diff --git a/Documentation/dontdiff b/Documentation/dontdiff
-index 74c25c8..deadba2 100644
+index b89a739..b47493f 100644
--- a/Documentation/dontdiff
+++ b/Documentation/dontdiff
@@ -2,9 +2,11 @@
mkprep
mkregtable
mktables
-@@ -186,6 +205,8 @@ oui.c*
+@@ -185,6 +204,8 @@ oui.c*
page-types
parse.c
parse.h
patches*
pca200e.bin
pca200e_ecd.bin2
-@@ -195,6 +216,7 @@ perf-archive
+@@ -194,6 +215,7 @@ perf-archive
piggyback
piggy.gzip
piggy.S
pnmtologo
ppc_defs.h*
pss_boot.h
-@@ -204,7 +226,10 @@ r200_reg_safe.h
+@@ -203,7 +225,10 @@ r200_reg_safe.h
r300_reg_safe.h
r420_reg_safe.h
r600_reg_safe.h
relocs
rlim_names.h
rn50_reg_safe.h
-@@ -214,8 +239,11 @@ series
+@@ -213,8 +238,12 @@ series
setup
setup.bin
setup.elf
++signing_key*
+size_overflow_hash.h
sImage
+slabinfo
split-include
syscalltab.h
tables.c
-@@ -225,6 +253,7 @@ tftpboot.img
+@@ -224,6 +253,7 @@ tftpboot.img
timeconst.h
times.h*
trix_boot.h
utsrelease.h*
vdso-syms.lds
vdso.lds
-@@ -236,13 +265,17 @@ vdso32.lds
+@@ -235,13 +265,17 @@ vdso32.lds
vdso32.so.dbg
vdso64.lds
vdso64.so.dbg
vmlinuz
voffset.h
vsyscall.lds
-@@ -250,9 +283,11 @@ vsyscall_32.lds
+@@ -249,9 +283,12 @@ vsyscall_32.lds
wanxlfw.inc
uImage
unifdef
wakeup.bin
wakeup.elf
wakeup.lds
++x509*
zImage*
zconf.hash.c
+zconf.lex.c
zoffset.h
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
-index 9776f06..18b1856 100644
+index 986614d..e8bfedc 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
-@@ -905,6 +905,9 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
- gpt [EFI] Forces disk with valid GPT signature but
- invalid Protective MBR to be treated as GPT.
+@@ -922,6 +922,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
+ Format: <unsigned int> such that (rxsize & ~0x1fffc0) == 0.
+ Default: 1024
-+ grsec_proc_gid= [GRKERNSEC_PROC_USERGROUP] Chooses GID to
++ grsec_proc_gid= [GRKERNSEC_PROC_USERGROUP] Chooses GID to
+ ignore grsecurity's /proc restrictions
++
+
hashdist= [KNL,NUMA] Large hashes allocated during boot
are distributed across NUMA nodes. Defaults on
for 64-bit NUMA, off otherwise.
-@@ -2082,6 +2085,13 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
+@@ -2121,6 +2125,18 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
the specified number of seconds. This is to be used if
your oopses keep scrolling off the screen.
+ page table updates on X86-64.
+
+ pax_softmode= 0/1 to disable/enable PaX softmode on boot already.
++
++ pax_extra_latent_entropy
++ Enable a very simple form of latent entropy extraction
++ from the first 4GB of memory as the bootmem allocator
++ passes the memory pages to the buddy allocator.
+
pcbit= [HW,ISDN]
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index 39f170a..5d22cce 100644
+index 8c49fc9b..9a2af09 100644
--- a/Makefile
+++ b/Makefile
@@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
$(Q)$(MAKE) $(build)=scripts/basic
$(Q)rm -f .tmp_quiet_recordmcount
-@@ -575,6 +576,60 @@ else
+@@ -575,6 +576,62 @@ else
KBUILD_CFLAGS += -O2
endif
+ifndef DISABLE_PAX_PLUGINS
++ifeq ($(call cc-ifversion, -ge, 0408, y), y)
++PLUGINCC := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCXX)" "$(HOSTCXX)" "$(CC)")
++else
+PLUGINCC := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCC)" "$(HOSTCXX)" "$(CC)")
++endif
+ifneq ($(PLUGINCC),)
-+ifndef DISABLE_PAX_CONSTIFY_PLUGIN
+ifndef CONFIG_UML
+CONSTIFY_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/constify_plugin.so -DCONSTIFY_PLUGIN
+endif
-+endif
+ifdef CONFIG_PAX_MEMORY_STACKLEAK
+STACKLEAK_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/stackleak_plugin.so -DSTACKLEAK_PLUGIN
+STACKLEAK_PLUGIN_CFLAGS += -fplugin-arg-stackleak_plugin-track-lowest-sp=100
include $(srctree)/arch/$(SRCARCH)/Makefile
ifdef CONFIG_READABLE_ASM
-@@ -731,7 +786,7 @@ export mod_sign_cmd
+@@ -731,7 +788,7 @@ export mod_sign_cmd
ifeq ($(KBUILD_EXTMOD),)
vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
$(core-y) $(core-m) $(drivers-y) $(drivers-m) \
-@@ -778,6 +833,8 @@ endif
+@@ -778,6 +835,8 @@ endif
# The actual objects are generated when descending,
# make sure no implicit rule kicks in
$(sort $(vmlinux-deps)): $(vmlinux-dirs) ;
# Handle descending into subdirectories listed in $(vmlinux-dirs)
-@@ -787,7 +844,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ;
+@@ -787,7 +846,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ;
# Error messages still appears in the original language
PHONY += $(vmlinux-dirs)
$(Q)$(MAKE) $(build)=$@
# Store (new) KERNELRELASE string in include/config/kernel.release
-@@ -831,6 +888,7 @@ prepare0: archprepare FORCE
+@@ -831,6 +890,7 @@ prepare0: archprepare FORCE
$(Q)$(MAKE) $(build)=.
# All the preparing..
prepare: prepare0
# Generate some files
-@@ -938,6 +996,8 @@ all: modules
+@@ -938,6 +998,8 @@ all: modules
# using awk while concatenating to the final file.
PHONY += modules
modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin
$(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order
@$(kecho) ' Building modules, stage 2.';
-@@ -953,7 +1013,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin)
+@@ -953,7 +1015,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin)
# Target to prepare building external modules
PHONY += modules_prepare
# Target to install modules
PHONY += modules_install
-@@ -1013,7 +1073,7 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \
+@@ -1019,7 +1081,7 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \
Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS \
signing_key.priv signing_key.x509 x509.genkey \
extra_certificates signing_key.x509.keyid \
# clean - Delete most, but leave enough to build external modules
#
-@@ -1053,6 +1113,7 @@ distclean: mrproper
+@@ -1059,6 +1121,7 @@ distclean: mrproper
\( -name '*.orig' -o -name '*.rej' -o -name '*~' \
-o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
-o -name '.*.rej' \
-o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \
-type f -print | xargs rm -f
-@@ -1213,6 +1274,8 @@ PHONY += $(module-dirs) modules
+@@ -1219,6 +1282,8 @@ PHONY += $(module-dirs) modules
$(module-dirs): crmodverdir $(objtree)/Module.symvers
$(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@)
modules: $(module-dirs)
@$(kecho) ' Building modules, stage 2.';
$(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost
-@@ -1349,17 +1412,21 @@ else
+@@ -1355,17 +1420,21 @@ else
target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@))
endif
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
%.symtypes: %.c prepare scripts FORCE
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
-@@ -1369,11 +1436,15 @@ endif
+@@ -1375,11 +1444,15 @@ endif
$(cmd_crmodverdir)
$(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
$(build)=$(build-dir)
} else if (!cause) {
/* Allow reads even for write-only mappings */
if (!(vma->vm_flags & (VM_READ | VM_WRITE)))
+diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
+index 67874b8..0e40765 100644
+--- a/arch/arm/Kconfig
++++ b/arch/arm/Kconfig
+@@ -1813,7 +1813,7 @@ config ALIGNMENT_TRAP
+
+ config UACCESS_WITH_MEMCPY
+ bool "Use kernel mem{cpy,set}() for {copy_to,clear}_user()"
+- depends on MMU
++ depends on MMU && !PAX_MEMORY_UDEREF
+ default y if CPU_FEROCEON
+ help
+ Implement faster copy_to_user and clear_user methods for CPU
+diff --git a/arch/arm/common/gic.c b/arch/arm/common/gic.c
+index 87dfa902..3a523fc 100644
+--- a/arch/arm/common/gic.c
++++ b/arch/arm/common/gic.c
+@@ -81,7 +81,7 @@ static u8 gic_cpu_map[NR_GIC_CPU_IF] __read_mostly;
+ * Supported arch specific GIC irq extension.
+ * Default make them NULL.
+ */
+-struct irq_chip gic_arch_extn = {
++irq_chip_no_const gic_arch_extn __read_only = {
+ .irq_eoi = NULL,
+ .irq_mask = NULL,
+ .irq_unmask = NULL,
+@@ -329,7 +329,7 @@ static void gic_handle_cascade_irq(unsigned int irq, struct irq_desc *desc)
+ chained_irq_exit(chip, desc);
+ }
+
+-static struct irq_chip gic_chip = {
++static irq_chip_no_const gic_chip __read_only = {
+ .name = "GIC",
+ .irq_mask = gic_mask_irq,
+ .irq_unmask = gic_unmask_irq,
diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic.h
index c79f61f..9ac0642 100644
--- a/arch/arm/include/asm/atomic.h
/*
* Select the calling method
+diff --git a/arch/arm/include/asm/checksum.h b/arch/arm/include/asm/checksum.h
+index 6dcc164..b14d917 100644
+--- a/arch/arm/include/asm/checksum.h
++++ b/arch/arm/include/asm/checksum.h
+@@ -37,7 +37,19 @@ __wsum
+ csum_partial_copy_nocheck(const void *src, void *dst, int len, __wsum sum);
+
+ __wsum
+-csum_partial_copy_from_user(const void __user *src, void *dst, int len, __wsum sum, int *err_ptr);
++__csum_partial_copy_from_user(const void __user *src, void *dst, int len, __wsum sum, int *err_ptr);
++
++static inline __wsum
++csum_partial_copy_from_user(const void __user *src, void *dst, int len, __wsum sum, int *err_ptr)
++{
++ __wsum ret;
++ pax_open_userland();
++ ret = __csum_partial_copy_from_user(src, dst, len, sum, err_ptr);
++ pax_close_userland();
++ return ret;
++}
++
++
+
+ /*
+ * Fold a partial checksum without adding pseudo headers
diff --git a/arch/arm/include/asm/cmpxchg.h b/arch/arm/include/asm/cmpxchg.h
index 7eb18c1..e38b6d2 100644
--- a/arch/arm/include/asm/cmpxchg.h
#include <asm-generic/cmpxchg-local.h>
diff --git a/arch/arm/include/asm/delay.h b/arch/arm/include/asm/delay.h
-index ab98fdd..6b19938 100644
+index 720799f..2f67631 100644
--- a/arch/arm/include/asm/delay.h
+++ b/arch/arm/include/asm/delay.h
-@@ -24,9 +24,9 @@ extern struct arm_delay_ops {
- void (*delay)(unsigned long);
+@@ -25,9 +25,9 @@ extern struct arm_delay_ops {
void (*const_udelay)(unsigned long);
void (*udelay)(unsigned long);
+ bool const_clock;
-} arm_delay_ops;
+} *arm_delay_ops;
/*
* This function intentionally does not exist; if you see references to
-@@ -47,8 +47,8 @@ extern void __bad_udelay(void);
+@@ -48,8 +48,8 @@ extern void __bad_udelay(void);
* first constant multiplications gets optimized away if the delay is
* a constant)
*/
#define udelay(n) \
(__builtin_constant_p(n) ? \
+diff --git a/arch/arm/include/asm/domain.h b/arch/arm/include/asm/domain.h
+index 6ddbe44..b5e38b1 100644
+--- a/arch/arm/include/asm/domain.h
++++ b/arch/arm/include/asm/domain.h
+@@ -48,18 +48,37 @@
+ * Domain types
+ */
+ #define DOMAIN_NOACCESS 0
+-#define DOMAIN_CLIENT 1
+ #ifdef CONFIG_CPU_USE_DOMAINS
++#define DOMAIN_USERCLIENT 1
++#define DOMAIN_KERNELCLIENT 1
+ #define DOMAIN_MANAGER 3
++#define DOMAIN_VECTORS DOMAIN_USER
+ #else
++
++#ifdef CONFIG_PAX_KERNEXEC
+ #define DOMAIN_MANAGER 1
++#define DOMAIN_KERNEXEC 3
++#else
++#define DOMAIN_MANAGER 1
++#endif
++
++#ifdef CONFIG_PAX_MEMORY_UDEREF
++#define DOMAIN_USERCLIENT 0
++#define DOMAIN_UDEREF 1
++#define DOMAIN_VECTORS DOMAIN_KERNEL
++#else
++#define DOMAIN_USERCLIENT 1
++#define DOMAIN_VECTORS DOMAIN_USER
++#endif
++#define DOMAIN_KERNELCLIENT 1
++
+ #endif
+
+ #define domain_val(dom,type) ((type) << (2*(dom)))
+
+ #ifndef __ASSEMBLY__
+
+-#ifdef CONFIG_CPU_USE_DOMAINS
++#if defined(CONFIG_CPU_USE_DOMAINS) || defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)
+ static inline void set_domain(unsigned val)
+ {
+ asm volatile(
+@@ -68,15 +87,7 @@ static inline void set_domain(unsigned val)
+ isb();
+ }
+
+-#define modify_domain(dom,type) \
+- do { \
+- struct thread_info *thread = current_thread_info(); \
+- unsigned int domain = thread->cpu_domain; \
+- domain &= ~domain_val(dom, DOMAIN_MANAGER); \
+- thread->cpu_domain = domain | domain_val(dom, type); \
+- set_domain(thread->cpu_domain); \
+- } while (0)
+-
++extern void modify_domain(unsigned int dom, unsigned int type);
+ #else
+ static inline void set_domain(unsigned val) { }
+ static inline void modify_domain(unsigned dom, unsigned type) { }
diff --git a/arch/arm/include/asm/elf.h b/arch/arm/include/asm/elf.h
index 38050b1..9d90e8b 100644
--- a/arch/arm/include/asm/elf.h
-#define arch_randomize_brk arch_randomize_brk
-
#endif
+diff --git a/arch/arm/include/asm/fncpy.h b/arch/arm/include/asm/fncpy.h
+index de53547..52b9a28 100644
+--- a/arch/arm/include/asm/fncpy.h
++++ b/arch/arm/include/asm/fncpy.h
+@@ -81,7 +81,9 @@
+ BUG_ON((uintptr_t)(dest_buf) & (FNCPY_ALIGN - 1) || \
+ (__funcp_address & ~(uintptr_t)1 & (FNCPY_ALIGN - 1))); \
+ \
++ pax_open_kernel(); \
+ memcpy(dest_buf, (void const *)(__funcp_address & ~1), size); \
++ pax_close_kernel(); \
+ flush_icache_range((unsigned long)(dest_buf), \
+ (unsigned long)(dest_buf) + (size)); \
+ \
+diff --git a/arch/arm/include/asm/futex.h b/arch/arm/include/asm/futex.h
+index e42cf59..7b94b8f 100644
+--- a/arch/arm/include/asm/futex.h
++++ b/arch/arm/include/asm/futex.h
+@@ -50,6 +50,8 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,
+ if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32)))
+ return -EFAULT;
+
++ pax_open_userland();
++
+ smp_mb();
+ __asm__ __volatile__("@futex_atomic_cmpxchg_inatomic\n"
+ "1: ldrex %1, [%4]\n"
+@@ -65,6 +67,8 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,
+ : "cc", "memory");
+ smp_mb();
+
++ pax_close_userland();
++
+ *uval = val;
+ return ret;
+ }
+@@ -95,6 +99,8 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,
+ if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32)))
+ return -EFAULT;
+
++ pax_open_userland();
++
+ __asm__ __volatile__("@futex_atomic_cmpxchg_inatomic\n"
+ "1: " TUSER(ldr) " %1, [%4]\n"
+ " teq %1, %2\n"
+@@ -105,6 +111,8 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,
+ : "r" (oldval), "r" (newval), "r" (uaddr), "Ir" (-EFAULT)
+ : "cc", "memory");
+
++ pax_close_userland();
++
+ *uval = val;
+ return ret;
+ }
+@@ -127,6 +135,7 @@ futex_atomic_op_inuser (int encoded_op, u32 __user *uaddr)
+ return -EFAULT;
+
+ pagefault_disable(); /* implies preempt_disable() */
++ pax_open_userland();
+
+ switch (op) {
+ case FUTEX_OP_SET:
+@@ -148,6 +157,7 @@ futex_atomic_op_inuser (int encoded_op, u32 __user *uaddr)
+ ret = -ENOSYS;
+ }
+
++ pax_close_userland();
+ pagefault_enable(); /* subsumes preempt_enable() */
+
+ if (!ret) {
+diff --git a/arch/arm/include/asm/hardware/gic.h b/arch/arm/include/asm/hardware/gic.h
+index 4b1ce6c..bea3f73 100644
+--- a/arch/arm/include/asm/hardware/gic.h
++++ b/arch/arm/include/asm/hardware/gic.h
+@@ -34,9 +34,10 @@
+
+ #ifndef __ASSEMBLY__
+ #include <linux/irqdomain.h>
++#include <linux/irq.h>
+ struct device_node;
+
+-extern struct irq_chip gic_arch_extn;
++extern irq_chip_no_const gic_arch_extn;
+
+ void gic_init_bases(unsigned int, int, void __iomem *, void __iomem *,
+ u32 offset, struct device_node *);
diff --git a/arch/arm/include/asm/kmap_types.h b/arch/arm/include/asm/kmap_types.h
index 83eb2f7..ed77159 100644
--- a/arch/arm/include/asm/kmap_types.h
struct dma_struct {
void *addr; /* single DMA address */
diff --git a/arch/arm/include/asm/mach/map.h b/arch/arm/include/asm/mach/map.h
-index 195ac2f..2272f0d 100644
+index 2fe141f..192dc01 100644
--- a/arch/arm/include/asm/mach/map.h
+++ b/arch/arm/include/asm/mach/map.h
-@@ -34,6 +34,9 @@ struct map_desc {
+@@ -27,13 +27,16 @@ struct map_desc {
+ #define MT_MINICLEAN 6
+ #define MT_LOW_VECTORS 7
+ #define MT_HIGH_VECTORS 8
+-#define MT_MEMORY 9
++#define MT_MEMORY_RWX 9
+ #define MT_ROM 10
+-#define MT_MEMORY_NONCACHED 11
++#define MT_MEMORY_NONCACHED_RX 11
+ #define MT_MEMORY_DTCM 12
#define MT_MEMORY_ITCM 13
#define MT_MEMORY_SO 14
#define MT_MEMORY_DMA_READY 15
-+#define MT_MEMORY_R 16
-+#define MT_MEMORY_RW 17
-+#define MT_MEMORY_RX 18
++#define MT_MEMORY_RW 16
++#define MT_MEMORY_RX 17
++#define MT_MEMORY_NONCACHED_RW 18
#ifdef CONFIG_MMU
extern void iotable_init(struct map_desc *, int);
#ifdef MULTI_USER
extern struct cpu_user_fns cpu_user;
diff --git a/arch/arm/include/asm/pgalloc.h b/arch/arm/include/asm/pgalloc.h
-index 943504f..84d0f84 100644
+index 943504f..c37a730 100644
--- a/arch/arm/include/asm/pgalloc.h
+++ b/arch/arm/include/asm/pgalloc.h
@@ -17,6 +17,7 @@
#endif /* CONFIG_ARM_LPAE */
-@@ -126,6 +133,16 @@ static inline void pte_free(struct mm_struct *mm, pgtable_t pte)
+@@ -126,6 +133,19 @@ static inline void pte_free(struct mm_struct *mm, pgtable_t pte)
__free_page(pte);
}
-+static inline void __pmd_update(pmd_t *pmdp, pmdval_t prot)
++static inline void __section_update(pmd_t *pmdp, unsigned long addr, pmdval_t prot)
+{
-+ pmdval_t pmdval = pmd_val(*pmdp) | prot;
-+ pmdp[0] = __pmd(pmdval);
-+#ifndef CONFIG_ARM_LPAE
-+ pmdp[1] = __pmd(pmdval + 256 * sizeof(pte_t));
++#ifdef CONFIG_ARM_LPAE
++ pmdp[0] = __pmd(pmd_val(pmdp[0]) | prot);
++#else
++ if (addr & SECTION_SIZE)
++ pmdp[1] = __pmd(pmd_val(pmdp[1]) | prot);
++ else
++ pmdp[0] = __pmd(pmd_val(pmdp[0]) | prot);
+#endif
+ flush_pmd_entry(pmdp);
+}
static inline void __pmd_populate(pmd_t *pmdp, phys_addr_t pte,
pmdval_t prot)
{
-@@ -155,7 +172,7 @@ pmd_populate_kernel(struct mm_struct *mm, pmd_t *pmdp, pte_t *ptep)
+@@ -155,7 +175,7 @@ pmd_populate_kernel(struct mm_struct *mm, pmd_t *pmdp, pte_t *ptep)
static inline void
pmd_populate(struct mm_struct *mm, pmd_t *pmdp, pgtable_t ptep)
{
#define pmd_pgtable(pmd) pmd_page(pmd)
diff --git a/arch/arm/include/asm/pgtable-2level-hwdef.h b/arch/arm/include/asm/pgtable-2level-hwdef.h
-index 5cfba15..d437dc2 100644
+index 5cfba15..f415e1a 100644
--- a/arch/arm/include/asm/pgtable-2level-hwdef.h
+++ b/arch/arm/include/asm/pgtable-2level-hwdef.h
@@ -20,12 +20,15 @@
#define PMD_TYPE_FAULT (_AT(pmdval_t, 0) << 0)
#define PMD_TYPE_TABLE (_AT(pmdval_t, 1) << 0)
#define PMD_TYPE_SECT (_AT(pmdval_t, 2) << 0)
-+#define PMD_PXNTABLE (_AT(pmdval_t, 1) << 2) /* PXN */
++#define PMD_PXNTABLE (_AT(pmdval_t, 1) << 2) /* v7 */
#define PMD_BIT4 (_AT(pmdval_t, 1) << 4)
#define PMD_DOMAIN(x) (_AT(pmdval_t, (x)) << 5)
#define PMD_PROTECTION (_AT(pmdval_t, 1) << 9) /* v5 */
/*
* - section
*/
-+#define PMD_SECT_PXN (_AT(pmdval_t, 1) << 0)
++#define PMD_SECT_PXN (_AT(pmdval_t, 1) << 0) /* v7 */
#define PMD_SECT_BUFFERABLE (_AT(pmdval_t, 1) << 2)
#define PMD_SECT_CACHEABLE (_AT(pmdval_t, 1) << 3)
#define PMD_SECT_XN (_AT(pmdval_t, 1) << 4) /* v6 */
#define PMD_SECT_nG (_AT(pmdval_t, 1) << 17) /* v6 */
#define PMD_SECT_SUPER (_AT(pmdval_t, 1) << 18) /* v6 */
#define PMD_SECT_AF (_AT(pmdval_t, 0))
-+#define PMD_SECT_AP_RDONLY (_AT(pmdval_t, 0))
++#define PMD_SECT_RDONLY (_AT(pmdval_t, 0))
#define PMD_SECT_UNCACHED (_AT(pmdval_t, 0))
#define PMD_SECT_BUFFERED (PMD_SECT_BUFFERABLE)
+@@ -66,6 +70,7 @@
+ * - extended small page/tiny page
+ */
+ #define PTE_EXT_XN (_AT(pteval_t, 1) << 0) /* v6 */
++#define PTE_EXT_PXN (_AT(pteval_t, 1) << 2) /* v7 */
+ #define PTE_EXT_AP_MASK (_AT(pteval_t, 3) << 4)
+ #define PTE_EXT_AP0 (_AT(pteval_t, 1) << 4)
+ #define PTE_EXT_AP1 (_AT(pteval_t, 2) << 4)
diff --git a/arch/arm/include/asm/pgtable-2level.h b/arch/arm/include/asm/pgtable-2level.h
-index 2317a71..1897391 100644
+index f97ee02..07f1be5 100644
--- a/arch/arm/include/asm/pgtable-2level.h
+++ b/arch/arm/include/asm/pgtable-2level.h
-@@ -123,6 +123,7 @@
- #define L_PTE_USER (_AT(pteval_t, 1) << 8)
+@@ -125,6 +125,7 @@
#define L_PTE_XN (_AT(pteval_t, 1) << 9)
#define L_PTE_SHARED (_AT(pteval_t, 1) << 10) /* shared(v6), coherent(xsc3) */
-+#define L_PTE_PXN (_AT(pteval_t, 1) << 11) /* v7*/
+ #define L_PTE_NONE (_AT(pteval_t, 1) << 11)
++#define L_PTE_PXN (_AT(pteval_t, 1) << 12) /* v7*/
/*
* These are the memory types, defined to be compatible with
diff --git a/arch/arm/include/asm/pgtable-3level-hwdef.h b/arch/arm/include/asm/pgtable-3level-hwdef.h
-index d795282..d82ff13 100644
+index d795282..a43ea90 100644
--- a/arch/arm/include/asm/pgtable-3level-hwdef.h
+++ b/arch/arm/include/asm/pgtable-3level-hwdef.h
-@@ -32,6 +32,7 @@
+@@ -32,15 +32,18 @@
#define PMD_TYPE_SECT (_AT(pmdval_t, 1) << 0)
#define PMD_BIT4 (_AT(pmdval_t, 0))
#define PMD_DOMAIN(x) (_AT(pmdval_t, 0))
/*
* - section
-@@ -41,9 +42,11 @@
+ */
+ #define PMD_SECT_BUFFERABLE (_AT(pmdval_t, 1) << 2)
+ #define PMD_SECT_CACHEABLE (_AT(pmdval_t, 1) << 3)
++#define PMD_SECT_RDONLY (_AT(pmdval_t, 1) << 7)
#define PMD_SECT_S (_AT(pmdval_t, 3) << 8)
#define PMD_SECT_AF (_AT(pmdval_t, 1) << 10)
#define PMD_SECT_nG (_AT(pmdval_t, 1) << 11)
#define PMD_SECT_XN (_AT(pmdval_t, 1) << 54)
#define PMD_SECT_AP_WRITE (_AT(pmdval_t, 0))
#define PMD_SECT_AP_READ (_AT(pmdval_t, 0))
-+#define PMD_SECT_AP_RDONLY (_AT(pmdval_t, 1) << 7)
- #define PMD_SECT_TEX(x) (_AT(pmdval_t, 0))
-
- /*
@@ -66,6 +69,7 @@
#define PTE_EXT_SHARED (_AT(pteval_t, 3) << 8) /* SH[1:0], inner shareable */
#define PTE_EXT_AF (_AT(pteval_t, 1) << 10) /* Access Flag */
/*
diff --git a/arch/arm/include/asm/pgtable-3level.h b/arch/arm/include/asm/pgtable-3level.h
-index b249035..4ab204b 100644
+index a3f3792..7b932a6 100644
--- a/arch/arm/include/asm/pgtable-3level.h
+++ b/arch/arm/include/asm/pgtable-3level.h
-@@ -73,6 +73,7 @@
+@@ -74,6 +74,7 @@
#define L_PTE_RDONLY (_AT(pteval_t, 1) << 7) /* AP[2] */
#define L_PTE_SHARED (_AT(pteval_t, 3) << 8) /* SH[1:0], inner shareable */
#define L_PTE_YOUNG (_AT(pteval_t, 1) << 10) /* AF */
#define L_PTE_XN (_AT(pteval_t, 1) << 54) /* XN */
#define L_PTE_DIRTY (_AT(pteval_t, 1) << 55) /* unused */
#define L_PTE_SPECIAL (_AT(pteval_t, 1) << 56) /* unused */
-@@ -80,6 +81,7 @@
+@@ -82,6 +83,7 @@
/*
* To be used in assembly code with the upper page attributes.
*/
#define L_PTE_DIRTY_HIGH (1 << (55 - 32))
diff --git a/arch/arm/include/asm/pgtable.h b/arch/arm/include/asm/pgtable.h
-index 08c1231..1031bb4 100644
+index c094749..fd8272e 100644
--- a/arch/arm/include/asm/pgtable.h
+++ b/arch/arm/include/asm/pgtable.h
@@ -30,6 +30,9 @@
extern void __pte_error(const char *file, int line, pte_t);
extern void __pmd_error(const char *file, int line, pmd_t);
extern void __pgd_error(const char *file, int line, pgd_t);
-@@ -53,6 +59,17 @@ extern void __pgd_error(const char *file, int line, pgd_t);
+@@ -53,6 +59,50 @@ extern void __pgd_error(const char *file, int line, pgd_t);
#define pmd_ERROR(pmd) __pmd_error(__FILE__, __LINE__, pmd)
#define pgd_ERROR(pgd) __pgd_error(__FILE__, __LINE__, pgd)
+#define __HAVE_ARCH_PAX_CLOSE_KERNEL
+
+#ifdef CONFIG_PAX_KERNEXEC
-+static inline unsigned long pax_open_kernel(void) { return 0; /* TODO */ }
-+static inline unsigned long pax_close_kernel(void) { return 0; /* TODO */ }
++#include <asm/domain.h>
++#include <linux/thread_info.h>
++#include <linux/preempt.h>
++#endif
++
++#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)
++static inline int test_domain(int domain, int domaintype)
++{
++ return ((current_thread_info()->cpu_domain) & domain_val(domain, 3)) == domain_val(domain, domaintype);
++}
++#endif
++
++#ifdef CONFIG_PAX_KERNEXEC
++static inline unsigned long pax_open_kernel(void) {
++#ifdef CONFIG_ARM_LPAE
++ /* TODO */
++#else
++ preempt_disable();
++ BUG_ON(test_domain(DOMAIN_KERNEL, DOMAIN_KERNEXEC));
++ modify_domain(DOMAIN_KERNEL, DOMAIN_KERNEXEC);
++#endif
++ return 0;
++}
++
++static inline unsigned long pax_close_kernel(void) {
++#ifdef CONFIG_ARM_LPAE
++ /* TODO */
++#else
++ BUG_ON(test_domain(DOMAIN_KERNEL, DOMAIN_MANAGER));
++ /* DOMAIN_MANAGER = "client" under KERNEXEC */
++ modify_domain(DOMAIN_KERNEL, DOMAIN_MANAGER);
++ preempt_enable_no_resched();
++#endif
++ return 0;
++}
+#else
+static inline unsigned long pax_open_kernel(void) { return 0; }
+static inline unsigned long pax_close_kernel(void) { return 0; }
/*
* This is the lowest virtual address we can permit any user space
* mapping to be mapped at. This is particularly important for
-@@ -63,8 +80,8 @@ extern void __pgd_error(const char *file, int line, pgd_t);
+@@ -63,8 +113,8 @@ extern void __pgd_error(const char *file, int line, pgd_t);
/*
* The pgprot_* and protection_map entries will be fixed up in runtime
* to include the cachable and bufferable bits based on memory policy,
*/
#define _L_PTE_DEFAULT L_PTE_PRESENT | L_PTE_YOUNG
-@@ -242,7 +259,7 @@ static inline pte_t pte_mkspecial(pte_t pte) { return pte; }
+@@ -240,8 +290,7 @@ static inline pte_t pte_mkspecial(pte_t pte) { return pte; }
static inline pte_t pte_modify(pte_t pte, pgprot_t newprot)
{
-- const pteval_t mask = L_PTE_XN | L_PTE_RDONLY | L_PTE_USER;
-+ const pteval_t mask = L_PTE_XN | L_PTE_RDONLY | L_PTE_USER | __supported_pte_mask;
+- const pteval_t mask = L_PTE_XN | L_PTE_RDONLY | L_PTE_USER |
+- L_PTE_NONE | L_PTE_VALID;
++ const pteval_t mask = L_PTE_XN | L_PTE_RDONLY | L_PTE_USER | L_PTE_NONE | L_PTE_VALID | __supported_pte_mask;
pte_val(pte) = (pte_val(pte) & ~mask) | (pgprot_val(newprot) & mask);
return pte;
}
#ifndef MULTI_CPU
extern void cpu_proc_init(void);
+diff --git a/arch/arm/include/asm/processor.h b/arch/arm/include/asm/processor.h
+index 06e7d50..8a8e251 100644
+--- a/arch/arm/include/asm/processor.h
++++ b/arch/arm/include/asm/processor.h
+@@ -65,9 +65,8 @@ struct thread_struct {
+ regs->ARM_cpsr |= PSR_ENDSTATE; \
+ regs->ARM_pc = pc & ~1; /* pc */ \
+ regs->ARM_sp = sp; /* sp */ \
+- regs->ARM_r2 = stack[2]; /* r2 (envp) */ \
+- regs->ARM_r1 = stack[1]; /* r1 (argv) */ \
+- regs->ARM_r0 = stack[0]; /* r0 (argc) */ \
++ /* r2 (envp), r1 (argv), r0 (argc) */ \
++ (void)copy_from_user(®s->ARM_r0, (const char __user *)stack, 3 * sizeof(unsigned long)); \
+ nommu_start_thread(regs); \
+ })
+
diff --git a/arch/arm/include/asm/smp.h b/arch/arm/include/asm/smp.h
-index 2e3be16..4dc90fc 100644
+index d3a22be..3a69ad5 100644
--- a/arch/arm/include/asm/smp.h
+++ b/arch/arm/include/asm/smp.h
-@@ -106,7 +106,7 @@ struct smp_operations {
+@@ -107,7 +107,7 @@ struct smp_operations {
int (*cpu_disable)(unsigned int cpu);
#endif
#endif
/*
* set platform specific SMP operations
diff --git a/arch/arm/include/asm/thread_info.h b/arch/arm/include/asm/thread_info.h
-index 8477b4c..801a6a9 100644
+index cddda1f..ff357f7 100644
--- a/arch/arm/include/asm/thread_info.h
+++ b/arch/arm/include/asm/thread_info.h
-@@ -151,6 +151,12 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *,
- #define TIF_SYSCALL_TRACE 8
+@@ -77,9 +77,9 @@ struct thread_info {
+ .flags = 0, \
+ .preempt_count = INIT_PREEMPT_COUNT, \
+ .addr_limit = KERNEL_DS, \
+- .cpu_domain = domain_val(DOMAIN_USER, DOMAIN_MANAGER) | \
+- domain_val(DOMAIN_KERNEL, DOMAIN_MANAGER) | \
+- domain_val(DOMAIN_IO, DOMAIN_CLIENT), \
++ .cpu_domain = domain_val(DOMAIN_USER, DOMAIN_USERCLIENT) | \
++ domain_val(DOMAIN_KERNEL, DOMAIN_KERNELCLIENT) | \
++ domain_val(DOMAIN_IO, DOMAIN_KERNELCLIENT), \
+ .restart_block = { \
+ .fn = do_no_restart_syscall, \
+ }, \
+@@ -152,6 +152,12 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *,
#define TIF_SYSCALL_AUDIT 9
#define TIF_SYSCALL_TRACEPOINT 10
+ #define TIF_SECCOMP 11 /* seccomp syscall filtering active */
+
+/* within 8 bits of TIF_SYSCALL_TRACE
-+ to meet flexible second operand requirements
-+*/
-+#define TIF_GRSEC_SETXID 11
++ * to meet flexible second operand requirements
++ */
++#define TIF_GRSEC_SETXID 12
+
#define TIF_USING_IWMMXT 17
#define TIF_MEMDIE 18 /* is terminating due to OOM killer */
#define TIF_RESTORE_SIGMASK 20
-@@ -165,9 +171,11 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *,
+@@ -165,10 +171,11 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *,
#define _TIF_SYSCALL_TRACEPOINT (1 << TIF_SYSCALL_TRACEPOINT)
- #define _TIF_USING_IWMMXT (1 << TIF_USING_IWMMXT)
#define _TIF_SECCOMP (1 << TIF_SECCOMP)
+ #define _TIF_USING_IWMMXT (1 << TIF_USING_IWMMXT)
+#define _TIF_GRSEC_SETXID (1 << TIF_GRSEC_SETXID)
/* Checks for any syscall work in entry-common.S */
--#define _TIF_SYSCALL_WORK (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | _TIF_SYSCALL_TRACEPOINT)
-+#define _TIF_SYSCALL_WORK (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | _TIF_SYSCALL_TRACEPOINT | \
-+ _TIF_GRSEC_SETXID)
+ #define _TIF_SYSCALL_WORK (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | \
+- _TIF_SYSCALL_TRACEPOINT | _TIF_SECCOMP)
++ _TIF_SYSCALL_TRACEPOINT | _TIF_SECCOMP | _TIF_GRSEC_SETXID)
/*
* Change these and you break ASM code in entry-common.S
diff --git a/arch/arm/include/asm/uaccess.h b/arch/arm/include/asm/uaccess.h
-index 7e1f760..f2c37b1 100644
+index 7e1f760..752fcb7 100644
--- a/arch/arm/include/asm/uaccess.h
+++ b/arch/arm/include/asm/uaccess.h
-@@ -418,8 +418,23 @@ do { \
+@@ -18,6 +18,7 @@
+ #include <asm/domain.h>
+ #include <asm/unified.h>
+ #include <asm/compiler.h>
++#include <asm/pgtable.h>
+
+ #define VERIFY_READ 0
+ #define VERIFY_WRITE 1
+@@ -60,10 +61,34 @@ extern int __put_user_bad(void);
+ #define USER_DS TASK_SIZE
+ #define get_fs() (current_thread_info()->addr_limit)
+
++static inline void pax_open_userland(void)
++{
++
++#ifdef CONFIG_PAX_MEMORY_UDEREF
++ if (get_fs() == USER_DS) {
++ BUG_ON(test_domain(DOMAIN_USER, DOMAIN_UDEREF));
++ modify_domain(DOMAIN_USER, DOMAIN_UDEREF);
++ }
++#endif
++
++}
++
++static inline void pax_close_userland(void)
++{
++
++#ifdef CONFIG_PAX_MEMORY_UDEREF
++ if (get_fs() == USER_DS) {
++ BUG_ON(test_domain(DOMAIN_USER, DOMAIN_NOACCESS));
++ modify_domain(DOMAIN_USER, DOMAIN_NOACCESS);
++ }
++#endif
++
++}
++
+ static inline void set_fs(mm_segment_t fs)
+ {
+ current_thread_info()->addr_limit = fs;
+- modify_domain(DOMAIN_KERNEL, fs ? DOMAIN_CLIENT : DOMAIN_MANAGER);
++ modify_domain(DOMAIN_KERNEL, fs ? DOMAIN_KERNELCLIENT : DOMAIN_MANAGER);
+ }
+
+ #define segment_eq(a,b) ((a) == (b))
+@@ -143,8 +168,12 @@ extern int __get_user_4(void *);
+
+ #define get_user(x,p) \
+ ({ \
++ int __e; \
+ might_fault(); \
+- __get_user_check(x,p); \
++ pax_open_userland(); \
++ __e = __get_user_check(x,p); \
++ pax_close_userland(); \
++ __e; \
+ })
+
+ extern int __put_user_1(void *, unsigned int);
+@@ -188,8 +217,12 @@ extern int __put_user_8(void *, unsigned long long);
+
+ #define put_user(x,p) \
+ ({ \
++ int __e; \
+ might_fault(); \
+- __put_user_check(x,p); \
++ pax_open_userland(); \
++ __e = __put_user_check(x,p); \
++ pax_close_userland(); \
++ __e; \
+ })
+
+ #else /* CONFIG_MMU */
+@@ -230,13 +263,17 @@ static inline void set_fs(mm_segment_t fs)
+ #define __get_user(x,ptr) \
+ ({ \
+ long __gu_err = 0; \
++ pax_open_userland(); \
+ __get_user_err((x),(ptr),__gu_err); \
++ pax_close_userland(); \
+ __gu_err; \
+ })
+
+ #define __get_user_error(x,ptr,err) \
+ ({ \
++ pax_open_userland(); \
+ __get_user_err((x),(ptr),err); \
++ pax_close_userland(); \
+ (void) 0; \
+ })
+
+@@ -312,13 +349,17 @@ do { \
+ #define __put_user(x,ptr) \
+ ({ \
+ long __pu_err = 0; \
++ pax_open_userland(); \
+ __put_user_err((x),(ptr),__pu_err); \
++ pax_close_userland(); \
+ __pu_err; \
+ })
+
+ #define __put_user_error(x,ptr,err) \
+ ({ \
++ pax_open_userland(); \
+ __put_user_err((x),(ptr),err); \
++ pax_close_userland(); \
+ (void) 0; \
+ })
+
+@@ -418,11 +459,44 @@ do { \
#ifdef CONFIG_MMU
+
+static inline unsigned long __must_check __copy_from_user(void *to, const void __user *from, unsigned long n)
+{
-+ check_object_size(to, n, false);
++ unsigned long ret;
+
-+ return ___copy_from_user(to, from, n);
++ check_object_size(to, n, false);
++ pax_open_userland();
++ ret = ___copy_from_user(to, from, n);
++ pax_close_userland();
++ return ret;
+}
+
+static inline unsigned long __must_check __copy_to_user(void __user *to, const void *from, unsigned long n)
+{
-+ check_object_size(from, n, true);
++ unsigned long ret;
+
-+ return ___copy_to_user(to, from, n);
++ check_object_size(from, n, true);
++ pax_open_userland();
++ ret = ___copy_to_user(to, from, n);
++ pax_close_userland();
++ return ret;
+}
+
extern unsigned long __must_check __copy_to_user_std(void __user *to, const void *from, unsigned long n);
- extern unsigned long __must_check __clear_user(void __user *addr, unsigned long n);
+-extern unsigned long __must_check __clear_user(void __user *addr, unsigned long n);
++extern unsigned long __must_check ___clear_user(void __user *addr, unsigned long n);
extern unsigned long __must_check __clear_user_std(void __user *addr, unsigned long n);
-@@ -431,6 +446,9 @@ extern unsigned long __must_check __clear_user_std(void __user *addr, unsigned l
++
++static inline unsigned long __must_check __clear_user(void __user *addr, unsigned long n)
++{
++ unsigned long ret;
++ pax_open_userland();
++ ret = ___clear_user(addr, n);
++ pax_close_userland();
++ return ret;
++}
++
+ #else
+ #define __copy_from_user(to,from,n) (memcpy(to, (void __force *)from, n), 0)
+ #define __copy_to_user(to,from,n) (memcpy((void __force *)to, from, n), 0)
+@@ -431,6 +505,9 @@ extern unsigned long __must_check __clear_user_std(void __user *addr, unsigned l
static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n)
{
if (access_ok(VERIFY_READ, from, n))
n = __copy_from_user(to, from, n);
else /* security hole - plug it */
-@@ -440,6 +458,9 @@ static inline unsigned long __must_check copy_from_user(void *to, const void __u
+@@ -440,6 +517,9 @@ static inline unsigned long __must_check copy_from_user(void *to, const void __u
static inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n)
{
#define PSR_ENDIAN_MASK 0x00000200 /* Endianness state mask */
diff --git a/arch/arm/kernel/armksyms.c b/arch/arm/kernel/armksyms.c
-index 60d3b73..9168db0 100644
+index 60d3b73..d27ee09 100644
--- a/arch/arm/kernel/armksyms.c
+++ b/arch/arm/kernel/armksyms.c
-@@ -89,8 +89,8 @@ EXPORT_SYMBOL(__memzero);
+@@ -89,9 +89,9 @@ EXPORT_SYMBOL(__memzero);
#ifdef CONFIG_MMU
EXPORT_SYMBOL(copy_page);
-EXPORT_SYMBOL(__copy_from_user);
-EXPORT_SYMBOL(__copy_to_user);
+-EXPORT_SYMBOL(__clear_user);
+EXPORT_SYMBOL(___copy_from_user);
+EXPORT_SYMBOL(___copy_to_user);
- EXPORT_SYMBOL(__clear_user);
++EXPORT_SYMBOL(___clear_user);
EXPORT_SYMBOL(__get_user_1);
+ EXPORT_SYMBOL(__get_user_2);
+diff --git a/arch/arm/kernel/entry-armv.S b/arch/arm/kernel/entry-armv.S
+index 0f82098..3dbd3ee 100644
+--- a/arch/arm/kernel/entry-armv.S
++++ b/arch/arm/kernel/entry-armv.S
+@@ -47,6 +47,87 @@
+ 9997:
+ .endm
+
++ .macro pax_enter_kernel
++#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)
++ @ make aligned space for saved DACR
++ sub sp, sp, #8
++ @ save regs
++ stmdb sp!, {r1, r2}
++ @ read DACR from cpu_domain into r1
++ mov r2, sp
++ @ assume 8K pages, since we have to split the immediate in two
++ bic r2, r2, #(0x1fc0)
++ bic r2, r2, #(0x3f)
++ ldr r1, [r2, #TI_CPU_DOMAIN]
++ @ store old DACR on stack
++ str r1, [sp, #8]
++#ifdef CONFIG_PAX_KERNEXEC
++ @ set type of DOMAIN_KERNEL to DOMAIN_KERNELCLIENT
++ bic r1, r1, #(domain_val(DOMAIN_KERNEL, 3))
++ orr r1, r1, #(domain_val(DOMAIN_KERNEL, DOMAIN_KERNELCLIENT))
++#endif
++#ifdef CONFIG_PAX_MEMORY_UDEREF
++ @ set current DOMAIN_USER to DOMAIN_NOACCESS
++ bic r1, r1, #(domain_val(DOMAIN_USER, 3))
++#endif
++ @ write r1 to current_thread_info()->cpu_domain
++ str r1, [r2, #TI_CPU_DOMAIN]
++ @ write r1 to DACR
++ mcr p15, 0, r1, c3, c0, 0
++ @ instruction sync
++ instr_sync
++ @ restore regs
++ ldmia sp!, {r1, r2}
++#endif
++ .endm
++
++ .macro pax_open_userland
++#ifdef CONFIG_PAX_MEMORY_UDEREF
++ @ save regs
++ stmdb sp!, {r0, r1}
++ @ read DACR from cpu_domain into r1
++ mov r0, sp
++ @ assume 8K pages, since we have to split the immediate in two
++ bic r0, r0, #(0x1fc0)
++ bic r0, r0, #(0x3f)
++ ldr r1, [r0, #TI_CPU_DOMAIN]
++ @ set current DOMAIN_USER to DOMAIN_CLIENT
++ bic r1, r1, #(domain_val(DOMAIN_USER, 3))
++ orr r1, r1, #(domain_val(DOMAIN_USER, DOMAIN_UDEREF))
++ @ write r1 to current_thread_info()->cpu_domain
++ str r1, [r0, #TI_CPU_DOMAIN]
++ @ write r1 to DACR
++ mcr p15, 0, r1, c3, c0, 0
++ @ instruction sync
++ instr_sync
++ @ restore regs
++ ldmia sp!, {r0, r1}
++#endif
++ .endm
++
++ .macro pax_close_userland
++#ifdef CONFIG_PAX_MEMORY_UDEREF
++ @ save regs
++ stmdb sp!, {r0, r1}
++ @ read DACR from cpu_domain into r1
++ mov r0, sp
++ @ assume 8K pages, since we have to split the immediate in two
++ bic r0, r0, #(0x1fc0)
++ bic r0, r0, #(0x3f)
++ ldr r1, [r0, #TI_CPU_DOMAIN]
++ @ set current DOMAIN_USER to DOMAIN_NOACCESS
++ bic r1, r1, #(domain_val(DOMAIN_USER, 3))
++ @ write r1 to current_thread_info()->cpu_domain
++ str r1, [r0, #TI_CPU_DOMAIN]
++ @ write r1 to DACR
++ mcr p15, 0, r1, c3, c0, 0
++ @ instruction sync
++ instr_sync
++ @ restore regs
++ ldmia sp!, {r0, r1}
++#endif
++ .endm
++
+ .macro pabt_helper
+ @ PABORT handler takes pt_regs in r2, fault address in r4 and psr in r5
+ #ifdef MULTI_PABORT
+@@ -89,11 +170,15 @@
+ * Invalid mode handlers
+ */
+ .macro inv_entry, reason
++
++ pax_enter_kernel
++
+ sub sp, sp, #S_FRAME_SIZE
+ ARM( stmib sp, {r1 - lr} )
+ THUMB( stmia sp, {r0 - r12} )
+ THUMB( str sp, [sp, #S_SP] )
+ THUMB( str lr, [sp, #S_LR] )
++
+ mov r1, #\reason
+ .endm
+
+@@ -149,7 +234,11 @@ ENDPROC(__und_invalid)
+ .macro svc_entry, stack_hole=0
+ UNWIND(.fnstart )
+ UNWIND(.save {r0 - pc} )
++
++ pax_enter_kernel
++
+ sub sp, sp, #(S_FRAME_SIZE + \stack_hole - 4)
++
+ #ifdef CONFIG_THUMB2_KERNEL
+ SPFIX( str r0, [sp] ) @ temporarily saved
+ SPFIX( mov r0, sp )
+@@ -164,7 +253,12 @@ ENDPROC(__und_invalid)
+ ldmia r0, {r3 - r5}
+ add r7, sp, #S_SP - 4 @ here for interlock avoidance
+ mov r6, #-1 @ "" "" "" ""
++#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)
++ @ offset sp by 8 as done in pax_enter_kernel
++ add r2, sp, #(S_FRAME_SIZE + \stack_hole + 4)
++#else
+ add r2, sp, #(S_FRAME_SIZE + \stack_hole - 4)
++#endif
+ SPFIX( addeq r2, r2, #4 )
+ str r3, [sp, #-4]! @ save the "real" r0 copied
+ @ from the exception stack
+@@ -359,6 +453,9 @@ ENDPROC(__pabt_svc)
+ .macro usr_entry
+ UNWIND(.fnstart )
+ UNWIND(.cantunwind ) @ don't unwind the user space
++
++ pax_enter_kernel_user
++
+ sub sp, sp, #S_FRAME_SIZE
+ ARM( stmib sp, {r1 - r12} )
+ THUMB( stmia sp, {r0 - r12} )
+@@ -456,7 +553,9 @@ __und_usr:
+ tst r3, #PSR_T_BIT @ Thumb mode?
+ bne __und_usr_thumb
+ sub r4, r2, #4 @ ARM instr at LR - 4
++ pax_open_userland
+ 1: ldrt r0, [r4]
++ pax_close_userland
+ #ifdef CONFIG_CPU_ENDIAN_BE8
+ rev r0, r0 @ little endian instruction
+ #endif
+@@ -491,10 +590,14 @@ __und_usr_thumb:
+ */
+ .arch armv6t2
+ #endif
++ pax_open_userland
+ 2: ldrht r5, [r4]
++ pax_close_userland
+ cmp r5, #0xe800 @ 32bit instruction if xx != 0
+ blo __und_usr_fault_16 @ 16bit undefined instruction
++ pax_open_userland
+ 3: ldrht r0, [r2]
++ pax_close_userland
+ add r2, r2, #2 @ r2 is PC + 2, make it PC + 4
+ str r2, [sp, #S_PC] @ it's a 2x16bit instr, update
+ orr r0, r0, r5, lsl #16
+@@ -733,7 +836,7 @@ ENTRY(__switch_to)
+ THUMB( stmia ip!, {r4 - sl, fp} ) @ Store most regs on stack
+ THUMB( str sp, [ip], #4 )
+ THUMB( str lr, [ip], #4 )
+-#ifdef CONFIG_CPU_USE_DOMAINS
++#if defined(CONFIG_CPU_USE_DOMAINS) || defined(CONFIG_PAX_KERNEXEC)
+ ldr r6, [r2, #TI_CPU_DOMAIN]
+ #endif
+ set_tls r3, r4, r5
+@@ -742,7 +845,7 @@ ENTRY(__switch_to)
+ ldr r8, =__stack_chk_guard
+ ldr r7, [r7, #TSK_STACK_CANARY]
+ #endif
+-#ifdef CONFIG_CPU_USE_DOMAINS
++#if defined(CONFIG_CPU_USE_DOMAINS) || defined(CONFIG_PAX_KERNEXEC)
+ mcr p15, 0, r6, c3, c0, 0 @ Set domain register
+ #endif
+ mov r5, r0
+diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry-common.S
+index a6c301e..908821b 100644
+--- a/arch/arm/kernel/entry-common.S
++++ b/arch/arm/kernel/entry-common.S
+@@ -10,18 +10,46 @@
+
+ #include <asm/unistd.h>
+ #include <asm/ftrace.h>
++#include <asm/domain.h>
+ #include <asm/unwind.h>
+
++#include "entry-header.S"
++
+ #ifdef CONFIG_NEED_RET_TO_USER
+ #include <mach/entry-macro.S>
+ #else
+ .macro arch_ret_to_user, tmp1, tmp2
++#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)
++ @ save regs
++ stmdb sp!, {r1, r2}
++ @ read DACR from cpu_domain into r1
++ mov r2, sp
++ @ assume 8K pages, since we have to split the immediate in two
++ bic r2, r2, #(0x1fc0)
++ bic r2, r2, #(0x3f)
++ ldr r1, [r2, #TI_CPU_DOMAIN]
++#ifdef CONFIG_PAX_KERNEXEC
++ @ set type of DOMAIN_KERNEL to DOMAIN_KERNELCLIENT
++ bic r1, r1, #(domain_val(DOMAIN_KERNEL, 3))
++ orr r1, r1, #(domain_val(DOMAIN_KERNEL, DOMAIN_KERNELCLIENT))
++#endif
++#ifdef CONFIG_PAX_MEMORY_UDEREF
++ @ set current DOMAIN_USER to DOMAIN_UDEREF
++ bic r1, r1, #(domain_val(DOMAIN_USER, 3))
++ orr r1, r1, #(domain_val(DOMAIN_USER, DOMAIN_UDEREF))
++#endif
++ @ write r1 to current_thread_info()->cpu_domain
++ str r1, [r2, #TI_CPU_DOMAIN]
++ @ write r1 to DACR
++ mcr p15, 0, r1, c3, c0, 0
++ @ instruction sync
++ instr_sync
++ @ restore regs
++ ldmia sp!, {r1, r2}
++#endif
+ .endm
+ #endif
+
+-#include "entry-header.S"
+-
+-
+ .align 5
+ /*
+ * This is the fast syscall return path. We do as little as
+@@ -339,6 +367,7 @@ ENDPROC(ftrace_stub)
+
+ .align 5
+ ENTRY(vector_swi)
++
+ sub sp, sp, #S_FRAME_SIZE
+ stmia sp, {r0 - r12} @ Calling r0 - r12
+ ARM( add r8, sp, #S_PC )
+@@ -388,6 +417,12 @@ ENTRY(vector_swi)
+ ldr scno, [lr, #-4] @ get SWI instruction
+ #endif
+
++ /*
++ * do this here to avoid a performance hit of wrapping the code above
++ * that directly dereferences userland to parse the SWI instruction
++ */
++ pax_enter_kernel_user
++
+ #ifdef CONFIG_ALIGNMENT_TRAP
+ ldr ip, __cr_alignment
+ ldr ip, [ip]
+diff --git a/arch/arm/kernel/entry-header.S b/arch/arm/kernel/entry-header.S
+index 9a8531e..812e287 100644
+--- a/arch/arm/kernel/entry-header.S
++++ b/arch/arm/kernel/entry-header.S
+@@ -73,9 +73,66 @@
+ msr cpsr_c, \rtemp @ switch back to the SVC mode
+ .endm
+
++ .macro pax_enter_kernel_user
++#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)
++ @ save regs
++ stmdb sp!, {r0, r1}
++ @ read DACR from cpu_domain into r1
++ mov r0, sp
++ @ assume 8K pages, since we have to split the immediate in two
++ bic r0, r0, #(0x1fc0)
++ bic r0, r0, #(0x3f)
++ ldr r1, [r0, #TI_CPU_DOMAIN]
++#ifdef CONFIG_PAX_MEMORY_UDEREF
++ @ set current DOMAIN_USER to DOMAIN_NOACCESS
++ bic r1, r1, #(domain_val(DOMAIN_USER, 3))
++#endif
++#ifdef CONFIG_PAX_KERNEXEC
++ @ set current DOMAIN_KERNEL to DOMAIN_KERNELCLIENT
++ bic r1, r1, #(domain_val(DOMAIN_KERNEL, 3))
++ orr r1, r1, #(domain_val(DOMAIN_KERNEL, DOMAIN_KERNELCLIENT))
++#endif
++ @ write r1 to current_thread_info()->cpu_domain
++ str r1, [r0, #TI_CPU_DOMAIN]
++ @ write r1 to DACR
++ mcr p15, 0, r1, c3, c0, 0
++ @ instruction sync
++ instr_sync
++ @ restore regs
++ ldmia sp!, {r0, r1}
++#endif
++ .endm
++
++ .macro pax_exit_kernel
++#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)
++ @ save regs
++ stmdb sp!, {r0, r1}
++ @ read old DACR from stack into r1
++ ldr r1, [sp, #(8 + S_SP)]
++ sub r1, r1, #8
++ ldr r1, [r1]
++
++ @ write r1 to current_thread_info()->cpu_domain
++ mov r0, sp
++ @ assume 8K pages, since we have to split the immediate in two
++ bic r0, r0, #(0x1fc0)
++ bic r0, r0, #(0x3f)
++ str r1, [r0, #TI_CPU_DOMAIN]
++ @ write r1 to DACR
++ mcr p15, 0, r1, c3, c0, 0
++ @ instruction sync
++ instr_sync
++ @ restore regs
++ ldmia sp!, {r0, r1}
++#endif
++ .endm
++
+ #ifndef CONFIG_THUMB2_KERNEL
+ .macro svc_exit, rpsr
+ msr spsr_cxsf, \rpsr
++
++ pax_exit_kernel
++
+ #if defined(CONFIG_CPU_V6)
+ ldr r0, [sp]
+ strex r1, r2, [sp] @ clear the exclusive monitor
+@@ -121,6 +178,9 @@
+ .endm
+ #else /* CONFIG_THUMB2_KERNEL */
+ .macro svc_exit, rpsr
++
++ pax_exit_kernel
++
+ ldr lr, [sp, #S_SP] @ top of the stack
+ ldrd r0, r1, [sp, #S_LR] @ calling lr and pc
+ clrex @ clear the exclusive monitor
+diff --git a/arch/arm/kernel/fiq.c b/arch/arm/kernel/fiq.c
+index 2adda11..7fbe958 100644
+--- a/arch/arm/kernel/fiq.c
++++ b/arch/arm/kernel/fiq.c
+@@ -82,7 +82,9 @@ void set_fiq_handler(void *start, unsigned int length)
+ #if defined(CONFIG_CPU_USE_DOMAINS)
+ memcpy((void *)0xffff001c, start, length);
+ #else
++ pax_open_kernel();
+ memcpy(vectors_page + 0x1c, start, length);
++ pax_close_kernel();
+ #endif
+ flush_icache_range(0xffff001c, 0xffff001c + length);
+ if (!vectors_high())
diff --git a/arch/arm/kernel/head.S b/arch/arm/kernel/head.S
-index 486a15a..d95523a 100644
+index e0eb9a1..c7d74a3 100644
--- a/arch/arm/kernel/head.S
+++ b/arch/arm/kernel/head.S
@@ -52,7 +52,9 @@
.endm
/*
+@@ -434,7 +436,7 @@ __enable_mmu:
+ mov r5, #(domain_val(DOMAIN_USER, DOMAIN_MANAGER) | \
+ domain_val(DOMAIN_KERNEL, DOMAIN_MANAGER) | \
+ domain_val(DOMAIN_TABLE, DOMAIN_MANAGER) | \
+- domain_val(DOMAIN_IO, DOMAIN_CLIENT))
++ domain_val(DOMAIN_IO, DOMAIN_KERNELCLIENT))
+ mcr p15, 0, r5, c3, c0, 0 @ load domain access register
+ mcr p15, 0, r4, c2, c0, 0 @ load page table pointer
+ #endif
+diff --git a/arch/arm/kernel/hw_breakpoint.c b/arch/arm/kernel/hw_breakpoint.c
+index 5ff2e77..556d030 100644
+--- a/arch/arm/kernel/hw_breakpoint.c
++++ b/arch/arm/kernel/hw_breakpoint.c
+@@ -1011,7 +1011,7 @@ static int __cpuinit dbg_reset_notify(struct notifier_block *self,
+ return NOTIFY_OK;
+ }
+
+-static struct notifier_block __cpuinitdata dbg_reset_nb = {
++static struct notifier_block dbg_reset_nb = {
+ .notifier_call = dbg_reset_notify,
+ };
+
diff --git a/arch/arm/kernel/module.c b/arch/arm/kernel/module.c
index 1e9be5d..03edbc2 100644
--- a/arch/arm/kernel/module.c
#endif
int
+diff --git a/arch/arm/kernel/patch.c b/arch/arm/kernel/patch.c
+index 07314af..c46655c 100644
+--- a/arch/arm/kernel/patch.c
++++ b/arch/arm/kernel/patch.c
+@@ -18,6 +18,7 @@ void __kprobes __patch_text(void *addr, unsigned int insn)
+ bool thumb2 = IS_ENABLED(CONFIG_THUMB2_KERNEL);
+ int size;
+
++ pax_open_kernel();
+ if (thumb2 && __opcode_is_thumb16(insn)) {
+ *(u16 *)addr = __opcode_to_mem_thumb16(insn);
+ size = sizeof(u16);
+@@ -39,6 +40,7 @@ void __kprobes __patch_text(void *addr, unsigned int insn)
+ *(u32 *)addr = insn;
+ size = sizeof(u32);
+ }
++ pax_close_kernel();
+
+ flush_icache_range((uintptr_t)(addr),
+ (uintptr_t)(addr) + size);
+diff --git a/arch/arm/kernel/perf_event_cpu.c b/arch/arm/kernel/perf_event_cpu.c
+index 5f66206..dce492f 100644
+--- a/arch/arm/kernel/perf_event_cpu.c
++++ b/arch/arm/kernel/perf_event_cpu.c
+@@ -171,7 +171,7 @@ static int __cpuinit cpu_pmu_notify(struct notifier_block *b,
+ return NOTIFY_OK;
+ }
+
+-static struct notifier_block __cpuinitdata cpu_pmu_hotplug_notifier = {
++static struct notifier_block cpu_pmu_hotplug_notifier = {
+ .notifier_call = cpu_pmu_notify,
+ };
+
diff --git a/arch/arm/kernel/process.c b/arch/arm/kernel/process.c
-index 90084a6..a8b26bc 100644
+index c6dec5f..f853532 100644
--- a/arch/arm/kernel/process.c
+++ b/arch/arm/kernel/process.c
@@ -28,7 +28,6 @@
printk("pc : [<%08lx>] lr : [<%08lx>] psr: %08lx\n"
"sp : %08lx ip : %08lx fp : %08lx\n",
regs->ARM_pc, regs->ARM_lr, regs->ARM_cpsr,
-@@ -451,12 +451,6 @@ unsigned long get_wchan(struct task_struct *p)
+@@ -452,12 +452,6 @@ unsigned long get_wchan(struct task_struct *p)
return 0;
}
/*
* The vectors page is always readable from user space for the
diff --git a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c
-index 739db3a..7f4a272 100644
+index 03deeff..741ce88 100644
--- a/arch/arm/kernel/ptrace.c
+++ b/arch/arm/kernel/ptrace.c
-@@ -916,6 +916,10 @@ enum ptrace_syscall_dir {
- PTRACE_SYSCALL_EXIT,
- };
+@@ -937,10 +937,19 @@ static int tracehook_report_syscall(struct pt_regs *regs,
+ return current_thread_info()->syscall;
+ }
+#ifdef CONFIG_GRKERNSEC_SETXID
+extern void gr_delayed_cred_worker(void);
+#endif
+
- static int ptrace_syscall_trace(struct pt_regs *regs, int scno,
- enum ptrace_syscall_dir dir)
+ asmlinkage int syscall_trace_enter(struct pt_regs *regs, int scno)
{
-@@ -923,6 +927,11 @@ static int ptrace_syscall_trace(struct pt_regs *regs, int scno,
-
current_thread_info()->syscall = scno;
+#ifdef CONFIG_GRKERNSEC_SETXID
+ gr_delayed_cred_worker();
+#endif
+
- if (!test_thread_flag(TIF_SYSCALL_TRACE))
- return scno;
-
+ /* Do the secure computing check first; failures should be fast. */
+ if (secure_computing(scno) == -1)
+ return -1;
diff --git a/arch/arm/kernel/setup.c b/arch/arm/kernel/setup.c
-index da1d1aa..ef9bc58 100644
+index 3f6cbb2..6d856f5 100644
--- a/arch/arm/kernel/setup.c
+++ b/arch/arm/kernel/setup.c
@@ -97,21 +97,23 @@ EXPORT_SYMBOL(system_serial_high);
(mmfr0 & 0x000000f0) == 0x00000020)
cpu_arch = CPU_ARCH_ARMv6;
else
-@@ -455,7 +461,7 @@ static void __init setup_processor(void)
+@@ -462,7 +468,7 @@ static void __init setup_processor(void)
__cpu_architecture = __get_cpu_architecture();
#ifdef MULTI_CPU
#ifdef MULTI_TLB
cpu_tlb = *list->tlb;
diff --git a/arch/arm/kernel/smp.c b/arch/arm/kernel/smp.c
-index fbc8b26..000ded0 100644
+index 58af91c..343ce99 100644
--- a/arch/arm/kernel/smp.c
+++ b/arch/arm/kernel/smp.c
@@ -70,7 +70,7 @@ enum ipi_msg_type {
void __init smp_set_ops(struct smp_operations *ops)
{
diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c
-index b0179b8..7713948 100644
+index b0179b8..b7b16c7 100644
--- a/arch/arm/kernel/traps.c
+++ b/arch/arm/kernel/traps.c
@@ -57,7 +57,7 @@ static void dump_mem(const char *, const char *, unsigned long, unsigned long);
if (signr)
do_exit(signr);
}
+@@ -601,7 +606,9 @@ asmlinkage int arm_syscall(int no, struct pt_regs *regs)
+ * The user helper at 0xffff0fe0 must be used instead.
+ * (see entry-armv.S for details)
+ */
++ pax_open_kernel();
+ *((unsigned int *)0xffff0ff0) = regs->ARM_r0;
++ pax_close_kernel();
+ }
+ return 0;
+
+@@ -849,5 +856,9 @@ void __init early_trap_init(void *vectors_base)
+ sigreturn_codes, sizeof(sigreturn_codes));
+
+ flush_icache_range(vectors, vectors + PAGE_SIZE);
+- modify_domain(DOMAIN_USER, DOMAIN_CLIENT);
++
++#ifndef CONFIG_PAX_MEMORY_UDEREF
++ modify_domain(DOMAIN_USER, DOMAIN_USERCLIENT);
++#endif
++
+ }
diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S
-index 36ff15b..75d9e9d 100644
+index 11c1785..c67d54c 100644
--- a/arch/arm/kernel/vmlinux.lds.S
+++ b/arch/arm/kernel/vmlinux.lds.S
@@ -8,7 +8,11 @@
.text : { /* Real text segment */
_stext = .; /* Text and read-only data */
__exception_text_start = .;
-@@ -133,6 +142,10 @@ SECTIONS
+@@ -144,6 +153,10 @@ SECTIONS
_etext = .; /* End of text and rodata section */
#ifndef CONFIG_XIP_KERNEL
. = ALIGN(PAGE_SIZE);
__init_begin = .;
-@@ -192,6 +205,11 @@ SECTIONS
+@@ -203,6 +216,11 @@ SECTIONS
. = PAGE_OFFSET + TEXT_OFFSET;
#else
__init_end = .;
. = ALIGN(THREAD_SIZE);
__data_loc = .;
#endif
+diff --git a/arch/arm/lib/clear_user.S b/arch/arm/lib/clear_user.S
+index 14a0d98..7771a7d 100644
+--- a/arch/arm/lib/clear_user.S
++++ b/arch/arm/lib/clear_user.S
+@@ -12,14 +12,14 @@
+
+ .text
+
+-/* Prototype: int __clear_user(void *addr, size_t sz)
++/* Prototype: int ___clear_user(void *addr, size_t sz)
+ * Purpose : clear some user memory
+ * Params : addr - user memory address to clear
+ * : sz - number of bytes to clear
+ * Returns : number of bytes NOT cleared
+ */
+ ENTRY(__clear_user_std)
+-WEAK(__clear_user)
++WEAK(___clear_user)
+ stmfd sp!, {r1, lr}
+ mov r2, #0
+ cmp r1, #4
+@@ -44,7 +44,7 @@ WEAK(__clear_user)
+ USER( strnebt r2, [r0])
+ mov r0, #0
+ ldmfd sp!, {r1, pc}
+-ENDPROC(__clear_user)
++ENDPROC(___clear_user)
+ ENDPROC(__clear_user_std)
+
+ .pushsection .fixup,"ax"
diff --git a/arch/arm/lib/copy_from_user.S b/arch/arm/lib/copy_from_user.S
index 66a477a..bee61d3 100644
--- a/arch/arm/lib/copy_from_user.S
ENDPROC(__copy_to_user_std)
.pushsection .fixup,"ax"
+diff --git a/arch/arm/lib/csumpartialcopyuser.S b/arch/arm/lib/csumpartialcopyuser.S
+index 7d08b43..f7ca7ea 100644
+--- a/arch/arm/lib/csumpartialcopyuser.S
++++ b/arch/arm/lib/csumpartialcopyuser.S
+@@ -57,8 +57,8 @@
+ * Returns : r0 = checksum, [[sp, #0], #0] = 0 or -EFAULT
+ */
+
+-#define FN_ENTRY ENTRY(csum_partial_copy_from_user)
+-#define FN_EXIT ENDPROC(csum_partial_copy_from_user)
++#define FN_ENTRY ENTRY(__csum_partial_copy_from_user)
++#define FN_EXIT ENDPROC(__csum_partial_copy_from_user)
+
+ #include "csumpartialcopygeneric.S"
+
diff --git a/arch/arm/lib/delay.c b/arch/arm/lib/delay.c
-index 0dc5385..45833ef 100644
+index 6b93f6a..88d9b64 100644
--- a/arch/arm/lib/delay.c
+++ b/arch/arm/lib/delay.c
@@ -28,12 +28,14 @@
static const struct delay_timer *delay_timer;
static bool delay_calibrated;
-@@ -67,6 +69,12 @@ static void __timer_udelay(unsigned long usecs)
+@@ -67,6 +69,13 @@ static void __timer_udelay(unsigned long usecs)
__timer_const_udelay(usecs * UDELAY_MULT);
}
+ .delay = __timer_delay,
+ .const_udelay = __timer_const_udelay,
+ .udelay = __timer_udelay,
++ .const_clock = true,
+};
+
void __init register_current_timer_delay(const struct delay_timer *timer)
{
if (!delay_calibrated) {
-@@ -74,9 +82,7 @@ void __init register_current_timer_delay(const struct delay_timer *timer)
+@@ -74,10 +83,7 @@ void __init register_current_timer_delay(const struct delay_timer *timer)
delay_timer = timer;
lpj_fine = timer->freq / HZ;
loops_per_jiffy = lpj_fine;
- arm_delay_ops.delay = __timer_delay;
- arm_delay_ops.const_udelay = __timer_const_udelay;
- arm_delay_ops.udelay = __timer_udelay;
+- arm_delay_ops.const_clock = true;
+ arm_delay_ops = &arm_timer_delay_ops;
delay_calibrated = true;
} else {
/*
* This test is stubbed out of the main function above to keep
diff --git a/arch/arm/mach-kirkwood/common.c b/arch/arm/mach-kirkwood/common.c
-index 2c6c218..2b87c2d 100644
+index bac21a5..b67ef8e 100644
--- a/arch/arm/mach-kirkwood/common.c
+++ b/arch/arm/mach-kirkwood/common.c
@@ -150,7 +150,16 @@ static void clk_gate_fn_disable(struct clk_hw *hw)
if (IS_ERR(clk))
diff --git a/arch/arm/mach-omap2/board-n8x0.c b/arch/arm/mach-omap2/board-n8x0.c
-index d95f727..12f10dd 100644
+index 0abb30f..54064da 100644
--- a/arch/arm/mach-omap2/board-n8x0.c
+++ b/arch/arm/mach-omap2/board-n8x0.c
-@@ -589,7 +589,7 @@ static int n8x0_menelaus_late_init(struct device *dev)
+@@ -631,7 +631,7 @@ static int n8x0_menelaus_late_init(struct device *dev)
}
#endif
.late_init = n8x0_menelaus_late_init,
};
+diff --git a/arch/arm/mach-omap2/gpmc.c b/arch/arm/mach-omap2/gpmc.c
+index 8033cb7..2f7cb62 100644
+--- a/arch/arm/mach-omap2/gpmc.c
++++ b/arch/arm/mach-omap2/gpmc.c
+@@ -139,7 +139,6 @@ struct omap3_gpmc_regs {
+ };
+
+ static struct gpmc_client_irq gpmc_client_irq[GPMC_NR_IRQ];
+-static struct irq_chip gpmc_irq_chip;
+ static unsigned gpmc_irq_start;
+
+ static struct resource gpmc_mem_root;
+@@ -700,6 +699,18 @@ static void gpmc_irq_noop(struct irq_data *data) { }
+
+ static unsigned int gpmc_irq_noop_ret(struct irq_data *data) { return 0; }
+
++static struct irq_chip gpmc_irq_chip = {
++ .name = "gpmc",
++ .irq_startup = gpmc_irq_noop_ret,
++ .irq_enable = gpmc_irq_enable,
++ .irq_disable = gpmc_irq_disable,
++ .irq_shutdown = gpmc_irq_noop,
++ .irq_ack = gpmc_irq_noop,
++ .irq_mask = gpmc_irq_noop,
++ .irq_unmask = gpmc_irq_noop,
++
++};
++
+ static int gpmc_setup_irq(void)
+ {
+ int i;
+@@ -714,15 +725,6 @@ static int gpmc_setup_irq(void)
+ return gpmc_irq_start;
+ }
+
+- gpmc_irq_chip.name = "gpmc";
+- gpmc_irq_chip.irq_startup = gpmc_irq_noop_ret;
+- gpmc_irq_chip.irq_enable = gpmc_irq_enable;
+- gpmc_irq_chip.irq_disable = gpmc_irq_disable;
+- gpmc_irq_chip.irq_shutdown = gpmc_irq_noop;
+- gpmc_irq_chip.irq_ack = gpmc_irq_noop;
+- gpmc_irq_chip.irq_mask = gpmc_irq_noop;
+- gpmc_irq_chip.irq_unmask = gpmc_irq_noop;
+-
+ gpmc_client_irq[0].bitmask = GPMC_IRQ_FIFOEVENTENABLE;
+ gpmc_client_irq[1].bitmask = GPMC_IRQ_COUNT_EVENT;
+
+diff --git a/arch/arm/mach-omap2/omap-wakeupgen.c b/arch/arm/mach-omap2/omap-wakeupgen.c
+index 5d3b4f4..ddba3c0 100644
+--- a/arch/arm/mach-omap2/omap-wakeupgen.c
++++ b/arch/arm/mach-omap2/omap-wakeupgen.c
+@@ -340,7 +340,7 @@ static int __cpuinit irq_cpu_hotplug_notify(struct notifier_block *self,
+ return NOTIFY_OK;
+ }
+
+-static struct notifier_block __refdata irq_hotplug_notifier = {
++static struct notifier_block irq_hotplug_notifier = {
+ .notifier_call = irq_cpu_hotplug_notify,
+ };
+
+diff --git a/arch/arm/mach-omap2/omap_device.c b/arch/arm/mach-omap2/omap_device.c
+index e065daa..7b1ad9b 100644
+--- a/arch/arm/mach-omap2/omap_device.c
++++ b/arch/arm/mach-omap2/omap_device.c
+@@ -686,7 +686,7 @@ void omap_device_delete(struct omap_device *od)
+ * passes along the return value of omap_device_build_ss().
+ */
+ struct platform_device __init *omap_device_build(const char *pdev_name, int pdev_id,
+- struct omap_hwmod *oh, void *pdata,
++ struct omap_hwmod *oh, const void *pdata,
+ int pdata_len,
+ struct omap_device_pm_latency *pm_lats,
+ int pm_lats_cnt, int is_early_device)
+@@ -720,7 +720,7 @@ struct platform_device __init *omap_device_build(const char *pdev_name, int pdev
+ */
+ struct platform_device __init *omap_device_build_ss(const char *pdev_name, int pdev_id,
+ struct omap_hwmod **ohs, int oh_cnt,
+- void *pdata, int pdata_len,
++ const void *pdata, int pdata_len,
+ struct omap_device_pm_latency *pm_lats,
+ int pm_lats_cnt, int is_early_device)
+ {
+diff --git a/arch/arm/mach-omap2/omap_device.h b/arch/arm/mach-omap2/omap_device.h
+index 0933c59..42b8e2d 100644
+--- a/arch/arm/mach-omap2/omap_device.h
++++ b/arch/arm/mach-omap2/omap_device.h
+@@ -91,14 +91,14 @@ int omap_device_shutdown(struct platform_device *pdev);
+ /* Core code interface */
+
+ struct platform_device *omap_device_build(const char *pdev_name, int pdev_id,
+- struct omap_hwmod *oh, void *pdata,
++ struct omap_hwmod *oh, const void *pdata,
+ int pdata_len,
+ struct omap_device_pm_latency *pm_lats,
+ int pm_lats_cnt, int is_early_device);
+
+ struct platform_device *omap_device_build_ss(const char *pdev_name, int pdev_id,
+ struct omap_hwmod **oh, int oh_cnt,
+- void *pdata, int pdata_len,
++ const void *pdata, int pdata_len,
+ struct omap_device_pm_latency *pm_lats,
+ int pm_lats_cnt, int is_early_device);
+
diff --git a/arch/arm/mach-omap2/omap_hwmod.c b/arch/arm/mach-omap2/omap_hwmod.c
-index 87cc6d0..fd4f248 100644
+index 4653efb..8c60bf7 100644
--- a/arch/arm/mach-omap2/omap_hwmod.c
+++ b/arch/arm/mach-omap2/omap_hwmod.c
@@ -189,10 +189,10 @@ struct omap_hwmod_soc_ops {
- int (*is_hardreset_asserted)(struct omap_hwmod *oh,
- struct omap_hwmod_rst_info *ohri);
int (*init_clkdm)(struct omap_hwmod *oh);
+ void (*update_context_lost)(struct omap_hwmod *oh);
+ int (*get_context_lost)(struct omap_hwmod *oh);
-};
+} __no_const;
/* omap_hwmod_list contains all registered struct omap_hwmods */
static LIST_HEAD(omap_hwmod_list);
+diff --git a/arch/arm/mach-omap2/wd_timer.c b/arch/arm/mach-omap2/wd_timer.c
+index 7c2b4ed..b2ea51f 100644
+--- a/arch/arm/mach-omap2/wd_timer.c
++++ b/arch/arm/mach-omap2/wd_timer.c
+@@ -110,7 +110,9 @@ static int __init omap_init_wdt(void)
+ struct omap_hwmod *oh;
+ char *oh_name = "wd_timer2";
+ char *dev_name = "omap_wdt";
+- struct omap_wd_timer_platform_data pdata;
++ static struct omap_wd_timer_platform_data pdata = {
++ .read_reset_sources = prm_read_reset_sources
++ };
+
+ if (!cpu_class_is_omap2() || of_have_populated_dt())
+ return 0;
+@@ -121,8 +123,6 @@ static int __init omap_init_wdt(void)
+ return -EINVAL;
+ }
+
+- pdata.read_reset_sources = prm_read_reset_sources;
+-
+ pdev = omap_device_build(dev_name, id, oh, &pdata,
+ sizeof(struct omap_wd_timer_platform_data),
+ NULL, 0, 0);
+diff --git a/arch/arm/mach-ux500/include/mach/setup.h b/arch/arm/mach-ux500/include/mach/setup.h
+index 6be4c4d..32ac32a 100644
+--- a/arch/arm/mach-ux500/include/mach/setup.h
++++ b/arch/arm/mach-ux500/include/mach/setup.h
+@@ -38,13 +38,6 @@ extern struct sys_timer ux500_timer;
+ .type = MT_DEVICE, \
+ }
+
+-#define __MEM_DEV_DESC(x, sz) { \
+- .virtual = IO_ADDRESS(x), \
+- .pfn = __phys_to_pfn(x), \
+- .length = sz, \
+- .type = MT_MEMORY, \
+-}
+-
+ extern struct smp_operations ux500_smp_ops;
+ extern void ux500_cpu_die(unsigned int cpu);
+
+diff --git a/arch/arm/mm/Kconfig b/arch/arm/mm/Kconfig
+index 3fd629d..8b1aca9 100644
+--- a/arch/arm/mm/Kconfig
++++ b/arch/arm/mm/Kconfig
+@@ -425,7 +425,7 @@ config CPU_32v5
+
+ config CPU_32v6
+ bool
+- select CPU_USE_DOMAINS if CPU_V6 && MMU
++ select CPU_USE_DOMAINS if CPU_V6 && MMU && !PAX_KERNEXEC
+ select TLS_REG_EMUL if !CPU_32v6K && !MMU
+
+ config CPU_32v6K
+@@ -577,6 +577,7 @@ config CPU_CP15_MPU
+
+ config CPU_USE_DOMAINS
+ bool
++ depends on !ARM_LPAE && !PAX_KERNEXEC
+ help
+ This option enables or disables the use of domain switching
+ via the set_fs() function.
diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c
-index 5dbf13f..9be36fd 100644
+index 5dbf13f..6393f55 100644
--- a/arch/arm/mm/fault.c
+++ b/arch/arm/mm/fault.c
@@ -25,6 +25,7 @@
#include "fault.h"
-@@ -138,6 +139,19 @@ __do_kernel_fault(struct mm_struct *mm, unsigned long addr, unsigned int fsr,
+@@ -138,6 +139,20 @@ __do_kernel_fault(struct mm_struct *mm, unsigned long addr, unsigned int fsr,
if (fixup_exception(regs))
return;
+#ifdef CONFIG_PAX_KERNEXEC
-+ if (fsr & FSR_WRITE) {
-+ if (((unsigned long)_stext <= addr && addr < init_mm.end_code) || (MODULES_VADDR <= addr && addr < MODULES_END)) {
-+ if (current->signal->curr_ip)
-+ printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n",
-+ ¤t->signal->curr_ip, current->comm, task_pid_nr(current), current_uid(), current_euid());
-+ else
-+ printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n",
-+ current->comm, task_pid_nr(current), current_uid(), current_euid());
-+ }
++ if ((fsr & FSR_WRITE) &&
++ (((unsigned long)_stext <= addr && addr < init_mm.end_code) ||
++ (MODULES_VADDR <= addr && addr < MODULES_END)))
++ {
++ if (current->signal->curr_ip)
++ printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", ¤t->signal->curr_ip, current->comm, task_pid_nr(current),
++ from_kuid(&init_user_ns, current_uid()), from_kuid(&init_user_ns, current_euid()));
++ else
++ printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", current->comm, task_pid_nr(current),
++ from_kuid(&init_user_ns, current_uid()), from_kuid(&init_user_ns, current_euid()));
+ }
+#endif
+
/*
* No handler, we'll have to terminate things with extreme prejudice.
*/
-@@ -174,6 +188,13 @@ __do_user_fault(struct task_struct *tsk, unsigned long addr,
+@@ -174,6 +189,13 @@ __do_user_fault(struct task_struct *tsk, unsigned long addr,
}
#endif
tsk->thread.address = addr;
tsk->thread.error_code = fsr;
tsk->thread.trap_no = 14;
-@@ -398,6 +419,33 @@ do_page_fault(unsigned long addr, unsigned int fsr, struct pt_regs *regs)
+@@ -398,6 +420,33 @@ do_page_fault(unsigned long addr, unsigned int fsr, struct pt_regs *regs)
}
#endif /* CONFIG_MMU */
/*
* First Level Translation Fault Handler
*
-@@ -575,12 +623,41 @@ do_PrefetchAbort(unsigned long addr, unsigned int ifsr, struct pt_regs *regs)
+@@ -543,9 +592,22 @@ do_DataAbort(unsigned long addr, unsigned int fsr, struct pt_regs *regs)
+ const struct fsr_info *inf = fsr_info + fsr_fs(fsr);
+ struct siginfo info;
+
++#ifdef CONFIG_PAX_MEMORY_UDEREF
++ if (addr < TASK_SIZE && is_domain_fault(fsr)) {
++ if (current->signal->curr_ip)
++ printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", ¤t->signal->curr_ip, current->comm, task_pid_nr(current),
++ from_kuid(&init_user_ns, current_uid()), from_kuid(&init_user_ns, current_euid()), addr);
++ else
++ printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", current->comm, task_pid_nr(current),
++ from_kuid(&init_user_ns, current_uid()), from_kuid(&init_user_ns, current_euid()), addr);
++ goto die;
++ }
++#endif
++
+ if (!inf->fn(addr, fsr & ~FSR_LNX_PF, regs))
+ return;
+
++die:
+ printk(KERN_ALERT "Unhandled fault: %s (0x%03x) at 0x%08lx\n",
+ inf->name, fsr, addr);
+
+@@ -575,9 +637,38 @@ do_PrefetchAbort(unsigned long addr, unsigned int ifsr, struct pt_regs *regs)
const struct fsr_info *inf = ifsr_info + fsr_fs(ifsr);
struct siginfo info;
-+#ifdef CONFIG_PAX_KERNEXEC
-+ if (!user_mode(regs) && is_xn_fault(ifsr)) {
++#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)
++ if (!user_mode(regs) && (is_domain_fault(ifsr) || is_xn_fault(ifsr))) {
+ if (current->signal->curr_ip)
-+ printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to execute %s memory at %08lx\n",
-+ ¤t->signal->curr_ip, current->comm, task_pid_nr(current), current_uid(), current_euid(),
-+ addr >= TASK_SIZE ? "non-executable kernel" : "userland", addr);
++ printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to execute %s memory at %08lx\n", ¤t->signal->curr_ip, current->comm, task_pid_nr(current),
++ from_kuid(&init_user_ns, current_uid()), from_kuid(&init_user_ns, current_euid()),
++ addr >= TASK_SIZE ? "non-executable kernel" : "userland", addr);
+ else
-+ printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to execute %s memory at %08lx\n",
-+ current->comm, task_pid_nr(current), current_uid(), current_euid(),
-+ addr >= TASK_SIZE ? "non-executable kernel" : "userland", addr);
++ printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to execute %s memory at %08lx\n", current->comm, task_pid_nr(current),
++ from_kuid(&init_user_ns, current_uid()), from_kuid(&init_user_ns, current_euid()),
++ addr >= TASK_SIZE ? "non-executable kernel" : "userland", addr);
+ goto die;
+ }
+#endif
if (!inf->fn(addr, ifsr | FSR_LNX_PF, regs))
return;
++die:
printk(KERN_ALERT "Unhandled prefetch abort: %s (0x%03x) at 0x%08lx\n",
inf->name, ifsr, addr);
-+die:
- info.si_signo = inf->sig;
- info.si_errno = 0;
- info.si_code = inf->code;
diff --git a/arch/arm/mm/fault.h b/arch/arm/mm/fault.h
-index cf08bdf..f1a0383 100644
+index cf08bdf..772656c 100644
--- a/arch/arm/mm/fault.h
+++ b/arch/arm/mm/fault.h
@@ -3,6 +3,7 @@
*/
#define FSR_LNX_PF (1 << 31)
#define FSR_WRITE (1 << 11)
-@@ -22,6 +23,12 @@ static inline int fsr_fs(unsigned int fsr)
+@@ -22,6 +23,17 @@ static inline int fsr_fs(unsigned int fsr)
}
#endif
+{
+ return ((fsr_fs(fsr) & 0x3c) == 0xc);
+}
++
++static inline int is_domain_fault(unsigned int fsr)
++{
++ return ((fsr_fs(fsr) & 0xD) == 0x9);
++}
+
void do_bad_area(unsigned long addr, unsigned int fsr, struct pt_regs *regs);
unsigned long search_exception_table(unsigned long addr);
diff --git a/arch/arm/mm/init.c b/arch/arm/mm/init.c
-index ad722f1..46b670e 100644
+index ad722f1..763fdd3 100644
--- a/arch/arm/mm/init.c
+++ b/arch/arm/mm/init.c
-@@ -734,9 +734,43 @@ void __init mem_init(void)
+@@ -30,6 +30,8 @@
+ #include <asm/setup.h>
+ #include <asm/tlb.h>
+ #include <asm/fixmap.h>
++#include <asm/system_info.h>
++#include <asm/cp15.h>
- void free_initmem(void)
+ #include <asm/mach/arch.h>
+ #include <asm/mach/map.h>
+@@ -736,7 +738,46 @@ void free_initmem(void)
{
-+
+ #ifdef CONFIG_HAVE_TCM
+ extern char __tcm_start, __tcm_end;
++#endif
+
+#ifdef CONFIG_PAX_KERNEXEC
+ unsigned long addr;
+ pgd_t *pgd;
+ pud_t *pud;
+ pmd_t *pmd;
-+#endif
++ int cpu_arch = cpu_architecture();
++ unsigned int cr = get_cr();
+
- #ifdef CONFIG_HAVE_TCM
- extern char __tcm_start, __tcm_end;
++ if (cpu_arch >= CPU_ARCH_ARMv6 && (cr & CR_XP)) {
++ /* make pages tables, etc before .text NX */
++ for (addr = PAGE_OFFSET; addr < (unsigned long)_stext; addr += SECTION_SIZE) {
++ pgd = pgd_offset_k(addr);
++ pud = pud_offset(pgd, addr);
++ pmd = pmd_offset(pud, addr);
++ __section_update(pmd, addr, PMD_SECT_XN);
++ }
++ /* make init NX */
++ for (addr = (unsigned long)__init_begin; addr < (unsigned long)_sdata; addr += SECTION_SIZE) {
++ pgd = pgd_offset_k(addr);
++ pud = pud_offset(pgd, addr);
++ pmd = pmd_offset(pud, addr);
++ __section_update(pmd, addr, PMD_SECT_XN);
++ }
++ /* make kernel code/rodata RX */
++ for (addr = (unsigned long)_stext; addr < (unsigned long)__init_begin; addr += SECTION_SIZE) {
++ pgd = pgd_offset_k(addr);
++ pud = pud_offset(pgd, addr);
++ pmd = pmd_offset(pud, addr);
++#ifdef CONFIG_ARM_LPAE
++ __section_update(pmd, addr, PMD_SECT_RDONLY);
++#else
++ __section_update(pmd, addr, PMD_SECT_APX|PMD_SECT_AP_WRITE);
+#endif
-
-+#ifdef CONFIG_PAX_KERNEXEC
-+ /* make pages tables, etc before .text NX */
-+ for (addr = PAGE_OFFSET; addr < (unsigned long)_stext; addr += PMD_SIZE) {
-+ pgd = pgd_offset_k(addr);
-+ pud = pud_offset(pgd, addr);
-+ pmd = pmd_offset(pud, addr);
-+ __pmd_update(pmd, PMD_SECT_XN);
-+ }
-+ /* make init NX */
-+ for (addr = (unsigned long)__init_begin; addr < (unsigned long)_sdata; addr += PMD_SIZE) {
-+ pgd = pgd_offset_k(addr);
-+ pud = pud_offset(pgd, addr);
-+ pmd = pmd_offset(pud, addr);
-+ __pmd_update(pmd, PMD_SECT_XN);
-+ }
-+ /* make kernel code/rodata read-only */
-+ for (addr = (unsigned long)_stext; addr < (unsigned long)__init_begin; addr += PMD_SIZE) {
-+ pgd = pgd_offset_k(addr);
-+ pud = pud_offset(pgd, addr);
-+ pmd = pmd_offset(pud, addr);
-+ __pmd_update(pmd, PMD_SECT_AP_RDONLY);
++ }
+ }
+#endif
+
poison_init_mem(&__tcm_start, &__tcm_end - &__tcm_start);
totalram_pages += free_area(__phys_to_pfn(__pa(&__tcm_start)),
__phys_to_pfn(__pa(&__tcm_end)),
+diff --git a/arch/arm/mm/ioremap.c b/arch/arm/mm/ioremap.c
+index 88fd86c..7a224ce 100644
+--- a/arch/arm/mm/ioremap.c
++++ b/arch/arm/mm/ioremap.c
+@@ -335,9 +335,9 @@ __arm_ioremap_exec(unsigned long phys_addr, size_t size, bool cached)
+ unsigned int mtype;
+
+ if (cached)
+- mtype = MT_MEMORY;
++ mtype = MT_MEMORY_RX;
+ else
+- mtype = MT_MEMORY_NONCACHED;
++ mtype = MT_MEMORY_NONCACHED_RX;
+
+ return __arm_ioremap_caller(phys_addr, size, mtype,
+ __builtin_return_address(0));
diff --git a/arch/arm/mm/mmap.c b/arch/arm/mm/mmap.c
-index ce8cb19..061aa14 100644
+index 10062ce..aa96dd7 100644
--- a/arch/arm/mm/mmap.c
+++ b/arch/arm/mm/mmap.c
-@@ -72,6 +72,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
- unsigned long start_addr;
+@@ -59,6 +59,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
+ struct vm_area_struct *vma;
int do_align = 0;
int aliasing = cache_is_vipt_aliasing();
+ unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags);
+ struct vm_unmapped_area_info info;
/*
- * We only need to do colour alignment if either the I or D
-@@ -93,6 +94,10 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
+@@ -81,6 +82,10 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
if (len > TASK_SIZE)
return -ENOMEM;
if (addr) {
if (do_align)
addr = COLOUR_ALIGN(addr, pgoff);
-@@ -100,15 +105,14 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
+@@ -88,8 +93,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
addr = PAGE_ALIGN(addr);
vma = find_vma(mm, addr);
+ if (TASK_SIZE - len >= addr && check_heap_stack_gap(vma, addr, len, offset))
return addr;
}
- if (len > mm->cached_hole_size) {
-- start_addr = addr = mm->free_area_cache;
-+ start_addr = addr = mm->free_area_cache;
- } else {
-- start_addr = addr = mm->mmap_base;
-- mm->cached_hole_size = 0;
-+ start_addr = addr = mm->mmap_base;
-+ mm->cached_hole_size = 0;
- }
- full_search:
-@@ -124,14 +128,14 @@ full_search:
- * Start a new search - just in case we missed
- * some holes.
- */
-- if (start_addr != TASK_UNMAPPED_BASE) {
-- start_addr = addr = TASK_UNMAPPED_BASE;
-+ if (start_addr != mm->mmap_base) {
-+ start_addr = addr = mm->mmap_base;
- mm->cached_hole_size = 0;
- goto full_search;
- }
- return -ENOMEM;
- }
-- if (!vma || addr + len <= vma->vm_start) {
-+ if (check_heap_stack_gap(vma, addr, len, offset)) {
- /*
- * Remember the place where we stopped the search:
- */
-@@ -156,6 +160,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+@@ -112,6 +116,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
unsigned long addr = addr0;
int do_align = 0;
int aliasing = cache_is_vipt_aliasing();
+ unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags);
+ struct vm_unmapped_area_info info;
/*
- * We only need to do colour alignment if either the I or D
-@@ -175,6 +180,10 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+@@ -132,6 +137,10 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
return addr;
}
/* requesting a specific address */
if (addr) {
if (do_align)
-@@ -182,8 +191,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+@@ -139,8 +148,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
else
addr = PAGE_ALIGN(addr);
vma = find_vma(mm, addr);
return addr;
}
-@@ -203,7 +211,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
- /* make sure it can fit in the remaining address space */
- if (addr > len) {
- vma = find_vma(mm, addr-len);
-- if (!vma || addr <= vma->vm_start)
-+ if (check_heap_stack_gap(vma, addr - len, len, offset))
- /* remember the address as a hint for next time */
- return (mm->free_area_cache = addr-len);
+@@ -162,6 +170,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+ VM_BUG_ON(addr != -ENOMEM);
+ info.flags = 0;
+ info.low_limit = mm->mmap_base;
++
++#ifdef CONFIG_PAX_RANDMMAP
++ if (mm->pax_flags & MF_PAX_RANDMMAP)
++ info.low_limit += mm->delta_mmap;
++#endif
++
+ info.high_limit = TASK_SIZE;
+ addr = vm_unmapped_area(&info);
}
-@@ -212,17 +220,17 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
- goto bottomup;
-
- addr = mm->mmap_base - len;
-- if (do_align)
-- addr = COLOUR_ALIGN_DOWN(addr, pgoff);
-
- do {
-+ if (do_align)
-+ addr = COLOUR_ALIGN_DOWN(addr, pgoff);
- /*
- * Lookup failure means no vma is above this address,
- * else if new region fits below vma->vm_start,
- * return with success:
- */
- vma = find_vma(mm, addr);
-- if (!vma || addr+len <= vma->vm_start)
-+ if (check_heap_stack_gap(vma, addr, len, offset))
- /* remember the address as a hint for next time */
- return (mm->free_area_cache = addr);
-
-@@ -231,10 +239,8 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
- mm->cached_hole_size = vma->vm_start - addr;
-
- /* try just below the current vma->vm_start */
-- addr = vma->vm_start - len;
-- if (do_align)
-- addr = COLOUR_ALIGN_DOWN(addr, pgoff);
-- } while (len < vma->vm_start);
-+ addr = skip_heap_stack_gap(vma, len, offset);
-+ } while (!IS_ERR_VALUE(addr));
-
- bottomup:
- /*
-@@ -259,6 +265,10 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
+@@ -173,6 +187,10 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
{
unsigned long random_factor = 0UL;
+#ifdef CONFIG_PAX_RANDMMAP
-+ if (!(current->mm->pax_flags & MF_PAX_RANDMMAP))
++ if (!(mm->pax_flags & MF_PAX_RANDMMAP))
+#endif
+
/* 8 bits of randomness in 20 address space bits */
if ((current->flags & PF_RANDOMIZE) &&
!(current->personality & ADDR_NO_RANDOMIZE))
-@@ -266,10 +276,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
+@@ -180,10 +198,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
if (mmap_is_legacy()) {
mm->mmap_base = TASK_UNMAPPED_BASE + random_factor;
mm->unmap_area = arch_unmap_area_topdown;
}
diff --git a/arch/arm/mm/mmu.c b/arch/arm/mm/mmu.c
-index 99b47b9..579b667 100644
+index ce328c7..f82bebb 100644
--- a/arch/arm/mm/mmu.c
+++ b/arch/arm/mm/mmu.c
-@@ -227,16 +227,16 @@ static struct mem_type mem_types[] = {
+@@ -35,6 +35,23 @@
+
+ #include "mm.h"
+
++
++#if defined(CONFIG_CPU_USE_DOMAINS) || defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)
++void modify_domain(unsigned int dom, unsigned int type)
++{
++ struct thread_info *thread = current_thread_info();
++ unsigned int domain = thread->cpu_domain;
++ /*
++ * DOMAIN_MANAGER might be defined to some other value,
++ * use the arch-defined constant
++ */
++ domain &= ~domain_val(dom, 3);
++ thread->cpu_domain = domain | domain_val(dom, type);
++ set_domain(thread->cpu_domain);
++}
++EXPORT_SYMBOL(modify_domain);
++#endif
++
+ /*
+ * empty_zero_page is a special page that is used for
+ * zero-initialized data and COW.
+@@ -195,10 +212,18 @@ void adjust_cr(unsigned long mask, unsigned long set)
+ }
+ #endif
+
+-#define PROT_PTE_DEVICE L_PTE_PRESENT|L_PTE_YOUNG|L_PTE_DIRTY|L_PTE_XN
++#define PROT_PTE_DEVICE L_PTE_PRESENT|L_PTE_YOUNG|L_PTE_DIRTY
+ #define PROT_SECT_DEVICE PMD_TYPE_SECT|PMD_SECT_AP_WRITE
+
+-static struct mem_type mem_types[] = {
++#ifdef CONFIG_PAX_KERNEXEC
++#define L_PTE_KERNEXEC L_PTE_RDONLY
++#define PMD_SECT_KERNEXEC PMD_SECT_RDONLY
++#else
++#define L_PTE_KERNEXEC L_PTE_DIRTY
++#define PMD_SECT_KERNEXEC PMD_SECT_AP_WRITE
++#endif
++
++static struct mem_type mem_types[] __read_only = {
+ [MT_DEVICE] = { /* Strongly ordered / ARMv6 shared device */
+ .prot_pte = PROT_PTE_DEVICE | L_PTE_MT_DEV_SHARED |
+ L_PTE_SHARED,
+@@ -227,16 +252,16 @@ static struct mem_type mem_types[] = {
[MT_UNCACHED] = {
.prot_pte = PROT_PTE_DEVICE,
.prot_l1 = PMD_TYPE_TABLE,
- .prot_sect = PMD_TYPE_SECT | PMD_SECT_XN,
-+ .prot_sect = PROT_SECT_DEVICE | PMD_SECT_XN,
++ .prot_sect = PROT_SECT_DEVICE,
.domain = DOMAIN_IO,
},
[MT_CACHECLEAN] = {
- .prot_sect = PMD_TYPE_SECT | PMD_SECT_XN,
-+ .prot_sect = PMD_TYPE_SECT | PMD_SECT_XN | PMD_SECT_AP_RDONLY,
++ .prot_sect = PMD_TYPE_SECT | PMD_SECT_RDONLY,
.domain = DOMAIN_KERNEL,
},
#ifndef CONFIG_ARM_LPAE
[MT_MINICLEAN] = {
- .prot_sect = PMD_TYPE_SECT | PMD_SECT_XN | PMD_SECT_MINICACHE,
-+ .prot_sect = PMD_TYPE_SECT | PMD_SECT_XN | PMD_SECT_MINICACHE | PMD_SECT_AP_RDONLY,
++ .prot_sect = PMD_TYPE_SECT | PMD_SECT_MINICACHE | PMD_SECT_RDONLY,
.domain = DOMAIN_KERNEL,
},
#endif
-@@ -258,8 +258,26 @@ static struct mem_type mem_types[] = {
+@@ -244,36 +269,54 @@ static struct mem_type mem_types[] = {
+ .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY |
+ L_PTE_RDONLY,
+ .prot_l1 = PMD_TYPE_TABLE,
+- .domain = DOMAIN_USER,
++ .domain = DOMAIN_VECTORS,
+ },
+ [MT_HIGH_VECTORS] = {
+ .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY |
+ L_PTE_USER | L_PTE_RDONLY,
+ .prot_l1 = PMD_TYPE_TABLE,
+- .domain = DOMAIN_USER,
++ .domain = DOMAIN_VECTORS,
+ },
+- [MT_MEMORY] = {
++ [MT_MEMORY_RWX] = {
+ .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY,
+ .prot_l1 = PMD_TYPE_TABLE,
.prot_sect = PMD_TYPE_SECT | PMD_SECT_AP_WRITE,
.domain = DOMAIN_KERNEL,
},
-+ [MT_MEMORY_R] = {
-+ .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_RDONLY | L_PTE_XN,
-+ .prot_l1 = PMD_TYPE_TABLE,
-+ .prot_sect = PMD_TYPE_SECT | PMD_SECT_AP_RDONLY | PMD_SECT_XN,
-+ .domain = DOMAIN_KERNEL,
-+ },
+ [MT_MEMORY_RW] = {
-+ .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY | L_PTE_XN,
++ .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY,
+ .prot_l1 = PMD_TYPE_TABLE,
-+ .prot_sect = PMD_TYPE_SECT | PMD_SECT_AP_WRITE | PMD_SECT_XN,
++ .prot_sect = PMD_TYPE_SECT | PMD_SECT_AP_WRITE,
+ .domain = DOMAIN_KERNEL,
+ },
+ [MT_MEMORY_RX] = {
-+ .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_RDONLY,
++ .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_KERNEXEC,
+ .prot_l1 = PMD_TYPE_TABLE,
-+ .prot_sect = PMD_TYPE_SECT | PMD_SECT_AP_RDONLY,
++ .prot_sect = PMD_TYPE_SECT | PMD_SECT_KERNEXEC,
+ .domain = DOMAIN_KERNEL,
+ },
[MT_ROM] = {
- .prot_sect = PMD_TYPE_SECT,
-+ .prot_sect = PMD_TYPE_SECT | PMD_SECT_AP_RDONLY,
++ .prot_sect = PMD_TYPE_SECT | PMD_SECT_RDONLY,
.domain = DOMAIN_KERNEL,
},
- [MT_MEMORY_NONCACHED] = {
-@@ -273,7 +291,7 @@ static struct mem_type mem_types[] = {
+- [MT_MEMORY_NONCACHED] = {
++ [MT_MEMORY_NONCACHED_RW] = {
.prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY |
- L_PTE_XN,
+ L_PTE_MT_BUFFERABLE,
+ .prot_l1 = PMD_TYPE_TABLE,
+ .prot_sect = PMD_TYPE_SECT | PMD_SECT_AP_WRITE,
+ .domain = DOMAIN_KERNEL,
+ },
++ [MT_MEMORY_NONCACHED_RX] = {
++ .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_KERNEXEC |
++ L_PTE_MT_BUFFERABLE,
++ .prot_l1 = PMD_TYPE_TABLE,
++ .prot_sect = PMD_TYPE_SECT | PMD_SECT_KERNEXEC,
++ .domain = DOMAIN_KERNEL,
++ },
+ [MT_MEMORY_DTCM] = {
+- .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY |
+- L_PTE_XN,
++ .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY,
.prot_l1 = PMD_TYPE_TABLE,
- .prot_sect = PMD_TYPE_SECT | PMD_SECT_XN,
-+ .prot_sect = PMD_TYPE_SECT | PMD_SECT_XN | PMD_SECT_AP_RDONLY,
++ .prot_sect = PMD_TYPE_SECT | PMD_SECT_RDONLY,
.domain = DOMAIN_KERNEL,
},
[MT_MEMORY_ITCM] = {
-@@ -432,6 +450,8 @@ static void __init build_mem_type_table(void)
+@@ -283,10 +326,10 @@ static struct mem_type mem_types[] = {
+ },
+ [MT_MEMORY_SO] = {
+ .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY |
+- L_PTE_MT_UNCACHED | L_PTE_XN,
++ L_PTE_MT_UNCACHED,
+ .prot_l1 = PMD_TYPE_TABLE,
+ .prot_sect = PMD_TYPE_SECT | PMD_SECT_AP_WRITE | PMD_SECT_S |
+- PMD_SECT_UNCACHED | PMD_SECT_XN,
++ PMD_SECT_UNCACHED,
+ .domain = DOMAIN_KERNEL,
+ },
+ [MT_MEMORY_DMA_READY] = {
+@@ -371,9 +414,35 @@ static void __init build_mem_type_table(void)
+ * to prevent speculative instruction fetches.
+ */
+ mem_types[MT_DEVICE].prot_sect |= PMD_SECT_XN;
++ mem_types[MT_DEVICE].prot_pte |= L_PTE_XN;
+ mem_types[MT_DEVICE_NONSHARED].prot_sect |= PMD_SECT_XN;
++ mem_types[MT_DEVICE_NONSHARED].prot_pte |= L_PTE_XN;
+ mem_types[MT_DEVICE_CACHED].prot_sect |= PMD_SECT_XN;
++ mem_types[MT_DEVICE_CACHED].prot_pte |= L_PTE_XN;
+ mem_types[MT_DEVICE_WC].prot_sect |= PMD_SECT_XN;
++ mem_types[MT_DEVICE_WC].prot_pte |= L_PTE_XN;
++
++ /* Mark other regions on ARMv6+ as execute-never */
++
++#ifdef CONFIG_PAX_KERNEXEC
++ mem_types[MT_UNCACHED].prot_sect |= PMD_SECT_XN;
++ mem_types[MT_UNCACHED].prot_pte |= L_PTE_XN;
++ mem_types[MT_CACHECLEAN].prot_sect |= PMD_SECT_XN;
++ mem_types[MT_CACHECLEAN].prot_pte |= L_PTE_XN;
++#ifndef CONFIG_ARM_LPAE
++ mem_types[MT_MINICLEAN].prot_sect |= PMD_SECT_XN;
++ mem_types[MT_MINICLEAN].prot_pte |= L_PTE_XN;
++#endif
++ mem_types[MT_MEMORY_RW].prot_sect |= PMD_SECT_XN;
++ mem_types[MT_MEMORY_RW].prot_pte |= L_PTE_XN;
++ mem_types[MT_MEMORY_NONCACHED_RW].prot_sect |= PMD_SECT_XN;
++ mem_types[MT_MEMORY_NONCACHED_RW].prot_pte |= PMD_SECT_XN;
++ mem_types[MT_MEMORY_DTCM].prot_sect |= PMD_SECT_XN;
++ mem_types[MT_MEMORY_DTCM].prot_pte |= L_PTE_XN;
++#endif
++
++ mem_types[MT_MEMORY_SO].prot_sect |= PMD_SECT_XN;
++ mem_types[MT_MEMORY_SO].prot_pte |= L_PTE_XN;
+ }
+ if (cpu_arch >= CPU_ARCH_ARMv7 && (cr & CR_TRE)) {
+ /*
+@@ -432,6 +501,9 @@ static void __init build_mem_type_table(void)
* from SVC mode and no access from userspace.
*/
mem_types[MT_ROM].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE;
++#ifdef CONFIG_PAX_KERNEXEC
+ mem_types[MT_MEMORY_RX].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE;
-+ mem_types[MT_MEMORY_R].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE;
++#endif
mem_types[MT_MINICLEAN].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE;
mem_types[MT_CACHECLEAN].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE;
#endif
-@@ -450,6 +470,12 @@ static void __init build_mem_type_table(void)
+@@ -448,11 +520,17 @@ static void __init build_mem_type_table(void)
+ mem_types[MT_DEVICE_WC].prot_pte |= L_PTE_SHARED;
+ mem_types[MT_DEVICE_CACHED].prot_sect |= PMD_SECT_S;
mem_types[MT_DEVICE_CACHED].prot_pte |= L_PTE_SHARED;
- mem_types[MT_MEMORY].prot_sect |= PMD_SECT_S;
- mem_types[MT_MEMORY].prot_pte |= L_PTE_SHARED;
-+ mem_types[MT_MEMORY_R].prot_sect |= PMD_SECT_S;
-+ mem_types[MT_MEMORY_R].prot_pte |= L_PTE_SHARED;
+- mem_types[MT_MEMORY].prot_sect |= PMD_SECT_S;
+- mem_types[MT_MEMORY].prot_pte |= L_PTE_SHARED;
++ mem_types[MT_MEMORY_RWX].prot_sect |= PMD_SECT_S;
++ mem_types[MT_MEMORY_RWX].prot_pte |= L_PTE_SHARED;
+ mem_types[MT_MEMORY_RW].prot_sect |= PMD_SECT_S;
+ mem_types[MT_MEMORY_RW].prot_pte |= L_PTE_SHARED;
+ mem_types[MT_MEMORY_RX].prot_sect |= PMD_SECT_S;
+ mem_types[MT_MEMORY_RX].prot_pte |= L_PTE_SHARED;
mem_types[MT_MEMORY_DMA_READY].prot_pte |= L_PTE_SHARED;
- mem_types[MT_MEMORY_NONCACHED].prot_sect |= PMD_SECT_S;
- mem_types[MT_MEMORY_NONCACHED].prot_pte |= L_PTE_SHARED;
-@@ -487,6 +513,8 @@ static void __init build_mem_type_table(void)
+- mem_types[MT_MEMORY_NONCACHED].prot_sect |= PMD_SECT_S;
+- mem_types[MT_MEMORY_NONCACHED].prot_pte |= L_PTE_SHARED;
++ mem_types[MT_MEMORY_NONCACHED_RW].prot_sect |= PMD_SECT_S;
++ mem_types[MT_MEMORY_NONCACHED_RW].prot_pte |= L_PTE_SHARED;
++ mem_types[MT_MEMORY_NONCACHED_RX].prot_sect |= PMD_SECT_S;
++ mem_types[MT_MEMORY_NONCACHED_RX].prot_pte |= L_PTE_SHARED;
+ }
+ }
+
+@@ -463,15 +541,20 @@ static void __init build_mem_type_table(void)
+ if (cpu_arch >= CPU_ARCH_ARMv6) {
+ if (cpu_arch >= CPU_ARCH_ARMv7 && (cr & CR_TRE)) {
+ /* Non-cacheable Normal is XCB = 001 */
+- mem_types[MT_MEMORY_NONCACHED].prot_sect |=
++ mem_types[MT_MEMORY_NONCACHED_RW].prot_sect |=
++ PMD_SECT_BUFFERED;
++ mem_types[MT_MEMORY_NONCACHED_RX].prot_sect |=
+ PMD_SECT_BUFFERED;
+ } else {
+ /* For both ARMv6 and non-TEX-remapping ARMv7 */
+- mem_types[MT_MEMORY_NONCACHED].prot_sect |=
++ mem_types[MT_MEMORY_NONCACHED_RW].prot_sect |=
++ PMD_SECT_TEX(1);
++ mem_types[MT_MEMORY_NONCACHED_RX].prot_sect |=
+ PMD_SECT_TEX(1);
+ }
+ } else {
+- mem_types[MT_MEMORY_NONCACHED].prot_sect |= PMD_SECT_BUFFERABLE;
++ mem_types[MT_MEMORY_NONCACHED_RW].prot_sect |= PMD_SECT_BUFFERABLE;
++ mem_types[MT_MEMORY_NONCACHED_RX].prot_sect |= PMD_SECT_BUFFERABLE;
+ }
+
+ #ifdef CONFIG_ARM_LPAE
+@@ -487,6 +570,8 @@ static void __init build_mem_type_table(void)
vecs_pgprot |= PTE_EXT_AF;
#endif
for (i = 0; i < 16; i++) {
pteval_t v = pgprot_val(protection_map[i]);
protection_map[i] = __pgprot(v | user_pgprot);
-@@ -503,6 +531,12 @@ static void __init build_mem_type_table(void)
+@@ -501,10 +586,15 @@ static void __init build_mem_type_table(void)
+
+ mem_types[MT_LOW_VECTORS].prot_l1 |= ecc_mask;
mem_types[MT_HIGH_VECTORS].prot_l1 |= ecc_mask;
- mem_types[MT_MEMORY].prot_sect |= ecc_mask | cp->pmd;
- mem_types[MT_MEMORY].prot_pte |= kern_pgprot;
-+ mem_types[MT_MEMORY_R].prot_sect |= ecc_mask | cp->pmd;
-+ mem_types[MT_MEMORY_R].prot_pte |= kern_pgprot;
+- mem_types[MT_MEMORY].prot_sect |= ecc_mask | cp->pmd;
+- mem_types[MT_MEMORY].prot_pte |= kern_pgprot;
++ mem_types[MT_MEMORY_RWX].prot_sect |= ecc_mask | cp->pmd;
++ mem_types[MT_MEMORY_RWX].prot_pte |= kern_pgprot;
+ mem_types[MT_MEMORY_RW].prot_sect |= ecc_mask | cp->pmd;
+ mem_types[MT_MEMORY_RW].prot_pte |= kern_pgprot;
+ mem_types[MT_MEMORY_RX].prot_sect |= ecc_mask | cp->pmd;
+ mem_types[MT_MEMORY_RX].prot_pte |= kern_pgprot;
mem_types[MT_MEMORY_DMA_READY].prot_pte |= kern_pgprot;
- mem_types[MT_MEMORY_NONCACHED].prot_sect |= ecc_mask;
+- mem_types[MT_MEMORY_NONCACHED].prot_sect |= ecc_mask;
++ mem_types[MT_MEMORY_NONCACHED_RW].prot_sect |= ecc_mask;
++ mem_types[MT_MEMORY_NONCACHED_RX].prot_sect |= ecc_mask;
mem_types[MT_ROM].prot_sect |= cp->pmd;
-@@ -1198,7 +1232,41 @@ static void __init map_lowmem(void)
+
+ switch (cp->pmd) {
+@@ -1105,18 +1195,15 @@ void __init arm_mm_memblock_reserve(void)
+ * called function. This means you can't use any function or debugging
+ * method which may touch any device, otherwise the kernel _will_ crash.
+ */
++
++static char vectors[PAGE_SIZE] __read_only __aligned(PAGE_SIZE);
++
+ static void __init devicemaps_init(struct machine_desc *mdesc)
+ {
+ struct map_desc map;
+ unsigned long addr;
+- void *vectors;
+
+- /*
+- * Allocate the vector page early.
+- */
+- vectors = early_alloc(PAGE_SIZE);
+-
+- early_trap_init(vectors);
++ early_trap_init(&vectors);
+
+ for (addr = VMALLOC_START; addr; addr += PMD_SIZE)
+ pmd_clear(pmd_off_k(addr));
+@@ -1156,7 +1243,7 @@ static void __init devicemaps_init(struct machine_desc *mdesc)
+ * location (0xffff0000). If we aren't using high-vectors, also
+ * create a mapping at the low-vectors virtual address.
+ */
+- map.pfn = __phys_to_pfn(virt_to_phys(vectors));
++ map.pfn = __phys_to_pfn(virt_to_phys(&vectors));
+ map.virtual = 0xffff0000;
+ map.length = PAGE_SIZE;
+ map.type = MT_HIGH_VECTORS;
+@@ -1214,8 +1301,39 @@ static void __init map_lowmem(void)
map.pfn = __phys_to_pfn(start);
map.virtual = __phys_to_virt(start);
map.length = end - start;
-+
+- map.type = MT_MEMORY;
+
+#ifdef CONFIG_PAX_KERNEXEC
+ if (map.virtual <= (unsigned long)_stext && ((unsigned long)_end < (map.virtual + map.length))) {
+ struct map_desc kernel;
+ initmap.pfn = __phys_to_pfn(__pa(__init_begin));
+ initmap.virtual = (unsigned long)__init_begin;
+ initmap.length = _sdata - __init_begin;
-+ initmap.type = MT_MEMORY;
++ initmap.type = MT_MEMORY_RWX;
+ create_mapping(&initmap);
+
+ /* when freeing initmem we will make this RX */
+ kernel.pfn = __phys_to_pfn(__pa(_stext));
+ kernel.virtual = (unsigned long)_stext;
+ kernel.length = __init_begin - _stext;
-+ kernel.type = MT_MEMORY;
++ kernel.type = MT_MEMORY_RWX;
+ create_mapping(&kernel);
+
+ if (map.virtual < (unsigned long)_stext) {
+ map.length = (unsigned long)_stext - map.virtual;
-+ map.type = MT_MEMORY;
++ map.type = MT_MEMORY_RWX;
+ create_mapping(&map);
+ }
+
+ map.virtual = (unsigned long)_sdata;
+ map.length = end - __pa(_sdata);
+ }
++#endif
+
+ map.type = MT_MEMORY_RW;
-+#else
- map.type = MT_MEMORY;
-+#endif
-
create_mapping(&map);
}
-diff --git a/arch/arm/plat-orion/include/plat/addr-map.h b/arch/arm/plat-orion/include/plat/addr-map.h
-index ec63e4a..62aa5f1d 100644
---- a/arch/arm/plat-orion/include/plat/addr-map.h
-+++ b/arch/arm/plat-orion/include/plat/addr-map.h
-@@ -26,7 +26,7 @@ struct orion_addr_map_cfg {
- value in bridge_virt_base */
- void __iomem *(*win_cfg_base) (const struct orion_addr_map_cfg *cfg,
- const int win);
--};
-+} __no_const;
-
- /*
- * Information needed to setup one address mapping.
+ }
+diff --git a/arch/arm/mm/proc-v7-2level.S b/arch/arm/mm/proc-v7-2level.S
+index 6d98c13..3cfb174 100644
+--- a/arch/arm/mm/proc-v7-2level.S
++++ b/arch/arm/mm/proc-v7-2level.S
+@@ -99,6 +99,9 @@ ENTRY(cpu_v7_set_pte_ext)
+ tst r1, #L_PTE_XN
+ orrne r3, r3, #PTE_EXT_XN
+
++ tst r1, #L_PTE_PXN
++ orrne r3, r3, #PTE_EXT_PXN
++
+ tst r1, #L_PTE_YOUNG
+ tstne r1, #L_PTE_VALID
+ #ifndef CONFIG_CPU_USE_DOMAINS
+diff --git a/arch/arm/plat-omap/sram.c b/arch/arm/plat-omap/sram.c
+index a5bc92d..0bb4730 100644
+--- a/arch/arm/plat-omap/sram.c
++++ b/arch/arm/plat-omap/sram.c
+@@ -93,6 +93,8 @@ void __init omap_map_sram(unsigned long start, unsigned long size,
+ * Looks like we need to preserve some bootloader code at the
+ * beginning of SRAM for jumping to flash for reboot to work...
