diff options
-rw-r--r-- | 2.6.32/0000_README | 2 | ||||
-rw-r--r-- | 2.6.32/4420_grsecurity-2.2.2-2.6.32.54-201201221635.patch (renamed from 2.6.32/4420_grsecurity-2.2.2-2.6.32.54-201201201821.patch) | 30 | ||||
-rw-r--r-- | 3.2.1/0000_README (renamed from 3.1.10/0000_README) | 2 | ||||
-rw-r--r-- | 3.2.1/4420_grsecurity-2.2.2-3.2.1-201201221501.patch (renamed from 3.1.10/4420_grsecurity-2.2.2-3.1.10-201201201822.patch) | 10499 | ||||
-rw-r--r-- | 3.2.1/4421_grsec-remove-localversion-grsec.patch (renamed from 3.1.10/4421_grsec-remove-localversion-grsec.patch) | 0 | ||||
-rw-r--r-- | 3.2.1/4422_grsec-mute-warnings.patch (renamed from 3.1.10/4422_grsec-mute-warnings.patch) | 0 | ||||
-rw-r--r-- | 3.2.1/4423_grsec-remove-protected-paths.patch (renamed from 3.1.10/4423_grsec-remove-protected-paths.patch) | 0 | ||||
-rw-r--r-- | 3.2.1/4425_grsec-pax-without-grsec.patch (renamed from 3.1.10/4425_grsec-pax-without-grsec.patch) | 8 | ||||
-rw-r--r-- | 3.2.1/4430_grsec-kconfig-default-gids.patch (renamed from 3.1.10/4430_grsec-kconfig-default-gids.patch) | 0 | ||||
-rw-r--r-- | 3.2.1/4435_grsec-kconfig-gentoo.patch (renamed from 3.1.10/4435_grsec-kconfig-gentoo.patch) | 0 | ||||
-rw-r--r-- | 3.2.1/4437-grsec-kconfig-proc-user.patch (renamed from 3.1.10/4437-grsec-kconfig-proc-user.patch) | 0 | ||||
-rw-r--r-- | 3.2.1/4440_selinux-avc_audit-log-curr_ip.patch (renamed from 3.1.10/4440_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
-rw-r--r-- | 3.2.1/4445_disable-compat_vdso.patch (renamed from 3.1.10/4445_disable-compat_vdso.patch) | 2 |
13 files changed, 3330 insertions, 7213 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README index 71815cd..a712391 100644 --- a/2.6.32/0000_README +++ b/2.6.32/0000_README @@ -10,7 +10,7 @@ Patch: 1053_linux-2.6.32.54.patch From: http://www.kernel.org Desc: Linux 2.6.32.54 -Patch: 4420_grsecurity-2.2.2-2.6.32.54-201201201821.patch +Patch: 4420_grsecurity-2.2.2-2.6.32.54-201201221635.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/2.6.32/4420_grsecurity-2.2.2-2.6.32.54-201201201821.patch b/2.6.32/4420_grsecurity-2.2.2-2.6.32.54-201201221635.patch index c0d9feb..778d9c2 100644 --- a/2.6.32/4420_grsecurity-2.2.2-2.6.32.54-201201201821.patch +++ b/2.6.32/4420_grsecurity-2.2.2-2.6.32.54-201201221635.patch @@ -74459,22 +74459,10 @@ index 29bd4ba..8c5de90 100644 WARN_ON(pendowner->pi_blocked_on->lock != lock); diff --git a/kernel/sched.c b/kernel/sched.c -index 0591df8..6e343c3 100644 +index 0591df8..db35e3d 100644 --- a/kernel/sched.c +++ b/kernel/sched.c -@@ -2764,9 +2764,10 @@ void wake_up_new_task(struct task_struct *p, unsigned long clone_flags) - { - unsigned long flags; - struct rq *rq; -- int cpu = get_cpu(); - - #ifdef CONFIG_SMP -+ int cpu = get_cpu(); -+ - rq = task_rq_lock(p, &flags); - p->state = TASK_WAKING; - -@@ -5043,7 +5044,7 @@ out: +@@ -5043,7 +5043,7 @@ out: * In CONFIG_NO_HZ case, the idle load balance owner will do the * rebalancing for all the cpus for whom scheduler ticks are stopped. */ @@ -74483,7 +74471,7 @@ index 0591df8..6e343c3 100644 { int this_cpu = smp_processor_id(); struct rq *this_rq = cpu_rq(this_cpu); -@@ -5700,6 +5701,8 @@ asmlinkage void __sched schedule(void) +@@ -5700,6 +5700,8 @@ asmlinkage void __sched schedule(void) struct rq *rq; int cpu; @@ -74492,7 +74480,7 @@ index 0591df8..6e343c3 100644 need_resched: preempt_disable(); cpu = smp_processor_id(); -@@ -5770,7 +5773,7 @@ EXPORT_SYMBOL(schedule); +@@ -5770,7 +5772,7 @@ EXPORT_SYMBOL(schedule); * Look out! "owner" is an entirely speculative pointer * access and not reliable. */ @@ -74501,7 +74489,7 @@ index 0591df8..6e343c3 100644 { unsigned int cpu; struct rq *rq; -@@ -5784,10 +5787,10 @@ int mutex_spin_on_owner(struct mutex *lock, struct thread_info *owner) +@@ -5784,10 +5786,10 @@ int mutex_spin_on_owner(struct mutex *lock, struct thread_info *owner) * DEBUG_PAGEALLOC could have unmapped it if * the mutex owner just released it and exited. */ @@ -74514,7 +74502,7 @@ index 0591df8..6e343c3 100644 #endif /* -@@ -5816,7 +5819,7 @@ int mutex_spin_on_owner(struct mutex *lock, struct thread_info *owner) +@@ -5816,7 +5818,7 @@ int mutex_spin_on_owner(struct mutex *lock, struct thread_info *owner) /* * Is that owner really running on that cpu? */ @@ -74523,7 +74511,7 @@ index 0591df8..6e343c3 100644 return 0; cpu_relax(); -@@ -6359,6 +6362,8 @@ int can_nice(const struct task_struct *p, const int nice) +@@ -6359,6 +6361,8 @@ int can_nice(const struct task_struct *p, const int nice) /* convert nice value [19,-20] to rlimit style value [1,40] */ int nice_rlim = 20 - nice; @@ -74532,7 +74520,7 @@ index 0591df8..6e343c3 100644 return (nice_rlim <= p->signal->rlim[RLIMIT_NICE].rlim_cur || capable(CAP_SYS_NICE)); } -@@ -6392,7 +6397,8 @@ SYSCALL_DEFINE1(nice, int, increment) +@@ -6392,7 +6396,8 @@ SYSCALL_DEFINE1(nice, int, increment) if (nice > 19) nice = 19; @@ -74542,7 +74530,7 @@ index 0591df8..6e343c3 100644 return -EPERM; retval = security_task_setnice(current, nice); -@@ -8774,7 +8780,7 @@ static void init_sched_groups_power(int cpu, struct sched_domain *sd) +@@ -8774,7 +8779,7 @@ static void init_sched_groups_power(int cpu, struct sched_domain *sd) long power; int weight; diff --git a/3.1.10/0000_README b/3.2.1/0000_README index 73b6f88..252194d 100644 --- a/3.1.10/0000_README +++ b/3.2.1/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-2.2.2-3.1.10-201201201822.patch +Patch: 4420_grsecurity-2.2.2-3.2.1-201201221501.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.1.10/4420_grsecurity-2.2.2-3.1.10-201201201822.patch b/3.2.1/4420_grsecurity-2.2.2-3.2.1-201201221501.patch index 03b7ff6..ff96537 100644 --- a/3.1.10/4420_grsecurity-2.2.2-3.1.10-201201201822.patch +++ b/3.2.1/4420_grsecurity-2.2.2-3.2.1-201201221501.patch @@ -168,10 +168,10 @@ index dfa6fc6..0095943 100644 +zconf.lex.c zoffset.h diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt -index d6e6724..a024ce8 100644 +index 81c287f..d456d02 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt -@@ -1898,6 +1898,13 @@ bytes respectively. Such letter suffixes can also be entirely omitted. +@@ -1935,6 +1935,13 @@ bytes respectively. Such letter suffixes can also be entirely omitted. the specified number of seconds. This is to be used if your oopses keep scrolling off the screen. @@ -186,7 +186,7 @@ index d6e6724..a024ce8 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 7c8f52a..371cd76 100644 +index c5edffa..26654d7 100644 --- a/Makefile +++ b/Makefile @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -285,15 +285,15 @@ index 7c8f52a..371cd76 100644 $(Q)$(MAKE) $(build)=$@ # Store (new) KERNELRELASE string in include/config/kernel.release -@@ -986,6 +1028,7 @@ prepare0: archprepare FORCE - $(Q)$(MAKE) $(build)=. missing-syscalls +@@ -985,6 +1027,7 @@ prepare0: archprepare FORCE + $(Q)$(MAKE) $(build)=. # All the preparing.. +prepare: KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS),$(KBUILD_CFLAGS)) prepare: prepare0 # Generate some files -@@ -1087,6 +1130,7 @@ all: modules +@@ -1086,6 +1129,7 @@ all: modules # using awk while concatenating to the final file. PHONY += modules @@ -301,7 +301,7 @@ index 7c8f52a..371cd76 100644 modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order @$(kecho) ' Building modules, stage 2.'; -@@ -1102,7 +1146,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) +@@ -1101,7 +1145,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) # Target to prepare building external modules PHONY += modules_prepare @@ -310,16 +310,15 @@ index 7c8f52a..371cd76 100644 # Target to install modules PHONY += modules_install -@@ -1198,7 +1242,7 @@ distclean: mrproper - @find $(srctree) $(RCS_FIND_IGNORE) \ +@@ -1198,6 +1242,7 @@ distclean: mrproper \( -name '*.orig' -o -name '*.rej' -o -name '*~' \ -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \ -- -o -name '.*.rej' -o -size 0 \ -+ -o -name '.*.rej' -o -name '*.so' -o -size 0 \ + -o -name '.*.rej' \ ++ -o -name '.*.rej' -o -name '*.so' \ -o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \ -type f -print | xargs rm -f -@@ -1360,6 +1404,7 @@ PHONY += $(module-dirs) modules +@@ -1358,6 +1403,7 @@ PHONY += $(module-dirs) modules $(module-dirs): crmodverdir $(objtree)/Module.symvers $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) @@ -327,7 +326,7 @@ index 7c8f52a..371cd76 100644 modules: $(module-dirs) @$(kecho) ' Building modules, stage 2.'; $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost -@@ -1486,17 +1531,19 @@ else +@@ -1484,17 +1530,19 @@ else target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@)) endif @@ -351,7 +350,7 @@ index 7c8f52a..371cd76 100644 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) %.symtypes: %.c prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) -@@ -1506,11 +1553,13 @@ endif +@@ -1504,11 +1552,13 @@ endif $(cmd_crmodverdir) $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ $(build)=$(build-dir) @@ -737,10 +736,10 @@ index b293616..96310e5 100644 n = __copy_to_user(to, from, n); return n; diff --git a/arch/arm/kernel/armksyms.c b/arch/arm/kernel/armksyms.c -index aeef960..2966009 100644 +index 5b0bce6..becd81c 100644 --- a/arch/arm/kernel/armksyms.c +++ b/arch/arm/kernel/armksyms.c -@@ -98,8 +98,8 @@ EXPORT_SYMBOL(__strncpy_from_user); +@@ -95,8 +95,8 @@ EXPORT_SYMBOL(__strncpy_from_user); #ifdef CONFIG_MMU EXPORT_SYMBOL(copy_page); @@ -752,7 +751,7 @@ index aeef960..2966009 100644 EXPORT_SYMBOL(__get_user_1); diff --git a/arch/arm/kernel/process.c b/arch/arm/kernel/process.c -index c9d11ea..5078081 100644 +index 3d0c6fb..3dcae52 100644 --- a/arch/arm/kernel/process.c +++ b/arch/arm/kernel/process.c @@ -28,7 +28,6 @@ @@ -777,19 +776,19 @@ index c9d11ea..5078081 100644 /* * The vectors page is always readable from user space for the diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c -index bc9f9da..c75d826 100644 +index 99a5727..a3d5bb1 100644 --- a/arch/arm/kernel/traps.c +++ b/arch/arm/kernel/traps.c -@@ -257,6 +257,8 @@ static int __die(const char *str, int err, struct thread_info *thread, struct pt +@@ -259,6 +259,8 @@ static int __die(const char *str, int err, struct thread_info *thread, struct pt - static DEFINE_SPINLOCK(die_lock); + static DEFINE_RAW_SPINLOCK(die_lock); +extern void gr_handle_kernel_exploit(void); + /* * This function is protected against re-entrancy. */ -@@ -284,6 +286,9 @@ void die(const char *str, struct pt_regs *regs, int err) +@@ -288,6 +290,9 @@ void die(const char *str, struct pt_regs *regs, int err) panic("Fatal exception in interrupt"); if (panic_on_oops) panic("Fatal exception"); @@ -911,10 +910,10 @@ index d0ece2a..5ae2f39 100644 .pushsection .fixup,"ax" .align 0 diff --git a/arch/arm/lib/uaccess_with_memcpy.c b/arch/arm/lib/uaccess_with_memcpy.c -index 8b9b136..70d5100 100644 +index 025f742..8432b08 100644 --- a/arch/arm/lib/uaccess_with_memcpy.c +++ b/arch/arm/lib/uaccess_with_memcpy.c -@@ -103,7 +103,7 @@ out: +@@ -104,7 +104,7 @@ out: } unsigned long @@ -937,10 +936,10 @@ index 2b2d51c..0127490 100644 static int mbox_show(struct seq_file *s, void *data) { diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c -index 3b5ea68..42fc9af 100644 +index aa33949..b242a2f 100644 --- a/arch/arm/mm/fault.c +++ b/arch/arm/mm/fault.c -@@ -182,6 +182,13 @@ __do_user_fault(struct task_struct *tsk, unsigned long addr, +@@ -183,6 +183,13 @@ __do_user_fault(struct task_struct *tsk, unsigned long addr, } #endif @@ -954,7 +953,7 @@ index 3b5ea68..42fc9af 100644 tsk->thread.address = addr; tsk->thread.error_code = fsr; tsk->thread.trap_no = 14; -@@ -383,6 +390,33 @@ do_page_fault(unsigned long addr, unsigned int fsr, struct pt_regs *regs) +@@ -384,6 +391,33 @@ do_page_fault(unsigned long addr, unsigned int fsr, struct pt_regs *regs) } #endif /* CONFIG_MMU */ @@ -989,10 +988,10 @@ index 3b5ea68..42fc9af 100644 * First Level Translation Fault Handler * diff --git a/arch/arm/mm/mmap.c b/arch/arm/mm/mmap.c -index 74be05f..f605b8c 100644 +index 44b628e..623ee2a 100644 --- a/arch/arm/mm/mmap.c +++ b/arch/arm/mm/mmap.c -@@ -65,6 +65,10 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -54,6 +54,10 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, if (len > TASK_SIZE) return -ENOMEM; @@ -1003,7 +1002,7 @@ index 74be05f..f605b8c 100644 if (addr) { if (do_align) addr = COLOUR_ALIGN(addr, pgoff); -@@ -72,15 +76,14 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -61,15 +65,14 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, addr = PAGE_ALIGN(addr); vma = find_vma(mm, addr); @@ -1023,7 +1022,7 @@ index 74be05f..f605b8c 100644 } /* 8 bits of randomness in 20 address space bits */ if ((current->flags & PF_RANDOMIZE) && -@@ -100,14 +103,14 @@ full_search: +@@ -89,14 +92,14 @@ full_search: * Start a new search - just in case we missed * some holes. */ @@ -1590,7 +1589,7 @@ index ff44823..97f8906 100644 /* diff --git a/arch/mips/kernel/process.c b/arch/mips/kernel/process.c -index b30cb25..454c0a9 100644 +index c47f96e..661d418 100644 --- a/arch/mips/kernel/process.c +++ b/arch/mips/kernel/process.c @@ -481,15 +481,3 @@ unsigned long get_wchan(struct task_struct *task) @@ -2145,10 +2144,10 @@ index d4a7f64..451de1c 100644 return (vm_flags & VM_SAO) ? __pgprot(_PAGE_SAO) : __pgprot(0); } diff --git a/arch/powerpc/include/asm/page.h b/arch/powerpc/include/asm/page.h -index 2cd664e..1d2e8a7 100644 +index dd9c4fd..a2ced87 100644 --- a/arch/powerpc/include/asm/page.h +++ b/arch/powerpc/include/asm/page.h -@@ -129,8 +129,9 @@ extern phys_addr_t kernstart_addr; +@@ -141,8 +141,9 @@ extern phys_addr_t kernstart_addr; * and needs to be executable. This means the whole heap ends * up being executable. */ @@ -2160,21 +2159,21 @@ index 2cd664e..1d2e8a7 100644 #define VM_DATA_DEFAULT_FLAGS64 (VM_READ | VM_WRITE | \ VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC) -@@ -158,6 +159,9 @@ extern phys_addr_t kernstart_addr; +@@ -170,6 +171,9 @@ extern phys_addr_t kernstart_addr; #define is_kernel_addr(x) ((x) >= PAGE_OFFSET) #endif +#define ktla_ktva(addr) (addr) +#define ktva_ktla(addr) (addr) + - #ifndef __ASSEMBLY__ - - #undef STRICT_MM_TYPECHECKS + /* + * Use the top bit of the higher-level page table entries to indicate whether + * the entries we point to contain hugepages. This works because we know that diff --git a/arch/powerpc/include/asm/page_64.h b/arch/powerpc/include/asm/page_64.h -index 9356262..ea96148 100644 +index fb40ede..d3ce956 100644 --- a/arch/powerpc/include/asm/page_64.h +++ b/arch/powerpc/include/asm/page_64.h -@@ -155,15 +155,18 @@ do { \ +@@ -144,15 +144,18 @@ do { \ * stack by default, so in the absence of a PT_GNU_STACK program header * we turn execute permission off. */ @@ -2448,10 +2447,10 @@ index 429983c..7af363b 100644 ld r4,_DAR(r1) bl .bad_page_fault diff --git a/arch/powerpc/kernel/exceptions-64s.S b/arch/powerpc/kernel/exceptions-64s.S -index 41b02c7..05e76fb 100644 +index cf9c69b..ebc9640 100644 --- a/arch/powerpc/kernel/exceptions-64s.S +++ b/arch/powerpc/kernel/exceptions-64s.S -@@ -1014,10 +1014,10 @@ handle_page_fault: +@@ -1004,10 +1004,10 @@ handle_page_fault: 11: ld r4,_DAR(r1) ld r5,_DSISR(r1) addi r3,r1,STACK_FRAME_OVERHEAD @@ -2497,10 +2496,10 @@ index 0b6d796..d760ddb 100644 /* Find this entry, or if that fails, the next avail. entry */ while (entry->jump[0]) { diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c -index 8f53954..a704ad6 100644 +index 6457574..08b28d3 100644 --- a/arch/powerpc/kernel/process.c +++ b/arch/powerpc/kernel/process.c -@@ -682,8 +682,8 @@ void show_regs(struct pt_regs * regs) +@@ -660,8 +660,8 @@ void show_regs(struct pt_regs * regs) * Lookup NIP late so we have the best change of getting the * above info out without failing */ @@ -2511,7 +2510,7 @@ index 8f53954..a704ad6 100644 #endif show_stack(current, (unsigned long *) regs->gpr[1]); if (!user_mode(regs)) -@@ -1187,10 +1187,10 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) +@@ -1165,10 +1165,10 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) newsp = stack[0]; ip = stack[STACK_FRAME_LR_SAVE]; if (!firstframe || ip != lr) { @@ -2524,7 +2523,7 @@ index 8f53954..a704ad6 100644 (void *)current->ret_stack[curr_frame].ret); curr_frame--; } -@@ -1210,7 +1210,7 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) +@@ -1188,7 +1188,7 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) struct pt_regs *regs = (struct pt_regs *) (sp + STACK_FRAME_OVERHEAD); lr = regs->link; @@ -2533,7 +2532,7 @@ index 8f53954..a704ad6 100644 regs->trap, (void *)regs->nip, (void *)lr); firstframe = 1; } -@@ -1285,58 +1285,3 @@ void thread_info_cache_init(void) +@@ -1263,58 +1263,3 @@ void thread_info_cache_init(void) } #endif /* THREAD_SHIFT < PAGE_SHIFT */ @@ -2593,7 +2592,7 @@ index 8f53954..a704ad6 100644 - return ret; -} diff --git a/arch/powerpc/kernel/signal_32.c b/arch/powerpc/kernel/signal_32.c -index 78b76dc..7f232ef 100644 +index 836a5a1..27289a3 100644 --- a/arch/powerpc/kernel/signal_32.c +++ b/arch/powerpc/kernel/signal_32.c @@ -859,7 +859,7 @@ int handle_rt_signal32(unsigned long sig, struct k_sigaction *ka, @@ -2606,10 +2605,10 @@ index 78b76dc..7f232ef 100644 goto badframe; regs->link = current->mm->context.vdso_base + vdso32_rt_sigtramp; diff --git a/arch/powerpc/kernel/signal_64.c b/arch/powerpc/kernel/signal_64.c -index e91c736..742ec06 100644 +index a50b5ec..547078a 100644 --- a/arch/powerpc/kernel/signal_64.c +++ b/arch/powerpc/kernel/signal_64.c -@@ -430,7 +430,7 @@ int handle_rt_signal64(int signr, struct k_sigaction *ka, siginfo_t *info, +@@ -429,7 +429,7 @@ int handle_rt_signal64(int signr, struct k_sigaction *ka, siginfo_t *info, current->thread.fpscr.val = 0; /* Set up to return from userspace. */ @@ -2619,7 +2618,7 @@ index e91c736..742ec06 100644 } else { err |= setup_trampoline(__NR_rt_sigreturn, &frame->tramp[0]); diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c -index f19d977..8ac286e 100644 +index 5459d14..10f8070 100644 --- a/arch/powerpc/kernel/traps.c +++ b/arch/powerpc/kernel/traps.c @@ -98,6 +98,8 @@ static void pmac_backlight_unblank(void) @@ -2641,10 +2640,10 @@ index f19d977..8ac286e 100644 do_exit(err); diff --git a/arch/powerpc/kernel/vdso.c b/arch/powerpc/kernel/vdso.c -index 142ab10..236e61a 100644 +index 7d14bb6..1305601 100644 --- a/arch/powerpc/kernel/vdso.c +++ b/arch/powerpc/kernel/vdso.c -@@ -36,6 +36,7 @@ +@@ -35,6 +35,7 @@ #include <asm/firmware.h> #include <asm/vdso.h> #include <asm/vdso_datapage.h> @@ -2652,7 +2651,7 @@ index 142ab10..236e61a 100644 #include "setup.h" -@@ -220,7 +221,7 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) +@@ -219,7 +220,7 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) vdso_base = VDSO32_MBASE; #endif @@ -2661,7 +2660,7 @@ index 142ab10..236e61a 100644 /* vDSO has a problem and was disabled, just don't "enable" it for the * process -@@ -240,7 +241,7 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) +@@ -239,7 +240,7 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) vdso_base = get_unmapped_area(NULL, vdso_base, (vdso_pages << PAGE_SHIFT) + ((VDSO_ALIGNMENT - 1) & PAGE_MASK), @@ -2841,7 +2840,7 @@ index 5a783d8..c23e14b 100644 mm->unmap_area = arch_unmap_area_topdown; } diff --git a/arch/powerpc/mm/slice.c b/arch/powerpc/mm/slice.c -index ba51948..23009d9 100644 +index 73709f7..6b90313 100644 --- a/arch/powerpc/mm/slice.c +++ b/arch/powerpc/mm/slice.c @@ -98,7 +98,7 @@ static int slice_area_is_free(struct mm_struct *mm, unsigned long addr, @@ -2940,10 +2939,10 @@ index 547f1a6..3fff354 100644 - #endif diff --git a/arch/s390/include/asm/system.h b/arch/s390/include/asm/system.h -index 6582f69..b69906f 100644 +index ef573c1..75a1ce6 100644 --- a/arch/s390/include/asm/system.h +++ b/arch/s390/include/asm/system.h -@@ -256,7 +256,7 @@ extern void (*_machine_restart)(char *command); +@@ -262,7 +262,7 @@ extern void (*_machine_restart)(char *command); extern void (*_machine_halt)(void); extern void (*_machine_power_off)(void); @@ -3064,10 +3063,10 @@ index dfcb343..eda788a 100644 if (r_type == R_390_GOTPC) *(unsigned int *) loc = val; diff --git a/arch/s390/kernel/process.c b/arch/s390/kernel/process.c -index 541a750..8739853 100644 +index 9451b21..ed8956f 100644 --- a/arch/s390/kernel/process.c +++ b/arch/s390/kernel/process.c -@@ -319,39 +319,3 @@ unsigned long get_wchan(struct task_struct *p) +@@ -321,39 +321,3 @@ unsigned long get_wchan(struct task_struct *p) } return 0; } @@ -3108,10 +3107,10 @@ index 541a750..8739853 100644 - return ret; -} diff --git a/arch/s390/mm/mmap.c b/arch/s390/mm/mmap.c -index c9a9f7f..60d0315 100644 +index f09c748..cf9ec1d 100644 --- a/arch/s390/mm/mmap.c +++ b/arch/s390/mm/mmap.c -@@ -91,10 +91,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) +@@ -92,10 +92,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) */ if (mmap_is_legacy()) { mm->mmap_base = TASK_UNMAPPED_BASE; @@ -3134,7 +3133,7 @@ index c9a9f7f..60d0315 100644 mm->get_unmapped_area = arch_get_unmapped_area_topdown; mm->unmap_area = arch_unmap_area_topdown; } -@@ -166,10 +178,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) +@@ -167,10 +179,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) */ if (mmap_is_legacy()) { mm->mmap_base = TASK_UNMAPPED_BASE; @@ -3865,7 +3864,7 @@ index f793742..4d880af 100644 } while (++count < 16); printk("\n"); diff --git a/arch/sparc/kernel/process_64.c b/arch/sparc/kernel/process_64.c -index d959cd0..7b42812 100644 +index 3739a06..48b2ff0 100644 --- a/arch/sparc/kernel/process_64.c +++ b/arch/sparc/kernel/process_64.c @@ -180,14 +180,14 @@ static void show_regwindow(struct pt_regs *regs) @@ -3926,7 +3925,7 @@ index 42b282f..28ce9f2 100644 addr = vmm->vm_end; if (flags & MAP_SHARED) diff --git a/arch/sparc/kernel/sys_sparc_64.c b/arch/sparc/kernel/sys_sparc_64.c -index 908b47a..aa9e584 100644 +index 441521a..b767073 100644 --- a/arch/sparc/kernel/sys_sparc_64.c +++ b/arch/sparc/kernel/sys_sparc_64.c @@ -124,7 +124,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi @@ -4077,10 +4076,10 @@ index 908b47a..aa9e584 100644 mm->unmap_area = arch_unmap_area_topdown; } diff --git a/arch/sparc/kernel/traps_32.c b/arch/sparc/kernel/traps_32.c -index c0490c7..84959d1 100644 +index 591f20c..0f1b925 100644 --- a/arch/sparc/kernel/traps_32.c +++ b/arch/sparc/kernel/traps_32.c -@@ -44,6 +44,8 @@ static void instruction_dump(unsigned long *pc) +@@ -45,6 +45,8 @@ static void instruction_dump(unsigned long *pc) #define __SAVE __asm__ __volatile__("save %sp, -0x40, %sp\n\t") #define __RESTORE __asm__ __volatile__("restore %g0, %g0, %g0\n\t") @@ -4089,7 +4088,7 @@ index c0490c7..84959d1 100644 void die_if_kernel(char *str, struct pt_regs *regs) { static int die_counter; -@@ -76,15 +78,17 @@ void die_if_kernel(char *str, struct pt_regs *regs) +@@ -77,15 +79,17 @@ void die_if_kernel(char *str, struct pt_regs *regs) count++ < 30 && (((unsigned long) rw) >= PAGE_OFFSET) && !(((unsigned long) rw) & 0x7)) { @@ -4551,12 +4550,12 @@ index 301421c..e2535d1 100644 obj-$(CONFIG_SPARC64) += ultra.o tlb.o tsb.o gup.o obj-y += fault_$(BITS).o diff --git a/arch/sparc/mm/fault_32.c b/arch/sparc/mm/fault_32.c -index aa1c1b1..f93e28f 100644 +index 8023fd7..c8e89e9 100644 --- a/arch/sparc/mm/fault_32.c +++ b/arch/sparc/mm/fault_32.c -@@ -22,6 +22,9 @@ +@@ -21,6 +21,9 @@ + #include <linux/perf_event.h> #include <linux/interrupt.h> - #include <linux/module.h> #include <linux/kdebug.h> +#include <linux/slab.h> +#include <linux/pagemap.h> @@ -4564,7 +4563,7 @@ index aa1c1b1..f93e28f 100644 #include <asm/system.h> #include <asm/page.h> -@@ -209,6 +212,268 @@ static unsigned long compute_si_addr(struct pt_regs *regs, int text_fault) +@@ -208,6 +211,268 @@ static unsigned long compute_si_addr(struct pt_regs *regs, int text_fault) return safe_compute_effective_address(regs, insn); } @@ -4833,7 +4832,7 @@ index aa1c1b1..f93e28f 100644 static noinline void do_fault_siginfo(int code, int sig, struct pt_regs *regs, int text_fault) { -@@ -281,6 +546,24 @@ good_area: +@@ -280,6 +545,24 @@ good_area: if(!(vma->vm_flags & VM_WRITE)) goto bad_area; } else { @@ -5370,10 +5369,10 @@ index 504c062..6fcb9c6 100644 * load/store/atomic was a write or not, it only says that there * was no match. So in such a case we (carefully) read the diff --git a/arch/sparc/mm/hugetlbpage.c b/arch/sparc/mm/hugetlbpage.c -index f4e9764..5682724 100644 +index 07e1453..0a7d9e9 100644 --- a/arch/sparc/mm/hugetlbpage.c +++ b/arch/sparc/mm/hugetlbpage.c -@@ -68,7 +68,7 @@ full_search: +@@ -67,7 +67,7 @@ full_search: } return -ENOMEM; } @@ -5382,7 +5381,7 @@ index f4e9764..5682724 100644 /* * Remember the place where we stopped the search: */ -@@ -107,7 +107,7 @@ hugetlb_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -106,7 +106,7 @@ hugetlb_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, /* make sure it can fit in the remaining address space */ if (likely(addr > len)) { vma = find_vma(mm, addr-len); @@ -5391,7 +5390,7 @@ index f4e9764..5682724 100644 /* remember the address as a hint for next time */ return (mm->free_area_cache = addr-len); } -@@ -116,16 +116,17 @@ hugetlb_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -115,16 +115,17 @@ hugetlb_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, if (unlikely(mm->mmap_base < len)) goto bottomup; @@ -5411,7 +5410,7 @@ index f4e9764..5682724 100644 /* remember the address as a hint for next time */ return (mm->free_area_cache = addr); } -@@ -135,8 +136,8 @@ hugetlb_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -134,8 +135,8 @@ hugetlb_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, mm->cached_hole_size = vma->vm_start - addr; /* try just below the current vma->vm_start */ @@ -5422,7 +5421,7 @@ index f4e9764..5682724 100644 bottomup: /* -@@ -182,8 +183,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, +@@ -181,8 +182,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, if (addr) { addr = ALIGN(addr, HPAGE_SIZE); vma = find_vma(mm, addr); @@ -5489,20 +5488,20 @@ index cbef74e..c38fead 100644 page_kernel = pgprot_val(SRMMU_PAGE_KERNEL); diff --git a/arch/um/Makefile b/arch/um/Makefile -index c0f712c..3a5c4c9 100644 +index 7730af6..cce5b19 100644 --- a/arch/um/Makefile +++ b/arch/um/Makefile -@@ -49,6 +49,10 @@ USER_CFLAGS = $(patsubst $(KERNEL_DEFINES),,$(patsubst -D__KERNEL__,,\ +@@ -61,6 +61,10 @@ USER_CFLAGS = $(patsubst $(KERNEL_DEFINES),,$(patsubst -D__KERNEL__,,\ $(patsubst -I%,,$(KBUILD_CFLAGS)))) $(ARCH_INCLUDE) $(MODE_INCLUDE) \ - $(filter -I%,$(CFLAGS)) -D_FILE_OFFSET_BITS=64 + $(filter -I%,$(CFLAGS)) -D_FILE_OFFSET_BITS=64 -idirafter include +ifdef CONSTIFY_PLUGIN +USER_CFLAGS += $(CONSTIFY_PLUGIN) -fplugin-arg-constify_plugin-no-constify +endif + - include $(srctree)/$(ARCH_DIR)/Makefile-$(SUBARCH) - #This will adjust *FLAGS accordingly to the platform. + include $(srctree)/$(ARCH_DIR)/Makefile-os-$(OS) + diff --git a/arch/um/include/asm/kmap_types.h b/arch/um/include/asm/kmap_types.h index 6c03acd..a5e0215 100644 --- a/arch/um/include/asm/kmap_types.h @@ -5516,7 +5515,7 @@ index 6c03acd..a5e0215 100644 }; diff --git a/arch/um/include/asm/page.h b/arch/um/include/asm/page.h -index 4cc9b6c..02e5029 100644 +index 7cfc3ce..cbd1a58 100644 --- a/arch/um/include/asm/page.h +++ b/arch/um/include/asm/page.h @@ -14,6 +14,9 @@ @@ -5530,10 +5529,10 @@ index 4cc9b6c..02e5029 100644 struct page; diff --git a/arch/um/kernel/process.c b/arch/um/kernel/process.c -index 21c1ae7..4640aaa 100644 +index c533835..84db18e 100644 --- a/arch/um/kernel/process.c +++ b/arch/um/kernel/process.c -@@ -404,22 +404,6 @@ int singlestepping(void * t) +@@ -406,22 +406,6 @@ int singlestepping(void * t) return 2; } @@ -5556,63 +5555,11 @@ index 21c1ae7..4640aaa 100644 unsigned long get_wchan(struct task_struct *p) { unsigned long stack_page, sp, ip; -diff --git a/arch/um/sys-i386/shared/sysdep/system.h b/arch/um/sys-i386/shared/sysdep/system.h -index d1b93c4..ae1b7fd 100644 ---- a/arch/um/sys-i386/shared/sysdep/system.h -+++ b/arch/um/sys-i386/shared/sysdep/system.h -@@ -17,7 +17,7 @@ - # define AT_VECTOR_SIZE_ARCH 1 - #endif - --extern unsigned long arch_align_stack(unsigned long sp); -+#define arch_align_stack(x) ((x) & ~0xfUL) - - void default_idle(void); - -diff --git a/arch/um/sys-i386/syscalls.c b/arch/um/sys-i386/syscalls.c -index 70ca357..728d1cc 100644 ---- a/arch/um/sys-i386/syscalls.c -+++ b/arch/um/sys-i386/syscalls.c -@@ -11,6 +11,21 @@ - #include "asm/uaccess.h" - #include "asm/unistd.h" - -+int i386_mmap_check(unsigned long addr, unsigned long len, unsigned long flags) -+{ -+ unsigned long pax_task_size = TASK_SIZE; -+ -+#ifdef CONFIG_PAX_SEGMEXEC -+ if (current->mm->pax_flags & MF_PAX_SEGMEXEC) -+ pax_task_size = SEGMEXEC_TASK_SIZE; -+#endif -+ -+ if (len > pax_task_size || addr > pax_task_size - len) -+ return -EINVAL; -+ -+ return 0; -+} -+ - /* - * The prototype on i386 is: - * -diff --git a/arch/um/sys-x86_64/shared/sysdep/system.h b/arch/um/sys-x86_64/shared/sysdep/system.h -index d1b93c4..ae1b7fd 100644 ---- a/arch/um/sys-x86_64/shared/sysdep/system.h -+++ b/arch/um/sys-x86_64/shared/sysdep/system.h -@@ -17,7 +17,7 @@ - # define AT_VECTOR_SIZE_ARCH 1 - #endif - --extern unsigned long arch_align_stack(unsigned long sp); -+#define arch_align_stack(x) ((x) & ~0xfUL) - - void default_idle(void); - diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index 6a47bb2..dc9a868 100644 +index efb4294..61bc18c 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig -@@ -236,7 +236,7 @@ config X86_HT +@@ -235,7 +235,7 @@ config X86_HT config X86_32_LAZY_GS def_bool y @@ -5621,7 +5568,7 @@ index 6a47bb2..dc9a868 100644 config ARCH_HWEIGHT_CFLAGS string -@@ -1019,7 +1019,7 @@ choice +@@ -1022,7 +1022,7 @@ choice config NOHIGHMEM bool "off" @@ -5630,7 +5577,7 @@ index 6a47bb2..dc9a868 100644 ---help--- Linux can use up to 64 Gigabytes of physical memory on x86 systems. However, the address space of 32-bit x86 processors is only 4 -@@ -1056,7 +1056,7 @@ config NOHIGHMEM +@@ -1059,7 +1059,7 @@ config NOHIGHMEM config HIGHMEM4G bool "4GB" @@ -5639,7 +5586,7 @@ index 6a47bb2..dc9a868 100644 ---help--- Select this if you have a 32-bit processor and between 1 and 4 gigabytes of physical RAM. -@@ -1110,7 +1110,7 @@ config PAGE_OFFSET +@@ -1113,7 +1113,7 @@ config PAGE_OFFSET hex default 0xB0000000 if VMSPLIT_3G_OPT default 0x80000000 if VMSPLIT_2G @@ -5648,7 +5595,7 @@ index 6a47bb2..dc9a868 100644 default 0x40000000 if VMSPLIT_1G default 0xC0000000 depends on X86_32 -@@ -1484,6 +1484,7 @@ config SECCOMP +@@ -1496,6 +1496,7 @@ config SECCOMP config CC_STACKPROTECTOR bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)" @@ -5656,7 +5603,7 @@ index 6a47bb2..dc9a868 100644 ---help--- This option turns on the -fstack-protector GCC feature. This feature puts, at the beginning of functions, a canary value on -@@ -1541,6 +1542,7 @@ config KEXEC_JUMP +@@ -1553,6 +1554,7 @@ config KEXEC_JUMP config PHYSICAL_START hex "Physical address where the kernel is loaded" if (EXPERT || CRASH_DUMP) default "0x1000000" @@ -5664,7 +5611,7 @@ index 6a47bb2..dc9a868 100644 ---help--- This gives the physical address where the kernel is loaded. -@@ -1604,6 +1606,7 @@ config X86_NEED_RELOCS +@@ -1616,6 +1618,7 @@ config X86_NEED_RELOCS config PHYSICAL_ALIGN hex "Alignment value to which kernel should be aligned" if X86_32 default "0x1000000" @@ -5672,7 +5619,7 @@ index 6a47bb2..dc9a868 100644 range 0x2000 0x1000000 ---help--- This value puts the alignment restrictions on physical address -@@ -1635,9 +1638,10 @@ config HOTPLUG_CPU +@@ -1647,9 +1650,10 @@ config HOTPLUG_CPU Say N if you want to disable CPU hotplug. config COMPAT_VDSO @@ -5716,7 +5663,7 @@ index e3ca7e0..b30b28a 100644 config X86_MINIMUM_CPU_FAMILY int diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug -index c0f8a5c..6404f61 100644 +index bf56e17..05f9891 100644 --- a/arch/x86/Kconfig.debug +++ b/arch/x86/Kconfig.debug @@ -81,7 +81,7 @@ config X86_PTDUMP @@ -6206,7 +6153,7 @@ index 4d3ff03..e4972ff 100644 err = check_flags(); } diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S -index 93e689f..504ba09 100644 +index bdb4d45..0476680 100644 --- a/arch/x86/boot/header.S +++ b/arch/x86/boot/header.S @@ -224,7 +224,7 @@ setup_data: .quad 0 # 64-bit physical pointer to @@ -6468,6 +6415,62 @@ index be6d9e3..21fbbca 100644 ret +ENDPROC(aesni_ctr_enc) #endif +diff --git a/arch/x86/crypto/blowfish-x86_64-asm_64.S b/arch/x86/crypto/blowfish-x86_64-asm_64.S +index 391d245..67f35c2 100644 +--- a/arch/x86/crypto/blowfish-x86_64-asm_64.S ++++ b/arch/x86/crypto/blowfish-x86_64-asm_64.S +@@ -20,6 +20,8 @@ + * + */ + ++#include <asm/alternative-asm.h> ++ + .file "blowfish-x86_64-asm.S" + .text + +@@ -151,9 +153,11 @@ __blowfish_enc_blk: + jnz __enc_xor; + + write_block(); ++ pax_force_retaddr 0, 1 + ret; + __enc_xor: + xor_block(); ++ pax_force_retaddr 0, 1 + ret; + + .align 8 +@@ -188,6 +192,7 @@ blowfish_dec_blk: + + movq %r11, %rbp; + ++ pax_force_retaddr 0, 1 + ret; + + /********************************************************************** +@@ -342,6 +347,7 @@ __blowfish_enc_blk_4way: + + popq %rbx; + popq %rbp; ++ pax_force_retaddr 0, 1 + ret; + + __enc_xor4: +@@ -349,6 +355,7 @@ __enc_xor4: + + popq %rbx; + popq %rbp; ++ pax_force_retaddr 0, 1 + ret; + + .align 8 +@@ -386,5 +393,6 @@ blowfish_dec_blk_4way: + popq %rbx; + popq %rbp; + ++ pax_force_retaddr 0, 1 + ret; + diff --git a/arch/x86/crypto/salsa20-x86_64-asm_64.S b/arch/x86/crypto/salsa20-x86_64-asm_64.S index 6214a9b..1f4fc9a 100644 --- a/arch/x86/crypto/salsa20-x86_64-asm_64.S @@ -6500,8 +6503,65 @@ index 6214a9b..1f4fc9a 100644 mov %rsi,%rdx + pax_force_retaddr ret +diff --git a/arch/x86/crypto/sha1_ssse3_asm.S b/arch/x86/crypto/sha1_ssse3_asm.S +index b2c2f57..8470cab 100644 +--- a/arch/x86/crypto/sha1_ssse3_asm.S ++++ b/arch/x86/crypto/sha1_ssse3_asm.S +@@ -28,6 +28,8 @@ + * (at your option) any later version. + */ + ++#include <asm/alternative-asm.h> ++ + #define CTX %rdi // arg1 + #define BUF %rsi // arg2 + #define CNT %rdx // arg3 +@@ -104,6 +106,7 @@ + pop %r12 + pop %rbp + pop %rbx ++ pax_force_retaddr 0, 1 + ret + + .size \name, .-\name +diff --git a/arch/x86/crypto/twofish-x86_64-asm_64-3way.S b/arch/x86/crypto/twofish-x86_64-asm_64-3way.S +index 5b012a2..36d5364 100644 +--- a/arch/x86/crypto/twofish-x86_64-asm_64-3way.S ++++ b/arch/x86/crypto/twofish-x86_64-asm_64-3way.S +@@ -20,6 +20,8 @@ + * + */ + ++#include <asm/alternative-asm.h> ++ + .file "twofish-x86_64-asm-3way.S" + .text + +@@ -260,6 +262,7 @@ __twofish_enc_blk_3way: + popq %r13; + popq %r14; + popq %r15; ++ pax_force_retaddr 0, 1 + ret; + + __enc_xor3: +@@ -271,6 +274,7 @@ __enc_xor3: + popq %r13; + popq %r14; + popq %r15; ++ pax_force_retaddr 0, 1 + ret; + + .global twofish_dec_blk_3way +@@ -312,5 +316,6 @@ twofish_dec_blk_3way: + popq %r13; + popq %r14; + popq %r15; ++ pax_force_retaddr 0, 1 + ret; + diff --git a/arch/x86/crypto/twofish-x86_64-asm_64.S b/arch/x86/crypto/twofish-x86_64-asm_64.S -index 573aa10..b73ad89 100644 +index 7bcf3fc..f53832f 100644 --- a/arch/x86/crypto/twofish-x86_64-asm_64.S +++ b/arch/x86/crypto/twofish-x86_64-asm_64.S @@ -21,6 +21,7 @@ @@ -6512,7 +6572,7 @@ index 573aa10..b73ad89 100644 #define a_offset 0 #define b_offset 4 -@@ -269,6 +270,7 @@ twofish_enc_blk: +@@ -268,6 +269,7 @@ twofish_enc_blk: popq R1 movq $1,%rax @@ -6520,7 +6580,7 @@ index 573aa10..b73ad89 100644 ret twofish_dec_blk: -@@ -321,4 +323,5 @@ twofish_dec_blk: +@@ -319,4 +321,5 @@ twofish_dec_blk: popq R1 movq $1,%rax @@ -6620,7 +6680,7 @@ index 6557769..ef6ae89 100644 if (err) diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S -index 54edb207..db27073 100644 +index a6253ec..4ad2120 100644 --- a/arch/x86/ia32/ia32entry.S +++ b/arch/x86/ia32/ia32entry.S @@ -13,7 +13,9 @@ @@ -7077,7 +7137,7 @@ index 37ad100..7d47faa 100644 ".previous" diff --git a/arch/x86/include/asm/apic.h b/arch/x86/include/asm/apic.h -index 9b7273c..e9fcc24 100644 +index 1a6c09a..fec2432 100644 --- a/arch/x86/include/asm/apic.h +++ b/arch/x86/include/asm/apic.h @@ -45,7 +45,7 @@ static inline void generic_apic_probe(void) @@ -7112,7 +7172,7 @@ index 20370c6..a2eb9b0 100644 "popl %%ebp\n\t" "popl %%edi\n\t" diff --git a/arch/x86/include/asm/atomic.h b/arch/x86/include/asm/atomic.h -index 10572e3..392d0bc 100644 +index 58cb6d4..ca9010d 100644 --- a/arch/x86/include/asm/atomic.h +++ b/arch/x86/include/asm/atomic.h @@ -22,7 +22,18 @@ @@ -7365,66 +7425,51 @@ index 10572e3..392d0bc 100644 : "+m" (v->counter), "=qm" (c) : "ir" (i) : "memory"); return c; -@@ -180,16 +342,56 @@ static inline int atomic_add_return(int i, atomic_t *v) +@@ -179,7 +341,7 @@ static inline int atomic_add_return(int i, atomic_t *v) + goto no_xadd; #endif /* Modern 486+ processor */ - __i = i; -- asm volatile(LOCK_PREFIX "xaddl %0, %1" -+ asm volatile(LOCK_PREFIX "xaddl %0, %1\n" -+ -+#ifdef CONFIG_PAX_REFCOUNT -+ "jno 0f\n" -+ "movl %0, %1\n" -+ "int $4\n0:\n" -+ _ASM_EXTABLE(0b, 0b) -+#endif -+ - : "+r" (i), "+m" (v->counter) - : : "memory"); - return i + __i; +- return i + xadd(&v->counter, i); ++ return i + xadd_check_overflow(&v->counter, i); #ifdef CONFIG_M386 no_xadd: /* Legacy 386 processor */ -- raw_local_irq_save(flags); -+ local_irq_save(flags); - __i = atomic_read(v); - atomic_set(v, i + __i); -+ local_irq_restore(flags); -+ return i + __i; -+#endif -+} -+ -+/** +@@ -192,6 +354,34 @@ no_xadd: /* Legacy 386 processor */ + } + + /** + * atomic_add_return_unchecked - add integer and return -+ * @v: pointer of type atomic_unchecked_t + * @i: integer value to add ++ * @v: pointer of type atomic_unchecked_t + * + * Atomically adds @i to @v and returns @i + @v + */ +static inline int atomic_add_return_unchecked(int i, atomic_unchecked_t *v) +{ -+ int __i; +#ifdef CONFIG_M386 ++ int __i; + unsigned long flags; + if (unlikely(boot_cpu_data.x86 <= 3)) + goto no_xadd; +#endif + /* Modern 486+ processor */ -+ __i = i; -+ asm volatile(LOCK_PREFIX "xaddl %0, %1" -+ : "+r" (i), "+m" (v->counter) -+ : : "memory"); -+ return i + __i; ++ return i + xadd(&v->counter, i); + +#ifdef CONFIG_M386 +no_xadd: /* Legacy 386 processor */ + raw_local_irq_save(flags); + __i = atomic_read_unchecked(v); + atomic_set_unchecked(v, i + __i); - raw_local_irq_restore(flags); - return i + __i; - #endif -@@ -208,6 +410,10 @@ static inline int atomic_sub_return(int i, atomic_t *v) ++ raw_local_irq_restore(flags); ++ return i + __i; ++#endif ++} ++ ++/** + * atomic_sub_return - subtract integer and return + * @v: pointer of type atomic_t + * @i: integer value to subtract +@@ -204,6 +394,10 @@ static inline int atomic_sub_return(int i, atomic_t *v) } #define atomic_inc_return(v) (atomic_add_return(1, v)) @@ -7435,7 +7480,7 @@ index 10572e3..392d0bc 100644 #define atomic_dec_return(v) (atomic_sub_return(1, v)) static inline int atomic_cmpxchg(atomic_t *v, int old, int new) -@@ -215,11 +421,21 @@ static inline int atomic_cmpxchg(atomic_t *v, int old, int new) +@@ -211,11 +405,21 @@ static inline int atomic_cmpxchg(atomic_t *v, int old, int new) return cmpxchg(&v->counter, old, new); } @@ -7457,7 +7502,7 @@ index 10572e3..392d0bc 100644 /** * __atomic_add_unless - add unless the number is already a given value * @v: pointer of type atomic_t -@@ -231,12 +447,25 @@ static inline int atomic_xchg(atomic_t *v, int new) +@@ -227,12 +431,25 @@ static inline int atomic_xchg(atomic_t *v, int new) */ static inline int __atomic_add_unless(atomic_t *v, int a, int u) { @@ -7486,7 +7531,7 @@ index 10572e3..392d0bc 100644 if (likely(old == c)) break; c = old; -@@ -244,6 +473,48 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u) +@@ -240,6 +457,48 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u) return c; } @@ -7689,7 +7734,7 @@ index 24098aa..1e37723 100644 * @i: integer value to subtract * @v: pointer to type atomic64_t diff --git a/arch/x86/include/asm/atomic64_64.h b/arch/x86/include/asm/atomic64_64.h -index 017594d..d3fcf72 100644 +index 0e1cbfc..5623683 100644 --- a/arch/x86/include/asm/atomic64_64.h +++ b/arch/x86/include/asm/atomic64_64.h @@ -18,7 +18,19 @@ @@ -7922,23 +7967,11 @@ index 017594d..d3fcf72 100644 : "=m" (v->counter), "=qm" (c) : "er" (i), "m" (v->counter) : "memory"); return c; -@@ -171,7 +317,31 @@ static inline int atomic64_add_negative(long i, atomic64_t *v) +@@ -170,6 +316,18 @@ static inline int atomic64_add_negative(long i, atomic64_t *v) + */ static inline long atomic64_add_return(long i, atomic64_t *v) { - long __i = i; -- asm volatile(LOCK_PREFIX "xaddq %0, %1;" -+ asm volatile(LOCK_PREFIX "xaddq %0, %1\n" -+ -+#ifdef CONFIG_PAX_REFCOUNT -+ "jno 0f\n" -+ "movq %0, %1\n" -+ "int $4\n0:\n" -+ _ASM_EXTABLE(0b, 0b) -+#endif -+ -+ : "+r" (i), "+m" (v->counter) -+ : : "memory"); -+ return i + __i; ++ return i + xadd_check_overflow(&v->counter, i); +} + +/** @@ -7950,12 +7983,10 @@ index 017594d..d3fcf72 100644 + */ +static inline long atomic64_add_return_unchecked(long i, atomic64_unchecked_t *v) +{ -+ long __i = i; -+ asm volatile(LOCK_PREFIX "xaddq %0, %1" - : "+r" (i), "+m" (v->counter) - : : "memory"); - return i + __i; -@@ -183,6 +353,10 @@ static inline long atomic64_sub_return(long i, atomic64_t *v) + return i + xadd(&v->counter, i); + } + +@@ -179,6 +337,10 @@ static inline long atomic64_sub_return(long i, atomic64_t *v) } #define atomic64_inc_return(v) (atomic64_add_return(1, (v))) @@ -7966,7 +7997,7 @@ index 017594d..d3fcf72 100644 #define atomic64_dec_return(v) (atomic64_sub_return(1, (v))) static inline long atomic64_cmpxchg(atomic64_t *v, long old, long new) -@@ -190,6 +364,11 @@ static inline long atomic64_cmpxchg(atomic64_t *v, long old, long new) +@@ -186,6 +348,11 @@ static inline long atomic64_cmpxchg(atomic64_t *v, long old, long new) return cmpxchg(&v->counter, old, new); } @@ -7978,7 +8009,7 @@ index 017594d..d3fcf72 100644 static inline long atomic64_xchg(atomic64_t *v, long new) { return xchg(&v->counter, new); -@@ -206,17 +385,30 @@ static inline long atomic64_xchg(atomic64_t *v, long new) +@@ -202,17 +369,30 @@ static inline long atomic64_xchg(atomic64_t *v, long new) */ static inline int atomic64_add_unless(atomic64_t *v, long a, long u) { @@ -8117,11 +8148,66 @@ index 46fc474..b02b0f9 100644 len, sum, NULL, err_ptr); if (len) +diff --git a/arch/x86/include/asm/cmpxchg.h b/arch/x86/include/asm/cmpxchg.h +index 5d3acdf..6447a02 100644 +--- a/arch/x86/include/asm/cmpxchg.h ++++ b/arch/x86/include/asm/cmpxchg.h +@@ -14,6 +14,8 @@ extern void __cmpxchg_wrong_size(void) + __compiletime_error("Bad argument size for cmpxchg"); + extern void __xadd_wrong_size(void) + __compiletime_error("Bad argument size for xadd"); ++extern void __xadd_check_overflow_wrong_size(void) ++ __compiletime_error("Bad argument size for xadd_check_overflow"); + + /* + * Constants for operation sizes. On 32-bit, the 64-bit size it set to +@@ -195,6 +197,34 @@ extern void __xadd_wrong_size(void) + __ret; \ + }) + ++#define __xadd_check_overflow(ptr, inc, lock) \ ++ ({ \ ++ __typeof__ (*(ptr)) __ret = (inc); \ ++ switch (sizeof(*(ptr))) { \ ++ case __X86_CASE_L: \ ++ asm volatile (lock "xaddl %0, %1\n" \ ++ "jno 0f\n" \ ++ "mov %0,%1\n" \ ++ "int $4\n0:\n" \ ++ _ASM_EXTABLE(0b, 0b) \ ++ : "+r" (__ret), "+m" (*(ptr)) \ ++ : : "memory", "cc"); \ ++ break; \ ++ case __X86_CASE_Q: \ ++ asm volatile (lock "xaddq %q0, %1\n" \ ++ "jno 0f\n" \ ++ "mov %0,%1\n" \ ++ "int $4\n0:\n" \ ++ _ASM_EXTABLE(0b, 0b) \ ++ : "+r" (__ret), "+m" (*(ptr)) \ ++ : : "memory", "cc"); \ ++ break; \ ++ default: \ ++ __xadd_check_overflow_wrong_size(); \ ++ } \ ++ __ret; \ ++ }) ++ + /* + * xadd() adds "inc" to "*ptr" and atomically returns the previous + * value of "*ptr". +@@ -207,4 +237,6 @@ extern void __xadd_wrong_size(void) + #define xadd_sync(ptr, inc) __xadd((ptr), (inc), "lock; ") + #define xadd_local(ptr, inc) __xadd((ptr), (inc), "") + ++#define xadd_check_overflow(ptr, inc) __xadd_check_overflow((ptr), (inc), LOCK_PREFIX) ++ + #endif /* ASM_X86_CMPXCHG_H */ diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h -index 88b23a4..d2e5f9f 100644 +index f3444f7..051a196 100644 --- a/arch/x86/include/asm/cpufeature.h +++ b/arch/x86/include/asm/cpufeature.h -@@ -358,7 +358,7 @@ static __always_inline __pure bool __static_cpu_has(u16 bit) +@@ -363,7 +363,7 @@ static __always_inline __pure bool __static_cpu_has(u16 bit) ".section .discard,\"aw\",@progbits\n" " .byte 0xff + (4f-3f) - (2b-1b)\n" /* size check */ ".previous\n" @@ -8343,10 +8429,10 @@ index 908b969..a1f4eb4 100644 #define BIOS_ROM_BASE 0xffe00000 diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h -index f2ad216..eb24c96 100644 +index 5f962df..7289f09 100644 --- a/arch/x86/include/asm/elf.h +++ b/arch/x86/include/asm/elf.h -@@ -237,7 +237,25 @@ extern int force_personality32; +@@ -238,7 +238,25 @@ extern int force_personality32; the loader. We need to make sure that it is out of the way of the program that it will "exec", and that there is sufficient room for the brk. */ @@ -8372,7 +8458,7 @@ index f2ad216..eb24c96 100644 /* This yields a mask that user programs can use to figure out what instruction set this CPU supports. This could be done in user space, -@@ -290,9 +308,7 @@ do { \ +@@ -291,9 +309,7 @@ do { \ #define ARCH_DLINFO \ do { \ @@ -8383,7 +8469,7 @@ index f2ad216..eb24c96 100644 } while (0) #define AT_SYSINFO 32 -@@ -303,7 +319,7 @@ do { \ +@@ -304,7 +320,7 @@ do { \ #endif /* !CONFIG_X86_32 */ @@ -8392,14 +8478,16 @@ index f2ad216..eb24c96 100644 #define VDSO_ENTRY \ ((unsigned long)VDSO32_SYMBOL(VDSO_CURRENT_BASE, vsyscall)) -@@ -317,7 +333,4 @@ extern int arch_setup_additional_pages(struct linux_binprm *bprm, +@@ -318,9 +334,6 @@ extern int arch_setup_additional_pages(struct linux_binprm *bprm, extern int syscall32_setup_pages(struct linux_binprm *, int exstack); #define compat_arch_setup_additional_pages syscall32_setup_pages -extern unsigned long arch_randomize_brk(struct mm_struct *mm); -#define arch_randomize_brk arch_randomize_brk - - #endif /* _ASM_X86_ELF_H */ + /* + * True on X86_32 or when emulating IA32 on X86_64 + */ diff --git a/arch/x86/include/asm/emergency-restart.h b/arch/x86/include/asm/emergency-restart.h index cc70c1c..d96d011 100644 --- a/arch/x86/include/asm/emergency-restart.h @@ -8475,7 +8563,7 @@ index d09bb03..4ea4194 100644 : "memory" ); diff --git a/arch/x86/include/asm/hw_irq.h b/arch/x86/include/asm/hw_irq.h -index 0919905..2cf38d6 100644 +index eb92a6e..b98b2f4 100644 --- a/arch/x86/include/asm/hw_irq.h +++ b/arch/x86/include/asm/hw_irq.h @@ -136,8 +136,8 @@ extern void setup_ioapic_dest(void); @@ -8601,10 +8689,10 @@ index 5478825..839e88c 100644 #define flush_insn_slot(p) do { } while (0) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h -index dd51c83..66cbfac 100644 +index b4973f4..7c4d3fc 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h -@@ -456,7 +456,7 @@ struct kvm_arch { +@@ -459,7 +459,7 @@ struct kvm_arch { unsigned int n_requested_mmu_pages; unsigned int n_max_mmu_pages; unsigned int indirect_shadow_pages; @@ -8613,10 +8701,10 @@ index dd51c83..66cbfac 100644 struct hlist_head mmu_page_hash[KVM_NUM_MMU_PAGES]; /* * Hash table of struct kvm_mmu_page. -@@ -636,7 +636,7 @@ struct kvm_x86_ops { +@@ -638,7 +638,7 @@ struct kvm_x86_ops { + int (*check_intercept)(struct kvm_vcpu *vcpu, + struct x86_instruction_info *info, enum x86_intercept_stage stage); - - const struct trace_print_flags *exit_reasons_str; -}; +} __do_const; @@ -9645,10 +9733,10 @@ index 013286a..8b42f4f 100644 #define pgprot_writecombine pgprot_writecombine extern pgprot_t pgprot_writecombine(pgprot_t prot); diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h -index 0d1171c..36571a9 100644 +index b650435..eefa566 100644 --- a/arch/x86/include/asm/processor.h +++ b/arch/x86/include/asm/processor.h -@@ -266,7 +266,7 @@ struct tss_struct { +@@ -268,7 +268,7 @@ struct tss_struct { } ____cacheline_aligned; @@ -9657,7 +9745,7 @@ index 0d1171c..36571a9 100644 /* * Save the original ist values for checking stack pointers during debugging -@@ -858,11 +858,18 @@ static inline void spin_lock_prefetch(const void *x) +@@ -860,11 +860,18 @@ static inline void spin_lock_prefetch(const void *x) */ #define TASK_SIZE PAGE_OFFSET #define TASK_SIZE_MAX TASK_SIZE @@ -9678,7 +9766,7 @@ index 0d1171c..36571a9 100644 .vm86_info = NULL, \ .sysenter_cs = __KERNEL_CS, \ .io_bitmap_ptr = NULL, \ -@@ -876,7 +883,7 @@ static inline void spin_lock_prefetch(const void *x) +@@ -878,7 +885,7 @@ static inline void spin_lock_prefetch(const void *x) */ #define INIT_TSS { \ .x86_tss = { \ @@ -9687,7 +9775,7 @@ index 0d1171c..36571a9 100644 .ss0 = __KERNEL_DS, \ .ss1 = __KERNEL_CS, \ .io_bitmap_base = INVALID_IO_BITMAP_OFFSET, \ -@@ -887,11 +894,7 @@ static inline void spin_lock_prefetch(const void *x) +@@ -889,11 +896,7 @@ static inline void spin_lock_prefetch(const void *x) extern unsigned long thread_saved_pc(struct task_struct *tsk); #define THREAD_SIZE_LONGS (THREAD_SIZE/sizeof(unsigned long)) @@ -9700,7 +9788,7 @@ index 0d1171c..36571a9 100644 /* * The below -8 is to reserve 8 bytes on top of the ring0 stack. -@@ -906,7 +909,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); +@@ -908,7 +911,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); #define task_pt_regs(task) \ ({ \ struct pt_regs *__regs__; \ @@ -9709,7 +9797,7 @@ index 0d1171c..36571a9 100644 __regs__ - 1; \ }) -@@ -916,13 +919,13 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); +@@ -918,13 +921,13 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); /* * User space process size. 47bits minus one guard page. */ @@ -9725,7 +9813,7 @@ index 0d1171c..36571a9 100644 #define TASK_SIZE (test_thread_flag(TIF_IA32) ? \ IA32_PAGE_OFFSET : TASK_SIZE_MAX) -@@ -933,11 +936,11 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); +@@ -935,11 +938,11 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); #define STACK_TOP_MAX TASK_SIZE_MAX #define INIT_THREAD { \ @@ -9739,7 +9827,7 @@ index 0d1171c..36571a9 100644 } /* -@@ -959,6 +962,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip, +@@ -961,6 +964,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip, */ #define TASK_UNMAPPED_BASE (PAGE_ALIGN(TASK_SIZE / 3)) @@ -9810,7 +9898,7 @@ index 3566454..4bdfb8c 100644 } #endif diff --git a/arch/x86/include/asm/reboot.h b/arch/x86/include/asm/reboot.h -index 3250e3d..20db631 100644 +index 92f29706..a79cbbb 100644 --- a/arch/x86/include/asm/reboot.h +++ b/arch/x86/include/asm/reboot.h @@ -6,19 +6,19 @@ @@ -9840,7 +9928,7 @@ index 3250e3d..20db631 100644 #define MRR_BIOS 0 #define MRR_APM 1 diff --git a/arch/x86/include/asm/rwsem.h b/arch/x86/include/asm/rwsem.h -index df4cd32..27ae072 100644 +index 2dbe4a7..ce1db00 100644 --- a/arch/x86/include/asm/rwsem.h +++ b/arch/x86/include/asm/rwsem.h @@ -64,6 +64,14 @@ static inline void __down_read(struct rw_semaphore *sem) @@ -9950,23 +10038,15 @@ index df4cd32..27ae072 100644 : "+m" (sem->count) : "er" (delta)); } -@@ -206,7 +262,15 @@ static inline long rwsem_atomic_update(long delta, struct rw_semaphore *sem) +@@ -204,7 +260,7 @@ static inline void rwsem_atomic_add(long delta, struct rw_semaphore *sem) + */ + static inline long rwsem_atomic_update(long delta, struct rw_semaphore *sem) { - long tmp = delta; - -- asm volatile(LOCK_PREFIX "xadd %0,%1" -+ asm volatile(LOCK_PREFIX "xadd %0,%1\n" -+ -+#ifdef CONFIG_PAX_REFCOUNT -+ "jno 0f\n" -+ "mov %0,%1\n" -+ "int $4\n0:\n" -+ _ASM_EXTABLE(0b, 0b) -+#endif -+ - : "+r" (tmp), "+m" (sem->count) - : : "memory"); +- return delta + xadd(&sem->count, delta); ++ return delta + xadd_check_overflow(&sem->count, delta); + } + #endif /* __KERNEL__ */ diff --git a/arch/x86/include/asm/segment.h b/arch/x86/include/asm/segment.h index 5e64171..f58957e 100644 --- a/arch/x86/include/asm/segment.h @@ -10077,10 +10157,10 @@ index 73b11bc..d4a3b63 100644 #endif diff --git a/arch/x86/include/asm/spinlock.h b/arch/x86/include/asm/spinlock.h -index ee67edf..49c796b 100644 +index 972c260..43ab1fd 100644 --- a/arch/x86/include/asm/spinlock.h +++ b/arch/x86/include/asm/spinlock.h -@@ -248,6 +248,14 @@ static inline int arch_write_can_lock(arch_rwlock_t *lock) +@@ -188,6 +188,14 @@ static inline int arch_write_can_lock(arch_rwlock_t *lock) static inline void arch_read_lock(arch_rwlock_t *rw) { asm volatile(LOCK_PREFIX READ_LOCK_SIZE(dec) " (%0)\n\t" @@ -10095,7 +10175,7 @@ index ee67edf..49c796b 100644 "jns 1f\n" "call __read_lock_failed\n\t" "1:\n" -@@ -257,6 +265,14 @@ static inline void arch_read_lock(arch_rwlock_t *rw) +@@ -197,6 +205,14 @@ static inline void arch_read_lock(arch_rwlock_t *rw) static inline void arch_write_lock(arch_rwlock_t *rw) { asm volatile(LOCK_PREFIX WRITE_LOCK_SUB(%1) "(%0)\n\t" @@ -10110,7 +10190,7 @@ index ee67edf..49c796b 100644 "jz 1f\n" "call __write_lock_failed\n\t" "1:\n" -@@ -286,13 +302,29 @@ static inline int arch_write_trylock(arch_rwlock_t *lock) +@@ -226,13 +242,29 @@ static inline int arch_write_trylock(arch_rwlock_t *lock) static inline void arch_read_unlock(arch_rwlock_t *rw) { @@ -10663,22 +10743,20 @@ index 36361bf..324f262 100644 #ifdef CONFIG_X86_WP_WORKS_OK diff --git a/arch/x86/include/asm/uaccess_32.h b/arch/x86/include/asm/uaccess_32.h -index 566e803..89f1e60 100644 +index 566e803..b9521e9 100644 --- a/arch/x86/include/asm/uaccess_32.h +++ b/arch/x86/include/asm/uaccess_32.h -@@ -43,6 +43,11 @@ unsigned long __must_check __copy_from_user_ll_nocache_nozero +@@ -43,6 +43,9 @@ unsigned long __must_check __copy_from_user_ll_nocache_nozero static __always_inline unsigned long __must_check __copy_to_user_inatomic(void __user *to, const void *from, unsigned long n) { -+ pax_track_stack(); -+ + if ((long)n < 0) + return n; + if (__builtin_constant_p(n)) { unsigned long ret; -@@ -61,6 +66,8 @@ __copy_to_user_inatomic(void __user *to, const void *from, unsigned long n) +@@ -61,6 +64,8 @@ __copy_to_user_inatomic(void __user *to, const void *from, unsigned long n) return ret; } } @@ -10687,7 +10765,7 @@ index 566e803..89f1e60 100644 return __copy_to_user_ll(to, from, n); } -@@ -82,12 +89,16 @@ static __always_inline unsigned long __must_check +@@ -82,12 +87,16 @@ static __always_inline unsigned long __must_check __copy_to_user(void __user *to, const void *from, unsigned long n) { might_fault(); @@ -10704,20 +10782,18 @@ index 566e803..89f1e60 100644 /* Avoid zeroing the tail if the copy fails.. * If 'n' is constant and 1, 2, or 4, we do still zero on a failure, * but as the zeroing behaviour is only significant when n is not -@@ -137,6 +148,12 @@ static __always_inline unsigned long +@@ -137,6 +146,10 @@ static __always_inline unsigned long __copy_from_user(void *to, const void __user *from, unsigned long n) { might_fault(); + -+ pax_track_stack(); -+ + if ((long)n < 0) + return n; + if (__builtin_constant_p(n)) { unsigned long ret; -@@ -152,6 +169,8 @@ __copy_from_user(void *to, const void __user *from, unsigned long n) +@@ -152,6 +165,8 @@ __copy_from_user(void *to, const void __user *from, unsigned long n) return ret; } } @@ -10726,7 +10802,7 @@ index 566e803..89f1e60 100644 return __copy_from_user_ll(to, from, n); } -@@ -159,6 +178,10 @@ static __always_inline unsigned long __copy_from_user_nocache(void *to, +@@ -159,6 +174,10 @@ static __always_inline unsigned long __copy_from_user_nocache(void *to, const void __user *from, unsigned long n) { might_fault(); @@ -10737,7 +10813,7 @@ index 566e803..89f1e60 100644 if (__builtin_constant_p(n)) { unsigned long ret; -@@ -181,15 +204,19 @@ static __always_inline unsigned long +@@ -181,15 +200,19 @@ static __always_inline unsigned long __copy_from_user_inatomic_nocache(void *to, const void __user *from, unsigned long n) { @@ -10764,7 +10840,7 @@ index 566e803..89f1e60 100644 extern void copy_from_user_overflow(void) #ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS -@@ -199,17 +226,61 @@ extern void copy_from_user_overflow(void) +@@ -199,17 +222,61 @@ extern void copy_from_user_overflow(void) #endif ; @@ -10834,7 +10910,7 @@ index 566e803..89f1e60 100644 } diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h -index 1c66d30..59bd7d4 100644 +index 1c66d30..23ab77d 100644 --- a/arch/x86/include/asm/uaccess_64.h +++ b/arch/x86/include/asm/uaccess_64.h @@ -10,6 +10,9 @@ @@ -10863,7 +10939,7 @@ index 1c66d30..59bd7d4 100644 { unsigned ret; -@@ -36,138 +39,226 @@ copy_user_generic(void *to, const void *from, unsigned len) +@@ -36,138 +39,222 @@ copy_user_generic(void *to, const void *from, unsigned len) return ret; } @@ -10881,8 +10957,7 @@ index 1c66d30..59bd7d4 100644 static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, -- unsigned long n) -+ unsigned n) + unsigned long n) { - int sz = __compiletime_object_size(to); - @@ -10928,8 +11003,6 @@ index 1c66d30..59bd7d4 100644 - if (!__builtin_constant_p(size)) - return copy_user_generic(dst, (__force void *)src, size); + -+ pax_track_stack(); -+ + if (size > INT_MAX) + return size; + @@ -11018,8 +11091,6 @@ index 1c66d30..59bd7d4 100644 - if (!__builtin_constant_p(size)) - return copy_user_generic((__force void *)dst, src, size); + -+ pax_track_stack(); -+ + if (size > INT_MAX) + return size; + @@ -11138,7 +11209,7 @@ index 1c66d30..59bd7d4 100644 ret, "b", "b", "=q", 1); if (likely(!ret)) __put_user_asm(tmp, (u8 __user *)dst, -@@ -176,7 +267,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) +@@ -176,7 +263,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) } case 2: { u16 tmp; @@ -11147,7 +11218,7 @@ index 1c66d30..59bd7d4 100644 ret, "w", "w", "=r", 2); if (likely(!ret)) __put_user_asm(tmp, (u16 __user *)dst, -@@ -186,7 +277,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) +@@ -186,7 +273,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) case 4: { u32 tmp; @@ -11156,7 +11227,7 @@ index 1c66d30..59bd7d4 100644 ret, "l", "k", "=r", 4); if (likely(!ret)) __put_user_asm(tmp, (u32 __user *)dst, -@@ -195,7 +286,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) +@@ -195,7 +282,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) } case 8: { u64 tmp; @@ -11165,7 +11236,7 @@ index 1c66d30..59bd7d4 100644 ret, "q", "", "=r", 8); if (likely(!ret)) __put_user_asm(tmp, (u64 __user *)dst, -@@ -203,8 +294,16 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) +@@ -203,8 +290,16 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) return ret; } default: @@ -11184,7 +11255,7 @@ index 1c66d30..59bd7d4 100644 } } -@@ -219,35 +318,74 @@ __must_check unsigned long clear_user(void __user *mem, unsigned long len); +@@ -219,35 +314,72 @@ __must_check unsigned long clear_user(void __user *mem, unsigned long len); __must_check unsigned long __clear_user(void __user *mem, unsigned long len); static __must_check __always_inline int @@ -11192,8 +11263,6 @@ index 1c66d30..59bd7d4 100644 +__copy_from_user_inatomic(void *dst, const void __user *src, unsigned long size) { - return copy_user_generic(dst, (__force const void *)src, size); -+ pax_track_stack(); -+ + if (size > INT_MAX) + return size; + @@ -11287,7 +11356,7 @@ index bb05228..d763d5b 100644 #endif diff --git a/arch/x86/include/asm/x86_init.h b/arch/x86/include/asm/x86_init.h -index d3d8590..d296b5f 100644 +index 1971e65..1e3559b 100644 --- a/arch/x86/include/asm/x86_init.h +++ b/arch/x86/include/asm/x86_init.h @@ -28,7 +28,7 @@ struct x86_init_mpparse { @@ -11389,16 +11458,16 @@ index d3d8590..d296b5f 100644 /** * struct x86_platform_ops - platform specific runtime functions -@@ -166,7 +166,7 @@ struct x86_platform_ops { - bool (*is_untracked_pat_range)(u64 start, u64 end); +@@ -169,7 +169,7 @@ struct x86_platform_ops { void (*nmi_init)(void); + unsigned char (*get_nmi_reason)(void); int (*i8042_detect)(void); -}; +} __no_const; struct pci_dev; -@@ -174,7 +174,7 @@ struct x86_msi_ops { +@@ -177,7 +177,7 @@ struct x86_msi_ops { int (*setup_msi_irqs)(struct pci_dev *dev, int nvec, int type); void (*teardown_msi_irq)(unsigned int irq); void (*teardown_msi_irqs)(struct pci_dev *dev); @@ -11514,7 +11583,7 @@ index 13ab720..95d5442 100644 bogus_magic: jmp bogus_magic diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c -index c638228..16dfa8d 100644 +index 1f84794..e23f862 100644 --- a/arch/x86/kernel/alternative.c +++ b/arch/x86/kernel/alternative.c @@ -276,6 +276,13 @@ void __init_or_module apply_alternatives(struct alt_instr *start, @@ -11651,7 +11720,7 @@ index c638228..16dfa8d 100644 } diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c -index 52fa563..5de9d9c 100644 +index f98d84c..e402a69 100644 --- a/arch/x86/kernel/apic/apic.c +++ b/arch/x86/kernel/apic/apic.c @@ -174,7 +174,7 @@ int first_system_vector = 0xfe; @@ -11663,7 +11732,7 @@ index 52fa563..5de9d9c 100644 int pic_mode; -@@ -1835,7 +1835,7 @@ void smp_error_interrupt(struct pt_regs *regs) +@@ -1853,7 +1853,7 @@ void smp_error_interrupt(struct pt_regs *regs) apic_write(APIC_ESR, 0); v1 = apic_read(APIC_ESR); ack_APIC_irq(); @@ -11672,20 +11741,11 @@ index 52fa563..5de9d9c 100644 apic_printk(APIC_DEBUG, KERN_DEBUG "APIC error on CPU%d: %02x(%02x)", smp_processor_id(), v0 , v1); -@@ -2209,6 +2209,8 @@ static int __cpuinit apic_cluster_num(void) - u16 *bios_cpu_apicid; - DECLARE_BITMAP(clustermap, NUM_APIC_CLUSTERS); - -+ pax_track_stack(); -+ - bios_cpu_apicid = early_per_cpu_ptr(x86_bios_cpu_apicid); - bitmap_zero(clustermap, NUM_APIC_CLUSTERS); - diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c -index 8eb863e..32e6934 100644 +index 6d939d7..0697fcc 100644 --- a/arch/x86/kernel/apic/io_apic.c +++ b/arch/x86/kernel/apic/io_apic.c -@@ -1028,7 +1028,7 @@ int IO_APIC_get_PCI_irq_vector(int bus, int slot, int pin, +@@ -1096,7 +1096,7 @@ int IO_APIC_get_PCI_irq_vector(int bus, int slot, int pin, } EXPORT_SYMBOL(IO_APIC_get_PCI_irq_vector); @@ -11694,7 +11754,7 @@ index 8eb863e..32e6934 100644 { /* Used to the online set of cpus does not change * during assign_irq_vector. -@@ -1036,7 +1036,7 @@ void lock_vector_lock(void) +@@ -1104,7 +1104,7 @@ void lock_vector_lock(void) raw_spin_lock(&vector_lock); } @@ -11703,16 +11763,16 @@ index 8eb863e..32e6934 100644 { raw_spin_unlock(&vector_lock); } -@@ -2405,7 +2405,7 @@ static void ack_apic_edge(struct irq_data *data) +@@ -2510,7 +2510,7 @@ static void ack_apic_edge(struct irq_data *data) ack_APIC_irq(); } -atomic_t irq_mis_count; +atomic_unchecked_t irq_mis_count; - /* - * IO-APIC versions below 0x20 don't support EOI register. -@@ -2513,7 +2513,7 @@ static void ack_apic_level(struct irq_data *data) + static void ack_apic_level(struct irq_data *data) + { +@@ -2576,7 +2576,7 @@ static void ack_apic_level(struct irq_data *data) * at the cpu. */ if (!(v & (1 << (i & 0x1f)))) { @@ -11722,10 +11782,10 @@ index 8eb863e..32e6934 100644 eoi_ioapic_irq(irq, cfg); } diff --git a/arch/x86/kernel/apm_32.c b/arch/x86/kernel/apm_32.c -index 0371c48..54cdf63 100644 +index a46bd38..6b906d7 100644 --- a/arch/x86/kernel/apm_32.c +++ b/arch/x86/kernel/apm_32.c -@@ -413,7 +413,7 @@ static DEFINE_MUTEX(apm_mutex); +@@ -411,7 +411,7 @@ static DEFINE_MUTEX(apm_mutex); * This is for buggy BIOS's that refer to (real mode) segment 0x40 * even though they are called in protected mode. */ @@ -11734,7 +11794,7 @@ index 0371c48..54cdf63 100644 (unsigned long)__va(0x400UL), PAGE_SIZE - 0x400 - 1); static const char driver_version[] = "1.16ac"; /* no spaces */ -@@ -591,7 +591,10 @@ static long __apm_bios_call(void *_call) +@@ -589,7 +589,10 @@ static long __apm_bios_call(void *_call) BUG_ON(cpu != 0); gdt = get_cpu_gdt_table(cpu); save_desc_40 = gdt[0x40 / 8]; @@ -11745,7 +11805,7 @@ index 0371c48..54cdf63 100644 apm_irq_save(flags); APM_DO_SAVE_SEGS; -@@ -600,7 +603,11 @@ static long __apm_bios_call(void *_call) +@@ -598,7 +601,11 @@ static long __apm_bios_call(void *_call) &call->esi); APM_DO_RESTORE_SEGS; apm_irq_restore(flags); @@ -11757,7 +11817,7 @@ index 0371c48..54cdf63 100644 put_cpu(); return call->eax & 0xff; -@@ -667,7 +674,10 @@ static long __apm_bios_call_simple(void *_call) +@@ -665,7 +672,10 @@ static long __apm_bios_call_simple(void *_call) BUG_ON(cpu != 0); gdt = get_cpu_gdt_table(cpu); save_desc_40 = gdt[0x40 / 8]; @@ -11768,7 +11828,7 @@ index 0371c48..54cdf63 100644 apm_irq_save(flags); APM_DO_SAVE_SEGS; -@@ -675,7 +685,11 @@ static long __apm_bios_call_simple(void *_call) +@@ -673,7 +683,11 @@ static long __apm_bios_call_simple(void *_call) &call->eax); APM_DO_RESTORE_SEGS; apm_irq_restore(flags); @@ -11780,7 +11840,7 @@ index 0371c48..54cdf63 100644 put_cpu(); return error; } -@@ -2349,12 +2363,15 @@ static int __init apm_init(void) +@@ -2347,12 +2361,15 @@ static int __init apm_init(void) * code to that CPU. */ gdt = get_cpu_gdt_table(0); @@ -11849,7 +11909,7 @@ index e72a119..6e2955d 100644 BLANK(); diff --git a/arch/x86/kernel/cpu/Makefile b/arch/x86/kernel/cpu/Makefile -index 6042981..e638266 100644 +index 25f24dc..4094a7f 100644 --- a/arch/x86/kernel/cpu/Makefile +++ b/arch/x86/kernel/cpu/Makefile @@ -8,10 +8,6 @@ CFLAGS_REMOVE_common.o = -pg @@ -11864,10 +11924,10 @@ index 6042981..e638266 100644 obj-y += proc.o capflags.o powerflags.o common.o obj-y += vmware.o hypervisor.o sched.o mshyperv.o diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c -index b13ed39..603286c 100644 +index 0bab2b1..d0a1bf8 100644 --- a/arch/x86/kernel/cpu/amd.c +++ b/arch/x86/kernel/cpu/amd.c -@@ -647,7 +647,7 @@ static unsigned int __cpuinit amd_size_cache(struct cpuinfo_x86 *c, +@@ -664,7 +664,7 @@ static unsigned int __cpuinit amd_size_cache(struct cpuinfo_x86 *c, unsigned int size) { /* AMD errata T13 (order #21922) */ @@ -11877,10 +11937,10 @@ index b13ed39..603286c 100644 if (c->x86_model == 3 && c->x86_mask == 0) size = 64; diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c -index 6218439..ab2e4ab 100644 +index aa003b1..47ea638 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c -@@ -83,60 +83,6 @@ static const struct cpu_dev __cpuinitconst default_cpu = { +@@ -84,60 +84,6 @@ static const struct cpu_dev __cpuinitconst default_cpu = { static const struct cpu_dev *this_cpu __cpuinitdata = &default_cpu; @@ -11941,7 +12001,7 @@ index 6218439..ab2e4ab 100644 static int __init x86_xsave_setup(char *s) { setup_clear_cpu_cap(X86_FEATURE_XSAVE); -@@ -371,7 +317,7 @@ void switch_to_new_gdt(int cpu) +@@ -372,7 +318,7 @@ void switch_to_new_gdt(int cpu) { struct desc_ptr gdt_descr; @@ -11950,7 +12010,7 @@ index 6218439..ab2e4ab 100644 gdt_descr.size = GDT_SIZE - 1; load_gdt(&gdt_descr); /* Reload the per-cpu base */ -@@ -840,6 +786,10 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c) +@@ -844,6 +790,10 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c) /* Filter out anything that depends on CPUID levels we don't have */ filter_cpuid_features(c, true); @@ -11961,7 +12021,7 @@ index 6218439..ab2e4ab 100644 /* If the model name is still unset, do table lookup. */ if (!c->x86_model_id[0]) { const char *p; -@@ -1019,6 +969,9 @@ static __init int setup_disablecpuid(char *arg) +@@ -1024,6 +974,9 @@ static __init int setup_disablecpuid(char *arg) } __setup("clearcpuid=", setup_disablecpuid); @@ -11971,7 +12031,7 @@ index 6218439..ab2e4ab 100644 #ifdef CONFIG_X86_64 struct desc_ptr idt_descr = { NR_VECTORS * 16 - 1, (unsigned long) idt_table }; -@@ -1034,7 +987,7 @@ DEFINE_PER_CPU(struct task_struct *, current_task) ____cacheline_aligned = +@@ -1039,7 +992,7 @@ DEFINE_PER_CPU(struct task_struct *, current_task) ____cacheline_aligned = EXPORT_PER_CPU_SYMBOL(current_task); DEFINE_PER_CPU(unsigned long, kernel_stack) = @@ -11980,7 +12040,7 @@ index 6218439..ab2e4ab 100644 EXPORT_PER_CPU_SYMBOL(kernel_stack); DEFINE_PER_CPU(char *, irq_stack_ptr) = -@@ -1099,7 +1052,7 @@ struct pt_regs * __cpuinit idle_regs(struct pt_regs *regs) +@@ -1104,7 +1057,7 @@ struct pt_regs * __cpuinit idle_regs(struct pt_regs *regs) { memset(regs, 0, sizeof(struct pt_regs)); regs->fs = __KERNEL_PERCPU; @@ -11989,7 +12049,7 @@ index 6218439..ab2e4ab 100644 return regs; } -@@ -1154,7 +1107,7 @@ void __cpuinit cpu_init(void) +@@ -1159,7 +1112,7 @@ void __cpuinit cpu_init(void) int i; cpu = stack_smp_processor_id(); @@ -11998,7 +12058,7 @@ index 6218439..ab2e4ab 100644 oist = &per_cpu(orig_ist, cpu); #ifdef CONFIG_NUMA -@@ -1180,7 +1133,7 @@ void __cpuinit cpu_init(void) +@@ -1185,7 +1138,7 @@ void __cpuinit cpu_init(void) switch_to_new_gdt(cpu); loadsegment(fs, 0); @@ -12007,7 +12067,7 @@ index 6218439..ab2e4ab 100644 memset(me->thread.tls_array, 0, GDT_ENTRY_TLS_ENTRIES * 8); syscall_init(); -@@ -1189,7 +1142,6 @@ void __cpuinit cpu_init(void) +@@ -1194,7 +1147,6 @@ void __cpuinit cpu_init(void) wrmsrl(MSR_KERNEL_GS_BASE, 0); barrier(); @@ -12015,7 +12075,7 @@ index 6218439..ab2e4ab 100644 if (cpu != 0) enable_x2apic(); -@@ -1243,7 +1195,7 @@ void __cpuinit cpu_init(void) +@@ -1248,7 +1200,7 @@ void __cpuinit cpu_init(void) { int cpu = smp_processor_id(); struct task_struct *curr = current; @@ -12025,10 +12085,10 @@ index 6218439..ab2e4ab 100644 if (cpumask_test_and_set_cpu(cpu, cpu_initialized_mask)) { diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c -index ed6086e..a1dcf29 100644 +index 5231312..a78a987 100644 --- a/arch/x86/kernel/cpu/intel.c +++ b/arch/x86/kernel/cpu/intel.c -@@ -172,7 +172,7 @@ static void __cpuinit trap_init_f00f_bug(void) +@@ -174,7 +174,7 @@ static void __cpuinit trap_init_f00f_bug(void) * Update the IDT descriptor and reload the IDT so that * it uses the read-only mapped virtual address. */ @@ -12037,23 +12097,8 @@ index ed6086e..a1dcf29 100644 load_idt(&idt_descr); } #endif -diff --git a/arch/x86/kernel/cpu/mcheck/mce-inject.c b/arch/x86/kernel/cpu/mcheck/mce-inject.c -index 0ed633c..82cef2a 100644 ---- a/arch/x86/kernel/cpu/mcheck/mce-inject.c -+++ b/arch/x86/kernel/cpu/mcheck/mce-inject.c -@@ -215,7 +215,9 @@ static int inject_init(void) - if (!alloc_cpumask_var(&mce_inject_cpumask, GFP_KERNEL)) - return -ENOMEM; - printk(KERN_INFO "Machine check injector initialized\n"); -- mce_chrdev_ops.write = mce_write; -+ pax_open_kernel(); -+ *(void **)&mce_chrdev_ops.write = mce_write; -+ pax_close_kernel(); - register_die_notifier(&mce_raise_nb); - return 0; - } diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c -index 08363b0..ee26113 100644 +index 2af127d..8ff7ac0 100644 --- a/arch/x86/kernel/cpu/mcheck/mce.c +++ b/arch/x86/kernel/cpu/mcheck/mce.c @@ -42,6 +42,7 @@ @@ -12064,7 +12109,7 @@ index 08363b0..ee26113 100644 #include "mce-internal.h" -@@ -205,7 +206,7 @@ static void print_mce(struct mce *m) +@@ -202,7 +203,7 @@ static void print_mce(struct mce *m) !(m->mcgstatus & MCG_STATUS_EIPV) ? " !INEXACT!" : "", m->cs, m->ip); @@ -12073,7 +12118,7 @@ index 08363b0..ee26113 100644 print_symbol("{%s}", m->ip); pr_cont("\n"); } -@@ -233,10 +234,10 @@ static void print_mce(struct mce *m) +@@ -235,10 +236,10 @@ static void print_mce(struct mce *m) #define PANIC_TIMEOUT 5 /* 5 seconds */ @@ -12086,7 +12131,7 @@ index 08363b0..ee26113 100644 /* Panic in progress. Enable interrupts and wait for final IPI */ static void wait_for_panic(void) -@@ -260,7 +261,7 @@ static void mce_panic(char *msg, struct mce *final, char *exp) +@@ -262,7 +263,7 @@ static void mce_panic(char *msg, struct mce *final, char *exp) /* * Make sure only one CPU runs in machine check panic */ @@ -12095,7 +12140,7 @@ index 08363b0..ee26113 100644 wait_for_panic(); barrier(); -@@ -268,7 +269,7 @@ static void mce_panic(char *msg, struct mce *final, char *exp) +@@ -270,7 +271,7 @@ static void mce_panic(char *msg, struct mce *final, char *exp) console_verbose(); } else { /* Don't log too much for fake panic */ @@ -12113,7 +12158,7 @@ index 08363b0..ee26113 100644 wait_for_panic(); if (!monarch_timeout) goto out; -@@ -1392,7 +1393,7 @@ static void unexpected_machine_check(struct pt_regs *regs, long error_code) +@@ -1398,7 +1399,7 @@ static void unexpected_machine_check(struct pt_regs *regs, long error_code) } /* Call the installed machine check handler for this CPU setup. */ @@ -12122,7 +12167,7 @@ index 08363b0..ee26113 100644 unexpected_machine_check; /* -@@ -1415,7 +1416,9 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c) +@@ -1421,7 +1422,9 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c) return; } @@ -12132,7 +12177,7 @@ index 08363b0..ee26113 100644 __mcheck_cpu_init_generic(); __mcheck_cpu_init_vendor(c); -@@ -1429,7 +1432,7 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c) +@@ -1435,7 +1438,7 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c) */ static DEFINE_SPINLOCK(mce_chrdev_state_lock); @@ -12141,7 +12186,7 @@ index 08363b0..ee26113 100644 static int mce_chrdev_open_exclu; /* already open exclusive? */ static int mce_chrdev_open(struct inode *inode, struct file *file) -@@ -1437,7 +1440,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file) +@@ -1443,7 +1446,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file) spin_lock(&mce_chrdev_state_lock); if (mce_chrdev_open_exclu || @@ -12150,7 +12195,7 @@ index 08363b0..ee26113 100644 spin_unlock(&mce_chrdev_state_lock); return -EBUSY; -@@ -1445,7 +1448,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file) +@@ -1451,7 +1454,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file) if (file->f_flags & O_EXCL) mce_chrdev_open_exclu = 1; @@ -12159,7 +12204,7 @@ index 08363b0..ee26113 100644 spin_unlock(&mce_chrdev_state_lock); -@@ -1456,7 +1459,7 @@ static int mce_chrdev_release(struct inode *inode, struct file *file) +@@ -1462,7 +1465,7 @@ static int mce_chrdev_release(struct inode *inode, struct file *file) { spin_lock(&mce_chrdev_state_lock); @@ -12168,7 +12213,7 @@ index 08363b0..ee26113 100644 mce_chrdev_open_exclu = 0; spin_unlock(&mce_chrdev_state_lock); -@@ -2147,7 +2150,7 @@ struct dentry *mce_get_debugfs_dir(void) +@@ -2171,7 +2174,7 @@ struct dentry *mce_get_debugfs_dir(void) static void mce_reset(void) { cpu_missing = 0; @@ -12232,19 +12277,10 @@ index df5e41f..816c719 100644 extern int generic_get_free_region(unsigned long base, unsigned long size, int replace_reg); diff --git a/arch/x86/kernel/cpu/perf_event.c b/arch/x86/kernel/cpu/perf_event.c -index cfa62ec..9250dd7 100644 +index 2bda212..78cc605 100644 --- a/arch/x86/kernel/cpu/perf_event.c +++ b/arch/x86/kernel/cpu/perf_event.c -@@ -795,6 +795,8 @@ static int x86_schedule_events(struct cpu_hw_events *cpuc, int n, int *assign) - int i, j, w, wmax, num = 0; - struct hw_perf_event *hwc; - -+ pax_track_stack(); -+ - bitmap_zero(used_mask, X86_PMC_IDX_MAX); - - for (i = 0; i < n; i++) { -@@ -1919,7 +1921,7 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs) +@@ -1529,7 +1529,7 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs) break; perf_callchain_store(entry, frame.return_address); @@ -12254,13 +12290,16 @@ index cfa62ec..9250dd7 100644 } diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c -index 764c7c2..c5d9c7b 100644 +index 13ad899..f642b9a 100644 --- a/arch/x86/kernel/crash.c +++ b/arch/x86/kernel/crash.c -@@ -42,7 +42,7 @@ static void kdump_nmi_callback(int cpu, struct die_args *args) - regs = args->regs; - +@@ -36,10 +36,8 @@ static void kdump_nmi_callback(int cpu, struct pt_regs *regs) + { #ifdef CONFIG_X86_32 + struct pt_regs fixed_regs; +-#endif + +-#ifdef CONFIG_X86_32 - if (!user_mode_vm(regs)) { + if (!user_mode(regs)) { crash_fixup_ss_esp(&fixed_regs, regs); @@ -12449,7 +12488,7 @@ index 1aae78f..aab3a3d 100644 if (__die(str, regs, err)) diff --git a/arch/x86/kernel/dumpstack_32.c b/arch/x86/kernel/dumpstack_32.c -index 3b97a80..667ce7a 100644 +index c99f9ed..2a15d80 100644 --- a/arch/x86/kernel/dumpstack_32.c +++ b/arch/x86/kernel/dumpstack_32.c @@ -38,15 +38,13 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs, @@ -12499,14 +12538,14 @@ index 3b97a80..667ce7a 100644 } for (i = 0; i < code_len; i++, ip++) { @@ -119,7 +118,7 @@ void show_registers(struct pt_regs *regs) - printk(" Bad EIP value."); + printk(KERN_CONT " Bad EIP value."); break; } - if (ip == (u8 *)regs->ip) + if (ip == (u8 *)regs->ip + cs_base) - printk("<%02x> ", c); + printk(KERN_CONT "<%02x> ", c); else - printk("%02x ", c); + printk(KERN_CONT "%02x ", c); @@ -132,6 +131,7 @@ int is_valid_bugaddr(unsigned long ip) { unsigned short ud2; @@ -12532,7 +12571,7 @@ index 3b97a80..667ce7a 100644 +EXPORT_SYMBOL(pax_check_alloca); +#endif diff --git a/arch/x86/kernel/dumpstack_64.c b/arch/x86/kernel/dumpstack_64.c -index 19853ad..508ca79 100644 +index 6d728d9..279514e 100644 --- a/arch/x86/kernel/dumpstack_64.c +++ b/arch/x86/kernel/dumpstack_64.c @@ -119,9 +119,9 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs, @@ -12638,7 +12677,7 @@ index 19853ad..508ca79 100644 +EXPORT_SYMBOL(pax_check_alloca); +#endif diff --git a/arch/x86/kernel/early_printk.c b/arch/x86/kernel/early_printk.c -index cd28a35..2601699 100644 +index cd28a35..c72ed9a 100644 --- a/arch/x86/kernel/early_printk.c +++ b/arch/x86/kernel/early_printk.c @@ -7,6 +7,7 @@ @@ -12649,15 +12688,6 @@ index cd28a35..2601699 100644 #include <asm/io.h> #include <asm/processor.h> #include <asm/fcntl.h> -@@ -179,6 +180,8 @@ asmlinkage void early_printk(const char *fmt, ...) - int n; - va_list ap; - -+ pax_track_stack(); -+ - va_start(ap, fmt); - n = vscnprintf(buf, sizeof(buf), fmt, ap); - early_console->write(early_console, buf, n); diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S index f3f6f53..0841b66 100644 --- a/arch/x86/kernel/entry_32.S @@ -13440,7 +13470,7 @@ index f3f6f53..0841b66 100644 /* diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S -index 6419bb0..bb59ca4 100644 +index faf8d5e..f58c441 100644 --- a/arch/x86/kernel/entry_64.S +++ b/arch/x86/kernel/entry_64.S @@ -55,6 +55,8 @@ @@ -13819,7 +13849,7 @@ index 6419bb0..bb59ca4 100644 je 1f SWAPGS /* -@@ -350,9 +634,10 @@ ENTRY(save_rest) +@@ -355,9 +639,10 @@ ENTRY(save_rest) movq_cfi r15, R15+16 movq %r11, 8(%rsp) /* return address */ FIXUP_TOP_OF_STACK %r11, 16 @@ -13831,7 +13861,7 @@ index 6419bb0..bb59ca4 100644 /* save complete stack frame */ .pushsection .kprobes.text, "ax" -@@ -381,9 +666,10 @@ ENTRY(save_paranoid) +@@ -386,9 +671,10 @@ ENTRY(save_paranoid) js 1f /* negative -> in kernel */ SWAPGS xorl %ebx,%ebx @@ -13844,7 +13874,7 @@ index 6419bb0..bb59ca4 100644 .popsection /* -@@ -405,7 +691,7 @@ ENTRY(ret_from_fork) +@@ -410,7 +696,7 @@ ENTRY(ret_from_fork) RESTORE_REST @@ -13853,7 +13883,7 @@ index 6419bb0..bb59ca4 100644 je int_ret_from_sys_call testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET -@@ -415,7 +701,7 @@ ENTRY(ret_from_fork) +@@ -420,7 +706,7 @@ ENTRY(ret_from_fork) jmp ret_from_sys_call # go to the SYSRET fastpath CFI_ENDPROC @@ -13862,7 +13892,7 @@ index 6419bb0..bb59ca4 100644 /* * System call entry. Up to 6 arguments in registers are supported. -@@ -451,7 +737,7 @@ END(ret_from_fork) +@@ -456,7 +742,7 @@ END(ret_from_fork) ENTRY(system_call) CFI_STARTPROC simple CFI_SIGNAL_FRAME @@ -13871,7 +13901,7 @@ index 6419bb0..bb59ca4 100644 CFI_REGISTER rip,rcx /*CFI_REGISTER rflags,r11*/ SWAPGS_UNSAFE_STACK -@@ -464,12 +750,13 @@ ENTRY(system_call_after_swapgs) +@@ -469,12 +755,13 @@ ENTRY(system_call_after_swapgs) movq %rsp,PER_CPU_VAR(old_rsp) movq PER_CPU_VAR(kernel_stack),%rsp @@ -13886,7 +13916,7 @@ index 6419bb0..bb59ca4 100644 movq %rax,ORIG_RAX-ARGOFFSET(%rsp) movq %rcx,RIP-ARGOFFSET(%rsp) CFI_REL_OFFSET rip,RIP-ARGOFFSET -@@ -479,7 +766,7 @@ ENTRY(system_call_after_swapgs) +@@ -484,7 +771,7 @@ ENTRY(system_call_after_swapgs) system_call_fastpath: cmpq $__NR_syscall_max,%rax ja badsys @@ -13895,7 +13925,7 @@ index 6419bb0..bb59ca4 100644 call *sys_call_table(,%rax,8) # XXX: rip relative movq %rax,RAX-ARGOFFSET(%rsp) /* -@@ -498,6 +785,8 @@ sysret_check: +@@ -503,6 +790,8 @@ sysret_check: andl %edi,%edx jnz sysret_careful CFI_REMEMBER_STATE @@ -13904,7 +13934,7 @@ index 6419bb0..bb59ca4 100644 /* * sysretq will re-enable interrupts: */ -@@ -549,14 +838,18 @@ badsys: +@@ -554,14 +843,18 @@ badsys: * jump back to the normal fast path. */ auditsys: @@ -13924,7 +13954,7 @@ index 6419bb0..bb59ca4 100644 jmp system_call_fastpath /* -@@ -586,16 +879,20 @@ tracesys: +@@ -591,16 +884,20 @@ tracesys: FIXUP_TOP_OF_STACK %rdi movq %rsp,%rdi call syscall_trace_enter @@ -13946,7 +13976,7 @@ index 6419bb0..bb59ca4 100644 call *sys_call_table(,%rax,8) movq %rax,RAX-ARGOFFSET(%rsp) /* Use IRET because user could have changed frame */ -@@ -607,7 +904,7 @@ tracesys: +@@ -612,7 +909,7 @@ tracesys: GLOBAL(int_ret_from_sys_call) DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF @@ -13955,7 +13985,7 @@ index 6419bb0..bb59ca4 100644 je retint_restore_args movl $_TIF_ALLWORK_MASK,%edi /* edi: mask to check */ -@@ -664,7 +961,7 @@ int_restore_rest: +@@ -669,7 +966,7 @@ int_restore_rest: TRACE_IRQS_OFF jmp int_with_check CFI_ENDPROC @@ -13964,7 +13994,7 @@ index 6419bb0..bb59ca4 100644 /* * Certain special system calls that need to save a complete full stack frame. -@@ -680,7 +977,7 @@ ENTRY(\label) +@@ -685,7 +982,7 @@ ENTRY(\label) call \func jmp ptregscall_common CFI_ENDPROC @@ -13973,7 +14003,7 @@ index 6419bb0..bb59ca4 100644 .endm PTREGSCALL stub_clone, sys_clone, %r8 -@@ -698,9 +995,10 @@ ENTRY(ptregscall_common) +@@ -703,9 +1000,10 @@ ENTRY(ptregscall_common) movq_cfi_restore R12+8, r12 movq_cfi_restore RBP+8, rbp movq_cfi_restore RBX+8, rbx @@ -13985,7 +14015,7 @@ index 6419bb0..bb59ca4 100644 ENTRY(stub_execve) CFI_STARTPROC -@@ -715,7 +1013,7 @@ ENTRY(stub_execve) +@@ -720,7 +1018,7 @@ ENTRY(stub_execve) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -13994,7 +14024,7 @@ index 6419bb0..bb59ca4 100644 /* * sigreturn is special because it needs to restore all registers on return. -@@ -733,7 +1031,7 @@ ENTRY(stub_rt_sigreturn) +@@ -738,7 +1036,7 @@ ENTRY(stub_rt_sigreturn) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -14003,7 +14033,7 @@ index 6419bb0..bb59ca4 100644 /* * Build the entry stubs and pointer table with some assembler magic. -@@ -768,7 +1066,7 @@ vector=vector+1 +@@ -773,7 +1071,7 @@ vector=vector+1 2: jmp common_interrupt .endr CFI_ENDPROC @@ -14012,10 +14042,10 @@ index 6419bb0..bb59ca4 100644 .previous END(interrupt) -@@ -789,6 +1087,16 @@ END(interrupt) +@@ -793,6 +1091,16 @@ END(interrupt) + subq $ORIG_RAX-RBP, %rsp CFI_ADJUST_CFA_OFFSET ORIG_RAX-RBP SAVE_ARGS_IRQ - PARTIAL_FRAME 0 +#ifdef CONFIG_PAX_MEMORY_UDEREF + testb $3, CS(%rdi) + jnz 1f @@ -14029,7 +14059,7 @@ index 6419bb0..bb59ca4 100644 call \func .endm -@@ -820,7 +1128,7 @@ ret_from_intr: +@@ -824,7 +1132,7 @@ ret_from_intr: exit_intr: GET_THREAD_INFO(%rcx) @@ -14038,7 +14068,7 @@ index 6419bb0..bb59ca4 100644 je retint_kernel /* Interrupt came from user space */ -@@ -842,12 +1150,16 @@ retint_swapgs: /* return to user-space */ +@@ -846,12 +1154,16 @@ retint_swapgs: /* return to user-space */ * The iretq could re-enable interrupts: */ DISABLE_INTERRUPTS(CLBR_ANY) @@ -14055,7 +14085,7 @@ index 6419bb0..bb59ca4 100644 /* * The iretq could re-enable interrupts: */ -@@ -936,7 +1248,7 @@ ENTRY(retint_kernel) +@@ -940,7 +1252,7 @@ ENTRY(retint_kernel) #endif CFI_ENDPROC @@ -14064,7 +14094,7 @@ index 6419bb0..bb59ca4 100644 /* * End of kprobes section */ -@@ -952,7 +1264,7 @@ ENTRY(\sym) +@@ -956,7 +1268,7 @@ ENTRY(\sym) interrupt \do_sym jmp ret_from_intr CFI_ENDPROC @@ -14073,7 +14103,7 @@ index 6419bb0..bb59ca4 100644 .endm #ifdef CONFIG_SMP -@@ -1017,12 +1329,22 @@ ENTRY(\sym) +@@ -1021,12 +1333,22 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call error_entry DEFAULT_FRAME 0 @@ -14097,7 +14127,7 @@ index 6419bb0..bb59ca4 100644 .endm .macro paranoidzeroentry sym do_sym -@@ -1034,15 +1356,25 @@ ENTRY(\sym) +@@ -1038,15 +1360,25 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid TRACE_IRQS_OFF @@ -14125,7 +14155,7 @@ index 6419bb0..bb59ca4 100644 .macro paranoidzeroentry_ist sym do_sym ist ENTRY(\sym) INTR_FRAME -@@ -1052,14 +1384,30 @@ ENTRY(\sym) +@@ -1056,14 +1388,30 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid TRACE_IRQS_OFF @@ -14157,7 +14187,7 @@ index 6419bb0..bb59ca4 100644 .endm .macro errorentry sym do_sym -@@ -1070,13 +1418,23 @@ ENTRY(\sym) +@@ -1074,13 +1422,23 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call error_entry DEFAULT_FRAME 0 @@ -14182,7 +14212,7 @@ index 6419bb0..bb59ca4 100644 .endm /* error code is on the stack already */ -@@ -1089,13 +1447,23 @@ ENTRY(\sym) +@@ -1093,13 +1451,23 @@ ENTRY(\sym) call save_paranoid DEFAULT_FRAME 0 TRACE_IRQS_OFF @@ -14207,7 +14237,7 @@ index 6419bb0..bb59ca4 100644 .endm zeroentry divide_error do_divide_error -@@ -1125,9 +1493,10 @@ gs_change: +@@ -1129,9 +1497,10 @@ gs_change: 2: mfence /* workaround */ SWAPGS popfq_cfi @@ -14219,7 +14249,7 @@ index 6419bb0..bb59ca4 100644 .section __ex_table,"a" .align 8 -@@ -1149,13 +1518,14 @@ ENTRY(kernel_thread_helper) +@@ -1153,13 +1522,14 @@ ENTRY(kernel_thread_helper) * Here we are in the child and the registers are set as they were * at kernel_thread() invocation in the parent. */ @@ -14235,7 +14265,7 @@ index 6419bb0..bb59ca4 100644 /* * execve(). This function needs to use IRET, not SYSRET, to set up all state properly. -@@ -1182,11 +1552,11 @@ ENTRY(kernel_execve) +@@ -1186,11 +1556,11 @@ ENTRY(kernel_execve) RESTORE_REST testq %rax,%rax je int_ret_from_sys_call @@ -14249,7 +14279,7 @@ index 6419bb0..bb59ca4 100644 /* Call softirq on interrupt stack. Interrupts are off. */ ENTRY(call_softirq) -@@ -1204,9 +1574,10 @@ ENTRY(call_softirq) +@@ -1208,9 +1578,10 @@ ENTRY(call_softirq) CFI_DEF_CFA_REGISTER rsp CFI_ADJUST_CFA_OFFSET -8 decl PER_CPU_VAR(irq_count) @@ -14261,7 +14291,7 @@ index 6419bb0..bb59ca4 100644 #ifdef CONFIG_XEN zeroentry xen_hypervisor_callback xen_do_hypervisor_callback -@@ -1244,7 +1615,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) +@@ -1248,7 +1619,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) decl PER_CPU_VAR(irq_count) jmp error_exit CFI_ENDPROC @@ -14270,7 +14300,7 @@ index 6419bb0..bb59ca4 100644 /* * Hypervisor uses this for application faults while it executes. -@@ -1303,7 +1674,7 @@ ENTRY(xen_failsafe_callback) +@@ -1307,7 +1678,7 @@ ENTRY(xen_failsafe_callback) SAVE_ALL jmp error_exit CFI_ENDPROC @@ -14279,7 +14309,7 @@ index 6419bb0..bb59ca4 100644 apicinterrupt XEN_HVM_EVTCHN_CALLBACK \ xen_hvm_callback_vector xen_evtchn_do_upcall -@@ -1352,16 +1723,31 @@ ENTRY(paranoid_exit) +@@ -1356,16 +1727,31 @@ ENTRY(paranoid_exit) TRACE_IRQS_OFF testl %ebx,%ebx /* swapgs needed? */ jnz paranoid_restore @@ -14312,7 +14342,7 @@ index 6419bb0..bb59ca4 100644 jmp irq_return paranoid_userspace: GET_THREAD_INFO(%rcx) -@@ -1390,7 +1776,7 @@ paranoid_schedule: +@@ -1394,7 +1780,7 @@ paranoid_schedule: TRACE_IRQS_OFF jmp paranoid_userspace CFI_ENDPROC @@ -14321,7 +14351,7 @@ index 6419bb0..bb59ca4 100644 /* * Exception entry point. This expects an error code/orig_rax on the stack. -@@ -1417,12 +1803,13 @@ ENTRY(error_entry) +@@ -1421,12 +1807,13 @@ ENTRY(error_entry) movq_cfi r14, R14+8 movq_cfi r15, R15+8 xorl %ebx,%ebx @@ -14336,7 +14366,7 @@ index 6419bb0..bb59ca4 100644 ret /* -@@ -1449,7 +1836,7 @@ bstep_iret: +@@ -1453,7 +1840,7 @@ bstep_iret: movq %rcx,RIP+8(%rsp) jmp error_swapgs CFI_ENDPROC @@ -14345,7 +14375,7 @@ index 6419bb0..bb59ca4 100644 /* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */ -@@ -1469,7 +1856,7 @@ ENTRY(error_exit) +@@ -1473,7 +1860,7 @@ ENTRY(error_exit) jnz retint_careful jmp retint_swapgs CFI_ENDPROC @@ -14354,7 +14384,7 @@ index 6419bb0..bb59ca4 100644 /* runs on exception stack */ -@@ -1481,6 +1868,16 @@ ENTRY(nmi) +@@ -1485,6 +1872,16 @@ ENTRY(nmi) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid DEFAULT_FRAME 0 @@ -14371,7 +14401,7 @@ index 6419bb0..bb59ca4 100644 /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ movq %rsp,%rdi movq $-1,%rsi -@@ -1491,12 +1888,28 @@ ENTRY(nmi) +@@ -1495,12 +1892,28 @@ ENTRY(nmi) DISABLE_INTERRUPTS(CLBR_NONE) testl %ebx,%ebx /* swapgs needed? */ jnz nmi_restore @@ -14401,7 +14431,7 @@ index 6419bb0..bb59ca4 100644 jmp irq_return nmi_userspace: GET_THREAD_INFO(%rcx) -@@ -1525,14 +1938,14 @@ nmi_schedule: +@@ -1529,14 +1942,14 @@ nmi_schedule: jmp paranoid_exit CFI_ENDPROC #endif @@ -15339,10 +15369,10 @@ index 8c96897..be66bfa 100644 return -EPERM; } diff --git a/arch/x86/kernel/irq.c b/arch/x86/kernel/irq.c -index 6c0802e..bea25ae 100644 +index 429e0c9..17b3ece 100644 --- a/arch/x86/kernel/irq.c +++ b/arch/x86/kernel/irq.c -@@ -17,7 +17,7 @@ +@@ -18,7 +18,7 @@ #include <asm/mce.h> #include <asm/hw_irq.h> @@ -15351,7 +15381,7 @@ index 6c0802e..bea25ae 100644 /* Function pointer for generic interrupt vector handling */ void (*x86_platform_ipi_callback)(void) = NULL; -@@ -116,9 +116,9 @@ int arch_show_interrupts(struct seq_file *p, int prec) +@@ -117,9 +117,9 @@ int arch_show_interrupts(struct seq_file *p, int prec) seq_printf(p, "%10u ", per_cpu(mce_poll_count, j)); seq_printf(p, " Machine check polls\n"); #endif @@ -15363,7 +15393,7 @@ index 6c0802e..bea25ae 100644 #endif return 0; } -@@ -158,10 +158,10 @@ u64 arch_irq_stat_cpu(unsigned int cpu) +@@ -159,10 +159,10 @@ u64 arch_irq_stat_cpu(unsigned int cpu) u64 arch_irq_stat(void) { @@ -15519,8 +15549,21 @@ index 7209070..cbcd71a 100644 /* * Shouldn't happen, we returned above if in_interrupt(): */ +diff --git a/arch/x86/kernel/irq_64.c b/arch/x86/kernel/irq_64.c +index 69bca46..0bac999 100644 +--- a/arch/x86/kernel/irq_64.c ++++ b/arch/x86/kernel/irq_64.c +@@ -38,7 +38,7 @@ static inline void stack_overflow_check(struct pt_regs *regs) + #ifdef CONFIG_DEBUG_STACKOVERFLOW + u64 curbase = (u64)task_stack_page(current); + +- if (user_mode_vm(regs)) ++ if (user_mode(regs)) + return; + + WARN_ONCE(regs->sp >= curbase && diff --git a/arch/x86/kernel/kgdb.c b/arch/x86/kernel/kgdb.c -index 00354d4..187ae44 100644 +index faba577..93b9e71 100644 --- a/arch/x86/kernel/kgdb.c +++ b/arch/x86/kernel/kgdb.c @@ -124,11 +124,11 @@ char *dbg_get_reg(int regno, void *mem, struct pt_regs *regs) @@ -15552,9 +15595,9 @@ index 00354d4..187ae44 100644 raw_smp_processor_id()); } -@@ -534,7 +534,7 @@ static int __kgdb_notify(struct die_args *args, unsigned long cmd) - return NOTIFY_DONE; +@@ -543,7 +543,7 @@ static int __kgdb_notify(struct die_args *args, unsigned long cmd) + switch (cmd) { case DIE_DEBUG: - if (atomic_read(&kgdb_cpu_doing_single_step) != -1) { + if (atomic_read_unchecked(&kgdb_cpu_doing_single_step) != -1) { @@ -15562,10 +15605,10 @@ index 00354d4..187ae44 100644 return single_step_cont(regs, args); break; diff --git a/arch/x86/kernel/kprobes.c b/arch/x86/kernel/kprobes.c -index 794bc95..c6e29e9 100644 +index 7da647d..5d3c4c1 100644 --- a/arch/x86/kernel/kprobes.c +++ b/arch/x86/kernel/kprobes.c -@@ -117,8 +117,11 @@ static void __kprobes __synthesize_relative_insn(void *from, void *to, u8 op) +@@ -118,8 +118,11 @@ static void __kprobes __synthesize_relative_insn(void *from, void *to, u8 op) } __attribute__((packed)) *insn; insn = (struct __arch_relative_insn *)from; @@ -15577,7 +15620,7 @@ index 794bc95..c6e29e9 100644 } /* Insert a jump instruction at address 'from', which jumps to address 'to'.