A typical pattern in a Kbuild file looks like this:
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
-index 1edd5fd..84fd32e 100644
+index 1edd5fd..107ff46 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -1155,6 +1155,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
nosmap [X86]
Disable SMAP (Supervisor Mode Access Prevention)
even if it is supported by processor.
-@@ -2467,6 +2475,25 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
+@@ -2467,6 +2475,30 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
the specified number of seconds. This is to be used if
your oopses keep scrolling off the screen.
+ page table updates on X86-64.
+
+ pax_sanitize_slab=
-+ 0/1 to disable/enable slab object sanitization (enabled by
-+ default).
++ Format: { 0 | 1 | off | fast | full }
++ Options '0' and '1' are only provided for backward
++ compatibility, 'off' or 'fast' should be used instead.
++ 0|off : disable slab object sanitization
++ 1|fast: enable slab object sanitization excluding
++ whitelisted slabs (default)
++ full : sanitize all slabs, even the whitelisted ones
+
+ pax_softmode= 0/1 to disable/enable PaX softmode on boot already.
+
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index 4669409..95d8745 100644
+index b60b64d..33b7ec8 100644
--- a/Makefile
+++ b/Makefile
@@ -303,8 +303,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
kexec is a system call that implements the ability to shutdown your
current kernel, and to start another kernel. It is like a reboot
diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic.h
-index 3040359..cf3bab0 100644
+index 3040359..a494fa3 100644
--- a/arch/arm/include/asm/atomic.h
+++ b/arch/arm/include/asm/atomic.h
-@@ -18,17 +18,35 @@
+@@ -18,17 +18,41 @@
#include <asm/barrier.h>
#include <asm/cmpxchg.h>
#ifdef __KERNEL__
++#ifdef CONFIG_THUMB2_KERNEL
++#define REFCOUNT_TRAP_INSN "bkpt 0xf1"
++#else
++#define REFCOUNT_TRAP_INSN "bkpt 0xf103"
++#endif
++
+#define _ASM_EXTABLE(from, to) \
+" .pushsection __ex_table,\"a\"\n"\
+" .align 3\n" \
#if __LINUX_ARM_ARCH__ >= 6
-@@ -44,6 +62,36 @@ static inline void atomic_add(int i, atomic_t *v)
+@@ -44,6 +68,36 @@ static inline void atomic_add(int i, atomic_t *v)
prefetchw(&v->counter);
__asm__ __volatile__("@ atomic_add\n"
+
+#ifdef CONFIG_PAX_REFCOUNT
+" bvc 3f\n"
-+"2: bkpt 0xf103\n"
++"2: " REFCOUNT_TRAP_INSN "\n"
+"3:\n"
+#endif
+
"1: ldrex %0, [%3]\n"
" add %0, %0, %4\n"
" strex %1, %0, [%3]\n"
-@@ -63,6 +111,43 @@ static inline int atomic_add_return(int i, atomic_t *v)
+@@ -63,6 +117,43 @@ static inline int atomic_add_return(int i, atomic_t *v)
prefetchw(&v->counter);
__asm__ __volatile__("@ atomic_add_return\n"
+#ifdef CONFIG_PAX_REFCOUNT
+" bvc 3f\n"
+" mov %0, %1\n"
-+"2: bkpt 0xf103\n"
++"2: " REFCOUNT_TRAP_INSN "\n"
+"3:\n"
+#endif
+
"1: ldrex %0, [%3]\n"
" add %0, %0, %4\n"
" strex %1, %0, [%3]\n"
-@@ -84,6 +169,36 @@ static inline void atomic_sub(int i, atomic_t *v)
+@@ -84,6 +175,36 @@ static inline void atomic_sub(int i, atomic_t *v)
prefetchw(&v->counter);
__asm__ __volatile__("@ atomic_sub\n"
+
+#ifdef CONFIG_PAX_REFCOUNT
+" bvc 3f\n"
-+"2: bkpt 0xf103\n"
++"2: " REFCOUNT_TRAP_INSN "\n"
+"3:\n"
+#endif
+
"1: ldrex %0, [%3]\n"
" sub %0, %0, %4\n"
" strex %1, %0, [%3]\n"
-@@ -103,11 +218,25 @@ static inline int atomic_sub_return(int i, atomic_t *v)
+@@ -103,11 +224,25 @@ static inline int atomic_sub_return(int i, atomic_t *v)
prefetchw(&v->counter);
__asm__ __volatile__("@ atomic_sub_return\n"
+#ifdef CONFIG_PAX_REFCOUNT
+" bvc 3f\n"
+" mov %0, %1\n"
-+"2: bkpt 0xf103\n"
++"2: " REFCOUNT_TRAP_INSN "\n"
+"3:\n"
+#endif
+
: "=&r" (result), "=&r" (tmp), "+Qo" (v->counter)
: "r" (&v->counter), "Ir" (i)
: "cc");
-@@ -152,12 +281,24 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u)
+@@ -152,12 +287,24 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u)
__asm__ __volatile__ ("@ atomic_add_unless\n"
"1: ldrex %0, [%4]\n"
" teq %0, %5\n"
+
+#ifdef CONFIG_PAX_REFCOUNT
+" bvc 3f\n"
-+"2: bkpt 0xf103\n"
++"2: " REFCOUNT_TRAP_INSN "\n"
+"3:\n"
+#endif
+
: "=&r" (oldval), "=&r" (newval), "=&r" (tmp), "+Qo" (v->counter)
: "r" (&v->counter), "r" (u), "r" (a)
: "cc");
-@@ -168,6 +309,28 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u)
+@@ -168,6 +315,28 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u)
return oldval;
}
#else /* ARM_ARCH_6 */
#ifdef CONFIG_SMP
-@@ -186,7 +349,17 @@ static inline int atomic_add_return(int i, atomic_t *v)
+@@ -186,7 +355,17 @@ static inline int atomic_add_return(int i, atomic_t *v)
return val;
}
static inline int atomic_sub_return(int i, atomic_t *v)
{
-@@ -201,6 +374,10 @@ static inline int atomic_sub_return(int i, atomic_t *v)
+@@ -201,6 +380,10 @@ static inline int atomic_sub_return(int i, atomic_t *v)
return val;
}
#define atomic_sub(i, v) (void) atomic_sub_return(i, v)
static inline int atomic_cmpxchg(atomic_t *v, int old, int new)
{
-@@ -216,6 +393,11 @@ static inline int atomic_cmpxchg(atomic_t *v, int old, int new)
+@@ -216,6 +399,11 @@ static inline int atomic_cmpxchg(atomic_t *v, int old, int new)
return ret;
}
static inline int __atomic_add_unless(atomic_t *v, int a, int u)
{
int c, old;
-@@ -229,13 +411,33 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u)
+@@ -229,13 +417,33 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u)
#endif /* __LINUX_ARM_ARCH__ */
#define atomic_xchg(v, new) (xchg(&((v)->counter), new))
#define atomic_dec_return(v) (atomic_sub_return(1, v))
#define atomic_sub_and_test(i, v) (atomic_sub_return(i, v) == 0)
-@@ -246,6 +448,14 @@ typedef struct {
+@@ -246,6 +454,14 @@ typedef struct {
long long counter;
} atomic64_t;
#define ATOMIC64_INIT(i) { (i) }
#ifdef CONFIG_ARM_LPAE
-@@ -262,6 +472,19 @@ static inline long long atomic64_read(const atomic64_t *v)
+@@ -262,6 +478,19 @@ static inline long long atomic64_read(const atomic64_t *v)
return result;
}
static inline void atomic64_set(atomic64_t *v, long long i)
{
__asm__ __volatile__("@ atomic64_set\n"
-@@ -270,6 +493,15 @@ static inline void atomic64_set(atomic64_t *v, long long i)
+@@ -270,6 +499,15 @@ static inline void atomic64_set(atomic64_t *v, long long i)
: "r" (&v->counter), "r" (i)
);
}
#else
static inline long long atomic64_read(const atomic64_t *v)
{
-@@ -284,6 +516,19 @@ static inline long long atomic64_read(const atomic64_t *v)
+@@ -284,6 +522,19 @@ static inline long long atomic64_read(const atomic64_t *v)
return result;
}
static inline void atomic64_set(atomic64_t *v, long long i)
{
long long tmp;
-@@ -298,6 +543,21 @@ static inline void atomic64_set(atomic64_t *v, long long i)
+@@ -298,6 +549,21 @@ static inline void atomic64_set(atomic64_t *v, long long i)
: "r" (&v->counter), "r" (i)
: "cc");
}
#endif
static inline void atomic64_add(long long i, atomic64_t *v)
-@@ -309,6 +569,37 @@ static inline void atomic64_add(long long i, atomic64_t *v)
+@@ -309,6 +575,37 @@ static inline void atomic64_add(long long i, atomic64_t *v)
__asm__ __volatile__("@ atomic64_add\n"
"1: ldrexd %0, %H0, [%3]\n"
" adds %Q0, %Q0, %Q4\n"
+
+#ifdef CONFIG_PAX_REFCOUNT
+" bvc 3f\n"
-+"2: bkpt 0xf103\n"
++"2: " REFCOUNT_TRAP_INSN "\n"
+"3:\n"
+#endif
+
" adc %R0, %R0, %R4\n"
" strexd %1, %0, %H0, [%3]\n"
" teq %1, #0\n"
-@@ -329,6 +620,44 @@ static inline long long atomic64_add_return(long long i, atomic64_t *v)
+@@ -329,6 +626,44 @@ static inline long long atomic64_add_return(long long i, atomic64_t *v)
__asm__ __volatile__("@ atomic64_add_return\n"
"1: ldrexd %0, %H0, [%3]\n"
" adds %Q0, %Q0, %Q4\n"
+" bvc 3f\n"
+" mov %0, %1\n"
+" mov %H0, %H1\n"
-+"2: bkpt 0xf103\n"
++"2: " REFCOUNT_TRAP_INSN "\n"
+"3:\n"
+#endif
+
" adc %R0, %R0, %R4\n"
" strexd %1, %0, %H0, [%3]\n"
" teq %1, #0\n"
-@@ -351,6 +680,37 @@ static inline void atomic64_sub(long long i, atomic64_t *v)
+@@ -351,6 +686,37 @@ static inline void atomic64_sub(long long i, atomic64_t *v)
__asm__ __volatile__("@ atomic64_sub\n"
"1: ldrexd %0, %H0, [%3]\n"
" subs %Q0, %Q0, %Q4\n"
+
+#ifdef CONFIG_PAX_REFCOUNT
+" bvc 3f\n"
-+"2: bkpt 0xf103\n"
++"2: " REFCOUNT_TRAP_INSN "\n"
+"3:\n"
+#endif
+
" sbc %R0, %R0, %R4\n"
" strexd %1, %0, %H0, [%3]\n"
" teq %1, #0\n"
-@@ -371,10 +731,25 @@ static inline long long atomic64_sub_return(long long i, atomic64_t *v)
+@@ -371,10 +737,25 @@ static inline long long atomic64_sub_return(long long i, atomic64_t *v)
__asm__ __volatile__("@ atomic64_sub_return\n"
"1: ldrexd %0, %H0, [%3]\n"
" subs %Q0, %Q0, %Q4\n"
+" bvc 3f\n"
+" mov %0, %1\n"
+" mov %H0, %H1\n"
-+"2: bkpt 0xf103\n"
++"2: " REFCOUNT_TRAP_INSN "\n"
+"3:\n"
+#endif
+
: "=&r" (result), "=&r" (tmp), "+Qo" (v->counter)
: "r" (&v->counter), "r" (i)
: "cc");
-@@ -410,6 +785,31 @@ static inline long long atomic64_cmpxchg(atomic64_t *ptr, long long old,
+@@ -410,6 +791,31 @@ static inline long long atomic64_cmpxchg(atomic64_t *ptr, long long old,
return oldval;
}
static inline long long atomic64_xchg(atomic64_t *ptr, long long new)
{
long long result;
-@@ -435,21 +835,35 @@ static inline long long atomic64_xchg(atomic64_t *ptr, long long new)
+@@ -435,21 +841,35 @@ static inline long long atomic64_xchg(atomic64_t *ptr, long long new)
static inline long long atomic64_dec_if_positive(atomic64_t *v)
{
long long result;
+" bvc 3f\n"
+" mov %Q0, %Q1\n"
+" mov %R0, %R1\n"
-+"2: bkpt 0xf103\n"
++"2: " REFCOUNT_TRAP_INSN "\n"
+"3:\n"
+#endif
+
: "=&r" (result), "=&r" (tmp), "+Qo" (v->counter)
: "r" (&v->counter)
: "cc");
-@@ -473,13 +887,25 @@ static inline int atomic64_add_unless(atomic64_t *v, long long a, long long u)
+@@ -473,13 +893,25 @@ static inline int atomic64_add_unless(atomic64_t *v, long long a, long long u)
" teq %0, %5\n"
" teqeq %H0, %H5\n"
" moveq %1, #0\n"
+
+#ifdef CONFIG_PAX_REFCOUNT
+" bvc 3f\n"
-+"2: bkpt 0xf103\n"
++"2: " REFCOUNT_TRAP_INSN "\n"
+"3:\n"
+#endif
+
: "=&r" (val), "+r" (ret), "=&r" (tmp), "+Qo" (v->counter)
: "r" (&v->counter), "r" (u), "r" (a)
: "cc");
-@@ -492,10 +918,13 @@ static inline int atomic64_add_unless(atomic64_t *v, long long a, long long u)
+@@ -492,10 +924,13 @@ static inline int atomic64_add_unless(atomic64_t *v, long long a, long long u)
#define atomic64_add_negative(a, v) (atomic64_add_return((a), (v)) < 0)
#define atomic64_inc(v) atomic64_add(1LL, (v))
/*
diff --git a/arch/arm/include/asm/pgtable-3level.h b/arch/arm/include/asm/pgtable-3level.h
-index 06e0bc0..e60c2d3 100644
+index 06e0bc0..c65bca8 100644
--- a/arch/arm/include/asm/pgtable-3level.h
+++ b/arch/arm/include/asm/pgtable-3level.h
@@ -81,6 +81,7 @@
#define L_PTE_XN (_AT(pteval_t, 1) << 54) /* XN */
#define L_PTE_DIRTY (_AT(pteval_t, 1) << 55)
#define L_PTE_SPECIAL (_AT(pteval_t, 1) << 56)
-@@ -96,6 +97,7 @@
+@@ -92,10 +93,12 @@
+ #define L_PMD_SECT_SPLITTING (_AT(pmdval_t, 1) << 56)
+ #define L_PMD_SECT_NONE (_AT(pmdval_t, 1) << 57)
+ #define L_PMD_SECT_RDONLY (_AT(pteval_t, 1) << 58)
++#define PMD_SECT_RDONLY PMD_SECT_AP2
+
/*
* To be used in assembly code with the upper page attributes.
*/
pr_info("AT91: sram at 0x%lx of 0x%x mapped at 0x%lx\n",
base, length, desc->virtual);
+diff --git a/arch/arm/mach-keystone/keystone.c b/arch/arm/mach-keystone/keystone.c
+index 7f352de..6dc0929 100644
+--- a/arch/arm/mach-keystone/keystone.c
++++ b/arch/arm/mach-keystone/keystone.c
+@@ -27,7 +27,7 @@
+
+ #include "keystone.h"
+
+-static struct notifier_block platform_nb;
++static notifier_block_no_const platform_nb;
+ static unsigned long keystone_dma_pfn_offset __read_mostly;
+
+ static int keystone_platform_notifier(struct notifier_block *nb,
diff --git a/arch/arm/mach-mvebu/coherency.c b/arch/arm/mach-mvebu/coherency.c
index 2bdc323..cf1c607 100644
--- a/arch/arm/mach-mvebu/coherency.c
extern void ux500_cpu_die(unsigned int cpu);
diff --git a/arch/arm/mm/Kconfig b/arch/arm/mm/Kconfig
-index ae69809..2665202 100644
+index 7eb94e6..799ad3e 100644
--- a/arch/arm/mm/Kconfig
+++ b/arch/arm/mm/Kconfig
@@ -446,6 +446,7 @@ config CPU_32v5
help
This option enables or disables the use of domain switching
via the set_fs() function.
-@@ -799,6 +801,7 @@ config NEED_KUSER_HELPERS
+@@ -798,7 +800,7 @@ config NEED_KUSER_HELPERS
+
config KUSER_HELPERS
bool "Enable kuser helpers in vector page" if !NEED_KUSER_HELPERS
+- depends on MMU
++ depends on MMU && (!(CPU_V6 || CPU_V6K || CPU_V7) || GRKERNSEC_OLD_ARM_USERLAND)
default y
-+ depends on !(CPU_V6 || CPU_V6K || CPU_V7) || GRKERNSEC_OLD_ARM_USERLAND
help
Warning: disabling this option may break user programs.
-
-@@ -811,7 +814,7 @@ config KUSER_HELPERS
+@@ -812,7 +814,7 @@ config KUSER_HELPERS
See Documentation/arm/kernel_user_helpers.txt for details.
However, the fixed address nature of these helpers can be used
atomic64_set(&mm->context.id, asid);
}
diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c
-index eb8830a..5360ce7 100644
+index eb8830a..e8ff52e 100644
--- a/arch/arm/mm/fault.c
+++ b/arch/arm/mm/fault.c
@@ -25,6 +25,7 @@
printk(KERN_ALERT "Unhandled fault: %s (0x%03x) at 0x%08lx\n",
inf->name, fsr, addr);
-@@ -574,15 +647,98 @@ hook_ifault_code(int nr, int (*fn)(unsigned long, unsigned int, struct pt_regs *
+@@ -574,15 +647,104 @@ hook_ifault_code(int nr, int (*fn)(unsigned long, unsigned int, struct pt_regs *
ifsr_info[nr].name = name;
}
+
+#ifdef CONFIG_PAX_REFCOUNT
+ if (fsr_fs(ifsr) == FAULT_CODE_DEBUG) {
++#ifdef CONFIG_THUMB2_KERNEL
++ unsigned short bkpt;
++
++ if (!probe_kernel_address(pc, bkpt) && cpu_to_le16(bkpt) == 0xbef1) {
++#else
+ unsigned int bkpt;
+
+ if (!probe_kernel_address(pc, bkpt) && cpu_to_le32(bkpt) == 0xe12f1073) {
++#endif
+ current->thread.error_code = ifsr;
+ current->thread.trap_no = 0;
+ pax_report_refcount_overflow(regs);
{
int c, old;
diff --git a/arch/frv/include/asm/cache.h b/arch/frv/include/asm/cache.h
-index 2797163..c2a401d 100644
+index 2797163..c2a401df9 100644
--- a/arch/frv/include/asm/cache.h
+++ b/arch/frv/include/asm/cache.h
@@ -12,10 +12,11 @@
/*
* We stash processor id into a COP0 register to retrieve it fast
diff --git a/arch/mips/include/asm/uaccess.h b/arch/mips/include/asm/uaccess.h
-index a109510..94ee3f6 100644
+index a109510..0a764f7 100644
--- a/arch/mips/include/asm/uaccess.h
+++ b/arch/mips/include/asm/uaccess.h
@@ -130,6 +130,7 @@ extern u64 __ua_limit;
#define access_ok(type, addr, size) \
likely(__access_ok((addr), (size), __access_mask))
+@@ -301,7 +302,8 @@ do { \
+ __get_kernel_common((x), size, __gu_ptr); \
+ else \
+ __get_user_common((x), size, __gu_ptr); \
+- } \
++ } else \
++ (x) = 0; \
+ \
+ __gu_err; \
+ })
+@@ -316,6 +318,7 @@ do { \
+ " .insn \n" \
+ " .section .fixup,\"ax\" \n" \
+ "3: li %0, %4 \n" \
++ " move %1, $0 \n" \
+ " j 2b \n" \
+ " .previous \n" \
+ " .section __ex_table,\"a\" \n" \
+@@ -630,6 +633,7 @@ do { \
+ " .insn \n" \
+ " .section .fixup,\"ax\" \n" \
+ "3: li %0, %4 \n" \
++ " move %1, $0 \n" \
+ " j 2b \n" \
+ " .previous \n" \
+ " .section __ex_table,\"a\" \n" \
diff --git a/arch/mips/kernel/binfmt_elfn32.c b/arch/mips/kernel/binfmt_elfn32.c
index 1188e00..41cf144 100644
--- a/arch/mips/kernel/binfmt_elfn32.c
kexec is a system call that implements the ability to shutdown your
current kernel, and to start another kernel. It is like a reboot
diff --git a/arch/powerpc/include/asm/atomic.h b/arch/powerpc/include/asm/atomic.h
-index 28992d0..c797b20 100644
+index 28992d0..434c881 100644
--- a/arch/powerpc/include/asm/atomic.h
+++ b/arch/powerpc/include/asm/atomic.h
-@@ -519,6 +519,16 @@ static __inline__ long atomic64_inc_not_zero(atomic64_t *v)
- return t1;
+@@ -12,6 +12,11 @@
+
+ #define ATOMIC_INIT(i) { (i) }
+
++#define _ASM_EXTABLE(from, to) \
++" .section __ex_table,\"a\"\n" \
++ PPC_LONG" " #from ", " #to"\n" \
++" .previous\n"
++
+ static __inline__ int atomic_read(const atomic_t *v)
+ {
+ int t;
+@@ -21,16 +26,61 @@ static __inline__ int atomic_read(const atomic_t *v)
+ return t;
}
-+#define atomic64_read_unchecked(v) atomic64_read(v)
-+#define atomic64_set_unchecked(v, i) atomic64_set((v), (i))
-+#define atomic64_add_unchecked(a, v) atomic64_add((a), (v))
-+#define atomic64_add_return_unchecked(a, v) atomic64_add_return((a), (v))
-+#define atomic64_sub_unchecked(a, v) atomic64_sub((a), (v))
-+#define atomic64_inc_unchecked(v) atomic64_inc(v)
-+#define atomic64_inc_return_unchecked(v) atomic64_inc_return(v)
-+#define atomic64_dec_unchecked(v) atomic64_dec(v)
-+#define atomic64_cmpxchg_unchecked(v, o, n) atomic64_cmpxchg((v), (o), (n))
++static __inline__ int atomic_read_unchecked(const atomic_unchecked_t *v)
++{
++ int t;
++
++ __asm__ __volatile__("lwz%U1%X1 %0,%1" : "=r"(t) : "m"(v->counter));
+
- #endif /* __powerpc64__ */
++ return t;
++}
++
+ static __inline__ void atomic_set(atomic_t *v, int i)
+ {
+ __asm__ __volatile__("stw%U0%X0 %1,%0" : "=m"(v->counter) : "r"(i));
+ }
- #endif /* __KERNEL__ */
++static __inline__ void atomic_set_unchecked(atomic_unchecked_t *v, int i)
++{
++ __asm__ __volatile__("stw%U0%X0 %1,%0" : "=m"(v->counter) : "r"(i));
++}
++
+ static __inline__ void atomic_add(int a, atomic_t *v)
+ {
+ int t;
+
+ __asm__ __volatile__(
++"1: lwarx %0,0,%3 # atomic_add\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++" mcrxr cr0\n"
++" addo. %0,%2,%0\n"
++" bf 4*cr0+so, 3f\n"
++"2:.long " "0x00c00b00""\n"
++#else
++" add %0,%2,%0\n"
++#endif
++
++"3:\n"
++ PPC405_ERR77(0,%3)
++" stwcx. %0,0,%3 \n\
++ bne- 1b"
++
++#ifdef CONFIG_PAX_REFCOUNT
++"\n4:\n"
++ _ASM_EXTABLE(2b, 4b)
++#endif
++
++ : "=&r" (t), "+m" (v->counter)
++ : "r" (a), "r" (&v->counter)
++ : "cc");
++}
++
++static __inline__ void atomic_add_unchecked(int a, atomic_unchecked_t *v)
++{
++ int t;
++
++ __asm__ __volatile__(
+ "1: lwarx %0,0,%3 # atomic_add\n\
+ add %0,%2,%0\n"
+ PPC405_ERR77(0,%3)
+@@ -41,12 +91,49 @@ static __inline__ void atomic_add(int a, atomic_t *v)
+ : "cc");
+ }
+
++/* Same as atomic_add but return the value */
+ static __inline__ int atomic_add_return(int a, atomic_t *v)
+ {
+ int t;
+
+ __asm__ __volatile__(
+ PPC_ATOMIC_ENTRY_BARRIER
++"1: lwarx %0,0,%2 # atomic_add_return\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++" mcrxr cr0\n"
++" addo. %0,%1,%0\n"
++" bf 4*cr0+so, 3f\n"
++"2:.long " "0x00c00b00""\n"
++#else
++" add %0,%1,%0\n"
++#endif
++
++"3:\n"
++ PPC405_ERR77(0,%2)
++" stwcx. %0,0,%2 \n\
++ bne- 1b\n"
++"4:"
++
++#ifdef CONFIG_PAX_REFCOUNT
++ _ASM_EXTABLE(2b, 4b)
++#endif
++
++ PPC_ATOMIC_EXIT_BARRIER
++ : "=&r" (t)
++ : "r" (a), "r" (&v->counter)
++ : "cc", "memory");
++
++ return t;
++}
++
++/* Same as atomic_add_unchecked but return the value */
++static __inline__ int atomic_add_return_unchecked(int a, atomic_unchecked_t *v)
++{
++ int t;
++
++ __asm__ __volatile__(
++ PPC_ATOMIC_ENTRY_BARRIER
+ "1: lwarx %0,0,%2 # atomic_add_return\n\
+ add %0,%1,%0\n"
+ PPC405_ERR77(0,%2)
+@@ -67,6 +154,37 @@ static __inline__ void atomic_sub(int a, atomic_t *v)
+ int t;
+
+ __asm__ __volatile__(
++"1: lwarx %0,0,%3 # atomic_sub\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++" mcrxr cr0\n"
++" subfo. %0,%2,%0\n"
++" bf 4*cr0+so, 3f\n"
++"2:.long " "0x00c00b00""\n"
++#else
++" subf %0,%2,%0\n"
++#endif
++
++"3:\n"
++ PPC405_ERR77(0,%3)
++" stwcx. %0,0,%3 \n\
++ bne- 1b\n"
++"4:"
++
++#ifdef CONFIG_PAX_REFCOUNT
++ _ASM_EXTABLE(2b, 4b)
++#endif
++
++ : "=&r" (t), "+m" (v->counter)
++ : "r" (a), "r" (&v->counter)
++ : "cc");
++}
++
++static __inline__ void atomic_sub_unchecked(int a, atomic_unchecked_t *v)
++{
++ int t;
++
++ __asm__ __volatile__(
+ "1: lwarx %0,0,%3 # atomic_sub\n\
+ subf %0,%2,%0\n"
+ PPC405_ERR77(0,%3)
+@@ -77,12 +195,49 @@ static __inline__ void atomic_sub(int a, atomic_t *v)
+ : "cc");
+ }
+
++/* Same as atomic_sub but return the value */
+ static __inline__ int atomic_sub_return(int a, atomic_t *v)
+ {
+ int t;
+
+ __asm__ __volatile__(
+ PPC_ATOMIC_ENTRY_BARRIER
++"1: lwarx %0,0,%2 # atomic_sub_return\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++" mcrxr cr0\n"
++" subfo. %0,%1,%0\n"
++" bf 4*cr0+so, 3f\n"
++"2:.long " "0x00c00b00""\n"
++#else
++" subf %0,%1,%0\n"
++#endif
++
++"3:\n"
++ PPC405_ERR77(0,%2)
++" stwcx. %0,0,%2 \n\
++ bne- 1b\n"
++ PPC_ATOMIC_EXIT_BARRIER
++"4:"
++
++#ifdef CONFIG_PAX_REFCOUNT
++ _ASM_EXTABLE(2b, 4b)
++#endif
++
++ : "=&r" (t)
++ : "r" (a), "r" (&v->counter)
++ : "cc", "memory");
++
++ return t;
++}
++
++/* Same as atomic_sub_unchecked but return the value */
++static __inline__ int atomic_sub_return_unchecked(int a, atomic_unchecked_t *v)
++{
++ int t;
++
++ __asm__ __volatile__(
++ PPC_ATOMIC_ENTRY_BARRIER
+ "1: lwarx %0,0,%2 # atomic_sub_return\n\
+ subf %0,%1,%0\n"
+ PPC405_ERR77(0,%2)
+@@ -96,38 +251,23 @@ static __inline__ int atomic_sub_return(int a, atomic_t *v)
+ return t;
+ }
+
+-static __inline__ void atomic_inc(atomic_t *v)
+-{
+- int t;
++/*
++ * atomic_inc - increment atomic variable
++ * @v: pointer of type atomic_t
++ *
++ * Automatically increments @v by 1
++ */
++#define atomic_inc(v) atomic_add(1, (v))
++#define atomic_inc_return(v) atomic_add_return(1, (v))
+
+- __asm__ __volatile__(
+-"1: lwarx %0,0,%2 # atomic_inc\n\
+- addic %0,%0,1\n"
+- PPC405_ERR77(0,%2)
+-" stwcx. %0,0,%2 \n\
+- bne- 1b"
+- : "=&r" (t), "+m" (v->counter)
+- : "r" (&v->counter)
+- : "cc", "xer");
++static __inline__ void atomic_inc_unchecked(atomic_unchecked_t *v)
++{
++ atomic_add_unchecked(1, v);
+ }
+
+-static __inline__ int atomic_inc_return(atomic_t *v)
++static __inline__ int atomic_inc_return_unchecked(atomic_unchecked_t *v)
+ {
+- int t;
+-
+- __asm__ __volatile__(
+- PPC_ATOMIC_ENTRY_BARRIER
+-"1: lwarx %0,0,%1 # atomic_inc_return\n\
+- addic %0,%0,1\n"
+- PPC405_ERR77(0,%1)
+-" stwcx. %0,0,%1 \n\
+- bne- 1b"
+- PPC_ATOMIC_EXIT_BARRIER
+- : "=&r" (t)
+- : "r" (&v->counter)
+- : "cc", "xer", "memory");
+-
+- return t;
++ return atomic_add_return_unchecked(1, v);
+ }
+
+ /*
+@@ -140,43 +280,38 @@ static __inline__ int atomic_inc_return(atomic_t *v)
+ */
+ #define atomic_inc_and_test(v) (atomic_inc_return(v) == 0)
+
+-static __inline__ void atomic_dec(atomic_t *v)
++static __inline__ int atomic_inc_and_test_unchecked(atomic_unchecked_t *v)
+ {
+- int t;
+-
+- __asm__ __volatile__(
+-"1: lwarx %0,0,%2 # atomic_dec\n\
+- addic %0,%0,-1\n"
+- PPC405_ERR77(0,%2)\
+-" stwcx. %0,0,%2\n\
+- bne- 1b"
+- : "=&r" (t), "+m" (v->counter)
+- : "r" (&v->counter)
+- : "cc", "xer");
++ return atomic_add_return_unchecked(1, v) == 0;
+ }
+
+-static __inline__ int atomic_dec_return(atomic_t *v)
++/*
++ * atomic_dec - decrement atomic variable
++ * @v: pointer of type atomic_t
++ *
++ * Atomically decrements @v by 1
++ */
++#define atomic_dec(v) atomic_sub(1, (v))
++#define atomic_dec_return(v) atomic_sub_return(1, (v))
++
++static __inline__ void atomic_dec_unchecked(atomic_unchecked_t *v)
+ {
+- int t;
+-
+- __asm__ __volatile__(
+- PPC_ATOMIC_ENTRY_BARRIER
+-"1: lwarx %0,0,%1 # atomic_dec_return\n\
+- addic %0,%0,-1\n"
+- PPC405_ERR77(0,%1)
+-" stwcx. %0,0,%1\n\
+- bne- 1b"
+- PPC_ATOMIC_EXIT_BARRIER
+- : "=&r" (t)
+- : "r" (&v->counter)
+- : "cc", "xer", "memory");
+-
+- return t;
++ atomic_sub_unchecked(1, v);
+ }
+
+ #define atomic_cmpxchg(v, o, n) (cmpxchg(&((v)->counter), (o), (n)))
+ #define atomic_xchg(v, new) (xchg(&((v)->counter), new))
+
++static inline int atomic_cmpxchg_unchecked(atomic_unchecked_t *v, int old, int new)
++{
++ return cmpxchg(&(v->counter), old, new);
++}
++
++static inline int atomic_xchg_unchecked(atomic_unchecked_t *v, int new)
++{
++ return xchg(&(v->counter), new);
++}
++
+ /**
+ * __atomic_add_unless - add unless the number is a given value
+ * @v: pointer of type atomic_t
+@@ -271,6 +406,11 @@ static __inline__ int atomic_dec_if_positive(atomic_t *v)
+ }
+ #define atomic_dec_if_positive atomic_dec_if_positive
+
++#define smp_mb__before_atomic_dec() smp_mb()
++#define smp_mb__after_atomic_dec() smp_mb()
++#define smp_mb__before_atomic_inc() smp_mb()
++#define smp_mb__after_atomic_inc() smp_mb()
++
+ #ifdef __powerpc64__
+
+ #define ATOMIC64_INIT(i) { (i) }
+@@ -284,11 +424,25 @@ static __inline__ long atomic64_read(const atomic64_t *v)
+ return t;
+ }
+
++static __inline__ long atomic64_read_unchecked(const atomic64_unchecked_t *v)
++{
++ long t;
++
++ __asm__ __volatile__("ld%U1%X1 %0,%1" : "=r"(t) : "m"(v->counter));
++
++ return t;
++}
++
+ static __inline__ void atomic64_set(atomic64_t *v, long i)
+ {
+ __asm__ __volatile__("std%U0%X0 %1,%0" : "=m"(v->counter) : "r"(i));
+ }
+
++static __inline__ void atomic64_set_unchecked(atomic64_unchecked_t *v, long i)
++{
++ __asm__ __volatile__("std%U0%X0 %1,%0" : "=m"(v->counter) : "r"(i));
++}
++
+ static __inline__ void atomic64_add(long a, atomic64_t *v)
+ {
+ long t;
+@@ -303,12 +457,76 @@ static __inline__ void atomic64_add(long a, atomic64_t *v)
+ : "cc");
+ }
+
++static __inline__ void atomic64_add_unchecked(long a, atomic64_unchecked_t *v)
++{
++ long t;
++
++ __asm__ __volatile__(
++"1: ldarx %0,0,%3 # atomic64_add\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++" mcrxr cr0\n"
++" addo. %0,%2,%0\n"
++" bf 4*cr0+so, 3f\n"
++"2:.long " "0x00c00b00""\n"
++#else
++" add %0,%2,%0\n"
++#endif
++
++"3:\n"
++" stdcx. %0,0,%3 \n\
++ bne- 1b\n"
++"4:"
++
++#ifdef CONFIG_PAX_REFCOUNT
++ _ASM_EXTABLE(2b, 4b)
++#endif
++
++ : "=&r" (t), "+m" (v->counter)
++ : "r" (a), "r" (&v->counter)
++ : "cc");
++}
++
+ static __inline__ long atomic64_add_return(long a, atomic64_t *v)
+ {
+ long t;
+
+ __asm__ __volatile__(
+ PPC_ATOMIC_ENTRY_BARRIER
++"1: ldarx %0,0,%2 # atomic64_add_return\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++" mcrxr cr0\n"
++" addo. %0,%1,%0\n"
++" bf 4*cr0+so, 3f\n"
++"2:.long " "0x00c00b00""\n"
++#else
++" add %0,%1,%0\n"
++#endif
++
++"3:\n"
++" stdcx. %0,0,%2 \n\
++ bne- 1b\n"
++ PPC_ATOMIC_EXIT_BARRIER
++"4:"
++
++#ifdef CONFIG_PAX_REFCOUNT
++ _ASM_EXTABLE(2b, 4b)
++#endif
++
++ : "=&r" (t)
++ : "r" (a), "r" (&v->counter)
++ : "cc", "memory");
++
++ return t;
++}
++
++static __inline__ long atomic64_add_return_unchecked(long a, atomic64_unchecked_t *v)
++{
++ long t;
++
++ __asm__ __volatile__(
++ PPC_ATOMIC_ENTRY_BARRIER
+ "1: ldarx %0,0,%2 # atomic64_add_return\n\
+ add %0,%1,%0\n\
+ stdcx. %0,0,%2 \n\
+@@ -328,6 +546,36 @@ static __inline__ void atomic64_sub(long a, atomic64_t *v)
+ long t;
+
+ __asm__ __volatile__(
++"1: ldarx %0,0,%3 # atomic64_sub\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++" mcrxr cr0\n"
++" subfo. %0,%2,%0\n"
++" bf 4*cr0+so, 3f\n"
++"2:.long " "0x00c00b00""\n"
++#else
++" subf %0,%2,%0\n"
++#endif
++
++"3:\n"
++" stdcx. %0,0,%3 \n\
++ bne- 1b"
++"4:"
++
++#ifdef CONFIG_PAX_REFCOUNT
++ _ASM_EXTABLE(2b, 4b)
++#endif
++
++ : "=&r" (t), "+m" (v->counter)
++ : "r" (a), "r" (&v->counter)
++ : "cc");
++}
++
++static __inline__ void atomic64_sub_unchecked(long a, atomic64_unchecked_t *v)
++{
++ long t;
++
++ __asm__ __volatile__(
+ "1: ldarx %0,0,%3 # atomic64_sub\n\
+ subf %0,%2,%0\n\
+ stdcx. %0,0,%3 \n\
+@@ -343,6 +591,40 @@ static __inline__ long atomic64_sub_return(long a, atomic64_t *v)
+
+ __asm__ __volatile__(
+ PPC_ATOMIC_ENTRY_BARRIER
++"1: ldarx %0,0,%2 # atomic64_sub_return\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++" mcrxr cr0\n"
++" subfo. %0,%1,%0\n"
++" bf 4*cr0+so, 3f\n"
++"2:.long " "0x00c00b00""\n"
++#else
++" subf %0,%1,%0\n"
++#endif
++
++"3:\n"
++" stdcx. %0,0,%2 \n\
++ bne- 1b\n"
++ PPC_ATOMIC_EXIT_BARRIER
++"4:"
++
++#ifdef CONFIG_PAX_REFCOUNT
++ _ASM_EXTABLE(2b, 4b)
++#endif
++
++ : "=&r" (t)
++ : "r" (a), "r" (&v->counter)
++ : "cc", "memory");
++
++ return t;
++}
++
++static __inline__ long atomic64_sub_return_unchecked(long a, atomic64_unchecked_t *v)
++{
++ long t;
++
++ __asm__ __volatile__(
++ PPC_ATOMIC_ENTRY_BARRIER
+ "1: ldarx %0,0,%2 # atomic64_sub_return\n\
+ subf %0,%1,%0\n\
+ stdcx. %0,0,%2 \n\
+@@ -355,36 +637,23 @@ static __inline__ long atomic64_sub_return(long a, atomic64_t *v)
+ return t;
+ }
+
+-static __inline__ void atomic64_inc(atomic64_t *v)
+-{
+- long t;
++/*
++ * atomic64_inc - increment atomic variable
++ * @v: pointer of type atomic64_t
++ *
++ * Automatically increments @v by 1
++ */
++#define atomic64_inc(v) atomic64_add(1, (v))
++#define atomic64_inc_return(v) atomic64_add_return(1, (v))
+
+- __asm__ __volatile__(
+-"1: ldarx %0,0,%2 # atomic64_inc\n\
+- addic %0,%0,1\n\
+- stdcx. %0,0,%2 \n\
+- bne- 1b"
+- : "=&r" (t), "+m" (v->counter)
+- : "r" (&v->counter)
+- : "cc", "xer");
++static __inline__ void atomic64_inc_unchecked(atomic64_unchecked_t *v)
++{
++ atomic64_add_unchecked(1, v);
+ }
+
+-static __inline__ long atomic64_inc_return(atomic64_t *v)
++static __inline__ int atomic64_inc_return_unchecked(atomic64_unchecked_t *v)
+ {
+- long t;
+-
+- __asm__ __volatile__(
+- PPC_ATOMIC_ENTRY_BARRIER
+-"1: ldarx %0,0,%1 # atomic64_inc_return\n\
+- addic %0,%0,1\n\
+- stdcx. %0,0,%1 \n\
+- bne- 1b"
+- PPC_ATOMIC_EXIT_BARRIER
+- : "=&r" (t)
+- : "r" (&v->counter)
+- : "cc", "xer", "memory");
+-
+- return t;
++ return atomic64_add_return_unchecked(1, v);
+ }
+
+ /*
+@@ -397,36 +666,18 @@ static __inline__ long atomic64_inc_return(atomic64_t *v)
+ */
+ #define atomic64_inc_and_test(v) (atomic64_inc_return(v) == 0)
+
+-static __inline__ void atomic64_dec(atomic64_t *v)
++/*
++ * atomic64_dec - decrement atomic variable
++ * @v: pointer of type atomic64_t
++ *
++ * Atomically decrements @v by 1
++ */
++#define atomic64_dec(v) atomic64_sub(1, (v))
++#define atomic64_dec_return(v) atomic64_sub_return(1, (v))
++
++static __inline__ void atomic64_dec_unchecked(atomic64_unchecked_t *v)
+ {
+- long t;
+-
+- __asm__ __volatile__(
+-"1: ldarx %0,0,%2 # atomic64_dec\n\
+- addic %0,%0,-1\n\
+- stdcx. %0,0,%2\n\
+- bne- 1b"
+- : "=&r" (t), "+m" (v->counter)
+- : "r" (&v->counter)
+- : "cc", "xer");
+-}
+-
+-static __inline__ long atomic64_dec_return(atomic64_t *v)
+-{
+- long t;
+-
+- __asm__ __volatile__(
+- PPC_ATOMIC_ENTRY_BARRIER
+-"1: ldarx %0,0,%1 # atomic64_dec_return\n\
+- addic %0,%0,-1\n\
+- stdcx. %0,0,%1\n\
+- bne- 1b"
+- PPC_ATOMIC_EXIT_BARRIER
+- : "=&r" (t)
+- : "r" (&v->counter)
+- : "cc", "xer", "memory");
+-
+- return t;
++ atomic64_sub_unchecked(1, v);
+ }
+
+ #define atomic64_sub_and_test(a, v) (atomic64_sub_return((a), (v)) == 0)
+@@ -459,6 +710,16 @@ static __inline__ long atomic64_dec_if_positive(atomic64_t *v)
+ #define atomic64_cmpxchg(v, o, n) (cmpxchg(&((v)->counter), (o), (n)))
+ #define atomic64_xchg(v, new) (xchg(&((v)->counter), new))
+
++static inline long atomic64_cmpxchg_unchecked(atomic64_unchecked_t *v, long old, long new)
++{
++ return cmpxchg(&(v->counter), old, new);
++}
++
++static inline long atomic64_xchg_unchecked(atomic64_unchecked_t *v, long new)
++{
++ return xchg(&(v->counter), new);
++}
++
+ /**
+ * atomic64_add_unless - add unless the number is a given value
+ * @v: pointer of type atomic64_t
diff --git a/arch/powerpc/include/asm/barrier.h b/arch/powerpc/include/asm/barrier.h
index bab79a1..4a3eabc 100644
--- a/arch/powerpc/include/asm/barrier.h
#endif /* __KERNEL__ */
#endif /* _ASM_POWERPC_KMAP_TYPES_H */
diff --git a/arch/powerpc/include/asm/local.h b/arch/powerpc/include/asm/local.h
-index b8da913..60b608a 100644
+index b8da913..c02b593 100644
--- a/arch/powerpc/include/asm/local.h
+++ b/arch/powerpc/include/asm/local.h
-@@ -9,15 +9,26 @@ typedef struct
+@@ -9,21 +9,65 @@ typedef struct
atomic_long_t a;
} local_t;
static __inline__ long local_add_return(long a, local_t *l)
{
-@@ -35,6 +46,7 @@ static __inline__ long local_add_return(long a, local_t *l)
+ long t;
- return t;
- }
-+#define local_add_return_unchecked(i, l) atomic_long_add_return_unchecked((i), (&(l)->a))
-
- #define local_add_negative(a, l) (local_add_return((a), (l)) < 0)
-
-@@ -54,6 +66,7 @@ static __inline__ long local_sub_return(long a, local_t *l)
-
- return t;
- }
-+#define local_sub_return_unchecked(i, l) atomic_long_sub_return_unchecked((i), (&(l)->a))
-
- static __inline__ long local_inc_return(local_t *l)
- {
-@@ -101,6 +114,8 @@ static __inline__ long local_dec_return(local_t *l)
+ __asm__ __volatile__(
++"1:" PPC_LLARX(%0,0,%2,0) " # local_add_return\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++" mcrxr cr0\n"
++" addo. %0,%1,%0\n"
++" bf 4*cr0+so, 3f\n"
++"2:.long " "0x00c00b00""\n"
++#else
++" add %0,%1,%0\n"
++#endif
++
++"3:\n"
++ PPC405_ERR77(0,%2)
++ PPC_STLCX "%0,0,%2 \n\
++ bne- 1b"
++
++#ifdef CONFIG_PAX_REFCOUNT
++"\n4:\n"
++ _ASM_EXTABLE(2b, 4b)
++#endif
++
++ : "=&r" (t)
++ : "r" (a), "r" (&(l->a.counter))
++ : "cc", "memory");
++
++ return t;
++}
++
++static __inline__ long local_add_return_unchecked(long a, local_unchecked_t *l)
++{
++ long t;
++
++ __asm__ __volatile__(
+ "1:" PPC_LLARX(%0,0,%2,0) " # local_add_return\n\
+ add %0,%1,%0\n"
+ PPC405_ERR77(0,%2)
+@@ -101,6 +145,8 @@ static __inline__ long local_dec_return(local_t *l)
#define local_cmpxchg(l, o, n) \
(cmpxchg_local(&((l)->a.counter), (o), (n)))
extern void smp_send_debugger_break(void);
extern void start_secondary_resume(void);
+diff --git a/arch/powerpc/include/asm/spinlock.h b/arch/powerpc/include/asm/spinlock.h
+index 4dbe072..b803275 100644
+--- a/arch/powerpc/include/asm/spinlock.h
++++ b/arch/powerpc/include/asm/spinlock.h
+@@ -204,13 +204,29 @@ static inline long __arch_read_trylock(arch_rwlock_t *rw)
+ __asm__ __volatile__(
+ "1: " PPC_LWARX(%0,0,%1,1) "\n"
+ __DO_SIGN_EXTEND
+-" addic. %0,%0,1\n\
+- ble- 2f\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++" mcrxr cr0\n"
++" addico. %0,%0,1\n"
++" bf 4*cr0+so, 3f\n"
++"2:.long " "0x00c00b00""\n"
++#else
++" addic. %0,%0,1\n"
++#endif
++
++"3:\n"
++ "ble- 4f\n"
+ PPC405_ERR77(0,%1)
+ " stwcx. %0,0,%1\n\
+ bne- 1b\n"
+ PPC_ACQUIRE_BARRIER
+-"2:" : "=&r" (tmp)
++"4:"
++
++#ifdef CONFIG_PAX_REFCOUNT
++ _ASM_EXTABLE(2b,4b)
++#endif
++
++ : "=&r" (tmp)
+ : "r" (&rw->lock)
+ : "cr0", "xer", "memory");
+
+@@ -286,11 +302,27 @@ static inline void arch_read_unlock(arch_rwlock_t *rw)
+ __asm__ __volatile__(
+ "# read_unlock\n\t"
+ PPC_RELEASE_BARRIER
+-"1: lwarx %0,0,%1\n\
+- addic %0,%0,-1\n"
++"1: lwarx %0,0,%1\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++" mcrxr cr0\n"
++" addico. %0,%0,-1\n"
++" bf 4*cr0+so, 3f\n"
++"2:.long " "0x00c00b00""\n"
++#else
++" addic. %0,%0,-1\n"
++#endif
++
++"3:\n"
+ PPC405_ERR77(0,%1)
+ " stwcx. %0,0,%1\n\
+ bne- 1b"
++
++#ifdef CONFIG_PAX_REFCOUNT
++"\n4:\n"
++ _ASM_EXTABLE(2b, 4b)
++#endif
++
+ : "=&r"(tmp)
+ : "r"(&rw->lock)
+ : "cr0", "xer", "memory");
diff --git a/arch/powerpc/include/asm/thread_info.h b/arch/powerpc/include/asm/thread_info.h
index b034ecd..af7e31f 100644
--- a/arch/powerpc/include/asm/thread_info.h
} else {
err |= setup_trampoline(__NR_rt_sigreturn, &frame->tramp[0]);
diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c
-index 0dc43f9..7893068 100644
+index 0dc43f9..a885d33 100644
--- a/arch/powerpc/kernel/traps.c
+++ b/arch/powerpc/kernel/traps.c
-@@ -142,6 +142,8 @@ static unsigned __kprobes long oops_begin(struct pt_regs *regs)
+@@ -36,6 +36,7 @@
+ #include <linux/debugfs.h>
+ #include <linux/ratelimit.h>
+ #include <linux/context_tracking.h>
++#include <linux/uaccess.h>
+
+ #include <asm/emulated_ops.h>
+ #include <asm/pgtable.h>
+@@ -142,6 +143,8 @@ static unsigned __kprobes long oops_begin(struct pt_regs *regs)
return flags;
}
static void __kprobes oops_end(unsigned long flags, struct pt_regs *regs,
int signr)
{
-@@ -191,6 +193,9 @@ static void __kprobes oops_end(unsigned long flags, struct pt_regs *regs,
+@@ -191,6 +194,9 @@ static void __kprobes oops_end(unsigned long flags, struct pt_regs *regs,
panic("Fatal exception in interrupt");
if (panic_on_oops)
panic("Fatal exception");
do_exit(signr);
}
+@@ -1137,6 +1143,26 @@ void __kprobes program_check_exception(struct pt_regs *regs)
+ enum ctx_state prev_state = exception_enter();
+ unsigned int reason = get_reason(regs);
+
++#ifdef CONFIG_PAX_REFCOUNT
++ unsigned int bkpt;
++ const struct exception_table_entry *entry;
++
++ if (reason & REASON_ILLEGAL) {
++ /* Check if PaX bad instruction */
++ if (!probe_kernel_address(regs->nip, bkpt) && bkpt == 0xc00b00) {
++ current->thread.trap_nr = 0;
++ pax_report_refcount_overflow(regs);
++ /* fixup_exception() for PowerPC does not exist, simulate its job */
++ if ((entry = search_exception_tables(regs->nip)) != NULL) {
++ regs->nip = entry->fixup;
++ return;
++ }
++ /* fixup_exception() could not handle */
++ goto bail;
++ }
++ }
++#endif
++
+ /* We can now get here via a FP Unavailable exception if the core
+ * has no FPU, in that case the reason flags will be 0 */
+
diff --git a/arch/powerpc/kernel/vdso.c b/arch/powerpc/kernel/vdso.c
index f174351..5722009 100644
--- a/arch/powerpc/kernel/vdso.c
extern unsigned long sparc64_elf_hwcap;
#define ELF_HWCAP sparc64_elf_hwcap
-diff --git a/arch/sparc/include/asm/oplib_64.h b/arch/sparc/include/asm/oplib_64.h
-index f346824..2e3a4ad 100644
---- a/arch/sparc/include/asm/oplib_64.h
-+++ b/arch/sparc/include/asm/oplib_64.h
-@@ -62,7 +62,8 @@ struct linux_mem_p1275 {
- /* You must call prom_init() before using any of the library services,
- * preferably as early as possible. Pass it the romvec pointer.