+ */
++ pax_open_kernel();
+ memset_io(omap_sram_base + omap_sram_skip, 0,
+ omap_sram_size - omap_sram_skip);
++ pax_close_kernel();
+ }
diff --git a/arch/arm/plat-samsung/include/plat/dma-ops.h b/arch/arm/plat-samsung/include/plat/dma-ops.h
index f5144cd..71f6d1f 100644
--- a/arch/arm/plat-samsung/include/plat/dma-ops.h
extern void *samsung_dmadev_get_ops(void);
extern void *s3c_dma_get_ops(void);
+diff --git a/arch/arm64/kernel/debug-monitors.c b/arch/arm64/kernel/debug-monitors.c
+index 0c3ba9f..95722b3 100644
+--- a/arch/arm64/kernel/debug-monitors.c
++++ b/arch/arm64/kernel/debug-monitors.c
+@@ -151,7 +151,7 @@ static int __cpuinit os_lock_notify(struct notifier_block *self,
+ return NOTIFY_OK;
+ }
+
+-static struct notifier_block __cpuinitdata os_lock_nb = {
++static struct notifier_block os_lock_nb = {
+ .notifier_call = os_lock_notify,
+ };
+
+diff --git a/arch/arm64/kernel/hw_breakpoint.c b/arch/arm64/kernel/hw_breakpoint.c
+index 5ab825c..96aaec8 100644
+--- a/arch/arm64/kernel/hw_breakpoint.c
++++ b/arch/arm64/kernel/hw_breakpoint.c
+@@ -831,7 +831,7 @@ static int __cpuinit hw_breakpoint_reset_notify(struct notifier_block *self,
+ return NOTIFY_OK;
+ }
+
+-static struct notifier_block __cpuinitdata hw_breakpoint_reset_nb = {
++static struct notifier_block hw_breakpoint_reset_nb = {
+ .notifier_call = hw_breakpoint_reset_notify,
+ };
+
diff --git a/arch/avr32/include/asm/cache.h b/arch/avr32/include/asm/cache.h
index c3a58a1..78fbf54 100644
--- a/arch/avr32/include/asm/cache.h
__cu_len; \
})
+diff --git a/arch/ia64/kernel/err_inject.c b/arch/ia64/kernel/err_inject.c
+index 2d67317..07d8bfa 100644
+--- a/arch/ia64/kernel/err_inject.c
++++ b/arch/ia64/kernel/err_inject.c
+@@ -256,7 +256,7 @@ static int __cpuinit err_inject_cpu_callback(struct notifier_block *nfb,
+ return NOTIFY_OK;
+ }
+
+-static struct notifier_block __cpuinitdata err_inject_cpu_notifier =
++static struct notifier_block err_inject_cpu_notifier =
+ {
+ .notifier_call = err_inject_cpu_callback,
+ };
+diff --git a/arch/ia64/kernel/mca.c b/arch/ia64/kernel/mca.c
+index 65bf9cd..794f06b 100644
+--- a/arch/ia64/kernel/mca.c
++++ b/arch/ia64/kernel/mca.c
+@@ -1922,7 +1922,7 @@ static int __cpuinit mca_cpu_callback(struct notifier_block *nfb,
+ return NOTIFY_OK;
+ }
+
+-static struct notifier_block mca_cpu_notifier __cpuinitdata = {
++static struct notifier_block mca_cpu_notifier = {
+ .notifier_call = mca_cpu_callback
+ };
+
diff --git a/arch/ia64/kernel/module.c b/arch/ia64/kernel/module.c
index 24603be..948052d 100644
--- a/arch/ia64/kernel/module.c
mod->arch.gp = gp;
DEBUGP("%s: placing gp at 0x%lx\n", __func__, gp);
}
+diff --git a/arch/ia64/kernel/palinfo.c b/arch/ia64/kernel/palinfo.c
+index 77597e5..6f28f3f 100644
+--- a/arch/ia64/kernel/palinfo.c
++++ b/arch/ia64/kernel/palinfo.c
+@@ -1045,7 +1045,7 @@ static int __cpuinit palinfo_cpu_callback(struct notifier_block *nfb,
+ return NOTIFY_OK;
+ }
+
+-static struct notifier_block __refdata palinfo_cpu_notifier =
++static struct notifier_block palinfo_cpu_notifier =
+ {
+ .notifier_call = palinfo_cpu_callback,
+ .priority = 0,
+diff --git a/arch/ia64/kernel/salinfo.c b/arch/ia64/kernel/salinfo.c
+index 79802e5..1a89ec5 100644
+--- a/arch/ia64/kernel/salinfo.c
++++ b/arch/ia64/kernel/salinfo.c
+@@ -616,7 +616,7 @@ salinfo_cpu_callback(struct notifier_block *nb, unsigned long action, void *hcpu
+ return NOTIFY_OK;
+ }
+
+-static struct notifier_block salinfo_cpu_notifier __cpuinitdata =
++static struct notifier_block salinfo_cpu_notifier =
+ {
+ .notifier_call = salinfo_cpu_callback,
+ .priority = 0,
diff --git a/arch/ia64/kernel/sys_ia64.c b/arch/ia64/kernel/sys_ia64.c
index d9439ef..d0cac6b 100644
--- a/arch/ia64/kernel/sys_ia64.c
mm->free_area_cache = addr + len;
return addr;
diff --git a/arch/ia64/kernel/topology.c b/arch/ia64/kernel/topology.c
-index c64460b..4d250a6 100644
+index dc00b2c..cce53c2 100644
--- a/arch/ia64/kernel/topology.c
+++ b/arch/ia64/kernel/topology.c
@@ -445,7 +445,7 @@ static int __cpuinit cache_cpu_callback(struct notifier_block *nfb,
addr = ALIGN(vmm->vm_end, HPAGE_SIZE);
}
diff --git a/arch/ia64/mm/init.c b/arch/ia64/mm/init.c
-index 082e383..fb7be80 100644
+index b755ea9..b9a969e 100644
--- a/arch/ia64/mm/init.c
+++ b/arch/ia64/mm/init.c
@@ -120,6 +120,19 @@ ia64_init_addr_space (void)
#endif /* _ASM_EXEC_H */
diff --git a/arch/mips/include/asm/page.h b/arch/mips/include/asm/page.h
-index da9bd7d..91aa7ab 100644
+index dbaec94..6a14935 100644
--- a/arch/mips/include/asm/page.h
+++ b/arch/mips/include/asm/page.h
-@@ -98,7 +98,7 @@ extern void copy_user_highpage(struct page *to, struct page *from,
+@@ -96,7 +96,7 @@ extern void copy_user_highpage(struct page *to, struct page *from,
#ifdef CONFIG_CPU_MIPS32
typedef struct { unsigned long pte_low, pte_high; } pte_t;
#define pte_val(x) ((x).pte_low | ((unsigned long long)(x).pte_high << 32))
/*
diff --git a/arch/mips/include/asm/thread_info.h b/arch/mips/include/asm/thread_info.h
-index 18806a5..141ffcf 100644
+index b2050b9..d71bb1b 100644
--- a/arch/mips/include/asm/thread_info.h
+++ b/arch/mips/include/asm/thread_info.h
-@@ -110,6 +110,8 @@ register struct thread_info *__current_thread_info __asm__("$28");
+@@ -111,6 +111,8 @@ register struct thread_info *__current_thread_info __asm__("$28");
#define TIF_32BIT_ADDR 23 /* 32-bit address space (o32/n32) */
#define TIF_FPUBOUND 24 /* thread bound to FPU-full CPU set */
#define TIF_LOAD_WATCH 25 /* If set, load watch registers */
#define TIF_SYSCALL_TRACE 31 /* syscall trace active */
#define _TIF_SYSCALL_TRACE (1<<TIF_SYSCALL_TRACE)
-@@ -125,15 +127,18 @@ register struct thread_info *__current_thread_info __asm__("$28");
+@@ -126,15 +128,18 @@ register struct thread_info *__current_thread_info __asm__("$28");
#define _TIF_32BIT_ADDR (1<<TIF_32BIT_ADDR)
#define _TIF_FPUBOUND (1<<TIF_FPUBOUND)
#define _TIF_LOAD_WATCH (1<<TIF_LOAD_WATCH)
/*
diff --git a/arch/mips/kernel/process.c b/arch/mips/kernel/process.c
-index 69b17a9..9db82f9 100644
+index a11c6f9..be5e164 100644
--- a/arch/mips/kernel/process.c
+++ b/arch/mips/kernel/process.c
-@@ -478,15 +478,3 @@ unsigned long get_wchan(struct task_struct *task)
+@@ -460,15 +460,3 @@ unsigned long get_wchan(struct task_struct *task)
out:
return pc;
}
goto out;
diff --git a/arch/mips/kernel/scall32-o32.S b/arch/mips/kernel/scall32-o32.S
-index 374f66e..1c882a0 100644
+index d20a4bc..7096ae5 100644
--- a/arch/mips/kernel/scall32-o32.S
+++ b/arch/mips/kernel/scall32-o32.S
@@ -52,7 +52,7 @@ NESTED(handle_sys, PT_SIZE, sp)
bnez t0, syscall_trace_entry # -> yes
diff --git a/arch/mips/kernel/scall64-64.S b/arch/mips/kernel/scall64-64.S
-index 169de6a..f594a89 100644
+index b64f642..0fe6eab 100644
--- a/arch/mips/kernel/scall64-64.S
+++ b/arch/mips/kernel/scall64-64.S
@@ -54,7 +54,7 @@ NESTED(handle_sys64, PT_SIZE, sp)
and t0, t1, t0
bnez t0, syscall_trace_entry
diff --git a/arch/mips/kernel/scall64-n32.S b/arch/mips/kernel/scall64-n32.S
-index 86ec03f..1235baf 100644
+index c29ac19..c592d05 100644
--- a/arch/mips/kernel/scall64-n32.S
+++ b/arch/mips/kernel/scall64-n32.S
-@@ -53,7 +53,7 @@ NESTED(handle_sysn32, PT_SIZE, sp)
+@@ -47,7 +47,7 @@ NESTED(handle_sysn32, PT_SIZE, sp)
sd a3, PT_R26(sp) # save a3 for syscall restarting
and t0, t1, t0
bnez t0, n32_syscall_trace_entry
diff --git a/arch/mips/kernel/scall64-o32.S b/arch/mips/kernel/scall64-o32.S
-index 53c2d72..3734584 100644
+index cf3e75e..72e93fe 100644
--- a/arch/mips/kernel/scall64-o32.S
+++ b/arch/mips/kernel/scall64-o32.S
@@ -81,7 +81,7 @@ NESTED(handle_sys, PT_SIZE, sp)
* This routine handles page faults. It determines the address,
* and the problem, and then passes it off to one of the appropriate
diff --git a/arch/mips/mm/mmap.c b/arch/mips/mm/mmap.c
-index 302d779..6459dc0 100644
+index 7e5fe27..479a219 100644
--- a/arch/mips/mm/mmap.c
+++ b/arch/mips/mm/mmap.c
-@@ -71,6 +71,7 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp,
+@@ -59,6 +59,7 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp,
struct vm_area_struct *vma;
unsigned long addr = addr0;
int do_color_align;
+ unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags);
+ struct vm_unmapped_area_info info;
if (unlikely(len > TASK_SIZE))
- return -ENOMEM;
-@@ -95,6 +96,11 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp,
+@@ -84,6 +85,11 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp,
do_color_align = 1;
/* requesting a specific address */
if (addr) {
if (do_color_align)
addr = COLOUR_ALIGN(addr, pgoff);
-@@ -102,8 +108,7 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp,
+@@ -91,8 +97,7 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp,
addr = PAGE_ALIGN(addr);
vma = find_vma(mm, addr);
return addr;
}
-@@ -118,7 +123,7 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp,
- /* At this point: (!vma || addr < vma->vm_end). */
- if (TASK_SIZE - len < addr)
- return -ENOMEM;
-- if (!vma || addr + len <= vma->vm_start)
-+ if (check_heap_stack_gap(vmm, addr, len, offset))
- return addr;
- addr = vma->vm_end;
- if (do_color_align)
-@@ -145,7 +150,7 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp,
- /* make sure it can fit in the remaining address space */
- if (likely(addr > len)) {
- vma = find_vma(mm, addr - len);
-- if (!vma || addr <= vma->vm_start) {
-+ if (check_heap_stack_gap(vmm, addr - len, len, offset))
- /* cache the address as a hint for next time */
- return mm->free_area_cache = addr - len;
- }
-@@ -155,17 +160,17 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp,
- goto bottomup;
-
- addr = mm->mmap_base - len;
-- if (do_color_align)
-- addr = COLOUR_ALIGN_DOWN(addr, pgoff);
-
- do {
-+ if (do_color_align)
-+ addr = COLOUR_ALIGN_DOWN(addr, pgoff);
- /*
- * Lookup failure means no vma is above this address,
- * else if new region fits below vma->vm_start,
- * return with success:
- */
- vma = find_vma(mm, addr);
-- if (likely(!vma || addr + len <= vma->vm_start)) {
-+ if (check_heap_stack_gap(vmm, addr, len, offset)) {
- /* cache the address as a hint for next time */
- return mm->free_area_cache = addr;
- }
-@@ -175,10 +180,8 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp,
- mm->cached_hole_size = vma->vm_start - addr;
-
- /* try just below the current vma->vm_start */
-- addr = vma->vm_start - len;
-- if (do_color_align)
-- addr = COLOUR_ALIGN_DOWN(addr, pgoff);
-- } while (likely(len < vma->vm_start));
-+ addr = skip_heap_stack_gap(vma, len, offset);
-+ } while (!IS_ERR_VALUE(addr));
-
- bottomup:
- /*
-@@ -223,6 +226,10 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
+@@ -146,6 +151,10 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
{
unsigned long random_factor = 0UL;
+#ifdef CONFIG_PAX_RANDMMAP
-+ if (!(current->mm->pax_flags & MF_PAX_RANDMMAP))
++ if (!(mm->pax_flags & MF_PAX_RANDMMAP))
+#endif
+
if (current->flags & PF_RANDOMIZE) {
random_factor = get_random_int();
random_factor = random_factor << PAGE_SHIFT;
-@@ -234,38 +241,23 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
+@@ -157,42 +166,27 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
if (mmap_is_legacy()) {
mm->mmap_base = TASK_UNMAPPED_BASE + random_factor;
mm->unmap_area = arch_unmap_area_topdown;
}
}
--
+
-static inline unsigned long brk_rnd(void)
-{
- unsigned long rnd = get_random_int();
-
- return ret;
-}
+-
+ int __virt_addr_valid(const volatile void *kaddr)
+ {
+ return pfn_valid(PFN_DOWN(virt_to_phys(kaddr)));
diff --git a/arch/mn10300/proc-mn103e010/include/proc/cache.h b/arch/mn10300/proc-mn103e010/include/proc/cache.h
index 967d144..db12197 100644
--- a/arch/mn10300/proc-mn103e010/include/proc/cache.h
#endif
diff --git a/arch/parisc/include/asm/pgtable.h b/arch/parisc/include/asm/pgtable.h
-index ee99f23..802b0a1 100644
+index 7df49fa..38b62bf 100644
--- a/arch/parisc/include/asm/pgtable.h
+++ b/arch/parisc/include/asm/pgtable.h
-@@ -212,6 +212,17 @@ struct vm_area_struct;
+@@ -218,6 +218,17 @@ extern void purge_tlb_entries(struct mm_struct *, unsigned long);
#define PAGE_EXECREAD __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_EXEC |_PAGE_ACCESSED)
#define PAGE_COPY PAGE_EXECREAD
#define PAGE_RWX __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_WRITE | _PAGE_EXEC |_PAGE_ACCESSED)
else
copy_from_user_overflow();
diff --git a/arch/parisc/kernel/module.c b/arch/parisc/kernel/module.c
-index 5e34ccf..672bc9c 100644
+index 2a625fb..9908930 100644
--- a/arch/parisc/kernel/module.c
+++ b/arch/parisc/kernel/module.c
@@ -98,16 +98,38 @@
}
static inline int in_local(struct module *me, void *loc)
-@@ -373,13 +395,13 @@ int module_frob_arch_sections(CONST Elf_Ehdr *hdr,
+@@ -371,13 +393,13 @@ int module_frob_arch_sections(CONST Elf_Ehdr *hdr,
}
/* align things a bit */
me->arch.got_max = gots;
me->arch.fdesc_max = fdescs;
-@@ -397,7 +419,7 @@ static Elf64_Word get_got(struct module *me, unsigned long value, long addend)
+@@ -395,7 +417,7 @@ static Elf64_Word get_got(struct module *me, unsigned long value, long addend)
BUG_ON(value == 0);
for (i = 0; got[i].addr; i++)
if (got[i].addr == value)
goto out;
-@@ -415,7 +437,7 @@ static Elf64_Word get_got(struct module *me, unsigned long value, long addend)
+@@ -413,7 +435,7 @@ static Elf64_Word get_got(struct module *me, unsigned long value, long addend)
#ifdef CONFIG_64BIT
static Elf_Addr get_fdesc(struct module *me, unsigned long value)
{
if (!value) {
printk(KERN_ERR "%s: zero OPD requested!\n", me->name);
-@@ -433,7 +455,7 @@ static Elf_Addr get_fdesc(struct module *me, unsigned long value)
+@@ -431,7 +453,7 @@ static Elf_Addr get_fdesc(struct module *me, unsigned long value)
/* Create new one */
fdesc->addr = value;
return (Elf_Addr)fdesc;
}
#endif /* CONFIG_64BIT */
-@@ -845,7 +867,7 @@ register_unwind_table(struct module *me,
+@@ -843,7 +865,7 @@ register_unwind_table(struct module *me,
table = (unsigned char *)sechdrs[me->arch.unwind_section].sh_addr;
end = table + sechdrs[me->arch.unwind_section].sh_size;
#define _PAGE_NO_CACHE 0x020 /* I: cache inhibit */
#define _PAGE_WRITETHRU 0x040 /* W: cache write-through */
diff --git a/arch/powerpc/include/asm/reg.h b/arch/powerpc/include/asm/reg.h
-index d24c141..b60696e 100644
+index 3d5c9dc..62f8414 100644
--- a/arch/powerpc/include/asm/reg.h
+++ b/arch/powerpc/include/asm/reg.h
@@ -215,6 +215,7 @@
ld r4,_DAR(r1)
bl .bad_page_fault
diff --git a/arch/powerpc/kernel/exceptions-64s.S b/arch/powerpc/kernel/exceptions-64s.S
-index 10b658a..e542888 100644
+index 4665e82..080ea99 100644
--- a/arch/powerpc/kernel/exceptions-64s.S
+++ b/arch/powerpc/kernel/exceptions-64s.S
-@@ -1013,10 +1013,10 @@ handle_page_fault:
+@@ -1206,10 +1206,10 @@ handle_page_fault:
11: ld r4,_DAR(r1)
ld r5,_DSISR(r1)
addi r3,r1,STACK_FRAME_OVERHEAD
/* Find this entry, or if that fails, the next avail. entry */
while (entry->jump[0]) {
diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c
-index ba48233..16ac31d 100644
+index 8143067..21ae55b 100644
--- a/arch/powerpc/kernel/process.c
+++ b/arch/powerpc/kernel/process.c
@@ -680,8 +680,8 @@ void show_regs(struct pt_regs * regs)
#endif
show_stack(current, (unsigned long *) regs->gpr[1]);
if (!user_mode(regs))
-@@ -1175,10 +1175,10 @@ void show_stack(struct task_struct *tsk, unsigned long *stack)
+@@ -1129,10 +1129,10 @@ void show_stack(struct task_struct *tsk, unsigned long *stack)
newsp = stack[0];
ip = stack[STACK_FRAME_LR_SAVE];
if (!firstframe || ip != lr) {
(void *)current->ret_stack[curr_frame].ret);
curr_frame--;
}
-@@ -1198,7 +1198,7 @@ void show_stack(struct task_struct *tsk, unsigned long *stack)
+@@ -1152,7 +1152,7 @@ void show_stack(struct task_struct *tsk, unsigned long *stack)
struct pt_regs *regs = (struct pt_regs *)
(sp + STACK_FRAME_OVERHEAD);
lr = regs->link;
regs->trap, (void *)regs->nip, (void *)lr);
firstframe = 1;
}
-@@ -1240,58 +1240,3 @@ void __ppc64_runlatch_off(void)
+@@ -1194,58 +1194,3 @@ void __ppc64_runlatch_off(void)
mtspr(SPRN_CTRLT, ctrl);
}
#endif /* CONFIG_PPC64 */
- return ret;
-}
diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c
-index 79d8e56..38ffcbb 100644
+index c497000..8fde506 100644
--- a/arch/powerpc/kernel/ptrace.c
+++ b/arch/powerpc/kernel/ptrace.c
-@@ -1663,6 +1663,10 @@ long arch_ptrace(struct task_struct *child, long request,
+@@ -1737,6 +1737,10 @@ long arch_ptrace(struct task_struct *child, long request,
return ret;
}
/*
* We must return the syscall number to actually look up in the table.
* This can be -1L to skip running any syscall at all.
-@@ -1673,6 +1677,11 @@ long do_syscall_trace_enter(struct pt_regs *regs)
+@@ -1747,6 +1751,11 @@ long do_syscall_trace_enter(struct pt_regs *regs)
secure_computing_strict(regs->gpr[0]);
if (test_thread_flag(TIF_SYSCALL_TRACE) &&
tracehook_report_syscall_entry(regs))
/*
-@@ -1707,6 +1716,11 @@ void do_syscall_trace_leave(struct pt_regs *regs)
+@@ -1781,6 +1790,11 @@ void do_syscall_trace_leave(struct pt_regs *regs)
{
int step;
goto badframe;
regs->link = current->mm->context.vdso_base + vdso32_rt_sigtramp;
diff --git a/arch/powerpc/kernel/signal_64.c b/arch/powerpc/kernel/signal_64.c
-index d183f87..1867f1a 100644
+index 1ca045d..139c3f7 100644
--- a/arch/powerpc/kernel/signal_64.c
+++ b/arch/powerpc/kernel/signal_64.c
@@ -430,7 +430,7 @@ int handle_rt_signal64(int signr, struct k_sigaction *ka, siginfo_t *info,
regs->link = current->mm->context.vdso_base + vdso64_rt_sigtramp;
} else {
err |= setup_trampoline(__NR_rt_sigreturn, &frame->tramp[0]);
+diff --git a/arch/powerpc/kernel/sysfs.c b/arch/powerpc/kernel/sysfs.c
+index 3ce1f86..c30e629 100644
+--- a/arch/powerpc/kernel/sysfs.c
++++ b/arch/powerpc/kernel/sysfs.c
+@@ -522,7 +522,7 @@ static int __cpuinit sysfs_cpu_notify(struct notifier_block *self,
+ return NOTIFY_OK;
+ }
+
+-static struct notifier_block __cpuinitdata sysfs_cpu_nb = {
++static struct notifier_block sysfs_cpu_nb = {
+ .notifier_call = sysfs_cpu_notify,
+ };
+
diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c
index 3251840..3f7c77a 100644
--- a/arch/powerpc/kernel/traps.c
EXPORT_SYMBOL(copy_in_user);
diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c
-index 0a6b283..7674925 100644
+index 3a8489a..6a63b3b 100644
--- a/arch/powerpc/mm/fault.c
+++ b/arch/powerpc/mm/fault.c
@@ -32,6 +32,10 @@
/*
* Check whether the instruction at regs->nip is a store using
* an update addressing form which will update r1.
-@@ -216,7 +247,7 @@ int __kprobes do_page_fault(struct pt_regs *regs, unsigned long address,
+@@ -213,7 +244,7 @@ int __kprobes do_page_fault(struct pt_regs *regs, unsigned long address,
* indicate errors in DSISR but can validly be set in SRR1.
*/
if (trap == 0x400)
else
is_write = error_code & DSISR_ISSTORE;
#else
-@@ -367,7 +398,7 @@ good_area:
+@@ -364,7 +395,7 @@ good_area:
* "undefined". Of those that can be set, this is the only
* one which seems bad.
*/
/* Guarded storage error. */
goto bad_area;
#endif /* CONFIG_8xx */
-@@ -382,7 +413,7 @@ good_area:
+@@ -379,7 +410,7 @@ good_area:
* processors use the same I/D cache coherency mechanism
* as embedded.
*/
goto bad_area;
#endif /* CONFIG_PPC_STD_MMU */
-@@ -465,6 +496,23 @@ bad_area:
+@@ -462,6 +493,23 @@ bad_area:
bad_area_nosemaphore:
/* User mode accesses cause a SIGSEGV */
if (user_mode(regs)) {
return 0;
}
diff --git a/arch/powerpc/mm/mmap_64.c b/arch/powerpc/mm/mmap_64.c
-index 67a42ed..c16ef80 100644
+index 67a42ed..cd463e0 100644
--- a/arch/powerpc/mm/mmap_64.c
+++ b/arch/powerpc/mm/mmap_64.c
@@ -57,6 +57,10 @@ static unsigned long mmap_rnd(void)
unsigned long rnd = 0;
+#ifdef CONFIG_PAX_RANDMMAP
-+ if (!(current->mm->pax_flags & MF_PAX_RANDMMAP))
++ if (!(mm->pax_flags & MF_PAX_RANDMMAP))
+#endif
+
if (current->flags & PF_RANDOMIZE) {
mm->get_unmapped_area = arch_get_unmapped_area_topdown;
mm->unmap_area = arch_unmap_area_topdown;
}
+diff --git a/arch/powerpc/mm/mmu_context_nohash.c b/arch/powerpc/mm/mmu_context_nohash.c
+index e779642..e5bb889 100644
+--- a/arch/powerpc/mm/mmu_context_nohash.c
++++ b/arch/powerpc/mm/mmu_context_nohash.c
+@@ -363,7 +363,7 @@ static int __cpuinit mmu_context_cpu_notify(struct notifier_block *self,
+ return NOTIFY_OK;
+ }
+
+-static struct notifier_block __cpuinitdata mmu_context_cpu_nb = {
++static struct notifier_block mmu_context_cpu_nb = {
+ .notifier_call = mmu_context_cpu_notify,
+ };
+
+diff --git a/arch/powerpc/mm/numa.c b/arch/powerpc/mm/numa.c
+index bba87ca..c346a33 100644
+--- a/arch/powerpc/mm/numa.c
++++ b/arch/powerpc/mm/numa.c
+@@ -932,7 +932,7 @@ static void __init *careful_zallocation(int nid, unsigned long size,
+ return ret;
+ }
+
+-static struct notifier_block __cpuinitdata ppc64_numa_nb = {
++static struct notifier_block ppc64_numa_nb = {
+ .notifier_call = cpu_numa_callback,
+ .priority = 1 /* Must run before sched domains notifier. */
+ };
diff --git a/arch/powerpc/mm/slice.c b/arch/powerpc/mm/slice.c
-index 5829d2a..af84242 100644
+index cf9dada..241529f 100644
--- a/arch/powerpc/mm/slice.c
+++ b/arch/powerpc/mm/slice.c
@@ -103,7 +103,7 @@ static int slice_area_is_free(struct mm_struct *mm, unsigned long addr,
/* If hint, make sure it matches our alignment restrictions */
if (!fixed && addr) {
addr = _ALIGN_UP(addr, 1ul << pshift);
+diff --git a/arch/powerpc/platforms/powermac/smp.c b/arch/powerpc/platforms/powermac/smp.c
+index bdb738a..49c9f95 100644
+--- a/arch/powerpc/platforms/powermac/smp.c
++++ b/arch/powerpc/platforms/powermac/smp.c
+@@ -885,7 +885,7 @@ static int smp_core99_cpu_notify(struct notifier_block *self,
+ return NOTIFY_OK;
+ }
+
+-static struct notifier_block __cpuinitdata smp_core99_cpu_nb = {
++static struct notifier_block smp_core99_cpu_nb = {
+ .notifier_call = smp_core99_cpu_notify,
+ };
+ #endif /* CONFIG_HOTPLUG_CPU */
diff --git a/arch/s390/include/asm/atomic.h b/arch/s390/include/asm/atomic.h
index c797832..ce575c8 100644
--- a/arch/s390/include/asm/atomic.h
if (r_type == R_390_GOTPC)
*(unsigned int *) loc = val;
diff --git a/arch/s390/kernel/process.c b/arch/s390/kernel/process.c
-index cd31ad4..201c5a3 100644
+index 536d645..4a5bd9e 100644
--- a/arch/s390/kernel/process.c
+++ b/arch/s390/kernel/process.c
-@@ -283,39 +283,3 @@ unsigned long get_wchan(struct task_struct *p)
+@@ -250,39 +250,3 @@ unsigned long get_wchan(struct task_struct *p)
}
return 0;
}
#endif /* _ASM_SCORE_EXEC_H */
diff --git a/arch/score/kernel/process.c b/arch/score/kernel/process.c
-index 637970c..0b6556b 100644
+index 7956846..5f37677 100644
--- a/arch/score/kernel/process.c
+++ b/arch/score/kernel/process.c
-@@ -161,8 +161,3 @@ unsigned long get_wchan(struct task_struct *task)
+@@ -134,8 +134,3 @@ unsigned long get_wchan(struct task_struct *task)
return task_pt_regs(task)->cp0_epc;
}
#define __read_mostly __attribute__((__section__(".data..read_mostly")))
+diff --git a/arch/sh/kernel/cpu/sh4a/smp-shx3.c b/arch/sh/kernel/cpu/sh4a/smp-shx3.c
+index 03f2b55..b027032 100644
+--- a/arch/sh/kernel/cpu/sh4a/smp-shx3.c
++++ b/arch/sh/kernel/cpu/sh4a/smp-shx3.c
+@@ -143,7 +143,7 @@ shx3_cpu_callback(struct notifier_block *nfb, unsigned long action, void *hcpu)
+ return NOTIFY_OK;
+ }
+
+-static struct notifier_block __cpuinitdata shx3_cpu_notifier = {
++static struct notifier_block shx3_cpu_notifier = {
+ .notifier_call = shx3_cpu_callback,
+ };
+
diff --git a/arch/sh/mm/mmap.c b/arch/sh/mm/mmap.c
-index afeb710..e8366ef 100644
+index 6777177..cb5e44f 100644
--- a/arch/sh/mm/mmap.c
+++ b/arch/sh/mm/mmap.c
-@@ -49,6 +49,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr,
+@@ -36,6 +36,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr,
+ struct mm_struct *mm = current->mm;
struct vm_area_struct *vma;
- unsigned long start_addr;
int do_colour_align;
+ unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags);
+ struct vm_unmapped_area_info info;
if (flags & MAP_FIXED) {
- /* We do not accept a shared mapping if it would violate
-@@ -74,8 +75,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr,
+@@ -55,6 +56,10 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr,
+ if (filp || (flags & MAP_SHARED))
+ do_colour_align = 1;
+
++#ifdef CONFIG_PAX_RANDMMAP
++ if (!(mm->pax_flags & MF_PAX_RANDMMAP))
++#endif
++
+ if (addr) {
+ if (do_colour_align)
+ addr = COLOUR_ALIGN(addr, pgoff);
+@@ -62,14 +67,13 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr,
addr = PAGE_ALIGN(addr);
vma = find_vma(mm, addr);
return addr;
}
-@@ -106,7 +106,7 @@ full_search:
- }
- return -ENOMEM;
- }
-- if (likely(!vma || addr + len <= vma->vm_start)) {
-+ if (likely(check_heap_stack_gap(vma, addr, len, offset))) {
- /*
- * Remember the place where we stopped the search:
- */
-@@ -131,6 +131,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+ info.flags = 0;
+ info.length = len;
+- info.low_limit = TASK_UNMAPPED_BASE;
++ info.low_limit = mm->mmap_base;
+ info.high_limit = TASK_SIZE;
+ info.align_mask = do_colour_align ? (PAGE_MASK & shm_align_mask) : 0;
+ info.align_offset = pgoff << PAGE_SHIFT;
+@@ -85,6 +89,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
struct mm_struct *mm = current->mm;
unsigned long addr = addr0;
int do_colour_align;
+ unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags);
+ struct vm_unmapped_area_info info;
if (flags & MAP_FIXED) {
- /* We do not accept a shared mapping if it would violate
-@@ -157,8 +158,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+@@ -104,6 +109,10 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+ if (filp || (flags & MAP_SHARED))
+ do_colour_align = 1;
+
++#ifdef CONFIG_PAX_RANDMMAP
++ if (!(mm->pax_flags & MF_PAX_RANDMMAP))
++#endif
++
+ /* requesting a specific address */
+ if (addr) {
+ if (do_colour_align)
+@@ -112,8 +121,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
addr = PAGE_ALIGN(addr);
vma = find_vma(mm, addr);
return addr;
}
-@@ -179,7 +179,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
- /* make sure it can fit in the remaining address space */
- if (likely(addr > len)) {
- vma = find_vma(mm, addr-len);
-- if (!vma || addr <= vma->vm_start) {
-+ if (check_heap_stack_gap(vma, addr - len, len, offset)) {
- /* remember the address as a hint for next time */
- return (mm->free_area_cache = addr-len);
- }
-@@ -188,18 +188,18 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
- if (unlikely(mm->mmap_base < len))
- goto bottomup;
-
-- addr = mm->mmap_base-len;
-- if (do_colour_align)
-- addr = COLOUR_ALIGN_DOWN(addr, pgoff);
-+ addr = mm->mmap_base - len;
-
- do {
-+ if (do_colour_align)
-+ addr = COLOUR_ALIGN_DOWN(addr, pgoff);
- /*
- * Lookup failure means no vma is above this address,
- * else if new region fits below vma->vm_start,
- * return with success:
- */
- vma = find_vma(mm, addr);
-- if (likely(!vma || addr+len <= vma->vm_start)) {
-+ if (likely(check_heap_stack_gap(vma, addr, len, offset))) {
- /* remember the address as a hint for next time */
- return (mm->free_area_cache = addr);
- }
-@@ -209,10 +209,8 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
- mm->cached_hole_size = vma->vm_start - addr;
-
- /* try just below the current vma->vm_start */
-- addr = vma->vm_start-len;
-- if (do_colour_align)
-- addr = COLOUR_ALIGN_DOWN(addr, pgoff);
-- } while (likely(len < vma->vm_start));
-+ addr = skip_heap_stack_gap(vma, len, offset);
-+ } while (!IS_ERR_VALUE(addr));
-
- bottomup:
- /*
+@@ -135,6 +143,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+ VM_BUG_ON(addr != -ENOMEM);
+ info.flags = 0;
+ info.low_limit = TASK_UNMAPPED_BASE;
++
++#ifdef CONFIG_PAX_RANDMMAP
++ if (mm->pax_flags & MF_PAX_RANDMMAP)
++ info.low_limit += mm->delta_mmap;
++#endif
++
+ info.high_limit = TASK_SIZE;
+ addr = vm_unmapped_area(&info);
+ }
diff --git a/arch/sparc/include/asm/atomic_64.h b/arch/sparc/include/asm/atomic_64.h
index be56a24..443328f 100644
--- a/arch/sparc/include/asm/atomic_64.h
/*
diff --git a/arch/sparc/include/asm/thread_info_64.h b/arch/sparc/include/asm/thread_info_64.h
-index a3fe4dc..cae132a 100644
+index 269bd92..e46a9b8 100644
--- a/arch/sparc/include/asm/thread_info_64.h
+++ b/arch/sparc/include/asm/thread_info_64.h
@@ -63,6 +63,8 @@ struct thread_info {
unsigned long fpregs[0] __attribute__ ((aligned(64)));
};
-@@ -193,10 +195,11 @@ register struct thread_info *current_thread_info_reg asm("g6");
+@@ -192,10 +194,11 @@ register struct thread_info *current_thread_info_reg asm("g6");
#define TIF_UNALIGNED 5 /* allowed to do unaligned accesses */
/* flag bit 6 is available */
#define TIF_32BIT 7 /* 32-bit binary */
/* NOTE: Thread flags >= 12 should be ones we have no interest
* in using in assembly, else we can't use the mask as
* an immediate value in instructions such as andcc.
-@@ -215,12 +218,18 @@ register struct thread_info *current_thread_info_reg asm("g6");
+@@ -214,12 +217,18 @@ register struct thread_info *current_thread_info_reg asm("g6");
#define _TIF_SYSCALL_AUDIT (1<<TIF_SYSCALL_AUDIT)
#define _TIF_SYSCALL_TRACEPOINT (1<<TIF_SYSCALL_TRACEPOINT)
#define _TIF_POLLING_NRFLAG (1<<TIF_POLLING_NRFLAG)
}
diff --git a/arch/sparc/include/asm/uaccess_64.h b/arch/sparc/include/asm/uaccess_64.h
-index 73083e1..2bc62a6 100644
+index e562d3c..191f176 100644
--- a/arch/sparc/include/asm/uaccess_64.h
+++ b/arch/sparc/include/asm/uaccess_64.h
@@ -10,6 +10,7 @@
extra-y := head_$(BITS).o
diff --git a/arch/sparc/kernel/process_32.c b/arch/sparc/kernel/process_32.c
-index 487bffb..955a925 100644
+index be8e862..5b50b12 100644
--- a/arch/sparc/kernel/process_32.c
+++ b/arch/sparc/kernel/process_32.c
@@ -126,14 +126,14 @@ void show_regs(struct pt_regs *r)
} while (++count < 16);
printk("\n");
diff --git a/arch/sparc/kernel/process_64.c b/arch/sparc/kernel/process_64.c
-index c6e0c29..052832b 100644
+index cdb80b2..5ca141d 100644
--- a/arch/sparc/kernel/process_64.c
+++ b/arch/sparc/kernel/process_64.c
@@ -181,14 +181,14 @@ static void show_regwindow(struct pt_regs *regs)
if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
diff --git a/arch/sparc/kernel/sys_sparc_32.c b/arch/sparc/kernel/sys_sparc_32.c
-index 0c9b31b..55a8ba6 100644
+index 2da0bdc..79128d2 100644
--- a/arch/sparc/kernel/sys_sparc_32.c
+++ b/arch/sparc/kernel/sys_sparc_32.c
-@@ -39,6 +39,7 @@ asmlinkage unsigned long sys_getpagesize(void)
- unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsigned long len, unsigned long pgoff, unsigned long flags)
- {
- struct vm_area_struct * vmm;
-+ unsigned long offset = gr_rand_threadstack_offset(current->mm, filp, flags);
-
- if (flags & MAP_FIXED) {
- /* We do not accept a shared mapping if it would violate
-@@ -54,7 +55,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi
+@@ -52,7 +52,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi
if (len > TASK_SIZE - PAGE_SIZE)
return -ENOMEM;
if (!addr)
- addr = TASK_UNMAPPED_BASE;
+ addr = current->mm->mmap_base;
- if (flags & MAP_SHARED)
- addr = COLOUR_ALIGN(addr);
-@@ -65,7 +66,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi
- /* At this point: (!vmm || addr < vmm->vm_end). */
- if (TASK_SIZE - PAGE_SIZE - len < addr)
- return -ENOMEM;
-- if (!vmm || addr + len <= vmm->vm_start)
-+ if (check_heap_stack_gap(vmm, addr, len, offset))
- return addr;
- addr = vmm->vm_end;
- if (flags & MAP_SHARED)
+ info.flags = 0;
+ info.length = len;
diff --git a/arch/sparc/kernel/sys_sparc_64.c b/arch/sparc/kernel/sys_sparc_64.c
-index 878ef3d..f100719 100644
+index 708bc29..f0129cb 100644
--- a/arch/sparc/kernel/sys_sparc_64.c
+++ b/arch/sparc/kernel/sys_sparc_64.c
-@@ -102,12 +102,13 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi
+@@ -90,13 +90,14 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi
+ struct vm_area_struct * vma;
unsigned long task_size = TASK_SIZE;
- unsigned long start_addr;
int do_color_align;
+ unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags);
+ struct vm_unmapped_area_info info;
if (flags & MAP_FIXED) {
/* We do not accept a shared mapping if it would violate
((addr - (pgoff << PAGE_SHIFT)) & (SHMLBA - 1)))
return -EINVAL;
return addr;
-@@ -122,6 +123,10 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi
+@@ -111,6 +112,10 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi
if (filp || (flags & MAP_SHARED))
do_color_align = 1;
+
if (addr) {
if (do_color_align)
- addr = COLOUR_ALIGN(addr, pgoff);
-@@ -129,15 +134,14 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi
+ addr = COLOR_ALIGN(addr, pgoff);
+@@ -118,14 +123,13 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi
addr = PAGE_ALIGN(addr);
vma = find_vma(mm, addr);
return addr;
}
- if (len > mm->cached_hole_size) {
-- start_addr = addr = mm->free_area_cache;
-+ start_addr = addr = mm->free_area_cache;
- } else {
-- start_addr = addr = TASK_UNMAPPED_BASE;
-+ start_addr = addr = mm->mmap_base;
- mm->cached_hole_size = 0;
+ info.flags = 0;
+ info.length = len;
+- info.low_limit = TASK_UNMAPPED_BASE;
++ info.low_limit = mm->mmap_base;
+ info.high_limit = min(task_size, VA_EXCLUDE_START);
+ info.align_mask = do_color_align ? (PAGE_MASK & (SHMLBA - 1)) : 0;
+ info.align_offset = pgoff << PAGE_SHIFT;
+@@ -134,6 +138,12 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi
+ if ((addr & ~PAGE_MASK) && task_size > VA_EXCLUDE_END) {
+ VM_BUG_ON(addr != -ENOMEM);
+ info.low_limit = VA_EXCLUDE_END;
++
++#ifdef CONFIG_PAX_RANDMMAP
++ if (mm->pax_flags & MF_PAX_RANDMMAP)
++ info.low_limit += mm->delta_mmap;
++#endif
++
+ info.high_limit = task_size;
+ addr = vm_unmapped_area(&info);
}
-
-@@ -157,14 +161,14 @@ full_search:
- vma = find_vma(mm, VA_EXCLUDE_END);
- }
- if (unlikely(task_size < addr)) {
-- if (start_addr != TASK_UNMAPPED_BASE) {
-- start_addr = addr = TASK_UNMAPPED_BASE;
-+ if (start_addr != mm->mmap_base) {
-+ start_addr = addr = mm->mmap_base;
- mm->cached_hole_size = 0;
- goto full_search;
- }
- return -ENOMEM;
- }
-- if (likely(!vma || addr + len <= vma->vm_start)) {
-+ if (likely(check_heap_stack_gap(vma, addr, len, offset))) {
- /*
- * Remember the place where we stopped the search:
- */
-@@ -190,6 +194,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+@@ -151,6 +161,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
unsigned long task_size = STACK_TOP32;
unsigned long addr = addr0;
int do_color_align;
+ unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags);
+ struct vm_unmapped_area_info info;
/* This should only ever run for 32-bit processes. */
- BUG_ON(!test_thread_flag(TIF_32BIT));
-@@ -198,7 +203,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+@@ -160,7 +171,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
/* We do not accept a shared mapping if it would violate
* cache aliasing constraints.
*/
((addr - (pgoff << PAGE_SHIFT)) & (SHMLBA - 1)))
return -EINVAL;
return addr;
-@@ -219,8 +224,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+@@ -173,6 +184,10 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+ if (filp || (flags & MAP_SHARED))
+ do_color_align = 1;
+
++#ifdef CONFIG_PAX_RANDMMAP
++ if (!(mm->pax_flags & MF_PAX_RANDMMAP))
++#endif
++
+ /* requesting a specific address */
+ if (addr) {
+ if (do_color_align)
+@@ -181,8 +196,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
addr = PAGE_ALIGN(addr);
vma = find_vma(mm, addr);
return addr;
}
-@@ -241,7 +245,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
- /* make sure it can fit in the remaining address space */
- if (likely(addr > len)) {
- vma = find_vma(mm, addr-len);
-- if (!vma || addr <= vma->vm_start) {
-+ if (check_heap_stack_gap(vma, addr - len, len, offset)) {
- /* remember the address as a hint for next time */
- return (mm->free_area_cache = addr-len);
- }
-@@ -250,18 +254,18 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
- if (unlikely(mm->mmap_base < len))
- goto bottomup;
-
-- addr = mm->mmap_base-len;
-- if (do_color_align)
-- addr = COLOUR_ALIGN_DOWN(addr, pgoff);
-+ addr = mm->mmap_base - len;
-
- do {
-+ if (do_color_align)
-+ addr = COLOUR_ALIGN_DOWN(addr, pgoff);
- /*
- * Lookup failure means no vma is above this address,
- * else if new region fits below vma->vm_start,
- * return with success:
- */
- vma = find_vma(mm, addr);
-- if (likely(!vma || addr+len <= vma->vm_start)) {
-+ if (likely(check_heap_stack_gap(vma, addr, len, offset))) {
- /* remember the address as a hint for next time */
- return (mm->free_area_cache = addr);
- }
-@@ -271,10 +275,8 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
- mm->cached_hole_size = vma->vm_start - addr;
-
- /* try just below the current vma->vm_start */
-- addr = vma->vm_start-len;
-- if (do_color_align)
-- addr = COLOUR_ALIGN_DOWN(addr, pgoff);
-- } while (likely(len < vma->vm_start));
-+ addr = skip_heap_stack_gap(vma, len, offset);
-+ } while (!IS_ERR_VALUE(addr));
-
- bottomup:
- /*
-@@ -348,6 +350,10 @@ static unsigned long mmap_rnd(void)
+@@ -204,6 +218,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+ VM_BUG_ON(addr != -ENOMEM);
+ info.flags = 0;
+ info.low_limit = TASK_UNMAPPED_BASE;
++
++#ifdef CONFIG_PAX_RANDMMAP
++ if (mm->pax_flags & MF_PAX_RANDMMAP)
++ info.low_limit += mm->delta_mmap;
++#endif
++
+ info.high_limit = STACK_TOP32;
+ addr = vm_unmapped_area(&info);
+ }
+@@ -264,6 +284,10 @@ static unsigned long mmap_rnd(void)
{
unsigned long rnd = 0UL;
+#ifdef CONFIG_PAX_RANDMMAP
-+ if (!(current->mm->pax_flags & MF_PAX_RANDMMAP))
++ if (!(mm->pax_flags & MF_PAX_RANDMMAP))
+#endif
+
if (current->flags & PF_RANDOMIZE) {
unsigned long val = get_random_int();
if (test_thread_flag(TIF_32BIT))
-@@ -373,6 +379,12 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
+@@ -289,6 +313,12 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
gap == RLIM_INFINITY ||
sysctl_legacy_va_layout) {
mm->mmap_base = TASK_UNMAPPED_BASE + random_factor;
mm->get_unmapped_area = arch_get_unmapped_area;
mm->unmap_area = arch_unmap_area;
} else {
-@@ -385,6 +397,12 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
+@@ -301,6 +331,12 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
gap = (task_size / 6 * 5);
mm->mmap_base = PAGE_ALIGN(task_size - gap - random_factor);
mm->unmap_area = arch_unmap_area_topdown;
}
diff --git a/arch/sparc/kernel/syscalls.S b/arch/sparc/kernel/syscalls.S
-index bf23477..b7425a6 100644
+index e0fed77..604a7e5 100644
--- a/arch/sparc/kernel/syscalls.S
+++ b/arch/sparc/kernel/syscalls.S
-@@ -62,7 +62,7 @@ sys32_rt_sigreturn:
+@@ -58,7 +58,7 @@ sys32_rt_sigreturn:
#endif
.align 32
1: ldx [%g6 + TI_FLAGS], %l5
be,pt %icc, rtrap
nop
call syscall_trace_leave
-@@ -189,7 +189,7 @@ linux_sparc_syscall32:
+@@ -190,7 +190,7 @@ linux_sparc_syscall32:
srl %i5, 0, %o5 ! IEU1
srl %i2, 0, %o2 ! IEU0 Group
bne,pn %icc, linux_syscall_trace32 ! CTI
mov %i0, %l5 ! IEU1
call %l7 ! CTI Group brk forced
-@@ -212,7 +212,7 @@ linux_sparc_syscall:
+@@ -213,7 +213,7 @@ linux_sparc_syscall:
mov %i3, %o3 ! IEU1
mov %i4, %o4 ! IEU0 Group
bne,pn %icc, linux_syscall_trace ! CTI Group
mov %i0, %l5 ! IEU0
2: call %l7 ! CTI Group brk forced
-@@ -228,7 +228,7 @@ ret_sys_call:
+@@ -229,7 +229,7 @@ ret_sys_call:
cmp %o0, -ERESTART_RESTARTBLOCK
bgeu,pn %xcc, 1f
ldx [%sp + PTREGS_OFF + PT_V9_TNPC], %l1 ! pc = npc
2:
+diff --git a/arch/sparc/kernel/sysfs.c b/arch/sparc/kernel/sysfs.c
+index 654e8aa..45f431b 100644
+--- a/arch/sparc/kernel/sysfs.c
++++ b/arch/sparc/kernel/sysfs.c
+@@ -266,7 +266,7 @@ static int __cpuinit sysfs_cpu_notify(struct notifier_block *self,
+ return NOTIFY_OK;
+ }
+
+-static struct notifier_block __cpuinitdata sysfs_cpu_nb = {
++static struct notifier_block sysfs_cpu_nb = {
+ .notifier_call = sysfs_cpu_notify,
+ };
+
diff --git a/arch/sparc/kernel/traps_32.c b/arch/sparc/kernel/traps_32.c
index a5785ea..405c5f7 100644
--- a/arch/sparc/kernel/traps_32.c
}
diff --git a/arch/sparc/kernel/traps_64.c b/arch/sparc/kernel/traps_64.c
-index b66a779..8e8d66c 100644
+index e7ecf15..6520e65 100644
--- a/arch/sparc/kernel/traps_64.c
+++ b/arch/sparc/kernel/traps_64.c
@@ -76,7 +76,7 @@ static void dump_tl1_traplog(struct tl1_traplog *p)
if (!(vma->vm_flags & (VM_READ | VM_EXEC)))
goto bad_area;
diff --git a/arch/sparc/mm/fault_64.c b/arch/sparc/mm/fault_64.c
-index 097aee7..5ca6697 100644
+index 5062ff3..e0b75f3 100644
--- a/arch/sparc/mm/fault_64.c
+++ b/arch/sparc/mm/fault_64.c
@@ -21,6 +21,9 @@
* load/store/atomic was a write or not, it only says that there
* was no match. So in such a case we (carefully) read the
diff --git a/arch/sparc/mm/hugetlbpage.c b/arch/sparc/mm/hugetlbpage.c
-index f76f83d..ee0d859 100644
+index d2b5944..bd813f2 100644
--- a/arch/sparc/mm/hugetlbpage.c
+++ b/arch/sparc/mm/hugetlbpage.c
-@@ -34,6 +34,7 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *filp,
- struct vm_area_struct * vma;
- unsigned long task_size = TASK_SIZE;
- unsigned long start_addr;
-+ unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags);
-
- if (test_thread_flag(TIF_32BIT))
- task_size = STACK_TOP32;
-@@ -67,7 +68,7 @@ full_search:
- }
- return -ENOMEM;
- }
-- if (likely(!vma || addr + len <= vma->vm_start)) {
-+ if (likely(check_heap_stack_gap(vma, addr, len, offset))) {
- /*
- * Remember the place where we stopped the search:
- */
-@@ -90,6 +91,7 @@ hugetlb_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
- struct vm_area_struct *vma;
- struct mm_struct *mm = current->mm;
- unsigned long addr = addr0;
-+ unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags);
-
- /* This should only ever run for 32-bit processes. */
- BUG_ON(!test_thread_flag(TIF_32BIT));
-@@ -106,7 +108,7 @@ hugetlb_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
- /* make sure it can fit in the remaining address space */
- if (likely(addr > len)) {
- vma = find_vma(mm, addr-len);
-- if (!vma || addr <= vma->vm_start) {
-+ if (check_heap_stack_gap(vma, addr - len, len, offset)) {
- /* remember the address as a hint for next time */
- return (mm->free_area_cache = addr-len);
- }
-@@ -115,16 +117,17 @@ hugetlb_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
- if (unlikely(mm->mmap_base < len))
- goto bottomup;
-
-- addr = (mm->mmap_base-len) & HPAGE_MASK;
-+ addr = mm->mmap_base - len;
-
- do {
-+ addr &= HPAGE_MASK;
- /*
- * Lookup failure means no vma is above this address,
- * else if new region fits below vma->vm_start,
- * return with success:
- */
- vma = find_vma(mm, addr);
-- if (likely(!vma || addr+len <= vma->vm_start)) {
-+ if (likely(check_heap_stack_gap(vma, addr, len, offset))) {
- /* remember the address as a hint for next time */
- return (mm->free_area_cache = addr);
- }
-@@ -134,8 +137,8 @@ hugetlb_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
- mm->cached_hole_size = vma->vm_start - addr;
-
- /* try just below the current vma->vm_start */
-- addr = (vma->vm_start-len) & HPAGE_MASK;
-- } while (likely(len < vma->vm_start));
-+ addr = skip_heap_stack_gap(vma, len, offset);
-+ } while (!IS_ERR_VALUE(addr));
-
- bottomup:
- /*
-@@ -163,6 +166,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
+@@ -38,7 +38,7 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *filp,
+
+ info.flags = 0;
+ info.length = len;
+- info.low_limit = TASK_UNMAPPED_BASE;
++ info.low_limit = mm->mmap_base;
+ info.high_limit = min(task_size, VA_EXCLUDE_START);
+ info.align_mask = PAGE_MASK & ~HPAGE_MASK;
+ info.align_offset = 0;
+@@ -47,6 +47,12 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *filp,
+ if ((addr & ~PAGE_MASK) && task_size > VA_EXCLUDE_END) {
+ VM_BUG_ON(addr != -ENOMEM);
+ info.low_limit = VA_EXCLUDE_END;
++
++#ifdef CONFIG_PAX_RANDMMAP
++ if (mm->pax_flags & MF_PAX_RANDMMAP)
++ info.low_limit += mm->delta_mmap;
++#endif
++
+ info.high_limit = task_size;
+ addr = vm_unmapped_area(&info);
+ }
+@@ -85,6 +91,12 @@ hugetlb_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+ VM_BUG_ON(addr != -ENOMEM);
+ info.flags = 0;
+ info.low_limit = TASK_UNMAPPED_BASE;
++
++#ifdef CONFIG_PAX_RANDMMAP
++ if (mm->pax_flags & MF_PAX_RANDMMAP)
++ info.low_limit += mm->delta_mmap;
++#endif
++
+ info.high_limit = STACK_TOP32;
+ addr = vm_unmapped_area(&info);
+ }
+@@ -99,6 +111,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
struct mm_struct *mm = current->mm;
struct vm_area_struct *vma;
unsigned long task_size = TASK_SIZE;
-+ unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags);
++ unsigned long offset = gr_rand_threadstack_offset(mm, file, flags);
if (test_thread_flag(TIF_32BIT))
task_size = STACK_TOP32;
-@@ -181,8 +185,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
+@@ -114,11 +127,14 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
+ return addr;
+ }
+
++#ifdef CONFIG_PAX_RANDMMAP
++ if (!(mm->pax_flags & MF_PAX_RANDMMAP))
++#endif
++
if (addr) {
addr = ALIGN(addr, HPAGE_SIZE);
vma = find_vma(mm, addr);
#ifdef CONFIG_64BIT
#define set_pud(pudptr, pudval) set_64bit((u64 *) (pudptr), pud_val(pudval))
diff --git a/arch/um/kernel/process.c b/arch/um/kernel/process.c
-index b6d699c..df7ac1d 100644
+index b462b13..e7a19aa 100644
--- a/arch/um/kernel/process.c
+++ b/arch/um/kernel/process.c
-@@ -387,22 +387,6 @@ int singlestepping(void * t)
+@@ -386,22 +386,6 @@ int singlestepping(void * t)
return 2;
}
/*
* Memory returned by kmalloc() may be used for DMA, so we must make
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index 46c3bff..b82f26b 100644
+index 0694d09..b58b3aa 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
-@@ -241,7 +241,7 @@ config X86_HT
+@@ -238,7 +238,7 @@ config X86_HT
config X86_32_LAZY_GS
def_bool y
config ARCH_HWEIGHT_CFLAGS
string
-@@ -1033,6 +1033,7 @@ config MICROCODE_OLD_INTERFACE
+@@ -1031,6 +1031,7 @@ config MICROCODE_OLD_INTERFACE
config X86_MSR
tristate "/dev/cpu/*/msr - Model-specific register support"
---help---
This device gives privileged processes access to the x86
Model-Specific Registers (MSRs). It is a character device with
-@@ -1056,7 +1057,7 @@ choice
+@@ -1054,7 +1055,7 @@ choice
config NOHIGHMEM
bool "off"
---help---
Linux can use up to 64 Gigabytes of physical memory on x86 systems.
However, the address space of 32-bit x86 processors is only 4
-@@ -1093,7 +1094,7 @@ config NOHIGHMEM
+@@ -1091,7 +1092,7 @@ config NOHIGHMEM
config HIGHMEM4G
bool "4GB"
---help---
Select this if you have a 32-bit processor and between 1 and 4
gigabytes of physical RAM.
-@@ -1147,7 +1148,7 @@ config PAGE_OFFSET
+@@ -1145,7 +1146,7 @@ config PAGE_OFFSET
hex
default 0xB0000000 if VMSPLIT_3G_OPT
default 0x80000000 if VMSPLIT_2G
default 0x40000000 if VMSPLIT_1G
default 0xC0000000
depends on X86_32
-@@ -1548,6 +1549,7 @@ config SECCOMP
+@@ -1542,6 +1543,7 @@ config SECCOMP
config CC_STACKPROTECTOR
bool "Enable -fstack-protector buffer overflow detection"
---help---
This option turns on the -fstack-protector GCC feature. This
feature puts, at the beginning of functions, a canary value on
-@@ -1605,6 +1607,7 @@ config KEXEC_JUMP
+@@ -1599,6 +1601,7 @@ config KEXEC_JUMP
config PHYSICAL_START
hex "Physical address where the kernel is loaded" if (EXPERT || CRASH_DUMP)
default "0x1000000"
---help---
This gives the physical address where the kernel is loaded.
-@@ -1668,6 +1671,7 @@ config X86_NEED_RELOCS
+@@ -1662,6 +1665,7 @@ config X86_NEED_RELOCS
config PHYSICAL_ALIGN
hex "Alignment value to which kernel should be aligned" if X86_32
default "0x1000000"
range 0x2000 0x1000000
---help---
This value puts the alignment restrictions on physical address
-@@ -1699,9 +1703,10 @@ config HOTPLUG_CPU
- Say N if you want to disable CPU hotplug.
+@@ -1737,9 +1741,10 @@ config DEBUG_HOTPLUG_CPU0
+ If unsure, say N.
config COMPAT_VDSO
- def_bool y
Map the 32-bit VDSO to the predictable old-style address too.
diff --git a/arch/x86/Kconfig.cpu b/arch/x86/Kconfig.cpu
-index f3b86d0..17fd30f 100644
+index c026cca..14657ae 100644
--- a/arch/x86/Kconfig.cpu
+++ b/arch/x86/Kconfig.cpu
-@@ -335,7 +335,7 @@ config X86_PPRO_FENCE
+@@ -319,7 +319,7 @@ config X86_PPRO_FENCE
config X86_F00F_BUG
def_bool y
-- depends on M586MMX || M586TSC || M586 || M486 || M386
-+ depends on (M586MMX || M586TSC || M586 || M486 || M386) && !PAX_KERNEXEC
+- depends on M586MMX || M586TSC || M586 || M486
++ depends on (M586MMX || M586TSC || M586 || M486) && !PAX_KERNEXEC
config X86_INVD_BUG
def_bool y
-@@ -359,7 +359,7 @@ config X86_POPAD_OK
+@@ -327,7 +327,7 @@ config X86_INVD_BUG
config X86_ALIGNMENT_16
def_bool y
config X86_INTEL_USERCOPY
def_bool y
-@@ -405,7 +405,7 @@ config X86_CMPXCHG64
+@@ -373,7 +373,7 @@ config X86_CMPXCHG64
# generates cmov.
config X86_CMOV
def_bool y
Enabling this option turns a certain set of sanity checks for user
copy operations into compile time failures.
diff --git a/arch/x86/Makefile b/arch/x86/Makefile
-index 05afcca..b6ecb51 100644
+index e71fc42..7829607 100644
--- a/arch/x86/Makefile
+++ b/arch/x86/Makefile
@@ -50,6 +50,7 @@ else
KBUILD_AFLAGS += -m64
KBUILD_CFLAGS += -m64
-@@ -229,3 +230,12 @@ define archhelp
+@@ -230,3 +231,12 @@ define archhelp
echo ' FDARGS="..." arguments for the booted kernel'
echo ' FDINITRD=file initrd for the booted kernel'
endef
+archprepare:
+ $(if $(LDFLAGS_BUILD_ID),,$(error $(OLD_LD)))
diff --git a/arch/x86/boot/Makefile b/arch/x86/boot/Makefile
-index ccce0ed..fd9da25 100644
+index 379814b..add62ce 100644
--- a/arch/x86/boot/Makefile
+++ b/arch/x86/boot/Makefile
@@ -65,6 +65,9 @@ KBUILD_CFLAGS := $(USERINCLUDE) -g -Os -D_SETUP -D__KERNEL__ \
KBUILD_AFLAGS := $(KBUILD_CFLAGS) -D__ASSEMBLY__
GCOV_PROFILE := n
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
-index ccae7e2..8ac70be 100644
+index c205035..5853587 100644
--- a/arch/x86/boot/compressed/eboot.c
+++ b/arch/x86/boot/compressed/eboot.c
-@@ -144,7 +144,6 @@ again:
+@@ -150,7 +150,6 @@ again:
*addr = max_addr;
}
efi_call_phys1(sys_table->boottime->free_pool, map);
fail:
-@@ -208,7 +207,6 @@ static efi_status_t low_alloc(unsigned long size, unsigned long align,
+@@ -214,7 +213,6 @@ static efi_status_t low_alloc(unsigned long size, unsigned long align,
if (i == map_size / desc_size)
status = EFI_NOT_FOUND;
fail:
return status;
diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/head_32.S
-index ccb2f4a..e49b20e 100644
+index 1e3184f..0d11e2e 100644
--- a/arch/x86/boot/compressed/head_32.S
+++ b/arch/x86/boot/compressed/head_32.S
@@ -118,7 +118,7 @@ preferred_addr:
jmp 1b
2:
diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S
-index 2c4b171..e1fa5b1 100644
+index f5d1aaa..cce11dc 100644
--- a/arch/x86/boot/compressed/head_64.S
+++ b/arch/x86/boot/compressed/head_64.S
@@ -91,7 +91,7 @@ ENTRY(startup_32)
err = check_flags();
}
diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S
-index 8c132a6..13e5c96 100644
+index 944ce59..87ee37a 100644
--- a/arch/x86/boot/header.S
+++ b/arch/x86/boot/header.S
-@@ -387,10 +387,14 @@ setup_data: .quad 0 # 64-bit physical pointer to
+@@ -401,10 +401,14 @@ setup_data: .quad 0 # 64-bit physical pointer to
# single linked list of
# struct setup_data
+ pax_force_retaddr 0, 1
ret;
diff --git a/arch/x86/crypto/cast5-avx-x86_64-asm_64.S b/arch/x86/crypto/cast5-avx-x86_64-asm_64.S
-index a41a3aa..bdf5753 100644
+index 15b00ac..2071784 100644
--- a/arch/x86/crypto/cast5-avx-x86_64-asm_64.S
+++ b/arch/x86/crypto/cast5-avx-x86_64-asm_64.S
@@ -23,6 +23,8 @@
+
.file "cast5-avx-x86_64-asm_64.S"
- .extern cast5_s1
-@@ -293,6 +295,7 @@ __skip_enc:
- leaq 3*(2*4*4)(%r11), %rax;
- outunpack_blocks(%rax, RR4, RL4, RTMP, RX, RKM);
+ .extern cast_s1
+@@ -281,6 +283,7 @@ __skip_enc:
+ outunpack_blocks(RR3, RL3, RTMP, RX, RKM);
+ outunpack_blocks(RR4, RL4, RTMP, RX, RKM);
+ pax_force_retaddr 0, 1
ret;
- __enc_xor16:
-@@ -303,6 +306,7 @@ __enc_xor16:
- leaq 3*(2*4*4)(%r11), %rax;
- outunpack_xor_blocks(%rax, RR4, RL4, RTMP, RX, RKM);
+ .align 16
+@@ -353,6 +356,7 @@ __dec_tail:
+ outunpack_blocks(RR3, RL3, RTMP, RX, RKM);
+ outunpack_blocks(RR4, RL4, RTMP, RX, RKM);
+ pax_force_retaddr 0, 1
ret;
+ __skip_dec:
+@@ -392,6 +396,7 @@ cast5_ecb_enc_16way:
+ vmovdqu RR4, (6*4*4)(%r11);
+ vmovdqu RL4, (7*4*4)(%r11);
+
++ pax_force_retaddr
+ ret;
+
.align 16
-@@ -369,6 +373,7 @@ __dec_tail:
- leaq 3*(2*4*4)(%r11), %rax;
- outunpack_blocks(%rax, RR4, RL4, RTMP, RX, RKM);
+@@ -427,6 +432,7 @@ cast5_ecb_dec_16way:
+ vmovdqu RR4, (6*4*4)(%r11);
+ vmovdqu RL4, (7*4*4)(%r11);
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret;
- __skip_dec:
+ .align 16
+@@ -479,6 +485,7 @@ cast5_cbc_dec_16way:
+
+ popq %r12;
+
++ pax_force_retaddr
+ ret;
+
+ .align 16
+@@ -555,4 +562,5 @@ cast5_ctr_16way:
+
+ popq %r12;
+
++ pax_force_retaddr
+ ret;
diff --git a/arch/x86/crypto/cast6-avx-x86_64-asm_64.S b/arch/x86/crypto/cast6-avx-x86_64-asm_64.S
-index 218d283..819e6da 100644
+index 2569d0d..637c289 100644
--- a/arch/x86/crypto/cast6-avx-x86_64-asm_64.S
+++ b/arch/x86/crypto/cast6-avx-x86_64-asm_64.S
@@ -23,6 +23,8 @@
+#include <asm/alternative-asm.h>
+
- .file "cast6-avx-x86_64-asm_64.S"
+ #include "glue_helper-asm-avx.S"
- .extern cast6_s1
-@@ -324,12 +326,14 @@ __cast6_enc_blk_8way:
- outunpack_blocks(%r11, RA1, RB1, RC1, RD1, RTMP, RX, RKRF, RKM);
- outunpack_blocks(%rax, RA2, RB2, RC2, RD2, RTMP, RX, RKRF, RKM);
+ .file "cast6-avx-x86_64-asm_64.S"
+@@ -294,6 +296,7 @@ __cast6_enc_blk8:
+ outunpack_blocks(RA1, RB1, RC1, RD1, RTMP, RX, RKRF, RKM);
+ outunpack_blocks(RA2, RB2, RC2, RD2, RTMP, RX, RKRF, RKM);
+ pax_force_retaddr 0, 1
ret;
- __enc_xor8:
- outunpack_xor_blocks(%r11, RA1, RB1, RC1, RD1, RTMP, RX, RKRF, RKM);
- outunpack_xor_blocks(%rax, RA2, RB2, RC2, RD2, RTMP, RX, RKRF, RKM);
+ .align 8
+@@ -340,6 +343,7 @@ __cast6_dec_blk8:
+ outunpack_blocks(RA1, RB1, RC1, RD1, RTMP, RX, RKRF, RKM);
+ outunpack_blocks(RA2, RB2, RC2, RD2, RTMP, RX, RKRF, RKM);
+ pax_force_retaddr 0, 1
ret;
- .align 16
-@@ -380,4 +384,5 @@ cast6_dec_blk_8way:
- outunpack_blocks(%r11, RA1, RB1, RC1, RD1, RTMP, RX, RKRF, RKM);
- outunpack_blocks(%rax, RA2, RB2, RC2, RD2, RTMP, RX, RKRF, RKM);
+ .align 8
+@@ -361,6 +365,7 @@ cast6_ecb_enc_8way:
-+ pax_force_retaddr 0, 1
+ store_8way(%r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
+
++ pax_force_retaddr
+ ret;
+
+ .align 8
+@@ -382,6 +387,7 @@ cast6_ecb_dec_8way:
+
+ store_8way(%r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
+
++ pax_force_retaddr
+ ret;
+
+ .align 8
+@@ -408,6 +414,7 @@ cast6_cbc_dec_8way:
+
+ popq %r12;
+
++ pax_force_retaddr
+ ret;
+
+ .align 8
+@@ -436,4 +443,5 @@ cast6_ctr_8way:
+
+ popq %r12;
+
++ pax_force_retaddr
ret;
diff --git a/arch/x86/crypto/salsa20-x86_64-asm_64.S b/arch/x86/crypto/salsa20-x86_64-asm_64.S
index 6214a9b..1f4fc9a 100644
+ pax_force_retaddr
ret
diff --git a/arch/x86/crypto/serpent-avx-x86_64-asm_64.S b/arch/x86/crypto/serpent-avx-x86_64-asm_64.S
-index 504106b..4e50951 100644
+index 02b0e9f..cf4cf5c 100644
--- a/arch/x86/crypto/serpent-avx-x86_64-asm_64.S
+++ b/arch/x86/crypto/serpent-avx-x86_64-asm_64.S
@@ -24,6 +24,8 @@
+#include <asm/alternative-asm.h>
+
+ #include "glue_helper-asm-avx.S"
+
.file "serpent-avx-x86_64-asm_64.S"
- .text
+@@ -618,6 +620,7 @@ __serpent_enc_blk8_avx:
+ write_blocks(RA1, RB1, RC1, RD1, RK0, RK1, RK2);
+ write_blocks(RA2, RB2, RC2, RD2, RK0, RK1, RK2);
-@@ -638,12 +640,14 @@ __serpent_enc_blk_8way_avx:
- write_blocks(%rsi, RA1, RB1, RC1, RD1, RK0, RK1, RK2);
- write_blocks(%rax, RA2, RB2, RC2, RD2, RK0, RK1, RK2);
++ pax_force_retaddr
+ ret;
+
+ .align 8
+@@ -673,6 +676,7 @@ __serpent_dec_blk8_avx:
+ write_blocks(RC1, RD1, RB1, RE1, RK0, RK1, RK2);
+ write_blocks(RC2, RD2, RB2, RE2, RK0, RK1, RK2);
+ pax_force_retaddr
ret;
- __enc_xor8:
- xor_blocks(%rsi, RA1, RB1, RC1, RD1, RK0, RK1, RK2);
- xor_blocks(%rax, RA2, RB2, RC2, RD2, RK0, RK1, RK2);
+ .align 8
+@@ -692,6 +696,7 @@ serpent_ecb_enc_8way_avx:
+
+ store_8way(%rsi, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
+ pax_force_retaddr
ret;
.align 8
-@@ -701,4 +705,5 @@ serpent_dec_blk_8way_avx:
- write_blocks(%rsi, RC1, RD1, RB1, RE1, RK0, RK1, RK2);
- write_blocks(%rax, RC2, RD2, RB2, RE2, RK0, RK1, RK2);
+@@ -711,6 +716,7 @@ serpent_ecb_dec_8way_avx:
+
+ store_8way(%rsi, RC1, RD1, RB1, RE1, RC2, RD2, RB2, RE2);
+
++ pax_force_retaddr
+ ret;
+
+ .align 8
+@@ -730,6 +736,7 @@ serpent_cbc_dec_8way_avx:
+
+ store_cbc_8way(%rdx, %rsi, RC1, RD1, RB1, RE1, RC2, RD2, RB2, RE2);
+
++ pax_force_retaddr
+ ret;
+
+ .align 8
+@@ -751,4 +758,5 @@ serpent_ctr_8way_avx:
+
+ store_ctr_8way(%rdx, %rsi, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
+ pax_force_retaddr
ret;
.size \name, .-\name
diff --git a/arch/x86/crypto/twofish-avx-x86_64-asm_64.S b/arch/x86/crypto/twofish-avx-x86_64-asm_64.S
-index 1585abb..1ff9d9b 100644
+index ebac16b..8092eb9 100644
--- a/arch/x86/crypto/twofish-avx-x86_64-asm_64.S
+++ b/arch/x86/crypto/twofish-avx-x86_64-asm_64.S
@@ -23,6 +23,8 @@
+#include <asm/alternative-asm.h>
+
+ #include "glue_helper-asm-avx.S"
+
.file "twofish-avx-x86_64-asm_64.S"
- .text
+@@ -283,6 +285,7 @@ __twofish_enc_blk8:
+ outunpack_blocks(RC1, RD1, RA1, RB1, RK1, RX0, RY0, RK2);
+ outunpack_blocks(RC2, RD2, RA2, RB2, RK1, RX0, RY0, RK2);
-@@ -303,12 +305,14 @@ __twofish_enc_blk_8way:
- outunpack_blocks(%r11, RC1, RD1, RA1, RB1, RK1, RX0, RY0, RK2);
- outunpack_blocks(%rax, RC2, RD2, RA2, RB2, RK1, RX0, RY0, RK2);
++ pax_force_retaddr 0, 1
+ ret;
+
+ .align 8
+@@ -324,6 +327,7 @@ __twofish_dec_blk8:
+ outunpack_blocks(RA1, RB1, RC1, RD1, RK1, RX0, RY0, RK2);
+ outunpack_blocks(RA2, RB2, RC2, RD2, RK1, RX0, RY0, RK2);
+ pax_force_retaddr 0, 1
ret;
- __enc_xor8:
- outunpack_xor_blocks(%r11, RC1, RD1, RA1, RB1, RK1, RX0, RY0, RK2);
- outunpack_xor_blocks(%rax, RC2, RD2, RA2, RB2, RK1, RX0, RY0, RK2);
+ .align 8
+@@ -345,6 +349,7 @@ twofish_ecb_enc_8way:
+
+ store_8way(%r11, RC1, RD1, RA1, RB1, RC2, RD2, RA2, RB2);
+
++ pax_force_retaddr 0, 1
+ ret;
+
+ .align 8
+@@ -366,6 +371,7 @@ twofish_ecb_dec_8way:
+
+ store_8way(%r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
+
++ pax_force_retaddr 0, 1
+ ret;
+
+ .align 8
+@@ -392,6 +398,7 @@ twofish_cbc_dec_8way:
+
+ popq %r12;
+ pax_force_retaddr 0, 1
ret;
.align 8
-@@ -354,4 +358,5 @@ twofish_dec_blk_8way:
- outunpack_blocks(%r11, RA1, RB1, RC1, RD1, RK1, RX0, RY0, RK2);
- outunpack_blocks(%rax, RA2, RB2, RC2, RD2, RK1, RX0, RY0, RK2);
+@@ -420,4 +427,5 @@ twofish_ctr_8way:
+
+ popq %r12;
+ pax_force_retaddr 0, 1
ret;
+ pax_force_retaddr 0, 1
ret
diff --git a/arch/x86/ia32/ia32_aout.c b/arch/x86/ia32/ia32_aout.c
-index 07b3a68..bd2a388 100644
+index a703af1..f5b9c36 100644
--- a/arch/x86/ia32/ia32_aout.c
+++ b/arch/x86/ia32/ia32_aout.c
@@ -159,6 +159,8 @@ static int aout_core_dump(long signr, struct pt_regs *regs, struct file *file,
set_fs(KERNEL_DS);
has_dumped = 1;
diff --git a/arch/x86/ia32/ia32_signal.c b/arch/x86/ia32/ia32_signal.c
-index efc6a95..95abfe2 100644
+index a1daf4a..f8c4537 100644
--- a/arch/x86/ia32/ia32_signal.c
+++ b/arch/x86/ia32/ia32_signal.c
-@@ -163,8 +163,8 @@ asmlinkage long sys32_sigaltstack(const stack_ia32_t __user *uss_ptr,
- }
- seg = get_fs();
- set_fs(KERNEL_DS);
-- ret = do_sigaltstack((stack_t __force __user *) (uss_ptr ? &uss : NULL),
-- (stack_t __force __user *) &uoss, regs->sp);
-+ ret = do_sigaltstack((stack_t __force_user *) (uss_ptr ? &uss : NULL),
-+ (stack_t __force_user *) &uoss, regs->sp);
- set_fs(seg);
- if (ret >= 0 && uoss_ptr) {
- if (!access_ok(VERIFY_WRITE, uoss_ptr, sizeof(stack_ia32_t)))
-@@ -396,7 +396,7 @@ static void __user *get_sigframe(struct k_sigaction *ka, struct pt_regs *regs,
+@@ -348,7 +348,7 @@ static void __user *get_sigframe(struct k_sigaction *ka, struct pt_regs *regs,
sp -= frame_size;
/* Align the stack pointer according to the i386 ABI,
* i.e. so that on function entry ((sp + 4) & 15) == 0. */
return (void __user *) sp;
}
-@@ -454,7 +454,7 @@ int ia32_setup_frame(int sig, struct k_sigaction *ka,
+@@ -406,7 +406,7 @@ int ia32_setup_frame(int sig, struct k_sigaction *ka,
* These are actually not used anymore, but left because some
* gdb versions depend on them as a marker.
*/
} put_user_catch(err);
if (err)
-@@ -496,7 +496,7 @@ int ia32_setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info,
+@@ -448,7 +448,7 @@ int ia32_setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info,
0xb8,
__NR_ia32_rt_sigreturn,
0x80cd,
};
frame = get_sigframe(ka, regs, sizeof(*frame), &fpstate);
-@@ -522,16 +522,18 @@ int ia32_setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info,
+@@ -471,16 +471,18 @@ int ia32_setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info,
if (ka->sa.sa_flags & SA_RESTORER)
restorer = ka->sa.sa_restorer;
err |= copy_siginfo_to_user32(&frame->info, info);
diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S
-index e7fa545..9e6fe1a 100644
+index 142c4ce..19b683f 100644
--- a/arch/x86/ia32/ia32entry.S
+++ b/arch/x86/ia32/ia32entry.S
@@ -15,8 +15,10 @@
END(ia32_syscall)
diff --git a/arch/x86/ia32/sys_ia32.c b/arch/x86/ia32/sys_ia32.c
-index 86d68d1..f9960fe 100644
+index d0b689b..34be51d 100644
--- a/arch/x86/ia32/sys_ia32.c
+++ b/arch/x86/ia32/sys_ia32.c
@@ -69,8 +69,8 @@ asmlinkage long sys32_ftruncate64(unsigned int fd, unsigned long offset_low,
ALTINSTR_REPLACEMENT(newinstr2, feature2, 2) \
".popsection"
diff --git a/arch/x86/include/asm/apic.h b/arch/x86/include/asm/apic.h
-index 3388034..ba52312 100644
+index 3388034..050f0b9 100644
--- a/arch/x86/include/asm/apic.h
+++ b/arch/x86/include/asm/apic.h
@@ -44,7 +44,7 @@ static inline void generic_apic_probe(void)
extern int local_apic_timer_c2_ok;
extern int disable_apic;
-@@ -391,7 +391,7 @@ struct apic {
- */
- int (*x86_32_numa_cpu_node)(int cpu);
- #endif
--};
-+} __do_const;
-
- /*
- * Pointer to the local APIC driver in use on this system (there's
diff --git a/arch/x86/include/asm/apm.h b/arch/x86/include/asm/apm.h
index 20370c6..a2eb9b0 100644
--- a/arch/x86/include/asm/apm.h
"popl %%ebp\n\t"
"popl %%edi\n\t"
diff --git a/arch/x86/include/asm/atomic.h b/arch/x86/include/asm/atomic.h
-index b6c3b82..b4c077a 100644
+index 722aa3b..3a0bb27 100644
--- a/arch/x86/include/asm/atomic.h
+++ b/arch/x86/include/asm/atomic.h
@@ -22,7 +22,18 @@
: "+m" (v->counter), "=qm" (c)
: "ir" (i) : "memory");
return c;
-@@ -179,7 +341,7 @@ static inline int atomic_add_return(int i, atomic_t *v)
- goto no_xadd;
- #endif
- /* Modern 486+ processor */
-- return i + xadd(&v->counter, i);
+@@ -172,6 +334,18 @@ static inline int atomic_add_negative(int i, atomic_t *v)
+ */
+ static inline int atomic_add_return(int i, atomic_t *v)
+ {
+ return i + xadd_check_overflow(&v->counter, i);
-
- #ifdef CONFIG_M386
- no_xadd: /* Legacy 386 processor */
-@@ -192,6 +354,34 @@ no_xadd: /* Legacy 386 processor */
- }
-
- /**
++}
++
++/**
+ * atomic_add_return_unchecked - add integer and return
+ * @i: integer value to add
+ * @v: pointer of type atomic_unchecked_t
+ */
+static inline int atomic_add_return_unchecked(int i, atomic_unchecked_t *v)
+{
-+#ifdef CONFIG_M386
-+ int __i;
-+ unsigned long flags;
-+ if (unlikely(boot_cpu_data.x86 <= 3))
-+ goto no_xadd;
-+#endif
-+ /* Modern 486+ processor */
-+ return i + xadd(&v->counter, i);
-+
-+#ifdef CONFIG_M386
-+no_xadd: /* Legacy 386 processor */
-+ raw_local_irq_save(flags);
-+ __i = atomic_read_unchecked(v);
-+ atomic_set_unchecked(v, i + __i);
-+ raw_local_irq_restore(flags);
-+ return i + __i;
-+#endif
-+}
-+
-+/**
- * atomic_sub_return - subtract integer and return
- * @v: pointer of type atomic_t
- * @i: integer value to subtract
-@@ -204,6 +394,10 @@ static inline int atomic_sub_return(int i, atomic_t *v)
+ return i + xadd(&v->counter, i);
+ }
+
+@@ -188,6 +362,10 @@ static inline int atomic_sub_return(int i, atomic_t *v)
}
#define atomic_inc_return(v) (atomic_add_return(1, v))
#define atomic_dec_return(v) (atomic_sub_return(1, v))
static inline int atomic_cmpxchg(atomic_t *v, int old, int new)
-@@ -211,11 +405,21 @@ static inline int atomic_cmpxchg(atomic_t *v, int old, int new)
+@@ -195,11 +373,21 @@ static inline int atomic_cmpxchg(atomic_t *v, int old, int new)
return cmpxchg(&v->counter, old, new);
}
/**
* __atomic_add_unless - add unless the number is already a given value
* @v: pointer of type atomic_t
-@@ -227,12 +431,25 @@ static inline int atomic_xchg(atomic_t *v, int new)
+@@ -211,12 +399,25 @@ static inline int atomic_xchg(atomic_t *v, int new)
*/
static inline int __atomic_add_unless(atomic_t *v, int a, int u)
{
if (likely(old == c))
break;
c = old;
-@@ -241,6 +458,49 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u)
+@@ -225,6 +426,49 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u)
}
/**
* atomic_inc_short - increment of a short integer
* @v: pointer to type int
*
-@@ -269,14 +529,37 @@ static inline void atomic_or_long(unsigned long *v1, unsigned long v2)
+@@ -253,14 +497,37 @@ static inline void atomic_or_long(unsigned long *v1, unsigned long v2)
#endif
/* These are x86-specific, used by some header files */
/**
diff --git a/arch/x86/include/asm/boot.h b/arch/x86/include/asm/boot.h
-index b13fe63..0dab13a 100644
+index 4fa687a..60f2d39 100644
--- a/arch/x86/include/asm/boot.h
+++ b/arch/x86/include/asm/boot.h
-@@ -11,10 +11,15 @@
- #include <asm/pgtable_types.h>
+@@ -6,10 +6,15 @@
+ #include <uapi/asm/boot.h>
/* Physical address where kernel should be loaded. */
-#define LOAD_PHYSICAL_ADDR ((CONFIG_PHYSICAL_START \
({ \
__typeof__ (*(ptr)) __ret = (inc); \
diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h
-index 8c297aa..7a90f03 100644
+index 2d9075e..b75a844 100644
--- a/arch/x86/include/asm/cpufeature.h
+++ b/arch/x86/include/asm/cpufeature.h
-@@ -205,7 +205,7 @@
+@@ -206,7 +206,7 @@
#define X86_FEATURE_BMI1 (9*32+ 3) /* 1st group bit manipulation extensions */
#define X86_FEATURE_HLE (9*32+ 4) /* Hardware Lock Elision */
#define X86_FEATURE_AVX2 (9*32+ 5) /* AVX2 instructions */
#define X86_FEATURE_BMI2 (9*32+ 8) /* 2nd group bit manipulation extensions */
#define X86_FEATURE_ERMS (9*32+ 9) /* Enhanced REP MOVSB/STOSB */
#define X86_FEATURE_INVPCID (9*32+10) /* Invalidate Processor Context ID */
-@@ -379,7 +379,7 @@ static __always_inline __pure bool __static_cpu_has(u16 bit)
+@@ -375,7 +375,7 @@ static __always_inline __pure bool __static_cpu_has(u16 bit)
".section .discard,\"aw\",@progbits\n"
" .byte 0xff + (4f-3f) - (2b-1b)\n" /* size check */
".previous\n"
};
} __attribute__((packed));
-diff --git a/arch/x86/include/asm/e820.h b/arch/x86/include/asm/e820.h
-index 3778256..c5d4fce 100644
---- a/arch/x86/include/asm/e820.h
-+++ b/arch/x86/include/asm/e820.h
-@@ -69,7 +69,7 @@ struct e820map {
- #define ISA_START_ADDRESS 0xa0000
- #define ISA_END_ADDRESS 0x100000
-
--#define BIOS_BEGIN 0x000a0000
-+#define BIOS_BEGIN 0x000c0000
- #define BIOS_END 0x00100000
-
- #define BIOS_ROM_BASE 0xffe00000
diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h
-index 5939f44..f8845f6 100644
+index 9c999c1..3860cb8 100644
--- a/arch/x86/include/asm/elf.h
+++ b/arch/x86/include/asm/elf.h
@@ -243,7 +243,25 @@ extern int force_personality32;
return fpu_restore_checking(&tsk->thread.fpu);
}
diff --git a/arch/x86/include/asm/futex.h b/arch/x86/include/asm/futex.h
-index f373046..02653e2 100644
+index be27ba1..8f13ff9 100644
--- a/arch/x86/include/asm/futex.h
+++ b/arch/x86/include/asm/futex.h
@@ -12,6 +12,7 @@
: "r" (oparg), "i" (-EFAULT), "1" (0))
static inline int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr)
-@@ -65,10 +67,10 @@ static inline int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr)
+@@ -59,10 +61,10 @@ static inline int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr)
switch (op) {
case FUTEX_OP_SET:
uaddr, oparg);
break;
case FUTEX_OP_OR:
-@@ -128,14 +130,14 @@ static inline int futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,
+@@ -116,14 +118,14 @@ static inline int futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,
return -EFAULT;
asm volatile("\t" ASM_STAC "\n"
/* EISA */
extern void eisa_set_level_irq(unsigned int irq);
+diff --git a/arch/x86/include/asm/i8259.h b/arch/x86/include/asm/i8259.h
+index a203659..9889f1c 100644
+--- a/arch/x86/include/asm/i8259.h
++++ b/arch/x86/include/asm/i8259.h
+@@ -62,7 +62,7 @@ struct legacy_pic {
+ void (*init)(int auto_eoi);
+ int (*irq_pending)(unsigned int irq);
+ void (*make_irq)(unsigned int irq);
+-};
++} __do_const;
+
+ extern struct legacy_pic *legacy_pic;
+ extern struct legacy_pic null_legacy_pic;
diff --git a/arch/x86/include/asm/io.h b/arch/x86/include/asm/io.h
index d8e8eef..15b1179 100644
--- a/arch/x86/include/asm/io.h
#define flush_insn_slot(p) do { } while (0)
-diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
-index b2e11f4..f293e2e 100644
---- a/arch/x86/include/asm/kvm_host.h
-+++ b/arch/x86/include/asm/kvm_host.h
-@@ -707,7 +707,7 @@ struct kvm_x86_ops {
- int (*check_intercept)(struct kvm_vcpu *vcpu,
- struct x86_instruction_info *info,
- enum x86_intercept_stage stage);
--};
-+} __do_const;
-
- struct kvm_arch_async_pf {
- u32 token;
diff --git a/arch/x86/include/asm/local.h b/arch/x86/include/asm/local.h
-index c8bed0d..85c03fd 100644
+index 2d89e39..baee879 100644
--- a/arch/x86/include/asm/local.h
+++ b/arch/x86/include/asm/local.h
@@ -10,33 +10,97 @@ typedef struct {
: "+m" (l->a.counter), "=qm" (c)
: "ir" (i) : "memory");
return c;
-@@ -132,7 +232,15 @@ static inline long local_add_return(long i, local_t *l)
- #endif
- /* Modern 486+ processor */
- __i = i;
-- asm volatile(_ASM_XADD "%0, %1;"
+@@ -125,6 +225,30 @@ static inline int local_add_negative(long i, local_t *l)
+ static inline long local_add_return(long i, local_t *l)
+ {
+ long __i = i;
+ asm volatile(_ASM_XADD "%0, %1\n"
+
+#ifdef CONFIG_PAX_REFCOUNT
+ _ASM_EXTABLE(0b, 0b)
+#endif
+
- : "+r" (i), "+m" (l->a.counter)
- : : "memory");
- return i + __i;
-@@ -147,6 +255,38 @@ no_xadd: /* Legacy 386 processor */
- #endif
- }
-
++ : "+r" (i), "+m" (l->a.counter)
++ : : "memory");
++ return i + __i;
++}
++
+/**
+ * local_add_return_unchecked - add and return
+ * @i: integer value to add
+ */
+static inline long local_add_return_unchecked(long i, local_unchecked_t *l)
+{
-+ long __i;
-+#ifdef CONFIG_M386
-+ unsigned long flags;
-+ if (unlikely(boot_cpu_data.x86 <= 3))
-+ goto no_xadd;
-+#endif
-+ /* Modern 486+ processor */
-+ __i = i;
-+ asm volatile(_ASM_XADD "%0, %1\n"
-+ : "+r" (i), "+m" (l->a.counter)
-+ : : "memory");
-+ return i + __i;
-+
-+#ifdef CONFIG_M386
-+no_xadd: /* Legacy 386 processor */
-+ local_irq_save(flags);
-+ __i = local_read_unchecked(l);
-+ local_set_unchecked(l, i + __i);
-+ local_irq_restore(flags);
-+ return i + __i;
-+#endif
-+}
-+
- static inline long local_sub_return(long i, local_t *l)
- {
- return local_add_return(-i, l);
-@@ -157,6 +297,8 @@ static inline long local_sub_return(long i, local_t *l)
++ long __i = i;
+ asm volatile(_ASM_XADD "%0, %1;"
+ : "+r" (i), "+m" (l->a.counter)
+ : : "memory");
+@@ -141,6 +265,8 @@ static inline long local_sub_return(long i, local_t *l)
#define local_cmpxchg(l, o, n) \
(cmpxchg_local(&((l)->a.counter), (o), (n)))
#define local_xchg(l, n) (xchg(&((l)->a.counter), (n)))
diff --git a/arch/x86/include/asm/mman.h b/arch/x86/include/asm/mman.h
-index 593e51d..fa69c9a 100644
---- a/arch/x86/include/asm/mman.h
+new file mode 100644
+index 0000000..2bfd3ba
+--- /dev/null
+++ b/arch/x86/include/asm/mman.h
-@@ -5,4 +5,14 @@
-
- #include <asm-generic/mman.h>
-
+@@ -0,0 +1,15 @@
++#ifndef _X86_MMAN_H
++#define _X86_MMAN_H
++
++#include <uapi/asm/mman.h>
++
+#ifdef __KERNEL__
+#ifndef __ASSEMBLY__
+#ifdef CONFIG_X86_32
+#define arch_mmap_check i386_mmap_check
-+int i386_mmap_check(unsigned long addr, unsigned long len,
-+ unsigned long flags);
++int i386_mmap_check(unsigned long addr, unsigned long len, unsigned long flags);
+#endif
+#endif
+#endif
+
- #endif /* _ASM_X86_MMAN_H */
++#endif /* X86_MMAN_H */
diff --git a/arch/x86/include/asm/mmu.h b/arch/x86/include/asm/mmu.h
index 5f55e69..e20bfb1 100644
--- a/arch/x86/include/asm/mmu.h
#define activate_mm(prev, next) \
diff --git a/arch/x86/include/asm/module.h b/arch/x86/include/asm/module.h
-index 9eae775..c914fea 100644
+index e3b7819..b257c64 100644
--- a/arch/x86/include/asm/module.h
+++ b/arch/x86/include/asm/module.h
@@ -5,6 +5,7 @@
#ifdef CONFIG_X86_64
/* X86_64 does not define MODULE_PROC_FAMILY */
+#define MODULE_PROC_FAMILY ""
- #elif defined CONFIG_M386
- #define MODULE_PROC_FAMILY "386 "
#elif defined CONFIG_M486
-@@ -59,8 +60,20 @@
+ #define MODULE_PROC_FAMILY "486 "
+ #elif defined CONFIG_M586
+@@ -57,8 +58,20 @@
#error unknown processor family
#endif
+#define MODULE_ARCH_VERMAGIC MODULE_PROC_FAMILY MODULE_PAX_KERNEXEC MODULE_PAX_UDEREF
+
#endif /* _ASM_X86_MODULE_H */
+diff --git a/arch/x86/include/asm/nmi.h b/arch/x86/include/asm/nmi.h
+index c0fa356..07a498a 100644
+--- a/arch/x86/include/asm/nmi.h
++++ b/arch/x86/include/asm/nmi.h
+@@ -42,11 +42,11 @@ struct nmiaction {
+ nmi_handler_t handler;
+ unsigned long flags;
+ const char *name;
+-};
++} __do_const;
+
+ #define register_nmi_handler(t, fn, fg, n, init...) \
+ ({ \
+- static struct nmiaction init fn##_na = { \
++ static const struct nmiaction init fn##_na = { \
+ .handler = (fn), \
+ .name = (n), \
+ .flags = (fg), \
+@@ -54,7 +54,7 @@ struct nmiaction {
+ __register_nmi_handler((t), &fn##_na); \
+ })
+
+-int __register_nmi_handler(unsigned int, struct nmiaction *);
++int __register_nmi_handler(unsigned int, const struct nmiaction *);
+
+ void unregister_nmi_handler(unsigned int, const char *);
+
diff --git a/arch/x86/include/asm/page_64_types.h b/arch/x86/include/asm/page_64_types.h
index 320f7bb..e89f8f8 100644
--- a/arch/x86/include/asm/page_64_types.h
extern unsigned long __phys_addr(unsigned long);
#define __phys_reloc_hide(x) (x)
diff --git a/arch/x86/include/asm/paravirt.h b/arch/x86/include/asm/paravirt.h
-index a0facf3..c017b15 100644
+index 5edd174..9cf5821 100644
--- a/arch/x86/include/asm/paravirt.h
+++ b/arch/x86/include/asm/paravirt.h
-@@ -632,6 +632,18 @@ static inline void set_pgd(pgd_t *pgdp, pgd_t pgd)
+@@ -630,6 +630,18 @@ static inline void set_pgd(pgd_t *pgdp, pgd_t pgd)
val);
}
static inline void pgd_clear(pgd_t *pgdp)
{
set_pgd(pgdp, __pgd(0));
-@@ -713,6 +725,21 @@ static inline void __set_fixmap(unsigned /* enum fixed_addresses */ idx,
+@@ -711,6 +723,21 @@ static inline void __set_fixmap(unsigned /* enum fixed_addresses */ idx,
pv_mmu_ops.set_fixmap(idx, phys, flags);
}
#if defined(CONFIG_SMP) && defined(CONFIG_PARAVIRT_SPINLOCKS)
static inline int arch_spin_is_locked(struct arch_spinlock *lock)
-@@ -929,7 +956,7 @@ extern void default_banner(void);
+@@ -927,7 +954,7 @@ extern void default_banner(void);
#define PARA_PATCH(struct, off) ((PARAVIRT_PATCH_##struct + (off)) / 4)
#define PARA_SITE(ptype, clobbers, ops) _PVSITE(ptype, clobbers, ops, .long, 4)
#endif
#define INTERRUPT_RETURN \
-@@ -1004,6 +1031,21 @@ extern void default_banner(void);
+@@ -1002,6 +1029,21 @@ extern void default_banner(void);
PARA_SITE(PARA_PATCH(pv_cpu_ops, PV_CPU_irq_enable_sysexit), \
CLBR_NONE, \
jmp PARA_INDIRECT(pv_cpu_ops+PV_CPU_irq_enable_sysexit))
#endif /* __ASSEMBLY__ */
diff --git a/arch/x86/include/asm/paravirt_types.h b/arch/x86/include/asm/paravirt_types.h
-index 142236e..57cf5ea 100644
+index 142236e..5446ffbc 100644
--- a/arch/x86/include/asm/paravirt_types.h
+++ b/arch/x86/include/asm/paravirt_types.h
+@@ -84,7 +84,7 @@ struct pv_init_ops {
+ */
+ unsigned (*patch)(u8 type, u16 clobber, void *insnbuf,
+ unsigned long addr, unsigned len);
+-};
++} __no_const;
+
+
+ struct pv_lazy_ops {
+@@ -97,7 +97,7 @@ struct pv_time_ops {
+ unsigned long long (*sched_clock)(void);
+ unsigned long long (*steal_clock)(int cpu);
+ unsigned long (*get_tsc_khz)(void);
+-};
++} __no_const;
+
+ struct pv_cpu_ops {
+ /* hooks for various privileged instructions */
+@@ -191,7 +191,7 @@ struct pv_cpu_ops {
+
+ void (*start_context_switch)(struct task_struct *prev);
+ void (*end_context_switch)(struct task_struct *next);
+-};
++} __no_const;
+
+ struct pv_irq_ops {
+ /*
+@@ -222,7 +222,7 @@ struct pv_apic_ops {
+ unsigned long start_eip,
+ unsigned long start_esp);
+ #endif
+-};
++} __no_const;
+
+ struct pv_mmu_ops {
+ unsigned long (*read_cr2)(void);
@@ -312,6 +312,7 @@ struct pv_mmu_ops {
struct paravirt_callee_save make_pud;
};
struct arch_spinlock;
+@@ -333,7 +340,7 @@ struct pv_lock_ops {
+ void (*spin_lock_flags)(struct arch_spinlock *lock, unsigned long flags);
+ int (*spin_trylock)(struct arch_spinlock *lock);
+ void (*spin_unlock)(struct arch_spinlock *lock);
+-};
++} __no_const;
+
+ /* This contains all the paravirt structures: we get a convenient
+ * number for each function using the offset which we use to indicate
diff --git a/arch/x86/include/asm/pgalloc.h b/arch/x86/include/asm/pgalloc.h
index b4389a4..7024269 100644
--- a/arch/x86/include/asm/pgalloc.h
/*
diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h
-index a1f780d..a3eb32f 100644
+index 1c1a955..50f828c 100644
--- a/arch/x86/include/asm/pgtable.h
+++ b/arch/x86/include/asm/pgtable.h
@@ -44,6 +44,7 @@ extern struct mm_struct *pgd_page_get_mm(struct page *page);
static inline int pte_dirty(pte_t pte)
{
return pte_flags(pte) & _PAGE_DIRTY;
-@@ -195,9 +235,29 @@ static inline pte_t pte_wrprotect(pte_t pte)
+@@ -200,9 +240,29 @@ static inline pte_t pte_wrprotect(pte_t pte)
return pte_clear_flags(pte, _PAGE_RW);
}
}
static inline pte_t pte_mkdirty(pte_t pte)
-@@ -389,6 +449,15 @@ pte_t *populate_extra_pte(unsigned long vaddr);
+@@ -394,6 +454,15 @@ pte_t *populate_extra_pte(unsigned long vaddr);
#endif
#ifndef __ASSEMBLY__
#include <linux/mm_types.h>
static inline int pte_none(pte_t pte)
-@@ -565,7 +634,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address)
+@@ -583,7 +652,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address)
static inline int pgd_bad(pgd_t pgd)
{
}
static inline int pgd_none(pgd_t pgd)
-@@ -588,7 +657,12 @@ static inline int pgd_none(pgd_t pgd)
+@@ -606,7 +675,12 @@ static inline int pgd_none(pgd_t pgd)
* pgd_offset() returns a (pgd_t *)
* pgd_index() is used get the offset into the pgd page's array of pgd_t's;
*/
/*
* a shortcut which implies the use of the kernel's pgd, instead
* of a process's
-@@ -599,6 +673,20 @@ static inline int pgd_none(pgd_t pgd)
+@@ -617,6 +691,20 @@ static inline int pgd_none(pgd_t pgd)
#define KERNEL_PGD_BOUNDARY pgd_index(PAGE_OFFSET)
#define KERNEL_PGD_PTRS (PTRS_PER_PGD - KERNEL_PGD_BOUNDARY)
#ifndef __ASSEMBLY__
extern int direct_gbpages;
-@@ -763,11 +851,23 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm,
+@@ -781,11 +869,23 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm,
* dst and src can be on the same page, but the range must not overlap,
* and must not cross a page boundary.
*/
#endif /* _ASM_X86_PGTABLE_64_DEFS_H */
diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h
-index ec8a1fc..7ccb593 100644
+index 3c32db8..1ddccf5 100644
--- a/arch/x86/include/asm/pgtable_types.h
+++ b/arch/x86/include/asm/pgtable_types.h
@@ -16,13 +16,12 @@
#endif
#define _PAGE_FILE (_AT(pteval_t, 1) << _PAGE_BIT_FILE)
-@@ -96,6 +96,9 @@
+@@ -116,6 +116,9 @@
#define PAGE_READONLY_EXEC __pgprot(_PAGE_PRESENT | _PAGE_USER | \
_PAGE_ACCESSED)
#define __PAGE_KERNEL_EXEC \
(_PAGE_PRESENT | _PAGE_RW | _PAGE_DIRTY | _PAGE_ACCESSED | _PAGE_GLOBAL)
#define __PAGE_KERNEL (__PAGE_KERNEL_EXEC | _PAGE_NX)
-@@ -106,7 +109,7 @@
+@@ -126,7 +129,7 @@
#define __PAGE_KERNEL_WC (__PAGE_KERNEL | _PAGE_CACHE_WC)
#define __PAGE_KERNEL_NOCACHE (__PAGE_KERNEL | _PAGE_PCD | _PAGE_PWT)
#define __PAGE_KERNEL_UC_MINUS (__PAGE_KERNEL | _PAGE_PCD)
#define __PAGE_KERNEL_VVAR (__PAGE_KERNEL_RO | _PAGE_USER)
#define __PAGE_KERNEL_VVAR_NOCACHE (__PAGE_KERNEL_VVAR | _PAGE_PCD | _PAGE_PWT)
#define __PAGE_KERNEL_LARGE (__PAGE_KERNEL | _PAGE_PSE)
-@@ -168,8 +171,8 @@
+@@ -188,8 +191,8 @@
* bits are combined, this will alow user to access the high address mapped
* VDSO in the presence of CONFIG_COMPAT_VDSO
*/
#define PGD_IDENT_ATTR 0x001 /* PRESENT (no other attributes) */
#endif
-@@ -207,7 +210,17 @@ static inline pgdval_t pgd_flags(pgd_t pgd)
+@@ -227,7 +230,17 @@ static inline pgdval_t pgd_flags(pgd_t pgd)
{
return native_pgd_val(pgd) & PTE_FLAGS_MASK;
}
#if PAGETABLE_LEVELS > 3
typedef struct { pudval_t pud; } pud_t;
-@@ -221,8 +234,6 @@ static inline pudval_t native_pud_val(pud_t pud)
+@@ -241,8 +254,6 @@ static inline pudval_t native_pud_val(pud_t pud)
return pud.pud;
}
#else
static inline pudval_t native_pud_val(pud_t pud)
{
return native_pgd_val(pud.pgd);
-@@ -242,8 +253,6 @@ static inline pmdval_t native_pmd_val(pmd_t pmd)
+@@ -262,8 +273,6 @@ static inline pmdval_t native_pmd_val(pmd_t pmd)
return pmd.pmd;
}
#else
static inline pmdval_t native_pmd_val(pmd_t pmd)
{
return native_pgd_val(pmd.pud.pgd);
-@@ -283,7 +292,6 @@ typedef struct page *pgtable_t;
+@@ -303,7 +312,6 @@ typedef struct page *pgtable_t;
extern pteval_t __supported_pte_mask;
extern void set_nx(void);
#define pgprot_writecombine pgprot_writecombine
extern pgprot_t pgprot_writecombine(pgprot_t prot);
diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
-index ad1fc85..0b15fe1 100644
+index 888184b..a07ac89 100644
--- a/arch/x86/include/asm/processor.h
+++ b/arch/x86/include/asm/processor.h
-@@ -289,7 +289,7 @@ struct tss_struct {
+@@ -287,7 +287,7 @@ struct tss_struct {
} ____cacheline_aligned;
/*
* Save the original ist values for checking stack pointers during debugging
-@@ -818,11 +818,18 @@ static inline void spin_lock_prefetch(const void *x)
+@@ -827,11 +827,18 @@ static inline void spin_lock_prefetch(const void *x)
*/
#define TASK_SIZE PAGE_OFFSET
#define TASK_SIZE_MAX TASK_SIZE
.vm86_info = NULL, \
.sysenter_cs = __KERNEL_CS, \
.io_bitmap_ptr = NULL, \
-@@ -836,7 +843,7 @@ static inline void spin_lock_prefetch(const void *x)
+@@ -845,7 +852,7 @@ static inline void spin_lock_prefetch(const void *x)
*/
#define INIT_TSS { \
.x86_tss = { \
.ss0 = __KERNEL_DS, \
.ss1 = __KERNEL_CS, \
.io_bitmap_base = INVALID_IO_BITMAP_OFFSET, \
-@@ -847,11 +854,7 @@ static inline void spin_lock_prefetch(const void *x)
+@@ -856,11 +863,7 @@ static inline void spin_lock_prefetch(const void *x)
extern unsigned long thread_saved_pc(struct task_struct *tsk);
#define THREAD_SIZE_LONGS (THREAD_SIZE/sizeof(unsigned long))
/*
* The below -8 is to reserve 8 bytes on top of the ring0 stack.
-@@ -866,7 +869,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
+@@ -875,7 +878,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
#define task_pt_regs(task) \
({ \
struct pt_regs *__regs__; \
__regs__ - 1; \
})
-@@ -876,13 +879,13 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
+@@ -885,13 +888,13 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
/*
* User space process size. 47bits minus one guard page.
*/
#define TASK_SIZE (test_thread_flag(TIF_ADDR32) ? \
IA32_PAGE_OFFSET : TASK_SIZE_MAX)
-@@ -893,11 +896,11 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
+@@ -902,11 +905,11 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
#define STACK_TOP_MAX TASK_SIZE_MAX
#define INIT_THREAD { \
}
/*
-@@ -925,6 +928,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip,
+@@ -934,6 +937,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip,
*/
#define TASK_UNMAPPED_BASE (PAGE_ALIGN(TASK_SIZE / 3))
#define KSTK_EIP(task) (task_pt_regs(task)->ip)
/* Get/set a process' ability to use the timestamp counter instruction */
-@@ -985,12 +992,12 @@ extern bool cpu_has_amd_erratum(const int *);
+@@ -994,12 +1001,12 @@ extern bool cpu_has_amd_erratum(const int *);
#define cpu_has_amd_erratum(x) (false)
#endif /* CONFIG_CPU_SUP_AMD */
#endif /* _ASM_X86_PROCESSOR_H */
diff --git a/arch/x86/include/asm/ptrace.h b/arch/x86/include/asm/ptrace.h
-index 19f16eb..b50624b 100644
+index 942a086..6c26446 100644
--- a/arch/x86/include/asm/ptrace.h
+++ b/arch/x86/include/asm/ptrace.h
-@@ -155,28 +155,29 @@ static inline unsigned long regs_return_value(struct pt_regs *regs)
+@@ -85,28 +85,29 @@ static inline unsigned long regs_return_value(struct pt_regs *regs)
}
/*
#endif
}
-@@ -192,15 +193,16 @@ static inline int v8086_mode(struct pt_regs *regs)
+@@ -122,15 +123,16 @@ static inline int v8086_mode(struct pt_regs *regs)
#ifdef CONFIG_X86_64
static inline bool user_64bit_mode(struct pt_regs *regs)
{
+ return cs == __USER_CS || cs == pv_info.extra_user_64bit_cs;
#endif
}
+
+@@ -181,9 +183,11 @@ static inline unsigned long regs_get_register(struct pt_regs *regs,
+ * Traps from the kernel do not save sp and ss.
+ * Use the helper function to retrieve sp.
+ */
+- if (offset == offsetof(struct pt_regs, sp) &&
+- regs->cs == __KERNEL_CS)
+- return kernel_stack_pointer(regs);
++ if (offset == offsetof(struct pt_regs, sp)) {
++ unsigned long cs = regs->cs & 0xffff;
++ if (cs == __KERNEL_CS || cs == __KERNEXEC_KERNEL_CS)
++ return kernel_stack_pointer(regs);
++ }
#endif
+ return *(unsigned long *)((unsigned long)regs + offset);
+ }
diff --git a/arch/x86/include/asm/realmode.h b/arch/x86/include/asm/realmode.h
index fe1ec5b..dc5c3fe 100644
--- a/arch/x86/include/asm/realmode.h
u32 gdt_base;
#else
diff --git a/arch/x86/include/asm/reboot.h b/arch/x86/include/asm/reboot.h
-index a82c4f1..f9c9696 100644
+index a82c4f1..ac45053 100644
--- a/arch/x86/include/asm/reboot.h
+++ b/arch/x86/include/asm/reboot.h
-@@ -6,12 +6,12 @@
+@@ -6,13 +6,13 @@
struct pt_regs;
struct machine_ops {
void (*shutdown)(void);
void (*crash_shutdown)(struct pt_regs *);
- void (*emergency_restart)(void);
+-};
+ void (* __noreturn emergency_restart)(void);
- };
++} __no_const;
extern struct machine_ops machine_ops;
+
diff --git a/arch/x86/include/asm/rwsem.h b/arch/x86/include/asm/rwsem.h
index 2dbe4a7..ce1db00 100644
--- a/arch/x86/include/asm/rwsem.h
#endif /* !__ASSEMBLY__ */
diff --git a/arch/x86/include/asm/smp.h b/arch/x86/include/asm/smp.h
-index 4f19a15..e04d86f 100644
+index b073aae..39f9bdd 100644
--- a/arch/x86/include/asm/smp.h
+++ b/arch/x86/include/asm/smp.h
@@ -36,7 +36,7 @@ DECLARE_PER_CPU_READ_MOSTLY(cpumask_var_t, cpu_core_map);
static inline struct cpumask *cpu_sibling_mask(int cpu)
{
-@@ -190,14 +190,8 @@ extern unsigned disabled_cpus __cpuinitdata;
+@@ -79,7 +79,7 @@ struct smp_ops {
+
+ void (*send_call_func_ipi)(const struct cpumask *mask);
+ void (*send_call_func_single_ipi)(int cpu);
+-};
++} __no_const;
+
+ /* Globals due to paravirt */
+ extern void set_cpu_sibling_map(int cpu);
+@@ -191,14 +191,8 @@ extern unsigned disabled_cpus __cpuinitdata;
extern int safe_smp_processor_id(void);
#elif defined(CONFIG_X86_64_SMP)
#endif
#endif /* _ASM_X86_THREAD_INFO_H */
diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h
-index 7ccf8d1..9a18110 100644
+index 1709801..0a60f2f 100644
--- a/arch/x86/include/asm/uaccess.h
+++ b/arch/x86/include/asm/uaccess.h
@@ -7,6 +7,7 @@
"3: " ASM_CLAC "\n" \
_ASM_EXTABLE_EX(1b, 2b) \
_ASM_EXTABLE_EX(2b, 3b) \
-@@ -261,7 +300,7 @@ extern void __put_user_8(void);
+@@ -259,7 +298,7 @@ extern void __put_user_8(void);
__typeof__(*(ptr)) __pu_val; \
__chk_user_ptr(ptr); \
might_fault(); \
switch (sizeof(*(ptr))) { \
case 1: \
__put_user_x(1, __pu_val, ptr, __ret_pu); \
-@@ -383,7 +422,7 @@ do { \
+@@ -358,7 +397,7 @@ do { \
#define __get_user_asm(x, addr, err, itype, rtype, ltype, errret) \
asm volatile(ASM_STAC "\n" \
"2: " ASM_CLAC "\n" \
".section .fixup,\"ax\"\n" \
"3: mov %3,%0\n" \
-@@ -391,7 +430,7 @@ do { \
+@@ -366,7 +405,7 @@ do { \
" jmp 2b\n" \
".previous\n" \
_ASM_EXTABLE(1b, 3b) \
: "m" (__m(addr)), "i" (errret), "0" (err))
#define __get_user_size_ex(x, ptr, size) \
-@@ -416,7 +455,7 @@ do { \
+@@ -391,7 +430,7 @@ do { \
} while (0)
#define __get_user_asm_ex(x, addr, itype, rtype, ltype) \
"2:\n" \
_ASM_EXTABLE_EX(1b, 2b) \
: ltype(x) : "m" (__m(addr)))
-@@ -433,13 +472,24 @@ do { \
+@@ -408,13 +447,24 @@ do { \
int __gu_err; \
unsigned long __gu_val; \
__get_user_size(__gu_val, (ptr), (size), __gu_err, -EFAULT); \
/*
* Tell gcc we read from memory instead of writing: this is because
-@@ -448,7 +498,7 @@ struct __large_struct { unsigned long buf[100]; };
+@@ -423,7 +473,7 @@ struct __large_struct { unsigned long buf[100]; };
*/
#define __put_user_asm(x, addr, err, itype, rtype, ltype, errret) \
asm volatile(ASM_STAC "\n" \
"2: " ASM_CLAC "\n" \
".section .fixup,\"ax\"\n" \
"3: mov %3,%0\n" \
-@@ -456,10 +506,10 @@ struct __large_struct { unsigned long buf[100]; };
+@@ -431,10 +481,10 @@ struct __large_struct { unsigned long buf[100]; };
".previous\n" \
_ASM_EXTABLE(1b, 3b) \
: "=r"(err) \
"2:\n" \
_ASM_EXTABLE_EX(1b, 2b) \
: : ltype(x), "m" (__m(addr)))
-@@ -498,8 +548,12 @@ struct __large_struct { unsigned long buf[100]; };
+@@ -473,8 +523,12 @@ struct __large_struct { unsigned long buf[100]; };
* On error, the variable @x is set to zero.
*/
/**
* __put_user: - Write a simple value into user space, with less checking.
-@@ -521,8 +575,12 @@ struct __large_struct { unsigned long buf[100]; };
+@@ -496,8 +550,12 @@ struct __large_struct { unsigned long buf[100]; };
* Returns zero on success, or -EFAULT on error.
*/
#define __get_user_unaligned __get_user
#define __put_user_unaligned __put_user
-@@ -540,7 +598,7 @@ struct __large_struct { unsigned long buf[100]; };
+@@ -515,7 +573,7 @@ struct __large_struct { unsigned long buf[100]; };
#define get_user_ex(x, ptr) do { \
unsigned long __gue_val; \
__get_user_size_ex((__gue_val), (ptr), (sizeof(*(ptr)))); \
+ (x) = (__typeof__(*(ptr)))__gue_val; \
} while (0)
- #ifdef CONFIG_X86_WP_WORKS_OK
-@@ -574,8 +632,8 @@ strncpy_from_user(char *dst, const char __user *src, long count);
+ #define put_user_try uaccess_try
+@@ -532,8 +590,8 @@ strncpy_from_user(char *dst, const char __user *src, long count);
extern __must_check long strlen_user(const char __user *str);
extern __must_check long strnlen_user(const char __user *str, long n);
}
diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h
-index 142810c..4b68a3e 100644
+index 142810c..747941a 100644
--- a/arch/x86/include/asm/uaccess_64.h
+++ b/arch/x86/include/asm/uaccess_64.h
@@ -10,6 +10,9 @@
copy_user_generic(void *to, const void *from, unsigned len)
{
unsigned ret;
-@@ -41,142 +44,203 @@ copy_user_generic(void *to, const void *from, unsigned len)
+@@ -41,142 +44,204 @@ copy_user_generic(void *to, const void *from, unsigned len)
ASM_OUTPUT2("=a" (ret), "=D" (to), "=S" (from),
"=d" (len)),
"1" (to), "2" (from), "3" (len)
-#endif
+
+ check_object_size(to, n, false);
++
+ if (access_ok(VERIFY_READ, from, n))
+ n = __copy_from_user(to, from, n);
+ else if (n < INT_MAX)
ret, "b", "b", "=q", 1);
if (likely(!ret))
__put_user_asm(tmp, (u8 __user *)dst,
-@@ -185,7 +249,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
+@@ -185,7 +250,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
}
case 2: {
u16 tmp;
ret, "w", "w", "=r", 2);
if (likely(!ret))
__put_user_asm(tmp, (u16 __user *)dst,
-@@ -195,7 +259,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
+@@ -195,7 +260,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
case 4: {
u32 tmp;
ret, "l", "k", "=r", 4);
if (likely(!ret))
__put_user_asm(tmp, (u32 __user *)dst,
-@@ -204,7 +268,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
+@@ -204,7 +269,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
}
case 8: {
u64 tmp;
ret, "q", "", "=r", 8);
if (likely(!ret))
__put_user_asm(tmp, (u64 __user *)dst,
-@@ -212,41 +276,72 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
+@@ -212,41 +277,72 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
return ret;
}
default:
};
#define WORD_AT_A_TIME_CONSTANTS { REPEAT_BYTE(0x01), REPEAT_BYTE(0x80) }
+diff --git a/arch/x86/include/asm/x86_init.h b/arch/x86/include/asm/x86_init.h
+index 5769349..a3d3e2a 100644
+--- a/arch/x86/include/asm/x86_init.h
++++ b/arch/x86/include/asm/x86_init.h
+@@ -141,7 +141,7 @@ struct x86_init_ops {
+ struct x86_init_timers timers;
+ struct x86_init_iommu iommu;
+ struct x86_init_pci pci;
+-};
++} __no_const;
+
+ /**
+ * struct x86_cpuinit_ops - platform specific cpu hotplug setups
+@@ -152,7 +152,7 @@ struct x86_cpuinit_ops {
+ void (*setup_percpu_clockev)(void);
+ void (*early_percpu_clock_init)(void);
+ void (*fixup_cpu_id)(struct cpuinfo_x86 *c, int node);
+-};
++} __no_const;
+
+ /**
+ * struct x86_platform_ops - platform specific runtime functions
+@@ -178,7 +178,7 @@ struct x86_platform_ops {
+ void (*save_sched_clock_state)(void);
+ void (*restore_sched_clock_state)(void);
+ void (*apic_post_init)(void);
+-};
++} __no_const;
+
+ struct pci_dev;
+
+@@ -187,14 +187,14 @@ struct x86_msi_ops {
+ void (*teardown_msi_irq)(unsigned int irq);
+ void (*teardown_msi_irqs)(struct pci_dev *dev);
+ void (*restore_msi_irqs)(struct pci_dev *dev, int irq);
+-};
++} __no_const;
+
+ struct x86_io_apic_ops {
+ void (*init) (void);
+ unsigned int (*read) (unsigned int apic, unsigned int reg);
+ void (*write) (unsigned int apic, unsigned int reg, unsigned int value);
+ void (*modify)(unsigned int apic, unsigned int reg, unsigned int value);
+-};
++} __no_const;
+
+ extern struct x86_init_ops x86_init;
+ extern struct x86_cpuinit_ops x86_cpuinit;
diff --git a/arch/x86/include/asm/xsave.h b/arch/x86/include/asm/xsave.h
index 0415cda..b43d877 100644
--- a/arch/x86/include/asm/xsave.h
"2: " ASM_CLAC "\n"
".section .fixup,\"ax\"\n"
"3: movl $-1,%[err]\n"
+diff --git a/arch/x86/include/uapi/asm/e820.h b/arch/x86/include/uapi/asm/e820.h
+index bbae024..e1528f9 100644
+--- a/arch/x86/include/uapi/asm/e820.h
++++ b/arch/x86/include/uapi/asm/e820.h
+@@ -63,7 +63,7 @@ struct e820map {
+ #define ISA_START_ADDRESS 0xa0000
+ #define ISA_END_ADDRESS 0x100000
+
+-#define BIOS_BEGIN 0x000a0000
++#define BIOS_BEGIN 0x000c0000
+ #define BIOS_END 0x00100000
+
+ #define BIOS_ROM_BASE 0xffe00000
diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
-index 91ce48f..a48ea05 100644
+index 34e923a..0c6bb6e 100644
--- a/arch/x86/kernel/Makefile
+++ b/arch/x86/kernel/Makefile
-@@ -23,7 +23,7 @@ obj-y += time.o ioport.o ldt.o dumpstack.o nmi.o
+@@ -22,7 +22,7 @@ obj-y += time.o ioport.o ldt.o dumpstack.o nmi.o
obj-y += setup.o x86_init.o i8259.o irqinit.o jump_label.o
obj-$(CONFIG_IRQ_WORK) += irq_work.o
obj-y += probe_roms.o
obj-y += syscall_$(BITS).o
obj-$(CONFIG_X86_64) += vsyscall_64.o
diff --git a/arch/x86/kernel/acpi/boot.c b/arch/x86/kernel/acpi/boot.c
-index e651f7a..c995dc4 100644
+index bacf4b0..4ede72e 100644
--- a/arch/x86/kernel/acpi/boot.c
+++ b/arch/x86/kernel/acpi/boot.c
-@@ -1576,7 +1576,7 @@ int __init acpi_boot_init(void)
- acpi_table_parse(ACPI_SIG_HPET, acpi_parse_hpet);
-
- if (!acpi_noirq)
-- x86_init.pci.init = pci_acpi_init;
-+ *(void **)&x86_init.pci.init = pci_acpi_init;
+@@ -1358,7 +1358,7 @@ static int __init dmi_ignore_irq0_timer_override(const struct dmi_system_id *d)
+ * If your system is blacklisted here, but you find that acpi=force
+ * works for you, please contact linux-acpi@vger.kernel.org
+ */
+-static struct dmi_system_id __initdata acpi_dmi_table[] = {
++static const struct dmi_system_id __initconst acpi_dmi_table[] = {
+ /*
+ * Boxes that need ACPI disabled
+ */
+@@ -1433,7 +1433,7 @@ static struct dmi_system_id __initdata acpi_dmi_table[] = {
+ };
- return 0;
- }
+ /* second table for DMI checks that should run after early-quirks */
+-static struct dmi_system_id __initdata acpi_dmi_table_late[] = {
++static const struct dmi_system_id __initconst acpi_dmi_table_late[] = {
+ /*
+ * HP laptops which use a DSDT reporting as HP/SB400/10000,
+ * which includes some code which overrides all temperature
diff --git a/arch/x86/kernel/acpi/sleep.c b/arch/x86/kernel/acpi/sleep.c
-index 11676cf..a8cf3ec 100644
+index d5e0d71..6533e08 100644
--- a/arch/x86/kernel/acpi/sleep.c
+++ b/arch/x86/kernel/acpi/sleep.c
@@ -74,8 +74,12 @@ int acpi_suspend_lowlevel(void)
return addr;
}
-diff --git a/arch/x86/kernel/amd_gart_64.c b/arch/x86/kernel/amd_gart_64.c
-index e663112..21938a3 100644
---- a/arch/x86/kernel/amd_gart_64.c
-+++ b/arch/x86/kernel/amd_gart_64.c
-@@ -851,7 +851,7 @@ int __init gart_iommu_init(void)
-
- flush_gart();
- dma_ops = &gart_dma_ops;
-- x86_platform.iommu_shutdown = gart_iommu_shutdown;
-+ *(void **)&x86_platform.iommu_shutdown = gart_iommu_shutdown;
- swiotlb = 0;
-
- return 0;
-diff --git a/arch/x86/kernel/aperture_64.c b/arch/x86/kernel/aperture_64.c
-index d5fd66f..6119b16 100644
---- a/arch/x86/kernel/aperture_64.c
-+++ b/arch/x86/kernel/aperture_64.c
-@@ -390,7 +390,7 @@ int __init gart_iommu_hole_init(void)
-
- iommu_detected = 1;
- gart_iommu_aperture = 1;
-- x86_init.iommu.iommu_init = gart_iommu_init;
-+ *(void **)&x86_init.iommu.iommu_init = gart_iommu_init;
-
- ctl = read_pci_config(bus, slot, 3,
- AMD64_GARTAPERTURECTL);
diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c
-index b17416e..be6e5dc 100644
+index cbf5121..812b537 100644
--- a/arch/x86/kernel/apic/apic.c
+++ b/arch/x86/kernel/apic/apic.c
-@@ -185,7 +185,7 @@ int first_system_vector = 0xfe;
+@@ -189,7 +189,7 @@ int first_system_vector = 0xfe;
/*
* Debug level, exported for io_apic.c
*/
int pic_mode;
-@@ -1923,7 +1923,7 @@ void smp_error_interrupt(struct pt_regs *regs)
+@@ -1956,7 +1956,7 @@ void smp_error_interrupt(struct pt_regs *regs)
apic_write(APIC_ESR, 0);
v1 = apic_read(APIC_ESR);
ack_APIC_irq();
apic_printk(APIC_DEBUG, KERN_DEBUG "APIC error on CPU%d: %02x(%02x)",
smp_processor_id(), v0 , v1);
-@@ -2155,7 +2155,9 @@ void __init apic_set_eoi_write(void (*eoi_write)(u32 reg, u32 v))
- for (drv = __apicdrivers; drv < __apicdrivers_end; drv++) {
- /* Should happen once for each apic */
- WARN_ON((*drv)->eoi_write == eoi_write);
-- (*drv)->eoi_write = eoi_write;
-+ pax_open_kernel();
-+ *(void **)&(*drv)->eoi_write = eoi_write;
-+ pax_close_kernel();
- }
+diff --git a/arch/x86/kernel/apic/apic_flat_64.c b/arch/x86/kernel/apic/apic_flat_64.c
+index 00c77cf..2dc6a2d 100644
+--- a/arch/x86/kernel/apic/apic_flat_64.c
++++ b/arch/x86/kernel/apic/apic_flat_64.c
+@@ -157,7 +157,7 @@ static int flat_probe(void)
+ return 1;
}
-diff --git a/arch/x86/kernel/apic/apic_numachip.c b/arch/x86/kernel/apic/apic_numachip.c
-index a65829a..6ddc249 100644
---- a/arch/x86/kernel/apic/apic_numachip.c
-+++ b/arch/x86/kernel/apic/apic_numachip.c
-@@ -178,7 +178,7 @@ static int __init numachip_system_init(void)
- if (!numachip_system)
- return 0;
+-static struct apic apic_flat = {
++static struct apic apic_flat __read_only = {
+ .name = "flat",
+ .probe = flat_probe,
+ .acpi_madt_oem_check = flat_acpi_madt_oem_check,
+@@ -271,7 +271,7 @@ static int physflat_probe(void)
+ return 0;
+ }
-- x86_cpuinit.fixup_cpu_id = fixup_cpu_id;
-+ *(void **)&x86_cpuinit.fixup_cpu_id = fixup_cpu_id;
+-static struct apic apic_physflat = {
++static struct apic apic_physflat __read_only = {
+
+ .name = "physical flat",
+ .probe = physflat_probe,
+diff --git a/arch/x86/kernel/apic/apic_noop.c b/arch/x86/kernel/apic/apic_noop.c
+index e145f28..2752888 100644
+--- a/arch/x86/kernel/apic/apic_noop.c
++++ b/arch/x86/kernel/apic/apic_noop.c
+@@ -119,7 +119,7 @@ static void noop_apic_write(u32 reg, u32 v)
+ WARN_ON_ONCE(cpu_has_apic && !disable_apic);
+ }
+
+-struct apic apic_noop = {
++struct apic apic_noop __read_only = {
+ .name = "noop",
+ .probe = noop_probe,
+ .acpi_madt_oem_check = NULL,
+diff --git a/arch/x86/kernel/apic/bigsmp_32.c b/arch/x86/kernel/apic/bigsmp_32.c
+index d50e364..543bee3 100644
+--- a/arch/x86/kernel/apic/bigsmp_32.c
++++ b/arch/x86/kernel/apic/bigsmp_32.c
+@@ -152,7 +152,7 @@ static int probe_bigsmp(void)
+ return dmi_bigsmp;
+ }
+
+-static struct apic apic_bigsmp = {
++static struct apic apic_bigsmp __read_only = {
+
+ .name = "bigsmp",
+ .probe = probe_bigsmp,
+diff --git a/arch/x86/kernel/apic/es7000_32.c b/arch/x86/kernel/apic/es7000_32.c
+index 0874799..a7a7892 100644
+--- a/arch/x86/kernel/apic/es7000_32.c
++++ b/arch/x86/kernel/apic/es7000_32.c
+@@ -608,8 +608,7 @@ static int es7000_mps_oem_check_cluster(struct mpc_table *mpc, char *oem,
+ return ret && es7000_apic_is_cluster();
+ }
+
+-/* We've been warned by a false positive warning.Use __refdata to keep calm. */
+-static struct apic __refdata apic_es7000_cluster = {
++static struct apic apic_es7000_cluster __read_only = {
+
+ .name = "es7000",
+ .probe = probe_es7000,
+@@ -675,7 +674,7 @@ static struct apic __refdata apic_es7000_cluster = {
+ .x86_32_early_logical_apicid = es7000_early_logical_apicid,
+ };
- map_csrs();
+-static struct apic __refdata apic_es7000 = {
++static struct apic apic_es7000 __read_only = {
+ .name = "es7000",
+ .probe = probe_es7000,
diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c
-index 1817fa9..7bff097 100644
+index b739d39..aebc14c 100644
--- a/arch/x86/kernel/apic/io_apic.c
+++ b/arch/x86/kernel/apic/io_apic.c
@@ -1084,7 +1084,7 @@ int IO_APIC_get_PCI_irq_vector(int bus, int slot, int pin,
{
raw_spin_unlock(&vector_lock);
}
-@@ -2411,7 +2411,7 @@ static void ack_apic_edge(struct irq_data *data)
+@@ -2399,7 +2399,7 @@ static void ack_apic_edge(struct irq_data *data)
ack_APIC_irq();
}
#ifdef CONFIG_GENERIC_PENDING_IRQ
static bool io_apic_level_ack_pending(struct irq_cfg *cfg)
-@@ -2552,7 +2552,7 @@ static void ack_apic_level(struct irq_data *data)
+@@ -2540,7 +2540,7 @@ static void ack_apic_level(struct irq_data *data)
* at the cpu.