*/ -@@ -155,7 +158,7 @@ static int __kprobes can_boost(kprobe_opcode_t *opcodes) +@@ -156,7 +159,7 @@ static int __kprobes can_boost(kprobe_opcode_t *opcodes) kprobe_opcode_t opcode; kprobe_opcode_t *orig_opcodes = opcodes; @@ -15586,7 +15629,7 @@ index 794bc95..c6e29e9 100644 return 0; /* Page fault may occur on this address. */ retry: -@@ -316,7 +319,9 @@ static int __kprobes __copy_instruction(u8 *dest, u8 *src, int recover) +@@ -317,7 +320,9 @@ static int __kprobes __copy_instruction(u8 *dest, u8 *src, int recover) } } insn_get_length(&insn); @@ -15596,7 +15639,7 @@ index 794bc95..c6e29e9 100644 #ifdef CONFIG_X86_64 if (insn_rip_relative(&insn)) { -@@ -340,7 +345,9 @@ static int __kprobes __copy_instruction(u8 *dest, u8 *src, int recover) +@@ -341,7 +346,9 @@ static int __kprobes __copy_instruction(u8 *dest, u8 *src, int recover) (u8 *) dest; BUG_ON((s64) (s32) newdisp != newdisp); /* Sanity check. */ disp = (u8 *) dest + insn_offset_displacement(&insn); @@ -15606,7 +15649,7 @@ index 794bc95..c6e29e9 100644 } #endif return insn.length; -@@ -354,12 +361,12 @@ static void __kprobes arch_copy_kprobe(struct kprobe *p) +@@ -355,12 +362,12 @@ static void __kprobes arch_copy_kprobe(struct kprobe *p) */ __copy_instruction(p->ainsn.insn, p->addr, 0); @@ -15621,7 +15664,7 @@ index 794bc95..c6e29e9 100644 } int __kprobes arch_prepare_kprobe(struct kprobe *p) -@@ -476,7 +483,7 @@ static void __kprobes setup_singlestep(struct kprobe *p, struct pt_regs *regs, +@@ -477,7 +484,7 @@ static void __kprobes setup_singlestep(struct kprobe *p, struct pt_regs *regs, * nor set current_kprobe, because it doesn't use single * stepping. */ @@ -15630,7 +15673,7 @@ index 794bc95..c6e29e9 100644 preempt_enable_no_resched(); return; } -@@ -495,7 +502,7 @@ static void __kprobes setup_singlestep(struct kprobe *p, struct pt_regs *regs, +@@ -496,7 +503,7 @@ static void __kprobes setup_singlestep(struct kprobe *p, struct pt_regs *regs, if (p->opcode == BREAKPOINT_INSTRUCTION) regs->ip = (unsigned long)p->addr; else @@ -15639,7 +15682,7 @@ index 794bc95..c6e29e9 100644 } /* -@@ -574,7 +581,7 @@ static int __kprobes kprobe_handler(struct pt_regs *regs) +@@ -575,7 +582,7 @@ static int __kprobes kprobe_handler(struct pt_regs *regs) setup_singlestep(p, regs, kcb, 0); return 1; } @@ -15648,7 +15691,7 @@ index 794bc95..c6e29e9 100644 /* * The breakpoint instruction was removed right * after we hit it. Another cpu has removed -@@ -682,6 +689,9 @@ static void __used __kprobes kretprobe_trampoline_holder(void) +@@ -683,6 +690,9 @@ static void __used __kprobes kretprobe_trampoline_holder(void) " movq %rax, 152(%rsp)\n" RESTORE_REGS_STRING " popfq\n" @@ -15658,7 +15701,7 @@ index 794bc95..c6e29e9 100644 #else " pushf\n" SAVE_REGS_STRING -@@ -819,7 +829,7 @@ static void __kprobes resume_execution(struct kprobe *p, +@@ -820,7 +830,7 @@ static void __kprobes resume_execution(struct kprobe *p, struct pt_regs *regs, struct kprobe_ctlblk *kcb) { unsigned long *tos = stack_addr(regs); @@ -15667,7 +15710,7 @@ index 794bc95..c6e29e9 100644 unsigned long orig_ip = (unsigned long)p->addr; kprobe_opcode_t *insn = p->ainsn.insn; -@@ -1001,7 +1011,7 @@ int __kprobes kprobe_exceptions_notify(struct notifier_block *self, +@@ -1002,7 +1012,7 @@ int __kprobes kprobe_exceptions_notify(struct notifier_block *self, struct die_args *args = data; int ret = NOTIFY_DONE; @@ -15676,7 +15719,7 @@ index 794bc95..c6e29e9 100644 return ret; switch (val) { -@@ -1383,7 +1393,7 @@ int __kprobes arch_prepare_optimized_kprobe(struct optimized_kprobe *op) +@@ -1384,7 +1394,7 @@ int __kprobes arch_prepare_optimized_kprobe(struct optimized_kprobe *op) * Verify if the address gap is in 2GB range, because this uses * a relative jump. */ @@ -15685,7 +15728,7 @@ index 794bc95..c6e29e9 100644 if (abs(rel) > 0x7fffffff) return -ERANGE; -@@ -1404,11 +1414,11 @@ int __kprobes arch_prepare_optimized_kprobe(struct optimized_kprobe *op) +@@ -1405,11 +1415,11 @@ int __kprobes arch_prepare_optimized_kprobe(struct optimized_kprobe *op) synthesize_set_arg1(buf + TMPL_MOVE_IDX, (unsigned long)op); /* Set probe function call */ @@ -15699,7 +15742,7 @@ index 794bc95..c6e29e9 100644 flush_icache_range((unsigned long) buf, (unsigned long) buf + TMPL_END_IDX + -@@ -1430,7 +1440,7 @@ static void __kprobes setup_optimize_kprobe(struct text_poke_param *tprm, +@@ -1431,7 +1441,7 @@ static void __kprobes setup_optimize_kprobe(struct text_poke_param *tprm, ((long)op->kp.addr + RELATIVEJUMP_SIZE)); /* Backup instructions which will be replaced by jump address */ @@ -15820,10 +15863,10 @@ index a3fa43b..8966f4c 100644 relocate_kernel_ptr = control_page; page_list[PA_CONTROL_PAGE] = __pa(control_page); diff --git a/arch/x86/kernel/microcode_intel.c b/arch/x86/kernel/microcode_intel.c -index 1a1b606..5c89b55 100644 +index 3ca42d0..7cff8cc 100644 --- a/arch/x86/kernel/microcode_intel.c +++ b/arch/x86/kernel/microcode_intel.c -@@ -440,13 +440,13 @@ static enum ucode_state request_microcode_fw(int cpu, struct device *device) +@@ -436,13 +436,13 @@ static enum ucode_state request_microcode_fw(int cpu, struct device *device) static int get_ucode_user(void *to, const void *from, size_t n) { @@ -15975,6 +16018,28 @@ index 925179f..85bec6c 100644 #if 0 if ((s64)val != *(s32 *)loc) goto overflow; +diff --git a/arch/x86/kernel/nmi.c b/arch/x86/kernel/nmi.c +index e88f37b..1353db6 100644 +--- a/arch/x86/kernel/nmi.c ++++ b/arch/x86/kernel/nmi.c +@@ -408,6 +408,17 @@ static notrace __kprobes void default_do_nmi(struct pt_regs *regs) + dotraplinkage notrace __kprobes void + do_nmi(struct pt_regs *regs, long error_code) + { ++ ++#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) ++ if (!user_mode(regs)) { ++ unsigned long cs = regs->cs & 0xFFFF; ++ unsigned long ip = ktva_ktla(regs->ip); ++ ++ if ((cs == __KERNEL_CS || cs == __KERNEXEC_KERNEL_CS) && ip <= (unsigned long)_etext) ++ regs->ip = ip; ++ } ++#endif ++ + nmi_enter(); + + inc_irq_stat(__nmi_count); diff --git a/arch/x86/kernel/paravirt-spinlocks.c b/arch/x86/kernel/paravirt-spinlocks.c index 676b8c7..870ba04 100644 --- a/arch/x86/kernel/paravirt-spinlocks.c @@ -15989,7 +16054,7 @@ index 676b8c7..870ba04 100644 .spin_is_locked = __ticket_spin_is_locked, .spin_is_contended = __ticket_spin_is_contended, diff --git a/arch/x86/kernel/paravirt.c b/arch/x86/kernel/paravirt.c -index d90272e..2d54e8e 100644 +index d90272e..6bb013b 100644 --- a/arch/x86/kernel/paravirt.c +++ b/arch/x86/kernel/paravirt.c @@ -53,6 +53,9 @@ u64 _paravirt_ident_64(u64 x) @@ -16002,17 +16067,7 @@ index d90272e..2d54e8e 100644 void __init default_banner(void) { -@@ -133,6 +136,9 @@ static void *get_call_destination(u8 type) - .pv_lock_ops = pv_lock_ops, - #endif - }; -+ -+ pax_track_stack(); -+ - return *((void **)&tmpl + type); - } - -@@ -145,15 +151,19 @@ unsigned paravirt_patch_default(u8 type, u16 clobbers, void *insnbuf, +@@ -145,15 +148,19 @@ unsigned paravirt_patch_default(u8 type, u16 clobbers, void *insnbuf, if (opfunc == NULL) /* If there's no function, patch it with a ud2a (BUG) */ ret = paravirt_patch_insns(insnbuf, len, ud2a, ud2a+sizeof(ud2a)); @@ -16035,7 +16090,7 @@ index d90272e..2d54e8e 100644 else if (type == PARAVIRT_PATCH(pv_cpu_ops.iret) || type == PARAVIRT_PATCH(pv_cpu_ops.irq_enable_sysexit) || -@@ -178,7 +188,7 @@ unsigned paravirt_patch_insns(void *insnbuf, unsigned len, +@@ -178,7 +185,7 @@ unsigned paravirt_patch_insns(void *insnbuf, unsigned len, if (insn_len > len || start == NULL) insn_len = len; else @@ -16044,7 +16099,7 @@ index d90272e..2d54e8e 100644 return insn_len; } -@@ -302,7 +312,7 @@ void arch_flush_lazy_mmu_mode(void) +@@ -302,7 +309,7 @@ void arch_flush_lazy_mmu_mode(void) preempt_enable(); } @@ -16053,7 +16108,7 @@ index d90272e..2d54e8e 100644 .name = "bare hardware", .paravirt_enabled = 0, .kernel_rpl = 0, -@@ -313,16 +323,16 @@ struct pv_info pv_info = { +@@ -313,16 +320,16 @@ struct pv_info pv_info = { #endif }; @@ -16073,7 +16128,7 @@ index d90272e..2d54e8e 100644 .save_fl = __PV_IS_CALLEE_SAVE(native_save_fl), .restore_fl = __PV_IS_CALLEE_SAVE(native_restore_fl), .irq_disable = __PV_IS_CALLEE_SAVE(native_irq_disable), -@@ -334,7 +344,7 @@ struct pv_irq_ops pv_irq_ops = { +@@ -334,7 +341,7 @@ struct pv_irq_ops pv_irq_ops = { #endif }; @@ -16082,7 +16137,7 @@ index d90272e..2d54e8e 100644 .cpuid = native_cpuid, .get_debugreg = native_get_debugreg, .set_debugreg = native_set_debugreg, -@@ -395,21 +405,26 @@ struct pv_cpu_ops pv_cpu_ops = { +@@ -395,21 +402,26 @@ struct pv_cpu_ops pv_cpu_ops = { .end_context_switch = paravirt_nop, }; @@ -16112,7 +16167,7 @@ index d90272e..2d54e8e 100644 .read_cr2 = native_read_cr2, .write_cr2 = native_write_cr2, -@@ -459,6 +474,7 @@ struct pv_mmu_ops pv_mmu_ops = { +@@ -459,6 +471,7 @@ struct pv_mmu_ops pv_mmu_ops = { .make_pud = PTE_IDENT, .set_pgd = native_set_pgd, @@ -16120,7 +16175,7 @@ index d90272e..2d54e8e 100644 #endif #endif /* PAGETABLE_LEVELS >= 3 */ -@@ -478,6 +494,12 @@ struct pv_mmu_ops pv_mmu_ops = { +@@ -478,6 +491,12 @@ struct pv_mmu_ops pv_mmu_ops = { }, .set_fixmap = native_set_fixmap, @@ -16134,7 +16189,7 @@ index d90272e..2d54e8e 100644 EXPORT_SYMBOL_GPL(pv_time_ops); diff --git a/arch/x86/kernel/pci-iommu_table.c b/arch/x86/kernel/pci-iommu_table.c -index 35ccf75..67e7d4d 100644 +index 35ccf75..7a15747 100644 --- a/arch/x86/kernel/pci-iommu_table.c +++ b/arch/x86/kernel/pci-iommu_table.c @@ -2,7 +2,7 @@ @@ -16146,17 +16201,8 @@ index 35ccf75..67e7d4d 100644 #define DEBUG 1 -@@ -51,6 +51,8 @@ void __init check_iommu_entries(struct iommu_table_entry *start, - { - struct iommu_table_entry *p, *q, *x; - -+ pax_track_stack(); -+ - /* Simple cyclic dependency checker. */ - for (p = start; p < finish; p++) { - q = find_dependents_of(start, finish, p); diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c -index 30eb651..37fa2d7 100644 +index ee5d4fb..426649b 100644 --- a/arch/x86/kernel/process.c +++ b/arch/x86/kernel/process.c @@ -48,16 +48,33 @@ void free_thread_xstate(struct task_struct *tsk) @@ -16164,7 +16210,7 @@ index 30eb651..37fa2d7 100644 void free_thread_info(struct thread_info *ti) { - free_thread_xstate(ti->task); - free_pages((unsigned long)ti, get_order(THREAD_SIZE)); + free_pages((unsigned long)ti, THREAD_ORDER); } +static struct kmem_cache *task_struct_cachep; @@ -16297,10 +16343,10 @@ index 30eb651..37fa2d7 100644 +} +#endif diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c -index 7a3b651..5a946f6 100644 +index 795b79f..063767a 100644 --- a/arch/x86/kernel/process_32.c +++ b/arch/x86/kernel/process_32.c -@@ -66,6 +66,7 @@ asmlinkage void ret_from_fork(void) __asm__("ret_from_fork"); +@@ -67,6 +67,7 @@ asmlinkage void ret_from_fork(void) __asm__("ret_from_fork"); unsigned long thread_saved_pc(struct task_struct *tsk) { return ((unsigned long *)tsk->thread.sp)[3]; @@ -16308,7 +16354,7 @@ index 7a3b651..5a946f6 100644 } #ifndef CONFIG_SMP -@@ -128,15 +129,14 @@ void __show_regs(struct pt_regs *regs, int all) +@@ -130,15 +131,14 @@ void __show_regs(struct pt_regs *regs, int all) unsigned long sp; unsigned short ss, gs; @@ -16326,7 +16372,7 @@ index 7a3b651..5a946f6 100644 show_regs_common(); -@@ -198,13 +198,14 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, +@@ -200,13 +200,14 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, struct task_struct *tsk; int err; @@ -16342,7 +16388,7 @@ index 7a3b651..5a946f6 100644 p->thread.ip = (unsigned long) ret_from_fork; -@@ -294,7 +295,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) +@@ -296,7 +297,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) struct thread_struct *prev = &prev_p->thread, *next = &next_p->thread; int cpu = smp_processor_id(); @@ -16351,7 +16397,7 @@ index 7a3b651..5a946f6 100644 bool preload_fpu; /* never put a printk in __switch_to... printk() calls wake_up*() indirectly */ -@@ -329,6 +330,10 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) +@@ -331,6 +332,10 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) */ lazy_save_gs(prev->gs); @@ -16362,7 +16408,7 @@ index 7a3b651..5a946f6 100644 /* * Load the per-thread Thread-Local Storage descriptor. */ -@@ -364,6 +369,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) +@@ -366,6 +371,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) */ arch_end_context_switch(next_p); @@ -16372,7 +16418,7 @@ index 7a3b651..5a946f6 100644 if (preload_fpu) __math_state_restore(); -@@ -373,8 +381,6 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) +@@ -375,8 +383,6 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) if (prev->gs | next->gs) lazy_load_gs(next->gs); @@ -16381,16 +16427,16 @@ index 7a3b651..5a946f6 100644 return prev_p; } -@@ -404,4 +410,3 @@ unsigned long get_wchan(struct task_struct *p) +@@ -406,4 +412,3 @@ unsigned long get_wchan(struct task_struct *p) } while (count++ < 16); return 0; } - diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c -index f693e44..3c979b2 100644 +index 3bd7e6e..90b2bcf 100644 --- a/arch/x86/kernel/process_64.c +++ b/arch/x86/kernel/process_64.c -@@ -88,7 +88,7 @@ static void __exit_idle(void) +@@ -89,7 +89,7 @@ static void __exit_idle(void) void exit_idle(void) { /* idle loop has pid 0 */ @@ -16399,7 +16445,7 @@ index f693e44..3c979b2 100644 return; __exit_idle(); } -@@ -262,8 +262,7 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, +@@ -264,8 +264,7 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, struct pt_regs *childregs; struct task_struct *me = current; @@ -16409,7 +16455,7 @@ index f693e44..3c979b2 100644 *childregs = *regs; childregs->ax = 0; -@@ -275,6 +274,7 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, +@@ -277,6 +276,7 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, p->thread.sp = (unsigned long) childregs; p->thread.sp0 = (unsigned long) (childregs+1); p->thread.usersp = me->thread.usersp; @@ -16417,7 +16463,7 @@ index f693e44..3c979b2 100644 set_tsk_thread_flag(p, TIF_FORK); -@@ -377,7 +377,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) +@@ -379,7 +379,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) struct thread_struct *prev = &prev_p->thread; struct thread_struct *next = &next_p->thread; int cpu = smp_processor_id(); @@ -16426,7 +16472,7 @@ index f693e44..3c979b2 100644 unsigned fsindex, gsindex; bool preload_fpu; -@@ -473,10 +473,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) +@@ -475,10 +475,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) prev->usersp = percpu_read(old_rsp); percpu_write(old_rsp, next->usersp); percpu_write(current_task, next_p); @@ -16439,7 +16485,7 @@ index f693e44..3c979b2 100644 /* * Now maybe reload the debug registers and handle I/O bitmaps -@@ -538,12 +537,11 @@ unsigned long get_wchan(struct task_struct *p) +@@ -540,12 +539,11 @@ unsigned long get_wchan(struct task_struct *p) if (!p || p == current || p->state == TASK_RUNNING) return 0; stack = (unsigned long)task_stack_page(p); @@ -16526,7 +16572,7 @@ index 42eb330..139955c 100644 return ret; diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c -index d4a705f..ef8f1a9 100644 +index 37a458b..e63d183 100644 --- a/arch/x86/kernel/reboot.c +++ b/arch/x86/kernel/reboot.c @@ -35,7 +35,7 @@ void (*pm_power_off)(void); @@ -16609,7 +16655,7 @@ index d4a705f..ef8f1a9 100644 } #ifdef CONFIG_APM_MODULE EXPORT_SYMBOL(machine_real_restart); -@@ -532,7 +562,7 @@ void __attribute__((weak)) mach_reboot_fixups(void) +@@ -540,7 +570,7 @@ void __attribute__((weak)) mach_reboot_fixups(void) * try to force a triple fault and then cycle between hitting the keyboard * controller and doing that */ @@ -16618,7 +16664,7 @@ index d4a705f..ef8f1a9 100644 { int i; int attempt = 0; -@@ -656,13 +686,13 @@ void native_machine_shutdown(void) +@@ -664,13 +694,13 @@ void native_machine_shutdown(void) #endif } @@ -16634,7 +16680,7 @@ index d4a705f..ef8f1a9 100644 { printk("machine restart\n"); -@@ -671,7 +701,7 @@ static void native_machine_restart(char *__unused) +@@ -679,7 +709,7 @@ static void native_machine_restart(char *__unused) __machine_emergency_restart(0); } @@ -16643,7 +16689,7 @@ index d4a705f..ef8f1a9 100644 { /* stop other cpus and apics */ machine_shutdown(); -@@ -682,7 +712,7 @@ static void native_machine_halt(void) +@@ -690,7 +720,7 @@ static void native_machine_halt(void) stop_this_cpu(NULL); } @@ -16652,7 +16698,7 @@ index d4a705f..ef8f1a9 100644 { if (pm_power_off) { if (!reboot_force) -@@ -691,6 +721,7 @@ static void native_machine_power_off(void) +@@ -699,6 +729,7 @@ static void native_machine_power_off(void) } /* a fallback in case there is no PM info available */ tboot_shutdown(TB_SHUTDOWN_HALT); @@ -16689,7 +16735,7 @@ index 7a6f3b3..bed145d7 100644 1: diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index afaf384..1a101fe 100644 +index cf0ef98..e3f780b 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c @@ -447,7 +447,7 @@ static void __init parse_setup_data(void) @@ -16798,7 +16844,7 @@ index 71f4727..16dc9f7 100644 * Up to this point, the boot CPU has been using .init.data * area. Reload any changed state for the boot CPU. diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c -index 54ddaeb2..a6aa4d2 100644 +index 54ddaeb2..22c3bdc 100644 --- a/arch/x86/kernel/signal.c +++ b/arch/x86/kernel/signal.c @@ -198,7 +198,7 @@ static unsigned long align_sigframe(unsigned long sp) @@ -16866,16 +16912,7 @@ index 54ddaeb2..a6aa4d2 100644 } put_user_catch(err); if (err) -@@ -762,6 +765,8 @@ static void do_signal(struct pt_regs *regs) - siginfo_t info; - int signr; - -+ pax_track_stack(); -+ - /* - * We want the common case to go fast, which is why we may in certain - * cases get here from kernel mode. Just return without doing anything -@@ -769,7 +774,7 @@ static void do_signal(struct pt_regs *regs) +@@ -769,7 +772,7 @@ static void do_signal(struct pt_regs *regs) * X86_32: vm86 regs switched out by assembly code before reaching * here, so testing against kernel CS suffices. */ @@ -17204,10 +17241,10 @@ index 0b0cb5f..db6b9ed 100644 + return addr; } diff --git a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c -index ff14a50..35626c3 100644 +index 0514890..3dbebce 100644 --- a/arch/x86/kernel/sys_x86_64.c +++ b/arch/x86/kernel/sys_x86_64.c -@@ -32,8 +32,8 @@ out: +@@ -95,8 +95,8 @@ out: return error; } @@ -17218,7 +17255,7 @@ index ff14a50..35626c3 100644 { if (!test_thread_flag(TIF_IA32) && (flags & MAP_32BIT)) { unsigned long new_begin; -@@ -52,7 +52,7 @@ static void find_start_end(unsigned long flags, unsigned long *begin, +@@ -115,7 +115,7 @@ static void find_start_end(unsigned long flags, unsigned long *begin, *begin = new_begin; } } else { @@ -17227,7 +17264,7 @@ index ff14a50..35626c3 100644 *end = TASK_SIZE; } } -@@ -69,16 +69,19 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -132,16 +132,19 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, if (flags & MAP_FIXED) return addr; @@ -17250,7 +17287,7 @@ index ff14a50..35626c3 100644 return addr; } if (((flags & MAP_32BIT) || test_thread_flag(TIF_IA32)) -@@ -106,7 +109,7 @@ full_search: +@@ -172,7 +175,7 @@ full_search: } return -ENOMEM; } @@ -17259,7 +17296,7 @@ index ff14a50..35626c3 100644 /* * Remember the place where we stopped the search: */ -@@ -128,7 +131,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -195,7 +198,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, { struct vm_area_struct *vma; struct mm_struct *mm = current->mm; @@ -17268,7 +17305,7 @@ index ff14a50..35626c3 100644 /* requested length too big for entire address space */ if (len > TASK_SIZE) -@@ -141,13 +144,18 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -208,13 +211,18 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, if (!test_thread_flag(TIF_IA32) && (flags & MAP_32BIT)) goto bottomup; @@ -17291,16 +17328,16 @@ index ff14a50..35626c3 100644 } /* check if free_area_cache is useful for us */ -@@ -162,7 +170,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - /* make sure it can fit in the remaining address space */ - if (addr > len) { - vma = find_vma(mm, addr-len); -- if (!vma || addr <= vma->vm_start) -+ if (check_heap_stack_gap(vma, addr - len, len)) +@@ -232,7 +240,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, + ALIGN_TOPDOWN); + + vma = find_vma(mm, tmp_addr); +- if (!vma || tmp_addr + len <= vma->vm_start) ++ if (check_heap_stack_gap(vma, tmp_addr, len)) /* remember the address as a hint for next time */ - return mm->free_area_cache = addr-len; + return mm->free_area_cache = tmp_addr; } -@@ -179,7 +187,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -251,7 +259,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, * return with success: */ vma = find_vma(mm, addr); @@ -17309,7 +17346,7 @@ index ff14a50..35626c3 100644 /* remember the address as a hint for next time */ return mm->free_area_cache = addr; -@@ -188,8 +196,8 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -260,8 +268,8 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, mm->cached_hole_size = vma->vm_start - addr; /* try just below the current vma->vm_start */ @@ -17320,7 +17357,7 @@ index ff14a50..35626c3 100644 bottomup: /* -@@ -198,13 +206,21 @@ bottomup: +@@ -270,13 +278,21 @@ bottomup: * can happen with large stack limits and large mmap() * allocations. */ @@ -17345,7 +17382,7 @@ index ff14a50..35626c3 100644 return addr; diff --git a/arch/x86/kernel/syscall_table_32.S b/arch/x86/kernel/syscall_table_32.S -index bc19be3..0f5fbf7 100644 +index 9a0e312..e6f66f2 100644 --- a/arch/x86/kernel/syscall_table_32.S +++ b/arch/x86/kernel/syscall_table_32.S @@ -1,3 +1,4 @@ @@ -17354,10 +17391,10 @@ index bc19be3..0f5fbf7 100644 .long sys_restart_syscall /* 0 - old "setup()" system call, used for restarting */ .long sys_exit diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c -index e07a2fc..db0369d 100644 +index e2410e2..4fe3fbc 100644 --- a/arch/x86/kernel/tboot.c +++ b/arch/x86/kernel/tboot.c -@@ -218,7 +218,7 @@ static int tboot_setup_sleep(void) +@@ -219,7 +219,7 @@ static int tboot_setup_sleep(void) void tboot_shutdown(u32 shutdown_type) { @@ -17366,7 +17403,7 @@ index e07a2fc..db0369d 100644 if (!tboot_enabled()) return; -@@ -240,7 +240,7 @@ void tboot_shutdown(u32 shutdown_type) +@@ -241,7 +241,7 @@ void tboot_shutdown(u32 shutdown_type) switch_to_tboot_pt(); @@ -17375,7 +17412,7 @@ index e07a2fc..db0369d 100644 shutdown(); /* should not reach here */ -@@ -297,7 +297,7 @@ void tboot_sleep(u8 sleep_state, u32 pm1a_control, u32 pm1b_control) +@@ -298,7 +298,7 @@ void tboot_sleep(u8 sleep_state, u32 pm1a_control, u32 pm1b_control) tboot_shutdown(acpi_shutdown_map[sleep_state]); } @@ -17384,7 +17421,7 @@ index e07a2fc..db0369d 100644 static int tboot_wait_for_aps(int num_aps) { -@@ -321,9 +321,9 @@ static int __cpuinit tboot_cpu_callback(struct notifier_block *nfb, +@@ -322,9 +322,9 @@ static int __cpuinit tboot_cpu_callback(struct notifier_block *nfb, { switch (action) { case CPU_DYING: @@ -17396,7 +17433,7 @@ index e07a2fc..db0369d 100644 return NOTIFY_BAD; break; } -@@ -342,7 +342,7 @@ static __init int tboot_late_init(void) +@@ -343,7 +343,7 @@ static __init int tboot_late_init(void) tboot_create_trampoline(); @@ -17406,10 +17443,10 @@ index e07a2fc..db0369d 100644 return 0; } diff --git a/arch/x86/kernel/time.c b/arch/x86/kernel/time.c -index 5a64d05..804587b 100644 +index dd5fbf4..b7f2232 100644 --- a/arch/x86/kernel/time.c +++ b/arch/x86/kernel/time.c -@@ -30,9 +30,9 @@ unsigned long profile_pc(struct pt_regs *regs) +@@ -31,9 +31,9 @@ unsigned long profile_pc(struct pt_regs *regs) { unsigned long pc = instruction_pointer(regs); @@ -17421,7 +17458,7 @@ index 5a64d05..804587b 100644 #else unsigned long *sp = (unsigned long *)kernel_stack_pointer(regs); -@@ -41,11 +41,17 @@ unsigned long profile_pc(struct pt_regs *regs) +@@ -42,11 +42,17 @@ unsigned long profile_pc(struct pt_regs *regs) * or above a saved flags. Eflags has bits 22-31 zero, * kernel addresses don't. */ @@ -17504,7 +17541,7 @@ index 09ff517..df19fbff 100644 .short 0 .quad 0x00cf9b000000ffff # __KERNEL32_CS diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c -index 6913369..7e7dff6 100644 +index a8e3eb8..c9dbd7d 100644 --- a/arch/x86/kernel/traps.c +++ b/arch/x86/kernel/traps.c @@ -70,12 +70,6 @@ asmlinkage int system_call(void); @@ -17520,7 +17557,7 @@ index 6913369..7e7dff6 100644 #endif DECLARE_BITMAP(used_vectors, NR_VECTORS); -@@ -117,13 +111,13 @@ static inline void preempt_conditional_cli(struct pt_regs *regs) +@@ -108,13 +102,13 @@ static inline void preempt_conditional_cli(struct pt_regs *regs) } static void __kprobes @@ -17536,7 +17573,7 @@ index 6913369..7e7dff6 100644 /* * traps 0, 1, 3, 4, and 5 should be forwarded to vm86. * On nmi (interrupt 2), do_trap should not be called. -@@ -134,7 +128,7 @@ do_trap(int trapnr, int signr, char *str, struct pt_regs *regs, +@@ -125,7 +119,7 @@ do_trap(int trapnr, int signr, char *str, struct pt_regs *regs, } #endif @@ -17545,7 +17582,7 @@ index 6913369..7e7dff6 100644 goto kernel_trap; #ifdef CONFIG_X86_32 -@@ -157,7 +151,7 @@ trap_signal: +@@ -148,7 +142,7 @@ trap_signal: printk_ratelimit()) { printk(KERN_INFO "%s[%d] trap %s ip:%lx sp:%lx error:%lx", @@ -17554,7 +17591,7 @@ index 6913369..7e7dff6 100644 regs->ip, regs->sp, error_code); print_vma_addr(" in ", regs->ip); printk("\n"); -@@ -174,8 +168,20 @@ kernel_trap: +@@ -165,8 +159,20 @@ kernel_trap: if (!fixup_exception(regs)) { tsk->thread.error_code = error_code; tsk->thread.trap_no = trapnr; @@ -17575,7 +17612,7 @@ index 6913369..7e7dff6 100644 return; #ifdef CONFIG_X86_32 -@@ -264,14 +270,30 @@ do_general_protection(struct pt_regs *regs, long error_code) +@@ -255,14 +261,30 @@ do_general_protection(struct pt_regs *regs, long error_code) conditional_sti(regs); #ifdef CONFIG_X86_32 @@ -17608,7 +17645,7 @@ index 6913369..7e7dff6 100644 tsk->thread.error_code = error_code; tsk->thread.trap_no = 13; -@@ -304,6 +326,13 @@ gp_in_kernel: +@@ -295,6 +317,13 @@ gp_in_kernel: if (notify_die(DIE_GPF, "general protection fault", regs, error_code, 13, SIGSEGV) == NOTIFY_STOP) return; @@ -17622,25 +17659,7 @@ index 6913369..7e7dff6 100644 die("general protection fault", regs, error_code); } -@@ -433,6 +462,17 @@ static notrace __kprobes void default_do_nmi(struct pt_regs *regs) - dotraplinkage notrace __kprobes void - do_nmi(struct pt_regs *regs, long error_code) - { -+ -+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) -+ if (!user_mode(regs)) { -+ unsigned long cs = regs->cs & 0xFFFF; -+ unsigned long ip = ktva_ktla(regs->ip); -+ -+ if ((cs == __KERNEL_CS || cs == __KERNEXEC_KERNEL_CS) && ip <= (unsigned long)_etext) -+ regs->ip = ip; -+ } -+#endif -+ - nmi_enter(); - - inc_irq_stat(__nmi_count); -@@ -569,7 +609,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code) +@@ -414,7 +443,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code) /* It's safe to allow irq's after DR6 has been saved */ preempt_conditional_sti(regs); @@ -17649,7 +17668,7 @@ index 6913369..7e7dff6 100644 handle_vm86_trap((struct kernel_vm86_regs *) regs, error_code, 1); preempt_conditional_cli(regs); -@@ -583,7 +623,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code) +@@ -428,7 +457,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code) * We already checked v86 mode above, so we can check for kernel mode * by just checking the CPL of CS. */ @@ -17658,7 +17677,7 @@ index 6913369..7e7dff6 100644 tsk->thread.debugreg6 &= ~DR_STEP; set_tsk_thread_flag(tsk, TIF_SINGLESTEP); regs->flags &= ~X86_EFLAGS_TF; -@@ -612,7 +652,7 @@ void math_error(struct pt_regs *regs, int error_code, int trapnr) +@@ -457,7 +486,7 @@ void math_error(struct pt_regs *regs, int error_code, int trapnr) return; conditional_sti(regs); @@ -17667,7 +17686,7 @@ index 6913369..7e7dff6 100644 { if (!fixup_exception(regs)) { task->thread.error_code = error_code; -@@ -723,7 +763,7 @@ asmlinkage void __attribute__((weak)) smp_threshold_interrupt(void) +@@ -568,7 +597,7 @@ asmlinkage void __attribute__((weak)) smp_threshold_interrupt(void) void __math_state_restore(void) { struct thread_info *thread = current_thread_info(); @@ -17676,7 +17695,7 @@ index 6913369..7e7dff6 100644 /* * Paranoid restore. send a SIGSEGV if we fail to restore the state. -@@ -750,8 +790,7 @@ void __math_state_restore(void) +@@ -595,8 +624,7 @@ void __math_state_restore(void) */ asmlinkage void math_state_restore(void) { @@ -18031,10 +18050,10 @@ index 0f703f1..9e15f64 100644 #ifdef CONFIG_SMP diff --git a/arch/x86/kernel/vsyscall_64.c b/arch/x86/kernel/vsyscall_64.c -index b56c65de..561a55b 100644 +index e4d4a22..47ee71f 100644 --- a/arch/x86/kernel/vsyscall_64.c +++ b/arch/x86/kernel/vsyscall_64.c -@@ -56,15 +56,13 @@ DEFINE_VVAR(struct vsyscall_gtod_data, vsyscall_gtod_data) = +@@ -57,15 +57,13 @@ DEFINE_VVAR(struct vsyscall_gtod_data, vsyscall_gtod_data) = .lock = __SEQLOCK_UNLOCKED(__vsyscall_gtod_data.lock), }; @@ -18051,7 +18070,7 @@ index b56c65de..561a55b 100644 else if (!strcmp("none", str)) vsyscall_mode = NONE; else -@@ -177,7 +175,7 @@ bool emulate_vsyscall(struct pt_regs *regs, unsigned long address) +@@ -178,7 +176,7 @@ bool emulate_vsyscall(struct pt_regs *regs, unsigned long address) tsk = current; if (seccomp_mode(&tsk->seccomp)) @@ -18060,7 +18079,7 @@ index b56c65de..561a55b 100644 switch (vsyscall_nr) { case 0: -@@ -219,8 +217,7 @@ bool emulate_vsyscall(struct pt_regs *regs, unsigned long address) +@@ -220,8 +218,7 @@ bool emulate_vsyscall(struct pt_regs *regs, unsigned long address) return true; sigsegv: @@ -18070,7 +18089,7 @@ index b56c65de..561a55b 100644 } /* -@@ -273,10 +270,7 @@ void __init map_vsyscall(void) +@@ -274,10 +271,7 @@ void __init map_vsyscall(void) extern char __vvar_page; unsigned long physaddr_vvar_page = __pa_symbol(&__vvar_page); @@ -18127,45 +18146,36 @@ index a391134..d0b63b6e 100644 if (unlikely(err)) { /* diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c -index 8b4cc5f..f086b5b 100644 +index f1e3be1..588efc8 100644 --- a/arch/x86/kvm/emulate.c +++ b/arch/x86/kvm/emulate.c -@@ -96,7 +96,7 @@ - #define Src2ImmByte (2<<29) - #define Src2One (3<<29) - #define Src2Imm (4<<29) --#define Src2Mask (7<<29) -+#define Src2Mask (7U<<29) - - #define X2(x...) x, x - #define X3(x...) X2(x), x -@@ -207,6 +207,7 @@ struct gprefix { - - #define ____emulate_2op(_op, _src, _dst, _eflags, _x, _y, _suffix, _dsttype) \ +@@ -249,6 +249,7 @@ struct gprefix { + + #define ____emulate_2op(ctxt, _op, _x, _y, _suffix, _dsttype) \ do { \ + unsigned long _tmp; \ __asm__ __volatile__ ( \ _PRE_EFLAGS("0", "4", "2") \ _op _suffix " %"_x"3,%1; " \ -@@ -220,8 +221,6 @@ struct gprefix { +@@ -263,8 +264,6 @@ struct gprefix { /* Raw emulation: instruction has two explicit operands. */ - #define __emulate_2op_nobyte(_op,_src,_dst,_eflags,_wx,_wy,_lx,_ly,_qx,_qy) \ + #define __emulate_2op_nobyte(ctxt,_op,_wx,_wy,_lx,_ly,_qx,_qy) \ do { \ - unsigned long _tmp; \ - \ - switch ((_dst).bytes) { \ + switch ((ctxt)->dst.bytes) { \ case 2: \ - ____emulate_2op(_op,_src,_dst,_eflags,_wx,_wy,"w",u16);\ -@@ -237,7 +236,6 @@ struct gprefix { + ____emulate_2op(ctxt,_op,_wx,_wy,"w",u16); \ +@@ -280,7 +279,6 @@ struct gprefix { - #define __emulate_2op(_op,_src,_dst,_eflags,_bx,_by,_wx,_wy,_lx,_ly,_qx,_qy) \ + #define __emulate_2op(ctxt,_op,_bx,_by,_wx,_wy,_lx,_ly,_qx,_qy) \ do { \ - unsigned long _tmp; \ - switch ((_dst).bytes) { \ + switch ((ctxt)->dst.bytes) { \ case 1: \ - ____emulate_2op(_op,_src,_dst,_eflags,_bx,_by,"b",u8); \ + ____emulate_2op(ctxt,_op,_bx,_by,"b",u8); \ diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c -index 57dcbd4..79aba9b 100644 +index 54abb40..a192606 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -53,7 +53,7 @@ @@ -18178,10 +18188,10 @@ index 57dcbd4..79aba9b 100644 #define APIC_LVT_NUM 6 /* 14 is the version for Xeon and Pentium 8.4.8*/ diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c -index 8e8da79..13bc641 100644 +index f1b36cf..af8a124 100644 --- a/arch/x86/kvm/mmu.c +++ b/arch/x86/kvm/mmu.c -@@ -3552,7 +3552,7 @@ void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa, +@@ -3555,7 +3555,7 @@ void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa, pgprintk("%s: gpa %llx bytes %d\n", __func__, gpa, bytes); @@ -18190,7 +18200,7 @@ index 8e8da79..13bc641 100644 /* * Assume that the pte write on a page table of the same type -@@ -3584,7 +3584,7 @@ void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa, +@@ -3587,7 +3587,7 @@ void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa, } spin_lock(&vcpu->kvm->mmu_lock); @@ -18200,7 +18210,7 @@ index 8e8da79..13bc641 100644 kvm_mmu_free_some_pages(vcpu); ++vcpu->kvm->stat.mmu_pte_write; diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h -index 507e2b8..fc55f89 100644 +index 9299410..ade2f9b 100644 --- a/arch/x86/kvm/paging_tmpl.h +++ b/arch/x86/kvm/paging_tmpl.h @@ -197,7 +197,7 @@ retry_walk: @@ -18212,16 +18222,7 @@ index 507e2b8..fc55f89 100644 if (unlikely(__copy_from_user(&pte, ptep_user, sizeof(pte)))) goto error; -@@ -575,6 +575,8 @@ static int FNAME(page_fault)(struct kvm_vcpu *vcpu, gva_t addr, u32 error_code, - unsigned long mmu_seq; - bool map_writable; - -+ pax_track_stack(); -+ - pgprintk("%s: addr %lx err %x\n", __func__, addr, error_code); - - if (unlikely(error_code & PFERR_RSVD_MASK)) -@@ -701,7 +703,7 @@ static void FNAME(invlpg)(struct kvm_vcpu *vcpu, gva_t gva) +@@ -705,7 +705,7 @@ static void FNAME(invlpg)(struct kvm_vcpu *vcpu, gva_t gva) if (need_flush) kvm_flush_remote_tlbs(vcpu->kvm); @@ -18231,10 +18232,10 @@ index 507e2b8..fc55f89 100644 spin_unlock(&vcpu->kvm->mmu_lock); diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c -index 475d1c9..33658ff 100644 +index e32243e..a6e6172 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c -@@ -3381,7 +3381,11 @@ static void reload_tss(struct kvm_vcpu *vcpu) +@@ -3400,7 +3400,11 @@ static void reload_tss(struct kvm_vcpu *vcpu) int cpu = raw_smp_processor_id(); struct svm_cpu_data *sd = per_cpu(svm_data, cpu); @@ -18246,7 +18247,7 @@ index 475d1c9..33658ff 100644 load_TR_desc(); } -@@ -3759,6 +3763,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) +@@ -3778,6 +3782,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) #endif #endif @@ -18258,10 +18259,10 @@ index 475d1c9..33658ff 100644 local_irq_disable(); diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c -index e65a158..656dc24 100644 +index 579a0b5..ed7bbf9 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c -@@ -1251,7 +1251,11 @@ static void reload_tss(void) +@@ -1305,7 +1305,11 @@ static void reload_tss(void) struct desc_struct *descs; descs = (void *)gdt->address; @@ -18273,7 +18274,7 @@ index e65a158..656dc24 100644 load_TR_desc(); } -@@ -2520,8 +2524,11 @@ static __init int hardware_setup(void) +@@ -2633,8 +2637,11 @@ static __init int hardware_setup(void) if (!cpu_has_vmx_flexpriority()) flexpriority_enabled = 0; @@ -18287,7 +18288,7 @@ index e65a158..656dc24 100644 if (enable_ept && !cpu_has_vmx_ept_2m_page()) kvm_disable_largepages(); -@@ -3535,7 +3542,7 @@ static void vmx_set_constant_host_state(void) +@@ -3648,7 +3655,7 @@ static void vmx_set_constant_host_state(void) vmcs_writel(HOST_IDTR_BASE, dt.address); /* 22.2.4 */ asm("mov $.Lkvm_vmx_return, %0" : "=r"(tmpl)); @@ -18296,7 +18297,7 @@ index e65a158..656dc24 100644 rdmsr(MSR_IA32_SYSENTER_CS, low32, high32); vmcs_write32(HOST_IA32_SYSENTER_CS, low32); -@@ -6021,6 +6028,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6169,6 +6176,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) "jmp .Lkvm_vmx_return \n\t" ".Llaunched: " __ex(ASM_VMX_VMRESUME) "\n\t" ".Lkvm_vmx_return: " @@ -18309,7 +18310,7 @@ index e65a158..656dc24 100644 /* Save guest registers, load host registers, keep flags */ "mov %0, %c[wordsize](%%"R"sp) \n\t" "pop %0 \n\t" -@@ -6069,6 +6082,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6217,6 +6230,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) #endif [cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)), [wordsize]"i"(sizeof(ulong)) @@ -18321,7 +18322,7 @@ index e65a158..656dc24 100644 : "cc", "memory" , R"ax", R"bx", R"di", R"si" #ifdef CONFIG_X86_64 -@@ -6097,7 +6115,16 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6245,7 +6263,16 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) } } @@ -18340,10 +18341,10 @@ index e65a158..656dc24 100644 vmx->exit_reason = vmcs_read32(VM_EXIT_REASON); diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c -index 84a28ea..9326501 100644 +index 4c938da..4ddef65 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c -@@ -1334,8 +1334,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) +@@ -1345,8 +1345,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) { struct kvm *kvm = vcpu->kvm; int lm = is_long_mode(vcpu); @@ -18354,7 +18355,7 @@ index 84a28ea..9326501 100644 u8 blob_size = lm ? kvm->arch.xen_hvm_config.blob_size_64 : kvm->arch.xen_hvm_config.blob_size_32; u32 page_num = data & ~PAGE_MASK; -@@ -2137,6 +2137,8 @@ long kvm_arch_dev_ioctl(struct file *filp, +@@ -2165,6 +2165,8 @@ long kvm_arch_dev_ioctl(struct file *filp, if (n < msr_list.nmsrs) goto out; r = -EFAULT; @@ -18363,7 +18364,7 @@ index 84a28ea..9326501 100644 if (copy_to_user(user_msr_list->indices, &msrs_to_save, num_msrs_to_save * sizeof(u32))) goto out; -@@ -2312,15 +2314,20 @@ static int kvm_vcpu_ioctl_set_cpuid2(struct kvm_vcpu *vcpu, +@@ -2340,15 +2342,20 @@ static int kvm_vcpu_ioctl_set_cpuid2(struct kvm_vcpu *vcpu, struct kvm_cpuid2 *cpuid, struct kvm_cpuid_entry2 __user *entries) { @@ -18387,7 +18388,7 @@ index 84a28ea..9326501 100644 vcpu->arch.cpuid_nent = cpuid->nent; kvm_apic_set_version(vcpu); kvm_x86_ops->cpuid_update(vcpu); -@@ -2335,15 +2342,19 @@ static int kvm_vcpu_ioctl_get_cpuid2(struct kvm_vcpu *vcpu, +@@ -2363,15 +2370,19 @@ static int kvm_vcpu_ioctl_get_cpuid2(struct kvm_vcpu *vcpu, struct kvm_cpuid2 *cpuid, struct kvm_cpuid_entry2 __user *entries) { @@ -18410,7 +18411,7 @@ index 84a28ea..9326501 100644 return 0; out: -@@ -2718,7 +2729,7 @@ static int kvm_vcpu_ioctl_set_lapic(struct kvm_vcpu *vcpu, +@@ -2746,7 +2757,7 @@ static int kvm_vcpu_ioctl_set_lapic(struct kvm_vcpu *vcpu, static int kvm_vcpu_ioctl_interrupt(struct kvm_vcpu *vcpu, struct kvm_interrupt *irq) { @@ -18419,7 +18420,7 @@ index 84a28ea..9326501 100644 return -EINVAL; if (irqchip_in_kernel(vcpu->kvm)) return -ENXIO; -@@ -5089,7 +5100,7 @@ static void kvm_set_mmio_spte_mask(void) +@@ -5162,7 +5173,7 @@ static void kvm_set_mmio_spte_mask(void) kvm_mmu_set_mmio_spte_mask(mask); } @@ -18429,10 +18430,10 @@ index 84a28ea..9326501 100644 int r; struct kvm_x86_ops *ops = (struct kvm_x86_ops *)opaque; diff --git a/arch/x86/lguest/boot.c b/arch/x86/lguest/boot.c -index 13ee258..b9632f6 100644 +index cf4603b..7cdde38 100644 --- a/arch/x86/lguest/boot.c +++ b/arch/x86/lguest/boot.c -@@ -1184,9 +1184,10 @@ static __init int early_put_chars(u32 vtermno, const char *buf, int count) +@@ -1195,9 +1195,10 @@ static __init int early_put_chars(u32 vtermno, const char *buf, int count) * Rebooting also tells the Host we're finished, but the RESTART flag tells the * Launcher to reboot us. */ @@ -19747,7 +19748,7 @@ index 51f1504..ddac4c1 100644 CFI_ENDPROC END(bad_get_user) diff --git a/arch/x86/lib/insn.c b/arch/x86/lib/insn.c -index 9f33b98..dfc7678 100644 +index 374562e..a75830b 100644 --- a/arch/x86/lib/insn.c +++ b/arch/x86/lib/insn.c @@ -21,6 +21,11 @@ @@ -19760,9 +19761,9 @@ index 9f33b98..dfc7678 100644 +#define ktla_ktva(addr) addr +#endif - #define get_next(t, insn) \ - ({t r; r = *(t*)insn->next_byte; insn->next_byte += sizeof(t); r; }) -@@ -40,8 +45,8 @@ + /* Verify next sizeof(t) bytes can be on the same instruction */ + #define validate_next(t, insn, n) \ +@@ -49,8 +54,8 @@ void insn_init(struct insn *insn, const void *kaddr, int x86_64) { memset(insn, 0, sizeof(*insn)); @@ -21406,7 +21407,7 @@ index d0474ad..36e9257 100644 extern u32 pnp_bios_is_utter_crap; pnp_bios_is_utter_crap = 1; diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c -index 0d17c8c..c5d9925 100644 +index 5db0490..13bd09c 100644 --- a/arch/x86/mm/fault.c +++ b/arch/x86/mm/fault.c @@ -13,11 +13,18 @@ @@ -21419,7 +21420,7 @@ index 0d17c8c..c5d9925 100644 #include <asm/traps.h> /* dotraplinkage, ... */ #include <asm/pgalloc.h> /* pgd_*(), ... */ #include <asm/kmemcheck.h> /* kmemcheck_*(), ... */ - #include <asm/vsyscall.h> + #include <asm/fixmap.h> /* VSYSCALL_START */ +#include <asm/tlbflush.h> + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) @@ -21561,7 +21562,7 @@ index 0d17c8c..c5d9925 100644 pgd_ref = pgd_offset_k(address); if (pgd_none(*pgd_ref)) return -1; -@@ -534,7 +604,7 @@ static int is_errata93(struct pt_regs *regs, unsigned long address) +@@ -540,7 +610,7 @@ static int is_errata93(struct pt_regs *regs, unsigned long address) static int is_errata100(struct pt_regs *regs, unsigned long address) { #ifdef CONFIG_X86_64 @@ -21570,7 +21571,7 @@ index 0d17c8c..c5d9925 100644 return 1; #endif return 0; -@@ -561,7 +631,7 @@ static int is_f00f_bug(struct pt_regs *regs, unsigned long address) +@@ -567,7 +637,7 @@ static int is_f00f_bug(struct pt_regs *regs, unsigned long address) } static const char nx_warning[] = KERN_CRIT @@ -21579,7 +21580,7 @@ index 0d17c8c..c5d9925 100644 static void show_fault_oops(struct pt_regs *regs, unsigned long error_code, -@@ -570,15 +640,26 @@ show_fault_oops(struct pt_regs *regs, unsigned long error_code, +@@ -576,15 +646,26 @@ show_fault_oops(struct pt_regs *regs, unsigned long error_code, if (!oops_may_print()) return; @@ -21608,7 +21609,7 @@ index 0d17c8c..c5d9925 100644 printk(KERN_ALERT "BUG: unable to handle kernel "); if (address < PAGE_SIZE) printk(KERN_CONT "NULL pointer dereference"); -@@ -733,6 +814,21 @@ __bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code, +@@ -739,6 +820,21 @@ __bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code, } #endif @@ -21630,7 +21631,7 @@ index 0d17c8c..c5d9925 100644 if (unlikely(show_unhandled_signals)) show_signal_msg(regs, error_code, address, tsk); -@@ -829,7 +925,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address, +@@ -835,7 +931,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address, if (fault & (VM_FAULT_HWPOISON|VM_FAULT_HWPOISON_LARGE)) { printk(KERN_ERR "MCE: Killing %s:%d due to hardware memory corruption fault at %lx\n", @@ -21639,7 +21640,7 @@ index 0d17c8c..c5d9925 100644 code = BUS_MCEERR_AR; } #endif -@@ -884,6 +980,99 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte) +@@ -890,6 +986,99 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte) return 1; } @@ -21739,7 +21740,7 @@ index 0d17c8c..c5d9925 100644 /* * Handle a spurious fault caused by a stale TLB entry. * -@@ -956,6 +1145,9 @@ int show_unhandled_signals = 1; +@@ -962,6 +1151,9 @@ int show_unhandled_signals = 1; static inline int access_error(unsigned long error_code, struct vm_area_struct *vma) { @@ -21749,7 +21750,7 @@ index 0d17c8c..c5d9925 100644 if (error_code & PF_WRITE) { /* write, present and write, not present: */ if (unlikely(!(vma->vm_flags & VM_WRITE))) -@@ -989,18 +1181,32 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code) +@@ -995,18 +1187,32 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code) { struct vm_area_struct *vma; struct task_struct *tsk; @@ -21787,7 +21788,7 @@ index 0d17c8c..c5d9925 100644 /* * Detect and handle instructions that would cause a page fault for -@@ -1061,7 +1267,7 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code) +@@ -1067,7 +1273,7 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code) * User-mode registers count as a user access even for any * potential system fault or CPU buglet: */ @@ -21796,7 +21797,7 @@ index 0d17c8c..c5d9925 100644 local_irq_enable(); error_code |= PF_USER; } else { -@@ -1116,6 +1322,11 @@ retry: +@@ -1122,6 +1328,11 @@ retry: might_sleep(); } @@ -21808,7 +21809,7 @@ index 0d17c8c..c5d9925 100644 vma = find_vma(mm, address); if (unlikely(!vma)) { bad_area(regs, error_code, address); -@@ -1127,18 +1338,24 @@ retry: +@@ -1133,18 +1344,24 @@ retry: bad_area(regs, error_code, address); return; } @@ -21844,7 +21845,7 @@ index 0d17c8c..c5d9925 100644 if (unlikely(expand_stack(vma, address))) { bad_area(regs, error_code, address); return; -@@ -1193,3 +1410,292 @@ good_area: +@@ -1199,3 +1416,292 @@ good_area: up_read(&mm->mmap_sem); } @@ -22378,10 +22379,18 @@ index f581a18..29efd37 100644 } if (mm->get_unmapped_area == arch_get_unmapped_area) diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c -index 87488b9..7129f32 100644 +index 87488b9..a55509f 100644 --- a/arch/x86/mm/init.c +++ b/arch/x86/mm/init.c -@@ -31,7 +31,7 @@ int direct_gbpages +@@ -15,6 +15,7 @@ + #include <asm/tlbflush.h> + #include <asm/tlb.h> + #include <asm/proto.h> ++#include <asm/desc.h> + + unsigned long __initdata pgt_buf_start; + unsigned long __meminitdata pgt_buf_end; +@@ -31,7 +32,7 @@ int direct_gbpages static void __init find_early_table_space(unsigned long end, int use_pse, int use_gbpages) { @@ -22390,7 +22399,7 @@ index 87488b9..7129f32 100644 phys_addr_t base; puds = (end + PUD_SIZE - 1) >> PUD_SHIFT; -@@ -312,8 +312,29 @@ unsigned long __init_refok init_memory_mapping(unsigned long start, +@@ -312,8 +313,29 @@ unsigned long __init_refok init_memory_mapping(unsigned long start, */ int devmem_is_allowed(unsigned long pagenr) { @@ -22421,7 +22430,7 @@ index 87488b9..7129f32 100644 if (iomem_is_exclusive(pagenr << PAGE_SHIFT)) return 0; if (!page_is_ram(pagenr)) -@@ -372,6 +393,86 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end) +@@ -372,6 +394,86 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end) void free_initmem(void) { @@ -22984,19 +22993,19 @@ index d87dd6d..bf3fa66 100644 pte = kmemcheck_pte_lookup(address); diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c -index f927429..39c2947 100644 +index 4b5ba85..f166ad2 100644 --- a/arch/x86/mm/mmap.c +++ b/arch/x86/mm/mmap.c -@@ -49,7 +49,7 @@ static unsigned int stack_maxrandom_size(void) +@@ -52,7 +52,7 @@ static unsigned int stack_maxrandom_size(void) * Leave an at least ~128 MB hole with possible stack randomization. */ #define MIN_GAP (128*1024*1024UL + stack_maxrandom_size()) -#define MAX_GAP (TASK_SIZE/6*5) +#define MAX_GAP (pax_task_size/6*5) - /* - * True on X86_32 or when emulating IA32 on X86_64 -@@ -94,27 +94,40 @@ static unsigned long mmap_rnd(void) + static int mmap_is_legacy(void) + { +@@ -82,27 +82,40 @@ static unsigned long mmap_rnd(void) return rnd << PAGE_SHIFT; } @@ -23042,7 +23051,7 @@ index f927429..39c2947 100644 return TASK_UNMAPPED_BASE + mmap_rnd(); } -@@ -125,11 +138,23 @@ static unsigned long mmap_legacy_base(void) +@@ -113,11 +126,23 @@ static unsigned long mmap_legacy_base(void) void arch_pick_mmap_layout(struct mm_struct *mm) { if (mmap_is_legacy()) { @@ -23069,10 +23078,10 @@ index f927429..39c2947 100644 mm->unmap_area = arch_unmap_area_topdown; } diff --git a/arch/x86/mm/mmio-mod.c b/arch/x86/mm/mmio-mod.c -index 67421f3..8d6b107 100644 +index de54b9b..799051e 100644 --- a/arch/x86/mm/mmio-mod.c +++ b/arch/x86/mm/mmio-mod.c -@@ -195,7 +195,7 @@ static void pre(struct kmmio_probe *p, struct pt_regs *regs, +@@ -194,7 +194,7 @@ static void pre(struct kmmio_probe *p, struct pt_regs *regs, break; default: { @@ -23081,7 +23090,7 @@ index 67421f3..8d6b107 100644 my_trace->opcode = MMIO_UNKNOWN_OP; my_trace->width = 0; my_trace->value = (*ip) << 16 | *(ip + 1) << 8 | -@@ -235,7 +235,7 @@ static void post(struct kmmio_probe *p, unsigned long condition, +@@ -234,7 +234,7 @@ static void post(struct kmmio_probe *p, unsigned long condition, static void ioremap_trace_core(resource_size_t offset, unsigned long size, void __iomem *addr) { @@ -23090,7 +23099,7 @@ index 67421f3..8d6b107 100644 struct remap_trace *trace = kmalloc(sizeof(*trace), GFP_KERNEL); /* These are page-unaligned. */ struct mmiotrace_map map = { -@@ -259,7 +259,7 @@ static void ioremap_trace_core(resource_size_t offset, unsigned long size, +@@ -258,7 +258,7 @@ static void ioremap_trace_core(resource_size_t offset, unsigned long size, .private = trace }, .phys = offset, @@ -23831,7 +23840,7 @@ index cb29191..036766d 100644 return 1; } diff --git a/arch/x86/pci/pcbios.c b/arch/x86/pci/pcbios.c -index f685535..2b76a81 100644 +index db0e9a5..8844dea 100644 --- a/arch/x86/pci/pcbios.c +++ b/arch/x86/pci/pcbios.c @@ -79,50 +79,93 @@ union bios32 { @@ -24139,21 +24148,11 @@ index f685535..2b76a81 100644 } EXPORT_SYMBOL(pcibios_set_irq_routing); diff --git a/arch/x86/platform/efi/efi_32.c b/arch/x86/platform/efi/efi_32.c -index 5cab48e..b025f9b 100644 +index 40e4469..1ab536e 100644 --- a/arch/x86/platform/efi/efi_32.c +++ b/arch/x86/platform/efi/efi_32.c -@@ -38,70 +38,56 @@ - */ - - static unsigned long efi_rt_eflags; --static pgd_t efi_bak_pg_dir_pointer[2]; -+static pgd_t __initdata efi_bak_pg_dir_pointer[KERNEL_PGD_PTRS]; - --void efi_call_phys_prelog(void) -+void __init efi_call_phys_prelog(void) +@@ -44,11 +44,22 @@ void efi_call_phys_prelog(void) { -- unsigned long cr4; -- unsigned long temp; struct desc_ptr gdt_descr; +#ifdef CONFIG_PAX_KERNEXEC @@ -24162,36 +24161,7 @@ index 5cab48e..b025f9b 100644 + local_irq_save(efi_rt_eflags); -- /* -- * If I don't have PAE, I should just duplicate two entries in page -- * directory. If I have PAE, I just need to duplicate one entry in -- * page directory. -- */ -- cr4 = read_cr4_safe(); -- -- if (cr4 & X86_CR4_PAE) { -- efi_bak_pg_dir_pointer[0].pgd = -- swapper_pg_dir[pgd_index(0)].pgd; -- swapper_pg_dir[0].pgd = -- swapper_pg_dir[pgd_index(PAGE_OFFSET)].pgd; -- } else { -- efi_bak_pg_dir_pointer[0].pgd = -- swapper_pg_dir[pgd_index(0)].pgd; -- efi_bak_pg_dir_pointer[1].pgd = -- swapper_pg_dir[pgd_index(0x400000)].pgd; -- swapper_pg_dir[pgd_index(0)].pgd = -- swapper_pg_dir[pgd_index(PAGE_OFFSET)].pgd; -- temp = PAGE_OFFSET + 0x400000; -- swapper_pg_dir[pgd_index(0x400000)].pgd = -- swapper_pg_dir[pgd_index(temp)].pgd; -- } -+ clone_pgd_range(efi_bak_pg_dir_pointer, swapper_pg_dir, KERNEL_PGD_PTRS); -+ clone_pgd_range(swapper_pg_dir, swapper_pg_dir + KERNEL_PGD_BOUNDARY, -+ min_t(unsigned long, KERNEL_PGD_PTRS, KERNEL_PGD_BOUNDARY)); - - /* - * After the lock is released, the original page table is restored. - */ + load_cr3(initial_page_table); __flush_tlb_all(); +#ifdef CONFIG_PAX_KERNEXEC @@ -24204,12 +24174,8 @@ index 5cab48e..b025f9b 100644 gdt_descr.address = __pa(get_cpu_gdt_table(0)); gdt_descr.size = GDT_SIZE - 1; load_gdt(&gdt_descr); - } - --void efi_call_phys_epilog(void) -+void __init efi_call_phys_epilog(void) +@@ -58,6 +69,14 @@ void efi_call_phys_epilog(void) { -- unsigned long cr4; struct desc_ptr gdt_descr; +#ifdef CONFIG_PAX_KERNEXEC @@ -24223,22 +24189,6 @@ index 5cab48e..b025f9b 100644 gdt_descr.address = (unsigned long)get_cpu_gdt_table(0); gdt_descr.size = GDT_SIZE - 1; load_gdt(&gdt_descr); - -- cr4 = read_cr4_safe(); -- -- if (cr4 & X86_CR4_PAE) { -- swapper_pg_dir[pgd_index(0)].pgd = -- efi_bak_pg_dir_pointer[0].pgd; -- } else { -- swapper_pg_dir[pgd_index(0)].pgd = -- efi_bak_pg_dir_pointer[0].pgd; -- swapper_pg_dir[pgd_index(0x400000)].pgd = -- efi_bak_pg_dir_pointer[1].pgd; -- } -+ clone_pgd_range(swapper_pg_dir, efi_bak_pg_dir_pointer, KERNEL_PGD_PTRS); - - /* - * After the lock is released, the original page table is restored. diff --git a/arch/x86/platform/efi/efi_stub_32.S b/arch/x86/platform/efi/efi_stub_32.S index fbe66e6..c5c0dd2 100644 --- a/arch/x86/platform/efi/efi_stub_32.S @@ -24419,46 +24369,37 @@ index 4c07cca..2c8427d 100644 ret ENDPROC(efi_call6) diff --git a/arch/x86/platform/mrst/mrst.c b/arch/x86/platform/mrst/mrst.c -index fe73276..70fe25a 100644 +index ad4ec1c..686479e 100644 --- a/arch/x86/platform/mrst/mrst.c +++ b/arch/x86/platform/mrst/mrst.c -@@ -239,14 +239,16 @@ static int mrst_i8042_detect(void) - } +@@ -76,18 +76,20 @@ struct sfi_rtc_table_entry sfi_mrtc_array[SFI_MRTC_MAX]; + EXPORT_SYMBOL_GPL(sfi_mrtc_array); + int sfi_mrtc_num; - /* Reboot and power off are handled by the SCU on a MID device */ -static void mrst_power_off(void) +static __noreturn void mrst_power_off(void) { - intel_scu_ipc_simple_command(0xf1, 1); + if (__mrst_cpu_chip == MRST_CPU_CHIP_LINCROFT) + intel_scu_ipc_simple_command(IPCMSG_COLD_RESET, 1); + BUG(); } -static void mrst_reboot(void) +static __noreturn void mrst_reboot(void) { - intel_scu_ipc_simple_command(0xf1, 0); + if (__mrst_cpu_chip == MRST_CPU_CHIP_LINCROFT) + intel_scu_ipc_simple_command(IPCMSG_COLD_RESET, 0); + else + intel_scu_ipc_simple_command(IPCMSG_COLD_BOOT, 0); + BUG(); } - /* -diff --git a/arch/x86/platform/uv/tlb_uv.c b/arch/x86/platform/uv/tlb_uv.c -index 5b55219..b326540 100644 ---- a/arch/x86/platform/uv/tlb_uv.c -+++ b/arch/x86/platform/uv/tlb_uv.c -@@ -377,6 +377,8 @@ static void reset_with_ipi(struct pnmask *distribution, struct bau_control *bcp) - struct bau_control *smaster = bcp->socket_master; - struct reset_args reset_args; - -+ pax_track_stack(); -+ - reset_args.sender = sender; - cpus_clear(*mask); - /* find a single cpu for each uvhub in this distribution mask */ + /* parse all the mtimer info to a static mtimer array */ diff --git a/arch/x86/power/cpu.c b/arch/x86/power/cpu.c -index 87bb35e..eff2da8 100644 +index f10c0af..3ec1f95 100644 --- a/arch/x86/power/cpu.c +++ b/arch/x86/power/cpu.c -@@ -130,7 +130,7 @@ static void do_fpu_end(void) +@@ -131,7 +131,7 @@ static void do_fpu_end(void) static void fix_processor_context(void) { int cpu = smp_processor_id(); @@ -24467,7 +24408,7 @@ index 87bb35e..eff2da8 100644 set_tss_desc(cpu, t); /* * This just modifies memory; should not be -@@ -140,7 +140,9 @@ static void fix_processor_context(void) +@@ -141,7 +141,9 @@ static void fix_processor_context(void) */ #ifdef CONFIG_X86_64 @@ -24577,7 +24518,7 @@ index 468d591..8e80a0a 100644 return NULL; } diff --git a/arch/x86/vdso/vma.c b/arch/x86/vdso/vma.c -index 316fbca..4638633 100644 +index 153407c..611cba9 100644 --- a/arch/x86/vdso/vma.c +++ b/arch/x86/vdso/vma.c @@ -16,8 +16,6 @@ @@ -24589,7 +24530,15 @@ index 316fbca..4638633 100644 extern char vdso_start[], vdso_end[]; extern unsigned short vdso_sync_cpuid; -@@ -97,13 +95,15 @@ static unsigned long vdso_addr(unsigned long start, unsigned len) +@@ -96,7 +94,6 @@ static unsigned long vdso_addr(unsigned long start, unsigned len) + * unaligned here as a result of stack start randomization. + */ + addr = PAGE_ALIGN(addr); +- addr = align_addr(addr, NULL, ALIGN_VDSO); + + return addr; + } +@@ -106,40 +103,35 @@ static unsigned long vdso_addr(unsigned long start, unsigned len) int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) { struct mm_struct *mm = current->mm; @@ -24607,9 +24556,10 @@ index 316fbca..4638633 100644 +#endif + addr = vdso_addr(mm->start_stack, vdso_size); ++ addr = align_addr(addr, NULL, ALIGN_VDSO); addr = get_unmapped_area(NULL, addr, vdso_size, 0, 0); if (IS_ERR_VALUE(addr)) { -@@ -111,26 +111,18 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) + ret = addr; goto up_fail; } @@ -24641,7 +24591,7 @@ index 316fbca..4638633 100644 -} -__setup("vdso=", vdso_setup); diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c -index 46c8069..6330d3c 100644 +index 1f92865..c843b20 100644 --- a/arch/x86/xen/enlighten.c +++ b/arch/x86/xen/enlighten.c @@ -85,8 +85,6 @@ EXPORT_SYMBOL_GPL(xen_start_info); @@ -24653,7 +24603,7 @@ index 46c8069..6330d3c 100644 RESERVE_BRK(shared_info_page_brk, PAGE_SIZE); __read_mostly int xen_have_vector_callback; EXPORT_SYMBOL_GPL(xen_have_vector_callback); -@@ -1028,7 +1026,7 @@ static const struct pv_apic_ops xen_apic_ops __initconst = { +@@ -1029,7 +1027,7 @@ static const struct pv_apic_ops xen_apic_ops __initconst = { #endif }; @@ -24662,7 +24612,7 @@ index 46c8069..6330d3c 100644 { struct sched_shutdown r = { .reason = reason }; -@@ -1036,17 +1034,17 @@ static void xen_reboot(int reason) +@@ -1037,17 +1035,17 @@ static void xen_reboot(int reason) BUG(); } @@ -24683,7 +24633,7 @@ index 46c8069..6330d3c 100644 { xen_reboot(SHUTDOWN_poweroff); } -@@ -1152,7 +1150,17 @@ asmlinkage void __init xen_start_kernel(void) +@@ -1153,7 +1151,17 @@ asmlinkage void __init xen_start_kernel(void) __userpte_alloc_gfp &= ~__GFP_HIGHMEM; /* Work out if we support NX */ @@ -24702,7 +24652,7 @@ index 46c8069..6330d3c 100644 xen_setup_features(); -@@ -1183,13 +1191,6 @@ asmlinkage void __init xen_start_kernel(void) +@@ -1184,13 +1192,6 @@ asmlinkage void __init xen_start_kernel(void) machine_ops = xen_machine_ops; @@ -24717,10 +24667,10 @@ index 46c8069..6330d3c 100644 #ifdef CONFIG_ACPI_NUMA diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c -index 3dd53f9..5aa5df3 100644 +index 87f6673..e2555a6 100644 --- a/arch/x86/xen/mmu.c +++ b/arch/x86/xen/mmu.c -@@ -1768,6 +1768,9 @@ pgd_t * __init xen_setup_kernel_pagetable(pgd_t *pgd, +@@ -1733,6 +1733,9 @@ pgd_t * __init xen_setup_kernel_pagetable(pgd_t *pgd, convert_pfn_mfn(init_level4_pgt); convert_pfn_mfn(level3_ident_pgt); convert_pfn_mfn(level3_kernel_pgt); @@ -24730,7 +24680,7 @@ index 3dd53f9..5aa5df3 100644 l3 = m2v(pgd[pgd_index(__START_KERNEL_map)].pgd); l2 = m2v(l3[pud_index(__START_KERNEL_map)].pud); -@@ -1786,7 +1789,11 @@ pgd_t * __init xen_setup_kernel_pagetable(pgd_t *pgd, +@@ -1751,7 +1754,11 @@ pgd_t * __init xen_setup_kernel_pagetable(pgd_t *pgd, set_page_prot(init_level4_pgt, PAGE_KERNEL_RO); set_page_prot(level3_ident_pgt, PAGE_KERNEL_RO); set_page_prot(level3_kernel_pgt, PAGE_KERNEL_RO); @@ -24742,7 +24692,7 @@ index 3dd53f9..5aa5df3 100644 set_page_prot(level2_kernel_pgt, PAGE_KERNEL_RO); set_page_prot(level2_fixmap_pgt, PAGE_KERNEL_RO); -@@ -2000,6 +2007,7 @@ static void __init xen_post_allocator_init(void) +@@ -1962,6 +1969,7 @@ static void __init xen_post_allocator_init(void) pv_mmu_ops.set_pud = xen_set_pud; #if PAGETABLE_LEVELS == 4 pv_mmu_ops.set_pgd = xen_set_pgd; @@ -24750,7 +24700,7 @@ index 3dd53f9..5aa5df3 100644 #endif /* This will work as long as patching hasn't happened yet -@@ -2081,6 +2089,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = { +@@ -2043,6 +2051,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = { .pud_val = PV_CALLEE_SAVE(xen_pud_val), .make_pud = PV_CALLEE_SAVE(xen_make_pud), .set_pgd = xen_set_pgd_hyper, @@ -24880,7 +24830,7 @@ index 58916af..9cb880b 100644 struct list_head *list = &__get_cpu_var(blk_cpu_iopoll); int rearm = 0, budget = blk_iopoll_budget; diff --git a/block/blk-map.c b/block/blk-map.c -index 164cd00..6d96fc1 100644 +index 623e1cd..ca1e109 100644 --- a/block/blk-map.c +++ b/block/blk-map.c @@ -302,7 +302,7 @@ int blk_rq_map_kern(struct request_queue *q, struct request *rq, void *kbuf, @@ -24950,7 +24900,7 @@ index 7b72502..646105c 100644 err = -EFAULT; goto out; diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c -index 4f4230b..2ac96e7 100644 +index fbdf0d8..e8f3caf 100644 --- a/block/scsi_ioctl.c +++ b/block/scsi_ioctl.c @@ -24,6 +24,7 @@ @@ -25012,7 +24962,7 @@ index 4f4230b..2ac96e7 100644 if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len)) goto error; -@@ -691,6 +715,57 @@ int scsi_cmd_ioctl(struct request_queue *q, struct gendisk *bd_disk, fmode_t mod +@@ -690,6 +714,57 @@ int scsi_cmd_ioctl(struct request_queue *q, struct gendisk *bd_disk, fmode_t mod } EXPORT_SYMBOL(scsi_cmd_ioctl); @@ -25092,19 +25042,6 @@ index 671d4d6..5f24030 100644 static void cryptd_queue_worker(struct work_struct *work); -diff --git a/crypto/serpent.c b/crypto/serpent.c -index b651a55..a9ddd79b 100644 ---- a/crypto/serpent.c -+++ b/crypto/serpent.c -@@ -224,6 +224,8 @@ static int serpent_setkey(struct crypto_tfm *tfm, const u8 *key, - u32 r0,r1,r2,r3,r4; - int i; - -+ pax_track_stack(); -+ - /* Copy key, add padding */ - - for (i = 0; i < keylen; ++i) diff --git a/drivers/acpi/apei/cper.c b/drivers/acpi/apei/cper.c index 5d41894..22021e4 100644 --- a/drivers/acpi/apei/cper.c @@ -25127,18 +25064,18 @@ index 5d41894..22021e4 100644 EXPORT_SYMBOL_GPL(cper_next_record_id); diff --git a/drivers/acpi/ec_sys.c b/drivers/acpi/ec_sys.c -index 22f918b..9fafb84 100644 +index 6c47ae9..8ab9132 100644 --- a/drivers/acpi/ec_sys.c +++ b/drivers/acpi/ec_sys.c -@@ -11,6 +11,7 @@ - #include <linux/kernel.h> +@@ -12,6 +12,7 @@ #include <linux/acpi.h> #include <linux/debugfs.h> + #include <linux/module.h> +#include <asm/uaccess.h> #include "internal.h" MODULE_AUTHOR("Thomas Renninger <trenn@suse.de>"); -@@ -39,7 +40,7 @@ static ssize_t acpi_ec_read_io(struct file *f, char __user *buf, +@@ -40,7 +41,7 @@ static ssize_t acpi_ec_read_io(struct file *f, char __user *buf, * struct acpi_ec *ec = ((struct seq_file *)f->private_data)->private; */ unsigned int size = EC_SPACE_SIZE; @@ -25147,7 +25084,7 @@ index 22f918b..9fafb84 100644 loff_t init_off = *off; int err = 0; -@@ -52,9 +53,11 @@ static ssize_t acpi_ec_read_io(struct file *f, char __user *buf, +@@ -53,9 +54,11 @@ static ssize_t acpi_ec_read_io(struct file *f, char __user *buf, size = count; while (size) { @@ -25160,7 +25097,7 @@ index 22f918b..9fafb84 100644 *off += 1; size--; } -@@ -70,7 +73,6 @@ static ssize_t acpi_ec_write_io(struct file *f, const char __user *buf, +@@ -71,7 +74,6 @@ static ssize_t acpi_ec_write_io(struct file *f, const char __user *buf, unsigned int size = count; loff_t init_off = *off; @@ -25168,7 +25105,7 @@ index 22f918b..9fafb84 100644 int err = 0; if (*off >= EC_SPACE_SIZE) -@@ -81,7 +83,9 @@ static ssize_t acpi_ec_write_io(struct file *f, const char __user *buf, +@@ -82,7 +84,9 @@ static ssize_t acpi_ec_write_io(struct file *f, const char __user *buf, } while (size) { @@ -25180,10 +25117,10 @@ index 22f918b..9fafb84 100644 if (err) return err; diff --git a/drivers/acpi/proc.c b/drivers/acpi/proc.c -index f5f9869..da87aeb 100644 +index 251c7b62..000462d 100644 --- a/drivers/acpi/proc.c +++ b/drivers/acpi/proc.c -@@ -342,19 +342,13 @@ acpi_system_write_wakeup_device(struct file *file, +@@ -343,19 +343,13 @@ acpi_system_write_wakeup_device(struct file *file, size_t count, loff_t * ppos) { struct list_head *node, *next; @@ -25208,7 +25145,7 @@ index f5f9869..da87aeb 100644 mutex_lock(&acpi_device_lock); list_for_each_safe(node, next, &acpi_wakeup_device_list) { -@@ -363,7 +357,7 @@ acpi_system_write_wakeup_device(struct file *file, +@@ -364,7 +358,7 @@ acpi_system_write_wakeup_device(struct file *file, if (!dev->wakeup.flags.valid) continue; @@ -25218,7 +25155,7 @@ index f5f9869..da87aeb 100644 bool enable = !device_may_wakeup(&dev->dev); device_set_wakeup_enable(&dev->dev, enable); diff --git a/drivers/acpi/processor_driver.c b/drivers/acpi/processor_driver.c -index a4e0f1b..9793b28 100644 +index 9d7bc9f..a6fc091 100644 --- a/drivers/acpi/processor_driver.c +++ b/drivers/acpi/processor_driver.c @@ -473,7 +473,7 @@ static int __cpuinit acpi_processor_add(struct acpi_device *device) @@ -25231,7 +25168,7 @@ index a4e0f1b..9793b28 100644 /* * Buggy BIOS check diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c -index 4a3a5ae..cbee192 100644 +index c04ad68..0b99473 100644 --- a/drivers/ata/libata-core.c +++ b/drivers/ata/libata-core.c @@ -4733,7 +4733,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) @@ -25271,21 +25208,8 @@ index 4a3a5ae..cbee192 100644 spin_unlock(&lock); } -diff --git a/drivers/ata/libata-eh.c b/drivers/ata/libata-eh.c -index ed16fbe..fc92cb8 100644 ---- a/drivers/ata/libata-eh.c -+++ b/drivers/ata/libata-eh.c -@@ -2515,6 +2515,8 @@ void ata_eh_report(struct ata_port *ap) - { - struct ata_link *link; - -+ pax_track_stack(); -+ - ata_for_each_link(link, ap, HOST_FIRST) - ata_eh_link_report(link); - } diff --git a/drivers/ata/pata_arasan_cf.c b/drivers/ata/pata_arasan_cf.c -index 719bb73..79ce858 100644 +index e8574bb..f9f6a72 100644 --- a/drivers/ata/pata_arasan_cf.c +++ b/drivers/ata/pata_arasan_cf.c @@ -862,7 +862,9 @@ static int __devinit arasan_cf_probe(struct platform_device *pdev) @@ -25406,7 +25330,7 @@ index b22d71c..d6e1049 100644 if (vcc->pop) vcc->pop(vcc,skb); else dev_kfree_skb(skb); diff --git a/drivers/atm/eni.c b/drivers/atm/eni.c -index 9307141..d8521bf 100644 +index 956e9ac..133516d 100644 --- a/drivers/atm/eni.c +++ b/drivers/atm/eni.c @@ -526,7 +526,7 @@ static int rx_aal0(struct atm_vcc *vcc) @@ -25445,7 +25369,7 @@ index 9307141..d8521bf 100644 } wake_up(&eni_dev->rx_wait); } -@@ -1228,7 +1228,7 @@ static void dequeue_tx(struct atm_dev *dev) +@@ -1229,7 +1229,7 @@ static void dequeue_tx(struct atm_dev *dev) PCI_DMA_TODEVICE); if (vcc->pop) vcc->pop(vcc,skb); else dev_kfree_skb_irq(skb); @@ -25454,7 +25378,7 @@ index 9307141..d8521bf 100644 wake_up(&eni_dev->tx_wait); dma_complete++; } -@@ -1568,7 +1568,7 @@ tx_complete++; +@@ -1569,7 +1569,7 @@ tx_complete++; /*--------------------------------- entries ---------------------------------*/ @@ -25668,7 +25592,7 @@ index b812103..e391a49 100644 // free the skb hrz_kfree_skb (skb); diff --git a/drivers/atm/idt77252.c b/drivers/atm/idt77252.c -index db06f34..dcebb61 100644 +index 1c05212..c28e200 100644 --- a/drivers/atm/idt77252.c +++ b/drivers/atm/idt77252.c @@ -812,7 +812,7 @@ drain_scq(struct idt77252_dev *card, struct vc_map *vc) @@ -25826,10 +25750,10 @@ index db06f34..dcebb61 100644 } atomic_add(skb->truesize, &sk_atm(vcc)->sk_wmem_alloc); diff --git a/drivers/atm/iphase.c b/drivers/atm/iphase.c -index cb90f7a..bd33566 100644 +index 3d0c2b0..45441fa 100644 --- a/drivers/atm/iphase.c +++ b/drivers/atm/iphase.c -@@ -1121,7 +1121,7 @@ static int rx_pkt(struct atm_dev *dev) +@@ -1146,7 +1146,7 @@ static int rx_pkt(struct atm_dev *dev) status = (u_short) (buf_desc_ptr->desc_mode); if (status & (RX_CER | RX_PTE | RX_OFL)) { @@ -25838,7 +25762,7 @@ index cb90f7a..bd33566 100644 IF_ERR(printk("IA: bad packet, dropping it");) if (status & RX_CER) { IF_ERR(printk(" cause: packet CRC error\n");) -@@ -1144,7 +1144,7 @@ static int rx_pkt(struct atm_dev *dev) +@@ -1169,7 +1169,7 @@ static int rx_pkt(struct atm_dev *dev) len = dma_addr - buf_addr; if (len > iadev->rx_buf_sz) { printk("Over %d bytes sdu received, dropped!!!\n", iadev->rx_buf_sz); @@ -25847,7 +25771,7 @@ index cb90f7a..bd33566 100644 goto out_free_desc; } -@@ -1294,7 +1294,7 @@ static void rx_dle_intr(struct atm_dev *dev) +@@ -1319,7 +1319,7 @@ static void rx_dle_intr(struct atm_dev *dev) ia_vcc = INPH_IA_VCC(vcc); if (ia_vcc == NULL) { @@ -25856,7 +25780,7 @@ index cb90f7a..bd33566 100644 dev_kfree_skb_any(skb); atm_return(vcc, atm_guess_pdu2truesize(len)); goto INCR_DLE; -@@ -1306,7 +1306,7 @@ static void rx_dle_intr(struct atm_dev *dev) +@@ -1331,7 +1331,7 @@ static void rx_dle_intr(struct atm_dev *dev) if ((length > iadev->rx_buf_sz) || (length > (skb->len - sizeof(struct cpcs_trailer)))) { @@ -25865,7 +25789,7 @@ index cb90f7a..bd33566 100644 IF_ERR(printk("rx_dle_intr: Bad AAL5 trailer %d (skb len %d)", length, skb->len);) dev_kfree_skb_any(skb); -@@ -1322,7 +1322,7 @@ static void rx_dle_intr(struct atm_dev *dev) +@@ -1347,7 +1347,7 @@ static void rx_dle_intr(struct atm_dev *dev) IF_RX(printk("rx_dle_intr: skb push");) vcc->push(vcc,skb); @@ -25874,7 +25798,7 @@ index cb90f7a..bd33566 100644 iadev->rx_pkt_cnt++; } INCR_DLE: -@@ -2802,15 +2802,15 @@ static int ia_ioctl(struct atm_dev *dev, unsigned int cmd, void __user *arg) +@@ -2827,15 +2827,15 @@ static int ia_ioctl(struct atm_dev *dev, unsigned int cmd, void __user *arg) { struct k_sonet_stats *stats; stats = &PRIV(_ia_dev[board])->sonet_stats; @@ -25899,7 +25823,7 @@ index cb90f7a..bd33566 100644 } ia_cmds.status = 0; break; -@@ -2915,7 +2915,7 @@ static int ia_pkt_tx (struct atm_vcc *vcc, struct sk_buff *skb) { +@@ -2940,7 +2940,7 @@ static int ia_pkt_tx (struct atm_vcc *vcc, struct sk_buff *skb) { if ((desc == 0) || (desc > iadev->num_tx_desc)) { IF_ERR(printk(DEV_LABEL "invalid desc for send: %d\n", desc);) @@ -25908,7 +25832,7 @@ index cb90f7a..bd33566 100644 if (vcc->pop) vcc->pop(vcc, skb); else -@@ -3020,14 +3020,14 @@ static int ia_pkt_tx (struct atm_vcc *vcc, struct sk_buff *skb) { +@@ -3045,14 +3045,14 @@ static int ia_pkt_tx (struct atm_vcc *vcc, struct sk_buff *skb) { ATM_DESC(skb) = vcc->vci; skb_queue_tail(&iadev->tx_dma_q, skb); @@ -25926,7 +25850,7 @@ index cb90f7a..bd33566 100644 vcc->tx_quota = vcc->tx_quota * 3 / 4; printk("Tx1: vcc->tx_quota = %d \n", (u32)vcc->tx_quota ); diff --git a/drivers/atm/lanai.c b/drivers/atm/lanai.c -index e828c54..ae83976 100644 +index f556969..0da15eb 100644 --- a/drivers/atm/lanai.c +++ b/drivers/atm/lanai.c @@ -1303,7 +1303,7 @@ static void lanai_send_one_aal5(struct lanai_dev *lanai, @@ -25947,7 +25871,7 @@ index e828c54..ae83976 100644 out: lvcc->rx.buf.ptr = end; cardvcc_write(lvcc, endptr, vcc_rxreadptr); -@@ -1668,7 +1668,7 @@ static int handle_service(struct lanai_dev *lanai, u32 s) +@@ -1667,7 +1667,7 @@ static int handle_service(struct lanai_dev *lanai, u32 s) DPRINTK("(itf %d) got RX service entry 0x%X for non-AAL5 " "vcc %d\n", lanai->number, (unsigned int) s, vci); lanai->stats.service_rxnotaal5++; @@ -25956,7 +25880,7 @@ index e828c54..ae83976 100644 return 0; } if (likely(!(s & (SERVICE_TRASH | SERVICE_STREAM | SERVICE_CRCERR)))) { -@@ -1680,7 +1680,7 @@ static int handle_service(struct lanai_dev *lanai, u32 s) +@@ -1679,7 +1679,7 @@ static int handle_service(struct lanai_dev *lanai, u32 s) int bytes; read_unlock(&vcc_sklist_lock); DPRINTK("got trashed rx pdu on vci %d\n", vci); @@ -25965,7 +25889,7 @@ index e828c54..ae83976 100644 lvcc->stats.x.aal5.service_trash++; bytes = (SERVICE_GET_END(s) * 16) - (((unsigned long) lvcc->rx.buf.ptr) - -@@ -1692,7 +1692,7 @@ static int handle_service(struct lanai_dev *lanai, u32 s) +@@ -1691,7 +1691,7 @@ static int handle_service(struct lanai_dev *lanai, u32 s) } if (s & SERVICE_STREAM) { read_unlock(&vcc_sklist_lock); @@ -25974,7 +25898,7 @@ index e828c54..ae83976 100644 lvcc->stats.x.aal5.service_stream++; printk(KERN_ERR DEV_LABEL "(itf %d): Got AAL5 stream " "PDU on VCI %d!\n", lanai->number, vci); -@@ -1700,7 +1700,7 @@ static int handle_service(struct lanai_dev *lanai, u32 s) +@@ -1699,7 +1699,7 @@ static int handle_service(struct lanai_dev *lanai, u32 s) return 0; } DPRINTK("got rx crc error on vci %d\n", vci); @@ -26189,7 +26113,7 @@ index 1c70c45..300718d 100644 } diff --git a/drivers/atm/solos-pci.c b/drivers/atm/solos-pci.c -index 5d1d076..4f31f42 100644 +index 5d1d076..12fbca4 100644 --- a/drivers/atm/solos-pci.c +++ b/drivers/atm/solos-pci.c @@ -714,7 +714,7 @@ void solos_bh(unsigned long card_arg) @@ -26201,16 +26125,7 @@ index 5d1d076..4f31f42 100644 break; case PKT_STATUS: -@@ -899,6 +899,8 @@ static int print_buffer(struct sk_buff *buf) - char msg[500]; - char item[10]; - -+ pax_track_stack(); -+ - len = buf->len; - for (i = 0; i < len; i++){ - if(i % 8 == 0) -@@ -1008,7 +1010,7 @@ static uint32_t fpga_tx(struct solos_card *card) +@@ -1008,7 +1008,7 @@ static uint32_t fpga_tx(struct solos_card *card) vcc = SKB_CB(oldskb)->vcc; if (vcc) { @@ -26327,10 +26242,10 @@ index a4760e0..51283cf 100644 printk(KERN_INFO "devtmpfs: error mounting %i\n", err); else diff --git a/drivers/base/power/wakeup.c b/drivers/base/power/wakeup.c -index 84f7c7d..37cfd87 100644 +index caf995f..6f76697 100644 --- a/drivers/base/power/wakeup.c +++ b/drivers/base/power/wakeup.c -@@ -29,14 +29,14 @@ bool events_check_enabled; +@@ -30,14 +30,14 @@ bool events_check_enabled; * They need to be modified together atomically, so it's better to use one * atomic variable to hold them both. */ @@ -26347,7 +26262,7 @@ index 84f7c7d..37cfd87 100644 *cnt = (comb >> IN_PROGRESS_BITS); *inpr = comb & MAX_IN_PROGRESS; -@@ -350,7 +350,7 @@ static void wakeup_source_activate(struct wakeup_source *ws) +@@ -353,7 +353,7 @@ static void wakeup_source_activate(struct wakeup_source *ws) ws->last_time = ktime_get(); /* Increment the counter of events in progress. */ @@ -26356,7 +26271,7 @@ index 84f7c7d..37cfd87 100644 } /** -@@ -440,7 +440,7 @@ static void wakeup_source_deactivate(struct wakeup_source *ws) +@@ -443,7 +443,7 @@ static void wakeup_source_deactivate(struct wakeup_source *ws) * Increment the counter of registered wakeup events and decrement the * couter of wakeup events in progress simultaneously. */ @@ -26365,24 +26280,11 @@ index 84f7c7d..37cfd87 100644 } /** -diff --git a/drivers/block/DAC960.c b/drivers/block/DAC960.c -index e086fbb..398e1fe 100644 ---- a/drivers/block/DAC960.c -+++ b/drivers/block/DAC960.c -@@ -1980,6 +1980,8 @@ static bool DAC960_V1_ReadDeviceConfiguration(DAC960_Controller_T - unsigned long flags; - int Channel, TargetID; - -+ pax_track_stack(); -+ - if (!init_dma_loaf(Controller->PCIDevice, &local_dma, - DAC960_V1_MaxChannels*(sizeof(DAC960_V1_DCDB_T) + - sizeof(DAC960_SCSI_Inquiry_T) + diff --git a/drivers/block/cciss.c b/drivers/block/cciss.c -index c2f9b3e..11b8693 100644 +index 587cce5..77b928b 100644 --- a/drivers/block/cciss.c +++ b/drivers/block/cciss.c -@@ -1179,6 +1179,8 @@ static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode, +@@ -1198,6 +1198,8 @@ static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode, int err; u32 cp; @@ -26391,7 +26293,7 @@ index c2f9b3e..11b8693 100644 err = 0; err |= copy_from_user(&arg64.LUN_info, &arg32->LUN_info, -@@ -1716,7 +1718,7 @@ static int cciss_ioctl(struct block_device *bdev, fmode_t mode, +@@ -1735,7 +1737,7 @@ static int cciss_ioctl(struct block_device *bdev, fmode_t mode, case CCISS_BIG_PASSTHRU: return cciss_bigpassthru(h, argp); @@ -26400,7 +26302,7 @@ index c2f9b3e..11b8693 100644 /* very meaningful for cciss. SG_IO is the main one people want. */ case SG_GET_VERSION_NUM: -@@ -1727,9 +1729,9 @@ static int cciss_ioctl(struct block_device *bdev, fmode_t mode, +@@ -1746,9 +1748,9 @@ static int cciss_ioctl(struct block_device *bdev, fmode_t mode, case SG_EMULATED_HOST: case SG_IO: case SCSI_IOCTL_SEND_COMMAND: @@ -26412,7 +26314,7 @@ index c2f9b3e..11b8693 100644 /* they aren't a good fit for cciss, as CD-ROMs are */ /* not supported, and we don't have any bus/target/lun */ /* which we present to the kernel. */ -@@ -2986,7 +2988,7 @@ static void start_io(ctlr_info_t *h) +@@ -3007,7 +3009,7 @@ static void start_io(ctlr_info_t *h) while (!list_empty(&h->reqQ)) { c = list_entry(h->reqQ.next, CommandList_struct, list); /* can't do anything if fifo is full */ @@ -26421,7 +26323,7 @@ index c2f9b3e..11b8693 100644 dev_warn(&h->pdev->dev, "fifo full\n"); break; } -@@ -2996,7 +2998,7 @@ static void start_io(ctlr_info_t *h) +@@ -3017,7 +3019,7 @@ static void start_io(ctlr_info_t *h) h->Qdepth--; /* Tell the controller execute command */ @@ -26430,7 +26332,7 @@ index c2f9b3e..11b8693 100644 /* Put job onto the completed Q */ addQ(&h->cmpQ, c); -@@ -3422,17 +3424,17 @@ startio: +@@ -3443,17 +3445,17 @@ startio: static inline unsigned long get_next_completion(ctlr_info_t *h) { @@ -26451,7 +26353,7 @@ index c2f9b3e..11b8693 100644 (h->interrupts_enabled == 0)); } -@@ -3465,7 +3467,7 @@ static inline u32 next_command(ctlr_info_t *h) +@@ -3486,7 +3488,7 @@ static inline u32 next_command(ctlr_info_t *h) u32 a; if (unlikely(!(h->transMethod & CFGTBL_Trans_Performant))) @@ -26460,7 +26362,7 @@ index c2f9b3e..11b8693 100644 if ((*(h->reply_pool_head) & 1) == (h->reply_pool_wraparound)) { a = *(h->reply_pool_head); /* Next cmd in ring buffer */ -@@ -4020,7 +4022,7 @@ static void __devinit cciss_put_controller_into_performant_mode(ctlr_info_t *h) +@@ -4044,7 +4046,7 @@ static void __devinit cciss_put_controller_into_performant_mode(ctlr_info_t *h) trans_support & CFGTBL_Trans_use_short_tags); /* Change the access methods to the performant access methods */ @@ -26469,7 +26371,7 @@ index c2f9b3e..11b8693 100644 h->transMethod = CFGTBL_Trans_Performant; return; -@@ -4292,7 +4294,7 @@ static int __devinit cciss_pci_init(ctlr_info_t *h) +@@ -4316,7 +4318,7 @@ static int __devinit cciss_pci_init(ctlr_info_t *h) if (prod_index < 0) return -ENODEV; h->product_name = products[prod_index].product_name; @@ -26478,7 +26380,7 @@ index c2f9b3e..11b8693 100644 if (cciss_board_disabled(h)) { dev_warn(&h->pdev->dev, "controller appears to be disabled\n"); -@@ -5009,7 +5011,7 @@ reinit_after_soft_reset: +@@ -5041,7 +5043,7 @@ reinit_after_soft_reset: } /* make sure the board interrupts are off */ @@ -26487,16 +26389,16 @@ index c2f9b3e..11b8693 100644 rc = cciss_request_irq(h, do_cciss_msix_intr, do_cciss_intx); if (rc) goto clean2; -@@ -5061,7 +5063,7 @@ reinit_after_soft_reset: +@@ -5093,7 +5095,7 @@ reinit_after_soft_reset: * fake ones to scoop up any residual completions. */ spin_lock_irqsave(&h->lock, flags); - h->access.set_intr_mask(h, CCISS_INTR_OFF); + h->access->set_intr_mask(h, CCISS_INTR_OFF); spin_unlock_irqrestore(&h->lock, flags); - free_irq(h->intr[PERF_MODE_INT], h); + free_irq(h->intr[h->intr_mode], h); rc = cciss_request_irq(h, cciss_msix_discard_completions, -@@ -5081,9 +5083,9 @@ reinit_after_soft_reset: +@@ -5113,9 +5115,9 @@ reinit_after_soft_reset: dev_info(&h->pdev->dev, "Board READY.\n"); dev_info(&h->pdev->dev, "Waiting for stale completions to drain.\n"); @@ -26508,7 +26410,7 @@ index c2f9b3e..11b8693 100644 rc = controller_reset_failed(h->cfgtable); if (rc) -@@ -5106,7 +5108,7 @@ reinit_after_soft_reset: +@@ -5138,7 +5140,7 @@ reinit_after_soft_reset: cciss_scsi_setup(h); /* Turn the interrupts on so we can service requests */ @@ -26517,20 +26419,20 @@ index c2f9b3e..11b8693 100644 /* Get the firmware version */ inq_buff = kzalloc(sizeof(InquiryData_struct), GFP_KERNEL); -@@ -5178,7 +5180,7 @@ static void cciss_shutdown(struct pci_dev *pdev) +@@ -5211,7 +5213,7 @@ static void cciss_shutdown(struct pci_dev *pdev) kfree(flush_buf); if (return_code != IO_OK) dev_warn(&h->pdev->dev, "Error flushing cache\n"); - h->access.set_intr_mask(h, CCISS_INTR_OFF); + h->access->set_intr_mask(h, CCISS_INTR_OFF); - free_irq(h->intr[PERF_MODE_INT], h); + free_irq(h->intr[h->intr_mode], h); } diff --git a/drivers/block/cciss.h b/drivers/block/cciss.h -index c049548..a09cb6e 100644 +index 7fda30e..eb5dfe0 100644 --- a/drivers/block/cciss.h +++ b/drivers/block/cciss.h -@@ -100,7 +100,7 @@ struct ctlr_info +@@ -101,7 +101,7 @@ struct ctlr_info /* information about each logical volume */ drive_info_struct *drv[CISS_MAX_LUN]; @@ -26540,7 +26442,7 @@ index c049548..a09cb6e 100644 /* queue and queue Info */ struct list_head reqQ; diff --git a/drivers/block/cpqarray.c b/drivers/block/cpqarray.c -index b2fceb5..87fec83 100644 +index 9125bbe..eede5c8 100644 --- a/drivers/block/cpqarray.c +++ b/drivers/block/cpqarray.c @@ -404,7 +404,7 @@ static int __devinit cpqarray_register_ctlr( int i, struct pci_dev *pdev) @@ -26579,16 +26481,7 @@ index b2fceb5..87fec83 100644 hba[ctlr]->ctlr = ctlr; hba[ctlr]->board_id = board_id; hba[ctlr]->pci_dev = NULL; /* not PCI */ -@@ -911,6 +911,8 @@ static void do_ida_request(struct request_queue *q) - struct scatterlist tmp_sg[SG_MAX]; - int i, dir, seg; - -+ pax_track_stack(); -+ - queue_next: - creq = blk_peek_request(q); - if (!creq) -@@ -980,7 +982,7 @@ static void start_io(ctlr_info_t *h) +@@ -980,7 +980,7 @@ static void start_io(ctlr_info_t *h) while((c = h->reqQ) != NULL) { /* Can't do anything if we're busy */ @@ -26597,7 +26490,7 @@ index b2fceb5..87fec83 100644 return; /* Get the first entry from the request Q */ -@@ -988,7 +990,7 @@ static void start_io(ctlr_info_t *h) +@@ -988,7 +988,7 @@ static void start_io(ctlr_info_t *h) h->Qdepth--; /* Tell the controller to do our bidding */ @@ -26606,7 +26499,7 @@ index b2fceb5..87fec83 100644 /* Get onto the completion Q */ addQ(&h->cmpQ, c); -@@ -1050,7 +1052,7 @@ static irqreturn_t do_ida_intr(int irq, void *dev_id) +@@ -1050,7 +1050,7 @@ static irqreturn_t do_ida_intr(int irq, void *dev_id) unsigned long flags; __u32 a,a1; @@ -26615,7 +26508,7 @@ index b2fceb5..87fec83 100644 /* Is this interrupt for us? */ if (istat == 0) return IRQ_NONE; -@@ -1061,7 +1063,7 @@ static irqreturn_t do_ida_intr(int irq, void *dev_id) +@@ -1061,7 +1061,7 @@ static irqreturn_t do_ida_intr(int irq, void *dev_id) */ spin_lock_irqsave(IDA_LOCK(h->ctlr), flags); if (istat & FIFO_NOT_EMPTY) { @@ -26624,7 +26517,7 @@ index b2fceb5..87fec83 100644 a1 = a; a &= ~3; if ((c = h->cmpQ) == NULL) { -@@ -1449,11 +1451,11 @@ static int sendcmd( +@@ -1449,11 +1449,11 @@ static int sendcmd( /* * Disable interrupt */ @@ -26638,7 +26531,7 @@ index b2fceb5..87fec83 100644 if (temp != 0) { break; } -@@ -1466,7 +1468,7 @@ DBG( +@@ -1466,7 +1466,7 @@ DBG( /* * Send the cmd */ @@ -26647,7 +26540,7 @@ index b2fceb5..87fec83 100644 complete = pollcomplete(ctlr); pci_unmap_single(info_p->pci_dev, (dma_addr_t) c->req.sg[0].addr, -@@ -1549,9 +1551,9 @@ static int revalidate_allvol(ctlr_info_t *host) +@@ -1549,9 +1549,9 @@ static int revalidate_allvol(ctlr_info_t *host) * we check the new geometry. Then turn interrupts back on when * we're done. */ @@ -26659,7 +26552,7 @@ index b2fceb5..87fec83 100644 for(i=0; i<NWD; i++) { struct gendisk *disk = ida_gendisk[ctlr][i]; -@@ -1591,7 +1593,7 @@ static int pollcomplete(int ctlr) +@@ -1591,7 +1591,7 @@ static int pollcomplete(int ctlr) /* Wait (up to 2 seconds) for a command to complete */ for (i = 200000; i > 0; i--) { @@ -26682,10 +26575,10 @@ index be73e9d..7fbf140 100644 cmdlist_t *reqQ; cmdlist_t *cmpQ; diff --git a/drivers/block/drbd/drbd_int.h b/drivers/block/drbd/drbd_int.h -index ef2ceed..c9cb18e 100644 +index 9cf2035..bffca95 100644 --- a/drivers/block/drbd/drbd_int.h +++ b/drivers/block/drbd/drbd_int.h -@@ -737,7 +737,7 @@ struct drbd_request; +@@ -736,7 +736,7 @@ struct drbd_request; struct drbd_epoch { struct list_head list; unsigned int barrier_nr; @@ -26694,7 +26587,7 @@ index ef2ceed..c9cb18e 100644 atomic_t active; /* increased on every req. added, and dec on every finished. */ unsigned long flags; }; -@@ -1109,7 +1109,7 @@ struct drbd_conf { +@@ -1108,7 +1108,7 @@ struct drbd_conf { void *int_dig_in; void *int_dig_vv; wait_queue_head_t seq_wait; @@ -26703,7 +26596,7 @@ index ef2ceed..c9cb18e 100644 unsigned int peer_seq; spinlock_t peer_seq_lock; unsigned int minor; -@@ -1618,30 +1618,30 @@ static inline int drbd_setsockopt(struct socket *sock, int level, int optname, +@@ -1617,30 +1617,30 @@ static inline int drbd_setsockopt(struct socket *sock, int level, int optname, static inline void drbd_tcp_cork(struct socket *sock) { @@ -26785,7 +26678,7 @@ index 0358e55..bc33689 100644 mdev->bm_writ_cnt = mdev->read_cnt = diff --git a/drivers/block/drbd/drbd_nl.c b/drivers/block/drbd/drbd_nl.c -index 0feab26..5d9b3dd 100644 +index af2a250..219c74b 100644 --- a/drivers/block/drbd/drbd_nl.c +++ b/drivers/block/drbd/drbd_nl.c @@ -2359,7 +2359,7 @@ static void drbd_connector_callback(struct cn_msg *req, struct netlink_skb_parms @@ -26923,10 +26816,10 @@ index 43beaca..4a5b1dd 100644 } diff --git a/drivers/block/loop.c b/drivers/block/loop.c -index 4720c7a..2c49af1 100644 +index 1e888c9..05cf1b0 100644 --- a/drivers/block/loop.c +++ b/drivers/block/loop.c -@@ -283,7 +283,7 @@ static int __do_lo_send_write(struct file *file, +@@ -227,7 +227,7 @@ static int __do_lo_send_write(struct file *file, mm_segment_t old_fs = get_fs(); set_fs(get_ds()); @@ -26935,28 +26828,6 @@ index 4720c7a..2c49af1 100644 set_fs(old_fs); if (likely(bw == len)) return 0; -diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c -index f533f33..6177bcb 100644 ---- a/drivers/block/nbd.c -+++ b/drivers/block/nbd.c -@@ -157,6 +157,8 @@ static int sock_xmit(struct nbd_device *lo, int send, void *buf, int size, - struct kvec iov; - sigset_t blocked, oldset; - -+ pax_track_stack(); -+ - if (unlikely(!sock)) { - printk(KERN_ERR "%s: Attempted %s on closed socket in sock_xmit\n", - lo->disk->disk_name, (send ? "send" : "recv")); -@@ -572,6 +574,8 @@ static void do_nbd_request(struct request_queue *q) - static int __nbd_ioctl(struct block_device *bdev, struct nbd_device *lo, - unsigned int cmd, unsigned long arg) - { -+ pax_track_stack(); -+ - switch (cmd) { - case NBD_DISCONNECT: { - struct request sreq; diff --git a/drivers/block/ub.c b/drivers/block/ub.c index 0e376d4..7333b9e 100644 --- a/drivers/block/ub.c @@ -26976,10 +26847,10 @@ index 0e376d4..7333b9e 100644 return ret; diff --git a/drivers/block/virtio_blk.c b/drivers/block/virtio_blk.c -index 079c088..5d7a934 100644 +index 4d0b70a..e46f2f7 100644 --- a/drivers/block/virtio_blk.c +++ b/drivers/block/virtio_blk.c -@@ -236,8 +236,8 @@ static int virtblk_ioctl(struct block_device *bdev, fmode_t mode, +@@ -243,8 +243,8 @@ static int virtblk_ioctl(struct block_device *bdev, fmode_t mode, if (!virtio_has_feature(vblk->vdev, VIRTIO_BLK_F_SCSI)) return -ENOTTY; @@ -27009,7 +26880,7 @@ index f997c27..cedb231 100644 return ret; diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig -index 423fd56..06d3be0 100644 +index 4364303..9adf4ee 100644 --- a/drivers/char/Kconfig +++ b/drivers/char/Kconfig @@ -8,7 +8,8 @@ source "drivers/tty/Kconfig" @@ -27114,7 +26985,7 @@ index 0833896..cccce52 100644 { struct hpet_timer __iomem *timer; diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c -index 58c0e63..25aed94 100644 +index 58c0e63..46c16bf 100644 --- a/drivers/char/ipmi/ipmi_msghandler.c +++ b/drivers/char/ipmi/ipmi_msghandler.c @@ -415,7 +415,7 @@ struct ipmi_smi { @@ -27147,15 +27018,6 @@ index 58c0e63..25aed94 100644 intf->proc_dir = NULL; -@@ -4220,6 +4220,8 @@ static void send_panic_events(char *str) - struct ipmi_smi_msg smi_msg; - struct ipmi_recv_msg recv_msg; - -+ pax_track_stack(); -+ - si = (struct ipmi_system_interface_addr *) &addr; - si->addr_type = IPMI_SYSTEM_INTERFACE_ADDR_TYPE; - si->channel = IPMI_BMC_CHANNEL; diff --git a/drivers/char/ipmi/ipmi_si_intf.c b/drivers/char/ipmi/ipmi_si_intf.c index 9397ab4..d01bee1 100644 --- a/drivers/char/ipmi/ipmi_si_intf.c @@ -27204,7 +27066,7 @@ index 1aeaaba..e018570 100644 .part_num = MBCS_PART_NUM, .mfg_num = MBCS_MFG_NUM, diff --git a/drivers/char/mem.c b/drivers/char/mem.c -index 8fc04b4..cebdeec 100644 +index 1451790..f705c30 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c @@ -18,6 +18,7 @@ @@ -27215,7 +27077,7 @@ index 8fc04b4..cebdeec 100644 #include <linux/ptrace.h> #include <linux/device.h> #include <linux/highmem.h> -@@ -34,6 +35,10 @@ +@@ -35,6 +36,10 @@ # include <linux/efi.h> #endif @@ -27226,7 +27088,7 @@ index 8fc04b4..cebdeec 100644 static inline unsigned long size_inside_page(unsigned long start, unsigned long size) { -@@ -65,9 +70,13 @@ static inline int range_is_allowed(unsigned long pfn, unsigned long size) +@@ -66,9 +71,13 @@ static inline int range_is_allowed(unsigned long pfn, unsigned long size) while (cursor < to) { if (!devmem_is_allowed(pfn)) { @@ -27240,7 +27102,7 @@ index 8fc04b4..cebdeec 100644 return 0; } cursor += PAGE_SIZE; -@@ -75,6 +84,11 @@ static inline int range_is_allowed(unsigned long pfn, unsigned long size) +@@ -76,6 +85,11 @@ static inline int range_is_allowed(unsigned long pfn, unsigned long size) } return 1; } @@ -27252,7 +27114,7 @@ index 8fc04b4..cebdeec 100644 #else static inline int range_is_allowed(unsigned long pfn, unsigned long size) { -@@ -117,6 +131,7 @@ static ssize_t read_mem(struct file *file, char __user *buf, +@@ -118,6 +132,7 @@ static ssize_t read_mem(struct file *file, char __user *buf, while (count > 0) { unsigned long remaining; @@ -27260,7 +27122,7 @@ index 8fc04b4..cebdeec 100644 sz = size_inside_page(p, count); -@@ -132,7 +147,23 @@ static ssize_t read_mem(struct file *file, char __user *buf, +@@ -133,7 +148,23 @@ static ssize_t read_mem(struct file *file, char __user *buf, if (!ptr) return -EFAULT; @@ -27285,7 +27147,7 @@ index 8fc04b4..cebdeec 100644 unxlate_dev_mem_ptr(p, ptr); if (remaining) return -EFAULT; -@@ -395,9 +426,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf, +@@ -396,9 +427,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf, size_t count, loff_t *ppos) { unsigned long p = *ppos; @@ -27296,7 +27158,7 @@ index 8fc04b4..cebdeec 100644 read = 0; if (p < (unsigned long) high_memory) { -@@ -419,6 +449,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf, +@@ -420,6 +450,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf, } #endif while (low_count > 0) { @@ -27305,7 +27167,7 @@ index 8fc04b4..cebdeec 100644 sz = size_inside_page(p, low_count); /* -@@ -428,7 +460,22 @@ static ssize_t read_kmem(struct file *file, char __user *buf, +@@ -429,7 +461,22 @@ static ssize_t read_kmem(struct file *file, char __user *buf, */ kbuf = xlate_dev_kmem_ptr((char *)p); @@ -27329,7 +27191,7 @@ index 8fc04b4..cebdeec 100644 return -EFAULT; buf += sz; p += sz; -@@ -866,6 +913,9 @@ static const struct memdev { +@@ -867,6 +914,9 @@ static const struct memdev { #ifdef CONFIG_CRASH_DUMP [12] = { "oldmem", 0, &oldmem_fops, NULL }, #endif @@ -27353,7 +27215,7 @@ index da3cfee..a5a6606 100644 *ppos = i; diff --git a/drivers/char/random.c b/drivers/char/random.c -index c35a785..6d82202 100644 +index 6035ab8..bdfe4fd 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -261,8 +261,13 @@ @@ -27397,7 +27259,7 @@ index c35a785..6d82202 100644 ret = -EFAULT; break; } -@@ -1214,7 +1226,7 @@ EXPORT_SYMBOL(generate_random_uuid); +@@ -1228,7 +1240,7 @@ EXPORT_SYMBOL(generate_random_uuid); #include <linux/sysctl.h> static int min_read_thresh = 8, min_write_thresh; @@ -27449,7 +27311,7 @@ index 1ee8ce7..b778bef 100644 return 0; diff --git a/drivers/char/tpm/tpm.c b/drivers/char/tpm/tpm.c -index 9ca5c02..7ce352c 100644 +index 361a1df..2471eee 100644 --- a/drivers/char/tpm/tpm.c +++ b/drivers/char/tpm/tpm.c @@ -414,7 +414,7 @@ static ssize_t tpm_transmit(struct tpm_chip *chip, const char *buf, @@ -27461,15 +27323,6 @@ index 9ca5c02..7ce352c 100644 dev_err(chip->dev, "Operation Canceled\n"); rc = -ECANCELED; goto out; -@@ -862,6 +862,8 @@ ssize_t tpm_show_pubek(struct device *dev, struct device_attribute *attr, - - struct tpm_chip *chip = dev_get_drvdata(dev); - -+ pax_track_stack(); -+ - tpm_cmd.header.in = tpm_readpubek_header; - err = transmit_cmd(chip, &tpm_cmd, READ_PUBEK_RESULT_SIZE, - "attempting to read the PUBEK"); diff --git a/drivers/char/tpm/tpm_bios.c b/drivers/char/tpm/tpm_bios.c index 0636520..169c1d0 100644 --- a/drivers/char/tpm/tpm_bios.c @@ -27518,10 +27371,10 @@ index 0636520..169c1d0 100644 acpi_os_unmap_memory(virt, len); return 0; diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c -index fb68b12..0f6c6ca 100644 +index 8e3c46d..c139b99 100644 --- a/drivers/char/virtio_console.c +++ b/drivers/char/virtio_console.c -@@ -555,7 +555,7 @@ static ssize_t fill_readbuf(struct port *port, char *out_buf, size_t out_count, +@@ -563,7 +563,7 @@ static ssize_t fill_readbuf(struct port *port, char *out_buf, size_t out_count, if (to_user) { ssize_t ret; @@ -27530,7 +27383,7 @@ index fb68b12..0f6c6ca 100644 if (ret) return -EFAULT; } else { -@@ -654,7 +654,7 @@ static ssize_t port_fops_read(struct file *filp, char __user *ubuf, +@@ -662,7 +662,7 @@ static ssize_t port_fops_read(struct file *filp, char __user *ubuf, if (!port_has_data(port) && !port->host_connected) return 0; @@ -27539,37 +27392,24 @@ index fb68b12..0f6c6ca 100644 } static ssize_t port_fops_write(struct file *filp, const char __user *ubuf, -diff --git a/drivers/crypto/hifn_795x.c b/drivers/crypto/hifn_795x.c -index a84250a..68c725e 100644 ---- a/drivers/crypto/hifn_795x.c -+++ b/drivers/crypto/hifn_795x.c -@@ -1655,6 +1655,8 @@ static int hifn_test(struct hifn_device *dev, int encdec, u8 snum) - 0xCA, 0x34, 0x2B, 0x2E}; - struct scatterlist sg; - -+ pax_track_stack(); -+ - memset(src, 0, sizeof(src)); - memset(ctx.key, 0, sizeof(ctx.key)); - -diff --git a/drivers/crypto/padlock-aes.c b/drivers/crypto/padlock-aes.c -index db33d30..7823369 100644 ---- a/drivers/crypto/padlock-aes.c -+++ b/drivers/crypto/padlock-aes.c -@@ -109,6 +109,8 @@ static int aes_set_key(struct crypto_tfm *tfm, const u8 *in_key, - struct crypto_aes_ctx gen_aes; - int cpu; +diff --git a/drivers/dma/dmatest.c b/drivers/dma/dmatest.c +index eb1d864..39ee5a7 100644 +--- a/drivers/dma/dmatest.c ++++ b/drivers/dma/dmatest.c +@@ -591,7 +591,7 @@ static int dmatest_add_channel(struct dma_chan *chan) + } + if (dma_has_cap(DMA_PQ, dma_dev->cap_mask)) { + cnt = dmatest_add_threads(dtc, DMA_PQ); +- thread_count += cnt > 0 ?: 0; ++ thread_count += cnt > 0 ? cnt : 0; + } -+ pax_track_stack(); -+ - if (key_len % 8) { - *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN; - return -EINVAL; + pr_info("dmatest: Started %u threads using %s\n", diff --git a/drivers/edac/amd64_edac.c b/drivers/edac/amd64_edac.c -index 9a8bebc..b1e4989 100644 +index c9eee6d..f9d5280 100644 --- a/drivers/edac/amd64_edac.c +++ b/drivers/edac/amd64_edac.c -@@ -2670,7 +2670,7 @@ static void __devexit amd64_remove_one_instance(struct pci_dev *pdev) +@@ -2685,7 +2685,7 @@ static void __devexit amd64_remove_one_instance(struct pci_dev *pdev) * PCI core identifies what devices are on a system during boot, and then * inquiry this table to see if this driver is for a given device found. */ @@ -27770,10 +27610,10 @@ index 74d6ec34..baff517 100644 {0,} /* 0 terminated list. */ }; diff --git a/drivers/edac/i7300_edac.c b/drivers/edac/i7300_edac.c -index a76fe83..15479e6 100644 +index 6104dba..e7ea8e1 100644 --- a/drivers/edac/i7300_edac.c +++ b/drivers/edac/i7300_edac.c -@@ -1191,7 +1191,7 @@ static void __devexit i7300_remove_one(struct pci_dev *pdev) +@@ -1192,7 +1192,7 @@ static void __devexit i7300_remove_one(struct pci_dev *pdev) * * Has only 8086:360c PCI ID */ @@ -27783,10 +27623,10 @@ index a76fe83..15479e6 100644 {0,} /* 0 terminated list. */ }; diff --git a/drivers/edac/i7core_edac.c b/drivers/edac/i7core_edac.c -index f6cf448..3f612e9 100644 +index 70ad892..178943c 100644 --- a/drivers/edac/i7core_edac.c +++ b/drivers/edac/i7core_edac.c -@@ -359,7 +359,7 @@ static const struct pci_id_table pci_dev_table[] = { +@@ -391,7 +391,7 @@ static const struct pci_id_table pci_dev_table[] = { /* * pci_device_id table for which devices we are looking for */ @@ -27848,7 +27688,7 @@ index a5da732..983363b 100644 PCI_VEND_DEV(INTEL, 82975_0), PCI_ANY_ID, PCI_ANY_ID, 0, 0, I82975X diff --git a/drivers/edac/mce_amd.h b/drivers/edac/mce_amd.h -index 795a320..3bbc3d3 100644 +index 0106747..0b40417 100644 --- a/drivers/edac/mce_amd.h +++ b/drivers/edac/mce_amd.h @@ -83,7 +83,7 @@ struct amd_decoder_ops { @@ -27859,7 +27699,7 @@ index 795a320..3bbc3d3 100644 +} __no_const; void amd_report_gart_errors(bool); - void amd_register_ecc_decoder(void (*f)(int, struct mce *, u32)); + void amd_register_ecc_decoder(void (*f)(int, struct mce *)); diff --git a/drivers/edac/r82600_edac.c b/drivers/edac/r82600_edac.c index b153674..ad2ba9b 100644 --- a/drivers/edac/r82600_edac.c @@ -27914,7 +27754,7 @@ index 4799393..37bd3ab 100644 r = kmalloc(sizeof(*r), GFP_KERNEL); diff --git a/drivers/firewire/core-transaction.c b/drivers/firewire/core-transaction.c -index 334b82a..ea5261d 100644 +index 855ab3f..11f4bbd 100644 --- a/drivers/firewire/core-transaction.c +++ b/drivers/firewire/core-transaction.c @@ -37,6 +37,7 @@ @@ -27925,15 +27765,6 @@ index 334b82a..ea5261d 100644 #include <asm/byteorder.h> -@@ -422,6 +423,8 @@ int fw_run_transaction(struct fw_card *card, int tcode, int destination_id, - struct transaction_callback_data d; - struct fw_transaction t; - -+ pax_track_stack(); -+ - init_timer_on_stack(&t.split_timeout_timer); - init_completion(&d.done); - d.payload = payload; diff --git a/drivers/firewire/core.h b/drivers/firewire/core.h index b45be57..5fad18b 100644 --- a/drivers/firewire/core.h @@ -27947,7 +27778,7 @@ index b45be57..5fad18b 100644 void fw_card_initialize(struct fw_card *card, const struct fw_card_driver *driver, struct device *device); diff --git a/drivers/firmware/dmi_scan.c b/drivers/firmware/dmi_scan.c -index bcb1126..2cc2121 100644 +index 153980b..4b4d046 100644 --- a/drivers/firmware/dmi_scan.c +++ b/drivers/firmware/dmi_scan.c @@ -449,11 +449,6 @@ void __init dmi_scan_machine(void) @@ -27962,7 +27793,7 @@ index bcb1126..2cc2121 100644 p = dmi_ioremap(0xF0000, 0x10000); if (p == NULL) goto error; -@@ -725,7 +720,7 @@ int dmi_walk(void (*decode)(const struct dmi_header *, void *), +@@ -723,7 +718,7 @@ int dmi_walk(void (*decode)(const struct dmi_header *, void *), if (buf == NULL) return -1; @@ -27985,10 +27816,10 @@ index 98723cb..10ca85b 100644 return -EINVAL; } diff --git a/drivers/gpu/drm/drm_crtc.c b/drivers/gpu/drm/drm_crtc.c -index 2410c40..2d03563 100644 +index 8323fc3..5c1d755 100644 --- a/drivers/gpu/drm/drm_crtc.c +++ b/drivers/gpu/drm/drm_crtc.c -@@ -1374,7 +1374,7 @@ int drm_mode_getconnector(struct drm_device *dev, void *data, +@@ -1379,7 +1379,7 @@ int drm_mode_getconnector(struct drm_device *dev, void *data, */ if ((out_resp->count_modes >= mode_count) && mode_count) { copied = 0; @@ -27997,7 +27828,7 @@ index 2410c40..2d03563 100644 list_for_each_entry(mode, &connector->modes, head) { drm_crtc_convert_to_umode(&u_mode, mode); if (copy_to_user(mode_ptr + copied, -@@ -1389,8 +1389,8 @@ int drm_mode_getconnector(struct drm_device *dev, void *data, +@@ -1394,8 +1394,8 @@ int drm_mode_getconnector(struct drm_device *dev, void *data, if ((out_resp->count_props >= props_count) && props_count) { copied = 0; @@ -28008,7 +27839,7 @@ index 2410c40..2d03563 100644 for (i = 0; i < DRM_CONNECTOR_MAX_PROPERTY; i++) { if (connector->property_ids[i] != 0) { if (put_user(connector->property_ids[i], -@@ -1412,7 +1412,7 @@ int drm_mode_getconnector(struct drm_device *dev, void *data, +@@ -1417,7 +1417,7 @@ int drm_mode_getconnector(struct drm_device *dev, void *data, if ((out_resp->count_encoders >= encoders_count) && encoders_count) { copied = 0; @@ -28017,7 +27848,7 @@ index 2410c40..2d03563 100644 for (i = 0; i < DRM_CONNECTOR_MAX_ENCODER; i++) { if (connector->encoder_ids[i] != 0) { if (put_user(connector->encoder_ids[i], -@@ -1571,7 +1571,7 @@ int drm_mode_setcrtc(struct drm_device *dev, void *data, +@@ -1576,7 +1576,7 @@ int drm_mode_setcrtc(struct drm_device *dev, void *data, } for (i = 0; i < crtc_req->count_connectors; i++) { @@ -28026,7 +27857,7 @@ index 2410c40..2d03563 100644 if (get_user(out_id, &set_connectors_ptr[i])) { ret = -EFAULT; goto out; -@@ -1852,7 +1852,7 @@ int drm_mode_dirtyfb_ioctl(struct drm_device *dev, +@@ -1857,7 +1857,7 @@ int drm_mode_dirtyfb_ioctl(struct drm_device *dev, fb = obj_to_fb(obj); num_clips = r->num_clips; @@ -28035,7 +27866,7 @@ index 2410c40..2d03563 100644 if (!num_clips != !clips_ptr) { ret = -EINVAL; -@@ -2276,7 +2276,7 @@ int drm_mode_getproperty_ioctl(struct drm_device *dev, +@@ -2283,7 +2283,7 @@ int drm_mode_getproperty_ioctl(struct drm_device *dev, out_resp->flags = property->flags; if ((out_resp->count_values >= value_count) && value_count) { @@ -28044,7 +27875,7 @@ index 2410c40..2d03563 100644 for (i = 0; i < value_count; i++) { if (copy_to_user(values_ptr + i, &property->values[i], sizeof(uint64_t))) { ret = -EFAULT; -@@ -2289,7 +2289,7 @@ int drm_mode_getproperty_ioctl(struct drm_device *dev, +@@ -2296,7 +2296,7 @@ int drm_mode_getproperty_ioctl(struct drm_device *dev, if (property->flags & DRM_MODE_PROP_ENUM) { if ((out_resp->count_enum_blobs >= enum_count) && enum_count) { copied = 0; @@ -28053,7 +27884,7 @@ index 2410c40..2d03563 100644 list_for_each_entry(prop_enum, &property->enum_blob_list, head) { if (copy_to_user(&enum_ptr[copied].value, &prop_enum->value, sizeof(uint64_t))) { -@@ -2312,7 +2312,7 @@ int drm_mode_getproperty_ioctl(struct drm_device *dev, +@@ -2319,7 +2319,7 @@ int drm_mode_getproperty_ioctl(struct drm_device *dev, if ((out_resp->count_enum_blobs >= blob_count) && blob_count) { copied = 0; blob_id_ptr = (uint32_t *)(unsigned long)out_resp->enum_blob_ptr; @@ -28062,7 +27893,7 @@ index 2410c40..2d03563 100644 list_for_each_entry(prop_blob, &property->enum_blob_list, head) { if (put_user(prop_blob->base.id, blob_id_ptr + copied)) { -@@ -2373,7 +2373,7 @@ int drm_mode_getblob_ioctl(struct drm_device *dev, +@@ -2380,7 +2380,7 @@ int drm_mode_getblob_ioctl(struct drm_device *dev, struct drm_mode_get_blob *out_resp = data; struct drm_property_blob *blob; int ret = 0; @@ -28071,7 +27902,7 @@ index 2410c40..2d03563 100644 if (!drm_core_check_feature(dev, DRIVER_MODESET)) return -EINVAL; -@@ -2387,7 +2387,7 @@ int drm_mode_getblob_ioctl(struct drm_device *dev, +@@ -2394,7 +2394,7 @@ int drm_mode_getblob_ioctl(struct drm_device *dev, blob = obj_to_blob(obj); if (out_resp->length == blob->length) { @@ -28081,10 +27912,10 @@ index 2410c40..2d03563 100644 ret = -EFAULT; goto done; diff --git a/drivers/gpu/drm/drm_crtc_helper.c b/drivers/gpu/drm/drm_crtc_helper.c -index f88a9b2..8f4078f 100644 +index d2619d7..bd6bd00 100644 --- a/drivers/gpu/drm/drm_crtc_helper.c +++ b/drivers/gpu/drm/drm_crtc_helper.c -@@ -276,7 +276,7 @@ static bool drm_encoder_crtc_ok(struct drm_encoder *encoder, +@@ -279,7 +279,7 @@ static bool drm_encoder_crtc_ok(struct drm_encoder *encoder, struct drm_crtc *tmp; int crtc_mask = 1; @@ -28093,20 +27924,11 @@ index f88a9b2..8f4078f 100644 dev = crtc->dev; -@@ -343,6 +343,8 @@ bool drm_crtc_helper_set_mode(struct drm_crtc *crtc, - struct drm_encoder *encoder; - bool ret = true; - -+ pax_track_stack(); -+ - crtc->enabled = drm_helper_crtc_in_use(crtc); - if (!crtc->enabled) - return true; diff --git a/drivers/gpu/drm/drm_drv.c b/drivers/gpu/drm/drm_drv.c -index 93a112d..c8b065d 100644 +index 40c187c..5746164 100644 --- a/drivers/gpu/drm/drm_drv.c +++ b/drivers/gpu/drm/drm_drv.c -@@ -307,7 +307,7 @@ module_exit(drm_core_exit); +@@ -308,7 +308,7 @@ module_exit(drm_core_exit); /** * Copy and IOCTL return string to user space */ @@ -28115,7 +27937,7 @@ index 93a112d..c8b065d 100644 { int len; -@@ -386,7 +386,7 @@ long drm_ioctl(struct file *filp, +@@ -387,7 +387,7 @@ long drm_ioctl(struct file *filp, dev = file_priv->minor->dev; atomic_inc(&dev->ioctl_count); @@ -28125,10 +27947,10 @@ index 93a112d..c8b065d 100644 DRM_DEBUG("pid=%d, cmd=0x%02x, nr=0x%02x, dev 0x%lx, auth=%d\n", diff --git a/drivers/gpu/drm/drm_fops.c b/drivers/gpu/drm/drm_fops.c -index 2ec7d48..be14bb1 100644 +index 4911e1d..484c8a3 100644 --- a/drivers/gpu/drm/drm_fops.c +++ b/drivers/gpu/drm/drm_fops.c -@@ -70,7 +70,7 @@ static int drm_setup(struct drm_device * dev) +@@ -71,7 +71,7 @@ static int drm_setup(struct drm_device * dev) } for (i = 0; i < ARRAY_SIZE(dev->counts); i++) @@ -28137,7 +27959,7 @@ index 2ec7d48..be14bb1 100644 dev->sigdata.lock = NULL; -@@ -134,8 +134,8 @@ int drm_open(struct inode *inode, struct file *filp) +@@ -135,8 +135,8 @@ int drm_open(struct inode *inode, struct file *filp) retcode = drm_open_helper(inode, filp, dev); if (!retcode) { @@ -28148,7 +27970,7 @@ index 2ec7d48..be14bb1 100644 retcode = drm_setup(dev); } if (!retcode) { -@@ -472,7 +472,7 @@ int drm_release(struct inode *inode, struct file *filp) +@@ -473,7 +473,7 @@ int drm_release(struct inode *inode, struct file *filp) mutex_lock(&drm_global_mutex); @@ -28157,7 +27979,7 @@ index 2ec7d48..be14bb1 100644 if (dev->driver->preclose) dev->driver->preclose(dev, file_priv); -@@ -484,7 +484,7 @@ int drm_release(struct inode *inode, struct file *filp) +@@ -485,7 +485,7 @@ int drm_release(struct inode *inode, struct file *filp) DRM_DEBUG("pid = %d, device = 0x%lx, open_count = %d\n", task_pid_nr(current), (long)old_encode_dev(file_priv->minor->device), @@ -28166,7 +27988,7 @@ index 2ec7d48..be14bb1 100644 /* if the master has gone away we can't do anything with the lock */ if (file_priv->minor->master) -@@ -565,8 +565,8 @@ int drm_release(struct inode *inode, struct file *filp) +@@ -566,8 +566,8 @@ int drm_release(struct inode *inode, struct file *filp) * End inline drm_release */ @@ -28283,10 +28105,10 @@ index ab1162d..42587b2 100644 #if defined(__i386__) pgprot = pgprot_val(vma->vm_page_prot); diff --git a/drivers/gpu/drm/drm_ioc32.c b/drivers/gpu/drm/drm_ioc32.c -index 4a058c7..b42cd92 100644 +index ddd70db..40321e6 100644 --- a/drivers/gpu/drm/drm_ioc32.c +++ b/drivers/gpu/drm/drm_ioc32.c -@@ -455,7 +455,7 @@ static int compat_drm_infobufs(struct file *file, unsigned int cmd, +@@ -456,7 +456,7 @@ static int compat_drm_infobufs(struct file *file, unsigned int cmd, request = compat_alloc_user_space(nbytes); if (!access_ok(VERIFY_WRITE, request, nbytes)) return -EFAULT; @@ -28295,7 +28117,7 @@ index 4a058c7..b42cd92 100644 if (__put_user(count, &request->count) || __put_user(list, &request->list)) -@@ -516,7 +516,7 @@ static int compat_drm_mapbufs(struct file *file, unsigned int cmd, +@@ -517,7 +517,7 @@ static int compat_drm_mapbufs(struct file *file, unsigned int cmd, request = compat_alloc_user_space(nbytes); if (!access_ok(VERIFY_WRITE, request, nbytes)) return -EFAULT; @@ -28381,10 +28203,10 @@ index c9339f4..f5e1b9d 100644 int front_offset; } drm_i810_private_t; diff --git a/drivers/gpu/drm/i915/i915_debugfs.c b/drivers/gpu/drm/i915/i915_debugfs.c -index 3c395a5..02889c2 100644 +index 004b048..7588eba 100644 --- a/drivers/gpu/drm/i915/i915_debugfs.c +++ b/drivers/gpu/drm/i915/i915_debugfs.c -@@ -497,7 +497,7 @@ static int i915_interrupt_info(struct seq_file *m, void *data) +@@ -499,7 +499,7 @@ static int i915_interrupt_info(struct seq_file *m, void *data) I915_READ(GTIMR)); } seq_printf(m, "Interrupts received: %d\n", @@ -28393,7 +28215,7 @@ index 3c395a5..02889c2 100644 for (i = 0; i < I915_NUM_RINGS; i++) { if (IS_GEN6(dev) || IS_GEN7(dev)) { seq_printf(m, "Graphics Interrupt mask (%s): %08x\n", -@@ -1185,7 +1185,7 @@ static int i915_opregion(struct seq_file *m, void *unused) +@@ -1232,7 +1232,7 @@ static int i915_opregion(struct seq_file *m, void *unused) return ret; if (opregion->header) @@ -28403,10 +28225,10 @@ index 3c395a5..02889c2 100644 mutex_unlock(&dev->struct_mutex); diff --git a/drivers/gpu/drm/i915/i915_dma.c b/drivers/gpu/drm/i915/i915_dma.c -index c72b590..aa86f0a 100644 +index a9ae374..43c1e9e 100644 --- a/drivers/gpu/drm/i915/i915_dma.c +++ b/drivers/gpu/drm/i915/i915_dma.c -@@ -1171,7 +1171,7 @@ static bool i915_switcheroo_can_switch(struct pci_dev *pdev) +@@ -1172,7 +1172,7 @@ static bool i915_switcheroo_can_switch(struct pci_dev *pdev) bool can_switch; spin_lock(&dev->count_lock); @@ -28416,10 +28238,10 @@ index c72b590..aa86f0a 100644 return can_switch; } diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h -index 1a2a2d1..f280182 100644 +index 554bef7..d24791c 100644 --- a/drivers/gpu/drm/i915/i915_drv.h +++ b/drivers/gpu/drm/i915/i915_drv.h -@@ -222,7 +222,7 @@ struct drm_i915_display_funcs { +@@ -229,7 +229,7 @@ struct drm_i915_display_funcs { /* render clock increase/decrease */ /* display clock increase/decrease */ /* pll clock increase/decrease */ @@ -28428,7 +28250,7 @@ index 1a2a2d1..f280182 100644 struct intel_device_info { u8 gen; -@@ -305,7 +305,7 @@ typedef struct drm_i915_private { +@@ -312,7 +312,7 @@ typedef struct drm_i915_private { int current_page; int page_flipping; @@ -28437,7 +28259,7 @@ index 1a2a2d1..f280182 100644 /* protects the irq masks */ spinlock_t irq_lock; -@@ -883,7 +883,7 @@ struct drm_i915_gem_object { +@@ -887,7 +887,7 @@ struct drm_i915_gem_object { * will be page flipped away on the next vblank. When it * reaches 0, dev_priv->pending_flip_queue will be woken up. */ @@ -28446,7 +28268,7 @@ index 1a2a2d1..f280182 100644 }; #define to_intel_bo(x) container_of(x, struct drm_i915_gem_object, base) -@@ -1263,7 +1263,7 @@ extern int intel_setup_gmbus(struct drm_device *dev); +@@ -1267,7 +1267,7 @@ extern int intel_setup_gmbus(struct drm_device *dev); extern void intel_teardown_gmbus(struct drm_device *dev); extern void intel_gmbus_set_speed(struct i2c_adapter *adapter, int speed); extern void intel_gmbus_force_bit(struct i2c_adapter *adapter, bool force_bit); @@ -28456,10 +28278,10 @@ index 1a2a2d1..f280182 100644 return container_of(adapter, struct intel_gmbus, adapter)->force_bit; } diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c -index 4934cf8..1da9c84 100644 +index b9da890..cad1d98 100644 --- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c +++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c -@@ -188,7 +188,7 @@ i915_gem_object_set_to_gpu_domain(struct drm_i915_gem_object *obj, +@@ -189,7 +189,7 @@ i915_gem_object_set_to_gpu_domain(struct drm_i915_gem_object *obj, i915_gem_clflush_object(obj); if (obj->base.pending_write_domain) @@ -28468,7 +28290,7 @@ index 4934cf8..1da9c84 100644 /* The actual obj->write_domain will be updated with * pending_write_domain after we emit the accumulated flush for all -@@ -864,9 +864,9 @@ i915_gem_check_execbuffer(struct drm_i915_gem_execbuffer2 *exec) +@@ -882,9 +882,9 @@ i915_gem_check_execbuffer(struct drm_i915_gem_execbuffer2 *exec) static int validate_exec_list(struct drm_i915_gem_exec_object2 *exec, @@ -28481,7 +28303,7 @@ index 4934cf8..1da9c84 100644 for (i = 0; i < count; i++) { char __user *ptr = (char __user *)(uintptr_t)exec[i].relocs_ptr; diff --git a/drivers/gpu/drm/i915/i915_irq.c b/drivers/gpu/drm/i915/i915_irq.c -index 73248d0..f7bac29 100644 +index b40004b..7c53a75 100644 --- a/drivers/gpu/drm/i915/i915_irq.c +++ b/drivers/gpu/drm/i915/i915_irq.c @@ -475,7 +475,7 @@ static irqreturn_t ivybridge_irq_handler(DRM_IRQ_ARGS) @@ -28493,7 +28315,7 @@ index 73248d0..f7bac29 100644 /* disable master interrupt before clearing iir */ de_ier = I915_READ(DEIER); -@@ -565,7 +565,7 @@ static irqreturn_t ironlake_irq_handler(DRM_IRQ_ARGS) +@@ -566,7 +566,7 @@ static irqreturn_t ironlake_irq_handler(DRM_IRQ_ARGS) struct drm_i915_master_private *master_priv; u32 bsd_usr_interrupt = GT_BSD_USER_INTERRUPT; @@ -28502,7 +28324,7 @@ index 73248d0..f7bac29 100644 if (IS_GEN6(dev)) bsd_usr_interrupt = GT_GEN6_BSD_USER_INTERRUPT; -@@ -1229,7 +1229,7 @@ static irqreturn_t i915_driver_irq_handler(DRM_IRQ_ARGS) +@@ -1231,7 +1231,7 @@ static irqreturn_t i915_driver_irq_handler(DRM_IRQ_ARGS) int ret = IRQ_NONE, pipe; bool blc_event = false; @@ -28511,7 +28333,7 @@ index 73248d0..f7bac29 100644 iir = I915_READ(IIR); -@@ -1741,7 +1741,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev) +@@ -1743,7 +1743,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev) { drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; @@ -28520,7 +28342,7 @@ index 73248d0..f7bac29 100644 INIT_WORK(&dev_priv->hotplug_work, i915_hotplug_work_func); INIT_WORK(&dev_priv->error_work, i915_error_work_func); -@@ -1905,7 +1905,7 @@ static void i915_driver_irq_preinstall(struct drm_device * dev) +@@ -1931,7 +1931,7 @@ static void i915_driver_irq_preinstall(struct drm_device * dev) drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; int pipe; @@ -28530,10 +28352,10 @@ index 73248d0..f7bac29 100644 INIT_WORK(&dev_priv->hotplug_work, i915_hotplug_work_func); INIT_WORK(&dev_priv->error_work, i915_error_work_func); diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c -index 07e7cf3..c75f312 100644 +index daa5743..c0757a9 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c -@@ -2205,7 +2205,7 @@ intel_pipe_set_base(struct drm_crtc *crtc, int x, int y, +@@ -2230,7 +2230,7 @@ intel_pipe_set_base(struct drm_crtc *crtc, int x, int y, wait_event(dev_priv->pending_flip_queue, atomic_read(&dev_priv->mm.wedged) || @@ -28542,7 +28364,7 @@ index 07e7cf3..c75f312 100644 /* Big Hammer, we also need to ensure that any pending * MI_WAIT_FOR_EVENT inside a user batch buffer on the -@@ -2826,7 +2826,7 @@ static void intel_crtc_wait_for_pending_flips(struct drm_crtc *crtc) +@@ -2851,7 +2851,7 @@ static void intel_crtc_wait_for_pending_flips(struct drm_crtc *crtc) obj = to_intel_framebuffer(crtc->fb)->obj; dev_priv = crtc->dev->dev_private; wait_event(dev_priv->pending_flip_queue, @@ -28551,7 +28373,7 @@ index 07e7cf3..c75f312 100644 } static bool intel_crtc_driving_pch(struct drm_crtc *crtc) -@@ -6676,7 +6676,7 @@ static void do_intel_finish_page_flip(struct drm_device *dev, +@@ -6952,7 +6952,7 @@ static void do_intel_finish_page_flip(struct drm_device *dev, atomic_clear_mask(1 << intel_crtc->plane, &obj->pending_flip.counter); @@ -28560,7 +28382,7 @@ index 07e7cf3..c75f312 100644 wake_up(&dev_priv->pending_flip_queue); schedule_work(&work->work); -@@ -6965,7 +6965,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, +@@ -7242,7 +7242,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, /* Block clients from rendering to the new back buffer until * the flip occurs and the object is no longer visible. */ @@ -28569,15 +28391,15 @@ index 07e7cf3..c75f312 100644 ret = dev_priv->display.queue_flip(dev, crtc, fb, obj); if (ret) -@@ -6979,7 +6979,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, +@@ -7256,7 +7256,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, return 0; cleanup_pending: - atomic_sub(1 << intel_crtc->plane, &work->old_fb_obj->pending_flip); + atomic_sub_unchecked(1 << intel_crtc->plane, &work->old_fb_obj->pending_flip); - cleanup_objs: drm_gem_object_unreference(&work->old_fb_obj->base); drm_gem_object_unreference(&obj->base); + mutex_unlock(&dev->struct_mutex); diff --git a/drivers/gpu/drm/mga/mga_drv.h b/drivers/gpu/drm/mga/mga_drv.h index 54558a0..2d97005 100644 --- a/drivers/gpu/drm/mga/mga_drv.h @@ -28635,7 +28457,7 @@ index 2581202..f230a8d9 100644 *sequence = cur_fence; diff --git a/drivers/gpu/drm/nouveau/nouveau_bios.c b/drivers/gpu/drm/nouveau/nouveau_bios.c -index b311fab..dc11d6a 100644 +index 5fc201b..7b032b9 100644 --- a/drivers/gpu/drm/nouveau/nouveau_bios.c +++ b/drivers/gpu/drm/nouveau/nouveau_bios.c @@ -201,7 +201,7 @@ struct methods { @@ -28647,7 +28469,7 @@ index b311fab..dc11d6a 100644 static struct methods shadow_methods[] = { { "PRAMIN", load_vbios_pramin, true }, -@@ -5489,7 +5489,7 @@ parse_bit_displayport_tbl_entry(struct drm_device *dev, struct nvbios *bios, +@@ -5474,7 +5474,7 @@ parse_bit_U_tbl_entry(struct drm_device *dev, struct nvbios *bios, struct bit_table { const char id; int (* const parse_fn)(struct drm_device *, struct nvbios *, struct bit_entry *); @@ -28657,7 +28479,7 @@ index b311fab..dc11d6a 100644 #define BIT_TABLE(id, funcid) ((struct bit_table){ id, parse_bit_##funcid##_tbl_entry }) diff --git a/drivers/gpu/drm/nouveau/nouveau_drv.h b/drivers/gpu/drm/nouveau/nouveau_drv.h -index d7d51de..7c6a7f1 100644 +index 4c0be3a..5757582 100644 --- a/drivers/gpu/drm/nouveau/nouveau_drv.h +++ b/drivers/gpu/drm/nouveau/nouveau_drv.h @@ -238,7 +238,7 @@ struct nouveau_channel { @@ -28694,7 +28516,7 @@ index d7d51de..7c6a7f1 100644 struct nouveau_fb_engine { int num_tiles; -@@ -513,7 +513,7 @@ struct nouveau_vram_engine { +@@ -558,7 +558,7 @@ struct nouveau_vram_engine { void (*put)(struct drm_device *, struct nouveau_mem **); bool (*flags_valid)(struct drm_device *, u32 tile_flags); @@ -28703,7 +28525,7 @@ index d7d51de..7c6a7f1 100644 struct nouveau_engine { struct nouveau_instmem_engine instmem; -@@ -660,7 +660,7 @@ struct drm_nouveau_private { +@@ -706,7 +706,7 @@ struct drm_nouveau_private { struct drm_global_reference mem_global_ref; struct ttm_bo_global_ref bo_global_ref; struct ttm_bo_device bdev; @@ -28713,7 +28535,7 @@ index d7d51de..7c6a7f1 100644 struct { diff --git a/drivers/gpu/drm/nouveau/nouveau_fence.c b/drivers/gpu/drm/nouveau/nouveau_fence.c -index ae22dfa..4f09960 100644 +index 2f6daae..c9d7b9e 100644 --- a/drivers/gpu/drm/nouveau/nouveau_fence.c +++ b/drivers/gpu/drm/nouveau/nouveau_fence.c @@ -85,7 +85,7 @@ nouveau_fence_update(struct nouveau_channel *chan) @@ -28748,10 +28570,10 @@ index 5f0bc57..eb9fac8 100644 if (++trycnt > 100000) { NV_ERROR(dev, "%s failed and gave up.\n", __func__); diff --git a/drivers/gpu/drm/nouveau/nouveau_state.c b/drivers/gpu/drm/nouveau/nouveau_state.c -index 10656e4..59bf2a4 100644 +index d8831ab..0ba8356 100644 --- a/drivers/gpu/drm/nouveau/nouveau_state.c +++ b/drivers/gpu/drm/nouveau/nouveau_state.c -@@ -496,7 +496,7 @@ static bool nouveau_switcheroo_can_switch(struct pci_dev *pdev) +@@ -542,7 +542,7 @@ static bool nouveau_switcheroo_can_switch(struct pci_dev *pdev) bool can_switch; spin_lock(&dev->count_lock); @@ -28774,10 +28596,10 @@ index dbdea8e..cd6eeeb 100644 } diff --git a/drivers/gpu/drm/r128/r128_cce.c b/drivers/gpu/drm/r128/r128_cce.c -index 570e190..084a31a 100644 +index bcac90b..53bfc76 100644 --- a/drivers/gpu/drm/r128/r128_cce.c +++ b/drivers/gpu/drm/r128/r128_cce.c -@@ -377,7 +377,7 @@ static int r128_do_init_cce(struct drm_device *dev, drm_r128_init_t *init) +@@ -378,7 +378,7 @@ static int r128_do_init_cce(struct drm_device *dev, drm_r128_init_t *init) /* GH: Simple idle check. */ @@ -28846,19 +28668,6 @@ index a9e33ce..09edd4b 100644 } #endif -diff --git a/drivers/gpu/drm/radeon/atom.c b/drivers/gpu/drm/radeon/atom.c -index 14cc88a..cc7b3a5 100644 ---- a/drivers/gpu/drm/radeon/atom.c -+++ b/drivers/gpu/drm/radeon/atom.c -@@ -1254,6 +1254,8 @@ struct atom_context *atom_parse(struct card_info *card, void *bios) - char name[512]; - int i; - -+ pax_track_stack(); -+ - if (!ctx) - return NULL; - diff --git a/drivers/gpu/drm/radeon/mkregtable.c b/drivers/gpu/drm/radeon/mkregtable.c index 5a82b6b..9e69c73 100644 --- a/drivers/gpu/drm/radeon/mkregtable.c @@ -28881,7 +28690,7 @@ index 5a82b6b..9e69c73 100644 if (regcomp (&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) { diff --git a/drivers/gpu/drm/radeon/radeon.h b/drivers/gpu/drm/radeon/radeon.h -index 184628c..30e1725 100644 +index 8227e76..ce0b195 100644 --- a/drivers/gpu/drm/radeon/radeon.h +++ b/drivers/gpu/drm/radeon/radeon.h @@ -192,7 +192,7 @@ extern int sumo_get_temp(struct radeon_device *rdev); @@ -28893,7 +28702,16 @@ index 184628c..30e1725 100644 uint32_t last_seq; unsigned long last_jiffies; unsigned long last_timeout; -@@ -962,7 +962,7 @@ struct radeon_asic { +@@ -530,7 +530,7 @@ struct r600_blit_cp_primitives { + int x2, int y2); + void (*draw_auto)(struct radeon_device *rdev); + void (*set_default_state)(struct radeon_device *rdev); +-}; ++} __no_const; + + struct r600_blit { + struct mutex mutex; +@@ -954,7 +954,7 @@ struct radeon_asic { void (*pre_page_flip)(struct radeon_device *rdev, int crtc); u32 (*page_flip)(struct radeon_device *rdev, int crtc, u64 crtc_base); void (*post_page_flip)(struct radeon_device *rdev, int crtc); @@ -28902,24 +28720,11 @@ index 184628c..30e1725 100644 /* * Asic structures -diff --git a/drivers/gpu/drm/radeon/radeon_atombios.c b/drivers/gpu/drm/radeon/radeon_atombios.c -index a098edc..d001c09 100644 ---- a/drivers/gpu/drm/radeon/radeon_atombios.c -+++ b/drivers/gpu/drm/radeon/radeon_atombios.c -@@ -569,6 +569,8 @@ bool radeon_get_atom_connector_info_from_object_table(struct drm_device *dev) - struct radeon_gpio_rec gpio; - struct radeon_hpd hpd; - -+ pax_track_stack(); -+ - if (!atom_parse_data_header(ctx, index, &size, &frev, &crev, &data_offset)) - return false; - diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c -index 50d105a..355cf8d 100644 +index c4d00a1..f0fdc90 100644 --- a/drivers/gpu/drm/radeon/radeon_device.c +++ b/drivers/gpu/drm/radeon/radeon_device.c -@@ -687,7 +687,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev) +@@ -684,7 +684,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev) bool can_switch; spin_lock(&dev->count_lock); @@ -28928,19 +28733,6 @@ index 50d105a..355cf8d 100644 spin_unlock(&dev->count_lock); return can_switch; } -diff --git a/drivers/gpu/drm/radeon/radeon_display.c b/drivers/gpu/drm/radeon/radeon_display.c -index 07ac481..41cb437 100644 ---- a/drivers/gpu/drm/radeon/radeon_display.c -+++ b/drivers/gpu/drm/radeon/radeon_display.c -@@ -926,6 +926,8 @@ void radeon_compute_pll_legacy(struct radeon_pll *pll, - uint32_t post_div; - u32 pll_out_min, pll_out_max; - -+ pax_track_stack(); -+ - DRM_DEBUG_KMS("PLL freq %llu %u %u\n", freq, pll->min_ref_div, pll->max_ref_div); - freq = freq * 1000; - diff --git a/drivers/gpu/drm/radeon/radeon_drv.h b/drivers/gpu/drm/radeon/radeon_drv.h index a1b59ca..86f2d44 100644 --- a/drivers/gpu/drm/radeon/radeon_drv.h @@ -28955,7 +28747,7 @@ index a1b59ca..86f2d44 100644 uint32_t irq_enable_reg; uint32_t r500_disp_irq_reg; diff --git a/drivers/gpu/drm/radeon/radeon_fence.c b/drivers/gpu/drm/radeon/radeon_fence.c -index 7fd4e3e..9748ab5 100644 +index 76ec0e9..6feb1a3 100644 --- a/drivers/gpu/drm/radeon/radeon_fence.c +++ b/drivers/gpu/drm/radeon/radeon_fence.c @@ -78,7 +78,7 @@ int radeon_fence_emit(struct radeon_device *rdev, struct radeon_fence *fence) @@ -28990,7 +28782,7 @@ index 48b7cea..342236f 100644 return -EFAULT; diff --git a/drivers/gpu/drm/radeon/radeon_irq.c b/drivers/gpu/drm/radeon/radeon_irq.c -index 465746b..cb2b055 100644 +index 00da384..32f972d 100644 --- a/drivers/gpu/drm/radeon/radeon_irq.c +++ b/drivers/gpu/drm/radeon/radeon_irq.c @@ -225,8 +225,8 @@ static int radeon_emit_irq(struct drm_device * dev) @@ -29014,7 +28806,7 @@ index 465746b..cb2b055 100644 dev->max_vblank_count = 0x001fffff; diff --git a/drivers/gpu/drm/radeon/radeon_state.c b/drivers/gpu/drm/radeon/radeon_state.c -index 92e7ea7..147ffad 100644 +index e8422ae..d22d4a8 100644 --- a/drivers/gpu/drm/radeon/radeon_state.c +++ b/drivers/gpu/drm/radeon/radeon_state.c @@ -2168,7 +2168,7 @@ static int radeon_cp_clear(struct drm_device *dev, void *data, struct drm_file * @@ -29182,58 +28974,32 @@ index d391f48..10c8ca3 100644 case VIA_IRQ_ABSOLUTE: break; diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h -index 10fc01f..b4e9822 100644 +index dc27970..f18b008 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h -@@ -240,7 +240,7 @@ struct vmw_private { +@@ -260,7 +260,7 @@ struct vmw_private { * Fencing and IRQs. */ -- atomic_t fence_seq; -+ atomic_unchecked_t fence_seq; +- atomic_t marker_seq; ++ atomic_unchecked_t marker_seq; wait_queue_head_t fence_queue; wait_queue_head_t fifo_queue; - atomic_t fence_queue_waiters; -diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c b/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c -index 41b95ed..69ea504 100644 ---- a/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c -+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c -@@ -610,7 +610,7 @@ int vmw_execbuf_ioctl(struct drm_device *dev, void *data, - struct drm_vmw_fence_rep fence_rep; - struct drm_vmw_fence_rep __user *user_fence_rep; - int ret; -- void *user_cmd; -+ void __user *user_cmd; - void *cmd; - uint32_t sequence; - struct vmw_sw_context *sw_context = &dev_priv->ctx; -diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c b/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c -index 61eacc1..ee38ce8 100644 ---- a/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c -+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c -@@ -151,7 +151,7 @@ int vmw_wait_lag(struct vmw_private *dev_priv, - while (!vmw_lag_lt(queue, us)) { - spin_lock(&queue->lock); - if (list_empty(&queue->head)) -- sequence = atomic_read(&dev_priv->fence_seq); -+ sequence = atomic_read_unchecked(&dev_priv->fence_seq); - else { - fence = list_first_entry(&queue->head, - struct vmw_fence, head); + int fence_queue_waiters; /* Protected by hw_mutex */ diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c b/drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c -index 635c0ff..2641bbb 100644 +index a0c2f12..68ae6cb 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c @@ -137,7 +137,7 @@ int vmw_fifo_init(struct vmw_private *dev_priv, struct vmw_fifo_state *fifo) (unsigned int) min, (unsigned int) fifo->capabilities); -- atomic_set(&dev_priv->fence_seq, dev_priv->last_read_sequence); -+ atomic_set_unchecked(&dev_priv->fence_seq, dev_priv->last_read_sequence); - iowrite32(dev_priv->last_read_sequence, fifo_mem + SVGA_FIFO_FENCE); - vmw_fence_queue_init(&fifo->fence_queue); +- atomic_set(&dev_priv->marker_seq, dev_priv->last_read_seqno); ++ atomic_set_unchecked(&dev_priv->marker_seq, dev_priv->last_read_seqno); + iowrite32(dev_priv->last_read_seqno, fifo_mem + SVGA_FIFO_FENCE); + vmw_marker_queue_init(&fifo->marker_queue); return vmw_fifo_send_fence(dev_priv, &dummy); -@@ -356,7 +356,7 @@ void *vmw_fifo_reserve(struct vmw_private *dev_priv, uint32_t bytes) +@@ -355,7 +355,7 @@ void *vmw_fifo_reserve(struct vmw_private *dev_priv, uint32_t bytes) if (reserveable) iowrite32(bytes, fifo_mem + SVGA_FIFO_RESERVED); @@ -29242,106 +29008,64 @@ index 635c0ff..2641bbb 100644 } else { need_bounce = true; } -@@ -476,7 +476,7 @@ int vmw_fifo_send_fence(struct vmw_private *dev_priv, uint32_t *sequence) +@@ -475,7 +475,7 @@ int vmw_fifo_send_fence(struct vmw_private *dev_priv, uint32_t *seqno) fm = vmw_fifo_reserve(dev_priv, bytes); if (unlikely(fm == NULL)) { -- *sequence = atomic_read(&dev_priv->fence_seq); -+ *sequence = atomic_read_unchecked(&dev_priv->fence_seq); +- *seqno = atomic_read(&dev_priv->marker_seq); ++ *seqno = atomic_read_unchecked(&dev_priv->marker_seq); ret = -ENOMEM; - (void)vmw_fallback_wait(dev_priv, false, true, *sequence, + (void)vmw_fallback_wait(dev_priv, false, true, *seqno, false, 3*HZ); -@@ -484,7 +484,7 @@ int vmw_fifo_send_fence(struct vmw_private *dev_priv, uint32_t *sequence) +@@ -483,7 +483,7 @@ int vmw_fifo_send_fence(struct vmw_private *dev_priv, uint32_t *seqno) } do { -- *sequence = atomic_add_return(1, &dev_priv->fence_seq); -+ *sequence = atomic_add_return_unchecked(1, &dev_priv->fence_seq); - } while (*sequence == 0); +- *seqno = atomic_add_return(1, &dev_priv->marker_seq); ++ *seqno = atomic_add_return_unchecked(1, &dev_priv->marker_seq); + } while (*seqno == 0); if (!