summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnthony G. Basile <blueness@gentoo.org>2016-07-06 20:56:27 -0400
committerAnthony G. Basile <blueness@gentoo.org>2016-07-06 20:56:27 -0400
commiteab284e29f3b6bd1802dadd67906af1d0435687b (patch)
tree593ee6d824f680c46b3732732a57120bcb78cae9
parentgrsecurity-3.1-4.5.7-201606302132 (diff)
downloadhardened-patchset-eab284e29f3b6bd1802dadd67906af1d0435687b.tar.gz
hardened-patchset-eab284e29f3b6bd1802dadd67906af1d0435687b.tar.bz2
hardened-patchset-eab284e29f3b6bd1802dadd67906af1d0435687b.zip
grsecurity-3.1-4.6.3-20160706082320160706
-rw-r--r--4.6.3/0000_README (renamed from 4.5.7/0000_README)12
-rw-r--r--4.6.3/1002_linux-4.6.3.patch4713
-rw-r--r--4.6.3/4420_grsecurity-3.1-4.6.3-201607060823.patch (renamed from 4.5.7/4420_grsecurity-3.1-4.5.7-201606302132.patch)15496
-rw-r--r--4.6.3/4425_grsec_remove_EI_PAX.patch (renamed from 4.5.7/4425_grsec_remove_EI_PAX.patch)0
-rw-r--r--4.6.3/4427_force_XATTR_PAX_tmpfs.patch (renamed from 4.5.7/4427_force_XATTR_PAX_tmpfs.patch)8
-rw-r--r--4.6.3/4430_grsec-remove-localversion-grsec.patch (renamed from 4.5.7/4430_grsec-remove-localversion-grsec.patch)0
-rw-r--r--4.6.3/4435_grsec-mute-warnings.patch (renamed from 4.5.7/4435_grsec-mute-warnings.patch)0
-rw-r--r--4.6.3/4440_grsec-remove-protected-paths.patch (renamed from 4.5.7/4440_grsec-remove-protected-paths.patch)0
-rw-r--r--4.6.3/4450_grsec-kconfig-default-gids.patch (renamed from 4.5.7/4450_grsec-kconfig-default-gids.patch)0
-rw-r--r--4.6.3/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 4.5.7/4465_selinux-avc_audit-log-curr_ip.patch)0
-rw-r--r--4.6.3/4470_disable-compat_vdso.patch (renamed from 4.5.7/4470_disable-compat_vdso.patch)2
-rw-r--r--4.6.3/4475_emutramp_default_on.patch (renamed from 4.5.7/4475_emutramp_default_on.patch)0
12 files changed, 12391 insertions, 7840 deletions
diff --git a/4.5.7/0000_README b/4.6.3/0000_README
index cd47bdd..a40de90 100644
--- a/4.5.7/0000_README
+++ b/4.6.3/0000_README
@@ -2,7 +2,11 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.1-4.5.7-201606302132.patch
+Patch: 1002_linux-4.6.3.patch
+From: http://www.kernel.org
+Desc: Linux 4.6.3
+
+Patch: 4420_grsecurity-3.1-4.6.3-201607060823.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
@@ -39,6 +43,6 @@ From: Gordon Malm <gengor@gentoo.org>
Kerin Millar <kerframil@gmail.com>
Desc: Disables VDSO_COMPAT operation completely
-Patch: 4475_emutramp_default_on.patch
-From: Anthony G. Basile <blueness@gentoo.org>
-Desc: Set PAX_EMUTRAMP default on for libffi, bugs #329499 and #457194
+Patch: 4475_emutramp_default_on.patch
+From: Anthony G. Basile <blueness@gentoo.org>
+Desc: Set PAX_EMUTRAMP default on for libffi, bugs #329499 and #457194
diff --git a/4.6.3/1002_linux-4.6.3.patch b/4.6.3/1002_linux-4.6.3.patch
new file mode 100644
index 0000000..f999198
--- /dev/null
+++ b/4.6.3/1002_linux-4.6.3.patch
@@ -0,0 +1,4713 @@
+diff --git a/Makefile b/Makefile
+index 93068c2..c62b531 100644
+--- a/Makefile
++++ b/Makefile
+@@ -1,6 +1,6 @@
+ VERSION = 4
+ PATCHLEVEL = 6
+-SUBLEVEL = 2
++SUBLEVEL = 3
+ EXTRAVERSION =
+ NAME = Charred Weasel
+
+diff --git a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c
+index ef9119f..4d93758 100644
+--- a/arch/arm/kernel/ptrace.c
++++ b/arch/arm/kernel/ptrace.c
+@@ -733,8 +733,8 @@ static int vfp_set(struct task_struct *target,
+ if (ret)
+ return ret;
+
+- vfp_flush_hwstate(thread);
+ thread->vfpstate.hard = new_vfp;
++ vfp_flush_hwstate(thread);
+
+ return 0;
+ }
+diff --git a/arch/arm64/include/asm/elf.h b/arch/arm64/include/asm/elf.h
+index 24ed037..83d48a5 100644
+--- a/arch/arm64/include/asm/elf.h
++++ b/arch/arm64/include/asm/elf.h
+@@ -160,14 +160,14 @@ extern int arch_setup_additional_pages(struct linux_binprm *bprm,
+ #define STACK_RND_MASK (0x3ffff >> (PAGE_SHIFT - 12))
+ #endif
+
+-#ifdef CONFIG_COMPAT
+-
+ #ifdef __AARCH64EB__
+ #define COMPAT_ELF_PLATFORM ("v8b")
+ #else
+ #define COMPAT_ELF_PLATFORM ("v8l")
+ #endif
+
++#ifdef CONFIG_COMPAT
++
+ #define COMPAT_ELF_ET_DYN_BASE (2 * TASK_SIZE_32 / 3)
+
+ /* AArch32 registers. */
+diff --git a/arch/arm64/kernel/cpuinfo.c b/arch/arm64/kernel/cpuinfo.c
+index f0c3fb7..2d2d7cb 100644
+--- a/arch/arm64/kernel/cpuinfo.c
++++ b/arch/arm64/kernel/cpuinfo.c
+@@ -22,6 +22,8 @@
+
+ #include <linux/bitops.h>
+ #include <linux/bug.h>
++#include <linux/compat.h>
++#include <linux/elf.h>
+ #include <linux/init.h>
+ #include <linux/kernel.h>
+ #include <linux/personality.h>
+@@ -104,6 +106,7 @@ static const char *const compat_hwcap2_str[] = {
+ static int c_show(struct seq_file *m, void *v)
+ {
+ int i, j;
++ bool compat = personality(current->personality) == PER_LINUX32;
+
+ for_each_online_cpu(i) {
+ struct cpuinfo_arm64 *cpuinfo = &per_cpu(cpu_data, i);
+@@ -115,6 +118,9 @@ static int c_show(struct seq_file *m, void *v)
+ * "processor". Give glibc what it expects.
+ */
+ seq_printf(m, "processor\t: %d\n", i);
++ if (compat)
++ seq_printf(m, "model name\t: ARMv8 Processor rev %d (%s)\n",
++ MIDR_REVISION(midr), COMPAT_ELF_PLATFORM);
+
+ seq_printf(m, "BogoMIPS\t: %lu.%02lu\n",
+ loops_per_jiffy / (500000UL/HZ),
+@@ -127,7 +133,7 @@ static int c_show(struct seq_file *m, void *v)
+ * software which does already (at least for 32-bit).
+ */
+ seq_puts(m, "Features\t:");
+- if (personality(current->personality) == PER_LINUX32) {
++ if (compat) {
+ #ifdef CONFIG_COMPAT
+ for (j = 0; compat_hwcap_str[j]; j++)
+ if (compat_elf_hwcap & (1 << j))
+diff --git a/arch/arm64/kvm/hyp/vgic-v3-sr.c b/arch/arm64/kvm/hyp/vgic-v3-sr.c
+index fff7cd4..3129df9 100644
+--- a/arch/arm64/kvm/hyp/vgic-v3-sr.c
++++ b/arch/arm64/kvm/hyp/vgic-v3-sr.c
+@@ -190,12 +190,11 @@ void __hyp_text __vgic_v3_save_state(struct kvm_vcpu *vcpu)
+ if (!(vcpu->arch.vgic_cpu.live_lrs & (1UL << i)))
+ continue;
+
+- if (cpu_if->vgic_elrsr & (1 << i)) {
++ if (cpu_if->vgic_elrsr & (1 << i))
+ cpu_if->vgic_lr[i] &= ~ICH_LR_STATE;
+- continue;
+- }
++ else
++ cpu_if->vgic_lr[i] = __gic_v3_get_lr(i);
+
+- cpu_if->vgic_lr[i] = __gic_v3_get_lr(i);
+ __gic_v3_set_lr(0, i);
+ }
+
+diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c
+index 3ae4a28..10b79e9 100644
+--- a/arch/arm64/mm/fault.c
++++ b/arch/arm64/mm/fault.c
+@@ -109,7 +109,7 @@ int ptep_set_access_flags(struct vm_area_struct *vma,
+ * PTE_RDONLY is cleared by default in the asm below, so set it in
+ * back if necessary (read-only or clean PTE).
+ */
+- if (!pte_write(entry) || !dirty)
++ if (!pte_write(entry) || !pte_sw_dirty(entry))
+ pte_val(entry) |= PTE_RDONLY;
+
+ /*
+diff --git a/arch/parisc/kernel/unaligned.c b/arch/parisc/kernel/unaligned.c
+index d7c0acb..8d49614 100644
+--- a/arch/parisc/kernel/unaligned.c
++++ b/arch/parisc/kernel/unaligned.c
+@@ -666,7 +666,7 @@ void handle_unaligned(struct pt_regs *regs)
+ break;
+ }
+
+- if (modify && R1(regs->iir))
++ if (ret == 0 && modify && R1(regs->iir))
+ regs->gr[R1(regs->iir)] = newbase;
+
+
+@@ -677,6 +677,14 @@ void handle_unaligned(struct pt_regs *regs)
+
+ if (ret)
+ {
++ /*
++ * The unaligned handler failed.
++ * If we were called by __get_user() or __put_user() jump
++ * to it's exception fixup handler instead of crashing.
++ */
++ if (!user_mode(regs) && fixup_exception(regs))
++ return;
++
+ printk(KERN_CRIT "Unaligned handler failed, ret = %d\n", ret);
+ die_if_kernel("Unaligned data reference", regs, 28);
+
+diff --git a/arch/powerpc/include/asm/reg.h b/arch/powerpc/include/asm/reg.h
+index f5f4c66..166d863 100644
+--- a/arch/powerpc/include/asm/reg.h
++++ b/arch/powerpc/include/asm/reg.h
+@@ -715,7 +715,7 @@
+ #define MMCR0_FCWAIT 0x00000002UL /* freeze counter in WAIT state */
+ #define MMCR0_FCHV 0x00000001UL /* freeze conditions in hypervisor mode */
+ #define SPRN_MMCR1 798
+-#define SPRN_MMCR2 769
++#define SPRN_MMCR2 785
+ #define SPRN_MMCRA 0x312
+ #define MMCRA_SDSYNC 0x80000000UL /* SDAR synced with SIAR */
+ #define MMCRA_SDAR_DCACHE_MISS 0x40000000UL
+@@ -752,13 +752,13 @@
+ #define SPRN_PMC6 792
+ #define SPRN_PMC7 793
+ #define SPRN_PMC8 794
+-#define SPRN_SIAR 780
+-#define SPRN_SDAR 781
+ #define SPRN_SIER 784
+ #define SIER_SIPR 0x2000000 /* Sampled MSR_PR */
+ #define SIER_SIHV 0x1000000 /* Sampled MSR_HV */
+ #define SIER_SIAR_VALID 0x0400000 /* SIAR contents valid */
+ #define SIER_SDAR_VALID 0x0200000 /* SDAR contents valid */
++#define SPRN_SIAR 796
++#define SPRN_SDAR 797
+ #define SPRN_TACR 888
+ #define SPRN_TCSCR 889
+ #define SPRN_CSIGR 890
+diff --git a/arch/powerpc/kernel/prom_init.c b/arch/powerpc/kernel/prom_init.c
+index da51925..ccd2037 100644
+--- a/arch/powerpc/kernel/prom_init.c
++++ b/arch/powerpc/kernel/prom_init.c
+@@ -656,6 +656,7 @@ unsigned char ibm_architecture_vec[] = {
+ W(0xffff0000), W(0x003e0000), /* POWER6 */
+ W(0xffff0000), W(0x003f0000), /* POWER7 */
+ W(0xffff0000), W(0x004b0000), /* POWER8E */
++ W(0xffff0000), W(0x004c0000), /* POWER8NVL */
+ W(0xffff0000), W(0x004d0000), /* POWER8 */
+ W(0xffffffff), W(0x0f000004), /* all 2.07-compliant */
+ W(0xffffffff), W(0x0f000003), /* all 2.06-compliant */
+diff --git a/arch/powerpc/mm/hash_utils_64.c b/arch/powerpc/mm/hash_utils_64.c
+index 7635b1c..f4acba2 100644
+--- a/arch/powerpc/mm/hash_utils_64.c
++++ b/arch/powerpc/mm/hash_utils_64.c
+@@ -159,6 +159,19 @@ static struct mmu_psize_def mmu_psize_defaults_gp[] = {
+ },
+ };
+
++/*
++ * 'R' and 'C' update notes:
++ * - Under pHyp or KVM, the updatepp path will not set C, thus it *will*
++ * create writeable HPTEs without C set, because the hcall H_PROTECT
++ * that we use in that case will not update C
++ * - The above is however not a problem, because we also don't do that
++ * fancy "no flush" variant of eviction and we use H_REMOVE which will
++ * do the right thing and thus we don't have the race I described earlier
++ *
++ * - Under bare metal, we do have the race, so we need R and C set
++ * - We make sure R is always set and never lost
++ * - C is _PAGE_DIRTY, and *should* always be set for a writeable mapping
++ */
+ unsigned long htab_convert_pte_flags(unsigned long pteflags)
+ {
+ unsigned long rflags = 0;
+@@ -180,9 +193,14 @@ unsigned long htab_convert_pte_flags(unsigned long pteflags)
+ rflags |= 0x1;
+ }
+ /*
+- * Always add "C" bit for perf. Memory coherence is always enabled
++ * We can't allow hardware to update hpte bits. Hence always
++ * set 'R' bit and set 'C' if it is a write fault
++ * Memory coherence is always enabled
+ */
+- rflags |= HPTE_R_C | HPTE_R_M;
++ rflags |= HPTE_R_R | HPTE_R_M;
++
++ if (pteflags & _PAGE_DIRTY)
++ rflags |= HPTE_R_C;
+ /*
+ * Add in WIG bits
+ */
+diff --git a/arch/powerpc/platforms/pseries/eeh_pseries.c b/arch/powerpc/platforms/pseries/eeh_pseries.c
+index ac3ffd9..405baaf 100644
+--- a/arch/powerpc/platforms/pseries/eeh_pseries.c
++++ b/arch/powerpc/platforms/pseries/eeh_pseries.c
+@@ -615,29 +615,50 @@ static int pseries_eeh_configure_bridge(struct eeh_pe *pe)
+ {
+ int config_addr;
+ int ret;
++ /* Waiting 0.2s maximum before skipping configuration */
++ int max_wait = 200;
+
+ /* Figure out the PE address */
+ config_addr = pe->config_addr;
+ if (pe->addr)
+ config_addr = pe->addr;
+
+- /* Use new configure-pe function, if supported */
+- if (ibm_configure_pe != RTAS_UNKNOWN_SERVICE) {
+- ret = rtas_call(ibm_configure_pe, 3, 1, NULL,
+- config_addr, BUID_HI(pe->phb->buid),
+- BUID_LO(pe->phb->buid));
+- } else if (ibm_configure_bridge != RTAS_UNKNOWN_SERVICE) {
+- ret = rtas_call(ibm_configure_bridge, 3, 1, NULL,
+- config_addr, BUID_HI(pe->phb->buid),
+- BUID_LO(pe->phb->buid));
+- } else {
+- return -EFAULT;
+- }
++ while (max_wait > 0) {
++ /* Use new configure-pe function, if supported */
++ if (ibm_configure_pe != RTAS_UNKNOWN_SERVICE) {
++ ret = rtas_call(ibm_configure_pe, 3, 1, NULL,
++ config_addr, BUID_HI(pe->phb->buid),
++ BUID_LO(pe->phb->buid));
++ } else if (ibm_configure_bridge != RTAS_UNKNOWN_SERVICE) {
++ ret = rtas_call(ibm_configure_bridge, 3, 1, NULL,
++ config_addr, BUID_HI(pe->phb->buid),
++ BUID_LO(pe->phb->buid));
++ } else {
++ return -EFAULT;
++ }
+
+- if (ret)
+- pr_warn("%s: Unable to configure bridge PHB#%d-PE#%x (%d)\n",
+- __func__, pe->phb->global_number, pe->addr, ret);
++ if (!ret)
++ return ret;
++
++ /*
++ * If RTAS returns a delay value that's above 100ms, cut it
++ * down to 100ms in case firmware made a mistake. For more
++ * on how these delay values work see rtas_busy_delay_time
++ */
++ if (ret > RTAS_EXTENDED_DELAY_MIN+2 &&
++ ret <= RTAS_EXTENDED_DELAY_MAX)
++ ret = RTAS_EXTENDED_DELAY_MIN+2;
++
++ max_wait -= rtas_busy_delay_time(ret);
++
++ if (max_wait < 0)
++ break;
++
++ rtas_busy_delay(ret);
++ }
+
++ pr_warn("%s: Unable to configure bridge PHB#%d-PE#%x (%d)\n",
++ __func__, pe->phb->global_number, pe->addr, ret);
+ return ret;
+ }
+
+diff --git a/arch/s390/net/bpf_jit.h b/arch/s390/net/bpf_jit.h
+index f010c93..fda605d 100644
+--- a/arch/s390/net/bpf_jit.h
++++ b/arch/s390/net/bpf_jit.h
+@@ -37,7 +37,7 @@ extern u8 sk_load_word[], sk_load_half[], sk_load_byte[];
+ * | | |
+ * +---------------+ |
+ * | 8 byte skbp | |
+- * R15+170 -> +---------------+ |
++ * R15+176 -> +---------------+ |
+ * | 8 byte hlen | |
+ * R15+168 -> +---------------+ |
+ * | 4 byte align | |
+@@ -58,7 +58,7 @@ extern u8 sk_load_word[], sk_load_half[], sk_load_byte[];
+ #define STK_OFF (STK_SPACE - STK_160_UNUSED)
+ #define STK_OFF_TMP 160 /* Offset of tmp buffer on stack */
+ #define STK_OFF_HLEN 168 /* Offset of SKB header length on stack */
+-#define STK_OFF_SKBP 170 /* Offset of SKB pointer on stack */
++#define STK_OFF_SKBP 176 /* Offset of SKB pointer on stack */
+
+ #define STK_OFF_R6 (160 - 11 * 8) /* Offset of r6 on stack */
+ #define STK_OFF_TCCNT (160 - 12 * 8) /* Offset of tail_call_cnt on stack */
+diff --git a/arch/s390/net/bpf_jit_comp.c b/arch/s390/net/bpf_jit_comp.c
+index 3c0bfc1..2662fcc 100644
+--- a/arch/s390/net/bpf_jit_comp.c
++++ b/arch/s390/net/bpf_jit_comp.c
+@@ -45,7 +45,7 @@ struct bpf_jit {
+ int labels[1]; /* Labels for local jumps */
+ };
+
+-#define BPF_SIZE_MAX 0x7ffff /* Max size for program (20 bit signed displ) */
++#define BPF_SIZE_MAX 0xffff /* Max size for program (16 bit branches) */
+
+ #define SEEN_SKB 1 /* skb access */
+ #define SEEN_MEM 2 /* use mem[] for temporary storage */
+@@ -446,7 +446,7 @@ static void bpf_jit_prologue(struct bpf_jit *jit)
+ emit_load_skb_data_hlen(jit);
+ if (jit->seen & SEEN_SKB_CHANGE)
+ /* stg %b1,ST_OFF_SKBP(%r0,%r15) */
+- EMIT6_DISP_LH(0xe3000000, 0x0024, REG_W1, REG_0, REG_15,
++ EMIT6_DISP_LH(0xe3000000, 0x0024, BPF_REG_1, REG_0, REG_15,
+ STK_OFF_SKBP);
+ }
+
+diff --git a/arch/sparc/include/asm/head_64.h b/arch/sparc/include/asm/head_64.h
+index 10e9dab..f0700cf 100644
+--- a/arch/sparc/include/asm/head_64.h
++++ b/arch/sparc/include/asm/head_64.h
+@@ -15,6 +15,10 @@
+
+ #define PTREGS_OFF (STACK_BIAS + STACKFRAME_SZ)
+
++#define RTRAP_PSTATE (PSTATE_TSO|PSTATE_PEF|PSTATE_PRIV|PSTATE_IE)
++#define RTRAP_PSTATE_IRQOFF (PSTATE_TSO|PSTATE_PEF|PSTATE_PRIV)
++#define RTRAP_PSTATE_AG_IRQOFF (PSTATE_TSO|PSTATE_PEF|PSTATE_PRIV|PSTATE_AG)
++
+ #define __CHEETAH_ID 0x003e0014
+ #define __JALAPENO_ID 0x003e0016
+ #define __SERRANO_ID 0x003e0022
+diff --git a/arch/sparc/include/asm/pgtable_64.h b/arch/sparc/include/asm/pgtable_64.h
+index f089cfa..5a189bf 100644
+--- a/arch/sparc/include/asm/pgtable_64.h
++++ b/arch/sparc/include/asm/pgtable_64.h
+@@ -375,7 +375,7 @@ static inline pgprot_t pgprot_noncached(pgprot_t prot)
+ #define pgprot_noncached pgprot_noncached
+
+ #if defined(CONFIG_HUGETLB_PAGE) || defined(CONFIG_TRANSPARENT_HUGEPAGE)
+-static inline pte_t pte_mkhuge(pte_t pte)
++static inline unsigned long __pte_huge_mask(void)
+ {
+ unsigned long mask;
+
+@@ -390,8 +390,19 @@ static inline pte_t pte_mkhuge(pte_t pte)
+ : "=r" (mask)
+ : "i" (_PAGE_SZHUGE_4U), "i" (_PAGE_SZHUGE_4V));
+
+- return __pte(pte_val(pte) | mask);
++ return mask;
++}
++
++static inline pte_t pte_mkhuge(pte_t pte)
++{
++ return __pte(pte_val(pte) | __pte_huge_mask());
++}
++
++static inline bool is_hugetlb_pte(pte_t pte)
++{
++ return !!(pte_val(pte) & __pte_huge_mask());
+ }
++
+ #ifdef CONFIG_TRANSPARENT_HUGEPAGE
+ static inline pmd_t pmd_mkhuge(pmd_t pmd)
+ {
+@@ -403,6 +414,11 @@ static inline pmd_t pmd_mkhuge(pmd_t pmd)
+ return __pmd(pte_val(pte));
+ }
+ #endif
++#else
++static inline bool is_hugetlb_pte(pte_t pte)
++{
++ return false;
++}
+ #endif
+
+ static inline pte_t pte_mkdirty(pte_t pte)
+@@ -858,6 +874,19 @@ static inline unsigned long pud_pfn(pud_t pud)
+ void tlb_batch_add(struct mm_struct *mm, unsigned long vaddr,
+ pte_t *ptep, pte_t orig, int fullmm);
+
++static void maybe_tlb_batch_add(struct mm_struct *mm, unsigned long vaddr,
++ pte_t *ptep, pte_t orig, int fullmm)
++{
++ /* It is more efficient to let flush_tlb_kernel_range()
++ * handle init_mm tlb flushes.
++ *
++ * SUN4V NOTE: _PAGE_VALID is the same value in both the SUN4U
++ * and SUN4V pte layout, so this inline test is fine.
++ */
++ if (likely(mm != &init_mm) && pte_accessible(mm, orig))
++ tlb_batch_add(mm, vaddr, ptep, orig, fullmm);
++}
++
+ #define __HAVE_ARCH_PMDP_HUGE_GET_AND_CLEAR
+ static inline pmd_t pmdp_huge_get_and_clear(struct mm_struct *mm,
+ unsigned long addr,
+@@ -874,15 +903,7 @@ static inline void __set_pte_at(struct mm_struct *mm, unsigned long addr,
+ pte_t orig = *ptep;
+
+ *ptep = pte;
+-
+- /* It is more efficient to let flush_tlb_kernel_range()
+- * handle init_mm tlb flushes.
+- *
+- * SUN4V NOTE: _PAGE_VALID is the same value in both the SUN4U
+- * and SUN4V pte layout, so this inline test is fine.
+- */
+- if (likely(mm != &init_mm) && pte_accessible(mm, orig))
+- tlb_batch_add(mm, addr, ptep, orig, fullmm);
++ maybe_tlb_batch_add(mm, addr, ptep, orig, fullmm);
+ }
+
+ #define set_pte_at(mm,addr,ptep,pte) \
+diff --git a/arch/sparc/include/asm/tlbflush_64.h b/arch/sparc/include/asm/tlbflush_64.h
+index dea1cfa..a8e192e 100644
+--- a/arch/sparc/include/asm/tlbflush_64.h
++++ b/arch/sparc/include/asm/tlbflush_64.h
+@@ -8,6 +8,7 @@
+ #define TLB_BATCH_NR 192
+
+ struct tlb_batch {
++ bool huge;
+ struct mm_struct *mm;
+ unsigned long tlb_nr;
+ unsigned long active;
+@@ -16,7 +17,7 @@ struct tlb_batch {
+
+ void flush_tsb_kernel_range(unsigned long start, unsigned long end);
+ void flush_tsb_user(struct tlb_batch *tb);
+-void flush_tsb_user_page(struct mm_struct *mm, unsigned long vaddr);
++void flush_tsb_user_page(struct mm_struct *mm, unsigned long vaddr, bool huge);
+
+ /* TLB flush operations. */
+
+diff --git a/arch/sparc/include/asm/ttable.h b/arch/sparc/include/asm/ttable.h
+index 71b5a67..781b9f1 100644
+--- a/arch/sparc/include/asm/ttable.h
++++ b/arch/sparc/include/asm/ttable.h
+@@ -589,8 +589,8 @@ user_rtt_fill_64bit: \
+ restored; \
+ nop; nop; nop; nop; nop; nop; \
+ nop; nop; nop; nop; nop; \
+- ba,a,pt %xcc, user_rtt_fill_fixup; \
+- ba,a,pt %xcc, user_rtt_fill_fixup; \
++ ba,a,pt %xcc, user_rtt_fill_fixup_dax; \
++ ba,a,pt %xcc, user_rtt_fill_fixup_mna; \
+ ba,a,pt %xcc, user_rtt_fill_fixup;
+
+
+@@ -652,8 +652,8 @@ user_rtt_fill_32bit: \
+ restored; \
+ nop; nop; nop; nop; nop; \
+ nop; nop; nop; \
+- ba,a,pt %xcc, user_rtt_fill_fixup; \
+- ba,a,pt %xcc, user_rtt_fill_fixup; \
++ ba,a,pt %xcc, user_rtt_fill_fixup_dax; \
++ ba,a,pt %xcc, user_rtt_fill_fixup_mna; \
+ ba,a,pt %xcc, user_rtt_fill_fixup;
+
+
+diff --git a/arch/sparc/kernel/Makefile b/arch/sparc/kernel/Makefile
+index 7cf9c6e..fdb1332 100644
+--- a/arch/sparc/kernel/Makefile
++++ b/arch/sparc/kernel/Makefile
+@@ -21,6 +21,7 @@ CFLAGS_REMOVE_perf_event.o := -pg
+ CFLAGS_REMOVE_pcr.o := -pg
+ endif
+
++obj-$(CONFIG_SPARC64) += urtt_fill.o
+ obj-$(CONFIG_SPARC32) += entry.o wof.o wuf.o
+ obj-$(CONFIG_SPARC32) += etrap_32.o
+ obj-$(CONFIG_SPARC32) += rtrap_32.o
+diff --git a/arch/sparc/kernel/rtrap_64.S b/arch/sparc/kernel/rtrap_64.S
+index d08bdaf..216948c 100644
+--- a/arch/sparc/kernel/rtrap_64.S
++++ b/arch/sparc/kernel/rtrap_64.S
+@@ -14,10 +14,6 @@
+ #include <asm/visasm.h>
+ #include <asm/processor.h>
+
+-#define RTRAP_PSTATE (PSTATE_TSO|PSTATE_PEF|PSTATE_PRIV|PSTATE_IE)
+-#define RTRAP_PSTATE_IRQOFF (PSTATE_TSO|PSTATE_PEF|PSTATE_PRIV)
+-#define RTRAP_PSTATE_AG_IRQOFF (PSTATE_TSO|PSTATE_PEF|PSTATE_PRIV|PSTATE_AG)
+-
+ #ifdef CONFIG_CONTEXT_TRACKING
+ # define SCHEDULE_USER schedule_user
+ #else
+@@ -242,52 +238,17 @@ rt_continue: ldx [%sp + PTREGS_OFF + PT_V9_G1], %g1
+ wrpr %g1, %cwp
+ ba,a,pt %xcc, user_rtt_fill_64bit
+
+-user_rtt_fill_fixup:
+- rdpr %cwp, %g1
+- add %g1, 1, %g1
+- wrpr %g1, 0x0, %cwp
+-
+- rdpr %wstate, %g2
+- sll %g2, 3, %g2
+- wrpr %g2, 0x0, %wstate
+-
+- /* We know %canrestore and %otherwin are both zero. */
+-
+- sethi %hi(sparc64_kern_pri_context), %g2
+- ldx [%g2 + %lo(sparc64_kern_pri_context)], %g2
+- mov PRIMARY_CONTEXT, %g1
+-
+-661: stxa %g2, [%g1] ASI_DMMU
+- .section .sun4v_1insn_patch, "ax"
+- .word 661b
+- stxa %g2, [%g1] ASI_MMU
+- .previous
+-
+- sethi %hi(KERNBASE), %g1
+- flush %g1
++user_rtt_fill_fixup_dax:
++ ba,pt %xcc, user_rtt_fill_fixup_common
++ mov 1, %g3
+
+- or %g4, FAULT_CODE_WINFIXUP, %g4
+- stb %g4, [%g6 + TI_FAULT_CODE]
+- stx %g5, [%g6 + TI_FAULT_ADDR]
++user_rtt_fill_fixup_mna:
++ ba,pt %xcc, user_rtt_fill_fixup_common
++ mov 2, %g3
+
+- mov %g6, %l1
+- wrpr %g0, 0x0, %tl
+-
+-661: nop
+- .section .sun4v_1insn_patch, "ax"
+- .word 661b
+- SET_GL(0)
+- .previous
+-
+- wrpr %g0, RTRAP_PSTATE, %pstate
+-
+- mov %l1, %g6
+- ldx [%g6 + TI_TASK], %g4
+- LOAD_PER_CPU_BASE(%g5, %g6, %g1, %g2, %g3)
+- call do_sparc64_fault
+- add %sp, PTREGS_OFF, %o0
+- ba,pt %xcc, rtrap
+- nop
++user_rtt_fill_fixup:
++ ba,pt %xcc, user_rtt_fill_fixup_common
++ clr %g3
+
+ user_rtt_pre_restore:
+ add %g1, 1, %g1
+diff --git a/arch/sparc/kernel/signal32.c b/arch/sparc/kernel/signal32.c
+index 3c25241..ebd0bfe 100644
+--- a/arch/sparc/kernel/signal32.c
++++ b/arch/sparc/kernel/signal32.c
+@@ -138,12 +138,24 @@ int copy_siginfo_from_user32(siginfo_t *to, compat_siginfo_t __user *from)
+ return 0;
+ }
+
++/* Checks if the fp is valid. We always build signal frames which are
++ * 16-byte aligned, therefore we can always enforce that the restore
++ * frame has that property as well.
++ */
++static bool invalid_frame_pointer(void __user *fp, int fplen)
++{
++ if ((((unsigned long) fp) & 15) ||
++ ((unsigned long)fp) > 0x100000000ULL - fplen)
++ return true;
++ return false;
++}
++
+ void do_sigreturn32(struct pt_regs *regs)
+ {
+ struct signal_frame32 __user *sf;
+ compat_uptr_t fpu_save;
+ compat_uptr_t rwin_save;
+- unsigned int psr;
++ unsigned int psr, ufp;
+ unsigned int pc, npc;
+ sigset_t set;
+ compat_sigset_t seta;
+@@ -158,11 +170,16 @@ void do_sigreturn32(struct pt_regs *regs)
+ sf = (struct signal_frame32 __user *) regs->u_regs[UREG_FP];
+
+ /* 1. Make sure we are not getting garbage from the user */
+- if (!access_ok(VERIFY_READ, sf, sizeof(*sf)) ||
+- (((unsigned long) sf) & 3))
++ if (invalid_frame_pointer(sf, sizeof(*sf)))
++ goto segv;
++
++ if (get_user(ufp, &sf->info.si_regs.u_regs[UREG_FP]))
++ goto segv;
++
++ if (ufp & 0x7)
+ goto segv;
+
+- if (get_user(pc, &sf->info.si_regs.pc) ||
++ if (__get_user(pc, &sf->info.si_regs.pc) ||
+ __get_user(npc, &sf->info.si_regs.npc))
+ goto segv;
+
+@@ -227,7 +244,7 @@ segv:
+ asmlinkage void do_rt_sigreturn32(struct pt_regs *regs)
+ {
+ struct rt_signal_frame32 __user *sf;
+- unsigned int psr, pc, npc;
++ unsigned int psr, pc, npc, ufp;
+ compat_uptr_t fpu_save;
+ compat_uptr_t rwin_save;
+ sigset_t set;
+@@ -242,11 +259,16 @@ asmlinkage void do_rt_sigreturn32(struct pt_regs *regs)
+ sf = (struct rt_signal_frame32 __user *) regs->u_regs[UREG_FP];
+
+ /* 1. Make sure we are not getting garbage from the user */
+- if (!access_ok(VERIFY_READ, sf, sizeof(*sf)) ||
+- (((unsigned long) sf) & 3))
++ if (invalid_frame_pointer(sf, sizeof(*sf)))
+ goto segv;
+
+- if (get_user(pc, &sf->regs.pc) ||
++ if (get_user(ufp, &sf->regs.u_regs[UREG_FP]))
++ goto segv;
++
++ if (ufp & 0x7)
++ goto segv;
++
++ if (__get_user(pc, &sf->regs.pc) ||
+ __get_user(npc, &sf->regs.npc))
+ goto segv;
+
+@@ -307,14 +329,6 @@ segv:
+ force_sig(SIGSEGV, current);
+ }
+
+-/* Checks if the fp is valid */
+-static int invalid_frame_pointer(void __user *fp, int fplen)
+-{
+- if ((((unsigned long) fp) & 7) || ((unsigned long)fp) > 0x100000000ULL - fplen)
+- return 1;
+- return 0;
+-}
+-
+ static void __user *get_sigframe(struct ksignal *ksig, struct pt_regs *regs, unsigned long framesize)
+ {
+ unsigned long sp;
+diff --git a/arch/sparc/kernel/signal_32.c b/arch/sparc/kernel/signal_32.c
+index 52aa5e4..c3c12ef 100644
+--- a/arch/sparc/kernel/signal_32.c
++++ b/arch/sparc/kernel/signal_32.c
+@@ -60,10 +60,22 @@ struct rt_signal_frame {
+ #define SF_ALIGNEDSZ (((sizeof(struct signal_frame) + 7) & (~7)))
+ #define RT_ALIGNEDSZ (((sizeof(struct rt_signal_frame) + 7) & (~7)))
+
++/* Checks if the fp is valid. We always build signal frames which are
++ * 16-byte aligned, therefore we can always enforce that the restore
++ * frame has that property as well.
++ */
++static inline bool invalid_frame_pointer(void __user *fp, int fplen)
++{
++ if ((((unsigned long) fp) & 15) || !__access_ok((unsigned long)fp, fplen))
++ return true;
++
++ return false;
++}
++
+ asmlinkage void do_sigreturn(struct pt_regs *regs)
+ {
++ unsigned long up_psr, pc, npc, ufp;
+ struct signal_frame __user *sf;
+- unsigned long up_psr, pc, npc;
+ sigset_t set;
+ __siginfo_fpu_t __user *fpu_save;
+ __siginfo_rwin_t __user *rwin_save;
+@@ -77,10 +89,13 @@ asmlinkage void do_sigreturn(struct pt_regs *regs)
+ sf = (struct signal_frame __user *) regs->u_regs[UREG_FP];
+
+ /* 1. Make sure we are not getting garbage from the user */
+- if (!access_ok(VERIFY_READ, sf, sizeof(*sf)))
++ if (!invalid_frame_pointer(sf, sizeof(*sf)))
++ goto segv_and_exit;
++
++ if (get_user(ufp, &sf->info.si_regs.u_regs[UREG_FP]))
+ goto segv_and_exit;
+
+- if (((unsigned long) sf) & 3)
++ if (ufp & 0x7)
+ goto segv_and_exit;
+
+ err = __get_user(pc, &sf->info.si_regs.pc);
+@@ -127,7 +142,7 @@ segv_and_exit:
+ asmlinkage void do_rt_sigreturn(struct pt_regs *regs)
+ {
+ struct rt_signal_frame __user *sf;
+- unsigned int psr, pc, npc;
++ unsigned int psr, pc, npc, ufp;
+ __siginfo_fpu_t __user *fpu_save;
+ __siginfo_rwin_t __user *rwin_save;
+ sigset_t set;
+@@ -135,8 +150,13 @@ asmlinkage void do_rt_sigreturn(struct pt_regs *regs)
+
+ synchronize_user_stack();
+ sf = (struct rt_signal_frame __user *) regs->u_regs[UREG_FP];
+- if (!access_ok(VERIFY_READ, sf, sizeof(*sf)) ||
+- (((unsigned long) sf) & 0x03))
++ if (!invalid_frame_pointer(sf, sizeof(*sf)))
++ goto segv;
++
++ if (get_user(ufp, &sf->regs.u_regs[UREG_FP]))
++ goto segv;
++
++ if (ufp & 0x7)
+ goto segv;
+
+ err = __get_user(pc, &sf->regs.pc);
+@@ -178,15 +198,6 @@ segv:
+ force_sig(SIGSEGV, current);
+ }
+
+-/* Checks if the fp is valid */
+-static inline int invalid_frame_pointer(void __user *fp, int fplen)
+-{
+- if ((((unsigned long) fp) & 7) || !__access_ok((unsigned long)fp, fplen))
+- return 1;
+-
+- return 0;
+-}
+-
+ static inline void __user *get_sigframe(struct ksignal *ksig, struct pt_regs *regs, unsigned long framesize)
+ {
+ unsigned long sp = regs->u_regs[UREG_FP];
+diff --git a/arch/sparc/kernel/signal_64.c b/arch/sparc/kernel/signal_64.c
+index 39aaec1..5ee930c 100644
+--- a/arch/sparc/kernel/signal_64.c
++++ b/arch/sparc/kernel/signal_64.c
+@@ -234,6 +234,17 @@ do_sigsegv:
+ goto out;
+ }
+
++/* Checks if the fp is valid. We always build rt signal frames which
++ * are 16-byte aligned, therefore we can always enforce that the
++ * restore frame has that property as well.
++ */
++static bool invalid_frame_pointer(void __user *fp)
++{
++ if (((unsigned long) fp) & 15)
++ return true;
++ return false;
++}
++
+ struct rt_signal_frame {
+ struct sparc_stackf ss;
+ siginfo_t info;
+@@ -246,8 +257,8 @@ struct rt_signal_frame {
+
+ void do_rt_sigreturn(struct pt_regs *regs)
+ {
++ unsigned long tpc, tnpc, tstate, ufp;
+ struct rt_signal_frame __user *sf;
+- unsigned long tpc, tnpc, tstate;
+ __siginfo_fpu_t __user *fpu_save;
+ __siginfo_rwin_t __user *rwin_save;
+ sigset_t set;
+@@ -261,10 +272,16 @@ void do_rt_sigreturn(struct pt_regs *regs)
+ (regs->u_regs [UREG_FP] + STACK_BIAS);
+
+ /* 1. Make sure we are not getting garbage from the user */
+- if (((unsigned long) sf) & 3)
++ if (invalid_frame_pointer(sf))
++ goto segv;
++
++ if (get_user(ufp, &sf->regs.u_regs[UREG_FP]))
+ goto segv;
+
+- err = get_user(tpc, &sf->regs.tpc);
++ if ((ufp + STACK_BIAS) & 0x7)
++ goto segv;
++
++ err = __get_user(tpc, &sf->regs.tpc);
+ err |= __get_user(tnpc, &sf->regs.tnpc);
+ if (test_thread_flag(TIF_32BIT)) {
+ tpc &= 0xffffffff;
+@@ -308,14 +325,6 @@ segv:
+ force_sig(SIGSEGV, current);
+ }
+
+-/* Checks if the fp is valid */
+-static int invalid_frame_pointer(void __user *fp)
+-{
+- if (((unsigned long) fp) & 15)
+- return 1;
+- return 0;
+-}
+-
+ static inline void __user *get_sigframe(struct ksignal *ksig, struct pt_regs *regs, unsigned long framesize)
+ {
+ unsigned long sp = regs->u_regs[UREG_FP] + STACK_BIAS;
+diff --git a/arch/sparc/kernel/sigutil_32.c b/arch/sparc/kernel/sigutil_32.c
+index 0f6eebe..e5fe8ce 100644
+--- a/arch/sparc/kernel/sigutil_32.c
++++ b/arch/sparc/kernel/sigutil_32.c
+@@ -48,6 +48,10 @@ int save_fpu_state(struct pt_regs *regs, __siginfo_fpu_t __user *fpu)
+ int restore_fpu_state(struct pt_regs *regs, __siginfo_fpu_t __user *fpu)
+ {
+ int err;
++
++ if (((unsigned long) fpu) & 3)
++ return -EFAULT;
++
+ #ifdef CONFIG_SMP
+ if (test_tsk_thread_flag(current, TIF_USEDFPU))
+ regs->psr &= ~PSR_EF;
+@@ -97,7 +101,10 @@ int restore_rwin_state(__siginfo_rwin_t __user *rp)
+ struct thread_info *t = current_thread_info();
+ int i, wsaved, err;
+
+- __get_user(wsaved, &rp->wsaved);
++ if (((unsigned long) rp) & 3)
++ return -EFAULT;
++
++ get_user(wsaved, &rp->wsaved);
+ if (wsaved > NSWINS)
+ return -EFAULT;
+
+diff --git a/arch/sparc/kernel/sigutil_64.c b/arch/sparc/kernel/sigutil_64.c
+index 387834a..36aadcb 100644
+--- a/arch/sparc/kernel/sigutil_64.c
++++ b/arch/sparc/kernel/sigutil_64.c
+@@ -37,7 +37,10 @@ int restore_fpu_state(struct pt_regs *regs, __siginfo_fpu_t __user *fpu)
+ unsigned long fprs;
+ int err;
+
+- err = __get_user(fprs, &fpu->si_fprs);
++ if (((unsigned long) fpu) & 7)
++ return -EFAULT;
++
++ err = get_user(fprs, &fpu->si_fprs);
+ fprs_write(0);
+ regs->tstate &= ~TSTATE_PEF;
+ if (fprs & FPRS_DL)
+@@ -72,7 +75,10 @@ int restore_rwin_state(__siginfo_rwin_t __user *rp)
+ struct thread_info *t = current_thread_info();
+ int i, wsaved, err;
+
+- __get_user(wsaved, &rp->wsaved);
++ if (((unsigned long) rp) & 7)
++ return -EFAULT;
++
++ get_user(wsaved, &rp->wsaved);
+ if (wsaved > NSWINS)
+ return -EFAULT;
+
+diff --git a/arch/sparc/kernel/urtt_fill.S b/arch/sparc/kernel/urtt_fill.S
+new file mode 100644
+index 0000000..5604a2b
+--- /dev/null
++++ b/arch/sparc/kernel/urtt_fill.S
+@@ -0,0 +1,98 @@
++#include <asm/thread_info.h>
++#include <asm/trap_block.h>
++#include <asm/spitfire.h>
++#include <asm/ptrace.h>
++#include <asm/head.h>
++
++ .text
++ .align 8
++ .globl user_rtt_fill_fixup_common
++user_rtt_fill_fixup_common:
++ rdpr %cwp, %g1
++ add %g1, 1, %g1
++ wrpr %g1, 0x0, %cwp
++
++ rdpr %wstate, %g2
++ sll %g2, 3, %g2
++ wrpr %g2, 0x0, %wstate
++
++ /* We know %canrestore and %otherwin are both zero. */
++
++ sethi %hi(sparc64_kern_pri_context), %g2
++ ldx [%g2 + %lo(sparc64_kern_pri_context)], %g2
++ mov PRIMARY_CONTEXT, %g1
++
++661: stxa %g2, [%g1] ASI_DMMU
++ .section .sun4v_1insn_patch, "ax"
++ .word 661b
++ stxa %g2, [%g1] ASI_MMU
++ .previous
++
++ sethi %hi(KERNBASE), %g1
++ flush %g1
++
++ mov %g4, %l4
++ mov %g5, %l5
++ brnz,pn %g3, 1f
++ mov %g3, %l3
++
++ or %g4, FAULT_CODE_WINFIXUP, %g4
++ stb %g4, [%g6 + TI_FAULT_CODE]
++ stx %g5, [%g6 + TI_FAULT_ADDR]
++1:
++ mov %g6, %l1
++ wrpr %g0, 0x0, %tl
++
++661: nop
++ .section .sun4v_1insn_patch, "ax"
++ .word 661b
++ SET_GL(0)
++ .previous
++
++ wrpr %g0, RTRAP_PSTATE, %pstate
++
++ mov %l1, %g6
++ ldx [%g6 + TI_TASK], %g4
++ LOAD_PER_CPU_BASE(%g5, %g6, %g1, %g2, %g3)
++
++ brnz,pn %l3, 1f
++ nop
++
++ call do_sparc64_fault
++ add %sp, PTREGS_OFF, %o0
++ ba,pt %xcc, rtrap
++ nop
++
++1: cmp %g3, 2
++ bne,pn %xcc, 2f
++ nop
++
++ sethi %hi(tlb_type), %g1
++ lduw [%g1 + %lo(tlb_type)], %g1
++ cmp %g1, 3
++ bne,pt %icc, 1f
++ add %sp, PTREGS_OFF, %o0
++ mov %l4, %o2
++ call sun4v_do_mna
++ mov %l5, %o1
++ ba,a,pt %xcc, rtrap
++1: mov %l4, %o1
++ mov %l5, %o2
++ call mem_address_unaligned
++ nop
++ ba,a,pt %xcc, rtrap
++
++2: sethi %hi(tlb_type), %g1
++ mov %l4, %o1
++ lduw [%g1 + %lo(tlb_type)], %g1
++ mov %l5, %o2
++ cmp %g1, 3
++ bne,pt %icc, 1f
++ add %sp, PTREGS_OFF, %o0
++ call sun4v_data_access_exception
++ nop
++ ba,a,pt %xcc, rtrap
++
++1: call spitfire_data_access_exception
++ nop
++ ba,a,pt %xcc, rtrap
+diff --git a/arch/sparc/mm/hugetlbpage.c b/arch/sparc/mm/hugetlbpage.c
+index 4977800..ba52e64 100644
+--- a/arch/sparc/mm/hugetlbpage.c
++++ b/arch/sparc/mm/hugetlbpage.c
+@@ -176,17 +176,31 @@ void set_huge_pte_at(struct mm_struct *mm, unsigned long addr,
+ pte_t *ptep, pte_t entry)
+ {
+ int i;
++ pte_t orig[2];
++ unsigned long nptes;
+
+ if (!pte_present(*ptep) && pte_present(entry))
+ mm->context.huge_pte_count++;
+
+ addr &= HPAGE_MASK;
+- for (i = 0; i < (1 << HUGETLB_PAGE_ORDER); i++) {
+- set_pte_at(mm, addr, ptep, entry);
++
++ nptes = 1 << HUGETLB_PAGE_ORDER;
++ orig[0] = *ptep;
++ orig[1] = *(ptep + nptes / 2);
++ for (i = 0; i < nptes; i++) {
++ *ptep = entry;
+ ptep++;
+ addr += PAGE_SIZE;
+ pte_val(entry) += PAGE_SIZE;
+ }
++
++ /* Issue TLB flush at REAL_HPAGE_SIZE boundaries */
++ addr -= REAL_HPAGE_SIZE;
++ ptep -= nptes / 2;
++ maybe_tlb_batch_add(mm, addr, ptep, orig[1], 0);
++ addr -= REAL_HPAGE_SIZE;
++ ptep -= nptes / 2;
++ maybe_tlb_batch_add(mm, addr, ptep, orig[0], 0);
+ }
+
+ pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr,
+@@ -194,19 +208,28 @@ pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr,
+ {
+ pte_t entry;
+ int i;
++ unsigned long nptes;
+
+ entry = *ptep;
+ if (pte_present(entry))
+ mm->context.huge_pte_count--;
+
+ addr &= HPAGE_MASK;
+-
+- for (i = 0; i < (1 << HUGETLB_PAGE_ORDER); i++) {
+- pte_clear(mm, addr, ptep);
++ nptes = 1 << HUGETLB_PAGE_ORDER;
++ for (i = 0; i < nptes; i++) {
++ *ptep = __pte(0UL);
+ addr += PAGE_SIZE;
+ ptep++;
+ }
+
++ /* Issue TLB flush at REAL_HPAGE_SIZE boundaries */
++ addr -= REAL_HPAGE_SIZE;
++ ptep -= nptes / 2;
++ maybe_tlb_batch_add(mm, addr, ptep, entry, 0);
++ addr -= REAL_HPAGE_SIZE;
++ ptep -= nptes / 2;
++ maybe_tlb_batch_add(mm, addr, ptep, entry, 0);
++
+ return entry;
+ }
+
+diff --git a/arch/sparc/mm/init_64.c b/arch/sparc/mm/init_64.c
+index 09e8388..14bb0d5 100644
+--- a/arch/sparc/mm/init_64.c
++++ b/arch/sparc/mm/init_64.c
+@@ -324,18 +324,6 @@ static void __update_mmu_tsb_insert(struct mm_struct *mm, unsigned long tsb_inde
+ tsb_insert(tsb, tag, tte);
+ }
+
+-#if defined(CONFIG_HUGETLB_PAGE) || defined(CONFIG_TRANSPARENT_HUGEPAGE)
+-static inline bool is_hugetlb_pte(pte_t pte)
+-{
+- if ((tlb_type == hypervisor &&
+- (pte_val(pte) & _PAGE_SZALL_4V) == _PAGE_SZHUGE_4V) ||
+- (tlb_type != hypervisor &&
+- (pte_val(pte) & _PAGE_SZALL_4U) == _PAGE_SZHUGE_4U))
+- return true;
+- return false;
+-}
+-#endif
+-
+ void update_mmu_cache(struct vm_area_struct *vma, unsigned long address, pte_t *ptep)
+ {
+ struct mm_struct *mm;
+@@ -2836,9 +2824,10 @@ void hugetlb_setup(struct pt_regs *regs)
+ * the Data-TLB for huge pages.
+ */
+ if (tlb_type == cheetah_plus) {
++ bool need_context_reload = false;
+ unsigned long ctx;
+
+- spin_lock(&ctx_alloc_lock);
++ spin_lock_irq(&ctx_alloc_lock);
+ ctx = mm->context.sparc64_ctx_val;
+ ctx &= ~CTX_PGSZ_MASK;
+ ctx |= CTX_PGSZ_BASE << CTX_PGSZ0_SHIFT;
+@@ -2857,9 +2846,12 @@ void hugetlb_setup(struct pt_regs *regs)
+ * also executing in this address space.
+ */
+ mm->context.sparc64_ctx_val = ctx;
+- on_each_cpu(context_reload, mm, 0);
++ need_context_reload = true;
+ }
+- spin_unlock(&ctx_alloc_lock);
++ spin_unlock_irq(&ctx_alloc_lock);
++
++ if (need_context_reload)
++ on_each_cpu(context_reload, mm, 0);
+ }
+ }
+ #endif
+diff --git a/arch/sparc/mm/tlb.c b/arch/sparc/mm/tlb.c
+index 9df2190..f81cd97 100644
+--- a/arch/sparc/mm/tlb.c
++++ b/arch/sparc/mm/tlb.c
+@@ -67,7 +67,7 @@ void arch_leave_lazy_mmu_mode(void)
+ }
+
+ static void tlb_batch_add_one(struct mm_struct *mm, unsigned long vaddr,
+- bool exec)
++ bool exec, bool huge)
+ {
+ struct tlb_batch *tb = &get_cpu_var(tlb_batch);
+ unsigned long nr;
+@@ -84,13 +84,21 @@ static void tlb_batch_add_one(struct mm_struct *mm, unsigned long vaddr,
+ }
+
+ if (!tb->active) {
+- flush_tsb_user_page(mm, vaddr);
++ flush_tsb_user_page(mm, vaddr, huge);
+ global_flush_tlb_page(mm, vaddr);
+ goto out;
+ }
+
+- if (nr == 0)
++ if (nr == 0) {
+ tb->mm = mm;
++ tb->huge = huge;
++ }
++
++ if (tb->huge != huge) {
++ flush_tlb_pending();
++ tb->huge = huge;
++ nr = 0;
++ }
+
+ tb->vaddrs[nr] = vaddr;
+ tb->tlb_nr = ++nr;
+@@ -104,6 +112,8 @@ out:
+ void tlb_batch_add(struct mm_struct *mm, unsigned long vaddr,
+ pte_t *ptep, pte_t orig, int fullmm)
+ {
++ bool huge = is_hugetlb_pte(orig);
++
+ if (tlb_type != hypervisor &&
+ pte_dirty(orig)) {
+ unsigned long paddr, pfn = pte_pfn(orig);
+@@ -129,7 +139,7 @@ void tlb_batch_add(struct mm_struct *mm, unsigned long vaddr,
+
+ no_cache_flush:
+ if (!fullmm)
+- tlb_batch_add_one(mm, vaddr, pte_exec(orig));
++ tlb_batch_add_one(mm, vaddr, pte_exec(orig), huge);
+ }
+
+ #ifdef CONFIG_TRANSPARENT_HUGEPAGE
+@@ -145,7 +155,7 @@ static void tlb_batch_pmd_scan(struct mm_struct *mm, unsigned long vaddr,
+ if (pte_val(*pte) & _PAGE_VALID) {
+ bool exec = pte_exec(*pte);
+
+- tlb_batch_add_one(mm, vaddr, exec);
++ tlb_batch_add_one(mm, vaddr, exec, false);
+ }
+ pte++;
+ vaddr += PAGE_SIZE;
+@@ -185,8 +195,9 @@ void set_pmd_at(struct mm_struct *mm, unsigned long addr,
+ pte_t orig_pte = __pte(pmd_val(orig));
+ bool exec = pte_exec(orig_pte);
+
+- tlb_batch_add_one(mm, addr, exec);
+- tlb_batch_add_one(mm, addr + REAL_HPAGE_SIZE, exec);
++ tlb_batch_add_one(mm, addr, exec, true);
++ tlb_batch_add_one(mm, addr + REAL_HPAGE_SIZE, exec,
++ true);
+ } else {
+ tlb_batch_pmd_scan(mm, addr, orig);
+ }
+diff --git a/arch/sparc/mm/tsb.c b/arch/sparc/mm/tsb.c
+index a065766..a0604a4 100644
+--- a/arch/sparc/mm/tsb.c
++++ b/arch/sparc/mm/tsb.c
+@@ -76,14 +76,15 @@ void flush_tsb_user(struct tlb_batch *tb)
+
+ spin_lock_irqsave(&mm->context.lock, flags);
+
+- base = (unsigned long) mm->context.tsb_block[MM_TSB_BASE].tsb;
+- nentries = mm->context.tsb_block[MM_TSB_BASE].tsb_nentries;
+- if (tlb_type == cheetah_plus || tlb_type == hypervisor)
+- base = __pa(base);
+- __flush_tsb_one(tb, PAGE_SHIFT, base, nentries);
+-
++ if (!tb->huge) {
++ base = (unsigned long) mm->context.tsb_block[MM_TSB_BASE].tsb;
++ nentries = mm->context.tsb_block[MM_TSB_BASE].tsb_nentries;
++ if (tlb_type == cheetah_plus || tlb_type == hypervisor)
++ base = __pa(base);
++ __flush_tsb_one(tb, PAGE_SHIFT, base, nentries);
++ }
+ #if defined(CONFIG_HUGETLB_PAGE) || defined(CONFIG_TRANSPARENT_HUGEPAGE)
+- if (mm->context.tsb_block[MM_TSB_HUGE].tsb) {
++ if (tb->huge && mm->context.tsb_block[MM_TSB_HUGE].tsb) {
+ base = (unsigned long) mm->context.tsb_block[MM_TSB_HUGE].tsb;
+ nentries = mm->context.tsb_block[MM_TSB_HUGE].tsb_nentries;
+ if (tlb_type == cheetah_plus || tlb_type == hypervisor)
+@@ -94,20 +95,21 @@ void flush_tsb_user(struct tlb_batch *tb)
+ spin_unlock_irqrestore(&mm->context.lock, flags);
+ }
+
+-void flush_tsb_user_page(struct mm_struct *mm, unsigned long vaddr)
++void flush_tsb_user_page(struct mm_struct *mm, unsigned long vaddr, bool huge)
+ {
+ unsigned long nentries, base, flags;
+
+ spin_lock_irqsave(&mm->context.lock, flags);
+
+- base = (unsigned long) mm->context.tsb_block[MM_TSB_BASE].tsb;
+- nentries = mm->context.tsb_block[MM_TSB_BASE].tsb_nentries;
+- if (tlb_type == cheetah_plus || tlb_type == hypervisor)
+- base = __pa(base);
+- __flush_tsb_one_entry(base, vaddr, PAGE_SHIFT, nentries);
+-
++ if (!huge) {
++ base = (unsigned long) mm->context.tsb_block[MM_TSB_BASE].tsb;
++ nentries = mm->context.tsb_block[MM_TSB_BASE].tsb_nentries;
++ if (tlb_type == cheetah_plus || tlb_type == hypervisor)
++ base = __pa(base);
++ __flush_tsb_one_entry(base, vaddr, PAGE_SHIFT, nentries);
++ }
+ #if defined(CONFIG_HUGETLB_PAGE) || defined(CONFIG_TRANSPARENT_HUGEPAGE)
+- if (mm->context.tsb_block[MM_TSB_HUGE].tsb) {
++ if (huge && mm->context.tsb_block[MM_TSB_HUGE].tsb) {
+ base = (unsigned long) mm->context.tsb_block[MM_TSB_HUGE].tsb;
+ nentries = mm->context.tsb_block[MM_TSB_HUGE].tsb_nentries;
+ if (tlb_type == cheetah_plus || tlb_type == hypervisor)
+diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c
+index 06cbe25..87bd6b6 100644
+--- a/arch/x86/kernel/traps.c
++++ b/arch/x86/kernel/traps.c
+@@ -95,6 +95,12 @@ static inline void cond_local_irq_disable(struct pt_regs *regs)
+ local_irq_disable();
+ }
+
++/*
++ * In IST context, we explicitly disable preemption. This serves two
++ * purposes: it makes it much less likely that we would accidentally
++ * schedule in IST context and it will force a warning if we somehow
++ * manage to schedule by accident.
++ */
+ void ist_enter(struct pt_regs *regs)
+ {
+ if (user_mode(regs)) {
+@@ -109,13 +115,7 @@ void ist_enter(struct pt_regs *regs)
+ rcu_nmi_enter();
+ }
+
+- /*
+- * We are atomic because we're on the IST stack; or we're on
+- * x86_32, in which case we still shouldn't schedule; or we're
+- * on x86_64 and entered from user mode, in which case we're
+- * still atomic unless ist_begin_non_atomic is called.
+- */
+- preempt_count_add(HARDIRQ_OFFSET);
++ preempt_disable();
+
+ /* This code is a bit fragile. Test it. */
+ RCU_LOCKDEP_WARN(!rcu_is_watching(), "ist_enter didn't work");
+@@ -123,7 +123,7 @@ void ist_enter(struct pt_regs *regs)
+
+ void ist_exit(struct pt_regs *regs)
+ {
+- preempt_count_sub(HARDIRQ_OFFSET);
++ preempt_enable_no_resched();
+
+ if (!user_mode(regs))
+ rcu_nmi_exit();
+@@ -154,7 +154,7 @@ void ist_begin_non_atomic(struct pt_regs *regs)
+ BUG_ON((unsigned long)(current_top_of_stack() -
+ current_stack_pointer()) >= THREAD_SIZE);
+
+- preempt_count_sub(HARDIRQ_OFFSET);
++ preempt_enable_no_resched();
+ }
+
+ /**
+@@ -164,7 +164,7 @@ void ist_begin_non_atomic(struct pt_regs *regs)
+ */
+ void ist_end_non_atomic(void)
+ {
+- preempt_count_add(HARDIRQ_OFFSET);
++ preempt_disable();
+ }
+
+ static nokprobe_inline int
+diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
+index 9b7798c..6b9701b 100644
+--- a/arch/x86/kvm/x86.c
++++ b/arch/x86/kvm/x86.c
+@@ -3032,6 +3032,11 @@ static int kvm_vcpu_ioctl_x86_set_debugregs(struct kvm_vcpu *vcpu,
+ if (dbgregs->flags)
+ return -EINVAL;
+
++ if (dbgregs->dr6 & ~0xffffffffull)
++ return -EINVAL;
++ if (dbgregs->dr7 & ~0xffffffffull)
++ return -EINVAL;
++
+ memcpy(vcpu->arch.db, dbgregs->db, sizeof(vcpu->arch.db));
+ kvm_update_dr0123(vcpu);
+ vcpu->arch.dr6 = dbgregs->dr6;
+diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig
+index 91a7e04..477cbf39 100644
+--- a/crypto/asymmetric_keys/Kconfig
++++ b/crypto/asymmetric_keys/Kconfig
+@@ -13,6 +13,7 @@ config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
+ tristate "Asymmetric public-key crypto algorithm subtype"
+ select MPILIB
+ select CRYPTO_HASH_INFO
++ select CRYPTO_AKCIPHER
+ help
+ This option provides support for asymmetric public key type handling.
+ If signature generation and/or verification are to be used,
+diff --git a/drivers/crypto/ccp/ccp-crypto-aes-xts.c b/drivers/crypto/ccp/ccp-crypto-aes-xts.c
+index 52c7395..0d0d452 100644
+--- a/drivers/crypto/ccp/ccp-crypto-aes-xts.c
++++ b/drivers/crypto/ccp/ccp-crypto-aes-xts.c
+@@ -122,6 +122,7 @@ static int ccp_aes_xts_crypt(struct ablkcipher_request *req,
+ struct ccp_ctx *ctx = crypto_tfm_ctx(req->base.tfm);
+ struct ccp_aes_req_ctx *rctx = ablkcipher_request_ctx(req);
+ unsigned int unit;
++ u32 unit_size;
+ int ret;
+
+ if (!ctx->u.aes.key_len)
+@@ -133,11 +134,17 @@ static int ccp_aes_xts_crypt(struct ablkcipher_request *req,
+ if (!req->info)
+ return -EINVAL;
+
+- for (unit = 0; unit < ARRAY_SIZE(unit_size_map); unit++)
+- if (!(req->nbytes & (unit_size_map[unit].size - 1)))
+- break;
++ unit_size = CCP_XTS_AES_UNIT_SIZE__LAST;
++ if (req->nbytes <= unit_size_map[0].size) {
++ for (unit = 0; unit < ARRAY_SIZE(unit_size_map); unit++) {
++ if (!(req->nbytes & (unit_size_map[unit].size - 1))) {
++ unit_size = unit_size_map[unit].value;
++ break;
++ }
++ }
++ }
+
+- if ((unit_size_map[unit].value == CCP_XTS_AES_UNIT_SIZE__LAST) ||
++ if ((unit_size == CCP_XTS_AES_UNIT_SIZE__LAST) ||
+ (ctx->u.aes.key_len != AES_KEYSIZE_128)) {
+ /* Use the fallback to process the request for any
+ * unsupported unit sizes or key sizes
+@@ -158,7 +165,7 @@ static int ccp_aes_xts_crypt(struct ablkcipher_request *req,
+ rctx->cmd.engine = CCP_ENGINE_XTS_AES_128;
+ rctx->cmd.u.xts.action = (encrypt) ? CCP_AES_ACTION_ENCRYPT
+ : CCP_AES_ACTION_DECRYPT;
+- rctx->cmd.u.xts.unit_size = unit_size_map[unit].value;
++ rctx->cmd.u.xts.unit_size = unit_size;
+ rctx->cmd.u.xts.key = &ctx->u.aes.key_sg;
+ rctx->cmd.u.xts.key_len = ctx->u.aes.key_len;
+ rctx->cmd.u.xts.iv = &rctx->iv_sg;
+diff --git a/drivers/gpio/gpio-bcm-kona.c b/drivers/gpio/gpio-bcm-kona.c
+index 2fd38d5..3c5e832 100644
+--- a/drivers/gpio/gpio-bcm-kona.c
++++ b/drivers/gpio/gpio-bcm-kona.c
+@@ -546,11 +546,11 @@ static void bcm_kona_gpio_reset(struct bcm_kona_gpio *kona_gpio)
+ /* disable interrupts and clear status */
+ for (i = 0; i < kona_gpio->num_bank; i++) {
+ /* Unlock the entire bank first */
+- bcm_kona_gpio_write_lock_regs(kona_gpio, i, UNLOCK_CODE);
++ bcm_kona_gpio_write_lock_regs(reg_base, i, UNLOCK_CODE);
+ writel(0xffffffff, reg_base + GPIO_INT_MASK(i));
+ writel(0xffffffff, reg_base + GPIO_INT_STATUS(i));
+ /* Now re-lock the bank */
+- bcm_kona_gpio_write_lock_regs(kona_gpio, i, LOCK_CODE);
++ bcm_kona_gpio_write_lock_regs(reg_base, i, LOCK_CODE);
+ }
+ }
+
+diff --git a/drivers/gpio/gpio-zynq.c b/drivers/gpio/gpio-zynq.c
+index 66d3d24..e72794e 100644
+--- a/drivers/gpio/gpio-zynq.c
++++ b/drivers/gpio/gpio-zynq.c
+@@ -709,11 +709,17 @@ static int zynq_gpio_probe(struct platform_device *pdev)
+ dev_err(&pdev->dev, "input clock not found.\n");
+ return PTR_ERR(gpio->clk);
+ }
++ ret = clk_prepare_enable(gpio->clk);
++ if (ret) {
++ dev_err(&pdev->dev, "Unable to enable clock.\n");
++ return ret;
++ }
+
++ pm_runtime_set_active(&pdev->dev);
+ pm_runtime_enable(&pdev->dev);
+ ret = pm_runtime_get_sync(&pdev->dev);
+ if (ret < 0)
+- return ret;
++ goto err_pm_dis;
+
+ /* report a bug if gpio chip registration fails */
+ ret = gpiochip_add_data(chip, gpio);
+@@ -745,6 +751,9 @@ err_rm_gpiochip:
+ gpiochip_remove(chip);
+ err_pm_put:
+ pm_runtime_put(&pdev->dev);
++err_pm_dis:
++ pm_runtime_disable(&pdev->dev);
++ clk_disable_unprepare(gpio->clk);
+
+ return ret;
+ }
+diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c
+index b747c76..cf3e712 100644
+--- a/drivers/gpio/gpiolib.c
++++ b/drivers/gpio/gpiolib.c
+@@ -438,7 +438,6 @@ static void gpiodevice_release(struct device *dev)
+ {
+ struct gpio_device *gdev = dev_get_drvdata(dev);
+
+- cdev_del(&gdev->chrdev);
+ list_del(&gdev->list);
+ ida_simple_remove(&gpio_ida, gdev->id);
+ kfree(gdev->label);
+@@ -471,7 +470,6 @@ static int gpiochip_setup_dev(struct gpio_device *gdev)
+
+ /* From this point, the .release() function cleans up gpio_device */
+ gdev->dev.release = gpiodevice_release;
+- get_device(&gdev->dev);
+ pr_debug("%s: registered GPIOs %d to %d on device: %s (%s)\n",
+ __func__, gdev->base, gdev->base + gdev->ngpio - 1,
+ dev_name(&gdev->dev), gdev->chip->label ? : "generic");
+@@ -742,6 +740,8 @@ void gpiochip_remove(struct gpio_chip *chip)
+ * be removed, else it will be dangling until the last user is
+ * gone.
+ */
++ cdev_del(&gdev->chrdev);
++ device_del(&gdev->dev);
+ put_device(&gdev->dev);
+ }
+ EXPORT_SYMBOL_GPL(gpiochip_remove);
+@@ -841,7 +841,7 @@ struct gpio_chip *gpiochip_find(void *data,
+
+ spin_lock_irqsave(&gpio_lock, flags);
+ list_for_each_entry(gdev, &gpio_devices, list)
+- if (match(gdev->chip, data))
++ if (gdev->chip && match(gdev->chip, data))
+ break;
+
+ /* No match? */
+@@ -1339,10 +1339,13 @@ done:
+ /*
+ * This descriptor validation needs to be inserted verbatim into each
+ * function taking a descriptor, so we need to use a preprocessor
+- * macro to avoid endless duplication.
++ * macro to avoid endless duplication. If the desc is NULL it is an
++ * optional GPIO and calls should just bail out.
+ */
+ #define VALIDATE_DESC(desc) do { \
+- if (!desc || !desc->gdev) { \
++ if (!desc) \
++ return 0; \
++ if (!desc->gdev) { \
+ pr_warn("%s: invalid GPIO\n", __func__); \
+ return -EINVAL; \
+ } \
+@@ -1353,7 +1356,9 @@ done:
+ } } while (0)
+
+ #define VALIDATE_DESC_VOID(desc) do { \
+- if (!desc || !desc->gdev) { \
++ if (!desc) \
++ return; \
++ if (!desc->gdev) { \
+ pr_warn("%s: invalid GPIO\n", __func__); \
+ return; \
+ } \
+@@ -2001,7 +2006,14 @@ int gpiod_to_irq(const struct gpio_desc *desc)
+ struct gpio_chip *chip;
+ int offset;
+
+- VALIDATE_DESC(desc);
++ /*
++ * Cannot VALIDATE_DESC() here as gpiod_to_irq() consumer semantics
++ * requires this function to not return zero on an invalid descriptor
++ * but rather a negative error number.
++ */
++ if (!desc || !desc->gdev || !desc->gdev->chip)
++ return -EINVAL;
++
+ chip = desc->gdev->chip;
+ offset = gpio_chip_hwgpio(desc);
+ return chip->to_irq ? chip->to_irq(chip, offset) : -ENXIO;
+diff --git a/drivers/gpu/drm/drm_crtc.c b/drivers/gpu/drm/drm_crtc.c
+index e08f962..f30de80 100644
+--- a/drivers/gpu/drm/drm_crtc.c
++++ b/drivers/gpu/drm/drm_crtc.c
+@@ -3434,6 +3434,24 @@ int drm_mode_addfb2(struct drm_device *dev,
+ return 0;
+ }
+
++struct drm_mode_rmfb_work {
++ struct work_struct work;
++ struct list_head fbs;
++};
++
++static void drm_mode_rmfb_work_fn(struct work_struct *w)
++{
++ struct drm_mode_rmfb_work *arg = container_of(w, typeof(*arg), work);
++
++ while (!list_empty(&arg->fbs)) {
++ struct drm_framebuffer *fb =
++ list_first_entry(&arg->fbs, typeof(*fb), filp_head);
++
++ list_del_init(&fb->filp_head);
++ drm_framebuffer_remove(fb);
++ }
++}
++
+ /**
+ * drm_mode_rmfb - remove an FB from the configuration
+ * @dev: drm device for the ioctl
+@@ -3474,7 +3492,25 @@ int drm_mode_rmfb(struct drm_device *dev,
+ mutex_unlock(&dev->mode_config.fb_lock);
+ mutex_unlock(&file_priv->fbs_lock);
+
+- drm_framebuffer_unreference(fb);
++ /*
++ * we now own the reference that was stored in the fbs list
++ *
++ * drm_framebuffer_remove may fail with -EINTR on pending signals,
++ * so run this in a separate stack as there's no way to correctly
++ * handle this after the fb is already removed from the lookup table.
++ */
++ if (atomic_read(&fb->refcount.refcount) > 1) {
++ struct drm_mode_rmfb_work arg;
++
++ INIT_WORK_ONSTACK(&arg.work, drm_mode_rmfb_work_fn);
++ INIT_LIST_HEAD(&arg.fbs);
++ list_add_tail(&fb->filp_head, &arg.fbs);
++
++ schedule_work(&arg.work);
++ flush_work(&arg.work);
++ destroy_work_on_stack(&arg.work);
++ } else
++ drm_framebuffer_unreference(fb);
+
+ return 0;
+
+@@ -3627,7 +3663,6 @@ out_err1:
+ return ret;
+ }
+
+-
+ /**
+ * drm_fb_release - remove and free the FBs on this file
+ * @priv: drm file for the ioctl
+@@ -3642,6 +3677,9 @@ out_err1:
+ void drm_fb_release(struct drm_file *priv)
+ {
+ struct drm_framebuffer *fb, *tfb;
++ struct drm_mode_rmfb_work arg;
++
++ INIT_LIST_HEAD(&arg.fbs);
+
+ /*
+ * When the file gets released that means no one else can access the fb
+@@ -3654,10 +3692,22 @@ void drm_fb_release(struct drm_file *priv)
+ * at it any more.
+ */
+ list_for_each_entry_safe(fb, tfb, &priv->fbs, filp_head) {
+- list_del_init(&fb->filp_head);
++ if (atomic_read(&fb->refcount.refcount) > 1) {
++ list_move_tail(&fb->filp_head, &arg.fbs);
++ } else {
++ list_del_init(&fb->filp_head);
+
+- /* This drops the fpriv->fbs reference. */
+- drm_framebuffer_unreference(fb);
++ /* This drops the fpriv->fbs reference. */
++ drm_framebuffer_unreference(fb);
++ }
++ }
++
++ if (!list_empty(&arg.fbs)) {
++ INIT_WORK_ONSTACK(&arg.work, drm_mode_rmfb_work_fn);
++
++ schedule_work(&arg.work);
++ flush_work(&arg.work);
++ destroy_work_on_stack(&arg.work);
+ }
+ }
+
+diff --git a/drivers/gpu/drm/i915/i915_irq.c b/drivers/gpu/drm/i915/i915_irq.c
+index 1c21220..d1a46ef 100644
+--- a/drivers/gpu/drm/i915/i915_irq.c
++++ b/drivers/gpu/drm/i915/i915_irq.c
+@@ -1829,7 +1829,7 @@ static irqreturn_t cherryview_irq_handler(int irq, void *arg)
+ /* IRQs are synced during runtime_suspend, we don't require a wakeref */
+ disable_rpm_wakeref_asserts(dev_priv);
+
+- do {
++ for (;;) {
+ master_ctl = I915_READ(GEN8_MASTER_IRQ) & ~GEN8_MASTER_IRQ_CONTROL;
+ iir = I915_READ(VLV_IIR);
+
+@@ -1857,7 +1857,7 @@ static irqreturn_t cherryview_irq_handler(int irq, void *arg)
+
+ I915_WRITE(GEN8_MASTER_IRQ, DE_MASTER_IRQ_CONTROL);
+ POSTING_READ(GEN8_MASTER_IRQ);
+- } while (0);
++ }
+
+ enable_rpm_wakeref_asserts(dev_priv);
+
+diff --git a/drivers/net/ethernet/atheros/alx/alx.h b/drivers/net/ethernet/atheros/alx/alx.h
+index 8fc93c5..d02c424 100644
+--- a/drivers/net/ethernet/atheros/alx/alx.h
++++ b/drivers/net/ethernet/atheros/alx/alx.h
+@@ -96,6 +96,10 @@ struct alx_priv {
+ unsigned int rx_ringsz;
+ unsigned int rxbuf_size;
+
++ struct page *rx_page;
++ unsigned int rx_page_offset;
++ unsigned int rx_frag_size;
++
+ struct napi_struct napi;
+ struct alx_tx_queue txq;
+ struct alx_rx_queue rxq;
+diff --git a/drivers/net/ethernet/atheros/alx/main.c b/drivers/net/ethernet/atheros/alx/main.c
+index 55b118e..8611811 100644
+--- a/drivers/net/ethernet/atheros/alx/main.c
++++ b/drivers/net/ethernet/atheros/alx/main.c
+@@ -70,6 +70,35 @@ static void alx_free_txbuf(struct alx_priv *alx, int entry)
+ }
+ }
+
++static struct sk_buff *alx_alloc_skb(struct alx_priv *alx, gfp_t gfp)
++{
++ struct sk_buff *skb;
++ struct page *page;
++
++ if (alx->rx_frag_size > PAGE_SIZE)
++ return __netdev_alloc_skb(alx->dev, alx->rxbuf_size, gfp);
++
++ page = alx->rx_page;
++ if (!page) {
++ alx->rx_page = page = alloc_page(gfp);
++ if (unlikely(!page))
++ return NULL;
++ alx->rx_page_offset = 0;
++ }
++
++ skb = build_skb(page_address(page) + alx->rx_page_offset,
++ alx->rx_frag_size);
++ if (likely(skb)) {
++ alx->rx_page_offset += alx->rx_frag_size;
++ if (alx->rx_page_offset >= PAGE_SIZE)
++ alx->rx_page = NULL;
++ else
++ get_page(page);
++ }
++ return skb;
++}
++
++
+ static int alx_refill_rx_ring(struct alx_priv *alx, gfp_t gfp)
+ {
+ struct alx_rx_queue *rxq = &alx->rxq;
+@@ -86,7 +115,7 @@ static int alx_refill_rx_ring(struct alx_priv *alx, gfp_t gfp)
+ while (!cur_buf->skb && next != rxq->read_idx) {
+ struct alx_rfd *rfd = &rxq->rfd[cur];
+
+- skb = __netdev_alloc_skb(alx->dev, alx->rxbuf_size, gfp);
++ skb = alx_alloc_skb(alx, gfp);
+ if (!skb)
+ break;
+ dma = dma_map_single(&alx->hw.pdev->dev,
+@@ -124,6 +153,7 @@ static int alx_refill_rx_ring(struct alx_priv *alx, gfp_t gfp)
+ alx_write_mem16(&alx->hw, ALX_RFD_PIDX, cur);
+ }
+
++
+ return count;
+ }
+
+@@ -592,6 +622,11 @@ static void alx_free_rings(struct alx_priv *alx)
+ kfree(alx->txq.bufs);
+ kfree(alx->rxq.bufs);
+
++ if (alx->rx_page) {
++ put_page(alx->rx_page);
++ alx->rx_page = NULL;
++ }
++
+ dma_free_coherent(&alx->hw.pdev->dev,
+ alx->descmem.size,
+ alx->descmem.virt,
+@@ -646,6 +681,7 @@ static int alx_request_irq(struct alx_priv *alx)
+ alx->dev->name, alx);
+ if (!err)
+ goto out;
++
+ /* fall back to legacy interrupt */
+ pci_disable_msi(alx->hw.pdev);
+ }
+@@ -689,6 +725,7 @@ static int alx_init_sw(struct alx_priv *alx)
+ struct pci_dev *pdev = alx->hw.pdev;
+ struct alx_hw *hw = &alx->hw;
+ int err;
++ unsigned int head_size;
+
+ err = alx_identify_hw(alx);
+ if (err) {
+@@ -704,7 +741,12 @@ static int alx_init_sw(struct alx_priv *alx)
+
+ hw->smb_timer = 400;
+ hw->mtu = alx->dev->mtu;
++
+ alx->rxbuf_size = ALX_MAX_FRAME_LEN(hw->mtu);
++ head_size = SKB_DATA_ALIGN(alx->rxbuf_size + NET_SKB_PAD) +
++ SKB_DATA_ALIGN(sizeof(struct skb_shared_info));
++ alx->rx_frag_size = roundup_pow_of_two(head_size);
++
+ alx->tx_ringsz = 256;
+ alx->rx_ringsz = 512;
+ hw->imt = 200;
+@@ -806,6 +848,7 @@ static int alx_change_mtu(struct net_device *netdev, int mtu)
+ {
+ struct alx_priv *alx = netdev_priv(netdev);
+ int max_frame = ALX_MAX_FRAME_LEN(mtu);
++ unsigned int head_size;
+
+ if ((max_frame < ALX_MIN_FRAME_SIZE) ||
+ (max_frame > ALX_MAX_FRAME_SIZE))
+@@ -817,6 +860,9 @@ static int alx_change_mtu(struct net_device *netdev, int mtu)
+ netdev->mtu = mtu;
+ alx->hw.mtu = mtu;
+ alx->rxbuf_size = max(max_frame, ALX_DEF_RXBUF_SIZE);
++ head_size = SKB_DATA_ALIGN(alx->rxbuf_size + NET_SKB_PAD) +
++ SKB_DATA_ALIGN(sizeof(struct skb_shared_info));
++ alx->rx_frag_size = roundup_pow_of_two(head_size);
+ netdev_update_features(netdev);
+ if (netif_running(netdev))
+ alx_reinit(alx);
+diff --git a/drivers/net/ethernet/ezchip/nps_enet.c b/drivers/net/ethernet/ezchip/nps_enet.c
+index 085f912..06f0317 100644
+--- a/drivers/net/ethernet/ezchip/nps_enet.c
++++ b/drivers/net/ethernet/ezchip/nps_enet.c
+@@ -205,8 +205,10 @@ static int nps_enet_poll(struct napi_struct *napi, int budget)
+ * re-adding ourselves to the poll list.
+ */
+
+- if (priv->tx_skb && !tx_ctrl_ct)
++ if (priv->tx_skb && !tx_ctrl_ct) {
++ nps_enet_reg_set(priv, NPS_ENET_REG_BUF_INT_ENABLE, 0);
+ napi_reschedule(napi);
++ }
+ }
+
+ return work_done;
+diff --git a/drivers/net/ethernet/marvell/mvneta_bm.c b/drivers/net/ethernet/marvell/mvneta_bm.c
+index 01fccec..466939f 100644
+--- a/drivers/net/ethernet/marvell/mvneta_bm.c
++++ b/drivers/net/ethernet/marvell/mvneta_bm.c
+@@ -189,6 +189,7 @@ struct mvneta_bm_pool *mvneta_bm_pool_use(struct mvneta_bm *priv, u8 pool_id,
+ SKB_DATA_ALIGN(sizeof(struct skb_shared_info));
+ hwbm_pool->construct = mvneta_bm_construct;
+ hwbm_pool->priv = new_pool;
++ spin_lock_init(&hwbm_pool->lock);
+
+ /* Create new pool */
+ err = mvneta_bm_pool_create(priv, new_pool);
+diff --git a/drivers/net/ethernet/rocker/rocker_ofdpa.c b/drivers/net/ethernet/rocker/rocker_ofdpa.c
+index 0e758bc..1ca7963 100644
+--- a/drivers/net/ethernet/rocker/rocker_ofdpa.c
++++ b/drivers/net/ethernet/rocker/rocker_ofdpa.c
+@@ -2727,7 +2727,7 @@ static int ofdpa_port_obj_fib4_add(struct rocker_port *rocker_port,
+
+ return ofdpa_port_fib_ipv4(ofdpa_port, trans,
+ htonl(fib4->dst), fib4->dst_len,
+- &fib4->fi, fib4->tb_id, 0);
++ fib4->fi, fib4->tb_id, 0);
+ }
+
+ static int ofdpa_port_obj_fib4_del(struct rocker_port *rocker_port,
+@@ -2737,7 +2737,7 @@ static int ofdpa_port_obj_fib4_del(struct rocker_port *rocker_port,
+
+ return ofdpa_port_fib_ipv4(ofdpa_port, NULL,
+ htonl(fib4->dst), fib4->dst_len,
+- &fib4->fi, fib4->tb_id,
++ fib4->fi, fib4->tb_id,
+ OFDPA_OP_FLAG_REMOVE);
+ }
+
+diff --git a/drivers/net/ethernet/sfc/ef10.c b/drivers/net/ethernet/sfc/ef10.c
+index 1681084..1f30912 100644
+--- a/drivers/net/ethernet/sfc/ef10.c
++++ b/drivers/net/ethernet/sfc/ef10.c
+@@ -619,6 +619,17 @@ fail:
+ return rc;
+ }
+
++static void efx_ef10_forget_old_piobufs(struct efx_nic *efx)
++{
++ struct efx_channel *channel;
++ struct efx_tx_queue *tx_queue;
++
++ /* All our existing PIO buffers went away */
++ efx_for_each_channel(channel, efx)
++ efx_for_each_channel_tx_queue(tx_queue, channel)
++ tx_queue->piobuf = NULL;
++}
++
+ #else /* !EFX_USE_PIO */
+
+ static int efx_ef10_alloc_piobufs(struct efx_nic *efx, unsigned int n)
+@@ -635,6 +646,10 @@ static void efx_ef10_free_piobufs(struct efx_nic *efx)
+ {
+ }
+
++static void efx_ef10_forget_old_piobufs(struct efx_nic *efx)
++{
++}
++
+ #endif /* EFX_USE_PIO */
+
+ static void efx_ef10_remove(struct efx_nic *efx)
+@@ -1018,6 +1033,7 @@ static void efx_ef10_reset_mc_allocations(struct efx_nic *efx)
+ nic_data->must_realloc_vis = true;
+ nic_data->must_restore_filters = true;
+ nic_data->must_restore_piobufs = true;
++ efx_ef10_forget_old_piobufs(efx);
+ nic_data->rx_rss_context = EFX_EF10_RSS_CONTEXT_INVALID;
+
+ /* Driver-created vswitches and vports must be re-created */
+diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_mdio.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_mdio.c
+index 06704ca..8683a21 100644
+--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_mdio.c
++++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_mdio.c
+@@ -209,7 +209,7 @@ int stmmac_mdio_register(struct net_device *ndev)
+ return -ENOMEM;
+
+ if (mdio_bus_data->irqs)
+- memcpy(new_bus->irq, mdio_bus_data, sizeof(new_bus->irq));
++ memcpy(new_bus->irq, mdio_bus_data->irqs, sizeof(new_bus->irq));
+
+ #ifdef CONFIG_OF
+ if (priv->device->of_node)
+diff --git a/drivers/net/geneve.c b/drivers/net/geneve.c
+index 7b0a644..9fcb489 100644
+--- a/drivers/net/geneve.c
++++ b/drivers/net/geneve.c
+@@ -336,15 +336,15 @@ static int geneve_udp_encap_recv(struct sock *sk, struct sk_buff *skb)
+
+ /* Need Geneve and inner Ethernet header to be present */
+ if (unlikely(!pskb_may_pull(skb, GENEVE_BASE_HLEN)))
+- goto error;
++ goto drop;
+
+ /* Return packets with reserved bits set */
+ geneveh = geneve_hdr(skb);
+ if (unlikely(geneveh->ver != GENEVE_VER))
+- goto error;
++ goto drop;
+
+ if (unlikely(geneveh->proto_type != htons(ETH_P_TEB)))
+- goto error;
++ goto drop;
+
+ gs = rcu_dereference_sk_user_data(sk);
+ if (!gs)
+@@ -367,10 +367,6 @@ drop:
+ /* Consume bad packet */
+ kfree_skb(skb);
+ return 0;
+-
+-error:
+- /* Let the UDP layer deal with the skb */
+- return 1;
+ }
+
+ static struct socket *geneve_create_sock(struct net *net, bool ipv6,
+diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
+index 92eaab95..9e803bb 100644
+--- a/drivers/net/macsec.c
++++ b/drivers/net/macsec.c
+@@ -1645,7 +1645,7 @@ static int macsec_add_rxsa(struct sk_buff *skb, struct genl_info *info)
+ if (tb_sa[MACSEC_SA_ATTR_ACTIVE])
+ rx_sa->active = !!nla_get_u8(tb_sa[MACSEC_SA_ATTR_ACTIVE]);
+
+- nla_memcpy(rx_sa->key.id, tb_sa[MACSEC_SA_ATTR_KEY], MACSEC_KEYID_LEN);
++ nla_memcpy(rx_sa->key.id, tb_sa[MACSEC_SA_ATTR_KEYID], MACSEC_KEYID_LEN);
+ rx_sa->sc = rx_sc;
+ rcu_assign_pointer(rx_sc->sa[assoc_num], rx_sa);
+
+@@ -1784,7 +1784,7 @@ static int macsec_add_txsa(struct sk_buff *skb, struct genl_info *info)
+ return -ENOMEM;
+ }
+
+- nla_memcpy(tx_sa->key.id, tb_sa[MACSEC_SA_ATTR_KEY], MACSEC_KEYID_LEN);
++ nla_memcpy(tx_sa->key.id, tb_sa[MACSEC_SA_ATTR_KEYID], MACSEC_KEYID_LEN);
+
+ spin_lock_bh(&tx_sa->lock);
+ tx_sa->next_pn = nla_get_u32(tb_sa[MACSEC_SA_ATTR_PN]);
+diff --git a/drivers/net/team/team.c b/drivers/net/team/team.c
+index a0f64cb..2ace126 100644
+--- a/drivers/net/team/team.c
++++ b/drivers/net/team/team.c
+@@ -990,7 +990,7 @@ static void team_port_disable(struct team *team,
+ #define TEAM_ENC_FEATURES (NETIF_F_HW_CSUM | NETIF_F_SG | \
+ NETIF_F_RXCSUM | NETIF_F_ALL_TSO)
+
+-static void __team_compute_features(struct team *team)
++static void ___team_compute_features(struct team *team)
+ {
+ struct team_port *port;
+ u32 vlan_features = TEAM_VLAN_FEATURES & NETIF_F_ALL_FOR_ALL;
+@@ -1021,15 +1021,20 @@ static void __team_compute_features(struct team *team)
+ team->dev->priv_flags &= ~IFF_XMIT_DST_RELEASE;
+ if (dst_release_flag == (IFF_XMIT_DST_RELEASE | IFF_XMIT_DST_RELEASE_PERM))
+ team->dev->priv_flags |= IFF_XMIT_DST_RELEASE;
++}
+
++static void __team_compute_features(struct team *team)
++{
++ ___team_compute_features(team);
+ netdev_change_features(team->dev);
+ }
+
+ static void team_compute_features(struct team *team)
+ {
+ mutex_lock(&team->lock);
+- __team_compute_features(team);
++ ___team_compute_features(team);
+ mutex_unlock(&team->lock);
++ netdev_change_features(team->dev);
+ }
+
+ static int team_port_enter(struct team *team, struct team_port *port)
+diff --git a/drivers/net/tun.c b/drivers/net/tun.c
+index 2c9e45f5..dda4905 100644
+--- a/drivers/net/tun.c
++++ b/drivers/net/tun.c
+@@ -568,11 +568,13 @@ static void tun_detach_all(struct net_device *dev)
+ for (i = 0; i < n; i++) {
+ tfile = rtnl_dereference(tun->tfiles[i]);
+ BUG_ON(!tfile);
++ tfile->socket.sk->sk_shutdown = RCV_SHUTDOWN;
+ tfile->socket.sk->sk_data_ready(tfile->socket.sk);
+ RCU_INIT_POINTER(tfile->tun, NULL);
+ --tun->numqueues;
+ }
+ list_for_each_entry(tfile, &tun->disabled, next) {
++ tfile->socket.sk->sk_shutdown = RCV_SHUTDOWN;
+ tfile->socket.sk->sk_data_ready(tfile->socket.sk);
+ RCU_INIT_POINTER(tfile->tun, NULL);
+ }
+@@ -628,6 +630,7 @@ static int tun_attach(struct tun_struct *tun, struct file *file, bool skip_filte
+ goto out;
+ }
+ tfile->queue_index = tun->numqueues;
++ tfile->socket.sk->sk_shutdown &= ~RCV_SHUTDOWN;
+ rcu_assign_pointer(tfile->tun, tun);
+ rcu_assign_pointer(tun->tfiles[tun->numqueues], tfile);
+ tun->numqueues++;
+@@ -1425,9 +1428,6 @@ static ssize_t tun_do_read(struct tun_struct *tun, struct tun_file *tfile,
+ if (!iov_iter_count(to))
+ return 0;
+
+- if (tun->dev->reg_state != NETREG_REGISTERED)
+- return -EIO;
+-
+ /* Read frames from queue */
+ skb = __skb_recv_datagram(tfile->socket.sk, noblock ? MSG_DONTWAIT : 0,
+ &peeked, &off, &err);
+diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
+index 8ac261a..7e29b55 100644
+--- a/drivers/net/vxlan.c
++++ b/drivers/net/vxlan.c
+@@ -1262,7 +1262,7 @@ static int vxlan_rcv(struct sock *sk, struct sk_buff *skb)
+
+ /* Need Vxlan and inner Ethernet header to be present */
+ if (!pskb_may_pull(skb, VXLAN_HLEN))
+- return 1;
++ goto drop;
+
+ unparsed = *vxlan_hdr(skb);
+ /* VNI flag always required to be set */
+@@ -1271,7 +1271,7 @@ static int vxlan_rcv(struct sock *sk, struct sk_buff *skb)
+ ntohl(vxlan_hdr(skb)->vx_flags),
+ ntohl(vxlan_hdr(skb)->vx_vni));
+ /* Return non vxlan pkt */
+- return 1;
++ goto drop;
+ }
+ unparsed.vx_flags &= ~VXLAN_HF_VNI;
+ unparsed.vx_vni &= ~VXLAN_VNI_MASK;
+@@ -2959,6 +2959,9 @@ static int vxlan_newlink(struct net *src_net, struct net_device *dev,
+ if (data[IFLA_VXLAN_REMCSUM_NOPARTIAL])
+ conf.flags |= VXLAN_F_REMCSUM_NOPARTIAL;
+
++ if (tb[IFLA_MTU])
++ conf.mtu = nla_get_u32(tb[IFLA_MTU]);
++
+ err = vxlan_dev_configure(src_net, dev, &conf);
+ switch (err) {
+ case -ENODEV:
+diff --git a/drivers/perf/arm_pmu.c b/drivers/perf/arm_pmu.c
+index f700908..0e537fd 100644
+--- a/drivers/perf/arm_pmu.c
++++ b/drivers/perf/arm_pmu.c
+@@ -987,9 +987,6 @@ int arm_pmu_device_probe(struct platform_device *pdev,
+
+ armpmu_init(pmu);
+
+- if (!__oprofile_cpu_pmu)
+- __oprofile_cpu_pmu = pmu;
+-
+ pmu->plat_device = pdev;
+
+ if (node && (of_id = of_match_node(of_table, pdev->dev.of_node))) {
+@@ -1025,6 +1022,9 @@ int arm_pmu_device_probe(struct platform_device *pdev,
+ if (ret)
+ goto out_destroy;
+
++ if (!__oprofile_cpu_pmu)
++ __oprofile_cpu_pmu = pmu;
++
+ pr_info("enabled with %s PMU driver, %d counters available\n",
+ pmu->name, pmu->num_events);
+
+diff --git a/drivers/pinctrl/mediatek/pinctrl-mtk-common.c b/drivers/pinctrl/mediatek/pinctrl-mtk-common.c
+index 6ab8c3c..fba2dd9 100644
+--- a/drivers/pinctrl/mediatek/pinctrl-mtk-common.c
++++ b/drivers/pinctrl/mediatek/pinctrl-mtk-common.c
+@@ -1256,9 +1256,10 @@ static void mtk_eint_irq_handler(struct irq_desc *desc)
+ const struct mtk_desc_pin *pin;
+
+ chained_irq_enter(chip, desc);
+- for (eint_num = 0; eint_num < pctl->devdata->ap_num; eint_num += 32) {
++ for (eint_num = 0;
++ eint_num < pctl->devdata->ap_num;
++ eint_num += 32, reg += 4) {
+ status = readl(reg);
+- reg += 4;
+ while (status) {
+ offset = __ffs(status);
+ index = eint_num + offset;
+diff --git a/drivers/scsi/scsi_devinfo.c b/drivers/scsi/scsi_devinfo.c
+index 3408578..ff41c31 100644
+--- a/drivers/scsi/scsi_devinfo.c
++++ b/drivers/scsi/scsi_devinfo.c
+@@ -230,6 +230,7 @@ static struct {
+ {"PIONEER", "CD-ROM DRM-624X", NULL, BLIST_FORCELUN | BLIST_SINGLELUN},
+ {"Promise", "VTrak E610f", NULL, BLIST_SPARSELUN | BLIST_NO_RSOC},
+ {"Promise", "", NULL, BLIST_SPARSELUN},
++ {"QEMU", "QEMU CD-ROM", NULL, BLIST_SKIP_VPD_PAGES},
+ {"QNAP", "iSCSI Storage", NULL, BLIST_MAX_1024},
+ {"SYNOLOGY", "iSCSI Storage", NULL, BLIST_MAX_1024},
+ {"QUANTUM", "XP34301", "1071", BLIST_NOTQ},
+diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
+index 8106515..f704d02 100644
+--- a/drivers/scsi/scsi_lib.c
++++ b/drivers/scsi/scsi_lib.c
+@@ -911,9 +911,12 @@ void scsi_io_completion(struct scsi_cmnd *cmd, unsigned int good_bytes)
+ }
+
+ /*
+- * If we finished all bytes in the request we are done now.
++ * special case: failed zero length commands always need to
++ * drop down into the retry code. Otherwise, if we finished
++ * all bytes in the request we are done now.
+ */
+- if (!scsi_end_request(req, error, good_bytes, 0))
++ if (!(blk_rq_bytes(req) == 0 && error) &&
++ !scsi_end_request(req, error, good_bytes, 0))
+ return;
+
+ /*
+diff --git a/fs/dcache.c b/fs/dcache.c
+index d5ecc6e..44008e3 100644
+--- a/fs/dcache.c
++++ b/fs/dcache.c
+@@ -1619,7 +1619,7 @@ struct dentry *d_alloc(struct dentry * parent, const struct qstr *name)
+ struct dentry *dentry = __d_alloc(parent->d_sb, name);
+ if (!dentry)
+ return NULL;
+-
++ dentry->d_flags |= DCACHE_RCUACCESS;
+ spin_lock(&parent->d_lock);
+ /*
+ * don't need child lock because it is not subject
+@@ -2338,7 +2338,6 @@ static void __d_rehash(struct dentry * entry, struct hlist_bl_head *b)
+ {
+ BUG_ON(!d_unhashed(entry));
+ hlist_bl_lock(b);
+- entry->d_flags |= DCACHE_RCUACCESS;
+ hlist_bl_add_head_rcu(&entry->d_hash, b);
+ hlist_bl_unlock(b);
+ }
+@@ -2637,6 +2636,7 @@ static void __d_move(struct dentry *dentry, struct dentry *target,
+ /* ... and switch them in the tree */
+ if (IS_ROOT(dentry)) {
+ /* splicing a tree */
++ dentry->d_flags |= DCACHE_RCUACCESS;
+ dentry->d_parent = target->d_parent;
+ target->d_parent = target;
+ list_del_init(&target->d_child);
+diff --git a/fs/ecryptfs/kthread.c b/fs/ecryptfs/kthread.c
+index 866bb18..e818f5a 100644
+--- a/fs/ecryptfs/kthread.c
++++ b/fs/ecryptfs/kthread.c
+@@ -25,6 +25,7 @@
+ #include <linux/slab.h>
+ #include <linux/wait.h>
+ #include <linux/mount.h>
++#include <linux/file.h>
+ #include "ecryptfs_kernel.h"
+
+ struct ecryptfs_open_req {
+@@ -147,7 +148,7 @@ int ecryptfs_privileged_open(struct file **lower_file,
+ flags |= IS_RDONLY(d_inode(lower_dentry)) ? O_RDONLY : O_RDWR;
+ (*lower_file) = dentry_open(&req.path, flags, cred);
+ if (!IS_ERR(*lower_file))
+- goto out;
++ goto have_file;
+ if ((flags & O_ACCMODE) == O_RDONLY) {
+ rc = PTR_ERR((*lower_file));
+ goto out;
+@@ -165,8 +166,16 @@ int ecryptfs_privileged_open(struct file **lower_file,
+ mutex_unlock(&ecryptfs_kthread_ctl.mux);
+ wake_up(&ecryptfs_kthread_ctl.wait);
+ wait_for_completion(&req.done);
+- if (IS_ERR(*lower_file))
++ if (IS_ERR(*lower_file)) {
+ rc = PTR_ERR(*lower_file);
++ goto out;
++ }
++have_file:
++ if ((*lower_file)->f_op->mmap == NULL) {
++ fput(*lower_file);
++ *lower_file = NULL;
++ rc = -EMEDIUMTYPE;
++ }
+ out:
+ return rc;
+ }
+diff --git a/fs/proc/root.c b/fs/proc/root.c
+index 361ab4e..ec649c9 100644
+--- a/fs/proc/root.c
++++ b/fs/proc/root.c
+@@ -121,6 +121,13 @@ static struct dentry *proc_mount(struct file_system_type *fs_type,
+ if (IS_ERR(sb))
+ return ERR_CAST(sb);
+
++ /*
++ * procfs isn't actually a stacking filesystem; however, there is
++ * too much magic going on inside it to permit stacking things on
++ * top of it
++ */
++ sb->s_stack_depth = FILESYSTEM_MAX_STACK_DEPTH;
++
+ if (!proc_parse_options(options, ns)) {
+ deactivate_locked_super(sb);
+ return ERR_PTR(-EINVAL);
+diff --git a/include/linux/irqchip/arm-gic-v3.h b/include/linux/irqchip/arm-gic-v3.h
+index d5d798b..e984250 100644
+--- a/include/linux/irqchip/arm-gic-v3.h
++++ b/include/linux/irqchip/arm-gic-v3.h
+@@ -301,7 +301,7 @@
+ #define ICC_SGI1R_AFFINITY_1_SHIFT 16
+ #define ICC_SGI1R_AFFINITY_1_MASK (0xff << ICC_SGI1R_AFFINITY_1_SHIFT)
+ #define ICC_SGI1R_SGI_ID_SHIFT 24
+-#define ICC_SGI1R_SGI_ID_MASK (0xff << ICC_SGI1R_SGI_ID_SHIFT)
++#define ICC_SGI1R_SGI_ID_MASK (0xfULL << ICC_SGI1R_SGI_ID_SHIFT)
+ #define ICC_SGI1R_AFFINITY_2_SHIFT 32
+ #define ICC_SGI1R_AFFINITY_2_MASK (0xffULL << ICC_SGI1R_AFFINITY_1_SHIFT)
+ #define ICC_SGI1R_IRQ_ROUTING_MODE_BIT 40
+diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h
+index 80a305b..4dd9306 100644
+--- a/include/linux/netfilter/x_tables.h
++++ b/include/linux/netfilter/x_tables.h
+@@ -242,11 +242,18 @@ void xt_unregister_match(struct xt_match *target);
+ int xt_register_matches(struct xt_match *match, unsigned int n);
+ void xt_unregister_matches(struct xt_match *match, unsigned int n);
+
++int xt_check_entry_offsets(const void *base, const char *elems,
++ unsigned int target_offset,
++ unsigned int next_offset);
++
+ int xt_check_match(struct xt_mtchk_param *, unsigned int size, u_int8_t proto,
+ bool inv_proto);
+ int xt_check_target(struct xt_tgchk_param *, unsigned int size, u_int8_t proto,
+ bool inv_proto);
+
++void *xt_copy_counters_from_user(const void __user *user, unsigned int len,
++ struct xt_counters_info *info, bool compat);
++
+ struct xt_table *xt_register_table(struct net *net,
+ const struct xt_table *table,
+ struct xt_table_info *bootstrap,
+@@ -480,7 +487,7 @@ void xt_compat_init_offsets(u_int8_t af, unsigned int number);
+ int xt_compat_calc_jump(u_int8_t af, unsigned int offset);
+
+ int xt_compat_match_offset(const struct xt_match *match);
+-int xt_compat_match_from_user(struct xt_entry_match *m, void **dstptr,
++void xt_compat_match_from_user(struct xt_entry_match *m, void **dstptr,
+ unsigned int *size);
+ int xt_compat_match_to_user(const struct xt_entry_match *m,
+ void __user **dstptr, unsigned int *size);
+@@ -490,6 +497,9 @@ void xt_compat_target_from_user(struct xt_entry_target *t, void **dstptr,
+ unsigned int *size);
+ int xt_compat_target_to_user(const struct xt_entry_target *t,
+ void __user **dstptr, unsigned int *size);
++int xt_compat_check_entry_offsets(const void *base, const char *elems,
++ unsigned int target_offset,
++ unsigned int next_offset);
+
+ #endif /* CONFIG_COMPAT */
+ #endif /* _X_TABLES_H */
+diff --git a/include/net/switchdev.h b/include/net/switchdev.h
+index 51d77b2..985619a 100644
+--- a/include/net/switchdev.h
++++ b/include/net/switchdev.h
+@@ -97,7 +97,7 @@ struct switchdev_obj_ipv4_fib {
+ struct switchdev_obj obj;
+ u32 dst;
+ int dst_len;
+- struct fib_info fi;
++ struct fib_info *fi;
+ u8 tos;
+ u8 type;
+ u32 nlflags;
+diff --git a/include/uapi/linux/libc-compat.h b/include/uapi/linux/libc-compat.h
+index d5e38c7..e4f048e 100644
+--- a/include/uapi/linux/libc-compat.h
++++ b/include/uapi/linux/libc-compat.h
+@@ -52,7 +52,7 @@
+ #if defined(__GLIBC__)
+
+ /* Coordinate with glibc net/if.h header. */
+-#if defined(_NET_IF_H)
++#if defined(_NET_IF_H) && defined(__USE_MISC)
+
+ /* GLIBC headers included first so don't define anything
+ * that would already be defined. */
+diff --git a/kernel/bpf/inode.c b/kernel/bpf/inode.c
+index 8f94ca1..b2aefa2 100644
+--- a/kernel/bpf/inode.c
++++ b/kernel/bpf/inode.c
+@@ -378,7 +378,7 @@ static int bpf_fill_super(struct super_block *sb, void *data, int silent)
+ static struct dentry *bpf_mount(struct file_system_type *type, int flags,
+ const char *dev_name, void *data)
+ {
+- return mount_ns(type, flags, current->nsproxy->mnt_ns, bpf_fill_super);
++ return mount_nodev(type, flags, data, bpf_fill_super);
+ }
+
+ static struct file_system_type bpf_fs_type = {
+@@ -386,7 +386,6 @@ static struct file_system_type bpf_fs_type = {
+ .name = "bpf",
+ .mount = bpf_mount,
+ .kill_sb = kill_litter_super,
+- .fs_flags = FS_USERNS_MOUNT,
+ };
+
+ MODULE_ALIAS_FS("bpf");
+diff --git a/kernel/sched/core.c b/kernel/sched/core.c
+index d1f7149..11546a6 100644
+--- a/kernel/sched/core.c
++++ b/kernel/sched/core.c
+@@ -3047,7 +3047,8 @@ static noinline void __schedule_bug(struct task_struct *prev)
+ static inline void schedule_debug(struct task_struct *prev)
+ {
+ #ifdef CONFIG_SCHED_STACK_END_CHECK
+- BUG_ON(task_stack_end_corrupted(prev));
++ if (task_stack_end_corrupted(prev))
++ panic("corrupted stack end detected inside scheduler\n");
+ #endif
+
+ if (unlikely(in_atomic_preempt_off())) {
+diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
+index 3e4ffb3..d028941 100644
+--- a/kernel/trace/bpf_trace.c
++++ b/kernel/trace/bpf_trace.c
+@@ -194,7 +194,7 @@ static u64 bpf_perf_event_read(u64 r1, u64 index, u64 r3, u64 r4, u64 r5)
+ if (unlikely(index >= array->map.max_entries))
+ return -E2BIG;
+
+- file = (struct file *)array->ptrs[index];
++ file = READ_ONCE(array->ptrs[index]);
+ if (unlikely(!file))
+ return -ENOENT;
+
+@@ -238,7 +238,7 @@ static u64 bpf_perf_event_output(u64 r1, u64 r2, u64 index, u64 r4, u64 size)
+ if (unlikely(index >= array->map.max_entries))
+ return -E2BIG;
+
+- file = (struct file *)array->ptrs[index];
++ file = READ_ONCE(array->ptrs[index]);
+ if (unlikely(!file))
+ return -ENOENT;
+
+diff --git a/mm/memcontrol.c b/mm/memcontrol.c
+index fe787f5..a2e79b8 100644
+--- a/mm/memcontrol.c
++++ b/mm/memcontrol.c
+@@ -2877,6 +2877,7 @@ static void memcg_offline_kmem(struct mem_cgroup *memcg)
+ * ordering is imposed by list_lru_node->lock taken by
+ * memcg_drain_all_list_lrus().