*/
if (!(v & (1 << (i & 0x1f)))) {
eoi_ioapic_irq(irq, cfg);
}
+@@ -2567,11 +2567,13 @@ static void ir_print_prefix(struct irq_data *data, struct seq_file *p)
+
+ static void irq_remap_modify_chip_defaults(struct irq_chip *chip)
+ {
+- chip->irq_print_chip = ir_print_prefix;
+- chip->irq_ack = ir_ack_apic_edge;
+- chip->irq_eoi = ir_ack_apic_level;
++ pax_open_kernel();
++ *(void **)&chip->irq_print_chip = ir_print_prefix;
++ *(void **)&chip->irq_ack = ir_ack_apic_edge;
++ *(void **)&chip->irq_eoi = ir_ack_apic_level;
+
+- chip->irq_set_affinity = set_remapped_irq_affinity;
++ *(void **)&chip->irq_set_affinity = set_remapped_irq_affinity;
++ pax_close_kernel();
+ }
+ #endif /* CONFIG_IRQ_REMAP */
+
diff --git a/arch/x86/kernel/apic/numaq_32.c b/arch/x86/kernel/apic/numaq_32.c
-index d661ee9..512c0a1 100644
+index d661ee9..791fd33 100644
--- a/arch/x86/kernel/apic/numaq_32.c
+++ b/arch/x86/kernel/apic/numaq_32.c
-@@ -257,14 +257,14 @@ static __init void early_check_numaq(void)
- early_get_smp_config();
-
- if (found_numaq) {
-- x86_init.mpparse.mpc_record = numaq_mpc_record;
-- x86_init.mpparse.setup_ioapic_ids = x86_init_noop;
-- x86_init.mpparse.mpc_apic_id = mpc_apic_id;
-- x86_init.mpparse.smp_read_mpc_oem = smp_read_mpc_oem;
-- x86_init.mpparse.mpc_oem_pci_bus = mpc_oem_pci_bus;
-- x86_init.mpparse.mpc_oem_bus_info = mpc_oem_bus_info;
-- x86_init.timers.tsc_pre_init = numaq_tsc_init;
-- x86_init.pci.init = pci_numaq_init;
-+ *(void **)&x86_init.mpparse.mpc_record = numaq_mpc_record;
-+ *(void **)&x86_init.mpparse.setup_ioapic_ids = x86_init_noop;
-+ *(void **)&x86_init.mpparse.mpc_apic_id = mpc_apic_id;
-+ *(void **)&x86_init.mpparse.smp_read_mpc_oem = smp_read_mpc_oem;
-+ *(void **)&x86_init.mpparse.mpc_oem_pci_bus = mpc_oem_pci_bus;
-+ *(void **)&x86_init.mpparse.mpc_oem_bus_info = mpc_oem_bus_info;
-+ *(void **)&x86_init.timers.tsc_pre_init = numaq_tsc_init;
-+ *(void **)&x86_init.pci.init = pci_numaq_init;
- }
+@@ -455,8 +455,7 @@ static void numaq_setup_portio_remap(void)
+ (u_long) xquad_portio, (u_long) num_quads*XQUAD_PORTIO_QUAD);
+ }
+
+-/* Use __refdata to keep false positive warning calm. */
+-static struct apic __refdata apic_numaq = {
++static struct apic apic_numaq __read_only = {
+
+ .name = "NUMAQ",
+ .probe = probe_numaq,
+diff --git a/arch/x86/kernel/apic/probe_32.c b/arch/x86/kernel/apic/probe_32.c
+index eb35ef9..f184a21 100644
+--- a/arch/x86/kernel/apic/probe_32.c
++++ b/arch/x86/kernel/apic/probe_32.c
+@@ -72,7 +72,7 @@ static int probe_default(void)
+ return 1;
+ }
+
+-static struct apic apic_default = {
++static struct apic apic_default __read_only = {
+
+ .name = "default",
+ .probe = probe_default,
+diff --git a/arch/x86/kernel/apic/summit_32.c b/arch/x86/kernel/apic/summit_32.c
+index 77c95c0..434f8a4 100644
+--- a/arch/x86/kernel/apic/summit_32.c
++++ b/arch/x86/kernel/apic/summit_32.c
+@@ -486,7 +486,7 @@ void setup_summit(void)
+ }
+ #endif
+
+-static struct apic apic_summit = {
++static struct apic apic_summit __read_only = {
+
+ .name = "summit",
+ .probe = probe_summit,
+diff --git a/arch/x86/kernel/apic/x2apic_cluster.c b/arch/x86/kernel/apic/x2apic_cluster.c
+index c88baa4..757aee1 100644
+--- a/arch/x86/kernel/apic/x2apic_cluster.c
++++ b/arch/x86/kernel/apic/x2apic_cluster.c
+@@ -183,7 +183,7 @@ update_clusterinfo(struct notifier_block *nfb, unsigned long action, void *hcpu)
+ return notifier_from_errno(err);
+ }
+
+-static struct notifier_block __refdata x2apic_cpu_notifier = {
++static struct notifier_block x2apic_cpu_notifier = {
+ .notifier_call = update_clusterinfo,
+ };
+
+@@ -235,7 +235,7 @@ static void cluster_vector_allocation_domain(int cpu, struct cpumask *retmask,
+ cpumask_and(retmask, mask, per_cpu(cpus_in_cluster, cpu));
}
+-static struct apic apic_x2apic_cluster = {
++static struct apic apic_x2apic_cluster __read_only = {
+
+ .name = "cluster x2apic",
+ .probe = x2apic_cluster_probe,
+diff --git a/arch/x86/kernel/apic/x2apic_phys.c b/arch/x86/kernel/apic/x2apic_phys.c
+index 562a76d..a003c0f 100644
+--- a/arch/x86/kernel/apic/x2apic_phys.c
++++ b/arch/x86/kernel/apic/x2apic_phys.c
+@@ -89,7 +89,7 @@ static int x2apic_phys_probe(void)
+ return apic == &apic_x2apic_phys;
+ }
+
+-static struct apic apic_x2apic_phys = {
++static struct apic apic_x2apic_phys __read_only = {
+
+ .name = "physical x2apic",
+ .probe = x2apic_phys_probe,
diff --git a/arch/x86/kernel/apic/x2apic_uv_x.c b/arch/x86/kernel/apic/x2apic_uv_x.c
-index 8cfade9..8ea7b51 100644
+index 8cfade9..b9d04fc 100644
--- a/arch/x86/kernel/apic/x2apic_uv_x.c
+++ b/arch/x86/kernel/apic/x2apic_uv_x.c
-@@ -139,8 +139,8 @@ static int __init uv_acpi_madt_oem_check(char *oem_id, char *oem_table_id)
- is_uv1 ? UV1_HUB_REVISION_BASE : UV2_HUB_REVISION_BASE;
- pnodeid = early_get_pnodeid();
- early_get_apic_pnode_shift();
-- x86_platform.is_untracked_pat_range = uv_is_untracked_pat_range;
-- x86_platform.nmi_init = uv_nmi_init;
-+ *(void **)&x86_platform.is_untracked_pat_range = uv_is_untracked_pat_range;
-+ *(void **)&x86_platform.nmi_init = uv_nmi_init;
- if (!strcmp(oem_table_id, "UVL"))
- uv_system_type = UV_LEGACY_APIC;
- else if (!strcmp(oem_table_id, "UVX"))
+@@ -333,7 +333,7 @@ static int uv_probe(void)
+ return apic == &apic_x2apic_uv_x;
+ }
+
+-static struct apic __refdata apic_x2apic_uv_x = {
++static struct apic apic_x2apic_uv_x __read_only = {
+
+ .name = "UV large system",
+ .probe = uv_probe,
diff --git a/arch/x86/kernel/apm_32.c b/arch/x86/kernel/apm_32.c
index d65464e..1035d31 100644
--- a/arch/x86/kernel/apm_32.c
obj-y += proc.o capflags.o powerflags.o common.o
obj-y += vmware.o hypervisor.o mshyperv.o
diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
-index 1b7d165..b9e2627 100644
+index 15239ff..e23e04e 100644
--- a/arch/x86/kernel/cpu/amd.c
+++ b/arch/x86/kernel/cpu/amd.c
-@@ -738,7 +738,7 @@ static unsigned int __cpuinit amd_size_cache(struct cpuinfo_x86 *c,
+@@ -733,7 +733,7 @@ static unsigned int __cpuinit amd_size_cache(struct cpuinfo_x86 *c,
unsigned int size)
{
/* AMD errata T13 (order #21922) */
if (c->x86_model == 3 && c->x86_mask == 0)
size = 64;
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
-index 7505f7b..d59dac0 100644
+index 9c3ab43..51e6366 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -86,60 +86,6 @@ static const struct cpu_dev __cpuinitconst default_cpu = {
EXPORT_PER_CPU_SYMBOL(kernel_stack);
DEFINE_PER_CPU(char *, irq_stack_ptr) =
-@@ -1178,7 +1130,7 @@ struct pt_regs * __cpuinit idle_regs(struct pt_regs *regs)
- {
- memset(regs, 0, sizeof(struct pt_regs));
- regs->fs = __KERNEL_PERCPU;
-- regs->gs = __KERNEL_STACK_CANARY;
-+ savesegment(gs, regs->gs);
-
- return regs;
- }
-@@ -1233,7 +1185,7 @@ void __cpuinit cpu_init(void)
+@@ -1224,7 +1176,7 @@ void __cpuinit cpu_init(void)
int i;
cpu = stack_smp_processor_id();
oist = &per_cpu(orig_ist, cpu);
#ifdef CONFIG_NUMA
-@@ -1259,7 +1211,7 @@ void __cpuinit cpu_init(void)
+@@ -1250,7 +1202,7 @@ void __cpuinit cpu_init(void)
switch_to_new_gdt(cpu);
loadsegment(fs, 0);
memset(me->thread.tls_array, 0, GDT_ENTRY_TLS_ENTRIES * 8);
syscall_init();
-@@ -1268,7 +1220,6 @@ void __cpuinit cpu_init(void)
+@@ -1259,7 +1211,6 @@ void __cpuinit cpu_init(void)
wrmsrl(MSR_KERNEL_GS_BASE, 0);
barrier();
- x86_configure_nx();
- if (cpu != 0)
- enable_x2apic();
+ enable_x2apic();
-@@ -1321,7 +1272,7 @@ void __cpuinit cpu_init(void)
+ /*
+@@ -1311,7 +1262,7 @@ void __cpuinit cpu_init(void)
{
int cpu = smp_processor_id();
struct task_struct *curr = current;
if (cpumask_test_and_set_cpu(cpu, cpu_initialized_mask)) {
diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c
-index 198e019..867575e 100644
+index fcaabd0..7b55a26 100644
--- a/arch/x86/kernel/cpu/intel.c
+++ b/arch/x86/kernel/cpu/intel.c
@@ -174,7 +174,7 @@ static void __cpuinit trap_init_f00f_bug(void)
}
#endif
diff --git a/arch/x86/kernel/cpu/intel_cacheinfo.c b/arch/x86/kernel/cpu/intel_cacheinfo.c
-index 93c5451..3887433 100644
+index 84c1309..39b7224 100644
--- a/arch/x86/kernel/cpu/intel_cacheinfo.c
+++ b/arch/x86/kernel/cpu/intel_cacheinfo.c
-@@ -983,6 +983,22 @@ static struct attribute *default_attrs[] = {
+@@ -1017,6 +1017,22 @@ static struct attribute *default_attrs[] = {
};
#ifdef CONFIG_AMD_NB
static struct attribute ** __cpuinit amd_l3_attrs(void)
{
static struct attribute **attrs;
-@@ -993,18 +1009,7 @@ static struct attribute ** __cpuinit amd_l3_attrs(void)
+@@ -1027,18 +1043,7 @@ static struct attribute ** __cpuinit amd_l3_attrs(void)
n = ARRAY_SIZE(default_attrs);
if (amd_nb_has_feature(AMD_NB_L3_INDEX_DISABLE)) {
attrs[n++] = &cache_disable_0.attr;
-@@ -1055,6 +1060,13 @@ static struct kobj_type ktype_cache = {
+@@ -1089,6 +1094,13 @@ static struct kobj_type ktype_cache = {
.default_attrs = default_attrs,
};
static struct kobj_type ktype_percpu_entry = {
.sysfs_ops = &sysfs_ops,
};
-@@ -1120,20 +1132,26 @@ static int __cpuinit cache_add_dev(struct device *dev)
+@@ -1154,20 +1166,26 @@ static int __cpuinit cache_add_dev(struct device *dev)
return retval;
}
per_cpu(ici_cache_kobject, cpu),
"index%1lu", i);
if (unlikely(retval)) {
+@@ -1222,7 +1240,7 @@ static int __cpuinit cacheinfo_cpu_callback(struct notifier_block *nfb,
+ return NOTIFY_OK;
+ }
+
+-static struct notifier_block __cpuinitdata cacheinfo_cpu_notifier = {
++static struct notifier_block cacheinfo_cpu_notifier = {
+ .notifier_call = cacheinfo_cpu_callback,
+ };
+
diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c
-index 46cbf86..55c7292 100644
+index 80dbda8..be16652 100644
--- a/arch/x86/kernel/cpu/mcheck/mce.c
+++ b/arch/x86/kernel/cpu/mcheck/mce.c
@@ -45,6 +45,7 @@
#include "mce-internal.h"
-@@ -254,7 +255,7 @@ static void print_mce(struct mce *m)
+@@ -246,7 +247,7 @@ static void print_mce(struct mce *m)
!(m->mcgstatus & MCG_STATUS_EIPV) ? " !INEXACT!" : "",
m->cs, m->ip);
print_symbol("{%s}", m->ip);
pr_cont("\n");
}
-@@ -287,10 +288,10 @@ static void print_mce(struct mce *m)
+@@ -279,10 +280,10 @@ static void print_mce(struct mce *m)
#define PANIC_TIMEOUT 5 /* 5 seconds */
/* Panic in progress. Enable interrupts and wait for final IPI */
static void wait_for_panic(void)
-@@ -314,7 +315,7 @@ static void mce_panic(char *msg, struct mce *final, char *exp)
+@@ -306,7 +307,7 @@ static void mce_panic(char *msg, struct mce *final, char *exp)
/*
* Make sure only one CPU runs in machine check panic
*/
wait_for_panic();
barrier();
-@@ -322,7 +323,7 @@ static void mce_panic(char *msg, struct mce *final, char *exp)
+@@ -314,7 +315,7 @@ static void mce_panic(char *msg, struct mce *final, char *exp)
console_verbose();
} else {
/* Don't log too much for fake panic */
return;
}
/* First print corrected ones that are still unlogged */
-@@ -694,7 +695,7 @@ static int mce_timed_out(u64 *t)
+@@ -686,7 +687,7 @@ static int mce_timed_out(u64 *t)
* might have been modified by someone else.
*/
rmb();
- if (atomic_read(&mce_paniced))
+ if (atomic_read_unchecked(&mce_paniced))
wait_for_panic();
- if (!monarch_timeout)
+ if (!mca_cfg.monarch_timeout)
goto out;
-@@ -1659,7 +1660,7 @@ static void unexpected_machine_check(struct pt_regs *regs, long error_code)
+@@ -1662,7 +1663,7 @@ static void unexpected_machine_check(struct pt_regs *regs, long error_code)
}
/* Call the installed machine check handler for this CPU setup. */
unexpected_machine_check;
/*
-@@ -1682,7 +1683,9 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c)
+@@ -1685,7 +1686,9 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c)
return;
}
__mcheck_cpu_init_generic();
__mcheck_cpu_init_vendor(c);
-@@ -1696,7 +1699,7 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c)
+@@ -1699,7 +1702,7 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c)
*/
static DEFINE_SPINLOCK(mce_chrdev_state_lock);
static int mce_chrdev_open_exclu; /* already open exclusive? */
static int mce_chrdev_open(struct inode *inode, struct file *file)
-@@ -1704,7 +1707,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file)
+@@ -1707,7 +1710,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file)
spin_lock(&mce_chrdev_state_lock);
if (mce_chrdev_open_exclu ||
spin_unlock(&mce_chrdev_state_lock);
return -EBUSY;
-@@ -1712,7 +1715,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file)
+@@ -1715,7 +1718,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file)
if (file->f_flags & O_EXCL)
mce_chrdev_open_exclu = 1;
spin_unlock(&mce_chrdev_state_lock);
-@@ -1723,7 +1726,7 @@ static int mce_chrdev_release(struct inode *inode, struct file *file)
+@@ -1726,7 +1729,7 @@ static int mce_chrdev_release(struct inode *inode, struct file *file)
{
spin_lock(&mce_chrdev_state_lock);
mce_chrdev_open_exclu = 0;
spin_unlock(&mce_chrdev_state_lock);
-@@ -2367,7 +2370,7 @@ mce_cpu_callback(struct notifier_block *nfb, unsigned long action, void *hcpu)
+@@ -2372,7 +2375,7 @@ mce_cpu_callback(struct notifier_block *nfb, unsigned long action, void *hcpu)
return NOTIFY_OK;
}
-static struct notifier_block mce_cpu_notifier __cpuinitdata = {
-+static struct notifier_block mce_cpu_notifier __cpuinitconst = {
++static struct notifier_block mce_cpu_notifier = {
.notifier_call = mce_cpu_callback,
};
-@@ -2445,7 +2448,7 @@ struct dentry *mce_get_debugfs_dir(void)
+@@ -2382,7 +2385,7 @@ static __init void mce_init_banks(void)
+
+ for (i = 0; i < mca_cfg.banks; i++) {
+ struct mce_bank *b = &mce_banks[i];
+- struct device_attribute *a = &b->attr;
++ device_attribute_no_const *a = &b->attr;
+
+ sysfs_attr_init(&a->attr);
+ a->attr.name = b->attrname;
+@@ -2450,7 +2453,7 @@ struct dentry *mce_get_debugfs_dir(void)
static void mce_reset(void)
{
cpu_missing = 0;
/* Make sure the vector pointer is visible before we enable MCEs: */
wmb();
+diff --git a/arch/x86/kernel/cpu/mcheck/therm_throt.c b/arch/x86/kernel/cpu/mcheck/therm_throt.c
+index 47a1870..8c019a7 100644
+--- a/arch/x86/kernel/cpu/mcheck/therm_throt.c
++++ b/arch/x86/kernel/cpu/mcheck/therm_throt.c
+@@ -288,7 +288,7 @@ thermal_throttle_cpu_callback(struct notifier_block *nfb,
+ return notifier_from_errno(err);
+ }
+
+-static struct notifier_block thermal_throttle_cpu_notifier __cpuinitdata =
++static struct notifier_block thermal_throttle_cpu_notifier =
+ {
+ .notifier_call = thermal_throttle_cpu_callback,
+ };
diff --git a/arch/x86/kernel/cpu/mcheck/winchip.c b/arch/x86/kernel/cpu/mcheck/winchip.c
index 2d7998f..17c9de1 100644
--- a/arch/x86/kernel/cpu/mcheck/winchip.c
wmb();
diff --git a/arch/x86/kernel/cpu/mtrr/main.c b/arch/x86/kernel/cpu/mtrr/main.c
-index 6b96110..0da73eb 100644
+index 726bf96..81f0526 100644
--- a/arch/x86/kernel/cpu/mtrr/main.c
+++ b/arch/x86/kernel/cpu/mtrr/main.c
@@ -62,7 +62,7 @@ static DEFINE_MUTEX(mtrr_mutex);
extern int generic_get_free_region(unsigned long base, unsigned long size,
int replace_reg);
diff --git a/arch/x86/kernel/cpu/perf_event.c b/arch/x86/kernel/cpu/perf_event.c
-index d18b2b8..d3b834c 100644
+index 6774c17..72c1b22 100644
--- a/arch/x86/kernel/cpu/perf_event.c
+++ b/arch/x86/kernel/cpu/perf_event.c
-@@ -1759,7 +1759,7 @@ static unsigned long get_segment_base(unsigned int segment)
+@@ -1305,7 +1305,7 @@ static void __init pmu_check_apic(void)
+ pr_info("no hardware sampling interrupt available.\n");
+ }
+
+-static struct attribute_group x86_pmu_format_group = {
++static attribute_group_no_const x86_pmu_format_group = {
+ .name = "format",
+ .attrs = NULL,
+ };
+@@ -1313,7 +1313,7 @@ static struct attribute_group x86_pmu_format_group = {
+ struct perf_pmu_events_attr {
+ struct device_attribute attr;
+ u64 id;
+-};
++} __do_const;
+
+ /*
+ * Remove all undefined events (x86_pmu.event_map(id) == 0)
+@@ -1381,7 +1381,7 @@ static struct attribute *events_attr[] = {
+ NULL,
+ };
+
+-static struct attribute_group x86_pmu_events_group = {
++static attribute_group_no_const x86_pmu_events_group = {
+ .name = "events",
+ .attrs = events_attr,
+ };
+@@ -1880,7 +1880,7 @@ static unsigned long get_segment_base(unsigned int segment)
if (idx > GDT_ENTRIES)
return 0;
}
return get_desc_base(desc + idx);
-@@ -1849,7 +1849,7 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs)
+@@ -1970,7 +1970,7 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs)
break;
perf_callchain_store(entry, frame.return_address);
}
diff --git a/arch/x86/kernel/cpu/perf_event_intel.c b/arch/x86/kernel/cpu/perf_event_intel.c
-index 324bb52..1a93d85 100644
+index 4914e94..60b06e3 100644
--- a/arch/x86/kernel/cpu/perf_event_intel.c
+++ b/arch/x86/kernel/cpu/perf_event_intel.c
-@@ -1949,10 +1949,10 @@ __init int intel_pmu_init(void)
+@@ -1958,10 +1958,10 @@ __init int intel_pmu_init(void)
* v2 and above have a perf capabilities MSR
*/
if (version > 1) {
}
intel_ds_init();
-diff --git a/arch/x86/kernel/cpu/vmware.c b/arch/x86/kernel/cpu/vmware.c
-index d22d0c4..088eb6f 100644
---- a/arch/x86/kernel/cpu/vmware.c
-+++ b/arch/x86/kernel/cpu/vmware.c
-@@ -79,7 +79,7 @@ static void __init vmware_platform_setup(void)
- VMWARE_PORT(GETHZ, eax, ebx, ecx, edx);
-
- if (ebx != UINT_MAX)
-- x86_platform.calibrate_tsc = vmware_get_tsc_khz;
-+ *(void **)&x86_platform.calibrate_tsc = vmware_get_tsc_khz;
- else
- printk(KERN_WARNING
- "Failed to get TSC freq from the hypervisor\n");
+diff --git a/arch/x86/kernel/cpu/perf_event_intel_uncore.c b/arch/x86/kernel/cpu/perf_event_intel_uncore.c
+index b43200d..7fdcdbb 100644
+--- a/arch/x86/kernel/cpu/perf_event_intel_uncore.c
++++ b/arch/x86/kernel/cpu/perf_event_intel_uncore.c
+@@ -2428,7 +2428,7 @@ static void __init uncore_types_exit(struct intel_uncore_type **types)
+ static int __init uncore_type_init(struct intel_uncore_type *type)
+ {
+ struct intel_uncore_pmu *pmus;
+- struct attribute_group *events_group;
++ attribute_group_no_const *events_group;
+ struct attribute **attrs;
+ int i, j;
+
+@@ -2826,7 +2826,7 @@ static int
+ return NOTIFY_OK;
+ }
+
+-static struct notifier_block uncore_cpu_nb __cpuinitdata = {
++static struct notifier_block uncore_cpu_nb = {
+ .notifier_call = uncore_cpu_notifier,
+ /*
+ * to migrate uncore events, our notifier should be executed
+diff --git a/arch/x86/kernel/cpu/perf_event_intel_uncore.h b/arch/x86/kernel/cpu/perf_event_intel_uncore.h
+index e68a455..975a932 100644
+--- a/arch/x86/kernel/cpu/perf_event_intel_uncore.h
++++ b/arch/x86/kernel/cpu/perf_event_intel_uncore.h
+@@ -428,7 +428,7 @@ struct intel_uncore_box {
+ struct uncore_event_desc {
+ struct kobj_attribute attr;
+ const char *config;
+-};
++} __do_const;
+
+ #define INTEL_UNCORE_EVENT_DESC(_name, _config) \
+ { \
+diff --git a/arch/x86/kernel/cpuid.c b/arch/x86/kernel/cpuid.c
+index 60c7891..9e911d3 100644
+--- a/arch/x86/kernel/cpuid.c
++++ b/arch/x86/kernel/cpuid.c
+@@ -171,7 +171,7 @@ static int __cpuinit cpuid_class_cpu_callback(struct notifier_block *nfb,
+ return notifier_from_errno(err);
+ }
+
+-static struct notifier_block __refdata cpuid_class_cpu_notifier =
++static struct notifier_block cpuid_class_cpu_notifier =
+ {
+ .notifier_call = cpuid_class_cpu_callback,
+ };
diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c
-index 13ad899..f642b9a 100644
+index 74467fe..18793d5 100644
--- a/arch/x86/kernel/crash.c
+++ b/arch/x86/kernel/crash.c
-@@ -36,10 +36,8 @@ static void kdump_nmi_callback(int cpu, struct pt_regs *regs)
+@@ -58,10 +58,8 @@ static void kdump_nmi_callback(int cpu, struct pt_regs *regs)
{
#ifdef CONFIG_X86_32
struct pt_regs fixed_regs;
#include <asm/processor.h>
#include <asm/fcntl.h>
diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S
-index cf8639b..6c6a674 100644
+index 6ed91d9..6cc365b 100644
--- a/arch/x86/kernel/entry_32.S
+++ b/arch/x86/kernel/entry_32.S
@@ -177,13 +177,153 @@
CFI_ENDPROC
/*
* End of kprobes section
-@@ -772,8 +1004,15 @@ ENDPROC(ptregs_clone)
+@@ -753,8 +985,15 @@ PTREGSCALL1(vm86old)
* normal stack and adjusts ESP with the matching offset.
*/
/* fixup the stack */
shl $16, %eax
addl %esp, %eax /* the adjusted stack pointer */
pushl_cfi $__KERNEL_DS
-@@ -826,7 +1065,7 @@ vector=vector+1
+@@ -807,7 +1046,7 @@ vector=vector+1
.endr
2: jmp common_interrupt
.endr
.previous
END(interrupt)
-@@ -877,7 +1116,7 @@ ENTRY(coprocessor_error)
+@@ -858,7 +1097,7 @@ ENTRY(coprocessor_error)
pushl_cfi $do_coprocessor_error
jmp error_code
CFI_ENDPROC
ENTRY(simd_coprocessor_error)
RING0_INT_FRAME
-@@ -899,7 +1138,7 @@ ENTRY(simd_coprocessor_error)
+@@ -880,7 +1119,7 @@ ENTRY(simd_coprocessor_error)
#endif
jmp error_code
CFI_ENDPROC
ENTRY(device_not_available)
RING0_INT_FRAME
-@@ -908,18 +1147,18 @@ ENTRY(device_not_available)
+@@ -889,18 +1128,18 @@ ENTRY(device_not_available)
pushl_cfi $do_device_not_available
jmp error_code
CFI_ENDPROC
#endif
ENTRY(overflow)
-@@ -929,7 +1168,7 @@ ENTRY(overflow)
+@@ -910,7 +1149,7 @@ ENTRY(overflow)
pushl_cfi $do_overflow
jmp error_code
CFI_ENDPROC
ENTRY(bounds)
RING0_INT_FRAME
-@@ -938,7 +1177,7 @@ ENTRY(bounds)
+@@ -919,7 +1158,7 @@ ENTRY(bounds)
pushl_cfi $do_bounds
jmp error_code
CFI_ENDPROC
ENTRY(invalid_op)
RING0_INT_FRAME
-@@ -947,7 +1186,7 @@ ENTRY(invalid_op)
+@@ -928,7 +1167,7 @@ ENTRY(invalid_op)
pushl_cfi $do_invalid_op
jmp error_code
CFI_ENDPROC
ENTRY(coprocessor_segment_overrun)
RING0_INT_FRAME
-@@ -956,7 +1195,7 @@ ENTRY(coprocessor_segment_overrun)
+@@ -937,7 +1176,7 @@ ENTRY(coprocessor_segment_overrun)
pushl_cfi $do_coprocessor_segment_overrun
jmp error_code
CFI_ENDPROC
ENTRY(invalid_TSS)
RING0_EC_FRAME
-@@ -964,7 +1203,7 @@ ENTRY(invalid_TSS)
+@@ -945,7 +1184,7 @@ ENTRY(invalid_TSS)
pushl_cfi $do_invalid_TSS
jmp error_code
CFI_ENDPROC
ENTRY(segment_not_present)
RING0_EC_FRAME
-@@ -972,7 +1211,7 @@ ENTRY(segment_not_present)
+@@ -953,7 +1192,7 @@ ENTRY(segment_not_present)
pushl_cfi $do_segment_not_present
jmp error_code
CFI_ENDPROC
ENTRY(stack_segment)
RING0_EC_FRAME
-@@ -980,7 +1219,7 @@ ENTRY(stack_segment)
+@@ -961,7 +1200,7 @@ ENTRY(stack_segment)
pushl_cfi $do_stack_segment
jmp error_code
CFI_ENDPROC
ENTRY(alignment_check)
RING0_EC_FRAME
-@@ -988,7 +1227,7 @@ ENTRY(alignment_check)
+@@ -969,7 +1208,7 @@ ENTRY(alignment_check)
pushl_cfi $do_alignment_check
jmp error_code
CFI_ENDPROC
ENTRY(divide_error)
RING0_INT_FRAME
-@@ -997,7 +1236,7 @@ ENTRY(divide_error)
+@@ -978,7 +1217,7 @@ ENTRY(divide_error)
pushl_cfi $do_divide_error
jmp error_code
CFI_ENDPROC
#ifdef CONFIG_X86_MCE
ENTRY(machine_check)
-@@ -1007,7 +1246,7 @@ ENTRY(machine_check)
+@@ -988,7 +1227,7 @@ ENTRY(machine_check)
pushl_cfi machine_check_vector
jmp error_code
CFI_ENDPROC
#endif
ENTRY(spurious_interrupt_bug)
-@@ -1017,7 +1256,7 @@ ENTRY(spurious_interrupt_bug)
+@@ -998,7 +1237,7 @@ ENTRY(spurious_interrupt_bug)
pushl_cfi $do_spurious_interrupt_bug
jmp error_code
CFI_ENDPROC
/*
* End of kprobes section
*/
-@@ -1120,7 +1359,7 @@ BUILD_INTERRUPT3(xen_hvm_callback_vector, XEN_HVM_EVTCHN_CALLBACK,
+@@ -1101,7 +1340,7 @@ BUILD_INTERRUPT3(xen_hvm_callback_vector, XEN_HVM_EVTCHN_CALLBACK,
ENTRY(mcount)
ret
ENTRY(ftrace_caller)
cmpl $0, function_trace_stop
-@@ -1153,7 +1392,7 @@ ftrace_graph_call:
+@@ -1134,7 +1373,7 @@ ftrace_graph_call:
.globl ftrace_stub
ftrace_stub:
ret
ENTRY(ftrace_regs_caller)
pushf /* push flags before compare (in cs location) */
-@@ -1254,7 +1493,7 @@ trace:
+@@ -1235,7 +1474,7 @@ trace:
popl %ecx
popl %eax
jmp ftrace_stub
#endif /* CONFIG_DYNAMIC_FTRACE */
#endif /* CONFIG_FUNCTION_TRACER */
-@@ -1272,7 +1511,7 @@ ENTRY(ftrace_graph_caller)
+@@ -1253,7 +1492,7 @@ ENTRY(ftrace_graph_caller)
popl %ecx
popl %eax
ret
.globl return_to_handler
return_to_handler:
-@@ -1328,15 +1567,18 @@ error_code:
+@@ -1309,15 +1548,18 @@ error_code:
movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart
REG_TO_PTGS %ecx
SET_KERNEL_GS %ecx
/*
* Debug traps and NMI can happen at the one SYSENTER instruction
-@@ -1379,7 +1621,7 @@ debug_stack_correct:
+@@ -1360,7 +1602,7 @@ debug_stack_correct:
call do_debug
jmp ret_from_exception
CFI_ENDPROC
/*
* NMI is doubly nasty. It can happen _while_ we're handling
-@@ -1417,6 +1659,9 @@ nmi_stack_correct:
+@@ -1398,6 +1640,9 @@ nmi_stack_correct:
xorl %edx,%edx # zero error code
movl %esp,%eax # pt_regs pointer
call do_nmi
jmp restore_all_notrace
CFI_ENDPROC
-@@ -1453,12 +1698,15 @@ nmi_espfix_stack:
+@@ -1434,12 +1679,15 @@ nmi_espfix_stack:
FIXUP_ESPFIX_STACK # %eax == %esp
xorl %edx,%edx # zero error code
call do_nmi
ENTRY(int3)
RING0_INT_FRAME
-@@ -1471,14 +1719,14 @@ ENTRY(int3)
+@@ -1452,14 +1700,14 @@ ENTRY(int3)
call do_int3
jmp ret_from_exception
CFI_ENDPROC
#ifdef CONFIG_KVM_GUEST
ENTRY(async_page_fault)
-@@ -1487,7 +1735,7 @@ ENTRY(async_page_fault)
+@@ -1468,7 +1716,7 @@ ENTRY(async_page_fault)
pushl_cfi $do_async_page_fault
jmp error_code
CFI_ENDPROC
/*
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
-index 1328fe4..cb03298 100644
+index cb3c591..bc63707 100644
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
@@ -59,6 +59,8 @@
- #include <asm/rcu.h>
+ #include <asm/context_tracking.h>
#include <asm/smap.h>
#include <linux/err.h>
+#include <asm/pgtable.h>
+ENDPROC(\label)
.endm
- PTREGSCALL stub_clone, sys_clone, %r8
-@@ -860,9 +1158,10 @@ ENTRY(ptregscall_common)
+ .macro FORK_LIKE func
+@@ -856,9 +1154,10 @@ ENTRY(stub_\func)
+ DEFAULT_FRAME 0 8 /* offset 8: return address */
+ call sys_\func
+ RESTORE_TOP_OF_STACK %r11, 8
++ pax_force_retaddr
+ ret $REST_SKIP /* pop extended registers */
+ CFI_ENDPROC
+-END(stub_\func)
++ENDPROC(stub_\func)
+ .endm
+
+ FORK_LIKE clone
+@@ -875,9 +1174,10 @@ ENTRY(ptregscall_common)
movq_cfi_restore R12+8, r12
movq_cfi_restore RBP+8, rbp
movq_cfi_restore RBX+8, rbx
ENTRY(stub_execve)
CFI_STARTPROC
-@@ -876,7 +1175,7 @@ ENTRY(stub_execve)
+@@ -891,7 +1191,7 @@ ENTRY(stub_execve)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
/*
* sigreturn is special because it needs to restore all registers on return.
-@@ -894,7 +1193,7 @@ ENTRY(stub_rt_sigreturn)
+@@ -909,7 +1209,7 @@ ENTRY(stub_rt_sigreturn)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
+ENDPROC(stub_rt_sigreturn)
#ifdef CONFIG_X86_X32_ABI
- PTREGSCALL stub_x32_sigaltstack, sys32_sigaltstack, %rdx
-@@ -962,7 +1261,7 @@ vector=vector+1
+ ENTRY(stub_x32_rt_sigreturn)
+@@ -975,7 +1275,7 @@ vector=vector+1
2: jmp common_interrupt
.endr
CFI_ENDPROC
.previous
END(interrupt)
-@@ -982,6 +1281,16 @@ END(interrupt)
+@@ -995,6 +1295,16 @@ END(interrupt)
subq $ORIG_RAX-RBP, %rsp
CFI_ADJUST_CFA_OFFSET ORIG_RAX-RBP
SAVE_ARGS_IRQ
call \func
.endm
-@@ -1014,7 +1323,7 @@ ret_from_intr:
+@@ -1027,7 +1337,7 @@ ret_from_intr:
exit_intr:
GET_THREAD_INFO(%rcx)
je retint_kernel
/* Interrupt came from user space */
-@@ -1036,12 +1345,16 @@ retint_swapgs: /* return to user-space */
+@@ -1049,12 +1359,16 @@ retint_swapgs: /* return to user-space */
* The iretq could re-enable interrupts:
*/
DISABLE_INTERRUPTS(CLBR_ANY)
/*
* The iretq could re-enable interrupts:
*/
-@@ -1124,7 +1437,7 @@ ENTRY(retint_kernel)
+@@ -1137,7 +1451,7 @@ ENTRY(retint_kernel)
#endif
CFI_ENDPROC
/*
* End of kprobes section
*/
-@@ -1142,7 +1455,7 @@ ENTRY(\sym)
+@@ -1155,7 +1469,7 @@ ENTRY(\sym)
interrupt \do_sym
jmp ret_from_intr
CFI_ENDPROC
.endm
#ifdef CONFIG_SMP
-@@ -1198,12 +1511,22 @@ ENTRY(\sym)
+@@ -1211,12 +1525,22 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call error_entry
DEFAULT_FRAME 0
.endm
.macro paranoidzeroentry sym do_sym
-@@ -1216,15 +1539,25 @@ ENTRY(\sym)
+@@ -1229,15 +1553,25 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call save_paranoid
TRACE_IRQS_OFF
.macro paranoidzeroentry_ist sym do_sym ist
ENTRY(\sym)
INTR_FRAME
-@@ -1235,14 +1568,30 @@ ENTRY(\sym)
+@@ -1248,14 +1582,30 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call save_paranoid
TRACE_IRQS_OFF_DEBUG
.endm
.macro errorentry sym do_sym
-@@ -1254,13 +1603,23 @@ ENTRY(\sym)
+@@ -1267,13 +1617,23 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call error_entry
DEFAULT_FRAME 0
.endm
/* error code is on the stack already */
-@@ -1274,13 +1633,23 @@ ENTRY(\sym)
+@@ -1287,13 +1647,23 @@ ENTRY(\sym)
call save_paranoid
DEFAULT_FRAME 0
TRACE_IRQS_OFF
.endm
zeroentry divide_error do_divide_error
-@@ -1310,9 +1679,10 @@ gs_change:
+@@ -1323,9 +1693,10 @@ gs_change:
2: mfence /* workaround */
SWAPGS
popfq_cfi
_ASM_EXTABLE(gs_change,bad_gs)
.section .fixup,"ax"
-@@ -1340,9 +1710,10 @@ ENTRY(call_softirq)
+@@ -1353,9 +1724,10 @@ ENTRY(call_softirq)
CFI_DEF_CFA_REGISTER rsp
CFI_ADJUST_CFA_OFFSET -8
decl PER_CPU_VAR(irq_count)
#ifdef CONFIG_XEN
zeroentry xen_hypervisor_callback xen_do_hypervisor_callback
-@@ -1380,7 +1751,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
+@@ -1393,7 +1765,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
decl PER_CPU_VAR(irq_count)
jmp error_exit
CFI_ENDPROC
/*
* Hypervisor uses this for application faults while it executes.
-@@ -1439,7 +1810,7 @@ ENTRY(xen_failsafe_callback)
+@@ -1452,7 +1824,7 @@ ENTRY(xen_failsafe_callback)
SAVE_ALL
jmp error_exit
CFI_ENDPROC
apicinterrupt XEN_HVM_EVTCHN_CALLBACK \
xen_hvm_callback_vector xen_evtchn_do_upcall
-@@ -1488,16 +1859,31 @@ ENTRY(paranoid_exit)
+@@ -1501,16 +1873,31 @@ ENTRY(paranoid_exit)
TRACE_IRQS_OFF_DEBUG
testl %ebx,%ebx /* swapgs needed? */
jnz paranoid_restore
jmp irq_return
paranoid_userspace:
GET_THREAD_INFO(%rcx)
-@@ -1526,7 +1912,7 @@ paranoid_schedule:
+@@ -1539,7 +1926,7 @@ paranoid_schedule:
TRACE_IRQS_OFF
jmp paranoid_userspace
CFI_ENDPROC
/*
* Exception entry point. This expects an error code/orig_rax on the stack.
-@@ -1553,12 +1939,13 @@ ENTRY(error_entry)
+@@ -1566,12 +1953,13 @@ ENTRY(error_entry)
movq_cfi r14, R14+8
movq_cfi r15, R15+8
xorl %ebx,%ebx
ret
/*
-@@ -1585,7 +1972,7 @@ bstep_iret:
+@@ -1598,7 +1986,7 @@ bstep_iret:
movq %rcx,RIP+8(%rsp)
jmp error_swapgs
CFI_ENDPROC
/* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */
-@@ -1605,7 +1992,7 @@ ENTRY(error_exit)
+@@ -1618,7 +2006,7 @@ ENTRY(error_exit)
jnz retint_careful
jmp retint_swapgs
CFI_ENDPROC
/*
* Test if a given stack is an NMI stack or not.
-@@ -1663,9 +2050,11 @@ ENTRY(nmi)
+@@ -1676,9 +2064,11 @@ ENTRY(nmi)
* If %cs was not the kernel segment, then the NMI triggered in user
* space, which means it is definitely not nested.
*/
/*
* Check the special variable on the stack to see if NMIs are
* executing.
-@@ -1824,6 +2213,17 @@ end_repeat_nmi:
+@@ -1847,6 +2237,17 @@ end_repeat_nmi:
*/
movq %cr2, %r12
/* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
movq %rsp,%rdi
movq $-1,%rsi
-@@ -1839,21 +2239,32 @@ end_repeat_nmi:
+@@ -1862,23 +2263,34 @@ end_repeat_nmi:
testl %ebx,%ebx /* swapgs needed? */
jnz nmi_restore
nmi_swapgs:
+ pax_exit_kernel
+#endif
SWAPGS_UNSAFE_STACK
-+ RESTORE_ALL 8
++ RESTORE_ALL 6*8
+ /* Clear the NMI executing stack variable */
-+ movq $0, 10*8(%rsp)
++ movq $0, 5*8(%rsp)
+ jmp irq_return
nmi_restore:
+ pax_exit_kernel
- RESTORE_ALL 8
+ /* Pop the extra iret frame at once */
+ RESTORE_ALL 6*8
+ pax_force_retaddr_bts
+
/* Clear the NMI executing stack variable */
- movq $0, 10*8(%rsp)
+ movq $0, 5*8(%rsp)
jmp irq_return
CFI_ENDPROC
-END(nmi)
return -EFAULT;
diff --git a/arch/x86/kernel/head32.c b/arch/x86/kernel/head32.c
-index c18f59d..69ddbc4 100644
+index c18f59d..9c0c9f6 100644
--- a/arch/x86/kernel/head32.c
+++ b/arch/x86/kernel/head32.c
-@@ -18,20 +18,20 @@
+@@ -18,6 +18,7 @@
#include <asm/io_apic.h>
#include <asm/bios_ebda.h>
#include <asm/tlbflush.h>
static void __init i386_default_early_setup(void)
{
- /* Initialize 32bit specific setup functions */
-- x86_init.resources.reserve_resources = i386_reserve_resources;
-- x86_init.mpparse.setup_ioapic_ids = setup_ioapic_ids_from_mpc;
-+ *(void **)&x86_init.resources.reserve_resources = i386_reserve_resources;
-+ *(void **)&x86_init.mpparse.setup_ioapic_ids = setup_ioapic_ids_from_mpc;
-
- reserve_ebda_region();
- }
+@@ -30,8 +31,7 @@ static void __init i386_default_early_setup(void)
void __init i386_start_kernel(void)
{
#ifdef CONFIG_BLK_DEV_INITRD
/* Reserve INITRD */
diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S
-index 4dac2f6..bc6a335 100644
+index c8932c7..d56b622 100644
--- a/arch/x86/kernel/head_32.S
+++ b/arch/x86/kernel/head_32.S
@@ -26,6 +26,12 @@
num_subarch_entries = (. - subarch_entries) / 4
.previous
#else
-@@ -316,6 +388,7 @@ default_entry:
+@@ -335,6 +407,7 @@ default_entry:
movl pa(mmu_cr4_features),%eax
movl %eax,%cr4
testb $X86_CR4_PAE, %al # check if PAE is enabled
jz 6f
-@@ -344,6 +417,9 @@ default_entry:
+@@ -363,6 +436,9 @@ default_entry:
/* Make changes effective */
wrmsr
6:
/*
-@@ -442,14 +518,20 @@ is386: movl $2,%ecx # set MP
+@@ -460,14 +536,20 @@ is386: movl $2,%ecx # set MP
1: movl $(__KERNEL_DS),%eax # reload all the segment registers
movl %eax,%ss # after changing gdt.
movl %eax,%gs
xorl %eax,%eax # Clear LDT
-@@ -526,8 +608,11 @@ setup_once:
+@@ -544,8 +626,11 @@ setup_once:
* relocation. Manually set base address in stack canary
* segment descriptor.
*/
movw %cx, 8 * GDT_ENTRY_STACK_CANARY + 2(%eax)
shrl $16, %ecx
movb %cl, 8 * GDT_ENTRY_STACK_CANARY + 4(%eax)
-@@ -558,7 +643,7 @@ ENDPROC(early_idt_handlers)
+@@ -576,7 +661,7 @@ ENDPROC(early_idt_handlers)
/* This is global to keep gas from relaxing the jumps */
ENTRY(early_idt_handler)
cld
je hlt_loop
incl %ss:early_recursion_flag
-@@ -596,8 +681,8 @@ ENTRY(early_idt_handler)
+@@ -614,8 +699,8 @@ ENTRY(early_idt_handler)
pushl (20+6*4)(%esp) /* trapno */
pushl $fault_msg
call printk
hlt_loop:
hlt
jmp hlt_loop
-@@ -616,8 +701,11 @@ ENDPROC(early_idt_handler)
+@@ -634,8 +719,11 @@ ENDPROC(early_idt_handler)
/* This is the default interrupt "handler" :-) */
ALIGN
ignore_int:
pushl %eax
pushl %ecx
pushl %edx
-@@ -626,9 +714,6 @@ ignore_int:
+@@ -644,9 +732,6 @@ ignore_int:
movl $(__KERNEL_DS),%eax
movl %eax,%ds
movl %eax,%es
pushl 16(%esp)
pushl 24(%esp)
pushl 32(%esp)
-@@ -662,29 +747,43 @@ ENTRY(setup_once_ref)
+@@ -680,29 +765,43 @@ ENTRY(setup_once_ref)
/*
* BSS section
*/
ENTRY(initial_page_table)
.long pa(initial_pg_pmd+PGD_IDENT_ATTR),0 /* low identity map */
# if KPMDS == 3
-@@ -703,12 +802,20 @@ ENTRY(initial_page_table)
+@@ -721,12 +820,20 @@ ENTRY(initial_page_table)
# error "Kernel PMDs should be 1, 2 or 3"
# endif
.align PAGE_SIZE /* needs to be page-sized too */
__INITRODATA
int_msg:
-@@ -736,7 +843,7 @@ fault_msg:
+@@ -754,7 +861,7 @@ fault_msg:
* segment size, and 32-bit linear address value:
*/
.globl boot_gdt_descr
.globl idt_descr
-@@ -745,7 +852,7 @@ fault_msg:
+@@ -763,7 +870,7 @@ fault_msg:
.word 0 # 32 bit align gdt_desc.address
boot_gdt_descr:
.word __BOOT_DS+7
.word 0 # 32-bit align idt_desc.address
idt_descr:
-@@ -756,7 +863,7 @@ idt_descr:
+@@ -774,7 +881,7 @@ idt_descr:
.word 0 # 32 bit align gdt_desc.address
ENTRY(early_gdt_descr)
.word GDT_ENTRIES*8-1
/*
* The boot_gdt must mirror the equivalent in setup.S and is
-@@ -765,5 +872,65 @@ ENTRY(early_gdt_descr)
+@@ -783,5 +890,65 @@ ENTRY(early_gdt_descr)
.align L1_CACHE_BYTES
ENTRY(boot_gdt)
.fill GDT_ENTRY_BOOT_CS,8,0
+ .fill PAGE_SIZE_asm - GDT_SIZE,1,0
+ .endr
diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
-index 94bf9cc..400455a 100644
+index 980053c..74d3b44 100644
--- a/arch/x86/kernel/head_64.S
+++ b/arch/x86/kernel/head_64.S
@@ -20,6 +20,8 @@
movq initial_code(%rip),%rax
pushq $0 # fake return address to stop unwinder
pushq $__KERNEL_CS # set correct cs
-@@ -268,7 +273,7 @@ ENTRY(secondary_startup_64)
+@@ -284,7 +289,7 @@ ENDPROC(start_cpu0)
bad_address:
jmp bad_address
.globl early_idt_handlers
early_idt_handlers:
# 104(%rsp) %rflags
-@@ -347,11 +352,15 @@ ENTRY(early_idt_handler)
+@@ -343,7 +348,7 @@ ENTRY(early_idt_handler)
+ call dump_stack
+ #ifdef CONFIG_KALLSYMS
+ leaq early_idt_ripmsg(%rip),%rdi
+- movq 40(%rsp),%rsi # %rip again
++ movq 88(%rsp),%rsi # %rip again
+ call __print_symbol
+ #endif
+ #endif /* EARLY_PRINTK */
+@@ -363,11 +368,15 @@ ENTRY(early_idt_handler)
addq $16,%rsp # drop vector number and error code
decl early_recursion_flag(%rip)
INTERRUPT_RETURN
#ifdef CONFIG_EARLY_PRINTK
early_idt_msg:
.asciz "PANIC: early exception %02lx rip %lx:%lx error %lx cr2 %lx\n"
-@@ -360,6 +369,7 @@ early_idt_ripmsg:
+@@ -376,6 +385,7 @@ early_idt_ripmsg:
#endif /* CONFIG_EARLY_PRINTK */
.previous
#define NEXT_PAGE(name) \
.balign PAGE_SIZE; \
ENTRY(name)
-@@ -372,7 +382,6 @@ ENTRY(name)
+@@ -388,7 +398,6 @@ ENTRY(name)
i = i + 1 ; \
.endr
/*
* This default setting generates an ident mapping at address 0x100000
* and a mapping for the kernel that precisely maps virtual address
-@@ -383,13 +392,41 @@ NEXT_PAGE(init_level4_pgt)
+@@ -399,13 +408,41 @@ NEXT_PAGE(init_level4_pgt)
.quad level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE
.org init_level4_pgt + L4_PAGE_OFFSET*8, 0
.quad level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE
NEXT_PAGE(level3_kernel_pgt)
.fill L3_START_KERNEL,8,0
-@@ -397,20 +434,23 @@ NEXT_PAGE(level3_kernel_pgt)
+@@ -413,20 +450,23 @@ NEXT_PAGE(level3_kernel_pgt)
.quad level2_kernel_pgt - __START_KERNEL_map + _KERNPG_TABLE
.quad level2_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE
NEXT_PAGE(level2_kernel_pgt)
/*
-@@ -423,37 +463,59 @@ NEXT_PAGE(level2_kernel_pgt)
+@@ -439,37 +479,59 @@ NEXT_PAGE(level2_kernel_pgt)
* If you want to increase this then increase MODULES_VADDR
* too.)
*/
+EXPORT_SYMBOL(__LOAD_PHYSICAL_ADDR);
+#endif
diff --git a/arch/x86/kernel/i387.c b/arch/x86/kernel/i387.c
-index 675a050..95febfd 100644
+index 245a71d..89d9ce4 100644
--- a/arch/x86/kernel/i387.c
+++ b/arch/x86/kernel/i387.c
@@ -55,7 +55,7 @@ static inline bool interrupted_kernel_fpu_idle(void)
/*
diff --git a/arch/x86/kernel/i8259.c b/arch/x86/kernel/i8259.c
-index 9a5c460..dc4374d 100644
+index 9a5c460..b332a4b 100644
--- a/arch/x86/kernel/i8259.c
+++ b/arch/x86/kernel/i8259.c
@@ -209,7 +209,7 @@ spurious_8259A_irq:
/*
* Theoretically we do not have to handle this IRQ,
* but in Linux this does not cause problems and is
+@@ -333,14 +333,16 @@ static void init_8259A(int auto_eoi)
+ /* (slave's support for AEOI in flat mode is to be investigated) */
+ outb_pic(SLAVE_ICW4_DEFAULT, PIC_SLAVE_IMR);
+
++ pax_open_kernel();
+ if (auto_eoi)
+ /*
+ * In AEOI mode we just have to mask the interrupt
+ * when acking.
+ */
+- i8259A_chip.irq_mask_ack = disable_8259A_irq;
++ *(void **)&i8259A_chip.irq_mask_ack = disable_8259A_irq;
+ else
+- i8259A_chip.irq_mask_ack = mask_and_ack_8259A;
++ *(void **)&i8259A_chip.irq_mask_ack = mask_and_ack_8259A;
++ pax_close_kernel();
+
+ udelay(100); /* wait for 8259A to initialize */
+
+diff --git a/arch/x86/kernel/io_delay.c b/arch/x86/kernel/io_delay.c
+index a979b5b..1d6db75 100644
+--- a/arch/x86/kernel/io_delay.c
++++ b/arch/x86/kernel/io_delay.c
+@@ -58,7 +58,7 @@ static int __init dmi_io_delay_0xed_port(const struct dmi_system_id *id)
+ * Quirk table for systems that misbehave (lock up, etc.) if port
+ * 0x80 is used:
+ */
+-static struct dmi_system_id __initdata io_delay_0xed_port_dmi_table[] = {
++static const struct dmi_system_id __initconst io_delay_0xed_port_dmi_table[] = {
+ {
+ .callback = dmi_io_delay_0xed_port,
+ .ident = "Compaq Presario V6000",
diff --git a/arch/x86/kernel/ioport.c b/arch/x86/kernel/ioport.c
index 8c96897..be66bfa 100644
--- a/arch/x86/kernel/ioport.c
switch (val) {
diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c
-index 4180a87..4678e4f 100644
+index 9c2bd8b..bb1131c 100644
--- a/arch/x86/kernel/kvm.c
+++ b/arch/x86/kernel/kvm.c
-@@ -267,7 +267,7 @@ static void __init paravirt_ops_setup(void)
- pv_info.paravirt_enabled = 1;
-
- if (kvm_para_has_feature(KVM_FEATURE_NOP_IO_DELAY))
-- pv_cpu_ops.io_delay = kvm_io_delay;
-+ *(void **)&pv_cpu_ops.io_delay = kvm_io_delay;
-
- #ifdef CONFIG_X86_IO_APIC
- no_timer_check = 1;
-@@ -461,18 +461,18 @@ void __init kvm_guest_init(void)
- for (i = 0; i < KVM_TASK_SLEEP_HASHSIZE; i++)
- spin_lock_init(&async_pf_sleepers[i].lock);
- if (kvm_para_has_feature(KVM_FEATURE_ASYNC_PF))
-- x86_init.irqs.trap_init = kvm_apf_trap_init;
-+ *(void **)&x86_init.irqs.trap_init = kvm_apf_trap_init;
-
- if (kvm_para_has_feature(KVM_FEATURE_STEAL_TIME)) {
- has_steal_clock = 1;
-- pv_time_ops.steal_clock = kvm_steal_clock;
-+ *(void **)&pv_time_ops.steal_clock = kvm_steal_clock;
- }
-
- if (kvm_para_has_feature(KVM_FEATURE_PV_EOI))
- apic_set_eoi_write(kvm_guest_apic_eoi_write);
+@@ -452,7 +452,7 @@ static int __cpuinit kvm_cpu_notify(struct notifier_block *self,
+ return NOTIFY_OK;
+ }
- #ifdef CONFIG_SMP
-- smp_ops.smp_prepare_boot_cpu = kvm_smp_prepare_boot_cpu;
-+ *(void **)&smp_ops.smp_prepare_boot_cpu = kvm_smp_prepare_boot_cpu;
- register_cpu_notifier(&kvm_cpu_notifier);
- #else
- kvm_guest_cpu_init();
-diff --git a/arch/x86/kernel/kvmclock.c b/arch/x86/kernel/kvmclock.c
-index f1b42b3..27ac4e7 100644
---- a/arch/x86/kernel/kvmclock.c
-+++ b/arch/x86/kernel/kvmclock.c
-@@ -211,19 +211,19 @@ void __init kvmclock_init(void)
-
- if (kvm_register_clock("boot clock"))
- return;
-- pv_time_ops.sched_clock = kvm_clock_read;
-- x86_platform.calibrate_tsc = kvm_get_tsc_khz;
-- x86_platform.get_wallclock = kvm_get_wallclock;
-- x86_platform.set_wallclock = kvm_set_wallclock;
-+ *(void **)&pv_time_ops.sched_clock = kvm_clock_read;
-+ *(void **)&x86_platform.calibrate_tsc = kvm_get_tsc_khz;
-+ *(void **)&x86_platform.get_wallclock = kvm_get_wallclock;
-+ *(void **)&x86_platform.set_wallclock = kvm_set_wallclock;
- #ifdef CONFIG_X86_LOCAL_APIC
-- x86_cpuinit.early_percpu_clock_init =
-+ *(void **)&x86_cpuinit.early_percpu_clock_init =
- kvm_setup_secondary_clock;
- #endif
-- x86_platform.save_sched_clock_state = kvm_save_sched_clock_state;
-- x86_platform.restore_sched_clock_state = kvm_restore_sched_clock_state;
-- machine_ops.shutdown = kvm_shutdown;
-+ *(void **)&x86_platform.save_sched_clock_state = kvm_save_sched_clock_state;
-+ *(void **)&x86_platform.restore_sched_clock_state = kvm_restore_sched_clock_state;
-+ *(void **)&machine_ops.shutdown = kvm_shutdown;
- #ifdef CONFIG_KEXEC
-- machine_ops.crash_shutdown = kvm_crash_shutdown;
-+ *(void **)&machine_ops.crash_shutdown = kvm_crash_shutdown;
+-static struct notifier_block __cpuinitdata kvm_cpu_notifier = {
++static struct notifier_block kvm_cpu_notifier = {
+ .notifier_call = kvm_cpu_notify,
+ };
#endif
- kvm_get_preset_lpj();
- clocksource_register_hz(&kvm_clock, NSEC_PER_SEC);
diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c
index ebc9873..1b9724b 100644
--- a/arch/x86/kernel/ldt.c
relocate_kernel_ptr = control_page;
page_list[PA_CONTROL_PAGE] = __pa(control_page);
+diff --git a/arch/x86/kernel/microcode_core.c b/arch/x86/kernel/microcode_core.c
+index 3a04b22..1d2eb09 100644
+--- a/arch/x86/kernel/microcode_core.c
++++ b/arch/x86/kernel/microcode_core.c
+@@ -512,7 +512,7 @@ mc_cpu_callback(struct notifier_block *nb, unsigned long action, void *hcpu)
+ return NOTIFY_OK;
+ }
+
+-static struct notifier_block __refdata mc_cpu_notifier = {
++static struct notifier_block mc_cpu_notifier = {
+ .notifier_call = mc_cpu_callback,
+ };
+
diff --git a/arch/x86/kernel/microcode_intel.c b/arch/x86/kernel/microcode_intel.c
index 3544aed..01ddc1c 100644
--- a/arch/x86/kernel/microcode_intel.c
#if 0
if ((s64)val != *(s32 *)loc)
goto overflow;
+diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c
+index 4929502..686c291 100644
+--- a/arch/x86/kernel/msr.c
++++ b/arch/x86/kernel/msr.c
+@@ -234,7 +234,7 @@ static int __cpuinit msr_class_cpu_callback(struct notifier_block *nfb,
+ return notifier_from_errno(err);
+ }
+
+-static struct notifier_block __refdata msr_class_cpu_notifier = {
++static struct notifier_block msr_class_cpu_notifier = {
+ .notifier_call = msr_class_cpu_callback,
+ };
+
diff --git a/arch/x86/kernel/nmi.c b/arch/x86/kernel/nmi.c
-index f84f5c5..e27e54b 100644
+index f84f5c5..f404e81 100644
--- a/arch/x86/kernel/nmi.c
+++ b/arch/x86/kernel/nmi.c
+@@ -105,7 +105,7 @@ static int __kprobes nmi_handle(unsigned int type, struct pt_regs *regs, bool b2
+ return handled;
+ }
+
+-int __register_nmi_handler(unsigned int type, struct nmiaction *action)
++int __register_nmi_handler(unsigned int type, const struct nmiaction *action)
+ {
+ struct nmi_desc *desc = nmi_to_desc(type);
+ unsigned long flags;
+@@ -129,9 +129,9 @@ int __register_nmi_handler(unsigned int type, struct nmiaction *action)
+ * event confuses some handlers (kdump uses this flag)
+ */
+ if (action->flags & NMI_FLAG_FIRST)
+- list_add_rcu(&action->list, &desc->head);
++ pax_list_add_rcu((struct list_head *)&action->list, &desc->head);
+ else
+- list_add_tail_rcu(&action->list, &desc->head);
++ pax_list_add_tail_rcu((struct list_head *)&action->list, &desc->head);
+
+ spin_unlock_irqrestore(&desc->lock, flags);
+ return 0;
+@@ -154,7 +154,7 @@ void unregister_nmi_handler(unsigned int type, const char *name)
+ if (!strcmp(n->name, name)) {
+ WARN(in_nmi(),
+ "Trying to free NMI (%s) from NMI context!\n", n->name);
+- list_del_rcu(&n->list);
++ pax_list_del_rcu((struct list_head *)&n->list);
+ break;
+ }
+ }
@@ -479,6 +479,17 @@ static inline void nmi_nesting_postprocess(void)
dotraplinkage notrace __kprobes void
do_nmi(struct pt_regs *regs, long error_code)
nmi_nesting_preprocess(regs);
nmi_enter();
+diff --git a/arch/x86/kernel/nmi_selftest.c b/arch/x86/kernel/nmi_selftest.c
+index 6d9582e..f746287 100644
+--- a/arch/x86/kernel/nmi_selftest.c
++++ b/arch/x86/kernel/nmi_selftest.c
+@@ -43,7 +43,7 @@ static void __init init_nmi_testsuite(void)
+ {
+ /* trap all the unknown NMIs we may generate */
+ register_nmi_handler(NMI_UNKNOWN, nmi_unk_cb, 0, "nmi_selftest_unk",
+- __initdata);
++ __initconst);
+ }
+
+ static void __init cleanup_nmi_testsuite(void)
+@@ -66,7 +66,7 @@ static void __init test_nmi_ipi(struct cpumask *mask)
+ unsigned long timeout;
+
+ if (register_nmi_handler(NMI_LOCAL, test_nmi_ipi_callback,
+- NMI_FLAG_FIRST, "nmi_selftest", __initdata)) {
++ NMI_FLAG_FIRST, "nmi_selftest", __initconst)) {
+ nmi_fail = FAILURE;
+ return;
+ }
diff --git a/arch/x86/kernel/paravirt-spinlocks.c b/arch/x86/kernel/paravirt-spinlocks.c
index 676b8c7..870ba04 100644
--- a/arch/x86/kernel/paravirt-spinlocks.c
.spin_is_locked = __ticket_spin_is_locked,
.spin_is_contended = __ticket_spin_is_contended,
diff --git a/arch/x86/kernel/paravirt.c b/arch/x86/kernel/paravirt.c
-index 17fff18..0f5f957 100644
+index 17fff18..5cfa0f4 100644
--- a/arch/x86/kernel/paravirt.c
+++ b/arch/x86/kernel/paravirt.c
@@ -55,6 +55,9 @@ u64 _paravirt_ident_64(u64 x)
.name = "bare hardware",
.paravirt_enabled = 0,
.kernel_rpl = 0,
-@@ -324,7 +331,7 @@ struct pv_time_ops pv_time_ops = {
+@@ -315,16 +322,16 @@ struct pv_info pv_info = {
+ #endif
+ };
+
+-struct pv_init_ops pv_init_ops = {
++struct pv_init_ops pv_init_ops __read_only = {
+ .patch = native_patch,
+ };
+
+-struct pv_time_ops pv_time_ops = {
++struct pv_time_ops pv_time_ops __read_only = {
+ .sched_clock = native_sched_clock,
.steal_clock = native_steal_clock,
};
.save_fl = __PV_IS_CALLEE_SAVE(native_save_fl),
.restore_fl = __PV_IS_CALLEE_SAVE(native_restore_fl),
.irq_disable = __PV_IS_CALLEE_SAVE(native_irq_disable),
-@@ -401,15 +408,20 @@ struct pv_apic_ops pv_apic_ops = {
+@@ -336,7 +343,7 @@ struct pv_irq_ops pv_irq_ops = {
+ #endif
+ };
+
+-struct pv_cpu_ops pv_cpu_ops = {
++struct pv_cpu_ops pv_cpu_ops __read_only = {
+ .cpuid = native_cpuid,
+ .get_debugreg = native_get_debugreg,
+ .set_debugreg = native_set_debugreg,
+@@ -395,21 +402,26 @@ struct pv_cpu_ops pv_cpu_ops = {
+ .end_context_switch = paravirt_nop,
+ };
+
+-struct pv_apic_ops pv_apic_ops = {
++struct pv_apic_ops pv_apic_ops __read_only= {
+ #ifdef CONFIG_X86_LOCAL_APIC
+ .startup_ipi_hook = paravirt_nop,
#endif
};
};
EXPORT_SYMBOL_GPL(pv_time_ops);
-diff --git a/arch/x86/kernel/pci-calgary_64.c b/arch/x86/kernel/pci-calgary_64.c
-index 299d493..79c13dd 100644
---- a/arch/x86/kernel/pci-calgary_64.c
-+++ b/arch/x86/kernel/pci-calgary_64.c
-@@ -1461,7 +1461,7 @@ int __init detect_calgary(void)
- printk(KERN_INFO "PCI-DMA: Calgary TCE table spec is %d\n",
- specified_table_size);
-
-- x86_init.iommu.iommu_init = calgary_iommu_init;
-+ *(void **)&x86_init.iommu.iommu_init = calgary_iommu_init;
- }
- return calgary_found;
-
diff --git a/arch/x86/kernel/pci-iommu_table.c b/arch/x86/kernel/pci-iommu_table.c
index 35ccf75..7a15747 100644
--- a/arch/x86/kernel/pci-iommu_table.c
#define DEBUG 1
+diff --git a/arch/x86/kernel/pci-swiotlb.c b/arch/x86/kernel/pci-swiotlb.c
+index 6c483ba..d10ce2f 100644
+--- a/arch/x86/kernel/pci-swiotlb.c
++++ b/arch/x86/kernel/pci-swiotlb.c
+@@ -32,7 +32,7 @@ static void x86_swiotlb_free_coherent(struct device *dev, size_t size,
+ void *vaddr, dma_addr_t dma_addr,
+ struct dma_attrs *attrs)
+ {
+- swiotlb_free_coherent(dev, size, vaddr, dma_addr);
++ swiotlb_free_coherent(dev, size, vaddr, dma_addr, attrs);
+ }
+
+ static struct dma_map_ops swiotlb_dma_ops = {
diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
-index b644e1c..4a6d379 100644
+index 2ed787f..f70c9f6 100644
--- a/arch/x86/kernel/process.c
+++ b/arch/x86/kernel/process.c
@@ -36,7 +36,8 @@
flush_ptrace_hw_breakpoint(tsk);
memset(tsk->thread.tls_array, 0, sizeof(tsk->thread.tls_array));
drop_init_fpu(tsk);
-@@ -336,7 +340,7 @@ static void __exit_idle(void)
+@@ -301,7 +305,7 @@ static void __exit_idle(void)
void exit_idle(void)
{
/* idle loop has pid 0 */
return;
__exit_idle();
}
-@@ -445,7 +449,7 @@ bool set_pm_idle_to_default(void)
+@@ -404,7 +408,7 @@ bool set_pm_idle_to_default(void)
return ret;
}
{
local_irq_disable();
/*
-@@ -673,16 +677,37 @@ static int __init idle_setup(char *str)
+@@ -632,16 +636,37 @@ static int __init idle_setup(char *str)
}
early_param("idle", idle_setup);
+}
+#endif
diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c
-index 44e0bff..5ceb99c 100644
+index b5a8905..d9cacac 100644
--- a/arch/x86/kernel/process_32.c
+++ b/arch/x86/kernel/process_32.c
@@ -65,6 +65,7 @@ asmlinkage void ret_from_kernel_thread(void) __asm__("ret_from_kernel_thread");
print_symbol("EIP is at %s\n", regs->ip);
printk(KERN_DEFAULT "EAX: %08lx EBX: %08lx ECX: %08lx EDX: %08lx\n",
-@@ -131,20 +131,21 @@ int copy_thread(unsigned long clone_flags, unsigned long sp,
- unsigned long arg,
- struct task_struct *p, struct pt_regs *regs)
+@@ -130,20 +130,21 @@ void release_thread(struct task_struct *dead_task)
+ int copy_thread(unsigned long clone_flags, unsigned long sp,
+ unsigned long arg, struct task_struct *p)
{
- struct pt_regs *childregs = task_pt_regs(p);
+ struct pt_regs *childregs = task_stack_page(p) + THREAD_SIZE - sizeof(struct pt_regs) - 8;
p->thread.sp0 = (unsigned long) (childregs+1);
+ p->tinfo.lowest_stack = (unsigned long)task_stack_page(p);
- if (unlikely(!regs)) {
+ if (unlikely(p->flags & PF_KTHREAD)) {
/* kernel thread */
memset(childregs, 0, sizeof(struct pt_regs));
p->thread.ip = (unsigned long) ret_from_kernel_thread;
}
-
diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
-index 16c6365..5d32218 100644
+index 6e68a61..955a9a5 100644
--- a/arch/x86/kernel/process_64.c
+++ b/arch/x86/kernel/process_64.c
-@@ -153,10 +153,11 @@ int copy_thread(unsigned long clone_flags, unsigned long sp,
+@@ -152,10 +152,11 @@ int copy_thread(unsigned long clone_flags, unsigned long sp,
struct pt_regs *childregs;
struct task_struct *me = current;
ip = *(u64 *)(fp+8);
if (!in_sched_functions(ip))
diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c
-index 974b67e..12cb2b5 100644
+index b629bbe..0fa615a 100644
--- a/arch/x86/kernel/ptrace.c
+++ b/arch/x86/kernel/ptrace.c
-@@ -183,14 +183,13 @@ unsigned long kernel_stack_pointer(struct pt_regs *regs)
+@@ -184,14 +184,13 @@ unsigned long kernel_stack_pointer(struct pt_regs *regs)
{
unsigned long context = (unsigned long)regs & ~(THREAD_SIZE - 1);
unsigned long sp = (unsigned long)®s->sp;
return (unsigned long)regs;
}
-@@ -587,7 +586,7 @@ static void ptrace_triggered(struct perf_event *bp,
+@@ -588,7 +587,7 @@ static void ptrace_triggered(struct perf_event *bp,
static unsigned long ptrace_get_dr7(struct perf_event *bp[])
{
int i;
struct arch_hw_breakpoint *info;
for (i = 0; i < HBP_NUM; i++) {
-@@ -855,7 +854,7 @@ long arch_ptrace(struct task_struct *child, long request,
+@@ -856,7 +855,7 @@ long arch_ptrace(struct task_struct *child, long request,
unsigned long addr, unsigned long data)
{
int ret;
switch (request) {
/* read the word at location addr in the USER area. */
-@@ -940,14 +939,14 @@ long arch_ptrace(struct task_struct *child, long request,
+@@ -941,14 +940,14 @@ long arch_ptrace(struct task_struct *child, long request,
if ((int) addr < 0)
return -EIO;
ret = do_get_thread_area(child, addr,
break;
#endif
-@@ -1325,7 +1324,7 @@ long compat_arch_ptrace(struct task_struct *child, compat_long_t request,
+@@ -1326,7 +1325,7 @@ long compat_arch_ptrace(struct task_struct *child, compat_long_t request,
#ifdef CONFIG_X86_64
-static struct user_regset x86_64_regsets[] __read_mostly = {
-+static struct user_regset x86_64_regsets[] = {
++static user_regset_no_const x86_64_regsets[] __read_only = {
[REGSET_GENERAL] = {
.core_note_type = NT_PRSTATUS,
.n = sizeof(struct user_regs_struct) / sizeof(long),
-@@ -1366,7 +1365,7 @@ static const struct user_regset_view user_x86_64_view = {
+@@ -1367,7 +1366,7 @@ static const struct user_regset_view user_x86_64_view = {
#endif /* CONFIG_X86_64 */
#if defined CONFIG_X86_32 || defined CONFIG_IA32_EMULATION
-static struct user_regset x86_32_regsets[] __read_mostly = {
-+static struct user_regset x86_32_regsets[] = {
++static user_regset_no_const x86_32_regsets[] __read_only = {
[REGSET_GENERAL] = {
.core_note_type = NT_PRSTATUS,
.n = sizeof(struct user_regs_struct32) / sizeof(u32),
-@@ -1419,13 +1418,13 @@ static const struct user_regset_view user_x86_32_view = {
+@@ -1420,7 +1419,7 @@ static const struct user_regset_view user_x86_32_view = {
*/
u64 xstate_fx_sw_bytes[USER_XSTATE_FX_SW_WORDS];
+void __init update_regset_xstate_info(unsigned int size, u64 xstate_mask)
{
#ifdef CONFIG_X86_64
-- x86_64_regsets[REGSET_XSTATE].n = size / sizeof(u64);
-+ *(unsigned int *)&x86_64_regsets[REGSET_XSTATE].n = size / sizeof(u64);
- #endif
- #if defined CONFIG_X86_32 || defined CONFIG_IA32_EMULATION
-- x86_32_regsets[REGSET_XSTATE].n = size / sizeof(u64);
-+ *(unsigned int *)&x86_32_regsets[REGSET_XSTATE].n = size / sizeof(u64);
- #endif
- xstate_fx_sw_bytes[USER_XSTATE_XCR0_WORD] = xstate_mask;
- }
-@@ -1454,7 +1453,7 @@ static void fill_sigtrap_info(struct task_struct *tsk,
+ x86_64_regsets[REGSET_XSTATE].n = size / sizeof(u64);
+@@ -1455,7 +1454,7 @@ static void fill_sigtrap_info(struct task_struct *tsk,
memset(info, 0, sizeof(*info));
info->si_signo = SIGTRAP;
info->si_code = si_code;
}
void user_single_step_siginfo(struct task_struct *tsk,
-@@ -1483,6 +1482,10 @@ void send_sigtrap(struct task_struct *tsk, struct pt_regs *regs,
+@@ -1484,6 +1483,10 @@ void send_sigtrap(struct task_struct *tsk, struct pt_regs *regs,
# define IS_IA32 0
#endif
/*
* We must return the syscall number to actually look up in the table.
* This can be -1L to skip running any syscall at all.
-@@ -1493,6 +1496,11 @@ long syscall_trace_enter(struct pt_regs *regs)
+@@ -1494,6 +1497,11 @@ long syscall_trace_enter(struct pt_regs *regs)
- rcu_user_exit();
+ user_exit();
+#ifdef CONFIG_GRKERNSEC_SETXID
+ if (unlikely(test_and_clear_thread_flag(TIF_GRSEC_SETXID)))
/*
* If we stepped into a sysenter/syscall insn, it trapped in
* kernel mode; do_debug() cleared TF and set TIF_SINGLESTEP.
-@@ -1548,6 +1556,11 @@ void syscall_trace_leave(struct pt_regs *regs)
+@@ -1549,6 +1557,11 @@ void syscall_trace_leave(struct pt_regs *regs)
*/
- rcu_user_exit();
+ user_exit();
+#ifdef CONFIG_GRKERNSEC_SETXID
+ if (unlikely(test_and_clear_thread_flag(TIF_GRSEC_SETXID)))
if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
diff --git a/arch/x86/kernel/pvclock.c b/arch/x86/kernel/pvclock.c
-index 42eb330..139955c 100644
+index 2cb9470..ff1fd80 100644
--- a/arch/x86/kernel/pvclock.c
+++ b/arch/x86/kernel/pvclock.c
-@@ -81,11 +81,11 @@ unsigned long pvclock_tsc_khz(struct pvclock_vcpu_time_info *src)
+@@ -43,11 +43,11 @@ unsigned long pvclock_tsc_khz(struct pvclock_vcpu_time_info *src)
return pv_tsc_khz;
}
+ atomic64_set_unchecked(&last_value, 0);
}
- cycle_t pvclock_clocksource_read(struct pvclock_vcpu_time_info *src)
-@@ -121,11 +121,11 @@ cycle_t pvclock_clocksource_read(struct pvclock_vcpu_time_info *src)
+ u8 pvclock_read_flags(struct pvclock_vcpu_time_info *src)
+@@ -92,11 +92,11 @@ cycle_t pvclock_clocksource_read(struct pvclock_vcpu_time_info *src)
* updating at the same time, and one of them could be slightly behind,
* making the assumption that last_value always go forward fail to hold.
*/
return ret;
diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c
-index 76fa1e9..a93c759 100644
+index 76fa1e9..abf09ea 100644
--- a/arch/x86/kernel/reboot.c
+++ b/arch/x86/kernel/reboot.c
@@ -36,7 +36,7 @@ void (*pm_power_off)(void);
{
if (pm_power_off) {
if (!reboot_force)
-@@ -688,6 +715,7 @@ static void native_machine_power_off(void)
+@@ -688,9 +715,10 @@ static void native_machine_power_off(void)
}
/* A fallback in case there is no PM info available */
tboot_shutdown(TB_SHUTDOWN_HALT);
+ unreachable();
}
- struct machine_ops machine_ops = {
+-struct machine_ops machine_ops = {
++struct machine_ops machine_ops __read_only = {
+ .power_off = native_machine_power_off,
+ .shutdown = native_machine_shutdown,
+ .emergency_restart = native_machine_emergency_restart,
diff --git a/arch/x86/kernel/relocate_kernel_64.S b/arch/x86/kernel/relocate_kernel_64.S
index 7a6f3b3..bed145d7 100644
--- a/arch/x86/kernel/relocate_kernel_64.S
1:
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
-index aeacb0e..f9d4c02 100644
+index 8b24289..d37b58b 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
-@@ -441,7 +441,7 @@ static void __init parse_setup_data(void)
+@@ -437,7 +437,7 @@ static void __init parse_setup_data(void)
switch (data->type) {
case SETUP_E820_EXT:
break;
case SETUP_DTB:
add_dtb(pa_data);
-@@ -710,7 +710,7 @@ static void __init trim_bios_range(void)
+@@ -706,7 +706,7 @@ static void __init trim_bios_range(void)
* area (640->1Mb) as ram even though it is not.
* take them out.
*/
sanitize_e820_map(e820.map, ARRAY_SIZE(e820.map), &e820.nr_map);
}
-@@ -834,14 +834,14 @@ void __init setup_arch(char **cmdline_p)
+@@ -830,14 +830,14 @@ void __init setup_arch(char **cmdline_p)
if (!boot_params.hdr.root_flags)
root_mountflags &= ~MS_RDONLY;
* Up to this point, the boot CPU has been using .init.data
* area. Reload any changed state for the boot CPU.
diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c
-index 70b27ee..fcf827f 100644
+index d6bf1f3..3ffce5a 100644
--- a/arch/x86/kernel/signal.c
+++ b/arch/x86/kernel/signal.c
-@@ -195,7 +195,7 @@ static unsigned long align_sigframe(unsigned long sp)
+@@ -196,7 +196,7 @@ static unsigned long align_sigframe(unsigned long sp)
* Align the stack pointer according to the i386 ABI,
* i.e. so that on function entry ((sp + 4) & 15) == 0.
*/
#else /* !CONFIG_X86_32 */
sp = round_down(sp, 16) - 8;
#endif
-@@ -303,9 +303,9 @@ __setup_frame(int sig, struct k_sigaction *ka, sigset_t *set,
+@@ -304,9 +304,9 @@ __setup_frame(int sig, struct k_sigaction *ka, sigset_t *set,
}
if (current->mm->context.vdso)
if (ka->sa.sa_flags & SA_RESTORER)
restorer = ka->sa.sa_restorer;
-@@ -319,7 +319,7 @@ __setup_frame(int sig, struct k_sigaction *ka, sigset_t *set,
+@@ -320,7 +320,7 @@ __setup_frame(int sig, struct k_sigaction *ka, sigset_t *set,
* reasons and because gdb uses it as a signature to notice
* signal handler stack frames.
*/
if (err)
return -EFAULT;
-@@ -369,7 +369,10 @@ static int __setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info,
- put_user_ex(current->sas_ss_size, &frame->uc.uc_stack.ss_size);
+@@ -367,7 +367,10 @@ static int __setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info,
+ err |= __save_altstack(&frame->uc.uc_stack, regs->sp);
/* Set up to return from userspace. */
- restorer = VDSO32_SYMBOL(current->mm->context.vdso, rt_sigreturn);
if (ka->sa.sa_flags & SA_RESTORER)
restorer = ka->sa.sa_restorer;
put_user_ex(restorer, &frame->pretcode);
-@@ -381,7 +384,7 @@ static int __setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info,
+@@ -379,7 +382,7 @@ static int __setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info,
* reasons and because gdb uses it as a signature to notice
* signal handler stack frames.
*/
} put_user_catch(err);
err |= copy_siginfo_to_user(&frame->info, info);
+diff --git a/arch/x86/kernel/smp.c b/arch/x86/kernel/smp.c
+index 48d2b7d..90d328a 100644
+--- a/arch/x86/kernel/smp.c
++++ b/arch/x86/kernel/smp.c
+@@ -285,7 +285,7 @@ static int __init nonmi_ipi_setup(char *str)
+
+ __setup("nonmi_ipi", nonmi_ipi_setup);
+
+-struct smp_ops smp_ops = {
++struct smp_ops smp_ops __read_only = {
+ .smp_prepare_boot_cpu = native_smp_prepare_boot_cpu,
+ .smp_prepare_cpus = native_smp_prepare_cpus,
+ .smp_cpus_done = native_smp_cpus_done,
diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
-index f3e2ec8..ad5287a 100644
+index ed0fe38..87fc692 100644
--- a/arch/x86/kernel/smpboot.c
+++ b/arch/x86/kernel/smpboot.c
-@@ -673,6 +673,7 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu, struct task_struct *idle)
+@@ -748,6 +748,7 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu, struct task_struct *idle)
idle->thread.sp = (unsigned long) (((struct pt_regs *)
(THREAD_SIZE + task_stack_page(idle))) - 1);
per_cpu(current_task, cpu) = idle;
#ifdef CONFIG_X86_32
/* Stack for startup_32 can be just as for start_secondary onwards */
-@@ -680,11 +681,13 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu, struct task_struct *idle)
+@@ -755,11 +756,13 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu, struct task_struct *idle)
#else
clear_tsk_thread_flag(idle, TIF_FORK);
initial_gs = per_cpu_offset(cpu);
initial_code = (unsigned long)start_secondary;
stack_start = idle->thread.sp;
-@@ -823,6 +826,15 @@ int __cpuinit native_cpu_up(unsigned int cpu, struct task_struct *tidle)
+@@ -908,6 +911,15 @@ int __cpuinit native_cpu_up(unsigned int cpu, struct task_struct *tidle)
/* the FPU context is blank, nobody can own it */
__cpu_disable_lazy_restore(cpu);
switch (opcode[i]) {
diff --git a/arch/x86/kernel/sys_i386_32.c b/arch/x86/kernel/sys_i386_32.c
new file mode 100644
-index 0000000..26bb1af
+index 0000000..207bec6
--- /dev/null
+++ b/arch/x86/kernel/sys_i386_32.c
-@@ -0,0 +1,249 @@
+@@ -0,0 +1,250 @@
+/*
+ * This file contains various random system calls that
+ * have a non-standard calling sequence on the Linux/i386
+ pax_task_size = SEGMEXEC_TASK_SIZE;
+#endif
+
-+ if (len > pax_task_size || addr > pax_task_size - len)
-+ return -EINVAL;
++ if (flags & MAP_FIXED)
++ if (len > pax_task_size || addr > pax_task_size - len)
++ return -EINVAL;
+
+ return 0;
+}
+ return addr;
+}
diff --git a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c
-index b4d3c39..d699d77 100644
+index 97ef74b..57a1882 100644
--- a/arch/x86/kernel/sys_x86_64.c
+++ b/arch/x86/kernel/sys_x86_64.c
-@@ -95,8 +95,8 @@ out:
+@@ -81,8 +81,8 @@ out:
return error;
}
{
if (!test_thread_flag(TIF_ADDR32) && (flags & MAP_32BIT)) {
unsigned long new_begin;
-@@ -115,7 +115,7 @@ static void find_start_end(unsigned long flags, unsigned long *begin,
+@@ -101,7 +101,7 @@ static void find_start_end(unsigned long flags, unsigned long *begin,
*begin = new_begin;
}
} else {
*end = TASK_SIZE;
}
}
-@@ -128,20 +128,24 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
+@@ -114,20 +114,24 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
struct vm_area_struct *vma;
- unsigned long start_addr;
+ struct vm_unmapped_area_info info;
unsigned long begin, end;
+ unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags);
+ if (end - len >= addr && check_heap_stack_gap(vma, addr, len, offset))
return addr;
}
- if (((flags & MAP_32BIT) || test_thread_flag(TIF_ADDR32))
-@@ -172,7 +176,7 @@ full_search:
- }
- return -ENOMEM;
- }
-- if (!vma || addr + len <= vma->vm_start) {
-+ if (check_heap_stack_gap(vma, addr, len, offset)) {
- /*
- * Remember the place where we stopped the search:
- */
-@@ -195,7 +199,8 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
- {
- struct vm_area_struct *vma;
- struct mm_struct *mm = current->mm;
-- unsigned long addr = addr0, start_addr;
-+ unsigned long base = mm->mmap_base, addr = addr0, start_addr;
-+ unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags);
- /* requested length too big for entire address space */
- if (len > TASK_SIZE)
-@@ -208,13 +213,18 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+@@ -161,6 +165,10 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
if (!test_thread_flag(TIF_ADDR32) && (flags & MAP_32BIT))
goto bottomup;
/* requesting a specific address */
if (addr) {
addr = PAGE_ALIGN(addr);
-- vma = find_vma(mm, addr);
-- if (TASK_SIZE - len >= addr &&
-- (!vma || addr + len <= vma->vm_start))
-- return addr;
-+ if (TASK_SIZE - len >= addr) {
-+ vma = find_vma(mm, addr);
-+ if (check_heap_stack_gap(vma, addr, len, offset))
-+ return addr;
-+ }
- }
-
- /* check if free_area_cache is useful for us */
-@@ -240,7 +250,7 @@ try_again:
- * return with success:
- */
- vma = find_vma(mm, addr);
-- if (!vma || addr+len <= vma->vm_start)
-+ if (check_heap_stack_gap(vma, addr, len, offset))
- /* remember the address as a hint for next time */
- return mm->free_area_cache = addr;
-
-@@ -249,8 +259,8 @@ try_again:
- mm->cached_hole_size = vma->vm_start - addr;
-
- /* try just below the current vma->vm_start */
-- addr = vma->vm_start-len;
-- } while (len < vma->vm_start);
-+ addr = skip_heap_stack_gap(vma, len, offset);
-+ } while (!IS_ERR_VALUE(addr));
-
- fail:
- /*
-@@ -270,13 +280,21 @@ bottomup:
- * can happen with large stack limits and large mmap()
- * allocations.
- */
-+ mm->mmap_base = TASK_UNMAPPED_BASE;
-+
-+#ifdef CONFIG_PAX_RANDMMAP
-+ if (mm->pax_flags & MF_PAX_RANDMMAP)
-+ mm->mmap_base += mm->delta_mmap;
-+#endif
-+
-+ mm->free_area_cache = mm->mmap_base;
- mm->cached_hole_size = ~0UL;
-- mm->free_area_cache = TASK_UNMAPPED_BASE;
- addr = arch_get_unmapped_area(filp, addr0, len, pgoff, flags);
- /*
- * Restore the topdown base:
- */
-- mm->free_area_cache = mm->mmap_base;
-+ mm->mmap_base = base;
-+ mm->free_area_cache = base;
- mm->cached_hole_size = ~0UL;
-
- return addr;
diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c
-index f84fe00..93fe08f 100644
+index f84fe00..f41d9f1 100644
--- a/arch/x86/kernel/tboot.c
+++ b/arch/x86/kernel/tboot.c
@@ -220,7 +220,7 @@ static int tboot_setup_sleep(void)
static int tboot_wait_for_aps(int num_aps)
{
-@@ -324,9 +324,9 @@ static int __cpuinit tboot_cpu_callback(struct notifier_block *nfb,
+@@ -324,16 +324,16 @@ static int __cpuinit tboot_cpu_callback(struct notifier_block *nfb,
{
switch (action) {
case CPU_DYING:
return NOTIFY_BAD;
break;
}
+ return NOTIFY_OK;
+ }
+
+-static struct notifier_block tboot_cpu_notifier __cpuinitdata =
++static struct notifier_block tboot_cpu_notifier =
+ {
+ .notifier_call = tboot_cpu_callback,
+ };
@@ -345,7 +345,7 @@ static __init int tboot_late_init(void)
tboot_create_trampoline();
else
info = infobuf;
diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c
-index 8276dc6..4ca48a2 100644
+index ecffca1..95c4d13 100644
--- a/arch/x86/kernel/traps.c
+++ b/arch/x86/kernel/traps.c
-@@ -71,12 +71,6 @@ asmlinkage int system_call(void);
+@@ -68,12 +68,6 @@
+ #include <asm/setup.h>
- /* Do we ignore FPU interrupts ? */
- char ignore_fpu_irq;
+ asmlinkage int system_call(void);
-
-/*
- * The IDT has to be page-aligned to simplify the Pentium
#endif
DECLARE_BITMAP(used_vectors, NR_VECTORS);
-@@ -109,11 +103,11 @@ static inline void preempt_conditional_cli(struct pt_regs *regs)
+@@ -106,11 +100,11 @@ static inline void preempt_conditional_cli(struct pt_regs *regs)
}
static int __kprobes
/*
* Traps 0, 1, 3, 4, and 5 should be forwarded to vm86.
* On nmi (interrupt 2), do_trap should not be called.
-@@ -126,12 +120,24 @@ do_trap_no_signal(struct task_struct *tsk, int trapnr, char *str,
+@@ -123,12 +117,24 @@ do_trap_no_signal(struct task_struct *tsk, int trapnr, char *str,
return -1;
}
#endif
return 0;
}
-@@ -139,7 +145,7 @@ do_trap_no_signal(struct task_struct *tsk, int trapnr, char *str,
+@@ -136,7 +142,7 @@ do_trap_no_signal(struct task_struct *tsk, int trapnr, char *str,
}
static void __kprobes
long error_code, siginfo_t *info)
{
struct task_struct *tsk = current;
-@@ -163,7 +169,7 @@ do_trap(int trapnr, int signr, char *str, struct pt_regs *regs,
+@@ -160,7 +166,7 @@ do_trap(int trapnr, int signr, char *str, struct pt_regs *regs,
if (show_unhandled_signals && unhandled_signal(tsk, signr) &&
printk_ratelimit()) {
pr_info("%s[%d] trap %s ip:%lx sp:%lx error:%lx",
regs->ip, regs->sp, error_code);
print_vma_addr(" in ", regs->ip);
pr_cont("\n");
-@@ -269,7 +275,7 @@ do_general_protection(struct pt_regs *regs, long error_code)
+@@ -266,7 +272,7 @@ do_general_protection(struct pt_regs *regs, long error_code)
conditional_sti(regs);
#ifdef CONFIG_X86_32
local_irq_enable();
handle_vm86_fault((struct kernel_vm86_regs *) regs, error_code);
goto exit;
-@@ -277,18 +283,42 @@ do_general_protection(struct pt_regs *regs, long error_code)
+@@ -274,18 +280,42 @@ do_general_protection(struct pt_regs *regs, long error_code)
#endif
tsk = current;
tsk->thread.error_code = error_code;
tsk->thread.trap_nr = X86_TRAP_GP;
-@@ -443,7 +473,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code)
+@@ -440,7 +470,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code)
/* It's safe to allow irq's after DR6 has been saved */
preempt_conditional_sti(regs);
handle_vm86_trap((struct kernel_vm86_regs *) regs, error_code,
X86_TRAP_DB);
preempt_conditional_cli(regs);
-@@ -458,7 +488,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code)
+@@ -455,7 +485,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code)
* We already checked v86 mode above, so we can check for kernel mode
* by just checking the CPL of CS.
*/
tsk->thread.debugreg6 &= ~DR_STEP;
set_tsk_thread_flag(tsk, TIF_SINGLESTEP);
regs->flags &= ~X86_EFLAGS_TF;
-@@ -490,7 +520,7 @@ void math_error(struct pt_regs *regs, int error_code, int trapnr)
+@@ -487,7 +517,7 @@ void math_error(struct pt_regs *regs, int error_code, int trapnr)
return;
conditional_sti(regs);
if (!fixup_exception(regs)) {
task->thread.error_code = error_code;
diff --git a/arch/x86/kernel/uprobes.c b/arch/x86/kernel/uprobes.c
-index aafa555..a04691a 100644
+index c71025b..b117501 100644
--- a/arch/x86/kernel/uprobes.c
+++ b/arch/x86/kernel/uprobes.c
-@@ -614,7 +614,7 @@ int arch_uprobe_exception_notify(struct notifier_block *self, unsigned long val,
+@@ -629,7 +629,7 @@ int arch_uprobe_exception_notify(struct notifier_block *self, unsigned long val,
int ret = NOTIFY_DONE;
/* We are only interested in userspace traps */
* verify_cpu, returns the status of longmode and SSE in register %eax.
* 0: Success 1: Failure
diff --git a/arch/x86/kernel/vm86_32.c b/arch/x86/kernel/vm86_32.c
-index 5c9687b..5f857d3 100644
+index 1dfe69c..a3df6f6 100644
--- a/arch/x86/kernel/vm86_32.c
+++ b/arch/x86/kernel/vm86_32.c
@@ -43,6 +43,7 @@
"kernel image bigger than KERNEL_IMAGE_SIZE");
#ifdef CONFIG_SMP
-diff --git a/arch/x86/kernel/vsmp_64.c b/arch/x86/kernel/vsmp_64.c
-index 992f890..0ab1aae 100644
---- a/arch/x86/kernel/vsmp_64.c
-+++ b/arch/x86/kernel/vsmp_64.c
-@@ -114,7 +114,7 @@ static void __init set_vsmp_pv_ops(void)
- pv_irq_ops.irq_enable = PV_CALLEE_SAVE(vsmp_irq_enable);
- pv_irq_ops.save_fl = PV_CALLEE_SAVE(vsmp_save_fl);
- pv_irq_ops.restore_fl = PV_CALLEE_SAVE(vsmp_restore_fl);
-- pv_init_ops.patch = vsmp_patch;
-+ *(void **)&pv_init_ops.patch = vsmp_patch;
- ctl &= ~(1 << 4);
- }
- writel(ctl, address + 4);
-@@ -217,8 +217,8 @@ static void fill_vector_allocation_domain(int cpu, struct cpumask *retmask,
- static void vsmp_apic_post_init(void)
- {
- /* need to update phys_pkg_id */
-- apic->phys_pkg_id = apicid_phys_pkg_id;
-- apic->vector_allocation_domain = fill_vector_allocation_domain;
-+ *(void **)&apic->phys_pkg_id = apicid_phys_pkg_id;
-+ *(void **)&apic->vector_allocation_domain = fill_vector_allocation_domain;
- }
-
- void __init vsmp_init(void)
-@@ -227,7 +227,7 @@ void __init vsmp_init(void)
- if (!is_vsmp_box())
- return;
-
-- x86_platform.apic_post_init = vsmp_apic_post_init;
-+ *(void **)&x86_platform.apic_post_init = vsmp_apic_post_init;
-
- vsmp_cap_cpus();
-
diff --git a/arch/x86/kernel/vsyscall_64.c b/arch/x86/kernel/vsyscall_64.c
-index 3a3e8c9..1af9465 100644
+index 9a907a6..f83f921 100644
--- a/arch/x86/kernel/vsyscall_64.c
+++ b/arch/x86/kernel/vsyscall_64.c
@@ -56,15 +56,13 @@
else if (!strcmp("none", str))
vsyscall_mode = NONE;
else
-@@ -315,8 +313,7 @@ done:
+@@ -323,8 +321,7 @@ do_ret:
return true;
sigsegv:
}
/*
-@@ -369,10 +366,7 @@ void __init map_vsyscall(void)
+@@ -377,10 +374,7 @@ void __init map_vsyscall(void)
extern char __vvar_page;
unsigned long physaddr_vvar_page = __pa_symbol(&__vvar_page);
EXPORT_SYMBOL(copy_page);
EXPORT_SYMBOL(clear_page);
+diff --git a/arch/x86/kernel/x86_init.c b/arch/x86/kernel/x86_init.c
+index 7a3d075..6cb373d 100644
+--- a/arch/x86/kernel/x86_init.c
++++ b/arch/x86/kernel/x86_init.c
+@@ -88,7 +88,7 @@ struct x86_init_ops x86_init __initdata = {
+ },
+ };
+
+-struct x86_cpuinit_ops x86_cpuinit __cpuinitdata = {
++struct x86_cpuinit_ops x86_cpuinit __cpuinitconst = {
+ .early_percpu_clock_init = x86_init_noop,
+ .setup_percpu_clockev = setup_secondary_APIC_clock,
+ };
+@@ -96,7 +96,7 @@ struct x86_cpuinit_ops x86_cpuinit __cpuinitdata = {
+ static void default_nmi_init(void) { };
+ static int default_i8042_detect(void) { return 1; };
+
+-struct x86_platform_ops x86_platform = {
++struct x86_platform_ops x86_platform __read_only = {
+ .calibrate_tsc = native_calibrate_tsc,
+ .get_wallclock = mach_get_cmos_time,
+ .set_wallclock = mach_set_rtc_mmss,
+@@ -110,14 +110,14 @@ struct x86_platform_ops x86_platform = {
+ };
+
+ EXPORT_SYMBOL_GPL(x86_platform);
+-struct x86_msi_ops x86_msi = {
++struct x86_msi_ops x86_msi __read_only = {
+ .setup_msi_irqs = native_setup_msi_irqs,
+ .teardown_msi_irq = native_teardown_msi_irq,
+ .teardown_msi_irqs = default_teardown_msi_irqs,
+ .restore_msi_irqs = default_restore_msi_irqs,
+ };
+
+-struct x86_io_apic_ops x86_io_apic_ops = {
++struct x86_io_apic_ops x86_io_apic_ops __read_only = {
+ .init = native_io_apic_init_mappings,
+ .read = native_io_apic_read,
+ .write = native_io_apic_write,
diff --git a/arch/x86/kernel/xsave.c b/arch/x86/kernel/xsave.c
index ada87a3..afea76d 100644
--- a/arch/x86/kernel/xsave.c
if ((unsigned long)buf % 64 || fx_only) {
u64 init_bv = pcntxt_mask & ~XSTATE_FPSSE;
diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
-index ec79e77..420f5cc 100644
+index a20ecb5..d0e2194 100644
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
@@ -124,15 +124,20 @@ int kvm_vcpu_ioctl_set_cpuid2(struct kvm_vcpu *vcpu,
out:
diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
-index bba39bf..296540a 100644
+index a27e763..54bfe43 100644
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -292,6 +292,7 @@ static void invalidate_registers(struct x86_emulate_ctxt *ctxt)
case 1: \
____emulate_2op(ctxt,_op,_bx,_by,"b",u8); \
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
-index 43e9fad..3b7c059 100644
+index 9392f52..0e56d77 100644
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -55,7 +55,7 @@
#define APIC_LVT_NUM 6
/* 14 is the version for Xeon and Pentium 8.4.8*/
diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h
-index 714e2c0..3f7a086 100644
+index 891eb6d..e027900 100644
--- a/arch/x86/kvm/paging_tmpl.h
+++ b/arch/x86/kvm/paging_tmpl.h
@@ -208,7 +208,7 @@ retry_walk:
goto error;
walker->ptep_user[walker->level - 1] = ptep_user;
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
-index d017df3..61ae42e 100644
+index d29d3cd..ec9d522 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
-@@ -3500,7 +3500,11 @@ static void reload_tss(struct kvm_vcpu *vcpu)
+@@ -3507,7 +3507,11 @@ static void reload_tss(struct kvm_vcpu *vcpu)
int cpu = raw_smp_processor_id();
struct svm_cpu_data *sd = per_cpu(svm_data, cpu);
load_TR_desc();
}
-@@ -3874,6 +3878,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -3881,6 +3885,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)
#endif
#endif
local_irq_disable();
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
-index f858159..4ab7dba 100644
+index 9120ae1..238abc0 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
-@@ -1332,7 +1332,11 @@ static void reload_tss(void)
+@@ -1370,7 +1370,11 @@ static void reload_tss(void)
struct desc_struct *descs;
descs = (void *)gdt->address;
load_TR_desc();
}
-@@ -1546,6 +1550,10 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
+@@ -1594,6 +1598,10 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
vmcs_writel(HOST_TR_BASE, kvm_read_tr_base()); /* 22.2.4 */
vmcs_writel(HOST_GDTR_BASE, gdt->address); /* 22.2.4 */
rdmsrl(MSR_IA32_SYSENTER_ESP, sysenter_esp);
vmcs_writel(HOST_IA32_SYSENTER_ESP, sysenter_esp); /* 22.2.3 */
vmx->loaded_vmcs->cpu = cpu;
-@@ -2669,8 +2677,11 @@ static __init int hardware_setup(void)
+@@ -2738,8 +2746,11 @@ static __init int hardware_setup(void)
if (!cpu_has_vmx_flexpriority())
flexpriority_enabled = 0;
if (enable_ept && !cpu_has_vmx_ept_2m_page())
kvm_disable_largepages();
-@@ -3712,7 +3723,10 @@ static void vmx_set_constant_host_state(void)
+@@ -3782,7 +3793,10 @@ static void vmx_set_constant_host_state(void)
vmcs_writel(HOST_CR0, read_cr0() & ~X86_CR0_TS); /* 22.2.3 */
vmcs_writel(HOST_CR4, read_cr4()); /* 22.2.3, 22.2.5 */
vmcs_write16(HOST_CS_SELECTOR, __KERNEL_CS); /* 22.2.4 */
#ifdef CONFIG_X86_64
-@@ -3733,7 +3747,7 @@ static void vmx_set_constant_host_state(void)
+@@ -3803,7 +3817,7 @@ static void vmx_set_constant_host_state(void)
native_store_idt(&dt);
vmcs_writel(HOST_IDTR_BASE, dt.address); /* 22.2.4 */
rdmsr(MSR_IA32_SYSENTER_CS, low32, high32);
vmcs_write32(HOST_IA32_SYSENTER_CS, low32);
-@@ -6279,6 +6293,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -6355,6 +6369,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
"jmp 2f \n\t"
"1: " __ex(ASM_VMX_VMRESUME) "\n\t"
"2: "
/* Save guest registers, load host registers, keep flags */
"mov %0, %c[wordsize](%%" _ASM_SP ") \n\t"
"pop %0 \n\t"
-@@ -6331,6 +6351,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -6407,6 +6427,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
#endif
[cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)),
[wordsize]"i"(sizeof(ulong))
: "cc", "memory"
#ifdef CONFIG_X86_64
, "rax", "rbx", "rdi", "rsi"
-@@ -6344,7 +6369,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -6420,7 +6445,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
if (debugctlmsr)
update_debugctlmsr(debugctlmsr);
/*
* The sysexit path does not restore ds/es, so we must set them to
* a reasonable value ourselves.
-@@ -6353,8 +6378,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -6429,8 +6454,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
* may be executed in interrupt context, which saves and restore segments
* around it, nullifying its effect.
*/
vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index 4f76417..93429b5 100644
+index c243b81..9eb193f 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
-@@ -1390,8 +1390,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data)
+@@ -1692,8 +1692,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data)
{
struct kvm *kvm = vcpu->kvm;
int lm = is_long_mode(vcpu);
u8 blob_size = lm ? kvm->arch.xen_hvm_config.blob_size_64
: kvm->arch.xen_hvm_config.blob_size_32;
u32 page_num = data & ~PAGE_MASK;
-@@ -2255,6 +2255,8 @@ long kvm_arch_dev_ioctl(struct file *filp,
+@@ -2571,6 +2571,8 @@ long kvm_arch_dev_ioctl(struct file *filp,
if (n < msr_list.nmsrs)
goto out;
r = -EFAULT;
if (copy_to_user(user_msr_list->indices, &msrs_to_save,
num_msrs_to_save * sizeof(u32)))
goto out;
-@@ -2379,7 +2381,7 @@ static int kvm_vcpu_ioctl_set_lapic(struct kvm_vcpu *vcpu,
+@@ -2700,7 +2702,7 @@ static int kvm_vcpu_ioctl_set_lapic(struct kvm_vcpu *vcpu,
static int kvm_vcpu_ioctl_interrupt(struct kvm_vcpu *vcpu,
struct kvm_interrupt *irq)
{
return -EINVAL;
if (irqchip_in_kernel(vcpu->kvm))
return -ENXIO;
-@@ -4881,7 +4883,7 @@ static void kvm_set_mmio_spte_mask(void)
- kvm_mmu_set_mmio_spte_mask(mask);
- }
+@@ -5213,7 +5215,7 @@ static struct notifier_block pvclock_gtod_notifier = {
+ };
+ #endif
-int kvm_arch_init(void *opaque)
+int kvm_arch_init(const void *opaque)
int r;
struct kvm_x86_ops *ops = (struct kvm_x86_ops *)opaque;
diff --git a/arch/x86/lguest/boot.c b/arch/x86/lguest/boot.c
-index 642d880..5dd034e 100644
+index df4176c..23ce092 100644
--- a/arch/x86/lguest/boot.c
+++ b/arch/x86/lguest/boot.c
-@@ -1116,12 +1116,12 @@ static u32 lguest_apic_safe_wait_icr_idle(void)
-
- static void set_lguest_basic_apic_ops(void)
- {
-- apic->read = lguest_apic_read;
-- apic->write = lguest_apic_write;
-- apic->icr_read = lguest_apic_icr_read;
-- apic->icr_write = lguest_apic_icr_write;
-- apic->wait_icr_idle = lguest_apic_wait_icr_idle;
-- apic->safe_wait_icr_idle = lguest_apic_safe_wait_icr_idle;
-+ *(void **)&apic->read = lguest_apic_read;
-+ *(void **)&apic->write = lguest_apic_write;
-+ *(void **)&apic->icr_read = lguest_apic_icr_read;
-+ *(void **)&apic->icr_write = lguest_apic_icr_write;
-+ *(void **)&apic->wait_icr_idle = lguest_apic_wait_icr_idle;
-+ *(void **)&apic->safe_wait_icr_idle = lguest_apic_safe_wait_icr_idle;
- };
- #endif
-
@@ -1200,9 +1200,10 @@ static __init int early_put_chars(u32 vtermno, const char *buf, int count)
* Rebooting also tells the Host we're finished, but the RESTART flag tells the
* Launcher to reboot us.
}
/*G:050
-@@ -1292,28 +1293,28 @@ __init void lguest_init(void)
- pv_irq_ops.safe_halt = lguest_safe_halt;
-
- /* Setup operations */
-- pv_init_ops.patch = lguest_patch;
-+ *(void **)&pv_init_ops.patch = lguest_patch;
-
- /* Intercepts of various CPU instructions */
-- pv_cpu_ops.load_gdt = lguest_load_gdt;
-- pv_cpu_ops.cpuid = lguest_cpuid;
-- pv_cpu_ops.load_idt = lguest_load_idt;
-- pv_cpu_ops.iret = lguest_iret;
-- pv_cpu_ops.load_sp0 = lguest_load_sp0;
-- pv_cpu_ops.load_tr_desc = lguest_load_tr_desc;
-- pv_cpu_ops.set_ldt = lguest_set_ldt;
-- pv_cpu_ops.load_tls = lguest_load_tls;
-- pv_cpu_ops.set_debugreg = lguest_set_debugreg;
-- pv_cpu_ops.clts = lguest_clts;
-- pv_cpu_ops.read_cr0 = lguest_read_cr0;
-- pv_cpu_ops.write_cr0 = lguest_write_cr0;
-- pv_cpu_ops.read_cr4 = lguest_read_cr4;
-- pv_cpu_ops.write_cr4 = lguest_write_cr4;
-- pv_cpu_ops.write_gdt_entry = lguest_write_gdt_entry;
-- pv_cpu_ops.write_idt_entry = lguest_write_idt_entry;
-- pv_cpu_ops.wbinvd = lguest_wbinvd;
-- pv_cpu_ops.start_context_switch = paravirt_start_context_switch;
-- pv_cpu_ops.end_context_switch = lguest_end_context_switch;
-+ *(void **)&pv_cpu_ops.load_gdt = lguest_load_gdt;
-+ *(void **)&pv_cpu_ops.cpuid = lguest_cpuid;
-+ *(void **)&pv_cpu_ops.load_idt = lguest_load_idt;
-+ *(void **)&pv_cpu_ops.iret = lguest_iret;
-+ *(void **)&pv_cpu_ops.load_sp0 = lguest_load_sp0;
-+ *(void **)&pv_cpu_ops.load_tr_desc = lguest_load_tr_desc;
-+ *(void **)&pv_cpu_ops.set_ldt = lguest_set_ldt;
-+ *(void **)&pv_cpu_ops.load_tls = lguest_load_tls;
-+ *(void **)&pv_cpu_ops.set_debugreg = lguest_set_debugreg;
-+ *(void **)&pv_cpu_ops.clts = lguest_clts;
-+ *(void **)&pv_cpu_ops.read_cr0 = lguest_read_cr0;
-+ *(void **)&pv_cpu_ops.write_cr0 = lguest_write_cr0;
-+ *(void **)&pv_cpu_ops.read_cr4 = lguest_read_cr4;
-+ *(void **)&pv_cpu_ops.write_cr4 = lguest_write_cr4;
-+ *(void **)&pv_cpu_ops.write_gdt_entry = lguest_write_gdt_entry;
-+ *(void **)&pv_cpu_ops.write_idt_entry = lguest_write_idt_entry;
-+ *(void **)&pv_cpu_ops.wbinvd = lguest_wbinvd;
-+ *(void **)&pv_cpu_ops.start_context_switch = paravirt_start_context_switch;
-+ *(void **)&pv_cpu_ops.end_context_switch = lguest_end_context_switch;
-
- /* Pagetable management */
- pv_mmu_ops.write_cr3 = lguest_write_cr3;
-@@ -1341,11 +1342,11 @@ __init void lguest_init(void)
- set_lguest_basic_apic_ops();
- #endif
-
-- x86_init.resources.memory_setup = lguest_memory_setup;
-- x86_init.irqs.intr_init = lguest_init_IRQ;
-- x86_init.timers.timer_init = lguest_time_init;
-- x86_platform.calibrate_tsc = lguest_tsc_khz;
-- x86_platform.get_wallclock = lguest_get_wallclock;
-+ *(void **)&x86_init.resources.memory_setup = lguest_memory_setup;
-+ *(void **)&x86_init.irqs.intr_init = lguest_init_IRQ;
-+ *(void **)&x86_init.timers.timer_init = lguest_time_init;
-+ *(void **)&x86_platform.calibrate_tsc = lguest_tsc_khz;
-+ *(void **)&x86_platform.get_wallclock = lguest_get_wallclock;
-
- /*
- * Now is a good time to look at the implementations of these functions
-@@ -1434,7 +1435,7 @@ __init void lguest_init(void)
- * routine.
- */
- pm_power_off = lguest_power_off;
-- machine_ops.restart = lguest_restart;
-+ *(void **)&machine_ops.restart = lguest_restart;
-
- /*
- * Now we're set up, call i386_start_kernel() in head32.c and we proceed
diff --git a/arch/x86/lib/atomic64_386_32.S b/arch/x86/lib/atomic64_386_32.S
index 00933d5..3a64af9 100644
--- a/arch/x86/lib/atomic64_386_32.S
CFI_ENDPROC
diff --git a/arch/x86/lib/copy_page_64.S b/arch/x86/lib/copy_page_64.S
-index 6b34d04..dccb07f 100644
+index 176cca6..1166c50 100644
--- a/arch/x86/lib/copy_page_64.S
+++ b/arch/x86/lib/copy_page_64.S
-@@ -9,6 +9,7 @@ copy_page_c:
+@@ -9,6 +9,7 @@ copy_page_rep:
CFI_STARTPROC
- movl $4096/8,%ecx
- rep movsq
+ movl $4096/8, %ecx
+ rep movsq
+ pax_force_retaddr
ret
CFI_ENDPROC
- ENDPROC(copy_page_c)
-@@ -20,12 +21,14 @@ ENDPROC(copy_page_c)
+ ENDPROC(copy_page_rep)
+@@ -20,12 +21,14 @@ ENDPROC(copy_page_rep)
ENTRY(copy_page)
CFI_STARTPROC
-- subq $2*8,%rsp
+- subq $2*8, %rsp
- CFI_ADJUST_CFA_OFFSET 2*8
-+ subq $3*8,%rsp
++ subq $3*8, %rsp
+ CFI_ADJUST_CFA_OFFSET 3*8
- movq %rbx,(%rsp)
+ movq %rbx, (%rsp)
CFI_REL_OFFSET rbx, 0
- movq %r12,1*8(%rsp)
+ movq %r12, 1*8(%rsp)
CFI_REL_OFFSET r12, 1*8
-+ movq %r13,2*8(%rsp)
++ movq %r13, 2*8(%rsp)
+ CFI_REL_OFFSET r13, 2*8
- movl $(4096/64)-5,%ecx
+ movl $(4096/64)-5, %ecx
.p2align 4
-@@ -37,7 +40,7 @@ ENTRY(copy_page)
- movq 16 (%rsi), %rdx
- movq 24 (%rsi), %r8
- movq 32 (%rsi), %r9
-- movq 40 (%rsi), %r10
-+ movq 40 (%rsi), %r13
- movq 48 (%rsi), %r11
- movq 56 (%rsi), %r12
-
-@@ -48,7 +51,7 @@ ENTRY(copy_page)
- movq %rdx, 16 (%rdi)
- movq %r8, 24 (%rdi)
- movq %r9, 32 (%rdi)
-- movq %r10, 40 (%rdi)
-+ movq %r13, 40 (%rdi)
- movq %r11, 48 (%rdi)
- movq %r12, 56 (%rdi)
-
-@@ -67,7 +70,7 @@ ENTRY(copy_page)
- movq 16 (%rsi), %rdx
- movq 24 (%rsi), %r8
- movq 32 (%rsi), %r9
-- movq 40 (%rsi), %r10
-+ movq 40 (%rsi), %r13
- movq 48 (%rsi), %r11
- movq 56 (%rsi), %r12
-
-@@ -76,7 +79,7 @@ ENTRY(copy_page)
- movq %rdx, 16 (%rdi)
- movq %r8, 24 (%rdi)
- movq %r9, 32 (%rdi)
-- movq %r10, 40 (%rdi)
-+ movq %r13, 40 (%rdi)
- movq %r11, 48 (%rdi)
- movq %r12, 56 (%rdi)
-
-@@ -89,8 +92,11 @@ ENTRY(copy_page)
+@@ -36,7 +39,7 @@ ENTRY(copy_page)
+ movq 0x8*2(%rsi), %rdx
+ movq 0x8*3(%rsi), %r8
+ movq 0x8*4(%rsi), %r9
+- movq 0x8*5(%rsi), %r10
++ movq 0x8*5(%rsi), %r13
+ movq 0x8*6(%rsi), %r11
+ movq 0x8*7(%rsi), %r12
+
+@@ -47,7 +50,7 @@ ENTRY(copy_page)
+ movq %rdx, 0x8*2(%rdi)
+ movq %r8, 0x8*3(%rdi)
+ movq %r9, 0x8*4(%rdi)
+- movq %r10, 0x8*5(%rdi)
++ movq %r13, 0x8*5(%rdi)
+ movq %r11, 0x8*6(%rdi)
+ movq %r12, 0x8*7(%rdi)
+
+@@ -66,7 +69,7 @@ ENTRY(copy_page)
+ movq 0x8*2(%rsi), %rdx
+ movq 0x8*3(%rsi), %r8
+ movq 0x8*4(%rsi), %r9
+- movq 0x8*5(%rsi), %r10
++ movq 0x8*5(%rsi), %r13
+ movq 0x8*6(%rsi), %r11
+ movq 0x8*7(%rsi), %r12
+
+@@ -75,7 +78,7 @@ ENTRY(copy_page)
+ movq %rdx, 0x8*2(%rdi)
+ movq %r8, 0x8*3(%rdi)
+ movq %r9, 0x8*4(%rdi)
+- movq %r10, 0x8*5(%rdi)
++ movq %r13, 0x8*5(%rdi)
+ movq %r11, 0x8*6(%rdi)
+ movq %r12, 0x8*7(%rdi)
+
+@@ -87,8 +90,11 @@ ENTRY(copy_page)
CFI_RESTORE rbx
- movq 1*8(%rsp),%r12
+ movq 1*8(%rsp), %r12
CFI_RESTORE r12
-- addq $2*8,%rsp
+- addq $2*8, %rsp
- CFI_ADJUST_CFA_OFFSET -2*8
-+ movq 2*8(%rsp),%r13
++ movq 2*8(%rsp), %r13
+ CFI_RESTORE r13
-+ addq $3*8,%rsp
++ addq $3*8, %rsp
+ CFI_ADJUST_CFA_OFFSET -3*8
+ pax_force_retaddr
ret
.Lcopy_page_end:
CFI_ENDPROC
-@@ -101,7 +107,7 @@ ENDPROC(copy_page)
+@@ -99,7 +105,7 @@ ENDPROC(copy_page)
#include <asm/cpufeature.h>
- .section .altinstr_replacement,"ax"
+ .section .altinstr_replacement,"a"
1: .byte 0xeb /* jmp <disp8> */
- .byte (copy_page_c - copy_page) - (2f - 1b) /* offset */
+ .byte (copy_page_rep - copy_page) - (2f - 1b) /* offset */
2:
diff --git a/arch/x86/lib/copy_user_64.S b/arch/x86/lib/copy_user_64.S
index a30ca15..d25fab6 100644
ret
CFI_ENDPROC
diff --git a/arch/x86/lib/usercopy_32.c b/arch/x86/lib/usercopy_32.c
-index 98f6d6b6..d27f045 100644
+index f0312d7..9c39d63 100644
--- a/arch/x86/lib/usercopy_32.c
+++ b/arch/x86/lib/usercopy_32.c
@@ -42,11 +42,13 @@ do { \
"2:\n" \
".section .fixup,\"ax\"\n" \
"5: addl %3,%0\n" \
-@@ -629,9 +741,9 @@ survive:
- #endif
+@@ -572,9 +684,9 @@ unsigned long __copy_to_user_ll(void __user *to, const void *from,
+ {
stac();
if (movsl_is_ok(to, from, n))
- __copy_user(to, from, n);
clac();
return n;
}
-@@ -655,10 +767,9 @@ unsigned long __copy_from_user_ll_nozero(void *to, const void __user *from,
+@@ -598,10 +710,9 @@ unsigned long __copy_from_user_ll_nozero(void *to, const void __user *from,
{
stac();
if (movsl_is_ok(to, from, n))
clac();
return n;
}
-@@ -689,66 +800,51 @@ unsigned long __copy_from_user_ll_nocache_nozero(void *to, const void __user *fr
+@@ -632,66 +743,51 @@ unsigned long __copy_from_user_ll_nocache_nozero(void *to, const void __user *fr
if (n > 64 && cpu_has_xmm2)
n = __copy_user_intel_nocache(to, from, n);
else
}
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
-index 8e13ecb..60bf506 100644
+index fb674fd..272f369 100644
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
@@ -13,12 +13,19 @@
#include <asm/pgalloc.h> /* pgd_*(), ... */
#include <asm/kmemcheck.h> /* kmemcheck_*(), ... */
#include <asm/fixmap.h> /* VSYSCALL_START */
- #include <asm/rcu.h> /* exception_enter(), ... */
+ #include <asm/context_tracking.h> /* exception_enter(), ... */
+#include <asm/tlbflush.h>
+
+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
printk(KERN_ALERT "BUG: unable to handle kernel ");
if (address < PAGE_SIZE)
printk(KERN_CONT "NULL pointer dereference");
-@@ -749,12 +831,30 @@ __bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code,
+@@ -748,6 +830,22 @@ __bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code,
+ return;
}
#endif
-
-- if (unlikely(show_unhandled_signals))
-- show_signal_msg(regs, error_code, address, tsk);
++
+#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
+ if (pax_is_fetch_fault(regs, error_code, address)) {
+
+ do_group_exit(SIGKILL);
+ }
+#endif
-
- /* Kernel addresses are always protection faults: */
-+ if (address >= TASK_SIZE)
-+ error_code |= PF_PROT;
+
-+ if (show_unhandled_signals)
-+ show_signal_msg(regs, error_code, address, tsk);
-+
- tsk->thread.cr2 = address;
-- tsk->thread.error_code = error_code | (address >= TASK_SIZE);
-+ tsk->thread.error_code = error_code;
- tsk->thread.trap_nr = X86_TRAP_PF;
-
- force_sig_info_fault(SIGSEGV, si_code, address, tsk, 0);
-@@ -845,7 +945,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address,
+ /* Kernel addresses are always protection faults: */
+ if (address >= TASK_SIZE)
+ error_code |= PF_PROT;
+@@ -833,7 +931,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address,
if (fault & (VM_FAULT_HWPOISON|VM_FAULT_HWPOISON_LARGE)) {
printk(KERN_ERR
"MCE: Killing %s:%d due to hardware memory corruption fault at %lx\n",
code = BUS_MCEERR_AR;
}
#endif
-@@ -901,6 +1001,99 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte)
+@@ -896,6 +994,99 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte)
return 1;
}
/*
* Handle a spurious fault caused by a stale TLB entry.
*
-@@ -973,6 +1166,9 @@ int show_unhandled_signals = 1;
+@@ -968,6 +1159,9 @@ int show_unhandled_signals = 1;
static inline int
access_error(unsigned long error_code, struct vm_area_struct *vma)
{
if (error_code & PF_WRITE) {
/* write, present and write, not present: */
if (unlikely(!(vma->vm_flags & VM_WRITE)))
-@@ -1001,7 +1197,7 @@ static inline bool smap_violation(int error_code, struct pt_regs *regs)
+@@ -996,7 +1190,7 @@ static inline bool smap_violation(int error_code, struct pt_regs *regs)
if (error_code & PF_USER)
return false;
return false;
return true;
-@@ -1017,18 +1213,33 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code)
+@@ -1012,18 +1206,33 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code)
{
struct vm_area_struct *vma;
struct task_struct *tsk;
/*
* Detect and handle instructions that would cause a page fault for
-@@ -1089,7 +1300,7 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code)
+@@ -1084,7 +1293,7 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code)
* User-mode registers count as a user access even for any
* potential system fault or CPU buglet:
*/
local_irq_enable();
error_code |= PF_USER;
} else {
-@@ -1151,6 +1362,11 @@ retry:
+@@ -1146,6 +1355,11 @@ retry:
might_sleep();
}
vma = find_vma(mm, address);
if (unlikely(!vma)) {
bad_area(regs, error_code, address);
-@@ -1162,18 +1378,24 @@ retry:
+@@ -1157,18 +1371,24 @@ retry:
bad_area(regs, error_code, address);
return;
}
if (unlikely(expand_stack(vma, address))) {
bad_area(regs, error_code, address);
return;
-@@ -1237,3 +1459,292 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code)
+@@ -1232,3 +1452,292 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code)
__do_page_fault(regs, error_code);
exception_exit(regs);
}
return (void *)vaddr;
diff --git a/arch/x86/mm/hugetlbpage.c b/arch/x86/mm/hugetlbpage.c
-index 937bff5..dce75ff 100644
+index ae1aa71..56316db 100644
--- a/arch/x86/mm/hugetlbpage.c
+++ b/arch/x86/mm/hugetlbpage.c
-@@ -276,13 +276,21 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *file,
- struct hstate *h = hstate_file(file);
- struct mm_struct *mm = current->mm;
- struct vm_area_struct *vma;
-- unsigned long start_addr;
-+ unsigned long start_addr, pax_task_size = TASK_SIZE;
-+ unsigned long offset = gr_rand_threadstack_offset(mm, file, flags);
-+
-+#ifdef CONFIG_PAX_SEGMEXEC
-+ if (mm->pax_flags & MF_PAX_SEGMEXEC)
-+ pax_task_size = SEGMEXEC_TASK_SIZE;
-+#endif
+@@ -279,6 +279,12 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *file,
+ info.flags = 0;
+ info.length = len;
+ info.low_limit = TASK_UNMAPPED_BASE;
+
-+ pax_task_size -= PAGE_SIZE;
-
- if (len > mm->cached_hole_size) {
-- start_addr = mm->free_area_cache;
-+ start_addr = mm->free_area_cache;
- } else {
-- start_addr = TASK_UNMAPPED_BASE;
-- mm->cached_hole_size = 0;
-+ start_addr = mm->mmap_base;
-+ mm->cached_hole_size = 0;
- }
-
- full_search:
-@@ -290,26 +298,27 @@ full_search:
-
- for (vma = find_vma(mm, addr); ; vma = vma->vm_next) {
- /* At this point: (!vma || addr < vma->vm_end). */
-- if (TASK_SIZE - len < addr) {
-+ if (pax_task_size - len < addr) {
- /*
- * Start a new search - just in case we missed
- * some holes.
- */
-- if (start_addr != TASK_UNMAPPED_BASE) {
-- start_addr = TASK_UNMAPPED_BASE;
-+ if (start_addr != mm->mmap_base) {
-+ start_addr = mm->mmap_base;
- mm->cached_hole_size = 0;
- goto full_search;
- }
- return -ENOMEM;
- }
-- if (!vma || addr + len <= vma->vm_start) {
-- mm->free_area_cache = addr + len;
-- return addr;
-- }
-+ if (check_heap_stack_gap(vma, addr, len, offset))
-+ break;
- if (addr + mm->cached_hole_size < vma->vm_start)
- mm->cached_hole_size = vma->vm_start - addr;
- addr = ALIGN(vma->vm_end, huge_page_size(h));
- }
-+
-+ mm->free_area_cache = addr + len;
-+ return addr;
- }
-
- static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file,
-@@ -320,9 +329,9 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file,
- struct mm_struct *mm = current->mm;
- struct vm_area_struct *vma;
- unsigned long base = mm->mmap_base;
-- unsigned long addr = addr0;
-+ unsigned long addr;
- unsigned long largest_hole = mm->cached_hole_size;
-- unsigned long start_addr;
-+ unsigned long offset = gr_rand_threadstack_offset(mm, file, flags);
-
- /* don't allow allocations above current base */
- if (mm->free_area_cache > base)
-@@ -332,16 +341,15 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file,
- largest_hole = 0;
- mm->free_area_cache = base;
- }
--try_again:
-- start_addr = mm->free_area_cache;
-
- /* make sure it can fit in the remaining address space */
- if (mm->free_area_cache < len)
- goto fail;
-
- /* either no address requested or can't fit in requested address hole */
-- addr = (mm->free_area_cache - len) & huge_page_mask(h);
-+ addr = mm->free_area_cache - len;
- do {
-+ addr &= huge_page_mask(h);
- /*
- * Lookup failure means no vma is above this address,
- * i.e. return with success:
-@@ -350,10 +358,10 @@ try_again:
- if (!vma)
- return addr;
-
-- if (addr + len <= vma->vm_start) {
-+ if (check_heap_stack_gap(vma, addr, len, offset)) {
- /* remember the address as a hint for next time */
-- mm->cached_hole_size = largest_hole;
-- return (mm->free_area_cache = addr);
-+ mm->cached_hole_size = largest_hole;
-+ return (mm->free_area_cache = addr);
- } else if (mm->free_area_cache == vma->vm_end) {
- /* pull free_area_cache down to the first hole */
- mm->free_area_cache = vma->vm_start;
-@@ -362,29 +370,34 @@ try_again:
-
- /* remember the largest hole we saw so far */
- if (addr + largest_hole < vma->vm_start)
-- largest_hole = vma->vm_start - addr;
-+ largest_hole = vma->vm_start - addr;
-
- /* try just below the current vma->vm_start */
-- addr = (vma->vm_start - len) & huge_page_mask(h);
-- } while (len <= vma->vm_start);
-+ addr = skip_heap_stack_gap(vma, len, offset);
-+ } while (!IS_ERR_VALUE(addr));
-
- fail:
- /*
-- * if hint left us with no space for the requested
-- * mapping then try again:
-- */
-- if (start_addr != base) {
-- mm->free_area_cache = base;
-- largest_hole = 0;
-- goto try_again;
-- }
-- /*
- * A failed mmap() very likely causes application failure,
- * so fall back to the bottom-up function here. This scenario
- * can happen with large stack limits and large mmap()
- * allocations.