(fifo_state->capabilities & SVGA_FIFO_CAP_FENCE)) { diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_irq.c b/drivers/gpu/drm/vmwgfx/vmwgfx_irq.c -index e92298a..f68f2d6 100644 +index cabc95f..14b3d77 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_irq.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_irq.c -@@ -100,7 +100,7 @@ bool vmw_fence_signaled(struct vmw_private *dev_priv, +@@ -107,7 +107,7 @@ bool vmw_seqno_passed(struct vmw_private *dev_priv, * emitted. Then the fence is stale and signaled. */ -- ret = ((atomic_read(&dev_priv->fence_seq) - sequence) -+ ret = ((atomic_read_unchecked(&dev_priv->fence_seq) - sequence) +- ret = ((atomic_read(&dev_priv->marker_seq) - seqno) ++ ret = ((atomic_read_unchecked(&dev_priv->marker_seq) - seqno) > VMW_FENCE_WRAP); return ret; -@@ -131,7 +131,7 @@ int vmw_fallback_wait(struct vmw_private *dev_priv, +@@ -138,7 +138,7 @@ int vmw_fallback_wait(struct vmw_private *dev_priv, if (fifo_idle) down_read(&fifo_state->rwsem); -- signal_seq = atomic_read(&dev_priv->fence_seq); -+ signal_seq = atomic_read_unchecked(&dev_priv->fence_seq); +- signal_seq = atomic_read(&dev_priv->marker_seq); ++ signal_seq = atomic_read_unchecked(&dev_priv->marker_seq); ret = 0; for (;;) { -diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c -index dfe32e6..dd18a00 100644 ---- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c -+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c -@@ -843,7 +843,6 @@ static struct drm_framebuffer *vmw_kms_fb_create(struct drm_device *dev, - struct vmw_framebuffer *vfb = NULL; - struct vmw_surface *surface = NULL; - struct vmw_dma_buffer *bo = NULL; -- u64 required_size; - int ret; - - /** -@@ -852,8 +851,9 @@ static struct drm_framebuffer *vmw_kms_fb_create(struct drm_device *dev, - * requested framebuffer. - */ - -- required_size = mode_cmd->pitch * mode_cmd->height; -- if (unlikely(required_size > (u64) dev_priv->vram_size)) { -+ if (!vmw_kms_validate_mode_vram(dev_priv, -+ mode_cmd->pitch, -+ mode_cmd->height)) { - DRM_ERROR("VRAM size is too small for requested mode.\n"); - return NULL; - } -diff --git a/drivers/gpu/vga/vgaarb.c b/drivers/gpu/vga/vgaarb.c -index c72f1c0..18376f1 100644 ---- a/drivers/gpu/vga/vgaarb.c -+++ b/drivers/gpu/vga/vgaarb.c -@@ -993,14 +993,20 @@ static ssize_t vga_arb_write(struct file *file, const char __user * buf, - uc = &priv->cards[i]; - } - -- if (!uc) -- return -EINVAL; -+ if (!uc) { -+ ret_val = -EINVAL; -+ goto done; -+ } - -- if (io_state & VGA_RSRC_LEGACY_IO && uc->io_cnt == 0) -- return -EINVAL; -+ if (io_state & VGA_RSRC_LEGACY_IO && uc->io_cnt == 0) { -+ ret_val = -EINVAL; -+ goto done; -+ } - -- if (io_state & VGA_RSRC_LEGACY_MEM && uc->mem_cnt == 0) -- return -EINVAL; -+ if (io_state & VGA_RSRC_LEGACY_MEM && uc->mem_cnt == 0) { -+ ret_val = -EINVAL; -+ goto done; -+ } - - vga_put(pdev, io_state); - +diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_marker.c b/drivers/gpu/drm/vmwgfx/vmwgfx_marker.c +index 8a8725c..afed796 100644 +--- a/drivers/gpu/drm/vmwgfx/vmwgfx_marker.c ++++ b/drivers/gpu/drm/vmwgfx/vmwgfx_marker.c +@@ -151,7 +151,7 @@ int vmw_wait_lag(struct vmw_private *dev_priv, + while (!vmw_lag_lt(queue, us)) { + spin_lock(&queue->lock); + if (list_empty(&queue->head)) +- seqno = atomic_read(&dev_priv->marker_seq); ++ seqno = atomic_read_unchecked(&dev_priv->marker_seq); + else { + marker = list_first_entry(&queue->head, + struct vmw_marker, head); diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c -index e9c8f80..427d61e 100644 +index af35384..5ab3c36 100644 --- a/drivers/hid/hid-core.c +++ b/drivers/hid/hid-core.c -@@ -1951,7 +1951,7 @@ static bool hid_ignore(struct hid_device *hdev) +@@ -2000,7 +2000,7 @@ static bool hid_ignore(struct hid_device *hdev) int hid_add_device(struct hid_device *hdev) { @@ -29350,7 +29074,7 @@ index e9c8f80..427d61e 100644 int ret; if (WARN_ON(hdev->status & HID_STAT_ADDED)) -@@ -1966,7 +1966,7 @@ int hid_add_device(struct hid_device *hdev) +@@ -2015,7 +2015,7 @@ int hid_add_device(struct hid_device *hdev) /* XXX hack, any other cleaner solution after the driver core * is converted to allow more than 20 bytes as the device name? */ dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus, @@ -29360,7 +29084,7 @@ index e9c8f80..427d61e 100644 hid_debug_register(hdev, dev_name(&hdev->dev)); ret = device_add(&hdev->dev); diff --git a/drivers/hid/usbhid/hiddev.c b/drivers/hid/usbhid/hiddev.c -index 7c1188b..5a64357 100644 +index 4ef02b2..8a96831 100644 --- a/drivers/hid/usbhid/hiddev.c +++ b/drivers/hid/usbhid/hiddev.c @@ -624,7 +624,7 @@ static long hiddev_ioctl(struct file *file, unsigned int cmd, unsigned long arg) @@ -29372,6 +29096,64 @@ index 7c1188b..5a64357 100644 break; for (i = 0; i < hid->maxcollection; i++) +diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c +index 4065374..10ed7dc 100644 +--- a/drivers/hv/channel.c ++++ b/drivers/hv/channel.c +@@ -400,8 +400,8 @@ int vmbus_establish_gpadl(struct vmbus_channel *channel, void *kbuffer, + int ret = 0; + int t; + +- next_gpadl_handle = atomic_read(&vmbus_connection.next_gpadl_handle); +- atomic_inc(&vmbus_connection.next_gpadl_handle); ++ next_gpadl_handle = atomic_read_unchecked(&vmbus_connection.next_gpadl_handle); ++ atomic_inc_unchecked(&vmbus_connection.next_gpadl_handle); + + ret = create_gpadl_header(kbuffer, size, &msginfo, &msgcount); + if (ret) +diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c +index 0fb100e..baf87e5 100644 +--- a/drivers/hv/hv.c ++++ b/drivers/hv/hv.c +@@ -132,7 +132,7 @@ static u64 do_hypercall(u64 control, void *input, void *output) + u64 output_address = (output) ? virt_to_phys(output) : 0; + u32 output_address_hi = output_address >> 32; + u32 output_address_lo = output_address & 0xFFFFFFFF; +- void *hypercall_page = hv_context.hypercall_page; ++ void *hypercall_page = ktva_ktla(hv_context.hypercall_page); + + __asm__ __volatile__ ("call *%8" : "=d"(hv_status_hi), + "=a"(hv_status_lo) : "d" (control_hi), +diff --git a/drivers/hv/hyperv_vmbus.h b/drivers/hv/hyperv_vmbus.h +index 0aee112..b72d21f 100644 +--- a/drivers/hv/hyperv_vmbus.h ++++ b/drivers/hv/hyperv_vmbus.h +@@ -556,7 +556,7 @@ enum vmbus_connect_state { + struct vmbus_connection { + enum vmbus_connect_state conn_state; + +- atomic_t next_gpadl_handle; ++ atomic_unchecked_t next_gpadl_handle; + + /* + * Represents channel interrupts. Each bit position represents a +diff --git a/drivers/hv/vmbus_drv.c b/drivers/hv/vmbus_drv.c +index d2d0a2a..90b8f4d 100644 +--- a/drivers/hv/vmbus_drv.c ++++ b/drivers/hv/vmbus_drv.c +@@ -663,10 +663,10 @@ int vmbus_device_register(struct hv_device *child_device_obj) + { + int ret = 0; + +- static atomic_t device_num = ATOMIC_INIT(0); ++ static atomic_unchecked_t device_num = ATOMIC_INIT(0); + + dev_set_name(&child_device_obj->device, "vmbus_0_%d", +- atomic_inc_return(&device_num)); ++ atomic_inc_return_unchecked(&device_num)); + + child_device_obj->device.bus = &hv_bus; + child_device_obj->device.parent = &hv_acpi_dev->dev; diff --git a/drivers/hwmon/acpi_power_meter.c b/drivers/hwmon/acpi_power_meter.c index 66f6729..2d6de0a 100644 --- a/drivers/hwmon/acpi_power_meter.c @@ -29581,7 +29363,7 @@ index 5059faf..18d4c85 100644 .port_ops = &cs5535_port_ops, .host_flags = IDE_HFLAG_SINGLE | IDE_HFLAG_POST_SET_MODE, diff --git a/drivers/ide/cy82c693.c b/drivers/ide/cy82c693.c -index 67cbcfa..37ea151 100644 +index 847553f..3ffb49d 100644 --- a/drivers/ide/cy82c693.c +++ b/drivers/ide/cy82c693.c @@ -163,7 +163,7 @@ static const struct ide_port_ops cy82c693_port_ops = { @@ -29706,10 +29488,10 @@ index 58c51cd..4aec3b8 100644 .name = DRV_NAME, .init_chipset = init_chipset_hpt366, diff --git a/drivers/ide/ide-cd.c b/drivers/ide/ide-cd.c -index 04b0956..f5b47dc 100644 +index 8126824..55a2798 100644 --- a/drivers/ide/ide-cd.c +++ b/drivers/ide/ide-cd.c -@@ -769,7 +769,7 @@ static void cdrom_do_block_pc(ide_drive_t *drive, struct request *rq) +@@ -768,7 +768,7 @@ static void cdrom_do_block_pc(ide_drive_t *drive, struct request *rq) alignment = queue_dma_alignment(q) | q->dma_pad_mask; if ((unsigned long)buf & alignment || blk_rq_bytes(rq) & q->dma_pad_mask @@ -29718,19 +29500,6 @@ index 04b0956..f5b47dc 100644 drive->dma = 0; } } -diff --git a/drivers/ide/ide-floppy.c b/drivers/ide/ide-floppy.c -index 61fdf54..2834ea6 100644 ---- a/drivers/ide/ide-floppy.c -+++ b/drivers/ide/ide-floppy.c -@@ -379,6 +379,8 @@ static int ide_floppy_get_capacity(ide_drive_t *drive) - u8 pc_buf[256], header_len, desc_cnt; - int i, rc = 1, blocks, length; - -+ pax_track_stack(); -+ - ide_debug_log(IDE_DBG_FUNC, "enter"); - - drive->bios_cyl = 0; diff --git a/drivers/ide/ide-floppy_ioctl.c b/drivers/ide/ide-floppy_ioctl.c index d267b7a..a22ca84 100644 --- a/drivers/ide/ide-floppy_ioctl.c @@ -29863,7 +29632,7 @@ index 3a35ec6..5634510 100644 .name = DRV_NAME, .init_chipset = init_chipset_pdc202xx, diff --git a/drivers/ide/piix.c b/drivers/ide/piix.c -index b59d04c..368c2a7 100644 +index 1892e81..fe0fd60 100644 --- a/drivers/ide/piix.c +++ b/drivers/ide/piix.c @@ -344,7 +344,7 @@ static const struct ide_port_ops ich_port_ops = { @@ -29927,19 +29696,6 @@ index 35fb8da..24d72ef 100644 { /* 0: OSB4 */ .name = DRV_NAME, .init_chipset = init_chipset_svwks, -diff --git a/drivers/ide/setup-pci.c b/drivers/ide/setup-pci.c -index ab3db61..afed580 100644 ---- a/drivers/ide/setup-pci.c -+++ b/drivers/ide/setup-pci.c -@@ -542,6 +542,8 @@ int ide_pci_init_two(struct pci_dev *dev1, struct pci_dev *dev2, - int ret, i, n_ports = dev2 ? 4 : 2; - struct ide_hw hw[4], *hws[] = { NULL, NULL, NULL, NULL }; - -+ pax_track_stack(); -+ - for (i = 0; i < n_ports / 2; i++) { - ret = ide_setup_pci_controller(pdev[i], d, !i); - if (ret < 0) diff --git a/drivers/ide/siimage.c b/drivers/ide/siimage.c index ddeda44..46f7e30 100644 --- a/drivers/ide/siimage.c @@ -29993,10 +29749,10 @@ index 864ffe0..863a5e9 100644 .enablebits = { {0x41, 0x80, 0x80}, {0x43, 0x80, 0x80} }, .port_ops = &slc90e66_port_ops, diff --git a/drivers/ide/tc86c001.c b/drivers/ide/tc86c001.c -index e444d24..ba577de 100644 +index 4799d5c..1794678 100644 --- a/drivers/ide/tc86c001.c +++ b/drivers/ide/tc86c001.c -@@ -191,7 +191,7 @@ static const struct ide_dma_ops tc86c001_dma_ops = { +@@ -192,7 +192,7 @@ static const struct ide_dma_ops tc86c001_dma_ops = { .dma_sff_read_status = ide_dma_sff_read_status, }; @@ -30006,7 +29762,7 @@ index e444d24..ba577de 100644 .init_hwif = init_hwif_tc86c001, .port_ops = &tc86c001_port_ops, diff --git a/drivers/ide/triflex.c b/drivers/ide/triflex.c -index e53a1b7..d11aff7 100644 +index 281c914..55ce1b8 100644 --- a/drivers/ide/triflex.c +++ b/drivers/ide/triflex.c @@ -92,7 +92,7 @@ static const struct ide_port_ops triflex_port_ops = { @@ -30044,11 +29800,24 @@ index f46f49c..eb77678 100644 .name = DRV_NAME, .init_chipset = init_chipset_via82cxxx, .enablebits = { { 0x40, 0x02, 0x02 }, { 0x40, 0x01, 0x01 } }, +diff --git a/drivers/ieee802154/fakehard.c b/drivers/ieee802154/fakehard.c +index eb0e2cc..14241c7 100644 +--- a/drivers/ieee802154/fakehard.c ++++ b/drivers/ieee802154/fakehard.c +@@ -386,7 +386,7 @@ static int __devinit ieee802154fake_probe(struct platform_device *pdev) + phy->transmit_power = 0xbf; + + dev->netdev_ops = &fake_ops; +- dev->ml_priv = &fake_mlme; ++ dev->ml_priv = (void *)&fake_mlme; + + priv = netdev_priv(dev); + priv->phy = phy; diff --git a/drivers/infiniband/core/cm.c b/drivers/infiniband/core/cm.c -index fc0f2bd..ac2f8a5 100644 +index 8b72f39..55df4c8 100644 --- a/drivers/infiniband/core/cm.c +++ b/drivers/infiniband/core/cm.c -@@ -113,7 +113,7 @@ static char const counter_group_names[CM_COUNTER_GROUPS] +@@ -114,7 +114,7 @@ static char const counter_group_names[CM_COUNTER_GROUPS] struct cm_counter_group { struct kobject obj; @@ -30057,7 +29826,7 @@ index fc0f2bd..ac2f8a5 100644 }; struct cm_counter_attribute { -@@ -1387,7 +1387,7 @@ static void cm_dup_req_handler(struct cm_work *work, +@@ -1394,7 +1394,7 @@ static void cm_dup_req_handler(struct cm_work *work, struct ib_mad_send_buf *msg = NULL; int ret; @@ -30066,7 +29835,7 @@ index fc0f2bd..ac2f8a5 100644 counter[CM_REQ_COUNTER]); /* Quick state check to discard duplicate REQs. */ -@@ -1765,7 +1765,7 @@ static void cm_dup_rep_handler(struct cm_work *work) +@@ -1778,7 +1778,7 @@ static void cm_dup_rep_handler(struct cm_work *work) if (!cm_id_priv) return; @@ -30075,7 +29844,7 @@ index fc0f2bd..ac2f8a5 100644 counter[CM_REP_COUNTER]); ret = cm_alloc_response_msg(work->port, work->mad_recv_wc, &msg); if (ret) -@@ -1932,7 +1932,7 @@ static int cm_rtu_handler(struct cm_work *work) +@@ -1945,7 +1945,7 @@ static int cm_rtu_handler(struct cm_work *work) if (cm_id_priv->id.state != IB_CM_REP_SENT && cm_id_priv->id.state != IB_CM_MRA_REP_RCVD) { spin_unlock_irq(&cm_id_priv->lock); @@ -30084,7 +29853,7 @@ index fc0f2bd..ac2f8a5 100644 counter[CM_RTU_COUNTER]); goto out; } -@@ -2115,7 +2115,7 @@ static int cm_dreq_handler(struct cm_work *work) +@@ -2128,7 +2128,7 @@ static int cm_dreq_handler(struct cm_work *work) cm_id_priv = cm_acquire_id(dreq_msg->remote_comm_id, dreq_msg->local_comm_id); if (!cm_id_priv) { @@ -30093,7 +29862,7 @@ index fc0f2bd..ac2f8a5 100644 counter[CM_DREQ_COUNTER]); cm_issue_drep(work->port, work->mad_recv_wc); return -EINVAL; -@@ -2140,7 +2140,7 @@ static int cm_dreq_handler(struct cm_work *work) +@@ -2153,7 +2153,7 @@ static int cm_dreq_handler(struct cm_work *work) case IB_CM_MRA_REP_RCVD: break; case IB_CM_TIMEWAIT: @@ -30102,7 +29871,7 @@ index fc0f2bd..ac2f8a5 100644 counter[CM_DREQ_COUNTER]); if (cm_alloc_response_msg(work->port, work->mad_recv_wc, &msg)) goto unlock; -@@ -2154,7 +2154,7 @@ static int cm_dreq_handler(struct cm_work *work) +@@ -2167,7 +2167,7 @@ static int cm_dreq_handler(struct cm_work *work) cm_free_msg(msg); goto deref; case IB_CM_DREQ_RCVD: @@ -30111,7 +29880,7 @@ index fc0f2bd..ac2f8a5 100644 counter[CM_DREQ_COUNTER]); goto unlock; default: -@@ -2521,7 +2521,7 @@ static int cm_mra_handler(struct cm_work *work) +@@ -2534,7 +2534,7 @@ static int cm_mra_handler(struct cm_work *work) ib_modify_mad(cm_id_priv->av.port->mad_agent, cm_id_priv->msg, timeout)) { if (cm_id_priv->id.lap_state == IB_CM_MRA_LAP_RCVD) @@ -30120,7 +29889,7 @@ index fc0f2bd..ac2f8a5 100644 counter_group[CM_RECV_DUPLICATES]. counter[CM_MRA_COUNTER]); goto out; -@@ -2530,7 +2530,7 @@ static int cm_mra_handler(struct cm_work *work) +@@ -2543,7 +2543,7 @@ static int cm_mra_handler(struct cm_work *work) break; case IB_CM_MRA_REQ_RCVD: case IB_CM_MRA_REP_RCVD: @@ -30129,7 +29898,7 @@ index fc0f2bd..ac2f8a5 100644 counter[CM_MRA_COUNTER]); /* fall through */ default: -@@ -2692,7 +2692,7 @@ static int cm_lap_handler(struct cm_work *work) +@@ -2705,7 +2705,7 @@ static int cm_lap_handler(struct cm_work *work) case IB_CM_LAP_IDLE: break; case IB_CM_MRA_LAP_SENT: @@ -30138,7 +29907,7 @@ index fc0f2bd..ac2f8a5 100644 counter[CM_LAP_COUNTER]); if (cm_alloc_response_msg(work->port, work->mad_recv_wc, &msg)) goto unlock; -@@ -2708,7 +2708,7 @@ static int cm_lap_handler(struct cm_work *work) +@@ -2721,7 +2721,7 @@ static int cm_lap_handler(struct cm_work *work) cm_free_msg(msg); goto deref; case IB_CM_LAP_RCVD: @@ -30147,7 +29916,7 @@ index fc0f2bd..ac2f8a5 100644 counter[CM_LAP_COUNTER]); goto unlock; default: -@@ -2992,7 +2992,7 @@ static int cm_sidr_req_handler(struct cm_work *work) +@@ -3005,7 +3005,7 @@ static int cm_sidr_req_handler(struct cm_work *work) cur_cm_id_priv = cm_insert_remote_sidr(cm_id_priv); if (cur_cm_id_priv) { spin_unlock_irq(&cm.lock); @@ -30156,7 +29925,7 @@ index fc0f2bd..ac2f8a5 100644 counter[CM_SIDR_REQ_COUNTER]); goto out; /* Duplicate message. */ } -@@ -3204,10 +3204,10 @@ static void cm_send_handler(struct ib_mad_agent *mad_agent, +@@ -3217,10 +3217,10 @@ static void cm_send_handler(struct ib_mad_agent *mad_agent, if (!msg->context[0] && (attr_index != CM_REJ_COUNTER)) msg->retries = 1; @@ -30169,7 +29938,7 @@ index fc0f2bd..ac2f8a5 100644 &port->counter_group[CM_XMIT_RETRIES]. counter[attr_index]); -@@ -3417,7 +3417,7 @@ static void cm_recv_handler(struct ib_mad_agent *mad_agent, +@@ -3430,7 +3430,7 @@ static void cm_recv_handler(struct ib_mad_agent *mad_agent, } attr_id = be16_to_cpu(mad_recv_wc->recv_buf.mad->mad_hdr.attr_id); @@ -30178,7 +29947,7 @@ index fc0f2bd..ac2f8a5 100644 counter[attr_id - CM_ATTR_ID_OFFSET]); work = kmalloc(sizeof *work + sizeof(struct ib_sa_path_rec) * paths, -@@ -3615,7 +3615,7 @@ static ssize_t cm_show_counter(struct kobject *obj, struct attribute *attr, +@@ -3635,7 +3635,7 @@ static ssize_t cm_show_counter(struct kobject *obj, struct attribute *attr, cm_attr = container_of(attr, struct cm_counter_attribute, attr); return sprintf(buf, "%ld\n", @@ -30187,35 +29956,11 @@ index fc0f2bd..ac2f8a5 100644 } static const struct sysfs_ops cm_counter_ops = { -diff --git a/drivers/infiniband/core/cma.c b/drivers/infiniband/core/cma.c -index ca4c5dc..572d1ae 100644 ---- a/drivers/infiniband/core/cma.c -+++ b/drivers/infiniband/core/cma.c -@@ -2492,6 +2492,9 @@ static int cma_resolve_ib_udp(struct rdma_id_private *id_priv, - - req.private_data_len = sizeof(struct cma_hdr) + - conn_param->private_data_len; -+ if (req.private_data_len < conn_param->private_data_len) -+ return -EINVAL; -+ - req.private_data = kzalloc(req.private_data_len, GFP_ATOMIC); - if (!req.private_data) - return -ENOMEM; -@@ -2541,6 +2544,9 @@ static int cma_connect_ib(struct rdma_id_private *id_priv, - memset(&req, 0, sizeof req); - offset = cma_user_data_offset(id_priv->id.ps); - req.private_data_len = offset + conn_param->private_data_len; -+ if (req.private_data_len < conn_param->private_data_len) -+ return -EINVAL; -+ - private_data = kzalloc(req.private_data_len, GFP_ATOMIC); - if (!private_data) - return -ENOMEM; diff --git a/drivers/infiniband/core/fmr_pool.c b/drivers/infiniband/core/fmr_pool.c -index 4507043..14ad522 100644 +index 176c8f9..2627b62 100644 --- a/drivers/infiniband/core/fmr_pool.c +++ b/drivers/infiniband/core/fmr_pool.c -@@ -97,8 +97,8 @@ struct ib_fmr_pool { +@@ -98,8 +98,8 @@ struct ib_fmr_pool { struct task_struct *thread; @@ -30226,7 +29971,7 @@ index 4507043..14ad522 100644 wait_queue_head_t force_wait; }; -@@ -179,10 +179,10 @@ static int ib_fmr_cleanup_thread(void *pool_ptr) +@@ -180,10 +180,10 @@ static int ib_fmr_cleanup_thread(void *pool_ptr) struct ib_fmr_pool *pool = pool_ptr; do { @@ -30239,7 +29984,7 @@ index 4507043..14ad522 100644 wake_up_interruptible(&pool->force_wait); if (pool->flush_function) -@@ -190,7 +190,7 @@ static int ib_fmr_cleanup_thread(void *pool_ptr) +@@ -191,7 +191,7 @@ static int ib_fmr_cleanup_thread(void *pool_ptr) } set_current_state(TASK_INTERRUPTIBLE); @@ -30248,7 +29993,7 @@ index 4507043..14ad522 100644 !kthread_should_stop()) schedule(); __set_current_state(TASK_RUNNING); -@@ -282,8 +282,8 @@ struct ib_fmr_pool *ib_create_fmr_pool(struct ib_pd *pd, +@@ -283,8 +283,8 @@ struct ib_fmr_pool *ib_create_fmr_pool(struct ib_pd *pd, pool->dirty_watermark = params->dirty_watermark; pool->dirty_len = 0; spin_lock_init(&pool->pool_lock); @@ -30259,7 +30004,7 @@ index 4507043..14ad522 100644 init_waitqueue_head(&pool->force_wait); pool->thread = kthread_run(ib_fmr_cleanup_thread, -@@ -411,11 +411,11 @@ int ib_flush_fmr_pool(struct ib_fmr_pool *pool) +@@ -412,11 +412,11 @@ int ib_flush_fmr_pool(struct ib_fmr_pool *pool) } spin_unlock_irq(&pool->pool_lock); @@ -30273,7 +30018,7 @@ index 4507043..14ad522 100644 return -EINTR; return 0; -@@ -525,7 +525,7 @@ int ib_fmr_pool_unmap(struct ib_pool_fmr *fmr) +@@ -526,7 +526,7 @@ int ib_fmr_pool_unmap(struct ib_pool_fmr *fmr) } else { list_add_tail(&fmr->list, &pool->dirty_list); if (++pool->dirty_len >= pool->dirty_watermark) { @@ -30304,19 +30049,6 @@ index 40c8353..946b0e4 100644 } PDBG("%s stag_state 0x%0x type 0x%0x pdid 0x%0x, stag_idx 0x%x\n", __func__, stag_state, type, pdid, stag_idx); -diff --git a/drivers/infiniband/hw/ipath/ipath_fs.c b/drivers/infiniband/hw/ipath/ipath_fs.c -index 31ae1b1..2f5b038 100644 ---- a/drivers/infiniband/hw/ipath/ipath_fs.c -+++ b/drivers/infiniband/hw/ipath/ipath_fs.c -@@ -113,6 +113,8 @@ static ssize_t atomic_counters_read(struct file *file, char __user *buf, - struct infinipath_counters counters; - struct ipath_devdata *dd; - -+ pax_track_stack(); -+ - dd = file->f_path.dentry->d_inode->i_private; - dd->ipath_f_read_counters(dd, &counters); - diff --git a/drivers/infiniband/hw/ipath/ipath_rc.c b/drivers/infiniband/hw/ipath/ipath_rc.c index 79b3dbc..96e5fcc 100644 --- a/drivers/infiniband/hw/ipath/ipath_rc.c @@ -30372,7 +30104,7 @@ index 1f95bba..9530f87 100644 sdata, wqe->wr.wr.atomic.swap); goto send_comp; diff --git a/drivers/infiniband/hw/nes/nes.c b/drivers/infiniband/hw/nes/nes.c -index 2d668c6..3312bb7 100644 +index 5965b3d..16817fb 100644 --- a/drivers/infiniband/hw/nes/nes.c +++ b/drivers/infiniband/hw/nes/nes.c @@ -103,7 +103,7 @@ MODULE_PARM_DESC(limit_maxrdreqsz, "Limit max read request size to 256 Bytes"); @@ -30384,7 +30116,7 @@ index 2d668c6..3312bb7 100644 static unsigned int ee_flsh_adapter; static unsigned int sysfs_nonidx_addr; -@@ -275,7 +275,7 @@ static void nes_cqp_rem_ref_callback(struct nes_device *nesdev, struct nes_cqp_r +@@ -272,7 +272,7 @@ static void nes_cqp_rem_ref_callback(struct nes_device *nesdev, struct nes_cqp_r struct nes_qp *nesqp = cqp_request->cqp_callback_pointer; struct nes_adapter *nesadapter = nesdev->nesadapter; @@ -30394,10 +30126,10 @@ index 2d668c6..3312bb7 100644 /* Free the control structures */ diff --git a/drivers/infiniband/hw/nes/nes.h b/drivers/infiniband/hw/nes/nes.h -index 6fe7987..68637b5 100644 +index 568b4f1..5ea3eff 100644 --- a/drivers/infiniband/hw/nes/nes.h +++ b/drivers/infiniband/hw/nes/nes.h -@@ -175,17 +175,17 @@ extern unsigned int nes_debug_level; +@@ -178,17 +178,17 @@ extern unsigned int nes_debug_level; extern unsigned int wqm_quanta; extern struct list_head nes_adapter_list; @@ -30426,7 +30158,7 @@ index 6fe7987..68637b5 100644 extern u32 mh_detected; extern u32 mh_pauses_sent; extern u32 cm_packets_sent; -@@ -194,14 +194,14 @@ extern u32 cm_packets_created; +@@ -197,16 +197,16 @@ extern u32 cm_packets_created; extern u32 cm_packets_received; extern u32 cm_packets_dropped; extern u32 cm_packets_retrans; @@ -30440,16 +30172,20 @@ index 6fe7987..68637b5 100644 -extern atomic_t cm_nodes_destroyed; -extern atomic_t cm_accel_dropped_pkts; -extern atomic_t cm_resets_recvd; +-extern atomic_t pau_qps_created; +-extern atomic_t pau_qps_destroyed; +extern atomic_unchecked_t cm_loopbacks; +extern atomic_unchecked_t cm_nodes_created; +extern atomic_unchecked_t cm_nodes_destroyed; +extern atomic_unchecked_t cm_accel_dropped_pkts; +extern atomic_unchecked_t cm_resets_recvd; ++extern atomic_unchecked_t pau_qps_created; ++extern atomic_unchecked_t pau_qps_destroyed; extern u32 int_mod_timer_init; extern u32 int_mod_cq_depth_256; diff --git a/drivers/infiniband/hw/nes/nes_cm.c b/drivers/infiniband/hw/nes/nes_cm.c -index a237547..28a9819 100644 +index 0a52d72..0642f36 100644 --- a/drivers/infiniband/hw/nes/nes_cm.c +++ b/drivers/infiniband/hw/nes/nes_cm.c @@ -68,14 +68,14 @@ u32 cm_packets_dropped; @@ -30472,9 +30208,9 @@ index a237547..28a9819 100644 +atomic_unchecked_t cm_accel_dropped_pkts; +atomic_unchecked_t cm_resets_recvd; - static inline int mini_cm_accelerated(struct nes_cm_core *, - struct nes_cm_node *); -@@ -151,13 +151,13 @@ static struct nes_cm_ops nes_cm_api = { + static inline int mini_cm_accelerated(struct nes_cm_core *, struct nes_cm_node *); + static struct nes_cm_listener *mini_cm_listen(struct nes_cm_core *, struct nes_vnic *, struct nes_cm_info *); +@@ -148,13 +148,13 @@ static struct nes_cm_ops nes_cm_api = { static struct nes_cm_core *g_cm_core; @@ -30493,9 +30229,9 @@ index a237547..28a9819 100644 +atomic_unchecked_t cm_connect_reqs; +atomic_unchecked_t cm_rejects; - - /** -@@ -1045,7 +1045,7 @@ static int mini_cm_dec_refcnt_listen(struct nes_cm_core *cm_core, + int nes_add_ref_cm_node(struct nes_cm_node *cm_node) + { +@@ -1271,7 +1271,7 @@ static int mini_cm_dec_refcnt_listen(struct nes_cm_core *cm_core, kfree(listener); listener = NULL; ret = 0; @@ -30504,7 +30240,7 @@ index a237547..28a9819 100644 } else { spin_unlock_irqrestore(&cm_core->listen_list_lock, flags); } -@@ -1242,7 +1242,7 @@ static struct nes_cm_node *make_cm_node(struct nes_cm_core *cm_core, +@@ -1473,7 +1473,7 @@ static struct nes_cm_node *make_cm_node(struct nes_cm_core *cm_core, cm_node->rem_mac); add_hte_node(cm_core, cm_node); @@ -30513,7 +30249,7 @@ index a237547..28a9819 100644 return cm_node; } -@@ -1300,7 +1300,7 @@ static int rem_ref_cm_node(struct nes_cm_core *cm_core, +@@ -1531,7 +1531,7 @@ static int rem_ref_cm_node(struct nes_cm_core *cm_core, } atomic_dec(&cm_core->node_cnt); @@ -30522,7 +30258,7 @@ index a237547..28a9819 100644 nesqp = cm_node->nesqp; if (nesqp) { nesqp->cm_node = NULL; -@@ -1367,7 +1367,7 @@ static int process_options(struct nes_cm_node *cm_node, u8 *optionsloc, +@@ -1595,7 +1595,7 @@ static int process_options(struct nes_cm_node *cm_node, u8 *optionsloc, static void drop_packet(struct sk_buff *skb) { @@ -30531,7 +30267,7 @@ index a237547..28a9819 100644 dev_kfree_skb_any(skb); } -@@ -1430,7 +1430,7 @@ static void handle_rst_pkt(struct nes_cm_node *cm_node, struct sk_buff *skb, +@@ -1658,7 +1658,7 @@ static void handle_rst_pkt(struct nes_cm_node *cm_node, struct sk_buff *skb, { int reset = 0; /* whether to send reset in case of err.. */ @@ -30540,7 +30276,7 @@ index a237547..28a9819 100644 nes_debug(NES_DBG_CM, "Received Reset, cm_node = %p, state = %u." " refcnt=%d\n", cm_node, cm_node->state, atomic_read(&cm_node->ref_count)); -@@ -2059,7 +2059,7 @@ static struct nes_cm_node *mini_cm_connect(struct nes_cm_core *cm_core, +@@ -2299,7 +2299,7 @@ static struct nes_cm_node *mini_cm_connect(struct nes_cm_core *cm_core, rem_ref_cm_node(cm_node->cm_core, cm_node); return NULL; } @@ -30549,16 +30285,16 @@ index a237547..28a9819 100644 loopbackremotenode->loopbackpartner = cm_node; loopbackremotenode->tcp_cntxt.rcv_wscale = NES_CM_DEFAULT_RCV_WND_SCALE; -@@ -2334,7 +2334,7 @@ static int mini_cm_recv_pkt(struct nes_cm_core *cm_core, - add_ref_cm_node(cm_node); - } else if (cm_node->state == NES_CM_STATE_TSA) { - rem_ref_cm_node(cm_core, cm_node); -- atomic_inc(&cm_accel_dropped_pkts); -+ atomic_inc_unchecked(&cm_accel_dropped_pkts); - dev_kfree_skb_any(skb); +@@ -2574,7 +2574,7 @@ static int mini_cm_recv_pkt(struct nes_cm_core *cm_core, + nes_queue_mgt_skbs(skb, nesvnic, cm_node->nesqp); + else { + rem_ref_cm_node(cm_core, cm_node); +- atomic_inc(&cm_accel_dropped_pkts); ++ atomic_inc_unchecked(&cm_accel_dropped_pkts); + dev_kfree_skb_any(skb); + } break; - } -@@ -2640,7 +2640,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp) +@@ -2880,7 +2880,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp) if ((cm_id) && (cm_id->event_handler)) { if (issue_disconn) { @@ -30567,7 +30303,7 @@ index a237547..28a9819 100644 cm_event.event = IW_CM_EVENT_DISCONNECT; cm_event.status = disconn_status; cm_event.local_addr = cm_id->local_addr; -@@ -2662,7 +2662,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp) +@@ -2902,7 +2902,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp) } if (issue_close) { @@ -30576,7 +30312,7 @@ index a237547..28a9819 100644 nes_disconnect(nesqp, 1); cm_id->provider_data = nesqp; -@@ -2793,7 +2793,7 @@ int nes_accept(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param) +@@ -3038,7 +3038,7 @@ int nes_accept(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param) nes_debug(NES_DBG_CM, "QP%u, cm_node=%p, jiffies = %lu listener = %p\n", nesqp->hwqp.qp_id, cm_node, jiffies, cm_node->listener); @@ -30585,25 +30321,25 @@ index a237547..28a9819 100644 nes_debug(NES_DBG_CM, "netdev refcnt = %u.\n", netdev_refcnt_read(nesvnic->netdev)); -@@ -3003,7 +3003,7 @@ int nes_reject(struct iw_cm_id *cm_id, const void *pdata, u8 pdata_len) - +@@ -3240,7 +3240,7 @@ int nes_reject(struct iw_cm_id *cm_id, const void *pdata, u8 pdata_len) struct nes_cm_core *cm_core; + u8 *start_buff; - atomic_inc(&cm_rejects); + atomic_inc_unchecked(&cm_rejects); - cm_node = (struct nes_cm_node *) cm_id->provider_data; + cm_node = (struct nes_cm_node *)cm_id->provider_data; loopback = cm_node->loopbackpartner; cm_core = cm_node->cm_core; -@@ -3069,7 +3069,7 @@ int nes_connect(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param) - ntohl(cm_id->local_addr.sin_addr.s_addr), - ntohs(cm_id->local_addr.sin_port)); +@@ -3300,7 +3300,7 @@ int nes_connect(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param) + ntohl(cm_id->local_addr.sin_addr.s_addr), + ntohs(cm_id->local_addr.sin_port)); - atomic_inc(&cm_connects); + atomic_inc_unchecked(&cm_connects); nesqp->active_conn = 1; /* cache the cm_id in the qp */ -@@ -3175,7 +3175,7 @@ int nes_create_listen(struct iw_cm_id *cm_id, int backlog) +@@ -3406,7 +3406,7 @@ int nes_create_listen(struct iw_cm_id *cm_id, int backlog) g_cm_core->api->stop_listener(g_cm_core, (void *)cm_node); return err; } @@ -30612,16 +30348,16 @@ index a237547..28a9819 100644 } cm_id->add_ref(cm_id); -@@ -3280,7 +3280,7 @@ static void cm_event_connected(struct nes_cm_event *event) - if (nesqp->destroyed) { +@@ -3507,7 +3507,7 @@ static void cm_event_connected(struct nes_cm_event *event) + + if (nesqp->destroyed) return; - } - atomic_inc(&cm_connecteds); + atomic_inc_unchecked(&cm_connecteds); nes_debug(NES_DBG_CM, "QP%u attempting to connect to 0x%08X:0x%04X on" - " local port 0x%04X. jiffies = %lu.\n", - nesqp->hwqp.qp_id, -@@ -3495,7 +3495,7 @@ static void cm_event_reset(struct nes_cm_event *event) + " local port 0x%04X. jiffies = %lu.\n", + nesqp->hwqp.qp_id, +@@ -3694,7 +3694,7 @@ static void cm_event_reset(struct nes_cm_event *event) cm_id->add_ref(cm_id); ret = cm_id->event_handler(cm_id, &cm_event); @@ -30630,29 +30366,62 @@ index a237547..28a9819 100644 cm_event.event = IW_CM_EVENT_CLOSE; cm_event.status = 0; cm_event.provider_data = cm_id->provider_data; -@@ -3531,7 +3531,7 @@ static void cm_event_mpa_req(struct nes_cm_event *event) +@@ -3730,7 +3730,7 @@ static void cm_event_mpa_req(struct nes_cm_event *event) return; cm_id = cm_node->cm_id; - atomic_inc(&cm_connect_reqs); + atomic_inc_unchecked(&cm_connect_reqs); nes_debug(NES_DBG_CM, "cm_node = %p - cm_id = %p, jiffies = %lu\n", - cm_node, cm_id, jiffies); + cm_node, cm_id, jiffies); -@@ -3569,7 +3569,7 @@ static void cm_event_mpa_reject(struct nes_cm_event *event) +@@ -3770,7 +3770,7 @@ static void cm_event_mpa_reject(struct nes_cm_event *event) return; cm_id = cm_node->cm_id; - atomic_inc(&cm_connect_reqs); + atomic_inc_unchecked(&cm_connect_reqs); nes_debug(NES_DBG_CM, "cm_node = %p - cm_id = %p, jiffies = %lu\n", - cm_node, cm_id, jiffies); + cm_node, cm_id, jiffies); + +diff --git a/drivers/infiniband/hw/nes/nes_mgt.c b/drivers/infiniband/hw/nes/nes_mgt.c +index b3b2a24..7bfaf1e 100644 +--- a/drivers/infiniband/hw/nes/nes_mgt.c ++++ b/drivers/infiniband/hw/nes/nes_mgt.c +@@ -40,8 +40,8 @@ + #include "nes.h" + #include "nes_mgt.h" + +-atomic_t pau_qps_created; +-atomic_t pau_qps_destroyed; ++atomic_unchecked_t pau_qps_created; ++atomic_unchecked_t pau_qps_destroyed; + + static void nes_replenish_mgt_rq(struct nes_vnic_mgt *mgtvnic) + { +@@ -621,7 +621,7 @@ void nes_destroy_pau_qp(struct nes_device *nesdev, struct nes_qp *nesqp) + { + struct sk_buff *skb; + unsigned long flags; +- atomic_inc(&pau_qps_destroyed); ++ atomic_inc_unchecked(&pau_qps_destroyed); + + /* Free packets that have not yet been forwarded */ + /* Lock is acquired by skb_dequeue when removing the skb */ +@@ -812,7 +812,7 @@ static void nes_mgt_ce_handler(struct nes_device *nesdev, struct nes_hw_nic_cq * + cq->cq_vbase[head].cqe_words[NES_NIC_CQE_HASH_RCVNXT]); + skb_queue_head_init(&nesqp->pau_list); + spin_lock_init(&nesqp->pau_lock); +- atomic_inc(&pau_qps_created); ++ atomic_inc_unchecked(&pau_qps_created); + nes_change_quad_hash(nesdev, mgtvnic->nesvnic, nesqp); + } diff --git a/drivers/infiniband/hw/nes/nes_nic.c b/drivers/infiniband/hw/nes/nes_nic.c -index 9d7ffeb..a95dd7d 100644 +index c00d2f3..8834298 100644 --- a/drivers/infiniband/hw/nes/nes_nic.c +++ b/drivers/infiniband/hw/nes/nes_nic.c -@@ -1274,31 +1274,31 @@ static void nes_netdev_get_ethtool_stats(struct net_device *netdev, +@@ -1277,39 +1277,39 @@ static void nes_netdev_get_ethtool_stats(struct net_device *netdev, target_stat_values[++index] = mh_detected; target_stat_values[++index] = mh_pauses_sent; target_stat_values[++index] = nesvnic->endnode_ipv4_tcp_retransmits; @@ -30702,8 +30471,18 @@ index 9d7ffeb..a95dd7d 100644 target_stat_values[++index] = nesadapter->free_4kpbl; target_stat_values[++index] = nesadapter->free_256pbl; target_stat_values[++index] = int_mod_timer_init; + target_stat_values[++index] = nesvnic->lro_mgr.stats.aggregated; + target_stat_values[++index] = nesvnic->lro_mgr.stats.flushed; + target_stat_values[++index] = nesvnic->lro_mgr.stats.no_desc; +- target_stat_values[++index] = atomic_read(&pau_qps_created); +- target_stat_values[++index] = atomic_read(&pau_qps_destroyed); ++ target_stat_values[++index] = atomic_read_unchecked(&pau_qps_created); ++ target_stat_values[++index] = atomic_read_unchecked(&pau_qps_destroyed); + } + + /** diff --git a/drivers/infiniband/hw/nes/nes_verbs.c b/drivers/infiniband/hw/nes/nes_verbs.c -index 9f2f7d4..6d2fee2 100644 +index 5095bc4..41e8fff 100644 --- a/drivers/infiniband/hw/nes/nes_verbs.c +++ b/drivers/infiniband/hw/nes/nes_verbs.c @@ -46,9 +46,9 @@ @@ -30730,7 +30509,7 @@ index 9f2f7d4..6d2fee2 100644 if (nes_drv_opt & NES_DRV_OPT_NO_INLINE_DATA) { @@ -1460,7 +1460,7 @@ static int nes_destroy_qp(struct ib_qp *ibqp) struct iw_cm_event cm_event; - int ret; + int ret = 0; - atomic_inc(&sw_qps_destroyed); + atomic_inc_unchecked(&sw_qps_destroyed); @@ -30738,7 +30517,7 @@ index 9f2f7d4..6d2fee2 100644 /* Blow away the connection if it exists. */ diff --git a/drivers/infiniband/hw/qib/qib.h b/drivers/infiniband/hw/qib/qib.h -index c9624ea..e025b66 100644 +index b881bdc..c2e360c 100644 --- a/drivers/infiniband/hw/qib/qib.h +++ b/drivers/infiniband/hw/qib/qib.h @@ -51,6 +51,7 @@ @@ -30793,7 +30572,7 @@ index da38d97..2aa0b79 100644 error = device_add(&dev->dev); if (error) diff --git a/drivers/input/joystick/sidewinder.c b/drivers/input/joystick/sidewinder.c -index b8d8611..15f8d2c 100644 +index b8d8611..7a4a04b 100644 --- a/drivers/input/joystick/sidewinder.c +++ b/drivers/input/joystick/sidewinder.c @@ -30,6 +30,7 @@ @@ -30804,15 +30583,6 @@ index b8d8611..15f8d2c 100644 #include <linux/init.h> #include <linux/input.h> #include <linux/gameport.h> -@@ -428,6 +429,8 @@ static int sw_read(struct sw *sw) - unsigned char buf[SW_LENGTH]; - int i; - -+ pax_track_stack(); -+ - i = sw_read_packet(sw->gameport, buf, sw->length, 0); - - if (sw->type == SW_ID_3DP && sw->length == 66 && i != 66) { /* Broken packet, try to fix */ diff --git a/drivers/input/joystick/xpad.c b/drivers/input/joystick/xpad.c index d728875..844c89b 100644 --- a/drivers/input/joystick/xpad.c @@ -30835,21 +30605,6 @@ index d728875..844c89b 100644 snprintf(led->name, sizeof(led->name), "xpad%ld", led_no); led->xpad = xpad; -diff --git a/drivers/input/misc/cma3000_d0x.c b/drivers/input/misc/cma3000_d0x.c -index 1633b63..09f8f20 100644 ---- a/drivers/input/misc/cma3000_d0x.c -+++ b/drivers/input/misc/cma3000_d0x.c -@@ -114,8 +114,8 @@ static void decode_mg(struct cma3000_accl_data *data, int *datax, - static irqreturn_t cma3000_thread_irq(int irq, void *dev_id) - { - struct cma3000_accl_data *data = dev_id; -- int datax, datay, dataz; -- u8 ctrl, mode, range, intr_status; -+ int datax, datay, dataz, intr_status; -+ u8 ctrl, mode, range; - - intr_status = CMA3000_READ(data, CMA3000_INTSTATUS, "interrupt status"); - if (intr_status < 0) diff --git a/drivers/input/mousedev.c b/drivers/input/mousedev.c index 0110b5a..d3ad144 100644 --- a/drivers/input/mousedev.c @@ -30961,10 +30716,10 @@ index 212efaf..f187c6b 100644 struct tasklet_struct if_wake_tasklet; unsigned control_state; diff --git a/drivers/isdn/gigaset/interface.c b/drivers/isdn/gigaset/interface.c -index e35058b..5898a8b 100644 +index ee0a549..a7c9798 100644 --- a/drivers/isdn/gigaset/interface.c +++ b/drivers/isdn/gigaset/interface.c -@@ -162,9 +162,7 @@ static int if_open(struct tty_struct *tty, struct file *filp) +@@ -163,9 +163,7 @@ static int if_open(struct tty_struct *tty, struct file *filp) } tty->driver_data = cs; @@ -30975,7 +30730,7 @@ index e35058b..5898a8b 100644 spin_lock_irqsave(&cs->lock, flags); cs->tty = tty; spin_unlock_irqrestore(&cs->lock, flags); -@@ -192,10 +190,10 @@ static void if_close(struct tty_struct *tty, struct file *filp) +@@ -193,10 +191,10 @@ static void if_close(struct tty_struct *tty, struct file *filp) if (!cs->connected) gig_dbg(DEBUG_IF, "not connected"); /* nothing to do */ @@ -30988,7 +30743,7 @@ index e35058b..5898a8b 100644 spin_lock_irqsave(&cs->lock, flags); cs->tty = NULL; spin_unlock_irqrestore(&cs->lock, flags); -@@ -230,7 +228,7 @@ static int if_ioctl(struct tty_struct *tty, +@@ -231,7 +229,7 @@ static int if_ioctl(struct tty_struct *tty, if (!cs->connected) { gig_dbg(DEBUG_IF, "not connected"); retval = -ENODEV; @@ -30997,7 +30752,7 @@ index e35058b..5898a8b 100644 dev_warn(cs->dev, "%s: device not opened\n", __func__); else { retval = 0; -@@ -360,7 +358,7 @@ static int if_write(struct tty_struct *tty, const unsigned char *buf, int count) +@@ -361,7 +359,7 @@ static int if_write(struct tty_struct *tty, const unsigned char *buf, int count) retval = -ENODEV; goto done; } @@ -31006,7 +30761,7 @@ index e35058b..5898a8b 100644 dev_warn(cs->dev, "%s: device not opened\n", __func__); retval = -ENODEV; goto done; -@@ -413,7 +411,7 @@ static int if_write_room(struct tty_struct *tty) +@@ -414,7 +412,7 @@ static int if_write_room(struct tty_struct *tty) if (!cs->connected) { gig_dbg(DEBUG_IF, "not connected"); retval = -ENODEV; @@ -31015,7 +30770,7 @@ index e35058b..5898a8b 100644 dev_warn(cs->dev, "%s: device not opened\n", __func__); else if (cs->mstate != MS_LOCKED) { dev_warn(cs->dev, "can't write to unlocked device\n"); -@@ -443,7 +441,7 @@ static int if_chars_in_buffer(struct tty_struct *tty) +@@ -444,7 +442,7 @@ static int if_chars_in_buffer(struct tty_struct *tty) if (!cs->connected) gig_dbg(DEBUG_IF, "not connected"); @@ -31024,7 +30779,7 @@ index e35058b..5898a8b 100644 dev_warn(cs->dev, "%s: device not opened\n", __func__); else if (cs->mstate != MS_LOCKED) dev_warn(cs->dev, "can't write to unlocked device\n"); -@@ -471,7 +469,7 @@ static void if_throttle(struct tty_struct *tty) +@@ -472,7 +470,7 @@ static void if_throttle(struct tty_struct *tty) if (!cs->connected) gig_dbg(DEBUG_IF, "not connected"); /* nothing to do */ @@ -31033,7 +30788,7 @@ index e35058b..5898a8b 100644 dev_warn(cs->dev, "%s: device not opened\n", __func__); else gig_dbg(DEBUG_IF, "%s: not implemented\n", __func__); -@@ -495,7 +493,7 @@ static void if_unthrottle(struct tty_struct *tty) +@@ -496,7 +494,7 @@ static void if_unthrottle(struct tty_struct *tty) if (!cs->connected) gig_dbg(DEBUG_IF, "not connected"); /* nothing to do */ @@ -31042,7 +30797,7 @@ index e35058b..5898a8b 100644 dev_warn(cs->dev, "%s: device not opened\n", __func__); else gig_dbg(DEBUG_IF, "%s: not implemented\n", __func__); -@@ -526,7 +524,7 @@ static void if_set_termios(struct tty_struct *tty, struct ktermios *old) +@@ -527,7 +525,7 @@ static void if_set_termios(struct tty_struct *tty, struct ktermios *old) goto out; } @@ -31073,57 +30828,6 @@ index 2a57da59..e7a12ed 100644 return -EFAULT; } else { memcpy(buf, dp, left); -diff --git a/drivers/isdn/hardware/eicon/capidtmf.c b/drivers/isdn/hardware/eicon/capidtmf.c -index f130724..c373c68 100644 ---- a/drivers/isdn/hardware/eicon/capidtmf.c -+++ b/drivers/isdn/hardware/eicon/capidtmf.c -@@ -498,6 +498,7 @@ void capidtmf_recv_block (t_capidtmf_state *p_state, byte *buffer, word leng - byte goertzel_result_buffer[CAPIDTMF_RECV_TOTAL_FREQUENCY_COUNT]; - short windowed_sample_buffer[CAPIDTMF_RECV_WINDOWED_SAMPLES]; - -+ pax_track_stack(); - - if (p_state->recv.state & CAPIDTMF_RECV_STATE_DTMF_ACTIVE) - { -diff --git a/drivers/isdn/hardware/eicon/capifunc.c b/drivers/isdn/hardware/eicon/capifunc.c -index 4d425c6..a9be6c4 100644 ---- a/drivers/isdn/hardware/eicon/capifunc.c -+++ b/drivers/isdn/hardware/eicon/capifunc.c -@@ -1055,6 +1055,8 @@ static int divacapi_connect_didd(void) - IDI_SYNC_REQ req; - DESCRIPTOR DIDD_Table[MAX_DESCRIPTORS]; - -+ pax_track_stack(); -+ - DIVA_DIDD_Read(DIDD_Table, sizeof(DIDD_Table)); - - for (x = 0; x < MAX_DESCRIPTORS; x++) { -diff --git a/drivers/isdn/hardware/eicon/diddfunc.c b/drivers/isdn/hardware/eicon/diddfunc.c -index 3029234..ef0d9e2 100644 ---- a/drivers/isdn/hardware/eicon/diddfunc.c -+++ b/drivers/isdn/hardware/eicon/diddfunc.c -@@ -54,6 +54,8 @@ static int DIVA_INIT_FUNCTION connect_didd(void) - IDI_SYNC_REQ req; - DESCRIPTOR DIDD_Table[MAX_DESCRIPTORS]; - -+ pax_track_stack(); -+ - DIVA_DIDD_Read(DIDD_Table, sizeof(DIDD_Table)); - - for (x = 0; x < MAX_DESCRIPTORS; x++) { -diff --git a/drivers/isdn/hardware/eicon/divasfunc.c b/drivers/isdn/hardware/eicon/divasfunc.c -index 0bbee78..a0d0a01 100644 ---- a/drivers/isdn/hardware/eicon/divasfunc.c -+++ b/drivers/isdn/hardware/eicon/divasfunc.c -@@ -160,6 +160,8 @@ static int DIVA_INIT_FUNCTION connect_didd(void) - IDI_SYNC_REQ req; - DESCRIPTOR DIDD_Table[MAX_DESCRIPTORS]; - -+ pax_track_stack(); -+ - DIVA_DIDD_Read(DIDD_Table, sizeof(DIDD_Table)); - - for (x = 0; x < MAX_DESCRIPTORS; x++) { diff --git a/drivers/isdn/hardware/eicon/divasync.h b/drivers/isdn/hardware/eicon/divasync.h index 85784a7..a19ca98 100644 --- a/drivers/isdn/hardware/eicon/divasync.h @@ -31137,72 +30841,6 @@ index 85784a7..a19ca98 100644 typedef struct _diva_didd_read_adapter_array { void * buffer; dword length; -diff --git a/drivers/isdn/hardware/eicon/idifunc.c b/drivers/isdn/hardware/eicon/idifunc.c -index db87d51..7d09acf 100644 ---- a/drivers/isdn/hardware/eicon/idifunc.c -+++ b/drivers/isdn/hardware/eicon/idifunc.c -@@ -188,6 +188,8 @@ static int DIVA_INIT_FUNCTION connect_didd(void) - IDI_SYNC_REQ req; - DESCRIPTOR DIDD_Table[MAX_DESCRIPTORS]; - -+ pax_track_stack(); -+ - DIVA_DIDD_Read(DIDD_Table, sizeof(DIDD_Table)); - - for (x = 0; x < MAX_DESCRIPTORS; x++) { -diff --git a/drivers/isdn/hardware/eicon/message.c b/drivers/isdn/hardware/eicon/message.c -index a339598..b6a8bfc 100644 ---- a/drivers/isdn/hardware/eicon/message.c -+++ b/drivers/isdn/hardware/eicon/message.c -@@ -4886,6 +4886,8 @@ static void sig_ind(PLCI *plci) - dword d; - word w; - -+ pax_track_stack(); -+ - a = plci->adapter; - Id = ((word)plci->Id<<8)|a->Id; - PUT_WORD(&SS_Ind[4],0x0000); -@@ -7480,6 +7482,8 @@ static word add_b1(PLCI *plci, API_PARSE *bp, word b_channel_info, - word j, n, w; - dword d; - -+ pax_track_stack(); -+ - - for(i=0;i<8;i++) bp_parms[i].length = 0; - for(i=0;i<2;i++) global_config[i].length = 0; -@@ -7954,6 +7958,8 @@ static word add_b23(PLCI *plci, API_PARSE *bp) - const byte llc3[] = {4,3,2,2,6,6,0}; - const byte header[] = {0,2,3,3,0,0,0}; - -+ pax_track_stack(); -+ - for(i=0;i<8;i++) bp_parms[i].length = 0; - for(i=0;i<6;i++) b2_config_parms[i].length = 0; - for(i=0;i<5;i++) b3_config_parms[i].length = 0; -@@ -14741,6 +14747,8 @@ static void group_optimization(DIVA_CAPI_ADAPTER * a, PLCI * plci) - word appl_number_group_type[MAX_APPL]; - PLCI *auxplci; - -+ pax_track_stack(); -+ - set_group_ind_mask (plci); /* all APPLs within this inc. call are allowed to dial in */ - - if(!a->group_optimization_enabled) -diff --git a/drivers/isdn/hardware/eicon/mntfunc.c b/drivers/isdn/hardware/eicon/mntfunc.c -index a564b75..f3cf8b5 100644 ---- a/drivers/isdn/hardware/eicon/mntfunc.c -+++ b/drivers/isdn/hardware/eicon/mntfunc.c -@@ -79,6 +79,8 @@ static int DIVA_INIT_FUNCTION connect_didd(void) - IDI_SYNC_REQ req; - DESCRIPTOR DIDD_Table[MAX_DESCRIPTORS]; - -+ pax_track_stack(); -+ - DIVA_DIDD_Read(DIDD_Table, sizeof(DIDD_Table)); - - for (x = 0; x < MAX_DESCRIPTORS; x++) { diff --git a/drivers/isdn/hardware/eicon/xdi_adapter.h b/drivers/isdn/hardware/eicon/xdi_adapter.h index a3bd163..8956575 100644 --- a/drivers/isdn/hardware/eicon/xdi_adapter.h @@ -31216,19 +30854,6 @@ index a3bd163..8956575 100644 typedef struct _diva_os_xdi_adapter { struct list_head link; -diff --git a/drivers/isdn/i4l/isdn_common.c b/drivers/isdn/i4l/isdn_common.c -index 6ed82ad..b05ac05 100644 ---- a/drivers/isdn/i4l/isdn_common.c -+++ b/drivers/isdn/i4l/isdn_common.c -@@ -1286,6 +1286,8 @@ isdn_ioctl(struct file *file, uint cmd, ulong arg) - } iocpar; - void __user *argp = (void __user *)arg; - -+ pax_track_stack(); -+ - #define name iocpar.name - #define bname iocpar.bname - #define iocts iocpar.iocts diff --git a/drivers/isdn/icn/icn.c b/drivers/isdn/icn/icn.c index 1f355bb..43f1fea 100644 --- a/drivers/isdn/icn/icn.c @@ -31243,7 +30868,7 @@ index 1f355bb..43f1fea 100644 } else memcpy(msg, buf, count); diff --git a/drivers/lguest/core.c b/drivers/lguest/core.c -index 2535933..09a8e86 100644 +index b5fdcb7..5b6c59f 100644 --- a/drivers/lguest/core.c +++ b/drivers/lguest/core.c @@ -92,9 +92,17 @@ static __init int map_switcher(void) @@ -31394,10 +31019,10 @@ index 4daf9e5..b8d1d0f 100644 .device = PCI_ANY_ID, .subvendor = PCI_ANY_ID, diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c -index 2e9a3ca..c2fb229 100644 +index 31c2dc2..a2de7a6 100644 --- a/drivers/md/dm-ioctl.c +++ b/drivers/md/dm-ioctl.c -@@ -1578,7 +1578,7 @@ static int validate_params(uint cmd, struct dm_ioctl *param) +@@ -1589,7 +1589,7 @@ static int validate_params(uint cmd, struct dm_ioctl *param) cmd == DM_LIST_VERSIONS_CMD) return 0; @@ -31525,10 +31150,10 @@ index 3d80cf0..b77cc47 100644 schedule_work(&sc->trigger_event); } diff --git a/drivers/md/dm-table.c b/drivers/md/dm-table.c -index bc04518..7a83b81 100644 +index 8e91321..fd17aef 100644 --- a/drivers/md/dm-table.c +++ b/drivers/md/dm-table.c -@@ -389,7 +389,7 @@ static int device_area_is_invalid(struct dm_target *ti, struct dm_dev *dev, +@@ -391,7 +391,7 @@ static int device_area_is_invalid(struct dm_target *ti, struct dm_dev *dev, if (!dev_size) return 0; @@ -31537,11 +31162,33 @@ index bc04518..7a83b81 100644 DMWARN("%s: %s too small for target: " "start=%llu, len=%llu, dev_size=%llu", dm_device_name(ti->table->md), bdevname(bdev, b), +diff --git a/drivers/md/dm-thin-metadata.c b/drivers/md/dm-thin-metadata.c +index 59c4f04..4c7b661 100644 +--- a/drivers/md/dm-thin-metadata.c ++++ b/drivers/md/dm-thin-metadata.c +@@ -431,7 +431,7 @@ static int init_pmd(struct dm_pool_metadata *pmd, + + pmd->info.tm = tm; + pmd->info.levels = 2; +- pmd->info.value_type.context = pmd->data_sm; ++ pmd->info.value_type.context = (dm_space_map_no_const *)pmd->data_sm; + pmd->info.value_type.size = sizeof(__le64); + pmd->info.value_type.inc = data_block_inc; + pmd->info.value_type.dec = data_block_dec; +@@ -450,7 +450,7 @@ static int init_pmd(struct dm_pool_metadata *pmd, + + pmd->bl_info.tm = tm; + pmd->bl_info.levels = 1; +- pmd->bl_info.value_type.context = pmd->data_sm; ++ pmd->bl_info.value_type.context = (dm_space_map_no_const *)pmd->data_sm; + pmd->bl_info.value_type.size = sizeof(__le64); + pmd->bl_info.value_type.inc = data_block_inc; + pmd->bl_info.value_type.dec = data_block_dec; diff --git a/drivers/md/dm.c b/drivers/md/dm.c -index 52b39f3..83a8b6b 100644 +index 4720f68..78d1df7 100644 --- a/drivers/md/dm.c +++ b/drivers/md/dm.c -@@ -165,9 +165,9 @@ struct mapped_device { +@@ -177,9 +177,9 @@ struct mapped_device { /* * Event handling. */ @@ -31553,7 +31200,7 @@ index 52b39f3..83a8b6b 100644 struct list_head uevent_list; spinlock_t uevent_lock; /* Protect access to uevent_list */ -@@ -1843,8 +1843,8 @@ static struct mapped_device *alloc_dev(int minor) +@@ -1845,8 +1845,8 @@ static struct mapped_device *alloc_dev(int minor) rwlock_init(&md->map_lock); atomic_set(&md->holders, 1); atomic_set(&md->open_count, 0); @@ -31564,7 +31211,7 @@ index 52b39f3..83a8b6b 100644 INIT_LIST_HEAD(&md->uevent_list); spin_lock_init(&md->uevent_lock); -@@ -1978,7 +1978,7 @@ static void event_callback(void *context) +@@ -1980,7 +1980,7 @@ static void event_callback(void *context) dm_send_uevents(&uevents, &disk_to_dev(md->disk)->kobj); @@ -31573,7 +31220,7 @@ index 52b39f3..83a8b6b 100644 wake_up(&md->eventq); } -@@ -2614,18 +2614,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action, +@@ -2622,18 +2622,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action, uint32_t dm_next_uevent_seq(struct mapped_device *md) { @@ -31596,32 +31243,32 @@ index 52b39f3..83a8b6b 100644 void dm_uevent_add(struct mapped_device *md, struct list_head *elist) diff --git a/drivers/md/md.c b/drivers/md/md.c -index 5c95ccb..217fa57 100644 +index f47f1f8..b7f559e 100644 --- a/drivers/md/md.c +++ b/drivers/md/md.c -@@ -280,10 +280,10 @@ EXPORT_SYMBOL_GPL(md_trim_bio); +@@ -278,10 +278,10 @@ EXPORT_SYMBOL_GPL(md_trim_bio); * start build, activate spare */ static DECLARE_WAIT_QUEUE_HEAD(md_event_waiters); -static atomic_t md_event_count; +static atomic_unchecked_t md_event_count; - void md_new_event(mddev_t *mddev) + void md_new_event(struct mddev *mddev) { - atomic_inc(&md_event_count); + atomic_inc_unchecked(&md_event_count); wake_up(&md_event_waiters); } EXPORT_SYMBOL_GPL(md_new_event); -@@ -293,7 +293,7 @@ EXPORT_SYMBOL_GPL(md_new_event); +@@ -291,7 +291,7 @@ EXPORT_SYMBOL_GPL(md_new_event); */ - static void md_new_event_inintr(mddev_t *mddev) + static void md_new_event_inintr(struct mddev *mddev) { - atomic_inc(&md_event_count); + atomic_inc_unchecked(&md_event_count); wake_up(&md_event_waiters); } -@@ -1531,7 +1531,7 @@ static int super_1_load(mdk_rdev_t *rdev, mdk_rdev_t *refdev, int minor_version) +@@ -1525,7 +1525,7 @@ static int super_1_load(struct md_rdev *rdev, struct md_rdev *refdev, int minor_ rdev->preferred_minor = 0xffff; rdev->data_offset = le64_to_cpu(sb->data_offset); @@ -31630,7 +31277,7 @@ index 5c95ccb..217fa57 100644 rdev->sb_size = le32_to_cpu(sb->max_dev) * 2 + 256; bmask = queue_logical_block_size(rdev->bdev->bd_disk->queue)-1; -@@ -1748,7 +1748,7 @@ static void super_1_sync(mddev_t *mddev, mdk_rdev_t *rdev) +@@ -1742,7 +1742,7 @@ static void super_1_sync(struct mddev *mddev, struct md_rdev *rdev) else sb->resync_offset = cpu_to_le64(0); @@ -31639,16 +31286,16 @@ index 5c95ccb..217fa57 100644 sb->raid_disks = cpu_to_le32(mddev->raid_disks); sb->size = cpu_to_le64(mddev->dev_sectors); -@@ -2643,7 +2643,7 @@ __ATTR(state, S_IRUGO|S_IWUSR, state_show, state_store); +@@ -2639,7 +2639,7 @@ __ATTR(state, S_IRUGO|S_IWUSR, state_show, state_store); static ssize_t - errors_show(mdk_rdev_t *rdev, char *page) + errors_show(struct md_rdev *rdev, char *page) { - return sprintf(page, "%d\n", atomic_read(&rdev->corrected_errors)); + return sprintf(page, "%d\n", atomic_read_unchecked(&rdev->corrected_errors)); } static ssize_t -@@ -2652,7 +2652,7 @@ errors_store(mdk_rdev_t *rdev, const char *buf, size_t len) +@@ -2648,7 +2648,7 @@ errors_store(struct md_rdev *rdev, const char *buf, size_t len) char *e; unsigned long n = simple_strtoul(buf, &e, 10); if (*buf && (*e == 0 || *e == '\n')) { @@ -31657,7 +31304,7 @@ index 5c95ccb..217fa57 100644 return len; } return -EINVAL; -@@ -3042,8 +3042,8 @@ int md_rdev_init(mdk_rdev_t *rdev) +@@ -3039,8 +3039,8 @@ int md_rdev_init(struct md_rdev *rdev) rdev->sb_loaded = 0; rdev->bb_page = NULL; atomic_set(&rdev->nr_pending, 0); @@ -31668,7 +31315,7 @@ index 5c95ccb..217fa57 100644 INIT_LIST_HEAD(&rdev->same_set); init_waitqueue_head(&rdev->blocked_wait); -@@ -6667,7 +6667,7 @@ static int md_seq_show(struct seq_file *seq, void *v) +@@ -6683,7 +6683,7 @@ static int md_seq_show(struct seq_file *seq, void *v) spin_unlock(&pers_lock); seq_printf(seq, "\n"); @@ -31677,7 +31324,7 @@ index 5c95ccb..217fa57 100644 return 0; } if (v == (void*)2) { -@@ -6756,7 +6756,7 @@ static int md_seq_show(struct seq_file *seq, void *v) +@@ -6772,7 +6772,7 @@ static int md_seq_show(struct seq_file *seq, void *v) chunk_kb ? "KB" : "B"); if (bitmap->file) { seq_printf(seq, ", file: "); @@ -31686,7 +31333,7 @@ index 5c95ccb..217fa57 100644 } seq_printf(seq, "\n"); -@@ -6787,7 +6787,7 @@ static int md_seq_open(struct inode *inode, struct file *file) +@@ -6803,7 +6803,7 @@ static int md_seq_open(struct inode *inode, struct file *file) return error; seq = file->private_data; @@ -31695,7 +31342,7 @@ index 5c95ccb..217fa57 100644 return error; } -@@ -6801,7 +6801,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait) +@@ -6817,7 +6817,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait) /* always allow read */ mask = POLLIN | POLLRDNORM; @@ -31704,7 +31351,7 @@ index 5c95ccb..217fa57 100644 mask |= POLLERR | POLLPRI; return mask; } -@@ -6845,7 +6845,7 @@ static int is_mddev_idle(mddev_t *mddev, int init) +@@ -6861,7 +6861,7 @@ static int is_mddev_idle(struct mddev *mddev, int init) struct gendisk *disk = rdev->bdev->bd_contains->bd_disk; curr_events = (int)part_stat_read(&disk->part0, sectors[0]) + (int)part_stat_read(&disk->part0, sectors[1]) - @@ -31714,10 +31361,10 @@ index 5c95ccb..217fa57 100644 * as sync_io is counted when a request starts, and * disk_stats is counted when it completes. diff --git a/drivers/md/md.h b/drivers/md/md.h -index 0a309dc..7e01d7f 100644 +index cf742d9..7c7c745 100644 --- a/drivers/md/md.h +++ b/drivers/md/md.h -@@ -124,13 +124,13 @@ struct mdk_rdev_s +@@ -120,13 +120,13 @@ struct md_rdev { * only maintained for arrays that * support hot removal */ @@ -31733,7 +31380,7 @@ index 0a309dc..7e01d7f 100644 * for reporting to userspace and storing * in superblock. */ -@@ -415,7 +415,7 @@ static inline void rdev_dec_pending(mdk_rdev_t *rdev, mddev_t *mddev) +@@ -410,7 +410,7 @@ static inline void rdev_dec_pending(struct md_rdev *rdev, struct mddev *mddev) static inline void md_sync_acct(struct block_device *bdev, unsigned long nr_sectors) { @@ -31741,12 +31388,63 @@ index 0a309dc..7e01d7f 100644 + atomic_add_unchecked(nr_sectors, &bdev->bd_contains->bd_disk->sync_io); } - struct mdk_personality + struct md_personality +diff --git a/drivers/md/persistent-data/dm-space-map-checker.c b/drivers/md/persistent-data/dm-space-map-checker.c +index 50ed53b..4f29d7d 100644 +--- a/drivers/md/persistent-data/dm-space-map-checker.c ++++ b/drivers/md/persistent-data/dm-space-map-checker.c +@@ -159,7 +159,7 @@ static void ca_destroy(struct count_array *ca) + /*----------------------------------------------------------------*/ + + struct sm_checker { +- struct dm_space_map sm; ++ dm_space_map_no_const sm; + + struct count_array old_counts; + struct count_array counts; +diff --git a/drivers/md/persistent-data/dm-space-map-disk.c b/drivers/md/persistent-data/dm-space-map-disk.c +index fc469ba..2d91555 100644 +--- a/drivers/md/persistent-data/dm-space-map-disk.c ++++ b/drivers/md/persistent-data/dm-space-map-disk.c +@@ -23,7 +23,7 @@ + * Space map interface. + */ + struct sm_disk { +- struct dm_space_map sm; ++ dm_space_map_no_const sm; + + struct ll_disk ll; + struct ll_disk old_ll; +diff --git a/drivers/md/persistent-data/dm-space-map-metadata.c b/drivers/md/persistent-data/dm-space-map-metadata.c +index e89ae5e..062e4c2 100644 +--- a/drivers/md/persistent-data/dm-space-map-metadata.c ++++ b/drivers/md/persistent-data/dm-space-map-metadata.c +@@ -43,7 +43,7 @@ struct block_op { + }; + + struct sm_metadata { +- struct dm_space_map sm; ++ dm_space_map_no_const sm; + + struct ll_disk ll; + struct ll_disk old_ll; +diff --git a/drivers/md/persistent-data/dm-space-map.h b/drivers/md/persistent-data/dm-space-map.h +index 1cbfc6b..56e1dbb 100644 +--- a/drivers/md/persistent-data/dm-space-map.h ++++ b/drivers/md/persistent-data/dm-space-map.h +@@ -60,6 +60,7 @@ struct dm_space_map { + int (*root_size)(struct dm_space_map *sm, size_t *result); + int (*copy_root)(struct dm_space_map *sm, void *copy_to_here_le, size_t len); + }; ++typedef struct dm_space_map __no_const dm_space_map_no_const; + + /*----------------------------------------------------------------*/ + diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c -index 606fc04..f1ff8dc 100644 +index ede2461..9c4c691 100644 --- a/drivers/md/raid1.c +++ b/drivers/md/raid1.c -@@ -1550,7 +1550,7 @@ static int fix_sync_read_error(r1bio_t *r1_bio) +@@ -1559,7 +1559,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio) if (r1_sync_page_io(rdev, sect, s, bio->bi_io_vec[idx].bv_page, READ) != 0) @@ -31755,7 +31453,7 @@ index 606fc04..f1ff8dc 100644 } sectors -= s; sect += s; -@@ -1763,7 +1763,7 @@ static void fix_read_error(conf_t *conf, int read_disk, +@@ -1772,7 +1772,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk, test_bit(In_sync, &rdev->flags)) { if (r1_sync_page_io(rdev, sect, s, conf->tmppage, READ)) { @@ -31765,10 +31463,10 @@ index 606fc04..f1ff8dc 100644 "md/raid1:%s: read error corrected " "(%d sectors at %llu on %s)\n", diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c -index 1d44228..98db57d 100644 +index 685ddf3..955b087 100644 --- a/drivers/md/raid10.c +++ b/drivers/md/raid10.c -@@ -1423,7 +1423,7 @@ static void end_sync_read(struct bio *bio, int error) +@@ -1440,7 +1440,7 @@ static void end_sync_read(struct bio *bio, int error) /* The write handler will notice the lack of * R10BIO_Uptodate and record any errors etc */ @@ -31777,7 +31475,7 @@ index 1d44228..98db57d 100644 &conf->mirrors[d].rdev->corrected_errors); /* for reconstruct, we always reschedule after a read. -@@ -1723,7 +1723,7 @@ static void check_decay_read_errors(mddev_t *mddev, mdk_rdev_t *rdev) +@@ -1740,7 +1740,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) { struct timespec cur_time_mon; unsigned long hours_since_last; @@ -31786,7 +31484,7 @@ index 1d44228..98db57d 100644 ktime_get_ts(&cur_time_mon); -@@ -1745,9 +1745,9 @@ static void check_decay_read_errors(mddev_t *mddev, mdk_rdev_t *rdev) +@@ -1762,9 +1762,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) * overflowing the shift of read_errors by hours_since_last. */ if (hours_since_last >= 8 * sizeof(read_errors)) @@ -31797,8 +31495,8 @@ index 1d44228..98db57d 100644 + atomic_set_unchecked(&rdev->read_errors, read_errors >> hours_since_last); } - static int r10_sync_page_io(mdk_rdev_t *rdev, sector_t sector, -@@ -1797,8 +1797,8 @@ static void fix_read_error(conf_t *conf, mddev_t *mddev, r10bio_t *r10_bio) + static int r10_sync_page_io(struct md_rdev *rdev, sector_t sector, +@@ -1814,8 +1814,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 return; check_decay_read_errors(mddev, rdev); @@ -31809,7 +31507,7 @@ index 1d44228..98db57d 100644 char b[BDEVNAME_SIZE]; bdevname(rdev->bdev, b); -@@ -1806,7 +1806,7 @@ static void fix_read_error(conf_t *conf, mddev_t *mddev, r10bio_t *r10_bio) +@@ -1823,7 +1823,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 "md/raid10:%s: %s: Raid device exceeded " "read_error threshold [cur %d:max %d]\n", mdname(mddev), b, @@ -31818,7 +31516,7 @@ index 1d44228..98db57d 100644 printk(KERN_NOTICE "md/raid10:%s: %s: Failing raid device\n", mdname(mddev), b); -@@ -1951,7 +1951,7 @@ static void fix_read_error(conf_t *conf, mddev_t *mddev, r10bio_t *r10_bio) +@@ -1968,7 +1968,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 (unsigned long long)( sect + rdev->data_offset), bdevname(rdev->bdev, b)); @@ -31828,10 +31526,10 @@ index 1d44228..98db57d 100644 rdev_dec_pending(rdev, mddev); diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c -index b6200c3..02e8702 100644 +index 858fdbb..b2dac95 100644 --- a/drivers/md/raid5.c +++ b/drivers/md/raid5.c -@@ -1616,19 +1616,19 @@ static void raid5_end_read_request(struct bio * bi, int error) +@@ -1610,19 +1610,19 @@ static void raid5_end_read_request(struct bio * bi, int error) (unsigned long long)(sh->sector + rdev->data_offset), bdevname(rdev->bdev, b)); @@ -31855,7 +31553,7 @@ index b6200c3..02e8702 100644 if (conf->mddev->degraded >= conf->max_degraded) printk_ratelimited( KERN_WARNING -@@ -1648,7 +1648,7 @@ static void raid5_end_read_request(struct bio * bi, int error) +@@ -1642,7 +1642,7 @@ static void raid5_end_read_request(struct bio * bi, int error) (unsigned long long)(sh->sector + rdev->data_offset), bdn); @@ -31864,32 +31562,11 @@ index b6200c3..02e8702 100644 > conf->max_nr_stripes) printk(KERN_WARNING "md/raid:%s: Too many read errors, failing device %s.\n", -@@ -1978,6 +1978,7 @@ static sector_t compute_blocknr(struct stripe_head *sh, int i, int previous) - sector_t r_sector; - struct stripe_head sh2; - -+ pax_track_stack(); - - chunk_offset = sector_div(new_sector, sectors_per_chunk); - stripe = new_sector; -diff --git a/drivers/media/common/saa7146_hlp.c b/drivers/media/common/saa7146_hlp.c -index 1d1d8d2..6c6837a 100644 ---- a/drivers/media/common/saa7146_hlp.c -+++ b/drivers/media/common/saa7146_hlp.c -@@ -353,6 +353,8 @@ static void calculate_clipping_registers_rect(struct saa7146_dev *dev, struct sa - - int x[32], y[32], w[32], h[32]; - -+ pax_track_stack(); -+ - /* clear out memory */ - memset(&line_list[0], 0x00, sizeof(u32)*32); - memset(&pixel_list[0], 0x00, sizeof(u32)*32); diff --git a/drivers/media/dvb/ddbridge/ddbridge-core.c b/drivers/media/dvb/ddbridge/ddbridge-core.c -index 573d540..16f78f3 100644 +index ba9a643..e474ab5 100644 --- a/drivers/media/dvb/ddbridge/ddbridge-core.c +++ b/drivers/media/dvb/ddbridge/ddbridge-core.c -@@ -1675,7 +1675,7 @@ static struct ddb_info ddb_v6 = { +@@ -1678,7 +1678,7 @@ static struct ddb_info ddb_v6 = { .subvendor = _subvend, .subdevice = _subdev, \ .driver_data = (unsigned long)&_driverdata } @@ -31898,28 +31575,6 @@ index 573d540..16f78f3 100644 DDB_ID(DDVID, 0x0002, DDVID, 0x0001, ddb_octopus), DDB_ID(DDVID, 0x0003, DDVID, 0x0001, ddb_octopus), DDB_ID(DDVID, 0x0003, DDVID, 0x0002, ddb_octopus_le), -diff --git a/drivers/media/dvb/dvb-core/dvb_ca_en50221.c b/drivers/media/dvb/dvb-core/dvb_ca_en50221.c -index 7ea517b..252fe54 100644 ---- a/drivers/media/dvb/dvb-core/dvb_ca_en50221.c -+++ b/drivers/media/dvb/dvb-core/dvb_ca_en50221.c -@@ -590,6 +590,8 @@ static int dvb_ca_en50221_read_data(struct dvb_ca_private *ca, int slot, u8 * eb - u8 buf[HOST_LINK_BUF_SIZE]; - int i; - -+ pax_track_stack(); -+ - dprintk("%s\n", __func__); - - /* check if we have space for a link buf in the rx_buffer */ -@@ -1285,6 +1287,8 @@ static ssize_t dvb_ca_en50221_io_write(struct file *file, - unsigned long timeout; - int written; - -+ pax_track_stack(); -+ - dprintk("%s\n", __func__); - - /* Incoming packet has a 2 byte header. hdr[0] = slot_id, hdr[1] = connection_id */ diff --git a/drivers/media/dvb/dvb-core/dvb_demux.h b/drivers/media/dvb/dvb-core/dvb_demux.h index a7d876f..8c21b61 100644 --- a/drivers/media/dvb/dvb-core/dvb_demux.h @@ -31947,10 +31602,10 @@ index f732877..d38c35a 100644 int minor; int id; diff --git a/drivers/media/dvb/dvb-usb/cxusb.c b/drivers/media/dvb/dvb-usb/cxusb.c -index acb5fb2..2413f1d 100644 +index 9f2a02c..5920f88 100644 --- a/drivers/media/dvb/dvb-usb/cxusb.c +++ b/drivers/media/dvb/dvb-usb/cxusb.c -@@ -1059,7 +1059,7 @@ static struct dib0070_config dib7070p_dib0070_config = { +@@ -1069,7 +1069,7 @@ static struct dib0070_config dib7070p_dib0070_config = { struct dib0700_adapter_state { int (*set_param_save) (struct dvb_frontend *, struct dvb_frontend_parameters *); @@ -31959,21 +31614,8 @@ index acb5fb2..2413f1d 100644 static int dib7070_set_param_override(struct dvb_frontend *fe, struct dvb_frontend_parameters *fep) -diff --git a/drivers/media/dvb/dvb-usb/dib0700_core.c b/drivers/media/dvb/dvb-usb/dib0700_core.c -index a224e94..503b76a 100644 ---- a/drivers/media/dvb/dvb-usb/dib0700_core.c -+++ b/drivers/media/dvb/dvb-usb/dib0700_core.c -@@ -478,6 +478,8 @@ int dib0700_download_firmware(struct usb_device *udev, const struct firmware *fw - if (!buf) - return -ENOMEM; - -+ pax_track_stack(); -+ - while ((ret = dvb_usb_get_hexline(fw, &hx, &pos)) > 0) { - deb_fwdata("writing to address 0x%08x (buffer: 0x%02x %02x)\n", - hx.addr, hx.len, hx.chk); diff --git a/drivers/media/dvb/dvb-usb/dw2102.c b/drivers/media/dvb/dvb-usb/dw2102.c -index 058b231..183d2b3 100644 +index f103ec1..5e8968b 100644 --- a/drivers/media/dvb/dvb-usb/dw2102.c +++ b/drivers/media/dvb/dvb-usb/dw2102.c @@ -95,7 +95,7 @@ struct su3000_state { @@ -31985,29 +31627,8 @@ index 058b231..183d2b3 100644 /* debug */ static int dvb_usb_dw2102_debug; -diff --git a/drivers/media/dvb/dvb-usb/lmedm04.c b/drivers/media/dvb/dvb-usb/lmedm04.c -index 37b1469..28a6f6f 100644 ---- a/drivers/media/dvb/dvb-usb/lmedm04.c -+++ b/drivers/media/dvb/dvb-usb/lmedm04.c -@@ -742,6 +742,7 @@ static int lme2510_download_firmware(struct usb_device *dev, - usb_control_msg(dev, usb_rcvctrlpipe(dev, 0), - 0x06, 0x80, 0x0200, 0x00, data, 0x0109, 1000); - -+ pax_track_stack(); - - data[0] = 0x8a; - len_in = 1; -@@ -764,6 +765,8 @@ static void lme_coldreset(struct usb_device *dev) - int ret = 0, len_in; - u8 data[512] = {0}; - -+ pax_track_stack(); -+ - data[0] = 0x0a; - len_in = 1; - info("FRM Firmware Cold Reset"); diff --git a/drivers/media/dvb/frontends/dib3000.h b/drivers/media/dvb/frontends/dib3000.h -index ba91735..4261d84 100644 +index 404f63a..4796533 100644 --- a/drivers/media/dvb/frontends/dib3000.h +++ b/drivers/media/dvb/frontends/dib3000.h @@ -39,7 +39,7 @@ struct dib_fe_xfer_ops @@ -32032,32 +31653,6 @@ index 90bf573..e8463da 100644 break; msleep(10); -diff --git a/drivers/media/dvb/frontends/mb86a16.c b/drivers/media/dvb/frontends/mb86a16.c -index c283112..7f367a7 100644 ---- a/drivers/media/dvb/frontends/mb86a16.c -+++ b/drivers/media/dvb/frontends/mb86a16.c -@@ -1060,6 +1060,8 @@ static int mb86a16_set_fe(struct mb86a16_state *state) - int ret = -1; - int sync; - -+ pax_track_stack(); -+ - dprintk(verbose, MB86A16_INFO, 1, "freq=%d Mhz, symbrt=%d Ksps", state->frequency, state->srate); - - fcp = 3000; -diff --git a/drivers/media/dvb/frontends/or51211.c b/drivers/media/dvb/frontends/or51211.c -index c709ce6..b3fe620 100644 ---- a/drivers/media/dvb/frontends/or51211.c -+++ b/drivers/media/dvb/frontends/or51211.c -@@ -113,6 +113,8 @@ static int or51211_load_firmware (struct dvb_frontend* fe, - u8 tudata[585]; - int i; - -+ pax_track_stack(); -+ - dprintk("Firmware is %zd bytes\n",fw->size); - - /* Get eprom data */ diff --git a/drivers/media/dvb/ngene/ngene-cards.c b/drivers/media/dvb/ngene/ngene-cards.c index 0564192..75b16f5 100644 --- a/drivers/media/dvb/ngene/ngene-cards.c @@ -32084,6 +31679,19 @@ index 16a089f..ab1667d 100644 mutex_lock(&dev->lock); if (dev->rdsstat == 0) { dev->rdsstat = 1; +diff --git a/drivers/media/rc/redrat3.c b/drivers/media/rc/redrat3.c +index 61287fc..8b08712 100644 +--- a/drivers/media/rc/redrat3.c ++++ b/drivers/media/rc/redrat3.c +@@ -905,7 +905,7 @@ static int redrat3_set_tx_carrier(struct rc_dev *dev, u32 carrier) + return carrier; + } + +-static int redrat3_transmit_ir(struct rc_dev *rcdev, int *txbuf, u32 n) ++static int redrat3_transmit_ir(struct rc_dev *rcdev, unsigned *txbuf, u32 n) + { + struct redrat3_dev *rr3 = rcdev->priv; + struct device *dev = rr3->dev; diff --git a/drivers/media/video/au0828/au0828.h b/drivers/media/video/au0828/au0828.h index 9cde353..8c6a1c3 100644 --- a/drivers/media/video/au0828/au0828.h @@ -32097,32 +31705,6 @@ index 9cde353..8c6a1c3 100644 struct i2c_client i2c_client; u32 i2c_rc; -diff --git a/drivers/media/video/cx18/cx18-driver.c b/drivers/media/video/cx18/cx18-driver.c -index 9e2f870..22e3a08 100644 ---- a/drivers/media/video/cx18/cx18-driver.c -+++ b/drivers/media/video/cx18/cx18-driver.c -@@ -327,6 +327,8 @@ void cx18_read_eeprom(struct cx18 *cx, struct tveeprom *tv) - struct i2c_client c; - u8 eedata[256]; - -+ pax_track_stack(); -+ - memset(&c, 0, sizeof(c)); - strlcpy(c.name, "cx18 tveeprom tmp", sizeof(c.name)); - c.adapter = &cx->i2c_adap[0]; -diff --git a/drivers/media/video/cx23885/cx23885-input.c b/drivers/media/video/cx23885/cx23885-input.c -index ce765e3..f9e1b04 100644 ---- a/drivers/media/video/cx23885/cx23885-input.c -+++ b/drivers/media/video/cx23885/cx23885-input.c -@@ -53,6 +53,8 @@ static void cx23885_input_process_measurements(struct cx23885_dev *dev, - bool handle = false; - struct ir_raw_event ir_core_event[64]; - -+ pax_track_stack(); -+ - do { - num = 0; - v4l2_subdev_call(dev->sd_ir, ir, rx_read, (u8 *) ir_core_event, diff --git a/drivers/media/video/cx88/cx88-alsa.c b/drivers/media/video/cx88/cx88-alsa.c index 68d1240..46b32eb 100644 --- a/drivers/media/video/cx88/cx88-alsa.c @@ -32136,19 +31718,6 @@ index 68d1240..46b32eb 100644 {0x14f1,0x8801,PCI_ANY_ID,PCI_ANY_ID,0,0,0}, {0x14f1,0x8811,PCI_ANY_ID,PCI_ANY_ID,0,0,0}, {0, } -diff --git a/drivers/media/video/pvrusb2/pvrusb2-eeprom.c b/drivers/media/video/pvrusb2/pvrusb2-eeprom.c -index 9515f3a..c9ecb85 100644 ---- a/drivers/media/video/pvrusb2/pvrusb2-eeprom.c -+++ b/drivers/media/video/pvrusb2/pvrusb2-eeprom.c -@@ -120,6 +120,8 @@ int pvr2_eeprom_analyze(struct pvr2_hdw *hdw) - u8 *eeprom; - struct tveeprom tvdata; - -+ pax_track_stack(); -+ - memset(&tvdata,0,sizeof(tvdata)); - - eeprom = pvr2_eeprom_fetch(hdw); diff --git a/drivers/media/video/pvrusb2/pvrusb2-hdw-internal.h b/drivers/media/video/pvrusb2/pvrusb2-hdw-internal.h index 305e6aa..0143317 100644 --- a/drivers/media/video/pvrusb2/pvrusb2-hdw-internal.h @@ -32162,46 +31731,11 @@ index 305e6aa..0143317 100644 pvr2_i2c_func i2c_func[PVR2_I2C_FUNC_CNT]; int i2c_cx25840_hack_state; int i2c_linked; -diff --git a/drivers/media/video/saa7134/saa6752hs.c b/drivers/media/video/saa7134/saa6752hs.c -index f9f29cc..5a2e330 100644 ---- a/drivers/media/video/saa7134/saa6752hs.c -+++ b/drivers/media/video/saa7134/saa6752hs.c -@@ -682,6 +682,8 @@ static int saa6752hs_init(struct v4l2_subdev *sd, u32 leading_null_bytes) - unsigned char localPAT[256]; - unsigned char localPMT[256]; - -+ pax_track_stack(); -+ - /* Set video format - must be done first as it resets other settings */ - set_reg8(client, 0x41, h->video_format); - -diff --git a/drivers/media/video/saa7164/saa7164-cmd.c b/drivers/media/video/saa7164/saa7164-cmd.c -index 62fac7f..f29e0b9 100644 ---- a/drivers/media/video/saa7164/saa7164-cmd.c -+++ b/drivers/media/video/saa7164/saa7164-cmd.c -@@ -88,6 +88,8 @@ int saa7164_irq_dequeue(struct saa7164_dev *dev) - u8 tmp[512]; - dprintk(DBGLVL_CMD, "%s()\n", __func__); - -+ pax_track_stack(); -+ - /* While any outstand message on the bus exists... */ - do { - -@@ -141,6 +143,8 @@ int saa7164_cmd_dequeue(struct saa7164_dev *dev) - u8 tmp[512]; - dprintk(DBGLVL_CMD, "%s()\n", __func__); - -+ pax_track_stack(); -+ - while (loop) { - - struct tmComResInfo tRsp = { 0, 0, 0, 0, 0, 0 }; diff --git a/drivers/media/video/timblogiw.c b/drivers/media/video/timblogiw.c -index 84cd1b6..f741e07 100644 +index a0895bf..b7ebb1b 100644 --- a/drivers/media/video/timblogiw.c +++ b/drivers/media/video/timblogiw.c -@@ -744,7 +744,7 @@ static int timblogiw_mmap(struct file *file, struct vm_area_struct *vma) +@@ -745,7 +745,7 @@ static int timblogiw_mmap(struct file *file, struct vm_area_struct *vma) /* Platform device functions */ @@ -32210,7 +31744,7 @@ index 84cd1b6..f741e07 100644 .vidioc_querycap = timblogiw_querycap, .vidioc_enum_fmt_vid_cap = timblogiw_enum_fmt, .vidioc_g_fmt_vid_cap = timblogiw_g_fmt, -@@ -766,7 +766,7 @@ static __devinitconst struct v4l2_ioctl_ops timblogiw_ioctl_ops = { +@@ -767,7 +767,7 @@ static __devinitconst struct v4l2_ioctl_ops timblogiw_ioctl_ops = { .vidioc_enum_framesizes = timblogiw_enum_framesizes, }; @@ -32219,37 +31753,11 @@ index 84cd1b6..f741e07 100644 .owner = THIS_MODULE, .open = timblogiw_open, .release = timblogiw_close, -diff --git a/drivers/media/video/usbvision/usbvision-core.c b/drivers/media/video/usbvision/usbvision-core.c -index f344411..6ae9974 100644 ---- a/drivers/media/video/usbvision/usbvision-core.c -+++ b/drivers/media/video/usbvision/usbvision-core.c -@@ -707,6 +707,8 @@ static enum parse_state usbvision_parse_compress(struct usb_usbvision *usbvision - unsigned char rv, gv, bv; - static unsigned char *Y, *U, *V; - -+ pax_track_stack(); -+ - frame = usbvision->cur_frame; - image_size = frame->frmwidth * frame->frmheight; - if ((frame->v4l2_format.format == V4L2_PIX_FMT_YUV422P) || -diff --git a/drivers/media/video/videobuf-dma-sg.c b/drivers/media/video/videobuf-dma-sg.c -index f300dea..04834ba 100644 ---- a/drivers/media/video/videobuf-dma-sg.c -+++ b/drivers/media/video/videobuf-dma-sg.c -@@ -607,6 +607,8 @@ void *videobuf_sg_alloc(size_t size) - { - struct videobuf_queue q; - -+ pax_track_stack(); -+ - /* Required to make generic handler to call __videobuf_alloc */ - q.int_ops = &sg_ops; - diff --git a/drivers/message/fusion/mptbase.c b/drivers/message/fusion/mptbase.c -index 7956a10..f39232f 100644 +index e9c6a60..daf6a33 100644 --- a/drivers/message/fusion/mptbase.c +++ b/drivers/message/fusion/mptbase.c -@@ -6681,8 +6681,13 @@ static int mpt_iocinfo_proc_show(struct seq_file *m, void *v) +@@ -6753,8 +6753,13 @@ static int mpt_iocinfo_proc_show(struct seq_file *m, void *v) seq_printf(m, " MaxChainDepth = 0x%02x frames\n", ioc->facts.MaxChainDepth); seq_printf(m, " MinBlockSize = 0x%02x bytes\n", 4*ioc->facts.BlockSize); @@ -32264,10 +31772,10 @@ index 7956a10..f39232f 100644 * Rounding UP to nearest 4-kB boundary here... */ diff --git a/drivers/message/fusion/mptsas.c b/drivers/message/fusion/mptsas.c -index 7596aec..f7ae9aa 100644 +index 9d95042..b808101 100644 --- a/drivers/message/fusion/mptsas.c +++ b/drivers/message/fusion/mptsas.c -@@ -439,6 +439,23 @@ mptsas_is_end_device(struct mptsas_devinfo * attached) +@@ -446,6 +446,23 @@ mptsas_is_end_device(struct mptsas_devinfo * attached) return 0; } @@ -32291,7 +31799,7 @@ index 7596aec..f7ae9aa 100644 /* no mutex */ static void mptsas_port_delete(MPT_ADAPTER *ioc, struct mptsas_portinfo_details * port_details) -@@ -477,23 +494,6 @@ mptsas_get_rphy(struct mptsas_phyinfo *phy_info) +@@ -484,23 +501,6 @@ mptsas_get_rphy(struct mptsas_phyinfo *phy_info) return NULL; } @@ -32316,10 +31824,10 @@ index 7596aec..f7ae9aa 100644 mptsas_get_port(struct mptsas_phyinfo *phy_info) { diff --git a/drivers/message/fusion/mptscsih.c b/drivers/message/fusion/mptscsih.c -index ce61a57..3da8862 100644 +index 0c3ced7..1fe34ec 100644 --- a/drivers/message/fusion/mptscsih.c +++ b/drivers/message/fusion/mptscsih.c -@@ -1268,15 +1268,16 @@ mptscsih_info(struct Scsi_Host *SChost) +@@ -1270,15 +1270,16 @@ mptscsih_info(struct Scsi_Host *SChost) h = shost_priv(SChost); @@ -32344,19 +31852,6 @@ index ce61a57..3da8862 100644 return h->info_kbuf; } -diff --git a/drivers/message/i2o/i2o_config.c b/drivers/message/i2o/i2o_config.c -index 098de2b..fbb922c 100644 ---- a/drivers/message/i2o/i2o_config.c -+++ b/drivers/message/i2o/i2o_config.c -@@ -781,6 +781,8 @@ static int i2o_cfg_passthru(unsigned long arg) - struct i2o_message *msg; - unsigned int iop; - -+ pax_track_stack(); -+ - if (get_user(iop, &cmd->iop) || get_user(user_msg, &cmd->msg)) - return -EFAULT; - diff --git a/drivers/message/i2o/i2o_proc.c b/drivers/message/i2o/i2o_proc.c index 07dbeaf..5533142 100644 --- a/drivers/message/i2o/i2o_proc.c @@ -32474,24 +31969,11 @@ index a8c08f3..155fe3d 100644 INIT_LIST_HEAD(&c->context_list); #endif -diff --git a/drivers/mfd/ab3100-core.c b/drivers/mfd/ab3100-core.c -index a20e1c4..4f57255 100644 ---- a/drivers/mfd/ab3100-core.c -+++ b/drivers/mfd/ab3100-core.c -@@ -809,7 +809,7 @@ struct ab_family_id { - char *name; - }; - --static const struct ab_family_id ids[] __devinitdata = { -+static const struct ab_family_id ids[] __devinitconst = { - /* AB3100 */ - { - .id = 0xc0, diff --git a/drivers/mfd/abx500-core.c b/drivers/mfd/abx500-core.c -index f12720d..3c251fd 100644 +index 7ce65f4..e66e9bc 100644 --- a/drivers/mfd/abx500-core.c +++ b/drivers/mfd/abx500-core.c -@@ -14,7 +14,7 @@ static LIST_HEAD(abx500_list); +@@ -15,7 +15,7 @@ static LIST_HEAD(abx500_list); struct abx500_device_entry { struct list_head list; @@ -32512,64 +31994,51 @@ index 5c2a06a..8fa077c 100644 #include <linux/init.h> #include <linux/pci.h> #include <linux/interrupt.h> -diff --git a/drivers/mfd/wm8350-i2c.c b/drivers/mfd/wm8350-i2c.c -index 5fe5de1..af64f53 100644 ---- a/drivers/mfd/wm8350-i2c.c -+++ b/drivers/mfd/wm8350-i2c.c -@@ -44,6 +44,8 @@ static int wm8350_i2c_write_device(struct wm8350 *wm8350, char reg, - u8 msg[(WM8350_MAX_REGISTER << 1) + 1]; - int ret; - -+ pax_track_stack(); -+ - if (bytes > ((WM8350_MAX_REGISTER << 1) + 1)) - return -EINVAL; - diff --git a/drivers/misc/lis3lv02d/lis3lv02d.c b/drivers/misc/lis3lv02d/lis3lv02d.c -index 8b51cd6..f628f8d 100644 +index 29d12a7..f900ba4 100644 --- a/drivers/misc/lis3lv02d/lis3lv02d.c +++ b/drivers/misc/lis3lv02d/lis3lv02d.c -@@ -437,7 +437,7 @@ static irqreturn_t lis302dl_interrupt(int irq, void *dummy) +@@ -464,7 +464,7 @@ static irqreturn_t lis302dl_interrupt(int irq, void *data) * the lid is closed. This leads to interrupts as soon as a little move * is done. */ -- atomic_inc(&lis3_dev.count); -+ atomic_inc_unchecked(&lis3_dev.count); +- atomic_inc(&lis3->count); ++ atomic_inc_unchecked(&lis3->count); - wake_up_interruptible(&lis3_dev.misc_wait); - kill_fasync(&lis3_dev.async_queue, SIGIO, POLL_IN); -@@ -520,7 +520,7 @@ static int lis3lv02d_misc_open(struct inode *inode, struct file *file) - if (lis3_dev.pm_dev) - pm_runtime_get_sync(lis3_dev.pm_dev); + wake_up_interruptible(&lis3->misc_wait); + kill_fasync(&lis3->async_queue, SIGIO, POLL_IN); +@@ -550,7 +550,7 @@ static int lis3lv02d_misc_open(struct inode *inode, struct file *file) + if (lis3->pm_dev) + pm_runtime_get_sync(lis3->pm_dev); -- atomic_set(&lis3_dev.count, 0); -+ atomic_set_unchecked(&lis3_dev.count, 0); +- atomic_set(&lis3->count, 0); ++ atomic_set_unchecked(&lis3->count, 0); return 0; } -@@ -547,7 +547,7 @@ static ssize_t lis3lv02d_misc_read(struct file *file, char __user *buf, - add_wait_queue(&lis3_dev.misc_wait, &wait); +@@ -583,7 +583,7 @@ static ssize_t lis3lv02d_misc_read(struct file *file, char __user *buf, + add_wait_queue(&lis3->misc_wait, &wait); while (true) { set_current_state(TASK_INTERRUPTIBLE); -- data = atomic_xchg(&lis3_dev.count, 0); -+ data = atomic_xchg_unchecked(&lis3_dev.count, 0); +- data = atomic_xchg(&lis3->count, 0); ++ data = atomic_xchg_unchecked(&lis3->count, 0); if (data) break; -@@ -585,7 +585,7 @@ out: - static unsigned int lis3lv02d_misc_poll(struct file *file, poll_table *wait) - { - poll_wait(file, &lis3_dev.misc_wait, wait); -- if (atomic_read(&lis3_dev.count)) -+ if (atomic_read_unchecked(&lis3_dev.count)) +@@ -624,7 +624,7 @@ static unsigned int lis3lv02d_misc_poll(struct file *file, poll_table *wait) + struct lis3lv02d, miscdev); + + poll_wait(file, &lis3->misc_wait, wait); +- if (atomic_read(&lis3->count)) ++ if (atomic_read_unchecked(&lis3->count)) return POLLIN | POLLRDNORM; return 0; } diff --git a/drivers/misc/lis3lv02d/lis3lv02d.h b/drivers/misc/lis3lv02d/lis3lv02d.h -index a193958..4d7ecd2 100644 +index 2b1482a..5d33616 100644 --- a/drivers/misc/lis3lv02d/lis3lv02d.h +++ b/drivers/misc/lis3lv02d/lis3lv02d.h -@@ -265,7 +265,7 @@ struct lis3lv02d { +@@ -266,7 +266,7 @@ struct lis3lv02d { struct input_polled_dev *idev; /* input device */ struct platform_device *pdev; /* platform device */ struct regulator_bulk_data regulators[2]; @@ -32849,10 +32318,10 @@ index 8d082b4..aa749ae 100644 /* * Timer function to enforce the timelimit on the partition disengage. diff --git a/drivers/mmc/host/sdhci-pci.c b/drivers/mmc/host/sdhci-pci.c -index 26c5286..292d261 100644 +index 6878a94..fe5c5f1 100644 --- a/drivers/mmc/host/sdhci-pci.c +++ b/drivers/mmc/host/sdhci-pci.c -@@ -542,7 +542,7 @@ static const struct sdhci_pci_fixes sdhci_via = { +@@ -673,7 +673,7 @@ static const struct sdhci_pci_fixes sdhci_via = { .probe = via_probe, }; @@ -32861,91 +32330,11 @@ index 26c5286..292d261 100644 { .vendor = PCI_VENDOR_ID_RICOH, .device = PCI_DEVICE_ID_RICOH_R5C822, -diff --git a/drivers/mtd/chips/cfi_cmdset_0001.c b/drivers/mtd/chips/cfi_cmdset_0001.c -index e1e122f..d99a6ea 100644 ---- a/drivers/mtd/chips/cfi_cmdset_0001.c -+++ b/drivers/mtd/chips/cfi_cmdset_0001.c -@@ -757,6 +757,8 @@ static int chip_ready (struct map_info *map, struct flchip *chip, unsigned long - struct cfi_pri_intelext *cfip = cfi->cmdset_priv; - unsigned long timeo = jiffies + HZ; - -+ pax_track_stack(); -+ - /* Prevent setting state FL_SYNCING for chip in suspended state. */ - if (mode == FL_SYNCING && chip->oldstate != FL_READY) - goto sleep; -@@ -1653,6 +1655,8 @@ static int __xipram do_write_buffer(struct map_info *map, struct flchip *chip, - unsigned long initial_adr; - int initial_len = len; - -+ pax_track_stack(); -+ - wbufsize = cfi_interleave(cfi) << cfi->cfiq->MaxBufWriteSize; - adr += chip->start; - initial_adr = adr; -@@ -1871,6 +1875,8 @@ static int __xipram do_erase_oneblock(struct map_info *map, struct flchip *chip, - int retries = 3; - int ret; - -+ pax_track_stack(); -+ - adr += chip->start; - - retry: -diff --git a/drivers/mtd/chips/cfi_cmdset_0020.c b/drivers/mtd/chips/cfi_cmdset_0020.c -index 179814a..abe9d60 100644 ---- a/drivers/mtd/chips/cfi_cmdset_0020.c -+++ b/drivers/mtd/chips/cfi_cmdset_0020.c -@@ -255,6 +255,8 @@ static inline int do_read_onechip(struct map_info *map, struct flchip *chip, lof - unsigned long cmd_addr; - struct cfi_private *cfi = map->fldrv_priv; - -+ pax_track_stack(); -+ - adr += chip->start; - - /* Ensure cmd read/writes are aligned. */ -@@ -429,6 +431,8 @@ static inline int do_write_buffer(struct map_info *map, struct flchip *chip, - DECLARE_WAITQUEUE(wait, current); - int wbufsize, z; - -+ pax_track_stack(); -+ - /* M58LW064A requires bus alignment for buffer wriets -- saw */ - if (adr & (map_bankwidth(map)-1)) - return -EINVAL; -@@ -743,6 +747,8 @@ static inline int do_erase_oneblock(struct map_info *map, struct flchip *chip, u - DECLARE_WAITQUEUE(wait, current); - int ret = 0; - -+ pax_track_stack(); -+ - adr += chip->start; - - /* Let's determine this according to the interleave only once */ -@@ -1048,6 +1054,8 @@ static inline int do_lock_oneblock(struct map_info *map, struct flchip *chip, un - unsigned long timeo = jiffies + HZ; - DECLARE_WAITQUEUE(wait, current); - -+ pax_track_stack(); -+ - adr += chip->start; - - /* Let's determine this according to the interleave only once */ -@@ -1197,6 +1205,8 @@ static inline int do_unlock_oneblock(struct map_info *map, struct flchip *chip, - unsigned long timeo = jiffies + HZ; - DECLARE_WAITQUEUE(wait, current); - -+ pax_track_stack(); -+ - adr += chip->start; - - /* Let's determine this according to the interleave only once */ diff --git a/drivers/mtd/devices/doc2000.c b/drivers/mtd/devices/doc2000.c -index f7fbf60..9866457 100644 +index e9fad91..0a7a16a 100644 --- a/drivers/mtd/devices/doc2000.c +++ b/drivers/mtd/devices/doc2000.c -@@ -776,7 +776,7 @@ static int doc_write(struct mtd_info *mtd, loff_t to, size_t len, +@@ -773,7 +773,7 @@ static int doc_write(struct mtd_info *mtd, loff_t to, size_t len, /* The ECC will not be calculated correctly if less than 512 is written */ /* DBB- @@ -32955,10 +32344,10 @@ index f7fbf60..9866457 100644 "ECC needs a full sector write (adr: %lx size %lx)\n", (long) to, (long) len); diff --git a/drivers/mtd/devices/doc2001.c b/drivers/mtd/devices/doc2001.c -index 241192f..d0c35a3 100644 +index a3f7a27..234016e 100644 --- a/drivers/mtd/devices/doc2001.c +++ b/drivers/mtd/devices/doc2001.c -@@ -393,7 +393,7 @@ static int doc_read (struct mtd_info *mtd, loff_t from, size_t len, +@@ -392,7 +392,7 @@ static int doc_read (struct mtd_info *mtd, loff_t from, size_t len, struct Nand *mychip = &this->chips[from >> (this->chipshift)]; /* Don't allow read past end of device */ @@ -32967,73 +32356,8 @@ index 241192f..d0c35a3 100644 return -EINVAL; /* Don't allow a single read to cross a 512-byte block boundary */ -diff --git a/drivers/mtd/ftl.c b/drivers/mtd/ftl.c -index 037b399..225a71d 100644 ---- a/drivers/mtd/ftl.c -+++ b/drivers/mtd/ftl.c -@@ -474,6 +474,8 @@ static int copy_erase_unit(partition_t *part, uint16_t srcunit, - loff_t offset; - uint16_t srcunitswap = cpu_to_le16(srcunit); - -+ pax_track_stack(); -+ - eun = &part->EUNInfo[srcunit]; - xfer = &part->XferInfo[xferunit]; - DEBUG(2, "ftl_cs: copying block 0x%x to 0x%x\n", -diff --git a/drivers/mtd/inftlcore.c b/drivers/mtd/inftlcore.c -index d7592e6..31c505c 100644 ---- a/drivers/mtd/inftlcore.c -+++ b/drivers/mtd/inftlcore.c -@@ -259,6 +259,8 @@ static u16 INFTL_foldchain(struct INFTLrecord *inftl, unsigned thisVUC, unsigned - struct inftl_oob oob; - size_t retlen; - -+ pax_track_stack(); -+ - DEBUG(MTD_DEBUG_LEVEL3, "INFTL: INFTL_foldchain(inftl=%p,thisVUC=%d," - "pending=%d)\n", inftl, thisVUC, pendingblock); - -diff --git a/drivers/mtd/inftlmount.c b/drivers/mtd/inftlmount.c -index 104052e..6232be5 100644 ---- a/drivers/mtd/inftlmount.c -+++ b/drivers/mtd/inftlmount.c -@@ -53,6 +53,8 @@ static int find_boot_record(struct INFTLrecord *inftl) - struct INFTLPartition *ip; - size_t retlen; - -+ pax_track_stack(); -+ - DEBUG(MTD_DEBUG_LEVEL3, "INFTL: find_boot_record(inftl=%p)\n", inftl); - - /* -diff --git a/drivers/mtd/lpddr/qinfo_probe.c b/drivers/mtd/lpddr/qinfo_probe.c -index dbfe17b..c7b0918 100644 ---- a/drivers/mtd/lpddr/qinfo_probe.c -+++ b/drivers/mtd/lpddr/qinfo_probe.c -@@ -106,6 +106,8 @@ static int lpddr_pfow_present(struct map_info *map, struct lpddr_private *lpddr) - { - map_word pfow_val[4]; - -+ pax_track_stack(); -+ - /* Check identification string */ - pfow_val[0] = map_read(map, map->pfow_base + PFOW_QUERY_STRING_P); - pfow_val[1] = map_read(map, map->pfow_base + PFOW_QUERY_STRING_F); -diff --git a/drivers/mtd/mtdchar.c b/drivers/mtd/mtdchar.c -index 49e20a4..60fbfa5 100644 ---- a/drivers/mtd/mtdchar.c -+++ b/drivers/mtd/mtdchar.c -@@ -554,6 +554,8 @@ static int mtd_ioctl(struct file *file, u_int cmd, u_long arg) - u_long size; - struct mtd_info_user info; - -+ pax_track_stack(); -+ - DEBUG(MTD_DEBUG_LEVEL0, "MTD_ioctl\n"); - - size = (cmd & IOCSIZE_MASK) >> IOCSIZE_SHIFT; diff --git a/drivers/mtd/nand/denali.c b/drivers/mtd/nand/denali.c -index d527621..2491fab 100644 +index 3984d48..28aa897 100644 --- a/drivers/mtd/nand/denali.c +++ b/drivers/mtd/nand/denali.c @@ -26,6 +26,7 @@ @@ -33044,21 +32368,8 @@ index d527621..2491fab 100644 #include "denali.h" -diff --git a/drivers/mtd/nftlcore.c b/drivers/mtd/nftlcore.c -index b155666..611b801 100644 ---- a/drivers/mtd/nftlcore.c -+++ b/drivers/mtd/nftlcore.c -@@ -264,6 +264,8 @@ static u16 NFTL_foldchain (struct NFTLrecord *nftl, unsigned thisVUC, unsigned p - int inplace = 1; - size_t retlen; - -+ pax_track_stack(); -+ - memset(BlockMap, 0xff, sizeof(BlockMap)); - memset(BlockFreeFound, 0, sizeof(BlockFreeFound)); - diff --git a/drivers/mtd/nftlmount.c b/drivers/mtd/nftlmount.c -index e3cd1ff..0ea79a3 100644 +index ac40925..483b753 100644 --- a/drivers/mtd/nftlmount.c +++ b/drivers/mtd/nftlmount.c @@ -24,6 +24,7 @@ @@ -33069,15 +32380,6 @@ index e3cd1ff..0ea79a3 100644 #include <linux/mtd/mtd.h> #include <linux/mtd/nand.h> #include <linux/mtd/nftl.h> -@@ -45,6 +46,8 @@ static int find_boot_record(struct NFTLrecord *nftl) - struct mtd_info *mtd = nftl->mbd.mtd; - unsigned int i; - -+ pax_track_stack(); -+ - /* Assume logical EraseSize == physical erasesize for starting the scan. - We'll sort it out later if we find a MediaHeader which says otherwise */ - /* Actually, we won't. The new DiskOnChip driver has already scanned diff --git a/drivers/mtd/ubi/build.c b/drivers/mtd/ubi/build.c index 6c3fb5a..c542a81 100644 --- a/drivers/mtd/ubi/build.c @@ -33121,10 +32423,10 @@ index 6c3fb5a..c542a81 100644 } /** -diff --git a/drivers/net/atlx/atl2.c b/drivers/net/atlx/atl2.c -index d4f7dda..d627d46 100644 ---- a/drivers/net/atlx/atl2.c -+++ b/drivers/net/atlx/atl2.c +diff --git a/drivers/net/ethernet/atheros/atlx/atl2.c b/drivers/net/ethernet/atheros/atlx/atl2.c +index 1feae59..c2a61d2 100644 +--- a/drivers/net/ethernet/atheros/atlx/atl2.c ++++ b/drivers/net/ethernet/atheros/atlx/atl2.c @@ -2857,7 +2857,7 @@ static void atl2_force_ps(struct atl2_hw *hw) */ @@ -33134,149 +32436,10 @@ index d4f7dda..d627d46 100644 MODULE_PARM(X, "1-" __MODULE_STRING(ATL2_MAX_NIC) "i"); \ MODULE_PARM_DESC(X, desc); #else -diff --git a/drivers/net/bna/bfa_ioc_ct.c b/drivers/net/bna/bfa_ioc_ct.c -index 87aecdf..ec23470 100644 ---- a/drivers/net/bna/bfa_ioc_ct.c -+++ b/drivers/net/bna/bfa_ioc_ct.c -@@ -48,7 +48,21 @@ static void bfa_ioc_ct_sync_ack(struct bfa_ioc *ioc); - static bool bfa_ioc_ct_sync_complete(struct bfa_ioc *ioc); - static enum bfa_status bfa_ioc_ct_pll_init(void __iomem *rb, bool fcmode); - --static struct bfa_ioc_hwif nw_hwif_ct; -+static struct bfa_ioc_hwif nw_hwif_ct = { -+ .ioc_pll_init = bfa_ioc_ct_pll_init, -+ .ioc_firmware_lock = bfa_ioc_ct_firmware_lock, -+ .ioc_firmware_unlock = bfa_ioc_ct_firmware_unlock, -+ .ioc_reg_init = bfa_ioc_ct_reg_init, -+ .ioc_map_port = bfa_ioc_ct_map_port, -+ .ioc_isr_mode_set = bfa_ioc_ct_isr_mode_set, -+ .ioc_notify_fail = bfa_ioc_ct_notify_fail, -+ .ioc_ownership_reset = bfa_ioc_ct_ownership_reset, -+ .ioc_sync_start = bfa_ioc_ct_sync_start, -+ .ioc_sync_join = bfa_ioc_ct_sync_join, -+ .ioc_sync_leave = bfa_ioc_ct_sync_leave, -+ .ioc_sync_ack = bfa_ioc_ct_sync_ack, -+ .ioc_sync_complete = bfa_ioc_ct_sync_complete -+}; - - /** - * Called from bfa_ioc_attach() to map asic specific calls. -@@ -56,20 +70,6 @@ static struct bfa_ioc_hwif nw_hwif_ct; - void - bfa_nw_ioc_set_ct_hwif(struct bfa_ioc *ioc) - { -- nw_hwif_ct.ioc_pll_init = bfa_ioc_ct_pll_init; -- nw_hwif_ct.ioc_firmware_lock = bfa_ioc_ct_firmware_lock; -- nw_hwif_ct.ioc_firmware_unlock = bfa_ioc_ct_firmware_unlock; -- nw_hwif_ct.ioc_reg_init = bfa_ioc_ct_reg_init; -- nw_hwif_ct.ioc_map_port = bfa_ioc_ct_map_port; -- nw_hwif_ct.ioc_isr_mode_set = bfa_ioc_ct_isr_mode_set; -- nw_hwif_ct.ioc_notify_fail = bfa_ioc_ct_notify_fail; -- nw_hwif_ct.ioc_ownership_reset = bfa_ioc_ct_ownership_reset; -- nw_hwif_ct.ioc_sync_start = bfa_ioc_ct_sync_start; -- nw_hwif_ct.ioc_sync_join = bfa_ioc_ct_sync_join; -- nw_hwif_ct.ioc_sync_leave = bfa_ioc_ct_sync_leave; -- nw_hwif_ct.ioc_sync_ack = bfa_ioc_ct_sync_ack; -- nw_hwif_ct.ioc_sync_complete = bfa_ioc_ct_sync_complete; -- - ioc->ioc_hwif = &nw_hwif_ct; - } - -diff --git a/drivers/net/bna/bnad.c b/drivers/net/bna/bnad.c -index 8e35b25..c39f205 100644 ---- a/drivers/net/bna/bnad.c -+++ b/drivers/net/bna/bnad.c -@@ -1673,7 +1673,14 @@ bnad_setup_tx(struct bnad *bnad, uint tx_id) - struct bna_intr_info *intr_info = - &res_info[BNA_TX_RES_INTR_T_TXCMPL].res_u.intr_info; - struct bna_tx_config *tx_config = &bnad->tx_config[tx_id]; -- struct bna_tx_event_cbfn tx_cbfn; -+ static struct bna_tx_event_cbfn tx_cbfn = { -+ /* Initialize the tx event handlers */ -+ .tcb_setup_cbfn = bnad_cb_tcb_setup, -+ .tcb_destroy_cbfn = bnad_cb_tcb_destroy, -+ .tx_stall_cbfn = bnad_cb_tx_stall, -+ .tx_resume_cbfn = bnad_cb_tx_resume, -+ .tx_cleanup_cbfn = bnad_cb_tx_cleanup -+ }; - struct bna_tx *tx; - unsigned long flags; - -@@ -1682,13 +1689,6 @@ bnad_setup_tx(struct bnad *bnad, uint tx_id) - tx_config->txq_depth = bnad->txq_depth; - tx_config->tx_type = BNA_TX_T_REGULAR; - -- /* Initialize the tx event handlers */ -- tx_cbfn.tcb_setup_cbfn = bnad_cb_tcb_setup; -- tx_cbfn.tcb_destroy_cbfn = bnad_cb_tcb_destroy; -- tx_cbfn.tx_stall_cbfn = bnad_cb_tx_stall; -- tx_cbfn.tx_resume_cbfn = bnad_cb_tx_resume; -- tx_cbfn.tx_cleanup_cbfn = bnad_cb_tx_cleanup; -- - /* Get BNA's resource requirement for one tx object */ - spin_lock_irqsave(&bnad->bna_lock, flags); - bna_tx_res_req(bnad->num_txq_per_tx, -@@ -1819,21 +1819,21 @@ bnad_setup_rx(struct bnad *bnad, uint rx_id) - struct bna_intr_info *intr_info = - &res_info[BNA_RX_RES_T_INTR].res_u.intr_info; - struct bna_rx_config *rx_config = &bnad->rx_config[rx_id]; -- struct bna_rx_event_cbfn rx_cbfn; -+ static struct bna_rx_event_cbfn rx_cbfn = { -+ /* Initialize the Rx event handlers */ -+ .rcb_setup_cbfn = bnad_cb_rcb_setup, -+ .rcb_destroy_cbfn = bnad_cb_rcb_destroy, -+ .ccb_setup_cbfn = bnad_cb_ccb_setup, -+ .ccb_destroy_cbfn = bnad_cb_ccb_destroy, -+ .rx_cleanup_cbfn = bnad_cb_rx_cleanup, -+ .rx_post_cbfn = bnad_cb_rx_post -+ }; - struct bna_rx *rx; - unsigned long flags; - - /* Initialize the Rx object configuration */ - bnad_init_rx_config(bnad, rx_config); - -- /* Initialize the Rx event handlers */ -- rx_cbfn.rcb_setup_cbfn = bnad_cb_rcb_setup; -- rx_cbfn.rcb_destroy_cbfn = bnad_cb_rcb_destroy; -- rx_cbfn.ccb_setup_cbfn = bnad_cb_ccb_setup; -- rx_cbfn.ccb_destroy_cbfn = bnad_cb_ccb_destroy; -- rx_cbfn.rx_cleanup_cbfn = bnad_cb_rx_cleanup; -- rx_cbfn.rx_post_cbfn = bnad_cb_rx_post; -- - /* Get BNA's resource requirement for one Rx object */ - spin_lock_irqsave(&bnad->bna_lock, flags); - bna_rx_res_req(rx_config, res_info); -diff --git a/drivers/net/bnx2.c b/drivers/net/bnx2.c -index 4b2b570..31033f4 100644 ---- a/drivers/net/bnx2.c -+++ b/drivers/net/bnx2.c -@@ -5877,6 +5877,8 @@ bnx2_test_nvram(struct bnx2 *bp) - int rc = 0; - u32 magic, csum; - -+ pax_track_stack(); -+ - if ((rc = bnx2_nvram_read(bp, 0, data, 4)) != 0) - goto test_nvram_done; - -diff --git a/drivers/net/bnx2x/bnx2x_ethtool.c b/drivers/net/bnx2x/bnx2x_ethtool.c -index cf3e479..5dc0ecc 100644 ---- a/drivers/net/bnx2x/bnx2x_ethtool.c -+++ b/drivers/net/bnx2x/bnx2x_ethtool.c -@@ -1943,6 +1943,8 @@ static int bnx2x_test_nvram(struct bnx2x *bp) - int i, rc; - u32 magic, crc; - -+ pax_track_stack(); -+ - if (BP_NOMCP(bp)) - return 0; - -diff --git a/drivers/net/bnx2x/bnx2x_sp.h b/drivers/net/bnx2x/bnx2x_sp.h +diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h index 9a517c2..a50cfcb 100644 ---- a/drivers/net/bnx2x/bnx2x_sp.h -+++ b/drivers/net/bnx2x/bnx2x_sp.h +--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h ++++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h @@ -449,7 +449,7 @@ struct bnx2x_rx_mode_obj { int (*wait_comp)(struct bnx2x *bp, @@ -33286,10 +32449,22 @@ index 9a517c2..a50cfcb 100644 /********************** Set multicast group ***********************************/ -diff --git a/drivers/net/cxgb3/l2t.h b/drivers/net/cxgb3/l2t.h +diff --git a/drivers/net/ethernet/broadcom/tg3.h b/drivers/net/ethernet/broadcom/tg3.h +index 94b4bd0..73c02de 100644 +--- a/drivers/net/ethernet/broadcom/tg3.h ++++ b/drivers/net/ethernet/broadcom/tg3.h +@@ -134,6 +134,7 @@ + #define CHIPREV_ID_5750_A0 0x4000 + #define CHIPREV_ID_5750_A1 0x4001 + #define CHIPREV_ID_5750_A3 0x4003 ++#define CHIPREV_ID_5750_C1 0x4201 + #define CHIPREV_ID_5750_C2 0x4202 + #define CHIPREV_ID_5752_A0_HW 0x5000 + #define CHIPREV_ID_5752_A0 0x6000 +diff --git a/drivers/net/ethernet/chelsio/cxgb3/l2t.h b/drivers/net/ethernet/chelsio/cxgb3/l2t.h index c5f5479..2e8c260 100644 ---- a/drivers/net/cxgb3/l2t.h -+++ b/drivers/net/cxgb3/l2t.h +--- a/drivers/net/ethernet/chelsio/cxgb3/l2t.h ++++ b/drivers/net/ethernet/chelsio/cxgb3/l2t.h @@ -87,7 +87,7 @@ typedef void (*arp_failure_handler_func)(struct t3cdev * dev, */ struct l2t_skb_cb { @@ -33299,62 +32474,123 @@ index c5f5479..2e8c260 100644 #define L2T_SKB_CB(skb) ((struct l2t_skb_cb *)(skb)->cb) -diff --git a/drivers/net/cxgb4/cxgb4_main.c b/drivers/net/cxgb4/cxgb4_main.c -index b4efa29..c5f2703 100644 ---- a/drivers/net/cxgb4/cxgb4_main.c -+++ b/drivers/net/cxgb4/cxgb4_main.c -@@ -3396,6 +3396,8 @@ static int __devinit enable_msix(struct adapter *adap) - unsigned int nchan = adap->params.nports; - struct msix_entry entries[MAX_INGQ + 1]; +diff --git a/drivers/net/ethernet/dec/tulip/de4x5.c b/drivers/net/ethernet/dec/tulip/de4x5.c +index 871bcaa..4043505 100644 +--- a/drivers/net/ethernet/dec/tulip/de4x5.c ++++ b/drivers/net/ethernet/dec/tulip/de4x5.c +@@ -5397,7 +5397,7 @@ de4x5_ioctl(struct net_device *dev, struct ifreq *rq, int cmd) + for (i=0; i<ETH_ALEN; i++) { + tmp.addr[i] = dev->dev_addr[i]; + } +- if (copy_to_user(ioc->data, tmp.addr, ioc->len)) return -EFAULT; ++ if (ioc->len > sizeof tmp.addr || copy_to_user(ioc->data, tmp.addr, ioc->len)) return -EFAULT; + break; + + case DE4X5_SET_HWADDR: /* Set the hardware address */ +@@ -5437,7 +5437,7 @@ de4x5_ioctl(struct net_device *dev, struct ifreq *rq, int cmd) + spin_lock_irqsave(&lp->lock, flags); + memcpy(&statbuf, &lp->pktStats, ioc->len); + spin_unlock_irqrestore(&lp->lock, flags); +- if (copy_to_user(ioc->data, &statbuf, ioc->len)) ++ if (ioc->len > sizeof statbuf || copy_to_user(ioc->data, &statbuf, ioc->len)) + return -EFAULT; + break; + } +diff --git a/drivers/net/ethernet/dec/tulip/eeprom.c b/drivers/net/ethernet/dec/tulip/eeprom.c +index 14d5b61..1398636 100644 +--- a/drivers/net/ethernet/dec/tulip/eeprom.c ++++ b/drivers/net/ethernet/dec/tulip/eeprom.c +@@ -79,7 +79,7 @@ static struct eeprom_fixup eeprom_fixups[] __devinitdata = { + {NULL}}; -+ pax_track_stack(); -+ - for (i = 0; i < ARRAY_SIZE(entries); ++i) - entries[i].entry = i; -diff --git a/drivers/net/cxgb4/t4_hw.c b/drivers/net/cxgb4/t4_hw.c -index d1ec111..12735bc 100644 ---- a/drivers/net/cxgb4/t4_hw.c -+++ b/drivers/net/cxgb4/t4_hw.c -@@ -362,6 +362,8 @@ static int get_vpd_params(struct adapter *adapter, struct vpd_params *p) - u8 vpd[VPD_LEN], csum; - unsigned int vpdr_len, kw_offset, id_len; +-static const char *block_name[] __devinitdata = { ++static const char *block_name[] __devinitconst = { + "21140 non-MII", + "21140 MII PHY", + "21142 Serial PHY", +diff --git a/drivers/net/ethernet/dec/tulip/winbond-840.c b/drivers/net/ethernet/dec/tulip/winbond-840.c +index 4d01219..b58d26d 100644 +--- a/drivers/net/ethernet/dec/tulip/winbond-840.c ++++ b/drivers/net/ethernet/dec/tulip/winbond-840.c +@@ -236,7 +236,7 @@ struct pci_id_info { + int drv_flags; /* Driver use, intended as capability flags. */ + }; -+ pax_track_stack(); -+ - ret = pci_read_vpd(adapter->pdev, VPD_BASE, sizeof(vpd), vpd); - if (ret < 0) - return ret; -diff --git a/drivers/net/e1000e/82571.c b/drivers/net/e1000e/82571.c -index 536b3a5..e6f8dcc 100644 ---- a/drivers/net/e1000e/82571.c -+++ b/drivers/net/e1000e/82571.c -@@ -239,7 +239,7 @@ static s32 e1000_init_mac_params_82571(struct e1000_adapter *adapter) +-static const struct pci_id_info pci_id_tbl[] __devinitdata = { ++static const struct pci_id_info pci_id_tbl[] __devinitconst = { + { /* Sometime a Level-One switch card. */ + "Winbond W89c840", CanHaveMII | HasBrokenTx | FDXOnNoMII}, + { "Winbond W89c840", CanHaveMII | HasBrokenTx}, +diff --git a/drivers/net/ethernet/dlink/sundance.c b/drivers/net/ethernet/dlink/sundance.c +index dcd7f7a..ecb7fb3 100644 +--- a/drivers/net/ethernet/dlink/sundance.c ++++ b/drivers/net/ethernet/dlink/sundance.c +@@ -218,7 +218,7 @@ enum { + struct pci_id_info { + const char *name; + }; +-static const struct pci_id_info pci_id_tbl[] __devinitdata = { ++static const struct pci_id_info pci_id_tbl[] __devinitconst = { + {"D-Link DFE-550TX FAST Ethernet Adapter"}, + {"D-Link DFE-550FX 100Mbps Fiber-optics Adapter"}, + {"D-Link DFE-580TX 4 port Server Adapter"}, +diff --git a/drivers/net/ethernet/emulex/benet/be_main.c b/drivers/net/ethernet/emulex/benet/be_main.c +index bf266a0..e024af7 100644 +--- a/drivers/net/ethernet/emulex/benet/be_main.c ++++ b/drivers/net/ethernet/emulex/benet/be_main.c +@@ -397,7 +397,7 @@ static void accumulate_16bit_val(u32 *acc, u16 val) + + if (wrapped) + newacc += 65536; +- ACCESS_ONCE(*acc) = newacc; ++ ACCESS_ONCE_RW(*acc) = newacc; + } + + void be_parse_stats(struct be_adapter *adapter) +diff --git a/drivers/net/ethernet/fealnx.c b/drivers/net/ethernet/fealnx.c +index 61d2bdd..7f1154a 100644 +--- a/drivers/net/ethernet/fealnx.c ++++ b/drivers/net/ethernet/fealnx.c +@@ -150,7 +150,7 @@ struct chip_info { + int flags; + }; + +-static const struct chip_info skel_netdrv_tbl[] __devinitdata = { ++static const struct chip_info skel_netdrv_tbl[] __devinitconst = { + { "100/10M Ethernet PCI Adapter", HAS_MII_XCVR }, + { "100/10M Ethernet PCI Adapter", HAS_CHIP_XCVR }, + { "1000/100/10M Ethernet PCI Adapter", HAS_MII_XCVR }, +diff --git a/drivers/net/ethernet/intel/e1000e/80003es2lan.c b/drivers/net/ethernet/intel/e1000e/80003es2lan.c +index e1159e5..e18684d 100644 +--- a/drivers/net/ethernet/intel/e1000e/80003es2lan.c ++++ b/drivers/net/ethernet/intel/e1000e/80003es2lan.c +@@ -205,7 +205,7 @@ static s32 e1000_init_mac_params_80003es2lan(struct e1000_adapter *adapter) { struct e1000_hw *hw = &adapter->hw; struct e1000_mac_info *mac = &hw->mac; - struct e1000_mac_operations *func = &mac->ops; + e1000_mac_operations_no_const *func = &mac->ops; - u32 swsm = 0; - u32 swsm2 = 0; - bool force_clear_smbi = false; -diff --git