 +95,18 @@ static inline void vm_events_fold_cpu(int cpu) /* * Zone based page accounting with per cpu differentials. */ @@ -66805,7 +67699,7 @@ index 92a86b2..1d9eb3c 100644 #ifdef CONFIG_SMP if (x < 0) x = 0; -@@ -109,7 +109,7 @@ static inline unsigned long global_page_state(enum zone_stat_item item) +@@ -117,7 +117,7 @@ static inline unsigned long global_page_state(enum zone_stat_item item) static inline unsigned long zone_page_state(struct zone *zone, enum zone_stat_item item) { @@ -66814,7 +67708,7 @@ index 92a86b2..1d9eb3c 100644 #ifdef CONFIG_SMP if (x < 0) x = 0; -@@ -126,7 +126,7 @@ static inline unsigned long zone_page_state(struct zone *zone, +@@ -134,7 +134,7 @@ static inline unsigned long zone_page_state(struct zone *zone, static inline unsigned long zone_page_state_snapshot(struct zone *zone, enum zone_stat_item item) { @@ -66823,7 +67717,7 @@ index 92a86b2..1d9eb3c 100644 #ifdef CONFIG_SMP int cpu; -@@ -218,8 +218,8 @@ static inline void __mod_zone_page_state(struct zone *zone, +@@ -226,8 +226,8 @@ static inline void __mod_zone_page_state(struct zone *zone, static inline void __inc_zone_state(struct zone *zone, enum zone_stat_item item) { @@ -66834,7 +67728,7 @@ index 92a86b2..1d9eb3c 100644 } static inline void __inc_zone_page_state(struct page *page, -@@ -230,8 +230,8 @@ static inline void __inc_zone_page_state(struct page *page, +@@ -238,8 +238,8 @@ static inline void __inc_zone_page_state(struct page *page, static inline void __dec_zone_state(struct zone *zone, enum zone_stat_item item) { @@ -66859,10 +67753,10 @@ index 95d1c91..6798cca 100644 /* * Newer version of video_device, handled by videodev2.c diff --git a/include/media/v4l2-ioctl.h b/include/media/v4l2-ioctl.h -index e48b571..7e40de4 100644 +index 4118ad1..cb7e25f 100644 --- a/include/media/v4l2-ioctl.h +++ b/include/media/v4l2-ioctl.h -@@ -282,7 +282,6 @@ struct v4l2_ioctl_ops { +@@ -284,7 +284,6 @@ struct v4l2_ioctl_ops { bool valid_prio, int cmd, void *arg); }; @@ -66986,10 +67880,10 @@ index 9497be1..5a4fafe 100644 fib_info_update_nh_saddr((net), &FIB_RES_NH(res))) #define FIB_RES_GW(res) (FIB_RES_NH(res).nh_gw) diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h -index ee75ccd..2cc2b95 100644 +index 68c69d5..2ee192b 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h -@@ -510,7 +510,7 @@ struct ip_vs_conn { +@@ -599,7 +599,7 @@ struct ip_vs_conn { struct ip_vs_conn *control; /* Master control connection */ atomic_t n_control; /* Number of controlled ones */ struct ip_vs_dest *dest; /* real server */ @@ -66998,7 +67892,7 @@ index ee75ccd..2cc2b95 100644 /* packet transmitter for different forwarding methods. If it mangles the packet, it must return NF_DROP or better NF_STOLEN, -@@ -648,7 +648,7 @@ struct ip_vs_dest { +@@ -737,7 +737,7 @@ struct ip_vs_dest { __be16 port; /* port number of the server */ union nf_inet_addr addr; /* IP address of the server */ volatile unsigned int flags; /* dest status flags */ @@ -67046,10 +67940,10 @@ index 0dab173..1b76af0 100644 struct pneigh_entry { struct pneigh_entry *next; diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h -index 95e6466..251016d 100644 +index de644bc..666aed3 100644 --- a/include/net/net_namespace.h +++ b/include/net/net_namespace.h -@@ -110,7 +110,7 @@ struct net { +@@ -115,7 +115,7 @@ struct net { #endif struct netns_ipvs *ipvs; struct sock *diag_nlsk; @@ -67058,7 +67952,7 @@ index 95e6466..251016d 100644 }; /* -@@ -320,12 +320,12 @@ static inline void unregister_net_sysctl_table(struct ctl_table_header *header) +@@ -330,12 +330,12 @@ static inline void unregister_net_sysctl_table(struct ctl_table_header *header) static inline int rt_genid(struct net *net) { @@ -67086,19 +67980,6 @@ index 8ba8ce2..99b7fff 100644 struct sk_buff *skb, int offset, struct iovec *to, size_t len, struct dma_pinned_list *pinned_list); -diff --git a/include/net/netfilter/nf_queue.h b/include/net/netfilter/nf_queue.h -index 252fd10..aa1421f 100644 ---- a/include/net/netfilter/nf_queue.h -+++ b/include/net/netfilter/nf_queue.h -@@ -22,7 +22,7 @@ struct nf_queue_handler { - int (*outfn)(struct nf_queue_entry *entry, - unsigned int queuenum); - char *name; --}; -+} __do_const; - - extern int nf_register_queue_handler(u_int8_t pf, - const struct nf_queue_handler *qh); diff --git a/include/net/netlink.h b/include/net/netlink.h index 9690b0f..87aded7 100644 --- a/include/net/netlink.h @@ -67126,11 +68007,11 @@ index 2ae2b83..dbdc85e 100644 #ifdef CONFIG_IP_MROUTE #ifndef CONFIG_IP_MROUTE_MULTIPLE_TABLES diff --git a/include/net/protocol.h b/include/net/protocol.h -index 929528c..c84d4f6 100644 +index 047c047..b9dad15 100644 --- a/include/net/protocol.h +++ b/include/net/protocol.h -@@ -48,7 +48,7 @@ struct net_protocol { - int (*gro_complete)(struct sk_buff *skb); +@@ -44,7 +44,7 @@ struct net_protocol { + void (*err_handler)(struct sk_buff *skb, u32 info); unsigned int no_policy:1, netns_ok:1; -}; @@ -67138,9 +68019,9 @@ index 929528c..c84d4f6 100644 #if IS_ENABLED(CONFIG_IPV6) struct inet6_protocol { -@@ -69,7 +69,7 @@ struct inet6_protocol { - int (*gro_complete)(struct sk_buff *skb); - +@@ -57,7 +57,7 @@ struct inet6_protocol { + u8 type, u8 code, int offset, + __be32 info); unsigned int flags; /* INET6_PROTO_xxx */ -}; +} __do_const; @@ -67148,10 +68029,10 @@ index 929528c..c84d4f6 100644 #define INET6_PROTO_NOPOLICY 0x1 #define INET6_PROTO_FINAL 0x2 diff --git a/include/net/sctp/sctp.h b/include/net/sctp/sctp.h -index 9c6414f..fbd0524 100644 +index 7fdf298..197e9f7 100644 --- a/include/net/sctp/sctp.h +++ b/include/net/sctp/sctp.h -@@ -318,9 +318,9 @@ do { \ +@@ -330,9 +330,9 @@ do { \ #else /* SCTP_DEBUG */ @@ -67165,10 +68046,10 @@ index 9c6414f..fbd0524 100644 #define SCTP_DISABLE_DEBUG #define SCTP_ASSERT(expr, str, func) diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h -index 64158aa..b65533c 100644 +index fdeb85a..0c554d5 100644 --- a/include/net/sctp/structs.h +++ b/include/net/sctp/structs.h -@@ -496,7 +496,7 @@ struct sctp_af { +@@ -497,7 +497,7 @@ struct sctp_af { int sockaddr_len; sa_family_t sa_family; struct list_head list; @@ -67177,7 +68058,7 @@ index 64158aa..b65533c 100644 struct sctp_af *sctp_get_af_specific(sa_family_t); int sctp_register_af(struct sctp_af *); -@@ -516,7 +516,7 @@ struct sctp_pf { +@@ -517,7 +517,7 @@ struct sctp_pf { struct sctp_association *asoc); void (*addr_v4map) (struct sctp_sock *, union sctp_addr *); struct sctp_af *af; @@ -67187,10 +68068,10 @@ index 64158aa..b65533c 100644 /* Structure to track chunk fragments that have been acked, but peer diff --git a/include/net/sock.h b/include/net/sock.h -index c945fba..e162e56 100644 +index 182ca99..b7dc290 100644 --- a/include/net/sock.h +++ b/include/net/sock.h -@@ -304,7 +304,7 @@ struct sock { +@@ -322,7 +322,7 @@ struct sock { #ifdef CONFIG_RPS __u32 sk_rxhash; #endif @@ -67199,7 +68080,7 @@ index c945fba..e162e56 100644 int sk_rcvbuf; struct sk_filter __rcu *sk_filter; -@@ -1763,7 +1763,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags) +@@ -1781,7 +1781,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags) } static inline int skb_do_copy_data_nocache(struct sock *sk, struct sk_buff *skb, @@ -67208,7 +68089,7 @@ index c945fba..e162e56 100644 int copy, int offset) { if (skb->ip_summed == CHECKSUM_NONE) { -@@ -2022,7 +2022,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk) +@@ -2040,7 +2040,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk) } } @@ -67218,10 +68099,10 @@ index c945fba..e162e56 100644 /** * sk_page_frag - return an appropriate page_frag diff --git a/include/net/tcp.h b/include/net/tcp.h -index 4af45e3..af97861 100644 +index aed42c7..43890c6 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h -@@ -531,7 +531,7 @@ extern void tcp_retransmit_timer(struct sock *sk); +@@ -530,7 +530,7 @@ extern void tcp_retransmit_timer(struct sock *sk); extern void tcp_xmit_retransmit_queue(struct sock *); extern void tcp_simple_retransmit(struct sock *); extern int tcp_trim_head(struct sock *, struct sk_buff *, u32); @@ -67230,7 +68111,7 @@ index 4af45e3..af97861 100644 extern void tcp_send_probe0(struct sock *); extern void tcp_send_partial(struct sock *); -@@ -702,8 +702,8 @@ struct tcp_skb_cb { +@@ -701,8 +701,8 @@ struct tcp_skb_cb { struct inet6_skb_parm h6; #endif } header; /* For incoming frames */ @@ -67241,7 +68122,7 @@ index 4af45e3..af97861 100644 __u32 when; /* used to compute rtt's */ __u8 tcp_flags; /* TCP header flags. (tcp[13]) */ -@@ -717,7 +717,7 @@ struct tcp_skb_cb { +@@ -716,7 +716,7 @@ struct tcp_skb_cb { __u8 ip_dsfield; /* IPv4 tos or IPv6 dsfield */ /* 1 byte hole */ @@ -67307,10 +68188,10 @@ index 399162b..b337f1a 100644 u8 qfull; enum fc_lport_state state; diff --git a/include/scsi/scsi_device.h b/include/scsi/scsi_device.h -index 55367b0..d97bd2a 100644 +index e65c62e..aa2e5a2 100644 --- a/include/scsi/scsi_device.h +++ b/include/scsi/scsi_device.h -@@ -169,9 +169,9 @@ struct scsi_device { +@@ -170,9 +170,9 @@ struct scsi_device { unsigned int max_device_blocked; /* what device_blocked counts down from */ #define SCSI_DEFAULT_DEVICE_BLOCKED 3 @@ -67338,10 +68219,10 @@ index b797e8f..8e2c3aa 100644 /** diff --git a/include/sound/soc.h b/include/sound/soc.h -index 91244a0..89ca1a7 100644 +index bc56738..a4be132 100644 --- a/include/sound/soc.h +++ b/include/sound/soc.h -@@ -769,7 +769,7 @@ struct snd_soc_codec_driver { +@@ -771,7 +771,7 @@ struct snd_soc_codec_driver { /* probe ordering - for components with runtime dependencies */ int probe_order; int remove_order; @@ -67350,7 +68231,7 @@ index 91244a0..89ca1a7 100644 /* SoC platform interface */ struct snd_soc_platform_driver { -@@ -815,7 +815,7 @@ struct snd_soc_platform_driver { +@@ -817,7 +817,7 @@ struct snd_soc_platform_driver { unsigned int (*read)(struct snd_soc_platform *, unsigned int); int (*write)(struct snd_soc_platform *, unsigned int, unsigned int); int (*bespoke_trigger)(struct snd_pcm_substream *, int); @@ -67360,10 +68241,10 @@ index 91244a0..89ca1a7 100644 struct snd_soc_platform { const char *name; diff --git a/include/target/target_core_base.h b/include/target/target_core_base.h -index fca8bbe..c0242ea 100644 +index 663e34a..91b306a 100644 --- a/include/target/target_core_base.h +++ b/include/target/target_core_base.h -@@ -760,7 +760,7 @@ struct se_device { +@@ -654,7 +654,7 @@ struct se_device { spinlock_t stats_lock; /* Active commands on this virtual SE device */ atomic_t simple_cmds; @@ -67371,7 +68252,7 @@ index fca8bbe..c0242ea 100644 + atomic_unchecked_t dev_ordered_id; atomic_t dev_ordered_sync; atomic_t dev_qf_count; - struct se_obj dev_obj; + int export_count; diff --git a/include/trace/events/fs.h b/include/trace/events/fs.h new file mode 100644 index 0000000..fb634b7 @@ -67689,10 +68570,10 @@ index 0993a22..32ba2fe 100644 void *pmi_pal; u8 *vbe_state_orig; /* diff --git a/init/Kconfig b/init/Kconfig -index 6fdd6e3..5b01610 100644 +index be8b7f5..b13cb62 100644 --- a/init/Kconfig +++ b/init/Kconfig -@@ -925,6 +925,7 @@ endif # CGROUPS +@@ -990,6 +990,7 @@ endif # CGROUPS config CHECKPOINT_RESTORE bool "Checkpoint/restore support" if EXPERT @@ -67700,7 +68581,7 @@ index 6fdd6e3..5b01610 100644 default n help Enables additional kernel features in a sake of checkpoint/restore. -@@ -1016,6 +1017,8 @@ config UIDGID_CONVERTED +@@ -1079,6 +1080,8 @@ config UIDGID_CONVERTED depends on OCFS2_FS = n depends on XFS_FS = n @@ -67709,7 +68590,7 @@ index 6fdd6e3..5b01610 100644 config UIDGID_STRICT_TYPE_CHECKS bool "Require conversions between uid/gids and their internal representation" depends on UIDGID_CONVERTED -@@ -1405,7 +1408,7 @@ config SLUB_DEBUG +@@ -1468,7 +1471,7 @@ config SLUB_DEBUG config COMPAT_BRK bool "Disable heap randomization" @@ -67718,7 +68599,7 @@ index 6fdd6e3..5b01610 100644 help Randomizing heap placement makes heap exploits harder, but it also breaks ancient binaries (including anything libc5 based). -@@ -1648,7 +1651,7 @@ config INIT_ALL_POSSIBLE +@@ -1711,7 +1714,7 @@ config INIT_ALL_POSSIBLE config STOP_MACHINE bool default y @@ -67742,10 +68623,10 @@ index 7bc47ee..6da2dc7 100644 ifneq ($(CONFIG_BLK_DEV_INITRD),y) obj-y += noinitramfs.o diff --git a/init/do_mounts.c b/init/do_mounts.c -index f8a6642..4e5ee1b 100644 +index 1d1b634..a1c810f 100644 --- a/init/do_mounts.c +++ b/init/do_mounts.c -@@ -336,11 +336,11 @@ static void __init get_fs_names(char *page) +@@ -355,11 +355,11 @@ static void __init get_fs_names(char *page) static int __init do_mount_root(char *name, char *fs, int flags, void *data) { struct super_block *s; @@ -67759,7 +68640,7 @@ index f8a6642..4e5ee1b 100644 s = current->fs->pwd.dentry->d_sb; ROOT_DEV = s->s_dev; printk(KERN_INFO -@@ -461,18 +461,18 @@ void __init change_floppy(char *fmt, ...) +@@ -480,18 +480,18 @@ void __init change_floppy(char *fmt, ...) va_start(args, fmt); vsprintf(buf, fmt, args); va_end(args); @@ -67781,7 +68662,7 @@ index f8a6642..4e5ee1b 100644 termios.c_lflag |= ICANON; sys_ioctl(fd, TCSETSF, (long)&termios); sys_close(fd); -@@ -566,6 +566,6 @@ void __init prepare_namespace(void) +@@ -585,6 +585,6 @@ void __init prepare_namespace(void) mount_root(); out: devtmpfs_mount("dev"); @@ -68048,7 +68929,7 @@ index 84c6bf1..8899338 100644 next_state = Reset; return 0; diff --git a/init/main.c b/init/main.c -index 857166f..9df1d8e 100644 +index cee4b5c..47f445e 100644 --- a/init/main.c +++ b/init/main.c @@ -96,6 +96,8 @@ static inline void mark_rodata_ro(void) { } @@ -68193,7 +69074,7 @@ index 857166f..9df1d8e 100644 } static int run_init_process(const char *init_filename) -@@ -876,7 +950,7 @@ static noinline void __init kernel_init_freeable(void) +@@ -877,7 +951,7 @@ static noinline void __init kernel_init_freeable(void) do_basic_setup(); /* Open the /dev/console on the rootfs, this should never fail */ @@ -68202,7 +69083,7 @@ index 857166f..9df1d8e 100644 printk(KERN_WARNING "Warning: unable to open an initial console.\n"); (void) sys_dup(0); -@@ -889,11 +963,13 @@ static noinline void __init kernel_init_freeable(void) +@@ -890,11 +964,13 @@ static noinline void __init kernel_init_freeable(void) if (!ramdisk_execute_command) ramdisk_execute_command = "/init"; @@ -68230,7 +69111,7 @@ index 71a3ca1..cc330ee 100644 if (u->mq_bytes + mq_bytes < u->mq_bytes || u->mq_bytes + mq_bytes > rlimit(RLIMIT_MSGQUEUE)) { diff --git a/ipc/msg.c b/ipc/msg.c -index a71af5a..a90a110 100644 +index 950572f..266c15f 100644 --- a/ipc/msg.c +++ b/ipc/msg.c @@ -309,18 +309,19 @@ static inline int msg_security(struct kern_ipc_perm *ipcp, int msgflg) @@ -68291,7 +69172,7 @@ index 58d31f1..cce7a55 100644 sem_params.flg = semflg; sem_params.u.nsems = nsems; diff --git a/ipc/shm.c b/ipc/shm.c -index dff40c9..9450e27 100644 +index 4fa6d8f..38dfd0c 100644 --- a/ipc/shm.c +++ b/ipc/shm.c @@ -69,6 +69,14 @@ static void shm_destroy (struct ipc_namespace *ns, struct shmid_kernel *shp); @@ -68309,7 +69190,7 @@ index dff40c9..9450e27 100644 void shm_init_ns(struct ipc_namespace *ns) { ns->shm_ctlmax = SHMMAX; -@@ -520,6 +528,14 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params) +@@ -521,6 +529,14 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params) shp->shm_lprid = 0; shp->shm_atim = shp->shm_dtim = 0; shp->shm_ctim = get_seconds(); @@ -68324,7 +69205,7 @@ index dff40c9..9450e27 100644 shp->shm_segsz = size; shp->shm_nattch = 0; shp->shm_file = file; -@@ -571,18 +587,19 @@ static inline int shm_more_checks(struct kern_ipc_perm *ipcp, +@@ -572,18 +588,19 @@ static inline int shm_more_checks(struct kern_ipc_perm *ipcp, return 0; } @@ -68349,7 +69230,7 @@ index dff40c9..9450e27 100644 shm_params.key = key; shm_params.flg = shmflg; shm_params.u.size = size; -@@ -1003,6 +1020,12 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr, +@@ -1004,6 +1021,12 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr, f_mode = FMODE_READ | FMODE_WRITE; } if (shmflg & SHM_EXEC) { @@ -68362,7 +69243,7 @@ index dff40c9..9450e27 100644 prot |= PROT_EXEC; acc_mode |= S_IXUGO; } -@@ -1026,9 +1049,21 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr, +@@ -1027,9 +1050,21 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr, if (err) goto out_unlock; @@ -68398,7 +69279,7 @@ index 051e071..15e0920 100644 current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim; set_fs(fs); diff --git a/kernel/audit.c b/kernel/audit.c -index 40414e9..c920b72 100644 +index d596e53..dbef3c3 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -116,7 +116,7 @@ u32 audit_sig_sid = 0; @@ -68428,7 +69309,7 @@ index 40414e9..c920b72 100644 audit_rate_limit, audit_backlog_limit); audit_panic(message); -@@ -677,7 +677,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) +@@ -681,7 +681,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) status_set.pid = audit_pid; status_set.rate_limit = audit_rate_limit; status_set.backlog_limit = audit_backlog_limit; @@ -68438,10 +69319,10 @@ index 40414e9..c920b72 100644 audit_send_reply(NETLINK_CB(skb).portid, seq, AUDIT_GET, 0, 0, &status_set, sizeof(status_set)); diff --git a/kernel/auditsc.c b/kernel/auditsc.c -index 157e989..b28b365 100644 +index a371f85..da826c1 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c -@@ -2352,7 +2352,7 @@ int auditsc_get_stamp(struct audit_context *ctx, +@@ -2292,7 +2292,7 @@ int auditsc_get_stamp(struct audit_context *ctx, } /* global counter which is incremented every time something logs in */ @@ -68450,7 +69331,7 @@ index 157e989..b28b365 100644 /** * audit_set_loginuid - set current task's audit_context loginuid -@@ -2376,7 +2376,7 @@ int audit_set_loginuid(kuid_t loginuid) +@@ -2316,7 +2316,7 @@ int audit_set_loginuid(kuid_t loginuid) return -EPERM; #endif /* CONFIG_AUDIT_LOGINUID_IMMUTABLE */ @@ -68556,10 +69437,10 @@ index 493d972..f87dfbd 100644 + return ns_capable_nolog(ns, cap) && kuid_has_mapping(ns, inode->i_uid); +} diff --git a/kernel/cgroup.c b/kernel/cgroup.c -index ad99830..992d8a7 100644 +index 4855892..30d23b4 100644 --- a/kernel/cgroup.c +++ b/kernel/cgroup.c -@@ -5514,7 +5514,7 @@ static int cgroup_css_links_read(struct cgroup *cont, +@@ -5535,7 +5535,7 @@ static int cgroup_css_links_read(struct cgroup *cont, struct css_set *cg = link->cg; struct task_struct *task; int count = 0; @@ -68569,7 +69450,7 @@ index ad99830..992d8a7 100644 if (count++ > MAX_TASKS_SHOWN_PER_CSS) { seq_puts(seq, " ...\n"); diff --git a/kernel/compat.c b/kernel/compat.c -index c28a306..b4d0cf3 100644 +index 36700e9..73d770c 100644 --- a/kernel/compat.c +++ b/kernel/compat.c @@ -13,6 +13,7 @@ @@ -68625,7 +69506,7 @@ index c28a306..b4d0cf3 100644 set_fs(old_fs); if (ret) -@@ -550,8 +551,8 @@ compat_sys_wait4(compat_pid_t pid, compat_uint_t __user *stat_addr, int options, +@@ -552,8 +553,8 @@ COMPAT_SYSCALL_DEFINE4(wait4, set_fs (KERNEL_DS); ret = sys_wait4(pid, (stat_addr ? @@ -68636,7 +69517,7 @@ index c28a306..b4d0cf3 100644 set_fs (old_fs); if (ret > 0) { -@@ -576,8 +577,8 @@ asmlinkage long compat_sys_waitid(int which, compat_pid_t pid, +@@ -579,8 +580,8 @@ COMPAT_SYSCALL_DEFINE5(waitid, memset(&info, 0, sizeof(info)); set_fs(KERNEL_DS); @@ -68647,7 +69528,7 @@ index c28a306..b4d0cf3 100644 set_fs(old_fs); if ((ret < 0) || (info.si_signo == 0)) -@@ -707,8 +708,8 @@ long compat_sys_timer_settime(timer_t timer_id, int flags, +@@ -714,8 +715,8 @@ long compat_sys_timer_settime(timer_t timer_id, int flags, oldfs = get_fs(); set_fs(KERNEL_DS); err = sys_timer_settime(timer_id, flags, @@ -68658,7 +69539,7 @@ index c28a306..b4d0cf3 100644 set_fs(oldfs); if (!err && old && put_compat_itimerspec(old, &oldts)) return -EFAULT; -@@ -725,7 +726,7 @@ long compat_sys_timer_gettime(timer_t timer_id, +@@ -732,7 +733,7 @@ long compat_sys_timer_gettime(timer_t timer_id, oldfs = get_fs(); set_fs(KERNEL_DS); err = sys_timer_gettime(timer_id, @@ -68667,7 +69548,7 @@ index c28a306..b4d0cf3 100644 set_fs(oldfs); if (!err && put_compat_itimerspec(setting, &ts)) return -EFAULT; -@@ -744,7 +745,7 @@ long compat_sys_clock_settime(clockid_t which_clock, +@@ -751,7 +752,7 @@ long compat_sys_clock_settime(clockid_t which_clock, oldfs = get_fs(); set_fs(KERNEL_DS); err = sys_clock_settime(which_clock, @@ -68676,7 +69557,7 @@ index c28a306..b4d0cf3 100644 set_fs(oldfs); return err; } -@@ -759,7 +760,7 @@ long compat_sys_clock_gettime(clockid_t which_clock, +@@ -766,7 +767,7 @@ long compat_sys_clock_gettime(clockid_t which_clock, oldfs = get_fs(); set_fs(KERNEL_DS); err = sys_clock_gettime(which_clock, @@ -68685,7 +69566,7 @@ index c28a306..b4d0cf3 100644 set_fs(oldfs); if (!err && put_compat_timespec(&ts, tp)) return -EFAULT; -@@ -779,7 +780,7 @@ long compat_sys_clock_adjtime(clockid_t which_clock, +@@ -786,7 +787,7 @@ long compat_sys_clock_adjtime(clockid_t which_clock, oldfs = get_fs(); set_fs(KERNEL_DS); @@ -68694,7 +69575,7 @@ index c28a306..b4d0cf3 100644 set_fs(oldfs); err = compat_put_timex(utp, &txc); -@@ -799,7 +800,7 @@ long compat_sys_clock_getres(clockid_t which_clock, +@@ -806,7 +807,7 @@ long compat_sys_clock_getres(clockid_t which_clock, oldfs = get_fs(); set_fs(KERNEL_DS); err = sys_clock_getres(which_clock, @@ -68703,7 +69584,7 @@ index c28a306..b4d0cf3 100644 set_fs(oldfs); if (!err && tp && put_compat_timespec(&ts, tp)) return -EFAULT; -@@ -811,9 +812,9 @@ static long compat_clock_nanosleep_restart(struct restart_block *restart) +@@ -818,9 +819,9 @@ static long compat_clock_nanosleep_restart(struct restart_block *restart) long err; mm_segment_t oldfs; struct timespec tu; @@ -68715,7 +69596,7 @@ index c28a306..b4d0cf3 100644 oldfs = get_fs(); set_fs(KERNEL_DS); err = clock_nanosleep_restart(restart); -@@ -845,8 +846,8 @@ long compat_sys_clock_nanosleep(clockid_t which_clock, int flags, +@@ -852,8 +853,8 @@ long compat_sys_clock_nanosleep(clockid_t which_clock, int flags, oldfs = get_fs(); set_fs(KERNEL_DS); err = sys_clock_nanosleep(which_clock, flags, @@ -68751,10 +69632,10 @@ index 42e8fa0..9e7406b 100644 return -ENOMEM; diff --git a/kernel/cred.c b/kernel/cred.c -index 48cea3d..3476734 100644 +index e0573a4..eefe488 100644 --- a/kernel/cred.c +++ b/kernel/cred.c -@@ -207,6 +207,16 @@ void exit_creds(struct task_struct *tsk) +@@ -164,6 +164,16 @@ void exit_creds(struct task_struct *tsk) validate_creds(cred); alter_cred_subscribers(cred, -1); put_cred(cred); @@ -68771,7 +69652,7 @@ index 48cea3d..3476734 100644 } /** -@@ -469,7 +479,7 @@ error_put: +@@ -411,7 +421,7 @@ static bool cred_cap_issubset(const struct cred *set, const struct cred *subset) * Always returns 0 thus allowing this function to be tail-called at the end * of, say, sys_setgid(). */ @@ -68780,7 +69661,7 @@ index 48cea3d..3476734 100644 { struct task_struct *task = current; const struct cred *old = task->real_cred; -@@ -488,6 +498,8 @@ int commit_creds(struct cred *new) +@@ -430,6 +440,8 @@ int commit_creds(struct cred *new) get_cred(new); /* we will require a ref for the subj creds too */ @@ -68789,7 +69670,7 @@ index 48cea3d..3476734 100644 /* dumpability changes */ if (!uid_eq(old->euid, new->euid) || !gid_eq(old->egid, new->egid) || -@@ -537,6 +549,101 @@ int commit_creds(struct cred *new) +@@ -479,6 +491,101 @@ int commit_creds(struct cred *new) put_cred(old); return 0; } @@ -68978,7 +69859,7 @@ index 8875254..7cf4928 100644 #ifdef CONFIG_MODULE_UNLOAD { diff --git a/kernel/events/core.c b/kernel/events/core.c -index dbccf83..8c66482 100644 +index 7b6646a..3cb1135 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -182,7 +182,7 @@ int perf_proc_update_handler(struct ctl_table *table, int write, @@ -68990,7 +69871,7 @@ index dbccf83..8c66482 100644 static void cpu_ctx_sched_out(struct perf_cpu_context *cpuctx, enum event_type_t event_type); -@@ -2668,7 +2668,7 @@ static void __perf_event_read(void *info) +@@ -2677,7 +2677,7 @@ static void __perf_event_read(void *info) static inline u64 perf_event_count(struct perf_event *event) { @@ -68999,7 +69880,7 @@ index dbccf83..8c66482 100644 } static u64 perf_event_read(struct perf_event *event) -@@ -2998,9 +2998,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running) +@@ -3007,9 +3007,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running) mutex_lock(&event->child_mutex); total += perf_event_read(event); *enabled += event->total_time_enabled + @@ -69011,7 +69892,7 @@ index dbccf83..8c66482 100644 list_for_each_entry(child, &event->child_list, child_list) { total += perf_event_read(child); -@@ -3403,10 +3403,10 @@ void perf_event_update_userpage(struct perf_event *event) +@@ -3412,10 +3412,10 @@ void perf_event_update_userpage(struct perf_event *event) userpg->offset -= local64_read(&event->hw.prev_count); userpg->time_enabled = enabled + @@ -69024,7 +69905,7 @@ index dbccf83..8c66482 100644 arch_perf_update_userpage(userpg, now); -@@ -3965,11 +3965,11 @@ static void perf_output_read_one(struct perf_output_handle *handle, +@@ -3974,11 +3974,11 @@ static void perf_output_read_one(struct perf_output_handle *handle, values[n++] = perf_event_count(event); if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) { values[n++] = enabled + @@ -69038,7 +69919,7 @@ index dbccf83..8c66482 100644 } if (read_format & PERF_FORMAT_ID) values[n++] = primary_event_id(event); -@@ -4712,12 +4712,12 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event) +@@ -4721,12 +4721,12 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event) * need to add enough zero bytes after the string to handle * the 64bit alignment we do later. */ @@ -69053,16 +69934,16 @@ index dbccf83..8c66482 100644 if (IS_ERR(name)) { name = strncpy(tmp, "//toolong", sizeof(tmp)); goto got_name; -@@ -6156,7 +6156,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu, +@@ -6165,7 +6165,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu, event->parent = parent_event; - event->ns = get_pid_ns(current->nsproxy->pid_ns); + event->ns = get_pid_ns(task_active_pid_ns(current)); - event->id = atomic64_inc_return(&perf_event_id); + event->id = atomic64_inc_return_unchecked(&perf_event_id); event->state = PERF_EVENT_STATE_INACTIVE; -@@ -6774,10 +6774,10 @@ static void sync_child_event(struct perf_event *child_event, +@@ -6790,10 +6790,10 @@ static void sync_child_event(struct perf_event *child_event, /* * Add back the child's count to the parent's count: */ @@ -69077,10 +69958,10 @@ index dbccf83..8c66482 100644 /* diff --git a/kernel/exit.c b/kernel/exit.c -index 346616c..f103b28 100644 +index b4df219..f13c02d 100644 --- a/kernel/exit.c +++ b/kernel/exit.c -@@ -182,6 +182,10 @@ void release_task(struct task_struct * p) +@@ -170,6 +170,10 @@ void release_task(struct task_struct * p) struct task_struct *leader; int zap_leader; repeat: @@ -69091,7 +69972,7 @@ index 346616c..f103b28 100644 /* don't need to get the RCU readlock here - the process is dead and * can't be modifying its own credentials. But shut RCU-lockdep up */ rcu_read_lock(); -@@ -394,7 +398,7 @@ int allow_signal(int sig) +@@ -338,7 +342,7 @@ int allow_signal(int sig) * know it'll be handled, so that they don't get converted to * SIGKILL or just silently dropped. */ @@ -69100,17 +69981,7 @@ index 346616c..f103b28 100644 recalc_sigpending(); spin_unlock_irq(¤t->sighand->siglock); return 0; -@@ -430,6 +434,9 @@ void daemonize(const char *name, ...) - vsnprintf(current->comm, sizeof(current->comm), name, args); - va_end(args); - -+ gr_put_exec_file(current); -+ gr_set_kernel_label(current); -+ - /* - * If we were started as result of loading a module, close all of the - * user space pages. We don't need them, and if we didn't close them -@@ -812,6 +819,8 @@ void do_exit(long code) +@@ -708,6 +712,8 @@ void do_exit(long code) struct task_struct *tsk = current; int group_dead; @@ -69119,7 +69990,7 @@ index 346616c..f103b28 100644 profile_task_exit(tsk); WARN_ON(blk_needs_flush_plug(tsk)); -@@ -828,7 +837,6 @@ void do_exit(long code) +@@ -724,7 +730,6 @@ void do_exit(long code) * mm_release()->clear_child_tid() from writing to a user-controlled * kernel address. */ @@ -69127,7 +69998,7 @@ index 346616c..f103b28 100644 ptrace_event(PTRACE_EVENT_EXIT, code); -@@ -887,6 +895,9 @@ void do_exit(long code) +@@ -783,6 +788,9 @@ void do_exit(long code) tsk->exit_code = code; taskstats_exit(tsk, group_dead); @@ -69137,7 +70008,7 @@ index 346616c..f103b28 100644 exit_mm(tsk); if (group_dead) -@@ -1007,7 +1018,7 @@ SYSCALL_DEFINE1(exit, int, error_code) +@@ -903,7 +911,7 @@ SYSCALL_DEFINE1(exit, int, error_code) * Take down every thread in the group. This is called by fatal signals * as well as by sys_exit_group (below). */ @@ -69147,7 +70018,7 @@ index 346616c..f103b28 100644 { struct signal_struct *sig = current->signal; diff --git a/kernel/fork.c b/kernel/fork.c -index acc4cb6..b524cb5 100644 +index c535f33..1d768f9 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -318,7 +318,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) @@ -69241,9 +70112,9 @@ index acc4cb6..b524cb5 100644 - unsigned long charge; - struct mempolicy *pol; + uprobe_start_dup_mmap(); down_write(&oldmm->mmap_sem); - flush_cache_dup_mm(oldmm); -@@ -363,8 +431,8 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) +@@ -364,8 +432,8 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) mm->locked_vm = 0; mm->mmap = NULL; mm->mmap_cache = NULL; @@ -69254,7 +70125,7 @@ index acc4cb6..b524cb5 100644 mm->map_count = 0; cpumask_clear(mm_cpumask(mm)); mm->mm_rb = RB_ROOT; -@@ -380,57 +448,15 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) +@@ -381,57 +449,15 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) prev = NULL; for (mpnt = oldmm->mmap; mpnt; mpnt = mpnt->vm_next) { @@ -69316,7 +70187,7 @@ index acc4cb6..b524cb5 100644 } /* -@@ -462,6 +488,31 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) +@@ -463,6 +489,31 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) if (retval) goto out; } @@ -69348,9 +70219,9 @@ index acc4cb6..b524cb5 100644 /* a new mm has just been created */ arch_dup_mmap(oldmm, mm); retval = 0; -@@ -470,14 +521,6 @@ out: - flush_tlb_mm(oldmm); +@@ -472,14 +523,6 @@ out: up_write(&oldmm->mmap_sem); + uprobe_end_dup_mmap(); return retval; -fail_nomem_anon_vma_fork: - mpol_put(pol); @@ -69363,7 +70234,7 @@ index acc4cb6..b524cb5 100644 } static inline int mm_alloc_pgd(struct mm_struct *mm) -@@ -692,8 +735,8 @@ struct mm_struct *mm_access(struct task_struct *task, unsigned int mode) +@@ -694,8 +737,8 @@ struct mm_struct *mm_access(struct task_struct *task, unsigned int mode) return ERR_PTR(err); mm = get_task_mm(task); @@ -69374,7 +70245,7 @@ index acc4cb6..b524cb5 100644 mmput(mm); mm = ERR_PTR(-EACCES); } -@@ -912,13 +955,20 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk) +@@ -917,13 +960,20 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk) spin_unlock(&fs->lock); return -EAGAIN; } @@ -69396,7 +70267,7 @@ index acc4cb6..b524cb5 100644 return 0; } -@@ -1183,6 +1233,9 @@ static struct task_struct *copy_process(unsigned long clone_flags, +@@ -1193,6 +1243,9 @@ static struct task_struct *copy_process(unsigned long clone_flags, DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled); #endif retval = -EAGAIN; @@ -69406,7 +70277,7 @@ index acc4cb6..b524cb5 100644 if (atomic_read(&p->real_cred->user->processes) >= task_rlimit(p, RLIMIT_NPROC)) { if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) && -@@ -1422,6 +1475,11 @@ static struct task_struct *copy_process(unsigned long clone_flags, +@@ -1432,6 +1485,11 @@ static struct task_struct *copy_process(unsigned long clone_flags, goto bad_fork_free_pid; } @@ -69418,7 +70289,7 @@ index acc4cb6..b524cb5 100644 if (clone_flags & CLONE_THREAD) { current->signal->nr_threads++; atomic_inc(¤t->signal->live); -@@ -1505,6 +1563,8 @@ bad_fork_cleanup_count: +@@ -1515,6 +1573,8 @@ bad_fork_cleanup_count: bad_fork_free: free_task(p); fork_out: @@ -69427,7 +70298,31 @@ index acc4cb6..b524cb5 100644 return ERR_PTR(retval); } -@@ -1605,6 +1665,8 @@ long do_fork(unsigned long clone_flags, +@@ -1565,6 +1625,23 @@ long do_fork(unsigned long clone_flags, + return -EINVAL; + } + ++#ifdef CONFIG_GRKERNSEC ++ if (clone_flags & CLONE_NEWUSER) { ++ /* ++ * This doesn't really inspire confidence: ++ * http://marc.info/?l=linux-kernel&m=135543612731939&w=2 ++ * http://marc.info/?l=linux-kernel&m=135545831607095&w=2 ++ * Increases kernel attack surface in areas developers ++ * previously cared little about ("low importance due ++ * to requiring "root" capability") ++ * To be removed when this code receives *proper* review ++ */ ++ if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SETUID) || ++ !capable(CAP_SETGID)) ++ return -EPERM; ++ } ++#endif ++ + /* + * Determine whether and which event to report to ptracer. When + * called from kernel_thread or CLONE_UNTRACED is explicitly +@@ -1599,6 +1676,8 @@ long do_fork(unsigned long clone_flags, if (clone_flags & CLONE_PARENT_SETTID) put_user(nr, parent_tidptr); @@ -69436,7 +70331,7 @@ index acc4cb6..b524cb5 100644 if (clone_flags & CLONE_VFORK) { p->vfork_done = &vfork; init_completion(&vfork); -@@ -1714,7 +1776,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) +@@ -1752,7 +1831,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) return 0; /* don't need lock here; in the worst case we'll do useless copy */ @@ -69445,7 +70340,7 @@ index acc4cb6..b524cb5 100644 return 0; *new_fsp = copy_fs_struct(fs); -@@ -1803,7 +1865,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) +@@ -1866,7 +1945,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) fs = current->fs; spin_lock(&fs->lock); current->fs = new_fs; @@ -69525,7 +70420,7 @@ index 9b22d03..6295b62 100644 prev->next = info->next; else diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c -index 6db7a5e..25b6648 100644 +index 6db7a5e..0d600bd 100644 --- a/kernel/hrtimer.c +++ b/kernel/hrtimer.c @@ -1407,7 +1407,7 @@ void hrtimer_peek_ahead_timers(void) @@ -69537,6 +70432,15 @@ index 6db7a5e..25b6648 100644 { struct hrtimer_cpu_base *cpu_base = &__get_cpu_var(hrtimer_bases); +@@ -1751,7 +1751,7 @@ static int __cpuinit hrtimer_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata hrtimers_nb = { ++static struct notifier_block hrtimers_nb = { + .notifier_call = hrtimer_cpu_notify, + }; + diff --git a/kernel/jump_label.c b/kernel/jump_label.c index 60f48fa..7f3a770 100644 --- a/kernel/jump_label.c @@ -69687,10 +70591,10 @@ index 2169fee..45c017a 100644 return -ENOMEM; reset_iter(iter, 0); diff --git a/kernel/kcmp.c b/kernel/kcmp.c -index 30b7b22..c726387 100644 +index e30ac0f..3528cac 100644 --- a/kernel/kcmp.c +++ b/kernel/kcmp.c -@@ -98,6 +98,10 @@ SYSCALL_DEFINE5(kcmp, pid_t, pid1, pid_t, pid2, int, type, +@@ -99,6 +99,10 @@ SYSCALL_DEFINE5(kcmp, pid_t, pid1, pid_t, pid2, int, type, struct task_struct *task1, *task2; int ret; @@ -69716,7 +70620,7 @@ index 5e4bd78..00c5b91 100644 /* Don't allow clients that don't understand the native diff --git a/kernel/kmod.c