- */
--void prom_init(void *cif_handler, void *cif_stack);
-+void prom_init(void *cif_handler);
-+void prom_init_report(void);
-
- /* Boot argument acquisition, returns the boot command line string. */
- char *prom_getbootargs(void);
diff --git a/arch/sparc/include/asm/pgalloc_32.h b/arch/sparc/include/asm/pgalloc_32.h
index a3890da..f6a408e 100644
--- a/arch/sparc/include/asm/pgalloc_32.h
static inline pmd_t *pmd_alloc_one(struct mm_struct *mm,
unsigned long address)
diff --git a/arch/sparc/include/asm/pgalloc_64.h b/arch/sparc/include/asm/pgalloc_64.h
-index 39a7ac4..2c9b586 100644
+index 5e31871..b71c9d7 100644
--- a/arch/sparc/include/asm/pgalloc_64.h
+++ b/arch/sparc/include/asm/pgalloc_64.h
-@@ -26,6 +26,7 @@ static inline void pgd_free(struct mm_struct *mm, pgd_t *pgd)
+@@ -38,6 +38,7 @@ static inline void __pud_populate(pud_t *pud, pmd_t *pmd)
}
- #define pud_populate(MM, PUD, PMD) pud_set(PUD, PMD)
+ #define pud_populate(MM, PUD, PMD) __pud_populate(PUD, PMD)
+#define pud_populate_kernel(MM, PUD, PMD) pud_populate((MM), (PUD), (PMD))
- static inline pmd_t *pmd_alloc_one(struct mm_struct *mm, unsigned long addr)
+ static inline pud_t *pud_alloc_one(struct mm_struct *mm, unsigned long addr)
{
diff --git a/arch/sparc/include/asm/pgtable.h b/arch/sparc/include/asm/pgtable.h
index 59ba6f6..4518128 100644
SRMMU_DIRTY | SRMMU_REF)
diff --git a/arch/sparc/include/asm/setup.h b/arch/sparc/include/asm/setup.h
-index f5fffd8..4272fe8 100644
+index 29d64b1..4272fe8 100644
--- a/arch/sparc/include/asm/setup.h
+++ b/arch/sparc/include/asm/setup.h
-@@ -48,13 +48,15 @@ unsigned long safe_compute_effective_address(struct pt_regs *, unsigned int);
- #endif
-
- #ifdef CONFIG_SPARC64
-+void __init start_early_boot(void);
-+
- /* unaligned_64.c */
- int handle_ldf_stq(u32 insn, struct pt_regs *regs);
+@@ -55,8 +55,8 @@ int handle_ldf_stq(u32 insn, struct pt_regs *regs);
void handle_ld_nf(u32 insn, struct pt_regs *regs);
/* init_64.c */
/*
diff --git a/arch/sparc/include/asm/thread_info_64.h b/arch/sparc/include/asm/thread_info_64.h
-index a5f01ac..a8811dd 100644
+index cc6275c..7eb8e21 100644
--- a/arch/sparc/include/asm/thread_info_64.h
+++ b/arch/sparc/include/asm/thread_info_64.h
-@@ -63,7 +63,10 @@ struct thread_info {
+@@ -63,6 +63,8 @@ struct thread_info {
struct pt_regs *kern_una_regs;
unsigned int kern_una_insn;
-- unsigned long fpregs[0] __attribute__ ((aligned(64)));
+ unsigned long lowest_stack;
+
-+ unsigned long fpregs[(7 * 256) / sizeof(unsigned long)]
-+ __attribute__ ((aligned(64)));
+ unsigned long fpregs[(7 * 256) / sizeof(unsigned long)]
+ __attribute__ ((aligned(64)));
};
-
- #endif /* !(__ASSEMBLY__) */
-@@ -188,12 +191,13 @@ register struct thread_info *current_thread_info_reg asm("g6");
+@@ -190,12 +192,13 @@ register struct thread_info *current_thread_info_reg asm("g6");
#define TIF_NEED_RESCHED 3 /* rescheduling necessary */
/* flag bit 4 is available */
#define TIF_UNALIGNED 5 /* allowed to do unaligned accesses */
/* NOTE: Thread flags >= 12 should be ones we have no interest
* in using in assembly, else we can't use the mask as
* an immediate value in instructions such as andcc.
-@@ -213,12 +217,18 @@ register struct thread_info *current_thread_info_reg asm("g6");
+@@ -215,12 +218,18 @@ register struct thread_info *current_thread_info_reg asm("g6");
#define _TIF_SYSCALL_AUDIT (1<<TIF_SYSCALL_AUDIT)
#define _TIF_SYSCALL_TRACEPOINT (1<<TIF_SYSCALL_TRACEPOINT)
#define _TIF_POLLING_NRFLAG (1<<TIF_POLLING_NRFLAG)
extra-y := head_$(BITS).o
-diff --git a/arch/sparc/kernel/entry.h b/arch/sparc/kernel/entry.h
-index ebaba61..88d322b 100644
---- a/arch/sparc/kernel/entry.h
-+++ b/arch/sparc/kernel/entry.h
-@@ -65,13 +65,10 @@ struct pause_patch_entry {
- extern struct pause_patch_entry __pause_3insn_patch,
- __pause_3insn_patch_end;
-
--void __init per_cpu_patch(void);
- void sun4v_patch_1insn_range(struct sun4v_1insn_patch_entry *,
- struct sun4v_1insn_patch_entry *);
- void sun4v_patch_2insn_range(struct sun4v_2insn_patch_entry *,
- struct sun4v_2insn_patch_entry *);
--void __init sun4v_patch(void);
--void __init boot_cpu_id_too_large(int cpu);
- extern unsigned int dcache_parity_tl1_occurred;
- extern unsigned int icache_parity_tl1_occurred;
-
-diff --git a/arch/sparc/kernel/head_64.S b/arch/sparc/kernel/head_64.S
-index 452f04fe..fbea0ac 100644
---- a/arch/sparc/kernel/head_64.S
-+++ b/arch/sparc/kernel/head_64.S
-@@ -660,14 +660,12 @@ tlb_fixup_done:
- sethi %hi(init_thread_union), %g6
- or %g6, %lo(init_thread_union), %g6
- ldx [%g6 + TI_TASK], %g4
-- mov %sp, %l6
-
- wr %g0, ASI_P, %asi
- mov 1, %g1
- sllx %g1, THREAD_SHIFT, %g1
- sub %g1, (STACKFRAME_SZ + STACK_BIAS), %g1
- add %g6, %g1, %sp
-- mov 0, %fp
-
- /* Set per-cpu pointer initially to zero, this makes
- * the boot-cpu use the in-kernel-image per-cpu areas
-@@ -694,44 +692,14 @@ tlb_fixup_done:
- nop
- #endif
-
-- mov %l6, %o1 ! OpenPROM stack
- call prom_init
- mov %l7, %o0 ! OpenPROM cif handler
-
-- /* Initialize current_thread_info()->cpu as early as possible.
-- * In order to do that accurately we have to patch up the get_cpuid()
-- * assembler sequences. And that, in turn, requires that we know
-- * if we are on a Starfire box or not. While we're here, patch up
-- * the sun4v sequences as well.
-+ /* To create a one-register-window buffer between the kernel's
-+ * initial stack and the last stack frame we use from the firmware,
-+ * do the rest of the boot from a C helper function.
- */
-- call check_if_starfire
-- nop
-- call per_cpu_patch
-- nop
-- call sun4v_patch
-- nop
--
--#ifdef CONFIG_SMP
-- call hard_smp_processor_id
-- nop
-- cmp %o0, NR_CPUS
-- blu,pt %xcc, 1f
-- nop
-- call boot_cpu_id_too_large
-- nop
-- /* Not reached... */
--
--1:
--#else
-- mov 0, %o0
--#endif
-- sth %o0, [%g6 + TI_CPU]
--
-- call prom_init_report
-- nop
--
-- /* Off we go.... */
-- call start_kernel
-+ call start_early_boot
- nop
- /* Not reached... */
-
-diff --git a/arch/sparc/kernel/hvtramp.S b/arch/sparc/kernel/hvtramp.S
-index b7ddcdd..cdbfec2 100644
---- a/arch/sparc/kernel/hvtramp.S
-+++ b/arch/sparc/kernel/hvtramp.S
-@@ -109,7 +109,6 @@ hv_cpu_startup:
- sllx %g5, THREAD_SHIFT, %g5
- sub %g5, (STACKFRAME_SZ + STACK_BIAS), %g5
- add %g6, %g5, %sp
-- mov 0, %fp
-
- call init_irqwork_curcpu
- nop
diff --git a/arch/sparc/kernel/process_32.c b/arch/sparc/kernel/process_32.c
index 50e7b62..79fae35 100644
--- a/arch/sparc/kernel/process_32.c
audit_syscall_exit(regs);
if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
-diff --git a/arch/sparc/kernel/setup_64.c b/arch/sparc/kernel/setup_64.c
-index 3fdb455..949f773 100644
---- a/arch/sparc/kernel/setup_64.c
-+++ b/arch/sparc/kernel/setup_64.c
-@@ -30,6 +30,7 @@
- #include <linux/cpu.h>
- #include <linux/initrd.h>
- #include <linux/module.h>
-+#include <linux/start_kernel.h>
-
- #include <asm/io.h>
- #include <asm/processor.h>
-@@ -174,7 +175,7 @@ char reboot_command[COMMAND_LINE_SIZE];
-
- static struct pt_regs fake_swapper_regs = { { 0, }, 0, 0, 0, 0 };
-
--void __init per_cpu_patch(void)
-+static void __init per_cpu_patch(void)
- {
- struct cpuid_patch_entry *p;
- unsigned long ver;
-@@ -266,7 +267,7 @@ void sun4v_patch_2insn_range(struct sun4v_2insn_patch_entry *start,
- }
- }
-
--void __init sun4v_patch(void)
-+static void __init sun4v_patch(void)
- {
- extern void sun4v_hvapi_init(void);
-
-@@ -335,14 +336,25 @@ static void __init pause_patch(void)
- }
- }
-
--#ifdef CONFIG_SMP
--void __init boot_cpu_id_too_large(int cpu)
-+void __init start_early_boot(void)
- {
-- prom_printf("Serious problem, boot cpu id (%d) >= NR_CPUS (%d)\n",
-- cpu, NR_CPUS);
-- prom_halt();
-+ int cpu;
-+
-+ check_if_starfire();
-+ per_cpu_patch();
-+ sun4v_patch();
-+
-+ cpu = hard_smp_processor_id();
-+ if (cpu >= NR_CPUS) {
-+ prom_printf("Serious problem, boot cpu id (%d) >= NR_CPUS (%d)\n",
-+ cpu, NR_CPUS);
-+ prom_halt();
-+ }
-+ current_thread_info()->cpu = cpu;
-+
-+ prom_init_report();
-+ start_kernel();
- }
--#endif
-
- /* On Ultra, we support all of the v8 capabilities. */
- unsigned long sparc64_elf_hwcap = (HWCAP_SPARC_FLUSH | HWCAP_SPARC_STBAR |
diff --git a/arch/sparc/kernel/smp_64.c b/arch/sparc/kernel/smp_64.c
-index f7ba875..b65677e 100644
+index 81954ee..6cfaa98 100644
--- a/arch/sparc/kernel/smp_64.c
+++ b/arch/sparc/kernel/smp_64.c
-@@ -883,7 +883,7 @@ void smp_flush_dcache_page_impl(struct page *page, int cpu)
+@@ -887,7 +887,7 @@ void smp_flush_dcache_page_impl(struct page *page, int cpu)
return;
#ifdef CONFIG_DEBUG_DCFLUSH
#endif
this_cpu = get_cpu();
-@@ -907,7 +907,7 @@ void smp_flush_dcache_page_impl(struct page *page, int cpu)
+@@ -911,7 +911,7 @@ void smp_flush_dcache_page_impl(struct page *page, int cpu)
xcall_deliver(data0, __pa(pg_addr),
(u64) pg_addr, cpumask_of(cpu));
#ifdef CONFIG_DEBUG_DCFLUSH
#endif
}
}
-@@ -926,7 +926,7 @@ void flush_dcache_page_all(struct mm_struct *mm, struct page *page)
+@@ -930,7 +930,7 @@ void flush_dcache_page_all(struct mm_struct *mm, struct page *page)
preempt_disable();
#ifdef CONFIG_DEBUG_DCFLUSH
#endif
data0 = 0;
pg_addr = page_address(page);
-@@ -943,7 +943,7 @@ void flush_dcache_page_all(struct mm_struct *mm, struct page *page)
+@@ -947,7 +947,7 @@ void flush_dcache_page_all(struct mm_struct *mm, struct page *page)
xcall_deliver(data0, __pa(pg_addr),
(u64) pg_addr, cpu_online_mask);
#ifdef CONFIG_DEBUG_DCFLUSH
ldx [%sp + PTREGS_OFF + PT_V9_TNPC], %l1 ! pc = npc
2:
-diff --git a/arch/sparc/kernel/trampoline_64.S b/arch/sparc/kernel/trampoline_64.S
-index 737f8cb..88ede1d 100644
---- a/arch/sparc/kernel/trampoline_64.S
-+++ b/arch/sparc/kernel/trampoline_64.S
-@@ -109,10 +109,13 @@ startup_continue:
- brnz,pn %g1, 1b
- nop
-
-- sethi %hi(p1275buf), %g2
-- or %g2, %lo(p1275buf), %g2
-- ldx [%g2 + 0x10], %l2
-- add %l2, -(192 + 128), %sp
-+ /* Get onto temporary stack which will be in the locked
-+ * kernel image.
-+ */
-+ sethi %hi(tramp_stack), %g1
-+ or %g1, %lo(tramp_stack), %g1
-+ add %g1, TRAMP_STACK_SIZE, %g1
-+ sub %g1, STACKFRAME_SZ + STACK_BIAS + 256, %sp
- flushw
-
- /* Setup the loop variables:
-@@ -394,7 +397,6 @@ after_lock_tlb:
- sllx %g5, THREAD_SHIFT, %g5
- sub %g5, (STACKFRAME_SZ + STACK_BIAS), %g5
- add %g6, %g5, %sp
-- mov 0, %fp
-
- rdpr %pstate, %o1
- or %o1, PSTATE_IE, %o1
diff --git a/arch/sparc/kernel/traps_32.c b/arch/sparc/kernel/traps_32.c
index 6fd386c5..6907d81 100644
--- a/arch/sparc/kernel/traps_32.c
}
diff --git a/arch/sparc/kernel/traps_64.c b/arch/sparc/kernel/traps_64.c
-index fb6640e..2daada8 100644
+index 981a769..d906eda 100644
--- a/arch/sparc/kernel/traps_64.c
+++ b/arch/sparc/kernel/traps_64.c
@@ -79,7 +79,7 @@ static void dump_tl1_traplog(struct tl1_traplog *p)
+ atomic_inc_unchecked(&sun4v_nonresum_oflow_cnt);
}
- unsigned long sun4v_err_itlb_vaddr;
-@@ -2116,9 +2127,9 @@ void sun4v_itlb_error_report(struct pt_regs *regs, int tl)
+ static void sun4v_tlb_error(struct pt_regs *regs)
+@@ -2120,9 +2131,9 @@ void sun4v_itlb_error_report(struct pt_regs *regs, int tl)
printk(KERN_EMERG "SUN4V-ITLB: Error at TPC[%lx], tl %d\n",
regs->tpc, tl);
(void *) regs->u_regs[UREG_I7]);
printk(KERN_EMERG "SUN4V-ITLB: vaddr[%lx] ctx[%lx] "
"pte[%lx] error[%lx]\n",
-@@ -2140,9 +2151,9 @@ void sun4v_dtlb_error_report(struct pt_regs *regs, int tl)
+@@ -2143,9 +2154,9 @@ void sun4v_dtlb_error_report(struct pt_regs *regs, int tl)
printk(KERN_EMERG "SUN4V-DTLB: Error at TPC[%lx], tl %d\n",
regs->tpc, tl);
(void *) regs->u_regs[UREG_I7]);
printk(KERN_EMERG "SUN4V-DTLB: vaddr[%lx] ctx[%lx] "
"pte[%lx] error[%lx]\n",
-@@ -2359,13 +2370,13 @@ void show_stack(struct task_struct *tsk, unsigned long *_ksp)
+@@ -2362,13 +2373,13 @@ void show_stack(struct task_struct *tsk, unsigned long *_ksp)
fp = (unsigned long)sf->fp + STACK_BIAS;
}
graph++;
}
}
-@@ -2383,6 +2394,8 @@ static inline struct reg_window *kernel_stack_up(struct reg_window *rw)
+@@ -2386,6 +2397,8 @@ static inline struct reg_window *kernel_stack_up(struct reg_window *rw)
return (struct reg_window *) (fp + STACK_BIAS);
}
void __noreturn die_if_kernel(char *str, struct pt_regs *regs)
{
static int die_counter;
-@@ -2411,7 +2424,7 @@ void __noreturn die_if_kernel(char *str, struct pt_regs *regs)
+@@ -2414,7 +2427,7 @@ void __noreturn die_if_kernel(char *str, struct pt_regs *regs)
while (rw &&
count++ < 30 &&
kstack_valid(tp, (unsigned long) rw)) {
(void *) rw->ins[7]);
rw = kernel_stack_up(rw);
-@@ -2424,8 +2437,10 @@ void __noreturn die_if_kernel(char *str, struct pt_regs *regs)
+@@ -2427,8 +2440,10 @@ void __noreturn die_if_kernel(char *str, struct pt_regs *regs)
}
user_instruction_dump ((unsigned int __user *) regs->tpc);
}
if (!(vma->vm_flags & (VM_READ | VM_EXEC)))
goto bad_area;
diff --git a/arch/sparc/mm/fault_64.c b/arch/sparc/mm/fault_64.c
-index 587cd05..fbdf17a 100644
+index 18fcd71..e4fe821 100644
--- a/arch/sparc/mm/fault_64.c
+++ b/arch/sparc/mm/fault_64.c
@@ -22,6 +22,9 @@
asmlinkage void __kprobes do_sparc64_fault(struct pt_regs *regs)
{
enum ctx_state prev_state = exception_enter();
-@@ -350,6 +813,29 @@ retry:
+@@ -353,6 +816,29 @@ retry:
if (!vma)
goto bad_area;
/* Pure DTLB misses do not tell us whether the fault causing
* load/store/atomic was a write or not, it only says that there
* was no match. So in such a case we (carefully) read the
-diff --git a/arch/sparc/mm/gup.c b/arch/sparc/mm/gup.c
-index 1aed043..ae6ce38 100644
---- a/arch/sparc/mm/gup.c
-+++ b/arch/sparc/mm/gup.c
-@@ -160,6 +160,36 @@ static int gup_pud_range(pgd_t pgd, unsigned long addr, unsigned long end,
- return 1;
- }
-
-+int __get_user_pages_fast(unsigned long start, int nr_pages, int write,
-+ struct page **pages)
-+{
-+ struct mm_struct *mm = current->mm;
-+ unsigned long addr, len, end;
-+ unsigned long next, flags;
-+ pgd_t *pgdp;
-+ int nr = 0;
-+
-+ start &= PAGE_MASK;
-+ addr = start;
-+ len = (unsigned long) nr_pages << PAGE_SHIFT;
-+ end = start + len;
-+
-+ local_irq_save(flags);
-+ pgdp = pgd_offset(mm, addr);
-+ do {
-+ pgd_t pgd = *pgdp;
-+
-+ next = pgd_addr_end(addr, end);
-+ if (pgd_none(pgd))
-+ break;
-+ if (!gup_pud_range(pgd, addr, next, write, pages, &nr))
-+ break;
-+ } while (pgdp++, addr = next, addr != end);
-+ local_irq_restore(flags);
-+
-+ return nr;
-+}
-+
- int get_user_pages_fast(unsigned long start, int nr_pages, int write,
- struct page **pages)
- {
diff --git a/arch/sparc/mm/hugetlbpage.c b/arch/sparc/mm/hugetlbpage.c
index d329537..2c3746a 100644
--- a/arch/sparc/mm/hugetlbpage.c
pte_t *huge_pte_alloc(struct mm_struct *mm,
diff --git a/arch/sparc/mm/init_64.c b/arch/sparc/mm/init_64.c
-index 98ac8e8..ba7dd39 100644
+index 04bc826..0fefab9 100644
--- a/arch/sparc/mm/init_64.c
+++ b/arch/sparc/mm/init_64.c
-@@ -190,9 +190,9 @@ unsigned long sparc64_kern_sec_context __read_mostly;
+@@ -186,9 +186,9 @@ unsigned long sparc64_kern_sec_context __read_mostly;
int num_kernel_image_mappings;
#ifdef CONFIG_DEBUG_DCFLUSH
#endif
#endif
-@@ -200,7 +200,7 @@ inline void flush_dcache_page_impl(struct page *page)
+@@ -196,7 +196,7 @@ inline void flush_dcache_page_impl(struct page *page)
{
BUG_ON(tlb_type == hypervisor);
#ifdef CONFIG_DEBUG_DCFLUSH
#endif
#ifdef DCACHE_ALIASING_POSSIBLE
-@@ -472,10 +472,10 @@ void mmu_info(struct seq_file *m)
+@@ -468,10 +468,10 @@ void mmu_info(struct seq_file *m)
#ifdef CONFIG_DEBUG_DCFLUSH
seq_printf(m, "DCPageFlushes\t: %d\n",
+
+ bpf_prog_unlock_free(fp);
}
-diff --git a/arch/sparc/prom/cif.S b/arch/sparc/prom/cif.S
-index 9c86b4b..8050f38 100644
---- a/arch/sparc/prom/cif.S
-+++ b/arch/sparc/prom/cif.S
-@@ -11,11 +11,10 @@
- .text
- .globl prom_cif_direct
- prom_cif_direct:
-+ save %sp, -192, %sp
- sethi %hi(p1275buf), %o1
- or %o1, %lo(p1275buf), %o1
-- ldx [%o1 + 0x0010], %o2 ! prom_cif_stack
-- save %o2, -192, %sp
-- ldx [%i1 + 0x0008], %l2 ! prom_cif_handler
-+ ldx [%o1 + 0x0008], %l2 ! prom_cif_handler
- mov %g4, %l0
- mov %g5, %l1
- mov %g6, %l3
-diff --git a/arch/sparc/prom/init_64.c b/arch/sparc/prom/init_64.c
-index d95db75..110b0d7 100644
---- a/arch/sparc/prom/init_64.c
-+++ b/arch/sparc/prom/init_64.c
-@@ -26,13 +26,13 @@ phandle prom_chosen_node;
- * It gets passed the pointer to the PROM vector.
- */
-
--extern void prom_cif_init(void *, void *);
-+extern void prom_cif_init(void *);
-
--void __init prom_init(void *cif_handler, void *cif_stack)
-+void __init prom_init(void *cif_handler)
- {
- phandle node;
-
-- prom_cif_init(cif_handler, cif_stack);
-+ prom_cif_init(cif_handler);
-
- prom_chosen_node = prom_finddevice(prom_chosen_path);
- if (!prom_chosen_node || (s32)prom_chosen_node == -1)
-diff --git a/arch/sparc/prom/p1275.c b/arch/sparc/prom/p1275.c
-index e58b817..c27c30e4 100644
---- a/arch/sparc/prom/p1275.c
-+++ b/arch/sparc/prom/p1275.c
-@@ -19,7 +19,6 @@
- struct {
- long prom_callback; /* 0x00 */
- void (*prom_cif_handler)(long *); /* 0x08 */
-- unsigned long prom_cif_stack; /* 0x10 */
- } p1275buf;
-
- extern void prom_world(int);
-@@ -51,5 +50,4 @@ void p1275_cmd_direct(unsigned long *args)
- void prom_cif_init(void *cif_handler, void *cif_stack)
- {
- p1275buf.prom_cif_handler = (void (*)(long *))cif_handler;
-- p1275buf.prom_cif_stack = (unsigned long)cif_stack;
- }
diff --git a/arch/tile/Kconfig b/arch/tile/Kconfig
index 7fcd492..1311074 100644
--- a/arch/tile/Kconfig
}
diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
-index 0fcd913..3bb5c42 100644
+index 14fe7cb..829b962 100644
--- a/arch/x86/boot/compressed/Makefile
+++ b/arch/x86/boot/compressed/Makefile
@@ -16,6 +16,9 @@ KBUILD_CFLAGS += $(cflags-y)
.previous
diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/head_32.S
-index cbed140..5f2ca57 100644
+index 1d7fbbc..36ecd58 100644
--- a/arch/x86/boot/compressed/head_32.S
+++ b/arch/x86/boot/compressed/head_32.S
@@ -140,10 +140,10 @@ preferred_addr:
/* Target address to relocate to for decompression */
diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S
-index 2884e0c..904a2f7 100644
+index 6b1766c..ad465c9 100644
--- a/arch/x86/boot/compressed/head_64.S
+++ b/arch/x86/boot/compressed/head_64.S
@@ -94,10 +94,10 @@ ENTRY(startup_32)
1:
/* Target address to relocate to for decompression */
-@@ -431,8 +431,8 @@ gdt:
+@@ -434,8 +434,8 @@ gdt:
.long gdt
.word 0
.quad 0x0000000000000000 /* NULL descriptor */
.quad 0x0000000000000000 /* TS continued */
gdt_end:
diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c
-index 57ab74d..7c52182 100644
+index 30dd59a..cd9edc3 100644
--- a/arch/x86/boot/compressed/misc.c
+++ b/arch/x86/boot/compressed/misc.c
@@ -242,7 +242,7 @@ static void handle_relocations(void *output, unsigned long output_len)
break;
default: /* Ignore other PT_* */ break;
}
-@@ -395,7 +398,7 @@ asmlinkage __visible void *decompress_kernel(void *rmode, memptr heap,
+@@ -402,7 +405,7 @@ asmlinkage __visible void *decompress_kernel(void *rmode, memptr heap,
error("Destination address too large");
#endif
#ifndef CONFIG_RELOCATABLE
err |= copy_siginfo_to_user32(&frame->info, &ksig->info);
diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S
-index 4299eb0..fefe70e 100644
+index 92a2e93..cd4d95f 100644
--- a/arch/x86/ia32/ia32entry.S
+++ b/arch/x86/ia32/ia32entry.S
@@ -15,8 +15,10 @@
movl %ebp,%ebp /* zero extension */
pushq_cfi $__USER32_DS
/*CFI_REL_OFFSET ss,0*/
-@@ -135,24 +157,49 @@ ENTRY(ia32_sysenter_target)
+@@ -135,23 +157,46 @@ ENTRY(ia32_sysenter_target)
CFI_REL_OFFSET rsp,0
pushfq_cfi
/*CFI_REL_OFFSET rflags,0*/
1: movl (%rbp),%ebp
_ASM_EXTABLE(1b,ia32_badarg)
ASM_CLAC
-- orl $TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET)
-- testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET)
-+
+
+#ifdef CONFIG_PAX_MEMORY_UDEREF
+ ASM_PAX_CLOSE_USERLAND
+#endif
+
+ /*
+ * Sysenter doesn't filter flags, so we need to clear NT
+ * ourselves. To save a few cycles, we can check whether
+@@ -161,8 +206,9 @@ ENTRY(ia32_sysenter_target)
+ jnz sysenter_fix_flags
+ sysenter_flags_fixed:
+
+- orl $TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET)
+- testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET)
+ GET_THREAD_INFO(%r11)
+ orl $TS_COMPAT,TI_status(%r11)
+ testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r11)
CFI_REMEMBER_STATE
jnz sysenter_tracesys
cmpq $(IA32_NR_syscalls-1),%rax
-@@ -162,15 +209,18 @@ sysenter_do_call:
+@@ -172,15 +218,18 @@ sysenter_do_call:
sysenter_dispatch:
call *ia32_sys_call_table(,%rax,8)
movq %rax,RAX-ARGOFFSET(%rsp)
CFI_REGISTER rip,rdx
RESTORE_ARGS 0,24,0,0,0,0
xorq %r8,%r8
-@@ -193,6 +243,9 @@ sysexit_from_sys_call:
+@@ -205,6 +254,9 @@ sysexit_from_sys_call:
movl %eax,%esi /* 2nd arg: syscall number */
movl $AUDIT_ARCH_I386,%edi /* 1st arg: audit arch */
call __audit_syscall_entry
movl RAX-ARGOFFSET(%rsp),%eax /* reload syscall number */
cmpq $(IA32_NR_syscalls-1),%rax
ja ia32_badsys
-@@ -204,7 +257,7 @@ sysexit_from_sys_call:
+@@ -216,7 +268,7 @@ sysexit_from_sys_call:
.endm
.macro auditsys_exit exit
jnz ia32_ret_from_sys_call
TRACE_IRQS_ON
ENABLE_INTERRUPTS(CLBR_NONE)
-@@ -215,11 +268,12 @@ sysexit_from_sys_call:
+@@ -227,11 +279,12 @@ sysexit_from_sys_call:
1: setbe %al /* 1 if error, 0 if not */
movzbl %al,%edi /* zero-extend that into %edi */
call __audit_syscall_exit
jz \exit
CLEAR_RREGS -ARGOFFSET
jmp int_with_check
-@@ -237,7 +291,7 @@ sysexit_audit:
+@@ -253,7 +306,7 @@ sysenter_fix_flags:
sysenter_tracesys:
#ifdef CONFIG_AUDITSYSCALL
jz sysenter_auditsys
#endif
SAVE_REST
-@@ -249,6 +303,9 @@ sysenter_tracesys:
+@@ -265,6 +318,9 @@ sysenter_tracesys:
RESTORE_REST
cmpq $(IA32_NR_syscalls-1),%rax
ja int_ret_from_sys_call /* sysenter_tracesys has set RAX(%rsp) */
jmp sysenter_do_call
CFI_ENDPROC
ENDPROC(ia32_sysenter_target)
-@@ -276,19 +333,25 @@ ENDPROC(ia32_sysenter_target)
+@@ -292,19 +348,25 @@ ENDPROC(ia32_sysenter_target)
ENTRY(ia32_cstar_target)
CFI_STARTPROC32 simple
CFI_SIGNAL_FRAME
movl %eax,%eax /* zero extension */
movq %rax,ORIG_RAX-ARGOFFSET(%rsp)
movq %rcx,RIP-ARGOFFSET(%rsp)
-@@ -304,12 +367,25 @@ ENTRY(ia32_cstar_target)
+@@ -320,12 +382,25 @@ ENTRY(ia32_cstar_target)
/* no need to do an access_ok check here because r8 has been
32bit zero extended */
/* hardware stack frame is complete now */
CFI_REMEMBER_STATE
jnz cstar_tracesys
cmpq $IA32_NR_syscalls-1,%rax
-@@ -319,13 +395,16 @@ cstar_do_call:
+@@ -335,13 +410,16 @@ cstar_do_call:
cstar_dispatch:
call *ia32_sys_call_table(,%rax,8)
movq %rax,RAX-ARGOFFSET(%rsp)
movl RIP-ARGOFFSET(%rsp),%ecx
CFI_REGISTER rip,rcx
movl EFLAGS-ARGOFFSET(%rsp),%r11d
-@@ -352,7 +431,7 @@ sysretl_audit:
+@@ -368,7 +446,7 @@ sysretl_audit:
cstar_tracesys:
#ifdef CONFIG_AUDITSYSCALL
jz cstar_auditsys
#endif
xchgl %r9d,%ebp
-@@ -366,11 +445,19 @@ cstar_tracesys:
+@@ -382,11 +460,19 @@ cstar_tracesys:
xchgl %ebp,%r9d
cmpq $(IA32_NR_syscalls-1),%rax
ja int_ret_from_sys_call /* cstar_tracesys has set RAX(%rsp) */
movq $-EFAULT,%rax
jmp ia32_sysret
CFI_ENDPROC
-@@ -407,19 +494,26 @@ ENTRY(ia32_syscall)
+@@ -423,19 +509,26 @@ ENTRY(ia32_syscall)
CFI_REL_OFFSET rip,RIP-RIP
PARAVIRT_ADJUST_EXCEPTION_FRAME
SWAPGS
jnz ia32_tracesys
cmpq $(IA32_NR_syscalls-1),%rax
ja ia32_badsys
-@@ -442,6 +536,9 @@ ia32_tracesys:
+@@ -458,6 +551,9 @@ ia32_tracesys:
RESTORE_REST
cmpq $(IA32_NR_syscalls-1),%rax
ja int_ret_from_sys_call /* ia32_tracesys has set RAX(%rsp) */
union {
u64 v64;
diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h
-index 1a055c8..1a5082a 100644
+index ca3347a..1a5082a 100644
--- a/arch/x86/include/asm/elf.h
+++ b/arch/x86/include/asm/elf.h
@@ -75,9 +75,6 @@ typedef struct user_fxsr_struct elf_fpxregset_t;
#if defined(CONFIG_X86_32) || defined(CONFIG_COMPAT)
extern unsigned int vdso32_enabled;
#endif
-@@ -160,8 +157,9 @@ do { \
- #define elf_check_arch(x) \
- ((x)->e_machine == EM_X86_64)
-
--#define compat_elf_check_arch(x) \
-- (elf_check_arch_ia32(x) || (x)->e_machine == EM_X86_64)
-+#define compat_elf_check_arch(x) \
-+ (elf_check_arch_ia32(x) || \
-+ (IS_ENABLED(CONFIG_X86_X32_ABI) && (x)->e_machine == EM_X86_64))
-
- #if __USER32_DS != __USER_DS
- # error "The following code assumes __USER32_DS == __USER_DS"
-@@ -248,7 +246,25 @@ extern int force_personality32;
+@@ -249,7 +246,25 @@ extern int force_personality32;
the loader. We need to make sure that it is out of the way of the program
that it will "exec", and that there is sufficient room for the brk. */
/* This yields a mask that user programs can use to figure out what
instruction set this CPU supports. This could be done in user space,
-@@ -297,17 +313,13 @@ do { \
+@@ -298,17 +313,13 @@ do { \
#define ARCH_DLINFO \
do { \
} while (0)
#define AT_SYSINFO 32
-@@ -322,10 +334,10 @@ else \
+@@ -323,10 +334,10 @@ else \
#endif /* !CONFIG_X86_32 */
selected_vdso32->sym___kernel_vsyscall)
struct linux_binprm;
-@@ -337,9 +349,6 @@ extern int compat_arch_setup_additional_pages(struct linux_binprm *bprm,
+@@ -338,9 +349,6 @@ extern int compat_arch_setup_additional_pages(struct linux_binprm *bprm,
int uses_interp);
#define compat_arch_setup_additional_pages compat_arch_setup_additional_pages
#define flush_insn_slot(p) do { } while (0)
-diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
-index 7c492ed..d16311f 100644
---- a/arch/x86/include/asm/kvm_host.h
-+++ b/arch/x86/include/asm/kvm_host.h
-@@ -990,6 +990,20 @@ static inline void kvm_inject_gp(struct kvm_vcpu *vcpu, u32 error_code)
- kvm_queue_exception_e(vcpu, GP_VECTOR, error_code);
- }
-
-+static inline u64 get_canonical(u64 la)
-+{
-+ return ((int64_t)la << 16) >> 16;
-+}
-+
-+static inline bool is_noncanonical_address(u64 la)
-+{
-+#ifdef CONFIG_X86_64
-+ return get_canonical(la) != la;
-+#else
-+ return false;
-+#endif
-+}
-+
- #define TSS_IOPB_BASE_OFFSET 0x66
- #define TSS_BASE_SIZE 0x68
- #define TSS_IOPB_SIZE (65536 / 8)
-@@ -1048,7 +1062,7 @@ int kvm_cpu_get_interrupt(struct kvm_vcpu *v);
- void kvm_vcpu_reset(struct kvm_vcpu *vcpu);
-
- void kvm_define_shared_msr(unsigned index, u32 msr);
--void kvm_set_shared_msr(unsigned index, u64 val, u64 mask);
-+int kvm_set_shared_msr(unsigned index, u64 val, u64 mask);
-
- bool kvm_is_linear_rip(struct kvm_vcpu *vcpu, unsigned long linear_rip);
-
diff --git a/arch/x86/include/asm/local.h b/arch/x86/include/asm/local.h
index 4ad6560..75c7bdd 100644
--- a/arch/x86/include/asm/local.h
#endif /* __ASSEMBLY__ */
/* top of stack page */
-diff --git a/arch/x86/include/uapi/asm/vmx.h b/arch/x86/include/uapi/asm/vmx.h
-index 0e79420..990a2fe 100644
---- a/arch/x86/include/uapi/asm/vmx.h
-+++ b/arch/x86/include/uapi/asm/vmx.h
-@@ -67,6 +67,7 @@
- #define EXIT_REASON_EPT_MISCONFIG 49
- #define EXIT_REASON_INVEPT 50
- #define EXIT_REASON_PREEMPTION_TIMER 52
-+#define EXIT_REASON_INVVPID 53
- #define EXIT_REASON_WBINVD 54
- #define EXIT_REASON_XSETBV 55
- #define EXIT_REASON_APIC_WRITE 56
-@@ -114,6 +115,7 @@
- { EXIT_REASON_EOI_INDUCED, "EOI_INDUCED" }, \
- { EXIT_REASON_INVALID_STATE, "INVALID_STATE" }, \
- { EXIT_REASON_INVD, "INVD" }, \
-+ { EXIT_REASON_INVVPID, "INVVPID" }, \
- { EXIT_REASON_INVPCID, "INVPCID" }
-
- #endif /* _UAPIVMX_H */
diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
index ada2e2d..ca69e16 100644
--- a/arch/x86/kernel/Makefile
obj-$(CONFIG_X86_64) += mcount_64.o
obj-y += syscall_$(BITS).o vsyscall_gtod.o
diff --git a/arch/x86/kernel/acpi/boot.c b/arch/x86/kernel/acpi/boot.c
-index b436fc7..1ba7044 100644
+index a142e77..6222cdd 100644
--- a/arch/x86/kernel/acpi/boot.c
+++ b/arch/x86/kernel/acpi/boot.c
-@@ -1272,7 +1272,7 @@ static int __init dmi_ignore_irq0_timer_override(const struct dmi_system_id *d)
+@@ -1276,7 +1276,7 @@ static int __init dmi_ignore_irq0_timer_override(const struct dmi_system_id *d)
* If your system is blacklisted here, but you find that acpi=force
* works for you, please contact linux-acpi@vger.kernel.org
*/
/*
* Boxes that need ACPI disabled
*/
-@@ -1347,7 +1347,7 @@ static struct dmi_system_id __initdata acpi_dmi_table[] = {
+@@ -1351,7 +1351,7 @@ static struct dmi_system_id __initdata acpi_dmi_table[] = {
};
/* second table for DMI checks that should run after early-quirks */
bp_int3_handler = handler;
bp_int3_addr = (u8 *)addr + sizeof(int3);
diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c
-index 6776027..972266c 100644
+index 24b5894..6d9701b 100644
--- a/arch/x86/kernel/apic/apic.c
+++ b/arch/x86/kernel/apic/apic.c
@@ -201,7 +201,7 @@ int first_system_vector = 0xfe;
if (c->x86_model == 3 && c->x86_mask == 0)
size = 64;
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
-index e4ab2b4..d487ba5 100644
+index 3126558..a1028f6 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -90,60 +90,6 @@ static const struct cpu_dev default_cpu = {
ip = *(u64 *)(fp+8);
if (!in_sched_functions(ip))
diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c
-index 678c0ad..2fc2a7b 100644
+index b1a5dfa..ed94526 100644
--- a/arch/x86/kernel/ptrace.c
+++ b/arch/x86/kernel/ptrace.c
@@ -186,10 +186,10 @@ unsigned long kernel_stack_pointer(struct pt_regs *regs)
}
void user_single_step_siginfo(struct task_struct *tsk,
-@@ -1450,6 +1464,10 @@ void send_sigtrap(struct task_struct *tsk, struct pt_regs *regs,
- # define IS_IA32 0
- #endif
+@@ -1441,6 +1455,10 @@ void send_sigtrap(struct task_struct *tsk, struct pt_regs *regs,
+ force_sig_info(SIGTRAP, &info, tsk);
+ }
+#ifdef CONFIG_GRKERNSEC_SETXID
+extern void gr_delayed_cred_worker(void);
/*
* We must return the syscall number to actually look up in the table.