a/drivers/net/e1000e/es2lan.c b/drivers/net/e1000e/es2lan.c -index e4f4225..24da2ea 100644 ---- a/drivers/net/e1000e/es2lan.c -+++ b/drivers/net/e1000e/es2lan.c -@@ -205,7 +205,7 @@ static s32 e1000_init_mac_params_80003es2lan(struct e1000_adapter *adapter) + + /* Set media type */ + switch (adapter->pdev->device) { +diff --git a/drivers/net/ethernet/intel/e1000e/82571.c b/drivers/net/ethernet/intel/e1000e/82571.c +index a3e65fd..f451444 100644 +--- a/drivers/net/ethernet/intel/e1000e/82571.c ++++ b/drivers/net/ethernet/intel/e1000e/82571.c +@@ -239,7 +239,7 @@ static s32 e1000_init_mac_params_82571(struct e1000_adapter *adapter) { struct e1000_hw *hw = &adapter->hw; struct e1000_mac_info *mac = &hw->mac; - struct e1000_mac_operations *func = &mac->ops; + e1000_mac_operations_no_const *func = &mac->ops; - - /* Set media type */ - switch (adapter->pdev->device) { -diff --git a/drivers/net/e1000e/hw.h b/drivers/net/e1000e/hw.h + u32 swsm = 0; + u32 swsm2 = 0; + bool force_clear_smbi = false; +diff --git a/drivers/net/ethernet/intel/e1000e/hw.h b/drivers/net/ethernet/intel/e1000e/hw.h index 2967039..ca8c40c 100644 ---- a/drivers/net/e1000e/hw.h -+++ b/drivers/net/e1000e/hw.h +--- a/drivers/net/ethernet/intel/e1000e/hw.h ++++ b/drivers/net/ethernet/intel/e1000e/hw.h @@ -778,6 +778,7 @@ struct e1000_mac_operations { void (*write_vfta)(struct e1000_hw *, u32, u32); s32 (*read_mac_addr)(struct e1000_hw *); @@ -33401,36 +32637,10 @@ index 2967039..ca8c40c 100644 enum e1000_nvm_type type; enum e1000_nvm_override override; -diff --git a/drivers/net/fealnx.c b/drivers/net/fealnx.c -index fa8677c..196356f 100644 ---- a/drivers/net/fealnx.c -+++ b/drivers/net/fealnx.c -@@ -150,7 +150,7 @@ struct chip_info { - int flags; - }; - --static const struct chip_info skel_netdrv_tbl[] __devinitdata = { -+static const struct chip_info skel_netdrv_tbl[] __devinitconst = { - { "100/10M Ethernet PCI Adapter", HAS_MII_XCVR }, - { "100/10M Ethernet PCI Adapter", HAS_CHIP_XCVR }, - { "1000/100/10M Ethernet PCI Adapter", HAS_MII_XCVR }, -diff --git a/drivers/net/hamradio/6pack.c b/drivers/net/hamradio/6pack.c -index 2a5a34d..be871cc 100644 ---- a/drivers/net/hamradio/6pack.c -+++ b/drivers/net/hamradio/6pack.c -@@ -463,6 +463,8 @@ static void sixpack_receive_buf(struct tty_struct *tty, - unsigned char buf[512]; - int count1; - -+ pax_track_stack(); -+ - if (!count) - return; - -diff --git a/drivers/net/igb/e1000_hw.h b/drivers/net/igb/e1000_hw.h +diff --git a/drivers/net/ethernet/intel/igb/e1000_hw.h b/drivers/net/ethernet/intel/igb/e1000_hw.h index 4519a13..f97fcd0 100644 ---- a/drivers/net/igb/e1000_hw.h -+++ b/drivers/net/igb/e1000_hw.h +--- a/drivers/net/ethernet/intel/igb/e1000_hw.h ++++ b/drivers/net/ethernet/intel/igb/e1000_hw.h @@ -314,6 +314,7 @@ struct e1000_mac_operations { s32 (*read_mac_addr)(struct e1000_hw *); s32 (*get_speed_and_duplex)(struct e1000_hw *, u16 *, u16 *); @@ -33499,10 +32709,10 @@ index 4519a13..f97fcd0 100644 struct e1000_mbx_stats stats; u32 timeout; u32 usec_delay; -diff --git a/drivers/net/igbvf/vf.h b/drivers/net/igbvf/vf.h +diff --git a/drivers/net/ethernet/intel/igbvf/vf.h b/drivers/net/ethernet/intel/igbvf/vf.h index d7ed58f..64cde36 100644 ---- a/drivers/net/igbvf/vf.h -+++ b/drivers/net/igbvf/vf.h +--- a/drivers/net/ethernet/intel/igbvf/vf.h ++++ b/drivers/net/ethernet/intel/igbvf/vf.h @@ -189,9 +189,10 @@ struct e1000_mac_operations { s32 (*read_mac_addr)(struct e1000_hw *); s32 (*set_vfta)(struct e1000_hw *, u16, bool); @@ -33532,38 +32742,11 @@ index d7ed58f..64cde36 100644 struct e1000_mbx_stats stats; u32 timeout; u32 usec_delay; -diff --git a/drivers/net/ixgb/ixgb_main.c b/drivers/net/ixgb/ixgb_main.c -index 6a130eb..1aeb9e4 100644 ---- a/drivers/net/ixgb/ixgb_main.c -+++ b/drivers/net/ixgb/ixgb_main.c -@@ -1070,6 +1070,8 @@ ixgb_set_multi(struct net_device *netdev) - u32 rctl; - int i; - -+ pax_track_stack(); -+ - /* Check for Promiscuous and All Multicast modes */ - - rctl = IXGB_READ_REG(hw, RCTL); -diff --git a/drivers/net/ixgb/ixgb_param.c b/drivers/net/ixgb/ixgb_param.c -index dd7fbeb..44b9bbf 100644 ---- a/drivers/net/ixgb/ixgb_param.c -+++ b/drivers/net/ixgb/ixgb_param.c -@@ -261,6 +261,9 @@ void __devinit - ixgb_check_options(struct ixgb_adapter *adapter) - { - int bd = adapter->bd_number; -+ -+ pax_track_stack(); -+ - if (bd >= IXGB_MAX_NIC) { - pr_notice("Warning: no configuration for board #%i\n", bd); - pr_notice("Using defaults for all values\n"); -diff --git a/drivers/net/ixgbe/ixgbe_type.h b/drivers/net/ixgbe/ixgbe_type.h -index e0d970e..1cfdea5 100644 ---- a/drivers/net/ixgbe/ixgbe_type.h -+++ b/drivers/net/ixgbe/ixgbe_type.h -@@ -2642,6 +2642,7 @@ struct ixgbe_eeprom_operations { +diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_type.h b/drivers/net/ethernet/intel/ixgbe/ixgbe_type.h +index 6c5cca8..de8ef63 100644 +--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_type.h ++++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_type.h +@@ -2708,6 +2708,7 @@ struct ixgbe_eeprom_operations { s32 (*update_checksum)(struct ixgbe_hw *); u16 (*calc_checksum)(struct ixgbe_hw *); }; @@ -33571,7 +32754,7 @@ index e0d970e..1cfdea5 100644 struct ixgbe_mac_operations { s32 (*init_hw)(struct ixgbe_hw *); -@@ -2703,6 +2704,7 @@ struct ixgbe_mac_operations { +@@ -2769,6 +2770,7 @@ struct ixgbe_mac_operations { /* Manageability interface */ s32 (*set_fw_drv_ver)(struct ixgbe_hw *, u8, u8, u8, u8); }; @@ -33579,7 +32762,7 @@ index e0d970e..1cfdea5 100644 struct ixgbe_phy_operations { s32 (*identify)(struct ixgbe_hw *); -@@ -2722,9 +2724,10 @@ struct ixgbe_phy_operations { +@@ -2788,9 +2790,10 @@ struct ixgbe_phy_operations { s32 (*write_i2c_eeprom)(struct ixgbe_hw *, u8, u8); s32 (*check_overtemp)(struct ixgbe_hw *); }; @@ -33591,7 +32774,7 @@ index e0d970e..1cfdea5 100644 enum ixgbe_eeprom_type type; u32 semaphore_delay; u16 word_size; -@@ -2734,7 +2737,7 @@ struct ixgbe_eeprom_info { +@@ -2800,7 +2803,7 @@ struct ixgbe_eeprom_info { #define IXGBE_FLAGS_DOUBLE_RESET_REQUIRED 0x01 struct ixgbe_mac_info { @@ -33600,7 +32783,7 @@ index e0d970e..1cfdea5 100644 enum ixgbe_mac_type type; u8 addr[IXGBE_ETH_LENGTH_OF_ADDRESS]; u8 perm_addr[IXGBE_ETH_LENGTH_OF_ADDRESS]; -@@ -2762,7 +2765,7 @@ struct ixgbe_mac_info { +@@ -2828,7 +2831,7 @@ struct ixgbe_mac_info { }; struct ixgbe_phy_info { @@ -33609,7 +32792,7 @@ index e0d970e..1cfdea5 100644 struct mdio_if_info mdio; enum ixgbe_phy_type type; u32 id; -@@ -2790,6 +2793,7 @@ struct ixgbe_mbx_operations { +@@ -2856,6 +2859,7 @@ struct ixgbe_mbx_operations { s32 (*check_for_ack)(struct ixgbe_hw *, u16); s32 (*check_for_rst)(struct ixgbe_hw *, u16); }; @@ -33617,7 +32800,7 @@ index e0d970e..1cfdea5 100644 struct ixgbe_mbx_stats { u32 msgs_tx; -@@ -2801,7 +2805,7 @@ struct ixgbe_mbx_stats { +@@ -2867,7 +2871,7 @@ struct ixgbe_mbx_stats { }; struct ixgbe_mbx_info { @@ -33626,10 +32809,10 @@ index e0d970e..1cfdea5 100644 struct ixgbe_mbx_stats stats; u32 timeout; u32 usec_delay; -diff --git a/drivers/net/ixgbevf/vf.h b/drivers/net/ixgbevf/vf.h +diff --git a/drivers/net/ethernet/intel/ixgbevf/vf.h b/drivers/net/ethernet/intel/ixgbevf/vf.h index 10306b4..28df758 100644 ---- a/drivers/net/ixgbevf/vf.h -+++ b/drivers/net/ixgbevf/vf.h +--- a/drivers/net/ethernet/intel/ixgbevf/vf.h ++++ b/drivers/net/ethernet/intel/ixgbevf/vf.h @@ -70,6 +70,7 @@ struct ixgbe_mac_operations { s32 (*clear_vfta)(struct ixgbe_hw *); s32 (*set_vfta)(struct ixgbe_hw *, u32, u32, bool); @@ -33664,23 +32847,10 @@ index 10306b4..28df758 100644 struct ixgbe_mbx_stats stats; u32 timeout; u32 udelay; -diff --git a/drivers/net/ksz884x.c b/drivers/net/ksz884x.c -index 27418d3..adf15bb 100644 ---- a/drivers/net/ksz884x.c -+++ b/drivers/net/ksz884x.c -@@ -6533,6 +6533,8 @@ static void netdev_get_ethtool_stats(struct net_device *dev, - int rc; - u64 counter[TOTAL_PORT_COUNTER_NUM]; - -+ pax_track_stack(); -+ - mutex_lock(&hw_priv->lock); - n = SWITCH_PORT_NUM; - for (i = 0, p = port->first_port; i < port->mib_port_cnt; i++, p++) { -diff --git a/drivers/net/mlx4/main.c b/drivers/net/mlx4/main.c -index f0ee35d..3831c8a 100644 ---- a/drivers/net/mlx4/main.c -+++ b/drivers/net/mlx4/main.c +diff --git a/drivers/net/ethernet/mellanox/mlx4/main.c b/drivers/net/ethernet/mellanox/mlx4/main.c +index 94bbc85..78c12e6 100644 +--- a/drivers/net/ethernet/mellanox/mlx4/main.c ++++ b/drivers/net/ethernet/mellanox/mlx4/main.c @@ -40,6 +40,7 @@ #include <linux/dma-mapping.h> #include <linux/slab.h> @@ -33689,672 +32859,37 @@ index f0ee35d..3831c8a 100644 #include <linux/mlx4/device.h> #include <linux/mlx4/doorbell.h> -@@ -762,6 +763,8 @@ static int mlx4_init_hca(struct mlx4_dev *dev) - u64 icm_size; - int err; - -+ pax_track_stack(); -+ - err = mlx4_QUERY_FW(dev); - if (err) { - if (err == -EACCES) -diff --git a/drivers/net/niu.c b/drivers/net/niu.c -index ed47585..5e5be8f 100644 ---- a/drivers/net/niu.c -+++ b/drivers/net/niu.c -@@ -9061,6 +9061,8 @@ static void __devinit niu_try_msix(struct niu *np, u8 *ldg_num_map) - int i, num_irqs, err; - u8 first_ldg; - -+ pax_track_stack(); -+ - first_ldg = (NIU_NUM_LDG / parent->num_ports) * np->port; - for (i = 0; i < (NIU_NUM_LDG / parent->num_ports); i++) - ldg_num_map[i] = first_ldg + i; -diff --git a/drivers/net/pcnet32.c b/drivers/net/pcnet32.c -index 80b6f36..5cd8938 100644 ---- a/drivers/net/pcnet32.c -+++ b/drivers/net/pcnet32.c -@@ -270,7 +270,7 @@ struct pcnet32_private { - struct sk_buff **rx_skbuff; - dma_addr_t *tx_dma_addr; - dma_addr_t *rx_dma_addr; -- struct pcnet32_access a; -+ struct pcnet32_access *a; - spinlock_t lock; /* Guard lock */ - unsigned int cur_rx, cur_tx; /* The next free ring entry */ - unsigned int rx_ring_size; /* current rx ring size */ -@@ -460,9 +460,9 @@ static void pcnet32_netif_start(struct net_device *dev) - u16 val; - - netif_wake_queue(dev); -- val = lp->a.read_csr(ioaddr, CSR3); -+ val = lp->a->read_csr(ioaddr, CSR3); - val &= 0x00ff; -- lp->a.write_csr(ioaddr, CSR3, val); -+ lp->a->write_csr(ioaddr, CSR3, val); - napi_enable(&lp->napi); - } - -@@ -730,7 +730,7 @@ static u32 pcnet32_get_link(struct net_device *dev) - r = mii_link_ok(&lp->mii_if); - } else if (lp->chip_version >= PCNET32_79C970A) { - ulong ioaddr = dev->base_addr; /* card base I/O address */ -- r = (lp->a.read_bcr(ioaddr, 4) != 0xc0); -+ r = (lp->a->read_bcr(ioaddr, 4) != 0xc0); - } else { /* can not detect link on really old chips */ - r = 1; - } -@@ -792,7 +792,7 @@ static int pcnet32_set_ringparam(struct net_device *dev, - pcnet32_netif_stop(dev); - - spin_lock_irqsave(&lp->lock, flags); -- lp->a.write_csr(ioaddr, CSR0, CSR0_STOP); /* stop the chip */ -+ lp->a->write_csr(ioaddr, CSR0, CSR0_STOP); /* stop the chip */ - - size = min(ering->tx_pending, (unsigned int)TX_MAX_RING_SIZE); - -@@ -868,7 +868,7 @@ static void pcnet32_ethtool_test(struct net_device *dev, - static int pcnet32_loopback_test(struct net_device *dev, uint64_t * data1) - { - struct pcnet32_private *lp = netdev_priv(dev); -- struct pcnet32_access *a = &lp->a; /* access to registers */ -+ struct pcnet32_access *a = lp->a; /* access to registers */ - ulong ioaddr = dev->base_addr; /* card base I/O address */ - struct sk_buff *skb; /* sk buff */ - int x, i; /* counters */ -@@ -888,21 +888,21 @@ static int pcnet32_loopback_test(struct net_device *dev, uint64_t * data1) - pcnet32_netif_stop(dev); - - spin_lock_irqsave(&lp->lock, flags); -- lp->a.write_csr(ioaddr, CSR0, CSR0_STOP); /* stop the chip */ -+ lp->a->write_csr(ioaddr, CSR0, CSR0_STOP); /* stop the chip */ - - numbuffs = min(numbuffs, (int)min(lp->rx_ring_size, lp->tx_ring_size)); - - /* Reset the PCNET32 */ -- lp->a.reset(ioaddr); -- lp->a.write_csr(ioaddr, CSR4, 0x0915); /* auto tx pad */ -+ lp->a->reset(ioaddr); -+ lp->a->write_csr(ioaddr, CSR4, 0x0915); /* auto tx pad */ - - /* switch pcnet32 to 32bit mode */ -- lp->a.write_bcr(ioaddr, 20, 2); -+ lp->a->write_bcr(ioaddr, 20, 2); - - /* purge & init rings but don't actually restart */ - pcnet32_restart(dev, 0x0000); - -- lp->a.write_csr(ioaddr, CSR0, CSR0_STOP); /* Set STOP bit */ -+ lp->a->write_csr(ioaddr, CSR0, CSR0_STOP); /* Set STOP bit */ - - /* Initialize Transmit buffers. */ - size = data_len + 15; -@@ -947,10 +947,10 @@ static int pcnet32_loopback_test(struct net_device *dev, uint64_t * data1) - - /* set int loopback in CSR15 */ - x = a->read_csr(ioaddr, CSR15) & 0xfffc; -- lp->a.write_csr(ioaddr, CSR15, x | 0x0044); -+ lp->a->write_csr(ioaddr, CSR15, x | 0x0044); - - teststatus = cpu_to_le16(0x8000); -- lp->a.write_csr(ioaddr, CSR0, CSR0_START); /* Set STRT bit */ -+ lp->a->write_csr(ioaddr, CSR0, CSR0_START); /* Set STRT bit */ - - /* Check status of descriptors */ - for (x = 0; x < numbuffs; x++) { -@@ -969,7 +969,7 @@ static int pcnet32_loopback_test(struct net_device *dev, uint64_t * data1) - } - } - -- lp->a.write_csr(ioaddr, CSR0, CSR0_STOP); /* Set STOP bit */ -+ lp->a->write_csr(ioaddr, CSR0, CSR0_STOP); /* Set STOP bit */ - wmb(); - if (netif_msg_hw(lp) && netif_msg_pktdata(lp)) { - netdev_printk(KERN_DEBUG, dev, "RX loopback packets:\n"); -@@ -1015,7 +1015,7 @@ clean_up: - pcnet32_restart(dev, CSR0_NORMAL); - } else { - pcnet32_purge_rx_ring(dev); -- lp->a.write_bcr(ioaddr, 20, 4); /* return to 16bit mode */ -+ lp->a->write_bcr(ioaddr, 20, 4); /* return to 16bit mode */ - } - spin_unlock_irqrestore(&lp->lock, flags); - -@@ -1026,7 +1026,7 @@ static int pcnet32_set_phys_id(struct net_device *dev, - enum ethtool_phys_id_state state) - { - struct pcnet32_private *lp = netdev_priv(dev); -- struct pcnet32_access *a = &lp->a; -+ struct pcnet32_access *a = lp->a; - ulong ioaddr = dev->base_addr; - unsigned long flags; - int i; -@@ -1067,7 +1067,7 @@ static int pcnet32_suspend(struct net_device *dev, unsigned long *flags, - { - int csr5; - struct pcnet32_private *lp = netdev_priv(dev); -- struct pcnet32_access *a = &lp->a; -+ struct pcnet32_access *a = lp->a; - ulong ioaddr = dev->base_addr; - int ticks; - -@@ -1324,8 +1324,8 @@ static int pcnet32_poll(struct napi_struct *napi, int budget) - spin_lock_irqsave(&lp->lock, flags); - if (pcnet32_tx(dev)) { - /* reset the chip to clear the error condition, then restart */ -- lp->a.reset(ioaddr); -- lp->a.write_csr(ioaddr, CSR4, 0x0915); /* auto tx pad */ -+ lp->a->reset(ioaddr); -+ lp->a->write_csr(ioaddr, CSR4, 0x0915); /* auto tx pad */ - pcnet32_restart(dev, CSR0_START); - netif_wake_queue(dev); - } -@@ -1337,12 +1337,12 @@ static int pcnet32_poll(struct napi_struct *napi, int budget) - __napi_complete(napi); - - /* clear interrupt masks */ -- val = lp->a.read_csr(ioaddr, CSR3); -+ val = lp->a->read_csr(ioaddr, CSR3); - val &= 0x00ff; -- lp->a.write_csr(ioaddr, CSR3, val); -+ lp->a->write_csr(ioaddr, CSR3, val); - - /* Set interrupt enable. */ -- lp->a.write_csr(ioaddr, CSR0, CSR0_INTEN); -+ lp->a->write_csr(ioaddr, CSR0, CSR0_INTEN); - - spin_unlock_irqrestore(&lp->lock, flags); - } -@@ -1365,7 +1365,7 @@ static void pcnet32_get_regs(struct net_device *dev, struct ethtool_regs *regs, - int i, csr0; - u16 *buff = ptr; - struct pcnet32_private *lp = netdev_priv(dev); -- struct pcnet32_access *a = &lp->a; -+ struct pcnet32_access *a = lp->a; - ulong ioaddr = dev->base_addr; - unsigned long flags; - -@@ -1401,9 +1401,9 @@ static void pcnet32_get_regs(struct net_device *dev, struct ethtool_regs *regs, - for (j = 0; j < PCNET32_MAX_PHYS; j++) { - if (lp->phymask & (1 << j)) { - for (i = 0; i < PCNET32_REGS_PER_PHY; i++) { -- lp->a.write_bcr(ioaddr, 33, -+ lp->a->write_bcr(ioaddr, 33, - (j << 5) | i); -- *buff++ = lp->a.read_bcr(ioaddr, 34); -+ *buff++ = lp->a->read_bcr(ioaddr, 34); - } - } - } -@@ -1785,7 +1785,7 @@ pcnet32_probe1(unsigned long ioaddr, int shared, struct pci_dev *pdev) - ((cards_found >= MAX_UNITS) || full_duplex[cards_found])) - lp->options |= PCNET32_PORT_FD; - -- lp->a = *a; -+ lp->a = a; - - /* prior to register_netdev, dev->name is not yet correct */ - if (pcnet32_alloc_ring(dev, pci_name(lp->pci_dev))) { -@@ -1844,7 +1844,7 @@ pcnet32_probe1(unsigned long ioaddr, int shared, struct pci_dev *pdev) - if (lp->mii) { - /* lp->phycount and lp->phymask are set to 0 by memset above */ - -- lp->mii_if.phy_id = ((lp->a.read_bcr(ioaddr, 33)) >> 5) & 0x1f; -+ lp->mii_if.phy_id = ((lp->a->read_bcr(ioaddr, 33)) >> 5) & 0x1f; - /* scan for PHYs */ - for (i = 0; i < PCNET32_MAX_PHYS; i++) { - unsigned short id1, id2; -@@ -1864,7 +1864,7 @@ pcnet32_probe1(unsigned long ioaddr, int shared, struct pci_dev *pdev) - pr_info("Found PHY %04x:%04x at address %d\n", - id1, id2, i); - } -- lp->a.write_bcr(ioaddr, 33, (lp->mii_if.phy_id) << 5); -+ lp->a->write_bcr(ioaddr, 33, (lp->mii_if.phy_id) << 5); - if (lp->phycount > 1) - lp->options |= PCNET32_PORT_MII; - } -@@ -2020,10 +2020,10 @@ static int pcnet32_open(struct net_device *dev) - } - - /* Reset the PCNET32 */ -- lp->a.reset(ioaddr); -+ lp->a->reset(ioaddr); - - /* switch pcnet32 to 32bit mode */ -- lp->a.write_bcr(ioaddr, 20, 2); -+ lp->a->write_bcr(ioaddr, 20, 2); - - netif_printk(lp, ifup, KERN_DEBUG, dev, - "%s() irq %d tx/rx rings %#x/%#x init %#x\n", -@@ -2032,14 +2032,14 @@ static int pcnet32_open(struct net_device *dev) - (u32) (lp->init_dma_addr)); - - /* set/reset autoselect bit */ -- val = lp->a.read_bcr(ioaddr, 2) & ~2; -+ val = lp->a->read_bcr(ioaddr, 2) & ~2; - if (lp->options & PCNET32_PORT_ASEL) - val |= 2; -- lp->a.write_bcr(ioaddr, 2, val); -+ lp->a->write_bcr(ioaddr, 2, val); - - /* handle full duplex setting */ - if (lp->mii_if.full_duplex) { -- val = lp->a.read_bcr(ioaddr, 9) & ~3; -+ val = lp->a->read_bcr(ioaddr, 9) & ~3; - if (lp->options & PCNET32_PORT_FD) { - val |= 1; - if (lp->options == (PCNET32_PORT_FD | PCNET32_PORT_AUI)) -@@ -2049,14 +2049,14 @@ static int pcnet32_open(struct net_device *dev) - if (lp->chip_version == 0x2627) - val |= 3; - } -- lp->a.write_bcr(ioaddr, 9, val); -+ lp->a->write_bcr(ioaddr, 9, val); - } - - /* set/reset GPSI bit in test register */ -- val = lp->a.read_csr(ioaddr, 124) & ~0x10; -+ val = lp->a->read_csr(ioaddr, 124) & ~0x10; - if ((lp->options & PCNET32_PORT_PORTSEL) == PCNET32_PORT_GPSI) - val |= 0x10; -- lp->a.write_csr(ioaddr, 124, val); -+ lp->a->write_csr(ioaddr, 124, val); - - /* Allied Telesyn AT 2700/2701 FX are 100Mbit only and do not negotiate */ - if (pdev && pdev->subsystem_vendor == PCI_VENDOR_ID_AT && -@@ -2075,24 +2075,24 @@ static int pcnet32_open(struct net_device *dev) - * duplex, and/or enable auto negotiation, and clear DANAS - */ - if (lp->mii && !(lp->options & PCNET32_PORT_ASEL)) { -- lp->a.write_bcr(ioaddr, 32, -- lp->a.read_bcr(ioaddr, 32) | 0x0080); -+ lp->a->write_bcr(ioaddr, 32, -+ lp->a->read_bcr(ioaddr, 32) | 0x0080); - /* disable Auto Negotiation, set 10Mpbs, HD */ -- val = lp->a.read_bcr(ioaddr, 32) & ~0xb8; -+ val = lp->a->read_bcr(ioaddr, 32) & ~0xb8; - if (lp->options & PCNET32_PORT_FD) - val |= 0x10; - if (lp->options & PCNET32_PORT_100) - val |= 0x08; -- lp->a.write_bcr(ioaddr, 32, val); -+ lp->a->write_bcr(ioaddr, 32, val); - } else { - if (lp->options & PCNET32_PORT_ASEL) { -- lp->a.write_bcr(ioaddr, 32, -- lp->a.read_bcr(ioaddr, -+ lp->a->write_bcr(ioaddr, 32, -+ lp->a->read_bcr(ioaddr, - 32) | 0x0080); - /* enable auto negotiate, setup, disable fd */ -- val = lp->a.read_bcr(ioaddr, 32) & ~0x98; -+ val = lp->a->read_bcr(ioaddr, 32) & ~0x98; - val |= 0x20; -- lp->a.write_bcr(ioaddr, 32, val); -+ lp->a->write_bcr(ioaddr, 32, val); - } - } - } else { -@@ -2105,10 +2105,10 @@ static int pcnet32_open(struct net_device *dev) - * There is really no good other way to handle multiple PHYs - * other than turning off all automatics - */ -- val = lp->a.read_bcr(ioaddr, 2); -- lp->a.write_bcr(ioaddr, 2, val & ~2); -- val = lp->a.read_bcr(ioaddr, 32); -- lp->a.write_bcr(ioaddr, 32, val & ~(1 << 7)); /* stop MII manager */ -+ val = lp->a->read_bcr(ioaddr, 2); -+ lp->a->write_bcr(ioaddr, 2, val & ~2); -+ val = lp->a->read_bcr(ioaddr, 32); -+ lp->a->write_bcr(ioaddr, 32, val & ~(1 << 7)); /* stop MII manager */ - - if (!(lp->options & PCNET32_PORT_ASEL)) { - /* setup ecmd */ -@@ -2118,7 +2118,7 @@ static int pcnet32_open(struct net_device *dev) - ethtool_cmd_speed_set(&ecmd, - (lp->options & PCNET32_PORT_100) ? - SPEED_100 : SPEED_10); -- bcr9 = lp->a.read_bcr(ioaddr, 9); -+ bcr9 = lp->a->read_bcr(ioaddr, 9); - - if (lp->options & PCNET32_PORT_FD) { - ecmd.duplex = DUPLEX_FULL; -@@ -2127,7 +2127,7 @@ static int pcnet32_open(struct net_device *dev) - ecmd.duplex = DUPLEX_HALF; - bcr9 |= ~(1 << 0); - } -- lp->a.write_bcr(ioaddr, 9, bcr9); -+ lp->a->write_bcr(ioaddr, 9, bcr9); - } - - for (i = 0; i < PCNET32_MAX_PHYS; i++) { -@@ -2158,9 +2158,9 @@ static int pcnet32_open(struct net_device *dev) - - #ifdef DO_DXSUFLO - if (lp->dxsuflo) { /* Disable transmit stop on underflow */ -- val = lp->a.read_csr(ioaddr, CSR3); -+ val = lp->a->read_csr(ioaddr, CSR3); - val |= 0x40; -- lp->a.write_csr(ioaddr, CSR3, val); -+ lp->a->write_csr(ioaddr, CSR3, val); - } - #endif - -@@ -2176,11 +2176,11 @@ static int pcnet32_open(struct net_device *dev) - napi_enable(&lp->napi); - - /* Re-initialize the PCNET32, and start it when done. */ -- lp->a.write_csr(ioaddr, 1, (lp->init_dma_addr & 0xffff)); -- lp->a.write_csr(ioaddr, 2, (lp->init_dma_addr >> 16)); -+ lp->a->write_csr(ioaddr, 1, (lp->init_dma_addr & 0xffff)); -+ lp->a->write_csr(ioaddr, 2, (lp->init_dma_addr >> 16)); - -- lp->a.write_csr(ioaddr, CSR4, 0x0915); /* auto tx pad */ -- lp->a.write_csr(ioaddr, CSR0, CSR0_INIT); -+ lp->a->write_csr(ioaddr, CSR4, 0x0915); /* auto tx pad */ -+ lp->a->write_csr(ioaddr, CSR0, CSR0_INIT); - - netif_start_queue(dev); - -@@ -2192,19 +2192,19 @@ static int pcnet32_open(struct net_device *dev) - - i = 0; - while (i++ < 100) -- if (lp->a.read_csr(ioaddr, CSR0) & CSR0_IDON) -+ if (lp->a->read_csr(ioaddr, CSR0) & CSR0_IDON) - break; - /* - * We used to clear the InitDone bit, 0x0100, here but Mark Stockton - * reports that doing so triggers a bug in the '974. - */ -- lp->a.write_csr(ioaddr, CSR0, CSR0_NORMAL); -+ lp->a->write_csr(ioaddr, CSR0, CSR0_NORMAL); - - netif_printk(lp, ifup, KERN_DEBUG, dev, - "pcnet32 open after %d ticks, init block %#x csr0 %4.4x\n", - i, - (u32) (lp->init_dma_addr), -- lp->a.read_csr(ioaddr, CSR0)); -+ lp->a->read_csr(ioaddr, CSR0)); - - spin_unlock_irqrestore(&lp->lock, flags); - -@@ -2218,7 +2218,7 @@ err_free_ring: - * Switch back to 16bit mode to avoid problems with dumb - * DOS packet driver after a warm reboot - */ -- lp->a.write_bcr(ioaddr, 20, 4); -+ lp->a->write_bcr(ioaddr, 20, 4); - - err_free_irq: - spin_unlock_irqrestore(&lp->lock, flags); -@@ -2323,7 +2323,7 @@ static void pcnet32_restart(struct net_device *dev, unsigned int csr0_bits) - - /* wait for stop */ - for (i = 0; i < 100; i++) -- if (lp->a.read_csr(ioaddr, CSR0) & CSR0_STOP) -+ if (lp->a->read_csr(ioaddr, CSR0) & CSR0_STOP) - break; - - if (i >= 100) -@@ -2335,13 +2335,13 @@ static void pcnet32_restart(struct net_device *dev, unsigned int csr0_bits) - return; - - /* ReInit Ring */ -- lp->a.write_csr(ioaddr, CSR0, CSR0_INIT); -+ lp->a->write_csr(ioaddr, CSR0, CSR0_INIT); - i = 0; - while (i++ < 1000) -- if (lp->a.read_csr(ioaddr, CSR0) & CSR0_IDON) -+ if (lp->a->read_csr(ioaddr, CSR0) & CSR0_IDON) - break; - -- lp->a.write_csr(ioaddr, CSR0, csr0_bits); -+ lp->a->write_csr(ioaddr, CSR0, csr0_bits); - } - - static void pcnet32_tx_timeout(struct net_device *dev) -@@ -2353,8 +2353,8 @@ static void pcnet32_tx_timeout(struct net_device *dev) - /* Transmitter timeout, serious problems. */ - if (pcnet32_debug & NETIF_MSG_DRV) - pr_err("%s: transmit timed out, status %4.4x, resetting\n", -- dev->name, lp->a.read_csr(ioaddr, CSR0)); -- lp->a.write_csr(ioaddr, CSR0, CSR0_STOP); -+ dev->name, lp->a->read_csr(ioaddr, CSR0)); -+ lp->a->write_csr(ioaddr, CSR0, CSR0_STOP); - dev->stats.tx_errors++; - if (netif_msg_tx_err(lp)) { - int i; -@@ -2397,7 +2397,7 @@ static netdev_tx_t pcnet32_start_xmit(struct sk_buff *skb, - - netif_printk(lp, tx_queued, KERN_DEBUG, dev, - "%s() called, csr0 %4.4x\n", -- __func__, lp->a.read_csr(ioaddr, CSR0)); -+ __func__, lp->a->read_csr(ioaddr, CSR0)); - - /* Default status -- will not enable Successful-TxDone - * interrupt when that option is available to us. -@@ -2427,7 +2427,7 @@ static netdev_tx_t pcnet32_start_xmit(struct sk_buff *skb, - dev->stats.tx_bytes += skb->len; - - /* Trigger an immediate send poll. */ -- lp->a.write_csr(ioaddr, CSR0, CSR0_INTEN | CSR0_TXPOLL); -+ lp->a->write_csr(ioaddr, CSR0, CSR0_INTEN | CSR0_TXPOLL); - - if (lp->tx_ring[(entry + 1) & lp->tx_mod_mask].base != 0) { - lp->tx_full = 1; -@@ -2452,16 +2452,16 @@ pcnet32_interrupt(int irq, void *dev_id) - - spin_lock(&lp->lock); - -- csr0 = lp->a.read_csr(ioaddr, CSR0); -+ csr0 = lp->a->read_csr(ioaddr, CSR0); - while ((csr0 & 0x8f00) && --boguscnt >= 0) { - if (csr0 == 0xffff) - break; /* PCMCIA remove happened */ - /* Acknowledge all of the current interrupt sources ASAP. */ -- lp->a.write_csr(ioaddr, CSR0, csr0 & ~0x004f); -+ lp->a->write_csr(ioaddr, CSR0, csr0 & ~0x004f); - - netif_printk(lp, intr, KERN_DEBUG, dev, - "interrupt csr0=%#2.2x new csr=%#2.2x\n", -- csr0, lp->a.read_csr(ioaddr, CSR0)); -+ csr0, lp->a->read_csr(ioaddr, CSR0)); - - /* Log misc errors. */ - if (csr0 & 0x4000) -@@ -2488,19 +2488,19 @@ pcnet32_interrupt(int irq, void *dev_id) - if (napi_schedule_prep(&lp->napi)) { - u16 val; - /* set interrupt masks */ -- val = lp->a.read_csr(ioaddr, CSR3); -+ val = lp->a->read_csr(ioaddr, CSR3); - val |= 0x5f00; -- lp->a.write_csr(ioaddr, CSR3, val); -+ lp->a->write_csr(ioaddr, CSR3, val); - - __napi_schedule(&lp->napi); - break; - } -- csr0 = lp->a.read_csr(ioaddr, CSR0); -+ csr0 = lp->a->read_csr(ioaddr, CSR0); - } - - netif_printk(lp, intr, KERN_DEBUG, dev, - "exiting interrupt, csr0=%#4.4x\n", -- lp->a.read_csr(ioaddr, CSR0)); -+ lp->a->read_csr(ioaddr, CSR0)); - - spin_unlock(&lp->lock); - -@@ -2520,20 +2520,20 @@ static int pcnet32_close(struct net_device *dev) - - spin_lock_irqsave(&lp->lock, flags); - -- dev->stats.rx_missed_errors = lp->a.read_csr(ioaddr, 112); -+ dev->stats.rx_missed_errors = lp->a->read_csr(ioaddr, 112); - - netif_printk(lp, ifdown, KERN_DEBUG, dev, - "Shutting down ethercard, status was %2.2x\n", -- lp->a.read_csr(ioaddr, CSR0)); -+ lp->a->read_csr(ioaddr, CSR0)); - - /* We stop the PCNET32 here -- it occasionally polls memory if we don't. */ -- lp->a.write_csr(ioaddr, CSR0, CSR0_STOP); -+ lp->a->write_csr(ioaddr, CSR0, CSR0_STOP); - - /* - * Switch back to 16bit mode to avoid problems with dumb - * DOS packet driver after a warm reboot - */ -- lp->a.write_bcr(ioaddr, 20, 4); -+ lp->a->write_bcr(ioaddr, 20, 4); - - spin_unlock_irqrestore(&lp->lock, flags); - -@@ -2556,7 +2556,7 @@ static struct net_device_stats *pcnet32_get_stats(struct net_device *dev) - unsigned long flags; - - spin_lock_irqsave(&lp->lock, flags); -- dev->stats.rx_missed_errors = lp->a.read_csr(ioaddr, 112); -+ dev->stats.rx_missed_errors = lp->a->read_csr(ioaddr, 112); - spin_unlock_irqrestore(&lp->lock, flags); - - return &dev->stats; -@@ -2577,10 +2577,10 @@ static void pcnet32_load_multicast(struct net_device *dev) - if (dev->flags & IFF_ALLMULTI) { - ib->filter[0] = cpu_to_le32(~0U); - ib->filter[1] = cpu_to_le32(~0U); -- lp->a.write_csr(ioaddr, PCNET32_MC_FILTER, 0xffff); -- lp->a.write_csr(ioaddr, PCNET32_MC_FILTER+1, 0xffff); -- lp->a.write_csr(ioaddr, PCNET32_MC_FILTER+2, 0xffff); -- lp->a.write_csr(ioaddr, PCNET32_MC_FILTER+3, 0xffff); -+ lp->a->write_csr(ioaddr, PCNET32_MC_FILTER, 0xffff); -+ lp->a->write_csr(ioaddr, PCNET32_MC_FILTER+1, 0xffff); -+ lp->a->write_csr(ioaddr, PCNET32_MC_FILTER+2, 0xffff); -+ lp->a->write_csr(ioaddr, PCNET32_MC_FILTER+3, 0xffff); - return; - } - /* clear the multicast filter */ -@@ -2594,7 +2594,7 @@ static void pcnet32_load_multicast(struct net_device *dev) - mcast_table[crc >> 4] |= cpu_to_le16(1 << (crc & 0xf)); - } - for (i = 0; i < 4; i++) -- lp->a.write_csr(ioaddr, PCNET32_MC_FILTER + i, -+ lp->a->write_csr(ioaddr, PCNET32_MC_FILTER + i, - le16_to_cpu(mcast_table[i])); - } - -@@ -2609,28 +2609,28 @@ static void pcnet32_set_multicast_list(struct net_device *dev) - - spin_lock_irqsave(&lp->lock, flags); - suspended = pcnet32_suspend(dev, &flags, 0); -- csr15 = lp->a.read_csr(ioaddr, CSR15); -+ csr15 = lp->a->read_csr(ioaddr, CSR15); - if (dev->flags & IFF_PROMISC) { - /* Log any net taps. */ - netif_info(lp, hw, dev, "Promiscuous mode enabled\n"); - lp->init_block->mode = - cpu_to_le16(0x8000 | (lp->options & PCNET32_PORT_PORTSEL) << - 7); -- lp->a.write_csr(ioaddr, CSR15, csr15 | 0x8000); -+ lp->a->write_csr(ioaddr, CSR15, csr15 | 0x8000); - } else { - lp->init_block->mode = - cpu_to_le16((lp->options & PCNET32_PORT_PORTSEL) << 7); -- lp->a.write_csr(ioaddr, CSR15, csr15 & 0x7fff); -+ lp->a->write_csr(ioaddr, CSR15, csr15 & 0x7fff); - pcnet32_load_multicast(dev); - } - - if (suspended) { - int csr5; - /* clear SUSPEND (SPND) - CSR5 bit 0 */ -- csr5 = lp->a.read_csr(ioaddr, CSR5); -- lp->a.write_csr(ioaddr, CSR5, csr5 & (~CSR5_SUSPEND)); -+ csr5 = lp->a->read_csr(ioaddr, CSR5); -+ lp->a->write_csr(ioaddr, CSR5, csr5 & (~CSR5_SUSPEND)); - } else { -- lp->a.write_csr(ioaddr, CSR0, CSR0_STOP); -+ lp->a->write_csr(ioaddr, CSR0, CSR0_STOP); - pcnet32_restart(dev, CSR0_NORMAL); - netif_wake_queue(dev); - } -@@ -2648,8 +2648,8 @@ static int mdio_read(struct net_device *dev, int phy_id, int reg_num) - if (!lp->mii) - return 0; - -- lp->a.write_bcr(ioaddr, 33, ((phy_id & 0x1f) << 5) | (reg_num & 0x1f)); -- val_out = lp->a.read_bcr(ioaddr, 34); -+ lp->a->write_bcr(ioaddr, 33, ((phy_id & 0x1f) << 5) | (reg_num & 0x1f)); -+ val_out = lp->a->read_bcr(ioaddr, 34); - - return val_out; - } -@@ -2663,8 +2663,8 @@ static void mdio_write(struct net_device *dev, int phy_id, int reg_num, int val) - if (!lp->mii) - return; - -- lp->a.write_bcr(ioaddr, 33, ((phy_id & 0x1f) << 5) | (reg_num & 0x1f)); -- lp->a.write_bcr(ioaddr, 34, val); -+ lp->a->write_bcr(ioaddr, 33, ((phy_id & 0x1f) << 5) | (reg_num & 0x1f)); -+ lp->a->write_bcr(ioaddr, 34, val); - } - - static int pcnet32_ioctl(struct net_device *dev, struct ifreq *rq, int cmd) -@@ -2741,7 +2741,7 @@ static void pcnet32_check_media(struct net_device *dev, int verbose) - curr_link = mii_link_ok(&lp->mii_if); - } else { - ulong ioaddr = dev->base_addr; /* card base I/O address */ -- curr_link = (lp->a.read_bcr(ioaddr, 4) != 0xc0); -+ curr_link = (lp->a->read_bcr(ioaddr, 4) != 0xc0); - } - if (!curr_link) { - if (prev_link || verbose) { -@@ -2764,13 +2764,13 @@ static void pcnet32_check_media(struct net_device *dev, int verbose) - (ecmd.duplex == DUPLEX_FULL) - ? "full" : "half"); - } -- bcr9 = lp->a.read_bcr(dev->base_addr, 9); -+ bcr9 = lp->a->read_bcr(dev->base_addr, 9); - if ((bcr9 & (1 << 0)) != lp->mii_if.full_duplex) { - if (lp->mii_if.full_duplex) - bcr9 |= (1 << 0); - else - bcr9 &= ~(1 << 0); -- lp->a.write_bcr(dev->base_addr, 9, bcr9); -+ lp->a->write_bcr(dev->base_addr, 9, bcr9); - } - } else { - netif_info(lp, link, dev, "link up\n"); -diff --git a/drivers/net/ppp_generic.c b/drivers/net/ppp_generic.c -index edfa15d..002bfa9 100644 ---- a/drivers/net/ppp_generic.c -+++ b/drivers/net/ppp_generic.c -@@ -987,7 +987,6 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) - void __user *addr = (void __user *) ifr->ifr_ifru.ifru_data; - struct ppp_stats stats; - struct ppp_comp_stats cstats; -- char *vers; +diff --git a/drivers/net/ethernet/neterion/vxge/vxge-config.h b/drivers/net/ethernet/neterion/vxge/vxge-config.h +index 5046a64..71ca936 100644 +--- a/drivers/net/ethernet/neterion/vxge/vxge-config.h ++++ b/drivers/net/ethernet/neterion/vxge/vxge-config.h +@@ -514,7 +514,7 @@ struct vxge_hw_uld_cbs { + void (*link_down)(struct __vxge_hw_device *devh); + void (*crit_err)(struct __vxge_hw_device *devh, + enum vxge_hw_event type, u64 ext_data); +-}; ++} __no_const; - switch (cmd) { - case SIOCGPPPSTATS: -@@ -1009,8 +1008,7 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) - break; + /* + * struct __vxge_hw_blockpool_entry - Block private data structure +diff --git a/drivers/net/ethernet/neterion/vxge/vxge-traffic.h b/drivers/net/ethernet/neterion/vxge/vxge-traffic.h +index 4a518a3..936b334 100644 +--- a/drivers/net/ethernet/neterion/vxge/vxge-traffic.h ++++ b/drivers/net/ethernet/neterion/vxge/vxge-traffic.h +@@ -2088,7 +2088,7 @@ struct vxge_hw_mempool_cbs { + struct vxge_hw_mempool_dma *dma_object, + u32 index, + u32 is_last); +-}; ++} __no_const; - case SIOCGPPPVER: -- vers = PPP_VERSION; -- if (copy_to_user(addr, vers, strlen(vers) + 1)) -+ if (copy_to_user(addr, PPP_VERSION, sizeof(PPP_VERSION))) - break; - err = 0; - break; -diff --git a/drivers/net/r8169.c b/drivers/net/r8169.c -index 6d657ca..d1be94b 100644 ---- a/drivers/net/r8169.c -+++ b/drivers/net/r8169.c -@@ -663,12 +663,12 @@ struct rtl8169_private { + #define VXGE_HW_VIRTUAL_PATH_HANDLE(vpath) \ + ((struct __vxge_hw_vpath_handle *)(vpath)->vpath_handles.next) +diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c +index c8f47f1..5da9840 100644 +--- a/drivers/net/ethernet/realtek/r8169.c ++++ b/drivers/net/ethernet/realtek/r8169.c +@@ -698,17 +698,17 @@ struct rtl8169_private { struct mdio_ops { void (*write)(void __iomem *, int, int); int (*read)(void __iomem *, int); @@ -34367,12 +32902,18 @@ index 6d657ca..d1be94b 100644 - } pll_power_ops; + } __no_const pll_power_ops; + struct jumbo_ops { + void (*enable)(struct rtl8169_private *); + void (*disable)(struct rtl8169_private *); +- } jumbo_ops; ++ } __no_const jumbo_ops; + int (*set_speed)(struct net_device *, u8 aneg, u16 sp, u8 dpx, u32 adv); int (*get_settings)(struct net_device *, struct ethtool_cmd *); -diff --git a/drivers/net/sis190.c b/drivers/net/sis190.c -index 3c0f131..17f8b02 100644 ---- a/drivers/net/sis190.c -+++ b/drivers/net/sis190.c +diff --git a/drivers/net/ethernet/sis/sis190.c b/drivers/net/ethernet/sis/sis190.c +index 1b4658c..a30dabb 100644 +--- a/drivers/net/ethernet/sis/sis190.c ++++ b/drivers/net/ethernet/sis/sis190.c @@ -1624,7 +1624,7 @@ static int __devinit sis190_get_mac_addr_from_eeprom(struct pci_dev *pdev, static int __devinit sis190_get_mac_addr_from_apc(struct pci_dev *pdev, struct net_device *dev) @@ -34382,31 +32923,28 @@ index 3c0f131..17f8b02 100644 struct sis190_private *tp = netdev_priv(dev); struct pci_dev *isa_bridge; u8 reg, tmp8; -diff --git a/drivers/net/sundance.c b/drivers/net/sundance.c -index 4793df8..44c9849 100644 ---- a/drivers/net/sundance.c -+++ b/drivers/net/sundance.c -@@ -218,7 +218,7 @@ enum { - struct pci_id_info { - const char *name; - }; --static const struct pci_id_info pci_id_tbl[] __devinitdata = { -+static const struct pci_id_info pci_id_tbl[] __devinitconst = { - {"D-Link DFE-550TX FAST Ethernet Adapter"}, - {"D-Link DFE-550FX 100Mbps Fiber-optics Adapter"}, - {"D-Link DFE-580TX 4 port Server Adapter"}, -diff --git a/drivers/net/tg3.h b/drivers/net/tg3.h -index 2ea456d..3ad9523 100644 ---- a/drivers/net/tg3.h -+++ b/drivers/net/tg3.h -@@ -134,6 +134,7 @@ - #define CHIPREV_ID_5750_A0 0x4000 - #define CHIPREV_ID_5750_A1 0x4001 - #define CHIPREV_ID_5750_A3 0x4003 -+#define CHIPREV_ID_5750_C1 0x4201 - #define CHIPREV_ID_5750_C2 0x4202 - #define CHIPREV_ID_5752_A0_HW 0x5000 - #define CHIPREV_ID_5752_A0 0x6000 +diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c +index edfa15d..002bfa9 100644 +--- a/drivers/net/ppp/ppp_generic.c ++++ b/drivers/net/ppp/ppp_generic.c +@@ -987,7 +987,6 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) + void __user *addr = (void __user *) ifr->ifr_ifru.ifru_data; + struct ppp_stats stats; + struct ppp_comp_stats cstats; +- char *vers; + + switch (cmd) { + case SIOCGPPPSTATS: +@@ -1009,8 +1008,7 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) + break; + + case SIOCGPPPVER: +- vers = PPP_VERSION; +- if (copy_to_user(addr, vers, strlen(vers) + 1)) ++ if (copy_to_user(addr, PPP_VERSION, sizeof(PPP_VERSION))) + break; + err = 0; + break; diff --git a/drivers/net/tokenring/abyss.c b/drivers/net/tokenring/abyss.c index 515f122..41dd273 100644 --- a/drivers/net/tokenring/abyss.c @@ -34484,67 +33022,6 @@ index 46db5c5..37c1536 100644 err = platform_driver_register(&sk_isa_driver); if (err) -diff --git a/drivers/net/tulip/de2104x.c b/drivers/net/tulip/de2104x.c -index ce90efc..2676f89 100644 ---- a/drivers/net/tulip/de2104x.c -+++ b/drivers/net/tulip/de2104x.c -@@ -1795,6 +1795,8 @@ static void __devinit de21041_get_srom_info (struct de_private *de) - struct de_srom_info_leaf *il; - void *bufp; - -+ pax_track_stack(); -+ - /* download entire eeprom */ - for (i = 0; i < DE_EEPROM_WORDS; i++) - ((__le16 *)ee_data)[i] = -diff --git a/drivers/net/tulip/de4x5.c b/drivers/net/tulip/de4x5.c -index 959b410..c97fac2 100644 ---- a/drivers/net/tulip/de4x5.c -+++ b/drivers/net/tulip/de4x5.c -@@ -5397,7 +5397,7 @@ de4x5_ioctl(struct net_device *dev, struct ifreq *rq, int cmd) - for (i=0; i<ETH_ALEN; i++) { - tmp.addr[i] = dev->dev_addr[i]; - } -- if (copy_to_user(ioc->data, tmp.addr, ioc->len)) return -EFAULT; -+ if (ioc->len > sizeof tmp.addr || copy_to_user(ioc->data, tmp.addr, ioc->len)) return -EFAULT; - break; - - case DE4X5_SET_HWADDR: /* Set the hardware address */ -@@ -5437,7 +5437,7 @@ de4x5_ioctl(struct net_device *dev, struct ifreq *rq, int cmd) - spin_lock_irqsave(&lp->lock, flags); - memcpy(&statbuf, &lp->pktStats, ioc->len); - spin_unlock_irqrestore(&lp->lock, flags); -- if (copy_to_user(ioc->data, &statbuf, ioc->len)) -+ if (ioc->len > sizeof statbuf || copy_to_user(ioc->data, &statbuf, ioc->len)) - return -EFAULT; - break; - } -diff --git a/drivers/net/tulip/eeprom.c b/drivers/net/tulip/eeprom.c -index fa5eee9..e074432 100644 ---- a/drivers/net/tulip/eeprom.c -+++ b/drivers/net/tulip/eeprom.c -@@ -81,7 +81,7 @@ static struct eeprom_fixup eeprom_fixups[] __devinitdata = { - {NULL}}; - - --static const char *block_name[] __devinitdata = { -+static const char *block_name[] __devinitconst = { - "21140 non-MII", - "21140 MII PHY", - "21142 Serial PHY", -diff --git a/drivers/net/tulip/winbond-840.c b/drivers/net/tulip/winbond-840.c -index 862eadf..3eee1e6 100644 ---- a/drivers/net/tulip/winbond-840.c -+++ b/drivers/net/tulip/winbond-840.c -@@ -236,7 +236,7 @@ struct pci_id_info { - int drv_flags; /* Driver use, intended as capability flags. */ - }; - --static const struct pci_id_info pci_id_tbl[] __devinitdata = { -+static const struct pci_id_info pci_id_tbl[] __devinitconst = { - { /* Sometime a Level-One switch card. */ - "Winbond W89c840", CanHaveMII | HasBrokenTx | FDXOnNoMII}, - { "Winbond W89c840", CanHaveMII | HasBrokenTx}, diff --git a/drivers/net/usb/hso.c b/drivers/net/usb/hso.c index 304fe78..db112fa 100644 --- a/drivers/net/usb/hso.c @@ -34646,7 +33123,7 @@ index 304fe78..db112fa 100644 hso_start_serial_device(serial_table[i], GFP_NOIO); hso_kick_transmit(dev2ser(serial_table[i])); diff --git a/drivers/net/vmxnet3/vmxnet3_ethtool.c b/drivers/net/vmxnet3/vmxnet3_ethtool.c -index 27400ed..c796e05 100644 +index e662cbc..8d4a102 100644 --- a/drivers/net/vmxnet3/vmxnet3_ethtool.c +++ b/drivers/net/vmxnet3/vmxnet3_ethtool.c @@ -601,8 +601,7 @@ vmxnet3_set_rss_indir(struct net_device *netdev, @@ -34659,159 +33136,11 @@ index 27400ed..c796e05 100644 return -EINVAL; } -diff --git a/drivers/net/vxge/vxge-config.h b/drivers/net/vxge/vxge-config.h -index dd36258..e47fd31 100644 ---- a/drivers/net/vxge/vxge-config.h -+++ b/drivers/net/vxge/vxge-config.h -@@ -514,7 +514,7 @@ struct vxge_hw_uld_cbs { - void (*link_down)(struct __vxge_hw_device *devh); - void (*crit_err)(struct __vxge_hw_device *devh, - enum vxge_hw_event type, u64 ext_data); --}; -+} __no_const; - - /* - * struct __vxge_hw_blockpool_entry - Block private data structure -diff --git a/drivers/net/vxge/vxge-main.c b/drivers/net/vxge/vxge-main.c -index 178348a2..18bb433 100644 ---- a/drivers/net/vxge/vxge-main.c -+++ b/drivers/net/vxge/vxge-main.c -@@ -100,6 +100,8 @@ static inline void VXGE_COMPLETE_VPATH_TX(struct vxge_fifo *fifo) - struct sk_buff *completed[NR_SKB_COMPLETED]; - int more; - -+ pax_track_stack(); -+ - do { - more = 0; - skb_ptr = completed; -@@ -1915,6 +1917,8 @@ static enum vxge_hw_status vxge_rth_configure(struct vxgedev *vdev) - u8 mtable[256] = {0}; /* CPU to vpath mapping */ - int index; - -+ pax_track_stack(); -+ - /* - * Filling - * - itable with bucket numbers -diff --git a/drivers/net/vxge/vxge-traffic.h b/drivers/net/vxge/vxge-traffic.h -index 4a518a3..936b334 100644 ---- a/drivers/net/vxge/vxge-traffic.h -+++ b/drivers/net/vxge/vxge-traffic.h -@@ -2088,7 +2088,7 @@ struct vxge_hw_mempool_cbs { - struct vxge_hw_mempool_dma *dma_object, - u32 index, - u32 is_last); --}; -+} __no_const; - - #define VXGE_HW_VIRTUAL_PATH_HANDLE(vpath) \ - ((struct __vxge_hw_vpath_handle *)(vpath)->vpath_handles.next) -diff --git a/drivers/net/wan/hdlc_x25.c b/drivers/net/wan/hdlc_x25.c -index 56aeb01..547f71f 100644 ---- a/drivers/net/wan/hdlc_x25.c -+++ b/drivers/net/wan/hdlc_x25.c -@@ -134,16 +134,16 @@ static netdev_tx_t x25_xmit(struct sk_buff *skb, struct net_device *dev) - - static int x25_open(struct net_device *dev) - { -- struct lapb_register_struct cb; -+ static struct lapb_register_struct cb = { -+ .connect_confirmation = x25_connected, -+ .connect_indication = x25_connected, -+ .disconnect_confirmation = x25_disconnected, -+ .disconnect_indication = x25_disconnected, -+ .data_indication = x25_data_indication, -+ .data_transmit = x25_data_transmit -+ }; - int result; - -- cb.connect_confirmation = x25_connected; -- cb.connect_indication = x25_connected; -- cb.disconnect_confirmation = x25_disconnected; -- cb.disconnect_indication = x25_disconnected; -- cb.data_indication = x25_data_indication; -- cb.data_transmit = x25_data_transmit; -- - result = lapb_register(dev, &cb); - if (result != LAPB_OK) - return result; -diff --git a/drivers/net/wimax/i2400m/usb-fw.c b/drivers/net/wimax/i2400m/usb-fw.c -index 1fda46c..f2858f2 100644 ---- a/drivers/net/wimax/i2400m/usb-fw.c -+++ b/drivers/net/wimax/i2400m/usb-fw.c -@@ -287,6 +287,8 @@ ssize_t i2400mu_bus_bm_wait_for_ack(struct i2400m *i2400m, - int do_autopm = 1; - DECLARE_COMPLETION_ONSTACK(notif_completion); - -+ pax_track_stack(); -+ - d_fnstart(8, dev, "(i2400m %p ack %p size %zu)\n", - i2400m, ack, ack_size); - BUG_ON(_ack == i2400m->bm_ack_buf); -diff --git a/drivers/net/wireless/airo.c b/drivers/net/wireless/airo.c -index e1b3e3c..e413f18 100644 ---- a/drivers/net/wireless/airo.c -+++ b/drivers/net/wireless/airo.c -@@ -3003,6 +3003,8 @@ static void airo_process_scan_results (struct airo_info *ai) { - BSSListElement * loop_net; - BSSListElement * tmp_net; - -+ pax_track_stack(); -+ - /* Blow away current list of scan results */ - list_for_each_entry_safe (loop_net, tmp_net, &ai->network_list, list) { - list_move_tail (&loop_net->list, &ai->network_free_list); -@@ -3794,6 +3796,8 @@ static u16 setup_card(struct airo_info *ai, u8 *mac, int lock) - WepKeyRid wkr; - int rc; - -+ pax_track_stack(); -+ - memset( &mySsid, 0, sizeof( mySsid ) ); - kfree (ai->flash); - ai->flash = NULL; -@@ -4753,6 +4757,8 @@ static int proc_stats_rid_open( struct inode *inode, - __le32 *vals = stats.vals; - int len; - -+ pax_track_stack(); -+ - if ((file->private_data = kzalloc(sizeof(struct proc_data ), GFP_KERNEL)) == NULL) - return -ENOMEM; - data = file->private_data; -@@ -5476,6 +5482,8 @@ static int proc_BSSList_open( struct inode *inode, struct file *file ) { - /* If doLoseSync is not 1, we won't do a Lose Sync */ - int doLoseSync = -1; - -+ pax_track_stack(); -+ - if ((file->private_data = kzalloc(sizeof(struct proc_data ), GFP_KERNEL)) == NULL) - return -ENOMEM; - data = file->private_data; -@@ -7181,6 +7189,8 @@ static int airo_get_aplist(struct net_device *dev, - int i; - int loseSync = capable(CAP_NET_ADMIN) ? 1: -1; - -+ pax_track_stack(); -+ - qual = kmalloc(IW_MAX_AP * sizeof(*qual), GFP_KERNEL); - if (!qual) - return -ENOMEM; -@@ -7741,6 +7751,8 @@ static void airo_read_wireless_stats(struct airo_info *local) - CapabilityRid cap_rid; - __le32 *vals = stats_rid.vals; - -+ pax_track_stack(); -+ - /* Get stats out of the card */ - clear_bit(JOB_WSTATS, &local->jobs); - if (local->power.event) { diff --git a/drivers/net/wireless/ath/ath.h b/drivers/net/wireless/ath/ath.h -index 17c4b56..00d836f 100644 +index 0f9ee46..e2d6e65 100644 --- a/drivers/net/wireless/ath/ath.h +++ b/drivers/net/wireless/ath/ath.h -@@ -121,6 +121,7 @@ struct ath_ops { +@@ -119,6 +119,7 @@ struct ath_ops { void (*write_flush) (void *); u32 (*rmw)(void *, u32 reg_offset, u32 set, u32 clr); }; @@ -34819,175 +33148,216 @@ index 17c4b56..00d836f 100644 struct ath_common; struct ath_bus_ops; -diff --git a/drivers/net/wireless/ath/ath5k/debug.c b/drivers/net/wireless/ath/ath5k/debug.c -index ccca724..7afbadc 100644 ---- a/drivers/net/wireless/ath/ath5k/debug.c -+++ b/drivers/net/wireless/ath/ath5k/debug.c -@@ -203,6 +203,8 @@ static ssize_t read_file_beacon(struct file *file, char __user *user_buf, - unsigned int v; - u64 tsf; - -+ pax_track_stack(); -+ - v = ath5k_hw_reg_read(ah, AR5K_BEACON); - len += snprintf(buf + len, sizeof(buf) - len, - "%-24s0x%08x\tintval: %d\tTIM: 0x%x\n", -@@ -321,6 +323,8 @@ static ssize_t read_file_debug(struct file *file, char __user *user_buf, - unsigned int len = 0; - unsigned int i; - -+ pax_track_stack(); -+ - len += snprintf(buf + len, sizeof(buf) - len, - "DEBUG LEVEL: 0x%08x\n\n", ah->debug.level); - -@@ -492,6 +496,8 @@ static ssize_t read_file_misc(struct file *file, char __user *user_buf, - unsigned int len = 0; - u32 filt = ath5k_hw_get_rx_filter(ah); - -+ pax_track_stack(); -+ - len += snprintf(buf + len, sizeof(buf) - len, "bssid-mask: %pM\n", - ah->bssidmask); - len += snprintf(buf + len, sizeof(buf) - len, "filter-flags: 0x%x ", -@@ -548,6 +554,8 @@ static ssize_t read_file_frameerrors(struct file *file, char __user *user_buf, - unsigned int len = 0; - int i; - -+ pax_track_stack(); -+ - len += snprintf(buf + len, sizeof(buf) - len, - "RX\n---------------------\n"); - len += snprintf(buf + len, sizeof(buf) - len, "CRC\t%u\t(%u%%)\n", -@@ -665,6 +673,8 @@ static ssize_t read_file_ani(struct file *file, char __user *user_buf, - char buf[700]; - unsigned int len = 0; - -+ pax_track_stack(); -+ - len += snprintf(buf + len, sizeof(buf) - len, - "HW has PHY error counters:\t%s\n", - ah->ah_capabilities.cap_has_phyerr_counters ? -@@ -829,6 +839,8 @@ static ssize_t read_file_queue(struct file *file, char __user *user_buf, - struct ath5k_buf *bf, *bf0; - int i, n; - -+ pax_track_stack(); -+ - len += snprintf(buf + len, sizeof(buf) - len, - "available txbuffers: %d\n", ah->txbuf_len); - -diff --git a/drivers/net/wireless/ath/ath9k/ar9003_calib.c b/drivers/net/wireless/ath/ath9k/ar9003_calib.c -index 7c2aaad..ad14dee 100644 ---- a/drivers/net/wireless/ath/ath9k/ar9003_calib.c -+++ b/drivers/net/wireless/ath/ath9k/ar9003_calib.c -@@ -758,6 +758,8 @@ static void ar9003_hw_tx_iq_cal_post_proc(struct ath_hw *ah) - int i, im, j; - int nmeasurement; - -+ pax_track_stack(); -+ - for (i = 0; i < AR9300_MAX_CHAINS; i++) { - if (ah->txchainmask & (1 << i)) - num_chains++; -diff --git a/drivers/net/wireless/ath/ath9k/ar9003_paprd.c b/drivers/net/wireless/ath/ath9k/ar9003_paprd.c -index f80d1d6..08b773d 100644 ---- a/drivers/net/wireless/ath/ath9k/ar9003_paprd.c -+++ b/drivers/net/wireless/ath/ath9k/ar9003_paprd.c -@@ -406,6 +406,8 @@ static bool create_pa_curve(u32 *data_L, u32 *data_U, u32 *pa_table, u16 *gain) - int theta_low_bin = 0; - int i; +diff --git a/drivers/net/wireless/ath/ath9k/ar9002_mac.c b/drivers/net/wireless/ath/ath9k/ar9002_mac.c +index b592016..fe47870 100644 +--- a/drivers/net/wireless/ath/ath9k/ar9002_mac.c ++++ b/drivers/net/wireless/ath/ath9k/ar9002_mac.c +@@ -183,8 +183,8 @@ ar9002_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i) + ads->ds_txstatus6 = ads->ds_txstatus7 = 0; + ads->ds_txstatus8 = ads->ds_txstatus9 = 0; + +- ACCESS_ONCE(ads->ds_link) = i->link; +- ACCESS_ONCE(ads->ds_data) = i->buf_addr[0]; ++ ACCESS_ONCE_RW(ads->ds_link) = i->link; ++ ACCESS_ONCE_RW(ads->ds_data) = i->buf_addr[0]; + + ctl1 = i->buf_len[0] | (i->is_last ? 0 : AR_TxMore); + ctl6 = SM(i->keytype, AR_EncrType); +@@ -198,26 +198,26 @@ ar9002_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i) + + if ((i->is_first || i->is_last) && + i->aggr != AGGR_BUF_MIDDLE && i->aggr != AGGR_BUF_LAST) { +- ACCESS_ONCE(ads->ds_ctl2) = set11nTries(i->rates, 0) ++ ACCESS_ONCE_RW(ads->ds_ctl2) = set11nTries(i->rates, 0) + | set11nTries(i->rates, 1) + | set11nTries(i->rates, 2) + | set11nTries(i->rates, 3) + | (i->dur_update ? AR_DurUpdateEna : 0) + | SM(0, AR_BurstDur); + +- ACCESS_ONCE(ads->ds_ctl3) = set11nRate(i->rates, 0) ++ ACCESS_ONCE_RW(ads->ds_ctl3) = set11nRate(i->rates, 0) + | set11nRate(i->rates, 1) + | set11nRate(i->rates, 2) + | set11nRate(i->rates, 3); + } else { +- ACCESS_ONCE(ads->ds_ctl2) = 0; +- ACCESS_ONCE(ads->ds_ctl3) = 0; ++ ACCESS_ONCE_RW(ads->ds_ctl2) = 0; ++ ACCESS_ONCE_RW(ads->ds_ctl3) = 0; + } + + if (!i->is_first) { +- ACCESS_ONCE(ads->ds_ctl0) = 0; +- ACCESS_ONCE(ads->ds_ctl1) = ctl1; +- ACCESS_ONCE(ads->ds_ctl6) = ctl6; ++ ACCESS_ONCE_RW(ads->ds_ctl0) = 0; ++ ACCESS_ONCE_RW(ads->ds_ctl1) = ctl1; ++ ACCESS_ONCE_RW(ads->ds_ctl6) = ctl6; + return; + } -+ pax_track_stack(); -+ - /* disregard any bin that contains <= 16 samples */ - thresh_accum_cnt = 16; - scale_factor = 5; -diff --git a/drivers/net/wireless/ath/ath9k/debug.c b/drivers/net/wireless/ath/ath9k/debug.c -index d1eb896..8b67cd4 100644 ---- a/drivers/net/wireless/ath/ath9k/debug.c -+++ b/drivers/net/wireless/ath/ath9k/debug.c -@@ -387,6 +387,8 @@ static ssize_t read_file_interrupt(struct file *file, char __user *user_buf, - char buf[512]; - unsigned int len = 0; - -+ pax_track_stack(); -+ - if (sc->sc_ah->caps.hw_caps & ATH9K_HW_CAP_EDMA) { - len += snprintf(buf + len, sizeof(buf) - len, - "%8s: %10u\n", "RXLP", sc->debug.stats.istats.rxlp); -@@ -477,6 +479,8 @@ static ssize_t read_file_wiphy(struct file *file, char __user *user_buf, - u8 addr[ETH_ALEN]; - u32 tmp; - -+ pax_track_stack(); -+ - len += snprintf(buf + len, sizeof(buf) - len, - "%s (chan=%d center-freq: %d MHz channel-type: %d (%s))\n", - wiphy_name(sc->hw->wiphy), -diff --git a/drivers/net/wireless/ath/ath9k/htc_drv_debug.c b/drivers/net/wireless/ath/ath9k/htc_drv_debug.c -index d3ff33c..309398e 100644 ---- a/drivers/net/wireless/ath/ath9k/htc_drv_debug.c -+++ b/drivers/net/wireless/ath/ath9k/htc_drv_debug.c -@@ -31,6 +31,8 @@ static ssize_t read_file_tgt_int_stats(struct file *file, char __user *user_buf, - unsigned int len = 0; - int ret = 0; +@@ -242,7 +242,7 @@ ar9002_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i) + break; + } -+ pax_track_stack(); -+ - memset(&cmd_rsp, 0, sizeof(cmd_rsp)); +- ACCESS_ONCE(ads->ds_ctl0) = (i->pkt_len & AR_FrameLen) ++ ACCESS_ONCE_RW(ads->ds_ctl0) = (i->pkt_len & AR_FrameLen) + | (i->flags & ATH9K_TXDESC_VMF ? AR_VirtMoreFrag : 0) + | SM(i->txpower, AR_XmitPower) + | (i->flags & ATH9K_TXDESC_VEOL ? AR_VEOL : 0) +@@ -252,19 +252,19 @@ ar9002_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i) + | (i->flags & ATH9K_TXDESC_RTSENA ? AR_RTSEnable : + (i->flags & ATH9K_TXDESC_CTSENA ? AR_CTSEnable : 0)); - ath9k_htc_ps_wakeup(priv); -@@ -89,6 +91,8 @@ static ssize_t read_file_tgt_tx_stats(struct file *file, char __user *user_buf, - unsigned int len = 0; - int ret = 0; +- ACCESS_ONCE(ads->ds_ctl1) = ctl1; +- ACCESS_ONCE(ads->ds_ctl6) = ctl6; ++ ACCESS_ONCE_RW(ads->ds_ctl1) = ctl1; ++ ACCESS_ONCE_RW(ads->ds_ctl6) = ctl6; -+ pax_track_stack(); -+ - memset(&cmd_rsp, 0, sizeof(cmd_rsp)); + if (i->aggr == AGGR_BUF_MIDDLE || i->aggr == AGGR_BUF_LAST) + return; - ath9k_htc_ps_wakeup(priv); -@@ -159,6 +163,8 @@ static ssize_t read_file_tgt_rx_stats(struct file *file, char __user *user_buf, - unsigned int len = 0; - int ret = 0; +- ACCESS_ONCE(ads->ds_ctl4) = set11nPktDurRTSCTS(i->rates, 0) ++ ACCESS_ONCE_RW(ads->ds_ctl4) = set11nPktDurRTSCTS(i->rates, 0) + | set11nPktDurRTSCTS(i->rates, 1); + +- ACCESS_ONCE(ads->ds_ctl5) = set11nPktDurRTSCTS(i->rates, 2) ++ ACCESS_ONCE_RW(ads->ds_ctl5) = set11nPktDurRTSCTS(i->rates, 2) + | set11nPktDurRTSCTS(i->rates, 3); + +- ACCESS_ONCE(ads->ds_ctl7) = set11nRateFlags(i->rates, 0) ++ ACCESS_ONCE_RW(ads->ds_ctl7) = set11nRateFlags(i->rates, 0) + | set11nRateFlags(i->rates, 1) + | set11nRateFlags(i->rates, 2) + | set11nRateFlags(i->rates, 3) +diff --git a/drivers/net/wireless/ath/ath9k/ar9003_mac.c b/drivers/net/wireless/ath/ath9k/ar9003_mac.c +index ccde784..db012b3 100644 +--- a/drivers/net/wireless/ath/ath9k/ar9003_mac.c ++++ b/drivers/net/wireless/ath/ath9k/ar9003_mac.c +@@ -35,47 +35,47 @@ ar9003_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i) + (i->qcu << AR_TxQcuNum_S) | 0x17; + + checksum += val; +- ACCESS_ONCE(ads->info) = val; ++ ACCESS_ONCE_RW(ads->info) = val; + + checksum += i->link; +- ACCESS_ONCE(ads->link) = i->link; ++ ACCESS_ONCE_RW(ads->link) = i->link; + + checksum += i->buf_addr[0]; +- ACCESS_ONCE(ads->data0) = i->buf_addr[0]; ++ ACCESS_ONCE_RW(ads->data0) = i->buf_addr[0]; + checksum += i->buf_addr[1]; +- ACCESS_ONCE(ads->data1) = i->buf_addr[1]; ++ ACCESS_ONCE_RW(ads->data1) = i->buf_addr[1]; + checksum += i->buf_addr[2]; +- ACCESS_ONCE(ads->data2) = i->buf_addr[2]; ++ ACCESS_ONCE_RW(ads->data2) = i->buf_addr[2]; + checksum += i->buf_addr[3]; +- ACCESS_ONCE(ads->data3) = i->buf_addr[3]; ++ ACCESS_ONCE_RW(ads->data3) = i->buf_addr[3]; + + checksum += (val = (i->buf_len[0] << AR_BufLen_S) & AR_BufLen); +- ACCESS_ONCE(ads->ctl3) = val; ++ ACCESS_ONCE_RW(ads->ctl3) = val; + checksum += (val = (i->buf_len[1] << AR_BufLen_S) & AR_BufLen); +- ACCESS_ONCE(ads->ctl5) = val; ++ ACCESS_ONCE_RW(ads->ctl5) = val; + checksum += (val = (i->buf_len[2] << AR_BufLen_S) & AR_BufLen); +- ACCESS_ONCE(ads->ctl7) = val; ++ ACCESS_ONCE_RW(ads->ctl7) = val; + checksum += (val = (i->buf_len[3] << AR_BufLen_S) & AR_BufLen); +- ACCESS_ONCE(ads->ctl9) = val; ++ ACCESS_ONCE_RW(ads->ctl9) = val; + + checksum = (u16) (((checksum & 0xffff) + (checksum >> 16)) & 0xffff); +- ACCESS_ONCE(ads->ctl10) = checksum; ++ ACCESS_ONCE_RW(ads->ctl10) = checksum; + + if (i->is_first || i->is_last) { +- ACCESS_ONCE(ads->ctl13) = set11nTries(i->rates, 0) ++ ACCESS_ONCE_RW(ads->ctl13) = set11nTries(i->rates, 0) + | set11nTries(i->rates, 1) + | set11nTries(i->rates, 2) + | set11nTries(i->rates, 3) + | (i->dur_update ? AR_DurUpdateEna : 0) + | SM(0, AR_BurstDur); + +- ACCESS_ONCE(ads->ctl14) = set11nRate(i->rates, 0) ++ ACCESS_ONCE_RW(ads->ctl14) = set11nRate(i->rates, 0) + | set11nRate(i->rates, 1) + | set11nRate(i->rates, 2) + | set11nRate(i->rates, 3); + } else { +- ACCESS_ONCE(ads->ctl13) = 0; +- ACCESS_ONCE(ads->ctl14) = 0; ++ ACCESS_ONCE_RW(ads->ctl13) = 0; ++ ACCESS_ONCE_RW(ads->ctl14) = 0; + } + + ads->ctl20 = 0; +@@ -84,17 +84,17 @@ ar9003_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i) + + ctl17 = SM(i->keytype, AR_EncrType); + if (!i->is_first) { +- ACCESS_ONCE(ads->ctl11) = 0; +- ACCESS_ONCE(ads->ctl12) = i->is_last ? 0 : AR_TxMore; +- ACCESS_ONCE(ads->ctl15) = 0; +- ACCESS_ONCE(ads->ctl16) = 0; +- ACCESS_ONCE(ads->ctl17) = ctl17; +- ACCESS_ONCE(ads->ctl18) = 0; +- ACCESS_ONCE(ads->ctl19) = 0; ++ ACCESS_ONCE_RW(ads->ctl11) = 0; ++ ACCESS_ONCE_RW(ads->ctl12) = i->is_last ? 0 : AR_TxMore; ++ ACCESS_ONCE_RW(ads->ctl15) = 0; ++ ACCESS_ONCE_RW(ads->ctl16) = 0; ++ ACCESS_ONCE_RW(ads->ctl17) = ctl17; ++ ACCESS_ONCE_RW(ads->ctl18) = 0; ++ ACCESS_ONCE_RW(ads->ctl19) = 0; + return; + } -+ pax_track_stack(); -+ - memset(&cmd_rsp, 0, sizeof(cmd_rsp)); +- ACCESS_ONCE(ads->ctl11) = (i->pkt_len & AR_FrameLen) ++ ACCESS_ONCE_RW(ads->ctl11) = (i->pkt_len & AR_FrameLen) + | (i->flags & ATH9K_TXDESC_VMF ? AR_VirtMoreFrag : 0) + | SM(i->txpower, AR_XmitPower) + | (i->flags & ATH9K_TXDESC_VEOL ? AR_VEOL : 0) +@@ -130,22 +130,22 @@ ar9003_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i) + val = (i->flags & ATH9K_TXDESC_PAPRD) >> ATH9K_TXDESC_PAPRD_S; + ctl12 |= SM(val, AR_PAPRDChainMask); - ath9k_htc_ps_wakeup(priv); -@@ -203,6 +209,8 @@ static ssize_t read_file_xmit(struct file *file, char __user *user_buf, - char buf[512]; - unsigned int len = 0; +- ACCESS_ONCE(ads->ctl12) = ctl12; +- ACCESS_ONCE(ads->ctl17) = ctl17; ++ ACCESS_ONCE_RW(ads->ctl12) = ctl12; ++ ACCESS_ONCE_RW(ads->ctl17) = ctl17; -+ pax_track_stack(); -+ - len += snprintf(buf + len, sizeof(buf) - len, - "%20s : %10u\n", "Buffers queued", - priv->debug.tx_stats.buf_queued); -@@ -376,6 +384,8 @@ static ssize_t read_file_slot(struct file *file, char __user *user_buf, - char buf[512]; - unsigned int len = 0; +- ACCESS_ONCE(ads->ctl15) = set11nPktDurRTSCTS(i->rates, 0) ++ ACCESS_ONCE_RW(ads->ctl15) = set11nPktDurRTSCTS(i->rates, 0) + | set11nPktDurRTSCTS(i->rates, 1); -+ pax_track_stack(); -+ - spin_lock_bh(&priv->tx.tx_lock); +- ACCESS_ONCE(ads->ctl16) = set11nPktDurRTSCTS(i->rates, 2) ++ ACCESS_ONCE_RW(ads->ctl16) = set11nPktDurRTSCTS(i->rates, 2) + | set11nPktDurRTSCTS(i->rates, 3); - len += snprintf(buf + len, sizeof(buf) - len, "TX slot bitmap : "); -@@ -411,6 +421,8 @@ static ssize_t read_file_queue(struct file *file, char __user *user_buf, - char buf[512]; - unsigned int len = 0; +- ACCESS_ONCE(ads->ctl18) = set11nRateFlags(i->rates, 0) ++ ACCESS_ONCE_RW(ads->ctl18) = set11nRateFlags(i->rates, 0) + | set11nRateFlags(i->rates, 1) + | set11nRateFlags(i->rates, 2) + | set11nRateFlags(i->rates, 3) + | SM(i->rtscts_rate, AR_RTSCTSRate); -+ pax_track_stack(); -+ - len += snprintf(buf + len, sizeof(buf) - len, "%20s : %10u\n", - "Mgmt endpoint", skb_queue_len(&priv->tx.mgmt_ep_queue)); +- ACCESS_ONCE(ads->ctl19) = AR_Not_Sounding; ++ ACCESS_ONCE_RW(ads->ctl19) = AR_Not_Sounding; + } + static u16 ar9003_calc_ptr_chksum(struct ar9003_txc *ads) diff --git a/drivers/net/wireless/ath/ath9k/hw.h b/drivers/net/wireless/ath/ath9k/hw.h -index c798890..c19a8fb 100644 +index f389b3c..7359e18 100644 --- a/drivers/net/wireless/ath/ath9k/hw.h +++ b/drivers/net/wireless/ath/ath9k/hw.h -@@ -588,7 +588,7 @@ struct ath_hw_private_ops { +@@ -605,7 +605,7 @@ struct ath_hw_private_ops { /* ANI */ void (*ani_cache_ini_regs)(struct ath_hw *ah); @@ -34996,7 +33366,7 @@ index c798890..c19a8fb 100644 /** * struct ath_hw_ops - callbacks used by hardware code and driver code -@@ -639,7 +639,7 @@ struct ath_hw_ops { +@@ -635,7 +635,7 @@ struct ath_hw_ops { void (*antdiv_comb_conf_set)(struct ath_hw *ah, struct ath_hw_antcomb_conf *antconf); @@ -35005,8 +33375,8 @@ index c798890..c19a8fb 100644 struct ath_nf_limits { s16 max; -@@ -652,7 +652,7 @@ struct ath_nf_limits { - #define AH_UNPLUGGED 0x2 /* The card has been physically removed. */ +@@ -655,7 +655,7 @@ enum ath_cal_list { + #define AH_FASTCC 0x4 struct ath_hw { - struct ath_ops reg_ops; @@ -35014,46 +33384,24 @@ index c798890..c19a8fb 100644 struct ieee80211_hw *hw; struct ath_common common; -diff --git a/drivers/net/wireless/ipw2x00/ipw2100.c b/drivers/net/wireless/ipw2x00/ipw2100.c -index ef9ad79..f5f8d80 100644 ---- a/drivers/net/wireless/ipw2x00/ipw2100.c -+++ b/drivers/net/wireless/ipw2x00/ipw2100.c -@@ -2102,6 +2102,8 @@ static int ipw2100_set_essid(struct ipw2100_priv *priv, char *essid, - int err; - DECLARE_SSID_BUF(ssid); - -+ pax_track_stack(); -+ - IPW_DEBUG_HC("SSID: '%s'\n", print_ssid(ssid, essid, ssid_len)); - - if (ssid_len) -@@ -5451,6 +5453,8 @@ static int ipw2100_set_key(struct ipw2100_priv *priv, - struct ipw2100_wep_key *wep_key = (void *)cmd.host_command_parameters; - int err; - -+ pax_track_stack(); -+ - IPW_DEBUG_HC("WEP_KEY_INFO: index = %d, len = %d/%d\n", - idx, keylen, len); - -diff --git a/drivers/net/wireless/ipw2x00/libipw_rx.c b/drivers/net/wireless/ipw2x00/libipw_rx.c -index 32a9966..de69787 100644 ---- a/drivers/net/wireless/ipw2x00/libipw_rx.c -+++ b/drivers/net/wireless/ipw2x00/libipw_rx.c -@@ -1565,6 +1565,8 @@ static void libipw_process_probe_response(struct libipw_device - unsigned long flags; - DECLARE_SSID_BUF(ssid); +diff --git a/drivers/net/wireless/brcm80211/brcmsmac/phy/phy_int.h b/drivers/net/wireless/brcm80211/brcmsmac/phy/phy_int.h +index bea8524..c677c06 100644 +--- a/drivers/net/wireless/brcm80211/brcmsmac/phy/phy_int.h ++++ b/drivers/net/wireless/brcm80211/brcmsmac/phy/phy_int.h +@@ -547,7 +547,7 @@ struct phy_func_ptr { + void (*carrsuppr)(struct brcms_phy *); + s32 (*rxsigpwr)(struct brcms_phy *, s32); + void (*detach)(struct brcms_phy *); +-}; ++} __no_const; -+ pax_track_stack(); -+ - LIBIPW_DEBUG_SCAN("'%s' (%pM" - "): %c%c%c%c %c%c%c%c-%c%c%c%c %c%c%c%c\n", - print_ssid(ssid, info_element->data, info_element->len), + struct brcms_phy { + struct brcms_phy_pub pubpi_ro; diff --git a/drivers/net/wireless/iwlegacy/iwl3945-base.c b/drivers/net/wireless/iwlegacy/iwl3945-base.c -index 66ee1562..b90412b 100644 +index b282d86..bee832f 100644 --- a/drivers/net/wireless/iwlegacy/iwl3945-base.c +++ b/drivers/net/wireless/iwlegacy/iwl3945-base.c -@@ -3687,7 +3687,9 @@ static int iwl3945_pci_probe(struct pci_dev *pdev, const struct pci_device_id *e +@@ -3686,7 +3686,9 @@ static int iwl3945_pci_probe(struct pci_dev *pdev, const struct pci_device_id *e */ if (iwl3945_mod_params.disable_hw_scan) { IWL_DEBUG_INFO(priv, "Disabling hw_scan\n"); @@ -35064,83 +33412,26 @@ index 66ee1562..b90412b 100644 } IWL_DEBUG_INFO(priv, "*** LOAD DRIVER ***\n"); -diff --git a/drivers/net/wireless/iwlwifi/iwl-agn-rs.c b/drivers/net/wireless/iwlwifi/iwl-agn-rs.c -index 3789ff4..22ab151 100644 ---- a/drivers/net/wireless/iwlwifi/iwl-agn-rs.c -+++ b/drivers/net/wireless/iwlwifi/iwl-agn-rs.c -@@ -920,6 +920,8 @@ static void rs_tx_status(void *priv_r, struct ieee80211_supported_band *sband, - struct iwl_station_priv *sta_priv = (void *)sta->drv_priv; - struct iwl_rxon_context *ctx = sta_priv->common.ctx; - -+ pax_track_stack(); -+ - IWL_DEBUG_RATE_LIMIT(priv, "get frame ack response, update rate scale window\n"); - - /* Treat uninitialized rate scaling data same as non-existing. */ -@@ -2931,6 +2933,8 @@ static void rs_fill_link_cmd(struct iwl_priv *priv, - container_of(lq_sta, struct iwl_station_priv, lq_sta); - struct iwl_link_quality_cmd *lq_cmd = &lq_sta->lq; - -+ pax_track_stack(); -+ - /* Override starting rate (index 0) if needed for debug purposes */ - rs_dbgfs_set_mcs(lq_sta, &new_rate, index); - diff --git a/drivers/net/wireless/iwlwifi/iwl-debug.h b/drivers/net/wireless/iwlwifi/iwl-debug.h -index f9a407e..a6f2bb7 100644 +index 69a77e2..552b42c 100644 --- a/drivers/net/wireless/iwlwifi/iwl-debug.h +++ b/drivers/net/wireless/iwlwifi/iwl-debug.h -@@ -68,8 +68,8 @@ do { \ +@@ -71,8 +71,8 @@ do { \ } while (0) #else --#define IWL_DEBUG(__priv, level, fmt, args...) --#define IWL_DEBUG_LIMIT(__priv, level, fmt, args...) -+#define IWL_DEBUG(__priv, level, fmt, args...) do {} while (0) -+#define IWL_DEBUG_LIMIT(__priv, level, fmt, args...) do {} while (0) - static inline void iwl_print_hex_dump(struct iwl_priv *priv, int level, - const void *p, u32 len) - {} -diff --git a/drivers/net/wireless/iwlwifi/iwl-debugfs.c b/drivers/net/wireless/iwlwifi/iwl-debugfs.c -index ec1485b..900c3bd 100644 ---- a/drivers/net/wireless/iwlwifi/iwl-debugfs.c -+++ b/drivers/net/wireless/iwlwifi/iwl-debugfs.c -@@ -561,6 +561,8 @@ static ssize_t iwl_dbgfs_status_read(struct file *file, - int pos = 0; - const size_t bufsz = sizeof(buf); - -+ pax_track_stack(); -+ - pos += scnprintf(buf + pos, bufsz - pos, "STATUS_HCMD_ACTIVE:\t %d\n", - test_bit(STATUS_HCMD_ACTIVE, &priv->status)); - pos += scnprintf(buf + pos, bufsz - pos, "STATUS_INT_ENABLED:\t %d\n", -@@ -693,6 +695,8 @@ static ssize_t iwl_dbgfs_qos_read(struct file *file, char __user *user_buf, - char buf[256 * NUM_IWL_RXON_CTX]; - const size_t bufsz = sizeof(buf); - -+ pax_track_stack(); -+ - for_each_context(priv, ctx) { - pos += scnprintf(buf + pos, bufsz - pos, "context %d:\n", - ctx->ctxid); -diff --git a/drivers/net/wireless/iwmc3200wifi/debugfs.c b/drivers/net/wireless/iwmc3200wifi/debugfs.c -index 0a0cc96..fd49ad8 100644 ---- a/drivers/net/wireless/iwmc3200wifi/debugfs.c -+++ b/drivers/net/wireless/iwmc3200wifi/debugfs.c -@@ -327,6 +327,8 @@ static ssize_t iwm_debugfs_fw_err_read(struct file *filp, - int buf_len = 512; - size_t len = 0; - -+ pax_track_stack(); -+ - if (*ppos != 0) - return 0; - if (count < sizeof(buf)) +-#define IWL_DEBUG(m, level, fmt, args...) +-#define IWL_DEBUG_LIMIT(m, level, fmt, args...) ++#define IWL_DEBUG(m, level, fmt, args...) do {} while (0) ++#define IWL_DEBUG_LIMIT(m, level, fmt, args...) do {} while (0) + #define iwl_print_hex_dump(m, level, p, len) + #endif /* CONFIG_IWLWIFI_DEBUG */ + diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c -index 031cd89..bdc8435 100644 +index 523ad55..f8c5dc5 100644 --- a/drivers/net/wireless/mac80211_hwsim.c +++ b/drivers/net/wireless/mac80211_hwsim.c -@@ -1670,9 +1670,11 @@ static int __init init_mac80211_hwsim(void) +@@ -1678,9 +1678,11 @@ static int __init init_mac80211_hwsim(void) return -EINVAL; if (fake_hw_scan) { @@ -35156,23 +33447,23 @@ index 031cd89..bdc8435 100644 spin_lock_init(&hwsim_radio_lock); diff --git a/drivers/net/wireless/mwifiex/main.h b/drivers/net/wireless/mwifiex/main.h -index 2215c3c..64e6a47 100644 +index 30f138b..c904585 100644 --- a/drivers/net/wireless/mwifiex/main.h +++ b/drivers/net/wireless/mwifiex/main.h -@@ -560,7 +560,7 @@ struct mwifiex_if_ops { - - void (*update_mp_end_port) (struct mwifiex_adapter *, u16); +@@ -543,7 +543,7 @@ struct mwifiex_if_ops { void (*cleanup_mpa_buf) (struct mwifiex_adapter *); + int (*cmdrsp_complete) (struct mwifiex_adapter *, struct sk_buff *); + int (*event_complete) (struct mwifiex_adapter *, struct sk_buff *); -}; +} __no_const; struct mwifiex_adapter { - struct mwifiex_private *priv[MWIFIEX_MAX_BSS_NUM]; + u8 iface_type; diff --git a/drivers/net/wireless/rndis_wlan.c b/drivers/net/wireless/rndis_wlan.c -index 29f9389..f6d2ce0 100644 +index 0c13840..a5c3ed6 100644 --- a/drivers/net/wireless/rndis_wlan.c +++ b/drivers/net/wireless/rndis_wlan.c -@@ -1277,7 +1277,7 @@ static int set_rts_threshold(struct usbnet *usbdev, u32 rts_threshold) +@@ -1275,7 +1275,7 @@ static int set_rts_threshold(struct usbnet *usbdev, u32 rts_threshold) netdev_dbg(usbdev->net, "%s(): %i\n", __func__, rts_threshold); @@ -35181,19 +33472,6 @@ index 29f9389..f6d2ce0 100644 rts_threshold = 2347; tmp = cpu_to_le32(rts_threshold); -diff --git a/drivers/net/wireless/rtlwifi/rtl8192c/phy_common.c b/drivers/net/wireless/rtlwifi/rtl8192c/phy_common.c -index 3b11642..d6bb049 100644 ---- a/drivers/net/wireless/rtlwifi/rtl8192c/phy_common.c -+++ b/drivers/net/wireless/rtlwifi/rtl8192c/phy_common.c -@@ -837,6 +837,8 @@ bool _rtl92c_phy_sw_chnl_step_by_step(struct ieee80211_hw *hw, - u8 rfpath; - u8 num_total_rfpath = rtlphy->num_total_rfpath; - -+ pax_track_stack(); -+ - precommoncmdcnt = 0; - _rtl92c_phy_set_sw_chnl_cmdarray(precommoncmd, precommoncmdcnt++, - MAX_PRECMD_CNT, diff --git a/drivers/net/wireless/wl1251/wl1251.h b/drivers/net/wireless/wl1251/wl1251.h index a77f1bb..c608b2b 100644 --- a/drivers/net/wireless/wl1251/wl1251.h @@ -35207,19 +33485,6 @@ index a77f1bb..c608b2b 100644 struct wl1251 { struct ieee80211_hw *hw; -diff --git a/drivers/net/wireless/wl12xx/spi.c b/drivers/net/wireless/wl12xx/spi.c -index e0b3736..4b466e6 100644 ---- a/drivers/net/wireless/wl12xx/spi.c -+++ b/drivers/net/wireless/wl12xx/spi.c -@@ -281,6 +281,8 @@ static void wl1271_spi_raw_write(struct wl1271 *wl, int addr, void *buf, - u32 chunk_len; - int i; - -+ pax_track_stack(); -+ - WARN_ON(len > WL1271_AGGR_BUFFER_SIZE); - - spi_message_init(&m); diff --git a/drivers/oprofile/buffer_sync.c b/drivers/oprofile/buffer_sync.c index f34b5b2..b5abb9f 100644 --- a/drivers/oprofile/buffer_sync.c @@ -35260,7 +33525,7 @@ index f34b5b2..b5abb9f 100644 } release_mm(mm); diff --git a/drivers/oprofile/event_buffer.c b/drivers/oprofile/event_buffer.c -index dd87e86..bc0148c 100644 +index c0cc4e7..44d4e54 100644 --- a/drivers/oprofile/event_buffer.c +++ b/drivers/oprofile/event_buffer.c @@ -53,7 +53,7 @@ void add_event_entry(unsigned long value) @@ -35328,7 +33593,7 @@ index 38b6fc0..b5cbfce 100644 extern struct oprofile_stat_struct oprofile_stats; diff --git a/drivers/oprofile/oprofilefs.c b/drivers/oprofile/oprofilefs.c -index 1c0b799..c11b2d2 100644 +index 2f0aa0f..90fab02 100644 --- a/drivers/oprofile/oprofilefs.c +++ b/drivers/oprofile/oprofilefs.c @@ -193,7 +193,7 @@ static const struct file_operations atomic_ro_fops = { @@ -35411,7 +33676,7 @@ index cbfbab1..6a9fced 100644 #define ASPM_STATE_ALL (ASPM_STATE_L0S | ASPM_STATE_L1) diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c -index 6ab6bd3..72bdc69 100644 +index 04e74f4..a960176 100644 --- a/drivers/pci/probe.c +++ b/drivers/pci/probe.c @@ -136,7 +136,7 @@ int __pci_read_base(struct pci_dev *dev, enum pci_bar_type type, @@ -35444,57 +33709,8 @@ index 27911b5..5b6db88 100644 proc_create("devices", 0, proc_bus_pci_dir, &proc_bus_pci_dev_operations); proc_initialized = 1; -diff --git a/drivers/pci/xen-pcifront.c b/drivers/pci/xen-pcifront.c -index 90832a9..419089a 100644 ---- a/drivers/pci/xen-pcifront.c -+++ b/drivers/pci/xen-pcifront.c -@@ -187,6 +187,8 @@ static int pcifront_bus_read(struct pci_bus *bus, unsigned int devfn, - struct pcifront_sd *sd = bus->sysdata; - struct pcifront_device *pdev = pcifront_get_pdev(sd); - -+ pax_track_stack(); -+ - if (verbose_request) - dev_info(&pdev->xdev->dev, - "read dev=%04x:%02x:%02x.%01x - offset %x size %d\n", -@@ -226,6 +228,8 @@ static int pcifront_bus_write(struct pci_bus *bus, unsigned int devfn, - struct pcifront_sd *sd = bus->sysdata; - struct pcifront_device *pdev = pcifront_get_pdev(sd); - -+ pax_track_stack(); -+ - if (verbose_request) - dev_info(&pdev->xdev->dev, - "write dev=%04x:%02x:%02x.%01x - " -@@ -258,6 +262,8 @@ static int pci_frontend_enable_msix(struct pci_dev *dev, - struct pcifront_device *pdev = pcifront_get_pdev(sd); - struct msi_desc *entry; - -+ pax_track_stack(); -+ - if (nvec > SH_INFO_MAX_VEC) { - dev_err(&dev->dev, "too much vector for pci frontend: %x." - " Increase SH_INFO_MAX_VEC.\n", nvec); -@@ -309,6 +315,8 @@ static void pci_frontend_disable_msix(struct pci_dev *dev) - struct pcifront_sd *sd = dev->bus->sysdata; - struct pcifront_device *pdev = pcifront_get_pdev(sd); - -+ pax_track_stack(); -+ - err = do_pci_op(pdev, &op); - - /* What should do for error ? */ -@@ -328,6 +336,8 @@ static int pci_frontend_enable_msi(struct pci_dev *dev, int vector[]) - struct pcifront_sd *sd = dev->bus->sysdata; - struct pcifront_device *pdev = pcifront_get_pdev(sd); - -+ pax_track_stack(); -+ - err = do_pci_op(pdev, &op); - if (likely(!err)) { - vector[0] = op.value; diff --git a/drivers/platform/x86/thinkpad_acpi.c b/drivers/platform/x86/thinkpad_acpi.c -index 7bd829f..a3237ad 100644 +index 7b82868..b9344c9 100644 --- a/drivers/platform/x86/thinkpad_acpi.c +++ b/drivers/platform/x86/thinkpad_acpi.c @@ -2094,7 +2094,7 @@ static int hotkey_mask_get(void) @@ -35738,10 +33954,10 @@ index 33f5d9a..d957d3f 100644 /* diff --git a/drivers/regulator/mc13892-regulator.c b/drivers/regulator/mc13892-regulator.c -index 3285d41..ab7c22a 100644 +index 023d17d..74ef35b 100644 --- a/drivers/regulator/mc13892-regulator.c +++ b/drivers/regulator/mc13892-regulator.c -@@ -564,10 +564,12 @@ static int __devinit mc13892_regulator_probe(struct platform_device *pdev) +@@ -565,10 +565,12 @@ static int __devinit mc13892_regulator_probe(struct platform_device *pdev) } mc13xxx_unlock(mc13892); @@ -35777,19 +33993,6 @@ index cace6d3..f623fda 100644 return rtc_set_time(rtc, &tm); case RTC_PIE_ON: -diff --git a/drivers/scsi/BusLogic.c b/drivers/scsi/BusLogic.c -index f66c33b..7ae5823 100644 ---- a/drivers/scsi/BusLogic.c -+++ b/drivers/scsi/BusLogic.c -@@ -962,6 +962,8 @@ static int __init BusLogic_InitializeFlashPointProbeInfo(struct BusLogic_HostAda - static void __init BusLogic_InitializeProbeInfoList(struct BusLogic_HostAdapter - *PrototypeHostAdapter) - { -+ pax_track_stack(); -+ - /* - If a PCI BIOS is present, interrogate it for MultiMaster and FlashPoint - Host Adapters; otherwise, default to the standard ISA MultiMaster probe. diff --git a/drivers/scsi/aacraid/aacraid.h b/drivers/scsi/aacraid/aacraid.h index ffb5878..e6d785c 100644 --- a/drivers/scsi/aacraid/aacraid.h @@ -35803,20 +34006,8 @@ index ffb5878..e6d785c 100644 /* * Define which interrupt handler needs to be installed -diff --git a/drivers/scsi/aacraid/commctrl.c b/drivers/scsi/aacraid/commctrl.c -index 8a0b330..b4286de 100644 ---- a/drivers/scsi/aacraid/commctrl.c -+++ b/drivers/scsi/aacraid/commctrl.c -@@ -482,6 +482,7 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg) - u32 actual_fibsize64, actual_fibsize = 0; - int i; - -+ pax_track_stack(); - - if (dev->in_reset) { - dprintk((KERN_DEBUG"aacraid: send raw srb -EBUSY\n")); diff --git a/drivers/scsi/aacraid/linit.c b/drivers/scsi/aacraid/linit.c -index c7b6fed..4db0569 100644 +index 705e13e..91c873c 100644 --- a/drivers/scsi/aacraid/linit.c +++ b/drivers/scsi/aacraid/linit.c @@ -93,7 +93,7 @@ static DECLARE_PCI_DEVICE_TABLE(aac_pci_tbl) = { @@ -35855,9 +34046,18 @@ index a796de9..1ef20e1 100644 struct bfa_faa_cbfn_s { diff --git a/drivers/scsi/bfa/bfa_fcpim.c b/drivers/scsi/bfa/bfa_fcpim.c -index e07bd47..dbd260a 100644 +index e07bd47..cd1bbbb 100644 --- a/drivers/scsi/bfa/bfa_fcpim.c +++ b/drivers/scsi/bfa/bfa_fcpim.c +@@ -4121,7 +4121,7 @@ bfa_fcp_attach(struct bfa_s *bfa, void *bfad, struct bfa_iocfc_cfg_s *cfg, + + bfa_iotag_attach(fcp); + +- fcp->itn_arr = (struct bfa_itn_s *) bfa_mem_kva_curp(fcp); ++ fcp->itn_arr = (bfa_itn_s_no_const *) bfa_mem_kva_curp(fcp); + bfa_mem_kva_curp(fcp) = (u8 *)fcp->itn_arr + + (fcp->num_itns * sizeof(struct bfa_itn_s)); + memset(fcp->itn_arr, 0, @@ -4179,7 +4179,7 @@ bfa_itn_create(struct bfa_s *bfa, struct bfa_rport_s *rport, void (*isr)(struct bfa_s *bfa, struct bfi_msg_s *m)) { @@ -35888,41 +34088,6 @@ index 1080bcb..a3b39e3 100644 int num_ioim_reqs; int num_fwtio_reqs; int num_itns; -diff --git a/drivers/scsi/bfa/bfa_fcs_lport.c b/drivers/scsi/bfa/bfa_fcs_lport.c -index d4f951f..197c350 100644 ---- a/drivers/scsi/bfa/bfa_fcs_lport.c -+++ b/drivers/scsi/bfa/bfa_fcs_lport.c -@@ -1700,6 +1700,8 @@ bfa_fcs_lport_fdmi_build_rhba_pyld(struct bfa_fcs_lport_fdmi_s *fdmi, u8 *pyld) - u16 len, count; - u16 templen; - -+ pax_track_stack(); -+ - /* - * get hba attributes - */ -@@ -1977,6 +1979,8 @@ bfa_fcs_lport_fdmi_build_portattr_block(struct bfa_fcs_lport_fdmi_s *fdmi, - u8 count = 0; - u16 templen; - -+ pax_track_stack(); -+ - /* - * get port attributes - */ -diff --git a/drivers/scsi/bfa/bfa_fcs_rport.c b/drivers/scsi/bfa/bfa_fcs_rport.c -index 52628d5..f89d033 100644 ---- a/drivers/scsi/bfa/bfa_fcs_rport.c -+++ b/drivers/scsi/bfa/bfa_fcs_rport.c -@@ -1871,6 +1871,8 @@ bfa_fcs_rport_process_rpsc(struct bfa_fcs_rport_s *rport, - struct fc_rpsc_speed_info_s speeds; - struct bfa_port_attr_s pport_attr; - -+ pax_track_stack(); -+ - bfa_trc(port->fcs, rx_fchs->s_id); - bfa_trc(port->fcs, rx_fchs->d_id); - diff --git a/drivers/scsi/bfa/bfa_ioc.h b/drivers/scsi/bfa/bfa_ioc.h index 546d46b..642fa5b 100644 --- a/drivers/scsi/bfa/bfa_ioc.h @@ -35945,131 +34110,6 @@ index 546d46b..642fa5b 100644 /* * Queue element to wait for room in request queue. FIFO order is -diff --git a/drivers/scsi/bfa/bfad.c b/drivers/scsi/bfa/bfad.c -index 66fb725..0fe05ab 100644 ---- a/drivers/scsi/bfa/bfad.c -+++ b/drivers/scsi/bfa/bfad.c -@@ -1019,6 +1019,8 @@ bfad_start_ops(struct bfad_s *bfad) { - struct bfad_vport_s *vport, *vport_new; - struct bfa_fcs_driver_info_s driver_info; - -+ pax_track_stack(); -+ - /* Limit min/max. xfer size to [64k-32MB] */ - if (max_xfer_size < BFAD_MIN_SECTORS >> 1) - max_xfer_size = BFAD_MIN_SECTORS >> 1; -diff --git a/drivers/scsi/dpt_i2o.c b/drivers/scsi/dpt_i2o.c -index b4f6c9a..0eb1938 100644 ---- a/drivers/scsi/dpt_i2o.c -+++ b/drivers/scsi/dpt_i2o.c -@@ -1811,6 +1811,8 @@ static int adpt_i2o_passthru(adpt_hba* pHba, u32 __user *arg) - dma_addr_t addr; - ulong flags = 0; - -+ pax_track_stack(); -+ - memset(&msg, 0, MAX_MESSAGE_SIZE*4); - // get user msg size in u32s - if(get_user(size, &user_msg[0])){ -@@ -2317,6 +2319,8 @@ static s32 adpt_scsi_to_i2o(adpt_hba* pHba, struct scsi_cmnd* cmd, struct adpt_d - s32 rcode; - dma_addr_t addr; - -+ pax_track_stack(); -+ - memset(msg, 0 , sizeof(msg)); - len = scsi_bufflen(cmd); - direction = 0x00000000; -diff --git a/drivers/scsi/eata.c b/drivers/scsi/eata.c -index 94de889..ca4f0cf 100644 ---- a/drivers/scsi/eata.c -+++ b/drivers/scsi/eata.c -@@ -1087,6 +1087,8 @@ static int port_detect(unsigned long port_base, unsigned int j, - struct hostdata *ha; - char name[16]; - -+ pax_track_stack(); -+ - sprintf(name, "%s%d", driver_name, j); - - if (!request_region(port_base, REGION_SIZE, driver_name)) { -diff --git a/drivers/scsi/fcoe/fcoe_ctlr.c b/drivers/scsi/fcoe/fcoe_ctlr.c -index c74c4b8..c41ca3f 100644 ---- a/drivers/scsi/fcoe/fcoe_ctlr.c -+++ b/drivers/scsi/fcoe/fcoe_ctlr.c -@@ -2503,6 +2503,8 @@ static int fcoe_ctlr_vn_recv(struct fcoe_ctlr *fip, struct sk_buff *skb) - } buf; - int rc; - -+ pax_track_stack(); -+ - fiph = (struct fip_header *)skb->data; - sub = fiph->fip_subcode; - -diff --git a/drivers/scsi/gdth.c b/drivers/scsi/gdth.c -index 3242bca..45a83e7 100644 ---- a/drivers/scsi/gdth.c -+++ b/drivers/scsi/gdth.c -@@ -4107,6 +4107,8 @@ static int ioc_lockdrv(void __user *arg) - unsigned long flags; - gdth_ha_str *ha; - -+ pax_track_stack(); -+ - if (copy_from_user(&ldrv, arg, sizeof(gdth_ioctl_lockdrv))) - return -EFAULT; - ha = gdth_find_ha(ldrv.ionode); -@@ -4139,6 +4141,8 @@ static int ioc_resetdrv(void __user *arg, char *cmnd) - gdth_ha_str *ha; - int rval; - -+ pax_track_stack(); -+ - if (copy_from_user(&res, arg, sizeof(gdth_ioctl_reset)) || - res.number >= MAX_HDRIVES) - return -EFAULT; -@@ -4174,6 +4178,8 @@ static int ioc_general(void __user *arg, char *cmnd) - gdth_ha_str *ha; - int rval; - -+ pax_track_stack(); -+ - if (copy_from_user(&gen, arg, sizeof(gdth_ioctl_general))) - return -EFAULT; - ha = gdth_find_ha(gen.ionode); -@@ -4642,6 +4648,9 @@ static void gdth_flush(gdth_ha_str *ha) - int i; - gdth_cmd_str gdtcmd; - char cmnd[MAX_COMMAND_SIZE]; -+ -+ pax_track_stack(); -+ - memset(cmnd, 0xff, MAX_COMMAND_SIZE); - - TRACE2(("gdth_flush() hanum %d\n", ha->hanum)); -diff --git a/drivers/scsi/gdth_proc.c b/drivers/scsi/gdth_proc.c -index 6527543..81e4fe2 100644 ---- a/drivers/scsi/gdth_proc.c -+++ b/drivers/scsi/gdth_proc.c -@@ -47,6 +47,9 @@ static int gdth_set_asc_info(struct Scsi_Host *host, char *buffer, - u64 paddr; - - char cmnd[MAX_COMMAND_SIZE]; -+ -+ pax_track_stack(); -+ - memset(cmnd, 0xff, 12); - memset(&gdtcmd, 0, sizeof(gdth_cmd_str)); - -@@ -175,6 +178,8 @@ static int gdth_get_info(char *buffer,char **start,off_t offset,int length, - gdth_hget_str *phg; - char cmnd[MAX_COMMAND_SIZE]; - -+ pax_track_stack(); -+ - gdtcmd = kmalloc(sizeof(*gdtcmd), GFP_KERNEL); - estr = kmalloc(sizeof(*estr), GFP_KERNEL); - if (!gdtcmd || !estr) diff --git a/drivers/scsi/hosts.c b/drivers/scsi/hosts.c index 351dc0b..951dc32 100644 --- a/drivers/scsi/hosts.c @@ -36093,10 +34133,10 @@ index 351dc0b..951dc32 100644 /* These three are default values which can be overridden */ diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c -index 418ce83..7ee1225 100644 +index 865d452..e9b7fa7 100644 --- a/drivers/scsi/hpsa.c +++ b/drivers/scsi/hpsa.c -@@ -499,7 +499,7 @@ static inline u32 next_command(struct ctlr_info *h) +@@ -505,7 +505,7 @@ static inline u32 next_command(struct ctlr_info *h) u32 a; if (unlikely(!(h->transMethod & CFGTBL_Trans_Performant))) @@ -36105,7 +34145,7 @@ index 418ce83..7ee1225 100644 if ((*(h->reply_pool_head) & 1) == (h->reply_pool_wraparound)) { a = *(h->reply_pool_head); /* Next cmd in ring buffer */ -@@ -2956,7 +2956,7 @@ static void start_io(struct ctlr_info *h) +@@ -2989,7 +2989,7 @@ static void start_io(struct ctlr_info *h) while (!list_empty(&h->reqQ)) { c = list_entry(h->reqQ.next, struct CommandList, list); /* can't do anything if fifo is full */ @@ -36114,7 +34154,7 @@ index 418ce83..7ee1225 100644 dev_warn(&h->pdev->dev, "fifo full\n"); break; } -@@ -2966,7 +2966,7 @@ static void start_io(struct ctlr_info *h) +@@ -2999,7 +2999,7 @@ static void start_io(struct ctlr_info *h) h->Qdepth--; /* Tell the controller execute command */ @@ -36123,7 +34163,7 @@ index 418ce83..7ee1225 100644 /* Put job onto the completed Q */ addQ(&h->cmpQ, c); -@@ -2975,17 +2975,17 @@ static void start_io(struct ctlr_info *h) +@@ -3008,17 +3008,17 @@ static void start_io(struct ctlr_info *h) static inline unsigned long get_next_completion(struct ctlr_info *h) { @@ -36144,7 +34184,7 @@ index 418ce83..7ee1225 100644 (h->interrupts_enabled == 0); } -@@ -3882,7 +3882,7 @@ static int __devinit hpsa_pci_init(struct ctlr_info *h) +@@ -3917,7 +3917,7 @@ static int __devinit hpsa_pci_init(struct ctlr_info *h) if (prod_index < 0) return -ENODEV; h->product_name = products[prod_index].product_name; @@ -36153,7 +34193,16 @@ index 418ce83..7ee1225 100644 if (hpsa_board_disabled(h->pdev)) { dev_warn(&h->pdev->dev, "controller appears to be disabled\n"); -@@ -4163,7 +4163,7 @@ reinit_after_soft_reset: +@@ -4162,7 +4162,7 @@ static void controller_lockup_detected(struct ctlr_info *h) + + assert_spin_locked(&lockup_detector_lock); + remove_ctlr_from_lockup_detector_list(h); +- h->access.set_intr_mask(h, HPSA_INTR_OFF); ++ h->access->set_intr_mask(h, HPSA_INTR_OFF); + spin_lock_irqsave(&h->lock, flags); + h->lockup_detected = readl(h->vaddr + SA5_SCRATCHPAD_OFFSET); + spin_unlock_irqrestore(&h->lock, flags); +@@ -4340,7 +4340,7 @@ reinit_after_soft_reset: } /* make sure the board interrupts are off */ @@ -36162,7 +34211,7 @@ index 418ce83..7ee1225 100644 if (hpsa_request_irq(h, do_hpsa_intr_msi, do_hpsa_intr_intx)) goto clean2; -@@ -4197,7 +4197,7 @@ reinit_after_soft_reset: +@@ -4374,7 +4374,7 @@ reinit_after_soft_reset: * fake ones to scoop up any residual completions. */ spin_lock_irqsave(&h->lock, flags); @@ -36171,7 +34220,7 @@ index 418ce83..7ee1225 100644 spin_unlock_irqrestore(&h->lock, flags); free_irq(h->intr[h->intr_mode], h); rc = hpsa_request_irq(h, hpsa_msix_discard_completions, -@@ -4216,9 +4216,9 @@ reinit_after_soft_reset: +@@ -4393,9 +4393,9 @@ reinit_after_soft_reset: dev_info(&h->pdev->dev, "Board READY.\n"); dev_info(&h->pdev->dev, "Waiting for stale completions to drain.\n"); @@ -36183,7 +34232,7 @@ index 418ce83..7ee1225 100644 rc = controller_reset_failed(h->cfgtable); if (rc) -@@ -4239,7 +4239,7 @@ reinit_after_soft_reset: +@@ -4416,7 +4416,7 @@ reinit_after_soft_reset: } /* Turn the interrupts on so we can service requests */ @@ -36192,7 +34241,7 @@ index 418ce83..7ee1225 100644 hpsa_hba_inquiry(h); hpsa_register_scsi(h); /* hook ourselves into SCSI subsystem */ -@@ -4292,7 +4292,7 @@ static void hpsa_shutdown(struct pci_dev *pdev) +@@ -4468,7 +4468,7 @@ static void hpsa_shutdown(struct pci_dev *pdev) * To write all data in the battery backed cache to disks */ hpsa_flush_cache(h); @@ -36201,7 +34250,7 @@ index 418ce83..7ee1225 100644 free_irq(h->intr[h->intr_mode], h); #ifdef CONFIG_PCI_MSI if (h->msix_vector) -@@ -4455,7 +4455,7 @@ static __devinit void hpsa_enter_performant_mode(struct ctlr_info *h, +@@ -4632,7 +4632,7 @@ static __devinit void hpsa_enter_performant_mode(struct ctlr_info *h, return; } /* Change the access methods to the performant access methods */ @@ -36211,7 +34260,7 @@ index 418ce83..7ee1225 100644 } diff --git a/drivers/scsi/hpsa.h b/drivers/scsi/hpsa.h -index 7f53cea..a8c7188 100644 +index 91edafb..a9b88ec 100644 --- a/drivers/scsi/hpsa.h +++ b/drivers/scsi/hpsa.h @@ -73,7 +73,7 @@ struct ctlr_info { @@ -36237,7 +34286,7 @@ index f2df059..a3a9930 100644 typedef struct ips_ha { uint8_t ha_id[IPS_MAX_CHANNELS+1]; diff --git a/drivers/scsi/libfc/fc_exch.c b/drivers/scsi/libfc/fc_exch.c -index d261e98..1e00f35 100644 +index 9de9db2..1e09660 100644 --- a/drivers/scsi/libfc/fc_exch.c +++ b/drivers/scsi/libfc/fc_exch.c @@ -105,12 +105,12 @@ struct fc_exch_mgr { @@ -36259,7 +34308,7 @@ index d261e98..1e00f35 100644 } stats; }; -@@ -718,7 +718,7 @@ static struct fc_exch *fc_exch_em_alloc(struct fc_lport *lport, +@@ -719,7 +719,7 @@ static struct fc_exch *fc_exch_em_alloc(struct fc_lport *lport, /* allocate memory for exchange */ ep = mempool_alloc(mp->ep_pool, GFP_ATOMIC); if (!ep) { @@ -36268,7 +34317,7 @@ index d261e98..1e00f35 100644 goto out; } memset(ep, 0, sizeof(*ep)); -@@ -779,7 +779,7 @@ out: +@@ -780,7 +780,7 @@ out: return ep; err: spin_unlock_bh(&pool->lock); @@ -36277,7 +34326,7 @@ index d261e98..1e00f35 100644 mempool_free(ep, mp->ep_pool); return NULL; } -@@ -922,7 +922,7 @@ static enum fc_pf_rjt_reason fc_seq_lookup_recip(struct fc_lport *lport, +@@ -923,7 +923,7 @@ static enum fc_pf_rjt_reason fc_seq_lookup_recip(struct fc_lport *lport, xid = ntohs(fh->fh_ox_id); /* we originated exch */ ep = fc_exch_find(mp, xid); if (!ep) { @@ -36286,7 +34335,7 @@ index d261e98..1e00f35 100644 reject = FC_RJT_OX_ID; goto out; } -@@ -952,7 +952,7 @@ static enum fc_pf_rjt_reason fc_seq_lookup_recip(struct fc_lport *lport, +@@ -953,7 +953,7 @@ static enum fc_pf_rjt_reason fc_seq_lookup_recip(struct fc_lport *lport, ep = fc_exch_find(mp, xid); if ((f_ctl & FC_FC_FIRST_SEQ) && fc_sof_is_init(fr_sof(fp))) { if (ep) { @@ -36295,7 +34344,7 @@ index d261e98..1e00f35 100644 reject = FC_RJT_RX_ID; goto rel; } -@@ -963,7 +963,7 @@ static enum fc_pf_rjt_reason fc_seq_lookup_recip(struct fc_lport *lport, +@@ -964,7 +964,7 @@ static enum fc_pf_rjt_reason fc_seq_lookup_recip(struct fc_lport *lport, } xid = ep->xid; /* get our XID */ } else if (!ep) { @@ -36304,7 +34353,7 @@ index d261e98..1e00f35 100644 reject = FC_RJT_RX_ID; /* XID not found */ goto out; } -@@ -980,7 +980,7 @@ static enum fc_pf_rjt_reason fc_seq_lookup_recip(struct fc_lport *lport, +@@ -981,7 +981,7 @@ static enum fc_pf_rjt_reason fc_seq_lookup_recip(struct fc_lport *lport, } else { sp = &ep->seq; if (sp->id != fh->fh_seq_id) { @@ -36313,7 +34362,7 @@ index d261e98..1e00f35 100644 if (f_ctl & FC_FC_END_SEQ) { /* * Update sequence_id based on incoming last -@@ -1430,22 +1430,22 @@ static void fc_exch_recv_seq_resp(struct fc_exch_mgr *mp, struct fc_frame *fp) +@@ -1431,22 +1431,22 @@ static void fc_exch_recv_seq_resp(struct fc_exch_mgr *mp, struct fc_frame *fp) ep = fc_exch_find(mp, ntohs(fh->fh_ox_id)); if (!ep) { @@ -36340,7 +34389,7 @@ index d261e98..1e00f35 100644 goto rel; } sof = fr_sof(fp); -@@ -1454,7 +1454,7 @@ static void fc_exch_recv_seq_resp(struct fc_exch_mgr *mp, struct fc_frame *fp) +@@ -1455,7 +1455,7 @@ static void fc_exch_recv_seq_resp(struct fc_exch_mgr *mp, struct fc_frame *fp) sp->ssb_stat |= SSB_ST_RESP; sp->id = fh->fh_seq_id; } else if (sp->id != fh->fh_seq_id) { @@ -36349,7 +34398,7 @@ index d261e98..1e00f35 100644 goto rel; } -@@ -1518,9 +1518,9 @@ static void fc_exch_recv_resp(struct fc_exch_mgr *mp, struct fc_frame *fp) +@@ -1519,9 +1519,9 @@ static void fc_exch_recv_resp(struct fc_exch_mgr *mp, struct fc_frame *fp) sp = fc_seq_lookup_orig(mp, fp); /* doesn't hold sequence */ if (!sp) @@ -36375,7 +34424,7 @@ index db9238f..4378ed2 100644 .qc_issue = sas_ata_qc_issue, .qc_fill_rtf = sas_ata_qc_fill_rtf, diff --git a/drivers/scsi/lpfc/lpfc.h b/drivers/scsi/lpfc/lpfc.h -index c088a36..01c73b0 100644 +index bb4c8e0..f33d849 100644 --- a/drivers/scsi/lpfc/lpfc.h +++ b/drivers/scsi/lpfc/lpfc.h @@ -425,7 +425,7 @@ struct lpfc_vport { @@ -36398,8 +34447,8 @@ index c088a36..01c73b0 100644 unsigned long last_rsrc_error_time; unsigned long last_ramp_down_time; unsigned long last_ramp_up_time; -@@ -850,7 +850,7 @@ struct lpfc_hba { - struct dentry *debug_dumpDif; /* BlockGuard BPL*/ +@@ -866,7 +866,7 @@ struct lpfc_hba { + struct dentry *debug_slow_ring_trc; struct lpfc_debugfs_trc *slow_ring_trc; - atomic_t slow_ring_trc_cnt; @@ -36408,10 +34457,10 @@ index c088a36..01c73b0 100644 struct dentry *idiag_root; struct dentry *idiag_pci_cfg; diff --git a/drivers/scsi/lpfc/lpfc_debugfs.c b/drivers/scsi/lpfc/lpfc_debugfs.c -index a0424dd..2499b6b 100644 +index 2838259..a07cfb5 100644 --- a/drivers/scsi/lpfc/lpfc_debugfs.c +++ b/drivers/scsi/lpfc/lpfc_debugfs.c -@@ -105,7 +105,7 @@ MODULE_PARM_DESC(lpfc_debugfs_mask_disc_trc, +@@ -106,7 +106,7 @@ MODULE_PARM_DESC(lpfc_debugfs_mask_disc_trc, #include <linux/debugfs.h> @@ -36420,7 +34469,7 @@ index a0424dd..2499b6b 100644 static unsigned long lpfc_debugfs_start_time = 0L; /* iDiag */ -@@ -146,7 +146,7 @@ lpfc_debugfs_disc_trc_data(struct lpfc_vport *vport, char *buf, int size) +@@ -147,7 +147,7 @@ lpfc_debugfs_disc_trc_data(struct lpfc_vport *vport, char *buf, int size) lpfc_debugfs_enable = 0; len = 0; @@ -36429,7 +34478,7 @@ index a0424dd..2499b6b 100644 (lpfc_debugfs_max_disc_trc - 1); for (i = index; i < lpfc_debugfs_max_disc_trc; i++) { dtp = vport->disc_trc + i; -@@ -212,7 +212,7 @@ lpfc_debugfs_slow_ring_trc_data(struct lpfc_hba *phba, char *buf, int size) +@@ -213,7 +213,7 @@ lpfc_debugfs_slow_ring_trc_data(struct lpfc_hba *phba, char *buf, int size) lpfc_debugfs_enable = 0; len = 0; @@ -36438,7 +34487,7 @@ index a0424dd..2499b6b 100644 (lpfc_debugfs_max_slow_ring_trc - 1); for (i = index; i < lpfc_debugfs_max_slow_ring_trc; i++) { dtp = phba->slow_ring_trc + i; -@@ -635,14 +635,14 @@ lpfc_debugfs_disc_trc(struct lpfc_vport *vport, int mask, char *fmt, +@@ -636,14 +636,14 @@ lpfc_debugfs_disc_trc(struct lpfc_vport *vport, int mask, char *fmt, !vport || !vport->disc_trc) return; @@ -36455,7 +34504,7 @@ index a0424dd..2499b6b 100644 dtp->jif = jiffies; #endif return; -@@ -673,14 +673,14 @@ lpfc_debugfs_slow_ring_trc(struct lpfc_hba *phba, char *fmt, +@@ -674,14 +674,14 @@ lpfc_debugfs_slow_ring_trc(struct lpfc_hba *phba, char *fmt, !phba || !phba->slow_ring_trc) return; @@ -36472,7 +34521,7 @@ index a0424dd..2499b6b 100644 dtp->jif = jiffies; #endif return; -@@ -3828,7 +3828,7 @@ lpfc_debugfs_initialize(struct lpfc_vport *vport) +@@ -3986,7 +3986,7 @@ lpfc_debugfs_initialize(struct lpfc_vport *vport) "slow_ring buffer\n"); goto debug_failed; } @@ -36481,7 +34530,7 @@ index a0424dd..2499b6b 100644 memset(phba->slow_ring_trc, 0, (sizeof(struct lpfc_debugfs_trc) * lpfc_debugfs_max_slow_ring_trc)); -@@ -3874,7 +3874,7 @@ lpfc_debugfs_initialize(struct lpfc_vport *vport) +@@ -4032,7 +4032,7 @@ lpfc_debugfs_initialize(struct lpfc_vport *vport) "buffer\n"); goto debug_failed; } @@ -36491,10 +34540,10 @@ index a0424dd..2499b6b 100644 snprintf(name, sizeof(name), "discovery_trace"); vport->debug_disc_trc = diff --git a/drivers/scsi/lpfc/lpfc_init.c b/drivers/scsi/lpfc/lpfc_init.c -index a3c8200..31e562e 100644 +index 55bc4fc..a2a109c 100644 --- a/drivers/scsi/lpfc/lpfc_init.c +++ b/drivers/scsi/lpfc/lpfc_init.c -@@ -9969,8 +9969,10 @@ lpfc_init(void) +@@ -10027,8 +10027,10 @@ lpfc_init(void) printk(LPFC_COPYRIGHT "\n"); if (lpfc_enable_npiv) { @@ -36508,10 +34557,10 @@ index a3c8200..31e562e 100644 lpfc_transport_template = fc_attach_transport(&lpfc_transport_functions); diff --git a/drivers/scsi/lpfc/lpfc_scsi.c b/drivers/scsi/lpfc/lpfc_scsi.c -index eadd241..26c8e0f 100644 +index 2e1e54e..1af0a0d 100644 --- a/drivers/scsi/lpfc/lpfc_scsi.c +++ b/drivers/scsi/lpfc/lpfc_scsi.c -@@ -297,7 +297,7 @@ lpfc_rampdown_queue_depth(struct lpfc_hba *phba) +@@ -305,7 +305,7 @@ lpfc_rampdown_queue_depth(struct lpfc_hba *phba) uint32_t evt_posted; spin_lock_irqsave(&phba->hbalock, flags); @@ -36520,7 +34569,7 @@ index eadd241..26c8e0f 100644 phba->last_rsrc_error_time = jiffies; if ((phba->last_ramp_down_time + QUEUE_RAMP_DOWN_INTERVAL) > jiffies) { -@@ -338,7 +338,7 @@ lpfc_rampup_queue_depth(struct lpfc_vport *vport, +@@ -346,7 +346,7 @@ lpfc_rampup_queue_depth(struct lpfc_vport *vport, unsigned long flags; struct lpfc_hba *phba = vport->phba; uint32_t evt_posted; @@ -36529,7 +34578,7 @@ index eadd241..26c8e0f 100644 if (vport->cfg_lun_queue_depth <= queue_depth) return; -@@ -382,8 +382,8 @@ lpfc_ramp_down_queue_handler(struct lpfc_hba *phba) +@@ -390,8 +390,8 @@ lpfc_ramp_down_queue_handler(struct lpfc_hba *phba) unsigned long num_rsrc_err, num_cmd_success; int i; @@ -36540,7 +34589,7 @@ index eadd241..26c8e0f 100644 vports = lpfc_create_vport_work_array(phba); if (vports != NULL) -@@ -403,8 +403,8 @@ lpfc_ramp_down_queue_handler(struct lpfc_hba *phba) +@@ -411,8 +411,8 @@ lpfc_ramp_down_queue_handler(struct lpfc_hba *phba) } } lpfc_destroy_vport_work_array(phba, vports); @@ -36551,7 +34600,7 @@ index eadd241..26c8e0f 100644 } /** -@@ -438,8 +438,8 @@ lpfc_ramp_up_queue_handler(struct lpfc_hba *phba) +@@ -446,8 +446,8 @@ lpfc_ramp_up_queue_handler(struct lpfc_hba *phba) } } lpfc_destroy_vport_work_array(phba, vports); @@ -36562,37 +34611,11 @@ index eadd241..26c8e0f 100644 } /** -diff --git a/drivers/scsi/megaraid/megaraid_mbox.c b/drivers/scsi/megaraid/megaraid_mbox.c -index 2e6619e..fa64494 100644 ---- a/drivers/scsi/megaraid/megaraid_mbox.c -+++ b/drivers/scsi/megaraid/megaraid_mbox.c -@@ -3503,6 +3503,8 @@ megaraid_cmm_register(adapter_t *adapter) - int rval; - int i; - -+ pax_track_stack(); -+ - // Allocate memory for the base list of scb for management module. - adapter->uscb_list = kcalloc(MBOX_MAX_USER_CMDS, sizeof(scb_t), GFP_KERNEL); - -diff --git a/drivers/scsi/osd/osd_initiator.c b/drivers/scsi/osd/osd_initiator.c -index 86afb13f..c912398 100644 ---- a/drivers/scsi/osd/osd_initiator.c -+++ b/drivers/scsi/osd/osd_initiator.c -@@ -97,6 +97,8 @@ static int _osd_get_print_system_info(struct osd_dev *od, - int nelem = ARRAY_SIZE(get_attrs), a = 0; - int ret; - -+ pax_track_stack(); -+ - or = osd_start_request(od, GFP_KERNEL); - if (!or) - return -ENOMEM; diff --git a/drivers/scsi/pmcraid.c b/drivers/scsi/pmcraid.c -index d079f9a..d26072c 100644 +index 5163edb..7b142bc 100644 --- a/drivers/scsi/pmcraid.c +++ b/drivers/scsi/pmcraid.c -@@ -201,8 +201,8 @@ static int pmcraid_slave_alloc(struct scsi_device *scsi_dev) +@@ -200,8 +200,8 @@ static int pmcraid_slave_alloc(struct scsi_device *scsi_dev) res->scsi_dev = scsi_dev; scsi_dev->hostdata = res; res->change_detected = 0; @@ -36603,7 +34626,7 @@ index d079f9a..d26072c 100644 rc = 0; } spin_unlock_irqrestore(&pinstance->resource_lock, lock_flags); -@@ -2677,9 +2677,9 @@ static int pmcraid_error_handler(struct pmcraid_cmd *cmd) +@@ -2676,9 +2676,9 @@ static int pmcraid_error_handler(struct pmcraid_cmd *cmd) /* If this was a SCSI read/write command keep count of errors */ if (SCSI_CMD_TYPE(scsi_cmd->cmnd[0]) == SCSI_READ_CMD) @@ -36615,7 +34638,7 @@ index d079f9a..d26072c 100644 if (!RES_IS_GSCSI(res->cfg_entry) && masked_ioasc != PMCRAID_IOASC_HW_DEVICE_BUS_STATUS_ERROR) { -@@ -3535,7 +3535,7 @@ static int pmcraid_queuecommand_lck( +@@ -3534,7 +3534,7 @@ static int pmcraid_queuecommand_lck( * block of scsi_cmd which is re-used (e.g. cancel/abort), which uses * hrrq_id assigned here in queuecommand */ @@ -36624,7 +34647,7 @@ index d079f9a..d26072c 100644 pinstance->num_hrrq; cmd->cmd_done = pmcraid_io_done; -@@ -3860,7 +3860,7 @@ static long pmcraid_ioctl_passthrough( +@@ -3859,7 +3859,7 @@ static long pmcraid_ioctl_passthrough( * block of scsi_cmd which is re-used (e.g. cancel/abort), which uses * hrrq_id assigned here in queuecommand */ @@ -36633,7 +34656,7 @@ index d079f9a..d26072c 100644 pinstance->num_hrrq; if (request_size) { -@@ -4498,7 +4498,7 @@ static void pmcraid_worker_function(struct work_struct *workp) +@@ -4497,7 +4497,7 @@ static void pmcraid_worker_function(struct work_struct *workp) pinstance = container_of(workp, struct pmcraid_instance, worker_q); /* add resources only after host is added into system */ @@ -36642,7 +34665,7 @@ index d079f9a..d26072c 100644 return; fw_version = be16_to_cpu(pinstance->inq_data->fw_version); -@@ -5332,8 +5332,8 @@ static int __devinit pmcraid_init_instance( +@@ -5331,8 +5331,8 @@ static int __devinit pmcraid_init_instance( init_waitqueue_head(&pinstance->reset_wait_q); atomic_set(&pinstance->outstanding_cmds, 0); @@ -36653,7 +34676,7 @@ index d079f9a..d26072c 100644 INIT_LIST_HEAD(&pinstance->free_res_q); INIT_LIST_HEAD(&pinstance->used_res_q); -@@ -6048,7 +6048,7 @@ static int __devinit pmcraid_probe( +@@ -6047,7 +6047,7 @@ static int __devinit pmcraid_probe( /* Schedule worker thread to handle CCN and take care of adding and * removing devices to OS */ @@ -36663,10 +34686,10 @@ index d079f9a..d26072c 100644 return rc; diff --git a/drivers/scsi/pmcraid.h b/drivers/scsi/pmcraid.h -index f920baf..4417389 100644 +index ca496c7..9c791d5 100644 --- a/drivers/scsi/pmcraid.h +++ b/drivers/scsi/pmcraid.h -@@ -749,7 +749,7 @@ struct pmcraid_instance { +@@ -748,7 +748,7 @@ struct pmcraid_instance { struct pmcraid_isr_param hrrq_vector[PMCRAID_NUM_MSIX_VECTORS]; /* Message id as filled in last fired IOARCB, used to identify HRRQ */ @@ -36675,7 +34698,7 @@ index f920baf..4417389 100644 /* configuration table */ struct pmcraid_config_table *cfg_table; -@@ -778,7 +778,7 @@ struct pmcraid_instance { +@@ -777,7 +777,7 @@ struct pmcraid_instance { atomic_t outstanding_cmds; /* should add/delete resources to mid-layer now ?*/ @@ -36684,7 +34707,7 @@ index f920baf..4417389 100644 -@@ -814,8 +814,8 @@ struct pmcraid_resource_entry { +@@ -813,8 +813,8 @@ struct pmcraid_resource_entry { struct pmcraid_config_table_entry_ext cfg_entry_ext; }; struct scsi_device *scsi_dev; /* Link scsi_device structure */ @@ -36696,7 +34719,7 @@ index f920baf..4417389 100644 /* To indicate add/delete/modify during CCN */ u8 change_detected; diff --git a/drivers/scsi/qla2xxx/qla_def.h b/drivers/scsi/qla2xxx/qla_def.h -index a03eaf4..a6b3fd9 100644 +index fcf052c..a8025a4 100644 --- a/drivers/scsi/qla2xxx/qla_def.h +++ b/drivers/scsi/qla2xxx/qla_def.h @@ -2244,7 +2244,7 @@ struct isp_operations { @@ -36709,60 +34732,46 @@ index a03eaf4..a6b3fd9 100644 /* MSI-X Support *************************************************************/ diff --git a/drivers/scsi/qla4xxx/ql4_def.h b/drivers/scsi/qla4xxx/ql4_def.h -index 473c5c8..4e2f24a 100644 +index fd5edc6..4906148 100644 --- a/drivers/scsi/qla4xxx/ql4_def.h +++ b/drivers/scsi/qla4xxx/ql4_def.h -@@ -256,7 +256,7 @@ struct ddb_entry { - atomic_t retry_relogin_timer; /* Min Time between relogins - * (4000 only) */ - atomic_t relogin_timer; /* Max Time to wait for relogin to complete */ -- atomic_t relogin_retry_count; /* Num of times relogin has been -+ atomic_unchecked_t relogin_retry_count; /* Num of times relogin has been - * retried */ - - uint16_t port; -diff --git a/drivers/scsi/qla4xxx/ql4_init.c b/drivers/scsi/qla4xxx/ql4_init.c -index 42ed5db..0262f9e 100644 ---- a/drivers/scsi/qla4xxx/ql4_init.c -+++ b/drivers/scsi/qla4xxx/ql4_init.c -@@ -680,7 +680,7 @@ static struct ddb_entry * qla4xxx_alloc_ddb(struct scsi_qla_host *ha, - ddb_entry->fw_ddb_index = fw_ddb_index; +@@ -258,7 +258,7 @@ struct ddb_entry { + * (4000 only) */ + atomic_t relogin_timer; /* Max Time to wait for + * relogin to complete */ +- atomic_t relogin_retry_count; /* Num of times relogin has been ++ atomic_unchecked_t relogin_retry_count; /* Num of times relogin has been + * retried */ + uint32_t default_time2wait; /* Default Min time between + * relogins (+aens) */ +diff --git a/drivers/scsi/qla4xxx/ql4_os.c b/drivers/scsi/qla4xxx/ql4_os.c +index 4169c8b..a8b896b 100644 +--- a/drivers/scsi/qla4xxx/ql4_os.c ++++ b/drivers/scsi/qla4xxx/ql4_os.c +@@ -2104,12 +2104,12 @@ void qla4xxx_check_relogin_flash_ddb(struct iscsi_cls_session *cls_sess) + */ + if (!iscsi_is_session_online(cls_sess)) { + /* Reset retry relogin timer */ +- atomic_inc(&ddb_entry->relogin_retry_count); ++ atomic_inc_unchecked(&ddb_entry->relogin_retry_count); + DEBUG2(ql4_printk(KERN_INFO, ha, + "%s: index[%d] relogin timed out-retrying" + " relogin (%d), retry (%d)\n", __func__, + ddb_entry->fw_ddb_index, +- atomic_read(&ddb_entry->relogin_retry_count), ++ atomic_read_unchecked(&ddb_entry->relogin_retry_count), + ddb_entry->default_time2wait + 4)); + set_bit(DPC_RELOGIN_DEVICE, &ha->dpc_flags); + atomic_set(&ddb_entry->retry_relogin_timer, +@@ -3835,7 +3835,7 @@ static void qla4xxx_setup_flash_ddb_entry(struct scsi_qla_host *ha, + atomic_set(&ddb_entry->retry_relogin_timer, INVALID_ENTRY); atomic_set(&ddb_entry->relogin_timer, 0); - atomic_set(&ddb_entry->relogin_retry_count, 0); + atomic_set_unchecked(&ddb_entry->relogin_retry_count, 0); - atomic_set(&ddb_entry->state, DDB_STATE_ONLINE); - list_add_tail(&ddb_entry->list, &ha->ddb_list); - ha->fw_ddb_index_map[fw_ddb_index] = ddb_entry; -@@ -1433,7 +1433,7 @@ int qla4xxx_process_ddb_changed(struct scsi_qla_host *ha, uint32_t fw_ddb_index, - if ((ddb_entry->fw_ddb_device_state == DDB_DS_SESSION_ACTIVE) && - (atomic_read(&ddb_entry->state) != DDB_STATE_ONLINE)) { - atomic_set(&ddb_entry->state, DDB_STATE_ONLINE); -- atomic_set(&ddb_entry->relogin_retry_count, 0); -+ atomic_set_unchecked(&ddb_entry->relogin_retry_count, 0); - atomic_set(&ddb_entry->relogin_timer, 0); - clear_bit(DF_RELOGIN, &ddb_entry->flags); - iscsi_unblock_session(ddb_entry->sess); -diff --git a/drivers/scsi/qla4xxx/ql4_os.c b/drivers/scsi/qla4xxx/ql4_os.c -index f2364ec..44c42b1 100644 ---- a/drivers/scsi/qla4xxx/ql4_os.c -+++ b/drivers/scsi/qla4xxx/ql4_os.c -@@ -811,13 +811,13 @@ static void qla4xxx_timer(struct scsi_qla_host *ha) - ddb_entry->fw_ddb_device_state == - DDB_DS_SESSION_FAILED) { - /* Reset retry relogin timer */ -- atomic_inc(&ddb_entry->relogin_retry_count); -+ atomic_inc_unchecked(&ddb_entry->relogin_retry_count); - DEBUG2(printk("scsi%ld: ddb [%d] relogin" - " timed out-retrying" - " relogin (%d)\n", - ha->host_no, - ddb_entry->fw_ddb_index, -- atomic_read(&ddb_entry-> -+ atomic_read_unchecked(&ddb_entry-> - relogin_retry_count)) - ); - start_dpc++; + + ddb_entry->default_relogin_timeout = + le16_to_cpu(ddb_entry->fw_ddb_entry.def_timeout); diff --git a/drivers/scsi/scsi.c b/drivers/scsi/scsi.c index 2aeb2e9..46e3925 100644 --- a/drivers/scsi/scsi.c @@ -36776,33 +34785,11 @@ index 2aeb2e9..46e3925 100644 /* check if the device is still usable */ if (unlikely(cmd->device->sdev_state == SDEV_DEL)) { -diff --git a/drivers/scsi/scsi_debug.c b/drivers/scsi/scsi_debug.c -index 6888b2c..45befa1 100644 ---- a/drivers/scsi/scsi_debug.c -+++ b/drivers/scsi/scsi_debug.c -@@ -1493,6 +1493,8 @@ static int resp_mode_select(struct scsi_cmnd * scp, int mselect6, - unsigned char arr[SDEBUG_MAX_MSELECT_SZ]; - unsigned char *cmd = (unsigned char *)scp->cmnd; - -+ pax_track_stack(); -+ - if ((errsts = check_readiness(scp, 1, devip))) - return errsts; - memset(arr, 0, sizeof(arr)); -@@ -1590,6 +1592,8 @@ static int resp_log_sense(struct scsi_cmnd * scp, - unsigned char arr[SDEBUG_MAX_LSENSE_SZ]; - unsigned char *cmd = (unsigned char *)scp->cmnd; - -+ pax_track_stack(); -+ - if ((errsts = check_readiness(scp, 1, devip))) - return errsts; - memset(arr, 0, sizeof(arr)); diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c -index 6d219e4..eb3ded3 100644 +index f85cfa6..a57c9e8 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c -@@ -1415,7 +1415,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q) +@@ -1416,7 +1416,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q) shost = sdev->host; scsi_init_cmd_errh(cmd); cmd->result = DID_NO_CONNECT << 16; @@ -36811,7 +34798,7 @@ index 6d219e4..eb3ded3 100644 /* * SCSI request completion path will do scsi_device_unbusy(), -@@ -1441,9 +1441,9 @@ static void scsi_softirq_done(struct request *rq) +@@ -1442,9 +1442,9 @@ static void scsi_softirq_done(struct request *rq) INIT_LIST_HEAD(&cmd->eh_entry); @@ -36824,10 +34811,10 @@ index 6d219e4..eb3ded3 100644 disposition = scsi_decide_disposition(cmd); if (disposition != SUCCESS && diff --git a/drivers/scsi/scsi_sysfs.c b/drivers/scsi/scsi_sysfs.c -index e0bd3f7..816b8a6 100644 +index 04c2a27..9d8bd66 100644 --- a/drivers/scsi/scsi_sysfs.c +++ b/drivers/scsi/scsi_sysfs.c -@@ -622,7 +622,7 @@ show_iostat_##field(struct device *dev, struct device_attribute *attr, \ +@@ -660,7 +660,7 @@ show_iostat_##field(struct device *dev, struct device_attribute *attr, \ char *buf) \ { \ struct scsi_device *sdev = to_scsi_device(dev); \ @@ -36890,28 +34877,28 @@ index 1b21491..1b7f60e 100644 /* * Check for overflow; dev_loss_tmo is u32 diff --git a/drivers/scsi/scsi_transport_iscsi.c b/drivers/scsi/scsi_transport_iscsi.c -index 3fd16d7..ba0871f 100644 +index 96029e6..4d77fa0 100644 --- a/drivers/scsi/scsi_transport_iscsi.c +++ b/drivers/scsi/scsi_transport_iscsi.c -@@ -83,7 +83,7 @@ struct iscsi_internal { - struct device_attribute *session_attrs[ISCSI_SESSION_ATTRS + 1]; +@@ -79,7 +79,7 @@ struct iscsi_internal { + struct transport_container session_cont; }; -static atomic_t iscsi_session_nr; /* sysfs session id for next new session */ +static atomic_unchecked_t iscsi_session_nr; /* sysfs session id for next new session */ static struct workqueue_struct *iscsi_eh_timer_workq; - /* -@@ -761,7 +761,7 @@ int iscsi_add_session(struct iscsi_cls_session *session, unsigned int target_id) + static DEFINE_IDA(iscsi_sess_ida); +@@ -1062,7 +1062,7 @@ int iscsi_add_session(struct iscsi_cls_session *session, unsigned int target_id) int err; ihost = shost->shost_data; - session->sid = atomic_add_return(1, &iscsi_session_nr); + session->sid = atomic_add_return_unchecked(1, &iscsi_session_nr); - if (id == ISCSI_MAX_TARGET) { - for (id = 0; id < ISCSI_MAX_TARGET; id++) { -@@ -2200,7 +2200,7 @@ static __init int iscsi_transport_init(void) + if (target_id == ISCSI_MAX_TARGET) { + id = ida_simple_get(&iscsi_sess_ida, 0, 0, GFP_KERNEL); +@@ -2663,7 +2663,7 @@ static __init int iscsi_transport_init(void) printk(KERN_INFO "Loading iSCSI transport class v%s.