- */
-- mm->free_area_cache = TASK_UNMAPPED_BASE;
-+
-+#ifdef CONFIG_PAX_SEGMEXEC
-+ if (mm->pax_flags & MF_PAX_SEGMEXEC)
-+ mm->mmap_base = SEGMEXEC_TASK_UNMAPPED_BASE;
-+ else
++#ifdef CONFIG_PAX_RANDMMAP
++ if (current->mm->pax_flags & MF_PAX_RANDMMAP)
++ info.low_limit += current->mm->delta_mmap;
+#endif
+
-+ mm->mmap_base = TASK_UNMAPPED_BASE;
+ info.high_limit = TASK_SIZE;
+ info.align_mask = PAGE_MASK & ~huge_page_mask(h);
+ info.align_offset = 0;
+@@ -311,6 +317,12 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file,
+ VM_BUG_ON(addr != -ENOMEM);
+ info.flags = 0;
+ info.low_limit = TASK_UNMAPPED_BASE;
+
+#ifdef CONFIG_PAX_RANDMMAP
-+ if (mm->pax_flags & MF_PAX_RANDMMAP)
-+ mm->mmap_base += mm->delta_mmap;
++ if (current->mm->pax_flags & MF_PAX_RANDMMAP)
++ info.low_limit += current->mm->delta_mmap;
+#endif
+
-+ mm->free_area_cache = mm->mmap_base;
- mm->cached_hole_size = ~0UL;
- addr = hugetlb_get_unmapped_area_bottomup(file, addr0,
- len, pgoff, flags);
-@@ -392,6 +405,7 @@ fail:
- /*
- * Restore the topdown base:
- */
-+ mm->mmap_base = base;
- mm->free_area_cache = base;
- mm->cached_hole_size = ~0UL;
-
-@@ -405,10 +419,20 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
+ info.high_limit = TASK_SIZE;
+ addr = vm_unmapped_area(&info);
+ }
+@@ -325,10 +337,20 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
struct hstate *h = hstate_file(file);
struct mm_struct *mm = current->mm;
struct vm_area_struct *vma;
return -ENOMEM;
if (flags & MAP_FIXED) {
-@@ -417,11 +441,14 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
+@@ -337,11 +359,14 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
return addr;
}
(unsigned long)(&__init_begin),
(unsigned long)(&__init_end));
diff --git a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c
-index 11a5800..4bd9977 100644
+index 745d66b..56bf568 100644
--- a/arch/x86/mm/init_32.c
+++ b/arch/x86/mm/init_32.c
@@ -73,36 +73,6 @@ static __init void *alloc_low_page(void)
EXPORT_SYMBOL_GPL(__supported_pte_mask);
/* user-defined highmem size */
-@@ -731,6 +730,12 @@ void __init mem_init(void)
+@@ -728,6 +727,12 @@ void __init mem_init(void)
pci_iommu_alloc();
#ifdef CONFIG_FLATMEM
BUG_ON(!mem_map);
#endif
-@@ -757,7 +762,7 @@ void __init mem_init(void)
+@@ -754,7 +759,7 @@ void __init mem_init(void)
reservedpages++;
codesize = (unsigned long) &_etext - (unsigned long) &_text;
initsize = (unsigned long) &__init_end - (unsigned long) &__init_begin;
printk(KERN_INFO "Memory: %luk/%luk available (%dk kernel code, "
-@@ -798,10 +803,10 @@ void __init mem_init(void)
+@@ -795,10 +800,10 @@ void __init mem_init(void)
((unsigned long)&__init_end -
(unsigned long)&__init_begin) >> 10,
((unsigned long)&_etext - (unsigned long)&_text) >> 10);
/*
-@@ -879,6 +884,7 @@ void set_kernel_text_rw(void)
+@@ -876,6 +881,7 @@ void set_kernel_text_rw(void)
if (!kernel_set_to_readonly)
return;
pr_debug("Set kernel text: %lx - %lx for read write\n",
start, start+size);
-@@ -893,6 +899,7 @@ void set_kernel_text_ro(void)
+@@ -890,6 +896,7 @@ void set_kernel_text_ro(void)
if (!kernel_set_to_readonly)
return;
pr_debug("Set kernel text: %lx - %lx for read only\n",
start, start+size);
-@@ -921,6 +928,7 @@ void mark_rodata_ro(void)
+@@ -918,6 +925,7 @@ void mark_rodata_ro(void)
unsigned long start = PFN_ALIGN(_text);
unsigned long size = PFN_ALIGN(_etext) - start;
printk(KERN_INFO "Write protecting the kernel text: %luk\n",
size >> 10);
diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
-index 3baff25..8b37564 100644
+index 75c9a6a..498d677 100644
--- a/arch/x86/mm/init_64.c
+++ b/arch/x86/mm/init_64.c
@@ -74,7 +74,7 @@ early_param("gbpages", parse_direct_gbpages_on);
spin_unlock(&init_mm.page_table_lock);
pgd_changed = true;
}
-@@ -691,6 +705,12 @@ void __init mem_init(void)
+@@ -693,6 +707,12 @@ void __init mem_init(void)
pci_iommu_alloc();
/* clear_bss() already clear the empty_zero_page */
reservedpages = 0;
-@@ -851,8 +871,8 @@ int kern_addr_valid(unsigned long addr)
+@@ -856,8 +876,8 @@ int kern_addr_valid(unsigned long addr)
static struct vm_area_struct gate_vma = {
.vm_start = VSYSCALL_START,
.vm_end = VSYSCALL_START + (VSYSCALL_MAPPED_PAGES * PAGE_SIZE),
};
struct vm_area_struct *get_gate_vma(struct mm_struct *mm)
-@@ -886,7 +906,7 @@ int in_gate_area_no_mm(unsigned long addr)
+@@ -891,7 +911,7 @@ int in_gate_area_no_mm(unsigned long addr)
const char *arch_vma_name(struct vm_area_struct *vma)
{
p += get_opcode(p, &opcode);
for (i = 0; i < ARRAY_SIZE(imm_wop); i++)
diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c
-index 8573b83..4f3ed7e 100644
+index e27fbf8..8b56dc9 100644
--- a/arch/x86/mm/pgtable.c
+++ b/arch/x86/mm/pgtable.c
@@ -84,10 +84,64 @@ static inline void pgd_list_del(pgd_t *pgd)
/*
* List of all pgd's needed for non-PAE so it can invalidate entries
@@ -140,7 +195,7 @@ static void pgd_dtor(pgd_t *pgd)
- * -- wli
+ * -- nyc
*/
-#ifdef CONFIG_X86_PAE
}
diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c
-index 60f926c..a710970 100644
+index 13a6b29..c2fff23 100644
--- a/arch/x86/mm/tlb.c
+++ b/arch/x86/mm/tlb.c
@@ -48,7 +48,11 @@ void leave_mm(int cpu)
+ pax_force_retaddr
ret
diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c
-index 520d2bd..b895ef4 100644
+index d11a470..3f9adff3 100644
--- a/arch/x86/net/bpf_jit_comp.c
+++ b/arch/x86/net/bpf_jit_comp.c
-@@ -11,6 +11,7 @@
- #include <asm/cacheflush.h>
+@@ -12,6 +12,7 @@
#include <linux/netdevice.h>
#include <linux/filter.h>
+ #include <linux/if_vlan.h>
+#include <linux/random.h>
/*
* Conventions :
-@@ -48,13 +49,87 @@ static inline u8 *emit_code(u8 *ptr, u32 bytes, unsigned int len)
+@@ -49,13 +50,87 @@ static inline u8 *emit_code(u8 *ptr, u32 bytes, unsigned int len)
return ptr + len;
}
#define CLEAR_A() EMIT2(0x31, 0xc0) /* xor %eax,%eax */
#define CLEAR_X() EMIT2(0x31, 0xdb) /* xor %ebx,%ebx */
-@@ -89,6 +164,24 @@ do { \
+@@ -90,6 +165,24 @@ do { \
#define X86_JBE 0x76
#define X86_JA 0x77
#define EMIT_COND_JMP(op, offset) \
do { \
if (is_near(offset)) \
-@@ -96,6 +189,7 @@ do { \
+@@ -97,6 +190,7 @@ do { \
else { \
EMIT2(0x0f, op + 0x10); \
EMIT(offset, 4); /* jxx .+off32 */ \
} \
} while (0)
-@@ -120,12 +214,17 @@ static inline void bpf_flush_icache(void *start, void *end)
+@@ -121,12 +215,17 @@ static inline void bpf_flush_icache(void *start, void *end)
set_fs(old_fs);
}
u8 *prog;
unsigned int proglen, oldproglen = 0;
int ilen, i;
-@@ -138,6 +237,9 @@ void bpf_jit_compile(struct sk_filter *fp)
+@@ -139,6 +238,9 @@ void bpf_jit_compile(struct sk_filter *fp)
unsigned int *addrs;
const struct sock_filter *filter = fp->insns;
int flen = fp->len;
if (!bpf_jit_enable)
return;
-@@ -146,11 +248,19 @@ void bpf_jit_compile(struct sk_filter *fp)
+@@ -147,11 +249,19 @@ void bpf_jit_compile(struct sk_filter *fp)
if (addrs == NULL)
return;
addrs[i] = proglen;
}
cleanup_addr = proglen; /* epilogue address */
-@@ -258,10 +368,8 @@ void bpf_jit_compile(struct sk_filter *fp)
+@@ -261,10 +371,8 @@ void bpf_jit_compile(struct sk_filter *fp)
case BPF_S_ALU_MUL_K: /* A *= K */
if (is_imm8(K))
EMIT3(0x6b, 0xc0, K); /* imul imm8,%eax,%eax */
break;
case BPF_S_ALU_DIV_X: /* A /= X; */
seen |= SEEN_XREG;
-@@ -301,13 +409,23 @@ void bpf_jit_compile(struct sk_filter *fp)
+@@ -304,13 +412,23 @@ void bpf_jit_compile(struct sk_filter *fp)
break;
case BPF_S_ALU_MOD_K: /* A %= K; */
EMIT2(0x31, 0xd2); /* xor %edx,%edx */
EMIT4(0x48, 0xc1, 0xe8, 0x20); /* shr $0x20,%rax */
break;
case BPF_S_ALU_AND_X:
-@@ -543,8 +661,7 @@ common_load_ind: seen |= SEEN_DATAREF | SEEN_XREG;
+@@ -564,8 +682,7 @@ common_load_ind: seen |= SEEN_DATAREF | SEEN_XREG;
if (is_imm8(K)) {
EMIT3(0x8d, 0x73, K); /* lea imm8(%rbx), %esi */
} else {
}
} else {
EMIT2(0x89,0xde); /* mov %ebx,%esi */
-@@ -627,17 +744,18 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i];
+@@ -648,17 +765,18 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i];
break;
default:
/* hmm, too complex filter, give up with jit compiler */
}
proglen += ilen;
addrs[i] = proglen;
-@@ -658,11 +776,9 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i];
+@@ -679,11 +797,9 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i];
break;
}
if (proglen == oldproglen) {
}
oldproglen = proglen;
}
-@@ -678,7 +794,10 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i];
+@@ -699,7 +815,10 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i];
bpf_flush_icache(image, image + proglen);
fp->bpf_func = (void *)image;
out:
kfree(addrs);
return;
-@@ -686,18 +805,20 @@ out:
+@@ -707,18 +826,20 @@ out:
static void jit_free_defer(struct work_struct *arg)
{
unsigned long stack = kernel_stack_pointer(regs);
if (depth)
dump_trace(NULL, regs, (unsigned long *)stack, 0,
-diff --git a/arch/x86/pci/acpi.c b/arch/x86/pci/acpi.c
-index 192397c..5ba6f9e 100644
---- a/arch/x86/pci/acpi.c
-+++ b/arch/x86/pci/acpi.c
-@@ -568,7 +568,7 @@ int __init pci_acpi_init(void)
- acpi_irq_penalty_init();
- pcibios_enable_irq = acpi_pci_irq_enable;
- pcibios_disable_irq = acpi_pci_irq_disable;
-- x86_init.pci.init_irq = x86_init_noop;
-+ *(void **)&x86_init.pci.init_irq = x86_init_noop;
-
- if (pci_routeirq) {
- /*
+diff --git a/arch/x86/oprofile/nmi_int.c b/arch/x86/oprofile/nmi_int.c
+index 48768df..ba9143c 100644
+--- a/arch/x86/oprofile/nmi_int.c
++++ b/arch/x86/oprofile/nmi_int.c
+@@ -23,6 +23,7 @@
+ #include <asm/nmi.h>
+ #include <asm/msr.h>
+ #include <asm/apic.h>
++#include <asm/pgtable.h>
+
+ #include "op_counter.h"
+ #include "op_x86_model.h"
+@@ -774,8 +775,11 @@ int __init op_nmi_init(struct oprofile_operations *ops)
+ if (ret)
+ return ret;
+
+- if (!model->num_virt_counters)
+- model->num_virt_counters = model->num_counters;
++ if (!model->num_virt_counters) {
++ pax_open_kernel();
++ *(unsigned int *)&model->num_virt_counters = model->num_counters;
++ pax_close_kernel();
++ }
+
+ mux_init(ops);
+
+diff --git a/arch/x86/oprofile/op_model_amd.c b/arch/x86/oprofile/op_model_amd.c
+index b2b9443..be58856 100644
+--- a/arch/x86/oprofile/op_model_amd.c
++++ b/arch/x86/oprofile/op_model_amd.c
+@@ -519,9 +519,11 @@ static int op_amd_init(struct oprofile_operations *ops)
+ num_counters = AMD64_NUM_COUNTERS;
+ }
+
+- op_amd_spec.num_counters = num_counters;
+- op_amd_spec.num_controls = num_counters;
+- op_amd_spec.num_virt_counters = max(num_counters, NUM_VIRT_COUNTERS);
++ pax_open_kernel();
++ *(unsigned int *)&op_amd_spec.num_counters = num_counters;
++ *(unsigned int *)&op_amd_spec.num_controls = num_counters;
++ *(unsigned int *)&op_amd_spec.num_virt_counters = max(num_counters, NUM_VIRT_COUNTERS);
++ pax_close_kernel();
+
+ return 0;
+ }
+diff --git a/arch/x86/oprofile/op_model_ppro.c b/arch/x86/oprofile/op_model_ppro.c
+index d90528e..0127e2b 100644
+--- a/arch/x86/oprofile/op_model_ppro.c
++++ b/arch/x86/oprofile/op_model_ppro.c
+@@ -19,6 +19,7 @@
+ #include <asm/msr.h>
+ #include <asm/apic.h>
+ #include <asm/nmi.h>
++#include <asm/pgtable.h>
+
+ #include "op_x86_model.h"
+ #include "op_counter.h"
+@@ -221,8 +222,10 @@ static void arch_perfmon_setup_counters(void)
+
+ num_counters = min((int)eax.split.num_counters, OP_MAX_COUNTER);
+
+- op_arch_perfmon_spec.num_counters = num_counters;
+- op_arch_perfmon_spec.num_controls = num_counters;
++ pax_open_kernel();
++ *(unsigned int *)&op_arch_perfmon_spec.num_counters = num_counters;
++ *(unsigned int *)&op_arch_perfmon_spec.num_controls = num_counters;
++ pax_close_kernel();
+ }
+
+ static int arch_perfmon_init(struct oprofile_operations *ignore)
+diff --git a/arch/x86/oprofile/op_x86_model.h b/arch/x86/oprofile/op_x86_model.h
+index 71e8a67..6a313bb 100644
+--- a/arch/x86/oprofile/op_x86_model.h
++++ b/arch/x86/oprofile/op_x86_model.h
+@@ -52,7 +52,7 @@ struct op_x86_model_spec {
+ void (*switch_ctrl)(struct op_x86_model_spec const *model,
+ struct op_msrs const * const msrs);
+ #endif
+-};
++} __do_const;
+
+ struct op_counter_config;
+
+diff --git a/arch/x86/pci/amd_bus.c b/arch/x86/pci/amd_bus.c
+index e9e6ed5..e47ae67 100644
+--- a/arch/x86/pci/amd_bus.c
++++ b/arch/x86/pci/amd_bus.c
+@@ -337,7 +337,7 @@ static int __cpuinit amd_cpu_notify(struct notifier_block *self,
+ return NOTIFY_OK;
+ }
+
+-static struct notifier_block __cpuinitdata amd_cpu_notifier = {
++static struct notifier_block amd_cpu_notifier = {
+ .notifier_call = amd_cpu_notify,
+ };
+
+diff --git a/arch/x86/pci/irq.c b/arch/x86/pci/irq.c
+index 372e9b8..e775a6c 100644
+--- a/arch/x86/pci/irq.c
++++ b/arch/x86/pci/irq.c
+@@ -50,7 +50,7 @@ struct irq_router {
+ struct irq_router_handler {
+ u16 vendor;
+ int (*probe)(struct irq_router *r, struct pci_dev *router, u16 device);
+-};
++} __do_const;
+
+ int (*pcibios_enable_irq)(struct pci_dev *dev) = pirq_enable_irq;
+ void (*pcibios_disable_irq)(struct pci_dev *dev) = NULL;
+@@ -794,7 +794,7 @@ static __init int pico_router_probe(struct irq_router *r, struct pci_dev *router
+ return 0;
+ }
+
+-static __initdata struct irq_router_handler pirq_routers[] = {
++static __initconst const struct irq_router_handler pirq_routers[] = {
+ { PCI_VENDOR_ID_INTEL, intel_router_probe },
+ { PCI_VENDOR_ID_AL, ali_router_probe },
+ { PCI_VENDOR_ID_ITE, ite_router_probe },
+@@ -821,7 +821,7 @@ static struct pci_dev *pirq_router_dev;
+ static void __init pirq_find_router(struct irq_router *r)
+ {
+ struct irq_routing_table *rt = pirq_table;
+- struct irq_router_handler *h;
++ const struct irq_router_handler *h;
+
+ #ifdef CONFIG_PCI_BIOS
+ if (!rt->signature) {
+@@ -1094,7 +1094,7 @@ static int __init fix_acer_tm360_irqrouting(const struct dmi_system_id *d)
+ return 0;
+ }
+
+-static struct dmi_system_id __initdata pciirq_dmi_table[] = {
++static const struct dmi_system_id __initconst pciirq_dmi_table[] = {
+ {
+ .callback = fix_broken_hp_bios_irq9,
+ .ident = "HP Pavilion N5400 Series Laptop",
diff --git a/arch/x86/pci/mrst.c b/arch/x86/pci/mrst.c
-index e14a2ff..3fd6b58 100644
+index 6eb18c4..20d83de 100644
--- a/arch/x86/pci/mrst.c
+++ b/arch/x86/pci/mrst.c
@@ -238,7 +238,9 @@ int __init pci_mrst_init(void)
/* Continue with standard init */
return 1;
diff --git a/arch/x86/pci/pcbios.c b/arch/x86/pci/pcbios.c
-index da8fe05..7ee6704 100644
+index c77b24a..c979855 100644
--- a/arch/x86/pci/pcbios.c
+++ b/arch/x86/pci/pcbios.c
-@@ -79,50 +79,93 @@ union bios32 {
+@@ -79,7 +79,7 @@ union bios32 {
static struct {
unsigned long address;
unsigned short segment;
/*
* Returns the entry point for the given service, NULL on error
- */
-
--static unsigned long bios32_service(unsigned long service)
-+static unsigned long __devinit bios32_service(unsigned long service)
- {
- unsigned char return_code; /* %al */
- unsigned long address; /* %ebx */
+@@ -92,37 +92,80 @@ static unsigned long bios32_service(unsigned long service)
unsigned long length; /* %ecx */
unsigned long entry; /* %edx */
unsigned long flags;
-static int pci_bios_present;
+static int pci_bios_present __read_only;
- static int __devinit check_pcibios(void)
+ static int check_pcibios(void)
{
-@@ -131,11 +174,13 @@ static int __devinit check_pcibios(void)
+@@ -131,11 +174,13 @@ static int check_pcibios(void)
unsigned long flags, pcibios_entry;
if ((pcibios_entry = bios32_service(PCI_SERVICE))) {
"jc 1f\n\t"
"xor %%ah, %%ah\n"
"1:"
-@@ -144,7 +189,8 @@ static int __devinit check_pcibios(void)
+@@ -144,7 +189,8 @@ static int check_pcibios(void)
"=b" (ebx),
"=c" (ecx)
: "1" (PCIBIOS_PCI_BIOS_PRESENT),
return !(ret & 0xff00);
}
EXPORT_SYMBOL(pcibios_set_irq_routing);
-diff --git a/arch/x86/pci/xen.c b/arch/x86/pci/xen.c
-index 56ab749..3cb792a 100644
---- a/arch/x86/pci/xen.c
-+++ b/arch/x86/pci/xen.c
-@@ -395,9 +395,9 @@ int __init pci_xen_init(void)
- #endif
-
- #ifdef CONFIG_PCI_MSI
-- x86_msi.setup_msi_irqs = xen_setup_msi_irqs;
-- x86_msi.teardown_msi_irq = xen_teardown_msi_irq;
-- x86_msi.teardown_msi_irqs = xen_teardown_msi_irqs;
-+ *(void **)&x86_msi.setup_msi_irqs = xen_setup_msi_irqs;
-+ *(void **)&x86_msi.teardown_msi_irq = xen_teardown_msi_irq;
-+ *(void **)&x86_msi.teardown_msi_irqs = xen_teardown_msi_irqs;
- #endif
- return 0;
- }
-@@ -416,8 +416,8 @@ int __init pci_xen_hvm_init(void)
- #endif
-
- #ifdef CONFIG_PCI_MSI
-- x86_msi.setup_msi_irqs = xen_hvm_setup_msi_irqs;
-- x86_msi.teardown_msi_irq = xen_teardown_msi_irq;
-+ *(void **)&x86_msi.setup_msi_irqs = xen_hvm_setup_msi_irqs;
-+ *(void **)&x86_msi.teardown_msi_irq = xen_teardown_msi_irq;
- #endif
- return 0;
- }
-@@ -474,9 +474,9 @@ int __init pci_xen_initial_domain(void)
- int irq;
-
- #ifdef CONFIG_PCI_MSI
-- x86_msi.setup_msi_irqs = xen_initdom_setup_msi_irqs;
-- x86_msi.teardown_msi_irq = xen_teardown_msi_irq;
-- x86_msi.restore_msi_irqs = xen_initdom_restore_msi_irqs;
-+ *(void **)&x86_msi.setup_msi_irqs = xen_initdom_setup_msi_irqs;
-+ *(void **)&x86_msi.teardown_msi_irq = xen_teardown_msi_irq;
-+ *(void **)&x86_msi.restore_msi_irqs = xen_initdom_restore_msi_irqs;
- #endif
- xen_setup_acpi_sci();
- __acpi_register_gsi = acpi_register_gsi_xen;
-diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c
-index 77cf009..7fe44c8 100644
---- a/arch/x86/platform/efi/efi.c
-+++ b/arch/x86/platform/efi/efi.c
-@@ -746,8 +746,8 @@ void __init efi_init(void)
-
- #ifdef CONFIG_X86_32
- if (efi_is_native()) {
-- x86_platform.get_wallclock = efi_get_time;
-- x86_platform.set_wallclock = efi_set_rtc_mmss;
-+ *(void **)&x86_platform.get_wallclock = efi_get_time;
-+ *(void **)&x86_platform.set_wallclock = efi_set_rtc_mmss;
- }
- #endif
-
diff --git a/arch/x86/platform/efi/efi_32.c b/arch/x86/platform/efi/efi_32.c
index 40e4469..1ab536e 100644
--- a/arch/x86/platform/efi/efi_32.c
ret
ENDPROC(efi_call6)
diff --git a/arch/x86/platform/mrst/mrst.c b/arch/x86/platform/mrst/mrst.c
-index fd41a92..bc8091d 100644
+index e31bcd8..f12dc46 100644
--- a/arch/x86/platform/mrst/mrst.c
+++ b/arch/x86/platform/mrst/mrst.c
@@ -78,13 +78,15 @@ struct sfi_rtc_table_entry sfi_mrtc_array[SFI_MRTC_MAX];
}
/* parse all the mtimer info to a static mtimer array */
-@@ -233,14 +235,14 @@ static void __init mrst_time_init(void)
- case MRST_TIMER_APBT_ONLY:
- break;
- case MRST_TIMER_LAPIC_APBT:
-- x86_init.timers.setup_percpu_clockev = setup_boot_APIC_clock;
-- x86_cpuinit.setup_percpu_clockev = setup_secondary_APIC_clock;
-+ *(void **)&x86_init.timers.setup_percpu_clockev = setup_boot_APIC_clock;
-+ *(void **)&x86_cpuinit.setup_percpu_clockev = setup_secondary_APIC_clock;
- break;
- default:
- if (!boot_cpu_has(X86_FEATURE_ARAT))
- break;
-- x86_init.timers.setup_percpu_clockev = setup_boot_APIC_clock;
-- x86_cpuinit.setup_percpu_clockev = setup_secondary_APIC_clock;
-+ *(void **)&x86_init.timers.setup_percpu_clockev = setup_boot_APIC_clock;
-+ *(void **)&x86_cpuinit.setup_percpu_clockev = setup_secondary_APIC_clock;
- return;
- }
- /* we need at least one APB timer */
-@@ -282,35 +284,35 @@ static unsigned char mrst_get_nmi_reason(void)
- */
- void __init x86_mrst_early_setup(void)
- {
-- x86_init.resources.probe_roms = x86_init_noop;
-- x86_init.resources.reserve_resources = x86_init_noop;
-+ *(void **)&x86_init.resources.probe_roms = x86_init_noop;
-+ *(void **)&x86_init.resources.reserve_resources = x86_init_noop;
-
-- x86_init.timers.timer_init = mrst_time_init;
-- x86_init.timers.setup_percpu_clockev = x86_init_noop;
-+ *(void **)&x86_init.timers.timer_init = mrst_time_init;
-+ *(void **)&x86_init.timers.setup_percpu_clockev = x86_init_noop;
-
-- x86_init.irqs.pre_vector_init = x86_init_noop;
-+ *(void **)&x86_init.irqs.pre_vector_init = x86_init_noop;
-
-- x86_init.oem.arch_setup = mrst_arch_setup;
-+ *(void **)&x86_init.oem.arch_setup = mrst_arch_setup;
-
-- x86_cpuinit.setup_percpu_clockev = apbt_setup_secondary_clock;
-+ *(void **)&x86_cpuinit.setup_percpu_clockev = apbt_setup_secondary_clock;
-
-- x86_platform.calibrate_tsc = mrst_calibrate_tsc;
-- x86_platform.i8042_detect = mrst_i8042_detect;
-- x86_init.timers.wallclock_init = mrst_rtc_init;
-- x86_platform.get_nmi_reason = mrst_get_nmi_reason;
-+ *(void **)&x86_platform.calibrate_tsc = mrst_calibrate_tsc;
-+ *(void **)&x86_platform.i8042_detect = mrst_i8042_detect;
-+ *(void **)&x86_init.timers.wallclock_init = mrst_rtc_init;
-+ *(void **)&x86_platform.get_nmi_reason = mrst_get_nmi_reason;
-
-- x86_init.pci.init = pci_mrst_init;
-- x86_init.pci.fixup_irqs = x86_init_noop;
-+ *(void **)&x86_init.pci.init = pci_mrst_init;
-+ *(void **)&x86_init.pci.fixup_irqs = x86_init_noop;
-
- legacy_pic = &null_legacy_pic;
-
- /* Moorestown specific power_off/restart method */
- pm_power_off = mrst_power_off;
-- machine_ops.emergency_restart = mrst_reboot;
-+ *(void **)&machine_ops.emergency_restart = mrst_reboot;
-
- /* Avoid searching for BIOS MP tables */
-- x86_init.mpparse.find_smp_config = x86_init_noop;
-- x86_init.mpparse.get_smp_config = x86_init_uint_noop;
-+ *(void **)&x86_init.mpparse.find_smp_config = x86_init_noop;
-+ *(void **)&x86_init.mpparse.get_smp_config = x86_init_uint_noop;
- set_bit(MP_BUS_ISA, mp_bus_not_pci);
- }
-
-diff --git a/arch/x86/platform/mrst/vrtc.c b/arch/x86/platform/mrst/vrtc.c
-index 225bd0f..22e8086 100644
---- a/arch/x86/platform/mrst/vrtc.c
-+++ b/arch/x86/platform/mrst/vrtc.c
-@@ -120,8 +120,8 @@ void __init mrst_rtc_init(void)
-
- vrtc_virt_base = (void __iomem *)set_fixmap_offset_nocache(FIX_LNW_VRTC,
- vrtc_paddr);
-- x86_platform.get_wallclock = vrtc_get_time;
-- x86_platform.set_wallclock = vrtc_set_mmss;
-+ *(void **)&x86_platform.get_wallclock = vrtc_get_time;
-+ *(void **)&x86_platform.set_wallclock = vrtc_set_mmss;
- }
-
- /*
-diff --git a/arch/x86/platform/olpc/olpc.c b/arch/x86/platform/olpc/olpc.c
-index 2737608..0d62cc2 100644
---- a/arch/x86/platform/olpc/olpc.c
-+++ b/arch/x86/platform/olpc/olpc.c
-@@ -395,7 +395,7 @@ static int __init olpc_init(void)
- * XO-1 only. */
- if (olpc_platform_info.boardrev < olpc_board_pre(0xd0) &&
- !cs5535_has_vsa2())
-- x86_init.pci.arch_init = pci_olpc_init;
-+ *(void **)&x86_init.pci.arch_init = pci_olpc_init;
- #endif
-
- if (olpc_platform_info.boardrev < olpc_board_pre(0xd0)) { /* XO-1 */
diff --git a/arch/x86/platform/olpc/olpc_dt.c b/arch/x86/platform/olpc/olpc_dt.c
index d6ee929..3637cb5 100644
--- a/arch/x86/platform/olpc/olpc_dt.c
.getproplen = olpc_dt_getproplen,
.getproperty = olpc_dt_getproperty,
diff --git a/arch/x86/power/cpu.c b/arch/x86/power/cpu.c
-index 218cdb1..c1178eb 100644
+index 120cee1..b2db75a 100644
--- a/arch/x86/power/cpu.c
+++ b/arch/x86/power/cpu.c
-@@ -132,7 +132,7 @@ static void do_fpu_end(void)
+@@ -133,7 +133,7 @@ static void do_fpu_end(void)
static void fix_processor_context(void)
{
int cpu = smp_processor_id();
set_tss_desc(cpu, t); /*
* This just modifies memory; should not be
-@@ -142,8 +142,6 @@ static void fix_processor_context(void)
+@@ -143,8 +143,6 @@ static void fix_processor_context(void)
*/
#ifdef CONFIG_X86_64
/*
diff --git a/arch/x86/tools/relocs.c b/arch/x86/tools/relocs.c
-index 5a1847d..deccb30 100644
+index 79d67bd..c7e1b90 100644
--- a/arch/x86/tools/relocs.c
+++ b/arch/x86/tools/relocs.c
@@ -12,10 +12,13 @@
+ read_relocs(fp, use_real_mode);
if (show_absolute_syms) {
print_absolute_symbols();
- return 0;
+ goto out;
diff --git a/arch/x86/vdso/Makefile b/arch/x86/vdso/Makefile
index fd14be1..e3c79c0 100644
--- a/arch/x86/vdso/Makefile
return NULL;
}
diff --git a/arch/x86/vdso/vma.c b/arch/x86/vdso/vma.c
-index 00aaf04..4a26505 100644
+index 431e875..cbb23f3 100644
--- a/arch/x86/vdso/vma.c
+++ b/arch/x86/vdso/vma.c
@@ -16,8 +16,6 @@
* unaligned here as a result of stack start randomization.
*/
addr = PAGE_ALIGN(addr);
-- addr = align_addr(addr, NULL, ALIGN_VDSO);
+- addr = align_vdso_addr(addr);
return addr;
}
+#endif
+
addr = vdso_addr(mm->start_stack, size);
-+ addr = align_addr(addr, NULL, ALIGN_VDSO);
++ addr = align_vdso_addr(addr);
addr = get_unmapped_area(NULL, addr, size, 0, 0);
if (IS_ERR_VALUE(addr)) {
ret = addr;
- return 0;
-}
-__setup("vdso=", vdso_setup);
-diff --git a/arch/x86/xen/apic.c b/arch/x86/xen/apic.c
-index 7005ced..530d6eb 100644
---- a/arch/x86/xen/apic.c
-+++ b/arch/x86/xen/apic.c
-@@ -30,5 +30,5 @@ static unsigned int xen_io_apic_read(unsigned apic, unsigned reg)
-
- void __init xen_init_apic(void)
- {
-- x86_io_apic_ops.read = xen_io_apic_read;
-+ *(void **)&x86_io_apic_ops.read = xen_io_apic_read;
- }
diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
-index 586d838..9181904 100644
+index 2262003..f229ced 100644
--- a/arch/x86/xen/enlighten.c
+++ b/arch/x86/xen/enlighten.c
-@@ -99,8 +99,6 @@ EXPORT_SYMBOL_GPL(xen_start_info);
+@@ -100,8 +100,6 @@ EXPORT_SYMBOL_GPL(xen_start_info);
struct shared_info xen_dummy_shared_info;
RESERVE_BRK(shared_info_page_brk, PAGE_SIZE);
__read_mostly int xen_have_vector_callback;
EXPORT_SYMBOL_GPL(xen_have_vector_callback);
-@@ -473,8 +471,7 @@ static void xen_load_gdt(const struct desc_ptr *dtr)
+@@ -496,8 +494,7 @@ static void xen_load_gdt(const struct desc_ptr *dtr)
{
unsigned long va = dtr->address;
unsigned int size = dtr->size + 1;
int f;
/*
-@@ -522,8 +519,7 @@ static void __init xen_load_gdt_boot(const struct desc_ptr *dtr)
+@@ -545,8 +542,7 @@ static void __init xen_load_gdt_boot(const struct desc_ptr *dtr)
{
unsigned long va = dtr->address;
unsigned int size = dtr->size + 1;
int f;
/*
-@@ -918,21 +914,21 @@ static u32 xen_safe_apic_wait_icr_idle(void)
-
- static void set_xen_basic_apic_ops(void)
- {
-- apic->read = xen_apic_read;
-- apic->write = xen_apic_write;
-- apic->icr_read = xen_apic_icr_read;
-- apic->icr_write = xen_apic_icr_write;
-- apic->wait_icr_idle = xen_apic_wait_icr_idle;
-- apic->safe_wait_icr_idle = xen_safe_apic_wait_icr_idle;
-- apic->set_apic_id = xen_set_apic_id;
-- apic->get_apic_id = xen_get_apic_id;
-+ *(void **)&apic->read = xen_apic_read;
-+ *(void **)&apic->write = xen_apic_write;
-+ *(void **)&apic->icr_read = xen_apic_icr_read;
-+ *(void **)&apic->icr_write = xen_apic_icr_write;
-+ *(void **)&apic->wait_icr_idle = xen_apic_wait_icr_idle;
-+ *(void **)&apic->safe_wait_icr_idle = xen_safe_apic_wait_icr_idle;
-+ *(void **)&apic->set_apic_id = xen_set_apic_id;
-+ *(void **)&apic->get_apic_id = xen_get_apic_id;
-
- #ifdef CONFIG_SMP
-- apic->send_IPI_allbutself = xen_send_IPI_allbutself;
-- apic->send_IPI_mask_allbutself = xen_send_IPI_mask_allbutself;
-- apic->send_IPI_mask = xen_send_IPI_mask;
-- apic->send_IPI_all = xen_send_IPI_all;
-- apic->send_IPI_self = xen_send_IPI_self;
-+ *(void **)&apic->send_IPI_allbutself = xen_send_IPI_allbutself;
-+ *(void **)&apic->send_IPI_mask_allbutself = xen_send_IPI_mask_allbutself;
-+ *(void **)&apic->send_IPI_mask = xen_send_IPI_mask;
-+ *(void **)&apic->send_IPI_all = xen_send_IPI_all;
-+ *(void **)&apic->send_IPI_self = xen_send_IPI_self;
- #endif
+@@ -939,7 +935,7 @@ static u32 xen_safe_apic_wait_icr_idle(void)
+ return 0;
}
-@@ -1222,30 +1218,30 @@ static const struct pv_apic_ops xen_apic_ops __initconst = {
+-static void set_xen_basic_apic_ops(void)
++static void __init set_xen_basic_apic_ops(void)
+ {
+ apic->read = xen_apic_read;
+ apic->write = xen_apic_write;
+@@ -1245,30 +1241,30 @@ static const struct pv_apic_ops xen_apic_ops __initconst = {
#endif
};
{
if (pm_power_off)
pm_power_off();
-@@ -1290,14 +1286,14 @@ static const struct machine_ops xen_machine_ops __initconst = {
- */
- static void __init xen_setup_stackprotector(void)
- {
-- pv_cpu_ops.write_gdt_entry = xen_write_gdt_entry_boot;
-- pv_cpu_ops.load_gdt = xen_load_gdt_boot;
-+ *(void **)&pv_cpu_ops.write_gdt_entry = xen_write_gdt_entry_boot;
-+ *(void **)&pv_cpu_ops.load_gdt = xen_load_gdt_boot;
-
- setup_stack_canary_segment(0);
- switch_to_new_gdt(0);
-
-- pv_cpu_ops.write_gdt_entry = xen_write_gdt_entry;
-- pv_cpu_ops.load_gdt = xen_load_gdt;
-+ *(void **)&pv_cpu_ops.write_gdt_entry = xen_write_gdt_entry;
-+ *(void **)&pv_cpu_ops.load_gdt = xen_load_gdt;
- }
-
- /* First C function to be called on Xen boot */
-@@ -1315,13 +1311,13 @@ asmlinkage void __init xen_start_kernel(void)
-
- /* Install Xen paravirt ops */
- pv_info = xen_info;
-- pv_init_ops = xen_init_ops;
-- pv_cpu_ops = xen_cpu_ops;
-- pv_apic_ops = xen_apic_ops;
-+ memcpy((void *)&pv_init_ops, &xen_init_ops, sizeof pv_init_ops);
-+ memcpy((void *)&pv_cpu_ops, &xen_cpu_ops, sizeof pv_cpu_ops);
-+ memcpy((void *)&pv_apic_ops, &xen_apic_ops, sizeof pv_apic_ops);
-
-- x86_init.resources.memory_setup = xen_memory_setup;
-- x86_init.oem.arch_setup = xen_arch_setup;
-- x86_init.oem.banner = xen_banner;
-+ *(void **)&x86_init.resources.memory_setup = xen_memory_setup;
-+ *(void **)&x86_init.oem.arch_setup = xen_arch_setup;
-+ *(void **)&x86_init.oem.banner = xen_banner;
-
- xen_init_time_ops();
-
-@@ -1347,7 +1343,17 @@ asmlinkage void __init xen_start_kernel(void)
+@@ -1370,7 +1366,17 @@ asmlinkage void __init xen_start_kernel(void)
__userpte_alloc_gfp &= ~__GFP_HIGHMEM;
/* Work out if we support NX */
xen_setup_features();
-@@ -1376,14 +1382,7 @@ asmlinkage void __init xen_start_kernel(void)
+@@ -1399,14 +1405,7 @@ asmlinkage void __init xen_start_kernel(void)
pv_mmu_ops.ptep_modify_prot_commit = xen_ptep_modify_prot_commit;
}
xen_smp_init();
-@@ -1450,7 +1449,7 @@ asmlinkage void __init xen_start_kernel(void)
- add_preferred_console("tty", 0, NULL);
- add_preferred_console("hvc", 0, NULL);
- if (pci_xen)
-- x86_init.pci.arch_init = pci_xen_init;
-+ *(void **)&x86_init.pci.arch_init = pci_xen_init;
- } else {
- const struct dom0_vga_console_info *info =
- (void *)((char *)xen_start_info +
-@@ -1476,8 +1475,8 @@ asmlinkage void __init xen_start_kernel(void)
- xen_acpi_sleep_register();
-
- /* Avoid searching for BIOS MP tables */
-- x86_init.mpparse.find_smp_config = x86_init_noop;
-- x86_init.mpparse.get_smp_config = x86_init_uint_noop;
-+ *(void **)&x86_init.mpparse.find_smp_config = x86_init_noop;
-+ *(void **)&x86_init.mpparse.get_smp_config = x86_init_uint_noop;
- }
- #ifdef CONFIG_PCI
- /* PCI BIOS service won't work from a PV guest. */
-@@ -1583,7 +1582,7 @@ static void __init xen_hvm_guest_init(void)
- xen_hvm_smp_init();
- register_cpu_notifier(&xen_hvm_cpu_notifier);
- xen_unplug_emulated_devices();
-- x86_init.irqs.intr_init = xen_init_IRQ;
-+ *(void **)&x86_init.irqs.intr_init = xen_init_IRQ;
- xen_hvm_init_time_ops();
- xen_hvm_init_mmu_ops();
- }
-diff --git a/arch/x86/xen/irq.c b/arch/x86/xen/irq.c
-index 01a4dc0..3ca0cc9 100644
---- a/arch/x86/xen/irq.c
-+++ b/arch/x86/xen/irq.c
-@@ -130,5 +130,5 @@ static const struct pv_irq_ops xen_irq_ops __initconst = {
- void __init xen_init_irq_ops(void)
- {
- pv_irq_ops = xen_irq_ops;
-- x86_init.irqs.intr_init = xen_init_IRQ;
-+ *(void **)&x86_init.irqs.intr_init = xen_init_IRQ;
+@@ -1598,7 +1597,7 @@ static int __cpuinit xen_hvm_cpu_notify(struct notifier_block *self,
+ return NOTIFY_OK;
}
+
+-static struct notifier_block xen_hvm_cpu_notifier __cpuinitdata = {
++static struct notifier_block xen_hvm_cpu_notifier = {
+ .notifier_call = xen_hvm_cpu_notify,
+ };
+
diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c
-index dcf5f2d..5f72fe7 100644
+index 01de35c..0bda07b 100644
--- a/arch/x86/xen/mmu.c
+++ b/arch/x86/xen/mmu.c
@@ -1881,6 +1881,9 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn)
.alloc_pud = xen_alloc_pmd_init,
.release_pud = xen_release_pmd_init,
-@@ -2197,8 +2206,8 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = {
-
- void __init xen_init_mmu_ops(void)
- {
-- x86_init.mapping.pagetable_reserve = xen_mapping_pagetable_reserve;
-- x86_init.paging.pagetable_init = xen_pagetable_init;
-+ *(void **)&x86_init.mapping.pagetable_reserve = xen_mapping_pagetable_reserve;
-+ *(void **)&x86_init.paging.pagetable_init = xen_pagetable_init;
- pv_mmu_ops = xen_mmu_ops;
-
- memset(dummy_mapping, 0xff, PAGE_SIZE);
diff --git a/arch/x86/xen/smp.c b/arch/x86/xen/smp.c
-index 353c50f..a0b9b0d 100644
+index 34bc4ce..c34aa24 100644
--- a/arch/x86/xen/smp.c
+++ b/arch/x86/xen/smp.c
@@ -229,11 +229,6 @@ static void __init xen_smp_prepare_boot_cpu(void)
#endif
xen_setup_runstate_info(cpu);
xen_setup_timer(cpu);
-@@ -637,7 +631,7 @@ static const struct smp_ops xen_smp_ops __initconst = {
+@@ -630,7 +624,7 @@ static const struct smp_ops xen_smp_ops __initconst = {
void __init xen_smp_init(void)
{
xen_fill_possible_map();
xen_init_spinlocks();
}
-@@ -672,10 +666,10 @@ void __init xen_hvm_smp_init(void)
- {
- if (!xen_have_vector_callback)
- return;
-- smp_ops.smp_prepare_cpus = xen_hvm_smp_prepare_cpus;
-- smp_ops.smp_send_reschedule = xen_smp_send_reschedule;
-- smp_ops.cpu_up = xen_hvm_cpu_up;
-- smp_ops.cpu_die = xen_hvm_cpu_die;
-- smp_ops.send_call_func_ipi = xen_smp_send_call_function_ipi;
-- smp_ops.send_call_func_single_ipi = xen_smp_send_call_function_single_ipi;
-+ *(void **)&smp_ops.smp_prepare_cpus = xen_hvm_smp_prepare_cpus;
-+ *(void **)&smp_ops.smp_send_reschedule = xen_smp_send_reschedule;
-+ *(void **)&smp_ops.cpu_up = xen_hvm_cpu_up;
-+ *(void **)&smp_ops.cpu_die = xen_hvm_cpu_die;
-+ *(void **)&smp_ops.send_call_func_ipi = xen_smp_send_call_function_ipi;
-+ *(void **)&smp_ops.send_call_func_single_ipi = xen_smp_send_call_function_single_ipi;
- }
-diff --git a/arch/x86/xen/spinlock.c b/arch/x86/xen/spinlock.c
-index 83e866d..ef60385 100644
---- a/arch/x86/xen/spinlock.c
-+++ b/arch/x86/xen/spinlock.c
-@@ -390,12 +390,12 @@ void __init xen_init_spinlocks(void)
- {
- BUILD_BUG_ON(sizeof(struct xen_spinlock) > sizeof(arch_spinlock_t));
-
-- pv_lock_ops.spin_is_locked = xen_spin_is_locked;
-- pv_lock_ops.spin_is_contended = xen_spin_is_contended;
-- pv_lock_ops.spin_lock = xen_spin_lock;
-- pv_lock_ops.spin_lock_flags = xen_spin_lock_flags;
-- pv_lock_ops.spin_trylock = xen_spin_trylock;
-- pv_lock_ops.spin_unlock = xen_spin_unlock;
-+ *(void **)&pv_lock_ops.spin_is_locked = xen_spin_is_locked;
-+ *(void **)&pv_lock_ops.spin_is_contended = xen_spin_is_contended;
-+ *(void **)&pv_lock_ops.spin_lock = xen_spin_lock;
-+ *(void **)&pv_lock_ops.spin_lock_flags = xen_spin_lock_flags;
-+ *(void **)&pv_lock_ops.spin_trylock = xen_spin_trylock;
-+ *(void **)&pv_lock_ops.spin_unlock = xen_spin_unlock;
- }
-
- #ifdef CONFIG_XEN_DEBUG_FS
-diff --git a/arch/x86/xen/time.c b/arch/x86/xen/time.c
-index 0296a95..3c51a2d 100644
---- a/arch/x86/xen/time.c
-+++ b/arch/x86/xen/time.c
-@@ -481,15 +481,15 @@ static void __init xen_time_init(void)
-
- void __init xen_init_time_ops(void)
- {
-- pv_time_ops = xen_time_ops;
-+ memcpy((void *)&pv_time_ops, &xen_time_ops, sizeof pv_time_ops);
-
-- x86_init.timers.timer_init = xen_time_init;
-- x86_init.timers.setup_percpu_clockev = x86_init_noop;
-- x86_cpuinit.setup_percpu_clockev = x86_init_noop;
-+ *(void **)&x86_init.timers.timer_init = xen_time_init;
-+ *(void **)&x86_init.timers.setup_percpu_clockev = x86_init_noop;
-+ *(void **)&x86_cpuinit.setup_percpu_clockev = x86_init_noop;
-
-- x86_platform.calibrate_tsc = xen_tsc_khz;
-- x86_platform.get_wallclock = xen_get_wallclock;
-- x86_platform.set_wallclock = xen_set_wallclock;
-+ *(void **)&x86_platform.calibrate_tsc = xen_tsc_khz;
-+ *(void **)&x86_platform.get_wallclock = xen_get_wallclock;
-+ *(void **)&x86_platform.set_wallclock = xen_set_wallclock;
- }
-
- #ifdef CONFIG_XEN_PVHVM
-@@ -514,12 +514,12 @@ void __init xen_hvm_init_time_ops(void)
- return;
- }
-
-- pv_time_ops = xen_time_ops;
-- x86_init.timers.setup_percpu_clockev = xen_time_init;
-- x86_cpuinit.setup_percpu_clockev = xen_hvm_setup_cpu_clockevents;
-+ memcpy((void *)&pv_time_ops, &xen_time_ops, sizeof pv_time_ops);
-+ *(void **)&x86_init.timers.setup_percpu_clockev = xen_time_init;
-+ *(void **)&x86_cpuinit.setup_percpu_clockev = xen_hvm_setup_cpu_clockevents;
-
-- x86_platform.calibrate_tsc = xen_tsc_khz;
-- x86_platform.get_wallclock = xen_get_wallclock;
-- x86_platform.set_wallclock = xen_set_wallclock;
-+ *(void **)&x86_platform.calibrate_tsc = xen_tsc_khz;
-+ *(void **)&x86_platform.get_wallclock = xen_get_wallclock;
-+ *(void **)&x86_platform.set_wallclock = xen_set_wallclock;
- }
- #endif
diff --git a/arch/x86/xen/xen-asm_32.S b/arch/x86/xen/xen-asm_32.S
-index f9643fc..602e8af 100644
+index 33ca6e4..0ded929 100644
--- a/arch/x86/xen/xen-asm_32.S
+++ b/arch/x86/xen/xen-asm_32.S
@@ -84,14 +84,14 @@ ENTRY(xen_iret)
*/
#ifdef CONFIG_SMP
- GET_THREAD_INFO(%eax)
-- movl TI_cpu(%eax), %eax
-- movl __per_cpu_offset(,%eax,4), %eax
-- mov xen_vcpu(%eax), %eax
+- movl %ss:TI_cpu(%eax), %eax
+- movl %ss:__per_cpu_offset(,%eax,4), %eax
+- mov %ss:xen_vcpu(%eax), %eax
+ push %fs
+ mov $(__KERNEL_PERCPU), %eax
+ mov %eax, %fs
+ mov PER_CPU_VAR(xen_vcpu), %eax
+ pop %fs
#else
- movl xen_vcpu, %eax
+ movl %ss:xen_vcpu, %eax
#endif
diff --git a/arch/x86/xen/xen-head.S b/arch/x86/xen/xen-head.S
index 7faed58..ba4427c 100644
#define XCHAL_ICACHE_SIZE 32768 /* I-cache size in bytes or 0 */
#define XCHAL_DCACHE_SIZE 32768 /* D-cache size in bytes or 0 */
diff --git a/block/blk-iopoll.c b/block/blk-iopoll.c
-index 58916af..9cb880b 100644
+index 58916af..eb9dbcf6 100644
--- a/block/blk-iopoll.c
+++ b/block/blk-iopoll.c
@@ -77,7 +77,7 @@ void blk_iopoll_complete(struct blk_iopoll *iopoll)
{
struct list_head *list = &__get_cpu_var(blk_cpu_iopoll);
int rearm = 0, budget = blk_iopoll_budget;
+@@ -209,7 +209,7 @@ static int __cpuinit blk_iopoll_cpu_notify(struct notifier_block *self,
+ return NOTIFY_OK;
+ }
+
+-static struct notifier_block __cpuinitdata blk_iopoll_cpu_notifier = {
++static struct notifier_block blk_iopoll_cpu_notifier = {
+ .notifier_call = blk_iopoll_cpu_notify,
+ };
+
diff --git a/block/blk-map.c b/block/blk-map.c
index 623e1cd..ca1e109 100644
--- a/block/blk-map.c
bio = bio_copy_kern(q, kbuf, len, gfp_mask, reading);
else
diff --git a/block/blk-softirq.c b/block/blk-softirq.c
-index 467c8de..4bddc6d 100644
+index 467c8de..f3628c5 100644
--- a/block/blk-softirq.c
+++ b/block/blk-softirq.c
@@ -18,7 +18,7 @@ static DEFINE_PER_CPU(struct list_head, blk_cpu_done);
{
struct list_head *cpu_list, local_list;
+@@ -98,7 +98,7 @@ static int __cpuinit blk_cpu_notify(struct notifier_block *self,
+ return NOTIFY_OK;
+ }
+
+-static struct notifier_block __cpuinitdata blk_cpu_notifier = {
++static struct notifier_block blk_cpu_notifier = {
+ .notifier_call = blk_cpu_notify,
+ };
+
diff --git a/block/bsg.c b/block/bsg.c
index ff64ae3..593560c 100644
--- a/block/bsg.c
err = -EFAULT;
goto out;
diff --git a/block/partitions/efi.c b/block/partitions/efi.c
-index 6296b40..417c00f 100644
+index b62fb88..bdab4c4 100644
--- a/block/partitions/efi.c
+++ b/block/partitions/efi.c
@@ -234,14 +234,14 @@ static gpt_entry *alloc_read_gpt_entries(struct parsed_partitions *state,
static void cryptd_queue_worker(struct work_struct *work);
+diff --git a/crypto/crypto_user.c b/crypto/crypto_user.c
+index f6d9baf..dfd511f 100644
+--- a/crypto/crypto_user.c
++++ b/crypto/crypto_user.c
+@@ -30,6 +30,8 @@
+
+ #include "internal.h"
+
++#define null_terminated(x) (strnlen(x, sizeof(x)) < sizeof(x))
++
+ static DEFINE_MUTEX(crypto_cfg_mutex);
+
+ /* The crypto netlink socket */
+@@ -196,7 +198,10 @@ static int crypto_report(struct sk_buff *in_skb, struct nlmsghdr *in_nlh,
+ struct crypto_dump_info info;
+ int err;
+
+- if (!p->cru_driver_name)
++ if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name))
++ return -EINVAL;
++
++ if (!p->cru_driver_name[0])
+ return -EINVAL;
+
+ alg = crypto_alg_match(p, 1);
+@@ -260,6 +265,9 @@ static int crypto_update_alg(struct sk_buff *skb, struct nlmsghdr *nlh,
+ struct nlattr *priority = attrs[CRYPTOCFGA_PRIORITY_VAL];
+ LIST_HEAD(list);
+
++ if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name))
++ return -EINVAL;
++
+ if (priority && !strlen(p->cru_driver_name))
+ return -EINVAL;
+
+@@ -287,6 +295,9 @@ static int crypto_del_alg(struct sk_buff *skb, struct nlmsghdr *nlh,
+ struct crypto_alg *alg;
+ struct crypto_user_alg *p = nlmsg_data(nlh);
+
++ if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name))
++ return -EINVAL;
++
+ alg = crypto_alg_match(p, 1);
+ if (!alg)
+ return -ENOENT;
+@@ -368,6 +379,9 @@ static int crypto_add_alg(struct sk_buff *skb, struct nlmsghdr *nlh,
+ struct crypto_user_alg *p = nlmsg_data(nlh);
+ struct nlattr *priority = attrs[CRYPTOCFGA_PRIORITY_VAL];
+
++ if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name))
++ return -EINVAL;
++
+ if (strlen(p->cru_driver_name))
+ exact = 1;
+
+diff --git a/drivers/acpi/apei/apei-internal.h b/drivers/acpi/apei/apei-internal.h
+index f220d64..d359ad6 100644
+--- a/drivers/acpi/apei/apei-internal.h
++++ b/drivers/acpi/apei/apei-internal.h
+@@ -20,7 +20,7 @@ typedef int (*apei_exec_ins_func_t)(struct apei_exec_context *ctx,
+ struct apei_exec_ins_type {
+ u32 flags;
+ apei_exec_ins_func_t run;
+-};
++} __do_const;
+
+ struct apei_exec_context {
+ u32 ip;
diff --git a/drivers/acpi/apei/cper.c b/drivers/acpi/apei/cper.c
index e6defd8..c26a225 100644
--- a/drivers/acpi/apei/cper.c
}
EXPORT_SYMBOL_GPL(cper_next_record_id);
+diff --git a/drivers/acpi/bgrt.c b/drivers/acpi/bgrt.c
+index be60399..778b33e8 100644
+--- a/drivers/acpi/bgrt.c
++++ b/drivers/acpi/bgrt.c
+@@ -87,8 +87,10 @@ static int __init bgrt_init(void)
+ return -ENODEV;
+
+ sysfs_bin_attr_init(&image_attr);
+- image_attr.private = bgrt_image;
+- image_attr.size = bgrt_image_size;
++ pax_open_kernel();
++ *(void **)&image_attr.private = bgrt_image;
++ *(size_t *)&image_attr.size = bgrt_image_size;
++ pax_close_kernel();
+
+ bgrt_kobj = kobject_create_and_add("bgrt", acpi_kobj);
+ if (!bgrt_kobj)
+diff --git a/drivers/acpi/blacklist.c b/drivers/acpi/blacklist.c
+index cb96296..b81293b 100644
+--- a/drivers/acpi/blacklist.c
++++ b/drivers/acpi/blacklist.c
+@@ -52,7 +52,7 @@ struct acpi_blacklist_item {
+ u32 is_critical_error;
+ };
+
+-static struct dmi_system_id acpi_osi_dmi_table[] __initdata;
++static const struct dmi_system_id acpi_osi_dmi_table[] __initconst;
+
+ /*
+ * POLICY: If *anything* doesn't work, put it on the blacklist.
+@@ -193,7 +193,7 @@ static int __init dmi_disable_osi_win7(const struct dmi_system_id *d)
+ return 0;
+ }
+
+-static struct dmi_system_id acpi_osi_dmi_table[] __initdata = {
++static const struct dmi_system_id acpi_osi_dmi_table[] __initconst = {
+ {
+ .callback = dmi_disable_osi_vista,
+ .ident = "Fujitsu Siemens",
diff --git a/drivers/acpi/ec_sys.c b/drivers/acpi/ec_sys.c
index 7586544..636a2f0 100644
--- a/drivers/acpi/ec_sys.c
err = ec_write(*off, byte_write);
if (err)
return err;
-diff --git a/drivers/acpi/proc.c b/drivers/acpi/proc.c
-index 27adb09..ef98796b 100644
---- a/drivers/acpi/proc.c
-+++ b/drivers/acpi/proc.c
-@@ -362,16 +362,13 @@ acpi_system_write_wakeup_device(struct file *file,
- struct list_head *node, *next;
- char strbuf[5];
- char str[5] = "";
-- unsigned int len = count;
-
-- if (len > 4)
-- len = 4;
-- if (len < 0)
-- return -EFAULT;
-+ if (count > 4)
-+ count = 4;
-
-- if (copy_from_user(strbuf, buffer, len))
-+ if (copy_from_user(strbuf, buffer, count))
- return -EFAULT;
-- strbuf[len] = '\0';
-+ strbuf[count] = '\0';
- sscanf(strbuf, "%s", str);
-
- mutex_lock(&acpi_device_lock);
diff --git a/drivers/acpi/processor_driver.c b/drivers/acpi/processor_driver.c
-index bd4e5dc..0497b66 100644
+index e83311b..142b5cc 100644
--- a/drivers/acpi/processor_driver.c
+++ b/drivers/acpi/processor_driver.c
-@@ -552,7 +552,7 @@ static int __cpuinit acpi_processor_add(struct acpi_device *device)
+@@ -558,7 +558,7 @@ static int __cpuinit acpi_processor_add(struct acpi_device *device)
return 0;
#endif
/*
* Buggy BIOS check
+diff --git a/drivers/acpi/processor_idle.c b/drivers/acpi/processor_idle.c
+index ed9a1cc..f4a354c 100644
+--- a/drivers/acpi/processor_idle.c
++++ b/drivers/acpi/processor_idle.c
+@@ -1005,7 +1005,7 @@ static int acpi_processor_setup_cpuidle_states(struct acpi_processor *pr)
+ {
+ int i, count = CPUIDLE_DRIVER_STATE_START;
+ struct acpi_processor_cx *cx;
+- struct cpuidle_state *state;
++ cpuidle_state_no_const *state;
+ struct cpuidle_driver *drv = &acpi_idle_driver;
+
+ if (!pr->flags.power_setup_done)
+diff --git a/drivers/acpi/sysfs.c b/drivers/acpi/sysfs.c
+index ea61ca9..3fdd70d 100644
+--- a/drivers/acpi/sysfs.c
++++ b/drivers/acpi/sysfs.c
+@@ -420,11 +420,11 @@ static u32 num_counters;
+ static struct attribute **all_attrs;
+ static u32 acpi_gpe_count;
+
+-static struct attribute_group interrupt_stats_attr_group = {
++static attribute_group_no_const interrupt_stats_attr_group = {
+ .name = "interrupts",
+ };
+
+-static struct kobj_attribute *counter_attrs;
++static kobj_attribute_no_const *counter_attrs;
+
+ static void delete_gpe_attr_array(void)
+ {
diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c
-index c8ac4fe..631818e 100644
+index 46cd3f4..0871ad0 100644
--- a/drivers/ata/libata-core.c
+++ b/drivers/ata/libata-core.c
-@@ -4779,7 +4779,7 @@ void ata_qc_free(struct ata_queued_cmd *qc)
+@@ -4780,7 +4780,7 @@ void ata_qc_free(struct ata_queued_cmd *qc)
struct ata_port *ap;
unsigned int tag;
ap = qc->ap;
qc->flags = 0;
-@@ -4795,7 +4795,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc)
+@@ -4796,7 +4796,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc)
struct ata_port *ap;
struct ata_link *link;
WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE));
ap = qc->ap;
link = qc->dev->link;
-@@ -5891,6 +5891,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
+@@ -5892,6 +5892,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
return;
spin_lock(&lock);
for (cur = ops->inherits; cur; cur = cur->inherits) {
void **inherit = (void **)cur;
-@@ -5904,8 +5905,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
+@@ -5905,8 +5906,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
if (IS_ERR(*pp))
*pp = NULL;
}
diff --git a/drivers/ata/pata_arasan_cf.c b/drivers/ata/pata_arasan_cf.c
-index 371fd2c..0836c78 100644
+index 405022d..fb70e53 100644
--- a/drivers/ata/pata_arasan_cf.c
+++ b/drivers/ata/pata_arasan_cf.c
-@@ -861,7 +861,9 @@ static int __devinit arasan_cf_probe(struct platform_device *pdev)
+@@ -864,7 +864,9 @@ static int arasan_cf_probe(struct platform_device *pdev)
/* Handle platform specific quirks */
if (pdata->quirk) {
if (pdata->quirk & CF_BROKEN_PIO) {
return 0;
}
diff --git a/drivers/atm/ambassador.c b/drivers/atm/ambassador.c
-index ff7bb8a..568fc0b 100644
+index 77a7480..05cde58 100644
--- a/drivers/atm/ambassador.c
+++ b/drivers/atm/ambassador.c
@@ -454,7 +454,7 @@ static void tx_complete (amb_dev * dev, tx_out * tx) {
if (vcc->pop) vcc->pop(vcc,skb);
else dev_kfree_skb(skb);
diff --git a/drivers/atm/eni.c b/drivers/atm/eni.c
-index 81e44f7..498ea36 100644
+index c1eb6fa..4c71be9 100644
--- a/drivers/atm/eni.c
+++ b/drivers/atm/eni.c
@@ -522,7 +522,7 @@ static int rx_aal0(struct atm_vcc *vcc)
dma_complete++;
}
diff --git a/drivers/atm/firestream.c b/drivers/atm/firestream.c
-index 86fed1b..6dc4721 100644
+index b41c948..a002b17 100644
--- a/drivers/atm/firestream.c
+++ b/drivers/atm/firestream.c
@@ -749,7 +749,7 @@ static void process_txdone_queue (struct fs_dev *dev, struct queue *q)
default: /* Hmm. Haven't written the code to handle the others yet... -- REW */
printk (KERN_WARNING "Don't know what to do with RX status %x: %s.\n",
diff --git a/drivers/atm/fore200e.c b/drivers/atm/fore200e.c
-index 361f5ae..7fc552d 100644
+index 204814e..cede831 100644
--- a/drivers/atm/fore200e.c
+++ b/drivers/atm/fore200e.c
-@@ -933,9 +933,9 @@ fore200e_tx_irq(struct fore200e* fore200e)
+@@ -931,9 +931,9 @@ fore200e_tx_irq(struct fore200e* fore200e)
#endif
/* check error condition */
if (*entry->status & STATUS_ERROR)
}
}
-@@ -1084,7 +1084,7 @@ fore200e_push_rpd(struct fore200e* fore200e, struct atm_vcc* vcc, struct rpd* rp
+@@ -1082,7 +1082,7 @@ fore200e_push_rpd(struct fore200e* fore200e, struct atm_vcc* vcc, struct rpd* rp
if (skb == NULL) {
DPRINTK(2, "unable to alloc new skb, rx PDU length = %d\n", pdu_len);
return -ENOMEM;
}
-@@ -1127,14 +1127,14 @@ fore200e_push_rpd(struct fore200e* fore200e, struct atm_vcc* vcc, struct rpd* rp
+@@ -1125,14 +1125,14 @@ fore200e_push_rpd(struct fore200e* fore200e, struct atm_vcc* vcc, struct rpd* rp
dev_kfree_skb_any(skb);
ASSERT(atomic_read(&sk_atm(vcc)->sk_wmem_alloc) >= 0);
-@@ -1212,7 +1212,7 @@ fore200e_rx_irq(struct fore200e* fore200e)
+@@ -1210,7 +1210,7 @@ fore200e_rx_irq(struct fore200e* fore200e)
DPRINTK(2, "damaged PDU on %d.%d.%d\n",
fore200e->atm_dev->number,
entry->rpd->atm_header.vpi, entry->rpd->atm_header.vci);
}
}
-@@ -1657,7 +1657,7 @@ fore200e_send(struct atm_vcc *vcc, struct sk_buff *skb)
+@@ -1655,7 +1655,7 @@ fore200e_send(struct atm_vcc *vcc, struct sk_buff *skb)
goto retry_here;
}
fore200e->tx_sat++;
DPRINTK(2, "tx queue of device %s is saturated, PDU dropped - heartbeat is %08x\n",
diff --git a/drivers/atm/he.c b/drivers/atm/he.c
-index b182c2f..1c6fa8a 100644
+index 72b6960..cf9167a 100644
--- a/drivers/atm/he.c
+++ b/drivers/atm/he.c
-@@ -1709,7 +1709,7 @@ he_service_rbrq(struct he_dev *he_dev, int group)
+@@ -1699,7 +1699,7 @@ he_service_rbrq(struct he_dev *he_dev, int group)
if (RBRQ_HBUF_ERR(he_dev->rbrq_head)) {
hprintk("HBUF_ERR! (cid 0x%x)\n", cid);
goto return_host_buffers;
}
-@@ -1736,7 +1736,7 @@ he_service_rbrq(struct he_dev *he_dev, int group)
+@@ -1726,7 +1726,7 @@ he_service_rbrq(struct he_dev *he_dev, int group)
RBRQ_LEN_ERR(he_dev->rbrq_head)
? "LEN_ERR" : "",
vcc->vpi, vcc->vci);
goto return_host_buffers;
}
-@@ -1788,7 +1788,7 @@ he_service_rbrq(struct he_dev *he_dev, int group)
+@@ -1778,7 +1778,7 @@ he_service_rbrq(struct he_dev *he_dev, int group)
vcc->push(vcc, skb);
spin_lock(&he_dev->global_lock);
return_host_buffers:
++pdus_assembled;
-@@ -2114,7 +2114,7 @@ __enqueue_tpd(struct he_dev *he_dev, struct he_tpd *tpd, unsigned cid)
+@@ -2104,7 +2104,7 @@ __enqueue_tpd(struct he_dev *he_dev, struct he_tpd *tpd, unsigned cid)
tpd->vcc->pop(tpd->vcc, tpd->skb);
else
dev_kfree_skb_any(tpd->skb);
}
pci_pool_free(he_dev->tpd_pool, tpd, TPD_ADDR(tpd->status));
return;
-@@ -2526,7 +2526,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb)
+@@ -2516,7 +2516,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb)
vcc->pop(vcc, skb);
else
dev_kfree_skb_any(skb);
return -EINVAL;
}
-@@ -2537,7 +2537,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb)
+@@ -2527,7 +2527,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb)
vcc->pop(vcc, skb);
else
dev_kfree_skb_any(skb);
return -EINVAL;
}
#endif
-@@ -2549,7 +2549,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb)
+@@ -2539,7 +2539,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb)
vcc->pop(vcc, skb);
else
dev_kfree_skb_any(skb);
spin_unlock_irqrestore(&he_dev->global_lock, flags);
return -ENOMEM;
}
-@@ -2591,7 +2591,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb)
+@@ -2581,7 +2581,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb)
vcc->pop(vcc, skb);
else
dev_kfree_skb_any(skb);
spin_unlock_irqrestore(&he_dev->global_lock, flags);
return -ENOMEM;
}
-@@ -2622,7 +2622,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb)
+@@ -2612,7 +2612,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb)
__enqueue_tpd(he_dev, tpd, cid);
spin_unlock_irqrestore(&he_dev->global_lock, flags);
return 0;
}
diff --git a/drivers/atm/horizon.c b/drivers/atm/horizon.c
-index 7d01c2a..4e3ac01 100644
+index 1dc0519..1aadaf7 100644
--- a/drivers/atm/horizon.c
+++ b/drivers/atm/horizon.c
@@ -1034,7 +1034,7 @@ static void rx_schedule (hrz_dev * dev, int irq) {
// free the skb
hrz_kfree_skb (skb);
diff --git a/drivers/atm/idt77252.c b/drivers/atm/idt77252.c
-index 8974bd2..b856f85 100644
+index 272f009..a18ba55 100644
--- a/drivers/atm/idt77252.c
+++ b/drivers/atm/idt77252.c
@@ -812,7 +812,7 @@ drain_scq(struct idt77252_dev *card, struct vc_map *vc)
}
atomic_add(skb->truesize, &sk_atm(vcc)->sk_wmem_alloc);
diff --git a/drivers/atm/iphase.c b/drivers/atm/iphase.c
-index 96cce6d..62c3ec5 100644
+index 4217f29..88f547a 100644
--- a/drivers/atm/iphase.c
+++ b/drivers/atm/iphase.c
@@ -1145,7 +1145,7 @@ static int rx_pkt(struct atm_dev *dev)
vcc->tx_quota = vcc->tx_quota * 3 / 4;
printk("Tx1: vcc->tx_quota = %d \n", (u32)vcc->tx_quota );
diff --git a/drivers/atm/lanai.c b/drivers/atm/lanai.c
-index 68c7588..7036683 100644
+index fa7d701..1e404c7 100644
--- a/drivers/atm/lanai.c
+++ b/drivers/atm/lanai.c
@@ -1303,7 +1303,7 @@ static void lanai_send_one_aal5(struct lanai_dev *lanai,
lvcc->rx.buf.ptr = &lvcc->rx.buf.start[SERVICE_GET_END(s) * 4];
cardvcc_write(lvcc, SERVICE_GET_END(s), vcc_rxreadptr);
diff --git a/drivers/atm/nicstar.c b/drivers/atm/nicstar.c
-index 1c70c45..300718d 100644
+index ed1d2b7..8cffc1f 100644
--- a/drivers/atm/nicstar.c
+++ b/drivers/atm/nicstar.c
@@ -1654,7 +1654,7 @@ static int ns_send(struct atm_vcc *vcc, struct sk_buff *skb)
}
diff --git a/drivers/atm/solos-pci.c b/drivers/atm/solos-pci.c
-index 1853a45..cf2426d 100644
+index 0474a89..06ea4a1 100644
--- a/drivers/atm/solos-pci.c
+++ b/drivers/atm/solos-pci.c
-@@ -714,7 +714,7 @@ void solos_bh(unsigned long card_arg)
+@@ -838,7 +838,7 @@ void solos_bh(unsigned long card_arg)
}
atm_charge(vcc, skb->truesize);
vcc->push(vcc, skb);
break;
case PKT_STATUS:
-@@ -1010,7 +1010,7 @@ static uint32_t fpga_tx(struct solos_card *card)
+@@ -1117,7 +1117,7 @@ static uint32_t fpga_tx(struct solos_card *card)
vcc = SKB_CB(oldskb)->vcc;
if (vcc) {
- atomic_inc(&vcc->stats->tx);
+ atomic_inc_unchecked(&vcc->stats->tx);
solos_pop(vcc, oldskb);
- } else
+ } else {
dev_kfree_skb_irq(oldskb);
diff --git a/drivers/atm/suni.c b/drivers/atm/suni.c
index 0215934..ce9f5b1 100644
}
diff --git a/drivers/atm/zatm.c b/drivers/atm/zatm.c
-index abe4e20..83c4727 100644
+index 969c3c2..9b72956 100644
--- a/drivers/atm/zatm.c
+++ b/drivers/atm/zatm.c
@@ -459,7 +459,7 @@ printk("dummy: 0x%08lx, 0x%08lx\n",dummy[0],dummy[1]);
wake_up(&zatm_vcc->tx_wait);
}
+diff --git a/drivers/base/bus.c b/drivers/base/bus.c
+index 6856303..0602d70 100644
+--- a/drivers/base/bus.c
++++ b/drivers/base/bus.c
+@@ -1163,7 +1163,7 @@ int subsys_interface_register(struct subsys_interface *sif)
+ return -EINVAL;
+
+ mutex_lock(&subsys->p->mutex);
+- list_add_tail(&sif->node, &subsys->p->interfaces);
++ pax_list_add_tail((struct list_head *)&sif->node, &subsys->p->interfaces);
+ if (sif->add_dev) {
+ subsys_dev_iter_init(&iter, subsys, NULL, NULL);
+ while ((dev = subsys_dev_iter_next(&iter)))
+@@ -1188,7 +1188,7 @@ void subsys_interface_unregister(struct subsys_interface *sif)
+ subsys = sif->subsys;
+
+ mutex_lock(&subsys->p->mutex);
+- list_del_init(&sif->node);
++ pax_list_del_init((struct list_head *)&sif->node);
+ if (sif->remove_dev) {
+ subsys_dev_iter_init(&iter, subsys, NULL, NULL);
+ while ((dev = subsys_dev_iter_next(&iter)))
diff --git a/drivers/base/devtmpfs.c b/drivers/base/devtmpfs.c
-index 147d1a4..d0fd4b0 100644
+index 17cf7ca..7e553e1 100644
--- a/drivers/base/devtmpfs.c
+++ b/drivers/base/devtmpfs.c
@@ -347,7 +347,7 @@ int devtmpfs_mount(const char *mntdir)
if (err)
printk(KERN_INFO "devtmpfs: error mounting %i\n", err);
else
+diff --git a/drivers/base/node.c b/drivers/base/node.c
+index fac124a..66bd4ab 100644
+--- a/drivers/base/node.c
++++ b/drivers/base/node.c
+@@ -625,7 +625,7 @@ static ssize_t print_nodes_state(enum node_states state, char *buf)
+ struct node_attr {
+ struct device_attribute attr;
+ enum node_states state;
+-};
++} __do_const;
+
+ static ssize_t show_node_state(struct device *dev,
+ struct device_attribute *attr, char *buf)
+diff --git a/drivers/base/power/domain.c b/drivers/base/power/domain.c
+index acc3a8d..981c236 100644
+--- a/drivers/base/power/domain.c
++++ b/drivers/base/power/domain.c
+@@ -1851,7 +1851,7 @@ int pm_genpd_attach_cpuidle(struct generic_pm_domain *genpd, int state)
+ {
+ struct cpuidle_driver *cpuidle_drv;
+ struct gpd_cpu_data *cpu_data;
+- struct cpuidle_state *idle_state;
++ cpuidle_state_no_const *idle_state;
+ int ret = 0;
+
+ if (IS_ERR_OR_NULL(genpd) || state < 0)
+@@ -1919,7 +1919,7 @@ int pm_genpd_name_attach_cpuidle(const char *name, int state)
+ int pm_genpd_detach_cpuidle(struct generic_pm_domain *genpd)
+ {
+ struct gpd_cpu_data *cpu_data;
+- struct cpuidle_state *idle_state;
++ cpuidle_state_no_const *idle_state;
+ int ret = 0;
+
+ if (IS_ERR_OR_NULL(genpd))
diff --git a/drivers/base/power/wakeup.c b/drivers/base/power/wakeup.c
index e6ee5e8..98ad7fc 100644
--- a/drivers/base/power/wakeup.c
trace_wakeup_source_deactivate(ws->name, cec);
split_counters(&cnt, &inpr);
+diff --git a/drivers/base/syscore.c b/drivers/base/syscore.c
+index e8d11b6..7b1b36f 100644
+--- a/drivers/base/syscore.c
++++ b/drivers/base/syscore.c
+@@ -21,7 +21,7 @@ static DEFINE_MUTEX(syscore_ops_lock);
+ void register_syscore_ops(struct syscore_ops *ops)
+ {
+ mutex_lock(&syscore_ops_lock);
+- list_add_tail(&ops->node, &syscore_ops_list);
++ pax_list_add_tail((struct list_head *)&ops->node, &syscore_ops_list);
+ mutex_unlock(&syscore_ops_lock);
+ }
+ EXPORT_SYMBOL_GPL(register_syscore_ops);
+@@ -33,7 +33,7 @@ EXPORT_SYMBOL_GPL(register_syscore_ops);
+ void unregister_syscore_ops(struct syscore_ops *ops)
+ {
+ mutex_lock(&syscore_ops_lock);
+- list_del(&ops->node);
++ pax_list_del((struct list_head *)&ops->node);
+ mutex_unlock(&syscore_ops_lock);
+ }
+ EXPORT_SYMBOL_GPL(unregister_syscore_ops);
diff --git a/drivers/block/cciss.c b/drivers/block/cciss.c
-index ca83f96..69d4ea9 100644
+index ade58bc..867143d 100644
--- a/drivers/block/cciss.c
+++ b/drivers/block/cciss.c
-@@ -1198,6 +1198,8 @@ static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode,
+@@ -1196,6 +1196,8 @@ static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode,
int err;
u32 cp;
err = 0;
err |=
copy_from_user(&arg64.LUN_info, &arg32->LUN_info,
-@@ -3007,7 +3009,7 @@ static void start_io(ctlr_info_t *h)
+@@ -3005,7 +3007,7 @@ static void start_io(ctlr_info_t *h)
while (!list_empty(&h->reqQ)) {
c = list_entry(h->reqQ.next, CommandList_struct, list);
/* can't do anything if fifo is full */
dev_warn(&h->pdev->dev, "fifo full\n");
break;
}
-@@ -3017,7 +3019,7 @@ static void start_io(ctlr_info_t *h)
+@@ -3015,7 +3017,7 @@ static void start_io(ctlr_info_t *h)
h->Qdepth--;
/* Tell the controller execute command */
/* Put job onto the completed Q */
addQ(&h->cmpQ, c);
-@@ -3443,17 +3445,17 @@ startio:
+@@ -3441,17 +3443,17 @@ startio:
static inline unsigned long get_next_completion(ctlr_info_t *h)
{
(h->interrupts_enabled == 0));
}
-@@ -3486,7 +3488,7 @@ static inline u32 next_command(ctlr_info_t *h)
+@@ -3484,7 +3486,7 @@ static inline u32 next_command(ctlr_info_t *h)
u32 a;
if (unlikely(!(h->transMethod & CFGTBL_Trans_Performant)))
if ((*(h->reply_pool_head) & 1) == (h->reply_pool_wraparound)) {
a = *(h->reply_pool_head); /* Next cmd in ring buffer */
-@@ -4044,7 +4046,7 @@ static void __devinit cciss_put_controller_into_performant_mode(ctlr_info_t *h)
+@@ -4041,7 +4043,7 @@ static void cciss_put_controller_into_performant_mode(ctlr_info_t *h)
trans_support & CFGTBL_Trans_use_short_tags);
/* Change the access methods to the performant access methods */
h->transMethod = CFGTBL_Trans_Performant;
return;
-@@ -4316,7 +4318,7 @@ static int __devinit cciss_pci_init(ctlr_info_t *h)
+@@ -4310,7 +4312,7 @@ static int cciss_pci_init(ctlr_info_t *h)
if (prod_index < 0)
return -ENODEV;
h->product_name = products[prod_index].product_name;
if (cciss_board_disabled(h)) {
dev_warn(&h->pdev->dev, "controller appears to be disabled\n");
-@@ -5041,7 +5043,7 @@ reinit_after_soft_reset:
+@@ -5032,7 +5034,7 @@ reinit_after_soft_reset:
}
/* make sure the board interrupts are off */
rc = cciss_request_irq(h, do_cciss_msix_intr, do_cciss_intx);
if (rc)
goto clean2;
-@@ -5093,7 +5095,7 @@ reinit_after_soft_reset:
+@@ -5082,7 +5084,7 @@ reinit_after_soft_reset:
* fake ones to scoop up any residual completions.
*/
spin_lock_irqsave(&h->lock, flags);
spin_unlock_irqrestore(&h->lock, flags);
free_irq(h->intr[h->intr_mode], h);
rc = cciss_request_irq(h, cciss_msix_discard_completions,
-@@ -5113,9 +5115,9 @@ reinit_after_soft_reset:
+@@ -5102,9 +5104,9 @@ reinit_after_soft_reset:
dev_info(&h->pdev->dev, "Board READY.\n");
dev_info(&h->pdev->dev,
"Waiting for stale completions to drain.\n");
rc = controller_reset_failed(h->cfgtable);
if (rc)
-@@ -5138,7 +5140,7 @@ reinit_after_soft_reset:
+@@ -5127,7 +5129,7 @@ reinit_after_soft_reset:
cciss_scsi_setup(h);
/* Turn the interrupts on so we can service requests */
/* Get the firmware version */
inq_buff = kzalloc(sizeof(InquiryData_struct), GFP_KERNEL);
-@@ -5210,7 +5212,7 @@ static void cciss_shutdown(struct pci_dev *pdev)
+@@ -5199,7 +5201,7 @@ static void cciss_shutdown(struct pci_dev *pdev)
kfree(flush_buf);
if (return_code != IO_OK)
dev_warn(&h->pdev->dev, "Error flushing cache\n");
/* queue and queue Info */
struct list_head reqQ;
diff --git a/drivers/block/cpqarray.c b/drivers/block/cpqarray.c
-index 9125bbe..eede5c8 100644
+index 3f08713..56a586a 100644
--- a/drivers/block/cpqarray.c
+++ b/drivers/block/cpqarray.c
-@@ -404,7 +404,7 @@ static int __devinit cpqarray_register_ctlr( int i, struct pci_dev *pdev)
+@@ -404,7 +404,7 @@ static int cpqarray_register_ctlr(int i, struct pci_dev *pdev)
if (register_blkdev(COMPAQ_SMART2_MAJOR+i, hba[i]->devname)) {
goto Enomem4;
}
if (request_irq(hba[i]->intr, do_ida_intr,
IRQF_DISABLED|IRQF_SHARED, hba[i]->devname, hba[i]))
{
-@@ -459,7 +459,7 @@ static int __devinit cpqarray_register_ctlr( int i, struct pci_dev *pdev)
+@@ -459,7 +459,7 @@ static int cpqarray_register_ctlr(int i, struct pci_dev *pdev)
add_timer(&hba[i]->timer);
/* Enable IRQ now that spinlock and rate limit timer are set up */
break;
}
}
-@@ -792,7 +792,7 @@ static int __devinit cpqarray_eisa_detect(void)
+@@ -792,7 +792,7 @@ static int cpqarray_eisa_detect(void)
hba[ctlr]->intr = intr;
sprintf(hba[ctlr]->devname, "ida%d", nr_ctlr);
hba[ctlr]->product_name = products[j].product_name;
cmdlist_t *reqQ;
cmdlist_t *cmpQ;
diff --git a/drivers/block/drbd/drbd_int.h b/drivers/block/drbd/drbd_int.h
-index b953cc7..e3dc580 100644
+index 6b51afa..17e1191 100644
--- a/drivers/block/drbd/drbd_int.h
+++ b/drivers/block/drbd/drbd_int.h
-@@ -735,7 +735,7 @@ struct drbd_request;
- struct drbd_epoch {
+@@ -582,7 +582,7 @@ struct drbd_epoch {
+ struct drbd_tconn *tconn;
struct list_head list;
unsigned int barrier_nr;
- atomic_t epoch_size; /* increased on every request added. */
atomic_t active; /* increased on every req. added, and dec on every finished. */
unsigned long flags;
};
-@@ -1116,7 +1116,7 @@ struct drbd_conf {
- void *int_dig_in;
- void *int_dig_vv;
+@@ -1011,7 +1011,7 @@ struct drbd_conf {
+ int al_tr_cycle;
+ int al_tr_pos; /* position of the next transaction in the journal */
wait_queue_head_t seq_wait;
- atomic_t packet_seq;
+ atomic_unchecked_t packet_seq;
unsigned int peer_seq;
spinlock_t peer_seq_lock;
unsigned int minor;
-@@ -1658,30 +1658,30 @@ static inline int drbd_setsockopt(struct socket *sock, int level, int optname,
-
- static inline void drbd_tcp_cork(struct socket *sock)
- {
-- int __user val = 1;
-+ int val = 1;
- (void) drbd_setsockopt(sock, SOL_TCP, TCP_CORK,
-- (char __user *)&val, sizeof(val));
-+ (char __force_user *)&val, sizeof(val));
- }
-
- static inline void drbd_tcp_uncork(struct socket *sock)
- {
-- int __user val = 0;
-+ int val = 0;
- (void) drbd_setsockopt(sock, SOL_TCP, TCP_CORK,
-- (char __user *)&val, sizeof(val));
-+ (char __force_user *)&val, sizeof(val));
- }
+@@ -1527,7 +1527,7 @@ static inline int drbd_setsockopt(struct socket *sock, int level, int optname,
+ char __user *uoptval;
+ int err;
- static inline void drbd_tcp_nodelay(struct socket *sock)
- {
-- int __user val = 1;
-+ int val = 1;
- (void) drbd_setsockopt(sock, SOL_TCP, TCP_NODELAY,
-- (char __user *)&val, sizeof(val));
-+ (char __force_user *)&val, sizeof(val));
- }
+- uoptval = (char __user __force *)optval;
++ uoptval = (char __force_user *)optval;
- static inline void drbd_tcp_quickack(struct socket *sock)
- {
-- int __user val = 2;
-+ int val = 2;
- (void) drbd_setsockopt(sock, SOL_TCP, TCP_QUICKACK,
-- (char __user *)&val, sizeof(val));
-+ (char __force_user *)&val, sizeof(val));
- }
-
- void drbd_bump_write_ordering(struct drbd_conf *mdev, enum write_ordering_e wo);
+ set_fs(KERNEL_DS);
+ if (level == SOL_SOCKET)
diff --git a/drivers/block/drbd/drbd_main.c b/drivers/block/drbd/drbd_main.c
-index f55683a..2101b96 100644
+index 8c13eeb..217adee 100644
--- a/drivers/block/drbd/drbd_main.c
+++ b/drivers/block/drbd/drbd_main.c
-@@ -2556,7 +2556,7 @@ static int _drbd_send_ack(struct drbd_conf *mdev, enum drbd_packets cmd,
- p.sector = sector;
- p.block_id = block_id;
- p.blksize = blksize;
-- p.seq_num = cpu_to_be32(atomic_add_return(1, &mdev->packet_seq));
-+ p.seq_num = cpu_to_be32(atomic_add_return_unchecked(1, &mdev->packet_seq));
-
- if (!mdev->meta.socket || mdev->state.conn < C_CONNECTED)
- return false;
-@@ -2854,7 +2854,7 @@ int drbd_send_dblock(struct drbd_conf *mdev, struct drbd_request *req)
-
- p.sector = cpu_to_be64(req->sector);
- p.block_id = (unsigned long)req;
-- p.seq_num = cpu_to_be32(atomic_add_return(1, &mdev->packet_seq));
-+ p.seq_num = cpu_to_be32(atomic_add_return_unchecked(1, &mdev->packet_seq));
+@@ -1317,7 +1317,7 @@ static int _drbd_send_ack(struct drbd_conf *mdev, enum drbd_packet cmd,
+ p->sector = sector;
+ p->block_id = block_id;
+ p->blksize = blksize;
+- p->seq_num = cpu_to_be32(atomic_inc_return(&mdev->packet_seq));
++ p->seq_num = cpu_to_be32(atomic_inc_return_unchecked(&mdev->packet_seq));
+ return drbd_send_command(mdev, sock, cmd, sizeof(*p), NULL, 0);
+ }
+@@ -1619,7 +1619,7 @@ int drbd_send_dblock(struct drbd_conf *mdev, struct drbd_request *req)
+ return -EIO;
+ p->sector = cpu_to_be64(req->i.sector);
+ p->block_id = (unsigned long)req;
+- p->seq_num = cpu_to_be32(atomic_inc_return(&mdev->packet_seq));
++ p->seq_num = cpu_to_be32(atomic_inc_return_unchecked(&mdev->packet_seq));
dp_flags = bio_flags_to_wire(mdev, req->master_bio->bi_rw);
+ if (mdev->state.conn >= C_SYNC_SOURCE &&
+ mdev->state.conn <= C_PAUSED_SYNC_T)
+@@ -2574,8 +2574,8 @@ void conn_destroy(struct kref *kref)
+ {
+ struct drbd_tconn *tconn = container_of(kref, struct drbd_tconn, kref);
-@@ -3139,7 +3139,7 @@ void drbd_init_set_defaults(struct drbd_conf *mdev)
- atomic_set(&mdev->unacked_cnt, 0);
- atomic_set(&mdev->local_cnt, 0);
- atomic_set(&mdev->net_cnt, 0);
-- atomic_set(&mdev->packet_seq, 0);
-+ atomic_set_unchecked(&mdev->packet_seq, 0);
- atomic_set(&mdev->pp_in_use, 0);
- atomic_set(&mdev->pp_in_use_by_net, 0);
- atomic_set(&mdev->rs_sect_in, 0);
-@@ -3221,8 +3221,8 @@ void drbd_mdev_cleanup(struct drbd_conf *mdev)
- mdev->receiver.t_state);
-
- /* no need to lock it, I'm the only thread alive */
-- if (atomic_read(&mdev->current_epoch->epoch_size) != 0)
-- dev_err(DEV, "epoch_size:%d\n", atomic_read(&mdev->current_epoch->epoch_size));
-+ if (atomic_read_unchecked(&mdev->current_epoch->epoch_size) != 0)
-+ dev_err(DEV, "epoch_size:%d\n", atomic_read_unchecked(&mdev->current_epoch->epoch_size));
- mdev->al_writ_cnt =
- mdev->bm_writ_cnt =
- mdev->read_cnt =
-diff --git a/drivers/block/drbd/drbd_nl.c b/drivers/block/drbd/drbd_nl.c
-index edb490a..ecd69da 100644
---- a/drivers/block/drbd/drbd_nl.c
-+++ b/drivers/block/drbd/drbd_nl.c
-@@ -2407,7 +2407,7 @@ static void drbd_connector_callback(struct cn_msg *req, struct netlink_skb_parms
- module_put(THIS_MODULE);
- }
-
--static atomic_t drbd_nl_seq = ATOMIC_INIT(2); /* two. */
-+static atomic_unchecked_t drbd_nl_seq = ATOMIC_INIT(2); /* two. */
-
- static unsigned short *
- __tl_add_blob(unsigned short *tl, enum drbd_tags tag, const void *data,
-@@ -2478,7 +2478,7 @@ void drbd_bcast_state(struct drbd_conf *mdev, union drbd_state state)
- cn_reply->id.idx = CN_IDX_DRBD;
- cn_reply->id.val = CN_VAL_DRBD;
-
-- cn_reply->seq = atomic_add_return(1, &drbd_nl_seq);
-+ cn_reply->seq = atomic_add_return_unchecked(1, &drbd_nl_seq);
- cn_reply->ack = 0; /* not used here. */
- cn_reply->len = sizeof(struct drbd_nl_cfg_reply) +
- (int)((char *)tl - (char *)reply->tag_list);
-@@ -2510,7 +2510,7 @@ void drbd_bcast_ev_helper(struct drbd_conf *mdev, char *helper_name)
- cn_reply->id.idx = CN_IDX_DRBD;
- cn_reply->id.val = CN_VAL_DRBD;
-
-- cn_reply->seq = atomic_add_return(1, &drbd_nl_seq);
-+ cn_reply->seq = atomic_add_return_unchecked(1, &drbd_nl_seq);
- cn_reply->ack = 0; /* not used here. */
- cn_reply->len = sizeof(struct drbd_nl_cfg_reply) +
- (int)((char *)tl - (char *)reply->tag_list);
-@@ -2588,7 +2588,7 @@ void drbd_bcast_ee(struct drbd_conf *mdev,
- cn_reply->id.idx = CN_IDX_DRBD;
- cn_reply->id.val = CN_VAL_DRBD;
-
-- cn_reply->seq = atomic_add_return(1,&drbd_nl_seq);
-+ cn_reply->seq = atomic_add_return_unchecked(1,&drbd_nl_seq);
- cn_reply->ack = 0; // not used here.
- cn_reply->len = sizeof(struct drbd_nl_cfg_reply) +
- (int)((char*)tl - (char*)reply->tag_list);
-@@ -2627,7 +2627,7 @@ void drbd_bcast_sync_progress(struct drbd_conf *mdev)
- cn_reply->id.idx = CN_IDX_DRBD;
- cn_reply->id.val = CN_VAL_DRBD;
-
-- cn_reply->seq = atomic_add_return(1, &drbd_nl_seq);
-+ cn_reply->seq = atomic_add_return_unchecked(1, &drbd_nl_seq);
- cn_reply->ack = 0; /* not used here. */
- cn_reply->len = sizeof(struct drbd_nl_cfg_reply) +
- (int)((char *)tl - (char *)reply->tag_list);
+- if (atomic_read(&tconn->current_epoch->epoch_size) != 0)
+- conn_err(tconn, "epoch_size:%d\n", atomic_read(&tconn->current_epoch->epoch_size));
++ if (atomic_read_unchecked(&tconn->current_epoch->epoch_size) != 0)
++ conn_err(tconn, "epoch_size:%d\n", atomic_read_unchecked(&tconn->current_epoch->epoch_size));
+ kfree(tconn->current_epoch);
+
+ idr_destroy(&tconn->volumes);
diff --git a/drivers/block/drbd/drbd_receiver.c b/drivers/block/drbd/drbd_receiver.c
-index c74ca2d..860c819 100644
+index a9eccfc..f5efe87 100644
--- a/drivers/block/drbd/drbd_receiver.c
+++ b/drivers/block/drbd/drbd_receiver.c
-@@ -898,7 +898,7 @@ retry:
- sock->sk->sk_sndtimeo = mdev->net_conf->timeout*HZ/10;
- sock->sk->sk_rcvtimeo = MAX_SCHEDULE_TIMEOUT;
+@@ -833,7 +833,7 @@ int drbd_connected(struct drbd_conf *mdev)
+ {
+ int err;
- atomic_set(&mdev->packet_seq, 0);
+ atomic_set_unchecked(&mdev->packet_seq, 0);
mdev->peer_seq = 0;
- if (drbd_send_protocol(mdev) == -1)
-@@ -999,7 +999,7 @@ static enum finish_epoch drbd_may_finish_epoch(struct drbd_conf *mdev,
+ mdev->state_mutex = mdev->tconn->agreed_pro_version < 100 ?
+@@ -1191,7 +1191,7 @@ static enum finish_epoch drbd_may_finish_epoch(struct drbd_tconn *tconn,
do {
next_epoch = NULL;
switch (ev & ~EV_CLEANUP) {
case EV_PUT:
-@@ -1035,7 +1035,7 @@ static enum finish_epoch drbd_may_finish_epoch(struct drbd_conf *mdev,
+@@ -1231,7 +1231,7 @@ static enum finish_epoch drbd_may_finish_epoch(struct drbd_tconn *tconn,
rv = FE_DESTROYED;
} else {
epoch->flags = 0;
/* atomic_set(&epoch->active, 0); is already zero */
if (rv == FE_STILL_LIVE)
rv = FE_RECYCLED;
-@@ -1210,14 +1210,14 @@ static int receive_Barrier(struct drbd_conf *mdev, enum drbd_packets cmd, unsign
- drbd_wait_ee_list_empty(mdev, &mdev->active_ee);
- drbd_flush(mdev);
+@@ -1449,7 +1449,7 @@ static int receive_Barrier(struct drbd_tconn *tconn, struct packet_info *pi)
+ conn_wait_active_ee_empty(tconn);
+ drbd_flush(tconn);
-- if (atomic_read(&mdev->current_epoch->epoch_size)) {
-+ if (atomic_read_unchecked(&mdev->current_epoch->epoch_size)) {
+- if (atomic_read(&tconn->current_epoch->epoch_size)) {
++ if (atomic_read_unchecked(&tconn->current_epoch->epoch_size)) {
epoch = kmalloc(sizeof(struct drbd_epoch), GFP_NOIO);
if (epoch)
break;
- }
-
- epoch = mdev->current_epoch;
-- wait_event(mdev->ee_wait, atomic_read(&epoch->epoch_size) == 0);
-+ wait_event(mdev->ee_wait, atomic_read_unchecked(&epoch->epoch_size) == 0);
-
- D_ASSERT(atomic_read(&epoch->active) == 0);
- D_ASSERT(epoch->flags == 0);
-@@ -1229,11 +1229,11 @@ static int receive_Barrier(struct drbd_conf *mdev, enum drbd_packets cmd, unsign
+@@ -1462,11 +1462,11 @@ static int receive_Barrier(struct drbd_tconn *tconn, struct packet_info *pi)
}
epoch->flags = 0;
+ atomic_set_unchecked(&epoch->epoch_size, 0);
atomic_set(&epoch->active, 0);
- spin_lock(&mdev->epoch_lock);
-- if (atomic_read(&mdev->current_epoch->epoch_size)) {
-+ if (atomic_read_unchecked(&mdev->current_epoch->epoch_size)) {
- list_add(&epoch->list, &mdev->current_epoch->list);
- mdev->current_epoch = epoch;
- mdev->epochs++;
-@@ -1702,7 +1702,7 @@ static int receive_Data(struct drbd_conf *mdev, enum drbd_packets cmd, unsigned
- spin_unlock(&mdev->peer_seq_lock);
-
- drbd_send_ack_dp(mdev, P_NEG_ACK, p, data_size);
-- atomic_inc(&mdev->current_epoch->epoch_size);
-+ atomic_inc_unchecked(&mdev->current_epoch->epoch_size);
- return drbd_drain_block(mdev, data_size);
- }
-
-@@ -1732,7 +1732,7 @@ static int receive_Data(struct drbd_conf *mdev, enum drbd_packets cmd, unsigned
-
- spin_lock(&mdev->epoch_lock);
- e->epoch = mdev->current_epoch;
-- atomic_inc(&e->epoch->epoch_size);
-+ atomic_inc_unchecked(&e->epoch->epoch_size);
- atomic_inc(&e->epoch->active);
- spin_unlock(&mdev->epoch_lock);
-
-@@ -3954,7 +3954,7 @@ static void drbd_disconnect(struct drbd_conf *mdev)
- D_ASSERT(list_empty(&mdev->done_ee));
+ spin_lock(&tconn->epoch_lock);
+- if (atomic_read(&tconn->current_epoch->epoch_size)) {
++ if (atomic_read_unchecked(&tconn->current_epoch->epoch_size)) {
+ list_add(&epoch->list, &tconn->current_epoch->list);
+ tconn->current_epoch = epoch;
+ tconn->epochs++;
+@@ -2170,7 +2170,7 @@ static int receive_Data(struct drbd_tconn *tconn, struct packet_info *pi)
+
+ err = wait_for_and_update_peer_seq(mdev, peer_seq);
+ drbd_send_ack_dp(mdev, P_NEG_ACK, p, pi->size);
+- atomic_inc(&tconn->current_epoch->epoch_size);
++ atomic_inc_unchecked(&tconn->current_epoch->epoch_size);
+ err2 = drbd_drain_block(mdev, pi->size);
+ if (!err)
+ err = err2;
+@@ -2204,7 +2204,7 @@ static int receive_Data(struct drbd_tconn *tconn, struct packet_info *pi)
+
+ spin_lock(&tconn->epoch_lock);
+ peer_req->epoch = tconn->current_epoch;
+- atomic_inc(&peer_req->epoch->epoch_size);
++ atomic_inc_unchecked(&peer_req->epoch->epoch_size);
+ atomic_inc(&peer_req->epoch->active);
+ spin_unlock(&tconn->epoch_lock);
+
+@@ -4346,7 +4346,7 @@ struct data_cmd {
+ int expect_payload;
+ size_t pkt_size;
+ int (*fn)(struct drbd_tconn *, struct packet_info *);
+-};
++} __do_const;
+ static struct data_cmd drbd_cmd_handler[] = {
+ [P_DATA] = { 1, sizeof(struct p_data), receive_Data },
+@@ -4466,7 +4466,7 @@ static void conn_disconnect(struct drbd_tconn *tconn)
+ if (!list_empty(&tconn->current_epoch->list))
+ conn_err(tconn, "ASSERTION FAILED: tconn->current_epoch->list not empty\n");
/* ok, no more ee's on the fly, it is safe to reset the epoch_size */
-- atomic_set(&mdev->current_epoch->epoch_size, 0);
-+ atomic_set_unchecked(&mdev->current_epoch->epoch_size, 0);
- D_ASSERT(list_empty(&mdev->current_epoch->list));
- }
+- atomic_set(&tconn->current_epoch->epoch_size, 0);
++ atomic_set_unchecked(&tconn->current_epoch->epoch_size, 0);
+ tconn->send.seen_any_write_yet = false;
+
+ conn_info(tconn, "Connection closed\n");
+@@ -5222,7 +5222,7 @@ static int tconn_finish_peer_reqs(struct drbd_tconn *tconn)
+ struct asender_cmd {
+ size_t pkt_size;
+ int (*fn)(struct drbd_tconn *tconn, struct packet_info *);
+-};
++} __do_const;
+ static struct asender_cmd asender_tbl[] = {
+ [P_PING] = { 0, got_Ping },
diff --git a/drivers/block/loop.c b/drivers/block/loop.c
-index 54046e5..7759c55 100644
+index ae12512..37fa397 100644
--- a/drivers/block/loop.c
+++ b/drivers/block/loop.c
@@ -226,7 +226,7 @@ static int __do_lo_send_write(struct file *file,
}
diff --git a/drivers/cdrom/gdrom.c b/drivers/cdrom/gdrom.c
-index 75d485a..2809958 100644
+index d59cdcb..11afddf 100644
--- a/drivers/cdrom/gdrom.c
+++ b/drivers/cdrom/gdrom.c
@@ -491,7 +491,6 @@ static struct cdrom_device_ops gdrom_ops = {
return -EINVAL;
else
diff --git a/drivers/char/hpet.c b/drivers/char/hpet.c
-index dfd7876..c0b0885 100644
+index fe6d4be..89f32100 100644
--- a/drivers/char/hpet.c
+++ b/drivers/char/hpet.c
@@ -571,7 +571,7 @@ static inline unsigned long hpet_time_div(struct hpets *hpets,
{
struct hpet_timer __iomem *timer;
diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c
-index a0c84bb..9edcf60 100644
+index 053201b0..8335cce 100644
--- a/drivers/char/ipmi/ipmi_msghandler.c
+++ b/drivers/char/ipmi/ipmi_msghandler.c
@@ -420,7 +420,7 @@ struct ipmi_smi {
intf->proc_dir = NULL;
diff --git a/drivers/char/ipmi/ipmi_si_intf.c b/drivers/char/ipmi/ipmi_si_intf.c
-index 32a6c7e..f6966a9 100644
+index 1c7fdcd..4899100 100644
--- a/drivers/char/ipmi/ipmi_si_intf.c
+++ b/drivers/char/ipmi/ipmi_si_intf.c
@@ -275,7 +275,7 @@ struct smi_info {
new_smi->interrupt_disabled = 1;
atomic_set(&new_smi->stop_operation, 0);
diff --git a/drivers/char/mem.c b/drivers/char/mem.c
-index 0537903..121c699 100644
+index c6fa3bc..4ca3e42 100644
--- a/drivers/char/mem.c
+++ b/drivers/char/mem.c
@@ -18,6 +18,7 @@
*ppos = i;
diff --git a/drivers/char/pcmcia/synclink_cs.c b/drivers/char/pcmcia/synclink_cs.c
-index 21721d2..4e98777 100644
+index b66eaa0..2619d1b 100644
--- a/drivers/char/pcmcia/synclink_cs.c
+++ b/drivers/char/pcmcia/synclink_cs.c
-@@ -2346,9 +2346,9 @@ static void mgslpc_close(struct tty_struct *tty, struct file * filp)
+@@ -2348,9 +2348,9 @@ static void mgslpc_close(struct tty_struct *tty, struct file * filp)
if (debug_level >= DEBUG_LEVEL_INFO)
printk("%s(%d):mgslpc_close(%s) entry, count=%d\n",
if (tty_port_close_start(port, tty, filp) == 0)
goto cleanup;
-@@ -2366,7 +2366,7 @@ static void mgslpc_close(struct tty_struct *tty, struct file * filp)
+@@ -2368,7 +2368,7 @@ static void mgslpc_close(struct tty_struct *tty, struct file * filp)
cleanup:
if (debug_level >= DEBUG_LEVEL_INFO)
printk("%s(%d):mgslpc_close(%s) exit, count=%d\n", __FILE__,__LINE__,
}
/* Wait until the transmitter is empty.
-@@ -2508,7 +2508,7 @@ static int mgslpc_open(struct tty_struct *tty, struct file * filp)
+@@ -2510,7 +2510,7 @@ static int mgslpc_open(struct tty_struct *tty, struct file * filp)
if (debug_level >= DEBUG_LEVEL_INFO)
printk("%s(%d):mgslpc_open(%s), old ref count = %d\n",
/* If port is closing, signal caller to try again */
if (tty_hung_up_p(filp) || port->flags & ASYNC_CLOSING){
-@@ -2528,11 +2528,11 @@ static int mgslpc_open(struct tty_struct *tty, struct file * filp)
+@@ -2530,11 +2530,11 @@ static int mgslpc_open(struct tty_struct *tty, struct file * filp)
goto cleanup;
}
spin_lock(&port->lock);
/* 1st open on this device, init hardware */
retval = startup(info, tty);
if (retval < 0)
-@@ -3886,7 +3886,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding,
+@@ -3889,7 +3889,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding,
unsigned short new_crctype;
/* return error if TTY interface open */
return -EBUSY;
switch (encoding)
-@@ -3989,7 +3989,7 @@ static int hdlcdev_open(struct net_device *dev)
+@@ -3992,7 +3992,7 @@ static int hdlcdev_open(struct net_device *dev)
/* arbitrate between network and tty opens */
spin_lock_irqsave(&info->netlock, flags);
printk(KERN_WARNING "%s: hdlc_open returning busy\n", dev->name);
spin_unlock_irqrestore(&info->netlock, flags);
return -EBUSY;
-@@ -4078,7 +4078,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
+@@ -4081,7 +4081,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
printk("%s:hdlcdev_ioctl(%s)\n",__FILE__,dev->name);
/* return error if TTY interface open */
if (cmd != SIOCWANDEV)
diff --git a/drivers/char/random.c b/drivers/char/random.c
-index b86eae9..b9c2ed7 100644
+index 57d4b15..253207b 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -272,8 +272,13 @@
#if 0
/* x^2048 + x^1638 + x^1231 + x^819 + x^411 + x + 1 -- 115 */
{ 2048, 1638, 1231, 819, 411, 1 },
-@@ -437,6 +449,7 @@ struct entropy_store {
- int entropy_count;
- int entropy_total;
- unsigned int initialized:1;
-+ bool last_data_init;
- __u8 last_data[EXTRACT_SIZE];
- };
-
-@@ -527,8 +540,8 @@ static void _mix_pool_bytes(struct entropy_store *r, const void *in,
+@@ -524,8 +536,8 @@ static void _mix_pool_bytes(struct entropy_store *r, const void *in,
input_rotate += i ? 7 : 14;
}
smp_wmb();
if (out)
-@@ -957,6 +970,10 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
- ssize_t ret = 0, i;
- __u8 tmp[EXTRACT_SIZE];
-
-+ /* if last_data isn't primed, we need EXTRACT_SIZE extra bytes */
-+ if (fips_enabled && !r->last_data_init)
-+ nbytes += EXTRACT_SIZE;
-+
- trace_extract_entropy(r->name, nbytes, r->entropy_count, _RET_IP_);
- xfer_secondary_pool(r, nbytes);
- nbytes = account(r, nbytes, min, reserved);
-@@ -967,6 +984,17 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
- if (fips_enabled) {
- unsigned long flags;
-
-+
-+ /* prime last_data value if need be, per fips 140-2 */
-+ if (!r->last_data_init) {
-+ spin_lock_irqsave(&r->lock, flags);
-+ memcpy(r->last_data, tmp, EXTRACT_SIZE);
-+ r->last_data_init = true;
-+ nbytes -= EXTRACT_SIZE;
-+ spin_unlock_irqrestore(&r->lock, flags);
-+ extract_buf(r, tmp);
-+ }
-+
- spin_lock_irqsave(&r->lock, flags);
- if (!memcmp(tmp, r->last_data, EXTRACT_SIZE))
- panic("Hardware RNG duplicated output!\n");
-@@ -1008,7 +1036,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
+@@ -1024,7 +1036,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
extract_buf(r, tmp);
i = min_t(int, nbytes, EXTRACT_SIZE);
ret = -EFAULT;
break;
}
-@@ -1086,6 +1114,7 @@ static void init_std_data(struct entropy_store *r)
-
- r->entropy_count = 0;
- r->entropy_total = 0;
-+ r->last_data_init = false;
- mix_pool_bytes(r, &now, sizeof(now), NULL);
- for (i = r->poolinfo->POOLBYTES; i > 0; i -= sizeof(rv)) {
- if (!arch_get_random_long(&rv))
-@@ -1342,7 +1371,7 @@ EXPORT_SYMBOL(generate_random_uuid);
+@@ -1360,7 +1372,7 @@ EXPORT_SYMBOL(generate_random_uuid);
#include <linux/sysctl.h>
static int min_read_thresh = 8, min_write_thresh;
static int max_write_thresh = INPUT_POOL_WORDS * 32;
static char sysctl_bootid[16];
+@@ -1376,7 +1388,7 @@ static char sysctl_bootid[16];
+ static int proc_do_uuid(ctl_table *table, int write,
+ void __user *buffer, size_t *lenp, loff_t *ppos)
+ {
+- ctl_table fake_table;
++ ctl_table_no_const fake_table;
+ unsigned char buf[64], tmp_uuid[16], *uuid;
+
+ uuid = table->data;
diff --git a/drivers/char/sonypi.c b/drivers/char/sonypi.c
-index 9b4f011..b7e0a1a 100644
+index d780295..b29f3a8 100644
--- a/drivers/char/sonypi.c
+++ b/drivers/char/sonypi.c
@@ -54,6 +54,7 @@
return 0;
}
diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c
-index 8ab9c3d..c3e65d3 100644
+index ee4dbea..69c817b 100644
--- a/drivers/char/virtio_console.c
+++ b/drivers/char/virtio_console.c
-@@ -622,7 +622,7 @@ static ssize_t fill_readbuf(struct port *port, char *out_buf, size_t out_count,
+@@ -681,7 +681,7 @@ static ssize_t fill_readbuf(struct port *port, char *out_buf, size_t out_count,
if (to_user) {
ssize_t ret;
if (ret)
return -EFAULT;
} else {
-@@ -721,7 +721,7 @@ static ssize_t port_fops_read(struct file *filp, char __user *ubuf,
+@@ -780,7 +780,7 @@ static ssize_t port_fops_read(struct file *filp, char __user *ubuf,
if (!port_has_data(port) && !port->host_connected)
return 0;
}
static int wait_port_writable(struct port *port, bool nonblock)
-diff --git a/drivers/edac/edac_mc.c b/drivers/edac/edac_mc.c
-index 75c0a1a..96ba8f6 100644
---- a/drivers/edac/edac_mc.c
-+++ b/drivers/edac/edac_mc.c
-@@ -340,7 +340,7 @@ struct mem_ctl_info *edac_mc_alloc(unsigned mc_num,
- /*
- * Alocate and fill the csrow/channels structs
- */
-- mci->csrows = kcalloc(sizeof(*mci->csrows), tot_csrows, GFP_KERNEL);
-+ mci->csrows = kcalloc(tot_csrows, sizeof(*mci->csrows), GFP_KERNEL);
- if (!mci->csrows)
- goto error;
- for (row = 0; row < tot_csrows; row++) {
-@@ -351,7 +351,7 @@ struct mem_ctl_info *edac_mc_alloc(unsigned mc_num,
- csr->csrow_idx = row;
- csr->mci = mci;
- csr->nr_channels = tot_channels;
-- csr->channels = kcalloc(sizeof(*csr->channels), tot_channels,
-+ csr->channels = kcalloc(tot_channels, sizeof(*csr->channels),
- GFP_KERNEL);
- if (!csr->channels)
- goto error;
-@@ -369,7 +369,7 @@ struct mem_ctl_info *edac_mc_alloc(unsigned mc_num,
- /*
- * Allocate and fill the dimm structs
- */
-- mci->dimms = kcalloc(sizeof(*mci->dimms), tot_dimms, GFP_KERNEL);
-+ mci->dimms = kcalloc(tot_dimms, sizeof(*mci->dimms), GFP_KERNEL);
- if (!mci->dimms)
- goto error;
+diff --git a/drivers/clocksource/arm_generic.c b/drivers/clocksource/arm_generic.c
+index 8ae1a61..9c00613 100644
+--- a/drivers/clocksource/arm_generic.c
++++ b/drivers/clocksource/arm_generic.c
+@@ -181,7 +181,7 @@ static int __cpuinit arch_timer_cpu_notify(struct notifier_block *self,
+ return NOTIFY_OK;
+ }
+
+-static struct notifier_block __cpuinitdata arch_timer_cpu_nb = {
++static struct notifier_block arch_timer_cpu_nb = {
+ .notifier_call = arch_timer_cpu_notify,
+ };
+
+diff --git a/drivers/cpufreq/acpi-cpufreq.c b/drivers/cpufreq/acpi-cpufreq.c
+index 7b0d49d..134fac9 100644
+--- a/drivers/cpufreq/acpi-cpufreq.c
++++ b/drivers/cpufreq/acpi-cpufreq.c
+@@ -172,7 +172,7 @@ static ssize_t show_global_boost(struct kobject *kobj,
+ return sprintf(buf, "%u\n", boost_enabled);
+ }
+
+-static struct global_attr global_boost = __ATTR(boost, 0644,
++static global_attr_no_const global_boost = __ATTR(boost, 0644,
+ show_global_boost,
+ store_global_boost);
+
+@@ -712,8 +712,11 @@ static int acpi_cpufreq_cpu_init(struct cpufreq_policy *policy)
+ data->acpi_data = per_cpu_ptr(acpi_perf_data, cpu);
+ per_cpu(acfreq_data, cpu) = data;
+
+- if (cpu_has(c, X86_FEATURE_CONSTANT_TSC))
+- acpi_cpufreq_driver.flags |= CPUFREQ_CONST_LOOPS;
++ if (cpu_has(c, X86_FEATURE_CONSTANT_TSC)) {
++ pax_open_kernel();
++ *(u8 *)&acpi_cpufreq_driver.flags |= CPUFREQ_CONST_LOOPS;
++ pax_close_kernel();
++ }
+
+ result = acpi_processor_register_performance(data->acpi_data, cpu);
+ if (result)
+@@ -835,7 +838,9 @@ static int acpi_cpufreq_cpu_init(struct cpufreq_policy *policy)
+ policy->cur = acpi_cpufreq_guess_freq(data, policy->cpu);
+ break;
+ case ACPI_ADR_SPACE_FIXED_HARDWARE:
+- acpi_cpufreq_driver.get = get_cur_freq_on_cpu;
++ pax_open_kernel();
++ *(void **)&acpi_cpufreq_driver.get = get_cur_freq_on_cpu;
++ pax_close_kernel();
+ policy->cur = get_cur_freq_on_cpu(cpu);
+ break;
+ default:
+@@ -846,8 +851,11 @@ static int acpi_cpufreq_cpu_init(struct cpufreq_policy *policy)
+ acpi_processor_notify_smm(THIS_MODULE);
+
+ /* Check for APERF/MPERF support in hardware */
+- if (boot_cpu_has(X86_FEATURE_APERFMPERF))
+- acpi_cpufreq_driver.getavg = cpufreq_get_measured_perf;
++ if (boot_cpu_has(X86_FEATURE_APERFMPERF)) {
++ pax_open_kernel();
++ *(void **)&acpi_cpufreq_driver.getavg = cpufreq_get_measured_perf;
++ pax_close_kernel();
++ }
+
+ pr_debug("CPU%u - ACPI performance management activated.\n", cpu);
+ for (i = 0; i < perf->state_count; i++)
+diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c
+index 1f93dbd..305cef1 100644
+--- a/drivers/cpufreq/cpufreq.c
++++ b/drivers/cpufreq/cpufreq.c
+@@ -1843,7 +1843,7 @@ static int __cpuinit cpufreq_cpu_callback(struct notifier_block *nfb,
+ return NOTIFY_OK;
+ }
+
+-static struct notifier_block __refdata cpufreq_cpu_notifier = {
++static struct notifier_block cpufreq_cpu_notifier = {
+ .notifier_call = cpufreq_cpu_callback,
+ };
+
+@@ -1875,8 +1875,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data)
+
+ pr_debug("trying to register driver %s\n", driver_data->name);
+
+- if (driver_data->setpolicy)
+- driver_data->flags |= CPUFREQ_CONST_LOOPS;
++ if (driver_data->setpolicy) {
++ pax_open_kernel();
++ *(u8 *)&driver_data->flags |= CPUFREQ_CONST_LOOPS;
++ pax_close_kernel();
++ }
+ spin_lock_irqsave(&cpufreq_driver_lock, flags);
+ if (cpufreq_driver) {
+diff --git a/drivers/cpufreq/cpufreq_governor.c b/drivers/cpufreq/cpufreq_governor.c
+index 6c5f1d3..c7e2f35e 100644
+--- a/drivers/cpufreq/cpufreq_governor.c
++++ b/drivers/cpufreq/cpufreq_governor.c
+@@ -243,7 +243,7 @@ int cpufreq_governor_dbs(struct dbs_data *dbs_data,
+ * governor, thus we are bound to jiffes/HZ
+ */
+ if (dbs_data->governor == GOV_CONSERVATIVE) {
+- struct cs_ops *ops = dbs_data->gov_ops;
++ const struct cs_ops *ops = dbs_data->gov_ops;
+
+ cpufreq_register_notifier(ops->notifier_block,
+ CPUFREQ_TRANSITION_NOTIFIER);
+@@ -251,7 +251,7 @@ int cpufreq_governor_dbs(struct dbs_data *dbs_data,
+ dbs_data->min_sampling_rate = MIN_SAMPLING_RATE_RATIO *
+ jiffies_to_usecs(10);
+ } else {
+- struct od_ops *ops = dbs_data->gov_ops;
++ const struct od_ops *ops = dbs_data->gov_ops;
+
+ od_tuners->io_is_busy = ops->io_busy();
+ }
+@@ -268,7 +268,7 @@ second_time:
+ cs_dbs_info->enable = 1;
+ cs_dbs_info->requested_freq = policy->cur;
+ } else {
+- struct od_ops *ops = dbs_data->gov_ops;
++ const struct od_ops *ops = dbs_data->gov_ops;
+ od_dbs_info->rate_mult = 1;
+ od_dbs_info->sample_type = OD_NORMAL_SAMPLE;
+ ops->powersave_bias_init_cpu(cpu);
+@@ -289,7 +289,7 @@ second_time:
+ mutex_destroy(&cpu_cdbs->timer_mutex);
+ dbs_data->enable--;
+ if (!dbs_data->enable) {
+- struct cs_ops *ops = dbs_data->gov_ops;
++ const struct cs_ops *ops = dbs_data->gov_ops;
+
+ sysfs_remove_group(cpufreq_global_kobject,
+ dbs_data->attr_group);
+diff --git a/drivers/cpufreq/cpufreq_governor.h b/drivers/cpufreq/cpufreq_governor.h
+index f661654..6c8e638 100644
+--- a/drivers/cpufreq/cpufreq_governor.h
++++ b/drivers/cpufreq/cpufreq_governor.h
+@@ -142,7 +142,7 @@ struct dbs_data {
+ void (*gov_check_cpu)(int cpu, unsigned int load);
+
+ /* Governor specific ops, see below */
+- void *gov_ops;
++ const void *gov_ops;
+ };
+
+ /* Governor specific ops, will be passed to dbs_data->gov_ops */
+diff --git a/drivers/cpufreq/cpufreq_stats.c b/drivers/cpufreq/cpufreq_stats.c
+index 9d7732b..0b1a793 100644
+--- a/drivers/cpufreq/cpufreq_stats.c
++++ b/drivers/cpufreq/cpufreq_stats.c
+@@ -340,7 +340,7 @@ static int __cpuinit cpufreq_stat_cpu_callback(struct notifier_block *nfb,
+ }
+
+ /* priority=1 so this will get called before cpufreq_remove_dev */
+-static struct notifier_block cpufreq_stat_cpu_notifier __refdata = {
++static struct notifier_block cpufreq_stat_cpu_notifier = {
+ .notifier_call = cpufreq_stat_cpu_callback,
+ .priority = 1,
+ };
+diff --git a/drivers/cpufreq/p4-clockmod.c b/drivers/cpufreq/p4-clockmod.c
+index 827629c9..0bc6a03 100644
+--- a/drivers/cpufreq/p4-clockmod.c
++++ b/drivers/cpufreq/p4-clockmod.c
+@@ -167,10 +167,14 @@ static unsigned int cpufreq_p4_get_frequency(struct cpuinfo_x86 *c)
+ case 0x0F: /* Core Duo */
+ case 0x16: /* Celeron Core */
+ case 0x1C: /* Atom */
+- p4clockmod_driver.flags |= CPUFREQ_CONST_LOOPS;
++ pax_open_kernel();
++ *(u8 *)&p4clockmod_driver.flags |= CPUFREQ_CONST_LOOPS;
++ pax_close_kernel();
+ return speedstep_get_frequency(SPEEDSTEP_CPU_PCORE);
+ case 0x0D: /* Pentium M (Dothan) */
+- p4clockmod_driver.flags |= CPUFREQ_CONST_LOOPS;
++ pax_open_kernel();
++ *(u8 *)&p4clockmod_driver.flags |= CPUFREQ_CONST_LOOPS;
++ pax_close_kernel();
+ /* fall through */
+ case 0x09: /* Pentium M (Banias) */
+ return speedstep_get_frequency(SPEEDSTEP_CPU_PM);
+@@ -182,7 +186,9 @@ static unsigned int cpufreq_p4_get_frequency(struct cpuinfo_x86 *c)
+
+ /* on P-4s, the TSC runs with constant frequency independent whether
+ * throttling is active or not. */
+- p4clockmod_driver.flags |= CPUFREQ_CONST_LOOPS;
++ pax_open_kernel();
++ *(u8 *)&p4clockmod_driver.flags |= CPUFREQ_CONST_LOOPS;
++ pax_close_kernel();
+
+ if (speedstep_detect_processor() == SPEEDSTEP_CPU_P4M) {
+ printk(KERN_WARNING PFX "Warning: Pentium 4-M detected. "
+diff --git a/drivers/cpufreq/speedstep-centrino.c b/drivers/cpufreq/speedstep-centrino.c
+index 3a953d5..f5993f6 100644
+--- a/drivers/cpufreq/speedstep-centrino.c
++++ b/drivers/cpufreq/speedstep-centrino.c
+@@ -353,8 +353,11 @@ static int centrino_cpu_init(struct cpufreq_policy *policy)
+ !cpu_has(cpu, X86_FEATURE_EST))
+ return -ENODEV;
+
+- if (cpu_has(cpu, X86_FEATURE_CONSTANT_TSC))
+- centrino_driver.flags |= CPUFREQ_CONST_LOOPS;
++ if (cpu_has(cpu, X86_FEATURE_CONSTANT_TSC)) {
++ pax_open_kernel();
++ *(u8 *)¢rino_driver.flags |= CPUFREQ_CONST_LOOPS;
++ pax_close_kernel();
++ }
+
+ if (policy->cpu != 0)
+ return -ENODEV;
+diff --git a/drivers/cpuidle/cpuidle.c b/drivers/cpuidle/cpuidle.c
+index e1f6860..f8de20b 100644
+--- a/drivers/cpuidle/cpuidle.c
++++ b/drivers/cpuidle/cpuidle.c
+@@ -279,7 +279,7 @@ static int poll_idle(struct cpuidle_device *dev,
+
+ static void poll_idle_init(struct cpuidle_driver *drv)
+ {
+- struct cpuidle_state *state = &drv->states[0];
++ cpuidle_state_no_const *state = &drv->states[0];
+
+ snprintf(state->name, CPUIDLE_NAME_LEN, "POLL");
+ snprintf(state->desc, CPUIDLE_DESC_LEN, "CPUIDLE CORE POLL IDLE");
+diff --git a/drivers/cpuidle/governor.c b/drivers/cpuidle/governor.c
+index ea2f8e7..70ac501 100644
+--- a/drivers/cpuidle/governor.c
++++ b/drivers/cpuidle/governor.c
+@@ -87,7 +87,7 @@ int cpuidle_register_governor(struct cpuidle_governor *gov)
+ mutex_lock(&cpuidle_lock);
+ if (__cpuidle_find_governor(gov->name) == NULL) {
+ ret = 0;
+- list_add_tail(&gov->governor_list, &cpuidle_governors);
++ pax_list_add_tail((struct list_head *)&gov->governor_list, &cpuidle_governors);
+ if (!cpuidle_curr_governor ||
+ cpuidle_curr_governor->rating < gov->rating)
+ cpuidle_switch_governor(gov);
+@@ -135,7 +135,7 @@ void cpuidle_unregister_governor(struct cpuidle_governor *gov)
+ new_gov = cpuidle_replace_governor(gov->rating);
+ cpuidle_switch_governor(new_gov);
+ }
+- list_del(&gov->governor_list);
++ pax_list_del((struct list_head *)&gov->governor_list);
+ mutex_unlock(&cpuidle_lock);
+ }
+
+diff --git a/drivers/cpuidle/sysfs.c b/drivers/cpuidle/sysfs.c
+index 428754a..8bdf9cc 100644
+--- a/drivers/cpuidle/sysfs.c
++++ b/drivers/cpuidle/sysfs.c
+@@ -131,7 +131,7 @@ static struct attribute *cpuidle_switch_attrs[] = {
+ NULL
+ };
+
+-static struct attribute_group cpuidle_attr_group = {
++static attribute_group_no_const cpuidle_attr_group = {
+ .attrs = cpuidle_default_attrs,
+ .name = "cpuidle",
+ };
+diff --git a/drivers/devfreq/devfreq.c b/drivers/devfreq/devfreq.c
+index 3b36797..289c16a 100644
+--- a/drivers/devfreq/devfreq.c
++++ b/drivers/devfreq/devfreq.c
+@@ -588,7 +588,7 @@ int devfreq_add_governor(struct devfreq_governor *governor)
+ goto err_out;
+ }
+
+- list_add(&governor->node, &devfreq_governor_list);
++ pax_list_add((struct list_head *)&governor->node, &devfreq_governor_list);
+
+ list_for_each_entry(devfreq, &devfreq_list, node) {
+ int ret = 0;
+@@ -676,7 +676,7 @@ int devfreq_remove_governor(struct devfreq_governor *governor)
+ }
+ }
+
+- list_del(&governor->node);
++ pax_list_del((struct list_head *)&governor->node);
+ err_out:
+ mutex_unlock(&devfreq_list_lock);
+
+diff --git a/drivers/dma/sh/shdma.c b/drivers/dma/sh/shdma.c
+index b70709b..1d8d02a 100644
+--- a/drivers/dma/sh/shdma.c
++++ b/drivers/dma/sh/shdma.c
+@@ -476,7 +476,7 @@ static int sh_dmae_nmi_handler(struct notifier_block *self,
+ return ret;
+ }
+
+-static struct notifier_block sh_dmae_nmi_notifier __read_mostly = {
++static struct notifier_block sh_dmae_nmi_notifier = {
+ .notifier_call = sh_dmae_nmi_handler,
+
+ /* Run before NMI debug handler and KGDB */
+diff --git a/drivers/edac/edac_mc_sysfs.c b/drivers/edac/edac_mc_sysfs.c
+index 0ca1ca7..6e6f454 100644
+--- a/drivers/edac/edac_mc_sysfs.c
++++ b/drivers/edac/edac_mc_sysfs.c
+@@ -148,7 +148,7 @@ static const char *edac_caps[] = {
+ struct dev_ch_attribute {
+ struct device_attribute attr;
+ int channel;
+-};
++} __do_const;
+
+ #define DEVICE_CHANNEL(_name, _mode, _show, _store, _var) \
+ struct dev_ch_attribute dev_attr_legacy_##_name = \
diff --git a/drivers/edac/edac_pci_sysfs.c b/drivers/edac/edac_pci_sysfs.c
-index 1bfb207..0d059c2 100644
+index 0056c4d..23b54d9 100644
--- a/drivers/edac/edac_pci_sysfs.c
+++ b/drivers/edac/edac_pci_sysfs.c
@@ -26,8 +26,8 @@ static int edac_pci_log_pe = 1; /* log PCI parity errors */
static struct kobject *edac_pci_top_main_kobj;
static atomic_t edac_pci_sysfs_refcount = ATOMIC_INIT(0);
+@@ -235,7 +235,7 @@ struct edac_pci_dev_attribute {
+ void *value;
+ ssize_t(*show) (void *, char *);
+ ssize_t(*store) (void *, const char *, size_t);
+-};
++} __do_const;
+
+ /* Set of show/store abstract level functions for PCI Parity object */
+ static ssize_t edac_pci_dev_show(struct kobject *kobj, struct attribute *attr,
@@ -579,7 +579,7 @@ static void edac_pci_dev_parity_test(struct pci_dev *dev)
edac_printk(KERN_CRIT, EDAC_PCI,
"Signaled System Error on %s\n",
}
}
}
-@@ -676,7 +676,7 @@ void edac_pci_do_parity_check(void)
+@@ -672,7 +672,7 @@ void edac_pci_do_parity_check(void)
if (!check_pci_errors)
return;
/* scan all PCI devices looking for a Parity Error on devices and
* bridges.