* This can be -1L to skip running any syscall at all.
-@@ -1460,6 +1478,11 @@ long syscall_trace_enter(struct pt_regs *regs)
+@@ -1451,6 +1469,11 @@ long syscall_trace_enter(struct pt_regs *regs)
user_exit();
/*
* If we stepped into a sysenter/syscall insn, it trapped in
* kernel mode; do_debug() cleared TF and set TIF_SINGLESTEP.
-@@ -1515,6 +1538,11 @@ void syscall_trace_leave(struct pt_regs *regs)
+@@ -1506,6 +1529,11 @@ void syscall_trace_leave(struct pt_regs *regs)
*/
user_exit();
* Up to this point, the boot CPU has been using .init.data
* area. Reload any changed state for the boot CPU.
diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c
-index 2851d63..83bf567 100644
+index ed37a76..39f936e 100644
--- a/arch/x86/kernel/signal.c
+++ b/arch/x86/kernel/signal.c
@@ -190,7 +190,7 @@ static unsigned long align_sigframe(unsigned long sp)
if (!fixup_exception(regs)) {
task->thread.error_code = error_code;
diff --git a/arch/x86/kernel/tsc.c b/arch/x86/kernel/tsc.c
-index b6025f9..0cc6a1d 100644
+index b7e50bb..f4a93ae 100644
--- a/arch/x86/kernel/tsc.c
+++ b/arch/x86/kernel/tsc.c
@@ -150,7 +150,7 @@ static void cyc2ns_write_end(int cpu, struct cyc2ns_data *data)
.read = native_io_apic_read,
.write = native_io_apic_write,
diff --git a/arch/x86/kernel/xsave.c b/arch/x86/kernel/xsave.c
-index 940b142..0ad3a10 100644
+index 4c540c4..0b985b0 100644
--- a/arch/x86/kernel/xsave.c
+++ b/arch/x86/kernel/xsave.c
@@ -167,18 +167,18 @@ static inline int save_xstate_epilog(void __user *buf, int ia32_frame)
if (use_xsave())
err = xsave_user(buf);
else if (use_fxsr())
-@@ -314,6 +315,7 @@ sanitize_restored_xstate(struct task_struct *tsk,
+@@ -312,6 +313,7 @@ sanitize_restored_xstate(struct task_struct *tsk,
*/
static inline int restore_user_xstate(void __user *buf, u64 xbv, int fx_only)
{
return 0;
out:
-diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
-index 03954f7..48daa1a 100644
---- a/arch/x86/kvm/emulate.c
-+++ b/arch/x86/kvm/emulate.c
-@@ -504,11 +504,6 @@ static void rsp_increment(struct x86_emulate_ctxt *ctxt, int inc)
- masked_increment(reg_rmw(ctxt, VCPU_REGS_RSP), stack_mask(ctxt), inc);
- }
-
--static inline void jmp_rel(struct x86_emulate_ctxt *ctxt, int rel)
--{
-- register_address_increment(ctxt, &ctxt->_eip, rel);
--}
--
- static u32 desc_limit_scaled(struct desc_struct *desc)
- {
- u32 limit = get_desc_limit(desc);
-@@ -568,6 +563,38 @@ static int emulate_nm(struct x86_emulate_ctxt *ctxt)
- return emulate_exception(ctxt, NM_VECTOR, 0, false);
- }
-
-+static inline int assign_eip_far(struct x86_emulate_ctxt *ctxt, ulong dst,
-+ int cs_l)
-+{
-+ switch (ctxt->op_bytes) {
-+ case 2:
-+ ctxt->_eip = (u16)dst;
-+ break;
-+ case 4:
-+ ctxt->_eip = (u32)dst;
-+ break;
-+ case 8:
-+ if ((cs_l && is_noncanonical_address(dst)) ||
-+ (!cs_l && (dst & ~(u32)-1)))
-+ return emulate_gp(ctxt, 0);
-+ ctxt->_eip = dst;
-+ break;
-+ default:
-+ WARN(1, "unsupported eip assignment size\n");
-+ }
-+ return X86EMUL_CONTINUE;
-+}
-+
-+static inline int assign_eip_near(struct x86_emulate_ctxt *ctxt, ulong dst)
-+{
-+ return assign_eip_far(ctxt, dst, ctxt->mode == X86EMUL_MODE_PROT64);
-+}
-+
-+static inline int jmp_rel(struct x86_emulate_ctxt *ctxt, int rel)
-+{
-+ return assign_eip_near(ctxt, ctxt->_eip + rel);
-+}
-+
- static u16 get_segment_selector(struct x86_emulate_ctxt *ctxt, unsigned seg)
- {
- u16 selector;
-@@ -750,8 +777,10 @@ static int __do_insn_fetch_bytes(struct x86_emulate_ctxt *ctxt, int op_size)
- static __always_inline int do_insn_fetch_bytes(struct x86_emulate_ctxt *ctxt,
- unsigned size)
- {
-- if (unlikely(ctxt->fetch.end - ctxt->fetch.ptr < size))
-- return __do_insn_fetch_bytes(ctxt, size);
-+ unsigned done_size = ctxt->fetch.end - ctxt->fetch.ptr;
-+
-+ if (unlikely(done_size < size))
-+ return __do_insn_fetch_bytes(ctxt, size - done_size);
- else
- return X86EMUL_CONTINUE;
- }
-@@ -1415,7 +1444,9 @@ static int write_segment_descriptor(struct x86_emulate_ctxt *ctxt,
-
- /* Does not support long mode */
- static int __load_segment_descriptor(struct x86_emulate_ctxt *ctxt,
-- u16 selector, int seg, u8 cpl, bool in_task_switch)
-+ u16 selector, int seg, u8 cpl,
-+ bool in_task_switch,
-+ struct desc_struct *desc)
- {
- struct desc_struct seg_desc, old_desc;
- u8 dpl, rpl;
-@@ -1547,6 +1578,8 @@ static int __load_segment_descriptor(struct x86_emulate_ctxt *ctxt,
- }
- load:
- ctxt->ops->set_segment(ctxt, selector, &seg_desc, base3, seg);
-+ if (desc)
-+ *desc = seg_desc;
- return X86EMUL_CONTINUE;
- exception:
- emulate_exception(ctxt, err_vec, err_code, true);
-@@ -1557,7 +1590,7 @@ static int load_segment_descriptor(struct x86_emulate_ctxt *ctxt,
- u16 selector, int seg)
- {
- u8 cpl = ctxt->ops->cpl(ctxt);
-- return __load_segment_descriptor(ctxt, selector, seg, cpl, false);
-+ return __load_segment_descriptor(ctxt, selector, seg, cpl, false, NULL);
- }
-
- static void write_register_operand(struct operand *op)
-@@ -1951,17 +1984,31 @@ static int em_iret(struct x86_emulate_ctxt *ctxt)
- static int em_jmp_far(struct x86_emulate_ctxt *ctxt)
- {
- int rc;
-- unsigned short sel;
-+ unsigned short sel, old_sel;
-+ struct desc_struct old_desc, new_desc;
-+ const struct x86_emulate_ops *ops = ctxt->ops;
-+ u8 cpl = ctxt->ops->cpl(ctxt);
-+
-+ /* Assignment of RIP may only fail in 64-bit mode */
-+ if (ctxt->mode == X86EMUL_MODE_PROT64)
-+ ops->get_segment(ctxt, &old_sel, &old_desc, NULL,
-+ VCPU_SREG_CS);
-
- memcpy(&sel, ctxt->src.valptr + ctxt->op_bytes, 2);
-
-- rc = load_segment_descriptor(ctxt, sel, VCPU_SREG_CS);
-+ rc = __load_segment_descriptor(ctxt, sel, VCPU_SREG_CS, cpl, false,
-+ &new_desc);
- if (rc != X86EMUL_CONTINUE)
- return rc;
-
-- ctxt->_eip = 0;
-- memcpy(&ctxt->_eip, ctxt->src.valptr, ctxt->op_bytes);
-- return X86EMUL_CONTINUE;
-+ rc = assign_eip_far(ctxt, ctxt->src.val, new_desc.l);
-+ if (rc != X86EMUL_CONTINUE) {
-+ WARN_ON(!ctxt->mode != X86EMUL_MODE_PROT64);
-+ /* assigning eip failed; restore the old cs */
-+ ops->set_segment(ctxt, old_sel, &old_desc, 0, VCPU_SREG_CS);
-+ return rc;
-+ }
-+ return rc;
- }
-
- static int em_grp45(struct x86_emulate_ctxt *ctxt)
-@@ -1972,13 +2019,15 @@ static int em_grp45(struct x86_emulate_ctxt *ctxt)
- case 2: /* call near abs */ {
- long int old_eip;
- old_eip = ctxt->_eip;
-- ctxt->_eip = ctxt->src.val;
-+ rc = assign_eip_near(ctxt, ctxt->src.val);
-+ if (rc != X86EMUL_CONTINUE)
-+ break;
- ctxt->src.val = old_eip;
- rc = em_push(ctxt);
- break;
- }
- case 4: /* jmp abs */
-- ctxt->_eip = ctxt->src.val;
-+ rc = assign_eip_near(ctxt, ctxt->src.val);
- break;
- case 5: /* jmp far */
- rc = em_jmp_far(ctxt);
-@@ -2013,30 +2062,47 @@ static int em_cmpxchg8b(struct x86_emulate_ctxt *ctxt)
-
- static int em_ret(struct x86_emulate_ctxt *ctxt)
- {
-- ctxt->dst.type = OP_REG;
-- ctxt->dst.addr.reg = &ctxt->_eip;
-- ctxt->dst.bytes = ctxt->op_bytes;
-- return em_pop(ctxt);
-+ int rc;
-+ unsigned long eip;
-+
-+ rc = emulate_pop(ctxt, &eip, ctxt->op_bytes);
-+ if (rc != X86EMUL_CONTINUE)
-+ return rc;
-+
-+ return assign_eip_near(ctxt, eip);
- }
-
- static int em_ret_far(struct x86_emulate_ctxt *ctxt)
- {
- int rc;
-- unsigned long cs;
-+ unsigned long eip, cs;
-+ u16 old_cs;
- int cpl = ctxt->ops->cpl(ctxt);
-+ struct desc_struct old_desc, new_desc;
-+ const struct x86_emulate_ops *ops = ctxt->ops;
-
-- rc = emulate_pop(ctxt, &ctxt->_eip, ctxt->op_bytes);
-+ if (ctxt->mode == X86EMUL_MODE_PROT64)
-+ ops->get_segment(ctxt, &old_cs, &old_desc, NULL,
-+ VCPU_SREG_CS);
-+
-+ rc = emulate_pop(ctxt, &eip, ctxt->op_bytes);
- if (rc != X86EMUL_CONTINUE)
- return rc;
-- if (ctxt->op_bytes == 4)
-- ctxt->_eip = (u32)ctxt->_eip;
- rc = emulate_pop(ctxt, &cs, ctxt->op_bytes);
- if (rc != X86EMUL_CONTINUE)
- return rc;
- /* Outer-privilege level return is not implemented */
- if (ctxt->mode >= X86EMUL_MODE_PROT16 && (cs & 3) > cpl)
- return X86EMUL_UNHANDLEABLE;
-- rc = load_segment_descriptor(ctxt, (u16)cs, VCPU_SREG_CS);
-+ rc = __load_segment_descriptor(ctxt, (u16)cs, VCPU_SREG_CS, 0, false,
-+ &new_desc);
-+ if (rc != X86EMUL_CONTINUE)
-+ return rc;
-+ rc = assign_eip_far(ctxt, eip, new_desc.l);
-+ if (rc != X86EMUL_CONTINUE) {
-+ WARN_ON(!ctxt->mode != X86EMUL_MODE_PROT64);
-+ ops->set_segment(ctxt, old_cs, &old_desc, 0, VCPU_SREG_CS);
-+ }
- return rc;
- }
-
-@@ -2297,7 +2363,7 @@ static int em_sysexit(struct x86_emulate_ctxt *ctxt)
- {
- const struct x86_emulate_ops *ops = ctxt->ops;
- struct desc_struct cs, ss;
-- u64 msr_data;
-+ u64 msr_data, rcx, rdx;
- int usermode;
- u16 cs_sel = 0, ss_sel = 0;
-
-@@ -2313,6 +2379,9 @@ static int em_sysexit(struct x86_emulate_ctxt *ctxt)
- else
- usermode = X86EMUL_MODE_PROT32;
-
-+ rcx = reg_read(ctxt, VCPU_REGS_RCX);
-+ rdx = reg_read(ctxt, VCPU_REGS_RDX);
-+
- cs.dpl = 3;
- ss.dpl = 3;
- ops->get_msr(ctxt, MSR_IA32_SYSENTER_CS, &msr_data);
-@@ -2330,6 +2399,9 @@ static int em_sysexit(struct x86_emulate_ctxt *ctxt)
- ss_sel = cs_sel + 8;
- cs.d = 0;
- cs.l = 1;
-+ if (is_noncanonical_address(rcx) ||
-+ is_noncanonical_address(rdx))
-+ return emulate_gp(ctxt, 0);
- break;
- }
- cs_sel |= SELECTOR_RPL_MASK;
-@@ -2338,8 +2410,8 @@ static int em_sysexit(struct x86_emulate_ctxt *ctxt)
- ops->set_segment(ctxt, cs_sel, &cs, 0, VCPU_SREG_CS);
- ops->set_segment(ctxt, ss_sel, &ss, 0, VCPU_SREG_SS);
-
-- ctxt->_eip = reg_read(ctxt, VCPU_REGS_RDX);
-- *reg_write(ctxt, VCPU_REGS_RSP) = reg_read(ctxt, VCPU_REGS_RCX);
-+ ctxt->_eip = rdx;
-+ *reg_write(ctxt, VCPU_REGS_RSP) = rcx;
-
- return X86EMUL_CONTINUE;
- }
-@@ -2457,19 +2529,24 @@ static int load_state_from_tss16(struct x86_emulate_ctxt *ctxt,
- * Now load segment descriptors. If fault happens at this stage
- * it is handled in a context of new task
- */
-- ret = __load_segment_descriptor(ctxt, tss->ldt, VCPU_SREG_LDTR, cpl, true);
-+ ret = __load_segment_descriptor(ctxt, tss->ldt, VCPU_SREG_LDTR, cpl,
-+ true, NULL);
- if (ret != X86EMUL_CONTINUE)
- return ret;
-- ret = __load_segment_descriptor(ctxt, tss->es, VCPU_SREG_ES, cpl, true);
-+ ret = __load_segment_descriptor(ctxt, tss->es, VCPU_SREG_ES, cpl,
-+ true, NULL);
- if (ret != X86EMUL_CONTINUE)
- return ret;
-- ret = __load_segment_descriptor(ctxt, tss->cs, VCPU_SREG_CS, cpl, true);
-+ ret = __load_segment_descriptor(ctxt, tss->cs, VCPU_SREG_CS, cpl,
-+ true, NULL);
- if (ret != X86EMUL_CONTINUE)
- return ret;
-- ret = __load_segment_descriptor(ctxt, tss->ss, VCPU_SREG_SS, cpl, true);
-+ ret = __load_segment_descriptor(ctxt, tss->ss, VCPU_SREG_SS, cpl,
-+ true, NULL);
- if (ret != X86EMUL_CONTINUE)
- return ret;
-- ret = __load_segment_descriptor(ctxt, tss->ds, VCPU_SREG_DS, cpl, true);
-+ ret = __load_segment_descriptor(ctxt, tss->ds, VCPU_SREG_DS, cpl,
-+ true, NULL);
- if (ret != X86EMUL_CONTINUE)
- return ret;
-
-@@ -2594,25 +2671,32 @@ static int load_state_from_tss32(struct x86_emulate_ctxt *ctxt,
- * Now load segment descriptors. If fault happenes at this stage
- * it is handled in a context of new task
- */
-- ret = __load_segment_descriptor(ctxt, tss->ldt_selector, VCPU_SREG_LDTR, cpl, true);
-+ ret = __load_segment_descriptor(ctxt, tss->ldt_selector, VCPU_SREG_LDTR,
-+ cpl, true, NULL);
- if (ret != X86EMUL_CONTINUE)
- return ret;
-- ret = __load_segment_descriptor(ctxt, tss->es, VCPU_SREG_ES, cpl, true);
-+ ret = __load_segment_descriptor(ctxt, tss->es, VCPU_SREG_ES, cpl,
-+ true, NULL);
- if (ret != X86EMUL_CONTINUE)
- return ret;
-- ret = __load_segment_descriptor(ctxt, tss->cs, VCPU_SREG_CS, cpl, true);
-+ ret = __load_segment_descriptor(ctxt, tss->cs, VCPU_SREG_CS, cpl,
-+ true, NULL);
- if (ret != X86EMUL_CONTINUE)
- return ret;
-- ret = __load_segment_descriptor(ctxt, tss->ss, VCPU_SREG_SS, cpl, true);
-+ ret = __load_segment_descriptor(ctxt, tss->ss, VCPU_SREG_SS, cpl,
-+ true, NULL);
- if (ret != X86EMUL_CONTINUE)
- return ret;
-- ret = __load_segment_descriptor(ctxt, tss->ds, VCPU_SREG_DS, cpl, true);
-+ ret = __load_segment_descriptor(ctxt, tss->ds, VCPU_SREG_DS, cpl,
-+ true, NULL);
- if (ret != X86EMUL_CONTINUE)
- return ret;
-- ret = __load_segment_descriptor(ctxt, tss->fs, VCPU_SREG_FS, cpl, true);
-+ ret = __load_segment_descriptor(ctxt, tss->fs, VCPU_SREG_FS, cpl,
-+ true, NULL);
- if (ret != X86EMUL_CONTINUE)
- return ret;
-- ret = __load_segment_descriptor(ctxt, tss->gs, VCPU_SREG_GS, cpl, true);
-+ ret = __load_segment_descriptor(ctxt, tss->gs, VCPU_SREG_GS, cpl,
-+ true, NULL);
- if (ret != X86EMUL_CONTINUE)
- return ret;
-
-@@ -2880,10 +2964,13 @@ static int em_aad(struct x86_emulate_ctxt *ctxt)
-
- static int em_call(struct x86_emulate_ctxt *ctxt)
- {
-+ int rc;
- long rel = ctxt->src.val;
-
- ctxt->src.val = (unsigned long)ctxt->_eip;
-- jmp_rel(ctxt, rel);
-+ rc = jmp_rel(ctxt, rel);
-+ if (rc != X86EMUL_CONTINUE)
-+ return rc;
- return em_push(ctxt);
- }
-
-@@ -2892,34 +2979,50 @@ static int em_call_far(struct x86_emulate_ctxt *ctxt)
- u16 sel, old_cs;
- ulong old_eip;
- int rc;
-+ struct desc_struct old_desc, new_desc;
-+ const struct x86_emulate_ops *ops = ctxt->ops;
-+ int cpl = ctxt->ops->cpl(ctxt);
-
-- old_cs = get_segment_selector(ctxt, VCPU_SREG_CS);
- old_eip = ctxt->_eip;
-+ ops->get_segment(ctxt, &old_cs, &old_desc, NULL, VCPU_SREG_CS);
-
- memcpy(&sel, ctxt->src.valptr + ctxt->op_bytes, 2);
-- if (load_segment_descriptor(ctxt, sel, VCPU_SREG_CS))
-+ rc = __load_segment_descriptor(ctxt, sel, VCPU_SREG_CS, cpl, false,
-+ &new_desc);
-+ if (rc != X86EMUL_CONTINUE)
- return X86EMUL_CONTINUE;
-
-- ctxt->_eip = 0;
-- memcpy(&ctxt->_eip, ctxt->src.valptr, ctxt->op_bytes);
-+ rc = assign_eip_far(ctxt, ctxt->src.val, new_desc.l);
-+ if (rc != X86EMUL_CONTINUE)
-+ goto fail;
-
- ctxt->src.val = old_cs;
- rc = em_push(ctxt);
- if (rc != X86EMUL_CONTINUE)
-- return rc;
-+ goto fail;
-
- ctxt->src.val = old_eip;
-- return em_push(ctxt);
-+ rc = em_push(ctxt);
-+ /* If we failed, we tainted the memory, but the very least we should
-+ restore cs */
-+ if (rc != X86EMUL_CONTINUE)
-+ goto fail;
-+ return rc;
-+fail:
-+ ops->set_segment(ctxt, old_cs, &old_desc, 0, VCPU_SREG_CS);
-+ return rc;
-+
- }
-
- static int em_ret_near_imm(struct x86_emulate_ctxt *ctxt)
- {
- int rc;
-+ unsigned long eip;
-
-- ctxt->dst.type = OP_REG;
-- ctxt->dst.addr.reg = &ctxt->_eip;
-- ctxt->dst.bytes = ctxt->op_bytes;
-- rc = emulate_pop(ctxt, &ctxt->dst.val, ctxt->op_bytes);
-+ rc = emulate_pop(ctxt, &eip, ctxt->op_bytes);
-+ if (rc != X86EMUL_CONTINUE)
-+ return rc;
-+ rc = assign_eip_near(ctxt, eip);
- if (rc != X86EMUL_CONTINUE)
- return rc;
- rsp_increment(ctxt, ctxt->src.val);
-@@ -3250,20 +3353,24 @@ static int em_lmsw(struct x86_emulate_ctxt *ctxt)
-
- static int em_loop(struct x86_emulate_ctxt *ctxt)
- {
-+ int rc = X86EMUL_CONTINUE;
-+
- register_address_increment(ctxt, reg_rmw(ctxt, VCPU_REGS_RCX), -1);
- if ((address_mask(ctxt, reg_read(ctxt, VCPU_REGS_RCX)) != 0) &&
- (ctxt->b == 0xe2 || test_cc(ctxt->b ^ 0x5, ctxt->eflags)))
-- jmp_rel(ctxt, ctxt->src.val);
-+ rc = jmp_rel(ctxt, ctxt->src.val);
-
-- return X86EMUL_CONTINUE;
-+ return rc;
- }
-
- static int em_jcxz(struct x86_emulate_ctxt *ctxt)
- {
-+ int rc = X86EMUL_CONTINUE;
-+
- if (address_mask(ctxt, reg_read(ctxt, VCPU_REGS_RCX)) == 0)
-- jmp_rel(ctxt, ctxt->src.val);
-+ rc = jmp_rel(ctxt, ctxt->src.val);
-
-- return X86EMUL_CONTINUE;
-+ return rc;
- }
-
- static int em_in(struct x86_emulate_ctxt *ctxt)
-@@ -3351,6 +3458,12 @@ static int em_bswap(struct x86_emulate_ctxt *ctxt)
- return X86EMUL_CONTINUE;
- }
-
-+static int em_clflush(struct x86_emulate_ctxt *ctxt)
-+{
-+ /* emulating clflush regardless of cpuid */
-+ return X86EMUL_CONTINUE;
-+}
-+
- static bool valid_cr(int nr)
- {
- switch (nr) {
-@@ -3683,6 +3796,16 @@ static const struct opcode group11[] = {
- X7(D(Undefined)),
- };
-
-+static const struct gprefix pfx_0f_ae_7 = {
-+ I(SrcMem | ByteOp, em_clflush), N, N, N,
-+};
-+
-+static const struct group_dual group15 = { {
-+ N, N, N, N, N, N, N, GP(0, &pfx_0f_ae_7),
-+}, {
-+ N, N, N, N, N, N, N, N,
-+} };
-+
- static const struct gprefix pfx_0f_6f_0f_7f = {
- I(Mmx, em_mov), I(Sse | Aligned, em_mov), N, I(Sse | Unaligned, em_mov),
- };
-@@ -3887,10 +4010,11 @@ static const struct opcode twobyte_table[256] = {
- N, I(ImplicitOps | EmulateOnUD, em_syscall),
- II(ImplicitOps | Priv, em_clts, clts), N,
- DI(ImplicitOps | Priv, invd), DI(ImplicitOps | Priv, wbinvd), N, N,
-- N, D(ImplicitOps | ModRM), N, N,
-+ N, D(ImplicitOps | ModRM | SrcMem | NoAccess), N, N,
- /* 0x10 - 0x1F */
- N, N, N, N, N, N, N, N,
-- D(ImplicitOps | ModRM), N, N, N, N, N, N, D(ImplicitOps | ModRM),
-+ D(ImplicitOps | ModRM | SrcMem | NoAccess),
-+ N, N, N, N, N, N, D(ImplicitOps | ModRM | SrcMem | NoAccess),
- /* 0x20 - 0x2F */
- DIP(ModRM | DstMem | Priv | Op3264 | NoMod, cr_read, check_cr_read),
- DIP(ModRM | DstMem | Priv | Op3264 | NoMod, dr_read, check_dr_read),
-@@ -3942,7 +4066,7 @@ static const struct opcode twobyte_table[256] = {
- F(DstMem | SrcReg | ModRM | BitOp | Lock | PageTable, em_bts),
- F(DstMem | SrcReg | Src2ImmByte | ModRM, em_shrd),
- F(DstMem | SrcReg | Src2CL | ModRM, em_shrd),
-- D(ModRM), F(DstReg | SrcMem | ModRM, em_imul),
-+ GD(0, &group15), F(DstReg | SrcMem | ModRM, em_imul),
- /* 0xB0 - 0xB7 */
- I2bv(DstMem | SrcReg | ModRM | Lock | PageTable, em_cmpxchg),
- I(DstReg | SrcMemFAddr | ModRM | Src2SS, em_lseg),
-@@ -4458,10 +4582,10 @@ done_prefixes:
- /* Decode and fetch the destination operand: register or memory. */
- rc = decode_operand(ctxt, &ctxt->dst, (ctxt->d >> DstShift) & OpMask);
-
--done:
- if (ctxt->rip_relative)
- ctxt->memopp->addr.mem.ea += ctxt->_eip;
-
-+done:
- return (rc != X86EMUL_CONTINUE) ? EMULATION_FAILED : EMULATION_OK;
- }
-
-@@ -4711,7 +4835,7 @@ special_insn:
- break;
- case 0x70 ... 0x7f: /* jcc (short) */
- if (test_cc(ctxt->b, ctxt->eflags))
-- jmp_rel(ctxt, ctxt->src.val);
-+ rc = jmp_rel(ctxt, ctxt->src.val);
- break;
- case 0x8d: /* lea r16/r32, m */
- ctxt->dst.val = ctxt->src.addr.mem.ea;
-@@ -4741,7 +4865,7 @@ special_insn:
- break;
- case 0xe9: /* jmp rel */
- case 0xeb: /* jmp rel short */
-- jmp_rel(ctxt, ctxt->src.val);
-+ rc = jmp_rel(ctxt, ctxt->src.val);
- ctxt->dst.type = OP_NONE; /* Disable writeback. */
- break;
- case 0xf4: /* hlt */
-@@ -4864,13 +4988,11 @@ twobyte_insn:
- break;
- case 0x80 ... 0x8f: /* jnz rel, etc*/
- if (test_cc(ctxt->b, ctxt->eflags))
-- jmp_rel(ctxt, ctxt->src.val);
-+ rc = jmp_rel(ctxt, ctxt->src.val);
- break;
- case 0x90 ... 0x9f: /* setcc r/m8 */
- ctxt->dst.val = test_cc(ctxt->b, ctxt->eflags);
- break;
-- case 0xae: /* clflush */
-- break;
- case 0xb6 ... 0xb7: /* movzx */
- ctxt->dst.bytes = ctxt->op_bytes;
- ctxt->dst.val = (ctxt->src.bytes == 1) ? (u8) ctxt->src.val
-diff --git a/arch/x86/kvm/i8254.c b/arch/x86/kvm/i8254.c
-index 518d864..298781d 100644
---- a/arch/x86/kvm/i8254.c
-+++ b/arch/x86/kvm/i8254.c
-@@ -262,8 +262,10 @@ void __kvm_migrate_pit_timer(struct kvm_vcpu *vcpu)
- return;
-
- timer = &pit->pit_state.timer;
-+ mutex_lock(&pit->pit_state.lock);
- if (hrtimer_cancel(timer))
- hrtimer_start_expires(timer, HRTIMER_MODE_ABS);
-+ mutex_unlock(&pit->pit_state.lock);
- }
-
- static void destroy_pit_timer(struct kvm_pit *pit)
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
index 08e8a89..0e9183e 100644
--- a/arch/x86/kvm/lapic.c
goto error;
walker->ptep_user[walker->level - 1] = ptep_user;
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
-index ddf7427..fd84599 100644
+index 78dadc3..fd84599 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
-@@ -3234,7 +3234,7 @@ static int wrmsr_interception(struct vcpu_svm *svm)
- msr.host_initiated = false;
-
- svm->next_rip = kvm_rip_read(&svm->vcpu) + 2;
-- if (svm_set_msr(&svm->vcpu, &msr)) {
-+ if (kvm_set_msr(&svm->vcpu, &msr)) {
- trace_kvm_msr_write_ex(ecx, data);
- kvm_inject_gp(&svm->vcpu, 0);
- } else {
-@@ -3534,9 +3534,9 @@ static int handle_exit(struct kvm_vcpu *vcpu)
-
- if (exit_code >= ARRAY_SIZE(svm_exit_handlers)
- || !svm_exit_handlers[exit_code]) {
-- kvm_run->exit_reason = KVM_EXIT_UNKNOWN;
-- kvm_run->hw.hardware_exit_reason = exit_code;
-- return 0;
-+ WARN_ONCE(1, "vmx: unexpected exit reason 0x%x\n", exit_code);
-+ kvm_queue_exception(vcpu, UD_VECTOR);
-+ return 1;
- }
-
- return svm_exit_handlers[exit_code](svm);
@@ -3547,7 +3547,11 @@ static void reload_tss(struct kvm_vcpu *vcpu)
int cpu = raw_smp_processor_id();
local_irq_disable();
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
-index bfe11cf..deb3959 100644
+index 41a5426..c0b3c00 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
-@@ -453,6 +453,7 @@ struct vcpu_vmx {
- int gs_ldt_reload_needed;
- int fs_reload_needed;
- u64 msr_host_bndcfgs;
-+ unsigned long vmcs_host_cr4; /* May not match real cr4 */
- } host_state;
- struct {
- int vm86_active;
-@@ -1340,12 +1341,12 @@ static void vmcs_write64(unsigned long field, u64 value)
+@@ -1341,12 +1341,12 @@ static void vmcs_write64(unsigned long field, u64 value)
#endif
}
{
vmcs_writel(field, vmcs_readl(field) | mask);
}
-@@ -1605,7 +1606,11 @@ static void reload_tss(void)
+@@ -1606,7 +1606,11 @@ static void reload_tss(void)
struct desc_struct *descs;
descs = (void *)gdt->address;
load_TR_desc();
}
-@@ -1833,6 +1838,10 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
+@@ -1834,6 +1838,10 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
vmcs_writel(HOST_TR_BASE, kvm_read_tr_base()); /* 22.2.4 */
vmcs_writel(HOST_GDTR_BASE, gdt->address); /* 22.2.4 */
rdmsrl(MSR_IA32_SYSENTER_ESP, sysenter_esp);
vmcs_writel(HOST_IA32_SYSENTER_ESP, sysenter_esp); /* 22.2.3 */
vmx->loaded_vmcs->cpu = cpu;
-@@ -2122,7 +2131,7 @@ static void setup_msrs(struct vcpu_vmx *vmx)
+@@ -2123,7 +2131,7 @@ static void setup_msrs(struct vcpu_vmx *vmx)
* reads and returns guest's timestamp counter "register"
* guest_tsc = host_tsc + tsc_offset -- 21.3
*/
{
u64 host_tsc, tsc_offset;
-@@ -2631,12 +2640,15 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
- default:
- msr = find_msr_entry(vmx, msr_index);
- if (msr) {
-+ u64 old_msr_data = msr->data;
- msr->data = data;
- if (msr - vmx->guest_msrs < vmx->save_nmsrs) {
- preempt_disable();
-- kvm_set_shared_msr(msr->index, msr->data,
-- msr->mask);
-+ ret = kvm_set_shared_msr(msr->index, msr->data,
-+ msr->mask);
- preempt_enable();
-+ if (ret)
-+ msr->data = old_msr_data;
- }
- break;
- }
-@@ -3110,8 +3122,11 @@ static __init int hardware_setup(void)
+@@ -3114,8 +3122,11 @@ static __init int hardware_setup(void)
if (!cpu_has_vmx_flexpriority())
flexpriority_enabled = 0;
if (enable_ept && !cpu_has_vmx_ept_2m_page())
kvm_disable_largepages();
-@@ -3122,13 +3137,15 @@ static __init int hardware_setup(void)
+@@ -3126,13 +3137,15 @@ static __init int hardware_setup(void)
if (!cpu_has_vmx_apicv())
enable_apicv = 0;
if (nested)
nested_vmx_setup_ctls_msrs();
-@@ -4235,10 +4252,17 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx)
- u32 low32, high32;
- unsigned long tmpl;
- struct desc_ptr dt;
-+ unsigned long cr4;
+@@ -4242,7 +4255,10 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx)
+ unsigned long cr4;
vmcs_writel(HOST_CR0, read_cr0() & ~X86_CR0_TS); /* 22.2.3 */
-- vmcs_writel(HOST_CR4, read_cr4()); /* 22.2.3, 22.2.5 */
++
+#ifndef CONFIG_PAX_PER_CPU_PGD
vmcs_writel(HOST_CR3, read_cr3()); /* 22.2.3 FIXME: shadow tables */
+#endif
-+
-+ /* Save the most likely value for this task's CR4 in the VMCS. */
-+ cr4 = read_cr4();
-+ vmcs_writel(HOST_CR4, cr4); /* 22.2.3, 22.2.5 */
-+ vmx->host_state.vmcs_host_cr4 = cr4;
- vmcs_write16(HOST_CS_SELECTOR, __KERNEL_CS); /* 22.2.4 */
- #ifdef CONFIG_X86_64
-@@ -4260,7 +4284,7 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx)
+ /* Save the most likely value for this task's CR4 in the VMCS. */
+ cr4 = read_cr4();
+@@ -4269,7 +4285,7 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx)
vmcs_writel(HOST_IDTR_BASE, dt.address); /* 22.2.4 */
vmx->host_idt_base = dt.address;
rdmsr(MSR_IA32_SYSENTER_CS, low32, high32);
vmcs_write32(HOST_IA32_SYSENTER_CS, low32);
-@@ -5257,7 +5281,7 @@ static int handle_wrmsr(struct kvm_vcpu *vcpu)
- msr.data = data;
- msr.index = ecx;
- msr.host_initiated = false;
-- if (vmx_set_msr(vcpu, &msr) != 0) {
-+ if (kvm_set_msr(vcpu, &msr) != 0) {
- trace_kvm_msr_write_ex(ecx, data);
- kvm_inject_gp(vcpu, 0);
- return 1;
-@@ -6630,6 +6654,12 @@ static int handle_invept(struct kvm_vcpu *vcpu)
- return 1;
- }
-
-+static int handle_invvpid(struct kvm_vcpu *vcpu)
-+{
-+ kvm_queue_exception(vcpu, UD_VECTOR);
-+ return 1;
-+}
-+
- /*
- * The exit handlers return 1 if the exit was handled fully and guest execution
- * may resume. Otherwise they set the kvm_run parameter to indicate what needs
-@@ -6675,6 +6705,7 @@ static int (*const kvm_vmx_exit_handlers[])(struct kvm_vcpu *vcpu) = {
- [EXIT_REASON_MWAIT_INSTRUCTION] = handle_mwait,
- [EXIT_REASON_MONITOR_INSTRUCTION] = handle_monitor,
- [EXIT_REASON_INVEPT] = handle_invept,
-+ [EXIT_REASON_INVVPID] = handle_invvpid,
- };
-
- static const int kvm_vmx_max_exit_handlers =
-@@ -6908,7 +6939,7 @@ static bool nested_vmx_exit_handled(struct kvm_vcpu *vcpu)
- case EXIT_REASON_VMPTRST: case EXIT_REASON_VMREAD:
- case EXIT_REASON_VMRESUME: case EXIT_REASON_VMWRITE:
- case EXIT_REASON_VMOFF: case EXIT_REASON_VMON:
-- case EXIT_REASON_INVEPT:
-+ case EXIT_REASON_INVEPT: case EXIT_REASON_INVVPID:
- /*
- * VMX instructions trap unconditionally. This allows L1 to
- * emulate them for its L2 guest, i.e., allows 3-level nesting!
-@@ -7049,10 +7080,10 @@ static int vmx_handle_exit(struct kvm_vcpu *vcpu)
- && kvm_vmx_exit_handlers[exit_reason])
- return kvm_vmx_exit_handlers[exit_reason](vcpu);
- else {
-- vcpu->run->exit_reason = KVM_EXIT_UNKNOWN;
-- vcpu->run->hw.hardware_exit_reason = exit_reason;
-+ WARN_ONCE(1, "vmx: unexpected exit reason 0x%x\n", exit_reason);
-+ kvm_queue_exception(vcpu, UD_VECTOR);
-+ return 1;
- }
-- return 0;
- }
-
- static void update_cr8_intercept(struct kvm_vcpu *vcpu, int tpr, int irr)
-@@ -7376,7 +7407,7 @@ static void atomic_switch_perf_msrs(struct vcpu_vmx *vmx)
- static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
- {
- struct vcpu_vmx *vmx = to_vmx(vcpu);
-- unsigned long debugctlmsr;
-+ unsigned long debugctlmsr, cr4;
-
- /* Record the guest's net vcpu time for enforced NMI injections. */
- if (unlikely(!cpu_has_virtual_nmis() && vmx->soft_vnmi_blocked))
-@@ -7397,6 +7428,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
- if (test_bit(VCPU_REGS_RIP, (unsigned long *)&vcpu->arch.regs_dirty))
- vmcs_writel(GUEST_RIP, vcpu->arch.regs[VCPU_REGS_RIP]);
-
-+ cr4 = read_cr4();
-+ if (unlikely(cr4 != vmx->host_state.vmcs_host_cr4)) {
-+ vmcs_writel(HOST_CR4, cr4);
-+ vmx->host_state.vmcs_host_cr4 = cr4;
-+ }
-+
- /* When single-stepping over STI and MOV SS, we must clear the
- * corresponding interruptibility bits in the guest state. Otherwise
- * vmentry fails as it then expects bit 14 (BS) in pending debug
-@@ -7453,6 +7490,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -7475,6 +7491,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
"jmp 2f \n\t"
"1: " __ex(ASM_VMX_VMRESUME) "\n\t"
"2: "
/* Save guest registers, load host registers, keep flags */
"mov %0, %c[wordsize](%%" _ASM_SP ") \n\t"
"pop %0 \n\t"
-@@ -7505,6 +7548,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -7527,6 +7549,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
#endif
[cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)),
[wordsize]"i"(sizeof(ulong))
: "cc", "memory"
#ifdef CONFIG_X86_64
, "rax", "rbx", "rdi", "rsi"
-@@ -7518,7 +7566,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -7540,7 +7567,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
if (debugctlmsr)
update_debugctlmsr(debugctlmsr);
/*
* The sysexit path does not restore ds/es, so we must set them to
* a reasonable value ourselves.
-@@ -7527,8 +7575,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -7549,8 +7576,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
* may be executed in interrupt context, which saves and restore segments
* around it, nullifying its effect.