b/kernel/kmod.c -index 1c317e3..4a92a55 100644 +index 0023a87..3fe3781 100644 --- a/kernel/kmod.c +++ b/kernel/kmod.c @@ -74,7 +74,7 @@ static void free_modprobe_argv(struct subprocess_info *info) @@ -69908,10 +70812,10 @@ index 098f396..fe85ff1 100644 head = &kprobe_table[i]; preempt_disable(); diff --git a/kernel/ksysfs.c b/kernel/ksysfs.c -index 4e316e1..5501eef 100644 +index 6ada93c..55baf4d 100644 --- a/kernel/ksysfs.c +++ b/kernel/ksysfs.c -@@ -47,6 +47,8 @@ static ssize_t uevent_helper_store(struct kobject *kobj, +@@ -46,6 +46,8 @@ static ssize_t uevent_helper_store(struct kobject *kobj, { if (count+1 > UEVENT_HELPER_PATH_LEN) return -ENOENT; @@ -69953,18 +70857,9 @@ index 7981e5b..7f2105c 100644 printk("\nacquire class [%p] %s", class->key, class->name); if (class->name_version > 1) diff --git a/kernel/lockdep_proc.c b/kernel/lockdep_proc.c -index 91c32a0..7b88d63 100644 +index b2c71c5..7b88d63 100644 --- a/kernel/lockdep_proc.c +++ b/kernel/lockdep_proc.c -@@ -39,7 +39,7 @@ static void l_stop(struct seq_file *m, void *v) - - static void print_name(struct seq_file *m, struct lock_class *class) - { -- char str[128]; -+ char str[KSYM_NAME_LEN]; - const char *name = class->name; - - if (!name) { @@ -65,7 +65,7 @@ static int l_show(struct seq_file *m, void *v) return 0; } @@ -70011,18 +70906,18 @@ index 91c32a0..7b88d63 100644 seq_printf(m, "%40s %14lu %29s %pS\n", name, stats->contending_point[i], diff --git a/kernel/module.c b/kernel/module.c -index 3e544f4..34c3008 100644 +index eab0827..75ede66 100644 --- a/kernel/module.c +++ b/kernel/module.c -@@ -59,6 +59,7 @@ +@@ -61,6 +61,7 @@ #include <linux/pfn.h> #include <linux/bsearch.h> #include <linux/fips.h> +#include <linux/grsecurity.h> + #include <uapi/linux/module.h> #include "module-internal.h" - #define CREATE_TRACE_POINTS -@@ -153,7 +154,8 @@ static BLOCKING_NOTIFIER_HEAD(module_notify_list); +@@ -156,7 +157,8 @@ static BLOCKING_NOTIFIER_HEAD(module_notify_list); /* Bounds of module allocation, for speeding __module_address. * Protected by module_mutex. */ @@ -70032,7 +70927,7 @@ index 3e544f4..34c3008 100644 int register_module_notifier(struct notifier_block * nb) { -@@ -319,7 +321,7 @@ bool each_symbol_section(bool (*fn)(const struct symsearch *arr, +@@ -322,7 +324,7 @@ bool each_symbol_section(bool (*fn)(const struct symsearch *arr, return true; list_for_each_entry_rcu(mod, &modules, list) { @@ -70041,7 +70936,7 @@ index 3e544f4..34c3008 100644 { mod->syms, mod->syms + mod->num_syms, mod->crcs, NOT_GPL_ONLY, false }, { mod->gpl_syms, mod->gpl_syms + mod->num_gpl_syms, -@@ -344,7 +346,7 @@ bool each_symbol_section(bool (*fn)(const struct symsearch *arr, +@@ -347,7 +349,7 @@ bool each_symbol_section(bool (*fn)(const struct symsearch *arr, if (mod->state == MODULE_STATE_UNFORMED) continue; @@ -70309,7 +71204,7 @@ index 3e544f4..34c3008 100644 info->index.sym) | INIT_OFFSET_MASK; pr_debug("\t%s\n", info->secstrings + symsect->sh_name); -@@ -2326,13 +2344,13 @@ static void layout_symtab(struct module *mod, struct load_info *info) +@@ -2323,13 +2341,13 @@ static void layout_symtab(struct module *mod, struct load_info *info) } /* Append room for core symbols at end of core part. */ @@ -70327,7 +71222,7 @@ index 3e544f4..34c3008 100644 info->index.str) | INIT_OFFSET_MASK; pr_debug("\t%s\n", info->secstrings + strsect->sh_name); } -@@ -2350,12 +2368,14 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) +@@ -2347,12 +2365,14 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) /* Make sure we get permanent strtab: don't use info->strtab. */ mod->strtab = (void *)info->sechdrs[info->index.str].sh_addr; @@ -70342,9 +71237,9 @@ index 3e544f4..34c3008 100644 + mod->core_symtab = dst = mod->module_core_rx + info->symoffs; + mod->core_strtab = s = mod->module_core_rx + info->stroffs; src = mod->symtab; - *s++ = 0; for (ndst = i = 0; i < mod->num_symtab; i++) { -@@ -2368,6 +2388,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) + if (i == 0 || +@@ -2364,6 +2384,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) } } mod->core_num_syms = ndst; @@ -70353,8 +71248,8 @@ index 3e544f4..34c3008 100644 } #else static inline void layout_symtab(struct module *mod, struct load_info *info) -@@ -2401,17 +2423,33 @@ void * __weak module_alloc(unsigned long size) - return size == 0 ? NULL : vmalloc_exec(size); +@@ -2397,17 +2419,33 @@ void * __weak module_alloc(unsigned long size) + return vmalloc_exec(size); } -static void *module_alloc_update_bounds(unsigned long size) @@ -70392,8 +71287,8 @@ index 3e544f4..34c3008 100644 mutex_unlock(&module_mutex); } return ret; -@@ -2630,8 +2668,14 @@ static struct module *setup_load_info(struct load_info *info) - static int check_modinfo(struct module *mod, struct load_info *info) +@@ -2683,8 +2721,14 @@ static struct module *setup_load_info(struct load_info *info, int flags) + static int check_modinfo(struct module *mod, struct load_info *info, int flags) { const char *modmagic = get_modinfo(info, "vermagic"); + const char *license = get_modinfo(info, "license"); @@ -70404,10 +71299,10 @@ index 3e544f4..34c3008 100644 + return -ENOEXEC; +#endif + - /* This is allowed: modprobe --force will invalidate it. */ - if (!modmagic) { - err = try_to_force_load(mod, "bad vermagic"); -@@ -2654,7 +2698,7 @@ static int check_modinfo(struct module *mod, struct load_info *info) + if (flags & MODULE_INIT_IGNORE_VERMAGIC) + modmagic = NULL; + +@@ -2710,7 +2754,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags) } /* Set up license info based on the info section */ @@ -70416,7 +71311,7 @@ index 3e544f4..34c3008 100644 return 0; } -@@ -2748,7 +2792,7 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2804,7 +2848,7 @@ static int move_module(struct module *mod, struct load_info *info) void *ptr; /* Do the allocs. */ @@ -70425,7 +71320,7 @@ index 3e544f4..34c3008 100644 /* * The pointer to this block is stored in the module structure * which is inside the block. Just mark it as not being a -@@ -2758,10 +2802,10 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2814,11 +2858,11 @@ static int move_module(struct module *mod, struct load_info *info) if (!ptr) return -ENOMEM; @@ -70434,30 +71329,34 @@ index 3e544f4..34c3008 100644 + memset(ptr, 0, mod->core_size_rw); + mod->module_core_rw = ptr; -- ptr = module_alloc_update_bounds(mod->init_size); -+ ptr = module_alloc_update_bounds_rw(mod->init_size_rw); - /* - * The pointer to this block is stored in the module structure - * which is inside the block. This block doesn't need to be -@@ -2769,12 +2813,39 @@ static int move_module(struct module *mod, struct load_info *info) - * after the module is initialized. - */ - kmemleak_ignore(ptr); -- if (!ptr && mod->init_size) { -- module_free(mod, mod->module_core); -+ if (!ptr && mod->init_size_rw) { -+ module_free(mod, mod->module_core_rw); - return -ENOMEM; - } -- memset(ptr, 0, mod->init_size); -- mod->module_init = ptr; -+ memset(ptr, 0, mod->init_size_rw); -+ mod->module_init_rw = ptr; +- if (mod->init_size) { +- ptr = module_alloc_update_bounds(mod->init_size); ++ if (mod->init_size_rw) { ++ ptr = module_alloc_update_bounds_rw(mod->init_size_rw); + /* + * The pointer to this block is stored in the module structure + * which is inside the block. This block doesn't need to be +@@ -2827,13 +2871,45 @@ static int move_module(struct module *mod, struct load_info *info) + */ + kmemleak_ignore(ptr); + if (!ptr) { +- module_free(mod, mod->module_core); ++ module_free(mod, mod->module_core_rw); + return -ENOMEM; + } +- memset(ptr, 0, mod->init_size); +- mod->module_init = ptr; ++ memset(ptr, 0, mod->init_size_rw); ++ mod->module_init_rw = ptr; + } else +- mod->module_init = NULL; ++ mod->module_init_rw = NULL; + + ptr = module_alloc_update_bounds_rx(mod->core_size_rx); + kmemleak_not_leak(ptr); + if (!ptr) { -+ module_free(mod, mod->module_init_rw); ++ if (mod->module_init_rw) ++ module_free(mod, mod->module_init_rw); + module_free(mod, mod->module_core_rw); + return -ENOMEM; + } @@ -70467,23 +71366,27 @@ index 3e544f4..34c3008 100644 + pax_close_kernel(); + mod->module_core_rx = ptr; + -+ ptr = module_alloc_update_bounds_rx(mod->init_size_rx); -+ kmemleak_ignore(ptr); -+ if (!ptr && mod->init_size_rx) { -+ module_free_exec(mod, mod->module_core_rx); -+ module_free(mod, mod->module_init_rw); -+ module_free(mod, mod->module_core_rw); -+ return -ENOMEM; -+ } ++ if (mod->init_size_rx) { ++ ptr = module_alloc_update_bounds_rx(mod->init_size_rx); ++ kmemleak_ignore(ptr); ++ if (!ptr && mod->init_size_rx) { ++ module_free_exec(mod, mod->module_core_rx); ++ if (mod->module_init_rw) ++ module_free(mod, mod->module_init_rw); ++ module_free(mod, mod->module_core_rw); ++ return -ENOMEM; ++ } + -+ pax_open_kernel(); -+ memset(ptr, 0, mod->init_size_rx); -+ pax_close_kernel(); -+ mod->module_init_rx = ptr; ++ pax_open_kernel(); ++ memset(ptr, 0, mod->init_size_rx); ++ pax_close_kernel(); ++ mod->module_init_rx = ptr; ++ } else ++ mod->module_init_rx = NULL; /* Transfer each section which specifies SHF_ALLOC */ pr_debug("final section addresses:\n"); -@@ -2785,16 +2856,45 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2844,16 +2920,45 @@ static int move_module(struct module *mod, struct load_info *info) if (!(shdr->sh_flags & SHF_ALLOC)) continue; @@ -70536,7 +71439,7 @@ index 3e544f4..34c3008 100644 pr_debug("\t0x%lx %s\n", (long)shdr->sh_addr, info->secstrings + shdr->sh_name); } -@@ -2849,12 +2949,12 @@ static void flush_module_icache(const struct module *mod) +@@ -2908,12 +3013,12 @@ static void flush_module_icache(const struct module *mod) * Do it before processing of module parameters, so the module * can provide parameter accessor functions of its own. */ @@ -70555,7 +71458,7 @@ index 3e544f4..34c3008 100644 set_fs(old_fs); } -@@ -2924,8 +3024,10 @@ out: +@@ -2983,8 +3088,10 @@ out: static void module_deallocate(struct module *mod, struct load_info *info) { percpu_modfree(mod); @@ -70568,7 +71471,7 @@ index 3e544f4..34c3008 100644 } int __weak module_finalize(const Elf_Ehdr *hdr, -@@ -2938,7 +3040,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr, +@@ -2997,7 +3104,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr, static int post_relocation(struct module *mod, const struct load_info *info) { /* Sort exception table now relocations are done. */ @@ -70578,7 +71481,50 @@ index 3e544f4..34c3008 100644 /* Copy relocated percpu area over. */ percpu_modcopy(mod, (void *)info->sechdrs[info->index.pcpu].sh_addr, -@@ -3036,9 +3140,38 @@ again: +@@ -3051,16 +3160,16 @@ static int do_init_module(struct module *mod) + MODULE_STATE_COMING, mod); + + /* Set RO and NX regions for core */ +- set_section_ro_nx(mod->module_core, +- mod->core_text_size, +- mod->core_ro_size, +- mod->core_size); ++ set_section_ro_nx(mod->module_core_rx, ++ mod->core_size_rx, ++ mod->core_size_rx, ++ mod->core_size_rx); + + /* Set RO and NX regions for init */ +- set_section_ro_nx(mod->module_init, +- mod->init_text_size, +- mod->init_ro_size, +- mod->init_size); ++ set_section_ro_nx(mod->module_init_rx, ++ mod->init_size_rx, ++ mod->init_size_rx, ++ mod->init_size_rx); + + do_mod_ctors(mod); + /* Start the module */ +@@ -3122,11 +3231,12 @@ static int do_init_module(struct module *mod) + mod->strtab = mod->core_strtab; + #endif + unset_module_init_ro_nx(mod); +- module_free(mod, mod->module_init); +- mod->module_init = NULL; +- mod->init_size = 0; +- mod->init_ro_size = 0; +- mod->init_text_size = 0; ++ module_free(mod, mod->module_init_rw); ++ module_free_exec(mod, mod->module_init_rx); ++ mod->module_init_rw = NULL; ++ mod->module_init_rx = NULL; ++ mod->init_size_rw = 0; ++ mod->init_size_rx = 0; + mutex_unlock(&module_mutex); + wake_up_all(&module_wq); + +@@ -3209,9 +3319,38 @@ again: if (err) goto free_unload; @@ -70590,7 +71536,7 @@ index 3e544f4..34c3008 100644 + } + /* Set up MODINFO_ATTR fields */ - setup_modinfo(mod, &info); + setup_modinfo(mod, info); +#ifdef CONFIG_GRKERNSEC_MODHARDEN + { @@ -70615,14 +71561,28 @@ index 3e544f4..34c3008 100644 +#endif + /* Fix up syms, so that st_value is a pointer to location. */ - err = simplify_symbols(mod, &info); + err = simplify_symbols(mod, info); if (err < 0) -@@ -3104,11 +3237,11 @@ again: +@@ -3227,13 +3366,6 @@ again: + + flush_module_icache(mod); + +- /* Now copy in args */ +- mod->args = strndup_user(uargs, ~0UL >> 1); +- if (IS_ERR(mod->args)) { +- err = PTR_ERR(mod->args); +- goto free_arch_cleanup; +- } +- + dynamic_debug_setup(info->debug, info->num_debug); + + mutex_lock(&module_mutex); +@@ -3278,11 +3410,10 @@ again: mutex_unlock(&module_mutex); - dynamic_debug_remove(info.debug); + dynamic_debug_remove(info->debug); synchronize_sched(); - kfree(mod->args); - free_arch_cleanup: +- free_arch_cleanup: module_arch_cleanup(mod); free_modinfo: free_modinfo(mod); @@ -70630,50 +71590,7 @@ index 3e544f4..34c3008 100644 free_unload: module_unload_free(mod); unlink_mod: -@@ -3155,16 +3288,16 @@ SYSCALL_DEFINE3(init_module, void __user *, umod, - MODULE_STATE_COMING, mod); - - /* Set RO and NX regions for core */ -- set_section_ro_nx(mod->module_core, -- mod->core_text_size, -- mod->core_ro_size, -- mod->core_size); -+ set_section_ro_nx(mod->module_core_rx, -+ mod->core_size_rx, -+ mod->core_size_rx, -+ mod->core_size_rx); - - /* Set RO and NX regions for init */ -- set_section_ro_nx(mod->module_init, -- mod->init_text_size, -- mod->init_ro_size, -- mod->init_size); -+ set_section_ro_nx(mod->module_init_rx, -+ mod->init_size_rx, -+ mod->init_size_rx, -+ mod->init_size_rx); - - do_mod_ctors(mod); - /* Start the module */ -@@ -3209,11 +3342,12 @@ SYSCALL_DEFINE3(init_module, void __user *, umod, - mod->strtab = mod->core_strtab; - #endif - unset_module_init_ro_nx(mod); -- module_free(mod, mod->module_init); -- mod->module_init = NULL; -- mod->init_size = 0; -- mod->init_ro_size = 0; -- mod->init_text_size = 0; -+ module_free(mod, mod->module_init_rw); -+ module_free_exec(mod, mod->module_init_rx); -+ mod->module_init_rw = NULL; -+ mod->module_init_rx = NULL; -+ mod->init_size_rw = 0; -+ mod->init_size_rx = 0; - mutex_unlock(&module_mutex); - wake_up_all(&module_wq); - -@@ -3245,10 +3379,16 @@ static const char *get_ksymbol(struct module *mod, +@@ -3365,10 +3496,16 @@ static const char *get_ksymbol(struct module *mod, unsigned long nextval; /* At worse, next value is at end of module */ @@ -70693,7 +71610,7 @@ index 3e544f4..34c3008 100644 /* Scan for closest preceding symbol, and next symbol. (ELF starts real symbols at 1). */ -@@ -3501,7 +3641,7 @@ static int m_show(struct seq_file *m, void *p) +@@ -3621,7 +3758,7 @@ static int m_show(struct seq_file *m, void *p) return 0; seq_printf(m, "%s %u", @@ -70702,7 +71619,7 @@ index 3e544f4..34c3008 100644 print_unload_info(m, mod); /* Informative for users. */ -@@ -3510,7 +3650,7 @@ static int m_show(struct seq_file *m, void *p) +@@ -3630,7 +3767,7 @@ static int m_show(struct seq_file *m, void *p) mod->state == MODULE_STATE_COMING ? "Loading": "Live"); /* Used by oprofile and other similar tools. */ @@ -70711,7 +71628,7 @@ index 3e544f4..34c3008 100644 /* Taints info */ if (mod->taints) -@@ -3546,7 +3686,17 @@ static const struct file_operations proc_modules_operations = { +@@ -3666,7 +3803,17 @@ static const struct file_operations proc_modules_operations = { static int __init proc_modules_init(void) { @@ -70729,7 +71646,7 @@ index 3e544f4..34c3008 100644 return 0; } module_init(proc_modules_init); -@@ -3607,14 +3757,14 @@ struct module *__module_address(unsigned long addr) +@@ -3727,14 +3874,14 @@ struct module *__module_address(unsigned long addr) { struct module *mod; @@ -70747,7 +71664,7 @@ index 3e544f4..34c3008 100644 return mod; } return NULL; -@@ -3649,11 +3799,20 @@ bool is_module_text_address(unsigned long addr) +@@ -3769,11 +3916,20 @@ bool is_module_text_address(unsigned long addr) */ struct module *__module_text_address(unsigned long addr) { @@ -70931,7 +71848,7 @@ index e1b2822..5edc1d9 100644 } EXPORT_SYMBOL(__stack_chk_fail); diff --git a/kernel/pid.c b/kernel/pid.c -index aebd4f5..1693c13 100644 +index f2c6a68..4922d97 100644 --- a/kernel/pid.c +++ b/kernel/pid.c @@ -33,6 +33,7 @@ @@ -70942,7 +71859,7 @@ index aebd4f5..1693c13 100644 #include <linux/pid_namespace.h> #include <linux/init_task.h> #include <linux/syscalls.h> -@@ -45,7 +46,7 @@ struct pid init_struct_pid = INIT_STRUCT_PID; +@@ -46,7 +47,7 @@ struct pid init_struct_pid = INIT_STRUCT_PID; int pid_max = PID_MAX_DEFAULT; @@ -70951,7 +71868,7 @@ index aebd4f5..1693c13 100644 int pid_max_min = RESERVED_PIDS + 1; int pid_max_max = PID_MAX_LIMIT; -@@ -420,10 +421,18 @@ EXPORT_SYMBOL(pid_task); +@@ -441,10 +442,18 @@ EXPORT_SYMBOL(pid_task); */ struct task_struct *find_task_by_pid_ns(pid_t nr, struct pid_namespace *ns) { @@ -70971,8 +71888,8 @@ index aebd4f5..1693c13 100644 } struct task_struct *find_task_by_vpid(pid_t vnr) -@@ -431,6 +440,14 @@ struct task_struct *find_task_by_vpid(pid_t vnr) - return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns); +@@ -452,6 +461,14 @@ struct task_struct *find_task_by_vpid(pid_t vnr) + return find_task_by_pid_ns(vnr, task_active_pid_ns(current)); } +struct task_struct *find_task_by_vpid_unrestricted(pid_t vnr) @@ -70980,38 +71897,17 @@ index aebd4f5..1693c13 100644 + rcu_lockdep_assert(rcu_read_lock_held(), + "find_task_by_pid_ns() needs rcu_read_lock()" + " protection"); -+ return pid_task(find_pid_ns(vnr, current->nsproxy->pid_ns), PIDTYPE_PID); ++ return pid_task(find_pid_ns(vnr, task_active_pid_ns(current)), PIDTYPE_PID); +} + struct pid *get_task_pid(struct task_struct *task, enum pid_type type) { struct pid *pid; diff --git a/kernel/posix-cpu-timers.c b/kernel/posix-cpu-timers.c -index 125cb67..2e5c8ad 100644 +index a278cad..bff5bd3 100644 --- a/kernel/posix-cpu-timers.c +++ b/kernel/posix-cpu-timers.c -@@ -6,9 +6,11 @@ - #include <linux/posix-timers.h> - #include <linux/errno.h> - #include <linux/math64.h> -+#include <linux/security.h> - #include <asm/uaccess.h> - #include <linux/kernel_stat.h> - #include <trace/events/timer.h> -+#include <linux/random.h> - - /* - * Called after updating RLIMIT_CPU to run cpu timer and update -@@ -494,6 +496,8 @@ static void cleanup_timers(struct list_head *head, - */ - void posix_cpu_timers_exit(struct task_struct *tsk) - { -+ add_device_randomness((const void*) &tsk->se.sum_exec_runtime, -+ sizeof(unsigned long long)); - cleanup_timers(tsk->cpu_timers, - tsk->utime, tsk->stime, tsk->se.sum_exec_runtime); - -@@ -1578,14 +1582,14 @@ struct k_clock clock_posix_cpu = { +@@ -1557,14 +1557,14 @@ struct k_clock clock_posix_cpu = { static __init int init_posix_cpu_timers(void) { @@ -71127,7 +72023,7 @@ index 69185ae..cc2847a 100644 } diff --git a/kernel/power/process.c b/kernel/power/process.c -index 87da817..30ddd13 100644 +index d5a258b..4271191 100644 --- a/kernel/power/process.c +++ b/kernel/power/process.c @@ -33,6 +33,7 @@ static int try_to_freeze_tasks(bool user_only) @@ -71138,7 +72034,7 @@ index 87da817..30ddd13 100644 do_gettimeofday(&start); -@@ -43,6 +44,8 @@ static int try_to_freeze_tasks(bool user_only) +@@ -43,13 +44,20 @@ static int try_to_freeze_tasks(bool user_only) while (true) { todo = 0; @@ -71147,13 +72043,10 @@ index 87da817..30ddd13 100644 read_lock(&tasklist_lock); do_each_thread(g, p) { if (p == current || !freeze_task(p)) -@@ -58,9 +61,13 @@ static int try_to_freeze_tasks(bool user_only) - * guaranteed that TASK_STOPPED/TRACED -> TASK_RUNNING - * transition can't race with task state testing here. - */ -- if (!task_is_stopped_or_traced(p) && -- !freezer_should_skip(p)) -+ if (!task_is_stopped_or_traced(p) && !freezer_should_skip(p)) { + continue; + +- if (!freezer_should_skip(p)) ++ if (!freezer_should_skip(p)) { todo++; + if (timedout) { + printk(KERN_ERR "Task refusing to freeze:\n"); @@ -71163,7 +72056,7 @@ index 87da817..30ddd13 100644 } while_each_thread(g, p); read_unlock(&tasklist_lock); -@@ -69,7 +76,7 @@ static int try_to_freeze_tasks(bool user_only) +@@ -58,7 +66,7 @@ static int try_to_freeze_tasks(bool user_only) todo += wq_busy; } @@ -71173,10 +72066,10 @@ index 87da817..30ddd13 100644 if (pm_wakeup_pending()) { diff --git a/kernel/printk.c b/kernel/printk.c -index f8e0b5a..dda2a5c 100644 +index 267ce78..952f8a8 100644 --- a/kernel/printk.c +++ b/kernel/printk.c -@@ -817,6 +817,11 @@ static int check_syslog_permissions(int type, bool from_file) +@@ -834,6 +834,11 @@ static int check_syslog_permissions(int type, bool from_file) if (from_file && type != SYSLOG_ACTION_OPEN) return 0; @@ -71189,10 +72082,10 @@ index f8e0b5a..dda2a5c 100644 if (capable(CAP_SYSLOG)) return 0; diff --git a/kernel/profile.c b/kernel/profile.c -index 76b8e77..a2930e8 100644 +index 1f39181..86093471 100644 --- a/kernel/profile.c +++ b/kernel/profile.c -@@ -39,7 +39,7 @@ struct profile_hit { +@@ -40,7 +40,7 @@ struct profile_hit { /* Oprofile timer tick hook */ static int (*timer_hook)(struct pt_regs *) __read_mostly; @@ -71201,7 +72094,7 @@ index 76b8e77..a2930e8 100644 static unsigned long prof_len, prof_shift; int prof_on __read_mostly; -@@ -281,7 +281,7 @@ static void profile_flip_buffers(void) +@@ -282,7 +282,7 @@ static void profile_flip_buffers(void) hits[i].pc = 0; continue; } @@ -71210,7 +72103,7 @@ index 76b8e77..a2930e8 100644 hits[i].hits = hits[i].pc = 0; } } -@@ -342,9 +342,9 @@ static void do_profile_hits(int type, void *__pc, unsigned int nr_hits) +@@ -343,9 +343,9 @@ static void do_profile_hits(int type, void *__pc, unsigned int nr_hits) * Add the current hit(s) and flush the write-queue out * to the global buffer: */ @@ -71222,7 +72115,7 @@ index 76b8e77..a2930e8 100644 hits[i].pc = hits[i].hits = 0; } out: -@@ -419,7 +419,7 @@ static void do_profile_hits(int type, void *__pc, unsigned int nr_hits) +@@ -420,7 +420,7 @@ static void do_profile_hits(int type, void *__pc, unsigned int nr_hits) { unsigned long pc; pc = ((unsigned long)__pc - (unsigned long)_stext) >> prof_shift; @@ -71231,7 +72124,7 @@ index 76b8e77..a2930e8 100644 } #endif /* !CONFIG_SMP */ -@@ -517,7 +517,7 @@ read_profile(struct file *file, char __user *buf, size_t count, loff_t *ppos) +@@ -518,7 +518,7 @@ read_profile(struct file *file, char __user *buf, size_t count, loff_t *ppos) return -EFAULT; buf++; p++; count--; read++; } @@ -71240,7 +72133,7 @@ index 76b8e77..a2930e8 100644 if (copy_to_user(buf, (void *)pnt, count)) return -EFAULT; read += count; -@@ -548,7 +548,7 @@ static ssize_t write_profile(struct file *file, const char __user *buf, +@@ -549,7 +549,7 @@ static ssize_t write_profile(struct file *file, const char __user *buf, } #endif profile_discard_flip_buffers(); @@ -71250,19 +72143,19 @@ index 76b8e77..a2930e8 100644 } diff --git a/kernel/ptrace.c b/kernel/ptrace.c -index fbea91d..9bf15e8 100644 +index 6cbeaae..363c48a 100644 --- a/kernel/ptrace.c +++ b/kernel/ptrace.c -@@ -319,7 +319,7 @@ static int ptrace_attach(struct task_struct *task, long request, - +@@ -324,7 +324,7 @@ static int ptrace_attach(struct task_struct *task, long request, if (seize) flags |= PT_SEIZED; -- if (ns_capable(task_user_ns(task), CAP_SYS_PTRACE)) -+ if (ns_capable_nolog(task_user_ns(task), CAP_SYS_PTRACE)) + rcu_read_lock(); +- if (ns_capable(__task_cred(task)->user_ns, CAP_SYS_PTRACE)) ++ if (ns_capable_nolog(__task_cred(task)->user_ns, CAP_SYS_PTRACE)) flags |= PT_PTRACE_CAP; + rcu_read_unlock(); task->ptrace = flags; - -@@ -526,7 +526,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst +@@ -535,7 +535,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst break; return -EIO; } @@ -71271,7 +72164,7 @@ index fbea91d..9bf15e8 100644 return -EFAULT; copied += retval; src += retval; -@@ -711,7 +711,7 @@ int ptrace_request(struct task_struct *child, long request, +@@ -720,7 +720,7 @@ int ptrace_request(struct task_struct *child, long request, bool seized = child->ptrace & PT_SEIZED; int ret = -EIO; siginfo_t siginfo, *si; @@ -71280,7 +72173,7 @@ index fbea91d..9bf15e8 100644 unsigned long __user *datalp = datavp; unsigned long flags; -@@ -913,14 +913,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr, +@@ -922,14 +922,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr, goto out; } @@ -71303,7 +72196,7 @@ index fbea91d..9bf15e8 100644 goto out_put_task_struct; } -@@ -948,7 +955,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr, +@@ -957,7 +964,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr, copied = access_process_vm(tsk, addr, &tmp, sizeof(tmp), 0); if (copied != sizeof(tmp)) return -EIO; @@ -71312,7 +72205,7 @@ index fbea91d..9bf15e8 100644 } int generic_ptrace_pokedata(struct task_struct *tsk, unsigned long addr, -@@ -1058,14 +1065,21 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid, +@@ -1067,14 +1074,21 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid, goto out; } @@ -71336,7 +72229,7 @@ index fbea91d..9bf15e8 100644 } diff --git a/kernel/rcutiny.c b/kernel/rcutiny.c -index e4c6a59..c86621a 100644 +index e7dce58..ad0d7b7 100644 --- a/kernel/rcutiny.c +++ b/kernel/rcutiny.c @@ -46,7 +46,7 @@ @@ -71358,10 +72251,10 @@ index e4c6a59..c86621a 100644 __rcu_process_callbacks(&rcu_sched_ctrlblk); __rcu_process_callbacks(&rcu_bh_ctrlblk); diff --git a/kernel/rcutiny_plugin.h b/kernel/rcutiny_plugin.h -index 3d01902..afbf46e 100644 +index f85016a..91cb03b 100644 --- a/kernel/rcutiny_plugin.h +++ b/kernel/rcutiny_plugin.h -@@ -893,7 +893,7 @@ static int rcu_kthread(void *arg) +@@ -896,7 +896,7 @@ static int rcu_kthread(void *arg) have_rcu_kthread_work = morework; local_irq_restore(flags); if (work) @@ -71371,7 +72264,7 @@ index 3d01902..afbf46e 100644 } diff --git a/kernel/rcutorture.c b/kernel/rcutorture.c -index aaa7b9f..055ff1e 100644 +index 31dea01..ad91ffb 100644 --- a/kernel/rcutorture.c +++ b/kernel/rcutorture.c @@ -163,12 +163,12 @@ static DEFINE_PER_CPU(long [RCU_TORTURE_PIPE_LEN + 1], rcu_torture_count) = @@ -71416,7 +72309,7 @@ index aaa7b9f..055ff1e 100644 spin_lock_bh(&rcu_torture_lock); list_add_tail(&p->rtort_free, &rcu_torture_freelist); spin_unlock_bh(&rcu_torture_lock); -@@ -410,7 +410,7 @@ rcu_torture_cb(struct rcu_head *p) +@@ -409,7 +409,7 @@ rcu_torture_cb(struct rcu_head *p) i = rp->rtort_pipe_count; if (i > RCU_TORTURE_PIPE_LEN) i = RCU_TORTURE_PIPE_LEN; @@ -71425,7 +72318,7 @@ index aaa7b9f..055ff1e 100644 if (++rp->rtort_pipe_count >= RCU_TORTURE_PIPE_LEN) { rp->rtort_mbtest = 0; rcu_torture_free(rp); -@@ -459,7 +459,7 @@ static void rcu_sync_torture_deferred_free(struct rcu_torture *p) +@@ -457,7 +457,7 @@ static void rcu_sync_torture_deferred_free(struct rcu_torture *p) i = rp->rtort_pipe_count; if (i > RCU_TORTURE_PIPE_LEN) i = RCU_TORTURE_PIPE_LEN; @@ -71434,7 +72327,7 @@ index aaa7b9f..055ff1e 100644 if (++rp->rtort_pipe_count >= RCU_TORTURE_PIPE_LEN) { rp->rtort_mbtest = 0; list_del(&rp->rtort_free); -@@ -1002,7 +1002,7 @@ rcu_torture_writer(void *arg) +@@ -975,7 +975,7 @@ rcu_torture_writer(void *arg) i = old_rp->rtort_pipe_count; if (i > RCU_TORTURE_PIPE_LEN) i = RCU_TORTURE_PIPE_LEN; @@ -71443,7 +72336,7 @@ index aaa7b9f..055ff1e 100644 old_rp->rtort_pipe_count++; cur_ops->deferred_free(old_rp); } -@@ -1087,7 +1087,7 @@ static void rcu_torture_timer(unsigned long unused) +@@ -1060,7 +1060,7 @@ static void rcu_torture_timer(unsigned long unused) } do_trace_rcu_torture_read(cur_ops->name, &p->rtort_rcu); if (p->rtort_mbtest == 0) @@ -71452,7 +72345,7 @@ index aaa7b9f..055ff1e 100644 spin_lock(&rand_lock); cur_ops->read_delay(&rand); n_rcu_torture_timers++; -@@ -1151,7 +1151,7 @@ rcu_torture_reader(void *arg) +@@ -1124,7 +1124,7 @@ rcu_torture_reader(void *arg) } do_trace_rcu_torture_read(cur_ops->name, &p->rtort_rcu); if (p->rtort_mbtest == 0) @@ -71461,7 +72354,7 @@ index aaa7b9f..055ff1e 100644 cur_ops->read_delay(&rand); preempt_disable(); pipe_count = p->rtort_pipe_count; -@@ -1210,11 +1210,11 @@ rcu_torture_printk(char *page) +@@ -1183,11 +1183,11 @@ rcu_torture_printk(char *page) rcu_torture_current, rcu_torture_current_version, list_empty(&rcu_torture_freelist), @@ -71477,7 +72370,7 @@ index aaa7b9f..055ff1e 100644 n_rcu_torture_boost_ktrerror, n_rcu_torture_boost_rterror); cnt += sprintf(&page[cnt], "rtbf: %ld rtb: %ld nt: %ld ", -@@ -1233,14 +1233,14 @@ rcu_torture_printk(char *page) +@@ -1206,14 +1206,14 @@ rcu_torture_printk(char *page) n_barrier_attempts, n_rcu_torture_barrier_error); cnt += sprintf(&page[cnt], "\n%s%s ", torture_type, TORTURE_FLAG); @@ -71494,7 +72387,7 @@ index aaa7b9f..055ff1e 100644 WARN_ON_ONCE(1); } cnt += sprintf(&page[cnt], "Reader Pipe: "); -@@ -1254,7 +1254,7 @@ rcu_torture_printk(char *page) +@@ -1227,7 +1227,7 @@ rcu_torture_printk(char *page) cnt += sprintf(&page[cnt], "Free-Block Circulation: "); for (i = 0; i < RCU_TORTURE_PIPE_LEN + 1; i++) { cnt += sprintf(&page[cnt], " %d", @@ -71503,16 +72396,16 @@ index aaa7b9f..055ff1e 100644 } cnt += sprintf(&page[cnt], "\n"); if (cur_ops->stats) -@@ -1938,7 +1938,7 @@ rcu_torture_cleanup(void) +@@ -1920,7 +1920,7 @@ rcu_torture_cleanup(void) + + rcu_torture_stats_print(); /* -After- the stats thread is stopped! */ - if (cur_ops->cleanup) - cur_ops->cleanup(); - if (atomic_read(&n_rcu_torture_error) || n_rcu_torture_barrier_error) + if (atomic_read_unchecked(&n_rcu_torture_error) || n_rcu_torture_barrier_error) rcu_torture_print_module_parms(cur_ops, "End of test: FAILURE"); else if (n_online_successes != n_online_attempts || n_offline_successes != n_offline_attempts) -@@ -2007,18 +2007,18 @@ rcu_torture_init(void) +@@ -1989,18 +1989,18 @@ rcu_torture_init(void) rcu_torture_current = NULL; rcu_torture_current_version = 0; @@ -71538,10 +72431,10 @@ index aaa7b9f..055ff1e 100644 for (i = 0; i < RCU_TORTURE_PIPE_LEN + 1; i++) { per_cpu(rcu_torture_count, cpu)[i] = 0; diff --git a/kernel/rcutree.c b/kernel/rcutree.c -index 2682295..0f2297e 100644 +index e441b77..dd54f17 100644 --- a/kernel/rcutree.c +++ b/kernel/rcutree.c -@@ -348,9 +348,9 @@ static void rcu_eqs_enter_common(struct rcu_dynticks *rdtp, long long oldval, +@@ -349,9 +349,9 @@ static void rcu_eqs_enter_common(struct rcu_dynticks *rdtp, long long oldval, rcu_prepare_for_idle(smp_processor_id()); /* CPUs seeing atomic_inc() must see prior RCU read-side crit sects */ smp_mb__before_atomic_inc(); /* See above. */ @@ -71553,7 +72446,7 @@ index 2682295..0f2297e 100644 /* * It is illegal to enter an extended quiescent state while -@@ -508,10 +508,10 @@ static void rcu_eqs_exit_common(struct rcu_dynticks *rdtp, long long oldval, +@@ -487,10 +487,10 @@ static void rcu_eqs_exit_common(struct rcu_dynticks *rdtp, long long oldval, int user) { smp_mb__before_atomic_inc(); /* Force ordering w/previous sojourn. */ @@ -71566,7 +72459,7 @@ index 2682295..0f2297e 100644 rcu_cleanup_after_idle(smp_processor_id()); trace_rcu_dyntick("End", oldval, rdtp->dynticks_nesting); if (!user && !is_idle_task(current)) { -@@ -670,14 +670,14 @@ void rcu_nmi_enter(void) +@@ -629,14 +629,14 @@ void rcu_nmi_enter(void) struct rcu_dynticks *rdtp = &__get_cpu_var(rcu_dynticks); if (rdtp->dynticks_nmi_nesting == 0 && @@ -71584,7 +72477,7 @@ index 2682295..0f2297e 100644 } /** -@@ -696,9 +696,9 @@ void rcu_nmi_exit(void) +@@ -655,9 +655,9 @@ void rcu_nmi_exit(void) return; /* CPUs seeing atomic_inc() must see prior RCU read-side crit sects */ smp_mb__before_atomic_inc(); /* See above. */ @@ -71596,7 +72489,7 @@ index 2682295..0f2297e 100644 } /** -@@ -712,7 +712,7 @@ int rcu_is_cpu_idle(void) +@@ -671,7 +671,7 @@ int rcu_is_cpu_idle(void) int ret; preempt_disable(); @@ -71605,7 +72498,7 @@ index 2682295..0f2297e 100644 preempt_enable(); return ret; } -@@ -795,7 +795,7 @@ int rcu_is_cpu_rrupt_from_idle(void) +@@ -739,7 +739,7 @@ int rcu_is_cpu_rrupt_from_idle(void) */ static int dyntick_save_progress_counter(struct rcu_data *rdp) { @@ -71614,7 +72507,7 @@ index 2682295..0f2297e 100644 return (rdp->dynticks_snap & 0x1) == 0; } -@@ -810,7 +810,7 @@ static int rcu_implicit_dynticks_qs(struct rcu_data *rdp) +@@ -754,7 +754,7 @@ static int rcu_implicit_dynticks_qs(struct rcu_data *rdp) unsigned int curr; unsigned int snap; @@ -71623,7 +72516,7 @@ index 2682295..0f2297e 100644 snap = (unsigned int)rdp->dynticks_snap; /* -@@ -858,10 +858,10 @@ static int jiffies_till_stall_check(void) +@@ -802,10 +802,10 @@ static int jiffies_till_stall_check(void) * for CONFIG_RCU_CPU_STALL_TIMEOUT. */ if (till_stall_check < 3) { @@ -71636,7 +72529,7 @@ index 2682295..0f2297e 100644 till_stall_check = 300; } return till_stall_check * HZ + RCU_STALL_DELAY_DELTA; -@@ -1589,7 +1589,7 @@ rcu_send_cbs_to_orphanage(int cpu, struct rcu_state *rsp, +@@ -1592,7 +1592,7 @@ rcu_send_cbs_to_orphanage(int cpu, struct rcu_state *rsp, rsp->qlen += rdp->qlen; rdp->n_cbs_orphaned += rdp->qlen; rdp->qlen_lazy = 0; @@ -71645,7 +72538,7 @@ index 2682295..0f2297e 100644 } /* -@@ -1831,7 +1831,7 @@ static void rcu_do_batch(struct rcu_state *rsp, struct rcu_data *rdp) +@@ -1838,7 +1838,7 @@ static void rcu_do_batch(struct rcu_state *rsp, struct rcu_data *rdp) } smp_mb(); /* List handling before counting for rcu_barrier(). */ rdp->qlen_lazy -= count_lazy; @@ -71654,7 +72547,7 @@ index 2682295..0f2297e 100644 rdp->n_cbs_invoked += count; /* Reinstate batch limit if we have worked down the excess. */ -@@ -2024,7 +2024,7 @@ __rcu_process_callbacks(struct rcu_state *rsp) +@@ -2031,7 +2031,7 @@ __rcu_process_callbacks(struct rcu_state *rsp) /* * Do RCU core processing for the current CPU. */ @@ -71663,7 +72556,7 @@ index 2682295..0f2297e 100644 { struct rcu_state *rsp; -@@ -2136,7 +2136,7 @@ __call_rcu(struct rcu_head *head, void (*func)(struct rcu_head *rcu), +@@ -2154,7 +2154,7 @@ __call_rcu(struct rcu_head *head, void (*func)(struct rcu_head *rcu), local_irq_restore(flags); return; } @@ -71672,60 +72565,98 @@ index 2682295..0f2297e 100644 if (lazy) rdp->qlen_lazy++; else -@@ -2250,8 +2250,8 @@ void synchronize_rcu_bh(void) - } - EXPORT_SYMBOL_GPL(synchronize_rcu_bh); - --static atomic_t sync_sched_expedited_started = ATOMIC_INIT(0); --static atomic_t sync_sched_expedited_done = ATOMIC_INIT(0); -+static atomic_unchecked_t sync_sched_expedited_started = ATOMIC_INIT(0); -+static atomic_unchecked_t sync_sched_expedited_done = ATOMIC_INIT(0); - - static int synchronize_sched_expedited_cpu_stop(void *data) - { -@@ -2312,7 +2312,7 @@ void synchronize_sched_expedited(void) - int firstsnap, s, snap, trycount = 0; +@@ -2363,11 +2363,11 @@ void synchronize_sched_expedited(void) + * counter wrap on a 32-bit system. Quite a few more CPUs would of + * course be required on a 64-bit system. + */ +- if (ULONG_CMP_GE((ulong)atomic_long_read(&rsp->expedited_start), ++ if (ULONG_CMP_GE((ulong)atomic_long_read_unchecked(&rsp->expedited_start), + (ulong)atomic_long_read(&rsp->expedited_done) + + ULONG_MAX / 8)) { + synchronize_sched(); +- atomic_long_inc(&rsp->expedited_wrap); ++ atomic_long_inc_unchecked(&rsp->expedited_wrap); + return; + } - /* Note that atomic_inc_return() implies full memory barrier. */ -- firstsnap = snap = atomic_inc_return(&sync_sched_expedited_started); -+ firstsnap = snap = atomic_inc_return_unchecked(&sync_sched_expedited_started); +@@ -2375,7 +2375,7 @@ void synchronize_sched_expedited(void) + * Take a ticket. Note that atomic_inc_return() implies a + * full memory barrier. + */ +- snap = atomic_long_inc_return(&rsp->expedited_start); ++ snap = atomic_long_inc_return_unchecked(&rsp->expedited_start); + firstsnap = snap; get_online_cpus(); WARN_ON_ONCE(cpu_is_offline(raw_smp_processor_id())); +@@ -2388,14 +2388,14 @@ void synchronize_sched_expedited(void) + synchronize_sched_expedited_cpu_stop, + NULL) == -EAGAIN) { + put_online_cpus(); +- atomic_long_inc(&rsp->expedited_tryfail); ++ atomic_long_inc_unchecked(&rsp->expedited_tryfail); -@@ -2334,7 +2334,7 @@ void synchronize_sched_expedited(void) + /* Check to see if someone else did our work for us. */ + s = atomic_long_read(&rsp->expedited_done); + if (ULONG_CMP_GE((ulong)s, (ulong)firstsnap)) { + /* ensure test happens before caller kfree */ + smp_mb__before_atomic_inc(); /* ^^^ */ +- atomic_long_inc(&rsp->expedited_workdone1); ++ atomic_long_inc_unchecked(&rsp->expedited_workdone1); + return; } - /* Check to see if someone else did our work for us. */ -- s = atomic_read(&sync_sched_expedited_done); -+ s = atomic_read_unchecked(&sync_sched_expedited_done); - if (UINT_CMP_GE((unsigned)s, (unsigned)firstsnap)) { - smp_mb(); /* ensure test happens before caller kfree */ +@@ -2404,7 +2404,7 @@ void synchronize_sched_expedited(void) + udelay(trycount * num_online_cpus()); + } else { + wait_rcu_gp(call_rcu_sched); +- atomic_long_inc(&rsp->expedited_normal); ++ atomic_long_inc_unchecked(&rsp->expedited_normal); + return; + } + +@@ -2413,7 +2413,7 @@ void synchronize_sched_expedited(void) + if (ULONG_CMP_GE((ulong)s, (ulong)firstsnap)) { + /* ensure test happens before caller kfree */ + smp_mb__before_atomic_inc(); /* ^^^ */ +- atomic_long_inc(&rsp->expedited_workdone2); ++ atomic_long_inc_unchecked(&rsp->expedited_workdone2); return; -@@ -2349,7 +2349,7 @@ void synchronize_sched_expedited(void) - * grace period works for us. + } + +@@ -2425,10 +2425,10 @@ void synchronize_sched_expedited(void) + * period works for us. */ get_online_cpus(); -- snap = atomic_read(&sync_sched_expedited_started); -+ snap = atomic_read_unchecked(&sync_sched_expedited_started); +- snap = atomic_long_read(&rsp->expedited_start); ++ snap = atomic_long_read_unchecked(&rsp->expedited_start); smp_mb(); /* ensure read is before try_stop_cpus(). */ } +- atomic_long_inc(&rsp->expedited_stoppedcpus); ++ atomic_long_inc_unchecked(&rsp->expedited_stoppedcpus); -@@ -2360,12 +2360,12 @@ void synchronize_sched_expedited(void) - * than we did beat us to the punch. + /* + * Everyone up to our most recent fetch is covered by our grace +@@ -2437,16 +2437,16 @@ void synchronize_sched_expedited(void) + * than we did already did their update. */ do { -- s = atomic_read(&sync_sched_expedited_done); -+ s = atomic_read_unchecked(&sync_sched_expedited_done); - if (UINT_CMP_GE((unsigned)s, (unsigned)snap)) { - smp_mb(); /* ensure test happens before caller kfree */ +- atomic_long_inc(&rsp->expedited_done_tries); ++ atomic_long_inc_unchecked(&rsp->expedited_done_tries); + s = atomic_long_read(&rsp->expedited_done); + if (ULONG_CMP_GE((ulong)s, (ulong)snap)) { + /* ensure test happens before caller kfree */ + smp_mb__before_atomic_inc(); /* ^^^ */ +- atomic_long_inc(&rsp->expedited_done_lost); ++ atomic_long_inc_unchecked(&rsp->expedited_done_lost); break; } -- } while (atomic_cmpxchg(&sync_sched_expedited_done, s, snap) != s); -+ } while (atomic_cmpxchg_unchecked(&sync_sched_expedited_done, s, snap) != s); + } while (atomic_long_cmpxchg(&rsp->expedited_done, s, snap) != s); +- atomic_long_inc(&rsp->expedited_done_exit); ++ atomic_long_inc_unchecked(&rsp->expedited_done_exit); put_online_cpus(); } -@@ -2539,7 +2539,7 @@ static void _rcu_barrier(struct rcu_state *rsp) +@@ -2620,7 +2620,7 @@ static void _rcu_barrier(struct rcu_state *rsp) * ACCESS_ONCE() to prevent the compiler from speculating * the increment to precede the early-exit check. */ @@ -71734,7 +72665,7 @@ index 2682295..0f2297e 100644 WARN_ON_ONCE((rsp->n_barrier_done & 0x1) != 1); _rcu_barrier_trace(rsp, "Inc1", -1, rsp->n_barrier_done); smp_mb(); /* Order ->n_barrier_done increment with below mechanism. */ -@@ -2581,7 +2581,7 @@ static void _rcu_barrier(struct rcu_state *rsp) +@@ -2670,7 +2670,7 @@ static void _rcu_barrier(struct rcu_state *rsp) /* Increment ->n_barrier_done to prevent duplicate work. */ smp_mb(); /* Keep increment after above mechanism. */ @@ -71743,7 +72674,7 @@ index 2682295..0f2297e 100644 WARN_ON_ONCE((rsp->n_barrier_done & 0x1) != 0); _rcu_barrier_trace(rsp, "Inc2", -1, rsp->n_barrier_done); smp_mb(); /* Keep increment before caller's subsequent code. */ -@@ -2626,10 +2626,10 @@ rcu_boot_init_percpu_data(int cpu, struct rcu_state *rsp) +@@ -2715,10 +2715,10 @@ rcu_boot_init_percpu_data(int cpu, struct rcu_state *rsp) rdp->grpmask = 1UL << (cpu - rdp->mynode->grplo); init_callback_list(rdp); rdp->qlen_lazy = 0; @@ -71756,7 +72687,7 @@ index 2682295..0f2297e 100644 #ifdef CONFIG_RCU_USER_QS WARN_ON_ONCE(rdp->dynticks->in_user); #endif -@@ -2664,8 +2664,8 @@ rcu_init_percpu_data(int cpu, struct rcu_state *rsp, int preemptible) +@@ -2754,8 +2754,8 @@ rcu_init_percpu_data(int cpu, struct rcu_state *rsp, int preemptible) rdp->blimit = blimit; init_callback_list(rdp); /* Re-enable callbacks on this CPU. */ rdp->dynticks->dynticks_nesting = DYNTICK_TASK_EXIT_IDLE; @@ -71768,7 +72699,7 @@ index 2682295..0f2297e 100644 raw_spin_unlock(&rnp->lock); /* irqs remain disabled. */ diff --git a/kernel/rcutree.h b/kernel/rcutree.h -index a240f03..d469618 100644 +index 4b69291..704c92e 100644 --- a/kernel/rcutree.h +++ b/kernel/rcutree.h @@ -86,7 +86,7 @@ struct rcu_dynticks { @@ -71780,11 +72711,40 @@ index a240f03..d469618 100644 #ifdef CONFIG_RCU_FAST_NO_HZ int dyntick_drain; /* Prepare-for-idle state variable. */ unsigned long dyntick_holdoff; +@@ -423,17 +423,17 @@ struct rcu_state { + /* _rcu_barrier(). */ + /* End of fields guarded by barrier_mutex. */ + +- atomic_long_t expedited_start; /* Starting ticket. */ +- atomic_long_t expedited_done; /* Done ticket. */ +- atomic_long_t expedited_wrap; /* # near-wrap incidents. */ +- atomic_long_t expedited_tryfail; /* # acquisition failures. */ +- atomic_long_t expedited_workdone1; /* # done by others #1. */ +- atomic_long_t expedited_workdone2; /* # done by others #2. */ +- atomic_long_t expedited_normal; /* # fallbacks to normal. */ +- atomic_long_t expedited_stoppedcpus; /* # successful stop_cpus. */ +- atomic_long_t expedited_done_tries; /* # tries to update _done. */ +- atomic_long_t expedited_done_lost; /* # times beaten to _done. */ +- atomic_long_t expedited_done_exit; /* # times exited _done loop. */ ++ atomic_long_unchecked_t expedited_start; /* Starting ticket. */ ++ atomic_long_t expedited_done; /* Done ticket. */ ++ atomic_long_unchecked_t expedited_wrap; /* # near-wrap incidents. */ ++ atomic_long_unchecked_t expedited_tryfail; /* # acquisition failures. */ ++ atomic_long_unchecked_t expedited_workdone1; /* # done by others #1. */ ++ atomic_long_unchecked_t expedited_workdone2; /* # done by others #2. */ ++ atomic_long_unchecked_t expedited_normal; /* # fallbacks to normal. */ ++ atomic_long_unchecked_t expedited_stoppedcpus; /* # successful stop_cpus. */ ++ atomic_long_unchecked_t expedited_done_tries; /* # tries to update _done. */ ++ atomic_long_unchecked_t expedited_done_lost; /* # times beaten to _done. */ ++ atomic_long_unchecked_t expedited_done_exit; /* # times exited _done loop. */ + + unsigned long jiffies_force_qs; /* Time at which to invoke */ + /* force_quiescent_state(). */ diff --git a/kernel/rcutree_plugin.h b/kernel/rcutree_plugin.h -index f921154..34c4873 100644 +index c1cc7e1..5043e0e 100644 --- a/kernel/rcutree_plugin.h +++ b/kernel/rcutree_plugin.h -@@ -865,7 +865,7 @@ void synchronize_rcu_expedited(void) +@@ -892,7 +892,7 @@ void synchronize_rcu_expedited(void) /* Clean up and exit. */ smp_mb(); /* ensure expedited GP seen before counter increment. */ @@ -71793,7 +72753,7 @@ index f921154..34c4873 100644 unlock_mb_ret: mutex_unlock(&sync_rcu_preempt_exp_mutex); mb_ret: -@@ -2040,7 +2040,7 @@ static void print_cpu_stall_info(struct rcu_state *rsp, int cpu) +@@ -2072,7 +2072,7 @@ static void print_cpu_stall_info(struct rcu_state *rsp, int cpu) print_cpu_stall_fast_no_hz(fast_no_hz, cpu); printk(KERN_ERR "\t%d: (%lu %s) idle=%03x/%llx/%d %s\n", cpu, ticks_value, ticks_title, @@ -71802,12 +72762,57 @@ index f921154..34c4873 100644 rdtp->dynticks_nesting, rdtp->dynticks_nmi_nesting, fast_no_hz); } +@@ -2192,7 +2192,7 @@ static void __call_rcu_nocb_enqueue(struct rcu_data *rdp, + + /* Enqueue the callback on the nocb list and update counts. */ + old_rhpp = xchg(&rdp->nocb_tail, rhtp); +- ACCESS_ONCE(*old_rhpp) = rhp; ++ ACCESS_ONCE_RW(*old_rhpp) = rhp; + atomic_long_add(rhcount, &rdp->nocb_q_count); + atomic_long_add(rhcount_lazy, &rdp->nocb_q_count_lazy); + +@@ -2384,12 +2384,12 @@ static int rcu_nocb_kthread(void *arg) + * Extract queued callbacks, update counts, and wait + * for a grace period to elapse. + */ +- ACCESS_ONCE(rdp->nocb_head) = NULL; ++ ACCESS_ONCE_RW(rdp->nocb_head) = NULL; + tail = xchg(&rdp->nocb_tail, &rdp->nocb_head); + c = atomic_long_xchg(&rdp->nocb_q_count, 0); + cl = atomic_long_xchg(&rdp->nocb_q_count_lazy, 0); +- ACCESS_ONCE(rdp->nocb_p_count) += c; +- ACCESS_ONCE(rdp->nocb_p_count_lazy) += cl; ++ ACCESS_ONCE_RW(rdp->nocb_p_count) += c; ++ ACCESS_ONCE_RW(rdp->nocb_p_count_lazy) += cl; + wait_rcu_gp(rdp->rsp->call_remote); + + /* Each pass through the following loop invokes a callback. */ +@@ -2411,8 +2411,8 @@ static int rcu_nocb_kthread(void *arg) + list = next; + } + trace_rcu_batch_end(rdp->rsp->name, c, !!list, 0, 0, 1); +- ACCESS_ONCE(rdp->nocb_p_count) -= c; +- ACCESS_ONCE(rdp->nocb_p_count_lazy) -= cl; ++ ACCESS_ONCE_RW(rdp->nocb_p_count) -= c; ++ ACCESS_ONCE_RW(rdp->nocb_p_count_lazy) -= cl; + rdp->n_nocbs_invoked += c; + } + return 0; +@@ -2438,7 +2438,7 @@ static void __init rcu_spawn_nocb_kthreads(struct rcu_state *rsp) + rdp = per_cpu_ptr(rsp->rda, cpu); + t = kthread_run(rcu_nocb_kthread, rdp, "rcuo%d", cpu); + BUG_ON(IS_ERR(t)); +- ACCESS_ONCE(rdp->nocb_kthread) = t; ++ ACCESS_ONCE_RW(rdp->nocb_kthread) = t; + } + } + diff --git a/kernel/rcutree_trace.c b/kernel/rcutree_trace.c -index 693513b..b9f1d63 100644 +index 0d095dc..1985b19 100644 --- a/kernel/rcutree_trace.c +++ b/kernel/rcutree_trace.c -@@ -92,7 +92,7 @@ static void print_one_rcu_data(struct seq_file *m, struct rcu_data *rdp) - rdp->completed, rdp->gpnum, +@@ -123,7 +123,7 @@ static void print_one_rcu_data(struct seq_file *m, struct rcu_data *rdp) + ulong2long(rdp->completed), ulong2long(rdp->gpnum), rdp->passed_quiesce, rdp->qs_pending); seq_printf(m, " dt=%d/%llx/%d df=%lu", - atomic_read(&rdp->dynticks->dynticks), @@ -71815,15 +72820,34 @@ index 693513b..b9f1d63 100644 rdp->dynticks->dynticks_nesting, rdp->dynticks->dynticks_nmi_nesting, rdp->dynticks_fqs); -@@ -154,7 +154,7 @@ static void print_one_rcu_data_csv(struct seq_file *m, struct rcu_data *rdp) - rdp->completed, rdp->gpnum, - rdp->passed_quiesce, rdp->qs_pending); - seq_printf(m, ",%d,%llx,%d,%lu", -- atomic_read(&rdp->dynticks->dynticks), -+ atomic_read_unchecked(&rdp->dynticks->dynticks), - rdp->dynticks->dynticks_nesting, - rdp->dynticks->dynticks_nmi_nesting, - rdp->dynticks_fqs); +@@ -184,17 +184,17 @@ static int show_rcuexp(struct seq_file *m, void *v) + struct rcu_state *rsp = (struct rcu_state *)m->private; + + seq_printf(m, "s=%lu d=%lu w=%lu tf=%lu wd1=%lu wd2=%lu n=%lu sc=%lu dt=%lu dl=%lu dx=%lu\n", +- atomic_long_read(&rsp->expedited_start), ++ atomic_long_read_unchecked(&rsp->expedited_start), + atomic_long_read(&rsp->expedited_done), +- atomic_long_read(&rsp->expedited_wrap), +- atomic_long_read(&rsp->expedited_tryfail), +- atomic_long_read(&rsp->expedited_workdone1), +- atomic_long_read(&rsp->expedited_workdone2), +- atomic_long_read(&rsp->expedited_normal), +- atomic_long_read(&rsp->expedited_stoppedcpus), +- atomic_long_read(&rsp->expedited_done_tries), +- atomic_long_read(&rsp->expedited_done_lost), +- atomic_long_read(&rsp->expedited_done_exit)); ++ atomic_long_read_unchecked(&rsp->expedited_wrap), ++ atomic_long_read_unchecked(&rsp->expedited_tryfail), ++ atomic_long_read_unchecked(&rsp->expedited_workdone1), ++ atomic_long_read_unchecked(&rsp->expedited_workdone2), ++ atomic_long_read_unchecked(&rsp->expedited_normal), ++ atomic_long_read_unchecked(&rsp->expedited_stoppedcpus), ++ atomic_long_read_unchecked(&rsp->expedited_done_tries), ++ atomic_long_read_unchecked(&rsp->expedited_done_lost), ++ atomic_long_read_unchecked(&rsp->expedited_done_exit)); + return 0; + } + diff --git a/kernel/resource.c b/kernel/resource.c index 73f35d4..4684fc4 100644 --- a/kernel/resource.c @@ -71942,7 +72966,7 @@ index 98ec494..4241d6d 100644 default: diff --git a/kernel/sched/auto_group.c b/kernel/sched/auto_group.c -index 15f60d0..7e50319 100644 +index 0984a21..939f183 100644 --- a/kernel/sched/auto_group.c +++ b/kernel/sched/auto_group.c @@ -11,7 +11,7 @@ @@ -71964,10 +72988,10 @@ index 15f60d0..7e50319 100644 #ifdef CONFIG_RT_GROUP_SCHED /* diff --git a/kernel/sched/core.c b/kernel/sched/core.c -index c529d00..d00b4f3 100644 +index 26058d0..06f15dd 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c -@@ -3563,6 +3563,8 @@ int can_nice(const struct task_struct *p, const int nice) +@@ -3631,6 +3631,8 @@ int can_nice(const struct task_struct *p, const int nice) /* convert nice value [19,-20] to rlimit style value [1,40] */ int nice_rlim = 20 - nice; @@ -71976,7 +73000,7 @@ index c529d00..d00b4f3 100644 return (nice_rlim <= task_rlimit(p, RLIMIT_NICE) || capable(CAP_SYS_NICE)); } -@@ -3596,7 +3598,8 @@ SYSCALL_DEFINE1(nice, int, increment) +@@ -3664,7 +3666,8 @@ SYSCALL_DEFINE1(nice, int, increment) if (nice > 19) nice = 19; @@ -71986,7 +73010,7 @@ index c529d00..d00b4f3 100644 return -EPERM; retval = security_task_setnice(current, nice); -@@ -3750,6 +3753,7 @@ recheck: +@@ -3818,6 +3821,7 @@ recheck: unsigned long rlim_rtprio = task_rlimit(p, RLIMIT_RTPRIO); @@ -71994,11 +73018,29 @@ index c529d00..d00b4f3 100644 /* can't set/change the rt policy */ if (policy != p->policy && !rlim_rtprio) return -EPERM; +@@ -5162,7 +5166,7 @@ migration_call(struct notifier_block *nfb, unsigned long action, void *hcpu) + * happens before everything else. This has to be lower priority than + * the notifier in the perf_event subsystem, though. + */ +-static struct notifier_block __cpuinitdata migration_notifier = { ++static struct notifier_block migration_notifier = { + .notifier_call = migration_call, + .priority = CPU_PRI_MIGRATION, + }; diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c -index 6b800a1..0c36227 100644 +index 81fa536..80fa821 100644 --- a/kernel/sched/fair.c +++ b/kernel/sched/fair.c -@@ -4890,7 +4890,7 @@ static void nohz_idle_balance(int this_cpu, enum cpu_idle_type idle) { } +@@ -830,7 +830,7 @@ void task_numa_fault(int node, int pages, bool migrated) + + static void reset_ptenuma_scan(struct task_struct *p) + { +- ACCESS_ONCE(p->mm->numa_scan_seq)++; ++ ACCESS_ONCE_RW(p->mm->numa_scan_seq)++; + p->mm->numa_scan_offset = 0; + } + +@@ -5663,7 +5663,7 @@ static void nohz_idle_balance(int this_cpu, enum cpu_idle_type idle) { } * run_rebalance_domains is triggered when needed from the scheduler tick. * Also triggered for nohz idle balancing (with nohz_balancing_kick set). */ @@ -72008,10 +73050,10 @@ index 6b800a1..0c36227 100644 int this_cpu = smp_processor_id(); struct rq *this_rq = cpu_rq(this_cpu); diff --git a/kernel/signal.c b/kernel/signal.c -index 57dde52..2c561f0 100644 +index 3d09cf6..a67d2c6 100644 --- a/kernel/signal.c +++ b/kernel/signal.c -@@ -49,12 +49,12 @@ static struct kmem_cache *sigqueue_cachep; +@@ -50,12 +50,12 @@ static struct kmem_cache *sigqueue_cachep; int print_fatal_signals __read_mostly; @@ -72026,7 +73068,7 @@ index 57dde52..2c561f0 100644 { /* Is it explicitly or implicitly ignored? */ return handler == SIG_IGN || -@@ -63,7 +63,7 @@ static int sig_handler_ignored(void __user *handler, int sig) +@@ -64,7 +64,7 @@ static int sig_handler_ignored(void __user *handler, int sig) static int sig_task_ignored(struct task_struct *t, int sig, bool force) { @@ -72035,7 +73077,7 @@ index 57dde52..2c561f0 100644 handler = sig_handler(t, sig); -@@ -367,6 +367,9 @@ __sigqueue_alloc(int sig, struct task_struct *t, gfp_t flags, int override_rlimi +@@ -368,6 +368,9 @@ __sigqueue_alloc(int sig, struct task_struct *t, gfp_t flags, int override_rlimi atomic_inc(&user->sigpending); rcu_read_unlock(); @@ -72045,7 +73087,7 @@ index 57dde52..2c561f0 100644 if (override_rlimit || atomic_read(&user->sigpending) <= task_rlimit(t, RLIMIT_SIGPENDING)) { -@@ -491,7 +494,7 @@ flush_signal_handlers(struct task_struct *t, int force_default) +@@ -492,7 +495,7 @@ flush_signal_handlers(struct task_struct *t, int force_default) int unhandled_signal(struct task_struct *tsk, int sig) { @@ -72054,7 +73096,7 @@ index 57dde52..2c561f0 100644 if (is_global_init(tsk)) return 1; if (handler != SIG_IGN && handler != SIG_DFL) -@@ -811,6 +814,13 @@ static int check_kill_permission(int sig, struct siginfo *info, +@@ -812,6 +815,13 @@ static int check_kill_permission(int sig, struct siginfo *info, } } @@ -72068,7 +73110,7 @@ index 57dde52..2c561f0 100644 return security_task_kill(t, info, sig, 0); } -@@ -1192,7 +1202,7 @@ __group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p) +@@ -1194,7 +1204,7 @@ __group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p) return send_signal(sig, info, p, 1); } @@ -72077,7 +73119,7 @@ index 57dde52..2c561f0 100644 specific_send_sig_info(int sig, struct siginfo *info, struct task_struct *t) { return send_signal(sig, info, t, 0); -@@ -1229,6 +1239,7 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t) +@@ -1231,6 +1241,7 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t) unsigned long int flags; int ret, blocked, ignored; struct k_sigaction *action; @@ -72085,7 +73127,7 @@ index 57dde52..2c561f0 100644 spin_lock_irqsave(&t->sighand->siglock, flags); action = &t->sighand->action[sig-1]; -@@ -1243,9 +1254,18 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t) +@@ -1245,9 +1256,18 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t) } if (action->sa.sa_handler == SIG_DFL) t->signal->flags &= ~SIGNAL_UNKILLABLE; @@ -72104,7 +73146,7 @@ index 57dde52..2c561f0 100644 return ret; } -@@ -1312,8 +1332,11 @@ int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p) +@@ -1314,8 +1334,11 @@ int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p) ret = check_kill_permission(sig, info, p); rcu_read_unlock(); @@ -72117,7 +73159,7 @@ index 57dde52..2c561f0 100644 return ret; } -@@ -2863,7 +2886,15 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info) +@@ -2852,7 +2875,15 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info) int error = -ESRCH; rcu_read_lock(); @@ -72134,8 +73176,32 @@ index 57dde52..2c561f0 100644 if (p && (tgid <= 0 || task_tgid_vnr(p) == tgid)) { error = check_kill_permission(sig, info, p); /* +@@ -3135,8 +3166,8 @@ COMPAT_SYSCALL_DEFINE2(sigaltstack, + } + seg = get_fs(); + set_fs(KERNEL_DS); +- ret = do_sigaltstack((stack_t __force __user *) (uss_ptr ? &uss : NULL), +- (stack_t __force __user *) &uoss, ++ ret = do_sigaltstack((stack_t __force_user *) (uss_ptr ? &uss : NULL), ++ (stack_t __force_user *) &uoss, + compat_user_stack_pointer()); + set_fs(seg); + if (ret >= 0 && uoss_ptr) { +diff --git a/kernel/smp.c b/kernel/smp.c +index 69f38bd..77bbf12 100644 +--- a/kernel/smp.c ++++ b/kernel/smp.c +@@ -77,7 +77,7 @@ hotplug_cfd(struct notifier_block *nfb, unsigned long action, void *hcpu) + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata hotplug_cfd_notifier = { ++static struct notifier_block hotplug_cfd_notifier = { + .notifier_call = hotplug_cfd, + }; + diff --git a/kernel/softirq.c b/kernel/softirq.c -index cc96bdc..6a96894 100644 +index ed567ba..dc61b61 100644 --- a/kernel/softirq.c +++ b/kernel/softirq.c @@ -53,11 +53,11 @@ irq_cpustat_t irq_stat[NR_CPUS] ____cacheline_aligned; @@ -72188,11 +73254,29 @@ index cc96bdc..6a96894 100644 { struct tasklet_struct *list; +@@ -718,7 +718,7 @@ static int __cpuinit remote_softirq_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata remote_softirq_cpu_notifier = { ++static struct notifier_block remote_softirq_cpu_notifier = { + .notifier_call = remote_softirq_cpu_notify, + }; + +@@ -835,7 +835,7 @@ static int __cpuinit cpu_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata cpu_nfb = { ++static struct notifier_block cpu_nfb = { + .notifier_call = cpu_callback + }; + diff --git a/kernel/srcu.c b/kernel/srcu.c -index 97c465e..d83f3bb 100644 +index 2b85982..d52ab26 100644 --- a/kernel/srcu.c +++ b/kernel/srcu.c -@@ -302,9 +302,9 @@ int __srcu_read_lock(struct srcu_struct *sp) +@@ -305,9 +305,9 @@ int __srcu_read_lock(struct srcu_struct *sp) preempt_disable(); idx = rcu_dereference_index_check(sp->completed, rcu_read_lock_sched_held()) & 0x1; @@ -72204,7 +73288,7 @@ index 97c465e..d83f3bb 100644 preempt_enable(); return idx; } -@@ -320,7 +320,7 @@ void __srcu_read_unlock(struct srcu_struct *sp, int idx) +@@ -323,7 +323,7 @@ void __srcu_read_unlock(struct srcu_struct *sp, int idx) { preempt_disable(); smp_mb(); /* C */ /* Avoid leaking the critical section. */ @@ -72213,8 +73297,21 @@ index 97c465e..d83f3bb 100644 preempt_enable(); } EXPORT_SYMBOL_GPL(__srcu_read_unlock); +diff --git a/kernel/stop_machine.c b/kernel/stop_machine.c +index 2f194e9..2c05ea9 100644 +--- a/kernel/stop_machine.c ++++ b/kernel/stop_machine.c +@@ -362,7 +362,7 @@ static int __cpuinit cpu_stop_cpu_callback(struct notifier_block *nfb, + * cpu notifiers. It currently shares the same priority as sched + * migration_notifier. + */ +-static struct notifier_block __cpuinitdata cpu_stop_cpu_notifier = { ++static struct notifier_block cpu_stop_cpu_notifier = { + .notifier_call = cpu_stop_cpu_callback, + .priority = 10, + }; diff --git a/kernel/sys.c b/kernel/sys.c -index e6e0ece..1f2e413 100644 +index 265b376..b0cd50d 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -157,6 +157,12 @@ static int set_one_prio(struct task_struct *p, int niceval, int error) @@ -72373,7 +73470,7 @@ index e6e0ece..1f2e413 100644 break; } diff --git a/kernel/sysctl.c b/kernel/sysctl.c -index 26f65ea..df8e5ad 100644 +index c88878d..99d321b 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -92,7 +92,6 @@ @@ -72425,7 +73522,7 @@ index 26f65ea..df8e5ad 100644 /* The default sysctl tables: */ static struct ctl_table sysctl_base_table[] = { -@@ -266,6 +279,22 @@ static int max_extfrag_threshold = 1000; +@@ -268,6 +281,22 @@ static int max_extfrag_threshold = 1000; #endif static struct ctl_table kern_table[] = { @@ -72448,7 +73545,7 @@ index 26f65ea..df8e5ad 100644 { .procname = "sched_child_runs_first", .data = &sysctl_sched_child_runs_first, -@@ -552,7 +581,7 @@ static struct ctl_table kern_table[] = { +@@ -593,7 +622,7 @@ static struct ctl_table kern_table[] = { .data = &modprobe_path, .maxlen = KMOD_PATH_LEN, .mode = 0644, @@ -72457,7 +73554,7 @@ index 26f65ea..df8e5ad 100644 }, { .procname = "modules_disabled", -@@ -719,16 +748,20 @@ static struct ctl_table kern_table[] = { +@@ -760,16 +789,20 @@ static struct ctl_table kern_table[] = { .extra1 = &zero, .extra2 = &one, }, @@ -72479,7 +73576,7 @@ index 26f65ea..df8e5ad 100644 { .procname = "ngroups_max", .data = &ngroups_max, -@@ -1225,6 +1258,13 @@ static struct ctl_table vm_table[] = { +@@ -1266,6 +1299,13 @@ static struct ctl_table vm_table[] = { .proc_handler = proc_dointvec_minmax, .extra1 = &zero, }, @@ -72493,7 +73590,7 @@ index 26f65ea..df8e5ad 100644 #else { .procname = "nr_trim_pages", -@@ -1675,6 +1715,16 @@ int proc_dostring(struct ctl_table *table, int write, +@@ -1716,6 +1756,16 @@ int proc_dostring(struct ctl_table *table, int write, buffer, lenp, ppos); } @@ -72510,7 +73607,7 @@ index 26f65ea..df8e5ad 100644 static size_t proc_skip_spaces(char **buf) { size_t ret; -@@ -1780,6 +1830,8 @@ static int proc_put_long(void __user **buf, size_t *size, unsigned long val, +@@ -1821,6 +1871,8 @@ static int proc_put_long(void __user **buf, size_t *size, unsigned long val, len = strlen(tmp); if (len > *size) len = *size; @@ -72519,7 +73616,7 @@ index 26f65ea..df8e5ad 100644 if (copy_to_user(*buf, tmp, len)) return -EFAULT; *size -= len; -@@ -1972,7 +2024,6 @@ static int proc_taint(struct ctl_table *table, int write, +@@ -2013,7 +2065,6 @@ static int proc_taint(struct ctl_table *table, int write, return err; } @@ -72527,7 +73624,7 @@ index 26f65ea..df8e5ad 100644 static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { -@@ -1981,7 +2032,6 @@ static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, +@@ -2022,7 +2073,6 @@ static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, return proc_dointvec_minmax(table, write, buffer, lenp, ppos); } @@ -72535,7 +73632,7 @@ index 26f65ea..df8e5ad 100644 struct do_proc_dointvec_minmax_conv_param { int *min; -@@ -2128,8 +2178,11 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int +@@ -2169,8 +2219,11 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int *i = val; } else { val = convdiv * (*i) / convmul; @@ -72548,7 +73645,7 @@ index 26f65ea..df8e5ad 100644 err = proc_put_long(&buffer, &left, val, false); if (err) break; -@@ -2521,6 +2574,12 @@ int proc_dostring(struct ctl_table *table, int write, +@@ -2562,6 +2615,12 @@ int proc_dostring(struct ctl_table *table, int write, return -ENOSYS; } @@ -72561,7 +73658,7 @@ index 26f65ea..df8e5ad 100644 int proc_dointvec(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { -@@ -2577,5 +2636,6 @@ EXPORT_SYMBOL(proc_dointvec_minmax); +@@ -2618,5 +2677,6 @@ EXPORT_SYMBOL(proc_dointvec_minmax); EXPORT_SYMBOL(proc_dointvec_userhz_jiffies); EXPORT_SYMBOL(proc_dointvec_ms_jiffies); EXPORT_SYMBOL(proc_dostring); @@ -72569,7 +73666,7 @@ index 26f65ea..df8e5ad 100644 EXPORT_SYMBOL(proc_doulongvec_minmax); EXPORT_SYMBOL(proc_doulongvec_ms_jiffies_minmax); diff --git a/kernel/sysctl_binary.c b/kernel/sysctl_binary.c -index 65bdcf1..21eb831 100644 +index 5a63844..25dfc5c 100644 --- a/kernel/sysctl_binary.c +++ b/kernel/sysctl_binary.c @@ -989,7 +989,7 @@ static ssize_t bin_intvec(struct file *file, @@ -72705,7 +73802,7 @@ index f113755..ec24223 100644 cpumask_clear_cpu(cpu, tick_get_broadcast_mask()); tick_broadcast_clear_oneshot(cpu); diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c -index e424970..4c7962b 100644 +index cbc6acb..3a77191 100644 --- a/kernel/time/timekeeping.c +++ b/kernel/time/timekeeping.c @@ -15,6 +15,7 @@ @@ -72716,7 +73813,7 @@ index e424970..4c7962b 100644 #include <linux/syscore_ops.h> #include <linux/clocksource.h> #include <linux/jiffies.h> -@@ -368,6 +369,8 @@ int do_settimeofday(const struct timespec *tv) +@@ -412,6 +413,8 @@ int do_settimeofday(const struct timespec *tv) if (!timespec_valid_strict(tv)) return -EINVAL; @@ -72844,7 +73941,7 @@ index 0b537f2..40d6c20 100644 return -ENOMEM; return 0; diff --git a/kernel/timer.c b/kernel/timer.c -index 367d008..46857a0 100644 +index 367d008..1ee9ed9 100644 --- a/kernel/timer.c +++ b/kernel/timer.c @@ -1363,7 +1363,7 @@ void update_process_times(int user_tick) @@ -72861,7 +73958,7 @@ index 367d008..46857a0 100644 } -static struct notifier_block __cpuinitdata timers_nb = { -+static struct notifier_block __cpuinitconst timers_nb = { ++static struct notifier_block timers_nb = { .notifier_call = timer_cpu_notify, }; @@ -72897,7 +73994,7 @@ index c0bd030..62a1927 100644 ret = -EIO; bt->dropped_file = debugfs_create_file("dropped", 0444, dir, bt, diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c -index 356bc2f..7c94fc0 100644 +index 41473b4..325fcfc 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c @@ -1874,12 +1874,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec) @@ -72969,7 +74066,7 @@ index 356bc2f..7c94fc0 100644 ftrace_graph_active++; diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c -index 4cb5e51..e7e05d9 100644 +index ce8514f..8233573 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -346,9 +346,9 @@ struct buffer_data_page { @@ -72984,18 +74081,18 @@ index 4cb5e51..e7e05d9 100644 unsigned long real_end; /* real end of data */ struct buffer_data_page *page; /* Actual data page */ }; -@@ -460,8 +460,8 @@ struct ring_buffer_per_cpu { - unsigned long lost_events; +@@ -461,8 +461,8 @@ struct ring_buffer_per_cpu { unsigned long last_overrun; local_t entries_bytes; -- local_t commit_overrun; + local_t entries; - local_t overrun; -+ local_unchecked_t commit_overrun; +- local_t commit_overrun; + local_unchecked_t overrun; - local_t entries; ++ local_unchecked_t commit_overrun; + local_t dropped_events; local_t committing; local_t commits; -@@ -860,8 +860,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, +@@ -861,8 +861,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, * * We add a counter to the write field to denote this. */ @@ -73006,7 +74103,7 @@ index 4cb5e51..e7e05d9 100644 /* * Just make sure we have seen our old_write and synchronize -@@ -889,8 +889,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, +@@ -890,8 +890,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, * cmpxchg to only update if an interrupt did not already * do it for us. If the cmpxchg fails, we don't care. */ @@ -73017,7 +74114,7 @@ index 4cb5e51..e7e05d9 100644 /* * No need to worry about races with clearing out the commit. -@@ -1249,12 +1249,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer); +@@ -1250,12 +1250,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer); static inline unsigned long rb_page_entries(struct buffer_page *bpage) { @@ -73032,7 +74129,7 @@ index 4cb5e51..e7e05d9 100644 } static int -@@ -1349,7 +1349,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned int nr_pages) +@@ -1350,7 +1350,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned int nr_pages) * bytes consumed in ring buffer from here. * Increment overrun to account for the lost events. */ @@ -73041,7 +74138,7 @@ index 4cb5e51..e7e05d9 100644 local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes); } -@@ -1905,7 +1905,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer, +@@ -1906,7 +1906,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer, * it is our responsibility to update * the counters. */ @@ -73050,7 +74147,7 @@ index 4cb5e51..e7e05d9 100644 local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes); /* -@@ -2055,7 +2055,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2056,7 +2056,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, if (tail == BUF_PAGE_SIZE) tail_page->real_end = 0; @@ -73059,7 +74156,7 @@ index 4cb5e51..e7e05d9 100644 return; } -@@ -2090,7 +2090,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2091,7 +2091,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, rb_event_set_padding(event); /* Set the write back to the previous setting */ @@ -73068,7 +74165,7 @@ index 4cb5e51..e7e05d9 100644 return; } -@@ -2102,7 +2102,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2103,7 +2103,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, /* Set write to end of buffer */ length = (tail + length) - BUF_PAGE_SIZE; @@ -73077,7 +74174,7 @@ index 4cb5e51..e7e05d9 100644 } /* -@@ -2128,7 +2128,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2129,7 +2129,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, * about it. */ if (unlikely(next_page == commit_page)) { @@ -73086,7 +74183,7 @@ index 4cb5e51..e7e05d9 100644 goto out_reset; } -@@ -2182,7 +2182,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2185,7 +2185,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, cpu_buffer->tail_page) && (cpu_buffer->commit_page == cpu_buffer->reader_page))) { @@ -73095,7 +74192,7 @@ index 4cb5e51..e7e05d9 100644 goto out_reset; } } -@@ -2230,7 +2230,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2233,7 +2233,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, length += RB_LEN_TIME_EXTEND; tail_page = cpu_buffer->tail_page; @@ -73104,7 +74201,7 @@ index 4cb5e51..e7e05d9 100644 /* set write to only the index of the write */ write &= RB_WRITE_MASK; -@@ -2247,7 +2247,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2250,7 +2250,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, kmemcheck_annotate_bitfield(event, bitfield); rb_update_event(cpu_buffer, event, length, add_timestamp, delta); @@ -73113,7 +74210,7 @@ index 4cb5e51..e7e05d9 100644 /* * If this is the first commit on the page, then update -@@ -2280,7 +2280,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2283,7 +2283,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, if (bpage->page == (void *)addr && rb_page_write(bpage) == old_index) { unsigned long write_mask = @@ -73122,7 +74219,7 @@ index 4cb5e51..e7e05d9 100644 unsigned long event_length = rb_event_length(event); /* * This is on the tail page. It is possible that -@@ -2290,7 +2290,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2293,7 +2293,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, */ old_index += write_mask; new_index += write_mask; @@ -73131,7 +74228,7 @@ index 4cb5e51..e7e05d9 100644 if (index == old_index) { /* update counters */ local_sub(event_length, &cpu_buffer->entries_bytes); -@@ -2629,7 +2629,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2632,7 +2632,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, /* Do the likely case first */ if (likely(bpage->page == (void *)addr)) { @@ -73140,7 +74237,7 @@ index 4cb5e51..e7e05d9 100644 return; } -@@ -2641,7 +2641,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2644,7 +2644,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, start = bpage; do { if (bpage->page == (void *)addr) { @@ -73149,7 +74246,7 @@ index 4cb5e51..e7e05d9 100644 return; } rb_inc_page(cpu_buffer, &bpage); -@@ -2923,7 +2923,7 @@ static inline unsigned long +@@ -2926,7 +2926,7 @@ static inline unsigned long rb_num_of_entries(struct ring_buffer_per_cpu *cpu_buffer) { return local_read(&cpu_buffer->entries) - @@ -73158,7 +74255,7 @@ index 4cb5e51..e7e05d9 100644 } /** -@@ -3011,7 +3011,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu) +@@ -3015,7 +3015,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu) return 0; cpu_buffer = buffer->buffers[cpu]; @@ -73167,7 +74264,7 @@ index 4cb5e51..e7e05d9 100644 return ret; } -@@ -3032,7 +3032,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu) +@@ -3038,7 +3038,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu) return 0; cpu_buffer = buffer->buffers[cpu]; @@ -73176,7 +74273,7 @@ index 4cb5e51..e7e05d9 100644 return ret; } -@@ -3077,7 +3077,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer) +@@ -3105,7 +3105,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer) /* if you care about this being correct, lock the buffer */ for_each_buffer_cpu(buffer, cpu) { cpu_buffer = buffer->buffers[cpu]; @@ -73185,7 +74282,7 @@ index 4cb5e51..e7e05d9 100644 } return overruns; -@@ -3253,8 +3253,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) +@@ -3281,8 +3281,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) /* * Reset the reader page to size zero. */ @@ -73196,7 +74293,7 @@ index 4cb5e51..e7e05d9 100644 local_set(&cpu_buffer->reader_page->page->commit, 0); cpu_buffer->reader_page->real_end = 0; -@@ -3288,7 +3288,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) +@@ -3316,7 +3316,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) * want to compare with the last_overrun. */ smp_mb(); @@ -73205,7 +74302,7 @@ index 4cb5e51..e7e05d9 100644 /* * Here's the tricky part. -@@ -3858,8 +3858,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) +@@ -3886,8 +3886,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) cpu_buffer->head_page = list_entry(cpu_buffer->pages, struct buffer_page, list); @@ -73216,7 +74313,7 @@ index 4cb5e51..e7e05d9 100644 local_set(&cpu_buffer->head_page->page->commit, 0); cpu_buffer->head_page->read = 0; -@@ -3869,14 +3869,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) +@@ -3897,14 +3897,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) INIT_LIST_HEAD(&cpu_buffer->reader_page->list); INIT_LIST_HEAD(&cpu_buffer->new_pages); @@ -73227,15 +74324,15 @@ index 4cb5e51..e7e05d9 100644 local_set(&cpu_buffer->reader_page->page->commit, 0); cpu_buffer->reader_page->read = 0; -- local_set(&cpu_buffer->commit_overrun, 0); -+ local_set_unchecked(&cpu_buffer->commit_overrun, 0); local_set(&cpu_buffer->entries_bytes, 0); - local_set(&cpu_buffer->overrun, 0); +- local_set(&cpu_buffer->commit_overrun, 0); + local_set_unchecked(&cpu_buffer->overrun, 0); ++ local_set_unchecked(&cpu_buffer->commit_overrun, 0); + local_set(&cpu_buffer->dropped_events, 0); local_set(&cpu_buffer->entries, 0); local_set(&cpu_buffer->committing, 0); - local_set(&cpu_buffer->commits, 0); -@@ -4279,8 +4279,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer, +@@ -4308,8 +4308,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer, rb_init_page(bpage); bpage = reader->page; reader->page = *data_page; @@ -73247,10 +74344,10 @@ index 4cb5e51..e7e05d9 100644 *data_page = bpage; diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c -index 31e4f55..62da00f 100644 +index 3c13e46..883d039 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c -@@ -4436,10 +4436,9 @@ static const struct file_operations tracing_dyn_info_fops = { +@@ -4465,10 +4465,9 @@ static const struct file_operations tracing_dyn_info_fops = { }; #endif @@ -73262,7 +74359,7 @@ index 31e4f55..62da00f 100644 static int once; if (d_tracer) -@@ -4459,10 +4458,9 @@ struct dentry *tracing_init_dentry(void) +@@ -4488,10 +4487,9 @@ struct dentry *tracing_init_dentry(void) return d_tracer; } @@ -73275,10 +74372,10 @@ index 31e4f55..62da00f 100644 struct dentry *d_tracer; diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c -index d608d09..bd3801f 100644 +index 880073d..42db7c3 100644 --- a/kernel/trace/trace_events.c +++ b/kernel/trace/trace_events.c -@@ -1320,10 +1320,6 @@ static LIST_HEAD(ftrace_module_file_list); +@@ -1330,10 +1330,6 @@ static LIST_HEAD(ftrace_module_file_list); struct ftrace_module_file_ops { struct list_head list; struct module *mod; @@ -73289,7 +74386,7 @@ index d608d09..bd3801f 100644 }; static struct ftrace_module_file_ops * -@@ -1344,17 +1340,12 @@ trace_create_file_ops(struct module *mod) +@@ -1354,17 +1350,12 @@ trace_create_file_ops(struct module *mod) file_ops->mod = mod; @@ -73313,7 +74410,7 @@ index d608d09..bd3801f 100644 list_add(&file_ops->list, &ftrace_module_file_list); -@@ -1378,8 +1369,8 @@ static void trace_module_add_events(struct module *mod) +@@ -1388,8 +1379,8 @@ static void trace_module_add_events(struct module *mod) for_each_event(call, start, end) { __trace_add_event_call(*call, mod, @@ -73365,7 +74462,7 @@ index fd3c8aa..5f324a6 100644 } entry = ring_buffer_event_data(event); diff --git a/kernel/trace/trace_output.c b/kernel/trace/trace_output.c -index 123b189..1e9e2a6 100644 +index 194d796..76edb8f 100644 --- a/kernel/trace/trace_output.c +++ b/kernel/trace/trace_output.c @@ -278,7 +278,7 @@ int trace_seq_path(struct trace_seq *s, const struct path *path) @@ -73377,7 +74474,7 @@ index 123b189..1e9e2a6 100644 if (p) { s->len = p - s->buffer; return 1; -@@ -824,14 +824,16 @@ int register_ftrace_event(struct trace_event *event) +@@ -852,14 +852,16 @@ int register_ftrace_event(struct trace_event *event) goto out; } @@ -73399,10 +74496,10 @@ index 123b189..1e9e2a6 100644 key = event->type & (EVENT_HASHSIZE - 1); diff --git a/kernel/trace/trace_stack.c b/kernel/trace/trace_stack.c -index 0c1b1657..95337e9 100644 +index 42ca822..cdcacc6 100644 --- a/kernel/trace/trace_stack.c +++ b/kernel/trace/trace_stack.c -@@ -53,7 +53,7 @@ static inline void check_stack(void) +@@ -52,7 +52,7 @@ static inline void check_stack(void) return; /* we do not handle interrupt stacks yet */ @@ -73412,7 +74509,7 @@ index 0c1b1657..95337e9 100644 local_irq_save(flags); diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug -index 28e9d6c9..50381bd 100644 +index 67604e5..3ebb003 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -1278,6 +1278,7 @@ config LATENCYTOP @@ -73442,10 +74539,10 @@ index 28e9d6c9..50381bd 100644 This option lets you use the FireWire bus for remote debugging with help of the firewire-ohci driver. It enables unfiltered diff --git a/lib/Makefile b/lib/Makefile -index a08b791..a3ff1eb 100644 +index 02ed6c0..bd243da 100644 --- a/lib/Makefile +++ b/lib/Makefile -@@ -46,7 +46,7 @@ obj-$(CONFIG_GENERIC_HWEIGHT) += hweight.o +@@ -47,7 +47,7 @@ obj-$(CONFIG_GENERIC_HWEIGHT) += hweight.o obj-$(CONFIG_BTREE) += btree.o obj-$(CONFIG_DEBUG_PREEMPT) += smp_processor_id.o @@ -73455,7 +74552,7 @@ index a08b791..a3ff1eb 100644 ifneq ($(CONFIG_HAVE_DEC_LOCK),y) diff --git a/lib/bitmap.c b/lib/bitmap.c -index 06fdfa1..97c5c7d 100644 +index 06f7e4f..f3cf2b0 100644 --- a/lib/bitmap.c +++ b/lib/bitmap.c @@ -422,7 +422,7 @@ int __bitmap_parse(const char *buf, unsigned int buflen, @@ -73543,10 +74640,10 @@ index 80b9c76..9e32279 100644 EXPORT_SYMBOL(devm_ioport_unmap); diff --git a/lib/dma-debug.c b/lib/dma-debug.c -index d84beb9..da44791 100644 +index 5e396ac..58d5de1 100644 --- a/lib/dma-debug.c +++ b/lib/dma-debug.c -@@ -754,7 +754,7 @@ static int dma_debug_device_change(struct notifier_block *nb, unsigned long acti +@@ -768,7 +768,7 @@ static int dma_debug_device_change(struct notifier_block *nb, unsigned long acti void dma_debug_add_bus(struct bus_type *bus) { @@ -73555,7 +74652,7 @@ index d84beb9..da44791 100644 if (global_disable) return; -@@ -919,7 +919,7 @@ out: +@@ -942,7 +942,7 @@ out: static void check_for_stack(struct device *dev, void *addr) { @@ -73795,7 +74892,7 @@ index a28df52..3d55877 100644 unsigned long c; diff --git a/lib/vsprintf.c b/lib/vsprintf.c -index 39c99fe..18f060b 100644 +index fab33a9..3b5fe68 100644 --- a/lib/vsprintf.c +++ b/lib/vsprintf.c @@ -16,6 +16,9 @@ @@ -73808,7 +74905,7 @@ index 39c99fe..18f060b 100644 #include <stdarg.h> #include <linux/module.h> /* for KSYM_SYMBOL_LEN */ #include <linux/types.h> -@@ -533,7 +536,7 @@ char *symbol_string(char *buf, char *end, void *ptr, +@@ -541,7 +544,7 @@ char *symbol_string(char *buf, char *end, void *ptr, char sym[KSYM_SYMBOL_LEN]; if (ext == 'B') sprint_backtrace(sym, value); @@ -73817,7 +74914,7 @@ index 39c99fe..18f060b 100644 sprint_symbol(sym, value); else sprint_symbol_no_offset(sym, value); -@@ -966,7 +969,11 @@ char *netdev_feature_string(char *buf, char *end, const u8 *addr, +@@ -974,7 +977,11 @@ char *netdev_feature_string(char *buf, char *end, const u8 *addr, return number(buf, end, *(const netdev_features_t *)addr, spec); } @@ -73829,7 +74926,7 @@ index 39c99fe..18f060b 100644 /* * Show a '%p' thing. A kernel extension is that the '%p' is followed -@@ -980,6 +987,8 @@ int kptr_restrict __read_mostly; +@@ -988,6 +995,8 @@ int kptr_restrict __read_mostly; * - 'S' For symbolic direct pointers with offset * - 's' For symbolic direct pointers without offset * - 'B' For backtraced symbolic direct pointers with offset @@ -73838,7 +74935,7 @@ index 39c99fe..18f060b 100644 * - 'R' For decoded struct resource, e.g., [mem 0x0-0x1f 64bit pref] * - 'r' For raw struct resource, e.g., [mem 0x0-0x1f flags 0x201] * - 'M' For a 6-byte MAC address, it prints the address in the -@@ -1035,12 +1044,12 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, +@@ -1043,12 +1052,12 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, if (!ptr && *fmt != 'K') { /* @@ -73853,7 +74950,7 @@ index 39c99fe..18f060b 100644 } switch (*fmt) { -@@ -1050,6 +1059,13 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, +@@ -1058,6 +1067,13 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, /* Fallthrough */ case 'S': case 's': @@ -73867,7 +74964,7 @@ index 39c99fe..18f060b 100644 case 'B': return symbol_string(buf, end, ptr, spec, *fmt); case 'R': -@@ -1090,6 +1106,8 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, +@@ -1098,6 +1114,8 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, va_end(va); return buf; } @@ -73876,7 +74973,7 @@ index 39c99fe..18f060b 100644 case 'K': /* * %pK cannot be used in IRQ context because its test -@@ -1113,6 +1131,21 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, +@@ -1121,6 +1139,21 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, } break; } @@ -73898,7 +74995,7 @@ index 39c99fe..18f060b 100644 spec.flags |= SMALL; if (spec.field_width == -1) { spec.field_width = default_width; -@@ -1831,11 +1864,11 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf) +@@ -1842,11 +1875,11 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf) typeof(type) value; \ if (sizeof(type) == 8) { \ args = PTR_ALIGN(args, sizeof(u32)); \ @@ -73913,7 +75010,7 @@ index 39c99fe..18f060b 100644 } \ args += sizeof(type); \ value; \ -@@ -1898,7 +1931,7 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf) +@@ -1909,7 +1942,7 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf) case FORMAT_TYPE_STR: { const char *str_arg = args; args += strlen(str_arg) + 1; @@ -73930,10 +75027,10 @@ index 0000000..7cd6065 @@ -0,0 +1 @@ +-grsec diff --git a/mm/Kconfig b/mm/Kconfig -index a3f8ddd..f31e92e 100644 +index 278e3ab..87c384d 100644 --- a/mm/Kconfig +++ b/mm/Kconfig -@@ -252,10 +252,10 @@ config KSM +@@ -286,10 +286,10 @@ config KSM root has set /sys/kernel/mm/ksm/run to 1 (if CONFIG_SYSFS is set). config DEFAULT_MMAP_MIN_ADDR @@ -73947,7 +75044,7 @@ index a3f8ddd..f31e92e 100644 This is the portion of low virtual memory which should be protected from userspace allocation. Keeping a user from writing to low pages can help reduce the impact of kernel NULL pointer bugs. -@@ -286,7 +286,7 @@ config MEMORY_FAILURE +@@ -320,7 +320,7 @@ config MEMORY_FAILURE config HWPOISON_INJECT tristate "HWPoison pages injector" @@ -73994,22 +75091,21 @@ index a0aaf0e..20325c3 100644 * Make sure the vma is shared, that it supports prefaulting, * and that the remapped range is valid and fully within diff --git a/mm/highmem.c b/mm/highmem.c -index 09fc744..3936897 100644 +index b32b70c..e512eb0 100644 --- a/mm/highmem.c +++ b/mm/highmem.c -@@ -138,9 +138,10 @@ static void flush_all_zero_pkmaps(void) +@@ -138,8 +138,9 @@ static void flush_all_zero_pkmaps(void) * So no dangers, even with speculative execution. */ page = pte_page(pkmap_page_table[i]); + pax_open_kernel(); - pte_clear(&init_mm, (unsigned long)page_address(page), - &pkmap_page_table[i]); + pte_clear(&init_mm, PKMAP_ADDR(i), &pkmap_page_table[i]); - + pax_close_kernel(); set_page_address(page, NULL); need_flush = 1; } -@@ -199,9 +200,11 @@ start: +@@ -198,9 +199,11 @@ start: } } vaddr = PKMAP_ADDR(last_pkmap_nr); @@ -74022,24 +75118,11 @@ index 09fc744..3936897 100644 pkmap_count[last_pkmap_nr] = 1; set_page_address(page, (void *)vaddr); -diff --git a/mm/huge_memory.c b/mm/huge_memory.c -index 40f17c3..c1cc011 100644 ---- a/mm/huge_memory.c -+++ b/mm/huge_memory.c -@@ -710,7 +710,7 @@ out: - * run pte_offset_map on the pmd, if an huge pmd could - * materialize from under us from a different thread. - */ -- if (unlikely(__pte_alloc(mm, vma, pmd, address))) -+ if (unlikely(pmd_none(*pmd) && __pte_alloc(mm, vma, pmd, address))) - return VM_FAULT_OOM; - /* if an huge pmd materialized from under us just retry later */ - if (unlikely(pmd_trans_huge(*pmd))) diff --git a/mm/hugetlb.c b/mm/hugetlb.c -index b969ed4..10e3e37 100644 +index 546db81..01d5c53 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c -@@ -2509,6 +2509,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2511,6 +2511,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, return 1; } @@ -74067,7 +75150,7 @@ index b969ed4..10e3e37 100644 /* * Hugetlb_cow() should be called with page lock of the original hugepage held. * Called with hugetlb_instantiation_mutex held and pte_page locked so we -@@ -2627,6 +2648,11 @@ retry_avoidcopy: +@@ -2629,6 +2650,11 @@ retry_avoidcopy: make_huge_pte(vma, new_page, 1)); page_remove_rmap(old_page); hugepage_add_new_anon_rmap(new_page, vma, address); @@ -74079,7 +75162,7 @@ index b969ed4..10e3e37 100644 /* Make the old page be freed below */ new_page = old_page; } -@@ -2786,6 +2812,10 @@ retry: +@@ -2788,6 +2814,10 @@ retry: && (vma->vm_flags & VM_SHARED))); set_huge_pte_at(mm, address, ptep, new_pte); @@ -74090,7 +75173,7 @@ index b969ed4..10e3e37 100644 if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) { /* Optimization, do the COW without a second fault */ ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page); -@@ -2815,6 +2845,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2817,6 +2847,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, static DEFINE_MUTEX(hugetlb_instantiation_mutex); struct hstate *h = hstate_vma(vma); @@ -74101,7 +75184,7 @@ index b969ed4..10e3e37 100644 address &= huge_page_mask(h); ptep = huge_pte_offset(mm, address); -@@ -2828,6 +2862,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2830,6 +2864,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, VM_FAULT_SET_HINDEX(hstate_index(h)); } @@ -74129,10 +75212,10 @@ index b969ed4..10e3e37 100644 if (!ptep) return VM_FAULT_OOM; diff --git a/mm/internal.h b/mm/internal.h -index 3c5197d..08d0065 100644 +index 9ba2110..eaf0674 100644 --- a/mm/internal.h +++ b/mm/internal.h -@@ -95,6 +95,7 @@ extern void putback_lru_page(struct page *page); +@@ -100,6 +100,7 @@ extern pmd_t *mm_find_pmd(struct mm_struct *mm, unsigned long address); * in mm/page_alloc.c */ extern void __free_pages_bootmem(struct page *page, unsigned int order); @@ -74141,7 +75224,7 @@ index 3c5197d..08d0065 100644 #ifdef CONFIG_MEMORY_FAILURE extern bool is_free_buddy_page(struct page *page); diff --git a/mm/kmemleak.c b/mm/kmemleak.c -index a217cc5..44b2b35 100644 +index 752a705..6c3102e 100644 --- a/mm/kmemleak.c +++ b/mm/kmemleak.c @@ -363,7 +363,7 @@ static void print_unreferenced(struct seq_file *seq, @@ -74153,7 +75236,7 @@ index a217cc5..44b2b35 100644 } } -@@ -1852,7 +1852,7 @@ static int __init kmemleak_late_init(void) +@@ -1853,7 +1853,7 @@ static int __init kmemleak_late_init(void) return -ENOMEM; } @@ -74265,7 +75348,7 @@ index 03dfa5c..b032917 100644 if (end == start) goto out; diff --git a/mm/memory-failure.c b/mm/memory-failure.c -index 8b20278..05dac18 100644 +index c6e4dd3..fdb2ca6 100644 --- a/mm/memory-failure.c +++ b/mm/memory-failure.c @@ -61,7 +61,7 @@ int sysctl_memory_failure_early_kill __read_mostly = 0; @@ -74340,7 +75423,7 @@ index 8b20278..05dac18 100644 &mce_bad_pages); set_page_hwpoison_huge_page(hpage); dequeue_hwpoisoned_huge_page(hpage); -@@ -1582,7 +1582,7 @@ int soft_offline_page(struct page *page, int flags) +@@ -1583,7 +1583,7 @@ int soft_offline_page(struct page *page, int flags) return ret; done: @@ -74350,10 +75433,10 @@ index 8b20278..05dac18 100644 /* keep elevated page count for bad page */ return ret; diff --git a/mm/memory.c b/mm/memory.c -index f2973b2..fd020a7 100644 +index bb1369f..efb96b5 100644 --- a/mm/memory.c +++ b/mm/memory.c -@@ -431,6 +431,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, +@@ -433,6 +433,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, free_pte_range(tlb, pmd, addr); } while (pmd++, addr = next, addr != end); @@ -74361,7 +75444,7 @@ index f2973b2..fd020a7 100644 start &= PUD_MASK; if (start < floor) return; -@@ -445,6 +446,8 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, +@@ -447,6 +448,8 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, pmd = pmd_offset(pud, start); pud_clear(pud); pmd_free_tlb(tlb, pmd, start); @@ -74370,7 +75453,7 @@ index f2973b2..fd020a7 100644 } static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd, -@@ -464,6 +467,7 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd, +@@ -466,6 +469,7 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd, free_pmd_range(tlb, pud, addr, next, floor, ceiling); } while (pud++, addr = next, addr != end); @@ -74378,7 +75461,7 @@ index f2973b2..fd020a7 100644 start &= PGDIR_MASK; if (start < floor) return; -@@ -478,6 +482,8 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd, +@@ -480,6 +484,8 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd, pud = pud_offset(pgd, start); pgd_clear(pgd); pud_free_tlb(tlb, pud, start); @@ -74387,7 +75470,7 @@ index f2973b2..fd020a7 100644 } /* -@@ -1626,12 +1632,6 @@ no_page_table: +@@ -1618,12 +1624,6 @@ no_page_table: return page; } @@ -74400,8 +75483,8 @@ index f2973b2..fd020a7 100644 /** * __get_user_pages() - pin user pages in memory * @tsk: task_struct of target task -@@ -1704,10 +1704,10 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, - (VM_MAYREAD | VM_MAYWRITE) : (VM_READ | VM_WRITE); +@@ -1709,10 +1709,10 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, + i = 0; - do { @@ -74413,7 +75496,7 @@ index f2973b2..fd020a7 100644 if (!vma && in_gate_area(mm, start)) { unsigned long pg = start & PAGE_MASK; pgd_t *pgd; -@@ -1755,7 +1755,7 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, +@@ -1760,7 +1760,7 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, goto next_page; } @@ -74422,7 +75505,7 @@ index f2973b2..fd020a7 100644 (vma->vm_flags & (VM_IO | VM_PFNMAP)) || !(vm_flags & vma->vm_flags)) return i ? : -EFAULT; -@@ -1782,11 +1782,6 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, +@@ -1787,11 +1787,6 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, int ret; unsigned int fault_flags = 0; @@ -74434,7 +75517,7 @@ index f2973b2..fd020a7 100644 if (foll_flags & FOLL_WRITE) fault_flags |= FAULT_FLAG_WRITE; if (nonblocking) -@@ -1860,7 +1855,7 @@ next_page: +@@ -1865,7 +1860,7 @@ next_page: start += PAGE_SIZE; nr_pages--; } while (nr_pages && start < vma->vm_end); @@ -74443,7 +75526,7 @@ index f2973b2..fd020a7 100644 return i; } EXPORT_SYMBOL(__get_user_pages); -@@ -2067,6 +2062,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr, +@@ -2072,6 +2067,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr, page_add_file_rmap(page); set_pte_at(mm, addr, pte, mk_pte(page, prot)); @@ -74454,7 +75537,7 @@ index f2973b2..fd020a7 100644 retval = 0; pte_unmap_unlock(pte, ptl); return retval; -@@ -2111,9 +2110,21 @@ int vm_insert_page(struct vm_area_struct *vma, unsigned long addr, +@@ -2116,9 +2115,21 @@ int vm_insert_page(struct vm_area_struct *vma, unsigned long addr, if (!page_count(page)) return -EINVAL; if (!(vma->vm_flags & VM_MIXEDMAP)) { @@ -74476,7 +75559,7 @@ index f2973b2..fd020a7 100644 } return insert_page(vma, addr, page, vma->vm_page_prot); } -@@ -2196,6 +2207,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr, +@@ -2201,6 +2212,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr, unsigned long pfn) { BUG_ON(!(vma->vm_flags & VM_MIXEDMAP)); @@ -74484,7 +75567,7 @@ index f2973b2..fd020a7 100644 if (addr < vma->vm_start || addr >= vma->vm_end) return -EFAULT; -@@ -2396,7 +2408,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud, +@@ -2401,7 +2413,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud, BUG_ON(pud_huge(*pud)); @@ -74495,7 +75578,7 @@ index f2973b2..fd020a7 100644 if (!pmd) return -ENOMEM; do { -@@ -2416,7 +2430,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd, +@@ -2421,7 +2435,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd, unsigned long next; int err; @@ -74506,7 +75589,7 @@ index f2973b2..fd020a7 100644 if (!pud) return -ENOMEM; do { -@@ -2504,6 +2520,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo +@@ -2509,6 +2525,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo copy_user_highpage(dst, src, va, vma); } @@ -74693,7 +75776,7 @@ index f2973b2..fd020a7 100644 /* * This routine handles present pages, when users try to write * to a shared page. It is done by copying the page to a new address -@@ -2720,6 +2916,12 @@ gotten: +@@ -2725,6 +2921,12 @@ gotten: */ page_table = pte_offset_map_lock(mm, pmd, address, &ptl); if (likely(pte_same(*page_table, orig_pte))) { @@ -74706,7 +75789,7 @@ index f2973b2..fd020a7 100644 if (old_page) { if (!PageAnon(old_page)) { dec_mm_counter_fast(mm, MM_FILEPAGES); -@@ -2771,6 +2973,10 @@ gotten: +@@ -2776,6 +2978,10 @@ gotten: page_remove_rmap(old_page); } @@ -74868,7 +75951,7 @@ index f2973b2..fd020a7 100644 } else { if (cow_page) mem_cgroup_uncharge_page(cow_page); -@@ -3497,6 +3700,12 @@ int handle_pte_fault(struct mm_struct *mm, +@@ -3664,6 +3867,12 @@ int handle_pte_fault(struct mm_struct *mm, if (flags & FAULT_FLAG_WRITE) flush_tlb_fix_spurious_fault(vma, address); } @@ -74881,7 +75964,7 @@ index f2973b2..fd020a7 100644 unlock: pte_unmap_unlock(pte, ptl); return 0; -@@ -3513,6 +3722,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3680,6 +3889,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, pmd_t *pmd; pte_t *pte; @@ -74892,7 +75975,7 @@ index f2973b2..fd020a7 100644 __set_current_state(TASK_RUNNING); count_vm_event(PGFAULT); -@@ -3524,6 +3737,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3691,6 +3904,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, if (unlikely(is_vm_hugetlb_page(vma))) return hugetlb_fault(mm, vma, address, flags); @@ -74927,16 +76010,7 @@ index f2973b2..fd020a7 100644 retry: pgd = pgd_offset(mm, address); pud = pud_alloc(mm, pgd, address); -@@ -3565,7 +3806,7 @@ retry: - * run pte_offset_map on the pmd, if an huge pmd could - * materialize from under us from a different thread. - */ -- if (unlikely(pmd_none(*pmd)) && __pte_alloc(mm, vma, pmd, address)) -+ if (unlikely(pmd_none(*pmd) && __pte_alloc(mm, vma, pmd, address))) - return VM_FAULT_OOM; - /* if an huge pmd materialized from under us just retry later */ - if (unlikely(pmd_trans_huge(*pmd))) -@@ -3602,6 +3843,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address) +@@ -3789,6 +4030,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address) spin_unlock(&mm->page_table_lock); return 0; } @@ -74960,7 +76034,7 @@ index f2973b2..fd020a7 100644 #endif /* __PAGETABLE_PUD_FOLDED */ #ifndef __PAGETABLE_PMD_FOLDED -@@ -3632,6 +3890,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) +@@ -3819,6 +4077,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) spin_unlock(&mm->page_table_lock); return 0; } @@ -74991,7 +76065,7 @@ index f2973b2..fd020a7 100644 #endif /* __PAGETABLE_PMD_FOLDED */ int make_pages_present(unsigned long addr, unsigned long end) -@@ -3669,7 +3951,7 @@ static int __init gate_vma_init(void) +@@ -3856,7 +4138,7 @@ static int __init gate_vma_init(void) gate_vma.vm_start = FIXADDR_USER_START; gate_vma.vm_end = FIXADDR_USER_END; gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC; @@ -75001,10 +76075,10 @@ index f2973b2..fd020a7 100644 return 0; } diff --git a/mm/mempolicy.c b/mm/mempolicy.c -index 002c281..9429765 100644 +index e2df1c1..1e31d57 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c -@@ -655,6 +655,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, +@@ -721,6 +721,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, unsigned long vmstart; unsigned long vmend; @@ -75015,7 +76089,7 @@ index 002c281..9429765 100644 vma = find_vma(mm, start); if (!vma || vma->vm_start > start) return -EFAULT; -@@ -691,9 +695,20 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, +@@ -757,9 +761,20 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, if (err) goto out; } @@ -75036,7 +76110,7 @@ index 002c281..9429765 100644 } out: -@@ -1150,6 +1165,17 @@ static long do_mbind(unsigned long start, unsigned long len, +@@ -1216,6 +1231,17 @@ static long do_mbind(unsigned long start, unsigned long len, if (end < start) return -EINVAL; @@ -75054,7 +76128,7 @@ index 002c281..9429765 100644 if (end == start) return 0; -@@ -1373,8 +1399,7 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode, +@@ -1445,8 +1471,7 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode, */ tcred = __task_cred(task); if (!uid_eq(cred->euid, tcred->suid) && !uid_eq(cred->euid, tcred->uid) && @@ -75064,7 +76138,7 @@ index 002c281..9429765 100644 rcu_read_unlock(); err = -EPERM; goto out_put; -@@ -1405,6 +1430,15 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode, +@@ -1477,6 +1502,15 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode, goto out; } @@ -75081,10 +76155,10 @@ index 002c281..9429765 100644 capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE); diff --git a/mm/migrate.c b/mm/migrate.c -index 346d32d..d7adff2 100644 +index 2fd8b4a..d70358f 100644 --- a/mm/migrate.c +++ b/mm/migrate.c -@@ -1352,8 +1352,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages, +@@ -1401,8 +1401,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages, */ tcred = __task_cred(task); if (!uid_eq(cred->euid, tcred->suid) && !uid_eq(cred->euid, tcred->uid) && @@ -75167,18 +76241,18 @@ index c9bd528..da8d069 100644 capable(CAP_IPC_LOCK)) ret = do_mlockall(flags); diff --git a/mm/mmap.c b/mm/mmap.c -index 9a796c4..e2c9724 100644 +index d1e4124..32a6988 100644 --- a/mm/mmap.c +++ b/mm/mmap.c -@@ -31,6 +31,7 @@ - #include <linux/audit.h> +@@ -32,6 +32,7 @@ #include <linux/khugepaged.h> #include <linux/uprobes.h> + #include <linux/rbtree_augmented.h> +#include <linux/random.h> #include <asm/uaccess.h> #include <asm/cacheflush.h> -@@ -47,6 +48,16 @@ +@@ -48,6 +49,16 @@ #define arch_rebalance_pgtables(addr, len) (addr) #endif @@ -75195,7 +76269,7 @@ index 9a796c4..e2c9724 100644 static void unmap_region(struct mm_struct *mm, struct vm_area_struct *vma, struct vm_area_struct *prev, unsigned long start, unsigned long end); -@@ -66,22 +77,32 @@ static void unmap_region(struct mm_struct *mm, +@@ -67,22 +78,32 @@ static void unmap_region(struct mm_struct *mm, * x: (no) no x: (no) yes x: (no) yes x: (yes) yes * */ @@ -75231,7 +76305,7 @@ index 9a796c4..e2c9724 100644 /* * Make sure vm_committed_as in one cacheline and not cacheline shared with * other variables. It can be updated by several CPUs frequently. -@@ -223,6 +244,7 @@ static struct vm_area_struct *remove_vma(struct vm_area_struct *vma) +@@ -238,6 +259,7 @@ static struct vm_area_struct *remove_vma(struct vm_area_struct *vma) struct vm_area_struct *next = vma->vm_next; might_sleep(); @@ -75239,7 +76313,7 @@ index 9a796c4..e2c9724 100644 if (vma->vm_ops && vma->vm_ops->close) vma->vm_ops->close(vma); if (vma->vm_file) -@@ -266,6 +288,7 @@ SYSCALL_DEFINE1(brk, unsigned long, brk) +@@ -281,6 +303,7 @@ SYSCALL_DEFINE1(brk, unsigned long, brk) * not page aligned -Ram Gupta */ rlim = rlimit(RLIMIT_DATA); @@ -75247,7 +76321,7 @@ index 9a796c4..e2c9724 100644 if (rlim < RLIM_INFINITY && (brk - mm->start_brk) + (mm->end_data - mm->start_data) > rlim) goto out; -@@ -736,6 +759,12 @@ static int +@@ -888,6 +911,12 @@ static int can_vma_merge_before(struct vm_area_struct *vma, unsigned long vm_flags, struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff) { @@ -75260,7 +76334,7 @@ index 9a796c4..e2c9724 100644 if (is_mergeable_vma(vma, file, vm_flags) && is_mergeable_anon_vma(anon_vma, vma->anon_vma, vma)) { if (vma->vm_pgoff == vm_pgoff) -@@ -755,6 +784,12 @@ static int +@@ -907,6 +936,12 @@ static int can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags, struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff) { @@ -75273,7 +76347,7 @@ index 9a796c4..e2c9724 100644 if (is_mergeable_vma(vma, file, vm_flags) && is_mergeable_anon_vma(anon_vma, vma->anon_vma, vma)) { pgoff_t vm_pglen; -@@ -797,13 +832,20 @@ can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags, +@@ -949,13 +984,20 @@ can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags, struct vm_area_struct *vma_merge(struct mm_struct *mm, struct vm_area_struct *prev, unsigned long addr, unsigned long end, unsigned long vm_flags, @@ -75295,7 +76369,7 @@ index 9a796c4..e2c9724 100644 /* * We later require that vma->vm_flags == vm_flags, * so this tests vma->vm_flags & VM_SPECIAL, too. -@@ -819,6 +861,15 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, +@@ -971,6 +1013,15 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, if (next && next->vm_end == end) /* cases 6, 7, 8 */ next = next->vm_next; @@ -75311,7 +76385,7 @@ index 9a796c4..e2c9724 100644 /* * Can it merge with the predecessor? */ -@@ -838,9 +889,24 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, +@@ -990,9 +1041,24 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, /* cases 1, 6 */ err = vma_adjust(prev, prev->vm_start, next->vm_end, prev->vm_pgoff, NULL); @@ -75337,7 +76411,7 @@ index 9a796c4..e2c9724 100644 if (err) return NULL; khugepaged_enter_vma_merge(prev); -@@ -854,12 +920,27 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, +@@ -1006,12 +1072,27 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, mpol_equal(policy, vma_policy(next)) && can_vma_merge_before(next, vm_flags, anon_vma, file, pgoff+pglen)) { @@ -75367,7 +76441,7 @@ index 9a796c4..e2c9724 100644 if (err) return NULL; khugepaged_enter_vma_merge(area); -@@ -968,16 +1049,13 @@ none: +@@ -1120,16 +1201,13 @@ none: void vm_stat_account(struct mm_struct *mm, unsigned long flags, struct file *file, long pages) { @@ -75385,7 +76459,7 @@ index 9a796c4..e2c9724 100644 mm->stack_vm += pages; } #endif /* CONFIG_PROC_FS */ -@@ -1013,7 +1091,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1165,7 +1243,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, * (the exception is when the underlying filesystem is noexec * mounted, in which case we dont add PROT_EXEC.) */ @@ -75394,7 +76468,7 @@ index 9a796c4..e2c9724 100644 if (!