-@@ -688,7 +688,7 @@ void edac_pci_do_parity_check(void)
+@@ -684,7 +684,7 @@ void edac_pci_do_parity_check(void)
/* Only if operator has selected panic on PCI Error */
if (edac_pci_get_panic_on_pe()) {
/* If the count is different 'after' from 'before' */
}
}
diff --git a/drivers/edac/mce_amd.h b/drivers/edac/mce_amd.h
-index 8c87a5e..a19cbd7 100644
+index 6796799..99e8377 100644
--- a/drivers/edac/mce_amd.h
+++ b/drivers/edac/mce_amd.h
-@@ -80,7 +80,7 @@ extern const char * const ii_msgs[];
+@@ -78,7 +78,7 @@ extern const char * const ii_msgs[];
struct amd_decoder_ops {
- bool (*dc_mce)(u16, u8);
- bool (*ic_mce)(u16, u8);
+ bool (*mc0_mce)(u16, u8);
+ bool (*mc1_mce)(u16, u8);
-};
+} __no_const;
return -EINVAL;
r = kmalloc(sizeof(*r), GFP_KERNEL);
+diff --git a/drivers/firewire/core-device.c b/drivers/firewire/core-device.c
+index af3e8aa..eb2f227 100644
+--- a/drivers/firewire/core-device.c
++++ b/drivers/firewire/core-device.c
+@@ -232,7 +232,7 @@ EXPORT_SYMBOL(fw_device_enable_phys_dma);
+ struct config_rom_attribute {
+ struct device_attribute attr;
+ u32 key;
+-};
++} __do_const;
+
+ static ssize_t show_immediate(struct device *dev,
+ struct device_attribute *dattr, char *buf)
diff --git a/drivers/firewire/core-transaction.c b/drivers/firewire/core-transaction.c
index 28a94c7..58da63a 100644
--- a/drivers/firewire/core-transaction.c
void fw_card_initialize(struct fw_card *card,
const struct fw_card_driver *driver, struct device *device);
+diff --git a/drivers/firmware/dmi-id.c b/drivers/firmware/dmi-id.c
+index 94a58a0..f5eba42 100644
+--- a/drivers/firmware/dmi-id.c
++++ b/drivers/firmware/dmi-id.c
+@@ -16,7 +16,7 @@
+ struct dmi_device_attribute{
+ struct device_attribute dev_attr;
+ int field;
+-};
++} __do_const;
+ #define to_dmi_dev_attr(_dev_attr) \
+ container_of(_dev_attr, struct dmi_device_attribute, dev_attr)
+
diff --git a/drivers/firmware/dmi_scan.c b/drivers/firmware/dmi_scan.c
-index 982f1f5..d21e5da 100644
+index 4cd392d..4b629e1 100644
--- a/drivers/firmware/dmi_scan.c
+++ b/drivers/firmware/dmi_scan.c
-@@ -491,11 +491,6 @@ void __init dmi_scan_machine(void)
+@@ -490,11 +490,6 @@ void __init dmi_scan_machine(void)
}
}
else {
p = dmi_ioremap(0xF0000, 0x10000);
if (p == NULL)
goto error;
-@@ -770,7 +765,7 @@ int dmi_walk(void (*decode)(const struct dmi_header *, void *),
+@@ -769,7 +764,7 @@ int dmi_walk(void (*decode)(const struct dmi_header *, void *),
if (buf == NULL)
return -1;
iounmap(buf);
return 0;
diff --git a/drivers/firmware/efivars.c b/drivers/firmware/efivars.c
-index bfd8f43..133189c 100644
+index 2a2e145..73745e79 100644
--- a/drivers/firmware/efivars.c
+++ b/drivers/firmware/efivars.c
-@@ -1234,9 +1234,9 @@ efivars_init(void)
- return -ENOMEM;
- }
+@@ -133,7 +133,7 @@ struct efivar_attribute {
+ };
-- ops.get_variable = efi.get_variable;
-- ops.set_variable = efi.set_variable;
-- ops.get_next_variable = efi.get_next_variable;
-+ *(void **)&ops.get_variable = efi.get_variable;
-+ *(void **)&ops.set_variable = efi.set_variable;
-+ *(void **)&ops.get_next_variable = efi.get_next_variable;
- error = register_efivars(&__efivars, &ops, efi_kobj);
- if (error)
- goto err_put;
+ static struct efivars __efivars;
+-static struct efivar_operations ops;
++static efivar_operations_no_const ops __read_only;
+
+ #define PSTORE_EFI_ATTRIBUTES \
+ (EFI_VARIABLE_NON_VOLATILE | \
+@@ -1798,7 +1798,7 @@ efivar_create_sysfs_entry(struct efivars *efivars,
+ static int
+ create_efivars_bin_attributes(struct efivars *efivars)
+ {
+- struct bin_attribute *attr;
++ bin_attribute_no_const *attr;
+ int error;
+
+ /* new_var */
+diff --git a/drivers/firmware/google/memconsole.c b/drivers/firmware/google/memconsole.c
+index 2a90ba6..07f3733 100644
+--- a/drivers/firmware/google/memconsole.c
++++ b/drivers/firmware/google/memconsole.c
+@@ -147,7 +147,9 @@ static int __init memconsole_init(void)
+ if (!found_memconsole())
+ return -ENODEV;
+
+- memconsole_bin_attr.size = memconsole_length;
++ pax_open_kernel();
++ *(size_t *)&memconsole_bin_attr.size = memconsole_length;
++ pax_close_kernel();
+
+ ret = sysfs_create_bin_file(firmware_kobj, &memconsole_bin_attr);
+
+diff --git a/drivers/gpio/gpio-ich.c b/drivers/gpio/gpio-ich.c
+index 6f2306d..af9476a 100644
+--- a/drivers/gpio/gpio-ich.c
++++ b/drivers/gpio/gpio-ich.c
+@@ -69,7 +69,7 @@ struct ichx_desc {
+ /* Some chipsets have quirks, let these use their own request/get */
+ int (*request)(struct gpio_chip *chip, unsigned offset);
+ int (*get)(struct gpio_chip *chip, unsigned offset);
+-};
++} __do_const;
+
+ static struct {
+ spinlock_t lock;
diff --git a/drivers/gpio/gpio-vr41xx.c b/drivers/gpio/gpio-vr41xx.c
-index 82d5c20..44a7177 100644
+index 9902732..64b62dd 100644
--- a/drivers/gpio/gpio-vr41xx.c
+++ b/drivers/gpio/gpio-vr41xx.c
@@ -204,7 +204,7 @@ static int giu_get_irq(unsigned int irq)
return -EINVAL;
}
diff --git a/drivers/gpu/drm/drm_crtc_helper.c b/drivers/gpu/drm/drm_crtc_helper.c
-index 1227adf..f2301c2 100644
+index 7b2d378..cc947ea 100644
--- a/drivers/gpu/drm/drm_crtc_helper.c
+++ b/drivers/gpu/drm/drm_crtc_helper.c
-@@ -286,7 +286,7 @@ static bool drm_encoder_crtc_ok(struct drm_encoder *encoder,
+@@ -319,7 +319,7 @@ static bool drm_encoder_crtc_ok(struct drm_encoder *encoder,
struct drm_crtc *tmp;
int crtc_mask = 1;
dev = crtc->dev;
diff --git a/drivers/gpu/drm/drm_drv.c b/drivers/gpu/drm/drm_drv.c
-index be174ca..0bcbb71 100644
+index be174ca..7f38143 100644
--- a/drivers/gpu/drm/drm_drv.c
+++ b/drivers/gpu/drm/drm_drv.c
@@ -307,7 +307,7 @@ module_exit(drm_core_exit);
{
int len;
+@@ -377,7 +377,7 @@ long drm_ioctl(struct file *filp,
+ struct drm_file *file_priv = filp->private_data;
+ struct drm_device *dev;
+ struct drm_ioctl_desc *ioctl;
+- drm_ioctl_t *func;
++ drm_ioctl_no_const_t func;
+ unsigned int nr = DRM_IOCTL_NR(cmd);
+ int retcode = -EINVAL;
+ char stack_kdata[128];
@@ -390,7 +390,7 @@ long drm_ioctl(struct file *filp,
return -ENODEV;
#if defined(__i386__)
pgprot = pgprot_val(vma->vm_page_prot);
diff --git a/drivers/gpu/drm/drm_ioc32.c b/drivers/gpu/drm/drm_ioc32.c
-index 2f4c434..764794b 100644
+index 2f4c434..dd12cd2 100644
--- a/drivers/gpu/drm/drm_ioc32.c
+++ b/drivers/gpu/drm/drm_ioc32.c
@@ -457,7 +457,7 @@ static int compat_drm_infobufs(struct file *file, unsigned int cmd,
if (__put_user(count, &request->count)
|| __put_user(list, &request->list))
+@@ -1016,7 +1016,7 @@ static int compat_drm_wait_vblank(struct file *file, unsigned int cmd,
+ return 0;
+ }
+
+-drm_ioctl_compat_t *drm_compat_ioctls[] = {
++drm_ioctl_compat_t drm_compat_ioctls[] = {
+ [DRM_IOCTL_NR(DRM_IOCTL_VERSION32)] = compat_drm_version,
+ [DRM_IOCTL_NR(DRM_IOCTL_GET_UNIQUE32)] = compat_drm_getunique,
+ [DRM_IOCTL_NR(DRM_IOCTL_GET_MAP32)] = compat_drm_getmap,
+@@ -1062,7 +1062,6 @@ drm_ioctl_compat_t *drm_compat_ioctls[] = {
+ long drm_compat_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
+ {
+ unsigned int nr = DRM_IOCTL_NR(cmd);
+- drm_ioctl_compat_t *fn;
+ int ret;
+
+ /* Assume that ioctls without an explicit compat routine will just
+@@ -1072,10 +1071,8 @@ long drm_compat_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
+ if (nr >= ARRAY_SIZE(drm_compat_ioctls))
+ return drm_ioctl(filp, cmd, arg);
+
+- fn = drm_compat_ioctls[nr];
+-
+- if (fn != NULL)
+- ret = (*fn) (filp, cmd, arg);
++ if (drm_compat_ioctls[nr] != NULL)
++ ret = (*drm_compat_ioctls[nr]) (filp, cmd, arg);
+ else
+ ret = drm_ioctl(filp, cmd, arg);
+
diff --git a/drivers/gpu/drm/drm_ioctl.c b/drivers/gpu/drm/drm_ioctl.c
-index 23dd975..63e9801 100644
+index e77bd8b..1571b85 100644
--- a/drivers/gpu/drm/drm_ioctl.c
+++ b/drivers/gpu/drm/drm_ioctl.c
@@ -252,7 +252,7 @@ int drm_getstats(struct drm_device *dev, void *data,
if (drm_lock_free(&master->lock, lock->context)) {
/* FIXME: Should really bail out here. */
diff --git a/drivers/gpu/drm/drm_stub.c b/drivers/gpu/drm/drm_stub.c
-index c236fd2..6b5f2e7 100644
+index 200e104..59facda 100644
--- a/drivers/gpu/drm/drm_stub.c
+++ b/drivers/gpu/drm/drm_stub.c
-@@ -511,7 +511,7 @@ void drm_unplug_dev(struct drm_device *dev)
+@@ -516,7 +516,7 @@ void drm_unplug_dev(struct drm_device *dev)
drm_device_set_unplugged(dev);
int front_offset;
} drm_i810_private_t;
diff --git a/drivers/gpu/drm/i915/i915_debugfs.c b/drivers/gpu/drm/i915/i915_debugfs.c
-index 3a1a495..995c093 100644
+index 8a7c48b..72effc2 100644
--- a/drivers/gpu/drm/i915/i915_debugfs.c
+++ b/drivers/gpu/drm/i915/i915_debugfs.c
@@ -496,7 +496,7 @@ static int i915_interrupt_info(struct seq_file *m, void *data)
if (IS_GEN6(dev) || IS_GEN7(dev)) {
seq_printf(m,
diff --git a/drivers/gpu/drm/i915/i915_dma.c b/drivers/gpu/drm/i915/i915_dma.c
-index 61ae104..f8a4bc1 100644
+index 5206f24..7af0a0a 100644
--- a/drivers/gpu/drm/i915/i915_dma.c
+++ b/drivers/gpu/drm/i915/i915_dma.c
-@@ -1274,7 +1274,7 @@ static bool i915_switcheroo_can_switch(struct pci_dev *pdev)
+@@ -1253,7 +1253,7 @@ static bool i915_switcheroo_can_switch(struct pci_dev *pdev)
bool can_switch;
spin_lock(&dev->count_lock);
return can_switch;
}
diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h
-index 92f1750..3beba74 100644
+index 66ad64f..a865871 100644
--- a/drivers/gpu/drm/i915/i915_drv.h
+++ b/drivers/gpu/drm/i915/i915_drv.h
-@@ -430,7 +430,7 @@ typedef struct drm_i915_private {
-
+@@ -656,7 +656,7 @@ typedef struct drm_i915_private {
+ drm_dma_handle_t *status_page_dmah;
struct resource mch_res;
- atomic_t irq_received;
/* protects the irq masks */
spinlock_t irq_lock;
-@@ -1055,7 +1055,7 @@ struct drm_i915_gem_object {
+@@ -1103,7 +1103,7 @@ struct drm_i915_gem_object {
* will be page flipped away on the next vblank. When it
* reaches 0, dev_priv->pending_flip_queue will be woken up.
*/
- atomic_t pending_flip;
+ atomic_unchecked_t pending_flip;
};
+ #define to_gem_object(obj) (&((struct drm_i915_gem_object *)(obj))->base)
- #define to_intel_bo(x) container_of(x, struct drm_i915_gem_object, base)
-@@ -1558,7 +1558,7 @@ extern struct i2c_adapter *intel_gmbus_get_adapter(
+@@ -1634,7 +1634,7 @@ extern struct i2c_adapter *intel_gmbus_get_adapter(
struct drm_i915_private *dev_priv, unsigned port);
extern void intel_gmbus_set_speed(struct i2c_adapter *adapter, int speed);
extern void intel_gmbus_force_bit(struct i2c_adapter *adapter, bool force_bit);
return container_of(adapter, struct intel_gmbus, adapter)->force_bit;
}
diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
-index 67036e9..b9f1357 100644
+index 26d08bb..fccb984 100644
--- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c
+++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
-@@ -681,7 +681,7 @@ i915_gem_execbuffer_move_to_gpu(struct intel_ring_buffer *ring,
+@@ -672,7 +672,7 @@ i915_gem_execbuffer_move_to_gpu(struct intel_ring_buffer *ring,
i915_gem_clflush_object(obj);
if (obj->base.pending_write_domain)
flush_domains |= obj->base.write_domain;
}
-@@ -712,9 +712,9 @@ i915_gem_check_execbuffer(struct drm_i915_gem_execbuffer2 *exec)
+@@ -703,9 +703,9 @@ i915_gem_check_execbuffer(struct drm_i915_gem_execbuffer2 *exec)
static int
validate_exec_list(struct drm_i915_gem_exec_object2 *exec,
for (i = 0; i < count; i++) {
char __user *ptr = (char __user *)(uintptr_t)exec[i].relocs_ptr;
+diff --git a/drivers/gpu/drm/i915/i915_ioc32.c b/drivers/gpu/drm/i915/i915_ioc32.c
+index 3c59584..500f2e9 100644
+--- a/drivers/gpu/drm/i915/i915_ioc32.c
++++ b/drivers/gpu/drm/i915/i915_ioc32.c
+@@ -181,7 +181,7 @@ static int compat_i915_alloc(struct file *file, unsigned int cmd,
+ (unsigned long)request);
+ }
+
+-static drm_ioctl_compat_t *i915_compat_ioctls[] = {
++static drm_ioctl_compat_t i915_compat_ioctls[] = {
+ [DRM_I915_BATCHBUFFER] = compat_i915_batchbuffer,
+ [DRM_I915_CMDBUFFER] = compat_i915_cmdbuffer,
+ [DRM_I915_GETPARAM] = compat_i915_getparam,
+@@ -202,18 +202,15 @@ static drm_ioctl_compat_t *i915_compat_ioctls[] = {
+ long i915_compat_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
+ {
+ unsigned int nr = DRM_IOCTL_NR(cmd);
+- drm_ioctl_compat_t *fn = NULL;
+ int ret;
+
+ if (nr < DRM_COMMAND_BASE)
+ return drm_compat_ioctl(filp, cmd, arg);
+
+- if (nr < DRM_COMMAND_BASE + DRM_ARRAY_SIZE(i915_compat_ioctls))
+- fn = i915_compat_ioctls[nr - DRM_COMMAND_BASE];
+-
+- if (fn != NULL)
++ if (nr < DRM_COMMAND_BASE + DRM_ARRAY_SIZE(i915_compat_ioctls)) {
++ drm_ioctl_compat_t fn = i915_compat_ioctls[nr - DRM_COMMAND_BASE];
+ ret = (*fn) (filp, cmd, arg);
+- else
++ } else
+ ret = drm_ioctl(filp, cmd, arg);
+
+ return ret;
diff --git a/drivers/gpu/drm/i915/i915_irq.c b/drivers/gpu/drm/i915/i915_irq.c
-index dc29ace..137d83a 100644
+index 3c00403..5a5c6c9 100644
--- a/drivers/gpu/drm/i915/i915_irq.c
+++ b/drivers/gpu/drm/i915/i915_irq.c
-@@ -531,7 +531,7 @@ static irqreturn_t valleyview_irq_handler(DRM_IRQ_ARGS)
+@@ -539,7 +539,7 @@ static irqreturn_t valleyview_irq_handler(int irq, void *arg)
u32 pipe_stats[I915_MAX_PIPES];
bool blc_event;
while (true) {
iir = I915_READ(VLV_IIR);
-@@ -678,7 +678,7 @@ static irqreturn_t ivybridge_irq_handler(DRM_IRQ_ARGS)
+@@ -692,7 +692,7 @@ static irqreturn_t ivybridge_irq_handler(int irq, void *arg)
irqreturn_t ret = IRQ_NONE;
int i;
/* disable master interrupt before clearing iir */
de_ier = I915_READ(DEIER);
-@@ -753,7 +753,7 @@ static irqreturn_t ironlake_irq_handler(DRM_IRQ_ARGS)
+@@ -764,7 +764,7 @@ static irqreturn_t ironlake_irq_handler(int irq, void *arg)
+ int ret = IRQ_NONE;
u32 de_iir, gt_iir, de_ier, pch_iir, pm_iir;
- u32 hotplug_mask;
- atomic_inc(&dev_priv->irq_received);
+ atomic_inc_unchecked(&dev_priv->irq_received);
/* disable master interrupt before clearing iir */
de_ier = I915_READ(DEIER);
-@@ -1762,7 +1762,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev)
+@@ -1791,7 +1791,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev)
{
drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
I915_WRITE(HWSTAM, 0xeffe);
-@@ -1788,7 +1788,7 @@ static void valleyview_irq_preinstall(struct drm_device *dev)
+@@ -1817,7 +1817,7 @@ static void valleyview_irq_preinstall(struct drm_device *dev)
drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
int pipe;
/* VLV magic */
I915_WRITE(VLV_IMR, 0);
-@@ -2093,7 +2093,7 @@ static void i8xx_irq_preinstall(struct drm_device * dev)
+@@ -2112,7 +2112,7 @@ static void i8xx_irq_preinstall(struct drm_device * dev)
drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
int pipe;
for_each_pipe(pipe)
I915_WRITE(PIPESTAT(pipe), 0);
-@@ -2144,7 +2144,7 @@ static irqreturn_t i8xx_irq_handler(DRM_IRQ_ARGS)
+@@ -2163,7 +2163,7 @@ static irqreturn_t i8xx_irq_handler(int irq, void *arg)
I915_DISPLAY_PLANE_A_FLIP_PENDING_INTERRUPT |
I915_DISPLAY_PLANE_B_FLIP_PENDING_INTERRUPT;
iir = I915_READ16(IIR);
if (iir == 0)
-@@ -2229,7 +2229,7 @@ static void i915_irq_preinstall(struct drm_device * dev)
+@@ -2248,7 +2248,7 @@ static void i915_irq_preinstall(struct drm_device * dev)
drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
int pipe;
if (I915_HAS_HOTPLUG(dev)) {
I915_WRITE(PORT_HOTPLUG_EN, 0);
-@@ -2324,7 +2324,7 @@ static irqreturn_t i915_irq_handler(DRM_IRQ_ARGS)
+@@ -2343,7 +2343,7 @@ static irqreturn_t i915_irq_handler(int irq, void *arg)
};
int pipe, ret = IRQ_NONE;
iir = I915_READ(IIR);
do {
-@@ -2450,7 +2450,7 @@ static void i965_irq_preinstall(struct drm_device * dev)
+@@ -2469,7 +2469,7 @@ static void i965_irq_preinstall(struct drm_device * dev)
drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
int pipe;
I915_WRITE(PORT_HOTPLUG_EN, 0);
I915_WRITE(PORT_HOTPLUG_STAT, I915_READ(PORT_HOTPLUG_STAT));
-@@ -2557,7 +2557,7 @@ static irqreturn_t i965_irq_handler(DRM_IRQ_ARGS)
+@@ -2576,7 +2576,7 @@ static irqreturn_t i965_irq_handler(int irq, void *arg)
int irq_received;
int ret = IRQ_NONE, pipe;
iir = I915_READ(IIR);
diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
-index 4d3c7c6..eaac87b 100644
+index 80aa1fc..85cfce3 100644
--- a/drivers/gpu/drm/i915/intel_display.c
+++ b/drivers/gpu/drm/i915/intel_display.c
-@@ -2131,7 +2131,7 @@ intel_finish_fb(struct drm_framebuffer *old_fb)
+@@ -2255,7 +2255,7 @@ intel_finish_fb(struct drm_framebuffer *old_fb)
wait_event(dev_priv->pending_flip_queue,
atomic_read(&dev_priv->mm.wedged) ||
/* Big Hammer, we also need to ensure that any pending
* MI_WAIT_FOR_EVENT inside a user batch buffer on the
-@@ -6221,8 +6221,7 @@ static void do_intel_finish_page_flip(struct drm_device *dev,
+@@ -7122,8 +7122,7 @@ static void do_intel_finish_page_flip(struct drm_device *dev,
obj = work->old_fb_obj;
wake_up(&dev_priv->pending_flip_queue);
queue_work(dev_priv->wq, &work->work);
-@@ -6589,7 +6588,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc,
+@@ -7490,7 +7489,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc,
/* Block clients from rendering to the new back buffer until
* the flip occurs and the object is no longer visible.
*/
atomic_inc(&intel_crtc->unpin_work_count);
ret = dev_priv->display.queue_flip(dev, crtc, fb, obj);
-@@ -6606,7 +6605,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc,
+@@ -7507,7 +7506,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc,
cleanup_pending:
atomic_dec(&intel_crtc->unpin_work_count);
drm_gem_object_unreference(&work->old_fb_obj->base);
drm_gem_object_unreference(&obj->base);
mutex_unlock(&dev->struct_mutex);
+@@ -8849,13 +8848,13 @@ struct intel_quirk {
+ int subsystem_vendor;
+ int subsystem_device;
+ void (*hook)(struct drm_device *dev);
+-};
++} __do_const;
+
+ /* For systems that don't have a meaningful PCI subdevice/subvendor ID */
+ struct intel_dmi_quirk {
+ void (*hook)(struct drm_device *dev);
+ const struct dmi_system_id (*dmi_id_list)[];
+-};
++} __do_const;
+
+ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id)
+ {
+@@ -8863,18 +8862,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id)
+ return 1;
+ }
+
++static const struct dmi_system_id intel_dmi_quirks_table[] = {
++ {
++ .callback = intel_dmi_reverse_brightness,
++ .ident = "NCR Corporation",
++ .matches = {DMI_MATCH(DMI_SYS_VENDOR, "NCR Corporation"),
++ DMI_MATCH(DMI_PRODUCT_NAME, ""),
++ },
++ },
++ { } /* terminating entry */
++};
++
+ static const struct intel_dmi_quirk intel_dmi_quirks[] = {
+ {
+- .dmi_id_list = &(const struct dmi_system_id[]) {
+- {
+- .callback = intel_dmi_reverse_brightness,
+- .ident = "NCR Corporation",
+- .matches = {DMI_MATCH(DMI_SYS_VENDOR, "NCR Corporation"),
+- DMI_MATCH(DMI_PRODUCT_NAME, ""),
+- },
+- },
+- { } /* terminating entry */
+- },
++ .dmi_id_list = &intel_dmi_quirks_table,
+ .hook = quirk_invert_brightness,
+ },
+ };
diff --git a/drivers/gpu/drm/mga/mga_drv.h b/drivers/gpu/drm/mga/mga_drv.h
index 54558a0..2d97005 100644
--- a/drivers/gpu/drm/mga/mga_drv.h
u32 next_fence_to_post;
unsigned int fb_cpp;
+diff --git a/drivers/gpu/drm/mga/mga_ioc32.c b/drivers/gpu/drm/mga/mga_ioc32.c
+index 709e90d..89a1c0d 100644
+--- a/drivers/gpu/drm/mga/mga_ioc32.c
++++ b/drivers/gpu/drm/mga/mga_ioc32.c
+@@ -189,7 +189,7 @@ static int compat_mga_dma_bootstrap(struct file *file, unsigned int cmd,
+ return 0;
+ }
+
+-drm_ioctl_compat_t *mga_compat_ioctls[] = {
++drm_ioctl_compat_t mga_compat_ioctls[] = {
+ [DRM_MGA_INIT] = compat_mga_init,
+ [DRM_MGA_GETPARAM] = compat_mga_getparam,
+ [DRM_MGA_DMA_BOOTSTRAP] = compat_mga_dma_bootstrap,
+@@ -207,18 +207,15 @@ drm_ioctl_compat_t *mga_compat_ioctls[] = {
+ long mga_compat_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
+ {
+ unsigned int nr = DRM_IOCTL_NR(cmd);
+- drm_ioctl_compat_t *fn = NULL;
+ int ret;
+
+ if (nr < DRM_COMMAND_BASE)
+ return drm_compat_ioctl(filp, cmd, arg);
+
+- if (nr < DRM_COMMAND_BASE + DRM_ARRAY_SIZE(mga_compat_ioctls))
+- fn = mga_compat_ioctls[nr - DRM_COMMAND_BASE];
+-
+- if (fn != NULL)
++ if (nr < DRM_COMMAND_BASE + DRM_ARRAY_SIZE(mga_compat_ioctls)) {
++ drm_ioctl_compat_t fn = mga_compat_ioctls[nr - DRM_COMMAND_BASE];
+ ret = (*fn) (filp, cmd, arg);
+- else
++ } else
+ ret = drm_ioctl(filp, cmd, arg);
+
+ return ret;
diff --git a/drivers/gpu/drm/mga/mga_irq.c b/drivers/gpu/drm/mga/mga_irq.c
index 598c281..60d590e 100644
--- a/drivers/gpu/drm/mga/mga_irq.c
*sequence = cur_fence;
diff --git a/drivers/gpu/drm/nouveau/nouveau_bios.c b/drivers/gpu/drm/nouveau/nouveau_bios.c
-index 09fdef2..57f5c3b 100644
+index 865eddf..62c4cc3 100644
--- a/drivers/gpu/drm/nouveau/nouveau_bios.c
+++ b/drivers/gpu/drm/nouveau/nouveau_bios.c
-@@ -1240,7 +1240,7 @@ parse_bit_U_tbl_entry(struct drm_device *dev, struct nvbios *bios,
+@@ -1015,7 +1015,7 @@ static int parse_bit_tmds_tbl_entry(struct drm_device *dev, struct nvbios *bios,
struct bit_table {
const char id;
int (* const parse_fn)(struct drm_device *, struct nvbios *, struct bit_entry *);
#define BIT_TABLE(id, funcid) ((struct bit_table){ id, parse_bit_##funcid##_tbl_entry })
diff --git a/drivers/gpu/drm/nouveau/nouveau_drm.h b/drivers/gpu/drm/nouveau/nouveau_drm.h
-index a101699..a163f0a 100644
+index aa89eb9..d45d38b 100644
--- a/drivers/gpu/drm/nouveau/nouveau_drm.h
+++ b/drivers/gpu/drm/nouveau/nouveau_drm.h
@@ -80,7 +80,7 @@ struct nouveau_drm {
#define nouveau_fence(drm) ((struct nouveau_fence_priv *)(drm)->fence)
diff --git a/drivers/gpu/drm/nouveau/nouveau_gem.c b/drivers/gpu/drm/nouveau/nouveau_gem.c
-index 5e2f521..0d21436 100644
+index 8bf695c..9fbc90a 100644
--- a/drivers/gpu/drm/nouveau/nouveau_gem.c
+++ b/drivers/gpu/drm/nouveau/nouveau_gem.c
@@ -321,7 +321,7 @@ validate_init(struct nouveau_channel *chan, struct drm_file *file_priv,
retry:
if (++trycnt > 100000) {
NV_ERROR(drm, "%s failed and gave up.\n", __func__);
+diff --git a/drivers/gpu/drm/nouveau/nouveau_ioc32.c b/drivers/gpu/drm/nouveau/nouveau_ioc32.c
+index 08214bc..9208577 100644
+--- a/drivers/gpu/drm/nouveau/nouveau_ioc32.c
++++ b/drivers/gpu/drm/nouveau/nouveau_ioc32.c
+@@ -50,7 +50,7 @@ long nouveau_compat_ioctl(struct file *filp, unsigned int cmd,
+ unsigned long arg)
+ {
+ unsigned int nr = DRM_IOCTL_NR(cmd);
+- drm_ioctl_compat_t *fn = NULL;
++ drm_ioctl_compat_t fn = NULL;
+ int ret;
+
+ if (nr < DRM_COMMAND_BASE)
diff --git a/drivers/gpu/drm/nouveau/nouveau_vga.c b/drivers/gpu/drm/nouveau/nouveau_vga.c
-index 6f0ac64..9c2dfb4 100644
+index 25d3495..d81aaf6 100644
--- a/drivers/gpu/drm/nouveau/nouveau_vga.c
+++ b/drivers/gpu/drm/nouveau/nouveau_vga.c
-@@ -63,7 +63,7 @@ nouveau_switcheroo_can_switch(struct pci_dev *pdev)
+@@ -62,7 +62,7 @@ nouveau_switcheroo_can_switch(struct pci_dev *pdev)
bool can_switch;
spin_lock(&dev->count_lock);
spin_unlock(&dev->count_lock);
return can_switch;
}
-diff --git a/drivers/gpu/drm/nouveau/nv50_evo.c b/drivers/gpu/drm/nouveau/nv50_evo.c
-index 9f6f55c..30e3a29 100644
---- a/drivers/gpu/drm/nouveau/nv50_evo.c
-+++ b/drivers/gpu/drm/nouveau/nv50_evo.c
-@@ -152,9 +152,9 @@ nv50_evo_channel_new(struct drm_device *dev, int chid,
- kzalloc(sizeof(*evo->object->oclass), GFP_KERNEL);
- evo->object->oclass->ofuncs =
- kzalloc(sizeof(*evo->object->oclass->ofuncs), GFP_KERNEL);
-- evo->object->oclass->ofuncs->rd32 = nv50_evo_rd32;
-- evo->object->oclass->ofuncs->wr32 = nv50_evo_wr32;
-- evo->object->oclass->ofuncs->rd08 =
-+ *(void**)&evo->object->oclass->ofuncs->rd32 = nv50_evo_rd32;
-+ *(void**)&evo->object->oclass->ofuncs->wr32 = nv50_evo_wr32;
-+ *(void**)&evo->object->oclass->ofuncs->rd08 =
- ioremap(pci_resource_start(dev->pdev, 0) +
- NV50_PDISPLAY_USER(evo->handle), PAGE_SIZE);
- return 0;
-diff --git a/drivers/gpu/drm/nouveau/nv50_sor.c b/drivers/gpu/drm/nouveau/nv50_sor.c
-index b562b59..9d725a8 100644
---- a/drivers/gpu/drm/nouveau/nv50_sor.c
-+++ b/drivers/gpu/drm/nouveau/nv50_sor.c
-@@ -317,7 +317,7 @@ nv50_sor_dpms(struct drm_encoder *encoder, int mode)
- }
-
- if (nv_encoder->dcb->type == DCB_OUTPUT_DP) {
-- struct dp_train_func func = {
-+ static struct dp_train_func func = {
- .link_set = nv50_sor_dp_link_set,
- .train_set = nv50_sor_dp_train_set,
- .train_adj = nv50_sor_dp_train_adj
-diff --git a/drivers/gpu/drm/nouveau/nvd0_display.c b/drivers/gpu/drm/nouveau/nvd0_display.c
-index c402fca..f1d694b 100644
---- a/drivers/gpu/drm/nouveau/nvd0_display.c
-+++ b/drivers/gpu/drm/nouveau/nvd0_display.c
-@@ -1389,7 +1389,7 @@ nvd0_sor_dpms(struct drm_encoder *encoder, int mode)
- nv_wait(device, 0x61c030 + (or * 0x0800), 0x10000000, 0x00000000);
-
- if (nv_encoder->dcb->type == DCB_OUTPUT_DP) {
-- struct dp_train_func func = {
-+ static struct dp_train_func func = {
- .link_set = nvd0_sor_dp_link_set,
- .train_set = nvd0_sor_dp_train_set,
- .train_adj = nvd0_sor_dp_train_adj
diff --git a/drivers/gpu/drm/r128/r128_cce.c b/drivers/gpu/drm/r128/r128_cce.c
index d4660cf..70dbe65 100644
--- a/drivers/gpu/drm/r128/r128_cce.c
u32 color_fmt;
unsigned int front_offset;
+diff --git a/drivers/gpu/drm/r128/r128_ioc32.c b/drivers/gpu/drm/r128/r128_ioc32.c
+index a954c54..9cc595c 100644
+--- a/drivers/gpu/drm/r128/r128_ioc32.c
++++ b/drivers/gpu/drm/r128/r128_ioc32.c
+@@ -177,7 +177,7 @@ static int compat_r128_getparam(struct file *file, unsigned int cmd,
+ return drm_ioctl(file, DRM_IOCTL_R128_GETPARAM, (unsigned long)getparam);
+ }
+
+-drm_ioctl_compat_t *r128_compat_ioctls[] = {
++drm_ioctl_compat_t r128_compat_ioctls[] = {
+ [DRM_R128_INIT] = compat_r128_init,
+ [DRM_R128_DEPTH] = compat_r128_depth,
+ [DRM_R128_STIPPLE] = compat_r128_stipple,
+@@ -196,18 +196,15 @@ drm_ioctl_compat_t *r128_compat_ioctls[] = {
+ long r128_compat_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
+ {
+ unsigned int nr = DRM_IOCTL_NR(cmd);
+- drm_ioctl_compat_t *fn = NULL;
+ int ret;
+
+ if (nr < DRM_COMMAND_BASE)
+ return drm_compat_ioctl(filp, cmd, arg);
+
+- if (nr < DRM_COMMAND_BASE + DRM_ARRAY_SIZE(r128_compat_ioctls))
+- fn = r128_compat_ioctls[nr - DRM_COMMAND_BASE];
+-
+- if (fn != NULL)
++ if (nr < DRM_COMMAND_BASE + DRM_ARRAY_SIZE(r128_compat_ioctls)) {
++ drm_ioctl_compat_t fn = r128_compat_ioctls[nr - DRM_COMMAND_BASE];
+ ret = (*fn) (filp, cmd, arg);
+- else
++ } else
+ ret = drm_ioctl(filp, cmd, arg);
+
+ return ret;
diff --git a/drivers/gpu/drm/r128/r128_irq.c b/drivers/gpu/drm/r128/r128_irq.c
index 2ea4f09..d391371 100644
--- a/drivers/gpu/drm/r128/r128_irq.c
if (regcomp
(&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) {
diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c
-index 008d645..de03849 100644
+index 0d6562b..a154330 100644
--- a/drivers/gpu/drm/radeon/radeon_device.c
+++ b/drivers/gpu/drm/radeon/radeon_device.c
-@@ -941,7 +941,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev)
+@@ -969,7 +969,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev)
bool can_switch;
spin_lock(&dev->count_lock);
return can_switch;
}
diff --git a/drivers/gpu/drm/radeon/radeon_drv.h b/drivers/gpu/drm/radeon/radeon_drv.h
-index a1b59ca..86f2d44 100644
+index e7fdf16..f4f6490 100644
--- a/drivers/gpu/drm/radeon/radeon_drv.h
+++ b/drivers/gpu/drm/radeon/radeon_drv.h
@@ -255,7 +255,7 @@ typedef struct drm_radeon_private {
uint32_t irq_enable_reg;
uint32_t r500_disp_irq_reg;
diff --git a/drivers/gpu/drm/radeon/radeon_ioc32.c b/drivers/gpu/drm/radeon/radeon_ioc32.c
-index c180df8..cd80dd2d 100644
+index c180df8..5fd8186 100644
--- a/drivers/gpu/drm/radeon/radeon_ioc32.c
+++ b/drivers/gpu/drm/radeon/radeon_ioc32.c
@@ -358,7 +358,7 @@ static int compat_radeon_cp_setparam(struct file *file, unsigned int cmd,
&request->value))
return -EFAULT;
+@@ -368,7 +368,7 @@ static int compat_radeon_cp_setparam(struct file *file, unsigned int cmd,
+ #define compat_radeon_cp_setparam NULL
+ #endif /* X86_64 || IA64 */
+
+-static drm_ioctl_compat_t *radeon_compat_ioctls[] = {
++static drm_ioctl_compat_t radeon_compat_ioctls[] = {
+ [DRM_RADEON_CP_INIT] = compat_radeon_cp_init,
+ [DRM_RADEON_CLEAR] = compat_radeon_cp_clear,
+ [DRM_RADEON_STIPPLE] = compat_radeon_cp_stipple,
+@@ -393,18 +393,15 @@ static drm_ioctl_compat_t *radeon_compat_ioctls[] = {
+ long radeon_compat_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
+ {
+ unsigned int nr = DRM_IOCTL_NR(cmd);
+- drm_ioctl_compat_t *fn = NULL;
+ int ret;
+
+ if (nr < DRM_COMMAND_BASE)
+ return drm_compat_ioctl(filp, cmd, arg);
+
+- if (nr < DRM_COMMAND_BASE + DRM_ARRAY_SIZE(radeon_compat_ioctls))
+- fn = radeon_compat_ioctls[nr - DRM_COMMAND_BASE];
+-
+- if (fn != NULL)
++ if (nr < DRM_COMMAND_BASE + DRM_ARRAY_SIZE(radeon_compat_ioctls)) {
++ drm_ioctl_compat_t fn = radeon_compat_ioctls[nr - DRM_COMMAND_BASE];
+ ret = (*fn) (filp, cmd, arg);
+- else
++ } else
+ ret = drm_ioctl(filp, cmd, arg);
+
+ return ret;
diff --git a/drivers/gpu/drm/radeon/radeon_irq.c b/drivers/gpu/drm/radeon/radeon_irq.c
index e771033..a0bc6b3 100644
--- a/drivers/gpu/drm/radeon/radeon_irq.c
DRM_DEBUG("pid=%d\n", DRM_CURRENTPID);
diff --git a/drivers/gpu/drm/radeon/radeon_ttm.c b/drivers/gpu/drm/radeon/radeon_ttm.c
-index 5ebe1b3..1ed9426 100644
+index 93f760e..8088227 100644
--- a/drivers/gpu/drm/radeon/radeon_ttm.c
+++ b/drivers/gpu/drm/radeon/radeon_ttm.c
-@@ -822,8 +822,10 @@ int radeon_mmap(struct file *filp, struct vm_area_struct *vma)
+@@ -782,7 +782,7 @@ void radeon_ttm_set_active_vram_size(struct radeon_device *rdev, u64 size)
+ man->size = size >> PAGE_SHIFT;
+ }
+
+-static struct vm_operations_struct radeon_ttm_vm_ops;
++static vm_operations_struct_no_const radeon_ttm_vm_ops __read_only;
+ static const struct vm_operations_struct *ttm_vm_ops = NULL;
+
+ static int radeon_ttm_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
+@@ -823,8 +823,10 @@ int radeon_mmap(struct file *filp, struct vm_area_struct *vma)
}
if (unlikely(ttm_vm_ops == NULL)) {
ttm_vm_ops = vma->vm_ops;
-- radeon_ttm_vm_ops = *ttm_vm_ops;
-- radeon_ttm_vm_ops.fault = &radeon_ttm_fault;
+ pax_open_kernel();
-+ memcpy((void *)&radeon_ttm_vm_ops, ttm_vm_ops, sizeof(radeon_ttm_vm_ops));
-+ *(void **)&radeon_ttm_vm_ops.fault = &radeon_ttm_fault;
+ radeon_ttm_vm_ops = *ttm_vm_ops;
+ radeon_ttm_vm_ops.fault = &radeon_ttm_fault;
+ pax_close_kernel();
}
vma->vm_ops = &radeon_ttm_vm_ops;
return 0;
+@@ -862,28 +864,33 @@ static int radeon_ttm_debugfs_init(struct radeon_device *rdev)
+ sprintf(radeon_mem_types_names[i], "radeon_vram_mm");
+ else
+ sprintf(radeon_mem_types_names[i], "radeon_gtt_mm");
+- radeon_mem_types_list[i].name = radeon_mem_types_names[i];
+- radeon_mem_types_list[i].show = &radeon_mm_dump_table;
+- radeon_mem_types_list[i].driver_features = 0;
++ pax_open_kernel();
++ *(const char **)&radeon_mem_types_list[i].name = radeon_mem_types_names[i];
++ *(void **)&radeon_mem_types_list[i].show = &radeon_mm_dump_table;
++ *(u32 *)&radeon_mem_types_list[i].driver_features = 0;
+ if (i == 0)
+- radeon_mem_types_list[i].data = rdev->mman.bdev.man[TTM_PL_VRAM].priv;
++ *(void **)&radeon_mem_types_list[i].data = rdev->mman.bdev.man[TTM_PL_VRAM].priv;
+ else
+- radeon_mem_types_list[i].data = rdev->mman.bdev.man[TTM_PL_TT].priv;
+-
++ *(void **)&radeon_mem_types_list[i].data = rdev->mman.bdev.man[TTM_PL_TT].priv;
++ pax_close_kernel();
+ }
+ /* Add ttm page pool to debugfs */
+ sprintf(radeon_mem_types_names[i], "ttm_page_pool");
+- radeon_mem_types_list[i].name = radeon_mem_types_names[i];
+- radeon_mem_types_list[i].show = &ttm_page_alloc_debugfs;
+- radeon_mem_types_list[i].driver_features = 0;
+- radeon_mem_types_list[i++].data = NULL;
++ pax_open_kernel();
++ *(const char **)&radeon_mem_types_list[i].name = radeon_mem_types_names[i];
++ *(void **)&radeon_mem_types_list[i].show = &ttm_page_alloc_debugfs;
++ *(u32 *)&radeon_mem_types_list[i].driver_features = 0;
++ *(void **)&radeon_mem_types_list[i++].data = NULL;
++ pax_close_kernel();
+ #ifdef CONFIG_SWIOTLB
+ if (swiotlb_nr_tbl()) {
+ sprintf(radeon_mem_types_names[i], "ttm_dma_page_pool");
+- radeon_mem_types_list[i].name = radeon_mem_types_names[i];
+- radeon_mem_types_list[i].show = &ttm_dma_page_alloc_debugfs;
+- radeon_mem_types_list[i].driver_features = 0;
+- radeon_mem_types_list[i++].data = NULL;
++ pax_open_kernel();
++ *(const char **)&radeon_mem_types_list[i].name = radeon_mem_types_names[i];
++ *(void **)&radeon_mem_types_list[i].show = &ttm_dma_page_alloc_debugfs;
++ *(u32 *)&radeon_mem_types_list[i].driver_features = 0;
++ *(void **)&radeon_mem_types_list[i++].data = NULL;
++ pax_close_kernel();
+ }
+ #endif
+ return radeon_debugfs_add_files(rdev, radeon_mem_types_list, i);
diff --git a/drivers/gpu/drm/radeon/rs690.c b/drivers/gpu/drm/radeon/rs690.c
index 5706d2a..17aedaa 100644
--- a/drivers/gpu/drm/radeon/rs690.c
struct ttm_page_pool *pool;
int shrink_pages = sc->nr_to_scan;
+diff --git a/drivers/gpu/drm/udl/udl_fb.c b/drivers/gpu/drm/udl/udl_fb.c
+index 1eb060c..188b1fc 100644
+--- a/drivers/gpu/drm/udl/udl_fb.c
++++ b/drivers/gpu/drm/udl/udl_fb.c
+@@ -367,7 +367,6 @@ static int udl_fb_release(struct fb_info *info, int user)
+ fb_deferred_io_cleanup(info);
+ kfree(info->fbdefio);
+ info->fbdefio = NULL;
+- info->fbops->fb_mmap = udl_fb_mmap;
+ }
+
+ pr_warn("released /dev/fb%d user=%d count=%d\n",
diff --git a/drivers/gpu/drm/via/via_drv.h b/drivers/gpu/drm/via/via_drv.h
index 893a650..6190d3b 100644
--- a/drivers/gpu/drm/via/via_drv.h
case VIA_IRQ_ABSOLUTE:
break;
diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h
-index 88a179e..57fe50481c 100644
+index 13aeda7..4a952d1 100644
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h
-@@ -263,7 +263,7 @@ struct vmw_private {
+@@ -290,7 +290,7 @@ struct vmw_private {
* Fencing and IRQs.
*/
marker = list_first_entry(&queue->head,
struct vmw_marker, head);
diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
-index 52146db..ae33762 100644
+index ceb3040..6160c5c 100644
--- a/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
-@@ -2201,7 +2201,7 @@ static bool hid_ignore(struct hid_device *hdev)
+@@ -2242,7 +2242,7 @@ EXPORT_SYMBOL_GPL(hid_ignore);
int hid_add_device(struct hid_device *hdev)
{
int ret;
if (WARN_ON(hdev->status & HID_STAT_ADDED))
-@@ -2236,7 +2236,7 @@ int hid_add_device(struct hid_device *hdev)
+@@ -2276,7 +2276,7 @@ int hid_add_device(struct hid_device *hdev)
/* XXX hack, any other cleaner solution after the driver core
* is converted to allow more than 20 bytes as the device name? */
dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus,
return -EFAULT;
*off += size;
-diff --git a/drivers/hid/usbhid/hiddev.c b/drivers/hid/usbhid/hiddev.c
-index 14599e2..711c965 100644
---- a/drivers/hid/usbhid/hiddev.c
-+++ b/drivers/hid/usbhid/hiddev.c
-@@ -625,7 +625,7 @@ static long hiddev_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
- break;
-
- case HIDIOCAPPLICATION:
-- if (arg < 0 || arg >= hid->maxapplication)
-+ if (arg >= hid->maxapplication)
- break;
-
- for (i = 0; i < hid->maxcollection; i++)
diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c
-index f4c3d28..82f45a9 100644
+index 773a2f2..7ce08bc 100644
--- a/drivers/hv/channel.c
+++ b/drivers/hv/channel.c
-@@ -402,8 +402,8 @@ int vmbus_establish_gpadl(struct vmbus_channel *channel, void *kbuffer,
+@@ -394,8 +394,8 @@ int vmbus_establish_gpadl(struct vmbus_channel *channel, void *kbuffer,
int ret = 0;
int t;
child_device_obj->device.bus = &hv_bus;
child_device_obj->device.parent = &hv_acpi_dev->dev;
+diff --git a/drivers/hwmon/acpi_power_meter.c b/drivers/hwmon/acpi_power_meter.c
+index 1672e2a..4a6297c 100644
+--- a/drivers/hwmon/acpi_power_meter.c
++++ b/drivers/hwmon/acpi_power_meter.c
+@@ -117,7 +117,7 @@ struct sensor_template {
+ struct device_attribute *devattr,
+ const char *buf, size_t count);
+ int index;
+-};
++} __do_const;
+
+ /* Averaging interval */
+ static int update_avg_interval(struct acpi_power_meter_resource *resource)
+@@ -629,7 +629,7 @@ static int register_attrs(struct acpi_power_meter_resource *resource,
+ struct sensor_template *attrs)
+ {
+ struct device *dev = &resource->acpi_dev->dev;
+- struct sensor_device_attribute *sensors =
++ sensor_device_attribute_no_const *sensors =
+ &resource->sensors[resource->num_sensors];
+ int res = 0;
+
+diff --git a/drivers/hwmon/applesmc.c b/drivers/hwmon/applesmc.c
+index b41baff..4953e4d 100644
+--- a/drivers/hwmon/applesmc.c
++++ b/drivers/hwmon/applesmc.c
+@@ -1084,7 +1084,7 @@ static int applesmc_create_nodes(struct applesmc_node_group *groups, int num)
+ {
+ struct applesmc_node_group *grp;
+ struct applesmc_dev_attr *node;
+- struct attribute *attr;
++ attribute_no_const *attr;
+ int ret, i;
+
+ for (grp = groups; grp->format; grp++) {
+diff --git a/drivers/hwmon/asus_atk0110.c b/drivers/hwmon/asus_atk0110.c
+index 56dbcfb..9874bf1 100644
+--- a/drivers/hwmon/asus_atk0110.c
++++ b/drivers/hwmon/asus_atk0110.c
+@@ -152,10 +152,10 @@ MODULE_DEVICE_TABLE(acpi, atk_ids);
+ struct atk_sensor_data {
+ struct list_head list;
+ struct atk_data *data;
+- struct device_attribute label_attr;
+- struct device_attribute input_attr;
+- struct device_attribute limit1_attr;
+- struct device_attribute limit2_attr;
++ device_attribute_no_const label_attr;
++ device_attribute_no_const input_attr;
++ device_attribute_no_const limit1_attr;
++ device_attribute_no_const limit2_attr;
+ char label_attr_name[ATTR_NAME_SIZE];
+ char input_attr_name[ATTR_NAME_SIZE];
+ char limit1_attr_name[ATTR_NAME_SIZE];
+@@ -275,7 +275,7 @@ static ssize_t atk_name_show(struct device *dev,
+ static struct device_attribute atk_name_attr =
+ __ATTR(name, 0444, atk_name_show, NULL);
+
+-static void atk_init_attribute(struct device_attribute *attr, char *name,
++static void atk_init_attribute(device_attribute_no_const *attr, char *name,
+ sysfs_show_func show)
+ {
+ sysfs_attr_init(&attr->attr);
+diff --git a/drivers/hwmon/coretemp.c b/drivers/hwmon/coretemp.c
+index d64923d..72591e8 100644
+--- a/drivers/hwmon/coretemp.c
++++ b/drivers/hwmon/coretemp.c
+@@ -790,7 +790,7 @@ static int __cpuinit coretemp_cpu_callback(struct notifier_block *nfb,
+ return NOTIFY_OK;
+ }
+
+-static struct notifier_block coretemp_cpu_notifier __refdata = {
++static struct notifier_block coretemp_cpu_notifier = {
+ .notifier_call = coretemp_cpu_callback,
+ };
+
+diff --git a/drivers/hwmon/ibmaem.c b/drivers/hwmon/ibmaem.c
+index a14f634..2916ee2 100644
+--- a/drivers/hwmon/ibmaem.c
++++ b/drivers/hwmon/ibmaem.c
+@@ -925,7 +925,7 @@ static int aem_register_sensors(struct aem_data *data,
+ struct aem_rw_sensor_template *rw)
+ {
+ struct device *dev = &data->pdev->dev;
+- struct sensor_device_attribute *sensors = data->sensors;
++ sensor_device_attribute_no_const *sensors = data->sensors;
+ int err;
+
+ /* Set up read-only sensors */
+diff --git a/drivers/hwmon/pmbus/pmbus_core.c b/drivers/hwmon/pmbus/pmbus_core.c
+index 7d19b1b..8fdaaac 100644
+--- a/drivers/hwmon/pmbus/pmbus_core.c
++++ b/drivers/hwmon/pmbus/pmbus_core.c
+@@ -811,7 +811,7 @@ static ssize_t pmbus_show_label(struct device *dev,
+
+ #define PMBUS_ADD_ATTR(data, _name, _idx, _mode, _type, _show, _set) \
+ do { \
+- struct sensor_device_attribute *a \
++ sensor_device_attribute_no_const *a \
+ = &data->_type##s[data->num_##_type##s].attribute; \
+ BUG_ON(data->num_attributes >= data->max_attributes); \
+ sysfs_attr_init(&a->dev_attr.attr); \
diff --git a/drivers/hwmon/sht15.c b/drivers/hwmon/sht15.c
-index 07a0c1a..0cac334 100644
+index 8047fed..1e956f0 100644
--- a/drivers/hwmon/sht15.c
+++ b/drivers/hwmon/sht15.c
@@ -169,7 +169,7 @@ struct sht15_data {
return;
}
+diff --git a/drivers/hwmon/via-cputemp.c b/drivers/hwmon/via-cputemp.c
+index 76f157b..9c0db1b 100644
+--- a/drivers/hwmon/via-cputemp.c
++++ b/drivers/hwmon/via-cputemp.c
+@@ -296,7 +296,7 @@ static int __cpuinit via_cputemp_cpu_callback(struct notifier_block *nfb,
+ return NOTIFY_OK;
+ }
+
+-static struct notifier_block via_cputemp_cpu_notifier __refdata = {
++static struct notifier_block via_cputemp_cpu_notifier = {
+ .notifier_call = via_cputemp_cpu_callback,
+ };
+
diff --git a/drivers/i2c/busses/i2c-amd756-s4882.c b/drivers/i2c/busses/i2c-amd756-s4882.c
index 378fcb5..5e91fa8 100644
--- a/drivers/i2c/busses/i2c-amd756-s4882.c
drive->dma = 0;
}
}
+diff --git a/drivers/iio/industrialio-core.c b/drivers/iio/industrialio-core.c
+index 8848f16..f8e6dd8 100644
+--- a/drivers/iio/industrialio-core.c
++++ b/drivers/iio/industrialio-core.c
+@@ -506,7 +506,7 @@ static ssize_t iio_write_channel_info(struct device *dev,
+ }
+
+ static
+-int __iio_device_attr_init(struct device_attribute *dev_attr,
++int __iio_device_attr_init(device_attribute_no_const *dev_attr,
+ const char *postfix,
+ struct iio_chan_spec const *chan,
+ ssize_t (*readfunc)(struct device *dev,
diff --git a/drivers/infiniband/core/cm.c b/drivers/infiniband/core/cm.c
index 394fea2..c833880 100644
--- a/drivers/infiniband/core/cm.c
sdata, wqe->wr.wr.atomic.swap);
goto send_comp;
diff --git a/drivers/infiniband/hw/nes/nes.c b/drivers/infiniband/hw/nes/nes.c
-index 748db2d..5f75cc3 100644
+index 5b152a3..c1f3e83 100644
--- a/drivers/infiniband/hw/nes/nes.c
+++ b/drivers/infiniband/hw/nes/nes.c
@@ -98,7 +98,7 @@ MODULE_PARM_DESC(limit_maxrdreqsz, "Limit max read request size to 256 Bytes");
extern u32 int_mod_timer_init;
extern u32 int_mod_cq_depth_256;
diff --git a/drivers/infiniband/hw/nes/nes_cm.c b/drivers/infiniband/hw/nes/nes_cm.c
-index cfaacaf..fa0722e 100644
+index 22ea67e..dcbe3bc 100644
--- a/drivers/infiniband/hw/nes/nes_cm.c
+++ b/drivers/infiniband/hw/nes/nes_cm.c
@@ -68,14 +68,14 @@ u32 cm_packets_dropped;
int nes_add_ref_cm_node(struct nes_cm_node *cm_node)
{
-@@ -1281,7 +1281,7 @@ static int mini_cm_dec_refcnt_listen(struct nes_cm_core *cm_core,
+@@ -1272,7 +1272,7 @@ static int mini_cm_dec_refcnt_listen(struct nes_cm_core *cm_core,
kfree(listener);
listener = NULL;
ret = 0;
} else {
spin_unlock_irqrestore(&cm_core->listen_list_lock, flags);
}
-@@ -1480,7 +1480,7 @@ static struct nes_cm_node *make_cm_node(struct nes_cm_core *cm_core,
+@@ -1466,7 +1466,7 @@ static struct nes_cm_node *make_cm_node(struct nes_cm_core *cm_core,
cm_node->rem_mac);
add_hte_node(cm_core, cm_node);
return cm_node;
}
-@@ -1538,7 +1538,7 @@ static int rem_ref_cm_node(struct nes_cm_core *cm_core,
+@@ -1524,7 +1524,7 @@ static int rem_ref_cm_node(struct nes_cm_core *cm_core,
}
atomic_dec(&cm_core->node_cnt);
nesqp = cm_node->nesqp;
if (nesqp) {
nesqp->cm_node = NULL;
-@@ -1602,7 +1602,7 @@ static int process_options(struct nes_cm_node *cm_node, u8 *optionsloc,
+@@ -1588,7 +1588,7 @@ static int process_options(struct nes_cm_node *cm_node, u8 *optionsloc,
static void drop_packet(struct sk_buff *skb)
{
dev_kfree_skb_any(skb);
}
-@@ -1665,7 +1665,7 @@ static void handle_rst_pkt(struct nes_cm_node *cm_node, struct sk_buff *skb,
+@@ -1651,7 +1651,7 @@ static void handle_rst_pkt(struct nes_cm_node *cm_node, struct sk_buff *skb,
{
int reset = 0; /* whether to send reset in case of err.. */
nes_debug(NES_DBG_CM, "Received Reset, cm_node = %p, state = %u."
" refcnt=%d\n", cm_node, cm_node->state,
atomic_read(&cm_node->ref_count));
-@@ -2306,7 +2306,7 @@ static struct nes_cm_node *mini_cm_connect(struct nes_cm_core *cm_core,
+@@ -2292,7 +2292,7 @@ static struct nes_cm_node *mini_cm_connect(struct nes_cm_core *cm_core,
rem_ref_cm_node(cm_node->cm_core, cm_node);
return NULL;
}
loopbackremotenode->loopbackpartner = cm_node;
loopbackremotenode->tcp_cntxt.rcv_wscale =
NES_CM_DEFAULT_RCV_WND_SCALE;
-@@ -2581,7 +2581,7 @@ static int mini_cm_recv_pkt(struct nes_cm_core *cm_core,
+@@ -2567,7 +2567,7 @@ static int mini_cm_recv_pkt(struct nes_cm_core *cm_core,
nes_queue_mgt_skbs(skb, nesvnic, cm_node->nesqp);
else {
rem_ref_cm_node(cm_core, cm_node);
dev_kfree_skb_any(skb);
}
break;
-@@ -2889,7 +2889,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp)
+@@ -2875,7 +2875,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp)
if ((cm_id) && (cm_id->event_handler)) {
if (issue_disconn) {
cm_event.event = IW_CM_EVENT_DISCONNECT;
cm_event.status = disconn_status;
cm_event.local_addr = cm_id->local_addr;
-@@ -2911,7 +2911,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp)
+@@ -2897,7 +2897,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp)
}
if (issue_close) {
nes_disconnect(nesqp, 1);
cm_id->provider_data = nesqp;
-@@ -3047,7 +3047,7 @@ int nes_accept(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param)
+@@ -3033,7 +3033,7 @@ int nes_accept(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param)
nes_debug(NES_DBG_CM, "QP%u, cm_node=%p, jiffies = %lu listener = %p\n",
nesqp->hwqp.qp_id, cm_node, jiffies, cm_node->listener);
nes_debug(NES_DBG_CM, "netdev refcnt = %u.\n",
netdev_refcnt_read(nesvnic->netdev));
-@@ -3242,7 +3242,7 @@ int nes_reject(struct iw_cm_id *cm_id, const void *pdata, u8 pdata_len)
+@@ -3228,7 +3228,7 @@ int nes_reject(struct iw_cm_id *cm_id, const void *pdata, u8 pdata_len)
struct nes_cm_core *cm_core;
u8 *start_buff;
cm_node = (struct nes_cm_node *)cm_id->provider_data;
loopback = cm_node->loopbackpartner;
cm_core = cm_node->cm_core;
-@@ -3302,7 +3302,7 @@ int nes_connect(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param)
+@@ -3288,7 +3288,7 @@ int nes_connect(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param)
ntohl(cm_id->local_addr.sin_addr.s_addr),
ntohs(cm_id->local_addr.sin_port));
nesqp->active_conn = 1;
/* cache the cm_id in the qp */
-@@ -3412,7 +3412,7 @@ int nes_create_listen(struct iw_cm_id *cm_id, int backlog)
+@@ -3398,7 +3398,7 @@ int nes_create_listen(struct iw_cm_id *cm_id, int backlog)
g_cm_core->api->stop_listener(g_cm_core, (void *)cm_node);
return err;
}
}
cm_id->add_ref(cm_id);
-@@ -3513,7 +3513,7 @@ static void cm_event_connected(struct nes_cm_event *event)
+@@ -3499,7 +3499,7 @@ static void cm_event_connected(struct nes_cm_event *event)
if (nesqp->destroyed)
return;
nes_debug(NES_DBG_CM, "QP%u attempting to connect to 0x%08X:0x%04X on"
" local port 0x%04X. jiffies = %lu.\n",
nesqp->hwqp.qp_id,
-@@ -3693,7 +3693,7 @@ static void cm_event_reset(struct nes_cm_event *event)
+@@ -3679,7 +3679,7 @@ static void cm_event_reset(struct nes_cm_event *event)
cm_id->add_ref(cm_id);
ret = cm_id->event_handler(cm_id, &cm_event);
cm_event.event = IW_CM_EVENT_CLOSE;
cm_event.status = 0;
cm_event.provider_data = cm_id->provider_data;
-@@ -3729,7 +3729,7 @@ static void cm_event_mpa_req(struct nes_cm_event *event)
+@@ -3715,7 +3715,7 @@ static void cm_event_mpa_req(struct nes_cm_event *event)
return;
cm_id = cm_node->cm_id;
nes_debug(NES_DBG_CM, "cm_node = %p - cm_id = %p, jiffies = %lu\n",
cm_node, cm_id, jiffies);
-@@ -3769,7 +3769,7 @@ static void cm_event_mpa_reject(struct nes_cm_event *event)
+@@ -3755,7 +3755,7 @@ static void cm_event_mpa_reject(struct nes_cm_event *event)
return;
cm_id = cm_node->cm_id;
cm_node, cm_id, jiffies);
diff --git a/drivers/infiniband/hw/nes/nes_mgt.c b/drivers/infiniband/hw/nes/nes_mgt.c
-index 3ba7be3..c81f6ff 100644
+index 4166452..fc952c3 100644
--- a/drivers/infiniband/hw/nes/nes_mgt.c
+++ b/drivers/infiniband/hw/nes/nes_mgt.c
@@ -40,8 +40,8 @@
/* Free packets that have not yet been forwarded */
/* Lock is acquired by skb_dequeue when removing the skb */
-@@ -812,7 +812,7 @@ static void nes_mgt_ce_handler(struct nes_device *nesdev, struct nes_hw_nic_cq *
+@@ -810,7 +810,7 @@ static void nes_mgt_ce_handler(struct nes_device *nesdev, struct nes_hw_nic_cq *
cq->cq_vbase[head].cqe_words[NES_NIC_CQE_HASH_RCVNXT]);
skb_queue_head_init(&nesqp->pau_list);
spin_lock_init(&nesqp->pau_lock);
}
diff --git a/drivers/infiniband/hw/nes/nes_nic.c b/drivers/infiniband/hw/nes/nes_nic.c
-index 0564be7..f68b0f1 100644
+index 9542e16..a008c40 100644
--- a/drivers/infiniband/hw/nes/nes_nic.c
+++ b/drivers/infiniband/hw/nes/nes_nic.c
-@@ -1272,39 +1272,39 @@ static void nes_netdev_get_ethtool_stats(struct net_device *netdev,
+@@ -1273,39 +1273,39 @@ static void nes_netdev_get_ethtool_stats(struct net_device *netdev,
target_stat_values[++index] = mh_detected;
target_stat_values[++index] = mh_pauses_sent;
target_stat_values[++index] = nesvnic->endnode_ipv4_tcp_retransmits;
gameport->dev.release = gameport_release_port;
if (gameport->parent)
diff --git a/drivers/input/input.c b/drivers/input/input.c
-index 53a0dde..abffda7 100644
+index c044699..174d71a 100644
--- a/drivers/input/input.c
+++ b/drivers/input/input.c
-@@ -1902,7 +1902,7 @@ static void input_cleanse_bitmasks(struct input_dev *dev)
+@@ -2019,7 +2019,7 @@ static void devm_input_device_unregister(struct device *dev, void *res)
*/
int input_register_device(struct input_dev *dev)
{
- static atomic_t input_no = ATOMIC_INIT(0);
+ static atomic_unchecked_t input_no = ATOMIC_INIT(0);
+ struct input_devres *devres = NULL;
struct input_handler *handler;
unsigned int packet_size;
- const char *path;
-@@ -1945,7 +1945,7 @@ int input_register_device(struct input_dev *dev)
+@@ -2074,7 +2074,7 @@ int input_register_device(struct input_dev *dev)
dev->setkeycode = input_default_setkeycode;
dev_set_name(&dev->dev, "input%ld",
#include <linux/input.h>
#include <linux/gameport.h>
diff --git a/drivers/input/joystick/xpad.c b/drivers/input/joystick/xpad.c
-index 83811e4..0822b90 100644
+index d6cbfe9..6225402 100644
--- a/drivers/input/joystick/xpad.c
+++ b/drivers/input/joystick/xpad.c
-@@ -726,7 +726,7 @@ static void xpad_led_set(struct led_classdev *led_cdev,
+@@ -735,7 +735,7 @@ static void xpad_led_set(struct led_classdev *led_cdev,
static int xpad_led_probe(struct usb_xpad *xpad)
{
long led_no;
struct xpad_led *led;
struct led_classdev *led_cdev;
-@@ -739,7 +739,7 @@ static int xpad_led_probe(struct usb_xpad *xpad)
+@@ -748,7 +748,7 @@ static int xpad_led_probe(struct usb_xpad *xpad)
if (!led)
return -ENOMEM;
snprintf(led->name, sizeof(led->name), "xpad%ld", led_no);
led->xpad = xpad;
+diff --git a/drivers/input/mouse/psmouse.h b/drivers/input/mouse/psmouse.h
+index fe1df23..5b710f3 100644
+--- a/drivers/input/mouse/psmouse.h
++++ b/drivers/input/mouse/psmouse.h
+@@ -115,7 +115,7 @@ struct psmouse_attribute {
+ ssize_t (*set)(struct psmouse *psmouse, void *data,
+ const char *buf, size_t count);
+ bool protect;
+-};
++} __do_const;
+ #define to_psmouse_attr(a) container_of((a), struct psmouse_attribute, dattr)
+
+ ssize_t psmouse_attr_show_helper(struct device *dev, struct device_attribute *attr,
diff --git a/drivers/input/mousedev.c b/drivers/input/mousedev.c
index 4c842c3..590b0bf 100644
--- a/drivers/input/mousedev.c
return count;
diff --git a/drivers/input/serio/serio.c b/drivers/input/serio/serio.c
-index d0f7533..fb8215b 100644
+index 25fc597..558bf3b 100644
--- a/drivers/input/serio/serio.c
+++ b/drivers/input/serio/serio.c
@@ -496,7 +496,7 @@ static void serio_release_port(struct device *dev)
serio->dev.bus = &serio_bus;
serio->dev.release = serio_release_port;
serio->dev.groups = serio_device_attr_groups;
-diff --git a/drivers/iommu/amd_iommu_init.c b/drivers/iommu/amd_iommu_init.c
-index faf10ba..7cfaba9 100644
---- a/drivers/iommu/amd_iommu_init.c
-+++ b/drivers/iommu/amd_iommu_init.c
-@@ -1922,7 +1922,7 @@ static int __init state_next(void)
- case IOMMU_ACPI_FINISHED:
- early_enable_iommus();
- register_syscore_ops(&amd_iommu_syscore_ops);
-- x86_platform.iommu_shutdown = disable_iommus;
-+ *(void **)&x86_platform.iommu_shutdown = disable_iommus;
- init_state = IOMMU_ENABLED;
- break;
- case IOMMU_ENABLED:
-@@ -2064,7 +2064,7 @@ int __init amd_iommu_detect(void)
-
- amd_iommu_detected = true;
- iommu_detected = 1;
-- x86_init.iommu.iommu_init = amd_iommu_init;
-+ *(void **)&x86_init.iommu.iommu_init = amd_iommu_init;
-
- return 0;
+diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
+index ddbdaca..be18a78 100644
+--- a/drivers/iommu/iommu.c
++++ b/drivers/iommu/iommu.c
+@@ -554,7 +554,7 @@ static struct notifier_block iommu_bus_nb = {
+ static void iommu_bus_init(struct bus_type *bus, struct iommu_ops *ops)
+ {
+ bus_register_notifier(bus, &iommu_bus_nb);
+- bus_for_each_dev(bus, NULL, ops, add_iommu_group);
++ bus_for_each_dev(bus, NULL, (void *)ops, add_iommu_group);
}
-diff --git a/drivers/iommu/dmar.c b/drivers/iommu/dmar.c
-index 86e2f4a..d1cec5d 100644
---- a/drivers/iommu/dmar.c
-+++ b/drivers/iommu/dmar.c
-@@ -555,7 +555,7 @@ int __init detect_intel_iommu(void)
- #ifdef CONFIG_X86
- if (ret)
-- x86_init.iommu.iommu_init = intel_iommu_init;
-+ *(void **)&x86_init.iommu.iommu_init = intel_iommu_init;
- #endif
- }
- early_acpi_os_unmap_memory(dmar_tbl, dmar_tbl_size);
+ /**
diff --git a/drivers/isdn/capi/capi.c b/drivers/isdn/capi/capi.c
-index c679867..6e2e34d 100644
+index 89562a8..218999b 100644
--- a/drivers/isdn/capi/capi.c
+++ b/drivers/isdn/capi/capi.c
-@@ -83,8 +83,8 @@ struct capiminor {
+@@ -81,8 +81,8 @@ struct capiminor {
struct capi20_appl *ap;
u32 ncci;
struct tty_port port;
int ttyinstop;
-@@ -393,7 +393,7 @@ gen_data_b3_resp_for(struct capiminor *mp, struct sk_buff *skb)
+@@ -391,7 +391,7 @@ gen_data_b3_resp_for(struct capiminor *mp, struct sk_buff *skb)
capimsg_setu16(s, 2, mp->ap->applid);
capimsg_setu8 (s, 4, CAPI_DATA_B3);
capimsg_setu8 (s, 5, CAPI_RESP);
capimsg_setu32(s, 8, mp->ncci);
capimsg_setu16(s, 12, datahandle);
}
-@@ -514,14 +514,14 @@ static void handle_minor_send(struct capiminor *mp)
+@@ -512,14 +512,14 @@ static void handle_minor_send(struct capiminor *mp)
mp->outbytes -= len;
spin_unlock_bh(&mp->outlock);
} else {
memcpy(buf, dp, left);
diff --git a/drivers/isdn/i4l/isdn_tty.c b/drivers/isdn/i4l/isdn_tty.c
-index b817809..409caff 100644
+index e09dc8a..15e2efb 100644
--- a/drivers/isdn/i4l/isdn_tty.c
+++ b/drivers/isdn/i4l/isdn_tty.c
@@ -1513,9 +1513,9 @@ isdn_tty_open(struct tty_struct *tty, struct file *filp)
port->flags &= ~ASYNC_NORMAL_ACTIVE;
port->tty = NULL;
wake_up_interruptible(&port->open_wait);
-@@ -1971,7 +1971,7 @@ isdn_tty_find_icall(int di, int ch, setup_parm *setup)
+@@ -1975,7 +1975,7 @@ isdn_tty_find_icall(int di, int ch, setup_parm *setup)
for (i = 0; i < ISDN_MAX_CHANNELS; i++) {
modem_info *info = &dev->mdm.info[i];
return -EFAULT;
} else
memcpy(msg, buf, count);
+diff --git a/drivers/leds/leds-clevo-mail.c b/drivers/leds/leds-clevo-mail.c
+index 6a8405d..0bd1c7e 100644
+--- a/drivers/leds/leds-clevo-mail.c
++++ b/drivers/leds/leds-clevo-mail.c
+@@ -40,7 +40,7 @@ static int __init clevo_mail_led_dmi_callback(const struct dmi_system_id *id)
+ * detected as working, but in reality it is not) as low as
+ * possible.
+ */
+-static struct dmi_system_id __initdata clevo_mail_led_dmi_table[] = {
++static const struct dmi_system_id __initconst clevo_mail_led_dmi_table[] = {
+ {
+ .callback = clevo_mail_led_dmi_callback,
+ .ident = "Clevo D410J",
+diff --git a/drivers/leds/leds-ss4200.c b/drivers/leds/leds-ss4200.c
+index ec9b287..65c9bf4 100644
+--- a/drivers/leds/leds-ss4200.c
++++ b/drivers/leds/leds-ss4200.c
+@@ -92,7 +92,7 @@ MODULE_PARM_DESC(nodetect, "Skip DMI-based hardware detection");
+ * detected as working, but in reality it is not) as low as
+ * possible.
+ */
+-static struct dmi_system_id __initdata nas_led_whitelist[] = {
++static const struct dmi_system_id __initconst nas_led_whitelist[] = {
+ {
+ .callback = ss4200_led_dmi_callback,
+ .ident = "Intel SS4200-E",
diff --git a/drivers/lguest/core.c b/drivers/lguest/core.c
-index b5fdcb7..5b6c59f 100644
+index a5ebc00..982886f 100644
--- a/drivers/lguest/core.c
+++ b/drivers/lguest/core.c
@@ -92,9 +92,17 @@ static __init int map_switcher(void)
seq_printf(seq, "\n");
diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c
-index a651d52..82f8a95 100644
+index eee353d..74504c4 100644
--- a/drivers/md/dm-ioctl.c
+++ b/drivers/md/dm-ioctl.c
-@@ -1601,7 +1601,7 @@ static int validate_params(uint cmd, struct dm_ioctl *param)
+@@ -1632,7 +1632,7 @@ static int validate_params(uint cmd, struct dm_ioctl *param)
cmd == DM_LIST_VERSIONS_CMD)
return 0;
DMWARN("name not supplied when creating device");
return -EINVAL;
diff --git a/drivers/md/dm-raid1.c b/drivers/md/dm-raid1.c
-index fd61f98..8050783 100644
+index 7f24190..0e18099 100644
--- a/drivers/md/dm-raid1.c
+++ b/drivers/md/dm-raid1.c
@@ -40,7 +40,7 @@ enum dm_raid1_error {
unsigned long error_type;
struct dm_dev *dev;
sector_t offset;
-@@ -185,7 +185,7 @@ static struct mirror *get_valid_mirror(struct mirror_set *ms)
+@@ -183,7 +183,7 @@ static struct mirror *get_valid_mirror(struct mirror_set *ms)
struct mirror *m;
for (m = ms->mirror; m < ms->mirror + ms->nr_mirrors; m++)
return m;
return NULL;
-@@ -217,7 +217,7 @@ static void fail_mirror(struct mirror *m, enum dm_raid1_error error_type)
+@@ -215,7 +215,7 @@ static void fail_mirror(struct mirror *m, enum dm_raid1_error error_type)
* simple way to tell if a device has encountered
* errors.
*/
if (test_and_set_bit(error_type, &m->error_type))
return;
-@@ -408,7 +408,7 @@ static struct mirror *choose_mirror(struct mirror_set *ms, sector_t sector)
+@@ -406,7 +406,7 @@ static struct mirror *choose_mirror(struct mirror_set *ms, sector_t sector)
struct mirror *m = get_default_mirror(ms);
do {
return m;
if (m-- == ms->mirror)
-@@ -422,7 +422,7 @@ static int default_ok(struct mirror *m)
+@@ -420,7 +420,7 @@ static int default_ok(struct mirror *m)
{
struct mirror *default_mirror = get_default_mirror(m->ms);
}
static int mirror_available(struct mirror_set *ms, struct bio *bio)
-@@ -559,7 +559,7 @@ static void do_reads(struct mirror_set *ms, struct bio_list *reads)
+@@ -557,7 +557,7 @@ static void do_reads(struct mirror_set *ms, struct bio_list *reads)
*/
if (likely(region_in_sync(ms, region, 1)))
m = choose_mirror(ms, bio->bi_sector);
m = NULL;
if (likely(m))
-@@ -938,7 +938,7 @@ static int get_mirror(struct mirror_set *ms, struct dm_target *ti,
+@@ -924,7 +924,7 @@ static int get_mirror(struct mirror_set *ms, struct dm_target *ti,
}
ms->mirror[mirror].ms = ms;
ms->mirror[mirror].error_type = 0;
ms->mirror[mirror].offset = offset;
-@@ -1356,7 +1356,7 @@ static void mirror_resume(struct dm_target *ti)
+@@ -1337,7 +1337,7 @@ static void mirror_resume(struct dm_target *ti)
*/
static char device_status_char(struct mirror *m)
{
return (test_bit(DM_RAID1_FLUSH_ERROR, &(m->error_type))) ? 'F' :
diff --git a/drivers/md/dm-stripe.c b/drivers/md/dm-stripe.c
-index e2f87653..f279abe 100644
+index aaecefa..23b3026 100644
--- a/drivers/md/dm-stripe.c
+++ b/drivers/md/dm-stripe.c
@@ -20,7 +20,7 @@ struct stripe {
};
struct stripe_c {
-@@ -183,7 +183,7 @@ static int stripe_ctr(struct dm_target *ti, unsigned int argc, char **argv)
+@@ -184,7 +184,7 @@ static int stripe_ctr(struct dm_target *ti, unsigned int argc, char **argv)
kfree(sc);
return r;
}
}
ti->private = sc;
-@@ -324,7 +324,7 @@ static int stripe_status(struct dm_target *ti, status_type_t type,
+@@ -325,7 +325,7 @@ static void stripe_status(struct dm_target *ti, status_type_t type,
DMEMIT("%d ", sc->stripes);
for (i = 0; i < sc->stripes; i++) {
DMEMIT("%s ", sc->stripe[i].dev->name);
'D' : 'A';
}
buffer[i] = '\0';
-@@ -371,8 +371,8 @@ static int stripe_end_io(struct dm_target *ti, struct bio *bio,
+@@ -370,8 +370,8 @@ static int stripe_end_io(struct dm_target *ti, struct bio *bio, int error)
*/
for (i = 0; i < sc->stripes; i++)
if (!strcmp(sc->stripe[i].dev->name, major_minor)) {
schedule_work(&sc->trigger_event);
}
diff --git a/drivers/md/dm-table.c b/drivers/md/dm-table.c
-index fa29557..d24a5b7 100644
+index daf25d0..d74f49f 100644
--- a/drivers/md/dm-table.c
+++ b/drivers/md/dm-table.c
@@ -390,7 +390,7 @@ static int device_area_is_invalid(struct dm_target *ti, struct dm_dev *dev,
"start=%llu, len=%llu, dev_size=%llu",
dm_device_name(ti->table->md), bdevname(bdev, b),
diff --git a/drivers/md/dm-thin-metadata.c b/drivers/md/dm-thin-metadata.c
-index 693e149..b7e0fde 100644
+index 4d6e853..a234157 100644
--- a/drivers/md/dm-thin-metadata.c
+++ b/drivers/md/dm-thin-metadata.c
@@ -397,7 +397,7 @@ static void __setup_btree_details(struct dm_pool_metadata *pmd)
pmd->bl_info.value_type.inc = data_block_inc;
pmd->bl_info.value_type.dec = data_block_dec;
diff --git a/drivers/md/dm.c b/drivers/md/dm.c
-index 77e6eff..913d695 100644
+index 0d8f086..f5a91d5 100644
--- a/drivers/md/dm.c
+++ b/drivers/md/dm.c
-@@ -182,9 +182,9 @@ struct mapped_device {
+@@ -170,9 +170,9 @@ struct mapped_device {
/*
* Event handling.
*/
struct list_head uevent_list;
spinlock_t uevent_lock; /* Protect access to uevent_list */
-@@ -1847,8 +1847,8 @@ static struct mapped_device *alloc_dev(int minor)
+@@ -1872,8 +1872,8 @@ static struct mapped_device *alloc_dev(int minor)
rwlock_init(&md->map_lock);
atomic_set(&md->holders, 1);
atomic_set(&md->open_count, 0);
INIT_LIST_HEAD(&md->uevent_list);
spin_lock_init(&md->uevent_lock);
-@@ -1982,7 +1982,7 @@ static void event_callback(void *context)
+@@ -2026,7 +2026,7 @@ static void event_callback(void *context)
dm_send_uevents(&uevents, &disk_to_dev(md->disk)->kobj);
wake_up(&md->eventq);
}
-@@ -2637,18 +2637,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action,
+@@ -2683,18 +2683,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action,
uint32_t dm_next_uevent_seq(struct mapped_device *md)
{
void dm_uevent_add(struct mapped_device *md, struct list_head *elist)
diff --git a/drivers/md/md.c b/drivers/md/md.c
-index 6120071..31d9be2 100644
+index f363135..9b38815 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -240,10 +240,10 @@ EXPORT_SYMBOL_GPL(md_trim_bio);
wake_up(&md_event_waiters);
}
-@@ -1504,7 +1504,7 @@ static int super_1_load(struct md_rdev *rdev, struct md_rdev *refdev, int minor_
+@@ -1507,7 +1507,7 @@ static int super_1_load(struct md_rdev *rdev, struct md_rdev *refdev, int minor_
if ((le32_to_cpu(sb->feature_map) & MD_FEATURE_RESHAPE_ACTIVE) &&
(le32_to_cpu(sb->feature_map) & MD_FEATURE_NEW_OFFSET))
rdev->new_data_offset += (s32)le32_to_cpu(sb->new_offset);
rdev->sb_size = le32_to_cpu(sb->max_dev) * 2 + 256;
bmask = queue_logical_block_size(rdev->bdev->bd_disk->queue)-1;
-@@ -1748,7 +1748,7 @@ static void super_1_sync(struct mddev *mddev, struct md_rdev *rdev)
+@@ -1751,7 +1751,7 @@ static void super_1_sync(struct mddev *mddev, struct md_rdev *rdev)
else
sb->resync_offset = cpu_to_le64(0);
sb->raid_disks = cpu_to_le32(mddev->raid_disks);
sb->size = cpu_to_le64(mddev->dev_sectors);
-@@ -2748,7 +2748,7 @@ __ATTR(state, S_IRUGO|S_IWUSR, state_show, state_store);
+@@ -2751,7 +2751,7 @@ __ATTR(state, S_IRUGO|S_IWUSR, state_show, state_store);
static ssize_t
errors_show(struct md_rdev *rdev, char *page)
{
}
static ssize_t
-@@ -2757,7 +2757,7 @@ errors_store(struct md_rdev *rdev, const char *buf, size_t len)
+@@ -2760,7 +2760,7 @@ errors_store(struct md_rdev *rdev, const char *buf, size_t len)
char *e;
unsigned long n = simple_strtoul(buf, &e, 10);
if (*buf && (*e == 0 || *e == '\n')) {
return len;
}
return -EINVAL;
-@@ -3204,8 +3204,8 @@ int md_rdev_init(struct md_rdev *rdev)
+@@ -3210,8 +3210,8 @@ int md_rdev_init(struct md_rdev *rdev)
rdev->sb_loaded = 0;
rdev->bb_page = NULL;
atomic_set(&rdev->nr_pending, 0);
INIT_LIST_HEAD(&rdev->same_set);
init_waitqueue_head(&rdev->blocked_wait);
-@@ -6984,7 +6984,7 @@ static int md_seq_show(struct seq_file *seq, void *v)
+@@ -6987,7 +6987,7 @@ static int md_seq_show(struct seq_file *seq, void *v)
spin_unlock(&pers_lock);
seq_printf(seq, "\n");
return 0;
}
if (v == (void*)2) {
-@@ -7087,7 +7087,7 @@ static int md_seq_open(struct inode *inode, struct file *file)
+@@ -7090,7 +7090,7 @@ static int md_seq_open(struct inode *inode, struct file *file)
return error;
seq = file->private_data;
return error;
}
-@@ -7101,7 +7101,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait)
+@@ -7104,7 +7104,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait)
/* always allow read */
mask = POLLIN | POLLRDNORM;
mask |= POLLERR | POLLPRI;
return mask;
}
-@@ -7145,7 +7145,7 @@ static int is_mddev_idle(struct mddev *mddev, int init)
+@@ -7148,7 +7148,7 @@ static int is_mddev_idle(struct mddev *mddev, int init)
struct gendisk *disk = rdev->bdev->bd_contains->bd_disk;
curr_events = (int)part_stat_read(&disk->part0, sectors[0]) +
(int)part_stat_read(&disk->part0, sectors[1]) -
* as sync_io is counted when a request starts, and
* disk_stats is counted when it completes.
diff --git a/drivers/md/md.h b/drivers/md/md.h
-index af443ab..0f93be3 100644
+index eca59c3..7c42285 100644
--- a/drivers/md/md.h
+++ b/drivers/md/md.h
@@ -94,13 +94,13 @@ struct md_rdev {
* for reporting to userspace and storing
* in superblock.
*/
-@@ -432,7 +432,7 @@ static inline void rdev_dec_pending(struct md_rdev *rdev, struct mddev *mddev)
+@@ -434,7 +434,7 @@ static inline void rdev_dec_pending(struct md_rdev *rdev, struct mddev *mddev)
static inline void md_sync_acct(struct block_device *bdev, unsigned long nr_sectors)
{
/*----------------------------------------------------------------*/
diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c
-index a0f7309..5599dbc 100644
+index 75b1f89..00ba344 100644
--- a/drivers/md/raid1.c
+++ b/drivers/md/raid1.c
@@ -1819,7 +1819,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio)
"md/raid1:%s: read error corrected "
"(%d sectors at %llu on %s)\n",
diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
-index c9acbd7..386cd3e 100644
+index 8d925dc..11d674f 100644
--- a/drivers/md/raid10.c
+++ b/drivers/md/raid10.c
@@ -1878,7 +1878,7 @@ static void end_sync_read(struct bio *bio, int error)
rdev_dec_pending(rdev, mddev);
diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
-index a450268..c4168a9 100644
+index 19d77a0..56051b92 100644
--- a/drivers/md/raid5.c
+++ b/drivers/md/raid5.c
-@@ -1789,21 +1789,21 @@ static void raid5_end_read_request(struct bio * bi, int error)
+@@ -1797,21 +1797,21 @@ static void raid5_end_read_request(struct bio * bi, int error)
mdname(conf->mddev), STRIPE_SECTORS,
(unsigned long long)s,
bdevname(rdev->bdev, b));
if (test_bit(R5_ReadRepl, &sh->dev[i].flags))
printk_ratelimited(
KERN_WARNING
-@@ -1831,7 +1831,7 @@ static void raid5_end_read_request(struct bio * bi, int error)
+@@ -1839,7 +1839,7 @@ static void raid5_end_read_request(struct bio * bi, int error)
mdname(conf->mddev),
(unsigned long long)s,
bdn);
#if defined(CONFIG_DVB_DIB3000MB) || (defined(CONFIG_DVB_DIB3000MB_MODULE) && defined(MODULE))
extern struct dvb_frontend* dib3000mb_attach(const struct dib3000_config* config,
-diff --git a/drivers/media/pci/cx88/cx88-alsa.c b/drivers/media/pci/cx88/cx88-alsa.c
-index 3aa6856..435ad25 100644
---- a/drivers/media/pci/cx88/cx88-alsa.c
-+++ b/drivers/media/pci/cx88/cx88-alsa.c
-@@ -749,7 +749,7 @@ static struct snd_kcontrol_new snd_cx88_alc_switch = {
- * Only boards with eeprom and byte 1 at eeprom=1 have it
- */
-
--static const struct pci_device_id cx88_audio_pci_tbl[] __devinitdata = {
-+static const struct pci_device_id cx88_audio_pci_tbl[] __devinitconst = {
- {0x14f1,0x8801,PCI_ANY_ID,PCI_ANY_ID,0,0,0},
- {0x14f1,0x8811,PCI_ANY_ID,PCI_ANY_ID,0,0,0},
- {0, }
-diff --git a/drivers/media/pci/ddbridge/ddbridge-core.c b/drivers/media/pci/ddbridge/ddbridge-core.c
-index feff57e..66a2c67 100644
---- a/drivers/media/pci/ddbridge/ddbridge-core.c
-+++ b/drivers/media/pci/ddbridge/ddbridge-core.c
-@@ -1679,7 +1679,7 @@ static struct ddb_info ddb_v6 = {
- .subvendor = _subvend, .subdevice = _subdev, \
- .driver_data = (unsigned long)&_driverdata }
-
--static const struct pci_device_id ddb_id_tbl[] __devinitdata = {
-+static const struct pci_device_id ddb_id_tbl[] __devinitconst = {
- DDB_ID(DDVID, 0x0002, DDVID, 0x0001, ddb_octopus),
- DDB_ID(DDVID, 0x0003, DDVID, 0x0001, ddb_octopus),
- DDB_ID(DDVID, 0x0003, DDVID, 0x0002, ddb_octopus_le),
-diff --git a/drivers/media/pci/ngene/ngene-cards.c b/drivers/media/pci/ngene/ngene-cards.c
-index 96a13ed..6df45b4 100644
---- a/drivers/media/pci/ngene/ngene-cards.c
-+++ b/drivers/media/pci/ngene/ngene-cards.c
-@@ -741,7 +741,7 @@ static struct ngene_info ngene_info_terratec = {
-
- /****************************************************************************/
-
--static const struct pci_device_id ngene_id_tbl[] __devinitdata = {
-+static const struct pci_device_id ngene_id_tbl[] __devinitconst = {
- NGENE_ID(0x18c3, 0xabc3, ngene_info_cineS2),
- NGENE_ID(0x18c3, 0xabc4, ngene_info_cineS2),
- NGENE_ID(0x18c3, 0xdb01, ngene_info_satixS2),
diff --git a/drivers/media/platform/omap/omap_vout.c b/drivers/media/platform/omap/omap_vout.c
-index a3b1a34..71ce0e3 100644
+index 8e9a668..78d6310 100644
--- a/drivers/media/platform/omap/omap_vout.c
+++ b/drivers/media/platform/omap/omap_vout.c
-@@ -65,7 +65,6 @@ enum omap_vout_channels {
+@@ -63,7 +63,6 @@ enum omap_vout_channels {
OMAP_VIDEO2,
};
videobuf_queue_dma_contig_init(q, &video_vbq_ops, q->dev,
diff --git a/drivers/media/platform/s5p-tv/mixer.h b/drivers/media/platform/s5p-tv/mixer.h
-index ddb422e..8cf008e 100644
+index b671e20..34088b7 100644
--- a/drivers/media/platform/s5p-tv/mixer.h
+++ b/drivers/media/platform/s5p-tv/mixer.h
@@ -155,7 +155,7 @@ struct mxr_layer {
if (done && done != layer->shadow_buf)
vb2_buffer_done(&done->vb, VB2_BUF_STATE_DONE);
diff --git a/drivers/media/platform/s5p-tv/mixer_video.c b/drivers/media/platform/s5p-tv/mixer_video.c
-index 0c1cd89..6574647 100644
+index 1f3b743..e839271 100644
--- a/drivers/media/platform/s5p-tv/mixer_video.c
+++ b/drivers/media/platform/s5p-tv/mixer_video.c
-@@ -209,7 +209,7 @@ static void mxr_layer_default_geo(struct mxr_layer *layer)
+@@ -208,7 +208,7 @@ static void mxr_layer_default_geo(struct mxr_layer *layer)
layer->geo.src.height = layer->geo.src.full_height;
mxr_geometry_dump(mdev, &layer->geo);
mxr_geometry_dump(mdev, &layer->geo);
}
-@@ -227,7 +227,7 @@ static void mxr_layer_update_output(struct mxr_layer *layer)
+@@ -226,7 +226,7 @@ static void mxr_layer_update_output(struct mxr_layer *layer)
layer->geo.dst.full_width = mbus_fmt.width;
layer->geo.dst.full_height = mbus_fmt.height;
layer->geo.dst.field = mbus_fmt.field;
mxr_geometry_dump(mdev, &layer->geo);
}
-@@ -333,7 +333,7 @@ static int mxr_s_fmt(struct file *file, void *priv,
+@@ -332,7 +332,7 @@ static int mxr_s_fmt(struct file *file, void *priv,
/* set source size to highest accepted value */
geo->src.full_width = max(geo->dst.full_width, pix->width);
geo->src.full_height = max(geo->dst.full_height, pix->height);
mxr_geometry_dump(mdev, &layer->geo);
/* set cropping to total visible screen */
geo->src.width = pix->width;
-@@ -341,12 +341,12 @@ static int mxr_s_fmt(struct file *file, void *priv,
+@@ -340,12 +340,12 @@ static int mxr_s_fmt(struct file *file, void *priv,
geo->src.x_offset = 0;
geo->src.y_offset = 0;
/* assure consistency of geometry */
mxr_geometry_dump(mdev, &layer->geo);
/* returning results */
-@@ -473,7 +473,7 @@ static int mxr_s_selection(struct file *file, void *fh,
+@@ -472,7 +472,7 @@ static int mxr_s_selection(struct file *file, void *fh,
target->width = s->r.width;
target->height = s->r.height;
/* retrieve update selection rectangle */
res.left = target->x_offset;
-@@ -928,13 +928,13 @@ static int start_streaming(struct vb2_queue *vq, unsigned int count)
+@@ -937,13 +937,13 @@ static int start_streaming(struct vb2_queue *vq, unsigned int count)
mxr_output_get(mdev);
mxr_layer_update_output(layer);
mxr_streamer_get(mdev);
return 0;
-@@ -1004,7 +1004,7 @@ static int stop_streaming(struct vb2_queue *vq)
+@@ -1013,7 +1013,7 @@ static int stop_streaming(struct vb2_queue *vq)
spin_unlock_irqrestore(&layer->enq_slock, flags);
/* disabling layer in hardware */
/* remove one streamer */
mxr_streamer_put(mdev);
/* allow changes in output configuration */
-@@ -1043,8 +1043,8 @@ void mxr_base_layer_unregister(struct mxr_layer *layer)
+@@ -1052,8 +1052,8 @@ void mxr_base_layer_unregister(struct mxr_layer *layer)
void mxr_layer_release(struct mxr_layer *layer)
{
}
void mxr_base_layer_release(struct mxr_layer *layer)
-@@ -1070,7 +1070,7 @@ struct mxr_layer *mxr_base_layer_create(struct mxr_device *mdev,
+@@ -1079,7 +1079,7 @@ struct mxr_layer *mxr_base_layer_create(struct mxr_device *mdev,
layer->mdev = mdev;
layer->idx = idx;
.release = mxr_vp_layer_release,
.buffer_set = mxr_vp_buffer_set,
.stream_set = mxr_vp_stream_set,
-diff --git a/drivers/media/platform/timblogiw.c b/drivers/media/platform/timblogiw.c
-index 02194c0..36d69c1 100644
---- a/drivers/media/platform/timblogiw.c
-+++ b/drivers/media/platform/timblogiw.c
-@@ -745,7 +745,7 @@ static int timblogiw_mmap(struct file *file, struct vm_area_struct *vma)
-
- /* Platform device functions */
-
--static __devinitconst struct v4l2_ioctl_ops timblogiw_ioctl_ops = {
-+static struct v4l2_ioctl_ops timblogiw_ioctl_ops = {
- .vidioc_querycap = timblogiw_querycap,
- .vidioc_enum_fmt_vid_cap = timblogiw_enum_fmt,
- .vidioc_g_fmt_vid_cap = timblogiw_g_fmt,
-@@ -767,7 +767,7 @@ static __devinitconst struct v4l2_ioctl_ops timblogiw_ioctl_ops = {
- .vidioc_enum_framesizes = timblogiw_enum_framesizes,
- };
-
--static __devinitconst struct v4l2_file_operations timblogiw_fops = {
-+static struct v4l2_file_operations timblogiw_fops = {
- .owner = THIS_MODULE,
- .open = timblogiw_open,
- .release = timblogiw_close,
diff --git a/drivers/media/radio/radio-cadet.c b/drivers/media/radio/radio-cadet.c
-index 697a421..16c5a5f 100644
+index 643d80a..56bb96b 100644
--- a/drivers/media/radio/radio-cadet.c
+++ b/drivers/media/radio/radio-cadet.c
@@ -302,6 +302,8 @@ static ssize_t cadet_read(struct file *file, char __user *data, size_t count, lo
/* debug */
static int dvb_usb_dw2102_debug;
+diff --git a/drivers/media/v4l2-core/v4l2-ioctl.c b/drivers/media/v4l2-core/v4l2-ioctl.c
+index aa6e7c7..4cd8061 100644
+--- a/drivers/media/v4l2-core/v4l2-ioctl.c
++++ b/drivers/media/v4l2-core/v4l2-ioctl.c
+@@ -1923,7 +1923,8 @@ struct v4l2_ioctl_info {
+ struct file *file, void *fh, void *p);
+ } u;
+ void (*debug)(const void *arg, bool write_only);
+-};
++} __do_const;
++typedef struct v4l2_ioctl_info __no_const v4l2_ioctl_info_no_const;
+
+ /* This control needs a priority check */
+ #define INFO_FL_PRIO (1 << 0)
+@@ -2108,7 +2109,7 @@ static long __video_do_ioctl(struct file *file,
+ struct video_device *vfd = video_devdata(file);
+ const struct v4l2_ioctl_ops *ops = vfd->ioctl_ops;
+ bool write_only = false;
+- struct v4l2_ioctl_info default_info;
++ v4l2_ioctl_info_no_const default_info;
+ const struct v4l2_ioctl_info *info;
+ void *fh = file->private_data;
+ struct v4l2_fh *vfh = NULL;
+diff --git a/drivers/memstick/host/r592.c b/drivers/memstick/host/r592.c
+index 29b2172..a7c5b31 100644
+--- a/drivers/memstick/host/r592.c
++++ b/drivers/memstick/host/r592.c
+@@ -454,7 +454,7 @@ static int r592_transfer_fifo_pio(struct r592_device *dev)
+ /* Executes one TPC (data is read/written from small or large fifo) */
+ static void r592_execute_tpc(struct r592_device *dev)
+ {
+- bool is_write = dev->req->tpc >= MS_TPC_SET_RW_REG_ADRS;
++ bool is_write;
+ int len, error;
+ u32 status, reg;
+
+@@ -463,6 +463,7 @@ static void r592_execute_tpc(struct r592_device *dev)
+ return;
+ }
+
++ is_write = dev->req->tpc >= MS_TPC_SET_RW_REG_ADRS;
+ len = dev->req->long_data ?
+ dev->req->sg.length : dev->req->data_len;
+
diff --git a/drivers/message/fusion/mptbase.c b/drivers/message/fusion/mptbase.c
index fb69baa..cf7ad22 100644
--- a/drivers/message/fusion/mptbase.c
* Rounding UP to nearest 4-kB boundary here...
*/
diff --git a/drivers/message/fusion/mptsas.c b/drivers/message/fusion/mptsas.c
-index 551262e..7551198 100644
+index fa43c39..daeb158 100644
--- a/drivers/message/fusion/mptsas.c
+++ b/drivers/message/fusion/mptsas.c
@@ -446,6 +446,23 @@ mptsas_is_end_device(struct mptsas_devinfo * attached)
mptsas_get_port(struct mptsas_phyinfo *phy_info)
{
diff --git a/drivers/message/fusion/mptscsih.c b/drivers/message/fusion/mptscsih.c
-index 0c3ced7..1fe34ec 100644
+index 164afa7..b6b2e74 100644
--- a/drivers/message/fusion/mptscsih.c
+++ b/drivers/message/fusion/mptscsih.c
-@@ -1270,15 +1270,16 @@ mptscsih_info(struct Scsi_Host *SChost)
+@@ -1271,15 +1271,16 @@ mptscsih_info(struct Scsi_Host *SChost)
h = shost_priv(SChost);
#endif
diff --git a/drivers/mfd/janz-cmodio.c b/drivers/mfd/janz-cmodio.c
-index 965c480..71f2db9 100644
+index 45ece11..8efa218 100644
--- a/drivers/mfd/janz-cmodio.c
+++ b/drivers/mfd/janz-cmodio.c
@@ -13,6 +13,7 @@
#include <linux/init.h>
#include <linux/pci.h>
#include <linux/interrupt.h>
+diff --git a/drivers/mfd/twl4030-irq.c b/drivers/mfd/twl4030-irq.c
+index a5f9888..1c0ed56 100644
+--- a/drivers/mfd/twl4030-irq.c
++++ b/drivers/mfd/twl4030-irq.c
+@@ -35,6 +35,7 @@
+ #include <linux/of.h>
+ #include <linux/irqdomain.h>
+ #include <linux/i2c/twl.h>
++#include <asm/pgtable.h>
+
+ #include "twl-core.h"
+
+@@ -728,10 +729,12 @@ int twl4030_init_irq(struct device *dev, int irq_num)
+ * Install an irq handler for each of the SIH modules;
+ * clone dummy irq_chip since PIH can't *do* anything
+ */
+- twl4030_irq_chip = dummy_irq_chip;
+- twl4030_irq_chip.name = "twl4030";
++ pax_open_kernel();
++ memcpy((void *)&twl4030_irq_chip, &dummy_irq_chip, sizeof twl4030_irq_chip);
++ *(const char **)&twl4030_irq_chip.name = "twl4030";
+
+- twl4030_sih_irq_chip.irq_ack = dummy_irq_chip.irq_ack;
++ *(void **)&twl4030_sih_irq_chip.irq_ack = dummy_irq_chip.irq_ack;
++ pax_close_kernel();
+
+ for (i = irq_base; i < irq_end; i++) {
+ irq_set_chip_and_handler(i, &twl4030_irq_chip,
+diff --git a/drivers/mfd/twl6030-irq.c b/drivers/mfd/twl6030-irq.c
+index 277a8db..0e0b754 100644
+--- a/drivers/mfd/twl6030-irq.c
++++ b/drivers/mfd/twl6030-irq.c
+@@ -387,10 +387,12 @@ int twl6030_init_irq(struct device *dev, int irq_num)
+ * install an irq handler for each of the modules;
+ * clone dummy irq_chip since PIH can't *do* anything
+ */
+- twl6030_irq_chip = dummy_irq_chip;
+- twl6030_irq_chip.name = "twl6030";
+- twl6030_irq_chip.irq_set_type = NULL;
+- twl6030_irq_chip.irq_set_wake = twl6030_irq_set_wake;
++ pax_open_kernel();
++ memcpy((void *)&twl6030_irq_chip, &dummy_irq_chip, sizeof twl6030_irq_chip);
++ *(const char **)&twl6030_irq_chip.name = "twl6030";
++ *(void **)&twl6030_irq_chip.irq_set_type = NULL;
++ *(void **)&twl6030_irq_chip.irq_set_wake = twl6030_irq_set_wake;
++ pax_close_kernel();
+
+ for (i = irq_base; i < irq_end; i++) {
+ irq_set_chip_and_handler(i, &twl6030_irq_chip,
+diff --git a/drivers/misc/c2port/core.c b/drivers/misc/c2port/core.c
+index f428d86..274c368 100644
+--- a/drivers/misc/c2port/core.c
++++ b/drivers/misc/c2port/core.c
+@@ -924,7 +924,9 @@ struct c2port_device *c2port_device_register(char *name,
+ mutex_init(&c2dev->mutex);
+
+ /* Create binary file */
+- c2port_bin_attrs.size = ops->blocks_num * ops->block_size;
++ pax_open_kernel();
++ *(size_t *)&c2port_bin_attrs.size = ops->blocks_num * ops->block_size;
++ pax_close_kernel();
+ ret = device_create_bin_file(c2dev->dev, &c2port_bin_attrs);
+ if (unlikely(ret))
+ goto error_device_create_bin_file;
diff --git a/drivers/misc/kgdbts.c b/drivers/misc/kgdbts.c
index 3aa9a96..59cf685 100644
--- a/drivers/misc/kgdbts.c
break;
diff --git a/drivers/mmc/core/mmc_ops.c b/drivers/mmc/core/mmc_ops.c
-index a0e1720..ee63d0b 100644
+index 6d8f701..35b6369 100644
--- a/drivers/mmc/core/mmc_ops.c
+++ b/drivers/mmc/core/mmc_ops.c
-@@ -245,7 +245,7 @@ mmc_send_cxd_data(struct mmc_card *card, struct mmc_host *host,
+@@ -247,7 +247,7 @@ mmc_send_cxd_data(struct mmc_card *card, struct mmc_host *host,
void *data_buf;
int is_on_stack;
+} __do_const;
#endif /* _DW_MMC_H_ */
diff --git a/drivers/mmc/host/sdhci-s3c.c b/drivers/mmc/host/sdhci-s3c.c
-index c9ec725..178e79a 100644
+index 82a8de1..3c56ccb 100644
--- a/drivers/mmc/host/sdhci-s3c.c
+++ b/drivers/mmc/host/sdhci-s3c.c
-@@ -719,9 +719,11 @@ static int __devinit sdhci_s3c_probe(struct platform_device *pdev)
+@@ -721,9 +721,11 @@ static int sdhci_s3c_probe(struct platform_device *pdev)
* we can use overriding functions instead of default.
*/
if (host->quirks & SDHCI_QUIRK_NONSTANDARD_CLOCK) {
"ECC needs a full sector write (adr: %lx size %lx)\n",
(long) to, (long) len);
diff --git a/drivers/mtd/nand/denali.c b/drivers/mtd/nand/denali.c
-index e706a23..b3d262f 100644
+index 0c8bb6b..6f35deb 100644
--- a/drivers/mtd/nand/denali.c
+++ b/drivers/mtd/nand/denali.c
-@@ -26,6 +26,7 @@
- #include <linux/pci.h>
+@@ -24,6 +24,7 @@
+ #include <linux/slab.h>
#include <linux/mtd/mtd.h>
#include <linux/module.h>
+#include <linux/slab.h>
#include <linux/mtd/mtd.h>
#include <linux/mtd/nand.h>
#include <linux/mtd/nftl.h>
+diff --git a/drivers/mtd/sm_ftl.c b/drivers/mtd/sm_ftl.c
+index 8dd6ba5..419cc1d 100644
+--- a/drivers/mtd/sm_ftl.c
++++ b/drivers/mtd/sm_ftl.c
+@@ -56,7 +56,7 @@ ssize_t sm_attr_show(struct device *dev, struct device_attribute *attr,
+ #define SM_CIS_VENDOR_OFFSET 0x59
+ struct attribute_group *sm_create_sysfs_attributes(struct sm_ftl *ftl)
+ {
+- struct attribute_group *attr_group;
++ attribute_group_no_const *attr_group;
+ struct attribute **attributes;
+ struct sm_sysfs_attribute *vendor_attribute;
+
+diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
+index b7d45f3..b5c89d9 100644
+--- a/drivers/net/bonding/bond_main.c
++++ b/drivers/net/bonding/bond_main.c
+@@ -4861,7 +4861,7 @@ static unsigned int bond_get_num_tx_queues(void)
+ return tx_queues;
+ }
+
+-static struct rtnl_link_ops bond_link_ops __read_mostly = {
++static struct rtnl_link_ops bond_link_ops = {
+ .kind = "bond",
+ .priv_size = sizeof(struct bonding),
+ .setup = bond_setup,
diff --git a/drivers/net/ethernet/8390/ax88796.c b/drivers/net/ethernet/8390/ax88796.c
-index 203ff9d..0968ca8 100644
+index 70dba5d..11a0919 100644
--- a/drivers/net/ethernet/8390/ax88796.c
+++ b/drivers/net/ethernet/8390/ax88796.c
@@ -872,9 +872,11 @@ static int ax_probe(struct platform_device *pdev)
if (!request_mem_region(mem->start, mem_size, pdev->name)) {
diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h
-index 9c5ea6c..eaad276 100644
+index 0991534..8098e92 100644
--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h
+++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h
-@@ -1046,7 +1046,7 @@ static inline u8 bnx2x_get_path_func_num(struct bnx2x *bp)
+@@ -1094,7 +1094,7 @@ static inline u8 bnx2x_get_path_func_num(struct bnx2x *bp)
static inline void bnx2x_init_bp_objs(struct bnx2x *bp)
{
/* RX_MODE controlling object */
/* multicast configuration controlling object */
bnx2x_init_mcast_obj(bp, &bp->mcast_obj, bp->fp->cl_id, bp->fp->cid,
diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c
-index 614981c..11216c7 100644
+index 09b625e..15b16fe 100644
--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c
+++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c
@@ -2375,15 +2375,14 @@ int bnx2x_config_rx_mode(struct bnx2x *bp,
}
diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h
-index acf2fe4..efb96df 100644
+index adbd91b..58ec94a 100644
--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h
+++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h
-@@ -1281,8 +1281,7 @@ int bnx2x_vlan_mac_move(struct bnx2x *bp,
+@@ -1293,8 +1293,7 @@ int bnx2x_vlan_mac_move(struct bnx2x *bp,
/********************* RX MODE ****************/
/**
* bnx2x_config_rx_mode - Send and RX_MODE ramrod according to the provided parameters.
diff --git a/drivers/net/ethernet/broadcom/tg3.h b/drivers/net/ethernet/broadcom/tg3.h
-index d9308c32..d87b824 100644
+index d330e81..ce1fb9a 100644
--- a/drivers/net/ethernet/broadcom/tg3.h
+++ b/drivers/net/ethernet/broadcom/tg3.h
-@@ -140,6 +140,7 @@
+@@ -146,6 +146,7 @@
#define CHIPREV_ID_5750_A0 0x4000
#define CHIPREV_ID_5750_A1 0x4001
#define CHIPREV_ID_5750_A3 0x4003
#define L2T_SKB_CB(skb) ((struct l2t_skb_cb *)(skb)->cb)
diff --git a/drivers/net/ethernet/dec/tulip/de4x5.c b/drivers/net/ethernet/dec/tulip/de4x5.c
-index f879e92..726f20f 100644
+index 4c83003..2a2a5b9 100644
--- a/drivers/net/ethernet/dec/tulip/de4x5.c
+++ b/drivers/net/ethernet/dec/tulip/de4x5.c
@@ -5388,7 +5388,7 @@ de4x5_ioctl(struct net_device *dev, struct ifreq *rq, int cmd)
break;
}
diff --git a/drivers/net/ethernet/emulex/benet/be_main.c b/drivers/net/ethernet/emulex/benet/be_main.c
-index d1b6cc5..cde0d97 100644
+index 4d6f3c5..6169e60 100644
--- a/drivers/net/ethernet/emulex/benet/be_main.c
+++ b/drivers/net/ethernet/emulex/benet/be_main.c
-@@ -403,7 +403,7 @@ static void accumulate_16bit_val(u32 *acc, u16 val)
+@@ -455,7 +455,7 @@ static void accumulate_16bit_val(u32 *acc, u16 val)
if (wrapped)
newacc += 65536;
#include "ftmac100.h"
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c
-index d929131..aed108f 100644
+index bb9256a..56d8752 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c
-@@ -865,7 +865,7 @@ void ixgbe_ptp_start_cyclecounter(struct ixgbe_adapter *adapter)
- /* store the new cycle speed */
- adapter->cycle_speed = cycle_speed;
+@@ -806,7 +806,7 @@ void ixgbe_ptp_start_cyclecounter(struct ixgbe_adapter *adapter)
+ }
+ /* update the base incval used to calculate frequency adjustment */
- ACCESS_ONCE(adapter->base_incval) = incval;
+ ACCESS_ONCE_RW(adapter->base_incval) = incval;
smp_mb();
- /* grab the ptp lock */
+ /* need lock to prevent incorrect read while modifying cyclecounter */
diff --git a/drivers/net/ethernet/neterion/vxge/vxge-config.c b/drivers/net/ethernet/neterion/vxge/vxge-config.c
-index c2e420a..26a75e0 100644
+index fbe5363..266b4e3 100644
--- a/drivers/net/ethernet/neterion/vxge/vxge-config.c
+++ b/drivers/net/ethernet/neterion/vxge/vxge-config.c
@@ -3461,7 +3461,10 @@ __vxge_hw_fifo_create(struct __vxge_hw_vpath_handle *vp,
__vxge_hw_mempool_create(vpath->hldev,
fifo->config->memblock_size,
diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c
-index 927aa33..a6c2518 100644
+index 998974f..ecd26db 100644
--- a/drivers/net/ethernet/realtek/r8169.c
+++ b/drivers/net/ethernet/realtek/r8169.c
-@@ -747,22 +747,22 @@ struct rtl8169_private {
+@@ -741,22 +741,22 @@ struct rtl8169_private {
struct mdio_ops {
void (*write)(struct rtl8169_private *, int, int);
int (*read)(struct rtl8169_private *, int);
/* To mask all all interrupts.*/
diff --git a/drivers/net/hyperv/hyperv_net.h b/drivers/net/hyperv/hyperv_net.h
-index 5fd6f46..ee1f265 100644
+index e6fe0d8..2b7d752 100644
--- a/drivers/net/hyperv/hyperv_net.h
+++ b/drivers/net/hyperv/hyperv_net.h
@@ -101,7 +101,7 @@ struct rndis_device {
spinlock_t request_lock;
struct list_head req_list;
diff --git a/drivers/net/hyperv/rndis_filter.c b/drivers/net/hyperv/rndis_filter.c
-index 928148c..d83298e 100644
+index 2b657d4..9903bc0 100644
--- a/drivers/net/hyperv/rndis_filter.c
+++ b/drivers/net/hyperv/rndis_filter.c
@@ -107,7 +107,7 @@ static struct rndis_request *get_rndis_request(struct rndis_device *dev,
/* Add to the request list */
spin_lock_irqsave(&dev->request_lock, flags);
-@@ -760,7 +760,7 @@ static void rndis_filter_halt_device(struct rndis_device *dev)
+@@ -758,7 +758,7 @@ static void rndis_filter_halt_device(struct rndis_device *dev)
/* Setup the rndis set */
halt = &request->request_msg.msg.halt_req;
/* Ignore return since this msg is optional. */
rndis_filter_send_request(dev, request);
diff --git a/drivers/net/ieee802154/fakehard.c b/drivers/net/ieee802154/fakehard.c
-index 7d39add..037e1da 100644
+index 1e9cb0b..7839125 100644
--- a/drivers/net/ieee802154/fakehard.c
+++ b/drivers/net/ieee802154/fakehard.c
-@@ -386,7 +386,7 @@ static int __devinit ieee802154fake_probe(struct platform_device *pdev)
+@@ -386,7 +386,7 @@ static int ieee802154fake_probe(struct platform_device *pdev)
phy->transmit_power = 0xbf;
dev->netdev_ops = &fake_ops;
priv = netdev_priv(dev);
priv->phy = phy;
+diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c
+index d3fb97d..19520c7 100644
+--- a/drivers/net/macvlan.c
++++ b/drivers/net/macvlan.c
+@@ -851,13 +851,15 @@ static const struct nla_policy macvlan_policy[IFLA_MACVLAN_MAX + 1] = {
+ int macvlan_link_register(struct rtnl_link_ops *ops)
+ {
+ /* common fields */
+- ops->priv_size = sizeof(struct macvlan_dev);
+- ops->validate = macvlan_validate;
+- ops->maxtype = IFLA_MACVLAN_MAX;
+- ops->policy = macvlan_policy;
+- ops->changelink = macvlan_changelink;
+- ops->get_size = macvlan_get_size;
+- ops->fill_info = macvlan_fill_info;
++ pax_open_kernel();
++ *(size_t *)&ops->priv_size = sizeof(struct macvlan_dev);
++ *(void **)&ops->validate = macvlan_validate;
++ *(int *)&ops->maxtype = IFLA_MACVLAN_MAX;
++ *(const void **)&ops->policy = macvlan_policy;
++ *(void **)&ops->changelink = macvlan_changelink;
++ *(void **)&ops->get_size = macvlan_get_size;
++ *(void **)&ops->fill_info = macvlan_fill_info;
++ pax_close_kernel();
+
+ return rtnl_link_register(ops);
+ };
+@@ -913,7 +915,7 @@ static int macvlan_device_event(struct notifier_block *unused,
+ return NOTIFY_DONE;
+ }
+
+-static struct notifier_block macvlan_notifier_block __read_mostly = {
++static struct notifier_block macvlan_notifier_block = {
+ .notifier_call = macvlan_device_event,
+ };
+
diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c
index 0f0f9ce..0ca5819 100644
--- a/drivers/net/macvtap.c
}
EXPORT_SYMBOL(free_mdio_bitbang);
diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c
-index eb3f5ce..d773730 100644
+index 508570e..f706dc7 100644
--- a/drivers/net/ppp/ppp_generic.c
+++ b/drivers/net/ppp/ppp_generic.c
@@ -999,7 +999,6 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
};
diff --git a/drivers/net/tun.c b/drivers/net/tun.c
-index 0873cdc..ddb178e 100644
+index 2917a86..edd463f 100644
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
-@@ -1374,7 +1374,7 @@ static int set_offload(struct tun_struct *tun, unsigned long arg)
+@@ -1836,7 +1836,7 @@ unlock:
}
static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
{
struct tun_file *tfile = file->private_data;
struct tun_struct *tun;
-@@ -1387,6 +1387,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
+@@ -1848,6 +1848,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
int vnet_hdr_sz;
int ret;
+ if (ifreq_len > sizeof ifr)
+ return -EFAULT;
+
- if (cmd == TUNSETIFF || _IOC_TYPE(cmd) == 0x89) {
+ if (cmd == TUNSETIFF || cmd == TUNSETQUEUE || _IOC_TYPE(cmd) == 0x89) {
if (copy_from_user(&ifr, argp, ifreq_len))
return -EFAULT;
diff --git a/drivers/net/usb/hso.c b/drivers/net/usb/hso.c
-index 605a4ba..a883dd1 100644
+index cd8ccb2..cff5144 100644
--- a/drivers/net/usb/hso.c
+++ b/drivers/net/usb/hso.c
@@ -71,7 +71,7 @@
/* Setup and send a ctrl req read on
* port i */
if (!serial->rx_urb_filled[0]) {
-@@ -3078,7 +3077,7 @@ static int hso_resume(struct usb_interface *iface)
+@@ -3079,7 +3078,7 @@ static int hso_resume(struct usb_interface *iface)
/* Start all serial ports */
for (i = 0; i < HSO_SERIAL_TTY_MINORS; i++) {
if (serial_table[i] && (serial_table[i]->interface == iface)) {
result =
hso_start_serial_device(serial_table[i], GFP_NOIO);
hso_kick_transmit(dev2ser(serial_table[i]));
-diff --git a/drivers/net/usb/usbnet.c b/drivers/net/usb/usbnet.c
-index edb81ed..ab8931c 100644
---- a/drivers/net/usb/usbnet.c
-+++ b/drivers/net/usb/usbnet.c
-@@ -380,6 +380,12 @@ static int rx_submit (struct usbnet *dev, struct urb *urb, gfp_t flags)
- unsigned long lockflags;
- size_t size = dev->rx_urb_size;
-
-+ /* prevent rx skb allocation when error ratio is high */
-+ if (test_bit(EVENT_RX_KILL, &dev->flags)) {
-+ usb_free_urb(urb);
-+ return -ENOLINK;
-+ }
-+
- skb = __netdev_alloc_skb_ip_align(dev->net, size, flags);
- if (!skb) {
- netif_dbg(dev, rx_err, dev->net, "no rx skb\n");
-@@ -539,6 +545,17 @@ block:
- break;
- }
-
-+ /* stop rx if packet error rate is high */
-+ if (++dev->pkt_cnt > 30) {
-+ dev->pkt_cnt = 0;
-+ dev->pkt_err = 0;
-+ } else {
-+ if (state == rx_cleanup)
-+ dev->pkt_err++;
-+ if (dev->pkt_err > 20)
-+ set_bit(EVENT_RX_KILL, &dev->flags);
-+ }
-+
- state = defer_bh(dev, skb, &dev->rxq, state);
-
- if (urb) {
-@@ -790,6 +807,11 @@ int usbnet_open (struct net_device *net)
- (dev->driver_info->flags & FLAG_FRAMING_AX) ? "ASIX" :
- "simple");
-
-+ /* reset rx error state */
-+ dev->pkt_cnt = 0;
-+ dev->pkt_err = 0;
-+ clear_bit(EVENT_RX_KILL, &dev->flags);
-+
- // delay posting reads until we're fully open
- tasklet_schedule (&dev->bh);
- if (info->manage_power) {
-@@ -1253,6 +1275,9 @@ static void usbnet_bh (unsigned long param)
- }
- }
-
-+ /* restart RX again after disabling due to high error rate */
-+ clear_bit(EVENT_RX_KILL, &dev->flags);
-+
- // waiting for all pending urbs to complete?