*/
vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index 8f1e22d..c23d3c5 100644
+index d6aeccf..cea125a 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
-@@ -229,20 +229,25 @@ static void kvm_shared_msr_cpu_online(void)
- shared_msr_update(i, shared_msrs_global.msrs[i]);
- }
-
--void kvm_set_shared_msr(unsigned slot, u64 value, u64 mask)
-+int kvm_set_shared_msr(unsigned slot, u64 value, u64 mask)
- {
- unsigned int cpu = smp_processor_id();
- struct kvm_shared_msrs *smsr = per_cpu_ptr(shared_msrs, cpu);
-+ int err;
-
- if (((value ^ smsr->values[slot].curr) & mask) == 0)
-- return;
-+ return 0;
- smsr->values[slot].curr = value;
-- wrmsrl(shared_msrs_global.msrs[slot], value);
-+ err = wrmsrl_safe(shared_msrs_global.msrs[slot], value);
-+ if (err)
-+ return 1;
-+
- if (!smsr->registered) {
- smsr->urn.on_user_return = kvm_on_user_return;
- user_return_notifier_register(&smsr->urn);
- smsr->registered = true;
- }
-+ return 0;
- }
- EXPORT_SYMBOL_GPL(kvm_set_shared_msr);
-
-@@ -984,7 +989,6 @@ void kvm_enable_efer_bits(u64 mask)
- }
- EXPORT_SYMBOL_GPL(kvm_enable_efer_bits);
-
--
- /*
- * Writes msr value into into the appropriate "register".
- * Returns 0 on success, non-0 otherwise.
-@@ -992,8 +996,34 @@ EXPORT_SYMBOL_GPL(kvm_enable_efer_bits);
- */
- int kvm_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr)
- {
-+ switch (msr->index) {
-+ case MSR_FS_BASE:
-+ case MSR_GS_BASE:
-+ case MSR_KERNEL_GS_BASE:
-+ case MSR_CSTAR:
-+ case MSR_LSTAR:
-+ if (is_noncanonical_address(msr->data))
-+ return 1;
-+ break;
-+ case MSR_IA32_SYSENTER_EIP:
-+ case MSR_IA32_SYSENTER_ESP:
-+ /*
-+ * IA32_SYSENTER_ESP and IA32_SYSENTER_EIP cause #GP if
-+ * non-canonical address is written on Intel but not on
-+ * AMD (which ignores the top 32-bits, because it does
-+ * not implement 64-bit SYSENTER).
-+ *
-+ * 64-bit code should hence be able to write a non-canonical
-+ * value on AMD. Making the address canonical ensures that
-+ * vmentry does not fail on Intel after writing a non-canonical
-+ * value, and that something deterministic happens if the guest
-+ * invokes 64-bit SYSENTER.
-+ */
-+ msr->data = get_canonical(msr->data);
-+ }
- return kvm_x86_ops->set_msr(vcpu, msr);
- }
-+EXPORT_SYMBOL_GPL(kvm_set_msr);
-
- /*
- * Adapt set_msr() to msr_io()'s calling convention
-@@ -1827,8 +1857,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data)
+@@ -1857,8 +1857,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data)
{
struct kvm *kvm = vcpu->kvm;
int lm = is_long_mode(vcpu);
u8 blob_size = lm ? kvm->arch.xen_hvm_config.blob_size_64
: kvm->arch.xen_hvm_config.blob_size_32;
u32 page_num = data & ~PAGE_MASK;
-@@ -2749,6 +2779,8 @@ long kvm_arch_dev_ioctl(struct file *filp,
+@@ -2779,6 +2779,8 @@ long kvm_arch_dev_ioctl(struct file *filp,
if (n < msr_list.nmsrs)
goto out;
r = -EFAULT;
if (copy_to_user(user_msr_list->indices, &msrs_to_save,
num_msrs_to_save * sizeof(u32)))
goto out;
-@@ -5609,7 +5641,7 @@ static struct notifier_block pvclock_gtod_notifier = {
+@@ -5639,7 +5641,7 @@ static struct notifier_block pvclock_gtod_notifier = {
};
#endif
unsigned long uninitialized_var(pfn_align);
int i, nid;
diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c
-index ae242a7..1c7998f 100644
+index 36de293..b820ddc 100644
--- a/arch/x86/mm/pageattr.c
+++ b/arch/x86/mm/pageattr.c
@@ -262,7 +262,7 @@ static inline pgprot_t static_protections(pgprot_t prot, unsigned long address,
+ pax_force_retaddr
ret
diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c
-index 5c8cb80..728d0cd 100644
+index c881ba8..71aca2e 100644
--- a/arch/x86/net/bpf_jit_comp.c
+++ b/arch/x86/net/bpf_jit_comp.c
@@ -15,7 +15,11 @@
return header;
}
-@@ -853,7 +853,9 @@ common_load: ctx->seen_ld_abs = true;
+@@ -864,7 +864,9 @@ common_load:
pr_err("bpf_jit_compile fatal error\n");
return -EFAULT;
}
}
proglen += ilen;
addrs[i] = proglen;
-@@ -868,7 +870,7 @@ void bpf_jit_compile(struct bpf_prog *prog)
+@@ -879,7 +881,7 @@ void bpf_jit_compile(struct bpf_prog *prog)
void bpf_int_jit_compile(struct bpf_prog *prog)
{
int proglen, oldproglen = 0;
struct jit_context ctx = {};
u8 *image = NULL;
-@@ -900,7 +902,7 @@ void bpf_int_jit_compile(struct bpf_prog *prog)
+@@ -911,7 +913,7 @@ void bpf_int_jit_compile(struct bpf_prog *prog)
if (proglen <= 0) {
image = NULL;
if (header)
goto out;
}
if (image) {
-@@ -922,7 +924,6 @@ void bpf_int_jit_compile(struct bpf_prog *prog)
+@@ -935,7 +937,6 @@ void bpf_int_jit_compile(struct bpf_prog *prog)
if (image) {
bpf_flush_icache(header, image + proglen);
prog->bpf_func = (void *)image;
prog->jited = 1;
}
-@@ -930,23 +931,16 @@ out:
+@@ -943,23 +944,15 @@ out:
kfree(addrs);
}
+ if (!fp->jited)
+ goto free_filter;
+
-+ set_memory_rw(addr, 1);
+ module_free_exec(NULL, (void *)addr);
+
+free_filter:
(u8 *) pte, count) < count) {
kfree(pte);
diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c
-index 9b8eaec..c20279a 100644
+index a6d6270..c4bb72f 100644
--- a/block/scsi_ioctl.c
+++ b/block/scsi_ioctl.c
@@ -67,7 +67,7 @@ static int scsi_get_bus(struct request_queue *q, int __user *p)
set_fs(KERNEL_DS);
if (level == SOL_SOCKET)
diff --git a/drivers/block/drbd/drbd_interval.c b/drivers/block/drbd/drbd_interval.c
-index 89c497c..9c736ae 100644
+index 04a14e0..5b8f0aa 100644
--- a/drivers/block/drbd/drbd_interval.c
+++ b/drivers/block/drbd/drbd_interval.c
@@ -67,9 +67,9 @@ static void augment_rotate(struct rb_node *rb_old, struct rb_node *rb_new)
if (cmd != SIOCWANDEV)
diff --git a/drivers/char/random.c b/drivers/char/random.c
-index c18d41d..7c499f3 100644
+index 8c86a95..7c499f3 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -289,9 +289,6 @@
unsigned int add =
((pool_size - entropy_count)*anfrac*3) >> s;
-@@ -1106,7 +1103,7 @@ static void extract_buf(struct entropy_store *r, __u8 *out)
- __mix_pool_bytes(r, hash.w, sizeof(hash.w));
- spin_unlock_irqrestore(&r->lock, flags);
-
-- memset(workspace, 0, sizeof(workspace));
-+ memzero_explicit(workspace, sizeof(workspace));
-
- /*
- * In case the hash function has some recognizable output
-@@ -1118,7 +1115,7 @@ static void extract_buf(struct entropy_store *r, __u8 *out)
- hash.w[2] ^= rol32(hash.w[2], 16);
-
- memcpy(out, &hash, EXTRACT_SIZE);
-- memset(&hash, 0, sizeof(hash));
-+ memzero_explicit(&hash, sizeof(hash));
- }
-
- /*
-@@ -1175,7 +1172,7 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
- }
-
- /* Wipe data just returned from memory */
-- memset(tmp, 0, sizeof(tmp));
-+ memzero_explicit(tmp, sizeof(tmp));
-
- return ret;
- }
@@ -1207,7 +1204,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
extract_buf(r, tmp);
ret = -EFAULT;
break;
}
-@@ -1218,7 +1215,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
- }
-
- /* Wipe data just returned from memory */
-- memset(tmp, 0, sizeof(tmp));
-+ memzero_explicit(tmp, sizeof(tmp));
-
- return ret;
- }
@@ -1590,7 +1587,7 @@ static char sysctl_bootid[16];
static int proc_do_uuid(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos)
cpu_notifier_register_begin();
diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c
-index 61190f6..fcd899a 100644
+index 07c8276..38bd07c 100644
--- a/drivers/cpufreq/cpufreq.c
+++ b/drivers/cpufreq/cpufreq.c
-@@ -2095,7 +2095,7 @@ void cpufreq_unregister_governor(struct cpufreq_governor *governor)
+@@ -2107,7 +2107,7 @@ void cpufreq_unregister_governor(struct cpufreq_governor *governor)
}
mutex_lock(&cpufreq_governor_mutex);
mutex_unlock(&cpufreq_governor_mutex);
return;
}
-@@ -2311,7 +2311,7 @@ static int cpufreq_cpu_callback(struct notifier_block *nfb,
+@@ -2323,7 +2323,7 @@ static int cpufreq_cpu_callback(struct notifier_block *nfb,
return NOTIFY_OK;
}
.notifier_call = cpufreq_cpu_callback,
};
-@@ -2351,13 +2351,17 @@ int cpufreq_boost_trigger_state(int state)
+@@ -2363,13 +2363,17 @@ int cpufreq_boost_trigger_state(int state)
return 0;
write_lock_irqsave(&cpufreq_driver_lock, flags);
write_unlock_irqrestore(&cpufreq_driver_lock, flags);
pr_err("%s: Cannot %s BOOST\n",
-@@ -2414,8 +2418,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data)
+@@ -2426,8 +2430,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data)
pr_debug("trying to register driver %s\n", driver_data->name);
write_lock_irqsave(&cpufreq_driver_lock, flags);
if (cpufreq_driver) {
-@@ -2430,8 +2437,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data)
+@@ -2442,8 +2449,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data)
* Check if driver provides function to enable boost -
* if not, use cpufreq_boost_set_sw as default
*/
}
EXPORT_SYMBOL_GPL(od_unregister_powersave_bias_handler);
diff --git a/drivers/cpufreq/intel_pstate.c b/drivers/cpufreq/intel_pstate.c
-index 0668b38..2f3ea18 100644
+index 27bb6d3..4cf595c 100644
--- a/drivers/cpufreq/intel_pstate.c
+++ b/drivers/cpufreq/intel_pstate.c
-@@ -120,10 +120,10 @@ struct pstate_funcs {
+@@ -133,10 +133,10 @@ struct pstate_funcs {
struct cpu_defaults {
struct pstate_adjust_policy pid_policy;
struct pstate_funcs funcs;
struct perf_limits {
int no_turbo;
-@@ -527,17 +527,17 @@ static void intel_pstate_set_pstate(struct cpudata *cpu, int pstate)
+@@ -594,18 +594,18 @@ static void intel_pstate_set_pstate(struct cpudata *cpu, int pstate)
cpu->pstate.current_pstate = pstate;
- cpu->pstate.min_pstate = pstate_funcs.get_min();
- cpu->pstate.max_pstate = pstate_funcs.get_max();
- cpu->pstate.turbo_pstate = pstate_funcs.get_turbo();
+- cpu->pstate.scaling = pstate_funcs.get_scaling();
+ cpu->pstate.min_pstate = pstate_funcs->get_min();
+ cpu->pstate.max_pstate = pstate_funcs->get_max();
+ cpu->pstate.turbo_pstate = pstate_funcs->get_turbo();
++ cpu->pstate.scaling = pstate_funcs->get_scaling();
- if (pstate_funcs.get_vid)
- pstate_funcs.get_vid(cpu);
intel_pstate_set_pstate(cpu, cpu->pstate.min_pstate);
}
-@@ -810,9 +810,9 @@ static int intel_pstate_msrs_not_valid(void)
+@@ -875,9 +875,9 @@ static int intel_pstate_msrs_not_valid(void)
rdmsrl(MSR_IA32_APERF, aperf);
rdmsrl(MSR_IA32_MPERF, mperf);
return -ENODEV;
rdmsrl(MSR_IA32_APERF, tmp);
-@@ -826,7 +826,7 @@ static int intel_pstate_msrs_not_valid(void)
+@@ -891,7 +891,7 @@ static int intel_pstate_msrs_not_valid(void)
return 0;
}
{
pid_params.sample_rate_ms = policy->sample_rate_ms;
pid_params.p_gain_pct = policy->p_gain_pct;
-@@ -838,11 +838,7 @@ static void copy_pid_params(struct pstate_adjust_policy *policy)
+@@ -903,12 +903,7 @@ static void copy_pid_params(struct pstate_adjust_policy *policy)
static void copy_cpu_funcs(struct pstate_funcs *funcs)
{
- pstate_funcs.get_max = funcs->get_max;
- pstate_funcs.get_min = funcs->get_min;
- pstate_funcs.get_turbo = funcs->get_turbo;
+- pstate_funcs.get_scaling = funcs->get_scaling;
- pstate_funcs.set = funcs->set;
- pstate_funcs.get_vid = funcs->get_vid;
+ pstate_funcs = funcs;
return ret;
diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
-index d8324c6..fc9b704 100644
+index b71a026..8b6cc10 100644
--- a/drivers/gpu/drm/i915/intel_display.c
+++ b/drivers/gpu/drm/i915/intel_display.c
@@ -12437,13 +12437,13 @@ struct intel_quirk {
if (regcomp
(&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) {
diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c
-index 12c8329..a69e2e8 100644
+index 5d4416f..80b7fc4 100644
--- a/drivers/gpu/drm/radeon/radeon_device.c
+++ b/drivers/gpu/drm/radeon/radeon_device.c
-@@ -1213,7 +1213,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev)
+@@ -1214,7 +1214,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev)
* locking inversion with the driver load path. And the access here is
* completely racy anyway. So don't bother with locking for now.
*/
if (atomic_read(&uhid->report_done))
goto unlock;
diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c
-index 531a593..0b43a69 100644
+index 19bad59..ca24eaf 100644
--- a/drivers/hv/channel.c
+++ b/drivers/hv/channel.c
-@@ -365,8 +365,8 @@ int vmbus_establish_gpadl(struct vmbus_channel *channel, void *kbuffer,
+@@ -366,8 +366,8 @@ int vmbus_establish_gpadl(struct vmbus_channel *channel, void *kbuffer,
+ unsigned long flags;
int ret = 0;
- int t;
- next_gpadl_handle = atomic_read(&vmbus_connection.next_gpadl_handle);
- atomic_inc(&vmbus_connection.next_gpadl_handle);
ret = create_gpadl_header(kbuffer, size, &msginfo, &msgcount);
if (ret)
diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c
-index edfc848..d83e195 100644
+index 3e4235c..877d0e5 100644
--- a/drivers/hv/hv.c
+++ b/drivers/hv/hv.c
@@ -112,7 +112,7 @@ static u64 do_hypercall(u64 control, void *input, void *output)
__asm__ __volatile__ ("call *%8" : "=d"(hv_status_hi),
"=a"(hv_status_lo) : "d" (control_hi),
-@@ -154,7 +154,7 @@ int hv_init(void)
+@@ -156,7 +156,7 @@ int hv_init(void)
/* See if the hypercall page is already set */
rdmsrl(HV_X64_MSR_HYPERCALL, hypercall_msr.as_uint64);
cap_msg.caps.cap_bits.balloon = 1;
cap_msg.caps.cap_bits.hot_add = 1;
diff --git a/drivers/hv/hyperv_vmbus.h b/drivers/hv/hyperv_vmbus.h
-index 22b7507..fc2fc47 100644
+index c386d8d..d6004c4 100644
--- a/drivers/hv/hyperv_vmbus.h
+++ b/drivers/hv/hyperv_vmbus.h
-@@ -607,7 +607,7 @@ enum vmbus_connect_state {
+@@ -611,7 +611,7 @@ enum vmbus_connect_state {
struct vmbus_connection {
enum vmbus_connect_state conn_state;
void dm_uevent_add(struct mapped_device *md, struct list_head *elist)
diff --git a/drivers/md/md.c b/drivers/md/md.c
-index 1294238..a442227 100644
+index b7f603c..723d2bd 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -194,10 +194,10 @@ EXPORT_SYMBOL_GPL(bio_clone_mddev);
INIT_LIST_HEAD(&rdev->same_set);
init_waitqueue_head(&rdev->blocked_wait);
-@@ -7068,7 +7068,7 @@ static int md_seq_show(struct seq_file *seq, void *v)
+@@ -7072,7 +7072,7 @@ static int md_seq_show(struct seq_file *seq, void *v)
spin_unlock(&pers_lock);
seq_printf(seq, "\n");
return 0;
}
if (v == (void*)2) {
-@@ -7171,7 +7171,7 @@ static int md_seq_open(struct inode *inode, struct file *file)
+@@ -7175,7 +7175,7 @@ static int md_seq_open(struct inode *inode, struct file *file)
return error;
seq = file->private_data;
return error;
}
-@@ -7188,7 +7188,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait)
+@@ -7192,7 +7192,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait)
/* always allow read */
mask = POLLIN | POLLRDNORM;
mask |= POLLERR | POLLPRI;
return mask;
}
-@@ -7232,7 +7232,7 @@ static int is_mddev_idle(struct mddev *mddev, int init)
+@@ -7236,7 +7236,7 @@ static int is_mddev_idle(struct mddev *mddev, int init)
struct gendisk *disk = rdev->bdev->bd_contains->bd_disk;
curr_events = (int)part_stat_read(&disk->part0, sectors[0]) +
(int)part_stat_read(&disk->part0, sectors[1]) -
if (imx_data->socdata->flags & ESDHC_FLAG_STD_TUNING)
writel(readl(host->ioaddr + ESDHC_TUNING_CTRL) |
diff --git a/drivers/mmc/host/sdhci-s3c.c b/drivers/mmc/host/sdhci-s3c.c
-index fa5954a..56840e5 100644
+index 1e47903..7683916 100644
--- a/drivers/mmc/host/sdhci-s3c.c
+++ b/drivers/mmc/host/sdhci-s3c.c
@@ -584,9 +584,11 @@ static int sdhci_s3c_probe(struct platform_device *pdev)
+ .wrapper_rx_desc_init = xgbe_wrapper_rx_descriptor_init,
+};
diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-dev.c b/drivers/net/ethernet/amd/xgbe/xgbe-dev.c
-index ea27383..d695e45 100644
+index ea27383..faa8936 100644
--- a/drivers/net/ethernet/amd/xgbe/xgbe-dev.c
+++ b/drivers/net/ethernet/amd/xgbe/xgbe-dev.c
@@ -2463,7 +2463,7 @@ static void xgbe_powerdown_rx(struct xgbe_prv_data *pdata)
- DBGPR("<--xgbe_init_function_ptrs\n");
-}
+ .config_dcb_tc = xgbe_config_dcb_tc,
-+ .config_dcb_pfc = xgbe_config_dcb_pfc
++ .config_dcb_pfc = xgbe_config_dcb_pfc,
+};
diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-drv.c b/drivers/net/ethernet/amd/xgbe/xgbe-drv.c
index b26d758..b0d1c3b 100644
#define L2T_SKB_CB(skb) ((struct l2t_skb_cb *)(skb)->cb)
diff --git a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
-index e5be511..16cb55c 100644
+index 9f5f3c3..86d21a6 100644
--- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
+++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
-@@ -2355,7 +2355,7 @@ static void get_regs(struct net_device *dev, struct ethtool_regs *regs,
+@@ -2359,7 +2359,7 @@ static void get_regs(struct net_device *dev, struct ethtool_regs *regs,
int i;
struct adapter *ap = netdev2adap(dev);
spinlock_t request_lock;
struct list_head req_list;
-diff --git a/drivers/net/hyperv/netvsc_drv.c b/drivers/net/hyperv/netvsc_drv.c
-index 0fcb5e7..148fda3 100644
---- a/drivers/net/hyperv/netvsc_drv.c
-+++ b/drivers/net/hyperv/netvsc_drv.c
-@@ -556,6 +556,7 @@ do_lso:
- do_send:
- /* Start filling in the page buffers with the rndis hdr */
- rndis_msg->msg_len += rndis_msg_size;
-+ packet->total_data_buflen = rndis_msg->msg_len;
- packet->page_buf_cnt = init_page_array(rndis_msg, rndis_msg_size,
- skb, &packet->page_buf[0]);
-
diff --git a/drivers/net/hyperv/rndis_filter.c b/drivers/net/hyperv/rndis_filter.c
index 2b86f0b..ecc996f 100644
--- a/drivers/net/hyperv/rndis_filter.c
priv = netdev_priv(dev);
priv->phy = phy;
diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c
-index 726edab..8939092 100644
+index 5f17ad0..e0463c8 100644
--- a/drivers/net/macvlan.c
+++ b/drivers/net/macvlan.c
@@ -264,7 +264,7 @@ static void macvlan_broadcast_enqueue(struct macvlan_port *port,
}
/* called under rcu_read_lock() from netif_receive_skb */
-@@ -1144,13 +1144,15 @@ static const struct nla_policy macvlan_policy[IFLA_MACVLAN_MAX + 1] = {
+@@ -1150,13 +1150,15 @@ static const struct nla_policy macvlan_policy[IFLA_MACVLAN_MAX + 1] = {
int macvlan_link_register(struct rtnl_link_ops *ops)
{
/* common fields */
return rtnl_link_register(ops);
};
-@@ -1230,7 +1232,7 @@ static int macvlan_device_event(struct notifier_block *unused,
+@@ -1236,7 +1238,7 @@ static int macvlan_device_event(struct notifier_block *unused,
return NOTIFY_DONE;
}
};
diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c
-index 0c6adaa..0784e3f 100644
+index 07c942b..2d8b073 100644
--- a/drivers/net/macvtap.c
+++ b/drivers/net/macvtap.c
-@@ -1018,7 +1018,7 @@ static long macvtap_ioctl(struct file *file, unsigned int cmd,
+@@ -1023,7 +1023,7 @@ static long macvtap_ioctl(struct file *file, unsigned int cmd,
}
ret = 0;
put_user(q->flags, &ifr->ifr_flags))
ret = -EFAULT;
macvtap_put_vlan(vlan);
-@@ -1188,7 +1188,7 @@ static int macvtap_device_event(struct notifier_block *unused,
+@@ -1193,7 +1193,7 @@ static int macvtap_device_event(struct notifier_block *unused,
return NOTIFY_DONE;
}
};
diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c
-index fa0d717..bab8c01 100644
+index 17ecdd6..79ad848 100644
--- a/drivers/net/ppp/ppp_generic.c
+++ b/drivers/net/ppp/ppp_generic.c
-@@ -594,7 +594,7 @@ static long ppp_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
- if (file == ppp->owner)
- ppp_shutdown_interface(ppp);
- }
-- if (atomic_long_read(&file->f_count) <= 2) {
-+ if (atomic_long_read(&file->f_count) < 2) {
- ppp_release(NULL, file);
- err = 0;
- } else
@@ -1020,7 +1020,6 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
void __user *addr = (void __user *) ifr->ifr_ifru.ifru_data;
struct ppp_stats stats;
break;
err = 0;
break;
+diff --git a/drivers/net/ppp/pptp.c b/drivers/net/ppp/pptp.c
+index 1aff970..cc2ee29 100644
+--- a/drivers/net/ppp/pptp.c
++++ b/drivers/net/ppp/pptp.c
+@@ -506,7 +506,9 @@ static int pptp_getname(struct socket *sock, struct sockaddr *uaddr,
+ int len = sizeof(struct sockaddr_pppox);
+ struct sockaddr_pppox sp;
+
+- sp.sa_family = AF_PPPOX;
++ memset(&sp.sa_addr, 0, sizeof(sp.sa_addr));
++
++ sp.sa_family = AF_PPPOX;
+ sp.sa_protocol = PX_PROTO_PPTP;
+ sp.sa_addr.pptp = pppox_sk(sock->sk)->proto.pptp.src_addr;
+
diff --git a/drivers/net/slip/slhc.c b/drivers/net/slip/slhc.c
index 079f7ad..b2a2bfa7 100644
--- a/drivers/net/slip/slhc.c
};
diff --git a/drivers/net/tun.c b/drivers/net/tun.c
-index acaaf67..a33483d 100644
+index d965e8a..f119e64 100644
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
-@@ -1855,7 +1855,7 @@ unlock:
+@@ -1861,7 +1861,7 @@ unlock:
}
static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
{
struct tun_file *tfile = file->private_data;
struct tun_struct *tun;
-@@ -1868,6 +1868,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
+@@ -1874,6 +1874,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
unsigned int ifindex;
int ret;
#define VIRTNET_DRIVER_VERSION "1.0.0"
diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
-index beb377b..b5bbf08 100644
+index 81a8a29..ae60a58 100644
--- a/drivers/net/vxlan.c
+++ b/drivers/net/vxlan.c
-@@ -1440,9 +1440,6 @@ static int neigh_reduce(struct net_device *dev, struct sk_buff *skb)
- if (!in6_dev)
- goto out;
-
-- if (!pskb_may_pull(skb, skb->len))
-- goto out;
--
- iphdr = ipv6_hdr(skb);
- saddr = &iphdr->saddr;
- daddr = &iphdr->daddr;
-@@ -1717,6 +1714,8 @@ static void vxlan_encap_bypass(struct sk_buff *skb, struct vxlan_dev *src_vxlan,
- struct pcpu_sw_netstats *tx_stats, *rx_stats;
- union vxlan_addr loopback;
- union vxlan_addr *remote_ip = &dst_vxlan->default_dst.remote_ip;
-+ struct net_device *dev = skb->dev;
-+ int len = skb->len;
-
- tx_stats = this_cpu_ptr(src_vxlan->dev->tstats);
- rx_stats = this_cpu_ptr(dst_vxlan->dev->tstats);
-@@ -1740,16 +1739,16 @@ static void vxlan_encap_bypass(struct sk_buff *skb, struct vxlan_dev *src_vxlan,
-
- u64_stats_update_begin(&tx_stats->syncp);
- tx_stats->tx_packets++;
-- tx_stats->tx_bytes += skb->len;
-+ tx_stats->tx_bytes += len;
- u64_stats_update_end(&tx_stats->syncp);
-
- if (netif_rx(skb) == NET_RX_SUCCESS) {
- u64_stats_update_begin(&rx_stats->syncp);
- rx_stats->rx_packets++;
-- rx_stats->rx_bytes += skb->len;
-+ rx_stats->rx_bytes += len;
- u64_stats_update_end(&rx_stats->syncp);
- } else {
-- skb->dev->stats.rx_dropped++;
-+ dev->stats.rx_dropped++;
- }
- }
-
-@@ -1927,7 +1926,8 @@ static netdev_tx_t vxlan_xmit(struct sk_buff *skb, struct net_device *dev)
- return arp_reduce(dev, skb);
- #if IS_ENABLED(CONFIG_IPV6)
- else if (ntohs(eth->h_proto) == ETH_P_IPV6 &&
-- skb->len >= sizeof(struct ipv6hdr) + sizeof(struct nd_msg) &&
-+ pskb_may_pull(skb, sizeof(struct ipv6hdr)
-+ + sizeof(struct nd_msg)) &&
- ipv6_hdr(skb)->nexthdr == IPPROTO_ICMPV6) {
- struct nd_msg *msg;
-
-@@ -2750,7 +2750,7 @@ nla_put_failure:
+@@ -2762,7 +2762,7 @@ nla_put_failure:
return -EMSGSIZE;
}
.kind = "vxlan",
.maxtype = IFLA_VXLAN_MAX,
.policy = vxlan_policy,
-@@ -2797,7 +2797,7 @@ static int vxlan_lowerdev_event(struct notifier_block *unused,
+@@ -2809,7 +2809,7 @@ static int vxlan_lowerdev_event(struct notifier_block *unused,
return NOTIFY_DONE;
}
memset(buf, 0, sizeof(buf));
buf_size = min(count, sizeof(buf) - 1);
diff --git a/drivers/net/wireless/iwlwifi/pcie/trans.c b/drivers/net/wireless/iwlwifi/pcie/trans.c
-index 06e04aa..d5e1f0d 100644
+index 6c02467..771bb8a 100644
--- a/drivers/net/wireless/iwlwifi/pcie/trans.c
+++ b/drivers/net/wireless/iwlwifi/pcie/trans.c
-@@ -1684,7 +1684,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file,
+@@ -1686,7 +1686,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file,
struct isr_statistics *isr_stats = &trans_pcie->isr_stats;
char buf[8];
u32 reset_flag;
memset(buf, 0, sizeof(buf));
-@@ -1705,7 +1705,7 @@ static ssize_t iwl_dbgfs_csr_write(struct file *file,
+@@ -1707,7 +1707,7 @@ static ssize_t iwl_dbgfs_csr_write(struct file *file,
{
struct iwl_trans *trans = file->private_data;
char buf[8];
memset(buf, 0, sizeof(buf));
diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c
-index 1326f61..9e56010f 100644
+index 6b48c865..19646a7 100644
--- a/drivers/net/wireless/mac80211_hwsim.c
+++ b/drivers/net/wireless/mac80211_hwsim.c
-@@ -2575,20 +2575,20 @@ static int __init init_mac80211_hwsim(void)
+@@ -2577,20 +2577,20 @@ static int __init init_mac80211_hwsim(void)
if (channels < 1)
return -EINVAL;
kfree(msi_dev_attr);
++count;
diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
-index 9ff0a90..e819dda 100644
+index 6d04771..4126004 100644
--- a/drivers/pci/pci-sysfs.c
+++ b/drivers/pci/pci-sysfs.c
@@ -1134,7 +1134,7 @@ static int pci_create_attr(struct pci_dev *pdev, int num, int write_combine)
mc13xxx_data = mc13xxx_parse_regulators_dt(pdev, mc13892_regulators,
ARRAY_SIZE(mc13892_regulators));
diff --git a/drivers/rtc/rtc-cmos.c b/drivers/rtc/rtc-cmos.c
-index b0e4a3e..e5dc11e 100644
+index 5b2e761..c8c8a4a 100644
--- a/drivers/rtc/rtc-cmos.c
+++ b/drivers/rtc/rtc-cmos.c
@@ -789,7 +789,9 @@ cmos_do_probe(struct device *dev, struct resource *ports, int rtc_irq)
extern void qla2x00_free_sysfs_attr(scsi_qla_host_t *, bool);
extern void qla2x00_init_host_attr(scsi_qla_host_t *);
diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c
-index be9698d..a328a41 100644
+index 8252c0e..613adad 100644
--- a/drivers/scsi/qla2xxx/qla_os.c
+++ b/drivers/scsi/qla2xxx/qla_os.c
@@ -1493,8 +1493,10 @@ qla2x00_config_dma_addressing(struct qla_hw_data *ha)
/* check if the device is still usable */
if (unlikely(cmd->device->sdev_state == SDEV_DEL)) {
diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
-index aaea4b9..c64408d 100644
+index 7cb8c73..14561b5 100644
--- a/drivers/scsi/scsi_lib.c
+++ b/drivers/scsi/scsi_lib.c
@@ -1581,7 +1581,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q)
case BLKTRACESTART:
return blk_trace_startstop(sdp->device->request_queue, 1);
case BLKTRACESTOP:
+diff --git a/drivers/soc/tegra/fuse/fuse-tegra.c b/drivers/soc/tegra/fuse/fuse-tegra.c
+index 11a5043..e36f04c 100644
+--- a/drivers/soc/tegra/fuse/fuse-tegra.c
++++ b/drivers/soc/tegra/fuse/fuse-tegra.c
+@@ -70,7 +70,7 @@ static ssize_t fuse_read(struct file *fd, struct kobject *kobj,
+ return i;
+ }
+
+-static struct bin_attribute fuse_bin_attr = {
++static bin_attribute_no_const fuse_bin_attr = {
+ .attr = { .name = "fuse", .mode = S_IRUGO, },
+ .read = fuse_read,
+ };
diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c
index ca935df..ae8a3dc 100644
--- a/drivers/spi/spi.c
return -EBUSY;
imx_drm_crtc = kzalloc(sizeof(*imx_drm_crtc), GFP_KERNEL);
+diff --git a/drivers/staging/line6/driver.c b/drivers/staging/line6/driver.c
+index 503b2d7..c918745 100644
+--- a/drivers/staging/line6/driver.c
++++ b/drivers/staging/line6/driver.c
+@@ -463,7 +463,7 @@ int line6_read_data(struct usb_line6 *line6, int address, void *data,
+ {
+ struct usb_device *usbdev = line6->usbdev;
+ int ret;
+- unsigned char len;
++ unsigned char *plen;
+
+ /* query the serial number: */
+ ret = usb_control_msg(usbdev, usb_sndctrlpipe(usbdev, 0), 0x67,
+@@ -476,27 +476,34 @@ int line6_read_data(struct usb_line6 *line6, int address, void *data,
+ return ret;
+ }
+
++ plen = kmalloc(1, GFP_KERNEL);
++ if (plen == NULL)
++ return -ENOMEM;
++
+ /* Wait for data length. We'll get 0xff until length arrives. */
+ do {
+ ret = usb_control_msg(usbdev, usb_rcvctrlpipe(usbdev, 0), 0x67,
+ USB_TYPE_VENDOR | USB_RECIP_DEVICE |
+ USB_DIR_IN,
+- 0x0012, 0x0000, &len, 1,
++ 0x0012, 0x0000, plen, 1,
+ LINE6_TIMEOUT * HZ);
+ if (ret < 0) {
+ dev_err(line6->ifcdev,
+ "receive length failed (error %d)\n", ret);
++ kfree(plen);
+ return ret;
+ }
+- } while (len == 0xff);
++ } while (*plen == 0xff);
+
+- if (len != datalen) {
++ if (*plen != datalen) {
+ /* should be equal or something went wrong */
+ dev_err(line6->ifcdev,
+ "length mismatch (expected %d, got %d)\n",
+- (int)datalen, (int)len);
++ (int)datalen, (int)*plen);
++ kfree(plen);
+ return -EINVAL;
+ }
++ kfree(plen);
+
+ /* receive the result: */
+ ret = usb_control_msg(usbdev, usb_rcvctrlpipe(usbdev, 0), 0x67,
diff --git a/drivers/staging/lustre/lnet/selftest/brw_test.c b/drivers/staging/lustre/lnet/selftest/brw_test.c
index bcce919..f30fcf9 100644
--- a/drivers/staging/lustre/lnet/selftest/brw_test.c
struct io_req {
struct list_head list;
+diff --git a/drivers/staging/unisys/visorchipset/visorchipset.h b/drivers/staging/unisys/visorchipset/visorchipset.h
+index 2bf2e2f..84421c9 100644
+--- a/drivers/staging/unisys/visorchipset/visorchipset.h
++++ b/drivers/staging/unisys/visorchipset/visorchipset.h
+@@ -228,7 +228,7 @@ typedef struct {
+ void (*device_resume)(ulong busNo, ulong devNo);
+ int (*get_channel_info)(uuid_le typeGuid, ulong *minSize,
+ ulong *maxSize);
+-} VISORCHIPSET_BUSDEV_NOTIFIERS;
++} __no_const VISORCHIPSET_BUSDEV_NOTIFIERS;
+
+ /* These functions live inside visorchipset, and will be called to indicate
+ * responses to specific events (by code outside of visorchipset).
+@@ -243,7 +243,7 @@ typedef struct {
+ void (*device_destroy)(ulong busNo, ulong devNo, int response);
+ void (*device_pause)(ulong busNo, ulong devNo, int response);
+ void (*device_resume)(ulong busNo, ulong devNo, int response);
+-} VISORCHIPSET_BUSDEV_RESPONDERS;
++} __no_const VISORCHIPSET_BUSDEV_RESPONDERS;
+
+ /** Register functions (in the bus driver) to get called by visorchipset
+ * whenever a bus or device appears for which this service partition is
diff --git a/drivers/staging/vt6655/hostap.c b/drivers/staging/vt6655/hostap.c
index 164136b..7244df5 100644
--- a/drivers/staging/vt6655/hostap.c
login->tgt_agt = sbp_target_agent_register(login);
if (IS_ERR(login->tgt_agt)) {
diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c
-index 98da901..bb443e8 100644
+index 15a1c13..6c9b96b 100644
--- a/drivers/target/target_core_device.c
+++ b/drivers/target/target_core_device.c
-@@ -1525,7 +1525,7 @@ struct se_device *target_alloc_device(struct se_hba *hba, const char *name)
+@@ -1526,7 +1526,7 @@ struct se_device *target_alloc_device(struct se_hba *hba, const char *name)
spin_lock_init(&dev->se_tmr_lock);
spin_lock_init(&dev->qf_cmd_lock);
sema_init(&dev->caw_sem, 1);
spin_lock_init(&dev->t10_wwn.t10_vpd_lock);
INIT_LIST_HEAD(&dev->t10_pr.registration_list);
diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c
-index 7fa62fc..abdd041 100644
+index ab61014..8f1116e 100644
--- a/drivers/target/target_core_transport.c
+++ b/drivers/target/target_core_transport.c
@@ -1165,7 +1165,7 @@ transport_check_alloc_task_attr(struct se_cmd *cmd)
/* This is only available if kgdboc is a built in for early debugging */
static int __init kgdboc_early_init(char *opt)
diff --git a/drivers/tty/serial/msm_serial.c b/drivers/tty/serial/msm_serial.c
-index 0da0b54..80ae306 100644
+index 077570a..12550a9 100644
--- a/drivers/tty/serial/msm_serial.c
+++ b/drivers/tty/serial/msm_serial.c
-@@ -989,7 +989,7 @@ static struct uart_driver msm_uart_driver = {
+@@ -981,7 +981,7 @@ static struct uart_driver msm_uart_driver = {
.cons = MSM_CONSOLE,
};
static const struct of_device_id msm_uartdm_table[] = {
{ .compatible = "qcom,msm-uartdm-v1.1", .data = (void *)UARTDM_1P1 },
-@@ -1008,7 +1008,7 @@ static int msm_serial_probe(struct platform_device *pdev)
+@@ -1000,7 +1000,7 @@ static int msm_serial_probe(struct platform_device *pdev)
int irq;
if (pdev->id == -1)
if (cfg->uart_flags & UPF_CONS_FLOW) {
diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c
-index 29a7be4..0144e62 100644
+index 0f03988..8a8038d 100644
--- a/drivers/tty/serial/serial_core.c
+++ b/drivers/tty/serial/serial_core.c
@@ -1343,7 +1343,7 @@ static void uart_close(struct tty_struct *tty, struct file *filp)
if (get_user(c, buf))
diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
-index 8fbad34..0db0a39 100644
+index 848c17a..e930437 100644
--- a/drivers/tty/tty_io.c
+++ b/drivers/tty/tty_io.c
-@@ -3464,7 +3464,7 @@ EXPORT_SYMBOL_GPL(get_current_tty);
+@@ -3469,7 +3469,7 @@ EXPORT_SYMBOL_GPL(get_current_tty);
void tty_default_fops(struct file_operations *fops)
{
dev->rawdescriptors[i] + (*ppos - pos),
min(len, alloclen))) {
diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c
-index 487abcf..06226dc 100644
+index 258e6fe..9ea48d7 100644
--- a/drivers/usb/core/hcd.c
+++ b/drivers/usb/core/hcd.c
@@ -1550,7 +1550,7 @@ int usb_hcd_submit_urb (struct urb *urb, gfp_t mem_flags)
wake_up(&usb_kill_urb_queue);
usb_put_urb(urb);
diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
-index dc84915..cdb6624 100644
+index 674c262..71fdd90 100644
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -27,6 +27,7 @@
#include <asm/uaccess.h>
#include <asm/byteorder.h>
-@@ -4662,6 +4663,10 @@ static void hub_port_connect(struct usb_hub *hub, int port1, u16 portstatus,
+@@ -4665,6 +4666,10 @@ static void hub_port_connect(struct usb_hub *hub, int port1, u16 portstatus,
goto done;
return;
}
INIT_LIST_HEAD(&dev->ep0.urb_list);
dev->ep0.desc.bLength = USB_DT_ENDPOINT_SIZE;
-diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c
-index 490a6ca..1f8364d 100644
---- a/drivers/usb/dwc3/gadget.c
-+++ b/drivers/usb/dwc3/gadget.c
-@@ -615,8 +615,6 @@ static int __dwc3_gadget_ep_enable(struct dwc3_ep *dep,
- if (!usb_endpoint_xfer_isoc(desc))
- return 0;
-
-- memset(&trb_link, 0, sizeof(trb_link));
--
- /* Link TRB for ISOC. The HWO bit is never reset */
- trb_st_hw = &dep->trb_pool[0];
-
diff --git a/drivers/usb/early/ehci-dbgp.c b/drivers/usb/early/ehci-dbgp.c
index 8cfc319..4868255 100644
--- a/drivers/usb/early/ehci-dbgp.c
spin_lock_init(&delayed_root->lock);
init_waitqueue_head(&delayed_root->wait);
diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
-index 8a8e298..9f904ad 100644
+index b765d41..5a8b0c3 100644
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
-@@ -3939,9 +3939,12 @@ static long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
+@@ -3975,9 +3975,12 @@ static long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
for (i = 0; i < num_types; i++) {
struct btrfs_space_info *tmp;
info = NULL;
rcu_read_lock();
list_for_each_entry_rcu(tmp, &root->fs_info->space_info,
-@@ -3963,10 +3966,7 @@ static long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
+@@ -3999,10 +4002,7 @@ static long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
memcpy(dest, &space, sizeof(space));
dest++;
space_args.total_spaces++;
static inline int btrfs_need_log_full_commit(struct btrfs_fs_info *fs_info,
diff --git a/fs/buffer.c b/fs/buffer.c
-index 3588a80..3d038a9 100644
+index 72daaa5..60ffeb9 100644
--- a/fs/buffer.c
+++ b/fs/buffer.c
-@@ -2318,6 +2318,11 @@ static int cont_expand_zero(struct file *file, struct address_space *mapping,
- err = 0;
-
- balance_dirty_pages_ratelimited(mapping);
-+
-+ if (unlikely(fatal_signal_pending(current))) {
-+ err = -EINTR;
-+ goto out;
-+ }
- }
-
- /* page covers the boundary, find the boundary offset */
-@@ -3424,7 +3429,7 @@ void __init buffer_init(void)
+@@ -3432,7 +3432,7 @@ void __init buffer_init(void)
bh_cachep = kmem_cache_create("buffer_head",
sizeof(struct buffer_head), 0,
(SLAB_RECLAIM_ACCOUNT|SLAB_PANIC|
return 0;
while (nr) {
diff --git a/fs/dcache.c b/fs/dcache.c
-index cb25a1a..8060de0 100644
+index 34b40be8..2003532 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -478,7 +478,7 @@ static void __dentry_kill(struct dentry *dentry)
d_lru_isolate(dentry);
spin_unlock(&dentry->d_lock);
return LRU_REMOVED;
-@@ -1255,7 +1255,7 @@ static enum d_walk_ret select_collect(void *_data, struct dentry *dentry)
+@@ -1149,6 +1149,7 @@ out_unlock:
+ return;
+
+ rename_retry:
++ done_seqretry(&rename_lock, seq);
+ if (!retry)
+ return;
+ seq = 1;
+@@ -1255,7 +1256,7 @@ static enum d_walk_ret select_collect(void *_data, struct dentry *dentry)
} else {
if (dentry->d_flags & DCACHE_LRU_LIST)
d_lru_del(dentry);
d_shrink_add(dentry, &data->dispose);
data->found++;
}
-@@ -1303,7 +1303,7 @@ static enum d_walk_ret umount_check(void *_data, struct dentry *dentry)
+@@ -1303,7 +1304,7 @@ static enum d_walk_ret umount_check(void *_data, struct dentry *dentry)
return D_WALK_CONTINUE;
/* root with refcount 1 is fine */
return D_WALK_CONTINUE;
printk(KERN_ERR "BUG: Dentry %p{i=%lx,n=%pd} "
-@@ -1312,7 +1312,7 @@ static enum d_walk_ret umount_check(void *_data, struct dentry *dentry)
+@@ -1312,7 +1313,7 @@ static enum d_walk_ret umount_check(void *_data, struct dentry *dentry)
dentry->d_inode ?