(file && (file->f_path.mnt->mnt_flags & MNT_NOEXEC))) prot |= PROT_EXEC; -@@ -1039,7 +1117,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1191,7 +1269,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, /* Obtain the address to map to. we verify (or select) it and ensure * that it represents a valid section of the address space. */ @@ -75403,7 +76477,7 @@ index 9a796c4..e2c9724 100644 if (addr & ~PAGE_MASK) return addr; -@@ -1050,6 +1128,36 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1202,6 +1280,36 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, vm_flags = calc_vm_prot_bits(prot) | calc_vm_flag_bits(flags) | mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC; @@ -75440,7 +76514,7 @@ index 9a796c4..e2c9724 100644 if (flags & MAP_LOCKED) if (!can_do_mlock()) return -EPERM; -@@ -1061,6 +1169,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1213,6 +1321,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, locked += mm->locked_vm; lock_limit = rlimit(RLIMIT_MEMLOCK); lock_limit >>= PAGE_SHIFT; @@ -75448,7 +76522,7 @@ index 9a796c4..e2c9724 100644 if (locked > lock_limit && !capable(CAP_IPC_LOCK)) return -EAGAIN; } -@@ -1127,6 +1236,9 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1279,6 +1388,9 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, } } @@ -75458,7 +76532,7 @@ index 9a796c4..e2c9724 100644 return mmap_region(file, addr, len, flags, vm_flags, pgoff); } -@@ -1203,7 +1315,7 @@ int vma_wants_writenotify(struct vm_area_struct *vma) +@@ -1356,7 +1468,7 @@ int vma_wants_writenotify(struct vm_area_struct *vma) vm_flags_t vm_flags = vma->vm_flags; /* If it was private or non-writable, the write bit is already clear */ @@ -75467,7 +76541,7 @@ index 9a796c4..e2c9724 100644 return 0; /* The backer wishes to know when pages are first written to? */ -@@ -1252,13 +1364,22 @@ unsigned long mmap_region(struct file *file, unsigned long addr, +@@ -1405,13 +1517,22 @@ unsigned long mmap_region(struct file *file, unsigned long addr, unsigned long charged = 0; struct inode *inode = file ? file->f_path.dentry->d_inode : NULL; @@ -75492,7 +76566,7 @@ index 9a796c4..e2c9724 100644 } /* Check against address space limit. */ -@@ -1307,6 +1428,16 @@ munmap_back: +@@ -1460,6 +1581,16 @@ munmap_back: goto unacct_error; } @@ -75509,7 +76583,7 @@ index 9a796c4..e2c9724 100644 vma->vm_mm = mm; vma->vm_start = addr; vma->vm_end = addr + len; -@@ -1331,6 +1462,13 @@ munmap_back: +@@ -1484,6 +1615,13 @@ munmap_back: if (error) goto unmap_and_free_vma; @@ -75523,7 +76597,7 @@ index 9a796c4..e2c9724 100644 /* Can addr have changed?? * * Answer: Yes, several device drivers can do it in their -@@ -1365,6 +1503,11 @@ munmap_back: +@@ -1522,6 +1660,11 @@ munmap_back: vma_link(mm, vma, prev, rb_link, rb_parent); file = vma->vm_file; @@ -75535,7 +76609,7 @@ index 9a796c4..e2c9724 100644 /* Once vma denies write, undo our temporary denial count */ if (correct_wcount) atomic_inc(&inode->i_writecount); -@@ -1372,6 +1515,7 @@ out: +@@ -1529,6 +1672,7 @@ out: perf_event_mmap(vma); vm_stat_account(mm, vm_flags, file, len >> PAGE_SHIFT); @@ -75543,7 +76617,7 @@ index 9a796c4..e2c9724 100644 if (vm_flags & VM_LOCKED) { if (!mlock_vma_pages_range(vma, addr, addr + len)) mm->locked_vm += (len >> PAGE_SHIFT); -@@ -1393,6 +1537,12 @@ unmap_and_free_vma: +@@ -1550,6 +1694,12 @@ unmap_and_free_vma: unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end); charged = 0; free_vma: @@ -75556,7 +76630,7 @@ index 9a796c4..e2c9724 100644 kmem_cache_free(vm_area_cachep, vma); unacct_error: if (charged) -@@ -1400,6 +1550,62 @@ unacct_error: +@@ -1557,6 +1707,62 @@ unacct_error: return error; } @@ -75616,18 +76690,18 @@ index 9a796c4..e2c9724 100644 + return -ENOMEM; +} + - /* Get an address range which is currently unmapped. - * For shmat() with addr=0. - * -@@ -1419,6 +1625,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, + unsigned long unmapped_area(struct vm_unmapped_area_info *info) + { + /* +@@ -1776,6 +1982,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, struct mm_struct *mm = current->mm; struct vm_area_struct *vma; - unsigned long start_addr; + struct vm_unmapped_area_info info; + unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); if (len > TASK_SIZE) return -ENOMEM; -@@ -1426,18 +1633,23 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -1783,17 +1990,26 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, if (flags & MAP_FIXED) return addr; @@ -75637,62 +76711,26 @@ index 9a796c4..e2c9724 100644 + if (addr) { addr = PAGE_ALIGN(addr); -- vma = find_vma(mm, addr); + vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && - (!vma || addr + len <= vma->vm_start)) -- return addr; -+ if (TASK_SIZE - len >= addr) { -+ vma = find_vma(mm, addr); -+ if (check_heap_stack_gap(vma, addr, len, offset)) -+ return addr; -+ } - } - if (len > mm->cached_hole_size) { -- start_addr = addr = mm->free_area_cache; -+ start_addr = addr = mm->free_area_cache; - } else { -- start_addr = addr = TASK_UNMAPPED_BASE; -- mm->cached_hole_size = 0; -+ start_addr = addr = mm->mmap_base; -+ mm->cached_hole_size = 0; ++ if (TASK_SIZE - len >= addr && check_heap_stack_gap(vma, addr, len, offset)) + return addr; } - full_search: -@@ -1448,34 +1660,40 @@ full_search: - * Start a new search - just in case we missed - * some holes. - */ -- if (start_addr != TASK_UNMAPPED_BASE) { -- addr = TASK_UNMAPPED_BASE; -- start_addr = addr; -+ if (start_addr != mm->mmap_base) { -+ start_addr = addr = mm->mmap_base; - mm->cached_hole_size = 0; - goto full_search; - } - return -ENOMEM; - } -- if (!vma || addr + len <= vma->vm_start) { -- /* -- * Remember the place where we stopped the search: -- */ -- mm->free_area_cache = addr + len; -- return addr; -- } -+ if (check_heap_stack_gap(vma, addr, len, offset)) -+ break; - if (addr + mm->cached_hole_size < vma->vm_start) - mm->cached_hole_size = vma->vm_start - addr; - addr = vma->vm_end; - } + info.flags = 0; + info.length = len; + info.low_limit = TASK_UNMAPPED_BASE; + -+ /* -+ * Remember the place where we stopped the search: -+ */ -+ mm->free_area_cache = addr + len; -+ return addr; - } - #endif ++#ifdef CONFIG_PAX_RANDMMAP ++ if (mm->pax_flags & MF_PAX_RANDMMAP) ++ info.low_limit += mm->delta_mmap; ++#endif ++ + info.high_limit = TASK_SIZE; + info.align_mask = 0; + return vm_unmapped_area(&info); +@@ -1802,10 +2018,16 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, void arch_unmap_area(struct mm_struct *mm, unsigned long addr) { @@ -75710,17 +76748,15 @@ index 9a796c4..e2c9724 100644 mm->free_area_cache = addr; } -@@ -1491,7 +1709,8 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - { - struct vm_area_struct *vma; +@@ -1823,6 +2045,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, struct mm_struct *mm = current->mm; -- unsigned long addr = addr0, start_addr; -+ unsigned long base = mm->mmap_base, addr = addr0, start_addr; + unsigned long addr = addr0; + struct vm_unmapped_area_info info; + unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); /* requested length too big for entire address space */ if (len > TASK_SIZE) -@@ -1500,13 +1719,18 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1831,12 +2054,15 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, if (flags & MAP_FIXED) return addr; @@ -75731,63 +76767,27 @@ index 9a796c4..e2c9724 100644 /* requesting a specific address */ if (addr) { addr = PAGE_ALIGN(addr); -- vma = find_vma(mm, addr); + vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && - (!vma || addr + len <= vma->vm_start)) -- return addr; -+ if (TASK_SIZE - len >= addr) { -+ vma = find_vma(mm, addr); -+ if (check_heap_stack_gap(vma, addr, len, offset)) -+ return addr; -+ } ++ if (TASK_SIZE - len >= addr && check_heap_stack_gap(vma, addr, len, offset)) + return addr; } - /* check if free_area_cache is useful for us */ -@@ -1530,7 +1754,7 @@ try_again: - * return with success: - */ - vma = find_vma(mm, addr); -- if (!vma || addr+len <= vma->vm_start) -+ if (check_heap_stack_gap(vma, addr, len, offset)) - /* remember the address as a hint for next time */ - return (mm->free_area_cache = addr); - -@@ -1539,8 +1763,8 @@ try_again: - mm->cached_hole_size = vma->vm_start - addr; - - /* try just below the current vma->vm_start */ -- addr = vma->vm_start-len; -- } while (len < vma->vm_start); -+ addr = skip_heap_stack_gap(vma, len, offset); -+ } while (!IS_ERR_VALUE(addr)); - - fail: - /* -@@ -1563,13 +1787,21 @@ fail: - * can happen with large stack limits and large mmap() - * allocations. - */ -+ mm->mmap_base = TASK_UNMAPPED_BASE; +@@ -1857,6 +2083,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, + VM_BUG_ON(addr != -ENOMEM); + info.flags = 0; + info.low_limit = TASK_UNMAPPED_BASE; + +#ifdef CONFIG_PAX_RANDMMAP -+ if (mm->pax_flags & MF_PAX_RANDMMAP) -+ mm->mmap_base += mm->delta_mmap; ++ if (mm->pax_flags & MF_PAX_RANDMMAP) ++ info.low_limit += mm->delta_mmap; +#endif + -+ mm->free_area_cache = mm->mmap_base; - mm->cached_hole_size = ~0UL; -- mm->free_area_cache = TASK_UNMAPPED_BASE; - addr = arch_get_unmapped_area(filp, addr0, len, pgoff, flags); - /* - * Restore the topdown base: - */ -- mm->free_area_cache = mm->mmap_base; -+ mm->mmap_base = base; -+ mm->free_area_cache = base; - mm->cached_hole_size = ~0UL; - - return addr; -@@ -1578,6 +1810,12 @@ fail: + info.high_limit = TASK_SIZE; + addr = vm_unmapped_area(&info); + } +@@ -1867,6 +2099,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr) { @@ -75800,7 +76800,7 @@ index 9a796c4..e2c9724 100644 /* * Is this a new hole at the highest possible address? */ -@@ -1585,8 +1823,10 @@ void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr) +@@ -1874,8 +2112,10 @@ void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr) mm->free_area_cache = addr; /* dont allow allocations above current base */ @@ -75812,7 +76812,7 @@ index 9a796c4..e2c9724 100644 } unsigned long -@@ -1685,6 +1925,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr, +@@ -1974,6 +2214,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr, return vma; } @@ -75841,7 +76841,7 @@ index 9a796c4..e2c9724 100644 /* * Verify that the stack growth is acceptable and * update accounting. This is shared with both the -@@ -1701,6 +1963,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns +@@ -1990,6 +2252,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns return -ENOMEM; /* Stack limit test */ @@ -75849,7 +76849,7 @@ index 9a796c4..e2c9724 100644 if (size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur)) return -ENOMEM; -@@ -1711,6 +1974,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns +@@ -2000,6 +2263,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns locked = mm->locked_vm + grow; limit = ACCESS_ONCE(rlim[RLIMIT_MEMLOCK].rlim_cur); limit >>= PAGE_SHIFT; @@ -75857,7 +76857,7 @@ index 9a796c4..e2c9724 100644 if (locked > limit && !capable(CAP_IPC_LOCK)) return -ENOMEM; } -@@ -1740,37 +2004,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns +@@ -2029,37 +2293,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns * PA-RISC uses this for its stack; IA64 for its Register Backing Store. * vma is the last one with address > vma->vm_end. Have to extend vma. */ @@ -75915,7 +76915,7 @@ index 9a796c4..e2c9724 100644 unsigned long size, grow; size = address - vma->vm_start; -@@ -1787,6 +2062,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address) +@@ -2094,6 +2369,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address) } } } @@ -75924,7 +76924,7 @@ index 9a796c4..e2c9724 100644 vma_unlock_anon_vma(vma); khugepaged_enter_vma_merge(vma); validate_mm(vma->vm_mm); -@@ -1801,6 +2078,8 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -2108,6 +2385,8 @@ int expand_downwards(struct vm_area_struct *vma, unsigned long address) { int error; @@ -75933,7 +76933,7 @@ index 9a796c4..e2c9724 100644 /* * We must make sure the anon_vma is allocated -@@ -1814,6 +2093,15 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -2121,6 +2400,15 @@ int expand_downwards(struct vm_area_struct *vma, if (error) return error; @@ -75949,7 +76949,7 @@ index 9a796c4..e2c9724 100644 vma_lock_anon_vma(vma); /* -@@ -1823,9 +2111,17 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -2130,9 +2418,17 @@ int expand_downwards(struct vm_area_struct *vma, */ /* Somebody else might have raced and expanded it already */ @@ -75968,10 +76968,10 @@ index 9a796c4..e2c9724 100644 size = vma->vm_end - address; grow = (vma->vm_start - address) >> PAGE_SHIFT; -@@ -1837,6 +2133,17 @@ int expand_downwards(struct vm_area_struct *vma, - vma->vm_start = address; +@@ -2157,6 +2453,18 @@ int expand_downwards(struct vm_area_struct *vma, vma->vm_pgoff -= grow; anon_vma_interval_tree_post_update_vma(vma); + vma_gap_update(vma); + track_exec_limit(vma->vm_mm, vma->vm_start, vma->vm_end, vma->vm_flags); + +#ifdef CONFIG_PAX_SEGMEXEC @@ -75980,13 +76980,14 @@ index 9a796c4..e2c9724 100644 + vma_m->vm_start -= grow << PAGE_SHIFT; + vma_m->vm_pgoff -= grow; + anon_vma_interval_tree_post_update_vma(vma_m); ++ vma_gap_update(vma_m); + } +#endif + + spin_unlock(&vma->vm_mm->page_table_lock); + perf_event_mmap(vma); - } - } -@@ -1914,6 +2221,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma) +@@ -2236,6 +2544,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma) do { long nrpages = vma_pages(vma); @@ -76000,7 +77001,7 @@ index 9a796c4..e2c9724 100644 if (vma->vm_flags & VM_ACCOUNT) nr_accounted += nrpages; vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages); -@@ -1959,6 +2273,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2281,6 +2596,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma, insertion_point = (prev ? &prev->vm_next : &mm->mmap); vma->vm_prev = NULL; do { @@ -76014,10 +77015,10 @@ index 9a796c4..e2c9724 100644 + } +#endif + - rb_erase(&vma->vm_rb, &mm->mm_rb); + vma_rb_erase(vma, &mm->mm_rb); mm->map_count--; tail_vma = vma; -@@ -1987,14 +2311,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2312,14 +2637,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, struct vm_area_struct *new; int err = -ENOMEM; @@ -76051,7 +77052,7 @@ index 9a796c4..e2c9724 100644 /* most fields are the same, copy all, and then fixup */ *new = *vma; -@@ -2007,6 +2350,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2332,6 +2676,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT); } @@ -76074,7 +77075,7 @@ index 9a796c4..e2c9724 100644 pol = mpol_dup(vma_policy(vma)); if (IS_ERR(pol)) { err = PTR_ERR(pol); -@@ -2029,6 +2388,36 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2354,6 +2714,36 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, else err = vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new); @@ -76111,7 +77112,7 @@ index 9a796c4..e2c9724 100644 /* Success. */ if (!err) return 0; -@@ -2038,10 +2427,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2363,10 +2753,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, new->vm_ops->close(new); if (new->vm_file) fput(new->vm_file); @@ -76131,7 +77132,7 @@ index 9a796c4..e2c9724 100644 kmem_cache_free(vm_area_cachep, new); out_err: return err; -@@ -2054,6 +2451,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2379,6 +2777,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long addr, int new_below) { @@ -76147,7 +77148,7 @@ index 9a796c4..e2c9724 100644 if (mm->map_count >= sysctl_max_map_count) return -ENOMEM; -@@ -2065,11 +2471,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2390,11 +2797,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, * work. This now handles partial unmappings. * Jeremy Fitzhardinge <jeremy@goop.org> */ @@ -76178,7 +77179,7 @@ index 9a796c4..e2c9724 100644 if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start) return -EINVAL; -@@ -2144,6 +2569,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) +@@ -2469,6 +2895,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) /* Fix up all other VM information */ remove_vma_list(mm, vma); @@ -76187,7 +77188,7 @@ index 9a796c4..e2c9724 100644 return 0; } -@@ -2152,6 +2579,13 @@ int vm_munmap(unsigned long start, size_t len) +@@ -2477,6 +2905,13 @@ int vm_munmap(unsigned long start, size_t len) int ret; struct mm_struct *mm = current->mm; @@ -76201,7 +77202,7 @@ index 9a796c4..e2c9724 100644 down_write(&mm->mmap_sem); ret = do_munmap(mm, start, len); up_write(&mm->mmap_sem); -@@ -2165,16 +2599,6 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len) +@@ -2490,16 +2925,6 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len) return vm_munmap(addr, len); } @@ -76218,7 +77219,7 @@ index 9a796c4..e2c9724 100644 /* * this is really a simplified "do_mmap". it only handles * anonymous maps. eventually we may be able to do some -@@ -2188,6 +2612,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2513,6 +2938,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) struct rb_node ** rb_link, * rb_parent; pgoff_t pgoff = addr >> PAGE_SHIFT; int error; @@ -76226,7 +77227,7 @@ index 9a796c4..e2c9724 100644 len = PAGE_ALIGN(len); if (!len) -@@ -2195,16 +2620,30 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2520,16 +2946,30 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags; @@ -76258,7 +77259,7 @@ index 9a796c4..e2c9724 100644 locked += mm->locked_vm; lock_limit = rlimit(RLIMIT_MEMLOCK); lock_limit >>= PAGE_SHIFT; -@@ -2221,21 +2660,20 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2546,21 +2986,20 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) /* * Clear old maps. this also does some error checking for us */ @@ -76283,7 +77284,7 @@ index 9a796c4..e2c9724 100644 return -ENOMEM; /* Can we just expand an old private anonymous mapping? */ -@@ -2249,7 +2687,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2574,7 +3013,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) */ vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL); if (!vma) { @@ -76292,7 +77293,7 @@ index 9a796c4..e2c9724 100644 return -ENOMEM; } -@@ -2263,11 +2701,12 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2588,11 +3027,12 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) vma_link(mm, vma, prev, rb_link, rb_parent); out: perf_event_mmap(vma); @@ -76307,7 +77308,7 @@ index 9a796c4..e2c9724 100644 return addr; } -@@ -2325,6 +2764,7 @@ void exit_mmap(struct mm_struct *mm) +@@ -2650,6 +3090,7 @@ void exit_mmap(struct mm_struct *mm) while (vma) { if (vma->vm_flags & VM_ACCOUNT) nr_accounted += vma_pages(vma); @@ -76315,7 +77316,7 @@ index 9a796c4..e2c9724 100644 vma = remove_vma(vma); } vm_unacct_memory(nr_accounted); -@@ -2341,6 +2781,13 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) +@@ -2666,6 +3107,13 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) struct vm_area_struct *prev; struct rb_node **rb_link, *rb_parent; @@ -76329,7 +77330,7 @@ index 9a796c4..e2c9724 100644 /* * The vm_pgoff of a purely anonymous vma should be irrelevant * until its first write fault, when page's anon_vma and index -@@ -2364,7 +2811,21 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) +@@ -2689,7 +3137,21 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) security_vm_enough_memory_mm(mm, vma_pages(vma))) return -ENOMEM; @@ -76351,7 +77352,7 @@ index 9a796c4..e2c9724 100644 return 0; } -@@ -2384,6 +2845,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, +@@ -2709,6 +3171,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, struct mempolicy *pol; bool faulted_in_anon_vma = true; @@ -76360,7 +77361,7 @@ index 9a796c4..e2c9724 100644 /* * If anonymous vma has not yet been faulted, update new pgoff * to match new location, to increase its chance of merging. -@@ -2450,6 +2913,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, +@@ -2775,6 +3239,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, return NULL; } @@ -76400,7 +77401,7 @@ index 9a796c4..e2c9724 100644 /* * Return true if the calling process may expand its vm space by the passed * number of pages -@@ -2461,6 +2957,12 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) +@@ -2786,6 +3283,12 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) lim = rlimit(RLIMIT_AS) >> PAGE_SHIFT; @@ -76413,7 +77414,7 @@ index 9a796c4..e2c9724 100644 if (cur + npages > lim) return 0; return 1; -@@ -2531,6 +3033,22 @@ int install_special_mapping(struct mm_struct *mm, +@@ -2856,6 +3359,22 @@ int install_special_mapping(struct mm_struct *mm, vma->vm_start = addr; vma->vm_end = addr + len; @@ -76437,7 +77438,7 @@ index 9a796c4..e2c9724 100644 vma->vm_page_prot = vm_get_page_prot(vma->vm_flags); diff --git a/mm/mprotect.c b/mm/mprotect.c -index a409926..8b32e6d 100644 +index 94722a4..9837984 100644 --- a/mm/mprotect.c +++ b/mm/mprotect.c @@ -23,10 +23,17 @@ @@ -76458,8 +77459,8 @@ index a409926..8b32e6d 100644 #ifndef pgprot_modify static inline pgprot_t pgprot_modify(pgprot_t oldprot, pgprot_t newprot) -@@ -141,6 +148,48 @@ static void change_protection(struct vm_area_struct *vma, - flush_tlb_range(vma, start, end); +@@ -233,6 +240,48 @@ unsigned long change_protection(struct vm_area_struct *vma, unsigned long start, + return pages; } +#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT @@ -76499,7 +77500,7 @@ index a409926..8b32e6d 100644 + if (is_vm_hugetlb_page(vma)) + hugetlb_change_protection(vma, vma->vm_start, vma->vm_end, vma->vm_page_prot); + else -+ change_protection(vma, vma->vm_start, vma->vm_end, vma->vm_page_prot, vma_wants_writenotify(vma)); ++ change_protection(vma, vma->vm_start, vma->vm_end, vma->vm_page_prot, vma_wants_writenotify(vma), 0); + } +} +#endif @@ -76507,7 +77508,7 @@ index a409926..8b32e6d 100644 int mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, unsigned long start, unsigned long end, unsigned long newflags) -@@ -153,11 +202,29 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, +@@ -245,11 +294,29 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, int error; int dirty_accountable = 0; @@ -76537,7 +77538,7 @@ index a409926..8b32e6d 100644 /* * If we make a private mapping writable we increase our commit; * but (without finer accounting) cannot reduce our commit if we -@@ -174,6 +241,42 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, +@@ -266,6 +333,42 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, } } @@ -76580,7 +77581,7 @@ index a409926..8b32e6d 100644 /* * First try to merge with previous and/or next vma. */ -@@ -204,9 +307,21 @@ success: +@@ -296,9 +399,21 @@ success: * vm_flags and vm_page_prot are protected by the mmap_sem * held in write mode. */ @@ -76603,7 +77604,7 @@ index a409926..8b32e6d 100644 if (vma_wants_writenotify(vma)) { vma->vm_page_prot = vm_get_page_prot(newflags & ~VM_SHARED); -@@ -248,6 +363,17 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, +@@ -337,6 +452,17 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, end = start + len; if (end <= start) return -ENOMEM; @@ -76621,7 +77622,7 @@ index a409926..8b32e6d 100644 if (!arch_validate_prot(prot)) return -EINVAL; -@@ -255,7 +381,7 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, +@@ -344,7 +470,7 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, /* * Does the application expect PROT_READ to imply PROT_EXEC: */ @@ -76630,7 +77631,7 @@ index a409926..8b32e6d 100644 prot |= PROT_EXEC; vm_flags = calc_vm_prot_bits(prot); -@@ -288,6 +414,11 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, +@@ -376,6 +502,11 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, if (start > vma->vm_start) prev = vma; @@ -76642,7 +77643,7 @@ index a409926..8b32e6d 100644 for (nstart = start ; ; ) { unsigned long newflags; -@@ -297,6 +428,14 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, +@@ -386,6 +517,14 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, /* newflags >> 4 shift VM_MAY% in place of VM_% */ if ((newflags & ~(newflags >> 4)) & (VM_READ | VM_WRITE | VM_EXEC)) { @@ -76657,7 +77658,7 @@ index a409926..8b32e6d 100644 error = -EACCES; goto out; } -@@ -311,6 +450,9 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, +@@ -400,6 +539,9 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, error = mprotect_fixup(vma, &prev, nstart, tmp, newflags); if (error) goto out; @@ -76668,7 +77669,7 @@ index a409926..8b32e6d 100644 if (nstart < prev->vm_end) diff --git a/mm/mremap.c b/mm/mremap.c -index 1b61c2d..1cc0e3c 100644 +index e1031e1..1f2a0a1 100644 --- a/mm/mremap.c +++ b/mm/mremap.c @@ -125,6 +125,12 @@ static void move_ptes(struct vm_area_struct *vma, pmd_t *old_pmd, @@ -76775,7 +77776,7 @@ index 1b61c2d..1cc0e3c 100644 out: if (ret & ~PAGE_MASK) diff --git a/mm/nommu.c b/mm/nommu.c -index 45131b4..c521665 100644 +index 79c3cac..4d357e0 100644 --- a/mm/nommu.c +++ b/mm/nommu.c @@ -62,7 +62,6 @@ int sysctl_overcommit_memory = OVERCOMMIT_GUESS; /* heuristic overcommit */ @@ -76786,7 +77787,7 @@ index 45131b4..c521665 100644 atomic_long_t mmap_pages_allocated; -@@ -824,15 +823,6 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr) +@@ -839,15 +838,6 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr) EXPORT_SYMBOL(find_vma); /* @@ -76802,7 +77803,7 @@ index 45131b4..c521665 100644 * expand a stack to a given address * - not supported under NOMMU conditions */ -@@ -1540,6 +1530,7 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -1555,6 +1545,7 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, /* most fields are the same, copy all, and then fixup */ *new = *vma; @@ -76810,11 +77811,24 @@ index 45131b4..c521665 100644 *region = *vma->vm_region; new->vm_region = region; +diff --git a/mm/page-writeback.c b/mm/page-writeback.c +index 0713bfb..e3774e0 100644 +--- a/mm/page-writeback.c ++++ b/mm/page-writeback.c +@@ -1630,7 +1630,7 @@ ratelimit_handler(struct notifier_block *self, unsigned long action, + } + } + +-static struct notifier_block __cpuinitdata ratelimit_nb = { ++static struct notifier_block ratelimit_nb = { + .notifier_call = ratelimit_handler, + .next = NULL, + }; diff --git a/mm/page_alloc.c b/mm/page_alloc.c -index ceb4168..d7774f2 100644 +index 6a83cd3..bc2dcb6 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c -@@ -340,7 +340,7 @@ out: +@@ -338,7 +338,7 @@ out: * This usage means that zero-order pages may not be compound. */ @@ -76847,7 +77861,7 @@ index ceb4168..d7774f2 100644 arch_free_page(page, order); kernel_map_pages(page, 1 << order, 0); -@@ -849,8 +859,10 @@ static int prep_new_page(struct page *page, int order, gfp_t gfp_flags) +@@ -861,8 +871,10 @@ static int prep_new_page(struct page *page, int order, gfp_t gfp_flags) arch_alloc_page(page, order); kernel_map_pages(page, 1 << order, 1); @@ -76858,7 +77872,7 @@ index ceb4168..d7774f2 100644 if (order && (gfp_flags & __GFP_COMP)) prep_compound_page(page, order); -@@ -3684,7 +3696,13 @@ static int pageblock_is_reserved(unsigned long start_pfn, unsigned long end_pfn) +@@ -3752,7 +3764,13 @@ static int pageblock_is_reserved(unsigned long start_pfn, unsigned long end_pfn) unsigned long pfn; for (pfn = start_pfn; pfn < end_pfn; pfn++) { @@ -76873,7 +77887,7 @@ index ceb4168..d7774f2 100644 } return 0; diff --git a/mm/percpu.c b/mm/percpu.c -index ddc5efb..f632d2c 100644 +index 8c8e08f..73a5cda 100644 --- a/mm/percpu.c +++ b/mm/percpu.c @@ -122,7 +122,7 @@ static unsigned int pcpu_low_unit_cpu __read_mostly; @@ -76937,7 +77951,7 @@ index 926b466..b23df53 100644 if (!mm || IS_ERR(mm)) { rc = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH; diff --git a/mm/rmap.c b/mm/rmap.c -index 2ee1ef0..2e175ba 100644 +index 2c78f8c..9e9c624 100644 --- a/mm/rmap.c +++ b/mm/rmap.c @@ -163,6 +163,10 @@ int anon_vma_prepare(struct vm_area_struct *vma) @@ -77027,7 +78041,7 @@ index 2ee1ef0..2e175ba 100644 struct anon_vma_chain *avc; struct anon_vma *anon_vma; diff --git a/mm/shmem.c b/mm/shmem.c -index 50c5b8f..0bc87f7 100644 +index 5dd56f6..7c51725 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -31,7 +31,7 @@ @@ -77048,7 +78062,7 @@ index 50c5b8f..0bc87f7 100644 /* * shmem_fallocate and shmem_writepage communicate via inode->i_private -@@ -2112,6 +2112,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = { +@@ -2202,6 +2202,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = { static int shmem_xattr_validate(const char *name) { struct { const char *prefix; size_t len; } arr[] = { @@ -77060,7 +78074,7 @@ index 50c5b8f..0bc87f7 100644 { XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN }, { XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN } }; -@@ -2167,6 +2172,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name, +@@ -2257,6 +2262,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name, if (err) return err; @@ -77076,7 +78090,7 @@ index 50c5b8f..0bc87f7 100644 return simple_xattr_set(&info->xattrs, name, value, size, flags); } -@@ -2466,8 +2480,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent) +@@ -2556,8 +2570,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent) int err = -ENOMEM; /* Round up to L1_CACHE_BYTES to resist false sharing */ @@ -77087,28 +78101,10 @@ index 50c5b8f..0bc87f7 100644 return -ENOMEM; diff --git a/mm/slab.c b/mm/slab.c -index 33d3363..3851c61 100644 +index e7667a3..b62c169 100644 --- a/mm/slab.c +++ b/mm/slab.c -@@ -164,7 +164,7 @@ static bool pfmemalloc_active __read_mostly; - - /* Legal flag mask for kmem_cache_create(). */ - #if DEBUG --# define CREATE_MASK (SLAB_RED_ZONE | \ -+# define CREATE_MASK (SLAB_USERCOPY | SLAB_RED_ZONE | \ - SLAB_POISON | SLAB_HWCACHE_ALIGN | \ - SLAB_CACHE_DMA | \ - SLAB_STORE_USER | \ -@@ -172,7 +172,7 @@ static bool pfmemalloc_active __read_mostly; - SLAB_DESTROY_BY_RCU | SLAB_MEM_SPREAD | \ - SLAB_DEBUG_OBJECTS | SLAB_NOLEAKTRACE | SLAB_NOTRACK) - #else --# define CREATE_MASK (SLAB_HWCACHE_ALIGN | \ -+# define CREATE_MASK (SLAB_USERCOPY | SLAB_HWCACHE_ALIGN | \ - SLAB_CACHE_DMA | \ - SLAB_RECLAIM_ACCOUNT | SLAB_PANIC | \ - SLAB_DESTROY_BY_RCU | SLAB_MEM_SPREAD | \ -@@ -322,7 +322,7 @@ struct kmem_list3 { +@@ -306,7 +306,7 @@ struct kmem_list3 { * Need this for bootstrapping a per node allocator. */ #define NUM_INIT_LISTS (3 * MAX_NUMNODES) @@ -77117,7 +78113,7 @@ index 33d3363..3851c61 100644 #define CACHE_CACHE 0 #define SIZE_AC MAX_NUMNODES #define SIZE_L3 (2 * MAX_NUMNODES) -@@ -423,10 +423,10 @@ static void kmem_list3_init(struct kmem_list3 *parent) +@@ -407,10 +407,10 @@ static void kmem_list3_init(struct kmem_list3 *parent) if ((x)->max_freeable < i) \ (x)->max_freeable = i; \ } while (0) @@ -77132,7 +78128,7 @@ index 33d3363..3851c61 100644 #else #define STATS_INC_ACTIVE(x) do { } while (0) #define STATS_DEC_ACTIVE(x) do { } while (0) -@@ -534,7 +534,7 @@ static inline void *index_to_obj(struct kmem_cache *cache, struct slab *slab, +@@ -518,7 +518,7 @@ static inline void *index_to_obj(struct kmem_cache *cache, struct slab *slab, * reciprocal_divide(offset, cache->reciprocal_buffer_size) */ static inline unsigned int obj_to_index(const struct kmem_cache *cache, @@ -77141,7 +78137,7 @@ index 33d3363..3851c61 100644 { u32 offset = (obj - slab->s_mem); return reciprocal_divide(offset, cache->reciprocal_buffer_size); -@@ -555,12 +555,13 @@ EXPORT_SYMBOL(malloc_sizes); +@@ -539,12 +539,13 @@ EXPORT_SYMBOL(malloc_sizes); struct cache_names { char *name; char *name_dma; @@ -77157,7 +78153,7 @@ index 33d3363..3851c61 100644 #undef CACHE }; -@@ -721,6 +722,12 @@ static inline struct kmem_cache *__find_general_cachep(size_t size, +@@ -729,6 +730,12 @@ static inline struct kmem_cache *__find_general_cachep(size_t size, if (unlikely(gfpflags & GFP_DMA)) return csizep->cs_dmacachep; #endif @@ -77170,52 +78166,53 @@ index 33d3363..3851c61 100644 return csizep->cs_cachep; } -@@ -1676,7 +1683,7 @@ void __init kmem_cache_init(void) - sizes[INDEX_AC].cs_cachep->size = sizes[INDEX_AC].cs_size; - sizes[INDEX_AC].cs_cachep->object_size = sizes[INDEX_AC].cs_size; - sizes[INDEX_AC].cs_cachep->align = ARCH_KMALLOC_MINALIGN; -- __kmem_cache_create(sizes[INDEX_AC].cs_cachep, ARCH_KMALLOC_FLAGS|SLAB_PANIC); -+ __kmem_cache_create(sizes[INDEX_AC].cs_cachep, ARCH_KMALLOC_FLAGS|SLAB_PANIC|SLAB_USERCOPY); - list_add(&sizes[INDEX_AC].cs_cachep->list, &slab_caches); - - if (INDEX_AC != INDEX_L3) { -@@ -1685,7 +1692,7 @@ void __init kmem_cache_init(void) - sizes[INDEX_L3].cs_cachep->size = sizes[INDEX_L3].cs_size; - sizes[INDEX_L3].cs_cachep->object_size = sizes[INDEX_L3].cs_size; - sizes[INDEX_L3].cs_cachep->align = ARCH_KMALLOC_MINALIGN; -- __kmem_cache_create(sizes[INDEX_L3].cs_cachep, ARCH_KMALLOC_FLAGS|SLAB_PANIC); -+ __kmem_cache_create(sizes[INDEX_L3].cs_cachep, ARCH_KMALLOC_FLAGS|SLAB_PANIC|SLAB_USERCOPY); - list_add(&sizes[INDEX_L3].cs_cachep->list, &slab_caches); - } - -@@ -1705,7 +1712,7 @@ void __init kmem_cache_init(void) - sizes->cs_cachep->size = sizes->cs_size; - sizes->cs_cachep->object_size = sizes->cs_size; - sizes->cs_cachep->align = ARCH_KMALLOC_MINALIGN; -- __kmem_cache_create(sizes->cs_cachep, ARCH_KMALLOC_FLAGS|SLAB_PANIC); -+ __kmem_cache_create(sizes->cs_cachep, ARCH_KMALLOC_FLAGS|SLAB_PANIC|SLAB_USERCOPY); - list_add(&sizes->cs_cachep->list, &slab_caches); - } +@@ -1482,7 +1489,7 @@ static int __cpuinit cpuup_callback(struct notifier_block *nfb, + return notifier_from_errno(err); + } + +-static struct notifier_block __cpuinitdata cpucache_notifier = { ++static struct notifier_block cpucache_notifier = { + &cpuup_callback, NULL, 0 + }; + +@@ -1667,12 +1674,12 @@ void __init kmem_cache_init(void) + */ + + sizes[INDEX_AC].cs_cachep = create_kmalloc_cache(names[INDEX_AC].name, +- sizes[INDEX_AC].cs_size, ARCH_KMALLOC_FLAGS); ++ sizes[INDEX_AC].cs_size, ARCH_KMALLOC_FLAGS|SLAB_USERCOPY); + + if (INDEX_AC != INDEX_L3) + sizes[INDEX_L3].cs_cachep = + create_kmalloc_cache(names[INDEX_L3].name, +- sizes[INDEX_L3].cs_size, ARCH_KMALLOC_FLAGS); ++ sizes[INDEX_L3].cs_size, ARCH_KMALLOC_FLAGS|SLAB_USERCOPY); + + slab_early_init = 0; + +@@ -1686,13 +1693,20 @@ void __init kmem_cache_init(void) + */ + if (!sizes->cs_cachep) + sizes->cs_cachep = create_kmalloc_cache(names->name, +- sizes->cs_size, ARCH_KMALLOC_FLAGS); ++ sizes->cs_size, ARCH_KMALLOC_FLAGS|SLAB_USERCOPY); + #ifdef CONFIG_ZONE_DMA -@@ -1718,6 +1725,17 @@ void __init kmem_cache_init(void) - ARCH_KMALLOC_FLAGS|SLAB_CACHE_DMA| SLAB_PANIC); - list_add(&sizes->cs_dmacachep->list, &slab_caches); + sizes->cs_dmacachep = create_kmalloc_cache( + names->name_dma, sizes->cs_size, + SLAB_CACHE_DMA|ARCH_KMALLOC_FLAGS); #endif + +#ifdef CONFIG_PAX_USERCOPY_SLABS -+ sizes->cs_usercopycachep = kmem_cache_zalloc(kmem_cache, GFP_NOWAIT); -+ sizes->cs_usercopycachep->name = names->name_usercopy; -+ sizes->cs_usercopycachep->size = sizes->cs_size; -+ sizes->cs_usercopycachep->object_size = sizes->cs_size; -+ sizes->cs_usercopycachep->align = ARCH_KMALLOC_MINALIGN; -+ __kmem_cache_create(sizes->cs_usercopycachep, ARCH_KMALLOC_FLAGS| SLAB_PANIC|SLAB_USERCOPY); -+ list_add(&sizes->cs_usercopycachep->list, &slab_caches); ++ sizes->cs_usercopycachep = create_kmalloc_cache( ++ names->name_usercopy, sizes->cs_size, ++ ARCH_KMALLOC_FLAGS|SLAB_USERCOPY); +#endif + sizes++; names++; } -@@ -4405,10 +4423,10 @@ static int s_show(struct seq_file *m, void *p) +@@ -4365,10 +4379,10 @@ void slabinfo_show_stats(struct seq_file *m, struct kmem_cache *cachep) } /* cpu stats */ { @@ -77230,9 +78227,9 @@ index 33d3363..3851c61 100644 seq_printf(m, " : cpustat %6lu %6lu %6lu %6lu", allochit, allocmiss, freehit, freemiss); -@@ -4667,13 +4685,71 @@ static int __init slab_proc_init(void) +@@ -4600,13 +4614,71 @@ static const struct file_operations proc_slabstats_operations = { + static int __init slab_proc_init(void) { - proc_create("slabinfo",S_IWUSR|S_IRUSR,NULL,&proc_slabinfo_operations); #ifdef CONFIG_DEBUG_SLAB_LEAK - proc_create("slab_allocators", 0, NULL, &proc_slabstats_operations); + proc_create("slab_allocators", S_IRUSR, NULL, &proc_slabstats_operations); @@ -77303,21 +78300,44 @@ index 33d3363..3851c61 100644 /** * ksize - get the actual amount of memory allocated for a given object * @objp: Pointer to the object +diff --git a/mm/slab.h b/mm/slab.h +index 34a98d6..73633d1 100644 +--- a/mm/slab.h ++++ b/mm/slab.h +@@ -58,7 +58,7 @@ __kmem_cache_alias(struct mem_cgroup *memcg, const char *name, size_t size, + + /* Legal flag mask for kmem_cache_create(), for various configurations */ + #define SLAB_CORE_FLAGS (SLAB_HWCACHE_ALIGN | SLAB_CACHE_DMA | SLAB_PANIC | \ +- SLAB_DESTROY_BY_RCU | SLAB_DEBUG_OBJECTS ) ++ SLAB_DESTROY_BY_RCU | SLAB_DEBUG_OBJECTS | SLAB_USERCOPY) + + #if defined(CONFIG_DEBUG_SLAB) + #define SLAB_DEBUG_FLAGS (SLAB_RED_ZONE | SLAB_POISON | SLAB_STORE_USER) +@@ -220,6 +220,9 @@ static inline struct kmem_cache *cache_from_obj(struct kmem_cache *s, void *x) + return s; + + page = virt_to_head_page(x); ++ ++ BUG_ON(!PageSlab(page)); ++ + cachep = page->slab_cache; + if (slab_equal_or_root(cachep, s)) + return cachep; diff --git a/mm/slab_common.c b/mm/slab_common.c -index 069a24e6..226a310 100644 +index 3f3cd97..e050794 100644 --- a/mm/slab_common.c +++ b/mm/slab_common.c -@@ -127,7 +127,7 @@ struct kmem_cache *kmem_cache_create(const char *name, size_t size, size_t align +@@ -209,7 +209,7 @@ kmem_cache_create_memcg(struct mem_cgroup *memcg, const char *name, size_t size, + err = __kmem_cache_create(s, flags); if (!err) { - - s->refcount = 1; + atomic_set(&s->refcount, 1); list_add(&s->list, &slab_caches); - + memcg_cache_list_add(memcg, s); } else { -@@ -163,8 +163,7 @@ void kmem_cache_destroy(struct kmem_cache *s) - { +@@ -255,8 +255,7 @@ void kmem_cache_destroy(struct kmem_cache *s) + get_online_cpus(); mutex_lock(&slab_mutex); - s->refcount--; @@ -77326,11 +78346,29 @@ index 069a24e6..226a310 100644 list_del(&s->list); if (!