+ */
++ rcu_read_lock(); /* can be called from css_free w/o cgroup_mutex */
+ css_for_each_descendant_pre(css, &memcg->css) {
+ child = mem_cgroup_from_css(css);
+ BUG_ON(child->kmemcg_id != kmemcg_id);
+@@ -2884,6 +2885,8 @@ static void memcg_offline_kmem(struct mem_cgroup *memcg)
+ if (!memcg->use_hierarchy)
+ break;
+ }
++ rcu_read_unlock();
++
+ memcg_drain_all_list_lrus(kmemcg_id, parent->kmemcg_id);
+
+ memcg_free_cache_id(kmemcg_id);
+diff --git a/mm/swap_state.c b/mm/swap_state.c
+index 366ce35..1155a68 100644
+--- a/mm/swap_state.c
++++ b/mm/swap_state.c
+@@ -252,7 +252,10 @@ static inline void free_swap_cache(struct page *page)
+ void free_page_and_swap_cache(struct page *page)
+ {
+ free_swap_cache(page);
+- put_page(page);
++ if (is_huge_zero_page(page))
++ put_huge_zero_page();
++ else
++ put_page(page);
+ }
+
+ /*
+diff --git a/net/bridge/br_fdb.c b/net/bridge/br_fdb.c
+index dcea4f4..c18080a 100644
+--- a/net/bridge/br_fdb.c
++++ b/net/bridge/br_fdb.c
+@@ -279,6 +279,8 @@ void br_fdb_change_mac_address(struct net_bridge *br, const u8 *newaddr)
+ * change from under us.
+ */
+ list_for_each_entry(v, &vg->vlan_list, vlist) {
++ if (!br_vlan_should_use(v))
++ continue;
+ f = __br_fdb_get(br, br->dev->dev_addr, v->vid);
+ if (f && f->is_local && !f->dst)
+ fdb_delete_local(br, NULL, f);
+diff --git a/net/core/hwbm.c b/net/core/hwbm.c
+index 941c284..2cab489 100644
+--- a/net/core/hwbm.c
++++ b/net/core/hwbm.c
+@@ -55,18 +55,21 @@ int hwbm_pool_add(struct hwbm_pool *bm_pool, unsigned int buf_num, gfp_t gfp)
+ spin_lock_irqsave(&bm_pool->lock, flags);
+ if (bm_pool->buf_num == bm_pool->size) {
+ pr_warn("pool already filled\n");
++ spin_unlock_irqrestore(&bm_pool->lock, flags);
+ return bm_pool->buf_num;
+ }
+
+ if (buf_num + bm_pool->buf_num > bm_pool->size) {
+ pr_warn("cannot allocate %d buffers for pool\n",
+ buf_num);
++ spin_unlock_irqrestore(&bm_pool->lock, flags);
+ return 0;
+ }
+
+ if ((buf_num + bm_pool->buf_num) < bm_pool->buf_num) {
+ pr_warn("Adding %d buffers to the %d current buffers will overflow\n",
+ buf_num, bm_pool->buf_num);
++ spin_unlock_irqrestore(&bm_pool->lock, flags);
+ return 0;
+ }
+
+diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
+index 9e48199..7ad0e56 100644
+--- a/net/ipv4/af_inet.c
++++ b/net/ipv4/af_inet.c
+@@ -1660,6 +1660,14 @@ static __net_init int inet_init_net(struct net *net)
+ */
+ net->ipv4.ping_group_range.range[0] = make_kgid(&init_user_ns, 1);
+ net->ipv4.ping_group_range.range[1] = make_kgid(&init_user_ns, 0);
++
++ /* Default values for sysctl-controlled parameters.
++ * We set them here, in case sysctl is not compiled.
++ */
++ net->ipv4.sysctl_ip_default_ttl = IPDEFTTL;
++ net->ipv4.sysctl_ip_dynaddr = 0;
++ net->ipv4.sysctl_ip_early_demux = 1;
++
+ return 0;
+ }
+
+diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
+index 4133b0f..85d60c6 100644
+--- a/net/ipv4/netfilter/arp_tables.c
++++ b/net/ipv4/netfilter/arp_tables.c
+@@ -367,6 +367,18 @@ static inline bool unconditional(const struct arpt_entry *e)
+ memcmp(&e->arp, &uncond, sizeof(uncond)) == 0;
+ }
+
++static bool find_jump_target(const struct xt_table_info *t,
++ const struct arpt_entry *target)
++{
++ struct arpt_entry *iter;
++
++ xt_entry_foreach(iter, t->entries, t->size) {
++ if (iter == target)
++ return true;
++ }
++ return false;
++}
++
+ /* Figures out from what hook each rule can be called: returns 0 if
+ * there are loops. Puts hook bitmask in comefrom.
+ */
+@@ -439,6 +451,8 @@ static int mark_source_chains(const struct xt_table_info *newinfo,
+ size = e->next_offset;
+ e = (struct arpt_entry *)
+ (entry0 + pos + size);
++ if (pos + size >= newinfo->size)
++ return 0;
+ e->counters.pcnt = pos;
+ pos += size;
+ } else {
+@@ -458,9 +472,15 @@ static int mark_source_chains(const struct xt_table_info *newinfo,
+ /* This a jump; chase it. */
+ duprintf("Jump rule %u -> %u\n",
+ pos, newpos);
++ e = (struct arpt_entry *)
++ (entry0 + newpos);
++ if (!find_jump_target(newinfo, e))
++ return 0;
+ } else {
+ /* ... this is a fallthru */
+ newpos = pos + e->next_offset;
++ if (newpos >= newinfo->size)
++ return 0;
+ }
+ e = (struct arpt_entry *)
+ (entry0 + newpos);
+@@ -474,23 +494,6 @@ next:
+ return 1;
+ }
+
+-static inline int check_entry(const struct arpt_entry *e)
+-{
+- const struct xt_entry_target *t;
+-
+- if (!arp_checkentry(&e->arp))
+- return -EINVAL;
+-
+- if (e->target_offset + sizeof(struct xt_entry_target) > e->next_offset)
+- return -EINVAL;
+-
+- t = arpt_get_target_c(e);
+- if (e->target_offset + t->u.target_size > e->next_offset)
+- return -EINVAL;
+-
+- return 0;
+-}
+-
+ static inline int check_target(struct arpt_entry *e, const char *name)
+ {
+ struct xt_entry_target *t = arpt_get_target(e);
+@@ -586,7 +589,11 @@ static inline int check_entry_size_and_hooks(struct arpt_entry *e,
+ return -EINVAL;
+ }
+
+- err = check_entry(e);
++ if (!arp_checkentry(&e->arp))
++ return -EINVAL;
++
++ err = xt_check_entry_offsets(e, e->elems, e->target_offset,
++ e->next_offset);
+ if (err)
+ return err;
+
+@@ -691,10 +698,8 @@ static int translate_table(struct xt_table_info *newinfo, void *entry0,
+ }
+ }
+
+- if (!mark_source_chains(newinfo, repl->valid_hooks, entry0)) {
+- duprintf("Looping hook\n");
++ if (!mark_source_chains(newinfo, repl->valid_hooks, entry0))
+ return -ELOOP;
+- }
+
+ /* Finally, each sanity check must pass */
+ i = 0;
+@@ -1126,55 +1131,17 @@ static int do_add_counters(struct net *net, const void __user *user,
+ unsigned int i;
+ struct xt_counters_info tmp;
+ struct xt_counters *paddc;
+- unsigned int num_counters;
+- const char *name;
+- int size;
+- void *ptmp;
+ struct xt_table *t;
+ const struct xt_table_info *private;
+ int ret = 0;
+ struct arpt_entry *iter;
+ unsigned int addend;
+-#ifdef CONFIG_COMPAT
+- struct compat_xt_counters_info compat_tmp;
+
+- if (compat) {
+- ptmp = &compat_tmp;
+- size = sizeof(struct compat_xt_counters_info);
+- } else
+-#endif
+- {
+- ptmp = &tmp;
+- size = sizeof(struct xt_counters_info);
+- }
++ paddc = xt_copy_counters_from_user(user, len, &tmp, compat);
++ if (IS_ERR(paddc))
++ return PTR_ERR(paddc);
+
+- if (copy_from_user(ptmp, user, size) != 0)
+- return -EFAULT;
+-
+-#ifdef CONFIG_COMPAT
+- if (compat) {
+- num_counters = compat_tmp.num_counters;
+- name = compat_tmp.name;
+- } else
+-#endif
+- {
+- num_counters = tmp.num_counters;
+- name = tmp.name;
+- }
+-
+- if (len != size + num_counters * sizeof(struct xt_counters))
+- return -EINVAL;
+-
+- paddc = vmalloc(len - size);
+- if (!paddc)
+- return -ENOMEM;
+-
+- if (copy_from_user(paddc, user + size, len - size) != 0) {
+- ret = -EFAULT;
+- goto free;
+- }
+-
+- t = xt_find_table_lock(net, NFPROTO_ARP, name);
++ t = xt_find_table_lock(net, NFPROTO_ARP, tmp.name);
+ if (IS_ERR_OR_NULL(t)) {
+ ret = t ? PTR_ERR(t) : -ENOENT;
+ goto free;
+@@ -1182,7 +1149,7 @@ static int do_add_counters(struct net *net, const void __user *user,
+
+ local_bh_disable();
+ private = t->private;
+- if (private->number != num_counters) {
++ if (private->number != tmp.num_counters) {
+ ret = -EINVAL;
+ goto unlock_up_free;
+ }
+@@ -1209,6 +1176,18 @@ static int do_add_counters(struct net *net, const void __user *user,
+ }
+
+ #ifdef CONFIG_COMPAT
++struct compat_arpt_replace {
++ char name[XT_TABLE_MAXNAMELEN];
++ u32 valid_hooks;
++ u32 num_entries;
++ u32 size;
++ u32 hook_entry[NF_ARP_NUMHOOKS];
++ u32 underflow[NF_ARP_NUMHOOKS];
++ u32 num_counters;
++ compat_uptr_t counters;
++ struct compat_arpt_entry entries[0];
++};
++
+ static inline void compat_release_entry(struct compat_arpt_entry *e)
+ {
+ struct xt_entry_target *t;
+@@ -1217,20 +1196,17 @@ static inline void compat_release_entry(struct compat_arpt_entry *e)
+ module_put(t->u.kernel.target->me);
+ }
+
+-static inline int
++static int
+ check_compat_entry_size_and_hooks(struct compat_arpt_entry *e,
+ struct xt_table_info *newinfo,
+ unsigned int *size,
+ const unsigned char *base,
+- const unsigned char *limit,
+- const unsigned int *hook_entries,
+- const unsigned int *underflows,
+- const char *name)
++ const unsigned char *limit)
+ {
+ struct xt_entry_target *t;
+ struct xt_target *target;
+ unsigned int entry_offset;
+- int ret, off, h;
++ int ret, off;
+
+ duprintf("check_compat_entry_size_and_hooks %p\n", e);
+ if ((unsigned long)e % __alignof__(struct compat_arpt_entry) != 0 ||
+@@ -1247,8 +1223,11 @@ check_compat_entry_size_and_hooks(struct compat_arpt_entry *e,
+ return -EINVAL;
+ }
+
+- /* For purposes of check_entry casting the compat entry is fine */
+- ret = check_entry((struct arpt_entry *)e);
++ if (!arp_checkentry(&e->arp))
++ return -EINVAL;
++
++ ret = xt_compat_check_entry_offsets(e, e->elems, e->target_offset,
++ e->next_offset);
+ if (ret)
+ return ret;
+
+@@ -1272,17 +1251,6 @@ check_compat_entry_size_and_hooks(struct compat_arpt_entry *e,
+ if (ret)
+ goto release_target;
+
+- /* Check hooks & underflows */
+- for (h = 0; h < NF_ARP_NUMHOOKS; h++) {
+- if ((unsigned char *)e - base == hook_entries[h])
+- newinfo->hook_entry[h] = hook_entries[h];
+- if ((unsigned char *)e - base == underflows[h])
+- newinfo->underflow[h] = underflows[h];
+- }
+-
+- /* Clear counters and comefrom */
+- memset(&e->counters, 0, sizeof(e->counters));
+- e->comefrom = 0;
+ return 0;
+
+ release_target:
+@@ -1291,18 +1259,17 @@ out:
+ return ret;
+ }
+
+-static int
++static void
+ compat_copy_entry_from_user(struct compat_arpt_entry *e, void **dstptr,
+- unsigned int *size, const char *name,
++ unsigned int *size,
+ struct xt_table_info *newinfo, unsigned char *base)
+ {
+ struct xt_entry_target *t;
+ struct xt_target *target;
+ struct arpt_entry *de;
+ unsigned int origsize;
+- int ret, h;
++ int h;
+
+- ret = 0;
+ origsize = *size;
+ de = (struct arpt_entry *)*dstptr;
+ memcpy(de, e, sizeof(struct arpt_entry));
+@@ -1323,148 +1290,82 @@ compat_copy_entry_from_user(struct compat_arpt_entry *e, void **dstptr,
+ if ((unsigned char *)de - base < newinfo->underflow[h])
+ newinfo->underflow[h] -= origsize - *size;
+ }
+- return ret;
+ }
+
+-static int translate_compat_table(const char *name,
+- unsigned int valid_hooks,
+- struct xt_table_info **pinfo,
++static int translate_compat_table(struct xt_table_info **pinfo,
+ void **pentry0,
+- unsigned int total_size,
+- unsigned int number,
+- unsigned int *hook_entries,
+- unsigned int *underflows)
++ const struct compat_arpt_replace *compatr)
+ {
+ unsigned int i, j;
+ struct xt_table_info *newinfo, *info;
+ void *pos, *entry0, *entry1;
+ struct compat_arpt_entry *iter0;
+- struct arpt_entry *iter1;
++ struct arpt_replace repl;
+ unsigned int size;
+ int ret = 0;
+
+ info = *pinfo;
+ entry0 = *pentry0;
+- size = total_size;
+- info->number = number;
+-
+- /* Init all hooks to impossible value. */
+- for (i = 0; i < NF_ARP_NUMHOOKS; i++) {
+- info->hook_entry[i] = 0xFFFFFFFF;
+- info->underflow[i] = 0xFFFFFFFF;
+- }
++ size = compatr->size;
++ info->number = compatr->num_entries;
+
+ duprintf("translate_compat_table: size %u\n", info->size);
+ j = 0;
+ xt_compat_lock(NFPROTO_ARP);
+- xt_compat_init_offsets(NFPROTO_ARP, number);
++ xt_compat_init_offsets(NFPROTO_ARP, compatr->num_entries);
+ /* Walk through entries, checking offsets. */
+- xt_entry_foreach(iter0, entry0, total_size) {
++ xt_entry_foreach(iter0, entry0, compatr->size) {
+ ret = check_compat_entry_size_and_hooks(iter0, info, &size,
+ entry0,
+- entry0 + total_size,
+- hook_entries,
+- underflows,
+- name);
++ entry0 + compatr->size);
+ if (ret != 0)
+ goto out_unlock;
+ ++j;
+ }
+
+ ret = -EINVAL;
+- if (j != number) {
++ if (j != compatr->num_entries) {
+ duprintf("translate_compat_table: %u not %u entries\n",
+- j, number);
++ j, compatr->num_entries);
+ goto out_unlock;
+ }
+
+- /* Check hooks all assigned */
+- for (i = 0; i < NF_ARP_NUMHOOKS; i++) {
+- /* Only hooks which are valid */
+- if (!(valid_hooks & (1 << i)))
+- continue;
+- if (info->hook_entry[i] == 0xFFFFFFFF) {
+- duprintf("Invalid hook entry %u %u\n",
+- i, hook_entries[i]);
+- goto out_unlock;
+- }
+- if (info->underflow[i] == 0xFFFFFFFF) {
+- duprintf("Invalid underflow %u %u\n",
+- i, underflows[i]);
+- goto out_unlock;
+- }
+- }
+-
+ ret = -ENOMEM;
+ newinfo = xt_alloc_table_info(size);
+ if (!newinfo)
+ goto out_unlock;
+
+- newinfo->number = number;
++ newinfo->number = compatr->num_entries;
+ for (i = 0; i < NF_ARP_NUMHOOKS; i++) {
+ newinfo->hook_entry[i] = info->hook_entry[i];
+ newinfo->underflow[i] = info->underflow[i];
+ }
+ entry1 = newinfo->entries;
+ pos = entry1;
+- size = total_size;
+- xt_entry_foreach(iter0, entry0, total_size) {
+- ret = compat_copy_entry_from_user(iter0, &pos, &size,
+- name, newinfo, entry1);
+- if (ret != 0)
+- break;
+- }
++ size = compatr->size;
++ xt_entry_foreach(iter0, entry0, compatr->size)
++ compat_copy_entry_from_user(iter0, &pos, &size,
++ newinfo, entry1);
++
++ /* all module references in entry0 are now gone */
++
+ xt_compat_flush_offsets(NFPROTO_ARP);
+ xt_compat_unlock(NFPROTO_ARP);
+- if (ret)
+- goto free_newinfo;
+
+- ret = -ELOOP;
+- if (!mark_source_chains(newinfo, valid_hooks, entry1))
+- goto free_newinfo;
++ memcpy(&repl, compatr, sizeof(*compatr));
+
+- i = 0;
+- xt_entry_foreach(iter1, entry1, newinfo->size) {
+- iter1->counters.pcnt = xt_percpu_counter_alloc();
+- if (IS_ERR_VALUE(iter1->counters.pcnt)) {
+- ret = -ENOMEM;
+- break;
+- }
+-
+- ret = check_target(iter1, name);
+- if (ret != 0) {
+- xt_percpu_counter_free(iter1->counters.pcnt);
+- break;
+- }
+- ++i;
+- if (strcmp(arpt_get_target(iter1)->u.user.name,
+- XT_ERROR_TARGET) == 0)
+- ++newinfo->stacksize;
+- }
+- if (ret) {
+- /*
+- * The first i matches need cleanup_entry (calls ->destroy)
+- * because they had called ->check already. The other j-i
+- * entries need only release.
+- */
+- int skip = i;
+- j -= i;
+- xt_entry_foreach(iter0, entry0, newinfo->size) {
+- if (skip-- > 0)
+- continue;
+- if (j-- == 0)
+- break;
+- compat_release_entry(iter0);
+- }
+- xt_entry_foreach(iter1, entry1, newinfo->size) {
+- if (i-- == 0)
+- break;
+- cleanup_entry(iter1);
+- }
+- xt_free_table_info(newinfo);
+- return ret;
++ for (i = 0; i < NF_ARP_NUMHOOKS; i++) {
++ repl.hook_entry[i] = newinfo->hook_entry[i];
++ repl.underflow[i] = newinfo->underflow[i];
+ }
+
++ repl.num_counters = 0;
++ repl.counters = NULL;
++ repl.size = newinfo->size;
++ ret = translate_table(newinfo, entry1, &repl);
++ if (ret)
++ goto free_newinfo;
++
+ *pinfo = newinfo;
+ *pentry0 = entry1;
+ xt_free_table_info(info);
+@@ -1472,31 +1373,18 @@ static int translate_compat_table(const char *name,
+
+ free_newinfo:
+ xt_free_table_info(newinfo);
+-out:
+- xt_entry_foreach(iter0, entry0, total_size) {
++ return ret;
++out_unlock:
++ xt_compat_flush_offsets(NFPROTO_ARP);
++ xt_compat_unlock(NFPROTO_ARP);
++ xt_entry_foreach(iter0, entry0, compatr->size) {
+ if (j-- == 0)
+ break;
+ compat_release_entry(iter0);
+ }
+ return ret;
+-out_unlock:
+- xt_compat_flush_offsets(NFPROTO_ARP);
+- xt_compat_unlock(NFPROTO_ARP);
+- goto out;
+ }
+
+-struct compat_arpt_replace {
+- char name[XT_TABLE_MAXNAMELEN];
+- u32 valid_hooks;
+- u32 num_entries;
+- u32 size;
+- u32 hook_entry[NF_ARP_NUMHOOKS];
+- u32 underflow[NF_ARP_NUMHOOKS];
+- u32 num_counters;
+- compat_uptr_t counters;
+- struct compat_arpt_entry entries[0];
+-};
+-
+ static int compat_do_replace(struct net *net, void __user *user,
+ unsigned int len)
+ {
+@@ -1529,10 +1417,7 @@ static int compat_do_replace(struct net *net, void __user *user,
+ goto free_newinfo;
+ }
+
+- ret = translate_compat_table(tmp.name, tmp.valid_hooks,
+- &newinfo, &loc_cpu_entry, tmp.size,
+- tmp.num_entries, tmp.hook_entry,
+- tmp.underflow);
++ ret = translate_compat_table(&newinfo, &loc_cpu_entry, &tmp);
+ if (ret != 0)
+ goto free_newinfo;
+
+diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
+index 631c100..0984ea3 100644
+--- a/net/ipv4/netfilter/ip_tables.c
++++ b/net/ipv4/netfilter/ip_tables.c
+@@ -443,6 +443,18 @@ ipt_do_table(struct sk_buff *skb,
+ #endif
+ }
+
++static bool find_jump_target(const struct xt_table_info *t,
++ const struct ipt_entry *target)
++{
++ struct ipt_entry *iter;
++
++ xt_entry_foreach(iter, t->entries, t->size) {
++ if (iter == target)
++ return true;
++ }
++ return false;
++}
++
+ /* Figures out from what hook each rule can be called: returns 0 if
+ there are loops. Puts hook bitmask in comefrom. */
+ static int
+@@ -520,6 +532,8 @@ mark_source_chains(const struct xt_table_info *newinfo,
+ size = e->next_offset;
+ e = (struct ipt_entry *)
+ (entry0 + pos + size);
++ if (pos + size >= newinfo->size)
++ return 0;
+ e->counters.pcnt = pos;
+ pos += size;
+ } else {
+@@ -538,9 +552,15 @@ mark_source_chains(const struct xt_table_info *newinfo,
+ /* This a jump; chase it. */
+ duprintf("Jump rule %u -> %u\n",
+ pos, newpos);
++ e = (struct ipt_entry *)
++ (entry0 + newpos);
++ if (!find_jump_target(newinfo, e))
++ return 0;
+ } else {
+ /* ... this is a fallthru */
+ newpos = pos + e->next_offset;
++ if (newpos >= newinfo->size)
++ return 0;
+ }
+ e = (struct ipt_entry *)
+ (entry0 + newpos);
+@@ -568,25 +588,6 @@ static void cleanup_match(struct xt_entry_match *m, struct net *net)
+ }
+
+ static int
+-check_entry(const struct ipt_entry *e)
+-{
+- const struct xt_entry_target *t;
+-
+- if (!ip_checkentry(&e->ip))
+- return -EINVAL;
+-
+- if (e->target_offset + sizeof(struct xt_entry_target) >
+- e->next_offset)
+- return -EINVAL;
+-
+- t = ipt_get_target_c(e);
+- if (e->target_offset + t->u.target_size > e->next_offset)
+- return -EINVAL;
+-
+- return 0;
+-}
+-
+-static int
+ check_match(struct xt_entry_match *m, struct xt_mtchk_param *par)
+ {
+ const struct ipt_ip *ip = par->entryinfo;
+@@ -750,7 +751,11 @@ check_entry_size_and_hooks(struct ipt_entry *e,
+ return -EINVAL;
+ }
+
+- err = check_entry(e);
++ if (!ip_checkentry(&e->ip))
++ return -EINVAL;
++
++ err = xt_check_entry_offsets(e, e->elems, e->target_offset,
++ e->next_offset);
+ if (err)
+ return err;
+
+@@ -1309,55 +1314,17 @@ do_add_counters(struct net *net, const void __user *user,
+ unsigned int i;
+ struct xt_counters_info tmp;
+ struct xt_counters *paddc;
+- unsigned int num_counters;
+- const char *name;
+- int size;
+- void *ptmp;
+ struct xt_table *t;
+ const struct xt_table_info *private;
+ int ret = 0;
+ struct ipt_entry *iter;
+ unsigned int addend;
+-#ifdef CONFIG_COMPAT
+- struct compat_xt_counters_info compat_tmp;
+
+- if (compat) {
+- ptmp = &compat_tmp;
+- size = sizeof(struct compat_xt_counters_info);
+- } else
+-#endif
+- {
+- ptmp = &tmp;
+- size = sizeof(struct xt_counters_info);
+- }
+-
+- if (copy_from_user(ptmp, user, size) != 0)
+- return -EFAULT;
+-
+-#ifdef CONFIG_COMPAT
+- if (compat) {
+- num_counters = compat_tmp.num_counters;
+- name = compat_tmp.name;
+- } else
+-#endif
+- {
+- num_counters = tmp.num_counters;
+- name = tmp.name;
+- }
++ paddc = xt_copy_counters_from_user(user, len, &tmp, compat);
++ if (IS_ERR(paddc))
++ return PTR_ERR(paddc);
+
+- if (len != size + num_counters * sizeof(struct xt_counters))
+- return -EINVAL;
+-
+- paddc = vmalloc(len - size);
+- if (!paddc)
+- return -ENOMEM;
+-
+- if (copy_from_user(paddc, user + size, len - size) != 0) {
+- ret = -EFAULT;
+- goto free;
+- }
+-
+- t = xt_find_table_lock(net, AF_INET, name);
++ t = xt_find_table_lock(net, AF_INET, tmp.name);
+ if (IS_ERR_OR_NULL(t)) {
+ ret = t ? PTR_ERR(t) : -ENOENT;
+ goto free;
+@@ -1365,7 +1332,7 @@ do_add_counters(struct net *net, const void __user *user,
+
+ local_bh_disable();
+ private = t->private;
+- if (private->number != num_counters) {
++ if (private->number != tmp.num_counters) {
+ ret = -EINVAL;
+ goto unlock_up_free;
+ }
+@@ -1444,7 +1411,6 @@ compat_copy_entry_to_user(struct ipt_entry *e, void __user **dstptr,
+
+ static int
+ compat_find_calc_match(struct xt_entry_match *m,
+- const char *name,
+ const struct ipt_ip *ip,
+ int *size)
+ {
+@@ -1479,17 +1445,14 @@ check_compat_entry_size_and_hooks(struct compat_ipt_entry *e,
+ struct xt_table_info *newinfo,
+ unsigned int *size,
+ const unsigned char *base,
+- const unsigned char *limit,
+- const unsigned int *hook_entries,
+- const unsigned int *underflows,
+- const char *name)
++ const unsigned char *limit)
+ {
+ struct xt_entry_match *ematch;
+ struct xt_entry_target *t;
+ struct xt_target *target;
+ unsigned int entry_offset;
+ unsigned int j;
+- int ret, off, h;
++ int ret, off;
+
+ duprintf("check_compat_entry_size_and_hooks %p\n", e);
+ if ((unsigned long)e % __alignof__(struct compat_ipt_entry) != 0 ||
+@@ -1506,8 +1469,11 @@ check_compat_entry_size_and_hooks(struct compat_ipt_entry *e,
+ return -EINVAL;
+ }
+
+- /* For purposes of check_entry casting the compat entry is fine */
+- ret = check_entry((struct ipt_entry *)e);
++ if (!ip_checkentry(&e->ip))
++ return -EINVAL;
++
++ ret = xt_compat_check_entry_offsets(e, e->elems,
++ e->target_offset, e->next_offset);
+ if (ret)
+ return ret;
+
+@@ -1515,7 +1481,7 @@ check_compat_entry_size_and_hooks(struct compat_ipt_entry *e,
+ entry_offset = (void *)e - (void *)base;
+ j = 0;
+ xt_ematch_foreach(ematch, e) {
+- ret = compat_find_calc_match(ematch, name, &e->ip, &off);
++ ret = compat_find_calc_match(ematch, &e->ip, &off);
+ if (ret != 0)
+ goto release_matches;
+ ++j;
+@@ -1538,17 +1504,6 @@ check_compat_entry_size_and_hooks(struct compat_ipt_entry *e,
+ if (ret)
+ goto out;
+
+- /* Check hooks & underflows */
+- for (h = 0; h < NF_INET_NUMHOOKS; h++) {
+- if ((unsigned char *)e - base == hook_entries[h])
+- newinfo->hook_entry[h] = hook_entries[h];
+- if ((unsigned char *)e - base == underflows[h])
+- newinfo->underflow[h] = underflows[h];
+- }
+-
+- /* Clear counters and comefrom */
+- memset(&e->counters, 0, sizeof(e->counters));
+- e->comefrom = 0;
+ return 0;
+
+ out:
+@@ -1562,19 +1517,18 @@ release_matches:
+ return ret;
+ }
+
+-static int
++static void
+ compat_copy_entry_from_user(struct compat_ipt_entry *e, void **dstptr,
+- unsigned int *size, const char *name,
++ unsigned int *size,
+ struct xt_table_info *newinfo, unsigned char *base)
+ {
+ struct xt_entry_target *t;
+ struct xt_target *target;
+ struct ipt_entry *de;
+ unsigned int origsize;
+- int ret, h;
++ int h;
+ struct xt_entry_match *ematch;
+
+- ret = 0;
+ origsize = *size;
+ de = (struct ipt_entry *)*dstptr;
+ memcpy(de, e, sizeof(struct ipt_entry));
+@@ -1583,201 +1537,105 @@ compat_copy_entry_from_user(struct compat_ipt_entry *e, void **dstptr,
+ *dstptr += sizeof(struct ipt_entry);
+ *size += sizeof(struct ipt_entry) - sizeof(struct compat_ipt_entry);
+
+- xt_ematch_foreach(ematch, e) {
+- ret = xt_compat_match_from_user(ematch, dstptr, size);
+- if (ret != 0)
+- return ret;
+- }
++ xt_ematch_foreach(ematch, e)
++ xt_compat_match_from_user(ematch, dstptr, size);
++
+ de->target_offset = e->target_offset - (origsize - *size);
+ t = compat_ipt_get_target(e);
+ target = t->u.kernel.target;
+ xt_compat_target_from_user(t, dstptr, size);
+
+ de->next_offset = e->next_offset - (origsize - *size);
++
+ for (h = 0; h < NF_INET_NUMHOOKS; h++) {
+ if ((unsigned char *)de - base < newinfo->hook_entry[h])
+ newinfo->hook_entry[h] -= origsize - *size;
+ if ((unsigned char *)de - base < newinfo->underflow[h])
+ newinfo->underflow[h] -= origsize - *size;
+ }
+- return ret;
+-}
+-
+-static int
+-compat_check_entry(struct ipt_entry *e, struct net *net, const char *name)
+-{
+- struct xt_entry_match *ematch;
+- struct xt_mtchk_param mtpar;
+- unsigned int j;
+- int ret = 0;
+-
+- e->counters.pcnt = xt_percpu_counter_alloc();
+- if (IS_ERR_VALUE(e->counters.pcnt))
+- return -ENOMEM;
+-
+- j = 0;
+- mtpar.net = net;
+- mtpar.table = name;
+- mtpar.entryinfo = &e->ip;
+- mtpar.hook_mask = e->comefrom;
+- mtpar.family = NFPROTO_IPV4;
+- xt_ematch_foreach(ematch, e) {
+- ret = check_match(ematch, &mtpar);
+- if (ret != 0)
+- goto cleanup_matches;
+- ++j;
+- }
+-
+- ret = check_target(e, net, name);
+- if (ret)
+- goto cleanup_matches;
+- return 0;
+-
+- cleanup_matches:
+- xt_ematch_foreach(ematch, e) {
+- if (j-- == 0)
+- break;
+- cleanup_match(ematch, net);
+- }
+-
+- xt_percpu_counter_free(e->counters.pcnt);
+-
+- return ret;
+ }
+
+ static int
+ translate_compat_table(struct net *net,
+- const char *name,
+- unsigned int valid_hooks,
+ struct xt_table_info **pinfo,
+ void **pentry0,
+- unsigned int total_size,
+- unsigned int number,
+- unsigned int *hook_entries,
+- unsigned int *underflows)
++ const struct compat_ipt_replace *compatr)
+ {
+ unsigned int i, j;
+ struct xt_table_info *newinfo, *info;
+ void *pos, *entry0, *entry1;
+ struct compat_ipt_entry *iter0;
+- struct ipt_entry *iter1;
++ struct ipt_replace repl;
+ unsigned int size;
+ int ret;
+
+ info = *pinfo;
+ entry0 = *pentry0;
+- size = total_size;
+- info->number = number;
+-
+- /* Init all hooks to impossible value. */
+- for (i = 0; i < NF_INET_NUMHOOKS; i++) {
+- info->hook_entry[i] = 0xFFFFFFFF;
+- info->underflow[i] = 0xFFFFFFFF;
+- }
++ size = compatr->size;
++ info->number = compatr->num_entries;
+
+ duprintf("translate_compat_table: size %u\n", info->size);
+ j = 0;
+ xt_compat_lock(AF_INET);
+- xt_compat_init_offsets(AF_INET, number);
++ xt_compat_init_offsets(AF_INET, compatr->num_entries);
+ /* Walk through entries, checking offsets. */
+- xt_entry_foreach(iter0, entry0, total_size) {
++ xt_entry_foreach(iter0, entry0, compatr->size) {
+ ret = check_compat_entry_size_and_hooks(iter0, info, &size,
+ entry0,
+- entry0 + total_size,
+- hook_entries,
+- underflows,
+- name);
++ entry0 + compatr->size);
+ if (ret != 0)
+ goto out_unlock;
+ ++j;
+ }
+
+ ret = -EINVAL;
+- if (j != number) {
++ if (j != compatr->num_entries) {
+ duprintf("translate_compat_table: %u not %u entries\n",
+- j, number);
++ j, compatr->num_entries);
+ goto out_unlock;
+ }
+
+- /* Check hooks all assigned */
+- for (i = 0; i < NF_INET_NUMHOOKS; i++) {
+- /* Only hooks which are valid */
+- if (!(valid_hooks & (1 << i)))
+- continue;
+- if (info->hook_entry[i] == 0xFFFFFFFF) {
+- duprintf("Invalid hook entry %u %u\n",
+- i, hook_entries[i]);
+- goto out_unlock;
+- }
+- if (info->underflow[i] == 0xFFFFFFFF) {
+- duprintf("Invalid underflow %u %u\n",
+- i, underflows[i]);
+- goto out_unlock;
+- }
+- }
+-
+ ret = -ENOMEM;
+ newinfo = xt_alloc_table_info(size);
+ if (!newinfo)
+ goto out_unlock;
+
+- newinfo->number = number;
++ newinfo->number = compatr->num_entries;
+ for (i = 0; i < NF_INET_NUMHOOKS; i++) {
+- newinfo->hook_entry[i] = info->hook_entry[i];
+- newinfo->underflow[i] = info->underflow[i];
++ newinfo->hook_entry[i] = compatr->hook_entry[i];
++ newinfo->underflow[i] = compatr->underflow[i];
+ }
+ entry1 = newinfo->entries;
+ pos = entry1;
+- size = total_size;
+- xt_entry_foreach(iter0, entry0, total_size) {
+- ret = compat_copy_entry_from_user(iter0, &pos, &size,
+- name, newinfo, entry1);
+- if (ret != 0)
+- break;
+- }
++ size = compatr->size;
++ xt_entry_foreach(iter0, entry0, compatr->size)
++ compat_copy_entry_from_user(iter0, &pos, &size,
++ newinfo, entry1);
++
++ /* all module references in entry0 are now gone.
++ * entry1/newinfo contains a 64bit ruleset that looks exactly as
++ * generated by 64bit userspace.
++ *
++ * Call standard translate_table() to validate all hook_entrys,
++ * underflows, check for loops, etc.
++ */
+ xt_compat_flush_offsets(AF_INET);
+ xt_compat_unlock(AF_INET);
+- if (ret)
+- goto free_newinfo;
+
+- ret = -ELOOP;
+- if (!mark_source_chains(newinfo, valid_hooks, entry1))
+- goto free_newinfo;
++ memcpy(&repl, compatr, sizeof(*compatr));
+
+- i = 0;
+- xt_entry_foreach(iter1, entry1, newinfo->size) {
+- ret = compat_check_entry(iter1, net, name);
+- if (ret != 0)
+- break;
+- ++i;
+- if (strcmp(ipt_get_target(iter1)->u.user.name,
+- XT_ERROR_TARGET) == 0)
+- ++newinfo->stacksize;
+- }
+- if (ret) {
+- /*
+- * The first i matches need cleanup_entry (calls ->destroy)
+- * because they had called ->check already. The other j-i
+- * entries need only release.
+- */
+- int skip = i;
+- j -= i;
+- xt_entry_foreach(iter0, entry0, newinfo->size) {
+- if (skip-- > 0)
+- continue;
+- if (j-- == 0)
+- break;
+- compat_release_entry(iter0);
+- }
+- xt_entry_foreach(iter1, entry1, newinfo->size) {
+- if (i-- == 0)
+- break;
+- cleanup_entry(iter1, net);
+- }
+- xt_free_table_info(newinfo);
+- return ret;
++ for (i = 0; i < NF_INET_NUMHOOKS; i++) {
++ repl.hook_entry[i] = newinfo->hook_entry[i];
++ repl.underflow[i] = newinfo->underflow[i];
+ }
+
++ repl.num_counters = 0;
++ repl.counters = NULL;
++ repl.size = newinfo->size;
++ ret = translate_table(net, newinfo, entry1, &repl);
++ if (ret)
++ goto free_newinfo;
++
+ *pinfo = newinfo;
+ *pentry0 = entry1;
+ xt_free_table_info(info);
+@@ -1785,17 +1643,16 @@ translate_compat_table(struct net *net,
+
+ free_newinfo:
+ xt_free_table_info(newinfo);
+-out:
+- xt_entry_foreach(iter0, entry0, total_size) {
++ return ret;
++out_unlock:
++ xt_compat_flush_offsets(AF_INET);
++ xt_compat_unlock(AF_INET);
++ xt_entry_foreach(iter0, entry0, compatr->size) {
+ if (j-- == 0)
+ break;
+ compat_release_entry(iter0);
+ }
+ return ret;
+-out_unlock:
+- xt_compat_flush_offsets(AF_INET);
+- xt_compat_unlock(AF_INET);
+- goto out;
+ }
+
+ static int
+@@ -1831,10 +1688,7 @@ compat_do_replace(struct net *net, void __user *user, unsigned int len)
+ goto free_newinfo;
+ }
+
+- ret = translate_compat_table(net, tmp.name, tmp.valid_hooks,
+- &newinfo, &loc_cpu_entry, tmp.size,
+- tmp.num_entries, tmp.hook_entry,
+- tmp.underflow);
++ ret = translate_compat_table(net, &newinfo, &loc_cpu_entry, &tmp);
+ if (ret != 0)
+ goto free_newinfo;
+
+diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
+index 1e1fe60..03112a3 100644
+--- a/net/ipv4/sysctl_net_ipv4.c
++++ b/net/ipv4/sysctl_net_ipv4.c
+@@ -988,10 +988,6 @@ static __net_init int ipv4_sysctl_init_net(struct net *net)
+ if (!net->ipv4.sysctl_local_reserved_ports)
+ goto err_ports;
+
+- net->ipv4.sysctl_ip_default_ttl = IPDEFTTL;
+- net->ipv4.sysctl_ip_dynaddr = 0;
+- net->ipv4.sysctl_ip_early_demux = 1;
+-
+ return 0;
+
+ err_ports:
+diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
+index a2e7f55..e9853df 100644
+--- a/net/ipv4/udp.c
++++ b/net/ipv4/udp.c
+@@ -1616,7 +1616,7 @@ int udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
+
+ /* if we're overly short, let UDP handle it */
+ encap_rcv = ACCESS_ONCE(up->encap_rcv);
+- if (skb->len > sizeof(struct udphdr) && encap_rcv) {
++ if (encap_rcv) {
+ int ret;
+
+ /* Verify checksum before giving to encap */
+diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
+index bc972e7..da88de8 100644
+--- a/net/ipv6/ip6_output.c
++++ b/net/ipv6/ip6_output.c
+@@ -1071,17 +1071,12 @@ struct dst_entry *ip6_sk_dst_lookup_flow(struct sock *sk, struct flowi6 *fl6,
+ const struct in6_addr *final_dst)
+ {
+ struct dst_entry *dst = sk_dst_check(sk, inet6_sk(sk)->dst_cookie);
+- int err;
+
+ dst = ip6_sk_dst_check(sk, dst, fl6);
++ if (!dst)
++ dst = ip6_dst_lookup_flow(sk, fl6, final_dst);
+
+- err = ip6_dst_lookup_tail(sock_net(sk), sk, &dst, fl6);
+- if (err)
+- return ERR_PTR(err);
+- if (final_dst)
+- fl6->daddr = *final_dst;
+-
+- return xfrm_lookup_route(sock_net(sk), dst, flowi6_to_flowi(fl6), sk, 0);
++ return dst;
+ }
+ EXPORT_SYMBOL_GPL(ip6_sk_dst_lookup_flow);
+
+diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
+index 86b67b7..9021b43 100644
+--- a/net/ipv6/netfilter/ip6_tables.c
++++ b/net/ipv6/netfilter/ip6_tables.c
+@@ -455,6 +455,18 @@ ip6t_do_table(struct sk_buff *skb,
+ #endif
+ }
+
++static bool find_jump_target(const struct xt_table_info *t,
++ const struct ip6t_entry *target)
++{
++ struct ip6t_entry *iter;
++
++ xt_entry_foreach(iter, t->entries, t->size) {
++ if (iter == target)
++ return true;
++ }
++ return false;
++}
++
+ /* Figures out from what hook each rule can be called: returns 0 if
+ there are loops. Puts hook bitmask in comefrom. */
+ static int
+@@ -532,6 +544,8 @@ mark_source_chains(const struct xt_table_info *newinfo,
+ size = e->next_offset;
+ e = (struct ip6t_entry *)
+ (entry0 + pos + size);
++ if (pos + size >= newinfo->size)
++ return 0;
+ e->counters.pcnt = pos;
+ pos += size;
+ } else {
+@@ -550,9 +564,15 @@ mark_source_chains(const struct xt_table_info *newinfo,
+ /* This a jump; chase it. */
+ duprintf("Jump rule %u -> %u\n",
+ pos, newpos);
++ e = (struct ip6t_entry *)
++ (entry0 + newpos);
++ if (!find_jump_target(newinfo, e))
++ return 0;
+ } else {
+ /* ... this is a fallthru */
+ newpos = pos + e->next_offset;
++ if (newpos >= newinfo->size)
++ return 0;
+ }
+ e = (struct ip6t_entry *)
+ (entry0 + newpos);
+@@ -579,25 +599,6 @@ static void cleanup_match(struct xt_entry_match *m, struct net *net)
+ module_put(par.match->me);
+ }
+
+-static int
+-check_entry(const struct ip6t_entry *e)
+-{
+- const struct xt_entry_target *t;
+-
+- if (!ip6_checkentry(&e->ipv6))
+- return -EINVAL;
+-
+- if (e->target_offset + sizeof(struct xt_entry_target) >
+- e->next_offset)
+- return -EINVAL;
+-
+- t = ip6t_get_target_c(e);
+- if (e->target_offset + t->u.target_size > e->next_offset)
+- return -EINVAL;
+-
+- return 0;
+-}
+-
+ static int check_match(struct xt_entry_match *m, struct xt_mtchk_param *par)
+ {
+ const struct ip6t_ip6 *ipv6 = par->entryinfo;
+@@ -762,7 +763,11 @@ check_entry_size_and_hooks(struct ip6t_entry *e,
+ return -EINVAL;
+ }
+
+- err = check_entry(e);
++ if (!ip6_checkentry(&e->ipv6))
++ return -EINVAL;
++
++ err = xt_check_entry_offsets(e, e->elems, e->target_offset,
++ e->next_offset);
+ if (err)
+ return err;
+
+@@ -1321,55 +1326,16 @@ do_add_counters(struct net *net, const void __user *user, unsigned int len,
+ unsigned int i;
+ struct xt_counters_info tmp;
+ struct xt_counters *paddc;
+- unsigned int num_counters;
+- char *name;
+- int size;
+- void *ptmp;
+ struct xt_table *t;
+ const struct xt_table_info *private;
+ int ret = 0;
+ struct ip6t_entry *iter;
+ unsigned int addend;
+-#ifdef CONFIG_COMPAT
+- struct compat_xt_counters_info compat_tmp;
+-
+- if (compat) {
+- ptmp = &compat_tmp;
+- size = sizeof(struct compat_xt_counters_info);
+- } else
+-#endif
+- {
+- ptmp = &tmp;
+- size = sizeof(struct xt_counters_info);
+- }
+-
+- if (copy_from_user(ptmp, user, size) != 0)
+- return -EFAULT;
+-
+-#ifdef CONFIG_COMPAT
+- if (compat) {
+- num_counters = compat_tmp.num_counters;
+- name = compat_tmp.name;
+- } else
+-#endif
+- {
+- num_counters = tmp.num_counters;
+- name = tmp.name;
+- }
+-
+- if (len != size + num_counters * sizeof(struct xt_counters))
+- return -EINVAL;
+-
+- paddc = vmalloc(len - size);
+- if (!paddc)
+- return -ENOMEM;
+
+- if (copy_from_user(paddc, user + size, len - size) != 0) {
+- ret = -EFAULT;
+- goto free;
+- }
+-
+- t = xt_find_table_lock(net, AF_INET6, name);
++ paddc = xt_copy_counters_from_user(user, len, &tmp, compat);
++ if (IS_ERR(paddc))
++ return PTR_ERR(paddc);
++ t = xt_find_table_lock(net, AF_INET6, tmp.name);
+ if (IS_ERR_OR_NULL(t)) {
+ ret = t ? PTR_ERR(t) : -ENOENT;
+ goto free;
+@@ -1377,7 +1343,7 @@ do_add_counters(struct net *net, const void __user *user, unsigned int len,
+
+ local_bh_disable();
+ private = t->private;
+- if (private->number != num_counters) {
++ if (private->number != tmp.num_counters) {
+ ret = -EINVAL;
+ goto unlock_up_free;
+ }
+@@ -1456,7 +1422,6 @@ compat_copy_entry_to_user(struct ip6t_entry *e, void __user **dstptr,
+
+ static int
+ compat_find_calc_match(struct xt_entry_match *m,
+- const char *name,
+ const struct ip6t_ip6 *ipv6,
+ int *size)
+ {
+@@ -1491,17 +1456,14 @@ check_compat_entry_size_and_hooks(struct compat_ip6t_entry *e,
+ struct xt_table_info *newinfo,
+ unsigned int *size,
+ const unsigned char *base,
+- const unsigned char *limit,
+- const unsigned int *hook_entries,
+- const unsigned int *underflows,
+- const char *name)
++ const unsigned char *limit)
+ {
+ struct xt_entry_match *ematch;
+ struct xt_entry_target *t;
+ struct xt_target *target;
+ unsigned int entry_offset;
+ unsigned int j;
+- int ret, off, h;
++ int ret, off;
+
+ duprintf("check_compat_entry_size_and_hooks %p\n", e);
+ if ((unsigned long)e % __alignof__(struct compat_ip6t_entry) != 0 ||
+@@ -1518,8 +1480,11 @@ check_compat_entry_size_and_hooks(struct compat_ip6t_entry *e,
+ return -EINVAL;
+ }
+
+- /* For purposes of check_entry casting the compat entry is fine */
+- ret = check_entry((struct ip6t_entry *)e);
++ if (!ip6_checkentry(&e->ipv6))
++ return -EINVAL;
++
++ ret = xt_compat_check_entry_offsets(e, e->elems,
++ e->target_offset, e->next_offset);
+ if (ret)
+ return ret;
+
+@@ -1527,7 +1492,7 @@ check_compat_entry_size_and_hooks(struct compat_ip6t_entry *e,
+ entry_offset = (void *)e - (void *)base;
+ j = 0;
+ xt_ematch_foreach(ematch, e) {
+- ret = compat_find_calc_match(ematch, name, &e->ipv6, &off);
++ ret = compat_find_calc_match(ematch, &e->ipv6, &off);
+ if (ret != 0)
+ goto release_matches;
+ ++j;
+@@ -1550,17 +1515,6 @@ check_compat_entry_size_and_hooks(struct compat_ip6t_entry *e,
+ if (ret)
+ goto out;
+
+- /* Check hooks & underflows */
+- for (h = 0; h < NF_INET_NUMHOOKS; h++) {
+- if ((unsigned char *)e - base == hook_entries[h])
+- newinfo->hook_entry[h] = hook_entries[h];
+- if ((unsigned char *)e - base == underflows[h])
+- newinfo->underflow[h] = underflows[h];
+- }
+-
+- /* Clear counters and comefrom */
+- memset(&e->counters, 0, sizeof(e->counters));
+- e->comefrom = 0;
+ return 0;
+
+ out:
+@@ -1574,18 +1528,17 @@ release_matches:
+ return ret;
+ }
+
+-static int
++static void
+ compat_copy_entry_from_user(struct compat_ip6t_entry *e, void **dstptr,
+- unsigned int *size, const char *name,
++ unsigned int *size,
+ struct xt_table_info *newinfo, unsigned char *base)
+ {
+ struct xt_entry_target *t;
+ struct ip6t_entry *de;
+ unsigned int origsize;
+- int ret, h;
++ int h;
+ struct xt_entry_match *ematch;
+
+- ret = 0;
+ origsize = *size;
+ de = (struct ip6t_entry *)*dstptr;
+ memcpy(de, e, sizeof(struct ip6t_entry));
+@@ -1594,11 +1547,9 @@ compat_copy_entry_from_user(struct compat_ip6t_entry *e, void **dstptr,
+ *dstptr += sizeof(struct ip6t_entry);
+ *size += sizeof(struct ip6t_entry) - sizeof(struct compat_ip6t_entry);
+
+- xt_ematch_foreach(ematch, e) {
+- ret = xt_compat_match_from_user(ematch, dstptr, size);
+- if (ret != 0)
+- return ret;
+- }
++ xt_ematch_foreach(ematch, e)
++ xt_compat_match_from_user(ematch, dstptr, size);
++
+ de->target_offset = e->target_offset - (origsize - *size);
+ t = compat_ip6t_get_target(e);
+ xt_compat_target_from_user(t, dstptr, size);
+@@ -1610,183 +1561,83 @@ compat_copy_entry_from_user(struct compat_ip6t_entry *e, void **dstptr,
+ if ((unsigned char *)de - base < newinfo->underflow[h])
+ newinfo->underflow[h] -= origsize - *size;
+ }
+- return ret;
+-}
+-
+-static int compat_check_entry(struct ip6t_entry *e, struct net *net,
+- const char *name)
+-{
+- unsigned int j;
+- int ret = 0;
+- struct xt_mtchk_param mtpar;
+- struct xt_entry_match *ematch;
+-
+- e->counters.pcnt = xt_percpu_counter_alloc();
+- if (IS_ERR_VALUE(e->counters.pcnt))
+- return -ENOMEM;
+- j = 0;
+- mtpar.net = net;
+- mtpar.table = name;
+- mtpar.entryinfo = &e->ipv6;
+- mtpar.hook_mask = e->comefrom;
+- mtpar.family = NFPROTO_IPV6;
+- xt_ematch_foreach(ematch, e) {
+- ret = check_match(ematch, &mtpar);
+- if (ret != 0)
+- goto cleanup_matches;
+- ++j;
+- }
+-
+- ret = check_target(e, net, name);
+- if (ret)
+- goto cleanup_matches;
+- return 0;
+-
+- cleanup_matches:
+- xt_ematch_foreach(ematch, e) {
+- if (j-- == 0)
+- break;
+- cleanup_match(ematch, net);
+- }
+-
+- xt_percpu_counter_free(e->counters.pcnt);
+-
+- return ret;
+ }
+
+ static int
+ translate_compat_table(struct net *net,
+- const char *name,
+- unsigned int valid_hooks,
+ struct xt_table_info **pinfo,
+ void **pentry0,
+- unsigned int total_size,
+- unsigned int number,
+- unsigned int *hook_entries,
+- unsigned int *underflows)
++ const struct compat_ip6t_replace *compatr)
+ {
+ unsigned int i, j;
+ struct xt_table_info *newinfo, *info;
+ void *pos, *entry0, *entry1;
+ struct compat_ip6t_entry *iter0;
+- struct ip6t_entry *iter1;
++ struct ip6t_replace repl;
+ unsigned int size;
+ int ret = 0;
+
+ info = *pinfo;
+ entry0 = *pentry0;
+- size = total_size;
+- info->number = number;
+-
+- /* Init all hooks to impossible value. */
+- for (i = 0; i < NF_INET_NUMHOOKS; i++) {
+- info->hook_entry[i] = 0xFFFFFFFF;
+- info->underflow[i] = 0xFFFFFFFF;
+- }
++ size = compatr->size;
++ info->number = compatr->num_entries;
+
+ duprintf("translate_compat_table: size %u\n", info->size);
+ j = 0;
+ xt_compat_lock(AF_INET6);
+- xt_compat_init_offsets(AF_INET6, number);
++ xt_compat_init_offsets(AF_INET6, compatr->num_entries);
+ /* Walk through entries, checking offsets. */
+- xt_entry_foreach(iter0, entry0, total_size) {
++ xt_entry_foreach(iter0, entry0, compatr->size) {
+ ret = check_compat_entry_size_and_hooks(iter0, info, &size,
+ entry0,
+- entry0 + total_size,
+- hook_entries,
+- underflows,
+- name);
++ entry0 + compatr->size);
+ if (ret != 0)
+ goto out_unlock;
+ ++j;
+ }
+
+ ret = -EINVAL;
+- if (j != number) {
++ if (j != compatr->num_entries) {
+ duprintf("translate_compat_table: %u not %u entries\n",
+- j, number);
++ j, compatr->num_entries);
+ goto out_unlock;
+ }
+
+- /* Check hooks all assigned */
+- for (i = 0; i < NF_INET_NUMHOOKS; i++) {
+- /* Only hooks which are valid */
+- if (!(valid_hooks & (1 << i)))
+- continue;
+- if (info->hook_entry[i] == 0xFFFFFFFF) {
+- duprintf("Invalid hook entry %u %u\n",
+- i, hook_entries[i]);
+- goto out_unlock;
+- }
+- if (info->underflow[i] == 0xFFFFFFFF) {
+- duprintf("Invalid underflow %u %u\n",
+- i, underflows[i]);
+- goto out_unlock;
+- }
+- }
+-
+ ret = -ENOMEM;
+ newinfo = xt_alloc_table_info(size);
+ if (!newinfo)
+ goto out_unlock;
+
+- newinfo->number = number;
++ newinfo->number = compatr->num_entries;
+ for (i = 0; i < NF_INET_NUMHOOKS; i++) {
+- newinfo->hook_entry[i] = info->hook_entry[i];
+- newinfo->underflow[i] = info->underflow[i];
++ newinfo->hook_entry[i] = compatr->hook_entry[i];
++ newinfo->underflow[i] = compatr->underflow[i];
+ }
+ entry1 = newinfo->entries;
+ pos = entry1;
+- size = total_size;
+- xt_entry_foreach(iter0, entry0, total_size) {
+- ret = compat_copy_entry_from_user(iter0, &pos, &size,
+- name, newinfo, entry1);
+- if (ret != 0)
+- break;
+- }
++ size = compatr->size;
++ xt_entry_foreach(iter0, entry0, compatr->size)
++ compat_copy_entry_from_user(iter0, &pos, &size,
++ newinfo, entry1);
++
++ /* all module references in entry0 are now gone. */
+ xt_compat_flush_offsets(AF_INET6);
+ xt_compat_unlock(AF_INET6);
+- if (ret)
+- goto free_newinfo;
+
+- ret = -ELOOP;
+- if (!mark_source_chains(newinfo, valid_hooks, entry1))
+- goto free_newinfo;
++ memcpy(&repl, compatr, sizeof(*compatr));
+
+- i = 0;
+- xt_entry_foreach(iter1, entry1, newinfo->size) {
+- ret = compat_check_entry(iter1, net, name);
+- if (ret != 0)
+- break;
+- ++i;
+- if (strcmp(ip6t_get_target(iter1)->u.user.name,
+- XT_ERROR_TARGET) == 0)
+- ++newinfo->stacksize;
+- }
+- if (ret) {
+- /*
+- * The first i matches need cleanup_entry (calls ->destroy)
+- * because they had called ->check already. The other j-i
+- * entries need only release.
+- */
+- int skip = i;
+- j -= i;
+- xt_entry_foreach(iter0, entry0, newinfo->size) {
+- if (skip-- > 0)
+- continue;
+- if (j-- == 0)
+- break;
+- compat_release_entry(iter0);
+- }
+- xt_entry_foreach(iter1, entry1, newinfo->size) {
+- if (i-- == 0)
+- break;
+- cleanup_entry(iter1, net);
+- }
+- xt_free_table_info(newinfo);
+- return ret;
++ for (i = 0; i < NF_INET_NUMHOOKS; i++) {
++ repl.hook_entry[i] = newinfo->hook_entry[i];
++ repl.underflow[i] = newinfo->underflow[i];
+ }
+
++ repl.num_counters = 0;
++ repl.counters = NULL;
++ repl.size = newinfo->size;
++ ret = translate_table(net, newinfo, entry1, &repl);
++ if (ret)
++ goto free_newinfo;
++
+ *pinfo = newinfo;
+ *pentry0 = entry1;
+ xt_free_table_info(info);
+@@ -1794,17 +1645,16 @@ translate_compat_table(struct net *net,
+
+ free_newinfo:
+ xt_free_table_info(newinfo);
+-out:
+- xt_entry_foreach(iter0, entry0, total_size) {
++ return ret;
++out_unlock:
++ xt_compat_flush_offsets(AF_INET6);
++ xt_compat_unlock(AF_INET6);
++ xt_entry_foreach(iter0, entry0, compatr->size) {
+ if (j-- == 0)
+ break;
+ compat_release_entry(iter0);
+ }
+ return ret;
+-out_unlock:
+- xt_compat_flush_offsets(AF_INET6);
+- xt_compat_unlock(AF_INET6);
+- goto out;
+ }
+
+ static int
+@@ -1840,10 +1690,7 @@ compat_do_replace(struct net *net, void __user *user, unsigned int len)
+ goto free_newinfo;
+ }
+
+- ret = translate_compat_table(net, tmp.name, tmp.valid_hooks,
+- &newinfo, &loc_cpu_entry, tmp.size,
+- tmp.num_entries, tmp.hook_entry,
+- tmp.underflow);
++ ret = translate_compat_table(net, &newinfo, &loc_cpu_entry, &tmp);
+ if (ret != 0)
+ goto free_newinfo;
+
+diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
+index f443c6b..f6d7516 100644
+--- a/net/ipv6/tcp_ipv6.c
++++ b/net/ipv6/tcp_ipv6.c
+@@ -1717,7 +1717,9 @@ static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
+ destp = ntohs(inet->inet_dport);
+ srcp = ntohs(inet->inet_sport);
+
+- if (icsk->icsk_pending == ICSK_TIME_RETRANS) {
++ if (icsk->icsk_pending == ICSK_TIME_RETRANS ||
++ icsk->icsk_pending == ICSK_TIME_EARLY_RETRANS ||
++ icsk->icsk_pending == ICSK_TIME_LOSS_PROBE) {
+ timer_active = 1;
+ timer_expires = icsk->icsk_timeout;
+ } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) {
+diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
+index 6bc5c66..f96831d9 100644
+--- a/net/ipv6/udp.c
++++ b/net/ipv6/udp.c
+@@ -653,7 +653,7 @@ int udpv6_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
+
+ /* if we're overly short, let UDP handle it */
+ encap_rcv = ACCESS_ONCE(up->encap_rcv);
+- if (skb->len > sizeof(struct udphdr) && encap_rcv) {
++ if (encap_rcv) {
+ int ret;
+
+ /* Verify checksum before giving to encap */
+diff --git a/net/l2tp/l2tp_core.c b/net/l2tp/l2tp_core.c
+index 6edfa99..1e40dac 100644
+--- a/net/l2tp/l2tp_core.c
++++ b/net/l2tp/l2tp_core.c
+@@ -1581,7 +1581,7 @@ int l2tp_tunnel_create(struct net *net, int fd, int version, u32 tunnel_id, u32
+ /* Mark socket as an encapsulation socket. See net/ipv4/udp.c */
+ tunnel->encap = encap;
+ if (encap == L2TP_ENCAPTYPE_UDP) {
+- struct udp_tunnel_sock_cfg udp_cfg;
++ struct udp_tunnel_sock_cfg udp_cfg = { };
+
+ udp_cfg.sk_user_data = tunnel;
+ udp_cfg.encap_type = UDP_ENCAP_L2TPINUDP;
+diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
+index 582c9cf..2675d58 100644
+--- a/net/netfilter/x_tables.c
++++ b/net/netfilter/x_tables.c
+@@ -416,6 +416,47 @@ int xt_check_match(struct xt_mtchk_param *par,
+ }
+ EXPORT_SYMBOL_GPL(xt_check_match);
+
++/** xt_check_entry_match - check that matches end before start of target
++ *
++ * @match: beginning of xt_entry_match
++ * @target: beginning of this rules target (alleged end of matches)
++ * @alignment: alignment requirement of match structures
++ *
++ * Validates that all matches add up to the beginning of the target,
++ * and that each match covers at least the base structure size.
++ *
++ * Return: 0 on success, negative errno on failure.
++ */
++static int xt_check_entry_match(const char *match, const char *target,
++ const size_t alignment)
++{
++ const struct xt_entry_match *pos;
++ int length = target - match;
++
++ if (length == 0) /* no matches */
++ return 0;
++
++ pos = (struct xt_entry_match *)match;
++ do {
++ if ((unsigned long)pos % alignment)
++ return -EINVAL;
++
++ if (length < (int)sizeof(struct xt_entry_match))
++ return -EINVAL;
++
++ if (pos->u.match_size < sizeof(struct xt_entry_match))
++ return -EINVAL;
++
++ if (pos->u.match_size > length)
++ return -EINVAL;
++
++ length -= pos->u.match_size;
++ pos = ((void *)((char *)(pos) + (pos)->u.match_size));
++ } while (length > 0);
++
++ return 0;
++}
++
+ #ifdef CONFIG_COMPAT
+ int xt_compat_add_offset(u_int8_t af, unsigned int offset, int delta)
+ {
+@@ -485,13 +526,14 @@ int xt_compat_match_offset(const struct xt_match *match)
+ }
+ EXPORT_SYMBOL_GPL(xt_compat_match_offset);
+
+-int xt_compat_match_from_user(struct xt_entry_match *m, void **dstptr,
+- unsigned int *size)
++void xt_compat_match_from_user(struct xt_entry_match *m, void **dstptr,
++ unsigned int *size)
+ {
+ const struct xt_match *match = m->u.kernel.match;
+ struct compat_xt_entry_match *cm = (struct compat_xt_entry_match *)m;
+ int pad, off = xt_compat_match_offset(match);
+ u_int16_t msize = cm->u.user.match_size;
++ char name[sizeof(m->u.user.name)];
+
+ m = *dstptr;
+ memcpy(m, cm, sizeof(*cm));
+@@ -505,10 +547,12 @@ int xt_compat_match_from_user(struct xt_entry_match *m, void **dstptr,
+
+ msize += off;
+ m->u.user.match_size = msize;
++ strlcpy(name, match->name, sizeof(name));
++ module_put(match->me);
++ strncpy(m->u.user.name, name, sizeof(m->u.user.name));
+
+ *size += off;
+ *dstptr += msize;
+- return 0;
+ }
+ EXPORT_SYMBOL_GPL(xt_compat_match_from_user);
+
+@@ -539,8 +583,125 @@ int xt_compat_match_to_user(const struct xt_entry_match *m,
+ return 0;
+ }
+ EXPORT_SYMBOL_GPL(xt_compat_match_to_user);
++
++/* non-compat version may have padding after verdict */
++struct compat_xt_standard_target {
++ struct compat_xt_entry_target t;
++ compat_uint_t verdict;
++};
++
++int xt_compat_check_entry_offsets(const void *base, const char *elems,
++ unsigned int target_offset,
++ unsigned int next_offset)
++{
++ long size_of_base_struct = elems - (const char *)base;
++ const struct compat_xt_entry_target *t;
++ const char *e = base;
++
++ if (target_offset < size_of_base_struct)
++ return -EINVAL;
++
++ if (target_offset + sizeof(*t) > next_offset)
++ return -EINVAL;
++
++ t = (void *)(e + target_offset);
++ if (t->u.target_size < sizeof(*t))
++ return -EINVAL;
++
++ if (target_offset + t->u.target_size > next_offset)
++ return -EINVAL;
++
++ if (strcmp(t->u.user.name, XT_STANDARD_TARGET) == 0 &&
++ COMPAT_XT_ALIGN(target_offset + sizeof(struct compat_xt_standard_target)) != next_offset)
++ return -EINVAL;
++
++ /* compat_xt_entry match has less strict aligment requirements,
++ * otherwise they are identical. In case of padding differences
++ * we need to add compat version of xt_check_entry_match.
++ */
++ BUILD_BUG_ON(sizeof(struct compat_xt_entry_match) != sizeof(struct xt_entry_match));
++
++ return xt_check_entry_match(elems, base + target_offset,
++ __alignof__(struct compat_xt_entry_match));
++}
++EXPORT_SYMBOL(xt_compat_check_entry_offsets);
+ #endif /* CONFIG_COMPAT */
+
++/**
++ * xt_check_entry_offsets - validate arp/ip/ip6t_entry
++ *
++ * @base: pointer to arp/ip/ip6t_entry
++ * @elems: pointer to first xt_entry_match, i.e. ip(6)t_entry->elems
++ * @target_offset: the arp/ip/ip6_t->target_offset
++ * @next_offset: the arp/ip/ip6_t->next_offset
++ *
++ * validates that target_offset and next_offset are sane and that all
++ * match sizes (if any) align with the target offset.
++ *
++ * This function does not validate the targets or matches themselves, it
++ * only tests that all the offsets and sizes are correct, that all
++ * match structures are aligned, and that the last structure ends where
++ * the target structure begins.
++ *
++ * Also see xt_compat_check_entry_offsets for CONFIG_COMPAT version.
++ *
++ * The arp/ip/ip6t_entry structure @base must have passed following tests:
++ * - it must point to a valid memory location
++ * - base to base + next_offset must be accessible, i.e. not exceed allocated
++ * length.
++ *
++ * A well-formed entry looks like this:
++ *
++ * ip(6)t_entry match [mtdata] match [mtdata] target [tgdata] ip(6)t_entry
++ * e->elems[]-----' | |
++ * matchsize | |
++ * matchsize | |
++ * | |
++ * target_offset---------------------------------' |
++ * next_offset---------------------------------------------------'
++ *
++ * elems[]: flexible array member at end of ip(6)/arpt_entry struct.
++ * This is where matches (if any) and the target reside.
++ * target_offset: beginning of target.
++ * next_offset: start of the next rule; also: size of this rule.
++ * Since targets have a minimum size, target_offset + minlen <= next_offset.
++ *
++ * Every match stores its size, sum of sizes must not exceed target_offset.
++ *
++ * Return: 0 on success, negative errno on failure.
++ */
++int xt_check_entry_offsets(const void *base,
++ const char *elems,
++ unsigned int target_offset,
++ unsigned int next_offset)
++{
++ long size_of_base_struct = elems - (const char *)base;
++ const struct xt_entry_target *t;
++ const char *e = base;
++
++ /* target start is within the ip/ip6/arpt_entry struct */
++ if (target_offset < size_of_base_struct)
++ return -EINVAL;
++
++ if (target_offset + sizeof(*t) > next_offset)
++ return -EINVAL;
++
++ t = (void *)(e + target_offset);
++ if (t->u.target_size < sizeof(*t))
++ return -EINVAL;
++
++ if (target_offset + t->u.target_size > next_offset)
++ return -EINVAL;
++
++ if (strcmp(t->u.user.name, XT_STANDARD_TARGET) == 0 &&
++ XT_ALIGN(target_offset + sizeof(struct xt_standard_target)) != next_offset)
++ return -EINVAL;
++
++ return xt_check_entry_match(elems, base + target_offset,
++ __alignof__(struct xt_entry_match));
++}
++EXPORT_SYMBOL(xt_check_entry_offsets);
++
+ int xt_check_target(struct xt_tgchk_param *par,
+ unsigned int size, u_int8_t proto, bool inv_proto)
+ {
+@@ -591,6 +752,80 @@ int xt_check_target(struct xt_tgchk_param *par,
+ }
+ EXPORT_SYMBOL_GPL(xt_check_target);
+
++/**
++ * xt_copy_counters_from_user - copy counters and metadata from userspace
++ *
++ * @user: src pointer to userspace memory
++ * @len: alleged size of userspace memory
++ * @info: where to store the xt_counters_info metadata
++ * @compat: true if we setsockopt call is done by 32bit task on 64bit kernel
++ *
++ * Copies counter meta data from @user and stores it in @info.
++ *
++ * vmallocs memory to hold the counters, then copies the counter data
++ * from @user to the new memory and returns a pointer to it.
++ *
++ * If @compat is true, @info gets converted automatically to the 64bit
++ * representation.
++ *
++ * The metadata associated with the counters is stored in @info.
++ *
++ * Return: returns pointer that caller has to test via IS_ERR().
++ * If IS_ERR is false, caller has to vfree the pointer.
++ */
++void *xt_copy_counters_from_user(const void __user *user, unsigned int len,
++ struct xt_counters_info *info, bool compat)
++{
++ void *mem;
++ u64 size;
++
++#ifdef CONFIG_COMPAT
++ if (compat) {
++ /* structures only differ in size due to alignment */
++ struct compat_xt_counters_info compat_tmp;
++
++ if (len <= sizeof(compat_tmp))
++ return ERR_PTR(-EINVAL);
++
++ len -= sizeof(compat_tmp);
++ if (copy_from_user(&compat_tmp, user, sizeof(compat_tmp)) != 0)
++ return ERR_PTR(-EFAULT);
++
++ strlcpy(info->name, compat_tmp.name, sizeof(info->name));
++ info->num_counters = compat_tmp.num_counters;
++ user += sizeof(compat_tmp);
++ } else
++#endif
++ {
++ if (len <= sizeof(*info))
++ return ERR_PTR(-EINVAL);
++
++ len -= sizeof(*info);
++ if (copy_from_user(info, user, sizeof(*info)) != 0)
++ return ERR_PTR(-EFAULT);
++
++ info->name[sizeof(info->name) - 1] = '\0';
++ user += sizeof(*info);
++ }
++
++ size = sizeof(struct xt_counters);
++ size *= info->num_counters;
++
++ if (size != (u64)len)
++ return ERR_PTR(-EINVAL);
++
++ mem = vmalloc(len);
++ if (!mem)
++ return ERR_PTR(-ENOMEM);
++
++ if (copy_from_user(mem, user, len) == 0)
++ return mem;
++
++ vfree(mem);
++ return ERR_PTR(-EFAULT);
++}
++EXPORT_SYMBOL_GPL(xt_copy_counters_from_user);
++
+ #ifdef CONFIG_COMPAT
+ int xt_compat_target_offset(const struct xt_target *target)
+ {
+@@ -606,6 +841,7 @@ void xt_compat_target_from_user(struct xt_entry_target *t, void **dstptr,
+ struct compat_xt_entry_target *ct = (struct compat_xt_entry_target *)t;
+ int pad, off = xt_compat_target_offset(target);
+ u_int16_t tsize = ct->u.user.target_size;
++ char name[sizeof(t->u.user.name)];
+
+ t = *dstptr;
+ memcpy(t, ct, sizeof(*ct));
+@@ -619,6 +855,9 @@ void xt_compat_target_from_user(struct xt_entry_target *t, void **dstptr,
+
+ tsize += off;
+ t->u.user.target_size = tsize;
++ strlcpy(name, target->name, sizeof(name));
++ module_put(target->me);
++ strncpy(t->u.user.name, name, sizeof(t->u.user.name));
+
+ *size += off;
+ *dstptr += tsize;
+diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
+index 330ebd6..f48e3b3 100644
+--- a/net/netlink/af_netlink.c
++++ b/net/netlink/af_netlink.c
+@@ -2059,6 +2059,7 @@ static int netlink_dump(struct sock *sk)
+ struct netlink_callback *cb;
+ struct sk_buff *skb = NULL;
+ struct nlmsghdr *nlh;
++ struct module *module;
+ int len, err = -ENOBUFS;
+ int alloc_min_size;
+ int alloc_size;
+@@ -2134,9 +2135,11 @@ static int netlink_dump(struct sock *sk)
+ cb->done(cb);
+
+ nlk->cb_running = false;
++ module = cb->module;
++ skb = cb->skb;
+ mutex_unlock(nlk->cb_mutex);
+- module_put(cb->module);
+- consume_skb(cb->skb);
++ module_put(module);
++ consume_skb(skb);
+ return 0;
+
+ errout_skb:
+diff --git a/net/switchdev/switchdev.c b/net/switchdev/switchdev.c
+index b7e01d8..59658b2 100644
+--- a/net/switchdev/switchdev.c
++++ b/net/switchdev/switchdev.c
+@@ -1188,6 +1188,7 @@ int switchdev_fib_ipv4_add(u32 dst, int dst_len, struct fib_info *fi,
+ .obj.id = SWITCHDEV_OBJ_ID_IPV4_FIB,
+ .dst = dst,
+ .dst_len = dst_len,
++ .fi = fi,
+ .tos = tos,
+ .type = type,
+ .nlflags = nlflags,
+@@ -1196,8 +1197,6 @@ int switchdev_fib_ipv4_add(u32 dst, int dst_len, struct fib_info *fi,
+ struct net_device *dev;
+ int err = 0;
+
+- memcpy(&ipv4_fib.fi, fi, sizeof(ipv4_fib.fi));
+-
+ /* Don't offload route if using custom ip rules or if
+ * IPv4 FIB offloading has been disabled completely.
+ */
+@@ -1242,6 +1241,7 @@ int switchdev_fib_ipv4_del(u32 dst, int dst_len, struct fib_info *fi,
+ .obj.id = SWITCHDEV_OBJ_ID_IPV4_FIB,
+ .dst = dst,
+ .dst_len = dst_len,
++ .fi = fi,
+ .tos = tos,
+ .type = type,
+ .nlflags = 0,
+@@ -1250,8 +1250,6 @@ int switchdev_fib_ipv4_del(u32 dst, int dst_len, struct fib_info *fi,
+ struct net_device *dev;
+ int err = 0;
+
+- memcpy(&ipv4_fib.fi, fi, sizeof(ipv4_fib.fi));
+-
+ if (!(fi->fib_flags & RTNH_F_OFFLOAD))
+ return 0;
+
+diff --git a/net/tipc/netlink_compat.c b/net/tipc/netlink_compat.c
+index d7d050f..4dfc5c1 100644
+--- a/net/tipc/netlink_compat.c
++++ b/net/tipc/netlink_compat.c
+@@ -802,7 +802,7 @@ static int tipc_nl_compat_name_table_dump(struct tipc_nl_compat_msg *msg,
+ goto out;
+
+ tipc_tlv_sprintf(msg->rep, "%-10u %s",
+- nla_get_u32(publ[TIPC_NLA_PUBL_REF]),
++ nla_get_u32(publ[TIPC_NLA_PUBL_KEY]),
+ scope_str[nla_get_u32(publ[TIPC_NLA_PUBL_SCOPE])]);
+ out:
+ tipc_tlv_sprintf(msg->rep, "\n");
+diff --git a/net/tipc/socket.c b/net/tipc/socket.c
+index 3eeb50a..5f80d3f 100644
+--- a/net/tipc/socket.c
++++ b/net/tipc/socket.c
+@@ -2807,6 +2807,9 @@ int tipc_nl_publ_dump(struct sk_buff *skb, struct netlink_callback *cb)
+ if (err)
+ return err;
+
++ if (!attrs[TIPC_NLA_SOCK])
++ return -EINVAL;
++
+ err = nla_parse_nested(sock, TIPC_NLA_SOCK_MAX,
+ attrs[TIPC_NLA_SOCK],
+ tipc_nl_sock_policy);
+diff --git a/net/wireless/wext-core.c b/net/wireless/wext-core.c
+index b50ee5d..c753211 100644
+--- a/net/wireless/wext-core.c
++++ b/net/wireless/wext-core.c
+@@ -955,8 +955,29 @@ static int wireless_process_ioctl(struct net *net, struct ifreq *ifr,
+ return private(dev, iwr, cmd, info, handler);
+ }
+ /* Old driver API : call driver ioctl handler */
+- if (dev->netdev_ops->ndo_do_ioctl)
+- return dev->netdev_ops->ndo_do_ioctl(dev, ifr, cmd);
++ if (dev->netdev_ops->ndo_do_ioctl) {
++#ifdef CONFIG_COMPAT
++ if (info->flags & IW_REQUEST_FLAG_COMPAT) {
++ int ret = 0;
++ struct iwreq iwr_lcl;
++ struct compat_iw_point *iwp_compat = (void *) &iwr->u.data;
++
++ memcpy(&iwr_lcl, iwr, sizeof(struct iwreq));
++ iwr_lcl.u.data.pointer = compat_ptr(iwp_compat->pointer);
++ iwr_lcl.u.data.length = iwp_compat->length;
++ iwr_lcl.u.data.flags = iwp_compat->flags;
++
++ ret = dev->netdev_ops->ndo_do_ioctl(dev, (void *) &iwr_lcl, cmd);
++
++ iwp_compat->pointer = ptr_to_compat(iwr_lcl.u.data.pointer);
++ iwp_compat->length = iwr_lcl.u.data.length;
++ iwp_compat->flags = iwr_lcl.u.data.flags;
++
++ return ret;
++ } else
++#endif
++ return dev->netdev_ops->ndo_do_ioctl(dev, ifr, cmd);
++ }
+ return -EOPNOTSUPP;
+ }
+
+diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c
+index 9a0d144..94089fc 100644
+--- a/sound/pci/hda/hda_intel.c
++++ b/sound/pci/hda/hda_intel.c
+@@ -365,8 +365,11 @@ enum {
+
+ #define IS_SKL(pci) ((pci)->vendor == 0x8086 && (pci)->device == 0xa170)
+ #define IS_SKL_LP(pci) ((pci)->vendor == 0x8086 && (pci)->device == 0x9d70)
++#define IS_KBL(pci) ((pci)->vendor == 0x8086 && (pci)->device == 0xa171)
++#define IS_KBL_LP(pci) ((pci)->vendor == 0x8086 && (pci)->device == 0x9d71)
+ #define IS_BXT(pci) ((pci)->vendor == 0x8086 && (pci)->device == 0x5a98)
+-#define IS_SKL_PLUS(pci) (IS_SKL(pci) || IS_SKL_LP(pci) || IS_BXT(pci))
++#define IS_SKL_PLUS(pci) (IS_SKL(pci) || IS_SKL_LP(pci) || IS_BXT(pci)) || \
++ IS_KBL(pci) || IS_KBL_LP(pci)
+
+ static char *driver_short_names[] = {
+ [AZX_DRIVER_ICH] = "HDA Intel",
+@@ -2181,6 +2184,12 @@ static const struct pci_device_id azx_ids[] = {
+ /* Sunrise Point-LP */
+ { PCI_DEVICE(0x8086, 0x9d70),
+ .driver_data = AZX_DRIVER_PCH | AZX_DCAPS_INTEL_SKYLAKE },
++ /* Kabylake */
++ { PCI_DEVICE(0x8086, 0xa171),
++ .driver_data = AZX_DRIVER_PCH | AZX_DCAPS_INTEL_SKYLAKE },
++ /* Kabylake-LP */
++ { PCI_DEVICE(0x8086, 0x9d71),
++ .driver_data = AZX_DRIVER_PCH | AZX_DCAPS_INTEL_SKYLAKE },
+ /* Broxton-P(Apollolake) */
+ { PCI_DEVICE(0x8086, 0x5a98),
+ .driver_data = AZX_DRIVER_PCH | AZX_DCAPS_INTEL_BROXTON },
+diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
+index d53c25e..0fe18ed 100644
+--- a/sound/pci/hda/patch_realtek.c
++++ b/sound/pci/hda/patch_realtek.c
+@@ -346,6 +346,9 @@ static void alc_fill_eapd_coef(struct hda_codec *codec)
+ case 0x10ec0234:
+ case 0x10ec0274:
+ case 0x10ec0294:
++ case 0x10ec0700:
++ case 0x10ec0701:
++ case 0x10ec0703:
+ alc_update_coef_idx(codec, 0x10, 1<<15, 0);
+ break;
+ case 0x10ec0662:
+@@ -2655,6 +2658,7 @@ enum {
+ ALC269_TYPE_ALC256,
+ ALC269_TYPE_ALC225,
+ ALC269_TYPE_ALC294,
++ ALC269_TYPE_ALC700,
+ };
+
+ /*
+@@ -2686,6 +2690,7 @@ static int alc269_parse_auto_config(struct hda_codec *codec)
+ case ALC269_TYPE_ALC256:
+ case ALC269_TYPE_ALC225:
+ case ALC269_TYPE_ALC294:
++ case ALC269_TYPE_ALC700:
+ ssids = alc269_ssids;
+ break;
+ default:
+@@ -3618,13 +3623,20 @@ static void alc269_fixup_hp_line1_mic1_led(struct hda_codec *codec,
+ static void alc_headset_mode_unplugged(struct hda_codec *codec)
+ {
+ static struct coef_fw coef0255[] = {
+- WRITE_COEF(0x1b, 0x0c0b), /* LDO and MISC control */
+ WRITE_COEF(0x45, 0xd089), /* UAJ function set to menual mode */
+ UPDATE_COEFEX(0x57, 0x05, 1<<14, 0), /* Direct Drive HP Amp control(Set to verb control)*/
+ WRITE_COEF(0x06, 0x6104), /* Set MIC2 Vref gate with HP */
+ WRITE_COEFEX(0x57, 0x03, 0x8aa6), /* Direct Drive HP Amp control */
+ {}
+ };
++ static struct coef_fw coef0255_1[] = {
++ WRITE_COEF(0x1b, 0x0c0b), /* LDO and MISC control */
++ {}
++ };
++ static struct coef_fw coef0256[] = {
++ WRITE_COEF(0x1b, 0x0c4b), /* LDO and MISC control */
++ {}
++ };
+ static struct coef_fw coef0233[] = {
+ WRITE_COEF(0x1b, 0x0c0b),
+ WRITE_COEF(0x45, 0xc429),
+@@ -3677,7 +3689,11 @@ static void alc_headset_mode_unplugged(struct hda_codec *codec)
+
+ switch (codec->core.vendor_id) {
+ case 0x10ec0255:
++ alc_process_coef_fw(codec, coef0255_1);
++ alc_process_coef_fw(codec, coef0255);
++ break;
+ case 0x10ec0256:
++ alc_process_coef_fw(codec, coef0256);
+ alc_process_coef_fw(codec, coef0255);
+ break;
+ case 0x10ec0233:
+@@ -3896,6 +3912,12 @@ static void alc_headset_mode_ctia(struct hda_codec *codec)
+ WRITE_COEFEX(0x57, 0x03, 0x8ea6),
+ {}
+ };
++ static struct coef_fw coef0256[] = {
++ WRITE_COEF(0x45, 0xd489), /* Set to CTIA type */
++ WRITE_COEF(0x1b, 0x0c6b),
++ WRITE_COEFEX(0x57, 0x03, 0x8ea6),
++ {}
++ };
+ static struct coef_fw coef0233[] = {
+ WRITE_COEF(0x45, 0xd429),
+ WRITE_COEF(0x1b, 0x0c2b),
+@@ -3936,9 +3958,11 @@ static void alc_headset_mode_ctia(struct hda_codec *codec)
+
+ switch (codec->core.vendor_id) {
+ case 0x10ec0255:
+- case 0x10ec0256:
+ alc_process_coef_fw(codec, coef0255);
+ break;
++ case 0x10ec0256:
++ alc_process_coef_fw(codec, coef0256);
++ break;
+ case 0x10ec0233:
+ case 0x10ec0283:
+ alc_process_coef_fw(codec, coef0233);
+@@ -3978,6 +4002,12 @@ static void alc_headset_mode_omtp(struct hda_codec *codec)
+ WRITE_COEFEX(0x57, 0x03, 0x8ea6),
+ {}
+ };
++ static struct coef_fw coef0256[] = {
++ WRITE_COEF(0x45, 0xe489), /* Set to OMTP Type */
++ WRITE_COEF(0x1b, 0x0c6b),
++ WRITE_COEFEX(0x57, 0x03, 0x8ea6),
++ {}
++ };
+ static struct coef_fw coef0233[] = {
+ WRITE_COEF(0x45, 0xe429),
+ WRITE_COEF(0x1b, 0x0c2b),
+@@ -4018,9 +4048,11 @@ static void alc_headset_mode_omtp(struct hda_codec *codec)
+
+ switch (codec->core.vendor_id) {
+ case 0x10ec0255:
+- case 0x10ec0256:
+ alc_process_coef_fw(codec, coef0255);
+ break;
++ case 0x10ec0256:
++ alc_process_coef_fw(codec, coef0256);
++ break;
+ case 0x10ec0233:
+ case 0x10ec0283:
+ alc_process_coef_fw(codec, coef0233);
+@@ -4266,7 +4298,7 @@ static void alc_fixup_headset_mode_no_hp_mic(struct hda_codec *codec,
+ static void alc255_set_default_jack_type(struct hda_codec *codec)
+ {
+ /* Set to iphone type */
+- static struct coef_fw fw[] = {
++ static struct coef_fw alc255fw[] = {
+ WRITE_COEF(0x1b, 0x880b),
+ WRITE_COEF(0x45, 0xd089),
+ WRITE_COEF(0x1b, 0x080b),
+@@ -4274,7 +4306,22 @@ static void alc255_set_default_jack_type(struct hda_codec *codec)
+ WRITE_COEF(0x1b, 0x0c0b),
+ {}
+ };
+- alc_process_coef_fw(codec, fw);
++ static struct coef_fw alc256fw[] = {
++ WRITE_COEF(0x1b, 0x884b),
++ WRITE_COEF(0x45, 0xd089),
++ WRITE_COEF(0x1b, 0x084b),
++ WRITE_COEF(0x46, 0x0004),
++ WRITE_COEF(0x1b, 0x0c4b),
++ {}
++ };
++ switch (codec->core.vendor_id) {
++ case 0x10ec0255:
++ alc_process_coef_fw(codec, alc255fw);
++ break;
++ case 0x10ec0256:
++ alc_process_coef_fw(codec, alc256fw);
++ break;
++ }
+ msleep(30);
+ }
+
+@@ -5587,6 +5634,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = {
+ SND_PCI_QUIRK(0x17aa, 0x2218, "Thinkpad X1 Carbon 2nd", ALC292_FIXUP_TPT440_DOCK),
+ SND_PCI_QUIRK(0x17aa, 0x2223, "ThinkPad T550", ALC292_FIXUP_TPT440_DOCK),
+ SND_PCI_QUIRK(0x17aa, 0x2226, "ThinkPad X250", ALC292_FIXUP_TPT440_DOCK),
++ SND_PCI_QUIRK(0x17aa, 0x2231, "Thinkpad T560", ALC292_FIXUP_TPT460),
+ SND_PCI_QUIRK(0x17aa, 0x2233, "Thinkpad", ALC292_FIXUP_TPT460),
+ SND_PCI_QUIRK(0x17aa, 0x30bb, "ThinkCentre AIO", ALC233_FIXUP_LENOVO_LINE2_MIC_HOTKEY),
+ SND_PCI_QUIRK(0x17aa, 0x30e2, "ThinkCentre AIO", ALC233_FIXUP_LENOVO_LINE2_MIC_HOTKEY),
+@@ -5775,6 +5823,10 @@ static const struct snd_hda_pin_quirk alc269_pin_fixup_tbl[] = {
+ {0x12, 0x90a60180},
+ {0x14, 0x90170130},
+ {0x21, 0x02211040}),
++ SND_HDA_PIN_QUIRK(0x10ec0255, 0x1028, "Dell Inspiron 5565", ALC255_FIXUP_DELL1_MIC_NO_PRESENCE,
++ {0x12, 0x90a60180},
++ {0x14, 0x90170120},
++ {0x21, 0x02211030}),
+ SND_HDA_PIN_QUIRK(0x10ec0256, 0x1028, "Dell", ALC255_FIXUP_DELL1_MIC_NO_PRESENCE,
+ {0x12, 0x90a60160},
+ {0x14, 0x90170120},
+@@ -6053,6 +6105,14 @@ static int patch_alc269(struct hda_codec *codec)
+ case 0x10ec0294:
+ spec->codec_variant = ALC269_TYPE_ALC294;
+ break;
++ case 0x10ec0700:
++ case 0x10ec0701:
++ case 0x10ec0703:
++ spec->codec_variant = ALC269_TYPE_ALC700;
++ spec->gen.mixer_nid = 0; /* ALC700 does not have any loopback mixer path */
++ alc_update_coef_idx(codec, 0x4a, 0, 1 << 15); /* Combo jack auto trigger control */
++ break;
++
+ }
+
+ if (snd_hda_codec_read(codec, 0x51, 0, AC_VERB_PARAMETERS, 0) == 0x10ec5505) {
+@@ -7008,6 +7068,9 @@ static const struct hda_device_id snd_hda_id_realtek[] = {
+ HDA_CODEC_ENTRY(0x10ec0670, "ALC670", patch_alc662),
+ HDA_CODEC_ENTRY(0x10ec0671, "ALC671", patch_alc662),
+ HDA_CODEC_ENTRY(0x10ec0680, "ALC680", patch_alc680),
++ HDA_CODEC_ENTRY(0x10ec0700, "ALC700", patch_alc269),
++ HDA_CODEC_ENTRY(0x10ec0701, "ALC701", patch_alc269),
++ HDA_CODEC_ENTRY(0x10ec0703, "ALC703", patch_alc269),
+ HDA_CODEC_ENTRY(0x10ec0867, "ALC891", patch_alc882),
+ HDA_CODEC_ENTRY(0x10ec0880, "ALC880", patch_alc880),
+ HDA_CODEC_ENTRY(0x10ec0882, "ALC882", patch_alc882),
+diff --git a/virt/kvm/arm/hyp/vgic-v2-sr.c b/virt/kvm/arm/hyp/vgic-v2-sr.c
+index 674bdf8..501849a 100644
+--- a/virt/kvm/arm/hyp/vgic-v2-sr.c
++++ b/virt/kvm/arm/hyp/vgic-v2-sr.c
+@@ -93,12 +93,11 @@ static void __hyp_text save_lrs(struct kvm_vcpu *vcpu, void __iomem *base)
+ if (!(vcpu->arch.vgic_cpu.live_lrs & (1UL << i)))
+ continue;
+
+- if (cpu_if->vgic_elrsr & (1UL << i)) {
++ if (cpu_if->vgic_elrsr & (1UL << i))
+ cpu_if->vgic_lr[i] &= ~GICH_LR_STATE;
+- continue;
+- }
++ else
++ cpu_if->vgic_lr[i] = readl_relaxed(base + GICH_LR0 + (i * 4));
+
+- cpu_if->vgic_lr[i] = readl_relaxed(base + GICH_LR0 + (i * 4));
+ writel_relaxed(0, base + GICH_LR0 + (i * 4));
+ }
+ }
+diff --git a/virt/kvm/irqchip.c b/virt/kvm/irqchip.c
+index fe84e1a..8db197b 100644
+--- a/virt/kvm/irqchip.c
++++ b/virt/kvm/irqchip.c
+@@ -40,7 +40,7 @@ int kvm_irq_map_gsi(struct kvm *kvm,
+
+ irq_rt = srcu_dereference_check(kvm->irq_routing, &kvm->irq_srcu,
+ lockdep_is_held(&kvm->irq_lock));
+- if (gsi < irq_rt->nr_rt_entries) {
++ if (irq_rt && gsi < irq_rt->nr_rt_entries) {
+ hlist_for_each_entry(e, &irq_rt->map[gsi], link) {
+ entries[n] = *e;
+ ++n;
diff --git a/4.5.7/4420_grsecurity-3.1-4.5.7-201606302132.patch b/4.6.3/4420_grsecurity-3.1-4.6.3-201607060823.patch
index 6f9feec..92e7d0d 100644
--- a/4.5.7/4420_grsecurity-3.1-4.5.7-201606302132.patch
+++ b/4.6.3/4420_grsecurity-3.1-4.6.3-201607060823.patch
@@ -323,10 +323,10 @@ index 13f888a..250729b 100644
A typical pattern in a Kbuild file looks like this:
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
-index 21e4b48..82bb512 100644
+index 0b3de80..550d8e8 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
-@@ -1300,6 +1300,12 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
+@@ -1320,6 +1320,12 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
[KNL] Should the hard-lockup detector generate
backtraces on all cpus.
Format: <integer>
@@ -339,7 +339,7 @@ index 21e4b48..82bb512 100644
hashdist= [KNL,NUMA] Large hashes allocated during boot
are distributed across NUMA nodes. Defaults on
-@@ -2476,6 +2482,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
+@@ -2515,6 +2521,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
noexec=on: enable non-executable mappings (default)
noexec=off: disable non-executable mappings
@@ -350,7 +350,7 @@ index 21e4b48..82bb512 100644
nosmap [X86]
Disable SMAP (Supervisor Mode Access Prevention)
even if it is supported by processor.
-@@ -2772,6 +2782,35 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
+@@ -2818,6 +2828,35 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
the specified number of seconds. This is to be used if
your oopses keep scrolling off the screen.
@@ -387,7 +387,7 @@ index 21e4b48..82bb512 100644
pcd. [PARIDE]
diff --git a/Documentation/sysctl/kernel.txt b/Documentation/sysctl/kernel.txt
-index a93b414..f50a50b 100644
+index fcddfd5..71afd6b 100644
--- a/Documentation/sysctl/kernel.txt
+++ b/Documentation/sysctl/kernel.txt
@@ -42,6 +42,7 @@ show up in /proc/sys/kernel:
@@ -398,7 +398,7 @@ index a93b414..f50a50b 100644
- modprobe ==> Documentation/debugging-modules.txt
- modules_disabled
- msg_next_id [ sysv ipc ]
-@@ -403,6 +404,20 @@ This flag controls the L2 cache of G3 processor boards. If
+@@ -406,6 +407,20 @@ This flag controls the L2 cache of G3 processor boards. If
==============================================================
@@ -420,7 +420,7 @@ index a93b414..f50a50b 100644
A toggle value indicating if modules are allowed to be loaded
diff --git a/Makefile b/Makefile
-index 90e4bd9..66ce952 100644
+index c62b531..e158b54 100644
--- a/Makefile
+++ b/Makefile
@@ -298,7 +298,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -434,7 +434,7 @@ index 90e4bd9..66ce952 100644
ifeq ($(shell $(HOSTCC) -v 2>&1 | grep -c "clang version"), 1)
HOSTCFLAGS += -Wno-unused-value -Wno-unused-parameter \
-@@ -547,7 +549,7 @@ ifeq ($(KBUILD_EXTMOD),)
+@@ -548,7 +550,7 @@ ifeq ($(KBUILD_EXTMOD),)
# in parallel
PHONY += scripts
scripts: scripts_basic include/config/auto.conf include/config/tristate.conf \
@@ -443,7 +443,7 @@ index 90e4bd9..66ce952 100644
$(Q)$(MAKE) $(build)=$(@)
# Objects we will link into vmlinux / subdirs we need to visit
-@@ -622,6 +624,8 @@ endif
+@@ -623,6 +625,8 @@ endif
# Tell gcc to never replace conditional load with a non-conditional one
KBUILD_CFLAGS += $(call cc-option,--param=allow-store-data-races=0)
@@ -452,7 +452,7 @@ index 90e4bd9..66ce952 100644
ifdef CONFIG_READABLE_ASM
# Disable optimizations that make assembler listings hard to read.
# reorder blocks reorders the control in the function
-@@ -715,7 +719,7 @@ KBUILD_CFLAGS += $(call cc-option, -gsplit-dwarf, -g)
+@@ -724,7 +728,7 @@ KBUILD_CFLAGS += $(call cc-option, -gsplit-dwarf, -g)
else
KBUILD_CFLAGS += -g
endif
@@ -461,7 +461,7 @@ index 90e4bd9..66ce952 100644
endif
ifdef CONFIG_DEBUG_INFO_DWARF4
KBUILD_CFLAGS += $(call cc-option, -gdwarf-4,)
-@@ -887,7 +891,7 @@ export mod_sign_cmd
+@@ -899,7 +903,7 @@ export mod_sign_cmd
ifeq ($(KBUILD_EXTMOD),)
@@ -470,7 +470,7 @@ index 90e4bd9..66ce952 100644
vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
$(core-y) $(core-m) $(drivers-y) $(drivers-m) \
-@@ -990,7 +994,7 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \
+@@ -1002,7 +1006,7 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \
archprepare: archheaders archscripts prepare1 scripts_basic
@@ -479,7 +479,7 @@ index 90e4bd9..66ce952 100644
$(Q)$(MAKE) $(build)=.