\n", ISCSI_TRANSPORT_VERSION); @@ -36952,12 +34939,12 @@ index 21a045e..ec89e03 100644 transport_setup_device(&rport->dev); diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c -index 953773c..c7f29de 100644 +index fa3a591..fd96409 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c -@@ -1073,6 +1073,10 @@ static int sd_ioctl(struct block_device *bdev, fmode_t mode, - SCSI_LOG_IOCTL(1, printk("sd_ioctl: disk=%s, cmd=0x%x\n", - disk->disk_name, cmd)); +@@ -1074,6 +1074,10 @@ static int sd_ioctl(struct block_device *bdev, fmode_t mode, + SCSI_LOG_IOCTL(1, sd_printk(KERN_INFO, sdkp, "sd_ioctl: disk=%s, " + "cmd=0x%x\n", disk->disk_name, cmd)); + error = scsi_verify_blk_ioctl(bdev, cmd); + if (error < 0) @@ -36966,7 +34953,7 @@ index 953773c..c7f29de 100644 /* * If we are in the middle of error recovery, don't let anyone * else try and use this device. Also, if error recovery fails, it -@@ -1095,7 +1099,7 @@ static int sd_ioctl(struct block_device *bdev, fmode_t mode, +@@ -1096,7 +1100,7 @@ static int sd_ioctl(struct block_device *bdev, fmode_t mode, error = scsi_ioctl(sdp, cmd, p); break; default: @@ -36975,7 +34962,7 @@ index 953773c..c7f29de 100644 if (error != -ENOTTY) break; error = scsi_ioctl(sdp, cmd, p); -@@ -1265,6 +1269,11 @@ static int sd_compat_ioctl(struct block_device *bdev, fmode_t mode, +@@ -1266,6 +1270,11 @@ static int sd_compat_ioctl(struct block_device *bdev, fmode_t mode, unsigned int cmd, unsigned long arg) { struct scsi_device *sdev = scsi_disk(bdev->bd_disk)->device; @@ -36987,7 +34974,7 @@ index 953773c..c7f29de 100644 /* * If we are in the middle of error recovery, don't let anyone -@@ -1276,8 +1285,6 @@ static int sd_compat_ioctl(struct block_device *bdev, fmode_t mode, +@@ -1277,8 +1286,6 @@ static int sd_compat_ioctl(struct block_device *bdev, fmode_t mode, return -ENODEV; if (sdev->host->hostt->compat_ioctl) { @@ -36997,10 +34984,10 @@ index 953773c..c7f29de 100644 return ret; diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c -index 909ed9e..1ae290a 100644 +index 441a1c5..07cece7 100644 --- a/drivers/scsi/sg.c +++ b/drivers/scsi/sg.c -@@ -1075,7 +1075,7 @@ sg_ioctl(struct file *filp, unsigned int cmd_in, unsigned long arg) +@@ -1077,7 +1077,7 @@ sg_ioctl(struct file *filp, unsigned int cmd_in, unsigned long arg) sdp->disk->disk_name, MKDEV(SCSI_GENERIC_MAJOR, sdp->index), NULL, @@ -37009,7 +34996,7 @@ index 909ed9e..1ae290a 100644 case BLKTRACESTART: return blk_trace_startstop(sdp->device->request_queue, 1); case BLKTRACESTOP: -@@ -2310,7 +2310,7 @@ struct sg_proc_leaf { +@@ -2312,7 +2312,7 @@ struct sg_proc_leaf { const struct file_operations * fops; }; @@ -37018,7 +35005,7 @@ index 909ed9e..1ae290a 100644 {"allow_dio", &adio_fops}, {"debug", &debug_fops}, {"def_reserved_size", &dressz_fops}, -@@ -2325,7 +2325,7 @@ sg_proc_init(void) +@@ -2327,7 +2327,7 @@ sg_proc_init(void) { int k, mask; int num_leaves = ARRAY_SIZE(sg_proc_leaf_arr); @@ -37027,37 +35014,11 @@ index 909ed9e..1ae290a 100644 sg_proc_sgp = proc_mkdir(sg_proc_sg_dirname, NULL); if (!sg_proc_sgp) -diff --git a/drivers/scsi/sym53c8xx_2/sym_glue.c b/drivers/scsi/sym53c8xx_2/sym_glue.c -index b4543f5..e1b34b8 100644 ---- a/drivers/scsi/sym53c8xx_2/sym_glue.c -+++ b/drivers/scsi/sym53c8xx_2/sym_glue.c -@@ -1756,6 +1756,8 @@ static int __devinit sym2_probe(struct pci_dev *pdev, - int do_iounmap = 0; - int do_disable_device = 1; - -+ pax_track_stack(); -+ - memset(&sym_dev, 0, sizeof(sym_dev)); - memset(&nvram, 0, sizeof(nvram)); - sym_dev.pdev = pdev; -diff --git a/drivers/scsi/vmw_pvscsi.c b/drivers/scsi/vmw_pvscsi.c -index a18996d..fe993cb 100644 ---- a/drivers/scsi/vmw_pvscsi.c -+++ b/drivers/scsi/vmw_pvscsi.c -@@ -447,6 +447,8 @@ static void pvscsi_setup_all_rings(const struct pvscsi_adapter *adapter) - dma_addr_t base; - unsigned i; - -+ pax_track_stack(); -+ - cmd.ringsStatePPN = adapter->ringStatePA >> PAGE_SHIFT; - cmd.reqRingNumPages = adapter->req_pages; - cmd.cmpRingNumPages = adapter->cmp_pages; diff --git a/drivers/spi/spi-dw-pci.c b/drivers/spi/spi-dw-pci.c -index c5f37f0..898d202 100644 +index f64250e..1ee3049 100644 --- a/drivers/spi/spi-dw-pci.c +++ b/drivers/spi/spi-dw-pci.c -@@ -148,7 +148,7 @@ static int spi_resume(struct pci_dev *pdev) +@@ -149,7 +149,7 @@ static int spi_resume(struct pci_dev *pdev) #define spi_resume NULL #endif @@ -37067,10 +35028,10 @@ index c5f37f0..898d202 100644 { PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0x0800) }, {}, diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c -index 4d1b9f5..8408fe3 100644 +index 77eae99..b7cdcc9 100644 --- a/drivers/spi/spi.c +++ b/drivers/spi/spi.c -@@ -1023,7 +1023,7 @@ int spi_bus_unlock(struct spi_master *master) +@@ -1024,7 +1024,7 @@ int spi_bus_unlock(struct spi_master *master) EXPORT_SYMBOL_GPL(spi_bus_unlock); /* portable code must never pass more than 32 bytes */ @@ -37079,216 +35040,33 @@ index 4d1b9f5..8408fe3 100644 static u8 *buf; -diff --git a/drivers/staging/ath6kl/os/linux/ar6000_drv.c b/drivers/staging/ath6kl/os/linux/ar6000_drv.c -index 32ee39a..3004c3d 100644 ---- a/drivers/staging/ath6kl/os/linux/ar6000_drv.c -+++ b/drivers/staging/ath6kl/os/linux/ar6000_drv.c -@@ -362,7 +362,7 @@ static struct ar_cookie s_ar_cookie_mem[MAX_COOKIE_NUM]; - (((ar)->arTargetType == TARGET_TYPE_AR6003) ? AR6003_HOST_INTEREST_ITEM_ADDRESS(item) : 0)) - - --static struct net_device_ops ar6000_netdev_ops = { -+static net_device_ops_no_const ar6000_netdev_ops = { - .ndo_init = NULL, - .ndo_open = ar6000_open, - .ndo_stop = ar6000_close, -diff --git a/drivers/staging/ath6kl/os/linux/include/ar6k_pal.h b/drivers/staging/ath6kl/os/linux/include/ar6k_pal.h -index 39e0873..0925710 100644 ---- a/drivers/staging/ath6kl/os/linux/include/ar6k_pal.h -+++ b/drivers/staging/ath6kl/os/linux/include/ar6k_pal.h -@@ -30,7 +30,7 @@ typedef bool (*ar6k_pal_recv_pkt_t)(void *pHciPalInfo, void *skb); - typedef struct ar6k_pal_config_s - { - ar6k_pal_recv_pkt_t fpar6k_pal_recv_pkt; --}ar6k_pal_config_t; -+} __no_const ar6k_pal_config_t; - - void register_pal_cb(ar6k_pal_config_t *palConfig_p); - #endif /* _AR6K_PAL_H_ */ -diff --git a/drivers/staging/brcm80211/brcmfmac/dhd_linux.c b/drivers/staging/brcm80211/brcmfmac/dhd_linux.c -index 05dada9..96171c6 100644 ---- a/drivers/staging/brcm80211/brcmfmac/dhd_linux.c -+++ b/drivers/staging/brcm80211/brcmfmac/dhd_linux.c -@@ -451,14 +451,14 @@ static void brcmf_op_if(struct brcmf_if *ifp) - free_netdev(ifp->net); - } - /* Allocate etherdev, including space for private structure */ -- ifp->net = alloc_etherdev(sizeof(drvr_priv)); -+ ifp->net = alloc_etherdev(sizeof(*drvr_priv)); - if (!ifp->net) { - BRCMF_ERROR(("%s: OOM - alloc_etherdev\n", __func__)); - ret = -ENOMEM; - } - if (ret == 0) { - strcpy(ifp->net->name, ifp->name); -- memcpy(netdev_priv(ifp->net), &drvr_priv, sizeof(drvr_priv)); -+ memcpy(netdev_priv(ifp->net), &drvr_priv, sizeof(*drvr_priv)); - err = brcmf_net_attach(&drvr_priv->pub, ifp->idx); - if (err != 0) { - BRCMF_ERROR(("%s: brcmf_net_attach failed, " -@@ -1279,7 +1279,7 @@ struct brcmf_pub *brcmf_attach(struct brcmf_bus *bus, uint bus_hdrlen) - BRCMF_TRACE(("%s: Enter\n", __func__)); - - /* Allocate etherdev, including space for private structure */ -- net = alloc_etherdev(sizeof(drvr_priv)); -+ net = alloc_etherdev(sizeof(*drvr_priv)); - if (!net) { - BRCMF_ERROR(("%s: OOM - alloc_etherdev\n", __func__)); - goto fail; -@@ -1295,7 +1295,7 @@ struct brcmf_pub *brcmf_attach(struct brcmf_bus *bus, uint bus_hdrlen) - /* - * Save the brcmf_info into the priv - */ -- memcpy(netdev_priv(net), &drvr_priv, sizeof(drvr_priv)); -+ memcpy(netdev_priv(net), &drvr_priv, sizeof(*drvr_priv)); - - /* Set network interface name if it was provided as module parameter */ - if (iface_name[0]) { -@@ -1352,7 +1352,7 @@ struct brcmf_pub *brcmf_attach(struct brcmf_bus *bus, uint bus_hdrlen) - /* - * Save the brcmf_info into the priv - */ -- memcpy(netdev_priv(net), &drvr_priv, sizeof(drvr_priv)); -+ memcpy(netdev_priv(net), &drvr_priv, sizeof(*drvr_priv)); - - #if defined(CONFIG_PM_SLEEP) - atomic_set(&brcmf_mmc_suspend, false); -diff --git a/drivers/staging/brcm80211/brcmfmac/sdio_host.h b/drivers/staging/brcm80211/brcmfmac/sdio_host.h -index d345472..cedb19e 100644 ---- a/drivers/staging/brcm80211/brcmfmac/sdio_host.h -+++ b/drivers/staging/brcm80211/brcmfmac/sdio_host.h -@@ -263,7 +263,7 @@ struct brcmf_sdioh_driver { - u16 func, uint bustype, u32 regsva, void *param); - /* detach from device */ - void (*detach) (void *ch); --}; -+} __no_const; - - struct sdioh_info; - -diff --git a/drivers/staging/brcm80211/brcmsmac/phy/phy_int.h b/drivers/staging/brcm80211/brcmsmac/phy/phy_int.h -index a01b01c..b3f721c 100644 ---- a/drivers/staging/brcm80211/brcmsmac/phy/phy_int.h -+++ b/drivers/staging/brcm80211/brcmsmac/phy/phy_int.h -@@ -591,7 +591,7 @@ struct phy_func_ptr { - initfn_t carrsuppr; - rxsigpwrfn_t rxsigpwr; - detachfn_t detach; --}; -+} __no_const; - - struct brcms_phy { - struct brcms_phy_pub pubpi_ro; -diff --git a/drivers/staging/et131x/et1310_tx.c b/drivers/staging/et131x/et1310_tx.c -index 8fb3051..a8b6c67 100644 ---- a/drivers/staging/et131x/et1310_tx.c -+++ b/drivers/staging/et131x/et1310_tx.c -@@ -635,11 +635,11 @@ inline void et131x_free_send_packet(struct et131x_adapter *etdev, - struct net_device_stats *stats = &etdev->net_stats; - - if (tcb->flags & fMP_DEST_BROAD) -- atomic_inc(&etdev->stats.brdcstxmt); -+ atomic_inc_unchecked(&etdev->stats.brdcstxmt); - else if (tcb->flags & fMP_DEST_MULTI) -- atomic_inc(&etdev->stats.multixmt); -+ atomic_inc_unchecked(&etdev->stats.multixmt); - else -- atomic_inc(&etdev->stats.unixmt); -+ atomic_inc_unchecked(&etdev->stats.unixmt); - - if (tcb->skb) { - stats->tx_bytes += tcb->skb->len; -diff --git a/drivers/staging/et131x/et131x_adapter.h b/drivers/staging/et131x/et131x_adapter.h -index 408c50b..fd65e9f 100644 ---- a/drivers/staging/et131x/et131x_adapter.h -+++ b/drivers/staging/et131x/et131x_adapter.h -@@ -106,11 +106,11 @@ struct ce_stats { - * operations - */ - u32 unircv; /* # multicast packets received */ -- atomic_t unixmt; /* # multicast packets for Tx */ -+ atomic_unchecked_t unixmt; /* # multicast packets for Tx */ - u32 multircv; /* # multicast packets received */ -- atomic_t multixmt; /* # multicast packets for Tx */ -+ atomic_unchecked_t multixmt; /* # multicast packets for Tx */ - u32 brdcstrcv; /* # broadcast packets received */ -- atomic_t brdcstxmt; /* # broadcast packets for Tx */ -+ atomic_unchecked_t brdcstxmt; /* # broadcast packets for Tx */ - u32 norcvbuf; /* # Rx packets discarded */ - u32 noxmtbuf; /* # Tx packets discarded */ - -diff --git a/drivers/staging/hv/channel.c b/drivers/staging/hv/channel.c -index 455f47a..86205ff 100644 ---- a/drivers/staging/hv/channel.c -+++ b/drivers/staging/hv/channel.c -@@ -447,8 +447,8 @@ int vmbus_establish_gpadl(struct vmbus_channel *channel, void *kbuffer, - int ret = 0; - int t; - -- next_gpadl_handle = atomic_read(&vmbus_connection.next_gpadl_handle); -- atomic_inc(&vmbus_connection.next_gpadl_handle); -+ next_gpadl_handle = atomic_read_unchecked(&vmbus_connection.next_gpadl_handle); -+ atomic_inc_unchecked(&vmbus_connection.next_gpadl_handle); - - ret = create_gpadl_header(kbuffer, size, &msginfo, &msgcount); - if (ret) -diff --git a/drivers/staging/hv/hv.c b/drivers/staging/hv/hv.c -index 824f816..a800af7 100644 ---- a/drivers/staging/hv/hv.c -+++ b/drivers/staging/hv/hv.c -@@ -132,7 +132,7 @@ static u64 do_hypercall(u64 control, void *input, void *output) - u64 output_address = (output) ? virt_to_phys(output) : 0; - u32 output_address_hi = output_address >> 32; - u32 output_address_lo = output_address & 0xFFFFFFFF; -- volatile void *hypercall_page = hv_context.hypercall_page; -+ volatile void *hypercall_page = ktva_ktla(hv_context.hypercall_page); - - __asm__ __volatile__ ("call *%8" : "=d"(hv_status_hi), - "=a"(hv_status_lo) : "d" (control_hi), -diff --git a/drivers/staging/hv/hv_mouse.c b/drivers/staging/hv/hv_mouse.c -index d957fc2..43cedd9 100644 ---- a/drivers/staging/hv/hv_mouse.c -+++ b/drivers/staging/hv/hv_mouse.c -@@ -878,8 +878,10 @@ static void reportdesc_callback(struct hv_device *dev, void *packet, u32 len) - if (hid_dev) { - DPRINT_INFO(INPUTVSC_DRV, "hid_device created"); - -- hid_dev->ll_driver->open = mousevsc_hid_open; -- hid_dev->ll_driver->close = mousevsc_hid_close; -+ pax_open_kernel(); -+ *(void **)&hid_dev->ll_driver->open = mousevsc_hid_open; -+ *(void **)&hid_dev->ll_driver->close = mousevsc_hid_close; -+ pax_close_kernel(); - - hid_dev->bus = BUS_VIRTUAL; - hid_dev->vendor = input_device_ctx->device_info.vendor; -diff --git a/drivers/staging/hv/hyperv_vmbus.h b/drivers/staging/hv/hyperv_vmbus.h -index 349ad80..3f75719 100644 ---- a/drivers/staging/hv/hyperv_vmbus.h -+++ b/drivers/staging/hv/hyperv_vmbus.h -@@ -559,7 +559,7 @@ enum vmbus_connect_state { - struct vmbus_connection { - enum vmbus_connect_state conn_state; - -- atomic_t next_gpadl_handle; -+ atomic_unchecked_t next_gpadl_handle; - - /* - * Represents channel interrupts. Each bit position represents a +diff --git a/drivers/staging/gma500/power.c b/drivers/staging/gma500/power.c +index 436fe97..4082570 100644 +--- a/drivers/staging/gma500/power.c ++++ b/drivers/staging/gma500/power.c +@@ -266,7 +266,7 @@ bool gma_power_begin(struct drm_device *dev, bool force_on) + ret = gma_resume_pci(dev->pdev); + if (ret == 0) { + /* FIXME: we want to defer this for Medfield/Oaktrail */ +- gma_resume_display(dev); ++ gma_resume_display(dev->pdev); + psb_irq_preinstall(dev); + psb_irq_postinstall(dev); + pm_runtime_get(&dev->pdev->dev); diff --git a/drivers/staging/hv/rndis_filter.c b/drivers/staging/hv/rndis_filter.c -index dbb5201..d6047c6 100644 +index bafccb3..e3ac78d 100644 --- a/drivers/staging/hv/rndis_filter.c +++ b/drivers/staging/hv/rndis_filter.c -@@ -43,7 +43,7 @@ struct rndis_device { +@@ -42,7 +42,7 @@ struct rndis_device { enum rndis_device_state state; - u32 link_stat; + bool link_state; - atomic_t new_req_id; + atomic_unchecked_t new_req_id; spinlock_t request_lock; struct list_head req_list; -@@ -117,7 +117,7 @@ static struct rndis_request *get_rndis_request(struct rndis_device *dev, +@@ -116,7 +116,7 @@ static struct rndis_request *get_rndis_request(struct rndis_device *dev, * template */ set = &rndis_msg->msg.set_req; @@ -37297,7 +35075,7 @@ index dbb5201..d6047c6 100644 /* Add to the request list */ spin_lock_irqsave(&dev->request_lock, flags); -@@ -622,7 +622,7 @@ static void rndis_filter_halt_device(struct rndis_device *dev) +@@ -646,7 +646,7 @@ static void rndis_filter_halt_device(struct rndis_device *dev) /* Setup the rndis set */ halt = &request->request_msg.msg.halt_req; @@ -37306,59 +35084,19 @@ index dbb5201..d6047c6 100644 /* Ignore return since this msg is optional. */ rndis_filter_send_request(dev, request); -diff --git a/drivers/staging/hv/vmbus_drv.c b/drivers/staging/hv/vmbus_drv.c -index 1c949f5..7a8b104 100644 ---- a/drivers/staging/hv/vmbus_drv.c -+++ b/drivers/staging/hv/vmbus_drv.c -@@ -660,11 +660,11 @@ int vmbus_child_device_register(struct hv_device *child_device_obj) - { - int ret = 0; - -- static atomic_t device_num = ATOMIC_INIT(0); -+ static atomic_unchecked_t device_num = ATOMIC_INIT(0); - - /* Set the device name. Otherwise, device_register() will fail. */ - dev_set_name(&child_device_obj->device, "vmbus_0_%d", -- atomic_inc_return(&device_num)); -+ atomic_inc_return_unchecked(&device_num)); - - /* The new device belongs to this bus */ - child_device_obj->device.bus = &hv_bus; /* device->dev.bus; */ -diff --git a/drivers/staging/iio/ring_generic.h b/drivers/staging/iio/ring_generic.h -index 3f26f71..fb5c787 100644 ---- a/drivers/staging/iio/ring_generic.h -+++ b/drivers/staging/iio/ring_generic.h -@@ -62,7 +62,7 @@ struct iio_ring_access_funcs { - - int (*is_enabled)(struct iio_ring_buffer *ring); - int (*enable)(struct iio_ring_buffer *ring); +diff --git a/drivers/staging/iio/buffer_generic.h b/drivers/staging/iio/buffer_generic.h +index 9e8f010..af9efb5 100644 +--- a/drivers/staging/iio/buffer_generic.h ++++ b/drivers/staging/iio/buffer_generic.h +@@ -64,7 +64,7 @@ struct iio_buffer_access_funcs { + + int (*is_enabled)(struct iio_buffer *buffer); + int (*enable)(struct iio_buffer *buffer); -}; +} __no_const; - struct iio_ring_setup_ops { - int (*preenable)(struct iio_dev *); -diff --git a/drivers/staging/mei/interface.c b/drivers/staging/mei/interface.c -index cfec92d..a65dacf 100644 ---- a/drivers/staging/mei/interface.c -+++ b/drivers/staging/mei/interface.c -@@ -332,7 +332,7 @@ int mei_send_flow_control(struct mei_device *dev, struct mei_cl *cl) - mei_hdr->reserved = 0; - - mei_flow_control = (struct hbm_flow_control *) &dev->wr_msg_buf[1]; -- memset(mei_flow_control, 0, sizeof(mei_flow_control)); -+ memset(mei_flow_control, 0, sizeof(*mei_flow_control)); - mei_flow_control->host_addr = cl->host_client_id; - mei_flow_control->me_addr = cl->me_client_id; - mei_flow_control->cmd.cmd = MEI_FLOW_CONTROL_CMD; -@@ -396,7 +396,7 @@ int mei_disconnect(struct mei_device *dev, struct mei_cl *cl) - - mei_cli_disconnect = - (struct hbm_client_disconnect_request *) &dev->wr_msg_buf[1]; -- memset(mei_cli_disconnect, 0, sizeof(mei_cli_disconnect)); -+ memset(mei_cli_disconnect, 0, sizeof(*mei_cli_disconnect)); - mei_cli_disconnect->host_addr = cl->host_client_id; - mei_cli_disconnect->me_addr = cl->me_client_id; - mei_cli_disconnect->cmd.cmd = CLIENT_DISCONNECT_REQ_CMD; + /** + * struct iio_buffer_setup_ops - buffer setup related callbacks diff --git a/drivers/staging/octeon/ethernet-rx.c b/drivers/staging/octeon/ethernet-rx.c index 8b307b4..a97ac91 100644 --- a/drivers/staging/octeon/ethernet-rx.c @@ -37392,7 +35130,7 @@ index 8b307b4..a97ac91 100644 dev_kfree_skb_irq(skb); } diff --git a/drivers/staging/octeon/ethernet.c b/drivers/staging/octeon/ethernet.c -index a8f780e..aef1098 100644 +index 076f866..2308070 100644 --- a/drivers/staging/octeon/ethernet.c +++ b/drivers/staging/octeon/ethernet.c @@ -258,11 +258,11 @@ static struct net_device_stats *cvm_oct_common_get_stats(struct net_device *dev) @@ -37412,7 +35150,7 @@ index a8f780e..aef1098 100644 } diff --git a/drivers/staging/pohmelfs/inode.c b/drivers/staging/pohmelfs/inode.c -index f3c6060..56bf826 100644 +index 7a19555..466456d 100644 --- a/drivers/staging/pohmelfs/inode.c +++ b/drivers/staging/pohmelfs/inode.c @@ -1861,7 +1861,7 @@ static int pohmelfs_fill_super(struct super_block *sb, void *data, int silent) @@ -37468,7 +35206,7 @@ index 985b6b7..7699e05 100644 unsigned int crypto_attached_size; unsigned int crypto_align_size; diff --git a/drivers/staging/pohmelfs/trans.c b/drivers/staging/pohmelfs/trans.c -index 36a2535..0591bf4 100644 +index 06c1a74..866eebc 100644 --- a/drivers/staging/pohmelfs/trans.c +++ b/drivers/staging/pohmelfs/trans.c @@ -492,7 +492,7 @@ int netfs_trans_finish(struct netfs_trans *t, struct pohmelfs_sb *psb) @@ -37481,10 +35219,10 @@ index 36a2535..0591bf4 100644 cmd->size = t->iovec.iov_len - sizeof(struct netfs_cmd) + t->attached_size + t->attached_pages * sizeof(struct netfs_cmd); diff --git a/drivers/staging/rtl8712/rtl871x_io.h b/drivers/staging/rtl8712/rtl871x_io.h -index b70cb2b..4db41a7 100644 +index 86308a0..feaa925 100644 --- a/drivers/staging/rtl8712/rtl871x_io.h +++ b/drivers/staging/rtl8712/rtl871x_io.h -@@ -83,7 +83,7 @@ struct _io_ops { +@@ -108,7 +108,7 @@ struct _io_ops { u8 *pmem); u32 (*_write_port)(struct intf_hdl *pintfhdl, u32 addr, u32 cnt, u8 *pmem); @@ -37520,10 +35258,10 @@ index be21617..0954e45 100644 #if 0 diff --git a/drivers/staging/usbip/vhci.h b/drivers/staging/usbip/vhci.h -index 71a586e..4d8a91a 100644 +index 88b3298..3783eee 100644 --- a/drivers/staging/usbip/vhci.h +++ b/drivers/staging/usbip/vhci.h -@@ -85,7 +85,7 @@ struct vhci_hcd { +@@ -88,7 +88,7 @@ struct vhci_hcd { unsigned resuming:1; unsigned long re_timeout; @@ -37692,10 +35430,10 @@ index ed147c4..94fc3c6 100644 /* core tmem accessor functions */ diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c -index c4ac6f6..4f90f53 100644 +index 8599545..7761358 100644 --- a/drivers/target/iscsi/iscsi_target.c +++ b/drivers/target/iscsi/iscsi_target.c -@@ -1370,7 +1370,7 @@ static int iscsit_handle_data_out(struct iscsi_conn *conn, unsigned char *buf) +@@ -1364,7 +1364,7 @@ static int iscsit_handle_data_out(struct iscsi_conn *conn, unsigned char *buf) * outstanding_r2ts reaches zero, go ahead and send the delayed * TASK_ABORTED status. */ @@ -37704,90 +35442,11 @@ index c4ac6f6..4f90f53 100644 if (hdr->flags & ISCSI_FLAG_CMD_FINAL) if (--cmd->outstanding_r2ts < 1) { iscsit_stop_dataout_timer(cmd); -diff --git a/drivers/target/target_core_alua.c b/drivers/target/target_core_alua.c -index 8badcb4..94c9ac6 100644 ---- a/drivers/target/target_core_alua.c -+++ b/drivers/target/target_core_alua.c -@@ -723,6 +723,8 @@ static int core_alua_update_tpg_primary_metadata( - char path[ALUA_METADATA_PATH_LEN]; - int len; - -+ pax_track_stack(); -+ - memset(path, 0, ALUA_METADATA_PATH_LEN); - - len = snprintf(md_buf, tg_pt_gp->tg_pt_gp_md_buf_len, -@@ -986,6 +988,8 @@ static int core_alua_update_tpg_secondary_metadata( - char path[ALUA_METADATA_PATH_LEN], wwn[ALUA_SECONDARY_METADATA_WWN_LEN]; - int len; - -+ pax_track_stack(); -+ - memset(path, 0, ALUA_METADATA_PATH_LEN); - memset(wwn, 0, ALUA_SECONDARY_METADATA_WWN_LEN); - -diff --git a/drivers/target/target_core_cdb.c b/drivers/target/target_core_cdb.c -index 5f91397..dcc2d25 100644 ---- a/drivers/target/target_core_cdb.c -+++ b/drivers/target/target_core_cdb.c -@@ -933,6 +933,8 @@ target_emulate_modesense(struct se_cmd *cmd, int ten) - int length = 0; - unsigned char buf[SE_MODE_PAGE_BUF]; - -+ pax_track_stack(); -+ - memset(buf, 0, SE_MODE_PAGE_BUF); - - switch (cdb[2] & 0x3f) { -diff --git a/drivers/target/target_core_configfs.c b/drivers/target/target_core_configfs.c -index b2575d8..b6b28fd 100644 ---- a/drivers/target/target_core_configfs.c -+++ b/drivers/target/target_core_configfs.c -@@ -1267,6 +1267,8 @@ static ssize_t target_core_dev_pr_show_attr_res_pr_registered_i_pts( - ssize_t len = 0; - int reg_count = 0, prf_isid; - -+ pax_track_stack(); -+ - if (!su_dev->se_dev_ptr) - return -ENODEV; - -diff --git a/drivers/target/target_core_pr.c b/drivers/target/target_core_pr.c -index 7fd3a16..bc2fb3e 100644 ---- a/drivers/target/target_core_pr.c -+++ b/drivers/target/target_core_pr.c -@@ -918,6 +918,8 @@ static int __core_scsi3_check_aptpl_registration( - unsigned char t_port[PR_APTPL_MAX_TPORT_LEN]; - u16 tpgt; - -+ pax_track_stack(); -+ - memset(i_port, 0, PR_APTPL_MAX_IPORT_LEN); - memset(t_port, 0, PR_APTPL_MAX_TPORT_LEN); - /* -@@ -1867,6 +1869,8 @@ static int __core_scsi3_update_aptpl_buf( - ssize_t len = 0; - int reg_count = 0; - -+ pax_track_stack(); -+ - memset(buf, 0, pr_aptpl_buf_len); - /* - * Called to clear metadata once APTPL has been deactivated. -@@ -1989,6 +1993,8 @@ static int __core_scsi3_write_aptpl_to_file( - char path[512]; - int ret; - -+ pax_track_stack(); -+ - memset(iov, 0, sizeof(struct iovec)); - memset(path, 0, 512); - diff --git a/drivers/target/target_core_tmr.c b/drivers/target/target_core_tmr.c -index 5c1b8c5..0cb7d0e 100644 +index 6845228..df77141 100644 --- a/drivers/target/target_core_tmr.c +++ b/drivers/target/target_core_tmr.c -@@ -255,7 +255,7 @@ static void core_tmr_drain_task_list( +@@ -250,7 +250,7 @@ static void core_tmr_drain_task_list( cmd->se_tfo->get_task_tag(cmd), cmd->pr_res_key, cmd->t_task_list_num, atomic_read(&cmd->t_task_cdbs_left), @@ -37796,7 +35455,7 @@ index 5c1b8c5..0cb7d0e 100644 atomic_read(&cmd->t_transport_active), atomic_read(&cmd->t_transport_stop), atomic_read(&cmd->t_transport_sent)); -@@ -291,7 +291,7 @@ static void core_tmr_drain_task_list( +@@ -281,7 +281,7 @@ static void core_tmr_drain_task_list( pr_debug("LUN_RESET: got t_transport_active = 1 for" " task: %p, t_fe_count: %d dev: %p\n", task, fe_count, dev); @@ -37805,7 +35464,7 @@ index 5c1b8c5..0cb7d0e 100644 spin_unlock_irqrestore(&cmd->t_state_lock, flags); core_tmr_handle_tas_abort(tmr_nacl, cmd, tas, fe_count); -@@ -299,7 +299,7 @@ static void core_tmr_drain_task_list( +@@ -289,7 +289,7 @@ static void core_tmr_drain_task_list( } pr_debug("LUN_RESET: Got t_transport_active = 0 for task: %p," " t_fe_count: %d dev: %p\n", task, fe_count, dev); @@ -37815,10 +35474,10 @@ index 5c1b8c5..0cb7d0e 100644 core_tmr_handle_tas_abort(tmr_nacl, cmd, tas, fe_count); diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c -index e2added..ccb5251 100644 +index 0257658..09433d5 100644 --- a/drivers/target/target_core_transport.c +++ b/drivers/target/target_core_transport.c -@@ -1445,7 +1445,7 @@ struct se_device *transport_add_device_to_core_hba( +@@ -1343,7 +1343,7 @@ struct se_device *transport_add_device_to_core_hba( dev->queue_depth = dev_limits->queue_depth; atomic_set(&dev->depth_left, dev->queue_depth); @@ -37827,7 +35486,7 @@ index e2added..ccb5251 100644 se_dev_set_default_attribs(dev, dev_limits); -@@ -1633,7 +1633,7 @@ static int transport_check_alloc_task_attr(struct se_cmd *cmd) +@@ -1530,7 +1530,7 @@ static int transport_check_alloc_task_attr(struct se_cmd *cmd) * Used to determine when ORDERED commands should go from * Dormant to Active status. */ @@ -37836,7 +35495,7 @@ index e2added..ccb5251 100644 smp_mb__after_atomic_inc(); pr_debug("Allocated se_ordered_id: %u for Task Attr: 0x%02x on %s\n", cmd->se_ordered_id, cmd->sam_task_attr, -@@ -1960,7 +1960,7 @@ static void transport_generic_request_failure( +@@ -1800,7 +1800,7 @@ static void transport_generic_request_failure(struct se_cmd *cmd) " t_transport_active: %d t_transport_stop: %d" " t_transport_sent: %d\n", cmd->t_task_list_num, atomic_read(&cmd->t_task_cdbs_left), @@ -37845,28 +35504,28 @@ index e2added..ccb5251 100644 atomic_read(&cmd->t_task_cdbs_ex_left), atomic_read(&cmd->t_transport_active), atomic_read(&cmd->t_transport_stop), -@@ -2460,9 +2460,9 @@ check_depth: +@@ -2089,9 +2089,9 @@ check_depth: + spin_lock_irqsave(&cmd->t_state_lock, flags); - atomic_set(&task->task_active, 1); - atomic_set(&task->task_sent, 1); + task->task_flags |= (TF_ACTIVE | TF_SENT); - atomic_inc(&cmd->t_task_cdbs_sent); + atomic_inc_unchecked(&cmd->t_task_cdbs_sent); - if (atomic_read(&cmd->t_task_cdbs_sent) == + if (atomic_read_unchecked(&cmd->t_task_cdbs_sent) == cmd->t_task_list_num) - atomic_set(&cmd->transport_sent, 1); + atomic_set(&cmd->t_transport_sent, 1); -@@ -4682,7 +4682,7 @@ static void transport_generic_wait_for_tasks( +@@ -4260,7 +4260,7 @@ bool transport_wait_for_tasks(struct se_cmd *cmd) atomic_set(&cmd->transport_lun_stop, 0); } if (!atomic_read(&cmd->t_transport_active) || -- atomic_read(&cmd->t_transport_aborted)) -+ atomic_read_unchecked(&cmd->t_transport_aborted)) - goto remove; - - atomic_set(&cmd->t_transport_stop, 1); -@@ -4917,7 +4917,7 @@ int transport_check_aborted_status(struct se_cmd *cmd, int send_status) +- atomic_read(&cmd->t_transport_aborted)) { ++ atomic_read_unchecked(&cmd->t_transport_aborted)) { + spin_unlock_irqrestore(&cmd->t_state_lock, flags); + return false; + } +@@ -4495,7 +4495,7 @@ int transport_check_aborted_status(struct se_cmd *cmd, int send_status) { int ret = 0; @@ -37875,39 +35534,17 @@ index e2added..ccb5251 100644 if (!send_status || (cmd->se_cmd_flags & SCF_SENT_DELAYED_TAS)) return 1; -@@ -4954,7 +4954,7 @@ void transport_send_task_abort(struct se_cmd *cmd) +@@ -4532,7 +4532,7 @@ void transport_send_task_abort(struct se_cmd *cmd) */ if (cmd->data_direction == DMA_TO_DEVICE) { if (cmd->se_tfo->write_pending_status(cmd) != 0) { - atomic_inc(&cmd->t_transport_aborted); + atomic_inc_unchecked(&cmd->t_transport_aborted); smp_mb__after_atomic_inc(); - cmd->scsi_status = SAM_STAT_TASK_ABORTED; - transport_new_cmd_failure(cmd); -@@ -5068,7 +5068,7 @@ static void transport_processing_shutdown(struct se_device *dev) - cmd->se_tfo->get_task_tag(cmd), - cmd->t_task_list_num, - atomic_read(&cmd->t_task_cdbs_left), -- atomic_read(&cmd->t_task_cdbs_sent), -+ atomic_read_unchecked(&cmd->t_task_cdbs_sent), - atomic_read(&cmd->t_transport_active), - atomic_read(&cmd->t_transport_stop), - atomic_read(&cmd->t_transport_sent)); -diff --git a/drivers/telephony/ixj.c b/drivers/telephony/ixj.c -index d5f923b..9c78228 100644 ---- a/drivers/telephony/ixj.c -+++ b/drivers/telephony/ixj.c -@@ -4976,6 +4976,8 @@ static int ixj_daa_cid_read(IXJ *j) - bool mContinue; - char *pIn, *pOut; - -+ pax_track_stack(); -+ - if (!SCI_Prepare(j)) - return 0; - + } + } diff --git a/drivers/tty/hvc/hvcs.c b/drivers/tty/hvc/hvcs.c -index 4c8b665..1d931eb 100644 +index b9040be..e3f5aab 100644 --- a/drivers/tty/hvc/hvcs.c +++ b/drivers/tty/hvc/hvcs.c @@ -83,6 +83,7 @@ @@ -38139,10 +35776,10 @@ index ef92869..f4ebd88 100644 ipwireless_disassociate_network_ttys(network, ttyj->channel_idx); diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c -index 8a50e4e..7d9ca3d 100644 +index fc7bbba..9527e93 100644 --- a/drivers/tty/n_gsm.c +++ b/drivers/tty/n_gsm.c -@@ -1625,7 +1625,7 @@ static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr) +@@ -1629,7 +1629,7 @@ static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr) kref_init(&dlci->ref); mutex_init(&dlci->mutex); dlci->fifo = &dlci->_fifo; @@ -38180,24 +35817,11 @@ index e18604b..a7d5a11 100644 cdev_init(&ptmx_cdev, &ptmx_fops); if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) || -diff --git a/drivers/tty/rocket.c b/drivers/tty/rocket.c -index 6a1241c..d04ab0d 100644 ---- a/drivers/tty/rocket.c -+++ b/drivers/tty/rocket.c -@@ -1277,6 +1277,8 @@ static int get_ports(struct r_port *info, struct rocket_ports __user *retports) - struct rocket_ports tmp; - int board; - -+ pax_track_stack(); -+ - if (!retports) - return -EFAULT; - memset(&tmp, 0, sizeof (tmp)); diff --git a/drivers/tty/serial/kgdboc.c b/drivers/tty/serial/kgdboc.c -index 87e7e6c..89744e0 100644 +index 2b42a01..32a2ed3 100644 --- a/drivers/tty/serial/kgdboc.c +++ b/drivers/tty/serial/kgdboc.c -@@ -23,8 +23,9 @@ +@@ -24,8 +24,9 @@ #define MAX_CONFIG_LEN 40 static struct kgdb_io kgdboc_io_ops; @@ -38208,7 +35832,7 @@ index 87e7e6c..89744e0 100644 static int configured = -1; static char config[MAX_CONFIG_LEN]; -@@ -147,6 +148,8 @@ static void cleanup_kgdboc(void) +@@ -148,6 +149,8 @@ static void cleanup_kgdboc(void) kgdboc_unregister_kbd(); if (configured == 1) kgdb_unregister_io_module(&kgdboc_io_ops); @@ -38217,7 +35841,7 @@ index 87e7e6c..89744e0 100644 } static int configure_kgdboc(void) -@@ -156,13 +159,13 @@ static int configure_kgdboc(void) +@@ -157,13 +160,13 @@ static int configure_kgdboc(void) int err; char *cptr = config; struct console *cons; @@ -38232,7 +35856,7 @@ index 87e7e6c..89744e0 100644 kgdb_tty_driver = NULL; kgdboc_use_kms = 0; -@@ -183,7 +186,7 @@ static int configure_kgdboc(void) +@@ -184,7 +187,7 @@ static int configure_kgdboc(void) int idx; if (cons->device && cons->device(cons, &idx) == p && idx == tty_line) { @@ -38241,7 +35865,7 @@ index 87e7e6c..89744e0 100644 break; } cons = cons->next; -@@ -193,12 +196,16 @@ static int configure_kgdboc(void) +@@ -194,12 +197,16 @@ static int configure_kgdboc(void) kgdb_tty_line = tty_line; do_register: @@ -38261,7 +35885,7 @@ index 87e7e6c..89744e0 100644 return 0; noconfig: -@@ -212,7 +219,7 @@ noconfig: +@@ -213,7 +220,7 @@ noconfig: static int __init init_kgdboc(void) { /* Already configured? */ @@ -38270,7 +35894,7 @@ index 87e7e6c..89744e0 100644 return 0; return configure_kgdboc(); -@@ -261,7 +268,7 @@ static int param_set_kgdboc_var(const char *kmessage, struct kernel_param *kp) +@@ -262,7 +269,7 @@ static int param_set_kgdboc_var(const char *kmessage, struct kernel_param *kp) if (config[len - 1] == '\n') config[len - 1] = '\0'; @@ -38279,7 +35903,7 @@ index 87e7e6c..89744e0 100644 cleanup_kgdboc(); /* Go and configure with the new params. */ -@@ -301,6 +308,15 @@ static struct kgdb_io kgdboc_io_ops = { +@@ -302,6 +309,15 @@ static struct kgdb_io kgdboc_io_ops = { .post_exception = kgdboc_post_exp_handler, }; @@ -38295,37 +35919,11 @@ index 87e7e6c..89744e0 100644 #ifdef CONFIG_KGDB_SERIAL_CONSOLE /* This is only available if kgdboc is a built in for early debugging */ static int __init kgdboc_early_init(char *opt) -diff --git a/drivers/tty/serial/mfd.c b/drivers/tty/serial/mfd.c -index cab52f4..29fc6aa 100644 ---- a/drivers/tty/serial/mfd.c -+++ b/drivers/tty/serial/mfd.c -@@ -1423,7 +1423,7 @@ static void serial_hsu_remove(struct pci_dev *pdev) - } - - /* First 3 are UART ports, and the 4th is the DMA */ --static const struct pci_device_id pci_ids[] __devinitdata = { -+static const struct pci_device_id pci_ids[] __devinitconst = { - { PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0x081B) }, - { PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0x081C) }, - { PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0x081D) }, -diff --git a/drivers/tty/serial/mrst_max3110.c b/drivers/tty/serial/mrst_max3110.c -index 23bc743..d425c07 100644 ---- a/drivers/tty/serial/mrst_max3110.c -+++ b/drivers/tty/serial/mrst_max3110.c -@@ -393,6 +393,8 @@ static void max3110_con_receive(struct uart_max3110 *max) - int loop = 1, num, total = 0; - u8 recv_buf[512], *pbuf; - -+ pax_track_stack(); -+ - pbuf = recv_buf; - do { - num = max3110_read_multi(max, pbuf); diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c -index 1a890e2..1d8139c 100644 +index 05085be..67eadb0 100644 --- a/drivers/tty/tty_io.c +++ b/drivers/tty/tty_io.c -@@ -3238,7 +3238,7 @@ EXPORT_SYMBOL_GPL(get_current_tty); +@@ -3240,7 +3240,7 @@ EXPORT_SYMBOL_GPL(get_current_tty); void tty_default_fops(struct file_operations *fops) { @@ -38335,7 +35933,7 @@ index 1a890e2..1d8139c 100644 /* diff --git a/drivers/tty/tty_ldisc.c b/drivers/tty/tty_ldisc.c -index a76c808..ecbc743 100644 +index 8e0924f..4204eb4 100644 --- a/drivers/tty/tty_ldisc.c +++ b/drivers/tty/tty_ldisc.c @@ -75,7 +75,7 @@ static void put_ldisc(struct tty_ldisc *ld) @@ -38384,10 +35982,10 @@ index a76c808..ecbc743 100644 spin_unlock_irqrestore(&tty_ldisc_lock, flags); } diff --git a/drivers/tty/vt/keyboard.c b/drivers/tty/vt/keyboard.c -index 3761ccf..2c613b3 100644 +index a605549..6bd3c96 100644 --- a/drivers/tty/vt/keyboard.c +++ b/drivers/tty/vt/keyboard.c -@@ -656,6 +656,16 @@ static void k_spec(struct vc_data *vc, unsigned char value, char up_flag) +@@ -657,6 +657,16 @@ static void k_spec(struct vc_data *vc, unsigned char value, char up_flag) kbd->kbdmode == VC_OFF) && value != KVAL(K_SAK)) return; /* SAK is allowed even in raw mode */ @@ -38404,19 +36002,6 @@ index 3761ccf..2c613b3 100644 fn_handler[value](vc); } -diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c -index b3915b7..e716839 100644 ---- a/drivers/tty/vt/vt.c -+++ b/drivers/tty/vt/vt.c -@@ -259,7 +259,7 @@ EXPORT_SYMBOL_GPL(unregister_vt_notifier); - - static void notify_write(struct vc_data *vc, unsigned int unicode) - { -- struct vt_notifier_param param = { .vc = vc, unicode = unicode }; -+ struct vt_notifier_param param = { .vc = vc, .c = unicode }; - atomic_notifier_call_chain(&vt_notifier_list, VT_WRITE, ¶m); - } - diff --git a/drivers/tty/vt/vt_ioctl.c b/drivers/tty/vt/vt_ioctl.c index 5e096f4..0da1363 100644 --- a/drivers/tty/vt/vt_ioctl.c @@ -38462,7 +36047,7 @@ index 5e096f4..0da1363 100644 ret = -EPERM; goto reterr; diff --git a/drivers/uio/uio.c b/drivers/uio/uio.c -index d2efe82..9440ab6 100644 +index a783d53..cb30d94 100644 --- a/drivers/uio/uio.c +++ b/drivers/uio/uio.c @@ -25,6 +25,7 @@ @@ -38547,7 +36132,7 @@ index d2efe82..9440ab6 100644 } static int uio_vma_fault(struct vm_area_struct *vma, struct vm_fault *vmf) -@@ -823,7 +824,7 @@ int __uio_register_device(struct module *owner, +@@ -821,7 +822,7 @@ int __uio_register_device(struct module *owner, idev->owner = owner; idev->info = info; init_waitqueue_head(&idev->wait); @@ -38653,7 +36238,7 @@ index d3448ca..d2864ca 100644 if (!left--) { if (instance->disconnected) diff --git a/drivers/usb/core/devices.c b/drivers/usb/core/devices.c -index 0149c09..f108812 100644 +index d956965..4179a77 100644 --- a/drivers/usb/core/devices.c +++ b/drivers/usb/core/devices.c @@ -126,7 +126,7 @@ static const char format_endpt[] = @@ -38684,7 +36269,7 @@ index 0149c09..f108812 100644 file->f_version = event_count; return POLLIN | POLLRDNORM; diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c -index 0b5ec23..0da3d76 100644 +index b3bdfed..a9460e0 100644 --- a/drivers/usb/core/message.c +++ b/drivers/usb/core/message.c @@ -869,8 +869,8 @@ char *usb_cache_string(struct usb_device *udev, int index) @@ -38739,19 +36324,6 @@ index 1fc8f12..20647c1 100644 return 0; } -diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c -index d718033..6075579 100644 ---- a/drivers/usb/host/xhci-mem.c -+++ b/drivers/usb/host/xhci-mem.c -@@ -1685,6 +1685,8 @@ static int xhci_check_trb_in_td_math(struct xhci_hcd *xhci, gfp_t mem_flags) - unsigned int num_tests; - int i, ret; - -+ pax_track_stack(); -+ - num_tests = ARRAY_SIZE(simple_test_vector); - for (i = 0; i < num_tests; i++) { - ret = xhci_test_trb_in_td(xhci, diff --git a/drivers/usb/wusbcore/wa-hc.h b/drivers/usb/wusbcore/wa-hc.h index d6bea3e..60b250e 100644 --- a/drivers/usb/wusbcore/wa-hc.h @@ -38775,10 +36347,10 @@ index d6bea3e..60b250e 100644 /** diff --git a/drivers/usb/wusbcore/wa-xfer.c b/drivers/usb/wusbcore/wa-xfer.c -index 4193345..49ae93d 100644 +index 57c01ab..8a05959 100644 --- a/drivers/usb/wusbcore/wa-xfer.c +++ b/drivers/usb/wusbcore/wa-xfer.c -@@ -295,7 +295,7 @@ out: +@@ -296,7 +296,7 @@ out: */ static void wa_xfer_id_init(struct wa_xfer *xfer) { @@ -38828,7 +36400,7 @@ index 5c3960d..15cf8fc 100644 goto out1; } diff --git a/drivers/video/fbmem.c b/drivers/video/fbmem.c -index ad93629..ca6a218 100644 +index ad93629..e020fc3 100644 --- a/drivers/video/fbmem.c +++ b/drivers/video/fbmem.c @@ -428,7 +428,7 @@ static void fb_do_show_logo(struct fb_info *info, struct fb_image *image, @@ -38849,25 +36421,7 @@ index ad93629..ca6a218 100644 info->fbops->fb_imageblit(info, image); image->dy -= image->height + 8; } -@@ -939,6 +939,8 @@ fb_set_var(struct fb_info *info, struct fb_var_screeninfo *var) - int flags = info->flags; - int ret = 0; - -+ pax_track_stack(); -+ - if (var->activate & FB_ACTIVATE_INV_MODE) { - struct fb_videomode mode1, mode2; - -@@ -1064,6 +1066,8 @@ static long do_fb_ioctl(struct fb_info *info, unsigned int cmd, - void __user *argp = (void __user *)arg; - long ret = 0; - -+ pax_track_stack(); -+ - switch (cmd) { - case FBIOGET_VSCREENINFO: - if (!lock_fb_info(info)) -@@ -1143,7 +1147,7 @@ static long do_fb_ioctl(struct fb_info *info, unsigned int cmd, +@@ -1143,7 +1143,7 @@ static long do_fb_ioctl(struct fb_info *info, unsigned int cmd, return -EFAULT; if (con2fb.console < 1 || con2fb.console > MAX_NR_CONSOLES) return -EINVAL; @@ -38890,7 +36444,7 @@ index 5a5d092..265c5ed 100644 { NULL, 60, 640, 480, 39682, 48, 16, 33, 10, 96, 2, 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_VESA }, diff --git a/drivers/video/gxt4500.c b/drivers/video/gxt4500.c -index 896e53d..4d87d0b 100644 +index 0fad23f..0e9afa4 100644 --- a/drivers/video/gxt4500.c +++ b/drivers/video/gxt4500.c @@ -156,7 +156,7 @@ struct gxt4500_par { @@ -41679,10 +39233,10 @@ index 3c14e43..eafa544 100644 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 +4 4 4 4 4 4 diff --git a/drivers/video/udlfb.c b/drivers/video/udlfb.c -index 087fc99..f85ed76 100644 +index 3473e75..c930142 100644 --- a/drivers/video/udlfb.c +++ b/drivers/video/udlfb.c -@@ -585,11 +585,11 @@ int dlfb_handle_damage(struct dlfb_data *dev, int x, int y, +@@ -619,11 +619,11 @@ int dlfb_handle_damage(struct dlfb_data *dev, int x, int y, dlfb_urb_completion(urb); error: @@ -41698,7 +39252,7 @@ index 087fc99..f85ed76 100644 >> 10)), /* Kcycles */ &dev->cpu_kcycles_used); -@@ -710,11 +710,11 @@ static void dlfb_dpy_deferred_io(struct fb_info *info, +@@ -744,11 +744,11 @@ static void dlfb_dpy_deferred_io(struct fb_info *info, dlfb_urb_completion(urb); error: @@ -41714,7 +39268,7 @@ index 087fc99..f85ed76 100644 >> 10)), /* Kcycles */ &dev->cpu_kcycles_used); } -@@ -1306,7 +1306,7 @@ static ssize_t metrics_bytes_rendered_show(struct device *fbdev, +@@ -1368,7 +1368,7 @@ static ssize_t metrics_bytes_rendered_show(struct device *fbdev, struct fb_info *fb_info = dev_get_drvdata(fbdev); struct dlfb_data *dev = fb_info->par; return snprintf(buf, PAGE_SIZE, "%u\n", @@ -41723,7 +39277,7 @@ index 087fc99..f85ed76 100644 } static ssize_t metrics_bytes_identical_show(struct device *fbdev, -@@ -1314,7 +1314,7 @@ static ssize_t metrics_bytes_identical_show(struct device *fbdev, +@@ -1376,7 +1376,7 @@ static ssize_t metrics_bytes_identical_show(struct device *fbdev, struct fb_info *fb_info = dev_get_drvdata(fbdev); struct dlfb_data *dev = fb_info->par; return snprintf(buf, PAGE_SIZE, "%u\n", @@ -41732,7 +39286,7 @@ index 087fc99..f85ed76 100644 } static ssize_t metrics_bytes_sent_show(struct device *fbdev, -@@ -1322,7 +1322,7 @@ static ssize_t metrics_bytes_sent_show(struct device *fbdev, +@@ -1384,7 +1384,7 @@ static ssize_t metrics_bytes_sent_show(struct device *fbdev, struct fb_info *fb_info = dev_get_drvdata(fbdev); struct dlfb_data *dev = fb_info->par; return snprintf(buf, PAGE_SIZE, "%u\n", @@ -41741,7 +39295,7 @@ index 087fc99..f85ed76 100644 } static ssize_t metrics_cpu_kcycles_used_show(struct device *fbdev, -@@ -1330,7 +1330,7 @@ static ssize_t metrics_cpu_kcycles_used_show(struct device *fbdev, +@@ -1392,7 +1392,7 @@ static ssize_t metrics_cpu_kcycles_used_show(struct device *fbdev, struct fb_info *fb_info = dev_get_drvdata(fbdev); struct dlfb_data *dev = fb_info->par; return snprintf(buf, PAGE_SIZE, "%u\n", @@ -41750,7 +39304,7 @@ index 087fc99..f85ed76 100644 } static ssize_t edid_show( -@@ -1387,10 +1387,10 @@ static ssize_t metrics_reset_store(struct device *fbdev, +@@ -1449,10 +1449,10 @@ static ssize_t metrics_reset_store(struct device *fbdev, struct fb_info *fb_info = dev_get_drvdata(fbdev); struct dlfb_data *dev = fb_info->par; @@ -41963,19 +39517,6 @@ index 88714ae..16c2e11 100644 static inline u32 get_pll_internal_frequency(u32 ref_freq, -diff --git a/drivers/virtio/virtio_balloon.c b/drivers/virtio/virtio_balloon.c -index e058ace..2424d93 100644 ---- a/drivers/virtio/virtio_balloon.c -+++ b/drivers/virtio/virtio_balloon.c -@@ -174,6 +174,8 @@ static void update_balloon_stats(struct virtio_balloon *vb) - struct sysinfo i; - int idx = 0; - -+ pax_track_stack(); -+ - all_vm_events(events); - si_meminfo(&i); - diff --git a/drivers/xen/xen-pciback/conf_space.h b/drivers/xen/xen-pciback/conf_space.h index e56c934..fc22f4b 100644 --- a/drivers/xen/xen-pciback/conf_space.h @@ -42000,10 +39541,10 @@ index e56c934..fc22f4b 100644 struct list_head list; }; diff --git a/fs/9p/vfs_inode.c b/fs/9p/vfs_inode.c -index e3c03db..93b0172 100644 +index 879ed88..bc03a01 100644 --- a/fs/9p/vfs_inode.c +++ b/fs/9p/vfs_inode.c -@@ -1288,7 +1288,7 @@ static void *v9fs_vfs_follow_link(struct dentry *dentry, struct nameidata *nd) +@@ -1286,7 +1286,7 @@ static void *v9fs_vfs_follow_link(struct dentry *dentry, struct nameidata *nd) void v9fs_vfs_put_link(struct dentry *dentry, struct nameidata *nd, void *p) { @@ -42026,7 +39567,7 @@ index 79e2ca7..5828ad1 100644 A.out (Assembler.OUTput) is a set of formats for libraries and executables used in the earliest versions of UNIX. Linux used diff --git a/fs/aio.c b/fs/aio.c -index e29ec48..f083e5e 100644 +index 78c514c..22ac304 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -119,7 +119,7 @@ static int aio_setup_ring(struct kioctx *ctx) @@ -42038,16 +39579,7 @@ index e29ec48..f083e5e 100644 return -EINVAL; nr_events = (PAGE_SIZE * nr_pages - sizeof(struct aio_ring)) / sizeof(struct io_event); -@@ -1088,6 +1088,8 @@ static int read_events(struct kioctx *ctx, - struct aio_timeout to; - int retry = 0; - -+ pax_track_stack(); -+ - /* needed to zero any padding within an entry (there shouldn't be - * any, but C is fun! - */ -@@ -1381,22 +1383,27 @@ static ssize_t aio_fsync(struct kiocb *iocb) +@@ -1454,22 +1454,27 @@ static ssize_t aio_fsync(struct kiocb *iocb) static ssize_t aio_setup_vectored_rw(int type, struct kiocb *kiocb, bool compat) { ssize_t ret; @@ -42059,14 +39591,14 @@ index e29ec48..f083e5e 100644 (struct compat_iovec __user *)kiocb->ki_buf, - kiocb->ki_nbytes, 1, &kiocb->ki_inline_vec, + kiocb->ki_nbytes, 1, &iovstack, - &kiocb->ki_iovec); + &kiocb->ki_iovec, 1); else #endif ret = rw_copy_check_uvector(type, (struct iovec __user *)kiocb->ki_buf, - kiocb->ki_nbytes, 1, &kiocb->ki_inline_vec, + kiocb->ki_nbytes, 1, &iovstack, - &kiocb->ki_iovec); + &kiocb->ki_iovec, 1); if (ret < 0) goto out; @@ -42078,10 +39610,10 @@ index e29ec48..f083e5e 100644 kiocb->ki_cur_seg = 0; /* ki_nbytes/left now reflect bytes instead of segs */ diff --git a/fs/attr.c b/fs/attr.c -index 538e279..046cc6d 100644 +index 7ee7ba4..0c61a60 100644 --- a/fs/attr.c +++ b/fs/attr.c -@@ -98,6 +98,7 @@ int inode_newsize_ok(const struct inode *inode, loff_t offset) +@@ -99,6 +99,7 @@ int inode_newsize_ok(const struct inode *inode, loff_t offset) unsigned long limit; limit = rlimit(RLIMIT_FSIZE); @@ -42103,7 +39635,7 @@ index e1fbdee..cd5ea56 100644 /** WARNING: this is not safe for writing more than PIPE_BUF bytes! **/ diff --git a/fs/befs/linuxvfs.c b/fs/befs/linuxvfs.c -index 720d885..012e7f0 100644 +index 8342ca6..82fd192 100644 --- a/fs/befs/linuxvfs.c +++ b/fs/befs/linuxvfs.c @@ -503,7 +503,7 @@ static void befs_put_link(struct dentry *dentry, struct nameidata *nd, void *p) @@ -42196,7 +39728,7 @@ index a6395bd..a5b24c4 100644 fd_offset + ex.a_text); up_write(¤t->mm->mmap_sem); diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c -index 21ac5ee..f54fdd0 100644 +index 21ac5ee..c1090ea 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -32,6 +32,7 @@ @@ -42248,7 +39780,7 @@ index 21ac5ee..f54fdd0 100644 return 0; } -@@ -148,12 +160,15 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec, +@@ -148,12 +160,13 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec, elf_addr_t __user *u_rand_bytes; const char *k_platform = ELF_PLATFORM; const char *k_base_platform = ELF_BASE_PLATFORM; @@ -42260,12 +39792,10 @@ index 21ac5ee..f54fdd0 100644 const struct cred *cred = current_cred(); struct vm_area_struct *vma; + unsigned long saved_auxv[AT_VECTOR_SIZE]; -+ -+ pax_track_stack(); /* * In some cases (e.g. Hyper-Threading), we want to avoid L1 -@@ -195,8 +210,12 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec, +@@ -195,8 +208,12 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec, * Generate 16 random bytes for userspace PRNG seeding. */ get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes)); @@ -42280,7 +39810,7 @@ index 21ac5ee..f54fdd0 100644 if (__copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes))) return -EFAULT; -@@ -308,9 +327,11 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec, +@@ -308,9 +325,11 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec, return -EFAULT; current->mm->env_end = p; @@ -42293,7 +39823,7 @@ index 21ac5ee..f54fdd0 100644 return -EFAULT; return 0; } -@@ -381,10 +402,10 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, +@@ -381,10 +400,10 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, { struct elf_phdr *elf_phdata; struct elf_phdr *eppnt; @@ -42306,7 +39836,7 @@ index 21ac5ee..f54fdd0 100644 unsigned long total_size; int retval, i, size; -@@ -430,6 +451,11 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, +@@ -430,6 +449,11 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, goto out_close; } @@ -42318,7 +39848,7 @@ index 21ac5ee..f54fdd0 100644 eppnt = elf_phdata; for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) { if (eppnt->p_type == PT_LOAD) { -@@ -473,8 +499,8 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, +@@ -473,8 +497,8 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, k = load_addr + eppnt->p_vaddr; if (BAD_ADDR(k) || eppnt->p_filesz > eppnt->p_memsz || @@ -42329,7 +39859,7 @@ index 21ac5ee..f54fdd0 100644 error = -ENOMEM; goto out_close; } -@@ -528,6 +554,348 @@ out: +@@ -528,6 +552,348 @@ out: return error; } @@ -42678,7 +40208,7 @@ index 21ac5ee..f54fdd0 100644 /* * These are the functions used to load ELF style executables and shared * libraries. There is no binary dependent code anywhere else. -@@ -544,6 +912,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top) +@@ -544,6 +910,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top) { unsigned int random_variable = 0; @@ -42690,7 +40220,7 @@ index 21ac5ee..f54fdd0 100644 if ((current->flags & PF_RANDOMIZE) && !(current->personality & ADDR_NO_RANDOMIZE)) { random_variable = get_random_int() & STACK_RND_MASK; -@@ -562,7 +935,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -562,7 +933,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) unsigned long load_addr = 0, load_bias = 0; int load_addr_set = 0; char * elf_interpreter = NULL; @@ -42699,7 +40229,7 @@ index 21ac5ee..f54fdd0 100644 struct elf_phdr *elf_ppnt, *elf_phdata; unsigned long elf_bss, elf_brk; int retval, i; -@@ -572,11 +945,11 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -572,11 +943,11 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) unsigned long start_code, end_code, start_data, end_data; unsigned long reloc_func_desc __maybe_unused = 0; int executable_stack = EXSTACK_DEFAULT; @@ -42712,7 +40242,7 @@ index 21ac5ee..f54fdd0 100644 loc = kmalloc(sizeof(*loc), GFP_KERNEL); if (!loc) { -@@ -713,11 +1086,81 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -713,11 +1084,81 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) /* OK, This is the point of no return */ current->flags &= ~PF_FORKNOEXEC; @@ -42795,7 +40325,7 @@ index 21ac5ee..f54fdd0 100644 if (elf_read_implies_exec(loc->elf_ex, executable_stack)) current->personality |= READ_IMPLIES_EXEC; -@@ -808,6 +1251,20 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -808,6 +1249,20 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) #else load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr); #endif @@ -42816,7 +40346,7 @@ index 21ac5ee..f54fdd0 100644 } error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, -@@ -840,9 +1297,9 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -840,9 +1295,9 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) * allowed task size. Note that p_filesz must always be * <= p_memsz so it is only necessary to check p_memsz. */ @@ -42829,7 +40359,7 @@ index 21ac5ee..f54fdd0 100644 /* set_brk can never work. Avoid overflows. */ send_sig(SIGKILL, current, 0); retval = -EINVAL; -@@ -870,6 +1327,11 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -870,6 +1325,11 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) start_data += load_bias; end_data += load_bias; @@ -42841,7 +40371,7 @@ index 21ac5ee..f54fdd0 100644 /* Calling set_brk effectively mmaps the pages that we need * for the bss and break sections. We must do this before * mapping in the interpreter, to make sure it doesn't wind -@@ -881,9 +1343,11 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -881,9 +1341,11 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) goto out_free_dentry; } if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) { @@ -42856,7 +40386,7 @@ index 21ac5ee..f54fdd0 100644 } if (elf_interpreter) { -@@ -1098,7 +1562,7 @@ out: +@@ -1098,7 +1560,7 @@ out: * Decide what to dump of a segment, part, all or none. */ static unsigned long vma_dump_size(struct vm_area_struct *vma, @@ -42865,7 +40395,7 @@ index 21ac5ee..f54fdd0 100644 { #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type)) -@@ -1132,7 +1596,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, +@@ -1132,7 +1594,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, if (vma->vm_file == NULL) return 0; @@ -42874,7 +40404,7 @@ index 21ac5ee..f54fdd0 100644 goto whole; /* -@@ -1354,9 +1818,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) +@@ -1354,9 +1816,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) { elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv; int i = 0; @@ -42886,7 +40416,7 @@ index 21ac5ee..f54fdd0 100644 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv); } -@@ -1862,14 +2326,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, +@@ -1862,14 +2324,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, } static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma, @@ -42903,7 +40433,7 @@ index 21ac5ee..f54fdd0 100644 return size; } -@@ -1963,7 +2427,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -1963,7 +2425,7 @@ static int elf_core_dump(struct coredump_params *cprm) dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE); @@ -42912,7 +40442,7 @@ index 21ac5ee..f54fdd0 100644 offset += elf_core_extra_data_size(); e_shoff = offset; -@@ -1977,10 +2441,12 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -1977,10 +2439,12 @@ static int elf_core_dump(struct coredump_params *cprm) offset = dataoff; size += sizeof(*elf); @@ -42925,7 +40455,7 @@ index 21ac5ee..f54fdd0 100644 if (size > cprm->limit || !dump_write(cprm->file, phdr4note, sizeof(*phdr4note))) goto end_coredump; -@@ -1994,7 +2460,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -1994,7 +2458,7 @@ static int elf_core_dump(struct coredump_params *cprm) phdr.p_offset = offset; phdr.p_vaddr = vma->vm_start; phdr.p_paddr = 0; @@ -42934,7 +40464,7 @@ index 21ac5ee..f54fdd0 100644 phdr.p_memsz = vma->vm_end - vma->vm_start; offset += phdr.p_filesz; phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0; -@@ -2005,6 +2471,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2005,6 +2469,7 @@ static int elf_core_dump(struct coredump_params *cprm) phdr.p_align = ELF_EXEC_PAGESIZE; size += sizeof(phdr); @@ -42942,7 +40472,7 @@ index 21ac5ee..f54fdd0 100644 if (size > cprm->limit || !dump_write(cprm->file, &phdr, sizeof(phdr))) goto end_coredump; -@@ -2029,7 +2496,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2029,7 +2494,7 @@ static int elf_core_dump(struct coredump_params *cprm) unsigned long addr; unsigned long end; @@ -42951,7 +40481,7 @@ index 21ac5ee..f54fdd0 100644 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) { struct page *page; -@@ -2038,6 +2505,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2038,6 +2503,7 @@ static int elf_core_dump(struct coredump_params *cprm) page = get_dump_page(addr); if (page) { void *kaddr = kmap(page); @@ -42959,7 +40489,7 @@ index 21ac5ee..f54fdd0 100644 stop = ((size += PAGE_SIZE) > cprm->limit) || !dump_write(cprm->file, kaddr, PAGE_SIZE); -@@ -2055,6 +2523,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2055,6 +2521,7 @@ static int elf_core_dump(struct coredump_params *cprm) if (e_phnum == PN_XNUM) { size += sizeof(*shdr4extnum); @@ -42967,7 +40497,7 @@ index 21ac5ee..f54fdd0 100644 if (size > cprm->limit || !dump_write(cprm->file, shdr4extnum, sizeof(*shdr4extnum))) -@@ -2075,6 +2544,97 @@ out: +@@ -2075,6 +2542,97 @@ out: #endif /* CONFIG_ELF_CORE */ @@ -43102,7 +40632,7 @@ index 1bffbe0..c8c283e 100644 goto err; } diff --git a/fs/bio.c b/fs/bio.c -index 9bfade8..782f3b9 100644 +index b1fe82c..84da0a9 100644 --- a/fs/bio.c +++ b/fs/bio.c @@ -1233,7 +1233,7 @@ static void bio_copy_kern_endio(struct bio *bio, int err) @@ -43115,7 +40645,7 @@ index 9bfade8..782f3b9 100644 __bio_for_each_segment(bvec, bio, i, 0) { char *addr = page_address(bvec->bv_page); diff --git a/fs/block_dev.c b/fs/block_dev.c -index 1c44b8d..e2507b4 100644 +index b07f1da..9efcb92 100644 --- a/fs/block_dev.c +++ b/fs/block_dev.c @@ -681,7 +681,7 @@ static bool bd_may_claim(struct block_device *bdev, struct block_device *whole, @@ -43128,7 +40658,7 @@ index 1c44b8d..e2507b4 100644 else if (whole->bd_holder != NULL) return false; /* is a partition of a held device */ diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c -index 011cab3..9ace713 100644 +index dede441..f2a2507 100644 --- a/fs/btrfs/ctree.c +++ b/fs/btrfs/ctree.c @@ -488,9 +488,12 @@ static noinline int __btrfs_cow_block(struct btrfs_trans_handle *trans, @@ -43148,10 +40678,10 @@ index 011cab3..9ace713 100644 WARN_ON(trans->transid != btrfs_header_generation(parent)); diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c -index b2d004a..6bb543d 100644 +index fd1a06d..6e9033d 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c -@@ -6922,7 +6922,7 @@ fail: +@@ -6895,7 +6895,7 @@ fail: return -ENOMEM; } @@ -43160,7 +40690,7 @@ index b2d004a..6bb543d 100644 struct dentry *dentry, struct kstat *stat) { struct inode *inode = dentry->d_inode; -@@ -6934,6 +6934,14 @@ static int btrfs_getattr(struct vfsmount *mnt, +@@ -6909,6 +6909,14 @@ static int btrfs_getattr(struct vfsmount *mnt, return 0; } @@ -43176,10 +40706,10 @@ index b2d004a..6bb543d 100644 * If a file is moved, it will inherit the cow and compression flags of the new * directory. diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c -index dae5dfe..6aa01b1 100644 +index c04f02c..f5c9e2e 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c -@@ -2704,9 +2704,12 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg) +@@ -2733,9 +2733,12 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg) for (i = 0; i < num_types; i++) { struct btrfs_space_info *tmp; @@ -43192,7 +40722,7 @@ index dae5dfe..6aa01b1 100644 info = NULL; rcu_read_lock(); list_for_each_entry_rcu(tmp, &root->fs_info->space_info, -@@ -2728,15 +2731,12 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg) +@@ -2757,15 +2760,12 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg) memcpy(dest, &space, sizeof(space)); dest++; space_args.total_spaces++; @@ -43210,10 +40740,10 @@ index dae5dfe..6aa01b1 100644 if (copy_to_user(user_dest, dest_orig, alloc_size)) diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c -index 59bb176..be9977d 100644 +index cfb5543..1ae7347 100644 --- a/fs/btrfs/relocation.c +++ b/fs/btrfs/relocation.c -@@ -1242,7 +1242,7 @@ static int __update_reloc_root(struct btrfs_root *root, int del) +@@ -1244,7 +1244,7 @@ static int __update_reloc_root(struct btrfs_root *root, int del) } spin_unlock(&rc->reloc_root_tree.lock); @@ -43377,7 +40907,7 @@ index 0e3c092..818480e 100644 kunmap(page); if (ret != len) diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c -index 382abc9..bd89646 100644 +index 9895400..fa40a7d 100644 --- a/fs/ceph/dir.c +++ b/fs/ceph/dir.c @@ -244,7 +244,7 @@ static int ceph_readdir(struct file *filp, void *dirent, filldir_t filldir) @@ -43390,7 +40920,7 @@ index 382abc9..bd89646 100644 u32 ftype; struct ceph_mds_reply_info_parsed *rinfo; diff --git a/fs/cifs/cifs_debug.c b/fs/cifs/cifs_debug.c -index 6d40656..bc1f825 100644 +index 84e8c07..6170d31 100644 --- a/fs/cifs/cifs_debug.c +++ b/fs/cifs/cifs_debug.c @@ -265,8 +265,8 @@ static ssize_t cifs_stats_proc_write(struct file *file, @@ -43523,10 +41053,10 @@ index 6d40656..bc1f825 100644 } } diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c -index 54b8f1e..f6a4c00 100644 +index 8f1fe32..38f9e27 100644 --- a/fs/cifs/cifsfs.c +++ b/fs/cifs/cifsfs.c -@@ -981,7 +981,7 @@ cifs_init_request_bufs(void) +@@ -989,7 +989,7 @@ cifs_init_request_bufs(void) cifs_req_cachep = kmem_cache_create("cifs_request", CIFSMaxBufSize + MAX_CIFS_HDR_SIZE, 0, @@ -43535,7 +41065,7 @@ index 54b8f1e..f6a4c00 100644 if (cifs_req_cachep == NULL) return -ENOMEM; -@@ -1008,7 +1008,7 @@ cifs_init_request_bufs(void) +@@ -1016,7 +1016,7 @@ cifs_init_request_bufs(void) efficient to alloc 1 per page off the slab compared to 17K (5page) alloc of large cifs buffers even when page debugging is on */ cifs_sm_req_cachep = kmem_cache_create("cifs_small_rq", @@ -43544,7 +41074,7 @@ index 54b8f1e..f6a4c00 100644 NULL); if (cifs_sm_req_cachep == NULL) { mempool_destroy(cifs_req_poolp); -@@ -1093,8 +1093,8 @@ init_cifs(void) +@@ -1101,8 +1101,8 @@ init_cifs(void) atomic_set(&bufAllocCount, 0); atomic_set(&smBufAllocCount, 0); #ifdef CONFIG_CIFS_STATS2 @@ -43556,10 +41086,10 @@ index 54b8f1e..f6a4c00 100644 atomic_set(&midCount, 0); diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h -index 95dad9d..fe7af1a 100644 +index 8238aa1..0347196 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h -@@ -381,28 +381,28 @@ struct cifs_tcon { +@@ -392,28 +392,28 @@ struct cifs_tcon { __u16 Flags; /* optional support bits */ enum statusEnum tidStatus; #ifdef CONFIG_CIFS_STATS @@ -43610,7 +41140,7 @@ index 95dad9d..fe7af1a 100644 #ifdef CONFIG_CIFS_STATS2 unsigned long long time_writes; unsigned long long time_reads; -@@ -613,7 +613,7 @@ convert_delimiter(char *path, char delim) +@@ -628,7 +628,7 @@ convert_delimiter(char *path, char delim) } #ifdef CONFIG_CIFS_STATS @@ -43619,7 +41149,7 @@ index 95dad9d..fe7af1a 100644 static inline void cifs_stats_bytes_written(struct cifs_tcon *tcon, unsigned int bytes) -@@ -953,8 +953,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount; +@@ -985,8 +985,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount; /* Various Debug counters */ GLOBAL_EXTERN atomic_t bufAllocCount; /* current number allocated */ #ifdef CONFIG_CIFS_STATS2 @@ -43631,10 +41161,10 @@ index 95dad9d..fe7af1a 100644 GLOBAL_EXTERN atomic_t smBufAllocCount; GLOBAL_EXTERN atomic_t midCount; diff --git a/fs/cifs/link.c b/fs/cifs/link.c -index db3f18c..1f5955e 100644 +index 6b0e064..94e6c3c 100644 --- a/fs/cifs/link.c +++ b/fs/cifs/link.c -@@ -593,7 +593,7 @@ symlink_exit: +@@ -600,7 +600,7 @@ symlink_exit: void cifs_put_link(struct dentry *direntry, struct nameidata *nd, void *cookie) { @@ -43644,7 +41174,7 @@ index db3f18c..1f5955e 100644 kfree(p); } diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c -index 7c16933..c8212b5 100644 +index 703ef5c..2a44ed5 100644 --- a/fs/cifs/misc.c +++ b/fs/cifs/misc.c @@ -156,7 +156,7 @@ cifs_buf_get(void) @@ -43714,10 +41244,10 @@ index 6901578..d402eb5 100644 return hit; diff --git a/fs/compat.c b/fs/compat.c -index 58b1da4..afcd9b8 100644 +index c987875..08771ca 100644 --- a/fs/compat.c +++ b/fs/compat.c -@@ -133,8 +133,8 @@ asmlinkage long compat_sys_utimes(const char __user *filename, struct compat_tim +@@ -132,8 +132,8 @@ asmlinkage long compat_sys_utimes(const char __user *filename, struct compat_tim static int cp_compat_stat(struct kstat *stat, struct compat_stat __user *ubuf) { compat_ino_t ino = stat->ino; @@ -43728,7 +41258,7 @@ index 58b1da4..afcd9b8 100644 int err; SET_UID(uid, stat->uid); -@@ -508,7 +508,7 @@ compat_sys_io_setup(unsigned nr_reqs, u32 __user *ctx32p) +@@ -504,7 +504,7 @@ compat_sys_io_setup(unsigned nr_reqs, u32 __user *ctx32p) set_fs(KERNEL_DS); /* The __user pointer cast is valid because of the set_fs() */ @@ -43737,7 +41267,7 @@ index 58b1da4..afcd9b8 100644 set_fs(oldfs); /* truncating is ok because it's a user address */ if (!ret) -@@ -566,7 +566,7 @@ ssize_t compat_rw_copy_check_uvector(int type, +@@ -562,7 +562,7 @@ ssize_t compat_rw_copy_check_uvector(int type, goto out; ret = -EINVAL; @@ -43746,7 +41276,7 @@ index 58b1da4..afcd9b8 100644 goto out; if (nr_segs > fast_segs) { ret = -ENOMEM; -@@ -848,6 +848,7 @@ struct compat_old_linux_dirent { +@@ -845,6 +845,7 @@ struct compat_old_linux_dirent { struct compat_readdir_callback { struct compat_old_linux_dirent __user *dirent; @@ -43754,7 +41284,7 @@ index 58b1da4..afcd9b8 100644 int result; }; -@@ -865,6 +866,10 @@ static int compat_fillonedir(void *__buf, const char *name, int namlen, +@@ -862,6 +863,10 @@ static int compat_fillonedir(void *__buf, const char *name, int namlen, buf->result = -EOVERFLOW; return -EOVERFLOW; } @@ -43765,7 +41295,7 @@ index 58b1da4..afcd9b8 100644 buf->result++; dirent = buf->dirent; if (!access_ok(VERIFY_WRITE, dirent, -@@ -897,6 +902,7 @@ asmlinkage long compat_sys_old_readdir(unsigned int fd, +@@ -894,6 +899,7 @@ asmlinkage long compat_sys_old_readdir(unsigned int fd, buf.result = 0; buf.dirent = dirent; @@ -43773,7 +41303,7 @@ index 58b1da4..afcd9b8 100644 error = vfs_readdir(file, compat_fillonedir, &buf); if (buf.result) -@@ -917,6 +923,7 @@ struct compat_linux_dirent { +@@ -914,6 +920,7 @@ struct compat_linux_dirent { struct compat_getdents_callback { struct compat_linux_dirent __user *current_dir; struct compat_linux_dirent __user *previous; @@ -43781,7 +41311,7 @@ index 58b1da4..afcd9b8 100644 int count; int error; }; -@@ -938,6 +945,10 @@ static int compat_filldir(void *__buf, const char *name, int namlen, +@@ -935,6 +942,10 @@ static int compat_filldir(void *__buf, const char *name, int namlen, buf->error = -EOVERFLOW; return -EOVERFLOW; } @@ -43792,7 +41322,7 @@ index 58b1da4..afcd9b8 100644 dirent = buf->previous; if (dirent) { if (__put_user(offset, &dirent->d_off)) -@@ -985,6 +996,7 @@ asmlinkage long compat_sys_getdents(unsigned int fd, +@@ -982,6 +993,7 @@ asmlinkage long compat_sys_getdents(unsigned int fd, buf.previous = NULL; buf.count = count; buf.error = 0; @@ -43800,7 +41330,7 @@ index 58b1da4..afcd9b8 100644 error = vfs_readdir(file, compat_filldir, &buf); if (error >= 0) -@@ -1006,6 +1018,7 @@ out: +@@ -1003,6 +1015,7 @@ out: struct compat_getdents_callback64 { struct linux_dirent64 __user *current_dir; struct linux_dirent64 __user *previous; @@ -43808,7 +41338,7 @@ index 58b1da4..afcd9b8 100644 int count; int error; }; -@@ -1022,6 +1035,10 @@ static int compat_filldir64(void * __buf, const char * name, int namlen, loff_t +@@ -1019,6 +1032,10 @@ static int compat_filldir64(void * __buf, const char * name, int namlen, loff_t buf->error = -EINVAL; /* only used if we fail.. */ if (reclen > buf->count) return -EINVAL; @@ -43819,7 +41349,7 @@ index 58b1da4..afcd9b8 100644 dirent = buf->previous; if (dirent) { -@@ -1073,13 +1090,14 @@ asmlinkage long compat_sys_getdents64(unsigned int fd, +@@ -1070,13 +1087,14 @@ asmlinkage long compat_sys_getdents64(unsigned int fd, buf.previous = NULL; buf.count = count; buf.error = 0; @@ -43835,15 +41365,6 @@ index 58b1da4..afcd9b8 100644 if (__put_user_unaligned(d_off, &lastdirent->d_off)) error = -EFAULT; else -@@ -1446,6 +1464,8 @@ int compat_core_sys_select(int n, compat_ulong_t __user *inp, - struct fdtable *fdt; - long stack_fds[SELECT_STACK_ALLOC/sizeof(long)]; - -+ pax_track_stack(); -+ - if (n < 0) - goto out_nofds; - diff --git a/fs/compat_binfmt_elf.c b/fs/compat_binfmt_elf.c index 112e45a..b59845b 100644 --- a/fs/compat_binfmt_elf.c @@ -43933,10 +41454,10 @@ index 9a37a9b..35792b6 100644 /* * We'll have a dentry and an inode for diff --git a/fs/dcache.c b/fs/dcache.c -index 8b732a2..6db6c27 100644 +index 89509b5..d33331b 100644 --- a/fs/dcache.c +++ b/fs/dcache.c -@@ -3015,7 +3015,7 @@ void __init vfs_caches_init(unsigned long mempages) +@@ -3056,7 +3056,7 @@ void __init vfs_caches_init(unsigned long mempages) mempages -= reserve; names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0, @@ -43946,7 +41467,7 @@ index 8b732a2..6db6c27 100644 dcache_init(); inode_init(); diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c -index 528da01..bd8c23d 100644 +index 32f90a3..0be89e0 100644 --- a/fs/ecryptfs/inode.c +++ b/fs/ecryptfs/inode.c @@ -691,7 +691,7 @@ static int ecryptfs_readlink_lower(struct dentry *dentry, char **buf, @@ -44012,7 +41533,7 @@ index 3745f7c..89cc7a3 100644 return rc; } diff --git a/fs/exec.c b/fs/exec.c -index 25dcbe5..09c172c 100644 +index 3625464..8dcadcf 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -55,12 +55,28 @@ @@ -44249,7 +41770,7 @@ index 25dcbe5..09c172c 100644 set_fs(old_fs); return result; } -@@ -1251,7 +1272,7 @@ int check_unsafe_exec(struct linux_binprm *bprm) +@@ -1247,7 +1268,7 @@ int check_unsafe_exec(struct linux_binprm *bprm) } rcu_read_unlock(); @@ -44258,7 +41779,7 @@ index 25dcbe5..09c172c 100644 bprm->unsafe |= LSM_UNSAFE_SHARE; } else { res = -EAGAIN; -@@ -1454,6 +1475,11 @@ static int do_execve_common(const char *filename, +@@ -1450,6 +1471,11 @@ static int do_execve_common(const char *filename, struct user_arg_ptr envp, struct pt_regs *regs) { @@ -44270,7 +41791,7 @@ index 25dcbe5..09c172c 100644 struct linux_binprm *bprm; struct file *file; struct files_struct *displaced; -@@ -1461,6 +1487,8 @@ static int do_execve_common(const char *filename, +@@ -1457,6 +1483,8 @@ static int do_execve_common(const char *filename, int retval; const struct cred *cred = current_cred(); @@ -44279,7 +41800,7 @@ index 25dcbe5..09c172c 100644 /* * We move the actual failure in case of RLIMIT_NPROC excess from * set*uid() to execve() because too many poorly written programs -@@ -1507,6 +1535,16 @@ static int do_execve_common(const char *filename, +@@ -1503,6 +1531,16 @@ static int do_execve_common(const char *filename, bprm->filename = filename; bprm->interp = filename; @@ -44296,7 +41817,7 @@ index 25dcbe5..09c172c 100644 retval = bprm_mm_init(bprm); if (retval) goto out_file; -@@ -1536,9 +1574,40 @@ static int do_execve_common(const char *filename, +@@ -1532,9 +1570,40 @@ static int do_execve_common(const char *filename, if (retval < 0) goto out; @@ -44338,7 +41859,7 @@ index 25dcbe5..09c172c 100644 /* execve succeeded */ current->fs->in_exec = 0; -@@ -1549,6 +1618,14 @@ static int do_execve_common(const char *filename, +@@ -1545,6 +1614,14 @@ static int do_execve_common(const char *filename, put_files_struct(displaced); return retval; @@ -44353,7 +41874,7 @@ index 25dcbe5..09c172c 100644 out: if (bprm->mm) { acct_arg_size(bprm, 0); -@@ -1622,7 +1699,7 @@ static int expand_corename(struct core_name *cn) +@@ -1618,7 +1695,7 @@ static int expand_corename(struct core_name *cn) { char *old_corename = cn->corename; @@ -44362,7 +41883,7 @@ index 25dcbe5..09c172c 100644 cn->corename = krealloc(old_corename, cn->size, GFP_KERNEL); if (!cn->corename) { -@@ -1719,7 +1796,7 @@ static int format_corename(struct core_name *cn, long signr) +@@ -1715,7 +1792,7 @@ static int format_corename(struct core_name *cn, long signr) int pid_in_pattern = 0; int err = 0; @@ -44371,7 +41892,7 @@ index 25dcbe5..09c172c 100644 cn->corename = kmalloc(cn->size, GFP_KERNEL); cn->used = 0; -@@ -1816,6 +1893,218 @@ out: +@@ -1812,6 +1889,218 @@ out: return ispipe; } @@ -44590,7 +42111,7 @@ index 25dcbe5..09c172c 100644 static int zap_process(struct task_struct *start, int exit_code) { struct task_struct *t; -@@ -2027,17 +2316,17 @@ static void wait_for_dump_helpers(struct file *file) +@@ -2023,17 +2312,17 @@ static void wait_for_dump_helpers(struct file *file) pipe = file->f_path.dentry->d_inode->i_pipe; pipe_lock(pipe); @@ -44613,7 +42134,7 @@ index 25dcbe5..09c172c 100644 pipe_unlock(pipe); } -@@ -2098,7 +2387,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) +@@ -2094,7 +2383,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) int retval = 0; int flag = 0; int ispipe; @@ -44622,7 +42143,7 @@ index 25dcbe5..09c172c 100644 struct coredump_params cprm = { .signr = signr, .regs = regs, -@@ -2113,6 +2402,9 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) +@@ -2109,6 +2398,9 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) audit_core_dumps(signr); @@ -44632,7 +42153,7 @@ index 25dcbe5..09c172c 100644 binfmt = mm->binfmt; if (!binfmt || !binfmt->core_dump) goto fail; -@@ -2180,7 +2472,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) +@@ -2176,7 +2468,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) } cprm.limit = RLIM_INFINITY; @@ -44641,7 +42162,7 @@ index 25dcbe5..09c172c 100644 if (core_pipe_limit && (core_pipe_limit < dump_count)) { printk(KERN_WARNING "Pid %d(%s) over core_pipe_limit\n", task_tgid_vnr(current), current->comm); -@@ -2207,6 +2499,8 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) +@@ -2203,6 +2495,8 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) } else { struct inode *inode; @@ -44650,7 +42171,7 @@ index 25dcbe5..09c172c 100644 if (cprm.limit < binfmt->min_coredump) goto fail_unlock; -@@ -2250,7 +2544,7 @@ close_fail: +@@ -2246,7 +2540,7 @@ close_fail: filp_close(cprm.file, NULL); fail_dropcount: if (ispipe) @@ -44659,7 +42180,7 @@ index 25dcbe5..09c172c 100644 fail_unlock: kfree(cn.corename); fail_corename: -@@ -2269,7 +2563,7 @@ fail: +@@ -2265,7 +2559,7 @@ fail: */ int dump_write(struct file *file, const void *addr, int nr) { @@ -44669,7 +42190,7 @@ index 25dcbe5..09c172c 100644 EXPORT_SYMBOL(dump_write); diff --git a/fs/ext2/balloc.c b/fs/ext2/balloc.c -index 8f44cef..cb07120 100644 +index a8cbe1b..fed04cb 100644 --- a/fs/ext2/balloc.c +++ b/fs/ext2/balloc.c @@ -1192,7 +1192,7 @@ static int ext2_has_free_blocks(struct ext2_sb_info *sbi) @@ -44682,38 +42203,42 @@ index 8f44cef..cb07120 100644 (sbi->s_resgid == 0 || !in_group_p (sbi->s_resgid))) { return 0; diff --git a/fs/ext3/balloc.c b/fs/ext3/balloc.c -index 6386d76..0a266b1 100644 +index a203892..4e64db5 100644 --- a/fs/ext3/balloc.c +++ b/fs/ext3/balloc.c -@@ -1446,7 +1446,7 @@ static int ext3_has_free_blocks(struct ext3_sb_info *sbi) +@@ -1446,9 +1446,10 @@ static int ext3_has_free_blocks(struct ext3_sb_info *sbi, int use_reservation) free_blocks = percpu_counter_read_positive(&sbi->s_freeblocks_counter); root_blocks = le32_to_cpu(sbi->s_es->s_r_blocks_count); - if (free_blocks < root_blocks + 1 && !capable(CAP_SYS_RESOURCE) && -+ if (free_blocks < root_blocks + 1 && !capable_nolog(CAP_SYS_RESOURCE) && - sbi->s_resuid != current_fsuid() && - (sbi->s_resgid == 0 || !in_group_p (sbi->s_resgid))) { ++ if (free_blocks < root_blocks + 1 && + !use_reservation && sbi->s_resuid != current_fsuid() && +- (sbi->s_resgid == 0 || !in_group_p (sbi->s_resgid))) { ++ (sbi->s_resgid == 0 || !in_group_p (sbi->s_resgid)) && ++ !capable_nolog(CAP_SYS_RESOURCE)) { return 0; + } + return 1; diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c -index f8224ad..fbef97c 100644 +index 12ccacd..a6035fce0 100644 --- a/fs/ext4/balloc.c +++ b/fs/ext4/balloc.c -@@ -394,8 +394,8 @@ static int ext4_has_free_blocks(struct ext4_sb_info *sbi, - /* Hm, nope. Are (enough) root reserved blocks available? */ +@@ -436,8 +436,8 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi, + /* Hm, nope. Are (enough) root reserved clusters available? */ if (sbi->s_resuid == current_fsuid() || ((sbi->s_resgid != 0) && in_group_p(sbi->s_resgid)) || - capable(CAP_SYS_RESOURCE) || - (flags & EXT4_MB_USE_ROOT_BLOCKS)) { -+ (flags & EXT4_MB_USE_ROOT_BLOCKS) || -+ capable_nolog(CAP_SYS_RESOURCE)) { ++ (flags & EXT4_MB_USE_ROOT_BLOCKS) || ++ capable_nolog(CAP_SYS_RESOURCE)) { - if (free_blocks >= (nblocks + dirty_blocks)) + if (free_clusters >= (nclusters + dirty_clusters)) return 1; diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h -index 5c38120..2291d18 100644 +index 5b0e26a..0aa002d 100644 --- a/fs/ext4/ext4.h +++ b/fs/ext4/ext4.h -@@ -1180,19 +1180,19 @@ struct ext4_sb_info { +@@ -1208,19 +1208,19 @@ struct ext4_sb_info { unsigned long s_mb_last_start; /* stats for buddy allocator */ @@ -44743,48 +42268,11 @@ index 5c38120..2291d18 100644 atomic_t s_lock_busy; /* locality groups */ -diff --git a/fs/ext4/file.c b/fs/ext4/file.c -index e4095e9..1c006c5 100644 ---- a/fs/ext4/file.c -+++ b/fs/ext4/file.c -@@ -181,8 +181,8 @@ static int ext4_file_open(struct inode * inode, struct file * filp) - path.dentry = mnt->mnt_root; - cp = d_path(&path, buf, sizeof(buf)); - if (!IS_ERR(cp)) { -- memcpy(sbi->s_es->s_last_mounted, cp, -- sizeof(sbi->s_es->s_last_mounted)); -+ strlcpy(sbi->s_es->s_last_mounted, cp, -+ sizeof(sbi->s_es->s_last_mounted)); - ext4_mark_super_dirty(sb); - } - } -diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c -index f18bfe3..43759b1 100644 ---- a/fs/ext4/ioctl.c -+++ b/fs/ext4/ioctl.c -@@ -348,7 +348,7 @@ mext_out: - if (!blk_queue_discard(q)) - return -EOPNOTSUPP; - -- if (copy_from_user(&range, (struct fstrim_range *)arg, -+ if (copy_from_user(&range, (struct fstrim_range __user *)arg, - sizeof(range))) - return -EFAULT; - -@@ -358,7 +358,7 @@ mext_out: - if (ret < 0) - return ret; - -- if (copy_to_user((struct fstrim_range *)arg, &range, -+ if (copy_to_user((struct fstrim_range __user *)arg, &range, - sizeof(range))) - return -EFAULT; - diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c -index 17a5a57..b6be3c5 100644 +index e2d8be8..c7f0ce9 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c -@@ -1795,7 +1795,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac, +@@ -1794,7 +1794,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac, BUG_ON(ac->ac_b_ex.fe_len != ac->ac_g_ex.fe_len); if (EXT4_SB(sb)->s_mb_stats) @@ -44793,7 +42281,7 @@ index 17a5a57..b6be3c5 100644 break; } -@@ -2089,7 +2089,7 @@ repeat: +@@ -2088,7 +2088,7 @@ repeat: ac->ac_status = AC_STATUS_CONTINUE; ac->ac_flags |= EXT4_MB_HINT_FIRST; cr = 3; @@ -44802,16 +42290,7 @@ index 17a5a57..b6be3c5 100644 goto repeat; } } -@@ -2132,6 +2132,8 @@ static int ext4_mb_seq_groups_show(struct seq_file *seq, void *v) - ext4_grpblk_t counters[16]; - } sg; - -+ pax_track_stack(); -+ - group--; - if (group == 0) - seq_printf(seq, "#%-5s: %-5s %-5s %-5s " -@@ -2573,25 +2575,25 @@ int ext4_mb_release(struct super_block *sb) +@@ -2592,25 +2592,25 @@ int ext4_mb_release(struct super_block *sb) if (sbi->s_mb_stats) { ext4_msg(sb, KERN_INFO, "mballoc: %u blocks %u reqs (%u success)", @@ -44847,7 +42326,7 @@ index 17a5a57..b6be3c5 100644 } free_percpu(sbi->s_locality_groups); -@@ -3070,16 +3072,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac) +@@ -3096,16 +3096,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac) struct ext4_sb_info *sbi = EXT4_SB(ac->ac_sb); if (sbi->s_mb_stats && ac->ac_g_ex.fe_len > 1) { @@ -44870,16 +42349,16 @@ index 17a5a57..b6be3c5 100644 } if (ac->ac_op == EXT4_MB_HISTORY_ALLOC) -@@ -3477,7 +3479,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac) +@@ -3509,7 +3509,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac) trace_ext4_mb_new_inode_pa(ac, pa); ext4_mb_use_inode_pa(ac, pa); -- atomic_add(pa->pa_free, &EXT4_SB(sb)->s_mb_preallocated); -+ atomic_add_unchecked(pa->pa_free, &EXT4_SB(sb)->s_mb_preallocated); +- atomic_add(pa->pa_free, &sbi->s_mb_preallocated); ++ atomic_add_unchecked(pa->pa_free, &sbi->s_mb_preallocated); ei = EXT4_I(ac->ac_inode); grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group); -@@ -3537,7 +3539,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac) +@@ -3569,7 +3569,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac) trace_ext4_mb_new_group_pa(ac, pa); ext4_mb_use_group_pa(ac, pa); @@ -44888,7 +42367,7 @@ index 17a5a57..b6be3c5 100644 grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group); lg = ac->ac_lg; -@@ -3625,7 +3627,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh, +@@ -3658,7 +3658,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh, * from the bitmap and continue. */ } @@ -44897,7 +42376,7 @@ index 17a5a57..b6be3c5 100644 return err; } -@@ -3643,7 +3645,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b, +@@ -3676,7 +3676,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b, ext4_get_group_no_and_offset(sb, pa->pa_pstart, &group, &bit); BUG_ON(group != e4b->bd_group && pa->pa_len != 0); mb_free_blocks(pa->pa_inode, e4b, bit, pa->pa_len); @@ -46458,10 +43937,10 @@ index 4765190..2a067f2 100644 seq_printf(m, "CacheOp: alo=%d luo=%d luc=%d gro=%d\n", atomic_read(&fscache_n_cop_alloc_object), diff --git a/fs/fuse/cuse.c b/fs/fuse/cuse.c -index b6cca47..ec782c3 100644 +index 3426521..3b75162 100644 --- a/fs/fuse/cuse.c +++ b/fs/fuse/cuse.c -@@ -586,10 +586,12 @@ static int __init cuse_init(void) +@@ -587,10 +587,12 @@ static int __init cuse_init(void) INIT_LIST_HEAD(&cuse_conntbl[i]); /* inherit and extend fuse_dev_operations */ @@ -46505,10 +43984,10 @@ index 9f63e49..d8a64c0 100644 if (!IS_ERR(link)) free_page((unsigned long) link); diff --git a/fs/gfs2/inode.c b/fs/gfs2/inode.c -index 900cf98..3896726 100644 +index cfd4959..a780959 100644 --- a/fs/gfs2/inode.c +++ b/fs/gfs2/inode.c -@@ -1517,7 +1517,7 @@ out: +@@ -1490,7 +1490,7 @@ out: static void gfs2_put_link(struct dentry *dentry, struct nameidata *nd, void *p) { @@ -46517,109 +43996,8 @@ index 900cf98..3896726 100644 if (!IS_ERR(s)) kfree(s); } -diff --git a/fs/hfsplus/catalog.c b/fs/hfsplus/catalog.c -index 4dfbfec..947c9c2 100644 ---- a/fs/hfsplus/catalog.c -+++ b/fs/hfsplus/catalog.c -@@ -179,6 +179,8 @@ int hfsplus_find_cat(struct super_block *sb, u32 cnid, - int err; - u16 type; - -+ pax_track_stack(); -+ - hfsplus_cat_build_key(sb, fd->search_key, cnid, NULL); - err = hfs_brec_read(fd, &tmp, sizeof(hfsplus_cat_entry)); - if (err) -@@ -210,6 +212,8 @@ int hfsplus_create_cat(u32 cnid, struct inode *dir, - int entry_size; - int err; - -+ pax_track_stack(); -+ - dprint(DBG_CAT_MOD, "create_cat: %s,%u(%d)\n", - str->name, cnid, inode->i_nlink); - err = hfs_find_init(HFSPLUS_SB(sb)->cat_tree, &fd); -@@ -353,6 +357,8 @@ int hfsplus_rename_cat(u32 cnid, - int entry_size, type; - int err; - -+ pax_track_stack(); -+ - dprint(DBG_CAT_MOD, "rename_cat: %u - %lu,%s - %lu,%s\n", - cnid, src_dir->i_ino, src_name->name, - dst_dir->i_ino, dst_name->name); -diff --git a/fs/hfsplus/dir.c b/fs/hfsplus/dir.c -index 25b2443..09a3341 100644 ---- a/fs/hfsplus/dir.c -+++ b/fs/hfsplus/dir.c -@@ -131,6 +131,8 @@ static int hfsplus_readdir(struct file *filp, void *dirent, filldir_t filldir) - struct hfsplus_readdir_data *rd; - u16 type; - -+ pax_track_stack(); -+ - if (filp->f_pos >= inode->i_size) - return 0; - -diff --git a/fs/hfsplus/inode.c b/fs/hfsplus/inode.c -index 4cc1e3a..ad0f70b 100644 ---- a/fs/hfsplus/inode.c -+++ b/fs/hfsplus/inode.c -@@ -501,6 +501,8 @@ int hfsplus_cat_read_inode(struct inode *inode, struct hfs_find_data *fd) - int res = 0; - u16 type; - -+ pax_track_stack(); -+ - type = hfs_bnode_read_u16(fd->bnode, fd->entryoffset); - - HFSPLUS_I(inode)->linkid = 0; -@@ -564,6 +566,8 @@ int hfsplus_cat_write_inode(struct inode *inode) - struct hfs_find_data fd; - hfsplus_cat_entry entry; - -+ pax_track_stack(); -+ - if (HFSPLUS_IS_RSRC(inode)) - main_inode = HFSPLUS_I(inode)->rsrc_inode; - -diff --git a/fs/hfsplus/ioctl.c b/fs/hfsplus/ioctl.c -index fbaa669..c548cd0 100644 ---- a/fs/hfsplus/ioctl.c -+++ b/fs/hfsplus/ioctl.c -@@ -122,6 +122,8 @@ int hfsplus_setxattr(struct dentry *dentry, const char *name, - struct hfsplus_cat_file *file; - int res; - -+ pax_track_stack(); -+ - if (!S_ISREG(inode->i_mode) || HFSPLUS_IS_RSRC(inode)) - return -EOPNOTSUPP; - -@@ -166,6 +168,8 @@ ssize_t hfsplus_getxattr(struct dentry *dentry, const char *name, - struct hfsplus_cat_file *file; - ssize_t res = 0; - -+ pax_track_stack(); -+ - if (!S_ISREG(inode->i_mode) || HFSPLUS_IS_RSRC(inode)) - return -EOPNOTSUPP; - -diff --git a/fs/hfsplus/super.c b/fs/hfsplus/super.c -index d24a9b6..dd9b3dd 100644 ---- a/fs/hfsplus/super.c -+++ b/fs/hfsplus/super.c -@@ -347,6 +347,8 @@ static int hfsplus_fill_super(struct super_block *sb, void *data, int silent) - u64 last_fs_block, last_fs_page; - int err; - -+ pax_track_stack(); -+ - err = -EINVAL; - sbi = kzalloc(sizeof(*sbi), GFP_KERNEL); - if (!sbi) diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c -index ec88953..cb5e98e 100644 +index 0be5a78..9cfb853 100644 --- a/fs/hugetlbfs/inode.c +++ b/fs/hugetlbfs/inode.c @@ -915,7 +915,7 @@ static struct file_system_type hugetlbfs_fs_type = { @@ -46632,7 +44010,7 @@ index ec88953..cb5e98e 100644 static int can_do_hugetlb_shm(void) { diff --git a/fs/inode.c b/fs/inode.c -index ec79246..054c36a 100644 +index ee4e66b..0451521 100644 --- a/fs/inode.c +++ b/fs/inode.c @@ -787,8 +787,8 @@ unsigned int get_next_ino(void) @@ -46646,54 +44024,6 @@ index ec79246..054c36a 100644 res = next - LAST_INO_BATCH; } -diff --git a/fs/jbd/checkpoint.c b/fs/jbd/checkpoint.c -index f94fc48..3bb8d30 100644 ---- a/fs/jbd/checkpoint.c -+++ b/fs/jbd/checkpoint.c -@@ -358,6 +358,8 @@ int log_do_checkpoint(journal_t *journal) - tid_t this_tid; - int result; - -+ pax_track_stack(); -+ - jbd_debug(1, "Start checkpoint\n"); - - /* -diff --git a/fs/jffs2/compr_rtime.c b/fs/jffs2/compr_rtime.c -index 16a5047..88ff6ca 100644 ---- a/fs/jffs2/compr_rtime.c -+++ b/fs/jffs2/compr_rtime.c -@@ -37,6 +37,8 @@ static int jffs2_rtime_compress(unsigned char *data_in, - int outpos = 0; - int pos=0; - -+ pax_track_stack(); -+ - memset(positions,0,sizeof(positions)); - - while (pos < (*sourcelen) && outpos <= (*dstlen)-2) { -@@ -78,6 +80,8 @@ static int jffs2_rtime_decompress(unsigned char *data_in, - int outpos = 0; - int pos=0; - -+ pax_track_stack(); -+ - memset(positions,0,sizeof(positions)); - - while (outpos<destlen) { -diff --git a/fs/jffs2/compr_rubin.c b/fs/jffs2/compr_rubin.c -index 9e7cec8..4713089 100644 ---- a/fs/jffs2/compr_rubin.c -+++ b/fs/jffs2/compr_rubin.c -@@ -314,6 +314,8 @@ static int jffs2_dynrubin_compress(unsigned char *data_in, - int ret; - uint32_t mysrclen, mydstlen; - -+ pax_track_stack(); -+ - mysrclen = *sourcelen; - mydstlen = *dstlen - 8; - diff --git a/fs/jffs2/erase.c b/fs/jffs2/erase.c index e513f19..2ab1351 100644 --- a/fs/jffs2/erase.c @@ -46709,10 +44039,10 @@ index e513f19..2ab1351 100644 jffs2_prealloc_raw_node_refs(c, jeb, 1); diff --git a/fs/jffs2/wbuf.c b/fs/jffs2/wbuf.c -index 4515bea..178f2d6 100644 +index b09e51d..e482afa 100644 --- a/fs/jffs2/wbuf.c +++ b/fs/jffs2/wbuf.c -@@ -1012,7 +1012,8 @@ static const struct jffs2_unknown_node oob_cleanmarker = +@@ -1011,7 +1011,8 @@ static const struct jffs2_unknown_node oob_cleanmarker = { .magic = constant_cpu_to_je16(JFFS2_MAGIC_BITMASK), .nodetype = constant_cpu_to_je16(JFFS2_NODETYPE_CLEANMARKER), @@ -46722,24 +44052,11 @@ index 4515bea..178f2d6 100644 }; /* -diff --git a/fs/jffs2/xattr.c b/fs/jffs2/xattr.c -index 3e93cdd..c8a80e1 100644 ---- a/fs/jffs2/xattr.c -+++ b/fs/jffs2/xattr.c -@@ -773,6 +773,8 @@ void jffs2_build_xattr_subsystem(struct jffs2_sb_info *c) - - BUG_ON(!(c->flags & JFFS2_SB_FLAG_BUILDING)); - -+ pax_track_stack(); -+ - /* Phase.1 : Merge same xref */ - for (i=0; i < XREF_TMPHASH_SIZE; i++) - xref_tmphash[i] = NULL; diff --git a/fs/jfs/super.c b/fs/jfs/super.c -index 06c8a67..589dbbd 100644 +index a44eff0..462e07d 100644 --- a/fs/jfs/super.c +++ b/fs/jfs/super.c -@@ -803,7 +803,7 @@ static int __init init_jfs_fs(void) +@@ -802,7 +802,7 @@ static int __init init_jfs_fs(void) jfs_inode_cachep = kmem_cache_create("jfs_ip", sizeof(struct jfs_inode_info), 0, @@ -46749,7 +44066,7 @@ index 06c8a67..589dbbd 100644 if (jfs_inode_cachep == NULL) return -ENOMEM; diff --git a/fs/libfs.c b/fs/libfs.c -index c18e9a1..0b04e2c 100644 +index f6d411e..e82a08d 100644 --- a/fs/libfs.c +++ b/fs/libfs.c @@ -165,6 +165,9 @@ int dcache_readdir(struct file * filp, void * dirent, filldir_t filldir) @@ -46777,7 +44094,7 @@ index c18e9a1..0b04e2c 100644 next->d_inode->i_ino, dt_type(next->d_inode)) < 0) diff --git a/fs/lockd/clntproc.c b/fs/lockd/clntproc.c -index 8392cb8..ae8ed40 100644 +index 8392cb8..80d6193 100644 --- a/fs/lockd/clntproc.c +++ b/fs/lockd/clntproc.c @@ -36,11 +36,11 @@ static const struct rpc_call_ops nlmclnt_cancel_ops; @@ -46794,20 +44111,11 @@ index 8392cb8..ae8ed40 100644 memcpy(c->data, &cookie, 4); c->len=4; -@@ -621,6 +621,8 @@ nlmclnt_reclaim(struct nlm_host *host, struct file_lock *fl) - struct nlm_rqst reqst, *req; - int status; - -+ pax_track_stack(); -+ - req = &reqst; - memset(req, 0, sizeof(*req)); - locks_init_lock(&req->a_args.lock.fl); diff --git a/fs/locks.c b/fs/locks.c -index 703f545..150a552 100644 +index 637694b..f84a121 100644 --- a/fs/locks.c +++ b/fs/locks.c -@@ -2022,16 +2022,16 @@ void locks_remove_flock(struct file *filp) +@@ -2074,16 +2074,16 @@ void locks_remove_flock(struct file *filp) return; if (filp->f_op && filp->f_op->flock) { @@ -46828,144 +44136,11 @@ index 703f545..150a552 100644 } lock_flocks(); -diff --git a/fs/logfs/super.c b/fs/logfs/super.c -index ce03a18..ac8c14f 100644 ---- a/fs/logfs/super.c -+++ b/fs/logfs/super.c -@@ -266,6 +266,8 @@ static int logfs_recover_sb(struct super_block *sb) - struct logfs_disk_super _ds1, *ds1 = &_ds1; - int err, valid0, valid1; - -+ pax_track_stack(); -+ - /* read first superblock */ - err = wbuf_read(sb, super->s_sb_ofs[0], sizeof(*ds0), ds0); - if (err) -diff --git a/fs/minix/bitmap.c b/fs/minix/bitmap.c -index 3f32bcb..7c82c29 100644 ---- a/fs/minix/bitmap.c -+++ b/fs/minix/bitmap.c -@@ -20,10 +20,11 @@ static const int nibblemap[] = { 4,3,3,2,3,2,2,1,3,2,2,1,2,1,1,0 }; - - static DEFINE_SPINLOCK(bitmap_lock); - --static unsigned long count_free(struct buffer_head *map[], unsigned numblocks, __u32 numbits) -+static unsigned long count_free(struct buffer_head *map[], unsigned blocksize, __u32 numbits) - { - unsigned i, j, sum = 0; - struct buffer_head *bh; -+ unsigned numblocks = minix_blocks_needed(numbits, blocksize); - - for (i=0; i<numblocks-1; i++) { - if (!(bh=map[i])) -@@ -105,10 +106,12 @@ int minix_new_block(struct inode * inode) - return 0; - } - --unsigned long minix_count_free_blocks(struct minix_sb_info *sbi) -+unsigned long minix_count_free_blocks(struct super_block *sb) - { -- return (count_free(sbi->s_zmap, sbi->s_zmap_blocks, -- sbi->s_nzones - sbi->s_firstdatazone + 1) -+ struct minix_sb_info *sbi = minix_sb(sb); -+ u32 bits = sbi->s_nzones - (sbi->s_firstdatazone + 1); -+ -+ return (count_free(sbi->s_zmap, sb->s_blocksize, bits) - << sbi->s_log_zone_size); - } - -@@ -273,7 +276,10 @@ struct inode *minix_new_inode(const struct inode *dir, int mode, int *error) - return inode; - } - --unsigned long minix_count_free_inodes(struct minix_sb_info *sbi) -+unsigned long minix_count_free_inodes(struct super_block *sb) - { -- return count_free(sbi->s_imap, sbi->s_imap_blocks, sbi->s_ninodes + 1); -+ struct minix_sb_info *sbi = minix_sb(sb); -+ u32 bits = sbi->s_ninodes + 1; -+ -+ return count_free(sbi->s_imap, sb->s_blocksize, bits); - } -diff --git a/fs/minix/inode.c b/fs/minix/inode.c -index e7d23e2..1ed1351 100644 ---- a/fs/minix/inode.c -+++ b/fs/minix/inode.c -@@ -279,6 +279,27 @@ static int minix_fill_super(struct super_block *s, void *data, int silent) - else if (sbi->s_mount_state & MINIX_ERROR_FS) - printk("MINIX-fs: mounting file system with errors, " - "running fsck is recommended\n"); -+ -+ /* Apparently minix can create filesystems that allocate more blocks for -+ * the bitmaps than needed. We simply ignore that, but verify it didn't -+ * create one with not enough blocks and bail out if so. -+ */ -+ block = minix_blocks_needed(sbi->s_ninodes, s->s_blocksize); -+ if (sbi->s_imap_blocks < block) { -+ printk("MINIX-fs: file system does not have enough " -+ "imap blocks allocated. Refusing to mount\n"); -+ goto out_iput; -+ } -+ -+ block = minix_blocks_needed( -+ (sbi->s_nzones - (sbi->s_firstdatazone + 1)), -+ s->s_blocksize); -+ if (sbi->s_zmap_blocks < block) { -+ printk("MINIX-fs: file system does not have enough " -+ "zmap blocks allocated. Refusing to mount.