dentry->d_inode->i_ino : 0UL,
dentry,
dentry->d_sb->s_type->name,
dentry->d_sb->s_id);
WARN_ON(1);
-@@ -1438,7 +1438,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name)
+@@ -1438,7 +1439,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name)
*/
dentry->d_iname[DNAME_INLINE_LEN-1] = 0;
if (name->len > DNAME_INLINE_LEN-1) {
if (!dname) {
kmem_cache_free(dentry_cache, dentry);
return NULL;
-@@ -1456,7 +1456,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name)
+@@ -1456,7 +1457,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name)
smp_wmb();
dentry->d_name.name = dname;
dentry->d_flags = 0;
spin_lock_init(&dentry->d_lock);
seqcount_init(&dentry->d_seq);
-@@ -2196,7 +2196,7 @@ struct dentry *__d_lookup(const struct dentry *parent, const struct qstr *name)
+@@ -2196,7 +2197,7 @@ struct dentry *__d_lookup(const struct dentry *parent, const struct qstr *name)
goto next;
}
found = dentry;
spin_unlock(&dentry->d_lock);
break;
-@@ -2295,7 +2295,7 @@ again:
+@@ -2295,7 +2296,7 @@ again:
spin_lock(&dentry->d_lock);
inode = dentry->d_inode;
isdir = S_ISDIR(inode->i_mode);
if (!spin_trylock(&inode->i_lock)) {
spin_unlock(&dentry->d_lock);
cpu_relax();
-@@ -2675,11 +2675,13 @@ struct dentry *d_splice_alias(struct inode *inode, struct dentry *dentry)
- if (!IS_ROOT(new)) {
- spin_unlock(&inode->i_lock);
- dput(new);
-+ iput(inode);
- return ERR_PTR(-EIO);
- }
- if (d_ancestor(new, dentry)) {
- spin_unlock(&inode->i_lock);
- dput(new);
-+ iput(inode);
- return ERR_PTR(-EIO);
- }
- write_seqlock(&rename_lock);
-@@ -3300,7 +3302,7 @@ static enum d_walk_ret d_genocide_kill(void *data, struct dentry *dentry)
+@@ -3307,7 +3308,7 @@ static enum d_walk_ret d_genocide_kill(void *data, struct dentry *dentry)
if (!(dentry->d_flags & DCACHE_GENOCIDE)) {
dentry->d_flags |= DCACHE_GENOCIDE;
}
}
return D_WALK_CONTINUE;
-@@ -3416,7 +3418,8 @@ void __init vfs_caches_init(unsigned long mempages)
+@@ -3423,7 +3424,8 @@ void __init vfs_caches_init(unsigned long mempages)
mempages -= reserve;
names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0,
}
EXPORT_SYMBOL_GPL(debugfs_create_dir);
diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
-index d4a9431..77f9b2e 100644
+index 57ee4c5..ecb13b0 100644
--- a/fs/ecryptfs/inode.c
+++ b/fs/ecryptfs/inode.c
@@ -673,7 +673,7 @@ static char *ecryptfs_readlink_lower(struct dentry *dentry, size_t *bufsiz)
static int
diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c
-index 581ef40..cec52d7 100644
+index e069155..b825b08 100644
--- a/fs/ext4/balloc.c
+++ b/fs/ext4/balloc.c
-@@ -553,8 +553,8 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi,
+@@ -557,8 +557,8 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi,
/* Hm, nope. Are (enough) root reserved clusters available? */
if (uid_eq(sbi->s_resuid, current_fsuid()) ||
(!gid_eq(sbi->s_resgid, GLOBAL_ROOT_GID) && in_group_p(sbi->s_resgid)) ||
if (free_clusters >= (nclusters + dirty_clusters +
resv_clusters))
diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
-index b0c225c..0e69bd7 100644
+index 96ac9d3..1c30e7e6 100644
--- a/fs/ext4/ext4.h
+++ b/fs/ext4/ext4.h
@@ -1275,19 +1275,19 @@ struct ext4_sb_info {
return 0;
diff --git a/fs/ext4/mmp.c b/fs/ext4/mmp.c
-index 32bce84..112d969 100644
+index 8313ca3..8a37d08 100644
--- a/fs/ext4/mmp.c
+++ b/fs/ext4/mmp.c
-@@ -113,7 +113,7 @@ static int read_mmp_block(struct super_block *sb, struct buffer_head **bh,
+@@ -111,7 +111,7 @@ static int read_mmp_block(struct super_block *sb, struct buffer_head **bh,
void __dump_mmp_msg(struct super_block *sb, struct mmp_struct *mmp,
const char *function, unsigned int line, const char *msg)
{
"MMP failure info: last update time: %llu, last update "
"node: %s, last update device: %s\n",
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
-index 0b28b36..b85d0f53 100644
+index b1f0ac7..77e9a05 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
-@@ -1276,7 +1276,7 @@ static ext4_fsblk_t get_sb_block(void **data)
+@@ -1274,7 +1274,7 @@ static ext4_fsblk_t get_sb_block(void **data)
}
#define DEFAULT_JOURNAL_IOPRIO (IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 3))
"Contact linux-ext4@vger.kernel.org if you think we should keep it.\n";
#ifdef CONFIG_QUOTA
-@@ -2460,7 +2460,7 @@ struct ext4_attr {
+@@ -2454,7 +2454,7 @@ struct ext4_attr {
int offset;
int deprecated_val;
} u;
static int parse_strtoull(const char *buf,
unsigned long long max, unsigned long long *value)
diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c
-index e738733..9843a6c 100644
+index 2d1e5803..1b082d415 100644
--- a/fs/ext4/xattr.c
+++ b/fs/ext4/xattr.c
-@@ -386,7 +386,7 @@ static int
+@@ -399,7 +399,7 @@ static int
ext4_xattr_list_entries(struct dentry *dentry, struct ext4_xattr_entry *entry,
char *buffer, size_t buffer_size)
{
for (; !IS_LAST_ENTRY(entry); entry = EXT4_XATTR_NEXT(entry)) {
const struct xattr_handler *handler =
-@@ -403,9 +403,10 @@ ext4_xattr_list_entries(struct dentry *dentry, struct ext4_xattr_entry *entry,
+@@ -416,9 +416,10 @@ ext4_xattr_list_entries(struct dentry *dentry, struct ext4_xattr_entry *entry,
buffer += size;
}
rest -= size;
jffs2_prealloc_raw_node_refs(c, jeb, 1);
diff --git a/fs/jffs2/wbuf.c b/fs/jffs2/wbuf.c
-index a6597d6..41b30ec 100644
+index 09ed551..45684f8 100644
--- a/fs/jffs2/wbuf.c
+++ b/fs/jffs2/wbuf.c
@@ -1023,7 +1023,8 @@ static const struct jffs2_unknown_node oob_cleanmarker =
#define MNT_NS_INTERNAL ERR_PTR(-EINVAL) /* distinct from any mnt_namespace */
diff --git a/fs/namei.c b/fs/namei.c
-index a7b05bf..9b251d4 100644
+index bb02687..79cba2c 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -331,17 +331,32 @@ int generic_permission(struct inode *inode, int mask)
error = -EISDIR;
if ((open_flag & O_CREAT) && d_is_dir(nd->path.dentry))
goto out;
-@@ -3206,7 +3298,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,
+@@ -3207,7 +3299,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,
if (unlikely(error))
goto out;
while (unlikely(error > 0)) { /* trailing symlink */
struct path link = path;
void *cookie;
-@@ -3224,7 +3316,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,
+@@ -3225,7 +3317,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,
error = follow_link(&link, nd, &cookie);
if (unlikely(error))
break;
put_link(nd, &link, cookie);
}
out:
-@@ -3324,9 +3416,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname,
+@@ -3325,9 +3417,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname,
goto unlock;
error = -EEXIST;
/*
* Special case - lookup gave negative, but... we had foo/bar/
* From the vfs_mknod() POV we just have a negative dentry -
-@@ -3378,6 +3472,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname,
+@@ -3379,6 +3473,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname,
}
EXPORT_SYMBOL(user_path_create);
int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
{
int error = may_create(dir, dentry);
-@@ -3441,6 +3549,17 @@ retry:
+@@ -3442,6 +3550,17 @@ retry:
if (!IS_POSIXACL(path.dentry->d_inode))
mode &= ~current_umask();
error = security_path_mknod(&path, dentry, mode, dev);
if (error)
goto out;
-@@ -3456,6 +3575,8 @@ retry:
+@@ -3457,6 +3576,8 @@ retry:
error = vfs_mknod(path.dentry->d_inode,dentry,mode,0);
break;
}
out:
done_path_create(&path, dentry);
if (retry_estale(error, lookup_flags)) {
-@@ -3510,9 +3631,16 @@ retry:
+@@ -3511,9 +3632,16 @@ retry:
if (!IS_POSIXACL(path.dentry->d_inode))
mode &= ~current_umask();
done_path_create(&path, dentry);
if (retry_estale(error, lookup_flags)) {
lookup_flags |= LOOKUP_REVAL;
-@@ -3595,6 +3723,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
+@@ -3596,6 +3724,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
struct filename *name;
struct dentry *dentry;
struct nameidata nd;
unsigned int lookup_flags = 0;
retry:
name = user_path_parent(dfd, pathname, &nd, lookup_flags);
-@@ -3627,10 +3757,21 @@ retry:
+@@ -3628,10 +3758,21 @@ retry:
error = -ENOENT;
goto exit3;
}
exit3:
dput(dentry);
exit2:
-@@ -3721,6 +3862,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
+@@ -3722,6 +3863,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
struct nameidata nd;
struct inode *inode = NULL;
struct inode *delegated_inode = NULL;
unsigned int lookup_flags = 0;
retry:
name = user_path_parent(dfd, pathname, &nd, lookup_flags);
-@@ -3747,10 +3890,22 @@ retry_deleg:
+@@ -3748,10 +3891,22 @@ retry_deleg:
if (d_is_negative(dentry))
goto slashes;
ihold(inode);
exit2:
dput(dentry);
}
-@@ -3839,9 +3994,17 @@ retry:
+@@ -3840,9 +3995,17 @@ retry:
if (IS_ERR(dentry))
goto out_putname;
done_path_create(&path, dentry);
if (retry_estale(error, lookup_flags)) {
lookup_flags |= LOOKUP_REVAL;
-@@ -3945,6 +4108,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
+@@ -3946,6 +4109,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
struct dentry *new_dentry;
struct path old_path, new_path;
struct inode *delegated_inode = NULL;
int how = 0;
int error;
-@@ -3968,7 +4132,7 @@ retry:
+@@ -3969,7 +4133,7 @@ retry:
if (error)
return error;
(how & LOOKUP_REVAL));
error = PTR_ERR(new_dentry);
if (IS_ERR(new_dentry))
-@@ -3980,11 +4144,28 @@ retry:
+@@ -3981,11 +4145,28 @@ retry:
error = may_linkat(&old_path);
if (unlikely(error))
goto out_dput;
done_path_create(&new_path, new_dentry);
if (delegated_inode) {
error = break_deleg_wait(&delegated_inode);
-@@ -4295,6 +4476,12 @@ retry_deleg:
+@@ -4296,6 +4477,12 @@ retry_deleg:
if (new_dentry == trap)
goto exit5;
error = security_path_rename(&oldnd.path, old_dentry,
&newnd.path, new_dentry, flags);
if (error)
-@@ -4302,6 +4489,9 @@ retry_deleg:
+@@ -4303,6 +4490,9 @@ retry_deleg:
error = vfs_rename(old_dir->d_inode, old_dentry,
new_dir->d_inode, new_dentry,
&delegated_inode, flags);
exit5:
dput(new_dentry);
exit4:
-@@ -4344,14 +4534,24 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna
+@@ -4345,14 +4535,24 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna
int readlink_copy(char __user *buffer, int buflen, const char *link)
{
out:
return len;
diff --git a/fs/namespace.c b/fs/namespace.c
-index ef42d9b..b8dfe4f 100644
+index 550dbff..c4ad324 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
-@@ -1360,6 +1360,9 @@ static int do_umount(struct mount *mnt, int flags)
+@@ -1362,6 +1362,9 @@ static int do_umount(struct mount *mnt, int flags)
if (!(sb->s_flags & MS_RDONLY))
retval = do_remount_sb(sb, MS_RDONLY, NULL, 0);
up_write(&sb->s_umount);
return retval;
}
-@@ -1382,6 +1385,9 @@ static int do_umount(struct mount *mnt, int flags)
+@@ -1384,6 +1387,9 @@ static int do_umount(struct mount *mnt, int flags)
}
unlock_mount_hash();
namespace_unlock();
return retval;
}
-@@ -1401,7 +1407,7 @@ static inline bool may_mount(void)
+@@ -1403,7 +1409,7 @@ static inline bool may_mount(void)
* unixes. Our API is identical to OSF/1 to avoid making a mess of AMD
*/
{
struct path path;
struct mount *mnt;
-@@ -1443,7 +1449,7 @@ out:
+@@ -1445,7 +1451,7 @@ out:
/*
* The 2.0 compatible umount. No flags.
*/
{
return sys_umount(name, 0);
}
-@@ -2492,6 +2498,16 @@ long do_mount(const char *dev_name, const char *dir_name,
+@@ -2494,6 +2500,16 @@ long do_mount(const char *dev_name, const char *dir_name,
MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT |
MS_STRICTATIME);
if (flags & MS_REMOUNT)
retval = do_remount(&path, flags & ~MS_REMOUNT, mnt_flags,
data_page);
-@@ -2506,6 +2522,9 @@ long do_mount(const char *dev_name, const char *dir_name,
+@@ -2508,6 +2524,9 @@ long do_mount(const char *dev_name, const char *dir_name,
dev_name, data_page);
dput_out:
path_put(&path);
return retval;
}
-@@ -2523,7 +2542,7 @@ static void free_mnt_ns(struct mnt_namespace *ns)
+@@ -2525,7 +2544,7 @@ static void free_mnt_ns(struct mnt_namespace *ns)
* number incrementing at 10Ghz will take 12,427 years to wrap which
* is effectively never, so we can ignore the possibility.
*/
static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns)
{
-@@ -2538,7 +2557,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns)
+@@ -2540,7 +2559,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns)
kfree(new_ns);
return ERR_PTR(ret);
}
atomic_set(&new_ns->count, 1);
new_ns->root = NULL;
INIT_LIST_HEAD(&new_ns->list);
-@@ -2548,7 +2567,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns)
+@@ -2550,7 +2569,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns)
return new_ns;
}
struct user_namespace *user_ns, struct fs_struct *new_fs)
{
struct mnt_namespace *new_ns;
-@@ -2669,8 +2688,8 @@ struct dentry *mount_subtree(struct vfsmount *mnt, const char *name)
+@@ -2671,8 +2690,8 @@ struct dentry *mount_subtree(struct vfsmount *mnt, const char *name)
}
EXPORT_SYMBOL(mount_subtree);
{
int ret;
char *kernel_type;
-@@ -2783,6 +2802,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root,
+@@ -2785,6 +2804,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root,
if (error)
goto out2;
get_fs_root(current->fs, &root);
old_mp = lock_mount(&old);
error = PTR_ERR(old_mp);
-@@ -2820,6 +2844,9 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root,
- /* make sure we can reach put_old from new_root */
- if (!is_path_reachable(old_mnt, old.dentry, &new))
- goto out4;
-+ /* make certain new is below the root */
-+ if (!is_path_reachable(new_mnt, new.dentry, &root))
-+ goto out4;
- root_mp->m_count++; /* pin it so it won't go away */
- lock_mount_hash();
- detach_mnt(new_mnt, &parent_path);
-@@ -3051,7 +3078,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns)
+@@ -3056,7 +3080,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns)
!ns_capable(current_user_ns(), CAP_SYS_ADMIN))
return -EPERM;
static struct callback_op callback_ops[];
diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c
-index 577a36f..1cde799 100644
+index 0689aa5..299386e 100644
--- a/fs/nfs/inode.c
+++ b/fs/nfs/inode.c
@@ -1228,16 +1228,16 @@ static int nfs_size_need_update(const struct inode *inode, const struct nfs_fatt
void nfs_fattr_init(struct nfs_fattr *fattr)
diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
-index 5e0dc52..64681bc 100644
+index 1d3cb47..2b8ed89 100644
--- a/fs/nfsd/nfs4proc.c
+++ b/fs/nfsd/nfs4proc.c
@@ -1155,7 +1155,7 @@ struct nfsd4_operation {
static struct nfsd4_operation nfsd4_ops[];
diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
-index b01f6e1..4aab09a 100644
+index 353aac8..32035ee 100644
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c
@@ -1534,7 +1534,7 @@ nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p)
break;
case RC_REPLBUFF:
diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
-index f501a9b..8155556 100644
+index 6ab077b..5ac7f0b 100644
--- a/fs/nfsd/vfs.c
+++ b/fs/nfsd/vfs.c
@@ -855,7 +855,7 @@ __be32 nfsd_readv(struct file *file, loff_t offset, struct kvec *vec, int vlen,
}
diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c
-index b13992a..536c8d8 100644
+index c991616..5ae51af 100644
--- a/fs/notify/fanotify/fanotify_user.c
+++ b/fs/notify/fanotify/fanotify_user.c
@@ -216,8 +216,8 @@ static ssize_t copy_event_to_user(struct fsnotify_group *group,
bail:
if (handle)
+diff --git a/fs/ocfs2/namei.c b/fs/ocfs2/namei.c
+index 8add6f1..b931e04 100644
+--- a/fs/ocfs2/namei.c
++++ b/fs/ocfs2/namei.c
+@@ -158,7 +158,7 @@ bail_add:
+ * NOTE: This dentry already has ->d_op set from
+ * ocfs2_get_parent() and ocfs2_get_dentry()
+ */
+- if (ret)
++ if (!IS_ERR_OR_NULL(ret))
+ dentry = ret;
+
+ status = ocfs2_dentry_attach_lock(dentry, inode,
diff --git a/fs/ocfs2/ocfs2.h b/fs/ocfs2/ocfs2.h
index bbec539..7b266d5 100644
--- a/fs/ocfs2/ocfs2.h
generic_fillattr(inode, stat);
return 0;
-diff --git a/fs/super.c b/fs/super.c
-index b9a214d..6f8c954 100644
---- a/fs/super.c
-+++ b/fs/super.c
-@@ -80,6 +80,8 @@ static unsigned long super_cache_scan(struct shrinker *shrink,
- inodes = list_lru_count_node(&sb->s_inode_lru, sc->nid);
- dentries = list_lru_count_node(&sb->s_dentry_lru, sc->nid);
- total_objects = dentries + inodes + fs_objects + 1;
-+ if (!total_objects)
-+ total_objects = 1;
-
- /* proportion the scan between the caches */
- dentries = mult_frac(sc->nr_to_scan, dentries, total_objects);
diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c
index 0b45ff4..847de5b 100644
--- a/fs/sysfs/dir.c
copy_to_user(hreq->ohandlen, &hsize, sizeof(__s32)))
goto out_put;
+diff --git a/fs/xfs/xfs_linux.h b/fs/xfs/xfs_linux.h
+index d10dc8f..56b3430 100644
+--- a/fs/xfs/xfs_linux.h
++++ b/fs/xfs/xfs_linux.h
+@@ -230,7 +230,7 @@ static inline kgid_t xfs_gid_to_kgid(__uint32_t gid)
+ * of the compiler which do not like us using do_div in the middle
+ * of large functions.
+ */
+-static inline __u32 xfs_do_div(void *a, __u32 b, int n)
++static inline __u32 __intentional_overflow(-1) xfs_do_div(void *a, __u32 b, int n)
+ {
+ __u32 mod;
+
+@@ -286,7 +286,7 @@ static inline __u32 xfs_do_mod(void *a, __u32 b, int n)
+ return 0;
+ }
+ #else
+-static inline __u32 xfs_do_div(void *a, __u32 b, int n)
++static inline __u32 __intentional_overflow(-1) xfs_do_div(void *a, __u32 b, int n)
+ {
+ __u32 mod;
+
diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig
new file mode 100644
index 0000000..f27264e
if (sizeof(l) == 4)
return fls(l);
diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h
-index 518b465..11953e6 100644
+index f2057ff8..59dfa2d 100644
--- a/include/linux/blkdev.h
+++ b/include/linux/blkdev.h
-@@ -1627,7 +1627,7 @@ struct block_device_operations {
+@@ -1625,7 +1625,7 @@ struct block_device_operations {
/* this callback is with swap_lock and sometimes page table lock held */
void (*swap_slot_free_notify) (struct block_device *, unsigned long);
struct module *owner;
/**
* struct clk_init_data - holds init data that's common to all clocks and is
-diff --git a/include/linux/clocksource.h b/include/linux/clocksource.h
-index 653f0e2..abcafaa 100644
---- a/include/linux/clocksource.h
-+++ b/include/linux/clocksource.h
-@@ -287,7 +287,7 @@ extern struct clocksource* clocksource_get_next(void);
- extern void clocksource_change_rating(struct clocksource *cs, int rating);
- extern void clocksource_suspend(void);
- extern void clocksource_resume(void);
--extern struct clocksource * __init __weak clocksource_default_clock(void);
-+extern struct clocksource * __init clocksource_default_clock(void);
- extern void clocksource_mark_unstable(struct clocksource *cs);
-
- extern u64
diff --git a/include/linux/compat.h b/include/linux/compat.h
index e649426..a74047b 100644
--- a/include/linux/compat.h
int cpumask_any_but(const struct cpumask *mask, unsigned int cpu);
int cpumask_set_cpu_local_first(int i, int numa_node, cpumask_t *dstp);
-diff --git a/include/linux/crash_dump.h b/include/linux/crash_dump.h
-index 72ab536..3849fce 100644
---- a/include/linux/crash_dump.h
-+++ b/include/linux/crash_dump.h
-@@ -14,14 +14,13 @@
- extern unsigned long long elfcorehdr_addr;
- extern unsigned long long elfcorehdr_size;
-
--extern int __weak elfcorehdr_alloc(unsigned long long *addr,
-- unsigned long long *size);
--extern void __weak elfcorehdr_free(unsigned long long addr);
--extern ssize_t __weak elfcorehdr_read(char *buf, size_t count, u64 *ppos);
--extern ssize_t __weak elfcorehdr_read_notes(char *buf, size_t count, u64 *ppos);
--extern int __weak remap_oldmem_pfn_range(struct vm_area_struct *vma,
-- unsigned long from, unsigned long pfn,
-- unsigned long size, pgprot_t prot);
-+extern int elfcorehdr_alloc(unsigned long long *addr, unsigned long long *size);
-+extern void elfcorehdr_free(unsigned long long addr);
-+extern ssize_t elfcorehdr_read(char *buf, size_t count, u64 *ppos);
-+extern ssize_t elfcorehdr_read_notes(char *buf, size_t count, u64 *ppos);
-+extern int remap_oldmem_pfn_range(struct vm_area_struct *vma,
-+ unsigned long from, unsigned long pfn,
-+ unsigned long size, pgprot_t prot);
-
- extern ssize_t copy_oldmem_page(unsigned long, char *, size_t,
- unsigned long, int);
diff --git a/include/linux/cred.h b/include/linux/cred.h
index b2d0820..2ecafd3 100644
--- a/include/linux/cred.h
extern struct key_type key_type_keyring;
diff --git a/include/linux/kgdb.h b/include/linux/kgdb.h
-index 6b06d37..19f605f 100644
+index e465bb1..19f605f 100644
--- a/include/linux/kgdb.h
+++ b/include/linux/kgdb.h
@@ -52,7 +52,7 @@ extern int kgdb_connected;
/**
* struct kgdb_io - Describe the interface for an I/O driver to talk with KGDB.
-@@ -279,11 +279,11 @@ struct kgdb_io {
+@@ -279,7 +279,7 @@ struct kgdb_io {
void (*pre_exception) (void);
void (*post_exception) (void);
int is_console;
extern struct kgdb_arch arch_kgdb_ops;
--extern unsigned long __weak kgdb_arch_pc(int exception, struct pt_regs *regs);
-+extern unsigned long kgdb_arch_pc(int exception, struct pt_regs *regs);
-
- #ifdef CONFIG_SERIAL_KGDB_NMI
- extern int kgdb_register_nmi_console(void);
diff --git a/include/linux/kmod.h b/include/linux/kmod.h
index 0555cc6..40116ce 100644
--- a/include/linux/kmod.h
{
u32 remainder;
return div_u64_rem(dividend, divisor, &remainder);
-diff --git a/include/linux/memory.h b/include/linux/memory.h
-index bb7384e..8b8d8d1 100644
---- a/include/linux/memory.h
-+++ b/include/linux/memory.h
-@@ -35,7 +35,7 @@ struct memory_block {
- };
-
- int arch_get_memory_phys_device(unsigned long start_pfn);
--unsigned long __weak memory_block_size_bytes(void);
-+unsigned long memory_block_size_bytes(void);
-
- /* These states are exposed to userspace as text strings in sysfs */
- #define MEM_ONLINE (1<<0) /* exposed to userspace */
diff --git a/include/linux/mempolicy.h b/include/linux/mempolicy.h
index f230a97..714c006 100644
--- a/include/linux/mempolicy.h
static inline int
vma_dup_policy(struct vm_area_struct *src, struct vm_area_struct *dst)
diff --git a/include/linux/mm.h b/include/linux/mm.h
-index 8981cc8..76fd8c2 100644
+index f952cc8..b9f6135 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -127,6 +127,11 @@ extern unsigned int kobjsize(const void *objp);
struct mmu_gather;
struct inode;
-@@ -1144,8 +1150,8 @@ int follow_pfn(struct vm_area_struct *vma, unsigned long address,
+@@ -1163,8 +1169,8 @@ int follow_pfn(struct vm_area_struct *vma, unsigned long address,
unsigned long *pfn);
int follow_phys(struct vm_area_struct *vma, unsigned long address,
unsigned int flags, unsigned long *prot, resource_size_t *phys);
static inline void unmap_shared_mapping_range(struct address_space *mapping,
loff_t const holebegin, loff_t const holelen)
-@@ -1184,9 +1190,9 @@ static inline int fixup_user_fault(struct task_struct *tsk,
+@@ -1204,9 +1210,9 @@ static inline int fixup_user_fault(struct task_struct *tsk,
}
#endif
long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
unsigned long start, unsigned long nr_pages,
-@@ -1219,34 +1225,6 @@ int set_page_dirty_lock(struct page *page);
+@@ -1238,34 +1244,6 @@ int set_page_dirty_lock(struct page *page);
int clear_page_dirty_for_io(struct page *page);
int get_cmdline(struct task_struct *task, char *buffer, int buflen);
extern pid_t
vm_is_stack(struct task_struct *task, struct vm_area_struct *vma, int in_group);
-@@ -1346,6 +1324,15 @@ static inline void sync_mm_rss(struct mm_struct *mm)
+@@ -1365,6 +1343,15 @@ static inline void sync_mm_rss(struct mm_struct *mm)
}
#endif
int vma_wants_writenotify(struct vm_area_struct *vma);
extern pte_t *__get_locked_pte(struct mm_struct *mm, unsigned long addr,
-@@ -1364,8 +1351,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd,
+@@ -1383,8 +1370,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd,
{
return 0;
}
#endif
#ifdef __PAGETABLE_PMD_FOLDED
-@@ -1374,8 +1368,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud,
+@@ -1393,8 +1387,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud,
{
return 0;
}
#endif
int __pte_alloc(struct mm_struct *mm, struct vm_area_struct *vma,
-@@ -1393,11 +1394,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a
+@@ -1412,11 +1413,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a
NULL: pud_offset(pgd, address);
}
#endif /* CONFIG_MMU && !__ARCH_HAS_4LEVEL_HACK */
#if USE_SPLIT_PTE_PTLOCKS
-@@ -1796,7 +1809,7 @@ extern int install_special_mapping(struct mm_struct *mm,
+@@ -1815,7 +1828,7 @@ extern int install_special_mapping(struct mm_struct *mm,
unsigned long addr, unsigned long len,
unsigned long flags, struct page **pages);
extern unsigned long mmap_region(struct file *file, unsigned long addr,
unsigned long len, vm_flags_t vm_flags, unsigned long pgoff);
-@@ -1804,6 +1817,7 @@ extern unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
+@@ -1823,6 +1836,7 @@ extern unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
unsigned long len, unsigned long prot, unsigned long flags,
unsigned long pgoff, unsigned long *populate);
extern int do_munmap(struct mm_struct *, unsigned long, size_t);
#ifdef CONFIG_MMU
extern int __mm_populate(unsigned long addr, unsigned long len,
-@@ -1832,10 +1846,11 @@ struct vm_unmapped_area_info {
+@@ -1851,10 +1865,11 @@ struct vm_unmapped_area_info {
unsigned long high_limit;
unsigned long align_mask;
unsigned long align_offset;
/*
* Search for an unmapped address range.
-@@ -1847,7 +1862,7 @@ extern unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info);
+@@ -1866,7 +1881,7 @@ extern unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info);
* - satisfies (begin_addr & align_mask) == (align_offset & align_mask)
*/
static inline unsigned long
{
if (!(info->flags & VM_UNMAPPED_AREA_TOPDOWN))
return unmapped_area(info);
-@@ -1909,6 +1924,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add
+@@ -1928,6 +1943,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add
extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr,
struct vm_area_struct **pprev);
/* Look up the first VMA which intersects the interval start_addr..end_addr-1,
NULL if none. Assume start_addr < end_addr. */
static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * mm, unsigned long start_addr, unsigned long end_addr)
-@@ -1937,15 +1956,6 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm,
+@@ -1956,15 +1975,6 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm,
return vma;
}
#ifdef CONFIG_NUMA_BALANCING
unsigned long change_prot_numa(struct vm_area_struct *vma,
unsigned long start, unsigned long end);
-@@ -1997,6 +2007,11 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long);
+@@ -2016,6 +2026,11 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long);
static inline void vm_stat_account(struct mm_struct *mm,
unsigned long flags, struct file *file, long pages)
{
mm->total_vm += pages;
}
#endif /* CONFIG_PROC_FS */
-@@ -2085,7 +2100,7 @@ extern int unpoison_memory(unsigned long pfn);
+@@ -2104,7 +2119,7 @@ extern int unpoison_memory(unsigned long pfn);
extern int sysctl_memory_failure_early_kill;
extern int sysctl_memory_failure_recovery;
extern void shake_page(struct page *p, int access);
extern int soft_offline_page(struct page *page, int flags);
#if defined(CONFIG_TRANSPARENT_HUGEPAGE) || defined(CONFIG_HUGETLBFS)
-@@ -2120,5 +2135,11 @@ void __init setup_nr_node_ids(void);
+@@ -2139,5 +2154,11 @@ void __init setup_nr_node_ids(void);
static inline void setup_nr_node_ids(void) {}
#endif
}
diff --git a/include/linux/mmzone.h b/include/linux/mmzone.h
-index 318df70..b74ec01 100644
+index b21bac4..94142ca 100644
--- a/include/linux/mmzone.h
+++ b/include/linux/mmzone.h
-@@ -518,7 +518,7 @@ struct zone {
+@@ -527,7 +527,7 @@ struct zone {
ZONE_PADDING(_pad3_)
/* Zone statistics */
}
diff --git a/include/linux/sched.h b/include/linux/sched.h
-index b867a4d..84f03ad 100644
+index 2b1d9e9..10ba706 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -132,6 +132,7 @@ struct fs_struct;
{
return tsk->pid;
}
-@@ -2095,6 +2209,25 @@ extern u64 sched_clock_cpu(int cpu);
+@@ -2097,6 +2211,25 @@ extern u64 sched_clock_cpu(int cpu);
extern void sched_clock_init(void);
#ifndef CONFIG_HAVE_UNSTABLE_SCHED_CLOCK
static inline void sched_clock_tick(void)
{
-@@ -2228,7 +2361,9 @@ void yield(void);
+@@ -2230,7 +2363,9 @@ void yield(void);
extern struct exec_domain default_exec_domain;
union thread_union {
unsigned long stack[THREAD_SIZE/sizeof(long)];
};
-@@ -2261,6 +2396,7 @@ extern struct pid_namespace init_pid_ns;
+@@ -2263,6 +2398,7 @@ extern struct pid_namespace init_pid_ns;
*/
extern struct task_struct *find_task_by_vpid(pid_t nr);
extern struct task_struct *find_task_by_pid_ns(pid_t nr,
struct pid_namespace *ns);
-@@ -2425,7 +2561,7 @@ extern void __cleanup_sighand(struct sighand_struct *);
+@@ -2427,7 +2563,7 @@ extern void __cleanup_sighand(struct sighand_struct *);
extern void exit_itimers(struct signal_struct *);
extern void flush_itimer_signals(void);
extern int do_execve(struct filename *,
const char __user * const __user *,
-@@ -2640,9 +2776,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
+@@ -2642,9 +2778,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
#endif
__SONET_ITEMS
#undef __HANDLE_ITEM
};
-diff --git a/include/linux/string.h b/include/linux/string.h
-index d36977e..3b42b37 100644
---- a/include/linux/string.h
-+++ b/include/linux/string.h
-@@ -132,7 +132,7 @@ int bprintf(u32 *bin_buf, size_t size, const char *fmt, ...) __printf(3, 4);
- #endif
-
- extern ssize_t memory_read_from_buffer(void *to, size_t count, loff_t *ppos,
-- const void *from, size_t available);
-+ const void *from, size_t available);
-
- /**
- * strstarts - does @str start with @prefix?
-@@ -144,7 +144,8 @@ static inline bool strstarts(const char *str, const char *prefix)
- return strncmp(str, prefix, strlen(prefix)) == 0;
- }
-
--extern size_t memweight(const void *ptr, size_t bytes);
-+size_t memweight(const void *ptr, size_t bytes);
-+void memzero_explicit(void *s, size_t count);
-
- /**
- * kbasename - return the last part of a pathname.
diff --git a/include/linux/sunrpc/addr.h b/include/linux/sunrpc/addr.h
index 07d8e53..dc934c9 100644
--- a/include/linux/sunrpc/addr.h
.combine = sctp_csum_combine,
};
diff --git a/include/net/sctp/sm.h b/include/net/sctp/sm.h
-index 7f4eeb3..37e8fe1 100644
+index 72a31db..aaa63d9 100644
--- a/include/net/sctp/sm.h
+++ b/include/net/sctp/sm.h
@@ -80,7 +80,7 @@ typedef void (sctp_timer_event_t) (unsigned long);
next_state = Reset;
return 0;
diff --git a/init/main.c b/init/main.c
-index bb1aed9..64f9745 100644
+index d0f4b59..0c4b184 100644
--- a/init/main.c
+++ b/init/main.c
@@ -98,6 +98,8 @@ extern void radix_tree_init(void);
case SHMDT:
return sys_shmdt(compat_ptr(ptr));
diff --git a/ipc/ipc_sysctl.c b/ipc/ipc_sysctl.c
-index c3f0326..d4e0579 100644
+index e8075b2..76f2c6a 100644
--- a/ipc/ipc_sysctl.c
+++ b/ipc/ipc_sysctl.c
@@ -30,7 +30,7 @@ static void *get_ipc(struct ctl_table *table)
{
- struct ctl_table ipc_table;
+ ctl_table_no_const ipc_table;
- size_t lenp_bef = *lenp;
int oldval;
int rc;
+
diff --git a/ipc/mq_sysctl.c b/ipc/mq_sysctl.c
index 68d4e95..1477ded 100644
--- a/ipc/mq_sysctl.c
if ((requested_mode & ~granted_mode & 0007) &&
!ns_capable(ns->user_ns, CAP_IPC_OWNER))
diff --git a/kernel/audit.c b/kernel/audit.c
-index ba2ff5a..c6c0deb 100644
+index 6726aa6..bb864a9 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -122,7 +122,7 @@ u32 audit_sig_sid = 0;
#ifdef CONFIG_MODULE_UNLOAD
{
diff --git a/kernel/events/core.c b/kernel/events/core.c
-index 963bf13..a78dd3e 100644
+index 658f232..32e9595 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -161,8 +161,15 @@ static struct srcu_struct pmus_srcu;
static void cpu_ctx_sched_out(struct perf_cpu_context *cpuctx,
enum event_type_t event_type);
-@@ -3034,7 +3041,7 @@ static void __perf_event_read(void *info)
+@@ -3051,7 +3058,7 @@ static void __perf_event_read(void *info)
static inline u64 perf_event_count(struct perf_event *event)
{
}
static u64 perf_event_read(struct perf_event *event)
-@@ -3410,9 +3417,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running)
+@@ -3430,9 +3437,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running)
mutex_lock(&event->child_mutex);
total += perf_event_read(event);
*enabled += event->total_time_enabled +
list_for_each_entry(child, &event->child_list, child_list) {
total += perf_event_read(child);
-@@ -3861,10 +3868,10 @@ void perf_event_update_userpage(struct perf_event *event)
+@@ -3881,10 +3888,10 @@ void perf_event_update_userpage(struct perf_event *event)
userpg->offset -= local64_read(&event->hw.prev_count);
userpg->time_enabled = enabled +
arch_perf_update_userpage(userpg, now);
-@@ -4428,7 +4435,7 @@ perf_output_sample_ustack(struct perf_output_handle *handle, u64 dump_size,
+@@ -4448,7 +4455,7 @@ perf_output_sample_ustack(struct perf_output_handle *handle, u64 dump_size,
/* Data. */
sp = perf_user_stack_pointer(regs);
dyn_size = dump_size - rem;
perf_output_skip(handle, rem);
-@@ -4519,11 +4526,11 @@ static void perf_output_read_one(struct perf_output_handle *handle,
+@@ -4539,11 +4546,11 @@ static void perf_output_read_one(struct perf_output_handle *handle,
values[n++] = perf_event_count(event);
if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) {
values[n++] = enabled +
}
if (read_format & PERF_FORMAT_ID)
values[n++] = primary_event_id(event);
-@@ -6838,7 +6845,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu,
+@@ -6858,7 +6865,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu,
event->parent = parent_event;
event->ns = get_pid_ns(task_active_pid_ns(current));
event->state = PERF_EVENT_STATE_INACTIVE;
-@@ -7117,6 +7124,11 @@ SYSCALL_DEFINE5(perf_event_open,
+@@ -7137,6 +7144,11 @@ SYSCALL_DEFINE5(perf_event_open,
if (flags & ~PERF_FLAG_ALL)
return -EINVAL;
err = perf_copy_attr(attr_uptr, &attr);
if (err)
return err;
-@@ -7469,10 +7481,10 @@ static void sync_child_event(struct perf_event *child_event,
+@@ -7489,10 +7501,10 @@ static void sync_child_event(struct perf_event *child_event,
/*
* Add back the child's count to the parent's count:
*/
else
new_fs = fs;
diff --git a/kernel/futex.c b/kernel/futex.c
-index 815d7af..3d0743b 100644
+index 22b3f1b..6820bc0 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -202,7 +202,7 @@ struct futex_pi_state {
static const struct futex_q futex_q_init = {
/* list gets initialized in queue_me()*/
-@@ -343,6 +343,8 @@ static void get_futex_key_refs(union futex_key *key)
- case FUT_OFF_MMSHARED:
- futex_get_mm(key); /* implies MB (B) */
- break;
-+ default:
-+ smp_mb(); /* explicit MB (B) */
- }
- }
-
-@@ -394,6 +396,11 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw)
+@@ -396,6 +396,11 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw)
struct page *page, *page_head;
int err, ro = 0;
/*
* The futex address must be "naturally" aligned.
*/
-@@ -593,7 +600,7 @@ static int cmpxchg_futex_value_locked(u32 *curval, u32 __user *uaddr,
+@@ -595,7 +600,7 @@ static int cmpxchg_futex_value_locked(u32 *curval, u32 __user *uaddr,
static int get_futex_value_locked(u32 *dest, u32 __user *from)
{
pagefault_disable();
ret = __copy_from_user_inatomic(dest, from, sizeof(u32));
-@@ -2998,6 +3005,7 @@ static void __init futex_detect_cmpxchg(void)
+@@ -3000,6 +3005,7 @@ static void __init futex_detect_cmpxchg(void)
{
#ifndef CONFIG_HAVE_FUTEX_CMPXCHG
u32 curval;
/*
* This will fail and we want it. Some arch implementations do
-@@ -3009,8 +3017,11 @@ static void __init futex_detect_cmpxchg(void)
+@@ -3011,8 +3017,11 @@ static void __init futex_detect_cmpxchg(void)
* implementation, the non-functional ones will return
* -ENOSYS.