# All the preparing..
-@@ -1185,7 +1189,11 @@ MRPROPER_FILES += .config .config.old .version .old_version \
+@@ -1220,7 +1224,11 @@ MRPROPER_FILES += .config .config.old .version .old_version \
Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS \
signing_key.pem signing_key.priv signing_key.x509 \
x509.genkey extra_certificates signing_key.x509.keyid \
@@ -492,7 +492,7 @@ index 90e4bd9..66ce952 100644
# clean - Delete most, but leave enough to build external modules
#
-@@ -1224,7 +1232,7 @@ distclean: mrproper
+@@ -1259,7 +1267,7 @@ distclean: mrproper
@find $(srctree) $(RCS_FIND_IGNORE) \
\( -name '*.orig' -o -name '*.rej' -o -name '*~' \
-o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
@@ -501,7 +501,7 @@ index 90e4bd9..66ce952 100644
-type f -print | xargs rm -f
-@@ -1443,6 +1451,7 @@ clean: $(clean-dirs)
+@@ -1480,6 +1488,7 @@ clean: $(clean-dirs)
-o -name '.*.d' -o -name '.*.tmp' -o -name '*.mod.c' \
-o -name '*.symtypes' -o -name 'modules.order' \
-o -name modules.builtin -o -name '.tmp_*.o.*' \
@@ -510,7 +510,7 @@ index 90e4bd9..66ce952 100644
# Generate tags for editors
diff --git a/arch/Kconfig b/arch/Kconfig
-index f6b649d..5ba628b 100644
+index 81869a5..b10fc6c 100644
--- a/arch/Kconfig
+++ b/arch/Kconfig
@@ -353,6 +353,20 @@ config SECCOMP_FILTER
@@ -865,10 +865,10 @@ index 4a905bd..0a4da53 100644
/* Allow reads even for write-only mappings */
if (!(vma->vm_flags & (VM_READ | VM_WRITE)))
diff --git a/arch/arc/Kconfig b/arch/arc/Kconfig
-index 8a188bc..26608f1 100644
+index a876743..fe2a193 100644
--- a/arch/arc/Kconfig
+++ b/arch/arc/Kconfig
-@@ -528,6 +528,7 @@ config ARC_DBG_TLB_MISS_COUNT
+@@ -549,6 +549,7 @@ config ARC_DBG_TLB_MISS_COUNT
bool "Profile TLB Misses"
default n
select DEBUG_FS
@@ -877,7 +877,7 @@ index 8a188bc..26608f1 100644
Counts number of I and D TLB Misses and exports them via Debugfs
The counters can be cleared via Debugfs as well
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
-index 4f799e5..c1e2b95 100644
+index cdfa6c2..aba8354 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -53,6 +53,7 @@ config ARM
@@ -888,7 +888,7 @@ index 4f799e5..c1e2b95 100644
select HAVE_GENERIC_DMA_COHERENT
select HAVE_HW_BREAKPOINT if (PERF_EVENTS && (CPU_V6 || CPU_V6K || CPU_V7))
select HAVE_IDE if PCI || ISA || PCMCIA
-@@ -1622,6 +1623,7 @@ config HIGHPTE
+@@ -1629,6 +1630,7 @@ config HIGHPTE
config CPU_SW_DOMAIN_PAN
bool "Enable use of CPU domains to implement privileged no-access"
depends on MMU && !ARM_LPAE
@@ -896,7 +896,7 @@ index 4f799e5..c1e2b95 100644
default y
help
Increase kernel security by ensuring that normal kernel accesses
-@@ -1698,7 +1700,7 @@ config ALIGNMENT_TRAP
+@@ -1705,7 +1707,7 @@ config ALIGNMENT_TRAP
config UACCESS_WITH_MEMCPY
bool "Use kernel mem{cpy,set}() for {copy_to,clear}_user()"
@@ -905,7 +905,7 @@ index 4f799e5..c1e2b95 100644
default y if CPU_FEROCEON
help
Implement faster copy_to_user and clear_user methods for CPU
-@@ -1953,6 +1955,7 @@ config KEXEC
+@@ -1960,6 +1962,7 @@ config KEXEC
depends on (!SMP || PM_SLEEP_SMP)
depends on !CPU_V7M
select KEXEC_CORE
@@ -913,7 +913,7 @@ index 4f799e5..c1e2b95 100644
help
kexec is a system call that implements the ability to shutdown your
current kernel, and to start another kernel. It is like a reboot
-@@ -1997,7 +2000,7 @@ config EFI_STUB
+@@ -2004,7 +2007,7 @@ config EFI_STUB
config EFI
bool "UEFI runtime support"
@@ -923,7 +923,7 @@ index 4f799e5..c1e2b95 100644
select EFI_PARAMS_FROM_FDT
select EFI_STUB
diff --git a/arch/arm/Kconfig.debug b/arch/arm/Kconfig.debug
-index c6b6175..2884505 100644
+index 1098e91..d6415c8 100644
--- a/arch/arm/Kconfig.debug
+++ b/arch/arm/Kconfig.debug
@@ -7,6 +7,7 @@ config ARM_PTDUMP
@@ -935,10 +935,10 @@ index c6b6175..2884505 100644
Say Y here if you want to show the kernel pagetable layout in a
debugfs file. This information is only useful for kernel developers
diff --git a/arch/arm/boot/compressed/Makefile b/arch/arm/boot/compressed/Makefile
-index 43788b1..2efefcf 100644
+index d50430c..01cc53b 100644
--- a/arch/arm/boot/compressed/Makefile
+++ b/arch/arm/boot/compressed/Makefile
-@@ -106,6 +106,8 @@ ORIG_CFLAGS := $(KBUILD_CFLAGS)
+@@ -103,6 +103,8 @@ ORIG_CFLAGS := $(KBUILD_CFLAGS)
KBUILD_CFLAGS = $(subst -pg, , $(ORIG_CFLAGS))
endif
@@ -1525,7 +1525,7 @@ index 9e10c45..24a14ce 100644
#define atomic64_dec_and_test(v) (atomic64_dec_return((v)) == 0)
#define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1LL, 0LL)
diff --git a/arch/arm/include/asm/cache.h b/arch/arm/include/asm/cache.h
-index 75fe66b..ba3dee4 100644
+index 75fe66b..2255c86 100644
--- a/arch/arm/include/asm/cache.h
+++ b/arch/arm/include/asm/cache.h
@@ -4,8 +4,10 @@
@@ -1540,15 +1540,8 @@ index 75fe66b..ba3dee4 100644
/*
* Memory returned by kmalloc() may be used for DMA, so we must make
-@@ -24,5 +26,6 @@
- #endif
-
- #define __read_mostly __attribute__((__section__(".data..read_mostly")))
-+#define __read_only __attribute__ ((__section__(".data..read_only")))
-
- #endif
diff --git a/arch/arm/include/asm/cacheflush.h b/arch/arm/include/asm/cacheflush.h
-index d5525bf..e55725d 100644
+index 9156fc3..9791d17 100644
--- a/arch/arm/include/asm/cacheflush.h
+++ b/arch/arm/include/asm/cacheflush.h
@@ -116,7 +116,7 @@ struct cpu_cache_fns {
@@ -1561,7 +1554,7 @@ index d5525bf..e55725d 100644
/*
* Select the calling method
diff --git a/arch/arm/include/asm/checksum.h b/arch/arm/include/asm/checksum.h
-index 5233151..87a71fa 100644
+index 524692f..a8871ec 100644
--- a/arch/arm/include/asm/checksum.h
+++ b/arch/arm/include/asm/checksum.h
@@ -37,7 +37,19 @@ __wsum
@@ -1614,7 +1607,7 @@ index 3848259..bee9d84 100644
struct of_cpuidle_method {
const char *method;
diff --git a/arch/arm/include/asm/domain.h b/arch/arm/include/asm/domain.h
-index fc8ba16..d20fbde 100644
+index 99d9f63..e3e4da6 100644
--- a/arch/arm/include/asm/domain.h
+++ b/arch/arm/include/asm/domain.h
@@ -42,7 +42,6 @@
@@ -1676,7 +1669,7 @@ index fc8ba16..d20fbde 100644
domain_val(DOMAIN_VECTORS, DOMAIN_CLIENT))
#endif
-@@ -113,6 +136,17 @@ static inline void set_domain(unsigned val)
+@@ -124,6 +147,17 @@ static inline void set_domain(unsigned val)
set_domain(domain); \
} while (0)
@@ -2386,7 +2379,7 @@ index 703926e..39aa432 100644
/**
* arm_cpuidle_simple_enter() - a wrapper to cpu_do_idle()
diff --git a/arch/arm/kernel/entry-armv.S b/arch/arm/kernel/entry-armv.S
-index 3ce377f..e4cad12 100644
+index e255050..51e1b59 100644
--- a/arch/arm/kernel/entry-armv.S
+++ b/arch/arm/kernel/entry-armv.S
@@ -50,6 +50,87 @@
@@ -2781,7 +2774,7 @@ index 0c7efc3..3927085 100644
plt_end = (void *)plt + mod->arch.init_plt->sh_size;
count = &mod->arch.init_plt_count;
diff --git a/arch/arm/kernel/module.c b/arch/arm/kernel/module.c
-index efdddcb..35e58f6 100644
+index 4f14b5c..91ff261 100644
--- a/arch/arm/kernel/module.c
+++ b/arch/arm/kernel/module.c
@@ -38,17 +38,47 @@
@@ -2984,7 +2977,7 @@ index 4adfb46..65a3b13 100644
}
#endif
diff --git a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c
-index ef9119f..31995a3 100644
+index 4d93758..c2f471f92 100644
--- a/arch/arm/kernel/ptrace.c
+++ b/arch/arm/kernel/ptrace.c
@@ -928,10 +928,19 @@ static void tracehook_report_syscall(struct pt_regs *regs,
@@ -3008,7 +3001,7 @@ index ef9119f..31995a3 100644
#ifdef CONFIG_HAVE_ARCH_SECCOMP_FILTER
if (secure_computing() == -1)
diff --git a/arch/arm/kernel/reboot.c b/arch/arm/kernel/reboot.c
-index 3826935..8ed63ed 100644
+index 71a2ff9..7753acf 100644
--- a/arch/arm/kernel/reboot.c
+++ b/arch/arm/kernel/reboot.c
@@ -122,6 +122,7 @@ void machine_power_off(void)
@@ -3020,7 +3013,7 @@ index 3826935..8ed63ed 100644
/*
diff --git a/arch/arm/kernel/setup.c b/arch/arm/kernel/setup.c
-index c86ea8a..fd03a2d 100644
+index 2c4bea3..3f5625e 100644
--- a/arch/arm/kernel/setup.c
+++ b/arch/arm/kernel/setup.c
@@ -113,21 +113,23 @@ EXPORT_SYMBOL(elf_hwcap);
@@ -3126,7 +3119,7 @@ index 7b8f214..ece8e28 100644
- return page;
-}
diff --git a/arch/arm/kernel/smp.c b/arch/arm/kernel/smp.c
-index 37312f6..bb32c9b 100644
+index baee702..49e7294 100644
--- a/arch/arm/kernel/smp.c
+++ b/arch/arm/kernel/smp.c
@@ -82,7 +82,7 @@ enum ipi_msg_type {
@@ -3194,10 +3187,10 @@ index bc69838..e5dfdd4 100644
do_exit(signr);
}
diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S
-index 8b60fde..8d986dd 100644
+index e2c6da0..6155a88 100644
--- a/arch/arm/kernel/vmlinux.lds.S
+++ b/arch/arm/kernel/vmlinux.lds.S
-@@ -37,7 +37,7 @@
+@@ -44,7 +44,7 @@
#endif
#if (defined(CONFIG_SMP_ON_UP) && !defined(CONFIG_DEBUG_SPINLOCK)) || \
@@ -3206,8 +3199,8 @@ index 8b60fde..8d986dd 100644
#define ARM_EXIT_KEEP(x) x
#define ARM_EXIT_DISCARD(x)
#else
-@@ -120,6 +120,8 @@ SECTIONS
- #ifdef CONFIG_DEBUG_RODATA
+@@ -125,6 +125,8 @@ SECTIONS
+ #ifdef CONFIG_DEBUG_ALIGN_RODATA
. = ALIGN(1<<SECTION_SHIFT);
#endif
+ _etext = .; /* End of text section */
@@ -3215,20 +3208,20 @@ index 8b60fde..8d986dd 100644
RO_DATA(PAGE_SIZE)
. = ALIGN(4);
-@@ -150,8 +152,6 @@ SECTIONS
+@@ -155,8 +157,6 @@ SECTIONS
NOTES
- _etext = .; /* End of text and rodata section */
-
- #ifndef CONFIG_XIP_KERNEL
- # ifdef CONFIG_ARM_KERNMEM_PERMS
+ #ifdef CONFIG_DEBUG_RODATA
. = ALIGN(1<<SECTION_SHIFT);
+ #else
diff --git a/arch/arm/kvm/arm.c b/arch/arm/kvm/arm.c
-index dda1959..0de41b4 100644
+index dded1b7..6fa4373 100644
--- a/arch/arm/kvm/arm.c
+++ b/arch/arm/kvm/arm.c
-@@ -58,7 +58,7 @@ static unsigned long hyp_default_vectors;
+@@ -59,7 +59,7 @@ static unsigned long hyp_default_vectors;
static DEFINE_PER_CPU(struct kvm_vcpu *, kvm_arm_running_vcpu);
/* The VMID used in the VTTBR */
@@ -3237,7 +3230,7 @@ index dda1959..0de41b4 100644
static u32 kvm_next_vmid;
static unsigned int kvm_vmid_bits __read_mostly;
static DEFINE_SPINLOCK(kvm_vmid_lock);
-@@ -387,7 +387,7 @@ void force_vm_exit(const cpumask_t *mask)
+@@ -392,7 +392,7 @@ void force_vm_exit(const cpumask_t *mask)
*/
static bool need_new_vmid_gen(struct kvm *kvm)
{
@@ -3246,7 +3239,7 @@ index dda1959..0de41b4 100644
}
/**
-@@ -420,7 +420,7 @@ static void update_vttbr(struct kvm *kvm)
+@@ -425,7 +425,7 @@ static void update_vttbr(struct kvm *kvm)
/* First user of a new VMID generation? */
if (unlikely(kvm_next_vmid == 0)) {
@@ -3255,7 +3248,7 @@ index dda1959..0de41b4 100644
kvm_next_vmid = 1;
/*
-@@ -437,7 +437,7 @@ static void update_vttbr(struct kvm *kvm)
+@@ -442,7 +442,7 @@ static void update_vttbr(struct kvm *kvm)
kvm_call_hyp(__kvm_flush_vm_context);
}
@@ -3327,7 +3320,7 @@ index 6bd1089..e999400 100644
{
unsigned long ua_flags;
diff --git a/arch/arm/mach-exynos/suspend.c b/arch/arm/mach-exynos/suspend.c
-index c169cc3..b007ec6 100644
+index fee2b00..943ea95 100644
--- a/arch/arm/mach-exynos/suspend.c
+++ b/arch/arm/mach-exynos/suspend.c
@@ -734,8 +734,10 @@ void __init exynos_pm_init(void)
@@ -3343,8 +3336,38 @@ index c169cc3..b007ec6 100644
register_syscore_ops(&exynos_pm_syscore_ops);
suspend_set_ops(&exynos_suspend_ops);
+diff --git a/arch/arm/mach-mmp/mmp2.c b/arch/arm/mach-mmp/mmp2.c
+index afba546..9e5403d 100644
+--- a/arch/arm/mach-mmp/mmp2.c
++++ b/arch/arm/mach-mmp/mmp2.c
+@@ -98,7 +98,9 @@ void __init mmp2_init_irq(void)
+ {
+ mmp2_init_icu();
+ #ifdef CONFIG_PM
+- icu_irq_chip.irq_set_wake = mmp2_set_wake;
++ pax_open_kernel();
++ const_cast(icu_irq_chip.irq_set_wake) = mmp2_set_wake;
++ pax_close_kernel();
+ #endif
+ }
+
+diff --git a/arch/arm/mach-mmp/pxa910.c b/arch/arm/mach-mmp/pxa910.c
+index 1ccbba9..7a95c29 100644
+--- a/arch/arm/mach-mmp/pxa910.c
++++ b/arch/arm/mach-mmp/pxa910.c
+@@ -84,7 +84,9 @@ void __init pxa910_init_irq(void)
+ {
+ icu_init_irq();
+ #ifdef CONFIG_PM
+- icu_irq_chip.irq_set_wake = pxa910_set_wake;
++ pax_open_kernel();
++ const_cast(icu_irq_chip.irq_set_wake) = pxa910_set_wake;
++ pax_close_kernel();
+ #endif
+ }
+
diff --git a/arch/arm/mach-mvebu/coherency.c b/arch/arm/mach-mvebu/coherency.c
-index 55348ee..bfcd336 100644
+index 7e989d6..614bf8b 100644
--- a/arch/arm/mach-mvebu/coherency.c
+++ b/arch/arm/mach-mvebu/coherency.c
@@ -163,7 +163,7 @@ exit:
@@ -3517,6 +3540,19 @@ index ff0a68c..b312aa0 100644
pdev = omap_device_build(dev_name, id, oh, &pdata,
sizeof(struct omap_wd_timer_platform_data));
WARN(IS_ERR(pdev), "Can't build omap_device for %s:%s.\n",
+diff --git a/arch/arm/mach-s3c64xx/mach-smdk6410.c b/arch/arm/mach-s3c64xx/mach-smdk6410.c
+index 92ec8c3..3df2546 100644
+--- a/arch/arm/mach-s3c64xx/mach-smdk6410.c
++++ b/arch/arm/mach-s3c64xx/mach-smdk6410.c
+@@ -240,7 +240,7 @@ static struct platform_device smdk6410_b_pwr_5v = {
+ };
+ #endif
+
+-static struct s3c_ide_platdata smdk6410_ide_pdata __initdata = {
++static struct s3c_ide_platdata smdk6410_ide_pdata __initconst = {
+ .setup_gpio = s3c64xx_ide_setup_gpio,
+ };
+
diff --git a/arch/arm/mach-shmobile/platsmp-apmu.c b/arch/arm/mach-shmobile/platsmp-apmu.c
index aba75c8..b2b340f 100644
--- a/arch/arm/mach-shmobile/platsmp-apmu.c
@@ -3589,7 +3625,7 @@ index 7cd9865..a00b6ab 100644
#include "common.h"
diff --git a/arch/arm/mm/Kconfig b/arch/arm/mm/Kconfig
-index 549f6d3..909a9dc 100644
+index 5534766..1ffd12a 100644
--- a/arch/arm/mm/Kconfig
+++ b/arch/arm/mm/Kconfig
@@ -442,6 +442,7 @@ config CPU_32v5
@@ -3759,7 +3795,7 @@ index c8c8b9e..c55cc79 100644
atomic64_set(&mm->context.id, asid);
}
diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c
-index daafcf1..a04e1fd 100644
+index ad58418..c0349f4 100644
--- a/arch/arm/mm/fault.c
+++ b/arch/arm/mm/fault.c
@@ -25,6 +25,7 @@
@@ -3974,7 +4010,7 @@ index daafcf1..a04e1fd 100644
+#else
+ unsigned int bkpt;
+
-+ if (!probe_kernel_address(pc, bkpt) && cpu_to_le32(bkpt) == 0xe12f1073) {
++ if (!probe_kernel_address((const void *)pc, bkpt) && cpu_to_le32(bkpt) == 0xe12f1073) {
+#endif
+ current->thread.error_code = ifsr;
+ current->thread.trap_no = 0;
@@ -4023,10 +4059,10 @@ index 05ec5e0..0b70277 100644
unsigned long search_exception_table(unsigned long addr);
void early_abt_enable(void);
diff --git a/arch/arm/mm/init.c b/arch/arm/mm/init.c
-index 49bd081..a4502de 100644
+index 370581a..b985cc1 100644
--- a/arch/arm/mm/init.c
+++ b/arch/arm/mm/init.c
-@@ -745,7 +745,46 @@ void free_tcmmem(void)
+@@ -747,7 +747,46 @@ void free_tcmmem(void)
{
#ifdef CONFIG_HAVE_TCM
extern char __tcm_start, __tcm_end;
@@ -4208,7 +4244,7 @@ index 66353ca..8aad9f8 100644
}
}
diff --git a/arch/arm/mm/mmu.c b/arch/arm/mm/mmu.c
-index 434d76f..af843d5 100644
+index 62f4d01..bffdcfe 100644
--- a/arch/arm/mm/mmu.c
+++ b/arch/arm/mm/mmu.c
@@ -243,7 +243,15 @@ __setup("noalign", noalign_setup);
@@ -4448,7 +4484,7 @@ index 434d76f..af843d5 100644
@@ -1336,7 +1374,7 @@ static void __init devicemaps_init(const struct machine_desc *mdesc)
map.pfn = __phys_to_pfn(CONFIG_XIP_PHYS_ADDR & SECTION_MASK);
map.virtual = MODULES_VADDR;
- map.length = ((unsigned long)_etext - map.virtual + ~SECTION_MASK) & SECTION_MASK;
+ map.length = ((unsigned long)_exiprom - map.virtual + ~SECTION_MASK) & SECTION_MASK;
- map.type = MT_ROM;
+ map.type = MT_ROM_RX;
create_mapping(&map);
@@ -4480,18 +4516,22 @@ index 434d76f..af843d5 100644
map.virtual = 0xffff0000;
map.length = PAGE_SIZE;
#ifdef CONFIG_KUSER_HELPERS
-@@ -1426,8 +1464,10 @@ static void __init kmap_init(void)
+@@ -1426,12 +1464,14 @@ static void __init kmap_init(void)
static void __init map_lowmem(void)
{
struct memblock_region *reg;
+#ifndef CONFIG_PAX_KERNEXEC
+ #ifdef CONFIG_XIP_KERNEL
+ phys_addr_t kernel_x_start = round_down(__pa(_sdata), SECTION_SIZE);
+ #else
phys_addr_t kernel_x_start = round_down(__pa(_stext), SECTION_SIZE);
+ #endif
phys_addr_t kernel_x_end = round_up(__pa(__init_end), SECTION_SIZE);
+#endif
/* Map all the lowmem memory banks. */
for_each_memblock(memory, reg) {
-@@ -1443,11 +1483,48 @@ static void __init map_lowmem(void)
+@@ -1447,11 +1487,48 @@ static void __init map_lowmem(void)
if (start >= end)
break;
@@ -4541,7 +4581,7 @@ index 434d76f..af843d5 100644
create_mapping(&map);
} else if (start >= kernel_x_end) {
-@@ -1471,7 +1548,7 @@ static void __init map_lowmem(void)
+@@ -1475,7 +1552,7 @@ static void __init map_lowmem(void)
map.pfn = __phys_to_pfn(kernel_x_start);
map.virtual = __phys_to_virt(kernel_x_start);
map.length = kernel_x_end - kernel_x_start;
@@ -4550,7 +4590,7 @@ index 434d76f..af843d5 100644
create_mapping(&map);
-@@ -1484,6 +1561,7 @@ static void __init map_lowmem(void)
+@@ -1488,6 +1565,7 @@ static void __init map_lowmem(void)
create_mapping(&map);
}
}
@@ -4702,10 +4742,10 @@ index a5bc92d..0bb4730 100644
+ pax_close_kernel();
}
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
-index 8cc6228..6d6e4f8 100644
+index 4f43622..22c9473 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
-@@ -70,6 +70,7 @@ config ARM64
+@@ -72,6 +72,7 @@ config ARM64
select HAVE_FTRACE_MCOUNT_RECORD
select HAVE_FUNCTION_TRACER
select HAVE_FUNCTION_GRAPH_TRACER
@@ -4714,7 +4754,7 @@ index 8cc6228..6d6e4f8 100644
select HAVE_HW_BREAKPOINT if PERF_EVENTS
select HAVE_IRQ_TIME_ACCOUNTING
diff --git a/arch/arm64/Kconfig.debug b/arch/arm64/Kconfig.debug
-index e13c4bf..3feaea7 100644
+index 7e76845..e5ce349 100644
--- a/arch/arm64/Kconfig.debug
+++ b/arch/arm64/Kconfig.debug
@@ -6,6 +6,7 @@ config ARM64_PTDUMP
@@ -4771,21 +4811,21 @@ index 0a456be..7799ff5 100644
default:
BUILD_BUG();
diff --git a/arch/arm64/include/asm/pgalloc.h b/arch/arm64/include/asm/pgalloc.h
-index c150539..45f5724 100644
+index ff98585..65eced1 100644
--- a/arch/arm64/include/asm/pgalloc.h
+++ b/arch/arm64/include/asm/pgalloc.h
-@@ -47,6 +47,11 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd)
- set_pud(pud, __pud(__pa(pmd) | PMD_TYPE_TABLE));
+@@ -51,6 +51,11 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd)
+ {
+ __pud_populate(pud, __pa(pmd), PMD_TYPE_TABLE);
}
-
++
+static inline void pud_populate_kernel(struct mm_struct *mm, pud_t *pud, pmd_t *pmd)
+{
+ pud_populate(mm, pud, pmd);
+}
-+
- #endif /* CONFIG_PGTABLE_LEVELS > 2 */
-
- #if CONFIG_PGTABLE_LEVELS > 3
+ #else
+ static inline void __pud_populate(pud_t *pud, phys_addr_t pmd, pudval_t prot)
+ {
diff --git a/arch/arm64/include/asm/string.h b/arch/arm64/include/asm/string.h
index 2eb714c..6c0fdb7 100644
--- a/arch/arm64/include/asm/string.h
@@ -4843,10 +4883,10 @@ index 2eb714c..6c0fdb7 100644
#if defined(CONFIG_KASAN) && !defined(__SANITIZE_ADDRESS__)
diff --git a/arch/arm64/include/asm/uaccess.h b/arch/arm64/include/asm/uaccess.h
-index b2ede967..865eed5 100644
+index 0685d74..6898549 100644
--- a/arch/arm64/include/asm/uaccess.h
+++ b/arch/arm64/include/asm/uaccess.h
-@@ -102,6 +102,7 @@ static inline void set_fs(mm_segment_t fs)
+@@ -114,6 +114,7 @@ static inline void set_fs(mm_segment_t fs)
flag; \
})
@@ -5129,7 +5169,7 @@ index 69952c18..4fa2908 100644
#define ARCH_DMA_MINALIGN L1_CACHE_BYTES
diff --git a/arch/ia64/Kconfig b/arch/ia64/Kconfig
-index fb0515e..ca9715a 100644
+index b534eba..ace220a 100644
--- a/arch/ia64/Kconfig
+++ b/arch/ia64/Kconfig
@@ -518,6 +518,7 @@ config KEXEC
@@ -5284,7 +5324,7 @@ index 45698cd..e8e2dbc 100644
static __always_inline void __ticket_spin_unlock_wait(arch_spinlock_t *lock)
diff --git a/arch/ia64/include/asm/uaccess.h b/arch/ia64/include/asm/uaccess.h
-index 4f3fb6cc..254055e 100644
+index 2189d5d..420134b 100644
--- a/arch/ia64/include/asm/uaccess.h
+++ b/arch/ia64/include/asm/uaccess.h
@@ -70,6 +70,7 @@
@@ -5520,7 +5560,7 @@ index 70b40d1..01a9a28 100644
/*
* If for any reason at all we couldn't handle the fault, make
diff --git a/arch/ia64/mm/hugetlbpage.c b/arch/ia64/mm/hugetlbpage.c
-index f50d4b3..c7975ee 100644
+index 85de86d..db7f6b8 100644
--- a/arch/ia64/mm/hugetlbpage.c
+++ b/arch/ia64/mm/hugetlbpage.c
@@ -138,6 +138,7 @@ unsigned long hugetlb_get_unmapped_area(struct file *file, unsigned long addr, u
@@ -5630,7 +5670,7 @@ index 0395c51..5f26031 100644
#define ARCH_DMA_MINALIGN L1_CACHE_BYTES
diff --git a/arch/metag/mm/hugetlbpage.c b/arch/metag/mm/hugetlbpage.c
-index 53f0f6c..2dc07fd 100644
+index b38700ae..15f5c87 100644
--- a/arch/metag/mm/hugetlbpage.c
+++ b/arch/metag/mm/hugetlbpage.c
@@ -189,6 +189,7 @@ hugetlb_get_unmapped_area_new_pmd(unsigned long len)
@@ -5659,8 +5699,21 @@ index 4efe96a..60e8699 100644
#define SMP_CACHE_BYTES L1_CACHE_BYTES
+diff --git a/arch/mips/Kbuild b/arch/mips/Kbuild
+index 5c3f688..f8cc1b3 100644
+--- a/arch/mips/Kbuild
++++ b/arch/mips/Kbuild
+@@ -1,7 +1,7 @@
+ # Fail on warnings - also for files referenced in subdirs
+ # -Werror can be disabled for specific files using:
+ # CFLAGS_<file.o> := -Wno-error
+-subdir-ccflags-y := -Werror
++# subdir-ccflags-y := -Werror
+
+ # platform specific definitions
+ include arch/mips/Kbuild.platforms
diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig
-index d3da79d..e317c97 100644
+index 2018c2b..fdd3972 100644
--- a/arch/mips/Kconfig
+++ b/arch/mips/Kconfig
@@ -49,6 +49,7 @@ config MIPS
@@ -5671,7 +5724,7 @@ index d3da79d..e317c97 100644
select MODULES_USE_ELF_REL if MODULES
select MODULES_USE_ELF_RELA if MODULES && 64BIT
select CLONE_BACKWARDS
-@@ -2656,6 +2657,7 @@ source "kernel/Kconfig.preempt"
+@@ -2648,6 +2649,7 @@ source "kernel/Kconfig.preempt"
config KEXEC
bool "Kexec system call"
select KEXEC_CORE
@@ -6371,6 +6424,18 @@ index 9e8ef59..1139d6b 100644
/*
* interrupt-retrigger: NOP for now. This may not be appropriate for all
+diff --git a/arch/mips/include/asm/irq.h b/arch/mips/include/asm/irq.h
+index 15e0fec..3ee3eec 100644
+--- a/arch/mips/include/asm/irq.h
++++ b/arch/mips/include/asm/irq.h
+@@ -11,7 +11,6 @@
+
+ #include <linux/linkage.h>
+ #include <linux/smp.h>
+-#include <linux/irqdomain.h>
+
+ #include <asm/mipsmtregs.h>
+
diff --git a/arch/mips/include/asm/local.h b/arch/mips/include/asm/local.h
index 8feaed6..1bd8a64 100644
--- a/arch/mips/include/asm/local.h
@@ -6548,7 +6613,7 @@ index e309d8f..20eefec 100644
/*
* We stash processor id into a COP0 register to retrieve it fast
diff --git a/arch/mips/include/asm/uaccess.h b/arch/mips/include/asm/uaccess.h
-index 095ecaf..f1da6ff 100644
+index 7f109d4..40b1195 100644
--- a/arch/mips/include/asm/uaccess.h
+++ b/arch/mips/include/asm/uaccess.h
@@ -146,6 +146,7 @@ static inline bool eva_kernel_access(void)
@@ -6651,7 +6716,7 @@ index 8eb5af8..2baf465 100644
}
#else
diff --git a/arch/mips/kernel/pm-cps.c b/arch/mips/kernel/pm-cps.c
-index f63a289..53037c22 100644
+index fa3f9eb..98ada7a 100644
--- a/arch/mips/kernel/pm-cps.c
+++ b/arch/mips/kernel/pm-cps.c
@@ -172,7 +172,7 @@ int cps_pm_enter_state(enum cps_pm_state state)
@@ -6664,7 +6729,7 @@ index f63a289..53037c22 100644
/* Run the generated entry code */
diff --git a/arch/mips/kernel/process.c b/arch/mips/kernel/process.c
-index 0c0456f..fdb287a3 100644
+index d83730c..ced3459 100644
--- a/arch/mips/kernel/process.c
+++ b/arch/mips/kernel/process.c
@@ -539,18 +539,6 @@ out:
@@ -6783,10 +6848,10 @@ index 4472a7f..c5905e6 100644
}
/* Arrange for an interrupt in a short while */
diff --git a/arch/mips/kernel/traps.c b/arch/mips/kernel/traps.c
-index 58a7cad..315d7bc 100644
+index 5aa1d5c..491df0d 100644
--- a/arch/mips/kernel/traps.c
+++ b/arch/mips/kernel/traps.c
-@@ -697,7 +697,18 @@ asmlinkage void do_ov(struct pt_regs *regs)
+@@ -698,7 +698,18 @@ asmlinkage void do_ov(struct pt_regs *regs)
};
prev_state = exception_enter();
@@ -7180,19 +7245,6 @@ index bcb5df2..84fabd2 100644
#define L1_CACHE_WAYDISP 0x1000 /* distance from one way to the next */
#define L1_CACHE_TAG_VALID 0x00000001 /* cache tag valid bit */
-diff --git a/arch/nios2/lib/memset.c b/arch/nios2/lib/memset.c
-index c2cfcb1..2fcefe7 100644
---- a/arch/nios2/lib/memset.c
-+++ b/arch/nios2/lib/memset.c
-@@ -68,7 +68,7 @@ void *memset(void *s, int c, size_t count)
- "=r" (charcnt), /* %1 Output */
- "=r" (dwordcnt), /* %2 Output */
- "=r" (fill8reg), /* %3 Output */
-- "=r" (wrkrega) /* %4 Output */
-+ "=&r" (wrkrega) /* %4 Output only */
- : "r" (c), /* %5 Input */
- "0" (s), /* %0 Input/Output */
- "1" (count) /* %1 Input/Output */
diff --git a/arch/openrisc/include/asm/cache.h b/arch/openrisc/include/asm/cache.h
index 4ce7a01..449202a 100644
--- a/arch/openrisc/include/asm/cache.h
@@ -7234,7 +7286,7 @@ index 1d10999..5907031 100644
diff --git a/arch/parisc/include/asm/cache.h b/arch/parisc/include/asm/cache.h
-index 3d0e17b..602e980 100644
+index df0f52b..810699b 100644
--- a/arch/parisc/include/asm/cache.h
+++ b/arch/parisc/include/asm/cache.h
@@ -5,6 +5,7 @@
@@ -7319,10 +7371,10 @@ index 291cee2..2ac33db 100644
#define PAGE_KERNEL_EXEC __pgprot(_PAGE_KERNEL_EXEC)
#define PAGE_KERNEL_RWX __pgprot(_PAGE_KERNEL_RWX)
diff --git a/arch/parisc/include/asm/uaccess.h b/arch/parisc/include/asm/uaccess.h
-index 1960b87..e8f57e3 100644
+index 7955e43..7f3661d 100644
--- a/arch/parisc/include/asm/uaccess.h
+++ b/arch/parisc/include/asm/uaccess.h
-@@ -244,10 +244,10 @@ static inline unsigned long __must_check copy_from_user(void *to,
+@@ -243,10 +243,10 @@ static inline unsigned long __must_check copy_from_user(void *to,
const void __user *from,
unsigned long n)
{
@@ -7336,7 +7388,7 @@ index 1960b87..e8f57e3 100644
else
copy_from_user_overflow();
diff --git a/arch/parisc/kernel/module.c b/arch/parisc/kernel/module.c
-index b9d75d9..dae5c9a 100644
+index a0ecdb4a..71d2069 100644
--- a/arch/parisc/kernel/module.c
+++ b/arch/parisc/kernel/module.c
@@ -100,14 +100,12 @@
@@ -7403,7 +7455,7 @@ index b9d75d9..dae5c9a 100644
return (Elf_Addr)fdesc;
}
#endif /* CONFIG_64BIT */
-@@ -839,7 +837,7 @@ register_unwind_table(struct module *me,
+@@ -847,7 +845,7 @@ register_unwind_table(struct module *me,
table = (unsigned char *)sechdrs[me->arch.unwind_section].sh_addr;
end = table + sechdrs[me->arch.unwind_section].sh_size;
@@ -7413,7 +7465,7 @@ index b9d75d9..dae5c9a 100644
DEBUGP("register_unwind_table(), sect = %d at 0x%p - 0x%p (gp=0x%lx)\n",
me->arch.unwind_section, table, end, gp);
diff --git a/arch/parisc/kernel/sys_parisc.c b/arch/parisc/kernel/sys_parisc.c
-index 5aba01a..47cdd5a 100644
+index 0a393a0..5b3199e0 100644
--- a/arch/parisc/kernel/sys_parisc.c
+++ b/arch/parisc/kernel/sys_parisc.c
@@ -92,6 +92,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr,
@@ -7485,10 +7537,10 @@ index 5aba01a..47cdd5a 100644
mm->mmap_base = mm->mmap_legacy_base;
mm->get_unmapped_area = arch_get_unmapped_area;
diff --git a/arch/parisc/kernel/traps.c b/arch/parisc/kernel/traps.c
-index 77e2262..ec65037 100644
+index 97d6b20..2ab0232 100644
--- a/arch/parisc/kernel/traps.c
+++ b/arch/parisc/kernel/traps.c
-@@ -722,9 +722,7 @@ void notrace handle_interruption(int code, struct pt_regs *regs)
+@@ -719,9 +719,7 @@ void notrace handle_interruption(int code, struct pt_regs *regs)
down_read(&current->mm->mmap_sem);
vma = find_vma(current->mm,regs->iaoq[0]);
@@ -7500,7 +7552,7 @@ index 77e2262..ec65037 100644
fault_space = regs->iasq[0];
diff --git a/arch/parisc/mm/fault.c b/arch/parisc/mm/fault.c
-index f906444..0bb73ae 100644
+index 16dbe81..db2ed24 100644
--- a/arch/parisc/mm/fault.c
+++ b/arch/parisc/mm/fault.c
@@ -16,6 +16,7 @@
@@ -7637,7 +7689,7 @@ index f906444..0bb73ae 100644
int fixup_exception(struct pt_regs *regs)
{
const struct exception_table_entry *fix;
-@@ -235,8 +346,33 @@ retry:
+@@ -230,8 +341,33 @@ retry:
good_area:
@@ -7673,10 +7725,10 @@ index f906444..0bb73ae 100644
/*
* If for any reason at all we couldn't handle the fault, make
diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
-index 9faa18c..b24277a 100644
+index 7cd32c0..30c918b 100644
--- a/arch/powerpc/Kconfig
+++ b/arch/powerpc/Kconfig
-@@ -143,6 +143,7 @@ config PPC
+@@ -144,6 +144,7 @@ config PPC
select ARCH_USE_BUILTIN_BSWAP
select OLD_SIGSUSPEND
select OLD_SIGACTION if PPC32
@@ -7684,7 +7736,7 @@ index 9faa18c..b24277a 100644
select HAVE_DEBUG_STACKOVERFLOW
select HAVE_IRQ_EXIT_ON_IRQ_STACK
select ARCH_USE_CMPXCHG_LOCKREF if PPC64
-@@ -419,6 +420,7 @@ config KEXEC
+@@ -439,6 +440,7 @@ config KEXEC
bool "kexec system call"
depends on (PPC_BOOK3S || FSL_BOOKE || (44x && !SMP)) || PPC_BOOK3E
select KEXEC_CORE
@@ -7693,7 +7745,7 @@ index 9faa18c..b24277a 100644
kexec is a system call that implements the ability to shutdown your
current kernel, and to start another kernel. It is like a reboot
diff --git a/arch/powerpc/include/asm/atomic.h b/arch/powerpc/include/asm/atomic.h
-index 55f106e..5968afb 100644
+index ae0751e..c7fad52 100644
--- a/arch/powerpc/include/asm/atomic.h
+++ b/arch/powerpc/include/asm/atomic.h
@@ -12,6 +12,11 @@
@@ -7705,10 +7757,10 @@ index 55f106e..5968afb 100644
+ PPC_LONG" " #from ", " #to"\n" \
+" .previous\n"
+
- static __inline__ int atomic_read(const atomic_t *v)
- {
- int t;
-@@ -21,39 +26,80 @@ static __inline__ int atomic_read(const atomic_t *v)
+ /*
+ * Since *_return_relaxed and {cmp}xchg_relaxed are implemented with
+ * a "bne-" instruction at the end, so an isync is enough as a acquire barrier
+@@ -39,38 +44,79 @@ static __inline__ int atomic_read(const atomic_t *v)
return t;
}
@@ -7771,44 +7823,43 @@ index 55f106e..5968afb 100644
: "cc"); \
} \
--#define ATOMIC_OP_RETURN(op, asm_op) \
--static __inline__ int atomic_##op##_return(int a, atomic_t *v) \
+-#define ATOMIC_OP_RETURN_RELAXED(op, asm_op) \
+-static inline int atomic_##op##_return_relaxed(int a, atomic_t *v) \
+#define ATOMIC_OP(op, asm_op) __ATOMIC_OP(op, , , asm_op, , ) \
+ __ATOMIC_OP(op, _unchecked, __OVERFLOW_PRE, __REFCOUNT_OP(asm_op), __OVERFLOW_POST, __OVERFLOW_EXTABLE)
+
+#define __ATOMIC_OP_RETURN(op, suffix, pre_op, asm_op, post_op, extable)\
-+static inline int atomic_##op##_return##suffix(int a, atomic##suffix##_t *v)\
++static inline int atomic_##op##_return##suffix##_relaxed(int a, atomic##suffix##_t *v)\
{ \
int t; \
\
__asm__ __volatile__( \
- PPC_ATOMIC_ENTRY_BARRIER \
--"1: lwarx %0,0,%2 # atomic_" #op "_return\n" \
-+"1: lwarx %0,0,%2 # atomic_" #op "_return" #suffix "\n" \
+-"1: lwarx %0,0,%3 # atomic_" #op "_return_relaxed\n" \
++"1: lwarx %0,0,%2 # atomic_" #op "_return" #suffix "_relaxed\n"\
+ pre_op \
- #asm_op " %0,%1,%0\n" \
+ #asm_op " %0,%2,%0\n" \
+ post_op \
- PPC405_ERR77(0,%2) \
- " stwcx. %0,0,%2 \n" \
+ PPC405_ERR77(0, %3) \
+ " stwcx. %0,0,%3\n" \
" bne- 1b\n" \
+ extable \
- PPC_ATOMIC_EXIT_BARRIER \
- : "=&r" (t) \
+ : "=&r" (t), "+m" (v->counter) \
: "r" (a), "r" (&v->counter) \
-@@ -62,6 +108,9 @@ static __inline__ int atomic_##op##_return(int a, atomic_t *v) \
+ : "cc"); \
+@@ -78,6 +124,9 @@ static inline int atomic_##op##_return_relaxed(int a, atomic_t *v) \
return t; \
}
-+#define ATOMIC_OP_RETURN(op, asm_op) __ATOMIC_OP_RETURN(op, , , asm_op, , )\
++#define ATOMIC_OP_RETURN_RELAXED(op, asm_op) __ATOMIC_OP_RETURN(op, , , asm_op, , )\
+ __ATOMIC_OP_RETURN(op, _unchecked, __OVERFLOW_PRE, __REFCOUNT_OP(asm_op), __OVERFLOW_POST, __OVERFLOW_EXTABLE)
+
- #define ATOMIC_OPS(op, asm_op) ATOMIC_OP(op, asm_op) ATOMIC_OP_RETURN(op, asm_op)
-
- ATOMIC_OPS(add, add)
-@@ -73,42 +122,29 @@ ATOMIC_OP(xor, xor)
+ #define ATOMIC_OPS(op, asm_op) \
+ ATOMIC_OP(op, asm_op) \
+ ATOMIC_OP_RETURN_RELAXED(op, asm_op)
+@@ -94,40 +143,29 @@ ATOMIC_OP(xor, xor)
#undef ATOMIC_OPS
- #undef ATOMIC_OP_RETURN
+ #undef ATOMIC_OP_RETURN_RELAXED
+#undef __ATOMIC_OP_RETURN
#undef ATOMIC_OP
+#undef __ATOMIC_OP
@@ -7825,7 +7876,7 @@ index 55f106e..5968afb 100644
+ * Automatically increments @v by 1
+ */
+#define atomic_inc(v) atomic_add(1, (v))
-+#define atomic_inc_return(v) atomic_add_return(1, (v))
++#define atomic_inc_return_relaxed(v) atomic_add_return_relaxed(1, (v))
- __asm__ __volatile__(
-"1: lwarx %0,0,%2 # atomic_inc\n\
@@ -7841,29 +7892,27 @@ index 55f106e..5968afb 100644
+ atomic_add_unchecked(1, v);
}
--static __inline__ int atomic_inc_return(atomic_t *v)
-+static inline int atomic_inc_return_unchecked(atomic_unchecked_t *v)
+-static __inline__ int atomic_inc_return_relaxed(atomic_t *v)
++static inline int atomic_inc_return_unchecked_relaxed(atomic_unchecked_t *v)
{
- int t;
-
- __asm__ __volatile__(
-- PPC_ATOMIC_ENTRY_BARRIER
--"1: lwarx %0,0,%1 # atomic_inc_return\n\
-- addic %0,%0,1\n"
-- PPC405_ERR77(0,%1)
--" stwcx. %0,0,%1 \n\
-- bne- 1b"
-- PPC_ATOMIC_EXIT_BARRIER
-- : "=&r" (t)
+-"1: lwarx %0,0,%2 # atomic_inc_return_relaxed\n"
+-" addic %0,%0,1\n"
+- PPC405_ERR77(0, %2)
+-" stwcx. %0,0,%2\n"
+-" bne- 1b"
+- : "=&r" (t), "+m" (v->counter)
- : "r" (&v->counter)
-- : "cc", "xer", "memory");
+- : "cc", "xer");
-
- return t;
-+ return atomic_add_return_unchecked(1, v);
++ return atomic_add_return_unchecked_relaxed(1, v);
}
/*
-@@ -121,43 +157,38 @@ static __inline__ int atomic_inc_return(atomic_t *v)
+@@ -140,36 +178,23 @@ static __inline__ int atomic_inc_return_relaxed(atomic_t *v)
*/
#define atomic_inc_and_test(v) (atomic_inc_return(v) == 0)
@@ -7884,7 +7933,7 @@ index 55f106e..5968afb 100644
+ return atomic_add_return_unchecked(1, v) == 0;
}
--static __inline__ int atomic_dec_return(atomic_t *v)
+-static __inline__ int atomic_dec_return_relaxed(atomic_t *v)
+/*
+ * atomic_dec - decrement atomic variable
+ * @v: pointer of type atomic_t
@@ -7892,30 +7941,30 @@ index 55f106e..5968afb 100644
+ * Atomically decrements @v by 1
+ */
+#define atomic_dec(v) atomic_sub(1, (v))
-+#define atomic_dec_return(v) atomic_sub_return(1, (v))
++#define atomic_dec_return_relaxed(v) atomic_sub_return_relaxed(1, (v))
+
+static __inline__ void atomic_dec_unchecked(atomic_unchecked_t *v)
{
- int t;
-
- __asm__ __volatile__(
-- PPC_ATOMIC_ENTRY_BARRIER
--"1: lwarx %0,0,%1 # atomic_dec_return\n\
-- addic %0,%0,-1\n"
-- PPC405_ERR77(0,%1)
--" stwcx. %0,0,%1\n\
-- bne- 1b"
-- PPC_ATOMIC_EXIT_BARRIER
-- : "=&r" (t)
+-"1: lwarx %0,0,%2 # atomic_dec_return_relaxed\n"
+-" addic %0,%0,-1\n"
+- PPC405_ERR77(0, %2)
+-" stwcx. %0,0,%2\n"
+-" bne- 1b"
+- : "=&r" (t), "+m" (v->counter)
- : "r" (&v->counter)
-- : "cc", "xer", "memory");
+- : "cc", "xer");
-
- return t;
+ atomic_sub_unchecked(1, v);
}
- #define atomic_cmpxchg(v, o, n) (cmpxchg(&((v)->counter), (o), (n)))
+ #define atomic_inc_return_relaxed atomic_inc_return_relaxed
+@@ -184,6 +209,16 @@ static __inline__ int atomic_dec_return_relaxed(atomic_t *v)
#define atomic_xchg(v, new) (xchg(&((v)->counter), new))
+ #define atomic_xchg_relaxed(v, new) xchg_relaxed(&((v)->counter), (new))
+static inline int atomic_cmpxchg_unchecked(atomic_unchecked_t *v, int old, int new)
+{
@@ -7930,7 +7979,7 @@ index 55f106e..5968afb 100644
/**
* __atomic_add_unless - add unless the number is a given value
* @v: pointer of type atomic_t
-@@ -175,11 +206,27 @@ static __inline__ int __atomic_add_unless(atomic_t *v, int a, int u)
+@@ -201,11 +236,27 @@ static __inline__ int __atomic_add_unless(atomic_t *v, int a, int u)
PPC_ATOMIC_ENTRY_BARRIER
"1: lwarx %0,0,%1 # __atomic_add_unless\n\
cmpw 0,%0,%3 \n\
@@ -7960,7 +8009,7 @@ index 55f106e..5968afb 100644
PPC_ATOMIC_EXIT_BARRIER
" subf %0,%2,%0 \n\
2:"
-@@ -265,37 +312,60 @@ static __inline__ long atomic64_read(const atomic64_t *v)
+@@ -291,37 +342,59 @@ static __inline__ long atomic64_read(const atomic64_t *v)
return t;
}
@@ -8003,42 +8052,42 @@ index 55f106e..5968afb 100644
: "cc"); \
}
--#define ATOMIC64_OP_RETURN(op, asm_op) \
--static __inline__ long atomic64_##op##_return(long a, atomic64_t *v) \
+-#define ATOMIC64_OP_RETURN_RELAXED(op, asm_op) \
+-static inline long \
+-atomic64_##op##_return_relaxed(long a, atomic64_t *v) \
+#define ATOMIC64_OP(op, asm_op) __ATOMIC64_OP(op, , , asm_op, , ) \
+ __ATOMIC64_OP(op, _unchecked, __OVERFLOW_PRE, __REFCOUNT_OP(asm_op), __OVERFLOW_POST, __OVERFLOW_EXTABLE)
+
+#define __ATOMIC64_OP_RETURN(op, suffix, pre_op, asm_op, post_op, extable)\
-+static inline long atomic64_##op##_return##suffix(long a, atomic64##suffix##_t *v)\
++static inline long atomic64_##op##_return##suffix##_relaxed(long a, atomic64##suffix##_t *v)\
{ \
long t; \
\
__asm__ __volatile__( \
- PPC_ATOMIC_ENTRY_BARRIER \
- "1: ldarx %0,0,%2 # atomic64_" #op "_return\n" \
+ "1: ldarx %0,0,%3 # atomic64_" #op "_return_relaxed\n" \
+ pre_op \
- #asm_op " %0,%1,%0\n" \
+ #asm_op " %0,%2,%0\n" \
+ post_op \
- " stdcx. %0,0,%2 \n" \
+ " stdcx. %0,0,%3\n" \
" bne- 1b\n" \
+ extable \
- PPC_ATOMIC_EXIT_BARRIER \
- : "=&r" (t) \
+ : "=&r" (t), "+m" (v->counter) \
: "r" (a), "r" (&v->counter) \
-@@ -304,6 +374,9 @@ static __inline__ long atomic64_##op##_return(long a, atomic64_t *v) \
+ : "cc"); \
+@@ -329,6 +402,9 @@ atomic64_##op##_return_relaxed(long a, atomic64_t *v) \
return t; \
}
-+#define ATOMIC64_OP_RETURN(op, asm_op) __ATOMIC64_OP_RETURN(op, , , asm_op, , )\
++#define ATOMIC64_OP_RETURN_RELAXED(op, asm_op) __ATOMIC64_OP_RETURN(op, , , asm_op, , )\
+ __ATOMIC64_OP_RETURN(op, _unchecked, __OVERFLOW_PRE, __REFCOUNT_OP(asm_op), __OVERFLOW_POST, __OVERFLOW_EXTABLE)
+
- #define ATOMIC64_OPS(op, asm_op) ATOMIC64_OP(op, asm_op) ATOMIC64_OP_RETURN(op, asm_op)
-
- ATOMIC64_OPS(add, add)
-@@ -314,40 +387,33 @@ ATOMIC64_OP(xor, xor)
+ #define ATOMIC64_OPS(op, asm_op) \
+ ATOMIC64_OP(op, asm_op) \
+ ATOMIC64_OP_RETURN_RELAXED(op, asm_op)
+@@ -344,38 +420,33 @@ ATOMIC64_OP(xor, xor)
- #undef ATOMIC64_OPS
- #undef ATOMIC64_OP_RETURN
+ #undef ATOPIC64_OPS
+ #undef ATOMIC64_OP_RETURN_RELAXED
+#undef __ATOMIC64_OP_RETURN
#undef ATOMIC64_OP
+#undef __ATOMIC64_OP
@@ -8059,7 +8108,7 @@ index 55f106e..5968afb 100644
+ * Automatically increments @v by 1
+ */
+#define atomic64_inc(v) atomic64_add(1, (v))
-+#define atomic64_inc_return(v) atomic64_add_return(1, (v))
++#define atomic64_inc_return_relaxed(v) atomic64_add_return_relaxed(1, (v))
- __asm__ __volatile__(
-"1: ldarx %0,0,%2 # atomic64_inc\n\
@@ -8074,28 +8123,26 @@ index 55f106e..5968afb 100644
+ atomic64_add_unchecked(1, v);
}
--static __inline__ long atomic64_inc_return(atomic64_t *v)
-+static inline long atomic64_inc_return_unchecked(atomic64_unchecked_t *v)
+-static __inline__ long atomic64_inc_return_relaxed(atomic64_t *v)
++static inline long atomic64_inc_return_unchecked_relaxed(atomic64_unchecked_t *v)
{
- long t;
-
- __asm__ __volatile__(
-- PPC_ATOMIC_ENTRY_BARRIER
--"1: ldarx %0,0,%1 # atomic64_inc_return\n\
-- addic %0,%0,1\n\
-- stdcx. %0,0,%1 \n\
-- bne- 1b"
-- PPC_ATOMIC_EXIT_BARRIER
-- : "=&r" (t)
+-"1: ldarx %0,0,%2 # atomic64_inc_return_relaxed\n"
+-" addic %0,%0,1\n"
+-" stdcx. %0,0,%2\n"
+-" bne- 1b"
+- : "=&r" (t), "+m" (v->counter)
- : "r" (&v->counter)
-- : "cc", "xer", "memory");
+- : "cc", "xer");
-
- return t;
-+ return atomic64_add_return_unchecked(1, v);
++ return atomic64_add_return_unchecked_relaxed(1, v);
}
/*
-@@ -360,36 +426,18 @@ static __inline__ long atomic64_inc_return(atomic64_t *v)
+@@ -388,34 +459,18 @@ static __inline__ long atomic64_inc_return_relaxed(atomic64_t *v)
*/
#define atomic64_inc_and_test(v) (atomic64_inc_return(v) == 0)
@@ -8107,7 +8154,7 @@ index 55f106e..5968afb 100644
+ * Atomically decrements @v by 1
+ */
+#define atomic64_dec(v) atomic64_sub(1, (v))
-+#define atomic64_dec_return(v) atomic64_sub_return(1, (v))
++#define atomic64_dec_return_relaxed(v) atomic64_sub_return_relaxed(1, (v))
+
+static __inline__ void atomic64_dec_unchecked(atomic64_unchecked_t *v)
{
@@ -8123,29 +8170,27 @@ index 55f106e..5968afb 100644
- : "cc", "xer");
-}
-
--static __inline__ long atomic64_dec_return(atomic64_t *v)
+-static __inline__ long atomic64_dec_return_relaxed(atomic64_t *v)
-{
- long t;
-
- __asm__ __volatile__(
-- PPC_ATOMIC_ENTRY_BARRIER
--"1: ldarx %0,0,%1 # atomic64_dec_return\n\
-- addic %0,%0,-1\n\
-- stdcx. %0,0,%1\n\
-- bne- 1b"
-- PPC_ATOMIC_EXIT_BARRIER
-- : "=&r" (t)
+-"1: ldarx %0,0,%2 # atomic64_dec_return_relaxed\n"
+-" addic %0,%0,-1\n"
+-" stdcx. %0,0,%2\n"
+-" bne- 1b"
+- : "=&r" (t), "+m" (v->counter)
- : "r" (&v->counter)
-- : "cc", "xer", "memory");
+- : "cc", "xer");
-
- return t;
+ atomic64_sub_unchecked(1, v);
}
- #define atomic64_sub_and_test(a, v) (atomic64_sub_return((a), (v)) == 0)
-@@ -422,6 +470,16 @@ static __inline__ long atomic64_dec_if_positive(atomic64_t *v)
- #define atomic64_cmpxchg(v, o, n) (cmpxchg(&((v)->counter), (o), (n)))
+ #define atomic64_inc_return_relaxed atomic64_inc_return_relaxed
+@@ -457,6 +512,16 @@ static __inline__ long atomic64_dec_if_positive(atomic64_t *v)
#define atomic64_xchg(v, new) (xchg(&((v)->counter), new))
+ #define atomic64_xchg_relaxed(v, new) xchg_relaxed(&((v)->counter), (new))
+static inline long atomic64_cmpxchg_unchecked(atomic64_unchecked_t *v, long old, long new)
+{
@@ -8160,7 +8205,7 @@ index 55f106e..5968afb 100644
/**
* atomic64_add_unless - add unless the number is a given value
* @v: pointer of type atomic64_t
-@@ -437,13 +495,29 @@ static __inline__ int atomic64_add_unless(atomic64_t *v, long a, long u)
+@@ -472,13 +537,29 @@ static __inline__ int atomic64_add_unless(atomic64_t *v, long a, long u)
__asm__ __volatile__ (
PPC_ATOMIC_ENTRY_BARRIER
@@ -8206,7 +8251,7 @@ index 264b754..187b7f6 100644
#define _PAGE_NO_CACHE 0x020 /* I: cache inhibit */
#define _PAGE_WRITETHRU 0x040 /* W: cache write-through */
diff --git a/arch/powerpc/include/asm/cache.h b/arch/powerpc/include/asm/cache.h
-index 5f8229e..385d90b 100644
+index ffbafbf..71d037f 100644
--- a/arch/powerpc/include/asm/cache.h
+++ b/arch/powerpc/include/asm/cache.h
@@ -3,6 +3,8 @@
@@ -8355,12 +8400,12 @@ index b8da913..c02b593 100644
/**
diff --git a/arch/powerpc/include/asm/mman.h b/arch/powerpc/include/asm/mman.h
-index 8565c25..2865190 100644
+index 2563c43..d6fdd62 100644
--- a/arch/powerpc/include/asm/mman.h
+++ b/arch/powerpc/include/asm/mman.h
-@@ -24,7 +24,7 @@ static inline unsigned long arch_calc_vm_prot_bits(unsigned long prot)
+@@ -25,7 +25,7 @@ static inline unsigned long arch_calc_vm_prot_bits(unsigned long prot,
}
- #define arch_calc_vm_prot_bits(prot) arch_calc_vm_prot_bits(prot)
+ #define arch_calc_vm_prot_bits(prot, pkey) arch_calc_vm_prot_bits(prot, pkey)
-static inline pgprot_t arch_vm_get_page_prot(unsigned long vm_flags)
+static inline pgprot_t arch_vm_get_page_prot(vm_flags_t vm_flags)
@@ -8368,7 +8413,7 @@ index 8565c25..2865190 100644
return (vm_flags & VM_SAO) ? __pgprot(_PAGE_SAO) : __pgprot(0);
}
diff --git a/arch/powerpc/include/asm/page.h b/arch/powerpc/include/asm/page.h
-index e34124f..c146c14 100644
+index ab3d897..cbc0693 100644
--- a/arch/powerpc/include/asm/page.h
+++ b/arch/powerpc/include/asm/page.h
@@ -230,8 +230,9 @@ extern long long virt_phys_offset;
@@ -8419,19 +8464,19 @@ index d908a46..3753f71 100644
#include <asm-generic/getorder.h>
diff --git a/arch/powerpc/include/asm/pgalloc-64.h b/arch/powerpc/include/asm/pgalloc-64.h
-index 69ef28a..216486d 100644
+index 8d5fc3a..528a418 100644
--- a/arch/powerpc/include/asm/pgalloc-64.h
+++ b/arch/powerpc/include/asm/pgalloc-64.h
@@ -54,6 +54,7 @@ static inline void pgd_free(struct mm_struct *mm, pgd_t *pgd)
#ifndef CONFIG_PPC_64K_PAGES
- #define pgd_populate(MM, PGD, PUD) pgd_set(PGD, (unsigned long)PUD)
+ #define pgd_populate(MM, PGD, PUD) pgd_set(PGD, __pgtable_ptr_val(PUD))
+#define pgd_populate_kernel(MM, PGD, PUD) pgd_populate((MM), (PGD), (PUD))
static inline pud_t *pud_alloc_one(struct mm_struct *mm, unsigned long addr)
{
@@ -71,6 +72,11 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd)
- pud_set(pud, (unsigned long)pmd);
+ pud_set(pud, __pgtable_ptr_val(pmd));
}
+static inline void pud_populate_kernel(struct mm_struct *mm, pud_t *pud, pmd_t *pmd)
@@ -8442,16 +8487,20 @@ index 69ef28a..216486d 100644
static inline void pmd_populate_kernel(struct mm_struct *mm, pmd_t *pmd,
pte_t *pte)
{
-@@ -172,6 +178,7 @@ extern void __tlb_remove_table(void *_table);
- #endif
-
- #define pud_populate(mm, pud, pmd) pud_set(pud, (unsigned long)pmd)
-+#define pud_populate_kernel(mm, pud, pmd) pud_populate((mm), (pud), (pmd))
+@@ -195,6 +201,11 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd)
+ pud_set(pud, __pgtable_ptr_val(pmd));
+ }
++static inline void pud_populate_kernel(struct mm_struct *mm, pud_t *pud, pmd_t *pmd)
++{
++ pud_populate(mm, pud, pmd);
++}
++
static inline void pmd_populate_kernel(struct mm_struct *mm, pmd_t *pmd,
pte_t *pte)
+ {
diff --git a/arch/powerpc/include/asm/pgtable.h b/arch/powerpc/include/asm/pgtable.h
-index ac9fb11..4efa476 100644
+index 47897a3..6d21683 100644
--- a/arch/powerpc/include/asm/pgtable.h
+++ b/arch/powerpc/include/asm/pgtable.h
@@ -1,6 +1,7 @@
@@ -8463,10 +8512,10 @@ index ac9fb11..4efa476 100644
#include <linux/mmdebug.h>
#include <linux/mmzone.h>
diff --git a/arch/powerpc/include/asm/reg.h b/arch/powerpc/include/asm/reg.h
-index c4cb2ff..b04130e 100644
+index 166d863..7d5ebdf 100644
--- a/arch/powerpc/include/asm/reg.h
+++ b/arch/powerpc/include/asm/reg.h
-@@ -253,6 +253,7 @@
+@@ -261,6 +261,7 @@
#define SPRN_DBCR 0x136 /* e300 Data Breakpoint Control Reg */
#define SPRN_DSISR 0x012 /* Data Storage Interrupt Status Register */
#define DSISR_NOHPTE 0x40000000 /* no translation found */
@@ -8475,7 +8524,7 @@ index c4cb2ff..b04130e 100644
#define DSISR_ISSTORE 0x02000000 /* access was a store */
#define DSISR_DABRMATCH 0x00400000 /* hit data breakpoint */
diff --git a/arch/powerpc/include/asm/smp.h b/arch/powerpc/include/asm/smp.h
-index 825663c..f9e9134 100644
+index e1afd4c..d75924a 100644
--- a/arch/powerpc/include/asm/smp.h
+++ b/arch/powerpc/include/asm/smp.h
@@ -51,7 +51,7 @@ struct smp_ops_t {
@@ -8791,7 +8840,7 @@ index b7c20f0..4adc0f1 100644
static inline unsigned long clear_user(void __user *addr, unsigned long size)
diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile
-index 794f22a..9a76447 100644
+index 2da380f..0ba9052 100644
--- a/arch/powerpc/kernel/Makefile
+++ b/arch/powerpc/kernel/Makefile
@@ -14,6 +14,11 @@ CFLAGS_prom_init.o += -fPIC
@@ -8805,9 +8854,9 @@ index 794f22a..9a76447 100644
+
ifdef CONFIG_FUNCTION_TRACER
# Do not trace early boot code
- CFLAGS_REMOVE_cputable.o = -pg -mno-sched-epilog
-@@ -26,6 +31,8 @@ CFLAGS_REMOVE_ftrace.o = -pg -mno-sched-epilog
- CFLAGS_REMOVE_time.o = -pg -mno-sched-epilog
+ CFLAGS_REMOVE_cputable.o = -mno-sched-epilog $(CC_FLAGS_FTRACE)
+@@ -26,6 +31,8 @@ CFLAGS_REMOVE_ftrace.o = -mno-sched-epilog $(CC_FLAGS_FTRACE)
+ CFLAGS_REMOVE_time.o = -mno-sched-epilog $(CC_FLAGS_FTRACE)
endif
+CFLAGS_REMOVE_prom_init.o += $(LATENT_ENTROPY_PLUGIN_CFLAGS)
@@ -8875,7 +8924,7 @@ index 290559d..0094ddb 100644
#endif
}
diff --git a/arch/powerpc/kernel/module_32.c b/arch/powerpc/kernel/module_32.c
-index 2c01665..85a54a8 100644
+index 5a7a78f..c0e4207 100644
--- a/arch/powerpc/kernel/module_32.c
+++ b/arch/powerpc/kernel/module_32.c
@@ -158,7 +158,7 @@ int module_frob_arch_sections(Elf32_Ehdr *hdr,
@@ -8907,20 +8956,20 @@ index 2c01665..85a54a8 100644
/* Find this entry, or if that fails, the next avail. entry */
while (entry->jump[0]) {
-@@ -296,7 +301,7 @@ int apply_relocate_add(Elf32_Shdr *sechdrs,
- }
+@@ -301,7 +306,7 @@ int apply_relocate_add(Elf32_Shdr *sechdrs,
#ifdef CONFIG_DYNAMIC_FTRACE
- module->arch.tramp =
-- do_plt_call(module->core_layout.base,
-+ do_plt_call(module->core_layout.base_rx,
- (unsigned long)ftrace_caller,
- sechdrs, module);
- #endif
+ int module_finalize_ftrace(struct module *module, const Elf_Shdr *sechdrs)
+ {
+- module->arch.tramp = do_plt_call(module->core_layout.base,
++ module->arch.tramp = do_plt_call(module->core_layout.base_rx,
+ (unsigned long)ftrace_caller,
+ sechdrs, module);
+ if (!module->arch.tramp)
diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c
-index 54ed9c7..681162e5 100644
+index b8500b4..2873781 100644
--- a/arch/powerpc/kernel/process.c
+++ b/arch/powerpc/kernel/process.c
-@@ -1185,8 +1185,8 @@ void show_regs(struct pt_regs * regs)
+@@ -1318,8 +1318,8 @@ void show_regs(struct pt_regs * regs)
* Lookup NIP late so we have the best change of getting the
* above info out without failing
*/
@@ -8931,7 +8980,7 @@ index 54ed9c7..681162e5 100644
#endif
show_stack(current, (unsigned long *) regs->gpr[1]);
if (!user_mode(regs))
-@@ -1695,10 +1695,10 @@ void show_stack(struct task_struct *tsk, unsigned long *stack)
+@@ -1829,10 +1829,10 @@ void show_stack(struct task_struct *tsk, unsigned long *stack)
newsp = stack[0];
ip = stack[STACK_FRAME_LR_SAVE];
if (!firstframe || ip != lr) {
@@ -8944,7 +8993,7 @@ index 54ed9c7..681162e5 100644
(void *)current->ret_stack[curr_frame].ret);
curr_frame--;
}
-@@ -1718,7 +1718,7 @@ void show_stack(struct task_struct *tsk, unsigned long *stack)
+@@ -1852,7 +1852,7 @@ void show_stack(struct task_struct *tsk, unsigned long *stack)
struct pt_regs *regs = (struct pt_regs *)
(sp + STACK_FRAME_OVERHEAD);
lr = regs->link;
@@ -8953,7 +9002,7 @@ index 54ed9c7..681162e5 100644
regs->trap, (void *)regs->nip, (void *)lr);
firstframe = 1;
}
-@@ -1755,13 +1755,6 @@ void notrace __ppc64_runlatch_off(void)
+@@ -1889,13 +1889,6 @@ void notrace __ppc64_runlatch_off(void)
}
#endif /* CONFIG_PPC64 */
@@ -9033,7 +9082,7 @@ index 2552079..a290dc8a 100644
} else {
err |= setup_trampoline(__NR_rt_sigreturn, &frame->tramp[0]);
diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c
-index b6becc7..31a89c4 100644
+index 9229ba6..f6aaa3c 100644
--- a/arch/powerpc/kernel/traps.c
+++ b/arch/powerpc/kernel/traps.c
@@ -36,6 +36,7 @@
@@ -9063,7 +9112,7 @@ index b6becc7..31a89c4 100644
do_exit(signr);
}
-@@ -1139,6 +1145,26 @@ void __kprobes program_check_exception(struct pt_regs *regs)
+@@ -1138,6 +1144,26 @@ void __kprobes program_check_exception(struct pt_regs *regs)
enum ctx_state prev_state = exception_enter();
unsigned int reason = get_reason(regs);
@@ -9393,7 +9442,7 @@ index 911064a..dcbb025 100644
+
#endif /* __ARCH_S390_ATOMIC__ */
diff --git a/arch/s390/include/asm/cache.h b/arch/s390/include/asm/cache.h
-index 4d7ccac..d03d0ad 100644
+index 22da3b3..80c7915 100644
--- a/arch/s390/include/asm/cache.h
+++ b/arch/s390/include/asm/cache.h
@@ -9,8 +9,10 @@
@@ -9439,7 +9488,7 @@ index c4a93d6..4d2a9b4 100644
#endif /* __ASM_EXEC_H */
diff --git a/arch/s390/include/asm/uaccess.h b/arch/s390/include/asm/uaccess.h
-index 9dd4cc4..36f4b84 100644
+index e0900dd..72d683d 100644
--- a/arch/s390/include/asm/uaccess.h
+++ b/arch/s390/include/asm/uaccess.h
@@ -59,6 +59,7 @@ static inline int __range_ok(unsigned long addr, unsigned long size)
@@ -9450,7 +9499,7 @@ index 9dd4cc4..36f4b84 100644
#define access_ok(type, addr, size) __access_ok(addr, size)
/*
-@@ -278,6 +279,10 @@ static inline unsigned long __must_check
+@@ -272,6 +273,10 @@ static inline unsigned long __must_check
copy_to_user(void __user *to, const void *from, unsigned long n)
{
might_fault();
@@ -9461,7 +9510,7 @@ index 9dd4cc4..36f4b84 100644
return __copy_to_user(to, from, n);
}
-@@ -307,10 +312,14 @@ __compiletime_warning("copy_from_user() buffer size is not provably correct")
+@@ -301,10 +306,14 @@ __compiletime_warning("copy_from_user() buffer size is not provably correct")
static inline unsigned long __must_check
copy_from_user(void *to, const void __user *from, unsigned long n)
{
@@ -9572,7 +9621,7 @@ index 2bba7df..8f1e6b5 100644
{
return (get_random_int() & BRK_RND_MASK) << PAGE_SHIFT;
diff --git a/arch/s390/mm/mmap.c b/arch/s390/mm/mmap.c
-index 45c4daa..42703fb 100644
+index 89cf09e..cc41962 100644
--- a/arch/s390/mm/mmap.c
+++ b/arch/s390/mm/mmap.c
@@ -200,9 +200,9 @@ s390_get_unmapped_area(struct file *filp, unsigned long addr,
@@ -9784,7 +9833,7 @@ index 57ffaf2..4d1fe9a 100644
select OLD_SIGSUSPEND
select ARCH_HAS_SG_CHAIN
diff --git a/arch/sparc/include/asm/atomic_64.h b/arch/sparc/include/asm/atomic_64.h
-index f2fbf9e..fea461e 100644
+index f2fbf9e..303217c 100644
--- a/arch/sparc/include/asm/atomic_64.h
+++ b/arch/sparc/include/asm/atomic_64.h
@@ -15,18 +15,38 @@
@@ -9931,7 +9980,7 @@ index f2fbf9e..fea461e 100644
if (likely(old == c))
break;
c = old;
-@@ -94,20 +163,35 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u)
+@@ -94,20 +163,40 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u)
#define atomic64_cmpxchg(v, o, n) \
((__typeof__((v)->counter))cmpxchg(&((v)->counter), (o), (n)))
#define atomic64_xchg(v, new) (xchg(&((v)->counter), new))
@@ -9939,6 +9988,11 @@ index f2fbf9e..fea461e 100644
+{
+ return xchg(&v->counter, new);
+}
++static inline long atomic64_cmpxchg_unchecked(atomic64_unchecked_t *v, long old,
++ long new)
++{
++ return cmpxchg(&(v->counter), old, new);
++}
static inline long atomic64_add_unless(atomic64_t *v, long a, long u)
{
@@ -10432,7 +10486,7 @@ index e9a51d6..3ef910c 100644
ret = copy_to_user_fixup(to, from, size);
return ret;
diff --git a/arch/sparc/kernel/Makefile b/arch/sparc/kernel/Makefile
-index 7cf9c6e..6206648 100644
+index fdb1332..1b10f89 100644
--- a/arch/sparc/kernel/Makefile
+++ b/arch/sparc/kernel/Makefile
@@ -4,7 +4,7 @@
@@ -10475,7 +10529,7 @@ index c5113c7..52322e4 100644
} while (++count < 16);
printk("\n");
diff --git a/arch/sparc/kernel/process_64.c b/arch/sparc/kernel/process_64.c
-index 46a5964..a35c62c 100644
+index c16ef1a..8b38d7b 100644
--- a/arch/sparc/kernel/process_64.c
+++ b/arch/sparc/kernel/process_64.c
@@ -161,7 +161,7 @@ static void show_regwindow(struct pt_regs *regs)
@@ -10567,7 +10621,7 @@ index 9ddc492..27a5619 100644
if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
diff --git a/arch/sparc/kernel/smp_64.c b/arch/sparc/kernel/smp_64.c
-index 19cd08d..ff21e99 100644
+index 8a6151a..fa3cbb1 100644
--- a/arch/sparc/kernel/smp_64.c
+++ b/arch/sparc/kernel/smp_64.c
@@ -891,7 +891,7 @@ void smp_flush_dcache_page_impl(struct page *page, int cpu)
@@ -10620,7 +10674,7 @@ index 646988d..b88905f 100644
info.flags = 0;
info.length = len;
diff --git a/arch/sparc/kernel/sys_sparc_64.c b/arch/sparc/kernel/sys_sparc_64.c
-index b489e97..44620ad 100644
+index fe8b8ee..3f17a96 100644
--- a/arch/sparc/kernel/sys_sparc_64.c
+++ b/arch/sparc/kernel/sys_sparc_64.c
@@ -89,13 +89,14 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi
@@ -11068,7 +11122,7 @@ index d21cd62..00a4a17 100644
}
EXPORT_SYMBOL(die_if_kernel);
diff --git a/arch/sparc/kernel/unaligned_64.c b/arch/sparc/kernel/unaligned_64.c
-index d89e97b..b4b583de 100644
+index 9aacb91..6415c82 100644
--- a/arch/sparc/kernel/unaligned_64.c
+++ b/arch/sparc/kernel/unaligned_64.c
@@ -297,7 +297,7 @@ static void log_unaligned(struct pt_regs *regs)
@@ -11094,7 +11148,7 @@ index 3269b02..64f5231 100644
lib-$(CONFIG_SPARC32) += ashrdi3.o
lib-$(CONFIG_SPARC32) += memcpy.o memset.o
diff --git a/arch/sparc/lib/atomic_64.S b/arch/sparc/lib/atomic_64.S
-index d6b0363..552bcbb6 100644
+index d6b0363..7fe8079 100644
--- a/arch/sparc/lib/atomic_64.S
+++ b/arch/sparc/lib/atomic_64.S
@@ -15,11 +15,22 @@
@@ -11196,7 +11250,7 @@ index d6b0363..552bcbb6 100644
ENDPROC(atomic64_##op##_return);
+#define ATOMIC64_OP_RETURN(op) __ATOMIC64_OP_RETURN(op, , op, ) \
-+i __ATOMIC64_OP_RETURN(op, _unchecked, __REFCOUNT_OP(op), __OVERFLOW_XOP)
++ __ATOMIC64_OP_RETURN(op, _unchecked, __REFCOUNT_OP(op), __OVERFLOW_XOP)
+
#define ATOMIC64_OPS(op) ATOMIC64_OP(op) ATOMIC64_OP_RETURN(op)
@@ -11215,7 +11269,7 @@ index d6b0363..552bcbb6 100644
ENTRY(atomic64_dec_if_positive) /* %o0 = atomic_ptr */
BACKOFF_SETUP(%o2)
diff --git a/arch/sparc/lib/ksyms.c b/arch/sparc/lib/ksyms.c
-index 8eb454c..9f95c5b 100644
+index 8eb454c..7bd92f6 100644
--- a/arch/sparc/lib/ksyms.c
+++ b/arch/sparc/lib/ksyms.c
@@ -101,7 +101,9 @@ EXPORT_SYMBOL(__clear_user);
@@ -11233,8 +11287,8 @@ index 8eb454c..9f95c5b 100644
#define ATOMIC_OPS(op) ATOMIC_OP(op) ATOMIC_OP_RETURN(op)
ATOMIC_OPS(add)
-+EXPORT_SYMBOL(atomic_add_ret_unchecked);
-+EXPORT_SYMBOL(atomic64_add_ret_unchecked);
++EXPORT_SYMBOL(atomic_add_return_unchecked);
++EXPORT_SYMBOL(atomic64_add_return_unchecked);
ATOMIC_OPS(sub)
ATOMIC_OP(and)
ATOMIC_OP(or)
@@ -11252,7 +11306,7 @@ index 30c3ecc..736f015 100644
obj-$(CONFIG_SPARC64) += ultra.o tlb.o tsb.o gup.o
obj-y += fault_$(BITS).o
diff --git a/arch/sparc/mm/fault_32.c b/arch/sparc/mm/fault_32.c
-index c399e7b..2387414 100644
+index b6c559c..cc30ea0 100644
--- a/arch/sparc/mm/fault_32.c
+++ b/arch/sparc/mm/fault_32.c
@@ -22,6 +22,9 @@
@@ -12089,7 +12143,7 @@ index cb841a3..f2061fb 100644
* load/store/atomic was a write or not, it only says that there
* was no match. So in such a case we (carefully) read the
diff --git a/arch/sparc/mm/hugetlbpage.c b/arch/sparc/mm/hugetlbpage.c
-index 131eaf4..4ad6678 100644
+index ba52e64..eee5791 100644
--- a/arch/sparc/mm/hugetlbpage.c
+++ b/arch/sparc/mm/hugetlbpage.c
@@ -25,8 +25,10 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *filp,
@@ -12201,7 +12255,7 @@ index 131eaf4..4ad6678 100644
pte_t *huge_pte_alloc(struct mm_struct *mm,
diff --git a/arch/sparc/mm/init_64.c b/arch/sparc/mm/init_64.c
-index 6f21685..5831fed 100644
+index 14bb0d5..ae289b8 100644
--- a/arch/sparc/mm/init_64.c
+++ b/arch/sparc/mm/init_64.c
@@ -189,9 +189,9 @@ unsigned long sparc64_kern_sec_context __read_mostly;
@@ -12225,7 +12279,7 @@ index 6f21685..5831fed 100644
#endif
#ifdef DCACHE_ALIASING_POSSIBLE
-@@ -471,10 +471,10 @@ void mmu_info(struct seq_file *m)
+@@ -459,10 +459,10 @@ void mmu_info(struct seq_file *m)
#ifdef CONFIG_DEBUG_DCFLUSH
seq_printf(m, "DCPageFlushes\t: %d\n",
@@ -12239,7 +12293,7 @@ index 6f21685..5831fed 100644
#endif /* CONFIG_DEBUG_DCFLUSH */
}
diff --git a/arch/tile/Kconfig b/arch/tile/Kconfig
-index de4a4ff..477c014 100644
+index 8171930..c60b093 100644
--- a/arch/tile/Kconfig
+++ b/arch/tile/Kconfig
@@ -203,6 +203,7 @@ source "kernel/Kconfig.hz"
@@ -12306,7 +12360,7 @@ index 0a9c4265..bfb62d1 100644
else
copy_from_user_overflow();
diff --git a/arch/tile/mm/hugetlbpage.c b/arch/tile/mm/hugetlbpage.c
-index c034dc3..cf1cc96 100644
+index e212c64..5f238fc 100644
--- a/arch/tile/mm/hugetlbpage.c
+++ b/arch/tile/mm/hugetlbpage.c
@@ -174,6 +174,7 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *file,
@@ -12441,10 +12495,10 @@ index ad8f795..2c7eec6 100644
/*
* Memory returned by kmalloc() may be used for DMA, so we must make
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index 3bf45a0..b08241b 100644
+index 2dc18605..5796232 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
-@@ -38,14 +38,13 @@ config X86
+@@ -39,14 +39,13 @@ config X86
select ARCH_MIGHT_HAVE_PC_SERIO
select ARCH_SUPPORTS_ATOMIC_RMW
select ARCH_SUPPORTS_DEFERRED_STRUCT_PAGE_INIT
@@ -12460,7 +12514,7 @@ index 3bf45a0..b08241b 100644
select ARCH_WANT_FRAME_POINTERS
select ARCH_WANT_IPC_PARSE_VERSION if X86_32
select ARCH_WANT_OPTIONAL_GPIOLIB
-@@ -91,7 +90,7 @@ config X86
+@@ -92,7 +91,7 @@ config X86
select HAVE_ARCH_TRACEHOOK
select HAVE_ARCH_TRANSPARENT_HUGEPAGE
select HAVE_BPF_JIT if X86_64
@@ -12469,7 +12523,7 @@ index 3bf45a0..b08241b 100644
select HAVE_CMPXCHG_DOUBLE
select HAVE_CMPXCHG_LOCAL
select HAVE_CONTEXT_TRACKING if X86_64
-@@ -109,6 +108,7 @@ config X86
+@@ -110,6 +109,7 @@ config X86
select HAVE_FUNCTION_GRAPH_FP_TEST
select HAVE_FUNCTION_GRAPH_TRACER
select HAVE_FUNCTION_TRACER
@@ -12477,7 +12531,7 @@ index 3bf45a0..b08241b 100644
select HAVE_GENERIC_DMA_COHERENT if X86_32
select HAVE_HW_BREAKPOINT
select HAVE_IDE
-@@ -184,11 +184,13 @@ config MMU
+@@ -188,11 +188,13 @@ config MMU
def_bool y
config ARCH_MMAP_RND_BITS_MIN
@@ -12493,7 +12547,7 @@ index 3bf45a0..b08241b 100644
default 16
config ARCH_MMAP_RND_COMPAT_BITS_MIN
-@@ -290,7 +292,7 @@ config X86_64_SMP
+@@ -294,7 +296,7 @@ config X86_64_SMP
config X86_32_LAZY_GS
def_bool y
@@ -12502,7 +12556,7 @@ index 3bf45a0..b08241b 100644
config ARCH_HWEIGHT_CFLAGS
string
-@@ -674,6 +676,7 @@ config SCHED_OMIT_FRAME_POINTER
+@@ -681,6 +683,7 @@ config SCHED_OMIT_FRAME_POINTER
menuconfig HYPERVISOR_GUEST
bool "Linux guest support"
@@ -12510,7 +12564,7 @@ index 3bf45a0..b08241b 100644
---help---
Say Y here to enable options for running Linux under various hyper-
visors. This option enables basic hypervisor detection and platform
-@@ -1073,6 +1076,7 @@ config VM86
+@@ -1080,6 +1083,7 @@ config VM86
config X86_16BIT
bool "Enable support for 16-bit segments" if EXPERT
@@ -12518,7 +12572,7 @@ index 3bf45a0..b08241b 100644
default y
depends on MODIFY_LDT_SYSCALL
---help---
-@@ -1227,6 +1231,7 @@ choice
+@@ -1243,6 +1247,7 @@ choice
config NOHIGHMEM
bool "off"
@@ -12526,7 +12580,7 @@ index 3bf45a0..b08241b 100644
---help---
Linux can use up to 64 Gigabytes of physical memory on x86 systems.
However, the address space of 32-bit x86 processors is only 4
-@@ -1263,6 +1268,7 @@ config NOHIGHMEM
+@@ -1279,6 +1284,7 @@ config NOHIGHMEM
config HIGHMEM4G
bool "4GB"
@@ -12534,7 +12588,7 @@ index 3bf45a0..b08241b 100644
---help---
Select this if you have a 32-bit processor and between 1 and 4
gigabytes of physical RAM.
-@@ -1315,7 +1321,7 @@ config PAGE_OFFSET
+@@ -1331,7 +1337,7 @@ config PAGE_OFFSET
hex
default 0xB0000000 if VMSPLIT_3G_OPT
default 0x80000000 if VMSPLIT_2G
@@ -12543,7 +12597,7 @@ index 3bf45a0..b08241b 100644
default 0x40000000 if VMSPLIT_1G
default 0xC0000000
depends on X86_32
-@@ -1336,7 +1342,6 @@ config X86_PAE
+@@ -1352,7 +1358,6 @@ config X86_PAE
config ARCH_PHYS_ADDR_T_64BIT
def_bool y
@@ -12551,7 +12605,7 @@ index 3bf45a0..b08241b 100644
config ARCH_DMA_ADDR_T_64BIT
def_bool y
-@@ -1467,7 +1472,7 @@ config ARCH_PROC_KCORE_TEXT
+@@ -1483,7 +1488,7 @@ config ARCH_PROC_KCORE_TEXT
config ILLEGAL_POINTER_VALUE
hex
@@ -12560,7 +12614,7 @@ index 3bf45a0..b08241b 100644
default 0xdead000000000000 if X86_64
source "mm/Kconfig"
-@@ -1776,6 +1781,7 @@ source kernel/Kconfig.hz
+@@ -1806,6 +1811,7 @@ source kernel/Kconfig.hz
config KEXEC
bool "kexec system call"
select KEXEC_CORE
@@ -12568,7 +12622,7 @@ index 3bf45a0..b08241b 100644
---help---
kexec is a system call that implements the ability to shutdown your
current kernel, and to start another kernel. It is like a reboot
-@@ -1958,7 +1964,9 @@ config X86_NEED_RELOCS
+@@ -1988,7 +1994,9 @@ config X86_NEED_RELOCS
config PHYSICAL_ALIGN
hex "Alignment value to which kernel should be aligned"
@@ -12579,7 +12633,7 @@ index 3bf45a0..b08241b 100644
range 0x2000 0x1000000 if X86_32
range 0x200000 0x1000000 if X86_64
---help---
-@@ -2041,6 +2049,7 @@ config COMPAT_VDSO
+@@ -2071,6 +2079,7 @@ config COMPAT_VDSO
def_bool n
prompt "Disable the 32-bit vDSO (needed for glibc 2.3.3)"
depends on X86_32 || IA32_EMULATION
@@ -12587,7 +12641,7 @@ index 3bf45a0..b08241b 100644
---help---
Certain buggy versions of glibc will crash if they are
presented with a 32-bit vDSO that is not mapped at the address
-@@ -2081,15 +2090,6 @@ choice
+@@ -2111,15 +2120,6 @@ choice
If unsure, select "Emulate".
@@ -12603,7 +12657,7 @@ index 3bf45a0..b08241b 100644
config LEGACY_VSYSCALL_EMULATE
bool "Emulate"
help
-@@ -2170,6 +2170,22 @@ config MODIFY_LDT_SYSCALL
+@@ -2200,6 +2200,22 @@ config MODIFY_LDT_SYSCALL
Saying 'N' here may make sense for embedded or server kernels.
@@ -12658,7 +12712,7 @@ index 3ba5ff2..44bdacc 100644
config X86_MINIMUM_CPU_FAMILY
int
diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug
-index 9b18ed9..0fb0660 100644
+index 67eec55..1a5c1ab 100644
--- a/arch/x86/Kconfig.debug
+++ b/arch/x86/Kconfig.debug
@@ -55,6 +55,7 @@ config X86_PTDUMP
@@ -12669,15 +12723,15 @@ index 9b18ed9..0fb0660 100644
select X86_PTDUMP_CORE
---help---
Say Y here if you want to show the kernel pagetable layout in a
-@@ -77,7 +78,6 @@ config EFI_PGT_DUMP
- config DEBUG_RODATA
- bool "Write protect kernel read-only data structures"
- default y
-- depends on DEBUG_KERNEL
+@@ -84,6 +85,7 @@ config DEBUG_RODATA_TEST
+
+ config DEBUG_WX
+ bool "Warn on W+X mappings at boot"
++ depends on BROKEN
+ select X86_PTDUMP_CORE
---help---
- Mark the kernel read-only data as write-protected in the pagetables,
- in order to catch accidental (and incorrect) writes to such const
-@@ -123,7 +123,7 @@ config DEBUG_WX
+ Generate a warning if any W+X mappings are found at boot.