- if (dev->wait) {
- if ((dev->txq.qlen + dev->rxq.qlen + dev->done.qlen) == 0) {
+diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
+index 656230e..15525a8 100644
+--- a/drivers/net/vxlan.c
++++ b/drivers/net/vxlan.c
+@@ -1428,7 +1428,7 @@ nla_put_failure:
+ return -EMSGSIZE;
+ }
+
+-static struct rtnl_link_ops vxlan_link_ops __read_mostly = {
++static struct rtnl_link_ops vxlan_link_ops = {
+ .kind = "vxlan",
+ .maxtype = IFLA_VXLAN_MAX,
+ .policy = vxlan_policy,
diff --git a/drivers/net/wireless/ath/ath9k/ar9002_mac.c b/drivers/net/wireless/ath/ath9k/ar9002_mac.c
index 8d78253..bebbb68 100644
--- a/drivers/net/wireless/ath/ath9k/ar9002_mac.c
static u16 ar9003_calc_ptr_chksum(struct ar9003_txc *ads)
diff --git a/drivers/net/wireless/ath/ath9k/hw.h b/drivers/net/wireless/ath/ath9k/hw.h
-index dbc1b7a..67e2ca2 100644
+index 9d26fc5..60d9f14 100644
--- a/drivers/net/wireless/ath/ath9k/hw.h
+++ b/drivers/net/wireless/ath/ath9k/hw.h
-@@ -657,7 +657,7 @@ struct ath_hw_private_ops {
+@@ -658,7 +658,7 @@ struct ath_hw_private_ops {
/* ANI */
void (*ani_cache_ini_regs)(struct ath_hw *ah);
/**
* struct ath_hw_ops - callbacks used by hardware code and driver code
-@@ -687,7 +687,7 @@ struct ath_hw_ops {
+@@ -688,7 +688,7 @@ struct ath_hw_ops {
void (*antdiv_comb_conf_set)(struct ath_hw *ah,
struct ath_hw_antcomb_conf *antconf);
void (*antctrl_shared_chain_lnadiv)(struct ath_hw *hw, bool enable);
struct ath_nf_limits {
s16 max;
-diff --git a/drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.h b/drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.h
-index 71ced17..cd82b12 100644
---- a/drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.h
-+++ b/drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.h
-@@ -184,7 +184,7 @@ struct brcmf_cfg80211_event_loop {
- struct net_device *ndev,
- const struct brcmf_event_msg *e,
- void *data);
--};
-+} __no_const;
-
- /* basic structure of scan request */
- struct brcmf_cfg80211_scan_req {
-@@ -239,7 +239,7 @@ struct brcmf_cfg80211_profile {
- struct brcmf_cfg80211_iscan_eloop {
- s32 (*handler[WL_SCAN_ERSULTS_LAST])
- (struct brcmf_cfg80211_info *cfg);
--};
-+} __no_const;
-
- /* dongle iscan controller */
- struct brcmf_cfg80211_iscan_ctrl {
diff --git a/drivers/net/wireless/iwlegacy/3945-mac.c b/drivers/net/wireless/iwlegacy/3945-mac.c
-index e252acb..6ad1e65 100644
+index 3726cd6..b655808 100644
--- a/drivers/net/wireless/iwlegacy/3945-mac.c
+++ b/drivers/net/wireless/iwlegacy/3945-mac.c
@@ -3615,7 +3615,9 @@ il3945_pci_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
D_INFO("*** LOAD DRIVER ***\n");
diff --git a/drivers/net/wireless/iwlwifi/dvm/debugfs.c b/drivers/net/wireless/iwlwifi/dvm/debugfs.c
-index 1a98fa3..51e6661 100644
+index 5b9533e..7733880 100644
--- a/drivers/net/wireless/iwlwifi/dvm/debugfs.c
+++ b/drivers/net/wireless/iwlwifi/dvm/debugfs.c
@@ -203,7 +203,7 @@ static ssize_t iwl_dbgfs_sram_write(struct file *file,
memset(buf, 0, sizeof(buf));
buf_size = min(count, sizeof(buf) - 1);
diff --git a/drivers/net/wireless/iwlwifi/pcie/trans.c b/drivers/net/wireless/iwlwifi/pcie/trans.c
-index fe0fffd..b4c5724 100644
+index 35708b9..31f7754 100644
--- a/drivers/net/wireless/iwlwifi/pcie/trans.c
+++ b/drivers/net/wireless/iwlwifi/pcie/trans.c
-@@ -1967,7 +1967,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file,
+@@ -1100,7 +1100,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file,
struct isr_statistics *isr_stats = &trans_pcie->isr_stats;
char buf[8];
u32 reset_flag;
memset(buf, 0, sizeof(buf));
-@@ -1988,7 +1988,7 @@ static ssize_t iwl_dbgfs_csr_write(struct file *file,
+@@ -1121,7 +1121,7 @@ static ssize_t iwl_dbgfs_csr_write(struct file *file,
{
struct iwl_trans *trans = file->private_data;
char buf[8];
memset(buf, 0, sizeof(buf));
diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c
-index 429ca32..f86236b 100644
+index ff90855..e46d223 100644
--- a/drivers/net/wireless/mac80211_hwsim.c
+++ b/drivers/net/wireless/mac80211_hwsim.c
-@@ -1751,9 +1751,11 @@ static int __init init_mac80211_hwsim(void)
- return -EINVAL;
+@@ -2062,25 +2062,19 @@ static int __init init_mac80211_hwsim(void)
- if (fake_hw_scan) {
+ if (channels > 1) {
+ hwsim_if_comb.num_different_channels = channels;
- mac80211_hwsim_ops.hw_scan = mac80211_hwsim_hw_scan;
+- mac80211_hwsim_ops.cancel_hw_scan =
+- mac80211_hwsim_cancel_hw_scan;
- mac80211_hwsim_ops.sw_scan_start = NULL;
- mac80211_hwsim_ops.sw_scan_complete = NULL;
+- mac80211_hwsim_ops.remain_on_channel =
+- mac80211_hwsim_roc;
+- mac80211_hwsim_ops.cancel_remain_on_channel =
+- mac80211_hwsim_croc;
+- mac80211_hwsim_ops.add_chanctx =
+- mac80211_hwsim_add_chanctx;
+- mac80211_hwsim_ops.remove_chanctx =
+- mac80211_hwsim_remove_chanctx;
+- mac80211_hwsim_ops.change_chanctx =
+- mac80211_hwsim_change_chanctx;
+- mac80211_hwsim_ops.assign_vif_chanctx =
+- mac80211_hwsim_assign_vif_chanctx;
+- mac80211_hwsim_ops.unassign_vif_chanctx =
+- mac80211_hwsim_unassign_vif_chanctx;
+ pax_open_kernel();
+ *(void **)&mac80211_hwsim_ops.hw_scan = mac80211_hwsim_hw_scan;
++ *(void **)&mac80211_hwsim_ops.cancel_hw_scan = mac80211_hwsim_cancel_hw_scan;
+ *(void **)&mac80211_hwsim_ops.sw_scan_start = NULL;
+ *(void **)&mac80211_hwsim_ops.sw_scan_complete = NULL;
++ *(void **)&mac80211_hwsim_ops.remain_on_channel = mac80211_hwsim_roc;
++ *(void **)&mac80211_hwsim_ops.cancel_remain_on_channel = mac80211_hwsim_croc;
++ *(void **)&mac80211_hwsim_ops.add_chanctx = mac80211_hwsim_add_chanctx;
++ *(void **)&mac80211_hwsim_ops.remove_chanctx = mac80211_hwsim_remove_chanctx;
++ *(void **)&mac80211_hwsim_ops.change_chanctx = mac80211_hwsim_change_chanctx;
++ *(void **)&mac80211_hwsim_ops.assign_vif_chanctx = mac80211_hwsim_assign_vif_chanctx;
++ *(void **)&mac80211_hwsim_ops.unassign_vif_chanctx = mac80211_hwsim_unassign_vif_chanctx;
+ pax_close_kernel();
}
spin_lock_init(&hwsim_radio_lock);
diff --git a/drivers/net/wireless/rndis_wlan.c b/drivers/net/wireless/rndis_wlan.c
-index bd1f0cb..db85ab0 100644
+index abe1d03..fb02c22 100644
--- a/drivers/net/wireless/rndis_wlan.c
+++ b/drivers/net/wireless/rndis_wlan.c
-@@ -1235,7 +1235,7 @@ static int set_rts_threshold(struct usbnet *usbdev, u32 rts_threshold)
+@@ -1238,7 +1238,7 @@ static int set_rts_threshold(struct usbnet *usbdev, u32 rts_threshold)
netdev_dbg(usbdev->net, "%s(): %i\n", __func__, rts_threshold);
hdr->seq_ctrl &= cpu_to_le16(IEEE80211_SCTL_FRAG);
hdr->seq_ctrl |= cpu_to_le16(seqno);
diff --git a/drivers/net/wireless/ti/wl1251/sdio.c b/drivers/net/wireless/ti/wl1251/sdio.c
-index e2750a1..797e179 100644
+index e57ee48..541cf6c 100644
--- a/drivers/net/wireless/ti/wl1251/sdio.c
+++ b/drivers/net/wireless/ti/wl1251/sdio.c
@@ -269,13 +269,17 @@ static int wl1251_sdio_probe(struct sdio_func *func,
wl1251_info("using SDIO interrupt");
}
diff --git a/drivers/net/wireless/ti/wl12xx/main.c b/drivers/net/wireless/ti/wl12xx/main.c
-index dadf1db..d9db7a7 100644
+index e5f5f8f..fdf15b7 100644
--- a/drivers/net/wireless/ti/wl12xx/main.c
+++ b/drivers/net/wireless/ti/wl12xx/main.c
@@ -644,7 +644,9 @@ static int wl12xx_identify_chip(struct wl1271 *wl)
wlcore_set_min_fw_ver(wl, WL127X_CHIP_VER, WL127X_IFTYPE_VER,
WL127X_MAJOR_VER, WL127X_SUBTYPE_VER,
diff --git a/drivers/net/wireless/ti/wl18xx/main.c b/drivers/net/wireless/ti/wl18xx/main.c
-index a39682a..1e8220c 100644
+index 8d8c1f8..e754844 100644
--- a/drivers/net/wireless/ti/wl18xx/main.c
+++ b/drivers/net/wireless/ti/wl18xx/main.c
@@ -1489,8 +1489,10 @@ static int wl18xx_setup(struct wl1271 *wl)
{
return __oprofilefs_create_file(sb, root, name,
&atomic_ro_fops, 0444, val);
+diff --git a/drivers/oprofile/timer_int.c b/drivers/oprofile/timer_int.c
+index 93404f7..4a313d8 100644
+--- a/drivers/oprofile/timer_int.c
++++ b/drivers/oprofile/timer_int.c
+@@ -93,7 +93,7 @@ static int __cpuinit oprofile_cpu_notify(struct notifier_block *self,
+ return NOTIFY_OK;
+ }
+
+-static struct notifier_block __refdata oprofile_cpu_notifier = {
++static struct notifier_block oprofile_cpu_notifier = {
+ .notifier_call = oprofile_cpu_notify,
+ };
+
diff --git a/drivers/parport/procfs.c b/drivers/parport/procfs.c
index 3f56bc0..707d642 100644
--- a/drivers/parport/procfs.c
}
#endif /* IEEE1284.3 support. */
+diff --git a/drivers/pci/hotplug/acpiphp_ibm.c b/drivers/pci/hotplug/acpiphp_ibm.c
+index c35e8ad..fc33beb 100644
+--- a/drivers/pci/hotplug/acpiphp_ibm.c
++++ b/drivers/pci/hotplug/acpiphp_ibm.c
+@@ -464,7 +464,9 @@ static int __init ibm_acpiphp_init(void)
+ goto init_cleanup;
+ }
+
+- ibm_apci_table_attr.size = ibm_get_table_from_acpi(NULL);
++ pax_open_kernel();
++ *(size_t *)&ibm_apci_table_attr.size = ibm_get_table_from_acpi(NULL);
++ pax_close_kernel();
+ retval = sysfs_create_bin_file(sysdir, &ibm_apci_table_attr);
+
+ return retval;
diff --git a/drivers/pci/hotplug/cpcihp_generic.c b/drivers/pci/hotplug/cpcihp_generic.c
index a6a71c4..c91097b 100644
--- a/drivers/pci/hotplug/cpcihp_generic.c
status = cpci_hp_register_controller(&generic_hpc);
diff --git a/drivers/pci/hotplug/cpcihp_zt5550.c b/drivers/pci/hotplug/cpcihp_zt5550.c
-index 6bf8d2a..9711ce0 100644
+index 449b4bb..257e2e8 100644
--- a/drivers/pci/hotplug/cpcihp_zt5550.c
+++ b/drivers/pci/hotplug/cpcihp_zt5550.c
@@ -59,7 +59,6 @@
dbg("int15 entry = %p\n", compaq_int15_entry_point);
/* initialize our int15 lock */
+diff --git a/drivers/pci/hotplug/pci_hotplug_core.c b/drivers/pci/hotplug/pci_hotplug_core.c
+index 202f4a9..8ee47d0 100644
+--- a/drivers/pci/hotplug/pci_hotplug_core.c
++++ b/drivers/pci/hotplug/pci_hotplug_core.c
+@@ -448,8 +448,10 @@ int __pci_hp_register(struct hotplug_slot *slot, struct pci_bus *bus,
+ return -EINVAL;
+ }
+
+- slot->ops->owner = owner;
+- slot->ops->mod_name = mod_name;
++ pax_open_kernel();
++ *(struct module **)&slot->ops->owner = owner;
++ *(const char **)&slot->ops->mod_name = mod_name;
++ pax_close_kernel();
+
+ mutex_lock(&pci_hp_mutex);
+ /*
+diff --git a/drivers/pci/hotplug/pciehp_core.c b/drivers/pci/hotplug/pciehp_core.c
+index 939bd1d..a1459c9 100644
+--- a/drivers/pci/hotplug/pciehp_core.c
++++ b/drivers/pci/hotplug/pciehp_core.c
+@@ -91,7 +91,7 @@ static int init_slot(struct controller *ctrl)
+ struct slot *slot = ctrl->slot;
+ struct hotplug_slot *hotplug = NULL;
+ struct hotplug_slot_info *info = NULL;
+- struct hotplug_slot_ops *ops = NULL;
++ hotplug_slot_ops_no_const *ops = NULL;
+ char name[SLOT_NAME_SIZE];
+ int retval = -ENOMEM;
+
+diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
+index 9c6e9bb..2916736 100644
+--- a/drivers/pci/pci-sysfs.c
++++ b/drivers/pci/pci-sysfs.c
+@@ -1071,7 +1071,7 @@ static int pci_create_attr(struct pci_dev *pdev, int num, int write_combine)
+ {
+ /* allocate attribute structure, piggyback attribute name */
+ int name_len = write_combine ? 13 : 10;
+- struct bin_attribute *res_attr;
++ bin_attribute_no_const *res_attr;
+ int retval;
+
+ res_attr = kzalloc(sizeof(*res_attr) + name_len, GFP_ATOMIC);
+@@ -1256,7 +1256,7 @@ static struct device_attribute reset_attr = __ATTR(reset, 0200, NULL, reset_stor
+ static int pci_create_capabilities_sysfs(struct pci_dev *dev)
+ {
+ int retval;
+- struct bin_attribute *attr;
++ bin_attribute_no_const *attr;
+
+ /* If the device has VPD, try to expose it in sysfs. */
+ if (dev->vpd) {
+@@ -1303,7 +1303,7 @@ int __must_check pci_create_sysfs_dev_files (struct pci_dev *pdev)
+ {
+ int retval;
+ int rom_size = 0;
+- struct bin_attribute *attr;
++ bin_attribute_no_const *attr;
+
+ if (!sysfs_initialized)
+ return -EACCES;
+diff --git a/drivers/pci/pci.h b/drivers/pci/pci.h
+index e851829..a1a7196 100644
+--- a/drivers/pci/pci.h
++++ b/drivers/pci/pci.h
+@@ -98,7 +98,7 @@ struct pci_vpd_ops {
+ struct pci_vpd {
+ unsigned int len;
+ const struct pci_vpd_ops *ops;
+- struct bin_attribute *attr; /* descriptor for sysfs VPD entry */
++ bin_attribute_no_const *attr; /* descriptor for sysfs VPD entry */
+ };
+
+ extern int pci_vpd_pci22_init(struct pci_dev *dev);
diff --git a/drivers/pci/pcie/aspm.c b/drivers/pci/pcie/aspm.c
-index 449f257..0731e96 100644
+index 8474b6a..ee81993 100644
--- a/drivers/pci/pcie/aspm.c
+++ b/drivers/pci/pcie/aspm.c
@@ -27,9 +27,9 @@
#define ASPM_STATE_ALL (ASPM_STATE_L0S | ASPM_STATE_L1)
diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c
-index ec909af..e7517f3 100644
+index 6186f03..1a78714 100644
--- a/drivers/pci/probe.c
+++ b/drivers/pci/probe.c
@@ -173,7 +173,7 @@ int __pci_read_base(struct pci_dev *dev, enum pci_bar_type type,
proc_create("devices", 0, proc_bus_pci_dir,
&proc_bus_pci_dev_operations);
proc_initialized = 1;
+diff --git a/drivers/platform/x86/msi-laptop.c b/drivers/platform/x86/msi-laptop.c
+index 2111dbb..79e434b 100644
+--- a/drivers/platform/x86/msi-laptop.c
++++ b/drivers/platform/x86/msi-laptop.c
+@@ -820,12 +820,14 @@ static int __init load_scm_model_init(struct platform_device *sdev)
+ int result;
+
+ /* allow userland write sysfs file */
+- dev_attr_bluetooth.store = store_bluetooth;
+- dev_attr_wlan.store = store_wlan;
+- dev_attr_threeg.store = store_threeg;
+- dev_attr_bluetooth.attr.mode |= S_IWUSR;
+- dev_attr_wlan.attr.mode |= S_IWUSR;
+- dev_attr_threeg.attr.mode |= S_IWUSR;
++ pax_open_kernel();
++ *(void **)&dev_attr_bluetooth.store = store_bluetooth;
++ *(void **)&dev_attr_wlan.store = store_wlan;
++ *(void **)&dev_attr_threeg.store = store_threeg;
++ *(umode_t *)&dev_attr_bluetooth.attr.mode |= S_IWUSR;
++ *(umode_t *)&dev_attr_wlan.attr.mode |= S_IWUSR;
++ *(umode_t *)&dev_attr_threeg.attr.mode |= S_IWUSR;
++ pax_close_kernel();
+
+ /* disable hardware control by fn key */
+ result = ec_read(MSI_STANDARD_EC_SCM_LOAD_ADDRESS, &data);
+diff --git a/drivers/platform/x86/sony-laptop.c b/drivers/platform/x86/sony-laptop.c
+index 0fe987f..6f3d5c3 100644
+--- a/drivers/platform/x86/sony-laptop.c
++++ b/drivers/platform/x86/sony-laptop.c
+@@ -2356,7 +2356,7 @@ static void sony_nc_lid_resume_cleanup(struct platform_device *pd)
+ }
+
+ /* High speed charging function */
+-static struct device_attribute *hsc_handle;
++static device_attribute_no_const *hsc_handle;
+
+ static ssize_t sony_nc_highspeed_charging_store(struct device *dev,
+ struct device_attribute *attr,
diff --git a/drivers/platform/x86/thinkpad_acpi.c b/drivers/platform/x86/thinkpad_acpi.c
-index 75dd651..2af4c9a 100644
+index f946ca7..f25c833 100644
--- a/drivers/platform/x86/thinkpad_acpi.c
+++ b/drivers/platform/x86/thinkpad_acpi.c
@@ -2097,7 +2097,7 @@ static int hotkey_mask_get(void)
+ pax_close_kernel();
}
diff --git a/drivers/pnp/resource.c b/drivers/pnp/resource.c
-index b0ecacb..7c9da2e 100644
+index 3e6db1c..1fbbdae 100644
--- a/drivers/pnp/resource.c
+++ b/drivers/pnp/resource.c
@@ -360,7 +360,7 @@ int pnp_check_irq(struct pnp_dev *dev, struct resource *res)
ret = usb_register_notifier(transceiver, &otg_nb);
if (ret) {
dev_err(dev, "failure to register otg notifier\n");
+diff --git a/drivers/power/power_supply.h b/drivers/power/power_supply.h
+index cc439fd..8fa30df 100644
+--- a/drivers/power/power_supply.h
++++ b/drivers/power/power_supply.h
+@@ -16,12 +16,12 @@ struct power_supply;
+
+ #ifdef CONFIG_SYSFS
+
+-extern void power_supply_init_attrs(struct device_type *dev_type);
++extern void power_supply_init_attrs(void);
+ extern int power_supply_uevent(struct device *dev, struct kobj_uevent_env *env);
+
+ #else
+
+-static inline void power_supply_init_attrs(struct device_type *dev_type) {}
++static inline void power_supply_init_attrs(void) {}
+ #define power_supply_uevent NULL
+
+ #endif /* CONFIG_SYSFS */
+diff --git a/drivers/power/power_supply_core.c b/drivers/power/power_supply_core.c
+index 8a7cfb3..493e0a2 100644
+--- a/drivers/power/power_supply_core.c
++++ b/drivers/power/power_supply_core.c
+@@ -24,7 +24,10 @@
+ struct class *power_supply_class;
+ EXPORT_SYMBOL_GPL(power_supply_class);
+
+-static struct device_type power_supply_dev_type;
++extern const struct attribute_group *power_supply_attr_groups[];
++static struct device_type power_supply_dev_type = {
++ .groups = power_supply_attr_groups,
++};
+
+ static int __power_supply_changed_work(struct device *dev, void *data)
+ {
+@@ -393,7 +396,6 @@ static int __init power_supply_class_init(void)
+ return PTR_ERR(power_supply_class);
+
+ power_supply_class->dev_uevent = power_supply_uevent;
+- power_supply_init_attrs(&power_supply_dev_type);
+
+ return 0;
+ }
+diff --git a/drivers/power/power_supply_sysfs.c b/drivers/power/power_supply_sysfs.c
+index 40fa3b7..d9c2e0e 100644
+--- a/drivers/power/power_supply_sysfs.c
++++ b/drivers/power/power_supply_sysfs.c
+@@ -229,17 +229,15 @@ static struct attribute_group power_supply_attr_group = {
+ .is_visible = power_supply_attr_is_visible,
+ };
+
+-static const struct attribute_group *power_supply_attr_groups[] = {
++const struct attribute_group *power_supply_attr_groups[] = {
+ &power_supply_attr_group,
+ NULL,
+ };
+
+-void power_supply_init_attrs(struct device_type *dev_type)
++void power_supply_init_attrs(void)
+ {
+ int i;
+
+- dev_type->groups = power_supply_attr_groups;
+-
+ for (i = 0; i < ARRAY_SIZE(power_supply_attrs); i++)
+ __power_supply_attrs[i] = &power_supply_attrs[i].attr;
+ }
diff --git a/drivers/regulator/max8660.c b/drivers/regulator/max8660.c
-index 8d53174..04c65de 100644
+index 4d7c635..9860196 100644
--- a/drivers/regulator/max8660.c
+++ b/drivers/regulator/max8660.c
-@@ -333,8 +333,10 @@ static int __devinit max8660_probe(struct i2c_client *client,
+@@ -333,8 +333,10 @@ static int max8660_probe(struct i2c_client *client,
max8660->shadow_regs[MAX8660_OVER1] = 5;
} else {
/* Otherwise devices can be toggled via software */
}
/*
+diff --git a/drivers/regulator/max8973-regulator.c b/drivers/regulator/max8973-regulator.c
+index 9a8ea91..c483dd9 100644
+--- a/drivers/regulator/max8973-regulator.c
++++ b/drivers/regulator/max8973-regulator.c
+@@ -401,9 +401,11 @@ static int max8973_probe(struct i2c_client *client,
+ if (!pdata->enable_ext_control) {
+ max->desc.enable_reg = MAX8973_VOUT;
+ max->desc.enable_mask = MAX8973_VOUT_ENABLE;
+- max8973_dcdc_ops.enable = regulator_enable_regmap;
+- max8973_dcdc_ops.disable = regulator_disable_regmap;
+- max8973_dcdc_ops.is_enabled = regulator_is_enabled_regmap;
++ pax_open_kernel();
++ *(void **)&max8973_dcdc_ops.enable = regulator_enable_regmap;
++ *(void **)&max8973_dcdc_ops.disable = regulator_disable_regmap;
++ *(void **)&max8973_dcdc_ops.is_enabled = regulator_is_enabled_regmap;
++ pax_close_kernel();
+ }
+
+ max->enable_external_control = pdata->enable_ext_control;
diff --git a/drivers/regulator/mc13892-regulator.c b/drivers/regulator/mc13892-regulator.c
-index 1fa6381..f58834e 100644
+index 0d84b1f..c2da6ac 100644
--- a/drivers/regulator/mc13892-regulator.c
+++ b/drivers/regulator/mc13892-regulator.c
-@@ -540,10 +540,12 @@ static int __devinit mc13892_regulator_probe(struct platform_device *pdev)
+@@ -540,10 +540,12 @@ static int mc13892_regulator_probe(struct platform_device *pdev)
}
mc13xxx_unlock(mc13892);
mc13xxx_data = mc13xxx_parse_regulators_dt(pdev, mc13892_regulators,
ARRAY_SIZE(mc13892_regulators));
+diff --git a/drivers/rtc/rtc-cmos.c b/drivers/rtc/rtc-cmos.c
+index 16630aa..6afc992 100644
+--- a/drivers/rtc/rtc-cmos.c
++++ b/drivers/rtc/rtc-cmos.c
+@@ -724,7 +724,9 @@ cmos_do_probe(struct device *dev, struct resource *ports, int rtc_irq)
+ hpet_rtc_timer_init();
+
+ /* export at least the first block of NVRAM */
+- nvram.size = address_space - NVRAM_OFFSET;
++ pax_open_kernel();
++ *(size_t *)&nvram.size = address_space - NVRAM_OFFSET;
++ pax_close_kernel();
+ retval = sysfs_create_bin_file(&dev->kobj, &nvram);
+ if (retval < 0) {
+ dev_dbg(dev, "can't create nvram file? %d\n", retval);
diff --git a/drivers/rtc/rtc-dev.c b/drivers/rtc/rtc-dev.c
-index cace6d3..f623fda 100644
+index 9a86b4b..3a383dc 100644
--- a/drivers/rtc/rtc-dev.c
+++ b/drivers/rtc/rtc-dev.c
@@ -14,6 +14,7 @@
return rtc_set_time(rtc, &tm);
case RTC_PIE_ON:
-diff --git a/drivers/scsi/bfa/bfa.h b/drivers/scsi/bfa/bfa.h
-index 4ad7e36..d004679 100644
---- a/drivers/scsi/bfa/bfa.h
-+++ b/drivers/scsi/bfa/bfa.h
-@@ -196,7 +196,7 @@ struct bfa_hwif_s {
- u32 *end);
- int cpe_vec_q0;
- int rme_vec_q0;
--};
-+} __no_const;
- typedef void (*bfa_cb_iocfc_t) (void *cbarg, enum bfa_status status);
+diff --git a/drivers/rtc/rtc-ds1307.c b/drivers/rtc/rtc-ds1307.c
+index e0d0ba4..3c65868 100644
+--- a/drivers/rtc/rtc-ds1307.c
++++ b/drivers/rtc/rtc-ds1307.c
+@@ -106,7 +106,7 @@ struct ds1307 {
+ u8 offset; /* register's offset */
+ u8 regs[11];
+ u16 nvram_offset;
+- struct bin_attribute *nvram;
++ bin_attribute_no_const *nvram;
+ enum ds_type type;
+ unsigned long flags;
+ #define HAS_NVRAM 0 /* bit 0 == sysfs file active */
+diff --git a/drivers/rtc/rtc-m48t59.c b/drivers/rtc/rtc-m48t59.c
+index 130f29a..6179d03 100644
+--- a/drivers/rtc/rtc-m48t59.c
++++ b/drivers/rtc/rtc-m48t59.c
+@@ -482,7 +482,9 @@ static int m48t59_rtc_probe(struct platform_device *pdev)
+ goto out;
+ }
+
+- m48t59_nvram_attr.size = pdata->offset;
++ pax_open_kernel();
++ *(size_t *)&m48t59_nvram_attr.size = pdata->offset;
++ pax_close_kernel();
- struct bfa_faa_cbfn_s {
+ ret = sysfs_create_bin_file(&pdev->dev.kobj, &m48t59_nvram_attr);
+ if (ret) {
diff --git a/drivers/scsi/bfa/bfa_fcpim.h b/drivers/scsi/bfa/bfa_fcpim.h
index e693af6..2e525b6 100644
--- a/drivers/scsi/bfa/bfa_fcpim.h
/* These three are default values which can be overridden */
diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c
-index 4217e49..9c77e3e 100644
+index 4f33806..afd6f60 100644
--- a/drivers/scsi/hpsa.c
+++ b/drivers/scsi/hpsa.c
@@ -554,7 +554,7 @@ static inline u32 next_command(struct ctlr_info *h, u8 q)
(h->interrupts_enabled == 0);
}
-@@ -4318,7 +4318,7 @@ static int __devinit hpsa_pci_init(struct ctlr_info *h)
+@@ -4316,7 +4316,7 @@ static int hpsa_pci_init(struct ctlr_info *h)
if (prod_index < 0)
return -ENODEV;
h->product_name = products[prod_index].product_name;
pci_disable_link_state(h->pdev, PCIE_LINK_STATE_L0S |
PCIE_LINK_STATE_L1 | PCIE_LINK_STATE_CLKPM);
-@@ -4600,7 +4600,7 @@ static void controller_lockup_detected(struct ctlr_info *h)
+@@ -4598,7 +4598,7 @@ static void controller_lockup_detected(struct ctlr_info *h)
assert_spin_locked(&lockup_detector_lock);
remove_ctlr_from_lockup_detector_list(h);
spin_lock_irqsave(&h->lock, flags);
h->lockup_detected = readl(h->vaddr + SA5_SCRATCHPAD_OFFSET);
spin_unlock_irqrestore(&h->lock, flags);
-@@ -4778,7 +4778,7 @@ reinit_after_soft_reset:
+@@ -4775,7 +4775,7 @@ reinit_after_soft_reset:
}
/* make sure the board interrupts are off */
if (hpsa_request_irq(h, do_hpsa_intr_msi, do_hpsa_intr_intx))
goto clean2;
-@@ -4812,7 +4812,7 @@ reinit_after_soft_reset:
+@@ -4809,7 +4809,7 @@ reinit_after_soft_reset:
* fake ones to scoop up any residual completions.
*/
spin_lock_irqsave(&h->lock, flags);
spin_unlock_irqrestore(&h->lock, flags);
free_irqs(h);
rc = hpsa_request_irq(h, hpsa_msix_discard_completions,
-@@ -4831,9 +4831,9 @@ reinit_after_soft_reset:
+@@ -4828,9 +4828,9 @@ reinit_after_soft_reset:
dev_info(&h->pdev->dev, "Board READY.\n");
dev_info(&h->pdev->dev,
"Waiting for stale completions to drain.\n");
rc = controller_reset_failed(h->cfgtable);
if (rc)
-@@ -4854,7 +4854,7 @@ reinit_after_soft_reset:
+@@ -4851,7 +4851,7 @@ reinit_after_soft_reset:
}
/* Turn the interrupts on so we can service requests */
hpsa_hba_inquiry(h);
hpsa_register_scsi(h); /* hook ourselves into SCSI subsystem */
-@@ -4906,7 +4906,7 @@ static void hpsa_shutdown(struct pci_dev *pdev)
+@@ -4903,7 +4903,7 @@ static void hpsa_shutdown(struct pci_dev *pdev)
* To write all data in the battery backed cache to disks
*/
hpsa_flush_cache(h);
hpsa_free_irqs_and_disable_msix(h);
}
-@@ -5075,7 +5075,7 @@ static __devinit void hpsa_enter_performant_mode(struct ctlr_info *h,
+@@ -5071,7 +5071,7 @@ static void hpsa_enter_performant_mode(struct ctlr_info *h, u32 use_short_tags)
return;
}
/* Change the access methods to the performant access methods */
.qc_issue = sas_ata_qc_issue,
.qc_fill_rtf = sas_ata_qc_fill_rtf,
diff --git a/drivers/scsi/lpfc/lpfc.h b/drivers/scsi/lpfc/lpfc.h
-index 69b5993..1ac9dce 100644
+index df4c13a..a51e90c 100644
--- a/drivers/scsi/lpfc/lpfc.h
+++ b/drivers/scsi/lpfc/lpfc.h
@@ -424,7 +424,7 @@ struct lpfc_vport {
#endif
uint8_t stat_data_enabled;
uint8_t stat_data_blocked;
-@@ -840,8 +840,8 @@ struct lpfc_hba {
+@@ -842,8 +842,8 @@ struct lpfc_hba {
struct timer_list fabric_block_timer;
unsigned long bit_flags;
#define FABRIC_COMANDS_BLOCKED 0
unsigned long last_rsrc_error_time;
unsigned long last_ramp_down_time;
unsigned long last_ramp_up_time;
-@@ -877,7 +877,7 @@ struct lpfc_hba {
+@@ -879,7 +879,7 @@ struct lpfc_hba {
struct dentry *debug_slow_ring_trc;
struct lpfc_debugfs_trc *slow_ring_trc;
snprintf(name, sizeof(name), "discovery_trace");
vport->debug_disc_trc =
diff --git a/drivers/scsi/lpfc/lpfc_init.c b/drivers/scsi/lpfc/lpfc_init.c
-index 7dc4218..3436f08 100644
+index 89ad558..76956c4 100644
--- a/drivers/scsi/lpfc/lpfc_init.c
+++ b/drivers/scsi/lpfc/lpfc_init.c
-@@ -10589,8 +10589,10 @@ lpfc_init(void)
+@@ -10618,8 +10618,10 @@ lpfc_init(void)
"misc_register returned with status %d", error);
if (lpfc_enable_npiv) {
lpfc_transport_template =
fc_attach_transport(&lpfc_transport_functions);
diff --git a/drivers/scsi/lpfc/lpfc_scsi.c b/drivers/scsi/lpfc/lpfc_scsi.c
-index 7f45ac9..cf62eda 100644
+index 60e5a17..ff7a793 100644
--- a/drivers/scsi/lpfc/lpfc_scsi.c
+++ b/drivers/scsi/lpfc/lpfc_scsi.c
@@ -305,7 +305,7 @@ lpfc_rampdown_queue_depth(struct lpfc_hba *phba)
/**
diff --git a/drivers/scsi/pmcraid.c b/drivers/scsi/pmcraid.c
-index af763ea..41904f7 100644
+index b46f5e9..c4c4ccb 100644
--- a/drivers/scsi/pmcraid.c
+++ b/drivers/scsi/pmcraid.c
@@ -200,8 +200,8 @@ static int pmcraid_slave_alloc(struct scsi_device *scsi_dev)
return;
fw_version = be16_to_cpu(pinstance->inq_data->fw_version);
-@@ -5331,8 +5331,8 @@ static int __devinit pmcraid_init_instance(
+@@ -5324,8 +5324,8 @@ static int pmcraid_init_instance(struct pci_dev *pdev, struct Scsi_Host *host,
init_waitqueue_head(&pinstance->reset_wait_q);
atomic_set(&pinstance->outstanding_cmds, 0);
INIT_LIST_HEAD(&pinstance->free_res_q);
INIT_LIST_HEAD(&pinstance->used_res_q);
-@@ -6047,7 +6047,7 @@ static int __devinit pmcraid_probe(
+@@ -6038,7 +6038,7 @@ static int pmcraid_probe(struct pci_dev *pdev,
/* Schedule worker thread to handle CCN and take care of adding and
* removing devices to OS
*/
.show_host_node_name = 1,
.show_host_port_name = 1,
diff --git a/drivers/scsi/qla2xxx/qla_gbl.h b/drivers/scsi/qla2xxx/qla_gbl.h
-index 6acb397..d86e3e0 100644
+index 2411d1a..4673766 100644
--- a/drivers/scsi/qla2xxx/qla_gbl.h
+++ b/drivers/scsi/qla2xxx/qla_gbl.h
@@ -515,8 +515,8 @@ extern void qla2x00_get_sym_node_name(scsi_qla_host_t *, uint8_t *);
extern void qla2x00_free_sysfs_attr(scsi_qla_host_t *);
extern void qla2x00_init_host_attr(scsi_qla_host_t *);
diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c
-index f4b1fc8..a1ce4dd 100644
+index 10d23f8..a7d5d4c 100644
--- a/drivers/scsi/qla2xxx/qla_os.c
+++ b/drivers/scsi/qla2xxx/qla_os.c
-@@ -1462,8 +1462,10 @@ qla2x00_config_dma_addressing(struct qla_hw_data *ha)
+@@ -1472,8 +1472,10 @@ qla2x00_config_dma_addressing(struct qla_hw_data *ha)
!pci_set_consistent_dma_mask(ha->pdev, DMA_BIT_MASK(64))) {
/* Ok, a 64bit DMA mask is applicable. */
ha->flags.enable_64bit_addressing = 1;
uint32_t default_time2wait; /* Default Min time between
* relogins (+aens) */
diff --git a/drivers/scsi/qla4xxx/ql4_os.c b/drivers/scsi/qla4xxx/ql4_os.c
-index fbc546e..c7d1b48 100644
+index 4cec123..7c1329f 100644
--- a/drivers/scsi/qla4xxx/ql4_os.c
+++ b/drivers/scsi/qla4xxx/ql4_os.c
@@ -2621,12 +2621,12 @@ static void qla4xxx_check_relogin_flash_ddb(struct iscsi_cls_session *cls_sess)
/* check if the device is still usable */
if (unlikely(cmd->device->sdev_state == SDEV_DEL)) {
diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
-index 9032e91..7a805d0 100644
+index f1bf5af..f67e943 100644
--- a/drivers/scsi/scsi_lib.c
+++ b/drivers/scsi/scsi_lib.c
@@ -1454,7 +1454,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q)
err = class_register(&iscsi_transport_class);
if (err)
diff --git a/drivers/scsi/scsi_transport_srp.c b/drivers/scsi/scsi_transport_srp.c
-index 21a045e..ec89e03 100644
+index f379c7f..e8fc69c 100644
--- a/drivers/scsi/scsi_transport_srp.c
+++ b/drivers/scsi/scsi_transport_srp.c
@@ -33,7 +33,7 @@
};
#define to_srp_host_attrs(host) ((struct srp_host_attrs *)(host)->shost_data)
-@@ -62,7 +62,7 @@ static int srp_host_setup(struct transport_container *tc, struct device *dev,
+@@ -61,7 +61,7 @@ static int srp_host_setup(struct transport_container *tc, struct device *dev,
struct Scsi_Host *shost = dev_to_shost(dev);
struct srp_host_attrs *srp_host = to_srp_host_attrs(shost);
return 0;
}
-@@ -211,7 +211,7 @@ struct srp_rport *srp_rport_add(struct Scsi_Host *shost,
+@@ -210,7 +210,7 @@ struct srp_rport *srp_rport_add(struct Scsi_Host *shost,
memcpy(rport->port_id, ids->port_id, sizeof(rport->port_id));
rport->roles = ids->roles;
transport_setup_device(&rport->dev);
diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
-index a45e12a..d9120cb 100644
+index 7992635..609faf8 100644
--- a/drivers/scsi/sd.c
+++ b/drivers/scsi/sd.c
-@@ -2899,7 +2899,7 @@ static int sd_probe(struct device *dev)
+@@ -2909,7 +2909,7 @@ static int sd_probe(struct device *dev)
sdkp->disk = gd;
sdkp->index = index;
atomic_set(&sdkp->openers, 0);
return blk_trace_startstop(sdp->device->request_queue, 1);
case BLKTRACESTOP:
diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c
-index 84c2861..ece0a31 100644
+index 19ee901..6e8c2ef 100644
--- a/drivers/spi/spi.c
+++ b/drivers/spi/spi.c
-@@ -1453,7 +1453,7 @@ int spi_bus_unlock(struct spi_master *master)
+@@ -1616,7 +1616,7 @@ int spi_bus_unlock(struct spi_master *master)
EXPORT_SYMBOL_GPL(spi_bus_unlock);
/* portable code must never pass more than 32 bytes */
static u8 *buf;
+diff --git a/drivers/staging/iio/iio_hwmon.c b/drivers/staging/iio/iio_hwmon.c
+index c7a5f97..71ecd35 100644
+--- a/drivers/staging/iio/iio_hwmon.c
++++ b/drivers/staging/iio/iio_hwmon.c
+@@ -72,7 +72,7 @@ static void iio_hwmon_free_attrs(struct iio_hwmon_state *st)
+ static int iio_hwmon_probe(struct platform_device *pdev)
+ {
+ struct iio_hwmon_state *st;
+- struct sensor_device_attribute *a;
++ sensor_device_attribute_no_const *a;
+ int ret, i;
+ int in_i = 1, temp_i = 1, curr_i = 1;
+ enum iio_chan_type type;
diff --git a/drivers/staging/octeon/ethernet-rx.c b/drivers/staging/octeon/ethernet-rx.c
index 34afc16..ffe44dd 100644
--- a/drivers/staging/octeon/ethernet-rx.c
dev_kfree_skb_irq(skb);
}
diff --git a/drivers/staging/octeon/ethernet.c b/drivers/staging/octeon/ethernet.c
-index 683bedc..86dba9a 100644
+index ef32dc1..a159d68 100644
--- a/drivers/staging/octeon/ethernet.c
+++ b/drivers/staging/octeon/ethernet.c
@@ -252,11 +252,11 @@ static struct net_device_stats *cvm_oct_common_get_stats(struct net_device *dev)
struct io_req {
struct list_head list;
diff --git a/drivers/staging/sbe-2t3e3/netdev.c b/drivers/staging/sbe-2t3e3/netdev.c
-index 180c963..1f18377 100644
+index 1f5088b..0e59820 100644
--- a/drivers/staging/sbe-2t3e3/netdev.c
+++ b/drivers/staging/sbe-2t3e3/netdev.c
@@ -51,7 +51,7 @@ static int t3e3_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
return 0;
diff --git a/drivers/staging/usbip/vhci.h b/drivers/staging/usbip/vhci.h
-index c66b8b3..a4a035b 100644
+index 5dddc4d..34fcb2f 100644
--- a/drivers/staging/usbip/vhci.h
+++ b/drivers/staging/usbip/vhci.h
@@ -83,7 +83,7 @@ struct vhci_hcd {
/*
* NOTE:
diff --git a/drivers/staging/usbip/vhci_hcd.c b/drivers/staging/usbip/vhci_hcd.c
-index 620d1be..1cd6711 100644
+index c3aa219..bf8b3de 100644
--- a/drivers/staging/usbip/vhci_hcd.c
+++ b/drivers/staging/usbip/vhci_hcd.c
-@@ -471,7 +471,7 @@ static void vhci_tx_urb(struct urb *urb)
+@@ -451,7 +451,7 @@ static void vhci_tx_urb(struct urb *urb)
return;
}
if (priv->seqnum == 0xffff)
dev_info(&urb->dev->dev, "seqnum max\n");
-@@ -723,7 +723,7 @@ static int vhci_urb_dequeue(struct usb_hcd *hcd, struct urb *urb, int status)
+@@ -703,7 +703,7 @@ static int vhci_urb_dequeue(struct usb_hcd *hcd, struct urb *urb, int status)
return -ENOMEM;
}
if (unlink->seqnum == 0xffff)
pr_info("seqnum max\n");
-@@ -924,7 +924,7 @@ static int vhci_start(struct usb_hcd *hcd)
+@@ -907,7 +907,7 @@ static int vhci_start(struct usb_hcd *hcd)
vdev->rhport = rhport;
}
hcd->power_budget = 0; /* no limit */
diff --git a/drivers/staging/usbip/vhci_rx.c b/drivers/staging/usbip/vhci_rx.c
-index f0eaf04..5a82e06 100644
+index ba5f1c0..11d8122 100644
--- a/drivers/staging/usbip/vhci_rx.c
+++ b/drivers/staging/usbip/vhci_rx.c
@@ -77,7 +77,7 @@ static void vhci_recv_ret_submit(struct vhci_device *vdev,
return;
}
diff --git a/drivers/staging/vt6655/hostap.c b/drivers/staging/vt6655/hostap.c
-index 67b1b88..6392fe9 100644
+index 5f13890..36a044b 100644
--- a/drivers/staging/vt6655/hostap.c
+++ b/drivers/staging/vt6655/hostap.c
@@ -73,14 +73,13 @@ static int msglevel =MSG_LEVEL_INFO;
pDevice->apdev->type = ARPHRD_IEEE80211;
diff --git a/drivers/staging/vt6656/hostap.c b/drivers/staging/vt6656/hostap.c
-index 0a73d40..6fda560 100644
+index 26a7d0e..897b083 100644
--- a/drivers/staging/vt6656/hostap.c
+++ b/drivers/staging/vt6656/hostap.c
@@ -60,14 +60,13 @@ static int msglevel =MSG_LEVEL_INFO;
extern void tmem_register_hostops(struct tmem_hostops *m);
/* core tmem accessor functions */
-diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c
-index 13fe16c..cbdc39a 100644
---- a/drivers/target/target_core_transport.c
-+++ b/drivers/target/target_core_transport.c
-@@ -1085,7 +1085,7 @@ struct se_device *transport_add_device_to_core_hba(
+diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c
+index 96f4981..4daaa7e 100644
+--- a/drivers/target/target_core_device.c
++++ b/drivers/target/target_core_device.c
+@@ -1370,7 +1370,7 @@ struct se_device *target_alloc_device(struct se_hba *hba, const char *name)
spin_lock_init(&dev->se_port_lock);
spin_lock_init(&dev->se_tmr_lock);
spin_lock_init(&dev->qf_cmd_lock);
- atomic_set(&dev->dev_ordered_id, 0);
+ atomic_set_unchecked(&dev->dev_ordered_id, 0);
-
- se_dev_set_default_attribs(dev, dev_limits);
-
-@@ -1275,7 +1275,7 @@ static int transport_check_alloc_task_attr(struct se_cmd *cmd)
+ INIT_LIST_HEAD(&dev->t10_wwn.t10_vpd_list);
+ spin_lock_init(&dev->t10_wwn.t10_vpd_lock);
+ INIT_LIST_HEAD(&dev->t10_pr.registration_list);
+diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c
+index bd587b7..173daf3 100644
+--- a/drivers/target/target_core_transport.c
++++ b/drivers/target/target_core_transport.c
+@@ -1077,7 +1077,7 @@ transport_check_alloc_task_attr(struct se_cmd *cmd)
* Used to determine when ORDERED commands should go from
* Dormant to Active status.
*/
-- cmd->se_ordered_id = atomic_inc_return(&cmd->se_dev->dev_ordered_id);
-+ cmd->se_ordered_id = atomic_inc_return_unchecked(&cmd->se_dev->dev_ordered_id);
+- cmd->se_ordered_id = atomic_inc_return(&dev->dev_ordered_id);
++ cmd->se_ordered_id = atomic_inc_return_unchecked(&dev->dev_ordered_id);
smp_mb__after_atomic_inc();
pr_debug("Allocated se_ordered_id: %u for Task Attr: 0x%02x on %s\n",
cmd->se_ordered_id, cmd->sam_task_attr,
diff --git a/drivers/tty/cyclades.c b/drivers/tty/cyclades.c
-index 0a6a0bc..5501b06 100644
+index b09c8d1f..c4225c0 100644
--- a/drivers/tty/cyclades.c
+++ b/drivers/tty/cyclades.c
@@ -1589,10 +1589,10 @@ static int cy_open(struct tty_struct *tty, struct file *filp)
#endif
/*
-@@ -3989,7 +3989,7 @@ static int cyclades_proc_show(struct seq_file *m, void *v)
+@@ -3991,7 +3991,7 @@ static int cyclades_proc_show(struct seq_file *m, void *v)
for (j = 0; j < cy_card[i].nports; j++) {
info = &cy_card[i].ports[j];
spin_lock_irqsave(&hp->lock, flags);
diff --git a/drivers/tty/hvc/hvcs.c b/drivers/tty/hvc/hvcs.c
-index cab5c7a..4cc66ea 100644
+index 8776357..b2d4afd 100644
--- a/drivers/tty/hvc/hvcs.c
+++ b/drivers/tty/hvc/hvcs.c
@@ -83,6 +83,7 @@
return HVCS_BUFF_LEN - hvcsd->chars_in_buffer;
diff --git a/drivers/tty/ipwireless/tty.c b/drivers/tty/ipwireless/tty.c
-index 160f0ad..588b853 100644
+index 2cde13d..645d78f 100644
--- a/drivers/tty/ipwireless/tty.c
+++ b/drivers/tty/ipwireless/tty.c
@@ -29,6 +29,7 @@
ipwireless_disassociate_network_ttys(network,
ttyj->channel_idx);
diff --git a/drivers/tty/moxa.c b/drivers/tty/moxa.c
-index 56e616b..9d9f10a 100644
+index f9d2850..b006f04 100644
--- a/drivers/tty/moxa.c
+++ b/drivers/tty/moxa.c
-@@ -1189,7 +1189,7 @@ static int moxa_open(struct tty_struct *tty, struct file *filp)
+@@ -1193,7 +1193,7 @@ static int moxa_open(struct tty_struct *tty, struct file *filp)
}
ch = &brd->ports[port % MAX_PORTS_PER_BOARD];
tty_port_tty_set(&ch->port, tty);
mutex_lock(&ch->port.mutex);
diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c
-index 1e8e8ce..a9efc93 100644
+index bfd6771..e0d93c4 100644
--- a/drivers/tty/n_gsm.c
+++ b/drivers/tty/n_gsm.c
-@@ -1638,7 +1638,7 @@ static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr)
- kref_init(&dlci->ref);
+@@ -1636,7 +1636,7 @@ static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr)
+ spin_lock_init(&dlci->lock);
mutex_init(&dlci->mutex);
dlci->fifo = &dlci->_fifo;
- if (kfifo_alloc(&dlci->_fifo, 4096, GFP_KERNEL) < 0) {
kfree(dlci);
return NULL;
}
-@@ -2925,7 +2925,7 @@ static int gsmtty_open(struct tty_struct *tty, struct file *filp)
+@@ -2936,7 +2936,7 @@ static int gsmtty_open(struct tty_struct *tty, struct file *filp)
struct gsm_dlci *dlci = tty->driver_data;
struct tty_port *port = &dlci->port;
dlci_get(dlci->gsm->dlci[0]);
mux_get(dlci->gsm);
diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c
-index 8c0b7b4..e88f052 100644
+index 19083ef..6e34e97 100644
--- a/drivers/tty/n_tty.c
+++ b/drivers/tty/n_tty.c
-@@ -2142,6 +2142,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
+@@ -2196,6 +2196,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
{
*ops = tty_ldisc_N_TTY;
ops->owner = NULL;
}
EXPORT_SYMBOL_GPL(n_tty_inherit_ops);
diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c
-index 8cf8d0a..4ef9ed0 100644
+index 79ff3a5..1fe9399 100644
--- a/drivers/tty/pty.c
+++ b/drivers/tty/pty.c
-@@ -730,8 +730,10 @@ static void __init unix98_pty_init(void)
+@@ -791,8 +791,10 @@ static void __init unix98_pty_init(void)
panic("Couldn't register Unix98 pts driver");
/* Now create the /dev/ptmx special device */
cdev_init(&ptmx_cdev, &ptmx_fops);
if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) ||
diff --git a/drivers/tty/rocket.c b/drivers/tty/rocket.c
-index 9700d34..df7520c 100644
+index e42009a..566a036 100644
--- a/drivers/tty/rocket.c
+++ b/drivers/tty/rocket.c
-@@ -924,7 +924,7 @@ static int rp_open(struct tty_struct *tty, struct file *filp)
+@@ -925,7 +925,7 @@ static int rp_open(struct tty_struct *tty, struct file *filp)
tty->driver_data = info;
tty_port_tty_set(port, tty);
atomic_inc(&rp_num_ports_open);
#ifdef ROCKET_DEBUG_OPEN
-@@ -933,7 +933,7 @@ static int rp_open(struct tty_struct *tty, struct file *filp)
+@@ -934,7 +934,7 @@ static int rp_open(struct tty_struct *tty, struct file *filp)
#endif
}
#ifdef ROCKET_DEBUG_OPEN
#endif
/*
-@@ -1528,7 +1528,7 @@ static void rp_hangup(struct tty_struct *tty)
+@@ -1529,7 +1529,7 @@ static void rp_hangup(struct tty_struct *tty)
spin_unlock_irqrestore(&info->port.lock, flags);
return;
}
/* This is only available if kgdboc is a built in for early debugging */
static int __init kgdboc_early_init(char *opt)
diff --git a/drivers/tty/serial/samsung.c b/drivers/tty/serial/samsung.c
-index 7f04717..0f3794f 100644
+index e514b3a..c73d614 100644
--- a/drivers/tty/serial/samsung.c
+++ b/drivers/tty/serial/samsung.c
-@@ -445,11 +445,16 @@ static void s3c24xx_serial_shutdown(struct uart_port *port)
+@@ -453,11 +453,16 @@ static void s3c24xx_serial_shutdown(struct uart_port *port)
}
}
dbg("s3c24xx_serial_startup: port=%p (%08lx,%p)\n",
port->mapbase, port->membase);
-@@ -1115,10 +1120,6 @@ static int s3c24xx_serial_init_port(struct s3c24xx_uart_port *ourport,
+@@ -1122,10 +1127,6 @@ static int s3c24xx_serial_init_port(struct s3c24xx_uart_port *ourport,
/* setup info for port */
port->dev = &platdev->dev;
if (cfg->uart_flags & UPF_CONS_FLOW) {
diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c
-index 0fcfd98..8244fce 100644
+index 2c7230a..2104f16 100644
--- a/drivers/tty/serial/serial_core.c
+++ b/drivers/tty/serial/serial_core.c
-@@ -1408,7 +1408,7 @@ static void uart_hangup(struct tty_struct *tty)
+@@ -1455,7 +1455,7 @@ static void uart_hangup(struct tty_struct *tty)
uart_flush_buffer(tty);
uart_shutdown(tty, state);
spin_lock_irqsave(&port->lock, flags);
clear_bit(ASYNCB_NORMAL_ACTIVE, &port->flags);
spin_unlock_irqrestore(&port->lock, flags);
tty_port_tty_set(port, NULL);
-@@ -1504,7 +1504,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp)
+@@ -1551,7 +1551,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp)
goto end;
}
if (!state->uart_port || state->uart_port->flags & UPF_DEAD) {
retval = -ENXIO;
goto err_dec_count;
-@@ -1531,7 +1531,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp)
+@@ -1578,7 +1578,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp)
/*
* Make sure the device is in D0 state.
*/
uart_change_pm(state, 0);
/*
-@@ -1549,7 +1549,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp)
+@@ -1596,7 +1596,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp)
end:
return retval;
err_dec_count:
goto end;
}
diff --git a/drivers/tty/synclink.c b/drivers/tty/synclink.c
-index 70e3a52..5742052 100644
+index 9e071f6..f30ae69 100644
--- a/drivers/tty/synclink.c
+++ b/drivers/tty/synclink.c
@@ -3095,7 +3095,7 @@ static void mgsl_close(struct tty_struct *tty, struct file * filp)
}
return retval;
-@@ -7661,7 +7661,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding,
+@@ -7662,7 +7662,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding,
unsigned short new_crctype;
/* return error if TTY interface open */
return -EBUSY;
switch (encoding)
-@@ -7756,7 +7756,7 @@ static int hdlcdev_open(struct net_device *dev)
+@@ -7757,7 +7757,7 @@ static int hdlcdev_open(struct net_device *dev)
/* arbitrate between network and tty opens */
spin_lock_irqsave(&info->netlock, flags);
printk(KERN_WARNING "%s: hdlc_open returning busy\n", dev->name);
spin_unlock_irqrestore(&info->netlock, flags);
return -EBUSY;
-@@ -7842,7 +7842,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
+@@ -7843,7 +7843,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
printk("%s:hdlcdev_ioctl(%s)\n",__FILE__,dev->name);
/* return error if TTY interface open */
if (cmd != SIOCWANDEV)
diff --git a/drivers/tty/synclink_gt.c b/drivers/tty/synclink_gt.c
-index b38e954..ce45b38 100644
+index aba1e59..877ac33 100644
--- a/drivers/tty/synclink_gt.c
+++ b/drivers/tty/synclink_gt.c
@@ -671,7 +671,7 @@ static int open(struct tty_struct *tty, struct file *filp)
if (!retval)
diff --git a/drivers/tty/synclinkmp.c b/drivers/tty/synclinkmp.c
-index f17d9f3..27a041b 100644
+index fd43fb6..34704ad 100644
--- a/drivers/tty/synclinkmp.c
+++ b/drivers/tty/synclinkmp.c
@@ -751,7 +751,7 @@ static int open(struct tty_struct *tty, struct file *filp)
if (!retval)
port->flags |= ASYNC_NORMAL_ACTIVE;
diff --git a/drivers/tty/sysrq.c b/drivers/tty/sysrq.c
-index 16ee6ce..bfcac57 100644
+index b3c4a25..723916f 100644
--- a/drivers/tty/sysrq.c
+++ b/drivers/tty/sysrq.c
-@@ -866,7 +866,7 @@ EXPORT_SYMBOL(unregister_sysrq_key);
+@@ -867,7 +867,7 @@ EXPORT_SYMBOL(unregister_sysrq_key);
static ssize_t write_sysrq_trigger(struct file *file, const char __user *buf,
size_t count, loff_t *ppos)
{
if (get_user(c, buf))
diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
-index 2ea176b..2877bc8 100644
+index da9fde8..c07975f 100644
--- a/drivers/tty/tty_io.c
+++ b/drivers/tty/tty_io.c
-@@ -3395,7 +3395,7 @@ EXPORT_SYMBOL_GPL(get_current_tty);
+@@ -3391,7 +3391,7 @@ EXPORT_SYMBOL_GPL(get_current_tty);
void tty_default_fops(struct file_operations *fops)
{
/*
diff --git a/drivers/tty/tty_ldisc.c b/drivers/tty/tty_ldisc.c
-index 0f2a2c5..471e228 100644
+index c578229..45aa9ee 100644
--- a/drivers/tty/tty_ldisc.c
+++ b/drivers/tty/tty_ldisc.c
@@ -56,7 +56,7 @@ static void put_ldisc(struct tty_ldisc *ld)
- if (atomic_dec_and_lock(&ld->users, &tty_ldisc_lock)) {
+ if (atomic_dec_and_test(&ld->users)) {
struct tty_ldisc_ops *ldo = ld->ops;
- ldo->refcount--;
+ atomic_dec(&ldo->refcount);
module_put(ldo->owner);
- spin_unlock_irqrestore(&tty_ldisc_lock, flags);
+ raw_spin_unlock_irqrestore(&tty_ldisc_lock, flags);
@@ -91,7 +91,7 @@ int tty_register_ldisc(int disc, struct tty_ldisc_ops *new_ldisc)
- spin_lock_irqsave(&tty_ldisc_lock, flags);
+ raw_spin_lock_irqsave(&tty_ldisc_lock, flags);
tty_ldiscs[disc] = new_ldisc;
new_ldisc->num = disc;
- new_ldisc->refcount = 0;
+ atomic_set(&new_ldisc->refcount, 0);
- spin_unlock_irqrestore(&tty_ldisc_lock, flags);
+ raw_spin_unlock_irqrestore(&tty_ldisc_lock, flags);
return ret;
@@ -119,7 +119,7 @@ int tty_unregister_ldisc(int disc)
return -EINVAL;
- spin_lock_irqsave(&tty_ldisc_lock, flags);
+ raw_spin_lock_irqsave(&tty_ldisc_lock, flags);
- if (tty_ldiscs[disc]->refcount)
+ if (atomic_read(&tty_ldiscs[disc]->refcount))
ret = -EBUSY;
@@ -153,7 +153,7 @@ static void put_ldops(struct tty_ldisc_ops *ldops)
unsigned long flags;
- spin_lock_irqsave(&tty_ldisc_lock, flags);
+ raw_spin_lock_irqsave(&tty_ldisc_lock, flags);
- ldops->refcount--;
+ atomic_dec(&ldops->refcount);
module_put(ldops->owner);
- spin_unlock_irqrestore(&tty_ldisc_lock, flags);
+ raw_spin_unlock_irqrestore(&tty_ldisc_lock, flags);
}
diff --git a/drivers/tty/tty_port.c b/drivers/tty/tty_port.c
-index d7bdd8d..feaef30 100644
+index b7ff59d..7c6105e 100644
--- a/drivers/tty/tty_port.c
+++ b/drivers/tty/tty_port.c
-@@ -202,7 +202,7 @@ void tty_port_hangup(struct tty_port *port)
+@@ -218,7 +218,7 @@ void tty_port_hangup(struct tty_port *port)
unsigned long flags;
spin_lock_irqsave(&port->lock, flags);
port->flags &= ~ASYNC_NORMAL_ACTIVE;
if (port->tty) {
set_bit(TTY_IO_ERROR, &port->tty->flags);
-@@ -328,7 +328,7 @@ int tty_port_block_til_ready(struct tty_port *port,
+@@ -344,7 +344,7 @@ int tty_port_block_til_ready(struct tty_port *port,
/* The port lock protects the port counts */
spin_lock_irqsave(&port->lock, flags);
if (!tty_hung_up_p(filp))
port->blocked_open++;
spin_unlock_irqrestore(&port->lock, flags);
-@@ -370,7 +370,7 @@ int tty_port_block_til_ready(struct tty_port *port,
+@@ -386,7 +386,7 @@ int tty_port_block_til_ready(struct tty_port *port,
we must not mess that up further */
spin_lock_irqsave(&port->lock, flags);
if (!tty_hung_up_p(filp))
port->blocked_open--;
if (retval == 0)
port->flags |= ASYNC_NORMAL_ACTIVE;
-@@ -390,19 +390,19 @@ int tty_port_close_start(struct tty_port *port,
+@@ -406,19 +406,19 @@ int tty_port_close_start(struct tty_port *port,
return 0;
}
spin_unlock_irqrestore(&port->lock, flags);
if (port->ops->drop)
port->ops->drop(port);
-@@ -500,7 +500,7 @@ int tty_port_open(struct tty_port *port, struct tty_struct *tty,
+@@ -516,7 +516,7 @@ int tty_port_open(struct tty_port *port, struct tty_struct *tty,
{
spin_lock_irq(&port->lock);
if (!tty_hung_up_p(filp))
if (!left--) {
if (instance->disconnected)
+diff --git a/drivers/usb/class/cdc-wdm.c b/drivers/usb/class/cdc-wdm.c
+index 5f0cb41..122d056 100644
+--- a/drivers/usb/class/cdc-wdm.c
++++ b/drivers/usb/class/cdc-wdm.c
+@@ -56,6 +56,7 @@ MODULE_DEVICE_TABLE (usb, wdm_ids);
+ #define WDM_RESPONDING 7
+ #define WDM_SUSPENDING 8
+ #define WDM_RESETTING 9
++#define WDM_OVERFLOW 10
+
+ #define WDM_MAX 16
+
+@@ -155,6 +156,7 @@ static void wdm_in_callback(struct urb *urb)
+ {
+ struct wdm_device *desc = urb->context;
+ int status = urb->status;
++ int length = urb->actual_length;
+
+ spin_lock(&desc->iuspin);
+ clear_bit(WDM_RESPONDING, &desc->flags);
+@@ -185,9 +187,17 @@ static void wdm_in_callback(struct urb *urb)
+ }
+
+ desc->rerr = status;
+- desc->reslength = urb->actual_length;
+- memmove(desc->ubuf + desc->length, desc->inbuf, desc->reslength);
+- desc->length += desc->reslength;
++ if (length + desc->length > desc->wMaxCommand) {
++ /* The buffer would overflow */
++ set_bit(WDM_OVERFLOW, &desc->flags);
++ } else {
++ /* we may already be in overflow */
++ if (!test_bit(WDM_OVERFLOW, &desc->flags)) {
++ memmove(desc->ubuf + desc->length, desc->inbuf, length);
++ desc->length += length;
++ desc->reslength = length;
++ }
++ }
+ skip_error:
+ wake_up(&desc->wait);
+
+@@ -435,6 +445,11 @@ retry:
+ rv = -ENODEV;
+ goto err;
+ }
++ if (test_bit(WDM_OVERFLOW, &desc->flags)) {
++ clear_bit(WDM_OVERFLOW, &desc->flags);
++ rv = -ENOBUFS;
++ goto err;
++ }
+ i++;
+ if (file->f_flags & O_NONBLOCK) {
+ if (!test_bit(WDM_READ, &desc->flags)) {
+@@ -478,6 +493,7 @@ retry:
+ spin_unlock_irq(&desc->iuspin);
+ goto retry;
+ }
++
+ if (!desc->reslength) { /* zero length read */
+ dev_dbg(&desc->intf->dev, "%s: zero length - clearing WDM_READ\n", __func__);
+ clear_bit(WDM_READ, &desc->flags);
+@@ -1004,6 +1020,7 @@ static int wdm_post_reset(struct usb_interface *intf)
+ struct wdm_device *desc = wdm_find_device(intf);
+ int rv;
+
++ clear_bit(WDM_OVERFLOW, &desc->flags);
+ clear_bit(WDM_RESETTING, &desc->flags);
+ rv = recover_from_urb_loss(desc);
+ mutex_unlock(&desc->wlock);
diff --git a/drivers/usb/core/devices.c b/drivers/usb/core/devices.c
-index f460de3..95ba1f6 100644
+index cbacea9..246cccd 100644
--- a/drivers/usb/core/devices.c
+++ b/drivers/usb/core/devices.c
@@ -126,7 +126,7 @@ static const char format_endpt[] =
wake_up(&device_event.wait);
}
-@@ -647,7 +647,7 @@ static unsigned int usb_device_poll(struct file *file,
+@@ -645,7 +645,7 @@ static unsigned int usb_device_poll(struct file *file,
poll_wait(file, &device_event.wait, wait);
file->f_version = event_count;
return POLLIN | POLLRDNORM;
diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c
-index f034716..aed0368 100644
+index 8e64adf..9a33a3c 100644
--- a/drivers/usb/core/hcd.c
+++ b/drivers/usb/core/hcd.c
-@@ -1478,7 +1478,7 @@ int usb_hcd_submit_urb (struct urb *urb, gfp_t mem_flags)
+@@ -1522,7 +1522,7 @@ int usb_hcd_submit_urb (struct urb *urb, gfp_t mem_flags)
*/
usb_get_urb(urb);
atomic_inc(&urb->use_count);
usbmon_urb_submit(&hcd->self, urb);
/* NOTE requirements on root-hub callers (usbfs and the hub
-@@ -1505,7 +1505,7 @@ int usb_hcd_submit_urb (struct urb *urb, gfp_t mem_flags)
+@@ -1549,7 +1549,7 @@ int usb_hcd_submit_urb (struct urb *urb, gfp_t mem_flags)
urb->hcpriv = NULL;
INIT_LIST_HEAD(&urb->urb_list);
atomic_dec(&urb->use_count);
static DEVICE_ATTR(urbnum, S_IRUGO, show_urbnum, NULL);
diff --git a/drivers/usb/core/usb.c b/drivers/usb/core/usb.c
-index cd8fb44..17fbe0c 100644
+index f81b925..78d22ec 100644
--- a/drivers/usb/core/usb.c
+++ b/drivers/usb/core/usb.c
-@@ -397,7 +397,7 @@ struct usb_device *usb_alloc_dev(struct usb_device *parent,
+@@ -388,7 +388,7 @@ struct usb_device *usb_alloc_dev(struct usb_device *parent,
set_dev_node(&dev->dev, dev_to_node(bus->controller));
dev->state = USB_STATE_ATTACHED;
dev->lpm_disable_count = 1;
INIT_LIST_HEAD(&dev->ep0.urb_list);
dev->ep0.desc.bLength = USB_DT_ENDPOINT_SIZE;
diff --git a/drivers/usb/early/ehci-dbgp.c b/drivers/usb/early/ehci-dbgp.c
-index 4bfa78a..902bfbd 100644
+index 5e29dde..eca992f 100644
--- a/drivers/usb/early/ehci-dbgp.c
+++ b/drivers/usb/early/ehci-dbgp.c
@@ -98,7 +98,8 @@ static inline u32 dbgp_len_update(u32 x, u32 len)
return 0;
}
diff --git a/drivers/usb/gadget/u_serial.c b/drivers/usb/gadget/u_serial.c
-index f173952..83d6ec0 100644
+index 598dcc1..032dd4f 100644
--- a/drivers/usb/gadget/u_serial.c
+++ b/drivers/usb/gadget/u_serial.c
@@ -735,9 +735,9 @@ static int gs_open(struct tty_struct *tty, struct file *file)
gser = port->port_usb;
if (gser && gser->disconnect)
-@@ -1157,7 +1157,7 @@ static int gs_closed(struct gs_port *port)
+@@ -1159,7 +1159,7 @@ static int gs_closed(struct gs_port *port)
int cond;
spin_lock_irq(&port->port_lock);
spin_unlock_irq(&port->port_lock);
return cond;
}
-@@ -1270,7 +1270,7 @@ int gserial_connect(struct gserial *gser, u8 port_num)
+@@ -1273,7 +1273,7 @@ int gserial_connect(struct gserial *gser, u8 port_num)
/* if it's already open, start I/O ... and notify the serial
* protocol about open/close status (connect/disconnect).
*/
pr_debug("gserial_connect: start ttyGS%d\n", port->port_num);
gs_start_io(port);
if (gser->connect)
-@@ -1317,7 +1317,7 @@ void gserial_disconnect(struct gserial *gser)
+@@ -1320,7 +1320,7 @@ void gserial_disconnect(struct gserial *gser)
port->port_usb = NULL;
gser->ioport = NULL;
wake_up_interruptible(&port->drain_wait);
if (port->port.tty)
tty_hangup(port->port.tty);
-@@ -1333,7 +1333,7 @@ void gserial_disconnect(struct gserial *gser)
+@@ -1336,7 +1336,7 @@ void gserial_disconnect(struct gserial *gser)
/* finally, free any unused/unusable I/O buffers */
spin_lock_irqsave(&port->port_lock, flags);
usb_autopm_put_interface(serial->interface);
error_get_interface:
usb_serial_put(serial);
+diff --git a/drivers/usb/storage/usb.h b/drivers/usb/storage/usb.h
+index 75f70f0..d467e1a 100644
+--- a/drivers/usb/storage/usb.h
++++ b/drivers/usb/storage/usb.h
+@@ -63,7 +63,7 @@ struct us_unusual_dev {
+ __u8 useProtocol;
+ __u8 useTransport;
+ int (*initFunction)(struct us_data *);
+-};
++} __do_const;
+
+
+ /* Dynamic bitflag definitions (us->dflags): used in set_bit() etc. */
diff --git a/drivers/usb/wusbcore/wa-hc.h b/drivers/usb/wusbcore/wa-hc.h
index d6bea3e..60b250e 100644
--- a/drivers/usb/wusbcore/wa-hc.h
}
/*
-diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
-index dedaf81..b0f11ab 100644
---- a/drivers/vhost/vhost.c
-+++ b/drivers/vhost/vhost.c
-@@ -634,7 +634,7 @@ static long vhost_set_memory(struct vhost_dev *d, struct vhost_memory __user *m)
- return 0;
- }
-
--static long vhost_set_vring(struct vhost_dev *d, int ioctl, void __user *argp)
-+static long vhost_set_vring(struct vhost_dev *d, unsigned int ioctl, void __user *argp)
- {
- struct file *eventfp, *filep = NULL;
- bool pollstart = false, pollstop = false;
diff --git a/drivers/video/aty/aty128fb.c b/drivers/video/aty/aty128fb.c
-index 0fefa84..7a9d581 100644
+index 8c55011..eed4ae1a 100644
--- a/drivers/video/aty/aty128fb.c
+++ b/drivers/video/aty/aty128fb.c
@@ -149,7 +149,7 @@ enum {
};
/* Must match above enum */
--static char * const r128_family[] __devinitconst = {
-+static const char * const r128_family[] __devinitconst = {
+-static char * const r128_family[] = {
++static const char * const r128_family[] = {
"AGP",
"PCI",
"PRO AGP",
+diff --git a/drivers/video/aty/atyfb_base.c b/drivers/video/aty/atyfb_base.c
+index 4f27fdc..d3537e6 100644
+--- a/drivers/video/aty/atyfb_base.c
++++ b/drivers/video/aty/atyfb_base.c
+@@ -1325,10 +1325,14 @@ static int atyfb_set_par(struct fb_info *info)
+ par->accel_flags = var->accel_flags; /* hack */
+
+ if (var->accel_flags) {
+- info->fbops->fb_sync = atyfb_sync;
++ pax_open_kernel();
++ *(void **)&info->fbops->fb_sync = atyfb_sync;
++ pax_close_kernel();
+ info->flags &= ~FBINFO_HWACCEL_DISABLED;
+ } else {
+- info->fbops->fb_sync = NULL;
++ pax_open_kernel();
++ *(void **)&info->fbops->fb_sync = NULL;
++ pax_close_kernel();
+ info->flags |= FBINFO_HWACCEL_DISABLED;
+ }
+
+diff --git a/drivers/video/aty/mach64_cursor.c b/drivers/video/aty/mach64_cursor.c
+index 95ec042..e6affdd 100644
+--- a/drivers/video/aty/mach64_cursor.c
++++ b/drivers/video/aty/mach64_cursor.c
+@@ -7,6 +7,7 @@
+ #include <linux/string.h>
+
+ #include <asm/io.h>
++#include <asm/pgtable.h>
+
+ #ifdef __sparc__
+ #include <asm/fbio.h>
+@@ -208,7 +209,9 @@ int aty_init_cursor(struct fb_info *info)
+ info->sprite.buf_align = 16; /* and 64 lines tall. */
+ info->sprite.flags = FB_PIXMAP_IO;
+
+- info->fbops->fb_cursor = atyfb_cursor;
++ pax_open_kernel();
++ *(void **)&info->fbops->fb_cursor = atyfb_cursor;
++ pax_close_kernel();
+
+ return 0;
+ }
+diff --git a/drivers/video/backlight/kb3886_bl.c b/drivers/video/backlight/kb3886_bl.c
+index 6c5ed6b..b727c88 100644
+--- a/drivers/video/backlight/kb3886_bl.c
++++ b/drivers/video/backlight/kb3886_bl.c
+@@ -78,7 +78,7 @@ static struct kb3886bl_machinfo *bl_machinfo;
+ static unsigned long kb3886bl_flags;
+ #define KB3886BL_SUSPENDED 0x01
+
+-static struct dmi_system_id __initdata kb3886bl_device_table[] = {
++static const struct dmi_system_id __initconst kb3886bl_device_table[] = {
+ {
+ .ident = "Sahara Touch-iT",
+ .matches = {
+diff --git a/drivers/video/fb_defio.c b/drivers/video/fb_defio.c
+index 88cad6b..dd746c7 100644
+--- a/drivers/video/fb_defio.c
++++ b/drivers/video/fb_defio.c
+@@ -206,7 +206,9 @@ void fb_deferred_io_init(struct fb_info *info)
+
+ BUG_ON(!fbdefio);
+ mutex_init(&fbdefio->lock);
+- info->fbops->fb_mmap = fb_deferred_io_mmap;
++ pax_open_kernel();
++ *(void **)&info->fbops->fb_mmap = fb_deferred_io_mmap;
++ pax_close_kernel();
+ INIT_DELAYED_WORK(&info->deferred_work, fb_deferred_io_work);
+ INIT_LIST_HEAD(&fbdefio->pagelist);
+ if (fbdefio->delay == 0) /* set a default of 1 s */
+@@ -237,7 +239,7 @@ void fb_deferred_io_cleanup(struct fb_info *info)
+ page->mapping = NULL;
+ }
+
+- info->fbops->fb_mmap = NULL;
++ *(void **)&info->fbops->fb_mmap = NULL;
+ mutex_destroy(&fbdefio->lock);
+ }
+ EXPORT_SYMBOL_GPL(fb_deferred_io_cleanup);
diff --git a/drivers/video/fbcmap.c b/drivers/video/fbcmap.c
index 5c3960d..15cf8fc 100644
--- a/drivers/video/fbcmap.c
goto out1;
}
diff --git a/drivers/video/fbmem.c b/drivers/video/fbmem.c
-index 3ff0105..7589d98 100644
+index dc61c12..e29796e 100644
--- a/drivers/video/fbmem.c
+++ b/drivers/video/fbmem.c
@@ -428,7 +428,7 @@ static void fb_do_show_logo(struct fb_info *info, struct fb_image *image,
+4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
+4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
+4 4 4 4 4 4
+diff --git a/drivers/video/mb862xx/mb862xxfb_accel.c b/drivers/video/mb862xx/mb862xxfb_accel.c
+index fe92eed..106e085 100644
+--- a/drivers/video/mb862xx/mb862xxfb_accel.c
++++ b/drivers/video/mb862xx/mb862xxfb_accel.c
+@@ -312,14 +312,18 @@ void mb862xxfb_init_accel(struct fb_info *info, int xres)
+ struct mb862xxfb_par *par = info->par;
+
+ if (info->var.bits_per_pixel == 32) {
+- info->fbops->fb_fillrect = cfb_fillrect;
+- info->fbops->fb_copyarea = cfb_copyarea;
+- info->fbops->fb_imageblit = cfb_imageblit;
++ pax_open_kernel();
++ *(void **)&info->fbops->fb_fillrect = cfb_fillrect;
++ *(void **)&info->fbops->fb_copyarea = cfb_copyarea;
++ *(void **)&info->fbops->fb_imageblit = cfb_imageblit;
++ pax_close_kernel();
+ } else {
+ outreg(disp, GC_L0EM, 3);
+- info->fbops->fb_fillrect = mb86290fb_fillrect;
+- info->fbops->fb_copyarea = mb86290fb_copyarea;
+- info->fbops->fb_imageblit = mb86290fb_imageblit;
++ pax_open_kernel();
++ *(void **)&info->fbops->fb_fillrect = mb86290fb_fillrect;
++ *(void **)&info->fbops->fb_copyarea = mb86290fb_copyarea;
++ *(void **)&info->fbops->fb_imageblit = mb86290fb_imageblit;
++ pax_close_kernel();
+ }
+ outreg(draw, GDC_REG_DRAW_BASE, 0);
+ outreg(draw, GDC_REG_MODE_MISC, 0x8000);
+diff --git a/drivers/video/nvidia/nvidia.c b/drivers/video/nvidia/nvidia.c
+index ff22871..b129bed 100644
+--- a/drivers/video/nvidia/nvidia.c
++++ b/drivers/video/nvidia/nvidia.c
+@@ -669,19 +669,23 @@ static int nvidiafb_set_par(struct fb_info *info)
+ info->fix.line_length = (info->var.xres_virtual *
+ info->var.bits_per_pixel) >> 3;
+ if (info->var.accel_flags) {
+- info->fbops->fb_imageblit = nvidiafb_imageblit;
+- info->fbops->fb_fillrect = nvidiafb_fillrect;
+- info->fbops->fb_copyarea = nvidiafb_copyarea;
+- info->fbops->fb_sync = nvidiafb_sync;
++ pax_open_kernel();
++ *(void **)&info->fbops->fb_imageblit = nvidiafb_imageblit;
++ *(void **)&info->fbops->fb_fillrect = nvidiafb_fillrect;
++ *(void **)&info->fbops->fb_copyarea = nvidiafb_copyarea;
++ *(void **)&info->fbops->fb_sync = nvidiafb_sync;
++ pax_close_kernel();
+ info->pixmap.scan_align = 4;
+ info->flags &= ~FBINFO_HWACCEL_DISABLED;
+ info->flags |= FBINFO_READS_FAST;
+ NVResetGraphics(info);
+ } else {
+- info->fbops->fb_imageblit = cfb_imageblit;
+- info->fbops->fb_fillrect = cfb_fillrect;
+- info->fbops->fb_copyarea = cfb_copyarea;
+- info->fbops->fb_sync = NULL;
++ pax_open_kernel();
++ *(void **)&info->fbops->fb_imageblit = cfb_imageblit;
++ *(void **)&info->fbops->fb_fillrect = cfb_fillrect;
++ *(void **)&info->fbops->fb_copyarea = cfb_copyarea;
++ *(void **)&info->fbops->fb_sync = NULL;
++ pax_close_kernel();
+ info->pixmap.scan_align = 1;
+ info->flags |= FBINFO_HWACCEL_DISABLED;
+ info->flags &= ~FBINFO_READS_FAST;
+@@ -1173,8 +1177,11 @@ static int nvidia_set_fbinfo(struct fb_info *info)
+ info->pixmap.size = 8 * 1024;
+ info->pixmap.flags = FB_PIXMAP_SYSTEM;
+
+- if (!hwcur)
+- info->fbops->fb_cursor = NULL;
++ if (!hwcur) {
++ pax_open_kernel();
++ *(void **)&info->fbops->fb_cursor = NULL;
++ pax_close_kernel();
++ }
+
+ info->var.accel_flags = (!noaccel);
+
+diff --git a/drivers/video/s1d13xxxfb.c b/drivers/video/s1d13xxxfb.c
+index 76d9053..dec2bfd 100644
+--- a/drivers/video/s1d13xxxfb.c
++++ b/drivers/video/s1d13xxxfb.c
+@@ -881,8 +881,10 @@ static int s1d13xxxfb_probe(struct platform_device *pdev)
+
+ switch(prod_id) {
+ case S1D13506_PROD_ID: /* activate acceleration */
+- s1d13xxxfb_fbops.fb_fillrect = s1d13xxxfb_bitblt_solidfill;
+- s1d13xxxfb_fbops.fb_copyarea = s1d13xxxfb_bitblt_copyarea;
++ pax_open_kernel();
++ *(void **)&s1d13xxxfb_fbops.fb_fillrect = s1d13xxxfb_bitblt_solidfill;
++ *(void **)&s1d13xxxfb_fbops.fb_copyarea = s1d13xxxfb_bitblt_copyarea;
++ pax_close_kernel();
+ info->flags = FBINFO_DEFAULT | FBINFO_HWACCEL_YPAN |
+ FBINFO_HWACCEL_FILLRECT | FBINFO_HWACCEL_COPYAREA;
+ break;
+diff --git a/drivers/video/smscufx.c b/drivers/video/smscufx.c
+index 97bd662..39fab85 100644
+--- a/drivers/video/smscufx.c
++++ b/drivers/video/smscufx.c
+@@ -1171,7 +1171,9 @@ static int ufx_ops_release(struct fb_info *info, int user)
+ fb_deferred_io_cleanup(info);
+ kfree(info->fbdefio);
+ info->fbdefio = NULL;
+- info->fbops->fb_mmap = ufx_ops_mmap;
++ pax_open_kernel();
++ *(void **)&info->fbops->fb_mmap = ufx_ops_mmap;
++ pax_close_kernel();
+ }
+
+ pr_debug("released /dev/fb%d user=%d count=%d",
diff --git a/drivers/video/udlfb.c b/drivers/video/udlfb.c
-index 86d449e..af6a7f7 100644
+index 86d449e..8e04dc5 100644
--- a/drivers/video/udlfb.c
+++ b/drivers/video/udlfb.c
@@ -619,11 +619,11 @@ int dlfb_handle_damage(struct dlfb_data *dev, int x, int y,
>> 10)), /* Kcycles */
&dev->cpu_kcycles_used);
}
-@@ -1372,7 +1372,7 @@ static ssize_t metrics_bytes_rendered_show(struct device *fbdev,
+@@ -989,7 +989,9 @@ static int dlfb_ops_release(struct fb_info *info, int user)
+ fb_deferred_io_cleanup(info);
+ kfree(info->fbdefio);
+ info->fbdefio = NULL;
+- info->fbops->fb_mmap = dlfb_ops_mmap;
++ pax_open_kernel();
++ *(void **)&info->fbops->fb_mmap = dlfb_ops_mmap;
++ pax_close_kernel();
+ }
+
+ pr_warn("released /dev/fb%d user=%d count=%d\n",
+@@ -1372,7 +1374,7 @@ static ssize_t metrics_bytes_rendered_show(struct device *fbdev,
struct fb_info *fb_info = dev_get_drvdata(fbdev);
struct dlfb_data *dev = fb_info->par;
return snprintf(buf, PAGE_SIZE, "%u\n",
}
static ssize_t metrics_bytes_identical_show(struct device *fbdev,
-@@ -1380,7 +1380,7 @@ static ssize_t metrics_bytes_identical_show(struct device *fbdev,
+@@ -1380,7 +1382,7 @@ static ssize_t metrics_bytes_identical_show(struct device *fbdev,
struct fb_info *fb_info = dev_get_drvdata(fbdev);
struct dlfb_data *dev = fb_info->par;
return snprintf(buf, PAGE_SIZE, "%u\n",
}
static ssize_t metrics_bytes_sent_show(struct device *fbdev,
-@@ -1388,7 +1388,7 @@ static ssize_t metrics_bytes_sent_show(struct device *fbdev,
+@@ -1388,7 +1390,7 @@ static ssize_t metrics_bytes_sent_show(struct device *fbdev,
struct fb_info *fb_info = dev_get_drvdata(fbdev);
struct dlfb_data *dev = fb_info->par;
return snprintf(buf, PAGE_SIZE, "%u\n",
}
static ssize_t metrics_cpu_kcycles_used_show(struct device *fbdev,
-@@ -1396,7 +1396,7 @@ static ssize_t metrics_cpu_kcycles_used_show(struct device *fbdev,
+@@ -1396,7 +1398,7 @@ static ssize_t metrics_cpu_kcycles_used_show(struct device *fbdev,
struct fb_info *fb_info = dev_get_drvdata(fbdev);
struct dlfb_data *dev = fb_info->par;
return snprintf(buf, PAGE_SIZE, "%u\n",
}
static ssize_t edid_show(
-@@ -1456,10 +1456,10 @@ static ssize_t metrics_reset_store(struct device *fbdev,
+@@ -1456,10 +1458,10 @@ static ssize_t metrics_reset_store(struct device *fbdev,
struct fb_info *fb_info = dev_get_drvdata(fbdev);
struct dlfb_data *dev = fb_info->par;
return count;
}
diff --git a/drivers/video/uvesafb.c b/drivers/video/uvesafb.c
-index 2f8f82d..191de37 100644
+index b75db01..ad2f34a 100644
--- a/drivers/video/uvesafb.c
+++ b/drivers/video/uvesafb.c
@@ -19,6 +19,7 @@
#include <video/edid.h>
#include <video/uvesafb.h>
#ifdef CONFIG_X86
-@@ -569,10 +570,32 @@ static int __devinit uvesafb_vbe_getpmi(struct uvesafb_ktask *task,
+@@ -569,10 +570,32 @@ static int uvesafb_vbe_getpmi(struct uvesafb_ktask *task,
if ((task->t.regs.eax & 0xffff) != 0x4f || task->t.regs.es < 0xc000) {
par->pmi_setpal = par->ypan = 0;
} else {
printk(KERN_INFO "uvesafb: protected mode interface info at "
"%04x:%04x\n",
(u16)task->t.regs.es, (u16)task->t.regs.edi);
-@@ -818,13 +841,14 @@ static int __devinit uvesafb_vbe_init(struct fb_info *info)
+@@ -817,13 +840,14 @@ static int uvesafb_vbe_init(struct fb_info *info)
par->ypan = ypan;
if (par->pmi_setpal || par->ypan) {
}
#else
/* The protected mode interface is not available on non-x86. */
-@@ -1838,6 +1862,11 @@ out:
+@@ -1457,8 +1481,11 @@ static void uvesafb_init_info(struct fb_info *info, struct vbe_mode_ib *mode)
+ info->fix.ywrapstep = (par->ypan > 1) ? 1 : 0;
+
+ /* Disable blanking if the user requested so. */
+- if (!blank)
+- info->fbops->fb_blank = NULL;
++ if (!blank) {
++ pax_open_kernel();
++ *(void **)&info->fbops->fb_blank = NULL;
++ pax_close_kernel();
++ }
+
+ /*
+ * Find out how much IO memory is required for the mode with
+@@ -1534,8 +1561,11 @@ static void uvesafb_init_info(struct fb_info *info, struct vbe_mode_ib *mode)
+ info->flags = FBINFO_FLAG_DEFAULT |
+ (par->ypan ? FBINFO_HWACCEL_YPAN : 0);
+
+- if (!par->ypan)
+- info->fbops->fb_pan_display = NULL;
++ if (!par->ypan) {
++ pax_open_kernel();
++ *(void **)&info->fbops->fb_pan_display = NULL;
++ pax_close_kernel();
++ }
+ }
+
+ static void uvesafb_init_mtrr(struct fb_info *info)
+@@ -1836,6 +1866,11 @@ out:
if (par->vbe_modes)
kfree(par->vbe_modes);
framebuffer_release(info);
return err;
}
-@@ -1864,6 +1893,12 @@ static int uvesafb_remove(struct platform_device *dev)
+@@ -1862,6 +1897,12 @@ static int uvesafb_remove(struct platform_device *dev)
kfree(par->vbe_state_orig);
if (par->vbe_state_saved)
kfree(par->vbe_state_saved);
framebuffer_release(info);
diff --git a/drivers/video/vesafb.c b/drivers/video/vesafb.c
-index 501b340..86bd4cf 100644
+index 501b340..d80aa17 100644
--- a/drivers/video/vesafb.c
+++ b/drivers/video/vesafb.c
@@ -9,6 +9,7 @@
printk(KERN_INFO "vesafb: pmi: set display start = %p, set palette = %p\n",pmi_start,pmi_pal);
if (pmi_base[3]) {
printk(KERN_INFO "vesafb: pmi: ports = ");
-@@ -488,6 +514,11 @@ static int __init vesafb_probe(struct platform_device *dev)
+@@ -472,8 +498,11 @@ static int __init vesafb_probe(struct platform_device *dev)
+ info->flags = FBINFO_FLAG_DEFAULT | FBINFO_MISC_FIRMWARE |
+ (ypan ? FBINFO_HWACCEL_YPAN : 0);
+
+- if (!ypan)
+- info->fbops->fb_pan_display = NULL;
++ if (!ypan) {
++ pax_open_kernel();
++ *(void **)&info->fbops->fb_pan_display = NULL;
++ pax_close_kernel();
++ }
+
+ if (fb_alloc_cmap(&info->cmap, 256, 0) < 0) {
+ err = -ENOMEM;
+@@ -488,6 +517,11 @@ static int __init vesafb_probe(struct platform_device *dev)
info->node, info->fix.id);
return 0;
err:
static inline u32 get_pll_internal_frequency(u32 ref_freq,
-diff --git a/drivers/virtio/virtio_mmio.c b/drivers/virtio/virtio_mmio.c
-index 6b1b7e1..b2fa4d5 100644
---- a/drivers/virtio/virtio_mmio.c
-+++ b/drivers/virtio/virtio_mmio.c
-@@ -530,7 +530,7 @@ static int vm_cmdline_set(const char *device,
-
- resources[0].end = memparse(device, &str) - 1;
-
-- processed = sscanf(str, "@%lli:%u%n:%d%n",
-+ processed = sscanf(str, "@%lli:%llu%n:%d%n",
- &base, &resources[1].start, &consumed,
- &vm_cmdline_id, &consumed);
-
diff --git a/drivers/xen/xenfs/xenstored.c b/drivers/xen/xenfs/xenstored.c
index fef20db..d28b1ab 100644
--- a/drivers/xen/xenfs/xenstored.c
kiocb->ki_cur_seg = 0;
/* ki_nbytes/left now reflect bytes instead of segs */
diff --git a/fs/attr.c b/fs/attr.c
-index cce7df5..eaa2731 100644
+index 1449adb..a2038c2 100644
--- a/fs/attr.c
+++ b/fs/attr.c
-@@ -100,6 +100,7 @@ int inode_newsize_ok(const struct inode *inode, loff_t offset)
+@@ -102,6 +102,7 @@ int inode_newsize_ok(const struct inode *inode, loff_t offset)
unsigned long limit;
limit = rlimit(RLIMIT_FSIZE);
goto out_sig;
if (offset > inode->i_sb->s_maxbytes)
diff --git a/fs/autofs4/waitq.c b/fs/autofs4/waitq.c
-index dce436e..55e670d 100644
+index 03bc1d3..6205356 100644
--- a/fs/autofs4/waitq.c
+++ b/fs/autofs4/waitq.c
@@ -61,7 +61,7 @@ static int autofs4_write(struct autofs_sb_info *sbi,
ssize_t wr = 0;
sigpipe = sigismember(¤t->pending.signal, SIGPIPE);
-@@ -347,6 +347,10 @@ static int validate_request(struct autofs_wait_queue **wait,
+@@ -348,6 +348,10 @@ static int validate_request(struct autofs_wait_queue **wait,
return 1;
}
int autofs4_wait(struct autofs_sb_info *sbi, struct dentry *dentry,
enum autofs_notify notify)
{
-@@ -380,7 +384,12 @@ int autofs4_wait(struct autofs_sb_info *sbi, struct dentry *dentry,
+@@ -381,7 +385,12 @@ int autofs4_wait(struct autofs_sb_info *sbi, struct dentry *dentry,
/* If this is a direct mount request create a dummy name */
if (IS_ROOT(dentry) && autofs_type_trigger(sbi->type))
kfree(link);
}
diff --git a/fs/binfmt_aout.c b/fs/binfmt_aout.c
-index 0e7a6f8..332b1ca 100644
+index 6043567..16a9239 100644
--- a/fs/binfmt_aout.c
+++ b/fs/binfmt_aout.c
@@ -16,6 +16,7 @@
if ((dump.u_ssize + 1) * PAGE_SIZE > cprm->limit)
dump.u_ssize = 0;
-@@ -233,6 +238,8 @@ static int load_aout_binary(struct linux_binprm * bprm, struct pt_regs * regs)
+@@ -234,6 +239,8 @@ static int load_aout_binary(struct linux_binprm * bprm)
rlim = rlimit(RLIMIT_DATA);
if (rlim >= RLIM_INFINITY)
rlim = ~0;
if (ex.a_data + ex.a_bss > rlim)
return -ENOMEM;
-@@ -267,6 +274,27 @@ static int load_aout_binary(struct linux_binprm * bprm, struct pt_regs * regs)
+@@ -268,6 +275,27 @@ static int load_aout_binary(struct linux_binprm * bprm)
install_exec_creds(bprm);
if (N_MAGIC(ex) == OMAGIC) {
unsigned long text_addr, map_size;
loff_t pos;
-@@ -332,7 +360,7 @@ static int load_aout_binary(struct linux_binprm * bprm, struct pt_regs * regs)
+@@ -333,7 +361,7 @@ static int load_aout_binary(struct linux_binprm * bprm)
}
error = vm_mmap(bprm->file, N_DATADDR(ex), ex.a_data,
fd_offset + ex.a_text);
if (error != N_DATADDR(ex)) {
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
-index fbd9f60..0b845dd 100644
+index 0c42cdb..9551bb8 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -33,6 +33,7 @@
if ((current->flags & PF_RANDOMIZE) &&
!(current->personality & ADDR_NO_RANDOMIZE)) {
random_variable = get_random_int() & STACK_RND_MASK;
-@@ -564,7 +899,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
+@@ -564,7 +899,7 @@ static int load_elf_binary(struct linux_binprm *bprm)
unsigned long load_addr = 0, load_bias = 0;
int load_addr_set = 0;
char * elf_interpreter = NULL;
struct elf_phdr *elf_ppnt, *elf_phdata;
unsigned long elf_bss, elf_brk;
int retval, i;
-@@ -574,11 +909,11 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
+@@ -574,12 +909,12 @@ static int load_elf_binary(struct linux_binprm *bprm)
unsigned long start_code, end_code, start_data, end_data;
unsigned long reloc_func_desc __maybe_unused = 0;
int executable_stack = EXSTACK_DEFAULT;
- unsigned long def_flags = 0;
+ struct pt_regs *regs = current_pt_regs();
struct {
struct elfhdr elf_ex;
struct elfhdr interp_elf_ex;
loc = kmalloc(sizeof(*loc), GFP_KERNEL);
if (!loc) {
-@@ -714,11 +1049,81 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
+@@ -715,11 +1050,82 @@ static int load_elf_binary(struct linux_binprm *bprm)
goto out_free_dentry;
/* OK, This is the point of no return */
+#ifdef CONFIG_PAX_ASLR
+ current->mm->delta_mmap = 0UL;
+ current->mm->delta_stack = 0UL;
++ current->mm->aslr_gap = 0UL;
+#endif
+
+ current->mm->def_flags = 0;
if (elf_read_implies_exec(loc->elf_ex, executable_stack))
current->personality |= READ_IMPLIES_EXEC;
-@@ -809,6 +1214,20 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
+@@ -810,6 +1216,20 @@ static int load_elf_binary(struct linux_binprm *bprm)
#else
load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
#endif
}
error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
-@@ -841,9 +1260,9 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
+@@ -842,9 +1262,9 @@ static int load_elf_binary(struct linux_binprm *bprm)
* allowed task size. Note that p_filesz must always be
* <= p_memsz so it is only necessary to check p_memsz.
*/
/* set_brk can never work. Avoid overflows. */
send_sig(SIGKILL, current, 0);
retval = -EINVAL;
-@@ -882,17 +1301,44 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
+@@ -883,17 +1303,44 @@ static int load_elf_binary(struct linux_binprm *bprm)
goto out_free_dentry;
}
if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
+ unsigned long prot = PROT_NONE;
+
+ up_read(¤t->mm->mmap_sem);
-+ current->mm->brk_gap = PAGE_ALIGN(size) >> PAGE_SHIFT;
++ current->mm->aslr_gap += PAGE_ALIGN(size) >> PAGE_SHIFT;
+// if (current->personality & ADDR_NO_RANDOMIZE)
+// prot = PROT_READ;
+ start = vm_mmap(NULL, start, size, prot, MAP_ANONYMOUS | MAP_FIXED | MAP_PRIVATE, 0);
load_bias);
if (!IS_ERR((void *)elf_entry)) {
/*
-@@ -1114,7 +1560,7 @@ static bool always_dump_vma(struct vm_area_struct *vma)
+@@ -1115,7 +1562,7 @@ static bool always_dump_vma(struct vm_area_struct *vma)
* Decide what to dump of a segment, part, all or none.
*/
static unsigned long vma_dump_size(struct vm_area_struct *vma,
{
#define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type))
-@@ -1151,7 +1597,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
+@@ -1152,7 +1599,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
if (vma->vm_file == NULL)
return 0;
goto whole;
/*
-@@ -1373,9 +1819,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
+@@ -1374,9 +1821,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
{
elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
int i = 0;
fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
}
-@@ -2003,14 +2449,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
+@@ -2006,14 +2453,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
}
static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma,
return size;
}
-@@ -2104,7 +2550,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2107,7 +2554,7 @@ static int elf_core_dump(struct coredump_params *cprm)
dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
offset += elf_core_extra_data_size();
e_shoff = offset;
-@@ -2118,10 +2564,12 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2121,10 +2568,12 @@ static int elf_core_dump(struct coredump_params *cprm)
offset = dataoff;
size += sizeof(*elf);
if (size > cprm->limit
|| !dump_write(cprm->file, phdr4note, sizeof(*phdr4note)))
goto end_coredump;
-@@ -2135,7 +2583,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2138,7 +2587,7 @@ static int elf_core_dump(struct coredump_params *cprm)
phdr.p_offset = offset;
phdr.p_vaddr = vma->vm_start;
phdr.p_paddr = 0;
phdr.p_memsz = vma->vm_end - vma->vm_start;
offset += phdr.p_filesz;
phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
-@@ -2146,6 +2594,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2149,6 +2598,7 @@ static int elf_core_dump(struct coredump_params *cprm)
phdr.p_align = ELF_EXEC_PAGESIZE;
size += sizeof(phdr);
if (size > cprm->limit
|| !dump_write(cprm->file, &phdr, sizeof(phdr)))
goto end_coredump;
-@@ -2170,7 +2619,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2173,7 +2623,7 @@ static int elf_core_dump(struct coredump_params *cprm)
unsigned long addr;
unsigned long end;
for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
struct page *page;
-@@ -2179,6 +2628,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2182,6 +2632,7 @@ static int elf_core_dump(struct coredump_params *cprm)
page = get_dump_page(addr);
if (page) {
void *kaddr = kmap(page);
stop = ((size += PAGE_SIZE) > cprm->limit) ||
!dump_write(cprm->file, kaddr,
PAGE_SIZE);
-@@ -2196,6 +2646,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2199,6 +2650,7 @@ static int elf_core_dump(struct coredump_params *cprm)
if (e_phnum == PN_XNUM) {
size += sizeof(*shdr4extnum);
if (size > cprm->limit
|| !dump_write(cprm->file, shdr4extnum,
sizeof(*shdr4extnum)))
-@@ -2216,6 +2667,97 @@ out:
+@@ -2219,6 +2671,97 @@ out:
#endif /* CONFIG_ELF_CORE */
{
register_binfmt(&elf_format);
diff --git a/fs/binfmt_flat.c b/fs/binfmt_flat.c
-index e280352..7b2f231 100644
+index b563719..3868998 100644
--- a/fs/binfmt_flat.c
+++ b/fs/binfmt_flat.c
@@ -562,7 +562,9 @@ static int load_flat_file(struct linux_binprm * bprm,
__bio_for_each_segment(bvec, bio, i, 0) {
char *addr = page_address(bvec->bv_page);
diff --git a/fs/block_dev.c b/fs/block_dev.c
-index ab3a456..7da538b 100644
+index 78333a3..23dcb4d 100644
--- a/fs/block_dev.c
+++ b/fs/block_dev.c
@@ -651,7 +651,7 @@ static bool bd_may_claim(struct block_device *bdev, struct block_device *whole,
else if (whole->bd_holder != NULL)
return false; /* is a partition of a held device */
diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c
-index cdfb4c4..da736d4 100644
+index eea5da7..88fead70 100644
--- a/fs/btrfs/ctree.c
+++ b/fs/btrfs/ctree.c
-@@ -1035,9 +1035,12 @@ static noinline int __btrfs_cow_block(struct btrfs_trans_handle *trans,
+@@ -1033,9 +1033,12 @@ static noinline int __btrfs_cow_block(struct btrfs_trans_handle *trans,
free_extent_buffer(buf);
add_root_to_dirty_list(root);
} else {
WARN_ON(trans->transid != btrfs_header_generation(parent));
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
-index 95542a1..95a8727 100644
+index 659ea81..0f63c1a 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
-@@ -7243,7 +7243,7 @@ fail:
+@@ -7300,7 +7300,7 @@ fail:
return -ENOMEM;
}
struct dentry *dentry, struct kstat *stat)
{
struct inode *inode = dentry->d_inode;
-@@ -7257,6 +7257,14 @@ static int btrfs_getattr(struct vfsmount *mnt,
+@@ -7314,6 +7314,14 @@ static int btrfs_getattr(struct vfsmount *mnt,
return 0;
}
* If a file is moved, it will inherit the cow and compression flags of the new
* directory.
diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
-index 8fcf9a5..a200000 100644
+index 338f259..b657640 100644
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
-@@ -2965,9 +2965,12 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
+@@ -3033,9 +3033,12 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
for (i = 0; i < num_types; i++) {
struct btrfs_space_info *tmp;
info = NULL;
rcu_read_lock();
list_for_each_entry_rcu(tmp, &root->fs_info->space_info,
-@@ -2989,10 +2992,7 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
+@@ -3057,10 +3060,7 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
memcpy(dest, &space, sizeof(space));
dest++;
space_args.total_spaces++;
up_read(&info->groups_sem);
}
diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c
-index 776f0aa..3aad281 100644
+index 300e09a..9fe4539 100644
--- a/fs/btrfs/relocation.c
+++ b/fs/btrfs/relocation.c
@@ -1269,7 +1269,7 @@ static int __update_reloc_root(struct btrfs_root *root, int del)
if (!del) {
spin_lock(&rc->reloc_root_tree.lock);
+diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c
+index d8982e9..29a85fa 100644
+--- a/fs/btrfs/super.c
++++ b/fs/btrfs/super.c
+@@ -267,7 +267,7 @@ void __btrfs_abort_transaction(struct btrfs_trans_handle *trans,
+ function, line, errstr);
+ return;
+ }
+- ACCESS_ONCE(trans->transaction->aborted) = errno;
++ ACCESS_ONCE_RW(trans->transaction->aborted) = errno;
+ __btrfs_std_error(root->fs_info, function, line, errno, NULL);
+ }
+ /*
diff --git a/fs/cachefiles/bind.c b/fs/cachefiles/bind.c
index 622f469..e8d2d55 100644
--- a/fs/cachefiles/bind.c
cache->bstop_percent = bstop;
diff --git a/fs/cachefiles/internal.h b/fs/cachefiles/internal.h
-index bd6bc1b..b627b53 100644
+index 4938251..7e01445 100644
--- a/fs/cachefiles/internal.h
+++ b/fs/cachefiles/internal.h
-@@ -57,7 +57,7 @@ struct cachefiles_cache {
+@@ -59,7 +59,7 @@ struct cachefiles_cache {
wait_queue_head_t daemon_pollwq; /* poll waitqueue for daemon */
struct rb_root active_nodes; /* active nodes (can't be culled) */
rwlock_t active_lock; /* lock for active_nodes */
unsigned frun_percent; /* when to stop culling (% files) */
unsigned fcull_percent; /* when to start culling (% files) */
unsigned fstop_percent; /* when to stop allocating (% files) */
-@@ -169,19 +169,19 @@ extern int cachefiles_check_in_use(struct cachefiles_cache *cache,
+@@ -171,19 +171,19 @@ extern int cachefiles_check_in_use(struct cachefiles_cache *cache,
* proc.c
*/
#ifdef CONFIG_CACHEFILES_HISTOGRAM
#else
diff --git a/fs/cachefiles/namei.c b/fs/cachefiles/namei.c
-index b0b5f7c..039bb26 100644
+index 8c01c5fc..15f982e 100644
--- a/fs/cachefiles/namei.c
+++ b/fs/cachefiles/namei.c
-@@ -318,7 +318,7 @@ try_again:
+@@ -317,7 +317,7 @@ try_again:
/* first step is to make up a grave dentry in the graveyard */
sprintf(nbuffer, "%08x%08x",
(uint32_t) get_seconds(),
return 0;
diff --git a/fs/cachefiles/rdwr.c b/fs/cachefiles/rdwr.c
-index c994691..2a1537f 100644
+index 4809922..aab2c39 100644
--- a/fs/cachefiles/rdwr.c
+++ b/fs/cachefiles/rdwr.c
-@@ -945,7 +945,7 @@ int cachefiles_write_page(struct fscache_storage *op, struct page *page)
+@@ -965,7 +965,7 @@ int cachefiles_write_page(struct fscache_storage *op, struct page *page)
old_fs = get_fs();
set_fs(KERNEL_DS);
ret = file->f_op->write(
kunmap(page);
if (ret != len)
diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c
-index e5b7731..b9c59fb 100644
+index 8c1aabe..bbf856a 100644
--- a/fs/ceph/dir.c
+++ b/fs/ceph/dir.c
@@ -243,7 +243,7 @@ static int ceph_readdir(struct file *filp, void *dirent, filldir_t filldir)
server->ops->print_stats(m, tcon);
}
diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c
-index e7931cc..76a1ab9 100644
+index e328339..322228b 100644
--- a/fs/cifs/cifsfs.c
+++ b/fs/cifs/cifsfs.c
-@@ -999,7 +999,7 @@ cifs_init_request_bufs(void)
+@@ -1002,7 +1002,7 @@ cifs_init_request_bufs(void)
/* cERROR(1, "CIFSMaxBufSize %d 0x%x",CIFSMaxBufSize,CIFSMaxBufSize); */
cifs_req_cachep = kmem_cache_create("cifs_request",
CIFSMaxBufSize + max_hdr_size, 0,
if (cifs_req_cachep == NULL)
return -ENOMEM;
-@@ -1026,7 +1026,7 @@ cifs_init_request_bufs(void)
+@@ -1029,7 +1029,7 @@ cifs_init_request_bufs(void)
efficient to alloc 1 per page off the slab compared to 17K (5page)
alloc of large cifs buffers even when page debugging is on */
cifs_sm_req_cachep = kmem_cache_create("cifs_small_rq",
NULL);
if (cifs_sm_req_cachep == NULL) {
mempool_destroy(cifs_req_poolp);
-@@ -1111,8 +1111,8 @@ init_cifs(void)
+@@ -1114,8 +1114,8 @@ init_cifs(void)
atomic_set(&bufAllocCount, 0);
atomic_set(&smBufAllocCount, 0);
#ifdef CONFIG_CIFS_STATS2
atomic_set(&midCount, 0);
diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
-index f5af252..489b5f2 100644
+index e6899ce..d6b2920 100644
--- a/fs/cifs/cifsglob.h
+++ b/fs/cifs/cifsglob.h
@@ -751,35 +751,35 @@ struct cifs_tcon {
} smb2_stats;
#endif /* CONFIG_CIFS_SMB2 */
} stats;
-@@ -1094,7 +1094,7 @@ build_path_to_root(struct smb_vol *vol, struct cifs_sb_info *cifs_sb,
+@@ -1080,7 +1080,7 @@ convert_delimiter(char *path, char delim)
}
#ifdef CONFIG_CIFS_STATS
static inline void cifs_stats_bytes_written(struct cifs_tcon *tcon,
unsigned int bytes)
-@@ -1459,8 +1459,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount;
+@@ -1445,8 +1445,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount;
/* Various Debug counters */
GLOBAL_EXTERN atomic_t bufAllocCount; /* current number allocated */
#ifdef CONFIG_CIFS_STATS2
}
diff --git a/fs/cifs/smb1ops.c b/fs/cifs/smb1ops.c
-index 591bf19..690d600 100644
+index 47bc5a8..10decbe 100644
--- a/fs/cifs/smb1ops.c
+++ b/fs/cifs/smb1ops.c
-@@ -617,27 +617,27 @@ static void
+@@ -586,27 +586,27 @@ static void
cifs_clear_stats(struct cifs_tcon *tcon)
{
#ifdef CONFIG_CIFS_STATS
#endif
}
-@@ -646,36 +646,36 @@ cifs_print_stats(struct seq_file *m, struct cifs_tcon *tcon)
+@@ -615,36 +615,36 @@ cifs_print_stats(struct seq_file *m, struct cifs_tcon *tcon)
{
#ifdef CONFIG_CIFS_STATS
seq_printf(m, " Oplocks breaks: %d",
}
diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
-index 4d9dbe0..0af4601 100644
+index bceffe7..cd1ae59 100644
--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
-@@ -291,8 +291,8 @@ smb2_clear_stats(struct cifs_tcon *tcon)
+@@ -274,8 +274,8 @@ smb2_clear_stats(struct cifs_tcon *tcon)
#ifdef CONFIG_CIFS_STATS
int i;
for (i = 0; i < NUMBER_OF_SMB2_COMMANDS; i++) {
}
#endif
}
-@@ -301,66 +301,66 @@ static void
+@@ -284,66 +284,66 @@ static void
smb2_print_stats(struct seq_file *m, struct cifs_tcon *tcon)
{
#ifdef CONFIG_CIFS_STATS
#endif
}
+diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
+index 41d9d07..dbb4772 100644
+--- a/fs/cifs/smb2pdu.c
++++ b/fs/cifs/smb2pdu.c
+@@ -1761,8 +1761,7 @@ SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon,
+ default:
+ cERROR(1, "info level %u isn't supported",
+ srch_inf->info_level);
+- rc = -EINVAL;
+- goto qdir_exit;
++ return -EINVAL;
+ }
+
+ req->FileIndex = cpu_to_le32(index);
diff --git a/fs/coda/cache.c b/fs/coda/cache.c
index 958ae0e..505c9d0 100644
--- a/fs/coda/cache.c
return hit;
diff --git a/fs/compat.c b/fs/compat.c
-index 015e1e1..5ce8e54 100644
+index a06dcbc..dacb6d3 100644
--- a/fs/compat.c
+++ b/fs/compat.c
+@@ -54,7 +54,7 @@
+ #include <asm/ioctls.h>
+ #include "internal.h"
+
+-int compat_log = 1;
++int compat_log = 0;
+
+ int compat_printk(const char *fmt, ...)
+ {
@@ -490,7 +490,7 @@ compat_sys_io_setup(unsigned nr_reqs, u32 __user *ctx32p)
set_fs(KERNEL_DS);
goto out;
if (nr_segs > fast_segs) {
ret = -ENOMEM;
-@@ -831,6 +831,7 @@ struct compat_old_linux_dirent {
+@@ -835,6 +835,7 @@ struct compat_old_linux_dirent {
struct compat_readdir_callback {
struct compat_old_linux_dirent __user *dirent;
int result;
};
-@@ -848,6 +849,10 @@ static int compat_fillonedir(void *__buf, const char *name, int namlen,
+@@ -852,6 +853,10 @@ static int compat_fillonedir(void *__buf, const char *name, int namlen,
buf->result = -EOVERFLOW;
return -EOVERFLOW;
}
buf->result++;
dirent = buf->dirent;
if (!access_ok(VERIFY_WRITE, dirent,
-@@ -878,6 +883,7 @@ asmlinkage long compat_sys_old_readdir(unsigned int fd,
+@@ -882,6 +887,7 @@ asmlinkage long compat_sys_old_readdir(unsigned int fd,
buf.result = 0;
buf.dirent = dirent;
error = vfs_readdir(f.file, compat_fillonedir, &buf);
if (buf.result)
-@@ -897,6 +903,7 @@ struct compat_linux_dirent {
+@@ -901,6 +907,7 @@ struct compat_linux_dirent {
struct compat_getdents_callback {
struct compat_linux_dirent __user *current_dir;
struct compat_linux_dirent __user *previous;
int count;
int error;
};
-@@ -918,6 +925,10 @@ static int compat_filldir(void *__buf, const char *name, int namlen,
+@@ -922,6 +929,10 @@ static int compat_filldir(void *__buf, const char *name, int namlen,
buf->error = -EOVERFLOW;
return -EOVERFLOW;
}
dirent = buf->previous;
if (dirent) {
if (__put_user(offset, &dirent->d_off))
-@@ -963,6 +974,7 @@ asmlinkage long compat_sys_getdents(unsigned int fd,
+@@ -967,6 +978,7 @@ asmlinkage long compat_sys_getdents(unsigned int fd,
buf.previous = NULL;
buf.count = count;
buf.error = 0;
error = vfs_readdir(f.file, compat_filldir, &buf);
if (error >= 0)
-@@ -983,6 +995,7 @@ asmlinkage long compat_sys_getdents(unsigned int fd,
+@@ -987,6 +999,7 @@ asmlinkage long compat_sys_getdents(unsigned int fd,
struct compat_getdents_callback64 {
struct linux_dirent64 __user *current_dir;
struct linux_dirent64 __user *previous;
int count;
int error;
};
-@@ -999,6 +1012,10 @@ static int compat_filldir64(void * __buf, const char * name, int namlen, loff_t
+@@ -1003,6 +1016,10 @@ static int compat_filldir64(void * __buf, const char * name, int namlen, loff_t
buf->error = -EINVAL; /* only used if we fail.. */
if (reclen > buf->count)
return -EINVAL;
dirent = buf->previous;
if (dirent) {
-@@ -1048,13 +1065,14 @@ asmlinkage long compat_sys_getdents64(unsigned int fd,
+@@ -1052,13 +1069,14 @@ asmlinkage long compat_sys_getdents64(unsigned int fd,
buf.previous = NULL;
buf.count = count;
buf.error = 0;
/*
diff --git a/fs/compat_ioctl.c b/fs/compat_ioctl.c
-index 4c6285f..b7a2411 100644
+index e2f57a0..3c78771 100644
--- a/fs/compat_ioctl.c
+++ b/fs/compat_ioctl.c
@@ -623,7 +623,7 @@ static int serial_struct_ioctl(unsigned fd, unsigned cmd,
return -EFAULT;
return ioctl_preallocate(file, p);
-@@ -1617,8 +1617,8 @@ asmlinkage long compat_sys_ioctl(unsigned int fd, unsigned int cmd,
+@@ -1620,8 +1620,8 @@ asmlinkage long compat_sys_ioctl(unsigned int fd, unsigned int cmd,
static int __init init_sys32_ioctl_cmp(const void *p, const void *q)
{
unsigned int a, b;
return 1;
if (a < b)
diff --git a/fs/configfs/dir.c b/fs/configfs/dir.c
-index 7414ae2..d98ad6d 100644
+index 712b10f..c33c4ca 100644
--- a/fs/configfs/dir.c
+++ b/fs/configfs/dir.c
-@@ -1564,7 +1564,8 @@ static int configfs_readdir(struct file * filp, void * dirent, filldir_t filldir
+@@ -1037,10 +1037,11 @@ static int configfs_dump(struct configfs_dirent *sd, int level)
+ static int configfs_depend_prep(struct dentry *origin,
+ struct config_item *target)
+ {
+- struct configfs_dirent *child_sd, *sd = origin->d_fsdata;
++ struct configfs_dirent *child_sd, *sd;
+ int ret = 0;
+
+- BUG_ON(!origin || !sd);
++ BUG_ON(!origin || !origin->d_fsdata);
++ sd = origin->d_fsdata;
+
+ if (sd->s_element == target) /* Boo-yah */
+ goto out;
+@@ -1564,7 +1565,8 @@ static int configfs_readdir(struct file * filp, void * dirent, filldir_t filldir
}
for (p=q->next; p!= &parent_sd->s_children; p=p->next) {
struct configfs_dirent *next;
int len;
struct inode *inode = NULL;
-@@ -1574,7 +1575,12 @@ static int configfs_readdir(struct file * filp, void * dirent, filldir_t filldir
+@@ -1574,7 +1576,12 @@ static int configfs_readdir(struct file * filp, void * dirent, filldir_t filldir
continue;
name = configfs_get_name(next);
/*
* We'll have a dentry and an inode for
diff --git a/fs/coredump.c b/fs/coredump.c
-index ce47379..68c8e43 100644
+index 1774932..5812106 100644
--- a/fs/coredump.c
+++ b/fs/coredump.c
@@ -52,7 +52,7 @@ struct core_name {
pipe_unlock(pipe);
}
-@@ -471,7 +471,8 @@ void do_coredump(siginfo_t *siginfo, struct pt_regs *regs)
+@@ -471,7 +471,8 @@ void do_coredump(siginfo_t *siginfo)
int ispipe;
struct files_struct *displaced;
bool need_nonrelative = false;
+ long signr = siginfo->si_signo;
struct coredump_params cprm = {
.siginfo = siginfo,
- .regs = regs,
-@@ -484,7 +485,10 @@ void do_coredump(siginfo_t *siginfo, struct pt_regs *regs)
+ .regs = signal_pt_regs(),
+@@ -484,7 +485,10 @@ void do_coredump(siginfo_t *siginfo)
.mm_flags = mm->flags,
};
binfmt = mm->binfmt;
if (!binfmt || !binfmt->core_dump)
-@@ -508,7 +512,7 @@ void do_coredump(siginfo_t *siginfo, struct pt_regs *regs)
+@@ -508,7 +512,7 @@ void do_coredump(siginfo_t *siginfo)
need_nonrelative = true;
}
if (retval < 0)
goto fail_creds;
-@@ -556,7 +560,7 @@ void do_coredump(siginfo_t *siginfo, struct pt_regs *regs)
+@@ -556,7 +560,7 @@ void do_coredump(siginfo_t *siginfo)
}
cprm.limit = RLIM_INFINITY;
if (core_pipe_limit && (core_pipe_limit < dump_count)) {
printk(KERN_WARNING "Pid %d(%s) over core_pipe_limit\n",
task_tgid_vnr(current), current->comm);
-@@ -583,6 +587,8 @@ void do_coredump(siginfo_t *siginfo, struct pt_regs *regs)
+@@ -583,6 +587,8 @@ void do_coredump(siginfo_t *siginfo)
} else {
struct inode *inode;
EXPORT_SYMBOL(dump_write);
diff --git a/fs/dcache.c b/fs/dcache.c
-index 0d0adb6..f4646e9 100644
+index 19153a0..428c2f5 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
-@@ -3164,7 +3164,7 @@ void __init vfs_caches_init(unsigned long mempages)
+@@ -3133,7 +3133,7 @@ void __init vfs_caches_init(unsigned long mempages)
mempages -= reserve;
names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0,
dcache_init();
inode_init();
diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c
-index b607d92..41fda09 100644
+index a5f12b7..4ee8a6f 100644
--- a/fs/debugfs/inode.c
+++ b/fs/debugfs/inode.c
-@@ -416,7 +416,11 @@ EXPORT_SYMBOL_GPL(debugfs_create_file);
+@@ -415,7 +415,11 @@ EXPORT_SYMBOL_GPL(debugfs_create_file);
*/
struct dentry *debugfs_create_dir(const char *name, struct dentry *parent)
{
return rc;
}
diff --git a/fs/exec.c b/fs/exec.c
-index c6e6de4..45e71ad 100644
+index 20df02c..81c9e78 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -55,6 +55,17 @@
int suid_dumpable = 0;
static LIST_HEAD(formats);
+@@ -75,8 +98,8 @@ void __register_binfmt(struct linux_binfmt * fmt, int insert)
+ {
+ BUG_ON(!fmt);
+ write_lock(&binfmt_lock);
+- insert ? list_add(&fmt->lh, &formats) :
+- list_add_tail(&fmt->lh, &formats);
++ insert ? pax_list_add((struct list_head *)&fmt->lh, &formats) :
++ pax_list_add_tail((struct list_head *)&fmt->lh, &formats);
+ write_unlock(&binfmt_lock);
+ }
+
+@@ -85,7 +108,7 @@ EXPORT_SYMBOL(__register_binfmt);
+ void unregister_binfmt(struct linux_binfmt * fmt)
+ {
+ write_lock(&binfmt_lock);
+- list_del(&fmt->lh);
++ pax_list_del((struct list_head *)&fmt->lh);
+ write_unlock(&binfmt_lock);
+ }
+
@@ -180,18 +203,10 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
int write)
{
+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
+ // only allow 512KB for argv+env on suid/sgid binaries
+ // to prevent easy ASLR exhaustion
-+ if (((bprm->cred->euid != current_euid()) ||
-+ (bprm->cred->egid != current_egid())) &&
++ if (((!uid_eq(bprm->cred->euid, current_euid())) ||
++ (!gid_eq(bprm->cred->egid, current_egid()))) &&
+ (size > (512 * 1024))) {
+ put_page(page);
+ return NULL;
return native;
}
-@@ -431,11 +456,12 @@ static int count(struct user_arg_ptr argv, int max)
+@@ -431,7 +456,7 @@ static int count(struct user_arg_ptr argv, int max)
if (!p)
break;
+ if (IS_ERR((const char __force_kernel *)p))
return -EFAULT;
-- if (i++ >= max)
-+ if (i >= max)
- return -E2BIG;
-+ ++i;
-
- if (fatal_signal_pending(current))
- return -ERESTARTNOHAND;
-@@ -465,7 +491,7 @@ static int copy_strings(int argc, struct user_arg_ptr argv,
+ if (i >= max)
+@@ -466,7 +491,7 @@ static int copy_strings(int argc, struct user_arg_ptr argv,
ret = -EFAULT;
str = get_user_arg_ptr(argv, argc);
goto out;
len = strnlen_user(str, MAX_ARG_STRLEN);
-@@ -547,7 +573,7 @@ int copy_strings_kernel(int argc, const char *const *__argv,
+@@ -548,7 +573,7 @@ int copy_strings_kernel(int argc, const char *const *__argv,
int r;
mm_segment_t oldfs = get_fs();
struct user_arg_ptr argv = {
};
set_fs(KERNEL_DS);
-@@ -582,7 +608,8 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift)
+@@ -583,7 +608,8 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift)
unsigned long new_end = old_end - shift;
struct mmu_gather tlb;
/*
* ensure there are no vmas between where we want to go
-@@ -591,6 +618,10 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift)
+@@ -592,6 +618,10 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift)
if (vma != find_vma(mm, new_start))
return -EFAULT;
/*
* cover the whole range: [new_start, old_end)
*/
-@@ -671,10 +702,6 @@ int setup_arg_pages(struct linux_binprm *bprm,
+@@ -672,10 +702,6 @@ int setup_arg_pages(struct linux_binprm *bprm,
stack_top = arch_align_stack(stack_top);
stack_top = PAGE_ALIGN(stack_top);
stack_shift = vma->vm_end - stack_top;
bprm->p -= stack_shift;
-@@ -686,8 +713,28 @@ int setup_arg_pages(struct linux_binprm *bprm,
+@@ -687,8 +713,28 @@ int setup_arg_pages(struct linux_binprm *bprm,
bprm->exec -= stack_shift;
down_write(&mm->mmap_sem);
/*
* Adjust stack execute permissions; explicitly enable for
* EXSTACK_ENABLE_X, disable for EXSTACK_DISABLE_X and leave alone
-@@ -706,13 +753,6 @@ int setup_arg_pages(struct linux_binprm *bprm,
+@@ -707,13 +753,6 @@ int setup_arg_pages(struct linux_binprm *bprm,
goto out_unlock;
BUG_ON(prev != vma);
/* mprotect_fixup is overkill to remove the temporary stack flags */
vma->vm_flags &= ~VM_STACK_INCOMPLETE_SETUP;
-@@ -736,6 +776,27 @@ int setup_arg_pages(struct linux_binprm *bprm,
+@@ -737,6 +776,30 @@ int setup_arg_pages(struct linux_binprm *bprm,
#endif
current->mm->start_stack = bprm->p;
ret = expand_stack(vma, stack_base);
+
+#ifdef CONFIG_X86
+ if (!ret) {
++ current->mm->aslr_gap += size >> PAGE_SHIFT;
+ size = mmap_min_addr + ((mm->delta_mmap ^ mm->delta_stack) & (0xFFUL << PAGE_SHIFT));
+ ret = 0 != mmap_region(NULL, 0, size, flags, vm_flags, 0);
++ if (!ret)
++ current->mm->aslr_gap += size >> PAGE_SHIFT;
+ }
+#endif
+
if (ret)
ret = -EFAULT;
-@@ -771,6 +832,8 @@ struct file *open_exec(const char *name)
+@@ -772,6 +835,8 @@ struct file *open_exec(const char *name)
fsnotify_open(file);
err = deny_write_access(file);
if (err)
goto exit;
-@@ -794,7 +857,7 @@ int kernel_read(struct file *file, loff_t offset,
+@@ -795,7 +860,7 @@ int kernel_read(struct file *file, loff_t offset,
old_fs = get_fs();
set_fs(get_ds());
/* The cast to a user pointer is valid due to the set_fs() */
set_fs(old_fs);
return result;
}
-@@ -1246,7 +1309,7 @@ static int check_unsafe_exec(struct linux_binprm *bprm)
+@@ -1247,7 +1312,7 @@ static int check_unsafe_exec(struct linux_binprm *bprm)
}
rcu_read_unlock();
bprm->unsafe |= LSM_UNSAFE_SHARE;
} else {
res = -EAGAIN;
-@@ -1449,6 +1512,28 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs)
+@@ -1447,6 +1512,28 @@ int search_binary_handler(struct linux_binprm *bprm)
EXPORT_SYMBOL(search_binary_handler);
/*
* sys_execve() executes a new program.
*/
-@@ -1457,6 +1542,11 @@ static int do_execve_common(const char *filename,
- struct user_arg_ptr envp,
- struct pt_regs *regs)
+@@ -1454,6 +1541,11 @@ static int do_execve_common(const char *filename,
+ struct user_arg_ptr argv,
+ struct user_arg_ptr envp)
{
+#ifdef CONFIG_GRKERNSEC
+ struct file *old_exec_file;
struct linux_binprm *bprm;
struct file *file;
struct files_struct *displaced;
-@@ -1464,6 +1554,8 @@ static int do_execve_common(const char *filename,
+@@ -1461,6 +1553,8 @@ static int do_execve_common(const char *filename,
int retval;
const struct cred *cred = current_cred();
/*
* We move the actual failure in case of RLIMIT_NPROC excess from
* set*uid() to execve() because too many poorly written programs
-@@ -1504,12 +1596,27 @@ static int do_execve_common(const char *filename,
+@@ -1501,12 +1595,27 @@ static int do_execve_common(const char *filename,
if (IS_ERR(file))
goto out_unmark;
retval = bprm_mm_init(bprm);
if (retval)
goto out_file;
-@@ -1526,24 +1633,65 @@ static int do_execve_common(const char *filename,
+@@ -1523,24 +1632,65 @@ static int do_execve_common(const char *filename,
if (retval < 0)
goto out;
+#endif
+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
+ /* limit suid stack to 8MB
-+ we saved the old limits above and will restore them if this exec fails
-+ */
-+ if (((bprm->cred->euid != current_euid()) || (bprm->cred->egid != current_egid())) &&
++ * we saved the old limits above and will restore them if this exec fails
++ */
++ if (((!uid_eq(bprm->cred->euid, current_euid())) || (!gid_eq(bprm->cred->egid, current_egid()))) &&
+ (old_rlim[RLIMIT_STACK].rlim_cur > (8 * 1024 * 1024)))
+ current->signal->rlim[RLIMIT_STACK].rlim_cur = 8 * 1024 * 1024;
+#endif
+
+ gr_handle_exec_args(bprm, argv);
- retval = search_binary_handler(bprm,regs);
+ retval = search_binary_handler(bprm);
if (retval < 0)
- goto out;
+ goto out_fail;
current->fs->in_exec = 0;
current->in_execve = 0;
acct_update_integrals(current);
-@@ -1552,6 +1700,14 @@ static int do_execve_common(const char *filename,
+@@ -1549,6 +1699,14 @@ static int do_execve_common(const char *filename,
put_files_struct(displaced);
return retval;
out:
if (bprm->mm) {
acct_arg_size(bprm, 0);
-@@ -1727,3 +1883,253 @@ int kernel_execve(const char *filename,
- ret_from_kernel_execve(p);
+@@ -1697,3 +1855,253 @@ asmlinkage long compat_sys_execve(const char __user * filename,
+ return error;
}
#endif
+
+ if (*flags & MF_PAX_SEGMEXEC)
+ {
+ *flags &= ~MF_PAX_SEGMEXEC;
-+ retval = -EINVAL;
++ retval = -EINVAL;
+ }
+#endif
+
+ )
+ {
+ *flags &= ~MF_PAX_MPROTECT;
-+ retval = -EINVAL;
++ retval = -EINVAL;
+ }
+
+ if ((*flags & MF_PAX_EMUTRAMP)
+ info.si_code = SI_KERNEL;
+ info.si_pid = 0;
+ info.si_uid = 0;
-+ do_coredump(&info, regs);
++ do_coredump(&info);
+}
+#endif
+
}
return 1;
diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c
-index cf18217..8f6b9c3 100644
+index 92e68b3..115d987 100644
--- a/fs/ext4/balloc.c
+++ b/fs/ext4/balloc.c
-@@ -498,8 +498,8 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi,
+@@ -505,8 +505,8 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi,
/* Hm, nope. Are (enough) root reserved clusters available? */
if (uid_eq(sbi->s_resuid, current_fsuid()) ||
(!gid_eq(sbi->s_resgid, GLOBAL_ROOT_GID) && in_group_p(sbi->s_resgid)) ||
if (free_clusters >= (nclusters + dirty_clusters))
return 1;
diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
-index 3c20de1..6ff2460 100644
+index 8462eb3..4a71af6 100644
--- a/fs/ext4/ext4.h
+++ b/fs/ext4/ext4.h
-@@ -1247,19 +1247,19 @@ struct ext4_sb_info {
+@@ -1265,19 +1265,19 @@ struct ext4_sb_info {
unsigned long s_mb_last_start;
/* stats for buddy allocator */
/* locality groups */
diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c
-index 526e553..3f2de85 100644
+index 28bbf9b..75ca7c1 100644
--- a/fs/ext4/mballoc.c
+++ b/fs/ext4/mballoc.c
@@ -1747,7 +1747,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac,
}
free_percpu(sbi->s_locality_groups);
-@@ -3052,16 +3052,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac)
+@@ -3060,16 +3060,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac)
struct ext4_sb_info *sbi = EXT4_SB(ac->ac_sb);
if (sbi->s_mb_stats && ac->ac_g_ex.fe_len > 1) {
}
if (ac->ac_op == EXT4_MB_HISTORY_ALLOC)
-@@ -3461,7 +3461,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac)
+@@ -3469,7 +3469,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac)
trace_ext4_mb_new_inode_pa(ac, pa);
ext4_mb_use_inode_pa(ac, pa);
ei = EXT4_I(ac->ac_inode);
grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group);
-@@ -3521,7 +3521,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac)
+@@ -3529,7 +3529,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac)
trace_ext4_mb_new_group_pa(ac, pa);
ext4_mb_use_group_pa(ac, pa);
grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group);
lg = ac->ac_lg;
-@@ -3610,7 +3610,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh,
+@@ -3618,7 +3618,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh,
* from the bitmap and continue.