*/
default:
diff --git a/kernel/module.c b/kernel/module.c
-index 03214bd2..6242887 100644
+index 1c47139..6242887 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -60,6 +60,7 @@
set_memory_ro);
}
}
-@@ -1842,7 +1861,9 @@ static void free_module(struct module *mod)
-
- /* We leave it in list to prevent duplicate loads, but make sure
- * that noone uses it while it's being deconstructed. */
-+ mutex_lock(&module_mutex);
- mod->state = MODULE_STATE_UNFORMED;
-+ mutex_unlock(&module_mutex);
-
- /* Remove dynamic debug info */
- ddebug_remove_module(mod->name);
-@@ -1863,16 +1884,19 @@ static void free_module(struct module *mod)
+@@ -1865,16 +1884,19 @@ static void free_module(struct module *mod)
/* This may be NULL, but that's OK */
unset_module_init_ro_nx(mod);
#ifdef CONFIG_MPU
update_protections(current->mm);
-@@ -1941,9 +1965,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
+@@ -1943,9 +1965,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
int ret = 0;
const struct kernel_symbol *ksym;
switch (sym[i].st_shndx) {
case SHN_COMMON:
/* Ignore common symbols */
-@@ -1968,7 +2014,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
+@@ -1970,7 +2014,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
ksym = resolve_symbol_wait(mod, info, name);
/* Ok if resolved. */
if (ksym && !IS_ERR(ksym)) {
break;
}
-@@ -1987,11 +2035,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
+@@ -1989,11 +2035,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
secbase = (unsigned long)mod_percpu(mod);
else
secbase = info->sechdrs[sym[i].st_shndx].sh_addr;
return ret;
}
-@@ -2075,22 +2132,12 @@ static void layout_sections(struct module *mod, struct load_info *info)
+@@ -2077,22 +2132,12 @@ static void layout_sections(struct module *mod, struct load_info *info)
|| s->sh_entsize != ~0UL
|| strstarts(sname, ".init"))
continue;
}
pr_debug("Init section allocation order:\n");
-@@ -2104,23 +2151,13 @@ static void layout_sections(struct module *mod, struct load_info *info)
+@@ -2106,23 +2151,13 @@ static void layout_sections(struct module *mod, struct load_info *info)
|| s->sh_entsize != ~0UL
|| !strstarts(sname, ".init"))
continue;
}
}
-@@ -2293,7 +2330,7 @@ static void layout_symtab(struct module *mod, struct load_info *info)
+@@ -2295,7 +2330,7 @@ static void layout_symtab(struct module *mod, struct load_info *info)
/* Put symbol section at end of init part of module. */
symsect->sh_flags |= SHF_ALLOC;
info->index.sym) | INIT_OFFSET_MASK;
pr_debug("\t%s\n", info->secstrings + symsect->sh_name);
-@@ -2310,13 +2347,13 @@ static void layout_symtab(struct module *mod, struct load_info *info)
+@@ -2312,13 +2347,13 @@ static void layout_symtab(struct module *mod, struct load_info *info)
}
/* Append room for core symbols at end of core part. */
info->index.str) | INIT_OFFSET_MASK;
pr_debug("\t%s\n", info->secstrings + strsect->sh_name);
}
-@@ -2334,12 +2371,14 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
+@@ -2336,12 +2371,14 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
/* Make sure we get permanent strtab: don't use info->strtab. */
mod->strtab = (void *)info->sechdrs[info->index.str].sh_addr;
src = mod->symtab;
for (ndst = i = 0; i < mod->num_symtab; i++) {
if (i == 0 ||
-@@ -2351,6 +2390,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
+@@ -2353,6 +2390,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
}
}
mod->core_num_syms = ndst;
}
#else
static inline void layout_symtab(struct module *mod, struct load_info *info)
-@@ -2384,17 +2425,33 @@ void * __weak module_alloc(unsigned long size)
+@@ -2386,17 +2425,33 @@ void * __weak module_alloc(unsigned long size)
return vmalloc_exec(size);
}
mutex_unlock(&module_mutex);
}
return ret;
-@@ -2648,7 +2705,15 @@ static struct module *setup_load_info(struct load_info *info, int flags)
+@@ -2650,7 +2705,15 @@ static struct module *setup_load_info(struct load_info *info, int flags)
mod = (void *)info->sechdrs[info->index.mod].sh_addr;
if (info->index.sym == 0) {
return ERR_PTR(-ENOEXEC);
}
-@@ -2664,8 +2729,14 @@ static struct module *setup_load_info(struct load_info *info, int flags)
+@@ -2666,8 +2729,14 @@ static struct module *setup_load_info(struct load_info *info, int flags)
static int check_modinfo(struct module *mod, struct load_info *info, int flags)
{
const char *modmagic = get_modinfo(info, "vermagic");
if (flags & MODULE_INIT_IGNORE_VERMAGIC)
modmagic = NULL;
-@@ -2690,7 +2761,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags)
+@@ -2692,7 +2761,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags)
}
/* Set up license info based on the info section */
return 0;
}
-@@ -2784,7 +2855,7 @@ static int move_module(struct module *mod, struct load_info *info)
+@@ -2786,7 +2855,7 @@ static int move_module(struct module *mod, struct load_info *info)
void *ptr;
/* Do the allocs. */
/*
* The pointer to this block is stored in the module structure
* which is inside the block. Just mark it as not being a
-@@ -2794,11 +2865,11 @@ static int move_module(struct module *mod, struct load_info *info)
+@@ -2796,11 +2865,11 @@ static int move_module(struct module *mod, struct load_info *info)
if (!ptr)
return -ENOMEM;
/*
* The pointer to this block is stored in the module structure
* which is inside the block. This block doesn't need to be
-@@ -2807,13 +2878,45 @@ static int move_module(struct module *mod, struct load_info *info)
+@@ -2809,13 +2878,45 @@ static int move_module(struct module *mod, struct load_info *info)
*/
kmemleak_ignore(ptr);
if (!ptr) {
/* Transfer each section which specifies SHF_ALLOC */
pr_debug("final section addresses:\n");
-@@ -2824,16 +2927,45 @@ static int move_module(struct module *mod, struct load_info *info)
+@@ -2826,16 +2927,45 @@ static int move_module(struct module *mod, struct load_info *info)
if (!(shdr->sh_flags & SHF_ALLOC))
continue;
pr_debug("\t0x%lx %s\n",
(long)shdr->sh_addr, info->secstrings + shdr->sh_name);
}
-@@ -2890,12 +3022,12 @@ static void flush_module_icache(const struct module *mod)
+@@ -2892,12 +3022,12 @@ static void flush_module_icache(const struct module *mod)
* Do it before processing of module parameters, so the module
* can provide parameter accessor functions of its own.
*/
set_fs(old_fs);
}
-@@ -2952,8 +3084,10 @@ static struct module *layout_and_allocate(struct load_info *info, int flags)
+@@ -2954,8 +3084,10 @@ static struct module *layout_and_allocate(struct load_info *info, int flags)
static void module_deallocate(struct module *mod, struct load_info *info)
{
percpu_modfree(mod);
}
int __weak module_finalize(const Elf_Ehdr *hdr,
-@@ -2966,7 +3100,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr,
+@@ -2968,7 +3100,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr,
static int post_relocation(struct module *mod, const struct load_info *info)
{
/* Sort exception table now relocations are done. */
/* Copy relocated percpu area over. */
percpu_modcopy(mod, (void *)info->sechdrs[info->index.pcpu].sh_addr,
-@@ -3075,11 +3211,12 @@ static int do_init_module(struct module *mod)
+@@ -3077,11 +3211,12 @@ static int do_init_module(struct module *mod)
mod->strtab = mod->core_strtab;
#endif
unset_module_init_ro_nx(mod);
mutex_unlock(&module_mutex);
wake_up_all(&module_wq);
-@@ -3147,16 +3284,16 @@ static int complete_formation(struct module *mod, struct load_info *info)
+@@ -3149,16 +3284,16 @@ static int complete_formation(struct module *mod, struct load_info *info)
module_bug_finalize(info->hdr, info->sechdrs, mod);
/* Set RO and NX regions for core */
/* Mark state as coming so strong_try_module_get() ignores us,
* but kallsyms etc. can see us. */
-@@ -3240,9 +3377,38 @@ static int load_module(struct load_info *info, const char __user *uargs,
+@@ -3242,9 +3377,38 @@ static int load_module(struct load_info *info, const char __user *uargs,
if (err)
goto free_unload;
/* Fix up syms, so that st_value is a pointer to location. */
err = simplify_symbols(mod, info);
if (err < 0)
-@@ -3258,13 +3424,6 @@ static int load_module(struct load_info *info, const char __user *uargs,
+@@ -3260,13 +3424,6 @@ static int load_module(struct load_info *info, const char __user *uargs,
flush_module_icache(mod);
dynamic_debug_setup(info->debug, info->num_debug);
/* Ftrace init must be called in the MODULE_STATE_UNFORMED state */
-@@ -3312,11 +3471,10 @@ static int load_module(struct load_info *info, const char __user *uargs,
+@@ -3314,11 +3471,10 @@ static int load_module(struct load_info *info, const char __user *uargs,
ddebug_cleanup:
dynamic_debug_remove(info->debug);
synchronize_sched();
free_unload:
module_unload_free(mod);
unlink_mod:
-@@ -3401,10 +3559,16 @@ static const char *get_ksymbol(struct module *mod,
+@@ -3403,10 +3559,16 @@ static const char *get_ksymbol(struct module *mod,
unsigned long nextval;
/* At worse, next value is at end of module */
/* Scan for closest preceding symbol, and next symbol. (ELF
starts real symbols at 1). */
-@@ -3652,7 +3816,7 @@ static int m_show(struct seq_file *m, void *p)
+@@ -3654,7 +3816,7 @@ static int m_show(struct seq_file *m, void *p)
return 0;
seq_printf(m, "%s %u",
print_unload_info(m, mod);
/* Informative for users. */
-@@ -3661,7 +3825,7 @@ static int m_show(struct seq_file *m, void *p)
+@@ -3663,7 +3825,7 @@ static int m_show(struct seq_file *m, void *p)
mod->state == MODULE_STATE_COMING ? "Loading":
"Live");
/* Used by oprofile and other similar tools. */
/* Taints info */
if (mod->taints)
-@@ -3697,7 +3861,17 @@ static const struct file_operations proc_modules_operations = {
+@@ -3699,7 +3861,17 @@ static const struct file_operations proc_modules_operations = {
static int __init proc_modules_init(void)
{
return 0;
}
module_init(proc_modules_init);
-@@ -3758,7 +3932,8 @@ struct module *__module_address(unsigned long addr)
+@@ -3760,7 +3932,8 @@ struct module *__module_address(unsigned long addr)
{
struct module *mod;
return NULL;
list_for_each_entry_rcu(mod, &modules, list) {
-@@ -3799,11 +3974,20 @@ bool is_module_text_address(unsigned long addr)
+@@ -3801,11 +3974,20 @@ bool is_module_text_address(unsigned long addr)
*/
struct module *__module_text_address(unsigned long addr)
{
select LZO_COMPRESS
select LZO_DECOMPRESS
diff --git a/kernel/power/process.c b/kernel/power/process.c
-index 4ee194e..925778f 100644
+index 7a37cf3..3e4c1c8 100644
--- a/kernel/power/process.c
+++ b/kernel/power/process.c
@@ -35,6 +35,7 @@ static int try_to_freeze_tasks(bool user_only)
static void check_cpu_stalls(void)
diff --git a/kernel/rcu/tree.c b/kernel/rcu/tree.c
-index 1b70cb6..ea62b0a 100644
+index 89a404a..f42a019 100644
--- a/kernel/rcu/tree.c
+++ b/kernel/rcu/tree.c
@@ -263,7 +263,7 @@ static void rcu_momentary_dyntick_idle(void)
- ACCESS_ONCE(rsp->gp_flags) |= RCU_GP_FLAG_FQS;
+ ACCESS_ONCE_RW(rsp->gp_flags) |= RCU_GP_FLAG_FQS;
raw_spin_unlock_irqrestore(&rnp_old->lock, flags);
- wake_up(&rsp->gp_wq); /* Memory barrier implied by wake_up() path. */
+ rcu_gp_kthread_wake(rsp);
}
@@ -2550,7 +2550,7 @@ __rcu_process_callbacks(struct rcu_state *rsp)
/*
unsigned long timeout)
{
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
-index ec1a286..6b516b8 100644
+index 6d7cb91..420f2d2 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -1857,7 +1857,7 @@ void set_numabalancing_state(bool enabled)
int err;
int state = numabalancing_enabled;
-@@ -2320,8 +2320,10 @@ context_switch(struct rq *rq, struct task_struct *prev,
+@@ -2324,8 +2324,10 @@ context_switch(struct rq *rq, struct task_struct *prev,
next->active_mm = oldmm;
atomic_inc(&oldmm->mm_count);
enter_lazy_tlb(oldmm, next);
if (!prev->mm) {
prev->active_mm = NULL;
-@@ -3103,6 +3105,8 @@ int can_nice(const struct task_struct *p, const int nice)
+@@ -3107,6 +3109,8 @@ int can_nice(const struct task_struct *p, const int nice)
/* convert nice value [19,-20] to rlimit style value [1,40] */
int nice_rlim = nice_to_rlimit(nice);
return (nice_rlim <= task_rlimit(p, RLIMIT_NICE) ||
capable(CAP_SYS_NICE));
}
-@@ -3129,7 +3133,8 @@ SYSCALL_DEFINE1(nice, int, increment)
+@@ -3133,7 +3137,8 @@ SYSCALL_DEFINE1(nice, int, increment)
nice = task_nice(current) + increment;
nice = clamp_val(nice, MIN_NICE, MAX_NICE);
return -EPERM;
retval = security_task_setnice(current, nice);
-@@ -3408,6 +3413,7 @@ recheck:
+@@ -3412,6 +3417,7 @@ recheck:
if (policy != p->policy && !rlim_rtprio)
return -EPERM;
/* can't increase priority */
if (attr->sched_priority > p->rt_priority &&
attr->sched_priority > rlim_rtprio)
-@@ -4797,6 +4803,7 @@ void idle_task_exit(void)
+@@ -4802,6 +4808,7 @@ void idle_task_exit(void)
if (mm != &init_mm) {
switch_mm(mm, &init_mm, current);
finish_arch_post_lock_switch();
}
mmdrop(mm);
-@@ -4892,7 +4899,7 @@ static void migrate_tasks(unsigned int dead_cpu)
+@@ -4897,7 +4904,7 @@ static void migrate_tasks(unsigned int dead_cpu)
#if defined(CONFIG_SCHED_DEBUG) && defined(CONFIG_SYSCTL)
{
.procname = "sched_domain",
.mode = 0555,
-@@ -4909,17 +4916,17 @@ static struct ctl_table sd_ctl_root[] = {
+@@ -4914,17 +4921,17 @@ static struct ctl_table sd_ctl_root[] = {
{}
};
/*
* In the intermediate directories, both the child directory and
-@@ -4927,22 +4934,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep)
+@@ -4932,22 +4939,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep)
* will always be set. In the lowest directory the names are
* static strings and all have proc handlers.
*/
const char *procname, void *data, int maxlen,
umode_t mode, proc_handler *proc_handler,
bool load_idx)
-@@ -4962,7 +4972,7 @@ set_table_entry(struct ctl_table *entry,
+@@ -4967,7 +4977,7 @@ set_table_entry(struct ctl_table *entry,
static struct ctl_table *
sd_alloc_ctl_domain_table(struct sched_domain *sd)
{
if (table == NULL)
return NULL;
-@@ -5000,9 +5010,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd)
+@@ -5005,9 +5015,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd)
return table;
}
struct sched_domain *sd;
int domain_num = 0, i;
char buf[32];
-@@ -5029,11 +5039,13 @@ static struct ctl_table_header *sd_sysctl_header;
+@@ -5034,11 +5044,13 @@ static struct ctl_table_header *sd_sysctl_header;
static void register_sched_domain_sysctl(void)
{
int i, cpu_num = num_possible_cpus();
if (entry == NULL)
return;
-@@ -5056,8 +5068,12 @@ static void unregister_sched_domain_sysctl(void)
+@@ -5061,8 +5073,12 @@ static void unregister_sched_domain_sysctl(void)
if (sd_sysctl_header)
unregister_sysctl_table(sd_sysctl_header);
sd_sysctl_header = NULL;
.clock_get = thread_cpu_clock_get,
.timer_create = thread_cpu_timer_create,
diff --git a/kernel/time/posix-timers.c b/kernel/time/posix-timers.c
-index 42b463a..a6b008f 100644
+index 31ea01f..7fc61ef 100644
--- a/kernel/time/posix-timers.c
+++ b/kernel/time/posix-timers.c
@@ -43,6 +43,7 @@
int it_id_set = IT_ID_NOT_SET;
if (!kc)
-@@ -1013,6 +1014,13 @@ SYSCALL_DEFINE2(clock_settime, const clockid_t, which_clock,
+@@ -1014,6 +1015,13 @@ SYSCALL_DEFINE2(clock_settime, const clockid_t, which_clock,
if (copy_from_user(&new_tp, tp, sizeof (*tp)))
return -EFAULT;
start_pg = ftrace_allocate_pages(count);
if (!start_pg)
diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
-index 2d75c94..5ef6d32 100644
+index a56e07c..d46f0ba 100644
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@@ -352,9 +352,9 @@ struct buffer_data_page {
local_t dropped_events;
local_t committing;
local_t commits;
-@@ -1005,8 +1005,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -1032,8 +1032,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer,
*
* We add a counter to the write field to denote this.
*/
/*
* Just make sure we have seen our old_write and synchronize
-@@ -1034,8 +1034,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -1061,8 +1061,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer,
* cmpxchg to only update if an interrupt did not already
* do it for us. If the cmpxchg fails, we don't care.
*/
/*
* No need to worry about races with clearing out the commit.
-@@ -1402,12 +1402,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer);
+@@ -1429,12 +1429,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer);
static inline unsigned long rb_page_entries(struct buffer_page *bpage)
{
}
static int
-@@ -1502,7 +1502,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned int nr_pages)
+@@ -1529,7 +1529,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned int nr_pages)
* bytes consumed in ring buffer from here.
* Increment overrun to account for the lost events.
*/
local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes);
}
-@@ -2064,7 +2064,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2091,7 +2091,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer,
* it is our responsibility to update
* the counters.
*/
local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes);
/*
-@@ -2214,7 +2214,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2241,7 +2241,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
if (tail == BUF_PAGE_SIZE)
tail_page->real_end = 0;
return;
}
-@@ -2249,7 +2249,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2276,7 +2276,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
rb_event_set_padding(event);
/* Set the write back to the previous setting */
return;
}
-@@ -2261,7 +2261,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2288,7 +2288,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
/* Set write to end of buffer */
length = (tail + length) - BUF_PAGE_SIZE;
}
/*
-@@ -2287,7 +2287,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2314,7 +2314,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
* about it.
*/
if (unlikely(next_page == commit_page)) {
goto out_reset;
}
-@@ -2343,7 +2343,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2370,7 +2370,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
cpu_buffer->tail_page) &&
(cpu_buffer->commit_page ==
cpu_buffer->reader_page))) {
goto out_reset;
}
}
-@@ -2391,7 +2391,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2418,7 +2418,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
length += RB_LEN_TIME_EXTEND;
tail_page = cpu_buffer->tail_page;
/* set write to only the index of the write */
write &= RB_WRITE_MASK;
-@@ -2415,7 +2415,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2442,7 +2442,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
kmemcheck_annotate_bitfield(event, bitfield);
rb_update_event(cpu_buffer, event, length, add_timestamp, delta);
/*
* If this is the first commit on the page, then update
-@@ -2448,7 +2448,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2475,7 +2475,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
if (bpage->page == (void *)addr && rb_page_write(bpage) == old_index) {
unsigned long write_mask =
unsigned long event_length = rb_event_length(event);
/*
* This is on the tail page. It is possible that
-@@ -2458,7 +2458,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2485,7 +2485,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
*/
old_index += write_mask;
new_index += write_mask;
if (index == old_index) {
/* update counters */
local_sub(event_length, &cpu_buffer->entries_bytes);
-@@ -2850,7 +2850,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2877,7 +2877,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
/* Do the likely case first */
if (likely(bpage->page == (void *)addr)) {
return;
}
-@@ -2862,7 +2862,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2889,7 +2889,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
start = bpage;
do {
if (bpage->page == (void *)addr) {
return;
}
rb_inc_page(cpu_buffer, &bpage);
-@@ -3146,7 +3146,7 @@ static inline unsigned long
+@@ -3173,7 +3173,7 @@ static inline unsigned long
rb_num_of_entries(struct ring_buffer_per_cpu *cpu_buffer)
{
return local_read(&cpu_buffer->entries) -
}
/**
-@@ -3235,7 +3235,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu)
+@@ -3262,7 +3262,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu)
return 0;
cpu_buffer = buffer->buffers[cpu];
return ret;
}
-@@ -3258,7 +3258,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu)
+@@ -3285,7 +3285,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu)
return 0;
cpu_buffer = buffer->buffers[cpu];
return ret;
}
-@@ -3343,7 +3343,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer)
+@@ -3370,7 +3370,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer)
/* if you care about this being correct, lock the buffer */
for_each_buffer_cpu(buffer, cpu) {
cpu_buffer = buffer->buffers[cpu];
}
return overruns;
-@@ -3514,8 +3514,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
+@@ -3541,8 +3541,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
/*
* Reset the reader page to size zero.
*/
local_set(&cpu_buffer->reader_page->page->commit, 0);
cpu_buffer->reader_page->real_end = 0;
-@@ -3549,7 +3549,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
+@@ -3576,7 +3576,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
* want to compare with the last_overrun.
*/
smp_mb();
/*
* Here's the tricky part.
-@@ -4121,8 +4121,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
+@@ -4148,8 +4148,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
cpu_buffer->head_page
= list_entry(cpu_buffer->pages, struct buffer_page, list);
local_set(&cpu_buffer->head_page->page->commit, 0);
cpu_buffer->head_page->read = 0;
-@@ -4132,14 +4132,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
+@@ -4159,14 +4159,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
INIT_LIST_HEAD(&cpu_buffer->reader_page->list);
INIT_LIST_HEAD(&cpu_buffer->new_pages);
local_set(&cpu_buffer->dropped_events, 0);
local_set(&cpu_buffer->entries, 0);
local_set(&cpu_buffer->committing, 0);
-@@ -4544,8 +4544,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer,
+@@ -4571,8 +4571,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer,
rb_init_page(bpage);
bpage = reader->page;
reader->page = *data_page;
*data_page = bpage;
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
-index 8a52839..dd6d7c8 100644
+index 1520933..c651ebc 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
-@@ -3487,7 +3487,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set)
+@@ -3488,7 +3488,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set)
return 0;
}
return;
local_irq_save(flags);
+diff --git a/kernel/trace/trace_syscalls.c b/kernel/trace/trace_syscalls.c
+index 7e3cd7a..5156a5fe 100644
+--- a/kernel/trace/trace_syscalls.c
++++ b/kernel/trace/trace_syscalls.c
+@@ -602,6 +602,8 @@ static int perf_sysenter_enable(struct ftrace_event_call *call)
+ int num;
+
+ num = ((struct syscall_metadata *)call->data)->syscall_nr;
++ if (WARN_ON_ONCE(num < 0 || num >= NR_syscalls))
++ return -EINVAL;
+
+ mutex_lock(&syscall_trace_lock);
+ if (!sys_perf_refcount_enter)
+@@ -622,6 +624,8 @@ static void perf_sysenter_disable(struct ftrace_event_call *call)
+ int num;
+
+ num = ((struct syscall_metadata *)call->data)->syscall_nr;
++ if (WARN_ON_ONCE(num < 0 || num >= NR_syscalls))
++ return;
+
+ mutex_lock(&syscall_trace_lock);
+ sys_perf_refcount_enter--;
+@@ -674,6 +678,8 @@ static int perf_sysexit_enable(struct ftrace_event_call *call)
+ int num;
+
+ num = ((struct syscall_metadata *)call->data)->syscall_nr;
++ if (WARN_ON_ONCE(num < 0 || num >= NR_syscalls))
++ return -EINVAL;
+
+ mutex_lock(&syscall_trace_lock);
+ if (!sys_perf_refcount_exit)
+@@ -694,6 +700,8 @@ static void perf_sysexit_disable(struct ftrace_event_call *call)
+ int num;
+
+ num = ((struct syscall_metadata *)call->data)->syscall_nr;
++ if (WARN_ON_ONCE(num < 0 || num >= NR_syscalls))
++ return;
+
+ mutex_lock(&syscall_trace_lock);
+ sys_perf_refcount_exit--;
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
index aa312b0..395f343 100644
--- a/kernel/user_namespace.c
(val << avg->factor)) >> avg->weight :
(val << avg->factor);
diff --git a/lib/bitmap.c b/lib/bitmap.c
-index 1e031f2..a53eb90 100644
+index 33ce011..89e3d6f 100644
--- a/lib/bitmap.c
+++ b/lib/bitmap.c
-@@ -429,7 +429,7 @@ int __bitmap_parse(const char *buf, unsigned int buflen,
+@@ -433,7 +433,7 @@ int __bitmap_parse(const char *buf, unsigned int buflen,
{
int c, old_c, totaldigits, ndigits, nchunks, nbits;
u32 chunk;
bitmap_zero(maskp, nmaskbits);
-@@ -514,7 +514,7 @@ int bitmap_parse_user(const char __user *ubuf,
+@@ -518,7 +518,7 @@ int bitmap_parse_user(const char __user *ubuf,
{
if (!access_ok(VERIFY_READ, ubuf, ulen))
return -EFAULT;
ulen, 1, maskp, nmaskbits);
}
-@@ -605,7 +605,7 @@ static int __bitmap_parselist(const char *buf, unsigned int buflen,
+@@ -609,7 +609,7 @@ static int __bitmap_parselist(const char *buf, unsigned int buflen,
{
unsigned a, b;
int c, old_c, totaldigits;
int exp_digit, in_range;
totaldigits = c = 0;
-@@ -700,7 +700,7 @@ int bitmap_parselist_user(const char __user *ubuf,
+@@ -704,7 +704,7 @@ int bitmap_parselist_user(const char __user *ubuf,
{
if (!access_ok(VERIFY_READ, ubuf, ulen))
return -EFAULT;
+ printk("%lu pages hwpoisoned\n", atomic_long_read_unchecked(&num_poisoned_pages));
#endif
}
-diff --git a/lib/string.c b/lib/string.c
-index f3c6ff5..70db57a 100644
---- a/lib/string.c
-+++ b/lib/string.c
-@@ -604,6 +604,22 @@ void *memset(void *s, int c, size_t count)
- EXPORT_SYMBOL(memset);
- #endif
-
-+/**
-+ * memzero_explicit - Fill a region of memory (e.g. sensitive
-+ * keying data) with 0s.
-+ * @s: Pointer to the start of the area.
-+ * @count: The size of the area.
-+ *
-+ * memzero_explicit() doesn't need an arch-specific version as
-+ * it just invokes the one of memset() implicitly.
-+ */
-+void memzero_explicit(void *s, size_t count)
-+{
-+ memset(s, 0, count);
-+ OPTIMIZER_HIDE_VAR(s);
-+}
-+EXPORT_SYMBOL(memzero_explicit);
-+
- #ifndef __HAVE_ARCH_MEMCPY
- /**
- * memcpy - Copy one area of memory to another
diff --git a/lib/strncpy_from_user.c b/lib/strncpy_from_user.c
index bb2b201..46abaf9 100644
--- a/lib/strncpy_from_user.c
if (!ptep)
return VM_FAULT_OOM;
diff --git a/mm/internal.h b/mm/internal.h
-index a1b651b..f688570 100644
+index 5f2772f..4c3882c 100644
--- a/mm/internal.h
+++ b/mm/internal.h
-@@ -109,6 +109,7 @@ extern pmd_t *mm_find_pmd(struct mm_struct *mm, unsigned long address);
- * in mm/page_alloc.c
- */
+@@ -134,6 +134,7 @@ __find_buddy_index(unsigned long page_idx, unsigned int order)
+
+ extern int __isolate_free_page(struct page *page, unsigned int order);
extern void __free_pages_bootmem(struct page *page, unsigned int order);
+extern void free_compound_page(struct page *page);
extern void prep_compound_page(struct page *page, unsigned long order);
#ifdef CONFIG_MEMORY_FAILURE
extern bool is_free_buddy_page(struct page *page);
-@@ -351,7 +352,7 @@ extern u32 hwpoison_filter_enable;
+@@ -376,7 +377,7 @@ extern u32 hwpoison_filter_enable;
extern unsigned long vm_mmap_pgoff(struct file *, unsigned long,
unsigned long, unsigned long,
extern void set_pageblock_order(void);
unsigned long reclaim_clean_pages_from_list(struct zone *zone,
diff --git a/mm/iov_iter.c b/mm/iov_iter.c
-index 9a09f20..6ef0515 100644
+index 141dcf7..7327fd3 100644
--- a/mm/iov_iter.c
+++ b/mm/iov_iter.c
@@ -173,7 +173,7 @@ static size_t __iovec_copy_from_user_inatomic(char *vaddr,
}
unset_migratetype_isolate(page, MIGRATE_MOVABLE);
diff --git a/mm/memory.c b/mm/memory.c
-index e229970..68218aa 100644
+index 37b80fc..68218aa 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -415,6 +415,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud,
vma->vm_file->f_op->mmap);
dump_stack();
add_taint(TAINT_BAD_PAGE, LOCKDEP_NOW_UNRELIABLE);
-@@ -1147,6 +1153,7 @@ again:
- print_bad_pte(vma, addr, ptent, page);
- if (unlikely(!__tlb_remove_page(tlb, page))) {
- force_flush = 1;
-+ addr += PAGE_SIZE;
- break;
- }
- continue;
-@@ -1500,6 +1507,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr,
+@@ -1501,6 +1507,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr,
page_add_file_rmap(page);
set_pte_at(mm, addr, pte, mk_pte(page, prot));
retval = 0;
pte_unmap_unlock(pte, ptl);
return retval;
-@@ -1544,9 +1555,21 @@ int vm_insert_page(struct vm_area_struct *vma, unsigned long addr,
+@@ -1545,9 +1555,21 @@ int vm_insert_page(struct vm_area_struct *vma, unsigned long addr,
if (!page_count(page))
return -EINVAL;
if (!(vma->vm_flags & VM_MIXEDMAP)) {
}
return insert_page(vma, addr, page, vma->vm_page_prot);
}
-@@ -1629,6 +1652,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr,
+@@ -1630,6 +1652,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr,
unsigned long pfn)
{
BUG_ON(!(vma->vm_flags & VM_MIXEDMAP));
if (addr < vma->vm_start || addr >= vma->vm_end)
return -EFAULT;
-@@ -1876,7 +1900,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud,
+@@ -1877,7 +1900,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud,
BUG_ON(pud_huge(*pud));
if (!pmd)
return -ENOMEM;
do {
-@@ -1896,7 +1922,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd,
+@@ -1897,7 +1922,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd,
unsigned long next;
int err;
if (!pud)
return -ENOMEM;
do {
-@@ -2018,6 +2046,186 @@ static int do_page_mkwrite(struct vm_area_struct *vma, struct page *page,
+@@ -2019,6 +2046,186 @@ static int do_page_mkwrite(struct vm_area_struct *vma, struct page *page,
return ret;
}
/*
* This routine handles present pages, when users try to write
* to a shared page. It is done by copying the page to a new address
-@@ -2216,6 +2424,12 @@ gotten:
+@@ -2217,6 +2424,12 @@ gotten:
*/
page_table = pte_offset_map_lock(mm, pmd, address, &ptl);
if (likely(pte_same(*page_table, orig_pte))) {
if (old_page) {
if (!PageAnon(old_page)) {
dec_mm_counter_fast(mm, MM_FILEPAGES);
-@@ -2269,6 +2483,10 @@ gotten:
+@@ -2270,6 +2483,10 @@ gotten:
page_remove_rmap(old_page);
}
/* Free the old page.. */
new_page = old_page;
ret |= VM_FAULT_WRITE;
-@@ -2543,6 +2761,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2544,6 +2761,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
swap_free(entry);
if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page))
try_to_free_swap(page);
unlock_page(page);
if (page != swapcache) {
/*
-@@ -2566,6 +2789,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2567,6 +2789,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
/* No need to invalidate - it was non-present before */
update_mmu_cache(vma, address, page_table);
unlock:
pte_unmap_unlock(page_table, ptl);
out:
-@@ -2585,40 +2813,6 @@ out_release:
+@@ -2586,40 +2813,6 @@ out_release:
}
/*
* We enter with non-exclusive mmap_sem (to exclude vma changes,
* but allow concurrent faults), and pte mapped but not yet locked.
* We return with mmap_sem still held, but pte unmapped and unlocked.
-@@ -2628,27 +2822,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2629,27 +2822,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
unsigned int flags)
{
struct mem_cgroup *memcg;
if (unlikely(anon_vma_prepare(vma)))
goto oom;
page = alloc_zeroed_user_highpage_movable(vma, address);
-@@ -2672,6 +2862,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2673,6 +2862,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
if (!pte_none(*page_table))
goto release;
inc_mm_counter_fast(mm, MM_ANONPAGES);
page_add_new_anon_rmap(page, vma, address);
mem_cgroup_commit_charge(page, memcg, false);
-@@ -2681,6 +2876,12 @@ setpte:
+@@ -2682,6 +2876,12 @@ setpte:
/* No need to invalidate - it was non-present before */
update_mmu_cache(vma, address, page_table);
unlock:
pte_unmap_unlock(page_table, ptl);
return 0;
-@@ -2911,6 +3112,11 @@ static int do_read_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2912,6 +3112,11 @@ static int do_read_fault(struct mm_struct *mm, struct vm_area_struct *vma,
return ret;
}
do_set_pte(vma, address, fault_page, pte, false, false);
unlock_page(fault_page);
unlock_out:
pte_unmap_unlock(pte, ptl);
-@@ -2953,7 +3159,18 @@ static int do_cow_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2954,7 +3159,18 @@ static int do_cow_fault(struct mm_struct *mm, struct vm_area_struct *vma,
page_cache_release(fault_page);
goto uncharge_out;
}
mem_cgroup_commit_charge(new_page, memcg, false);
lru_cache_add_active_or_unevictable(new_page, vma);
pte_unmap_unlock(pte, ptl);
-@@ -3003,6 +3220,11 @@ static int do_shared_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3004,6 +3220,11 @@ static int do_shared_fault(struct mm_struct *mm, struct vm_area_struct *vma,
return ret;
}
do_set_pte(vma, address, fault_page, pte, true, false);
pte_unmap_unlock(pte, ptl);
if (set_page_dirty(fault_page))
-@@ -3244,6 +3466,12 @@ static int handle_pte_fault(struct mm_struct *mm,
+@@ -3245,6 +3466,12 @@ static int handle_pte_fault(struct mm_struct *mm,
if (flags & FAULT_FLAG_WRITE)
flush_tlb_fix_spurious_fault(vma, address);
}
unlock:
pte_unmap_unlock(pte, ptl);
return 0;
-@@ -3263,9 +3491,41 @@ static int __handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3264,9 +3491,41 @@ static int __handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
pmd_t *pmd;
pte_t *pte;
pgd = pgd_offset(mm, address);
pud = pud_alloc(mm, pgd, address);
if (!pud)
-@@ -3399,6 +3659,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
+@@ -3400,6 +3659,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
spin_unlock(&mm->page_table_lock);
return 0;
}
#endif /* __PAGETABLE_PUD_FOLDED */
#ifndef __PAGETABLE_PMD_FOLDED
-@@ -3429,6 +3706,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address)
+@@ -3430,6 +3706,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address)
spin_unlock(&mm->page_table_lock);
return 0;
}
#endif /* __PAGETABLE_PMD_FOLDED */
static int __follow_pte(struct mm_struct *mm, unsigned long address,
-@@ -3538,8 +3839,8 @@ out:
+@@ -3539,8 +3839,8 @@ out:
return ret;
}
{
resource_size_t phys_addr;
unsigned long prot = 0;
-@@ -3565,8 +3866,8 @@ EXPORT_SYMBOL_GPL(generic_access_phys);
+@@ -3566,8 +3866,8 @@ EXPORT_SYMBOL_GPL(generic_access_phys);
* Access another process' address space as given in mm. If non-NULL, use the
* given task for page fault accounting.
*/
{
struct vm_area_struct *vma;
void *old_buf = buf;
-@@ -3574,7 +3875,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
+@@ -3575,7 +3875,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
down_read(&mm->mmap_sem);
/* ignore errors, just check how much was successfully transferred */
while (len) {
void *maddr;
struct page *page = NULL;
-@@ -3635,8 +3936,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
+@@ -3636,8 +3936,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
*
* The caller must hold a reference on @mm.
*/
{
return __access_remote_vm(NULL, mm, addr, buf, len, write);
}
-@@ -3646,11 +3947,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr,
+@@ -3647,11 +3947,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr,
* Source/target buffer must be kernel space,
* Do not walk the page table directly, use get_user_pages
*/
capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE);
diff --git a/mm/migrate.c b/mm/migrate.c
-index 2740360..d20a37d 100644
+index 0143995..b294728 100644
--- a/mm/migrate.c
+++ b/mm/migrate.c
-@@ -1503,8 +1503,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages,
+@@ -1495,8 +1495,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages,
*/
tcred = __task_cred(task);
if (!uid_eq(cred->euid, tcred->suid) && !uid_eq(cred->euid, tcred->uid) &&
capable(CAP_IPC_LOCK))
ret = do_mlockall(flags);
diff --git a/mm/mmap.c b/mm/mmap.c
-index c0a3637..c760814 100644
+index ebc25fa..0ef0db0 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -41,6 +41,7 @@
+ }
if (err)
return NULL;
- khugepaged_enter_vma_merge(prev);
+ khugepaged_enter_vma_merge(prev, vm_flags);
@@ -1067,12 +1138,27 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
mpol_equal(policy, vma_policy(next)) &&
can_vma_merge_before(next, vm_flags,
+ }
if (err)
return NULL;
- khugepaged_enter_vma_merge(area);
+ khugepaged_enter_vma_merge(area, vm_flags);
@@ -1181,8 +1267,10 @@ none:
void vm_stat_account(struct mm_struct *mm, unsigned long flags,
struct file *file, long pages)
+ if (locknext)
+ vma_unlock_anon_vma(vma->vm_next);
vma_unlock_anon_vma(vma);
- khugepaged_enter_vma_merge(vma);
+ khugepaged_enter_vma_merge(vma, vma->vm_flags);
validate_mm(vma->vm_mm);
@@ -2205,6 +2525,8 @@ int expand_downwards(struct vm_area_struct *vma,
unsigned long address)
vma_unlock_anon_vma(vma);
+ if (lockprev)
+ vma_unlock_anon_vma(prev);
- khugepaged_enter_vma_merge(vma);
+ khugepaged_enter_vma_merge(vma, vma->vm_flags);
validate_mm(vma->vm_mm);
return error;
@@ -2358,6 +2711,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma)
struct mm_struct *mm;
diff --git a/mm/page-writeback.c b/mm/page-writeback.c
-index 91d73ef..0e564d2 100644
+index ba5fd97..5a95869 100644
--- a/mm/page-writeback.c
+++ b/mm/page-writeback.c
@@ -664,7 +664,7 @@ static long long pos_ratio_polynom(unsigned long setpoint,
unsigned long bg_thresh,
unsigned long dirty,
diff --git a/mm/page_alloc.c b/mm/page_alloc.c
-index eee9619..155d328 100644
+index c5fe124..2cf7f17 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -61,6 +61,7 @@
{
__free_pages_ok(page, compound_order(page));
}
-@@ -751,6 +752,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order)
+@@ -740,6 +741,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order)
int i;
int bad = 0;
trace_mm_page_free(page, order);
kmemcheck_free_shadow(page, order);
-@@ -767,6 +772,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order)
+@@ -756,6 +761,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order)
debug_check_no_obj_freed(page_address(page),
PAGE_SIZE << order);
}
arch_free_page(page, order);
kernel_map_pages(page, 1 << order, 0);
-@@ -790,6 +801,20 @@ static void __free_pages_ok(struct page *page, unsigned int order)
+@@ -779,6 +790,20 @@ static void __free_pages_ok(struct page *page, unsigned int order)
local_irq_restore(flags);
}
void __init __free_pages_bootmem(struct page *page, unsigned int order)
{
unsigned int nr_pages = 1 << order;
-@@ -805,6 +830,19 @@ void __init __free_pages_bootmem(struct page *page, unsigned int order)
+@@ -794,6 +819,19 @@ void __init __free_pages_bootmem(struct page *page, unsigned int order)
__ClearPageReserved(p);
set_page_count(p, 0);
page_zone(page)->managed_pages += nr_pages;
set_page_refcounted(page);
__free_pages(page, order);
-@@ -933,8 +971,10 @@ static int prep_new_page(struct page *page, unsigned int order, gfp_t gfp_flags)
+@@ -922,8 +960,10 @@ static int prep_new_page(struct page *page, unsigned int order, gfp_t gfp_flags)
arch_alloc_page(page, order);
kernel_map_pages(page, 1 << order, 1);
if (order && (gfp_flags & __GFP_COMP))
prep_compound_page(page, order);
-@@ -1612,7 +1652,7 @@ again:
+@@ -1601,7 +1641,7 @@ again:
}
__mod_zone_page_state(zone, NR_ALLOC_BATCH, -(1 << order));
!zone_is_fair_depleted(zone))
zone_set_flag(zone, ZONE_FAIR_DEPLETED);
-@@ -1933,7 +1973,7 @@ static void reset_alloc_batches(struct zone *preferred_zone)
+@@ -1922,7 +1962,7 @@ static void reset_alloc_batches(struct zone *preferred_zone)
do {
mod_zone_page_state(zone, NR_ALLOC_BATCH,
high_wmark_pages(zone) - low_wmark_pages(zone) -
zone_clear_flag(zone, ZONE_FAIR_DEPLETED);
} while (zone++ != preferred_zone);
}
-@@ -5702,7 +5742,7 @@ static void __setup_per_zone_wmarks(void)
+@@ -5699,7 +5739,7 @@ static void __setup_per_zone_wmarks(void)
__mod_zone_page_state(zone, NR_ALLOC_BATCH,
high_wmark_pages(zone) - low_wmark_pages(zone) -
setup_zone_migrate_reserve(zone);
spin_unlock_irqrestore(&zone->lock, flags);
diff --git a/mm/percpu.c b/mm/percpu.c
-index da997f9..19040e9 100644
+index 2139e30..1d45bce 100644
--- a/mm/percpu.c
+++ b/mm/percpu.c
@@ -123,7 +123,7 @@ static unsigned int pcpu_low_unit_cpu __read_mostly;
if (!mm || IS_ERR(mm)) {
rc = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH;
diff --git a/mm/rmap.c b/mm/rmap.c
-index 3e8491c..02abccc 100644
+index e01318d..25117ca 100644
--- a/mm/rmap.c
+++ b/mm/rmap.c
@@ -164,6 +164,10 @@ int anon_vma_prepare(struct vm_area_struct *vma)
return -ENOMEM;
diff --git a/mm/slab.c b/mm/slab.c
-index 7c52b38..dc55dcb 100644
+index 7c52b38..3ccc17e 100644
--- a/mm/slab.c
+++ b/mm/slab.c
@@ -316,10 +316,12 @@ static void kmem_cache_node_init(struct kmem_cache_node *parent)
slab_early_init = 0;
-@@ -3384,6 +3388,21 @@ static inline void __cache_free(struct kmem_cache *cachep, void *objp,
+@@ -3384,6 +3388,20 @@ static inline void __cache_free(struct kmem_cache *cachep, void *objp,
struct array_cache *ac = cpu_cache_get(cachep);
check_irq_off();
+
+#ifdef CONFIG_PAX_MEMORY_SANITIZE
-+ if (pax_sanitize_slab) {
-+ if (!(cachep->flags & (SLAB_POISON | SLAB_NO_SANITIZE))) {
-+ memset(objp, PAX_MEMORY_SANITIZE_VALUE, cachep->object_size);
++ if (cachep->flags & (SLAB_POISON | SLAB_NO_SANITIZE))
++ STATS_INC_NOT_SANITIZED(cachep);
++ else {
++ memset(objp, PAX_MEMORY_SANITIZE_VALUE, cachep->object_size);
+
-+ if (cachep->ctor)
-+ cachep->ctor(objp);
++ if (cachep->ctor)
++ cachep->ctor(objp);
+
-+ STATS_INC_SANITIZED(cachep);
-+ } else
-+ STATS_INC_NOT_SANITIZED(cachep);
++ STATS_INC_SANITIZED(cachep);
+ }
+#endif
+
kmemleak_free_recursive(objp, cachep->flags);
objp = cache_free_debugcheck(cachep, objp, caller);
-@@ -3607,6 +3626,7 @@ void kfree(const void *objp)
+@@ -3607,6 +3625,7 @@ void kfree(const void *objp)
if (unlikely(ZERO_OR_NULL_PTR(objp)))
return;
local_irq_save(flags);
kfree_debugcheck(objp);
c = virt_to_cache(objp);
-@@ -4056,14 +4076,22 @@ void slabinfo_show_stats(struct seq_file *m, struct kmem_cache *cachep)
+@@ -4056,14 +4075,22 @@ void slabinfo_show_stats(struct seq_file *m, struct kmem_cache *cachep)
}
/* cpu stats */
{
#endif
}
-@@ -4281,13 +4309,69 @@ static const struct file_operations proc_slabstats_operations = {
+@@ -4281,13 +4308,69 @@ static const struct file_operations proc_slabstats_operations = {
static int __init slab_proc_init(void)
{
#ifdef CONFIG_DEBUG_SLAB_LEAK
* ksize - get the actual amount of memory allocated for a given object
* @objp: Pointer to the object
diff --git a/mm/slab.h b/mm/slab.h
-index 0e0fdd3..c61c735 100644
+index 0e0fdd3..d0fd761 100644
--- a/mm/slab.h
+++ b/mm/slab.h
-@@ -32,6 +32,15 @@ extern struct list_head slab_caches;
+@@ -32,6 +32,20 @@ extern struct list_head slab_caches;
/* The slab cache that manages slab cache information */
extern struct kmem_cache *kmem_cache;
+#else
+#define PAX_MEMORY_SANITIZE_VALUE '\xff'
+#endif
-+extern bool pax_sanitize_slab;
++enum pax_sanitize_mode {
++ PAX_SANITIZE_SLAB_OFF = 0,
++ PAX_SANITIZE_SLAB_FAST,
++ PAX_SANITIZE_SLAB_FULL,
++};
++extern enum pax_sanitize_mode pax_sanitize_slab;
+#endif
+
unsigned long calculate_alignment(unsigned long flags,
unsigned long align, unsigned long size);
-@@ -67,7 +76,8 @@ __kmem_cache_alias(const char *name, size_t size, size_t align,
+@@ -67,7 +81,8 @@ __kmem_cache_alias(const char *name, size_t size, size_t align,
/* Legal flag mask for kmem_cache_create(), for various configurations */
#define SLAB_CORE_FLAGS (SLAB_HWCACHE_ALIGN | SLAB_CACHE_DMA | SLAB_PANIC | \
#if defined(CONFIG_DEBUG_SLAB)
#define SLAB_DEBUG_FLAGS (SLAB_RED_ZONE | SLAB_POISON | SLAB_STORE_USER)
-@@ -251,6 +261,9 @@ static inline struct kmem_cache *cache_from_obj(struct kmem_cache *s, void *x)
+@@ -251,6 +266,9 @@ static inline struct kmem_cache *cache_from_obj(struct kmem_cache *s, void *x)
return s;
page = virt_to_head_page(x);
if (slab_equal_or_root(cachep, s))
return cachep;
diff --git a/mm/slab_common.c b/mm/slab_common.c
-index d319502..9eb3eb5 100644
+index d319502..da7714e 100644
--- a/mm/slab_common.c
+++ b/mm/slab_common.c
-@@ -25,11 +25,22 @@
+@@ -25,11 +25,35 @@
#include "slab.h"
struct kmem_cache *kmem_cache;
+#ifdef CONFIG_PAX_MEMORY_SANITIZE
-+bool pax_sanitize_slab __read_only = true;
++enum pax_sanitize_mode pax_sanitize_slab __read_only = PAX_SANITIZE_SLAB_FAST;
+static int __init pax_sanitize_slab_setup(char *str)
+{
-+ pax_sanitize_slab = !!simple_strtol(str, NULL, 0);
-+ printk("%sabled PaX slab sanitization\n", pax_sanitize_slab ? "En" : "Dis");
-+ return 1;
++ if (!str)
++ return 0;
++
++ if (!strcmp(str, "0") || !strcmp(str, "off")) {
++ pr_info("PaX slab sanitization: %s\n", "disabled");
++ pax_sanitize_slab = PAX_SANITIZE_SLAB_OFF;
++ } else if (!strcmp(str, "1") || !strcmp(str, "fast")) {
++ pr_info("PaX slab sanitization: %s\n", "fast");
++ pax_sanitize_slab = PAX_SANITIZE_SLAB_FAST;
++ } else if (!strcmp(str, "full")) {
++ pr_info("PaX slab sanitization: %s\n", "full");
++ pax_sanitize_slab = PAX_SANITIZE_SLAB_FULL;
++ } else
++ pr_err("PaX slab sanitization: unsupported option '%s'\n", str);
++
++ return 0;
+}
-+__setup("pax_sanitize_slab=", pax_sanitize_slab_setup);
++early_param("pax_sanitize_slab", pax_sanitize_slab_setup);
+#endif
+
#ifdef CONFIG_DEBUG_VM
static int kmem_cache_sanity_check(const char *name, size_t size)
{
-@@ -160,7 +171,7 @@ do_kmem_cache_create(char *name, size_t object_size, size_t size, size_t align,
+@@ -160,7 +184,7 @@ do_kmem_cache_create(char *name, size_t object_size, size_t size, size_t align,
if (err)
goto out_free_cache;
list_add(&s->list, &slab_caches);
out:
if (err)
-@@ -341,8 +352,7 @@ void kmem_cache_destroy(struct kmem_cache *s)
+@@ -222,6 +246,13 @@ kmem_cache_create(const char *name, size_t size, size_t align,
+ */
+ flags &= CACHE_CREATE_MASK;
+
++#ifdef CONFIG_PAX_MEMORY_SANITIZE
++ if (pax_sanitize_slab == PAX_SANITIZE_SLAB_OFF || (flags & SLAB_DESTROY_BY_RCU))
++ flags |= SLAB_NO_SANITIZE;
++ else if (pax_sanitize_slab == PAX_SANITIZE_SLAB_FULL)
++ flags &= ~SLAB_NO_SANITIZE;
++#endif
++
+ s = __kmem_cache_alias(name, size, align, flags, ctor);
+ if (s)
+ goto out_unlock;
+@@ -341,8 +372,7 @@ void kmem_cache_destroy(struct kmem_cache *s)
mutex_lock(&slab_mutex);
goto out_unlock;
if (memcg_cleanup_cache_params(s) != 0)
-@@ -362,7 +372,7 @@ void kmem_cache_destroy(struct kmem_cache *s)
+@@ -362,7 +392,7 @@ void kmem_cache_destroy(struct kmem_cache *s)
rcu_barrier();
memcg_free_cache_params(s);
sysfs_slab_remove(s);
#else
slab_kmem_cache_release(s);
-@@ -418,7 +428,7 @@ void __init create_boot_cache(struct kmem_cache *s, const char *name, size_t siz
+@@ -418,7 +448,7 @@ void __init create_boot_cache(struct kmem_cache *s, const char *name, size_t siz
panic("Creation of kmalloc slab %s size=%zu failed. Reason %d\n",
name, size, err);
}
struct kmem_cache *__init create_kmalloc_cache(const char *name, size_t size,
-@@ -431,7 +441,7 @@ struct kmem_cache *__init create_kmalloc_cache(const char *name, size_t size,
+@@ -431,7 +461,7 @@ struct kmem_cache *__init create_kmalloc_cache(const char *name, size_t size,
create_boot_cache(s, name, size, flags);
list_add(&s->list, &slab_caches);
return s;
}
-@@ -443,6 +453,11 @@ struct kmem_cache *kmalloc_dma_caches[KMALLOC_SHIFT_HIGH + 1];
+@@ -443,6 +473,11 @@ struct kmem_cache *kmalloc_dma_caches[KMALLOC_SHIFT_HIGH + 1];
EXPORT_SYMBOL(kmalloc_dma_caches);
#endif
/*
* Conversion table for small slabs sizes / 8 to the index in the
* kmalloc array. This is necessary for slabs < 192 since we have non power
-@@ -507,6 +522,13 @@ struct kmem_cache *kmalloc_slab(size_t size, gfp_t flags)
+@@ -507,6 +542,13 @@ struct kmem_cache *kmalloc_slab(size_t size, gfp_t flags)
return kmalloc_dma_caches[index];
#endif
return kmalloc_caches[index];
}
-@@ -563,7 +585,7 @@ void __init create_kmalloc_caches(unsigned long flags)
+@@ -563,7 +605,7 @@ void __init create_kmalloc_caches(unsigned long flags)
for (i = KMALLOC_SHIFT_LOW; i <= KMALLOC_SHIFT_HIGH; i++) {
if (!kmalloc_caches[i]) {
kmalloc_caches[i] = create_kmalloc_cache(NULL,
}
/*
-@@ -572,10 +594,10 @@ void __init create_kmalloc_caches(unsigned long flags)
+@@ -572,10 +614,10 @@ void __init create_kmalloc_caches(unsigned long flags)
* earlier power of two caches
*/
if (KMALLOC_MIN_SIZE <= 32 && !kmalloc_caches[1] && i == 6)
}
/* Kmalloc array is now usable */
-@@ -608,6 +630,23 @@ void __init create_kmalloc_caches(unsigned long flags)
+@@ -608,6 +650,23 @@ void __init create_kmalloc_caches(unsigned long flags)
}
}
#endif
}
#endif /* !CONFIG_SLOB */
-@@ -666,6 +705,9 @@ void print_slabinfo_header(struct seq_file *m)
+@@ -666,6 +725,9 @@ void print_slabinfo_header(struct seq_file *m)
seq_puts(m, " : globalstat <listallocs> <maxobjs> <grown> <reaped> "
"<error> <maxfreeable> <nodeallocs> <remotefrees> <alienoverflow>");
seq_puts(m, " : cpustat <allochit> <allocmiss> <freehit> <freemiss>");
seq_putc(m, '\n');
}
diff --git a/mm/slob.c b/mm/slob.c
-index 21980e0..ed9a648 100644
+index 21980e0..975f1bf 100644
--- a/mm/slob.c
+++ b/mm/slob.c
@@ -157,7 +157,7 @@ static void set_slob(slob_t *s, slobidx_t size, slob_t *next)
INIT_LIST_HEAD(&sp->lru);
set_slob(b, SLOB_UNITS(PAGE_SIZE), b + SLOB_UNITS(PAGE_SIZE));
set_slob_page_free(sp, slob_list);
+@@ -337,7 +341,7 @@ static void *slob_alloc(size_t size, gfp_t gfp, int align, int node)
+ /*
+ * slob_free: entry point into the slob allocator.