\n"); -+ goto out_iput; -+ } -+ - return 0; - - out_iput: -@@ -339,10 +360,10 @@ static int minix_statfs(struct dentry *dentry, struct kstatfs *buf) - buf->f_type = sb->s_magic; - buf->f_bsize = sb->s_blocksize; - buf->f_blocks = (sbi->s_nzones - sbi->s_firstdatazone) << sbi->s_log_zone_size; -- buf->f_bfree = minix_count_free_blocks(sbi); -+ buf->f_bfree = minix_count_free_blocks(sb); - buf->f_bavail = buf->f_bfree; - buf->f_files = sbi->s_ninodes; -- buf->f_ffree = minix_count_free_inodes(sbi); -+ buf->f_ffree = minix_count_free_inodes(sb); - buf->f_namelen = sbi->s_namelen; - buf->f_fsid.val[0] = (u32)id; - buf->f_fsid.val[1] = (u32)(id >> 32); -diff --git a/fs/minix/minix.h b/fs/minix/minix.h -index 341e212..6415fe0 100644 ---- a/fs/minix/minix.h -+++ b/fs/minix/minix.h -@@ -48,10 +48,10 @@ extern struct minix_inode * minix_V1_raw_inode(struct super_block *, ino_t, stru - extern struct minix2_inode * minix_V2_raw_inode(struct super_block *, ino_t, struct buffer_head **); - extern struct inode * minix_new_inode(const struct inode *, int, int *); - extern void minix_free_inode(struct inode * inode); --extern unsigned long minix_count_free_inodes(struct minix_sb_info *sbi); -+extern unsigned long minix_count_free_inodes(struct super_block *sb); - extern int minix_new_block(struct inode * inode); - extern void minix_free_block(struct inode *inode, unsigned long block); --extern unsigned long minix_count_free_blocks(struct minix_sb_info *sbi); -+extern unsigned long minix_count_free_blocks(struct super_block *sb); - extern int minix_getattr(struct vfsmount *, struct dentry *, struct kstat *); - extern int minix_prepare_chunk(struct page *page, loff_t pos, unsigned len); - -@@ -88,6 +88,11 @@ static inline struct minix_inode_info *minix_i(struct inode *inode) - return list_entry(inode, struct minix_inode_info, vfs_inode); - } - -+static inline unsigned minix_blocks_needed(unsigned bits, unsigned blocksize) -+{ -+ return DIV_ROUND_UP(bits, blocksize * 8); -+} -+ - #if defined(CONFIG_MINIX_FS_NATIVE_ENDIAN) && \ - defined(CONFIG_MINIX_FS_BIG_ENDIAN_16BIT_INDEXED) - diff --git a/fs/namei.c b/fs/namei.c -index 3d15072..c1ddf9c 100644 +index 5008f01..90328a7 100644 --- a/fs/namei.c +++ b/fs/namei.c -@@ -281,16 +281,32 @@ int generic_permission(struct inode *inode, int mask) +@@ -279,16 +279,32 @@ int generic_permission(struct inode *inode, int mask) if (ret != -EACCES) return ret; @@ -47001,7 +44176,7 @@ index 3d15072..c1ddf9c 100644 * Read/write DACs are always overridable. * Executable DACs are overridable when there is * at least one exec bit set. -@@ -299,14 +315,6 @@ int generic_permission(struct inode *inode, int mask) +@@ -297,14 +313,6 @@ int generic_permission(struct inode *inode, int mask) if (ns_capable(inode_userns(inode), CAP_DAC_OVERRIDE)) return 0; @@ -47075,36 +44250,21 @@ index 3d15072..c1ddf9c 100644 if (unlikely(!audit_dummy_context())) { if (nd->path.dentry && nd->inode) audit_inode(name, nd->path.dentry); -@@ -2049,7 +2089,27 @@ static int may_open(struct path *path, int acc_mode, int flag) - /* - * Ensure there are no outstanding leases on the file. - */ -- return break_lease(inode, flag); -+ error = break_lease(inode, flag); -+ -+ if (error) -+ return error; -+ -+ if (gr_handle_rofs_blockwrite(dentry, path->mnt, acc_mode)) { -+ error = -EPERM; -+ goto exit; -+ } -+ -+ if (gr_handle_rawio(inode)) { -+ error = -EPERM; -+ goto exit; -+ } +@@ -2046,6 +2086,13 @@ static int may_open(struct path *path, int acc_mode, int flag) + if (flag & O_NOATIME && !inode_owner_or_capable(inode)) + return -EPERM; + ++ if (gr_handle_rofs_blockwrite(dentry, path->mnt, acc_mode)) ++ return -EPERM; ++ if (gr_handle_rawio(inode)) ++ return -EPERM; ++ if (!gr_acl_handle_open(dentry, path->mnt, acc_mode)) ++ return -EACCES; + -+ if (!gr_acl_handle_open(dentry, path->mnt, acc_mode)) { -+ error = -EACCES; -+ goto exit; -+ } -+exit: -+ return error; + return 0; } - static int handle_truncate(struct file *filp) -@@ -2110,6 +2170,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path, +@@ -2107,6 +2154,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path, error = complete_walk(nd); if (error) return ERR_PTR(error); @@ -47121,7 +44281,7 @@ index 3d15072..c1ddf9c 100644 audit_inode(pathname, nd->path.dentry); if (open_flag & O_CREAT) { error = -EISDIR; -@@ -2120,6 +2190,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path, +@@ -2117,6 +2174,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path, error = complete_walk(nd); if (error) return ERR_PTR(error); @@ -47138,7 +44298,7 @@ index 3d15072..c1ddf9c 100644 audit_inode(pathname, dir); goto ok; } -@@ -2141,6 +2221,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path, +@@ -2138,6 +2205,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path, error = complete_walk(nd); if (error) return ERR_PTR(-ECHILD); @@ -47155,7 +44315,7 @@ index 3d15072..c1ddf9c 100644 error = -ENOTDIR; if (nd->flags & LOOKUP_DIRECTORY) { -@@ -2181,6 +2271,12 @@ static struct file *do_last(struct nameidata *nd, struct path *path, +@@ -2178,6 +2255,12 @@ static struct file *do_last(struct nameidata *nd, struct path *path, /* Negative dentry, just create the file */ if (!dentry->d_inode) { int mode = op->mode; @@ -47168,7 +44328,7 @@ index 3d15072..c1ddf9c 100644 if (!IS_POSIXACL(dir->d_inode)) mode &= ~current_umask(); /* -@@ -2204,6 +2300,8 @@ static struct file *do_last(struct nameidata *nd, struct path *path, +@@ -2201,6 +2284,8 @@ static struct file *do_last(struct nameidata *nd, struct path *path, error = vfs_create(dir->d_inode, dentry, mode, nd); if (error) goto exit_mutex_unlock; @@ -47177,7 +44337,7 @@ index 3d15072..c1ddf9c 100644 mutex_unlock(&dir->d_inode->i_mutex); dput(nd->path.dentry); nd->path.dentry = dentry; -@@ -2213,6 +2311,19 @@ static struct file *do_last(struct nameidata *nd, struct path *path, +@@ -2210,6 +2295,19 @@ static struct file *do_last(struct nameidata *nd, struct path *path, /* * It already exists. */ @@ -47197,7 +44357,7 @@ index 3d15072..c1ddf9c 100644 mutex_unlock(&dir->d_inode->i_mutex); audit_inode(pathname, path->dentry); -@@ -2425,6 +2536,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, struct path *path +@@ -2422,6 +2520,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, struct path *path *path = nd.path; return dentry; eexist: @@ -47209,7 +44369,7 @@ index 3d15072..c1ddf9c 100644 dput(dentry); dentry = ERR_PTR(-EEXIST); fail: -@@ -2447,6 +2563,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, struct pat +@@ -2444,6 +2547,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, struct pat } EXPORT_SYMBOL(user_path_create); @@ -47230,7 +44390,7 @@ index 3d15072..c1ddf9c 100644 int vfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev) { int error = may_create(dir, dentry); -@@ -2514,6 +2644,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode, +@@ -2511,6 +2628,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode, error = mnt_want_write(path.mnt); if (error) goto out_dput; @@ -47248,7 +44408,7 @@ index 3d15072..c1ddf9c 100644 error = security_path_mknod(&path, dentry, mode, dev); if (error) goto out_drop_write; -@@ -2531,6 +2672,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode, +@@ -2528,6 +2656,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode, } out_drop_write: mnt_drop_write(path.mnt); @@ -47258,7 +44418,7 @@ index 3d15072..c1ddf9c 100644 out_dput: dput(dentry); mutex_unlock(&path.dentry->d_inode->i_mutex); -@@ -2580,12 +2724,21 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, int, mode) +@@ -2577,12 +2708,21 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, int, mode) error = mnt_want_write(path.mnt); if (error) goto out_dput; @@ -47280,7 +44440,7 @@ index 3d15072..c1ddf9c 100644 out_dput: dput(dentry); mutex_unlock(&path.dentry->d_inode->i_mutex); -@@ -2665,6 +2818,8 @@ static long do_rmdir(int dfd, const char __user *pathname) +@@ -2662,6 +2802,8 @@ static long do_rmdir(int dfd, const char __user *pathname) char * name; struct dentry *dentry; struct nameidata nd; @@ -47289,7 +44449,7 @@ index 3d15072..c1ddf9c 100644 error = user_path_parent(dfd, pathname, &nd, &name); if (error) -@@ -2693,6 +2848,15 @@ static long do_rmdir(int dfd, const char __user *pathname) +@@ -2690,6 +2832,15 @@ static long do_rmdir(int dfd, const char __user *pathname) error = -ENOENT; goto exit3; } @@ -47305,7 +44465,7 @@ index 3d15072..c1ddf9c 100644 error = mnt_want_write(nd.path.mnt); if (error) goto exit3; -@@ -2700,6 +2864,8 @@ static long do_rmdir(int dfd, const char __user *pathname) +@@ -2697,6 +2848,8 @@ static long do_rmdir(int dfd, const char __user *pathname) if (error) goto exit4; error = vfs_rmdir(nd.path.dentry->d_inode, dentry); @@ -47314,7 +44474,7 @@ index 3d15072..c1ddf9c 100644 exit4: mnt_drop_write(nd.path.mnt); exit3: -@@ -2762,6 +2928,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) +@@ -2759,6 +2912,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) struct dentry *dentry; struct nameidata nd; struct inode *inode = NULL; @@ -47323,7 +44483,7 @@ index 3d15072..c1ddf9c 100644 error = user_path_parent(dfd, pathname, &nd, &name); if (error) -@@ -2784,6 +2952,16 @@ static long do_unlinkat(int dfd, const char __user *pathname) +@@ -2781,6 +2936,16 @@ static long do_unlinkat(int dfd, const char __user *pathname) if (!inode) goto slashes; ihold(inode); @@ -47340,7 +44500,7 @@ index 3d15072..c1ddf9c 100644 error = mnt_want_write(nd.path.mnt); if (error) goto exit2; -@@ -2791,6 +2969,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) +@@ -2788,6 +2953,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) if (error) goto exit3; error = vfs_unlink(nd.path.dentry->d_inode, dentry); @@ -47349,7 +44509,7 @@ index 3d15072..c1ddf9c 100644 exit3: mnt_drop_write(nd.path.mnt); exit2: -@@ -2866,10 +3046,18 @@ SYSCALL_DEFINE3(symlinkat, const char __user *, oldname, +@@ -2863,10 +3030,18 @@ SYSCALL_DEFINE3(symlinkat, const char __user *, oldname, error = mnt_want_write(path.mnt); if (error) goto out_dput; @@ -47368,7 +44528,7 @@ index 3d15072..c1ddf9c 100644 out_drop_write: mnt_drop_write(path.mnt); out_dput: -@@ -2941,6 +3129,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, +@@ -2938,6 +3113,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, { struct dentry *new_dentry; struct path old_path, new_path; @@ -47376,7 +44536,7 @@ index 3d15072..c1ddf9c 100644 int how = 0; int error; -@@ -2964,7 +3153,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, +@@ -2961,7 +3137,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, if (error) return error; @@ -47385,7 +44545,7 @@ index 3d15072..c1ddf9c 100644 error = PTR_ERR(new_dentry); if (IS_ERR(new_dentry)) goto out; -@@ -2975,13 +3164,30 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, +@@ -2972,13 +3148,30 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, error = mnt_want_write(new_path.mnt); if (error) goto out_dput; @@ -47416,16 +44576,7 @@ index 3d15072..c1ddf9c 100644 dput(new_dentry); mutex_unlock(&new_path.dentry->d_inode->i_mutex); path_put(&new_path); -@@ -3153,6 +3359,8 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname, - char *to; - int error; - -+ pax_track_stack(); -+ - error = user_path_parent(olddfd, oldname, &oldnd, &from); - if (error) - goto exit; -@@ -3209,6 +3417,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname, +@@ -3206,6 +3399,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname, if (new_dentry == trap) goto exit5; @@ -47438,7 +44589,7 @@ index 3d15072..c1ddf9c 100644 error = mnt_want_write(oldnd.path.mnt); if (error) goto exit5; -@@ -3218,6 +3432,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname, +@@ -3215,6 +3414,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname, goto exit6; error = vfs_rename(old_dir->d_inode, old_dentry, new_dir->d_inode, new_dentry); @@ -47448,7 +44599,7 @@ index 3d15072..c1ddf9c 100644 exit6: mnt_drop_write(oldnd.path.mnt); exit5: -@@ -3243,6 +3460,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna +@@ -3240,6 +3442,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link) { @@ -47457,7 +44608,7 @@ index 3d15072..c1ddf9c 100644 int len; len = PTR_ERR(link); -@@ -3252,7 +3471,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c +@@ -3249,7 +3453,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c len = strlen(link); if (len > (unsigned) buflen) len = buflen; @@ -47474,7 +44625,7 @@ index 3d15072..c1ddf9c 100644 out: return len; diff --git a/fs/namespace.c b/fs/namespace.c -index 5e7f2e9..cd13685 100644 +index cfc6d44..b4632a5 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -1326,6 +1326,9 @@ static int do_umount(struct vfsmount *mnt, int flags) @@ -47524,7 +44675,7 @@ index 5e7f2e9..cd13685 100644 return retval; } -@@ -2573,6 +2592,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, +@@ -2605,6 +2624,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, if (error) goto out2; @@ -47536,68 +44687,6 @@ index 5e7f2e9..cd13685 100644 get_fs_root(current->fs, &root); error = lock_mount(&old); if (error) -diff --git a/fs/ncpfs/dir.c b/fs/ncpfs/dir.c -index 9c51f62..503b252 100644 ---- a/fs/ncpfs/dir.c -+++ b/fs/ncpfs/dir.c -@@ -299,6 +299,8 @@ ncp_lookup_validate(struct dentry *dentry, struct nameidata *nd) - int res, val = 0, len; - __u8 __name[NCP_MAXPATHLEN + 1]; - -+ pax_track_stack(); -+ - if (dentry == dentry->d_sb->s_root) - return 1; - -@@ -844,6 +846,8 @@ static struct dentry *ncp_lookup(struct inode *dir, struct dentry *dentry, struc - int error, res, len; - __u8 __name[NCP_MAXPATHLEN + 1]; - -+ pax_track_stack(); -+ - error = -EIO; - if (!ncp_conn_valid(server)) - goto finished; -@@ -931,6 +935,8 @@ int ncp_create_new(struct inode *dir, struct dentry *dentry, int mode, - PPRINTK("ncp_create_new: creating %s/%s, mode=%x\n", - dentry->d_parent->d_name.name, dentry->d_name.name, mode); - -+ pax_track_stack(); -+ - ncp_age_dentry(server, dentry); - len = sizeof(__name); - error = ncp_io2vol(server, __name, &len, dentry->d_name.name, -@@ -992,6 +998,8 @@ static int ncp_mkdir(struct inode *dir, struct dentry *dentry, int mode) - int error, len; - __u8 __name[NCP_MAXPATHLEN + 1]; - -+ pax_track_stack(); -+ - DPRINTK("ncp_mkdir: making %s/%s\n", - dentry->d_parent->d_name.name, dentry->d_name.name); - -@@ -1140,6 +1148,8 @@ static int ncp_rename(struct inode *old_dir, struct dentry *old_dentry, - int old_len, new_len; - __u8 __old_name[NCP_MAXPATHLEN + 1], __new_name[NCP_MAXPATHLEN + 1]; - -+ pax_track_stack(); -+ - DPRINTK("ncp_rename: %s/%s to %s/%s\n", - old_dentry->d_parent->d_name.name, old_dentry->d_name.name, - new_dentry->d_parent->d_name.name, new_dentry->d_name.name); -diff --git a/fs/ncpfs/inode.c b/fs/ncpfs/inode.c -index 202f370..9d4565e 100644 ---- a/fs/ncpfs/inode.c -+++ b/fs/ncpfs/inode.c -@@ -461,6 +461,8 @@ static int ncp_fill_super(struct super_block *sb, void *raw_data, int silent) - #endif - struct ncp_entry_info finfo; - -+ pax_track_stack(); -+ - memset(&data, 0, sizeof(data)); - server = kzalloc(sizeof(struct ncp_server), GFP_KERNEL); - if (!server) diff --git a/fs/nfs/blocklayout/blocklayout.c b/fs/nfs/blocklayout/blocklayout.c index 281ae95..dd895b9 100644 --- a/fs/nfs/blocklayout/blocklayout.c @@ -47612,7 +44701,7 @@ index 281ae95..dd895b9 100644 void *data; }; diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c -index 679d2f5..ef1ffec 100644 +index 50a15fa..ca113f9 100644 --- a/fs/nfs/inode.c +++ b/fs/nfs/inode.c @@ -150,7 +150,7 @@ static void nfs_zap_caches_locked(struct inode *inode) @@ -47644,37 +44733,11 @@ index 679d2f5..ef1ffec 100644 } void nfs_fattr_init(struct nfs_fattr *fattr) -diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c -index 6f8bcc7..8f823c5 100644 ---- a/fs/nfsd/nfs4state.c -+++ b/fs/nfsd/nfs4state.c -@@ -3999,6 +3999,8 @@ nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, - unsigned int strhashval; - int err; - -+ pax_track_stack(); -+ - dprintk("NFSD: nfsd4_lock: start=%Ld length=%Ld\n", - (long long) lock->lk_offset, - (long long) lock->lk_length); -diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c -index f810996..cec8977 100644 ---- a/fs/nfsd/nfs4xdr.c -+++ b/fs/nfsd/nfs4xdr.c -@@ -1875,6 +1875,8 @@ nfsd4_encode_fattr(struct svc_fh *fhp, struct svc_export *exp, - .dentry = dentry, - }; - -+ pax_track_stack(); -+ - BUG_ON(bmval1 & NFSD_WRITEONLY_ATTRS_WORD1); - BUG_ON(bmval0 & ~nfsd_suppattrs0(minorversion)); - BUG_ON(bmval1 & ~nfsd_suppattrs1(minorversion)); diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c -index acf88ae..4fd6245 100644 +index 7a2e442..8e544cc 100644 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c -@@ -896,7 +896,7 @@ nfsd_vfs_read(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file, +@@ -914,7 +914,7 @@ nfsd_vfs_read(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file, } else { oldfs = get_fs(); set_fs(KERNEL_DS); @@ -47683,7 +44746,7 @@ index acf88ae..4fd6245 100644 set_fs(oldfs); } -@@ -1000,7 +1000,7 @@ nfsd_vfs_write(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file, +@@ -1018,7 +1018,7 @@ nfsd_vfs_write(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file, /* Write the data. */ oldfs = get_fs(); set_fs(KERNEL_DS); @@ -47692,7 +44755,7 @@ index acf88ae..4fd6245 100644 set_fs(oldfs); if (host_err < 0) goto out_nfserr; -@@ -1535,7 +1535,7 @@ nfsd_readlink(struct svc_rqst *rqstp, struct svc_fh *fhp, char *buf, int *lenp) +@@ -1553,7 +1553,7 @@ nfsd_readlink(struct svc_rqst *rqstp, struct svc_fh *fhp, char *buf, int *lenp) */ oldfs = get_fs(); set_fs(KERNEL_DS); @@ -47701,20 +44764,6 @@ index acf88ae..4fd6245 100644 set_fs(oldfs); if (host_err < 0) -diff --git a/fs/nilfs2/ioctl.c b/fs/nilfs2/ioctl.c -index 3e65427..ac258be 100644 ---- a/fs/nilfs2/ioctl.c -+++ b/fs/nilfs2/ioctl.c -@@ -625,6 +625,9 @@ static int nilfs_ioctl_clean_segments(struct inode *inode, struct file *filp, - if (argv[n].v_nmembs > nsegs * nilfs->ns_blocks_per_segment) - goto out_free; - -+ if (argv[n].v_nmembs >= UINT_MAX / argv[n].v_size) -+ goto out_free; -+ - len = argv[n].v_size * argv[n].v_nmembs; - base = (void __user *)(unsigned long)argv[n].v_base; - if (len == 0) { diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c index 9fde1c0..14e8827 100644 --- a/fs/notify/fanotify/fanotify_user.c @@ -47816,21 +44865,8 @@ index 210c352..a174f83 100644 bail: if (handle) -diff --git a/fs/ocfs2/namei.c b/fs/ocfs2/namei.c -index 53aa41e..d7df9f1 100644 ---- a/fs/ocfs2/namei.c -+++ b/fs/ocfs2/namei.c -@@ -1063,6 +1063,8 @@ static int ocfs2_rename(struct inode *old_dir, - struct ocfs2_dir_lookup_result orphan_insert = { NULL, }; - struct ocfs2_dir_lookup_result target_insert = { NULL, }; - -+ pax_track_stack(); -+ - /* At some point it might be nice to break this function up a - * bit. */ - diff --git a/fs/ocfs2/ocfs2.h b/fs/ocfs2/ocfs2.h -index 4092858..51c70ff 100644 +index d355e6e..578d905 100644 --- a/fs/ocfs2/ocfs2.h +++ b/fs/ocfs2/ocfs2.h @@ -235,11 +235,11 @@ enum ocfs2_vol_state @@ -47909,10 +44945,10 @@ index ba5d97e..c77db25 100644 } } diff --git a/fs/ocfs2/super.c b/fs/ocfs2/super.c -index 56f6102..1433c29 100644 +index 4994f8b..eaab8eb 100644 --- a/fs/ocfs2/super.c +++ b/fs/ocfs2/super.c -@@ -300,11 +300,11 @@ static int ocfs2_osb_dump(struct ocfs2_super *osb, char *buf, int len) +@@ -301,11 +301,11 @@ static int ocfs2_osb_dump(struct ocfs2_super *osb, char *buf, int len) "%10s => GlobalAllocs: %d LocalAllocs: %d " "SubAllocs: %d LAWinMoves: %d SAExtends: %d\n", "Stats", @@ -47929,7 +44965,7 @@ index 56f6102..1433c29 100644 out += snprintf(buf + out, len - out, "%10s => State: %u Descriptor: %llu Size: %u bits " -@@ -2112,11 +2112,11 @@ static int ocfs2_initialize_super(struct super_block *sb, +@@ -2119,11 +2119,11 @@ static int ocfs2_initialize_super(struct super_block *sb, spin_lock_init(&osb->osb_xattr_lock); ocfs2_init_steal_slots(osb); @@ -47960,7 +44996,7 @@ index 5d22872..523db20 100644 kfree(link); } diff --git a/fs/open.c b/fs/open.c -index f711921..28d5958 100644 +index 22c41b5..695cb17 100644 --- a/fs/open.c +++ b/fs/open.c @@ -112,6 +112,10 @@ static long do_sys_truncate(const char __user *pathname, loff_t length) @@ -48074,10 +45110,10 @@ index 6296b40..417c00f 100644 (u8 *) pte, count) < count) { diff --git a/fs/partitions/ldm.c b/fs/partitions/ldm.c -index af9fdf0..75b15c3 100644 +index bd8ae78..539d250 100644 --- a/fs/partitions/ldm.c +++ b/fs/partitions/ldm.c -@@ -1322,7 +1322,7 @@ static bool ldm_frag_add (const u8 *data, int size, struct list_head *frags) +@@ -1324,7 +1324,7 @@ static bool ldm_frag_add (const u8 *data, int size, struct list_head *frags) goto found; } @@ -48087,7 +45123,7 @@ index af9fdf0..75b15c3 100644 ldm_crit ("Out of memory."); return false; diff --git a/fs/pipe.c b/fs/pipe.c -index 0e0be1d..f62a72d 100644 +index 4065f07..68c0706 100644 --- a/fs/pipe.c +++ b/fs/pipe.c @@ -420,9 +420,9 @@ redo: @@ -48245,7 +45281,7 @@ index 15af622..0e9f4467 100644 help Various /proc files exist to monitor process memory utilization: diff --git a/fs/proc/array.c b/fs/proc/array.c -index 3a1dafd..c7fed72 100644 +index 3a1dafd..d41fc37 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c @@ -60,6 +60,7 @@ @@ -48303,16 +45339,7 @@ index 3a1dafd..c7fed72 100644 static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task, int whole) { -@@ -378,6 +409,8 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, - char tcomm[sizeof(task->comm)]; - unsigned long flags; - -+ pax_track_stack(); -+ - state = *get_task_state(task); - vsize = eip = esp = 0; - permitted = ptrace_may_access(task, PTRACE_MODE_READ); -@@ -449,6 +482,19 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, +@@ -449,6 +480,19 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, gtime = task->gtime; } @@ -48332,7 +45359,7 @@ index 3a1dafd..c7fed72 100644 /* scale priority and nice values from timeslices to -20..20 */ /* to make it look like a "normal" Unix priority/nice value */ priority = task_prio(task); -@@ -489,9 +535,15 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, +@@ -489,9 +533,15 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, vsize, mm ? get_mm_rss(mm) : 0, rsslim, @@ -48348,7 +45375,7 @@ index 3a1dafd..c7fed72 100644 esp, eip, /* The signal information here is obsolete. -@@ -544,3 +596,18 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, +@@ -544,3 +594,18 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, return 0; } @@ -48368,7 +45395,7 @@ index 3a1dafd..c7fed72 100644 +} +#endif diff --git a/fs/proc/base.c b/fs/proc/base.c -index 5eb0206..f8f1974 100644 +index 851ba3d..813fd0b 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -107,6 +107,22 @@ struct pid_entry { @@ -48471,7 +45498,7 @@ index 5eb0206..f8f1974 100644 - mm = ERR_PTR(-EACCES); + if (mm) { + if ((mm != current->mm && !ptrace_may_access(task, mode)) || -+ (gr_handle_proc_ptrace(task) || gr_acl_handle_procpidmem(task))) { ++ (mode == PTRACE_MODE_ATTACH && (gr_handle_proc_ptrace(task) || gr_acl_handle_procpidmem(task)))) { + mmput(mm); + mm = ERR_PTR(-EACCES); + } @@ -48733,7 +45760,7 @@ index 5eb0206..f8f1974 100644 ret = -ENOMEM; page = (char *)__get_free_page(GFP_TEMPORARY); if (!page) -@@ -1613,7 +1594,7 @@ static void *proc_pid_follow_link(struct dentry *dentry, struct nameidata *nd) +@@ -1600,7 +1581,7 @@ static void *proc_pid_follow_link(struct dentry *dentry, struct nameidata *nd) path_put(&nd->path); /* Are we allowed to snoop on the tasks file descriptors? */ @@ -48742,7 +45769,7 @@ index 5eb0206..f8f1974 100644 goto out; error = PROC_I(inode)->op.proc_get_link(inode, &nd->path); -@@ -1652,8 +1633,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b +@@ -1639,8 +1620,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b struct path path; /* Are we allowed to snoop on the tasks file descriptors? */ @@ -48763,7 +45790,7 @@ index 5eb0206..f8f1974 100644 error = PROC_I(inode)->op.proc_get_link(inode, &path); if (error) -@@ -1718,7 +1709,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t +@@ -1705,7 +1696,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t rcu_read_lock(); cred = __task_cred(task); inode->i_uid = cred->euid; @@ -48775,7 +45802,7 @@ index 5eb0206..f8f1974 100644 rcu_read_unlock(); } security_task_to_inode(task, inode); -@@ -1736,6 +1731,9 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat) +@@ -1723,6 +1718,9 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat) struct inode *inode = dentry->d_inode; struct task_struct *task; const struct cred *cred; @@ -48785,7 +45812,7 @@ index 5eb0206..f8f1974 100644 generic_fillattr(inode, stat); -@@ -1743,13 +1741,41 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat) +@@ -1730,13 +1728,41 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat) stat->uid = 0; stat->gid = 0; task = pid_task(proc_pid(inode), PIDTYPE_PID); @@ -48828,7 +45855,7 @@ index 5eb0206..f8f1974 100644 } rcu_read_unlock(); return 0; -@@ -1786,11 +1812,20 @@ int pid_revalidate(struct dentry *dentry, struct nameidata *nd) +@@ -1773,11 +1799,20 @@ int pid_revalidate(struct dentry *dentry, struct nameidata *nd) if (task) { if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || @@ -48849,7 +45876,7 @@ index 5eb0206..f8f1974 100644 rcu_read_unlock(); } else { inode->i_uid = 0; -@@ -1908,7 +1943,8 @@ static int proc_fd_info(struct inode *inode, struct path *path, char *info) +@@ -1895,7 +1930,8 @@ static int proc_fd_info(struct inode *inode, struct path *path, char *info) int fd = proc_fd(inode); if (task) { @@ -48859,7 +45886,7 @@ index 5eb0206..f8f1974 100644 put_task_struct(task); } if (files) { -@@ -2176,11 +2212,21 @@ static const struct file_operations proc_fd_operations = { +@@ -2163,11 +2199,21 @@ static const struct file_operations proc_fd_operations = { */ static int proc_fd_permission(struct inode *inode, int mask) { @@ -48883,7 +45910,7 @@ index 5eb0206..f8f1974 100644 return rv; } -@@ -2290,6 +2336,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir, +@@ -2277,6 +2323,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir, if (!task) goto out_no_task; @@ -48893,7 +45920,7 @@ index 5eb0206..f8f1974 100644 /* * Yes, it does not scale. And it should not. Don't add * new entries into /proc/<tgid>/ without very good reasons. -@@ -2334,6 +2383,9 @@ static int proc_pident_readdir(struct file *filp, +@@ -2321,6 +2370,9 @@ static int proc_pident_readdir(struct file *filp, if (!task) goto out_no_task; @@ -48903,7 +45930,7 @@ index 5eb0206..f8f1974 100644 ret = 0; i = filp->f_pos; switch (i) { -@@ -2604,7 +2656,7 @@ static void *proc_self_follow_link(struct dentry *dentry, struct nameidata *nd) +@@ -2591,7 +2643,7 @@ static void *proc_self_follow_link(struct dentry *dentry, struct nameidata *nd) static void proc_self_put_link(struct dentry *dentry, struct nameidata *nd, void *cookie) { @@ -48912,7 +45939,7 @@ index 5eb0206..f8f1974 100644 if (!IS_ERR(s)) __putname(s); } -@@ -2802,7 +2854,7 @@ static const struct pid_entry tgid_base_stuff[] = { +@@ -2789,7 +2841,7 @@ static const struct pid_entry tgid_base_stuff[] = { REG("autogroup", S_IRUGO|S_IWUSR, proc_pid_sched_autogroup_operations), #endif REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations), @@ -48921,7 +45948,7 @@ index 5eb0206..f8f1974 100644 INF("syscall", S_IRUGO, proc_pid_syscall), #endif INF("cmdline", S_IRUGO, proc_pid_cmdline), -@@ -2827,10 +2879,10 @@ static const struct pid_entry tgid_base_stuff[] = { +@@ -2814,10 +2866,10 @@ static const struct pid_entry tgid_base_stuff[] = { #ifdef CONFIG_SECURITY DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), #endif @@ -48934,7 +45961,7 @@ index 5eb0206..f8f1974 100644 ONE("stack", S_IRUGO, proc_pid_stack), #endif #ifdef CONFIG_SCHEDSTATS -@@ -2864,6 +2916,9 @@ static const struct pid_entry tgid_base_stuff[] = { +@@ -2851,6 +2903,9 @@ static const struct pid_entry tgid_base_stuff[] = { #ifdef CONFIG_HARDWALL INF("hardwall", S_IRUGO, proc_pid_hardwall), #endif @@ -48944,7 +45971,7 @@ index 5eb0206..f8f1974 100644 }; static int proc_tgid_base_readdir(struct file * filp, -@@ -2989,7 +3044,14 @@ static struct dentry *proc_pid_instantiate(struct inode *dir, +@@ -2976,7 +3031,14 @@ static struct dentry *proc_pid_instantiate(struct inode *dir, if (!inode) goto out; @@ -48959,7 +45986,7 @@ index 5eb0206..f8f1974 100644 inode->i_op = &proc_tgid_base_inode_operations; inode->i_fop = &proc_tgid_base_operations; inode->i_flags|=S_IMMUTABLE; -@@ -3031,7 +3093,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, struct +@@ -3018,7 +3080,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, struct if (!task) goto out; @@ -48971,7 +45998,7 @@ index 5eb0206..f8f1974 100644 put_task_struct(task); out: return result; -@@ -3096,6 +3162,11 @@ int proc_pid_readdir(struct file * filp, void * dirent, filldir_t filldir) +@@ -3083,6 +3149,11 @@ int proc_pid_readdir(struct file * filp, void * dirent, filldir_t filldir) { unsigned int nr; struct task_struct *reaper; @@ -48983,7 +46010,7 @@ index 5eb0206..f8f1974 100644 struct tgid_iter iter; struct pid_namespace *ns; -@@ -3119,8 +3190,27 @@ int proc_pid_readdir(struct file * filp, void * dirent, filldir_t filldir) +@@ -3106,8 +3177,27 @@ int proc_pid_readdir(struct file * filp, void * dirent, filldir_t filldir) for (iter = next_tgid(ns, iter); iter.task; iter.tgid += 1, iter = next_tgid(ns, iter)) { @@ -49012,7 +46039,7 @@ index 5eb0206..f8f1974 100644 put_task_struct(iter.task); goto out; } -@@ -3148,7 +3238,7 @@ static const struct pid_entry tid_base_stuff[] = { +@@ -3135,7 +3225,7 @@ static const struct pid_entry tid_base_stuff[] = { REG("sched", S_IRUGO|S_IWUSR, proc_pid_sched_operations), #endif REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations), @@ -49021,7 +46048,7 @@ index 5eb0206..f8f1974 100644 INF("syscall", S_IRUGO, proc_pid_syscall), #endif INF("cmdline", S_IRUGO, proc_pid_cmdline), -@@ -3172,10 +3262,10 @@ static const struct pid_entry tid_base_stuff[] = { +@@ -3159,10 +3249,10 @@ static const struct pid_entry tid_base_stuff[] = { #ifdef CONFIG_SECURITY DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), #endif @@ -49067,7 +46094,7 @@ index b143471..bb105e5 100644 } module_init(proc_devices_init); diff --git a/fs/proc/inode.c b/fs/proc/inode.c -index 7ed72d6..d5f061a 100644 +index 7737c54..7172574 100644 --- a/fs/proc/inode.c +++ b/fs/proc/inode.c @@ -18,12 +18,18 @@ @@ -49130,19 +46157,10 @@ index 7838e5c..ff92cbc 100644 extern const struct file_operations proc_maps_operations; diff --git a/fs/proc/kcore.c b/fs/proc/kcore.c -index d245cb2..7e645bd 100644 +index d245cb2..f4e8498 100644 --- a/fs/proc/kcore.c +++ b/fs/proc/kcore.c -@@ -321,6 +321,8 @@ static void elf_kcore_store_hdr(char *bufp, int nphdr, int dataoff) - off_t offset = 0; - struct kcore_list *m; - -+ pax_track_stack(); -+ - /* setup ELF header */ - elf = (struct elfhdr *) bufp; - bufp += sizeof(struct elfhdr); -@@ -478,9 +480,10 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos) +@@ -478,9 +478,10 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos) * the addresses in the elf_phdr on our list. */ start = kc_offset_to_vaddr(*fpos - elf_buflen); @@ -49155,7 +46173,7 @@ index d245cb2..7e645bd 100644 while (buflen) { struct kcore_list *m; -@@ -509,20 +512,23 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos) +@@ -509,20 +510,23 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos) kfree(elf_buf); } else { if (kern_addr_valid(start)) { @@ -49190,7 +46208,7 @@ index d245cb2..7e645bd 100644 } else { if (clear_user(buffer, tsz)) return -EFAULT; -@@ -542,6 +548,9 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos) +@@ -542,6 +546,9 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos) static int open_kcore(struct inode *inode, struct file *filp) { @@ -49201,19 +46219,10 @@ index d245cb2..7e645bd 100644 return -EPERM; if (kcore_need_update) diff --git a/fs/proc/meminfo.c b/fs/proc/meminfo.c -index 80e4645..d2689e9 100644 +index 80e4645..53e5fcf 100644 --- a/fs/proc/meminfo.c +++ b/fs/proc/meminfo.c -@@ -29,6 +29,8 @@ static int meminfo_proc_show(struct seq_file *m, void *v) - unsigned long pages[NR_LRU_LISTS]; - int lru; - -+ pax_track_stack(); -+ - /* - * display in kilobytes. - */ -@@ -158,7 +160,7 @@ static int meminfo_proc_show(struct seq_file *m, void *v) +@@ -158,7 +158,7 @@ static int meminfo_proc_show(struct seq_file *m, void *v) vmi.used >> 10, vmi.largest_chunk >> 10 #ifdef CONFIG_MEMORY_FAILURE @@ -49258,10 +46267,10 @@ index f738024..876984a 100644 rcu_read_lock(); task = pid_task(proc_pid(dir), PIDTYPE_PID); diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c -index 1a77dbe..56ec911 100644 +index a6b6217..3d0953c 100644 --- a/fs/proc/proc_sysctl.c +++ b/fs/proc/proc_sysctl.c -@@ -8,11 +8,13 @@ +@@ -9,11 +9,13 @@ #include <linux/namei.h> #include "internal.h" @@ -49275,9 +46284,9 @@ index 1a77dbe..56ec911 100644 -static const struct inode_operations proc_sys_dir_operations; +const struct inode_operations proc_sys_dir_operations; - static struct inode *proc_sys_make_inode(struct super_block *sb, - struct ctl_table_header *head, struct ctl_table *table) -@@ -121,8 +123,14 @@ static struct dentry *proc_sys_lookup(struct inode *dir, struct dentry *dentry, + void proc_sys_poll_notify(struct ctl_table_poll *poll) + { +@@ -131,8 +133,14 @@ static struct dentry *proc_sys_lookup(struct inode *dir, struct dentry *dentry, err = NULL; d_set_d_op(dentry, &proc_sys_dentry_operations); @@ -49292,7 +46301,7 @@ index 1a77dbe..56ec911 100644 out: sysctl_head_finish(head); return err; -@@ -202,6 +210,9 @@ static int proc_sys_fill_cache(struct file *filp, void *dirent, +@@ -245,6 +253,9 @@ static int proc_sys_fill_cache(struct file *filp, void *dirent, return -ENOMEM; } else { d_set_d_op(child, &proc_sys_dentry_operations); @@ -49302,7 +46311,7 @@ index 1a77dbe..56ec911 100644 d_add(child, inode); } } else { -@@ -230,6 +241,9 @@ static int scan(struct ctl_table_header *head, ctl_table *table, +@@ -273,6 +284,9 @@ static int scan(struct ctl_table_header *head, ctl_table *table, if (*pos < file->f_pos) continue; @@ -49312,7 +46321,7 @@ index 1a77dbe..56ec911 100644 res = proc_sys_fill_cache(file, dirent, filldir, head, table); if (res) return res; -@@ -355,6 +369,9 @@ static int proc_sys_getattr(struct vfsmount *mnt, struct dentry *dentry, struct +@@ -398,6 +412,9 @@ static int proc_sys_getattr(struct vfsmount *mnt, struct dentry *dentry, struct if (IS_ERR(head)) return PTR_ERR(head); @@ -49322,12 +46331,7 @@ index 1a77dbe..56ec911 100644 generic_fillattr(inode, stat); if (table) stat->mode = (stat->mode & S_IFMT) | table->mode; -@@ -370,17 +387,18 @@ static const struct file_operations proc_sys_file_operations = { - }; - - static const struct file_operations proc_sys_dir_file_operations = { -+ .read = generic_read_dir, - .readdir = proc_sys_readdir, +@@ -420,13 +437,13 @@ static const struct file_operations proc_sys_dir_file_operations = { .llseek = generic_file_llseek, }; @@ -49344,10 +46348,10 @@ index 1a77dbe..56ec911 100644 .permission = proc_sys_permission, .setattr = proc_sys_setattr, diff --git a/fs/proc/root.c b/fs/proc/root.c -index 9a8a2b7..3018df6 100644 +index 03102d9..4ae347e 100644 --- a/fs/proc/root.c +++ b/fs/proc/root.c -@@ -123,7 +123,15 @@ void __init proc_root_init(void) +@@ -121,7 +121,15 @@ void __init proc_root_init(void) #ifdef CONFIG_PROC_DEVICETREE proc_device_tree_init(); #endif @@ -49364,10 +46368,10 @@ index 9a8a2b7..3018df6 100644 } diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c -index c7d4ee6..41c5564 100644 +index e418c5a..e66a99c 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c -@@ -51,8 +51,13 @@ void task_mem(struct seq_file *m, struct mm_struct *mm) +@@ -52,8 +52,13 @@ void task_mem(struct seq_file *m, struct mm_struct *mm) "VmExe:\t%8lu kB\n" "VmLib:\t%8lu kB\n" "VmPTE:\t%8lu kB\n" @@ -49382,8 +46386,8 @@ index c7d4ee6..41c5564 100644 + ,hiwater_vm << (PAGE_SHIFT-10), (total_vm - mm->reserved_vm) << (PAGE_SHIFT-10), mm->locked_vm << (PAGE_SHIFT-10), - hiwater_rss << (PAGE_SHIFT-10), -@@ -60,7 +65,13 @@ void task_mem(struct seq_file *m, struct mm_struct *mm) + mm->pinned_vm << (PAGE_SHIFT-10), +@@ -62,7 +67,13 @@ void task_mem(struct seq_file *m, struct mm_struct *mm) data << (PAGE_SHIFT-10), mm->stack_vm << (PAGE_SHIFT-10), text, lib, (PTRS_PER_PTE*sizeof(pte_t)*mm->nr_ptes) >> 10, @@ -49398,7 +46402,7 @@ index c7d4ee6..41c5564 100644 } unsigned long task_vsize(struct mm_struct *mm) -@@ -207,6 +218,12 @@ static int do_maps_open(struct inode *inode, struct file *file, +@@ -209,6 +220,12 @@ static int do_maps_open(struct inode *inode, struct file *file, return ret; } @@ -49411,7 +46415,7 @@ index c7d4ee6..41c5564 100644 static void show_map_vma(struct seq_file *m, struct vm_area_struct *vma) { struct mm_struct *mm = vma->vm_mm; -@@ -225,13 +242,13 @@ static void show_map_vma(struct seq_file *m, struct vm_area_struct *vma) +@@ -227,13 +244,13 @@ static void show_map_vma(struct seq_file *m, struct vm_area_struct *vma) pgoff = ((loff_t)vma->vm_pgoff) << PAGE_SHIFT; } @@ -49430,7 +46434,7 @@ index c7d4ee6..41c5564 100644 seq_printf(m, "%08lx-%08lx %c%c%c%c %08llx %02x:%02x %lu %n", start, -@@ -240,7 +257,11 @@ static void show_map_vma(struct seq_file *m, struct vm_area_struct *vma) +@@ -242,7 +259,11 @@ static void show_map_vma(struct seq_file *m, struct vm_area_struct *vma) flags & VM_WRITE ? 'w' : '-', flags & VM_EXEC ? 'x' : '-', flags & VM_MAYSHARE ? 's' : 'p', @@ -49442,7 +46446,7 @@ index c7d4ee6..41c5564 100644 MAJOR(dev), MINOR(dev), ino, &len); /* -@@ -249,7 +270,7 @@ static void show_map_vma(struct seq_file *m, struct vm_area_struct *vma) +@@ -251,7 +272,7 @@ static void show_map_vma(struct seq_file *m, struct vm_area_struct *vma) */ if (file) { pad_len_spaces(m, len); @@ -49451,7 +46455,7 @@ index c7d4ee6..41c5564 100644 } else { const char *name = arch_vma_name(vma); if (!name) { -@@ -257,8 +278,9 @@ static void show_map_vma(struct seq_file *m, struct vm_area_struct *vma) +@@ -259,8 +280,9 @@ static void show_map_vma(struct seq_file *m, struct vm_area_struct *vma) if (vma->vm_start <= mm->brk && vma->vm_end >= mm->start_brk) { name = "[heap]"; @@ -49463,7 +46467,7 @@ index c7d4ee6..41c5564 100644 name = "[stack]"; } } else { -@@ -433,11 +455,16 @@ static int show_smap(struct seq_file *m, void *v) +@@ -435,11 +457,16 @@ static int show_smap(struct seq_file *m, void *v) }; memset(&mss, 0, sizeof mss); @@ -49485,7 +46489,7 @@ index c7d4ee6..41c5564 100644 show_map_vma(m, vma); seq_printf(m, -@@ -455,7 +482,11 @@ static int show_smap(struct seq_file *m, void *v) +@@ -457,7 +484,11 @@ static int show_smap(struct seq_file *m, void *v) "KernelPageSize: %8lu kB\n" "MMUPageSize: %8lu kB\n" "Locked: %8lu kB\n", @@ -49497,7 +46501,7 @@ index c7d4ee6..41c5564 100644 mss.resident >> 10, (unsigned long)(mss.pss >> (10 + PSS_SHIFT)), mss.shared_clean >> 10, -@@ -1031,7 +1062,7 @@ static int show_numa_map(struct seq_file *m, void *v) +@@ -1033,7 +1064,7 @@ static int show_numa_map(struct seq_file *m, void *v) if (file) { seq_printf(m, " file="); @@ -49652,19 +46656,6 @@ index 356f715..c918d38 100644 if (__put_user(d_off, &lastdirent->d_off)) error = -EFAULT; else -diff --git a/fs/reiserfs/dir.c b/fs/reiserfs/dir.c -index 133e935..349ef18 100644 ---- a/fs/reiserfs/dir.c -+++ b/fs/reiserfs/dir.c -@@ -75,6 +75,8 @@ int reiserfs_readdir_dentry(struct dentry *dentry, void *dirent, - struct reiserfs_dir_entry de; - int ret = 0; - -+ pax_track_stack(); -+ - reiserfs_write_lock(inode->i_sb); - - reiserfs_check_lock_depth(inode->i_sb, "readdir"); diff --git a/fs/reiserfs/do_balan.c b/fs/reiserfs/do_balan.c index 60c0804..d814f98 100644 --- a/fs/reiserfs/do_balan.c @@ -49678,34 +46669,8 @@ index 60c0804..d814f98 100644 do_balance_starts(tb); /* balance leaf returns 0 except if combining L R and S into -diff --git a/fs/reiserfs/journal.c b/fs/reiserfs/journal.c -index a159ba5..0396a76 100644 ---- a/fs/reiserfs/journal.c -+++ b/fs/reiserfs/journal.c -@@ -2289,6 +2289,8 @@ static struct buffer_head *reiserfs_breada(struct block_device *dev, - struct buffer_head *bh; - int i, j; - -+ pax_track_stack(); -+ - bh = __getblk(dev, block, bufsize); - if (buffer_uptodate(bh)) - return (bh); -diff --git a/fs/reiserfs/namei.c b/fs/reiserfs/namei.c -index ef39232..0fa91ba 100644 ---- a/fs/reiserfs/namei.c -+++ b/fs/reiserfs/namei.c -@@ -1225,6 +1225,8 @@ static int reiserfs_rename(struct inode *old_dir, struct dentry *old_dentry, - unsigned long savelink = 1; - struct timespec ctime; - -+ pax_track_stack(); -+ - /* three balancings: (1) old name removal, (2) new name insertion - and (3) maybe "save" link insertion - stat data updates: (1) old directory, diff --git a/fs/reiserfs/procfs.c b/fs/reiserfs/procfs.c -index 7a99811..2c9286f 100644 +index 7a99811..a7c96c4 100644 --- a/fs/reiserfs/procfs.c +++ b/fs/reiserfs/procfs.c @@ -113,7 +113,7 @@ static int show_super(struct seq_file *m, struct super_block *sb) @@ -49717,79 +46682,8 @@ index 7a99811..2c9286f 100644 SF(s_disk_reads), SF(s_disk_writes), SF(s_fix_nodes), SF(s_do_balance), SF(s_unneeded_left_neighbor), SF(s_good_search_by_key_reada), SF(s_bmaps), -@@ -299,6 +299,8 @@ static int show_journal(struct seq_file *m, struct super_block *sb) - struct journal_params *jp = &rs->s_v1.s_journal; - char b[BDEVNAME_SIZE]; - -+ pax_track_stack(); -+ - seq_printf(m, /* on-disk fields */ - "jp_journal_1st_block: \t%i\n" - "jp_journal_dev: \t%s[%x]\n" -diff --git a/fs/reiserfs/stree.c b/fs/reiserfs/stree.c -index 313d39d..3a5811b 100644 ---- a/fs/reiserfs/stree.c -+++ b/fs/reiserfs/stree.c -@@ -1196,6 +1196,8 @@ int reiserfs_delete_item(struct reiserfs_transaction_handle *th, - int iter = 0; - #endif - -+ pax_track_stack(); -+ - BUG_ON(!th->t_trans_id); - - init_tb_struct(th, &s_del_balance, sb, path, -@@ -1333,6 +1335,8 @@ void reiserfs_delete_solid_item(struct reiserfs_transaction_handle *th, - int retval; - int quota_cut_bytes = 0; - -+ pax_track_stack(); -+ - BUG_ON(!th->t_trans_id); - - le_key2cpu_key(&cpu_key, key); -@@ -1562,6 +1566,8 @@ int reiserfs_cut_from_item(struct reiserfs_transaction_handle *th, - int quota_cut_bytes; - loff_t tail_pos = 0; - -+ pax_track_stack(); -+ - BUG_ON(!th->t_trans_id); - - init_tb_struct(th, &s_cut_balance, inode->i_sb, path, -@@ -1957,6 +1963,8 @@ int reiserfs_paste_into_item(struct reiserfs_transaction_handle *th, struct tree - int retval; - int fs_gen; - -+ pax_track_stack(); -+ - BUG_ON(!th->t_trans_id); - - fs_gen = get_generation(inode->i_sb); -@@ -2045,6 +2053,8 @@ int reiserfs_insert_item(struct reiserfs_transaction_handle *th, - int fs_gen = 0; - int quota_bytes = 0; - -+ pax_track_stack(); -+ - BUG_ON(!th->t_trans_id); - - if (inode) { /* Do we count quotas for item? */ -diff --git a/fs/reiserfs/super.c b/fs/reiserfs/super.c -index 5e3527b..e55e569 100644 ---- a/fs/reiserfs/super.c -+++ b/fs/reiserfs/super.c -@@ -931,6 +931,8 @@ static int reiserfs_parse_options(struct super_block *s, char *options, /* strin - {.option_name = NULL} - }; - -+ pax_track_stack(); -+ - *blocks = 0; - if (!options || !*options) - /* use default configuration: create tails, journaling on, no diff --git a/fs/select.c b/fs/select.c -index d33418f..f8e06bc 100644 +index d33418f..2a5345e 100644 --- a/fs/select.c +++ b/fs/select.c @@ -20,6 +20,7 @@ @@ -49800,30 +46694,10 @@ index d33418f..f8e06bc 100644 #include <linux/personality.h> /* for STICKY_TIMEOUTS */ #include <linux/file.h> #include <linux/fdtable.h> -@@ -403,6 +404,8 @@ int do_select(int n, fd_set_bits *fds, struct timespec *end_time) - int retval, i, timed_out = 0; - unsigned long slack = 0; - -+ pax_track_stack(); -+ - rcu_read_lock(); - retval = max_select_fd(n, fds); - rcu_read_unlock(); -@@ -528,6 +531,8 @@ int core_sys_select(int n, fd_set __user *inp, fd_set __user *outp, - /* Allocate small arguments on the stack to save memory and be faster */ - long stack_fds[SELECT_STACK_ALLOC/sizeof(long)]; - -+ pax_track_stack(); -+ - ret = -EINVAL; - if (n < 0) - goto out_nofds; -@@ -837,6 +842,9 @@ int do_sys_poll(struct pollfd __user *ufds, unsigned int nfds, +@@ -837,6 +838,7 @@ int do_sys_poll(struct pollfd __user *ufds, unsigned int nfds, struct poll_list *walk = head; unsigned long todo = nfds; -+ pax_track_stack(); -+ + gr_learn_resource(current, RLIMIT_NOFILE, nfds, 1); if (nfds > rlimit(RLIMIT_NOFILE)) return -EINVAL; @@ -49882,7 +46756,7 @@ index dba43c3..a99fb63 100644 if (op) { diff --git a/fs/splice.c b/fs/splice.c -index fa2defa..9a697a5 100644 +index fa2defa..8601650 100644 --- a/fs/splice.c +++ b/fs/splice.c @@ -194,7 +194,7 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe, @@ -49906,16 +46780,7 @@ index fa2defa..9a697a5 100644 } pipe_unlock(pipe); -@@ -320,6 +320,8 @@ __generic_file_splice_read(struct file *in, loff_t *ppos, - .spd_release = spd_release_page, - }; - -+ pax_track_stack(); -+ - if (splice_grow_spd(pipe, &spd)) - return -ENOMEM; - -@@ -560,7 +562,7 @@ static ssize_t kernel_readv(struct file *file, const struct iovec *vec, +@@ -560,7 +560,7 @@ static ssize_t kernel_readv(struct file *file, const struct iovec *vec, old_fs = get_fs(); set_fs(get_ds()); /* The cast to a user pointer is valid due to the set_fs() */ @@ -49924,7 +46789,7 @@ index fa2defa..9a697a5 100644 set_fs(old_fs); return res; -@@ -575,7 +577,7 @@ static ssize_t kernel_write(struct file *file, const char *buf, size_t count, +@@ -575,7 +575,7 @@ static ssize_t kernel_write(struct file *file, const char *buf, size_t count, old_fs = get_fs(); set_fs(get_ds()); /* The cast to a user pointer is valid due to the set_fs() */ @@ -49933,16 +46798,7 @@ index fa2defa..9a697a5 100644 set_fs(old_fs); return res; -@@ -603,6 +605,8 @@ ssize_t default_file_splice_read(struct file *in, loff_t *ppos, - .spd_release = spd_release_page, - }; - -+ pax_track_stack(); -+ - if (splice_grow_spd(pipe, &spd)) - return -ENOMEM; - -@@ -626,7 +630,7 @@ ssize_t default_file_splice_read(struct file *in, loff_t *ppos, +@@ -626,7 +626,7 @@ ssize_t default_file_splice_read(struct file *in, loff_t *ppos, goto err; this_len = min_t(size_t, len, PAGE_CACHE_SIZE - offset); @@ -49951,7 +46807,7 @@ index fa2defa..9a697a5 100644 vec[i].iov_len = this_len; spd.pages[i] = page; spd.nr_pages++; -@@ -846,10 +850,10 @@ EXPORT_SYMBOL(splice_from_pipe_feed); +@@ -846,10 +846,10 @@ EXPORT_SYMBOL(splice_from_pipe_feed); int splice_from_pipe_next(struct pipe_inode_info *pipe, struct splice_desc *sd) { while (!pipe->nrbufs) { @@ -49964,7 +46820,7 @@ index fa2defa..9a697a5 100644 return 0; if (sd->flags & SPLICE_F_NONBLOCK) -@@ -1182,7 +1186,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd, +@@ -1182,7 +1182,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd, * out of the pipe right after the splice_to_pipe(). So set * PIPE_READERS appropriately. */ @@ -49973,16 +46829,7 @@ index fa2defa..9a697a5 100644 current->splice_pipe = pipe; } -@@ -1619,6 +1623,8 @@ static long vmsplice_to_pipe(struct file *file, const struct iovec __user *iov, - }; - long ret; - -+ pax_track_stack(); -+ - pipe = get_pipe_info(file); - if (!pipe) - return -EBADF; -@@ -1734,9 +1740,9 @@ static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags) +@@ -1734,9 +1734,9 @@ static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags) ret = -ERESTARTSYS; break; } @@ -49994,7 +46841,7 @@ index fa2defa..9a697a5 100644 if (flags & SPLICE_F_NONBLOCK) { ret = -EAGAIN; break; -@@ -1768,7 +1774,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) +@@ -1768,7 +1768,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) pipe_lock(pipe); while (pipe->nrbufs >= pipe->buffers) { @@ -50003,7 +46850,7 @@ index fa2defa..9a697a5 100644 send_sig(SIGPIPE, current, 0); ret = -EPIPE; break; -@@ -1781,9 +1787,9 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) +@@ -1781,9 +1781,9 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) ret = -ERESTARTSYS; break; } @@ -50015,7 +46862,7 @@ index fa2defa..9a697a5 100644 } pipe_unlock(pipe); -@@ -1819,14 +1825,14 @@ retry: +@@ -1819,14 +1819,14 @@ retry: pipe_double_lock(ipipe, opipe); do { @@ -50032,7 +46879,7 @@ index fa2defa..9a697a5 100644 break; /* -@@ -1923,7 +1929,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, +@@ -1923,7 +1923,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, pipe_double_lock(ipipe, opipe); do { @@ -50041,7 +46888,7 @@ index fa2defa..9a697a5 100644 send_sig(SIGPIPE, current, 0); if (!ret) ret = -EPIPE; -@@ -1968,7 +1974,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, +@@ -1968,7 +1968,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, * return EAGAIN if we have the potential of some data in the * future, otherwise just return 0 */ @@ -50051,7 +46898,7 @@ index fa2defa..9a697a5 100644 pipe_unlock(ipipe); diff --git a/fs/sysfs/file.c b/fs/sysfs/file.c -index 1ad8c93..6633545 100644 +index d4e6080b..0e58b99 100644 --- a/fs/sysfs/file.c +++ b/fs/sysfs/file.c @@ -37,7 +37,7 @@ static DEFINE_SPINLOCK(sysfs_open_dirent_lock); @@ -50128,24 +46975,11 @@ index a7ac78f..02158e1 100644 if (!IS_ERR(page)) free_page((unsigned long)page); } -diff --git a/fs/udf/inode.c b/fs/udf/inode.c -index 262050f..d2df565 100644 ---- a/fs/udf/inode.c -+++ b/fs/udf/inode.c -@@ -576,6 +576,8 @@ static struct buffer_head *inode_getblk(struct inode *inode, sector_t block, - int goal = 0, pgoal = iinfo->i_location.logicalBlockNum; - int lastblock = 0; - -+ pax_track_stack(); -+ - prev_epos.offset = udf_file_entry_alloc_offset(inode); - prev_epos.block = iinfo->i_location; - prev_epos.bh = NULL; diff --git a/fs/udf/misc.c b/fs/udf/misc.c -index 9215700..bf1f68e 100644 +index c175b4d..8f36a16 100644 --- a/fs/udf/misc.c +++ b/fs/udf/misc.c -@@ -286,7 +286,7 @@ void udf_new_tag(char *data, uint16_t ident, uint16_t version, uint16_t snum, +@@ -289,7 +289,7 @@ void udf_new_tag(char *data, uint16_t ident, uint16_t version, uint16_t snum, u8 udf_tag_checksum(const struct tag *t) { @@ -50180,10 +47014,10 @@ index ba653f3..06ea4b1 100644 error = notify_change(path->dentry, &newattrs); mutex_unlock(&inode->i_mutex); diff --git a/fs/xattr.c b/fs/xattr.c -index f060663..def7007 100644 +index 67583de..c5aad14 100644 --- a/fs/xattr.c +++ b/fs/xattr.c -@@ -254,7 +254,7 @@ EXPORT_SYMBOL_GPL(vfs_removexattr); +@@ -315,7 +315,7 @@ EXPORT_SYMBOL_GPL(vfs_removexattr); * Extended attribute SET operations */ static long @@ -50192,7 +47026,7 @@ index f060663..def7007 100644 size_t size, int flags) { int error; -@@ -278,7 +278,13 @@ setxattr(struct dentry *d, const char __user *name, const void __user *value, +@@ -339,7 +339,13 @@ setxattr(struct dentry *d, const char __user *name, const void __user *value, return PTR_ERR(kvalue); } @@ -50207,7 +47041,7 @@ index f060663..def7007 100644 kfree(kvalue); return error; } -@@ -295,7 +301,7 @@ SYSCALL_DEFINE5(setxattr, const char __user *, pathname, +@@ -356,7 +362,7 @@ SYSCALL_DEFINE5(setxattr, const char __user *, pathname, return error; error = mnt_want_write(path.mnt); if (!error) { @@ -50216,7 +47050,7 @@ index f060663..def7007 100644 mnt_drop_write(path.mnt); } path_put(&path); -@@ -314,7 +320,7 @@ SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname, +@@ -375,7 +381,7 @@ SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname, return error; error = mnt_want_write(path.mnt); if (!error) { @@ -50225,7 +47059,7 @@ index f060663..def7007 100644 mnt_drop_write(path.mnt); } path_put(&path); -@@ -325,17 +331,15 @@ SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name, +@@ -386,17 +392,15 @@ SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name, const void __user *,value, size_t, size, int, flags) { struct file *f; @@ -50261,10 +47095,10 @@ index 8d5a506..7f62712 100644 struct posix_acl *acl; struct posix_acl_entry *acl_e; diff --git a/fs/xfs/xfs_bmap.c b/fs/xfs/xfs_bmap.c -index 452a291..91a95f3b 100644 +index d0ab788..827999b 100644 --- a/fs/xfs/xfs_bmap.c +++ b/fs/xfs/xfs_bmap.c -@@ -250,7 +250,7 @@ xfs_bmap_validate_ret( +@@ -190,7 +190,7 @@ xfs_bmap_validate_ret( int nmap, int ret_nmap); #else @@ -50295,7 +47129,7 @@ index 79d05e8..e3e5861 100644 *offset = off & 0x7fffffff; return 0; diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c -index f7ce7de..e1a5db0 100644 +index d99a905..9f88202 100644 --- a/fs/xfs/xfs_ioctl.c +++ b/fs/xfs/xfs_ioctl.c @@ -128,7 +128,7 @@ xfs_find_handle( @@ -50308,10 +47142,10 @@ index f7ce7de..e1a5db0 100644 goto out_put; diff --git a/fs/xfs/xfs_iops.c b/fs/xfs/xfs_iops.c -index 474920b..97169a9 100644 +index 23ce927..e274cc1 100644 --- a/fs/xfs/xfs_iops.c +++ b/fs/xfs/xfs_iops.c -@@ -446,7 +446,7 @@ xfs_vn_put_link( +@@ -447,7 +447,7 @@ xfs_vn_put_link( struct nameidata *nd, void *p) { @@ -60667,7 +57501,7 @@ index 76bff2b..c7a14e2 100644 #endif /* _ASM_GENERIC_PGTABLE_H */ diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h -index db22d13..1f2e3e1 100644 +index b5e2e4c..6a5373e 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h @@ -217,6 +217,7 @@ @@ -60678,7 +57512,7 @@ index db22d13..1f2e3e1 100644 *(__vermagic) /* Kernel version magic */ \ . = ALIGN(8); \ VMLINUX_SYMBOL(__start___tracepoints_ptrs) = .; \ -@@ -723,17 +724,18 @@ +@@ -722,17 +723,18 @@ * section in the linker script will go there too. @phdr should have * a leading colon. * @@ -60702,10 +57536,10 @@ index db22d13..1f2e3e1 100644 /** * PERCPU_SECTION - define output section for percpu area, simple version diff --git a/include/drm/drmP.h b/include/drm/drmP.h -index 9b7c2bb..76b7d1e 100644 +index 1f9e951..14ef517 100644 --- a/include/drm/drmP.h +++ b/include/drm/drmP.h -@@ -73,6 +73,7 @@ +@@ -72,6 +72,7 @@ #include <linux/workqueue.h> #include <linux/poll.h> #include <asm/pgalloc.h> @@ -60713,7 +57547,7 @@ index 9b7c2bb..76b7d1e 100644 #include "drm.h" #include <linux/idr.h> -@@ -1035,7 +1036,7 @@ struct drm_device { +@@ -1038,7 +1039,7 @@ struct drm_device { /** \name Usage Counters */ /*@{ */ @@ -60722,7 +57556,7 @@ index 9b7c2bb..76b7d1e 100644 atomic_t ioctl_count; /**< Outstanding IOCTLs pending */ atomic_t vma_count; /**< Outstanding vma areas open */ int buf_use; /**< Buffers in use -- cannot alloc */ -@@ -1046,7 +1047,7 @@ struct drm_device { +@@ -1049,7 +1050,7 @@ struct drm_device { /*@{ */ unsigned long counters; enum drm_stat_type types[15]; @@ -60811,7 +57645,7 @@ index fd88a39..f4d0bad 100644 }; diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h -index 5e30b45..5b41b49 100644 +index 94acd81..3ab569b 100644 --- a/include/linux/blkdev.h +++ b/include/linux/blkdev.h @@ -675,6 +675,9 @@ extern int blk_insert_cloned_request(struct request_queue *q, @@ -60824,7 +57658,7 @@ index 5e30b45..5b41b49 100644 extern int scsi_cmd_ioctl(struct request_queue *, struct gendisk *, fmode_t, unsigned int, void __user *); extern int sg_scsi_ioctl(struct request_queue *, struct gendisk *, fmode_t, -@@ -1318,7 +1321,7 @@ struct block_device_operations { +@@ -1312,7 +1315,7 @@ struct block_device_operations { /* this callback is with swap_lock and sometimes page table lock held */ void (*swap_slot_free_notify) (struct block_device *, unsigned long); struct module *owner; @@ -60834,7 +57668,7 @@ index 5e30b45..5b41b49 100644 extern int __blkdev_driver_ioctl(struct block_device *, fmode_t, unsigned int, unsigned long); diff --git a/include/linux/blktrace_api.h b/include/linux/blktrace_api.h -index 8e9e4bc..88bd457 100644 +index 4d1a074..88f929a 100644 --- a/include/linux/blktrace_api.h +++ b/include/linux/blktrace_api.h @@ -162,7 +162,7 @@ struct blk_trace { @@ -60930,10 +57764,10 @@ index 4c57065..4307975 100644 #define ____cacheline_aligned __attribute__((__aligned__(SMP_CACHE_BYTES))) #endif diff --git a/include/linux/capability.h b/include/linux/capability.h -index c421123..e343179 100644 +index a63d13d..069bfd5 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h -@@ -547,6 +547,9 @@ extern bool capable(int cap); +@@ -548,6 +548,9 @@ extern bool capable(int cap); extern bool ns_capable(struct user_namespace *ns, int cap); extern bool task_ns_capable(struct task_struct *t, int cap); extern bool nsown_capable(int cap); @@ -61137,10 +57971,10 @@ index 4030896..8d6f342 100644 /** diff --git a/include/linux/crypto.h b/include/linux/crypto.h -index e5e468e..f079672 100644 +index 8a94217..15d49e3 100644 --- a/include/linux/crypto.h +++ b/include/linux/crypto.h -@@ -361,7 +361,7 @@ struct cipher_tfm { +@@ -365,7 +365,7 @@ struct cipher_tfm { const u8 *key, unsigned int keylen); void (*cit_encrypt_one)(struct crypto_tfm *tfm, u8 *dst, const u8 *src); void (*cit_decrypt_one)(struct crypto_tfm *tfm, u8 *dst, const u8 *src); @@ -61149,7 +57983,7 @@ index e5e468e..f079672 100644 struct hash_tfm { int (*init)(struct hash_desc *desc); -@@ -382,13 +382,13 @@ struct compress_tfm { +@@ -386,13 +386,13 @@ struct compress_tfm { int (*cot_decompress)(struct crypto_tfm *tfm, const u8 *src, unsigned int slen, u8 *dst, unsigned int *dlen); @@ -61179,12 +58013,12 @@ index 7925bf0..d5143d2 100644 #define large_malloc(a) vmalloc(a) diff --git a/include/linux/dma-mapping.h b/include/linux/dma-mapping.h -index 347fdc3..cd01657 100644 +index e13117c..e9fc938 100644 --- a/include/linux/dma-mapping.h +++ b/include/linux/dma-mapping.h -@@ -42,7 +42,7 @@ struct dma_map_ops { - int (*dma_supported)(struct device *dev, u64 mask); - int (*set_dma_mask)(struct device *dev, u64 mask); +@@ -46,7 +46,7 @@ struct dma_map_ops { + u64 (*get_required_mask)(struct device *dev); + #endif int is_phys; -}; +} __do_const; @@ -61205,7 +58039,7 @@ index 2362a0b..cfaf8fcc 100644 struct efivars { /* diff --git a/include/linux/elf.h b/include/linux/elf.h -index 110821c..cb14c08 100644 +index 31f0508..5421c01 100644 --- a/include/linux/elf.h +++ b/include/linux/elf.h @@ -49,6 +49,17 @@ typedef __s64 Elf64_Sxword; @@ -61264,7 +58098,7 @@ index 110821c..cb14c08 100644 #define ELFMAG0 0x7f /* EI_MAG */ #define ELFMAG1 'E' #define ELFMAG2 'L' -@@ -422,6 +450,7 @@ extern Elf32_Dyn _DYNAMIC []; +@@ -423,6 +451,7 @@ extern Elf32_Dyn _DYNAMIC []; #define elf_note elf32_note #define elf_addr_t Elf32_Off #define Elf_Half Elf32_Half @@ -61272,7 +58106,7 @@ index 110821c..cb14c08 100644 #else -@@ -432,6 +461,7 @@ extern Elf64_Dyn _DYNAMIC []; +@@ -433,6 +462,7 @@ extern Elf64_Dyn _DYNAMIC []; #define elf_note elf64_note #define elf_addr_t Elf64_Off #define Elf_Half Elf64_Half @@ -61281,7 +58115,7 @@ index 110821c..cb14c08 100644 #endif diff --git a/include/linux/filter.h b/include/linux/filter.h -index 741956f..f02f482 100644 +index 8eeb205..d59bfa2 100644 --- a/include/linux/filter.h +++ b/include/linux/filter.h @@ -134,6 +134,7 @@ struct sock_fprog { /* Required for SO_ATTACH_FILTER. */ @@ -61316,10 +58150,10 @@ index 84ccf8e..2e9b14c 100644 }; diff --git a/include/linux/fs.h b/include/linux/fs.h -index cf7bc25..0d2babf 100644 +index e0bc4ff..d79c2fa 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h -@@ -1588,7 +1588,8 @@ struct file_operations { +@@ -1608,7 +1608,8 @@ struct file_operations { int (*setlease)(struct file *, long, struct file_lock **); long (*fallocate)(struct file *file, int mode, loff_t offset, loff_t len); @@ -61343,7 +58177,7 @@ index 003dc0f..3c4ea97 100644 seqcount_t seq; int umask; diff --git a/include/linux/fscache-cache.h b/include/linux/fscache-cache.h -index af095b5..cf1220c 100644 +index ce31408..b1ad003 100644 --- a/include/linux/fscache-cache.h +++ b/include/linux/fscache-cache.h @@ -102,7 +102,7 @@ struct fscache_operation { @@ -61390,7 +58224,7 @@ index 91d0e0a3..035666b 100644 /* * A group is a "thing" that wants to receive notification about filesystem diff --git a/include/linux/ftrace_event.h b/include/linux/ftrace_event.h -index 96efa67..1261547 100644 +index c3da42d..c70e0df 100644 --- a/include/linux/ftrace_event.h +++ b/include/linux/ftrace_event.h @@ -97,7 +97,7 @@ struct trace_event_functions { @@ -61402,7 +58236,7 @@ index 96efa67..1261547 100644 struct trace_event { struct hlist_node node; -@@ -252,7 +252,7 @@ extern int trace_define_field(struct ftrace_event_call *call, const char *type, +@@ -254,7 +254,7 @@ extern int trace_define_field(struct ftrace_event_call *call, const char *type, extern int trace_add_event_call(struct ftrace_event_call *call); extern void trace_remove_event_call(struct ftrace_event_call *call); @@ -61412,10 +58246,10 @@ index 96efa67..1261547 100644 int trace_set_clr_event(const char *system, const char *event, int set); diff --git a/include/linux/genhd.h b/include/linux/genhd.h -index 02fa469..a15f279 100644 +index 6d18f35..ab71e2c 100644 --- a/include/linux/genhd.h +++ b/include/linux/genhd.h -@@ -184,7 +184,7 @@ struct gendisk { +@@ -185,7 +185,7 @@ struct gendisk { struct kobject *slave_dir; struct timer_rand_state *random; @@ -62511,10 +59345,10 @@ index 0000000..e7ffaaf + +#endif diff --git a/include/linux/hid.h b/include/linux/hid.h -index 9cf8e7a..5ec94d0 100644 +index c235e4e..f0cf7a0 100644 --- a/include/linux/hid.h +++ b/include/linux/hid.h -@@ -676,7 +676,7 @@ struct hid_ll_driver { +@@ -679,7 +679,7 @@ struct hid_ll_driver { unsigned int code, int value); int (*parse)(struct hid_device *hdev); @@ -62547,10 +59381,10 @@ index 3a93f73..b19d0b3 100644 unsigned start1, unsigned end1, unsigned start2, unsigned end2) diff --git a/include/linux/i2c.h b/include/linux/i2c.h -index a6c652e..1f5878f 100644 +index 07d103a..04ec65b 100644 --- a/include/linux/i2c.h +++ b/include/linux/i2c.h -@@ -346,6 +346,7 @@ struct i2c_algorithm { +@@ -364,6 +364,7 @@ struct i2c_algorithm { /* To determine what the adapter supports */ u32 (*functionality) (struct i2c_adapter *); }; @@ -62592,12 +59426,12 @@ index 9146f39..885354d 100644 void cleanup_module(void) __attribute__((alias(#exitfn))); diff --git a/include/linux/init_task.h b/include/linux/init_task.h -index d14e058..4162929 100644 +index 32574ee..00d4ef1 100644 --- a/include/linux/init_task.h +++ b/include/linux/init_task.h -@@ -126,6 +126,12 @@ extern struct cred init_cred; - # define INIT_PERF_EVENTS(tsk) - #endif +@@ -128,6 +128,12 @@ extern struct cred init_cred; + + #define INIT_TASK_COMM "swapper" +#ifdef CONFIG_X86 +#define INIT_TASK_THREAD_INFO .tinfo = INIT_THREAD_INFO, @@ -62608,16 +59442,16 @@ index d14e058..4162929 100644 /* * INIT_TASK is used to set up the first task table, touch at * your own risk!. Base=0, limit=0x1fffff (=2MB) -@@ -164,6 +170,7 @@ extern struct cred init_cred; +@@ -166,6 +172,7 @@ extern struct cred init_cred; RCU_INIT_POINTER(.cred, &init_cred), \ - .comm = "swapper", \ + .comm = INIT_TASK_COMM, \ .thread = INIT_THREAD, \ + INIT_TASK_THREAD_INFO \ .fs = &init_fs, \ .files = &init_files, \ .signal = &init_signals, \ diff --git a/include/linux/intel-iommu.h b/include/linux/intel-iommu.h -index 9310c69..6ebb244 100644 +index e6ca56d..8583707 100644 --- a/include/linux/intel-iommu.h +++ b/include/linux/intel-iommu.h @@ -296,7 +296,7 @@ struct iommu_flush { @@ -62630,10 +59464,10 @@ index 9310c69..6ebb244 100644 enum { SR_DMAR_FECTL_REG, diff --git a/include/linux/interrupt.h b/include/linux/interrupt.h -index f51a81b..adfcb44 100644 +index a64b00e..464d8bc 100644 --- a/include/linux/interrupt.h +++ b/include/linux/interrupt.h -@@ -425,7 +425,7 @@ enum +@@ -441,7 +441,7 @@ enum /* map softirq index to softirq name. update 'softirq_to_name' in * kernel/softirq.c when adding a new softirq. */ @@ -62642,7 +59476,7 @@ index f51a81b..adfcb44 100644 /* softirq mask and active fields moved to irq_cpustat_t in * asm/hardirq.h to get better cache usage. KAO -@@ -433,12 +433,12 @@ extern char *softirq_to_name[NR_SOFTIRQS]; +@@ -449,12 +449,12 @@ extern char *softirq_to_name[NR_SOFTIRQS]; struct softirq_action { @@ -62658,7 +59492,7 @@ index f51a81b..adfcb44 100644 static inline void __raise_softirq_irqoff(unsigned int nr) { diff --git a/include/linux/kallsyms.h b/include/linux/kallsyms.h -index 0df513b..fe901a2 100644 +index 3875719..4cd454c 100644 --- a/include/linux/kallsyms.h +++ b/include/linux/kallsyms.h @@ -15,7 +15,8 @@ @@ -62676,7 +59510,7 @@ index 0df513b..fe901a2 100644 #define __print_symbol(fmt, addr) #endif /*CONFIG_KALLSYMS*/ +#else /* when included by kallsyms.c, vsnprintf.c, or -+ arch/x86/kernel/dumpstack.c, with HIDESYM enabled */ ++ arch/x86/kernel/dumpstack.c, with HIDESYM enabled */ +extern void __print_symbol(const char *fmt, unsigned long address); +extern int sprint_backtrace(char *buffer, unsigned long address); +extern int sprint_symbol(char *buffer, unsigned long address); @@ -62687,7 +59521,7 @@ index 0df513b..fe901a2 100644 +#endif /* This macro allows us to keep printk typechecking */ - static void __check_printsym_format(const char *fmt, ...) + static __printf(1, 2) diff --git a/include/linux/kgdb.h b/include/linux/kgdb.h index fa39183..40160be 100644 --- a/include/linux/kgdb.h @@ -62720,20 +59554,20 @@ index fa39183..40160be 100644 extern struct kgdb_arch arch_kgdb_ops; diff --git a/include/linux/kmod.h b/include/linux/kmod.h -index 0da38cf..d23f05f 100644 +index b16f653..eb908f4 100644 --- a/include/linux/kmod.h +++ b/include/linux/kmod.h @@ -34,6 +34,8 @@ extern char modprobe_path[]; /* for sysctl */ * usually useless though. */ - extern int __request_module(bool wait, const char *name, ...) \ - __attribute__((format(printf, 2, 3))); -+extern int ___request_module(bool wait, char *param_name, const char *name, ...) \ -+ __attribute__((format(printf, 3, 4))); + extern __printf(2, 3) + int __request_module(bool wait, const char *name, ...); ++extern __printf(3, 4) ++int ___request_module(bool wait, char *param_name, const char *name, ...); #define request_module(mod...) __request_module(true, mod) #define request_module_nowait(mod...) __request_module(false, mod) #define try_then_request_module(x, mod...) \ diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h -index eabb21a..3f030f4 100644 +index d526231..086e89b 100644 --- a/include/linux/kvm_host.h +++ b/include/linux/kvm_host.h @@ -308,7 +308,7 @@ void kvm_vcpu_uninit(struct kvm_vcpu *vcpu); @@ -62755,7 +59589,7 @@ index eabb21a..3f030f4 100644 int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu); diff --git a/include/linux/libata.h b/include/linux/libata.h -index efd6f98..5f5fd37 100644 +index cafc09a..d7e7829 100644 --- a/include/linux/libata.h +++ b/include/linux/libata.h @@ -909,7 +909,7 @@ struct ata_port_operations { @@ -62794,10 +59628,10 @@ index 935699b..11042cc 100644 /* * Kernel text modification mutex, used for code patching. Users of this lock diff --git a/include/linux/mfd/abx500.h b/include/linux/mfd/abx500.h -index 896b5e4..1159ad0 100644 +index 9970337..9444122 100644 --- a/include/linux/mfd/abx500.h +++ b/include/linux/mfd/abx500.h -@@ -234,6 +234,7 @@ struct abx500_ops { +@@ -188,6 +188,7 @@ struct abx500_ops { int (*event_registers_startup_state_get) (struct device *, u8 *); int (*startup_irq_enabled) (struct device *, unsigned int); }; @@ -62806,10 +59640,10 @@ index 896b5e4..1159ad0 100644 int abx500_register_ops(struct device *core_dev, struct abx500_ops *ops); void abx500_remove_ops(struct device *dev); diff --git a/include/linux/mm.h b/include/linux/mm.h -index fedc5f0..7cedb6d 100644 +index 4baadd1..2e0b45e 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h -@@ -114,7 +114,14 @@ extern unsigned int kobjsize(const void *objp); +@@ -115,7 +115,14 @@ extern unsigned int kobjsize(const void *objp); #define VM_CAN_NONLINEAR 0x08000000 /* Has ->fault & does nonlinear pages */ #define VM_MIXEDMAP 0x10000000 /* Can contain "struct page" and pure PFN pages */ @@ -62824,7 +59658,7 @@ index fedc5f0..7cedb6d 100644 #define VM_PFN_AT_MMAP 0x40000000 /* PFNMAP vma that is fully mapped at mmap time */ #define VM_MERGEABLE 0x80000000 /* KSM may merge identical pages */ -@@ -1011,34 +1018,6 @@ int set_page_dirty(struct page *page); +@@ -1012,34 +1019,6 @@ int set_page_dirty(struct page *page); int set_page_dirty_lock(struct page *page); int clear_page_dirty_for_io(struct page *page); @@ -62859,7 +59693,7 @@ index fedc5f0..7cedb6d 100644 extern unsigned long move_page_tables(struct vm_area_struct *vma, unsigned long old_addr, struct vm_area_struct *new_vma, unsigned long new_addr, unsigned long len); -@@ -1133,6 +1112,15 @@ static inline void sync_mm_rss(struct task_struct *task, struct mm_struct *mm) +@@ -1134,6 +1113,15 @@ static inline void sync_mm_rss(struct task_struct *task, struct mm_struct *mm) } #endif @@ -62875,7 +59709,7 @@ index fedc5f0..7cedb6d 100644 int vma_wants_writenotify(struct vm_area_struct *vma); extern pte_t *__get_locked_pte(struct mm_struct *mm, unsigned long addr, -@@ -1417,6 +1405,7 @@ out: +@@ -1419,6 +1407,7 @@ out: } extern int do_munmap(struct mm_struct *, unsigned long, size_t); @@ -62883,7 +59717,7 @@ index fedc5f0..7cedb6d 100644 extern unsigned long do_brk(unsigned long, unsigned long); -@@ -1474,6 +1463,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add +@@ -1476,6 +1465,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr, struct vm_area_struct **pprev); @@ -62894,7 +59728,7 @@ index fedc5f0..7cedb6d 100644 /* Look up the first VMA which intersects the interval start_addr..end_addr-1, NULL if none. Assume start_addr < end_addr. */ static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * mm, unsigned long start_addr, unsigned long end_addr) -@@ -1490,15 +1483,6 @@ static inline unsigned long vma_pages(struct vm_area_struct *vma) +@@ -1492,15 +1485,6 @@ static inline unsigned long vma_pages(struct vm_area_struct *vma) return (vma->vm_end - vma->vm_start) >> PAGE_SHIFT; } @@ -62910,7 +59744,7 @@ index fedc5f0..7cedb6d 100644 struct vm_area_struct *find_extend_vma(struct mm_struct *, unsigned long addr); int remap_pfn_range(struct vm_area_struct *, unsigned long addr, unsigned long pfn, unsigned long size, pgprot_t); -@@ -1612,7 +1596,7 @@ extern int unpoison_memory(unsigned long pfn); +@@ -1614,7 +1598,7 @@ extern int unpoison_memory(unsigned long pfn); extern int sysctl_memory_failure_early_kill; extern int sysctl_memory_failure_recovery; extern void shake_page(struct page *p, int access); @@ -62919,7 +59753,7 @@ index fedc5f0..7cedb6d 100644 extern int soft_offline_page(struct page *page, int flags); extern void dump_page(struct page *page); -@@ -1626,5 +1610,11 @@ extern void copy_user_huge_page(struct page *dst, struct page *src, +@@ -1628,5 +1612,11 @@ extern void copy_user_huge_page(struct page *dst, struct page *src, unsigned int pages_per_huge_page); #endif /* CONFIG_TRANSPARENT_HUGEPAGE || CONFIG_HUGETLBFS */ @@ -62932,10 +59766,10 @@ index fedc5f0..7cedb6d 100644 #endif /* __KERNEL__ */ #endif /* _LINUX_MM_H */ diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h -index 10a2f62..d655142 100644 +index 5b42f1b..759e4b4 100644 --- a/include/linux/mm_types.h +++ b/include/linux/mm_types.h -@@ -230,6 +230,8 @@ struct vm_area_struct { +@@ -253,6 +253,8 @@ struct vm_area_struct { #ifdef CONFIG_NUMA struct mempolicy *vm_policy; /* NUMA policy for the VMA */ #endif @@ -62944,7 +59778,7 @@ index 10a2f62..d655142 100644 }; struct core_thread { -@@ -362,6 +364,24 @@ struct mm_struct { +@@ -389,6 +391,24 @@ struct mm_struct { #ifdef CONFIG_CPUMASK_OFFSTACK struct cpumask cpumask_allocation; #endif @@ -62990,10 +59824,10 @@ index 1d1b1e1..2a13c78 100644 #define pmdp_clear_flush_notify(__vma, __address, __pmdp) \ diff --git a/include/linux/mmzone.h b/include/linux/mmzone.h -index be1ac8d..26868ce 100644 +index 188cb2f..d78409b 100644 --- a/include/linux/mmzone.h +++ b/include/linux/mmzone.h -@@ -356,7 +356,7 @@ struct zone { +@@ -369,7 +369,7 @@ struct zone { unsigned long flags; /* zone flags, see below */ /* Zone statistics */ @@ -63003,7 +59837,7 @@ index be1ac8d..26868ce 100644 /* * The target ratio of ACTIVE_ANON to INACTIVE_ANON pages on diff --git a/include/linux/mod_devicetable.h b/include/linux/mod_devicetable.h -index ae28e93..1ac2233 100644 +index 468819c..17b9db3 100644 --- a/include/linux/mod_devicetable.h +++ b/include/linux/mod_devicetable.h @@ -12,7 +12,7 @@ @@ -63025,18 +59859,18 @@ index ae28e93..1ac2233 100644 struct hid_device_id { __u16 bus; diff --git a/include/linux/module.h b/include/linux/module.h -index 1c30087..fc2a442 100644 +index 3cb7839..511cb87 100644 --- a/include/linux/module.h +++ b/include/linux/module.h -@@ -16,6 +16,7 @@ - #include <linux/kobject.h> +@@ -17,6 +17,7 @@ #include <linux/moduleparam.h> #include <linux/tracepoint.h> + #include <linux/export.h> +#include <linux/fs.h> #include <linux/percpu.h> #include <asm/module.h> -@@ -327,19 +328,16 @@ struct module +@@ -261,19 +262,16 @@ struct module int (*init)(void); /* If this is non-NULL, vfree after init() returns */ @@ -63060,7 +59894,7 @@ index 1c30087..fc2a442 100644 /* Arch-specific module values */ struct mod_arch_specific arch; -@@ -395,6 +393,10 @@ struct module +@@ -329,6 +327,10 @@ struct module #ifdef CONFIG_EVENT_TRACING struct ftrace_event_call **trace_events; unsigned int num_trace_events; @@ -63071,7 +59905,7 @@ index 1c30087..fc2a442 100644 #endif #ifdef CONFIG_FTRACE_MCOUNT_RECORD unsigned int num_ftrace_callsites; -@@ -445,16 +447,46 @@ bool is_module_address(unsigned long addr); +@@ -379,16 +381,46 @@ bool is_module_address(unsigned long addr); bool is_module_percpu_address(unsigned long addr); bool is_module_text_address(unsigned long addr); @@ -63149,10 +59983,10 @@ index b2be02e..6a9fdb1 100644 or 0. */ int apply_relocate(Elf_Shdr *sechdrs, diff --git a/include/linux/moduleparam.h b/include/linux/moduleparam.h -index ddaae98..3c70938 100644 +index 7939f63..ec6df57 100644 --- a/include/linux/moduleparam.h +++ b/include/linux/moduleparam.h -@@ -255,7 +255,7 @@ static inline void __kernel_param_unlock(void) +@@ -260,7 +260,7 @@ static inline void __kernel_param_unlock(void) * @len is usually just sizeof(string). */ #define module_param_string(name, string, len, perm) \ @@ -63161,7 +59995,7 @@ index ddaae98..3c70938 100644 = { len, string }; \ __module_param_call(MODULE_PARAM_PREFIX, name, \ ¶m_ops_string, \ -@@ -370,7 +370,7 @@ extern int param_get_invbool(char *buffer, const struct kernel_param *kp); +@@ -395,7 +395,7 @@ extern int param_get_invbool(char *buffer, const struct kernel_param *kp); * module_param_named() for why this might be necessary. */ #define module_param_array_named(name, array, type, nump, perm) \ @@ -63199,10 +60033,10 @@ index ffc0213..2c1f2cb 100644 return nd->saved_names[nd->depth]; } diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h -index ddee79b..67af106 100644 +index a82ad4d..be68b4b 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h -@@ -944,6 +944,7 @@ struct net_device_ops { +@@ -949,6 +949,7 @@ struct net_device_ops { int (*ndo_set_features)(struct net_device *dev, u32 features); }; @@ -63239,7 +60073,7 @@ index c65a18a..0c05f3a 100644 extern void *prom_early_alloc(unsigned long size); diff --git a/include/linux/oprofile.h b/include/linux/oprofile.h -index 49c8727..34d2ae1 100644 +index a4c5624..79d6d88 100644 --- a/include/linux/oprofile.h +++ b/include/linux/oprofile.h @@ -139,9 +139,9 @@ int oprofilefs_create_ulong(struct super_block * sb, struct dentry * root, @@ -63268,10 +60102,10 @@ index 4633b2f..988bc08 100644 atomic_t refcnt; unsigned int max_seq_nr; diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h -index c816075..cd28c4d 100644 +index b1f8912..c955bff 100644 --- a/include/linux/perf_event.h +++ b/include/linux/perf_event.h -@@ -745,8 +745,8 @@ struct perf_event { +@@ -748,8 +748,8 @@ struct perf_event { enum perf_event_active_state state; unsigned int attach_state; @@ -63282,7 +60116,7 @@ index c816075..cd28c4d 100644 /* * These are the total time in nanoseconds that the event -@@ -797,8 +797,8 @@ struct perf_event { +@@ -800,8 +800,8 @@ struct perf_event { * These accumulate total time (in nanoseconds) that children * events have been enabled and running, respectively. */ @@ -63311,10 +60145,10 @@ index 77257c9..51d473a 100644 unsigned int w_counter; struct page *tmp_page; diff --git a/include/linux/pm_runtime.h b/include/linux/pm_runtime.h -index daac05d..c6802ce 100644 +index d3085e7..fd01052 100644 --- a/include/linux/pm_runtime.h +++ b/include/linux/pm_runtime.h -@@ -99,7 +99,7 @@ static inline bool pm_runtime_callbacks_present(struct device *dev) +@@ -95,7 +95,7 @@ static inline bool pm_runtime_callbacks_present(struct device *dev) static inline void pm_runtime_mark_last_busy(struct device *dev) { @@ -63385,10 +60219,10 @@ index 643b96c..ef55a9c 100644 struct ctl_table_header; struct ctl_table; diff --git a/include/linux/ptrace.h b/include/linux/ptrace.h -index 800f113..af90cc8 100644 +index 800f113..e9ee2e3 100644 --- a/include/linux/ptrace.h +++ b/include/linux/ptrace.h -@@ -129,10 +129,10 @@ extern void __ptrace_unlink(struct task_struct *child); +@@ -129,10 +129,12 @@ extern void __ptrace_unlink(struct task_struct *child); extern void exit_ptrace(struct task_struct *tracer); #define PTRACE_MODE_READ 1 #define PTRACE_MODE_ATTACH 2 @@ -63398,11 +60232,13 @@ index 800f113..af90cc8 100644 extern bool ptrace_may_access(struct task_struct *task, unsigned int mode); +/* Returns true on success, false on denial. */ +extern bool ptrace_may_access_log(struct task_struct *task, unsigned int mode); ++/* Returns true on success, false on denial. */ ++extern bool ptrace_may_access_nolock(struct task_struct *task, unsigned int mode); static inline int ptrace_reparented(struct task_struct *child) { diff --git a/include/linux/random.h b/include/linux/random.h -index d13059f..2eaafaa 100644 +index 8f74538..02a1012 100644 --- a/include/linux/random.h +++ b/include/linux/random.h @@ -69,12 +69,17 @@ void srandom32(u32 seed); @@ -63514,6 +60350,19 @@ index c6c6084..5bf1212 100644 #if defined(CONFIG_RFKILL) || defined(CONFIG_RFKILL_MODULE) /** +diff --git a/include/linux/rio.h b/include/linux/rio.h +index 4d50611..c6858a2 100644 +--- a/include/linux/rio.h ++++ b/include/linux/rio.h +@@ -315,7 +315,7 @@ struct rio_ops { + int mbox, void *buffer, size_t len); + int (*add_inb_buffer)(struct rio_mport *mport, int mbox, void *buf); + void *(*get_inb_message)(struct rio_mport *mport, int mbox); +-}; ++} __no_const; + + #define RIO_RESOURCE_MEM 0x00000100 + #define RIO_RESOURCE_DOORBELL 0x00000200 diff --git a/include/linux/rmap.h b/include/linux/rmap.h index 2148b12..519b820 100644 --- a/include/linux/rmap.h @@ -63530,10 +60379,10 @@ index 2148b12..519b820 100644 static inline void anon_vma_merge(struct vm_area_struct *vma, diff --git a/include/linux/sched.h b/include/linux/sched.h -index 41d0237..51dd96c 100644 +index 1c4f3e9..e96dced 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h -@@ -100,6 +100,7 @@ struct bio_list; +@@ -101,6 +101,7 @@ struct bio_list; struct fs_struct; struct perf_event_context; struct blk_plug; @@ -63585,7 +60434,7 @@ index 41d0237..51dd96c 100644 /* Hash table maintenance information */ struct hlist_node uidhash_node; uid_t uid; -@@ -1340,8 +1360,8 @@ struct task_struct { +@@ -1337,8 +1357,8 @@ struct task_struct { struct list_head thread_group; struct completion *vfork_done; /* for vfork() */ @@ -63596,7 +60445,7 @@ index 41d0237..51dd96c 100644 cputime_t utime, stime, utimescaled, stimescaled; cputime_t gtime; -@@ -1357,13 +1377,6 @@ struct task_struct { +@@ -1354,13 +1374,6 @@ struct task_struct { struct task_cputime cputime_expires; struct list_head cpu_timers[3]; @@ -63610,7 +60459,7 @@ index 41d0237..51dd96c 100644 char comm[TASK_COMM_LEN]; /* executable name excluding path - access with [gs]et_task_comm (which lock it with task_lock()) -@@ -1380,8 +1393,16 @@ struct task_struct { +@@ -1377,8 +1390,16 @@ struct task_struct { #endif /* CPU-specific state of this task */ struct thread_struct thread; @@ -63627,7 +60476,7 @@ index 41d0237..51dd96c 100644 /* open file information */ struct files_struct *files; /* namespaces */ -@@ -1428,6 +1449,11 @@ struct task_struct { +@@ -1425,6 +1446,11 @@ struct task_struct { struct rt_mutex_waiter *pi_blocked_on; #endif @@ -63639,7 +60488,7 @@ index 41d0237..51dd96c 100644 #ifdef CONFIG_DEBUG_MUTEXES /* mutex deadlock detection */ struct mutex_waiter *blocked_on; -@@ -1537,6 +1563,22 @@ struct task_struct { +@@ -1540,6 +1566,22 @@ struct task_struct { unsigned long default_timer_slack_ns; struct list_head *scm_work_list; @@ -63662,7 +60511,7 @@ index 41d0237..51dd96c 100644 #ifdef CONFIG_FUNCTION_GRAPH_TRACER /* Index of current stored address in ret_stack */ int curr_ret_stack; -@@ -1571,6 +1613,57 @@ struct task_struct { +@@ -1574,6 +1616,51 @@ struct task_struct { #endif }; @@ -63711,16 +60560,10 @@ index 41d0237..51dd96c 100644 +extern void pax_report_refcount_overflow(struct pt_regs *regs); +extern NORET_TYPE void pax_report_usercopy(const void *ptr, unsigned long len, bool to, const char *type) ATTRIB_NORET; + -+#ifdef CONFIG_PAX_MEMORY_STACKLEAK -+extern void pax_track_stack(void); -+#else -+static inline void pax_track_stack(void) {} -+#endif -+ /* Future-safe accessor for struct task_struct's cpus_allowed. */ #define tsk_cpus_allowed(tsk) (&(tsk)->cpus_allowed) -@@ -2074,7 +2167,9 @@ void yield(void); +@@ -2081,7 +2168,9 @@ void yield(void); extern struct exec_domain default_exec_domain; union thread_union { @@ -63730,7 +60573,7 @@ index 41d0237..51dd96c 100644 unsigned long stack[THREAD_SIZE/sizeof(long)]; }; -@@ -2107,6 +2202,7 @@ extern struct pid_namespace init_pid_ns; +@@ -2114,6 +2203,7 @@ extern struct pid_namespace init_pid_ns; */ extern struct task_struct *find_task_by_vpid(pid_t nr); @@ -63738,7 +60581,7 @@ index 41d0237..51dd96c 100644 extern struct task_struct *find_task_by_pid_ns(pid_t nr, struct pid_namespace *ns); -@@ -2243,7 +2339,7 @@ extern void __cleanup_sighand(struct sighand_struct *); +@@ -2251,7 +2341,7 @@ extern void __cleanup_sighand(struct sighand_struct *); extern void exit_itimers(struct signal_struct *); extern void flush_itimer_signals(void); @@ -63747,7 +60590,7 @@ index 41d0237..51dd96c 100644 extern void daemonize(const char *, ...); extern int allow_signal(int); -@@ -2408,13 +2504,17 @@ static inline unsigned long *end_of_stack(struct task_struct *p) +@@ -2416,13 +2506,17 @@ static inline unsigned long *end_of_stack(struct task_struct *p) #endif @@ -63782,19 +60625,19 @@ index 899fbb4..1cb4138 100644 #define VIDEO_TYPE_MDA 0x10 /* Monochrome Text Display */ diff --git a/include/linux/security.h b/include/linux/security.h -index ebd2a53..2d949ae 100644 +index e8c619d..e0cbd1c 100644 --- a/include/linux/security.h +++ b/include/linux/security.h -@@ -36,6 +36,7 @@ - #include <linux/key.h> +@@ -37,6 +37,7 @@ #include <linux/xfrm.h> #include <linux/slab.h> + #include <linux/xattr.h> +#include <linux/grsecurity.h> #include <net/flow.h> /* Maximum number of letters for an LSM name string */ diff --git a/include/linux/seq_file.h b/include/linux/seq_file.h -index be720cd..a0e1b94 100644 +index 0b69a46..e9e5538 100644 --- a/include/linux/seq_file.h +++ b/include/linux/seq_file.h @@ -33,6 +33,7 @@ struct seq_operations { @@ -63821,10 +60664,10 @@ index 92808b8..c28cac4 100644 /* shm_mode upper byte flags */ diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h -index 0f96646..cfb757a 100644 +index fe86488..1563c1c 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h -@@ -610,7 +610,7 @@ static inline struct skb_shared_hwtstamps *skb_hwtstamps(struct sk_buff *skb) +@@ -642,7 +642,7 @@ static inline struct skb_shared_hwtstamps *skb_hwtstamps(struct sk_buff *skb) */ static inline int skb_queue_empty(const struct sk_buff_head *list) { @@ -63833,7 +60676,7 @@ index 0f96646..cfb757a 100644 } /** -@@ -623,7 +623,7 @@ static inline int skb_queue_empty(const struct sk_buff_head *list) +@@ -655,7 +655,7 @@ static inline int skb_queue_empty(const struct sk_buff_head *list) static inline bool skb_queue_is_last(const struct sk_buff_head *list, const struct sk_buff *skb) { @@ -63842,7 +60685,7 @@ index 0f96646..cfb757a 100644 } /** -@@ -636,7 +636,7 @@ static inline bool skb_queue_is_last(const struct sk_buff_head *list, +@@ -668,7 +668,7 @@ static inline bool skb_queue_is_last(const struct sk_buff_head *list, static inline bool skb_queue_is_first(const struct sk_buff_head *list, const struct sk_buff *skb) { @@ -63851,7 +60694,7 @@ index 0f96646..cfb757a 100644 } /** -@@ -1458,7 +1458,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len) +@@ -1523,7 +1523,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len) * NET_IP_ALIGN(2) + ethernet_header(14) + IP_header(20/40) + ports(8) */ #ifndef NET_SKB_PAD @@ -63990,10 +60833,10 @@ index d00e0ba..1b3bf7b 100644 /* * If debugging is enabled, then the allocator can add additional diff --git a/include/linux/slub_def.h b/include/linux/slub_def.h -index f58d641..c56bf9c 100644 +index a32bcfd..53b71f4 100644 --- a/include/linux/slub_def.h +++ b/include/linux/slub_def.h -@@ -85,7 +85,7 @@ struct kmem_cache { +@@ -89,7 +89,7 @@ struct kmem_cache { struct kmem_cache_order_objects max; struct kmem_cache_order_objects min; gfp_t allocflags; /* gfp flags to use on each alloc */ @@ -64002,7 +60845,7 @@ index f58d641..c56bf9c 100644 void (*ctor)(void *); int inuse; /* Offset to metadata */ int align; /* Alignment */ -@@ -211,7 +211,7 @@ static __always_inline struct kmem_cache *kmalloc_slab(size_t size) +@@ -215,7 +215,7 @@ static __always_inline struct kmem_cache *kmalloc_slab(size_t size) } void *kmem_cache_alloc(struct kmem_cache *, gfp_t); @@ -64025,10 +60868,10 @@ index de8832d..0147b46 100644 #undef __HANDLE_ITEM }; diff --git a/include/linux/sunrpc/clnt.h b/include/linux/sunrpc/clnt.h -index db7bcaf..1aca77e 100644 +index 3d8f9c4..69f1c0a 100644 --- a/include/linux/sunrpc/clnt.h +++ b/include/linux/sunrpc/clnt.h -@@ -169,9 +169,9 @@ static inline unsigned short rpc_get_port(const struct sockaddr *sap) +@@ -172,9 +172,9 @@ static inline unsigned short rpc_get_port(const struct sockaddr *sap) { switch (sap->sa_family) { case AF_INET: @@ -64040,7 +60883,7 @@ index db7bcaf..1aca77e 100644 } return 0; } -@@ -204,7 +204,7 @@ static inline bool __rpc_cmp_addr4(const struct sockaddr *sap1, +@@ -207,7 +207,7 @@ static inline bool __rpc_cmp_addr4(const struct sockaddr *sap1, static inline bool __rpc_copy_addr4(struct sockaddr *dst, const struct sockaddr *src) { @@ -64049,7 +60892,7 @@ index db7bcaf..1aca77e 100644 struct sockaddr_in *dsin = (struct sockaddr_in *) dst; dsin->sin_family = ssin->sin_family; -@@ -301,7 +301,7 @@ static inline u32 rpc_get_scope_id(const struct sockaddr *sa) +@@ -310,7 +310,7 @@ static inline u32 rpc_get_scope_id(const struct sockaddr *sa) if (sa->sa_family != AF_INET6) return 0; @@ -64100,7 +60943,7 @@ index c14fe86..393245e 100644 #define RPCRDMA_VERSION 1 diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h -index 11684d9..0d245eb 100644 +index 703cfa3..0b8ca72ac 100644 --- a/include/linux/sysctl.h +++ b/include/linux/sysctl.h @@ -155,7 +155,11 @@ enum @@ -64116,7 +60959,7 @@ index 11684d9..0d245eb 100644 /* CTL_VM names: */ enum -@@ -967,6 +971,8 @@ typedef int proc_handler (struct ctl_table *ctl, int write, +@@ -968,6 +972,8 @@ typedef int proc_handler (struct ctl_table *ctl, int write, extern int proc_dostring(struct ctl_table *, int, void __user *, size_t *, loff_t *); @@ -64139,7 +60982,7 @@ index ff7dc08..893e1bd 100644 struct tty_ldisc { diff --git a/include/linux/types.h b/include/linux/types.h -index 176da8c..e45e473 100644 +index 57a9723..dbe234a 100644 --- a/include/linux/types.h +++ b/include/linux/types.h @@ -213,10 +213,26 @@ typedef struct { @@ -64231,11 +61074,33 @@ index 99c1b4d..bb94261 100644 } static inline void put_unaligned_le16(u16 val, void *p) +diff --git a/include/linux/usb/renesas_usbhs.h b/include/linux/usb/renesas_usbhs.h +index e5a40c3..20ab0f6 100644 +--- a/include/linux/usb/renesas_usbhs.h ++++ b/include/linux/usb/renesas_usbhs.h +@@ -39,7 +39,7 @@ enum { + */ + struct renesas_usbhs_driver_callback { + int (*notify_hotplug)(struct platform_device *pdev); +-}; ++} __no_const; + + /* + * callback functions for platform +@@ -89,7 +89,7 @@ struct renesas_usbhs_platform_callback { + * VBUS control is needed for Host + */ + int (*set_vbus)(struct platform_device *pdev, int enable); +-}; ++} __no_const; + + /* + * parameters for renesas usbhs diff --git a/include/linux/vermagic.h b/include/linux/vermagic.h -index cf97b5b..40ebc87 100644 +index 6f8fbcf..8259001 100644 --- a/include/linux/vermagic.h +++ b/include/linux/vermagic.h -@@ -26,9 +26,35 @@ +@@ -25,9 +25,35 @@ #define MODULE_ARCH_VERMAGIC "" #endif @@ -64273,7 +61138,7 @@ index cf97b5b..40ebc87 100644 + MODULE_GRSEC diff --git a/include/linux/vmalloc.h b/include/linux/vmalloc.h -index 687fb11..b342358 100644 +index 4bde182..aec92c1 100644 --- a/include/linux/vmalloc.h +++ b/include/linux/vmalloc.h @@ -14,6 +14,11 @@ struct vm_area_struct; /* vma defining user mapping in mm_types.h */ @@ -64460,12 +61325,12 @@ index 65efb92..137adbb 100644 static inline void __dec_zone_page_state(struct page *page, diff --git a/include/linux/xattr.h b/include/linux/xattr.h -index aed54c5..3e07f7a 100644 +index e5d1220..ef6e406 100644 --- a/include/linux/xattr.h +++ b/include/linux/xattr.h -@@ -49,6 +49,11 @@ - #define XATTR_CAPS_SUFFIX "capability" - #define XATTR_NAME_CAPS XATTR_SECURITY_PREFIX XATTR_CAPS_SUFFIX +@@ -57,6 +57,11 @@ + #define XATTR_POSIX_ACL_DEFAULT "posix_acl_default" + #define XATTR_NAME_POSIX_ACL_DEFAULT XATTR_SYSTEM_PREFIX XATTR_POSIX_ACL_DEFAULT +/* User namespace */ +#define XATTR_PAX_PREFIX XATTR_USER_PREFIX "pax." @@ -64510,10 +61375,10 @@ index c7c40f1..4f01585 100644 /* * Newer version of video_device, handled by videodev2.c diff --git a/include/media/v4l2-ioctl.h b/include/media/v4l2-ioctl.h -index dd9f1e7..8c4dd86 100644 +index 4d1c74a..65e1221 100644 --- a/include/media/v4l2-ioctl.h +++ b/include/media/v4l2-ioctl.h -@@ -272,7 +272,7 @@ struct v4l2_ioctl_ops { +@@ -274,7 +274,7 @@ struct v4l2_ioctl_ops { long (*vidioc_default) (struct file *file, void *fh, bool valid_prio, int cmd, void *arg); }; @@ -64523,10 +61388,10 @@ index dd9f1e7..8c4dd86 100644 /* v4l debugging and diagnostics */ diff --git a/include/net/caif/caif_hsi.h b/include/net/caif/caif_hsi.h -index c5dedd8..a93b07b 100644 +index 8d55251..dfe5b0a 100644 --- a/include/net/caif/caif_hsi.h +++ b/include/net/caif/caif_hsi.h -@@ -94,7 +94,7 @@ struct cfhsi_drv { +@@ -98,7 +98,7 @@ struct cfhsi_drv { void (*rx_done_cb) (struct cfhsi_drv *drv); void (*wake_up_cb) (struct cfhsi_drv *drv); void (*wake_down_cb) (struct cfhsi_drv *drv); @@ -64614,7 +61479,7 @@ index 10422ef..662570f 100644 fib_info_update_nh_saddr((net), &FIB_RES_NH(res))) #define FIB_RES_GW(res) (FIB_RES_NH(res).nh_gw) diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h -index 8fa4430..05dd772 100644 +index e5a7b9a..f4fc44b 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h @@ -509,7 +509,7 @@ struct ip_vs_conn { @@ -64672,10 +61537,10 @@ index 59ba38bc..d515662 100644 /* Protect concurent access to : * o self->open_count diff --git a/include/net/iucv/af_iucv.h b/include/net/iucv/af_iucv.h -index f82a1e8..82d81e8 100644 +index f2419cf..473679f 100644 --- a/include/net/iucv/af_iucv.h +++ b/include/net/iucv/af_iucv.h -@@ -87,7 +87,7 @@ struct iucv_sock { +@@ -139,7 +139,7 @@ struct iucv_sock { struct iucv_sock_list { struct hlist_head head; rwlock_t lock; @@ -64684,19 +61549,6 @@ index f82a1e8..82d81e8 100644 }; unsigned int iucv_sock_poll(struct file *file, struct socket *sock, -diff --git a/include/net/lapb.h b/include/net/lapb.h -index 96cb5dd..25e8d4f 100644 ---- a/include/net/lapb.h -+++ b/include/net/lapb.h -@@ -95,7 +95,7 @@ struct lapb_cb { - struct sk_buff_head write_queue; - struct sk_buff_head ack_queue; - unsigned char window; -- struct lapb_register_struct callbacks; -+ struct lapb_register_struct *callbacks; - - /* FRMR control information */ - struct lapb_frame frmr_data; diff --git a/include/net/neighbour.h b/include/net/neighbour.h index 2720884..3aa5c25 100644 --- a/include/net/neighbour.h @@ -64711,10 +61563,10 @@ index 2720884..3aa5c25 100644 struct pneigh_entry { struct pneigh_entry *next; diff --git a/include/net/netlink.h b/include/net/netlink.h -index 98c1854..d4add7b 100644 +index cb1f350..3279d2c 100644 --- a/include/net/netlink.h +++ b/include/net/netlink.h -@@ -562,7 +562,7 @@ static inline void *nlmsg_get_pos(struct sk_buff *skb) +@@ -569,7 +569,7 @@ static inline void *nlmsg_get_pos(struct sk_buff *skb) static inline void nlmsg_trim(struct sk_buff *skb, const void *mark) { if (mark) @@ -64756,10 +61608,10 @@ index 6a72a58..e6a127d 100644 #define SCTP_DISABLE_DEBUG #define SCTP_ASSERT(expr, str, func) diff --git a/include/net/sock.h b/include/net/sock.h -index 8e4062f..77b041e 100644 +index 32e3937..87a1dbc 100644 --- a/include/net/sock.h +++ b/include/net/sock.h -@@ -278,7 +278,7 @@ struct sock { +@@ -277,7 +277,7 @@ struct sock { #ifdef CONFIG_RPS __u32 sk_rxhash; #endif @@ -64768,7 +61620,7 @@ index 8e4062f..77b041e 100644 int sk_rcvbuf; struct sk_filter __rcu *sk_filter; -@@ -1391,7 +1391,7 @@ static inline void sk_nocaps_add(struct sock *sk, int flags) +@@ -1402,7 +1402,7 @@ static inline void sk_nocaps_add(struct sock *sk, int flags) } static inline int skb_do_copy_data_nocache(struct sock *sk, struct sk_buff *skb, @@ -64778,32 +61630,28 @@ index 8e4062f..77b041e 100644 { if (skb->ip_summed == CHECKSUM_NONE) { diff --git a/include/net/tcp.h b/include/net/tcp.h -index acc620a..f4d99c6 100644 +index bb18c4d..bb87972 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h -@@ -1401,8 +1401,8 @@ enum tcp_seq_states { - struct tcp_seq_afinfo { - char *name; - sa_family_t family; -- struct file_operations seq_fops; -- struct seq_operations seq_ops; -+ file_operations_no_const seq_fops; -+ seq_operations_no_const seq_ops; +@@ -1409,7 +1409,7 @@ struct tcp_seq_afinfo { + char *name; + sa_family_t family; + const struct file_operations *seq_fops; +- struct seq_operations seq_ops; ++ seq_operations_no_const seq_ops; }; struct tcp_iter_state { diff --git a/include/net/udp.h b/include/net/udp.h -index 67ea6fc..e42aee8 100644 +index 3b285f4..0219639 100644 --- a/include/net/udp.h +++ b/include/net/udp.h -@@ -234,8 +234,8 @@ struct udp_seq_afinfo { - char *name; - sa_family_t family; - struct udp_table *udp_table; -- struct file_operations seq_fops; -- struct seq_operations seq_ops; -+ file_operations_no_const seq_fops; -+ seq_operations_no_const seq_ops; +@@ -237,7 +237,7 @@ struct udp_seq_afinfo { + sa_family_t family; + struct udp_table *udp_table; + const struct file_operations *seq_fops; +- struct seq_operations seq_ops; ++ seq_operations_no_const seq_ops; }; struct udp_iter_state { @@ -64821,10 +61669,10 @@ index b203e14..1df3991 100644 u32 index; struct xfrm_mark mark; diff --git a/include/rdma/iw_cm.h b/include/rdma/iw_cm.h -index 2d0191c..a55797d 100644 +index 1a046b1..ee0bef0 100644 --- a/include/rdma/iw_cm.h +++ b/include/rdma/iw_cm.h -@@ -120,7 +120,7 @@ struct iw_cm_verbs { +@@ -122,7 +122,7 @@ struct iw_cm_verbs { int backlog); int (*destroy_listen)(struct iw_cm_id *cm_id); @@ -64834,10 +61682,10 @@ index 2d0191c..a55797d 100644 /** * iw_create_cm_id - Create an IW CM identifier. diff --git a/include/scsi/libfc.h b/include/scsi/libfc.h -index 7d96829..4ba78d3 100644 +index 5d1a758..1dbf795 100644 --- a/include/scsi/libfc.h +++ b/include/scsi/libfc.h -@@ -758,6 +758,7 @@ struct libfc_function_template { +@@ -748,6 +748,7 @@ struct libfc_function_template { */ void (*disc_stop_final) (struct fc_lport *); }; @@ -64845,7 +61693,7 @@ index 7d96829..4ba78d3 100644 /** * struct fc_disc - Discovery context -@@ -861,7 +862,7 @@ struct fc_lport { +@@ -851,7 +852,7 @@ struct fc_lport { struct fc_vport *vport; /* Operational Information */ @@ -64855,7 +61703,7 @@ index 7d96829..4ba78d3 100644 u8 qfull; enum fc_lport_state state; diff --git a/include/scsi/scsi_device.h b/include/scsi/scsi_device.h -index d371c3c..e228a8c 100644 +index 5591ed5..13eb457 100644 --- a/include/scsi/scsi_device.h +++ b/include/scsi/scsi_device.h @@ -161,9 +161,9 @@ struct scsi_device { @@ -64911,7 +61759,7 @@ index 8c05e47..2b5df97 100644 struct snd_hwdep { struct snd_card *card; diff --git a/include/sound/info.h b/include/sound/info.h -index 4e94cf1..76748b1 100644 +index 5492cc4..1a65278 100644 --- a/include/sound/info.h +++ b/include/sound/info.h @@ -44,7 +44,7 @@ struct snd_info_entry_text { @@ -64924,7 +61772,7 @@ index 4e94cf1..76748b1 100644 struct snd_info_entry_ops { int (*open)(struct snd_info_entry *entry, diff --git a/include/sound/pcm.h b/include/sound/pcm.h -index 57e71fa..a2c7534 100644 +index 0cf91b2..b70cae4 100644 --- a/include/sound/pcm.h +++ b/include/sound/pcm.h @@ -81,6 +81,7 @@ struct snd_pcm_ops { @@ -64949,10 +61797,10 @@ index af1b49e..a5d55a5 100644 /* * CSP private data diff --git a/include/sound/soc.h b/include/sound/soc.h -index aa19f5a..a5b8208 100644 +index 11cfb59..e3f93f4 100644 --- a/include/sound/soc.h +++ b/include/sound/soc.h -@@ -676,7 +676,7 @@ struct snd_soc_platform_driver { +@@ -683,7 +683,7 @@ struct snd_soc_platform_driver { /* platform IO - used for platform DAPM */ unsigned int (*read)(struct snd_soc_platform *, unsigned int); int (*write)(struct snd_soc_platform *, unsigned int, unsigned int); @@ -64975,10 +61823,10 @@ index 444cd6b..3327cc5 100644 const struct firmware *dsp_microcode; const struct firmware *controller_microcode; diff --git a/include/target/target_core_base.h b/include/target/target_core_base.h -index 2704065..e10f3ef 100644 +index 6873c7d..b1e8009 100644 --- a/include/target/target_core_base.h +++ b/include/target/target_core_base.h -@@ -356,7 +356,7 @@ struct t10_reservation_ops { +@@ -345,7 +345,7 @@ struct t10_reservation_ops { int (*t10_seq_non_holder)(struct se_cmd *, unsigned char *, u32); int (*t10_pr_register)(struct se_cmd *); int (*t10_pr_clear)(struct se_cmd *); @@ -64987,10 +61835,10 @@ index 2704065..e10f3ef 100644 struct t10_reservation { /* Reservation effects all target ports */ -@@ -496,8 +496,8 @@ struct se_cmd { +@@ -464,8 +464,8 @@ struct se_cmd { + atomic_t t_se_count; atomic_t t_task_cdbs_left; atomic_t t_task_cdbs_ex_left; - atomic_t t_task_cdbs_timeout_left; - atomic_t t_task_cdbs_sent; - atomic_t t_transport_aborted; + atomic_unchecked_t t_task_cdbs_sent; @@ -64998,15 +61846,15 @@ index 2704065..e10f3ef 100644 atomic_t t_transport_active; atomic_t t_transport_complete; atomic_t t_transport_queue_active; -@@ -744,7 +744,7 @@ struct se_device { - atomic_t active_cmds; +@@ -703,7 +703,7 @@ struct se_device { + /* Active commands on this virtual SE device */ atomic_t simple_cmds; atomic_t depth_left; - atomic_t dev_ordered_id; + atomic_unchecked_t dev_ordered_id; - atomic_t dev_tur_active; atomic_t execute_tasks; - atomic_t dev_status_thr_count; + atomic_t dev_ordered_sync; + atomic_t dev_qf_count; diff --git a/include/trace/events/irq.h b/include/trace/events/irq.h index 1c09820..7f5ec79 100644 --- a/include/trace/events/irq.h @@ -65030,12 +61878,12 @@ index 1c09820..7f5ec79 100644 TP_ARGS(irq, action, ret), diff --git a/include/video/udlfb.h b/include/video/udlfb.h -index 69d485a..dd0bee7 100644 +index c41f308..6918de3 100644 --- a/include/video/udlfb.h +++ b/include/video/udlfb.h -@@ -51,10 +51,10 @@ struct dlfb_data { - int base8; +@@ -52,10 +52,10 @@ struct dlfb_data { u32 pseudo_palette[256]; + int blank_mode; /*one of FB_BLANK_ */ /* blit-only rendering path metrics, exposed through sysfs */ - atomic_t bytes_rendered; /* raw pixel-bytes driver asked to render */ - atomic_t bytes_identical; /* saved effort with backbuffer comparison */ @@ -65061,10 +61909,10 @@ index 0993a22..32ba2fe 100644 void *pmi_pal; u8 *vbe_state_orig; /* diff --git a/init/Kconfig b/init/Kconfig -index d627783..693a9f3 100644 +index 43298f9..2f56c12 100644 --- a/init/Kconfig +++ b/init/Kconfig -@@ -1202,7 +1202,7 @@ config SLUB_DEBUG +@@ -1214,7 +1214,7 @@ config SLUB_DEBUG config COMPAT_BRK bool "Disable heap randomization" @@ -65074,10 +61922,10 @@ index d627783..693a9f3 100644 Randomizing heap placement makes heap exploits harder, but it also breaks ancient binaries (including anything libc5 based). diff --git a/init/do_mounts.c b/init/do_mounts.c -index ef6478f..fdb0d8a 100644 +index 0f6e1d9..89d0af4 100644 --- a/init/do_mounts.c +++ b/init/do_mounts.c -@@ -287,11 +287,11 @@ static void __init get_fs_names(char *page) +@@ -325,11 +325,11 @@ static void __init get_fs_names(char *page) static int __init do_mount_root(char *name, char *fs, int flags, void *data) { @@ -65091,7 +61939,7 @@ index ef6478f..fdb0d8a 100644 ROOT_DEV = current->fs->pwd.mnt->mnt_sb->s_dev; printk(KERN_INFO "VFS: Mounted root (%s filesystem)%s on device %u:%u.\n", -@@ -410,18 +410,18 @@ void __init change_floppy(char *fmt, ...) +@@ -421,18 +421,18 @@ void __init change_floppy(char *fmt, ...) va_start(args, fmt); vsprintf(buf, fmt, args); va_end(args); @@ -65113,7 +61961,7 @@ index ef6478f..fdb0d8a 100644 termios.c_lflag |= ICANON; sys_ioctl(fd, TCSETSF, (long)&termios); sys_close(fd); -@@ -515,6 +515,6 @@ void __init prepare_namespace(void) +@@ -526,6 +526,6 @@ void __init prepare_namespace(void) mount_root(); out: devtmpfs_mount("dev"); @@ -65376,7 +62224,7 @@ index 2531811..040d4d4 100644 next_state = Reset; return 0; diff --git a/init/main.c b/init/main.c -index 03b408d..5777f59 100644 +index 217ed23..32e5731 100644 --- a/init/main.c +++ b/init/main.c @@ -96,6 +96,8 @@ static inline void mark_rodata_ro(void) { } @@ -65438,7 +62286,7 @@ index 03b408d..5777f59 100644 static const char * argv_init[MAX_INIT_ARGS+2] = { "init", NULL, }; const char * envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, }; static const char *panic_later, *panic_param; -@@ -678,6 +723,7 @@ int __init_or_module do_one_initcall(initcall_t fn) +@@ -681,6 +726,7 @@ int __init_or_module do_one_initcall(initcall_t fn) { int count = preempt_count(); int ret; @@ -65446,7 +62294,7 @@ index 03b408d..5777f59 100644 if (initcall_debug) ret = do_one_initcall_debug(fn); -@@ -690,15 +736,15 @@ int __init_or_module do_one_initcall(initcall_t fn) +@@ -693,15 +739,15 @@ int __init_or_module do_one_initcall(initcall_t fn) sprintf(msgbuf, "error code %d ", ret); if (preempt_count() != count) { @@ -65466,7 +62314,7 @@ index 03b408d..5777f59 100644 } return ret; -@@ -817,7 +863,7 @@ static int __init kernel_init(void * unused) +@@ -820,7 +866,7 @@ static int __init kernel_init(void * unused) do_basic_setup(); /* Open the /dev/console on the rootfs, this should never fail */ @@ -65475,7 +62323,7 @@ index 03b408d..5777f59 100644 printk(KERN_WARNING "Warning: unable to open an initial console.\n"); (void) sys_dup(0); -@@ -830,11 +876,13 @@ static int __init kernel_init(void * unused) +@@ -833,11 +879,13 @@ static int __init kernel_init(void * unused) if (!ramdisk_execute_command) ramdisk_execute_command = "/init"; @@ -65491,7 +62339,7 @@ index 03b408d..5777f59 100644 * Ok, we have completed the initial bootup, and * we're essentially up and running. Get rid of the diff --git a/ipc/mqueue.c b/ipc/mqueue.c -index ed049ea..6442f7f 100644 +index 5b4293d..f179875 100644 --- a/ipc/mqueue.c +++ b/ipc/mqueue.c @@ -156,6 +156,7 @@ static struct inode *mqueue_get_inode(struct super_block *sb, @@ -65532,10 +62380,10 @@ index 7385de2..a8180e0 100644 msg_params.flg = msgflg; diff --git a/ipc/sem.c b/ipc/sem.c -index c8e00f8..1135c4e 100644 +index 5215a81..cfc0cac 100644 --- a/ipc/sem.c +++ b/ipc/sem.c -@@ -318,10 +318,15 @@ static inline int sem_more_checks(struct kern_ipc_perm *ipcp, +@@ -364,10 +364,15 @@ static inline int sem_more_checks(struct kern_ipc_perm *ipcp, return 0; } @@ -65552,7 +62400,7 @@ index c8e00f8..1135c4e 100644 struct ipc_params sem_params; ns = current->nsproxy->ipc_ns; -@@ -329,10 +334,6 @@ SYSCALL_DEFINE3(semget, key_t, key, int, nsems, int, semflg) +@@ -375,10 +380,6 @@ SYSCALL_DEFINE3(semget, key_t, key, int, nsems, int, semflg) if (nsems < 0 || nsems > ns->sc_semmsl) return -EINVAL; @@ -65563,24 +62411,6 @@ index c8e00f8..1135c4e 100644 sem_params.key = key; sem_params.flg = semflg; sem_params.u.nsems = nsems; -@@ -848,6 +849,8 @@ static int semctl_main(struct ipc_namespace *ns, int semid, int semnum, - int nsems; - struct list_head tasks; - -+ pax_track_stack(); -+ - sma = sem_lock_check(ns, semid); - if (IS_ERR(sma)) - return PTR_ERR(sma); -@@ -1295,6 +1298,8 @@ SYSCALL_DEFINE4(semtimedop, int, semid, struct sembuf __user *, tsops, - struct ipc_namespace *ns; - struct list_head tasks; - -+ pax_track_stack(); -+ - ns = current->nsproxy->ipc_ns; - - if (nsops < 1 || semid < 0) diff --git a/ipc/shm.c b/ipc/shm.c index 02ecf2c..be05b1e 100644 --- a/ipc/shm.c @@ -65698,7 +62528,7 @@ index fa7eb3d..7faf116 100644 current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim; set_fs(fs); diff --git a/kernel/audit.c b/kernel/audit.c -index 0a1355c..9359745 100644 +index 09fae26..ed71d5b 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -115,7 +115,7 @@ u32 audit_sig_sid = 0; @@ -65754,7 +62584,7 @@ index 0a1355c..9359745 100644 return; } diff --git a/kernel/auditsc.c b/kernel/auditsc.c -index ce4b054..aaa419e 100644 +index 47b7fc1..c003c33 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1166,8 +1166,8 @@ static void audit_log_execve_info(struct audit_context *context, @@ -65787,7 +62617,7 @@ index ce4b054..aaa419e 100644 if (context && context->in_syscall) { diff --git a/kernel/capability.c b/kernel/capability.c -index 283c529..36ac81e 100644 +index b463871..fa3ea1f 100644 --- a/kernel/capability.c +++ b/kernel/capability.c @@ -202,6 +202,9 @@ SYSCALL_DEFINE2(capget, cap_user_header_t, header, cap_user_data_t, dataptr) @@ -65850,21 +62680,8 @@ index 283c529..36ac81e 100644 /** * nsown_capable - Check superior capability to one's own user_ns * @cap: The capability in question -diff --git a/kernel/cgroup.c b/kernel/cgroup.c -index e4cbdfb..191bec4 100644 ---- a/kernel/cgroup.c -+++ b/kernel/cgroup.c -@@ -595,6 +595,8 @@ static struct css_set *find_css_set( - struct hlist_head *hhead; - struct cg_cgroup_link *link; - -+ pax_track_stack(); -+ - /* First see if we already have a cgroup group that matches - * the desired set */ - read_lock(&css_set_lock); diff --git a/kernel/compat.c b/kernel/compat.c -index e2435ee..8e82199 100644 +index f346ced..aa2b1f4 100644 --- a/kernel/compat.c +++ b/kernel/compat.c @@ -13,6 +13,7 @@ @@ -65875,7 +62692,7 @@ index e2435ee..8e82199 100644 #include <linux/errno.h> #include <linux/time.h> #include <linux/signal.h> -@@ -167,7 +168,7 @@ static long compat_nanosleep_restart(struct restart_block *restart) +@@ -168,7 +169,7 @@ static long compat_nanosleep_restart(struct restart_block *restart) mm_segment_t oldfs; long ret; @@ -65884,7 +62701,7 @@ index e2435ee..8e82199 100644 oldfs = get_fs(); set_fs(KERNEL_DS); ret = hrtimer_nanosleep_restart(restart); -@@ -199,7 +200,7 @@ asmlinkage long compat_sys_nanosleep(struct compat_timespec __user *rqtp, +@@ -200,7 +201,7 @@ asmlinkage long compat_sys_nanosleep(struct compat_timespec __user *rqtp, oldfs = get_fs(); set_fs(KERNEL_DS); ret = hrtimer_nanosleep(&tu, @@ -65893,7 +62710,7 @@ index e2435ee..8e82199 100644 HRTIMER_MODE_REL, CLOCK_MONOTONIC); set_fs(oldfs); -@@ -308,7 +309,7 @@ asmlinkage long compat_sys_sigpending(compat_old_sigset_t __user *set) +@@ -309,7 +310,7 @@ asmlinkage long compat_sys_sigpending(compat_old_sigset_t __user *set) mm_segment_t old_fs = get_fs(); set_fs(KERNEL_DS); @@ -65902,7 +62719,7 @@ index e2435ee..8e82199 100644 set_fs(old_fs); if (ret == 0) ret = put_user(s, set); -@@ -331,8 +332,8 @@ asmlinkage long compat_sys_sigprocmask(int how, compat_old_sigset_t __user *set, +@@ -332,8 +333,8 @@ asmlinkage long compat_sys_sigprocmask(int how, compat_old_sigset_t __user *set, old_fs = get_fs(); set_fs(KERNEL_DS); ret = sys_sigprocmask(how, @@ -65913,7 +62730,7 @@ index e2435ee..8e82199 100644 set_fs(old_fs); if (ret == 0) if (oset) -@@ -369,7 +370,7 @@ asmlinkage long compat_sys_old_getrlimit(unsigned int resource, +@@ -370,7 +371,7 @@ asmlinkage long compat_sys_old_getrlimit(unsigned int resource, mm_segment_t old_fs = get_fs(); set_fs(KERNEL_DS); @@ -65922,7 +62739,7 @@ index e2435ee..8e82199 100644 set_fs(old_fs); if (!ret) { -@@ -441,7 +442,7 @@ asmlinkage long compat_sys_getrusage(int who, struct compat_rusage __user *ru) +@@ -442,7 +443,7 @@ asmlinkage long compat_sys_getrusage(int who, struct compat_rusage __user *ru) mm_segment_t old_fs = get_fs(); set_fs(KERNEL_DS); @@ -65931,7 +62748,7 @@ index e2435ee..8e82199 100644 set_fs(old_fs); if (ret) -@@ -468,8 +469,8 @@ compat_sys_wait4(compat_pid_t pid, compat_uint_t __user *stat_addr, int options, +@@ -469,8 +470,8 @@ compat_sys_wait4(compat_pid_t pid, compat_uint_t __user *stat_addr, int options, set_fs (KERNEL_DS); ret = sys_wait4(pid, (stat_addr ? @@ -65942,7 +62759,7 @@ index e2435ee..8e82199 100644 set_fs (old_fs); if (ret > 0) { -@@ -494,8 +495,8 @@ asmlinkage long compat_sys_waitid(int which, compat_pid_t pid, +@@ -495,8 +496,8 @@ asmlinkage long compat_sys_waitid(int which, compat_pid_t pid, memset(&info, 0, sizeof(info)); set_fs(KERNEL_DS); @@ -65953,7 +62770,7 @@ index e2435ee..8e82199 100644 set_fs(old_fs); if ((ret < 0) || (info.si_signo == 0)) -@@ -625,8 +626,8 @@ long compat_sys_timer_settime(timer_t timer_id, int flags, +@@ -626,8 +627,8 @@ long compat_sys_timer_settime(timer_t timer_id, int flags, oldfs = get_fs(); set_fs(KERNEL_DS); err = sys_timer_settime(timer_id, flags, @@ -65964,7 +62781,7 @@ index e2435ee..8e82199 100644 set_fs(oldfs); if (!err && old && put_compat_itimerspec(old, &oldts)) return -EFAULT; -@@ -643,7 +644,7 @@ long compat_sys_timer_gettime(timer_t timer_id, +@@ -644,7 +645,7 @@ long compat_sys_timer_gettime(timer_t timer_id, oldfs = get_fs(); set_fs(KERNEL_DS); err = sys_timer_gettime(timer_id, @@ -65973,7 +62790,7 @@ index e2435ee..8e82199 100644 set_fs(oldfs); if (!err && put_compat_itimerspec(setting, &ts)) return -EFAULT; -@@ -662,7 +663,7 @@ long compat_sys_clock_settime(clockid_t which_clock, +@@ -663,7 +664,7 @@ long compat_sys_clock_settime(clockid_t which_clock, oldfs = get_fs(); set_fs(KERNEL_DS); err = sys_clock_settime(which_clock, @@ -65982,7 +62799,7 @@ index e2435ee..8e82199 100644 set_fs(oldfs); return err; } -@@ -677,7 +678,7 @@ long compat_sys_clock_gettime(clockid_t which_clock, +@@ -678,7 +679,7 @@ long compat_sys_clock_gettime(clockid_t which_clock, oldfs = get_fs(); set_fs(KERNEL_DS); err = sys_clock_gettime(which_clock, @@ -65991,7 +62808,7 @@ index e2435ee..8e82199 100644 set_fs(oldfs); if (!err && put_compat_timespec(&ts, tp)) return -EFAULT; -@@ -697,7 +698,7 @@ long compat_sys_clock_adjtime(clockid_t which_clock, +@@ -698,7 +699,7 @@ long compat_sys_clock_adjtime(clockid_t which_clock, oldfs = get_fs(); set_fs(KERNEL_DS); @@ -66000,7 +62817,7 @@ index e2435ee..8e82199 100644 set_fs(oldfs); err = compat_put_timex(utp, &txc); -@@ -717,7 +718,7 @@ long compat_sys_clock_getres(clockid_t which_clock, +@@ -718,7 +719,7 @@ long compat_sys_clock_getres(clockid_t which_clock, oldfs = get_fs(); set_fs(KERNEL_DS); err = sys_clock_getres(which_clock, @@ -66009,7 +62826,7 @@ index e2435ee..8e82199 100644 set_fs(oldfs); if (!err && tp && put_compat_timespec(&ts, tp)) return -EFAULT; -@@ -729,9 +730,9 @@ static long compat_clock_nanosleep_restart(struct restart_block *restart) +@@ -730,9 +731,9 @@ static long compat_clock_nanosleep_restart(struct restart_block *restart) long err; mm_segment_t oldfs; struct timespec tu; @@ -66021,7 +62838,7 @@ index e2435ee..8e82199 100644 oldfs = get_fs(); set_fs(KERNEL_DS); err = clock_nanosleep_restart(restart); -@@ -763,8 +764,8 @@ long compat_sys_clock_nanosleep(clockid_t which_clock, int flags, +@@ -764,8 +765,8 @@ long compat_sys_clock_nanosleep(clockid_t which_clock, int flags, oldfs = get_fs(); set_fs(KERNEL_DS); err = sys_clock_nanosleep(which_clock, flags, @@ -66057,28 +62874,10 @@ index 42e8fa0..9e7406b 100644 return -ENOMEM; diff --git a/kernel/cred.c b/kernel/cred.c -index 8ef31f5..bed28ea 100644 +index 5791612..a3c04dc 100644 --- a/kernel/cred.c +++ b/kernel/cred.c -@@ -158,6 +158,8 @@ static void put_cred_rcu(struct rcu_head *rcu) - */ - void __put_cred(struct cred *cred) - { -+ pax_track_stack(); -+ - kdebug("__put_cred(%p{%d,%d})", cred, - atomic_read(&cred->usage), - read_cred_subscribers(cred)); -@@ -182,6 +184,8 @@ void exit_creds(struct task_struct *tsk) - { - struct cred *cred; - -+ pax_track_stack(); -+ - kdebug("exit_creds(%u,%p,%p,{%d,%d})", tsk->pid, tsk->real_cred, tsk->cred, - atomic_read(&tsk->cred->usage), - read_cred_subscribers(tsk->cred)); -@@ -204,6 +208,15 @@ void exit_creds(struct task_struct *tsk) +@@ -204,6 +204,15 @@ void exit_creds(struct task_struct *tsk) validate_creds(cred); put_cred(cred); } @@ -66094,59 +62893,7 @@ index 8ef31f5..bed28ea 100644 } /** -@@ -220,6 +233,8 @@ const struct cred *get_task_cred(struct task_struct *task) - { - const struct cred *cred; - -+ pax_track_stack(); -+ - rcu_read_lock(); - - do { -@@ -239,6 +254,8 @@ struct cred *cred_alloc_blank(void) - { - struct cred *new; - -+ pax_track_stack(); -+ - new = kmem_cache_zalloc(cred_jar, GFP_KERNEL); - if (!new) - return NULL; -@@ -281,12 +298,15 @@ error: - * - * Call commit_creds() or abort_creds() to clean up. - */ -+ - struct cred *prepare_creds(void) - { - struct task_struct *task = current; - const struct cred *old; - struct cred *new; - -+ pax_track_stack(); -+ - validate_process_creds(); - - new = kmem_cache_alloc(cred_jar, GFP_KERNEL); -@@ -333,6 +353,8 @@ struct cred *prepare_exec_creds(void) - struct thread_group_cred *tgcred = NULL; - struct cred *new; - -+ pax_track_stack(); -+ - #ifdef CONFIG_KEYS - tgcred = kmalloc(sizeof(*tgcred), GFP_KERNEL); - if (!tgcred) -@@ -385,6 +407,8 @@ int copy_creds(struct task_struct *p, unsigned long clone_flags) - struct cred *new; - int ret; - -+ pax_track_stack(); -+ - if ( - #ifdef CONFIG_KEYS - !p->cred->thread_keyring && -@@ -470,11 +494,13 @@ error_put: +@@ -470,7 +479,7 @@ error_put: * Always returns 0 thus allowing this function to be tail-called at the end * of, say, sys_setgid(). */ @@ -66155,13 +62902,7 @@ index 8ef31f5..bed28ea 100644 { struct task_struct *task = current; const struct cred *old = task->real_cred; - -+ pax_track_stack(); -+ - kdebug("commit_creds(%p{%d,%d})", new, - atomic_read(&new->usage), - read_cred_subscribers(new)); -@@ -489,6 +515,8 @@ int commit_creds(struct cred *new) +@@ -489,6 +498,8 @@ int commit_creds(struct cred *new) get_cred(new); /* we will require a ref for the subj creds too */ @@ -66170,7 +62911,7 @@ index 8ef31f5..bed28ea 100644 /* dumpability changes */ if (old->euid != new->euid || old->egid != new->egid || -@@ -538,6 +566,92 @@ int commit_creds(struct cred *new) +@@ -538,6 +549,92 @@ int commit_creds(struct cred *new) put_cred(old); return 0; } @@ -66263,60 +63004,6 @@ index 8ef31f5..bed28ea 100644 EXPORT_SYMBOL(commit_creds); /** -@@ -549,6 +663,8 @@ EXPORT_SYMBOL(commit_creds); - */ - void abort_creds(struct cred *new) - { -+ pax_track_stack(); -+ - kdebug("abort_creds(%p{%d,%d})", new, - atomic_read(&new->usage), - read_cred_subscribers(new)); -@@ -572,6 +688,8 @@ const struct cred *override_creds(const struct cred *new) - { - const struct cred *old = current->cred; - -+ pax_track_stack(); -+ - kdebug("override_creds(%p{%d,%d})", new, - atomic_read(&new->usage), - read_cred_subscribers(new)); -@@ -601,6 +719,8 @@ void revert_creds(const struct cred *old) - { - const struct cred *override = current->cred; - -+ pax_track_stack(); -+ - kdebug("revert_creds(%p{%d,%d})", old, - atomic_read(&old->usage), - read_cred_subscribers(old)); -@@ -647,6 +767,8 @@ struct cred *prepare_kernel_cred(struct task_struct *daemon) - const struct cred *old; - struct cred *new; - -+ pax_track_stack(); -+ - new = kmem_cache_alloc(cred_jar, GFP_KERNEL); - if (!new) - return NULL; -@@ -701,6 +823,8 @@ EXPORT_SYMBOL(prepare_kernel_cred); - */ - int set_security_override(struct cred *new, u32 secid) - { -+ pax_track_stack(); -+ - return security_kernel_act_as(new, secid); - } - EXPORT_SYMBOL(set_security_override); -@@ -720,6 +844,8 @@ int set_security_override_from_ctx(struct cred *new, const char *secctx) - u32 secid; - int ret; - -+ pax_track_stack(); -+ - ret = security_secctx_to_secid(secctx, strlen(secctx), &secid); - if (ret < 0) - return ret; diff --git a/kernel/debug/debug_core.c b/kernel/debug/debug_core.c index 0d7c087..01b8cef 100644 --- a/kernel/debug/debug_core.c @@ -66404,10 +63091,10 @@ index 63786e7..0780cac 100644 #ifdef CONFIG_MODULE_UNLOAD { diff --git a/kernel/events/core.c b/kernel/events/core.c -index 0f85778..0d43716 100644 +index 58690af..d903d75 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c -@@ -172,7 +172,7 @@ int perf_proc_update_handler(struct ctl_table *table, int write, +@@ -173,7 +173,7 @@ int perf_proc_update_handler(struct ctl_table *table, int write, return 0; } @@ -66416,7 +63103,7 @@ index 0f85778..0d43716 100644 static void cpu_ctx_sched_out(struct perf_cpu_context *cpuctx, enum event_type_t event_type); -@@ -2535,7 +2535,7 @@ static void __perf_event_read(void *info) +@@ -2540,7 +2540,7 @@ static void __perf_event_read(void *info) static inline u64 perf_event_count(struct perf_event *event) { @@ -66425,7 +63112,7 @@ index 0f85778..0d43716 100644 } static u64 perf_event_read(struct perf_event *event) -@@ -3060,9 +3060,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running) +@@ -3065,9 +3065,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running) mutex_lock(&event->child_mutex); total += perf_event_read(event); *enabled += event->total_time_enabled + @@ -66437,7 +63124,7 @@ index 0f85778..0d43716 100644 list_for_each_entry(child, &event->child_list, child_list) { total += perf_event_read(child); -@@ -3448,10 +3448,10 @@ void perf_event_update_userpage(struct perf_event *event) +@@ -3474,10 +3474,10 @@ void perf_event_update_userpage(struct perf_event *event) userpg->offset -= local64_read(&event->hw.prev_count); userpg->time_enabled = enabled + @@ -66450,7 +63137,7 @@ index 0f85778..0d43716 100644 barrier(); ++userpg->lock; -@@ -3822,11 +3822,11 @@ static void perf_output_read_one(struct perf_output_handle *handle, +@@ -3906,11 +3906,11 @@ static void perf_output_read_one(struct perf_output_handle *handle, values[n++] = perf_event_count(event); if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) { values[n++] = enabled + @@ -66464,7 +63151,7 @@ index 0f85778..0d43716 100644 } if (read_format & PERF_FORMAT_ID) values[n++] = primary_event_id(event); -@@ -4477,12 +4477,12 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event) +@@ -4561,12 +4561,12 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event) * need to add enough zero bytes after the string to handle * the 64bit alignment we do later. */ @@ -66479,7 +63166,7 @@ index 0f85778..0d43716 100644 if (IS_ERR(name)) { name = strncpy(tmp, "//toolong", sizeof(tmp)); goto got_name; -@@ -5833,7 +5833,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu, +@@ -5921,7 +5921,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu, event->parent = parent_event; event->ns = get_pid_ns(current->nsproxy->pid_ns); @@ -66488,7 +63175,7 @@ index 0f85778..0d43716 100644 event->state = PERF_EVENT_STATE_INACTIVE; -@@ -6355,10 +6355,10 @@ static void sync_child_event(struct perf_event *child_event, +@@ -6443,10 +6443,10 @@ static void sync_child_event(struct perf_event *child_event, /* * Add back the child's count to the parent's count: */ @@ -66503,7 +63190,7 @@ index 0f85778..0d43716 100644 /* diff --git a/kernel/exit.c b/kernel/exit.c -index 9e316ae..b3656d5 100644 +index e6e01b9..619f837 100644 --- a/kernel/exit.c +++ b/kernel/exit.c @@ -57,6 +57,10 @@ @@ -66555,7 +63242,7 @@ index 9e316ae..b3656d5 100644 /* * If we were started as result of loading a module, close all of the * user space pages. We don't need them, and if we didn't close them -@@ -895,6 +914,8 @@ NORET_TYPE void do_exit(long code) +@@ -893,6 +912,8 @@ NORET_TYPE void do_exit(long code) struct task_struct *tsk = current; int group_dead; @@ -66564,7 +63251,7 @@ index 9e316ae..b3656d5 100644 profile_task_exit(tsk); WARN_ON(blk_needs_flush_plug(tsk)); -@@ -911,7 +932,6 @@ NORET_TYPE void do_exit(long code) +@@ -909,7 +930,6 @@ NORET_TYPE void do_exit(long code) * mm_release()->clear_child_tid() from writing to a user-controlled * kernel address. */ @@ -66572,7 +63259,7 @@ index 9e316ae..b3656d5 100644 ptrace_event(PTRACE_EVENT_EXIT, code); -@@ -973,6 +993,9 @@ NORET_TYPE void do_exit(long code) +@@ -971,6 +991,9 @@ NORET_TYPE void do_exit(long code) tsk->exit_code = code; taskstats_exit(tsk, group_dead); @@ -66583,10 +63270,10 @@ index 9e316ae..b3656d5 100644 if (group_dead) diff --git a/kernel/fork.c b/kernel/fork.c -index 8e6b6f4..9dccf00 100644 +index da4a6a1..c04943c 100644 --- a/kernel/fork.c +++ b/kernel/fork.c -@@ -285,7 +285,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) +@@ -280,7 +280,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) *stackend = STACK_END_MAGIC; /* for overflow detection */ #ifdef CONFIG_CC_STACKPROTECTOR @@ -66595,7 +63282,7 @@ index 8e6b6f4..9dccf00 100644 #endif /* -@@ -309,13 +309,77 @@ out: +@@ -304,13 +304,77 @@ out: } #ifdef CONFIG_MMU @@ -66675,7 +63362,7 @@ index 8e6b6f4..9dccf00 100644 down_write(&oldmm->mmap_sem); flush_cache_dup_mm(oldmm); -@@ -327,8 +391,8 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) +@@ -322,8 +386,8 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) mm->locked_vm = 0; mm->mmap = NULL; mm->mmap_cache = NULL; @@ -66686,7 +63373,7 @@ index 8e6b6f4..9dccf00 100644 mm->map_count = 0; cpumask_clear(mm_cpumask(mm)); mm->mm_rb = RB_ROOT; -@@ -344,8 +408,6 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) +@@ -339,8 +403,6 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) prev = NULL; for (mpnt = oldmm->mmap; mpnt; mpnt = mpnt->vm_next) { @@ -66695,7 +63382,7 @@ index 8e6b6f4..9dccf00 100644 if (mpnt->vm_flags & VM_DONTCOPY) { long pages = vma_pages(mpnt); mm->total_vm -= pages; -@@ -353,53 +415,11 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) +@@ -348,53 +410,11 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) -pages); continue; } @@ -66753,7 +63440,7 @@ index 8e6b6f4..9dccf00 100644 /* * Link in the new vma and copy the page table entries. -@@ -422,6 +442,31 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) +@@ -417,6 +437,31 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) if (retval) goto out; } @@ -66785,7 +63472,7 @@ index 8e6b6f4..9dccf00 100644 /* a new mm has just been created */ arch_dup_mmap(oldmm, mm); retval = 0; -@@ -430,14 +475,6 @@ out: +@@ -425,14 +470,6 @@ out: flush_tlb_mm(oldmm); up_write(&oldmm->mmap_sem); return retval; @@ -66800,7 +63487,7 @@ index 8e6b6f4..9dccf00 100644 } static inline int mm_alloc_pgd(struct mm_struct *mm) -@@ -837,13 +874,14 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk) +@@ -829,13 +866,14 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk) spin_unlock(&fs->lock); return -EAGAIN; } @@ -66816,7 +63503,7 @@ index 8e6b6f4..9dccf00 100644 return 0; } -@@ -1105,6 +1143,9 @@ static struct task_struct *copy_process(unsigned long clone_flags, +@@ -1097,6 +1135,9 @@ static struct task_struct *copy_process(unsigned long clone_flags, DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled); #endif retval = -EAGAIN; @@ -66826,7 +63513,7 @@ index 8e6b6f4..9dccf00 100644 if (atomic_read(&p->real_cred->user->processes) >= task_rlimit(p, RLIMIT_NPROC)) { if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) && -@@ -1264,6 +1305,8 @@ static struct task_struct *copy_process(unsigned long clone_flags, +@@ -1256,6 +1297,8 @@ static struct task_struct *copy_process(unsigned long clone_flags, if (clone_flags & CLONE_THREAD) p->tgid = current->tgid; @@ -66835,7 +63522,7 @@ index 8e6b6f4..9dccf00 100644 p->set_child_tid = (clone_flags & CLONE_CHILD_SETTID) ? child_tidptr : NULL; /* * Clear TID on mm_release()? -@@ -1428,6 +1471,8 @@ bad_fork_cleanup_count: +@@ -1418,6 +1461,8 @@ bad_fork_cleanup_count: bad_fork_free: free_task(p); fork_out: @@ -66844,7 +63531,7 @@ index 8e6b6f4..9dccf00 100644 return ERR_PTR(retval); } -@@ -1528,6 +1573,8 @@ long do_fork(unsigned long clone_flags, +@@ -1518,6 +1563,8 @@ long do_fork(unsigned long clone_flags, if (clone_flags & CLONE_PARENT_SETTID) put_user(nr, parent_tidptr); @@ -66853,7 +63540,7 @@ index 8e6b6f4..9dccf00 100644 if (clone_flags & CLONE_VFORK) { p->vfork_done = &vfork; init_completion(&vfork); -@@ -1637,7 +1684,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) +@@ -1627,7 +1674,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) return 0; /* don't need lock here; in the worst case we'll do useless copy */ @@ -66862,7 +63549,7 @@ index 8e6b6f4..9dccf00 100644 return 0; *new_fsp = copy_fs_struct(fs); -@@ -1726,7 +1773,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) +@@ -1716,7 +1763,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) fs = current->fs; spin_lock(&fs->lock); current->fs = new_fs; @@ -66873,7 +63560,7 @@ index 8e6b6f4..9dccf00 100644 else new_fs = fs; diff --git a/kernel/futex.c b/kernel/futex.c -index e6160fa..edf9565 100644 +index 1614be2..37abc7e 100644 --- a/kernel/futex.c +++ b/kernel/futex.c @@ -54,6 +54,7 @@ @@ -66882,7 +63569,7 @@ index e6160fa..edf9565 100644 #include <linux/syscalls.h> +#include <linux/ptrace.h> #include <linux/signal.h> - #include <linux/module.h> + #include <linux/export.h> #include <linux/magic.h> @@ -238,6 +239,11 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw) struct page *page, *page_head; @@ -66896,25 +63583,7 @@ index e6160fa..edf9565 100644 /* * The futex address must be "naturally" aligned. */ -@@ -1875,6 +1881,8 @@ static int futex_wait(u32 __user *uaddr, unsigned int flags, u32 val, - struct futex_q q = futex_q_init; - int ret; - -+ pax_track_stack(); -+ - if (!bitset) - return -EINVAL; - q.bitset = bitset; -@@ -2271,6 +2279,8 @@ static int futex_wait_requeue_pi(u32 __user *uaddr, unsigned int flags, - struct futex_q q = futex_q_init; - int res, ret; - -+ pax_track_stack(); -+ - if (!bitset) - return -EINVAL; - -@@ -2459,6 +2469,10 @@ SYSCALL_DEFINE3(get_robust_list, int, pid, +@@ -2459,6 +2465,10 @@ SYSCALL_DEFINE3(get_robust_list, int, pid, if (!p) goto err_unlock; ret = -EPERM; @@ -66925,7 +63594,7 @@ index e6160fa..edf9565 100644 pcred = __task_cred(p); /* If victim is in different user_ns, then uids are not comparable, so we must have CAP_SYS_PTRACE */ -@@ -2724,6 +2738,7 @@ static int __init futex_init(void) +@@ -2724,6 +2734,7 @@ static int __init futex_init(void) { u32 curval; int i; @@ -66933,7 +63602,7 @@ index e6160fa..edf9565 100644 /* * This will fail and we want it. Some arch implementations do -@@ -2735,8 +2750,11 @@ static int __init futex_init(void) +@@ -2735,8 +2746,11 @@ static int __init futex_init(void) * implementation, the non-functional ones will return * -ENOSYS. */ @@ -67004,7 +63673,7 @@ index 9b22d03..6295b62 100644 prev->next = info->next; else diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c -index 2043c08..ec81a69 100644 +index ae34bf5..4e2f3d0 100644 --- a/kernel/hrtimer.c +++ b/kernel/hrtimer.c @@ -1393,7 +1393,7 @@ void hrtimer_peek_ahead_timers(void) @@ -67017,7 +63686,7 @@ index 2043c08..ec81a69 100644 hrtimer_peek_ahead_timers(); } diff --git a/kernel/jump_label.c b/kernel/jump_label.c -index e6f1f24..6c19597 100644 +index 66ff710..05a5128 100644 --- a/kernel/jump_label.c +++ b/kernel/jump_label.c @@ -55,7 +55,9 @@ jump_label_sort_entries(struct jump_entry *start, struct jump_entry *stop) @@ -67030,7 +63699,7 @@ index e6f1f24..6c19597 100644 } static void jump_label_update(struct jump_label_key *key, int enable); -@@ -298,10 +300,12 @@ static void jump_label_invalidate_module_init(struct module *mod) +@@ -303,10 +305,12 @@ static void jump_label_invalidate_module_init(struct module *mod) struct jump_entry *iter_stop = iter_start + mod->num_jump_entries; struct jump_entry *iter; @@ -67150,10 +63819,10 @@ index 079f1d3..a407562 100644 return -ENOMEM; reset_iter(iter, 0); diff --git a/kernel/kexec.c b/kernel/kexec.c -index 296fbc8..84cb857 100644 +index dc7bc08..4601964 100644 --- a/kernel/kexec.c +++ b/kernel/kexec.c -@@ -1033,7 +1033,8 @@ asmlinkage long compat_sys_kexec_load(unsigned long entry, +@@ -1048,7 +1048,8 @@ asmlinkage long compat_sys_kexec_load(unsigned long entry, unsigned long flags) { struct compat_kexec_segment in; @@ -67273,7 +63942,7 @@ index a4bea97..7a1ae9a 100644 /* * If ret is 0, either ____call_usermodehelper failed and the diff --git a/kernel/kprobes.c b/kernel/kprobes.c -index b30fd54..11821ec 100644 +index e5d8464..4cc8cf0 100644 --- a/kernel/kprobes.c +++ b/kernel/kprobes.c @@ -185,7 +185,7 @@ static kprobe_opcode_t __kprobes *__get_insn_slot(struct kprobe_insn_cache *c) @@ -67313,10 +63982,10 @@ index b30fd54..11821ec 100644 head = &kprobe_table[i]; preempt_disable(); diff --git a/kernel/lockdep.c b/kernel/lockdep.c -index 4479606..4036bea 100644 +index b2e08c9..01d8049 100644 --- a/kernel/lockdep.c +++ b/kernel/lockdep.c -@@ -584,6 +584,10 @@ static int static_obj(void *obj) +@@ -592,6 +592,10 @@ static int static_obj(void *obj) end = (unsigned long) &_end, addr = (unsigned long) obj; @@ -67327,7 +63996,7 @@ index 4479606..4036bea 100644 /* * static variable? */ -@@ -719,6 +723,7 @@ register_lock_class(struct lockdep_map *lock, unsigned int subclass, int force) +@@ -731,6 +735,7 @@ register_lock_class(struct lockdep_map *lock, unsigned int subclass, int force) if (!static_obj(lock->key)) { debug_locks_off(); printk("INFO: trying to register non-static key.