+@@ -111,7 +113,7 @@ config DEBUG_WX
config DEBUG_SET_MODULE_RONX
bool "Set loadable kernel module data as NX and text as RO"
@@ -12686,7 +12740,7 @@ index 9b18ed9..0fb0660 100644
---help---
This option helps catch unintended modifications to loadable
kernel module's text and read-only data. It also prevents execution
-@@ -375,6 +375,7 @@ config X86_DEBUG_FPU
+@@ -353,6 +355,7 @@ config X86_DEBUG_FPU
config PUNIT_ATOM_DEBUG
tristate "ATOM Punit debug driver"
select DEBUG_FS
@@ -12772,10 +12826,10 @@ index 9011a88..06aa820 100644
}
diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
-index f9ce75d..245ea76 100644
+index 8774cb2..54bc0df 100644
--- a/arch/x86/boot/compressed/Makefile
+++ b/arch/x86/boot/compressed/Makefile
-@@ -31,6 +31,23 @@ KBUILD_CFLAGS += -mno-mmx -mno-sse
+@@ -35,6 +35,23 @@ KBUILD_CFLAGS += -mno-mmx -mno-sse
KBUILD_CFLAGS += $(call cc-option,-ffreestanding)
KBUILD_CFLAGS += $(call cc-option,-fno-stack-protector)
@@ -12857,10 +12911,10 @@ index 630384a..278e788 100644
.quad 0x0000000000000000 /* TS continued */
efi_gdt64_end:
diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/head_32.S
-index 8ef964d..fcfb8aa 100644
+index 0256064..bef8bbd 100644
--- a/arch/x86/boot/compressed/head_32.S
+++ b/arch/x86/boot/compressed/head_32.S
-@@ -141,10 +141,10 @@ preferred_addr:
+@@ -169,10 +169,10 @@ preferred_addr:
addl %eax, %ebx
notl %eax
andl %eax, %ebx
@@ -12874,10 +12928,10 @@ index 8ef964d..fcfb8aa 100644
/* Target address to relocate to for decompression */
diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S
-index b0c0d16..3b44ff8 100644
+index 86558a1..32f1e7e 100644
--- a/arch/x86/boot/compressed/head_64.S
+++ b/arch/x86/boot/compressed/head_64.S
-@@ -95,10 +95,10 @@ ENTRY(startup_32)
+@@ -103,10 +103,10 @@ ENTRY(startup_32)
addl %eax, %ebx
notl %eax
andl %eax, %ebx
@@ -12890,7 +12944,7 @@ index b0c0d16..3b44ff8 100644
1:
/* Target address to relocate to for decompression */
-@@ -323,10 +323,10 @@ preferred_addr:
+@@ -331,10 +331,10 @@ preferred_addr:
addq %rax, %rbp
notq %rax
andq %rax, %rbp
@@ -12903,7 +12957,7 @@ index b0c0d16..3b44ff8 100644
1:
/* Target address to relocate to for decompression */
-@@ -435,8 +435,8 @@ gdt:
+@@ -443,8 +443,8 @@ gdt:
.long gdt
.word 0
.quad 0x0000000000000000 /* NULL descriptor */
@@ -13089,18 +13143,18 @@ index 9105655..41779c1 100644
movq r1,r2; \
movq r3,r4; \
diff --git a/arch/x86/crypto/aesni-intel_asm.S b/arch/x86/crypto/aesni-intel_asm.S
-index 6bd2c6c..a551119 100644
+index 383a6f8..a4db591 100644
--- a/arch/x86/crypto/aesni-intel_asm.S
+++ b/arch/x86/crypto/aesni-intel_asm.S
-@@ -31,6 +31,7 @@
-
+@@ -32,6 +32,7 @@
#include <linux/linkage.h>
#include <asm/inst.h>
+ #include <asm/frame.h>
+#include <asm/alternative-asm.h>
/*
* The following macros are used to move an (un)aligned 16 byte value to/from
-@@ -217,7 +218,7 @@ enc: .octa 0x2
+@@ -218,7 +219,7 @@ enc: .octa 0x2
* num_initial_blocks = b mod 4
* encrypt the initial num_initial_blocks blocks and apply ghash on
* the ciphertext
@@ -13109,7 +13163,7 @@ index 6bd2c6c..a551119 100644
* are clobbered
* arg1, %arg2, %arg3, %r14 are used as a pointer only, not modified
*/
-@@ -227,8 +228,8 @@ enc: .octa 0x2
+@@ -228,8 +229,8 @@ enc: .octa 0x2
XMM2 XMM3 XMM4 XMMDst TMP6 TMP7 i i_seq operation
MOVADQ SHUF_MASK(%rip), %xmm14
mov arg7, %r10 # %r10 = AAD
@@ -13120,7 +13174,7 @@ index 6bd2c6c..a551119 100644
pxor %xmm\i, %xmm\i
_get_AAD_loop\num_initial_blocks\operation:
-@@ -237,17 +238,17 @@ _get_AAD_loop\num_initial_blocks\operation:
+@@ -238,17 +239,17 @@ _get_AAD_loop\num_initial_blocks\operation:
psrldq $4, %xmm\i
pxor \TMP1, %xmm\i
add $4, %r10
@@ -13142,7 +13196,7 @@ index 6bd2c6c..a551119 100644
jne _get_AAD_loop2\num_initial_blocks\operation
_get_AAD_loop2_done\num_initial_blocks\operation:
-@@ -442,7 +443,7 @@ _initial_blocks_done\num_initial_blocks\operation:
+@@ -443,7 +444,7 @@ _initial_blocks_done\num_initial_blocks\operation:
* num_initial_blocks = b mod 4
* encrypt the initial num_initial_blocks blocks and apply ghash on
* the ciphertext
@@ -13151,7 +13205,7 @@ index 6bd2c6c..a551119 100644
* are clobbered
* arg1, %arg2, %arg3, %r14 are used as a pointer only, not modified
*/
-@@ -452,8 +453,8 @@ _initial_blocks_done\num_initial_blocks\operation:
+@@ -453,8 +454,8 @@ _initial_blocks_done\num_initial_blocks\operation:
XMM2 XMM3 XMM4 XMMDst TMP6 TMP7 i i_seq operation
MOVADQ SHUF_MASK(%rip), %xmm14
mov arg7, %r10 # %r10 = AAD
@@ -13162,7 +13216,7 @@ index 6bd2c6c..a551119 100644
pxor %xmm\i, %xmm\i
_get_AAD_loop\num_initial_blocks\operation:
movd (%r10), \TMP1
-@@ -461,15 +462,15 @@ _get_AAD_loop\num_initial_blocks\operation:
+@@ -462,15 +463,15 @@ _get_AAD_loop\num_initial_blocks\operation:
psrldq $4, %xmm\i
pxor \TMP1, %xmm\i
add $4, %r10
@@ -13182,7 +13236,7 @@ index 6bd2c6c..a551119 100644
jne _get_AAD_loop2\num_initial_blocks\operation
_get_AAD_loop2_done\num_initial_blocks\operation:
PSHUFB_XMM %xmm14, %xmm\i # byte-reflect the AAD data
-@@ -1279,8 +1280,8 @@ _esb_loop_\@:
+@@ -1280,8 +1281,8 @@ _esb_loop_\@:
* poly = x^128 + x^127 + x^126 + x^121 + 1
*
*****************************************************************************/
@@ -13193,7 +13247,7 @@ index 6bd2c6c..a551119 100644
push %r13
push %r14
mov %rsp, %r14
-@@ -1290,8 +1291,8 @@ ENTRY(aesni_gcm_dec)
+@@ -1291,8 +1292,8 @@ ENTRY(aesni_gcm_dec)
*/
sub $VARIABLE_OFFSET, %rsp
and $~63, %rsp # align rsp to 64 bytes
@@ -13204,7 +13258,7 @@ index 6bd2c6c..a551119 100644
movdqa SHUF_MASK(%rip), %xmm2
PSHUFB_XMM %xmm2, %xmm13
-@@ -1319,10 +1320,10 @@ ENTRY(aesni_gcm_dec)
+@@ -1320,10 +1321,10 @@ ENTRY(aesni_gcm_dec)
movdqa %xmm13, HashKey(%rsp) # store HashKey<<1 (mod poly)
mov %arg4, %r13 # save the number of bytes of plaintext/ciphertext
and $-16, %r13 # %r13 = %r13 - (%r13 mod 16)
@@ -13218,7 +13272,7 @@ index 6bd2c6c..a551119 100644
jb _initial_num_blocks_is_1_decrypt
je _initial_num_blocks_is_2_decrypt
_initial_num_blocks_is_3_decrypt:
-@@ -1372,16 +1373,16 @@ _zero_cipher_left_decrypt:
+@@ -1373,16 +1374,16 @@ _zero_cipher_left_decrypt:
sub $16, %r11
add %r13, %r11
movdqu (%arg3,%r11,1), %xmm1 # receive the last <16 byte block
@@ -13239,7 +13293,7 @@ index 6bd2c6c..a551119 100644
# get the appropriate mask to mask out top 16-%r13 bytes of %xmm0
pand %xmm1, %xmm0 # mask out top 16-%r13 bytes of %xmm0
pand %xmm1, %xmm2
-@@ -1410,9 +1411,9 @@ _less_than_8_bytes_left_decrypt:
+@@ -1411,9 +1412,9 @@ _less_than_8_bytes_left_decrypt:
sub $1, %r13
jne _less_than_8_bytes_left_decrypt
_multiple_of_16_bytes_decrypt:
@@ -13252,7 +13306,7 @@ index 6bd2c6c..a551119 100644
shl $3, %arg4 # len(C) in bits (*128)
MOVQ_R64_XMM %arg4, %xmm1
pslldq $8, %xmm15 # %xmm15 = len(A)||0x0000000000000000
-@@ -1451,7 +1452,8 @@ _return_T_done_decrypt:
+@@ -1452,7 +1453,8 @@ _return_T_done_decrypt:
mov %r14, %rsp
pop %r14
pop %r13
@@ -13262,7 +13316,7 @@ index 6bd2c6c..a551119 100644
ret
ENDPROC(aesni_gcm_dec)
-@@ -1539,8 +1541,8 @@ ENDPROC(aesni_gcm_dec)
+@@ -1540,8 +1542,8 @@ ENDPROC(aesni_gcm_dec)
*
* poly = x^128 + x^127 + x^126 + x^121 + 1
***************************************************************************/
@@ -13273,7 +13327,7 @@ index 6bd2c6c..a551119 100644
push %r13
push %r14
mov %rsp, %r14
-@@ -1550,8 +1552,8 @@ ENTRY(aesni_gcm_enc)
+@@ -1551,8 +1553,8 @@ ENTRY(aesni_gcm_enc)
#
sub $VARIABLE_OFFSET, %rsp
and $~63, %rsp
@@ -13284,7 +13338,7 @@ index 6bd2c6c..a551119 100644
movdqa SHUF_MASK(%rip), %xmm2
PSHUFB_XMM %xmm2, %xmm13
-@@ -1575,13 +1577,13 @@ ENTRY(aesni_gcm_enc)
+@@ -1576,13 +1578,13 @@ ENTRY(aesni_gcm_enc)
movdqa %xmm13, HashKey(%rsp)
mov %arg4, %r13 # %xmm13 holds HashKey<<1 (mod poly)
and $-16, %r13
@@ -13301,7 +13355,7 @@ index 6bd2c6c..a551119 100644
jb _initial_num_blocks_is_1_encrypt
je _initial_num_blocks_is_2_encrypt
_initial_num_blocks_is_3_encrypt:
-@@ -1634,14 +1636,14 @@ _zero_cipher_left_encrypt:
+@@ -1635,14 +1637,14 @@ _zero_cipher_left_encrypt:
sub $16, %r11
add %r13, %r11
movdqu (%arg3,%r11,1), %xmm1 # receive the last <16 byte blocks
@@ -13320,7 +13374,7 @@ index 6bd2c6c..a551119 100644
# get the appropriate mask to mask out top 16-r13 bytes of xmm0
pand %xmm1, %xmm0 # mask out top 16-r13 bytes of xmm0
movdqa SHUF_MASK(%rip), %xmm10
-@@ -1674,9 +1676,9 @@ _less_than_8_bytes_left_encrypt:
+@@ -1675,9 +1677,9 @@ _less_than_8_bytes_left_encrypt:
sub $1, %r13
jne _less_than_8_bytes_left_encrypt
_multiple_of_16_bytes_encrypt:
@@ -13333,7 +13387,7 @@ index 6bd2c6c..a551119 100644
shl $3, %arg4 # len(C) in bits (*128)
MOVQ_R64_XMM %arg4, %xmm1
pslldq $8, %xmm15 # %xmm15 = len(A)||0x0000000000000000
-@@ -1715,7 +1717,8 @@ _return_T_done_encrypt:
+@@ -1716,7 +1718,8 @@ _return_T_done_encrypt:
mov %r14, %rsp
pop %r14
pop %r13
@@ -13343,7 +13397,7 @@ index 6bd2c6c..a551119 100644
ret
ENDPROC(aesni_gcm_enc)
-@@ -1733,6 +1736,7 @@ _key_expansion_256a:
+@@ -1734,6 +1737,7 @@ _key_expansion_256a:
pxor %xmm1, %xmm0
movaps %xmm0, (TKEYP)
add $0x10, TKEYP
@@ -13351,7 +13405,7 @@ index 6bd2c6c..a551119 100644
ret
ENDPROC(_key_expansion_128)
ENDPROC(_key_expansion_256a)
-@@ -1759,6 +1763,7 @@ _key_expansion_192a:
+@@ -1760,6 +1764,7 @@ _key_expansion_192a:
shufps $0b01001110, %xmm2, %xmm1
movaps %xmm1, 0x10(TKEYP)
add $0x20, TKEYP
@@ -13359,7 +13413,7 @@ index 6bd2c6c..a551119 100644
ret
ENDPROC(_key_expansion_192a)
-@@ -1779,6 +1784,7 @@ _key_expansion_192b:
+@@ -1780,6 +1785,7 @@ _key_expansion_192b:
movaps %xmm0, (TKEYP)
add $0x10, TKEYP
@@ -13367,7 +13421,7 @@ index 6bd2c6c..a551119 100644
ret
ENDPROC(_key_expansion_192b)
-@@ -1792,6 +1798,7 @@ _key_expansion_256b:
+@@ -1793,6 +1799,7 @@ _key_expansion_256b:
pxor %xmm1, %xmm2
movaps %xmm2, (TKEYP)
add $0x10, TKEYP
@@ -13375,10 +13429,10 @@ index 6bd2c6c..a551119 100644
ret
ENDPROC(_key_expansion_256b)
-@@ -1905,13 +1912,14 @@ ENTRY(aesni_set_key)
- #ifndef __x86_64__
+@@ -1908,13 +1915,14 @@ ENTRY(aesni_set_key)
popl KEYP
#endif
+ FRAME_END
+ pax_force_retaddr
ret
ENDPROC(aesni_set_key)
@@ -13388,18 +13442,18 @@ index 6bd2c6c..a551119 100644
*/
-ENTRY(aesni_enc)
+RAP_ENTRY(aesni_enc)
+ FRAME_BEGIN
#ifndef __x86_64__
pushl KEYP
- pushl KLEN
-@@ -1927,6 +1935,7 @@ ENTRY(aesni_enc)
- popl KLEN
+@@ -1932,6 +1940,7 @@ ENTRY(aesni_enc)
popl KEYP
#endif
+ FRAME_END
+ pax_force_retaddr
ret
ENDPROC(aesni_enc)
-@@ -1985,6 +1994,7 @@ _aesni_enc1:
+@@ -1990,6 +1999,7 @@ _aesni_enc1:
AESENC KEY STATE
movaps 0x70(TKEYP), KEY
AESENCLAST KEY STATE
@@ -13407,7 +13461,7 @@ index 6bd2c6c..a551119 100644
ret
ENDPROC(_aesni_enc1)
-@@ -2094,13 +2104,14 @@ _aesni_enc4:
+@@ -2099,13 +2109,14 @@ _aesni_enc4:
AESENCLAST KEY STATE2
AESENCLAST KEY STATE3
AESENCLAST KEY STATE4
@@ -13420,18 +13474,18 @@ index 6bd2c6c..a551119 100644
*/
-ENTRY(aesni_dec)
+RAP_ENTRY(aesni_dec)
+ FRAME_BEGIN
#ifndef __x86_64__
pushl KEYP
- pushl KLEN
-@@ -2117,6 +2128,7 @@ ENTRY(aesni_dec)
- popl KLEN
+@@ -2124,6 +2135,7 @@ ENTRY(aesni_dec)
popl KEYP
#endif
+ FRAME_END
+ pax_force_retaddr
ret
ENDPROC(aesni_dec)
-@@ -2175,6 +2187,7 @@ _aesni_dec1:
+@@ -2182,6 +2194,7 @@ _aesni_dec1:
AESDEC KEY STATE
movaps 0x70(TKEYP), KEY
AESDECLAST KEY STATE
@@ -13439,7 +13493,7 @@ index 6bd2c6c..a551119 100644
ret
ENDPROC(_aesni_dec1)
-@@ -2284,6 +2297,7 @@ _aesni_dec4:
+@@ -2291,6 +2304,7 @@ _aesni_dec4:
AESDECLAST KEY STATE2
AESDECLAST KEY STATE3
AESDECLAST KEY STATE4
@@ -13447,39 +13501,39 @@ index 6bd2c6c..a551119 100644
ret
ENDPROC(_aesni_dec4)
-@@ -2342,6 +2356,7 @@ ENTRY(aesni_ecb_enc)
- popl KEYP
+@@ -2351,6 +2365,7 @@ ENTRY(aesni_ecb_enc)
popl LEN
#endif
+ FRAME_END
+ pax_force_retaddr
ret
ENDPROC(aesni_ecb_enc)
-@@ -2401,6 +2416,7 @@ ENTRY(aesni_ecb_dec)
- popl KEYP
+@@ -2412,6 +2427,7 @@ ENTRY(aesni_ecb_dec)
popl LEN
#endif
+ FRAME_END
+ pax_force_retaddr
ret
ENDPROC(aesni_ecb_dec)
-@@ -2443,6 +2459,7 @@ ENTRY(aesni_cbc_enc)
- popl LEN
+@@ -2456,6 +2472,7 @@ ENTRY(aesni_cbc_enc)
popl IVP
#endif
+ FRAME_END
+ pax_force_retaddr
ret
ENDPROC(aesni_cbc_enc)
-@@ -2534,6 +2551,7 @@ ENTRY(aesni_cbc_dec)
- popl LEN
+@@ -2549,6 +2566,7 @@ ENTRY(aesni_cbc_dec)
popl IVP
#endif
+ FRAME_END
+ pax_force_retaddr
ret
ENDPROC(aesni_cbc_dec)
-@@ -2561,6 +2579,7 @@ _aesni_inc_init:
+@@ -2578,6 +2596,7 @@ _aesni_inc_init:
mov $1, TCTR_LOW
MOVQ_R64_XMM TCTR_LOW INC
MOVQ_R64_XMM CTR TCTR_LOW
@@ -13487,7 +13541,7 @@ index 6bd2c6c..a551119 100644
ret
ENDPROC(_aesni_inc_init)
-@@ -2590,6 +2609,7 @@ _aesni_inc:
+@@ -2607,6 +2626,7 @@ _aesni_inc:
.Linc_low:
movaps CTR, IV
PSHUFB_XMM BSWAP_MASK IV
@@ -13495,33 +13549,33 @@ index 6bd2c6c..a551119 100644
ret
ENDPROC(_aesni_inc)
-@@ -2597,7 +2617,7 @@ ENDPROC(_aesni_inc)
+@@ -2614,7 +2634,7 @@ ENDPROC(_aesni_inc)
* void aesni_ctr_enc(struct crypto_aes_ctx *ctx, const u8 *dst, u8 *src,
* size_t len, u8 *iv)
*/
-ENTRY(aesni_ctr_enc)
+RAP_ENTRY(aesni_ctr_enc)
+ FRAME_BEGIN
cmp $16, LEN
jb .Lctr_enc_just_ret
- mov 480(KEYP), KLEN
-@@ -2651,6 +2671,7 @@ ENTRY(aesni_ctr_enc)
- .Lctr_enc_ret:
+@@ -2670,6 +2690,7 @@ ENTRY(aesni_ctr_enc)
movups IV, (IVP)
.Lctr_enc_just_ret:
+ FRAME_END
+ pax_force_retaddr
ret
ENDPROC(aesni_ctr_enc)
-@@ -2777,6 +2798,7 @@ ENTRY(aesni_xts_crypt8)
- pxor INC, STATE4
+@@ -2798,6 +2819,7 @@ ENTRY(aesni_xts_crypt8)
movdqu STATE4, 0x70(OUTP)
+ FRAME_END
+ pax_force_retaddr
ret
ENDPROC(aesni_xts_crypt8)
diff --git a/arch/x86/crypto/aesni-intel_glue.c b/arch/x86/crypto/aesni-intel_glue.c
-index 3633ad6..2bf146f 100644
+index 064c7e2..df15412 100644
--- a/arch/x86/crypto/aesni-intel_glue.c
+++ b/arch/x86/crypto/aesni-intel_glue.c
@@ -82,9 +82,9 @@ struct aesni_xts_ctx {
@@ -13602,18 +13656,18 @@ index 246c670..4fb7603 100644
ret;
ENDPROC(blowfish_dec_blk_4way)
diff --git a/arch/x86/crypto/camellia-aesni-avx-asm_64.S b/arch/x86/crypto/camellia-aesni-avx-asm_64.S
-index ce71f92..059975a 100644
+index aa9e8bd..0b8def4 100644
--- a/arch/x86/crypto/camellia-aesni-avx-asm_64.S
+++ b/arch/x86/crypto/camellia-aesni-avx-asm_64.S
-@@ -16,6 +16,7 @@
- */
+@@ -17,6 +17,7 @@
#include <linux/linkage.h>
+ #include <asm/frame.h>
+#include <asm/alternative-asm.h>
#define CAMELLIA_TABLE_BYTE_LEN 272
-@@ -191,6 +192,7 @@ roundsm16_x0_x1_x2_x3_x4_x5_x6_x7_y0_y1_y2_y3_y4_y5_y6_y7_cd:
+@@ -192,6 +193,7 @@ roundsm16_x0_x1_x2_x3_x4_x5_x6_x7_y0_y1_y2_y3_y4_y5_y6_y7_cd:
roundsm16(%xmm0, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7,
%xmm8, %xmm9, %xmm10, %xmm11, %xmm12, %xmm13, %xmm14, %xmm15,
%rcx, (%r9));
@@ -13621,7 +13675,7 @@ index ce71f92..059975a 100644
ret;
ENDPROC(roundsm16_x0_x1_x2_x3_x4_x5_x6_x7_y0_y1_y2_y3_y4_y5_y6_y7_cd)
-@@ -199,6 +201,7 @@ roundsm16_x4_x5_x6_x7_x0_x1_x2_x3_y4_y5_y6_y7_y0_y1_y2_y3_ab:
+@@ -200,6 +202,7 @@ roundsm16_x4_x5_x6_x7_x0_x1_x2_x3_y4_y5_y6_y7_y0_y1_y2_y3_ab:
roundsm16(%xmm4, %xmm5, %xmm6, %xmm7, %xmm0, %xmm1, %xmm2, %xmm3,
%xmm12, %xmm13, %xmm14, %xmm15, %xmm8, %xmm9, %xmm10, %xmm11,
%rax, (%r9));
@@ -13629,23 +13683,23 @@ index ce71f92..059975a 100644
ret;
ENDPROC(roundsm16_x4_x5_x6_x7_x0_x1_x2_x3_y4_y5_y6_y7_y0_y1_y2_y3_ab)
-@@ -780,6 +783,7 @@ __camellia_enc_blk16:
- %xmm8, %xmm9, %xmm10, %xmm11, %xmm12, %xmm13, %xmm14,
+@@ -783,6 +786,7 @@ __camellia_enc_blk16:
%xmm15, (key_table)(CTX, %r8, 8), (%rax), 1 * 16(%rax));
+ FRAME_END
+ pax_force_retaddr
ret;
.align 8
-@@ -865,6 +869,7 @@ __camellia_dec_blk16:
- %xmm8, %xmm9, %xmm10, %xmm11, %xmm12, %xmm13, %xmm14,
+@@ -870,6 +874,7 @@ __camellia_dec_blk16:
%xmm15, (key_table)(CTX), (%rax), 1 * 16(%rax));
+ FRAME_END
+ pax_force_retaddr
ret;
.align 8
-@@ -884,7 +889,7 @@ __camellia_dec_blk16:
+@@ -889,7 +894,7 @@ __camellia_dec_blk16:
jmp .Ldec_max24;
ENDPROC(__camellia_dec_blk16)
@@ -13654,10 +13708,10 @@ index ce71f92..059975a 100644
/* input:
* %rdi: ctx, CTX
* %rsi: dst (16 blocks)
-@@ -904,10 +909,11 @@ ENTRY(camellia_ecb_enc_16way)
- %xmm15, %xmm14, %xmm13, %xmm12, %xmm11, %xmm10, %xmm9,
+@@ -911,10 +916,11 @@ ENTRY(camellia_ecb_enc_16way)
%xmm8, %rsi);
+ FRAME_END
+ pax_force_retaddr
ret;
ENDPROC(camellia_ecb_enc_16way)
@@ -13667,10 +13721,10 @@ index ce71f92..059975a 100644
/* input:
* %rdi: ctx, CTX
* %rsi: dst (16 blocks)
-@@ -932,10 +938,11 @@ ENTRY(camellia_ecb_dec_16way)
- %xmm15, %xmm14, %xmm13, %xmm12, %xmm11, %xmm10, %xmm9,
+@@ -941,10 +947,11 @@ ENTRY(camellia_ecb_dec_16way)
%xmm8, %rsi);
+ FRAME_END
+ pax_force_retaddr
ret;
ENDPROC(camellia_ecb_dec_16way)
@@ -13680,15 +13734,15 @@ index ce71f92..059975a 100644
/* input:
* %rdi: ctx, CTX
* %rsi: dst (16 blocks)
-@@ -981,6 +988,7 @@ ENTRY(camellia_cbc_dec_16way)
- %xmm15, %xmm14, %xmm13, %xmm12, %xmm11, %xmm10, %xmm9,
+@@ -992,6 +999,7 @@ ENTRY(camellia_cbc_dec_16way)
%xmm8, %rsi);
+ FRAME_END
+ pax_force_retaddr
ret;
ENDPROC(camellia_cbc_dec_16way)
-@@ -990,7 +998,7 @@ ENDPROC(camellia_cbc_dec_16way)
+@@ -1001,7 +1009,7 @@ ENDPROC(camellia_cbc_dec_16way)
vpslldq $8, tmp, tmp; \
vpsubq tmp, x, x;
@@ -13697,18 +13751,18 @@ index ce71f92..059975a 100644
/* input:
* %rdi: ctx, CTX
* %rsi: dst (16 blocks)
-@@ -1092,6 +1100,7 @@ ENTRY(camellia_ctr_16way)
- %xmm15, %xmm14, %xmm13, %xmm12, %xmm11, %xmm10, %xmm9,
+@@ -1105,6 +1113,7 @@ ENTRY(camellia_ctr_16way)
%xmm8, %rsi);
+ FRAME_END
+ pax_force_retaddr
ret;
ENDPROC(camellia_ctr_16way)
-@@ -1234,10 +1243,11 @@ camellia_xts_crypt_16way:
- %xmm15, %xmm14, %xmm13, %xmm12, %xmm11, %xmm10, %xmm9,
+@@ -1249,10 +1258,11 @@ camellia_xts_crypt_16way:
%xmm8, %rsi);
+ FRAME_END
+ pax_force_retaddr
ret;
ENDPROC(camellia_xts_crypt_16way)
@@ -13718,7 +13772,7 @@ index ce71f92..059975a 100644
/* input:
* %rdi: ctx, CTX
* %rsi: dst (16 blocks)
-@@ -1251,7 +1261,7 @@ ENTRY(camellia_xts_enc_16way)
+@@ -1266,7 +1276,7 @@ ENTRY(camellia_xts_enc_16way)
jmp camellia_xts_crypt_16way;
ENDPROC(camellia_xts_enc_16way)
@@ -13728,18 +13782,18 @@ index ce71f92..059975a 100644
* %rdi: ctx, CTX
* %rsi: dst (16 blocks)
diff --git a/arch/x86/crypto/camellia-aesni-avx2-asm_64.S b/arch/x86/crypto/camellia-aesni-avx2-asm_64.S
-index 0e0b886..7bad080 100644
+index 16186c1..3468f83 100644
--- a/arch/x86/crypto/camellia-aesni-avx2-asm_64.S
+++ b/arch/x86/crypto/camellia-aesni-avx2-asm_64.S
-@@ -11,6 +11,7 @@
- */
+@@ -12,6 +12,7 @@
#include <linux/linkage.h>
+ #include <asm/frame.h>
+#include <asm/alternative-asm.h>
#define CAMELLIA_TABLE_BYTE_LEN 272
-@@ -230,6 +231,7 @@ roundsm32_x0_x1_x2_x3_x4_x5_x6_x7_y0_y1_y2_y3_y4_y5_y6_y7_cd:
+@@ -231,6 +232,7 @@ roundsm32_x0_x1_x2_x3_x4_x5_x6_x7_y0_y1_y2_y3_y4_y5_y6_y7_cd:
roundsm32(%ymm0, %ymm1, %ymm2, %ymm3, %ymm4, %ymm5, %ymm6, %ymm7,
%ymm8, %ymm9, %ymm10, %ymm11, %ymm12, %ymm13, %ymm14, %ymm15,
%rcx, (%r9));
@@ -13747,7 +13801,7 @@ index 0e0b886..7bad080 100644
ret;
ENDPROC(roundsm32_x0_x1_x2_x3_x4_x5_x6_x7_y0_y1_y2_y3_y4_y5_y6_y7_cd)
-@@ -238,6 +240,7 @@ roundsm32_x4_x5_x6_x7_x0_x1_x2_x3_y4_y5_y6_y7_y0_y1_y2_y3_ab:
+@@ -239,6 +241,7 @@ roundsm32_x4_x5_x6_x7_x0_x1_x2_x3_y4_y5_y6_y7_y0_y1_y2_y3_ab:
roundsm32(%ymm4, %ymm5, %ymm6, %ymm7, %ymm0, %ymm1, %ymm2, %ymm3,
%ymm12, %ymm13, %ymm14, %ymm15, %ymm8, %ymm9, %ymm10, %ymm11,
%rax, (%r9));
@@ -13755,23 +13809,23 @@ index 0e0b886..7bad080 100644
ret;
ENDPROC(roundsm32_x4_x5_x6_x7_x0_x1_x2_x3_y4_y5_y6_y7_y0_y1_y2_y3_ab)
-@@ -820,6 +823,7 @@ __camellia_enc_blk32:
- %ymm8, %ymm9, %ymm10, %ymm11, %ymm12, %ymm13, %ymm14,
+@@ -823,6 +826,7 @@ __camellia_enc_blk32:
%ymm15, (key_table)(CTX, %r8, 8), (%rax), 1 * 32(%rax));
+ FRAME_END
+ pax_force_retaddr
ret;
.align 8
-@@ -905,6 +909,7 @@ __camellia_dec_blk32:
- %ymm8, %ymm9, %ymm10, %ymm11, %ymm12, %ymm13, %ymm14,
+@@ -910,6 +914,7 @@ __camellia_dec_blk32:
%ymm15, (key_table)(CTX), (%rax), 1 * 32(%rax));
+ FRAME_END
+ pax_force_retaddr
ret;
.align 8
-@@ -924,7 +929,7 @@ __camellia_dec_blk32:
+@@ -929,7 +934,7 @@ __camellia_dec_blk32:
jmp .Ldec_max24;
ENDPROC(__camellia_dec_blk32)
@@ -13780,10 +13834,10 @@ index 0e0b886..7bad080 100644
/* input:
* %rdi: ctx, CTX
* %rsi: dst (32 blocks)
-@@ -948,10 +953,11 @@ ENTRY(camellia_ecb_enc_32way)
-
+@@ -955,10 +960,11 @@ ENTRY(camellia_ecb_enc_32way)
vzeroupper;
+ FRAME_END
+ pax_force_retaddr
ret;
ENDPROC(camellia_ecb_enc_32way)
@@ -13793,10 +13847,10 @@ index 0e0b886..7bad080 100644
/* input:
* %rdi: ctx, CTX
* %rsi: dst (32 blocks)
-@@ -980,10 +986,11 @@ ENTRY(camellia_ecb_dec_32way)
-
+@@ -989,10 +995,11 @@ ENTRY(camellia_ecb_dec_32way)
vzeroupper;
+ FRAME_END
+ pax_force_retaddr
ret;
ENDPROC(camellia_ecb_dec_32way)
@@ -13806,15 +13860,15 @@ index 0e0b886..7bad080 100644
/* input:
* %rdi: ctx, CTX
* %rsi: dst (32 blocks)
-@@ -1046,6 +1053,7 @@ ENTRY(camellia_cbc_dec_32way)
-
+@@ -1057,6 +1064,7 @@ ENTRY(camellia_cbc_dec_32way)
vzeroupper;
+ FRAME_END
+ pax_force_retaddr
ret;
ENDPROC(camellia_cbc_dec_32way)
-@@ -1063,7 +1071,7 @@ ENDPROC(camellia_cbc_dec_32way)
+@@ -1074,7 +1082,7 @@ ENDPROC(camellia_cbc_dec_32way)
vpslldq $8, tmp1, tmp1; \
vpsubq tmp1, x, x;
@@ -13823,18 +13877,18 @@ index 0e0b886..7bad080 100644
/* input:
* %rdi: ctx, CTX
* %rsi: dst (32 blocks)
-@@ -1184,6 +1192,7 @@ ENTRY(camellia_ctr_32way)
-
+@@ -1197,6 +1205,7 @@ ENTRY(camellia_ctr_32way)
vzeroupper;
+ FRAME_END
+ pax_force_retaddr
ret;
ENDPROC(camellia_ctr_32way)
-@@ -1349,10 +1358,11 @@ camellia_xts_crypt_32way:
-
+@@ -1364,10 +1373,11 @@ camellia_xts_crypt_32way:
vzeroupper;
+ FRAME_END
+ pax_force_retaddr
ret;
ENDPROC(camellia_xts_crypt_32way)
@@ -13844,7 +13898,7 @@ index 0e0b886..7bad080 100644
/* input:
* %rdi: ctx, CTX
* %rsi: dst (32 blocks)
-@@ -1367,7 +1377,7 @@ ENTRY(camellia_xts_enc_32way)
+@@ -1382,7 +1392,7 @@ ENTRY(camellia_xts_enc_32way)
jmp camellia_xts_crypt_32way;
ENDPROC(camellia_xts_enc_32way)
@@ -13998,7 +14052,7 @@ index 93d8f29..4218a74 100644
void camellia_xts_enc(void *ctx, u128 *dst, const u128 *src, le128 *iv)
diff --git a/arch/x86/crypto/camellia_glue.c b/arch/x86/crypto/camellia_glue.c
-index 5c8b626..934a4b6 100644
+index aa76cad..ffd8808 100644
--- a/arch/x86/crypto/camellia_glue.c
+++ b/arch/x86/crypto/camellia_glue.c
@@ -39,7 +39,7 @@
@@ -14032,18 +14086,18 @@ index 5c8b626..934a4b6 100644
camellia_dec_blk_2way(ctx, (u8 *)dst, (u8 *)src);
diff --git a/arch/x86/crypto/cast5-avx-x86_64-asm_64.S b/arch/x86/crypto/cast5-avx-x86_64-asm_64.S
-index c35fd5d..563138e 100644
+index 14fa196..5de8a4a 100644
--- a/arch/x86/crypto/cast5-avx-x86_64-asm_64.S
+++ b/arch/x86/crypto/cast5-avx-x86_64-asm_64.S
-@@ -24,6 +24,7 @@
- */
+@@ -25,6 +25,7 @@
#include <linux/linkage.h>
+ #include <asm/frame.h>
+#include <asm/alternative-asm.h>
.file "cast5-avx-x86_64-asm_64.S"
-@@ -281,6 +282,7 @@ __cast5_enc_blk16:
+@@ -282,6 +283,7 @@ __cast5_enc_blk16:
outunpack_blocks(RR3, RL3, RTMP, RX, RKM);
outunpack_blocks(RR4, RL4, RTMP, RX, RKM);
@@ -14051,7 +14105,7 @@ index c35fd5d..563138e 100644
ret;
ENDPROC(__cast5_enc_blk16)
-@@ -352,6 +354,7 @@ __cast5_dec_blk16:
+@@ -353,6 +355,7 @@ __cast5_dec_blk16:
outunpack_blocks(RR3, RL3, RTMP, RX, RKM);
outunpack_blocks(RR4, RL4, RTMP, RX, RKM);
@@ -14059,7 +14113,7 @@ index c35fd5d..563138e 100644
ret;
.L__skip_dec:
-@@ -359,7 +362,7 @@ __cast5_dec_blk16:
+@@ -360,7 +363,7 @@ __cast5_dec_blk16:
jmp .L__dec_tail;
ENDPROC(__cast5_dec_blk16)
@@ -14068,10 +14122,10 @@ index c35fd5d..563138e 100644
/* input:
* %rdi: ctx, CTX
* %rsi: dst
-@@ -388,10 +391,11 @@ ENTRY(cast5_ecb_enc_16way)
- vmovdqu RR4, (6*4*4)(%r11);
+@@ -391,10 +394,11 @@ ENTRY(cast5_ecb_enc_16way)
vmovdqu RL4, (7*4*4)(%r11);
+ FRAME_END
+ pax_force_retaddr
ret;
ENDPROC(cast5_ecb_enc_16way)
@@ -14081,17 +14135,17 @@ index c35fd5d..563138e 100644
/* input:
* %rdi: ctx, CTX
* %rsi: dst
-@@ -420,6 +424,7 @@ ENTRY(cast5_ecb_dec_16way)
- vmovdqu RR4, (6*4*4)(%r11);
+@@ -425,6 +429,7 @@ ENTRY(cast5_ecb_dec_16way)
vmovdqu RL4, (7*4*4)(%r11);
+ FRAME_END
+ pax_force_retaddr
ret;
ENDPROC(cast5_ecb_dec_16way)
-@@ -430,10 +435,10 @@ ENTRY(cast5_cbc_dec_16way)
- * %rdx: src
+@@ -436,10 +441,10 @@ ENTRY(cast5_cbc_dec_16way)
*/
+ FRAME_BEGIN
- pushq %r12;
+ pushq %r14;
@@ -14102,7 +14156,7 @@ index c35fd5d..563138e 100644
vmovdqu (0*16)(%rdx), RL1;
vmovdqu (1*16)(%rdx), RR1;
-@@ -447,16 +452,16 @@ ENTRY(cast5_cbc_dec_16way)
+@@ -453,16 +458,16 @@ ENTRY(cast5_cbc_dec_16way)
call __cast5_dec_blk16;
/* xor with src */
@@ -14127,20 +14181,21 @@ index c35fd5d..563138e 100644
vmovdqu RR1, (0*16)(%r11);
vmovdqu RL1, (1*16)(%r11);
-@@ -467,8 +472,9 @@ ENTRY(cast5_cbc_dec_16way)
+@@ -473,9 +478,10 @@ ENTRY(cast5_cbc_dec_16way)
vmovdqu RR4, (6*16)(%r11);
vmovdqu RL4, (7*16)(%r11);
- popq %r12;
+ popq %r14;
+ FRAME_END
+ pax_force_retaddr
ret;
ENDPROC(cast5_cbc_dec_16way)
-@@ -480,10 +486,10 @@ ENTRY(cast5_ctr_16way)
- * %rcx: iv (big endian, 64bit)
+@@ -488,10 +494,10 @@ ENTRY(cast5_ctr_16way)
*/
+ FRAME_BEGIN
- pushq %r12;
+ pushq %r14;
@@ -14151,7 +14206,7 @@ index c35fd5d..563138e 100644
vpcmpeqd RTMP, RTMP, RTMP;
vpsrldq $8, RTMP, RTMP; /* low: -1, high: 0 */
-@@ -523,14 +529,14 @@ ENTRY(cast5_ctr_16way)
+@@ -531,14 +537,14 @@ ENTRY(cast5_ctr_16way)
call __cast5_enc_blk16;
/* dst = src ^ iv */
@@ -14174,29 +14229,30 @@ index c35fd5d..563138e 100644
vmovdqu RR1, (0*16)(%r11);
vmovdqu RL1, (1*16)(%r11);
vmovdqu RR2, (2*16)(%r11);
-@@ -540,7 +546,8 @@ ENTRY(cast5_ctr_16way)
+@@ -548,8 +554,9 @@ ENTRY(cast5_ctr_16way)
vmovdqu RR4, (6*16)(%r11);
vmovdqu RL4, (7*16)(%r11);
- popq %r12;
+ popq %r14;
+ FRAME_END
+ pax_force_retaddr
ret;
ENDPROC(cast5_ctr_16way)
diff --git a/arch/x86/crypto/cast6-avx-x86_64-asm_64.S b/arch/x86/crypto/cast6-avx-x86_64-asm_64.S
-index e3531f8..564f08b 100644
+index c419389..b853452 100644
--- a/arch/x86/crypto/cast6-avx-x86_64-asm_64.S
+++ b/arch/x86/crypto/cast6-avx-x86_64-asm_64.S
-@@ -24,6 +24,7 @@
- */
+@@ -25,6 +25,7 @@
#include <linux/linkage.h>
+ #include <asm/frame.h>
+#include <asm/alternative-asm.h>
#include "glue_helper-asm-avx.S"
.file "cast6-avx-x86_64-asm_64.S"
-@@ -295,6 +296,7 @@ __cast6_enc_blk8:
+@@ -296,6 +297,7 @@ __cast6_enc_blk8:
outunpack_blocks(RA1, RB1, RC1, RD1, RTMP, RX, RKRF, RKM);
outunpack_blocks(RA2, RB2, RC2, RD2, RTMP, RX, RKRF, RKM);
@@ -14204,7 +14260,7 @@ index e3531f8..564f08b 100644
ret;
ENDPROC(__cast6_enc_blk8)
-@@ -340,10 +342,11 @@ __cast6_dec_blk8:
+@@ -341,10 +343,11 @@ __cast6_dec_blk8:
outunpack_blocks(RA1, RB1, RC1, RD1, RTMP, RX, RKRF, RKM);
outunpack_blocks(RA2, RB2, RC2, RD2, RTMP, RX, RKRF, RKM);
@@ -14217,10 +14273,10 @@ index e3531f8..564f08b 100644
/* input:
* %rdi: ctx, CTX
* %rsi: dst
-@@ -358,10 +361,11 @@ ENTRY(cast6_ecb_enc_8way)
-
+@@ -361,10 +364,11 @@ ENTRY(cast6_ecb_enc_8way)
store_8way(%r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
+ FRAME_END
+ pax_force_retaddr
ret;
ENDPROC(cast6_ecb_enc_8way)
@@ -14230,10 +14286,10 @@ index e3531f8..564f08b 100644
/* input:
* %rdi: ctx, CTX
* %rsi: dst
-@@ -376,33 +380,35 @@ ENTRY(cast6_ecb_dec_8way)
-
+@@ -381,10 +385,11 @@ ENTRY(cast6_ecb_dec_8way)
store_8way(%r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
+ FRAME_END
+ pax_force_retaddr
ret;
ENDPROC(cast6_ecb_dec_8way)
@@ -14243,8 +14299,9 @@ index e3531f8..564f08b 100644
/* input:
* %rdi: ctx, CTX
* %rsi: dst
- * %rdx: src
+@@ -392,24 +397,25 @@ ENTRY(cast6_cbc_dec_8way)
*/
+ FRAME_BEGIN
- pushq %r12;
+ pushq %r14;
@@ -14263,6 +14320,7 @@ index e3531f8..564f08b 100644
- popq %r12;
+ popq %r14;
+ FRAME_END
+ pax_force_retaddr
ret;
ENDPROC(cast6_cbc_dec_8way)
@@ -14272,9 +14330,9 @@ index e3531f8..564f08b 100644
/* input:
* %rdi: ctx, CTX
* %rsi: dst
-@@ -410,24 +416,25 @@ ENTRY(cast6_ctr_8way)
- * %rcx: iv (little endian, 128bit)
+@@ -418,25 +424,26 @@ ENTRY(cast6_ctr_8way)
*/
+ FRAME_BEGIN
- pushq %r12;
+ pushq %r14;
@@ -14294,6 +14352,7 @@ index e3531f8..564f08b 100644
- popq %r12;
+ popq %r14;
+ FRAME_END
+ pax_force_retaddr
ret;
ENDPROC(cast6_ctr_8way)
@@ -14303,10 +14362,10 @@ index e3531f8..564f08b 100644
/* input:
* %rdi: ctx, CTX
* %rsi: dst
-@@ -446,10 +453,11 @@ ENTRY(cast6_xts_enc_8way)
- /* dst <= regs xor IVs(in dst) */
+@@ -457,10 +464,11 @@ ENTRY(cast6_xts_enc_8way)
store_xts_8way(%r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
+ FRAME_END
+ pax_force_retaddr
ret;
ENDPROC(cast6_xts_enc_8way)
@@ -14316,15 +14375,15 @@ index e3531f8..564f08b 100644
/* input:
* %rdi: ctx, CTX
* %rsi: dst
-@@ -468,5 +476,6 @@ ENTRY(cast6_xts_dec_8way)
- /* dst <= regs xor IVs(in dst) */
+@@ -481,5 +489,6 @@ ENTRY(cast6_xts_dec_8way)
store_xts_8way(%r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
+ FRAME_END
+ pax_force_retaddr
ret;
ENDPROC(cast6_xts_dec_8way)
diff --git a/arch/x86/crypto/cast6_avx_glue.c b/arch/x86/crypto/cast6_avx_glue.c
-index fca4595..e5d2127 100644
+index 50e6847..bf7c2d8 100644
--- a/arch/x86/crypto/cast6_avx_glue.c
+++ b/arch/x86/crypto/cast6_avx_glue.c
@@ -41,20 +41,20 @@
@@ -14357,7 +14416,7 @@ index fca4595..e5d2127 100644
static void cast6_xts_enc(void *ctx, u128 *dst, const u128 *src, le128 *iv)
{
diff --git a/arch/x86/crypto/crc32c-pcl-intel-asm_64.S b/arch/x86/crypto/crc32c-pcl-intel-asm_64.S
-index 4fe27e0..2885e731 100644
+index dc05f010..23c8bfd 100644
--- a/arch/x86/crypto/crc32c-pcl-intel-asm_64.S
+++ b/arch/x86/crypto/crc32c-pcl-intel-asm_64.S
@@ -45,6 +45,7 @@
@@ -14374,21 +14433,21 @@ index 4fe27e0..2885e731 100644
popq %rbx
+ pax_force_retaddr
ret
+ ENDPROC(crc_pcl)
- ################################################################
diff --git a/arch/x86/crypto/ghash-clmulni-intel_asm.S b/arch/x86/crypto/ghash-clmulni-intel_asm.S
-index 5d1e007..098cb4f 100644
+index eed55c8..b354187 100644
--- a/arch/x86/crypto/ghash-clmulni-intel_asm.S
+++ b/arch/x86/crypto/ghash-clmulni-intel_asm.S
-@@ -18,6 +18,7 @@
-
+@@ -19,6 +19,7 @@
#include <linux/linkage.h>
#include <asm/inst.h>
+ #include <asm/frame.h>
+#include <asm/alternative-asm.h>
.data
-@@ -89,6 +90,7 @@ __clmul_gf128mul_ble:
+@@ -90,6 +91,7 @@ __clmul_gf128mul_ble:
psrlq $1, T2
pxor T2, T1
pxor T1, DATA
@@ -14396,18 +14455,18 @@ index 5d1e007..098cb4f 100644
ret
ENDPROC(__clmul_gf128mul_ble)
-@@ -101,6 +103,7 @@ ENTRY(clmul_ghash_mul)
- call __clmul_gf128mul_ble
+@@ -104,6 +106,7 @@ ENTRY(clmul_ghash_mul)
PSHUFB_XMM BSWAP DATA
movups DATA, (%rdi)
+ FRAME_END
+ pax_force_retaddr
ret
ENDPROC(clmul_ghash_mul)
-@@ -128,5 +131,6 @@ ENTRY(clmul_ghash_update)
- PSHUFB_XMM BSWAP DATA
+@@ -133,5 +136,6 @@ ENTRY(clmul_ghash_update)
movups DATA, (%rdi)
.Lupdate_just_ret:
+ FRAME_END
+ pax_force_retaddr
ret
ENDPROC(clmul_ghash_update)
@@ -14458,18 +14517,18 @@ index 9279e0b..c4b3d2c 100644
ret
ENDPROC(salsa20_ivsetup)
diff --git a/arch/x86/crypto/serpent-avx-x86_64-asm_64.S b/arch/x86/crypto/serpent-avx-x86_64-asm_64.S
-index 2f202f4..e671172 100644
+index 8be5718..d2bcbcd 100644
--- a/arch/x86/crypto/serpent-avx-x86_64-asm_64.S
+++ b/arch/x86/crypto/serpent-avx-x86_64-asm_64.S
-@@ -24,6 +24,7 @@
- */
+@@ -25,6 +25,7 @@
#include <linux/linkage.h>
+ #include <asm/frame.h>
+#include <asm/alternative-asm.h>
#include "glue_helper-asm-avx.S"
.file "serpent-avx-x86_64-asm_64.S"
-@@ -618,6 +619,7 @@ __serpent_enc_blk8_avx:
+@@ -619,6 +620,7 @@ __serpent_enc_blk8_avx:
write_blocks(RA1, RB1, RC1, RD1, RK0, RK1, RK2);
write_blocks(RA2, RB2, RC2, RD2, RK0, RK1, RK2);
@@ -14477,7 +14536,7 @@ index 2f202f4..e671172 100644
ret;
ENDPROC(__serpent_enc_blk8_avx)
-@@ -672,10 +674,11 @@ __serpent_dec_blk8_avx:
+@@ -673,10 +675,11 @@ __serpent_dec_blk8_avx:
write_blocks(RC1, RD1, RB1, RE1, RK0, RK1, RK2);
write_blocks(RC2, RD2, RB2, RE2, RK0, RK1, RK2);
@@ -14490,10 +14549,10 @@ index 2f202f4..e671172 100644
/* input:
* %rdi: ctx, CTX
* %rsi: dst
-@@ -688,10 +691,11 @@ ENTRY(serpent_ecb_enc_8way_avx)
-
+@@ -691,10 +694,11 @@ ENTRY(serpent_ecb_enc_8way_avx)
store_8way(%rsi, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
+ FRAME_END
+ pax_force_retaddr
ret;
ENDPROC(serpent_ecb_enc_8way_avx)
@@ -14503,10 +14562,10 @@ index 2f202f4..e671172 100644
/* input:
* %rdi: ctx, CTX
* %rsi: dst
-@@ -704,10 +708,11 @@ ENTRY(serpent_ecb_dec_8way_avx)
-
+@@ -709,10 +713,11 @@ ENTRY(serpent_ecb_dec_8way_avx)
store_8way(%rsi, RC1, RD1, RB1, RE1, RC2, RD2, RB2, RE2);
+ FRAME_END
+ pax_force_retaddr
ret;
ENDPROC(serpent_ecb_dec_8way_avx)
@@ -14516,10 +14575,10 @@ index 2f202f4..e671172 100644
/* input:
* %rdi: ctx, CTX
* %rsi: dst
-@@ -720,10 +725,11 @@ ENTRY(serpent_cbc_dec_8way_avx)
-
+@@ -727,10 +732,11 @@ ENTRY(serpent_cbc_dec_8way_avx)
store_cbc_8way(%rdx, %rsi, RC1, RD1, RB1, RE1, RC2, RD2, RB2, RE2);
+ FRAME_END
+ pax_force_retaddr
ret;
ENDPROC(serpent_cbc_dec_8way_avx)
@@ -14529,10 +14588,10 @@ index 2f202f4..e671172 100644
/* input:
* %rdi: ctx, CTX
* %rsi: dst
-@@ -738,10 +744,11 @@ ENTRY(serpent_ctr_8way_avx)
-
+@@ -747,10 +753,11 @@ ENTRY(serpent_ctr_8way_avx)
store_ctr_8way(%rdx, %rsi, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
+ FRAME_END
+ pax_force_retaddr
ret;
ENDPROC(serpent_ctr_8way_avx)
@@ -14542,10 +14601,10 @@ index 2f202f4..e671172 100644
/* input:
* %rdi: ctx, CTX
* %rsi: dst
-@@ -758,10 +765,11 @@ ENTRY(serpent_xts_enc_8way_avx)
- /* dst <= regs xor IVs(in dst) */
+@@ -769,10 +776,11 @@ ENTRY(serpent_xts_enc_8way_avx)
store_xts_8way(%rsi, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
+ FRAME_END
+ pax_force_retaddr
ret;
ENDPROC(serpent_xts_enc_8way_avx)
@@ -14555,26 +14614,26 @@ index 2f202f4..e671172 100644
/* input:
* %rdi: ctx, CTX
* %rsi: dst
-@@ -778,5 +786,6 @@ ENTRY(serpent_xts_dec_8way_avx)
- /* dst <= regs xor IVs(in dst) */
+@@ -791,5 +799,6 @@ ENTRY(serpent_xts_dec_8way_avx)
store_xts_8way(%rsi, RC1, RD1, RB1, RE1, RC2, RD2, RB2, RE2);
+ FRAME_END
+ pax_force_retaddr
ret;
ENDPROC(serpent_xts_dec_8way_avx)
diff --git a/arch/x86/crypto/serpent-avx2-asm_64.S b/arch/x86/crypto/serpent-avx2-asm_64.S
-index b222085..c43efce 100644
+index 97c48ad..25416de 100644
--- a/arch/x86/crypto/serpent-avx2-asm_64.S
+++ b/arch/x86/crypto/serpent-avx2-asm_64.S
-@@ -15,6 +15,7 @@
- */
+@@ -16,6 +16,7 @@
#include <linux/linkage.h>
+ #include <asm/frame.h>
+#include <asm/alternative-asm.h>
#include "glue_helper-asm-avx2.S"
.file "serpent-avx2-asm_64.S"
-@@ -610,6 +611,7 @@ __serpent_enc_blk16:
+@@ -611,6 +612,7 @@ __serpent_enc_blk16:
write_blocks(RA1, RB1, RC1, RD1, RK0, RK1, RK2);
write_blocks(RA2, RB2, RC2, RD2, RK0, RK1, RK2);
@@ -14582,7 +14641,7 @@ index b222085..c43efce 100644
ret;
ENDPROC(__serpent_enc_blk16)
-@@ -664,10 +666,11 @@ __serpent_dec_blk16:
+@@ -665,10 +667,11 @@ __serpent_dec_blk16:
write_blocks(RC1, RD1, RB1, RE1, RK0, RK1, RK2);
write_blocks(RC2, RD2, RB2, RE2, RK0, RK1, RK2);
@@ -14595,10 +14654,10 @@ index b222085..c43efce 100644
/* input:
* %rdi: ctx, CTX
* %rsi: dst
-@@ -684,10 +687,11 @@ ENTRY(serpent_ecb_enc_16way)
-
+@@ -687,10 +690,11 @@ ENTRY(serpent_ecb_enc_16way)
vzeroupper;
+ FRAME_END
+ pax_force_retaddr
ret;
ENDPROC(serpent_ecb_enc_16way)
@@ -14608,10 +14667,10 @@ index b222085..c43efce 100644
/* input:
* %rdi: ctx, CTX
* %rsi: dst
-@@ -704,10 +708,11 @@ ENTRY(serpent_ecb_dec_16way)
-
+@@ -709,10 +713,11 @@ ENTRY(serpent_ecb_dec_16way)
vzeroupper;
+ FRAME_END
+ pax_force_retaddr
ret;
ENDPROC(serpent_ecb_dec_16way)
@@ -14621,10 +14680,10 @@ index b222085..c43efce 100644
/* input:
* %rdi: ctx, CTX
* %rsi: dst
-@@ -725,10 +730,11 @@ ENTRY(serpent_cbc_dec_16way)
-
+@@ -732,10 +737,11 @@ ENTRY(serpent_cbc_dec_16way)
vzeroupper;
+ FRAME_END
+ pax_force_retaddr
ret;
ENDPROC(serpent_cbc_dec_16way)
@@ -14634,10 +14693,10 @@ index b222085..c43efce 100644
/* input:
* %rdi: ctx, CTX
* %rsi: dst (16 blocks)
-@@ -748,10 +754,11 @@ ENTRY(serpent_ctr_16way)
-
+@@ -757,10 +763,11 @@ ENTRY(serpent_ctr_16way)
vzeroupper;
+ FRAME_END
+ pax_force_retaddr
ret;
ENDPROC(serpent_ctr_16way)
@@ -14647,10 +14706,10 @@ index b222085..c43efce 100644
/* input:
* %rdi: ctx, CTX
* %rsi: dst (16 blocks)
-@@ -772,10 +779,11 @@ ENTRY(serpent_xts_enc_16way)
-
+@@ -783,10 +790,11 @@ ENTRY(serpent_xts_enc_16way)
vzeroupper;
+ FRAME_END
+ pax_force_retaddr
ret;
ENDPROC(serpent_xts_enc_16way)
@@ -14660,10 +14719,10 @@ index b222085..c43efce 100644
/* input:
* %rdi: ctx, CTX
* %rsi: dst (16 blocks)
-@@ -796,5 +804,6 @@ ENTRY(serpent_xts_dec_16way)
-
+@@ -809,5 +817,6 @@ ENTRY(serpent_xts_dec_16way)
vzeroupper;
+ FRAME_END
+ pax_force_retaddr
ret;
ENDPROC(serpent_xts_dec_16way)
@@ -14732,7 +14791,7 @@ index 6d19834..a08fbe9 100644
static const struct common_glue_ctx serpent_enc = {
.num_funcs = 3,
diff --git a/arch/x86/crypto/serpent_avx_glue.c b/arch/x86/crypto/serpent_avx_glue.c
-index 5dc3702..10f232a 100644
+index 6f778d3..3cf277e 100644
--- a/arch/x86/crypto/serpent_avx_glue.c
+++ b/arch/x86/crypto/serpent_avx_glue.c
@@ -41,28 +41,28 @@
@@ -14774,7 +14833,7 @@ index 5dc3702..10f232a 100644
void __serpent_crypt_ctr(void *ctx, u128 *dst, const u128 *src, le128 *iv)
diff --git a/arch/x86/crypto/serpent_sse2_glue.c b/arch/x86/crypto/serpent_sse2_glue.c
-index 3643dd5..17d5e30 100644
+index 8943407..beb882d 100644
--- a/arch/x86/crypto/serpent_sse2_glue.c
+++ b/arch/x86/crypto/serpent_sse2_glue.c
@@ -45,8 +45,10 @@
@@ -14790,19 +14849,19 @@ index 3643dd5..17d5e30 100644
unsigned int j;
diff --git a/arch/x86/crypto/sha-mb/sha1_mb_mgr_flush_avx2.S b/arch/x86/crypto/sha-mb/sha1_mb_mgr_flush_avx2.S
-index 85c4e1c..665efaa 100644
+index 96df6a3..8519a8f 100644
--- a/arch/x86/crypto/sha-mb/sha1_mb_mgr_flush_avx2.S
+++ b/arch/x86/crypto/sha-mb/sha1_mb_mgr_flush_avx2.S
-@@ -112,7 +112,7 @@ offset = \_offset
+@@ -103,7 +103,7 @@ offset = \_offset
# JOB* sha1_mb_mgr_flush_avx2(MB_MGR *state)
# arg 1 : rcx : state
-ENTRY(sha1_mb_mgr_flush_avx2)
+RAP_ENTRY(sha1_mb_mgr_flush_avx2)
- mov %rsp, %r10
- sub $STACK_SPACE, %rsp
- and $~31, %rsp
-@@ -251,7 +251,7 @@ ENDPROC(sha1_mb_mgr_flush_avx2)
+ FRAME_BEGIN
+ push %rbx
+
+@@ -226,7 +226,7 @@ ENDPROC(sha1_mb_mgr_flush_avx2)
#################################################################
.align 16
@@ -14812,18 +14871,18 @@ index 85c4e1c..665efaa 100644
## if bit 32+3 is set, then all lanes are empty
diff --git a/arch/x86/crypto/sha-mb/sha1_mb_mgr_submit_avx2.S b/arch/x86/crypto/sha-mb/sha1_mb_mgr_submit_avx2.S
-index 2ab9560..d4ae8714 100644
+index 63a0d9c..a6038fd 100644
--- a/arch/x86/crypto/sha-mb/sha1_mb_mgr_submit_avx2.S
+++ b/arch/x86/crypto/sha-mb/sha1_mb_mgr_submit_avx2.S
-@@ -100,7 +100,7 @@ STACK_SPACE = 8*8 + 16*10 + 8
+@@ -98,7 +98,7 @@ lane_data = %r10
# JOB* submit_mb_mgr_submit_avx2(MB_MGR *state, job_sha1 *job)
# arg 1 : rcx : state
# arg 2 : rdx : job
-ENTRY(sha1_mb_mgr_submit_avx2)
+RAP_ENTRY(sha1_mb_mgr_submit_avx2)
-
- mov %rsp, %r10
- sub $STACK_SPACE, %rsp
+ FRAME_BEGIN
+ push %rbx
+ push %r12
diff --git a/arch/x86/crypto/sha1_ssse3_asm.S b/arch/x86/crypto/sha1_ssse3_asm.S
index a410950..02d2056 100644
--- a/arch/x86/crypto/sha1_ssse3_asm.S
@@ -15351,18 +15410,18 @@ index 34e5083..eb57a5e 100644
static int sha512_avx2_update(struct shash_desc *desc, const u8 *data,
unsigned int len)
diff --git a/arch/x86/crypto/twofish-avx-x86_64-asm_64.S b/arch/x86/crypto/twofish-avx-x86_64-asm_64.S
-index 0505813..912c9c1 100644
+index dc66273..30aba4b 100644
--- a/arch/x86/crypto/twofish-avx-x86_64-asm_64.S
+++ b/arch/x86/crypto/twofish-avx-x86_64-asm_64.S
-@@ -24,6 +24,7 @@
- */
+@@ -25,6 +25,7 @@
#include <linux/linkage.h>
+ #include <asm/frame.h>
+#include <asm/alternative-asm.h>
#include "glue_helper-asm-avx.S"
.file "twofish-avx-x86_64-asm_64.S"
-@@ -284,6 +285,7 @@ __twofish_enc_blk8:
+@@ -285,6 +286,7 @@ __twofish_enc_blk8:
outunpack_blocks(RC1, RD1, RA1, RB1, RK1, RX0, RY0, RK2);
outunpack_blocks(RC2, RD2, RA2, RB2, RK1, RX0, RY0, RK2);
@@ -15370,7 +15429,7 @@ index 0505813..912c9c1 100644
ret;
ENDPROC(__twofish_enc_blk8)
-@@ -324,10 +326,11 @@ __twofish_dec_blk8:
+@@ -325,10 +327,11 @@ __twofish_dec_blk8:
outunpack_blocks(RA1, RB1, RC1, RD1, RK1, RX0, RY0, RK2);
outunpack_blocks(RA2, RB2, RC2, RD2, RK1, RX0, RY0, RK2);
@@ -15383,10 +15442,10 @@ index 0505813..912c9c1 100644
/* input:
* %rdi: ctx, CTX
* %rsi: dst
-@@ -342,10 +345,11 @@ ENTRY(twofish_ecb_enc_8way)
-
+@@ -345,10 +348,11 @@ ENTRY(twofish_ecb_enc_8way)
store_8way(%r11, RC1, RD1, RA1, RB1, RC2, RD2, RA2, RB2);
+ FRAME_END
+ pax_force_retaddr
ret;
ENDPROC(twofish_ecb_enc_8way)
@@ -15396,10 +15455,10 @@ index 0505813..912c9c1 100644
/* input:
* %rdi: ctx, CTX
* %rsi: dst
-@@ -360,33 +364,35 @@ ENTRY(twofish_ecb_dec_8way)
-
+@@ -365,10 +369,11 @@ ENTRY(twofish_ecb_dec_8way)
store_8way(%r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
+ FRAME_END
+ pax_force_retaddr
ret;
ENDPROC(twofish_ecb_dec_8way)
@@ -15409,8 +15468,9 @@ index 0505813..912c9c1 100644
/* input:
* %rdi: ctx, CTX
* %rsi: dst
- * %rdx: src
+@@ -376,24 +381,25 @@ ENTRY(twofish_cbc_dec_8way)
*/
+ FRAME_BEGIN
- pushq %r12;
+ pushq %r14;
@@ -15429,6 +15489,7 @@ index 0505813..912c9c1 100644
- popq %r12;
+ popq %r14;
+ FRAME_END
+ pax_force_retaddr
ret;
ENDPROC(twofish_cbc_dec_8way)
@@ -15438,9 +15499,9 @@ index 0505813..912c9c1 100644
/* input:
* %rdi: ctx, CTX
* %rsi: dst
-@@ -394,24 +400,25 @@ ENTRY(twofish_ctr_8way)
- * %rcx: iv (little endian, 128bit)
+@@ -402,25 +408,26 @@ ENTRY(twofish_ctr_8way)
*/
+ FRAME_BEGIN
- pushq %r12;
+ pushq %r14;
@@ -15460,6 +15521,7 @@ index 0505813..912c9c1 100644
- popq %r12;
+ popq %r14;
+ FRAME_END
+ pax_force_retaddr
ret;
ENDPROC(twofish_ctr_8way)
@@ -15469,10 +15531,10 @@ index 0505813..912c9c1 100644
/* input:
* %rdi: ctx, CTX
* %rsi: dst
-@@ -430,10 +437,11 @@ ENTRY(twofish_xts_enc_8way)
- /* dst <= regs xor IVs(in dst) */
+@@ -441,10 +448,11 @@ ENTRY(twofish_xts_enc_8way)
store_xts_8way(%r11, RC1, RD1, RA1, RB1, RC2, RD2, RA2, RB2);
+ FRAME_END
+ pax_force_retaddr
ret;
ENDPROC(twofish_xts_enc_8way)
@@ -15482,10 +15544,10 @@ index 0505813..912c9c1 100644
/* input:
* %rdi: ctx, CTX
* %rsi: dst
-@@ -452,5 +460,6 @@ ENTRY(twofish_xts_dec_8way)
- /* dst <= regs xor IVs(in dst) */
+@@ -465,5 +473,6 @@ ENTRY(twofish_xts_dec_8way)
store_xts_8way(%r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
+ FRAME_END
+ pax_force_retaddr
ret;
ENDPROC(twofish_xts_dec_8way)
@@ -15650,7 +15712,7 @@ index 77e06c2..a45c27b 100644
EXPORT_SYMBOL_GPL(twofish_dec_blk);
diff --git a/arch/x86/crypto/twofish_glue_3way.c b/arch/x86/crypto/twofish_glue_3way.c
-index 56d8a08..a9f21f5 100644
+index 2ebb5e9..a0b0aa9 100644
--- a/arch/x86/crypto/twofish_glue_3way.c
+++ b/arch/x86/crypto/twofish_glue_3way.c
@@ -36,21 +36,21 @@
@@ -15693,17 +15755,17 @@ index 56d8a08..a9f21f5 100644
};
diff --git a/arch/x86/entry/Makefile b/arch/x86/entry/Makefile
-index bd55ded..1310c8e 100644
+index fe91c25..18f6ab9 100644
--- a/arch/x86/entry/Makefile
+++ b/arch/x86/entry/Makefile
-@@ -9,3 +9,5 @@ obj-y += vsyscall/
+@@ -13,3 +13,5 @@ obj-y += vsyscall/
obj-$(CONFIG_IA32_EMULATION) += entry_64_compat.o syscall_32.o
+CFLAGS_REMOVE_syscall_32.o = $(RAP_PLUGIN_ABS_CFLAGS)
+CFLAGS_REMOVE_syscall_64.o = $(RAP_PLUGIN_ABS_CFLAGS)
diff --git a/arch/x86/entry/calling.h b/arch/x86/entry/calling.h
-index e32206e0..809adae 100644
+index 9a9e588..b900d1c 100644
--- a/arch/x86/entry/calling.h
+++ b/arch/x86/entry/calling.h
@@ -95,23 +95,26 @@ For 32-bit we have the following conventions - kernel is built with
@@ -15849,10 +15911,10 @@ index e32206e0..809adae 100644
.macro REMOVE_PT_GPREGS_FROM_STACK addskip=0
diff --git a/arch/x86/entry/common.c b/arch/x86/entry/common.c
-index 1a4477c..7061819 100644
+index e79d93d..31091ce 100644
--- a/arch/x86/entry/common.c
+++ b/arch/x86/entry/common.c
-@@ -32,9 +32,7 @@
+@@ -33,9 +33,7 @@
static struct thread_info *pt_regs_to_thread_info(struct pt_regs *regs)
{
@@ -15863,8 +15925,8 @@ index 1a4477c..7061819 100644
}
#ifdef CONFIG_CONTEXT_TRACKING
-@@ -46,6 +44,12 @@ __visible void enter_from_user_mode(void)
- }
+@@ -49,6 +47,12 @@ __visible void enter_from_user_mode(void)
+ static inline void enter_from_user_mode(void) {}
#endif
+#ifdef CONFIG_PAX_MEMORY_STACKLEAK
@@ -15876,7 +15938,7 @@ index 1a4477c..7061819 100644
static void do_audit_syscall_entry(struct pt_regs *regs, u32 arch)
{
#ifdef CONFIG_X86_64
-@@ -160,6 +164,10 @@ unsigned long syscall_trace_enter_phase1(struct pt_regs *regs, u32 arch)
+@@ -152,6 +156,10 @@ unsigned long syscall_trace_enter_phase1(struct pt_regs *regs, u32 arch)
return 1; /* Something is enabled that we can't handle in phase 1 */
}
@@ -15887,7 +15949,7 @@ index 1a4477c..7061819 100644
/* Returns the syscall nr to run (which should match regs->orig_ax). */
long syscall_trace_enter_phase2(struct pt_regs *regs, u32 arch,
unsigned long phase1_result)
-@@ -171,6 +179,11 @@ long syscall_trace_enter_phase2(struct pt_regs *regs, u32 arch,
+@@ -163,6 +171,11 @@ long syscall_trace_enter_phase2(struct pt_regs *regs, u32 arch,
if (IS_ENABLED(CONFIG_DEBUG_ENTRY))
BUG_ON(regs != task_pt_regs(current));
@@ -15896,10 +15958,10 @@ index 1a4477c..7061819 100644
+ gr_delayed_cred_worker();
+#endif
+
+ #ifdef CONFIG_SECCOMP
/*
- * If we stepped into a sysenter/syscall insn, it trapped in
- * kernel mode; do_debug() cleared TF and set TIF_SINGLESTEP.
-@@ -207,15 +220,14 @@ long syscall_trace_enter_phase2(struct pt_regs *regs, u32 arch,
+ * Call seccomp_phase2 before running the other hooks so that
+@@ -189,15 +202,14 @@ long syscall_trace_enter_phase2(struct pt_regs *regs, u32 arch,
return ret ?: regs->orig_ax;
}
@@ -15919,7 +15981,7 @@ index 1a4477c..7061819 100644
}
#define EXIT_TO_USERMODE_LOOP_FLAGS \
-@@ -317,7 +329,7 @@ static void syscall_slow_exit_work(struct pt_regs *regs, u32 cached_flags)
+@@ -299,7 +311,7 @@ static void syscall_slow_exit_work(struct pt_regs *regs, u32 cached_flags)
step = unlikely(
(cached_flags & (_TIF_SINGLESTEP | _TIF_SYSCALL_EMU))
== _TIF_SINGLESTEP);
@@ -15928,7 +15990,7 @@ index 1a4477c..7061819 100644
tracehook_report_syscall_exit(regs, step);
}
-@@ -336,6 +348,11 @@ __visible inline void syscall_return_slowpath(struct pt_regs *regs)
+@@ -318,6 +330,11 @@ __visible inline void syscall_return_slowpath(struct pt_regs *regs)
WARN(irqs_disabled(), "syscall %ld left IRQs disabled", regs->orig_ax))
local_irq_enable();
@@ -15940,7 +16002,37 @@ index 1a4477c..7061819 100644
/*
* First do one-time work. If these work items are enabled, we
* want to run them exactly once per syscall exit with IRQs on.
-@@ -387,10 +404,51 @@ __always_inline void do_syscall_32_irqs_on(struct pt_regs *regs)
+@@ -347,9 +364,29 @@ __visible void do_syscall_64(struct pt_regs *regs)
+ * regs->orig_ax, which changes the behavior of some syscalls.
+ */
+ if (likely((nr & __SYSCALL_MASK) < NR_syscalls)) {
++#ifdef CONFIG_PAX_RAP
++ asm volatile("movq %[param1],%%rdi\n\t"
++ "movq %[param2],%%rsi\n\t"
++ "movq %[param3],%%rdx\n\t"
++ "movq %[param4],%%rcx\n\t"
++ "movq %[param5],%%r8\n\t"
++ "movq %[param6],%%r9\n\t"
++ "call *%P[syscall]\n\t"
++ "mov %%rax,%[result]\n\t"
++ : [result] "=m" (regs->ax)
++ : [syscall] "m" (sys_call_table[nr & __SYSCALL_MASK]),
++ [param1] "m" (regs->di),
++ [param2] "m" (regs->si),
++ [param3] "m" (regs->dx),
++ [param4] "m" (regs->r10),
++ [param5] "m" (regs->r8),
++ [param6] "m" (regs->r9)
++ : "ax", "di", "si", "dx", "cx", "r8", "r9", "r10", "r11", "memory");
++#else
+ regs->ax = sys_call_table[nr & __SYSCALL_MASK](
+ regs->di, regs->si, regs->dx,
+ regs->r10, regs->r8, regs->r9);
++#endif
+ }
+
+ syscall_return_slowpath(regs);
+@@ -389,10 +426,51 @@ static __always_inline void do_syscall_32_irqs_on(struct pt_regs *regs)
* the high bits are zero. Make sure we zero-extend all
* of the args.
*/
@@ -15992,7 +16084,7 @@ index 1a4477c..7061819 100644
}
syscall_return_slowpath(regs);
-@@ -415,6 +473,7 @@ __visible long do_fast_syscall_32(struct pt_regs *regs)
+@@ -416,6 +494,7 @@ __visible long do_fast_syscall_32(struct pt_regs *regs)
unsigned long landing_pad = (unsigned long)current->mm->context.vdso +
vdso_image_32.sym_int80_landing_pad;
@@ -16000,7 +16092,7 @@ index 1a4477c..7061819 100644
/*
* SYSENTER loses EIP, and even SYSCALL32 needs us to skip forward
-@@ -435,11 +494,9 @@ __visible long do_fast_syscall_32(struct pt_regs *regs)
+@@ -435,11 +514,9 @@ __visible long do_fast_syscall_32(struct pt_regs *regs)
* Micro-optimization: the pointer we're following is explicitly
* 32 bits, so it can't be out of range.
*/
@@ -16015,7 +16107,7 @@ index 1a4477c..7061819 100644
) {
diff --git a/arch/x86/entry/entry_32.S b/arch/x86/entry/entry_32.S
-index bb3e376..c49752a 100644
+index 10868aa..e645e1d 100644
--- a/arch/x86/entry/entry_32.S
+++ b/arch/x86/entry/entry_32.S
@@ -147,13 +147,157 @@
@@ -16245,8 +16337,8 @@ index bb3e376..c49752a 100644
+ENDPROC(resume_kernel)
#endif
- # SYSENTER call handler stub
-@@ -301,6 +462,10 @@ sysenter_past_esp:
+ GLOBAL(__begin_SYSENTER_singlestep_region)
+@@ -351,6 +512,10 @@ sysenter_past_esp:
pushl %eax /* pt_regs->orig_ax */
SAVE_ALL pt_regs_ax=$-ENOSYS /* save rest */
@@ -16255,9 +16347,9 @@ index bb3e376..c49752a 100644
+#endif
+
/*
- * User mode is traced as though IRQs are on, and SYSENTER
- * turned them off.
-@@ -313,11 +478,20 @@ sysenter_past_esp:
+ * SYSENTER doesn't filter flags, so we need to clear NT, AC
+ * and TF ourselves. To save a few cycles, we can check whether
+@@ -386,11 +551,20 @@ sysenter_past_esp:
ALTERNATIVE "testl %eax, %eax; jz .Lsyscall_32_done", \
"jmp .Lsyscall_32_done", X86_FEATURE_XENPV
@@ -16278,7 +16370,7 @@ index bb3e376..c49752a 100644
PTGS_TO_GS
popl %ebx /* pt_regs->bx */
addl $2*4, %esp /* skip pt_regs->cx and pt_regs->dx */
-@@ -334,10 +508,16 @@ sysenter_past_esp:
+@@ -416,10 +590,16 @@ sysenter_past_esp:
sysexit
.pushsection .fixup, "ax"
@@ -16295,9 +16387,9 @@ index bb3e376..c49752a 100644
+ _ASM_EXTABLE(2b, 5b)
+ _ASM_EXTABLE(3b, 6b)
PTGS_TO_GS_EX
- ENDPROC(entry_SYSENTER_32)
-@@ -347,6 +527,10 @@ ENTRY(entry_INT80_32)
+ .Lsysenter_fix_flags:
+@@ -462,6 +642,10 @@ ENTRY(entry_INT80_32)
pushl %eax /* pt_regs->orig_ax */
SAVE_ALL pt_regs_ax=$-ENOSYS /* save rest */
@@ -16306,10 +16398,10 @@ index bb3e376..c49752a 100644
+#endif
+
/*
- * User mode is traced as though IRQs are on. Unlike the 64-bit
- * case, INT80 is a trap gate on 32-bit kernels, so interrupts
-@@ -357,6 +541,13 @@ ENTRY(entry_INT80_32)
- call do_syscall_32_irqs_on
+ * User mode is traced as though IRQs are on, and the interrupt gate
+ * turned them off.
+@@ -472,6 +656,13 @@ ENTRY(entry_INT80_32)
+ call do_int80_syscall_32
.Lsyscall_32_done:
+#ifdef CONFIG_PAX_RANDKSTACK
@@ -16322,7 +16414,7 @@ index bb3e376..c49752a 100644
restore_all:
TRACE_IRQS_IRET
restore_all_notrace:
-@@ -411,14 +602,34 @@ ldt_ss:
+@@ -515,14 +706,34 @@ ldt_ss:
* compensating for the offset by changing to the ESPFIX segment with
* a base address that matches for the difference.
*/
@@ -16360,7 +16452,7 @@ index bb3e376..c49752a 100644
pushl $__ESPFIX_SS
pushl %eax /* new kernel esp */
/*
-@@ -442,8 +653,15 @@ ENDPROC(entry_INT80_32)
+@@ -546,8 +757,15 @@ ENDPROC(entry_INT80_32)
*/
#ifdef CONFIG_X86_ESPFIX32
/* fixup the stack */
@@ -16378,7 +16470,7 @@ index bb3e376..c49752a 100644
shl $16, %eax
addl %esp, %eax /* the adjusted stack pointer */
pushl $__KERNEL_DS
-@@ -479,7 +697,7 @@ ENTRY(irq_entries_start)
+@@ -583,7 +801,7 @@ ENTRY(irq_entries_start)
jmp common_interrupt
.align 8
.endr
@@ -16387,7 +16479,7 @@ index bb3e376..c49752a 100644
/*
* the CPU automatically disables interrupts when executing an IRQ vector,
-@@ -526,7 +744,7 @@ ENTRY(coprocessor_error)
+@@ -630,7 +848,7 @@ ENTRY(coprocessor_error)
pushl $0
pushl $do_coprocessor_error
jmp error_code
@@ -16396,7 +16488,7 @@ index bb3e376..c49752a 100644
ENTRY(simd_coprocessor_error)
ASM_CLAC
-@@ -540,20 +758,20 @@ ENTRY(simd_coprocessor_error)
+@@ -644,20 +862,20 @@ ENTRY(simd_coprocessor_error)
pushl $do_simd_coprocessor_error
#endif
jmp error_code
@@ -16420,7 +16512,7 @@ index bb3e376..c49752a 100644
#endif
ENTRY(overflow)
-@@ -561,59 +779,59 @@ ENTRY(overflow)
+@@ -665,59 +883,59 @@ ENTRY(overflow)
pushl $0
pushl $do_overflow
jmp error_code
@@ -16489,7 +16581,7 @@ index bb3e376..c49752a 100644
#ifdef CONFIG_X86_MCE
ENTRY(machine_check)
-@@ -621,7 +839,7 @@ ENTRY(machine_check)
+@@ -725,7 +943,7 @@ ENTRY(machine_check)
pushl $0
pushl machine_check_vector
jmp error_code
@@ -16498,7 +16590,7 @@ index bb3e376..c49752a 100644
#endif
ENTRY(spurious_interrupt_bug)
-@@ -629,7 +847,7 @@ ENTRY(spurious_interrupt_bug)
+@@ -733,7 +951,7 @@ ENTRY(spurious_interrupt_bug)
pushl $0
pushl $do_spurious_interrupt_bug
jmp error_code
@@ -16506,8 +16598,8 @@ index bb3e376..c49752a 100644
+ENDPROC(spurious_interrupt_bug)
#ifdef CONFIG_XEN
- /*
-@@ -736,7 +954,7 @@ BUILD_INTERRUPT3(hyperv_callback_vector, HYPERVISOR_CALLBACK_VECTOR,
+ ENTRY(xen_hypervisor_callback)
+@@ -832,7 +1050,7 @@ BUILD_INTERRUPT3(hyperv_callback_vector, HYPERVISOR_CALLBACK_VECTOR,
ENTRY(mcount)
ret
@@ -16516,7 +16608,7 @@ index bb3e376..c49752a 100644
ENTRY(ftrace_caller)
pushl %eax
-@@ -766,7 +984,7 @@ ftrace_graph_call:
+@@ -862,7 +1080,7 @@ ftrace_graph_call:
.globl ftrace_stub
ftrace_stub:
ret
@@ -16525,7 +16617,7 @@ index bb3e376..c49752a 100644
ENTRY(ftrace_regs_caller)
pushf /* push flags before compare (in cs location) */
-@@ -864,7 +1082,7 @@ trace:
+@@ -960,7 +1178,7 @@ trace:
popl %ecx
popl %eax
jmp ftrace_stub
@@ -16534,7 +16626,7 @@ index bb3e376..c49752a 100644
#endif /* CONFIG_DYNAMIC_FTRACE */
#endif /* CONFIG_FUNCTION_TRACER */
-@@ -882,7 +1100,7 @@ ENTRY(ftrace_graph_caller)
+@@ -978,7 +1196,7 @@ ENTRY(ftrace_graph_caller)
popl %ecx
popl %eax
ret
@@ -16543,7 +16635,7 @@ index bb3e376..c49752a 100644
.globl return_to_handler
return_to_handler:
-@@ -901,7 +1119,7 @@ ENTRY(trace_page_fault)
+@@ -997,7 +1215,7 @@ ENTRY(trace_page_fault)
ASM_CLAC
pushl $trace_do_page_fault
jmp error_code
@@ -16552,7 +16644,7 @@ index bb3e376..c49752a 100644
#endif
ENTRY(page_fault)
-@@ -930,14 +1148,17 @@ error_code:
+@@ -1026,16 +1244,19 @@ error_code:
movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart
REG_TO_PTGS %ecx
SET_KERNEL_GS %ecx
@@ -16570,46 +16662,70 @@ index bb3e376..c49752a 100644
-END(page_fault)
+ENDPROC(page_fault)
- /*
- * Debug traps and NMI can happen at the one SYSENTER instruction
-@@ -962,7 +1183,7 @@ END(page_fault)
- pushl $sysenter_past_esp
- .endm
-
-ENTRY(debug)
+ENTRY(int1)
- ASM_CLAC
- cmpl $entry_SYSENTER_32, (%esp)
- jne debug_stack_correct
-@@ -975,7 +1196,7 @@ debug_stack_correct:
+ /*
+ * #DB can happen at the first instruction of
+ * entry_SYSENTER_32 or in Xen's SYSENTER prologue. If this
+@@ -1052,7 +1273,13 @@ ENTRY(debug)
movl %esp, %eax # pt_regs pointer
+
+ /* Are we currently on the SYSENTER stack? */
+- PER_CPU(cpu_tss + CPU_TSS_SYSENTER_stack + SIZEOF_SYSENTER_stack, %ecx)
++#ifdef CONFIG_SMP
++ imul $TSS_size, PER_CPU_VAR(cpu_number), %ecx
++ lea cpu_tss(%ecx), %ecx
++#else
++ movl $cpu_tss, %ecx
++#endif
++ movl CPU_TSS_SYSENTER_stack + SIZEOF_SYSENTER_stack(%ecx), %ecx
+ subl %eax, %ecx /* ecx = (end of SYSENTER_stack) - esp */
+ cmpl $SIZEOF_SYSENTER_stack, %ecx
+ jb .Ldebug_from_sysenter_stack
+@@ -1069,7 +1296,7 @@ ENTRY(debug)
call do_debug
+ movl %ebp, %esp
jmp ret_from_exception
-END(debug)
+ENDPROC(int1)
/*
- * NMI is doubly nasty. It can happen _while_ we're handling
-@@ -1014,6 +1235,9 @@ nmi_stack_correct:
- xorl %edx, %edx # zero error code
+ * NMI is doubly nasty. It can happen on the first instruction of
+@@ -1094,13 +1321,22 @@ ENTRY(nmi)
movl %esp, %eax # pt_regs pointer
+
+ /* Are we currently on the SYSENTER stack? */
+- PER_CPU(cpu_tss + CPU_TSS_SYSENTER_stack + SIZEOF_SYSENTER_stack, %ecx)
++#ifdef CONFIG_SMP
++ imul $TSS_size, PER_CPU_VAR(cpu_number), %ecx
++ lea cpu_tss(%ecx), %ecx
++#else
++ movl $cpu_tss, %ecx
++#endif
++ movl CPU_TSS_SYSENTER_stack + SIZEOF_SYSENTER_stack(%ecx), %ecx
+ subl %eax, %ecx /* ecx = (end of SYSENTER_stack) - esp */
+ cmpl $SIZEOF_SYSENTER_stack, %ecx
+ jb .Lnmi_from_sysenter_stack
+
+ /* Not on SYSENTER stack. */
call do_nmi
+
+ pax_exit_kernel
+
jmp restore_all_notrace
- nmi_stack_fixup:
-@@ -1023,7 +1247,7 @@ nmi_stack_fixup:
- nmi_debug_stack_check:
- cmpw $__KERNEL_CS, 16(%esp)
- jne nmi_stack_correct
-- cmpl $debug, (%esp)
-+ cmpl $int1, (%esp)
- jb nmi_stack_correct
- cmpl $debug_esp_fix_insn, (%esp)
- ja nmi_stack_correct
-@@ -1047,11 +1271,14 @@ nmi_espfix_stack:
+ .Lnmi_from_sysenter_stack:
+@@ -1112,6 +1348,9 @@ ENTRY(nmi)
+ movl PER_CPU_VAR(cpu_current_top_of_stack), %esp
+ call do_nmi
+ movl %ebp, %esp
++
++ pax_exit_kernel
++
+ jmp restore_all_notrace
+
+ #ifdef CONFIG_X86_ESPFIX32
+@@ -1131,11 +1370,14 @@ nmi_espfix_stack:
FIXUP_ESPFIX_STACK # %eax == %esp
xorl %edx, %edx # zero error code
call do_nmi
@@ -16625,7 +16741,7 @@ index bb3e376..c49752a 100644
ENTRY(int3)
ASM_CLAC
-@@ -1062,17 +1289,17 @@ ENTRY(int3)
+@@ -1146,17 +1388,17 @@ ENTRY(int3)
movl %esp, %eax # pt_regs pointer
call do_int3
jmp ret_from_exception
@@ -16647,7 +16763,7 @@ index bb3e376..c49752a 100644
+ENDPROC(async_page_fault)
#endif
diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S
-index 9d34d3c..2398c40 100644
+index 858b555..895a2d0 100644
--- a/arch/x86/entry/entry_64.S
+++ b/arch/x86/entry/entry_64.S
@@ -36,6 +36,8 @@
@@ -17071,26 +17187,10 @@ index 9d34d3c..2398c40 100644
jnc 1f
TRACE_IRQS_ON_DEBUG
1:
-@@ -148,14 +546,6 @@ GLOBAL(entry_SYSCALL_64_after_swapgs)
- /* Construct struct pt_regs on stack */
- pushq $__USER_DS /* pt_regs->ss */
- pushq PER_CPU_VAR(rsp_scratch) /* pt_regs->sp */
-- /*
-- * Re-enable interrupts.
-- * We use 'rsp_scratch' as a scratch space, hence irq-off block above
-- * must execute atomically in the face of possible interrupt-driven
-- * task preemption. We must enable interrupts only after we're done
-- * with using rsp_scratch:
-- */
-- ENABLE_INTERRUPTS(CLBR_NONE)
- pushq %r11 /* pt_regs->flags */
- pushq $__USER_CS /* pt_regs->cs */
- pushq %rcx /* pt_regs->ip */
-@@ -171,7 +561,27 @@ GLOBAL(entry_SYSCALL_64_after_swapgs)
+@@ -175,11 +573,22 @@ GLOBAL(entry_SYSCALL_64_after_swapgs)
pushq %r11 /* pt_regs->r11 */
sub $(6*8), %rsp /* pt_regs->bp, bx, r12-15 not saved */
-- testl $_TIF_WORK_SYSCALL_ENTRY, ASM_THREAD_INFO(TI_flags, %rsp, SIZEOF_PTREGS)
+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_OR
+ movq %r12, R12(%rsp)
+#endif
@@ -17101,139 +17201,81 @@ index 9d34d3c..2398c40 100644
+ pax_erase_kstack
+#endif
+
-+ /*
-+ * Re-enable interrupts.
-+ * We use 'rsp_scratch' as a scratch space, hence irq-off block above
-+ * must execute atomically in the face of possible interrupt-driven
-+ * task preemption. We must enable interrupts only after we're done
-+ * with using rsp_scratch:
-+ */
-+ ENABLE_INTERRUPTS(CLBR_NONE)
-+
+ /*
+ * If we need to do entry work or if we guess we'll need to do
+ * exit work, go straight to the slow path.
+ */
+- testl $_TIF_WORK_SYSCALL_ENTRY|_TIF_ALLWORK_MASK, ASM_THREAD_INFO(TI_flags, %rsp, SIZEOF_PTREGS)
+ GET_THREAD_INFO(%rcx)
-+ testl $_TIF_WORK_SYSCALL_ENTRY, TI_flags(%rcx)
- jnz tracesys
++ testl $_TIF_WORK_SYSCALL_ENTRY|_TIF_ALLWORK_MASK, TI_flags(%rcx)
+ jnz entry_SYSCALL64_slow_path
+
entry_SYSCALL_64_fastpath:
- #if __SYSCALL_MASK == ~0
-@@ -204,9 +614,13 @@ entry_SYSCALL_64_fastpath:
- * flags (TIF_NOTIFY_RESUME, TIF_USER_RETURN_NOTIFY, etc) set is
- * very bad.
+@@ -217,9 +626,13 @@ entry_SYSCALL_64_fastpath:
*/
+ DISABLE_INTERRUPTS(CLBR_NONE)
+ TRACE_IRQS_OFF
- testl $_TIF_ALLWORK_MASK, ASM_THREAD_INFO(TI_flags, %rsp, SIZEOF_PTREGS)
+ GET_THREAD_INFO(%rcx)
+ testl $_TIF_ALLWORK_MASK, TI_flags(%rcx)
- jnz int_ret_from_sys_call_irqs_off /* Go to the slow path */
+ jnz 1f
+ pax_exit_kernel_user
+ pax_erase_kstack
+
- RESTORE_C_REGS_EXCEPT_RCX_R11
+ LOCKDEP_SYS_EXIT
+ TRACE_IRQS_ON /* user mode is traced as IRQs on */
movq RIP(%rsp), %rcx
- movq EFLAGS(%rsp), %r11
-@@ -240,6 +654,9 @@ tracesys:
- call syscall_trace_enter_phase1
- test %rax, %rax
- jnz tracesys_phase2 /* if needed, run the slow path */
-+
-+ pax_erase_kstack
-+
- RESTORE_C_REGS_EXCEPT_RAX /* else restore clobbered regs */
- movq ORIG_RAX(%rsp), %rax
- jmp entry_SYSCALL_64_fastpath /* and return to the fast path */
-@@ -251,6 +668,8 @@ tracesys_phase2:
- movq %rax, %rdx
- call syscall_trace_enter_phase2
+@@ -248,6 +661,9 @@ entry_SYSCALL64_slow_path:
+ call do_syscall_64 /* returns with IRQs disabled */
-+ pax_erase_kstack
-+
- /*
- * Reload registers from stack in case ptrace changed them.
- * We don't reload %rax because syscall_trace_entry_phase2() returned
-@@ -279,6 +698,8 @@ GLOBAL(int_ret_from_sys_call)
- SAVE_EXTRA_REGS
- movq %rsp, %rdi
- call syscall_return_slowpath /* returns with IRQs disabled */
+ return_from_SYSCALL_64:
+ pax_exit_kernel_user
+ pax_erase_kstack
++
RESTORE_EXTRA_REGS
TRACE_IRQS_IRETQ /* we're about to change IF */
-@@ -353,14 +774,14 @@ syscall_return_via_sysret:
+@@ -322,7 +738,7 @@ syscall_return_via_sysret:
opportunistic_sysret_failed:
SWAPGS
jmp restore_c_regs_and_iret
-END(entry_SYSCALL_64)
+ENDPROC(entry_SYSCALL_64)
+ ENTRY(stub_ptregs_64)
+ /*
+@@ -349,13 +765,13 @@ ENTRY(stub_ptregs_64)
+ 1:
+ /* Called from C */
+ jmp *%rax /* called from C */
+-END(stub_ptregs_64)
++ENDPROC(stub_ptregs_64)
+
+ .macro ptregs_stub func
+ ENTRY(ptregs_\func)
+ leaq \func(%rip), %rax
+ jmp stub_ptregs_64
+-END(ptregs_\func)
++ENDPROC(ptregs_\func)
+ .endm
- .macro FORK_LIKE func
- ENTRY(stub_\func)
- SAVE_EXTRA_REGS 8
- jmp sys_\func
--END(stub_\func)
-+ENDPROC(stub_\func)
- .endm
-
- FORK_LIKE clone
-@@ -380,7 +801,7 @@ return_from_execve:
- ZERO_EXTRA_REGS
- movq %rax, RAX(%rsp)
- jmp int_ret_from_sys_call
--END(stub_execve)
-+ENDPROC(stub_execve)
- /*
- * Remaining execve stubs are only 7 bytes long.
- * ENTRY() often aligns to 16 bytes, which in this case has no benefits.
-@@ -389,19 +810,19 @@ END(stub_execve)
- GLOBAL(stub_execveat)
- call sys_execveat
- jmp return_from_execve
--END(stub_execveat)
-+ENDPROC(stub_execveat)
-
- #if defined(CONFIG_X86_X32_ABI)
- .align 8
- GLOBAL(stub_x32_execve)
- call compat_sys_execve
- jmp return_from_execve
--END(stub_x32_execve)
-+ENDPROC(stub_x32_execve)
- .align 8
- GLOBAL(stub_x32_execveat)
- call compat_sys_execveat
- jmp return_from_execve
--END(stub_x32_execveat)
-+ENDPROC(stub_x32_execveat)
- #endif
-
- /*
-@@ -423,14 +844,14 @@ return_from_stub:
- RESTORE_EXTRA_REGS
- movq %rax, RAX(%rsp)
- jmp int_ret_from_sys_call
--END(stub_rt_sigreturn)
-+ENDPROC(stub_rt_sigreturn)
-
- #ifdef CONFIG_X86_X32_ABI
- ENTRY(stub_x32_rt_sigreturn)
- SAVE_EXTRA_REGS 8
- call sys32_x32_rt_sigreturn
- jmp return_from_stub
--END(stub_x32_rt_sigreturn)
-+ENDPROC(stub_x32_rt_sigreturn)
- #endif
-
- /*
-@@ -469,7 +890,7 @@ ENTRY(ret_from_fork)
- movl $0, RAX(%rsp)
- RESTORE_EXTRA_REGS
- jmp int_ret_from_sys_call
+ /* Instantiate ptregs_stub for each ptregs-using syscall */
+@@ -400,10 +816,12 @@ ENTRY(ret_from_fork)
+ 1:
+ movq %rsp, %rdi
+ call syscall_return_slowpath /* returns with IRQs disabled */
++ pax_exit_kernel_user
++ pax_erase_kstack
+ TRACE_IRQS_ON /* user mode is traced as IRQS on */
+ SWAPGS
+ jmp restore_regs_and_iret
-END(ret_from_fork)
+ENDPROC(ret_from_fork)
/*
* Build the entry stubs with some assembler magic.
-@@ -484,7 +905,7 @@ ENTRY(irq_entries_start)
+@@ -418,7 +836,7 @@ ENTRY(irq_entries_start)
jmp common_interrupt
.align 8
.endr
@@ -17242,7 +17284,7 @@ index 9d34d3c..2398c40 100644
/*
* Interrupt entry/exit.
-@@ -510,6 +931,12 @@ END(irq_entries_start)
+@@ -444,6 +862,12 @@ END(irq_entries_start)
*/
SWAPGS
@@ -17255,7 +17297,7 @@ index 9d34d3c..2398c40 100644
/*
* We need to tell lockdep that IRQs are off. We can't do this until
* we fix gsbase, and we should do it before enter_from_user_mode
-@@ -522,7 +949,9 @@ END(irq_entries_start)
+@@ -456,7 +880,9 @@ END(irq_entries_start)
CALL_enter_from_user_mode
@@ -17266,7 +17308,7 @@ index 9d34d3c..2398c40 100644
/*
* Save previous stack pointer, optionally switch to interrupt stack.
* irq_count is used to check if a CPU is already on an interrupt stack
-@@ -534,6 +963,7 @@ END(irq_entries_start)
+@@ -468,6 +894,7 @@ END(irq_entries_start)
incl PER_CPU_VAR(irq_count)
cmovzq PER_CPU_VAR(irq_stack_ptr), %rsp
pushq %rdi
@@ -17274,7 +17316,7 @@ index 9d34d3c..2398c40 100644
/* We entered an interrupt context - irqs are off: */
TRACE_IRQS_OFF
-@@ -565,6 +995,8 @@ ret_from_intr:
+@@ -499,6 +926,8 @@ ret_from_intr:
GLOBAL(retint_user)
mov %rsp,%rdi
call prepare_exit_to_usermode
@@ -17283,7 +17325,7 @@ index 9d34d3c..2398c40 100644
TRACE_IRQS_IRETQ
SWAPGS
jmp restore_regs_and_iret
-@@ -582,6 +1014,21 @@ retint_kernel:
+@@ -516,6 +945,21 @@ retint_kernel:
jmp 0b
1:
#endif
@@ -17305,7 +17347,7 @@ index 9d34d3c..2398c40 100644
/*
* The iretq could re-enable interrupts:
*/
-@@ -625,15 +1072,15 @@ native_irq_return_ldt:
+@@ -559,15 +1003,15 @@ native_irq_return_ldt:
SWAPGS
movq PER_CPU_VAR(espfix_waddr), %rdi
movq %rax, (0*8)(%rdi) /* RAX */
@@ -17326,7 +17368,7 @@ index 9d34d3c..2398c40 100644
movq %rax, (4*8)(%rdi)
andl $0xffff0000, %eax
popq %rdi
-@@ -643,7 +1090,7 @@ native_irq_return_ldt:
+@@ -577,7 +1021,7 @@ native_irq_return_ldt:
popq %rax
jmp native_irq_return_iret
#endif
@@ -17335,7 +17377,7 @@ index 9d34d3c..2398c40 100644
/*
* APIC interrupts.
-@@ -655,7 +1102,7 @@ ENTRY(\sym)
+@@ -589,7 +1033,7 @@ ENTRY(\sym)
.Lcommon_\sym:
interrupt \do_sym
jmp ret_from_intr
@@ -17344,7 +17386,7 @@ index 9d34d3c..2398c40 100644
.endm
#ifdef CONFIG_TRACING
-@@ -720,7 +1167,7 @@ apicinterrupt IRQ_WORK_VECTOR irq_work_interrupt smp_irq_work_interrupt
+@@ -654,7 +1098,7 @@ apicinterrupt IRQ_WORK_VECTOR irq_work_interrupt smp_irq_work_interrupt
/*
* Exception entry points.
*/
@@ -17353,20 +17395,20 @@ index 9d34d3c..2398c40 100644
.macro idtentry sym do_sym has_error_code:req paranoid=0 shift_ist=-1
ENTRY(\sym)
-@@ -767,6 +1214,12 @@ ENTRY(\sym)
+@@ -701,6 +1145,12 @@ ENTRY(\sym)
.endif
.if \shift_ist != -1
+#ifdef CONFIG_SMP
-+ imul $TSS_size, PER_CPU_VAR(cpu_number), %r13d
-+ lea cpu_tss(%r13), %r13
++ imul $TSS_size, PER_CPU_VAR(cpu_number), %r13d
++ leaq cpu_tss(%r13), %r13
+#else
-+ lea cpu_tss(%rip), %r13
++ leaq cpu_tss(%rip), %r13
+#endif
subq $EXCEPTION_STKSZ, CPU_TSS_IST(\shift_ist)
.endif
-@@ -810,7 +1263,7 @@ ENTRY(\sym)
+@@ -744,7 +1194,7 @@ ENTRY(\sym)
jmp error_exit /* %ebx: no swapgs flag */
.endif
@@ -17375,7 +17417,7 @@ index 9d34d3c..2398c40 100644
.endm
#ifdef CONFIG_TRACING
-@@ -852,8 +1305,9 @@ gs_change:
+@@ -786,8 +1236,9 @@ gs_change:
2: mfence /* workaround */
SWAPGS
popfq
@@ -17386,7 +17428,7 @@ index 9d34d3c..2398c40 100644
_ASM_EXTABLE(gs_change, bad_gs)
.section .fixup, "ax"
-@@ -875,8 +1329,9 @@ ENTRY(do_softirq_own_stack)
+@@ -809,8 +1260,9 @@ ENTRY(do_softirq_own_stack)
call __do_softirq
leaveq
decl PER_CPU_VAR(irq_count)
@@ -17397,7 +17439,7 @@ index 9d34d3c..2398c40 100644
#ifdef CONFIG_XEN
idtentry xen_hypervisor_callback xen_do_hypervisor_callback has_error_code=0
-@@ -912,7 +1367,7 @@ ENTRY(xen_do_hypervisor_callback) /* do_hypervisor_callback(struct *pt_regs) */
+@@ -846,7 +1298,7 @@ ENTRY(xen_do_hypervisor_callback) /* do_hypervisor_callback(struct *pt_regs) */
call xen_maybe_preempt_hcall
#endif
jmp error_exit
@@ -17406,7 +17448,7 @@ index 9d34d3c..2398c40 100644
/*
* Hypervisor uses this for application faults while it executes.
-@@ -957,7 +1412,7 @@ ENTRY(xen_failsafe_callback)
+@@ -891,7 +1343,7 @@ ENTRY(xen_failsafe_callback)
SAVE_C_REGS
SAVE_EXTRA_REGS
jmp error_exit
@@ -17415,7 +17457,7 @@ index 9d34d3c..2398c40 100644
apicinterrupt3 HYPERVISOR_CALLBACK_VECTOR \
xen_hvm_callback_vector xen_evtchn_do_upcall
-@@ -969,7 +1424,7 @@ apicinterrupt3 HYPERVISOR_CALLBACK_VECTOR \
+@@ -903,7 +1355,7 @@ apicinterrupt3 HYPERVISOR_CALLBACK_VECTOR \
hyperv_callback_vector hyperv_vector_handler
#endif /* CONFIG_HYPERV */
@@ -17424,7 +17466,7 @@ index 9d34d3c..2398c40 100644
idtentry int3 do_int3 has_error_code=0 paranoid=1 shift_ist=DEBUG_STACK
idtentry stack_segment do_stack_segment has_error_code=1
-@@ -1006,8 +1461,34 @@ ENTRY(paranoid_entry)
+@@ -940,8 +1392,34 @@ ENTRY(paranoid_entry)
js 1f /* negative -> in kernel */
SWAPGS
xorl %ebx, %ebx
@@ -17461,7 +17503,7 @@ index 9d34d3c..2398c40 100644
/*
* "Paranoid" exit path from exception stack. This is invoked
-@@ -1024,19 +1505,26 @@ END(paranoid_entry)
+@@ -958,19 +1436,26 @@ END(paranoid_entry)
ENTRY(paranoid_exit)
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF_DEBUG
@@ -17490,7 +17532,7 @@ index 9d34d3c..2398c40 100644
/*
* Save all registers in pt_regs, and switch gs if needed.
-@@ -1050,13 +1538,18 @@ ENTRY(error_entry)
+@@ -984,13 +1469,18 @@ ENTRY(error_entry)
testb $3, CS+8(%rsp)
jz .Lerror_kernelspace
@@ -17510,7 +17552,7 @@ index 9d34d3c..2398c40 100644
.Lerror_entry_from_usermode_after_swapgs:
/*
* We need to tell lockdep that IRQs are off. We can't do this until
-@@ -1065,10 +1558,12 @@ ENTRY(error_entry)
+@@ -999,10 +1489,12 @@ ENTRY(error_entry)
*/
TRACE_IRQS_OFF
CALL_enter_from_user_mode
@@ -17523,7 +17565,7 @@ index 9d34d3c..2398c40 100644
ret
/*
-@@ -1086,14 +1581,16 @@ ENTRY(error_entry)
+@@ -1020,14 +1512,16 @@ ENTRY(error_entry)
cmpq %rax, RIP+8(%rsp)
je .Lbstep_iret
cmpq $gs_change, RIP+8(%rsp)
@@ -17542,7 +17584,7 @@ index 9d34d3c..2398c40 100644
.Lbstep_iret:
/* Fix truncated RIP */
-@@ -1107,6 +1604,12 @@ ENTRY(error_entry)
+@@ -1041,6 +1535,12 @@ ENTRY(error_entry)
*/
SWAPGS
@@ -17555,7 +17597,7 @@ index 9d34d3c..2398c40 100644
/*
* Pretend that the exception came from user mode: set up pt_regs
* as if we faulted immediately after IRET and clear EBX so that
-@@ -1117,11 +1620,11 @@ ENTRY(error_entry)
+@@ -1051,11 +1551,11 @@ ENTRY(error_entry)
mov %rax, %rsp
decl %ebx
jmp .Lerror_entry_from_usermode_after_swapgs
@@ -17569,7 +17611,7 @@ index 9d34d3c..2398c40 100644
* 1: already in kernel mode, don't need SWAPGS
* 0: user gsbase is loaded, we need SWAPGS and standard preparation for return to usermode
*/
-@@ -1129,10 +1632,10 @@ ENTRY(error_exit)
+@@ -1063,10 +1563,10 @@ ENTRY(error_exit)
movl %ebx, %eax
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF
@@ -17582,7 +17624,7 @@ index 9d34d3c..2398c40 100644
/* Runs on exception stack */
ENTRY(nmi)
-@@ -1186,6 +1689,8 @@ ENTRY(nmi)
+@@ -1120,6 +1620,8 @@ ENTRY(nmi)
* other IST entries.
*/
@@ -17591,7 +17633,7 @@ index 9d34d3c..2398c40 100644
/* Use %rdx as our temp variable throughout */
pushq %rdx
-@@ -1229,6 +1734,12 @@ ENTRY(nmi)
+@@ -1163,6 +1665,12 @@ ENTRY(nmi)
pushq %r14 /* pt_regs->r14 */
pushq %r15 /* pt_regs->r15 */
@@ -17604,7 +17646,7 @@ index 9d34d3c..2398c40 100644
/*
* At this point we no longer need to worry about stack damage
* due to nesting -- we're on the normal thread stack and we're
-@@ -1239,12 +1750,19 @@ ENTRY(nmi)
+@@ -1173,12 +1681,19 @@ ENTRY(nmi)
movq $-1, %rsi
call do_nmi
@@ -17624,7 +17666,7 @@ index 9d34d3c..2398c40 100644
jmp restore_c_regs_and_iret
.Lnmi_from_kernel:
-@@ -1366,6 +1884,7 @@ nested_nmi_out:
+@@ -1300,6 +1815,7 @@ nested_nmi_out:
popq %rdx
/* We are returning to kernel mode, so this cannot result in a fault. */
@@ -17632,7 +17674,7 @@ index 9d34d3c..2398c40 100644
INTERRUPT_RETURN
first_nmi:
-@@ -1394,7 +1913,7 @@ first_nmi:
+@@ -1328,7 +1844,7 @@ first_nmi:
pushq %rsp /* RSP (minus 8 because of the previous push) */
addq $8, (%rsp) /* Fix up RSP */
pushfq /* RFLAGS */
@@ -17641,7 +17683,7 @@ index 9d34d3c..2398c40 100644
pushq $1f /* RIP */
INTERRUPT_RETURN /* continues at repeat_nmi below */
1:
-@@ -1439,20 +1958,22 @@ end_repeat_nmi:
+@@ -1373,20 +1889,22 @@ end_repeat_nmi:
ALLOC_PT_GPREGS_ON_STACK
/*
@@ -17667,7 +17709,7 @@ index 9d34d3c..2398c40 100644
jnz nmi_restore
nmi_swapgs:
SWAPGS_UNSAFE_STACK
-@@ -1463,6 +1984,8 @@ nmi_restore:
+@@ -1397,6 +1915,8 @@ nmi_restore:
/* Point RSP at the "iret" frame. */
REMOVE_PT_GPREGS_FROM_STACK 6*8
@@ -17676,7 +17718,7 @@ index 9d34d3c..2398c40 100644
/*
* Clear "NMI executing". Set DF first so that we can easily
* distinguish the remaining code between here and IRET from
-@@ -1480,9 +2003,9 @@ nmi_restore:
+@@ -1414,9 +1934,9 @@ nmi_restore:
* mode, so this cannot result in a fault.
*/
INTERRUPT_RETURN
@@ -17689,7 +17731,7 @@ index 9d34d3c..2398c40 100644
-END(ignore_sysret)
+ENDPROC(ignore_sysret)
diff --git a/arch/x86/entry/entry_64_compat.S b/arch/x86/entry/entry_64_compat.S
-index 3c990ee..d49c8f4 100644
+index 847f2f0..5f601b1 100644
--- a/arch/x86/entry/entry_64_compat.S
+++ b/arch/x86/entry/entry_64_compat.S
@@ -13,11 +13,39 @@
@@ -17730,11 +17772,11 @@ index 3c990ee..d49c8f4 100644
+ .endm
+
/*
- * 32-bit SYSENTER instruction entry.
+ * 32-bit SYSENTER entry.
*
-@@ -69,26 +97,36 @@ ENTRY(entry_SYSENTER_compat)
- ASM_CLAC /* Clear AC after saving FLAGS */
-
+@@ -72,26 +100,36 @@ ENTRY(entry_SYSENTER_compat)
+ pushfq /* pt_regs->flags (except IF = 0) */
+ orl $X86_EFLAGS_IF, (%rsp) /* Fix saved flags */
pushq $__USER32_CS /* pt_regs->cs */
- xorq %r8,%r8
- pushq %r8 /* pt_regs->ip = 0 (placeholder) */
@@ -17777,9 +17819,9 @@ index 3c990ee..d49c8f4 100644
+#endif
+
/*
- * Sysenter doesn't filter flags, so we need to clear NT
+ * SYSENTER doesn't filter flags, so we need to clear NT and AC
* ourselves. To save a few cycles, we can check whether
-@@ -174,17 +212,27 @@ ENTRY(entry_SYSCALL_compat)
+@@ -205,17 +243,27 @@ ENTRY(entry_SYSCALL_compat)
pushq %rdx /* pt_regs->dx */
pushq %rbp /* pt_regs->cx (stashed in bp) */
pushq $-ENOSYS /* pt_regs->ax */
@@ -17816,7 +17858,7 @@ index 3c990ee..d49c8f4 100644
/*
* User mode is traced as though IRQs are on, and SYSENTER
-@@ -200,11 +248,18 @@ ENTRY(entry_SYSCALL_compat)
+@@ -231,11 +279,18 @@ ENTRY(entry_SYSCALL_compat)
/* Opportunistic SYSRET */
sysret32_from_system_call:
@@ -17835,7 +17877,7 @@ index 3c990ee..d49c8f4 100644
addq $RAX, %rsp /* Skip r8-r15 */
popq %rax /* pt_regs->rax */
popq %rdx /* Skip pt_regs->cx */
-@@ -233,7 +288,7 @@ sysret32_from_system_call:
+@@ -264,7 +319,7 @@ sysret32_from_system_call:
movq RSP-ORIG_RAX(%rsp), %rsp
swapgs
sysretl
@@ -17843,8 +17885,8 @@ index 3c990ee..d49c8f4 100644
+ENDPROC(entry_SYSCALL_compat)
/*
- * Emulated IA32 system calls via int 0x80.
-@@ -280,11 +335,11 @@ ENTRY(entry_INT80_compat)
+ * 32-bit legacy system call entry.
+@@ -316,11 +371,11 @@ ENTRY(entry_INT80_compat)
pushq %rdx /* pt_regs->dx */
pushq %rcx /* pt_regs->cx */
pushq $-ENOSYS /* pt_regs->ax */
@@ -17861,7 +17903,7 @@ index 3c990ee..d49c8f4 100644
pushq %rbx /* pt_regs->rbx */
pushq %rbp /* pt_regs->rbp */
pushq %r12 /* pt_regs->r12 */
-@@ -293,6 +348,12 @@ ENTRY(entry_INT80_compat)
+@@ -329,6 +384,12 @@ ENTRY(entry_INT80_compat)
pushq %r15 /* pt_regs->r15 */
cld
@@ -17874,7 +17916,7 @@ index 3c990ee..d49c8f4 100644
/*
* User mode is traced as though IRQs are on, and the interrupt
* gate turned them off.