+ */
+-static void slob_free(void *block, int size)
++static void slob_free(struct kmem_cache *c, void *block, int size)
+ {
+ struct page *sp;
+ slob_t *prev, *next, *b = (slob_t *)block;
@@ -359,12 +363,15 @@ static void slob_free(void *block, int size)
if (slob_page_free(sp))
clear_slob_page_free(sp);
}
+#ifdef CONFIG_PAX_MEMORY_SANITIZE
-+ if (pax_sanitize_slab)
++ if (pax_sanitize_slab && !(c && (c->flags & SLAB_NO_SANITIZE)))
+ memset(block, PAX_MEMORY_SANITIZE_VALUE, size);
+#endif
+
- slob_free(m, *m + align);
- } else
+ slob_t *m = (slob_t *)(block - align);
-+ slob_free(m, m[0].units + align);
++ slob_free(NULL, m, m[0].units + align);
+ } else {
+ __ClearPageSlab(sp);
+ page_mapcount_reset(sp);
if (b && c->ctor)
c->ctor(b);
-@@ -584,10 +696,14 @@ EXPORT_SYMBOL(kmem_cache_alloc_node);
+@@ -582,12 +694,16 @@ void *kmem_cache_alloc_node(struct kmem_cache *cachep, gfp_t gfp, int node)
+ EXPORT_SYMBOL(kmem_cache_alloc_node);
+ #endif
- static void __kmem_cache_free(void *b, int size)
+-static void __kmem_cache_free(void *b, int size)
++static void __kmem_cache_free(struct kmem_cache *c, void *b, int size)
{
- if (size < PAGE_SIZE)
+- slob_free(b, size);
+ struct page *sp;
+
+ sp = virt_to_page(b);
+ BUG_ON(!PageSlab(sp));
+ if (!sp->private)
- slob_free(b, size);
++ slob_free(c, b, size);
else
- slob_free_pages(b, get_order(size));
+ slob_free_pages(sp, get_order(size));
}
static void kmem_rcu_free(struct rcu_head *head)
-@@ -600,17 +716,31 @@ static void kmem_rcu_free(struct rcu_head *head)
+@@ -595,22 +711,36 @@ static void kmem_rcu_free(struct rcu_head *head)
+ struct slob_rcu *slob_rcu = (struct slob_rcu *)head;
+ void *b = (void *)slob_rcu - (slob_rcu->size - sizeof(struct slob_rcu));
+
+- __kmem_cache_free(b, slob_rcu->size);
++ __kmem_cache_free(NULL, b, slob_rcu->size);
+ }
void kmem_cache_free(struct kmem_cache *c, void *b)
{
call_rcu(&slob_rcu->head, kmem_rcu_free);
} else {
- __kmem_cache_free(b, c->size);
-+ __kmem_cache_free(b, size);
++ __kmem_cache_free(c, b, size);
}
+#ifdef CONFIG_PAX_USERCOPY_SLABS
EXPORT_SYMBOL(kmem_cache_free);
diff --git a/mm/slub.c b/mm/slub.c
-index 3e8afcc..68c99031 100644
+index 3e8afcc..d6e2c89 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -207,7 +207,7 @@ struct track {
slab_free_hook(s, x);
+#ifdef CONFIG_PAX_MEMORY_SANITIZE
-+ if (pax_sanitize_slab && !(s->flags & SLAB_NO_SANITIZE)) {
++ if (!(s->flags & SLAB_NO_SANITIZE)) {
+ memset(x, PAX_MEMORY_SANITIZE_VALUE, s->object_size);
+ if (s->ctor)
+ s->ctor(x);
if (((flags & (SLAB_DESTROY_BY_RCU | SLAB_POISON)) ||
+#ifdef CONFIG_PAX_MEMORY_SANITIZE
-+ (pax_sanitize_slab && !(flags & SLAB_NO_SANITIZE)) ||
++ (!(flags & SLAB_NO_SANITIZE)) ||
+#endif
s->ctor)) {
/*
}
SLAB_ATTR_RO(aliases);
-@@ -4554,6 +4627,14 @@ static ssize_t cache_dma_show(struct kmem_cache *s, char *buf)
+@@ -4554,6 +4627,22 @@ static ssize_t cache_dma_show(struct kmem_cache *s, char *buf)
SLAB_ATTR_RO(cache_dma);
#endif
+}
+SLAB_ATTR_RO(usercopy);
+#endif
++
++#ifdef CONFIG_PAX_MEMORY_SANITIZE
++static ssize_t sanitize_show(struct kmem_cache *s, char *buf)
++{
++ return sprintf(buf, "%d\n", !(s->flags & SLAB_NO_SANITIZE));
++}
++SLAB_ATTR_RO(sanitize);
++#endif
+
static ssize_t destroy_by_rcu_show(struct kmem_cache *s, char *buf)
{
return sprintf(buf, "%d\n", !!(s->flags & SLAB_DESTROY_BY_RCU));
-@@ -4888,6 +4969,9 @@ static struct attribute *slab_attrs[] = {
+@@ -4888,6 +4977,12 @@ static struct attribute *slab_attrs[] = {
#ifdef CONFIG_ZONE_DMA
&cache_dma_attr.attr,
#endif
+#ifdef CONFIG_PAX_USERCOPY_SLABS
+ &usercopy_attr.attr,
++#endif
++#ifdef CONFIG_PAX_MEMORY_SANITIZE
++ &sanitize_attr.attr,
+#endif
#ifdef CONFIG_NUMA
&remote_node_defrag_ratio_attr.attr,
#endif
-@@ -5132,6 +5216,7 @@ static char *create_unique_id(struct kmem_cache *s)
+@@ -5132,6 +5227,7 @@ static char *create_unique_id(struct kmem_cache *s)
return name;
}
static int sysfs_slab_add(struct kmem_cache *s)
{
int err;
-@@ -5205,6 +5290,7 @@ void sysfs_slab_remove(struct kmem_cache *s)
+@@ -5205,6 +5301,7 @@ void sysfs_slab_remove(struct kmem_cache *s)
kobject_del(&s->kobj);
kobject_put(&s->kobj);
}
/*
* Need to buffer aliases during bootup until sysfs becomes
-@@ -5218,6 +5304,7 @@ struct saved_alias {
+@@ -5218,6 +5315,7 @@ struct saved_alias {
static struct saved_alias *alias_list;
static int sysfs_slab_alias(struct kmem_cache *s, const char *name)
{
struct saved_alias *al;
-@@ -5240,6 +5327,7 @@ static int sysfs_slab_alias(struct kmem_cache *s, const char *name)
+@@ -5240,6 +5338,7 @@ static int sysfs_slab_alias(struct kmem_cache *s, const char *name)
alias_list = al;
return 0;
}
err = -EFAULT;
break;
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
-index 46547b9..f5defc1 100644
+index 14ca8ae..262d49a 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
-@@ -3569,8 +3569,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len,
+@@ -3565,8 +3565,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len,
break;
case L2CAP_CONF_RFC:
if (!can_dir) {
printk(KERN_INFO "can: failed to create /proc/net/can . "
diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c
-index b2f571d..b584643 100644
+index 9f02369..e6160e9 100644
--- a/net/ceph/messenger.c
+++ b/net/ceph/messenger.c
@@ -188,7 +188,7 @@ static void con_fault(struct ceph_connection *con);
}
EXPORT_SYMBOL(dev_get_stats);
diff --git a/net/core/dev_ioctl.c b/net/core/dev_ioctl.c
-index cf999e0..c59a975 100644
+index cf999e0..c59a9754 100644
--- a/net/core/dev_ioctl.c
+++ b/net/core/dev_ioctl.c
@@ -366,9 +366,13 @@ void dev_load(struct net *net, const char *name)
break;
case NETDEV_DOWN:
diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c
-index b10cd43a..22327f9 100644
+index 4a74ea8..32335a7 100644
--- a/net/ipv4/fib_semantics.c
+++ b/net/ipv4/fib_semantics.c
@@ -768,7 +768,7 @@ __be32 fib_info_update_nh_saddr(struct net *net, struct fib_nh *nh)
return nh->nh_saddr;
}
diff --git a/net/ipv4/gre_offload.c b/net/ipv4/gre_offload.c
-index 6556263..db77807 100644
+index dd73bea..a2eec02 100644
--- a/net/ipv4/gre_offload.c
+++ b/net/ipv4/gre_offload.c
@@ -59,13 +59,13 @@ static struct sk_buff *gre_gso_segment(struct sk_buff *skb,
ICMP_PROT_UNREACH, 0);
}
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
-index 215af2b..73cbbe1 100644
+index c43a1e2..73cbbe1 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -231,7 +231,7 @@ static int ip_finish_output_gso(struct sk_buff *skb)
kfree_skb(skb);
return -ENOMEM;
}
-@@ -1533,6 +1533,7 @@ void ip_send_unicast_reply(struct net *net, struct sk_buff *skb, __be32 daddr,
- struct sk_buff *nskb;
- struct sock *sk;
- struct inet_sock *inet;
-+ int err;
-
- if (ip_options_echo(&replyopts.opt.opt, skb))
- return;
-@@ -1572,8 +1573,13 @@ void ip_send_unicast_reply(struct net *net, struct sk_buff *skb, __be32 daddr,
- sock_net_set(sk, net);
- __skb_queue_head_init(&sk->sk_write_queue);
- sk->sk_sndbuf = sysctl_wmem_default;
-- ip_append_data(sk, &fl4, ip_reply_glue_bits, arg->iov->iov_base, len, 0,
-- &ipc, &rt, MSG_DONTWAIT);
-+ err = ip_append_data(sk, &fl4, ip_reply_glue_bits, arg->iov->iov_base,
-+ len, 0, &ipc, &rt, MSG_DONTWAIT);
-+ if (unlikely(err)) {
-+ ip_flush_pending_frames(sk);
-+ goto out;
-+ }
-+
- nskb = skb_peek(&sk->sk_write_queue);
- if (nskb) {
- if (arg->csumoffset >= 0)
-@@ -1585,7 +1591,7 @@ void ip_send_unicast_reply(struct net *net, struct sk_buff *skb, __be32 daddr,
- skb_set_queue_mapping(nskb, skb_get_queue_mapping(skb));
- ip_push_pending_frames(sk, &fl4);
- }
--
-+out:
- put_cpu_var(unicast_sock);
-
- ip_rt_put(rt);
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
-index 5cb830c..81a7a56 100644
+index 2407e5d..edc2f1a 100644
--- a/net/ipv4/ip_sockglue.c
+++ b/net/ipv4/ip_sockglue.c
@@ -1188,7 +1188,8 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname,
msg.msg_controllen = len;
msg.msg_flags = flags;
-diff --git a/net/ipv4/ip_tunnel_core.c b/net/ipv4/ip_tunnel_core.c
-index f4c987b..88c386c 100644
---- a/net/ipv4/ip_tunnel_core.c
-+++ b/net/ipv4/ip_tunnel_core.c
-@@ -91,11 +91,12 @@ int iptunnel_pull_header(struct sk_buff *skb, int hdr_len, __be16 inner_proto)
- skb_pull_rcsum(skb, hdr_len);
-
- if (inner_proto == htons(ETH_P_TEB)) {
-- struct ethhdr *eh = (struct ethhdr *)skb->data;
-+ struct ethhdr *eh;
-
- if (unlikely(!pskb_may_pull(skb, ETH_HLEN)))
- return -ENOMEM;
-
-+ eh = (struct ethhdr *)skb->data;
- if (likely(ntohs(eh->h_proto) >= ETH_P_802_3_MIN))
- skb->protocol = eh->h_proto;
- else
diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c
index e453cb7..3c8d952 100644
--- a/net/ipv4/ip_vti.c
static int raw_seq_show(struct seq_file *seq, void *v)
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
-index cbadb94..691f99e 100644
+index 29836f8..bd1e2ba 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -228,7 +228,7 @@ static const struct seq_operations rt_cache_seq_ops = {
}
EXPORT_SYMBOL(ip_idents_reserve);
-@@ -2623,34 +2623,34 @@ static struct ctl_table ipv4_route_flush_table[] = {
+@@ -2624,34 +2624,34 @@ static struct ctl_table ipv4_route_flush_table[] = {
.maxlen = sizeof(int),
.mode = 0200,
.proc_handler = ipv4_sysctl_rtcache_flush,
err_dup:
return -ENOMEM;
}
-@@ -2673,8 +2673,8 @@ static __net_initdata struct pernet_operations sysctl_route_ops = {
+@@ -2674,8 +2674,8 @@ static __net_initdata struct pernet_operations sysctl_route_ops = {
static __net_init int rt_genid_init(struct net *net)
{
get_random_bytes(&net->ipv4.dev_addr_genid,
sizeof(net->ipv4.dev_addr_genid));
return 0;
-@@ -2717,11 +2717,7 @@ int __init ip_rt_init(void)
+@@ -2718,11 +2718,7 @@ int __init ip_rt_init(void)
{
int rc = 0;
if (icsk->icsk_af_ops->conn_request(sk, skb) < 0)
return 1;
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
-index cd17f00..1e1f252 100644
+index 3f49eae..bde687a 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -91,6 +91,10 @@ int sysctl_tcp_low_latency __read_mostly;
table = kmemdup(ipv6_icmp_table_template,
sizeof(ipv6_icmp_table_template),
diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c
-index 97299d7..c8e6894 100644
+index cacb493..3cae894 100644
--- a/net/ipv6/ip6_gre.c
+++ b/net/ipv6/ip6_gre.c
@@ -71,8 +71,8 @@ struct ip6gre_net {
static int ip6gre_tunnel_init(struct net_device *dev);
static void ip6gre_tunnel_setup(struct net_device *dev);
static void ip6gre_tunnel_link(struct ip6gre_net *ign, struct ip6_tnl *t);
-@@ -1286,7 +1286,7 @@ static void ip6gre_fb_tunnel_init(struct net_device *dev)
+@@ -1285,7 +1285,7 @@ static void ip6gre_fb_tunnel_init(struct net_device *dev)
}
.handler = ip6gre_rcv,
.err_handler = ip6gre_err,
.flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
-@@ -1645,7 +1645,7 @@ static const struct nla_policy ip6gre_policy[IFLA_GRE_MAX + 1] = {
+@@ -1646,7 +1646,7 @@ static const struct nla_policy ip6gre_policy[IFLA_GRE_MAX + 1] = {
[IFLA_GRE_FLAGS] = { .type = NLA_U32 },
};
.kind = "ip6gre",
.maxtype = IFLA_GRE_MAX,
.policy = ip6gre_policy,
-@@ -1659,7 +1659,7 @@ static struct rtnl_link_ops ip6gre_link_ops __read_mostly = {
+@@ -1660,7 +1660,7 @@ static struct rtnl_link_ops ip6gre_link_ops __read_mostly = {
.fill_info = ip6gre_fill_info,
};
__skb_pull(skb, len);
}
diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
-index 69a84b4..881c319 100644
+index d2eeb3b..c186e9a 100644
--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
@@ -86,7 +86,7 @@ static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2)
static int ip6_tnl_net_id __read_mostly;
struct ip6_tnl_net {
-@@ -1714,7 +1714,7 @@ static const struct nla_policy ip6_tnl_policy[IFLA_IPTUN_MAX + 1] = {
+@@ -1706,7 +1706,7 @@ static const struct nla_policy ip6_tnl_policy[IFLA_IPTUN_MAX + 1] = {
[IFLA_IPTUN_PROTO] = { .type = NLA_U8 },
};
.maxtype = IFLA_IPTUN_MAX,
.policy = ip6_tnl_policy,
diff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c
-index 5833a22..6631377 100644
+index 99c9487..63f4d92 100644
--- a/net/ipv6/ip6_vti.c
+++ b/net/ipv6/ip6_vti.c
@@ -62,7 +62,7 @@ static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2)
static int vti6_net_id __read_mostly;
struct vti6_net {
-@@ -981,7 +981,7 @@ static const struct nla_policy vti6_policy[IFLA_VTI_MAX + 1] = {
+@@ -972,7 +972,7 @@ static const struct nla_policy vti6_policy[IFLA_VTI_MAX + 1] = {
[IFLA_VTI_OKEY] = { .type = NLA_U32 },
};
table = kmemdup(ipv6_route_table_template,
sizeof(ipv6_route_table_template),
diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
-index 6163f85..0070823 100644
+index ca1c7c4..37fba59 100644
--- a/net/ipv6/sit.c
+++ b/net/ipv6/sit.c
@@ -74,7 +74,7 @@ static void ipip6_tunnel_setup(struct net_device *dev);
static int sit_net_id __read_mostly;
struct sit_net {
-@@ -485,11 +485,11 @@ static void ipip6_tunnel_uninit(struct net_device *dev)
+@@ -484,11 +484,11 @@ static void ipip6_tunnel_uninit(struct net_device *dev)
*/
static int ipip6_err_gen_icmpv6_unreach(struct sk_buff *skb)
{
return 1;
skb2 = skb_clone(skb, GFP_ATOMIC);
-@@ -498,7 +498,7 @@ static int ipip6_err_gen_icmpv6_unreach(struct sk_buff *skb)
+@@ -497,7 +497,7 @@ static int ipip6_err_gen_icmpv6_unreach(struct sk_buff *skb)
return 1;
skb_dst_drop(skb2);
skb_reset_network_header(skb2);
rt = rt6_lookup(dev_net(skb->dev), &ipv6_hdr(skb2)->saddr, NULL, 0, 0);
-@@ -1662,7 +1662,7 @@ static void ipip6_dellink(struct net_device *dev, struct list_head *head)
+@@ -1659,7 +1659,7 @@ static void ipip6_dellink(struct net_device *dev, struct list_head *head)
unregister_netdevice_queue(dev, head);
}
struct ctl_table *ipv6_icmp_table;
int err;
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
-index 29964c3..b8caecf 100644
+index 264c0f2..b6512c6 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -102,6 +102,10 @@ static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
if (local->use_chanctx)
*chandef = local->monitor_chandef;
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
-index ef7a089..fe1caf7 100644
+index 5d102b5..6199fca 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -28,6 +28,7 @@
/* number of interfaces with corresponding FIF_ flags */
int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll,
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
-index f75e5f1..3d9ad4f 100644
+index 3538e5e..0aa7879 100644
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
@@ -531,7 +531,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up)
drv_stop(local);
err_del_bss:
sdata->bss = NULL;
-@@ -889,7 +889,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
+@@ -891,7 +891,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
}
if (going_down)
switch (sdata->vif.type) {
case NL80211_IFTYPE_AP_VLAN:
-@@ -950,7 +950,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
+@@ -952,7 +952,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
}
spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
ieee80211_clear_tx_pending(local);
/*
-@@ -990,7 +990,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
-
- ieee80211_recalc_ps(local, -1);
+@@ -995,7 +995,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
+ if (cancel_scan)
+ flush_delayed_work(&local->scan_work);
- if (local->open_count == 0) {
+ if (local_read(&local->open_count) == 0) {
ieee80211_stop_device(local);
/* no reconfiguring after stop! */
-@@ -1001,7 +1001,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
+@@ -1006,7 +1006,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
ieee80211_configure_filter(local);
ieee80211_hw_config(local, hw_reconf_flags);
suspend:
diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c
-index 8fdadfd..a4f72b8 100644
+index 6081329..ab23834 100644
--- a/net/mac80211/rate.c
+++ b/net/mac80211/rate.c
@@ -720,7 +720,7 @@ int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local,
obj-$(CONFIG_NETFILTER_XT_MATCH_HELPER) += xt_helper.o
obj-$(CONFIG_NETFILTER_XT_MATCH_HL) += xt_hl.o
diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c
-index ec8114f..6b2bfba 100644
+index 6582dce..a911da7 100644
--- a/net/netfilter/ipset/ip_set_core.c
+++ b/net/netfilter/ipset/ip_set_core.c
@@ -1921,7 +1921,7 @@ done:
}
EXPORT_SYMBOL(nf_unregister_sockopt);
diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
-index a11c5ff..aa413a7 100644
+index 3250735..1fac969 100644
--- a/net/netfilter/nfnetlink_log.c
+++ b/net/netfilter/nfnetlink_log.c
-@@ -79,7 +79,7 @@ static int nfnl_log_net_id __read_mostly;
+@@ -80,7 +80,7 @@ static int nfnl_log_net_id __read_mostly;
struct nfnl_log_net {
spinlock_t instances_lock;
struct hlist_head instance_table[INSTANCE_BUCKETS];
};
static struct nfnl_log_net *nfnl_log_pernet(struct net *net)
-@@ -561,7 +561,7 @@ __build_packet_message(struct nfnl_log_net *log,
+@@ -563,7 +563,7 @@ __build_packet_message(struct nfnl_log_net *log,
/* global sequence number */
if ((inst->flags & NFULNL_CFG_F_SEQ_GLOBAL) &&
nla_put_be32(inst->skb, NFULA_SEQ_GLOBAL,
queued = 0;
err = 0;
diff --git a/net/netfilter/nft_compat.c b/net/netfilter/nft_compat.c
-index 1840989..6895744 100644
+index 5b5ab9e..fc1015c 100644
--- a/net/netfilter/nft_compat.c
+++ b/net/netfilter/nft_compat.c
@@ -225,7 +225,7 @@ target_dump_info(struct sk_buff *skb, const struct xt_target *t, const void *in)
return 0;
}
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
-index c416725..bd22eea 100644
+index 0007b81..cb08369 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
-@@ -265,7 +265,7 @@ static void netlink_overrun(struct sock *sk)
+@@ -273,7 +273,7 @@ static void netlink_overrun(struct sock *sk)
sk->sk_error_report(sk);
}
}
}
static void netlink_rcv_wake(struct sock *sk)
-@@ -715,7 +715,7 @@ static int netlink_mmap_sendmsg(struct sock *sk, struct msghdr *msg,
- * after validation, the socket and the ring may only be used by a
- * single process, otherwise we fall back to copying.
- */
-- if (atomic_long_read(&sk->sk_socket->file->f_count) > 2 ||
-+ if (atomic_long_read(&sk->sk_socket->file->f_count) > 1 ||
- atomic_read(&nlk->mapped) > 1)
- excl = false;
-
-@@ -2996,7 +2996,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v)
+@@ -3010,7 +3010,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v)
sk_wmem_alloc_get(s),
nlk->cb_running,
atomic_read(&s->sk_refcnt),
goto out_nomem;
cd->u.procfs.channel_ent = NULL;
diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c
-index 488ddee..1b31487 100644
+index e0b94ce..6135813 100644
--- a/net/sunrpc/clnt.c
+++ b/net/sunrpc/clnt.c
-@@ -1425,7 +1425,9 @@ call_start(struct rpc_task *task)
+@@ -1428,7 +1428,9 @@ call_start(struct rpc_task *task)
(RPC_IS_ASYNC(task) ? "async" : "sync"));
/* Increment call count */
__ksymtab_gpl : { *(SORT(___ksymtab_gpl+*)) }
__ksymtab_unused : { *(SORT(___ksymtab_unused+*)) }
diff --git a/scripts/package/builddeb b/scripts/package/builddeb
-index 35d5a58..9e04789 100644
+index 7c0e6e4..bf2c90e 100644
--- a/scripts/package/builddeb
+++ b/scripts/package/builddeb
-@@ -295,6 +295,7 @@ fi
+@@ -293,6 +293,7 @@ fi
(cd $srctree; find arch/$SRCARCH -name module.lds -o -name Kbuild.platforms -o -name Platform) >> "$objtree/debian/hdrsrcfiles"
(cd $srctree; find $(find arch/$SRCARCH -name include -o -name scripts -type d) -type f) >> "$objtree/debian/hdrsrcfiles"
(cd $objtree; find arch/$SRCARCH/include Module.symvers include scripts -type f) >> "$objtree/debian/hdrobjfiles"
destdir=$kernel_headers_dir/usr/src/linux-headers-$version
mkdir -p "$destdir"
(cd $srctree; tar -c -f - -T -) < "$objtree/debian/hdrsrcfiles" | (cd $destdir; tar -xf -)
+diff --git a/scripts/package/mkspec b/scripts/package/mkspec
+index 1395760..e4f4ac4 100755
+--- a/scripts/package/mkspec
++++ b/scripts/package/mkspec
+@@ -82,6 +82,16 @@ echo ""
+ fi
+
+ echo "%install"
++echo 'chmod -f 0500 /boot'
++echo 'if [ -d /lib/modules ]; then'
++echo 'chmod -f 0500 /lib/modules'
++echo 'fi'
++echo 'if [ -d /lib32/modules ]; then'
++echo 'chmod -f 0500 /lib32/modules'
++echo 'fi'
++echo 'if [ -d /lib64/modules ]; then'
++echo 'chmod -f 0500 /lib64/modules'
++echo 'fi'
+ echo 'KBUILD_IMAGE=$(make image_name)'
+ echo "%ifarch ia64"
+ echo 'mkdir -p $RPM_BUILD_ROOT/boot/efi $RPM_BUILD_ROOT/lib/modules'
+@@ -139,7 +149,7 @@ echo "rm -f /boot/vmlinuz-$KERNELRELEASE-rpm /boot/System.map-$KERNELRELEASE-rpm
+ echo "fi"
+ echo ""
+ echo "%files"
+-echo '%defattr (-, root, root)'
++echo '%defattr (400, root, root, 500)'
+ echo "%dir /lib/modules"
+ echo "/lib/modules/$KERNELRELEASE"
+ echo "%exclude /lib/modules/$KERNELRELEASE/build"
+@@ -152,7 +162,7 @@ echo '%defattr (-, root, root)'
+ echo "/usr/include"
+ echo ""
+ echo "%files devel"
+-echo '%defattr (-, root, root)'
++echo '%defattr (400, root, root, 500)'
+ echo "/usr/src/kernels/$KERNELRELEASE"
+ echo "/lib/modules/$KERNELRELEASE/build"
+ echo "/lib/modules/$KERNELRELEASE/source"
diff --git a/scripts/pnmtologo.c b/scripts/pnmtologo.c
index 4718d78..9220d58 100644
--- a/scripts/pnmtologo.c
# Find all available archs
find_all_archs()
diff --git a/security/Kconfig b/security/Kconfig
-index beb86b5..9becb4a 100644
+index beb86b5..00daaca 100644
--- a/security/Kconfig
+++ b/security/Kconfig
-@@ -4,6 +4,965 @@
+@@ -4,6 +4,969 @@
menu "Security options"
+
+config PAX_KERNEXEC_MODULE_TEXT
+ int "Minimum amount of memory reserved for module code"
-+ default "4" if (!GRKERNSEC_CONFIG_AUTO || GRKERNSEC_CONFIG_SERVER)
++ default "8" if (!GRKERNSEC_CONFIG_AUTO || GRKERNSEC_CONFIG_SERVER)
+ default "12" if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_DESKTOP)
+ depends on PAX_KERNEXEC && X86_32
+ help
+ and you are advised to test this feature on your expected workload
+ before deploying it.
+
++ The slab sanitization feature excludes a few slab caches per default
++ for performance reasons. To extend the feature to cover those as
++ well, pass "pax_sanitize_slab=full" as kernel command line parameter.
++
+ To reduce the performance penalty by sanitizing pages only, albeit
+ limiting the effectiveness of this feature at the same time, slab
-+ sanitization can be disabled with the kernel commandline parameter
-+ "pax_sanitize_slab=0".
++ sanitization can be disabled with the kernel command line parameter
++ "pax_sanitize_slab=off".
+
+ Note that this feature does not protect data stored in live pages,
+ e.g., process memory swapped to disk may stay there for a long time.
+config PAX_REFCOUNT
+ bool "Prevent various kernel object reference counter overflows"
+ default y if GRKERNSEC_CONFIG_AUTO
-+ depends on GRKERNSEC && ((ARM && (CPU_V6 || CPU_V6K || CPU_V7)) || MIPS || SPARC64 || X86)
++ depends on GRKERNSEC && ((ARM && (CPU_V6 || CPU_V6K || CPU_V7)) || MIPS || PPC || SPARC64 || X86)
+ help
+ By saying Y here the kernel will detect and prevent overflowing
+ various (but not all) kinds of object reference counters. Such
source security/keys/Kconfig
config SECURITY_DMESG_RESTRICT
-@@ -103,7 +1062,7 @@ config INTEL_TXT
+@@ -103,7 +1066,7 @@ config INTEL_TXT
config LSM_MMAP_MIN_ADDR
int "Low address space for LSM to protect from user allocation"
depends on SECURITY && SECURITY_SELINUX
if (bprm->cap_effective)
return 1;
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
-index 57da4bd..db453a2 100644
+index 0fb456c..83711f9 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -118,8 +118,8 @@ int ima_init_template(void);
/* record the root user tracking */
rb_link_node(&root_key_user.node,
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
-index e26f860..dcbe7ea 100644
+index eff88a5..51d35ef 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
-@@ -1002,7 +1002,7 @@ static int keyctl_change_reqkey_auth(struct key *key)
+@@ -1004,7 +1004,7 @@ static int keyctl_change_reqkey_auth(struct key *key)
/*
* Copy the iovec data from userspace
*/
unsigned ioc)
{
for (; ioc > 0; ioc--) {
-@@ -1024,7 +1024,7 @@ static long copy_from_user_iovec(void *buffer, const struct iovec *iov,
+@@ -1026,7 +1026,7 @@ static long copy_from_user_iovec(void *buffer, const struct iovec *iov,
* If successful, 0 will be returned.