__kmem_cache_shutdown(s)) { +@@ -302,7 +301,7 @@ void __init create_boot_cache(struct kmem_cache *s, const char *name, size_t siz + panic("Creation of kmalloc slab %s size=%zd failed. Reason %d\n", + name, size, err); + +- s->refcount = -1; /* Exempt from merging for now */ ++ atomic_set(&s->refcount, -1); /* Exempt from merging for now */ + } + + struct kmem_cache *__init create_kmalloc_cache(const char *name, size_t size, +@@ -315,7 +314,7 @@ struct kmem_cache *__init create_kmalloc_cache(const char *name, size_t size, + + create_boot_cache(s, name, size, flags); + list_add(&s->list, &slab_caches); +- s->refcount = 1; ++ atomic_set(&s->refcount, 1); + return s; + } + diff --git a/mm/slob.c b/mm/slob.c -index 1e921c5..1ce12c2 100644 +index a99fdf7..f5b6577 100644 --- a/mm/slob.c +++ b/mm/slob.c -@@ -159,7 +159,7 @@ static void set_slob(slob_t *s, slobidx_t size, slob_t *next) +@@ -157,7 +157,7 @@ static void set_slob(slob_t *s, slobidx_t size, slob_t *next) /* * Return the size of a slob block. */ @@ -77339,7 +78377,7 @@ index 1e921c5..1ce12c2 100644 { if (s->units > 0) return s->units; -@@ -169,7 +169,7 @@ static slobidx_t slob_units(slob_t *s) +@@ -167,7 +167,7 @@ static slobidx_t slob_units(slob_t *s) /* * Return the next free slob block pointer after this one. */ @@ -77348,7 +78386,7 @@ index 1e921c5..1ce12c2 100644 { slob_t *base = (slob_t *)((unsigned long)s & PAGE_MASK); slobidx_t next; -@@ -184,14 +184,14 @@ static slob_t *slob_next(slob_t *s) +@@ -182,14 +182,14 @@ static slob_t *slob_next(slob_t *s) /* * Returns true if s is the last free block in its page. */ @@ -77366,7 +78404,7 @@ index 1e921c5..1ce12c2 100644 #ifdef CONFIG_NUMA if (node != NUMA_NO_NODE) -@@ -203,14 +203,18 @@ static void *slob_new_pages(gfp_t gfp, int order, int node) +@@ -201,14 +201,18 @@ static void *slob_new_pages(gfp_t gfp, int order, int node) if (!page) return NULL; @@ -77388,7 +78426,7 @@ index 1e921c5..1ce12c2 100644 } /* -@@ -315,15 +319,15 @@ static void *slob_alloc(size_t size, gfp_t gfp, int align, int node) +@@ -313,15 +317,15 @@ static void *slob_alloc(size_t size, gfp_t gfp, int align, int node) /* Not enough space: must allocate a new page */ if (!b) { @@ -77408,7 +78446,7 @@ index 1e921c5..1ce12c2 100644 INIT_LIST_HEAD(&sp->list); set_slob(b, SLOB_UNITS(PAGE_SIZE), b + SLOB_UNITS(PAGE_SIZE)); set_slob_page_free(sp, slob_list); -@@ -361,9 +365,7 @@ static void slob_free(void *block, int size) +@@ -359,9 +363,7 @@ static void slob_free(void *block, int size) if (slob_page_free(sp)) clear_slob_page_free(sp); spin_unlock_irqrestore(&slob_lock, flags); @@ -77419,7 +78457,7 @@ index 1e921c5..1ce12c2 100644 return; } -@@ -426,11 +428,10 @@ out: +@@ -424,11 +426,10 @@ out: */ static __always_inline void * @@ -77434,7 +78472,7 @@ index 1e921c5..1ce12c2 100644 gfp &= gfp_allowed_mask; -@@ -444,20 +445,23 @@ __do_kmalloc_node(size_t size, gfp_t gfp, int node, unsigned long caller) +@@ -442,23 +443,41 @@ __do_kmalloc_node(size_t size, gfp_t gfp, int node, unsigned long caller) if (!m) return NULL; @@ -77454,16 +78492,13 @@ index 1e921c5..1ce12c2 100644 if (likely(order)) gfp |= __GFP_COMP; - ret = slob_new_pages(gfp, order, node); -- if (ret) { -- struct page *page; -- page = virt_to_page(ret); + page = slob_new_pages(gfp, order, node); + if (page) { + ret = page_address(page); - page->private = size; - } ++ page->private = size; ++ } -@@ -465,7 +469,17 @@ __do_kmalloc_node(size_t size, gfp_t gfp, int node, unsigned long caller) + trace_kmalloc_node(caller, ret, size, PAGE_SIZE << order, gfp, node); } @@ -77482,7 +78517,7 @@ index 1e921c5..1ce12c2 100644 return ret; } -@@ -501,15 +515,91 @@ void kfree(const void *block) +@@ -494,33 +513,110 @@ void kfree(const void *block) kmemleak_free(block); sp = virt_to_page(block); @@ -77499,7 +78534,7 @@ index 1e921c5..1ce12c2 100644 + __ClearPageSlab(sp); + reset_page_mapcount(sp); + sp->private = 0; - put_page(sp); + __free_pages(sp, compound_order(sp)); + } } EXPORT_SYMBOL(kfree); @@ -77578,22 +78613,31 @@ index 1e921c5..1ce12c2 100644 /* can't use ksize for kmem_cache_alloc memory, only kmalloc */ size_t ksize(const void *block) { -@@ -520,10 +610,11 @@ size_t ksize(const void *block) + struct page *sp; + int align; +- unsigned int *m; ++ slob_t *m; + + BUG_ON(!block); + if (unlikely(block == ZERO_SIZE_PTR)) return 0; sp = virt_to_page(block); -- if (PageSlab(sp)) { +- if (unlikely(!PageSlab(sp))) +- return PAGE_SIZE << compound_order(sp); + VM_BUG_ON(!PageSlab(sp)); -+ if (!sp->private) { - int align = max_t(size_t, ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN); -- unsigned int *m = (unsigned int *)(block - align); -- return SLOB_UNITS(*m) * SLOB_UNIT; -+ slob_t *m = (slob_t *)(block - align); -+ return SLOB_UNITS(m[0].units) * SLOB_UNIT; - } else - return sp->private; ++ if (sp->private) ++ return sp->private; + + align = max_t(size_t, ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN); +- m = (unsigned int *)(block - align); +- return SLOB_UNITS(*m) * SLOB_UNIT; ++ m = (slob_t *)(block - align); ++ return SLOB_UNITS(m[0].units) * SLOB_UNIT; } -@@ -550,23 +641,33 @@ int __kmem_cache_create(struct kmem_cache *c, unsigned long flags) + EXPORT_SYMBOL(ksize); + +@@ -536,23 +632,33 @@ int __kmem_cache_create(struct kmem_cache *c, unsigned long flags) void *kmem_cache_alloc_node(struct kmem_cache *c, gfp_t flags, int node) { @@ -77609,7 +78653,7 @@ index 1e921c5..1ce12c2 100644 +#else if (c->size < PAGE_SIZE) { b = slob_alloc(c->size, flags, c->align, node); - trace_kmem_cache_alloc_node(_RET_IP_, b, c->size, + trace_kmem_cache_alloc_node(_RET_IP_, b, c->object_size, SLOB_UNITS(c->size) * SLOB_UNIT, flags, node); } else { @@ -77621,7 +78665,7 @@ index 1e921c5..1ce12c2 100644 + b = page_address(sp); + sp->private = c->size; + } - trace_kmem_cache_alloc_node(_RET_IP_, b, c->size, + trace_kmem_cache_alloc_node(_RET_IP_, b, c->object_size, PAGE_SIZE << get_order(c->size), flags, node); } @@ -77629,7 +78673,7 @@ index 1e921c5..1ce12c2 100644 if (c->ctor) c->ctor(b); -@@ -578,10 +679,14 @@ EXPORT_SYMBOL(kmem_cache_alloc_node); +@@ -564,10 +670,14 @@ EXPORT_SYMBOL(kmem_cache_alloc_node); static void __kmem_cache_free(void *b, int size) { @@ -77646,7 +78690,7 @@ index 1e921c5..1ce12c2 100644 } static void kmem_rcu_free(struct rcu_head *head) -@@ -594,17 +699,31 @@ static void kmem_rcu_free(struct rcu_head *head) +@@ -580,17 +690,31 @@ static void kmem_rcu_free(struct rcu_head *head) void kmem_cache_free(struct kmem_cache *c, void *b) { @@ -77682,10 +78726,10 @@ index 1e921c5..1ce12c2 100644 EXPORT_SYMBOL(kmem_cache_free); diff --git a/mm/slub.c b/mm/slub.c -index 321afab..9595170 100644 +index ba2ca53..00b1f4e 100644 --- a/mm/slub.c +++ b/mm/slub.c -@@ -201,7 +201,7 @@ struct track { +@@ -197,7 +197,7 @@ struct track { enum track_item { TRACK_ALLOC, TRACK_FREE }; @@ -77694,7 +78738,7 @@ index 321afab..9595170 100644 static int sysfs_slab_add(struct kmem_cache *); static int sysfs_slab_alias(struct kmem_cache *, const char *); static void sysfs_slab_remove(struct kmem_cache *); -@@ -521,7 +521,7 @@ static void print_track(const char *s, struct track *t) +@@ -518,7 +518,7 @@ static void print_track(const char *s, struct track *t) if (!t->addr) return; @@ -77703,16 +78747,7 @@ index 321afab..9595170 100644 s, (void *)t->addr, jiffies - t->when, t->cpu, t->pid); #ifdef CONFIG_STACKTRACE { -@@ -2623,6 +2623,8 @@ void kmem_cache_free(struct kmem_cache *s, void *x) - - page = virt_to_head_page(x); - -+ BUG_ON(!PageSlab(page)); -+ - if (kmem_cache_debug(s) && page->slab != s) { - pr_err("kmem_cache_free: Wrong slab cache. %s but object" - " is from %s\n", page->slab->name, s->name); -@@ -2663,7 +2665,7 @@ static int slub_min_objects; +@@ -2653,7 +2653,7 @@ static int slub_min_objects; * Merge control. If this is set then no merging of slab caches will occur. * (Could be removed. This was introduced to pacify the merge skeptics.) */ @@ -77721,7 +78756,7 @@ index 321afab..9595170 100644 /* * Calculate the order of allocation given an slab object size. -@@ -3225,6 +3227,10 @@ EXPORT_SYMBOL(kmalloc_caches); +@@ -3181,6 +3181,10 @@ EXPORT_SYMBOL(kmalloc_caches); static struct kmem_cache *kmalloc_dma_caches[SLUB_PAGE_SHIFT]; #endif @@ -77732,16 +78767,7 @@ index 321afab..9595170 100644 static int __init setup_slub_min_order(char *str) { get_option(&str, &slub_min_order); -@@ -3279,7 +3285,7 @@ static struct kmem_cache *__init create_kmalloc_cache(const char *name, - if (kmem_cache_open(s, flags)) - goto panic; - -- s->refcount = 1; -+ atomic_set(&s->refcount, 1); - list_add(&s->list, &slab_caches); - return s; - -@@ -3343,6 +3349,13 @@ static struct kmem_cache *get_slab(size_t size, gfp_t flags) +@@ -3272,6 +3276,13 @@ static struct kmem_cache *get_slab(size_t size, gfp_t flags) return kmalloc_dma_caches[index]; #endif @@ -77755,7 +78781,7 @@ index 321afab..9595170 100644 return kmalloc_caches[index]; } -@@ -3411,6 +3424,59 @@ void *__kmalloc_node(size_t size, gfp_t flags, int node) +@@ -3340,6 +3351,59 @@ void *__kmalloc_node(size_t size, gfp_t flags, int node) EXPORT_SYMBOL(__kmalloc_node); #endif @@ -77778,7 +78804,7 @@ index 321afab..9595170 100644 + if (!PageSlab(page)) + return false; + -+ s = page->slab; ++ s = page->slab_cache; + return s->flags & SLAB_USERCOPY; +} + @@ -77800,7 +78826,7 @@ index 321afab..9595170 100644 + if (!PageSlab(page)) + return NULL; + -+ s = page->slab; ++ s = page->slab_cache; + if (!(s->flags & SLAB_USERCOPY)) + return s->name; + @@ -77815,16 +78841,7 @@ index 321afab..9595170 100644 size_t ksize(const void *object) { struct page *page; -@@ -3685,7 +3751,7 @@ static void __init kmem_cache_bootstrap_fixup(struct kmem_cache *s) - int node; - - list_add(&s->list, &slab_caches); -- s->refcount = -1; -+ atomic_set(&s->refcount, -1); - - for_each_node_state(node, N_NORMAL_MEMORY) { - struct kmem_cache_node *n = get_node(s, node); -@@ -3808,17 +3874,17 @@ void __init kmem_cache_init(void) +@@ -3712,17 +3776,17 @@ void __init kmem_cache_init(void) /* Caches that are not of the two-to-the-power-of size */ if (KMALLOC_MIN_SIZE <= 32) { @@ -77845,7 +78862,7 @@ index 321afab..9595170 100644 caches++; } -@@ -3860,6 +3926,22 @@ void __init kmem_cache_init(void) +@@ -3764,6 +3828,22 @@ void __init kmem_cache_init(void) } } #endif @@ -77868,7 +78885,7 @@ index 321afab..9595170 100644 printk(KERN_INFO "SLUB: Genslabs=%d, HWalign=%d, Order=%d-%d, MinObjects=%d," " CPUs=%d, Nodes=%d\n", -@@ -3886,7 +3968,7 @@ static int slab_unmergeable(struct kmem_cache *s) +@@ -3790,7 +3870,7 @@ static int slab_unmergeable(struct kmem_cache *s) /* * We may have set a slab to be unmergeable during bootstrap. */ @@ -77877,16 +78894,16 @@ index 321afab..9595170 100644 return 1; return 0; -@@ -3940,7 +4022,7 @@ struct kmem_cache *__kmem_cache_alias(const char *name, size_t size, +@@ -3848,7 +3928,7 @@ __kmem_cache_alias(struct mem_cgroup *memcg, const char *name, size_t size, - s = find_mergeable(size, align, flags, name, ctor); + s = find_mergeable(memcg, size, align, flags, name, ctor); if (s) { - s->refcount++; + atomic_inc(&s->refcount); /* * Adjust the object sizes so that we clear * the complete object on kzalloc. -@@ -3949,7 +4031,7 @@ struct kmem_cache *__kmem_cache_alias(const char *name, size_t size, +@@ -3857,7 +3937,7 @@ __kmem_cache_alias(struct mem_cgroup *memcg, const char *name, size_t size, s->inuse = max_t(int, s->inuse, ALIGN(size, sizeof(void *))); if (sysfs_slab_alias(s, name)) { @@ -77895,7 +78912,16 @@ index 321afab..9595170 100644 s = NULL; } } -@@ -4064,7 +4146,7 @@ void *__kmalloc_node_track_caller(size_t size, gfp_t gfpflags, +@@ -3919,7 +3999,7 @@ static int __cpuinit slab_cpuup_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata slab_notifier = { ++static struct notifier_block slab_notifier = { + .notifier_call = slab_cpuup_callback + }; + +@@ -3977,7 +4057,7 @@ void *__kmalloc_node_track_caller(size_t size, gfp_t gfpflags, } #endif @@ -77904,7 +78930,7 @@ index 321afab..9595170 100644 static int count_inuse(struct page *page) { return page->inuse; -@@ -4451,12 +4533,12 @@ static void resiliency_test(void) +@@ -4364,12 +4444,12 @@ static void resiliency_test(void) validate_slab_cache(kmalloc_caches[9]); } #else @@ -77919,7 +78945,7 @@ index 321afab..9595170 100644 enum slab_stat_type { SL_ALL, /* All slabs */ SL_PARTIAL, /* Only partially allocated slabs */ -@@ -4700,7 +4782,7 @@ SLAB_ATTR_RO(ctor); +@@ -4613,7 +4693,7 @@ SLAB_ATTR_RO(ctor); static ssize_t aliases_show(struct kmem_cache *s, char *buf) { @@ -77928,7 +78954,7 @@ index 321afab..9595170 100644 } SLAB_ATTR_RO(aliases); -@@ -5262,6 +5344,7 @@ static char *create_unique_id(struct kmem_cache *s) +@@ -5266,6 +5346,7 @@ static char *create_unique_id(struct kmem_cache *s) return name; } @@ -77936,7 +78962,7 @@ index 321afab..9595170 100644 static int sysfs_slab_add(struct kmem_cache *s) { int err; -@@ -5324,6 +5407,7 @@ static void sysfs_slab_remove(struct kmem_cache *s) +@@ -5323,6 +5404,7 @@ static void sysfs_slab_remove(struct kmem_cache *s) kobject_del(&s->kobj); kobject_put(&s->kobj); } @@ -77944,7 +78970,7 @@ index 321afab..9595170 100644 /* * Need to buffer aliases during bootup until sysfs becomes -@@ -5337,6 +5421,7 @@ struct saved_alias { +@@ -5336,6 +5418,7 @@ struct saved_alias { static struct saved_alias *alias_list; @@ -77952,7 +78978,7 @@ index 321afab..9595170 100644 static int sysfs_slab_alias(struct kmem_cache *s, const char *name) { struct saved_alias *al; -@@ -5359,6 +5444,7 @@ static int sysfs_slab_alias(struct kmem_cache *s, const char *name) +@@ -5358,6 +5441,7 @@ static int sysfs_slab_alias(struct kmem_cache *s, const char *name) alias_list = al; return 0; } @@ -77982,6 +79008,19 @@ index 1b7e22a..3fcd4f3 100644 } return pgd; } +diff --git a/mm/sparse.c b/mm/sparse.c +index 6b5fb76..db0c190 100644 +--- a/mm/sparse.c ++++ b/mm/sparse.c +@@ -782,7 +782,7 @@ static void clear_hwpoisoned_pages(struct page *memmap, int nr_pages) + + for (i = 0; i < PAGES_PER_SECTION; i++) { + if (PageHWPoison(&memmap[i])) { +- atomic_long_sub(1, &mce_bad_pages); ++ atomic_long_sub_unchecked(1, &mce_bad_pages); + ClearPageHWPoison(&memmap[i]); + } + } diff --git a/mm/swap.c b/mm/swap.c index 6310dc2..3662b3f 100644 --- a/mm/swap.c @@ -78004,7 +79043,7 @@ index 6310dc2..3662b3f 100644 } diff --git a/mm/swapfile.c b/mm/swapfile.c -index f91a255..9dcac21 100644 +index e97a0e5..b50e796 100644 --- a/mm/swapfile.c +++ b/mm/swapfile.c @@ -64,7 +64,7 @@ static DEFINE_MUTEX(swapon_mutex); @@ -78016,7 +79055,7 @@ index f91a255..9dcac21 100644 static inline unsigned char swap_count(unsigned char ent) { -@@ -1601,7 +1601,7 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile) +@@ -1608,7 +1608,7 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile) } filp_close(swap_file, NULL); err = 0; @@ -78025,7 +79064,7 @@ index f91a255..9dcac21 100644 wake_up_interruptible(&proc_poll_wait); out_dput: -@@ -1618,8 +1618,8 @@ static unsigned swaps_poll(struct file *file, poll_table *wait) +@@ -1625,8 +1625,8 @@ static unsigned swaps_poll(struct file *file, poll_table *wait) poll_wait(file, &proc_poll_wait, wait); @@ -78036,7 +79075,7 @@ index f91a255..9dcac21 100644 return POLLIN | POLLRDNORM | POLLERR | POLLPRI; } -@@ -1717,7 +1717,7 @@ static int swaps_open(struct inode *inode, struct file *file) +@@ -1724,7 +1724,7 @@ static int swaps_open(struct inode *inode, struct file *file) return ret; seq = file->private_data; @@ -78045,7 +79084,7 @@ index f91a255..9dcac21 100644 return 0; } -@@ -2059,7 +2059,7 @@ SYSCALL_DEFINE2(swapon, const char __user *, specialfile, int, swap_flags) +@@ -2066,7 +2066,7 @@ SYSCALL_DEFINE2(swapon, const char __user *, specialfile, int, swap_flags) (frontswap_map) ? "FS" : ""); mutex_unlock(&swapon_mutex); @@ -78055,7 +79094,7 @@ index f91a255..9dcac21 100644 if (S_ISREG(inode->i_mode)) diff --git a/mm/util.c b/mm/util.c -index dc3036c..b6c7c9d 100644 +index c55e26b..3f913a9 100644 --- a/mm/util.c +++ b/mm/util.c @@ -292,6 +292,12 @@ done: @@ -78072,7 +79111,7 @@ index dc3036c..b6c7c9d 100644 mm->unmap_area = arch_unmap_area; } diff --git a/mm/vmalloc.c b/mm/vmalloc.c -index 78e0830..bc6bbd8 100644 +index 5123a16..f234a48 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -39,8 +39,19 @@ static void vunmap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end) @@ -78270,7 +79309,7 @@ index 78e0830..bc6bbd8 100644 if (v->nr_pages) seq_printf(m, " pages=%d", v->nr_pages); diff --git a/mm/vmstat.c b/mm/vmstat.c -index c737057..a49753a 100644 +index 9800306..76b4b27 100644 --- a/mm/vmstat.c +++ b/mm/vmstat.c @@ -78,7 +78,7 @@ void vm_events_fold_cpu(int cpu) @@ -78311,7 +79350,16 @@ index c737057..a49753a 100644 } } #endif -@@ -1224,10 +1224,20 @@ static int __init setup_vmstat(void) +@@ -1223,7 +1223,7 @@ static int __cpuinit vmstat_cpuup_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata vmstat_notifier = ++static struct notifier_block vmstat_notifier = + { &vmstat_cpuup_callback, NULL, 0 }; + #endif + +@@ -1238,10 +1238,20 @@ static int __init setup_vmstat(void) start_cpu_timer(cpu); #endif #ifdef CONFIG_PROC_FS @@ -78337,10 +79385,10 @@ index c737057..a49753a 100644 return 0; } diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c -index ee07072..593e3fd 100644 +index a292e80..785ee68 100644 --- a/net/8021q/vlan.c +++ b/net/8021q/vlan.c -@@ -484,7 +484,7 @@ out: +@@ -485,7 +485,7 @@ out: return NOTIFY_DONE; } @@ -78349,9 +79397,9 @@ index ee07072..593e3fd 100644 .notifier_call = vlan_device_event, }; -@@ -559,8 +559,7 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg) +@@ -560,8 +560,7 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg) err = -EPERM; - if (!capable(CAP_NET_ADMIN)) + if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) break; - if ((args.u.name_type >= 0) && - (args.u.name_type < VLAN_NAME_TYPE_HIGHEST)) { @@ -78465,44 +79513,44 @@ index 0447d5d..3cf4728 100644 #undef __HANDLE_ITEM } diff --git a/net/batman-adv/bat_iv_ogm.c b/net/batman-adv/bat_iv_ogm.c -index c6fcc76..1270d14 100644 +index 7d02ebd..4d4cc01 100644 --- a/net/batman-adv/bat_iv_ogm.c +++ b/net/batman-adv/bat_iv_ogm.c -@@ -62,7 +62,7 @@ static int batadv_iv_ogm_iface_enable(struct batadv_hard_iface *hard_iface) +@@ -63,7 +63,7 @@ static int batadv_iv_ogm_iface_enable(struct batadv_hard_iface *hard_iface) /* randomize initial seqno to avoid collision */ get_random_bytes(&random_seqno, sizeof(random_seqno)); -- atomic_set(&hard_iface->seqno, random_seqno); -+ atomic_set_unchecked(&hard_iface->seqno, random_seqno); +- atomic_set(&hard_iface->bat_iv.ogm_seqno, random_seqno); ++ atomic_set_unchecked(&hard_iface->bat_iv.ogm_seqno, random_seqno); - hard_iface->packet_len = BATADV_OGM_HLEN; - hard_iface->packet_buff = kmalloc(hard_iface->packet_len, GFP_ATOMIC); -@@ -608,9 +608,9 @@ static void batadv_iv_ogm_schedule(struct batadv_hard_iface *hard_iface) - batadv_ogm_packet = (struct batadv_ogm_packet *)hard_iface->packet_buff; + hard_iface->bat_iv.ogm_buff_len = BATADV_OGM_HLEN; + ogm_buff = kmalloc(hard_iface->bat_iv.ogm_buff_len, GFP_ATOMIC); +@@ -615,9 +615,9 @@ static void batadv_iv_ogm_schedule(struct batadv_hard_iface *hard_iface) + batadv_ogm_packet = (struct batadv_ogm_packet *)(*ogm_buff); /* change sequence number to network order */ -- seqno = (uint32_t)atomic_read(&hard_iface->seqno); -+ seqno = (uint32_t)atomic_read_unchecked(&hard_iface->seqno); +- seqno = (uint32_t)atomic_read(&hard_iface->bat_iv.ogm_seqno); ++ seqno = (uint32_t)atomic_read_unchecked(&hard_iface->bat_iv.ogm_seqno); batadv_ogm_packet->seqno = htonl(seqno); -- atomic_inc(&hard_iface->seqno); -+ atomic_inc_unchecked(&hard_iface->seqno); +- atomic_inc(&hard_iface->bat_iv.ogm_seqno); ++ atomic_inc_unchecked(&hard_iface->bat_iv.ogm_seqno); batadv_ogm_packet->ttvn = atomic_read(&bat_priv->tt.vn); batadv_ogm_packet->tt_crc = htons(bat_priv->tt.local_crc); -@@ -1015,7 +1015,7 @@ static void batadv_iv_ogm_process(const struct ethhdr *ethhdr, +@@ -1022,7 +1022,7 @@ static void batadv_iv_ogm_process(const struct ethhdr *ethhdr, return; /* could be changed by schedule_own_packet() */ -- if_incoming_seqno = atomic_read(&if_incoming->seqno); -+ if_incoming_seqno = atomic_read_unchecked(&if_incoming->seqno); +- if_incoming_seqno = atomic_read(&if_incoming->bat_iv.ogm_seqno); ++ if_incoming_seqno = atomic_read_unchecked(&if_incoming->bat_iv.ogm_seqno); if (batadv_ogm_packet->flags & BATADV_DIRECTLINK) has_directlink_flag = 1; diff --git a/net/batman-adv/hard-interface.c b/net/batman-adv/hard-interface.c -index d112fd6..686a447 100644 +index f1d37cd..4190879 100644 --- a/net/batman-adv/hard-interface.c +++ b/net/batman-adv/hard-interface.c -@@ -327,7 +327,7 @@ int batadv_hardif_enable_interface(struct batadv_hard_iface *hard_iface, +@@ -370,7 +370,7 @@ int batadv_hardif_enable_interface(struct batadv_hard_iface *hard_iface, hard_iface->batman_adv_ptype.dev = hard_iface->net_dev; dev_add_pack(&hard_iface->batman_adv_ptype); @@ -78511,20 +79559,20 @@ index d112fd6..686a447 100644 batadv_info(hard_iface->soft_iface, "Adding interface: %s\n", hard_iface->net_dev->name); -@@ -450,7 +450,7 @@ batadv_hardif_add_interface(struct net_device *net_dev) +@@ -493,7 +493,7 @@ batadv_hardif_add_interface(struct net_device *net_dev) /* This can't be called via a bat_priv callback because * we have no bat_priv yet. */ -- atomic_set(&hard_iface->seqno, 1); -+ atomic_set_unchecked(&hard_iface->seqno, 1); - hard_iface->packet_buff = NULL; +- atomic_set(&hard_iface->bat_iv.ogm_seqno, 1); ++ atomic_set_unchecked(&hard_iface->bat_iv.ogm_seqno, 1); + hard_iface->bat_iv.ogm_buff = NULL; return hard_iface; diff --git a/net/batman-adv/soft-interface.c b/net/batman-adv/soft-interface.c -index ce0684a..4a0cbf1 100644 +index 6b548fd..fc32c8d 100644 --- a/net/batman-adv/soft-interface.c +++ b/net/batman-adv/soft-interface.c -@@ -234,7 +234,7 @@ static int batadv_interface_tx(struct sk_buff *skb, +@@ -252,7 +252,7 @@ static int batadv_interface_tx(struct sk_buff *skb, primary_if->net_dev->dev_addr, ETH_ALEN); /* set broadcast sequence number */ @@ -78532,8 +79580,8 @@ index ce0684a..4a0cbf1 100644 + seqno = atomic_inc_return_unchecked(&bat_priv->bcast_seqno); bcast_packet->seqno = htonl(seqno); - batadv_add_bcast_packet_to_list(bat_priv, skb, 1); -@@ -427,7 +427,7 @@ struct net_device *batadv_softif_create(const char *name) + batadv_add_bcast_packet_to_list(bat_priv, skb, brd_delay); +@@ -497,7 +497,7 @@ struct net_device *batadv_softif_create(const char *name) atomic_set(&bat_priv->batman_queue_left, BATADV_BATMAN_QUEUE_LEN); atomic_set(&bat_priv->mesh_state, BATADV_MESH_INACTIVE); @@ -78543,21 +79591,28 @@ index ce0684a..4a0cbf1 100644 atomic_set(&bat_priv->tt.local_changes, 0); atomic_set(&bat_priv->tt.ogm_append_cnt, 0); diff --git a/net/batman-adv/types.h b/net/batman-adv/types.h -index ac1e07a..4c846e2 100644 +index ae9ac9a..11e0fe7 100644 --- a/net/batman-adv/types.h +++ b/net/batman-adv/types.h -@@ -33,8 +33,8 @@ struct batadv_hard_iface { +@@ -48,7 +48,7 @@ + struct batadv_hard_iface_bat_iv { + unsigned char *ogm_buff; + int ogm_buff_len; +- atomic_t ogm_seqno; ++ atomic_unchecked_t ogm_seqno; + }; + + struct batadv_hard_iface { +@@ -56,7 +56,7 @@ struct batadv_hard_iface { int16_t if_num; char if_status; struct net_device *net_dev; -- atomic_t seqno; - atomic_t frag_seqno; -+ atomic_unchecked_t seqno; + atomic_unchecked_t frag_seqno; - unsigned char *packet_buff; - int packet_len; struct kobject *hardif_obj; -@@ -244,7 +244,7 @@ struct batadv_priv { + atomic_t refcount; + struct packet_type batman_adv_ptype; +@@ -284,7 +284,7 @@ struct batadv_priv { atomic_t orig_interval; /* uint */ atomic_t hop_penalty; /* uint */ atomic_t log_level; /* uint */ @@ -78567,7 +79622,7 @@ index ac1e07a..4c846e2 100644 atomic_t batman_queue_left; char num_ifaces; diff --git a/net/batman-adv/unicast.c b/net/batman-adv/unicast.c -index f397232..3206a33 100644 +index 10aff49..ea8e021 100644 --- a/net/batman-adv/unicast.c +++ b/net/batman-adv/unicast.c @@ -272,7 +272,7 @@ int batadv_frag_send_skb(struct sk_buff *skb, struct batadv_priv *bat_priv, @@ -78593,10 +79648,10 @@ index 07f0739..3c42e34 100644 err = -EFAULT; break; diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c -index a91239d..d7ed533 100644 +index 22e6583..426e2f3 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c -@@ -3183,8 +3183,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, voi +@@ -3400,8 +3400,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, break; case L2CAP_CONF_RFC: @@ -78608,12 +79663,12 @@ index a91239d..d7ed533 100644 + memcpy(&rfc, (void *)val, olen); if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) && - rfc.mode != chan->mode) + rfc.mode != chan->mode) diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c -index 083f2bf..799f9448 100644 +index 1bcfb84..dad9f98 100644 --- a/net/bluetooth/l2cap_sock.c +++ b/net/bluetooth/l2cap_sock.c -@@ -471,7 +471,8 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __us +@@ -479,7 +479,8 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, struct sock *sk = sock->sk; struct l2cap_chan *chan = l2cap_pi(sk)->chan; struct l2cap_options opts; @@ -78623,7 +79678,7 @@ index 083f2bf..799f9448 100644 u32 opt; BT_DBG("sk %p", sk); -@@ -493,7 +494,7 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __us +@@ -501,7 +502,7 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, opts.max_tx = chan->max_tx; opts.txwin_size = chan->tx_win; @@ -78632,7 +79687,7 @@ index 083f2bf..799f9448 100644 if (copy_from_user((char *) &opts, optval, len)) { err = -EFAULT; break; -@@ -571,7 +572,8 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch +@@ -581,7 +582,8 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, struct bt_security sec; struct bt_power pwr; struct l2cap_conn *conn; @@ -78642,7 +79697,7 @@ index 083f2bf..799f9448 100644 u32 opt; BT_DBG("sk %p", sk); -@@ -594,7 +596,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch +@@ -604,7 +606,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, sec.level = BT_SECURITY_LOW; @@ -78651,7 +79706,7 @@ index 083f2bf..799f9448 100644 if (copy_from_user((char *) &sec, optval, len)) { err = -EFAULT; break; -@@ -691,7 +693,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch +@@ -701,7 +703,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, pwr.force_active = BT_POWER_FORCE_ACTIVE_ON; @@ -78661,7 +79716,7 @@ index 083f2bf..799f9448 100644 err = -EFAULT; break; diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c -index 868a909..d044bc3 100644 +index ce3f665..2c7d08f 100644 --- a/net/bluetooth/rfcomm/sock.c +++ b/net/bluetooth/rfcomm/sock.c @@ -667,7 +667,7 @@ static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, c @@ -78683,7 +79738,7 @@ index 868a909..d044bc3 100644 err = -EFAULT; break; diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c -index ccc2487..921073d 100644 +index bd6fd0f..6492cba 100644 --- a/net/bluetooth/rfcomm/tty.c +++ b/net/bluetooth/rfcomm/tty.c @@ -309,7 +309,7 @@ static void rfcomm_dev_del(struct rfcomm_dev *dev) @@ -78698,9 +79753,9 @@ index ccc2487..921073d 100644 @@ -664,10 +664,10 @@ static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp) return -ENODEV; - BT_DBG("dev %p dst %s channel %d opened %d", dev, batostr(&dev->dst), -- dev->channel, dev->port.count); -+ dev->channel, atomic_read(&dev->port.count)); + BT_DBG("dev %p dst %pMR channel %d opened %d", dev, &dev->dst, +- dev->channel, dev->port.count); ++ dev->channel, atomic_read(&dev->port.count)); spin_lock_irqsave(&dev->port.lock, flags); - if (++dev->port.count > 1) { @@ -78753,7 +79808,7 @@ index 5fe2ff3..121d696 100644 break; } diff --git a/net/caif/cfctrl.c b/net/caif/cfctrl.c -index 44f270f..1f5602d 100644 +index a376ec1..1fbd6be 100644 --- a/net/caif/cfctrl.c +++ b/net/caif/cfctrl.c @@ -10,6 +10,7 @@ @@ -78809,7 +79864,7 @@ index ddac1ee..3ee0a78 100644 }; diff --git a/net/can/gw.c b/net/can/gw.c -index 1f5c978..ef714c7 100644 +index 574dda78e..3d2b3da 100644 --- a/net/can/gw.c +++ b/net/can/gw.c @@ -67,7 +67,6 @@ MODULE_AUTHOR("Oliver Hartkopp <oliver.hartkopp@volkswagen.de>"); @@ -78820,7 +79875,7 @@ index 1f5c978..ef714c7 100644 static struct kmem_cache *cgw_cache __read_mostly; -@@ -887,6 +886,10 @@ static int cgw_remove_job(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg) +@@ -893,6 +892,10 @@ static int cgw_remove_job(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg) return err; } @@ -78831,7 +79886,7 @@ index 1f5c978..ef714c7 100644 static __init int cgw_module_init(void) { printk(banner); -@@ -898,7 +901,6 @@ static __init int cgw_module_init(void) +@@ -904,7 +907,6 @@ static __init int cgw_module_init(void) return -ENOMEM; /* set notifier */ @@ -78980,18 +80035,9 @@ index 79ae884..17c5c09 100644 a0 = a[0]; a1 = a[1]; diff --git a/net/core/datagram.c b/net/core/datagram.c -index 0337e2b..f82d4a3 100644 +index 368f9c3..f82d4a3 100644 --- a/net/core/datagram.c +++ b/net/core/datagram.c -@@ -187,7 +187,7 @@ struct sk_buff *__skb_recv_datagram(struct sock *sk, unsigned int flags, - skb_queue_walk(queue, skb) { - *peeked = skb->peeked; - if (flags & MSG_PEEK) { -- if (*off >= skb->len) { -+ if (*off >= skb->len && skb->len) { - *off -= skb->len; - continue; - } @@ -289,7 +289,7 @@ int skb_kill_datagram(struct sock *sk, struct sk_buff *skb, unsigned int flags) } @@ -79002,10 +80048,10 @@ index 0337e2b..f82d4a3 100644 return err; diff --git a/net/core/dev.c b/net/core/dev.c -index 3470794..eb5008c 100644 +index f64e439..8f959e6 100644 --- a/net/core/dev.c +++ b/net/core/dev.c -@@ -1162,9 +1162,13 @@ void dev_load(struct net *net, const char *name) +@@ -1250,9 +1250,13 @@ void dev_load(struct net *net, const char *name) if (no_module && capable(CAP_NET_ADMIN)) no_module = request_module("netdev-%s", name); if (no_module && capable(CAP_SYS_MODULE)) { @@ -79019,7 +80065,7 @@ index 3470794..eb5008c 100644 } } EXPORT_SYMBOL(dev_load); -@@ -1627,7 +1631,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) +@@ -1715,7 +1719,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) { if (skb_shinfo(skb)->tx_flags & SKBTX_DEV_ZEROCOPY) { if (skb_copy_ubufs(skb, GFP_ATOMIC)) { @@ -79028,7 +80074,7 @@ index 3470794..eb5008c 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -1637,7 +1641,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) +@@ -1725,7 +1729,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) nf_reset(skb); if (unlikely(!is_skb_forwardable(dev, skb))) { @@ -79037,7 +80083,7 @@ index 3470794..eb5008c 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -2093,7 +2097,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb) +@@ -2180,7 +2184,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb) struct dev_gso_cb { void (*destructor)(struct sk_buff *skb); @@ -79046,7 +80092,7 @@ index 3470794..eb5008c 100644 #define DEV_GSO_CB(skb) ((struct dev_gso_cb *)(skb)->cb) -@@ -2955,7 +2959,7 @@ enqueue: +@@ -3053,7 +3057,7 @@ enqueue: local_irq_restore(flags); @@ -79055,7 +80101,7 @@ index 3470794..eb5008c 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -3027,7 +3031,7 @@ int netif_rx_ni(struct sk_buff *skb) +@@ -3125,7 +3129,7 @@ int netif_rx_ni(struct sk_buff *skb) } EXPORT_SYMBOL(netif_rx_ni); @@ -79064,7 +80110,7 @@ index 3470794..eb5008c 100644 { struct softnet_data *sd = &__get_cpu_var(softnet_data); -@@ -3358,7 +3362,7 @@ ncls: +@@ -3456,7 +3460,7 @@ ncls: ret = pt_prev->func(skb, skb->dev, pt_prev, orig_dev); } else { drop: @@ -79073,7 +80119,7 @@ index 3470794..eb5008c 100644 kfree_skb(skb); /* Jamal, now you will not able to escape explaining * me how you were going to use this. :-) -@@ -3944,7 +3948,7 @@ void netif_napi_del(struct napi_struct *napi) +@@ -4039,7 +4043,7 @@ void netif_napi_del(struct napi_struct *napi) } EXPORT_SYMBOL(netif_napi_del); @@ -79082,7 +80128,7 @@ index 3470794..eb5008c 100644 { struct softnet_data *sd = &__get_cpu_var(softnet_data); unsigned long time_limit = jiffies + 2; -@@ -4423,8 +4427,13 @@ static int ptype_seq_show(struct seq_file *seq, void *v) +@@ -4523,8 +4527,13 @@ static int ptype_seq_show(struct seq_file *seq, void *v) else seq_printf(seq, "%04x", ntohs(pt->type)); @@ -79096,7 +80142,7 @@ index 3470794..eb5008c 100644 } return 0; -@@ -5987,7 +5996,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev, +@@ -6096,7 +6105,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev, } else { netdev_stats_to_stats64(storage, &dev->stats); } @@ -79106,7 +80152,7 @@ index 3470794..eb5008c 100644 } EXPORT_SYMBOL(dev_get_stats); diff --git a/net/core/flow.c b/net/core/flow.c -index e318c7e..168b1d0 100644 +index b0901ee..7d3c2ca 100644 --- a/net/core/flow.c +++ b/net/core/flow.c @@ -61,7 +61,7 @@ struct flow_cache { @@ -79168,7 +80214,7 @@ index 7e7aeb0..2a998cb 100644 m->msg_iov = iov; diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c -index fad649a..df5891e 100644 +index 1868625..5f4de62 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -58,7 +58,7 @@ struct rtnl_link { @@ -79181,10 +80227,10 @@ index fad649a..df5891e 100644 static DEFINE_MUTEX(rtnl_mutex); diff --git a/net/core/scm.c b/net/core/scm.c -index ab57084..0190c8f 100644 +index 905dcc6..14ee2d6 100644 --- a/net/core/scm.c +++ b/net/core/scm.c -@@ -223,7 +223,7 @@ EXPORT_SYMBOL(__scm_send); +@@ -224,7 +224,7 @@ EXPORT_SYMBOL(__scm_send); int put_cmsg(struct msghdr * msg, int level, int type, int len, void *data) { struct cmsghdr __user *cm @@ -79193,7 +80239,7 @@ index ab57084..0190c8f 100644 struct cmsghdr cmhdr; int cmlen = CMSG_LEN(len); int err; -@@ -246,7 +246,7 @@ int put_cmsg(struct msghdr * msg, int level, int type, int len, void *data) +@@ -247,7 +247,7 @@ int put_cmsg(struct msghdr * msg, int level, int type, int len, void *data) err = -EFAULT; if (copy_to_user(cm, &cmhdr, sizeof cmhdr)) goto out; @@ -79202,7 +80248,7 @@ index ab57084..0190c8f 100644 goto out; cmlen = CMSG_SPACE(len); if (msg->msg_controllen < cmlen) -@@ -262,7 +262,7 @@ EXPORT_SYMBOL(put_cmsg); +@@ -263,7 +263,7 @@ EXPORT_SYMBOL(put_cmsg); void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm) { struct cmsghdr __user *cm @@ -79211,7 +80257,7 @@ index ab57084..0190c8f 100644 int fdmax = 0; int fdnum = scm->fp->count; -@@ -282,7 +282,7 @@ void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm) +@@ -283,7 +283,7 @@ void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm) if (fdnum < fdmax) fdmax = fdnum; @@ -79221,7 +80267,7 @@ index ab57084..0190c8f 100644 { struct socket *sock; diff --git a/net/core/sock.c b/net/core/sock.c -index 8a146cf..ee08914d 100644 +index bc131d4..029e378 100644 --- a/net/core/sock.c +++ b/net/core/sock.c @@ -388,7 +388,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) @@ -79269,7 +80315,7 @@ index 8a146cf..ee08914d 100644 goto discard_and_relse; } -@@ -875,12 +875,12 @@ int sock_getsockopt(struct socket *sock, int level, int optname, +@@ -930,12 +930,12 @@ int sock_getsockopt(struct socket *sock, int level, int optname, struct timeval tm; } v; @@ -79285,7 +80331,7 @@ index 8a146cf..ee08914d 100644 return -EINVAL; memset(&v, 0, sizeof(v)); -@@ -1028,11 +1028,11 @@ int sock_getsockopt(struct socket *sock, int level, int optname, +@@ -1083,11 +1083,11 @@ int sock_getsockopt(struct socket *sock, int level, int optname, case SO_PEERNAME: { @@ -79299,7 +80345,7 @@ index 8a146cf..ee08914d 100644 return -EINVAL; if (copy_to_user(optval, address, len)) return -EFAULT; -@@ -1080,7 +1080,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname, +@@ -1146,7 +1146,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname, if (len > lv) len = lv; @@ -79308,7 +80354,7 @@ index 8a146cf..ee08914d 100644 return -EFAULT; lenout: if (put_user(len, optlen)) -@@ -2212,7 +2212,7 @@ void sock_init_data(struct socket *sock, struct sock *sk) +@@ -2276,7 +2276,7 @@ void sock_init_data(struct socket *sock, struct sock *sk) */ smp_wmb(); atomic_set(&sk->sk_refcnt, 1); @@ -79318,7 +80364,7 @@ index 8a146cf..ee08914d 100644 