-@@ -304,10 +365,12 @@ ENTRY(entry_INT80_compat)
+@@ -340,10 +401,12 @@ ENTRY(entry_INT80_compat)
.Lsyscall_32_done:
/* Go back to user mode. */
@@ -17889,30 +17931,30 @@ index 3c990ee..d49c8f4 100644
ALIGN
GLOBAL(stub32_clone)
diff --git a/arch/x86/entry/thunk_64.S b/arch/x86/entry/thunk_64.S
-index efb2b93..8a9cb8e 100644
+index 98df1fa..b2ef8bd 100644
--- a/arch/x86/entry/thunk_64.S
+++ b/arch/x86/entry/thunk_64.S
-@@ -8,6 +8,7 @@
- #include <linux/linkage.h>
+@@ -9,6 +9,7 @@
#include "calling.h"
#include <asm/asm.h>
+ #include <asm/frame.h>
+#include <asm/alternative-asm.h>
/* rdi: arg1 ... normal C conventions. rax is saved/restored. */
.macro THUNK name, func, put_ret_addr_in_rdi=0
-@@ -62,6 +63,7 @@ restore:
- popq %rdx
+@@ -66,6 +67,7 @@ restore:
popq %rsi
popq %rdi
+ FRAME_END
+ pax_force_retaddr
ret
_ASM_NOKPROBE(restore)
#endif
diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile
-index c854541..1786538 100644
+index 6874da5..acbad90 100644
--- a/arch/x86/entry/vdso/Makefile
+++ b/arch/x86/entry/vdso/Makefile
-@@ -70,7 +70,7 @@ CFL := $(PROFILING) -mcmodel=small -fPIC -O2 -fasynchronous-unwind-tables -m64 \
+@@ -75,7 +75,7 @@ CFL := $(PROFILING) -mcmodel=small -fPIC -O2 -fasynchronous-unwind-tables -m64 \
-fno-omit-frame-pointer -foptimize-sibling-calls \
-DDISABLE_BRANCH_PROFILING -DBUILD_VDSO
@@ -17921,7 +17963,7 @@ index c854541..1786538 100644
#
# vDSO code runs in userspace and -pg doesn't help with profiling anyway.
-@@ -140,6 +140,7 @@ KBUILD_CFLAGS_32 := $(filter-out -m64,$(KBUILD_CFLAGS))
+@@ -145,6 +145,7 @@ KBUILD_CFLAGS_32 := $(filter-out -m64,$(KBUILD_CFLAGS))
KBUILD_CFLAGS_32 := $(filter-out -mcmodel=kernel,$(KBUILD_CFLAGS_32))
KBUILD_CFLAGS_32 := $(filter-out -fno-pic,$(KBUILD_CFLAGS_32))
KBUILD_CFLAGS_32 := $(filter-out -mfentry,$(KBUILD_CFLAGS_32))
@@ -17929,7 +17971,7 @@ index c854541..1786538 100644
KBUILD_CFLAGS_32 += -m32 -msoft-float -mregparm=0 -fpic
KBUILD_CFLAGS_32 += $(call cc-option, -fno-stack-protector)
KBUILD_CFLAGS_32 += $(call cc-option, -foptimize-sibling-calls)
-@@ -163,7 +164,7 @@ quiet_cmd_vdso = VDSO $@
+@@ -168,7 +169,7 @@ quiet_cmd_vdso = VDSO $@
-Wl,-T,$(filter %.lds,$^) $(filter %.o,$^) && \
sh $(srctree)/$(src)/checkundef.sh '$(NM)' '$@'
@@ -17939,7 +17981,7 @@ index c854541..1786538 100644
GCOV_PROFILE := n
diff --git a/arch/x86/entry/vdso/vclock_gettime.c b/arch/x86/entry/vdso/vclock_gettime.c
-index 1a50e09..3e25e7a 100644
+index 03c3eb7..23f58a5 100644
--- a/arch/x86/entry/vdso/vclock_gettime.c
+++ b/arch/x86/entry/vdso/vclock_gettime.c
@@ -330,5 +330,5 @@ notrace time_t __vdso_time(time_t *t)
@@ -17950,7 +17992,7 @@ index 1a50e09..3e25e7a 100644
+time_t time(time_t *t)
__attribute__((weak, alias("__vdso_time")));
diff --git a/arch/x86/entry/vdso/vdso2c.h b/arch/x86/entry/vdso/vdso2c.h
-index 0224987..0359810 100644
+index 63a03bb..ee6bd34 100644
--- a/arch/x86/entry/vdso/vdso2c.h
+++ b/arch/x86/entry/vdso/vdso2c.h
@@ -12,7 +12,7 @@ static void BITSFUNC(go)(void *raw_addr, size_t raw_len,
@@ -17971,32 +18013,14 @@ index 0224987..0359810 100644
ELF(Sym) *sym = raw_addr + GET_LE(&symtab_hdr->sh_offset) +
GET_LE(&symtab_hdr->sh_entsize) * i;
const char *name = raw_addr + GET_LE(&strtab_hdr->sh_offset) +
-@@ -140,7 +140,7 @@ static void BITSFUNC(go)(void *raw_addr, size_t raw_len,
- fprintf(outfile, "#include <asm/vdso.h>\n");
- fprintf(outfile, "\n");
- fprintf(outfile,
-- "static unsigned char raw_data[%lu] __page_aligned_data = {",
-+ "static unsigned char raw_data[%lu] __page_aligned_rodata = {",
- mapping_size);
- for (j = 0; j < stripped_len; j++) {
- if (j % 10 == 0)
-@@ -150,7 +150,7 @@ static void BITSFUNC(go)(void *raw_addr, size_t raw_len,
- }
- fprintf(outfile, "\n};\n\n");
-
-- fprintf(outfile, "static struct page *pages[%lu];\n\n",
-+ fprintf(outfile, "static struct page *pages[%lu] __read_only;\n\n",
- mapping_size / 4096);
-
- fprintf(outfile, "const struct vdso_image %s = {\n", name);
diff --git a/arch/x86/entry/vdso/vma.c b/arch/x86/entry/vdso/vma.c
-index b8f69e2..b142158 100644
+index 10f7045..ebe6eb7 100644
--- a/arch/x86/entry/vdso/vma.c
+++ b/arch/x86/entry/vdso/vma.c
-@@ -20,10 +20,7 @@
- #include <asm/page.h>
+@@ -21,10 +21,7 @@
#include <asm/hpet.h>
#include <asm/desc.h>
+ #include <asm/cpufeature.h>
-
-#if defined(CONFIG_X86_64)
-unsigned int __read_mostly vdso64_enabled = 1;
@@ -18005,9 +18029,18 @@ index b8f69e2..b142158 100644
void __init init_vdso_image(const struct vdso_image *image)
{
-@@ -103,6 +100,11 @@ static int map_vdso(const struct vdso_image *image, bool calculate_addr)
+@@ -90,7 +87,7 @@ static int vdso_fault(const struct vm_special_mapping *sm,
+ {
+ const struct vdso_image *image = vma->vm_mm->context.vdso_image;
+
+- if (!image || (vmf->pgoff << PAGE_SHIFT) >= image->size)
++ if (!image || vmf->pgoff >= (image->size >> PAGE_SHIFT))
+ return VM_FAULT_SIGBUS;
+
+ vmf->page = virt_to_page(image->data + (vmf->pgoff << PAGE_SHIFT));
+@@ -167,6 +164,11 @@ static int map_vdso(const struct vdso_image *image, bool calculate_addr)
+ .fault = vvar_fault,
};
- struct pvclock_vsyscall_time_info *pvti;
+#ifdef CONFIG_PAX_RANDMMAP
+ if (mm->pax_flags & MF_PAX_RANDMMAP)
@@ -18017,7 +18050,7 @@ index b8f69e2..b142158 100644
if (calculate_addr) {
addr = vdso_addr(current->mm->start_stack,
image->size - image->sym_vvar_start);
-@@ -113,14 +115,14 @@ static int map_vdso(const struct vdso_image *image, bool calculate_addr)
+@@ -177,15 +179,15 @@ static int map_vdso(const struct vdso_image *image, bool calculate_addr)
down_write(&mm->mmap_sem);
addr = get_unmapped_area(NULL, addr,
@@ -18030,18 +18063,21 @@ index b8f69e2..b142158 100644
text_start = addr - image->sym_vvar_start;
- current->mm->context.vdso = (void __user *)text_start;
+- current->mm->context.vdso_image = image;
+ mm->context.vdso = text_start;
++ mm->context.vdso_image = image;
/*
* MAYWRITE to allow gdb to COW and set breakpoints
-@@ -178,14 +180,11 @@ static int map_vdso(const struct vdso_image *image, bool calculate_addr)
- __pa(pvti) >> PAGE_SHIFT,
- PAGE_SIZE,
- PAGE_READONLY);
--
-- if (ret)
-- goto up_fail;
- }
+@@ -209,14 +211,12 @@ static int map_vdso(const struct vdso_image *image, bool calculate_addr)
+ VM_PFNMAP,
+ &vvar_mapping);
+
+- if (IS_ERR(vma)) {
++ if (IS_ERR(vma))
+ ret = PTR_ERR(vma);
+- goto up_fail;
+- }
up_fail:
if (ret)
@@ -18050,7 +18086,7 @@ index b8f69e2..b142158 100644
up_write(&mm->mmap_sem);
return ret;
-@@ -204,9 +203,6 @@ static int load_vdso32(void)
+@@ -235,9 +235,6 @@ static int load_vdso32(void)
#ifdef CONFIG_X86_64
int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
{
@@ -18060,7 +18096,7 @@ index b8f69e2..b142158 100644
return map_vdso(&vdso_image_64, true);
}
-@@ -215,12 +211,8 @@ int compat_arch_setup_additional_pages(struct linux_binprm *bprm,
+@@ -246,12 +243,8 @@ int compat_arch_setup_additional_pages(struct linux_binprm *bprm,
int uses_interp)
{
#ifdef CONFIG_X86_X32_ABI
@@ -18074,7 +18110,7 @@ index b8f69e2..b142158 100644
#endif
#ifdef CONFIG_IA32_EMULATION
return load_vdso32();
-@@ -237,15 +229,6 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
+@@ -268,15 +261,6 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
#endif
#ifdef CONFIG_X86_64
@@ -18162,6 +18198,544 @@ index c9596a9..805b68d 100644
.globl __vsyscall_page
.balign PAGE_SIZE, 0xcc
.type __vsyscall_page, @object
+diff --git a/arch/x86/events/amd/iommu.c b/arch/x86/events/amd/iommu.c
+index 6011a57..311bea0 100644
+--- a/arch/x86/events/amd/iommu.c
++++ b/arch/x86/events/amd/iommu.c
+@@ -80,12 +80,12 @@ static struct attribute_group amd_iommu_format_group = {
+ * sysfs events attributes
+ *---------------------------------------------*/
+ struct amd_iommu_event_desc {
+- struct kobj_attribute attr;
++ struct device_attribute attr;
+ const char *event;
+ };
+
+-static ssize_t _iommu_event_show(struct kobject *kobj,
+- struct kobj_attribute *attr, char *buf)
++static ssize_t _iommu_event_show(struct device *dev,
++ struct device_attribute *attr, char *buf)
+ {
+ struct amd_iommu_event_desc *event =
+ container_of(attr, struct amd_iommu_event_desc, attr);
+@@ -407,7 +407,7 @@ static void perf_iommu_del(struct perf_event *event, int flags)
+ static __init int _init_events_attrs(struct perf_amd_iommu *perf_iommu)
+ {
+ struct attribute **attrs;
+- struct attribute_group *attr_group;
++ attribute_group_no_const *attr_group;
+ int i = 0, j;
+
+ while (amd_iommu_v2_event_descs[i].attr.attr.name)
+diff --git a/arch/x86/events/core.c b/arch/x86/events/core.c
+index 041e442..3ed82386 100644
+--- a/arch/x86/events/core.c
++++ b/arch/x86/events/core.c
+@@ -1535,7 +1535,7 @@ static void __init pmu_check_apic(void)
+
+ }
+
+-static struct attribute_group x86_pmu_format_group = {
++static attribute_group_no_const x86_pmu_format_group = {
+ .name = "format",
+ .attrs = NULL,
+ };
+@@ -1643,7 +1643,7 @@ static struct attribute *events_attr[] = {
+ NULL,
+ };
+
+-static struct attribute_group x86_pmu_events_group = {
++static attribute_group_no_const x86_pmu_events_group = {
+ .name = "events",
+ .attrs = events_attr,
+ };
+@@ -2251,7 +2251,7 @@ static unsigned long get_segment_base(unsigned int segment)
+ if (idx > GDT_ENTRIES)
+ return 0;
+
+- desc = raw_cpu_ptr(gdt_page.gdt) + idx;
++ desc = get_cpu_gdt_table(smp_processor_id()) + idx;
+ }
+
+ return get_desc_base(desc);
+@@ -2356,7 +2356,7 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs)
+ break;
+
+ perf_callchain_store(entry, frame.return_address);
+- fp = (void __user *)frame.next_frame;
++ fp = (void __force_user *)frame.next_frame;
+ }
+ pagefault_enable();
+ }
+diff --git a/arch/x86/events/intel/bts.c b/arch/x86/events/intel/bts.c
+index b99dc92..407392a 100644
+--- a/arch/x86/events/intel/bts.c
++++ b/arch/x86/events/intel/bts.c
+@@ -250,7 +250,7 @@ static void bts_event_start(struct perf_event *event, int flags)
+ __bts_event_start(event);
+
+ /* PMI handler: this counter is running and likely generating PMIs */
+- ACCESS_ONCE(bts->started) = 1;
++ ACCESS_ONCE_RW(bts->started) = 1;
+ }
+
+ static void __bts_event_stop(struct perf_event *event)
+@@ -264,7 +264,7 @@ static void __bts_event_stop(struct perf_event *event)
+ if (event->hw.state & PERF_HES_STOPPED)
+ return;
+
+- ACCESS_ONCE(event->hw.state) |= PERF_HES_STOPPED;
++ ACCESS_ONCE_RW(event->hw.state) |= PERF_HES_STOPPED;
+ }
+
+ static void bts_event_stop(struct perf_event *event, int flags)
+@@ -272,7 +272,7 @@ static void bts_event_stop(struct perf_event *event, int flags)
+ struct bts_ctx *bts = this_cpu_ptr(&bts_ctx);
+
+ /* PMI handler: don't restart this counter */
+- ACCESS_ONCE(bts->started) = 0;
++ ACCESS_ONCE_RW(bts->started) = 0;
+
+ __bts_event_stop(event);
+
+diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c
+index 5210eaa..b6846dc 100644
+--- a/arch/x86/events/intel/core.c
++++ b/arch/x86/events/intel/core.c
+@@ -2185,6 +2185,8 @@ __intel_get_event_constraints(struct cpu_hw_events *cpuc, int idx,
+ }
+
+ static void
++intel_start_scheduling(struct cpu_hw_events *cpuc) __acquires(&cpuc->excl_cntrs->lock);
++static void
+ intel_start_scheduling(struct cpu_hw_events *cpuc)
+ {
+ struct intel_excl_cntrs *excl_cntrs = cpuc->excl_cntrs;
+@@ -2194,14 +2196,18 @@ intel_start_scheduling(struct cpu_hw_events *cpuc)
+ /*
+ * nothing needed if in group validation mode
+ */
+- if (cpuc->is_fake || !is_ht_workaround_enabled())
++ if (cpuc->is_fake || !is_ht_workaround_enabled()) {
++ __acquire(&excl_cntrs->lock);
+ return;
++ }
+
+ /*
+ * no exclusion needed
+ */
+- if (WARN_ON_ONCE(!excl_cntrs))
++ if (WARN_ON_ONCE(!excl_cntrs)) {
++ __acquire(&excl_cntrs->lock);
+ return;
++ }
+
+ xl = &excl_cntrs->states[tid];
+
+@@ -2241,6 +2247,8 @@ static void intel_commit_scheduling(struct cpu_hw_events *cpuc, int idx, int cnt
+ }
+
+ static void
++intel_stop_scheduling(struct cpu_hw_events *cpuc) __releases(&cpuc->excl_cntrs->lock);
++static void
+ intel_stop_scheduling(struct cpu_hw_events *cpuc)
+ {
+ struct intel_excl_cntrs *excl_cntrs = cpuc->excl_cntrs;
+@@ -2250,13 +2258,18 @@ intel_stop_scheduling(struct cpu_hw_events *cpuc)
+ /*
+ * nothing needed if in group validation mode
+ */
+- if (cpuc->is_fake || !is_ht_workaround_enabled())
++ if (cpuc->is_fake || !is_ht_workaround_enabled()) {
++ __release(&excl_cntrs->lock);
+ return;
++ }
++
+ /*
+ * no exclusion needed
+ */
+- if (WARN_ON_ONCE(!excl_cntrs))
++ if (WARN_ON_ONCE(!excl_cntrs)) {
++ __release(&excl_cntrs->lock);
+ return;
++ }
+
+ xl = &excl_cntrs->states[tid];
+
+@@ -2439,19 +2452,22 @@ static void intel_put_excl_constraints(struct cpu_hw_events *cpuc,
+ * unused now.
+ */
+ if (hwc->idx >= 0) {
++ bool sched_started;
++
+ xl = &excl_cntrs->states[tid];
++ sched_started = xl->sched_started;
+
+ /*
+ * put_constraint may be called from x86_schedule_events()
+ * which already has the lock held so here make locking
+ * conditional.
+ */
+- if (!xl->sched_started)
++ if (!sched_started)
+ raw_spin_lock(&excl_cntrs->lock);
+
+ xl->state[hwc->idx] = INTEL_EXCL_UNUSED;
+
+- if (!xl->sched_started)
++ if (!sched_started)
+ raw_spin_unlock(&excl_cntrs->lock);
+ }
+ }
+@@ -3360,10 +3376,10 @@ __init int intel_pmu_init(void)
+ x86_pmu.num_counters_fixed = max((int)edx.split.num_counters_fixed, 3);
+
+ if (boot_cpu_has(X86_FEATURE_PDCM)) {
+- u64 capabilities;
++ u64 capabilities = x86_pmu.intel_cap.capabilities;
+
+- rdmsrl(MSR_IA32_PERF_CAPABILITIES, capabilities);
+- x86_pmu.intel_cap.capabilities = capabilities;
++ if (rdmsrl_safe(MSR_IA32_PERF_CAPABILITIES, &x86_pmu.intel_cap.capabilities))
++ x86_pmu.intel_cap.capabilities = capabilities;
+ }
+
+ intel_ds_init();
+diff --git a/arch/x86/events/intel/cqm.c b/arch/x86/events/intel/cqm.c
+index 7b5fd81..3ca58b5 100644
+--- a/arch/x86/events/intel/cqm.c
++++ b/arch/x86/events/intel/cqm.c
+@@ -1479,7 +1479,7 @@ static struct attribute *intel_cmt_mbm_events_attr[] = {
+ NULL,
+ };
+
+-static struct attribute_group intel_cqm_events_group = {
++static attribute_group_no_const intel_cqm_events_group __read_only = {
+ .name = "events",
+ .attrs = NULL,
+ };
+@@ -1737,7 +1737,9 @@ static int __init intel_cqm_init(void)
+ goto out;
+ }
+
+- event_attr_intel_cqm_llc_scale.event_str = str;
++ pax_open_kernel();
++ const_cast(event_attr_intel_cqm_llc_scale.event_str) = str;
++ pax_close_kernel();
+
+ ret = intel_cqm_setup_rmid_cache();
+ if (ret)
+@@ -1753,12 +1755,14 @@ static int __init intel_cqm_init(void)
+ if (ret && !cqm_enabled)
+ goto out;
+
++ pax_open_kernel();
+ if (cqm_enabled && mbm_enabled)
+- intel_cqm_events_group.attrs = intel_cmt_mbm_events_attr;
++ const_cast(intel_cqm_events_group.attrs) = intel_cmt_mbm_events_attr;
+ else if (!cqm_enabled && mbm_enabled)
+- intel_cqm_events_group.attrs = intel_mbm_events_attr;
++ const_cast(intel_cqm_events_group.attrs) = intel_mbm_events_attr;
+ else if (cqm_enabled && !mbm_enabled)
+- intel_cqm_events_group.attrs = intel_cqm_events_attr;
++ const_cast(intel_cqm_events_group.attrs) = intel_cqm_events_attr;
++ pax_close_kernel();
+
+ ret = perf_pmu_register(&intel_cqm_pmu, "intel_cqm", -1);
+ if (ret) {
+diff --git a/arch/x86/events/intel/cstate.c b/arch/x86/events/intel/cstate.c
+index 7946c42..75c730b 100644
+--- a/arch/x86/events/intel/cstate.c
++++ b/arch/x86/events/intel/cstate.c
+@@ -92,14 +92,14 @@
+ #include "../perf_event.h"
+
+ #define DEFINE_CSTATE_FORMAT_ATTR(_var, _name, _format) \
+-static ssize_t __cstate_##_var##_show(struct kobject *kobj, \
+- struct kobj_attribute *attr, \
++static ssize_t __cstate_##_var##_show(struct device *dev, \
++ struct device_attribute *attr, \
+ char *page) \
+ { \
+ BUILD_BUG_ON(sizeof(_format) >= PAGE_SIZE); \
+ return sprintf(page, _format "\n"); \
+ } \
+-static struct kobj_attribute format_attr_##_var = \
++static struct device_attribute format_attr_##_var = \
+ __ATTR(_name, 0444, __cstate_##_var##_show, NULL)
+
+ static ssize_t cstate_get_attr_cpumask(struct device *dev,
+diff --git a/arch/x86/events/intel/ds.c b/arch/x86/events/intel/ds.c
+index 8584b90..82c274a 100644
+--- a/arch/x86/events/intel/ds.c
++++ b/arch/x86/events/intel/ds.c
+@@ -601,7 +601,7 @@ unlock:
+
+ static inline void intel_pmu_drain_pebs_buffer(void)
+ {
+- struct pt_regs regs;
++ struct pt_regs regs = {};
+
+ x86_pmu.drain_pebs(&regs);
+ }
+@@ -903,7 +903,7 @@ static int intel_pmu_pebs_fixup_ip(struct pt_regs *regs)
+ struct cpu_hw_events *cpuc = this_cpu_ptr(&cpu_hw_events);
+ unsigned long from = cpuc->lbr_entries[0].from;
+ unsigned long old_to, to = cpuc->lbr_entries[0].to;
+- unsigned long ip = regs->ip;
++ unsigned long ip = ktva_ktla(regs->ip);
+ int is_64bit = 0;
+ void *kaddr;
+ int size;
+@@ -955,6 +955,7 @@ static int intel_pmu_pebs_fixup_ip(struct pt_regs *regs)
+ } else {
+ kaddr = (void *)to;
+ }
++ kaddr = (void *)ktva_ktla((unsigned long)kaddr);
+
+ do {
+ struct insn insn;
+@@ -1103,7 +1104,7 @@ static void setup_pebs_sample_data(struct perf_event *event,
+ }
+
+ if (event->attr.precise_ip > 1 && x86_pmu.intel_cap.pebs_format >= 2) {
+- regs->ip = pebs->real_ip;
++ set_linear_ip(regs, pebs->real_ip);
+ regs->flags |= PERF_EFLAGS_EXACT;
+ } else if (event->attr.precise_ip > 1 && intel_pmu_pebs_fixup_ip(regs))
+ regs->flags |= PERF_EFLAGS_EXACT;
+diff --git a/arch/x86/events/intel/lbr.c b/arch/x86/events/intel/lbr.c
+index 1ca5d1e..3835cc0 100644
+--- a/arch/x86/events/intel/lbr.c
++++ b/arch/x86/events/intel/lbr.c
+@@ -706,7 +706,7 @@ static int branch_type(unsigned long from, unsigned long to, int abort)
+ * Ensure we don't blindy read any address by validating it is
+ * a known text address.
+ */
+- if (kernel_text_address(from)) {
++ if (kernel_text_address(ktva_ktla(from))) {
+ addr = (void *)from;
+ /*
+ * Assume we can get the maximum possible size
+@@ -728,7 +728,7 @@ static int branch_type(unsigned long from, unsigned long to, int abort)
+ #ifdef CONFIG_X86_64
+ is64 = kernel_ip((unsigned long)addr) || !test_thread_flag(TIF_IA32);
+ #endif
+- insn_init(&insn, addr, bytes_read, is64);
++ insn_init(&insn, (void *)ktva_ktla((unsigned long)addr), bytes_read, is64);
+ insn_get_opcode(&insn);
+ if (!insn.opcode.got)
+ return X86_BR_ABORT;
+diff --git a/arch/x86/events/intel/pt.c b/arch/x86/events/intel/pt.c
+index 7377814..a128ad7 100644
+--- a/arch/x86/events/intel/pt.c
++++ b/arch/x86/events/intel/pt.c
+@@ -133,14 +133,12 @@ static const struct attribute_group *pt_attr_groups[] = {
+
+ static int __init pt_pmu_hw_init(void)
+ {
+- struct dev_ext_attribute *de_attrs;
+- struct attribute **attrs;
+- size_t size;
+- u64 reg;
+- int ret;
++ static struct dev_ext_attribute de_attrs[ARRAY_SIZE(pt_caps)];
++ static struct attribute *attrs[ARRAY_SIZE(pt_caps)];
+ long i;
+
+ if (boot_cpu_has(X86_FEATURE_VMX)) {
++ u64 reg;
+ /*
+ * Intel SDM, 36.5 "Tracing post-VMXON" says that
+ * "IA32_VMX_MISC[bit 14]" being 1 means PT can trace
+@@ -151,8 +149,6 @@ static int __init pt_pmu_hw_init(void)
+ pt_pmu.vmx = true;
+ }
+
+- attrs = NULL;
+-
+ for (i = 0; i < PT_CPUID_LEAVES; i++) {
+ cpuid_count(20, i,
+ &pt_pmu.caps[CR_EAX + i*PT_CPUID_REGS_NUM],
+@@ -161,39 +157,25 @@ static int __init pt_pmu_hw_init(void)
+ &pt_pmu.caps[CR_EDX + i*PT_CPUID_REGS_NUM]);
+ }
+
+- ret = -ENOMEM;
+- size = sizeof(struct attribute *) * (ARRAY_SIZE(pt_caps)+1);
+- attrs = kzalloc(size, GFP_KERNEL);
+- if (!attrs)
+- goto fail;
+-
+- size = sizeof(struct dev_ext_attribute) * (ARRAY_SIZE(pt_caps)+1);
+- de_attrs = kzalloc(size, GFP_KERNEL);
+- if (!de_attrs)
+- goto fail;
+-
++ pax_open_kernel();
+ for (i = 0; i < ARRAY_SIZE(pt_caps); i++) {
+- struct dev_ext_attribute *de_attr = de_attrs + i;
++ struct dev_ext_attribute *de_attr = &de_attrs[i];
+
+- de_attr->attr.attr.name = pt_caps[i].name;
++ const_cast(de_attr->attr.attr.name) = pt_caps[i].name;
+
+ sysfs_attr_init(&de_attr->attr.attr);
+
+- de_attr->attr.attr.mode = S_IRUGO;
+- de_attr->attr.show = pt_cap_show;
+- de_attr->var = (void *)i;
++ const_cast(de_attr->attr.attr.mode) = S_IRUGO;
++ const_cast(de_attr->attr.show) = pt_cap_show;
++ const_cast(de_attr->var) = (void *)i;
+
+ attrs[i] = &de_attr->attr.attr;
+ }
+
+- pt_cap_group.attrs = attrs;
++ const_cast(pt_cap_group.attrs) = attrs;
++ pax_close_kernel();
+
+ return 0;
+-
+-fail:
+- kfree(attrs);
+-
+- return ret;
+ }
+
+ #define RTIT_CTL_CYC_PSB (RTIT_CTL_CYCLEACC | \
+@@ -1051,7 +1033,7 @@ static void pt_event_start(struct perf_event *event, int mode)
+ return;
+ }
+
+- ACCESS_ONCE(pt->handle_nmi) = 1;
++ ACCESS_ONCE_RW(pt->handle_nmi) = 1;
+ event->hw.state = 0;
+
+ pt_config_buffer(buf->cur->table, buf->cur_idx,
+@@ -1067,7 +1049,7 @@ static void pt_event_stop(struct perf_event *event, int mode)
+ * Protect against the PMI racing with disabling wrmsr,
+ * see comment in intel_pt_interrupt().
+ */
+- ACCESS_ONCE(pt->handle_nmi) = 0;
++ ACCESS_ONCE_RW(pt->handle_nmi) = 0;
+
+ pt_config_stop(event);
+
+diff --git a/arch/x86/events/intel/rapl.c b/arch/x86/events/intel/rapl.c
+index 1705c9d..4204f6f 100644
+--- a/arch/x86/events/intel/rapl.c
++++ b/arch/x86/events/intel/rapl.c
+@@ -100,14 +100,14 @@ static const char *const rapl_domain_names[NR_RAPL_DOMAINS] __initconst = {
+ #define RAPL_EVENT_MASK 0xFFULL
+
+ #define DEFINE_RAPL_FORMAT_ATTR(_var, _name, _format) \
+-static ssize_t __rapl_##_var##_show(struct kobject *kobj, \
+- struct kobj_attribute *attr, \
++static ssize_t __rapl_##_var##_show(struct device *dev, \
++ struct device_attribute *attr, \
+ char *page) \
+ { \
+ BUILD_BUG_ON(sizeof(_format) >= PAGE_SIZE); \
+ return sprintf(page, _format "\n"); \
+ } \
+-static struct kobj_attribute format_attr_##_var = \
++static struct device_attribute format_attr_##_var = \
+ __ATTR(_name, 0444, __rapl_##_var##_show, NULL)
+
+ #define RAPL_CNTR_WIDTH 32
+@@ -488,7 +488,7 @@ static struct attribute *rapl_events_knl_attr[] = {
+ NULL,
+ };
+
+-static struct attribute_group rapl_pmu_events_group = {
++static attribute_group_no_const rapl_pmu_events_group __read_only = {
+ .name = "events",
+ .attrs = NULL, /* patched at runtime */
+ };
+diff --git a/arch/x86/events/intel/uncore.c b/arch/x86/events/intel/uncore.c
+index f921a1e..8f8920f 100644
+--- a/arch/x86/events/intel/uncore.c
++++ b/arch/x86/events/intel/uncore.c
+@@ -84,8 +84,8 @@ end:
+ return map;
+ }
+
+-ssize_t uncore_event_show(struct kobject *kobj,
+- struct kobj_attribute *attr, char *buf)
++ssize_t uncore_event_show(struct device *dev,
++ struct device_attribute *attr, char *buf)
+ {
+ struct uncore_event_desc *event =
+ container_of(attr, struct uncore_event_desc, attr);
+@@ -813,7 +813,7 @@ static void __init uncore_types_exit(struct intel_uncore_type **types)
+ static int __init uncore_type_init(struct intel_uncore_type *type, bool setid)
+ {
+ struct intel_uncore_pmu *pmus;
+- struct attribute_group *attr_group;
++ attribute_group_no_const *attr_group;
+ struct attribute **attrs;
+ size_t size;
+ int i, j;
+diff --git a/arch/x86/events/intel/uncore.h b/arch/x86/events/intel/uncore.h
+index 79766b9..8e2b3d0 100644
+--- a/arch/x86/events/intel/uncore.h
++++ b/arch/x86/events/intel/uncore.h
+@@ -119,9 +119,9 @@ struct intel_uncore_box {
+ #define UNCORE_BOX_FLAG_INITIATED 0
+
+ struct uncore_event_desc {
+- struct kobj_attribute attr;
++ struct device_attribute attr;
+ const char *config;
+-};
++} __do_const;
+
+ struct pci2phy_map {
+ struct list_head list;
+@@ -131,8 +131,8 @@ struct pci2phy_map {
+
+ struct pci2phy_map *__find_pci2phy_map(int segment);
+
+-ssize_t uncore_event_show(struct kobject *kobj,
+- struct kobj_attribute *attr, char *buf);
++ssize_t uncore_event_show(struct device *dev,
++ struct device_attribute *attr, char *buf);
+
+ #define INTEL_UNCORE_EVENT_DESC(_name, _config) \
+ { \
+@@ -141,14 +141,14 @@ ssize_t uncore_event_show(struct kobject *kobj,
+ }
+
+ #define DEFINE_UNCORE_FORMAT_ATTR(_var, _name, _format) \
+-static ssize_t __uncore_##_var##_show(struct kobject *kobj, \
+- struct kobj_attribute *attr, \
++static ssize_t __uncore_##_var##_show(struct device *dev, \
++ struct device_attribute *attr, \
+ char *page) \
+ { \
+ BUILD_BUG_ON(sizeof(_format) >= PAGE_SIZE); \
+ return sprintf(page, _format "\n"); \
+ } \
+-static struct kobj_attribute format_attr_##_var = \
++static struct device_attribute format_attr_##_var = \
+ __ATTR(_name, 0444, __uncore_##_var##_show, NULL)
+
+ static inline unsigned uncore_pci_box_ctl(struct intel_uncore_box *box)
+diff --git a/arch/x86/events/perf_event.h b/arch/x86/events/perf_event.h
+index ad4dc7f..1eff595 100644
+--- a/arch/x86/events/perf_event.h
++++ b/arch/x86/events/perf_event.h
+@@ -792,7 +792,7 @@ static inline void set_linear_ip(struct pt_regs *regs, unsigned long ip)
+ regs->cs = kernel_ip(ip) ? __KERNEL_CS : __USER_CS;
+ if (regs->flags & X86_VM_MASK)
+ regs->flags ^= (PERF_EFLAGS_VM | X86_VM_MASK);
+- regs->ip = ip;
++ regs->ip = kernel_ip(ip) ? ktva_ktla(ip) : ip;
+ }
+
+ ssize_t x86_event_sysfs_show(char *page, u64 config, u64 event);
diff --git a/arch/x86/ia32/ia32_aout.c b/arch/x86/ia32/ia32_aout.c
index ae6aad1..719d6d9 100644
--- a/arch/x86/ia32/ia32_aout.c
@@ -18415,7 +18989,7 @@ index e7636ba..e1fb78a 100644
\newinstr1
144:
diff --git a/arch/x86/include/asm/alternative.h b/arch/x86/include/asm/alternative.h
-index 7bfc85b..65d1ec4 100644
+index 99afb66..c098094 100644
--- a/arch/x86/include/asm/alternative.h
+++ b/arch/x86/include/asm/alternative.h
@@ -136,7 +136,7 @@ static inline int alternatives_text_reserved(void *start, void *end)
@@ -18437,10 +19011,10 @@ index 7bfc85b..65d1ec4 100644
ALTINSTR_REPLACEMENT(newinstr2, feature2, 2) \
".popsection"
diff --git a/arch/x86/include/asm/apic.h b/arch/x86/include/asm/apic.h
-index e8c4fba..8d42c8c 100644
+index 98f25bb..230bd9e 100644
--- a/arch/x86/include/asm/apic.h
+++ b/arch/x86/include/asm/apic.h
-@@ -50,7 +50,7 @@ static inline void generic_apic_probe(void)
+@@ -49,7 +49,7 @@ static inline void generic_apic_probe(void)
#ifdef CONFIG_X86_LOCAL_APIC
@@ -18821,7 +19395,7 @@ index 3e86742..1b19554 100644
* @v: pointer to type int
*
diff --git a/arch/x86/include/asm/atomic64_32.h b/arch/x86/include/asm/atomic64_32.h
-index a984111..9c1ae68 100644
+index a984111..d1b3a88 100644
--- a/arch/x86/include/asm/atomic64_32.h
+++ b/arch/x86/include/asm/atomic64_32.h
@@ -11,6 +11,14 @@ typedef struct {
@@ -18893,7 +19467,33 @@ index a984111..9c1ae68 100644
* atomic64_xchg - xchg atomic64 variable
* @v: pointer to type atomic64_t
* @n: value to assign
-@@ -111,6 +144,22 @@ static inline void atomic64_set(atomic64_t *v, long long i)
+@@ -95,6 +128,25 @@ static inline long long atomic64_xchg(atomic64_t *v, long long n)
+ }
+
+ /**
++ * atomic64_xchg_unchecked - xchg atomic64 variable
++ * @v: pointer to type atomic64_unchecked_t
++ * @n: value to assign
++ *
++ * Atomically xchgs the value of @v to @n and returns
++ * the old value.
++ */
++static inline long long atomic64_xchg_unchecked(atomic64_unchecked_t *v, long long n)
++{
++ long long o;
++ unsigned high = (unsigned)(n >> 32);
++ unsigned low = (unsigned)n;
++ alternative_atomic64(xchg, "=&A" (o),
++ "S" (v), "b" (low), "c" (high)
++ : "memory");
++ return o;
++}
++
++/**
+ * atomic64_set - set atomic64 variable
+ * @v: pointer to type atomic64_t
+ * @i: value to assign
+@@ -111,6 +163,22 @@ static inline void atomic64_set(atomic64_t *v, long long i)
}
/**
@@ -18916,7 +19516,7 @@ index a984111..9c1ae68 100644
* atomic64_read - read atomic64 variable
* @v: pointer to type atomic64_t
*
-@@ -124,6 +173,19 @@ static inline long long atomic64_read(const atomic64_t *v)
+@@ -124,6 +192,19 @@ static inline long long atomic64_read(const atomic64_t *v)
}
/**
@@ -18936,7 +19536,7 @@ index a984111..9c1ae68 100644
* atomic64_add_return - add and return
* @i: integer value to add
* @v: pointer to type atomic64_t
-@@ -138,6 +200,21 @@ static inline long long atomic64_add_return(long long i, atomic64_t *v)
+@@ -138,6 +219,21 @@ static inline long long atomic64_add_return(long long i, atomic64_t *v)
return i;
}
@@ -18958,7 +19558,7 @@ index a984111..9c1ae68 100644
/*
* Other variants with different arithmetic operators:
*/
-@@ -157,6 +234,14 @@ static inline long long atomic64_inc_return(atomic64_t *v)
+@@ -157,6 +253,14 @@ static inline long long atomic64_inc_return(atomic64_t *v)
return a;
}
@@ -18973,7 +19573,7 @@ index a984111..9c1ae68 100644
static inline long long atomic64_dec_return(atomic64_t *v)
{
long long a;
-@@ -181,6 +266,21 @@ static inline long long atomic64_add(long long i, atomic64_t *v)
+@@ -181,6 +285,21 @@ static inline long long atomic64_add(long long i, atomic64_t *v)
}
/**
@@ -18996,7 +19596,7 @@ index a984111..9c1ae68 100644
* @i: integer value to subtract
* @v: pointer to type atomic64_t
diff --git a/arch/x86/include/asm/atomic64_64.h b/arch/x86/include/asm/atomic64_64.h
-index 0373510..e37ee10 100644
+index 0373510..3619c56 100644
--- a/arch/x86/include/asm/atomic64_64.h
+++ b/arch/x86/include/asm/atomic64_64.h
@@ -22,6 +22,18 @@ static inline long atomic64_read(const atomic64_t *v)
@@ -19221,7 +19821,7 @@ index 0373510..e37ee10 100644
#define atomic64_dec_return(v) (atomic64_sub_return(1, (v)))
static inline long atomic64_cmpxchg(atomic64_t *v, long old, long new)
-@@ -166,6 +292,11 @@ static inline long atomic64_cmpxchg(atomic64_t *v, long old, long new)
+@@ -166,11 +292,21 @@ static inline long atomic64_cmpxchg(atomic64_t *v, long old, long new)
return cmpxchg(&v->counter, old, new);
}
@@ -19233,7 +19833,17 @@ index 0373510..e37ee10 100644
static inline long atomic64_xchg(atomic64_t *v, long new)
{
return xchg(&v->counter, new);
-@@ -182,17 +313,30 @@ static inline long atomic64_xchg(atomic64_t *v, long new)
+ }
+
++static inline long atomic64_xchg_unchecked(atomic64_unchecked_t *v, long new)
++{
++ return xchg(&v->counter, new);
++}
++
+ /**
+ * atomic64_add_unless - add unless the number is a given value
+ * @v: pointer of type atomic64_t
+@@ -182,17 +318,30 @@ static inline long atomic64_xchg(atomic64_t *v, long new)
*/
static inline int atomic64_add_unless(atomic64_t *v, long a, long u)
{
@@ -19269,7 +19879,7 @@ index 0373510..e37ee10 100644
#define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1, 0)
diff --git a/arch/x86/include/asm/bitops.h b/arch/x86/include/asm/bitops.h
-index cfe3b95..d01b118 100644
+index 7766d1c..f545428 100644
--- a/arch/x86/include/asm/bitops.h
+++ b/arch/x86/include/asm/bitops.h
@@ -50,7 +50,7 @@
@@ -19281,27 +19891,27 @@ index cfe3b95..d01b118 100644
#define CONST_MASK(nr) (1 << ((nr) & 7))
/**
-@@ -203,7 +203,7 @@ static inline void change_bit(long nr, volatile unsigned long *addr)
+@@ -203,7 +203,7 @@ static __always_inline void change_bit(long nr, volatile unsigned long *addr)
*/
- static inline int test_and_set_bit(long nr, volatile unsigned long *addr)
+ static __always_inline int test_and_set_bit(long nr, volatile unsigned long *addr)
{
- GEN_BINARY_RMWcc(LOCK_PREFIX "bts", *addr, "Ir", nr, "%0", "c");
+ GEN_BINARY_RMWcc_unchecked(LOCK_PREFIX "bts", *addr, "Ir", nr, "%0", "c");
}
/**
-@@ -249,7 +249,7 @@ static inline int __test_and_set_bit(long nr, volatile unsigned long *addr)
+@@ -249,7 +249,7 @@ static __always_inline int __test_and_set_bit(long nr, volatile unsigned long *a
*/
- static inline int test_and_clear_bit(long nr, volatile unsigned long *addr)
+ static __always_inline int test_and_clear_bit(long nr, volatile unsigned long *addr)
{
- GEN_BINARY_RMWcc(LOCK_PREFIX "btr", *addr, "Ir", nr, "%0", "c");
+ GEN_BINARY_RMWcc_unchecked(LOCK_PREFIX "btr", *addr, "Ir", nr, "%0", "c");
}
/**
-@@ -302,7 +302,7 @@ static inline int __test_and_change_bit(long nr, volatile unsigned long *addr)
+@@ -302,7 +302,7 @@ static __always_inline int __test_and_change_bit(long nr, volatile unsigned long
*/
- static inline int test_and_change_bit(long nr, volatile unsigned long *addr)
+ static __always_inline int test_and_change_bit(long nr, volatile unsigned long *addr)
{
- GEN_BINARY_RMWcc(LOCK_PREFIX "btc", *addr, "Ir", nr, "%0", "c");
+ GEN_BINARY_RMWcc_unchecked(LOCK_PREFIX "btc", *addr, "Ir", nr, "%0", "c");
@@ -19312,39 +19922,39 @@ index cfe3b95..d01b118 100644
*
* Undefined if no bit exists, so code should check against 0 first.
*/
--static inline unsigned long __ffs(unsigned long word)
-+static inline unsigned long __intentional_overflow(-1) __ffs(unsigned long word)
+-static __always_inline unsigned long __ffs(unsigned long word)
++static __always_inline unsigned long __intentional_overflow(-1) __ffs(unsigned long word)
{
asm("rep; bsf %1,%0"
: "=r" (word)
-@@ -357,7 +357,7 @@ static inline unsigned long __ffs(unsigned long word)
+@@ -357,7 +357,7 @@ static __always_inline unsigned long __ffs(unsigned long word)
*
* Undefined if no zero exists, so code should check against ~0UL first.
*/
--static inline unsigned long ffz(unsigned long word)
-+static inline unsigned long __intentional_overflow(-1) ffz(unsigned long word)
+-static __always_inline unsigned long ffz(unsigned long word)
++static __always_inline unsigned long __intentional_overflow(-1) ffz(unsigned long word)
{
asm("rep; bsf %1,%0"
: "=r" (word)
-@@ -371,7 +371,7 @@ static inline unsigned long ffz(unsigned long word)
+@@ -371,7 +371,7 @@ static __always_inline unsigned long ffz(unsigned long word)
*
* Undefined if no set bit exists, so code should check against 0 first.
*/
--static inline unsigned long __fls(unsigned long word)
-+static inline unsigned long __intentional_overflow(-1) __fls(unsigned long word)
+-static __always_inline unsigned long __fls(unsigned long word)
++static __always_inline unsigned long __intentional_overflow(-1) __fls(unsigned long word)
{
asm("bsr %1,%0"
: "=r" (word)
-@@ -434,7 +434,7 @@ static inline int ffs(int x)
+@@ -434,7 +434,7 @@ static __always_inline int ffs(int x)
* set bit if value is nonzero. The last (most significant) bit is
* at position 32.
*/
--static inline int fls(int x)
-+static inline int __intentional_overflow(-1) fls(int x)
+-static __always_inline int fls(int x)
++static __always_inline int __intentional_overflow(-1) fls(int x)
{
int r;
-@@ -476,7 +476,7 @@ static inline int fls(int x)
+@@ -476,7 +476,7 @@ static __always_inline int fls(int x)
* at position 64.
*/
#ifdef CONFIG_X86_64
@@ -19367,10 +19977,10 @@ index 6b8d6e8..3cbf4f8 100644
& ~(CONFIG_PHYSICAL_ALIGN - 1))
diff --git a/arch/x86/include/asm/cache.h b/arch/x86/include/asm/cache.h
-index 48f99f1..d78ebf9 100644
+index 48f99f1..26ab08a 100644
--- a/arch/x86/include/asm/cache.h
+++ b/arch/x86/include/asm/cache.h
-@@ -5,12 +5,13 @@
+@@ -5,12 +5,12 @@
/* L1 cache line size */
#define L1_CACHE_SHIFT (CONFIG_X86_L1_CACHE_SHIFT)
@@ -19378,7 +19988,6 @@ index 48f99f1..d78ebf9 100644
+#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT)
#define __read_mostly __attribute__((__section__(".data..read_mostly")))
-+#define __read_only __attribute__((__section__(".data..read_only")))
#define INTERNODE_CACHE_SHIFT CONFIG_X86_INTERNODE_CACHE_SHIFT
-#define INTERNODE_CACHE_BYTES (1 << INTERNODE_CACHE_SHIFT)
@@ -19387,7 +19996,7 @@ index 48f99f1..d78ebf9 100644
#ifdef CONFIG_X86_VSMP
#ifdef CONFIG_SMP
diff --git a/arch/x86/include/asm/checksum_32.h b/arch/x86/include/asm/checksum_32.h
-index f50de69..2b0a458 100644
+index 532f85e..b1d8a66a 100644
--- a/arch/x86/include/asm/checksum_32.h
+++ b/arch/x86/include/asm/checksum_32.h
@@ -31,6 +31,14 @@ asmlinkage __wsum csum_partial_copy_generic(const void *src, void *dst,
@@ -19414,7 +20023,7 @@ index f50de69..2b0a458 100644
len, sum, err_ptr, NULL);
clac();
-@@ -187,7 +195,7 @@ static inline __wsum csum_and_copy_to_user(const void *src,
+@@ -184,7 +192,7 @@ static inline __wsum csum_and_copy_to_user(const void *src,
might_sleep();
if (access_ok(VERIFY_WRITE, dst, len)) {
stac();
@@ -19424,10 +20033,10 @@ index f50de69..2b0a458 100644
clac();
return ret;
diff --git a/arch/x86/include/asm/cmpxchg.h b/arch/x86/include/asm/cmpxchg.h
-index ad19841..0784041 100644
+index 9733361..2053014 100644
--- a/arch/x86/include/asm/cmpxchg.h
+++ b/arch/x86/include/asm/cmpxchg.h
-@@ -14,8 +14,12 @@ extern void __cmpxchg_wrong_size(void)
+@@ -15,8 +15,12 @@ extern void __cmpxchg_wrong_size(void)
__compiletime_error("Bad argument size for cmpxchg");
extern void __xadd_wrong_size(void)
__compiletime_error("Bad argument size for xadd");
@@ -19440,7 +20049,7 @@ index ad19841..0784041 100644
/*
* Constants for operation sizes. On 32-bit, the 64-bit size it set to
-@@ -67,6 +71,38 @@ extern void __add_wrong_size(void)
+@@ -68,6 +72,38 @@ extern void __add_wrong_size(void)
__ret; \
})
@@ -19479,7 +20088,7 @@ index ad19841..0784041 100644
/*
* Note: no "lock" prefix even on SMP: xchg always implies lock anyway.
* Since this is generally used to protect other memory information, we
-@@ -165,6 +201,9 @@ extern void __add_wrong_size(void)
+@@ -166,6 +202,9 @@ extern void __add_wrong_size(void)
#define xadd_sync(ptr, inc) __xadd((ptr), (inc), "lock; ")
#define xadd_local(ptr, inc) __xadd((ptr), (inc), "")
@@ -19490,7 +20099,7 @@ index ad19841..0784041 100644
({ \
__typeof__ (*(ptr)) __ret = (inc); \
diff --git a/arch/x86/include/asm/compat.h b/arch/x86/include/asm/compat.h
-index acdee09..e5c31cd 100644
+index ebb102e..4240767 100644
--- a/arch/x86/include/asm/compat.h
+++ b/arch/x86/include/asm/compat.h
@@ -41,7 +41,11 @@ typedef s64 __attribute__((aligned(4))) compat_s64;
@@ -19506,10 +20115,23 @@ index acdee09..e5c31cd 100644
struct compat_timespec {
compat_time_t tv_sec;
diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h
-index 7ad8c94..00a0aa3 100644
+index aeab479..5467e0b 100644
--- a/arch/x86/include/asm/cpufeature.h
+++ b/arch/x86/include/asm/cpufeature.h
-@@ -203,7 +203,8 @@
+@@ -164,7 +164,7 @@ static __always_inline __pure bool _static_cpu_has(u16 bit)
+ " .byte 5f - 4f\n" /* repl len */
+ " .byte 3b - 2b\n" /* pad len */
+ ".previous\n"
+- ".section .altinstr_replacement,\"ax\"\n"
++ ".section .altinstr_replacement,\"a\"\n"
+ "4: jmp %l[t_no]\n"
+ "5:\n"
+ ".previous\n"
+diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
+index 8f9afef..378b605 100644
+--- a/arch/x86/include/asm/cpufeatures.h
++++ b/arch/x86/include/asm/cpufeatures.h
+@@ -204,7 +204,8 @@
#define X86_FEATURE_VMMCALL ( 8*32+15) /* Prefer vmmcall to vmcall */
#define X86_FEATURE_XENPV ( 8*32+16) /* "" Xen paravirtual guest */
@@ -19519,7 +20141,7 @@ index 7ad8c94..00a0aa3 100644
/* Intel-defined CPU features, CPUID level 0x00000007:0 (ebx), word 9 */
#define X86_FEATURE_FSGSBASE ( 9*32+ 0) /* {RD/WR}{FS/GS}BASE instructions*/
-@@ -211,7 +212,7 @@
+@@ -212,7 +213,7 @@
#define X86_FEATURE_BMI1 ( 9*32+ 3) /* 1st group bit manipulation extensions */
#define X86_FEATURE_HLE ( 9*32+ 4) /* Hardware Lock Elision */
#define X86_FEATURE_AVX2 ( 9*32+ 5) /* AVX2 instructions */
@@ -19528,52 +20150,6 @@ index 7ad8c94..00a0aa3 100644
#define X86_FEATURE_BMI2 ( 9*32+ 8) /* 2nd group bit manipulation extensions */
#define X86_FEATURE_ERMS ( 9*32+ 9) /* Enhanced REP MOVSB/STOSB */
#define X86_FEATURE_INVPCID ( 9*32+10) /* Invalidate Processor Context ID */
-@@ -462,7 +463,8 @@ static __always_inline __pure bool __static_cpu_has(u16 bit)
-
- #ifdef CONFIG_X86_DEBUG_STATIC_CPU_HAS
- t_warn:
-- warn_pre_alternatives();
-+ if (bit != X86_FEATURE_PCID && bit != X86_FEATURE_INVPCID && bit != X86_FEATURE_PCIDUDEREF)
-+ warn_pre_alternatives();
- return false;
- #endif
-
-@@ -483,7 +485,7 @@ static __always_inline __pure bool __static_cpu_has(u16 bit)
- ".section .discard,\"aw\",@progbits\n"
- " .byte 0xff + (4f-3f) - (2b-1b)\n" /* size check */
- ".previous\n"
-- ".section .altinstr_replacement,\"ax\"\n"
-+ ".section .altinstr_replacement,\"a\"\n"
- "3: movb $1,%0\n"
- "4:\n"
- ".previous\n"
-@@ -518,7 +520,7 @@ static __always_inline __pure bool _static_cpu_has_safe(u16 bit)
- " .byte 5f - 4f\n" /* repl len */
- " .byte 3b - 2b\n" /* pad len */
- ".previous\n"
-- ".section .altinstr_replacement,\"ax\"\n"
-+ ".section .altinstr_replacement,\"a\"\n"
- "4: jmp %l[t_no]\n"
- "5:\n"
- ".previous\n"
-@@ -553,7 +555,7 @@ static __always_inline __pure bool _static_cpu_has_safe(u16 bit)
- ".section .discard,\"aw\",@progbits\n"
- " .byte 0xff + (4f-3f) - (2b-1b)\n" /* size check */
- ".previous\n"
-- ".section .altinstr_replacement,\"ax\"\n"
-+ ".section .altinstr_replacement,\"a\"\n"
- "3: movb $0,%0\n"
- "4:\n"
- ".previous\n"
-@@ -568,7 +570,7 @@ static __always_inline __pure bool _static_cpu_has_safe(u16 bit)
- ".section .discard,\"aw\",@progbits\n"
- " .byte 0xff + (6f-5f) - (4b-3b)\n" /* size check */
- ".previous\n"
-- ".section .altinstr_replacement,\"ax\"\n"
-+ ".section .altinstr_replacement,\"a\"\n"
- "5: movb $1,%0\n"
- "6:\n"
- ".previous\n"
diff --git a/arch/x86/include/asm/crypto/camellia.h b/arch/x86/include/asm/crypto/camellia.h
index bb93333..e3d3d57 100644
--- a/arch/x86/include/asm/crypto/camellia.h
@@ -20010,7 +20586,7 @@ index 4e10d73..7319a47 100644
+
#endif /* _ASM_X86_DESC_H */
diff --git a/arch/x86/include/asm/desc_defs.h b/arch/x86/include/asm/desc_defs.h
-index 278441f..b95a174 100644
+index eb5deb4..ec19436 100644
--- a/arch/x86/include/asm/desc_defs.h
+++ b/arch/x86/include/asm/desc_defs.h
@@ -31,6 +31,12 @@ struct desc_struct {
@@ -20060,7 +20636,7 @@ index fe884e1..46149ae 100644
{
spin_unlock_irqrestore(&dma_spin_lock, flags);
diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h
-index 1514753..436825b 100644
+index 15340e3..f338653 100644
--- a/arch/x86/include/asm/elf.h
+++ b/arch/x86/include/asm/elf.h
@@ -75,9 +75,6 @@ typedef struct user_fxsr_struct elf_fpxregset_t;
@@ -20145,10 +20721,10 @@ index 77a99ac..39ff7f5 100644
#endif /* _ASM_X86_EMERGENCY_RESTART_H */
diff --git a/arch/x86/include/asm/fixmap.h b/arch/x86/include/asm/fixmap.h
-index 6d7d0e5..bce15a1 100644
+index 8554f96..6c58add9 100644
--- a/arch/x86/include/asm/fixmap.h
+++ b/arch/x86/include/asm/fixmap.h
-@@ -142,7 +142,7 @@ extern pgprot_t kmap_prot;
+@@ -142,7 +142,7 @@ extern pte_t *kmap_pte;
extern pte_t *pkmap_page_table;
void __native_set_fixmap(enum fixed_addresses idx, pte_t pte);
@@ -20191,10 +20767,10 @@ index 1c7eefe..d0e4702 100644
};
diff --git a/arch/x86/include/asm/fpu/internal.h b/arch/x86/include/asm/fpu/internal.h
-index 0fd440d..5f883a5 100644
+index 31ac8e6..ece4ea7 100644
--- a/arch/x86/include/asm/fpu/internal.h
+++ b/arch/x86/include/asm/fpu/internal.h
-@@ -98,8 +98,11 @@ extern void fpstate_sanitize_xstate(struct fpu *fpu);
+@@ -101,8 +101,11 @@ extern void fpstate_sanitize_xstate(struct fpu *fpu);
#define user_insn(insn, output, input...) \
({ \
int err; \
@@ -20207,7 +20783,7 @@ index 0fd440d..5f883a5 100644
"2: " ASM_CLAC "\n" \
".section .fixup,\"ax\"\n" \
"3: movl $-1,%[err]\n" \
-@@ -108,6 +111,7 @@ extern void fpstate_sanitize_xstate(struct fpu *fpu);
+@@ -111,6 +114,7 @@ extern void fpstate_sanitize_xstate(struct fpu *fpu);
_ASM_EXTABLE(1b, 3b) \
: [err] "=r" (err), output \
: "0"(0), input); \
@@ -20215,7 +20791,7 @@ index 0fd440d..5f883a5 100644
err; \
})
-@@ -187,9 +191,9 @@ static inline int copy_user_to_fregs(struct fregs_state __user *fx)
+@@ -190,9 +194,9 @@ static inline int copy_user_to_fregs(struct fregs_state __user *fx)
static inline void copy_fxregs_to_kernel(struct fpu *fpu)
{
if (config_enabled(CONFIG_X86_32))
@@ -20227,7 +20803,7 @@ index 0fd440d..5f883a5 100644
else {
/* Using "rex64; fxsave %0" is broken because, if the memory
* operand uses any extended registers for addressing, a second
-@@ -206,15 +210,15 @@ static inline void copy_fxregs_to_kernel(struct fpu *fpu)
+@@ -209,15 +213,15 @@ static inline void copy_fxregs_to_kernel(struct fpu *fpu)
* an extended register is needed for addressing (fix submitted
* to mainline 2005-11-21).
*
@@ -20246,7 +20822,7 @@ index 0fd440d..5f883a5 100644
}
}
-@@ -386,9 +390,11 @@ static inline int copy_xregs_to_user(struct xregs_state __user *buf)
+@@ -389,9 +393,11 @@ static inline int copy_xregs_to_user(struct xregs_state __user *buf)
if (unlikely(err))
return -EFAULT;
@@ -20259,7 +20835,7 @@ index 0fd440d..5f883a5 100644
return err;
}
-@@ -398,14 +404,16 @@ static inline int copy_xregs_to_user(struct xregs_state __user *buf)
+@@ -401,14 +407,16 @@ static inline int copy_xregs_to_user(struct xregs_state __user *buf)
*/
static inline int copy_user_to_xregs(struct xregs_state __user *buf, u64 mask)
{
@@ -20278,7 +20854,7 @@ index 0fd440d..5f883a5 100644
return err;
}
-@@ -423,7 +431,7 @@ static inline int copy_user_to_xregs(struct xregs_state __user *buf, u64 mask)
+@@ -426,7 +434,7 @@ static inline int copy_user_to_xregs(struct xregs_state __user *buf, u64 mask)
static inline int copy_fpregs_to_fpstate(struct fpu *fpu)
{
if (likely(use_xsave())) {
@@ -20287,7 +20863,7 @@ index 0fd440d..5f883a5 100644
return 1;
}
-@@ -436,7 +444,7 @@ static inline int copy_fpregs_to_fpstate(struct fpu *fpu)
+@@ -439,7 +447,7 @@ static inline int copy_fpregs_to_fpstate(struct fpu *fpu)
* Legacy FPU register saving, FNSAVE always clears FPU registers,
* so we have to mark them inactive:
*/
@@ -20296,7 +20872,7 @@ index 0fd440d..5f883a5 100644
return 0;
}
-@@ -465,7 +473,7 @@ static inline void copy_kernel_to_fpregs(union fpregs_state *fpstate)
+@@ -468,7 +476,7 @@ static inline void copy_kernel_to_fpregs(union fpregs_state *fpstate)
"fnclex\n\t"
"emms\n\t"
"fildl %P[addr]" /* set F?P to defined value */
@@ -20305,7 +20881,7 @@ index 0fd440d..5f883a5 100644
}
__copy_kernel_to_fpregs(fpstate);
-@@ -605,7 +613,7 @@ switch_fpu_prepare(struct fpu *old_fpu, struct fpu *new_fpu, int cpu)
+@@ -609,7 +617,7 @@ switch_fpu_prepare(struct fpu *old_fpu, struct fpu *new_fpu, int cpu)
if (fpu.preload) {
new_fpu->counter++;
__fpregs_activate(new_fpu);
@@ -20314,7 +20890,7 @@ index 0fd440d..5f883a5 100644
} else {
__fpregs_deactivate_hw();
}
-@@ -617,7 +625,7 @@ switch_fpu_prepare(struct fpu *old_fpu, struct fpu *new_fpu, int cpu)
+@@ -621,7 +629,7 @@ switch_fpu_prepare(struct fpu *old_fpu, struct fpu *new_fpu, int cpu)
if (fpu_want_lazy_restore(new_fpu, cpu))
fpu.preload = 0;
else
@@ -20323,7 +20899,7 @@ index 0fd440d..5f883a5 100644
fpregs_activate(new_fpu);
}
}
-@@ -637,7 +645,7 @@ switch_fpu_prepare(struct fpu *old_fpu, struct fpu *new_fpu, int cpu)
+@@ -641,7 +649,7 @@ switch_fpu_prepare(struct fpu *old_fpu, struct fpu *new_fpu, int cpu)
static inline void switch_fpu_finish(struct fpu *new_fpu, fpu_switch_t fpu_switch)
{
if (fpu_switch.preload)
@@ -20333,10 +20909,10 @@ index 0fd440d..5f883a5 100644
/*
diff --git a/arch/x86/include/asm/fpu/types.h b/arch/x86/include/asm/fpu/types.h
-index 1c6f6ac..2575de1 100644
+index 36b90bb..e5a32ad 100644
--- a/arch/x86/include/asm/fpu/types.h
+++ b/arch/x86/include/asm/fpu/types.h
-@@ -257,6 +257,39 @@ union fpregs_state {
+@@ -269,6 +269,39 @@ union fpregs_state {
*/
struct fpu {
/*
@@ -20376,7 +20952,7 @@ index 1c6f6ac..2575de1 100644
* @last_cpu:
*
* Records the last CPU on which this context was loaded into
-@@ -313,43 +346,6 @@ struct fpu {
+@@ -325,43 +358,6 @@ struct fpu {
* deal with bursty apps that only use the FPU for a short time:
*/
unsigned char counter;
@@ -20485,7 +21061,7 @@ index b4c1f54..e290c08 100644
pagefault_enable();
diff --git a/arch/x86/include/asm/hw_irq.h b/arch/x86/include/asm/hw_irq.h
-index 84b3d19..8ea9f03 100644
+index b90e105..30a5950 100644
--- a/arch/x86/include/asm/hw_irq.h
+++ b/arch/x86/include/asm/hw_irq.h
@@ -164,8 +164,8 @@ static inline void unlock_vector_lock(void) {}
@@ -20855,15 +21431,15 @@ index 0000000..2bfd3ba
+
+#endif /* X86_MMAN_H */
diff --git a/arch/x86/include/asm/mmu.h b/arch/x86/include/asm/mmu.h
-index 55234d5..7e3c4bf 100644
+index 1ea0bae..25de747 100644
--- a/arch/x86/include/asm/mmu.h
+++ b/arch/x86/include/asm/mmu.h
@@ -19,7 +19,19 @@ typedef struct {
#endif
struct mutex lock;
-- void __user *vdso;
-+ unsigned long vdso;
+- void __user *vdso; /* vdso base address */
++ unsigned long vdso; /* vdso base address */
+
+#ifdef CONFIG_X86_32
+#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
@@ -20876,11 +21452,11 @@ index 55234d5..7e3c4bf 100644
+
+#endif
+#endif
+ const struct vdso_image *vdso_image; /* vdso image in use */
atomic_t perf_rdpmc_allowed; /* nonzero if rdpmc is allowed */
- } mm_context_t;
diff --git a/arch/x86/include/asm/mmu_context.h b/arch/x86/include/asm/mmu_context.h
-index bfd9b2a..0d64fc2 100644
+index 8428002..89716a8 100644
--- a/arch/x86/include/asm/mmu_context.h
+++ b/arch/x86/include/asm/mmu_context.h
@@ -46,7 +46,7 @@ struct ldt_struct {
@@ -20892,9 +21468,9 @@ index bfd9b2a..0d64fc2 100644
};
/*
-@@ -58,6 +58,23 @@ void destroy_context(struct mm_struct *mm);
- static inline int init_new_context(struct task_struct *tsk,
- struct mm_struct *mm)
+@@ -58,6 +58,23 @@ void destroy_context_ldt(struct mm_struct *mm);
+ static inline int init_new_context_ldt(struct task_struct *tsk,
+ struct mm_struct *mm)
{
+ if (tsk == current) {
+ mm->context.vdso = 0;
@@ -20915,8 +21491,8 @@ index bfd9b2a..0d64fc2 100644
+
return 0;
}
- static inline void destroy_context(struct mm_struct *mm) {}
-@@ -98,19 +115,84 @@ static inline void load_mm_ldt(struct mm_struct *mm)
+ static inline void destroy_context_ldt(struct mm_struct *mm) {}
+@@ -98,6 +115,20 @@ static inline void load_mm_ldt(struct mm_struct *mm)
static inline void enter_lazy_tlb(struct mm_struct *mm, struct task_struct *tsk)
{
@@ -20937,7 +21513,8 @@ index bfd9b2a..0d64fc2 100644
#ifdef CONFIG_SMP
if (this_cpu_read(cpu_tlbstate.state) == TLBSTATE_OK)
this_cpu_write(cpu_tlbstate.state, TLBSTATE_LAZY);
- #endif
+@@ -115,13 +146,64 @@ static inline void destroy_context(struct mm_struct *mm)
+ destroy_context_ldt(mm);
}
+static inline void pax_switch_mm(struct mm_struct *next, unsigned int cpu)
@@ -21001,7 +21578,7 @@ index bfd9b2a..0d64fc2 100644
this_cpu_write(cpu_tlbstate.state, TLBSTATE_OK);
this_cpu_write(cpu_tlbstate.active_mm, next);
#endif
-@@ -129,7 +211,7 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next,
+@@ -140,7 +222,7 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next,
* We need to prevent an outcome in which CPU 1 observes
* the new PTE value and CPU 0 observes bit 1 clear in
* mm_cpumask. (If that occurs, then the IPI will never
@@ -21010,7 +21587,7 @@ index bfd9b2a..0d64fc2 100644
*
* The bad outcome can occur if either CPU's load is
* reordered before that CPU's store, so both CPUs must
-@@ -144,7 +226,11 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next,
+@@ -155,7 +237,11 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next,
* ordering guarantee we need.
*
*/
@@ -21022,7 +21599,7 @@ index bfd9b2a..0d64fc2 100644
trace_tlb_flush(TLB_FLUSH_ON_TASK_SWITCH, TLB_FLUSH_ALL);
-@@ -170,9 +256,31 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next,
+@@ -181,9 +267,31 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next,
if (unlikely(prev->context.ldt != next->context.ldt))
load_mm_ldt(next);
#endif
@@ -21055,7 +21632,7 @@ index bfd9b2a..0d64fc2 100644
this_cpu_write(cpu_tlbstate.state, TLBSTATE_OK);
BUG_ON(this_cpu_read(cpu_tlbstate.active_mm) != next);
-@@ -193,13 +301,30 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next,
+@@ -204,13 +312,30 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next,
* As above, load_cr3() is serializing and orders TLB
* fills with respect to the mm_cpumask write.
*/
@@ -21269,10 +21846,10 @@ index b3bebf9..cb419e7 100644
#define __phys_reloc_hide(x) (x)
diff --git a/arch/x86/include/asm/paravirt.h b/arch/x86/include/asm/paravirt.h
-index f619250..8b851d8 100644
+index 601f1b8..1d2f5a1 100644
--- a/arch/x86/include/asm/paravirt.h
+++ b/arch/x86/include/asm/paravirt.h
-@@ -510,7 +510,7 @@ static inline pmd_t __pmd(pmdval_t val)
+@@ -511,7 +511,7 @@ static inline pmd_t __pmd(pmdval_t val)
return (pmd_t) { ret };
}
@@ -21281,7 +21858,7 @@ index f619250..8b851d8 100644
{
pmdval_t ret;
-@@ -576,6 +576,18 @@ static inline void set_pgd(pgd_t *pgdp, pgd_t pgd)
+@@ -577,6 +577,18 @@ static inline void set_pgd(pgd_t *pgdp, pgd_t pgd)
val);
}
@@ -21300,7 +21877,7 @@ index f619250..8b851d8 100644
static inline void pgd_clear(pgd_t *pgdp)
{
set_pgd(pgdp, __pgd(0));
-@@ -660,6 +672,21 @@ static inline void __set_fixmap(unsigned /* enum fixed_addresses */ idx,
+@@ -661,6 +673,21 @@ static inline void __set_fixmap(unsigned /* enum fixed_addresses */ idx,
pv_mmu_ops.set_fixmap(idx, phys, flags);
}
@@ -21322,7 +21899,7 @@ index f619250..8b851d8 100644
#if defined(CONFIG_SMP) && defined(CONFIG_PARAVIRT_SPINLOCKS)
#ifdef CONFIG_QUEUED_SPINLOCKS
-@@ -883,7 +910,7 @@ extern void default_banner(void);
+@@ -888,7 +915,7 @@ extern void default_banner(void);
#define PARA_PATCH(struct, off) ((PARAVIRT_PATCH_##struct + (off)) / 4)
#define PARA_SITE(ptype, clobbers, ops) _PVSITE(ptype, clobbers, ops, .long, 4)
@@ -21331,7 +21908,7 @@ index f619250..8b851d8 100644
#endif
#define INTERRUPT_RETURN \
-@@ -941,6 +968,21 @@ extern void default_banner(void);
+@@ -946,6 +973,21 @@ extern void default_banner(void);
PARA_SITE(PARA_PATCH(pv_cpu_ops, PV_CPU_usergs_sysret64), \
CLBR_NONE, \
jmp PARA_INDIRECT(pv_cpu_ops+PV_CPU_usergs_sysret64))
@@ -21354,7 +21931,7 @@ index f619250..8b851d8 100644
#endif /* __ASSEMBLY__ */
diff --git a/arch/x86/include/asm/paravirt_types.h b/arch/x86/include/asm/paravirt_types.h
-index 77db561..bc4a1ea 100644
+index e8c2326..4458a61 100644
--- a/arch/x86/include/asm/paravirt_types.h
+++ b/arch/x86/include/asm/paravirt_types.h
@@ -89,7 +89,7 @@ struct pv_init_ops {
@@ -21551,7 +22128,7 @@ index cdaa58c..ae30f0d 100644
static inline void pud_clear(pud_t *pudp)
diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h
-index 0687c47..7425416 100644
+index 97f3242..0d17a84 100644
--- a/arch/x86/include/asm/pgtable.h
+++ b/arch/x86/include/asm/pgtable.h
@@ -54,6 +54,7 @@ extern struct mm_struct *pgd_page_get_mm(struct page *page);
@@ -21616,7 +22193,7 @@ index 0687c47..7425416 100644
static inline int pte_dirty(pte_t pte)
{
return pte_flags(pte) & _PAGE_DIRTY;
-@@ -154,6 +196,11 @@ static inline unsigned long pud_pfn(pud_t pud)
+@@ -168,6 +210,11 @@ static inline unsigned long pud_pfn(pud_t pud)
return (pud_val(pud) & pud_pfn_mask(pud)) >> PAGE_SHIFT;
}
@@ -21628,7 +22205,7 @@ index 0687c47..7425416 100644
#define pte_page(pte) pfn_to_page(pte_pfn(pte))
static inline int pmd_large(pmd_t pte)
-@@ -209,9 +256,29 @@ static inline pte_t pte_wrprotect(pte_t pte)
+@@ -223,9 +270,29 @@ static inline pte_t pte_wrprotect(pte_t pte)
return pte_clear_flags(pte, _PAGE_RW);
}
@@ -21659,7 +22236,7 @@ index 0687c47..7425416 100644
}
static inline pte_t pte_mkdirty(pte_t pte)
-@@ -459,6 +526,16 @@ pte_t *populate_extra_pte(unsigned long vaddr);
+@@ -473,6 +540,16 @@ pte_t *populate_extra_pte(unsigned long vaddr);
#endif
#ifndef __ASSEMBLY__
@@ -21676,7 +22253,7 @@ index 0687c47..7425416 100644
#include <linux/mm_types.h>
#include <linux/mmdebug.h>
#include <linux/log2.h>
-@@ -659,7 +736,7 @@ static inline unsigned long pgd_page_vaddr(pgd_t pgd)
+@@ -673,7 +750,7 @@ static inline unsigned long pgd_page_vaddr(pgd_t pgd)
* Currently stuck as a macro due to indirect forward reference to
* linux/mmzone.h's __section_mem_map_addr() definition:
*/
@@ -21685,7 +22262,7 @@ index 0687c47..7425416 100644
/* to find an entry in a page-table-directory. */
static inline unsigned long pud_index(unsigned long address)
-@@ -674,7 +751,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address)
+@@ -688,7 +765,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address)
static inline int pgd_bad(pgd_t pgd)
{
@@ -21694,7 +22271,7 @@ index 0687c47..7425416 100644
}
static inline int pgd_none(pgd_t pgd)
-@@ -697,7 +774,12 @@ static inline int pgd_none(pgd_t pgd)
+@@ -711,7 +788,12 @@ static inline int pgd_none(pgd_t pgd)
* pgd_offset() returns a (pgd_t *)
* pgd_index() is used get the offset into the pgd page's array of pgd_t's;
*/
@@ -21708,7 +22285,7 @@ index 0687c47..7425416 100644
/*
* a shortcut which implies the use of the kernel's pgd, instead
* of a process's
-@@ -708,6 +790,25 @@ static inline int pgd_none(pgd_t pgd)
+@@ -722,6 +804,25 @@ static inline int pgd_none(pgd_t pgd)
#define KERNEL_PGD_BOUNDARY pgd_index(PAGE_OFFSET)
#define KERNEL_PGD_PTRS (PTRS_PER_PGD - KERNEL_PGD_BOUNDARY)
@@ -21734,7 +22311,7 @@ index 0687c47..7425416 100644
#ifndef __ASSEMBLY__
extern int direct_gbpages;
-@@ -862,11 +963,24 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm,
+@@ -876,11 +977,24 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm,
* dst and src can be on the same page, but the range must not overlap,
* and must not cross a page boundary.
*/
@@ -21929,10 +22506,10 @@ index e6844df..432b56e 100644
#endif /* _ASM_X86_PGTABLE_64_DEFS_H */
diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h
-index 4432ab7..43778ff 100644
+index 7b5efe2..639cdc0 100644
--- a/arch/x86/include/asm/pgtable_types.h
+++ b/arch/x86/include/asm/pgtable_types.h
-@@ -87,9 +87,12 @@
+@@ -108,9 +108,12 @@
#define _PAGE_NX (_AT(pteval_t, 1) << _PAGE_BIT_NX)
#define _PAGE_DEVMAP (_AT(u64, 1) << _PAGE_BIT_DEVMAP)
#define __HAVE_ARCH_PTE_DEVMAP
@@ -21946,7 +22523,7 @@ index 4432ab7..43778ff 100644
#endif
#define _PAGE_PROTNONE (_AT(pteval_t, 1) << _PAGE_BIT_PROTNONE)
-@@ -144,6 +147,9 @@ enum page_cache_mode {
+@@ -170,6 +173,9 @@ enum page_cache_mode {
#define PAGE_READONLY_EXEC __pgprot(_PAGE_PRESENT | _PAGE_USER | \
_PAGE_ACCESSED)
@@ -21956,7 +22533,7 @@ index 4432ab7..43778ff 100644
#define __PAGE_KERNEL_EXEC \
(_PAGE_PRESENT | _PAGE_RW | _PAGE_DIRTY | _PAGE_ACCESSED | _PAGE_GLOBAL)
#define __PAGE_KERNEL (__PAGE_KERNEL_EXEC | _PAGE_NX)
-@@ -151,7 +157,7 @@ enum page_cache_mode {
+@@ -177,7 +183,7 @@ enum page_cache_mode {
#define __PAGE_KERNEL_RO (__PAGE_KERNEL & ~_PAGE_RW)
#define __PAGE_KERNEL_RX (__PAGE_KERNEL_EXEC & ~_PAGE_RW)
#define __PAGE_KERNEL_NOCACHE (__PAGE_KERNEL | _PAGE_NOCACHE)
@@ -21965,7 +22542,7 @@ index 4432ab7..43778ff 100644
#define __PAGE_KERNEL_VVAR (__PAGE_KERNEL_RO | _PAGE_USER)
#define __PAGE_KERNEL_LARGE (__PAGE_KERNEL | _PAGE_PSE)
#define __PAGE_KERNEL_LARGE_EXEC (__PAGE_KERNEL_EXEC | _PAGE_PSE)
-@@ -197,7 +203,7 @@ enum page_cache_mode {
+@@ -223,7 +229,7 @@ enum page_cache_mode {
#ifdef CONFIG_X86_64
#define __PAGE_KERNEL_IDENT_LARGE_EXEC __PAGE_KERNEL_LARGE_EXEC
#else
@@ -21974,7 +22551,7 @@ index 4432ab7..43778ff 100644
#define PDE_IDENT_ATTR 0x063 /* PRESENT+RW+DIRTY+ACCESSED */
#define PGD_IDENT_ATTR 0x001 /* PRESENT (no other attributes) */
#endif
-@@ -236,7 +242,17 @@ static inline pgdval_t pgd_flags(pgd_t pgd)
+@@ -265,7 +271,17 @@ static inline pgdval_t pgd_flags(pgd_t pgd)
{
return native_pgd_val(pgd) & PTE_FLAGS_MASK;
}
@@ -21992,7 +22569,7 @@ index 4432ab7..43778ff 100644
#if CONFIG_PGTABLE_LEVELS > 3
typedef struct { pudval_t pud; } pud_t;
-@@ -250,8 +266,6 @@ static inline pudval_t native_pud_val(pud_t pud)
+@@ -279,8 +295,6 @@ static inline pudval_t native_pud_val(pud_t pud)
return pud.pud;
}
#else
@@ -22001,7 +22578,7 @@ index 4432ab7..43778ff 100644
static inline pudval_t native_pud_val(pud_t pud)
{
return native_pgd_val(pud.pgd);
-@@ -271,8 +285,6 @@ static inline pmdval_t native_pmd_val(pmd_t pmd)
+@@ -300,8 +314,6 @@ static inline pmdval_t native_pmd_val(pmd_t pmd)
return pmd.pmd;
}
#else
@@ -22010,7 +22587,7 @@ index 4432ab7..43778ff 100644
static inline pmdval_t native_pmd_val(pmd_t pmd)
{
return native_pgd_val(pmd.pud.pgd);
-@@ -389,7 +401,6 @@ typedef struct page *pgtable_t;
+@@ -418,7 +430,6 @@ typedef struct page *pgtable_t;
extern pteval_t __supported_pte_mask;
extern void set_nx(void);
@@ -22019,7 +22596,7 @@ index 4432ab7..43778ff 100644
#define pgprot_writecombine pgprot_writecombine
extern pgprot_t pgprot_writecombine(pgprot_t prot);
diff --git a/arch/x86/include/asm/pmem.h b/arch/x86/include/asm/pmem.h
-index c57fd1e..426fc11 100644
+index fbc5e92..0af7895 100644
--- a/arch/x86/include/asm/pmem.h
+++ b/arch/x86/include/asm/pmem.h
@@ -41,7 +41,7 @@ static inline void arch_memcpy_to_pmem(void __pmem *dst, const void *src,
@@ -22032,7 +22609,7 @@ index c57fd1e..426fc11 100644
__func__, dst, src, unwritten))
BUG();
diff --git a/arch/x86/include/asm/preempt.h b/arch/x86/include/asm/preempt.h
-index 01bcde8..a6f1377 100644
+index d397deb..e977c3b 100644
--- a/arch/x86/include/asm/preempt.h
+++ b/arch/x86/include/asm/preempt.h
@@ -81,7 +81,7 @@ static __always_inline void __preempt_count_sub(int val)
@@ -22045,10 +22622,10 @@ index 01bcde8..a6f1377 100644
/*
diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
-index 20c11d1..f4a4f69 100644
+index 9264476..a56f17d 100644
--- a/arch/x86/include/asm/processor.h
+++ b/arch/x86/include/asm/processor.h
-@@ -136,7 +136,7 @@ struct cpuinfo_x86 {
+@@ -135,7 +135,7 @@ struct cpuinfo_x86 {
/* Index into per_cpu list: */
u16 cpu_index;
u32 microcode;
@@ -22057,7 +22634,7 @@ index 20c11d1..f4a4f69 100644
#define X86_VENDOR_INTEL 0
#define X86_VENDOR_CYRIX 1
-@@ -206,9 +206,21 @@ static inline void native_cpuid(unsigned int *eax, unsigned int *ebx,
+@@ -205,9 +205,21 @@ static inline void native_cpuid(unsigned int *eax, unsigned int *ebx,
: "memory");
}
@@ -22080,7 +22657,7 @@ index 20c11d1..f4a4f69 100644
}
#ifdef CONFIG_X86_32
-@@ -305,11 +317,9 @@ struct tss_struct {
+@@ -307,11 +319,9 @@ struct tss_struct {
} ____cacheline_aligned;
@@ -22093,7 +22670,7 @@ index 20c11d1..f4a4f69 100644
/*
* Save the original ist values for checking stack pointers during debugging
-@@ -381,6 +391,7 @@ struct thread_struct {
+@@ -383,6 +393,7 @@ struct thread_struct {
unsigned short ds;
unsigned short fsindex;
unsigned short gsindex;
@@ -22101,7 +22678,7 @@ index 20c11d1..f4a4f69 100644
#endif
#ifdef CONFIG_X86_32
unsigned long ip;
-@@ -390,6 +401,9 @@ struct thread_struct {
+@@ -392,6 +403,9 @@ struct thread_struct {
#endif
unsigned long gs;
@@ -22111,7 +22688,7 @@ index 20c11d1..f4a4f69 100644
/* Save middle states of ptrace breakpoints */
struct perf_event *ptrace_bps[HBP_NUM];
/* Debug status used for traps, single steps, etc... */
-@@ -409,13 +423,6 @@ struct thread_struct {
+@@ -411,13 +425,6 @@ struct thread_struct {
unsigned long iopl;
/* Max allowed port in the bitmap, in bytes: */
unsigned io_bitmap_max;
@@ -22125,7 +22702,7 @@ index 20c11d1..f4a4f69 100644
};
/*
-@@ -457,10 +464,10 @@ static inline void native_swapgs(void)
+@@ -459,10 +466,10 @@ static inline void native_swapgs(void)
#endif
}
@@ -22138,7 +22715,7 @@ index 20c11d1..f4a4f69 100644
#else
/* sp0 on x86_32 is special in and around vm86 mode. */
return this_cpu_read_stable(cpu_current_top_of_stack);
-@@ -696,19 +703,29 @@ static inline void spin_lock_prefetch(const void *x)
+@@ -698,19 +705,29 @@ static inline void spin_lock_prefetch(const void *x)
#define TOP_OF_INIT_STACK ((unsigned long)&init_stack + sizeof(init_stack) - \
TOP_OF_KERNEL_STACK_PADDING)
@@ -22169,7 +22746,7 @@ index 20c11d1..f4a4f69 100644
}
extern unsigned long thread_saved_pc(struct task_struct *tsk);
-@@ -723,12 +740,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
+@@ -725,12 +742,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
* "struct pt_regs" is possible, but they may contain the
* completely wrong values.
*/
@@ -22183,7 +22760,7 @@ index 20c11d1..f4a4f69 100644
#define KSTK_ESP(task) (task_pt_regs(task)->sp)
-@@ -742,13 +754,13 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
+@@ -744,13 +756,13 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
* particular problem by preventing anything from being mapped
* at the maximum canonical address.
*/
@@ -22199,7 +22776,7 @@ index 20c11d1..f4a4f69 100644
#define TASK_SIZE (test_thread_flag(TIF_ADDR32) ? \
IA32_PAGE_OFFSET : TASK_SIZE_MAX)
-@@ -759,7 +771,8 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
+@@ -761,7 +773,8 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
#define STACK_TOP_MAX TASK_SIZE_MAX
#define INIT_THREAD { \
@@ -22209,7 +22786,7 @@ index 20c11d1..f4a4f69 100644
}
/*
-@@ -782,6 +795,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip,
+@@ -784,6 +797,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip,
*/
#define TASK_UNMAPPED_BASE (PAGE_ALIGN(TASK_SIZE / 3))
@@ -22220,7 +22797,7 @@ index 20c11d1..f4a4f69 100644
#define KSTK_EIP(task) (task_pt_regs(task)->ip)
/* Get/set a process' ability to use the timestamp counter instruction */
-@@ -827,7 +844,7 @@ static inline uint32_t hypervisor_cpuid_base(const char *sig, uint32_t leaves)
+@@ -829,7 +846,7 @@ static inline uint32_t hypervisor_cpuid_base(const char *sig, uint32_t leaves)
return 0;
}
@@ -22229,7 +22806,7 @@ index 20c11d1..f4a4f69 100644
extern void free_init_pages(char *what, unsigned long begin, unsigned long end);
void default_idle(void);
-@@ -837,6 +854,6 @@ bool xen_set_default_idle(void);
+@@ -839,6 +856,6 @@ bool xen_set_default_idle(void);
#define xen_set_default_idle 0
#endif
@@ -22444,7 +23021,7 @@ index 8f7866a..e442f20 100644
#endif /* CC_HAVE_ASM_GOTO */
diff --git a/arch/x86/include/asm/rwsem.h b/arch/x86/include/asm/rwsem.h
-index cad82c9..2e5c5c1 100644
+index ceec86eb..872e33a 100644
--- a/arch/x86/include/asm/rwsem.h
+++ b/arch/x86/include/asm/rwsem.h
@@ -64,6 +64,14 @@ static inline void __down_read(struct rw_semaphore *sem)
@@ -22654,7 +23231,7 @@ index 7d5a192..23ef1aa 100644
#define __USER_DS (GDT_ENTRY_DEFAULT_USER_DS*8 + 3)
#define __USER32_DS __USER_DS
diff --git a/arch/x86/include/asm/smap.h b/arch/x86/include/asm/smap.h
-index ba665eb..0f72938 100644
+index db33330..e9521fb 100644
--- a/arch/x86/include/asm/smap.h
+++ b/arch/x86/include/asm/smap.h
@@ -25,6 +25,18 @@
@@ -22715,10 +23292,10 @@ index ba665eb..0f72938 100644
static __always_inline void clac(void)
diff --git a/arch/x86/include/asm/smp.h b/arch/x86/include/asm/smp.h
-index dfcf072..97cd79a 100644
+index 66b0573..2bdb55a 100644
--- a/arch/x86/include/asm/smp.h
+++ b/arch/x86/include/asm/smp.h
-@@ -26,7 +26,7 @@ DECLARE_PER_CPU_READ_MOSTLY(cpumask_var_t, cpu_core_map);
+@@ -25,7 +25,7 @@ DECLARE_PER_CPU_READ_MOSTLY(cpumask_var_t, cpu_core_map);
/* cpus sharing the last level cache: */
DECLARE_PER_CPU_READ_MOSTLY(cpumask_var_t, cpu_llc_shared_map);
DECLARE_PER_CPU_READ_MOSTLY(u16, cpu_llc_id);
@@ -22727,7 +23304,7 @@ index dfcf072..97cd79a 100644
static inline struct cpumask *cpu_llc_shared_mask(int cpu)
{
-@@ -59,7 +59,7 @@ struct smp_ops {
+@@ -58,7 +58,7 @@ struct smp_ops {
void (*send_call_func_ipi)(const struct cpumask *mask);
void (*send_call_func_single_ipi)(int cpu);
@@ -22776,7 +23353,7 @@ index 58505f0..bff3b5b 100644
#endif
}
diff --git a/arch/x86/include/asm/stacktrace.h b/arch/x86/include/asm/stacktrace.h
-index 70bbe39..4ae2bd4 100644
+index 7c247e7..2f17b1b 100644
--- a/arch/x86/include/asm/stacktrace.h
+++ b/arch/x86/include/asm/stacktrace.h
@@ -11,28 +11,20 @@
@@ -22820,7 +23397,7 @@ index 70bbe39..4ae2bd4 100644
/* Generic stack tracer with callbacks */
@@ -40,7 +32,7 @@ struct stacktrace_ops {
- void (*address)(void *data, unsigned long address, int reliable);
+ int (*address)(void *data, unsigned long address, int reliable);
/* On negative return stop dumping */
int (*stack)(void *data, char *name);
- walk_stack_t walk_stack;
@@ -22890,7 +23467,7 @@ index 3d3e835..5cc6d8d 100644
/*
* This looks horribly ugly, but the compiler can optimize it totally,
diff --git a/arch/x86/include/asm/string_64.h b/arch/x86/include/asm/string_64.h
-index ff8b9a1..01d4b80 100644
+index 90dbbd9..04e8caa 100644
--- a/arch/x86/include/asm/string_64.h
+++ b/arch/x86/include/asm/string_64.h
@@ -27,8 +27,8 @@ static __always_inline void *__inline_memcpy(void *to, const void *from, size_t
@@ -22972,7 +23549,7 @@ index 82c34ee..940fa40 100644
unsigned, unsigned, unsigned);
diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h
-index c7b5510..f6d5ca4 100644
+index ffae84d..20997c3 100644
--- a/arch/x86/include/asm/thread_info.h
+++ b/arch/x86/include/asm/thread_info.h
@@ -39,7 +39,7 @@
@@ -23020,16 +23597,18 @@ index c7b5510..f6d5ca4 100644
#define _TIF_SYSCALL_TRACE (1 << TIF_SYSCALL_TRACE)
#define _TIF_NOTIFY_RESUME (1 << TIF_NOTIFY_RESUME)
-@@ -133,17 +133,18 @@ struct thread_info {
+@@ -133,6 +133,7 @@ struct thread_info {
#define _TIF_SYSCALL_TRACEPOINT (1 << TIF_SYSCALL_TRACEPOINT)
#define _TIF_ADDR32 (1 << TIF_ADDR32)
#define _TIF_X32 (1 << TIF_X32)
+#define _TIF_GRSEC_SETXID (1 << TIF_GRSEC_SETXID)
- /* work to do in syscall_trace_enter() */
+ /*
+ * work to do in syscall_trace_enter(). Also includes TIF_NOHZ for
+@@ -141,12 +142,12 @@ struct thread_info {
#define _TIF_WORK_SYSCALL_ENTRY \
(_TIF_SYSCALL_TRACE | _TIF_SYSCALL_EMU | _TIF_SYSCALL_AUDIT | \
- _TIF_SECCOMP | _TIF_SINGLESTEP | _TIF_SYSCALL_TRACEPOINT | \
+ _TIF_SECCOMP | _TIF_SYSCALL_TRACEPOINT | \
- _TIF_NOHZ)
+ _TIF_NOHZ | _TIF_GRSEC_SETXID)
@@ -23041,7 +23620,7 @@ index c7b5510..f6d5ca4 100644
/* flags to check in __switch_to() */
#define _TIF_WORK_CTXSW \
-@@ -161,9 +162,11 @@ struct thread_info {
+@@ -164,9 +165,11 @@ struct thread_info {
*/
#ifndef __ASSEMBLY__
@@ -23054,7 +23633,7 @@ index c7b5510..f6d5ca4 100644
}
static inline unsigned long current_stack_pointer(void)
-@@ -179,41 +182,9 @@ static inline unsigned long current_stack_pointer(void)
+@@ -182,41 +185,9 @@ static inline unsigned long current_stack_pointer(void)
#else /* !__ASSEMBLY__ */
@@ -23097,7 +23676,7 @@ index c7b5510..f6d5ca4 100644
#endif
-@@ -279,5 +250,12 @@ static inline bool is_ia32_task(void)
+@@ -279,6 +250,13 @@ static inline bool is_ia32_task(void)
extern void arch_task_cache_init(void);
extern int arch_dup_task_struct(struct task_struct *dst, struct task_struct *src);
extern void arch_release_task_struct(struct task_struct *tsk);
@@ -23108,13 +23687,14 @@ index c7b5510..f6d5ca4 100644
+#define setup_thread_stack(p, org) do {} while (0)
+#define end_of_stack(p) ((unsigned long *)task_stack_page(p) + 1)
+
- #endif
+ #endif /* !__ASSEMBLY__ */
+
#endif /* _ASM_X86_THREAD_INFO_H */
diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h
-index 6df2029..a359a58 100644
+index 1fde8d5..de33497 100644
--- a/arch/x86/include/asm/tlbflush.h
+++ b/arch/x86/include/asm/tlbflush.h
-@@ -86,18 +86,44 @@ static inline void cr4_set_bits_and_update_boot(unsigned long mask)
+@@ -135,18 +135,44 @@ static inline void cr4_set_bits_and_update_boot(unsigned long mask)
static inline void __native_flush_tlb(void)
{
@@ -23165,7 +23745,7 @@ index 6df2029..a359a58 100644
}
static inline void __native_flush_tlb_global(void)
-@@ -118,6 +144,43 @@ static inline void __native_flush_tlb_global(void)
+@@ -176,6 +202,43 @@ static inline void __native_flush_tlb_global(void)
static inline void __native_flush_tlb_single(unsigned long addr)
{
@@ -23232,7 +23812,7 @@ index c3496619..3f3a7dc 100644
asmlinkage void smp_deferred_error_interrupt(void);
#endif
diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h
-index a4a30e4..44891b7 100644
+index 2e7513d..73d9d20 100644
--- a/arch/x86/include/asm/uaccess.h
+++ b/arch/x86/include/asm/uaccess.h
@@ -7,6 +7,7 @@
@@ -23294,8 +23874,8 @@ index a4a30e4..44891b7 100644
+})
/*
- * The exception table consists of pairs of addresses relative to the
-@@ -138,11 +172,13 @@ extern int __get_user_bad(void);
+ * The exception table consists of triples of addresses relative to the
+@@ -145,11 +179,13 @@ extern int __get_user_bad(void);
#define __uaccess_end() clac()
/*
@@ -23312,20 +23892,20 @@ index a4a30e4..44891b7 100644
/**
* get_user: - Get a simple variable from user space.
-@@ -181,10 +217,12 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL))
- register __inttype(*(ptr)) __val_gu asm("%"_ASM_DX); \
+@@ -189,10 +225,12 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL))
+ register void *__sp asm(_ASM_SP); \
__chk_user_ptr(ptr); \
might_fault(); \
+ pax_open_userland(); \
- asm volatile("call __get_user_%P3" \
- : "=a" (__ret_gu), "=r" (__val_gu) \
+ asm volatile("call __get_user_%P4" \
+ : "=a" (__ret_gu), "=r" (__val_gu), "+r" (__sp) \
: "0" (ptr), "i" (sizeof(*(ptr)))); \
(x) = (__force __typeof__(*(ptr))) __val_gu; \
+ pax_close_userland(); \
__builtin_expect(__ret_gu, 0); \
})
-@@ -192,13 +230,21 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL))
+@@ -200,13 +238,21 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL))
asm volatile("call __put_user_" #size : "=a" (__ret_pu) \
: "0" ((typeof(*(ptr)))(x)), "c" (ptr) : "ebx")
@@ -23350,7 +23930,7 @@ index a4a30e4..44891b7 100644
"3:" \
".section .fixup,\"ax\"\n" \
"4: movl %3,%0\n" \
-@@ -211,8 +257,8 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL))
+@@ -219,8 +265,8 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL))
#define __put_user_asm_ex_u64(x, addr) \
asm volatile("\n" \
@@ -23361,7 +23941,7 @@ index a4a30e4..44891b7 100644
"3:" \
_ASM_EXTABLE_EX(1b, 2b) \
_ASM_EXTABLE_EX(2b, 3b) \
-@@ -260,10 +306,11 @@ extern void __put_user_8(void);
+@@ -268,10 +314,11 @@ extern void __put_user_8(void);
#define put_user(x, ptr) \
({ \
int __ret_pu; \
@@ -23375,7 +23955,7 @@ index a4a30e4..44891b7 100644
switch (sizeof(*(ptr))) { \
case 1: \
__put_user_x(1, __pu_val, ptr, __ret_pu); \
-@@ -281,6 +328,7 @@ extern void __put_user_8(void);
+@@ -289,6 +336,7 @@ extern void __put_user_8(void);
__put_user_x(X, __pu_val, ptr, __ret_pu); \
break; \
} \
@@ -23383,7 +23963,7 @@ index a4a30e4..44891b7 100644
__builtin_expect(__ret_pu, 0); \
})
-@@ -348,10 +396,10 @@ do { \
+@@ -356,10 +404,10 @@ do { \
__chk_user_ptr(ptr); \
switch (size) { \
case 1: \
@@ -23396,7 +23976,7 @@ index a4a30e4..44891b7 100644
break; \
case 4: \
__get_user_asm(x, ptr, retval, "l", "k", "=r", errret); \
-@@ -365,17 +413,21 @@ do { \
+@@ -373,17 +421,21 @@ do { \
} while (0)
#define __get_user_asm(x, addr, err, itype, rtype, ltype, errret) \
@@ -23422,7 +24002,7 @@ index a4a30e4..44891b7 100644
/*
* This doesn't do __uaccess_begin/end - the exception handling
-@@ -386,10 +438,10 @@ do { \
+@@ -394,10 +446,10 @@ do { \
__chk_user_ptr(ptr); \
switch (size) { \
case 1: \
@@ -23435,7 +24015,7 @@ index a4a30e4..44891b7 100644
break; \
case 4: \
__get_user_asm_ex(x, ptr, "l", "k", "=r"); \
-@@ -403,7 +455,7 @@ do { \
+@@ -411,7 +463,7 @@ do { \
} while (0)
#define __get_user_asm_ex(x, addr, itype, rtype, ltype) \
@@ -23444,7 +24024,7 @@ index a4a30e4..44891b7 100644
"2:\n" \
_ASM_EXTABLE_EX(1b, 2b) \
: ltype(x) : "m" (__m(addr)))
-@@ -424,13 +476,24 @@ do { \
+@@ -432,13 +484,24 @@ do { \
__uaccess_begin(); \
__get_user_size(__gu_val, (ptr), (size), __gu_err, -EFAULT); \
__uaccess_end(); \
@@ -23471,7 +24051,7 @@ index a4a30e4..44891b7 100644
/*
* Tell gcc we read from memory instead of writing: this is because
-@@ -438,8 +501,10 @@ struct __large_struct { unsigned long buf[100]; };
+@@ -446,8 +509,10 @@ struct __large_struct { unsigned long buf[100]; };
* aliasing issues.
*/
#define __put_user_asm(x, addr, err, itype, rtype, ltype, errret) \
@@ -23483,7 +24063,7 @@ index a4a30e4..44891b7 100644
"2:\n" \
".section .fixup,\"ax\"\n" \
"3: mov %3,%0\n" \
-@@ -447,10 +512,12 @@ struct __large_struct { unsigned long buf[100]; };
+@@ -455,10 +520,12 @@ struct __large_struct { unsigned long buf[100]; };
".previous\n" \
_ASM_EXTABLE(1b, 3b) \
: "=r"(err) \
@@ -23498,7 +24078,7 @@ index a4a30e4..44891b7 100644
"2:\n" \
_ASM_EXTABLE_EX(1b, 2b) \
: : ltype(x), "m" (__m(addr)))
-@@ -460,11 +527,13 @@ struct __large_struct { unsigned long buf[100]; };
+@@ -468,11 +535,13 @@ struct __large_struct { unsigned long buf[100]; };
*/
#define uaccess_try do { \
current_thread_info()->uaccess_err = 0; \
@@ -23512,7 +24092,7 @@ index a4a30e4..44891b7 100644
(err) |= (current_thread_info()->uaccess_err ? -EFAULT : 0); \
} while (0)
-@@ -490,8 +559,12 @@ struct __large_struct { unsigned long buf[100]; };
+@@ -498,8 +567,12 @@ struct __large_struct { unsigned long buf[100]; };
* On error, the variable @x is set to zero.
*/
@@ -23525,7 +24105,7 @@ index a4a30e4..44891b7 100644
/**
* __put_user: - Write a simple value into user space, with less checking.
-@@ -514,8 +587,12 @@ struct __large_struct { unsigned long buf[100]; };
+@@ -522,8 +595,12 @@ struct __large_struct { unsigned long buf[100]; };
* Returns zero on success, or -EFAULT on error.
*/
@@ -23538,7 +24118,7 @@ index a4a30e4..44891b7 100644
#define __get_user_unaligned __get_user
#define __put_user_unaligned __put_user
-@@ -533,7 +610,7 @@ struct __large_struct { unsigned long buf[100]; };
+@@ -541,7 +618,7 @@ struct __large_struct { unsigned long buf[100]; };
#define get_user_ex(x, ptr) do { \
unsigned long __gue_val; \
__get_user_size_ex((__gue_val), (ptr), (sizeof(*(ptr)))); \
@@ -23547,7 +24127,7 @@ index a4a30e4..44891b7 100644
} while (0)
#define put_user_try uaccess_try
-@@ -551,7 +628,7 @@ extern __must_check long strlen_user(const char __user *str);
+@@ -559,7 +636,7 @@ extern __must_check long strlen_user(const char __user *str);
extern __must_check long strnlen_user(const char __user *str, long n);
unsigned long __must_check clear_user(void __user *mem, unsigned long len);
@@ -23556,7 +24136,7 @@ index a4a30e4..44891b7 100644
extern void __cmpxchg_wrong_size(void)
__compiletime_error("Bad argument size for cmpxchg");
-@@ -559,22 +636,23 @@ extern void __cmpxchg_wrong_size(void)
+@@ -567,22 +644,23 @@ extern void __cmpxchg_wrong_size(void)
#define __user_atomic_cmpxchg_inatomic(uval, ptr, old, new, size) \
({ \
int __ret = 0; \
@@ -23585,7 +24165,7 @@ index a4a30e4..44891b7 100644
: "i" (-EFAULT), "q" (__new), "1" (__old) \
: "memory" \
); \
-@@ -583,14 +661,14 @@ extern void __cmpxchg_wrong_size(void)
+@@ -591,14 +669,14 @@ extern void __cmpxchg_wrong_size(void)
case 2: \
{ \
asm volatile("\n" \
@@ -23602,7 +24182,7 @@ index a4a30e4..44891b7 100644
: "i" (-EFAULT), "r" (__new), "1" (__old) \
: "memory" \
); \
-@@ -599,14 +677,14 @@ extern void __cmpxchg_wrong_size(void)
+@@ -607,14 +685,14 @@ extern void __cmpxchg_wrong_size(void)
case 4: \
{ \
asm volatile("\n" \
@@ -23619,7 +24199,7 @@ index a4a30e4..44891b7 100644
: "i" (-EFAULT), "r" (__new), "1" (__old) \
: "memory" \
); \
-@@ -618,14 +696,14 @@ extern void __cmpxchg_wrong_size(void)
+@@ -626,14 +704,14 @@ extern void __cmpxchg_wrong_size(void)
__cmpxchg_wrong_size(); \
\
asm volatile("\n" \
@@ -23636,7 +24216,7 @@ index a4a30e4..44891b7 100644
: "i" (-EFAULT), "r" (__new), "1" (__old) \
: "memory" \
); \
-@@ -635,6 +713,7 @@ extern void __cmpxchg_wrong_size(void)
+@@ -643,6 +721,7 @@ extern void __cmpxchg_wrong_size(void)
__cmpxchg_wrong_size(); \
} \
__uaccess_end(); \
@@ -23644,7 +24224,7 @@ index a4a30e4..44891b7 100644
*__uval = __old; \
__ret; \
})
-@@ -658,17 +737,6 @@ extern struct movsl_mask {
+@@ -666,17 +745,6 @@ extern struct movsl_mask {
#define ARCH_HAS_NOCACHE_UACCESS 1
@@ -23662,7 +24242,7 @@ index a4a30e4..44891b7 100644
#ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS
# define copy_user_diag __compiletime_error
#else
-@@ -678,7 +746,7 @@ unsigned long __must_check _copy_to_user(void __user *to, const void *from,
+@@ -686,7 +754,7 @@ unsigned long __must_check _copy_to_user(void __user *to, const void *from,
extern void copy_user_diag("copy_from_user() buffer size is too small")
copy_from_user_overflow(void);
extern void copy_user_diag("copy_to_user() buffer size is too small")
@@ -23671,7 +24251,7 @@ index a4a30e4..44891b7 100644
#undef copy_user_diag
-@@ -691,7 +759,7 @@ __copy_from_user_overflow(void) __asm__("copy_from_user_overflow");
+@@ -699,7 +767,7 @@ __copy_from_user_overflow(void) __asm__("copy_from_user_overflow");
extern void
__compiletime_warning("copy_to_user() buffer size is not provably correct")
@@ -23680,7 +24260,7 @@ index a4a30e4..44891b7 100644
#define __copy_to_user_overflow(size, count) __copy_to_user_overflow()
#else
-@@ -706,10 +774,16 @@ __copy_from_user_overflow(int size, unsigned long count)
+@@ -714,10 +782,16 @@ __copy_from_user_overflow(int size, unsigned long count)
#endif
@@ -23698,7 +24278,7 @@ index a4a30e4..44891b7 100644
might_fault();
-@@ -731,12 +805,15 @@ copy_from_user(void *to, const void __user *from, unsigned long n)
+@@ -739,12 +813,15 @@ copy_from_user(void *to, const void __user *from, unsigned long n)
* case, and do only runtime checking for non-constant sizes.