*/
}
return err;
}
-@@ -3628,7 +3628,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b,
+@@ -3636,7 +3636,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b,
ext4_get_group_no_and_offset(sb, pa->pa_pstart, &group, &bit);
BUG_ON(group != e4b->bd_group && pa->pa_len != 0);
mb_free_blocks(pa->pa_inode, e4b, bit, pa->pa_len);
return 0;
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
-index d59b351..775f8c8 100644
+index 5fa223d..12fa738 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
-@@ -3212,7 +3212,6 @@ int ext4_calculate_overhead(struct super_block *sb)
- ext4_fsblk_t overhead = 0;
- char *buf = (char *) get_zeroed_page(GFP_KERNEL);
-
-- memset(buf, 0, PAGE_SIZE);
- if (!buf)
- return -ENOMEM;
+@@ -2429,7 +2429,7 @@ struct ext4_attr {
+ ssize_t (*store)(struct ext4_attr *, struct ext4_sb_info *,
+ const char *, size_t);
+ int offset;
+-};
++} __do_const;
+ static int parse_strtoul(const char *buf,
+ unsigned long max, unsigned long *value)
diff --git a/fs/fcntl.c b/fs/fcntl.c
index 71a600a..20d87b1 100644
--- a/fs/fcntl.c
return 0;
}
diff --git a/fs/fhandle.c b/fs/fhandle.c
-index f775bfd..629bd4c 100644
+index 999ff5c..41f4109 100644
--- a/fs/fhandle.c
+++ b/fs/fhandle.c
@@ -67,8 +67,7 @@ static long do_sys_name_to_handle(struct path *path,
err_nocleanup:
diff --git a/fs/file.c b/fs/file.c
-index eff2316..8c8930c 100644
+index 2b3570b..c57924b 100644
--- a/fs/file.c
+++ b/fs/file.c
@@ -16,6 +16,7 @@
#include <linux/fdtable.h>
#include <linux/bitops.h>
#include <linux/interrupt.h>
-@@ -898,6 +899,7 @@ int replace_fd(unsigned fd, struct file *file, unsigned flags)
+@@ -892,6 +893,7 @@ int replace_fd(unsigned fd, struct file *file, unsigned flags)
if (!file)
return __close_fd(files, fd);
if (fd >= rlimit(RLIMIT_NOFILE))
return -EBADF;
-@@ -924,6 +926,7 @@ SYSCALL_DEFINE3(dup3, unsigned int, oldfd, unsigned int, newfd, int, flags)
+@@ -918,6 +920,7 @@ SYSCALL_DEFINE3(dup3, unsigned int, oldfd, unsigned int, newfd, int, flags)
if (unlikely(oldfd == newfd))
return -EINVAL;
if (newfd >= rlimit(RLIMIT_NOFILE))
return -EBADF;
-@@ -979,6 +982,7 @@ SYSCALL_DEFINE1(dup, unsigned int, fildes)
+@@ -973,6 +976,7 @@ SYSCALL_DEFINE1(dup, unsigned int, fildes)
int f_dupfd(unsigned int from, struct file *file, unsigned flags)
{
int err;
if (dot && fs && !(fs->fs_flags & FS_HAS_SUBTYPE)) {
diff --git a/fs/fs_struct.c b/fs/fs_struct.c
-index 5df4775..9d9336f 100644
+index fe6ca58..65318cf 100644
--- a/fs/fs_struct.c
+++ b/fs/fs_struct.c
@@ -4,6 +4,7 @@
.lock = __SPIN_LOCK_UNLOCKED(init_fs.lock),
.seq = SEQCNT_ZERO,
.umask = 0022,
-@@ -175,12 +197,13 @@ void daemonize_fs_struct(void)
- task_lock(current);
-
- spin_lock(&init_fs.lock);
-- init_fs.users++;
-+ atomic_inc(&init_fs.users);
- spin_unlock(&init_fs.lock);
-
- spin_lock(&fs->lock);
- current->fs = &init_fs;
-- kill = !--fs->users;
-+ gr_set_chroot_entries(current, ¤t->fs->root);
-+ kill = !atomic_dec_return(&fs->users);
- spin_unlock(&fs->lock);
-
- task_unlock(current);
diff --git a/fs/fscache/cookie.c b/fs/fscache/cookie.c
-index 9905350..02eaec4 100644
+index 8dcb114..b1072e2 100644
--- a/fs/fscache/cookie.c
+++ b/fs/fscache/cookie.c
@@ -68,11 +68,11 @@ struct fscache_cookie *__fscache_acquire_cookie(
object->debug_id = atomic_inc_return(&fscache_object_debug_id);
-@@ -377,10 +377,10 @@ void __fscache_update_cookie(struct fscache_cookie *cookie)
+@@ -378,7 +378,7 @@ void __fscache_invalidate(struct fscache_cookie *cookie)
+
+ _enter("{%s}", cookie->def->name);
+
+- fscache_stat(&fscache_n_invalidates);
++ fscache_stat_unchecked(&fscache_n_invalidates);
+
+ /* Only permit invalidation of data files. Invalidating an index will
+ * require the caller to release all its attachments to the tree rooted
+@@ -437,10 +437,10 @@ void __fscache_update_cookie(struct fscache_cookie *cookie)
struct fscache_object *object;
struct hlist_node *_p;
_leave(" [no cookie]");
return;
}
-@@ -414,12 +414,12 @@ void __fscache_relinquish_cookie(struct fscache_cookie *cookie, int retire)
+@@ -474,12 +474,12 @@ void __fscache_relinquish_cookie(struct fscache_cookie *cookie, int retire)
struct fscache_object *object;
unsigned long event;
_leave(" [no cookie]");
return;
}
-@@ -435,7 +435,7 @@ void __fscache_relinquish_cookie(struct fscache_cookie *cookie, int retire)
+@@ -495,7 +495,7 @@ void __fscache_relinquish_cookie(struct fscache_cookie *cookie, int retire)
/* wait for the cookie to finish being instantiated (or to fail) */
if (test_bit(FSCACHE_COOKIE_CREATING, &cookie->flags)) {
fscache_wait_bit, TASK_UNINTERRUPTIBLE);
}
diff --git a/fs/fscache/internal.h b/fs/fscache/internal.h
-index f6aad48..88dcf26 100644
+index ee38fef..0a326d4 100644
--- a/fs/fscache/internal.h
+++ b/fs/fscache/internal.h
-@@ -144,94 +144,94 @@ extern void fscache_proc_cleanup(void);
- extern atomic_t fscache_n_ops_processed[FSCACHE_MAX_THREADS];
- extern atomic_t fscache_n_objs_processed[FSCACHE_MAX_THREADS];
+@@ -148,101 +148,101 @@ extern void fscache_proc_cleanup(void);
+ * stats.c
+ */
+ #ifdef CONFIG_FSCACHE_STATS
+-extern atomic_t fscache_n_ops_processed[FSCACHE_MAX_THREADS];
+-extern atomic_t fscache_n_objs_processed[FSCACHE_MAX_THREADS];
++extern atomic_unchecked_t fscache_n_ops_processed[FSCACHE_MAX_THREADS];
++extern atomic_unchecked_t fscache_n_objs_processed[FSCACHE_MAX_THREADS];
-extern atomic_t fscache_n_op_pend;
-extern atomic_t fscache_n_op_run;
-extern atomic_t fscache_n_store_vmscan_gone;
-extern atomic_t fscache_n_store_vmscan_busy;
-extern atomic_t fscache_n_store_vmscan_cancelled;
+-extern atomic_t fscache_n_store_vmscan_wait;
+extern atomic_unchecked_t fscache_n_store_vmscan_not_storing;
+extern atomic_unchecked_t fscache_n_store_vmscan_gone;
+extern atomic_unchecked_t fscache_n_store_vmscan_busy;
+extern atomic_unchecked_t fscache_n_store_vmscan_cancelled;
++extern atomic_unchecked_t fscache_n_store_vmscan_wait;
-extern atomic_t fscache_n_marks;
-extern atomic_t fscache_n_uncaches;
+extern atomic_unchecked_t fscache_n_acquires_nobufs;
+extern atomic_unchecked_t fscache_n_acquires_oom;
+-extern atomic_t fscache_n_invalidates;
+-extern atomic_t fscache_n_invalidates_run;
++extern atomic_unchecked_t fscache_n_invalidates;
++extern atomic_unchecked_t fscache_n_invalidates_run;
+
-extern atomic_t fscache_n_updates;
-extern atomic_t fscache_n_updates_null;
-extern atomic_t fscache_n_updates_run;
extern atomic_t fscache_n_cop_alloc_object;
extern atomic_t fscache_n_cop_lookup_object;
-@@ -255,6 +255,11 @@ static inline void fscache_stat(atomic_t *stat)
+@@ -267,6 +267,11 @@ static inline void fscache_stat(atomic_t *stat)
atomic_inc(stat);
}
static inline void fscache_stat_d(atomic_t *stat)
{
atomic_dec(stat);
-@@ -267,6 +272,7 @@ extern const struct file_operations fscache_stats_fops;
+@@ -279,6 +284,7 @@ extern const struct file_operations fscache_stats_fops;
#define __fscache_stat(stat) (NULL)
#define fscache_stat(stat) do {} while (0)
#endif
diff --git a/fs/fscache/object.c b/fs/fscache/object.c
-index b6b897c..0ffff9c 100644
+index 50d41c1..10ee117 100644
--- a/fs/fscache/object.c
+++ b/fs/fscache/object.c
-@@ -128,7 +128,7 @@ static void fscache_object_state_machine(struct fscache_object *object)
+@@ -143,7 +143,7 @@ static void fscache_object_state_machine(struct fscache_object *object)
+ /* Invalidate an object on disk */
+ case FSCACHE_OBJECT_INVALIDATING:
+ clear_bit(FSCACHE_OBJECT_EV_INVALIDATE, &object->events);
+- fscache_stat(&fscache_n_invalidates_run);
++ fscache_stat_unchecked(&fscache_n_invalidates_run);
+ fscache_stat(&fscache_n_cop_invalidate_object);
+ fscache_invalidate_object(object);
+ fscache_stat_d(&fscache_n_cop_invalidate_object);
+@@ -153,7 +153,7 @@ static void fscache_object_state_machine(struct fscache_object *object)
/* update the object metadata on disk */
case FSCACHE_OBJECT_UPDATING:
clear_bit(FSCACHE_OBJECT_EV_UPDATE, &object->events);
fscache_stat(&fscache_n_cop_update_object);
object->cache->ops->update_object(object);
fscache_stat_d(&fscache_n_cop_update_object);
-@@ -217,7 +217,7 @@ static void fscache_object_state_machine(struct fscache_object *object)
+@@ -242,7 +242,7 @@ static void fscache_object_state_machine(struct fscache_object *object)
spin_lock(&object->lock);
object->state = FSCACHE_OBJECT_DEAD;
spin_unlock(&object->lock);
goto terminal_transit;
/* handle the parent cache of this object being withdrawn from
-@@ -232,7 +232,7 @@ static void fscache_object_state_machine(struct fscache_object *object)
+@@ -257,7 +257,7 @@ static void fscache_object_state_machine(struct fscache_object *object)
spin_lock(&object->lock);
object->state = FSCACHE_OBJECT_DEAD;
spin_unlock(&object->lock);
goto terminal_transit;
/* complain about the object being woken up once it is
-@@ -461,7 +461,7 @@ static void fscache_lookup_object(struct fscache_object *object)
+@@ -495,7 +495,7 @@ static void fscache_lookup_object(struct fscache_object *object)
parent->cookie->def->name, cookie->def->name,
object->cache->tag->name);
fscache_stat(&fscache_n_cop_lookup_object);
ret = object->cache->ops->lookup_object(object);
fscache_stat_d(&fscache_n_cop_lookup_object);
-@@ -472,7 +472,7 @@ static void fscache_lookup_object(struct fscache_object *object)
+@@ -506,7 +506,7 @@ static void fscache_lookup_object(struct fscache_object *object)
if (ret == -ETIMEDOUT) {
/* probably stuck behind another object, so move this one to
* the back of the queue */
set_bit(FSCACHE_OBJECT_EV_REQUEUE, &object->events);
}
-@@ -495,7 +495,7 @@ void fscache_object_lookup_negative(struct fscache_object *object)
+@@ -529,7 +529,7 @@ void fscache_object_lookup_negative(struct fscache_object *object)
spin_lock(&object->lock);
if (object->state == FSCACHE_OBJECT_LOOKING_UP) {
/* transit here to allow write requests to begin stacking up
* and read requests to begin returning ENODATA */
-@@ -541,7 +541,7 @@ void fscache_obtained_object(struct fscache_object *object)
+@@ -575,7 +575,7 @@ void fscache_obtained_object(struct fscache_object *object)
* result, in which case there may be data available */
spin_lock(&object->lock);
if (object->state == FSCACHE_OBJECT_LOOKING_UP) {
clear_bit(FSCACHE_COOKIE_NO_DATA_YET, &cookie->flags);
-@@ -555,7 +555,7 @@ void fscache_obtained_object(struct fscache_object *object)
+@@ -589,7 +589,7 @@ void fscache_obtained_object(struct fscache_object *object)
set_bit(FSCACHE_OBJECT_EV_REQUEUE, &object->events);
} else {
ASSERTCMP(object->state, ==, FSCACHE_OBJECT_CREATING);
object->state = FSCACHE_OBJECT_AVAILABLE;
spin_unlock(&object->lock);
-@@ -602,7 +602,7 @@ static void fscache_object_available(struct fscache_object *object)
+@@ -634,7 +634,7 @@ static void fscache_object_available(struct fscache_object *object)
fscache_enqueue_dependents(object);
fscache_hist(fscache_obj_instantiate_histogram, object->lookup_jif);
_leave("");
}
-@@ -861,7 +861,7 @@ enum fscache_checkaux fscache_check_aux(struct fscache_object *object,
+@@ -894,7 +894,7 @@ enum fscache_checkaux fscache_check_aux(struct fscache_object *object,
enum fscache_checkaux result;
if (!object->cookie->def->check_aux) {
return FSCACHE_CHECKAUX_OKAY;
}
-@@ -870,17 +870,17 @@ enum fscache_checkaux fscache_check_aux(struct fscache_object *object,
+@@ -903,17 +903,17 @@ enum fscache_checkaux fscache_check_aux(struct fscache_object *object,
switch (result) {
/* entry okay as is */
case FSCACHE_CHECKAUX_OKAY:
default:
diff --git a/fs/fscache/operation.c b/fs/fscache/operation.c
-index 30afdfa..2256596 100644
+index 762a9ec..2023284 100644
--- a/fs/fscache/operation.c
+++ b/fs/fscache/operation.c
@@ -17,7 +17,7 @@
EXPORT_SYMBOL(fscache_op_debug_id);
/**
-@@ -38,7 +38,7 @@ void fscache_enqueue_operation(struct fscache_operation *op)
- ASSERTCMP(op->object->state, >=, FSCACHE_OBJECT_AVAILABLE);
+@@ -39,7 +39,7 @@ void fscache_enqueue_operation(struct fscache_operation *op)
ASSERTCMP(atomic_read(&op->usage), >, 0);
+ ASSERTCMP(op->state, ==, FSCACHE_OP_ST_IN_PROGRESS);
- fscache_stat(&fscache_n_op_enqueue);
+ fscache_stat_unchecked(&fscache_n_op_enqueue);
switch (op->flags & FSCACHE_OP_TYPE) {
case FSCACHE_OP_ASYNC:
_debug("queue async");
-@@ -69,7 +69,7 @@ static void fscache_run_op(struct fscache_object *object,
+@@ -73,7 +73,7 @@ static void fscache_run_op(struct fscache_object *object,
wake_up_bit(&op->flags, FSCACHE_OP_WAITING);
if (op->processor)
fscache_enqueue_operation(op);
}
/*
-@@ -98,11 +98,11 @@ int fscache_submit_exclusive_op(struct fscache_object *object,
- if (object->n_ops > 1) {
+@@ -105,11 +105,11 @@ int fscache_submit_exclusive_op(struct fscache_object *object,
+ if (object->n_in_progress > 0) {
atomic_inc(&op->usage);
list_add_tail(&op->pend_link, &object->pending_ops);
- fscache_stat(&fscache_n_op_pend);
fscache_start_operations(object);
} else {
ASSERTCMP(object->n_in_progress, ==, 0);
-@@ -118,7 +118,7 @@ int fscache_submit_exclusive_op(struct fscache_object *object,
+@@ -125,7 +125,7 @@ int fscache_submit_exclusive_op(struct fscache_object *object,
object->n_exclusive++; /* reads and writes must wait */
atomic_inc(&op->usage);
list_add_tail(&op->pend_link, &object->pending_ops);
+ fscache_stat_unchecked(&fscache_n_op_pend);
ret = 0;
} else {
- /* not allowed to submit ops in any other state */
-@@ -203,11 +203,11 @@ int fscache_submit_op(struct fscache_object *object,
+ /* If we're in any other state, there must have been an I/O
+@@ -215,11 +215,11 @@ int fscache_submit_op(struct fscache_object *object,
if (object->n_exclusive > 0) {
atomic_inc(&op->usage);
list_add_tail(&op->pend_link, &object->pending_ops);
fscache_start_operations(object);
} else {
ASSERTCMP(object->n_exclusive, ==, 0);
-@@ -219,12 +219,12 @@ int fscache_submit_op(struct fscache_object *object,
+@@ -231,12 +231,12 @@ int fscache_submit_op(struct fscache_object *object,
object->n_ops++;
atomic_inc(&op->usage);
list_add_tail(&op->pend_link, &object->pending_ops);
object->state == FSCACHE_OBJECT_WITHDRAWING) {
- fscache_stat(&fscache_n_op_rejected);
+ fscache_stat_unchecked(&fscache_n_op_rejected);
+ op->state = FSCACHE_OP_ST_CANCELLED;
ret = -ENOBUFS;
} else if (!test_bit(FSCACHE_IOERROR, &object->cache->flags)) {
- fscache_report_unexpected_submission(object, op, ostate);
-@@ -294,7 +294,7 @@ int fscache_cancel_op(struct fscache_operation *op)
-
+@@ -315,7 +315,7 @@ int fscache_cancel_op(struct fscache_operation *op,
ret = -EBUSY;
- if (!list_empty(&op->pend_link)) {
+ if (op->state == FSCACHE_OP_ST_PENDING) {
+ ASSERT(!list_empty(&op->pend_link));
+- fscache_stat(&fscache_n_op_cancelled);
++ fscache_stat_unchecked(&fscache_n_op_cancelled);
+ list_del_init(&op->pend_link);
+ if (do_cancel)
+ do_cancel(op);
+@@ -347,7 +347,7 @@ void fscache_cancel_all_ops(struct fscache_object *object)
+ while (!list_empty(&object->pending_ops)) {
+ op = list_entry(object->pending_ops.next,
+ struct fscache_operation, pend_link);
- fscache_stat(&fscache_n_op_cancelled);
+ fscache_stat_unchecked(&fscache_n_op_cancelled);
list_del_init(&op->pend_link);
- object->n_ops--;
- if (test_bit(FSCACHE_OP_EXCLUSIVE, &op->flags))
-@@ -331,7 +331,7 @@ void fscache_put_operation(struct fscache_operation *op)
- if (test_and_set_bit(FSCACHE_OP_DEAD, &op->flags))
- BUG();
+
+ ASSERTCMP(op->state, ==, FSCACHE_OP_ST_PENDING);
+@@ -419,7 +419,7 @@ void fscache_put_operation(struct fscache_operation *op)
+ op->state, ==, FSCACHE_OP_ST_CANCELLED);
+ op->state = FSCACHE_OP_ST_DEAD;
- fscache_stat(&fscache_n_op_release);
+ fscache_stat_unchecked(&fscache_n_op_release);
if (op->release) {
op->release(op);
-@@ -348,7 +348,7 @@ void fscache_put_operation(struct fscache_operation *op)
+@@ -442,7 +442,7 @@ void fscache_put_operation(struct fscache_operation *op)
* lock, and defer it otherwise */
if (!spin_trylock(&object->lock)) {
_debug("defer put");
cache = object->cache;
spin_lock(&cache->op_gc_list_lock);
-@@ -410,7 +410,7 @@ void fscache_operation_gc(struct work_struct *work)
+@@ -495,7 +495,7 @@ void fscache_operation_gc(struct work_struct *work)
_debug("GC DEFERRED REL OBJ%x OP%x",
object->debug_id, op->debug_id);
+ fscache_stat_unchecked(&fscache_n_op_gc);
ASSERTCMP(atomic_read(&op->usage), ==, 0);
-
+ ASSERTCMP(op->state, ==, FSCACHE_OP_ST_DEAD);
diff --git a/fs/fscache/page.c b/fs/fscache/page.c
-index 3f7a59b..cf196cc 100644
+index ff000e5..c44ec6d 100644
--- a/fs/fscache/page.c
+++ b/fs/fscache/page.c
-@@ -60,7 +60,7 @@ bool __fscache_maybe_release_page(struct fscache_cookie *cookie,
+@@ -61,7 +61,7 @@ try_again:
val = radix_tree_lookup(&cookie->stores, page->index);
if (!val) {
rcu_read_unlock();
__fscache_uncache_page(cookie, page);
return true;
}
-@@ -90,11 +90,11 @@ bool __fscache_maybe_release_page(struct fscache_cookie *cookie,
+@@ -91,11 +91,11 @@ try_again:
spin_unlock(&cookie->stores_lock);
if (xpage) {
}
wake_up_bit(&cookie->flags, 0);
-@@ -107,7 +107,7 @@ page_busy:
- /* we might want to wait here, but that could deadlock the allocator as
- * the work threads writing to the cache may all end up sleeping
- * on memory allocation */
-- fscache_stat(&fscache_n_store_vmscan_busy);
-+ fscache_stat_unchecked(&fscache_n_store_vmscan_busy);
- return false;
- }
- EXPORT_SYMBOL(__fscache_maybe_release_page);
-@@ -131,7 +131,7 @@ static void fscache_end_page_write(struct fscache_object *object,
+@@ -110,11 +110,11 @@ page_busy:
+ * sleeping on memory allocation, so we may need to impose a timeout
+ * too. */
+ if (!(gfp & __GFP_WAIT)) {
+- fscache_stat(&fscache_n_store_vmscan_busy);
++ fscache_stat_unchecked(&fscache_n_store_vmscan_busy);
+ return false;
+ }
+
+- fscache_stat(&fscache_n_store_vmscan_wait);
++ fscache_stat_unchecked(&fscache_n_store_vmscan_wait);
+ __fscache_wait_on_page_write(cookie, page);
+ gfp &= ~__GFP_WAIT;
+ goto try_again;
+@@ -140,7 +140,7 @@ static void fscache_end_page_write(struct fscache_object *object,
FSCACHE_COOKIE_STORING_TAG);
if (!radix_tree_tag_get(&cookie->stores, page->index,
FSCACHE_COOKIE_PENDING_TAG)) {
xpage = radix_tree_delete(&cookie->stores, page->index);
}
spin_unlock(&cookie->stores_lock);
-@@ -152,7 +152,7 @@ static void fscache_attr_changed_op(struct fscache_operation *op)
+@@ -161,7 +161,7 @@ static void fscache_attr_changed_op(struct fscache_operation *op)
_enter("{OBJ%x OP%x}", object->debug_id, op->debug_id);
if (fscache_object_is_active(object)) {
fscache_stat(&fscache_n_cop_attr_changed);
-@@ -177,11 +177,11 @@ int __fscache_attr_changed(struct fscache_cookie *cookie)
+@@ -187,11 +187,11 @@ int __fscache_attr_changed(struct fscache_cookie *cookie)
ASSERTCMP(cookie->def->type, !=, FSCACHE_COOKIE_TYPE_INDEX);
_leave(" = -ENOMEM");
return -ENOMEM;
}
-@@ -199,7 +199,7 @@ int __fscache_attr_changed(struct fscache_cookie *cookie)
+@@ -209,7 +209,7 @@ int __fscache_attr_changed(struct fscache_cookie *cookie)
if (fscache_submit_exclusive_op(object, op) < 0)
goto nobufs;
spin_unlock(&cookie->lock);
fscache_put_operation(op);
_leave(" = 0");
return 0;
-@@ -207,7 +207,7 @@ int __fscache_attr_changed(struct fscache_cookie *cookie)
+@@ -217,7 +217,7 @@ int __fscache_attr_changed(struct fscache_cookie *cookie)
nobufs:
spin_unlock(&cookie->lock);
kfree(op);
_leave(" = %d", -ENOBUFS);
return -ENOBUFS;
}
-@@ -243,7 +243,7 @@ static struct fscache_retrieval *fscache_alloc_retrieval(
+@@ -255,7 +255,7 @@ static struct fscache_retrieval *fscache_alloc_retrieval(
/* allocate a retrieval operation and attempt to submit it */
op = kzalloc(sizeof(*op), GFP_NOIO);
if (!op) {
return NULL;
}
-@@ -271,13 +271,13 @@ static int fscache_wait_for_deferred_lookup(struct fscache_cookie *cookie)
+@@ -283,13 +283,13 @@ static int fscache_wait_for_deferred_lookup(struct fscache_cookie *cookie)
return 0;
}
_leave(" = -ERESTARTSYS");
return -ERESTARTSYS;
}
-@@ -295,8 +295,8 @@ static int fscache_wait_for_deferred_lookup(struct fscache_cookie *cookie)
+@@ -318,8 +318,8 @@ static void fscache_do_cancel_retrieval(struct fscache_operation *_op)
*/
static int fscache_wait_for_retrieval_activation(struct fscache_object *object,
struct fscache_retrieval *op,
{
int ret;
-@@ -304,7 +304,7 @@ static int fscache_wait_for_retrieval_activation(struct fscache_object *object,
+@@ -327,7 +327,7 @@ static int fscache_wait_for_retrieval_activation(struct fscache_object *object,
goto check_if_dead;
_debug(">>> WT");
+ fscache_stat_unchecked(stat_op_waits);
if (wait_on_bit(&op->op.flags, FSCACHE_OP_WAITING,
fscache_wait_bit_interruptible,
- TASK_INTERRUPTIBLE) < 0) {
-@@ -321,7 +321,7 @@ static int fscache_wait_for_retrieval_activation(struct fscache_object *object,
+ TASK_INTERRUPTIBLE) != 0) {
+@@ -344,14 +344,14 @@ static int fscache_wait_for_retrieval_activation(struct fscache_object *object,
check_if_dead:
+ if (op->op.state == FSCACHE_OP_ST_CANCELLED) {
+- fscache_stat(stat_object_dead);
++ fscache_stat_unchecked(stat_object_dead);
+ _leave(" = -ENOBUFS [cancelled]");
+ return -ENOBUFS;
+ }
if (unlikely(fscache_object_is_dead(object))) {
+ pr_err("%s() = -ENOBUFS [obj dead %d]\n", __func__, op->op.state);
+ fscache_cancel_op(&op->op, fscache_do_cancel_retrieval);
- fscache_stat(stat_object_dead);
+ fscache_stat_unchecked(stat_object_dead);
return -ENOBUFS;
}
return 0;
-@@ -348,7 +348,7 @@ int __fscache_read_or_alloc_page(struct fscache_cookie *cookie,
+@@ -378,7 +378,7 @@ int __fscache_read_or_alloc_page(struct fscache_cookie *cookie,
_enter("%p,%p,,,", cookie, page);
if (hlist_empty(&cookie->backing_objects))
goto nobufs;
-@@ -381,7 +381,7 @@ int __fscache_read_or_alloc_page(struct fscache_cookie *cookie,
- goto nobufs_unlock;
+@@ -417,7 +417,7 @@ int __fscache_read_or_alloc_page(struct fscache_cookie *cookie,
+ goto nobufs_unlock_dec;
spin_unlock(&cookie->lock);
- fscache_stat(&fscache_n_retrieval_ops);
/* pin the netfs read context in case we need to do the actual netfs
* read because we've encountered a cache read failure */
-@@ -411,15 +411,15 @@ int __fscache_read_or_alloc_page(struct fscache_cookie *cookie,
+@@ -447,15 +447,15 @@ int __fscache_read_or_alloc_page(struct fscache_cookie *cookie,
error:
if (ret == -ENOMEM)
fscache_put_retrieval(op);
_leave(" = %d", ret);
-@@ -429,7 +429,7 @@ nobufs_unlock:
+@@ -467,7 +467,7 @@ nobufs_unlock:
spin_unlock(&cookie->lock);
kfree(op);
nobufs:
_leave(" = -ENOBUFS");
return -ENOBUFS;
}
-@@ -467,7 +467,7 @@ int __fscache_read_or_alloc_pages(struct fscache_cookie *cookie,
+@@ -505,7 +505,7 @@ int __fscache_read_or_alloc_pages(struct fscache_cookie *cookie,
_enter("%p,,%d,,,", cookie, *nr_pages);
if (hlist_empty(&cookie->backing_objects))
goto nobufs;
-@@ -497,7 +497,7 @@ int __fscache_read_or_alloc_pages(struct fscache_cookie *cookie,
- goto nobufs_unlock;
+@@ -541,7 +541,7 @@ int __fscache_read_or_alloc_pages(struct fscache_cookie *cookie,
+ goto nobufs_unlock_dec;
spin_unlock(&cookie->lock);
- fscache_stat(&fscache_n_retrieval_ops);
/* pin the netfs read context in case we need to do the actual netfs
* read because we've encountered a cache read failure */
-@@ -527,15 +527,15 @@ int __fscache_read_or_alloc_pages(struct fscache_cookie *cookie,
+@@ -571,15 +571,15 @@ int __fscache_read_or_alloc_pages(struct fscache_cookie *cookie,
error:
if (ret == -ENOMEM)
fscache_put_retrieval(op);
_leave(" = %d", ret);
-@@ -545,7 +545,7 @@ nobufs_unlock:
+@@ -591,7 +591,7 @@ nobufs_unlock:
spin_unlock(&cookie->lock);
kfree(op);
nobufs:
_leave(" = -ENOBUFS");
return -ENOBUFS;
}
-@@ -569,7 +569,7 @@ int __fscache_alloc_page(struct fscache_cookie *cookie,
+@@ -615,7 +615,7 @@ int __fscache_alloc_page(struct fscache_cookie *cookie,
_enter("%p,%p,,,", cookie, page);
if (hlist_empty(&cookie->backing_objects))
goto nobufs;
-@@ -595,7 +595,7 @@ int __fscache_alloc_page(struct fscache_cookie *cookie,
+@@ -647,7 +647,7 @@ int __fscache_alloc_page(struct fscache_cookie *cookie,
goto nobufs_unlock;
spin_unlock(&cookie->lock);
ret = fscache_wait_for_retrieval_activation(
object, op,
-@@ -611,11 +611,11 @@ int __fscache_alloc_page(struct fscache_cookie *cookie,
+@@ -663,11 +663,11 @@ int __fscache_alloc_page(struct fscache_cookie *cookie,
error:
if (ret == -ERESTARTSYS)
fscache_put_retrieval(op);
_leave(" = %d", ret);
-@@ -625,7 +625,7 @@ nobufs_unlock:
+@@ -677,7 +677,7 @@ nobufs_unlock:
spin_unlock(&cookie->lock);
kfree(op);
nobufs:
_leave(" = -ENOBUFS");
return -ENOBUFS;
}
-@@ -666,7 +666,7 @@ static void fscache_write_op(struct fscache_operation *_op)
+@@ -736,7 +736,7 @@ static void fscache_write_op(struct fscache_operation *_op)
spin_lock(&cookie->stores_lock);
/* find a page to store */
page = NULL;
-@@ -677,7 +677,7 @@ static void fscache_write_op(struct fscache_operation *_op)
+@@ -747,7 +747,7 @@ static void fscache_write_op(struct fscache_operation *_op)
page = results[0];
_debug("gang %d [%lx]", n, page->index);
if (page->index > op->store_limit) {
goto superseded;
}
-@@ -689,7 +689,7 @@ static void fscache_write_op(struct fscache_operation *_op)
+@@ -759,7 +759,7 @@ static void fscache_write_op(struct fscache_operation *_op)
spin_unlock(&cookie->stores_lock);
spin_unlock(&object->lock);
fscache_stat(&fscache_n_cop_write_page);
ret = object->cache->ops->write_page(op, page);
fscache_stat_d(&fscache_n_cop_write_page);
-@@ -757,7 +757,7 @@ int __fscache_write_page(struct fscache_cookie *cookie,
+@@ -860,7 +860,7 @@ int __fscache_write_page(struct fscache_cookie *cookie,
ASSERTCMP(cookie->def->type, !=, FSCACHE_COOKIE_TYPE_INDEX);
ASSERT(PageFsCache(page));
- fscache_stat(&fscache_n_stores);
+ fscache_stat_unchecked(&fscache_n_stores);
- op = kzalloc(sizeof(*op), GFP_NOIO);
- if (!op)
-@@ -808,7 +808,7 @@ int __fscache_write_page(struct fscache_cookie *cookie,
+ if (test_bit(FSCACHE_COOKIE_INVALIDATING, &cookie->flags)) {
+ _leave(" = -ENOBUFS [invalidating]");
+@@ -916,7 +916,7 @@ int __fscache_write_page(struct fscache_cookie *cookie,
spin_unlock(&cookie->stores_lock);
spin_unlock(&object->lock);
op->store_limit = object->store_limit;
if (fscache_submit_op(object, &op->op) < 0)
-@@ -816,8 +816,8 @@ int __fscache_write_page(struct fscache_cookie *cookie,
+@@ -924,8 +924,8 @@ int __fscache_write_page(struct fscache_cookie *cookie,
spin_unlock(&cookie->lock);
radix_tree_preload_end();
/* the work queue now carries its own ref on the object */
fscache_put_operation(&op->op);
-@@ -825,14 +825,14 @@ int __fscache_write_page(struct fscache_cookie *cookie,
+@@ -933,14 +933,14 @@ int __fscache_write_page(struct fscache_cookie *cookie,
return 0;
already_queued:
_leave(" = 0");
return 0;
-@@ -851,14 +851,14 @@ nobufs:
+@@ -959,14 +959,14 @@ nobufs:
spin_unlock(&cookie->lock);
radix_tree_preload_end();
kfree(op);
_leave(" = -ENOMEM");
return -ENOMEM;
}
-@@ -876,7 +876,7 @@ void __fscache_uncache_page(struct fscache_cookie *cookie, struct page *page)
+@@ -984,7 +984,7 @@ void __fscache_uncache_page(struct fscache_cookie *cookie, struct page *page)
ASSERTCMP(cookie->def->type, !=, FSCACHE_COOKIE_TYPE_INDEX);
ASSERTCMP(page, !=, NULL);
/* cache withdrawal may beat us to it */
if (!PageFsCache(page))
-@@ -929,7 +929,7 @@ void fscache_mark_pages_cached(struct fscache_retrieval *op,
- unsigned long loop;
+@@ -1035,7 +1035,7 @@ void fscache_mark_page_cached(struct fscache_retrieval *op, struct page *page)
+ struct fscache_cookie *cookie = op->op.object->cookie;
#ifdef CONFIG_FSCACHE_STATS
-- atomic_add(pagevec->nr, &fscache_n_marks);
-+ atomic_add_unchecked(pagevec->nr, &fscache_n_marks);
+- atomic_inc(&fscache_n_marks);
++ atomic_inc_unchecked(&fscache_n_marks);
#endif
- for (loop = 0; loop < pagevec->nr; loop++) {
+ _debug("- mark %p{%lx}", page, page->index);
diff --git a/fs/fscache/stats.c b/fs/fscache/stats.c
-index 4765190..2a067f2 100644
+index 8179e8b..5072cc7 100644
--- a/fs/fscache/stats.c
+++ b/fs/fscache/stats.c
-@@ -18,95 +18,95 @@
+@@ -18,99 +18,99 @@
/*
* operation counters
*/
-atomic_t fscache_n_store_vmscan_gone;
-atomic_t fscache_n_store_vmscan_busy;
-atomic_t fscache_n_store_vmscan_cancelled;
+-atomic_t fscache_n_store_vmscan_wait;
+atomic_unchecked_t fscache_n_store_vmscan_not_storing;
+atomic_unchecked_t fscache_n_store_vmscan_gone;
+atomic_unchecked_t fscache_n_store_vmscan_busy;
+atomic_unchecked_t fscache_n_store_vmscan_cancelled;
++atomic_unchecked_t fscache_n_store_vmscan_wait;
-atomic_t fscache_n_marks;
-atomic_t fscache_n_uncaches;
+atomic_unchecked_t fscache_n_acquires_nobufs;
+atomic_unchecked_t fscache_n_acquires_oom;
+-atomic_t fscache_n_invalidates;
+-atomic_t fscache_n_invalidates_run;
++atomic_unchecked_t fscache_n_invalidates;
++atomic_unchecked_t fscache_n_invalidates_run;
+
-atomic_t fscache_n_updates;
-atomic_t fscache_n_updates_null;
-atomic_t fscache_n_updates_run;
atomic_t fscache_n_cop_alloc_object;
atomic_t fscache_n_cop_lookup_object;
-@@ -133,113 +133,113 @@ static int fscache_stats_show(struct seq_file *m, void *v)
+@@ -138,118 +138,118 @@ static int fscache_stats_show(struct seq_file *m, void *v)
seq_puts(m, "FS-Cache statistics\n");
seq_printf(m, "Cookies: idx=%u dat=%u spc=%u\n",
+ atomic_read_unchecked(&fscache_n_object_created),
+ atomic_read_unchecked(&fscache_n_object_lookups_timed_out));
+ seq_printf(m, "Invals : n=%u run=%u\n",
+- atomic_read(&fscache_n_invalidates),
+- atomic_read(&fscache_n_invalidates_run));
++ atomic_read_unchecked(&fscache_n_invalidates),
++ atomic_read_unchecked(&fscache_n_invalidates_run));
+
seq_printf(m, "Updates: n=%u nul=%u run=%u\n",
- atomic_read(&fscache_n_updates),
- atomic_read(&fscache_n_updates_null),
+ atomic_read_unchecked(&fscache_n_store_radix_deletes),
+ atomic_read_unchecked(&fscache_n_store_pages_over_limit));
- seq_printf(m, "VmScan : nos=%u gon=%u bsy=%u can=%u\n",
+ seq_printf(m, "VmScan : nos=%u gon=%u bsy=%u can=%u wt=%u\n",
- atomic_read(&fscache_n_store_vmscan_not_storing),
- atomic_read(&fscache_n_store_vmscan_gone),
- atomic_read(&fscache_n_store_vmscan_busy),
-- atomic_read(&fscache_n_store_vmscan_cancelled));
+- atomic_read(&fscache_n_store_vmscan_cancelled),
+- atomic_read(&fscache_n_store_vmscan_wait));
+ atomic_read_unchecked(&fscache_n_store_vmscan_not_storing),
+ atomic_read_unchecked(&fscache_n_store_vmscan_gone),
+ atomic_read_unchecked(&fscache_n_store_vmscan_busy),
-+ atomic_read_unchecked(&fscache_n_store_vmscan_cancelled));
++ atomic_read_unchecked(&fscache_n_store_vmscan_cancelled),
++ atomic_read_unchecked(&fscache_n_store_vmscan_wait));
seq_printf(m, "Ops : pend=%u run=%u enq=%u can=%u rej=%u\n",
- atomic_read(&fscache_n_op_pend),
seq_printf(m, "CacheOp: alo=%d luo=%d luc=%d gro=%d\n",
atomic_read(&fscache_n_cop_alloc_object),
diff --git a/fs/fuse/cuse.c b/fs/fuse/cuse.c
-index ee8d550..7189d8c 100644
+index e397b67..b0d8709 100644
--- a/fs/fuse/cuse.c
+++ b/fs/fuse/cuse.c
-@@ -585,10 +585,12 @@ static int __init cuse_init(void)
+@@ -593,10 +593,12 @@ static int __init cuse_init(void)
INIT_LIST_HEAD(&cuse_conntbl[i]);
/* inherit and extend fuse_dev_operations */
cuse_class = class_create(THIS_MODULE, "cuse");
if (IS_ERR(cuse_class))
diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c
-index 8c23fa7..0e3aac7 100644
+index e83351a..41e3c9c 100644
--- a/fs/fuse/dev.c
+++ b/fs/fuse/dev.c
-@@ -1241,7 +1241,7 @@ static ssize_t fuse_dev_splice_read(struct file *in, loff_t *ppos,
+@@ -1236,7 +1236,7 @@ static ssize_t fuse_dev_splice_read(struct file *in, loff_t *ppos,
ret = 0;
pipe_lock(pipe);
if (!ret)
ret = -EPIPE;
diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c
-index 324bc08..4fdd56e 100644
+index 315e1f8..91f890c 100644
--- a/fs/fuse/dir.c
+++ b/fs/fuse/dir.c
-@@ -1226,7 +1226,7 @@ static char *read_link(struct dentry *dentry)
+@@ -1233,7 +1233,7 @@ static char *read_link(struct dentry *dentry)
return link;
}
if (!IS_ERR(link))
free_page((unsigned long) link);
diff --git a/fs/gfs2/inode.c b/fs/gfs2/inode.c
-index 381893c..3793318 100644
+index 2b6f569..fcb4d1f 100644
--- a/fs/gfs2/inode.c
+++ b/fs/gfs2/inode.c
-@@ -1490,7 +1490,7 @@ out:
+@@ -1499,7 +1499,7 @@ out:
static void gfs2_put_link(struct dentry *dentry, struct nameidata *nd, void *p)
{
kfree(s);
}
diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c
-index c5bc355..163a13e 100644
+index 78bde32..767e906 100644
--- a/fs/hugetlbfs/inode.c
+++ b/fs/hugetlbfs/inode.c
-@@ -153,6 +153,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
+@@ -152,6 +152,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
+ struct mm_struct *mm = current->mm;
struct vm_area_struct *vma;
- unsigned long start_addr;
struct hstate *h = hstate_file(file);
+ unsigned long offset = gr_rand_threadstack_offset(mm, file, flags);
+ struct vm_unmapped_area_info info;
if (len & ~huge_page_mask(h))
- return -EINVAL;
-@@ -165,18 +166,21 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
+@@ -165,17 +166,26 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
return addr;
}
return addr;
}
- if (len > mm->cached_hole_size)
- start_addr = mm->free_area_cache;
- else {
-- start_addr = TASK_UNMAPPED_BASE;
-+ start_addr = mm->mmap_base;
- mm->cached_hole_size = 0;
- }
-
-@@ -190,15 +194,15 @@ full_search:
- * Start a new search - just in case we missed
- * some holes.
- */
-- if (start_addr != TASK_UNMAPPED_BASE) {
-- start_addr = TASK_UNMAPPED_BASE;
-+ if (start_addr != mm->mmap_base) {
-+ start_addr = mm->mmap_base;
- mm->cached_hole_size = 0;
- goto full_search;
- }
- return -ENOMEM;
- }
-
-- if (!vma || addr + len <= vma->vm_start) {
-+ if (check_heap_stack_gap(vma, addr, len, offset)) {
- mm->free_area_cache = addr + len;
- return addr;
- }
-@@ -923,7 +927,7 @@ static struct file_system_type hugetlbfs_fs_type = {
+ info.flags = 0;
+ info.length = len;
+ info.low_limit = TASK_UNMAPPED_BASE;
++
++#ifdef CONFIG_PAX_RANDMMAP
++ if (mm->pax_flags & MF_PAX_RANDMMAP)
++ info.low_limit += mm->delta_mmap;
++#endif
++
+ info.high_limit = TASK_SIZE;
+ info.align_mask = PAGE_MASK & ~huge_page_mask(h);
+ info.align_offset = 0;
+@@ -897,7 +907,7 @@ static struct file_system_type hugetlbfs_fs_type = {
.kill_sb = kill_litter_super,
};
--static struct vfsmount *hugetlbfs_vfsmount;
-+struct vfsmount *hugetlbfs_vfsmount;
+-static struct vfsmount *hugetlbfs_vfsmount[HUGE_MAX_HSTATE];
++struct vfsmount *hugetlbfs_vfsmount[HUGE_MAX_HSTATE];
static int can_do_hugetlb_shm(void)
{
diff --git a/fs/inode.c b/fs/inode.c
-index 64999f1..8fad608 100644
+index 14084b7..29af1d9 100644
--- a/fs/inode.c
+++ b/fs/inode.c
@@ -880,8 +880,8 @@ unsigned int get_next_ino(void)
/*
diff --git a/fs/jfs/super.c b/fs/jfs/super.c
-index 1a543be..d803c40 100644
+index 1a543be..a4e1363 100644
--- a/fs/jfs/super.c
+++ b/fs/jfs/super.c
+@@ -225,7 +225,7 @@ static const match_table_t tokens = {
+ static int parse_options(char *options, struct super_block *sb, s64 *newLVSize,
+ int *flag)
+ {
+- void *nls_map = (void *)-1; /* -1: no change; NULL: none */
++ const void *nls_map = (const void *)-1; /* -1: no change; NULL: none */
+ char *p;
+ struct jfs_sb_info *sbi = JFS_SBI(sb);
+
+@@ -253,7 +253,7 @@ static int parse_options(char *options, struct super_block *sb, s64 *newLVSize,
+ /* Don't do anything ;-) */
+ break;
+ case Opt_iocharset:
+- if (nls_map && nls_map != (void *) -1)
++ if (nls_map && nls_map != (const void *) -1)
+ unload_nls(nls_map);
+ if (!strcmp(args[0].from, "none"))
+ nls_map = NULL;
@@ -855,7 +855,7 @@ static int __init init_jfs_fs(void)
jfs_inode_cachep =
if (jfs_inode_cachep == NULL)
return -ENOMEM;
diff --git a/fs/libfs.c b/fs/libfs.c
-index 7cc37ca..b3e3eec 100644
+index 916da8c..1588998 100644
--- a/fs/libfs.c
+++ b/fs/libfs.c
@@ -165,6 +165,9 @@ int dcache_readdir(struct file * filp, void * dirent, filldir_t filldir)
next->d_inode->i_ino,
dt_type(next->d_inode)) < 0)
diff --git a/fs/lockd/clntproc.c b/fs/lockd/clntproc.c
-index 05d2912..760abfa 100644
+index 52e5120..808936e 100644
--- a/fs/lockd/clntproc.c
+++ b/fs/lockd/clntproc.c
@@ -36,11 +36,11 @@ static const struct rpc_call_ops nlmclnt_cancel_ops;
lock_flocks();
diff --git a/fs/namei.c b/fs/namei.c
-index 5f4cdf3..959a013 100644
+index ec97aef..eedf4fe 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -319,16 +319,32 @@ int generic_permission(struct inode *inode, int mask)
return -EACCES;
}
-@@ -826,7 +834,7 @@ follow_link(struct path *link, struct nameidata *nd, void **p)
+@@ -824,7 +832,7 @@ follow_link(struct path *link, struct nameidata *nd, void **p)
{
struct dentry *dentry = link->dentry;
int error;
BUG_ON(nd->flags & LOOKUP_RCU);
-@@ -847,6 +855,12 @@ follow_link(struct path *link, struct nameidata *nd, void **p)
+@@ -845,6 +853,12 @@ follow_link(struct path *link, struct nameidata *nd, void **p)
if (error)
goto out_put_nd_path;
nd->last_type = LAST_BIND;
*p = dentry->d_inode->i_op->follow_link(dentry, nd);
error = PTR_ERR(*p);
-@@ -1605,6 +1619,8 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd)
+@@ -1594,6 +1608,8 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd)
break;
res = walk_component(nd, path, &nd->last,
nd->last_type, LOOKUP_FOLLOW);
put_link(nd, &link, cookie);
} while (res > 0);
-@@ -1703,7 +1719,7 @@ EXPORT_SYMBOL(full_name_hash);
+@@ -1692,7 +1708,7 @@ EXPORT_SYMBOL(full_name_hash);
static inline unsigned long hash_name(const char *name, unsigned int *hashp)
{
unsigned long a, b, adata, bdata, mask, hash, len;
hash = a = 0;
len = -sizeof(unsigned long);
-@@ -1993,6 +2009,8 @@ static int path_lookupat(int dfd, const char *name,
+@@ -1977,6 +1993,8 @@ static int path_lookupat(int dfd, const char *name,
if (err)
break;
err = lookup_last(nd, &path);
put_link(nd, &link, cookie);
}
}
-@@ -2000,6 +2018,21 @@ static int path_lookupat(int dfd, const char *name,
+@@ -1984,6 +2002,19 @@ static int path_lookupat(int dfd, const char *name,
if (!err)
err = complete_walk(nd);
-+ if (!(nd->flags & LOOKUP_PARENT)) {
++ if (!err && !(nd->flags & LOOKUP_PARENT)) {
+#ifdef CONFIG_GRKERNSEC
+ if (flags & LOOKUP_RCU) {
-+ if (!err)
-+ path_put(&nd->path);
++ path_put(&nd->path);
+ err = -ECHILD;
+ } else
+#endif
+ if (!gr_acl_handle_hidden_file(nd->path.dentry, nd->path.mnt)) {
-+ if (!err)
-+ path_put(&nd->path);
++ path_put(&nd->path);
+ err = -ENOENT;
+ }
+ }
if (!err && nd->flags & LOOKUP_DIRECTORY) {
if (!nd->inode->i_op->lookup) {
path_put(&nd->path);
-@@ -2027,8 +2060,17 @@ static int filename_lookup(int dfd, struct filename *name,
+@@ -2011,8 +2042,17 @@ static int filename_lookup(int dfd, struct filename *name,
retval = path_lookupat(dfd, name->name,
flags | LOOKUP_REVAL, nd);
return retval;
}
-@@ -2402,6 +2444,13 @@ static int may_open(struct path *path, int acc_mode, int flag)
+@@ -2390,6 +2430,13 @@ static int may_open(struct path *path, int acc_mode, int flag)
if (flag & O_NOATIME && !inode_owner_or_capable(inode))
return -EPERM;
return 0;
}
-@@ -2623,7 +2672,7 @@ looked_up:
+@@ -2611,7 +2658,7 @@ looked_up:
* cleared otherwise prior to returning.
*/
static int lookup_open(struct nameidata *nd, struct path *path,
const struct open_flags *op,
bool got_write, int *opened)
{
-@@ -2658,6 +2707,17 @@ static int lookup_open(struct nameidata *nd, struct path *path,
+@@ -2646,6 +2693,17 @@ static int lookup_open(struct nameidata *nd, struct path *path,
/* Negative dentry, just create the file */
if (!dentry->d_inode && (op->open_flag & O_CREAT)) {
umode_t mode = op->mode;
if (!IS_POSIXACL(dir->d_inode))
mode &= ~current_umask();
/*
-@@ -2679,6 +2739,8 @@ static int lookup_open(struct nameidata *nd, struct path *path,
+@@ -2667,6 +2725,8 @@ static int lookup_open(struct nameidata *nd, struct path *path,
nd->flags & LOOKUP_EXCL);
if (error)
goto out_dput;
}
out_no_open:
path->dentry = dentry;
-@@ -2693,7 +2755,7 @@ out_dput:
+@@ -2681,7 +2741,7 @@ out_dput:
/*
* Handle the last step of open()
*/
struct file *file, const struct open_flags *op,
int *opened, struct filename *name)
{
-@@ -2722,16 +2784,44 @@ static int do_last(struct nameidata *nd, struct path *path,
+@@ -2710,16 +2770,44 @@ static int do_last(struct nameidata *nd, struct path *path,
error = complete_walk(nd);
if (error)
return error;
audit_inode(name, dir, 0);
goto finish_open;
}
-@@ -2780,7 +2870,7 @@ retry_lookup:
+@@ -2768,7 +2856,7 @@ retry_lookup:
*/
}
mutex_lock(&dir->d_inode->i_mutex);
mutex_unlock(&dir->d_inode->i_mutex);
if (error <= 0) {
-@@ -2804,11 +2894,28 @@ retry_lookup:
+@@ -2792,11 +2880,28 @@ retry_lookup:
goto finish_open_created;
}
/*
* If atomic_open() acquired write access it is dropped now due to
-@@ -2849,6 +2956,11 @@ finish_lookup:
+@@ -2837,6 +2942,11 @@ finish_lookup:
}
}
BUG_ON(inode != path->dentry->d_inode);
return 1;
}
-@@ -2858,7 +2970,6 @@ finish_lookup:
+@@ -2846,7 +2956,6 @@ finish_lookup:
save_parent.dentry = nd->path.dentry;
save_parent.mnt = mntget(path->mnt);
nd->path.dentry = path->dentry;
}
nd->inode = inode;
/* Why this, you ask? _Now_ we might have grown LOOKUP_JUMPED... */
-@@ -2867,6 +2978,22 @@ finish_lookup:
+@@ -2855,6 +2964,22 @@ finish_lookup:
path_put(&save_parent);
return error;
}
error = -EISDIR;
if ((open_flag & O_CREAT) && S_ISDIR(nd->inode->i_mode))
goto out;
-@@ -2965,7 +3092,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,
+@@ -2953,7 +3078,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,
if (unlikely(error))
goto out;
while (unlikely(error > 0)) { /* trailing symlink */
struct path link = path;
void *cookie;
-@@ -2983,7 +3110,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,
+@@ -2971,7 +3096,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,
error = follow_link(&link, nd, &cookie);
if (unlikely(error))
break;
put_link(nd, &link, cookie);
}
out:
-@@ -3073,8 +3200,12 @@ struct dentry *kern_path_create(int dfd, const char *pathname, struct path *path
+@@ -3071,8 +3196,12 @@ struct dentry *kern_path_create(int dfd, const char *pathname,
goto unlock;
error = -EEXIST;
/*
* Special case - lookup gave negative, but... we had foo/bar/
* From the vfs_mknod() POV we just have a negative dentry -
-@@ -3125,6 +3256,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, struct pat
+@@ -3124,6 +3253,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname,
}
EXPORT_SYMBOL(user_path_create);
-+static struct dentry *user_path_create_with_name(int dfd, const char __user *pathname, struct path *path, struct filename **to, int is_dir)
++static struct dentry *user_path_create_with_name(int dfd, const char __user *pathname, struct path *path, struct filename **to, unsigned int lookup_flags)
+{
+ struct filename *tmp = getname(pathname);
+ struct dentry *res;
+ if (IS_ERR(tmp))
+ return ERR_CAST(tmp);
-+ res = kern_path_create(dfd, tmp->name, path, is_dir);
++ res = kern_path_create(dfd, tmp->name, path, lookup_flags);
+ if (IS_ERR(res))
+ putname(tmp);
+ else
int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
{
int error = may_create(dir, dentry);
-@@ -3186,6 +3331,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, umode_t, mode,
+@@ -3186,6 +3329,17 @@ retry:
if (!IS_POSIXACL(path.dentry->d_inode))
mode &= ~current_umask();
error = security_path_mknod(&path, dentry, mode, dev);
if (error)
goto out;
-@@ -3202,6 +3358,8 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, umode_t, mode,
+@@ -3202,6 +3356,8 @@ retry:
break;
}
out:
+ if (!error)
+ gr_handle_create(dentry, path.mnt);
done_path_create(&path, dentry);
- return error;
- }
-@@ -3248,9 +3406,18 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, umode_t, mode)
+ if (retry_estale(error, lookup_flags)) {
+ lookup_flags |= LOOKUP_REVAL;
+@@ -3254,9 +3410,16 @@ retry:
if (!IS_POSIXACL(path.dentry->d_inode))
mode &= ~current_umask();
-+
+ if (!gr_acl_handle_mkdir(dentry, path.dentry, path.mnt)) {
+ error = -EACCES;
+ goto out;
+ }
-+
error = security_path_mkdir(&path, dentry, mode);
if (!error)
error = vfs_mkdir(path.dentry->d_inode, dentry, mode);
+ gr_handle_create(dentry, path.mnt);
+out:
done_path_create(&path, dentry);
- return error;
- }
-@@ -3327,6 +3494,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
+ if (retry_estale(error, lookup_flags)) {
+ lookup_flags |= LOOKUP_REVAL;
+@@ -3337,6 +3500,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
struct filename *name;
struct dentry *dentry;
struct nameidata nd;
+ ino_t saved_ino = 0;
+ dev_t saved_dev = 0;
-
- name = user_path_parent(dfd, pathname, &nd);
- if (IS_ERR(name))
-@@ -3358,10 +3527,21 @@ static long do_rmdir(int dfd, const char __user *pathname)
+ unsigned int lookup_flags = 0;
+ retry:
+ name = user_path_parent(dfd, pathname, &nd, lookup_flags);
+@@ -3369,10 +3534,21 @@ retry:
error = -ENOENT;
goto exit3;
}
exit3:
dput(dentry);
exit2:
-@@ -3423,6 +3603,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
+@@ -3438,6 +3614,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
struct dentry *dentry;
struct nameidata nd;
struct inode *inode = NULL;
+ ino_t saved_ino = 0;
+ dev_t saved_dev = 0;
-
- name = user_path_parent(dfd, pathname, &nd);
- if (IS_ERR(name))
-@@ -3448,10 +3630,22 @@ static long do_unlinkat(int dfd, const char __user *pathname)
+ unsigned int lookup_flags = 0;
+ retry:
+ name = user_path_parent(dfd, pathname, &nd, lookup_flags);
+@@ -3464,10 +3642,22 @@ retry:
if (!inode)
goto slashes;
ihold(inode);
exit2:
dput(dentry);
}
-@@ -3523,9 +3717,17 @@ SYSCALL_DEFINE3(symlinkat, const char __user *, oldname,
+@@ -3545,9 +3735,17 @@ retry:
if (IS_ERR(dentry))
goto out_putname;
+ gr_handle_create(dentry, path.mnt);
+out:
done_path_create(&path, dentry);
- out_putname:
- putname(from);
-@@ -3595,6 +3797,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
+ if (retry_estale(error, lookup_flags)) {
+ lookup_flags |= LOOKUP_REVAL;
+@@ -3621,6 +3819,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
{
struct dentry *new_dentry;
struct path old_path, new_path;
int how = 0;
int error;
-@@ -3618,7 +3821,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
+@@ -3644,7 +3843,7 @@ retry:
if (error)
return error;
-- new_dentry = user_path_create(newdfd, newname, &new_path, 0);
-+ new_dentry = user_path_create_with_name(newdfd, newname, &new_path, &to, 0);
+- new_dentry = user_path_create(newdfd, newname, &new_path,
++ new_dentry = user_path_create_with_name(newdfd, newname, &new_path, &to,
+ (how & LOOKUP_REVAL));
error = PTR_ERR(new_dentry);
if (IS_ERR(new_dentry))
- goto out;
-@@ -3629,11 +3832,28 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
+@@ -3656,11 +3855,28 @@ retry:
error = may_linkat(&old_path);
if (unlikely(error))
goto out_dput;
out_dput:
+ putname(to);
done_path_create(&new_path, new_dentry);
- out:
- path_put(&old_path);
-@@ -3873,12 +4093,21 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname,
+ if (retry_estale(error, how)) {
+ how |= LOOKUP_REVAL;
+@@ -3906,12 +4122,21 @@ retry:
if (new_dentry == trap)
goto exit5;
exit5:
dput(new_dentry);
exit4:
-@@ -3903,6 +4132,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna
+@@ -3943,6 +4168,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna
int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link)
{
int len;
len = PTR_ERR(link);
-@@ -3912,7 +4143,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c
+@@ -3952,7 +4179,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c
len = strlen(link);
if (len > (unsigned) buflen)
len = buflen;
out:
return len;
diff --git a/fs/namespace.c b/fs/namespace.c
-index 2496062..e26f6d6 100644
+index a51054f..f9b53e5 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
-@@ -1212,6 +1212,9 @@ static int do_umount(struct mount *mnt, int flags)
+@@ -1215,6 +1215,9 @@ static int do_umount(struct mount *mnt, int flags)
if (!(sb->s_flags & MS_RDONLY))
retval = do_remount_sb(sb, MS_RDONLY, NULL, 0);
up_write(&sb->s_umount);
return retval;
}
-@@ -1231,6 +1234,9 @@ static int do_umount(struct mount *mnt, int flags)
+@@ -1234,6 +1237,9 @@ static int do_umount(struct mount *mnt, int flags)
br_write_unlock(&vfsmount_lock);
up_write(&namespace_sem);
release_mounts(&umount_list);
return retval;
}
-@@ -2244,6 +2250,16 @@ long do_mount(const char *dev_name, const char *dir_name,
+@@ -2287,6 +2293,16 @@ long do_mount(const char *dev_name, const char *dir_name,
MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT |
MS_STRICTATIME);
if (flags & MS_REMOUNT)
retval = do_remount(&path, flags & ~MS_REMOUNT, mnt_flags,
data_page);
-@@ -2258,6 +2274,9 @@ long do_mount(const char *dev_name, const char *dir_name,
+@@ -2301,6 +2317,9 @@ long do_mount(const char *dev_name, const char *dir_name,
dev_name, data_page);
dput_out:
path_put(&path);
return retval;
}
-@@ -2516,6 +2535,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root,
+@@ -2587,6 +2606,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root,
if (error)
goto out2;
get_fs_root(current->fs, &root);
error = lock_mount(&old);
if (error)
+@@ -2790,7 +2814,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns)
+ !nsown_capable(CAP_SYS_ADMIN))
+ return -EPERM;
+
+- if (fs->users != 1)
++ if (atomic_read(&fs->users) != 1)
+ return -EINVAL;
+
+ get_mnt_ns(mnt_ns);
+diff --git a/fs/nfs/callback_xdr.c b/fs/nfs/callback_xdr.c
+index 59461c9..b17c57e 100644
+--- a/fs/nfs/callback_xdr.c
++++ b/fs/nfs/callback_xdr.c
+@@ -51,7 +51,7 @@ struct callback_op {
+ callback_decode_arg_t decode_args;
+ callback_encode_res_t encode_res;
+ long res_maxsize;
+-};
++} __do_const;
+
+ static struct callback_op callback_ops[];
+
diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c
-index 6fa01ae..2790820 100644
+index ebeb94c..ff35337 100644
--- a/fs/nfs/inode.c
+++ b/fs/nfs/inode.c
-@@ -1029,16 +1029,16 @@ static int nfs_size_need_update(const struct inode *inode, const struct nfs_fatt
+@@ -1042,16 +1042,16 @@ static int nfs_size_need_update(const struct inode *inode, const struct nfs_fatt
return nfs_size_to_loff_t(fattr->size) > i_size_read(inode);
}
}
void nfs_fattr_init(struct nfs_fattr *fattr)
+diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
+index 9d1c5db..1e13db8 100644
+--- a/fs/nfsd/nfs4proc.c
++++ b/fs/nfsd/nfs4proc.c
+@@ -1097,7 +1097,7 @@ struct nfsd4_operation {
+ nfsd4op_rsize op_rsize_bop;
+ stateid_getter op_get_currentstateid;
+ stateid_setter op_set_currentstateid;
+-};
++} __do_const;
+
+ static struct nfsd4_operation nfsd4_ops[];
+
+diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
+index 0dc1158..ccf0338 100644
+--- a/fs/nfsd/nfs4xdr.c
++++ b/fs/nfsd/nfs4xdr.c
+@@ -1456,7 +1456,7 @@ nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p)
+
+ typedef __be32(*nfsd4_dec)(struct nfsd4_compoundargs *argp, void *);
+
+-static nfsd4_dec nfsd4_dec_ops[] = {
++static const nfsd4_dec nfsd4_dec_ops[] = {
+ [OP_ACCESS] = (nfsd4_dec)nfsd4_decode_access,
+ [OP_CLOSE] = (nfsd4_dec)nfsd4_decode_close,
+ [OP_COMMIT] = (nfsd4_dec)nfsd4_decode_commit,
+@@ -1496,7 +1496,7 @@ static nfsd4_dec nfsd4_dec_ops[] = {
+ [OP_RELEASE_LOCKOWNER] = (nfsd4_dec)nfsd4_decode_release_lockowner,
+ };
+
+-static nfsd4_dec nfsd41_dec_ops[] = {
++static const nfsd4_dec nfsd41_dec_ops[] = {
+ [OP_ACCESS] = (nfsd4_dec)nfsd4_decode_access,
+ [OP_CLOSE] = (nfsd4_dec)nfsd4_decode_close,
+ [OP_COMMIT] = (nfsd4_dec)nfsd4_decode_commit,
+@@ -1558,7 +1558,7 @@ static nfsd4_dec nfsd41_dec_ops[] = {
+ };
+
+ struct nfsd4_minorversion_ops {
+- nfsd4_dec *decoders;
++ const nfsd4_dec *decoders;
+ int nops;
+ };
+
diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
-index f59169e..fd7d359 100644
+index d586117..143d568 100644
--- a/fs/nfsd/vfs.c
+++ b/fs/nfsd/vfs.c
-@@ -941,7 +941,7 @@ nfsd_vfs_read(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file,
+@@ -939,7 +939,7 @@ nfsd_vfs_read(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file,
} else {
oldfs = get_fs();
set_fs(KERNEL_DS);
set_fs(oldfs);
}
-@@ -1045,7 +1045,7 @@ nfsd_vfs_write(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file,
+@@ -1025,7 +1025,7 @@ nfsd_vfs_write(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file,
/* Write the data. */
oldfs = get_fs(); set_fs(KERNEL_DS);
set_fs(oldfs);
if (host_err < 0)
goto out_nfserr;
-@@ -1587,7 +1587,7 @@ nfsd_readlink(struct svc_rqst *rqstp, struct svc_fh *fhp, char *buf, int *lenp)
+@@ -1571,7 +1571,7 @@ nfsd_readlink(struct svc_rqst *rqstp, struct svc_fh *fhp, char *buf, int *lenp)
*/
oldfs = get_fs(); set_fs(KERNEL_DS);
set_fs(oldfs);
if (host_err < 0)
+diff --git a/fs/nls/nls_base.c b/fs/nls/nls_base.c
+index fea6bd5..8ee9d81 100644
+--- a/fs/nls/nls_base.c
++++ b/fs/nls/nls_base.c
+@@ -234,20 +234,22 @@ EXPORT_SYMBOL(utf16s_to_utf8s);
+
+ int register_nls(struct nls_table * nls)
+ {
+- struct nls_table ** tmp = &tables;
++ struct nls_table *tmp = tables;
+
+ if (nls->next)
+ return -EBUSY;
+
+ spin_lock(&nls_lock);
+- while (*tmp) {
+- if (nls == *tmp) {
++ while (tmp) {
++ if (nls == tmp) {
+ spin_unlock(&nls_lock);
+ return -EBUSY;
+ }
+- tmp = &(*tmp)->next;
++ tmp = tmp->next;
+ }
+- nls->next = tables;
++ pax_open_kernel();
++ *(struct nls_table **)&nls->next = tables;
++ pax_close_kernel();
+ tables = nls;
+ spin_unlock(&nls_lock);
+ return 0;
+@@ -255,12 +257,14 @@ int register_nls(struct nls_table * nls)
+
+ int unregister_nls(struct nls_table * nls)
+ {
+- struct nls_table ** tmp = &tables;
++ struct nls_table * const * tmp = &tables;
+
+ spin_lock(&nls_lock);
+ while (*tmp) {
+ if (nls == *tmp) {
+- *tmp = nls->next;
++ pax_open_kernel();
++ *(struct nls_table **)tmp = nls->next;
++ pax_close_kernel();
+ spin_unlock(&nls_lock);
+ return 0;
+ }
+diff --git a/fs/nls/nls_euc-jp.c b/fs/nls/nls_euc-jp.c
+index 7424929..35f6be5 100644
+--- a/fs/nls/nls_euc-jp.c
++++ b/fs/nls/nls_euc-jp.c
+@@ -561,8 +561,10 @@ static int __init init_nls_euc_jp(void)
+ p_nls = load_nls("cp932");
+
+ if (p_nls) {
+- table.charset2upper = p_nls->charset2upper;
+- table.charset2lower = p_nls->charset2lower;
++ pax_open_kernel();
++ *(const unsigned char **)&table.charset2upper = p_nls->charset2upper;
++ *(const unsigned char **)&table.charset2lower = p_nls->charset2lower;
++ pax_close_kernel();
+ return register_nls(&table);
+ }
+
+diff --git a/fs/nls/nls_koi8-ru.c b/fs/nls/nls_koi8-ru.c
+index e7bc1d7..06bd4bb 100644
+--- a/fs/nls/nls_koi8-ru.c
++++ b/fs/nls/nls_koi8-ru.c
+@@ -63,8 +63,10 @@ static int __init init_nls_koi8_ru(void)
+ p_nls = load_nls("koi8-u");
+
+ if (p_nls) {
+- table.charset2upper = p_nls->charset2upper;
+- table.charset2lower = p_nls->charset2lower;
++ pax_open_kernel();
++ *(const unsigned char **)&table.charset2upper = p_nls->charset2upper;
++ *(const unsigned char **)&table.charset2lower = p_nls->charset2lower;
++ pax_close_kernel();
+ return register_nls(&table);
+ }
+
diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c
-index 6fcaeb8..9d16d04 100644
+index 9ff4a5e..deb1f0f 100644
--- a/fs/notify/fanotify/fanotify_user.c
+++ b/fs/notify/fanotify/fanotify_user.c
-@@ -250,8 +250,8 @@ static ssize_t copy_event_to_user(struct fsnotify_group *group,
+@@ -251,8 +251,8 @@ static ssize_t copy_event_to_user(struct fsnotify_group *group,
fd = fanotify_event_metadata.fd;
ret = -EFAULT;
ret = prepare_for_access_response(group, event, fd);
diff --git a/fs/notify/notification.c b/fs/notify/notification.c
-index c887b13..0fdf472 100644
+index 7b51b05..5ea5ef6 100644
--- a/fs/notify/notification.c
+++ b/fs/notify/notification.c
@@ -57,7 +57,7 @@ static struct kmem_cache *fsnotify_event_holder_cachep;
"inode 0x%lx or driver bug.", vdir->i_ino);
goto err_out;
diff --git a/fs/ntfs/file.c b/fs/ntfs/file.c
-index 1ecf464..e1ff8bf 100644
+index 5b2d4f0..c6de396 100644
--- a/fs/ntfs/file.c
+++ b/fs/ntfs/file.c
-@@ -2232,6 +2232,6 @@ const struct inode_operations ntfs_file_inode_ops = {
+@@ -2242,6 +2242,6 @@ const struct inode_operations ntfs_file_inode_ops = {
#endif /* NTFS_RW */
};
enum ocfs2_local_alloc_state
diff --git a/fs/ocfs2/suballoc.c b/fs/ocfs2/suballoc.c
-index f169da4..9112253 100644
+index b7e74b5..19c6536 100644
--- a/fs/ocfs2/suballoc.c
+++ b/fs/ocfs2/suballoc.c
@@ -872,7 +872,7 @@ static int ocfs2_reserve_suballoc_bits(struct ocfs2_super *osb,
/* You should never ask for this much metadata */
BUG_ON(bits_wanted >
-@@ -2008,7 +2008,7 @@ int ocfs2_claim_metadata(handle_t *handle,
+@@ -2007,7 +2007,7 @@ int ocfs2_claim_metadata(handle_t *handle,
mlog_errno(status);
goto bail;
}
*suballoc_loc = res.sr_bg_blkno;
*suballoc_bit_start = res.sr_bit_offset;
-@@ -2172,7 +2172,7 @@ int ocfs2_claim_new_inode_at_loc(handle_t *handle,
+@@ -2171,7 +2171,7 @@ int ocfs2_claim_new_inode_at_loc(handle_t *handle,
trace_ocfs2_claim_new_inode_at_loc((unsigned long long)di_blkno,
res->sr_bits);
BUG_ON(res->sr_bits != 1);
-@@ -2214,7 +2214,7 @@ int ocfs2_claim_new_inode(handle_t *handle,
+@@ -2213,7 +2213,7 @@ int ocfs2_claim_new_inode(handle_t *handle,
mlog_errno(status);
goto bail;
}
BUG_ON(res.sr_bits != 1);
-@@ -2318,7 +2318,7 @@ int __ocfs2_claim_clusters(handle_t *handle,
+@@ -2317,7 +2317,7 @@ int __ocfs2_claim_clusters(handle_t *handle,
cluster_start,
num_clusters);
if (!status)
} else {
if (min_clusters > (osb->bitmap_cpg - 1)) {
/* The only paths asking for contiguousness
-@@ -2344,7 +2344,7 @@ int __ocfs2_claim_clusters(handle_t *handle,
+@@ -2343,7 +2343,7 @@ int __ocfs2_claim_clusters(handle_t *handle,
ocfs2_desc_bitmap_to_cluster_off(ac->ac_inode,
res.sr_bg_blkno,
res.sr_bit_offset);
/* Copy the blockcheck stats from the superblock probe */
osb->osb_ecc_stats = *stats;
diff --git a/fs/open.c b/fs/open.c
-index 59071f5..c6229a0 100644
+index 9b33c0c..2ffcca2 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -31,6 +31,8 @@
#include "internal.h"
int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs,
-@@ -112,6 +114,10 @@ static long do_sys_truncate(const char __user *pathname, loff_t length)
+@@ -101,6 +103,8 @@ long vfs_truncate(struct path *path, loff_t length)
error = locks_verify_truncate(inode, NULL, length);
if (!error)
- error = security_path_truncate(&path);
-+
-+ if (!error && !gr_acl_handle_truncate(path.dentry, path.mnt))
+ error = security_path_truncate(path);
++ if (!error && !gr_acl_handle_truncate(path->dentry, path->mnt))
+ error = -EACCES;
-+
if (!error)
- error = do_truncate(path.dentry, length, 0, NULL);
+ error = do_truncate(path->dentry, length, 0, NULL);
-@@ -362,6 +368,9 @@ SYSCALL_DEFINE3(faccessat, int, dfd, const char __user *, filename, int, mode)
+@@ -178,6 +182,8 @@ static long do_sys_ftruncate(unsigned int fd, loff_t length, int small)
+ error = locks_verify_truncate(inode, f.file, length);
+ if (!error)
+ error = security_path_truncate(&f.file->f_path);
++ if (!error && !gr_acl_handle_truncate(f.file->f_path.dentry, f.file->f_path.mnt))
++ error = -EACCES;
+ if (!error)
+ error = do_truncate(dentry, length, ATTR_MTIME|ATTR_CTIME, f.file);
+ sb_end_write(inode->i_sb);
+@@ -373,6 +379,9 @@ retry:
if (__mnt_is_readonly(path.mnt))
res = -EROFS;
+
out_path_release:
path_put(&path);
- out:
-@@ -388,6 +397,8 @@ SYSCALL_DEFINE1(chdir, const char __user *, filename)
+ if (retry_estale(res, lookup_flags)) {
+@@ -404,6 +413,8 @@ retry:
if (error)
goto dput_and_out;
set_fs_pwd(current->fs, &path);
dput_and_out:
-@@ -413,6 +424,13 @@ SYSCALL_DEFINE1(fchdir, unsigned int, fd)
+@@ -433,6 +444,13 @@ SYSCALL_DEFINE1(fchdir, unsigned int, fd)
goto out_putf;
error = inode_permission(inode, MAY_EXEC | MAY_CHDIR);
if (!error)
set_fs_pwd(current->fs, &f.file->f_path);
out_putf:
-@@ -441,7 +459,13 @@ SYSCALL_DEFINE1(chroot, const char __user *, filename)
+@@ -462,7 +480,13 @@ retry:
if (error)
goto dput_and_out;
error = 0;
dput_and_out:
path_put(&path);
-@@ -459,6 +483,16 @@ static int chmod_common(struct path *path, umode_t mode)
+@@ -484,6 +508,16 @@ static int chmod_common(struct path *path, umode_t mode)
if (error)
return error;
mutex_lock(&inode->i_mutex);
error = security_path_chmod(path, mode);
if (error)
goto out_unlock;
-@@ -514,6 +548,9 @@ static int chown_common(struct path *path, uid_t user, gid_t group)
+@@ -544,6 +578,9 @@ static int chown_common(struct path *path, uid_t user, gid_t group)
uid = make_kuid(current_user_ns(), user);
gid = make_kgid(current_user_ns(), group);
newattrs.ia_valid = ATTR_CTIME;
if (user != (uid_t) -1) {
if (!uid_valid(uid))
-@@ -925,6 +962,7 @@ long do_sys_open(int dfd, const char __user *filename, int flags, umode_t mode)
+@@ -960,6 +997,7 @@ long do_sys_open(int dfd, const char __user *filename, int flags, umode_t mode)
} else {
fsnotify_open(f);
fd_install(fd, f);
}
putname(tmp);
diff --git a/fs/pipe.c b/fs/pipe.c
-index bd3479d..fb92c4d 100644
+index 8e2e73f..1ef1048 100644
--- a/fs/pipe.c
+++ b/fs/pipe.c
@@ -438,9 +438,9 @@ redo:
}
mutex_unlock(&inode->i_mutex);
-@@ -868,9 +868,9 @@ pipe_rdwr_open(struct inode *inode, struct file *filp)
+@@ -871,9 +871,9 @@ pipe_rdwr_open(struct inode *inode, struct file *filp)
if (inode->i_pipe) {
ret = 0;
if (filp->f_mode & FMODE_READ)
}
mutex_unlock(&inode->i_mutex);
-@@ -962,7 +962,7 @@ void free_pipe_info(struct inode *inode)
+@@ -965,7 +965,7 @@ void free_pipe_info(struct inode *inode)
inode->i_pipe = NULL;
}
/*
* pipefs_dname() is called from d_path().
-@@ -992,7 +992,8 @@ static struct inode * get_pipe_inode(void)
+@@ -995,7 +995,8 @@ static struct inode * get_pipe_inode(void)
goto fail_iput;
inode->i_pipe = pipe;
help
Various /proc files exist to monitor process memory utilization:
diff --git a/fs/proc/array.c b/fs/proc/array.c
-index bd31e02..15cae71 100644
+index 6a91e6f..e54dbc14 100644
--- a/fs/proc/array.c
+++ b/fs/proc/array.c
@@ -60,6 +60,7 @@
#include <linux/proc_fs.h>
#include <linux/ioport.h>
#include <linux/uaccess.h>
-@@ -346,6 +347,21 @@ static void task_cpus_allowed(struct seq_file *m, struct task_struct *task)
+@@ -362,6 +363,21 @@ static void task_cpus_allowed(struct seq_file *m, struct task_struct *task)
seq_putc(m, '\n');
}
int proc_pid_status(struct seq_file *m, struct pid_namespace *ns,
struct pid *pid, struct task_struct *task)
{
-@@ -363,9 +379,24 @@ int proc_pid_status(struct seq_file *m, struct pid_namespace *ns,
+@@ -380,9 +396,24 @@ int proc_pid_status(struct seq_file *m, struct pid_namespace *ns,
task_cpus_allowed(m, task);
cpuset_task_status_allowed(m, task);
task_context_switch_counts(m, task);
static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
struct pid *pid, struct task_struct *task, int whole)
{
-@@ -387,6 +418,13 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
+@@ -404,6 +435,13 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
char tcomm[sizeof(task->comm)];
unsigned long flags;
state = *get_task_state(task);
vsize = eip = esp = 0;
permitted = ptrace_may_access(task, PTRACE_MODE_READ | PTRACE_MODE_NOAUDIT);
-@@ -458,6 +496,19 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
+@@ -475,6 +513,19 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
gtime = task->gtime;
}
/* scale priority and nice values from timeslices to -20..20 */
/* to make it look like a "normal" Unix priority/nice value */
priority = task_prio(task);
-@@ -494,9 +545,15 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
+@@ -511,9 +562,15 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
seq_put_decimal_ull(m, ' ', vsize);
seq_put_decimal_ull(m, ' ', mm ? get_mm_rss(mm) : 0);
seq_put_decimal_ull(m, ' ', rsslim);
seq_put_decimal_ull(m, ' ', esp);
seq_put_decimal_ull(m, ' ', eip);
/* The signal information here is obsolete.
-@@ -518,7 +575,11 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
+@@ -535,7 +592,11 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
seq_put_decimal_ull(m, ' ', cputime_to_clock_t(gtime));
seq_put_decimal_ll(m, ' ', cputime_to_clock_t(cgtime));
seq_put_decimal_ull(m, ' ', mm->start_data);
seq_put_decimal_ull(m, ' ', mm->end_data);
seq_put_decimal_ull(m, ' ', mm->start_brk);
-@@ -556,8 +617,15 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns,
+@@ -573,8 +634,15 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns,
struct pid *pid, struct task_struct *task)
{
unsigned long size = 0, resident = 0, shared = 0, text = 0, data = 0;
if (mm) {
size = task_statm(mm, &shared, &text, &data, &resident);
mmput(mm);
-@@ -580,6 +648,13 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns,
+@@ -597,6 +665,13 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns,
return 0;
}
static struct pid *
get_children_pid(struct inode *inode, struct pid *pid_prev, loff_t pos)
diff --git a/fs/proc/base.c b/fs/proc/base.c
-index 9e28356..c485b3c 100644
+index 9b43ff77..ba3e990 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -111,6 +111,14 @@ struct pid_entry {
put_task_struct(task);
}
return allowed;
-@@ -562,10 +592,35 @@ static bool has_pid_permissions(struct pid_namespace *pid,
+@@ -555,10 +585,35 @@ static bool has_pid_permissions(struct pid_namespace *pid,
struct task_struct *task,
int hide_pid_min)
{
+ const struct cred *tmpcred = current_cred();
+ const struct cred *cred = __task_cred(task);
+
-+ if (!tmpcred->uid || (tmpcred->uid == cred->uid)
++ if (uid_eq(tmpcred->uid, GLOBAL_ROOT_UID) || uid_eq(tmpcred->uid, cred->uid)
+#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
+ || in_group_p(grsec_proc_gid)
+#endif
return ptrace_may_access(task, PTRACE_MODE_READ);
}
-@@ -583,7 +638,11 @@ static int proc_pid_permission(struct inode *inode, int mask)
+@@ -576,7 +631,11 @@ static int proc_pid_permission(struct inode *inode, int mask)
put_task_struct(task);
if (!has_perms) {
/*
* Let's make getdents(), stat(), and open()
* consistent with each other. If a process
-@@ -681,6 +740,11 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode)
+@@ -674,6 +733,11 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode)
if (!task)
return -ESRCH;
mm = mm_access(task, mode);
put_task_struct(task);
-@@ -696,6 +760,10 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode)
+@@ -689,6 +753,10 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode)
file->private_data = mm;
return 0;
}
-@@ -717,6 +785,17 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
+@@ -710,6 +778,17 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
ssize_t copied;
char *page;
if (!mm)
return 0;
-@@ -821,6 +900,13 @@ static ssize_t environ_read(struct file *file, char __user *buf,
+@@ -814,6 +893,13 @@ static ssize_t environ_read(struct file *file, char __user *buf,
if (!mm)
return 0;
page = (char *)__get_free_page(GFP_TEMPORARY);
if (!page)
return -ENOMEM;
-@@ -1436,7 +1522,7 @@ static void *proc_pid_follow_link(struct dentry *dentry, struct nameidata *nd)
+@@ -1429,7 +1515,7 @@ static void *proc_pid_follow_link(struct dentry *dentry, struct nameidata *nd)
int error = -EACCES;
/* Are we allowed to snoop on the tasks file descriptors? */
goto out;
error = PROC_I(inode)->op.proc_get_link(dentry, &path);
-@@ -1480,8 +1566,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b
+@@ -1473,8 +1559,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b
struct path path;
/* Are we allowed to snoop on the tasks file descriptors? */
error = PROC_I(inode)->op.proc_get_link(dentry, &path);
if (error)
-@@ -1531,7 +1627,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t
+@@ -1524,7 +1620,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t
rcu_read_lock();
cred = __task_cred(task);
inode->i_uid = cred->euid;
rcu_read_unlock();
}
security_task_to_inode(task, inode);
-@@ -1567,10 +1667,19 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat)
+@@ -1560,10 +1660,19 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat)
return -ENOENT;
}
if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
}
}
rcu_read_unlock();
-@@ -1608,11 +1717,20 @@ int pid_revalidate(struct dentry *dentry, unsigned int flags)
+@@ -1601,11 +1710,20 @@ int pid_revalidate(struct dentry *dentry, unsigned int flags)
if (task) {
if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
rcu_read_unlock();
} else {
inode->i_uid = GLOBAL_ROOT_UID;
-@@ -2065,6 +2183,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir,
+@@ -2058,6 +2176,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir,
if (!task)
goto out_no_task;
/*
* Yes, it does not scale. And it should not. Don't add
* new entries into /proc/<tgid>/ without very good reasons.
-@@ -2109,6 +2230,9 @@ static int proc_pident_readdir(struct file *filp,
+@@ -2102,6 +2223,9 @@ static int proc_pident_readdir(struct file *filp,
if (!task)
goto out_no_task;
ret = 0;
i = filp->f_pos;
switch (i) {
-@@ -2380,7 +2504,7 @@ static void *proc_self_follow_link(struct dentry *dentry, struct nameidata *nd)
- static void proc_self_put_link(struct dentry *dentry, struct nameidata *nd,
- void *cookie)
- {
-- char *s = nd_get_link(nd);
-+ const char *s = nd_get_link(nd);
- if (!IS_ERR(s))
- kfree(s);
- }
-@@ -2662,7 +2786,7 @@ static const struct pid_entry tgid_base_stuff[] = {
+@@ -2515,7 +2639,7 @@ static const struct pid_entry tgid_base_stuff[] = {
REG("autogroup", S_IRUGO|S_IWUSR, proc_pid_sched_autogroup_operations),
#endif
REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations),
INF("syscall", S_IRUGO, proc_pid_syscall),
#endif
INF("cmdline", S_IRUGO, proc_pid_cmdline),
-@@ -2687,10 +2811,10 @@ static const struct pid_entry tgid_base_stuff[] = {
+@@ -2540,10 +2664,10 @@ static const struct pid_entry tgid_base_stuff[] = {
#ifdef CONFIG_SECURITY
DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
#endif
ONE("stack", S_IRUGO, proc_pid_stack),
#endif
#ifdef CONFIG_SCHEDSTATS
-@@ -2724,6 +2848,9 @@ static const struct pid_entry tgid_base_stuff[] = {
+@@ -2577,6 +2701,9 @@ static const struct pid_entry tgid_base_stuff[] = {
#ifdef CONFIG_HARDWALL
INF("hardwall", S_IRUGO, proc_pid_hardwall),
#endif
#ifdef CONFIG_USER_NS
REG("uid_map", S_IRUGO|S_IWUSR, proc_uid_map_operations),
REG("gid_map", S_IRUGO|S_IWUSR, proc_gid_map_operations),
-@@ -2856,7 +2983,14 @@ static struct dentry *proc_pid_instantiate(struct inode *dir,
+@@ -2705,7 +2832,14 @@ static struct dentry *proc_pid_instantiate(struct inode *dir,
if (!inode)
goto out;
inode->i_op = &proc_tgid_base_inode_operations;
inode->i_fop = &proc_tgid_base_operations;
inode->i_flags|=S_IMMUTABLE;
-@@ -2898,7 +3032,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign
+@@ -2743,7 +2877,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign
if (!task)
goto out;
put_task_struct(task);
out:
return result;
-@@ -2961,6 +3099,8 @@ static int proc_pid_fill_cache(struct file *filp, void *dirent, filldir_t filldi
+@@ -2806,6 +2944,8 @@ static int proc_pid_fill_cache(struct file *filp, void *dirent, filldir_t filldi
static int fake_filldir(void *buf, const char *name, int namelen,
loff_t offset, u64 ino, unsigned d_type)
{
return 0;
}
-@@ -3027,7 +3167,7 @@ static const struct pid_entry tid_base_stuff[] = {
+@@ -2857,7 +2997,7 @@ static const struct pid_entry tid_base_stuff[] = {
REG("sched", S_IRUGO|S_IWUSR, proc_pid_sched_operations),
#endif
REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations),
INF("syscall", S_IRUGO, proc_pid_syscall),
#endif
INF("cmdline", S_IRUGO, proc_pid_cmdline),
-@@ -3054,10 +3194,10 @@ static const struct pid_entry tid_base_stuff[] = {
+@@ -2884,10 +3024,10 @@ static const struct pid_entry tid_base_stuff[] = {
#ifdef CONFIG_SECURITY
DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
#endif
}
module_init(proc_devices_init);
diff --git a/fs/proc/fd.c b/fs/proc/fd.c
-index f28a875..c467953 100644
+index d7a4a28..0201742 100644
--- a/fs/proc/fd.c
+++ b/fs/proc/fd.c
@@ -25,7 +25,8 @@ static int seq_show(struct seq_file *m, void *v)
put_task_struct(task);
if (files) {
-@@ -300,11 +301,21 @@ static struct dentry *proc_lookupfd(struct inode *dir, struct dentry *dentry,
+@@ -302,11 +303,21 @@ static struct dentry *proc_lookupfd(struct inode *dir, struct dentry *dentry,
*/
int proc_fd_permission(struct inode *inode, int mask)
{
}
diff --git a/fs/proc/inode.c b/fs/proc/inode.c
-index 3b22bbd..895b58c 100644
+index 439ae688..c21ac36 100644
--- a/fs/proc/inode.c
+++ b/fs/proc/inode.c
@@ -21,11 +21,17 @@
static void proc_evict_inode(struct inode *inode)
{
struct proc_dir_entry *de;
-@@ -51,6 +57,13 @@ static void proc_evict_inode(struct inode *inode)
- ns_ops = PROC_I(inode)->ns_ops;
- if (ns_ops && ns_ops->put)
- ns_ops->put(PROC_I(inode)->ns);
+@@ -53,6 +59,13 @@ static void proc_evict_inode(struct inode *inode)
+ ns = PROC_I(inode)->ns;
+ if (ns_ops && ns)
+ ns_ops->put(ns);
+
+#ifdef CONFIG_PROC_SYSCTL
+ if (inode->i_op == &proc_sys_inode_operations ||
}
static struct kmem_cache * proc_inode_cachep;
-@@ -455,7 +468,11 @@ struct inode *proc_get_inode(struct super_block *sb, struct proc_dir_entry *de)
+@@ -457,7 +470,11 @@ struct inode *proc_get_inode(struct super_block *sb, struct proc_dir_entry *de)
if (de->mode) {
inode->i_mode = de->mode;
inode->i_uid = de->uid;
if (de->size)
inode->i_size = de->size;
diff --git a/fs/proc/internal.h b/fs/proc/internal.h
-index 43973b0..a20e704 100644
+index 252544c..04395b9 100644
--- a/fs/proc/internal.h
+++ b/fs/proc/internal.h
-@@ -54,6 +54,9 @@ extern int proc_pid_status(struct seq_file *m, struct pid_namespace *ns,
+@@ -55,6 +55,9 @@ extern int proc_pid_status(struct seq_file *m, struct pid_namespace *ns,
struct pid *pid, struct task_struct *task);
extern int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns,
struct pid *pid, struct task_struct *task);
extern const struct file_operations proc_tid_children_operations;
diff --git a/fs/proc/kcore.c b/fs/proc/kcore.c
-index 86c67ee..cdca321 100644
+index e96d4f1..8b116ed 100644
--- a/fs/proc/kcore.c
+++ b/fs/proc/kcore.c
@@ -480,9 +480,10 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos)
seq_putc(m, '\n');
diff --git a/fs/proc/proc_net.c b/fs/proc/proc_net.c
-index fe72cd0..cb9b67d 100644
+index fe72cd0..21b52ff 100644
--- a/fs/proc/proc_net.c
+++ b/fs/proc/proc_net.c
@@ -23,6 +23,7 @@
+#endif
+
+#ifdef CONFIG_GRKERNSEC_PROC_USER
-+ if (cred->fsuid)
++ if (!uid_eq(cred->fsuid, GLOBAL_ROOT_UID))
+ return net;
+#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
-+ if (cred->fsuid && !in_group_p(grsec_proc_gid))
++ if (!uid_eq(cred->fsuid, GLOBAL_ROOT_UID) && !in_group_p(grsec_proc_gid))
+ return net;
+#endif
rcu_read_lock();
task = pid_task(proc_pid(dir), PIDTYPE_PID);
diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
-index a781bdf..6665284 100644
+index 1827d88..43b0279 100644
--- a/fs/proc/proc_sysctl.c
+++ b/fs/proc/proc_sysctl.c
@@ -12,11 +12,15 @@
void proc_sys_poll_notify(struct ctl_table_poll *poll)
{
-@@ -465,6 +469,9 @@ static struct dentry *proc_sys_lookup(struct inode *dir, struct dentry *dentry,
+@@ -466,6 +470,9 @@ static struct dentry *proc_sys_lookup(struct inode *dir, struct dentry *dentry,
err = NULL;
d_set_d_op(dentry, &proc_sys_dentry_operations);
d_add(dentry, inode);
out:
-@@ -480,18 +487,20 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *buf,
+@@ -481,6 +488,7 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *buf,
struct inode *inode = filp->f_path.dentry->d_inode;
struct ctl_table_header *head = grab_header(inode);
struct ctl_table *table = PROC_I(inode)->sysctl_entry;
ssize_t error;
size_t res;
- if (IS_ERR(head))
- return PTR_ERR(head);
-
-+
- /*
- * At this point we know that the sysctl was not unregistered
+@@ -492,7 +500,7 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *buf,
* and won't be until we finish.
*/
error = -EPERM;
-- if (sysctl_perm(head->root, table, write ? MAY_WRITE : MAY_READ))
-+ if (sysctl_perm(head->root, table, op))
+- if (sysctl_perm(head, table, write ? MAY_WRITE : MAY_READ))
++ if (sysctl_perm(head, table, op))
goto out;
/* if that can happen at all, it should be -EINVAL, not -EISDIR */
-@@ -499,6 +508,22 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *buf,
+@@ -500,6 +508,22 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *buf,
if (!table->proc_handler)
goto out;
/* careful: calling conventions are nasty here */
res = count;
error = table->proc_handler(table, write, buf, &res, ppos);
-@@ -596,6 +621,9 @@ static int proc_sys_fill_cache(struct file *filp, void *dirent,
+@@ -597,6 +621,9 @@ static int proc_sys_fill_cache(struct file *filp, void *dirent,
return -ENOMEM;
} else {
d_set_d_op(child, &proc_sys_dentry_operations);
d_add(child, inode);
}
} else {
-@@ -639,6 +667,9 @@ static int scan(struct ctl_table_header *head, ctl_table *table,
+@@ -640,6 +667,9 @@ static int scan(struct ctl_table_header *head, ctl_table *table,
if ((*pos)++ < file->f_pos)
return 0;
if (unlikely(S_ISLNK(table->mode)))
res = proc_sys_link_fill_cache(file, dirent, filldir, head, table);
else
-@@ -756,6 +787,9 @@ static int proc_sys_getattr(struct vfsmount *mnt, struct dentry *dentry, struct
+@@ -750,6 +780,9 @@ static int proc_sys_getattr(struct vfsmount *mnt, struct dentry *dentry, struct
if (IS_ERR(head))
return PTR_ERR(head);
generic_fillattr(inode, stat);
if (table)
stat->mode = (stat->mode & S_IFMT) | table->mode;
-@@ -778,13 +812,13 @@ static const struct file_operations proc_sys_dir_file_operations = {
+@@ -772,13 +805,13 @@ static const struct file_operations proc_sys_dir_file_operations = {
.llseek = generic_file_llseek,
};
.lookup = proc_sys_lookup,
.permission = proc_sys_permission,
.setattr = proc_sys_setattr,
+@@ -854,7 +887,7 @@ static struct ctl_dir *find_subdir(struct ctl_dir *dir,
+ static struct ctl_dir *new_dir(struct ctl_table_set *set,
+ const char *name, int namelen)
+ {
+- struct ctl_table *table;
++ ctl_table_no_const *table;
+ struct ctl_dir *new;
+ struct ctl_node *node;
+ char *new_name;
+@@ -866,7 +899,7 @@ static struct ctl_dir *new_dir(struct ctl_table_set *set,
+ return NULL;
+
+ node = (struct ctl_node *)(new + 1);
+- table = (struct ctl_table *)(node + 1);
++ table = (ctl_table_no_const *)(node + 1);
+ new_name = (char *)(table + 2);
+ memcpy(new_name, name, namelen);
+ new_name[namelen] = '\0';
+@@ -1035,7 +1068,8 @@ static int sysctl_check_table(const char *path, struct ctl_table *table)
+ static struct ctl_table_header *new_links(struct ctl_dir *dir, struct ctl_table *table,
+ struct ctl_table_root *link_root)
+ {
+- struct ctl_table *link_table, *entry, *link;
++ ctl_table_no_const *link_table, *link;
++ struct ctl_table *entry;
+ struct ctl_table_header *links;
+ struct ctl_node *node;
+ char *link_name;
+@@ -1058,7 +1092,7 @@ static struct ctl_table_header *new_links(struct ctl_dir *dir, struct ctl_table
+ return NULL;
+
+ node = (struct ctl_node *)(links + 1);
+- link_table = (struct ctl_table *)(node + nr_entries);
++ link_table = (ctl_table_no_const *)(node + nr_entries);
+ link_name = (char *)&link_table[nr_entries + 1];
+
+ for (link = link_table, entry = table; entry->procname; link++, entry++) {
+@@ -1306,8 +1340,8 @@ static int register_leaf_sysctl_tables(const char *path, char *pos,
+ struct ctl_table_header ***subheader, struct ctl_table_set *set,
+ struct ctl_table *table)
+ {
+- struct ctl_table *ctl_table_arg = NULL;
+- struct ctl_table *entry, *files;
++ ctl_table_no_const *ctl_table_arg = NULL, *files = NULL;
++ struct ctl_table *entry;
+ int nr_files = 0;
+ int nr_dirs = 0;
+ int err = -ENOMEM;
+@@ -1319,10 +1353,9 @@ static int register_leaf_sysctl_tables(const char *path, char *pos,
+ nr_files++;
+ }
+
+- files = table;
+ /* If there are mixed files and directories we need a new table */
+ if (nr_dirs && nr_files) {
+- struct ctl_table *new;
++ ctl_table_no_const *new;
+ files = kzalloc(sizeof(struct ctl_table) * (nr_files + 1),
+ GFP_KERNEL);
+ if (!files)
+@@ -1340,7 +1373,7 @@ static int register_leaf_sysctl_tables(const char *path, char *pos,
+ /* Register everything except a directory full of subdirectories */
+ if (nr_files || !nr_dirs) {
+ struct ctl_table_header *header;
+- header = __register_sysctl_table(set, path, files);
++ header = __register_sysctl_table(set, path, files ? files : table);
+ if (!header) {
+ kfree(ctl_table_arg);
+ goto out;
diff --git a/fs/proc/root.c b/fs/proc/root.c
-index 9889a92..2613b48 100644
+index c6e9fac..a740964 100644
--- a/fs/proc/root.c
+++ b/fs/proc/root.c
-@@ -187,7 +187,15 @@ void __init proc_root_init(void)
+@@ -176,7 +176,15 @@ void __init proc_root_init(void)
#ifdef CONFIG_PROC_DEVICETREE
proc_device_tree_init();
#endif
proc_sys_init();
}
+diff --git a/fs/proc/self.c b/fs/proc/self.c
+index aa5cc3b..c91a5d0 100644
+--- a/fs/proc/self.c
++++ b/fs/proc/self.c
+@@ -37,7 +37,7 @@ static void *proc_self_follow_link(struct dentry *dentry, struct nameidata *nd)
+ static void proc_self_put_link(struct dentry *dentry, struct nameidata *nd,
+ void *cookie)
+ {
+- char *s = nd_get_link(nd);
++ const char *s = nd_get_link(nd);
+ if (!IS_ERR(s))
+ kfree(s);
+ }
diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
-index 90c63f9..e662cfc 100644
+index ca5ce7f..02c1cf0 100644
--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
@@ -11,12 +11,19 @@
show_map_vma(m, vma, is_pid);
if (m->count < m->size) /* vma is copied successfully */
-@@ -538,12 +574,23 @@ static int show_smap(struct seq_file *m, void *v, int is_pid)
+@@ -589,12 +625,23 @@ static int show_smap(struct seq_file *m, void *v, int is_pid)
.private = &mss,
};
show_map_vma(m, vma, is_pid);
seq_printf(m,
-@@ -561,7 +608,11 @@ static int show_smap(struct seq_file *m, void *v, int is_pid)
+@@ -612,7 +659,11 @@ static int show_smap(struct seq_file *m, void *v, int is_pid)
"KernelPageSize: %8lu kB\n"
"MMUPageSize: %8lu kB\n"
"Locked: %8lu kB\n",
mss.resident >> 10,
(unsigned long)(mss.pss >> (10 + PSS_SHIFT)),
mss.shared_clean >> 10,
-@@ -1211,6 +1262,13 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid)
+@@ -1264,6 +1315,13 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid)
int n;
char buffer[50];
if (!mm)
return 0;
-@@ -1228,11 +1286,15 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid)
- mpol_to_str(buffer, sizeof(buffer), pol, 0);
+@@ -1281,11 +1339,15 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid)
+ mpol_to_str(buffer, sizeof(buffer), pol);
mpol_cond_put(pol);
+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
} else if (mm) {
pid_t tid = vm_is_stack(priv->task, vma, is_pid);
-diff --git a/fs/pstore/ftrace.c b/fs/pstore/ftrace.c
-index 2d57e1a..43b1280 100644
---- a/fs/pstore/ftrace.c
-+++ b/fs/pstore/ftrace.c
-@@ -28,7 +28,9 @@
- #include "internal.h"
-
- static void notrace pstore_ftrace_call(unsigned long ip,
-- unsigned long parent_ip)
-+ unsigned long parent_ip,
-+ struct ftrace_ops *op,
-+ struct pt_regs *regs)
- {
- unsigned long flags;
- struct pstore_ftrace_record rec = {};
diff --git a/fs/quota/netlink.c b/fs/quota/netlink.c
index 16e8abb..2dcf914 100644
--- a/fs/quota/netlink.c
"a_genl_family, 0, QUOTA_NL_C_WARNING);
if (!msg_head) {
printk(KERN_ERR
-diff --git a/fs/read_write.c b/fs/read_write.c
-index d065348..8e2b43d 100644
---- a/fs/read_write.c
-+++ b/fs/read_write.c
-@@ -935,6 +935,8 @@ ssize_t do_sendfile(int out_fd, int in_fd, loff_t *ppos, size_t count,
- if (retval > 0) {
- add_rchar(current, retval);
- add_wchar(current, retval);
-+ fsnotify_access(in.file);
-+ fsnotify_modify(out.file);
- }
-
- inc_syscr(current);
diff --git a/fs/readdir.c b/fs/readdir.c
index 5e69ef5..e5d9099 100644
--- a/fs/readdir.c
SF(s_do_balance), SF(s_unneeded_left_neighbor),
SF(s_good_search_by_key_reada), SF(s_bmaps),
diff --git a/fs/reiserfs/reiserfs.h b/fs/reiserfs/reiserfs.h
-index 33215f5..c5d427a 100644
+index 157e474..65a6114 100644
--- a/fs/reiserfs/reiserfs.h
+++ b/fs/reiserfs/reiserfs.h
@@ -453,7 +453,7 @@ struct reiserfs_sb_info {
return -EINVAL;
diff --git a/fs/seq_file.c b/fs/seq_file.c
-index 99dffab..e4fcb71 100644
+index f2bc3df..239d4f6 100644
--- a/fs/seq_file.c
+++ b/fs/seq_file.c
@@ -10,6 +10,7 @@
if (op) {
diff --git a/fs/splice.c b/fs/splice.c
-index 48c7bd1..d0740e4 100644
+index 6909d89..5b2e8f9 100644
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -194,7 +194,7 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe,
return 0;
if (sd->flags & SPLICE_F_NONBLOCK)
-@@ -1192,7 +1192,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd,
+@@ -1189,7 +1189,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd,
* out of the pipe right after the splice_to_pipe(). So set
* PIPE_READERS appropriately.
*/
current->splice_pipe = pipe;
}
-@@ -1741,9 +1741,9 @@ static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
+@@ -1738,9 +1738,9 @@ static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
ret = -ERESTARTSYS;
break;
}
if (flags & SPLICE_F_NONBLOCK) {
ret = -EAGAIN;
break;
-@@ -1775,7 +1775,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
+@@ -1772,7 +1772,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
pipe_lock(pipe);
while (pipe->nrbufs >= pipe->buffers) {
send_sig(SIGPIPE, current, 0);
ret = -EPIPE;
break;
-@@ -1788,9 +1788,9 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
+@@ -1785,9 +1785,9 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
ret = -ERESTARTSYS;
break;
}
}
pipe_unlock(pipe);
-@@ -1826,14 +1826,14 @@ retry:
+@@ -1823,14 +1823,14 @@ retry:
pipe_double_lock(ipipe, opipe);
do {
break;
/*
-@@ -1930,7 +1930,7 @@ static int link_pipe(struct pipe_inode_info *ipipe,
+@@ -1927,7 +1927,7 @@ static int link_pipe(struct pipe_inode_info *ipipe,
pipe_double_lock(ipipe, opipe);
do {
send_sig(SIGPIPE, current, 0);
if (!ret)
ret = -EPIPE;
-@@ -1975,7 +1975,7 @@ static int link_pipe(struct pipe_inode_info *ipipe,
+@@ -1972,7 +1972,7 @@ static int link_pipe(struct pipe_inode_info *ipipe,
* return EAGAIN if we have the potential of some data in the
* future, otherwise just return 0
*/
pipe_unlock(ipipe);
diff --git a/fs/stat.c b/fs/stat.c
-index eae4946..6198f55 100644
+index 14f4545..9b7f55b 100644
--- a/fs/stat.c
+++ b/fs/stat.c
@@ -28,8 +28,13 @@ void generic_fillattr(struct inode *inode, struct kstat *stat)
sd = sysfs_new_dirent(name, mode, SYSFS_DIR);
if (!sd)
diff --git a/fs/sysfs/file.c b/fs/sysfs/file.c
-index 00012e3..8392349 100644
+index 602f56d..6853db8 100644
--- a/fs/sysfs/file.c
+++ b/fs/sysfs/file.c
@@ -37,7 +37,7 @@ static DEFINE_SPINLOCK(sysfs_open_dirent_lock);
int i;
for (i = 0; i < sizeof(struct tag); ++i)
diff --git a/fs/utimes.c b/fs/utimes.c
-index bb0696a..552054b 100644
+index f4fb7ec..3fe03c0 100644
--- a/fs/utimes.c
+++ b/fs/utimes.c
@@ -1,6 +1,7 @@
error = notify_change(path->dentry, &newattrs);
mutex_unlock(&inode->i_mutex);
diff --git a/fs/xattr.c b/fs/xattr.c
-index e21c119..21dfc7c 100644
+index 3377dff..4feded6 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -319,7 +319,7 @@ EXPORT_SYMBOL_GPL(vfs_removexattr);
out:
if (vvalue)
vfree(vvalue);
-@@ -376,7 +381,7 @@ SYSCALL_DEFINE5(setxattr, const char __user *, pathname,
+@@ -377,7 +382,7 @@ retry:
return error;
error = mnt_want_write(path.mnt);
if (!error) {
mnt_drop_write(path.mnt);
}
path_put(&path);
-@@ -395,7 +400,7 @@ SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname,
+@@ -401,7 +406,7 @@ retry:
return error;
error = mnt_want_write(path.mnt);
if (!error) {
mnt_drop_write(path.mnt);
}
path_put(&path);
-@@ -406,16 +411,14 @@ SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name,
+@@ -416,16 +421,14 @@ SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name,
const void __user *,value, size_t, size, int, flags)
{
struct fd f = fdget(fd);
struct posix_acl *acl;
struct posix_acl_entry *acl_e;
diff --git a/fs/xfs/xfs_bmap.c b/fs/xfs/xfs_bmap.c
-index 83d0cf3..2ef526b 100644
+index 572a858..12a9b0d 100644
--- a/fs/xfs/xfs_bmap.c
+++ b/fs/xfs/xfs_bmap.c
-@@ -189,7 +189,7 @@ xfs_bmap_validate_ret(
+@@ -192,7 +192,7 @@ xfs_bmap_validate_ret(
int nmap,
int ret_nmap);
#else
*offset = off & 0x7fffffff;
return 0;
diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c
-index c1df3c6..f987db6 100644
+index c1c3ef8..0952438 100644
--- a/fs/xfs/xfs_ioctl.c
+++ b/fs/xfs/xfs_ioctl.c
-@@ -126,7 +126,7 @@ xfs_find_handle(
+@@ -127,7 +127,7 @@ xfs_find_handle(
}
error = -EFAULT;
goto out_put;
diff --git a/fs/xfs/xfs_iops.c b/fs/xfs/xfs_iops.c
-index 4e00cf0..3374374 100644
+index d82efaa..0904a8e 100644
--- a/fs/xfs/xfs_iops.c
+++ b/fs/xfs/xfs_iops.c
-@@ -394,7 +394,7 @@ xfs_vn_put_link(
+@@ -395,7 +395,7 @@ xfs_vn_put_link(
struct nameidata *nd,
void *p)
{
+endif
diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c
new file mode 100644
-index 0000000..960766a
+index 0000000..0767b2e
--- /dev/null
+++ b/grsecurity/gracl.c
-@@ -0,0 +1,4003 @@
+@@ -0,0 +1,4067 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/sched.h>
+#include <linux/fdtable.h>
+#include <linux/percpu.h>
+#include <linux/lglock.h>
++#include <linux/hugetlb.h>
+#include "../fs/mount.h"
+
+#include <asm/uaccess.h>
+
+extern struct vfsmount *pipe_mnt;
+extern struct vfsmount *shm_mnt;
++
+#ifdef CONFIG_HUGETLBFS
-+extern struct vfsmount *hugetlbfs_vfsmount;
++extern struct vfsmount *hugetlbfs_vfsmount[HUGE_MAX_HSTATE];
+#endif
+
+static struct acl_object_label *fakefs_obj_rw;
+ return __full_lookup(orig_dentry, orig_mnt, inode, device, subj, path, newglob);
+}
+
++#ifdef CONFIG_HUGETLBFS
++static inline bool
++is_hugetlbfs_mnt(const struct vfsmount *mnt)
++{
++ int i;
++ for (i = 0; i < HUGE_MAX_HSTATE; i++) {
++ if (unlikely(hugetlbfs_vfsmount[i] == mnt))
++ return true;
++ }
++
++ return false;
++}
++#endif
++
+static struct acl_object_label *
+__chk_obj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
+ const struct acl_subject_label *subj, char *path, const int checkglob)
+ mnt == sock_mnt ||
+#endif
+#ifdef CONFIG_HUGETLBFS
-+ (mnt == hugetlbfs_vfsmount && dentry->d_inode->i_nlink == 0) ||
++ (is_hugetlbfs_mnt(mnt) && dentry->d_inode->i_nlink == 0) ||
+#endif
+ /* ignore Eric Biederman */
+ IS_PRIVATE(l_dentry->d_inode))) {
+ const struct cred *cred = current_cred();
+
+ security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename, task->role->roletype,
-+ cred->uid, cred->gid, task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry,
++ GR_GLOBAL_UID(cred->uid), GR_GLOBAL_GID(cred->gid), task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry,
+ task->exec_file->f_path.mnt) : task->acl->filename, task->acl->filename,
+ 1UL, 1UL, gr_to_filename(dentry, mnt), (unsigned long) mode, &task->signal->saved_ip);
+
+}
+
+static void
-+gr_log_learn_id_change(const char type, const unsigned int real,
-+ const unsigned int effective, const unsigned int fs)
++gr_log_learn_uid_change(const kuid_t real, const kuid_t effective, const kuid_t fs)
+{
+ struct task_struct *task = current;
+ const struct cred *cred = current_cred();
+
+ security_learn(GR_ID_LEARN_MSG, task->role->rolename, task->role->roletype,
-+ cred->uid, cred->gid, task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry,
++ GR_GLOBAL_UID(cred->uid), GR_GLOBAL_GID(cred->gid), task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry,
+ task->exec_file->f_path.mnt) : task->acl->filename, task->acl->filename,
-+ type, real, effective, fs, &task->signal->saved_ip);
++ 'u', GR_GLOBAL_UID(real), GR_GLOBAL_UID(effective), GR_GLOBAL_UID(fs), &task->signal->saved_ip);
++
++ return;
++}
++
++static void
++gr_log_learn_gid_change(const kgid_t real, const kgid_t effective, const kgid_t fs)
++{
++ struct task_struct *task = current;
++ const struct cred *cred = current_cred();
++
++ security_learn(GR_ID_LEARN_MSG, task->role->rolename, task->role->roletype,
++ GR_GLOBAL_UID(cred->uid), GR_GLOBAL_GID(cred->gid), task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry,
++ task->exec_file->f_path.mnt) : task->acl->filename, task->acl->filename,
++ 'g', GR_GLOBAL_GID(real), GR_GLOBAL_GID(effective), GR_GLOBAL_GID(fs), &task->signal->saved_ip);
+
+ return;
+}
+extern int __gr_process_user_ban(struct user_struct *user);
+
+int
-+gr_check_user_change(int real, int effective, int fs)
++gr_check_user_change(kuid_t real, kuid_t effective, kuid_t fs)
+{
+ unsigned int i;
+ __u16 num;
+ uid_t *uidlist;
-+ int curuid;
++ uid_t curuid;
+ int realok = 0;
+ int effectiveok = 0;
+ int fsok = 0;
++ uid_t globalreal, globaleffective, globalfs;
+
+#if defined(CONFIG_GRKERNSEC_KERN_LOCKOUT) || defined(CONFIG_GRKERNSEC_BRUTE)
+ struct user_struct *user;
+
-+ if (real == -1)
++ if (!uid_valid(real))
+ goto skipit;
+
-+ user = find_user(real);
++ /* find user based on global namespace */
++
++ globalreal = GR_GLOBAL_UID(real);
++
++ user = find_user(make_kuid(&init_user_ns, globalreal));
+ if (user == NULL)
+ goto skipit;
+
+ return 0;
+
+ if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN))
-+ gr_log_learn_id_change('u', real, effective, fs);
++ gr_log_learn_uid_change(real, effective, fs);
+
+ num = current->acl->user_trans_num;
+ uidlist = current->acl->user_transitions;
+ if (uidlist == NULL)
+ return 0;
+
-+ if (real == -1)
++ if (!uid_valid(real)) {
+ realok = 1;
-+ if (effective == -1)
++ globalreal = (uid_t)-1;
++ } else {
++ globalreal = GR_GLOBAL_UID(real);
++ }
++ if (!uid_valid(effective)) {
+ effectiveok = 1;
-+ if (fs == -1)
++ globaleffective = (uid_t)-1;
++ } else {
++ globaleffective = GR_GLOBAL_UID(effective);
++ }
++ if (!uid_valid(fs)) {
+ fsok = 1;
++ globalfs = (uid_t)-1;
++ } else {
++ globalfs = GR_GLOBAL_UID(fs);
++ }
+
+ if (current->acl->user_trans_type & GR_ID_ALLOW) {
+ for (i = 0; i < num; i++) {
-+ curuid = (int)uidlist[i];
-+ if (real == curuid)
++ curuid = uidlist[i];
++ if (globalreal == curuid)
+ realok = 1;
-+ if (effective == curuid)
++ if (globaleffective == curuid)
+ effectiveok = 1;
-+ if (fs == curuid)
++ if (globalfs == curuid)
+ fsok = 1;
+ }
+ } else if (current->acl->user_trans_type & GR_ID_DENY) {
+ for (i = 0; i < num; i++) {
-+ curuid = (int)uidlist[i];
-+ if (real == curuid)
++ curuid = uidlist[i];
++ if (globalreal == curuid)
+ break;
-+ if (effective == curuid)
++ if (globaleffective == curuid)
+ break;
-+ if (fs == curuid)
++ if (globalfs == curuid)
+ break;
+ }
+ /* not in deny list */
+ if (realok && effectiveok && fsok)
+ return 0;
+ else {
-+ gr_log_int(GR_DONT_AUDIT, GR_USRCHANGE_ACL_MSG, realok ? (effectiveok ? (fsok ? 0 : fs) : effective) : real);
++ gr_log_int(GR_DONT_AUDIT, GR_USRCHANGE_ACL_MSG, realok ? (effectiveok ? (fsok ? 0 : globalfs) : globaleffective) : globalreal);
+ return 1;
+ }
+}
+
+int
-+gr_check_group_change(int real, int effective, int fs)
++gr_check_group_change(kgid_t real, kgid_t effective, kgid_t fs)
+{
+ unsigned int i;
+ __u16 num;
+ gid_t *gidlist;
-+ int curgid;
++ gid_t curgid;
+ int realok = 0;
+ int effectiveok = 0;
+ int fsok = 0;
++ gid_t globalreal, globaleffective, globalfs;
+
+ if (unlikely(!(gr_status & GR_READY)))
+ return 0;
+
+ if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN))
-+ gr_log_learn_id_change('g', real, effective, fs);
++ gr_log_learn_gid_change(real, effective, fs);
+
+ num = current->acl->group_trans_num;
+ gidlist = current->acl->group_transitions;
+ if (gidlist == NULL)
+ return 0;
+
-+ if (real == -1)
++ if (!gid_valid(real)) {
+ realok = 1;
-+ if (effective == -1)
++ globalreal = (gid_t)-1;
++ } else {
++ globalreal = GR_GLOBAL_GID(real);
++ }
++ if (!gid_valid(effective)) {
+ effectiveok = 1;
-+ if (fs == -1)
++ globaleffective = (gid_t)-1;
++ } else {
++ globaleffective = GR_GLOBAL_GID(effective);
++ }
++ if (!gid_valid(fs)) {
+ fsok = 1;
++ globalfs = (gid_t)-1;
++ } else {
++ globalfs = GR_GLOBAL_GID(fs);
++ }
+
+ if (current->acl->group_trans_type & GR_ID_ALLOW) {
+ for (i = 0; i < num; i++) {
-+ curgid = (int)gidlist[i];
-+ if (real == curgid)
++ curgid = gidlist[i];
++ if (globalreal == curgid)
+ realok = 1;
-+ if (effective == curgid)
++ if (globaleffective == curgid)
+ effectiveok = 1;
-+ if (fs == curgid)
++ if (globalfs == curgid)
+ fsok = 1;
+ }
+ } else if (current->acl->group_trans_type & GR_ID_DENY) {
+ for (i = 0; i < num; i++) {
-+ curgid = (int)gidlist[i];
-+ if (real == curgid)
++ curgid = gidlist[i];
++ if (globalreal == curgid)
+ break;
-+ if (effective == curgid)
++ if (globaleffective == curgid)
+ break;
-+ if (fs == curgid)
++ if (globalfs == curgid)
+ break;
+ }
+ /* not in deny list */
+ if (realok && effectiveok && fsok)
+ return 0;
+ else {
-+ gr_log_int(GR_DONT_AUDIT, GR_GRPCHANGE_ACL_MSG, realok ? (effectiveok ? (fsok ? 0 : fs) : effective) : real);
++ gr_log_int(GR_DONT_AUDIT, GR_GRPCHANGE_ACL_MSG, realok ? (effectiveok ? (fsok ? 0 : globalfs) : globaleffective) : globalreal);
+ return 1;
+ }
+}
+extern int gr_acl_is_capable(const int cap);
+
+void
-+gr_set_role_label(struct task_struct *task, const uid_t uid, const uid_t gid)
++gr_set_role_label(struct task_struct *task, const kuid_t kuid, const kgid_t kgid)
+{
+ struct acl_role_label *role = task->role;
+ struct acl_subject_label *subj = NULL;
+ struct acl_object_label *obj;
+ struct file *filp;
++ uid_t uid;
++ gid_t gid;
+
+ if (unlikely(!(gr_status & GR_READY)))
+ return;
+
++ uid = GR_GLOBAL_UID(kuid);
++ gid = GR_GLOBAL_GID(kgid);
++
+ filp = task->exec_file;
+
+ /* kernel process, we'll give them the kernel role */
+ task->is_writable = 1;
+
+#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG
-+ printk(KERN_ALERT "Set role label for (%s:%d): role:%s, subject:%s\n", task->comm, task->pid, task->role->rolename, task->acl->filename);
++ printk(KERN_ALERT "Set role label for (%s:%d): role:%s, subject:%s\n", task->comm, task_pid_nr(task), task->role->rolename, task->acl->filename);
+#endif
+
+ gr_set_proc_res(task);
+ gr_set_proc_res(task);
+
+#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG
-+ printk(KERN_ALERT "Set subject label for (%s:%d): role:%s, subject:%s\n", task->comm, task->pid, task->role->rolename, task->acl->filename);
++ printk(KERN_ALERT "Set subject label for (%s:%d): role:%s, subject:%s\n", task->comm, task_pid_nr(task), task->role->rolename, task->acl->filename);
+#endif
+ return 0;
+}
+ tsk->is_writable = 1;
+
+#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG
-+ printk(KERN_ALERT "Assigning special role:%s subject:%s to process (%s:%d)\n", tsk->role->rolename, tsk->acl->filename, tsk->comm, tsk->pid);
++ printk(KERN_ALERT "Assigning special role:%s subject:%s to process (%s:%d)\n", tsk->role->rolename, tsk->acl->filename, tsk->comm, task_pid_nr(tsk));
+#endif
+
+out_unlock:
+ if (file && S_ISCHR(file->f_path.dentry->d_inode->i_mode) &&
+ file->f_path.dentry->d_inode->i_rdev == our_file->f_path.dentry->d_inode->i_rdev) {
+ p3 = task;
-+ while (p3->pid > 0) {
++ while (task_pid_nr(p3) > 0) {
+ if (p3 == p)
+ break;
+ p3 = p3->real_parent;
+
+ if (gr_usermode->mode != GR_SPROLE && gr_usermode->mode != GR_STATUS &&
+ gr_usermode->mode != GR_UNSPROLE && gr_usermode->mode != GR_SPROLEPAM &&
-+ !uid_eq(current_uid(), GLOBAL_ROOT_UID)) {
++ gr_is_global_nonroot(current_uid())) {
+ error = -EPERM;
+ goto out;
+ }
+ gr_set_proc_res(task);
+
+#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG
-+ printk(KERN_ALERT "gr_set_acls for (%s:%d): role:%s, subject:%s\n", task->comm, task->pid, task->role->rolename, task->acl->filename);
++ printk(KERN_ALERT "gr_set_acls for (%s:%d): role:%s, subject:%s\n", task->comm, task_pid_nr(task), task->role->rolename, task->acl->filename);
+#endif
+ } else {
+ return 1;
+
+ if (task->exec_file) {
+ cred = __task_cred(task);
-+ task->role = lookup_acl_role_label(task, cred->uid, cred->gid);
++ task->role = lookup_acl_role_label(task, GR_GLOBAL_UID(cred->uid), GR_GLOBAL_GID(cred->gid));
+ ret = gr_apply_subject_to_task(task);
+ if (ret) {
+ read_unlock(&grsec_exec_file_lock);
+ read_unlock(&tasklist_lock);
+ rcu_read_unlock();
-+ gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_DEFACL_MSG, task->comm, task->pid);
++ gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_DEFACL_MSG, task->comm, task_pid_nr(task));
+ return ret;
+ }
+ } else {
+ rcu_read_lock();
+ cred = __task_cred(task);
+ security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename,
-+ task->role->roletype, cred->uid, cred->gid, acl->filename,
++ task->role->roletype, GR_GLOBAL_UID(cred->uid), GR_GLOBAL_GID(cred->gid), acl->filename,
+ acl->filename, acl->res[res].rlim_cur, acl->res[res].rlim_max,
+ "", (unsigned long) res, &task->signal->saved_ip);
+ rcu_read_unlock();
+ read_lock(&grsec_exec_file_lock);
+ filp = task->exec_file;
+
-+ while (tmp->pid > 0) {
++ while (task_pid_nr(tmp) > 0) {
+ if (tmp == curtemp)
+ break;
+ tmp = tmp->real_parent;
+ }
+
-+ if (!filp || (tmp->pid == 0 && ((grsec_enable_harden_ptrace && !uid_eq(current_uid(), GLOBAL_ROOT_UID) && !(gr_status & GR_READY)) ||
++ if (!filp || (task_pid_nr(tmp) == 0 && ((grsec_enable_harden_ptrace && gr_is_global_nonroot(current_uid()) && !(gr_status & GR_READY)) ||
+ ((gr_status & GR_READY) && !(current->acl->mode & GR_RELAXPTRACE))))) {
+ read_unlock(&grsec_exec_file_lock);
+ read_unlock(&tasklist_lock);
+
+ if (!(current->acl->mode & GR_POVERRIDE) && !(current->role->roletype & GR_ROLE_GOD)
+ && (current->acl != task->acl || (current->acl != current->role->root_label
-+ && current->pid != task->pid)))
++ && task_pid_nr(current) != task_pid_nr(task))))
+ return 1;
+
+ return 0;
+#endif
+ if (request == PTRACE_ATTACH || request == PTRACE_SEIZE) {
+ read_lock(&tasklist_lock);
-+ while (tmp->pid > 0) {
++ while (task_pid_nr(tmp) > 0) {
+ if (tmp == curtemp)
+ break;
+ tmp = tmp->real_parent;
+ }
+
-+ if (tmp->pid == 0 && ((grsec_enable_harden_ptrace && !uid_eq(current_uid(), GLOBAL_ROOT_UID) && !(gr_status & GR_READY)) ||
++ if (task_pid_nr(tmp) == 0 && ((grsec_enable_harden_ptrace && gr_is_global_nonroot(current_uid()) && !(gr_status & GR_READY)) ||
+ ((gr_status & GR_READY) && !(current->acl->mode & GR_RELAXPTRACE)))) {
+ read_unlock(&tasklist_lock);
+ gr_log_ptrace(GR_DONT_AUDIT, GR_PTRACE_ACL_MSG, task);
+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
+ cred = __task_cred(task);
+#ifdef CONFIG_GRKERNSEC_PROC_USER
-+ if (!uid_eq(cred->uid, GLOBAL_ROOT_UID))
++ if (gr_is_global_nonroot(cred->uid))
+ ret = -EACCES;
+#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
-+ if (!uid_eq(cred->uid, GLOBAL_ROOT_UID) && !groups_search(cred->group_info, grsec_proc_gid))
++ if (gr_is_global_nonroot(cred->uid) && !groups_search(cred->group_info, grsec_proc_gid))
+ ret = -EACCES;
+#endif
+#endif
+}
diff --git a/grsecurity/gracl_cap.c b/grsecurity/gracl_cap.c
new file mode 100644
-index 0000000..6d21049
+index 0000000..bdd51ea
--- /dev/null
+++ b/grsecurity/gracl_cap.c
@@ -0,0 +1,110 @@
+ if ((curracl->mode & (GR_LEARN | GR_INHERITLEARN))
+ && cap_raised(cred->cap_effective, cap)) {
+ security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename,
-+ task->role->roletype, cred->uid,
-+ cred->gid, task->exec_file ?
++ task->role->roletype, GR_GLOBAL_UID(cred->uid),
++ GR_GLOBAL_GID(cred->gid), task->exec_file ?
+ gr_to_filename(task->exec_file->f_path.dentry,
+ task->exec_file->f_path.mnt) : curracl->filename,
+ curracl->filename, 0UL,
+}
diff --git a/grsecurity/gracl_ip.c b/grsecurity/gracl_ip.c
new file mode 100644
-index 0000000..58800a7
+index 0000000..4699807
--- /dev/null
+++ b/grsecurity/gracl_ip.c
@@ -0,0 +1,384 @@
+ if (curr->mode & (GR_LEARN | GR_INHERITLEARN)) {
+ __u32 fakeip = 0;
+ security_learn(GR_IP_LEARN_MSG, current->role->rolename,
-+ current->role->roletype, cred->uid,
-+ cred->gid, current->exec_file ?
++ current->role->roletype, GR_GLOBAL_UID(cred->uid),
++ GR_GLOBAL_GID(cred->gid), current->exec_file ?
+ gr_to_filename(current->exec_file->f_path.dentry,
+ current->exec_file->f_path.mnt) :
+ curr->filename, curr->filename,
+ if (type == SOCK_RAW || type == SOCK_PACKET) {
+ __u32 fakeip = 0;
+ security_learn(GR_IP_LEARN_MSG, current->role->rolename,
-+ current->role->roletype, cred->uid,
-+ cred->gid, current->exec_file ?
++ current->role->roletype, GR_GLOBAL_UID(cred->uid),
++ GR_GLOBAL_GID(cred->gid), current->exec_file ?
+ gr_to_filename(current->exec_file->f_path.dentry,
+ current->exec_file->f_path.mnt) :
+ curr->filename, curr->filename,
+ } else if ((type == SOCK_DGRAM) && (protocol == IPPROTO_IP)) {
+ __u32 fakeip = 0;
+ security_learn(GR_IP_LEARN_MSG, current->role->rolename,
-+ current->role->roletype, cred->uid,
-+ cred->gid, current->exec_file ?
++ current->role->roletype, GR_GLOBAL_UID(cred->uid),
++ GR_GLOBAL_GID(cred->gid), current->exec_file ?
+ gr_to_filename(current->exec_file->f_path.dentry,
+ current->exec_file->f_path.mnt) :
+ curr->filename, curr->filename,
+
+ if (curr->mode & (GR_LEARN | GR_INHERITLEARN)) {
+ security_learn(GR_IP_LEARN_MSG, current->role->rolename,
-+ current->role->roletype, cred->uid,
-+ cred->gid, current->exec_file ?
++ current->role->roletype, GR_GLOBAL_UID(cred->uid),
++ GR_GLOBAL_GID(cred->gid), current->exec_file ?
+ gr_to_filename(current->exec_file->f_path.dentry,
+ current->exec_file->f_path.mnt) :
+ curr->filename, curr->filename,
+}
diff --git a/grsecurity/gracl_segv.c b/grsecurity/gracl_segv.c
new file mode 100644
-index 0000000..25197e9
+index 0000000..8c8fc9d
--- /dev/null
+++ b/grsecurity/gracl_segv.c
-@@ -0,0 +1,299 @@
+@@ -0,0 +1,303 @@
+#include <linux/kernel.h>
+#include <linux/mm.h>
+#include <asm/uaccess.h>
+}
+
+static __inline__ void
-+gr_insert_uid(const uid_t uid, const unsigned long expires)
++gr_insert_uid(const kuid_t kuid, const unsigned long expires)
+{
+ int loc;
++ uid_t uid = GR_GLOBAL_UID(kuid);
+
+ if (uid_used == GR_UIDTABLE_MAX)
+ return;
+}
+
+int
-+gr_check_crash_uid(const uid_t uid)
++gr_check_crash_uid(const kuid_t kuid)
+{
+ int loc;
+ int ret = 0;
++ uid_t uid;
+
+ if (unlikely(!gr_acl_is_enabled()))
+ return 0;
+
++ uid = GR_GLOBAL_UID(kuid);
++
+ spin_lock(&gr_uid_lock);
+ loc = gr_find_uid(uid);
+
+ if (!uid_eq(cred->uid, cred->euid) || !uid_eq(cred->uid, cred->suid) ||
+ !uid_eq(cred->uid, cred->fsuid))
+ return 1;
-+ if (!uid_eq(cred->gid, cred->egid) || !uid_eq(cred->gid, cred->sgid) ||
-+ !uid_eq(cred->gid, cred->fsgid))
++ if (!gid_eq(cred->gid, cred->egid) || !gid_eq(cred->gid, cred->sgid) ||
++ !gid_eq(cred->gid, cred->fsgid))
+ return 1;
+
+ return 0;
+ time_after(curr->expires, get_seconds())) {
+ rcu_read_lock();
+ cred = __task_cred(task);
-+ if (!uid_eq(cred->uid, GLOBAL_ROOT_UID) && proc_is_setxid(cred)) {
++ if (gr_is_global_nonroot(cred->uid) && proc_is_setxid(cred)) {
+ gr_log_crash1(GR_DONT_AUDIT, GR_SEGVSTART_ACL_MSG, task, curr->res[GR_CRASH_RES].rlim_max);
+ spin_lock(&gr_uid_lock);
+ gr_insert_uid(cred->uid, curr->expires);
+}
diff --git a/grsecurity/gracl_shm.c b/grsecurity/gracl_shm.c
new file mode 100644
-index 0000000..9d83a69
+index 0000000..98011b0
--- /dev/null
+++ b/grsecurity/gracl_shm.c
@@ -0,0 +1,40 @@
+
+int
+gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
-+ const time_t shm_createtime, const uid_t cuid, const int shmid)
++ const time_t shm_createtime, const kuid_t cuid, const int shmid)
+{
+ struct task_struct *task;
+
+ task = find_task_by_vpid(shm_lapid);
+
+ if (unlikely(task && (time_before_eq((unsigned long)task->start_time.tv_sec, (unsigned long)shm_createtime) ||
-+ (task->pid == shm_lapid)) &&
++ (task_pid_nr(task) == shm_lapid)) &&
+ (task->acl->mode & GR_PROTSHM) &&
+ (task->acl != current->acl))) {
+ read_unlock(&tasklist_lock);
+ rcu_read_unlock();
-+ gr_log_int3(GR_DONT_AUDIT, GR_SHMAT_ACL_MSG, cuid, shm_cprid, shmid);
++ gr_log_int3(GR_DONT_AUDIT, GR_SHMAT_ACL_MSG, GR_GLOBAL_UID(cuid), shm_cprid, shmid);
+ return 0;
+ }
+ read_unlock(&tasklist_lock);
+}
diff --git a/grsecurity/grsec_chroot.c b/grsecurity/grsec_chroot.c
new file mode 100644
-index 0000000..70fe0ae
+index 0000000..6d2de57
--- /dev/null
+++ b/grsecurity/grsec_chroot.c
@@ -0,0 +1,357 @@
+void gr_set_chroot_entries(struct task_struct *task, struct path *path)
+{
+#ifdef CONFIG_GRKERNSEC
-+ if (task->pid > 1 && path->dentry != init_task.fs->root.dentry &&
++ if (task_pid_nr(task) > 1 && path->dentry != init_task.fs->root.dentry &&
+ path->dentry != task->nsproxy->mnt_ns->root->mnt.mnt_root)
+ task->gr_is_chrooted = 1;
+ else
+#ifdef CONFIG_GRKERNSEC_CHROOT_NICE
+ if (grsec_enable_chroot_nice && (niceval < task_nice(p))
+ && proc_is_chrooted(current)) {
-+ gr_log_str_int(GR_DONT_AUDIT, GR_PRIORITY_CHROOT_MSG, p->comm, p->pid);
++ gr_log_str_int(GR_DONT_AUDIT, GR_PRIORITY_CHROOT_MSG, p->comm, task_pid_nr(p));
+ return -EACCES;
+ }
+#endif
+}
diff --git a/grsecurity/grsec_disabled.c b/grsecurity/grsec_disabled.c
new file mode 100644
-index 0000000..e6796b3
+index 0000000..207d409
--- /dev/null
+++ b/grsecurity/grsec_disabled.c
@@ -0,0 +1,434 @@
+}
+
+int
-+gr_check_crash_uid(const uid_t uid)
++gr_check_crash_uid(const kuid_t uid)
+{
+ return 0;
+}
+
+int
+gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
-+ const time_t shm_createtime, const uid_t cuid, const int shmid)
++ const time_t shm_createtime, const kuid_t cuid, const int shmid)
+{
+ return 1;
+}
+}
+
+void
-+gr_set_role_label(const uid_t uid, const gid_t gid)
++gr_set_role_label(const kuid_t uid, const kgid_t gid)
+{
+ return;
+}
+}
+
+int
-+gr_check_user_change(int real, int effective, int fs)
++gr_check_user_change(kuid_t real, kuid_t effective, kuid_t fs)
+{
+ return 0;
+}
+
+int
-+gr_check_group_change(int real, int effective, int fs)
++gr_check_group_change(kgid_t real, kgid_t effective, kgid_t fs)
+{
+ return 0;
+}
+EXPORT_SYMBOL(gr_task_is_capable_nolog);
diff --git a/grsecurity/grsec_fifo.c b/grsecurity/grsec_fifo.c
new file mode 100644
-index 0000000..d3ee748
+index 0000000..06cc6ea
--- /dev/null
+++ b/grsecurity/grsec_fifo.c
@@ -0,0 +1,24 @@
+
+ if (grsec_enable_fifo && S_ISFIFO(dentry->d_inode->i_mode) &&
+ !(flag & O_EXCL) && (dir->d_inode->i_mode & S_ISVTX) &&
-+ (dentry->d_inode->i_uid != dir->d_inode->i_uid) &&
-+ (cred->fsuid != dentry->d_inode->i_uid)) {
++ !uid_eq(dentry->d_inode->i_uid, dir->d_inode->i_uid) &&
++ !uid_eq(cred->fsuid, dentry->d_inode->i_uid)) {
+ if (!inode_permission(dentry->d_inode, acc_mode))
-+ gr_log_fs_int2(GR_DONT_AUDIT, GR_FIFO_MSG, dentry, mnt, dentry->d_inode->i_uid, dentry->d_inode->i_gid);
++ gr_log_fs_int2(GR_DONT_AUDIT, GR_FIFO_MSG, dentry, mnt, GR_GLOBAL_UID(dentry->d_inode->i_uid), GR_GLOBAL_GID(dentry->d_inode->i_gid));
+ return -EACCES;
+ }
+#endif
+}
diff --git a/grsecurity/grsec_init.c b/grsecurity/grsec_init.c
new file mode 100644
-index 0000000..05a6015
+index 0000000..a862e9f
--- /dev/null
+++ b/grsecurity/grsec_init.c
@@ -0,0 +1,283 @@
+int grsec_enable_ptrace_readexec;
+int grsec_enable_setxid;
+int grsec_enable_symlinkown;
-+int grsec_symlinkown_gid;
++kgid_t grsec_symlinkown_gid;
+int grsec_enable_brute;
+int grsec_enable_link;
+int grsec_enable_dmesg;
+int grsec_enable_time;
+int grsec_enable_audit_textrel;
+int grsec_enable_group;
-+int grsec_audit_gid;
++kgid_t grsec_audit_gid;
+int grsec_enable_chdir;
+int grsec_enable_mount;
+int grsec_enable_rofs;
+int grsec_enable_chroot_sysctl;
+int grsec_enable_chroot_unix;
+int grsec_enable_tpe;
-+int grsec_tpe_gid;
++kgid_t grsec_tpe_gid;
+int grsec_enable_blackhole;
+#ifdef CONFIG_IPV6_MODULE
+EXPORT_SYMBOL(grsec_enable_blackhole);
+int grsec_enable_tpe_all;
+int grsec_enable_tpe_invert;
+int grsec_enable_socket_all;
-+int grsec_socket_all_gid;
++kgid_t grsec_socket_all_gid;
+int grsec_enable_socket_client;
-+int grsec_socket_client_gid;
++kgid_t grsec_socket_client_gid;
+int grsec_enable_socket_server;
-+int grsec_socket_server_gid;
++kgid_t grsec_socket_server_gid;
+int grsec_resource_logging;
+int grsec_disable_privio;
+int grsec_enable_log_rwxmaps;
+#endif
+#ifdef CONFIG_GRKERNSEC_AUDIT_GROUP
+ grsec_enable_group = 1;
-+ grsec_audit_gid = CONFIG_GRKERNSEC_AUDIT_GID;
++ grsec_audit_gid = KGIDT_INIT(CONFIG_GRKERNSEC_AUDIT_GID);
+#endif
+#ifdef CONFIG_GRKERNSEC_PTRACE_READEXEC
+ grsec_enable_ptrace_readexec = 1;
+#endif
+#ifdef CONFIG_GRKERNSEC_SYMLINKOWN
+ grsec_enable_symlinkown = 1;
-+ grsec_symlinkown_gid = CONFIG_GRKERNSEC_SYMLINKOWN_GID;
++ grsec_symlinkown_gid = KGIDT_INIT(CONFIG_GRKERNSEC_SYMLINKOWN_GID);
+#endif
+#ifdef CONFIG_GRKERNSEC_TPE
+ grsec_enable_tpe = 1;
-+ grsec_tpe_gid = CONFIG_GRKERNSEC_TPE_GID;
++ grsec_tpe_gid = KGIDT_INIT(CONFIG_GRKERNSEC_TPE_GID);
+#ifdef CONFIG_GRKERNSEC_TPE_ALL
+ grsec_enable_tpe_all = 1;
+#endif
+#endif
+#ifdef CONFIG_GRKERNSEC_SOCKET_ALL
+ grsec_enable_socket_all = 1;
-+ grsec_socket_all_gid = CONFIG_GRKERNSEC_SOCKET_ALL_GID;
++ grsec_socket_all_gid = KGIDT_INIT(CONFIG_GRKERNSEC_SOCKET_ALL_GID);
+#endif
+#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT
+ grsec_enable_socket_client = 1;
-+ grsec_socket_client_gid = CONFIG_GRKERNSEC_SOCKET_CLIENT_GID;
++ grsec_socket_client_gid = KGIDT_INIT(CONFIG_GRKERNSEC_SOCKET_CLIENT_GID);
+#endif
+#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER
+ grsec_enable_socket_server = 1;
-+ grsec_socket_server_gid = CONFIG_GRKERNSEC_SOCKET_SERVER_GID;
++ grsec_socket_server_gid = KGIDT_INIT(CONFIG_GRKERNSEC_SOCKET_SERVER_GID);
+#endif
+#endif
+
+}
diff --git a/grsecurity/grsec_link.c b/grsecurity/grsec_link.c
new file mode 100644
-index 0000000..6095407
+index 0000000..5e05e20
--- /dev/null
+++ b/grsecurity/grsec_link.c
@@ -0,0 +1,58 @@
+
+ if (grsec_enable_symlinkown && in_group_p(grsec_symlinkown_gid) &&
+ /* ignore root-owned links, e.g. /proc/self */
-+ !uid_eq(link_inode->i_uid, GLOBAL_ROOT_UID) && target &&
++ gr_is_global_nonroot(link_inode->i_uid) && target &&
+ !uid_eq(link_inode->i_uid, target->i_uid)) {
+ gr_log_fs_int2(GR_DONT_AUDIT, GR_SYMLINKOWNER_MSG, link->dentry, link->mnt, link_inode->i_uid, target->i_uid);
+ return 1;
+ if (grsec_enable_link && !uid_eq(cred->fsuid, inode->i_uid) &&
+ (!S_ISREG(mode) || is_privileged_binary(dentry) ||
+ (inode_permission(inode, MAY_READ | MAY_WRITE))) &&
-+ !capable(CAP_FOWNER) && !uid_eq(cred->uid, GLOBAL_ROOT_UID)) {
++ !capable(CAP_FOWNER) && gr_is_global_nonroot(cred->uid)) {
+ gr_log_fs_int2_str(GR_DONT_AUDIT, GR_HARDLINK_MSG, dentry, mnt, inode->i_uid, inode->i_gid, to->name);
+ return -EPERM;
+ }
+}
diff --git a/grsecurity/grsec_log.c b/grsecurity/grsec_log.c
new file mode 100644
-index 0000000..7bd6c2b
+index 0000000..7c06085
--- /dev/null
+++ b/grsecurity/grsec_log.c
-@@ -0,0 +1,329 @@
+@@ -0,0 +1,326 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/file.h>
+#define ENABLE_PREEMPT()
+#endif
+
-+#define GR_GLOBAL_UID(x) from_kuid_munged(&init_user_ns, (x))
-+#define GR_GLOBAL_GID(x) from_kgid_munged(&init_user_ns, (x))
-+
+#define BEGIN_LOCKS(x) \
+ DISABLE_PREEMPT(); \
+ rcu_read_lock(); \
+}
diff --git a/grsecurity/grsec_sig.c b/grsecurity/grsec_sig.c
new file mode 100644
-index 0000000..5c00416
+index 0000000..e09715a
--- /dev/null
+++ b/grsecurity/grsec_sig.c
@@ -0,0 +1,222 @@
+#ifdef CONFIG_GRKERNSEC_SIGNAL
+ if (grsec_enable_signal && ((sig == SIGSEGV) || (sig == SIGILL) ||
+ (sig == SIGABRT) || (sig == SIGBUS))) {
-+ if (t->pid == current->pid) {
++ if (task_pid_nr(t) == task_pid_nr(current)) {
+ gr_log_sig_addr(GR_DONT_AUDIT_GOOD, GR_UNISIGLOG_MSG, signames[sig], addr);
+ } else {
+ gr_log_sig_task(GR_DONT_AUDIT_GOOD, GR_DUALSIGLOG_MSG, t, sig);
+{
+#ifdef CONFIG_GRKERNSEC
+ /* ignore the 0 signal for protected task checks */
-+ if (current->pid > 1 && sig && gr_check_protected_task(p)) {
++ if (task_pid_nr(current) > 1 && sig && gr_check_protected_task(p)) {
+ gr_log_sig_task(GR_DONT_AUDIT, GR_SIG_ACL_MSG, p, sig);
+ return -EPERM;
+ } else if (gr_pid_is_chrooted((struct task_struct *)p)) {
+ const struct cred *cred = __task_cred(p), *cred2;
+ struct task_struct *tsk, *tsk2;
+
-+ if (!__get_dumpable(mm_flags) && !uid_eq(cred->uid, GLOBAL_ROOT_UID)) {
++ if (!__get_dumpable(mm_flags) && gr_is_global_nonroot(cred->uid)) {
+ struct user_struct *user;
+
+ uid = cred->uid;
+ read_unlock(&tasklist_lock);
+ rcu_read_unlock();
+
-+ if (!uid_eq(uid, GLOBAL_ROOT_UID))
++ if (gr_is_global_nonroot(uid))
+ printk(KERN_ALERT "grsec: bruteforce prevention initiated against uid %u, banning for %d minutes\n",
-+ from_kuid_munged(&init_user_ns, uid), GR_USER_BAN_TIME / 60);
++ GR_GLOBAL_UID(uid), GR_USER_BAN_TIME / 60);
+ else if (daemon)
+ gr_log_noargs(GR_DONT_AUDIT, GR_BRUTE_DAEMON_MSG);
+
+
+ uid = current_uid();
+
-+ if (uid_eq(uid, GLOBAL_ROOT_UID))
++ if (gr_is_global_root(uid))
+ panic("grsec: halting the system due to suspicious kernel crash caused by root");
+ else {
+ /* kill all the processes of this user, hold a reference
+ another process until system reset
+ */
+ printk(KERN_ALERT "grsec: banning user with uid %u until system restart for suspicious kernel crash\n",
-+ from_kuid_munged(&init_user_ns, uid));
++ GR_GLOBAL_UID(uid));
+ /* we intentionally leak this ref */
+ user = get_uid(current->cred->user);
+ if (user) {
+EXPORT_SYMBOL(gr_log_timechange);
diff --git a/grsecurity/grsec_tpe.c b/grsecurity/grsec_tpe.c
new file mode 100644
-index 0000000..07e0dc0
+index 0000000..ee57dcf
--- /dev/null
+++ b/grsecurity/grsec_tpe.c
@@ -0,0 +1,73 @@
+ char *msg2 = NULL;
+
+ // never restrict root
-+ if (!cred->uid)
++ if (gr_is_global_root(cred->uid))
+ return 1;
+
+ if (grsec_enable_tpe) {
+ if (!msg)
+ goto next_check;
+
-+ if (inode->i_uid)
++ if (gr_is_global_nonroot(inode->i_uid))
+ msg2 = "file in non-root-owned directory";
+ else if (inode->i_mode & S_IWOTH)
+ msg2 = "file in world-writable directory";
+ if (!grsec_enable_tpe || !grsec_enable_tpe_all)
+ return 1;
+
-+ if (inode->i_uid && (inode->i_uid != cred->uid))
++ if (gr_is_global_nonroot(inode->i_uid) && !uid_eq(inode->i_uid, cred->uid))
+ msg = "directory not owned by user";
+ else if (inode->i_mode & S_IWOTH)
+ msg = "file in world-writable directory";
* (puds are folded into pgds so this doesn't get actually called,
* but the define is needed for a generic inline function.)
diff --git a/include/asm-generic/pgtable.h b/include/asm-generic/pgtable.h
-index b36ce40..019426d 100644
+index 5cf680a..4b74d62 100644
--- a/include/asm-generic/pgtable.h
+++ b/include/asm-generic/pgtable.h
-@@ -554,6 +554,14 @@ static inline int pmd_trans_unstable(pmd_t *pmd)
- #endif
+@@ -688,6 +688,14 @@ static inline pmd_t pmd_mknuma(pmd_t pmd)
}
+ #endif /* CONFIG_NUMA_BALANCING */
+#ifndef __HAVE_ARCH_PAX_OPEN_KERNEL
+static inline unsigned long pax_open_kernel(void) { return 0; }
struct crypto_instance {
struct crypto_alg alg;
diff --git a/include/drm/drmP.h b/include/drm/drmP.h
-index 3fd8280..2b3c415 100644
+index fad21c9..ab858bc 100644
--- a/include/drm/drmP.h
+++ b/include/drm/drmP.h
@@ -72,6 +72,7 @@
#include <drm/drm.h>
#include <drm/drm_sarea.h>
-@@ -1068,7 +1069,7 @@ struct drm_device {
+@@ -293,10 +294,12 @@ do { \
+ * \param cmd command.