\n"); @@ -67335,7 +64004,7 @@ index 4479606..4036bea 100644 printk("the code is fine but needs lockdep annotation.\n"); printk("turning off the locking correctness validator.\n"); dump_stack(); -@@ -2954,7 +2959,7 @@ static int __lock_acquire(struct lockdep_map *lock, unsigned int subclass, +@@ -3042,7 +3047,7 @@ static int __lock_acquire(struct lockdep_map *lock, unsigned int subclass, if (!class) return 0; } @@ -67345,7 +64014,7 @@ index 4479606..4036bea 100644 printk("\nacquire class [%p] %s", class->key, class->name); if (class->name_version > 1) diff --git a/kernel/lockdep_proc.c b/kernel/lockdep_proc.c -index 71edd2f..e0542a5 100644 +index 91c32a0..b2c71c5 100644 --- a/kernel/lockdep_proc.c +++ b/kernel/lockdep_proc.c @@ -39,7 +39,7 @@ static void l_stop(struct seq_file *m, void *v) @@ -67358,7 +64027,7 @@ index 71edd2f..e0542a5 100644 if (!name) { diff --git a/kernel/module.c b/kernel/module.c -index 04379f92..fba2faf 100644 +index 178333c..04e3408 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -58,6 +58,7 @@ @@ -67746,7 +64415,7 @@ index 04379f92..fba2faf 100644 /* This is allowed: modprobe --force will invalidate it. */ if (!modmagic) { err = try_to_force_load(mod, "bad vermagic"); -@@ -2495,7 +2538,7 @@ static int check_modinfo(struct module *mod, struct load_info *info) +@@ -2498,7 +2541,7 @@ static int check_modinfo(struct module *mod, struct load_info *info) } /* Set up license info based on the info section */ @@ -67755,7 +64424,7 @@ index 04379f92..fba2faf 100644 return 0; } -@@ -2589,7 +2632,7 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2592,7 +2635,7 @@ static int move_module(struct module *mod, struct load_info *info) void *ptr; /* Do the allocs. */ @@ -67764,7 +64433,7 @@ index 04379f92..fba2faf 100644 /* * The pointer to this block is stored in the module structure * which is inside the block. Just mark it as not being a -@@ -2599,23 +2642,50 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2602,23 +2645,50 @@ static int move_module(struct module *mod, struct load_info *info) if (!ptr) return -ENOMEM; @@ -67823,7 +64492,7 @@ index 04379f92..fba2faf 100644 /* Transfer each section which specifies SHF_ALLOC */ DEBUGP("final section addresses:\n"); -@@ -2626,16 +2696,45 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2629,16 +2699,45 @@ static int move_module(struct module *mod, struct load_info *info) if (!(shdr->sh_flags & SHF_ALLOC)) continue; @@ -67876,7 +64545,7 @@ index 04379f92..fba2faf 100644 DEBUGP("\t0x%lx %s\n", shdr->sh_addr, info->secstrings + shdr->sh_name); } -@@ -2686,12 +2785,12 @@ static void flush_module_icache(const struct module *mod) +@@ -2689,12 +2788,12 @@ static void flush_module_icache(const struct module *mod) * Do it before processing of module parameters, so the module * can provide parameter accessor functions of its own. */ @@ -67895,7 +64564,7 @@ index 04379f92..fba2faf 100644 set_fs(old_fs); } -@@ -2771,8 +2870,10 @@ static void module_deallocate(struct module *mod, struct load_info *info) +@@ -2774,8 +2873,10 @@ static void module_deallocate(struct module *mod, struct load_info *info) { kfree(info->strmap); percpu_modfree(mod); @@ -67908,7 +64577,7 @@ index 04379f92..fba2faf 100644 } int __weak module_finalize(const Elf_Ehdr *hdr, -@@ -2836,9 +2937,38 @@ static struct module *load_module(void __user *umod, +@@ -2839,9 +2940,38 @@ static struct module *load_module(void __user *umod, if (err) goto free_unload; @@ -67947,7 +64616,7 @@ index 04379f92..fba2faf 100644 /* Fix up syms, so that st_value is a pointer to location. */ err = simplify_symbols(mod, &info); if (err < 0) -@@ -2854,13 +2984,6 @@ static struct module *load_module(void __user *umod, +@@ -2857,13 +2987,6 @@ static struct module *load_module(void __user *umod, flush_module_icache(mod); @@ -67961,7 +64630,7 @@ index 04379f92..fba2faf 100644 /* Mark state as coming so strong_try_module_get() ignores us. */ mod->state = MODULE_STATE_COMING; -@@ -2920,11 +3043,10 @@ static struct module *load_module(void __user *umod, +@@ -2921,11 +3044,10 @@ static struct module *load_module(void __user *umod, unlock: mutex_unlock(&module_mutex); synchronize_sched(); @@ -67974,7 +64643,7 @@ index 04379f92..fba2faf 100644 free_unload: module_unload_free(mod); free_module: -@@ -2965,16 +3087,16 @@ SYSCALL_DEFINE3(init_module, void __user *, umod, +@@ -2966,16 +3088,16 @@ SYSCALL_DEFINE3(init_module, void __user *, umod, MODULE_STATE_COMING, mod); /* Set RO and NX regions for core */ @@ -67999,7 +64668,7 @@ index 04379f92..fba2faf 100644 do_mod_ctors(mod); /* Start the module */ -@@ -3020,11 +3142,12 @@ SYSCALL_DEFINE3(init_module, void __user *, umod, +@@ -3021,11 +3143,12 @@ SYSCALL_DEFINE3(init_module, void __user *, umod, mod->strtab = mod->core_strtab; #endif unset_module_init_ro_nx(mod); @@ -68017,7 +64686,7 @@ index 04379f92..fba2faf 100644 mutex_unlock(&module_mutex); return 0; -@@ -3055,10 +3178,16 @@ static const char *get_ksymbol(struct module *mod, +@@ -3056,10 +3179,16 @@ static const char *get_ksymbol(struct module *mod, unsigned long nextval; /* At worse, next value is at end of module */ @@ -68037,7 +64706,7 @@ index 04379f92..fba2faf 100644 /* Scan for closest preceding symbol, and next symbol. (ELF starts real symbols at 1). */ -@@ -3304,7 +3433,7 @@ static int m_show(struct seq_file *m, void *p) +@@ -3307,7 +3436,7 @@ static int m_show(struct seq_file *m, void *p) char buf[8]; seq_printf(m, "%s %u", @@ -68046,7 +64715,7 @@ index 04379f92..fba2faf 100644 print_unload_info(m, mod); /* Informative for users. */ -@@ -3313,7 +3442,7 @@ static int m_show(struct seq_file *m, void *p) +@@ -3316,7 +3445,7 @@ static int m_show(struct seq_file *m, void *p) mod->state == MODULE_STATE_COMING ? "Loading": "Live"); /* Used by oprofile and other similar tools. */ @@ -68055,7 +64724,7 @@ index 04379f92..fba2faf 100644 /* Taints info */ if (mod->taints) -@@ -3349,7 +3478,17 @@ static const struct file_operations proc_modules_operations = { +@@ -3352,7 +3481,17 @@ static const struct file_operations proc_modules_operations = { static int __init proc_modules_init(void) { @@ -68073,7 +64742,7 @@ index 04379f92..fba2faf 100644 return 0; } module_init(proc_modules_init); -@@ -3408,12 +3547,12 @@ struct module *__module_address(unsigned long addr) +@@ -3411,12 +3550,12 @@ struct module *__module_address(unsigned long addr) { struct module *mod; @@ -68089,7 +64758,7 @@ index 04379f92..fba2faf 100644 return mod; return NULL; } -@@ -3447,11 +3586,20 @@ bool is_module_text_address(unsigned long addr) +@@ -3450,11 +3589,20 @@ bool is_module_text_address(unsigned long addr) */ struct module *__module_text_address(unsigned long addr) { @@ -68114,7 +64783,7 @@ index 04379f92..fba2faf 100644 } return mod; diff --git a/kernel/mutex-debug.c b/kernel/mutex-debug.c -index 73da83a..fe46e99 100644 +index 7e3443f..b2a1e6b 100644 --- a/kernel/mutex-debug.c +++ b/kernel/mutex-debug.c @@ -49,21 +49,21 @@ void debug_mutex_free_waiter(struct mutex_waiter *waiter) @@ -68162,7 +64831,7 @@ index 0799fd3..d06ae3b 100644 extern void debug_mutex_init(struct mutex *lock, const char *name, struct lock_class_key *key); diff --git a/kernel/mutex.c b/kernel/mutex.c -index d607ed5..58d0a52 100644 +index 89096dd..f91ebc5 100644 --- a/kernel/mutex.c +++ b/kernel/mutex.c @@ -198,7 +198,7 @@ __mutex_lock_common(struct mutex *lock, long state, unsigned int subclass, @@ -68194,7 +64863,7 @@ index d607ed5..58d0a52 100644 /* set it to 0 if there are no waiters left: */ diff --git a/kernel/padata.c b/kernel/padata.c -index b91941d..0871d60 100644 +index b452599..5d68f4e 100644 --- a/kernel/padata.c +++ b/kernel/padata.c @@ -132,10 +132,10 @@ int padata_do_parallel(struct padata_instance *pinst, @@ -68221,7 +64890,7 @@ index b91941d..0871d60 100644 atomic_set(&pd->refcnt, 0); pd->pinst = pinst; diff --git a/kernel/panic.c b/kernel/panic.c -index d7bb697..0ff55cc 100644 +index b2659360..5972a0f 100644 --- a/kernel/panic.c +++ b/kernel/panic.c @@ -78,7 +78,11 @@ NORET_TYPE void panic(const char * fmt, ...) @@ -68237,7 +64906,7 @@ index d7bb697..0ff55cc 100644 #endif /* -@@ -371,7 +375,7 @@ static void warn_slowpath_common(const char *file, int line, void *caller, +@@ -373,7 +377,7 @@ static void warn_slowpath_common(const char *file, int line, void *caller, const char *board; printk(KERN_WARNING "------------[ cut here ]------------\n"); @@ -68246,7 +64915,7 @@ index d7bb697..0ff55cc 100644 board = dmi_get_system_info(DMI_PRODUCT_NAME); if (board) printk(KERN_WARNING "Hardware name: %s\n", board); -@@ -426,7 +430,8 @@ EXPORT_SYMBOL(warn_slowpath_null); +@@ -428,7 +432,8 @@ EXPORT_SYMBOL(warn_slowpath_null); */ void __stack_chk_fail(void) { @@ -68257,7 +64926,7 @@ index d7bb697..0ff55cc 100644 } EXPORT_SYMBOL(__stack_chk_fail); diff --git a/kernel/pid.c b/kernel/pid.c -index e432057..a2b2ac5 100644 +index fa5f722..0c93e57 100644 --- a/kernel/pid.c +++ b/kernel/pid.c @@ -33,6 +33,7 @@ @@ -68277,14 +64946,17 @@ index e432057..a2b2ac5 100644 int pid_max_min = RESERVED_PIDS + 1; int pid_max_max = PID_MAX_LIMIT; -@@ -418,8 +419,15 @@ EXPORT_SYMBOL(pid_task); +@@ -418,10 +419,18 @@ EXPORT_SYMBOL(pid_task); */ struct task_struct *find_task_by_pid_ns(pid_t nr, struct pid_namespace *ns) { + struct task_struct *task; + - rcu_lockdep_assert(rcu_read_lock_held()); + rcu_lockdep_assert(rcu_read_lock_held(), + "find_task_by_pid_ns() needs rcu_read_lock()" + " protection"); - return pid_task(find_pid_ns(nr, ns), PIDTYPE_PID); ++ + task = pid_task(find_pid_ns(nr, ns), PIDTYPE_PID); + + if (gr_pid_is_chrooted(task)) @@ -68294,13 +64966,15 @@ index e432057..a2b2ac5 100644 } struct task_struct *find_task_by_vpid(pid_t vnr) -@@ -427,6 +435,12 @@ struct task_struct *find_task_by_vpid(pid_t vnr) +@@ -429,6 +438,14 @@ struct task_struct *find_task_by_vpid(pid_t vnr) return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns); } +struct task_struct *find_task_by_vpid_unrestricted(pid_t vnr) +{ -+ rcu_lockdep_assert(rcu_read_lock_held()); ++ rcu_lockdep_assert(rcu_read_lock_held(), ++ "find_task_by_pid_ns() needs rcu_read_lock()" ++ " protection"); + return pid_task(find_pid_ns(vnr, current->nsproxy->pid_ns), PIDTYPE_PID); +} + @@ -68308,7 +64982,7 @@ index e432057..a2b2ac5 100644 { struct pid *pid; diff --git a/kernel/posix-cpu-timers.c b/kernel/posix-cpu-timers.c -index 640ded8..3dafb85 100644 +index e7cb76d..75eceb3 100644 --- a/kernel/posix-cpu-timers.c +++ b/kernel/posix-cpu-timers.c @@ -6,6 +6,7 @@ @@ -68337,7 +65011,7 @@ index 640ded8..3dafb85 100644 .clock_get = thread_cpu_clock_get, .timer_create = thread_cpu_timer_create, diff --git a/kernel/posix-timers.c b/kernel/posix-timers.c -index 4556182..9335419 100644 +index 69185ae..cc2847a 100644 --- a/kernel/posix-timers.c +++ b/kernel/posix-timers.c @@ -43,6 +43,7 @@ @@ -68399,16 +65073,7 @@ index 4556182..9335419 100644 .clock_getres = hrtimer_get_res, .clock_get = posix_get_boottime, .nsleep = common_nsleep, -@@ -272,6 +273,8 @@ static __init int init_posix_timers(void) - .timer_del = common_timer_del, - }; - -+ pax_track_stack(); -+ - posix_timers_register_clock(CLOCK_REALTIME, &clock_realtime); - posix_timers_register_clock(CLOCK_MONOTONIC, &clock_monotonic); - posix_timers_register_clock(CLOCK_MONOTONIC_RAW, &clock_monotonic_raw); -@@ -473,7 +476,7 @@ void posix_timers_register_clock(const clockid_t clock_id, +@@ -473,7 +474,7 @@ void posix_timers_register_clock(const clockid_t clock_id, return; } @@ -68417,7 +65082,7 @@ index 4556182..9335419 100644 } EXPORT_SYMBOL_GPL(posix_timers_register_clock); -@@ -519,9 +522,9 @@ static struct k_clock *clockid_to_kclock(const clockid_t id) +@@ -519,9 +520,9 @@ static struct k_clock *clockid_to_kclock(const clockid_t id) return (id & CLOCKFD_MASK) == CLOCKFD ? &clock_posix_dynamic : &clock_posix_cpu; @@ -68429,7 +65094,7 @@ index 4556182..9335419 100644 } static int common_timer_create(struct k_itimer *new_timer) -@@ -959,6 +962,13 @@ SYSCALL_DEFINE2(clock_settime, const clockid_t, which_clock, +@@ -959,6 +960,13 @@ SYSCALL_DEFINE2(clock_settime, const clockid_t, which_clock, if (copy_from_user(&new_tp, tp, sizeof (*tp))) return -EFAULT; @@ -68457,7 +65122,7 @@ index d523593..68197a4 100644 register_sysrq_key('o', &sysrq_poweroff_op); return 0; diff --git a/kernel/power/process.c b/kernel/power/process.c -index 0cf3a27..5481be4 100644 +index addbbe5..f9e32e0 100644 --- a/kernel/power/process.c +++ b/kernel/power/process.c @@ -41,6 +41,7 @@ static int try_to_freeze_tasks(bool sig_only) @@ -68503,7 +65168,7 @@ index 0cf3a27..5481be4 100644 if (pm_wakeup_pending()) { diff --git a/kernel/printk.c b/kernel/printk.c -index 28a40d8..2411bec 100644 +index 7982a0a..2095fdc 100644 --- a/kernel/printk.c +++ b/kernel/printk.c @@ -313,6 +313,11 @@ static int check_syslog_permissions(int type, bool from_file) @@ -68519,7 +65184,7 @@ index 28a40d8..2411bec 100644 if (capable(CAP_SYSLOG)) return 0; diff --git a/kernel/profile.c b/kernel/profile.c -index 961b389..c451353 100644 +index 76b8e77..a2930e8 100644 --- a/kernel/profile.c +++ b/kernel/profile.c @@ -39,7 +39,7 @@ struct profile_hit { @@ -68580,7 +65245,7 @@ index 961b389..c451353 100644 } diff --git a/kernel/ptrace.c b/kernel/ptrace.c -index 67d1fdd..1af21e2 100644 +index 78ab24a..332c915 100644 --- a/kernel/ptrace.c +++ b/kernel/ptrace.c @@ -172,7 +172,8 @@ int ptrace_check_attach(struct task_struct *child, bool ignore_state) @@ -68614,7 +65279,7 @@ index 67d1fdd..1af21e2 100644 return -EPERM; return security_ptrace_access_check(task, mode); -@@ -217,7 +221,16 @@ bool ptrace_may_access(struct task_struct *task, unsigned int mode) +@@ -217,7 +221,21 @@ bool ptrace_may_access(struct task_struct *task, unsigned int mode) { int err; task_lock(task); @@ -68624,6 +65289,11 @@ index 67d1fdd..1af21e2 100644 + return !err; +} + ++bool ptrace_may_access_nolock(struct task_struct *task, unsigned int mode) ++{ ++ return __ptrace_may_access(task, mode, 0); ++} ++ +bool ptrace_may_access_log(struct task_struct *task, unsigned int mode) +{ + int err; @@ -68632,7 +65302,7 @@ index 67d1fdd..1af21e2 100644 task_unlock(task); return !err; } -@@ -262,7 +275,7 @@ static int ptrace_attach(struct task_struct *task, long request, +@@ -262,7 +280,7 @@ static int ptrace_attach(struct task_struct *task, long request, goto out; task_lock(task); @@ -68641,7 +65311,7 @@ index 67d1fdd..1af21e2 100644 task_unlock(task); if (retval) goto unlock_creds; -@@ -277,7 +290,7 @@ static int ptrace_attach(struct task_struct *task, long request, +@@ -277,7 +295,7 @@ static int ptrace_attach(struct task_struct *task, long request, task->ptrace = PT_PTRACED; if (seize) task->ptrace |= PT_SEIZED; @@ -68650,16 +65320,7 @@ index 67d1fdd..1af21e2 100644 task->ptrace |= PT_PTRACE_CAP; __ptrace_link(task, current); -@@ -472,6 +485,8 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst - { - int copied = 0; - -+ pax_track_stack(); -+ - while (len > 0) { - char buf[128]; - int this_len, retval; -@@ -483,7 +498,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst +@@ -483,7 +501,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst break; return -EIO; } @@ -68668,16 +65329,7 @@ index 67d1fdd..1af21e2 100644 return -EFAULT; copied += retval; src += retval; -@@ -497,6 +512,8 @@ int ptrace_writedata(struct task_struct *tsk, char __user *src, unsigned long ds - { - int copied = 0; - -+ pax_track_stack(); -+ - while (len > 0) { - char buf[128]; - int this_len, retval; -@@ -680,10 +697,12 @@ int ptrace_request(struct task_struct *child, long request, +@@ -680,7 +698,7 @@ int ptrace_request(struct task_struct *child, long request, bool seized = child->ptrace & PT_SEIZED; int ret = -EIO; siginfo_t siginfo, *si; @@ -68686,12 +65338,7 @@ index 67d1fdd..1af21e2 100644 unsigned long __user *datalp = datavp; unsigned long flags; -+ pax_track_stack(); -+ - switch (request) { - case PTRACE_PEEKTEXT: - case PTRACE_PEEKDATA: -@@ -882,14 +901,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr, +@@ -882,14 +900,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr, goto out; } @@ -68714,7 +65361,7 @@ index 67d1fdd..1af21e2 100644 goto out_put_task_struct; } -@@ -915,7 +941,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr, +@@ -915,7 +940,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr, copied = access_process_vm(tsk, addr, &tmp, sizeof(tmp), 0); if (copied != sizeof(tmp)) return -EIO; @@ -68723,16 +65370,7 @@ index 67d1fdd..1af21e2 100644 } int generic_ptrace_pokedata(struct task_struct *tsk, unsigned long addr, -@@ -938,6 +964,8 @@ int compat_ptrace_request(struct task_struct *child, compat_long_t request, - siginfo_t siginfo; - int ret; - -+ pax_track_stack(); -+ - switch (request) { - case PTRACE_PEEKTEXT: - case PTRACE_PEEKDATA: -@@ -1025,14 +1053,21 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid, +@@ -1025,14 +1050,21 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid, goto out; } @@ -68756,7 +65394,7 @@ index 67d1fdd..1af21e2 100644 } diff --git a/kernel/rcutorture.c b/kernel/rcutorture.c -index 98f51b1..30b950c 100644 +index 764825c..3aa6ac4 100644 --- a/kernel/rcutorture.c +++ b/kernel/rcutorture.c @@ -138,12 +138,12 @@ static DEFINE_PER_CPU(long [RCU_TORTURE_PIPE_LEN + 1], rcu_torture_count) = @@ -68819,7 +65457,7 @@ index 98f51b1..30b950c 100644 if (++rp->rtort_pipe_count >= RCU_TORTURE_PIPE_LEN) { rp->rtort_mbtest = 0; list_del(&rp->rtort_free); -@@ -882,7 +882,7 @@ rcu_torture_writer(void *arg) +@@ -872,7 +872,7 @@ rcu_torture_writer(void *arg) i = old_rp->rtort_pipe_count; if (i > RCU_TORTURE_PIPE_LEN) i = RCU_TORTURE_PIPE_LEN; @@ -68828,7 +65466,7 @@ index 98f51b1..30b950c 100644 old_rp->rtort_pipe_count++; cur_ops->deferred_free(old_rp); } -@@ -950,7 +950,7 @@ static void rcu_torture_timer(unsigned long unused) +@@ -940,7 +940,7 @@ static void rcu_torture_timer(unsigned long unused) return; } if (p->rtort_mbtest == 0) @@ -68837,7 +65475,7 @@ index 98f51b1..30b950c 100644 spin_lock(&rand_lock); cur_ops->read_delay(&rand); n_rcu_torture_timers++; -@@ -1011,7 +1011,7 @@ rcu_torture_reader(void *arg) +@@ -1001,7 +1001,7 @@ rcu_torture_reader(void *arg) continue; } if (p->rtort_mbtest == 0) @@ -68846,7 +65484,7 @@ index 98f51b1..30b950c 100644 cur_ops->read_delay(&rand); preempt_disable(); pipe_count = p->rtort_pipe_count; -@@ -1070,16 +1070,16 @@ rcu_torture_printk(char *page) +@@ -1060,16 +1060,16 @@ rcu_torture_printk(char *page) rcu_torture_current, rcu_torture_current_version, list_empty(&rcu_torture_freelist), @@ -68868,7 +65506,7 @@ index 98f51b1..30b950c 100644 n_rcu_torture_boost_ktrerror != 0 || n_rcu_torture_boost_rterror != 0 || n_rcu_torture_boost_failure != 0) -@@ -1087,7 +1087,7 @@ rcu_torture_printk(char *page) +@@ -1077,7 +1077,7 @@ rcu_torture_printk(char *page) cnt += sprintf(&page[cnt], "\n%s%s ", torture_type, TORTURE_FLAG); if (i > 1) { cnt += sprintf(&page[cnt], "!!! "); @@ -68877,7 +65515,7 @@ index 98f51b1..30b950c 100644 WARN_ON_ONCE(1); } cnt += sprintf(&page[cnt], "Reader Pipe: "); -@@ -1101,7 +1101,7 @@ rcu_torture_printk(char *page) +@@ -1091,7 +1091,7 @@ rcu_torture_printk(char *page) cnt += sprintf(&page[cnt], "Free-Block Circulation: "); for (i = 0; i < RCU_TORTURE_PIPE_LEN + 1; i++) { cnt += sprintf(&page[cnt], " %d", @@ -68886,7 +65524,7 @@ index 98f51b1..30b950c 100644 } cnt += sprintf(&page[cnt], "\n"); if (cur_ops->stats) -@@ -1410,7 +1410,7 @@ rcu_torture_cleanup(void) +@@ -1401,7 +1401,7 @@ rcu_torture_cleanup(void) if (cur_ops->cleanup) cur_ops->cleanup(); @@ -68895,7 +65533,7 @@ index 98f51b1..30b950c 100644 rcu_torture_print_module_parms(cur_ops, "End of test: FAILURE"); else rcu_torture_print_module_parms(cur_ops, "End of test: SUCCESS"); -@@ -1474,17 +1474,17 @@ rcu_torture_init(void) +@@ -1465,17 +1465,17 @@ rcu_torture_init(void) rcu_torture_current = NULL; rcu_torture_current_version = 0; @@ -68920,11 +65558,11 @@ index 98f51b1..30b950c 100644 for (i = 0; i < RCU_TORTURE_PIPE_LEN + 1; i++) { per_cpu(rcu_torture_count, cpu)[i] = 0; diff --git a/kernel/rcutree.c b/kernel/rcutree.c -index ba06207..85d8ba8 100644 +index 6b76d81..7afc1b3 100644 --- a/kernel/rcutree.c +++ b/kernel/rcutree.c -@@ -356,9 +356,9 @@ void rcu_enter_nohz(void) - } +@@ -367,9 +367,9 @@ void rcu_enter_nohz(void) + trace_rcu_dyntick("Start"); /* CPUs seeing atomic_inc() must see prior RCU read-side crit sects */ smp_mb__before_atomic_inc(); /* See above. */ - atomic_inc(&rdtp->dynticks); @@ -68933,9 +65571,9 @@ index ba06207..85d8ba8 100644 - WARN_ON_ONCE(atomic_read(&rdtp->dynticks) & 0x1); + WARN_ON_ONCE(atomic_read_unchecked(&rdtp->dynticks) & 0x1); local_irq_restore(flags); + } - /* If the interrupt queued a callback, get out of dyntick mode. */ -@@ -387,10 +387,10 @@ void rcu_exit_nohz(void) +@@ -391,10 +391,10 @@ void rcu_exit_nohz(void) return; } smp_mb__before_atomic_inc(); /* Force ordering w/previous sojourn. */ @@ -68945,10 +65583,10 @@ index ba06207..85d8ba8 100644 smp_mb__after_atomic_inc(); /* See above. */ - WARN_ON_ONCE(!(atomic_read(&rdtp->dynticks) & 0x1)); + WARN_ON_ONCE(!(atomic_read_unchecked(&rdtp->dynticks) & 0x1)); + trace_rcu_dyntick("End"); local_irq_restore(flags); } - -@@ -406,14 +406,14 @@ void rcu_nmi_enter(void) +@@ -411,14 +411,14 @@ void rcu_nmi_enter(void) struct rcu_dynticks *rdtp = &__get_cpu_var(rcu_dynticks); if (rdtp->dynticks_nmi_nesting == 0 && @@ -68966,7 +65604,7 @@ index ba06207..85d8ba8 100644 } /** -@@ -432,9 +432,9 @@ void rcu_nmi_exit(void) +@@ -437,9 +437,9 @@ void rcu_nmi_exit(void) return; /* CPUs seeing atomic_inc() must see prior RCU read-side crit sects */ smp_mb__before_atomic_inc(); /* See above. */ @@ -68978,7 +65616,7 @@ index ba06207..85d8ba8 100644 } /** -@@ -469,7 +469,7 @@ void rcu_irq_exit(void) +@@ -474,7 +474,7 @@ void rcu_irq_exit(void) */ static int dyntick_save_progress_counter(struct rcu_data *rdp) { @@ -68987,26 +65625,26 @@ index ba06207..85d8ba8 100644 return 0; } -@@ -484,7 +484,7 @@ static int rcu_implicit_dynticks_qs(struct rcu_data *rdp) - unsigned long curr; - unsigned long snap; +@@ -489,7 +489,7 @@ static int rcu_implicit_dynticks_qs(struct rcu_data *rdp) + unsigned int curr; + unsigned int snap; -- curr = (unsigned long)atomic_add_return(0, &rdp->dynticks->dynticks); -+ curr = (unsigned long)atomic_add_return_unchecked(0, &rdp->dynticks->dynticks); - snap = (unsigned long)rdp->dynticks_snap; +- curr = (unsigned int)atomic_add_return(0, &rdp->dynticks->dynticks); ++ curr = (unsigned int)atomic_add_return_unchecked(0, &rdp->dynticks->dynticks); + snap = (unsigned int)rdp->dynticks_snap; /* -@@ -1470,7 +1470,7 @@ __rcu_process_callbacks(struct rcu_state *rsp, struct rcu_data *rdp) +@@ -1552,7 +1552,7 @@ __rcu_process_callbacks(struct rcu_state *rsp, struct rcu_data *rdp) /* - * Do softirq processing for the current CPU. + * Do RCU core processing for the current CPU. */ -static void rcu_process_callbacks(struct softirq_action *unused) +static void rcu_process_callbacks(void) { + trace_rcu_utilization("Start RCU core"); __rcu_process_callbacks(&rcu_sched_state, - &__get_cpu_var(rcu_sched_data)); diff --git a/kernel/rcutree.h b/kernel/rcutree.h -index 01b2ccd..4f5d80a 100644 +index 849ce9e..74bc9de 100644 --- a/kernel/rcutree.h +++ b/kernel/rcutree.h @@ -86,7 +86,7 @@ @@ -69019,10 +65657,10 @@ index 01b2ccd..4f5d80a 100644 /* RCU's kthread states for tracing. */ diff --git a/kernel/rcutree_plugin.h b/kernel/rcutree_plugin.h -index 8aafbb8..2fca109 100644 +index 4b9b9f8..2326053 100644 --- a/kernel/rcutree_plugin.h +++ b/kernel/rcutree_plugin.h -@@ -822,7 +822,7 @@ void synchronize_rcu_expedited(void) +@@ -842,7 +842,7 @@ void synchronize_rcu_expedited(void) /* Clean up and exit. */ smp_mb(); /* ensure expedited GP seen before counter increment. */ @@ -69031,7 +65669,7 @@ index 8aafbb8..2fca109 100644 unlock_mb_ret: mutex_unlock(&sync_rcu_preempt_exp_mutex); mb_ret: -@@ -1774,8 +1774,8 @@ EXPORT_SYMBOL_GPL(synchronize_sched_expedited); +@@ -1815,8 +1815,8 @@ EXPORT_SYMBOL_GPL(synchronize_sched_expedited); #else /* #ifndef CONFIG_SMP */ @@ -69042,7 +65680,7 @@ index 8aafbb8..2fca109 100644 static int synchronize_sched_expedited_cpu_stop(void *data) { -@@ -1830,7 +1830,7 @@ void synchronize_sched_expedited(void) +@@ -1871,7 +1871,7 @@ void synchronize_sched_expedited(void) int firstsnap, s, snap, trycount = 0; /* Note that atomic_inc_return() implies full memory barrier. */ @@ -69051,7 +65689,7 @@ index 8aafbb8..2fca109 100644 get_online_cpus(); /* -@@ -1851,7 +1851,7 @@ void synchronize_sched_expedited(void) +@@ -1892,7 +1892,7 @@ void synchronize_sched_expedited(void) } /* Check to see if someone else did our work for us. */ @@ -69060,7 +65698,7 @@ index 8aafbb8..2fca109 100644 if (UINT_CMP_GE((unsigned)s, (unsigned)firstsnap)) { smp_mb(); /* ensure test happens before caller kfree */ return; -@@ -1866,7 +1866,7 @@ void synchronize_sched_expedited(void) +@@ -1907,7 +1907,7 @@ void synchronize_sched_expedited(void) * grace period works for us. */ get_online_cpus(); @@ -69069,7 +65707,7 @@ index 8aafbb8..2fca109 100644 smp_mb(); /* ensure read is before try_stop_cpus(). */ } -@@ -1877,12 +1877,12 @@ void synchronize_sched_expedited(void) +@@ -1918,12 +1918,12 @@ void synchronize_sched_expedited(void) * than we did beat us to the punch. */ do { @@ -69084,7 +65722,7 @@ index 8aafbb8..2fca109 100644 put_online_cpus(); } -@@ -1953,7 +1953,7 @@ int rcu_needs_cpu(int cpu) +@@ -1985,7 +1985,7 @@ int rcu_needs_cpu(int cpu) for_each_online_cpu(thatcpu) { if (thatcpu == cpu) continue; @@ -69094,10 +65732,10 @@ index 8aafbb8..2fca109 100644 smp_mb(); /* Order sampling of snap with end of grace period. */ if ((snap & 0x1) != 0) { diff --git a/kernel/rcutree_trace.c b/kernel/rcutree_trace.c -index 3b0c098..43ba2d8 100644 +index 9feffa4..54058df 100644 --- a/kernel/rcutree_trace.c +++ b/kernel/rcutree_trace.c -@@ -74,7 +74,7 @@ static void print_one_rcu_data(struct seq_file *m, struct rcu_data *rdp) +@@ -69,7 +69,7 @@ static void print_one_rcu_data(struct seq_file *m, struct rcu_data *rdp) rdp->qs_pending); #ifdef CONFIG_NO_HZ seq_printf(m, " dt=%d/%d/%d df=%lu", @@ -69106,7 +65744,7 @@ index 3b0c098..43ba2d8 100644 rdp->dynticks->dynticks_nesting, rdp->dynticks->dynticks_nmi_nesting, rdp->dynticks_fqs); -@@ -148,7 +148,7 @@ static void print_one_rcu_data_csv(struct seq_file *m, struct rcu_data *rdp) +@@ -143,7 +143,7 @@ static void print_one_rcu_data_csv(struct seq_file *m, struct rcu_data *rdp) rdp->qs_pending); #ifdef CONFIG_NO_HZ seq_printf(m, ",%d,%d,%d,%lu", @@ -69115,21 +65753,8 @@ index 3b0c098..43ba2d8 100644 rdp->dynticks->dynticks_nesting, rdp->dynticks->dynticks_nmi_nesting, rdp->dynticks_fqs); -diff --git a/kernel/relay.c b/kernel/relay.c -index 859ea5a..096e2fe 100644 ---- a/kernel/relay.c -+++ b/kernel/relay.c -@@ -1236,6 +1236,8 @@ static ssize_t subbuf_splice_actor(struct file *in, - }; - ssize_t ret; - -+ pax_track_stack(); -+ - if (rbuf->subbufs_produced == rbuf->subbufs_consumed) - return 0; - if (splice_grow_spd(pipe, &spd)) diff --git a/kernel/resource.c b/kernel/resource.c -index c8dc249..f1e2359 100644 +index 7640b3a..5879283 100644 --- a/kernel/resource.c +++ b/kernel/resource.c @@ -141,8 +141,18 @@ static const struct file_operations proc_iomem_operations = { @@ -69152,7 +65777,7 @@ index c8dc249..f1e2359 100644 } __initcall(ioresources_init); diff --git a/kernel/rtmutex-tester.c b/kernel/rtmutex-tester.c -index 5c9ccd3..a35e22b 100644 +index 3d9f31c..7fefc9e 100644 --- a/kernel/rtmutex-tester.c +++ b/kernel/rtmutex-tester.c @@ -20,7 +20,7 @@ @@ -69246,10 +65871,10 @@ index 5c9ccd3..a35e22b 100644 default: diff --git a/kernel/sched.c b/kernel/sched.c -index b50b0f0..91e9aed 100644 +index d6b149c..896cbb8 100644 --- a/kernel/sched.c +++ b/kernel/sched.c -@@ -4254,6 +4254,19 @@ pick_next_task(struct rq *rq) +@@ -4389,6 +4389,19 @@ pick_next_task(struct rq *rq) BUG(); /* the idle class will always have a runnable task */ } @@ -69269,16 +65894,7 @@ index b50b0f0..91e9aed 100644 /* * __schedule() is the main scheduler function. */ -@@ -4264,6 +4277,8 @@ static void __sched __schedule(void) - struct rq *rq; - int cpu; - -+ pax_track_stack(); -+ - need_resched: - preempt_disable(); - cpu = smp_processor_id(); -@@ -4273,6 +4288,8 @@ need_resched: +@@ -4408,6 +4421,8 @@ need_resched: schedule_debug(prev); @@ -69287,7 +65903,7 @@ index b50b0f0..91e9aed 100644 if (sched_feat(HRTICK)) hrtick_clear(rq); -@@ -4950,6 +4967,8 @@ int can_nice(const struct task_struct *p, const int nice) +@@ -5098,6 +5113,8 @@ int can_nice(const struct task_struct *p, const int nice) /* convert nice value [19,-20] to rlimit style value [1,40] */ int nice_rlim = 20 - nice; @@ -69296,7 +65912,7 @@ index b50b0f0..91e9aed 100644 return (nice_rlim <= task_rlimit(p, RLIMIT_NICE) || capable(CAP_SYS_NICE)); } -@@ -4983,7 +5002,8 @@ SYSCALL_DEFINE1(nice, int, increment) +@@ -5131,7 +5148,8 @@ SYSCALL_DEFINE1(nice, int, increment) if (nice > 19) nice = 19; @@ -69306,7 +65922,7 @@ index b50b0f0..91e9aed 100644 return -EPERM; retval = security_task_setnice(current, nice); -@@ -5127,6 +5147,7 @@ recheck: +@@ -5288,6 +5306,7 @@ recheck: unsigned long rlim_rtprio = task_rlimit(p, RLIMIT_RTPRIO); @@ -69337,10 +65953,10 @@ index 429242f..d7cca82 100644 #ifdef CONFIG_RT_GROUP_SCHED /* diff --git a/kernel/sched_fair.c b/kernel/sched_fair.c -index bc8ee99..b6f6492 100644 +index 8a39fa3..34f3dbc 100644 --- a/kernel/sched_fair.c +++ b/kernel/sched_fair.c -@@ -4062,7 +4062,7 @@ static void nohz_idle_balance(int this_cpu, enum cpu_idle_type idle) { } +@@ -4801,7 +4801,7 @@ static void nohz_idle_balance(int this_cpu, enum cpu_idle_type idle) { } * run_rebalance_domains is triggered when needed from the scheduler tick. * Also triggered for nohz idle balancing (with nohz_balancing_kick set). */ @@ -69350,7 +65966,7 @@ index bc8ee99..b6f6492 100644 int this_cpu = smp_processor_id(); struct rq *this_rq = cpu_rq(this_cpu); diff --git a/kernel/signal.c b/kernel/signal.c -index 195331c..e89634ce 100644 +index 2065515..aed2987 100644 --- a/kernel/signal.c +++ b/kernel/signal.c @@ -45,12 +45,12 @@ static struct kmem_cache *sigqueue_cachep; @@ -69459,16 +66075,7 @@ index 195331c..e89634ce 100644 return ret; } -@@ -1909,6 +1932,8 @@ static void ptrace_do_notify(int signr, int exit_code, int why) - { - siginfo_t info; - -+ pax_track_stack(); -+ - memset(&info, 0, sizeof info); - info.si_signo = signr; - info.si_code = exit_code; -@@ -2746,7 +2771,15 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info) +@@ -2754,7 +2777,15 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info) int error = -ESRCH; rcu_read_lock(); @@ -69486,7 +66093,7 @@ index 195331c..e89634ce 100644 error = check_kill_permission(sig, info, p); /* diff --git a/kernel/smp.c b/kernel/smp.c -index fb67dfa..f819e2e 100644 +index db197d6..17aef0b 100644 --- a/kernel/smp.c +++ b/kernel/smp.c @@ -580,22 +580,22 @@ int smp_call_function(smp_call_func_t func, void *info, int wait) @@ -69517,7 +66124,7 @@ index fb67dfa..f819e2e 100644 raw_spin_unlock_irq(&call_function.lock); } diff --git a/kernel/softirq.c b/kernel/softirq.c -index fca82c3..1db9690 100644 +index 2c71d91..1021f81 100644 --- a/kernel/softirq.c +++ b/kernel/softirq.c @@ -56,7 +56,7 @@ static struct softirq_action softirq_vec[NR_SOFTIRQS] __cacheline_aligned_in_smp @@ -69571,10 +66178,10 @@ index fca82c3..1db9690 100644 struct tasklet_struct *list; diff --git a/kernel/sys.c b/kernel/sys.c -index 1dbbe69..6d0c5d8 100644 +index 481611f..0754d86 100644 --- a/kernel/sys.c +++ b/kernel/sys.c -@@ -157,6 +157,12 @@ static int set_one_prio(struct task_struct *p, int niceval, int error) +@@ -158,6 +158,12 @@ static int set_one_prio(struct task_struct *p, int niceval, int error) error = -EACCES; goto out; } @@ -69587,7 +66194,7 @@ index 1dbbe69..6d0c5d8 100644 no_nice = security_task_setnice(p, niceval); if (no_nice) { error = no_nice; -@@ -571,6 +577,9 @@ SYSCALL_DEFINE2(setregid, gid_t, rgid, gid_t, egid) +@@ -572,6 +578,9 @@ SYSCALL_DEFINE2(setregid, gid_t, rgid, gid_t, egid) goto error; } @@ -69597,7 +66204,7 @@ index 1dbbe69..6d0c5d8 100644 if (rgid != (gid_t) -1 || (egid != (gid_t) -1 && egid != old->gid)) new->sgid = new->egid; -@@ -600,6 +609,10 @@ SYSCALL_DEFINE1(setgid, gid_t, gid) +@@ -601,6 +610,10 @@ SYSCALL_DEFINE1(setgid, gid_t, gid) old = current_cred(); retval = -EPERM; @@ -69608,7 +66215,7 @@ index 1dbbe69..6d0c5d8 100644 if (nsown_capable(CAP_SETGID)) new->gid = new->egid = new->sgid = new->fsgid = gid; else if (gid == old->gid || gid == old->sgid) -@@ -617,7 +630,7 @@ error: +@@ -618,7 +631,7 @@ error: /* * change the user struct in a credentials set to match the new UID */ @@ -69617,7 +66224,7 @@ index 1dbbe69..6d0c5d8 100644 { struct user_struct *new_user; -@@ -687,6 +700,9 @@ SYSCALL_DEFINE2(setreuid, uid_t, ruid, uid_t, euid) +@@ -688,6 +701,9 @@ SYSCALL_DEFINE2(setreuid, uid_t, ruid, uid_t, euid) goto error; } @@ -69627,7 +66234,7 @@ index 1dbbe69..6d0c5d8 100644 if (new->uid != old->uid) { retval = set_user(new); if (retval < 0) -@@ -731,6 +747,12 @@ SYSCALL_DEFINE1(setuid, uid_t, uid) +@@ -732,6 +748,12 @@ SYSCALL_DEFINE1(setuid, uid_t, uid) old = current_cred(); retval = -EPERM; @@ -69640,7 +66247,7 @@ index 1dbbe69..6d0c5d8 100644 if (nsown_capable(CAP_SETUID)) { new->suid = new->uid = uid; if (uid != old->uid) { -@@ -785,6 +807,9 @@ SYSCALL_DEFINE3(setresuid, uid_t, ruid, uid_t, euid, uid_t, suid) +@@ -786,6 +808,9 @@ SYSCALL_DEFINE3(setresuid, uid_t, ruid, uid_t, euid, uid_t, suid) goto error; } @@ -69650,7 +66257,7 @@ index 1dbbe69..6d0c5d8 100644 if (ruid != (uid_t) -1) { new->uid = ruid; if (ruid != old->uid) { -@@ -849,6 +874,9 @@ SYSCALL_DEFINE3(setresgid, gid_t, rgid, gid_t, egid, gid_t, sgid) +@@ -850,6 +875,9 @@ SYSCALL_DEFINE3(setresgid, gid_t, rgid, gid_t, egid, gid_t, sgid) goto error; } @@ -69660,7 +66267,7 @@ index 1dbbe69..6d0c5d8 100644 if (rgid != (gid_t) -1) new->gid = rgid; if (egid != (gid_t) -1) -@@ -895,6 +923,9 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid) +@@ -896,6 +924,9 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid) old = current_cred(); old_fsuid = old->fsuid; @@ -69670,7 +66277,7 @@ index 1dbbe69..6d0c5d8 100644 if (uid == old->uid || uid == old->euid || uid == old->suid || uid == old->fsuid || nsown_capable(CAP_SETUID)) { -@@ -905,6 +936,7 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid) +@@ -906,6 +937,7 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid) } } @@ -69678,7 +66285,7 @@ index 1dbbe69..6d0c5d8 100644 abort_creds(new); return old_fsuid; -@@ -931,12 +963,16 @@ SYSCALL_DEFINE1(setfsgid, gid_t, gid) +@@ -932,12 +964,16 @@ SYSCALL_DEFINE1(setfsgid, gid_t, gid) if (gid == old->gid || gid == old->egid || gid == old->sgid || gid == old->fsgid || nsown_capable(CAP_SETGID)) { @@ -69695,7 +66302,7 @@ index 1dbbe69..6d0c5d8 100644 abort_creds(new); return old_fsgid; -@@ -1188,7 +1224,10 @@ static int override_release(char __user *release, int len) +@@ -1189,7 +1225,10 @@ static int override_release(char __user *release, int len) } v = ((LINUX_VERSION_CODE >> 8) & 0xff) + 40; snprintf(buf, len, "2.6.%u%s", v, rest); @@ -69707,7 +66314,7 @@ index 1dbbe69..6d0c5d8 100644 } return ret; } -@@ -1242,19 +1281,19 @@ SYSCALL_DEFINE1(olduname, struct oldold_utsname __user *, name) +@@ -1243,19 +1282,19 @@ SYSCALL_DEFINE1(olduname, struct oldold_utsname __user *, name) return -EFAULT; down_read(&uts_sem); @@ -69732,7 +66339,7 @@ index 1dbbe69..6d0c5d8 100644 __OLD_UTS_LEN); error |= __put_user(0, name->machine + __OLD_UTS_LEN); up_read(&uts_sem); -@@ -1717,7 +1756,7 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3, +@@ -1720,7 +1759,7 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3, error = get_dumpable(me->mm); break; case PR_SET_DUMPABLE: @@ -69742,10 +66349,10 @@ index 1dbbe69..6d0c5d8 100644 break; } diff --git a/kernel/sysctl.c b/kernel/sysctl.c -index 11d65b5..6957b37 100644 +index ae27196..7506d69 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c -@@ -85,6 +85,13 @@ +@@ -86,6 +86,13 @@ #if defined(CONFIG_SYSCTL) @@ -69759,7 +66366,7 @@ index 11d65b5..6957b37 100644 /* External variables not in a header file. */ extern int sysctl_overcommit_memory; -@@ -197,6 +204,7 @@ static int sysrq_sysctl_handler(ctl_table *table, int write, +@@ -191,6 +198,7 @@ static int sysrq_sysctl_handler(ctl_table *table, int write, } #endif @@ -69767,7 +66374,7 @@ index 11d65b5..6957b37 100644 static struct ctl_table root_table[]; static struct ctl_table_root sysctl_table_root; -@@ -226,6 +234,20 @@ extern struct ctl_table epoll_table[]; +@@ -220,6 +228,20 @@ extern struct ctl_table epoll_table[]; int sysctl_legacy_va_layout; #endif @@ -69788,7 +66395,7 @@ index 11d65b5..6957b37 100644 /* The default sysctl tables: */ static struct ctl_table root_table[] = { -@@ -272,6 +294,22 @@ static int max_extfrag_threshold = 1000; +@@ -266,6 +288,22 @@ static int max_extfrag_threshold = 1000; #endif static struct ctl_table kern_table[] = { @@ -69811,7 +66418,7 @@ index 11d65b5..6957b37 100644 { .procname = "sched_child_runs_first", .data = &sysctl_sched_child_runs_first, -@@ -546,7 +584,7 @@ static struct ctl_table kern_table[] = { +@@ -550,7 +588,7 @@ static struct ctl_table kern_table[] = { .data = &modprobe_path, .maxlen = KMOD_PATH_LEN, .mode = 0644, @@ -69820,7 +66427,7 @@ index 11d65b5..6957b37 100644 }, { .procname = "modules_disabled", -@@ -713,16 +751,20 @@ static struct ctl_table kern_table[] = { +@@ -717,16 +755,20 @@ static struct ctl_table kern_table[] = { .extra1 = &zero, .extra2 = &one, }, @@ -69842,7 +66449,7 @@ index 11d65b5..6957b37 100644 { .procname = "ngroups_max", .data = &ngroups_max, -@@ -1205,6 +1247,13 @@ static struct ctl_table vm_table[] = { +@@ -1216,6 +1258,13 @@ static struct ctl_table vm_table[] = { .proc_handler = proc_dointvec_minmax, .extra1 = &zero, }, @@ -69856,7 +66463,7 @@ index 11d65b5..6957b37 100644 #else { .procname = "nr_trim_pages", -@@ -1709,6 +1758,17 @@ static int test_perm(int mode, int op) +@@ -1720,6 +1769,17 @@ static int test_perm(int mode, int op) int sysctl_perm(struct ctl_table_root *root, struct ctl_table *table, int op) { int mode; @@ -69874,7 +66481,7 @@ index 11d65b5..6957b37 100644 if (root->permissions) mode = root->permissions(root, current->nsproxy, table); -@@ -2113,6 +2173,16 @@ int proc_dostring(struct ctl_table *table, int write, +@@ -2124,6 +2184,16 @@ int proc_dostring(struct ctl_table *table, int write, buffer, lenp, ppos); } @@ -69891,7 +66498,7 @@ index 11d65b5..6957b37 100644 static size_t proc_skip_spaces(char **buf) { size_t ret; -@@ -2218,6 +2288,8 @@ static int proc_put_long(void __user **buf, size_t *size, unsigned long val, +@@ -2229,6 +2299,8 @@ static int proc_put_long(void __user **buf, size_t *size, unsigned long val, len = strlen(tmp); if (len > *size) len = *size; @@ -69900,7 +66507,7 @@ index 11d65b5..6957b37 100644 if (copy_to_user(*buf, tmp, len)) return -EFAULT; *size -= len; -@@ -2534,8 +2606,11 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int +@@ -2545,8 +2617,11 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int *i = val; } else { val = convdiv * (*i) / convmul; @@ -69913,7 +66520,7 @@ index 11d65b5..6957b37 100644 err = proc_put_long(&buffer, &left, val, false); if (err) break; -@@ -2930,6 +3005,12 @@ int proc_dostring(struct ctl_table *table, int write, +@@ -2941,6 +3016,12 @@ int proc_dostring(struct ctl_table *table, int write, return -ENOSYS; } @@ -69926,7 +66533,7 @@ index 11d65b5..6957b37 100644 int proc_dointvec(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { -@@ -2986,6 +3067,7 @@ EXPORT_SYMBOL(proc_dointvec_minmax); +@@ -2997,6 +3078,7 @@ EXPORT_SYMBOL(proc_dointvec_minmax); EXPORT_SYMBOL(proc_dointvec_userhz_jiffies); EXPORT_SYMBOL(proc_dointvec_ms_jiffies); EXPORT_SYMBOL(proc_dostring); @@ -69935,7 +66542,7 @@ index 11d65b5..6957b37 100644 EXPORT_SYMBOL(proc_doulongvec_ms_jiffies_minmax); EXPORT_SYMBOL(register_sysctl_table); diff --git a/kernel/sysctl_binary.c b/kernel/sysctl_binary.c -index 2ce1b30..82bf0a4 100644 +index a650694..aaeeb20 100644 --- a/kernel/sysctl_binary.c +++ b/kernel/sysctl_binary.c @@ -989,7 +989,7 @@ static ssize_t bin_intvec(struct file *file, @@ -70041,7 +66648,7 @@ index e660464..c8b9e67 100644 return cmd_attr_register_cpumask(info); else if (info->attrs[TASKSTATS_CMD_ATTR_DEREGISTER_CPUMASK]) diff --git a/kernel/time.c b/kernel/time.c -index d776062..fa8d186 100644 +index 73e416d..cfc6f69 100644 --- a/kernel/time.c +++ b/kernel/time.c @@ -163,6 +163,11 @@ int do_sys_settimeofday(const struct timespec *tv, const struct timezone *tz) @@ -70057,11 +66664,11 @@ index d776062..fa8d186 100644 sys_tz = *tz; update_vsyscall_tz(); diff --git a/kernel/time/alarmtimer.c b/kernel/time/alarmtimer.c -index 8b70c76..923e9f5 100644 +index 8a46f5d..bbe6f9c 100644 --- a/kernel/time/alarmtimer.c +++ b/kernel/time/alarmtimer.c -@@ -693,7 +693,7 @@ static int __init alarmtimer_init(void) - { +@@ -773,7 +773,7 @@ static int __init alarmtimer_init(void) + struct platform_device *pdev; int error = 0; int i; - struct k_clock alarm_clock = { @@ -70070,7 +66677,7 @@ index 8b70c76..923e9f5 100644 .clock_get = alarm_clock_get, .timer_create = alarm_timer_create, diff --git a/kernel/time/tick-broadcast.c b/kernel/time/tick-broadcast.c -index 7a90d02..6d8585a 100644 +index fd4a7b1..fae5c2a 100644 --- a/kernel/time/tick-broadcast.c +++ b/kernel/time/tick-broadcast.c @@ -115,7 +115,7 @@ int tick_device_uses_broadcast(struct clock_event_device *dev, int cpu) @@ -70083,7 +66690,7 @@ index 7a90d02..6d8585a 100644 cpumask_clear_cpu(cpu, tick_get_broadcast_mask()); tick_broadcast_clear_oneshot(cpu); diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c -index 6f9798b..f8c4087 100644 +index 2378413..be455fd 100644 --- a/kernel/time/timekeeping.c +++ b/kernel/time/timekeeping.c @@ -14,6 +14,7 @@ @@ -70149,7 +66756,7 @@ index 3258455..f35227d 100644 return -ENOMEM; return 0; diff --git a/kernel/time/timer_stats.c b/kernel/time/timer_stats.c -index a5d0a3a..60c7948 100644 +index 0b537f2..9e71eca 100644 --- a/kernel/time/timer_stats.c +++ b/kernel/time/timer_stats.c @@ -116,7 +116,7 @@ static ktime_t time_start, time_stop; @@ -70221,7 +66828,7 @@ index a5d0a3a..60c7948 100644 return -ENOMEM; return 0; diff --git a/kernel/timer.c b/kernel/timer.c -index 8cff361..0fb5cd8 100644 +index 9c3c62b..441690e 100644 --- a/kernel/timer.c +++ b/kernel/timer.c @@ -1304,7 +1304,7 @@ void update_process_times(int user_tick) @@ -70234,10 +66841,10 @@ index 8cff361..0fb5cd8 100644 struct tvec_base *base = __this_cpu_read(tvec_bases); diff --git a/kernel/trace/blktrace.c b/kernel/trace/blktrace.c -index 7c910a5..8b72104 100644 +index 16fc34a..efd8bb8 100644 --- a/kernel/trace/blktrace.c +++ b/kernel/trace/blktrace.c -@@ -323,7 +323,7 @@ static ssize_t blk_dropped_read(struct file *filp, char __user *buffer, +@@ -324,7 +324,7 @@ static ssize_t blk_dropped_read(struct file *filp, char __user *buffer, struct blk_trace *bt = filp->private_data; char buf[16]; @@ -70246,7 +66853,7 @@ index 7c910a5..8b72104 100644 return simple_read_from_buffer(buffer, count, ppos, buf, strlen(buf)); } -@@ -388,7 +388,7 @@ static int blk_subbuf_start_callback(struct rchan_buf *buf, void *subbuf, +@@ -389,7 +389,7 @@ static int blk_subbuf_start_callback(struct rchan_buf *buf, void *subbuf, return 1; bt = buf->chan->private_data; @@ -70255,7 +66862,7 @@ index 7c910a5..8b72104 100644 return 0; } -@@ -489,7 +489,7 @@ int do_blk_trace_setup(struct request_queue *q, char *name, dev_t dev, +@@ -490,7 +490,7 @@ int do_blk_trace_setup(struct request_queue *q, char *name, dev_t dev, bt->dir = dir; bt->dev = dev; @@ -70265,10 +66872,10 @@ index 7c910a5..8b72104 100644 ret = -EIO; bt->dropped_file = debugfs_create_file("dropped", 0444, dir, bt, diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c -index 48d3762..3b61fce 100644 +index b1e8943..369e4ff 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c -@@ -1584,12 +1584,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec) +@@ -1587,12 +1587,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec) if (unlikely(ftrace_disabled)) return 0; @@ -70288,7 +66895,7 @@ index 48d3762..3b61fce 100644 } /* -@@ -2606,7 +2611,7 @@ static void ftrace_free_entry_rcu(struct rcu_head *rhp) +@@ -2609,7 +2614,7 @@ static void ftrace_free_entry_rcu(struct rcu_head *rhp) int register_ftrace_function_probe(char *glob, struct ftrace_probe_ops *ops, @@ -70298,28 +66905,10 @@ index 48d3762..3b61fce 100644 struct ftrace_func_probe *entry; struct ftrace_page *pg; diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c -index 17a2d44..85907e2 100644 +index f2bd275..adaf3a2 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c -@@ -3451,6 +3451,8 @@ static ssize_t tracing_splice_read_pipe(struct file *filp, - size_t rem; - unsigned int i; - -+ pax_track_stack(); -+ - if (splice_grow_spd(pipe, &spd)) - return -ENOMEM; - -@@ -3926,6 +3928,8 @@ tracing_buffers_splice_read(struct file *file, loff_t *ppos, - int entries, size, i; - size_t ret; - -+ pax_track_stack(); -+ - if (splice_grow_spd(pipe, &spd)) - return -ENOMEM; - -@@ -4093,10 +4097,9 @@ static const struct file_operations tracing_dyn_info_fops = { +@@ -4201,10 +4201,9 @@ static const struct file_operations tracing_dyn_info_fops = { }; #endif @@ -70331,7 +66920,7 @@ index 17a2d44..85907e2 100644 static int once; if (d_tracer) -@@ -4116,10 +4119,9 @@ struct dentry *tracing_init_dentry(void) +@@ -4224,10 +4223,9 @@ struct dentry *tracing_init_dentry(void) return d_tracer; } @@ -70531,26 +67120,26 @@ index 209b379..7f76423 100644 put_task_struct(tsk); } diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug -index c0cb9c4..f33aa89 100644 +index 82928f5..92da771 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug -@@ -1091,6 +1091,7 @@ config LATENCYTOP +@@ -1103,6 +1103,7 @@ config LATENCYTOP depends on DEBUG_KERNEL depends on STACKTRACE_SUPPORT depends on PROC_FS + depends on !GRKERNSEC_HIDESYM - select FRAME_POINTER if !MIPS && !PPC && !S390 && !MICROBLAZE + select FRAME_POINTER if !MIPS && !PPC && !S390 && !MICROBLAZE && !ARM_UNWIND select KALLSYMS select KALLSYMS_ALL diff --git a/lib/bitmap.c b/lib/bitmap.c -index 2f4412e..a557e27 100644 +index 0d4a127..33a06c7 100644 --- a/lib/bitmap.c +++ b/lib/bitmap.c @@ -419,7 +419,7 @@ int __bitmap_parse(const char *buf, unsigned int buflen, { int c, old_c, totaldigits, ndigits, nchunks, nbits; u32 chunk; -- const char __user *ubuf = buf; +- const char __user __force *ubuf = (const char __user __force *)buf; + const char __user *ubuf = (const char __force_user *)buf; bitmap_zero(maskp, nmaskbits); @@ -70559,25 +67148,25 @@ index 2f4412e..a557e27 100644 { if (!access_ok(VERIFY_READ, ubuf, ulen)) return -EFAULT; -- return __bitmap_parse((const char *)ubuf, ulen, 1, maskp, nmaskbits); -+ return __bitmap_parse((const char __force_kernel *)ubuf, ulen, 1, maskp, nmaskbits); - } - EXPORT_SYMBOL(bitmap_parse_user); +- return __bitmap_parse((const char __force *)ubuf, ++ return __bitmap_parse((const char __force_kernel *)ubuf, + ulen, 1, maskp, nmaskbits); -@@ -594,7 +594,7 @@ static int __bitmap_parselist(const char *buf, unsigned int buflen, + } +@@ -596,7 +596,7 @@ static int __bitmap_parselist(const char *buf, unsigned int buflen, { unsigned a, b; int c, old_c, totaldigits; -- const char __user *ubuf = buf; +- const char __user __force *ubuf = (const char __user __force *)buf; + const char __user *ubuf = (const char __force_user *)buf; int exp_digit, in_range; totaldigits = c = 0; -@@ -694,7 +694,7 @@ int bitmap_parselist_user(const char __user *ubuf, +@@ -696,7 +696,7 @@ int bitmap_parselist_user(const char __user *ubuf, { if (!access_ok(VERIFY_READ, ubuf, ulen)) return -EFAULT; -- return __bitmap_parselist((const char *)ubuf, +- return __bitmap_parselist((const char __force *)ubuf, + return __bitmap_parselist((const char __force_kernel *)ubuf, ulen, 1, maskp, nmaskbits); } @@ -70631,10 +67220,10 @@ index 7c0e953..f642b5c 100644 EXPORT_SYMBOL(devm_ioport_unmap); diff --git a/lib/dma-debug.c b/lib/dma-debug.c -index db07bfd..719b5ab 100644 +index fea790a..ebb0e82 100644 --- a/lib/dma-debug.c +++ b/lib/dma-debug.c -@@ -870,7 +870,7 @@ out: +@@ -925,7 +925,7 @@ out: static void check_for_stack(struct device *dev, void *addr) { @@ -70707,7 +67296,7 @@ index 3efb882..8492f4c 100644 if (atomic_dec_and_test(&kref->refcount)) { diff --git a/lib/radix-tree.c b/lib/radix-tree.c -index a2f9da5..3bcadb6 100644 +index d9df745..e73c2fe 100644 --- a/lib/radix-tree.c +++ b/lib/radix-tree.c @@ -80,7 +80,7 @@ struct radix_tree_preload { @@ -70720,7 +67309,7 @@ index a2f9da5..3bcadb6 100644 static inline void *ptr_to_indirect(void *ptr) { diff --git a/lib/vsprintf.c b/lib/vsprintf.c -index d7222a9..2172edc 100644 +index 993599e..84dc70e 100644 --- a/lib/vsprintf.c +++ b/lib/vsprintf.c @@ -16,6 +16,9 @@ @@ -70733,7 +67322,7 @@ index d7222a9..2172edc 100644 #include <stdarg.h> #include <linux/module.h> #include <linux/types.h> -@@ -432,7 +435,7 @@ char *symbol_string(char *buf, char *end, void *ptr, +@@ -413,7 +416,7 @@ char *symbol_string(char *buf, char *end, void *ptr, char sym[KSYM_SYMBOL_LEN]; if (ext == 'B') sprint_backtrace(sym, value); @@ -70742,7 +67331,7 @@ index d7222a9..2172edc 100644 sprint_symbol(sym, value); else kallsyms_lookup(value, NULL, NULL, NULL, sym); -@@ -796,7 +799,11 @@ char *uuid_string(char *buf, char *end, const u8 *addr, +@@ -777,7 +780,11 @@ char *uuid_string(char *buf, char *end, const u8 *addr, return string(buf, end, uuid, spec); } @@ -70754,7 +67343,7 @@ index d7222a9..2172edc 100644 /* * Show a '%p' thing. A kernel extension is that the '%p' is followed -@@ -810,6 +817,8 @@ int kptr_restrict __read_mostly; +@@ -791,6 +798,8 @@ int kptr_restrict __read_mostly; * - 'S' For symbolic direct pointers with offset * - 's' For symbolic direct pointers without offset * - 'B' For backtraced symbolic direct pointers with offset @@ -70763,7 +67352,7 @@ index d7222a9..2172edc 100644 * - 'R' For decoded struct resource, e.g., [mem 0x0-0x1f 64bit pref] * - 'r' For raw struct resource, e.g., [mem 0x0-0x1f flags 0x201] * - 'M' For a 6-byte MAC address, it prints the address in the -@@ -854,12 +863,12 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, +@@ -835,12 +844,12 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, { if (!ptr && *fmt != 'K') { /* @@ -70778,7 +67367,7 @@ index d7222a9..2172edc 100644 } switch (*fmt) { -@@ -869,6 +878,13 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, +@@ -850,6 +859,13 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, /* Fallthrough */ case 'S': case 's': @@ -70792,7 +67381,7 @@ index d7222a9..2172edc 100644 case 'B': return symbol_string(buf, end, ptr, spec, *fmt); case 'R': -@@ -1627,11 +1643,11 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf) +@@ -1608,11 +1624,11 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf) typeof(type) value; \ if (sizeof(type) == 8) { \ args = PTR_ALIGN(args, sizeof(u32)); \ @@ -70807,7 +67396,7 @@ index d7222a9..2172edc 100644 } \ args += sizeof(type); \ value; \ -@@ -1694,7 +1710,7 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf) +@@ -1675,7 +1691,7 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf) case FORMAT_TYPE_STR: { const char *str_arg = args; args += strlen(str_arg) + 1; @@ -70824,10 +67413,10 @@ index 0000000..7cd6065 @@ -0,0 +1 @@ +-grsec diff --git a/mm/Kconfig b/mm/Kconfig -index f2f1ca1..0645f06 100644 +index 011b110..b492af2 100644 --- a/mm/Kconfig +++ b/mm/Kconfig -@@ -238,10 +238,10 @@ config KSM +@@ -241,10 +241,10 @@ config KSM root has set /sys/kernel/mm/ksm/run to 1 (if CONFIG_SYSFS is set). config DEFAULT_MMAP_MIN_ADDR @@ -70842,10 +67431,10 @@ index f2f1ca1..0645f06 100644 from userspace allocation. Keeping a user from writing to low pages can help reduce the impact of kernel NULL pointer bugs. diff --git a/mm/filemap.c b/mm/filemap.c -index 0eedbf8..b108990 100644 +index 5f0a3c9..4f87f0c 100644 --- a/mm/filemap.c +++ b/mm/filemap.c -@@ -1770,7 +1770,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma) +@@ -1784,7 +1784,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma) struct address_space *mapping = file->f_mapping; if (!mapping->a_ops->readpage) @@ -70854,7 +67443,7 @@ index 0eedbf8..b108990 100644 file_accessed(file); vma->vm_ops = &generic_file_vm_ops; vma->vm_flags |= VM_CAN_NONLINEAR; -@@ -2173,6 +2173,7 @@ inline int generic_write_checks(struct file *file, loff_t *pos, size_t *count, i +@@ -2190,6 +2190,7 @@ inline int generic_write_checks(struct file *file, loff_t *pos, size_t *count, i *pos = i_size_read(inode); if (limit != RLIM_INFINITY) { @@ -70863,10 +67452,10 @@ index 0eedbf8..b108990 100644 send_sig(SIGXFSZ, current, 0); return -EFBIG; diff --git a/mm/fremap.c b/mm/fremap.c -index b8e0e2d..076e171 100644 +index 9ed4fd4..c42648d 100644 --- a/mm/fremap.c +++ b/mm/fremap.c -@@ -156,6 +156,11 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size, +@@ -155,6 +155,11 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size, retry: vma = find_vma(mm, start); @@ -70879,7 +67468,7 @@ index b8e0e2d..076e171 100644 * Make sure the vma is shared, that it supports prefaulting, * and that the remapped range is valid and fully within diff --git a/mm/highmem.c b/mm/highmem.c -index 5ef672c..d7660f4 100644 +index 57d82c6..e9e0552 100644 --- a/mm/highmem.c +++ b/mm/highmem.c @@ -125,9 +125,10 @@ static void flush_all_zero_pkmaps(void) @@ -70908,10 +67497,10 @@ index 5ef672c..d7660f4 100644 set_page_address(page, (void *)vaddr); diff --git a/mm/huge_memory.c b/mm/huge_memory.c -index d819d93..468e18f 100644 +index 36b3d98..584cb54 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c -@@ -702,7 +702,7 @@ out: +@@ -703,7 +703,7 @@ out: * run pte_offset_map on the pmd, if an huge pmd could * materialize from under us from a different thread. */ @@ -70920,15 +67509,6 @@ index d819d93..468e18f 100644 return VM_FAULT_OOM; /* if an huge pmd materialized from under us just retry later */ if (unlikely(pmd_trans_huge(*pmd))) -@@ -829,7 +829,7 @@ static int do_huge_pmd_wp_page_fallback(struct mm_struct *mm, - - for (i = 0; i < HPAGE_PMD_NR; i++) { - copy_user_highpage(pages[i], page + i, -- haddr + PAGE_SHIFT*i, vma); -+ haddr + PAGE_SIZE*i, vma); - __SetPageUptodate(pages[i]); - cond_resched(); - } diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 2316840..b418671 100644 --- a/mm/hugetlb.c @@ -71035,7 +67615,7 @@ index 2189af4..f2ca332 100644 #ifdef CONFIG_MEMORY_FAILURE extern bool is_free_buddy_page(struct page *page); diff --git a/mm/kmemleak.c b/mm/kmemleak.c -index d6880f5..ed77913 100644 +index f3b2a00..61da94d 100644 --- a/mm/kmemleak.c +++ b/mm/kmemleak.c @@ -357,7 +357,7 @@ static void print_unreferenced(struct seq_file *seq, @@ -71048,7 +67628,7 @@ index d6880f5..ed77913 100644 } diff --git a/mm/maccess.c b/mm/maccess.c -index 4cee182..e00511d 100644 +index d53adf9..03a24bf 100644 --- a/mm/maccess.c +++ b/mm/maccess.c @@ -26,7 +26,7 @@ long __probe_kernel_read(void *dst, const void *src, size_t size) @@ -71150,10 +67730,10 @@ index 74bf193..feb6fd3 100644 if (end == start) goto out; diff --git a/mm/memory-failure.c b/mm/memory-failure.c -index 2b43ba0..fc09657 100644 +index 06d3479..0778eef 100644 --- a/mm/memory-failure.c +++ b/mm/memory-failure.c -@@ -60,7 +60,7 @@ int sysctl_memory_failure_early_kill __read_mostly = 0; +@@ -61,7 +61,7 @@ int sysctl_memory_failure_early_kill __read_mostly = 0; int sysctl_memory_failure_recovery __read_mostly = 1; @@ -71162,7 +67742,7 @@ index 2b43ba0..fc09657 100644 #if defined(CONFIG_HWPOISON_INJECT) || defined(CONFIG_HWPOISON_INJECT_MODULE) -@@ -201,7 +201,7 @@ static int kill_proc_ao(struct task_struct *t, unsigned long addr, int trapno, +@@ -202,7 +202,7 @@ static int kill_proc_ao(struct task_struct *t, unsigned long addr, int trapno, si.si_signo = SIGBUS; si.si_errno = 0; si.si_code = BUS_MCEERR_AO; @@ -71171,7 +67751,7 @@ index 2b43ba0..fc09657 100644 #ifdef __ARCH_SI_TRAPNO si.si_trapno = trapno; #endif -@@ -1009,7 +1009,7 @@ int __memory_failure(unsigned long pfn, int trapno, int flags) +@@ -1010,7 +1010,7 @@ int __memory_failure(unsigned long pfn, int trapno, int flags) } nr_pages = 1 << compound_trans_order(hpage); @@ -71180,7 +67760,7 @@ index 2b43ba0..fc09657 100644 /* * We need/can do nothing about count=0 pages. -@@ -1039,7 +1039,7 @@ int __memory_failure(unsigned long pfn, int trapno, int flags) +@@ -1040,7 +1040,7 @@ int __memory_failure(unsigned long pfn, int trapno, int flags) if (!PageHWPoison(hpage) || (hwpoison_filter(p) && TestClearPageHWPoison(p)) || (p != hpage && TestSetPageHWPoison(hpage))) { @@ -71189,7 +67769,7 @@ index 2b43ba0..fc09657 100644 return 0; } set_page_hwpoison_huge_page(hpage); -@@ -1097,7 +1097,7 @@ int __memory_failure(unsigned long pfn, int trapno, int flags) +@@ -1098,7 +1098,7 @@ int __memory_failure(unsigned long pfn, int trapno, int flags) } if (hwpoison_filter(p)) { if (TestClearPageHWPoison(p)) @@ -71198,7 +67778,7 @@ index 2b43ba0..fc09657 100644 unlock_page(hpage); put_page(hpage); return 0; -@@ -1314,7 +1314,7 @@ int unpoison_memory(unsigned long pfn) +@@ -1315,7 +1315,7 @@ int unpoison_memory(unsigned long pfn) return 0; } if (TestClearPageHWPoison(p)) @@ -71207,7 +67787,7 @@ index 2b43ba0..fc09657 100644 pr_info("MCE: Software-unpoisoned free page %#lx\n", pfn); return 0; } -@@ -1328,7 +1328,7 @@ int unpoison_memory(unsigned long pfn) +@@ -1329,7 +1329,7 @@ int unpoison_memory(unsigned long pfn) */ if (TestClearPageHWPoison(page)) { pr_info("MCE: Software-unpoisoned page %#lx\n", pfn); @@ -71216,7 +67796,7 @@ index 2b43ba0..fc09657 100644 freeit = 1; if (PageHuge(page)) clear_page_hwpoison_huge_page(page); -@@ -1441,7 +1441,7 @@ static int soft_offline_huge_page(struct page *page, int flags) +@@ -1442,7 +1442,7 @@ static int soft_offline_huge_page(struct page *page, int flags) } done: if (!PageHWPoison(hpage)) @@ -71225,7 +67805,7 @@ index 2b43ba0..fc09657 100644 set_page_hwpoison_huge_page(hpage); dequeue_hwpoisoned_huge_page(hpage); /* keep elevated page count for bad page */ -@@ -1572,7 +1572,7 @@ int soft_offline_page(struct page *page, int flags) +@@ -1573,7 +1573,7 @@ int soft_offline_page(struct page *page, int flags) return ret; done: @@ -71235,7 +67815,7 @@ index 2b43ba0..fc09657 100644 /* keep elevated page count for bad page */ return ret; diff --git a/mm/memory.c b/mm/memory.c -index b2b8731..6080174 100644 +index 829d437..3d3926a 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -457,8 +457,12 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, @@ -71802,7 +68382,7 @@ index b2b8731..6080174 100644 * Make sure the vDSO gets into every core dump. * Dumping its contents makes post-mortem fully interpretable later diff --git a/mm/mempolicy.c b/mm/mempolicy.c -index 2775fd0..f2b1c49 100644 +index c3fdbcb..2e8ef90 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -640,6 +640,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, @@ -71877,30 +68457,10 @@ index 2775fd0..f2b1c49 100644 err = -EPERM; goto out; diff --git a/mm/migrate.c b/mm/migrate.c -index 14d0a6a..0360908 100644 +index 177aca4..ab3a744 100644 --- a/mm/migrate.c +++ b/mm/migrate.c -@@ -866,9 +866,9 @@ static int unmap_and_move_huge_page(new_page_t get_new_page, - - if (anon_vma) - put_anon_vma(anon_vma); --out: - unlock_page(hpage); - -+out: - if (rc != -EAGAIN) { - list_del(&hpage->lru); - put_page(hpage); -@@ -1124,6 +1124,8 @@ static int do_pages_move(struct mm_struct *mm, struct task_struct *task, - unsigned long chunk_start; - int err; - -+ pax_track_stack(); -+ - task_nodes = cpuset_mems_allowed(task); - - err = -ENOMEM; -@@ -1308,6 +1310,14 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages, +@@ -1313,6 +1313,14 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages, if (!mm) return -EINVAL; @@ -71915,7 +68475,7 @@ index 14d0a6a..0360908 100644 /* * Check if this process has the right to modify the specified * process. The right exists if the process has administrative -@@ -1317,8 +1327,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages, +@@ -1322,8 +1330,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages, rcu_read_lock(); tcred = __task_cred(task); if (cred->euid != tcred->suid && cred->euid != tcred->uid && @@ -71926,7 +68486,7 @@ index 14d0a6a..0360908 100644 err = -EPERM; goto out; diff --git a/mm/mlock.c b/mm/mlock.c -index 048260c..57f4a4e 100644 +index 4f4f53b..9511904 100644 --- a/mm/mlock.c +++ b/mm/mlock.c @@ -13,6 +13,7 @@ @@ -71935,9 +68495,9 @@ index 048260c..57f4a4e 100644 #include <linux/syscalls.h> +#include <linux/security.h> #include <linux/sched.h> - #include <linux/module.h> + #include <linux/export.h> #include <linux/rmap.h> -@@ -377,6 +378,9 @@ static int do_mlock(unsigned long start, size_t len, int on) +@@ -385,6 +386,9 @@ static int do_mlock(unsigned long start, size_t len, int on) return -EINVAL; if (end == start) return 0; @@ -71947,7 +68507,7 @@ index 048260c..57f4a4e 100644 vma = find_vma_prev(current->mm, start, &prev); if (!vma || vma->vm_start > start) return -ENOMEM; -@@ -387,6 +391,11 @@ static int do_mlock(unsigned long start, size_t len, int on) +@@ -395,6 +399,11 @@ static int do_mlock(unsigned long start, size_t len, int on) for (nstart = start ; ; ) { vm_flags_t newflags; @@ -71959,7 +68519,7 @@ index 048260c..57f4a4e 100644 /* Here we know that vma->vm_start <= nstart < vma->vm_end. */ newflags = vma->vm_flags | VM_LOCKED; -@@ -492,6 +501,7 @@ SYSCALL_DEFINE2(mlock, unsigned long, start, size_t, len) +@@ -500,6 +509,7 @@ SYSCALL_DEFINE2(mlock, unsigned long, start, size_t, len) lock_limit >>= PAGE_SHIFT; /* check against resource limits */ @@ -71967,7 +68527,7 @@ index 048260c..57f4a4e 100644 if ((locked <= lock_limit) || capable(CAP_IPC_LOCK)) error = do_mlock(start, len, 1); up_write(¤t->mm->mmap_sem); -@@ -515,17 +525,23 @@ SYSCALL_DEFINE2(munlock, unsigned long, start, size_t, len) +@@ -523,17 +533,23 @@ SYSCALL_DEFINE2(munlock, unsigned long, start, size_t, len) static int do_mlockall(int flags) { struct vm_area_struct * vma, * prev = NULL; @@ -71994,7 +68554,7 @@ index 048260c..57f4a4e 100644 newflags = vma->vm_flags | VM_LOCKED; if (!(flags & MCL_CURRENT)) newflags &= ~VM_LOCKED; -@@ -557,6 +573,7 @@ SYSCALL_DEFINE1(mlockall, int, flags) +@@ -566,6 +582,7 @@ SYSCALL_DEFINE1(mlockall, int, flags) lock_limit >>= PAGE_SHIFT; ret = -ENOMEM; @@ -72003,7 +68563,7 @@ index 048260c..57f4a4e 100644 capable(CAP_IPC_LOCK)) ret = do_mlockall(flags); diff --git a/mm/mmap.c b/mm/mmap.c -index a65efd4..17d61ff 100644 +index eae90af..51ca80b 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -46,6 +46,16 @@ @@ -73495,12 +70055,12 @@ index 5a688a2..27e031c 100644 if (nstart < prev->vm_end) diff --git a/mm/mremap.c b/mm/mremap.c -index 506fa44..ccc0ba9 100644 +index d6959cb..18a402a 100644 --- a/mm/mremap.c +++ b/mm/mremap.c -@@ -113,6 +113,12 @@ static void move_ptes(struct vm_area_struct *vma, pmd_t *old_pmd, +@@ -106,6 +106,12 @@ static void move_ptes(struct vm_area_struct *vma, pmd_t *old_pmd, continue; - pte = ptep_clear_flush(vma, old_addr, old_pte); + pte = ptep_get_and_clear(mm, old_addr, old_pte); pte = move_pte(pte, new_vma->vm_page_prot, old_addr, new_addr); + +#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT @@ -73511,7 +70071,7 @@ index 506fa44..ccc0ba9 100644 set_pte_at(mm, new_addr, new_pte, pte); } -@@ -272,6 +278,11 @@ static struct vm_area_struct *vma_to_resize(unsigned long addr, +@@ -290,6 +296,11 @@ static struct vm_area_struct *vma_to_resize(unsigned long addr, if (is_vm_hugetlb_page(vma)) goto Einval; @@ -73523,7 +70083,7 @@ index 506fa44..ccc0ba9 100644 /* We can't remap across vm area boundaries */ if (old_len > vma->vm_end - addr) goto Efault; -@@ -328,20 +339,25 @@ static unsigned long mremap_to(unsigned long addr, +@@ -346,20 +357,25 @@ static unsigned long mremap_to(unsigned long addr, unsigned long ret = -EINVAL; unsigned long charged = 0; unsigned long map_flags; @@ -73554,7 +70114,7 @@ index 506fa44..ccc0ba9 100644 goto out; ret = security_file_mmap(NULL, 0, 0, 0, new_addr, 1); -@@ -413,6 +429,7 @@ unsigned long do_mremap(unsigned long addr, +@@ -431,6 +447,7 @@ unsigned long do_mremap(unsigned long addr, struct vm_area_struct *vma; unsigned long ret = -EINVAL; unsigned long charged = 0; @@ -73562,7 +70122,7 @@ index 506fa44..ccc0ba9 100644 if (flags & ~(MREMAP_FIXED | MREMAP_MAYMOVE)) goto out; -@@ -431,6 +448,17 @@ unsigned long do_mremap(unsigned long addr, +@@ -449,6 +466,17 @@ unsigned long do_mremap(unsigned long addr, if (!new_len) goto out; @@ -73580,7 +70140,7 @@ index 506fa44..ccc0ba9 100644 if (flags & MREMAP_FIXED) { if (flags & MREMAP_MAYMOVE) ret = mremap_to(addr, old_len, new_addr, new_len); -@@ -480,6 +508,7 @@ unsigned long do_mremap(unsigned long addr, +@@ -498,6 +526,7 @@ unsigned long do_mremap(unsigned long addr, addr + new_len); } ret = addr; @@ -73588,7 +70148,7 @@ index 506fa44..ccc0ba9 100644 goto out; } } -@@ -506,7 +535,13 @@ unsigned long do_mremap(unsigned long addr, +@@ -524,7 +553,13 @@ unsigned long do_mremap(unsigned long addr, ret = security_file_mmap(NULL, 0, 0, 0, new_addr, 1); if (ret) goto out; @@ -73603,7 +70163,7 @@ index 506fa44..ccc0ba9 100644 out: if (ret & ~PAGE_MASK) diff --git a/mm/nobootmem.c b/mm/nobootmem.c -index 6e93dc7..c98df0c 100644 +index 7fa41b4..6087460 100644 --- a/mm/nobootmem.c +++ b/mm/nobootmem.c @@ -110,19 +110,30 @@ static void __init __free_pages_memory(unsigned long start, unsigned long end) @@ -73640,7 +70200,7 @@ index 6e93dc7..c98df0c 100644 return count; } diff --git a/mm/nommu.c b/mm/nommu.c -index 4358032..e79b99f 100644 +index b982290..7d73f53 100644 --- a/mm/nommu.c +++ b/mm/nommu.c @@ -62,7 +62,6 @@ int sysctl_overcommit_memory = OVERCOMMIT_GUESS; /* heuristic overcommit */ @@ -73676,10 +70236,10 @@ index 4358032..e79b99f 100644 new->vm_region = region; diff --git a/mm/page_alloc.c b/mm/page_alloc.c -index e8fae15..18c0442 100644 +index 2b8ba3a..386d603 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c -@@ -340,7 +340,7 @@ out: +@@ -341,7 +341,7 @@ out: * This usage means that zero-order pages may not be compound. */ @@ -73688,7 +70248,7 @@ index e8fae15..18c0442 100644 { __free_pages_ok(page, compound_order(page)); } -@@ -653,6 +653,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order) +@@ -654,6 +654,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order) int i; int bad = 0; @@ -73699,7 +70259,7 @@ index e8fae15..18c0442 100644 trace_mm_page_free_direct(page, order); kmemcheck_free_shadow(page, order); -@@ -668,6 +672,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order) +@@ -669,6 +673,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order) debug_check_no_obj_freed(page_address(page), PAGE_SIZE << order); } @@ -73712,7 +70272,7 @@ index e8fae15..18c0442 100644 arch_free_page(page, order); kernel_map_pages(page, 1 << order, 0); -@@ -783,8 +793,10 @@ static int prep_new_page(struct page *page, int order, gfp_t gfp_flags) +@@ -784,8 +794,10 @@ static int prep_new_page(struct page *page, int order, gfp_t gfp_flags) arch_alloc_page(page, order); kernel_map_pages(page, 1 << order, 1); @@ -73723,16 +70283,7 @@ index e8fae15..18c0442 100644 if (order && (gfp_flags & __GFP_COMP)) prep_compound_page(page, order); -@@ -2539,6 +2551,8 @@ void show_free_areas(unsigned int filter) - int cpu; - struct zone *zone; - -+ pax_track_stack(); -+ - for_each_populated_zone(zone) { - if (skip_free_areas_node(filter, zone_to_nid(zone))) - continue; -@@ -3350,7 +3364,13 @@ static int pageblock_is_reserved(unsigned long start_pfn, unsigned long end_pfn) +@@ -3357,7 +3369,13 @@ static int pageblock_is_reserved(unsigned long start_pfn, unsigned long end_pfn) unsigned long pfn; for (pfn = start_pfn; pfn < end_pfn; pfn++) { @@ -73747,7 +70298,7 @@ index e8fae15..18c0442 100644 } return 0; diff --git a/mm/percpu.c b/mm/percpu.c -index 0ae7a09..613118e 100644 +index 716eb4a..8d10419 100644 --- a/mm/percpu.c +++ b/mm/percpu.c @@ -121,7 +121,7 @@ static unsigned int pcpu_low_unit_cpu __read_mostly; @@ -73759,8 +70310,54 @@ index 0ae7a09..613118e 100644 EXPORT_SYMBOL_GPL(pcpu_base_addr); static const int *pcpu_unit_map __read_mostly; /* cpu -> unit */ +diff --git a/mm/process_vm_access.c b/mm/process_vm_access.c +index e920aa3..c19184f0 100644 +--- a/mm/process_vm_access.c ++++ b/mm/process_vm_access.c +@@ -13,6 +13,7 @@ + #include <linux/uio.h> + #include <linux/sched.h> + #include <linux/highmem.h> ++#include <linux/security.h> + #include <linux/ptrace.h> + #include <linux/slab.h> + #include <linux/syscalls.h> +@@ -264,13 +265,11 @@ static ssize_t process_vm_rw_core(pid_t pid, const struct iovec *lvec, + */ + for (i = 0; i < riovcnt; i++) { + iov_len = rvec[i].iov_len; +- if (iov_len > 0) { +- nr_pages_iov = ((unsigned long)rvec[i].iov_base +- + iov_len) +- / PAGE_SIZE - (unsigned long)rvec[i].iov_base +- / PAGE_SIZE + 1; +- nr_pages = max(nr_pages, nr_pages_iov); +- } ++ if (iov_len <= 0) ++ continue; ++ nr_pages_iov = ((unsigned long)rvec[i].iov_base + iov_len) / PAGE_SIZE - ++ (unsigned long)rvec[i].iov_base / PAGE_SIZE + 1; ++ nr_pages = max(nr_pages, nr_pages_iov); + } + + if (nr_pages == 0) +@@ -298,8 +297,13 @@ static ssize_t process_vm_rw_core(pid_t pid, const struct iovec *lvec, + goto free_proc_pages; + } + ++ if (gr_handle_ptrace(task, vm_write ? PTRACE_POKETEXT : PTRACE_ATTACH)) { ++ rc = -EPERM; ++ goto put_task_struct; ++ } ++ + task_lock(task); +- if (__ptrace_may_access(task, PTRACE_MODE_ATTACH)) { ++ if (ptrace_may_access_nolock(task, PTRACE_MODE_ATTACH)) { + task_unlock(task); + rc = -EPERM; + goto put_task_struct; diff --git a/mm/rmap.c b/mm/rmap.c -index 8005080..198c2cd 100644 +index a4fd368..e0ffec7 100644 --- a/mm/rmap.c +++ b/mm/rmap.c @@ -152,6 +152,10 @@ int anon_vma_prepare(struct vm_area_struct *vma) @@ -73853,11 +70450,11 @@ index 8005080..198c2cd 100644 struct anon_vma_chain *avc; struct anon_vma *anon_vma; diff --git a/mm/shmem.c b/mm/shmem.c -index 32f6763..431c405 100644 +index d672250..2b233c1 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -31,7 +31,7 @@ - #include <linux/module.h> + #include <linux/export.h> #include <linux/swap.h> -static struct vfsmount *shm_mnt; @@ -73874,16 +70471,7 @@ index 32f6763..431c405 100644 struct shmem_xattr { struct list_head list; /* anchored by shmem_inode_info->xattr_list */ -@@ -769,6 +769,8 @@ static struct page *shmem_swapin(swp_entry_t swap, gfp_t gfp, - struct mempolicy mpol, *spol; - struct vm_area_struct pvma; - -+ pax_track_stack(); -+ - spol = mpol_cond_copy(&mpol, - mpol_shared_policy_lookup(&info->policy, index)); - -@@ -2149,8 +2151,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent) +@@ -2155,8 +2155,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent) int err = -ENOMEM; /* Round up to L1_CACHE_BYTES to resist false sharing */ @@ -73894,7 +70482,7 @@ index 32f6763..431c405 100644 return -ENOMEM; diff --git a/mm/slab.c b/mm/slab.c -index 893c76d..a742de2 100644 +index 83311c9a..fcf8f86 100644 --- a/mm/slab.c +++ b/mm/slab.c @@ -151,7 +151,7 @@ @@ -73984,7 +70572,7 @@ index 893c76d..a742de2 100644 NULL); } #ifdef CONFIG_ZONE_DMA -@@ -4327,10 +4327,10 @@ static int s_show(struct seq_file *m, void *p) +@@ -4322,10 +4322,10 @@ static int s_show(struct seq_file *m, void *p) } /* cpu stats */ { @@ -73999,21 +70587,12 @@ index 893c76d..a742de2 100644 seq_printf(m, " : cpustat %6lu %6lu %6lu %6lu", allochit, allocmiss, freehit, freemiss); -@@ -4587,15 +4587,70 @@ static const struct file_operations proc_slabstats_operations = { - - static int __init slab_proc_init(void) +@@ -4584,13 +4584,62 @@ static int __init slab_proc_init(void) { -- proc_create("slabinfo",S_IWUSR|S_IRUGO,NULL,&proc_slabinfo_operations); -+ mode_t gr_mode = S_IRUGO; -+ -+#ifdef CONFIG_GRKERNSEC_PROC_ADD -+ gr_mode = S_IRUSR; -+#endif -+ -+ proc_create("slabinfo",S_IWUSR|gr_mode,NULL,&proc_slabinfo_operations); + proc_create("slabinfo",S_IWUSR|S_IRUSR,NULL,&proc_slabinfo_operations); #ifdef CONFIG_DEBUG_SLAB_LEAK - proc_create("slab_allocators", 0, NULL, &proc_slabstats_operations); -+ proc_create("slab_allocators", gr_mode, NULL, &proc_slabstats_operations); ++ proc_create("slab_allocators", S_IRUSR, NULL, &proc_slabstats_operations); #endif return 0; } @@ -74073,7 +70652,7 @@ index 893c76d..a742de2 100644 * ksize - get the actual amount of memory allocated for a given object * @objp: Pointer to the object diff --git a/mm/slob.c b/mm/slob.c -index bf39181..727f7a3 100644 +index 8105be4..579da9d 100644 --- a/mm/slob.c +++ b/mm/slob.c @@ -29,7 +29,7 @@ @@ -74429,7 +71008,7 @@ index bf39181..727f7a3 100644 EXPORT_SYMBOL(kmem_cache_free); diff --git a/mm/slub.c b/mm/slub.c -index f73234d..ce9940d 100644 +index ed3334d..1739c9b 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -208,7 +208,7 @@ struct track { @@ -74441,7 +71020,7 @@ index f73234d..ce9940d 100644 static int sysfs_slab_add(struct kmem_cache *); static int sysfs_slab_alias(struct kmem_cache *, const char *); static void sysfs_slab_remove(struct kmem_cache *); -@@ -556,7 +556,7 @@ static void print_track(const char *s, struct track *t) +@@ -530,7 +530,7 @@ static void print_track(const char *s, struct track *t) if (!t->addr) return; @@ -74450,7 +71029,19 @@ index f73234d..ce9940d 100644 s, (void *)t->addr, jiffies - t->when, t->cpu, t->pid); #ifdef CONFIG_STACKTRACE { -@@ -2461,6 +2461,8 @@ void kmem_cache_free(struct kmem_cache *s, void *x) +@@ -2166,6 +2166,11 @@ redo: + goto new_slab; + } + ++ /* must check again c->freelist in case of cpu migration or IRQ */ ++ object = c->freelist; ++ if (object) ++ goto load_freelist; ++ + stat(s, ALLOC_SLOWPATH); + + do { +@@ -2554,6 +2559,8 @@ void kmem_cache_free(struct kmem_cache *s, void *x) page = virt_to_head_page(x); @@ -74459,7 +71050,7 @@ index f73234d..ce9940d 100644 slab_free(s, page, x, _RET_IP_); trace_kmem_cache_free(_RET_IP_, x); -@@ -2494,7 +2496,7 @@ static int slub_min_objects; +@@ -2587,7 +2594,7 @@ static int slub_min_objects; * Merge control. If this is set then no merging of slab caches will occur. * (Could be removed. This was introduced to pacify the merge skeptics.) */ @@ -74468,16 +71059,16 @@ index f73234d..ce9940d 100644 /* * Calculate the order of allocation given an slab object size. -@@ -2917,7 +2919,7 @@ static int kmem_cache_open(struct kmem_cache *s, - * list to avoid pounding the page allocator excessively. - */ - set_min_partial(s, ilog2(s->size)); +@@ -3037,7 +3044,7 @@ static int kmem_cache_open(struct kmem_cache *s, + else + s->cpu_partial = 30; + - s->refcount = 1; + atomic_set(&s->refcount, 1); #ifdef CONFIG_NUMA s->remote_node_defrag_ratio = 1000; #endif -@@ -3022,8 +3024,7 @@ static inline int kmem_cache_close(struct kmem_cache *s) +@@ -3141,8 +3148,7 @@ static inline int kmem_cache_close(struct kmem_cache *s) void kmem_cache_destroy(struct kmem_cache *s) { down_write(&slub_lock); @@ -74485,9 +71076,9 @@ index f73234d..ce9940d 100644 - if (!s->refcount) { + if (atomic_dec_and_test(&s->refcount)) { list_del(&s->list); + up_write(&slub_lock); if (kmem_cache_close(s)) { - printk(KERN_ERR "SLUB %s: %s called for cache that " -@@ -3233,6 +3234,50 @@ void *__kmalloc_node(size_t size, gfp_t flags, int node) +@@ -3353,6 +3359,50 @@ void *__kmalloc_node(size_t size, gfp_t flags, int node) EXPORT_SYMBOL(__kmalloc_node); #endif @@ -74538,7 +71129,7 @@ index f73234d..ce9940d 100644 size_t ksize(const void *object) { struct page *page; -@@ -3507,7 +3552,7 @@ static void __init kmem_cache_bootstrap_fixup(struct kmem_cache *s) +@@ -3627,7 +3677,7 @@ static void __init kmem_cache_bootstrap_fixup(struct kmem_cache *s) int node; list_add(&s->list, &slab_caches); @@ -74547,7 +71138,7 @@ index f73234d..ce9940d 100644 for_each_node_state(node, N_NORMAL_MEMORY) { struct kmem_cache_node *n = get_node(s, node); -@@ -3624,17 +3669,17 @@ void __init kmem_cache_init(void) +@@ -3744,17 +3794,17 @@ void __init kmem_cache_init(void) /* Caches that are not of the two-to-the-power-of size */ if (KMALLOC_MIN_SIZE <= 32) { @@ -74568,7 +71159,7 @@ index f73234d..ce9940d 100644 caches++; } -@@ -3702,7 +3747,7 @@ static int slab_unmergeable(struct kmem_cache *s) +@@ -3822,7 +3872,7 @@ static int slab_unmergeable(struct kmem_cache *s) /* * We may have set a slab to be unmergeable during bootstrap. */ @@ -74577,7 +71168,7 @@ index f73234d..ce9940d 100644 return 1; return 0; -@@ -3761,7 +3806,7 @@ struct kmem_cache *kmem_cache_create(const char *name, size_t size, +@@ -3881,7 +3931,7 @@ struct kmem_cache *kmem_cache_create(const char *name, size_t size, down_write(&slub_lock); s = find_mergeable(size, align, flags, name, ctor); if (s) { @@ -74586,7 +71177,7 @@ index f73234d..ce9940d 100644 /* * Adjust the object sizes so that we clear * the complete object on kzalloc. -@@ -3770,7 +3815,7 @@ struct kmem_cache *kmem_cache_create(const char *name, size_t size, +@@ -3890,7 +3940,7 @@ struct kmem_cache *kmem_cache_create(const char *name, size_t size, s->inuse = max_t(int, s->inuse, ALIGN(size, sizeof(void *))); if (sysfs_slab_alias(s, name)) { @@ -74595,7 +71186,7 @@ index f73234d..ce9940d 100644 goto err; } up_write(&slub_lock); -@@ -3898,7 +3943,7 @@ void *__kmalloc_node_track_caller(size_t size, gfp_t gfpflags, +@@ -4018,7 +4068,7 @@ void *__kmalloc_node_track_caller(size_t size, gfp_t gfpflags, } #endif @@ -74604,7 +71195,7 @@ index f73234d..ce9940d 100644 static int count_inuse(struct page *page) { return page->inuse; -@@ -4285,12 +4330,12 @@ static void resiliency_test(void) +@@ -4405,12 +4455,12 @@ static void resiliency_test(void) validate_slab_cache(kmalloc_caches[9]); } #else @@ -74619,7 +71210,7 @@ index f73234d..ce9940d 100644 enum slab_stat_type { SL_ALL, /* All slabs */ SL_PARTIAL, /* Only partially allocated slabs */ -@@ -4500,7 +4545,7 @@ SLAB_ATTR_RO(ctor); +@@ -4651,7 +4701,7 @@ SLAB_ATTR_RO(ctor); static ssize_t aliases_show(struct kmem_cache *s, char *buf) { @@ -74628,7 +71219,7 @@ index f73234d..ce9940d 100644 } SLAB_ATTR_RO(aliases); -@@ -5030,6 +5075,7 @@ static char *create_unique_id(struct kmem_cache *s) +@@ -5218,6 +5268,7 @@ static char *create_unique_id(struct kmem_cache *s) return name; } @@ -74636,7 +71227,7 @@ index f73234d..ce9940d 100644 static int sysfs_slab_add(struct kmem_cache *s) { int err; -@@ -5092,6 +5138,7 @@ static void sysfs_slab_remove(struct kmem_cache *s) +@@ -5280,6 +5331,7 @@ static void sysfs_slab_remove(struct kmem_cache *s) kobject_del(&s->kobj); kobject_put(&s->kobj); } @@ -74644,7 +71235,7 @@ index f73234d..ce9940d 100644 /* * Need to buffer aliases during bootup until sysfs becomes -@@ -5105,6 +5152,7 @@ struct saved_alias { +@@ -5293,6 +5345,7 @@ struct saved_alias { static struct saved_alias *alias_list; @@ -74652,7 +71243,7 @@ index f73234d..ce9940d 100644 static int sysfs_slab_alias(struct kmem_cache *s, const char *name) { struct saved_alias *al; -@@ -5127,6 +5175,7 @@ static int sysfs_slab_alias(struct kmem_cache *s, const char *name) +@@ -5315,6 +5368,7 @@ static int sysfs_slab_alias(struct kmem_cache *s, const char *name) alias_list = al; return 0; } @@ -74660,23 +71251,8 @@ index f73234d..ce9940d 100644 static int __init slab_sysfs_init(void) { -@@ -5262,7 +5311,13 @@ static const struct file_operations proc_slabinfo_operations = { - - static int __init slab_proc_init(void) - { -- proc_create("slabinfo", S_IRUGO, NULL, &proc_slabinfo_operations); -+ mode_t gr_mode = S_IRUGO; -+ -+#ifdef CONFIG_GRKERNSEC_PROC_ADD -+ gr_mode = S_IRUSR; -+#endif -+ -+ proc_create("slabinfo", gr_mode, NULL, &proc_slabinfo_operations); - return 0; - } - module_init(slab_proc_init); diff --git a/mm/swap.c b/mm/swap.c -index 87627f1..8a9eb34 100644 +index a91caf7..b887e735 100644 --- a/mm/swap.c +++ b/mm/swap.c @@ -31,6 +31,7 @@ @@ -74697,10 +71273,10 @@ index 87627f1..8a9eb34 100644 } diff --git a/mm/swapfile.c b/mm/swapfile.c -index 17bc224..1677059 100644 +index b1cd120..aaae885 100644 --- a/mm/swapfile.c +++ b/mm/swapfile.c -@@ -62,7 +62,7 @@ static DEFINE_MUTEX(swapon_mutex); +@@ -61,7 +61,7 @@ static DEFINE_MUTEX(swapon_mutex); static DECLARE_WAIT_QUEUE_HEAD(proc_poll_wait); /* Activity counter to indicate that a swapon or swapoff has occurred */ @@ -74709,7 +71285,7 @@ index 17bc224..1677059 100644 static inline unsigned char swap_count(unsigned char ent) { -@@ -1671,7 +1671,7 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile) +@@ -1670,7 +1670,7 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile) } filp_close(swap_file, NULL); err = 0; @@ -74718,7 +71294,7 @@ index 17bc224..1677059 100644 wake_up_interruptible(&proc_poll_wait); out_dput: -@@ -1687,8 +1687,8 @@ static unsigned swaps_poll(struct file *file, poll_table *wait) +@@ -1686,8 +1686,8 @@ static unsigned swaps_poll(struct file *file, poll_table *wait) poll_wait(file, &proc_poll_wait, wait); @@ -74729,7 +71305,7 @@ index 17bc224..1677059 100644 return POLLIN | POLLRDNORM | POLLERR | POLLPRI; } -@@ -1786,7 +1786,7 @@ static int swaps_open(struct inode *inode, struct file *file) +@@ -1785,7 +1785,7 @@ static int swaps_open(struct inode *inode, struct file *file) return ret; seq = file->private_data; @@ -74738,7 +71314,7 @@ index 17bc224..1677059 100644 return 0; } -@@ -2124,7 +2124,7 @@ SYSCALL_DEFINE2(swapon, const char __user *, specialfile, int, swap_flags) +@@ -2123,7 +2123,7 @@ SYSCALL_DEFINE2(swapon, const char __user *, specialfile, int, swap_flags) (p->flags & SWP_DISCARDABLE) ? "D" : ""); mutex_unlock(&swapon_mutex); @@ -74748,7 +71324,7 @@ index 17bc224..1677059 100644 if (S_ISREG(inode->i_mode)) diff --git a/mm/util.c b/mm/util.c -index 88ea1bd..0f1dfdb 100644 +index 136ac4f..5117eef 100644 --- a/mm/util.c +++ b/mm/util.c @@ -114,6 +114,7 @@ EXPORT_SYMBOL(memdup_user); @@ -74781,7 +71357,7 @@ index 88ea1bd..0f1dfdb 100644 mm->unmap_area = arch_unmap_area; } diff --git a/mm/vmalloc.c b/mm/vmalloc.c -index 3a65d6f7..39d5e33 100644 +index 27be2f0..0aef2c2 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -39,8 +39,19 @@ static void vunmap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end) @@ -74887,12 +71463,7 @@ index 3a65d6f7..39d5e33 100644 if (!pmd_none(*pmd)) { pte_t *ptep, pte; -@@ -1290,10 +1330,20 @@ static struct vm_struct *__get_vm_area_node(unsigned long size, - unsigned long align, unsigned long flags, unsigned long start, - unsigned long end, int node, gfp_t gfp_mask, void *caller) - { -- static struct vmap_area *va; -+ struct vmap_area *va; +@@ -1294,6 +1334,16 @@ static struct vm_struct *__get_vm_area_node(unsigned long size, struct vm_struct *area; BUG_ON(in_interrupt()); @@ -74923,7 +71494,7 @@ index 3a65d6f7..39d5e33 100644 if (!area) @@ -1627,6 +1682,13 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align, if (!size || (size >> PAGE_SHIFT) > totalram_pages) - return NULL; + goto fail; +#if defined(CONFIG_MODULES) && defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC) + if (!(pgprot_val(prot) & _PAGE_NX)) @@ -74934,8 +71505,8 @@ index 3a65d6f7..39d5e33 100644 + area = __get_vm_area_node(size, align, VM_ALLOC | VM_UNLIST, start, end, node, gfp_mask, caller); - -@@ -1674,6 +1736,7 @@ static void *__vmalloc_node(unsigned long size, unsigned long align, + if (!area) +@@ -1679,6 +1741,7 @@ static void *__vmalloc_node(unsigned long size, unsigned long align, gfp_mask, prot, node, caller); } @@ -74943,7 +71514,7 @@ index 3a65d6f7..39d5e33 100644 void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t prot) { return __vmalloc_node(size, 1, gfp_mask, prot, -1, -@@ -1697,6 +1760,7 @@ static inline void *__vmalloc_node_flags(unsigned long size, +@@ -1702,6 +1765,7 @@ static inline void *__vmalloc_node_flags(unsigned long size, * For tight control over page level allocator and protection flags * use __vmalloc() instead. */ @@ -74951,7 +71522,7 @@ index 3a65d6f7..39d5e33 100644 void *vmalloc(unsigned long size) { return __vmalloc_node_flags(size, -1, GFP_KERNEL | __GFP_HIGHMEM); -@@ -1713,6 +1777,7 @@ EXPORT_SYMBOL(vmalloc); +@@ -1718,6 +1782,7 @@ EXPORT_SYMBOL(vmalloc); * For tight control over page level allocator and protection flags * use __vmalloc() instead. */ @@ -74959,7 +71530,7 @@ index 3a65d6f7..39d5e33 100644 void *vzalloc(unsigned long size) { return __vmalloc_node_flags(size, -1, -@@ -1727,6 +1792,7 @@ EXPORT_SYMBOL(vzalloc); +@@ -1732,6 +1797,7 @@ EXPORT_SYMBOL(vzalloc); * The resulting memory area is zeroed so it can be mapped to userspace * without leaking data. */ @@ -74967,7 +71538,7 @@ index 3a65d6f7..39d5e33 100644 void *vmalloc_user(unsigned long size) { struct vm_struct *area; -@@ -1754,6 +1820,7 @@ EXPORT_SYMBOL(vmalloc_user); +@@ -1759,6 +1825,7 @@ EXPORT_SYMBOL(vmalloc_user); * For tight control over page level allocator and protection flags * use __vmalloc() instead. */ @@ -74975,7 +71546,7 @@ index 3a65d6f7..39d5e33 100644 void *vmalloc_node(unsigned long size, int node) { return __vmalloc_node(size, 1, GFP_KERNEL | __GFP_HIGHMEM, PAGE_KERNEL, -@@ -1773,6 +1840,7 @@ EXPORT_SYMBOL(vmalloc_node); +@@ -1778,6 +1845,7 @@ EXPORT_SYMBOL(vmalloc_node); * For tight control over page level allocator and protection flags * use __vmalloc_node() instead. */ @@ -74983,7 +71554,7 @@ index 3a65d6f7..39d5e33 100644 void *vzalloc_node(unsigned long size, int node) { return __vmalloc_node_flags(size, node, -@@ -1795,10 +1863,10 @@ EXPORT_SYMBOL(vzalloc_node); +@@ -1800,10 +1868,10 @@ EXPORT_SYMBOL(vzalloc_node); * For tight control over page level allocator and protection flags * use __vmalloc() instead. */ @@ -74996,7 +71567,7 @@ index 3a65d6f7..39d5e33 100644 -1, __builtin_return_address(0)); } -@@ -1817,6 +1885,7 @@ void *vmalloc_exec(unsigned long size) +@@ -1822,6 +1890,7 @@ void *vmalloc_exec(unsigned long size) * Allocate enough 32bit PA addressable pages to cover @size from the * page level allocator and map them into contiguous kernel virtual space. */ @@ -75004,7 +71575,7 @@ index 3a65d6f7..39d5e33 100644 void *vmalloc_32(unsigned long size) { return __vmalloc_node(size, 1, GFP_VMALLOC32, PAGE_KERNEL, -@@ -1831,6 +1900,7 @@ EXPORT_SYMBOL(vmalloc_32); +@@ -1836,6 +1905,7 @@ EXPORT_SYMBOL(vmalloc_32); * The resulting memory area is 32bit addressable and zeroed so it can be * mapped to userspace without leaking data. */ @@ -75012,7 +71583,7 @@ index 3a65d6f7..39d5e33 100644 void *vmalloc_32_user(unsigned long size) { struct vm_struct *area; -@@ -2093,6 +2163,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr, +@@ -2098,6 +2168,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr, unsigned long uaddr = vma->vm_start; unsigned long usize = vma->vm_end - vma->vm_start; @@ -75022,15 +71593,15 @@ index 3a65d6f7..39d5e33 100644 return -EINVAL; diff --git a/mm/vmstat.c b/mm/vmstat.c -index d52b13d..381d1ac 100644 +index 8fd603b..cf0d930 100644 --- a/mm/vmstat.c +++ b/mm/vmstat.c @@ -78,7 +78,7 @@ void vm_events_fold_cpu(int cpu) * * vm_stat contains the global counters */ --atomic_long_t vm_stat[NR_VM_ZONE_STAT_ITEMS]; -+atomic_long_unchecked_t vm_stat[NR_VM_ZONE_STAT_ITEMS]; +-atomic_long_t vm_stat[NR_VM_ZONE_STAT_ITEMS] __cacheline_aligned_in_smp; ++atomic_long_unchecked_t vm_stat[NR_VM_ZONE_STAT_ITEMS] __cacheline_aligned_in_smp; EXPORT_SYMBOL(vm_stat); #ifdef CONFIG_SMP @@ -75052,7 +71623,7 @@ index d52b13d..381d1ac 100644 } #endif -@@ -1207,10 +1207,20 @@ static int __init setup_vmstat(void) +@@ -1208,10 +1208,20 @@ static int __init setup_vmstat(void) start_cpu_timer(cpu); #endif #ifdef CONFIG_PROC_FS @@ -75078,7 +71649,7 @@ index d52b13d..381d1ac 100644 return 0; } diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c -index 8970ba1..e3361fe 100644 +index 5471628..cef8398 100644 --- a/net/8021q/vlan.c +++ b/net/8021q/vlan.c @@ -588,8 +588,7 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg) @@ -75104,28 +71675,6 @@ index fdfdb57..38d368c 100644 set_fs(oldfs); if (ret <= 0 && ret != -ERESTARTSYS && ret != -EAGAIN) -diff --git a/net/9p/trans_virtio.c b/net/9p/trans_virtio.c -index e317583..3c8aeaf 100644 ---- a/net/9p/trans_virtio.c -+++ b/net/9p/trans_virtio.c -@@ -327,7 +327,7 @@ req_retry_pinned: - } else { - char *pbuf; - if (req->tc->pubuf) -- pbuf = (__force char *) req->tc->pubuf; -+ pbuf = (char __force_kernel *) req->tc->pubuf; - else - pbuf = req->tc->pkbuf; - outp = pack_sg_list(chan->sg, out, VIRTQUEUE_NUM, pbuf, -@@ -357,7 +357,7 @@ req_retry_pinned: - } else { - char *pbuf; - if (req->tc->pubuf) -- pbuf = (__force char *) req->tc->pubuf; -+ pbuf = (char __force_kernel *) req->tc->pubuf; - else - pbuf = req->tc->pkbuf; - diff --git a/net/atm/atm_misc.c b/net/atm/atm_misc.c index f41f026..fe76ea8 100644 --- a/net/atm/atm_misc.c @@ -75192,19 +71741,6 @@ index 0919a88..a23d54e 100644 }; -diff --git a/net/atm/mpoa_caches.c b/net/atm/mpoa_caches.c -index d1b2d9a..7cc2219 100644 ---- a/net/atm/mpoa_caches.c -+++ b/net/atm/mpoa_caches.c -@@ -255,6 +255,8 @@ static void check_resolving_entries(struct mpoa_client *client) - struct timeval now; - struct k_message msg; - -+ pax_track_stack(); -+ - do_gettimeofday(&now); - - read_lock_bh(&client->ingress_lock); diff --git a/net/atm/proc.c b/net/atm/proc.c index 0d020de..011c7bb 100644 --- a/net/atm/proc.c @@ -75244,11 +71780,42 @@ index 23f45ce..c748f1a 100644 __AAL_STAT_ITEMS #undef __HANDLE_ITEM } +diff --git a/net/batman-adv/bat_iv_ogm.c b/net/batman-adv/bat_iv_ogm.c +index 3512e25..2b33401 100644 +--- a/net/batman-adv/bat_iv_ogm.c ++++ b/net/batman-adv/bat_iv_ogm.c +@@ -541,7 +541,7 @@ void bat_ogm_schedule(struct hard_iface *hard_iface, int tt_num_changes) + + /* change sequence number to network order */ + batman_ogm_packet->seqno = +- htonl((uint32_t)atomic_read(&hard_iface->seqno)); ++ htonl((uint32_t)atomic_read_unchecked(&hard_iface->seqno)); + + batman_ogm_packet->ttvn = atomic_read(&bat_priv->ttvn); + batman_ogm_packet->tt_crc = htons((uint16_t) +@@ -561,7 +561,7 @@ void bat_ogm_schedule(struct hard_iface *hard_iface, int tt_num_changes) + else + batman_ogm_packet->gw_flags = NO_FLAGS; + +- atomic_inc(&hard_iface->seqno); ++ atomic_inc_unchecked(&hard_iface->seqno); + + slide_own_bcast_window(hard_iface); + bat_ogm_queue_add(bat_priv, hard_iface->packet_buff, +@@ -922,7 +922,7 @@ static void bat_ogm_process(const struct ethhdr *ethhdr, + return; + + /* could be changed by schedule_own_packet() */ +- if_incoming_seqno = atomic_read(&if_incoming->seqno); ++ if_incoming_seqno = atomic_read_unchecked(&if_incoming->seqno); + + has_directlink_flag = (batman_ogm_packet->flags & DIRECTLINK ? 1 : 0); + diff --git a/net/batman-adv/hard-interface.c b/net/batman-adv/hard-interface.c -index db7aacf..991e539 100644 +index 7704df4..beb4e16 100644 --- a/net/batman-adv/hard-interface.c +++ b/net/batman-adv/hard-interface.c -@@ -347,8 +347,8 @@ int hardif_enable_interface(struct hard_iface *hard_iface, +@@ -326,8 +326,8 @@ int hardif_enable_interface(struct hard_iface *hard_iface, hard_iface->batman_adv_ptype.dev = hard_iface->net_dev; dev_add_pack(&hard_iface->batman_adv_ptype); @@ -75259,46 +71826,11 @@ index db7aacf..991e539 100644 bat_info(hard_iface->soft_iface, "Adding interface: %s\n", hard_iface->net_dev->name); -diff --git a/net/batman-adv/routing.c b/net/batman-adv/routing.c -index 0f32c81..82d1895 100644 ---- a/net/batman-adv/routing.c -+++ b/net/batman-adv/routing.c -@@ -656,7 +656,7 @@ void receive_bat_packet(const struct ethhdr *ethhdr, - return; - - /* could be changed by schedule_own_packet() */ -- if_incoming_seqno = atomic_read(&if_incoming->seqno); -+ if_incoming_seqno = atomic_read_unchecked(&if_incoming->seqno); - - has_directlink_flag = (batman_packet->flags & DIRECTLINK ? 