*/
@@ -23720,7 +24300,7 @@ index a4a30e4..44891b7 100644
return n;
}
-@@ -744,17 +821,18 @@ copy_from_user(void *to, const void __user *from, unsigned long n)
+@@ -752,17 +829,18 @@ copy_from_user(void *to, const void __user *from, unsigned long n)
static inline unsigned long __must_check
copy_to_user(void __user *to, const void *from, unsigned long n)
{
@@ -23821,12 +24401,12 @@ index 3fe0eac..18dfa8b 100644
#endif /* _ASM_X86_UACCESS_32_H */
diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h
-index b89c34c..93a6bce 100644
+index 3076986..7688db9 100644
--- a/arch/x86/include/asm/uaccess_64.h
+++ b/arch/x86/include/asm/uaccess_64.h
@@ -10,6 +10,9 @@
#include <asm/alternative.h>
- #include <asm/cpufeature.h>
+ #include <asm/cpufeatures.h>
#include <asm/page.h>
+#include <asm/pgtable.h>
+
@@ -24264,10 +24844,10 @@ index 9dafe59..0293c1d 100644
#define BIOS_ROM_BASE 0xffe00000
diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
-index b1b78ff..92eb188 100644
+index 616ebd2..7386ebf 100644
--- a/arch/x86/kernel/Makefile
+++ b/arch/x86/kernel/Makefile
-@@ -30,7 +30,7 @@ obj-$(CONFIG_MODIFY_LDT_SYSCALL) += ldt.o
+@@ -42,7 +42,7 @@ obj-$(CONFIG_MODIFY_LDT_SYSCALL) += ldt.o
obj-y += setup.o x86_init.o i8259.o irqinit.o jump_label.o
obj-$(CONFIG_IRQ_WORK) += irq_work.o
obj-y += probe_roms.o
@@ -24277,7 +24857,7 @@ index b1b78ff..92eb188 100644
obj-$(CONFIG_X86_64) += mcount_64.o
obj-$(CONFIG_X86_ESPFIX64) += espfix_64.o
diff --git a/arch/x86/kernel/acpi/boot.c b/arch/x86/kernel/acpi/boot.c
-index e759076..441137a 100644
+index 8c2f1ef..e4e5c19 100644
--- a/arch/x86/kernel/acpi/boot.c
+++ b/arch/x86/kernel/acpi/boot.c
@@ -1341,7 +1341,7 @@ static void __init acpi_reduced_hw_init(void)
@@ -24594,7 +25174,7 @@ index 25f9093..f630040 100644
bp_int3_handler = handler;
bp_int3_addr = (u8 *)addr + sizeof(int3);
diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c
-index 8a5cdda..ef3aabc 100644
+index d356987..ed8a52b 100644
--- a/arch/x86/kernel/apic/apic.c
+++ b/arch/x86/kernel/apic/apic.c
@@ -177,7 +177,7 @@ int first_system_vector = FIRST_SYSTEM_VECTOR;
@@ -24616,7 +25196,7 @@ index 8a5cdda..ef3aabc 100644
apic_printk(APIC_DEBUG, KERN_DEBUG "APIC error on CPU%d: %02x",
smp_processor_id(), v);
diff --git a/arch/x86/kernel/apic/apic_flat_64.c b/arch/x86/kernel/apic/apic_flat_64.c
-index 9968f30..b06feae 100644
+index 76f89e2..4a349aaa 100644
--- a/arch/x86/kernel/apic/apic_flat_64.c
+++ b/arch/x86/kernel/apic/apic_flat_64.c
@@ -25,7 +25,7 @@
@@ -24803,7 +25383,7 @@ index a1242e2..0e7f712 100644
.name = "physical x2apic",
.probe = x2apic_phys_probe,
diff --git a/arch/x86/kernel/apic/x2apic_uv_x.c b/arch/x86/kernel/apic/x2apic_uv_x.c
-index 624db005..86c508a 100644
+index d7ce96a..99cedd7 100644
--- a/arch/x86/kernel/apic/x2apic_uv_x.c
+++ b/arch/x86/kernel/apic/x2apic_uv_x.c
@@ -374,7 +374,7 @@ static int uv_probe(void)
@@ -24816,7 +25396,7 @@ index 624db005..86c508a 100644
.name = "UV large system",
.probe = uv_probe,
diff --git a/arch/x86/kernel/apm_32.c b/arch/x86/kernel/apm_32.c
-index 052c9c3..bc22ccdba 100644
+index 9307f18..a43f175 100644
--- a/arch/x86/kernel/apm_32.c
+++ b/arch/x86/kernel/apm_32.c
@@ -432,7 +432,7 @@ static DEFINE_MUTEX(apm_mutex);
@@ -24900,7 +25480,7 @@ index 052c9c3..bc22ccdba 100644
proc_create("apm", 0, NULL, &apm_file_ops);
diff --git a/arch/x86/kernel/asm-offsets.c b/arch/x86/kernel/asm-offsets.c
-index 84a7524..e8edc49 100644
+index 5c04246..7492f2f 100644
--- a/arch/x86/kernel/asm-offsets.c
+++ b/arch/x86/kernel/asm-offsets.c
@@ -32,6 +32,8 @@ void common(void) {
@@ -24912,7 +25492,15 @@ index 84a7524..e8edc49 100644
BLANK();
OFFSET(crypto_tfm_ctx_offset, crypto_tfm, __crt_ctx);
-@@ -67,8 +69,26 @@ void common(void) {
+@@ -59,6 +61,7 @@ void common(void) {
+
+ #ifdef CONFIG_PARAVIRT
+ BLANK();
++ OFFSET(PARAVIRT_enabled, pv_info, paravirt_enabled);
+ OFFSET(PARAVIRT_PATCH_pv_cpu_ops, paravirt_patch_template, pv_cpu_ops);
+ OFFSET(PARAVIRT_PATCH_pv_irq_ops, paravirt_patch_template, pv_irq_ops);
+ OFFSET(PV_IRQ_irq_disable, pv_irq_ops, irq_disable);
+@@ -66,8 +69,26 @@ void common(void) {
OFFSET(PV_CPU_iret, pv_cpu_ops, iret);
OFFSET(PV_CPU_read_cr0, pv_cpu_ops, read_cr0);
OFFSET(PV_MMU_read_cr2, pv_mmu_ops, read_cr2);
@@ -24939,25 +25527,19 @@ index 84a7524..e8edc49 100644
#ifdef CONFIG_XEN
BLANK();
OFFSET(XEN_vcpu_info_mask, vcpu_info, evtchn_upcall_mask);
-diff --git a/arch/x86/kernel/asm-offsets_64.c b/arch/x86/kernel/asm-offsets_64.c
-index f2edafb..460f4e6 100644
---- a/arch/x86/kernel/asm-offsets_64.c
-+++ b/arch/x86/kernel/asm-offsets_64.c
-@@ -58,6 +58,7 @@ int main(void)
- BLANK();
- #undef ENTRY
+@@ -85,4 +106,5 @@ void common(void) {
-+ DEFINE(TSS_size, sizeof(struct tss_struct));
- OFFSET(TSS_ist, tss_struct, x86_tss.ist);
- OFFSET(TSS_sp0, tss_struct, x86_tss.sp0);
BLANK();
+ DEFINE(PTREGS_SIZE, sizeof(struct pt_regs));
++ DEFINE(TSS_size, sizeof(struct tss_struct));
+ }
diff --git a/arch/x86/kernel/cpu/Makefile b/arch/x86/kernel/cpu/Makefile
-index 5803130..c899b3d 100644
+index 4a8697f..8a13428 100644
--- a/arch/x86/kernel/cpu/Makefile
+++ b/arch/x86/kernel/cpu/Makefile
-@@ -8,10 +8,6 @@ CFLAGS_REMOVE_common.o = -pg
- CFLAGS_REMOVE_perf_event.o = -pg
- endif
+@@ -12,10 +12,6 @@ endif
+ KCOV_INSTRUMENT_common.o := n
+ KCOV_INSTRUMENT_perf_event.o := n
-# Make sure load_percpu_segment has no stackprotector
-nostackp := $(call cc-option, -fno-stack-protector)
@@ -24967,10 +25549,10 @@ index 5803130..c899b3d 100644
obj-y += common.o
obj-y += rdrand.o
diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
-index a07956a..368a2eb 100644
+index 7b76eb6..99cb9cc 100644
--- a/arch/x86/kernel/cpu/amd.c
+++ b/arch/x86/kernel/cpu/amd.c
-@@ -766,7 +766,7 @@ static void init_amd(struct cpuinfo_x86 *c)
+@@ -776,7 +776,7 @@ static void init_amd(struct cpuinfo_x86 *c)
static unsigned int amd_size_cache(struct cpuinfo_x86 *c, unsigned int size)
{
/* AMD errata T13 (order #21922) */
@@ -24980,7 +25562,7 @@ index a07956a..368a2eb 100644
if (c->x86_model == 3 && c->x86_mask == 0)
size = 64;
diff --git a/arch/x86/kernel/cpu/bugs_64.c b/arch/x86/kernel/cpu/bugs_64.c
-index 04f0fe5..3c0598c 100644
+index a972ac4..938c163 100644
--- a/arch/x86/kernel/cpu/bugs_64.c
+++ b/arch/x86/kernel/cpu/bugs_64.c
@@ -10,6 +10,7 @@
@@ -24992,7 +25574,7 @@ index 04f0fe5..3c0598c 100644
void __init check_bugs(void)
{
@@ -18,6 +19,7 @@ void __init check_bugs(void)
- printk(KERN_INFO "CPU: ");
+ pr_info("CPU: ");
print_cpu_info(&boot_cpu_data);
#endif
+ set_memory_nx((unsigned long)_sinitdata, (__START_KERNEL_map + KERNEL_IMAGE_SIZE - (unsigned long)_sinitdata) >> PAGE_SHIFT);
@@ -25000,7 +25582,7 @@ index 04f0fe5..3c0598c 100644
/*
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
-index 37830de..54677f5 100644
+index f45a4b9..4cf549c 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -92,60 +92,6 @@ static const struct cpu_dev default_cpu = {
@@ -25064,7 +25646,7 @@ index 37830de..54677f5 100644
static int __init x86_mpx_setup(char *s)
{
/* require an exact match without trailing characters */
-@@ -287,6 +233,109 @@ static __always_inline void setup_smap(struct cpuinfo_x86 *c)
+@@ -303,6 +249,109 @@ static __always_inline void setup_smap(struct cpuinfo_x86 *c)
}
}
@@ -25172,9 +25754,9 @@ index 37830de..54677f5 100644
+#endif
+
/*
- * Some CPU features depend on higher CPUID levels, which may not always
- * be available due to CPUID level capping or broken virtualization
-@@ -387,7 +436,7 @@ void switch_to_new_gdt(int cpu)
+ * Protection Keys are not available in 32-bit mode.
+ */
+@@ -448,7 +497,7 @@ void switch_to_new_gdt(int cpu)
{
struct desc_ptr gdt_descr;
@@ -25183,7 +25765,7 @@ index 37830de..54677f5 100644
gdt_descr.size = GDT_SIZE - 1;
load_gdt(&gdt_descr);
/* Reload the per-cpu base */
-@@ -916,6 +965,20 @@ static void identify_cpu(struct cpuinfo_x86 *c)
+@@ -1004,6 +1053,20 @@ static void identify_cpu(struct cpuinfo_x86 *c)
setup_smep(c);
setup_smap(c);
@@ -25204,7 +25786,7 @@ index 37830de..54677f5 100644
/*
* The vendor-specific functions might have changed features.
* Now we do "generic changes."
-@@ -990,7 +1053,7 @@ void enable_sep_cpu(void)
+@@ -1081,7 +1144,7 @@ void enable_sep_cpu(void)
int cpu;
cpu = get_cpu();
@@ -25213,7 +25795,7 @@ index 37830de..54677f5 100644
if (!boot_cpu_has(X86_FEATURE_SEP))
goto out;
-@@ -1136,10 +1199,12 @@ static __init int setup_disablecpuid(char *arg)
+@@ -1227,10 +1290,12 @@ static __init int setup_disablecpuid(char *arg)
}
__setup("clearcpuid=", setup_disablecpuid);
@@ -25229,7 +25811,7 @@ index 37830de..54677f5 100644
DEFINE_PER_CPU_FIRST(union irq_stack_union,
irq_stack_union) __aligned(PAGE_SIZE) __visible;
-@@ -1251,21 +1316,21 @@ EXPORT_PER_CPU_SYMBOL(current_task);
+@@ -1342,21 +1407,21 @@ EXPORT_PER_CPU_SYMBOL(current_task);
DEFINE_PER_CPU(int, __preempt_count) = INIT_PREEMPT_COUNT;
EXPORT_PER_CPU_SYMBOL(__preempt_count);
@@ -25258,7 +25840,7 @@ index 37830de..54677f5 100644
/*
* Clear all 6 debug registers:
*/
-@@ -1341,7 +1406,7 @@ void cpu_init(void)
+@@ -1432,7 +1497,7 @@ void cpu_init(void)
*/
load_ucode_ap();
@@ -25267,7 +25849,7 @@ index 37830de..54677f5 100644
oist = &per_cpu(orig_ist, cpu);
#ifdef CONFIG_NUMA
-@@ -1373,7 +1438,6 @@ void cpu_init(void)
+@@ -1464,7 +1529,6 @@ void cpu_init(void)
wrmsrl(MSR_KERNEL_GS_BASE, 0);
barrier();
@@ -25275,7 +25857,7 @@ index 37830de..54677f5 100644
x2apic_setup();
/*
-@@ -1425,7 +1489,7 @@ void cpu_init(void)
+@@ -1516,7 +1580,7 @@ void cpu_init(void)
{
int cpu = smp_processor_id();
struct task_struct *curr = current;
@@ -25285,7 +25867,7 @@ index 37830de..54677f5 100644
wait_for_master_cpu(cpu);
diff --git a/arch/x86/kernel/cpu/intel_cacheinfo.c b/arch/x86/kernel/cpu/intel_cacheinfo.c
-index 0b6c523..54d8406 100644
+index de6626c..c84e8c1 100644
--- a/arch/x86/kernel/cpu/intel_cacheinfo.c
+++ b/arch/x86/kernel/cpu/intel_cacheinfo.c
@@ -519,25 +519,23 @@ cache_private_attrs_is_visible(struct kobject *kobj,
@@ -25337,7 +25919,7 @@ index 0b6c523..54d8406 100644
return &cache_private_group;
diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c
-index a006f4c..9c0afe2 100644
+index f0c921b..2c7b33b 100644
--- a/arch/x86/kernel/cpu/mcheck/mce.c
+++ b/arch/x86/kernel/cpu/mcheck/mce.c
@@ -47,6 +47,7 @@
@@ -25416,7 +25998,7 @@ index a006f4c..9c0afe2 100644
wait_for_panic();
if (!mca_cfg.monarch_timeout)
goto out;
-@@ -1671,7 +1671,7 @@ static void unexpected_machine_check(struct pt_regs *regs, long error_code)
+@@ -1684,7 +1684,7 @@ static void unexpected_machine_check(struct pt_regs *regs, long error_code)
}
/* Call the installed machine check handler for this CPU setup. */
@@ -25425,7 +26007,7 @@ index a006f4c..9c0afe2 100644
unexpected_machine_check;
/*
-@@ -1700,7 +1700,9 @@ void mcheck_cpu_init(struct cpuinfo_x86 *c)
+@@ -1713,7 +1713,9 @@ void mcheck_cpu_init(struct cpuinfo_x86 *c)
return;
}
@@ -25435,7 +26017,7 @@ index a006f4c..9c0afe2 100644
__mcheck_cpu_init_generic();
__mcheck_cpu_init_vendor(c);
-@@ -1731,7 +1733,7 @@ void mcheck_cpu_clear(struct cpuinfo_x86 *c)
+@@ -1744,7 +1746,7 @@ void mcheck_cpu_clear(struct cpuinfo_x86 *c)
*/
static DEFINE_SPINLOCK(mce_chrdev_state_lock);
@@ -25444,7 +26026,7 @@ index a006f4c..9c0afe2 100644
static int mce_chrdev_open_exclu; /* already open exclusive? */
static int mce_chrdev_open(struct inode *inode, struct file *file)
-@@ -1739,7 +1741,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file)
+@@ -1752,7 +1754,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file)
spin_lock(&mce_chrdev_state_lock);
if (mce_chrdev_open_exclu ||
@@ -25453,7 +26035,7 @@ index a006f4c..9c0afe2 100644
spin_unlock(&mce_chrdev_state_lock);
return -EBUSY;
-@@ -1747,7 +1749,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file)
+@@ -1760,7 +1762,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file)
if (file->f_flags & O_EXCL)
mce_chrdev_open_exclu = 1;
@@ -25462,7 +26044,7 @@ index a006f4c..9c0afe2 100644
spin_unlock(&mce_chrdev_state_lock);
-@@ -1758,7 +1760,7 @@ static int mce_chrdev_release(struct inode *inode, struct file *file)
+@@ -1771,7 +1773,7 @@ static int mce_chrdev_release(struct inode *inode, struct file *file)
{
spin_lock(&mce_chrdev_state_lock);
@@ -25471,7 +26053,7 @@ index a006f4c..9c0afe2 100644
mce_chrdev_open_exclu = 0;
spin_unlock(&mce_chrdev_state_lock);
-@@ -2448,7 +2450,7 @@ static __init void mce_init_banks(void)
+@@ -2463,7 +2465,7 @@ static __init void mce_init_banks(void)
for (i = 0; i < mca_cfg.banks; i++) {
struct mce_bank *b = &mce_banks[i];
@@ -25480,7 +26062,7 @@ index a006f4c..9c0afe2 100644
sysfs_attr_init(&a->attr);
a->attr.name = b->attrname;
-@@ -2555,7 +2557,7 @@ struct dentry *mce_get_debugfs_dir(void)
+@@ -2570,7 +2572,7 @@ struct dentry *mce_get_debugfs_dir(void)
static void mce_reset(void)
{
cpu_missing = 0;
@@ -25490,7 +26072,7 @@ index a006f4c..9c0afe2 100644
atomic_set(&mce_callin, 0);
atomic_set(&global_nwo, 0);
diff --git a/arch/x86/kernel/cpu/mcheck/p5.c b/arch/x86/kernel/cpu/mcheck/p5.c
-index 12402e1..9e0f230 100644
+index 2a0717b..7fbc641 100644
--- a/arch/x86/kernel/cpu/mcheck/p5.c
+++ b/arch/x86/kernel/cpu/mcheck/p5.c
@@ -12,6 +12,7 @@
@@ -25501,7 +26083,7 @@ index 12402e1..9e0f230 100644
/* By default disabled */
int mce_p5_enabled __read_mostly;
-@@ -54,7 +55,9 @@ void intel_p5_mcheck_init(struct cpuinfo_x86 *c)
+@@ -52,7 +53,9 @@ void intel_p5_mcheck_init(struct cpuinfo_x86 *c)
if (!cpu_has(c, X86_FEATURE_MCE))
return;
@@ -25512,7 +26094,7 @@ index 12402e1..9e0f230 100644
wmb();
diff --git a/arch/x86/kernel/cpu/mcheck/winchip.c b/arch/x86/kernel/cpu/mcheck/winchip.c
-index 01dd870..6fd1c59 100644
+index c6a722e..4016140 100644
--- a/arch/x86/kernel/cpu/mcheck/winchip.c
+++ b/arch/x86/kernel/cpu/mcheck/winchip.c
@@ -11,6 +11,7 @@
@@ -25534,10 +26116,10 @@ index 01dd870..6fd1c59 100644
wmb();
diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c
-index 4f4735b..05b4ca6 100644
+index cbb3cf0..f3b73a3 100644
--- a/arch/x86/kernel/cpu/microcode/intel.c
+++ b/arch/x86/kernel/cpu/microcode/intel.c
-@@ -1012,13 +1012,13 @@ static enum ucode_state request_microcode_fw(int cpu, struct device *device,
+@@ -1003,13 +1003,13 @@ static enum ucode_state request_microcode_fw(int cpu, struct device *device,
static int get_ucode_user(void *to, const void *from, size_t n)
{
@@ -25554,11 +26136,11 @@ index 4f4735b..05b4ca6 100644
static void microcode_fini_cpu(int cpu)
diff --git a/arch/x86/kernel/cpu/mshyperv.c b/arch/x86/kernel/cpu/mshyperv.c
-index 20e242e..14b1629 100644
+index 10c11b4..18c4d71 100644
--- a/arch/x86/kernel/cpu/mshyperv.c
+++ b/arch/x86/kernel/cpu/mshyperv.c
-@@ -193,7 +193,7 @@ static void __init ms_hyperv_init_platform(void)
- mark_tsc_unstable("running on Hyper-V");
+@@ -205,7 +205,7 @@ static void __init ms_hyperv_init_platform(void)
+ x86_platform.get_nmi_reason = hv_get_nmi_reason;
}
-const __refconst struct hypervisor_x86 x86_hyper_ms_hyperv = {
@@ -25567,10 +26149,10 @@ index 20e242e..14b1629 100644
.detect = ms_hyperv_platform,
.init_platform = ms_hyperv_init_platform,
diff --git a/arch/x86/kernel/cpu/mtrr/generic.c b/arch/x86/kernel/cpu/mtrr/generic.c
-index c870af1..173e1cc 100644
+index 19f5736..8f92a72 100644
--- a/arch/x86/kernel/cpu/mtrr/generic.c
+++ b/arch/x86/kernel/cpu/mtrr/generic.c
-@@ -723,7 +723,8 @@ static DEFINE_RAW_SPINLOCK(set_atomicity_lock);
+@@ -722,7 +722,8 @@ static DEFINE_RAW_SPINLOCK(set_atomicity_lock);
* The caller must ensure that local interrupts are disabled and
* are reenabled after post_set() has been called.
*/
@@ -25580,7 +26162,7 @@ index c870af1..173e1cc 100644
{
unsigned long cr0;
-@@ -759,7 +760,8 @@ static void prepare_set(void) __acquires(set_atomicity_lock)
+@@ -758,7 +759,8 @@ static void prepare_set(void) __acquires(set_atomicity_lock)
wbinvd();
}
@@ -25591,7 +26173,7 @@ index c870af1..173e1cc 100644
/* Flush TLBs (no need to flush caches - they are disabled) */
count_vm_tlb_event(NR_TLB_LOCAL_FLUSH_ALL);
diff --git a/arch/x86/kernel/cpu/mtrr/main.c b/arch/x86/kernel/cpu/mtrr/main.c
-index 5c3d149..a052b18 100644
+index 10f8d47..481f5b4 100644
--- a/arch/x86/kernel/cpu/mtrr/main.c
+++ b/arch/x86/kernel/cpu/mtrr/main.c
@@ -72,7 +72,7 @@ static DEFINE_MUTEX(mtrr_mutex);
@@ -25616,521 +26198,11 @@ index 951884d..4796b75 100644
extern int generic_get_free_region(unsigned long base, unsigned long size,
int replace_reg);
-diff --git a/arch/x86/kernel/cpu/perf_event.c b/arch/x86/kernel/cpu/perf_event.c
-index 6532f5b..5de6c88 100644
---- a/arch/x86/kernel/cpu/perf_event.c
-+++ b/arch/x86/kernel/cpu/perf_event.c
-@@ -1534,7 +1534,7 @@ static void __init pmu_check_apic(void)
-
- }
-
--static struct attribute_group x86_pmu_format_group = {
-+static attribute_group_no_const x86_pmu_format_group = {
- .name = "format",
- .attrs = NULL,
- };
-@@ -1642,7 +1642,7 @@ static struct attribute *events_attr[] = {
- NULL,
- };
-
--static struct attribute_group x86_pmu_events_group = {
-+static attribute_group_no_const x86_pmu_events_group = {
- .name = "events",
- .attrs = events_attr,
- };
-@@ -2228,7 +2228,7 @@ valid_user_frame(const void __user *fp, unsigned long size)
- static unsigned long get_segment_base(unsigned int segment)
- {
- struct desc_struct *desc;
-- int idx = segment >> 3;
-+ unsigned int idx = segment >> 3;
-
- if ((segment & SEGMENT_TI_MASK) == SEGMENT_LDT) {
- #ifdef CONFIG_MODIFY_LDT_SYSCALL
-@@ -2250,7 +2250,7 @@ static unsigned long get_segment_base(unsigned int segment)
- if (idx > GDT_ENTRIES)
- return 0;
-
-- desc = raw_cpu_ptr(gdt_page.gdt) + idx;
-+ desc = get_cpu_gdt_table(smp_processor_id()) + idx;
- }
-
- return get_desc_base(desc);
-@@ -2355,7 +2355,7 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs)
- break;
-
- perf_callchain_store(entry, frame.return_address);
-- fp = (void __user *)frame.next_frame;
-+ fp = (void __force_user *)frame.next_frame;
- }
- pagefault_enable();
- }
-diff --git a/arch/x86/kernel/cpu/perf_event.h b/arch/x86/kernel/cpu/perf_event.h
-index 98be6d6..b44c81a 100644
---- a/arch/x86/kernel/cpu/perf_event.h
-+++ b/arch/x86/kernel/cpu/perf_event.h
-@@ -787,7 +787,7 @@ static inline void set_linear_ip(struct pt_regs *regs, unsigned long ip)
- regs->cs = kernel_ip(ip) ? __KERNEL_CS : __USER_CS;
- if (regs->flags & X86_VM_MASK)
- regs->flags ^= (PERF_EFLAGS_VM | X86_VM_MASK);
-- regs->ip = ip;
-+ regs->ip = kernel_ip(ip) ? ktva_ktla(ip) : ip;
- }
-
- ssize_t x86_event_sysfs_show(char *page, u64 config, u64 event);
-diff --git a/arch/x86/kernel/cpu/perf_event_amd_iommu.c b/arch/x86/kernel/cpu/perf_event_amd_iommu.c
-index 97242a9..ba15e8c 100644
---- a/arch/x86/kernel/cpu/perf_event_amd_iommu.c
-+++ b/arch/x86/kernel/cpu/perf_event_amd_iommu.c
-@@ -80,12 +80,12 @@ static struct attribute_group amd_iommu_format_group = {
- * sysfs events attributes
- *---------------------------------------------*/
- struct amd_iommu_event_desc {
-- struct kobj_attribute attr;
-+ struct device_attribute attr;
- const char *event;
- };
-
--static ssize_t _iommu_event_show(struct kobject *kobj,
-- struct kobj_attribute *attr, char *buf)
-+static ssize_t _iommu_event_show(struct device *dev,
-+ struct device_attribute *attr, char *buf)
- {
- struct amd_iommu_event_desc *event =
- container_of(attr, struct amd_iommu_event_desc, attr);
-@@ -402,7 +402,7 @@ static void perf_iommu_del(struct perf_event *event, int flags)
- static __init int _init_events_attrs(struct perf_amd_iommu *perf_iommu)
- {
- struct attribute **attrs;
-- struct attribute_group *attr_group;
-+ attribute_group_no_const *attr_group;
- int i = 0, j;
-
- while (amd_iommu_v2_event_descs[i].attr.attr.name)
-diff --git a/arch/x86/kernel/cpu/perf_event_intel.c b/arch/x86/kernel/cpu/perf_event_intel.c
-index 760aec1..3c64694 100644
---- a/arch/x86/kernel/cpu/perf_event_intel.c
-+++ b/arch/x86/kernel/cpu/perf_event_intel.c
-@@ -2185,6 +2185,8 @@ __intel_get_event_constraints(struct cpu_hw_events *cpuc, int idx,
- }
-
- static void
-+intel_start_scheduling(struct cpu_hw_events *cpuc) __acquires(&cpuc->excl_cntrs->lock);
-+static void
- intel_start_scheduling(struct cpu_hw_events *cpuc)
- {
- struct intel_excl_cntrs *excl_cntrs = cpuc->excl_cntrs;
-@@ -2194,14 +2196,18 @@ intel_start_scheduling(struct cpu_hw_events *cpuc)
- /*
- * nothing needed if in group validation mode
- */
-- if (cpuc->is_fake || !is_ht_workaround_enabled())
-+ if (cpuc->is_fake || !is_ht_workaround_enabled()) {
-+ __acquire(&excl_cntrs->lock);
- return;
-+ }
-
- /*
- * no exclusion needed
- */
-- if (WARN_ON_ONCE(!excl_cntrs))
-+ if (WARN_ON_ONCE(!excl_cntrs)) {
-+ __acquire(&excl_cntrs->lock);
- return;
-+ }
-
- xl = &excl_cntrs->states[tid];
-
-@@ -2241,6 +2247,8 @@ static void intel_commit_scheduling(struct cpu_hw_events *cpuc, int idx, int cnt
- }
-
- static void
-+intel_stop_scheduling(struct cpu_hw_events *cpuc) __releases(&cpuc->excl_cntrs->lock);
-+static void
- intel_stop_scheduling(struct cpu_hw_events *cpuc)
- {
- struct intel_excl_cntrs *excl_cntrs = cpuc->excl_cntrs;
-@@ -2250,13 +2258,18 @@ intel_stop_scheduling(struct cpu_hw_events *cpuc)
- /*
- * nothing needed if in group validation mode
- */
-- if (cpuc->is_fake || !is_ht_workaround_enabled())
-+ if (cpuc->is_fake || !is_ht_workaround_enabled()) {
-+ __release(&excl_cntrs->lock);
- return;
-+ }
-+
- /*
- * no exclusion needed
- */
-- if (WARN_ON_ONCE(!excl_cntrs))
-+ if (WARN_ON_ONCE(!excl_cntrs)) {
-+ __release(&excl_cntrs->lock);
- return;
-+ }
-
- xl = &excl_cntrs->states[tid];
-
-@@ -2439,19 +2452,22 @@ static void intel_put_excl_constraints(struct cpu_hw_events *cpuc,
- * unused now.
- */
- if (hwc->idx >= 0) {
-+ bool sched_started;
-+
- xl = &excl_cntrs->states[tid];
-+ sched_started = xl->sched_started;
-
- /*
- * put_constraint may be called from x86_schedule_events()
- * which already has the lock held so here make locking
- * conditional.
- */
-- if (!xl->sched_started)
-+ if (!sched_started)
- raw_spin_lock(&excl_cntrs->lock);
-
- xl->state[hwc->idx] = INTEL_EXCL_UNUSED;
-
-- if (!xl->sched_started)
-+ if (!sched_started)
- raw_spin_unlock(&excl_cntrs->lock);
- }
- }
-@@ -3360,10 +3376,10 @@ __init int intel_pmu_init(void)
- x86_pmu.num_counters_fixed = max((int)edx.split.num_counters_fixed, 3);
-
- if (boot_cpu_has(X86_FEATURE_PDCM)) {
-- u64 capabilities;
-+ u64 capabilities = x86_pmu.intel_cap.capabilities;
-
-- rdmsrl(MSR_IA32_PERF_CAPABILITIES, capabilities);
-- x86_pmu.intel_cap.capabilities = capabilities;
-+ if (rdmsrl_safe(MSR_IA32_PERF_CAPABILITIES, &x86_pmu.intel_cap.capabilities))
-+ x86_pmu.intel_cap.capabilities = capabilities;
- }
-
- intel_ds_init();
-diff --git a/arch/x86/kernel/cpu/perf_event_intel_bts.c b/arch/x86/kernel/cpu/perf_event_intel_bts.c
-index 2cad71d..5f1baf2 100644
---- a/arch/x86/kernel/cpu/perf_event_intel_bts.c
-+++ b/arch/x86/kernel/cpu/perf_event_intel_bts.c
-@@ -250,7 +250,7 @@ static void bts_event_start(struct perf_event *event, int flags)
- __bts_event_start(event);
-
- /* PMI handler: this counter is running and likely generating PMIs */
-- ACCESS_ONCE(bts->started) = 1;
-+ ACCESS_ONCE_RW(bts->started) = 1;
- }
-
- static void __bts_event_stop(struct perf_event *event)
-@@ -264,7 +264,7 @@ static void __bts_event_stop(struct perf_event *event)
- if (event->hw.state & PERF_HES_STOPPED)
- return;
-
-- ACCESS_ONCE(event->hw.state) |= PERF_HES_STOPPED;
-+ ACCESS_ONCE_RW(event->hw.state) |= PERF_HES_STOPPED;
- }
-
- static void bts_event_stop(struct perf_event *event, int flags)
-@@ -272,7 +272,7 @@ static void bts_event_stop(struct perf_event *event, int flags)
- struct bts_ctx *bts = this_cpu_ptr(&bts_ctx);
-
- /* PMI handler: don't restart this counter */
-- ACCESS_ONCE(bts->started) = 0;
-+ ACCESS_ONCE_RW(bts->started) = 0;
-
- __bts_event_stop(event);
-
-diff --git a/arch/x86/kernel/cpu/perf_event_intel_cqm.c b/arch/x86/kernel/cpu/perf_event_intel_cqm.c
-index a316ca9..07e219e 100644
---- a/arch/x86/kernel/cpu/perf_event_intel_cqm.c
-+++ b/arch/x86/kernel/cpu/perf_event_intel_cqm.c
-@@ -1364,7 +1364,9 @@ static int __init intel_cqm_init(void)
- goto out;
- }
-
-- event_attr_intel_cqm_llc_scale.event_str = str;
-+ pax_open_kernel();
-+ const_cast(event_attr_intel_cqm_llc_scale.event_str) = str;
-+ pax_close_kernel();
-
- ret = intel_cqm_setup_rmid_cache();
- if (ret)
-diff --git a/arch/x86/kernel/cpu/perf_event_intel_cstate.c b/arch/x86/kernel/cpu/perf_event_intel_cstate.c
-index 75a38b5..36cb0a9 100644
---- a/arch/x86/kernel/cpu/perf_event_intel_cstate.c
-+++ b/arch/x86/kernel/cpu/perf_event_intel_cstate.c
-@@ -92,14 +92,14 @@
- #include "perf_event.h"
-
- #define DEFINE_CSTATE_FORMAT_ATTR(_var, _name, _format) \
--static ssize_t __cstate_##_var##_show(struct kobject *kobj, \
-- struct kobj_attribute *attr, \
-+static ssize_t __cstate_##_var##_show(struct device *dev, \
-+ struct device_attribute *attr, \
- char *page) \
- { \
- BUILD_BUG_ON(sizeof(_format) >= PAGE_SIZE); \
- return sprintf(page, _format "\n"); \
- } \
--static struct kobj_attribute format_attr_##_var = \
-+static struct device_attribute format_attr_##_var = \
- __ATTR(_name, 0444, __cstate_##_var##_show, NULL)
-
- static ssize_t cstate_get_attr_cpumask(struct device *dev,
-diff --git a/arch/x86/kernel/cpu/perf_event_intel_ds.c b/arch/x86/kernel/cpu/perf_event_intel_ds.c
-index 9551401..649b91c 100644
---- a/arch/x86/kernel/cpu/perf_event_intel_ds.c
-+++ b/arch/x86/kernel/cpu/perf_event_intel_ds.c
-@@ -598,7 +598,7 @@ int intel_pmu_drain_bts_buffer(void)
-
- static inline void intel_pmu_drain_pebs_buffer(void)
- {
-- struct pt_regs regs;
-+ struct pt_regs regs = {};
-
- x86_pmu.drain_pebs(&regs);
- }
-@@ -876,7 +876,7 @@ static int intel_pmu_pebs_fixup_ip(struct pt_regs *regs)
- struct cpu_hw_events *cpuc = this_cpu_ptr(&cpu_hw_events);
- unsigned long from = cpuc->lbr_entries[0].from;
- unsigned long old_to, to = cpuc->lbr_entries[0].to;
-- unsigned long ip = regs->ip;
-+ unsigned long ip = ktva_ktla(regs->ip);
- int is_64bit = 0;
- void *kaddr;
- int size;
-@@ -928,6 +928,7 @@ static int intel_pmu_pebs_fixup_ip(struct pt_regs *regs)
- } else {
- kaddr = (void *)to;
- }
-+ kaddr = (void *)ktva_ktla((unsigned long)kaddr);
-
- do {
- struct insn insn;
-@@ -1076,7 +1077,7 @@ static void setup_pebs_sample_data(struct perf_event *event,
- }
-
- if (event->attr.precise_ip > 1 && x86_pmu.intel_cap.pebs_format >= 2) {
-- regs->ip = pebs->real_ip;
-+ set_linear_ip(regs, pebs->real_ip);
- regs->flags |= PERF_EFLAGS_EXACT;
- } else if (event->attr.precise_ip > 1 && intel_pmu_pebs_fixup_ip(regs))
- regs->flags |= PERF_EFLAGS_EXACT;
-diff --git a/arch/x86/kernel/cpu/perf_event_intel_lbr.c b/arch/x86/kernel/cpu/perf_event_intel_lbr.c
-index 653f88d..11b6b78 100644
---- a/arch/x86/kernel/cpu/perf_event_intel_lbr.c
-+++ b/arch/x86/kernel/cpu/perf_event_intel_lbr.c
-@@ -704,7 +704,7 @@ static int branch_type(unsigned long from, unsigned long to, int abort)
- * Ensure we don't blindy read any address by validating it is
- * a known text address.
- */
-- if (kernel_text_address(from)) {
-+ if (kernel_text_address(ktva_ktla(from))) {
- addr = (void *)from;
- /*
- * Assume we can get the maximum possible size
-@@ -726,7 +726,7 @@ static int branch_type(unsigned long from, unsigned long to, int abort)
- #ifdef CONFIG_X86_64
- is64 = kernel_ip((unsigned long)addr) || !test_thread_flag(TIF_IA32);
- #endif
-- insn_init(&insn, addr, bytes_read, is64);
-+ insn_init(&insn, (void *)ktva_ktla((unsigned long)addr), bytes_read, is64);
- insn_get_opcode(&insn);
- if (!insn.opcode.got)
- return X86_BR_ABORT;
-diff --git a/arch/x86/kernel/cpu/perf_event_intel_pt.c b/arch/x86/kernel/cpu/perf_event_intel_pt.c
-index a5286d0..79c220a 100644
---- a/arch/x86/kernel/cpu/perf_event_intel_pt.c
-+++ b/arch/x86/kernel/cpu/perf_event_intel_pt.c
-@@ -133,14 +133,10 @@ static const struct attribute_group *pt_attr_groups[] = {
-
- static int __init pt_pmu_hw_init(void)
- {
-- struct dev_ext_attribute *de_attrs;
-- struct attribute **attrs;
-- size_t size;
-- int ret;
-+ static struct dev_ext_attribute de_attrs[ARRAY_SIZE(pt_caps)];
-+ static struct attribute *attrs[ARRAY_SIZE(pt_caps)];
- long i;
-
-- attrs = NULL;
--
- for (i = 0; i < PT_CPUID_LEAVES; i++) {
- cpuid_count(20, i,
- &pt_pmu.caps[CR_EAX + i*PT_CPUID_REGS_NUM],
-@@ -149,39 +145,25 @@ static int __init pt_pmu_hw_init(void)
- &pt_pmu.caps[CR_EDX + i*PT_CPUID_REGS_NUM]);
- }
-
-- ret = -ENOMEM;
-- size = sizeof(struct attribute *) * (ARRAY_SIZE(pt_caps)+1);
-- attrs = kzalloc(size, GFP_KERNEL);
-- if (!attrs)
-- goto fail;
--
-- size = sizeof(struct dev_ext_attribute) * (ARRAY_SIZE(pt_caps)+1);
-- de_attrs = kzalloc(size, GFP_KERNEL);
-- if (!de_attrs)
-- goto fail;
--
-+ pax_open_kernel();
- for (i = 0; i < ARRAY_SIZE(pt_caps); i++) {
-- struct dev_ext_attribute *de_attr = de_attrs + i;
-+ struct dev_ext_attribute *de_attr = &de_attrs[i];
-
-- de_attr->attr.attr.name = pt_caps[i].name;
-+ const_cast(de_attr->attr.attr.name) = pt_caps[i].name;
-
- sysfs_attr_init(&de_attr->attr.attr);
-
-- de_attr->attr.attr.mode = S_IRUGO;
-- de_attr->attr.show = pt_cap_show;
-- de_attr->var = (void *)i;
-+ const_cast(de_attr->attr.attr.mode) = S_IRUGO;
-+ const_cast(de_attr->attr.show) = pt_cap_show;
-+ const_cast(de_attr->var) = (void *)i;
-
- attrs[i] = &de_attr->attr.attr;
- }
-
-- pt_cap_group.attrs = attrs;
-+ const_cast(pt_cap_group.attrs) = attrs;
-+ pax_close_kernel();
-
- return 0;
--
--fail:
-- kfree(attrs);
--
-- return ret;
- }
-
- #define RTIT_CTL_CYC_PSB (RTIT_CTL_CYCLEACC | \
-@@ -999,7 +981,7 @@ static void pt_event_start(struct perf_event *event, int mode)
- return;
- }
-
-- ACCESS_ONCE(pt->handle_nmi) = 1;
-+ ACCESS_ONCE_RW(pt->handle_nmi) = 1;
- event->hw.state = 0;
-
- pt_config_buffer(buf->cur->table, buf->cur_idx,
-@@ -1015,7 +997,7 @@ static void pt_event_stop(struct perf_event *event, int mode)
- * Protect against the PMI racing with disabling wrmsr,
- * see comment in intel_pt_interrupt().
- */
-- ACCESS_ONCE(pt->handle_nmi) = 0;
-+ ACCESS_ONCE_RW(pt->handle_nmi) = 0;
- pt_config_start(false);
-
- if (event->hw.state == PERF_HES_STOPPED)
-diff --git a/arch/x86/kernel/cpu/perf_event_intel_rapl.c b/arch/x86/kernel/cpu/perf_event_intel_rapl.c
-index 24a351a..d429cd7 100644
---- a/arch/x86/kernel/cpu/perf_event_intel_rapl.c
-+++ b/arch/x86/kernel/cpu/perf_event_intel_rapl.c
-@@ -97,14 +97,14 @@ static const char *const rapl_domain_names[NR_RAPL_DOMAINS] __initconst = {
- #define RAPL_EVENT_MASK 0xFFULL
-
- #define DEFINE_RAPL_FORMAT_ATTR(_var, _name, _format) \
--static ssize_t __rapl_##_var##_show(struct kobject *kobj, \
-- struct kobj_attribute *attr, \
-+static ssize_t __rapl_##_var##_show(struct device *dev, \
-+ struct device_attribute *attr, \
- char *page) \
- { \
- BUILD_BUG_ON(sizeof(_format) >= PAGE_SIZE); \
- return sprintf(page, _format "\n"); \
- } \
--static struct kobj_attribute format_attr_##_var = \
-+static struct device_attribute format_attr_##_var = \
- __ATTR(_name, 0444, __rapl_##_var##_show, NULL)
-
- #define RAPL_CNTR_WIDTH 32 /* 32-bit rapl counters */
-@@ -483,7 +483,7 @@ static struct attribute *rapl_events_knl_attr[] = {
- NULL,
- };
-
--static struct attribute_group rapl_pmu_events_group = {
-+static attribute_group_no_const rapl_pmu_events_group __read_only = {
- .name = "events",
- .attrs = NULL, /* patched at runtime */
- };
-diff --git a/arch/x86/kernel/cpu/perf_event_intel_uncore.c b/arch/x86/kernel/cpu/perf_event_intel_uncore.c
-index 3bf41d4..b5dc2c2 100644
---- a/arch/x86/kernel/cpu/perf_event_intel_uncore.c
-+++ b/arch/x86/kernel/cpu/perf_event_intel_uncore.c
-@@ -74,8 +74,8 @@ end:
- return map;
- }
-
--ssize_t uncore_event_show(struct kobject *kobj,
-- struct kobj_attribute *attr, char *buf)
-+ssize_t uncore_event_show(struct device *dev,
-+ struct device_attribute *attr, char *buf)
- {
- struct uncore_event_desc *event =
- container_of(attr, struct uncore_event_desc, attr);
-@@ -785,7 +785,7 @@ static void __init uncore_types_exit(struct intel_uncore_type **types)
- static int __init uncore_type_init(struct intel_uncore_type *type)
- {
- struct intel_uncore_pmu *pmus;
-- struct attribute_group *attr_group;
-+ attribute_group_no_const *attr_group;
- struct attribute **attrs;
- int i, j;
-
-diff --git a/arch/x86/kernel/cpu/perf_event_intel_uncore.h b/arch/x86/kernel/cpu/perf_event_intel_uncore.h
-index a7086b8..ccac9b1 100644
---- a/arch/x86/kernel/cpu/perf_event_intel_uncore.h
-+++ b/arch/x86/kernel/cpu/perf_event_intel_uncore.h
-@@ -113,9 +113,9 @@ struct intel_uncore_box {
- #define UNCORE_BOX_FLAG_INITIATED 0
-
- struct uncore_event_desc {
-- struct kobj_attribute attr;
-+ struct device_attribute attr;
- const char *config;
--};
-+} __do_const;
-
- struct pci2phy_map {
- struct list_head list;
-@@ -126,8 +126,8 @@ struct pci2phy_map {
- int uncore_pcibus_to_physid(struct pci_bus *bus);
- struct pci2phy_map *__find_pci2phy_map(int segment);
-
--ssize_t uncore_event_show(struct kobject *kobj,
-- struct kobj_attribute *attr, char *buf);
-+ssize_t uncore_event_show(struct device *dev,
-+ struct device_attribute *attr, char *buf);
-
- #define INTEL_UNCORE_EVENT_DESC(_name, _config) \
- { \
-@@ -136,14 +136,14 @@ ssize_t uncore_event_show(struct kobject *kobj,
- }
-
- #define DEFINE_UNCORE_FORMAT_ATTR(_var, _name, _format) \
--static ssize_t __uncore_##_var##_show(struct kobject *kobj, \
-- struct kobj_attribute *attr, \
-+static ssize_t __uncore_##_var##_show(struct device *dev, \
-+ struct device_attribute *attr, \
- char *page) \
- { \
- BUILD_BUG_ON(sizeof(_format) >= PAGE_SIZE); \
- return sprintf(page, _format "\n"); \
- } \
--static struct kobj_attribute format_attr_##_var = \
-+static struct device_attribute format_attr_##_var = \
- __ATTR(_name, 0444, __uncore_##_var##_show, NULL)
-
- static inline unsigned uncore_pci_box_ctl(struct intel_uncore_box *box)
diff --git a/arch/x86/kernel/cpu/vmware.c b/arch/x86/kernel/cpu/vmware.c
-index 628a059..83bced6 100644
+index 364e583..1124b95 100644
--- a/arch/x86/kernel/cpu/vmware.c
+++ b/arch/x86/kernel/cpu/vmware.c
-@@ -137,7 +137,7 @@ static bool __init vmware_legacy_x2apic_available(void)
+@@ -136,7 +136,7 @@ static bool __init vmware_legacy_x2apic_available(void)
(eax & (1 << VMWARE_PORT_CMD_LEGACY_X2APIC)) != 0;
}
@@ -26188,7 +26260,7 @@ index f6dfd93..892ade4 100644
.__cr3 = __pa_nodebug(swapper_pg_dir),
diff --git a/arch/x86/kernel/dumpstack.c b/arch/x86/kernel/dumpstack.c
-index 9c30acf..8cf2411 100644
+index 8efa57a..9750a3d 100644
--- a/arch/x86/kernel/dumpstack.c
+++ b/arch/x86/kernel/dumpstack.c
@@ -2,6 +2,9 @@
@@ -26292,8 +26364,8 @@ index 9c30acf..8cf2411 100644
unsigned long addr = *ret_addr;
if (!__kernel_text_address(addr))
-@@ -138,7 +137,7 @@ print_context_stack_bp(struct thread_info *tinfo,
- ops->address(data, addr, 1);
+@@ -139,7 +138,7 @@ print_context_stack_bp(struct thread_info *tinfo,
+ break;
frame = frame->next_frame;
ret_addr = &frame->return_address;
- print_ftrace_graph_addr(addr, data, ops, tinfo, graph);
@@ -26301,7 +26373,7 @@ index 9c30acf..8cf2411 100644
}
return (unsigned long)frame;
-@@ -226,6 +225,8 @@ unsigned long oops_begin(void)
+@@ -228,6 +227,8 @@ unsigned long oops_begin(void)
EXPORT_SYMBOL_GPL(oops_begin);
NOKPROBE_SYMBOL(oops_begin);
@@ -26310,7 +26382,7 @@ index 9c30acf..8cf2411 100644
void oops_end(unsigned long flags, struct pt_regs *regs, int signr)
{
if (regs && kexec_should_crash(current))
-@@ -247,7 +248,10 @@ void oops_end(unsigned long flags, struct pt_regs *regs, int signr)
+@@ -249,7 +250,10 @@ void oops_end(unsigned long flags, struct pt_regs *regs, int signr)
panic("Fatal exception in interrupt");
if (panic_on_oops)
panic("Fatal exception");
@@ -26536,10 +26608,10 @@ index 5f1c626..059e830 100644
+EXPORT_SYMBOL(pax_check_alloca);
+#endif
diff --git a/arch/x86/kernel/e820.c b/arch/x86/kernel/e820.c
-index 569c1e4..76d787d 100644
+index 621b501..9e7da88 100644
--- a/arch/x86/kernel/e820.c
+++ b/arch/x86/kernel/e820.c
-@@ -803,8 +803,8 @@ unsigned long __init e820_end_of_low_ram_pfn(void)
+@@ -804,8 +804,8 @@ unsigned long __init e820_end_of_low_ram_pfn(void)
static void early_panic(char *msg)
{
@@ -26551,7 +26623,7 @@ index 569c1e4..76d787d 100644
static int userdef __initdata;
diff --git a/arch/x86/kernel/early_printk.c b/arch/x86/kernel/early_printk.c
-index 21bf924..49a5fea3 100644
+index 8a12199..e63bebf 100644
--- a/arch/x86/kernel/early_printk.c
+++ b/arch/x86/kernel/early_printk.c
@@ -7,6 +7,7 @@
@@ -26660,10 +26732,10 @@ index 4d38416..ec7cc4e 100644
unlock_done:
mutex_unlock(&espfix_init_mutex);
diff --git a/arch/x86/kernel/fpu/core.c b/arch/x86/kernel/fpu/core.c
-index d5804ad..4c36ff6 100644
+index 8e37cc8..0ce76b8 100644
--- a/arch/x86/kernel/fpu/core.c
+++ b/arch/x86/kernel/fpu/core.c
-@@ -127,7 +127,7 @@ void __kernel_fpu_end(void)
+@@ -131,7 +131,7 @@ void __kernel_fpu_end(void)
struct fpu *fpu = &current->thread.fpu;
if (fpu->fpregs_active)
@@ -26672,7 +26744,16 @@ index d5804ad..4c36ff6 100644
else
__fpregs_deactivate_hw();
-@@ -238,7 +238,7 @@ static void fpu_copy(struct fpu *dst_fpu, struct fpu *src_fpu)
+@@ -195,7 +195,7 @@ void fpu__save(struct fpu *fpu)
+ if (fpu->fpregs_active) {
+ if (!copy_fpregs_to_fpstate(fpu)) {
+ if (use_eager_fpu())
+- copy_kernel_to_fpregs(&fpu->state);
++ copy_kernel_to_fpregs(fpu->state);
+ else
+ fpregs_deactivate(fpu);
+ }
+@@ -247,7 +247,7 @@ int fpu__copy(struct fpu *dst_fpu, struct fpu *src_fpu)
* leak into the child task:
*/
if (use_eager_fpu())
@@ -26681,16 +26762,20 @@ index d5804ad..4c36ff6 100644
/*
* Save current FPU registers directly into the child
-@@ -258,7 +258,7 @@ static void fpu_copy(struct fpu *dst_fpu, struct fpu *src_fpu)
+@@ -266,10 +266,10 @@ int fpu__copy(struct fpu *dst_fpu, struct fpu *src_fpu)
*/
preempt_disable();
if (!copy_fpregs_to_fpstate(dst_fpu)) {
- memcpy(&src_fpu->state, &dst_fpu->state, xstate_size);
+ memcpy(src_fpu->state, dst_fpu->state, xstate_size);
- fpregs_deactivate(src_fpu);
+
+ if (use_eager_fpu())
+- copy_kernel_to_fpregs(&src_fpu->state);
++ copy_kernel_to_fpregs(src_fpu->state);
+ else
+ fpregs_deactivate(src_fpu);
}
- preempt_enable();
-@@ -285,7 +285,7 @@ void fpu__activate_curr(struct fpu *fpu)
+@@ -287,7 +287,7 @@ void fpu__activate_curr(struct fpu *fpu)
WARN_ON_FPU(fpu != &current->thread.fpu);
if (!fpu->fpstate_active) {
@@ -26699,7 +26784,7 @@ index d5804ad..4c36ff6 100644
/* Safe to do for the current task: */
fpu->fpstate_active = 1;
-@@ -311,7 +311,7 @@ void fpu__activate_fpstate_read(struct fpu *fpu)
+@@ -313,7 +313,7 @@ void fpu__activate_fpstate_read(struct fpu *fpu)
fpu__save(fpu);
} else {
if (!fpu->fpstate_active) {
@@ -26708,7 +26793,7 @@ index d5804ad..4c36ff6 100644
/* Safe to do for current and for stopped child tasks: */
fpu->fpstate_active = 1;
-@@ -344,7 +344,7 @@ void fpu__activate_fpstate_write(struct fpu *fpu)
+@@ -346,7 +346,7 @@ void fpu__activate_fpstate_write(struct fpu *fpu)
/* Invalidate any lazy state: */
fpu->last_cpu = -1;
} else {
@@ -26717,7 +26802,16 @@ index d5804ad..4c36ff6 100644
/* Safe to do for stopped child tasks: */
fpu->fpstate_active = 1;
-@@ -368,7 +368,7 @@ void fpu__restore(struct fpu *fpu)
+@@ -407,7 +407,7 @@ void fpu__current_fpstate_write_end(void)
+ * an XRSTOR if they are active.
+ */
+ if (fpregs_active())
+- copy_kernel_to_fpregs(&fpu->state);
++ copy_kernel_to_fpregs(fpu->state);
+
+ /*
+ * Our update is done and the fpregs/fpstate are in sync
+@@ -433,7 +433,7 @@ void fpu__restore(struct fpu *fpu)
/* Avoid __kernel_fpu_begin() right after fpregs_activate() */
kernel_fpu_disable();
fpregs_activate(fpu);
@@ -26726,7 +26820,7 @@ index d5804ad..4c36ff6 100644
fpu->counter++;
kernel_fpu_enable();
}
-@@ -444,25 +444,25 @@ void fpu__clear(struct fpu *fpu)
+@@ -509,25 +509,25 @@ void fpu__clear(struct fpu *fpu)
static inline unsigned short get_fpu_cwd(struct fpu *fpu)
{
if (cpu_has_fxsr) {
@@ -26758,7 +26852,7 @@ index d5804ad..4c36ff6 100644
return MXCSR_DEFAULT;
}
diff --git a/arch/x86/kernel/fpu/init.c b/arch/x86/kernel/fpu/init.c
-index bd08fb7..dc29a0a 100644
+index 54c86ff..703757b 100644
--- a/arch/x86/kernel/fpu/init.c
+++ b/arch/x86/kernel/fpu/init.c
@@ -45,7 +45,7 @@ static void fpu__init_cpu_generic(void)
@@ -26823,7 +26917,7 @@ index bd08fb7..dc29a0a 100644
/*
* Set up the xstate_size based on the legacy FPU context size.
-@@ -400,7 +356,6 @@ void __init fpu__init_system(struct cpuinfo_x86 *c)
+@@ -397,7 +353,6 @@ void __init fpu__init_system(struct cpuinfo_x86 *c)
fpu__init_system_generic();
fpu__init_system_xstate_size_legacy();
fpu__init_system_xstate();
@@ -26832,7 +26926,7 @@ index bd08fb7..dc29a0a 100644
fpu__init_system_ctx_switch();
}
diff --git a/arch/x86/kernel/fpu/regset.c b/arch/x86/kernel/fpu/regset.c
-index 0bc3490..5cfa5c0 100644
+index 8bd1c00..765a913 100644
--- a/arch/x86/kernel/fpu/regset.c
+++ b/arch/x86/kernel/fpu/regset.c
@@ -37,7 +37,7 @@ int xfpregs_get(struct task_struct *target, const struct user_regset *regset,
@@ -27021,10 +27115,10 @@ index 31c6a60..523f27e 100644
} else {
sanitize_restored_xstate(tsk, &env, xfeatures, fx_only);
diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c
-index d425cda5..011b570 100644
+index b48ef35..10f3b79 100644
--- a/arch/x86/kernel/fpu/xstate.c
+++ b/arch/x86/kernel/fpu/xstate.c
-@@ -110,14 +110,14 @@ EXPORT_SYMBOL_GPL(cpu_has_xfeatures);
+@@ -122,14 +122,14 @@ EXPORT_SYMBOL_GPL(cpu_has_xfeatures);
*/
void fpstate_sanitize_xstate(struct fpu *fpu)
{
@@ -27041,15 +27135,44 @@ index d425cda5..011b570 100644
/*
* None of the feature bits are in init state. So nothing else
-@@ -748,5 +748,5 @@ const void *get_xsave_field_ptr(int xsave_state)
+@@ -775,7 +775,7 @@ const void *get_xsave_field_ptr(int xsave_state)
*/
fpu__save(fpu);
- return get_xsave_addr(&fpu->state.xsave, xsave_state);
+ return get_xsave_addr(&fpu->state->xsave, xsave_state);
}
+
+
+@@ -808,7 +808,7 @@ static void fpu__xfeature_set_non_init(struct xregs_state *xsave,
+ static void fpu__xfeature_set_state(int xstate_feature_mask,
+ void *xstate_feature_src, size_t len)
+ {
+- struct xregs_state *xsave = &current->thread.fpu.state.xsave;
++ struct xregs_state *xsave = &current->thread.fpu.state->xsave;
+ struct fpu *fpu = &current->thread.fpu;
+ void *dst;
+
+@@ -836,7 +836,7 @@ static void fpu__xfeature_set_state(int xstate_feature_mask,
+ }
+
+ /* find the location in the xsave buffer of the desired state */
+- dst = __raw_xsave_addr(&fpu->state.xsave, xstate_feature_mask);
++ dst = __raw_xsave_addr(&fpu->state->xsave, xstate_feature_mask);
+
+ /*
+ * Make sure that the pointer being passed in did not
+@@ -874,7 +874,7 @@ out:
+ int arch_set_user_pkey_access(struct task_struct *tsk, int pkey,
+ unsigned long init_val)
+ {
+- struct xregs_state *xsave = &tsk->thread.fpu.state.xsave;
++ struct xregs_state *xsave = &tsk->thread.fpu.state->xsave;
+ struct pkru_state *old_pkru_state;
+ struct pkru_state new_pkru_state;
+ int pkey_shift = (pkey * PKRU_BITS_PER_PKEY);
diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c
-index 29408d6..cd88f18 100644
+index d036cfb..cb4c991 100644
--- a/arch/x86/kernel/ftrace.c
+++ b/arch/x86/kernel/ftrace.c
@@ -89,7 +89,7 @@ static unsigned long text_ip_addr(unsigned long ip)
@@ -27102,7 +27225,7 @@ index 29408d6..cd88f18 100644
}
#else
/* Trampolines can only be created if modules are supported */
-@@ -764,7 +766,9 @@ create_trampoline(struct ftrace_ops *ops, unsigned int *tramp_size)
+@@ -763,7 +765,9 @@ create_trampoline(struct ftrace_ops *ops, unsigned int *tramp_size)
*tramp_size = size + MCOUNT_INSN_SIZE + sizeof(void *);
/* Copy ftrace_caller onto the trampoline memory */
@@ -27112,15 +27235,15 @@ index 29408d6..cd88f18 100644
if (WARN_ON(ret < 0)) {
tramp_free(trampoline);
return 0;
-@@ -774,6 +778,7 @@ create_trampoline(struct ftrace_ops *ops, unsigned int *tramp_size)
+@@ -773,6 +777,7 @@ create_trampoline(struct ftrace_ops *ops, unsigned int *tramp_size)
- /* The trampoline ends with a jmp to ftrace_return */
- jmp = ftrace_jmp_replace(ip, (unsigned long)ftrace_return);
+ /* The trampoline ends with a jmp to ftrace_epilogue */
+ jmp = ftrace_jmp_replace(ip, (unsigned long)ftrace_epilogue);
+ pax_open_kernel();
memcpy(trampoline + size, jmp, MCOUNT_INSN_SIZE);
/*
-@@ -786,6 +791,7 @@ create_trampoline(struct ftrace_ops *ops, unsigned int *tramp_size)
+@@ -785,6 +790,7 @@ create_trampoline(struct ftrace_ops *ops, unsigned int *tramp_size)
ptr = (unsigned long *)(trampoline + size + MCOUNT_INSN_SIZE);
*ptr = (unsigned long)ops;
@@ -27128,7 +27251,7 @@ index 29408d6..cd88f18 100644
op_offset -= start_offset;
memcpy(&op_ptr, trampoline + op_offset, OP_REF_SIZE);
-@@ -803,7 +809,9 @@ create_trampoline(struct ftrace_ops *ops, unsigned int *tramp_size)
+@@ -802,7 +808,9 @@ create_trampoline(struct ftrace_ops *ops, unsigned int *tramp_size)
op_ptr.offset = offset;
/* put in the new offset to the ftrace_ops */
@@ -27139,10 +27262,10 @@ index 29408d6..cd88f18 100644
/* ALLOC_TRAMP flags lets us know we created it */
ops->flags |= FTRACE_OPS_FL_ALLOC_TRAMP;
diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c
-index 2c0f340..76c1d24 100644
+index 1f4422d..995e17d 100644
--- a/arch/x86/kernel/head64.c
+++ b/arch/x86/kernel/head64.c
-@@ -68,12 +68,12 @@ again:
+@@ -62,12 +62,12 @@ again:
pgd = *pgd_p;
/*
@@ -27158,10 +27281,10 @@ index 2c0f340..76c1d24 100644
else {
if (next_early_pgt >= EARLY_DYNAMIC_PAGE_TABLES) {
reset_early_page_tables();
-@@ -83,13 +83,13 @@ again:
+@@ -76,13 +76,13 @@ again:
+
pud_p = (pudval_t *)early_dynamic_pgts[next_early_pgt++];
- for (i = 0; i < PTRS_PER_PUD; i++)
- pud_p[i] = 0;
+ memset(pud_p, 0, sizeof(*pud_p) * PTRS_PER_PUD);
- *pgd_p = (pgdval_t)pud_p - __START_KERNEL_map + phys_base + _KERNPG_TABLE;
+ *pgd_p = (pgdval_t)__pa(pud_p) + _KERNPG_TABLE;
}
@@ -27174,16 +27297,16 @@ index 2c0f340..76c1d24 100644
else {
if (next_early_pgt >= EARLY_DYNAMIC_PAGE_TABLES) {
reset_early_page_tables();
-@@ -99,7 +99,7 @@ again:
+@@ -91,7 +91,7 @@ again:
+
pmd_p = (pmdval_t *)early_dynamic_pgts[next_early_pgt++];
- for (i = 0; i < PTRS_PER_PMD; i++)
- pmd_p[i] = 0;
+ memset(pmd_p, 0, sizeof(*pmd_p) * PTRS_PER_PMD);
- *pud_p = (pudval_t)pmd_p - __START_KERNEL_map + phys_base + _KERNPG_TABLE;
+ *pud_p = (pudval_t)__pa(pmd_p) + _KERNPG_TABLE;
}
pmd = (physaddr & PMD_MASK) + early_pmd_flags;
pmd_p[pmd_index(address)] = pmd;
-@@ -163,8 +163,6 @@ asmlinkage __visible void __init x86_64_start_kernel(char * real_mode_data)
+@@ -155,8 +155,6 @@ asmlinkage __visible void __init x86_64_start_kernel(char * real_mode_data)
clear_bss();
@@ -27193,7 +27316,7 @@ index 2c0f340..76c1d24 100644
for (i = 0; i < NUM_EXCEPTION_VECTORS; i++)
diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S
-index 6bc9ae2..51f7c58 100644
+index af11129..e506d32 100644
--- a/arch/x86/kernel/head_32.S
+++ b/arch/x86/kernel/head_32.S
@@ -27,6 +27,12 @@
@@ -27622,20 +27745,20 @@ index 6bc9ae2..51f7c58 100644
+ .fill PAGE_SIZE_asm - GDT_SIZE,1,0
+ .endr
diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
-index ffdc0e8..1827c62 100644
+index 22fbf9d..1137e22 100644
--- a/arch/x86/kernel/head_64.S
+++ b/arch/x86/kernel/head_64.S
@@ -20,6 +20,8 @@
#include <asm/processor-flags.h>
#include <asm/percpu.h>
#include <asm/nops.h>
-+#include <asm/cpufeature.h>
++#include <asm/cpufeatures.h>
+#include <asm/alternative-asm.h>
#ifdef CONFIG_PARAVIRT
#include <asm/asm-offsets.h>
-@@ -41,6 +43,12 @@ L4_PAGE_OFFSET = pgd_index(__PAGE_OFFSET)
- L3_PAGE_OFFSET = pud_index(__PAGE_OFFSET)
+@@ -40,6 +42,12 @@
+ L4_PAGE_OFFSET = pgd_index(__PAGE_OFFSET)
L4_START_KERNEL = pgd_index(__START_KERNEL_map)
L3_START_KERNEL = pud_index(__START_KERNEL_map)
+L4_VMALLOC_START = pgd_index(VMALLOC_START)
@@ -27647,7 +27770,7 @@ index ffdc0e8..1827c62 100644
.text
__HEAD
-@@ -92,11 +100,36 @@ startup_64:
+@@ -89,11 +97,36 @@ startup_64:
* Fixup the physical addresses in the page table
*/
addq %rbp, early_level4_pgt + (L4_START_KERNEL*8)(%rip)
@@ -27686,7 +27809,7 @@ index ffdc0e8..1827c62 100644
/*
* Set up the identity mapping for the switchover. These
-@@ -180,11 +213,12 @@ ENTRY(secondary_startup_64)
+@@ -177,11 +210,12 @@ ENTRY(secondary_startup_64)
/* Sanitize CPU configuration */
call verify_cpu
@@ -27701,7 +27824,7 @@ index ffdc0e8..1827c62 100644
movq %rcx, %cr4
/* Setup early boot stage 4 level pagetables. */
-@@ -205,10 +239,24 @@ ENTRY(secondary_startup_64)
+@@ -202,10 +236,24 @@ ENTRY(secondary_startup_64)
movl $MSR_EFER, %ecx
rdmsr
btsl $_EFER_SCE, %eax /* Enable System Call */
@@ -27727,7 +27850,7 @@ index ffdc0e8..1827c62 100644
1: wrmsr /* Make changes effective */
/* Setup cr0 */
-@@ -288,6 +336,7 @@ ENTRY(secondary_startup_64)
+@@ -285,6 +333,7 @@ ENTRY(secondary_startup_64)
* REX.W + FF /5 JMP m16:64 Jump far, absolute indirect,
* address given in m16:64.
*/
@@ -27735,7 +27858,7 @@ index ffdc0e8..1827c62 100644
movq initial_code(%rip),%rax
pushq $0 # fake return address to stop unwinder
pushq $__KERNEL_CS # set correct cs
-@@ -321,7 +370,7 @@ ENDPROC(start_cpu0)
+@@ -318,7 +367,7 @@ ENDPROC(start_cpu0)
.quad INIT_PER_CPU_VAR(irq_stack_union)
GLOBAL(stack_start)
@@ -27744,7 +27867,7 @@ index ffdc0e8..1827c62 100644
.word 0
__FINITDATA
-@@ -401,7 +450,7 @@ early_idt_handler_common:
+@@ -398,7 +447,7 @@ early_idt_handler_common:
call dump_stack
#ifdef CONFIG_KALLSYMS
leaq early_idt_ripmsg(%rip),%rdi
@@ -27753,7 +27876,7 @@ index ffdc0e8..1827c62 100644
call __print_symbol
#endif
#endif /* EARLY_PRINTK */
-@@ -430,6 +479,7 @@ ENDPROC(early_idt_handler_common)
+@@ -427,6 +476,7 @@ ENDPROC(early_idt_handler_common)
early_recursion_flag:
.long 0
@@ -27761,7 +27884,7 @@ index ffdc0e8..1827c62 100644
#ifdef CONFIG_EARLY_PRINTK
early_idt_msg:
.asciz "PANIC: early exception %02lx rip %lx:%lx error %lx cr2 %lx\n"
-@@ -452,40 +502,70 @@ GLOBAL(name)
+@@ -449,40 +499,70 @@ GLOBAL(name)
__INITDATA
NEXT_PAGE(early_level4_pgt)
.fill 511,8,0
@@ -27844,7 +27967,7 @@ index ffdc0e8..1827c62 100644
NEXT_PAGE(level2_kernel_pgt)
/*
-@@ -502,31 +582,79 @@ NEXT_PAGE(level2_kernel_pgt)
+@@ -499,31 +579,79 @@ NEXT_PAGE(level2_kernel_pgt)
KERNEL_IMAGE_SIZE/PMD_SIZE)
NEXT_PAGE(level2_fixmap_pgt)
@@ -28293,7 +28416,7 @@ index e565e0e..fdfeb45 100644
}
memcpy(&code, ideal_nops[NOP_ATOMIC5], JUMP_LABEL_NOP_SIZE);
diff --git a/arch/x86/kernel/kgdb.c b/arch/x86/kernel/kgdb.c
-index 44256a6..61d5bfe 100644
+index 2da6ee9..4cbe3af 100644
--- a/arch/x86/kernel/kgdb.c
+++ b/arch/x86/kernel/kgdb.c
@@ -228,7 +228,10 @@ static void kgdb_correct_hw_break(void)
@@ -28332,8 +28455,8 @@ index 44256a6..61d5bfe 100644
if (user_mode(regs))
return single_step_cont(regs, args);
break;
-@@ -755,11 +758,11 @@ int kgdb_arch_set_breakpoint(struct kgdb_bkpt *bpt)
- #endif /* CONFIG_DEBUG_RODATA */
+@@ -753,11 +756,11 @@ int kgdb_arch_set_breakpoint(struct kgdb_bkpt *bpt)
+ char opc[BREAK_INSTR_SIZE];
bpt->type = BP_BREAKPOINT;
- err = probe_kernel_read(bpt->saved_instr, (char *)bpt->bpt_addr,
@@ -28344,9 +28467,9 @@ index 44256a6..61d5bfe 100644
- err = probe_kernel_write((char *)bpt->bpt_addr,
+ err = probe_kernel_write((void *)ktla_ktva(bpt->bpt_addr),
arch_kgdb_ops.gdb_bpt_instr, BREAK_INSTR_SIZE);
- #ifdef CONFIG_DEBUG_RODATA
if (!err)
-@@ -772,7 +775,7 @@ int kgdb_arch_set_breakpoint(struct kgdb_bkpt *bpt)
+ return err;
+@@ -769,7 +772,7 @@ int kgdb_arch_set_breakpoint(struct kgdb_bkpt *bpt)
return -EBUSY;
text_poke((void *)bpt->bpt_addr, arch_kgdb_ops.gdb_bpt_instr,
BREAK_INSTR_SIZE);
@@ -28355,7 +28478,7 @@ index 44256a6..61d5bfe 100644
if (err)
return err;
if (memcmp(opc, arch_kgdb_ops.gdb_bpt_instr, BREAK_INSTR_SIZE))
-@@ -797,13 +800,13 @@ int kgdb_arch_remove_breakpoint(struct kgdb_bkpt *bpt)
+@@ -793,13 +796,13 @@ int kgdb_arch_remove_breakpoint(struct kgdb_bkpt *bpt)
if (mutex_is_locked(&text_mutex))
goto knl_write;
text_poke((void *)bpt->bpt_addr, bpt->saved_instr, BREAK_INSTR_SIZE);
@@ -28364,18 +28487,18 @@ index 44256a6..61d5bfe 100644
if (err || memcmp(opc, bpt->saved_instr, BREAK_INSTR_SIZE))
goto knl_write;
return err;
+
knl_write:
- #endif /* CONFIG_DEBUG_RODATA */
- return probe_kernel_write((char *)bpt->bpt_addr,
+ return probe_kernel_write((void *)ktla_ktva(bpt->bpt_addr),
(char *)bpt->saved_instr, BREAK_INSTR_SIZE);
}
diff --git a/arch/x86/kernel/kprobes/core.c b/arch/x86/kernel/kprobes/core.c
-index 1deffe6..3be342a 100644
+index ae703ac..d510d8a 100644
--- a/arch/x86/kernel/kprobes/core.c
+++ b/arch/x86/kernel/kprobes/core.c
-@@ -120,9 +120,12 @@ __synthesize_relative_insn(void *from, void *to, u8 op)
+@@ -121,9 +121,12 @@ __synthesize_relative_insn(void *from, void *to, u8 op)
s32 raddr;
} __packed *insn;
@@ -28389,7 +28512,7 @@ index 1deffe6..3be342a 100644
}
/* Insert a jump instruction at address 'from', which jumps to address 'to'.*/
-@@ -168,7 +171,7 @@ int can_boost(kprobe_opcode_t *opcodes)
+@@ -169,7 +172,7 @@ int can_boost(kprobe_opcode_t *opcodes)
kprobe_opcode_t opcode;
kprobe_opcode_t *orig_opcodes = opcodes;
@@ -28398,7 +28521,7 @@ index 1deffe6..3be342a 100644
return 0; /* Page fault may occur on this address. */
retry:
-@@ -260,12 +263,12 @@ __recover_probed_insn(kprobe_opcode_t *buf, unsigned long addr)
+@@ -261,12 +264,12 @@ __recover_probed_insn(kprobe_opcode_t *buf, unsigned long addr)
* Fortunately, we know that the original code is the ideal 5-byte
* long NOP.
*/
@@ -28413,7 +28536,7 @@ index 1deffe6..3be342a 100644
}
/*
-@@ -367,7 +370,9 @@ int __copy_instruction(u8 *dest, u8 *src)
+@@ -368,7 +371,9 @@ int __copy_instruction(u8 *dest, u8 *src)
/* Another subsystem puts a breakpoint, failed to recover */
if (insn.opcode.bytes[0] == BREAKPOINT_INSTRUCTION)
return 0;
@@ -28423,7 +28546,7 @@ index 1deffe6..3be342a 100644
#ifdef CONFIG_X86_64
if (insn_rip_relative(&insn)) {
-@@ -394,7 +399,9 @@ int __copy_instruction(u8 *dest, u8 *src)
+@@ -395,7 +400,9 @@ int __copy_instruction(u8 *dest, u8 *src)
return 0;
}
disp = (u8 *) dest + insn_offset_displacement(&insn);
@@ -28433,7 +28556,7 @@ index 1deffe6..3be342a 100644
}
#endif
return length;
-@@ -536,7 +543,7 @@ static void setup_singlestep(struct kprobe *p, struct pt_regs *regs,
+@@ -537,7 +544,7 @@ static void setup_singlestep(struct kprobe *p, struct pt_regs *regs,
* nor set current_kprobe, because it doesn't use single
* stepping.
*/
@@ -28442,7 +28565,7 @@ index 1deffe6..3be342a 100644
preempt_enable_no_resched();
return;
}
-@@ -553,9 +560,9 @@ static void setup_singlestep(struct kprobe *p, struct pt_regs *regs,
+@@ -554,9 +561,9 @@ static void setup_singlestep(struct kprobe *p, struct pt_regs *regs,
regs->flags &= ~X86_EFLAGS_IF;
/* single step inline if the instruction is an int3 */
if (p->opcode == BREAKPOINT_INSTRUCTION)
@@ -28454,7 +28577,7 @@ index 1deffe6..3be342a 100644
}
NOKPROBE_SYMBOL(setup_singlestep);
-@@ -640,7 +647,7 @@ int kprobe_int3_handler(struct pt_regs *regs)
+@@ -641,7 +648,7 @@ int kprobe_int3_handler(struct pt_regs *regs)
setup_singlestep(p, regs, kcb, 0);
return 1;
}
@@ -28463,17 +28586,17 @@ index 1deffe6..3be342a 100644
/*
* The breakpoint instruction was removed right
* after we hit it. Another cpu has removed
-@@ -687,6 +694,9 @@ static void __used kretprobe_trampoline_holder(void)
- " movq %rax, 152(%rsp)\n"
- RESTORE_REGS_STRING
- " popfq\n"
+@@ -687,6 +694,9 @@ asm(
+ " movq %rax, 152(%rsp)\n"
+ RESTORE_REGS_STRING
+ " popfq\n"
+#ifdef KERNEXEC_PLUGIN
-+ " btsq $63,(%rsp)\n"
++ " btsq $63,(%rsp)\n"
+#endif
#else
- " pushf\n"
- SAVE_REGS_STRING
-@@ -827,7 +837,7 @@ static void resume_execution(struct kprobe *p, struct pt_regs *regs,
+ " pushf\n"
+ SAVE_REGS_STRING
+@@ -828,7 +838,7 @@ static void resume_execution(struct kprobe *p, struct pt_regs *regs,
struct kprobe_ctlblk *kcb)
{
unsigned long *tos = stack_addr(regs);
@@ -28565,10 +28688,10 @@ index c2bedae..25e7ab60 100644
.name = "data",
.mode = S_IRUGO,
diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c
-index 47190bd..0165c4d 100644
+index 8079508..b34be72 100644
--- a/arch/x86/kernel/kvm.c
+++ b/arch/x86/kernel/kvm.c
-@@ -553,7 +553,7 @@ static uint32_t __init kvm_detect(void)
+@@ -554,7 +554,7 @@ static uint32_t __init kvm_detect(void)
return kvm_cpuid_base();
}
@@ -28578,7 +28701,7 @@ index 47190bd..0165c4d 100644
.detect = kvm_detect,
.x2apic_available = kvm_para_available,
diff --git a/arch/x86/kernel/kvmclock.c b/arch/x86/kernel/kvmclock.c
-index 72cef58..252d1b0 100644
+index 1d39bfb..4b2e4b0 100644
--- a/arch/x86/kernel/kvmclock.c
+++ b/arch/x86/kernel/kvmclock.c
@@ -29,7 +29,7 @@
@@ -28652,7 +28775,7 @@ index 72cef58..252d1b0 100644
size = PAGE_ALIGN(sizeof(struct pvclock_vsyscall_time_info)*NR_CPUS);
diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c
-index 6acc9dd..f72931d 100644
+index 6707039..254f32c 100644
--- a/arch/x86/kernel/ldt.c
+++ b/arch/x86/kernel/ldt.c
@@ -11,6 +11,7 @@
@@ -28678,7 +28801,7 @@ index 6acc9dd..f72931d 100644
/* context.lock is held for us, so we don't need any locking. */
static void flush_ldt(void *current_mm)
{
-@@ -109,6 +118,23 @@ int init_new_context(struct task_struct *tsk, struct mm_struct *mm)
+@@ -109,6 +118,23 @@ int init_new_context_ldt(struct task_struct *tsk, struct mm_struct *mm)
struct mm_struct *old_mm;
int retval = 0;
@@ -28792,7 +28915,7 @@ index 469b23d..5449cfe 100644
relocate_kernel_ptr = control_page;
page_list[PA_CONTROL_PAGE] = __pa(control_page);
diff --git a/arch/x86/kernel/mcount_64.S b/arch/x86/kernel/mcount_64.S
-index 87e1762..f08a93d 100644
+index ed48a9f..23a6a8f 100644
--- a/arch/x86/kernel/mcount_64.S
+++ b/arch/x86/kernel/mcount_64.S
@@ -7,7 +7,7 @@
@@ -28815,7 +28938,7 @@ index 87e1762..f08a93d 100644
ENTRY(ftrace_caller)
/* save_mcount_regs fills in first two parameters */
-@@ -180,9 +181,10 @@ GLOBAL(ftrace_graph_call)
+@@ -182,9 +183,10 @@ GLOBAL(ftrace_graph_call)
jmp ftrace_stub
#endif
@@ -28828,16 +28951,16 @@ index 87e1762..f08a93d 100644
ENTRY(ftrace_regs_caller)
/* Save the current flags before any operations that can change them */
-@@ -253,7 +255,7 @@ GLOBAL(ftrace_regs_caller_end)
+@@ -255,7 +257,7 @@ GLOBAL(ftrace_regs_caller_end)
- jmp ftrace_return
+ jmp ftrace_epilogue
-END(ftrace_regs_caller)
+ENDPROC(ftrace_regs_caller)
#else /* ! CONFIG_DYNAMIC_FTRACE */
-@@ -272,6 +274,7 @@ fgraph_trace:
+@@ -274,6 +276,7 @@ fgraph_trace:
#endif
GLOBAL(ftrace_stub)
@@ -28845,7 +28968,7 @@ index 87e1762..f08a93d 100644
retq
trace:
-@@ -284,12 +287,13 @@ trace:
+@@ -286,12 +289,13 @@ trace:
* ip and parent ip are used and the list function is called when
* function tracing is enabled.
*/
@@ -28860,7 +28983,7 @@ index 87e1762..f08a93d 100644
#endif /* CONFIG_DYNAMIC_FTRACE */
#endif /* CONFIG_FUNCTION_TRACER */
-@@ -311,8 +315,9 @@ ENTRY(ftrace_graph_caller)
+@@ -313,8 +317,9 @@ ENTRY(ftrace_graph_caller)
restore_mcount_regs
@@ -28871,7 +28994,7 @@ index 87e1762..f08a93d 100644
GLOBAL(return_to_handler)
subq $24, %rsp
-@@ -328,5 +333,7 @@ GLOBAL(return_to_handler)
+@@ -330,5 +335,7 @@ GLOBAL(return_to_handler)
movq 8(%rsp), %rdx
movq (%rsp), %rax
addq $24, %rsp
@@ -29027,7 +29150,7 @@ index 005c03e..7000fe4 100644
if ((s64)val != *(s32 *)loc)
goto overflow;
diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c
-index 64f9616..4036384 100644
+index 7f3550a..e535783 100644
--- a/arch/x86/kernel/msr.c
+++ b/arch/x86/kernel/msr.c
@@ -39,6 +39,7 @@
@@ -29036,7 +29159,7 @@ index 64f9616..4036384 100644
#include <linux/gfp.h>
+#include <linux/grsecurity.h>
- #include <asm/processor.h>
+ #include <asm/cpufeature.h>
#include <asm/msr.h>
@@ -83,6 +84,13 @@ static ssize_t msr_write(struct file *file, const char __user *buf,
int err = 0;
@@ -29073,10 +29196,10 @@ index 64f9616..4036384 100644
};
diff --git a/arch/x86/kernel/nmi.c b/arch/x86/kernel/nmi.c
-index 8a2cdd7..5b45fda 100644
+index 04b132a..95ed204 100644
--- a/arch/x86/kernel/nmi.c
+++ b/arch/x86/kernel/nmi.c
-@@ -99,16 +99,16 @@ fs_initcall(nmi_warning_debugfs);
+@@ -100,16 +100,16 @@ fs_initcall(nmi_warning_debugfs);
static void nmi_max_handler(struct irq_work *w)
{
@@ -29096,7 +29219,7 @@ index 8a2cdd7..5b45fda 100644
}
static int nmi_handle(unsigned int type, struct pt_regs *regs)
-@@ -135,11 +135,11 @@ static int nmi_handle(unsigned int type, struct pt_regs *regs)
+@@ -136,11 +136,11 @@ static int nmi_handle(unsigned int type, struct pt_regs *regs)
delta = sched_clock() - delta;
trace_nmi_handler(a->handler, (int)delta, thishandled);
@@ -29111,7 +29234,7 @@ index 8a2cdd7..5b45fda 100644
}
rcu_read_unlock();
-@@ -149,7 +149,7 @@ static int nmi_handle(unsigned int type, struct pt_regs *regs)
+@@ -150,7 +150,7 @@ static int nmi_handle(unsigned int type, struct pt_regs *regs)
}
NOKPROBE_SYMBOL(nmi_handle);
@@ -29120,7 +29243,7 @@ index 8a2cdd7..5b45fda 100644
{
struct nmi_desc *desc = nmi_to_desc(type);
unsigned long flags;
-@@ -157,7 +157,8 @@ int __register_nmi_handler(unsigned int type, struct nmiaction *action)
+@@ -158,7 +158,8 @@ int __register_nmi_handler(unsigned int type, struct nmiaction *action)
if (!action->handler)
return -EINVAL;
@@ -29130,7 +29253,7 @@ index 8a2cdd7..5b45fda 100644
spin_lock_irqsave(&desc->lock, flags);
-@@ -175,9 +176,9 @@ int __register_nmi_handler(unsigned int type, struct nmiaction *action)
+@@ -176,9 +177,9 @@ int __register_nmi_handler(unsigned int type, struct nmiaction *action)
* event confuses some handlers (kdump uses this flag)
*/
if (action->flags & NMI_FLAG_FIRST)
@@ -29142,7 +29265,7 @@ index 8a2cdd7..5b45fda 100644
spin_unlock_irqrestore(&desc->lock, flags);
return 0;
-@@ -200,7 +201,7 @@ void unregister_nmi_handler(unsigned int type, const char *name)
+@@ -201,7 +202,7 @@ void unregister_nmi_handler(unsigned int type, const char *name)
if (!strcmp(n->name, name)) {
WARN(in_nmi(),
"Trying to free NMI (%s) from NMI context!\n", n->name);
@@ -29151,7 +29274,7 @@ index 8a2cdd7..5b45fda 100644
break;
}
}
-@@ -501,6 +502,17 @@ static DEFINE_PER_CPU(int, update_debug_stack);
+@@ -502,6 +503,17 @@ static DEFINE_PER_CPU(int, update_debug_stack);
dotraplinkage notrace void
do_nmi(struct pt_regs *regs, long error_code)
{
@@ -29553,7 +29676,7 @@ index 7c577a1..3557b10 100644
dma_generic_free_coherent(dev, size, vaddr, dma_addr, attrs);
}
diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
-index 9f7c21c..854f412 100644
+index 2915d54..8e43324 100644
--- a/arch/x86/kernel/process.c
+++ b/arch/x86/kernel/process.c
@@ -15,6 +15,7 @@
@@ -29574,15 +29697,15 @@ index 9f7c21c..854f412 100644
.x86_tss = {
.sp0 = TOP_OF_INIT_STACK,
#ifdef CONFIG_X86_32
-@@ -57,6 +59,7 @@ __visible DEFINE_PER_CPU_SHARED_ALIGNED(struct tss_struct, cpu_tss) = {
- */
- .io_bitmap = { [0 ... IO_BITMAP_LONGS] = ~0 },
+@@ -60,6 +62,7 @@ __visible DEFINE_PER_CPU_SHARED_ALIGNED(struct tss_struct, cpu_tss) = {
+ #ifdef CONFIG_X86_32
+ .SYSENTER_stack_canary = STACK_END_MAGIC,
#endif
+}
};
EXPORT_PER_CPU_SYMBOL(cpu_tss);
-@@ -77,13 +80,26 @@ void idle_notifier_unregister(struct notifier_block *n)
+@@ -80,13 +83,26 @@ void idle_notifier_unregister(struct notifier_block *n)
EXPORT_SYMBOL_GPL(idle_notifier_unregister);
#endif
@@ -29610,7 +29733,7 @@ index 9f7c21c..854f412 100644
#ifdef CONFIG_VM86
dst->thread.vm86 = NULL;
#endif
-@@ -91,6 +107,12 @@ int arch_dup_task_struct(struct task_struct *dst, struct task_struct *src)
+@@ -94,6 +110,12 @@ int arch_dup_task_struct(struct task_struct *dst, struct task_struct *src)
return fpu__copy(&dst->thread.fpu, &src->thread.fpu);
}
@@ -29623,7 +29746,7 @@ index 9f7c21c..854f412 100644
/*
* Free current thread data structures etc..
*/
-@@ -102,7 +124,7 @@ void exit_thread(void)
+@@ -105,7 +127,7 @@ void exit_thread(void)
struct fpu *fpu = &t->fpu;
if (bp) {
@@ -29632,7 +29755,7 @@ index 9f7c21c..854f412 100644
t->io_bitmap_ptr = NULL;
clear_thread_flag(TIF_IO_BITMAP);
-@@ -124,6 +146,9 @@ void flush_thread(void)
+@@ -127,6 +149,9 @@ void flush_thread(void)
{
struct task_struct *tsk = current;
@@ -29642,7 +29765,7 @@ index 9f7c21c..854f412 100644
flush_ptrace_hw_breakpoint(tsk);
memset(tsk->thread.tls_array, 0, sizeof(tsk->thread.tls_array));
-@@ -265,7 +290,7 @@ static void __exit_idle(void)
+@@ -268,7 +293,7 @@ static void __exit_idle(void)
void exit_idle(void)
{
/* idle loop has pid 0 */
@@ -29651,7 +29774,7 @@ index 9f7c21c..854f412 100644
return;
__exit_idle();
}
-@@ -318,7 +343,7 @@ bool xen_set_default_idle(void)
+@@ -321,7 +346,7 @@ bool xen_set_default_idle(void)
return ret;
}
#endif
@@ -29660,7 +29783,7 @@ index 9f7c21c..854f412 100644
{
local_irq_disable();
/*
-@@ -496,13 +521,6 @@ static int __init idle_setup(char *str)
+@@ -499,13 +524,6 @@ static int __init idle_setup(char *str)
}
early_param("idle", idle_setup);
@@ -29674,7 +29797,7 @@ index 9f7c21c..854f412 100644
unsigned long arch_randomize_brk(struct mm_struct *mm)
{
unsigned long range_end = mm->brk + 0x02000000;
-@@ -534,9 +552,7 @@ unsigned long get_wchan(struct task_struct *p)
+@@ -537,9 +555,7 @@ unsigned long get_wchan(struct task_struct *p)
* PADDING
* ----------- top = topmax - TOP_OF_KERNEL_STACK_PADDING
* stack
@@ -29685,7 +29808,7 @@ index 9f7c21c..854f412 100644
*
* The tasks stack pointer points at the location where the
* framepointer is stored. The data on the stack is:
-@@ -547,7 +563,7 @@ unsigned long get_wchan(struct task_struct *p)
+@@ -550,7 +566,7 @@ unsigned long get_wchan(struct task_struct *p)
*/
top = start + THREAD_SIZE - TOP_OF_KERNEL_STACK_PADDING;
top -= 2 * sizeof(unsigned long);
@@ -29694,7 +29817,7 @@ index 9f7c21c..854f412 100644
sp = READ_ONCE(p->thread.sp);
if (sp < bottom || sp > top)
-@@ -564,3 +580,35 @@ unsigned long get_wchan(struct task_struct *p)
+@@ -567,3 +583,35 @@ unsigned long get_wchan(struct task_struct *p)
} while (count++ < 16 && p->state != TASK_RUNNING);
return 0;
}
@@ -29830,10 +29953,10 @@ index 9f95091..6885108 100644
return prev_p;
}
diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
-index 9f75187..9b2d358 100644
+index 6cbab31..2fd4ca3 100644
--- a/arch/x86/kernel/process_64.c
+++ b/arch/x86/kernel/process_64.c
-@@ -160,9 +160,10 @@ int copy_thread_tls(unsigned long clone_flags, unsigned long sp,
+@@ -162,9 +162,10 @@ int copy_thread_tls(unsigned long clone_flags, unsigned long sp,
struct pt_regs *childregs;
struct task_struct *me = current;
@@ -29845,7 +29968,7 @@ index 9f75187..9b2d358 100644
set_tsk_thread_flag(p, TIF_FORK);
p->thread.io_bitmap_ptr = NULL;
-@@ -172,6 +173,8 @@ int copy_thread_tls(unsigned long clone_flags, unsigned long sp,
+@@ -174,6 +175,8 @@ int copy_thread_tls(unsigned long clone_flags, unsigned long sp,
p->thread.fs = p->thread.fsindex ? 0 : me->thread.fs;
savesegment(es, p->thread.es);
savesegment(ds, p->thread.ds);
@@ -29854,7 +29977,7 @@ index 9f75187..9b2d358 100644
memset(p->thread.ptrace_bps, 0, sizeof(p->thread.ptrace_bps));
if (unlikely(p->flags & PF_KTHREAD)) {
-@@ -279,7 +282,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
+@@ -281,7 +284,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
struct fpu *prev_fpu = &prev->fpu;
struct fpu *next_fpu = &next->fpu;
int cpu = smp_processor_id();
@@ -29863,7 +29986,7 @@ index 9f75187..9b2d358 100644
unsigned fsindex, gsindex;
fpu_switch_t fpu_switch;
-@@ -330,6 +333,10 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
+@@ -332,6 +335,10 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
if (unlikely(next->ds | prev->ds))
loadsegment(ds, next->ds);
@@ -29874,7 +29997,7 @@ index 9f75187..9b2d358 100644
/*
* Switch FS and GS.
*
-@@ -401,10 +408,13 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
+@@ -403,10 +410,13 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
* Switch the PDA and FPU contexts.
*/
this_cpu_write(current_task, next_p);
@@ -30168,18 +30291,18 @@ index 98111b3..73ca125 100644
identity_mapped:
/* set return address to 0 if not preserving context */
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
-index d3d80e6..5c5b8de 100644
+index 2367ae0..2d1264d 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
-@@ -112,6 +112,7 @@
- #include <asm/alternative.h>
+@@ -113,6 +113,7 @@
#include <asm/prom.h>
#include <asm/microcode.h>
+ #include <asm/mmu_context.h>
+#include <asm/boot.h>
/*
* max_low_pfn_mapped: highest direct mapped pfn under 4GB
-@@ -207,10 +208,12 @@ EXPORT_SYMBOL(boot_cpu_data);
+@@ -208,10 +209,12 @@ EXPORT_SYMBOL(boot_cpu_data);
#endif
@@ -30195,7 +30318,7 @@ index d3d80e6..5c5b8de 100644
#endif
/* Boot loader ID and version as integers, for the benefit of proc_dointvec */
-@@ -758,7 +761,7 @@ static void __init trim_bios_range(void)
+@@ -759,7 +762,7 @@ static void __init trim_bios_range(void)
* area (640->1Mb) as ram even though it is not.
* take them out.
*/
@@ -30204,7 +30327,7 @@ index d3d80e6..5c5b8de 100644
sanitize_e820_map(e820.map, ARRAY_SIZE(e820.map), &e820.nr_map);
}
-@@ -766,7 +769,7 @@ static void __init trim_bios_range(void)
+@@ -767,7 +770,7 @@ static void __init trim_bios_range(void)
/* called before trim_bios_range() to spare extra sanitize */
static void __init e820_add_kernel_range(void)
{
@@ -30213,7 +30336,7 @@ index d3d80e6..5c5b8de 100644
u64 size = __pa_symbol(_end) - start;
/*
-@@ -847,8 +850,8 @@ dump_kernel_offset(struct notifier_block *self, unsigned long v, void *p)
+@@ -848,8 +851,8 @@ dump_kernel_offset(struct notifier_block *self, unsigned long v, void *p)
void __init setup_arch(char **cmdline_p)
{
@@ -30224,7 +30347,7 @@ index d3d80e6..5c5b8de 100644
early_reserve_initrd();
-@@ -941,16 +944,16 @@ void __init setup_arch(char **cmdline_p)
+@@ -942,16 +945,16 @@ void __init setup_arch(char **cmdline_p)
if (!boot_params.hdr.root_flags)
root_mountflags &= ~MS_RDONLY;
@@ -30324,10 +30447,10 @@ index e4fcb87..9c06c55 100644
* Up to this point, the boot CPU has been using .init.data
* area. Reload any changed state for the boot CPU.
diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c
-index cb6282c..7cda5d0 100644
+index 548ddf7..9b53e78 100644
--- a/arch/x86/kernel/signal.c
+++ b/arch/x86/kernel/signal.c
-@@ -191,7 +191,7 @@ static unsigned long align_sigframe(unsigned long sp)
+@@ -226,7 +226,7 @@ static unsigned long align_sigframe(unsigned long sp)
* Align the stack pointer according to the i386 ABI,
* i.e. so that on function entry ((sp + 4) & 15) == 0.
*/
@@ -30336,7 +30459,7 @@ index cb6282c..7cda5d0 100644
#else /* !CONFIG_X86_32 */
sp = round_down(sp, 16) - 8;
#endif
-@@ -300,10 +300,9 @@ __setup_frame(int sig, struct ksignal *ksig, sigset_t *set,
+@@ -335,10 +335,9 @@ __setup_frame(int sig, struct ksignal *ksig, sigset_t *set,
}
if (current->mm->context.vdso)
@@ -30349,7 +30472,7 @@ index cb6282c..7cda5d0 100644
if (ksig->ka.sa.sa_flags & SA_RESTORER)
restorer = ksig->ka.sa.sa_restorer;
-@@ -317,7 +316,7 @@ __setup_frame(int sig, struct ksignal *ksig, sigset_t *set,
+@@ -352,7 +351,7 @@ __setup_frame(int sig, struct ksignal *ksig, sigset_t *set,
* reasons and because gdb uses it as a signature to notice
* signal handler stack frames.
*/
@@ -30358,7 +30481,7 @@ index cb6282c..7cda5d0 100644
if (err)
return -EFAULT;
-@@ -364,8 +363,10 @@ static int __setup_rt_frame(int sig, struct ksignal *ksig,
+@@ -399,8 +398,10 @@ static int __setup_rt_frame(int sig, struct ksignal *ksig,
save_altstack_ex(&frame->uc.uc_stack, regs->sp);
/* Set up to return from userspace. */
@@ -30371,7 +30494,7 @@ index cb6282c..7cda5d0 100644
if (ksig->ka.sa.sa_flags & SA_RESTORER)
restorer = ksig->ka.sa.sa_restorer;
put_user_ex(restorer, &frame->pretcode);
-@@ -377,7 +378,7 @@ static int __setup_rt_frame(int sig, struct ksignal *ksig,
+@@ -412,7 +413,7 @@ static int __setup_rt_frame(int sig, struct ksignal *ksig,
* reasons and because gdb uses it as a signature to notice
* signal handler stack frames.
*/
@@ -30380,7 +30503,7 @@ index cb6282c..7cda5d0 100644
} put_user_catch(err);
err |= copy_siginfo_to_user(&frame->info, &ksig->info);
-@@ -613,7 +614,12 @@ setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs)
+@@ -682,7 +683,12 @@ setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs)
{
int usig = ksig->sig;
sigset_t *set = sigmask_to_save();
@@ -30394,7 +30517,7 @@ index cb6282c..7cda5d0 100644
/* Set up the stack frame */
if (is_ia32_frame()) {
-@@ -624,7 +630,7 @@ setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs)
+@@ -693,7 +699,7 @@ setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs)
} else if (is_x32_frame()) {
return x32_setup_rt_frame(ksig, cset, regs);
} else {
@@ -30417,10 +30540,10 @@ index 658777c..6285f88 100644
.smp_prepare_cpus = native_smp_prepare_cpus,
.smp_cpus_done = native_smp_cpus_done,
diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
-index 24d57f7..36e49a2 100644
+index 0e4329e..286c7ca 100644
--- a/arch/x86/kernel/smpboot.c
+++ b/arch/x86/kernel/smpboot.c
-@@ -213,14 +213,17 @@ static void notrace start_secondary(void *unused)
+@@ -221,14 +221,17 @@ static void notrace start_secondary(void *unused)
enable_start_cpu0 = 0;
@@ -30442,7 +30565,7 @@ index 24d57f7..36e49a2 100644
/*
* Check TSC synchronization with the BP:
*/
-@@ -803,16 +806,15 @@ void common_cpu_up(unsigned int cpu, struct task_struct *idle)
+@@ -921,16 +924,15 @@ void common_cpu_up(unsigned int cpu, struct task_struct *idle)
alternatives_enable_smp();
per_cpu(current_task, cpu) = idle;
@@ -30461,7 +30584,7 @@ index 24d57f7..36e49a2 100644
}
/*
-@@ -833,9 +835,11 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle)
+@@ -951,9 +953,11 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle)
unsigned long timeout;
idle->thread.sp = (unsigned long) (((struct pt_regs *)
@@ -30474,7 +30597,7 @@ index 24d57f7..36e49a2 100644
initial_code = (unsigned long)start_secondary;
stack_start = idle->thread.sp;
-@@ -983,6 +987,15 @@ int native_cpu_up(unsigned int cpu, struct task_struct *tidle)
+@@ -1101,6 +1105,15 @@ int native_cpu_up(unsigned int cpu, struct task_struct *tidle)
common_cpu_up(cpu, tidle);
@@ -30812,7 +30935,7 @@ index 10e0272..a73232f 100644
if (!(addr & ~PAGE_MASK))
return addr;
diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c
-index 91a4496..6414b5c 100644
+index e72a07f..b67cc32 100644
--- a/arch/x86/kernel/tboot.c
+++ b/arch/x86/kernel/tboot.c
@@ -44,6 +44,7 @@
@@ -30963,7 +31086,7 @@ index 1c113db..287b42e 100644
static int trace_irq_vector_refcount;
static DEFINE_MUTEX(irq_vector_mutex);
diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c
-index ade185a..4c354a0 100644
+index 87bd6b6..8f46fc9 100644
--- a/arch/x86/kernel/traps.c
+++ b/arch/x86/kernel/traps.c
@@ -70,7 +70,7 @@
@@ -30984,7 +31107,7 @@ index ade185a..4c354a0 100644
DECLARE_BITMAP(used_vectors, NR_VECTORS);
EXPORT_SYMBOL_GPL(used_vectors);
-@@ -165,7 +165,7 @@ void ist_begin_non_atomic(struct pt_regs *regs)
+@@ -151,7 +151,7 @@ void ist_begin_non_atomic(struct pt_regs *regs)
* will catch asm bugs and any attempt to use ist_preempt_enable
* from double_fault.
*/
@@ -30992,8 +31115,8 @@ index ade185a..4c354a0 100644
+ BUG_ON((unsigned long)(current_top_of_stack(smp_processor_id()) -
current_stack_pointer()) >= THREAD_SIZE);
- preempt_count_sub(HARDIRQ_OFFSET);
-@@ -182,7 +182,7 @@ void ist_end_non_atomic(void)
+ preempt_enable_no_resched();
+@@ -168,7 +168,7 @@ void ist_end_non_atomic(void)
}
static nokprobe_inline int
@@ -31002,8 +31125,8 @@ index ade185a..4c354a0 100644
struct pt_regs *regs, long error_code)
{
if (v8086_mode(regs)) {
-@@ -202,8 +202,25 @@ do_trap_no_signal(struct task_struct *tsk, int trapnr, char *str,
- if (!fixup_exception(regs)) {
+@@ -188,8 +188,25 @@ do_trap_no_signal(struct task_struct *tsk, int trapnr, char *str,
+ if (!fixup_exception(regs, trapnr)) {
tsk->thread.error_code = error_code;
tsk->thread.trap_nr = trapnr;
+
@@ -31028,7 +31151,7 @@ index ade185a..4c354a0 100644
return 0;
}
-@@ -242,7 +259,7 @@ static siginfo_t *fill_trap_info(struct pt_regs *regs, int signr, int trapnr,
+@@ -228,7 +245,7 @@ static siginfo_t *fill_trap_info(struct pt_regs *regs, int signr, int trapnr,
}
static void
@@ -31037,7 +31160,7 @@ index ade185a..4c354a0 100644
long error_code, siginfo_t *info)
{
struct task_struct *tsk = current;
-@@ -266,7 +283,7 @@ do_trap(int trapnr, int signr, char *str, struct pt_regs *regs,
+@@ -251,7 +268,7 @@ do_trap(int trapnr, int signr, char *str, struct pt_regs *regs,
if (show_unhandled_signals && unhandled_signal(tsk, signr) &&
printk_ratelimit()) {
pr_info("%s[%d] trap %s ip:%lx sp:%lx error:%lx",
@@ -31046,7 +31169,7 @@ index ade185a..4c354a0 100644
regs->ip, regs->sp, error_code);
print_vma_addr(" in ", regs->ip);
pr_cont("\n");
-@@ -347,6 +364,11 @@ dotraplinkage void do_double_fault(struct pt_regs *regs, long error_code)
+@@ -331,6 +348,11 @@ dotraplinkage void do_double_fault(struct pt_regs *regs, long error_code)
tsk->thread.error_code = error_code;
tsk->thread.trap_nr = X86_TRAP_DF;
@@ -31058,7 +31181,7 @@ index ade185a..4c354a0 100644
#ifdef CONFIG_DOUBLEFAULT
df_debug(regs, error_code);
#endif
-@@ -459,11 +481,35 @@ do_general_protection(struct pt_regs *regs, long error_code)
+@@ -443,11 +465,35 @@ do_general_protection(struct pt_regs *regs, long error_code)
tsk->thread.error_code = error_code;
tsk->thread.trap_nr = X86_TRAP_GP;
if (notify_die(DIE_GPF, "general protection fault", regs, error_code,
@@ -31095,7 +31218,7 @@ index ade185a..4c354a0 100644
tsk->thread.error_code = error_code;
tsk->thread.trap_nr = X86_TRAP_GP;
-@@ -559,6 +605,9 @@ struct bad_iret_stack *fixup_bad_iret(struct bad_iret_stack *s)
+@@ -545,6 +591,9 @@ struct bad_iret_stack *fixup_bad_iret(struct bad_iret_stack *s)
container_of(task_pt_regs(current),
struct bad_iret_stack, regs);
@@ -31105,7 +31228,16 @@ index ade185a..4c354a0 100644
/* Copy the IRET target to the new stack. */
memmove(&new_stack->regs.ip, (void *)s->regs.sp, 5*8);
-@@ -805,7 +854,7 @@ void __init early_trap_init(void)
+@@ -716,7 +765,7 @@ exit:
+ * This is the most likely code path that involves non-trivial use
+ * of the SYSENTER stack. Check that we haven't overrun it.
+ */
+- WARN(this_cpu_read(cpu_tss.SYSENTER_stack_canary) != STACK_END_MAGIC,
++ WARN(cpu_tss[raw_smp_processor_id()].SYSENTER_stack_canary != STACK_END_MAGIC,
+ "Overran or corrupted SYSENTER stack\n");
+ #endif
+ ist_exit(regs);
+@@ -846,7 +895,7 @@ void __init early_trap_init(void)
* since we don't have trace_debug and it will be reset to
* 'debug' in trap_init() by set_intr_gate_ist().
*/
@@ -31114,7 +31246,7 @@ index ade185a..4c354a0 100644
/* int3 can be called from all */
set_system_intr_gate(X86_TRAP_BP, &int3);
#ifdef CONFIG_X86_32
-@@ -890,7 +939,7 @@ void __init trap_init(void)
+@@ -931,7 +980,7 @@ void __init trap_init(void)
* in early_trap_init(). However, ITS works only after
* cpu_init() loads TSS. See comments in early_trap_init().
*/
@@ -31123,7 +31255,7 @@ index ade185a..4c354a0 100644
/* int3 can be called from all */
set_system_intr_gate_ist(X86_TRAP_BP, &int3, DEBUG_STACK);
-@@ -898,7 +947,7 @@ void __init trap_init(void)
+@@ -939,7 +988,7 @@ void __init trap_init(void)
#ifdef CONFIG_X86_64
memcpy(&debug_idt_table, &idt_table, IDT_ENTRIES * 16);
@@ -31133,10 +31265,10 @@ index ade185a..4c354a0 100644
#endif
}
diff --git a/arch/x86/kernel/tsc.c b/arch/x86/kernel/tsc.c
-index 3d743da..d74c208 100644
+index c9c4c7c..f6a623a 100644
--- a/arch/x86/kernel/tsc.c
+++ b/arch/x86/kernel/tsc.c
-@@ -151,7 +151,7 @@ static void cyc2ns_write_end(int cpu, struct cyc2ns_data *data)
+@@ -156,7 +156,7 @@ static void cyc2ns_write_end(int cpu, struct cyc2ns_data *data)
*/
smp_wmb();
@@ -31168,7 +31300,7 @@ index bf4db6e..624137c 100644
force_sig_info(SIGSEGV, SEND_SIG_FORCED, current);
}
diff --git a/arch/x86/kernel/verify_cpu.S b/arch/x86/kernel/verify_cpu.S
-index 07efb35..2bf8766 100644
+index 014ea59..03cfe40 100644
--- a/arch/x86/kernel/verify_cpu.S
+++ b/arch/x86/kernel/verify_cpu.S
@@ -20,6 +20,7 @@
@@ -31180,7 +31312,7 @@ index 07efb35..2bf8766 100644
* verify_cpu, returns the status of longmode and SSE in register %eax.