EXPORT_SYMBOL(sock_init_data); diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c -index 602cd63..05c6c60 100644 +index 602cd63..0a699b1 100644 --- a/net/core/sock_diag.c +++ b/net/core/sock_diag.c @@ -15,20 +15,27 @@ static DEFINE_MUTEX(sock_diag_table_mutex); @@ -79349,6 +80395,51 @@ index 602cd63..05c6c60 100644 } EXPORT_SYMBOL_GPL(sock_diag_save_cookie); +@@ -97,21 +104,6 @@ void sock_diag_unregister(const struct sock_diag_handler *hnld) + } + EXPORT_SYMBOL_GPL(sock_diag_unregister); + +-static const inline struct sock_diag_handler *sock_diag_lock_handler(int family) +-{ +- if (sock_diag_handlers[family] == NULL) +- request_module("net-pf-%d-proto-%d-type-%d", PF_NETLINK, +- NETLINK_SOCK_DIAG, family); +- +- mutex_lock(&sock_diag_table_mutex); +- return sock_diag_handlers[family]; +-} +- +-static inline void sock_diag_unlock_handler(const struct sock_diag_handler *h) +-{ +- mutex_unlock(&sock_diag_table_mutex); +-} +- + static int __sock_diag_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh) + { + int err; +@@ -121,12 +113,20 @@ static int __sock_diag_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh) + if (nlmsg_len(nlh) < sizeof(*req)) + return -EINVAL; + +- hndl = sock_diag_lock_handler(req->sdiag_family); ++ if (req->sdiag_family >= AF_MAX) ++ return -EINVAL; ++ ++ if (sock_diag_handlers[req->sdiag_family] == NULL) ++ request_module("net-pf-%d-proto-%d-type-%d", PF_NETLINK, ++ NETLINK_SOCK_DIAG, req->sdiag_family); ++ ++ mutex_lock(&sock_diag_table_mutex); ++ hndl = sock_diag_handlers[req->sdiag_family]; + if (hndl == NULL) + err = -ENOENT; + else + err = hndl->dump(skb, nlh); +- sock_diag_unlock_handler(hndl); ++ mutex_unlock(&sock_diag_table_mutex); + + return err; + } diff --git a/net/decnet/sysctl_net_decnet.c b/net/decnet/sysctl_net_decnet.c index a55eecc..dd8428c 100644 --- a/net/decnet/sysctl_net_decnet.c @@ -79371,24 +80462,34 @@ index a55eecc..dd8428c 100644 return -EFAULT; *lenp = len; -diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c -index 2a6abc1..c379ba7 100644 ---- a/net/ipv4/devinet.c -+++ b/net/ipv4/devinet.c -@@ -822,9 +822,9 @@ int devinet_ioctl(struct net *net, unsigned int cmd, void __user *arg) - if (!ifa) { - ret = -ENOBUFS; - ifa = inet_alloc_ifa(); -+ if (!ifa) -+ break; - INIT_HLIST_NODE(&ifa->hash); -- if (!ifa) -- break; - if (colon) - memcpy(ifa->ifa_label, ifr.ifr_name, IFNAMSIZ); - else +diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c +index a69b4e4..dbccba5 100644 +--- a/net/ipv4/ah4.c ++++ b/net/ipv4/ah4.c +@@ -421,7 +421,7 @@ static void ah4_err(struct sk_buff *skb, u32 info) + return; + + if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH) { +- atomic_inc(&flow_cache_genid); ++ atomic_inc_unchecked(&flow_cache_genid); + rt_genid_bump(net); + + ipv4_update_pmtu(skb, net, info, 0, 0, IPPROTO_AH, 0); +diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c +index 3b4f0cd..8cb864c 100644 +--- a/net/ipv4/esp4.c ++++ b/net/ipv4/esp4.c +@@ -503,7 +503,7 @@ static void esp4_err(struct sk_buff *skb, u32 info) + return; + + if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH) { +- atomic_inc(&flow_cache_genid); ++ atomic_inc_unchecked(&flow_cache_genid); + rt_genid_bump(net); + + ipv4_update_pmtu(skb, net, info, 0, 0, IPPROTO_ESP, 0); diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c -index 825c608..750ff29 100644 +index 5cd75e2..f57ef39 100644 --- a/net/ipv4/fib_frontend.c +++ b/net/ipv4/fib_frontend.c @@ -1020,12 +1020,12 @@ static int fib_inetaddr_event(struct notifier_block *this, unsigned long event, @@ -79416,7 +80517,7 @@ index 825c608..750ff29 100644 break; case NETDEV_DOWN: diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c -index 71b125c..f4c70b0 100644 +index 4797a80..2bd54e9 100644 --- a/net/ipv4/fib_semantics.c +++ b/net/ipv4/fib_semantics.c @@ -767,7 +767,7 @@ __be32 fib_info_update_nh_saddr(struct net *net, struct fib_nh *nh) @@ -79429,7 +80530,7 @@ index 71b125c..f4c70b0 100644 return nh->nh_saddr; } diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c -index 7880af9..70f92a3 100644 +index fa3ae81..0dbe6b8 100644 --- a/net/ipv4/inet_hashtables.c +++ b/net/ipv4/inet_hashtables.c @@ -18,12 +18,15 @@ @@ -79448,7 +80549,7 @@ index 7880af9..70f92a3 100644 /* * Allocate and initialize a new local port bind bucket. * The bindhash mutex for snum's hash chain must be held here. -@@ -530,6 +533,8 @@ ok: +@@ -540,6 +543,8 @@ ok: twrefcnt += inet_twsk_bind_unhash(tw, hinfo); spin_unlock(&head->lock); @@ -79473,7 +80574,7 @@ index 000e3d2..5472da3 100644 secure_ip_id(daddr->addr.a4) : secure_ipv6_id(daddr->addr.a6)); diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c -index 8d5cc75..821fd11 100644 +index eb9d63a..50babc1 100644 --- a/net/ipv4/ip_fragment.c +++ b/net/ipv4/ip_fragment.c @@ -322,7 +322,7 @@ static inline int ip_frag_too_far(struct ipq *qp) @@ -79486,10 +80587,10 @@ index 8d5cc75..821fd11 100644 rc = qp->q.fragments && (end - start) > max; diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c -index e95d72b..5268ac0 100644 +index d9c4f11..02b82db 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c -@@ -1151,7 +1151,8 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname, +@@ -1152,7 +1152,8 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname, len = min_t(unsigned int, len, opt->optlen); if (put_user(len, optlen)) return -EFAULT; @@ -79499,7 +80600,7 @@ index e95d72b..5268ac0 100644 return -EFAULT; return 0; } -@@ -1282,7 +1283,7 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname, +@@ -1283,7 +1284,7 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname, if (sk->sk_type != SOCK_STREAM) return -ENOPROTOOPT; @@ -79508,11 +80609,24 @@ index e95d72b..5268ac0 100644 msg.msg_controllen = len; msg.msg_flags = flags; +diff --git a/net/ipv4/ipcomp.c b/net/ipv4/ipcomp.c +index 9a46dae..5f793a0 100644 +--- a/net/ipv4/ipcomp.c ++++ b/net/ipv4/ipcomp.c +@@ -48,7 +48,7 @@ static void ipcomp4_err(struct sk_buff *skb, u32 info) + return; + + if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH) { +- atomic_inc(&flow_cache_genid); ++ atomic_inc_unchecked(&flow_cache_genid); + rt_genid_bump(net); + + ipv4_update_pmtu(skb, net, info, 0, 0, IPPROTO_COMP, 0); diff --git a/net/ipv4/ipconfig.c b/net/ipv4/ipconfig.c -index 798358b..73570b7 100644 +index a2e50ae..e152b7c 100644 --- a/net/ipv4/ipconfig.c +++ b/net/ipv4/ipconfig.c -@@ -321,7 +321,7 @@ static int __init ic_devinet_ioctl(unsigned int cmd, struct ifreq *arg) +@@ -323,7 +323,7 @@ static int __init ic_devinet_ioctl(unsigned int cmd, struct ifreq *arg) mm_segment_t oldfs = get_fs(); set_fs(get_ds()); @@ -79521,7 +80635,7 @@ index 798358b..73570b7 100644 set_fs(oldfs); return res; } -@@ -332,7 +332,7 @@ static int __init ic_dev_ioctl(unsigned int cmd, struct ifreq *arg) +@@ -334,7 +334,7 @@ static int __init ic_dev_ioctl(unsigned int cmd, struct ifreq *arg) mm_segment_t oldfs = get_fs(); set_fs(get_ds()); @@ -79530,7 +80644,7 @@ index 798358b..73570b7 100644 set_fs(oldfs); return res; } -@@ -343,7 +343,7 @@ static int __init ic_route_ioctl(unsigned int cmd, struct rtentry *arg) +@@ -345,7 +345,7 @@ static int __init ic_route_ioctl(unsigned int cmd, struct rtentry *arg) mm_segment_t oldfs = get_fs(); set_fs(get_ds()); @@ -79540,7 +80654,7 @@ index 798358b..73570b7 100644 return res; } diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c -index 97e61ea..cac1bbb 100644 +index 3ea4127..849297b 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c @@ -879,14 +879,14 @@ static int compat_table_info(const struct xt_table_info *info, @@ -79589,7 +80703,7 @@ index 97e61ea..cac1bbb 100644 case ARPT_SO_GET_ENTRIES: diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c -index 170b1fd..6105b91 100644 +index 17c5e06..1b91206 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c @@ -1068,14 +1068,14 @@ static int compat_table_info(const struct xt_table_info *info, @@ -79706,10 +80820,10 @@ index 6f08991..55867ad 100644 static int raw_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv4/route.c b/net/ipv4/route.c -index 0fdfe4c..e7ea542 100644 +index a0fcc47..5949bba1 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c -@@ -2579,7 +2579,7 @@ static __net_initdata struct pernet_operations sysctl_route_ops = { +@@ -2602,7 +2602,7 @@ static __net_initdata struct pernet_operations sysctl_route_ops = { static __net_init int rt_genid_init(struct net *net) { @@ -79719,10 +80833,10 @@ index 0fdfe4c..e7ea542 100644 sizeof(net->ipv4.dev_addr_genid)); return 0; diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c -index beabc80..48a6a10 100644 +index ad70a96..50cb55b 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c -@@ -4709,7 +4709,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb, +@@ -4733,7 +4733,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb, * simplifies code) */ static void @@ -79731,26 +80845,7 @@ index beabc80..48a6a10 100644 struct sk_buff *head, struct sk_buff *tail, u32 start, u32 end) { -@@ -5541,6 +5541,9 @@ slow_path: - if (len < (th->doff << 2) || tcp_checksum_complete_user(sk, skb)) - goto csum_error; - -+ if (!th->ack) -+ goto discard; -+ - /* - * Standard slow path. - */ -@@ -5549,7 +5552,7 @@ slow_path: - return 0; - - step5: -- if (th->ack && tcp_ack(sk, skb, FLAG_SLOWPATH) < 0) -+ if (tcp_ack(sk, skb, FLAG_SLOWPATH) < 0) - goto discard; - - /* ts_recent update must be made after we are sure that the packet -@@ -5840,6 +5843,7 @@ discard: +@@ -5850,6 +5850,7 @@ discard: tcp_paws_reject(&tp->rx_opt, 0)) goto discard_and_undo; @@ -79758,7 +80853,7 @@ index beabc80..48a6a10 100644 if (th->syn) { /* We see SYN without ACK. It is attempt of * simultaneous connect with crossed SYNs. -@@ -5890,6 +5894,7 @@ discard: +@@ -5900,6 +5901,7 @@ discard: goto discard; #endif } @@ -79766,7 +80861,7 @@ index beabc80..48a6a10 100644 /* "fifth, if neither of the SYN or RST bits is set then * drop the segment and return." */ -@@ -5934,7 +5939,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, +@@ -5944,7 +5946,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, goto discard; if (th->syn) { @@ -79775,35 +80870,8 @@ index beabc80..48a6a10 100644 goto discard; if (icsk->icsk_af_ops->conn_request(sk, skb) < 0) return 1; -@@ -5981,11 +5986,15 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, - if (tcp_check_req(sk, skb, req, NULL, true) == NULL) - goto discard; - } -+ -+ if (!th->ack) -+ goto discard; -+ - if (!tcp_validate_incoming(sk, skb, th, 0)) - return 0; - - /* step 5: check the ACK field */ -- if (th->ack) { -+ if (true) { - int acceptable = tcp_ack(sk, skb, FLAG_SLOWPATH) > 0; - - switch (sk->sk_state) { -@@ -6135,8 +6144,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, - } - break; - } -- } else -- goto discard; -+ } - - /* ts_recent update must be made after we are sure that the packet - * is in window. diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c -index e637770..364ff02 100644 +index eadb693..e8f7251 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -90,6 +90,10 @@ int sysctl_tcp_low_latency __read_mostly; @@ -79817,7 +80885,7 @@ index e637770..364ff02 100644 #ifdef CONFIG_TCP_MD5SIG static int tcp_v4_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key, __be32 daddr, __be32 saddr, const struct tcphdr *th); -@@ -1898,6 +1902,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) +@@ -1895,6 +1899,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) return 0; reset: @@ -79827,7 +80895,7 @@ index e637770..364ff02 100644 tcp_v4_send_reset(rsk, skb); discard: kfree_skb(skb); -@@ -1998,12 +2005,19 @@ int tcp_v4_rcv(struct sk_buff *skb) +@@ -1994,12 +2001,19 @@ int tcp_v4_rcv(struct sk_buff *skb) TCP_SKB_CB(skb)->sacked = 0; sk = __inet_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest); @@ -79850,7 +80918,7 @@ index e637770..364ff02 100644 if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) { NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP); -@@ -2054,6 +2068,10 @@ no_tcp_socket: +@@ -2050,6 +2064,10 @@ no_tcp_socket: bad_packet: TCP_INC_STATS_BH(net, TCP_MIB_INERRS); } else { @@ -79862,7 +80930,7 @@ index e637770..364ff02 100644 } diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c -index a7302d9..e3ec754 100644 +index f35f2df..ccb5ca6 100644 --- a/net/ipv4/tcp_minisocks.c +++ b/net/ipv4/tcp_minisocks.c @@ -27,6 +27,10 @@ @@ -79902,7 +80970,7 @@ index 4526fe6..1a34e43 100644 cnt += width; } diff --git a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c -index d47c1b4..b0584de 100644 +index b78aac3..e18230b 100644 --- a/net/ipv4/tcp_timer.c +++ b/net/ipv4/tcp_timer.c @@ -22,6 +22,10 @@ @@ -80049,10 +81117,10 @@ index 1f4d405..3524677 100644 int udp4_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c -index a468a36..b50ffde 100644 +index 1b5d8cb..2e8c2d9 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c -@@ -2121,7 +2121,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) +@@ -2272,7 +2272,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) p.iph.ihl = 5; p.iph.protocol = IPPROTO_IPV6; p.iph.ttl = 64; @@ -80062,10 +81130,10 @@ index a468a36..b50ffde 100644 if (ops->ndo_do_ioctl) { mm_segment_t oldfs = get_fs(); diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c -index a23350c..899c62c 100644 +index 131dd09..7647ada 100644 --- a/net/ipv6/ip6_gre.c +++ b/net/ipv6/ip6_gre.c -@@ -1353,7 +1353,7 @@ static void ip6gre_fb_tunnel_init(struct net_device *dev) +@@ -1337,7 +1337,7 @@ static void ip6gre_fb_tunnel_init(struct net_device *dev) } @@ -80075,10 +81143,10 @@ index a23350c..899c62c 100644 .err_handler = ip6gre_err, .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c -index e02faed..9780f28 100644 +index d1e2e8e..51c19ae 100644 --- a/net/ipv6/ipv6_sockglue.c +++ b/net/ipv6/ipv6_sockglue.c -@@ -990,7 +990,7 @@ static int do_ipv6_getsockopt(struct sock *sk, int level, int optname, +@@ -991,7 +991,7 @@ static int do_ipv6_getsockopt(struct sock *sk, int level, int optname, if (sk->sk_type != SOCK_STREAM) return -ENOPROTOOPT; @@ -80088,10 +81156,10 @@ index e02faed..9780f28 100644 msg.msg_flags = flags; diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c -index d7cb045..8c0ded6 100644 +index 125a90d..2a11f36 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c -@@ -1078,14 +1078,14 @@ static int compat_table_info(const struct xt_table_info *info, +@@ -1076,14 +1076,14 @@ static int compat_table_info(const struct xt_table_info *info, #endif static int get_info(struct net *net, void __user *user, @@ -80109,7 +81177,7 @@ index d7cb045..8c0ded6 100644 sizeof(struct ip6t_getinfo)); return -EINVAL; } -@@ -1122,7 +1122,7 @@ static int get_info(struct net *net, void __user *user, +@@ -1120,7 +1120,7 @@ static int get_info(struct net *net, void __user *user, info.size = private->size; strcpy(info.name, name); @@ -80118,7 +81186,7 @@ index d7cb045..8c0ded6 100644 ret = -EFAULT; else ret = 0; -@@ -1976,7 +1976,7 @@ compat_do_ip6t_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) +@@ -1974,7 +1974,7 @@ compat_do_ip6t_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) switch (cmd) { case IP6T_SO_GET_INFO: @@ -80127,7 +81195,7 @@ index d7cb045..8c0ded6 100644 break; case IP6T_SO_GET_ENTRIES: ret = compat_get_entries(sock_net(sk), user, len); -@@ -2023,7 +2023,7 @@ do_ip6t_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) +@@ -2021,7 +2021,7 @@ do_ip6t_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) switch (cmd) { case IP6T_SO_GET_INFO: @@ -80137,7 +81205,7 @@ index d7cb045..8c0ded6 100644 case IP6T_SO_GET_ENTRIES: diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c -index d8e95c7..81422bc 100644 +index 70fa814..d70c28c 100644 --- a/net/ipv6/raw.c +++ b/net/ipv6/raw.c @@ -379,7 +379,7 @@ static inline int rawv6_rcv_skb(struct sock *sk, struct sk_buff *skb) @@ -80221,10 +81289,10 @@ index d8e95c7..81422bc 100644 static int raw6_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c -index 73f2a6b..f8049a1 100644 +index 4f435371..5de9da7 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c -@@ -106,6 +106,10 @@ static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb) +@@ -103,6 +103,10 @@ static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb) inet6_sk(sk)->rx_dst_cookie = rt->rt6i_node->fn_sernum; } @@ -80235,7 +81303,7 @@ index 73f2a6b..f8049a1 100644 static void tcp_v6_hash(struct sock *sk) { if (sk->sk_state != TCP_CLOSE) { -@@ -1525,6 +1529,9 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) +@@ -1433,6 +1437,9 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) return 0; reset: @@ -80245,7 +81313,7 @@ index 73f2a6b..f8049a1 100644 tcp_v6_send_reset(sk, skb); discard: if (opt_skb) -@@ -1606,12 +1613,20 @@ static int tcp_v6_rcv(struct sk_buff *skb) +@@ -1514,12 +1521,20 @@ static int tcp_v6_rcv(struct sk_buff *skb) TCP_SKB_CB(skb)->sacked = 0; sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest); @@ -80268,7 +81336,7 @@ index 73f2a6b..f8049a1 100644 if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) { NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP); -@@ -1660,6 +1675,10 @@ no_tcp_socket: +@@ -1568,6 +1583,10 @@ no_tcp_socket: bad_packet: TCP_INC_STATS_BH(net, TCP_MIB_INERRS); } else { @@ -80280,7 +81348,7 @@ index 73f2a6b..f8049a1 100644 } diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c -index fc99972..69397e8 100644 +index fb08329..2d6919e 100644 --- a/net/ipv6/udp.c +++ b/net/ipv6/udp.c @@ -51,6 +51,10 @@ @@ -80331,7 +81399,7 @@ index fc99972..69397e8 100644 icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_PORT_UNREACH, 0); kfree_skb(skb); -@@ -1473,7 +1480,7 @@ static void udp6_sock_seq_show(struct seq_file *seq, struct sock *sp, int bucket +@@ -1379,7 +1386,7 @@ static void udp6_sock_seq_show(struct seq_file *seq, struct sock *sp, int bucket 0, sock_i_ino(sp), atomic_read(&sp->sk_refcnt), sp, @@ -80341,10 +81409,10 @@ index fc99972..69397e8 100644 int udp6_seq_show(struct seq_file *seq, void *v) diff --git a/net/irda/ircomm/ircomm_tty.c b/net/irda/ircomm/ircomm_tty.c -index 496ce2c..f79fac8 100644 +index a68c88c..d55b0c5 100644 --- a/net/irda/ircomm/ircomm_tty.c +++ b/net/irda/ircomm/ircomm_tty.c -@@ -311,12 +311,12 @@ static int ircomm_tty_block_til_ready(struct ircomm_tty_cb *self, +@@ -312,12 +312,12 @@ static int ircomm_tty_block_til_ready(struct ircomm_tty_cb *self, add_wait_queue(&port->open_wait, &wait); IRDA_DEBUG(2, "%s(%d):block_til_ready before block on %s open_count=%d\n", @@ -80359,7 +81427,7 @@ index 496ce2c..f79fac8 100644 } spin_unlock_irqrestore(&port->lock, flags); port->blocked_open++; -@@ -352,7 +352,7 @@ static int ircomm_tty_block_til_ready(struct ircomm_tty_cb *self, +@@ -353,7 +353,7 @@ static int ircomm_tty_block_til_ready(struct ircomm_tty_cb *self, } IRDA_DEBUG(1, "%s(%d):block_til_ready blocking on %s open_count=%d\n", @@ -80368,7 +81436,7 @@ index 496ce2c..f79fac8 100644 schedule(); } -@@ -363,13 +363,13 @@ static int ircomm_tty_block_til_ready(struct ircomm_tty_cb *self, +@@ -364,13 +364,13 @@ static int ircomm_tty_block_til_ready(struct ircomm_tty_cb *self, if (extra_count) { /* ++ is not atomic, so this should be protected - Jean II */ spin_lock_irqsave(&port->lock, flags); @@ -80384,7 +81452,7 @@ index 496ce2c..f79fac8 100644 if (!retval) port->flags |= ASYNC_NORMAL_ACTIVE; -@@ -443,12 +443,12 @@ static int ircomm_tty_open(struct tty_struct *tty, struct file *filp) +@@ -444,12 +444,12 @@ static int ircomm_tty_open(struct tty_struct *tty, struct file *filp) /* ++ is not atomic, so this should be protected - Jean II */ spin_lock_irqsave(&self->port.lock, flags); @@ -80399,7 +81467,7 @@ index 496ce2c..f79fac8 100644 /* Not really used by us, but lets do it anyway */ tty->low_latency = (self->port.flags & ASYNC_LOW_LATENCY) ? 1 : 0; -@@ -985,7 +985,7 @@ static void ircomm_tty_hangup(struct tty_struct *tty) +@@ -986,7 +986,7 @@ static void ircomm_tty_hangup(struct tty_struct *tty) tty_kref_put(port->tty); } port->tty = NULL; @@ -80408,7 +81476,7 @@ index 496ce2c..f79fac8 100644 spin_unlock_irqrestore(&port->lock, flags); wake_up_interruptible(&port->open_wait); -@@ -1342,7 +1342,7 @@ static void ircomm_tty_line_info(struct ircomm_tty_cb *self, struct seq_file *m) +@@ -1343,7 +1343,7 @@ static void ircomm_tty_line_info(struct ircomm_tty_cb *self, struct seq_file *m) seq_putc(m, '\n'); seq_printf(m, "Role: %s\n", self->client ? "client" : "server"); @@ -80434,8 +81502,21 @@ index cd6f7a9..e63fe89 100644 } write_unlock_bh(&iucv_sk_list.lock); +diff --git a/net/iucv/iucv.c b/net/iucv/iucv.c +index df08250..02021fe 100644 +--- a/net/iucv/iucv.c ++++ b/net/iucv/iucv.c +@@ -690,7 +690,7 @@ static int __cpuinit iucv_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __refdata iucv_cpu_notifier = { ++static struct notifier_block iucv_cpu_notifier = { + .notifier_call = iucv_cpu_notify, + }; + diff --git a/net/key/af_key.c b/net/key/af_key.c -index 08897a3..0b812ab 100644 +index 5b426a6..970032b 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c @@ -3019,10 +3019,10 @@ static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, const struc @@ -80452,10 +81533,19 @@ index 08897a3..0b812ab 100644 return res; } diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c -index 494da7f..6ce2ffd 100644 +index 0479c64..d031db6 100644 --- a/net/mac80211/cfg.c +++ b/net/mac80211/cfg.c -@@ -2604,7 +2604,7 @@ static void ieee80211_mgmt_frame_register(struct wiphy *wiphy, +@@ -790,7 +790,7 @@ static int ieee80211_set_monitor_channel(struct wiphy *wiphy, + ret = ieee80211_vif_use_channel(sdata, chandef, + IEEE80211_CHANCTX_EXCLUSIVE); + } +- } else if (local->open_count == local->monitors) { ++ } else if (local_read(&local->open_count) == local->monitors) { + local->_oper_channel = chandef->chan; + local->_oper_channel_type = cfg80211_get_chandef_type(chandef); + ieee80211_hw_config(local, 0); +@@ -2716,7 +2716,7 @@ static void ieee80211_mgmt_frame_register(struct wiphy *wiphy, else local->probe_req_reg--; @@ -80465,7 +81555,7 @@ index 494da7f..6ce2ffd 100644 ieee80211_queue_work(&local->hw, &local->reconfig_filter); diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h -index 493e2e8..be76574 100644 +index 2ed065c..948177f 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h @@ -28,6 +28,7 @@ @@ -80476,7 +81566,7 @@ index 493e2e8..be76574 100644 #include "key.h" #include "sta_info.h" #include "debug.h" -@@ -852,7 +853,7 @@ struct ieee80211_local { +@@ -909,7 +910,7 @@ struct ieee80211_local { /* also used to protect ampdu_ac_queue and amdpu_ac_stop_refcnt */ spinlock_t queue_stop_reason_lock; @@ -80486,10 +81576,10 @@ index 493e2e8..be76574 100644 /* number of interfaces with corresponding FIF_ flags */ int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll, diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c -index 0f5af91..4dba9e7 100644 +index 8be854e..ad72a69 100644 --- a/net/mac80211/iface.c +++ b/net/mac80211/iface.c -@@ -465,7 +465,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up) +@@ -546,7 +546,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up) break; } @@ -80498,7 +81588,7 @@ index 0f5af91..4dba9e7 100644 res = drv_start(local); if (res) goto err_del_bss; -@@ -508,7 +508,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up) +@@ -591,7 +591,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up) break; } @@ -80507,7 +81597,7 @@ index 0f5af91..4dba9e7 100644 res = ieee80211_add_virtual_monitor(local); if (res) goto err_stop; -@@ -616,7 +616,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up) +@@ -699,7 +699,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up) mutex_unlock(&local->mtx); if (coming_up) @@ -80516,7 +81606,7 @@ index 0f5af91..4dba9e7 100644 if (hw_reconf_flags) ieee80211_hw_config(local, hw_reconf_flags); -@@ -630,7 +630,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up) +@@ -713,7 +713,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up) err_del_interface: drv_remove_interface(local, sdata); err_stop: @@ -80525,7 +81615,7 @@ index 0f5af91..4dba9e7 100644 drv_stop(local); err_del_bss: sdata->bss = NULL; -@@ -762,7 +762,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, +@@ -827,7 +827,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, } if (going_down) @@ -80534,7 +81624,7 @@ index 0f5af91..4dba9e7 100644 switch (sdata->vif.type) { case NL80211_IFTYPE_AP_VLAN: -@@ -818,7 +818,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, +@@ -884,7 +884,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, ieee80211_recalc_ps(local, -1); @@ -80543,7 +81633,7 @@ index 0f5af91..4dba9e7 100644 if (local->ops->napi_poll) napi_disable(&local->napi); ieee80211_clear_tx_pending(local); -@@ -850,7 +850,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, +@@ -910,7 +910,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, } spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); @@ -80553,12 +81643,12 @@ index 0f5af91..4dba9e7 100644 } diff --git a/net/mac80211/main.c b/net/mac80211/main.c -index f57f597..e0a7c03 100644 +index 1b087ff..bf600e9 100644 --- a/net/mac80211/main.c +++ b/net/mac80211/main.c -@@ -164,7 +164,7 @@ int ieee80211_hw_config(struct ieee80211_local *local, u32 changed) - local->hw.conf.power_level = power; - } +@@ -181,7 +181,7 @@ int ieee80211_hw_config(struct ieee80211_local *local, u32 changed) + changed &= ~(IEEE80211_CONF_CHANGE_CHANNEL | + IEEE80211_CONF_CHANGE_POWER); - if (changed && local->open_count) { + if (changed && local_read(&local->open_count)) { @@ -80566,19 +81656,19 @@ index f57f597..e0a7c03 100644 /* * Goal: diff --git a/net/mac80211/pm.c b/net/mac80211/pm.c -index 5c572e7..ecf75ce 100644 +index 79a48f3..5e185c9 100644 --- a/net/mac80211/pm.c +++ b/net/mac80211/pm.c -@@ -34,7 +34,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) - struct ieee80211_sub_if_data *sdata; +@@ -35,7 +35,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) struct sta_info *sta; + struct ieee80211_chanctx *ctx; - if (!local->open_count) + if (!local_read(&local->open_count)) goto suspend; ieee80211_scan_cancel(local); -@@ -72,7 +72,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) +@@ -73,7 +73,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) cancel_work_sync(&local->dynamic_ps_enable_work); del_timer_sync(&local->dynamic_ps_timer); @@ -80587,8 +81677,8 @@ index 5c572e7..ecf75ce 100644 if (local->wowlan) { int err = drv_suspend(local, wowlan); if (err < 0) { -@@ -143,7 +143,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) - drv_remove_interface(local, sdata); +@@ -187,7 +187,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) + mutex_unlock(&local->chanctx_mtx); /* stop hardware - this must stop RX */ - if (local->open_count) @@ -80597,10 +81687,10 @@ index 5c572e7..ecf75ce 100644 suspend: diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c -index 3313c11..bec9f17 100644 +index dd88381..eef4dd6 100644 --- a/net/mac80211/rate.c +++ b/net/mac80211/rate.c -@@ -494,7 +494,7 @@ int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local, +@@ -493,7 +493,7 @@ int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local, ASSERT_RTNL(); @@ -80623,10 +81713,10 @@ index c97a065..ff61928 100644 return p; diff --git a/net/mac80211/util.c b/net/mac80211/util.c -index 0151ae3..26709d3 100644 +index f11e8c5..08d0013 100644 --- a/net/mac80211/util.c +++ b/net/mac80211/util.c -@@ -1332,7 +1332,7 @@ int ieee80211_reconfig(struct ieee80211_local *local) +@@ -1380,7 +1380,7 @@ int ieee80211_reconfig(struct ieee80211_local *local) } #endif /* everything else happens only if HW was up & running */ @@ -80669,10 +81759,10 @@ index 3259697..54d5393 100644 obj-$(CONFIG_NETFILTER_XT_MATCH_HELPER) += xt_helper.o obj-$(CONFIG_NETFILTER_XT_MATCH_HL) += xt_hl.o diff --git a/net/netfilter/ipvs/ip_vs_conn.c b/net/netfilter/ipvs/ip_vs_conn.c -index 1548df9..98ad9b4 100644 +index 30e764a..c3b6a9d 100644 --- a/net/netfilter/ipvs/ip_vs_conn.c +++ b/net/netfilter/ipvs/ip_vs_conn.c -@@ -557,7 +557,7 @@ ip_vs_bind_dest(struct ip_vs_conn *cp, struct ip_vs_dest *dest) +@@ -554,7 +554,7 @@ ip_vs_bind_dest(struct ip_vs_conn *cp, struct ip_vs_dest *dest) /* Increase the refcnt counter of the dest */ atomic_inc(&dest->refcnt); @@ -80681,7 +81771,7 @@ index 1548df9..98ad9b4 100644 if (cp->protocol != IPPROTO_UDP) conn_flags &= ~IP_VS_CONN_F_ONE_PACKET; flags = cp->flags; -@@ -902,7 +902,7 @@ ip_vs_conn_new(const struct ip_vs_conn_param *p, +@@ -899,7 +899,7 @@ ip_vs_conn_new(const struct ip_vs_conn_param *p, atomic_set(&cp->refcnt, 1); atomic_set(&cp->n_control, 0); @@ -80690,7 +81780,7 @@ index 1548df9..98ad9b4 100644 atomic_inc(&ipvs->conn_count); if (flags & IP_VS_CONN_F_NO_CPORT) -@@ -1183,7 +1183,7 @@ static inline int todrop_entry(struct ip_vs_conn *cp) +@@ -1180,7 +1180,7 @@ static inline int todrop_entry(struct ip_vs_conn *cp) /* Don't drop the entry if its number of incoming packets is not located in [0, 8] */ @@ -80700,11 +81790,11 @@ index 1548df9..98ad9b4 100644 if (!todrop_rate[i]) return 0; diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c -index 58918e2..4d177a9 100644 +index 47edf5a..235b07d 100644 --- a/net/netfilter/ipvs/ip_vs_core.c +++ b/net/netfilter/ipvs/ip_vs_core.c -@@ -562,7 +562,7 @@ int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb, - ret = cp->packet_xmit(skb, cp, pd->pp); +@@ -559,7 +559,7 @@ int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb, + ret = cp->packet_xmit(skb, cp, pd->pp, iph); /* do not touch skb anymore */ - atomic_inc(&cp->in_pkts); @@ -80712,7 +81802,7 @@ index 58918e2..4d177a9 100644 ip_vs_conn_put(cp); return ret; } -@@ -1681,7 +1681,7 @@ ip_vs_in(unsigned int hooknum, struct sk_buff *skb, int af) +@@ -1691,7 +1691,7 @@ ip_vs_in(unsigned int hooknum, struct sk_buff *skb, int af) if (cp->flags & IP_VS_CONN_F_ONE_PACKET) pkts = sysctl_sync_threshold(ipvs); else @@ -80722,7 +81812,7 @@ index 58918e2..4d177a9 100644 if (ipvs->sync_state & IP_VS_STATE_MASTER) ip_vs_sync_conn(net, cp, pkts); diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c -index c4ee437..a774a74 100644 +index ec664cb..cd576ab 100644 --- a/net/netfilter/ipvs/ip_vs_ctl.c +++ b/net/netfilter/ipvs/ip_vs_ctl.c @@ -787,7 +787,7 @@ __ip_vs_update_dest(struct ip_vs_service *svc, struct ip_vs_dest *dest, @@ -80771,7 +81861,7 @@ index c4ee437..a774a74 100644 nla_put_u32(skb, IPVS_DEST_ATTR_WEIGHT, atomic_read(&dest->weight)) || diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c -index effa10c..9058928 100644 +index 44fd10c..2a163b3 100644 --- a/net/netfilter/ipvs/ip_vs_sync.c +++ b/net/netfilter/ipvs/ip_vs_sync.c @@ -596,7 +596,7 @@ static void ip_vs_sync_conn_v0(struct net *net, struct ip_vs_conn *cp, @@ -80802,10 +81892,10 @@ index effa10c..9058928 100644 cp->old_state = cp->state; /* diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c -index cc4c809..50f8fe5 100644 +index ee6b7a9..f9a89f6 100644 --- a/net/netfilter/ipvs/ip_vs_xmit.c +++ b/net/netfilter/ipvs/ip_vs_xmit.c -@@ -1202,7 +1202,7 @@ ip_vs_icmp_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, +@@ -1210,7 +1210,7 @@ ip_vs_icmp_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, else rc = NF_ACCEPT; /* do not touch skb anymore */ @@ -80814,7 +81904,7 @@ index cc4c809..50f8fe5 100644 goto out; } -@@ -1323,7 +1323,7 @@ ip_vs_icmp_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp, +@@ -1332,7 +1332,7 @@ ip_vs_icmp_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp, else rc = NF_ACCEPT; /* do not touch skb anymore */ @@ -80824,12 +81914,12 @@ index cc4c809..50f8fe5 100644 } diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c -index ec02168..f0caab6 100644 +index e4a0c4f..c263f28 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c -@@ -1533,6 +1533,10 @@ err_extend: - #define UNCONFIRMED_NULLS_VAL ((1<<30)+0) +@@ -1529,6 +1529,10 @@ err_extend: #define DYING_NULLS_VAL ((1<<30)+1) + #define TEMPLATE_NULLS_VAL ((1<<30)+2) +#ifdef CONFIG_GRKERNSEC_HIDESYM +static atomic_unchecked_t conntrack_cache_id = ATOMIC_INIT(0); @@ -80838,7 +81928,7 @@ index ec02168..f0caab6 100644 static int nf_conntrack_init_net(struct net *net) { int ret; -@@ -1546,7 +1550,11 @@ static int nf_conntrack_init_net(struct net *net) +@@ -1543,7 +1547,11 @@ static int nf_conntrack_init_net(struct net *net) goto err_stat; } @@ -80964,10 +82054,10 @@ index 4fe4fb4..87a89e5 100644 return 0; } diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c -index 4da797f..eb1df70 100644 +index c0353d5..fcb0270 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c -@@ -782,7 +782,7 @@ static void netlink_overrun(struct sock *sk) +@@ -785,7 +785,7 @@ static void netlink_overrun(struct sock *sk) sk->sk_error_report(sk); } } @@ -80976,7 +82066,7 @@ index 4da797f..eb1df70 100644 } static struct sock *netlink_getsockbyportid(struct sock *ssk, u32 portid) -@@ -2068,7 +2068,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v) +@@ -2071,7 +2071,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v) sk_wmem_alloc_get(s), nlk->cb, atomic_read(&s->sk_refcnt), @@ -81006,7 +82096,7 @@ index 7261eb8..44e8ac6 100644 *uaddr_len = sizeof(struct sockaddr_ax25); } diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c -index 5db6316..c9bf90e 100644 +index c111bd0..7788ff7 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c @@ -1578,7 +1578,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, @@ -81027,7 +82117,7 @@ index 5db6316..c9bf90e 100644 spin_unlock(&sk->sk_receive_queue.lock); drop_n_restore: -@@ -2539,6 +2539,7 @@ out: +@@ -2565,6 +2565,7 @@ out: static int packet_recv_error(struct sock *sk, struct msghdr *msg, int len) { @@ -81035,7 +82125,7 @@ index 5db6316..c9bf90e 100644 struct sock_exterr_skb *serr; struct sk_buff *skb, *skb2; int copied, err; -@@ -2560,8 +2561,9 @@ static int packet_recv_error(struct sock *sk, struct msghdr *msg, int len) +@@ -2586,8 +2587,9 @@ static int packet_recv_error(struct sock *sk, struct msghdr *msg, int len) sock_recv_timestamp(msg, sk, skb); serr = SKB_EXT_ERR(skb); @@ -81046,7 +82136,7 @@ index 5db6316..c9bf90e 100644 msg->msg_flags |= MSG_ERRQUEUE; err = copied; -@@ -3173,7 +3175,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, +@@ -3212,7 +3214,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, case PACKET_HDRLEN: if (len > sizeof(int)) len = sizeof(int); @@ -81055,7 +82145,7 @@ index 5db6316..c9bf90e 100644 return -EFAULT; switch (val) { case TPACKET_V1: -@@ -3212,7 +3214,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, +@@ -3254,7 +3256,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, len = lv; if (put_user(len, optlen)) return -EFAULT; @@ -81162,7 +82252,7 @@ index e5b65ac..f3b6fb7 100644 if (likely(*recent == gen)) return 0; diff --git a/net/rds/ib.h b/net/rds/ib.h -index 8d2b3d5..227ec5b 100644 +index 7280ab8..e04f4ea 100644 --- a/net/rds/ib.h +++ b/net/rds/ib.h @@ -128,7 +128,7 @@ struct rds_ib_connection { @@ -81175,10 +82265,10 @@ index 8d2b3d5..227ec5b 100644 spinlock_t i_ack_lock; /* protect i_ack_next */ u64 i_ack_next; /* next ACK to send */ diff --git a/net/rds/ib_cm.c b/net/rds/ib_cm.c -index a1e1162..265e129 100644 +index 31b74f5..dc1fbfa 100644 --- a/net/rds/ib_cm.c +++ b/net/rds/ib_cm.c -@@ -718,7 +718,7 @@ void rds_ib_conn_shutdown(struct rds_connection *conn) +@@ -717,7 +717,7 @@ void rds_ib_conn_shutdown(struct rds_connection *conn) /* Clear the ACK state */ clear_bit(IB_ACK_IN_FLIGHT, &ic->i_ack_flags); #ifdef KERNEL_HAS_ATOMIC64 @@ -81188,10 +82278,10 @@ index a1e1162..265e129 100644 ic->i_ack_next = 0; #endif diff --git a/net/rds/ib_recv.c b/net/rds/ib_recv.c -index 8d19491..05a3e65 100644 +index 8eb9501..0c386ff 100644 --- a/net/rds/ib_recv.c +++ b/net/rds/ib_recv.c -@@ -592,7 +592,7 @@ static u64 rds_ib_get_ack(struct rds_ib_connection *ic) +@@ -597,7 +597,7 @@ static u64 rds_ib_get_ack(struct rds_ib_connection *ic) static void rds_ib_set_ack(struct rds_ib_connection *ic, u64 seq, int ack_required) { @@ -81200,7 +82290,7 @@ index 8d19491..05a3e65 100644 if (ack_required) { smp_mb__before_clear_bit(); set_bit(IB_ACK_REQUESTED, &ic->i_ack_flags); -@@ -604,7 +604,7 @@ static u64 rds_ib_get_ack(struct rds_ib_connection *ic) +@@ -609,7 +609,7 @@ static u64 rds_ib_get_ack(struct rds_ib_connection *ic) clear_bit(IB_ACK_REQUESTED, &ic->i_ack_flags); smp_mb__after_clear_bit(); @@ -81543,24 +82633,11 @@ index f226709..0e735a8 100644 _proto("Tx RESPONSE %%%u", ntohl(hdr->serial)); ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 3, len); -diff --git a/net/sctp/auth.c b/net/sctp/auth.c -index 159b9bc..d8420ae 100644 ---- a/net/sctp/auth.c -+++ b/net/sctp/auth.c -@@ -71,7 +71,7 @@ void sctp_auth_key_put(struct sctp_auth_bytes *key) - return; - - if (atomic_dec_and_test(&key->refcnt)) { -- kfree(key); -+ kzfree(key); - SCTP_DBG_OBJCNT_DEC(keys); - } - } diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c -index ea14cb4..834e8e4 100644 +index 391a245..8f6a898 100644 --- a/net/sctp/ipv6.c +++ b/net/sctp/ipv6.c -@@ -1037,7 +1037,7 @@ void sctp_v6_pf_init(void) +@@ -1038,7 +1038,7 @@ void sctp_v6_pf_init(void) void sctp_v6_pf_exit(void) { @@ -81570,10 +82647,10 @@ index ea14cb4..834e8e4 100644 /* Initialize IPv6 support and register with socket layer. */ diff --git a/net/sctp/proc.c b/net/sctp/proc.c -index 9966e7b..540c575 100644 +index 8c19e97..16264b8 100644 --- a/net/sctp/proc.c +++ b/net/sctp/proc.c -@@ -328,7 +328,8 @@ static int sctp_assocs_seq_show(struct seq_file *seq, void *v) +@@ -338,7 +338,8 @@ static int sctp_assocs_seq_show(struct seq_file *seq, void *v) seq_printf(seq, "%8pK %8pK %-3d %-3d %-2d %-4d " "%4d %8d %8d %7d %5lu %-5d %5d ", @@ -81584,7 +82661,7 @@ index 9966e7b..540c575 100644 assoc->assoc_id, assoc->sndbuf_used, diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c -index 2d51842..150ba5c 100644 +index f898b1c..60bf8f2 100644 --- a/net/sctp/protocol.c +++ b/net/sctp/protocol.c @@ -834,8 +834,10 @@ int sctp_register_af(struct sctp_af *af) @@ -81610,10 +82687,10 @@ index 2d51842..150ba5c 100644 static int sctp_v4_protosw_init(void) diff --git a/net/sctp/socket.c b/net/sctp/socket.c -index 9261d9a..0a6ae623 100644 +index cedd9bf..b1fddeb 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c -@@ -4661,6 +4661,8 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len, +@@ -4665,6 +4665,8 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len, addrlen = sctp_get_af_specific(temp.sa.sa_family)->sockaddr_len; if (space_left < addrlen) return -ENOMEM; @@ -81623,7 +82700,7 @@ index 9261d9a..0a6ae623 100644 return -EFAULT; to += addrlen; diff --git a/net/socket.c b/net/socket.c -index d92c490..b4bc863 100644 +index 2ca51c7..45d0b31 100644 --- a/net/socket.c +++ b/net/socket.c @@ -89,6 +89,7 @@ @@ -81652,7 +82729,7 @@ index d92c490..b4bc863 100644 static struct file_system_type sock_fs_type = { .name = "sockfs", -@@ -1276,6 +1279,8 @@ int __sock_create(struct net *net, int family, int type, int protocol, +@@ -1270,6 +1273,8 @@ int __sock_create(struct net *net, int family, int type, int protocol, return -EAFNOSUPPORT; if (type < 0 || type >= SOCK_MAX) return -EINVAL; @@ -81661,7 +82738,7 @@ index d92c490..b4bc863 100644 /* Compatibility. -@@ -1407,6 +1412,16 @@ SYSCALL_DEFINE3(socket, int, family, int, type, int, protocol) +@@ -1401,6 +1406,16 @@ SYSCALL_DEFINE3(socket, int, family, int, type, int, protocol) if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK)) flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK; @@ -81678,7 +82755,7 @@ index d92c490..b4bc863 100644 retval = sock_create(family, type, protocol, &sock); if (retval < 0) goto out; -@@ -1534,6 +1549,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) +@@ -1528,6 +1543,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) if (sock) { err = move_addr_to_kernel(umyaddr, addrlen, &address); if (err >= 0) { @@ -81693,7 +82770,7 @@ index d92c490..b4bc863 100644 err = security_socket_bind(sock, (struct sockaddr *)&address, addrlen); -@@ -1542,6 +1565,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) +@@ -1536,6 +1559,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) (struct sockaddr *) &address, addrlen); } @@ -81701,7 +82778,7 @@ index d92c490..b4bc863 100644 fput_light(sock->file, fput_needed); } return err; -@@ -1565,10 +1589,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, backlog) +@@ -1559,10 +1583,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, backlog) if ((unsigned int)backlog > somaxconn) backlog = somaxconn; @@ -81722,7 +82799,7 @@ index d92c490..b4bc863 100644 fput_light(sock->file, fput_needed); } return err; -@@ -1612,6 +1646,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, +@@ -1606,6 +1640,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, newsock->type = sock->type; newsock->ops = sock->ops; @@ -81741,7 +82818,7 @@ index d92c490..b4bc863 100644 /* * We don't need try_module_get here, as the listening socket (sock) * has the protocol module (sock->ops->owner) held. -@@ -1657,6 +1703,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, +@@ -1651,6 +1697,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, fd_install(newfd, newfile); err = newfd; @@ -81750,7 +82827,7 @@ index d92c490..b4bc863 100644 out_put: fput_light(sock->file, fput_needed); out: -@@ -1689,6 +1737,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, +@@ -1683,6 +1731,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, int, addrlen) { struct socket *sock; @@ -81758,7 +82835,7 @@ index d92c490..b4bc863 100644 struct sockaddr_storage address; int err, fput_needed; -@@ -1699,6 +1748,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, +@@ -1693,6 +1742,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, if (err < 0) goto out_put; @@ -81776,7 +82853,7 @@ index d92c490..b4bc863 100644 err = security_socket_connect(sock, (struct sockaddr *)&address, addrlen); if (err) -@@ -2053,7 +2113,7 @@ static int __sys_sendmsg(struct socket *sock, struct msghdr __user *msg, +@@ -2047,7 +2107,7 @@ static int __sys_sendmsg(struct socket *sock, struct msghdr __user *msg, * checking falls down on this. */ if (copy_from_user(ctl_buf, @@ -81785,7 +82862,7 @@ index d92c490..b4bc863 100644 ctl_len)) goto out_freectl; msg_sys->msg_control = ctl_buf; -@@ -2221,7 +2281,7 @@ static int __sys_recvmsg(struct socket *sock, struct msghdr __user *msg, +@@ -2215,7 +2275,7 @@ static int __sys_recvmsg(struct socket *sock, struct msghdr __user *msg, * kernel msghdr to use the kernel address space) */ @@ -81794,7 +82871,7 @@ index d92c490..b4bc863 100644 uaddr_len = COMPAT_NAMELEN(msg); if (MSG_CMSG_COMPAT & flags) { err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE); -@@ -2844,7 +2904,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) +@@ -2838,7 +2898,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) } ifr = compat_alloc_user_space(buf_size); @@ -81803,7 +82880,7 @@ index d92c490..b4bc863 100644 if (copy_in_user(&ifr->ifr_name, &ifr32->ifr_name, IFNAMSIZ)) return -EFAULT; -@@ -2868,12 +2928,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) +@@ -2862,12 +2922,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) offsetof(struct ethtool_rxnfc, fs.ring_cookie)); if (copy_in_user(rxnfc, compat_rxnfc, @@ -81820,7 +82897,7 @@ index d92c490..b4bc863 100644 copy_in_user(&rxnfc->rule_cnt, &compat_rxnfc->rule_cnt, sizeof(rxnfc->rule_cnt))) return -EFAULT; -@@ -2885,12 +2945,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) +@@ -2879,12 +2939,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) if (convert_out) { if (copy_in_user(compat_rxnfc, rxnfc, @@ -81837,7 +82914,7 @@ index d92c490..b4bc863 100644 copy_in_user(&compat_rxnfc->rule_cnt, &rxnfc->rule_cnt, sizeof(rxnfc->rule_cnt))) return -EFAULT; -@@ -2960,7 +3020,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd, +@@ -2954,7 +3014,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd, old_fs = get_fs(); set_fs(KERNEL_DS); err = dev_ioctl(net, cmd, @@ -81846,7 +82923,7 @@ index d92c490..b4bc863 100644 set_fs(old_fs); return err; -@@ -3069,7 +3129,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, +@@ -3063,7 +3123,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, old_fs = get_fs(); set_fs(KERNEL_DS); @@ -81855,7 +82932,7 @@ index d92c490..b4bc863 100644 set_fs(old_fs); if (cmd == SIOCGIFMAP && !err) { -@@ -3174,7 +3234,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, +@@ -3168,7 +3228,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, ret |= __get_user(rtdev, &(ur4->rt_dev)); if (rtdev) { ret |= copy_from_user(devname, compat_ptr(rtdev), 15); @@ -81864,7 +82941,7 @@ index d92c490..b4bc863 100644 devname[15] = 0; } else r4.rt_dev = NULL; -@@ -3400,8 +3460,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, +@@ -3394,8 +3454,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, int __user *uoptlen; int err; @@ -81875,7 +82952,7 @@ index d92c490..b4bc863 100644 set_fs(KERNEL_DS); if (level == SOL_SOCKET) -@@ -3421,7 +3481,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, +@@ -3415,7 +3475,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, char __user *uoptval; int err; @@ -81885,10 +82962,10 @@ index d92c490..b4bc863 100644 set_fs(KERNEL_DS); if (level == SOL_SOCKET) diff --git a/net/sunrpc/sched.c b/net/sunrpc/sched.c -index 7865b44..174662e 100644 +index fb20f25..e3ba316 100644 --- a/net/sunrpc/sched.c +++ b/net/sunrpc/sched.c -@@ -240,9 +240,9 @@ static int rpc_wait_bit_killable(void *word) +@@ -259,9 +259,9 @@ static int rpc_wait_bit_killable(void *word) #ifdef RPC_DEBUG static void rpc_task_set_debuginfo(struct rpc_task *task) { @@ -82012,7 +83089,7 @@ index 8343737..677025e 100644 .proc_handler = read_reset_stat, }, diff --git a/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c b/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c -index 41cb63b..c4a1489 100644 +index 0ce7552..d074459 100644 --- a/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c +++ b/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c @@ -501,7 +501,7 @@ next_sge: @@ -82043,7 +83120,7 @@ index 41cb63b..c4a1489 100644 /* Build up the XDR from the receive buffers. */ rdma_build_arg_xdr(rqstp, ctxt, ctxt->byte_len); diff --git a/net/sunrpc/xprtrdma/svc_rdma_sendto.c b/net/sunrpc/xprtrdma/svc_rdma_sendto.c -index 42eb7ba..c887c45 100644 +index c1d124d..acfc59e 100644 --- a/net/sunrpc/xprtrdma/svc_rdma_sendto.c +++ b/net/sunrpc/xprtrdma/svc_rdma_sendto.c @@ -362,7 +362,7 @@ static int send_write(struct svcxprt_rdma *xprt, struct svc_rqst *rqstp, @@ -82105,23 +83182,23 @@ index 62e4f9b..dd3f2d7 100644 /* See if we can opportunistically reap SQ WR to make room */ sq_cq_reap(xprt); diff --git a/net/sysctl_net.c b/net/sysctl_net.c -index e3a6e37..be2ea77 100644 +index 9bc6db0..47ac8c0 100644 --- a/net/sysctl_net.c +++ b/net/sysctl_net.c -@@ -43,7 +43,7 @@ static int net_ctl_permissions(struct ctl_table_root *root, - struct ctl_table *table) - { +@@ -46,7 +46,7 @@ static int net_ctl_permissions(struct ctl_table_header *head, + kgid_t root_gid = make_kgid(net->user_ns, 0); + /* Allow network administrator to have same access as root. */ -- if (capable(CAP_NET_ADMIN)) { -+ if (capable_nolog(CAP_NET_ADMIN)) { +- if (ns_capable(net->user_ns, CAP_NET_ADMIN) || ++ if (ns_capable_nolog(net->user_ns, CAP_NET_ADMIN) || + uid_eq(root_uid, current_uid())) { int mode = (table->mode >> 6) & 7; return (mode << 6) | (mode << 3) | mode; - } diff --git a/net/tipc/link.c b/net/tipc/link.c -index a79c755..eca357d 100644 +index daa6080..02d357f 100644 --- a/net/tipc/link.c +++ b/net/tipc/link.c -@@ -1169,7 +1169,7 @@ static int link_send_sections_long(struct tipc_port *sender, +@@ -1201,7 +1201,7 @@ static int link_send_sections_long(struct tipc_port *sender, struct tipc_msg fragm_hdr; struct sk_buff *buf, *buf_chain, *prev; u32 fragm_crs, fragm_rest, hsz, sect_rest; @@ -82130,7 +83207,7 @@ index a79c755..eca357d 100644 int curr_sect; u32 fragm_no; -@@ -1210,7 +1210,7 @@ again: +@@ -1242,7 +1242,7 @@ again: if (!sect_rest) { sect_rest = msg_sect[++curr_sect].iov_len; @@ -82139,7 +83216,7 @@ index a79c755..eca357d 100644 } if (sect_rest < fragm_rest) -@@ -1229,7 +1229,7 @@ error: +@@ -1261,7 +1261,7 @@ error: } } else skb_copy_to_linear_data_offset(buf, fragm_crs, @@ -82162,7 +83239,7 @@ index f2db8a8..9245aa4 100644 pos += msg_sect[cnt].iov_len; } diff --git a/net/tipc/subscr.c b/net/tipc/subscr.c -index 0f7d0d0..00f89bf 100644 +index 6b42d47..2ac24d5 100644 --- a/net/tipc/subscr.c +++ b/net/tipc/subscr.c @@ -96,7 +96,7 @@ static void subscr_send_event(struct tipc_subscription *sub, @@ -82262,7 +83339,7 @@ index c8717c1..08539f5 100644 iwp->length += essid_compat; diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c -index 41eabc4..8d4e6d6 100644 +index 07c5857..edc6dc0 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -317,7 +317,7 @@ static void xfrm_policy_kill(struct xfrm_policy *policy) @@ -82499,12 +83576,12 @@ index cb1f50c..cef2a7c 100644 fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianess? %#x\n", diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh new file mode 100644 -index 0000000..008ac1a +index 0000000..5e0222d --- /dev/null +++ b/scripts/gcc-plugin.sh @@ -0,0 +1,17 @@ +#!/bin/bash -+plugincc=`$1 -x c -shared - -o /dev/null -I\`$3 -print-file-name=plugin\`/include 2>&1 <<EOF ++plugincc=`$1 -E -shared - -o /dev/null -I\`$3 -print-file-name=plugin\`/include 2>&1 <<EOF +#include "gcc-plugin.h" +#include "tree.h" +#include "tm.h" @@ -82601,10 +83678,10 @@ index df4fc23..0ea719d 100644 sprintf(alias, "dmi*"); diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c -index 0d93856..e828363 100644 +index ff36c50..7ab4fa9 100644 --- a/scripts/mod/modpost.c +++ b/scripts/mod/modpost.c -@@ -933,6 +933,7 @@ enum mismatch { +@@ -929,6 +929,7 @@ enum mismatch { ANY_INIT_TO_ANY_EXIT, ANY_EXIT_TO_ANY_INIT, EXPORT_TO_INIT_EXIT, @@ -82612,7 +83689,7 @@ index 0d93856..e828363 100644 }; struct sectioncheck { -@@ -1047,6 +1048,12 @@ const struct sectioncheck sectioncheck[] = { +@@ -1043,6 +1044,12 @@ const struct sectioncheck sectioncheck[] = { .tosec = { INIT_SECTIONS, EXIT_SECTIONS, NULL }, .mismatch = EXPORT_TO_INIT_EXIT, .symbol_white_list = { DEFAULT_SYMBOL_WHITE_LIST, NULL }, @@ -82625,7 +83702,7 @@ index 0d93856..e828363 100644 } }; -@@ -1169,10 +1176,10 @@ static Elf_Sym *find_elf_symbol(struct elf_info *elf, Elf64_Sword addr, +@@ -1165,10 +1172,10 @@ static Elf_Sym *find_elf_symbol(struct elf_info *elf, Elf64_Sword addr, continue; if (ELF_ST_TYPE(sym->st_info) == STT_SECTION) continue; @@ -82638,7 +83715,7 @@ index 0d93856..e828363 100644 if (d < 0) d = addr - sym->st_value; if (d < distance) { -@@ -1451,6 +1458,14 @@ static void report_sec_mismatch(const char *modname, +@@ -1447,6 +1454,14 @@ static void report_sec_mismatch(const char *modname, tosym, prl_to, prl_to, tosym); free(prl_to); break; @@ -82653,7 +83730,7 @@ index 0d93856..e828363 100644 } fprintf(stderr, "\n"); } -@@ -1685,7 +1700,7 @@ static void section_rel(const char *modname, struct elf_info *elf, +@@ -1681,7 +1696,7 @@ static void section_rel(const char *modname, struct elf_info *elf, static void check_sec_ref(struct module *mod, const char *modname, struct elf_info *elf) { @@ -82662,7 +83739,7 @@ index 0d93856..e828363 100644 Elf_Shdr *sechdrs = elf->sechdrs; /* Walk through all sections */ -@@ -1783,7 +1798,7 @@ void __attribute__((format(printf, 2, 3))) buf_printf(struct buffer *buf, +@@ -1779,7 +1794,7 @@ void __attribute__((format(printf, 2, 3))) buf_printf(struct buffer *buf, va_end(ap); } @@ -82671,7 +83748,7 @@ index 0d93856..e828363 100644 { if (buf->size - buf->pos < len) { buf->size += len + SZ; -@@ -2001,7 +2016,7 @@ static void write_if_changed(struct buffer *b, const char *fname) +@@ -1997,7 +2012,7 @@ static void write_if_changed(struct buffer *b, const char *fname) if (fstat(fileno(file), &st) < 0) goto close_write; @@ -82717,10 +83794,10 @@ index 9dfcd6d..099068e 100644 filename, strerror(errno)); goto out; diff --git a/scripts/pnmtologo.c b/scripts/pnmtologo.c -index 5c11312..72742b5 100644 +index 68bb4ef..2f419e1 100644 --- a/scripts/pnmtologo.c +++ b/scripts/pnmtologo.c -@@ -237,14 +237,14 @@ static void write_header(void) +@@ -244,14 +244,14 @@ static void write_header(void) fprintf(out, " * Linux logo %s\n", logoname); fputs(" */\n\n", out); fputs("#include <linux/linux_logo.h>\n\n", out); @@ -82737,7 +83814,7 @@ index 5c11312..72742b5 100644 fprintf(out, "\t.type\t\t= %s,\n", logo_types[logo_type]); fprintf(out, "\t.width\t\t= %d,\n", logo_width); fprintf(out, "\t.height\t\t= %d,\n", logo_height); -@@ -374,7 +374,7 @@ static void write_logo_clut224(void) +@@ -381,7 +381,7 @@ static void write_logo_clut224(void) fputs("\n};\n\n", out); /* write logo clut */ @@ -82747,7 +83824,7 @@ index 5c11312..72742b5 100644 write_hex_cnt = 0; for (i = 0; i < logo_clutsize; i++) { diff --git a/security/Kconfig b/security/Kconfig -index e9c6ac7..01c698c 100644 +index e9c6ac7..ab9590d 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -4,6 +4,902 @@ @@ -83328,7 +84405,7 @@ index e9c6ac7..01c698c 100644 +config PAX_KERNEXEC + bool "Enforce non-executable kernel pages" + default y if GRKERNSEC_CONFIG_AUTO && (GRKERNSEC_CONFIG_VIRT_NONE || (GRKERNSEC_CONFIG_VIRT_EPT && GRKERNSEC_CONFIG_VIRT_GUEST) || (GRKERNSEC_CONFIG_VIRT_EPT && GRKERNSEC_CONFIG_VIRT_KVM)) -+ depends on (X86 || ARM_LPAE) && (!X86_32 || X86_WP_WORKS_OK) && !XEN ++ depends on ((X86 && (!X86_32 || X86_WP_WORKS_OK)) || (ARM && (CPU_V6 || CPU_V7) && !(ARM_LPAE && MODULES))) && !XEN + select PAX_PER_CPU_PGD if X86_64 || (X86_32 && X86_PAE) + select PAX_KERNEXEC_PLUGIN if X86_64 + help @@ -83530,8 +84607,8 @@ index e9c6ac7..01c698c 100644 + +config PAX_MEMORY_UDEREF + bool "Prevent invalid userland pointer dereference" -+ default y if GRKERNSEC_CONFIG_AUTO && (X86_32 || (X86_64 && GRKERNSEC_CONFIG_PRIORITY_SECURITY)) && (GRKERNSEC_CONFIG_VIRT_NONE || GRKERNSEC_CONFIG_VIRT_EPT) -+ depends on X86 && !UML_X86 && !XEN ++ default y if GRKERNSEC_CONFIG_AUTO && !(X86_64 && GRKERNSEC_CONFIG_PRIORITY_PERF) && (GRKERNSEC_CONFIG_VIRT_NONE || GRKERNSEC_CONFIG_VIRT_EPT) ++ depends on (X86 || (ARM && (CPU_V6 || CPU_V7) && !ARM_LPAE)) && !UML_X86 && !XEN + select PAX_PER_CPU_PGD if X86_64 + help + By saying Y here the kernel will be prevented from dereferencing @@ -83676,10 +84753,10 @@ index 8c2a7f6..b133ac9 100644 .ptrace_access_check = apparmor_ptrace_access_check, diff --git a/security/commoncap.c b/security/commoncap.c -index 6dbae46..d5611fd 100644 +index 7ee08c7..8d1a9d6 100644 --- a/security/commoncap.c +++ b/security/commoncap.c -@@ -415,6 +415,32 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data +@@ -424,6 +424,32 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data return 0; } @@ -83712,7 +84789,7 @@ index 6dbae46..d5611fd 100644 /* * Attempt to get the on-exec apply capability sets for an executable file from * its xattrs and, if present, apply them to the proposed credentials being -@@ -583,6 +609,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm) +@@ -592,6 +618,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm) const struct cred *cred = current_cred(); kuid_t root_uid = make_kuid(cred->user_ns, 0); @@ -83723,7 +84800,7 @@ index 6dbae46..d5611fd 100644 if (bprm->cap_effective) return 1; diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h -index 6ee8826..6350060 100644 +index 079a85d..12e93f8 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -96,8 +96,8 @@ void ima_add_violation(struct inode *inode, const unsigned char *filename, @@ -83738,7 +84815,7 @@ index 6ee8826..6350060 100644 }; extern struct ima_h_table ima_htable; diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c -index b356884..fd9676e 100644 +index 0cea3db..2f0ef77 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -79,7 +79,7 @@ void ima_add_violation(struct inode *inode, const unsigned char *filename, @@ -83796,7 +84873,7 @@ index 1c26176..64a1ba2 100644 if (iov != iovstack) kfree(iov); diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c -index 5d34b4e..2456674 100644 +index 4b5c948..2054dc1 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c @@ -986,7 +986,7 @@ static int keyctl_change_reqkey_auth(struct key *key) @@ -83832,11 +84909,11 @@ index 5d34b4e..2456674 100644 - ret = keyctl_instantiate_key_common(id, iov, ioc, ret, ringid); + ret = keyctl_instantiate_key_common(id, (const struct iovec __force_user *)iov, ioc, ret, ringid); - + err: if (iov != iovstack) kfree(iov); diff --git a/security/keys/keyring.c b/security/keys/keyring.c -index 6e42df1..aba52bd 100644 +index 6ece7f2..ecdb55c 100644 --- a/security/keys/keyring.c +++ b/security/keys/keyring.c @@ -227,16 +227,16 @@ static long keyring_read(const struct key *keyring, @@ -83880,7 +84957,7 @@ index f728728..6457a0c 100644 /* diff --git a/security/security.c b/security/security.c -index 8dcd4ae..1124de7 100644 +index 7b88c6a..1e3ea8f 100644 --- a/security/security.c +++ b/security/security.c @@ -20,6 +20,7 @@ @@ -83913,7 +84990,7 @@ index 8dcd4ae..1124de7 100644 /* Save user chosen LSM */ diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c -index 61a5336..27215d8 100644 +index ef26e96..642fb78 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -95,8 +95,6 @@ @@ -83925,7 +85002,7 @@ index 61a5336..27215d8 100644 /* SECMARK reference count */ static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0); -@@ -5476,7 +5474,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer) +@@ -5501,7 +5499,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer) #endif @@ -84105,7 +85182,7 @@ index 4c1cc51..16040040 100644 } } else if (runtime->access == SNDRV_PCM_ACCESS_RW_NONINTERLEAVED) { diff --git a/sound/core/pcm_compat.c b/sound/core/pcm_compat.c -index 91cdf943..4085161 100644 +index af49721..e85058e 100644 --- a/sound/core/pcm_compat.c +++ b/sound/core/pcm_compat.c @@ -31,7 +31,7 @@ static int snd_pcm_ioctl_delay_compat(struct snd_pcm_substream *substream, @@ -84118,10 +85195,10 @@ index 91cdf943..4085161 100644 if (err < 0) return err; diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c -index f9ddecf..e27404d 100644 +index 09b4286..8620fac 100644 --- a/sound/core/pcm_native.c +++ b/sound/core/pcm_native.c -@@ -2804,11 +2804,11 @@ int snd_pcm_kernel_ioctl(struct snd_pcm_substream *substream, +@@ -2806,11 +2806,11 @@ int snd_pcm_kernel_ioctl(struct snd_pcm_substream *substream, switch (substream->stream) { case SNDRV_PCM_STREAM_PLAYBACK: result = snd_pcm_playback_ioctl1(NULL, substream, cmd, @@ -84136,7 +85213,7 @@ index f9ddecf..e27404d 100644 default: result = -EINVAL; diff --git a/sound/core/seq/seq_device.c b/sound/core/seq/seq_device.c -index 60e8fc1..786abcb 100644 +index 040c60e..989a19a 100644 --- a/sound/core/seq/seq_device.c +++ b/sound/core/seq/seq_device.c @@ -64,7 +64,7 @@ struct ops_list { @@ -84146,7 +85223,7 @@ index 60e8fc1..786abcb 100644 - struct snd_seq_dev_ops ops; + struct snd_seq_dev_ops *ops; - /* registred devices */ + /* registered devices */ struct list_head dev_list; /* list of devices */ @@ -333,7 +333,7 @@ int snd_seq_device_register_driver(char *id, struct snd_seq_dev_ops *entry, @@ -84176,7 +85253,7 @@ index 60e8fc1..786abcb 100644 dev->driver_data = NULL; ops->num_init_devices--; diff --git a/sound/drivers/mts64.c b/sound/drivers/mts64.c -index 2d5514b..3afae9c 100644 +index 4e0dd22..7a1f32c 100644 --- a/sound/drivers/mts64.c +++ b/sound/drivers/mts64.c @@ -29,6 +29,7 @@ @@ -84249,7 +85326,7 @@ index b953fb4..1999c01 100644 int timeout = 10; while ((inb(opl4->fm_port) & OPL4_STATUS_BUSY) && --timeout > 0) diff --git a/sound/drivers/portman2x4.c b/sound/drivers/portman2x4.c -index 8364855..59f2e2b 100644 +index 991018d..8984740 100644 --- a/sound/drivers/portman2x4.c +++ b/sound/drivers/portman2x4.c @@ -48,6 +48,7 @@ @@ -84348,11 +85425,44 @@ index d428ffe..751ef78 100644 break; default: return -EINVAL; +diff --git a/sound/firewire/scs1x.c b/sound/firewire/scs1x.c +index 844a555..985ab83 100644 +--- a/sound/firewire/scs1x.c ++++ b/sound/firewire/scs1x.c +@@ -74,7 +74,7 @@ static void scs_output_trigger(struct snd_rawmidi_substream *stream, int up) + { + struct scs *scs = stream->rmidi->private_data; + +- ACCESS_ONCE(scs->output) = up ? stream : NULL; ++ ACCESS_ONCE_RW(scs->output) = up ? stream : NULL; + if (up) { + scs->output_idle = false; + tasklet_schedule(&scs->tasklet); +@@ -257,7 +257,7 @@ static void scs_input_trigger(struct snd_rawmidi_substream *stream, int up) + { + struct scs *scs = stream->rmidi->private_data; + +- ACCESS_ONCE(scs->input) = up ? stream : NULL; ++ ACCESS_ONCE_RW(scs->input) = up ? stream : NULL; + } + + static void scs_input_escaped_byte(struct snd_rawmidi_substream *stream, +@@ -457,8 +457,8 @@ static int scs_remove(struct device *dev) + + snd_card_disconnect(scs->card); + +- ACCESS_ONCE(scs->output) = NULL; +- ACCESS_ONCE(scs->input) = NULL; ++ ACCESS_ONCE_RW(scs->output) = NULL; ++ ACCESS_ONCE_RW(scs->input) = NULL; + + wait_event(scs->idle_wait, scs->output_idle); + diff --git a/sound/oss/sb_audio.c b/sound/oss/sb_audio.c -index b2b3c01..e1c1e1f 100644 +index 048439a..3be9f6f 100644 --- a/sound/oss/sb_audio.c +++ b/sound/oss/sb_audio.c -@@ -903,7 +903,7 @@ sb16_copy_from_user(int dev, +@@ -904,7 +904,7 @@ sb16_copy_from_user(int dev, buf16 = (signed short *)(localbuf + localoffs); while (c) { @@ -84413,10 +85523,10 @@ index 4631a23..001ae57 100644 const struct firmware *dsp_microcode; const struct firmware *controller_microcode; diff --git a/sound/pci/ymfpci/ymfpci_main.c b/sound/pci/ymfpci/ymfpci_main.c -index 3a6f03f..bc5c86c 100644 +index 22056c5..25d3244 100644 --- a/sound/pci/ymfpci/ymfpci_main.c +++ b/sound/pci/ymfpci/ymfpci_main.c -@@ -203,8 +203,8 @@ static void snd_ymfpci_hw_stop(struct snd_ymfpci *chip) +@@ -202,8 +202,8 @@ static void snd_ymfpci_hw_stop(struct snd_ymfpci *chip) if ((snd_ymfpci_readl(chip, YDSXGR_STATUS) & 2) == 0) break; } @@ -84427,7 +85537,7 @@ index 3a6f03f..bc5c86c 100644 wake_up(&chip->interrupt_sleep); } __end: -@@ -788,7 +788,7 @@ static void snd_ymfpci_irq_wait(struct snd_ymfpci *chip) +@@ -787,7 +787,7 @@ static void snd_ymfpci_irq_wait(struct snd_ymfpci *chip) continue; init_waitqueue_entry(&wait, current); add_wait_queue(&chip->interrupt_sleep, &wait); @@ -84436,7 +85546,7 @@ index 3a6f03f..bc5c86c 100644 schedule_timeout_uninterruptible(msecs_to_jiffies(50)); remove_wait_queue(&chip->interrupt_sleep, &wait); } -@@ -826,8 +826,8 @@ static irqreturn_t snd_ymfpci_interrupt(int irq, void *dev_id) +@@ -825,8 +825,8 @@ static irqreturn_t snd_ymfpci_interrupt(int irq, void *dev_id) snd_ymfpci_writel(chip, YDSXGR_MODE, mode); spin_unlock(&chip->reg_lock); @@ -84447,7 +85557,7 @@ index 3a6f03f..bc5c86c 100644 wake_up(&chip->interrupt_sleep); } } -@@ -2420,7 +2420,7 @@ int __devinit snd_ymfpci_create(struct snd_card *card, +@@ -2421,7 +2421,7 @@ int snd_ymfpci_create(struct snd_card *card, spin_lock_init(&chip->reg_lock); spin_lock_init(&chip->voice_lock); init_waitqueue_head(&chip->interrupt_sleep); @@ -84848,7 +85958,7 @@ index 0000000..414fe5e +} diff --git a/tools/gcc/constify_plugin.c b/tools/gcc/constify_plugin.c new file mode 100644 -index 0000000..c415c9d +index 0000000..8bd6f995 --- /dev/null +++ b/tools/gcc/constify_plugin.c @@ -0,0 +1,359 @@ @@ -84901,7 +86011,7 @@ index 0000000..c415c9d + return strip_array_types(TREE_TYPE(field)); +} + -+static bool walk_struct(tree node); ++static bool walk_struct(tree node, bool all); +static void deconstify_tree(tree node); + +static void deconstify_type(tree type) @@ -84915,7 +86025,7 @@ index 0000000..c415c9d + continue; + if (!TYPE_READONLY(fieldtype)) + continue; -+ if (!walk_struct(fieldtype)) ++ if (!walk_struct(fieldtype, true)) + continue; + + deconstify_tree(field); @@ -85063,7 +86173,7 @@ index 0000000..c415c9d + return TREE_CODE(TREE_TYPE(ptr)) == FUNCTION_TYPE; +} + -+static bool walk_struct(tree node) ++static bool walk_struct(tree node, bool all) +{ + tree field; + @@ -85086,9 +86196,9 @@ index 0000000..c415c9d + if (node == type) + return false; + if (code == RECORD_TYPE || code == UNION_TYPE) { -+ if (!(walk_struct(type))) ++ if (!(walk_struct(type, all))) + return false; -+ } else if (!is_fptr(field) && !TREE_READONLY(field)) ++ } else if (!is_fptr(field) && (!all || !TREE_READONLY(field))) + return false; + } + return true; @@ -85104,7 +86214,7 @@ index 0000000..c415c9d + if (TYPE_READONLY(type)) + return; + -+ if (walk_struct(type)) ++ if (walk_struct(type, true)) + constify_type(type); + else + deconstify_type(type); @@ -85145,7 +86255,7 @@ index 0000000..c415c9d + if (lookup_attribute("no_const", TYPE_ATTRIBUTES(type))) + continue; + -+ if (walk_struct(type)) { ++ if (walk_struct(type, false)) { + error_at(DECL_SOURCE_LOCATION(var), "constified variable %qE cannot be local", var); + ret = 1; + } @@ -92297,7 +93407,7 @@ index 6789d78..4afd019e 100644 + #endif diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c -index 6e8fa7e..f0ec393 100644 +index 1cd693a..f4a7b20 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -75,12 +75,17 @@ LIST_HEAD(vm_list); @@ -92320,7 +93430,7 @@ index 6e8fa7e..f0ec393 100644 struct dentry *kvm_debugfs_dir; -@@ -726,7 +731,7 @@ int __kvm_set_memory_region(struct kvm *kvm, +@@ -731,7 +736,7 @@ int __kvm_set_memory_region(struct kvm *kvm, /* We can read the guest memory with __xxx_user() later on. */ if (user_alloc && ((mem->userspace_addr & (PAGE_SIZE - 1)) || @@ -92329,7 +93439,7 @@ index 6e8fa7e..f0ec393 100644 (void __user *)(unsigned long)mem->userspace_addr, mem->memory_size))) goto out; -@@ -1778,7 +1783,7 @@ static int kvm_vcpu_release(struct inode *inode, struct file *filp) +@@ -1783,7 +1788,7 @@ static int kvm_vcpu_release(struct inode *inode, struct file *filp) return 0; } @@ -92338,7 +93448,7 @@ index 6e8fa7e..f0ec393 100644 .release = kvm_vcpu_release, .unlocked_ioctl = kvm_vcpu_ioctl, #ifdef CONFIG_COMPAT -@@ -2326,7 +2331,7 @@ static int kvm_vm_mmap(struct file *file, struct vm_area_struct *vma) +@@ -2304,7 +2309,7 @@ static int kvm_vm_mmap(struct file *file, struct vm_area_struct *vma) return 0; } @@ -92347,7 +93457,7 @@ index 6e8fa7e..f0ec393 100644 .release = kvm_vm_release, .unlocked_ioctl = kvm_vm_ioctl, #ifdef CONFIG_COMPAT -@@ -2424,7 +2429,7 @@ out: +@@ -2402,7 +2407,7 @@ out: return r; } @@ -92356,7 +93466,7 @@ index 6e8fa7e..f0ec393 100644 .unlocked_ioctl = kvm_dev_ioctl, .compat_ioctl = kvm_dev_ioctl, .llseek = noop_llseek, -@@ -2450,7 +2455,7 @@ static void hardware_enable_nolock(void *junk) +@@ -2428,7 +2433,7 @@ static void hardware_enable_nolock(void *junk) if (r) { cpumask_clear_cpu(cpu, cpus_hardware_enabled); @@ -92365,7 +93475,7 @@ index 6e8fa7e..f0ec393 100644 printk(KERN_INFO "kvm: enabling virtualization on " "CPU%d failed\n", cpu); } -@@ -2504,10 +2509,10 @@ static int hardware_enable_all(void) +@@ -2482,10 +2487,10 @@ static int hardware_enable_all(void) kvm_usage_count++; if (kvm_usage_count == 1) { @@ -92378,7 +93488,7 @@ index 6e8fa7e..f0ec393 100644 hardware_disable_all_nolock(); r = -EBUSY; } -@@ -2865,7 +2870,7 @@ static void kvm_sched_out(struct preempt_notifier *pn, +@@ -2843,7 +2848,7 @@ static void kvm_sched_out(struct preempt_notifier *pn, kvm_arch_vcpu_put(vcpu); } @@ -92387,7 +93497,7 @@ index 6e8fa7e..f0ec393 100644 struct module *module) { int r; -@@ -2901,7 +2906,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, +@@ -2879,7 +2884,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, if (!vcpu_align) vcpu_align = __alignof__(struct kvm_vcpu); kvm_vcpu_cache = kmem_cache_create("kvm_vcpu", vcpu_size, vcpu_align, @@ -92396,7 +93506,7 @@ index 6e8fa7e..f0ec393 100644 if (!kvm_vcpu_cache) { r = -ENOMEM; goto out_free_3; -@@ -2911,9 +2916,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, +@@ -2889,9 +2894,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, if (r) goto out_free; @@ -92408,7 +93518,7 @@ index 6e8fa7e..f0ec393 100644 r = misc_register(&kvm_dev); if (r) { -@@ -2923,9 +2930,6 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, +@@ -2901,9 +2908,6 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, register_syscore_ops(&kvm_syscore_ops); diff --git a/3.7.9/4425_grsec_remove_EI_PAX.patch b/3.8.0/4425_grsec_remove_EI_PAX.patch index 97e6951..97e6951 100644 --- a/3.7.9/4425_grsec_remove_EI_PAX.patch +++ b/3.8.0/4425_grsec_remove_EI_PAX.patch diff --git a/3.7.9/4430_grsec-remove-localversion-grsec.patch b/3.8.0/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.7.9/4430_grsec-remove-localversion-grsec.patch +++ b/3.8.0/4430_grsec-remove-localversion-grsec.patch diff --git a/3.7.9/4435_grsec-mute-warnings.patch b/3.8.0/4435_grsec-mute-warnings.patch index e1a7a3c..e1a7a3c 100644 --- a/3.7.9/4435_grsec-mute-warnings.patch +++ b/3.8.0/4435_grsec-mute-warnings.patch diff --git a/3.7.9/4440_grsec-remove-protected-paths.patch b/3.8.0/4440_grsec-remove-protected-paths.patch index 637934a..637934a 100644 --- a/3.7.9/4440_grsec-remove-protected-paths.patch +++ b/3.8.0/4440_grsec-remove-protected-paths.patch diff --git a/3.7.9/4450_grsec-kconfig-default-gids.patch b/3.8.0/4450_grsec-kconfig-default-gids.patch index 3dfdc8f..3dfdc8f 100644 --- a/3.7.9/4450_grsec-kconfig-default-gids.patch +++ b/3.8.0/4450_grsec-kconfig-default-gids.patch diff --git a/3.7.9/4465_selinux-avc_audit-log-curr_ip.patch b/3.8.0/4465_selinux-avc_audit-log-curr_ip.patch index 5b614b1..5b614b1 100644 --- a/3.7.9/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.8.0/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.7.9/4470_disable-compat_vdso.patch b/3.8.0/4470_disable-compat_vdso.patch index 1037ba9..1037ba9 100644 --- a/3.7.9/4470_disable-compat_vdso.patch +++ b/3.8.0/4470_disable-compat_vdso.patch |