1 : 0); - -diff --git a/net/batman-adv/send.c b/net/batman-adv/send.c -index 58d1447..2a66c8c 100644 ---- a/net/batman-adv/send.c -+++ b/net/batman-adv/send.c -@@ -326,7 +326,7 @@ void schedule_own_packet(struct hard_iface *hard_iface) - - /* change sequence number to network order */ - batman_packet->seqno = -- htonl((uint32_t)atomic_read(&hard_iface->seqno)); -+ htonl((uint32_t)atomic_read_unchecked(&hard_iface->seqno)); - - batman_packet->ttvn = atomic_read(&bat_priv->ttvn); - batman_packet->tt_crc = htons((uint16_t)atomic_read(&bat_priv->tt_crc)); -@@ -343,7 +343,7 @@ void schedule_own_packet(struct hard_iface *hard_iface) - else - batman_packet->gw_flags = NO_FLAGS; - -- atomic_inc(&hard_iface->seqno); -+ atomic_inc_unchecked(&hard_iface->seqno); - - slide_own_bcast_window(hard_iface); - send_time = own_send_time(bat_priv); diff --git a/net/batman-adv/soft-interface.c b/net/batman-adv/soft-interface.c -index 05dd351..2ecd19b 100644 +index f9cc957..efd9dae 100644 --- a/net/batman-adv/soft-interface.c +++ b/net/batman-adv/soft-interface.c -@@ -632,7 +632,7 @@ static int interface_tx(struct sk_buff *skb, struct net_device *soft_iface) +@@ -634,7 +634,7 @@ static int interface_tx(struct sk_buff *skb, struct net_device *soft_iface) /* set broadcast sequence number */ bcast_packet->seqno = @@ -75307,7 +71839,7 @@ index 05dd351..2ecd19b 100644 add_bcast_packet_to_list(bat_priv, skb, 1); -@@ -824,7 +824,7 @@ struct net_device *softif_create(const char *name) +@@ -828,7 +828,7 @@ struct net_device *softif_create(const char *name) atomic_set(&bat_priv->batman_queue_left, BATMAN_QUEUE_LEN); atomic_set(&bat_priv->mesh_state, MESH_INACTIVE); @@ -75317,7 +71849,7 @@ index 05dd351..2ecd19b 100644 atomic_set(&bat_priv->tt_local_changes, 0); atomic_set(&bat_priv->tt_ogm_append_cnt, 0); diff --git a/net/batman-adv/types.h b/net/batman-adv/types.h -index 51a0db7..b8a62be 100644 +index ab8d0fe..ceba3fd 100644 --- a/net/batman-adv/types.h +++ b/net/batman-adv/types.h @@ -38,8 +38,8 @@ struct hard_iface { @@ -75331,7 +71863,7 @@ index 51a0db7..b8a62be 100644 unsigned char *packet_buff; int packet_len; struct kobject *hardif_obj; -@@ -153,7 +153,7 @@ struct bat_priv { +@@ -154,7 +154,7 @@ struct bat_priv { atomic_t orig_interval; /* uint */ atomic_t hop_penalty; /* uint */ atomic_t log_level; /* uint */ @@ -75339,9 +71871,9 @@ index 51a0db7..b8a62be 100644 + atomic_unchecked_t bcast_seqno; atomic_t bcast_queue_left; atomic_t batman_queue_left; - atomic_t ttvn; /* tranlation table version number */ + atomic_t ttvn; /* translation table version number */ diff --git a/net/batman-adv/unicast.c b/net/batman-adv/unicast.c -index 32b125f..f1447e0 100644 +index 07d1c1d..7e9bea9 100644 --- a/net/batman-adv/unicast.c +++ b/net/batman-adv/unicast.c @@ -264,7 +264,7 @@ int frag_send_skb(struct sk_buff *skb, struct bat_priv *bat_priv, @@ -75354,18 +71886,9 @@ index 32b125f..f1447e0 100644 frag2->seqno = htons(seqno); diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c -index ea7f031..0615edc 100644 +index c1c597e..05ebb40 100644 --- a/net/bluetooth/hci_conn.c +++ b/net/bluetooth/hci_conn.c -@@ -218,7 +218,7 @@ void hci_le_start_enc(struct hci_conn *conn, __le16 ediv, __u8 rand[8], - cp.handle = cpu_to_le16(conn->handle); - memcpy(cp.ltk, ltk, sizeof(cp.ltk)); - cp.ediv = ediv; -- memcpy(cp.rand, rand, sizeof(rand)); -+ memcpy(cp.rand, rand, sizeof(cp.rand)); - - hci_send_cmd(hdev, HCI_OP_LE_START_ENC, sizeof(cp), &cp); - } @@ -234,7 +234,7 @@ void hci_le_ltk_reply(struct hci_conn *conn, u8 ltk[16]) memset(&cp, 0, sizeof(cp)); @@ -75376,19 +71899,10 @@ index ea7f031..0615edc 100644 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp); } diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c -index b3bdb48..7ad90ac 100644 +index 17b5b1c..826d872 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c -@@ -2145,7 +2145,7 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, voi - void *ptr = req->data; - int type, olen; - unsigned long val; -- struct l2cap_conf_rfc rfc; -+ struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC }; - - BT_DBG("chan %p, rsp %p, len %d, req %p", chan, rsp, len, data); - -@@ -2169,8 +2169,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, voi +@@ -2176,8 +2176,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, voi break; case L2CAP_CONF_RFC: @@ -75401,7 +71915,7 @@ index b3bdb48..7ad90ac 100644 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) && rfc.mode != chan->mode) -@@ -2258,12 +2260,24 @@ static void l2cap_conf_rfc_get(struct l2cap_chan *chan, void *rsp, int len) +@@ -2265,8 +2267,10 @@ static void l2cap_conf_rfc_get(struct l2cap_chan *chan, void *rsp, int len) switch (type) { case L2CAP_CONF_RFC: @@ -75414,22 +71928,8 @@ index b3bdb48..7ad90ac 100644 goto done; } } - -+ /* Use sane default values in case a misbehaving remote device -+ * did not send an RFC option. -+ */ -+ rfc.mode = chan->mode; -+ rfc.retrans_timeout = cpu_to_le16(L2CAP_DEFAULT_RETRANS_TO); -+ rfc.monitor_timeout = cpu_to_le16(L2CAP_DEFAULT_MONITOR_TO); -+ rfc.max_pdu_size = cpu_to_le16(chan->imtu); -+ -+ BT_ERR("Expected RFC option was not found, using defaults"); -+ - done: - switch (rfc.mode) { - case L2CAP_MODE_ERTM: diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c -index e79ff75..215b57d 100644 +index a5f4e57..910ee6d 100644 --- a/net/bridge/br_multicast.c +++ b/net/bridge/br_multicast.c @@ -1485,7 +1485,7 @@ static int br_multicast_ipv6_rcv(struct net_bridge *br, @@ -75442,7 +71942,7 @@ index e79ff75..215b57d 100644 /* Okay, we found ICMPv6 header */ diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c -index 5864cc4..94cab18 100644 +index 5864cc4..121f3a3 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c @@ -1513,7 +1513,7 @@ static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) @@ -75454,15 +71954,6 @@ index 5864cc4..94cab18 100644 BUGPRINT("c2u Didn't work\n"); ret = -EFAULT; break; -@@ -1781,6 +1781,8 @@ static int compat_copy_everything_to_user(struct ebt_table *t, - int ret; - void __user *pos; - -+ pax_track_stack(); -+ - memset(&tinfo, 0, sizeof(tinfo)); - - if (cmd == EBT_SO_GET_ENTRIES) { diff --git a/net/caif/caif_socket.c b/net/caif/caif_socket.c index a986280..13444a1 100644 --- a/net/caif/caif_socket.c @@ -75597,7 +72088,7 @@ index a986280..13444a1 100644 if (!IS_ERR(debugfsdir)) { diff --git a/net/caif/cfctrl.c b/net/caif/cfctrl.c -index e22671b..6598ea0 100644 +index 5cf5222..6f704ad 100644 --- a/net/caif/cfctrl.c +++ b/net/caif/cfctrl.c @@ -9,6 +9,7 @@ @@ -75608,9 +72099,9 @@ index e22671b..6598ea0 100644 #include <net/caif/caif_layer.h> #include <net/caif/cfpkt.h> #include <net/caif/cfctrl.h> -@@ -45,8 +46,8 @@ struct cflayer *cfctrl_create(void) +@@ -42,8 +43,8 @@ struct cflayer *cfctrl_create(void) + memset(&dev_info, 0, sizeof(dev_info)); dev_info.id = 0xff; - memset(this, 0, sizeof(*this)); cfsrvl_init(&this->serv, 0, &dev_info, false); - atomic_set(&this->req_seq_no, 1); - atomic_set(&this->rsp_seq_no, 1); @@ -75619,7 +72110,7 @@ index e22671b..6598ea0 100644 this->serv.layer.receive = cfctrl_recv; sprintf(this->serv.layer.name, "ctrl"); this->serv.layer.ctrlcmd = cfctrl_ctrlcmd; -@@ -132,8 +133,8 @@ static void cfctrl_insert_req(struct cfctrl *ctrl, +@@ -129,8 +130,8 @@ static void cfctrl_insert_req(struct cfctrl *ctrl, struct cfctrl_request_info *req) { spin_lock_bh(&ctrl->info_list_lock); @@ -75630,7 +72121,7 @@ index e22671b..6598ea0 100644 list_add_tail(&req->list, &ctrl->list); spin_unlock_bh(&ctrl->info_list_lock); } -@@ -151,7 +152,7 @@ static struct cfctrl_request_info *cfctrl_remove_req(struct cfctrl *ctrl, +@@ -148,7 +149,7 @@ static struct cfctrl_request_info *cfctrl_remove_req(struct cfctrl *ctrl, if (p != first) pr_warn("Requests are not received in order\n"); @@ -75639,19 +72130,24 @@ index e22671b..6598ea0 100644 p->sequence_no); list_del(&p->list); goto out; -@@ -364,6 +365,7 @@ static int cfctrl_recv(struct cflayer *layer, struct cfpkt *pkt) - struct cfctrl *cfctrl = container_obj(layer); - struct cfctrl_request_info rsp, *req; +diff --git a/net/can/gw.c b/net/can/gw.c +index 3d79b12..8de85fa 100644 +--- a/net/can/gw.c ++++ b/net/can/gw.c +@@ -96,7 +96,7 @@ struct cf_mod { + struct { + void (*xor)(struct can_frame *cf, struct cgw_csum_xor *xor); + void (*crc8)(struct can_frame *cf, struct cgw_csum_crc8 *crc8); +- } csumfunc; ++ } __no_const csumfunc; + }; -+ pax_track_stack(); - cfpkt_extr_head(pkt, &cmdrsp, 1); - cmd = cmdrsp & CFCTRL_CMD_MASK; diff --git a/net/compat.c b/net/compat.c -index c578d93..257fab7 100644 +index 6def90e..c6992fa 100644 --- a/net/compat.c +++ b/net/compat.c -@@ -70,9 +70,9 @@ int get_compat_msghdr(struct msghdr *kmsg, struct compat_msghdr __user *umsg) +@@ -71,9 +71,9 @@ int get_compat_msghdr(struct msghdr *kmsg, struct compat_msghdr __user *umsg) __get_user(kmsg->msg_controllen, &umsg->msg_controllen) || __get_user(kmsg->msg_flags, &umsg->msg_flags)) return -EFAULT; @@ -75664,7 +72160,7 @@ index c578d93..257fab7 100644 return 0; } -@@ -84,7 +84,7 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov, +@@ -85,7 +85,7 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov, if (kern_msg->msg_namelen) { if (mode == VERIFY_READ) { @@ -75673,7 +72169,7 @@ index c578d93..257fab7 100644 kern_msg->msg_namelen, kern_address); if (err < 0) -@@ -95,7 +95,7 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov, +@@ -96,7 +96,7 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov, kern_msg->msg_name = NULL; tot_len = iov_from_user_compat_to_kern(kern_iov, @@ -75682,7 +72178,7 @@ index c578d93..257fab7 100644 kern_msg->msg_iovlen); if (tot_len >= 0) kern_msg->msg_iov = kern_iov; -@@ -115,20 +115,20 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov, +@@ -116,20 +116,20 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov, #define CMSG_COMPAT_FIRSTHDR(msg) \ (((msg)->msg_controllen) >= sizeof(struct compat_cmsghdr) ? \ @@ -75706,7 +72202,7 @@ index c578d93..257fab7 100644 msg->msg_controllen) return NULL; return (struct compat_cmsghdr __user *)ptr; -@@ -220,7 +220,7 @@ int put_cmsg_compat(struct msghdr *kmsg, int level, int type, int len, void *dat +@@ -221,7 +221,7 @@ int put_cmsg_compat(struct msghdr *kmsg, int level, int type, int len, void *dat { struct compat_timeval ctv; struct compat_timespec cts[3]; @@ -75715,7 +72211,7 @@ index c578d93..257fab7 100644 struct compat_cmsghdr cmhdr; int cmlen; -@@ -272,7 +272,7 @@ int put_cmsg_compat(struct msghdr *kmsg, int level, int type, int len, void *dat +@@ -273,7 +273,7 @@ int put_cmsg_compat(struct msghdr *kmsg, int level, int type, int len, void *dat void scm_detach_fds_compat(struct msghdr *kmsg, struct scm_cookie *scm) { @@ -75724,7 +72220,7 @@ index c578d93..257fab7 100644 int fdmax = (kmsg->msg_controllen - sizeof(struct compat_cmsghdr)) / sizeof(int); int fdnum = scm->fp->count; struct file **fp = scm->fp->fp; -@@ -369,7 +369,7 @@ static int do_set_sock_timeout(struct socket *sock, int level, +@@ -370,7 +370,7 @@ static int do_set_sock_timeout(struct socket *sock, int level, return -EFAULT; old_fs = get_fs(); set_fs(KERNEL_DS); @@ -75733,7 +72229,7 @@ index c578d93..257fab7 100644 set_fs(old_fs); return err; -@@ -430,7 +430,7 @@ static int do_get_sock_timeout(struct socket *sock, int level, int optname, +@@ -431,7 +431,7 @@ static int do_get_sock_timeout(struct socket *sock, int level, int optname, len = sizeof(ktime); old_fs = get_fs(); set_fs(KERNEL_DS); @@ -75742,7 +72238,7 @@ index c578d93..257fab7 100644 set_fs(old_fs); if (!err) { -@@ -565,7 +565,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname, +@@ -566,7 +566,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname, case MCAST_JOIN_GROUP: case MCAST_LEAVE_GROUP: { @@ -75751,7 +72247,7 @@ index c578d93..257fab7 100644 struct group_req __user *kgr = compat_alloc_user_space(sizeof(struct group_req)); u32 interface; -@@ -586,7 +586,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname, +@@ -587,7 +587,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname, case MCAST_BLOCK_SOURCE: case MCAST_UNBLOCK_SOURCE: { @@ -75760,7 +72256,7 @@ index c578d93..257fab7 100644 struct group_source_req __user *kgsr = compat_alloc_user_space( sizeof(struct group_source_req)); u32 interface; -@@ -607,7 +607,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname, +@@ -608,7 +608,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname, } case MCAST_MSFILTER: { @@ -75769,7 +72265,7 @@ index c578d93..257fab7 100644 struct group_filter __user *kgf; u32 interface, fmode, numsrc; -@@ -645,7 +645,7 @@ int compat_mc_getsockopt(struct sock *sock, int level, int optname, +@@ -646,7 +646,7 @@ int compat_mc_getsockopt(struct sock *sock, int level, int optname, char __user *optval, int __user *optlen, int (*getsockopt)(struct sock *, int, int, char __user *, int __user *)) { @@ -75779,7 +72275,7 @@ index c578d93..257fab7 100644 int __user *koptlen; u32 interface, fmode, numsrc; diff --git a/net/core/datagram.c b/net/core/datagram.c -index 18ac112..fe95ed9 100644 +index 68bbf9f..5ef0d12 100644 --- a/net/core/datagram.c +++ b/net/core/datagram.c @@ -285,7 +285,7 @@ int skb_kill_datagram(struct sock *sk, struct sk_buff *skb, unsigned int flags) @@ -75792,10 +72288,10 @@ index 18ac112..fe95ed9 100644 return err; diff --git a/net/core/dev.c b/net/core/dev.c -index ae5cf2d..2c950a1 100644 +index 5a13edf..1bc016b 100644 --- a/net/core/dev.c +++ b/net/core/dev.c -@@ -1135,10 +1135,14 @@ void dev_load(struct net *net, const char *name) +@@ -1139,10 +1139,14 @@ void dev_load(struct net *net, const char *name) if (no_module && capable(CAP_NET_ADMIN)) no_module = request_module("netdev-%s", name); if (no_module && capable(CAP_SYS_MODULE)) { @@ -75810,7 +72306,7 @@ index ae5cf2d..2c950a1 100644 } } EXPORT_SYMBOL(dev_load); -@@ -1977,7 +1981,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb) +@@ -2036,7 +2040,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb) struct dev_gso_cb { void (*destructor)(struct sk_buff *skb); @@ -75819,7 +72315,7 @@ index ae5cf2d..2c950a1 100644 #define DEV_GSO_CB(skb) ((struct dev_gso_cb *)(skb)->cb) -@@ -2930,7 +2934,7 @@ int netif_rx_ni(struct sk_buff *skb) +@@ -3044,7 +3048,7 @@ int netif_rx_ni(struct sk_buff *skb) } EXPORT_SYMBOL(netif_rx_ni); @@ -75828,7 +72324,7 @@ index ae5cf2d..2c950a1 100644 { struct softnet_data *sd = &__get_cpu_var(softnet_data); -@@ -3779,7 +3783,7 @@ void netif_napi_del(struct napi_struct *napi) +@@ -3891,7 +3895,7 @@ void netif_napi_del(struct napi_struct *napi) } EXPORT_SYMBOL(netif_napi_del); @@ -75838,7 +72334,7 @@ index ae5cf2d..2c950a1 100644 struct softnet_data *sd = &__get_cpu_var(softnet_data); unsigned long time_limit = jiffies + 2; diff --git a/net/core/flow.c b/net/core/flow.c -index d6968e5..1690d9d 100644 +index e318c7e..168b1d0 100644 --- a/net/core/flow.c +++ b/net/core/flow.c @@ -61,7 +61,7 @@ struct flow_cache { @@ -75899,30 +72395,8 @@ index c40f27e..7f49254 100644 return -EFAULT; m->msg_iov = iov; -diff --git a/net/core/net-sysfs.c b/net/core/net-sysfs.c -index 1683e5d..f3621f6 100644 ---- a/net/core/net-sysfs.c -+++ b/net/core/net-sysfs.c -@@ -664,11 +664,14 @@ static ssize_t store_rps_dev_flow_table_cnt(struct netdev_rx_queue *queue, - if (count) { - int i; - -- if (count > 1<<30) { -- /* Enforce a limit to prevent overflow */ -+ if (count > INT_MAX) - return -EINVAL; -- } - count = roundup_pow_of_two(count); -+ if (count > (ULONG_MAX - sizeof(struct rps_dev_flow_table)) -+ / sizeof(struct rps_dev_flow)) { -+ /* Enforce a limit to prevent overflow */ -+ return -EINVAL; -+ } - table = vmalloc(RPS_DEV_FLOW_TABLE_SIZE(count)); - if (!table) - return -ENOMEM; diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c -index 99d9e95..209bae2 100644 +index 9083e82..1673203 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -57,7 +57,7 @@ struct rtnl_link { @@ -75935,10 +72409,10 @@ index 99d9e95..209bae2 100644 static DEFINE_MUTEX(rtnl_mutex); static u16 min_ifinfo_dump_size; diff --git a/net/core/scm.c b/net/core/scm.c -index 811b53f..5d6c343 100644 +index ff52ad0..aff1c0f 100644 --- a/net/core/scm.c +++ b/net/core/scm.c -@@ -218,7 +218,7 @@ EXPORT_SYMBOL(__scm_send); +@@ -220,7 +220,7 @@ EXPORT_SYMBOL(__scm_send); int put_cmsg(struct msghdr * msg, int level, int type, int len, void *data) { struct cmsghdr __user *cm @@ -75947,7 +72421,7 @@ index 811b53f..5d6c343 100644 struct cmsghdr cmhdr; int cmlen = CMSG_LEN(len); int err; -@@ -241,7 +241,7 @@ int put_cmsg(struct msghdr * msg, int level, int type, int len, void *data) +@@ -243,7 +243,7 @@ int put_cmsg(struct msghdr * msg, int level, int type, int len, void *data) err = -EFAULT; if (copy_to_user(cm, &cmhdr, sizeof cmhdr)) goto out; @@ -75956,7 +72430,7 @@ index 811b53f..5d6c343 100644 goto out; cmlen = CMSG_SPACE(len); if (msg->msg_controllen < cmlen) -@@ -257,7 +257,7 @@ EXPORT_SYMBOL(put_cmsg); +@@ -259,7 +259,7 @@ EXPORT_SYMBOL(put_cmsg); void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm) { struct cmsghdr __user *cm @@ -75965,7 +72439,7 @@ index 811b53f..5d6c343 100644 int fdmax = 0; int fdnum = scm->fp->count; -@@ -277,7 +277,7 @@ void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm) +@@ -279,7 +279,7 @@ void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm) if (fdnum < fdmax) fdmax = fdnum; @@ -75974,33 +72448,20 @@ index 811b53f..5d6c343 100644 i++, cmfptr++) { int new_fd; -diff --git a/net/core/skbuff.c b/net/core/skbuff.c -index 387703f..035abcf 100644 ---- a/net/core/skbuff.c -+++ b/net/core/skbuff.c -@@ -1650,6 +1650,8 @@ int skb_splice_bits(struct sk_buff *skb, unsigned int offset, - struct sock *sk = skb->sk; - int ret = 0; - -+ pax_track_stack(); -+ - if (splice_grow_spd(pipe, &spd)) - return -ENOMEM; - diff --git a/net/core/sock.c b/net/core/sock.c -index 11d67b3..df26d4b 100644 +index b23f174..b9a0d26 100644 --- a/net/core/sock.c +++ b/net/core/sock.c -@@ -293,7 +293,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) - */ - if (atomic_read(&sk->sk_rmem_alloc) + skb->truesize >= - (unsigned)sk->sk_rcvbuf) { +@@ -289,7 +289,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) + struct sk_buff_head *list = &sk->sk_receive_queue; + + if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) { - atomic_inc(&sk->sk_drops); + atomic_inc_unchecked(&sk->sk_drops); trace_sock_rcvqueue_full(sk, skb); return -ENOMEM; } -@@ -303,7 +303,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) +@@ -299,7 +299,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) return err; if (!sk_rmem_schedule(sk, skb->truesize)) { @@ -76009,7 +72470,7 @@ index 11d67b3..df26d4b 100644 return -ENOBUFS; } -@@ -323,7 +323,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) +@@ -319,7 +319,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) skb_dst_force(skb); spin_lock_irqsave(&list->lock, flags); @@ -76018,7 +72479,7 @@ index 11d67b3..df26d4b 100644 __skb_queue_tail(list, skb); spin_unlock_irqrestore(&list->lock, flags); -@@ -343,7 +343,7 @@ int sk_receive_skb(struct sock *sk, struct sk_buff *skb, const int nested) +@@ -339,7 +339,7 @@ int sk_receive_skb(struct sock *sk, struct sk_buff *skb, const int nested) skb->dev = NULL; if (sk_rcvqueues_full(sk, skb)) { @@ -76027,7 +72488,7 @@ index 11d67b3..df26d4b 100644 goto discard_and_relse; } if (nested) -@@ -361,7 +361,7 @@ int sk_receive_skb(struct sock *sk, struct sk_buff *skb, const int nested) +@@ -357,7 +357,7 @@ int sk_receive_skb(struct sock *sk, struct sk_buff *skb, const int nested) mutex_release(&sk->sk_lock.dep_map, 1, _RET_IP_); } else if (sk_add_backlog(sk, skb)) { bh_unlock_sock(sk); @@ -76036,7 +72497,7 @@ index 11d67b3..df26d4b 100644 goto discard_and_relse; } -@@ -924,7 +924,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname, +@@ -917,7 +917,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname, if (len > sizeof(peercred)) len = sizeof(peercred); cred_to_ucred(sk->sk_peer_pid, sk->sk_peer_cred, &peercred); @@ -76045,7 +72506,7 @@ index 11d67b3..df26d4b 100644 return -EFAULT; goto lenout; } -@@ -937,7 +937,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname, +@@ -930,7 +930,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname, return -ENOTCONN; if (lv < len) return -EINVAL; @@ -76054,7 +72515,7 @@ index 11d67b3..df26d4b 100644 return -EFAULT; goto lenout; } -@@ -970,7 +970,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname, +@@ -963,7 +963,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname, if (len > lv) len = lv; @@ -76063,7 +72524,7 @@ index 11d67b3..df26d4b 100644 return -EFAULT; lenout: if (put_user(len, optlen)) -@@ -2029,7 +2029,7 @@ void sock_init_data(struct socket *sock, struct sock *sk) +@@ -2020,7 +2020,7 @@ void sock_init_data(struct socket *sock, struct sock *sk) */ smp_wmb(); atomic_set(&sk->sk_refcnt, 1); @@ -76149,7 +72610,7 @@ index 80106d8..232e898 100644 return nh->nh_saddr; } diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c -index 389a2e6..ac1c1de 100644 +index ccee270..db23c3c 100644 --- a/net/ipv4/inet_diag.c +++ b/net/ipv4/inet_diag.c @@ -114,8 +114,14 @@ static int inet_csk_diag_fill(struct sock *sk, @@ -76167,7 +72628,7 @@ index 389a2e6..ac1c1de 100644 r->id.idiag_sport = inet->inet_sport; r->id.idiag_dport = inet->inet_dport; -@@ -201,8 +207,15 @@ static int inet_twsk_diag_fill(struct inet_timewait_sock *tw, +@@ -210,8 +216,15 @@ static int inet_twsk_diag_fill(struct inet_timewait_sock *tw, r->idiag_family = tw->tw_family; r->idiag_retrans = 0; r->id.idiag_if = tw->tw_bound_dev_if; @@ -76183,7 +72644,7 @@ index 389a2e6..ac1c1de 100644 r->id.idiag_sport = tw->tw_sport; r->id.idiag_dport = tw->tw_dport; r->id.idiag_src[0] = tw->tw_rcv_saddr; -@@ -285,12 +298,14 @@ static int inet_diag_get_exact(struct sk_buff *in_skb, +@@ -294,12 +307,14 @@ static int inet_diag_get_exact(struct sk_buff *in_skb, if (sk == NULL) goto unlock; @@ -76198,7 +72659,7 @@ index 389a2e6..ac1c1de 100644 err = -ENOMEM; rep = alloc_skb(NLMSG_SPACE((sizeof(struct inet_diag_msg) + -@@ -580,8 +595,14 @@ static int inet_diag_fill_req(struct sk_buff *skb, struct sock *sk, +@@ -589,8 +604,14 @@ static int inet_diag_fill_req(struct sk_buff *skb, struct sock *sk, r->idiag_retrans = req->retrans; r->id.idiag_if = sk->sk_bound_dev_if; @@ -76243,19 +72704,10 @@ index 984ec65..97ac518 100644 inet_twsk_deschedule(tw, death_row); while (twrefcnt) { diff --git a/net/ipv4/inetpeer.c b/net/ipv4/inetpeer.c -index 86f13c67..0bce60f 100644 +index 86f13c67..59a35b5 100644 --- a/net/ipv4/inetpeer.c +++ b/net/ipv4/inetpeer.c -@@ -400,6 +400,8 @@ struct inet_peer *inet_getpeer(const struct inetpeer_addr *daddr, int create) - unsigned int sequence; - int invalidated, gccnt = 0; - -+ pax_track_stack(); -+ - /* Attempt a lockless lookup first. - * Because of a concurrent writer, we might not find an existing entry. - */ -@@ -436,8 +438,8 @@ relookup: +@@ -436,8 +436,8 @@ relookup: if (p) { p->daddr = *daddr; atomic_set(&p->refcnt, 1); @@ -76267,7 +72719,7 @@ index 86f13c67..0bce60f 100644 secure_ip_id(daddr->addr.a4) : secure_ipv6_id(daddr->addr.a6)); diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c -index 0e0ab98..2ed7dd5 100644 +index fdaabf2..0ec3205 100644 --- a/net/ipv4/ip_fragment.c +++ b/net/ipv4/ip_fragment.c @@ -316,7 +316,7 @@ static inline int ip_frag_too_far(struct ipq *qp) @@ -76280,19 +72732,10 @@ index 0e0ab98..2ed7dd5 100644 rc = qp->q.fragments && (end - start) > max; diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c -index 8905e92..0b179fb 100644 +index 09ff51b..d3968eb 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c -@@ -1073,6 +1073,8 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname, - int val; - int len; - -+ pax_track_stack(); -+ - if (level != SOL_IP) - return -EOPNOTSUPP; - -@@ -1110,7 +1112,8 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname, +@@ -1111,7 +1111,8 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname, len = min_t(unsigned int, len, opt->optlen); if (put_user(len, optlen)) return -EFAULT; @@ -76302,7 +72745,7 @@ index 8905e92..0b179fb 100644 return -EFAULT; return 0; } -@@ -1238,7 +1241,7 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname, +@@ -1239,7 +1240,7 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname, if (sk->sk_type != SOCK_STREAM) return -ENOPROTOOPT; @@ -76312,10 +72755,10 @@ index 8905e92..0b179fb 100644 msg.msg_flags = flags; diff --git a/net/ipv4/ipconfig.c b/net/ipv4/ipconfig.c -index 004bb74..8d4a58c 100644 +index 99ec116..c5628fe 100644 --- a/net/ipv4/ipconfig.c +++ b/net/ipv4/ipconfig.c -@@ -317,7 +317,7 @@ static int __init ic_devinet_ioctl(unsigned int cmd, struct ifreq *arg) +@@ -318,7 +318,7 @@ static int __init ic_devinet_ioctl(unsigned int cmd, struct ifreq *arg) mm_segment_t oldfs = get_fs(); set_fs(get_ds()); @@ -76324,7 +72767,7 @@ index 004bb74..8d4a58c 100644 set_fs(oldfs); return res; } -@@ -328,7 +328,7 @@ static int __init ic_dev_ioctl(unsigned int cmd, struct ifreq *arg) +@@ -329,7 +329,7 @@ static int __init ic_dev_ioctl(unsigned int cmd, struct ifreq *arg) mm_segment_t oldfs = get_fs(); set_fs(get_ds()); @@ -76333,7 +72776,7 @@ index 004bb74..8d4a58c 100644 set_fs(oldfs); return res; } -@@ -339,7 +339,7 @@ static int __init ic_route_ioctl(unsigned int cmd, struct rtentry *arg) +@@ -340,7 +340,7 @@ static int __init ic_route_ioctl(unsigned int cmd, struct rtentry *arg) mm_segment_t oldfs = get_fs(); set_fs(get_ds()); @@ -76343,7 +72786,7 @@ index 004bb74..8d4a58c 100644 return res; } diff --git a/net/ipv4/netfilter/nf_nat_snmp_basic.c b/net/ipv4/netfilter/nf_nat_snmp_basic.c -index 076b7c8..9c8d038 100644 +index 2133c30..5c4b40b 100644 --- a/net/ipv4/netfilter/nf_nat_snmp_basic.c +++ b/net/ipv4/netfilter/nf_nat_snmp_basic.c @@ -399,7 +399,7 @@ static unsigned char asn1_octets_decode(struct asn1_ctx *ctx, @@ -76352,14 +72795,14 @@ index 076b7c8..9c8d038 100644 - *octets = kmalloc(eoc - ctx->pointer, GFP_ATOMIC); + *octets = kmalloc((eoc - ctx->pointer), GFP_ATOMIC); - if (*octets == NULL) { - if (net_ratelimit()) - pr_notice("OOM in bsalg (%d)\n", __LINE__); + if (*octets == NULL) + return 0; + diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c -index 39b403f..8e6a0a8 100644 +index 43d4c3b..1914409 100644 --- a/net/ipv4/ping.c +++ b/net/ipv4/ping.c -@@ -837,7 +837,7 @@ static void ping_format_sock(struct sock *sp, struct seq_file *f, +@@ -836,7 +836,7 @@ static void ping_format_sock(struct sock *sp, struct seq_file *f, sk_rmem_alloc_get(sp), 0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp), atomic_read(&sp->sk_refcnt), sp, @@ -76369,10 +72812,10 @@ index 39b403f..8e6a0a8 100644 static int ping_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c -index 61714bd..c9cee6d 100644 +index 007e2eb..85a18a0 100644 --- a/net/ipv4/raw.c +++ b/net/ipv4/raw.c -@@ -302,7 +302,7 @@ static int raw_rcv_skb(struct sock * sk, struct sk_buff * skb) +@@ -303,7 +303,7 @@ static int raw_rcv_skb(struct sock * sk, struct sk_buff * skb) int raw_rcv(struct sock *sk, struct sk_buff *skb) { if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb)) { @@ -76381,7 +72824,7 @@ index 61714bd..c9cee6d 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -737,16 +737,20 @@ static int raw_init(struct sock *sk) +@@ -738,16 +738,20 @@ static int raw_init(struct sock *sk) static int raw_seticmpfilter(struct sock *sk, char __user *optval, int optlen) { @@ -76403,7 +72846,7 @@ index 61714bd..c9cee6d 100644 if (get_user(len, optlen)) goto out; -@@ -756,8 +760,8 @@ static int raw_geticmpfilter(struct sock *sk, char __user *optval, int __user *o +@@ -757,8 +761,8 @@ static int raw_geticmpfilter(struct sock *sk, char __user *optval, int __user *o if (len > sizeof(struct icmp_filter)) len = sizeof(struct icmp_filter); ret = -EFAULT; @@ -76414,7 +72857,7 @@ index 61714bd..c9cee6d 100644 goto out; ret = 0; out: return ret; -@@ -985,7 +989,13 @@ static void raw_sock_seq_show(struct seq_file *seq, struct sock *sp, int i) +@@ -986,7 +990,13 @@ static void raw_sock_seq_show(struct seq_file *seq, struct sock *sp, int i) sk_wmem_alloc_get(sp), sk_rmem_alloc_get(sp), 0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp), @@ -76430,7 +72873,7 @@ index 61714bd..c9cee6d 100644 static int raw_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv4/route.c b/net/ipv4/route.c -index b563854..e03f8a6 100644 +index 94cdbc5..0cb0063 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -313,7 +313,7 @@ static inline unsigned int rt_hash(__be32 daddr, __be32 saddr, int idx, @@ -76451,7 +72894,7 @@ index b563854..e03f8a6 100644 redirect_genid++; } -@@ -3015,7 +3015,7 @@ static int rt_fill_info(struct net *net, +@@ -3022,7 +3022,7 @@ static int rt_fill_info(struct net *net, error = rt->dst.error; if (peer) { inet_peer_refcheck(rt->peer); @@ -76460,30 +72903,8 @@ index b563854..e03f8a6 100644 if (peer->tcp_ts_stamp) { ts = peer->tcp_ts; tsage = get_seconds() - peer->tcp_ts_stamp; -diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c -index 46febca..98b73a4 100644 ---- a/net/ipv4/tcp.c -+++ b/net/ipv4/tcp.c -@@ -2122,6 +2122,8 @@ static int do_tcp_setsockopt(struct sock *sk, int level, - int val; - int err = 0; - -+ pax_track_stack(); -+ - /* These are data/string values, all the others are ints */ - switch (optname) { - case TCP_CONGESTION: { -@@ -2501,6 +2503,8 @@ static int do_tcp_getsockopt(struct sock *sk, int level, - struct tcp_sock *tp = tcp_sk(sk); - int val, len; - -+ pax_track_stack(); -+ - if (get_user(len, optlen)) - return -EFAULT; - diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c -index 7963e03..c44f5d0 100644 +index a9db4b1..3c03301 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -87,6 +87,9 @@ int sysctl_tcp_tw_reuse __read_mostly; @@ -76496,7 +72917,7 @@ index 7963e03..c44f5d0 100644 #ifdef CONFIG_TCP_MD5SIG static struct tcp_md5sig_key *tcp_v4_md5_do_lookup(struct sock *sk, -@@ -1622,6 +1625,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) +@@ -1627,6 +1630,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) return 0; reset: @@ -76506,7 +72927,7 @@ index 7963e03..c44f5d0 100644 tcp_v4_send_reset(rsk, skb); discard: kfree_skb(skb); -@@ -1684,12 +1690,19 @@ int tcp_v4_rcv(struct sk_buff *skb) +@@ -1689,12 +1695,19 @@ int tcp_v4_rcv(struct sk_buff *skb) TCP_SKB_CB(skb)->sacked = 0; sk = __inet_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest); @@ -76529,7 +72950,7 @@ index 7963e03..c44f5d0 100644 if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) { NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP); -@@ -1739,6 +1752,10 @@ no_tcp_socket: +@@ -1744,6 +1757,10 @@ no_tcp_socket: bad_packet: TCP_INC_STATS_BH(net, TCP_MIB_INERRS); } else { @@ -76540,7 +72961,7 @@ index 7963e03..c44f5d0 100644 tcp_v4_send_reset(NULL, skb); } -@@ -2403,7 +2420,11 @@ static void get_openreq4(struct sock *sk, struct request_sock *req, +@@ -2404,7 +2421,11 @@ static void get_openreq4(const struct sock *sk, const struct request_sock *req, 0, /* non standard timer */ 0, /* open_requests have no inode */ atomic_read(&sk->sk_refcnt), @@ -76552,7 +72973,7 @@ index 7963e03..c44f5d0 100644 len); } -@@ -2453,7 +2474,12 @@ static void get_tcp4_sock(struct sock *sk, struct seq_file *f, int i, int *len) +@@ -2454,7 +2475,12 @@ static void get_tcp4_sock(struct sock *sk, struct seq_file *f, int i, int *len) sock_i_uid(sk), icsk->icsk_probes_out, sock_i_ino(sk), @@ -76566,7 +72987,7 @@ index 7963e03..c44f5d0 100644 jiffies_to_clock_t(icsk->icsk_rto), jiffies_to_clock_t(icsk->icsk_ack.ato), (icsk->icsk_ack.quick << 1) | icsk->icsk_ack.pingpong, -@@ -2481,7 +2507,13 @@ static void get_timewait4_sock(struct inet_timewait_sock *tw, +@@ -2482,7 +2508,13 @@ static void get_timewait4_sock(const struct inet_timewait_sock *tw, " %02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK%n", i, src, srcp, dest, destp, tw->tw_substate, 0, 0, 3, jiffies_to_clock_t(ttd), 0, 0, 0, 0, @@ -76582,7 +73003,7 @@ index 7963e03..c44f5d0 100644 #define TMPSZ 150 diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c -index 0ce3d06..e182e59 100644 +index 66363b6..b0654a3 100644 --- a/net/ipv4/tcp_minisocks.c +++ b/net/ipv4/tcp_minisocks.c @@ -27,6 +27,10 @@ @@ -76596,7 +73017,7 @@ index 0ce3d06..e182e59 100644 int sysctl_tcp_syncookies __read_mostly = 1; EXPORT_SYMBOL(sysctl_tcp_syncookies); -@@ -750,6 +754,10 @@ listen_overflow: +@@ -751,6 +755,10 @@ listen_overflow: embryonic_reset: NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_EMBRYONICRSTS); @@ -76607,19 +73028,6 @@ index 0ce3d06..e182e59 100644 if (!(flg & TCP_FLAG_RST)) req->rsk_ops->send_reset(sk, skb); -diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c -index 882e0b0..2eba47f 100644 ---- a/net/ipv4/tcp_output.c -+++ b/net/ipv4/tcp_output.c -@@ -2421,6 +2421,8 @@ struct sk_buff *tcp_make_synack(struct sock *sk, struct dst_entry *dst, - int mss; - int s_data_desired = 0; - -+ pax_track_stack(); -+ - if (cvp != NULL && cvp->s_data_constant && cvp->s_data_desired) - s_data_desired = cvp->s_data_desired; - skb = sock_wmalloc(sk, MAX_TCP_HEADER + 15 + s_data_desired, 1, GFP_ATOMIC); diff --git a/net/ipv4/tcp_probe.c b/net/ipv4/tcp_probe.c index 85ee7eb..53277ab 100644 --- a/net/ipv4/tcp_probe.c @@ -76634,7 +73042,7 @@ index 85ee7eb..53277ab 100644 cnt += width; } diff --git a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c -index ecd44b0..b32fba6 100644 +index 2e0f0af..e2948bf 100644 --- a/net/ipv4/tcp_timer.c +++ b/net/ipv4/tcp_timer.c @@ -22,6 +22,10 @@ @@ -76663,7 +73071,7 @@ index ecd44b0..b32fba6 100644 syn_set ? 0 : icsk->icsk_user_timeout, syn_set)) { /* Has it gone just too far? */ diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c -index 1b5a193..bd354b0 100644 +index 5a65eea..bd913a1 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c @@ -86,6 +86,7 @@ @@ -76732,9 +73140,9 @@ index 1b5a193..bd354b0 100644 + goto out_free; + ulen = skb->len - sizeof(struct udphdr); - if (len > ulen) - len = ulen; -@@ -1485,7 +1506,7 @@ int udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) + copied = len; + if (copied > ulen) +@@ -1487,7 +1508,7 @@ int udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) drop: UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, is_udplite); @@ -76743,7 +73151,7 @@ index 1b5a193..bd354b0 100644 kfree_skb(skb); return -1; } -@@ -1504,7 +1525,7 @@ static void flush_stack(struct sock **stack, unsigned int count, +@@ -1506,7 +1527,7 @@ static void flush_stack(struct sock **stack, unsigned int count, skb1 = (i == final) ? skb : skb_clone(skb, GFP_ATOMIC); if (!skb1) { @@ -76752,7 +73160,7 @@ index 1b5a193..bd354b0 100644 UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_RCVBUFERRORS, IS_UDPLITE(sk)); UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, -@@ -1673,6 +1694,9 @@ int __udp4_lib_rcv(struct sk_buff *skb, struct udp_table *udptable, +@@ -1675,6 +1696,9 @@ int __udp4_lib_rcv(struct sk_buff *skb, struct udp_table *udptable, goto csum_error; UDP_INC_STATS_BH(net, UDP_MIB_NOPORTS, proto == IPPROTO_UDPLITE); @@ -76762,7 +73170,7 @@ index 1b5a193..bd354b0 100644 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0); /* -@@ -2100,8 +2124,13 @@ static void udp4_format_sock(struct sock *sp, struct seq_file *f, +@@ -2098,8 +2122,13 @@ static void udp4_format_sock(struct sock *sp, struct seq_file *f, sk_wmem_alloc_get(sp), sk_rmem_alloc_get(sp), 0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp), @@ -76779,10 +73187,10 @@ index 1b5a193..bd354b0 100644 int udp4_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c -index 12368c5..fbf899f 100644 +index 36806de..b86f74c 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c -@@ -2083,7 +2083,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) +@@ -2149,7 +2149,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) p.iph.ihl = 5; p.iph.protocol = IPPROTO_IPV6; p.iph.ttl = 64; @@ -76792,7 +73200,7 @@ index 12368c5..fbf899f 100644 if (ops->ndo_do_ioctl) { mm_segment_t oldfs = get_fs(); diff --git a/net/ipv6/inet6_connection_sock.c b/net/ipv6/inet6_connection_sock.c -index 8a58e8c..8b5e631 100644 +index 1567fb1..29af910 100644 --- a/net/ipv6/inet6_connection_sock.c +++ b/net/ipv6/inet6_connection_sock.c @@ -178,7 +178,7 @@ void __inet6_csk_dst_store(struct sock *sk, struct dst_entry *dst, @@ -76814,28 +73222,10 @@ index 8a58e8c..8b5e631 100644 dst = NULL; } diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c -index 2fbda5f..26ed683 100644 +index 26cb08c..8af9877 100644 --- a/net/ipv6/ipv6_sockglue.c +++ b/net/ipv6/ipv6_sockglue.c -@@ -129,6 +129,8 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname, - int val, valbool; - int retv = -ENOPROTOOPT; - -+ pax_track_stack(); -+ - if (optval == NULL) - val=0; - else { -@@ -919,6 +921,8 @@ static int do_ipv6_getsockopt(struct sock *sk, int level, int optname, - int len; - int val; - -+ pax_track_stack(); -+ - if (ip6_mroute_opt(optname)) - return ip6_mroute_getsockopt(sk, optname, optval, optlen); - -@@ -960,7 +964,7 @@ static int do_ipv6_getsockopt(struct sock *sk, int level, int optname, +@@ -960,7 +960,7 @@ static int do_ipv6_getsockopt(struct sock *sk, int level, int optname, if (sk->sk_type != SOCK_STREAM) return -ENOPROTOOPT; @@ -76845,19 +73235,19 @@ index 2fbda5f..26ed683 100644 msg.msg_flags = flags; diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c -index 343852e..c92bd15 100644 +index 331af3b..7789844 100644 --- a/net/ipv6/raw.c +++ b/net/ipv6/raw.c -@@ -376,7 +376,7 @@ static inline int rawv6_rcv_skb(struct sock * sk, struct sk_buff * skb) +@@ -377,7 +377,7 @@ static inline int rawv6_rcv_skb(struct sock *sk, struct sk_buff *skb) { - if ((raw6_sk(sk)->checksum || rcu_dereference_raw(sk->sk_filter)) && + if ((raw6_sk(sk)->checksum || rcu_access_pointer(sk->sk_filter)) && skb_checksum_complete(skb)) { - atomic_inc(&sk->sk_drops); + atomic_inc_unchecked(&sk->sk_drops); kfree_skb(skb); return NET_RX_DROP; } -@@ -403,7 +403,7 @@ int rawv6_rcv(struct sock *sk, struct sk_buff *skb) +@@ -404,7 +404,7 @@ int rawv6_rcv(struct sock *sk, struct sk_buff *skb) struct raw6_sock *rp = raw6_sk(sk); if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb)) { @@ -76866,7 +73256,7 @@ index 343852e..c92bd15 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -427,7 +427,7 @@ int rawv6_rcv(struct sock *sk, struct sk_buff *skb) +@@ -428,7 +428,7 @@ int rawv6_rcv(struct sock *sk, struct sk_buff *skb) if (inet->hdrincl) { if (skb_checksum_complete(skb)) { @@ -76884,16 +73274,7 @@ index 343852e..c92bd15 100644 struct flowi6 *fl6, struct dst_entry **dstp, unsigned int flags) { -@@ -742,6 +742,8 @@ static int rawv6_sendmsg(struct kiocb *iocb, struct sock *sk, - u16 proto; - int err; - -+ pax_track_stack(); -+ - /* Rough check on arithmetic overflow, - better check is made in ip6_append_data(). - */ -@@ -909,12 +911,15 @@ do_confirm: +@@ -909,12 +909,15 @@ do_confirm: static int rawv6_seticmpfilter(struct sock *sk, int level, int optname, char __user *optval, int optlen) { @@ -76910,7 +73291,7 @@ index 343852e..c92bd15 100644 return 0; default: return -ENOPROTOOPT; -@@ -927,6 +932,7 @@ static int rawv6_geticmpfilter(struct sock *sk, int level, int optname, +@@ -927,6 +930,7 @@ static int rawv6_geticmpfilter(struct sock *sk, int level, int optname, char __user *optval, int __user *optlen) { int len; @@ -76918,7 +73299,7 @@ index 343852e..c92bd15 100644 switch (optname) { case ICMPV6_FILTER: -@@ -938,7 +944,8 @@ static int rawv6_geticmpfilter(struct sock *sk, int level, int optname, +@@ -938,7 +942,8 @@ static int rawv6_geticmpfilter(struct sock *sk, int level, int optname, len = sizeof(struct icmp6_filter); if (put_user(len, optlen)) return -EFAULT; @@ -76928,7 +73309,7 @@ index 343852e..c92bd15 100644 return -EFAULT; return 0; default: -@@ -1245,7 +1252,13 @@ static void raw6_sock_seq_show(struct seq_file *seq, struct sock *sp, int i) +@@ -1245,7 +1250,13 @@ static void raw6_sock_seq_show(struct seq_file *seq, struct sock *sp, int i) 0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp), @@ -76944,7 +73325,7 @@ index 343852e..c92bd15 100644 static int raw6_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c -index 7b8fc57..c6185da 100644 +index 2dea4bb..dca8ac5 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -93,6 +93,10 @@ static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk, @@ -76958,7 +73339,7 @@ index 7b8fc57..c6185da 100644 static void tcp_v6_hash(struct sock *sk) { if (sk->sk_state != TCP_CLOSE) { -@@ -1647,6 +1651,9 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) +@@ -1651,6 +1655,9 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) return 0; reset: @@ -76968,7 +73349,7 @@ index 7b8fc57..c6185da 100644 tcp_v6_send_reset(sk, skb); discard: if (opt_skb) -@@ -1726,12 +1733,20 @@ static int tcp_v6_rcv(struct sk_buff *skb) +@@ -1730,12 +1737,20 @@ static int tcp_v6_rcv(struct sk_buff *skb) TCP_SKB_CB(skb)->sacked = 0; sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest); @@ -76991,7 +73372,7 @@ index 7b8fc57..c6185da 100644 if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) { NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP); -@@ -1779,6 +1794,10 @@ no_tcp_socket: +@@ -1783,6 +1798,10 @@ no_tcp_socket: bad_packet: TCP_INC_STATS_BH(net, TCP_MIB_INERRS); } else { @@ -77002,7 +73383,7 @@ index 7b8fc57..c6185da 100644 tcp_v6_send_reset(NULL, skb); } -@@ -2039,7 +2058,13 @@ static void get_openreq6(struct seq_file *seq, +@@ -2043,7 +2062,13 @@ static void get_openreq6(struct seq_file *seq, uid, 0, /* non standard timer */ 0, /* open_requests have no inode */ @@ -77017,7 +73398,7 @@ index 7b8fc57..c6185da 100644 } static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i) -@@ -2089,7 +2114,12 @@ static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i) +@@ -2093,7 +2118,12 @@ static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i) sock_i_uid(sp), icsk->icsk_probes_out, sock_i_ino(sp), @@ -77031,7 +73412,7 @@ index 7b8fc57..c6185da 100644 jiffies_to_clock_t(icsk->icsk_rto), jiffies_to_clock_t(icsk->icsk_ack.ato), (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong, -@@ -2124,7 +2154,13 @@ static void get_timewait6_sock(struct seq_file *seq, +@@ -2128,7 +2158,13 @@ static void get_timewait6_sock(struct seq_file *seq, dest->s6_addr32[2], dest->s6_addr32[3], destp, tw->tw_substate, 0, 0, 3, jiffies_to_clock_t(ttd), 0, 0, 0, 0, @@ -77047,7 +73428,7 @@ index 7b8fc57..c6185da 100644 static int tcp6_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c -index bb95e8e..ae0ee80 100644 +index 8c25419..47a51ae 100644 --- a/net/ipv6/udp.c +++ b/net/ipv6/udp.c @@ -50,6 +50,10 @@ @@ -77061,7 +73442,7 @@ index bb95e8e..ae0ee80 100644 int ipv6_rcv_saddr_equal(const struct sock *sk, const struct sock *sk2) { const struct in6_addr *sk_rcv_saddr6 = &inet6_sk(sk)->rcv_saddr; -@@ -548,7 +552,7 @@ int udpv6_queue_rcv_skb(struct sock * sk, struct sk_buff *skb) +@@ -549,7 +553,7 @@ int udpv6_queue_rcv_skb(struct sock * sk, struct sk_buff *skb) return 0; drop: @@ -77070,7 +73451,7 @@ index bb95e8e..ae0ee80 100644 drop_no_sk_drops_inc: UDP6_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, is_udplite); kfree_skb(skb); -@@ -624,7 +628,7 @@ static void flush_stack(struct sock **stack, unsigned int count, +@@ -625,7 +629,7 @@ static void flush_stack(struct sock **stack, unsigned int count, continue; } drop: @@ -77079,7 +73460,7 @@ index bb95e8e..ae0ee80 100644 UDP6_INC_STATS_BH(sock_net(sk), UDP_MIB_RCVBUFERRORS, IS_UDPLITE(sk)); UDP6_INC_STATS_BH(sock_net(sk), -@@ -779,6 +783,9 @@ int __udp6_lib_rcv(struct sk_buff *skb, struct udp_table *udptable, +@@ -780,6 +784,9 @@ int __udp6_lib_rcv(struct sk_buff *skb, struct udp_table *udptable, UDP6_INC_STATS_BH(net, UDP_MIB_NOPORTS, proto == IPPROTO_UDPLITE); @@ -77089,7 +73470,7 @@ index bb95e8e..ae0ee80 100644 icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_PORT_UNREACH, 0); kfree_skb(skb); -@@ -795,7 +802,7 @@ int __udp6_lib_rcv(struct sk_buff *skb, struct udp_table *udptable, +@@ -796,7 +803,7 @@ int __udp6_lib_rcv(struct sk_buff *skb, struct udp_table *udptable, if (!sock_owned_by_user(sk)) udpv6_queue_rcv_skb(sk, skb); else if (sk_add_backlog(sk, skb)) { @@ -77098,7 +73479,7 @@ index bb95e8e..ae0ee80 100644 bh_unlock_sock(sk); sock_put(sk); goto discard; -@@ -1406,8 +1413,13 @@ static void udp6_sock_seq_show(struct seq_file *seq, struct sock *sp, int bucket +@@ -1407,8 +1414,13 @@ static void udp6_sock_seq_show(struct seq_file *seq, struct sock *sp, int bucket 0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp), @@ -77115,7 +73496,7 @@ index bb95e8e..ae0ee80 100644 int udp6_seq_show(struct seq_file *seq, void *v) diff --git a/net/irda/ircomm/ircomm_tty.c b/net/irda/ircomm/ircomm_tty.c -index b3cc8b3..baa02d0 100644 +index 253695d..9481ce8 100644 --- a/net/irda/ircomm/ircomm_tty.c +++ b/net/irda/ircomm/ircomm_tty.c @@ -282,16 +282,16 @@ static int ircomm_tty_block_til_ready(struct ircomm_tty_cb *self, @@ -77241,10 +73622,10 @@ index b3cc8b3..baa02d0 100644 seq_printf(m, "Max header size: %d\n", self->max_header_size); diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c -index e2013e4..edfc1e3 100644 +index 274d150..656a144 100644 --- a/net/iucv/af_iucv.c +++ b/net/iucv/af_iucv.c -@@ -648,10 +648,10 @@ static int iucv_sock_autobind(struct sock *sk) +@@ -787,10 +787,10 @@ static int iucv_sock_autobind(struct sock *sk) write_lock_bh(&iucv_sk_list.lock); @@ -77258,19 +73639,10 @@ index e2013e4..edfc1e3 100644 write_unlock_bh(&iucv_sk_list.lock); diff --git a/net/key/af_key.c b/net/key/af_key.c -index 1e733e9..c84de2f 100644 +index 1e733e9..3d73c9f 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c -@@ -2481,6 +2481,8 @@ static int pfkey_migrate(struct sock *sk, struct sk_buff *skb, - struct xfrm_migrate m[XFRM_MAX_DEPTH]; - struct xfrm_kmaddress k; - -+ pax_track_stack(); -+ - if (!present_and_same_family(ext_hdrs[SADB_EXT_ADDRESS_SRC - 1], - ext_hdrs[SADB_EXT_ADDRESS_DST - 1]) || - !ext_hdrs[SADB_X_EXT_POLICY - 1]) { -@@ -3016,10 +3018,10 @@ static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, const struc +@@ -3016,10 +3016,10 @@ static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, const struc static u32 get_acqseq(void) { u32 res; @@ -77283,97 +73655,8 @@ index 1e733e9..c84de2f 100644 } while (!res); return res; } -diff --git a/net/lapb/lapb_iface.c b/net/lapb/lapb_iface.c -index 956b7e4..f01d328 100644 ---- a/net/lapb/lapb_iface.c -+++ b/net/lapb/lapb_iface.c -@@ -158,7 +158,7 @@ int lapb_register(struct net_device *dev, struct lapb_register_struct *callbacks - goto out; - - lapb->dev = dev; -- lapb->callbacks = *callbacks; -+ lapb->callbacks = callbacks; - - __lapb_insert_cb(lapb); - -@@ -380,32 +380,32 @@ int lapb_data_received(struct net_device *dev, struct sk_buff *skb) - - void lapb_connect_confirmation(struct lapb_cb *lapb, int reason) - { -- if (lapb->callbacks.connect_confirmation) -- lapb->callbacks.connect_confirmation(lapb->dev, reason); -+ if (lapb->callbacks->connect_confirmation) -+ lapb->callbacks->connect_confirmation(lapb->dev, reason); - } - - void lapb_connect_indication(struct lapb_cb *lapb, int reason) - { -- if (lapb->callbacks.connect_indication) -- lapb->callbacks.connect_indication(lapb->dev, reason); -+ if (lapb->callbacks->connect_indication) -+ lapb->callbacks->connect_indication(lapb->dev, reason); - } - - void lapb_disconnect_confirmation(struct lapb_cb *lapb, int reason) - { -- if (lapb->callbacks.disconnect_confirmation) -- lapb->callbacks.disconnect_confirmation(lapb->dev, reason); -+ if (lapb->callbacks->disconnect_confirmation) -+ lapb->callbacks->disconnect_confirmation(lapb->dev, reason); - } - - void lapb_disconnect_indication(struct lapb_cb *lapb, int reason) - { -- if (lapb->callbacks.disconnect_indication) -- lapb->callbacks.disconnect_indication(lapb->dev, reason); -+ if (lapb->callbacks->disconnect_indication) -+ lapb->callbacks->disconnect_indication(lapb->dev, reason); - } - - int lapb_data_indication(struct lapb_cb *lapb, struct sk_buff *skb) - { -- if (lapb->callbacks.data_indication) -- return lapb->callbacks.data_indication(lapb->dev, skb); -+ if (lapb->callbacks->data_indication) -+ return lapb->callbacks->data_indication(lapb->dev, skb); - - kfree_skb(skb); - return NET_RX_SUCCESS; /* For now; must be != NET_RX_DROP */ -@@ -415,8 +415,8 @@ int lapb_data_transmit(struct lapb_cb *lapb, struct sk_buff *skb) - { - int used = 0; - -- if (lapb->callbacks.data_transmit) { -- lapb->callbacks.data_transmit(lapb->dev, skb); -+ if (lapb->callbacks->data_transmit) { -+ lapb->callbacks->data_transmit(lapb->dev, skb); - used = 1; - } - -diff --git a/net/mac80211/debugfs_sta.c b/net/mac80211/debugfs_sta.c -index a01d213..6a1f1ab 100644 ---- a/net/mac80211/debugfs_sta.c -+++ b/net/mac80211/debugfs_sta.c -@@ -140,6 +140,8 @@ static ssize_t sta_agg_status_read(struct file *file, char __user *userbuf, - struct tid_ampdu_rx *tid_rx; - struct tid_ampdu_tx *tid_tx; - -+ pax_track_stack(); -+ - rcu_read_lock(); - - p += scnprintf(p, sizeof(buf) + buf - p, "next dialog_token: %#02x\n", -@@ -240,6 +242,8 @@ static ssize_t sta_ht_capa_read(struct file *file, char __user *userbuf, - struct sta_info *sta = file->private_data; - struct ieee80211_sta_ht_cap *htc = &sta->sta.ht_cap; - -+ pax_track_stack(); -+ - p += scnprintf(p, sizeof(buf) + buf - p, "ht %ssupported\n", - htc->ht_supported ? "" : "not "); - if (htc->ht_supported) { diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h -index 9fab144..7f0fc14 100644 +index ea10a51..9a4f0cc 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h @@ -27,6 +27,7 @@ @@ -77384,7 +73667,7 @@ index 9fab144..7f0fc14 100644 #include "key.h" #include "sta_info.h" -@@ -754,7 +755,7 @@ struct ieee80211_local { +@@ -761,7 +762,7 @@ struct ieee80211_local { /* also used to protect ampdu_ac_queue and amdpu_ac_stop_refcnt */ spinlock_t queue_stop_reason_lock; @@ -77394,7 +73677,7 @@ index 9fab144..7f0fc14 100644 /* number of interfaces with corresponding FIF_ flags */ int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll, diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c -index 556e7e6..120dcaf 100644 +index 30d7355..e260095 100644 --- a/net/mac80211/iface.c +++ b/net/mac80211/iface.c @@ -211,7 +211,7 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up) @@ -77433,7 +73716,7 @@ index 556e7e6..120dcaf 100644 drv_stop(local); err_del_bss: sdata->bss = NULL; -@@ -474,7 +474,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, +@@ -472,7 +472,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, } if (going_down) @@ -77442,7 +73725,7 @@ index 556e7e6..120dcaf 100644 switch (sdata->vif.type) { case NL80211_IFTYPE_AP_VLAN: -@@ -533,7 +533,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, +@@ -531,7 +531,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, ieee80211_recalc_ps(local, -1); @@ -77452,7 +73735,7 @@ index 556e7e6..120dcaf 100644 napi_disable(&local->napi); ieee80211_clear_tx_pending(local); diff --git a/net/mac80211/main.c b/net/mac80211/main.c -index 3d90dad..36884d5 100644 +index cae4435..76e3372 100644 --- a/net/mac80211/main.c +++ b/net/mac80211/main.c @@ -209,7 +209,7 @@ int ieee80211_hw_config(struct ieee80211_local *local, u32 changed) @@ -77464,21 +73747,8 @@ index 3d90dad..36884d5 100644 ret = drv_config(local, changed); /* * Goal: -diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c -index 0f48368..d48e688 100644 ---- a/net/mac80211/mlme.c -+++ b/net/mac80211/mlme.c -@@ -1464,6 +1464,8 @@ static bool ieee80211_assoc_success(struct ieee80211_work *wk, - bool have_higher_than_11mbit = false; - u16 ap_ht_cap_flags; - -+ pax_track_stack(); -+ - /* AssocResp and ReassocResp have identical structure */ - - aid = le16_to_cpu(mgmt->u.assoc_resp.aid); diff --git a/net/mac80211/pm.c b/net/mac80211/pm.c -index 6326d34..7225f61 100644 +index 9ee7164..56c5061 100644 --- a/net/mac80211/pm.c +++ b/net/mac80211/pm.c @@ -34,7 +34,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) @@ -77509,10 +73779,10 @@ index 6326d34..7225f61 100644 suspend: diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c -index 3d5a2cb..b17ad48 100644 +index 5a5a776..9600b11 100644 --- a/net/mac80211/rate.c +++ b/net/mac80211/rate.c -@@ -371,7 +371,7 @@ int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local, +@@ -401,7 +401,7 @@ int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local, ASSERT_RTNL(); @@ -77522,10 +73792,10 @@ index 3d5a2cb..b17ad48 100644 if (local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL) { diff --git a/net/mac80211/rc80211_pid_debugfs.c b/net/mac80211/rc80211_pid_debugfs.c -index 4851e9e..d860e05 100644 +index c97a065..ff61928 100644 --- a/net/mac80211/rc80211_pid_debugfs.c +++ b/net/mac80211/rc80211_pid_debugfs.c -@@ -192,7 +192,7 @@ static ssize_t rate_control_pid_events_read(struct file *file, char __user *buf, +@@ -193,7 +193,7 @@ static ssize_t rate_control_pid_events_read(struct file *file, char __user *buf, spin_unlock_irqrestore(&events->lock, status); @@ -77535,10 +73805,10 @@ index 4851e9e..d860e05 100644 return p; diff --git a/net/mac80211/util.c b/net/mac80211/util.c -index fd031e8..84fbfcf 100644 +index d5230ec..c604b21 100644 --- a/net/mac80211/util.c +++ b/net/mac80211/util.c -@@ -1170,7 +1170,7 @@ int ieee80211_reconfig(struct ieee80211_local *local) +@@ -1000,7 +1000,7 @@ int ieee80211_reconfig(struct ieee80211_local *local) drv_set_coverage_class(local, hw->wiphy->coverage_class); /* everything else happens only if HW was up & running */ @@ -77548,10 +73818,10 @@ index fd031e8..84fbfcf 100644 /* diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig -index 32bff6d..d0cf986 100644 +index d5597b7..ab6d39c 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig -@@ -781,6 +781,16 @@ config NETFILTER_XT_MATCH_ESP +@@ -779,6 +779,16 @@ config NETFILTER_XT_MATCH_ESP To compile it as a module, choose M here. If unsure, say N. @@ -77581,7 +73851,7 @@ index 1a02853..5d8c22e 100644 obj-$(CONFIG_NETFILTER_XT_MATCH_HELPER) += xt_helper.o obj-$(CONFIG_NETFILTER_XT_MATCH_HL) += xt_hl.o diff --git a/net/netfilter/ipvs/ip_vs_conn.c b/net/netfilter/ipvs/ip_vs_conn.c -index 12571fb..fb73976 100644 +index 29fa5ba..8debc79 100644 --- a/net/netfilter/ipvs/ip_vs_conn.c +++ b/net/netfilter/ipvs/ip_vs_conn.c @@ -556,7 +556,7 @@ ip_vs_bind_dest(struct ip_vs_conn *cp, struct ip_vs_dest *dest) @@ -77612,10 +73882,10 @@ index 12571fb..fb73976 100644 if (!todrop_rate[i]) return 0; diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c -index 4f77bb1..5d0bc26 100644 +index 093cc32..9209ae1 100644 --- a/net/netfilter/ipvs/ip_vs_core.c +++ b/net/netfilter/ipvs/ip_vs_core.c -@@ -563,7 +563,7 @@ int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb, +@@ -562,7 +562,7 @@ int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb, ret = cp->packet_xmit(skb, cp, pd->pp); /* do not touch skb anymore */ @@ -77624,7 +73894,7 @@ index 4f77bb1..5d0bc26 100644 ip_vs_conn_put(cp); return ret; } -@@ -1612,7 +1612,7 @@ ip_vs_in(unsigned int hooknum, struct sk_buff *skb, int af) +@@ -1611,7 +1611,7 @@ ip_vs_in(unsigned int hooknum, struct sk_buff *skb, int af) if (cp->flags & IP_VS_CONN_F_ONE_PACKET) pkts = sysctl_sync_threshold(ipvs); else @@ -77634,10 +73904,10 @@ index 4f77bb1..5d0bc26 100644 if ((ipvs->sync_state & IP_VS_STATE_MASTER) && cp->protocol == IPPROTO_SCTP) { diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c -index e3be48b..d658c8c 100644 +index e1a66cf..0910076 100644 --- a/net/netfilter/ipvs/ip_vs_ctl.c +++ b/net/netfilter/ipvs/ip_vs_ctl.c -@@ -782,7 +782,7 @@ __ip_vs_update_dest(struct ip_vs_service *svc, struct ip_vs_dest *dest, +@@ -788,7 +788,7 @@ __ip_vs_update_dest(struct ip_vs_service *svc, struct ip_vs_dest *dest, ip_vs_rs_hash(ipvs, dest); write_unlock_bh(&ipvs->rs_lock); } @@ -77646,7 +73916,7 @@ index e3be48b..d658c8c 100644 /* bind the service */ if (!dest->svc) { -@@ -2027,7 +2027,7 @@ static int ip_vs_info_seq_show(struct seq_file *seq, void *v) +@@ -2028,7 +2028,7 @@ static int ip_vs_info_seq_show(struct seq_file *seq, void *v) " %-7s %-6d %-10d %-10d\n", &dest->addr.in6, ntohs(dest->port), @@ -77655,7 +73925,7 @@ index e3be48b..d658c8c 100644 atomic_read(&dest->weight), atomic_read(&dest->activeconns), atomic_read(&dest->inactconns)); -@@ -2038,7 +2038,7 @@ static int ip_vs_info_seq_show(struct seq_file *seq, void *v) +@@ -2039,7 +2039,7 @@ static int ip_vs_info_seq_show(struct seq_file *seq, void *v) "%-7s %-6d %-10d %-10d\n", ntohl(dest->addr.ip), ntohs(dest->port), @@ -77664,16 +73934,7 @@ index e3be48b..d658c8c 100644 atomic_read(&dest->weight), atomic_read(&dest->activeconns), atomic_read(&dest->inactconns)); -@@ -2285,6 +2285,8 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len) - struct ip_vs_dest_user_kern udest; - struct netns_ipvs *ipvs = net_ipvs(net); - -+ pax_track_stack(); -+ - if (!capable(CAP_NET_ADMIN)) - return -EPERM; - -@@ -2508,7 +2510,7 @@ __ip_vs_get_dest_entries(struct net *net, const struct ip_vs_get_dests *get, +@@ -2509,7 +2509,7 @@ __ip_vs_get_dest_entries(struct net *net, const struct ip_vs_get_dests *get, entry.addr = dest->addr.ip; entry.port = dest->port; @@ -77682,7 +73943,7 @@ index e3be48b..d658c8c 100644 entry.weight = atomic_read(&dest->weight); entry.u_threshold = dest->u_threshold; entry.l_threshold = dest->l_threshold; -@@ -3041,7 +3043,7 @@ static int ip_vs_genl_fill_dest(struct sk_buff *skb, struct ip_vs_dest *dest) +@@ -3042,7 +3042,7 @@ static int ip_vs_genl_fill_dest(struct sk_buff *skb, struct ip_vs_dest *dest) NLA_PUT_U16(skb, IPVS_DEST_ATTR_PORT, dest->port); NLA_PUT_U32(skb, IPVS_DEST_ATTR_FWD_METHOD, @@ -77692,7 +73953,7 @@ index e3be48b..d658c8c 100644 NLA_PUT_U32(skb, IPVS_DEST_ATTR_U_THRESH, dest->u_threshold); NLA_PUT_U32(skb, IPVS_DEST_ATTR_L_THRESH, dest->l_threshold); diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c -index 3cdd479..116afa8 100644 +index 2b6678c0..aaa41fc 100644 --- a/net/netfilter/ipvs/ip_vs_sync.c +++ b/net/netfilter/ipvs/ip_vs_sync.c @@ -649,7 +649,7 @@ control: @@ -77714,7 +73975,7 @@ index 3cdd479..116afa8 100644 cp->old_state = cp->state; /* diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c -index ee319a4..8a285ee 100644 +index aa2d720..d8aa111 100644 --- a/net/netfilter/ipvs/ip_vs_xmit.c +++ b/net/netfilter/ipvs/ip_vs_xmit.c @@ -1151,7 +1151,7 @@ ip_vs_icmp_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, @@ -77735,30 +73996,8 @@ index ee319a4..8a285ee 100644 goto out; } -diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c -index 7dec88a..0996ce3 100644 ---- a/net/netfilter/nf_conntrack_netlink.c -+++ b/net/netfilter/nf_conntrack_netlink.c -@@ -135,7 +135,7 @@ nla_put_failure: - static inline int - ctnetlink_dump_timeout(struct sk_buff *skb, const struct nf_conn *ct) - { -- long timeout = (ct->timeout.expires - jiffies) / HZ; -+ long timeout = ((long)ct->timeout.expires - (long)jiffies) / HZ; - - if (timeout < 0) - timeout = 0; -@@ -1638,7 +1638,7 @@ ctnetlink_exp_dump_expect(struct sk_buff *skb, - const struct nf_conntrack_expect *exp) - { - struct nf_conn *master = exp->master; -- long timeout = (exp->timeout.expires - jiffies) / HZ; -+ long timeout = ((long)exp->timeout.expires - (long)jiffies) / HZ; - struct nf_conn_help *help; - - if (timeout < 0) diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c -index 2d8158a..5dca296 100644 +index 66b2c54..c7884e3 100644 --- a/net/netfilter/nfnetlink_log.c +++ b/net/netfilter/nfnetlink_log.c @@ -70,7 +70,7 @@ struct nfulnl_instance { @@ -77770,7 +74009,7 @@ index 2d8158a..5dca296 100644 #define INSTANCE_BUCKETS 16 static struct hlist_head instance_table[INSTANCE_BUCKETS]; -@@ -505,7 +505,7 @@ __build_packet_message(struct nfulnl_instance *inst, +@@ -502,7 +502,7 @@ __build_packet_message(struct nfulnl_instance *inst, /* global sequence number */ if (inst->flags & NFULNL_CFG_F_SEQ_GLOBAL) NLA_PUT_BE32(inst->skb, NFULA_SEQ_GLOBAL, @@ -77837,11 +74076,11 @@ index 0000000..6905327 +MODULE_ALIAS("ipt_gradm"); +MODULE_ALIAS("ip6t_gradm"); diff --git a/net/netfilter/xt_statistic.c b/net/netfilter/xt_statistic.c -index 42ecb71..8d687c0 100644 +index 4fe4fb4..87a89e5 100644 --- a/net/netfilter/xt_statistic.c +++ b/net/netfilter/xt_statistic.c -@@ -18,7 +18,7 @@ - #include <linux/netfilter/x_tables.h> +@@ -19,7 +19,7 @@ + #include <linux/module.h> struct xt_statistic_priv { - atomic_t count; @@ -77849,7 +74088,7 @@ index 42ecb71..8d687c0 100644 } ____cacheline_aligned_in_smp; MODULE_LICENSE("GPL"); -@@ -41,9 +41,9 @@ statistic_mt(const struct sk_buff *skb, struct xt_action_param *par) +@@ -42,9 +42,9 @@ statistic_mt(const struct sk_buff *skb, struct xt_action_param *par) break; case XT_STATISTIC_MODE_NTH: do { @@ -77861,7 +74100,7 @@ index 42ecb71..8d687c0 100644 if (nval == 0) ret = !ret; break; -@@ -63,7 +63,7 @@ static int statistic_mt_check(const struct xt_mtchk_param *par) +@@ -64,7 +64,7 @@ static int statistic_mt_check(const struct xt_mtchk_param *par) info->master = kzalloc(sizeof(*info->master), GFP_KERNEL); if (info->master == NULL) return -ENOMEM; @@ -77871,7 +74110,7 @@ index 42ecb71..8d687c0 100644 return 0; } diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c -index 0a4db02..604f748 100644 +index 1201b6d..bcff8c6 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c @@ -742,7 +742,7 @@ static void netlink_overrun(struct sock *sk) @@ -77883,7 +74122,7 @@ index 0a4db02..604f748 100644 } static struct sock *netlink_getsockbypid(struct sock *ssk, u32 pid) -@@ -2000,7 +2000,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v) +@@ -1999,7 +1999,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v) sk_wmem_alloc_get(s), nlk->cb, atomic_read(&s->sk_refcnt), @@ -77913,10 +74152,10 @@ index 732152f..60bb09e 100644 *uaddr_len = sizeof(struct sockaddr_ax25); } diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c -index fabb4fa..37aaea0 100644 +index d9d4970..d5a6a68 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c -@@ -954,7 +954,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, +@@ -1675,7 +1675,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, spin_lock(&sk->sk_receive_queue.lock); po->stats.tp_packets++; @@ -77925,7 +74164,7 @@ index fabb4fa..37aaea0 100644 __skb_queue_tail(&sk->sk_receive_queue, skb); spin_unlock(&sk->sk_receive_queue.lock); sk->sk_data_ready(sk, skb->len); -@@ -963,7 +963,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, +@@ -1684,7 +1684,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, drop_n_acct: spin_lock(&sk->sk_receive_queue.lock); po->stats.tp_drops++; @@ -77934,21 +74173,7 @@ index fabb4fa..37aaea0 100644 spin_unlock(&sk->sk_receive_queue.lock); drop_n_restore: -@@ -1691,8 +1691,12 @@ static int packet_do_bind(struct sock *sk, struct net_device *dev, __be16 protoc - { - struct packet_sock *po = pkt_sk(sk); - -- if (po->fanout) -+ if (po->fanout) { -+ if (dev) -+ dev_put(dev); -+ - return -EINVAL; -+ } - - lock_sock(sk); - -@@ -2479,7 +2483,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, +@@ -3266,7 +3266,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, case PACKET_HDRLEN: if (len > sizeof(int)) len = sizeof(int); @@ -77957,7 +74182,7 @@ index fabb4fa..37aaea0 100644 return -EFAULT; switch (val) { case TPACKET_V1: -@@ -2526,7 +2530,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, +@@ -3316,7 +3316,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, if (put_user(len, optlen)) return -EFAULT; @@ -77967,7 +74192,7 @@ index fabb4fa..37aaea0 100644 return 0; } diff --git a/net/phonet/af_phonet.c b/net/phonet/af_phonet.c -index c6fffd9..a7ffa0c 100644 +index bf10ea8..aeb4c3e 100644 --- a/net/phonet/af_phonet.c +++ b/net/phonet/af_phonet.c @@ -41,7 +41,7 @@ static struct phonet_protocol *phonet_proto_get(unsigned int protocol) @@ -77989,10 +74214,10 @@ index c6fffd9..a7ffa0c 100644 err = proto_register(pp->prot, 1); diff --git a/net/phonet/pep.c b/net/phonet/pep.c -index f17fd84..edffce8 100644 +index 2ba6e9f..409573f 100644 --- a/net/phonet/pep.c +++ b/net/phonet/pep.c -@@ -387,7 +387,7 @@ static int pipe_do_rcv(struct sock *sk, struct sk_buff *skb) +@@ -388,7 +388,7 @@ static int pipe_do_rcv(struct sock *sk, struct sk_buff *skb) case PNS_PEP_CTRL_REQ: if (skb_queue_len(&pn->ctrlreq_queue) >= PNPIPE_CTRLREQ_MAX) { @@ -78001,7 +74226,7 @@ index f17fd84..edffce8 100644 break; } __skb_pull(skb, 4); -@@ -408,7 +408,7 @@ static int pipe_do_rcv(struct sock *sk, struct sk_buff *skb) +@@ -409,7 +409,7 @@ static int pipe_do_rcv(struct sock *sk, struct sk_buff *skb) } if (pn->rx_credits == 0) { @@ -78010,7 +74235,7 @@ index f17fd84..edffce8 100644 err = -ENOBUFS; break; } -@@ -556,7 +556,7 @@ static int pipe_handler_do_rcv(struct sock *sk, struct sk_buff *skb) +@@ -557,7 +557,7 @@ static int pipe_handler_do_rcv(struct sock *sk, struct sk_buff *skb) } if (pn->rx_credits == 0) { @@ -78020,10 +74245,10 @@ index f17fd84..edffce8 100644 break; } diff --git a/net/phonet/socket.c b/net/phonet/socket.c -index ab07711..9d4ac5d 100644 +index 3f8d0b1..74635e0 100644 --- a/net/phonet/socket.c +++ b/net/phonet/socket.c -@@ -612,8 +612,13 @@ static int pn_sock_seq_show(struct seq_file *seq, void *v) +@@ -613,8 +613,13 @@ static int pn_sock_seq_show(struct seq_file *seq, void *v) pn->resource, sk->sk_state, sk_wmem_alloc_get(sk), sk_rmem_alloc_get(sk), sock_i_uid(sk), sock_i_ino(sk), @@ -78040,10 +74265,10 @@ index ab07711..9d4ac5d 100644 seq_printf(seq, "%*s\n", 127 - len, ""); return 0; diff --git a/net/rds/cong.c b/net/rds/cong.c -index 6daaa49..fbf6af5 100644 +index e5b65ac..f3b6fb7 100644 --- a/net/rds/cong.c +++ b/net/rds/cong.c -@@ -77,7 +77,7 @@ +@@ -78,7 +78,7 @@ * finds that the saved generation number is smaller than the global generation * number, it wakes up the process. */ @@ -78052,7 +74277,7 @@ index 6daaa49..fbf6af5 100644 /* * Congestion monitoring -@@ -232,7 +232,7 @@ void rds_cong_map_updated(struct rds_cong_map *map, uint64_t portmask) +@@ -233,7 +233,7 @@ void rds_cong_map_updated(struct rds_cong_map *map, uint64_t portmask) rdsdebug("waking map %p for %pI4\n", map, &map->m_addr); rds_stats_inc(s_cong_update_received); @@ -78061,7 +74286,7 @@ index 6daaa49..fbf6af5 100644 if (waitqueue_active(&map->m_waitq)) wake_up(&map->m_waitq); if (waitqueue_active(&rds_poll_waitq)) -@@ -258,7 +258,7 @@ EXPORT_SYMBOL_GPL(rds_cong_map_updated); +@@ -259,7 +259,7 @@ EXPORT_SYMBOL_GPL(rds_cong_map_updated); int rds_cong_updated_since(unsigned long *recent) { @@ -78084,10 +74309,10 @@ index edfaaaf..8c89879 100644 spinlock_t i_ack_lock; /* protect i_ack_next */ u64 i_ack_next; /* next ACK to send */ diff --git a/net/rds/ib_cm.c b/net/rds/ib_cm.c -index cd67026..0b9a54a 100644 +index 51c8689..36c555f 100644 --- a/net/rds/ib_cm.c +++ b/net/rds/ib_cm.c -@@ -720,7 +720,7 @@ void rds_ib_conn_shutdown(struct rds_connection *conn) +@@ -718,7 +718,7 @@ void rds_ib_conn_shutdown(struct rds_connection *conn) /* Clear the ACK state */ clear_bit(IB_ACK_IN_FLIGHT, &ic->i_ack_flags); #ifdef KERNEL_HAS_ATOMIC64 @@ -78144,19 +74369,6 @@ index 9556d28..f046d0e 100644 #else ic->i_ack_next = 0; #endif -diff --git a/net/rds/iw_rdma.c b/net/rds/iw_rdma.c -index 4e1de17..d121708 100644 ---- a/net/rds/iw_rdma.c -+++ b/net/rds/iw_rdma.c -@@ -184,6 +184,8 @@ int rds_iw_update_cm_id(struct rds_iw_device *rds_iwdev, struct rdma_cm_id *cm_i - struct rdma_cm_id *pcm_id; - int rc; - -+ pax_track_stack(); -+ - src_addr = (struct sockaddr_in *)&cm_id->route.addr.src_addr; - dst_addr = (struct sockaddr_in *)&cm_id->route.addr.dst_addr; - diff --git a/net/rds/iw_recv.c b/net/rds/iw_recv.c index 5e57347..3916042 100644 --- a/net/rds/iw_recv.c @@ -78180,10 +74392,10 @@ index 5e57347..3916042 100644 #endif diff --git a/net/rds/tcp.c b/net/rds/tcp.c -index 8e0a320..ee8e38f 100644 +index edac9ef..16bcb98 100644 --- a/net/rds/tcp.c +++ b/net/rds/tcp.c -@@ -58,7 +58,7 @@ void rds_tcp_nonagle(struct socket *sock) +@@ -59,7 +59,7 @@ void rds_tcp_nonagle(struct socket *sock) int val = 1; set_fs(KERNEL_DS); @@ -78219,7 +74431,7 @@ index 74c064c..fdec26f 100644 /* count of skbs currently in use */ atomic_t rxrpc_n_skbs; diff --git a/net/rxrpc/ar-ack.c b/net/rxrpc/ar-ack.c -index f99cfce..3682692 100644 +index f99cfce..cc529dd 100644 --- a/net/rxrpc/ar-ack.c +++ b/net/rxrpc/ar-ack.c @@ -175,7 +175,7 @@ static void rxrpc_resend(struct rxrpc_call *call) @@ -78258,16 +74470,7 @@ index f99cfce..3682692 100644 _proto("Rx ACK %%%u { m=%hu f=#%u p=#%u s=%%%u r=%s n=%u }", latest, -@@ -842,6 +842,8 @@ void rxrpc_process_call(struct work_struct *work) - u32 abort_code = RX_PROTOCOL_ERROR; - u8 *acks = NULL; - -+ pax_track_stack(); -+ - //printk("\n--------------------\n"); - _enter("{%d,%s,%lx} [%lu]", - call->debug_id, rxrpc_call_states[call->state], call->events, -@@ -1161,7 +1163,7 @@ void rxrpc_process_call(struct work_struct *work) +@@ -1161,7 +1161,7 @@ void rxrpc_process_call(struct work_struct *work) goto maybe_reschedule; send_ACK_with_skew: @@ -78276,7 +74479,7 @@ index f99cfce..3682692 100644 ntohl(ack.serial)); send_ACK: mtu = call->conn->trans->peer->if_mtu; -@@ -1173,7 +1175,7 @@ send_ACK: +@@ -1173,7 +1173,7 @@ send_ACK: ackinfo.rxMTU = htonl(5692); ackinfo.jumbo_max = htonl(4); @@ -78285,7 +74488,7 @@ index f99cfce..3682692 100644 _proto("Tx ACK %%%u { m=%hu f=#%u p=#%u s=%%%u r=%s n=%u }", ntohl(hdr.serial), ntohs(ack.maxSkew), -@@ -1191,7 +1193,7 @@ send_ACK: +@@ -1191,7 +1191,7 @@ send_ACK: send_message: _debug("send message"); @@ -78396,10 +74599,10 @@ index 87f7135..74d3703 100644 } diff --git a/net/rxrpc/ar-output.c b/net/rxrpc/ar-output.c -index 5f22e26..e5bd20f 100644 +index 338d793..47391d0 100644 --- a/net/rxrpc/ar-output.c +++ b/net/rxrpc/ar-output.c -@@ -681,9 +681,9 @@ static int rxrpc_send_data(struct kiocb *iocb, +@@ -682,9 +682,9 @@ static int rxrpc_send_data(struct kiocb *iocb, sp->hdr.cid = call->cid; sp->hdr.callNumber = call->call_id; sp->hdr.seq = @@ -78453,28 +74656,10 @@ index 92df566..87ec1bf 100644 if (peer->srx.transport.family == AF_INET) { switch (peer->srx.transport_type) { diff --git a/net/rxrpc/rxkad.c b/net/rxrpc/rxkad.c -index 7635107..5000b71 100644 +index 7635107..4670276 100644 --- a/net/rxrpc/rxkad.c +++ b/net/rxrpc/rxkad.c -@@ -211,6 +211,8 @@ static int rxkad_secure_packet_encrypt(const struct rxrpc_call *call, - u16 check; - int nsg; - -+ pax_track_stack(); -+ - sp = rxrpc_skb(skb); - - _enter(""); -@@ -338,6 +340,8 @@ static int rxkad_verify_packet_auth(const struct rxrpc_call *call, - u16 check; - int nsg; - -+ pax_track_stack(); -+ - _enter(""); - - sp = rxrpc_skb(skb); -@@ -610,7 +614,7 @@ static int rxkad_issue_challenge(struct rxrpc_connection *conn) +@@ -610,7 +610,7 @@ static int rxkad_issue_challenge(struct rxrpc_connection *conn) len = iov[0].iov_len + iov[1].iov_len; @@ -78483,7 +74668,7 @@ index 7635107..5000b71 100644 _proto("Tx CHALLENGE %%%u", ntohl(hdr.serial)); ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 2, len); -@@ -660,7 +664,7 @@ static int rxkad_send_response(struct rxrpc_connection *conn, +@@ -660,7 +660,7 @@ static int rxkad_send_response(struct rxrpc_connection *conn, len = iov[0].iov_len + iov[1].iov_len + iov[2].iov_len; @@ -78492,24 +74677,11 @@ index 7635107..5000b71 100644 _proto("Tx RESPONSE %%%u", ntohl(hdr->serial)); ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 3, len); -diff --git a/net/sctp/auth.c b/net/sctp/auth.c -index 865e68f..bf81204 100644 ---- a/net/sctp/auth.c -+++ b/net/sctp/auth.c -@@ -82,7 +82,7 @@ static struct sctp_auth_bytes *sctp_auth_create_key(__u32 key_len, gfp_t gfp) - struct sctp_auth_bytes *key; - - /* Verify that we are not going to overflow INT_MAX */ -- if ((INT_MAX - key_len) < sizeof(struct sctp_auth_bytes)) -+ if (key_len > (INT_MAX - sizeof(struct sctp_auth_bytes))) - return NULL; - - /* Allocate the shared key */ diff --git a/net/sctp/proc.c b/net/sctp/proc.c -index 05a6ce2..c8bf836 100644 +index 1e2eee8..ce3967e 100644 --- a/net/sctp/proc.c +++ b/net/sctp/proc.c -@@ -318,7 +318,8 @@ static int sctp_assocs_seq_show(struct seq_file *seq, void *v) +@@ -319,7 +319,8 @@ static int sctp_assocs_seq_show(struct seq_file *seq, void *v) seq_printf(seq, "%8pK %8pK %-3d %-3d %-2d %-4d " "%4d %8d %8d %7d %5lu %-5d %5d ", @@ -78520,10 +74692,10 @@ index 05a6ce2..c8bf836 100644 assoc->assoc_id, assoc->sndbuf_used, diff --git a/net/sctp/socket.c b/net/sctp/socket.c -index 4760f4e..e44d3fb 100644 +index 54a7cd2..944edae 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c -@@ -4573,7 +4573,7 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len, +@@ -4574,7 +4574,7 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len, addrlen = sctp_get_af_specific(temp.sa.sa_family)->sockaddr_len; if (space_left < addrlen) return -ENOMEM; @@ -78533,7 +74705,7 @@ index 4760f4e..e44d3fb 100644 to += addrlen; cnt++; diff --git a/net/socket.c b/net/socket.c -index ffe92ca..8057b85 100644 +index 2877647..08e2fde 100644 --- a/net/socket.c +++ b/net/socket.c @@ -88,6 +88,7 @@ @@ -78686,16 +74858,7 @@ index ffe92ca..8057b85 100644 err = security_socket_connect(sock, (struct sockaddr *)&address, addrlen); if (err) -@@ -1890,6 +1950,8 @@ static int __sys_sendmsg(struct socket *sock, struct msghdr __user *msg, - unsigned char *ctl_buf = ctl; - int err, ctl_len, iov_size, total_len; - -+ pax_track_stack(); -+ - err = -EFAULT; - if (MSG_CMSG_COMPAT & flags) { - if (get_compat_msghdr(msg_sys, msg_compat)) -@@ -1950,7 +2012,7 @@ static int __sys_sendmsg(struct socket *sock, struct msghdr __user *msg, +@@ -1950,7 +2010,7 @@ static int __sys_sendmsg(struct socket *sock, struct msghdr __user *msg, * checking falls down on this. */ if (copy_from_user(ctl_buf, @@ -78704,7 +74867,7 @@ index ffe92ca..8057b85 100644 ctl_len)) goto out_freectl; msg_sys->msg_control = ctl_buf; -@@ -2120,7 +2182,7 @@ static int __sys_recvmsg(struct socket *sock, struct msghdr __user *msg, +@@ -2120,7 +2180,7 @@ static int __sys_recvmsg(struct socket *sock, struct msghdr __user *msg, * kernel msghdr to use the kernel address space) */ @@ -78713,7 +74876,7 @@ index ffe92ca..8057b85 100644 uaddr_len = COMPAT_NAMELEN(msg); if (MSG_CMSG_COMPAT & flags) { err = verify_compat_iovec(msg_sys, iov, -@@ -2748,7 +2810,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) +@@ -2748,7 +2808,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) } ifr = compat_alloc_user_space(buf_size); @@ -78722,7 +74885,7 @@ index ffe92ca..8057b85 100644 if (copy_in_user(&ifr->ifr_name, &ifr32->ifr_name, IFNAMSIZ)) return -EFAULT; -@@ -2772,12 +2834,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) +@@ -2772,12 +2832,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) offsetof(struct ethtool_rxnfc, fs.ring_cookie)); if (copy_in_user(rxnfc, compat_rxnfc, @@ -78739,7 +74902,7 @@ index ffe92ca..8057b85 100644 copy_in_user(&rxnfc->rule_cnt, &compat_rxnfc->rule_cnt, sizeof(rxnfc->rule_cnt))) return -EFAULT; -@@ -2789,12 +2851,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) +@@ -2789,12 +2849,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) if (convert_out) { if (copy_in_user(compat_rxnfc, rxnfc, @@ -78756,7 +74919,7 @@ index ffe92ca..8057b85 100644 copy_in_user(&compat_rxnfc->rule_cnt, &rxnfc->rule_cnt, sizeof(rxnfc->rule_cnt))) return -EFAULT; -@@ -2864,7 +2926,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd, +@@ -2864,7 +2924,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd, old_fs = get_fs(); set_fs(KERNEL_DS); err = dev_ioctl(net, cmd, @@ -78765,7 +74928,7 @@ index ffe92ca..8057b85 100644 set_fs(old_fs); return err; -@@ -2973,7 +3035,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, +@@ -2973,7 +3033,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, old_fs = get_fs(); set_fs(KERNEL_DS); @@ -78774,7 +74937,7 @@ index ffe92ca..8057b85 100644 set_fs(old_fs); if (cmd == SIOCGIFMAP && !err) { -@@ -3078,7 +3140,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, +@@ -3078,7 +3138,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, ret |= __get_user(rtdev, &(ur4->rt_dev)); if (rtdev) { ret |= copy_from_user(devname, compat_ptr(rtdev), 15); @@ -78783,7 +74946,7 @@ index ffe92ca..8057b85 100644 devname[15] = 0; } else r4.rt_dev = NULL; -@@ -3318,8 +3380,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, +@@ -3318,8 +3378,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, int __user *uoptlen; int err; @@ -78794,7 +74957,7 @@ index ffe92ca..8057b85 100644 set_fs(KERNEL_DS); if (level == SOL_SOCKET) -@@ -3339,7 +3401,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, +@@ -3339,7 +3399,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, char __user *uoptval; int err; @@ -78804,7 +74967,7 @@ index ffe92ca..8057b85 100644 set_fs(KERNEL_DS); if (level == SOL_SOCKET) diff --git a/net/sunrpc/sched.c b/net/sunrpc/sched.c -index d12ffa5..0b5a6e2 100644 +index 00a1a2a..6a0138a 100644 --- a/net/sunrpc/sched.c +++ b/net/sunrpc/sched.c @@ -238,9 +238,9 @@ static int rpc_wait_bit_killable(void *word) @@ -78820,10 +74983,10 @@ index d12ffa5..0b5a6e2 100644 #else static inline void rpc_task_set_debuginfo(struct rpc_task *task) diff --git a/net/sunrpc/svcsock.c b/net/sunrpc/svcsock.c -index 767d494..fe17e9d 100644 +index 71bed1c..5dff36d 100644 --- a/net/sunrpc/svcsock.c +++ b/net/sunrpc/svcsock.c -@@ -394,7 +394,7 @@ static int svc_partial_recvfrom(struct svc_rqst *rqstp, +@@ -396,7 +396,7 @@ static int svc_partial_recvfrom(struct svc_rqst *rqstp, int buflen, unsigned int base) { size_t save_iovlen; @@ -78988,10 +75151,10 @@ index 249a835..fb2794b 100644 goto err; return 0; diff --git a/net/sunrpc/xprtrdma/svc_rdma_transport.c b/net/sunrpc/xprtrdma/svc_rdma_transport.c -index a385430..32254ea 100644 +index ba1296d..0fec1a5 100644 --- a/net/sunrpc/xprtrdma/svc_rdma_transport.c +++ b/net/sunrpc/xprtrdma/svc_rdma_transport.c -@@ -299,7 +299,7 @@ static void rq_cq_reap(struct svcxprt_rdma *xprt) +@@ -300,7 +300,7 @@ static void rq_cq_reap(struct svcxprt_rdma *xprt) return; ib_req_notify_cq(xprt->sc_rq_cq, IB_CQ_NEXT_COMP); @@ -79000,7 +75163,7 @@ index a385430..32254ea 100644 while ((ret = ib_poll_cq(xprt->sc_rq_cq, 1, &wc)) > 0) { ctxt = (struct svc_rdma_op_ctxt *)(unsigned long)wc.wr_id; -@@ -321,7 +321,7 @@ static void rq_cq_reap(struct svcxprt_rdma *xprt) +@@ -322,7 +322,7 @@ static void rq_cq_reap(struct svcxprt_rdma *xprt) } if (ctxt) @@ -79009,7 +75172,7 @@ index a385430..32254ea 100644 set_bit(XPT_DATA, &xprt->sc_xprt.xpt_flags); /* -@@ -393,7 +393,7 @@ static void sq_cq_reap(struct svcxprt_rdma *xprt) +@@ -394,7 +394,7 @@ static void sq_cq_reap(struct svcxprt_rdma *xprt) return; ib_req_notify_cq(xprt->sc_sq_cq, IB_CQ_NEXT_COMP); @@ -79018,7 +75181,7 @@ index a385430..32254ea 100644 while ((ret = ib_poll_cq(cq, 1, &wc)) > 0) { if (wc.status != IB_WC_SUCCESS) /* Close the transport */ -@@ -411,7 +411,7 @@ static void sq_cq_reap(struct svcxprt_rdma *xprt) +@@ -412,7 +412,7 @@ static void sq_cq_reap(struct svcxprt_rdma *xprt) } if (ctxt) @@ -79027,7 +75190,7 @@ index a385430..32254ea 100644 } static void sq_comp_handler(struct ib_cq *cq, void *cq_context) -@@ -1273,7 +1273,7 @@ int svc_rdma_send(struct svcxprt_rdma *xprt, struct ib_send_wr *wr) +@@ -1274,7 +1274,7 @@ int svc_rdma_send(struct svcxprt_rdma *xprt, struct ib_send_wr *wr) spin_lock_bh(&xprt->sc_lock); if (xprt->sc_sq_depth < atomic_read(&xprt->sc_sq_count) + wr_count) { spin_unlock_bh(&xprt->sc_lock); @@ -79037,10 +75200,10 @@ index a385430..32254ea 100644 /* See if we can opportunistically reap SQ WR to make room */ sq_cq_reap(xprt); diff --git a/net/sysctl_net.c b/net/sysctl_net.c -index ca84212..3aa338f 100644 +index e758139..d29ea47 100644 --- a/net/sysctl_net.c +++ b/net/sysctl_net.c -@@ -46,7 +46,7 @@ static int net_ctl_permissions(struct ctl_table_root *root, +@@ -47,7 +47,7 @@ static int net_ctl_permissions(struct ctl_table_root *root, struct ctl_table *table) { /* Allow network administrator to have same access as root. */ @@ -79050,10 +75213,10 @@ index ca84212..3aa338f 100644 return (mode << 6) | (mode << 3) | mode; } diff --git a/net/tipc/link.c b/net/tipc/link.c -index f89570c..016cf63 100644 +index ae98a72..7bb6056 100644 --- a/net/tipc/link.c +++ b/net/tipc/link.c -@@ -1170,7 +1170,7 @@ static int link_send_sections_long(struct tipc_port *sender, +@@ -1203,7 +1203,7 @@ static int link_send_sections_long(struct tipc_port *sender, struct tipc_msg fragm_hdr; struct sk_buff *buf, *buf_chain, *prev; u32 fragm_crs, fragm_rest, hsz, sect_rest; @@ -79062,7 +75225,7 @@ index f89570c..016cf63 100644 int curr_sect; u32 fragm_no; -@@ -1214,7 +1214,7 @@ again: +@@ -1247,7 +1247,7 @@ again: if (!sect_rest) { sect_rest = msg_sect[++curr_sect].iov_len; @@ -79071,7 +75234,7 @@ index f89570c..016cf63 100644 } if (sect_rest < fragm_rest) -@@ -1233,7 +1233,7 @@ error: +@@ -1266,7 +1266,7 @@ error: } } else skb_copy_to_linear_data_offset(buf, fragm_crs, @@ -79094,7 +75257,7 @@ index 83d5096..dcba497 100644 pos += msg_sect[cnt].iov_len; } diff --git a/net/tipc/subscr.c b/net/tipc/subscr.c -index 6cf7268..7a488ce 100644 +index 1983717..4d6102c 100644 --- a/net/tipc/subscr.c +++ b/net/tipc/subscr.c @@ -101,7 +101,7 @@ static void subscr_send_event(struct subscription *sub, @@ -79107,7 +75270,7 @@ index 6cf7268..7a488ce 100644 sub->evt.event = htohl(event, sub->swap); diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c -index ec68e1c..fdd792f 100644 +index b595a3d..b1cd354 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c @@ -767,6 +767,12 @@ static struct sock *unix_find_other(struct net *net, @@ -79157,7 +75320,7 @@ index ec68e1c..fdd792f 100644 dput(path.dentry); path.dentry = dentry; diff --git a/net/wireless/core.h b/net/wireless/core.h -index 8672e02..48782dd 100644 +index b9ec306..b4a563e 100644 --- a/net/wireless/core.h +++ b/net/wireless/core.h @@ -27,7 +27,7 @@ struct cfg80211_registered_device { @@ -79170,10 +75333,10 @@ index 8672e02..48782dd 100644 struct work_struct rfkill_sync; diff --git a/net/wireless/wext-core.c b/net/wireless/wext-core.c -index fdbc23c..212d53e 100644 +index 0af7f54..c916d2f 100644 --- a/net/wireless/wext-core.c +++ b/net/wireless/wext-core.c -@@ -746,8 +746,7 @@ static int ioctl_standard_iw_point(struct iw_point *iwp, unsigned int cmd, +@@ -747,8 +747,7 @@ static int ioctl_standard_iw_point(struct iw_point *iwp, unsigned int cmd, */ /* Support for very large requests */ @@ -79183,7 +75346,7 @@ index fdbc23c..212d53e 100644 /* Allow userspace to GET more than max so * we can support any size GET requests. * There is still a limit : -ENOMEM. -@@ -784,22 +783,6 @@ static int ioctl_standard_iw_point(struct iw_point *iwp, unsigned int cmd, +@@ -785,22 +784,6 @@ static int ioctl_standard_iw_point(struct iw_point *iwp, unsigned int cmd, } } @@ -79207,7 +75370,7 @@ index fdbc23c..212d53e 100644 iwp->length += essid_compat; diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c -index 7e088c0..dd3f206 100644 +index 9049a5c..cfa6f5c 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -299,7 +299,7 @@ static void xfrm_policy_kill(struct xfrm_policy *policy) @@ -79273,7 +75436,7 @@ index 7e088c0..dd3f206 100644 return 0; mtu = dst_mtu(dst->child); -@@ -2880,7 +2880,7 @@ static int xfrm_policy_migrate(struct xfrm_policy *pol, +@@ -2882,7 +2882,7 @@ static int xfrm_policy_migrate(struct xfrm_policy *pol, sizeof(pol->xfrm_vec[i].saddr)); pol->xfrm_vec[i].encap_family = mp->new_family; /* flush bundles */ @@ -79282,30 +75445,8 @@ index 7e088c0..dd3f206 100644 } } -diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c -index 0256b8a..9341ef6 100644 ---- a/net/xfrm/xfrm_user.c -+++ b/net/xfrm/xfrm_user.c -@@ -1394,6 +1394,8 @@ static int copy_to_user_tmpl(struct xfrm_policy *xp, struct sk_buff *skb) - struct xfrm_user_tmpl vec[XFRM_MAX_DEPTH]; - int i; - -+ pax_track_stack(); -+ - if (xp->xfrm_nr == 0) - return 0; - -@@ -2062,6 +2064,8 @@ static int xfrm_do_migrate(struct sk_buff *skb, struct nlmsghdr *nlh, - int err; - int n = 0; - -+ pax_track_stack(); -+ - if (attrs[XFRMA_MIGRATE] == NULL) - return -EINVAL; - diff --git a/scripts/Makefile.build b/scripts/Makefile.build -index a0fd502..a8e6e83 100644 +index d2b366c..51ff91e 100644 --- a/scripts/Makefile.build +++ b/scripts/Makefile.build @@ -109,7 +109,7 @@ endif @@ -79352,7 +75493,7 @@ index 1ac414f..a1c1451 100644 host-cobjs := $(filter-out %.so,$(host-cobjs)) diff --git a/scripts/basic/fixdep.c b/scripts/basic/fixdep.c -index 291228e..6c55203 100644 +index cb1f50c..cef2a7c 100644 --- a/scripts/basic/fixdep.c +++ b/scripts/basic/fixdep.c @@ -161,7 +161,7 @@ static unsigned int strhash(const char *str, unsigned int sz) @@ -79389,7 +75530,7 @@ index 291228e..6c55203 100644 const char *p, *q; for (; m < end; m++) { -@@ -405,7 +405,7 @@ static void print_deps(void) +@@ -406,7 +406,7 @@ static void print_deps(void) static void traps(void) { static char test[] __attribute__((aligned(sizeof(int)))) = "CONF"; @@ -79407,7 +75548,7 @@ index 0000000..8729101 +#!/bin/sh +echo -e "#include \"gcc-plugin.h\"\n#include \"tree.h\"\n#include \"tm.h\"\n#include \"rtl.h\"" | $1 -x c -shared - -o /dev/null -I`$2 -print-file-name=plugin`/include >/dev/null 2>&1 && echo "y" diff --git a/scripts/mod/file2alias.c b/scripts/mod/file2alias.c -index e26e2fb..f84937b 100644 +index f936d1f..a66d95f 100644 --- a/scripts/mod/file2alias.c +++ b/scripts/mod/file2alias.c @@ -72,7 +72,7 @@ static void device_id_check(const char *modname, const char *device_id, @@ -79464,7 +75605,7 @@ index e26e2fb..f84937b 100644 buf_printf(&mod->dev_table_buf, "MODULE_ALIAS(\"pnp:d%s*\");\n", id); -@@ -786,7 +786,7 @@ static void dmi_ascii_filter(char *d, const char *s) +@@ -807,7 +807,7 @@ static void dmi_ascii_filter(char *d, const char *s) static int do_dmi_entry(const char *filename, struct dmi_system_id *id, char *alias) { @@ -79474,7 +75615,7 @@ index e26e2fb..f84937b 100644 sprintf(alias, "dmi*"); diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c -index a509ff8..5822633 100644 +index 2bd594e..d43245e 100644 --- a/scripts/mod/modpost.c +++ b/scripts/mod/modpost.c @@ -919,6 +919,7 @@ enum mismatch { @@ -79544,7 +75685,7 @@ index a509ff8..5822633 100644 { if (buf->size - buf->pos < len) { buf->size += len + SZ; -@@ -1966,7 +1981,7 @@ static void write_if_changed(struct buffer *b, const char *fname) +@@ -1972,7 +1987,7 @@ static void write_if_changed(struct buffer *b, const char *fname) if (fstat(fileno(file), &st) < 0) goto close_write; @@ -79620,7 +75761,7 @@ index 5c11312..72742b5 100644 write_hex_cnt = 0; for (i = 0; i < logo_clutsize; i++) { diff --git a/security/Kconfig b/security/Kconfig -index e0f08b5..649220f 100644 +index 51bd5a0..8465ae6 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -4,6 +4,626 @@ @@ -80250,7 +76391,7 @@ index e0f08b5..649220f 100644 config KEYS bool "Enable access key retention support" help -@@ -167,7 +787,7 @@ config INTEL_TXT +@@ -169,7 +789,7 @@ config INTEL_TXT config LSM_MMAP_MIN_ADDR int "Low address space for LSM to protect from user allocation" depends on SECURITY && SECURITY_SELINUX @@ -80273,7 +76414,7 @@ index 3783202..1852837 100644 .ptrace_access_check = apparmor_ptrace_access_check, diff --git a/security/commoncap.c b/security/commoncap.c -index a93b3b7..4410df9 100644 +index ee4f848..a320c64 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -28,6 +28,7 @@ @@ -80293,7 +76434,7 @@ index a93b3b7..4410df9 100644 return -EPERM; return 0; } -@@ -575,6 +576,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm) +@@ -579,6 +580,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm) { const struct cred *cred = current_cred(); @@ -80304,10 +76445,10 @@ index a93b3b7..4410df9 100644 if (bprm->cap_effective) return 1; diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h -index 08408bd..67e6e78 100644 +index 3ccf7ac..d73ad64 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h -@@ -85,8 +85,8 @@ void ima_add_violation(struct inode *inode, const unsigned char *filename, +@@ -86,8 +86,8 @@ void ima_add_violation(struct inode *inode, const unsigned char *filename, extern spinlock_t ima_queue_lock; struct ima_h_table { @@ -80319,7 +76460,7 @@ index 08408bd..67e6e78 100644 }; extern struct ima_h_table ima_htable; diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c -index 5335605..abcd9b7 100644 +index 0d50df0..e94dd2a 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -75,7 +75,7 @@ void ima_add_violation(struct inode *inode, const unsigned char *filename, @@ -80351,7 +76492,7 @@ index c5c5a72..2ad942f 100644 audit_log_end(ab); } diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c -index ef21b96..d53e674 100644 +index e1aa2b4..52027bf 100644 --- a/security/integrity/ima/ima_fs.c +++ b/security/integrity/ima/ima_fs.c @@ -28,12 +28,12 @@ @@ -80370,10 +76511,10 @@ index ef21b96..d53e674 100644 } diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c -index 55a6271..ad829c3 100644 +index 8e28f04..d5951b1 100644 --- a/security/integrity/ima/ima_queue.c +++ b/security/integrity/ima/ima_queue.c -@@ -81,7 +81,7 @@ static int ima_add_digest_entry(struct ima_template_entry *entry) +@@ -79,7 +79,7 @@ static int ima_add_digest_entry(struct ima_template_entry *entry) INIT_LIST_HEAD(&qe->later); list_add_tail_rcu(&qe->later, &ima_measurements); @@ -80383,7 +76524,7 @@ index 55a6271..ad829c3 100644 hlist_add_head_rcu(&qe->hnext, &ima_htable.queue[key]); return 0; diff --git a/security/keys/compat.c b/security/keys/compat.c -index 338b510..a235861 100644 +index 4c48e13..7abdac9 100644 --- a/security/keys/compat.c +++ b/security/keys/compat.c @@ -44,7 +44,7 @@ long compat_keyctl_instantiate_key_iov( @@ -80396,7 +76537,7 @@ index 338b510..a235861 100644 if (iov != iovstack) kfree(iov); diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c -index eca5191..da9c7f0 100644 +index 0b3f5d7..892c8a6 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c @@ -921,7 +921,7 @@ static int keyctl_change_reqkey_auth(struct key *key) @@ -80436,7 +76577,7 @@ index eca5191..da9c7f0 100644 if (iov != iovstack) kfree(iov); diff --git a/security/keys/keyring.c b/security/keys/keyring.c -index 30e242f..ec111ab 100644 +index 37a7f3b..86dc19f 100644 --- a/security/keys/keyring.c +++ b/security/keys/keyring.c @@ -214,15 +214,15 @@ static long keyring_read(const struct key *keyring, @@ -80527,12 +76668,12 @@ index f728728..6457a0c 100644 /* diff --git a/security/security.c b/security/security.c -index d9e1533..91427f2 100644 +index e2f684a..8d62ef5 100644 --- a/security/security.c +++ b/security/security.c -@@ -25,8 +25,8 @@ static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] = - /* things that live in capability.c */ - extern void __init security_fixup_ops(struct security_operations *ops); +@@ -26,8 +26,8 @@ + static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] = + CONFIG_DEFAULT_SECURITY; -static struct security_operations *security_ops; -static struct security_operations default_security_ops = { @@ -80541,7 +76682,7 @@ index d9e1533..91427f2 100644 .name = "default", }; -@@ -67,7 +67,9 @@ int __init security_init(void) +@@ -68,7 +68,9 @@ int __init security_init(void) void reset_security_ops(void) { @@ -80552,18 +76693,19 @@ index d9e1533..91427f2 100644 /* Save user chosen LSM */ diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c -index 266a229..61bd553 100644 +index 1126c10..effb32b 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c -@@ -93,7 +93,6 @@ +@@ -94,8 +94,6 @@ + #define NUM_SEL_MNT_OPTS 5 - extern int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm); -extern struct security_operations *security_ops; - +- /* SECMARK reference count */ - atomic_t selinux_secmark_refcount = ATOMIC_INIT(0); -@@ -5455,7 +5454,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer) + static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0); + +@@ -5449,7 +5447,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer) #endif @@ -80585,24 +76727,11 @@ index b43813c..74be837 100644 } #else static inline int selinux_xfrm_enabled(void) -diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c -index f6917bc..8e8713e 100644 ---- a/security/selinux/ss/services.c -+++ b/security/selinux/ss/services.c -@@ -1814,6 +1814,8 @@ int security_load_policy(void *data, size_t len) - int rc = 0; - struct policy_file file = { data, len }, *fp = &file; - -+ pax_track_stack(); -+ - if (!ss_initialized) { - avtab_cache_init(); - rc = policydb_read(&policydb, fp); diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c -index b9c5e14..20ab779 100644 +index 7db62b4..ee4d949 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c -@@ -3393,7 +3393,7 @@ static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) +@@ -3481,7 +3481,7 @@ static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) return 0; } @@ -80612,10 +76741,10 @@ index b9c5e14..20ab779 100644 .ptrace_access_check = smack_ptrace_access_check, diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c -index f776400..f95b158c 100644 +index 4b327b6..646c57a 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c -@@ -446,7 +446,7 @@ static int tomoyo_sb_pivotroot(struct path *old_path, struct path *new_path) +@@ -504,7 +504,7 @@ static int tomoyo_socket_sendmsg(struct socket *sock, struct msghdr *msg, * tomoyo_security_ops is a "struct security_operations" which is used for * registering TOMOYO. */ @@ -80625,7 +76754,7 @@ index f776400..f95b158c 100644 .cred_alloc_blank = tomoyo_cred_alloc_blank, .cred_prepare = tomoyo_cred_prepare, diff --git a/sound/aoa/codecs/onyx.c b/sound/aoa/codecs/onyx.c -index 3687a6c..652565e 100644 +index 762af68..7103453 100644 --- a/sound/aoa/codecs/onyx.c +++ b/sound/aoa/codecs/onyx.c @@ -54,7 +54,7 @@ struct onyx { @@ -80669,7 +76798,7 @@ index ffd2025..df062c9 100644 /* PCM3052 register definitions */ diff --git a/sound/core/oss/pcm_oss.c b/sound/core/oss/pcm_oss.c -index 23c34a0..a2673a5 100644 +index 3cc4b86..af0a951 100644 --- a/sound/core/oss/pcm_oss.c +++ b/sound/core/oss/pcm_oss.c @@ -1189,10 +1189,10 @@ snd_pcm_sframes_t snd_pcm_oss_write3(struct snd_pcm_substream *substream, const @@ -80757,10 +76886,10 @@ index 91cdf94..4085161 100644 if (err < 0) return err; diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c -index 1c6be91..c761a59 100644 +index 25ed9fe..24c46e9 100644 --- a/sound/core/pcm_native.c +++ b/sound/core/pcm_native.c -@@ -2770,11 +2770,11 @@ int snd_pcm_kernel_ioctl(struct snd_pcm_substream *substream, +@@ -2765,11 +2765,11 @@ int snd_pcm_kernel_ioctl(struct snd_pcm_substream *substream, switch (substream->stream) { case SNDRV_PCM_STREAM_PLAYBACK: result = snd_pcm_playback_ioctl1(NULL, substream, cmd, @@ -80775,10 +76904,10 @@ index 1c6be91..c761a59 100644 default: result = -EINVAL; diff --git a/sound/core/seq/seq_device.c b/sound/core/seq/seq_device.c -index 1f99767..14636533 100644 +index 5cf8d65..912a79c 100644 --- a/sound/core/seq/seq_device.c +++ b/sound/core/seq/seq_device.c -@@ -63,7 +63,7 @@ struct ops_list { +@@ -64,7 +64,7 @@ struct ops_list { int argsize; /* argument size */ /* operators */ @@ -80787,7 +76916,7 @@ index 1f99767..14636533 100644 /* registred devices */ struct list_head dev_list; /* list of devices */ -@@ -332,7 +332,7 @@ int snd_seq_device_register_driver(char *id, struct snd_seq_dev_ops *entry, +@@ -333,7 +333,7 @@ int snd_seq_device_register_driver(char *id, struct snd_seq_dev_ops *entry, mutex_lock(&ops->reg_mutex); /* copy driver operators */ @@ -80796,7 +76925,7 @@ index 1f99767..14636533 100644 ops->driver |= DRIVER_LOADED; ops->argsize = argsize; -@@ -462,7 +462,7 @@ static int init_device(struct snd_seq_device *dev, struct ops_list *ops) +@@ -463,7 +463,7 @@ static int init_device(struct snd_seq_device *dev, struct ops_list *ops) dev->name, ops->id, ops->argsize, dev->argsize); return -EINVAL; } @@ -80805,7 +76934,7 @@ index 1f99767..14636533 100644 dev->status = SNDRV_SEQ_DEVICE_REGISTERED; ops->num_init_devices++; } else { -@@ -489,7 +489,7 @@ static int free_device(struct snd_seq_device *dev, struct ops_list *ops) +@@ -490,7 +490,7 @@ static int free_device(struct snd_seq_device *dev, struct ops_list *ops) dev->name, ops->id, ops->argsize, dev->argsize); return -EINVAL; } @@ -80815,10 +76944,10 @@ index 1f99767..14636533 100644 dev->driver_data = NULL; ops->num_init_devices--; diff --git a/sound/drivers/mts64.c b/sound/drivers/mts64.c -index 8539ab0..be8a121 100644 +index f24bf9a..1f7b67c 100644 --- a/sound/drivers/mts64.c +++ b/sound/drivers/mts64.c -@@ -28,6 +28,7 @@ +@@ -29,6 +29,7 @@ #include <sound/initval.h> #include <sound/rawmidi.h> #include <sound/control.h> @@ -80826,7 +76955,7 @@ index 8539ab0..be8a121 100644 #define CARD_NAME "Miditerminal 4140" #define DRIVER_NAME "MTS64" -@@ -66,7 +67,7 @@ struct mts64 { +@@ -67,7 +68,7 @@ struct mts64 { struct pardevice *pardev; int pardev_claimed; @@ -80835,7 +76964,7 @@ index 8539ab0..be8a121 100644 int current_midi_output_port; int current_midi_input_port; u8 mode[MTS64_NUM_INPUT_PORTS]; -@@ -696,7 +697,7 @@ static int snd_mts64_rawmidi_open(struct snd_rawmidi_substream *substream) +@@ -697,7 +698,7 @@ static int snd_mts64_rawmidi_open(struct snd_rawmidi_substream *substream) { struct mts64 *mts = substream->rmidi->private_data; @@ -80844,7 +76973,7 @@ index 8539ab0..be8a121 100644 /* We don't need a spinlock here, because this is just called if the device has not been opened before. So there aren't any IRQs from the device */ -@@ -704,7 +705,7 @@ static int snd_mts64_rawmidi_open(struct snd_rawmidi_substream *substream) +@@ -705,7 +706,7 @@ static int snd_mts64_rawmidi_open(struct snd_rawmidi_substream *substream) msleep(50); } @@ -80853,7 +76982,7 @@ index 8539ab0..be8a121 100644 return 0; } -@@ -714,8 +715,7 @@ static int snd_mts64_rawmidi_close(struct snd_rawmidi_substream *substream) +@@ -715,8 +716,7 @@ static int snd_mts64_rawmidi_close(struct snd_rawmidi_substream *substream) struct mts64 *mts = substream->rmidi->private_data; unsigned long flags; @@ -80863,7 +76992,7 @@ index 8539ab0..be8a121 100644 /* We need the spinlock_irqsave here because we can still have IRQs at this point */ spin_lock_irqsave(&mts->lock, flags); -@@ -724,8 +724,8 @@ static int snd_mts64_rawmidi_close(struct snd_rawmidi_substream *substream) +@@ -725,8 +725,8 @@ static int snd_mts64_rawmidi_close(struct snd_rawmidi_substream *substream) msleep(500); @@ -80875,10 +77004,10 @@ index 8539ab0..be8a121 100644 return 0; } diff --git a/sound/drivers/opl4/opl4_lib.c b/sound/drivers/opl4/opl4_lib.c -index f07e38d..7aae69a 100644 +index b953fb4..1999c01 100644 --- a/sound/drivers/opl4/opl4_lib.c +++ b/sound/drivers/opl4/opl4_lib.c -@@ -28,7 +28,7 @@ MODULE_AUTHOR("Clemens Ladisch <clemens@ladisch.de>"); +@@ -29,7 +29,7 @@ MODULE_AUTHOR("Clemens Ladisch <clemens@ladisch.de>"); MODULE_DESCRIPTION("OPL4 driver"); MODULE_LICENSE("GPL"); @@ -80888,10 +77017,10 @@ index f07e38d..7aae69a 100644 int timeout = 10; while ((inb(opl4->fm_port) & OPL4_STATUS_BUSY) && --timeout > 0) diff --git a/sound/drivers/portman2x4.c b/sound/drivers/portman2x4.c -index f2b0ba2..429efc5 100644 +index f664823..590c745 100644 --- a/sound/drivers/portman2x4.c +++ b/sound/drivers/portman2x4.c -@@ -47,6 +47,7 @@ +@@ -48,6 +48,7 @@ #include <sound/initval.h> #include <sound/rawmidi.h> #include <sound/control.h> @@ -80899,7 +77028,7 @@ index f2b0ba2..429efc5 100644 #define CARD_NAME "Portman 2x4" #define DRIVER_NAME "portman" -@@ -84,7 +85,7 @@ struct portman { +@@ -85,7 +86,7 @@ struct portman { struct pardevice *pardev; int pardev_claimed; @@ -80944,10 +77073,10 @@ index 537a9cb..8e8c8e9 100644 /** diff --git a/sound/firewire/isight.c b/sound/firewire/isight.c -index 4400308..261e9f3 100644 +index cd094ec..eca1277 100644 --- a/sound/firewire/isight.c +++ b/sound/firewire/isight.c -@@ -97,7 +97,7 @@ static void isight_update_pointers(struct isight *isight, unsigned int count) +@@ -96,7 +96,7 @@ static void isight_update_pointers(struct isight *isight, unsigned int count) ptr += count; if (ptr >= runtime->buffer_size) ptr -= runtime->buffer_size; @@ -80956,7 +77085,7 @@ index 4400308..261e9f3 100644 isight->period_counter += count; if (isight->period_counter >= runtime->period_size) { -@@ -308,7 +308,7 @@ static int isight_hw_params(struct snd_pcm_substream *substream, +@@ -307,7 +307,7 @@ static int isight_hw_params(struct snd_pcm_substream *substream, if (err < 0) return err; @@ -80965,7 +77094,7 @@ index 4400308..261e9f3 100644 return 0; } -@@ -341,7 +341,7 @@ static int isight_hw_free(struct snd_pcm_substream *substream) +@@ -340,7 +340,7 @@ static int isight_hw_free(struct snd_pcm_substream *substream) { struct isight *isight = substream->private_data; @@ -80974,7 +77103,7 @@ index 4400308..261e9f3 100644 mutex_lock(&isight->mutex); isight_stop_streaming(isight); -@@ -434,10 +434,10 @@ static int isight_trigger(struct snd_pcm_substream *substream, int cmd) +@@ -433,10 +433,10 @@ static int isight_trigger(struct snd_pcm_substream *substream, int cmd) switch (cmd) { case SNDRV_PCM_TRIGGER_START: @@ -80988,7 +77117,7 @@ index 4400308..261e9f3 100644 default: return -EINVAL; diff --git a/sound/isa/cmi8330.c b/sound/isa/cmi8330.c -index fe79a16..4d9714e 100644 +index c94578d..0794ac1 100644 --- a/sound/isa/cmi8330.c +++ b/sound/isa/cmi8330.c @@ -172,7 +172,7 @@ struct snd_cmi8330 { @@ -81052,7 +77181,7 @@ index 09d4648..cf234c7 100644 list_add(&s->list, &cs4297a_devs); diff --git a/sound/pci/hda/hda_codec.h b/sound/pci/hda/hda_codec.h -index 755f2b0..5c12361 100644 +index 5644711..a2aebc1 100644 --- a/sound/pci/hda/hda_codec.h +++ b/sound/pci/hda/hda_codec.h @@ -611,7 +611,7 @@ struct hda_bus_ops { @@ -81113,10 +77242,10 @@ index 0da778a..bc38b84 100644 diff --git a/sound/pci/ymfpci/ymfpci_main.c b/sound/pci/ymfpci/ymfpci_main.c -index f3260e6..4a285d8 100644 +index 03ee4e3..be86b46 100644 --- a/sound/pci/ymfpci/ymfpci_main.c +++ b/sound/pci/ymfpci/ymfpci_main.c -@@ -202,8 +202,8 @@ static void snd_ymfpci_hw_stop(struct snd_ymfpci *chip) +@@ -203,8 +203,8 @@ static void snd_ymfpci_hw_stop(struct snd_ymfpci *chip) if ((snd_ymfpci_readl(chip, YDSXGR_STATUS) & 2) == 0) break; } @@ -81127,7 +77256,7 @@ index f3260e6..4a285d8 100644 wake_up(&chip->interrupt_sleep); } __end: -@@ -787,7 +787,7 @@ static void snd_ymfpci_irq_wait(struct snd_ymfpci *chip) +@@ -788,7 +788,7 @@ static void snd_ymfpci_irq_wait(struct snd_ymfpci *chip) continue; init_waitqueue_entry(&wait, current); add_wait_queue(&chip->interrupt_sleep, &wait); @@ -81136,7 +77265,7 @@ index f3260e6..4a285d8 100644 schedule_timeout_uninterruptible(msecs_to_jiffies(50)); remove_wait_queue(&chip->interrupt_sleep, &wait); } -@@ -825,8 +825,8 @@ static irqreturn_t snd_ymfpci_interrupt(int irq, void *dev_id) +@@ -826,8 +826,8 @@ static irqreturn_t snd_ymfpci_interrupt(int irq, void *dev_id) snd_ymfpci_writel(chip, YDSXGR_MODE, mode); spin_unlock(&chip->reg_lock); @@ -81147,7 +77276,7 @@ index f3260e6..4a285d8 100644 wake_up(&chip->interrupt_sleep); } } -@@ -2363,7 +2363,7 @@ int __devinit snd_ymfpci_create(struct snd_card *card, +@@ -2382,7 +2382,7 @@ int __devinit snd_ymfpci_create(struct snd_card *card, spin_lock_init(&chip->reg_lock); spin_lock_init(&chip->voice_lock); init_waitqueue_head(&chip->interrupt_sleep); @@ -81157,10 +77286,10 @@ index f3260e6..4a285d8 100644 chip->pci = pci; chip->irq = -1; diff --git a/sound/soc/soc-pcm.c b/sound/soc/soc-pcm.c -index 2879c88..224159e 100644 +index ee15337..e2187a6 100644 --- a/sound/soc/soc-pcm.c +++ b/sound/soc/soc-pcm.c -@@ -568,7 +568,7 @@ static snd_pcm_uframes_t soc_pcm_pointer(struct snd_pcm_substream *substream) +@@ -583,7 +583,7 @@ static snd_pcm_uframes_t soc_pcm_pointer(struct snd_pcm_substream *substream) } /* ASoC PCM operations */ @@ -81170,7 +77299,7 @@ index 2879c88..224159e 100644 .close = soc_pcm_close, .hw_params = soc_pcm_hw_params, diff --git a/sound/usb/card.h b/sound/usb/card.h -index ae4251d..0961361 100644 +index a39edcc..1014050 100644 --- a/sound/usb/card.h +++ b/sound/usb/card.h @@ -44,6 +44,7 @@ struct snd_urb_ops { @@ -81186,10 +77315,10 @@ index ae4251d..0961361 100644 spinlock_t lock; - struct snd_urb_ops ops; /* callbacks (must be filled at init) */ -+ snd_urb_ops_no_const ops; /* callbacks (must be filled at init) */ ++ snd_urb_ops_no_const ops; /* callbacks (must be filled at init) */ + int last_frame_number; /* stored frame number */ + int last_delay; /* stored delay */ }; - - struct snd_usb_stream { diff --git a/tools/gcc/Makefile b/tools/gcc/Makefile new file mode 100644 index 0000000..b044b80 @@ -82566,10 +78695,10 @@ index af0f22f..9a7d479 100644 break; } diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c -index aefdda3..8e8fbb9 100644 +index d9cfb78..4f27c10 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c -@@ -73,7 +73,7 @@ LIST_HEAD(vm_list); +@@ -75,7 +75,7 @@ LIST_HEAD(vm_list); static cpumask_var_t cpus_hardware_enabled; static int kvm_usage_count = 0; @@ -82578,7 +78707,7 @@ index aefdda3..8e8fbb9 100644 struct kmem_cache *kvm_vcpu_cache; EXPORT_SYMBOL_GPL(kvm_vcpu_cache); -@@ -2266,7 +2266,7 @@ static void hardware_enable_nolock(void *junk) +@@ -2268,7 +2268,7 @@ static void hardware_enable_nolock(void *junk) if (r) { cpumask_clear_cpu(cpu, cpus_hardware_enabled); @@ -82587,7 +78716,7 @@ index aefdda3..8e8fbb9 100644 printk(KERN_INFO "kvm: enabling virtualization on " "CPU%d failed\n", cpu); } -@@ -2320,10 +2320,10 @@ static int hardware_enable_all(void) +@@ -2322,10 +2322,10 @@ static int hardware_enable_all(void) kvm_usage_count++; if (kvm_usage_count == 1) { @@ -82600,7 +78729,7 @@ index aefdda3..8e8fbb9 100644 hardware_disable_all_nolock(); r = -EBUSY; } -@@ -2588,7 +2588,7 @@ static void kvm_sched_out(struct preempt_notifier *pn, +@@ -2676,7 +2676,7 @@ static void kvm_sched_out(struct preempt_notifier *pn, kvm_arch_vcpu_put(vcpu); } @@ -82609,7 +78738,7 @@ index aefdda3..8e8fbb9 100644 struct module *module) { int r; -@@ -2651,7 +2651,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, +@@ -2739,7 +2739,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, if (!vcpu_align) vcpu_align = __alignof__(struct kvm_vcpu); kvm_vcpu_cache = kmem_cache_create("kvm_vcpu", vcpu_size, vcpu_align, @@ -82618,7 +78747,7 @@ index aefdda3..8e8fbb9 100644 if (!kvm_vcpu_cache) { r = -ENOMEM; goto out_free_3; -@@ -2661,9 +2661,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, +@@ -2749,9 +2749,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, if (r) goto out_free; diff --git a/3.1.10/4421_grsec-remove-localversion-grsec.patch b/3.2.1/4421_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.1.10/4421_grsec-remove-localversion-grsec.patch +++ b/3.2.1/4421_grsec-remove-localversion-grsec.patch diff --git a/3.1.10/4422_grsec-mute-warnings.patch b/3.2.1/4422_grsec-mute-warnings.patch index e85abd6..e85abd6 100644 --- a/3.1.10/4422_grsec-mute-warnings.patch +++ b/3.2.1/4422_grsec-mute-warnings.patch diff --git a/3.1.10/4423_grsec-remove-protected-paths.patch b/3.2.1/4423_grsec-remove-protected-paths.patch index 4afb3e2..4afb3e2 100644 --- a/3.1.10/4423_grsec-remove-protected-paths.patch +++ b/3.2.1/4423_grsec-remove-protected-paths.patch diff --git a/3.1.10/4425_grsec-pax-without-grsec.patch b/3.2.1/4425_grsec-pax-without-grsec.patch index 3511545..6032638 100644 --- a/3.1.10/4425_grsec-pax-without-grsec.patch +++ b/3.2.1/4425_grsec-pax-without-grsec.patch @@ -20,7 +20,7 @@ The original version of this patch contained no credits/description. diff -Naur a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c --- a/arch/x86/mm/fault.c 2011-04-17 19:05:03.000000000 -0400 +++ a/arch/x86/mm/fault.c 2011-04-17 19:20:30.000000000 -0400 -@@ -651,10 +651,12 @@ +@@ -657,10 +657,12 @@ #ifdef CONFIG_PAX_KERNEXEC if (init_mm.start_code <= address && address < init_mm.end_code) { @@ -36,7 +36,7 @@ diff -Naur a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c diff -Naur a/fs/exec.c b/fs/exec.c --- a/fs/exec.c 2011-04-17 19:05:03.000000000 -0400 +++ b/fs/exec.c 2011-04-17 19:20:30.000000000 -0400 -@@ -2003,9 +2003,11 @@ +@@ -1999,9 +1999,11 @@ } up_read(&mm->mmap_sem); } @@ -48,7 +48,7 @@ diff -Naur a/fs/exec.c b/fs/exec.c printk(KERN_ERR "PAX: execution attempt in: %s, %08lx-%08lx %08lx\n", path_fault, start, end, offset); printk(KERN_ERR "PAX: terminating task: %s(%s):%d, uid/euid: %u/%u, " "PC: %p, SP: %p\n", path_exec, tsk->comm, task_pid_nr(tsk), -@@ -2020,10 +2022,12 @@ +@@ -2016,10 +2018,12 @@ #ifdef CONFIG_PAX_REFCOUNT void pax_report_refcount_overflow(struct pt_regs *regs) { @@ -61,7 +61,7 @@ diff -Naur a/fs/exec.c b/fs/exec.c printk(KERN_ERR "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", current->comm, task_pid_nr(current), current_uid(), current_euid()); print_symbol(KERN_ERR "PAX: refcount overflow occured at: %s\n", instruction_pointer(regs)); -@@ -2082,10 +2086,12 @@ +@@ -2078,10 +2082,12 @@ NORET_TYPE void pax_report_usercopy(const void *ptr, unsigned long len, bool to, const char *type) { diff --git a/3.1.10/4430_grsec-kconfig-default-gids.patch b/3.2.1/4430_grsec-kconfig-default-gids.patch index 243fbd5..243fbd5 100644 --- a/3.1.10/4430_grsec-kconfig-default-gids.patch +++ b/3.2.1/4430_grsec-kconfig-default-gids.patch diff --git a/3.1.10/4435_grsec-kconfig-gentoo.patch b/3.2.1/4435_grsec-kconfig-gentoo.patch index 9ff2fe7..9ff2fe7 100644 --- a/3.1.10/4435_grsec-kconfig-gentoo.patch +++ b/3.2.1/4435_grsec-kconfig-gentoo.patch diff --git a/3.1.10/4437-grsec-kconfig-proc-user.patch b/3.2.1/4437-grsec-kconfig-proc-user.patch index 54b2678..54b2678 100644 --- a/3.1.10/4437-grsec-kconfig-proc-user.patch +++ b/3.2.1/4437-grsec-kconfig-proc-user.patch diff --git a/3.1.10/4440_selinux-avc_audit-log-curr_ip.patch b/3.2.1/4440_selinux-avc_audit-log-curr_ip.patch index 9c38cfc..9c38cfc 100644 --- a/3.1.10/4440_selinux-avc_audit-log-curr_ip.patch +++ b/3.2.1/4440_selinux-avc_audit-log-curr_ip.patch diff --git a/3.1.10/4445_disable-compat_vdso.patch b/3.2.1/4445_disable-compat_vdso.patch index 737dcca..4742d01 100644 --- a/3.1.10/4445_disable-compat_vdso.patch +++ b/3.2.1/4445_disable-compat_vdso.patch @@ -26,7 +26,7 @@ Closes bug: http://bugs.gentoo.org/show_bug.cgi?id=210138 diff -urp a/arch/x86/Kconfig b/arch/x86/Kconfig --- a/arch/x86/Kconfig 2009-07-31 01:36:57.323857684 +0100 +++ b/arch/x86/Kconfig 2009-07-31 01:51:39.395749681 +0100 -@@ -1639,17 +1639,8 @@ +@@ -1651,17 +1651,8 @@ config COMPAT_VDSO def_bool n |