* 0: Success 1: Failure
diff --git a/arch/x86/kernel/vm86_32.c b/arch/x86/kernel/vm86_32.c
-index e574b85..5514c57 100644
+index 3dce1ca..3dce2ad 100644
--- a/arch/x86/kernel/vm86_32.c
+++ b/arch/x86/kernel/vm86_32.c
@@ -144,7 +144,7 @@ void save_v86_state(struct kernel_vm86_regs *regs, int retval)
@@ -31240,7 +31372,7 @@ index e574b85..5514c57 100644
case VM86_GET_AND_RESET_IRQ: {
return get_and_reset_irq(irqnumber);
diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
-index 74e4bf1..0897a97 100644
+index 4c941f8..459a84d 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -26,6 +26,13 @@
@@ -31257,7 +31389,7 @@ index 74e4bf1..0897a97 100644
#undef i386 /* in case the preprocessor is a 32bit one */
-@@ -69,30 +76,43 @@ jiffies_64 = jiffies;
+@@ -68,30 +75,44 @@ jiffies_64 = jiffies;
PHDRS {
text PT_LOAD FLAGS(5); /* R_E */
@@ -31286,13 +31418,12 @@ index 74e4bf1..0897a97 100644
SECTIONS
{
#ifdef CONFIG_X86_32
-- . = LOAD_OFFSET + LOAD_PHYSICAL_ADDR;
-- phys_startup_32 = startup_32 - LOAD_OFFSET;
+- . = LOAD_OFFSET + LOAD_PHYSICAL_ADDR;
+- phys_startup_32 = ABSOLUTE(startup_32 - LOAD_OFFSET);
+ . = LOAD_OFFSET + ____LOAD_PHYSICAL_ADDR;
#else
-- . = __START_KERNEL;
-- phys_startup_64 = startup_64 - LOAD_OFFSET;
-+ . = __START_KERNEL;
+ . = __START_KERNEL;
+- phys_startup_64 = ABSOLUTE(startup_64 - LOAD_OFFSET);
#endif
/* Text and read-only data */
@@ -31301,17 +31432,18 @@ index 74e4bf1..0897a97 100644
+ .text (. - __KERNEL_TEXT_OFFSET): AT(ADDR(.text) - LOAD_OFFSET + __KERNEL_TEXT_OFFSET) {
/* bootstrapping code */
+#ifdef CONFIG_X86_32
-+ phys_startup_32 = startup_32 - LOAD_OFFSET + __KERNEL_TEXT_OFFSET;
++ phys_startup_32 = ABSOLUTE(startup_32 - LOAD_OFFSET + __KERNEL_TEXT_OFFSET);
++ __LOAD_PHYSICAL_ADDR = . - LOAD_OFFSET + __KERNEL_TEXT_OFFSET;
+#else
-+ phys_startup_64 = startup_64 - LOAD_OFFSET + __KERNEL_TEXT_OFFSET;
++ phys_startup_64 = ABSOLUTE(startup_64 - LOAD_OFFSET + __KERNEL_TEXT_OFFSET);
++ __LOAD_PHYSICAL_ADDR = ABSOLUTE(. - LOAD_OFFSET + __KERNEL_TEXT_OFFSET);
+#endif
-+ __LOAD_PHYSICAL_ADDR = . - LOAD_OFFSET + __KERNEL_TEXT_OFFSET;
+ _text = .;
HEAD_TEXT
. = ALIGN(8);
_stext = .;
-@@ -104,13 +124,35 @@ SECTIONS
- IRQENTRY_TEXT
+@@ -104,13 +125,35 @@ SECTIONS
+ SOFTIRQENTRY_TEXT
*(.fixup)
*(.gnu.warning)
- /* End of text section */
@@ -31348,9 +31480,9 @@ index 74e4bf1..0897a97 100644
+
+ EXCEPTION_TABLE(16) :rodata
- #if defined(CONFIG_DEBUG_RODATA)
/* .text should occupy whole number of pages */
-@@ -122,16 +164,20 @@ SECTIONS
+ . = ALIGN(PAGE_SIZE);
+@@ -120,16 +163,20 @@ SECTIONS
/* Data */
.data : AT(ADDR(.data) - LOAD_OFFSET) {
@@ -31374,7 +31506,7 @@ index 74e4bf1..0897a97 100644
PAGE_ALIGNED_DATA(PAGE_SIZE)
-@@ -174,12 +220,19 @@ SECTIONS
+@@ -172,12 +219,19 @@ SECTIONS
. = ALIGN(__vvar_page + PAGE_SIZE, PAGE_SIZE);
/* Init code and data - will be freed after init */
@@ -31397,13 +31529,14 @@ index 74e4bf1..0897a97 100644
/*
* percpu offsets are zero-based on SMP. PERCPU_VADDR() changes the
* output PHDR, so the next output section - .init.text - should
-@@ -190,12 +243,33 @@ SECTIONS
+@@ -188,10 +242,13 @@ SECTIONS
"per-CPU data too large - increase CONFIG_PHYSICAL_START")
#endif
- INIT_TEXT_SECTION(PAGE_SIZE)
-#ifdef CONFIG_X86_64
- :init
+-#endif
+ . = ALIGN(PAGE_SIZE);
+ init_begin = .;
+ .init.text (. - __KERNEL_TEXT_OFFSET): AT(init_begin - LOAD_OFFSET) {
@@ -31411,7 +31544,19 @@ index 74e4bf1..0897a97 100644
+ INIT_TEXT
+ . = ALIGN(PAGE_SIZE);
+ } :text.init
-+
+
+ /*
+ * Section for code used exclusively before alternatives are run. All
+@@ -200,11 +257,29 @@ SECTIONS
+ *
+ * See static_cpu_has() for an example.
+ */
+- .altinstr_aux : AT(ADDR(.altinstr_aux) - LOAD_OFFSET) {
++ .altinstr_aux : AT(ADDR(.altinstr_aux) - LOAD_OFFSET + __KERNEL_TEXT_OFFSET) {
+ *(.altinstr_aux)
+ }
+
+- INIT_DATA_SECTION(16)
+ /*
+ * .exit.text is discard at runtime, not link time, to deal with
+ * references from .altinstructions and .eh_frame
@@ -31424,18 +31569,17 @@ index 74e4bf1..0897a97 100644
+ . = ALIGN(HPAGE_SIZE);
+#else
+ . = ALIGN(16);
- #endif
-
-- INIT_DATA_SECTION(16)
++#endif
++
+ } :text.exit
-+ . = init_begin + SIZEOF(.init.text) + SIZEOF(.exit.text);
++ . = init_begin + SIZEOF(.init.text) + SIZEOF(.altinstr_aux) + SIZEOF(.exit.text);
+
+ . = ALIGN(PAGE_SIZE);
+ INIT_DATA_SECTION(16) :init
.x86_cpu_dev.init : AT(ADDR(.x86_cpu_dev.init) - LOAD_OFFSET) {
__x86_cpu_dev_start = .;
-@@ -266,19 +340,12 @@ SECTIONS
+@@ -275,19 +350,12 @@ SECTIONS
}
. = ALIGN(8);
@@ -31456,7 +31600,7 @@ index 74e4bf1..0897a97 100644
PERCPU_SECTION(INTERNODE_CACHE_BYTES)
#endif
-@@ -297,16 +364,10 @@ SECTIONS
+@@ -306,16 +374,10 @@ SECTIONS
.smp_locks : AT(ADDR(.smp_locks) - LOAD_OFFSET) {
__smp_locks = .;
*(.smp_locks)
@@ -31474,7 +31618,7 @@ index 74e4bf1..0897a97 100644
/* BSS */
. = ALIGN(PAGE_SIZE);
.bss : AT(ADDR(.bss) - LOAD_OFFSET) {
-@@ -322,6 +383,7 @@ SECTIONS
+@@ -331,6 +393,7 @@ SECTIONS
__brk_base = .;
. += 64 * 1024; /* 64k alignment slop space */
*(.brk_reservation) /* areas brk users have reserved */
@@ -31482,7 +31626,7 @@ index 74e4bf1..0897a97 100644
__brk_limit = .;
}
-@@ -348,13 +410,12 @@ SECTIONS
+@@ -361,13 +424,12 @@ SECTIONS
* for the boot processor.
*/
#define INIT_PER_CPU(x) init_per_cpu__##x = x + __per_cpu_load
@@ -31498,7 +31642,7 @@ index 74e4bf1..0897a97 100644
#ifdef CONFIG_SMP
diff --git a/arch/x86/kernel/x8664_ksyms_64.c b/arch/x86/kernel/x8664_ksyms_64.c
-index a0695be..33e180c 100644
+index cd05942..095d766 100644
--- a/arch/x86/kernel/x8664_ksyms_64.c
+++ b/arch/x86/kernel/x8664_ksyms_64.c
@@ -34,8 +34,6 @@ EXPORT_SYMBOL(copy_user_generic_string);
@@ -31508,9 +31652,9 @@ index a0695be..33e180c 100644
-EXPORT_SYMBOL(_copy_from_user);
-EXPORT_SYMBOL(_copy_to_user);
- EXPORT_SYMBOL(copy_page);
- EXPORT_SYMBOL(clear_page);
-@@ -77,3 +75,7 @@ EXPORT_SYMBOL(native_load_gs_index);
+ EXPORT_SYMBOL_GPL(memcpy_mcsafe);
+
+@@ -79,3 +77,7 @@ EXPORT_SYMBOL(native_load_gs_index);
EXPORT_SYMBOL(___preempt_schedule);
EXPORT_SYMBOL(___preempt_schedule_notrace);
#endif
@@ -31550,10 +31694,10 @@ index dad5fe9..ce5f4ba 100644
.disable = native_disable_io_apic,
};
diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
-index 2e1fd58..cc6d3d7 100644
+index bbbaa80..25071dc 100644
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
-@@ -206,15 +206,20 @@ int kvm_vcpu_ioctl_set_cpuid2(struct kvm_vcpu *vcpu,
+@@ -222,15 +222,20 @@ int kvm_vcpu_ioctl_set_cpuid2(struct kvm_vcpu *vcpu,
struct kvm_cpuid2 *cpuid,
struct kvm_cpuid_entry2 __user *entries)
{
@@ -31577,7 +31721,7 @@ index 2e1fd58..cc6d3d7 100644
vcpu->arch.cpuid_nent = cpuid->nent;
kvm_apic_set_version(vcpu);
kvm_x86_ops->cpuid_update(vcpu);
-@@ -227,15 +232,19 @@ int kvm_vcpu_ioctl_get_cpuid2(struct kvm_vcpu *vcpu,
+@@ -243,15 +248,19 @@ int kvm_vcpu_ioctl_get_cpuid2(struct kvm_vcpu *vcpu,
struct kvm_cpuid2 *cpuid,
struct kvm_cpuid_entry2 __user *entries)
{
@@ -31601,11 +31745,11 @@ index 2e1fd58..cc6d3d7 100644
out:
diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
-index b9b09fe..2e1cfb3 100644
+index a2f24af..d1cedbb 100644
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
-@@ -959,7 +959,7 @@ static int em_bsr_c(struct x86_emulate_ctxt *ctxt)
- static u8 test_cc(unsigned int condition, unsigned long flags)
+@@ -972,7 +972,7 @@ static int em_bsr_c(struct x86_emulate_ctxt *ctxt)
+ static __always_inline u8 test_cc(unsigned int condition, unsigned long flags)
{
u8 rc;
- void (*fop)(void) = (void *)em_setcc + 4 * (condition & 0xf);
@@ -31613,7 +31757,7 @@ index b9b09fe..2e1cfb3 100644
flags = (flags & EFLAGS_MASK) | X86_EFLAGS_IF;
asm("push %[flags]; popf; call *%[fastop]"
-@@ -1881,7 +1881,7 @@ static int em_push_sreg(struct x86_emulate_ctxt *ctxt)
+@@ -1894,7 +1894,7 @@ static int em_push_sreg(struct x86_emulate_ctxt *ctxt)
static int em_pop_sreg(struct x86_emulate_ctxt *ctxt)
{
int seg = ctxt->src2.val;
@@ -31622,7 +31766,7 @@ index b9b09fe..2e1cfb3 100644
int rc;
rc = emulate_pop(ctxt, &selector, 2);
-@@ -1893,7 +1893,7 @@ static int em_pop_sreg(struct x86_emulate_ctxt *ctxt)
+@@ -1906,7 +1906,7 @@ static int em_pop_sreg(struct x86_emulate_ctxt *ctxt)
if (ctxt->op_bytes > 2)
rsp_increment(ctxt, ctxt->op_bytes - 2);
@@ -31631,7 +31775,7 @@ index b9b09fe..2e1cfb3 100644
return rc;
}
-@@ -3870,7 +3870,7 @@ static int check_cr_write(struct x86_emulate_ctxt *ctxt)
+@@ -3883,7 +3883,7 @@ static int check_cr_write(struct x86_emulate_ctxt *ctxt)
int cr = ctxt->modrm_reg;
u64 efer = 0;
@@ -31640,7 +31784,7 @@ index b9b09fe..2e1cfb3 100644
0xffffffff00000000ULL,
0, 0, 0, /* CR3 checked later */
CR4_RESERVED_BITS,
-@@ -4956,7 +4956,10 @@ done_prefixes:
+@@ -4969,7 +4969,10 @@ done_prefixes:
if (ctxt->d == 0)
return EMULATION_FAILED;
@@ -31652,7 +31796,7 @@ index b9b09fe..2e1cfb3 100644
if (unlikely(ctxt->ud) && likely(!(ctxt->d & EmulateOnUD)))
return EMULATION_FAILED;
-@@ -5267,15 +5270,14 @@ special_insn:
+@@ -5284,15 +5287,14 @@ special_insn:
else
ctxt->eflags &= ~X86_EFLAGS_RF;
@@ -31741,10 +31885,10 @@ index 7cc2360..6ae1236 100644
{
struct kvm_kpic_state *s = opaque;
diff --git a/arch/x86/kvm/ioapic.c b/arch/x86/kvm/ioapic.c
-index 1facfd6..51dcfd3 100644
+index 9db4709..0423b6f 100644
--- a/arch/x86/kvm/ioapic.c
+++ b/arch/x86/kvm/ioapic.c
-@@ -405,6 +405,8 @@ static void kvm_ioapic_eoi_inject_work(struct work_struct *work)
+@@ -413,6 +413,8 @@ static void kvm_ioapic_eoi_inject_work(struct work_struct *work)
#define IOAPIC_SUCCESSIVE_IRQ_MAX_COUNT 10000
static void __kvm_ioapic_update_eoi(struct kvm_vcpu *vcpu,
@@ -31752,9 +31896,9 @@ index 1facfd6..51dcfd3 100644
+static void __kvm_ioapic_update_eoi(struct kvm_vcpu *vcpu,
struct kvm_ioapic *ioapic, int vector, int trigger_mode)
{
- int i;
+ struct dest_map *dest_map = &ioapic->rtc_status.dest_map;
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
-index 36591fa..3b2fa3f 100644
+index 1a2da0e..d1a84c1 100644
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -57,7 +57,7 @@
@@ -31767,10 +31911,10 @@ index 36591fa..3b2fa3f 100644
#define APIC_LVT_NUM 6
/* 14 is the version for Xeon and Pentium 8.4.8*/
diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h
-index 2ce4f05..ab8fa72 100644
+index bc019f7..51a5631 100644
--- a/arch/x86/kvm/paging_tmpl.h
+++ b/arch/x86/kvm/paging_tmpl.h
-@@ -335,7 +335,7 @@ retry_walk:
+@@ -349,7 +349,7 @@ retry_walk:
if (unlikely(kvm_is_error_hva(host_addr)))
goto error;
@@ -31780,10 +31924,10 @@ index 2ce4f05..ab8fa72 100644
goto error;
walker->ptep_user[walker->level - 1] = ptep_user;
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
-index c13a64b..2075a7c 100644
+index 31346a3..038711e 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
-@@ -3529,7 +3529,11 @@ static void reload_tss(struct kvm_vcpu *vcpu)
+@@ -3533,7 +3533,11 @@ static void reload_tss(struct kvm_vcpu *vcpu)
int cpu = raw_smp_processor_id();
struct svm_cpu_data *sd = per_cpu(svm_data, cpu);
@@ -31795,7 +31939,7 @@ index c13a64b..2075a7c 100644
load_TR_desc();
}
-@@ -3928,6 +3932,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -3932,6 +3936,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)
#endif
#endif
@@ -31806,7 +31950,7 @@ index c13a64b..2075a7c 100644
reload_tss(vcpu);
local_irq_disable();
-@@ -4303,7 +4311,7 @@ static void svm_sched_in(struct kvm_vcpu *vcpu, int cpu)
+@@ -4307,7 +4315,7 @@ static void svm_sched_in(struct kvm_vcpu *vcpu, int cpu)
{
}
@@ -31816,10 +31960,10 @@ index c13a64b..2075a7c 100644
.disabled_by_bios = is_disabled,
.hardware_setup = svm_hardware_setup,
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
-index 60946a5..0ac3003 100644
+index faf52bac..fdc4818 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
-@@ -1575,14 +1575,14 @@ static __always_inline void vmcs_writel(unsigned long field, unsigned long value
+@@ -1589,14 +1589,14 @@ static __always_inline void vmcs_writel(unsigned long field, unsigned long value
__vmcs_writel(field, value);
}
@@ -31836,7 +31980,7 @@ index 60946a5..0ac3003 100644
{
BUILD_BUG_ON_MSG(__builtin_constant_p(field) && ((field) & 0x6000) == 0x2000,
"vmcs_set_bits does not support 64-bit fields");
-@@ -1851,7 +1851,11 @@ static void reload_tss(void)
+@@ -1865,7 +1865,11 @@ static void reload_tss(void)
struct desc_struct *descs;
descs = (void *)gdt->address;
@@ -31848,7 +31992,7 @@ index 60946a5..0ac3003 100644
load_TR_desc();
}
-@@ -2143,6 +2147,10 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
+@@ -2158,6 +2162,10 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
vmcs_writel(HOST_TR_BASE, kvm_read_tr_base()); /* 22.2.4 */
vmcs_writel(HOST_GDTR_BASE, gdt->address); /* 22.2.4 */
@@ -31859,7 +32003,7 @@ index 60946a5..0ac3003 100644
rdmsrl(MSR_IA32_SYSENTER_ESP, sysenter_esp);
vmcs_writel(HOST_IA32_SYSENTER_ESP, sysenter_esp); /* 22.2.3 */
-@@ -2460,7 +2468,7 @@ static void setup_msrs(struct vcpu_vmx *vmx)
+@@ -2481,7 +2489,7 @@ static void setup_msrs(struct vcpu_vmx *vmx)
* guest_tsc = (host_tsc * tsc multiplier) >> 48 + tsc_offset
* -- Intel TSC Scaling for Virtualization White Paper, sec 1.3
*/
@@ -31868,7 +32012,7 @@ index 60946a5..0ac3003 100644
{
u64 host_tsc, tsc_offset;
-@@ -4693,7 +4701,10 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx)
+@@ -4722,7 +4730,10 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx)
unsigned long cr4;
vmcs_writel(HOST_CR0, read_cr0() & ~X86_CR0_TS); /* 22.2.3 */
@@ -31879,7 +32023,7 @@ index 60946a5..0ac3003 100644
/* Save the most likely value for this task's CR4 in the VMCS. */
cr4 = cr4_read_shadow();
-@@ -4720,7 +4731,7 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx)
+@@ -4749,7 +4760,7 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx)
vmcs_writel(HOST_IDTR_BASE, dt.address); /* 22.2.4 */
vmx->host_idt_base = dt.address;
@@ -31888,7 +32032,7 @@ index 60946a5..0ac3003 100644
rdmsr(MSR_IA32_SYSENTER_CS, low32, high32);
vmcs_write32(HOST_IA32_SYSENTER_CS, low32);
-@@ -6277,11 +6288,17 @@ static __init int hardware_setup(void)
+@@ -6297,11 +6308,17 @@ static __init int hardware_setup(void)
* page upon invalidation. No need to do anything if not
* using the APIC_ACCESS_ADDR VMCS field.
*/
@@ -31908,7 +32052,7 @@ index 60946a5..0ac3003 100644
if (enable_ept && !cpu_has_vmx_ept_2m_page())
kvm_disable_largepages();
-@@ -6351,10 +6368,12 @@ static __init int hardware_setup(void)
+@@ -6371,10 +6388,12 @@ static __init int hardware_setup(void)
enable_pml = 0;
if (!enable_pml) {
@@ -31921,7 +32065,7 @@ index 60946a5..0ac3003 100644
}
kvm_set_posted_intr_wakeup_handler(wakeup_handler);
-@@ -8673,6 +8692,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -8705,6 +8724,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
"jmp 2f \n\t"
"1: " __ex(ASM_VMX_VMRESUME) "\n\t"
"2: "
@@ -31934,7 +32078,7 @@ index 60946a5..0ac3003 100644
/* Save guest registers, load host registers, keep flags */
"mov %0, %c[wordsize](%%" _ASM_SP ") \n\t"
"pop %0 \n\t"
-@@ -8725,6 +8750,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -8757,6 +8782,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
#endif
[cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)),
[wordsize]"i"(sizeof(ulong))
@@ -31946,7 +32090,7 @@ index 60946a5..0ac3003 100644
: "cc", "memory"
#ifdef CONFIG_X86_64
, "rax", "rbx", "rdi", "rsi"
-@@ -8738,7 +8768,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -8770,7 +8800,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
if (debugctlmsr)
update_debugctlmsr(debugctlmsr);
@@ -31955,7 +32099,7 @@ index 60946a5..0ac3003 100644
/*
* The sysexit path does not restore ds/es, so we must set them to
* a reasonable value ourselves.
-@@ -8747,8 +8777,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -8779,8 +8809,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
* may be executed in interrupt context, which saves and restore segments
* around it, nullifying its effect.
*/
@@ -31976,7 +32120,7 @@ index 60946a5..0ac3003 100644
#endif
vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP)
-@@ -10830,7 +10870,7 @@ out:
+@@ -10889,7 +10929,7 @@ out:
return ret;
}
@@ -31986,10 +32130,10 @@ index 60946a5..0ac3003 100644
.disabled_by_bios = vmx_disabled_by_bios,
.hardware_setup = hardware_setup,
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index ac4963c..902039d 100644
+index 6b9701b..86084df 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
-@@ -1944,8 +1944,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data)
+@@ -1945,8 +1945,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data)
{
struct kvm *kvm = vcpu->kvm;
int lm = is_long_mode(vcpu);
@@ -32000,7 +32144,7 @@ index ac4963c..902039d 100644
u8 blob_size = lm ? kvm->arch.xen_hvm_config.blob_size_64
: kvm->arch.xen_hvm_config.blob_size_32;
u32 page_num = data & ~PAGE_MASK;
-@@ -2646,6 +2646,8 @@ long kvm_arch_dev_ioctl(struct file *filp,
+@@ -2647,6 +2647,8 @@ long kvm_arch_dev_ioctl(struct file *filp,
if (n < msr_list.nmsrs)
goto out;
r = -EFAULT;
@@ -32009,7 +32153,7 @@ index ac4963c..902039d 100644
if (copy_to_user(user_msr_list->indices, &msrs_to_save,
num_msrs_to_save * sizeof(u32)))
goto out;
-@@ -3046,7 +3048,7 @@ static int kvm_vcpu_ioctl_x86_set_debugregs(struct kvm_vcpu *vcpu,
+@@ -3051,7 +3053,7 @@ static int kvm_vcpu_ioctl_x86_set_debugregs(struct kvm_vcpu *vcpu,
static void fill_xsave(u8 *dest, struct kvm_vcpu *vcpu)
{
@@ -32018,7 +32162,7 @@ index ac4963c..902039d 100644
u64 xstate_bv = xsave->header.xfeatures;
u64 valid;
-@@ -3082,7 +3084,7 @@ static void fill_xsave(u8 *dest, struct kvm_vcpu *vcpu)
+@@ -3087,7 +3089,7 @@ static void fill_xsave(u8 *dest, struct kvm_vcpu *vcpu)
static void load_xsave(struct kvm_vcpu *vcpu, u8 *src)
{
@@ -32027,7 +32171,7 @@ index ac4963c..902039d 100644
u64 xstate_bv = *(u64 *)(src + XSAVE_HDR_OFFSET);
u64 valid;
-@@ -3126,7 +3128,7 @@ static void kvm_vcpu_ioctl_x86_get_xsave(struct kvm_vcpu *vcpu,
+@@ -3131,7 +3133,7 @@ static void kvm_vcpu_ioctl_x86_get_xsave(struct kvm_vcpu *vcpu,
fill_xsave((u8 *) guest_xsave->region, vcpu);
} else {
memcpy(guest_xsave->region,
@@ -32036,7 +32180,7 @@ index ac4963c..902039d 100644
sizeof(struct fxregs_state));
*(u64 *)&guest_xsave->region[XSAVE_HDR_OFFSET / sizeof(u32)] =
XFEATURE_MASK_FPSSE;
-@@ -3151,7 +3153,7 @@ static int kvm_vcpu_ioctl_x86_set_xsave(struct kvm_vcpu *vcpu,
+@@ -3156,7 +3158,7 @@ static int kvm_vcpu_ioctl_x86_set_xsave(struct kvm_vcpu *vcpu,
} else {
if (xstate_bv & ~XFEATURE_MASK_FPSSE)
return -EINVAL;
@@ -32045,7 +32189,7 @@ index ac4963c..902039d 100644
guest_xsave->region, sizeof(struct fxregs_state));
}
return 0;
-@@ -6421,6 +6423,7 @@ void kvm_arch_mmu_notifier_invalidate_page(struct kvm *kvm,
+@@ -6447,6 +6449,7 @@ void kvm_arch_mmu_notifier_invalidate_page(struct kvm *kvm,
* exiting to the userspace. Otherwise, the value will be returned to the
* userspace.
*/
@@ -32053,7 +32197,7 @@ index ac4963c..902039d 100644
static int vcpu_enter_guest(struct kvm_vcpu *vcpu)
{
int r;
-@@ -6687,6 +6690,7 @@ out:
+@@ -6717,6 +6720,7 @@ out:
return r;
}
@@ -32061,7 +32205,7 @@ index ac4963c..902039d 100644
static inline int vcpu_block(struct kvm *kvm, struct kvm_vcpu *vcpu)
{
if (!kvm_arch_vcpu_runnable(vcpu) &&
-@@ -7234,7 +7238,7 @@ int kvm_arch_vcpu_ioctl_translate(struct kvm_vcpu *vcpu,
+@@ -7264,7 +7268,7 @@ int kvm_arch_vcpu_ioctl_translate(struct kvm_vcpu *vcpu,
int kvm_arch_vcpu_ioctl_get_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu)
{
struct fxregs_state *fxsave =
@@ -32070,7 +32214,7 @@ index ac4963c..902039d 100644
memcpy(fpu->fpr, fxsave->st_space, 128);
fpu->fcw = fxsave->cwd;
-@@ -7251,7 +7255,7 @@ int kvm_arch_vcpu_ioctl_get_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu)
+@@ -7281,7 +7285,7 @@ int kvm_arch_vcpu_ioctl_get_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu)
int kvm_arch_vcpu_ioctl_set_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu)
{
struct fxregs_state *fxsave =
@@ -32079,7 +32223,7 @@ index ac4963c..902039d 100644
memcpy(fxsave->st_space, fpu->fpr, 128);
fxsave->cwd = fpu->fcw;
-@@ -7267,9 +7271,9 @@ int kvm_arch_vcpu_ioctl_set_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu)
+@@ -7297,9 +7301,9 @@ int kvm_arch_vcpu_ioctl_set_fpu(struct kvm_vcpu *vcpu, struct kvm_fpu *fpu)
static void fx_init(struct kvm_vcpu *vcpu)
{
@@ -32091,7 +32235,7 @@ index ac4963c..902039d 100644
host_xcr0 | XSTATE_COMPACTION_ENABLED;
/*
-@@ -7292,7 +7296,7 @@ void kvm_load_guest_fpu(struct kvm_vcpu *vcpu)
+@@ -7322,7 +7326,7 @@ void kvm_load_guest_fpu(struct kvm_vcpu *vcpu)
*/
vcpu->guest_fpu_loaded = 1;
__kernel_fpu_begin();
@@ -32100,16 +32244,16 @@ index ac4963c..902039d 100644
trace_kvm_fpu(1);
}
-@@ -7593,6 +7597,8 @@ bool kvm_vcpu_compatible(struct kvm_vcpu *vcpu)
-
+@@ -7624,6 +7628,8 @@ bool kvm_vcpu_compatible(struct kvm_vcpu *vcpu)
struct static_key kvm_no_apic_vcpu __read_mostly;
+ EXPORT_SYMBOL_GPL(kvm_no_apic_vcpu);
+extern struct kmem_cache *fpregs_state_cachep;
+
int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu)
{
struct page *page;
-@@ -7610,11 +7616,14 @@ int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu)
+@@ -7641,11 +7647,14 @@ int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu)
else
vcpu->arch.mp_state = KVM_MP_STATE_UNINITIALIZED;
@@ -32128,7 +32272,7 @@ index ac4963c..902039d 100644
vcpu->arch.pio_data = page_address(page);
kvm_set_tsc_khz(vcpu, max_tsc_khz);
-@@ -7672,6 +7681,9 @@ fail_mmu_destroy:
+@@ -7703,6 +7712,9 @@ fail_mmu_destroy:
kvm_mmu_destroy(vcpu);
fail_free_pio_data:
free_page((unsigned long)vcpu->arch.pio_data);
@@ -32138,7 +32282,7 @@ index ac4963c..902039d 100644
fail:
return r;
}
-@@ -7690,6 +7702,8 @@ void kvm_arch_vcpu_uninit(struct kvm_vcpu *vcpu)
+@@ -7721,6 +7733,8 @@ void kvm_arch_vcpu_uninit(struct kvm_vcpu *vcpu)
free_page((unsigned long)vcpu->arch.pio_data);
if (!lapic_in_kernel(vcpu))
static_key_slow_dec(&kvm_no_apic_vcpu);
@@ -32148,7 +32292,7 @@ index ac4963c..902039d 100644
void kvm_arch_sched_in(struct kvm_vcpu *vcpu, int cpu)
diff --git a/arch/x86/lguest/boot.c b/arch/x86/lguest/boot.c
-index 4ba229a..470f861 100644
+index fd57d3a..7e9ec76 100644
--- a/arch/x86/lguest/boot.c
+++ b/arch/x86/lguest/boot.c
@@ -1336,9 +1336,10 @@ static __init int early_put_chars(u32 vtermno, const char *buf, int count)
@@ -32875,7 +33019,7 @@ index c1e6232..ebbeba7 100644
#undef ROUND
#undef ROUND1
diff --git a/arch/x86/lib/clear_page_64.S b/arch/x86/lib/clear_page_64.S
-index a2fe51b..507dab0 100644
+index 65be7cf..d4cb4b4 100644
--- a/arch/x86/lib/clear_page_64.S
+++ b/arch/x86/lib/clear_page_64.S
@@ -21,6 +21,7 @@ ENTRY(clear_page)
@@ -32928,7 +33072,7 @@ index 9b33024..e52ee44 100644
ENDPROC(this_cpu_cmpxchg16b_emu)
diff --git a/arch/x86/lib/copy_page_64.S b/arch/x86/lib/copy_page_64.S
-index 009f982..9b3db5e 100644
+index 24ef1c2..a119ef1 100644
--- a/arch/x86/lib/copy_page_64.S
+++ b/arch/x86/lib/copy_page_64.S
@@ -15,13 +15,14 @@ ENTRY(copy_page)
@@ -32993,7 +33137,7 @@ index 009f982..9b3db5e 100644
ret
ENDPROC(copy_page_regs)
diff --git a/arch/x86/lib/copy_user_64.S b/arch/x86/lib/copy_user_64.S
-index 27f89c7..7ae1e8e 100644
+index 2b0ef26..69c3c66 100644
--- a/arch/x86/lib/copy_user_64.S
+++ b/arch/x86/lib/copy_user_64.S
@@ -14,50 +14,7 @@
@@ -33190,7 +33334,7 @@ index 7e48807..cc966ff 100644
/* Exception handlers. Very simple, zeroing is done in the wrappers */
diff --git a/arch/x86/lib/csum-wrappers_64.c b/arch/x86/lib/csum-wrappers_64.c
-index 1318f75..44c30fd 100644
+index 28a6654..e501fe8 100644
--- a/arch/x86/lib/csum-wrappers_64.c
+++ b/arch/x86/lib/csum-wrappers_64.c
@@ -52,10 +52,12 @@ csum_partial_copy_from_user(const void __user *src, void *dst,
@@ -33374,7 +33518,7 @@ index 46668cd..a3bdfb9 100644
END(bad_get_user_8)
#endif
diff --git a/arch/x86/lib/insn.c b/arch/x86/lib/insn.c
-index 8f72b33..4667a46 100644
+index 1a41693..16eb00c 100644
--- a/arch/x86/lib/insn.c
+++ b/arch/x86/lib/insn.c
@@ -20,8 +20,10 @@
@@ -33421,10 +33565,10 @@ index 33147fe..12a8815 100644
ret
ENDPROC(__iowrite32_copy)
diff --git a/arch/x86/lib/memcpy_64.S b/arch/x86/lib/memcpy_64.S
-index 16698bb..971d300 100644
+index 2ec0b0abb..3e02ccd 100644
--- a/arch/x86/lib/memcpy_64.S
+++ b/arch/x86/lib/memcpy_64.S
-@@ -36,6 +36,7 @@ ENTRY(memcpy)
+@@ -37,6 +37,7 @@ ENTRY(memcpy)
rep movsq
movl %edx, %ecx
rep movsb
@@ -33432,7 +33576,7 @@ index 16698bb..971d300 100644
ret
ENDPROC(memcpy)
ENDPROC(__memcpy)
-@@ -48,6 +49,7 @@ ENTRY(memcpy_erms)
+@@ -49,6 +50,7 @@ ENTRY(memcpy_erms)
movq %rdi, %rax
movq %rdx, %rcx
rep movsb
@@ -33440,7 +33584,7 @@ index 16698bb..971d300 100644
ret
ENDPROC(memcpy_erms)
-@@ -132,6 +134,7 @@ ENTRY(memcpy_orig)
+@@ -133,6 +135,7 @@ ENTRY(memcpy_orig)
movq %r9, 1*8(%rdi)
movq %r10, -2*8(%rdi, %rdx)
movq %r11, -1*8(%rdi, %rdx)
@@ -33448,7 +33592,7 @@ index 16698bb..971d300 100644
retq
.p2align 4
.Lless_16bytes:
-@@ -144,6 +147,7 @@ ENTRY(memcpy_orig)
+@@ -145,6 +148,7 @@ ENTRY(memcpy_orig)
movq -1*8(%rsi, %rdx), %r9
movq %r8, 0*8(%rdi)
movq %r9, -1*8(%rdi, %rdx)
@@ -33456,7 +33600,7 @@ index 16698bb..971d300 100644
retq
.p2align 4
.Lless_8bytes:
-@@ -157,6 +161,7 @@ ENTRY(memcpy_orig)
+@@ -158,6 +162,7 @@ ENTRY(memcpy_orig)
movl -4(%rsi, %rdx), %r8d
movl %ecx, (%rdi)
movl %r8d, -4(%rdi, %rdx)
@@ -33464,15 +33608,16 @@ index 16698bb..971d300 100644
retq
.p2align 4
.Lless_3bytes:
-@@ -175,5 +180,6 @@ ENTRY(memcpy_orig)
+@@ -176,6 +181,7 @@ ENTRY(memcpy_orig)
movb %cl, (%rdi)
.Lend:
+ pax_force_retaddr
retq
ENDPROC(memcpy_orig)
+
diff --git a/arch/x86/lib/memmove_64.S b/arch/x86/lib/memmove_64.S
-index ca2afdd..2e474fa 100644
+index 90ce01b..8817b34 100644
--- a/arch/x86/lib/memmove_64.S
+++ b/arch/x86/lib/memmove_64.S
@@ -41,7 +41,7 @@ ENTRY(__memmove)
@@ -33493,7 +33638,7 @@ index ca2afdd..2e474fa 100644
ENDPROC(__memmove)
ENDPROC(memmove)
diff --git a/arch/x86/lib/memset_64.S b/arch/x86/lib/memset_64.S
-index 2661fad..b584d5c 100644
+index e1229ec..2ca5a7a 100644
--- a/arch/x86/lib/memset_64.S
+++ b/arch/x86/lib/memset_64.S
@@ -40,6 +40,7 @@ ENTRY(__memset)
@@ -34007,39 +34152,37 @@ index e0817a1..bc9cf66 100644
xor %eax,%eax
EXIT
diff --git a/arch/x86/lib/rwsem.S b/arch/x86/lib/rwsem.S
-index 40027db..37bb69d 100644
+index be110ef..6728d71 100644
--- a/arch/x86/lib/rwsem.S
+++ b/arch/x86/lib/rwsem.S
-@@ -90,6 +90,7 @@ ENTRY(call_rwsem_down_read_failed)
- call rwsem_down_read_failed
+@@ -93,6 +93,7 @@ ENTRY(call_rwsem_down_read_failed)
__ASM_SIZE(pop,) %__ASM_REG(dx)
restore_common_regs
+ FRAME_END
+ pax_force_retaddr
ret
ENDPROC(call_rwsem_down_read_failed)
-@@ -98,6 +99,7 @@ ENTRY(call_rwsem_down_write_failed)
- movq %rax,%rdi
+@@ -103,6 +104,7 @@ ENTRY(call_rwsem_down_write_failed)
call rwsem_down_write_failed
restore_common_regs
+ FRAME_END
+ pax_force_retaddr
ret
ENDPROC(call_rwsem_down_write_failed)
-@@ -109,7 +111,8 @@ ENTRY(call_rwsem_wake)
- movq %rax,%rdi
+@@ -116,6 +118,7 @@ ENTRY(call_rwsem_wake)
call rwsem_wake
restore_common_regs
--1: ret
-+1: pax_force_retaddr
-+ ret
+ 1: FRAME_END
++ pax_force_retaddr
+ ret
ENDPROC(call_rwsem_wake)
- ENTRY(call_rwsem_downgrade_wake)
-@@ -119,5 +122,6 @@ ENTRY(call_rwsem_downgrade_wake)
- call rwsem_downgrade_wake
+@@ -128,5 +131,6 @@ ENTRY(call_rwsem_downgrade_wake)
__ASM_SIZE(pop,) %__ASM_REG(dx)
restore_common_regs
+ FRAME_END
+ pax_force_retaddr
ret
ENDPROC(call_rwsem_downgrade_wake)
@@ -34830,55 +34973,57 @@ index 0054835..a3bd671 100644
void fconst(void)
diff --git a/arch/x86/mm/Makefile b/arch/x86/mm/Makefile
-index f9d38a4..556175f 100644
+index f989132..7c590d6 100644
--- a/arch/x86/mm/Makefile
+++ b/arch/x86/mm/Makefile
-@@ -34,3 +34,7 @@ obj-$(CONFIG_ACPI_NUMA) += srat.o
- obj-$(CONFIG_NUMA_EMU) += numa_emulation.o
-
+@@ -39,3 +39,6 @@ obj-$(CONFIG_NUMA_EMU) += numa_emulation.o
obj-$(CONFIG_X86_INTEL_MPX) += mpx.o
-+
+ obj-$(CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS) += pkeys.o
+
+quote:="
+obj-$(CONFIG_X86_64) += uderef_64.o
+CFLAGS_uderef_64.o := $(subst $(quote),,$(CONFIG_ARCH_HWEIGHT_CFLAGS)) -fcall-saved-rax
diff --git a/arch/x86/mm/extable.c b/arch/x86/mm/extable.c
-index 903ec1e..41b4708 100644
+index 82447b3..95c2b03 100644
--- a/arch/x86/mm/extable.c
+++ b/arch/x86/mm/extable.c
-@@ -2,16 +2,29 @@
- #include <linux/spinlock.h>
- #include <linux/sort.h>
+@@ -1,5 +1,6 @@
+ #include <linux/module.h>
#include <asm/uaccess.h>
+#include <asm/boot.h>
+ typedef bool (*ex_handler_t)(const struct exception_table_entry *,
+ struct pt_regs *, int);
+@@ -7,12 +8,25 @@ typedef bool (*ex_handler_t)(const struct exception_table_entry *,
static inline unsigned long
- ex_insn_addr(const struct exception_table_entry *x)
+ ex_fixup_addr(const struct exception_table_entry *x)
{
-- return (unsigned long)&x->insn + x->insn;
+- return (unsigned long)&x->fixup + x->fixup;
+ unsigned long reloc = 0;
+
+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
+ reloc = ____LOAD_PHYSICAL_ADDR - LOAD_PHYSICAL_ADDR;
+#endif
+
-+ return (unsigned long)&x->insn + x->insn + reloc;
++ return (unsigned long)&x->fixup + x->fixup + reloc;
}
- static inline unsigned long
- ex_fixup_addr(const struct exception_table_entry *x)
++
+ static inline ex_handler_t
+ ex_fixup_handler(const struct exception_table_entry *x)
{
-- return (unsigned long)&x->fixup + x->fixup;
+- return (ex_handler_t)((unsigned long)&x->handler + x->handler);
+ unsigned long reloc = 0;
+
+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
+ reloc = ____LOAD_PHYSICAL_ADDR - LOAD_PHYSICAL_ADDR;
+#endif
+
-+ return (unsigned long)&x->fixup + x->fixup + reloc;
++ return (ex_handler_t)((unsigned long)&x->handler + x->handler + reloc);
}
- int fixup_exception(struct pt_regs *regs)
-@@ -20,7 +33,7 @@ int fixup_exception(struct pt_regs *regs)
- unsigned long new_ip;
+ bool ex_handler_default(const struct exception_table_entry *fixup,
+@@ -61,7 +75,7 @@ int fixup_exception(struct pt_regs *regs, int trapnr)
+ ex_handler_t handler;
#ifdef CONFIG_PNPBIOS
- if (unlikely(SEGMENT_IS_PNP_CODE(regs->cs))) {
@@ -34886,22 +35031,8 @@ index 903ec1e..41b4708 100644
extern u32 pnp_bios_fault_eip, pnp_bios_fault_esp;
extern u32 pnp_bios_is_utter_crap;
pnp_bios_is_utter_crap = 1;
-@@ -145,6 +158,13 @@ void sort_extable(struct exception_table_entry *start,
- i += 4;
- p->fixup -= i;
- i += 4;
-+
-+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
-+ BUILD_BUG_ON(!IS_ENABLED(CONFIG_BUILDTIME_EXTABLE_SORT));
-+ p->insn -= ____LOAD_PHYSICAL_ADDR - LOAD_PHYSICAL_ADDR;
-+ p->fixup -= ____LOAD_PHYSICAL_ADDR - LOAD_PHYSICAL_ADDR;
-+#endif
-+
- }
- }
-
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
-index e830c71..2c3c46a 100644
+index 5ce1ed0..f713160 100644
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
@@ -14,6 +14,8 @@
@@ -34911,12 +35042,12 @@ index e830c71..2c3c46a 100644
+#include <linux/unistd.h>
+#include <linux/compiler.h>
+ #include <asm/cpufeature.h> /* boot_cpu_has, ... */
#include <asm/traps.h> /* dotraplinkage, ... */
- #include <asm/pgalloc.h> /* pgd_*(), ... */
-@@ -21,6 +23,11 @@
- #include <asm/fixmap.h> /* VSYSCALL_ADDR */
+@@ -23,6 +25,11 @@
#include <asm/vsyscall.h> /* emulate_vsyscall */
#include <asm/vm86.h> /* struct vm86 */
+ #include <asm/mmu_context.h> /* vma_pkey() */
+#include <asm/tlbflush.h>
+
+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
@@ -34925,7 +35056,7 @@ index e830c71..2c3c46a 100644
#define CREATE_TRACE_POINTS
#include <asm/trace/exceptions.h>
-@@ -122,7 +129,10 @@ check_prefetch_opcode(struct pt_regs *regs, unsigned char *instr,
+@@ -126,7 +133,10 @@ check_prefetch_opcode(struct pt_regs *regs, unsigned char *instr,
return !instr_lo || (instr_lo>>1) == 1;
case 0x00:
/* Prefetch instruction is 0x0F0D or 0x0F18 */
@@ -34937,7 +35068,7 @@ index e830c71..2c3c46a 100644
return 0;
*prefetch = (instr_lo == 0xF) &&
-@@ -156,7 +166,10 @@ is_prefetch(struct pt_regs *regs, unsigned long error_code, unsigned long addr)
+@@ -160,7 +170,10 @@ is_prefetch(struct pt_regs *regs, unsigned long error_code, unsigned long addr)
while (instr < max_instr) {
unsigned char opcode;
@@ -34949,7 +35080,7 @@ index e830c71..2c3c46a 100644
break;
instr++;
-@@ -187,6 +200,34 @@ force_sig_info_fault(int si_signo, int si_code, unsigned long address,
+@@ -244,6 +257,34 @@ force_sig_info_fault(int si_signo, int si_code, unsigned long address,
force_sig_info(si_signo, &info, tsk);
}
@@ -34984,7 +35115,7 @@ index e830c71..2c3c46a 100644
DEFINE_SPINLOCK(pgd_lock);
LIST_HEAD(pgd_list);
-@@ -237,10 +278,27 @@ void vmalloc_sync_all(void)
+@@ -294,10 +335,27 @@ void vmalloc_sync_all(void)
for (address = VMALLOC_START & PMD_MASK;
address >= TASK_SIZE && address < FIXADDR_TOP;
address += PMD_SIZE) {
@@ -35012,7 +35143,7 @@ index e830c71..2c3c46a 100644
spinlock_t *pgt_lock;
pmd_t *ret;
-@@ -248,8 +306,14 @@ void vmalloc_sync_all(void)
+@@ -305,8 +363,14 @@ void vmalloc_sync_all(void)
pgt_lock = &pgd_page_get_mm(page)->page_table_lock;
spin_lock(pgt_lock);
@@ -35028,7 +35159,7 @@ index e830c71..2c3c46a 100644
if (!ret)
break;
-@@ -283,6 +347,12 @@ static noinline int vmalloc_fault(unsigned long address)
+@@ -340,6 +404,12 @@ static noinline int vmalloc_fault(unsigned long address)
* an interrupt in the middle of a task switch..
*/
pgd_paddr = read_cr3();
@@ -35041,7 +35172,7 @@ index e830c71..2c3c46a 100644
pmd_k = vmalloc_sync_one(__va(pgd_paddr), address);
if (!pmd_k)
return -1;
-@@ -382,11 +452,25 @@ static noinline int vmalloc_fault(unsigned long address)
+@@ -439,11 +509,25 @@ static noinline int vmalloc_fault(unsigned long address)
* happen within a race in page table update. In the later
* case just flush:
*/
@@ -35068,7 +35199,7 @@ index e830c71..2c3c46a 100644
if (pgd_none(*pgd)) {
set_pgd(pgd, *pgd_ref);
arch_flush_lazy_mmu_mode();
-@@ -559,7 +643,7 @@ static int is_errata93(struct pt_regs *regs, unsigned long address)
+@@ -616,7 +700,7 @@ static int is_errata93(struct pt_regs *regs, unsigned long address)
static int is_errata100(struct pt_regs *regs, unsigned long address)
{
#ifdef CONFIG_X86_64
@@ -35077,7 +35208,7 @@ index e830c71..2c3c46a 100644
return 1;
#endif
return 0;
-@@ -586,9 +670,9 @@ static int is_f00f_bug(struct pt_regs *regs, unsigned long address)
+@@ -643,9 +727,9 @@ static int is_f00f_bug(struct pt_regs *regs, unsigned long address)
}
static const char nx_warning[] = KERN_CRIT
@@ -35089,7 +35220,7 @@ index e830c71..2c3c46a 100644
static void
show_fault_oops(struct pt_regs *regs, unsigned long error_code,
-@@ -597,7 +681,7 @@ show_fault_oops(struct pt_regs *regs, unsigned long error_code,
+@@ -654,7 +738,7 @@ show_fault_oops(struct pt_regs *regs, unsigned long error_code,
if (!oops_may_print())
return;
@@ -35098,7 +35229,7 @@ index e830c71..2c3c46a 100644
unsigned int level;
pgd_t *pgd;
pte_t *pte;
-@@ -608,13 +692,25 @@ show_fault_oops(struct pt_regs *regs, unsigned long error_code,
+@@ -665,13 +749,25 @@ show_fault_oops(struct pt_regs *regs, unsigned long error_code,
pte = lookup_address_in_pgd(pgd, address, &level);
if (pte && pte_present(*pte) && !pte_exec(*pte))
@@ -35126,7 +35257,7 @@ index e830c71..2c3c46a 100644
printk(KERN_ALERT "BUG: unable to handle kernel ");
if (address < PAGE_SIZE)
printk(KERN_CONT "NULL pointer dereference");
-@@ -793,6 +889,22 @@ __bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code,
+@@ -854,6 +950,22 @@ __bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code,
return;
}
#endif
@@ -35149,7 +35280,7 @@ index e830c71..2c3c46a 100644
/* Kernel addresses are always protection faults: */
if (address >= TASK_SIZE)
error_code |= PF_PROT;
-@@ -875,7 +987,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address,
+@@ -961,7 +1073,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address,
if (fault & (VM_FAULT_HWPOISON|VM_FAULT_HWPOISON_LARGE)) {
printk(KERN_ERR
"MCE: Killing %s:%d due to hardware memory corruption fault at %lx\n",
@@ -35158,7 +35289,7 @@ index e830c71..2c3c46a 100644
code = BUS_MCEERR_AR;
}
#endif
-@@ -927,6 +1039,109 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte)
+@@ -1020,6 +1132,109 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte)
return 1;
}
@@ -35268,17 +35399,18 @@ index e830c71..2c3c46a 100644
/*
* Handle a spurious fault caused by a stale TLB entry.
*
-@@ -1012,6 +1227,9 @@ int show_unhandled_signals = 1;
- static inline int
- access_error(unsigned long error_code, struct vm_area_struct *vma)
+@@ -1107,6 +1322,10 @@ access_error(unsigned long error_code, struct vm_area_struct *vma)
{
+ /* This is only called for the current mm, so: */
+ bool foreign = false;
++
+ if ((__supported_pte_mask & _PAGE_NX) && (error_code & PF_INSTR) && !(vma->vm_flags & VM_EXEC))
+ return 1;
+
- if (error_code & PF_WRITE) {
- /* write, present and write, not present: */
- if (unlikely(!(vma->vm_flags & VM_WRITE)))
-@@ -1074,6 +1292,22 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code,
+ /*
+ * Make sure to check the VMA so that we do not perform
+ * faults just to hit a PF_PK as soon as we fill in a
+@@ -1178,6 +1397,22 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code,
tsk = current;
mm = tsk->mm;
@@ -35286,7 +35418,7 @@ index e830c71..2c3c46a 100644
+ if (!user_mode(regs) && address < 2 * pax_user_shadow_base) {
+ if (!search_exception_tables(regs->ip)) {
+ printk(KERN_EMERG "PAX: please report this to pageexec@freemail.hu\n");
-+ bad_area_nosemaphore(regs, error_code, address);
++ bad_area_nosemaphore(regs, error_code, address, NULL);
+ return;
+ }
+ if (address < pax_user_shadow_base) {
@@ -35301,7 +35433,7 @@ index e830c71..2c3c46a 100644
/*
* Detect and handle instructions that would cause a page fault for
* both a tracked kernel page and a userspace page.
-@@ -1198,6 +1432,11 @@ retry:
+@@ -1304,6 +1539,11 @@ retry:
might_sleep();
}
@@ -35313,7 +35445,7 @@ index e830c71..2c3c46a 100644
vma = find_vma(mm, address);
if (unlikely(!vma)) {
bad_area(regs, error_code, address);
-@@ -1209,18 +1448,24 @@ retry:
+@@ -1315,18 +1555,24 @@ retry:
bad_area(regs, error_code, address);
return;
}
@@ -35349,7 +35481,7 @@ index e830c71..2c3c46a 100644
if (unlikely(expand_stack(vma, address))) {
bad_area(regs, error_code, address);
return;
-@@ -1340,3 +1585,292 @@ trace_do_page_fault(struct pt_regs *regs, unsigned long error_code)
+@@ -1446,3 +1692,292 @@ trace_do_page_fault(struct pt_regs *regs, unsigned long error_code)
}
NOKPROBE_SYMBOL(trace_do_page_fault);
#endif /* CONFIG_TRACING */
@@ -35643,10 +35775,10 @@ index e830c71..2c3c46a 100644
+ return ret ? -EFAULT : 0;
+}
diff --git a/arch/x86/mm/gup.c b/arch/x86/mm/gup.c
-index d8a798d..6f803ca 100644
+index b8b6a60..9193b78 100644
--- a/arch/x86/mm/gup.c
+++ b/arch/x86/mm/gup.c
-@@ -302,7 +302,7 @@ int __get_user_pages_fast(unsigned long start, int nr_pages, int write,
+@@ -313,7 +313,7 @@ int __get_user_pages_fast(unsigned long start, int nr_pages, int write,
addr = start;
len = (unsigned long) nr_pages << PAGE_SHIFT;
end = start + len;
@@ -35655,7 +35787,7 @@ index d8a798d..6f803ca 100644
(void __user *)start, len)))
return 0;
-@@ -378,6 +378,10 @@ int get_user_pages_fast(unsigned long start, int nr_pages, int write,
+@@ -389,6 +389,10 @@ int get_user_pages_fast(unsigned long start, int nr_pages, int write,
goto slow_irqon;
#endif
@@ -35794,7 +35926,7 @@ index 740d7ac..4091827 100644
#endif /* CONFIG_HUGETLB_PAGE */
diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
-index 493f541..ee7a3f0 100644
+index 9d56f27..0d15fff 100644
--- a/arch/x86/mm/init.c
+++ b/arch/x86/mm/init.c
@@ -4,6 +4,7 @@
@@ -35813,7 +35945,7 @@ index 493f541..ee7a3f0 100644
/*
* We need to define the tracepoints somewhere, and tlb.c
-@@ -618,7 +620,18 @@ void __init init_mem_mapping(void)
+@@ -619,7 +621,18 @@ void __init init_mem_mapping(void)
early_ioremap_page_table_range_init();
#endif
@@ -35832,7 +35964,7 @@ index 493f541..ee7a3f0 100644
__flush_tlb_all();
early_memtest(0, max_pfn_mapped << PAGE_SHIFT);
-@@ -634,10 +647,34 @@ void __init init_mem_mapping(void)
+@@ -635,10 +648,34 @@ void __init init_mem_mapping(void)
* Access has to be given to non-kernel-ram areas as well, these contain the PCI
* mmio resources as well as potential bios/acpi data regions.
*/
@@ -35867,8 +35999,8 @@ index 493f541..ee7a3f0 100644
if (iomem_is_exclusive(pagenr << PAGE_SHIFT))
return 0;
if (!page_is_ram(pagenr))
-@@ -645,6 +682,29 @@ int devmem_is_allowed(unsigned long pagenr)
- return 0;
+@@ -685,8 +722,33 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
+ }
}
+#ifdef CONFIG_GRKERNSEC_KMEM
@@ -35894,20 +36026,6 @@ index 493f541..ee7a3f0 100644
+static inline void gr_init_ebda(void) { }
+#endif
+
- void free_init_pages(char *what, unsigned long begin, unsigned long end)
- {
- unsigned long begin_aligned, end_aligned;
-@@ -668,7 +728,7 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
- */
- #ifdef CONFIG_DEBUG_PAGEALLOC
- printk(KERN_INFO "debug: unmapping init [mem %#010lx-%#010lx]\n",
-- begin, end - 1);
-+ begin, end - 1);
- set_memory_np(begin, (end - begin) >> PAGE_SHIFT);
- #else
- /*
-@@ -685,6 +745,8 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
-
void free_initmem(void)
{
+ gr_init_ebda();
@@ -35916,7 +36034,7 @@ index 493f541..ee7a3f0 100644
(unsigned long)(&__init_begin),
(unsigned long)(&__init_end));
diff --git a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c
-index cb4ef3d..1b13259 100644
+index bd7a9b9..2cc3f46 100644
--- a/arch/x86/mm/init_32.c
+++ b/arch/x86/mm/init_32.c
@@ -62,33 +62,6 @@ static noinline int do_test_wp_bit(void);
@@ -36106,7 +36224,7 @@ index cb4ef3d..1b13259 100644
prot = PAGE_KERNEL_EXEC;
pages_4k++;
-@@ -475,7 +479,7 @@ void __init native_pagetable_init(void)
+@@ -472,7 +476,7 @@ void __init native_pagetable_init(void)
pud = pud_offset(pgd, va);
pmd = pmd_offset(pud, va);
@@ -36115,7 +36233,7 @@ index cb4ef3d..1b13259 100644
break;
/* should not be large page here */
-@@ -533,12 +537,10 @@ void __init early_ioremap_page_table_range_init(void)
+@@ -530,12 +534,10 @@ void __init early_ioremap_page_table_range_init(void)
static void __init pagetable_init(void)
{
@@ -36130,7 +36248,7 @@ index cb4ef3d..1b13259 100644
EXPORT_SYMBOL_GPL(__supported_pte_mask);
/* user-defined highmem size */
-@@ -788,10 +790,10 @@ void __init mem_init(void)
+@@ -785,10 +787,10 @@ void __init mem_init(void)
((unsigned long)&__init_end -
(unsigned long)&__init_begin) >> 10,
@@ -36144,7 +36262,7 @@ index cb4ef3d..1b13259 100644
((unsigned long)&_etext - (unsigned long)&_text) >> 10);
/*
-@@ -885,6 +887,7 @@ void set_kernel_text_rw(void)
+@@ -881,6 +883,7 @@ void set_kernel_text_rw(void)
if (!kernel_set_to_readonly)
return;
@@ -36152,7 +36270,7 @@ index cb4ef3d..1b13259 100644
pr_debug("Set kernel text: %lx - %lx for read write\n",
start, start+size);
-@@ -899,6 +902,7 @@ void set_kernel_text_ro(void)
+@@ -895,6 +898,7 @@ void set_kernel_text_ro(void)
if (!kernel_set_to_readonly)
return;
@@ -36160,7 +36278,7 @@ index cb4ef3d..1b13259 100644
pr_debug("Set kernel text: %lx - %lx for read only\n",
start, start+size);
-@@ -911,7 +915,7 @@ static void mark_nxdata_nx(void)
+@@ -907,7 +911,7 @@ static void mark_nxdata_nx(void)
* When this called, init has already been executed and released,
* so everything past _etext should be NX.
*/
@@ -36169,14 +36287,15 @@ index cb4ef3d..1b13259 100644
/*
* This comes from is_kernel_text upper limit. Also HPAGE where used:
*/
-@@ -927,26 +931,47 @@ void mark_rodata_ro(void)
+@@ -923,26 +927,49 @@ void mark_rodata_ro(void)
unsigned long start = PFN_ALIGN(_text);
unsigned long size = PFN_ALIGN(_etext) - start;
- set_pages_ro(virt_to_page(start), size >> PAGE_SHIFT);
- printk(KERN_INFO "Write protecting the kernel text: %luk\n",
- size >> 10);
-+ if (config_enabled(CONFIG_PAX_KERNEXEC)) {
++#ifdef CONFIG_PAX_KERNEXEC
++ {
+ /* PaX: limit KERNEL_CS to actual size */
+ unsigned long limit;
+ struct desc_struct d;
@@ -36196,6 +36315,7 @@ index cb4ef3d..1b13259 100644
+ if (config_enabled(CONFIG_MODULES))
+ set_memory_4k((unsigned long)MODULES_EXEC_VADDR, (MODULES_EXEC_END - MODULES_EXEC_VADDR) >> PAGE_SHIFT);
+ }
++#endif
+
+ start = ktla_ktva(start);
+ /* PaX: make KERNEL_CS read-only */
@@ -36230,10 +36350,10 @@ index cb4ef3d..1b13259 100644
#ifdef CONFIG_CPA_DEBUG
diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
-index 5488d21..9f75681 100644
+index 214afda..444aa18 100644
--- a/arch/x86/mm/init_64.c
+++ b/arch/x86/mm/init_64.c
-@@ -137,7 +137,7 @@ int kernel_ident_mapping_init(struct x86_mapping_info *info, pgd_t *pgd_page,
+@@ -138,7 +138,7 @@ int kernel_ident_mapping_init(struct x86_mapping_info *info, pgd_t *pgd_page,
* around without checking the pgd every time.
*/
@@ -36242,7 +36362,7 @@ index 5488d21..9f75681 100644
EXPORT_SYMBOL_GPL(__supported_pte_mask);
int force_personality32;
-@@ -170,7 +170,12 @@ void sync_global_pgds(unsigned long start, unsigned long end, int removed)
+@@ -171,7 +171,12 @@ void sync_global_pgds(unsigned long start, unsigned long end, int removed)
for (address = start; address <= end; address += PGDIR_SIZE) {
const pgd_t *pgd_ref = pgd_offset_k(address);
@@ -36255,7 +36375,7 @@ index 5488d21..9f75681 100644
/*
* When it is called after memory hot remove, pgd_none()
-@@ -181,6 +186,25 @@ void sync_global_pgds(unsigned long start, unsigned long end, int removed)
+@@ -182,6 +187,25 @@ void sync_global_pgds(unsigned long start, unsigned long end, int removed)
continue;
spin_lock(&pgd_lock);
@@ -36281,7 +36401,7 @@ index 5488d21..9f75681 100644
list_for_each_entry(page, &pgd_list, lru) {
pgd_t *pgd;
spinlock_t *pgt_lock;
-@@ -189,6 +213,7 @@ void sync_global_pgds(unsigned long start, unsigned long end, int removed)
+@@ -190,6 +214,7 @@ void sync_global_pgds(unsigned long start, unsigned long end, int removed)
/* the pgt_lock only for Xen */
pgt_lock = &pgd_page_get_mm(page)->page_table_lock;
spin_lock(pgt_lock);
@@ -36289,7 +36409,7 @@ index 5488d21..9f75681 100644
if (!pgd_none(*pgd_ref) && !pgd_none(*pgd))
BUG_ON(pgd_page_vaddr(*pgd)
-@@ -202,7 +227,10 @@ void sync_global_pgds(unsigned long start, unsigned long end, int removed)
+@@ -203,7 +228,10 @@ void sync_global_pgds(unsigned long start, unsigned long end, int removed)
set_pgd(pgd, *pgd_ref);
}
@@ -36300,7 +36420,7 @@ index 5488d21..9f75681 100644
}
spin_unlock(&pgd_lock);
}
-@@ -235,7 +263,7 @@ static pud_t *fill_pud(pgd_t *pgd, unsigned long vaddr)
+@@ -236,7 +264,7 @@ static pud_t *fill_pud(pgd_t *pgd, unsigned long vaddr)
{
if (pgd_none(*pgd)) {
pud_t *pud = (pud_t *)spp_getpage();
@@ -36309,7 +36429,7 @@ index 5488d21..9f75681 100644
if (pud != pud_offset(pgd, 0))
printk(KERN_ERR "PAGETABLE BUG #00! %p <-> %p\n",
pud, pud_offset(pgd, 0));
-@@ -247,7 +275,7 @@ static pmd_t *fill_pmd(pud_t *pud, unsigned long vaddr)
+@@ -248,7 +276,7 @@ static pmd_t *fill_pmd(pud_t *pud, unsigned long vaddr)
{
if (pud_none(*pud)) {
pmd_t *pmd = (pmd_t *) spp_getpage();
@@ -36318,7 +36438,7 @@ index 5488d21..9f75681 100644
if (pmd != pmd_offset(pud, 0))
printk(KERN_ERR "PAGETABLE BUG #01! %p <-> %p\n",
pmd, pmd_offset(pud, 0));
-@@ -276,7 +304,9 @@ void set_pte_vaddr_pud(pud_t *pud_page, unsigned long vaddr, pte_t new_pte)
+@@ -277,7 +305,9 @@ void set_pte_vaddr_pud(pud_t *pud_page, unsigned long vaddr, pte_t new_pte)
pmd = fill_pmd(pud, vaddr);
pte = fill_pte(pmd, vaddr);
@@ -36328,7 +36448,7 @@ index 5488d21..9f75681 100644
/*
* It's enough to flush this one mapping.
-@@ -338,14 +368,12 @@ static void __init __init_extra_mapping(unsigned long phys, unsigned long size,
+@@ -339,14 +369,12 @@ static void __init __init_extra_mapping(unsigned long phys, unsigned long size,
pgd = pgd_offset_k((unsigned long)__va(phys));
if (pgd_none(*pgd)) {
pud = (pud_t *) spp_getpage();
@@ -36345,7 +36465,7 @@ index 5488d21..9f75681 100644
}
pmd = pmd_offset(pud, phys);
BUG_ON(!pmd_none(*pmd));
-@@ -586,7 +614,7 @@ phys_pud_init(pud_t *pud_page, unsigned long addr, unsigned long end,
+@@ -587,7 +615,7 @@ phys_pud_init(pud_t *pud_page, unsigned long addr, unsigned long end,
prot);
spin_lock(&init_mm.page_table_lock);
@@ -36354,7 +36474,7 @@ index 5488d21..9f75681 100644
spin_unlock(&init_mm.page_table_lock);
}
__flush_tlb_all();
-@@ -627,7 +655,7 @@ kernel_physical_mapping_init(unsigned long start,
+@@ -628,7 +656,7 @@ kernel_physical_mapping_init(unsigned long start,
page_size_mask);
spin_lock(&init_mm.page_table_lock);
@@ -36578,7 +36698,7 @@ index b4f2e7e..96c9c3e 100644
pte = kmemcheck_pte_lookup(address);
diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c
-index 72bb52f..4bc6d52 100644
+index d2dc043..4bc6d52 100644
--- a/arch/x86/mm/mmap.c
+++ b/arch/x86/mm/mmap.c
@@ -52,7 +52,7 @@ static unsigned long stack_maxrandom_size(void)
@@ -36590,7 +36710,7 @@ index 72bb52f..4bc6d52 100644
static int mmap_is_legacy(void)
{
-@@ -81,27 +81,40 @@ unsigned long arch_mmap_rnd(void)
+@@ -81,16 +81,41 @@ unsigned long arch_mmap_rnd(void)
return rnd << PAGE_SHIFT;
}
@@ -36612,16 +36732,14 @@ index 72bb52f..4bc6d52 100644
- return PAGE_ALIGN(TASK_SIZE - gap - rnd);
+ return PAGE_ALIGN(pax_task_size - gap - rnd);
- }
-
- /*
- * Bottom-up (legacy) layout on X86_32 did not support randomization, X86_64
- * does, but not when emulating X86_32
- */
--static unsigned long mmap_legacy_base(unsigned long rnd)
++}
++
++/*
++ * Bottom-up (legacy) layout on X86_32 did not support randomization, X86_64
++ * does, but not when emulating X86_32
++ */
+static unsigned long mmap_legacy_base(struct mm_struct *mm, unsigned long rnd)
- {
-- if (mmap_is_ia32())
++{
+ if (mmap_is_ia32()) {
+
+#ifdef CONFIG_PAX_SEGMEXEC
@@ -36630,13 +36748,13 @@ index 72bb52f..4bc6d52 100644
+ else
+#endif
+
- return TASK_UNMAPPED_BASE;
-- else
++ return TASK_UNMAPPED_BASE;
+ } else
- return TASK_UNMAPPED_BASE + rnd;
++ return TASK_UNMAPPED_BASE + rnd;
}
-@@ -113,18 +126,29 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
+ /*
+@@ -101,18 +126,29 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
{
unsigned long random_factor = 0UL;
@@ -36646,7 +36764,7 @@ index 72bb52f..4bc6d52 100644
if (current->flags & PF_RANDOMIZE)
random_factor = arch_mmap_rnd();
-- mm->mmap_legacy_base = mmap_legacy_base(random_factor);
+- mm->mmap_legacy_base = TASK_UNMAPPED_BASE + random_factor;
+ mm->mmap_legacy_base = mmap_legacy_base(mm, random_factor);
if (mmap_is_legacy()) {
@@ -36718,7 +36836,7 @@ index 0057a7acc..95c7edd 100644
might_sleep();
if (is_enabled()) /* recheck and proper locking in *_core() */
diff --git a/arch/x86/mm/mpx.c b/arch/x86/mm/mpx.c
-index ef05755..7125725 100644
+index 8047687..6351be43 100644
--- a/arch/x86/mm/mpx.c
+++ b/arch/x86/mm/mpx.c
@@ -193,7 +193,7 @@ static int mpx_insn_decode(struct insn *insn,
@@ -36745,10 +36863,10 @@ index ef05755..7125725 100644
err_out:
/* info might be NULL, but kfree() handles that */
diff --git a/arch/x86/mm/numa.c b/arch/x86/mm/numa.c
-index d04f809..683f0be 100644
+index f70c1ff..fdb449c 100644
--- a/arch/x86/mm/numa.c
+++ b/arch/x86/mm/numa.c
-@@ -508,7 +508,7 @@ static void __init numa_clear_kernel_node_hotplug(void)
+@@ -529,7 +529,7 @@ static void __init numa_clear_kernel_node_hotplug(void)
}
}
@@ -36758,10 +36876,10 @@ index d04f809..683f0be 100644
unsigned long uninitialized_var(pfn_align);
int i, nid;
diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c
-index 9cf96d8..ce09f13 100644
+index 01be9ec..f4643d7 100644
--- a/arch/x86/mm/pageattr.c
+++ b/arch/x86/mm/pageattr.c
-@@ -264,7 +264,7 @@ static inline pgprot_t static_protections(pgprot_t prot, unsigned long address,
+@@ -258,7 +258,7 @@ static inline pgprot_t static_protections(pgprot_t prot, unsigned long address,
*/
#ifdef CONFIG_PCI_BIOS
if (pcibios_enabled && within(pfn, BIOS_BEGIN >> PAGE_SHIFT, BIOS_END >> PAGE_SHIFT))
@@ -36770,7 +36888,7 @@ index 9cf96d8..ce09f13 100644
#endif
/*
-@@ -272,9 +272,10 @@ static inline pgprot_t static_protections(pgprot_t prot, unsigned long address,
+@@ -266,8 +266,8 @@ static inline pgprot_t static_protections(pgprot_t prot, unsigned long address,
* Does not cover __inittext since that is gone later on. On
* 64bit we do not enforce !NX on the low mapping
*/
@@ -36779,19 +36897,9 @@ index 9cf96d8..ce09f13 100644
+ if (within(address, ktla_ktva((unsigned long)_text), ktla_ktva((unsigned long)_etext)))
+ pgprot_val(forbidden) |= _PAGE_NX & __supported_pte_mask;
-+#ifdef CONFIG_DEBUG_RODATA
/*
* The .rodata section needs to be read-only. Using the pfn
- * catches all aliases.
-@@ -282,6 +283,7 @@ static inline pgprot_t static_protections(pgprot_t prot, unsigned long address,
- if (within(pfn, __pa_symbol(__start_rodata) >> PAGE_SHIFT,
- __pa_symbol(__end_rodata) >> PAGE_SHIFT))
- pgprot_val(forbidden) |= _PAGE_RW;
-+#endif
-
- #if defined(CONFIG_X86_64) && defined(CONFIG_DEBUG_RODATA)
- /*
-@@ -320,6 +322,13 @@ static inline pgprot_t static_protections(pgprot_t prot, unsigned long address,
+@@ -314,6 +314,13 @@ static inline pgprot_t static_protections(pgprot_t prot, unsigned long address,
}
#endif
@@ -36805,7 +36913,7 @@ index 9cf96d8..ce09f13 100644
prot = __pgprot(pgprot_val(prot) & ~pgprot_val(forbidden));
return prot;
-@@ -456,23 +465,37 @@ EXPORT_SYMBOL_GPL(slow_virt_to_phys);
+@@ -450,23 +457,37 @@ EXPORT_SYMBOL_GPL(slow_virt_to_phys);
static void __set_pmd_pte(pte_t *kpte, unsigned long address, pte_t pte)
{
/* change init_mm */
@@ -36845,28 +36953,24 @@ index 9cf96d8..ce09f13 100644
}
static int
-@@ -709,6 +732,10 @@ __split_large_page(struct cpa_data *cpa, pte_t *kpte, unsigned long address,
- return 0;
+@@ -704,6 +725,8 @@ __split_large_page(struct cpa_data *cpa, pte_t *kpte, unsigned long address,
}
-+#if debug_pagealloc == 0
-+static int split_large_page(struct cpa_data *cpa, pte_t *kpte,
-+ unsigned long address) __must_hold(&cpa_lock);
-+#endif
static int split_large_page(struct cpa_data *cpa, pte_t *kpte,
++ unsigned long address) __must_hold(&cpa_lock);
++static int split_large_page(struct cpa_data *cpa, pte_t *kpte,
unsigned long address)
{
-@@ -1152,6 +1179,9 @@ static int __cpa_process_fault(struct cpa_data *cpa, unsigned long vaddr,
+ struct page *base;
+@@ -1157,6 +1180,7 @@ static int __cpa_process_fault(struct cpa_data *cpa, unsigned long vaddr,
}
}
-+#if debug_pagealloc == 0
+static int __change_page_attr(struct cpa_data *cpa, int primary) __must_hold(&cpa_lock);
-+#endif
static int __change_page_attr(struct cpa_data *cpa, int primary)
{
unsigned long address;
-@@ -1210,7 +1240,9 @@ repeat:
+@@ -1215,7 +1239,9 @@ repeat:
* Do we really change anything ?
*/
if (pte_val(old_pte) != pte_val(new_pte)) {
@@ -36877,7 +36981,7 @@ index 9cf96d8..ce09f13 100644
}
cpa->numpages = 1;
diff --git a/arch/x86/mm/pat.c b/arch/x86/mm/pat.c
-index f4ae536..e250eec 100644
+index faec01e..437ec71 100644
--- a/arch/x86/mm/pat.c
+++ b/arch/x86/mm/pat.c
@@ -589,7 +589,7 @@ int free_memtype(u64 start, u64 end)
@@ -37372,12 +37476,12 @@ index 75cc097..79a097f 100644
/*
* It's enough to flush this one mapping.
diff --git a/arch/x86/mm/setup_nx.c b/arch/x86/mm/setup_nx.c
-index 92e2eac..92fc081 100644
+index f65a33f..f408a99 100644
--- a/arch/x86/mm/setup_nx.c
+++ b/arch/x86/mm/setup_nx.c
-@@ -5,8 +5,10 @@
- #include <asm/pgtable.h>
+@@ -6,8 +6,10 @@
#include <asm/proto.h>
+ #include <asm/cpufeature.h>
+#if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE)
static int disable_nx;
@@ -37386,7 +37490,7 @@ index 92e2eac..92fc081 100644
/*
* noexec = on|off
*
-@@ -28,12 +30,17 @@ static int __init noexec_setup(char *str)
+@@ -29,12 +31,17 @@ static int __init noexec_setup(char *str)
return 0;
}
early_param("noexec", noexec_setup);
@@ -37405,7 +37509,7 @@ index 92e2eac..92fc081 100644
}
diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c
-index 5fb6ada..9c48b29 100644
+index fe9b9f7..35b4936e 100644
--- a/arch/x86/mm/tlb.c
+++ b/arch/x86/mm/tlb.c
@@ -45,7 +45,11 @@ void leave_mm(int cpu)
@@ -37464,34 +37568,34 @@ index 0000000..3fda3f3
+EXPORT_SYMBOL(__pax_close_userland);
+#endif
diff --git a/arch/x86/net/bpf_jit.S b/arch/x86/net/bpf_jit.S
-index 4093216..44b6b83 100644
+index f2a7faf..b77bb6c 100644
--- a/arch/x86/net/bpf_jit.S
+++ b/arch/x86/net/bpf_jit.S
-@@ -8,6 +8,7 @@
- * of the License.
+@@ -9,6 +9,7 @@
*/
#include <linux/linkage.h>
+ #include <asm/frame.h>
+#include <asm/alternative-asm.h>
/*
* Calling convention :
-@@ -37,6 +38,7 @@ sk_load_word_positive_offset:
+@@ -39,6 +40,7 @@ FUNC(sk_load_word_positive_offset)
jle bpf_slow_path_word
mov (SKBDATA,%rsi),%eax
bswap %eax /* ntohl() */
+ pax_force_retaddr
ret
- sk_load_half:
-@@ -54,6 +56,7 @@ sk_load_half_positive_offset:
+ FUNC(sk_load_half)
+@@ -52,6 +54,7 @@ FUNC(sk_load_half_positive_offset)
jle bpf_slow_path_half
movzwl (SKBDATA,%rsi),%eax
rol $8,%ax # ntohs()
+ pax_force_retaddr
ret
- sk_load_byte:
-@@ -68,6 +71,7 @@ sk_load_byte_positive_offset:
+ FUNC(sk_load_byte)
+@@ -62,6 +65,7 @@ FUNC(sk_load_byte_positive_offset)
cmp %esi,%r9d /* if (offset >= hlen) goto bpf_slow_path_byte */
jle bpf_slow_path_byte
movzbl (SKBDATA,%rsi),%eax
@@ -37499,7 +37603,7 @@ index 4093216..44b6b83 100644
ret
/* rsi contains offset and can be scratched */
-@@ -89,6 +93,7 @@ bpf_slow_path_word:
+@@ -85,6 +89,7 @@ bpf_slow_path_word:
js bpf_error
mov - MAX_BPF_STACK + 32(%rbp),%eax
bswap %eax
@@ -37507,7 +37611,7 @@ index 4093216..44b6b83 100644
ret
bpf_slow_path_half:
-@@ -97,12 +102,14 @@ bpf_slow_path_half:
+@@ -93,12 +98,14 @@ bpf_slow_path_half:
mov - MAX_BPF_STACK + 32(%rbp),%ax
rol $8,%ax
movzwl %ax,%eax
@@ -37522,7 +37626,7 @@ index 4093216..44b6b83 100644
ret
#define sk_negative_common(SIZE) \
-@@ -125,6 +132,7 @@ sk_load_word_negative_offset:
+@@ -123,6 +130,7 @@ FUNC(sk_load_word_negative_offset)
sk_negative_common(4)
mov (%rax), %eax
bswap %eax
@@ -37530,7 +37634,7 @@ index 4093216..44b6b83 100644
ret
bpf_slow_path_half_neg:
-@@ -136,6 +144,7 @@ sk_load_half_negative_offset:
+@@ -134,6 +142,7 @@ FUNC(sk_load_half_negative_offset)
mov (%rax),%ax
rol $8,%ax
movzwl %ax,%eax
@@ -37538,15 +37642,15 @@ index 4093216..44b6b83 100644
ret
bpf_slow_path_byte_neg:
-@@ -145,6 +154,7 @@ sk_load_byte_negative_offset:
- .globl sk_load_byte_negative_offset
+@@ -143,6 +152,7 @@ bpf_slow_path_byte_neg:
+ FUNC(sk_load_byte_negative_offset)
sk_negative_common(1)
movzbl (%rax), %eax
+ pax_force_retaddr
ret
bpf_error:
-@@ -155,4 +165,5 @@ bpf_error:
+@@ -153,4 +163,5 @@ bpf_error:
mov - MAX_BPF_STACK + 16(%rbp),%r14
mov - MAX_BPF_STACK + 24(%rbp),%r15
leaveq
@@ -37612,10 +37716,10 @@ index 4286f36..54471fd 100644
bpf_prog_unlock_free(fp);
}
diff --git a/arch/x86/oprofile/backtrace.c b/arch/x86/oprofile/backtrace.c
-index 4e664bd..2beeaa2 100644
+index cb31a44..b942435 100644
--- a/arch/x86/oprofile/backtrace.c
+++ b/arch/x86/oprofile/backtrace.c
-@@ -46,11 +46,11 @@ dump_user_backtrace_32(struct stack_frame_ia32 *head)
+@@ -47,11 +47,11 @@ dump_user_backtrace_32(struct stack_frame_ia32 *head)
struct stack_frame_ia32 *fp;
unsigned long bytes;
@@ -37629,7 +37733,7 @@ index 4e664bd..2beeaa2 100644
oprofile_add_trace(bufhead[0].return_address);
-@@ -92,7 +92,7 @@ static struct stack_frame *dump_user_backtrace(struct stack_frame *head)
+@@ -93,7 +93,7 @@ static struct stack_frame *dump_user_backtrace(struct stack_frame *head)
struct stack_frame bufhead[2];
unsigned long bytes;
@@ -37639,7 +37743,7 @@ index 4e664bd..2beeaa2 100644
return NULL;
diff --git a/arch/x86/oprofile/nmi_int.c b/arch/x86/oprofile/nmi_int.c
-index 1d2e639..6473b8a 100644
+index 0e07e09..334d300 100644
--- a/arch/x86/oprofile/nmi_int.c
+++ b/arch/x86/oprofile/nmi_int.c
@@ -23,6 +23,7 @@
@@ -37650,7 +37754,7 @@ index 1d2e639..6473b8a 100644
#include "op_counter.h"
#include "op_x86_model.h"
-@@ -614,7 +615,7 @@ enum __force_cpu_type {
+@@ -615,7 +616,7 @@ enum __force_cpu_type {
static int force_cpu_type;
@@ -37659,7 +37763,7 @@ index 1d2e639..6473b8a 100644
{
if (!strcmp(str, "timer")) {
force_cpu_type = timer;
-@@ -785,8 +786,11 @@ int __init op_nmi_init(struct oprofile_operations *ops)
+@@ -786,8 +787,11 @@ int __init op_nmi_init(struct oprofile_operations *ops)
if (ret)
return ret;
@@ -37674,10 +37778,10 @@ index 1d2e639..6473b8a 100644
mux_init(ops);
diff --git a/arch/x86/oprofile/op_model_amd.c b/arch/x86/oprofile/op_model_amd.c
-index 50d86c0..b0b9ae0 100644
+index 660a83c..6ff762b 100644
--- a/arch/x86/oprofile/op_model_amd.c
+++ b/arch/x86/oprofile/op_model_amd.c
-@@ -519,9 +519,11 @@ static int op_amd_init(struct oprofile_operations *ops)
+@@ -518,9 +518,11 @@ static int op_amd_init(struct oprofile_operations *ops)
num_counters = AMD64_NUM_COUNTERS;
}
@@ -38008,7 +38112,7 @@ index 9770e55..76067ec 100644
}
EXPORT_SYMBOL(pcibios_set_irq_routing);
diff --git a/arch/x86/pci/vmd.c b/arch/x86/pci/vmd.c
-index d57e480..fc4db30 100644
+index 7792aba..38faabf 100644
--- a/arch/x86/pci/vmd.c
+++ b/arch/x86/pci/vmd.c
@@ -374,7 +374,7 @@ static void vmd_teardown_dma_ops(struct vmd_dev *vmd)
@@ -38037,10 +38141,10 @@ index d57e480..fc4db30 100644
}
#undef ASSIGN_VMD_DMA_OPS
diff --git a/arch/x86/platform/efi/efi_32.c b/arch/x86/platform/efi/efi_32.c
-index ed5b673..24d2d53 100644
+index 338402b9..29ea50ab 100644
--- a/arch/x86/platform/efi/efi_32.c
+++ b/arch/x86/platform/efi/efi_32.c
-@@ -61,11 +61,27 @@ pgd_t * __init efi_call_phys_prolog(void)
+@@ -66,11 +66,27 @@ pgd_t * __init efi_call_phys_prolog(void)
struct desc_ptr gdt_descr;
pgd_t *save_pgd;
@@ -38068,7 +38172,7 @@ index ed5b673..24d2d53 100644
gdt_descr.address = __pa(get_cpu_gdt_table(0));
gdt_descr.size = GDT_SIZE - 1;
load_gdt(&gdt_descr);
-@@ -77,6 +93,14 @@ void __init efi_call_phys_epilog(pgd_t *save_pgd)
+@@ -82,6 +98,14 @@ void __init efi_call_phys_epilog(pgd_t *save_pgd)
{
struct desc_ptr gdt_descr;
@@ -38084,10 +38188,10 @@ index ed5b673..24d2d53 100644
gdt_descr.size = GDT_SIZE - 1;
load_gdt(&gdt_descr);
diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c
-index a0ac0f9..f41d324 100644
+index 49e4dd4..d714abf 100644
--- a/arch/x86/platform/efi/efi_64.c
+++ b/arch/x86/platform/efi/efi_64.c
-@@ -96,6 +96,11 @@ pgd_t * __init efi_call_phys_prolog(void)
+@@ -93,6 +93,11 @@ pgd_t * __init efi_call_phys_prolog(void)
vaddress = (unsigned long)__va(pgd * PGDIR_SIZE);
set_pgd(pgd_offset_k(pgd * PGDIR_SIZE), *pgd_offset_k(vaddress));
}
@@ -38096,10 +38200,10 @@ index a0ac0f9..f41d324 100644
+ load_cr3(swapper_pg_dir);
+#endif
+
+ out:
__flush_tlb_all();
- return save_pgd;
-@@ -119,6 +124,10 @@ void __init efi_call_phys_epilog(pgd_t *save_pgd)
+@@ -120,6 +125,10 @@ void __init efi_call_phys_epilog(pgd_t *save_pgd)
kfree(save_pgd);
@@ -38110,7 +38214,7 @@ index a0ac0f9..f41d324 100644
__flush_tlb_all();
early_code_mapping_set_exec(0);
}
-@@ -148,8 +157,23 @@ int __init efi_setup_page_tables(unsigned long pa_memmap, unsigned num_pages)
+@@ -220,8 +229,23 @@ int __init efi_setup_page_tables(unsigned long pa_memmap, unsigned num_pages)
unsigned npages;
pgd_t *pgd;
@@ -38133,8 +38237,8 @@ index a0ac0f9..f41d324 100644
return 0;
+ }
- efi_scratch.efi_pgt = (pgd_t *)(unsigned long)real_mode_header->trampoline_pgd;
- pgd = __va(efi_scratch.efi_pgt);
+ efi_scratch.efi_pgt = (pgd_t *)__pa(efi_pgd);
+ pgd = efi_pgd;
diff --git a/arch/x86/platform/efi/efi_stub_32.S b/arch/x86/platform/efi/efi_stub_32.S
index 040192b..7d3300f 100644
--- a/arch/x86/platform/efi/efi_stub_32.S
@@ -38265,25 +38369,24 @@ index 040192b..7d3300f 100644
.long 0
efi_rt_function_ptr:
diff --git a/arch/x86/platform/efi/efi_stub_64.S b/arch/x86/platform/efi/efi_stub_64.S
-index 86d0f9e..6d499f4 100644
+index 92723ae..c9adfb7 100644
--- a/arch/x86/platform/efi/efi_stub_64.S
+++ b/arch/x86/platform/efi/efi_stub_64.S
-@@ -11,6 +11,7 @@
- #include <asm/msr.h>
+@@ -12,6 +12,7 @@
#include <asm/processor-flags.h>
#include <asm/page_types.h>
+ #include <asm/frame.h>
+#include <asm/alternative-asm.h>
#define SAVE_XMM \
mov %rsp, %rax; \
-@@ -88,6 +89,7 @@ ENTRY(efi_call)
- RESTORE_PGT
+@@ -54,5 +55,6 @@ ENTRY(efi_call)
addq $48, %rsp
RESTORE_XMM
+ FRAME_END
+ pax_force_retaddr 0, 1
ret
ENDPROC(efi_call)
-
diff --git a/arch/x86/platform/intel-mid/intel-mid.c b/arch/x86/platform/intel-mid/intel-mid.c
index 90bb997..3cca066 100644
--- a/arch/x86/platform/intel-mid/intel-mid.c
@@ -38324,10 +38427,10 @@ index 3c1c386..59a68ed 100644
+extern const void *get_cloverview_ops(void);
+extern const void *get_tangier_ops(void);
diff --git a/arch/x86/platform/intel-mid/mfld.c b/arch/x86/platform/intel-mid/mfld.c
-index 23381d2..8ddc10e 100644
+index 1eb47b6..dadfb57 100644
--- a/arch/x86/platform/intel-mid/mfld.c
+++ b/arch/x86/platform/intel-mid/mfld.c
-@@ -64,12 +64,12 @@ static void __init penwell_arch_setup(void)
+@@ -61,12 +61,12 @@ static void __init penwell_arch_setup(void)
pm_power_off = mfld_power_off;
}
@@ -38343,10 +38446,10 @@ index 23381d2..8ddc10e 100644
return &penwell_ops;
}
diff --git a/arch/x86/platform/intel-mid/mrfl.c b/arch/x86/platform/intel-mid/mrfl.c
-index aaca917..66eadbc 100644
+index bd1adc6..e4f8c74 100644
--- a/arch/x86/platform/intel-mid/mrfl.c
+++ b/arch/x86/platform/intel-mid/mrfl.c
-@@ -97,7 +97,7 @@ static struct intel_mid_ops tangier_ops = {
+@@ -94,7 +94,7 @@ static struct intel_mid_ops tangier_ops = {
.arch_setup = tangier_arch_setup,
};
@@ -38356,10 +38459,10 @@ index aaca917..66eadbc 100644
return &tangier_ops;
}
diff --git a/arch/x86/platform/intel-quark/imr_selftest.c b/arch/x86/platform/intel-quark/imr_selftest.c
-index 278e4da..35db1a9 100644
+index f5bad40..da1428a 100644
--- a/arch/x86/platform/intel-quark/imr_selftest.c
+++ b/arch/x86/platform/intel-quark/imr_selftest.c
-@@ -55,7 +55,7 @@ static void __init imr_self_test_result(int res, const char *fmt, ...)
+@@ -54,7 +54,7 @@ static void __init imr_self_test_result(int res, const char *fmt, ...)
*/
static void __init imr_self_test(void)
{
@@ -38835,10 +38938,10 @@ index c7b15f3..cc09a65 100644
This is the Linux Xen port. Enabling this will allow the
kernel to boot in a paravirtualized environment under the
diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
-index e3679db..16b93d1 100644
+index 880862c..53dcb02 100644
--- a/arch/x86/xen/enlighten.c
+++ b/arch/x86/xen/enlighten.c
-@@ -131,8 +131,6 @@ EXPORT_SYMBOL_GPL(xen_start_info);
+@@ -132,8 +132,6 @@ EXPORT_SYMBOL_GPL(xen_start_info);
struct shared_info xen_dummy_shared_info;
@@ -38847,7 +38950,7 @@ index e3679db..16b93d1 100644
RESERVE_BRK(shared_info_page_brk, PAGE_SIZE);
__read_mostly int xen_have_vector_callback;
EXPORT_SYMBOL_GPL(xen_have_vector_callback);
-@@ -590,8 +588,7 @@ static void xen_load_gdt(const struct desc_ptr *dtr)
+@@ -591,8 +589,7 @@ static void xen_load_gdt(const struct desc_ptr *dtr)
{
unsigned long va = dtr->address;
unsigned int size = dtr->size + 1;
@@ -38857,7 +38960,7 @@ index e3679db..16b93d1 100644
int f;
/*
-@@ -639,8 +636,7 @@ static void __init xen_load_gdt_boot(const struct desc_ptr *dtr)
+@@ -640,8 +637,7 @@ static void __init xen_load_gdt_boot(const struct desc_ptr *dtr)
{
unsigned long va = dtr->address;
unsigned int size = dtr->size + 1;
@@ -38867,7 +38970,7 @@ index e3679db..16b93d1 100644
int f;
/*
-@@ -648,7 +644,7 @@ static void __init xen_load_gdt_boot(const struct desc_ptr *dtr)
+@@ -649,7 +645,7 @@ static void __init xen_load_gdt_boot(const struct desc_ptr *dtr)
* 8-byte entries, or 16 4k pages..
*/
@@ -38876,7 +38979,7 @@ index e3679db..16b93d1 100644
BUG_ON(va & ~PAGE_MASK);
for (f = 0; va < dtr->address + size; va += PAGE_SIZE, f++) {
-@@ -777,7 +773,7 @@ static int cvt_gate_to_trap(int vector, const gate_desc *val,
+@@ -778,7 +774,7 @@ static int cvt_gate_to_trap(int vector, const gate_desc *val,
* so we should never see them. Warn if
* there's an unexpected IST-using fault handler.
*/
@@ -38885,7 +38988,7 @@ index e3679db..16b93d1 100644
addr = (unsigned long)xen_debug;
else if (addr == (unsigned long)int3)
addr = (unsigned long)xen_int3;
-@@ -1262,7 +1258,7 @@ static const struct pv_cpu_ops xen_cpu_ops __initconst = {
+@@ -1263,7 +1259,7 @@ static const struct pv_cpu_ops xen_cpu_ops __initconst = {
.end_context_switch = xen_end_context_switch,
};
@@ -38894,7 +38997,7 @@ index e3679db..16b93d1 100644
{
struct sched_shutdown r = { .reason = reason };
int cpu;
-@@ -1270,26 +1266,26 @@ static void xen_reboot(int reason)
+@@ -1271,26 +1267,26 @@ static void xen_reboot(int reason)
for_each_online_cpu(cpu)
xen_pmu_finish(cpu);
@@ -38927,7 +39030,7 @@ index e3679db..16b93d1 100644
{
if (pm_power_off)
pm_power_off();
-@@ -1442,8 +1438,11 @@ static void __ref xen_setup_gdt(int cpu)
+@@ -1443,8 +1439,11 @@ static void __ref xen_setup_gdt(int cpu)
pv_cpu_ops.write_gdt_entry = xen_write_gdt_entry_boot;
pv_cpu_ops.load_gdt = xen_load_gdt_boot;
@@ -38941,7 +39044,7 @@ index e3679db..16b93d1 100644
pv_cpu_ops.write_gdt_entry = xen_write_gdt_entry;
pv_cpu_ops.load_gdt = xen_load_gdt;
-@@ -1560,7 +1559,17 @@ asmlinkage __visible void __init xen_start_kernel(void)
+@@ -1561,7 +1560,17 @@ asmlinkage __visible void __init xen_start_kernel(void)
__userpte_alloc_gfp &= ~__GFP_HIGHMEM;
/* Work out if we support NX */
@@ -38960,7 +39063,7 @@ index e3679db..16b93d1 100644
/* Get mfn list */
xen_build_dynamic_phys_to_machine();
-@@ -1588,13 +1597,6 @@ asmlinkage __visible void __init xen_start_kernel(void)
+@@ -1589,13 +1598,6 @@ asmlinkage __visible void __init xen_start_kernel(void)
machine_ops = xen_machine_ops;
@@ -38975,7 +39078,7 @@ index e3679db..16b93d1 100644
#ifdef CONFIG_ACPI_NUMA
diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c
-index c913ca4..55f8877 100644
+index 478a2de..4f5e7b6 100644
--- a/arch/x86/xen/mmu.c
+++ b/arch/x86/xen/mmu.c
@@ -1950,7 +1950,14 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn)
@@ -39057,7 +39160,7 @@ index c913ca4..55f8877 100644
.alloc_pud = xen_alloc_pmd_init,
.release_pud = xen_release_pmd_init,
diff --git a/arch/x86/xen/smp.c b/arch/x86/xen/smp.c
-index 3f4ebf0..f074dc1 100644
+index 719cf29..8a13fd8 100644
--- a/arch/x86/xen/smp.c
+++ b/arch/x86/xen/smp.c
@@ -306,17 +306,13 @@ static void __init xen_smp_prepare_boot_cpu(void)
@@ -39100,7 +39203,7 @@ index 3f4ebf0..f074dc1 100644
ctxt->user_regs.ss = __KERNEL_DS;
xen_copy_trap_info(ctxt->trap_ctxt);
-@@ -747,7 +743,7 @@ static const struct smp_ops xen_smp_ops __initconst = {
+@@ -749,7 +745,7 @@ static const struct smp_ops xen_smp_ops __initconst = {
void __init xen_smp_init(void)
{
@@ -39123,14 +39226,14 @@ index feb6d40..e59382c 100644
#else
movl %ss:xen_vcpu, %eax
diff --git a/arch/x86/xen/xen-head.S b/arch/x86/xen/xen-head.S
-index b65f59a..c43f9c6 100644
+index 7f8d8ab..8ecf53e 100644
--- a/arch/x86/xen/xen-head.S
+++ b/arch/x86/xen/xen-head.S
-@@ -41,6 +41,17 @@ ENTRY(startup_xen)
- #ifdef CONFIG_X86_32
- mov %esi,xen_start_info
- mov $init_thread_union+THREAD_SIZE,%esp
-+#ifdef CONFIG_SMP
+@@ -50,6 +50,18 @@ ENTRY(startup_xen)
+ mov %_ASM_SI, xen_start_info
+ mov $init_thread_union+THREAD_SIZE, %_ASM_SP
+
++#if defined(CONFIG_X86_32) && defined(CONFIG_SMP)
+ movl $cpu_gdt_table,%edi
+ movl $__per_cpu_load,%eax
+ movw %ax,__KERNEL_PERCPU + 2(%edi)
@@ -39141,9 +39244,10 @@ index b65f59a..c43f9c6 100644
+ subl $__per_cpu_start,%eax
+ movw %ax,__KERNEL_PERCPU + 0(%edi)
+#endif
- #else
- mov %rsi,xen_start_info
- mov $init_thread_union+THREAD_SIZE,%rsp
++
+ jmp xen_start_kernel
+
+ __FINIT
diff --git a/arch/x86/xen/xen-ops.h b/arch/x86/xen/xen-ops.h
index 4140b07..a391b69 100644
--- a/arch/x86/xen/xen-ops.h
@@ -39196,10 +39300,10 @@ index 2f33760..835e50a 100644
#define XCHAL_ICACHE_SIZE 8192 /* I-cache size in bytes or 0 */
#define XCHAL_DCACHE_SIZE 8192 /* D-cache size in bytes or 0 */
diff --git a/block/bio.c b/block/bio.c
-index cf75915..02d854f 100644
+index 807d25e..ac1e9e7 100644
--- a/block/bio.c
+++ b/block/bio.c
-@@ -1143,7 +1143,7 @@ struct bio *bio_copy_user_iov(struct request_queue *q,
+@@ -1149,7 +1149,7 @@ struct bio *bio_copy_user_iov(struct request_queue *q,
/*
* Overflow, abort
*/
@@ -39208,7 +39312,7 @@ index cf75915..02d854f 100644
return ERR_PTR(-EINVAL);
nr_pages += end - start;
-@@ -1268,7 +1268,7 @@ struct bio *bio_map_user_iov(struct request_queue *q,
+@@ -1274,7 +1274,7 @@ struct bio *bio_map_user_iov(struct request_queue *q,
/*
* Overflow, abort
*/
@@ -39272,10 +39376,10 @@ index 66e6f1a..8fb30f4 100644
spin_unlock_irq(blkg->q->queue_lock);
diff --git a/block/blk-map.c b/block/blk-map.c
-index a54f054..760b494 100644
+index b9f88b7..f40e6f5 100644
--- a/block/blk-map.c
+++ b/block/blk-map.c
-@@ -245,7 +245,7 @@ int blk_rq_map_kern(struct request_queue *q, struct request *rq, void *kbuf,
+@@ -214,7 +214,7 @@ int blk_rq_map_kern(struct request_queue *q, struct request *rq, void *kbuf,
if (!len || !kbuf)
return -EINVAL;
@@ -39329,10 +39433,10 @@ index d214e92..9649863 100644
if (blk_verify_command(rq->cmd, has_write_perm))
return -EPERM;
diff --git a/block/cfq-iosched.c b/block/cfq-iosched.c
-index 1f9093e..96b3e56 100644
+index 4a34978..d102252 100644
--- a/block/cfq-iosched.c
+++ b/block/cfq-iosched.c
-@@ -1941,8 +1941,8 @@ static u64 cfqg_prfill_sectors_recursive(struct seq_file *sf,
+@@ -1953,8 +1953,8 @@ static u64 cfqg_prfill_sectors_recursive(struct seq_file *sf,
{
struct blkg_rwstat tmp = blkg_rwstat_recursive_sum(pd->blkg, NULL,
offsetof(struct blkcg_gq, stat_bytes));
@@ -39344,7 +39448,7 @@ index 1f9093e..96b3e56 100644
return __blkg_prfill_u64(sf, pd, sum >> 9);
}
diff --git a/block/compat_ioctl.c b/block/compat_ioctl.c
-index f678c73..f35aa18 100644
+index 556826a..4e7c5fd 100644
--- a/block/compat_ioctl.c
+++ b/block/compat_ioctl.c
@@ -156,7 +156,7 @@ static int compat_cdrom_generic_command(struct block_device *bdev, fmode_t mode,
@@ -39682,51 +39786,6 @@ index 94970a7..f0c8d26 100644
const u32 *k = ctx->expkey;
const __le32 *s = (const __le32 *)src;
__le32 *d = (__le32 *)dst;
-diff --git a/crypto/zlib.c b/crypto/zlib.c
-index d51a30a..b6891a3 100644
---- a/crypto/zlib.c
-+++ b/crypto/zlib.c
-@@ -95,10 +95,10 @@ static int zlib_compress_setup(struct crypto_pcomp *tfm, const void *params,
- zlib_comp_exit(ctx);
-
- window_bits = tb[ZLIB_COMP_WINDOWBITS]
-- ? nla_get_u32(tb[ZLIB_COMP_WINDOWBITS])
-+ ? nla_get_s32(tb[ZLIB_COMP_WINDOWBITS])
- : MAX_WBITS;
- mem_level = tb[ZLIB_COMP_MEMLEVEL]
-- ? nla_get_u32(tb[ZLIB_COMP_MEMLEVEL])
-+ ? nla_get_s32(tb[ZLIB_COMP_MEMLEVEL])
- : DEF_MEM_LEVEL;
-
- workspacesize = zlib_deflate_workspacesize(window_bits, mem_level);
-@@ -108,15 +108,15 @@ static int zlib_compress_setup(struct crypto_pcomp *tfm, const void *params,
-
- ret = zlib_deflateInit2(stream,
- tb[ZLIB_COMP_LEVEL]
-- ? nla_get_u32(tb[ZLIB_COMP_LEVEL])
-+ ? nla_get_s32(tb[ZLIB_COMP_LEVEL])
- : Z_DEFAULT_COMPRESSION,
- tb[ZLIB_COMP_METHOD]
-- ? nla_get_u32(tb[ZLIB_COMP_METHOD])
-+ ? nla_get_s32(tb[ZLIB_COMP_METHOD])
- : Z_DEFLATED,
- window_bits,
- mem_level,
- tb[ZLIB_COMP_STRATEGY]
-- ? nla_get_u32(tb[ZLIB_COMP_STRATEGY])
-+ ? nla_get_s32(tb[ZLIB_COMP_STRATEGY])
- : Z_DEFAULT_STRATEGY);
- if (ret != Z_OK) {
- vfree(stream->workspace);
-@@ -224,7 +224,7 @@ static int zlib_decompress_setup(struct crypto_pcomp *tfm, const void *params,
- zlib_decomp_exit(ctx);
-
- ctx->decomp_windowBits = tb[ZLIB_DECOMP_WINDOWBITS]
-- ? nla_get_u32(tb[ZLIB_DECOMP_WINDOWBITS])
-+ ? nla_get_s32(tb[ZLIB_DECOMP_WINDOWBITS])
- : DEF_WBITS;
-
- stream->workspace = vzalloc(zlib_inflate_workspacesize());
diff --git a/drivers/acpi/ac.c b/drivers/acpi/ac.c
index f71b756..b96847c 100644
--- a/drivers/acpi/ac.c
@@ -39741,10 +39800,10 @@ index f71b756..b96847c 100644
#endif
diff --git a/drivers/acpi/acpi_video.c b/drivers/acpi/acpi_video.c
-index a76f8be..28cef93 100644
+index 4361bc9..5d5306e 100644
--- a/drivers/acpi/acpi_video.c
+++ b/drivers/acpi/acpi_video.c
-@@ -426,7 +426,7 @@ static int video_set_report_key_events(const struct dmi_system_id *id)
+@@ -419,7 +419,7 @@ static int video_set_report_key_events(const struct dmi_system_id *id)
return 0;
}
@@ -39789,10 +39848,10 @@ index 16129c7..8b675cd 100644
struct apei_exec_context {
u32 ip;
diff --git a/drivers/acpi/apei/ghes.c b/drivers/acpi/apei/ghes.c
-index 3dd9c46..cf0678f 100644
+index 60746ef..02a1ddc 100644
--- a/drivers/acpi/apei/ghes.c
+++ b/drivers/acpi/apei/ghes.c
-@@ -478,7 +478,7 @@ static void __ghes_print_estatus(const char *pfx,
+@@ -483,7 +483,7 @@ static void __ghes_print_estatus(const char *pfx,
const struct acpi_hest_generic *generic,
const struct acpi_hest_generic_status *estatus)
{
@@ -39801,7 +39860,7 @@ index 3dd9c46..cf0678f 100644
unsigned int curr_seqno;
char pfx_seq[64];
-@@ -489,7 +489,7 @@ static void __ghes_print_estatus(const char *pfx,
+@@ -494,7 +494,7 @@ static void __ghes_print_estatus(const char *pfx,
else
pfx = KERN_ERR;
}
@@ -39810,7 +39869,7 @@ index 3dd9c46..cf0678f 100644
snprintf(pfx_seq, sizeof(pfx_seq), "%s{%u}" HW_ERR, pfx, curr_seqno);
printk("%s""Hardware error from APEI Generic Hardware Error Source: %d\n",
pfx_seq, generic->header.source_id);
-@@ -539,7 +539,7 @@ static int ghes_estatus_cached(struct acpi_hest_generic_status *estatus)
+@@ -544,7 +544,7 @@ static int ghes_estatus_cached(struct acpi_hest_generic_status *estatus)
cache_estatus = GHES_ESTATUS_FROM_CACHE(cache);
if (memcmp(estatus, cache_estatus, len))
continue;
@@ -39819,7 +39878,7 @@ index 3dd9c46..cf0678f 100644
now = sched_clock();
if (now - cache->time_in < GHES_ESTATUS_IN_CACHE_MAX_NSEC)
cached = 1;
-@@ -573,7 +573,7 @@ static struct ghes_estatus_cache *ghes_estatus_cache_alloc(
+@@ -578,7 +578,7 @@ static struct ghes_estatus_cache *ghes_estatus_cache_alloc(
cache_estatus = GHES_ESTATUS_FROM_CACHE(cache);
memcpy(cache_estatus, estatus, len);
cache->estatus_len = len;
@@ -39828,7 +39887,7 @@ index 3dd9c46..cf0678f 100644
cache->generic = generic;
cache->time_in = sched_clock();
return cache;
-@@ -623,7 +623,7 @@ static void ghes_estatus_cache_add(
+@@ -628,7 +628,7 @@ static void ghes_estatus_cache_add(
slot_cache = cache;
break;
}
@@ -39851,10 +39910,10 @@ index b719ab3..371e2a6 100644
enum acpi_battery_files {
info_tag = 0,
diff --git a/drivers/acpi/bgrt.c b/drivers/acpi/bgrt.c
-index a83e3c6..7f4a90b 100644
+index 75f128e..72b03af 100644
--- a/drivers/acpi/bgrt.c
+++ b/drivers/acpi/bgrt.c
-@@ -86,8 +86,10 @@ static int __init bgrt_init(void)
+@@ -87,8 +87,10 @@ static int __init bgrt_init(void)
if (!bgrt_image)
return -ENODEV;
@@ -39890,7 +39949,7 @@ index 96809cd..6a49f979 100644
.callback = dmi_disable_osi_vista,
.ident = "Fujitsu Siemens",
diff --git a/drivers/acpi/bus.c b/drivers/acpi/bus.c
-index f9081b7..7ea8a5e 100644
+index c068c82..7611bc1 100644
--- a/drivers/acpi/bus.c
+++ b/drivers/acpi/bus.c
@@ -63,7 +63,7 @@ static int set_copy_dsdt(const struct dmi_system_id *id)
@@ -40000,10 +40059,10 @@ index 7188e53..6012bc4 100644
* Fujitsu Primequest machines will return 1023 to indicate an
* error if the _SUN method is evaluated on SxFy objects that
diff --git a/drivers/acpi/processor_idle.c b/drivers/acpi/processor_idle.c
-index 175c86b..f8226f0 100644
+index 444e374..eb738f2 100644
--- a/drivers/acpi/processor_idle.c
+++ b/drivers/acpi/processor_idle.c
-@@ -906,7 +906,7 @@ static int acpi_processor_setup_cpuidle_states(struct acpi_processor *pr)
+@@ -866,7 +866,7 @@ static int acpi_processor_setup_cpuidle_states(struct acpi_processor *pr)
{
int i, count = CPUIDLE_DRIVER_STATE_START;
struct acpi_processor_cx *cx;
@@ -40026,10 +40085,10 @@ index 7cfbda4..74f738c 100644
set_no_mwait, "Extensa 5220", {
DMI_MATCH(DMI_BIOS_VENDOR, "Phoenix Technologies LTD"),
diff --git a/drivers/acpi/sleep.c b/drivers/acpi/sleep.c
-index f054cad..e3c1453 100644
+index 2a8b596..90a329e 100644
--- a/drivers/acpi/sleep.c
+++ b/drivers/acpi/sleep.c
-@@ -148,7 +148,7 @@ static int __init init_nvs_nosave(const struct dmi_system_id *d)
+@@ -149,7 +149,7 @@ static int __init init_nvs_nosave(const struct dmi_system_id *d)
return 0;
}
@@ -40145,7 +40204,7 @@ index 1316ddd..0f10a1d 100644
backlight_notifier_registered = true;
init_done = true;
diff --git a/drivers/android/binder.c b/drivers/android/binder.c
-index 7d00b7a..d5fd80d 100644
+index 16288e7..91ab5f3 100644
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
@@ -120,7 +120,7 @@ static DECLARE_WAIT_QUEUE_HEAD(binder_user_error_wait);
@@ -40217,7 +40276,7 @@ index 55e257c..554c697 100644
}
diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c
-index e417e1a..baf752f 100644
+index 567859c..ffe7c75 100644
--- a/drivers/ata/libata-scsi.c
+++ b/drivers/ata/libata-scsi.c
@@ -4196,7 +4196,7 @@ int ata_sas_port_init(struct ata_port *ap)
@@ -40413,7 +40472,7 @@ index 6339efd..2b441d5 100644
dma_complete++;
}
diff --git a/drivers/atm/firestream.c b/drivers/atm/firestream.c
-index 82f2ae0..f205c02 100644
+index a969a7e..f5c5cd8 100644
--- a/drivers/atm/firestream.c
+++ b/drivers/atm/firestream.c
@@ -749,7 +749,7 @@ static void process_txdone_queue (struct fs_dev *dev, struct queue *q)
@@ -41252,10 +41311,10 @@ index cecfb94..87009ec 100644
}
diff --git a/drivers/base/bus.c b/drivers/base/bus.c
-index 5005924..9fc06c4 100644
+index 6470eb8..3a7d92b 100644
--- a/drivers/base/bus.c
+++ b/drivers/base/bus.c
-@@ -1141,7 +1141,7 @@ int subsys_interface_register(struct subsys_interface *sif)
+@@ -1136,7 +1136,7 @@ int subsys_interface_register(struct subsys_interface *sif)
return -EINVAL;
mutex_lock(&subsys->p->mutex);
@@ -41264,7 +41323,7 @@ index 5005924..9fc06c4 100644
if (sif->add_dev) {
subsys_dev_iter_init(&iter, subsys, NULL, NULL);
while ((dev = subsys_dev_iter_next(&iter)))
-@@ -1166,7 +1166,7 @@ void subsys_interface_unregister(struct subsys_interface *sif)
+@@ -1161,7 +1161,7 @@ void subsys_interface_unregister(struct subsys_interface *sif)
subsys = sif->subsys;
mutex_lock(&subsys->p->mutex);
@@ -41382,10 +41441,10 @@ index 279e539..4c9d7fb 100644
static void platform_msi_free_descs(struct device *dev, int base, int nvec)
diff --git a/drivers/base/power/domain.c b/drivers/base/power/domain.c
-index 0caf92a..62c184c 100644
+index 56705b5..4e938f5 100644
--- a/drivers/base/power/domain.c
+++ b/drivers/base/power/domain.c
-@@ -1804,8 +1804,10 @@ int genpd_dev_pm_attach(struct device *dev)
+@@ -1841,8 +1841,10 @@ int genpd_dev_pm_attach(struct device *dev)
goto out;
}
@@ -41508,7 +41567,7 @@ index a7b4679..d302490 100644
static DEVICE_ATTR(runtime_status, 0444, rtpm_status_show, NULL);
diff --git a/drivers/base/power/wakeup.c b/drivers/base/power/wakeup.c
-index a1e0b9a..81fc106 100644
+index 5fb7718..b4b79fb 100644
--- a/drivers/base/power/wakeup.c
+++ b/drivers/base/power/wakeup.c
@@ -36,14 +36,14 @@ static bool pm_abort_suspend __read_mostly;
@@ -41528,7 +41587,7 @@ index a1e0b9a..81fc106 100644
*cnt = (comb >> IN_PROGRESS_BITS);
*inpr = comb & MAX_IN_PROGRESS;
-@@ -540,7 +540,7 @@ static void wakeup_source_activate(struct wakeup_source *ws)
+@@ -542,7 +542,7 @@ static void wakeup_source_activate(struct wakeup_source *ws)
ws->start_prevent_time = ws->last_time;
/* Increment the counter of events in progress. */
@@ -41537,7 +41596,7 @@ index a1e0b9a..81fc106 100644
trace_wakeup_source_activate(ws->name, cec);
}
-@@ -666,7 +666,7 @@ static void wakeup_source_deactivate(struct wakeup_source *ws)
+@@ -668,7 +668,7 @@ static void wakeup_source_deactivate(struct wakeup_source *ws)
* Increment the counter of registered wakeup events and decrement the
* couter of wakeup events in progress simultaneously.