*/
long keyctl_instantiate_key_common(key_serial_t id,
unsigned ioc,
size_t plen,
key_serial_t ringid)
-@@ -1119,7 +1119,7 @@ long keyctl_instantiate_key(key_serial_t id,
+@@ -1121,7 +1121,7 @@ long keyctl_instantiate_key(key_serial_t id,
[0].iov_len = plen
};
}
return keyctl_instantiate_key_common(id, NULL, 0, 0, ringid);
-@@ -1152,7 +1152,7 @@ long keyctl_instantiate_key_iov(key_serial_t id,
+@@ -1154,7 +1154,7 @@ long keyctl_instantiate_key_iov(key_serial_t id,
if (ret == 0)
goto no_payload_free;
lock = &avc_cache.slots_lock[hvalue];
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
-index b0e9404..b15da09 100644
+index e03bad5..b15da09 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -95,8 +95,6 @@
/* SECMARK reference count */
static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
-@@ -481,6 +479,7 @@ next_inode:
- list_entry(sbsec->isec_head.next,
- struct inode_security_struct, list);
- struct inode *inode = isec->inode;
-+ list_del_init(&isec->list);
- spin_unlock(&sbsec->isec_lock);
- inode = igrab(inode);
- if (inode) {
-@@ -489,7 +488,6 @@ next_inode:
- iput(inode);
- }
- spin_lock(&sbsec->isec_lock);
-- list_del_init(&isec->list);
- goto next_inode;
- }
- spin_unlock(&sbsec->isec_lock);
@@ -5772,7 +5770,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer)
#endif
}
} else if (runtime->access == SNDRV_PCM_ACCESS_RW_NONINTERLEAVED) {
diff --git a/sound/core/pcm_compat.c b/sound/core/pcm_compat.c
-index 102e8fd..7263bb8 100644
+index 2d957ba..fda022c 100644
--- a/sound/core/pcm_compat.c
+++ b/sound/core/pcm_compat.c
@@ -31,7 +31,7 @@ static int snd_pcm_ioctl_delay_compat(struct snd_pcm_substream *substream,
if (err < 0)
return err;
diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c
-index 8cd2f93..8412c57 100644
+index a95356f..0f5eabf 100644
--- a/sound/core/pcm_native.c
+++ b/sound/core/pcm_native.c
@@ -2815,11 +2815,11 @@ int snd_pcm_kernel_ioctl(struct snd_pcm_substream *substream,
chip->pci = pci;
chip->irq = -1;
diff --git a/sound/soc/soc-core.c b/sound/soc/soc-core.c
-index d074aa9..ce3cc44 100644
+index a3e0a0d..ab98399 100644
--- a/sound/soc/soc-core.c
+++ b/sound/soc/soc-core.c
@@ -2286,8 +2286,10 @@ int snd_soc_set_ac97_ops_of_reset(struct snd_ac97_bus_ops *ops,
+}
diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
new file mode 100644
-index 0000000..4dc6368
+index 0000000..f527934
--- /dev/null
+++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
-@@ -0,0 +1,5850 @@
+@@ -0,0 +1,5911 @@
+intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL
+storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL
+compat_sock_setsockopt_23 compat_sock_setsockopt 5 23 NULL
+SyS_move_pages_3920 SyS_move_pages 2 3920 NULL
+hdlc_irq_one_3944 hdlc_irq_one 2 3944 NULL
+brcmf_debugfs_fws_stats_read_3947 brcmf_debugfs_fws_stats_read 3 3947 NULL
++mite_bytes_written_to_memory_lb_3987 mite_bytes_written_to_memory_lb 0 3987 NULL
+copy_from_user_atomic_iovec_3990 copy_from_user_atomic_iovec 0-4 3990 NULL
+do_add_counters_3992 do_add_counters 3 3992 NULL
+userspace_status_4004 userspace_status 4 4004 NULL
+C_SYSC_setsockopt_4806 C_SYSC_setsockopt 5 4806 NULL
+repair_io_failure_4815 repair_io_failure 4-3 4815 NULL
+scsi_end_request_4839 scsi_end_request 3-4 4839 NULL
++comedi_buf_write_free_4847 comedi_buf_write_free 2 4847 NULL
+gigaset_if_receive_4861 gigaset_if_receive 3 4861 NULL
+key_tx_spec_read_4862 key_tx_spec_read 3 4862 NULL
+ocfs2_defrag_extent_4873 ocfs2_defrag_extent 2 4873 NULL
+fb_alloc_cmap_6554 fb_alloc_cmap 2 6554 NULL
+SyS_semtimedop_6563 SyS_semtimedop 3 6563 NULL
+ecryptfs_filldir_6622 ecryptfs_filldir 3 6622 NULL
++xfs_do_div_6649 xfs_do_div 0-2 6649 NULL
+process_rcvd_data_6679 process_rcvd_data 3 6679 NULL
+btrfs_lookup_csums_range_6696 btrfs_lookup_csums_range 2-3 6696 NULL
+ps_pspoll_max_apturn_read_6699 ps_pspoll_max_apturn_read 3 6699 NULL
+spi_show_regs_6911 spi_show_regs 3 6911 &proc_sessionid_read_6911 nohasharray
+acm_alloc_minor_6911 acm_alloc_minor 0 6911 &spi_show_regs_6911
+__kfifo_dma_in_finish_r_6913 __kfifo_dma_in_finish_r 2-3 6913 NULL
++do_msgrcv_6921 do_msgrcv 3 6921 NULL
+cache_do_downcall_6926 cache_do_downcall 3 6926 NULL
+ipath_verbs_send_dma_6929 ipath_verbs_send_dma 6 6929 NULL
+qsfp_cks_6945 qsfp_cks 2-0 6945 NULL
+kvm_mmu_notifier_test_young_7139 kvm_mmu_notifier_test_young 3 7139 NULL
+__alloc_objio_seg_7203 __alloc_objio_seg 1 7203 NULL
+hdlc_loop_7255 hdlc_loop 0 7255 NULL
-+rx_rate_rx_frames_per_rates_read_7282 rx_rate_rx_frames_per_rates_read 3 7282 NULL
++rx_rate_rx_frames_per_rates_read_7282 rx_rate_rx_frames_per_rates_read 3 7282 NULL nohasharray
++kimage_alloc_init_7282 kimage_alloc_init 3 7282 &rx_rate_rx_frames_per_rates_read_7282
+get_string_7302 get_string 0 7302 NULL
+pci_vpd_info_field_size_7324 pci_vpd_info_field_size 0 7324 NULL
+mgmt_control_7349 mgmt_control 3 7349 NULL
+qla4xxx_post_ping_evt_work_8074 qla4xxx_post_ping_evt_work 4 8074 NULL
+venus_lookup_8121 venus_lookup 4 8121 NULL
+ieee80211_if_fmt_num_buffered_multicast_8127 ieee80211_if_fmt_num_buffered_multicast 3 8127 NULL
++xfs_file_fallocate_8150 xfs_file_fallocate 3-4 8150 NULL
+ufshcd_wait_for_dev_cmd_8168 ufshcd_wait_for_dev_cmd 0 8168 NULL
+__sk_mem_schedule_8185 __sk_mem_schedule 2 8185 NULL
+ieee80211_if_fmt_dot11MeshHoldingTimeout_8187 ieee80211_if_fmt_dot11MeshHoldingTimeout 3 8187 NULL
+mlx5_vzalloc_8663 mlx5_vzalloc 1 8663 NULL
+dio_bio_alloc_8677 dio_bio_alloc 5 8677 NULL
+lbs_bcnmiss_read_8678 lbs_bcnmiss_read 3 8678 NULL
++bpf_prog_size_8685 bpf_prog_size 0 8685 NULL
+rproc_trace_read_8686 rproc_trace_read 3 8686 NULL
+skb_frag_size_8695 skb_frag_size 0 8695 NULL
+arcfb_write_8702 arcfb_write 3 8702 NULL
+nouveau_gpio_create__11048 nouveau_gpio_create_ 4 11048 NULL
+tda10048_writeregbulk_11050 tda10048_writeregbulk 4 11050 NULL
+insert_inline_extent_backref_11063 insert_inline_extent_backref 8 11063 NULL
++xfs_collapse_file_space_11075 xfs_collapse_file_space 2-3 11075 NULL
+tcp_send_mss_11079 tcp_send_mss 0 11079 NULL
+count_argc_11083 count_argc 0 11083 NULL
+kvm_write_guest_cached_11106 kvm_write_guest_cached 4 11106 NULL
+tw_change_queue_depth_11116 tw_change_queue_depth 2 11116 NULL
+page_offset_11120 page_offset 0 11120 NULL
+tracing_buffers_read_11124 tracing_buffers_read 3 11124 NULL
++alloc_alien_cache_11127 alloc_alien_cache 2 11127 NULL
+snd_gf1_pcm_playback_silence_11172 snd_gf1_pcm_playback_silence 3-4 11172 NULL
+il_dbgfs_rx_queue_read_11221 il_dbgfs_rx_queue_read 3 11221 NULL
+comedi_alloc_spriv_11234 comedi_alloc_spriv 2 11234 NULL
+ufshcd_compose_upiu_13076 ufshcd_compose_upiu 0 13076 NULL
+xattr_getsecurity_13090 xattr_getsecurity 0 13090 NULL
+ttm_dma_pool_alloc_new_pages_13105 ttm_dma_pool_alloc_new_pages 3 13105 NULL
++SyS_msgrcv_13109 SyS_msgrcv 3 13109 NULL
+snd_rme96_playback_copy_13111 snd_rme96_playback_copy 5 13111 NULL
+bfad_debugfs_read_13119 bfad_debugfs_read 3 13119 NULL
+blk_update_request_13146 blk_update_request 3 13146 NULL
+sb_init_dio_done_wq_13482 sb_init_dio_done_wq 0 13482 NULL
+data_read_13494 data_read 3 13494 NULL nohasharray
+ext_prop_data_store_13494 ext_prop_data_store 3 13494 &data_read_13494
++ocfs2_align_bytes_to_blocks_13512 ocfs2_align_bytes_to_blocks 0-2 13512 NULL
+core_status_13515 core_status 4 13515 NULL
+smk_write_mapped_13519 smk_write_mapped 3 13519 NULL
+bm_init_13529 bm_init 2 13529 NULL
+snd_emu10k1_proc_spdif_status_14457 snd_emu10k1_proc_spdif_status 4-5 14457 NULL
+ath10k_write_htt_stats_mask_14458 ath10k_write_htt_stats_mask 3 14458 NULL
+lustre_msg_size_v2_14470 lustre_msg_size_v2 0-1 14470 NULL
++dma_transfer_size_14473 dma_transfer_size 0 14473 NULL
+udplite_getfrag_14479 udplite_getfrag 3-4 14479 NULL
+ieee80211_if_read_dot11MeshGateAnnouncementProtocol_14486 ieee80211_if_read_dot11MeshGateAnnouncementProtocol 3 14486 NULL
+ocfs2_debug_read_14507 ocfs2_debug_read 3 14507 NULL
+ttm_page_pool_free_14797 ttm_page_pool_free 2-0 14797 &__kfifo_in_14797
+hpet_readl_14801 hpet_readl 0 14801 NULL nohasharray
+snd_als300_gcr_read_14801 snd_als300_gcr_read 0 14801 &hpet_readl_14801
++do_tune_cpucache_14828 do_tune_cpucache 2 14828 NULL
+mrp_attr_create_14853 mrp_attr_create 3 14853 NULL
+lcd_write_14857 lcd_write 3 14857 NULL
+get_user_cpu_mask_14861 get_user_cpu_mask 2 14861 NULL
+viafb_vt1636_proc_write_16018 viafb_vt1636_proc_write 3 16018 NULL
+dccp_recvmsg_16056 dccp_recvmsg 4 16056 NULL
+read_file_spectral_period_16057 read_file_spectral_period 3 16057 NULL
++SYSC_kexec_file_load_16058 SYSC_kexec_file_load 3 16058 NULL
+si5351_msynth_params_address_16062 si5351_msynth_params_address 0-1 16062 NULL
+isr_tx_exch_complete_read_16103 isr_tx_exch_complete_read 3 16103 NULL
+isr_hw_pm_mode_changes_read_16110 isr_hw_pm_mode_changes_read 3 16110 NULL nohasharray
+snd_hda_get_connections_18437 snd_hda_get_connections 0 18437 NULL
+fuse_perform_write_18457 fuse_perform_write 4 18457 NULL
+regset_tls_set_18459 regset_tls_set 4 18459 NULL
-+pci_vpd_lrdt_size_18479 pci_vpd_lrdt_size 0 18479 NULL
++pci_vpd_lrdt_size_18479 pci_vpd_lrdt_size 0 18479 NULL nohasharray
++mite_bytes_in_transit_18479 mite_bytes_in_transit 0 18479 &pci_vpd_lrdt_size_18479
+udpv6_setsockopt_18487 udpv6_setsockopt 5 18487 NULL
+btrfs_fiemap_18501 btrfs_fiemap 3 18501 NULL
+__copy_user_zeroing_intel_18510 __copy_user_zeroing_intel 0-3 18510 NULL
+sas_change_queue_depth_18555 sas_change_queue_depth 2 18555 NULL
+smk_write_rules_list_18565 smk_write_rules_list 3 18565 NULL
+debug_output_18575 debug_output 3 18575 NULL
-+filemap_fdatawait_range_18600 filemap_fdatawait_range 0 18600 NULL
++filemap_fdatawait_range_18600 filemap_fdatawait_range 0 18600 NULL nohasharray
++slabinfo_write_18600 slabinfo_write 3 18600 &filemap_fdatawait_range_18600
+iowarrior_write_18604 iowarrior_write 3 18604 NULL
+from_buffer_18625 from_buffer 3 18625 NULL
+kmalloc_kernel_18641 kmalloc_kernel 1 18641 NULL
+ext4_add_new_descs_19509 ext4_add_new_descs 3 19509 NULL
+batadv_tvlv_container_register_19520 batadv_tvlv_container_register 5 19520 NULL
+ttm_dma_page_pool_free_19527 ttm_dma_page_pool_free 2-0 19527 NULL
++cfc_write_array_to_buffer_19529 cfc_write_array_to_buffer 3 19529 NULL
+nfc_llcp_build_tlv_19536 nfc_llcp_build_tlv 3 19536 NULL
+gfn_to_index_19558 gfn_to_index 0-1-3-2 19558 NULL
+ocfs2_control_message_19564 ocfs2_control_message 3 19564 NULL
+cfg80211_notify_new_peer_candidate_21242 cfg80211_notify_new_peer_candidate 4 21242 NULL
+fru_length_21257 fru_length 0 21257 NULL
+rtw_set_wps_beacon_21262 rtw_set_wps_beacon 3 21262 NULL
++ocfs2_blocks_for_bytes_21268 ocfs2_blocks_for_bytes 0-2 21268 NULL
+drm_universal_plane_init_21296 drm_universal_plane_init 6 21296 NULL
+do_msg_fill_21307 do_msg_fill 3 21307 NULL
+add_res_range_21310 add_res_range 4 21310 NULL
+snd_es18xx_mixer_read_21586 snd_es18xx_mixer_read 0 21586 NULL
+ocfs2_acl_from_xattr_21604 ocfs2_acl_from_xattr 2 21604 NULL
+filemap_get_page_21606 filemap_get_page 2 21606 NULL
++ocfs2_refcount_cow_hunk_21630 ocfs2_refcount_cow_hunk 3-4 21630 NULL
+__jfs_getxattr_21631 __jfs_getxattr 0 21631 NULL
+atalk_sendmsg_21677 atalk_sendmsg 4 21677 NULL
+ocfs2_xattr_get_nolock_21678 ocfs2_xattr_get_nolock 0 21678 NULL
+mesh_table_alloc_22305 mesh_table_alloc 1 22305 NULL
+lov_setstripe_22307 lov_setstripe 2 22307 NULL
+udpv6_sendmsg_22316 udpv6_sendmsg 4 22316 NULL
++C_SYSC_msgrcv_22320 C_SYSC_msgrcv 3 22320 NULL
+atomic_read_22342 atomic_read 0 22342 NULL
+ll_lazystatfs_seq_write_22353 ll_lazystatfs_seq_write 3 22353 NULL
+snd_pcm_alsa_frames_22363 snd_pcm_alsa_frames 2 22363 NULL
+wl1271_rx_filter_get_fields_size_22638 wl1271_rx_filter_get_fields_size 0 22638 NULL
+pwr_wake_on_timer_exp_read_22640 pwr_wake_on_timer_exp_read 3 22640 NULL
+iwl_dbgfs_calib_disabled_read_22649 iwl_dbgfs_calib_disabled_read 3 22649 NULL
++compat_SyS_msgrcv_22661 compat_SyS_msgrcv 3 22661 NULL
+l2tp_ip_recvmsg_22681 l2tp_ip_recvmsg 4 22681 NULL
+bch_dump_read_22685 bch_dump_read 3 22685 NULL
+reg_umr_22686 reg_umr 5 22686 NULL
+remote_settings_file_write_22987 remote_settings_file_write 3 22987 NULL
+viafb_dvp0_proc_write_23023 viafb_dvp0_proc_write 3 23023 NULL
+cifs_local_to_utf16_bytes_23025 cifs_local_to_utf16_bytes 0 23025 NULL
++ocfs2_refcount_cow_xattr_23029 ocfs2_refcount_cow_xattr 6-7 23029 NULL
+st_status_23032 st_status 5 23032 NULL
+nv50_disp_chan_create__23056 nv50_disp_chan_create_ 5 23056 NULL
++comedi_buf_write_n_available_23057 comedi_buf_write_n_available 0 23057 NULL
+reiserfs_add_entry_23062 reiserfs_add_entry 4 23062 NULL nohasharray
+unix_seqpacket_recvmsg_23062 unix_seqpacket_recvmsg 4 23062 &reiserfs_add_entry_23062
+mei_cl_send_23068 mei_cl_send 3 23068 NULL
+trim_bitmaps_24158 trim_bitmaps 3 24158 NULL
+adu_read_24177 adu_read 3 24177 NULL
+safe_prepare_write_buffer_24187 safe_prepare_write_buffer 3 24187 NULL
++nv94_aux_24197 nv94_aux 3-6 24197 NULL
+ieee80211_if_read_dot11MeshHWMPpreqMinInterval_24208 ieee80211_if_read_dot11MeshHWMPpreqMinInterval 3 24208 NULL
+tcpprobe_sprint_24222 tcpprobe_sprint 0-2 24222 NULL
+pcpu_embed_first_chunk_24224 pcpu_embed_first_chunk 3-2-1 24224 NULL nohasharray
+simple_attr_read_24738 simple_attr_read 3 24738 NULL
+qla2x00_change_queue_depth_24742 qla2x00_change_queue_depth 2 24742 NULL
+get_dma_residue_24749 get_dma_residue 0 24749 NULL
++ocfs2_cow_file_pos_24751 ocfs2_cow_file_pos 3 24751 NULL
+kgdb_hex2mem_24755 kgdb_hex2mem 3 24755 NULL
+ocfs2_read_blocks_24777 ocfs2_read_blocks 0 24777 NULL
+datablob_hmac_verify_24786 datablob_hmac_verify 4 24786 NULL
+seq_read_27411 seq_read 3 27411 NULL
+ib_dma_map_sg_27413 ib_dma_map_sg 0 27413 NULL
+ieee80211_if_read_smps_27416 ieee80211_if_read_smps 3 27416 NULL
++ocfs2_refcount_cal_cow_clusters_27422 ocfs2_refcount_cal_cow_clusters 3-4 27422 NULL
+cypress_write_27423 cypress_write 4 27423 NULL
+sddr09_read_data_27447 sddr09_read_data 3 27447 NULL
+v4l2_ctrl_new_std_menu_items_27487 v4l2_ctrl_new_std_menu_items 4 27487 NULL
+subdev_ioctl_28417 subdev_ioctl 2 28417 NULL
+__videobuf_mmap_setup_28421 __videobuf_mmap_setup 0 28421 NULL
+ksocknal_alloc_tx_28426 ksocknal_alloc_tx 2 28426 NULL
++hid_hw_output_report_28429 hid_hw_output_report 0 28429 NULL
+mpage_readpages_28436 mpage_readpages 3 28436 NULL
+snd_emu10k1_efx_read_28452 snd_emu10k1_efx_read 2 28452 NULL
+key_mic_failures_read_28457 key_mic_failures_read 3 28457 NULL
+ipv6_setsockopt_29871 ipv6_setsockopt 5 29871 NULL
+crypto_aead_alignmask_29885 crypto_aead_alignmask 0 29885 NULL
+rtw_cfg80211_indicate_sta_assoc_29897 rtw_cfg80211_indicate_sta_assoc 3 29897 NULL
++nv94_gpio_intr_mask_29907 nv94_gpio_intr_mask 4-3 29907 NULL
+lov_ost_pool_extend_29914 lov_ost_pool_extend 2 29914 NULL
+write_file_queue_29922 write_file_queue 3 29922 NULL
+__btrfs_getxattr_29947 __btrfs_getxattr 0 29947 NULL nohasharray
+cxgbi_ddp_reserve_30091 cxgbi_ddp_reserve 4 30091 NULL
+snd_midi_channel_init_set_30092 snd_midi_channel_init_set 1 30092 NULL
+rx_filter_data_filter_read_30098 rx_filter_data_filter_read 3 30098 NULL
++defragment_dma_buffer_30113 defragment_dma_buffer 0 30113 NULL
+spi_async_locked_30117 spi_async_locked 0 30117 NULL
+u_memcpya_30139 u_memcpya 3-2 30139 NULL
+dbg_port_buf_30145 dbg_port_buf 2 30145 NULL
+tcp_sendmsg_30296 tcp_sendmsg 4 30296 NULL
+osc_contention_seconds_seq_write_30305 osc_contention_seconds_seq_write 3 30305 NULL
+ext4_acl_from_disk_30320 ext4_acl_from_disk 2 30320 NULL
++i8254_read_30330 i8254_read 0 30330 NULL
+resource_from_user_30341 resource_from_user 3 30341 NULL
+o2nm_this_node_30342 o2nm_this_node 0 30342 NULL
+kstrtou32_from_user_30361 kstrtou32_from_user 2 30361 NULL
+set_le_30581 set_le 4 30581 NULL
+blk_init_tags_30592 blk_init_tags 1 30592 NULL
+sgl_map_user_pages_30610 sgl_map_user_pages 2 30610 NULL
++SyS_msgrcv_30611 SyS_msgrcv 3 30611 NULL
+macvtap_sendmsg_30629 macvtap_sendmsg 4 30629 NULL
+ieee80211_if_read_dot11MeshAwakeWindowDuration_30631 ieee80211_if_read_dot11MeshAwakeWindowDuration 3 30631 NULL
+compat_raw_setsockopt_30634 compat_raw_setsockopt 5 30634 NULL
+mlx5_ib_alloc_fast_reg_page_list_30638 mlx5_ib_alloc_fast_reg_page_list 2 30638 NULL
+SyS_listxattr_30647 SyS_listxattr 3 30647 NULL
+jffs2_flash_read_30667 jffs2_flash_read 0 30667 NULL
++ni_ai_fifo_read_30681 ni_ai_fifo_read 3 30681 NULL
+sst_hsw_get_dsp_position_30691 sst_hsw_get_dsp_position 0 30691 NULL
+get_pages_alloc_iovec_30699 get_pages_alloc_iovec 3-0 30699 NULL
+dccp_setsockopt_ccid_30701 dccp_setsockopt_ccid 4 30701 NULL
+__inode_permission_34925 __inode_permission 0 34925 &btrfs_super_chunk_root_34925
+sec_flags2str_34933 sec_flags2str 3 34933 NULL
+snd_info_entry_read_34938 snd_info_entry_read 3 34938 NULL
++compat_SyS_kexec_load_34947 compat_SyS_kexec_load 2 34947 NULL
+do_add_page_to_bio_34974 do_add_page_to_bio 2-10 34974 NULL
+sdebug_change_qdepth_34994 sdebug_change_qdepth 2 34994 NULL
+rx_rx_hdr_overflow_read_35002 rx_rx_hdr_overflow_read 3 35002 NULL
+striped_read_35218 striped_read 0-2 35218 NULL nohasharray
+security_key_getsecurity_35218 security_key_getsecurity 0 35218 &striped_read_35218
+rx_rx_cmplt_task_read_35226 rx_rx_cmplt_task_read 3 35226 NULL
++kimage_file_prepare_segments_35232 kimage_file_prepare_segments 5 35232 NULL
+set_fd_set_35249 set_fd_set 1 35249 NULL
+ioapic_setup_resources_35255 ioapic_setup_resources 1 35255 NULL
+dis_disc_write_35265 dis_disc_write 3 35265 NULL
+ocfs2_write_zero_page_35539 ocfs2_write_zero_page 3 35539 NULL
+ibnl_put_attr_35541 ibnl_put_attr 3 35541 NULL
+ieee80211_if_write_smps_35550 ieee80211_if_write_smps 3 35550 NULL
++C_SYSC_kexec_load_35565 C_SYSC_kexec_load 2 35565 NULL
+ext4_blocks_for_truncate_35579 ext4_blocks_for_truncate 0 35579 NULL
+ext2_acl_from_disk_35580 ext2_acl_from_disk 2 35580 NULL
+spk_msg_set_35586 spk_msg_set 3 35586 NULL
+_ipw_read_reg32_38245 _ipw_read_reg32 0 38245 NULL
+nvkm_dmaobj_create__38250 nvkm_dmaobj_create_ 6 38250 NULL
+mthca_alloc_icm_table_38268 mthca_alloc_icm_table 4-3 38268 NULL nohasharray
-+ieee80211_if_read_auto_open_plinks_38268 ieee80211_if_read_auto_open_plinks 3 38268 &mthca_alloc_icm_table_38268
++ieee80211_if_read_auto_open_plinks_38268 ieee80211_if_read_auto_open_plinks 3 38268 &mthca_alloc_icm_table_38268 nohasharray
++SYSC_msgrcv_38268 SYSC_msgrcv 3 38268 &ieee80211_if_read_auto_open_plinks_38268
+xfs_bmbt_to_bmdr_38275 xfs_bmbt_to_bmdr 3 38275 NULL nohasharray
+xfs_bmdr_to_bmbt_38275 xfs_bmdr_to_bmbt 5 38275 &xfs_bmbt_to_bmdr_38275
+ftdi_process_packet_38281 ftdi_process_packet 4 38281 NULL
+__snd_gf1_look8_38333 __snd_gf1_look8 0 38333 NULL
+usb_ext_prop_put_name_38352 usb_ext_prop_put_name 0-3 38352 NULL
+btrfs_file_extent_disk_num_bytes_38363 btrfs_file_extent_disk_num_bytes 0 38363 NULL
++xfs_free_file_space_38383 xfs_free_file_space 2-3 38383 NULL
+dn_sendmsg_38390 dn_sendmsg 4 38390 NULL
+ieee80211_if_read_dtim_count_38419 ieee80211_if_read_dtim_count 3 38419 NULL
+pmcraid_copy_sglist_38431 pmcraid_copy_sglist 3 38431 NULL
+ocrdma_dbgfs_ops_read_40232 ocrdma_dbgfs_ops_read 3 40232 NULL
+osst_read_40237 osst_read 3 40237 NULL
+lpage_info_slot_40243 lpage_info_slot 1-3 40243 NULL
-+ocfs2_zero_extend_get_range_40248 ocfs2_zero_extend_get_range 4 40248 NULL
++ocfs2_zero_extend_get_range_40248 ocfs2_zero_extend_get_range 4-3 40248 NULL
+of_get_child_count_40254 of_get_child_count 0 40254 NULL nohasharray
+fsl_edma_prep_dma_cyclic_40254 fsl_edma_prep_dma_cyclic 3-4 40254 &of_get_child_count_40254
+rs_sta_dbgfs_scale_table_read_40262 rs_sta_dbgfs_scale_table_read 3 40262 NULL
+vol_cdev_write_40915 vol_cdev_write 3 40915 NULL
+snd_vx_create_40948 snd_vx_create 4 40948 NULL
+rds_sendmsg_40976 rds_sendmsg 4 40976 NULL
++ima_appraise_measurement_40978 ima_appraise_measurement 6 40978 NULL
+il_dbgfs_fh_reg_read_40993 il_dbgfs_fh_reg_read 3 40993 NULL
+iwl_dbgfs_scan_ant_rxchain_read_40999 iwl_dbgfs_scan_ant_rxchain_read 3 40999 NULL
+mac80211_format_buffer_41010 mac80211_format_buffer 2 41010 NULL
+ptlrpc_new_bulk_41804 ptlrpc_new_bulk 1 41804 NULL
+rtw_android_get_macaddr_41812 rtw_android_get_macaddr 0 41812 NULL
+sco_send_frame_41815 sco_send_frame 3 41815 NULL
++kimage_file_alloc_init_41827 kimage_file_alloc_init 5 41827 NULL
+copy_page_to_iter_bvec_41830 copy_page_to_iter_bvec 0-3 41830 NULL
+ixgbe_dbg_netdev_ops_read_41839 ixgbe_dbg_netdev_ops_read 3 41839 NULL
+do_ip_setsockopt_41852 do_ip_setsockopt 5 41852 NULL
+keyctl_instantiate_key_41855 keyctl_instantiate_key 3 41855 NULL
+pci_map_single_41869 pci_map_single 0 41869 NULL
+usb_gadget_get_string_41871 usb_gadget_get_string 0 41871 NULL
++v_APCI3120_InterruptDmaMoveBlock16bit_41914 v_APCI3120_InterruptDmaMoveBlock16bit 4 41914 NULL
+get_fdb_entries_41916 get_fdb_entries 3 41916 NULL
+ext4_da_write_inline_data_begin_41935 ext4_da_write_inline_data_begin 4-3 41935 NULL
+sci_rxfill_41945 sci_rxfill 0 41945 NULL
+snd_pcm_action_group_42452 snd_pcm_action_group 0 42452 NULL
+tcm_loop_change_queue_depth_42454 tcm_loop_change_queue_depth 2 42454 NULL
+kuc_free_42455 kuc_free 2 42455 NULL
++cp2112_gpio_get_42467 cp2112_gpio_get 2 42467 NULL
+__simple_xattr_set_42474 __simple_xattr_set 4 42474 NULL
+omfs_readpages_42490 omfs_readpages 4 42490 NULL
+bypass_write_42498 bypass_write 3 42498 NULL
+mmu_set_spte_43327 mmu_set_spte 7-6 43327 NULL
+__ext4_get_inode_loc_43332 __ext4_get_inode_loc 0 43332 NULL
+xenfb_write_43412 xenfb_write 3 43412 NULL
++ext4_xattr_check_names_43422 ext4_xattr_check_names 0 43422 NULL
+__alloc_bootmem_low_43423 __alloc_bootmem_low 1 43423 NULL
+usb_alloc_urb_43436 usb_alloc_urb 1 43436 NULL
+ath6kl_wmi_roam_tbl_event_rx_43440 ath6kl_wmi_roam_tbl_event_rx 3 43440 NULL
+handle_frequent_errors_43599 handle_frequent_errors 4 43599 NULL
+lpfc_idiag_drbacc_read_reg_43606 lpfc_idiag_drbacc_read_reg 0-3 43606 NULL
+proc_read_43614 proc_read 3 43614 NULL
++disable_dma_on_even_43618 disable_dma_on_even 0 43618 NULL
+alloc_thread_groups_43625 alloc_thread_groups 2 43625 NULL
+random_write_43656 random_write 3 43656 NULL
+bio_integrity_tag_43658 bio_integrity_tag 3 43658 NULL
+fuse_send_read_43725 fuse_send_read 4-0 43725 NULL
+drbd_md_first_sector_43729 drbd_md_first_sector 0 43729 NULL
+snd_rme32_playback_copy_43732 snd_rme32_playback_copy 5 43732 NULL
++__alloc_alien_cache_43734 __alloc_alien_cache 2 43734 NULL
+fuse_conn_congestion_threshold_write_43736 fuse_conn_congestion_threshold_write 3 43736 NULL
+gigaset_initcs_43753 gigaset_initcs 2 43753 NULL
+sctp_setsockopt_active_key_43755 sctp_setsockopt_active_key 3 43755 NULL
+cfs_trace_daemon_command_usrstr_45147 cfs_trace_daemon_command_usrstr 2 45147 NULL
+gen_bitmask_string_45149 gen_bitmask_string 6 45149 NULL
+device_write_45156 device_write 3 45156 NULL nohasharray
-+ocfs2_remove_inode_range_45156 ocfs2_remove_inode_range 3 45156 &device_write_45156
++ocfs2_remove_inode_range_45156 ocfs2_remove_inode_range 3-4 45156 &device_write_45156
+tomoyo_write_self_45161 tomoyo_write_self 3 45161 NULL
+sta_agg_status_write_45164 sta_agg_status_write 3 45164 NULL
+snd_sb_csp_load_user_45190 snd_sb_csp_load_user 3 45190 NULL nohasharray
+mcp23s17_read_regs_47491 mcp23s17_read_regs 4 47491 NULL
+core_sys_select_47494 core_sys_select 1 47494 NULL
+as3722_block_write_47503 as3722_block_write 2-3 47503 NULL
++alloc_arraycache_47505 alloc_arraycache 2 47505 NULL
+unlink_simple_47506 unlink_simple 3 47506 NULL
+pstore_decompress_47510 pstore_decompress 0 47510 NULL
+ec_i2c_count_response_47518 ec_i2c_count_response 0 47518 NULL
+_iwl_dbgfs_bt_tx_prio_write_48473 _iwl_dbgfs_bt_tx_prio_write 3 48473 NULL
+ipath_format_hwerrors_48487 ipath_format_hwerrors 5 48487 NULL
+r8712_usbctrl_vendorreq_48489 r8712_usbctrl_vendorreq 6 48489 NULL
++ocfs2_refcount_cow_48495 ocfs2_refcount_cow 3 48495 NULL
+send_control_msg_48498 send_control_msg 6 48498 NULL
+count_masked_bytes_48507 count_masked_bytes 0-1 48507 NULL
+diva_os_copy_to_user_48508 diva_os_copy_to_user 4 48508 NULL
+atomic_counters_read_48827 atomic_counters_read 3 48827 NULL
+azx_get_position_48841 azx_get_position 0 48841 NULL
+vc_do_resize_48842 vc_do_resize 3-4 48842 NULL
++comedi_buf_write_alloc_48846 comedi_buf_write_alloc 0-2 48846 NULL
+suspend_dtim_interval_write_48854 suspend_dtim_interval_write 3 48854 NULL
+viafb_dvp1_proc_write_48864 viafb_dvp1_proc_write 3 48864 NULL nohasharray
+C_SYSC_pwritev64_48864 C_SYSC_pwritev64 3 48864 &viafb_dvp1_proc_write_48864
+verity_status_53120 verity_status 5 53120 NULL
+brcmf_usb_dl_cmd_53130 brcmf_usb_dl_cmd 4 53130 NULL
+ps_poll_ps_poll_max_ap_turn_read_53140 ps_poll_ps_poll_max_ap_turn_read 3 53140 NULL
++copy_user_segment_list_53150 copy_user_segment_list 2 53150 NULL
+ieee80211_bss_info_update_53170 ieee80211_bss_info_update 4 53170 NULL
+btrfs_io_bio_alloc_53179 btrfs_io_bio_alloc 2 53179 NULL
+clear_capture_buf_53192 clear_capture_buf 2 53192 NULL
+bitmap_bitremap_54096 bitmap_bitremap 4 54096 NULL
+altera_set_ir_pre_54103 altera_set_ir_pre 2 54103 NULL nohasharray
+lustre_posix_acl_xattr_filter_54103 lustre_posix_acl_xattr_filter 2 54103 &altera_set_ir_pre_54103
++__comedi_buf_write_alloc_54112 __comedi_buf_write_alloc 0-2 54112 NULL
+strn_len_54122 strn_len 0 54122 NULL
+isku_receive_54130 isku_receive 4 54130 NULL
+isr_host_acknowledges_read_54136 isr_host_acknowledges_read 3 54136 NULL
+journal_init_revoke_table_56331 journal_init_revoke_table 1 56331 NULL
+snd_rawmidi_read_56337 snd_rawmidi_read 3 56337 NULL
+vxge_os_dma_malloc_async_56348 vxge_os_dma_malloc_async 3 56348 NULL
++mite_device_bytes_transferred_56355 mite_device_bytes_transferred 0 56355 NULL
+iov_iter_copy_from_user_atomic_56368 iov_iter_copy_from_user_atomic 0-4 56368 NULL
+dev_read_56369 dev_read 3 56369 NULL
+ath10k_read_simulate_fw_crash_56371 ath10k_read_simulate_fw_crash 3 56371 NULL
+dio_send_cur_page_57348 dio_send_cur_page 0 57348 NULL
+tipc_bclink_stats_57372 tipc_bclink_stats 2 57372 NULL
+tty_register_device_attr_57381 tty_register_device_attr 2 57381 NULL
++bzImage64_load_57388 bzImage64_load 7 57388 NULL
+read_file_blob_57406 read_file_blob 3 57406 NULL
+enclosure_register_57412 enclosure_register 3 57412 NULL
+compat_keyctl_instantiate_key_iov_57431 compat_keyctl_instantiate_key_iov 3 57431 NULL
+ip_set_alloc_57953 ip_set_alloc 1 57953 NULL nohasharray
+ioat3_dca_count_dca_slots_57953 ioat3_dca_count_dca_slots 0 57953 &ip_set_alloc_57953
+iov_iter_npages_57979 iov_iter_npages 0-2 57979 NULL
++do_rx_dma_57996 do_rx_dma 5 57996 NULL
+rx_reset_counter_read_58001 rx_reset_counter_read 3 58001 NULL
+iwl_dbgfs_ucode_rx_stats_read_58023 iwl_dbgfs_ucode_rx_stats_read 3 58023 NULL
+io_playback_transfer_58030 io_playback_transfer 4 58030 NULL
+lstcon_rpc_prep_58325 lstcon_rpc_prep 4 58325 NULL
+ext4_ext_truncate_extend_restart_58331 ext4_ext_truncate_extend_restart 3 58331 NULL
+__copy_from_user_swizzled_58337 __copy_from_user_swizzled 2-4 58337 NULL
++ec_i2c_parse_response_58347 ec_i2c_parse_response 0 58347 NULL
+brcmf_debugfs_sdio_counter_read_58369 brcmf_debugfs_sdio_counter_read 3 58369 NULL
+il_dbgfs_status_read_58388 il_dbgfs_status_read 3 58388 NULL
+_drbd_md_sync_page_io_58403 _drbd_md_sync_page_io 6 58403 NULL
+mic_calc_failure_read_59700 mic_calc_failure_read 3 59700 NULL
+ioperm_get_59701 ioperm_get 4-3 59701 NULL
+prism2_info_scanresults_59729 prism2_info_scanresults 3 59729 NULL
-+ieee80211_if_read_fwded_unicast_59740 ieee80211_if_read_fwded_unicast 3 59740 NULL
++ieee80211_if_read_fwded_unicast_59740 ieee80211_if_read_fwded_unicast 3 59740 NULL nohasharray
++nv94_aux_mask_59740 nv94_aux_mask 2 59740 &ieee80211_if_read_fwded_unicast_59740
+qib_decode_7220_sdma_errs_59745 qib_decode_7220_sdma_errs 4 59745 NULL
+strnlen_59746 strnlen 0 59746 NULL
+ext3_acl_count_59754 ext3_acl_count 0-1 59754 NULL
+f1x_map_sysaddr_to_csrow_61344 f1x_map_sysaddr_to_csrow 2 61344 NULL
+debug_debug4_read_61367 debug_debug4_read 3 61367 NULL
+system_enable_write_61396 system_enable_write 3 61396 NULL
++xfs_zero_remaining_bytes_61423 xfs_zero_remaining_bytes 3 61423 NULL
+unix_stream_sendmsg_61455 unix_stream_sendmsg 4 61455 NULL
+snd_pcm_lib_writev_transfer_61483 snd_pcm_lib_writev_transfer 5-4-2 61483 NULL
+btrfs_item_size_61485 btrfs_item_size 0 61485 NULL
+insert_one_name_61668 insert_one_name 7 61668 NULL
+qib_format_hwmsg_61679 qib_format_hwmsg 2 61679 NULL
+lock_loop_61681 lock_loop 1 61681 NULL
++__do_tune_cpucache_61684 __do_tune_cpucache 2 61684 NULL
+filter_read_61692 filter_read 3 61692 NULL
++SyS_kexec_file_load_61715 SyS_kexec_file_load 3 61715 NULL
+iov_length_61716 iov_length 0 61716 NULL
+fragmentation_threshold_read_61718 fragmentation_threshold_read 3 61718 NULL
+null_alloc_reqbuf_61719 null_alloc_reqbuf 3 61719 NULL
+rx_filter_arp_filter_read_61914 rx_filter_arp_filter_read 3 61914 NULL
+au0828_init_isoc_61917 au0828_init_isoc 3-2-4 61917 NULL
+sctp_sendmsg_61919 sctp_sendmsg 4 61919 NULL
++efi_get_runtime_map_size_61927 efi_get_runtime_map_size 0 61927 NULL
+SyS_kexec_load_61946 SyS_kexec_load 2 61946 NULL
+il4965_ucode_rx_stats_read_61948 il4965_ucode_rx_stats_read 3 61948 NULL
+squashfs_read_id_index_table_61961 squashfs_read_id_index_table 4 61961 NULL
+fix_read_error_61965 fix_read_error 4 61965 NULL
++ocfs2_quota_write_61972 ocfs2_quota_write 4-5 61972 NULL
+fd_locked_ioctl_61978 fd_locked_ioctl 3 61978 NULL
+cow_file_range_61979 cow_file_range 3 61979 NULL
+dequeue_event_62000 dequeue_event 3 62000 NULL
+mwifiex_11n_create_rx_reorder_tbl_63806 mwifiex_11n_create_rx_reorder_tbl 4 63806 NULL
+copy_nodes_to_user_63807 copy_nodes_to_user 2 63807 NULL
+C_SYSC_process_vm_readv_63811 C_SYSC_process_vm_readv 3-5 63811 NULL
-+regmap_multi_reg_write_63826 regmap_multi_reg_write 3 63826 NULL
++regmap_multi_reg_write_63826 regmap_multi_reg_write 3 63826 NULL nohasharray
++prepare_copy_63826 prepare_copy 2 63826 ®map_multi_reg_write_63826
+sel_write_load_63830 sel_write_load 3 63830 NULL
+proc_pid_attr_write_63845 proc_pid_attr_write 3 63845 NULL
+nv10_gpio_intr_mask_63862 nv10_gpio_intr_mask 4-3 63862 NULL
+isr_low_rssi_read_64789 isr_low_rssi_read 3 64789 NULL
+regmap_reg_ranges_read_file_64798 regmap_reg_ranges_read_file 3 64798 NULL
+nfsctl_transaction_write_64800 nfsctl_transaction_write 3 64800 NULL
-+rfkill_fop_write_64808 rfkill_fop_write 3 64808 NULL
++rfkill_fop_write_64808 rfkill_fop_write 3 64808 NULL nohasharray
++nv_mask_64808 nv_mask 0 64808 &rfkill_fop_write_64808
+proc_projid_map_write_64810 proc_projid_map_write 3 64810 NULL
+megaraid_change_queue_depth_64815 megaraid_change_queue_depth 2 64815 NULL
+ecryptfs_send_miscdev_64816 ecryptfs_send_miscdev 2 64816 NULL
0; \
})
-diff --git a/virt/kvm/iommu.c b/virt/kvm/iommu.c
-index 714b949..1f0dc1e 100644
---- a/virt/kvm/iommu.c
-+++ b/virt/kvm/iommu.c
-@@ -43,13 +43,13 @@ static void kvm_iommu_put_pages(struct kvm *kvm,
- gfn_t base_gfn, unsigned long npages);
-
- static pfn_t kvm_pin_pages(struct kvm_memory_slot *slot, gfn_t gfn,
-- unsigned long size)
-+ unsigned long npages)
- {
- gfn_t end_gfn;
- pfn_t pfn;
-
- pfn = gfn_to_pfn_memslot(slot, gfn);
-- end_gfn = gfn + (size >> PAGE_SHIFT);
-+ end_gfn = gfn + npages;
- gfn += 1;
-
- if (is_error_noslot_pfn(pfn))
-@@ -119,7 +119,7 @@ int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot)
- * Pin all pages we are about to map in memory. This is
- * important because we unmap and unpin in 4kb steps later.
- */
-- pfn = kvm_pin_pages(slot, gfn, page_size);
-+ pfn = kvm_pin_pages(slot, gfn, page_size >> PAGE_SHIFT);
- if (is_error_noslot_pfn(pfn)) {
- gfn += 1;
- continue;
-@@ -131,7 +131,7 @@ int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot)
- if (r) {
- printk(KERN_ERR "kvm_iommu_map_address:"
- "iommu failed to map pfn=%llx\n", pfn);
-- kvm_unpin_pages(kvm, pfn, page_size);
-+ kvm_unpin_pages(kvm, pfn, page_size >> PAGE_SHIFT);
- goto unmap_pages;
- }
-
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
-index 95519bc..43f5d42 100644
+index 6a3f29b..a1d2e93 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
-@@ -76,12 +76,17 @@ LIST_HEAD(vm_list);
+@@ -77,12 +77,17 @@ LIST_HEAD(vm_list);
static cpumask_var_t cpus_hardware_enabled;
static int kvm_usage_count = 0;
struct dentry *kvm_debugfs_dir;
-@@ -763,7 +768,7 @@ int __kvm_set_memory_region(struct kvm *kvm,
+@@ -780,7 +785,7 @@ int __kvm_set_memory_region(struct kvm *kvm,
/* We can read the guest memory with __xxx_user() later on. */
if ((mem->slot < KVM_USER_MEM_SLOTS) &&
((mem->userspace_addr & (PAGE_SIZE - 1)) ||
(void __user *)(unsigned long)mem->userspace_addr,
mem->memory_size)))
goto out;
-@@ -1620,9 +1625,17 @@ EXPORT_SYMBOL_GPL(kvm_read_guest_cached);
+@@ -1637,9 +1642,17 @@ EXPORT_SYMBOL_GPL(kvm_read_guest_cached);
int kvm_clear_guest_page(struct kvm *kvm, gfn_t gfn, int offset, int len)
{
}
EXPORT_SYMBOL_GPL(kvm_clear_guest_page);
-@@ -1872,7 +1885,7 @@ static int kvm_vcpu_release(struct inode *inode, struct file *filp)
+@@ -1889,7 +1902,7 @@ static int kvm_vcpu_release(struct inode *inode, struct file *filp)
return 0;
}
.release = kvm_vcpu_release,
.unlocked_ioctl = kvm_vcpu_ioctl,
#ifdef CONFIG_COMPAT
-@@ -2573,7 +2586,7 @@ out:
+@@ -2593,7 +2606,7 @@ out:
}
#endif
.release = kvm_vm_release,
.unlocked_ioctl = kvm_vm_ioctl,
#ifdef CONFIG_COMPAT
-@@ -2646,7 +2659,7 @@ out:
+@@ -2666,7 +2679,7 @@ out:
return r;
}
.unlocked_ioctl = kvm_dev_ioctl,
.compat_ioctl = kvm_dev_ioctl,
.llseek = noop_llseek,
-@@ -2672,7 +2685,7 @@ static void hardware_enable_nolock(void *junk)
+@@ -2692,7 +2705,7 @@ static void hardware_enable_nolock(void *junk)
if (r) {
cpumask_clear_cpu(cpu, cpus_hardware_enabled);
printk(KERN_INFO "kvm: enabling virtualization on "
"CPU%d failed\n", cpu);
}
-@@ -2728,10 +2741,10 @@ static int hardware_enable_all(void)
+@@ -2748,10 +2761,10 @@ static int hardware_enable_all(void)
kvm_usage_count++;
if (kvm_usage_count == 1) {
hardware_disable_all_nolock();
r = -EBUSY;
}
-@@ -3136,7 +3149,7 @@ static void kvm_sched_out(struct preempt_notifier *pn,
+@@ -3156,7 +3169,7 @@ static void kvm_sched_out(struct preempt_notifier *pn,
kvm_arch_vcpu_put(vcpu);
}
struct module *module)
{
int r;
-@@ -3183,7 +3196,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
+@@ -3203,7 +3216,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
if (!vcpu_align)
vcpu_align = __alignof__(struct kvm_vcpu);
kvm_vcpu_cache = kmem_cache_create("kvm_vcpu", vcpu_size, vcpu_align,
if (!kvm_vcpu_cache) {
r = -ENOMEM;
goto out_free_3;
-@@ -3193,9 +3206,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
+@@ -3213,9 +3226,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
if (r)
goto out_free;
r = misc_register(&kvm_dev);
if (r) {
-@@ -3205,9 +3220,6 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
+@@ -3225,9 +3240,6 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
register_syscore_ops(&kvm_syscore_ops);