*/
@@ -41569,10 +41628,10 @@ index 1ee3d40..3274424 100644
regmap_writeable(map, i) ? 'y' : 'n',
regmap_volatile(map, i) ? 'y' : 'n',
diff --git a/drivers/base/regmap/regmap.c b/drivers/base/regmap/regmap.c
-index ee54e84..f00a29c 100644
+index df2d2ef..f9ea3b9 100644
--- a/drivers/base/regmap/regmap.c
+++ b/drivers/base/regmap/regmap.c
-@@ -401,8 +401,8 @@ static void regmap_unlock_mutex(void *__map)
+@@ -402,8 +402,8 @@ static void regmap_unlock_mutex(void *__map)
mutex_unlock(&map->mutex);
}
@@ -41582,7 +41641,7 @@ index ee54e84..f00a29c 100644
{
struct regmap *map = __map;
unsigned long flags;
-@@ -411,8 +411,8 @@ __acquires(&map->spinlock)
+@@ -412,8 +412,8 @@ __acquires(&map->spinlock)
map->spinlock_flags = flags;
}
@@ -41788,139 +41847,6 @@ index 7fda30e..2f27946 100644
};
struct board_type {
-diff --git a/drivers/block/cpqarray.c b/drivers/block/cpqarray.c
-index f749df9..5f8b9c4 100644
---- a/drivers/block/cpqarray.c
-+++ b/drivers/block/cpqarray.c
-@@ -404,7 +404,7 @@ static int cpqarray_register_ctlr(int i, struct pci_dev *pdev)
- if (register_blkdev(COMPAQ_SMART2_MAJOR+i, hba[i]->devname)) {
- goto Enomem4;
- }
-- hba[i]->access.set_intr_mask(hba[i], 0);
-+ hba[i]->access->set_intr_mask(hba[i], 0);
- if (request_irq(hba[i]->intr, do_ida_intr, IRQF_SHARED,
- hba[i]->devname, hba[i]))
- {
-@@ -459,7 +459,7 @@ static int cpqarray_register_ctlr(int i, struct pci_dev *pdev)
- add_timer(&hba[i]->timer);
-
- /* Enable IRQ now that spinlock and rate limit timer are set up */
-- hba[i]->access.set_intr_mask(hba[i], FIFO_NOT_EMPTY);
-+ hba[i]->access->set_intr_mask(hba[i], FIFO_NOT_EMPTY);
-
- for(j=0; j<NWD; j++) {
- struct gendisk *disk = ida_gendisk[i][j];
-@@ -694,7 +694,7 @@ DBGINFO(
- for(i=0; i<NR_PRODUCTS; i++) {
- if (board_id == products[i].board_id) {
- c->product_name = products[i].product_name;
-- c->access = *(products[i].access);
-+ c->access = products[i].access;
- break;
- }
- }
-@@ -792,7 +792,7 @@ static int cpqarray_eisa_detect(void)
- hba[ctlr]->intr = intr;
- sprintf(hba[ctlr]->devname, "ida%d", nr_ctlr);
- hba[ctlr]->product_name = products[j].product_name;
-- hba[ctlr]->access = *(products[j].access);
-+ hba[ctlr]->access = products[j].access;
- hba[ctlr]->ctlr = ctlr;
- hba[ctlr]->board_id = board_id;
- hba[ctlr]->pci_dev = NULL; /* not PCI */
-@@ -978,7 +978,7 @@ static void start_io(ctlr_info_t *h)
-
- while((c = h->reqQ) != NULL) {
- /* Can't do anything if we're busy */
-- if (h->access.fifo_full(h) == 0)
-+ if (h->access->fifo_full(h) == 0)
- return;
-
- /* Get the first entry from the request Q */
-@@ -986,7 +986,7 @@ static void start_io(ctlr_info_t *h)
- h->Qdepth--;
-
- /* Tell the controller to do our bidding */
-- h->access.submit_command(h, c);
-+ h->access->submit_command(h, c);
-
- /* Get onto the completion Q */
- addQ(&h->cmpQ, c);
-@@ -1048,7 +1048,7 @@ static irqreturn_t do_ida_intr(int irq, void *dev_id)
- unsigned long flags;
- __u32 a,a1;
-
-- istat = h->access.intr_pending(h);
-+ istat = h->access->intr_pending(h);
- /* Is this interrupt for us? */
- if (istat == 0)
- return IRQ_NONE;
-@@ -1059,7 +1059,7 @@ static irqreturn_t do_ida_intr(int irq, void *dev_id)
- */
- spin_lock_irqsave(IDA_LOCK(h->ctlr), flags);
- if (istat & FIFO_NOT_EMPTY) {
-- while((a = h->access.command_completed(h))) {
-+ while((a = h->access->command_completed(h))) {
- a1 = a; a &= ~3;
- if ((c = h->cmpQ) == NULL)
- {
-@@ -1448,11 +1448,11 @@ static int sendcmd(
- /*
- * Disable interrupt
- */
-- info_p->access.set_intr_mask(info_p, 0);
-+ info_p->access->set_intr_mask(info_p, 0);
- /* Make sure there is room in the command FIFO */
- /* Actually it should be completely empty at this time. */
- for (i = 200000; i > 0; i--) {
-- temp = info_p->access.fifo_full(info_p);
-+ temp = info_p->access->fifo_full(info_p);
- if (temp != 0) {
- break;
- }
-@@ -1465,7 +1465,7 @@ DBG(
- /*
- * Send the cmd
- */
-- info_p->access.submit_command(info_p, c);
-+ info_p->access->submit_command(info_p, c);
- complete = pollcomplete(ctlr);
-
- pci_unmap_single(info_p->pci_dev, (dma_addr_t) c->req.sg[0].addr,
-@@ -1548,9 +1548,9 @@ static int revalidate_allvol(ctlr_info_t *host)
- * we check the new geometry. Then turn interrupts back on when
- * we're done.
- */
-- host->access.set_intr_mask(host, 0);
-+ host->access->set_intr_mask(host, 0);
- getgeometry(ctlr);
-- host->access.set_intr_mask(host, FIFO_NOT_EMPTY);
-+ host->access->set_intr_mask(host, FIFO_NOT_EMPTY);
-
- for(i=0; i<NWD; i++) {
- struct gendisk *disk = ida_gendisk[ctlr][i];
-@@ -1590,7 +1590,7 @@ static int pollcomplete(int ctlr)
- /* Wait (up to 2 seconds) for a command to complete */
-
- for (i = 200000; i > 0; i--) {
-- done = hba[ctlr]->access.command_completed(hba[ctlr]);
-+ done = hba[ctlr]->access->command_completed(hba[ctlr]);
- if (done == 0) {
- udelay(10); /* a short fixed delay */
- } else
-diff --git a/drivers/block/cpqarray.h b/drivers/block/cpqarray.h
-index be73e9d..7fbf140 100644
---- a/drivers/block/cpqarray.h
-+++ b/drivers/block/cpqarray.h
-@@ -99,7 +99,7 @@ struct ctlr_info {
- drv_info_t drv[NWD];
- struct proc_dir_entry *proc;
-
-- struct access_method access;
-+ struct access_method *access;
-
- cmdlist_t *reqQ;
- cmdlist_t *cmpQ;
diff --git a/drivers/block/drbd/drbd_bitmap.c b/drivers/block/drbd/drbd_bitmap.c
index 92d6fc0..e4e1e27 100644
--- a/drivers/block/drbd/drbd_bitmap.c
@@ -41935,7 +41861,7 @@ index 92d6fc0..e4e1e27 100644
}
diff --git a/drivers/block/drbd/drbd_int.h b/drivers/block/drbd/drbd_int.h
-index 34bc84e..8bac095 100644
+index 7a1cf7e..538f666 100644
--- a/drivers/block/drbd/drbd_int.h
+++ b/drivers/block/drbd/drbd_int.h
@@ -382,7 +382,7 @@ struct drbd_epoch {
@@ -41968,7 +41894,7 @@ index 34bc84e..8bac095 100644
int rs_last_events; /* counter of read or write "events" (unit sectors)
* on the lower level device when we last looked. */
diff --git a/drivers/block/drbd/drbd_main.c b/drivers/block/drbd/drbd_main.c
-index 5b43dfb..d5f6e5c 100644
+index fa20977..1285a70 100644
--- a/drivers/block/drbd/drbd_main.c
+++ b/drivers/block/drbd/drbd_main.c
@@ -1329,7 +1329,7 @@ static int _drbd_send_ack(struct drbd_peer_device *peer_device, enum drbd_packet
@@ -42012,7 +41938,7 @@ index 5b43dfb..d5f6e5c 100644
idr_destroy(&connection->peer_devices);
diff --git a/drivers/block/drbd/drbd_nl.c b/drivers/block/drbd/drbd_nl.c
-index c055c5e..5cb3c1e 100644
+index 1fd1dcc..30ab091 100644
--- a/drivers/block/drbd/drbd_nl.c
+++ b/drivers/block/drbd/drbd_nl.c
@@ -89,8 +89,8 @@ int drbd_adm_get_initial_state(struct sk_buff *skb, struct netlink_callback *cb)
@@ -42026,7 +41952,7 @@ index c055c5e..5cb3c1e 100644
DEFINE_MUTEX(notification_mutex);
-@@ -4374,7 +4374,7 @@ void drbd_bcast_event(struct drbd_device *device, const struct sib_info *sib)
+@@ -4389,7 +4389,7 @@ void drbd_bcast_event(struct drbd_device *device, const struct sib_info *sib)
unsigned seq;
int err = -ENOMEM;
@@ -42035,7 +41961,7 @@ index c055c5e..5cb3c1e 100644
msg = genlmsg_new(NLMSG_GOODSIZE, GFP_NOIO);
if (!msg)
goto failed;
-@@ -4426,7 +4426,7 @@ void notify_resource_state(struct sk_buff *skb,
+@@ -4441,7 +4441,7 @@ void notify_resource_state(struct sk_buff *skb,
int err;
if (!skb) {
@@ -42044,7 +41970,7 @@ index c055c5e..5cb3c1e 100644
skb = genlmsg_new(NLMSG_GOODSIZE, GFP_NOIO);
err = -ENOMEM;
if (!skb)
-@@ -4477,7 +4477,7 @@ void notify_device_state(struct sk_buff *skb,
+@@ -4492,7 +4492,7 @@ void notify_device_state(struct sk_buff *skb,
int err;
if (!skb) {
@@ -42053,7 +41979,7 @@ index c055c5e..5cb3c1e 100644
skb = genlmsg_new(NLMSG_GOODSIZE, GFP_NOIO);
err = -ENOMEM;
if (!skb)
-@@ -4526,7 +4526,7 @@ void notify_connection_state(struct sk_buff *skb,
+@@ -4541,7 +4541,7 @@ void notify_connection_state(struct sk_buff *skb,
int err;
if (!skb) {
@@ -42062,7 +41988,7 @@ index c055c5e..5cb3c1e 100644
skb = genlmsg_new(NLMSG_GOODSIZE, GFP_NOIO);
err = -ENOMEM;
if (!skb)
-@@ -4576,7 +4576,7 @@ void notify_peer_device_state(struct sk_buff *skb,
+@@ -4591,7 +4591,7 @@ void notify_peer_device_state(struct sk_buff *skb,
int err;
if (!skb) {
@@ -42071,7 +41997,7 @@ index c055c5e..5cb3c1e 100644
skb = genlmsg_new(NLMSG_GOODSIZE, GFP_NOIO);
err = -ENOMEM;
if (!skb)
-@@ -4619,7 +4619,7 @@ void notify_helper(enum drbd_notification_type type,
+@@ -4634,7 +4634,7 @@ void notify_helper(enum drbd_notification_type type,
{
struct drbd_resource *resource = device ? device->resource : connection->resource;
struct drbd_helper_info helper_info;
@@ -42081,7 +42007,7 @@ index c055c5e..5cb3c1e 100644
struct drbd_genlmsghdr *dh;
int err;
diff --git a/drivers/block/drbd/drbd_receiver.c b/drivers/block/drbd/drbd_receiver.c
-index 1957fe8..de39941 100644
+index 050aaa1..2e7013c 100644
--- a/drivers/block/drbd/drbd_receiver.c
+++ b/drivers/block/drbd/drbd_receiver.c
@@ -895,7 +895,7 @@ int drbd_connected(struct drbd_peer_device *peer_device)
@@ -42226,7 +42152,7 @@ index 1957fe8..de39941 100644
connection->send.seen_any_write_yet = false;
drbd_info(connection, "Connection closed\n");
-@@ -5213,7 +5215,7 @@ static int got_IsInSync(struct drbd_connection *connection, struct packet_info *
+@@ -5209,7 +5211,7 @@ static int got_IsInSync(struct drbd_connection *connection, struct packet_info *
put_ldev(device);
}
dec_rs_pending(device);
@@ -42235,7 +42161,7 @@ index 1957fe8..de39941 100644
return 0;
}
-@@ -5464,7 +5466,7 @@ static int got_skip(struct drbd_connection *connection, struct packet_info *pi)
+@@ -5460,7 +5462,7 @@ static int got_skip(struct drbd_connection *connection, struct packet_info *pi)
struct meta_sock_cmd {
size_t pkt_size;
int (*fn)(struct drbd_connection *connection, struct packet_info *);
@@ -42338,7 +42264,7 @@ index 9e503a1..ac60262 100644
#endif /* DRBD_STATE_CHANGE_H */
diff --git a/drivers/block/drbd/drbd_worker.c b/drivers/block/drbd/drbd_worker.c
-index eff716c..4c52ef7 100644
+index 4d87499..1e2bcce 100644
--- a/drivers/block/drbd/drbd_worker.c
+++ b/drivers/block/drbd/drbd_worker.c
@@ -87,7 +87,8 @@ void drbd_md_endio(struct bio *bio)
@@ -42361,7 +42287,7 @@ index eff716c..4c52ef7 100644
{
unsigned long flags = 0;
struct drbd_peer_device *peer_device = peer_req->peer_device;
-@@ -391,7 +393,7 @@ static int read_for_csum(struct drbd_peer_device *peer_device, sector_t sector,
+@@ -396,7 +398,7 @@ static int read_for_csum(struct drbd_peer_device *peer_device, sector_t sector,
list_add_tail(&peer_req->w.list, &device->read_ee);
spin_unlock_irq(&device->resource->req_lock);
@@ -42370,7 +42296,7 @@ index eff716c..4c52ef7 100644
if (drbd_submit_peer_request(device, peer_req, READ, DRBD_FAULT_RS_RD) == 0)
return 0;
-@@ -536,7 +538,7 @@ static int drbd_rs_number_requests(struct drbd_device *device)
+@@ -541,7 +543,7 @@ static int drbd_rs_number_requests(struct drbd_device *device)
unsigned int sect_in; /* Number of sectors that came in since the last turn */
int number, mxb;
@@ -42379,7 +42305,7 @@ index eff716c..4c52ef7 100644
device->rs_in_flight -= sect_in;
rcu_read_lock();
-@@ -1583,8 +1585,8 @@ void drbd_rs_controller_reset(struct drbd_device *device)
+@@ -1588,8 +1590,8 @@ void drbd_rs_controller_reset(struct drbd_device *device)
struct gendisk *disk = device->ldev->backing_bdev->bd_contains->bd_disk;
struct fifo_buffer *plan;
@@ -42445,7 +42371,7 @@ index d06c62e..cd04d96 100644
if (ti.nwa_v) {
pd->nwa = be32_to_cpu(ti.next_writable);
diff --git a/drivers/block/rbd.c b/drivers/block/rbd.c
-index 9745cf9..8dbe1b5 100644
+index 0ede6d7..9bc6529 100644
--- a/drivers/block/rbd.c
+++ b/drivers/block/rbd.c
@@ -64,7 +64,7 @@
@@ -42541,35 +42467,22 @@ index 24a652f..2dffae6 100644
int err;
diff --git a/drivers/bus/arm-cci.c b/drivers/bus/arm-cci.c
-index 577cc4b..129a13e 100644
+index a49b283..a3af977 100644
--- a/drivers/bus/arm-cci.c
+++ b/drivers/bus/arm-cci.c
-@@ -1249,16 +1249,22 @@ static int cci_pmu_init_attrs(struct cci_pmu *cci_pmu, struct platform_device *p
- model->event_attrs);
- if (!attrs)
- return -ENOMEM;
-- pmu_event_attr_group.attrs = attrs;
-+ pax_open_kernel();
-+ const_cast(pmu_event_attr_group.attrs) = attrs;
-+ pax_close_kernel();
- }
- if (model->nformat_attrs) {
- attrs = alloc_attrs(pdev, model->nformat_attrs,
- model->format_attrs);
- if (!attrs)
- return -ENOMEM;
-- pmu_format_attr_group.attrs = attrs;
-+ pax_open_kernel();
-+ const_cast(pmu_format_attr_group.attrs) = attrs;
-+ pax_close_kernel();
- }
-- pmu_cpumask_attr.var = cci_pmu;
+@@ -1472,8 +1472,10 @@ static int cci_pmu_init(struct cci_pmu *cci_pmu, struct platform_device *pdev)
+ char *name = model->name;
+ u32 num_cntrs;
+
+- pmu_event_attr_group.attrs = model->event_attrs;
+- pmu_format_attr_group.attrs = model->format_attrs;
+ pax_open_kernel();
-+ const_cast(pmu_cpumask_attr.var) = cci_pmu;
++ const_cast(pmu_event_attr_group.attrs) = model->event_attrs;
++ const_cast(pmu_format_attr_group.attrs) = model->format_attrs;
+ pax_close_kernel();
- return 0;
- }
+ cci_pmu->pmu = (struct pmu) {
+ .name = cci_pmu->model->name,
diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c
index 1b257ea..2280898 100644
--- a/drivers/cdrom/cdrom.c
@@ -42635,7 +42548,7 @@ index 584bc31..e64a12c 100644
static int gdrom_bdops_open(struct block_device *bdev, fmode_t mode)
diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig
-index a043107..1263e4a 100644
+index 3ec0766..bf9f1e9 100644
--- a/drivers/char/Kconfig
+++ b/drivers/char/Kconfig
@@ -17,7 +17,8 @@ config DEVMEM
@@ -42648,7 +42561,7 @@ index a043107..1263e4a 100644
help
Say Y here if you want to support the /dev/kmem device. The
/dev/kmem device is rarely used, but can be used for certain
-@@ -586,6 +587,7 @@ config DEVPORT
+@@ -587,6 +588,7 @@ config DEVPORT
bool
depends on !M68K
depends on ISA || PCI
@@ -42670,7 +42583,7 @@ index a48e05b..6bac831 100644
kfree(usegment);
kfree(ksegment);
diff --git a/drivers/char/agp/frontend.c b/drivers/char/agp/frontend.c
-index 09f17eb..8531d2f 100644
+index 0f64d14..4cf4d6b 100644
--- a/drivers/char/agp/frontend.c
+++ b/drivers/char/agp/frontend.c
@@ -806,7 +806,7 @@ static int agpioc_reserve_wrap(struct agp_file_private *priv, void __user *arg)
@@ -42692,10 +42605,10 @@ index 09f17eb..8531d2f 100644
kfree(segment);
return -EFAULT;
diff --git a/drivers/char/agp/intel-gtt.c b/drivers/char/agp/intel-gtt.c
-index 1341a94..8a45bc2 100644
+index aef87fd..c17d9bb 100644
--- a/drivers/char/agp/intel-gtt.c
+++ b/drivers/char/agp/intel-gtt.c
-@@ -1408,8 +1408,8 @@ int intel_gmch_probe(struct pci_dev *bridge_pdev, struct pci_dev *gpu_pdev,
+@@ -1410,8 +1410,8 @@ int intel_gmch_probe(struct pci_dev *bridge_pdev, struct pci_dev *gpu_pdev,
}
EXPORT_SYMBOL(intel_gmch_probe);
@@ -42779,7 +42692,7 @@ index 9f2e3be..676c910 100644
int rv = param_set_int(val, kp);
if (rv)
diff --git a/drivers/char/ipmi/ipmi_si_intf.c b/drivers/char/ipmi/ipmi_si_intf.c
-index 7fddd86..f5b038e 100644
+index 1e25b52..9b8ee6a 100644
--- a/drivers/char/ipmi/ipmi_si_intf.c
+++ b/drivers/char/ipmi/ipmi_si_intf.c
@@ -302,7 +302,7 @@ struct smi_info {
@@ -42821,7 +42734,7 @@ index 7fddd86..f5b038e 100644
{
char *str = kstrdup(val, GFP_KERNEL);
int rv;
-@@ -3623,7 +3623,7 @@ static int try_smi_init(struct smi_info *new_smi)
+@@ -3626,7 +3626,7 @@ static int try_smi_init(struct smi_info *new_smi)
atomic_set(&new_smi->req_events, 0);
new_smi->run_to_completion = false;
for (i = 0; i < SI_NUM_STATS; i++)
@@ -42831,7 +42744,7 @@ index 7fddd86..f5b038e 100644
new_smi->interrupt_disabled = true;
atomic_set(&new_smi->need_watch, 0);
diff --git a/drivers/char/ipmi/ipmi_ssif.c b/drivers/char/ipmi/ipmi_ssif.c
-index 5f1c3d0..8fca936 100644
+index 8b3be8b..c342470 100644
--- a/drivers/char/ipmi/ipmi_ssif.c
+++ b/drivers/char/ipmi/ipmi_ssif.c
@@ -284,17 +284,17 @@ struct ssif_info {
@@ -42856,7 +42769,7 @@ index 5f1c3d0..8fca936 100644
static void return_hosed_msg(struct ssif_info *ssif_info,
struct ipmi_smi_msg *msg);
-@@ -1609,7 +1609,7 @@ static int ssif_probe(struct i2c_client *client, const struct i2c_device_id *id)
+@@ -1604,7 +1604,7 @@ static int ssif_probe(struct i2c_client *client, const struct i2c_device_id *id)
}
found:
@@ -42865,7 +42778,7 @@ index 5f1c3d0..8fca936 100644
if (ssif_dbg_probe) {
pr_info("ssif_probe: i2c_probe found device at i2c address %x\n",
-@@ -1623,7 +1623,7 @@ static int ssif_probe(struct i2c_client *client, const struct i2c_device_id *id)
+@@ -1618,7 +1618,7 @@ static int ssif_probe(struct i2c_client *client, const struct i2c_device_id *id)
ssif_info->retry_timer.function = retry_timeout;
for (i = 0; i < SSIF_NUM_STATS; i++)
@@ -42875,7 +42788,7 @@ index 5f1c3d0..8fca936 100644
if (ssif_info->supports_pec)
ssif_info->client->flags |= I2C_CLIENT_PEC;
diff --git a/drivers/char/mem.c b/drivers/char/mem.c
-index 4f6f94c..1e20d2f5 100644
+index 71025c2..27d9797 100644
--- a/drivers/char/mem.c
+++ b/drivers/char/mem.c
@@ -18,6 +18,7 @@
@@ -43024,7 +42937,7 @@ index 4f6f94c..1e20d2f5 100644
return tty_init();
diff --git a/drivers/char/nvram.c b/drivers/char/nvram.c
-index 0129232..422edaa 100644
+index 678fa97..5598cef 100644
--- a/drivers/char/nvram.c
+++ b/drivers/char/nvram.c
@@ -235,7 +235,7 @@ static ssize_t nvram_read(struct file *file, char __user *buf,
@@ -43037,10 +42950,10 @@ index 0129232..422edaa 100644
*ppos = i;
diff --git a/drivers/char/pcmcia/synclink_cs.c b/drivers/char/pcmcia/synclink_cs.c
-index 45df4bf..22d88d4 100644
+index 22c2765..d92c8fa 100644
--- a/drivers/char/pcmcia/synclink_cs.c
+++ b/drivers/char/pcmcia/synclink_cs.c
-@@ -2345,7 +2345,7 @@ static void mgslpc_close(struct tty_struct *tty, struct file * filp)
+@@ -2340,7 +2340,7 @@ static void mgslpc_close(struct tty_struct *tty, struct file * filp)
if (debug_level >= DEBUG_LEVEL_INFO)
printk("%s(%d):mgslpc_close(%s) entry, count=%d\n",
@@ -43049,7 +42962,7 @@ index 45df4bf..22d88d4 100644
if (tty_port_close_start(port, tty, filp) == 0)
goto cleanup;
-@@ -2363,7 +2363,7 @@ static void mgslpc_close(struct tty_struct *tty, struct file * filp)
+@@ -2358,7 +2358,7 @@ static void mgslpc_close(struct tty_struct *tty, struct file * filp)
cleanup:
if (debug_level >= DEBUG_LEVEL_INFO)
printk("%s(%d):mgslpc_close(%s) exit, count=%d\n", __FILE__, __LINE__,
@@ -43058,7 +42971,7 @@ index 45df4bf..22d88d4 100644
}
/* Wait until the transmitter is empty.
-@@ -2505,7 +2505,7 @@ static int mgslpc_open(struct tty_struct *tty, struct file * filp)
+@@ -2500,7 +2500,7 @@ static int mgslpc_open(struct tty_struct *tty, struct file * filp)
if (debug_level >= DEBUG_LEVEL_INFO)
printk("%s(%d):mgslpc_open(%s), old ref count = %d\n",
@@ -43067,7 +42980,7 @@ index 45df4bf..22d88d4 100644
port->low_latency = (port->flags & ASYNC_LOW_LATENCY) ? 1 : 0;
-@@ -2516,11 +2516,11 @@ static int mgslpc_open(struct tty_struct *tty, struct file * filp)
+@@ -2511,11 +2511,11 @@ static int mgslpc_open(struct tty_struct *tty, struct file * filp)
goto cleanup;
}
spin_lock(&port->lock);
@@ -43081,7 +42994,7 @@ index 45df4bf..22d88d4 100644
/* 1st open on this device, init hardware */
retval = startup(info, tty);
if (retval < 0)
-@@ -3909,7 +3909,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding,
+@@ -3904,7 +3904,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding,
unsigned short new_crctype;
/* return error if TTY interface open */
@@ -43090,7 +43003,7 @@ index 45df4bf..22d88d4 100644
return -EBUSY;
switch (encoding)
-@@ -4013,7 +4013,7 @@ static int hdlcdev_open(struct net_device *dev)
+@@ -4008,7 +4008,7 @@ static int hdlcdev_open(struct net_device *dev)
/* arbitrate between network and tty opens */
spin_lock_irqsave(&info->netlock, flags);
@@ -43099,7 +43012,7 @@ index 45df4bf..22d88d4 100644
printk(KERN_WARNING "%s: hdlc_open returning busy\n", dev->name);
spin_unlock_irqrestore(&info->netlock, flags);
return -EBUSY;
-@@ -4103,7 +4103,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
+@@ -4098,7 +4098,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
printk("%s:hdlcdev_ioctl(%s)\n", __FILE__, dev->name);
/* return error if TTY interface open */
@@ -43223,7 +43136,7 @@ index e496dae..3db53b6 100644
.ident = "Sony Vaio",
.matches = {
diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c
-index 2521425..10e45de 100644
+index 274dd01..ac863b7 100644
--- a/drivers/char/tpm/tpm-chip.c
+++ b/drivers/char/tpm/tpm-chip.c
@@ -74,6 +74,11 @@ static void tpm_dev_release(struct device *dev)
@@ -43238,15 +43151,15 @@ index 2521425..10e45de 100644
/**
* tpmm_chip_alloc() - allocate a new struct tpm_chip instance
* @dev: device to which the chip is associated
-@@ -136,7 +141,7 @@ struct tpm_chip *tpmm_chip_alloc(struct device *dev,
+@@ -137,7 +142,7 @@ struct tpm_chip *tpmm_chip_alloc(struct device *dev,
chip->cdev.owner = chip->pdev->driver->owner;
chip->cdev.kobj.parent = &chip->dev.kobj;
-- devm_add_action(dev, (void (*)(void *)) put_device, &chip->dev);
-+ devm_add_action(dev, tpm_put_device, &chip->dev);
-
- return chip;
- }
+- rc = devm_add_action(dev, (void (*)(void *)) put_device, &chip->dev);
++ rc = devm_add_action(dev, tpm_put_device, &chip->dev);
+ if (rc) {
+ put_device(&chip->dev);
+ return ERR_PTR(rc);
diff --git a/drivers/char/tpm/tpm_acpi.c b/drivers/char/tpm/tpm_acpi.c
index 565a947..dcdc06e 100644
--- a/drivers/char/tpm/tpm_acpi.c
@@ -43316,10 +43229,10 @@ index d2406fe..473a5c0 100644
static void resize_console(struct port *port)
diff --git a/drivers/clk/clk-composite.c b/drivers/clk/clk-composite.c
-index 4735de0..de4ffc9 100644
+index 1f903e1f8..5f1b4cb 100644
--- a/drivers/clk/clk-composite.c
+++ b/drivers/clk/clk-composite.c
-@@ -196,7 +196,7 @@ struct clk *clk_register_composite(struct device *dev, const char *name,
+@@ -194,7 +194,7 @@ struct clk *clk_register_composite(struct device *dev, const char *name,
struct clk *clk;
struct clk_init_data init;
struct clk_composite *composite;
@@ -43342,7 +43255,7 @@ index aa872d2..afeae37 100644
/**
* struct samsung_clk_reg_dump: register dump of clock controller registers.
diff --git a/drivers/clk/socfpga/clk-gate-a10.c b/drivers/clk/socfpga/clk-gate-a10.c
-index 1cebf25..ff2186f 100644
+index c2d5727..1a305db 100644
--- a/drivers/clk/socfpga/clk-gate-a10.c
+++ b/drivers/clk/socfpga/clk-gate-a10.c
@@ -19,6 +19,7 @@
@@ -43362,7 +43275,7 @@ index 1cebf25..ff2186f 100644
.prepare = socfpga_clk_prepare,
.recalc_rate = socfpga_gate_clk_recalc_rate,
};
-@@ -129,8 +130,10 @@ static void __init __socfpga_gate_init(struct device_node *node,
+@@ -128,8 +129,10 @@ static void __init __socfpga_gate_init(struct device_node *node,
socfpga_clk->hw.reg = clk_mgr_a10_base_addr + clk_gate[0];
socfpga_clk->hw.bit_idx = clk_gate[1];
@@ -43410,7 +43323,7 @@ index aa7a6e6..1e9b426 100644
rc = of_property_read_u32(node, "fixed-divider", &fixed_div);
diff --git a/drivers/clk/socfpga/clk-pll-a10.c b/drivers/clk/socfpga/clk-pll-a10.c
-index 402d630..d8590c8 100644
+index 35fabe1..d847c53 100644
--- a/drivers/clk/socfpga/clk-pll-a10.c
+++ b/drivers/clk/socfpga/clk-pll-a10.c
@@ -18,6 +18,7 @@
@@ -43430,7 +43343,7 @@ index 402d630..d8590c8 100644
.recalc_rate = clk_pll_recalc_rate,
.get_parent = clk_pll_get_parent,
};
-@@ -112,8 +113,10 @@ static struct __init clk * __socfpga_pll_init(struct device_node *node,
+@@ -112,8 +113,10 @@ static struct clk * __init __socfpga_pll_init(struct device_node *node,
pll_clk->hw.hw.init = &init;
pll_clk->hw.bit_idx = SOCFPGA_PLL_EXT_ENA;
@@ -43477,8 +43390,21 @@ index c7f4631..8d1b7d0 100644
clk = clk_register(NULL, &pll_clk->hw.hw);
if (WARN_ON(IS_ERR(clk))) {
+diff --git a/drivers/clk/ti/adpll.c b/drivers/clk/ti/adpll.c
+index 255cafb..7b41c3b 100644
+--- a/drivers/clk/ti/adpll.c
++++ b/drivers/clk/ti/adpll.c
+@@ -589,7 +589,7 @@ static int ti_adpll_init_clkout(struct ti_adpll_data *d,
+ {
+ struct ti_adpll_clkout_data *co;
+ struct clk_init_data init;
+- struct clk_ops *ops;
++ clk_ops_no_const *ops;
+ const char *parent_names[2];
+ const char *child_name;
+ struct clk *clock;
diff --git a/drivers/clk/ti/clk.c b/drivers/clk/ti/clk.c
-index b5bcd77..fc230cb 100644
+index 5fcf247..446780a 100644
--- a/drivers/clk/ti/clk.c
+++ b/drivers/clk/ti/clk.c
@@ -25,6 +25,8 @@
@@ -43504,10 +43430,10 @@ index b5bcd77..fc230cb 100644
return 0;
}
diff --git a/drivers/cpufreq/acpi-cpufreq.c b/drivers/cpufreq/acpi-cpufreq.c
-index 51eef87..f530cf9 100644
+index fb57121..ff57f22 100644
--- a/drivers/cpufreq/acpi-cpufreq.c
+++ b/drivers/cpufreq/acpi-cpufreq.c
-@@ -682,8 +682,11 @@ static int acpi_cpufreq_cpu_init(struct cpufreq_policy *policy)
+@@ -658,8 +658,11 @@ static int acpi_cpufreq_cpu_init(struct cpufreq_policy *policy)
data->acpi_perf_cpu = cpu;
policy->driver_data = data;
@@ -43521,7 +43447,7 @@ index 51eef87..f530cf9 100644
result = acpi_processor_register_performance(perf, cpu);
if (result)
-@@ -816,7 +819,9 @@ static int acpi_cpufreq_cpu_init(struct cpufreq_policy *policy)
+@@ -798,7 +801,9 @@ static int acpi_cpufreq_cpu_init(struct cpufreq_policy *policy)
policy->cur = acpi_cpufreq_guess_freq(data, policy->cpu);
break;
case ACPI_ADR_SPACE_FIXED_HARDWARE:
@@ -43532,7 +43458,7 @@ index 51eef87..f530cf9 100644
break;
default:
break;
-@@ -910,8 +915,10 @@ static void __init acpi_cpufreq_boost_init(void)
+@@ -892,8 +897,10 @@ static void __init acpi_cpufreq_boost_init(void)
if (!msrs)
return;
@@ -43546,12 +43472,12 @@ index 51eef87..f530cf9 100644
cpu_notifier_register_begin();
diff --git a/drivers/cpufreq/cpufreq-dt.c b/drivers/cpufreq/cpufreq-dt.c
-index 0ca74d0..1a0d302 100644
+index 5f8dbe6..57754e5 100644
--- a/drivers/cpufreq/cpufreq-dt.c
+++ b/drivers/cpufreq/cpufreq-dt.c
-@@ -461,7 +461,9 @@ static int dt_cpufreq_probe(struct platform_device *pdev)
- if (!IS_ERR(cpu_reg))
- regulator_put(cpu_reg);
+@@ -368,7 +368,9 @@ static int dt_cpufreq_probe(struct platform_device *pdev)
+ if (ret)
+ return ret;
- dt_cpufreq_driver.driver_data = dev_get_platdata(&pdev->dev);
+ pax_open_kernel();
@@ -43561,10 +43487,10 @@ index 0ca74d0..1a0d302 100644
ret = cpufreq_register_driver(&dt_cpufreq_driver);
if (ret)
diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c
-index e979ec7..a76375c 100644
+index c4acfc5..95ed094 100644
--- a/drivers/cpufreq/cpufreq.c
+++ b/drivers/cpufreq/cpufreq.c
-@@ -474,12 +474,12 @@ EXPORT_SYMBOL_GPL(cpufreq_freq_transition_end);
+@@ -434,12 +434,12 @@ EXPORT_SYMBOL_GPL(cpufreq_freq_transition_end);
* SYSFS INTERFACE *
*********************************************************************/
static ssize_t show_boost(struct kobject *kobj,
@@ -43579,7 +43505,7 @@ index e979ec7..a76375c 100644
const char *buf, size_t count)
{
int ret, enable;
-@@ -2048,7 +2048,7 @@ void cpufreq_unregister_governor(struct cpufreq_governor *governor)
+@@ -1999,7 +1999,7 @@ void cpufreq_unregister_governor(struct cpufreq_governor *governor)
read_unlock_irqrestore(&cpufreq_driver_lock, flags);
mutex_lock(&cpufreq_governor_mutex);
@@ -43588,7 +43514,7 @@ index e979ec7..a76375c 100644
mutex_unlock(&cpufreq_governor_mutex);
return;
}
-@@ -2274,7 +2274,7 @@ static int cpufreq_cpu_callback(struct notifier_block *nfb,
+@@ -2207,7 +2207,7 @@ static int cpufreq_cpu_callback(struct notifier_block *nfb,
return NOTIFY_OK;
}
@@ -43597,7 +43523,7 @@ index e979ec7..a76375c 100644
.notifier_call = cpufreq_cpu_callback,
};
-@@ -2314,13 +2314,17 @@ int cpufreq_boost_trigger_state(int state)
+@@ -2250,13 +2250,17 @@ int cpufreq_boost_trigger_state(int state)
return 0;
write_lock_irqsave(&cpufreq_driver_lock, flags);
@@ -43617,7 +43543,7 @@ index e979ec7..a76375c 100644
write_unlock_irqrestore(&cpufreq_driver_lock, flags);
pr_err("%s: Cannot %s BOOST\n",
-@@ -2361,7 +2365,9 @@ int cpufreq_enable_boost_support(void)
+@@ -2297,7 +2301,9 @@ int cpufreq_enable_boost_support(void)
if (cpufreq_boost_supported())
return 0;
@@ -43628,7 +43554,7 @@ index e979ec7..a76375c 100644
/* This will get removed on driver unregister */
return create_boost_sysfs_file();
-@@ -2418,8 +2424,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data)
+@@ -2354,8 +2360,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data)
cpufreq_driver = driver_data;
write_unlock_irqrestore(&cpufreq_driver_lock, flags);
@@ -43642,82 +43568,33 @@ index e979ec7..a76375c 100644
if (cpufreq_boost_supported()) {
ret = create_boost_sysfs_file();
-diff --git a/drivers/cpufreq/cpufreq_governor.c b/drivers/cpufreq/cpufreq_governor.c
-index e0d1110..575e673 100644
---- a/drivers/cpufreq/cpufreq_governor.c
-+++ b/drivers/cpufreq/cpufreq_governor.c
-@@ -497,7 +497,7 @@ static int cpufreq_governor_start(struct cpufreq_policy *policy,
- cs_dbs_info->down_skip = 0;
- cs_dbs_info->requested_freq = policy->cur;
- } else {
-- struct od_ops *od_ops = cdata->gov_ops;
-+ const struct od_ops *od_ops = cdata->gov_ops;
- struct od_cpu_dbs_info_s *od_dbs_info = cdata->get_cpu_dbs_info_s(cpu);
-
- od_dbs_info->rate_mult = 1;
diff --git a/drivers/cpufreq/cpufreq_governor.h b/drivers/cpufreq/cpufreq_governor.h
-index 91e767a0..3b40724 100644
+index 61ff82f..ccc29a1 100644
--- a/drivers/cpufreq/cpufreq_governor.h
+++ b/drivers/cpufreq/cpufreq_governor.h
-@@ -75,7 +75,7 @@ __ATTR(_name, 0644, show_##_name##_gov_pol, store_##_name##_gov_pol)
- /* Create show/store routines */
- #define show_one(_gov, file_name) \
- static ssize_t show_##file_name##_gov_sys \
--(struct kobject *kobj, struct attribute *attr, char *buf) \
-+(struct kobject *kobj, struct kobj_attribute *attr, char *buf) \
- { \
- struct _gov##_dbs_tuners *tuners = _gov##_dbs_cdata.gdbs_data->tuners; \
- return sprintf(buf, "%u\n", tuners->file_name); \
-@@ -91,7 +91,7 @@ static ssize_t show_##file_name##_gov_pol \
-
- #define store_one(_gov, file_name) \
- static ssize_t store_##file_name##_gov_sys \
--(struct kobject *kobj, struct attribute *attr, const char *buf, size_t count) \
-+(struct kobject *kobj, struct kobj_attribute *attr, const char *buf, size_t count) \
- { \
- struct dbs_data *dbs_data = _gov##_dbs_cdata.gdbs_data; \
- return store_##file_name(dbs_data, buf, count); \
-@@ -219,7 +219,7 @@ struct common_dbs_data {
- void (*exit)(struct dbs_data *dbs_data, bool notify);
-
- /* Governor specific ops, see below */
-- void *gov_ops;
-+ const void *gov_ops;
-
- /*
- * Protects governor's data (struct dbs_data and struct common_dbs_data)
-@@ -241,7 +241,7 @@ struct od_ops {
+@@ -176,7 +176,7 @@ static inline struct dbs_governor *dbs_governor_of(struct cpufreq_policy *policy
+ struct od_ops {
unsigned int (*powersave_bias_target)(struct cpufreq_policy *policy,
unsigned int freq_next, unsigned int relation);
- void (*freq_increase)(struct cpufreq_policy *policy, unsigned int freq);
-};
+} __no_const;
- static inline int delay_for_sampling_rate(unsigned int sampling_rate)
- {
-@@ -256,7 +256,7 @@ static inline int delay_for_sampling_rate(unsigned int sampling_rate)
-
- #define declare_show_sampling_rate_min(_gov) \
- static ssize_t show_sampling_rate_min_gov_sys \
--(struct kobject *kobj, struct attribute *attr, char *buf) \
-+(struct kobject *kobj, struct kobj_attribute *attr, char *buf) \
- { \
- struct dbs_data *dbs_data = _gov##_dbs_cdata.gdbs_data; \
- return sprintf(buf, "%u\n", dbs_data->min_sampling_rate); \
+ unsigned int dbs_update(struct cpufreq_policy *policy);
+ int cpufreq_governor_dbs(struct cpufreq_policy *policy, unsigned int event);
diff --git a/drivers/cpufreq/cpufreq_ondemand.c b/drivers/cpufreq/cpufreq_ondemand.c
-index eae5107..3dd6408 100644
+index acd8027..1d206c6 100644
--- a/drivers/cpufreq/cpufreq_ondemand.c
+++ b/drivers/cpufreq/cpufreq_ondemand.c
-@@ -534,7 +534,7 @@ static void od_exit(struct dbs_data *dbs_data, bool notify)
-
- define_get_cpu_dbs_routines(od_cpu_dbs_info);
+@@ -410,7 +410,7 @@ static void od_start(struct cpufreq_policy *policy)
+ ondemand_powersave_bias_init(policy);
+ }
-static struct od_ops od_ops = {
+static struct od_ops od_ops __read_only = {
- .powersave_bias_init_cpu = ondemand_powersave_bias_init_cpu,
.powersave_bias_target = generic_powersave_bias_target,
- .freq_increase = dbs_freq_increase,
-@@ -593,14 +593,18 @@ void od_register_powersave_bias_handler(unsigned int (*f)
+ };
+
+@@ -471,14 +471,18 @@ void od_register_powersave_bias_handler(unsigned int (*f)
(struct cpufreq_policy *, unsigned int, unsigned int),
unsigned int powersave_bias)
{
@@ -43739,10 +43616,10 @@ index eae5107..3dd6408 100644
}
EXPORT_SYMBOL_GPL(od_unregister_powersave_bias_handler);
diff --git a/drivers/cpufreq/intel_pstate.c b/drivers/cpufreq/intel_pstate.c
-index e895123..05de99b 100644
+index b230eba..aeb6923 100644
--- a/drivers/cpufreq/intel_pstate.c
+++ b/drivers/cpufreq/intel_pstate.c
-@@ -141,13 +141,13 @@ struct pstate_funcs {
+@@ -249,13 +249,13 @@ struct pstate_funcs {
struct cpu_defaults {
struct pstate_adjust_policy pid_policy;
struct pstate_funcs funcs;
@@ -43757,8 +43634,8 @@ index e895123..05de99b 100644
+static struct pstate_funcs *pstate_funcs;
static int hwp_active;
- struct perf_limits {
-@@ -374,13 +374,13 @@ static void __init intel_pstate_debug_expose_params(void)
+
+@@ -521,13 +521,13 @@ static void __init intel_pstate_debug_expose_params(void)
/************************** sysfs begin ************************/
#define show_one(file_name, object) \
static ssize_t show_##file_name \
@@ -43774,7 +43651,7 @@ index e895123..05de99b 100644
{
struct cpudata *cpu;
int total, no_turbo, turbo_pct;
-@@ -396,7 +396,7 @@ static ssize_t show_turbo_pct(struct kobject *kobj,
+@@ -543,7 +543,7 @@ static ssize_t show_turbo_pct(struct kobject *kobj,
}
static ssize_t show_num_pstates(struct kobject *kobj,
@@ -43783,7 +43660,7 @@ index e895123..05de99b 100644
{
struct cpudata *cpu;
int total;
-@@ -407,7 +407,7 @@ static ssize_t show_num_pstates(struct kobject *kobj,
+@@ -554,7 +554,7 @@ static ssize_t show_num_pstates(struct kobject *kobj,
}
static ssize_t show_no_turbo(struct kobject *kobj,
@@ -43792,7 +43669,7 @@ index e895123..05de99b 100644
{
ssize_t ret;
-@@ -420,7 +420,7 @@ static ssize_t show_no_turbo(struct kobject *kobj,
+@@ -567,7 +567,7 @@ static ssize_t show_no_turbo(struct kobject *kobj,
return ret;
}
@@ -43801,7 +43678,7 @@ index e895123..05de99b 100644
const char *buf, size_t count)
{
unsigned int input;
-@@ -444,7 +444,7 @@ static ssize_t store_no_turbo(struct kobject *a, struct attribute *b,
+@@ -591,7 +591,7 @@ static ssize_t store_no_turbo(struct kobject *a, struct attribute *b,
return count;
}
@@ -43810,7 +43687,7 @@ index e895123..05de99b 100644
const char *buf, size_t count)
{
unsigned int input;
-@@ -469,7 +469,7 @@ static ssize_t store_max_perf_pct(struct kobject *a, struct attribute *b,
+@@ -616,7 +616,7 @@ static ssize_t store_max_perf_pct(struct kobject *a, struct attribute *b,
return count;
}
@@ -43819,12 +43696,12 @@ index e895123..05de99b 100644
const char *buf, size_t count)
{
unsigned int input;
-@@ -855,19 +855,19 @@ static void intel_pstate_set_pstate(struct cpudata *cpu, int pstate, bool force)
-
- cpu->pstate.current_pstate = pstate;
-
-- pstate_funcs.set(cpu, pstate);
-+ pstate_funcs->set(cpu, pstate);
+@@ -1002,19 +1002,19 @@ static void intel_pstate_set_min_pstate(struct cpudata *cpu)
+ * right CPU.
+ */
+ wrmsrl_on_cpu(cpu->cpu, MSR_IA32_PERF_CTL,
+- pstate_funcs.get_val(cpu, pstate));
++ pstate_funcs->get_val(cpu, pstate));
}
static void intel_pstate_get_cpu_pstates(struct cpudata *cpu)
@@ -43844,19 +43721,28 @@ index e895123..05de99b 100644
- pstate_funcs.get_vid(cpu);
+ if (pstate_funcs->get_vid)
+ pstate_funcs->get_vid(cpu);
- intel_pstate_set_pstate(cpu, cpu->pstate.min_pstate, false);
+
+ intel_pstate_set_min_pstate(cpu);
}
+@@ -1164,7 +1164,7 @@ static inline void intel_pstate_update_pstate(struct cpudata *cpu, int pstate)
+ return;
-@@ -1021,7 +1021,7 @@ static inline void intel_pstate_adjust_busy_pstate(struct cpudata *cpu)
+ intel_pstate_record_pstate(cpu, pstate);
+- wrmsrl(MSR_IA32_PERF_CTL, pstate_funcs.get_val(cpu, pstate));
++ wrmsrl(MSR_IA32_PERF_CTL, pstate_funcs->get_val(cpu, pstate));
+ }
+
+ static inline void intel_pstate_adjust_busy_pstate(struct cpudata *cpu)
+@@ -1174,7 +1174,7 @@ static inline void intel_pstate_adjust_busy_pstate(struct cpudata *cpu)
from = cpu->pstate.current_pstate;
- target_pstate = pstate_funcs.get_target_pstate(cpu);
+ target_pstate = pstate_funcs->get_target_pstate(cpu);
- intel_pstate_set_pstate(cpu, target_pstate, true);
+ intel_pstate_update_pstate(cpu, target_pstate);
-@@ -1254,15 +1254,15 @@ static unsigned int force_load;
+@@ -1434,15 +1434,15 @@ static unsigned int force_load;
static int intel_pstate_msrs_not_valid(void)
{
@@ -43875,8 +43761,8 @@ index e895123..05de99b 100644
+static void copy_pid_params(const struct pstate_adjust_policy *policy)
{
pid_params.sample_rate_ms = policy->sample_rate_ms;
- pid_params.p_gain_pct = policy->p_gain_pct;
-@@ -1274,15 +1274,7 @@ static void copy_pid_params(struct pstate_adjust_policy *policy)
+ pid_params.sample_rate_ns = pid_params.sample_rate_ms * NSEC_PER_MSEC;
+@@ -1455,15 +1455,7 @@ static void copy_pid_params(struct pstate_adjust_policy *policy)
static void copy_cpu_funcs(struct pstate_funcs *funcs)
{
@@ -43885,7 +43771,7 @@ index e895123..05de99b 100644
- pstate_funcs.get_min = funcs->get_min;
- pstate_funcs.get_turbo = funcs->get_turbo;
- pstate_funcs.get_scaling = funcs->get_scaling;
-- pstate_funcs.set = funcs->set;
+- pstate_funcs.get_val = funcs->get_val;
- pstate_funcs.get_vid = funcs->get_vid;
- pstate_funcs.get_target_pstate = funcs->get_target_pstate;
-
@@ -44159,224 +44045,8 @@ index eee2c7e..268aa3e 100644
err = pci_request_regions(pdev, name);
if (err)
-diff --git a/drivers/crypto/marvell/cesa.h b/drivers/crypto/marvell/cesa.h
-index bd985e7..74071e4 100644
---- a/drivers/crypto/marvell/cesa.h
-+++ b/drivers/crypto/marvell/cesa.h
-@@ -588,6 +588,7 @@ struct mv_cesa_ahash_dma_req {
- struct mv_cesa_tdma_req base;
- u8 *padding;
- dma_addr_t padding_dma;
-+ u8 *cache;
- dma_addr_t cache_dma;
- };
-
-@@ -609,7 +610,7 @@ struct mv_cesa_ahash_req {
- struct mv_cesa_ahash_std_req std;
- } req;
- struct mv_cesa_op_ctx op_tmpl;
-- u8 *cache;
-+ u8 cache[CESA_MAX_HASH_BLOCK_SIZE];
- unsigned int cache_ptr;
- u64 len;
- int src_nents;
-diff --git a/drivers/crypto/marvell/hash.c b/drivers/crypto/marvell/hash.c
-index 683cca9..7ca2e0f 100644
---- a/drivers/crypto/marvell/hash.c
-+++ b/drivers/crypto/marvell/hash.c
-@@ -45,69 +45,25 @@ mv_cesa_ahash_req_iter_next_op(struct mv_cesa_ahash_dma_iter *iter)
- return mv_cesa_req_dma_iter_next_op(&iter->base);
- }
-
--static inline int mv_cesa_ahash_dma_alloc_cache(struct mv_cesa_ahash_req *creq,
-- gfp_t flags)
-+static inline int
-+mv_cesa_ahash_dma_alloc_cache(struct mv_cesa_ahash_dma_req *req, gfp_t flags)
- {
-- struct mv_cesa_ahash_dma_req *dreq = &creq->req.dma;
--
-- creq->cache = dma_pool_alloc(cesa_dev->dma->cache_pool, flags,
-- &dreq->cache_dma);
-- if (!creq->cache)
-- return -ENOMEM;
--
-- return 0;
--}
--
--static inline int mv_cesa_ahash_std_alloc_cache(struct mv_cesa_ahash_req *creq,
-- gfp_t flags)
--{
-- creq->cache = kzalloc(CESA_MAX_HASH_BLOCK_SIZE, flags);
-- if (!creq->cache)
-+ req->cache = dma_pool_alloc(cesa_dev->dma->cache_pool, flags,
-+ &req->cache_dma);
-+ if (!req->cache)
- return -ENOMEM;
-
- return 0;
- }
-
--static int mv_cesa_ahash_alloc_cache(struct ahash_request *req)
--{
-- struct mv_cesa_ahash_req *creq = ahash_request_ctx(req);
-- gfp_t flags = (req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP) ?
-- GFP_KERNEL : GFP_ATOMIC;
-- int ret;
--
-- if (creq->cache)
-- return 0;
--
-- if (creq->req.base.type == CESA_DMA_REQ)
-- ret = mv_cesa_ahash_dma_alloc_cache(creq, flags);
-- else
-- ret = mv_cesa_ahash_std_alloc_cache(creq, flags);
--
-- return ret;
--}
--
--static inline void mv_cesa_ahash_dma_free_cache(struct mv_cesa_ahash_req *creq)
--{
-- dma_pool_free(cesa_dev->dma->cache_pool, creq->cache,
-- creq->req.dma.cache_dma);
--}
--
--static inline void mv_cesa_ahash_std_free_cache(struct mv_cesa_ahash_req *creq)
--{
-- kfree(creq->cache);
--}
--
--static void mv_cesa_ahash_free_cache(struct mv_cesa_ahash_req *creq)
-+static inline void
-+mv_cesa_ahash_dma_free_cache(struct mv_cesa_ahash_dma_req *req)
- {
-- if (!creq->cache)
-+ if (!req->cache)
- return;
-
-- if (creq->req.base.type == CESA_DMA_REQ)
-- mv_cesa_ahash_dma_free_cache(creq);
-- else
-- mv_cesa_ahash_std_free_cache(creq);
--
-- creq->cache = NULL;
-+ dma_pool_free(cesa_dev->dma->cache_pool, req->cache,
-+ req->cache_dma);
- }
-
- static int mv_cesa_ahash_dma_alloc_padding(struct mv_cesa_ahash_dma_req *req,
-@@ -146,6 +102,7 @@ static inline void mv_cesa_ahash_dma_cleanup(struct ahash_request *req)
- struct mv_cesa_ahash_req *creq = ahash_request_ctx(req);
-
- dma_unmap_sg(cesa_dev->dev, req->src, creq->src_nents, DMA_TO_DEVICE);
-+ mv_cesa_ahash_dma_free_cache(&creq->req.dma);
- mv_cesa_dma_cleanup(&creq->req.dma.base);
- }
-
-@@ -161,8 +118,6 @@ static void mv_cesa_ahash_last_cleanup(struct ahash_request *req)
- {
- struct mv_cesa_ahash_req *creq = ahash_request_ctx(req);
-
-- mv_cesa_ahash_free_cache(creq);
--
- if (creq->req.base.type == CESA_DMA_REQ)
- mv_cesa_ahash_dma_last_cleanup(req);
- }
-@@ -445,14 +400,6 @@ static inline int mv_cesa_ahash_cra_init(struct crypto_tfm *tfm)
- static int mv_cesa_ahash_cache_req(struct ahash_request *req, bool *cached)
- {
- struct mv_cesa_ahash_req *creq = ahash_request_ctx(req);
-- int ret;
--
-- if (((creq->cache_ptr + req->nbytes) & CESA_HASH_BLOCK_SIZE_MSK) &&
-- !creq->last_req) {
-- ret = mv_cesa_ahash_alloc_cache(req);
-- if (ret)
-- return ret;
-- }
-
- if (creq->cache_ptr + req->nbytes < 64 && !creq->last_req) {
- *cached = true;
-@@ -505,10 +452,17 @@ mv_cesa_ahash_dma_add_cache(struct mv_cesa_tdma_chain *chain,
- gfp_t flags)
- {
- struct mv_cesa_ahash_dma_req *ahashdreq = &creq->req.dma;
-+ int ret;
-
- if (!creq->cache_ptr)
- return 0;
-
-+ ret = mv_cesa_ahash_dma_alloc_cache(ahashdreq, flags);
-+ if (ret)
-+ return ret;
-+
-+ memcpy(ahashdreq->cache, creq->cache, creq->cache_ptr);
-+
- return mv_cesa_dma_add_data_transfer(chain,
- CESA_SA_DATA_SRAM_OFFSET,
- ahashdreq->cache_dma,
-@@ -848,10 +802,6 @@ static int mv_cesa_ahash_import(struct ahash_request *req, const void *hash,
- if (!cache_ptr)
- return 0;
-
-- ret = mv_cesa_ahash_alloc_cache(req);
-- if (ret)
-- return ret;
--
- memcpy(creq->cache, cache, cache_ptr);
- creq->cache_ptr = cache_ptr;
-
-@@ -860,9 +810,14 @@ static int mv_cesa_ahash_import(struct ahash_request *req, const void *hash,
-
- static int mv_cesa_md5_init(struct ahash_request *req)
- {
-+ struct mv_cesa_ahash_req *creq = ahash_request_ctx(req);
- struct mv_cesa_op_ctx tmpl = { };
-
- mv_cesa_set_op_cfg(&tmpl, CESA_SA_DESC_CFG_MACM_MD5);
-+ creq->state[0] = MD5_H0;
-+ creq->state[1] = MD5_H1;
-+ creq->state[2] = MD5_H2;
-+ creq->state[3] = MD5_H3;
-
- mv_cesa_ahash_init(req, &tmpl, true);
-
-@@ -923,9 +878,15 @@ struct ahash_alg mv_md5_alg = {
-
- static int mv_cesa_sha1_init(struct ahash_request *req)
- {
-+ struct mv_cesa_ahash_req *creq = ahash_request_ctx(req);
- struct mv_cesa_op_ctx tmpl = { };
-
- mv_cesa_set_op_cfg(&tmpl, CESA_SA_DESC_CFG_MACM_SHA1);
-+ creq->state[0] = SHA1_H0;
-+ creq->state[1] = SHA1_H1;
-+ creq->state[2] = SHA1_H2;
-+ creq->state[3] = SHA1_H3;
-+ creq->state[4] = SHA1_H4;
-
- mv_cesa_ahash_init(req, &tmpl, false);
-
-@@ -986,9 +947,18 @@ struct ahash_alg mv_sha1_alg = {
-
- static int mv_cesa_sha256_init(struct ahash_request *req)
- {
-+ struct mv_cesa_ahash_req *creq = ahash_request_ctx(req);
- struct mv_cesa_op_ctx tmpl = { };
-
- mv_cesa_set_op_cfg(&tmpl, CESA_SA_DESC_CFG_MACM_SHA256);
-+ creq->state[0] = SHA256_H0;
-+ creq->state[1] = SHA256_H1;
-+ creq->state[2] = SHA256_H2;
-+ creq->state[3] = SHA256_H3;
-+ creq->state[4] = SHA256_H4;
-+ creq->state[5] = SHA256_H5;
-+ creq->state[6] = SHA256_H6;
-+ creq->state[7] = SHA256_H7;
-
- mv_cesa_ahash_init(req, &tmpl, false);
-
diff --git a/drivers/crypto/qat/qat_common/adf_aer.c b/drivers/crypto/qat/qat_common/adf_aer.c
-index e78a1d7..f6ef8aa 100644
+index b40d9c8..dcbcd94 100644
--- a/drivers/crypto/qat/qat_common/adf_aer.c
+++ b/drivers/crypto/qat/qat_common/adf_aer.c
@@ -56,7 +56,7 @@
@@ -44458,10 +44128,10 @@ index 984c5e9..c873659 100644
mutex_unlock(&devfreq_list_lock);
diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma-buf.c
-index 155c146..0a697f4 100644
+index 4a2c07e..8f4b1cc 100644
--- a/drivers/dma-buf/dma-buf.c
+++ b/drivers/dma-buf/dma-buf.c
-@@ -835,10 +835,9 @@ static int dma_buf_describe(struct seq_file *s)
+@@ -880,10 +880,9 @@ static int dma_buf_describe(struct seq_file *s)
static int dma_buf_show(struct seq_file *s, void *unused)
{
@@ -44474,6 +44144,19 @@ index 155c146..0a697f4 100644
}
static int dma_buf_debug_open(struct inode *inode, struct file *file)
+diff --git a/drivers/dma/qcom/hidma_mgmt_sys.c b/drivers/dma/qcom/hidma_mgmt_sys.c
+index d61f106..a23baa3 100644
+--- a/drivers/dma/qcom/hidma_mgmt_sys.c
++++ b/drivers/dma/qcom/hidma_mgmt_sys.c
+@@ -194,7 +194,7 @@ static ssize_t set_values_channel(struct kobject *kobj,
+
+ static int create_sysfs_entry(struct hidma_mgmt_dev *dev, char *name, int mode)
+ {
+- struct device_attribute *attrs;
++ device_attribute_no_const *attrs;
+ char *name_copy;
+
+ attrs = devm_kmalloc(&dev->pdev->dev,
diff --git a/drivers/dma/sh/shdma-base.c b/drivers/dma/sh/shdma-base.c
index 10fcaba..326f709 100644
--- a/drivers/dma/sh/shdma-base.c
@@ -44490,7 +44173,7 @@ index 10fcaba..326f709 100644
ret = -ENOMEM;
goto edescalloc;
diff --git a/drivers/dma/sh/shdmac.c b/drivers/dma/sh/shdmac.c
-index 11707df..2ea96f7 100644
+index 80d8640..53f0508 100644
--- a/drivers/dma/sh/shdmac.c
+++ b/drivers/dma/sh/shdmac.c
@@ -513,7 +513,7 @@ static int sh_dmae_nmi_handler(struct notifier_block *self,
@@ -44567,7 +44250,7 @@ index 5f8543b..46aa017 100644
unsigned long val;
int ret;
diff --git a/drivers/edac/edac_pci.c b/drivers/edac/edac_pci.c
-index 9968538..fa53f93 100644
+index 8f2f289..cbb0d7c 100644
--- a/drivers/edac/edac_pci.c
+++ b/drivers/edac/edac_pci.c
@@ -29,7 +29,7 @@
@@ -44579,7 +44262,7 @@ index 9968538..fa53f93 100644
/*
* edac_pci_alloc_ctl_info
-@@ -255,7 +255,7 @@ static void edac_pci_workq_teardown(struct edac_pci_ctl_info *pci)
+@@ -224,7 +224,7 @@ static void edac_pci_workq_function(struct work_struct *work_req)
*/
int edac_pci_alloc_index(void)
{
@@ -44723,7 +44406,7 @@ index 57ea7f4..af06b76 100644
card->driver->update_phy_reg(card, 4,
PHY_LINK_ACTIVE | PHY_CONTENDER, 0);
diff --git a/drivers/firewire/core-cdev.c b/drivers/firewire/core-cdev.c
-index 36a7c2d..3cea1bf 100644
+index aee149b..2a18960 100644
--- a/drivers/firewire/core-cdev.c
+++ b/drivers/firewire/core-cdev.c
@@ -970,7 +970,7 @@ static int ioctl_create_iso_context(struct client *client, union ioctl_arg *arg)
@@ -44795,7 +44478,7 @@ index e1480ff6..1a429bd 100644
void fw_card_initialize(struct fw_card *card,
const struct fw_card_driver *driver, struct device *device);
diff --git a/drivers/firewire/ohci.c b/drivers/firewire/ohci.c
-index c2f5117..e36414d 100644
+index 8bf8926..55a4930 100644
--- a/drivers/firewire/ohci.c
+++ b/drivers/firewire/ohci.c
@@ -2049,10 +2049,12 @@ static void bus_reset_work(struct work_struct *work)
@@ -44811,7 +44494,7 @@ index c2f5117..e36414d 100644
spin_unlock_irq(&ohci->lock);
-@@ -2584,8 +2586,10 @@ static int ohci_enable_phys_dma(struct fw_card *card,
+@@ -2585,8 +2587,10 @@ static int ohci_enable_phys_dma(struct fw_card *card,
unsigned long flags;
int n, ret = 0;
@@ -44900,7 +44583,7 @@ index d425374..1da1716 100644
EXPORT_SYMBOL_GPL(cper_next_record_id);
diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c
-index c51f3b2..54523fd 100644
+index 3a69ed5..0cfea9c6 100644
--- a/drivers/firmware/efi/efi.c
+++ b/drivers/firmware/efi/efi.c
@@ -176,15 +176,17 @@ static struct attribute_group efi_subsys_attr_group = {
@@ -44928,7 +44611,7 @@ index c51f3b2..54523fd 100644
return efivars_register(&generic_efivars, &generic_ops, efi_kobj);
}
diff --git a/drivers/firmware/efi/efivars.c b/drivers/firmware/efi/efivars.c
-index 10e6774..c2d96de 100644
+index 096adcb..0235592 100644
--- a/drivers/firmware/efi/efivars.c
+++ b/drivers/firmware/efi/efivars.c
@@ -583,7 +583,7 @@ efivar_create_sysfs_entry(struct efivar_entry *new_var)
@@ -45005,10 +44688,10 @@ index 5de3ed2..d839c56 100644
.sysfs_ops = &memmap_attr_ops,
.default_attrs = def_attrs,
diff --git a/drivers/firmware/psci.c b/drivers/firmware/psci.c
-index f25cd79..7b7ad07 100644
+index b5d0580..893aa47 100644
--- a/drivers/firmware/psci.c
+++ b/drivers/firmware/psci.c
-@@ -55,7 +55,7 @@ bool psci_tos_resident_on(int cpu)
+@@ -58,7 +58,7 @@ bool psci_tos_resident_on(int cpu)
return cpu == resident_cpu;
}
@@ -45018,10 +44701,10 @@ index f25cd79..7b7ad07 100644
typedef unsigned long (psci_fn)(unsigned long, unsigned long,
unsigned long, unsigned long);
diff --git a/drivers/gpio/gpio-davinci.c b/drivers/gpio/gpio-davinci.c
-index cd007a6..6fd1a2e 100644
+index dd262f0..2834a84 100644
--- a/drivers/gpio/gpio-davinci.c
+++ b/drivers/gpio/gpio-davinci.c
-@@ -439,9 +439,9 @@ static struct irq_chip *davinci_gpio_get_irq_chip(unsigned int irq)
+@@ -440,9 +440,9 @@ static struct irq_chip *davinci_gpio_get_irq_chip(unsigned int irq)
return &gpio_unbanked.chip;
};
@@ -45033,7 +44716,7 @@ index cd007a6..6fd1a2e 100644
gpio_unbanked = *irq_get_chip(irq);
return &gpio_unbanked;
-@@ -471,7 +471,7 @@ static int davinci_gpio_irq_setup(struct platform_device *pdev)
+@@ -472,7 +472,7 @@ static int davinci_gpio_irq_setup(struct platform_device *pdev)
struct davinci_gpio_regs __iomem *g;
struct irq_domain *irq_domain = NULL;
const struct of_device_id *match;
@@ -45056,10 +44739,10 @@ index 8d32ccc..2d2ca61 100644
unsigned int ngpios;
int ret;
diff --git a/drivers/gpio/gpio-ich.c b/drivers/gpio/gpio-ich.c
-index a489338..3c0a85b 100644
+index 4f6d643..eb4655c 100644
--- a/drivers/gpio/gpio-ich.c
+++ b/drivers/gpio/gpio-ich.c
-@@ -94,7 +94,7 @@ struct ichx_desc {
+@@ -95,7 +95,7 @@ struct ichx_desc {
* this option allows driver caching written output values
*/
bool use_outlvl_cache;
@@ -45068,11 +44751,35 @@ index a489338..3c0a85b 100644
static struct {
spinlock_t lock;
+diff --git a/drivers/gpio/gpio-mpc8xxx.c b/drivers/gpio/gpio-mpc8xxx.c
+index 425501c..cad19ba 100644
+--- a/drivers/gpio/gpio-mpc8xxx.c
++++ b/drivers/gpio/gpio-mpc8xxx.c
+@@ -226,7 +226,7 @@ static int mpc512x_irq_set_type(struct irq_data *d, unsigned int flow_type)
+ return 0;
+ }
+
+-static struct irq_chip mpc8xxx_irq_chip = {
++static irq_chip_no_const mpc8xxx_irq_chip __read_only = {
+ .name = "mpc8xxx-gpio",
+ .irq_unmask = mpc8xxx_irq_unmask,
+ .irq_mask = mpc8xxx_irq_mask,
+@@ -337,7 +337,9 @@ static int mpc8xxx_probe(struct platform_device *pdev)
+ * It's assumed that only a single type of gpio controller is available
+ * on the current machine, so overwriting global data is fine.
+ */
+- mpc8xxx_irq_chip.irq_set_type = devtype->irq_set_type;
++ pax_open_kernel();
++ const_cast(mpc8xxx_irq_chip.irq_set_type) = devtype->irq_set_type;
++ pax_close_kernel();
+
+ if (devtype->gpio_dir_out)
+ gc->direction_output = devtype->gpio_dir_out;
diff --git a/drivers/gpio/gpio-omap.c b/drivers/gpio/gpio-omap.c
-index 189f672..c52c254 100644
+index 551dfa9..fc6ca83 100644
--- a/drivers/gpio/gpio-omap.c
+++ b/drivers/gpio/gpio-omap.c
-@@ -1069,7 +1069,7 @@ static void omap_gpio_mod_init(struct gpio_bank *bank)
+@@ -1068,7 +1068,7 @@ static void omap_gpio_mod_init(struct gpio_bank *bank)
writel_relaxed(0, base + bank->regs->ctrl);
}
@@ -45081,7 +44788,7 @@ index 189f672..c52c254 100644
{
static int gpio;
int irq_base = 0;
-@@ -1156,7 +1156,7 @@ static int omap_gpio_probe(struct platform_device *pdev)
+@@ -1158,7 +1158,7 @@ static int omap_gpio_probe(struct platform_device *pdev)
const struct omap_gpio_platform_data *pdata;
struct resource *res;
struct gpio_bank *bank;
@@ -45091,10 +44798,10 @@ index 189f672..c52c254 100644
match = of_match_device(of_match_ptr(omap_gpio_match), dev);
diff --git a/drivers/gpio/gpio-rcar.c b/drivers/gpio/gpio-rcar.c
-index d9ab0cd..406ce88 100644
+index 4d9a315c..b1fed42 100644
--- a/drivers/gpio/gpio-rcar.c
+++ b/drivers/gpio/gpio-rcar.c
-@@ -421,7 +421,7 @@ static int gpio_rcar_probe(struct platform_device *pdev)
+@@ -369,7 +369,7 @@ static int gpio_rcar_probe(struct platform_device *pdev)
struct gpio_rcar_priv *p;
struct resource *io, *irq;
struct gpio_chip *gpio_chip;
@@ -45117,10 +44824,10 @@ index ac8deb0..f3caa10 100644
return -EINVAL;
}
diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c
-index 5c1ba87..f711915 100644
+index cf3e712..2d532c3 100644
--- a/drivers/gpio/gpiolib.c
+++ b/drivers/gpio/gpiolib.c
-@@ -669,8 +669,10 @@ static void gpiochip_irqchip_remove(struct gpio_chip *gpiochip)
+@@ -1031,8 +1031,10 @@ static void gpiochip_irqchip_remove(struct gpio_chip *gpiochip)
}
if (gpiochip->irqchip) {
@@ -45133,7 +44840,7 @@ index 5c1ba87..f711915 100644
gpiochip->irqchip = NULL;
}
}
-@@ -747,8 +749,10 @@ int _gpiochip_irqchip_add(struct gpio_chip *gpiochip,
+@@ -1109,8 +1111,10 @@ int _gpiochip_irqchip_add(struct gpio_chip *gpiochip,
*/
if (!irqchip->irq_request_resources &&
!irqchip->irq_release_resources) {
@@ -45147,10 +44854,10 @@ index 5c1ba87..f711915 100644
/*
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu.h b/drivers/gpu/drm/amd/amdgpu/amdgpu.h
-index ff29975..a7fe398 100644
+index 1bcbade..c8d5713 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu.h
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu.h
-@@ -1734,7 +1734,7 @@ void amdgpu_debugfs_cleanup(struct drm_minor *minor);
+@@ -1709,7 +1709,7 @@ void amdgpu_debugfs_cleanup(struct drm_minor *minor);
* amdgpu smumgr functions
*/
struct amdgpu_smumgr_funcs {
@@ -45159,7 +44866,7 @@ index ff29975..a7fe398 100644
int (*request_smu_load_fw)(struct amdgpu_device *adev);
int (*request_smu_specific_fw)(struct amdgpu_device *adev, uint32_t fwtype);
};
-@@ -2346,7 +2346,7 @@ static inline void amdgpu_unregister_atpx_handler(void) {}
+@@ -2339,7 +2339,7 @@ static inline void amdgpu_unregister_atpx_handler(void) {}
* KMS
*/
extern const struct drm_ioctl_desc amdgpu_ioctls_kms[];
@@ -45169,10 +44876,10 @@ index ff29975..a7fe398 100644
int amdgpu_driver_load_kms(struct drm_device *dev, unsigned long flags);
int amdgpu_driver_unload_kms(struct drm_device *dev);
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_atpx_handler.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_atpx_handler.c
-index 3c89586..14cfa09 100644
+index 35a1248..fd2510a 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_atpx_handler.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_atpx_handler.c
-@@ -493,7 +493,7 @@ static int amdgpu_atpx_init(void)
+@@ -496,7 +496,7 @@ static int amdgpu_atpx_init(void)
* look up whether we are the integrated or discrete GPU (all asics).
* Returns the client id.
*/
@@ -45182,10 +44889,10 @@ index 3c89586..14cfa09 100644
if (amdgpu_atpx_priv.dhandle == ACPI_HANDLE(&pdev->dev))
return VGA_SWITCHEROO_IGD;
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c
-index 75cb5b9..2f6481f 100644
+index 6043dc7..517c964 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c
-@@ -1066,48 +1066,48 @@ int amdgpu_cgs_call_acpi_method(void *cgs_device,
+@@ -1076,49 +1076,49 @@ int amdgpu_cgs_call_acpi_method(void *cgs_device,
}
static const struct cgs_ops amdgpu_cgs_ops = {
@@ -45223,6 +44930,7 @@ index 75cb5b9..2f6481f 100644
- amdgpu_cgs_set_powergating_state,
- amdgpu_cgs_set_clockgating_state,
- amdgpu_cgs_get_active_displays_info,
+- amdgpu_cgs_notify_dpm_enabled,
- amdgpu_cgs_call_acpi_method,
- amdgpu_cgs_query_system_info,
+ .gpu_mem_info = amdgpu_cgs_gpu_mem_info,
@@ -45259,6 +44967,7 @@ index 75cb5b9..2f6481f 100644
+ .set_powergating_state = amdgpu_cgs_set_powergating_state,
+ .set_clockgating_state = amdgpu_cgs_set_clockgating_state,
+ .get_active_displays_info = amdgpu_cgs_get_active_displays_info,
++ .notify_dpm_enabled = amdgpu_cgs_notify_dpm_enabled,
+ .call_acpi_method = amdgpu_cgs_call_acpi_method,
+ .query_system_info = amdgpu_cgs_query_system_info
};
@@ -45314,10 +45023,10 @@ index 7ef2c13..dff07e5 100644
{
struct amdgpu_connector *amdgpu_connector = to_amdgpu_connector(connector);
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
-index 51bfc11..4d4112a 100644
+index 2139da7..222ef8b 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
-@@ -1085,7 +1085,7 @@ static bool amdgpu_switcheroo_can_switch(struct pci_dev *pdev)
+@@ -1054,7 +1054,7 @@ static bool amdgpu_switcheroo_can_switch(struct pci_dev *pdev)
* locking inversion with the driver load path. And the access here is
* completely racy anyway. So don't bother with locking for now.
*/
@@ -45327,10 +45036,10 @@ index 51bfc11..4d4112a 100644
static const struct vga_switcheroo_client_ops amdgpu_switcheroo_ops = {
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c
-index 9ef1db8..5eec19b 100644
+index f1e17d6..e7d750a 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c
-@@ -495,7 +495,7 @@ static struct drm_driver kms_driver = {
+@@ -491,7 +491,7 @@ static struct drm_driver kms_driver = {
.driver_features =
DRIVER_USE_AGP |
DRIVER_HAVE_IRQ | DRIVER_IRQ_SHARED | DRIVER_GEM |
@@ -45339,7 +45048,7 @@ index 9ef1db8..5eec19b 100644
.dev_priv_size = 0,
.load = amdgpu_driver_load_kms,
.open = amdgpu_driver_open_kms,
-@@ -546,9 +546,6 @@ static struct drm_driver kms_driver = {
+@@ -542,9 +542,6 @@ static struct drm_driver kms_driver = {
.patchlevel = KMS_DRIVER_PATCHLEVEL,
};
@@ -45349,7 +45058,7 @@ index 9ef1db8..5eec19b 100644
static struct pci_driver amdgpu_kms_pci_driver = {
.name = DRIVER_NAME,
.id_table = pciidlist,
-@@ -566,22 +563,23 @@ static int __init amdgpu_init(void)
+@@ -563,20 +560,21 @@ static int __init amdgpu_init(void)
}
#endif
DRM_INFO("amdgpu kernel modesetting enabled.\n");
@@ -45364,8 +45073,6 @@ index 9ef1db8..5eec19b 100644
+
amdgpu_register_atpx_handler();
- amdgpu_amdkfd_init();
-
/* let modprobe override vga console setting */
- return drm_pci_init(driver, pdriver);
+ return drm_pci_init(&kms_driver, &amdgpu_kms_pci_driver);
@@ -45377,23 +45084,23 @@ index 9ef1db8..5eec19b 100644
- drm_pci_exit(driver, pdriver);
+ drm_pci_exit(&kms_driver, &amdgpu_kms_pci_driver);
amdgpu_unregister_atpx_handler();
+ amdgpu_sync_fini();
}
-
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c
-index 4488e82..9b87225 100644
+index b04337d..7db2712 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c
-@@ -749,4 +749,4 @@ const struct drm_ioctl_desc amdgpu_ioctls_kms[] = {
+@@ -755,4 +755,4 @@ const struct drm_ioctl_desc amdgpu_ioctls_kms[] = {
DRM_IOCTL_DEF_DRV(AMDGPU_GEM_OP, amdgpu_gem_op_ioctl, DRM_AUTH|DRM_RENDER_ALLOW),
DRM_IOCTL_DEF_DRV(AMDGPU_GEM_USERPTR, amdgpu_gem_userptr_ioctl, DRM_AUTH|DRM_RENDER_ALLOW),
};
-int amdgpu_max_kms_ioctl = ARRAY_SIZE(amdgpu_ioctls_kms);
+const int amdgpu_max_kms_ioctl = ARRAY_SIZE(amdgpu_ioctls_kms);
diff --git a/drivers/gpu/drm/amd/amdgpu/fiji_smc.c b/drivers/gpu/drm/amd/amdgpu/fiji_smc.c
-index e35340a..9f6d286 100644
+index b336c91..c015ca7 100644
--- a/drivers/gpu/drm/amd/amdgpu/fiji_smc.c
+++ b/drivers/gpu/drm/amd/amdgpu/fiji_smc.c
-@@ -513,7 +513,7 @@ static int fiji_smu_request_load_fw(struct amdgpu_device *adev)
+@@ -519,7 +519,7 @@ static int fiji_smu_request_load_fw(struct amdgpu_device *adev)
return 0;
}
@@ -45402,7 +45109,7 @@ index e35340a..9f6d286 100644
{
switch (fw_type) {
case AMDGPU_UCODE_ID_SDMA0:
-@@ -539,7 +539,7 @@ static uint32_t fiji_smu_get_mask_for_fw_type(uint32_t fw_type)
+@@ -545,7 +545,7 @@ static uint32_t fiji_smu_get_mask_for_fw_type(uint32_t fw_type)
}
static int fiji_smu_check_fw_load_finish(struct amdgpu_device *adev,
@@ -45412,10 +45119,10 @@ index e35340a..9f6d286 100644
uint32_t fw_mask = fiji_smu_get_mask_for_fw_type(fw_type);
int i;
diff --git a/drivers/gpu/drm/amd/amdgpu/iceland_smc.c b/drivers/gpu/drm/amd/amdgpu/iceland_smc.c
-index 090486c..699728e 100644
+index 52ee081..fa68463 100644
--- a/drivers/gpu/drm/amd/amdgpu/iceland_smc.c
+++ b/drivers/gpu/drm/amd/amdgpu/iceland_smc.c
-@@ -418,7 +418,7 @@ static enum AMDGPU_UCODE_ID iceland_convert_fw_type(uint32_t fw_type)
+@@ -424,7 +424,7 @@ static enum AMDGPU_UCODE_ID iceland_convert_fw_type(uint32_t fw_type)
}
}
@@ -45424,7 +45131,7 @@ index 090486c..699728e 100644
{
switch (fw_type) {
case AMDGPU_UCODE_ID_SDMA0:
-@@ -556,7 +556,7 @@ static int iceland_smu_request_load_fw(struct amdgpu_device *adev)
+@@ -562,7 +562,7 @@ static int iceland_smu_request_load_fw(struct amdgpu_device *adev)
}
static int iceland_smu_check_fw_load_finish(struct amdgpu_device *adev,
@@ -45434,10 +45141,10 @@ index 090486c..699728e 100644
uint32_t fw_mask = iceland_smu_get_mask_for_fw_type(fw_type);
int i;
diff --git a/drivers/gpu/drm/amd/amdgpu/tonga_smc.c b/drivers/gpu/drm/amd/amdgpu/tonga_smc.c
-index 361c49a..1113506 100644
+index 083893d..d4f66f5 100644
--- a/drivers/gpu/drm/amd/amdgpu/tonga_smc.c
+++ b/drivers/gpu/drm/amd/amdgpu/tonga_smc.c
-@@ -515,7 +515,7 @@ static int tonga_smu_request_load_fw(struct amdgpu_device *adev)
+@@ -521,7 +521,7 @@ static int tonga_smu_request_load_fw(struct amdgpu_device *adev)
return 0;
}
@@ -45446,7 +45153,7 @@ index 361c49a..1113506 100644
{
switch (fw_type) {
case AMDGPU_UCODE_ID_SDMA0:
-@@ -541,7 +541,7 @@ static uint32_t tonga_smu_get_mask_for_fw_type(uint32_t fw_type)
+@@ -547,7 +547,7 @@ static uint32_t tonga_smu_get_mask_for_fw_type(uint32_t fw_type)
}
static int tonga_smu_check_fw_load_finish(struct amdgpu_device *adev,
@@ -45456,7 +45163,7 @@ index 361c49a..1113506 100644
uint32_t fw_mask = tonga_smu_get_mask_for_fw_type(fw_type);
int i;
diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c
-index d2b49c0..478e036 100644
+index 07ac724..1c4ca38 100644
--- a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c
+++ b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c
@@ -419,7 +419,7 @@ static int kfd_ioctl_set_memory_policy(struct file *filep,
@@ -45937,10 +45644,10 @@ index ff08ce4..5b8758f 100644
struct phm_master_table_header cz_phm_enable_clock_power_gatings_master = {
diff --git a/drivers/gpu/drm/amd/powerplay/hwmgr/cz_hwmgr.c b/drivers/gpu/drm/amd/powerplay/hwmgr/cz_hwmgr.c
-index 2ea012e..b4256b4 100644
+index 5682490..bec743b 100644
--- a/drivers/gpu/drm/amd/powerplay/hwmgr/cz_hwmgr.c
+++ b/drivers/gpu/drm/amd/powerplay/hwmgr/cz_hwmgr.c
-@@ -915,13 +915,13 @@ static int cz_tf_update_low_mem_pstate(struct pp_hwmgr *hwmgr,
+@@ -916,13 +916,13 @@ static int cz_tf_update_low_mem_pstate(struct pp_hwmgr *hwmgr,
}
static struct phm_master_table_item cz_set_power_state_list[] = {
@@ -45961,7 +45668,7 @@ index 2ea012e..b4256b4 100644
};
static struct phm_master_table_header cz_set_power_state_master = {
-@@ -931,15 +931,15 @@ static struct phm_master_table_header cz_set_power_state_master = {
+@@ -932,15 +932,15 @@ static struct phm_master_table_header cz_set_power_state_master = {
};
static struct phm_master_table_item cz_setup_asic_list[] = {
@@ -45986,7 +45693,7 @@ index 2ea012e..b4256b4 100644
};
static struct phm_master_table_header cz_setup_asic_master = {
-@@ -984,10 +984,10 @@ static int cz_tf_reset_cc6_data(struct pp_hwmgr *hwmgr,
+@@ -985,10 +985,10 @@ static int cz_tf_reset_cc6_data(struct pp_hwmgr *hwmgr,
}
static struct phm_master_table_item cz_power_down_asic_list[] = {
@@ -46001,7 +45708,7 @@ index 2ea012e..b4256b4 100644
};
static struct phm_master_table_header cz_power_down_asic_master = {
-@@ -1095,8 +1095,8 @@ static int cz_tf_check_for_dpm_enabled(struct pp_hwmgr *hwmgr,
+@@ -1096,8 +1096,8 @@ static int cz_tf_check_for_dpm_enabled(struct pp_hwmgr *hwmgr,
}
static struct phm_master_table_item cz_disable_dpm_list[] = {
@@ -46012,7 +45719,7 @@ index 2ea012e..b4256b4 100644
};
-@@ -1107,13 +1107,13 @@ static struct phm_master_table_header cz_disable_dpm_master = {
+@@ -1108,13 +1108,13 @@ static struct phm_master_table_header cz_disable_dpm_master = {
};
static struct phm_master_table_item cz_enable_dpm_list[] = {
@@ -46119,7 +45826,7 @@ index a188174..74acdc0 100644
struct phm_master_table_header tonga_thermal_set_temperature_range_master = {
diff --git a/drivers/gpu/drm/amd/scheduler/gpu_scheduler.c b/drivers/gpu/drm/amd/scheduler/gpu_scheduler.c
-index 8b2becd..2d8f572 100644
+index a5ff945..78ff889 100644
--- a/drivers/gpu/drm/amd/scheduler/gpu_scheduler.c
+++ b/drivers/gpu/drm/amd/scheduler/gpu_scheduler.c
@@ -139,7 +139,7 @@ int amd_sched_entity_init(struct amd_gpu_scheduler *sched,
@@ -46145,7 +45852,7 @@ index 9403145..b8842f1 100644
struct fence *dependency;
diff --git a/drivers/gpu/drm/amd/scheduler/sched_fence.c b/drivers/gpu/drm/amd/scheduler/sched_fence.c
-index 87c78ee..59dc36e 100644
+index dc115ae..7ecd14b 100644
--- a/drivers/gpu/drm/amd/scheduler/sched_fence.c
+++ b/drivers/gpu/drm/amd/scheduler/sched_fence.c
@@ -41,7 +41,7 @@ struct amd_sched_fence *amd_sched_fence_create(struct amd_sched_entity *s_entity
@@ -46158,10 +45865,10 @@ index 87c78ee..59dc36e 100644
s_entity->fence_context, seq);
diff --git a/drivers/gpu/drm/armada/armada_drv.c b/drivers/gpu/drm/armada/armada_drv.c
-index 3bd7e1c..565fe46 100644
+index 82043c2..92ebd4e 100644
--- a/drivers/gpu/drm/armada/armada_drv.c
+++ b/drivers/gpu/drm/armada/armada_drv.c
-@@ -218,6 +218,7 @@ static struct drm_driver armada_drm_driver = {
+@@ -215,6 +215,7 @@ static struct drm_driver armada_drm_driver = {
.driver_features = DRIVER_GEM | DRIVER_MODESET |
DRIVER_HAVE_IRQ | DRIVER_PRIME,
.ioctls = armada_ioctls,
@@ -46169,7 +45876,7 @@ index 3bd7e1c..565fe46 100644
.fops = &armada_drm_fops,
};
-@@ -338,8 +339,6 @@ static int __init armada_drm_init(void)
+@@ -335,8 +336,6 @@ static int __init armada_drm_init(void)
{
int ret;
@@ -46179,10 +45886,10 @@ index 3bd7e1c..565fe46 100644
if (ret)
return ret;
diff --git a/drivers/gpu/drm/ast/ast_mode.c b/drivers/gpu/drm/ast/ast_mode.c
-index 0123458..4169580 100644
+index a965e7e..5ba937e 100644
--- a/drivers/gpu/drm/ast/ast_mode.c
+++ b/drivers/gpu/drm/ast/ast_mode.c
-@@ -789,7 +789,7 @@ static int ast_get_modes(struct drm_connector *connector)
+@@ -773,7 +773,7 @@ static int ast_get_modes(struct drm_connector *connector)
return 0;
}
@@ -46192,10 +45899,10 @@ index 0123458..4169580 100644
{
struct ast_private *ast = connector->dev->dev_private;
diff --git a/drivers/gpu/drm/bochs/bochs_kms.c b/drivers/gpu/drm/bochs/bochs_kms.c
-index 2849f1b..86f509b 100644
+index 96926f0..69097ba 100644
--- a/drivers/gpu/drm/bochs/bochs_kms.c
+++ b/drivers/gpu/drm/bochs/bochs_kms.c
-@@ -210,7 +210,7 @@ int bochs_connector_get_modes(struct drm_connector *connector)
+@@ -194,7 +194,7 @@ int bochs_connector_get_modes(struct drm_connector *connector)
return count;
}
@@ -46204,36 +45911,11 @@ index 2849f1b..86f509b 100644
struct drm_display_mode *mode)
{
struct bochs_device *bochs =
-diff --git a/drivers/gpu/drm/drm_atomic.c b/drivers/gpu/drm/drm_atomic.c
-index ee9914d..e028752 100644
---- a/drivers/gpu/drm/drm_atomic.c
-+++ b/drivers/gpu/drm/drm_atomic.c
-@@ -1339,6 +1339,11 @@ EXPORT_SYMBOL(drm_atomic_async_commit);
- * The big monstor ioctl
- */
-
-+static void free_vblank_event(struct drm_pending_event *event)
-+{
-+ kfree(event);
-+}
-+
- static struct drm_pending_vblank_event *create_vblank_event(
- struct drm_device *dev, struct drm_file *file_priv, uint64_t user_data)
- {
-@@ -1366,7 +1371,7 @@ static struct drm_pending_vblank_event *create_vblank_event(
- e->event.user_data = user_data;
- e->base.event = &e->event.base;
- e->base.file_priv = file_priv;
-- e->base.destroy = (void (*) (struct drm_pending_event *)) kfree;
-+ e->base.destroy = free_vblank_event;
-
- out:
- return e;
diff --git a/drivers/gpu/drm/drm_crtc.c b/drivers/gpu/drm/drm_crtc.c
-index f619121..ef03460 100644
+index f30de80..7893e10 100644
--- a/drivers/gpu/drm/drm_crtc.c
+++ b/drivers/gpu/drm/drm_crtc.c
-@@ -4152,7 +4152,7 @@ int drm_mode_getproperty_ioctl(struct drm_device *dev,
+@@ -4258,7 +4258,7 @@ int drm_mode_getproperty_ioctl(struct drm_device *dev,
goto done;
}
@@ -46242,28 +45924,6 @@ index f619121..ef03460 100644
&prop_enum->name, DRM_PROP_NAME_LEN)) {
ret = -EFAULT;
goto done;
-@@ -5229,6 +5229,11 @@ out:
- return ret;
- }
-
-+static void drm_mode_page_flip_dmabuf_destroy(struct drm_pending_event *event)
-+{
-+ kfree(event);
-+}
-+
- /**
- * drm_mode_page_flip_ioctl - schedule an asynchronous fb update
- * @dev: DRM device
-@@ -5327,8 +5332,7 @@ int drm_mode_page_flip_ioctl(struct drm_device *dev,
- e->event.user_data = page_flip->user_data;
- e->base.event = &e->event.base;
- e->base.file_priv = file_priv;
-- e->base.destroy =
-- (void (*) (struct drm_pending_event *)) kfree;
-+ e->base.destroy = drm_mode_page_flip_dmabuf_destroy;
- }
-
- crtc->primary->old_fb = crtc->primary->fb;
diff --git a/drivers/gpu/drm/drm_drv.c b/drivers/gpu/drm/drm_drv.c
index 167c8d3..bf13708 100644
--- a/drivers/gpu/drm/drm_drv.c
@@ -46278,10 +45938,10 @@ index 167c8d3..bf13708 100644
}
mutex_unlock(&drm_global_mutex);
diff --git a/drivers/gpu/drm/drm_fops.c b/drivers/gpu/drm/drm_fops.c
-index 1ea8790..03efb49 100644
+index aeef58e..1594209 100644
--- a/drivers/gpu/drm/drm_fops.c
+++ b/drivers/gpu/drm/drm_fops.c
-@@ -89,7 +89,7 @@ int drm_open(struct inode *inode, struct file *filp)
+@@ -131,7 +131,7 @@ int drm_open(struct inode *inode, struct file *filp)
return PTR_ERR(minor);
dev = minor->dev;
@@ -46290,7 +45950,7 @@ index 1ea8790..03efb49 100644
need_setup = 1;
/* share address_space across all char-devs of a single device */
-@@ -106,7 +106,7 @@ int drm_open(struct inode *inode, struct file *filp)
+@@ -148,7 +148,7 @@ int drm_open(struct inode *inode, struct file *filp)
return 0;
err_undo:
@@ -46299,7 +45959,7 @@ index 1ea8790..03efb49 100644
drm_minor_release(minor);
return retcode;
}
-@@ -407,7 +407,7 @@ int drm_release(struct inode *inode, struct file *filp)
+@@ -449,7 +449,7 @@ int drm_release(struct inode *inode, struct file *filp)
mutex_lock(&drm_global_mutex);
@@ -46308,7 +45968,7 @@ index 1ea8790..03efb49 100644
mutex_lock(&dev->struct_mutex);
list_del(&file_priv->lhead);
-@@ -422,10 +422,10 @@ int drm_release(struct inode *inode, struct file *filp)
+@@ -464,10 +464,10 @@ int drm_release(struct inode *inode, struct file *filp)
* Begin inline drm_release
*/
@@ -46321,7 +45981,7 @@ index 1ea8790..03efb49 100644
/* if the master has gone away we can't do anything with the lock */
if (file_priv->minor->master)
-@@ -495,7 +495,7 @@ int drm_release(struct inode *inode, struct file *filp)
+@@ -537,7 +537,7 @@ int drm_release(struct inode *inode, struct file *filp)
* End inline drm_release
*/
@@ -46330,6 +45990,27 @@ index 1ea8790..03efb49 100644
retcode = drm_lastclose(dev);
if (drm_device_is_unplugged(dev))
drm_put_dev(dev);
+@@ -676,6 +676,11 @@ unsigned int drm_poll(struct file *filp, struct poll_table_struct *wait)
+ }
+ EXPORT_SYMBOL(drm_poll);
+
++static void drm_pending_event_destroy(st