+ * \param arg argument.
+ */
+-typedef int drm_ioctl_t(struct drm_device *dev, void *data,
++typedef int (* const drm_ioctl_t)(struct drm_device *dev, void *data,
++ struct drm_file *file_priv);
++typedef int (* drm_ioctl_no_const_t)(struct drm_device *dev, void *data,
+ struct drm_file *file_priv);
+
+-typedef int drm_ioctl_compat_t(struct file *filp, unsigned int cmd,
++typedef int (* const drm_ioctl_compat_t)(struct file *filp, unsigned int cmd,
+ unsigned long arg);
+
+ #define DRM_IOCTL_NR(n) _IOC_NR(n)
+@@ -311,9 +314,9 @@ typedef int drm_ioctl_compat_t(struct file *filp, unsigned int cmd,
+ struct drm_ioctl_desc {
+ unsigned int cmd;
+ int flags;
+- drm_ioctl_t *func;
++ drm_ioctl_t func;
+ unsigned int cmd_drv;
+-};
++} __do_const;
+
+ /**
+ * Creates a driver or general drm_ioctl_desc array entry for the given
+@@ -995,7 +998,7 @@ struct drm_info_list {
+ int (*show)(struct seq_file*, void*); /** show callback */
+ u32 driver_features; /**< Required driver features for this entry */
+ void *data;
+-};
++} __do_const;
+
+ /**
+ * debugfs node structure. This structure represents a debugfs file.
+@@ -1068,7 +1071,7 @@ struct drm_device {
/** \name Usage Counters */
/*@{ */
atomic_t ioctl_count; /**< Outstanding IOCTLs pending */
atomic_t vma_count; /**< Outstanding vma areas open */
int buf_use; /**< Buffers in use -- cannot alloc */
-@@ -1079,7 +1080,7 @@ struct drm_device {
+@@ -1079,7 +1082,7 @@ struct drm_device {
/*@{ */
unsigned long counters;
enum drm_stat_type types[15];
struct list_head filelist;
diff --git a/include/drm/drm_crtc_helper.h b/include/drm/drm_crtc_helper.h
-index e01cc80..6fb6f25 100644
+index f43d556..94d9343 100644
--- a/include/drm/drm_crtc_helper.h
+++ b/include/drm/drm_crtc_helper.h
@@ -109,7 +109,7 @@ struct drm_encoder_helper_funcs {
/**
* drm_connector_helper_funcs - helper operations for connectors
diff --git a/include/drm/ttm/ttm_memory.h b/include/drm/ttm/ttm_memory.h
-index d6d1da4..fdd1ac5 100644
+index 72dcbe8..8db58d7 100644
--- a/include/drm/ttm/ttm_memory.h
+++ b/include/drm/ttm/ttm_memory.h
@@ -48,7 +48,7 @@
/**
* struct ttm_mem_global - Global memory accounting structure.
+diff --git a/include/keys/asymmetric-subtype.h b/include/keys/asymmetric-subtype.h
+index 4b840e8..155d235 100644
+--- a/include/keys/asymmetric-subtype.h
++++ b/include/keys/asymmetric-subtype.h
+@@ -37,7 +37,7 @@ struct asymmetric_key_subtype {
+ /* Verify the signature on a key of this subtype (optional) */
+ int (*verify_signature)(const struct key *key,
+ const struct public_key_signature *sig);
+-};
++} __do_const;
+
+ /**
+ * asymmetric_key_subtype - Get the subtype from an asymmetric key
diff --git a/include/linux/atmdev.h b/include/linux/atmdev.h
-index 22ef21c..75904ba 100644
+index c1da539..1dcec55 100644
--- a/include/linux/atmdev.h
+++ b/include/linux/atmdev.h
@@ -28,7 +28,7 @@ struct compat_atm_iobuf {
__AAL_STAT_ITEMS
#undef __HANDLE_ITEM
};
+@@ -200,7 +200,7 @@ struct atmdev_ops { /* only send is required */
+ int (*change_qos)(struct atm_vcc *vcc,struct atm_qos *qos,int flags);
+ int (*proc_read)(struct atm_dev *dev,loff_t *pos,char *page);
+ struct module *owner;
+-};
++} __do_const ;
+
+ struct atmphy_ops {
+ int (*start)(struct atm_dev *dev);
diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h
-index de0628e..38f42eb 100644
+index 0530b98..96a8ac0 100644
--- a/include/linux/binfmts.h
+++ b/include/linux/binfmts.h
-@@ -75,6 +75,7 @@ struct linux_binfmt {
- int (*load_binary)(struct linux_binprm *, struct pt_regs * regs);
+@@ -73,8 +73,9 @@ struct linux_binfmt {
+ int (*load_binary)(struct linux_binprm *);
int (*load_shlib)(struct file *);
int (*core_dump)(struct coredump_params *cprm);
+ void (*handle_mprotect)(struct vm_area_struct *vma, unsigned long newflags);
unsigned long min_coredump; /* minimal dump size */
- };
+-};
++} __do_const;
+
+ extern void __register_binfmt(struct linux_binfmt *fmt, int insert);
diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h
-index 1756001..ab117ec 100644
+index f94bc83..62b9cfe 100644
--- a/include/linux/blkdev.h
+++ b/include/linux/blkdev.h
-@@ -1478,7 +1478,7 @@ struct block_device_operations {
+@@ -1498,7 +1498,7 @@ struct block_device_operations {
/* this callback is with swap_lock and sometimes page table lock held */
void (*swap_slot_free_notify) (struct block_device *, unsigned long);
struct module *owner;
extern struct cleancache_ops
cleancache_register_ops(struct cleancache_ops *ops);
diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h
-index 412bc6c..c31666e 100644
+index 662fd1b..e801992 100644
--- a/include/linux/compiler-gcc4.h
+++ b/include/linux/compiler-gcc4.h
-@@ -32,6 +32,21 @@
- #define __linktime_error(message) __attribute__((__error__(message)))
+@@ -34,6 +34,21 @@
+ #define __UNIQUE_ID(prefix) __PASTE(__PASTE(__UNIQUE_ID_, prefix), __COUNTER__)
#if __GNUC_MINOR__ >= 5
+
/*
* Mark a position in code as unreachable. This can be used to
* suppress control flow warnings after asm blocks that transfer
-@@ -47,6 +62,11 @@
+@@ -49,6 +64,11 @@
#define __noclone __attribute__((__noclone__))
#endif
#if __GNUC_MINOR__ >= 6
diff --git a/include/linux/compiler.h b/include/linux/compiler.h
-index f430e41..38be90f 100644
+index dd852b7..72924c0 100644
--- a/include/linux/compiler.h
+++ b/include/linux/compiler.h
-@@ -5,31 +5,62 @@
+@@ -5,11 +5,14 @@
#ifdef __CHECKER__
# define __user __attribute__((noderef, address_space(1)))
# define __nocast __attribute__((nocast))
# define __iomem __attribute__((noderef, address_space(2)))
+# define __force_iomem __force __iomem
+ # define __must_hold(x) __attribute__((context(x,1,1)))
# define __acquires(x) __attribute__((context(x,0,1)))
# define __releases(x) __attribute__((context(x,1,0)))
- # define __acquire(x) __context__(x,1)
+@@ -17,20 +20,48 @@
# define __release(x) __context__(x,-1)
# define __cond_lock(x,c) ((c) ? ({ __acquire(x); 1; }) : 0)
# define __percpu __attribute__((noderef, address_space(3)))
# define __chk_user_ptr(x) (void)0
# define __chk_io_ptr(x) (void)0
# define __builtin_warning(x, y...) (1)
-@@ -39,7 +70,9 @@ extern void __chk_io_ptr(const volatile void __iomem *);
+@@ -41,7 +72,9 @@ extern void __chk_io_ptr(const volatile void __iomem *);
# define __release(x) (void)0
# define __cond_lock(x,c) (c)
# define __percpu
+# define __force_rcu
#endif
- #ifdef __KERNEL__
-@@ -264,6 +297,26 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect);
+ /* Indirect macros required for expanded argument pasting, eg. __LINE__. */
+@@ -275,6 +308,26 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect);
# define __attribute_const__ /* unimplemented */
#endif
/*
* Tell gcc if a function is cold. The compiler will assume any path
* directly leading to the call is unlikely.
-@@ -273,6 +326,22 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect);
+@@ -284,6 +337,22 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect);
#define __cold
#endif
/* Simple shorthand for a section definition */
#ifndef __section
# define __section(S) __attribute__ ((__section__(#S)))
-@@ -312,6 +381,7 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect);
+@@ -323,6 +392,7 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect);
* use is to mediate communication between process-level code and irq/NMI
* handlers, all running on the same CPU.
*/
+#define ACCESS_ONCE_RW(x) (*(volatile typeof(x) *)&(x))
#endif /* __LINUX_COMPILER_H */
+diff --git a/include/linux/configfs.h b/include/linux/configfs.h
+index 34025df..d94bbbc 100644
+--- a/include/linux/configfs.h
++++ b/include/linux/configfs.h
+@@ -125,7 +125,7 @@ struct configfs_attribute {
+ const char *ca_name;
+ struct module *ca_owner;
+ umode_t ca_mode;
+-};
++} __do_const;
+
+ /*
+ * Users often need to create attribute structures for their configurable
+diff --git a/include/linux/cpu.h b/include/linux/cpu.h
+index ce7a074..01ab8ac 100644
+--- a/include/linux/cpu.h
++++ b/include/linux/cpu.h
+@@ -115,7 +115,7 @@ enum {
+ /* Need to know about CPUs going up/down? */
+ #if defined(CONFIG_HOTPLUG_CPU) || !defined(MODULE)
+ #define cpu_notifier(fn, pri) { \
+- static struct notifier_block fn##_nb __cpuinitdata = \
++ static struct notifier_block fn##_nb = \
+ { .notifier_call = fn, .priority = pri }; \
+ register_cpu_notifier(&fn##_nb); \
+ }
+diff --git a/include/linux/cpufreq.h b/include/linux/cpufreq.h
+index a55b88e..fba90c5 100644
+--- a/include/linux/cpufreq.h
++++ b/include/linux/cpufreq.h
+@@ -240,7 +240,7 @@ struct cpufreq_driver {
+ int (*suspend) (struct cpufreq_policy *policy);
+ int (*resume) (struct cpufreq_policy *policy);
+ struct freq_attr **attr;
+-};
++} __do_const;
+
+ /* flags */
+
+@@ -299,6 +299,7 @@ struct global_attr {
+ ssize_t (*store)(struct kobject *a, struct attribute *b,
+ const char *c, size_t count);
+ };
++typedef struct global_attr __no_const global_attr_no_const;
+
+ #define define_one_global_ro(_name) \
+ static struct global_attr _name = \
+diff --git a/include/linux/cpuidle.h b/include/linux/cpuidle.h
+index 24cd1037..20a63aae 100644
+--- a/include/linux/cpuidle.h
++++ b/include/linux/cpuidle.h
+@@ -54,7 +54,8 @@ struct cpuidle_state {
+ int index);
+
+ int (*enter_dead) (struct cpuidle_device *dev, int index);
+-};
++} __do_const;
++typedef struct cpuidle_state __no_const cpuidle_state_no_const;
+
+ /* Idle State Flags */
+ #define CPUIDLE_FLAG_TIME_VALID (0x01) /* is residency time measurable? */
+@@ -216,7 +217,7 @@ struct cpuidle_governor {
+ void (*reflect) (struct cpuidle_device *dev, int index);
+
+ struct module *owner;
+-};
++} __do_const;
+
+ #ifdef CONFIG_CPU_IDLE
+
diff --git a/include/linux/cred.h b/include/linux/cred.h
-index ebbed2c..908cc2c 100644
+index 04421e8..6bce4ef 100644
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
-@@ -208,6 +208,9 @@ static inline void validate_creds_for_do_exit(struct task_struct *tsk)
+@@ -194,6 +194,9 @@ static inline void validate_creds_for_do_exit(struct task_struct *tsk)
static inline void validate_process_creds(void)
{
}
#define free(a) kfree(a)
#define large_malloc(a) vmalloc(a)
+diff --git a/include/linux/devfreq.h b/include/linux/devfreq.h
+index e83ef39..33e0eb3 100644
+--- a/include/linux/devfreq.h
++++ b/include/linux/devfreq.h
+@@ -114,7 +114,7 @@ struct devfreq_governor {
+ int (*get_target_freq)(struct devfreq *this, unsigned long *freq);
+ int (*event_handler)(struct devfreq *devfreq,
+ unsigned int event, void *data);
+-};
++} __do_const;
+
+ /**
+ * struct devfreq - Device devfreq structure
+diff --git a/include/linux/device.h b/include/linux/device.h
+index 43dcda9..7a1fb65 100644
+--- a/include/linux/device.h
++++ b/include/linux/device.h
+@@ -294,7 +294,7 @@ struct subsys_interface {
+ struct list_head node;
+ int (*add_dev)(struct device *dev, struct subsys_interface *sif);
+ int (*remove_dev)(struct device *dev, struct subsys_interface *sif);
+-};
++} __do_const;
+
+ int subsys_interface_register(struct subsys_interface *sif);
+ void subsys_interface_unregister(struct subsys_interface *sif);
+@@ -474,7 +474,7 @@ struct device_type {
+ void (*release)(struct device *dev);
+
+ const struct dev_pm_ops *pm;
+-};
++} __do_const;
+
+ /* interface for exporting device attributes */
+ struct device_attribute {
+@@ -484,11 +484,12 @@ struct device_attribute {
+ ssize_t (*store)(struct device *dev, struct device_attribute *attr,
+ const char *buf, size_t count);
+ };
++typedef struct device_attribute __no_const device_attribute_no_const;
+
+ struct dev_ext_attribute {
+ struct device_attribute attr;
+ void *var;
+-};
++} __do_const;
+
+ ssize_t device_show_ulong(struct device *dev, struct device_attribute *attr,
+ char *buf);
diff --git a/include/linux/dma-mapping.h b/include/linux/dma-mapping.h
index 94af418..b1ca7a2 100644
--- a/include/linux/dma-mapping.h
struct dma_pinned_list *pinned_list, struct page *page,
unsigned int offset, size_t len);
+diff --git a/include/linux/efi.h b/include/linux/efi.h
+index 7a9498a..155713d 100644
+--- a/include/linux/efi.h
++++ b/include/linux/efi.h
+@@ -733,6 +733,7 @@ struct efivar_operations {
+ efi_set_variable_t *set_variable;
+ efi_query_variable_info_t *query_variable_info;
+ };
++typedef struct efivar_operations __no_const efivar_operations_no_const;
+
+ struct efivars {
+ /*
diff --git a/include/linux/elf.h b/include/linux/elf.h
index 8c9048e..16a4665 100644
--- a/include/linux/elf.h
#endif
+diff --git a/include/linux/extcon.h b/include/linux/extcon.h
+index fcb51c8..bdafcf6 100644
+--- a/include/linux/extcon.h
++++ b/include/linux/extcon.h
+@@ -134,7 +134,7 @@ struct extcon_dev {
+ /* /sys/class/extcon/.../mutually_exclusive/... */
+ struct attribute_group attr_g_muex;
+ struct attribute **attrs_muex;
+- struct device_attribute *d_attrs_muex;
++ device_attribute_no_const *d_attrs_muex;
+ };
+
+ /**
+diff --git a/include/linux/fb.h b/include/linux/fb.h
+index c7a9571..02eeffe 100644
+--- a/include/linux/fb.h
++++ b/include/linux/fb.h
+@@ -302,7 +302,7 @@ struct fb_ops {
+ /* called at KDB enter and leave time to prepare the console */
+ int (*fb_debug_enter)(struct fb_info *info);
+ int (*fb_debug_leave)(struct fb_info *info);
+-};
++} __do_const;
+
+ #ifdef CONFIG_FB_TILEBLITTING
+ #define FB_TILE_CURSOR_NONE 0
diff --git a/include/linux/filter.h b/include/linux/filter.h
-index 24d251f..7afb83d 100644
+index c45eabc..baa0be5 100644
--- a/include/linux/filter.h
+++ b/include/linux/filter.h
@@ -20,6 +20,7 @@ struct compat_sock_fprog {
extern bool frontswap_enabled;
extern struct frontswap_ops
diff --git a/include/linux/fs.h b/include/linux/fs.h
-index 75fe9a1..8417cac 100644
+index 7617ee0..b575199 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
-@@ -1543,7 +1543,8 @@ struct file_operations {
- int (*setlease)(struct file *, long, struct file_lock **);
+@@ -1541,7 +1541,8 @@ struct file_operations {
long (*fallocate)(struct file *file, int mode, loff_t offset,
loff_t len);
+ int (*show_fdinfo)(struct seq_file *m, struct file *f);
-};
+} __do_const;
+typedef struct file_operations __no_const file_operations_no_const;
struct inode_operations {
struct dentry * (*lookup) (struct inode *,struct dentry *, unsigned int);
-@@ -2667,4 +2668,14 @@ static inline void inode_has_no_xattr(struct inode *inode)
+@@ -2665,4 +2666,14 @@ static inline void inode_has_no_xattr(struct inode *inode)
inode->i_flags |= S_NOSEC;
}
+
#endif /* _LINUX_FS_H */
diff --git a/include/linux/fs_struct.h b/include/linux/fs_struct.h
-index 003dc0f..3c4ea97 100644
+index d0ae3a8..0244b34 100644
--- a/include/linux/fs_struct.h
+++ b/include/linux/fs_struct.h
@@ -6,7 +6,7 @@
seqcount_t seq;
int umask;
diff --git a/include/linux/fscache-cache.h b/include/linux/fscache-cache.h
-index ce31408..b1ad003 100644
+index 5dfa0aa..6acf322 100644
--- a/include/linux/fscache-cache.h
+++ b/include/linux/fscache-cache.h
-@@ -102,7 +102,7 @@ struct fscache_operation {
+@@ -112,7 +112,7 @@ struct fscache_operation {
fscache_operation_release_t release;
};
extern void fscache_op_work_func(struct work_struct *work);
extern void fscache_enqueue_operation(struct fscache_operation *);
-@@ -122,7 +122,7 @@ static inline void fscache_operation_init(struct fscache_operation *op,
- {
+@@ -134,7 +134,7 @@ static inline void fscache_operation_init(struct fscache_operation *op,
INIT_WORK(&op->work, fscache_op_work_func);
atomic_set(&op->usage, 1);
+ op->state = FSCACHE_OP_ST_INITIALISED;
- op->debug_id = atomic_inc_return(&fscache_op_debug_id);
+ op->debug_id = atomic_inc_return_unchecked(&fscache_op_debug_id);
op->processor = processor;
op->release = release;
INIT_LIST_HEAD(&op->pend_link);
+diff --git a/include/linux/fscache.h b/include/linux/fscache.h
+index 7a08623..4c07b0f 100644
+--- a/include/linux/fscache.h
++++ b/include/linux/fscache.h
+@@ -152,7 +152,7 @@ struct fscache_cookie_def {
+ * - this is mandatory for any object that may have data
+ */
+ void (*now_uncached)(void *cookie_netfs_data);
+-};
++} __do_const;
+
+ /*
+ * fscache cached network filesystem type
diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h
index 0fbfb46..508eb0d 100644
--- a/include/linux/fsnotify.h
/*
diff --git a/include/linux/ftrace_event.h b/include/linux/ftrace_event.h
-index 642928c..93afe6a 100644
+index a3d4895..ddd2a50 100644
--- a/include/linux/ftrace_event.h
+++ b/include/linux/ftrace_event.h
-@@ -266,7 +266,7 @@ extern int trace_define_field(struct ftrace_event_call *call, const char *type,
+@@ -272,7 +272,7 @@ extern int trace_define_field(struct ftrace_event_call *call, const char *type,
extern int trace_add_event_call(struct ftrace_event_call *call);
extern void trace_remove_event_call(struct ftrace_event_call *call);
int trace_set_clr_event(const char *system, const char *event, int set);
diff --git a/include/linux/genhd.h b/include/linux/genhd.h
-index 4f440b3..342233a 100644
+index 79b8bba..86b539e 100644
--- a/include/linux/genhd.h
+++ b/include/linux/genhd.h
-@@ -190,7 +190,7 @@ struct gendisk {
+@@ -194,7 +194,7 @@ struct gendisk {
struct kobject *slave_dir;
struct timer_rand_state *random;
struct disk_events *ev;
#ifdef CONFIG_BLK_DEV_INTEGRITY
struct blk_integrity *integrity;
+diff --git a/include/linux/genl_magic_func.h b/include/linux/genl_magic_func.h
+index 023bc34..b02b46a 100644
+--- a/include/linux/genl_magic_func.h
++++ b/include/linux/genl_magic_func.h
+@@ -246,7 +246,7 @@ const char *CONCAT_(GENL_MAGIC_FAMILY, _genl_cmd_to_str)(__u8 cmd)
+ },
+
+ #define ZZZ_genl_ops CONCAT_(GENL_MAGIC_FAMILY, _genl_ops)
+-static struct genl_ops ZZZ_genl_ops[] __read_mostly = {
++static struct genl_ops ZZZ_genl_ops[] = {
+ #include GENL_MAGIC_INCLUDE_FILE
+ };
+
diff --git a/include/linux/gfp.h b/include/linux/gfp.h
-index d0a7967..63c4c47 100644
+index 0f615eb..5c3832f 100644
--- a/include/linux/gfp.h
+++ b/include/linux/gfp.h
-@@ -35,6 +35,12 @@ struct vm_area_struct;
+@@ -35,6 +35,13 @@ struct vm_area_struct;
+ #define ___GFP_NO_KSWAPD 0x400000u
#define ___GFP_OTHER_NODE 0x800000u
#define ___GFP_WRITE 0x1000000u
-
++
+#ifdef CONFIG_PAX_USERCOPY_SLABS
+#define ___GFP_USERCOPY 0x2000000u
+#else
+#define ___GFP_USERCOPY 0
+#endif
+
+ /* If the above are modified, __GFP_BITS_SHIFT may need updating */
+
/*
- * GFP bitmasks..
- *
-@@ -89,6 +95,7 @@ struct vm_area_struct;
- #define __GFP_NO_KSWAPD ((__force gfp_t)___GFP_NO_KSWAPD)
+@@ -92,6 +99,7 @@ struct vm_area_struct;
#define __GFP_OTHER_NODE ((__force gfp_t)___GFP_OTHER_NODE) /* On behalf of other node */
+ #define __GFP_KMEMCG ((__force gfp_t)___GFP_KMEMCG) /* Allocation comes from a memcg-accounted resource */
#define __GFP_WRITE ((__force gfp_t)___GFP_WRITE) /* Allocator intends to dirty page */
+#define __GFP_USERCOPY ((__force gfp_t)___GFP_USERCOPY)/* Allocator intends to copy page to/from userland */
/*
* This may seem redundant, but it's a way of annotating false positives vs.
-@@ -96,7 +103,7 @@ struct vm_area_struct;
+@@ -99,7 +107,7 @@ struct vm_area_struct;
*/
#define __GFP_NOTRACK_FALSE_POSITIVE (__GFP_NOTRACK)
#define __GFP_BITS_MASK ((__force gfp_t)((1 << __GFP_BITS_SHIFT) - 1))
/* This equals 0, but use constants in case they ever change */
-@@ -150,6 +157,8 @@ struct vm_area_struct;
+@@ -153,6 +161,8 @@ struct vm_area_struct;
/* 4GB DMA on some platforms */
#define GFP_DMA32 __GFP_DMA32
+#endif
diff --git a/include/linux/grinternal.h b/include/linux/grinternal.h
new file mode 100644
-index 0000000..baa6e96
+index 0000000..9bb6662
--- /dev/null
+++ b/include/linux/grinternal.h
@@ -0,0 +1,215 @@
+extern int grsec_enable_chroot_sysctl;
+extern int grsec_enable_chroot_unix;
+extern int grsec_enable_symlinkown;
-+extern int grsec_symlinkown_gid;
++extern kgid_t grsec_symlinkown_gid;
+extern int grsec_enable_tpe;
-+extern int grsec_tpe_gid;
++extern kgid_t grsec_tpe_gid;
+extern int grsec_enable_tpe_all;
+extern int grsec_enable_tpe_invert;
+extern int grsec_enable_socket_all;
-+extern int grsec_socket_all_gid;
++extern kgid_t grsec_socket_all_gid;
+extern int grsec_enable_socket_client;
-+extern int grsec_socket_client_gid;
++extern kgid_t grsec_socket_client_gid;
+extern int grsec_enable_socket_server;
-+extern int grsec_socket_server_gid;
-+extern int grsec_audit_gid;
++extern kgid_t grsec_socket_server_gid;
++extern kgid_t grsec_audit_gid;
+extern int grsec_enable_group;
+extern int grsec_enable_audit_textrel;
+extern int grsec_enable_log_rwxmaps;
+#define GR_BRUTE_DAEMON_MSG "bruteforce prevention initiated for the next 30 minutes or until service restarted, stalling each fork 30 seconds. Please investigate the crash report for "
diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h
new file mode 100644
-index 0000000..c5e5913
+index 0000000..1ae241a
--- /dev/null
+++ b/include/linux/grsecurity.h
@@ -0,0 +1,257 @@
+
+int gr_acl_enable_at_secure(void);
+
-+int gr_check_user_change(int real, int effective, int fs);
-+int gr_check_group_change(int real, int effective, int fs);
++int gr_check_user_change(kuid_t real, kuid_t effective, kuid_t fs);
++int gr_check_group_change(kgid_t real, kgid_t effective, kgid_t fs);
+
+void gr_del_task_from_ip_table(struct task_struct *p);
+
+void gr_copy_label(struct task_struct *tsk);
+void gr_handle_crash(struct task_struct *task, const int sig);
+int gr_handle_signal(const struct task_struct *p, const int sig);
-+int gr_check_crash_uid(const uid_t uid);
++int gr_check_crash_uid(const kuid_t uid);
+int gr_check_protected_task(const struct task_struct *task);
+int gr_check_protected_task_fowner(struct pid *pid, enum pid_type type);
+int gr_acl_handle_mmap(const struct file *file,
+int gr_check_crash_exec(const struct file *filp);
+int gr_acl_is_enabled(void);
+void gr_set_kernel_label(struct task_struct *task);
-+void gr_set_role_label(struct task_struct *task, const uid_t uid,
-+ const gid_t gid);
++void gr_set_role_label(struct task_struct *task, const kuid_t uid,
++ const kgid_t gid);
+int gr_set_proc_label(const struct dentry *dentry,
+ const struct vfsmount *mnt,
+ const int unsafe_flags);
+extern int grsec_disable_privio;
+
+#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
-+extern int grsec_proc_gid;
++extern kgid_t grsec_proc_gid;
+#endif
+
+#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK
static inline void zero_user_segments(struct page *page,
unsigned start1, unsigned end1,
unsigned start2, unsigned end2)
+diff --git a/include/linux/hwmon-sysfs.h b/include/linux/hwmon-sysfs.h
+index 1c7b89a..7f52502 100644
+--- a/include/linux/hwmon-sysfs.h
++++ b/include/linux/hwmon-sysfs.h
+@@ -25,7 +25,8 @@
+ struct sensor_device_attribute{
+ struct device_attribute dev_attr;
+ int index;
+-};
++} __do_const;
++typedef struct sensor_device_attribute __no_const sensor_device_attribute_no_const;
+ #define to_sensor_dev_attr(_dev_attr) \
+ container_of(_dev_attr, struct sensor_device_attribute, dev_attr)
+
+@@ -41,7 +42,7 @@ struct sensor_device_attribute_2 {
+ struct device_attribute dev_attr;
+ u8 index;
+ u8 nr;
+-};
++} __do_const;
+ #define to_sensor_dev_attr_2(_dev_attr) \
+ container_of(_dev_attr, struct sensor_device_attribute_2, dev_attr)
+
diff --git a/include/linux/i2c.h b/include/linux/i2c.h
-index 800de22..7a2fa46 100644
+index d0c4db7..61b3577 100644
--- a/include/linux/i2c.h
+++ b/include/linux/i2c.h
-@@ -367,6 +367,7 @@ struct i2c_algorithm {
+@@ -369,6 +369,7 @@ struct i2c_algorithm {
/* To determine what the adapter supports */
u32 (*functionality) (struct i2c_adapter *);
};
extern int register_pppox_proto(int proto_num, const struct pppox_proto *pp);
extern void unregister_pppox_proto(int proto_num);
diff --git a/include/linux/init.h b/include/linux/init.h
-index e59041e..df0a975 100644
+index 10ed4f4..8e8490d 100644
--- a/include/linux/init.h
+++ b/include/linux/init.h
@@ -39,9 +39,36 @@
@@ -94,7 +121,7 @@
#define __exit __section(.exit.text) __exitused __cold notrace
- /* Used for HOTPLUG */
--#define __devinit __section(.devinit.text) __cold notrace
-+#define __devinit __section(.devinit.text) __cold notrace add_devinit_latent_entropy
- #define __devinitdata __section(.devinit.data)
- #define __devinitconst __constsection(.devinit.rodata)
- #define __devexit __section(.devexit.text) __exitused __cold notrace
-@@ -102,7 +129,7 @@
- #define __devexitconst __constsection(.devexit.rodata)
-
/* Used for HOTPLUG_CPU */
-#define __cpuinit __section(.cpuinit.text) __cold notrace
+#define __cpuinit __section(.cpuinit.text) __cold notrace add_cpuinit_latent_entropy
#define __cpuinitdata __section(.cpuinit.data)
#define __cpuinitconst __constsection(.cpuinit.rodata)
#define __cpuexit __section(.cpuexit.text) __exitused __cold notrace
-@@ -110,7 +137,7 @@
+@@ -102,7 +129,7 @@
#define __cpuexitconst __constsection(.cpuexit.rodata)
/* Used for MEMORY_HOTPLUG */
.files = &init_files, \
.signal = &init_signals, \
diff --git a/include/linux/interrupt.h b/include/linux/interrupt.h
-index 5e4e617..eee383d 100644
+index 5fa5afe..ac55b25 100644
--- a/include/linux/interrupt.h
+++ b/include/linux/interrupt.h
-@@ -435,7 +435,7 @@ enum
+@@ -430,7 +430,7 @@ enum
/* map softirq index to softirq name. update 'softirq_to_name' in
* kernel/softirq.c when adding a new softirq.
*/
/* softirq mask and active fields moved to irq_cpustat_t in
* asm/hardirq.h to get better cache usage. KAO
-@@ -443,12 +443,12 @@ extern char *softirq_to_name[NR_SOFTIRQS];
+@@ -438,12 +438,12 @@ extern char *softirq_to_name[NR_SOFTIRQS];
struct softirq_action
{
- void (*action)(struct softirq_action *);
+-};
+ void (*action)(void);
- };
++} __no_const;
asmlinkage void do_softirq(void);
asmlinkage void __do_softirq(void);
extern void softirq_init(void);
extern void __raise_softirq_irqoff(unsigned int nr);
+diff --git a/include/linux/iommu.h b/include/linux/iommu.h
+index f3b99e1..9b73cee 100644
+--- a/include/linux/iommu.h
++++ b/include/linux/iommu.h
+@@ -101,7 +101,7 @@ struct iommu_ops {
+ int (*domain_set_attr)(struct iommu_domain *domain,
+ enum iommu_attr attr, void *data);
+ unsigned long pgsize_bitmap;
+-};
++} __do_const;
+
+ #define IOMMU_GROUP_NOTIFY_ADD_DEVICE 1 /* Device added */
+ #define IOMMU_GROUP_NOTIFY_DEL_DEVICE 2 /* Pre Device removed */
+diff --git a/include/linux/irq.h b/include/linux/irq.h
+index fdf2c4a..5332486 100644
+--- a/include/linux/irq.h
++++ b/include/linux/irq.h
+@@ -328,7 +328,8 @@ struct irq_chip {
+ void (*irq_print_chip)(struct irq_data *data, struct seq_file *p);
+
+ unsigned long flags;
+-};
++} __do_const;
++typedef struct irq_chip __no_const irq_chip_no_const;
+
+ /*
+ * irq_chip specific flags
diff --git a/include/linux/kallsyms.h b/include/linux/kallsyms.h
index 6883e19..06992b1 100644
--- a/include/linux/kallsyms.h
/* This macro allows us to keep printk typechecking */
static __printf(1, 2)
+diff --git a/include/linux/key-type.h b/include/linux/key-type.h
+index 518a53a..5e28358 100644
+--- a/include/linux/key-type.h
++++ b/include/linux/key-type.h
+@@ -125,7 +125,7 @@ struct key_type {
+ /* internal fields */
+ struct list_head link; /* link in types list */
+ struct lock_class_key lock_class; /* key->sem lock class */
+-};
++} __do_const;
+
+ extern struct key_type key_type_keyring;
+
diff --git a/include/linux/kgdb.h b/include/linux/kgdb.h
index 4dff0c6..1ca9b72 100644
--- a/include/linux/kgdb.h
#define request_module_nowait(mod...) __request_module(false, mod)
#define try_then_request_module(x, mod...) \
diff --git a/include/linux/kobject.h b/include/linux/kobject.h
-index 1e57449..4fede7b 100644
+index 939b112..ed6ed51 100644
--- a/include/linux/kobject.h
+++ b/include/linux/kobject.h
@@ -111,7 +111,7 @@ struct kobj_type {
struct kobj_uevent_env {
char *envp[UEVENT_NUM_ENVP];
+@@ -134,6 +134,7 @@ struct kobj_attribute {
+ ssize_t (*store)(struct kobject *kobj, struct kobj_attribute *attr,
+ const char *buf, size_t count);
+ };
++typedef struct kobj_attribute __no_const kobj_attribute_no_const;
+
+ extern const struct sysfs_ops kobj_sysfs_ops;
+
+diff --git a/include/linux/kobject_ns.h b/include/linux/kobject_ns.h
+index f66b065..c2c29b4 100644
+--- a/include/linux/kobject_ns.h
++++ b/include/linux/kobject_ns.h
+@@ -43,7 +43,7 @@ struct kobj_ns_type_operations {
+ const void *(*netlink_ns)(struct sock *sk);
+ const void *(*initial_ns)(void);
+ void (*drop_ns)(void *);
+-};
++} __do_const;
+
+ int kobj_ns_type_register(const struct kobj_ns_type_operations *ops);
+ int kobj_ns_type_registered(enum kobj_ns_type type);
diff --git a/include/linux/kref.h b/include/linux/kref.h
-index 65af688..0592677 100644
+index 4972e6e..de4d19b 100644
--- a/include/linux/kref.h
+++ b/include/linux/kref.h
@@ -64,7 +64,7 @@ static inline void kref_get(struct kref *kref)
if (atomic_sub_and_test((int) count, &kref->refcount)) {
release(kref);
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
-index ecc5543..0e96bcc 100644
+index 2c497ab..afe32f5 100644
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
-@@ -403,7 +403,7 @@ void kvm_vcpu_uninit(struct kvm_vcpu *vcpu);
+@@ -418,7 +418,7 @@ void kvm_vcpu_uninit(struct kvm_vcpu *vcpu);
int __must_check vcpu_load(struct kvm_vcpu *vcpu);
void vcpu_put(struct kvm_vcpu *vcpu);
struct module *module);
void kvm_exit(void);
-@@ -558,7 +558,7 @@ int kvm_arch_vcpu_ioctl_set_guest_debug(struct kvm_vcpu *vcpu,
+@@ -574,7 +574,7 @@ int kvm_arch_vcpu_ioctl_set_guest_debug(struct kvm_vcpu *vcpu,
struct kvm_guest_debug *dbg);
int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run);
int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu);
diff --git a/include/linux/libata.h b/include/linux/libata.h
-index 1e36c63..0c5046e 100644
+index 649e5f8..ead5194 100644
--- a/include/linux/libata.h
+++ b/include/linux/libata.h
@@ -915,7 +915,7 @@ struct ata_port_operations {
struct ata_port_info {
unsigned long flags;
diff --git a/include/linux/list.h b/include/linux/list.h
-index cc6d2aa..71febca 100644
+index cc6d2aa..c10ee83 100644
--- a/include/linux/list.h
+++ b/include/linux/list.h
-@@ -112,6 +112,9 @@ extern void __list_del_entry(struct list_head *entry);
+@@ -112,6 +112,19 @@ extern void __list_del_entry(struct list_head *entry);
extern void list_del(struct list_head *entry);
#endif
-+extern void pax_list_add_tail(struct list_head *new, struct list_head *head);
++extern void __pax_list_add(struct list_head *new,
++ struct list_head *prev,
++ struct list_head *next);
++static inline void pax_list_add(struct list_head *new, struct list_head *head)
++{
++ __pax_list_add(new, head, head->next);
++}
++static inline void pax_list_add_tail(struct list_head *new, struct list_head *head)
++{
++ __pax_list_add(new, head->prev, head);
++}
+extern void pax_list_del(struct list_head *entry);
+
/**
* list_replace - replace old entry by new one
* @old : the element to be replaced
+@@ -145,6 +158,8 @@ static inline void list_del_init(struct list_head *entry)
+ INIT_LIST_HEAD(entry);
+ }
+
++extern void pax_list_del_init(struct list_head *entry);
++
+ /**
+ * list_move - delete from one list and add as another's head
+ * @list: the entry to move
diff --git a/include/linux/mm.h b/include/linux/mm.h
-index 280dae5..39046ec 100644
+index 66e2f7c..ea88001 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -101,6 +101,11 @@ extern unsigned int kobjsize(const void *objp);
#define VM_DONTDUMP 0x04000000 /* Do not include in the core dump */
#define VM_MIXEDMAP 0x10000000 /* Can contain "struct page" and pure PFN pages */
-@@ -1039,34 +1044,6 @@ int set_page_dirty(struct page *page);
+@@ -231,6 +236,7 @@ struct vm_operations_struct {
+ int (*remap_pages)(struct vm_area_struct *vma, unsigned long addr,
+ unsigned long size, pgoff_t pgoff);
+ };
++typedef struct vm_operations_struct __no_const vm_operations_struct_no_const;
+
+ struct mmu_gather;
+ struct inode;
+@@ -1068,34 +1074,6 @@ int set_page_dirty(struct page *page);
int set_page_dirty_lock(struct page *page);
int clear_page_dirty_for_io(struct page *page);
extern pid_t
vm_is_stack(struct task_struct *task, struct vm_area_struct *vma, int in_group);
-@@ -1166,6 +1143,15 @@ static inline void sync_mm_rss(struct mm_struct *mm)
+@@ -1198,6 +1176,15 @@ static inline void sync_mm_rss(struct mm_struct *mm)
}
#endif
int vma_wants_writenotify(struct vm_area_struct *vma);
extern pte_t *__get_locked_pte(struct mm_struct *mm, unsigned long addr,
-@@ -1184,8 +1170,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd,
+@@ -1216,8 +1203,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd,
{
return 0;
}
#endif
#ifdef __PAGETABLE_PMD_FOLDED
-@@ -1194,8 +1187,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud,
+@@ -1226,8 +1220,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud,
{
return 0;
}
#endif
int __pte_alloc(struct mm_struct *mm, struct vm_area_struct *vma,
-@@ -1213,11 +1213,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a
+@@ -1245,11 +1246,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a
NULL: pud_offset(pgd, address);
}
#endif /* CONFIG_MMU && !__ARCH_HAS_4LEVEL_HACK */
#if USE_SPLIT_PTLOCKS
-@@ -1447,6 +1459,7 @@ extern unsigned long do_mmap_pgoff(struct file *, unsigned long,
+@@ -1479,6 +1492,7 @@ extern unsigned long do_mmap_pgoff(struct file *, unsigned long,
unsigned long, unsigned long,
unsigned long, unsigned long);
extern int do_munmap(struct mm_struct *, unsigned long, size_t);
/* These take the mm semaphore themselves */
extern unsigned long vm_brk(unsigned long, unsigned long);
-@@ -1510,6 +1523,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add
+@@ -1573,6 +1587,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add
extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr,
struct vm_area_struct **pprev);
/* Look up the first VMA which intersects the interval start_addr..end_addr-1,
NULL if none. Assume start_addr < end_addr. */
static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * mm, unsigned long start_addr, unsigned long end_addr)
-@@ -1538,15 +1555,6 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm,
+@@ -1601,15 +1619,6 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm,
return vma;
}
-}
-#endif
-
- struct vm_area_struct *find_extend_vma(struct mm_struct *, unsigned long addr);
- int remap_pfn_range(struct vm_area_struct *, unsigned long addr,
- unsigned long pfn, unsigned long size, pgprot_t);
-@@ -1652,7 +1660,7 @@ extern int unpoison_memory(unsigned long pfn);
+ #ifdef CONFIG_ARCH_USES_NUMA_PROT_NONE
+ unsigned long change_prot_numa(struct vm_area_struct *vma,
+ unsigned long start, unsigned long end);
+@@ -1721,7 +1730,7 @@ extern int unpoison_memory(unsigned long pfn);
extern int sysctl_memory_failure_early_kill;
extern int sysctl_memory_failure_recovery;
extern void shake_page(struct page *p, int access);
extern int soft_offline_page(struct page *page, int flags);
extern void dump_page(struct page *page);
-@@ -1683,5 +1691,11 @@ static inline unsigned int debug_guardpage_minorder(void) { return 0; }
+@@ -1752,5 +1761,11 @@ static inline unsigned int debug_guardpage_minorder(void) { return 0; }
static inline bool page_is_guard(struct page *page) { return false; }
#endif /* CONFIG_DEBUG_PAGEALLOC */
#endif /* __KERNEL__ */
#endif /* _LINUX_MM_H */
diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h
-index 31f8a3a..499f1db 100644
+index f8f5162..a039af9 100644
--- a/include/linux/mm_types.h
+++ b/include/linux/mm_types.h
-@@ -275,6 +275,8 @@ struct vm_area_struct {
+@@ -288,6 +288,8 @@ struct vm_area_struct {
#ifdef CONFIG_NUMA
struct mempolicy *vm_policy; /* NUMA policy for the VMA */
#endif
};
struct core_thread {
-@@ -348,7 +350,7 @@ struct mm_struct {
+@@ -362,7 +364,7 @@ struct mm_struct {
unsigned long def_flags;
unsigned long nr_ptes; /* Page table pages */
unsigned long start_code, end_code, start_data, end_data;
- unsigned long start_brk, brk, start_stack;
-+ unsigned long brk_gap, start_brk, brk, start_stack;
++ unsigned long aslr_gap, start_brk, brk, start_stack;
unsigned long arg_start, arg_end, env_start, env_end;
unsigned long saved_auxv[AT_VECTOR_SIZE]; /* for /proc/PID/auxv */
-@@ -399,6 +401,24 @@ struct mm_struct {
- struct cpumask cpumask_allocation;
+@@ -436,6 +438,24 @@ struct mm_struct {
+ int first_nid;
#endif
struct uprobes_state uprobes_state;
+
+
};
- static inline void mm_init_cpumask(struct mm_struct *mm)
+ /* first nid will either be a valid NID or one of these values */
diff --git a/include/linux/mmiotrace.h b/include/linux/mmiotrace.h
index c5d5278..f0b68c8 100644
--- a/include/linux/mmiotrace.h
}
diff --git a/include/linux/mmzone.h b/include/linux/mmzone.h
-index a23923b..073fee4 100644
+index 73b64a3..6562925 100644
--- a/include/linux/mmzone.h
+++ b/include/linux/mmzone.h
-@@ -421,7 +421,7 @@ struct zone {
+@@ -412,7 +412,7 @@ struct zone {
unsigned long flags; /* zone flags, see below */
/* Zone statistics */
/*
* The target ratio of ACTIVE_ANON to INACTIVE_ANON pages on
diff --git a/include/linux/mod_devicetable.h b/include/linux/mod_devicetable.h
-index fed3def..7cc3f93 100644
+index fed3def..c933f99 100644
--- a/include/linux/mod_devicetable.h
+++ b/include/linux/mod_devicetable.h
@@ -12,7 +12,7 @@
#define HID_BUS_ANY 0xffff
#define HID_GROUP_ANY 0x0000
+@@ -498,7 +498,7 @@ struct dmi_system_id {
+ const char *ident;
+ struct dmi_strmatch matches[4];
+ void *driver_data;
+-};
++} __do_const;
+ /*
+ * struct dmi_device_id appears during expansion of
+ * "MODULE_DEVICE_TABLE(dmi, x)". Compiler doesn't look inside it
diff --git a/include/linux/module.h b/include/linux/module.h
-index 1375ee3..d631af0 100644
+index 1375ee3..ced8177 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -17,9 +17,11 @@
/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */
#define MODULE_SIG_STRING "~Module signature appended~\n"
-@@ -281,19 +283,16 @@ struct module
+@@ -54,12 +56,13 @@ struct module_attribute {
+ int (*test)(struct module *);
+ void (*free)(struct module *);
+ };
++typedef struct module_attribute __no_const module_attribute_no_const;
+
+ struct module_version_attribute {
+ struct module_attribute mattr;
+ const char *module_name;
+ const char *version;
+-} __attribute__ ((__aligned__(sizeof(void *))));
++} __do_const __attribute__ ((__aligned__(sizeof(void *))));
+
+ extern ssize_t __modver_version_show(struct module_attribute *,
+ struct module_kobject *, char *);
+@@ -232,7 +235,7 @@ struct module
+
+ /* Sysfs stuff. */
+ struct module_kobject mkobj;
+- struct module_attribute *modinfo_attrs;
++ module_attribute_no_const *modinfo_attrs;
+ const char *version;
+ const char *srcversion;
+ struct kobject *holders_dir;
+@@ -281,19 +284,16 @@ struct module
int (*init)(void);
/* If this is non-NULL, vfree after init() returns */
/* Arch-specific module values */
struct mod_arch_specific arch;
-@@ -349,6 +348,10 @@ struct module
+@@ -349,6 +349,10 @@ struct module
#ifdef CONFIG_EVENT_TRACING
struct ftrace_event_call **trace_events;
unsigned int num_trace_events;
#endif
#ifdef CONFIG_FTRACE_MCOUNT_RECORD
unsigned int num_ftrace_callsites;
-@@ -396,16 +399,46 @@ bool is_module_address(unsigned long addr);
+@@ -396,16 +400,46 @@ bool is_module_address(unsigned long addr);
bool is_module_percpu_address(unsigned long addr);
bool is_module_text_address(unsigned long addr);
}
#endif
diff --git a/include/linux/moduleparam.h b/include/linux/moduleparam.h
-index d6a5806..7c13347 100644
+index 137b419..fe663ec 100644
--- a/include/linux/moduleparam.h
+++ b/include/linux/moduleparam.h
-@@ -286,7 +286,7 @@ static inline void __kernel_param_unlock(void)
+@@ -284,7 +284,7 @@ static inline void __kernel_param_unlock(void)
* @len is usually just sizeof(string).
*/
#define module_param_string(name, string, len, perm) \
= { len, string }; \
__module_param_call(MODULE_PARAM_PREFIX, name, \
¶m_ops_string, \
-@@ -425,7 +425,7 @@ extern int param_set_bint(const char *val, const struct kernel_param *kp);
+@@ -423,7 +423,7 @@ extern int param_set_bint(const char *val, const struct kernel_param *kp);
*/
#define module_param_array_named(name, array, type, nump, perm) \
param_check_##type(name, &(array)[0]); \
.ops = ¶m_ops_##type, \
.elemsize = sizeof(array[0]), .elem = array }; \
diff --git a/include/linux/namei.h b/include/linux/namei.h
-index 4bf19d8..5268cea 100644
+index 5a5ff57..5ae5070 100644
--- a/include/linux/namei.h
+++ b/include/linux/namei.h
-@@ -18,7 +18,7 @@ struct nameidata {
+@@ -19,7 +19,7 @@ struct nameidata {
unsigned seq;
int last_type;
unsigned depth;
};
/*
-@@ -83,12 +83,12 @@ extern void unlock_rename(struct dentry *, struct dentry *);
+@@ -84,12 +84,12 @@ extern void unlock_rename(struct dentry *, struct dentry *);
extern void nd_jump_link(struct nameidata *nd, struct path *path);
{
return nd->saved_names[nd->depth];
}
+diff --git a/include/linux/net.h b/include/linux/net.h
+index aa16731..514b875 100644
+--- a/include/linux/net.h
++++ b/include/linux/net.h
+@@ -183,7 +183,7 @@ struct net_proto_family {
+ int (*create)(struct net *net, struct socket *sock,
+ int protocol, int kern);
+ struct module *owner;
+-};
++} __do_const;
+
+ struct iovec;
+ struct kvec;
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
-index a848ffc..3bbbaee 100644
+index 9ef07d0..130a5d9 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
-@@ -999,6 +999,7 @@ struct net_device_ops {
- struct net_device *dev,
- int idx);
+@@ -1012,6 +1012,7 @@ struct net_device_ops {
+ u32 pid, u32 seq,
+ struct net_device *dev);
};
+typedef struct net_device_ops __no_const net_device_ops_no_const;
/*
* The DEVICE structure.
-@@ -1059,7 +1060,7 @@ struct net_device {
+@@ -1078,7 +1079,7 @@ struct net_device {
int iflink;
struct net_device_stats stats;
* Do not use this in drivers.
*/
+diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
+index ee14284..bc65d63 100644
+--- a/include/linux/netfilter.h
++++ b/include/linux/netfilter.h
+@@ -82,7 +82,7 @@ struct nf_sockopt_ops {
+ #endif
+ /* Use the module struct to lock set/get code in place */
+ struct module *owner;
+-};
++} __do_const;
+
+ /* Function to register/unregister hook points. */
+ int nf_register_hook(struct nf_hook_ops *reg);
diff --git a/include/linux/netfilter/ipset/ip_set.h b/include/linux/netfilter/ipset/ip_set.h
index 7958e84..ed74d7a 100644
--- a/include/linux/netfilter/ipset/ip_set.h
+};
+
+#endif
+diff --git a/include/linux/nls.h b/include/linux/nls.h
+index 5dc635f..35f5e11 100644
+--- a/include/linux/nls.h
++++ b/include/linux/nls.h
+@@ -31,7 +31,7 @@ struct nls_table {
+ const unsigned char *charset2upper;
+ struct module *owner;
+ struct nls_table *next;
+-};
++} __do_const;
+
+ /* this value hold the maximum octet of charset */
+ #define NLS_MAX_CHARSET_SIZE 6 /* for UTF-8 */
diff --git a/include/linux/notifier.h b/include/linux/notifier.h
index d65746e..62e72c2 100644
--- a/include/linux/notifier.h
/** create a directory */
struct dentry * oprofilefs_mkdir(struct super_block * sb, struct dentry * root,
+diff --git a/include/linux/pci_hotplug.h b/include/linux/pci_hotplug.h
+index 45fc162..01a4068 100644
+--- a/include/linux/pci_hotplug.h
++++ b/include/linux/pci_hotplug.h
+@@ -80,7 +80,8 @@ struct hotplug_slot_ops {
+ int (*get_attention_status) (struct hotplug_slot *slot, u8 *value);
+ int (*get_latch_status) (struct hotplug_slot *slot, u8 *value);
+ int (*get_adapter_status) (struct hotplug_slot *slot, u8 *value);
+-};
++} __do_const;
++typedef struct hotplug_slot_ops __no_const hotplug_slot_ops_no_const;
+
+ /**
+ * struct hotplug_slot_info - used to notify the hotplug pci core of the state of the slot
diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h
-index 6bfb2faa..1204767 100644
+index 6bfb2faa..e5bc5e5 100644
--- a/include/linux/perf_event.h
+++ b/include/linux/perf_event.h
@@ -328,8 +328,8 @@ struct perf_event {
/*
* Protect attach/detach and child_list:
+@@ -801,7 +801,7 @@ static inline void perf_event_task_tick(void) { }
+ */
+ #define perf_cpu_notifier(fn) \
+ do { \
+- static struct notifier_block fn##_nb __cpuinitdata = \
++ static struct notifier_block fn##_nb = \
+ { .notifier_call = fn, .priority = CPU_PRI_PERF }; \
+ unsigned long cpu = smp_processor_id(); \
+ unsigned long flags; \
diff --git a/include/linux/pipe_fs_i.h b/include/linux/pipe_fs_i.h
index ad1a427..6419649 100644
--- a/include/linux/pipe_fs_i.h
extern void s5p_ehci_set_platdata(struct s5p_ehci_platdata *pd);
+diff --git a/include/linux/platform_data/usb-exynos.h b/include/linux/platform_data/usb-exynos.h
+index c256c59..8ea94c7 100644
+--- a/include/linux/platform_data/usb-exynos.h
++++ b/include/linux/platform_data/usb-exynos.h
+@@ -14,7 +14,7 @@
+ struct exynos4_ohci_platdata {
+ int (*phy_init)(struct platform_device *pdev, int type);
+ int (*phy_exit)(struct platform_device *pdev, int type);
+-};
++} __no_const;
+
+ extern void exynos4_ohci_set_platdata(struct exynos4_ohci_platdata *pd);
+
+diff --git a/include/linux/pm_domain.h b/include/linux/pm_domain.h
+index 7c1d252..c5c773e 100644
+--- a/include/linux/pm_domain.h
++++ b/include/linux/pm_domain.h
+@@ -48,7 +48,7 @@ struct gpd_dev_ops {
+
+ struct gpd_cpu_data {
+ unsigned int saved_exit_latency;
+- struct cpuidle_state *idle_state;
++ cpuidle_state_no_const *idle_state;
+ };
+
+ struct generic_pm_domain {
diff --git a/include/linux/pm_runtime.h b/include/linux/pm_runtime.h
index f271860..6b3bec5 100644
--- a/include/linux/pm_runtime.h
}
#else /* !CONFIG_PM_RUNTIME */
+diff --git a/include/linux/pnp.h b/include/linux/pnp.h
+index 195aafc..49a7bc2 100644
+--- a/include/linux/pnp.h
++++ b/include/linux/pnp.h
+@@ -297,7 +297,7 @@ static inline void pnp_set_drvdata(struct pnp_dev *pdev, void *data)
+ struct pnp_fixup {
+ char id[7];
+ void (*quirk_function) (struct pnp_dev * dev); /* fixup function */
+-};
++} __do_const;
+
+ /* config parameters */
+ #define PNP_CONFIG_NORMAL 0x0001
diff --git a/include/linux/poison.h b/include/linux/poison.h
index 2110a81..13a11bb 100644
--- a/include/linux/poison.h
/********** include/linux/timer.h **********/
/*
diff --git a/include/linux/power/smartreflex.h b/include/linux/power/smartreflex.h
-index 4a496eb..d9c5659 100644
+index c0f44c2..1572583 100644
--- a/include/linux/power/smartreflex.h
+++ b/include/linux/power/smartreflex.h
@@ -238,7 +238,7 @@ struct omap_sr_class_data {
/**
* struct omap_sr_nvalue_table - Smartreflex n-target value info
+diff --git a/include/linux/ppp-comp.h b/include/linux/ppp-comp.h
+index 4ea1d37..80f4b33 100644
+--- a/include/linux/ppp-comp.h
++++ b/include/linux/ppp-comp.h
+@@ -84,7 +84,7 @@ struct compressor {
+ struct module *owner;
+ /* Extra skb space needed by the compressor algorithm */
+ unsigned int comp_extra;
+-};
++} __do_const;
+
+ /*
+ * The return value from decompress routine is the length of the
diff --git a/include/linux/printk.h b/include/linux/printk.h
index 9afc01e..92c32e8 100644
--- a/include/linux/printk.h
void log_buf_kexec_setup(void);
void __init setup_log_buf(int early);
diff --git a/include/linux/proc_fs.h b/include/linux/proc_fs.h
-index 3fd2e87..75db910 100644
+index 32676b3..8f7a182 100644
--- a/include/linux/proc_fs.h
+++ b/include/linux/proc_fs.h
-@@ -155,6 +155,18 @@ static inline struct proc_dir_entry *proc_create(const char *name, umode_t mode,
+@@ -159,6 +159,18 @@ static inline struct proc_dir_entry *proc_create(const char *name, umode_t mode,
return proc_create_data(name, mode, parent, proc_fops, NULL);
}
umode_t mode, struct proc_dir_entry *base,
read_proc_t *read_proc, void * data)
diff --git a/include/linux/random.h b/include/linux/random.h
-index 6330ed4..419c6c3 100644
+index d984608..d6f0042 100644
--- a/include/linux/random.h
+++ b/include/linux/random.h
-@@ -30,12 +30,17 @@ void srandom32(u32 seed);
-
- u32 prandom32(struct rnd_state *);
+@@ -39,6 +39,11 @@ void prandom_seed(u32 seed);
+ u32 prandom_u32_state(struct rnd_state *);
+ void prandom_bytes_state(struct rnd_state *state, void *buf, int nbytes);
+static inline unsigned long pax_get_random_long(void)
+{
-+ return random32() + (sizeof(long) > 4 ? (unsigned long)random32() << 32 : 0);
++ return prandom_u32() + (sizeof(long) > 4 ? (unsigned long)prandom_u32() << 32 : 0);
+}
+
/*
* Handle minimum values for seeds
*/
- static inline u32 __seed(u32 x, u32 m)
- {
-- return (x < m) ? x + m : x;
-+ return (x <= m) ? x + m + 1 : x;
+diff --git a/include/linux/rculist.h b/include/linux/rculist.h
+index c92dd28..08f4eab 100644
+--- a/include/linux/rculist.h
++++ b/include/linux/rculist.h
+@@ -44,6 +44,9 @@ extern void __list_add_rcu(struct list_head *new,
+ struct list_head *prev, struct list_head *next);
+ #endif
+
++extern void __pax_list_add_rcu(struct list_head *new,
++ struct list_head *prev, struct list_head *next);
++
+ /**
+ * list_add_rcu - add a new entry to rcu-protected list
+ * @new: new entry to be added
+@@ -65,6 +68,11 @@ static inline void list_add_rcu(struct list_head *new, struct list_head *head)
+ __list_add_rcu(new, head, head->next);
+ }
+
++static inline void pax_list_add_rcu(struct list_head *new, struct list_head *head)
++{
++ __pax_list_add_rcu(new, head, head->next);
++}
++
+ /**
+ * list_add_tail_rcu - add a new entry to rcu-protected list
+ * @new: new entry to be added
+@@ -87,6 +95,12 @@ static inline void list_add_tail_rcu(struct list_head *new,
+ __list_add_rcu(new, head->prev, head);
}
++static inline void pax_list_add_tail_rcu(struct list_head *new,
++ struct list_head *head)
++{
++ __pax_list_add_rcu(new, head->prev, head);
++}
++
/**
+ * list_del_rcu - deletes entry from list without re-initialization
+ * @entry: the element to delete from the list.
+@@ -117,6 +131,8 @@ static inline void list_del_rcu(struct list_head *entry)
+ entry->prev = LIST_POISON2;
+ }
+
++extern void pax_list_del_rcu(struct list_head *entry);
++
+ /**
+ * hlist_del_init_rcu - deletes entry from hash list with re-initialization
+ * @n: the element to delete from the hash list.
diff --git a/include/linux/reboot.h b/include/linux/reboot.h
index 23b3630..e1bc12b 100644
--- a/include/linux/reboot.h
#endif /* _LINUX_REBOOT_H */
diff --git a/include/linux/regset.h b/include/linux/regset.h
-index 8e0c9fe..fdb64bc 100644
+index 8e0c9fe..ac4d221 100644
--- a/include/linux/regset.h
+++ b/include/linux/regset.h
-@@ -161,7 +161,7 @@ struct user_regset {
+@@ -161,7 +161,8 @@ struct user_regset {
unsigned int align;
unsigned int bias;
unsigned int core_note_type;
-};
+} __do_const;
++typedef struct user_regset __no_const user_regset_no_const;
/**
* struct user_regset_view - available regsets
#define RIO_RESOURCE_MEM 0x00000100
#define RIO_RESOURCE_DOORBELL 0x00000200
diff --git a/include/linux/rmap.h b/include/linux/rmap.h
-index bfe1f47..6a33ee3 100644
+index c20635c..2f5def4 100644
--- a/include/linux/rmap.h
+++ b/include/linux/rmap.h
-@@ -134,8 +134,8 @@ static inline void anon_vma_unlock(struct anon_vma *anon_vma)
+@@ -145,8 +145,8 @@ static inline void anon_vma_unlock_read(struct anon_vma *anon_vma)
void anon_vma_init(void); /* create anon_vma_cachep */
int anon_vma_prepare(struct vm_area_struct *);
void unlink_anon_vmas(struct vm_area_struct *);
static inline void anon_vma_merge(struct vm_area_struct *vma,
struct vm_area_struct *next)
diff --git a/include/linux/sched.h b/include/linux/sched.h
-index 3e63925..6c93b17 100644
+index d211247..a5cbf38b 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -61,6 +61,7 @@ struct bio_list;
/*
* List of flags we want to share for kernel threads,
-@@ -344,10 +345,23 @@ struct user_namespace;
+@@ -354,10 +355,23 @@ struct user_namespace;
#define DEFAULT_MAX_MAP_COUNT (USHRT_MAX - MAPCOUNT_ELF_CORE_MARGIN)
extern int sysctl_max_map_count;
extern void arch_pick_mmap_layout(struct mm_struct *mm);
extern unsigned long
arch_get_unmapped_area(struct file *, unsigned long, unsigned long,
-@@ -614,6 +628,17 @@ struct signal_struct {
+@@ -639,6 +653,17 @@ struct signal_struct {
#ifdef CONFIG_TASKSTATS
struct taskstats *stats;
#endif
#ifdef CONFIG_AUDIT
unsigned audit_tty;
struct tty_audit_buf *tty_audit_buf;
-@@ -691,6 +716,11 @@ struct user_struct {
+@@ -717,6 +742,11 @@ struct user_struct {
struct key *session_keyring; /* UID's default session keyring */
#endif
/* Hash table maintenance information */
struct hlist_node uidhash_node;
kuid_t uid;
-@@ -1312,8 +1342,8 @@ struct task_struct {
+@@ -1116,7 +1146,7 @@ struct sched_class {
+ #ifdef CONFIG_FAIR_GROUP_SCHED
+ void (*task_move_group) (struct task_struct *p, int on_rq);
+ #endif
+-};
++} __do_const;
+
+ struct load_weight {
+ unsigned long weight, inv_weight;
+@@ -1360,8 +1390,8 @@ struct task_struct {
struct list_head thread_group;
struct completion *vfork_done; /* for vfork() */
cputime_t utime, stime, utimescaled, stimescaled;
cputime_t gtime;
-@@ -1329,11 +1359,6 @@ struct task_struct {
+@@ -1377,11 +1407,6 @@ struct task_struct {
struct task_cputime cputime_expires;
struct list_head cpu_timers[3];
char comm[TASK_COMM_LEN]; /* executable name excluding path
- access with [gs]et_task_comm (which lock
it with task_lock())
-@@ -1350,6 +1375,10 @@ struct task_struct {
+@@ -1398,6 +1423,10 @@ struct task_struct {
#endif
/* CPU-specific state of this task */
struct thread_struct thread;
/* filesystem information */
struct fs_struct *fs;
/* open file information */
-@@ -1423,6 +1452,10 @@ struct task_struct {
+@@ -1471,6 +1500,10 @@ struct task_struct {
gfp_t lockdep_reclaim_gfp;
#endif
/* journalling filesystem info */
void *journal_info;
-@@ -1461,6 +1494,10 @@ struct task_struct {
+@@ -1509,6 +1542,10 @@ struct task_struct {
/* cg_list protected by css_set_lock and tsk->alloc_lock */
struct list_head cg_list;
#endif
#ifdef CONFIG_FUTEX
struct robust_list_head __user *robust_list;
#ifdef CONFIG_COMPAT
-@@ -1548,8 +1585,74 @@ struct task_struct {
+@@ -1605,8 +1642,74 @@ struct task_struct {
#ifdef CONFIG_UPROBES
struct uprobe_task *utask;
#endif
/* Future-safe accessor for struct task_struct's cpus_allowed. */
#define tsk_cpus_allowed(tsk) (&(tsk)->cpus_allowed)
-@@ -2092,7 +2195,9 @@ void yield(void);
+@@ -1696,7 +1799,7 @@ struct pid_namespace;
+ pid_t __task_pid_nr_ns(struct task_struct *task, enum pid_type type,
+ struct pid_namespace *ns);
+
+-static inline pid_t task_pid_nr(struct task_struct *tsk)
++static inline pid_t task_pid_nr(const struct task_struct *tsk)
+ {
+ return tsk->pid;
+ }
+@@ -2155,7 +2258,9 @@ void yield(void);
extern struct exec_domain default_exec_domain;
union thread_union {
unsigned long stack[THREAD_SIZE/sizeof(long)];
};
-@@ -2125,6 +2230,7 @@ extern struct pid_namespace init_pid_ns;
+@@ -2188,6 +2293,7 @@ extern struct pid_namespace init_pid_ns;
*/
extern struct task_struct *find_task_by_vpid(pid_t nr);
extern struct task_struct *find_task_by_pid_ns(pid_t nr,
struct pid_namespace *ns);
-@@ -2281,7 +2387,7 @@ extern void __cleanup_sighand(struct sighand_struct *);
+@@ -2344,7 +2450,7 @@ extern void __cleanup_sighand(struct sighand_struct *);
extern void exit_itimers(struct signal_struct *);
extern void flush_itimer_signals(void);
-extern void do_group_exit(int);
+extern __noreturn void do_group_exit(int);
- extern void daemonize(const char *, ...);
extern int allow_signal(int);
-@@ -2485,9 +2591,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
+ extern int disallow_signal(int);
+@@ -2545,9 +2651,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
#endif
return (obj >= stack) && (obj < (stack + THREAD_SIZE));
}
diff --git a/include/linux/security.h b/include/linux/security.h
-index 05e88bd..5cda002 100644
+index eee7478..290f7ba 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -26,6 +26,7 @@
#define SEQ_SKIP 1
diff --git a/include/linux/shm.h b/include/linux/shm.h
-index bcf8a6a..4d0af77 100644
+index 429c199..4d42e38 100644
--- a/include/linux/shm.h
+++ b/include/linux/shm.h
@@ -21,6 +21,10 @@ struct shmid_kernel /* private to the kernel */
/* shm_mode upper byte flags */
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
-index 6a2c34e..a1f320f 100644
+index 320e976..fd52553 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
-@@ -577,7 +577,7 @@ extern bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from,
+@@ -590,7 +590,7 @@ extern bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from,
extern struct sk_buff *__alloc_skb(unsigned int size,
gfp_t priority, int flags, int node);
extern struct sk_buff *build_skb(void *data, unsigned int frag_size);
gfp_t priority)
{
return __alloc_skb(size, priority, 0, NUMA_NO_NODE);
-@@ -687,7 +687,7 @@ static inline struct skb_shared_hwtstamps *skb_hwtstamps(struct sk_buff *skb)
+@@ -700,7 +700,7 @@ static inline struct skb_shared_hwtstamps *skb_hwtstamps(struct sk_buff *skb)
*/
static inline int skb_queue_empty(const struct sk_buff_head *list)
{
}
/**
-@@ -700,7 +700,7 @@ static inline int skb_queue_empty(const struct sk_buff_head *list)
+@@ -713,7 +713,7 @@ static inline int skb_queue_empty(const struct sk_buff_head *list)
static inline bool skb_queue_is_last(const struct sk_buff_head *list,
const struct sk_buff *skb)
{
}
/**
-@@ -713,7 +713,7 @@ static inline bool skb_queue_is_last(const struct sk_buff_head *list,
+@@ -726,7 +726,7 @@ static inline bool skb_queue_is_last(const struct sk_buff_head *list,
static inline bool skb_queue_is_first(const struct sk_buff_head *list,
const struct sk_buff *skb)
{
}
/**
-@@ -1626,7 +1626,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len)
+@@ -1722,7 +1722,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len)
* NET_IP_ALIGN(2) + ethernet_header(14) + IP_header(20/40) + ports(8)
*/
#ifndef NET_SKB_PAD
#endif
extern int ___pskb_trim(struct sk_buff *skb, unsigned int len);
-@@ -2204,7 +2204,7 @@ extern struct sk_buff *skb_recv_datagram(struct sock *sk, unsigned flags,
+@@ -2300,7 +2300,7 @@ extern struct sk_buff *skb_recv_datagram(struct sock *sk, unsigned flags,
int noblock, int *err);
extern unsigned int datagram_poll(struct file *file, struct socket *sock,
struct poll_table_struct *wait);
int size);
extern int skb_copy_and_csum_datagram_iovec(struct sk_buff *skb,
diff --git a/include/linux/slab.h b/include/linux/slab.h
-index 83d1a14..e23d723 100644
+index 5d168d7..720bff3 100644
--- a/include/linux/slab.h
+++ b/include/linux/slab.h
-@@ -11,12 +11,20 @@
-
+@@ -12,13 +12,20 @@
#include <linux/gfp.h>
#include <linux/types.h>
+ #include <linux/workqueue.h>
+-
+#include <linux/err.h>
/*
#define SLAB_RED_ZONE 0x00000400UL /* DEBUG: Red zone objs in a cache */
#define SLAB_POISON 0x00000800UL /* DEBUG: Poison objects */
#define SLAB_HWCACHE_ALIGN 0x00002000UL /* Align objs on cache lines */
-@@ -87,10 +95,13 @@
+@@ -89,10 +96,13 @@
* ZERO_SIZE_PTR can be passed to kfree though in the same way that NULL can.
* Both make kfree a no-op.
*/
/*
* Common fields provided in kmem_cache by all slab allocators
-@@ -110,7 +121,7 @@ struct kmem_cache {
+@@ -112,7 +122,7 @@ struct kmem_cache {
unsigned int align; /* Alignment as calculated */
unsigned long flags; /* Active flags on the slab */
const char *name; /* Slab name for sysfs */
void (*ctor)(void *); /* Called on object slot creation */
struct list_head list; /* List of all slab caches on the system */
};
-@@ -185,6 +196,8 @@ void * __must_check krealloc(const void *, size_t, gfp_t);
+@@ -232,6 +242,8 @@ void * __must_check krealloc(const void *, size_t, gfp_t);
void kfree(const void *);
void kzfree(const void *);
size_t ksize(const void *);
/*
* Allocator specific definitions. These are mainly used to establish optimized
-@@ -264,8 +277,18 @@ size_t ksize(const void *);
+@@ -311,6 +323,7 @@ size_t ksize(const void *);
* for general use, and so are not documented here. For a full list of
* potential flags, always refer to linux/gfp.h.
*/
-+
-+extern void kmalloc_array_error(void)
-+#if defined(CONFIG_GCOV_KERNEL) && defined(CONFIG_PAX_SIZE_OVERFLOW)
-+__compiletime_warning("kmalloc_array called with swapped arguments?");
-+#else
-+__compiletime_error("kmalloc_array called with swapped arguments?");
-+#endif
+
static inline void *kmalloc_array(size_t n, size_t size, gfp_t flags)
{
-+ if (__builtin_constant_p(n) && !__builtin_constant_p(size))
-+ kmalloc_array_error();
if (size != 0 && n > SIZE_MAX / size)
- return NULL;
- return __kmalloc(n * size, flags);
-@@ -323,7 +346,7 @@ static inline void *kmem_cache_alloc_node(struct kmem_cache *cachep,
+@@ -370,7 +383,7 @@ static inline void *kmem_cache_alloc_node(struct kmem_cache *cachep,
#if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_SLUB) || \
(defined(CONFIG_SLAB) && defined(CONFIG_TRACING)) || \
(defined(CONFIG_SLOB) && defined(CONFIG_TRACING))
#define kmalloc_track_caller(size, flags) \
__kmalloc_track_caller(size, flags, _RET_IP_)
#else
-@@ -343,7 +366,7 @@ extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long);
+@@ -390,7 +403,7 @@ extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long);
#if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_SLUB) || \
(defined(CONFIG_SLAB) && defined(CONFIG_TRACING)) || \
(defined(CONFIG_SLOB) && defined(CONFIG_TRACING))
__kmalloc_node_track_caller(size, flags, node, \
_RET_IP_)
diff --git a/include/linux/slab_def.h b/include/linux/slab_def.h
-index cc290f0..0ba60931 100644
+index 8bb6e0e..8eb0dbe 100644
--- a/include/linux/slab_def.h
+++ b/include/linux/slab_def.h
@@ -52,7 +52,7 @@ struct kmem_cache {
/*
* If debugging is enabled, then the allocator can add additional
-@@ -104,11 +104,16 @@ struct cache_sizes {
+@@ -111,11 +111,16 @@ struct cache_sizes {
#ifdef CONFIG_ZONE_DMA
struct kmem_cache *cs_dmacachep;
#endif
#ifdef CONFIG_TRACING
extern void *kmem_cache_alloc_trace(struct kmem_cache *, gfp_t, size_t);
-@@ -145,6 +150,13 @@ found:
+@@ -152,6 +157,13 @@ found:
cachep = malloc_sizes[i].cs_dmacachep;
else
#endif
cachep = malloc_sizes[i].cs_cachep;
ret = kmem_cache_alloc_trace(cachep, flags, size);
-@@ -155,7 +167,7 @@ found:
+@@ -162,7 +174,7 @@ found:
}
#ifdef CONFIG_NUMA
extern void *kmem_cache_alloc_node(struct kmem_cache *, gfp_t flags, int node);
#ifdef CONFIG_TRACING
-@@ -198,6 +210,13 @@ found:
+@@ -205,6 +217,13 @@ found:
cachep = malloc_sizes[i].cs_dmacachep;
else
#endif
return kmalloc(size, flags);
}
diff --git a/include/linux/slub_def.h b/include/linux/slub_def.h
-index df448ad..b99e7f6 100644
+index 9db4825..ed42fb5 100644
--- a/include/linux/slub_def.h
+++ b/include/linux/slub_def.h
@@ -91,7 +91,7 @@ struct kmem_cache {
void (*ctor)(void *);
int inuse; /* Offset to metadata */
int align; /* Alignment */
-@@ -152,7 +152,7 @@ extern struct kmem_cache *kmalloc_caches[SLUB_PAGE_SHIFT];
+@@ -156,7 +156,7 @@ extern struct kmem_cache *kmalloc_caches[SLUB_PAGE_SHIFT];
* Sorry that the following has to be that ugly but some versions of GCC
* have trouble with constant propagation and loops.
*/
{
if (!size)
return 0;
-@@ -217,7 +217,7 @@ static __always_inline struct kmem_cache *kmalloc_slab(size_t size)
+@@ -221,7 +221,7 @@ static __always_inline struct kmem_cache *kmalloc_slab(size_t size)
}
void *kmem_cache_alloc(struct kmem_cache *, gfp_t);
static __always_inline void *
kmalloc_order(size_t size, gfp_t flags, unsigned int order)
-@@ -258,7 +258,7 @@ kmalloc_order_trace(size_t size, gfp_t flags, unsigned int order)
+@@ -265,7 +265,7 @@ kmalloc_order_trace(size_t size, gfp_t flags, unsigned int order)
}
#endif
{
unsigned int order = get_order(size);
return kmalloc_order_trace(size, flags, order);
-@@ -283,7 +283,7 @@ static __always_inline void *kmalloc(size_t size, gfp_t flags)
+@@ -290,7 +290,7 @@ static __always_inline void *kmalloc(size_t size, gfp_t flags)
}
#ifdef CONFIG_NUMA
void *kmem_cache_alloc_node(struct kmem_cache *, gfp_t flags, int node);
#ifdef CONFIG_TRACING
+diff --git a/include/linux/sock_diag.h b/include/linux/sock_diag.h
+index e8d702e..0a56eb4 100644
+--- a/include/linux/sock_diag.h
++++ b/include/linux/sock_diag.h
+@@ -10,7 +10,7 @@ struct sock;
+ struct sock_diag_handler {
+ __u8 family;
+ int (*dump)(struct sk_buff *skb, struct nlmsghdr *nlh);
+-};
++} __do_const;
+
+ int sock_diag_register(const struct sock_diag_handler *h);
+ void sock_diag_unregister(const struct sock_diag_handler *h);
diff --git a/include/linux/sonet.h b/include/linux/sonet.h
index 680f9a3..f13aeb0 100644
--- a/include/linux/sonet.h
#undef __HANDLE_ITEM
};
diff --git a/include/linux/sunrpc/clnt.h b/include/linux/sunrpc/clnt.h
-index 34206b8..f019e06 100644
+index 34206b8..3db7f1c 100644
--- a/include/linux/sunrpc/clnt.h
+++ b/include/linux/sunrpc/clnt.h
+@@ -96,7 +96,7 @@ struct rpc_procinfo {
+ unsigned int p_timer; /* Which RTT timer to use */
+ u32 p_statidx; /* Which procedure to account */
+ const char * p_name; /* name of procedure */
+-};
++} __do_const;
+
+ #ifdef __KERNEL__
+
@@ -176,9 +176,9 @@ static inline unsigned short rpc_get_port(const struct sockaddr *sap)
{
switch (sap->sa_family) {
}
#endif /* __KERNEL__ */
+diff --git a/include/linux/sunrpc/svc.h b/include/linux/sunrpc/svc.h
+index 676ddf5..4c519a1 100644
+--- a/include/linux/sunrpc/svc.h
++++ b/include/linux/sunrpc/svc.h
+@@ -410,7 +410,7 @@ struct svc_procedure {
+ unsigned int pc_count; /* call count */
+ unsigned int pc_cachetype; /* cache info (NFS) */
+ unsigned int pc_xdrressize; /* maximum size of XDR reply */
+-};
++} __do_const;
+
+ /*
+ * Function prototypes.
diff --git a/include/linux/sunrpc/svc_rdma.h b/include/linux/sunrpc/svc_rdma.h
index 0b8e3e6..33e0a01 100644
--- a/include/linux/sunrpc/svc_rdma.h
#define RPCRDMA_VERSION 1
+diff --git a/include/linux/sunrpc/svcauth.h b/include/linux/sunrpc/svcauth.h
+index dd74084a..7f509d5 100644
+--- a/include/linux/sunrpc/svcauth.h
++++ b/include/linux/sunrpc/svcauth.h
+@@ -109,7 +109,7 @@ struct auth_ops {
+ int (*release)(struct svc_rqst *rq);
+ void (*domain_release)(struct auth_domain *);
+ int (*set_client)(struct svc_rqst *rq);
+-};
++} __do_const;
+
+ #define SVC_GARBAGE 1
+ #define SVC_SYSERR 2
+diff --git a/include/linux/swiotlb.h b/include/linux/swiotlb.h
+index 071d62c..4ccc7ac 100644
+--- a/include/linux/swiotlb.h
++++ b/include/linux/swiotlb.h
+@@ -59,7 +59,8 @@ extern void
+
+ extern void
+ swiotlb_free_coherent(struct device *hwdev, size_t size,
+- void *vaddr, dma_addr_t dma_handle);
++ void *vaddr, dma_addr_t dma_handle,
++ struct dma_attrs *attrs);
+
+ extern dma_addr_t swiotlb_map_page(struct device *dev, struct page *page,
+ unsigned long offset, size_t size,
+diff --git a/include/linux/syscore_ops.h b/include/linux/syscore_ops.h
+index 27b3b0b..e093dd9 100644
+--- a/include/linux/syscore_ops.h
++++ b/include/linux/syscore_ops.h
+@@ -16,7 +16,7 @@ struct syscore_ops {
+ int (*suspend)(void);
+ void (*resume)(void);
+ void (*shutdown)(void);
+-};
++} __do_const;
+
+ extern void register_syscore_ops(struct syscore_ops *ops);
+ extern void unregister_syscore_ops(struct syscore_ops *ops);
diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h
-index cd844a6..3ca3592 100644
+index 14a8ff2..af52bad 100644
--- a/include/linux/sysctl.h
+++ b/include/linux/sysctl.h
-@@ -41,6 +41,8 @@ typedef int proc_handler (struct ctl_table *ctl, int write,
+@@ -34,13 +34,13 @@ struct ctl_table_root;
+ struct ctl_table_header;
+ struct ctl_dir;
+
+-typedef struct ctl_table ctl_table;
+-
+ typedef int proc_handler (struct ctl_table *ctl, int write,
+ void __user *buffer, size_t *lenp, loff_t *ppos);
extern int proc_dostring(struct ctl_table *, int,
void __user *, size_t *, loff_t *);
extern int proc_dointvec(struct ctl_table *, int,
void __user *, size_t *, loff_t *);
extern int proc_dointvec_minmax(struct ctl_table *, int,
+@@ -115,7 +115,9 @@ struct ctl_table
+ struct ctl_table_poll *poll;
+ void *extra1;
+ void *extra2;
+-};
++} __do_const;
++typedef struct ctl_table __no_const ctl_table_no_const;
++typedef struct ctl_table ctl_table;
+
+ struct ctl_node {
+ struct rb_node node;
+diff --git a/include/linux/sysfs.h b/include/linux/sysfs.h
+index 381f06d..dc16cc7 100644
+--- a/include/linux/sysfs.h
++++ b/include/linux/sysfs.h
+@@ -31,7 +31,8 @@ struct attribute {
+ struct lock_class_key *key;
+ struct lock_class_key skey;
+ #endif
+-};
++} __do_const;
++typedef struct attribute __no_const attribute_no_const;
+
+ /**
+ * sysfs_attr_init - initialize a dynamically allocated sysfs attribute
+@@ -59,8 +60,8 @@ struct attribute_group {
+ umode_t (*is_visible)(struct kobject *,
+ struct attribute *, int);
+ struct attribute **attrs;
+-};
+-
++} __do_const;
++typedef struct attribute_group __no_const attribute_group_no_const;
+
+
+ /**
+@@ -107,7 +108,8 @@ struct bin_attribute {
+ char *, loff_t, size_t);
+ int (*mmap)(struct file *, struct kobject *, struct bin_attribute *attr,
+ struct vm_area_struct *vma);
+-};
++} __do_const;
++typedef struct bin_attribute __no_const bin_attribute_no_const;
+
+ /**
+ * sysfs_bin_attr_init - initialize a dynamically allocated bin_attribute
diff --git a/include/linux/sysrq.h b/include/linux/sysrq.h
-index 7faf933..eb6f5e3 100644
+index 7faf933..4657127 100644
--- a/include/linux/sysrq.h
+++ b/include/linux/sysrq.h
-@@ -36,7 +36,7 @@ struct sysrq_key_op {
+@@ -15,7 +15,9 @@
+ #define _LINUX_SYSRQ_H
+
+ #include <linux/errno.h>
++#include <linux/compiler.h>
+ #include <linux/types.h>
++#include <linux/compiler.h>
+
+ /* Enable/disable SYSRQ support by default (0==no, 1==yes). */
+ #define SYSRQ_DEFAULT_ENABLE 1
+@@ -36,7 +38,7 @@ struct sysrq_key_op {
char *help_msg;
char *action_msg;
int enable_mask;
#ifdef CONFIG_MAGIC_SYSRQ
diff --git a/include/linux/thread_info.h b/include/linux/thread_info.h
-index ccc1899..b1aaceb 100644
+index e7e0473..39b7b52 100644
--- a/include/linux/thread_info.h
+++ b/include/linux/thread_info.h
-@@ -146,6 +146,15 @@ static inline bool test_and_clear_restore_sigmask(void)
+@@ -148,6 +148,15 @@ static inline bool test_and_clear_restore_sigmask(void)
#error "no set_restore_sigmask() provided and default one won't work"
#endif
#endif /* _LINUX_THREAD_INFO_H */
diff --git a/include/linux/tty.h b/include/linux/tty.h
-index f0b4eb4..1c4854e 100644
+index 8db1b56..c16a040 100644
--- a/include/linux/tty.h
+++ b/include/linux/tty.h
-@@ -192,7 +192,7 @@ struct tty_port {
+@@ -194,7 +194,7 @@ struct tty_port {
const struct tty_port_operations *ops; /* Port operations */
spinlock_t lock; /* Lock protecting tty field */
int blocked_open; /* Waiting to open */
wait_queue_head_t open_wait; /* Open waiters */
wait_queue_head_t close_wait; /* Close waiters */
wait_queue_head_t delta_msr_wait; /* Modem status change */
-@@ -513,7 +513,7 @@ extern int tty_port_open(struct tty_port *port,
+@@ -490,7 +490,7 @@ extern int tty_port_open(struct tty_port *port,
struct tty_struct *tty, struct file *filp);
static inline int tty_port_users(struct tty_port *port)
{
struct tty_ldisc {
diff --git a/include/linux/types.h b/include/linux/types.h
-index 1cc0e4b..0d50edf 100644
+index 4d118ba..c3ee9bf 100644
--- a/include/linux/types.h
+++ b/include/linux/types.h
-@@ -175,10 +175,26 @@ typedef struct {
+@@ -176,10 +176,26 @@ typedef struct {
int counter;
} atomic_t;
ret; \
})
+diff --git a/include/linux/uidgid.h b/include/linux/uidgid.h
+index 8e522cbc..aa8572d 100644
+--- a/include/linux/uidgid.h
++++ b/include/linux/uidgid.h
+@@ -197,4 +197,9 @@ static inline bool kgid_has_mapping(struct user_namespace *ns, kgid_t gid)
+
+ #endif /* CONFIG_USER_NS */
+
++#define GR_GLOBAL_UID(x) from_kuid_munged(&init_user_ns, (x))
++#define GR_GLOBAL_GID(x) from_kgid_munged(&init_user_ns, (x))
++#define gr_is_global_root(x) uid_eq((x), GLOBAL_ROOT_UID)
++#define gr_is_global_nonroot(x) (!uid_eq((x), GLOBAL_ROOT_UID))
++
+ #endif /* _LINUX_UIDGID_H */
diff --git a/include/linux/unaligned/access_ok.h b/include/linux/unaligned/access_ok.h
index 99c1b4d..bb94261 100644
--- a/include/linux/unaligned/access_ok.h
static inline void put_unaligned_le16(u16 val, void *p)
diff --git a/include/linux/usb.h b/include/linux/usb.h
-index 10278d1..e21ec3c 100644
+index 4d22d0f..ac43c2f 100644
--- a/include/linux/usb.h
+++ b/include/linux/usb.h
-@@ -551,7 +551,7 @@ struct usb_device {
+@@ -554,7 +554,7 @@ struct usb_device {
int maxchild;
u32 quirks;
/*
* callback functions for platform
-diff --git a/include/linux/usb/usbnet.h b/include/linux/usb/usbnet.h
-index ddbbb7d..9134611 100644
---- a/include/linux/usb/usbnet.h
-+++ b/include/linux/usb/usbnet.h
-@@ -33,6 +33,7 @@ struct usbnet {
- wait_queue_head_t *wait;
- struct mutex phy_mutex;
- unsigned char suspend_count;
-+ unsigned char pkt_cnt, pkt_err;
-
- /* i/o info: pipes etc */
- unsigned in, out;
-@@ -69,6 +70,8 @@ struct usbnet {
- # define EVENT_DEV_ASLEEP 6
- # define EVENT_DEV_OPEN 7
- # define EVENT_DEVICE_REPORT_IDLE 8
-+# define EVENT_NO_RUNTIME_PM 9
-+# define EVENT_RX_KILL 10
- };
-
- static inline struct usb_driver *driver_of(struct usb_interface *intf)
+diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h
+index b9bd2e6..4ce0093 100644
+--- a/include/linux/user_namespace.h
++++ b/include/linux/user_namespace.h
+@@ -21,7 +21,7 @@ struct user_namespace {
+ struct uid_gid_map uid_map;
+ struct uid_gid_map gid_map;
+ struct uid_gid_map projid_map;
+- struct kref kref;
++ atomic_t count;
+ struct user_namespace *parent;
+ kuid_t owner;
+ kgid_t group;
+@@ -35,18 +35,18 @@ extern struct user_namespace init_user_ns;
+ static inline struct user_namespace *get_user_ns(struct user_namespace *ns)
+ {
+ if (ns)
+- kref_get(&ns->kref);
++ atomic_inc(&ns->count);
+ return ns;
+ }
+
+ extern int create_user_ns(struct cred *new);
+ extern int unshare_userns(unsigned long unshare_flags, struct cred **new_cred);
+-extern void free_user_ns(struct kref *kref);
++extern void free_user_ns(struct user_namespace *ns);
+
+ static inline void put_user_ns(struct user_namespace *ns)
+ {
+- if (ns)
+- kref_put(&ns->kref, free_user_ns);
++ if (ns && atomic_dec_and_test(&ns->count))
++ free_user_ns(ns);
+ }
+
+ struct seq_operations;
diff --git a/include/linux/vermagic.h b/include/linux/vermagic.h
index 6f8fbcf..8259001 100644
--- a/include/linux/vermagic.h
/*
* Internals. Dont't use..
diff --git a/include/linux/vmstat.h b/include/linux/vmstat.h
-index 92a86b2..1d9eb3c 100644
+index a13291f..af51fa3 100644
--- a/include/linux/vmstat.h
+++ b/include/linux/vmstat.h
-@@ -87,18 +87,18 @@ static inline void vm_events_fold_cpu(int cpu)
+@@ -95,18 +95,18 @@ static inline void vm_events_fold_cpu(int cpu)
/*
* Zone based page accounting with per cpu differentials.
*/
#ifdef CONFIG_SMP
if (x < 0)
x = 0;
-@@ -109,7 +109,7 @@ static inline unsigned long global_page_state(enum zone_stat_item item)
+@@ -117,7 +117,7 @@ static inline unsigned long global_page_state(enum zone_stat_item item)
static inline unsigned long zone_page_state(struct zone *zone,
enum zone_stat_item item)
{
#ifdef CONFIG_SMP
if (x < 0)
x = 0;
-@@ -126,7 +126,7 @@ static inline unsigned long zone_page_state(struct zone *zone,
+@@ -134,7 +134,7 @@ static inline unsigned long zone_page_state(struct zone *zone,
static inline unsigned long zone_page_state_snapshot(struct zone *zone,
enum zone_stat_item item)
{
#ifdef CONFIG_SMP
int cpu;
-@@ -218,8 +218,8 @@ static inline void __mod_zone_page_state(struct zone *zone,
+@@ -226,8 +226,8 @@ static inline void __mod_zone_page_state(struct zone *zone,
static inline void __inc_zone_state(struct zone *zone, enum zone_stat_item item)
{
}
static inline void __inc_zone_page_state(struct page *page,
-@@ -230,8 +230,8 @@ static inline void __inc_zone_page_state(struct page *page,
+@@ -238,8 +238,8 @@ static inline void __inc_zone_page_state(struct page *page,
static inline void __dec_zone_state(struct zone *zone, enum zone_stat_item item)
{
}
static inline void __dec_zone_page_state(struct page *page,
+diff --git a/include/linux/xattr.h b/include/linux/xattr.h
+index fdbafc6..b7ffd47 100644
+--- a/include/linux/xattr.h
++++ b/include/linux/xattr.h
+@@ -28,7 +28,7 @@ struct xattr_handler {
+ size_t size, int handler_flags);
+ int (*set)(struct dentry *dentry, const char *name, const void *buffer,
+ size_t size, int flags, int handler_flags);
+-};
++} __do_const;
+
+ struct xattr {
+ char *name;
diff --git a/include/media/v4l2-dev.h b/include/media/v4l2-dev.h
index 95d1c91..6798cca 100644
--- a/include/media/v4l2-dev.h
/*
* Newer version of video_device, handled by videodev2.c
diff --git a/include/media/v4l2-ioctl.h b/include/media/v4l2-ioctl.h
-index e48b571..7e40de4 100644
+index 4118ad1..cb7e25f 100644
--- a/include/media/v4l2-ioctl.h
+++ b/include/media/v4l2-ioctl.h
-@@ -282,7 +282,6 @@ struct v4l2_ioctl_ops {
+@@ -284,7 +284,6 @@ struct v4l2_ioctl_ops {
bool valid_prio, int cmd, void *arg);
};
/* v4l debugging and diagnostics */
/* Debug bitmask flags to be used on V4L2 */
+diff --git a/include/net/9p/transport.h b/include/net/9p/transport.h
+index adcbb20..62c2559 100644
+--- a/include/net/9p/transport.h
++++ b/include/net/9p/transport.h
+@@ -57,7 +57,7 @@ struct p9_trans_module {
+ int (*cancel) (struct p9_client *, struct p9_req_t *req);
+ int (*zc_request)(struct p9_client *, struct p9_req_t *,
+ char *, char *, int , int, int, int);
+-};
++} __do_const;
+
+ void v9fs_register_trans(struct p9_trans_module *m);
+ void v9fs_unregister_trans(struct p9_trans_module *m);
+diff --git a/include/net/bluetooth/l2cap.h b/include/net/bluetooth/l2cap.h
+index 7588ef4..e62d35f 100644
+--- a/include/net/bluetooth/l2cap.h
++++ b/include/net/bluetooth/l2cap.h
+@@ -552,7 +552,7 @@ struct l2cap_ops {
+ void (*defer) (struct l2cap_chan *chan);
+ struct sk_buff *(*alloc_skb) (struct l2cap_chan *chan,
+ unsigned long len, int nb);
+-};
++} __do_const;
+
+ struct l2cap_conn {
+ struct hci_conn *hcon;
diff --git a/include/net/caif/cfctrl.h b/include/net/caif/cfctrl.h
index 9e5425b..8136ffc 100644
--- a/include/net/caif/cfctrl.h
+extern atomic_unchecked_t flow_cache_genid;
#endif
+diff --git a/include/net/genetlink.h b/include/net/genetlink.h
+index bdfbe68..4402ebe 100644
+--- a/include/net/genetlink.h
++++ b/include/net/genetlink.h
+@@ -118,7 +118,7 @@ struct genl_ops {
+ struct netlink_callback *cb);
+ int (*done)(struct netlink_callback *cb);
+ struct list_head ops_list;
+-};
++} __do_const;
+
+ extern int genl_register_family(struct genl_family *family);
+ extern int genl_register_family_with_ops(struct genl_family *family,
diff --git a/include/net/gro_cells.h b/include/net/gro_cells.h
index e5062c9..48a9a4b 100644
--- a/include/net/gro_cells.h
return new;
}
+diff --git a/include/net/ip.h b/include/net/ip.h
+index a68f838..74518ab 100644
+--- a/include/net/ip.h
++++ b/include/net/ip.h
+@@ -202,7 +202,7 @@ extern struct local_ports {
+ } sysctl_local_ports;
+ extern void inet_get_local_port_range(int *low, int *high);
+
+-extern unsigned long *sysctl_local_reserved_ports;
++extern unsigned long sysctl_local_reserved_ports[65536 / 8 / sizeof(unsigned long)];
+ static inline int inet_is_reserved_local_port(int port)
+ {
+ return test_bit(port, sysctl_local_reserved_ports);
diff --git a/include/net/ip_fib.h b/include/net/ip_fib.h
index 9497be1..5a4fafe 100644
--- a/include/net/ip_fib.h
fib_info_update_nh_saddr((net), &FIB_RES_NH(res)))
#define FIB_RES_GW(res) (FIB_RES_NH(res).nh_gw)
diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
-index ee75ccd..2cc2b95 100644
+index 68c69d5..bdab192 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
-@@ -510,7 +510,7 @@ struct ip_vs_conn {
+@@ -599,7 +599,7 @@ struct ip_vs_conn {
struct ip_vs_conn *control; /* Master control connection */
atomic_t n_control; /* Number of controlled ones */
struct ip_vs_dest *dest; /* real server */
/* packet transmitter for different forwarding methods. If it
mangles the packet, it must return NF_DROP or better NF_STOLEN,
-@@ -648,7 +648,7 @@ struct ip_vs_dest {
+@@ -737,7 +737,7 @@ struct ip_vs_dest {
__be16 port; /* port number of the server */
union nf_inet_addr addr; /* IP address of the server */
volatile unsigned int flags; /* dest status flags */
atomic_t weight; /* server weight */
atomic_t refcnt; /* reference counter */
+@@ -980,11 +980,11 @@ struct netns_ipvs {
+ /* ip_vs_lblc */
+ int sysctl_lblc_expiration;
+ struct ctl_table_header *lblc_ctl_header;
+- struct ctl_table *lblc_ctl_table;
++ ctl_table_no_const *lblc_ctl_table;
+ /* ip_vs_lblcr */
+ int sysctl_lblcr_expiration;
+ struct ctl_table_header *lblcr_ctl_header;
+- struct ctl_table *lblcr_ctl_table;
++ ctl_table_no_const *lblcr_ctl_table;
+ /* ip_vs_est */
+ struct list_head est_list; /* estimator list */
+ spinlock_t est_lock;
diff --git a/include/net/irda/ircomm_tty.h b/include/net/irda/ircomm_tty.h
index 80ffde3..968b0f4 100644
--- a/include/net/irda/ircomm_tty.h
};
unsigned int iucv_sock_poll(struct file *file, struct socket *sock,
+diff --git a/include/net/llc_c_ac.h b/include/net/llc_c_ac.h
+index df83f69..9b640b8 100644
+--- a/include/net/llc_c_ac.h
++++ b/include/net/llc_c_ac.h
+@@ -87,7 +87,7 @@
+ #define LLC_CONN_AC_STOP_SENDACK_TMR 70
+ #define LLC_CONN_AC_START_SENDACK_TMR_IF_NOT_RUNNING 71
+
+-typedef int (*llc_conn_action_t)(struct sock *sk, struct sk_buff *skb);
++typedef int (* const llc_conn_action_t)(struct sock *sk, struct sk_buff *skb);
+
+ extern int llc_conn_ac_clear_remote_busy(struct sock *sk, struct sk_buff *skb);
+ extern int llc_conn_ac_conn_ind(struct sock *sk, struct sk_buff *skb);
+diff --git a/include/net/llc_c_ev.h b/include/net/llc_c_ev.h
+index 6ca3113..f8026dd 100644
+--- a/include/net/llc_c_ev.h
++++ b/include/net/llc_c_ev.h
+@@ -125,8 +125,8 @@ static __inline__ struct llc_conn_state_ev *llc_conn_ev(struct sk_buff *skb)
+ return (struct llc_conn_state_ev *)skb->cb;
+ }
+
+-typedef int (*llc_conn_ev_t)(struct sock *sk, struct sk_buff *skb);
+-typedef int (*llc_conn_ev_qfyr_t)(struct sock *sk, struct sk_buff *skb);
++typedef int (* const llc_conn_ev_t)(struct sock *sk, struct sk_buff *skb);
++typedef int (* const llc_conn_ev_qfyr_t)(struct sock *sk, struct sk_buff *skb);
+
+ extern int llc_conn_ev_conn_req(struct sock *sk, struct sk_buff *skb);
+ extern int llc_conn_ev_data_req(struct sock *sk, struct sk_buff *skb);
+diff --git a/include/net/llc_c_st.h b/include/net/llc_c_st.h
+index 0e79cfb..f46db31 100644
+--- a/include/net/llc_c_st.h
++++ b/include/net/llc_c_st.h
+@@ -37,7 +37,7 @@ struct llc_conn_state_trans {
+ u8 next_state;
+ llc_conn_ev_qfyr_t *ev_qualifiers;
+ llc_conn_action_t *ev_actions;
+-};
++} __do_const;
+
+ struct llc_conn_state {
+ u8 current_state;
+diff --git a/include/net/llc_s_ac.h b/include/net/llc_s_ac.h
+index 37a3bbd..55a4241 100644
+--- a/include/net/llc_s_ac.h
++++ b/include/net/llc_s_ac.h
+@@ -23,7 +23,7 @@
+ #define SAP_ACT_TEST_IND 9
+
+ /* All action functions must look like this */
+-typedef int (*llc_sap_action_t)(struct llc_sap *sap, struct sk_buff *skb);
++typedef int (* const llc_sap_action_t)(struct llc_sap *sap, struct sk_buff *skb);
+
+ extern int llc_sap_action_unitdata_ind(struct llc_sap *sap,
+ struct sk_buff *skb);
+diff --git a/include/net/llc_s_st.h b/include/net/llc_s_st.h
+index 567c681..cd73ac0 100644
+--- a/include/net/llc_s_st.h
++++ b/include/net/llc_s_st.h
+@@ -20,7 +20,7 @@ struct llc_sap_state_trans {
+ llc_sap_ev_t ev;
+ u8 next_state;
+ llc_sap_action_t *ev_actions;
+-};
++} __do_const;
+
+ struct llc_sap_state {
+ u8 curr_state;
+diff --git a/include/net/mac80211.h b/include/net/mac80211.h
+index ee50c5e..1bc3b1a 100644
+--- a/include/net/mac80211.h
++++ b/include/net/mac80211.h
+@@ -3996,7 +3996,7 @@ struct rate_control_ops {
+ void (*add_sta_debugfs)(void *priv, void *priv_sta,
+ struct dentry *dir);
+ void (*remove_sta_debugfs)(void *priv, void *priv_sta);
+-};
++} __do_const;
+
+ static inline int rate_supported(struct ieee80211_sta *sta,
+ enum ieee80211_band band,
diff --git a/include/net/neighbour.h b/include/net/neighbour.h
index 0dab173..1b76af0 100644
--- a/include/net/neighbour.h
struct pneigh_entry {
struct pneigh_entry *next;
diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h
-index 95e6466..251016d 100644
+index de644bc..351fd4e 100644
--- a/include/net/net_namespace.h
+++ b/include/net/net_namespace.h
-@@ -110,7 +110,7 @@ struct net {
+@@ -115,7 +115,7 @@ struct net {
#endif
struct netns_ipvs *ipvs;
struct sock *diag_nlsk;
};
/*
-@@ -320,12 +320,12 @@ static inline void unregister_net_sysctl_table(struct ctl_table_header *header)
+@@ -282,7 +282,7 @@ struct pernet_operations {
+ void (*exit_batch)(struct list_head *net_exit_list);
+ int *id;
+ size_t size;
+-};
++} __do_const;
+
+ /*
+ * Use these carefully. If you implement a network device and it
+@@ -330,12 +330,12 @@ static inline void unregister_net_sysctl_table(struct ctl_table_header *header)
static inline int rt_genid(struct net *net)
{
struct sk_buff *skb, int offset, struct iovec *to,
size_t len, struct dma_pinned_list *pinned_list);
-diff --git a/include/net/netfilter/nf_queue.h b/include/net/netfilter/nf_queue.h
-index 252fd10..aa1421f 100644
---- a/include/net/netfilter/nf_queue.h
-+++ b/include/net/netfilter/nf_queue.h
-@@ -22,7 +22,7 @@ struct nf_queue_handler {
- int (*outfn)(struct nf_queue_entry *entry,
- unsigned int queuenum);
- char *name;
--};
-+} __do_const;
-
- extern int nf_register_queue_handler(u_int8_t pf,
- const struct nf_queue_handler *qh);
diff --git a/include/net/netlink.h b/include/net/netlink.h
index 9690b0f..87aded7 100644
--- a/include/net/netlink.h
}
/**
+diff --git a/include/net/netns/conntrack.h b/include/net/netns/conntrack.h
+index 923cb20..deae816 100644
+--- a/include/net/netns/conntrack.h
++++ b/include/net/netns/conntrack.h
+@@ -12,10 +12,10 @@ struct nf_conntrack_ecache;
+ struct nf_proto_net {
+ #ifdef CONFIG_SYSCTL
+ struct ctl_table_header *ctl_table_header;
+- struct ctl_table *ctl_table;
++ ctl_table_no_const *ctl_table;
+ #ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
+ struct ctl_table_header *ctl_compat_header;
+- struct ctl_table *ctl_compat_table;
++ ctl_table_no_const *ctl_compat_table;
+ #endif
+ #endif
+ unsigned int users;
+@@ -58,7 +58,7 @@ struct nf_ip_net {
+ struct nf_icmp_net icmpv6;
+ #if defined(CONFIG_SYSCTL) && defined(CONFIG_NF_CONNTRACK_PROC_COMPAT)
+ struct ctl_table_header *ctl_table_header;
+- struct ctl_table *ctl_table;
++ ctl_table_no_const *ctl_table;
+ #endif
+ };
+
diff --git a/include/net/netns/ipv4.h b/include/net/netns/ipv4.h
index 2ae2b83..dbdc85e 100644
--- a/include/net/netns/ipv4.h
#ifdef CONFIG_IP_MROUTE
#ifndef CONFIG_IP_MROUTE_MULTIPLE_TABLES
diff --git a/include/net/protocol.h b/include/net/protocol.h
-index 929528c..c84d4f6 100644
+index 047c047..b9dad15 100644
--- a/include/net/protocol.h
+++ b/include/net/protocol.h
-@@ -48,7 +48,7 @@ struct net_protocol {
- int (*gro_complete)(struct sk_buff *skb);
+@@ -44,7 +44,7 @@ struct net_protocol {
+ void (*err_handler)(struct sk_buff *skb, u32 info);
unsigned int no_policy:1,
netns_ok:1;
-};
#if IS_ENABLED(CONFIG_IPV6)
struct inet6_protocol {
-@@ -69,7 +69,7 @@ struct inet6_protocol {
- int (*gro_complete)(struct sk_buff *skb);
-
+@@ -57,7 +57,7 @@ struct inet6_protocol {
+ u8 type, u8 code, int offset,
+ __be32 info);
unsigned int flags; /* INET6_PROTO_xxx */
-};
+} __do_const;
#define INET6_PROTO_NOPOLICY 0x1
#define INET6_PROTO_FINAL 0x2
+diff --git a/include/net/rtnetlink.h b/include/net/rtnetlink.h
+index 5a15fab..d799ea7 100644
+--- a/include/net/rtnetlink.h
++++ b/include/net/rtnetlink.h
+@@ -81,7 +81,7 @@ struct rtnl_link_ops {
+ const struct net_device *dev);
+ unsigned int (*get_num_tx_queues)(void);
+ unsigned int (*get_num_rx_queues)(void);
+-};
++} __do_const;
+
+ extern int __rtnl_link_register(struct rtnl_link_ops *ops);
+ extern void __rtnl_link_unregister(struct rtnl_link_ops *ops);
diff --git a/include/net/sctp/sctp.h b/include/net/sctp/sctp.h
-index 9c6414f..fbd0524 100644
+index 7fdf298..197e9f7 100644
--- a/include/net/sctp/sctp.h
+++ b/include/net/sctp/sctp.h
-@@ -318,9 +318,9 @@ do { \
+@@ -330,9 +330,9 @@ do { \
#else /* SCTP_DEBUG */
#define SCTP_ENABLE_DEBUG
#define SCTP_DISABLE_DEBUG
#define SCTP_ASSERT(expr, str, func)
+diff --git a/include/net/sctp/sm.h b/include/net/sctp/sm.h
+index 2a82d13..62a31c2 100644
+--- a/include/net/sctp/sm.h
++++ b/include/net/sctp/sm.h
+@@ -87,7 +87,7 @@ typedef void (sctp_timer_event_t) (unsigned long);
+ typedef struct {
+ sctp_state_fn_t *fn;
+ const char *name;
+-} sctp_sm_table_entry_t;
++} __do_const sctp_sm_table_entry_t;
+
+ /* A naming convention of "sctp_sf_xxx" applies to all the state functions
+ * currently in use.
+@@ -299,7 +299,7 @@ __u32 sctp_generate_tag(const struct sctp_endpoint *);
+ __u32 sctp_generate_tsn(const struct sctp_endpoint *);
+
+ /* Extern declarations for major data structures. */
+-extern sctp_timer_event_t *sctp_timer_events[SCTP_NUM_TIMEOUT_TYPES];
++extern sctp_timer_event_t * const sctp_timer_events[SCTP_NUM_TIMEOUT_TYPES];
+
+
+ /* Get the size of a DATA chunk payload. */
diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h
-index 64158aa..b65533c 100644
+index fdeb85a..1329d95 100644
--- a/include/net/sctp/structs.h
+++ b/include/net/sctp/structs.h
-@@ -496,7 +496,7 @@ struct sctp_af {
- int sockaddr_len;
- sa_family_t sa_family;
- struct list_head list;
--};
-+} __do_const;
-
- struct sctp_af *sctp_get_af_specific(sa_family_t);
- int sctp_register_af(struct sctp_af *);
-@@ -516,7 +516,7 @@ struct sctp_pf {
+@@ -517,7 +517,7 @@ struct sctp_pf {
struct sctp_association *asoc);
void (*addr_v4map) (struct sctp_sock *, union sctp_addr *);
struct sctp_af *af;
/* Structure to track chunk fragments that have been acked, but peer
diff --git a/include/net/sock.h b/include/net/sock.h
-index c945fba..e162e56 100644
+index 25afaa0..8bb0070 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
-@@ -304,7 +304,7 @@ struct sock {
+@@ -322,7 +322,7 @@ struct sock {
#ifdef CONFIG_RPS
__u32 sk_rxhash;
#endif
int sk_rcvbuf;
struct sk_filter __rcu *sk_filter;
-@@ -1763,7 +1763,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags)
+@@ -1781,7 +1781,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags)
}
static inline int skb_do_copy_data_nocache(struct sock *sk, struct sk_buff *skb,
int copy, int offset)
{
if (skb->ip_summed == CHECKSUM_NONE) {
-@@ -2022,7 +2022,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk)
+@@ -2040,7 +2040,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk)
}
}
/**
* sk_page_frag - return an appropriate page_frag
diff --git a/include/net/tcp.h b/include/net/tcp.h
-index 4af45e3..af97861 100644
+index aed42c7..43890c6 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
-@@ -531,7 +531,7 @@ extern void tcp_retransmit_timer(struct sock *sk);
+@@ -530,7 +530,7 @@ extern void tcp_retransmit_timer(struct sock *sk);
extern void tcp_xmit_retransmit_queue(struct sock *);
extern void tcp_simple_retransmit(struct sock *);
extern int tcp_trim_head(struct sock *, struct sk_buff *, u32);
extern void tcp_send_probe0(struct sock *);
extern void tcp_send_partial(struct sock *);
-@@ -702,8 +702,8 @@ struct tcp_skb_cb {
+@@ -701,8 +701,8 @@ struct tcp_skb_cb {
struct inet6_skb_parm h6;
#endif
} header; /* For incoming frames */
__u32 when; /* used to compute rtt's */
__u8 tcp_flags; /* TCP header flags. (tcp[13]) */
-@@ -717,7 +717,7 @@ struct tcp_skb_cb {
+@@ -716,7 +716,7 @@ struct tcp_skb_cb {
__u8 ip_dsfield; /* IPv4 tos or IPv6 dsfield */
/* 1 byte hole */
#define TCP_SKB_CB(__skb) ((struct tcp_skb_cb *)&((__skb)->cb[0]))
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
-index 63445ed..74ef61d 100644
+index 63445ed..d6fc34f 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
+@@ -304,7 +304,7 @@ struct xfrm_policy_afinfo {
+ struct net_device *dev,
+ const struct flowi *fl);
+ struct dst_entry *(*blackhole_route)(struct net *net, struct dst_entry *orig);
+-};
++} __do_const;
+
+ extern int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo);
+ extern int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo);
+@@ -340,7 +340,7 @@ struct xfrm_state_afinfo {
+ struct sk_buff *skb);
+ int (*transport_finish)(struct sk_buff *skb,
+ int async);
+-};
++} __do_const;
+
+ extern int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo);
+ extern int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo);
@@ -423,7 +423,7 @@ struct xfrm_mode {
struct module *owner;
unsigned int encap;
u8 qfull;
enum fc_lport_state state;
diff --git a/include/scsi/scsi_device.h b/include/scsi/scsi_device.h
-index 55367b0..d97bd2a 100644
+index e65c62e..aa2e5a2 100644
--- a/include/scsi/scsi_device.h
+++ b/include/scsi/scsi_device.h
-@@ -169,9 +169,9 @@ struct scsi_device {
+@@ -170,9 +170,9 @@ struct scsi_device {
unsigned int max_device_blocked; /* what device_blocked counts down from */
#define SCSI_DEFAULT_DEVICE_BLOCKED 3
/**
diff --git a/include/sound/soc.h b/include/sound/soc.h
-index 91244a0..89ca1a7 100644
+index bc56738..a4be132 100644
--- a/include/sound/soc.h
+++ b/include/sound/soc.h
-@@ -769,7 +769,7 @@ struct snd_soc_codec_driver {
+@@ -771,7 +771,7 @@ struct snd_soc_codec_driver {
/* probe ordering - for components with runtime dependencies */
int probe_order;
int remove_order;
/* SoC platform interface */
struct snd_soc_platform_driver {
-@@ -815,7 +815,7 @@ struct snd_soc_platform_driver {
+@@ -817,7 +817,7 @@ struct snd_soc_platform_driver {
unsigned int (*read)(struct snd_soc_platform *, unsigned int);
int (*write)(struct snd_soc_platform *, unsigned int, unsigned int);
int (*bespoke_trigger)(struct snd_pcm_substream *, int);
struct snd_soc_platform {
const char *name;
diff --git a/include/target/target_core_base.h b/include/target/target_core_base.h
-index fca8bbe..c0242ea 100644
+index 663e34a..91b306a 100644
--- a/include/target/target_core_base.h
+++ b/include/target/target_core_base.h
-@@ -760,7 +760,7 @@ struct se_device {
+@@ -654,7 +654,7 @@ struct se_device {
spinlock_t stats_lock;
/* Active commands on this virtual SE device */
atomic_t simple_cmds;
+ atomic_unchecked_t dev_ordered_id;
atomic_t dev_ordered_sync;
atomic_t dev_qf_count;
- struct se_obj dev_obj;
+ int export_count;
diff --git a/include/trace/events/fs.h b/include/trace/events/fs.h
new file mode 100644
index 0000000..fb634b7
void *pmi_pal;
u8 *vbe_state_orig; /*
diff --git a/init/Kconfig b/init/Kconfig
-index 6fdd6e3..5b01610 100644
+index be8b7f5..1eeca9b 100644
--- a/init/Kconfig
+++ b/init/Kconfig
-@@ -925,6 +925,7 @@ endif # CGROUPS
+@@ -990,6 +990,7 @@ endif # CGROUPS
config CHECKPOINT_RESTORE
bool "Checkpoint/restore support" if EXPERT
default n
help
Enables additional kernel features in a sake of checkpoint/restore.
-@@ -1016,6 +1017,8 @@ config UIDGID_CONVERTED
- depends on OCFS2_FS = n
- depends on XFS_FS = n
-
-+ depends on GRKERNSEC = n
-+
- config UIDGID_STRICT_TYPE_CHECKS
- bool "Require conversions between uid/gids and their internal representation"
- depends on UIDGID_CONVERTED
-@@ -1405,7 +1408,7 @@ config SLUB_DEBUG
+@@ -1468,7 +1469,7 @@ config SLUB_DEBUG
config COMPAT_BRK
bool "Disable heap randomization"
help
Randomizing heap placement makes heap exploits harder, but it
also breaks ancient binaries (including anything libc5 based).
-@@ -1648,7 +1651,7 @@ config INIT_ALL_POSSIBLE
+@@ -1711,7 +1712,7 @@ config INIT_ALL_POSSIBLE
config STOP_MACHINE
bool
default y
ifneq ($(CONFIG_BLK_DEV_INITRD),y)
obj-y += noinitramfs.o
diff --git a/init/do_mounts.c b/init/do_mounts.c
-index f8a6642..4e5ee1b 100644
+index 1d1b634..a1c810f 100644
--- a/init/do_mounts.c
+++ b/init/do_mounts.c
-@@ -336,11 +336,11 @@ static void __init get_fs_names(char *page)
+@@ -355,11 +355,11 @@ static void __init get_fs_names(char *page)
static int __init do_mount_root(char *name, char *fs, int flags, void *data)
{
struct super_block *s;
s = current->fs->pwd.dentry->d_sb;
ROOT_DEV = s->s_dev;
printk(KERN_INFO
-@@ -461,18 +461,18 @@ void __init change_floppy(char *fmt, ...)
+@@ -480,18 +480,18 @@ void __init change_floppy(char *fmt, ...)
va_start(args, fmt);
vsprintf(buf, fmt, args);
va_end(args);
termios.c_lflag |= ICANON;
sys_ioctl(fd, TCSETSF, (long)&termios);
sys_close(fd);
-@@ -566,6 +566,6 @@ void __init prepare_namespace(void)
+@@ -585,6 +585,6 @@ void __init prepare_namespace(void)
mount_root();
out:
devtmpfs_mount("dev");
next_state = Reset;
return 0;
diff --git a/init/main.c b/init/main.c
-index 857166f..9df1d8e 100644
+index cee4b5c..6a3402b 100644
--- a/init/main.c
+++ b/init/main.c
@@ -96,6 +96,8 @@ static inline void mark_rodata_ro(void) { }
__setup("reset_devices", set_reset_devices);
+#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
-+int grsec_proc_gid = CONFIG_GRKERNSEC_PROC_GID;
++kgid_t grsec_proc_gid = KGIDT_INIT(CONFIG_GRKERNSEC_PROC_GID);
+static int __init setup_grsec_proc_gid(char *str)
+{
-+ grsec_proc_gid = (int)simple_strtol(str, NULL, 0);
++ grsec_proc_gid = KGIDT_INIT(simple_strtol(str, NULL, 0));
+ return 1;
+}
+__setup("grsec_proc_gid=", setup_grsec_proc_gid);
}
return ret;
-@@ -743,6 +801,10 @@ static char *initcall_level_names[] __initdata = {
- "late",
- };
-
-+#ifdef CONFIG_PAX_LATENT_ENTROPY
-+u64 latent_entropy;
-+#endif
-+
- static void __init do_initcall_level(int level)
- {
- extern const struct kernel_param __start___param[], __stop___param[];
-@@ -755,8 +817,14 @@ static void __init do_initcall_level(int level)
+@@ -755,8 +813,14 @@ static void __init do_initcall_level(int level)
level, level,
&repair_env_string);
do_one_initcall(*fn);
+
+#ifdef CONFIG_PAX_LATENT_ENTROPY
-+ add_device_randomness(&latent_entropy, sizeof(latent_entropy));
++ add_device_randomness((const void *)&latent_entropy, sizeof(latent_entropy));
+#endif
+
+ }
}
static void __init do_initcalls(void)
-@@ -790,8 +858,14 @@ static void __init do_pre_smp_initcalls(void)
+@@ -790,8 +854,14 @@ static void __init do_pre_smp_initcalls(void)
{
initcall_t *fn;
do_one_initcall(*fn);
+
+#ifdef CONFIG_PAX_LATENT_ENTROPY
-+ add_device_randomness(&latent_entropy, sizeof(latent_entropy));
++ add_device_randomness((const void *)&latent_entropy, sizeof(latent_entropy));
+#endif
+
+ }
}
static int run_init_process(const char *init_filename)
-@@ -876,7 +950,7 @@ static noinline void __init kernel_init_freeable(void)
+@@ -877,7 +947,7 @@ static noinline void __init kernel_init_freeable(void)
do_basic_setup();
/* Open the /dev/console on the rootfs, this should never fail */
printk(KERN_WARNING "Warning: unable to open an initial console.\n");
(void) sys_dup(0);
-@@ -889,11 +963,13 @@ static noinline void __init kernel_init_freeable(void)
+@@ -890,11 +960,13 @@ static noinline void __init kernel_init_freeable(void)
if (!ramdisk_execute_command)
ramdisk_execute_command = "/init";
/*
* Ok, we have completed the initial bootup, and
* we're essentially up and running. Get rid of the
+diff --git a/ipc/ipc_sysctl.c b/ipc/ipc_sysctl.c
+index 130dfec..cc88451 100644
+--- a/ipc/ipc_sysctl.c
++++ b/ipc/ipc_sysctl.c
+@@ -30,7 +30,7 @@ static void *get_ipc(ctl_table *table)
+ static int proc_ipc_dointvec(ctl_table *table, int write,
+ void __user *buffer, size_t *lenp, loff_t *ppos)
+ {
+- struct ctl_table ipc_table;
++ ctl_table_no_const ipc_table;
+
+ memcpy(&ipc_table, table, sizeof(ipc_table));
+ ipc_table.data = get_ipc(table);
+@@ -41,7 +41,7 @@ static int proc_ipc_dointvec(ctl_table *table, int write,
+ static int proc_ipc_dointvec_minmax(ctl_table *table, int write,
+ void __user *buffer, size_t *lenp, loff_t *ppos)
+ {
+- struct ctl_table ipc_table;
++ ctl_table_no_const ipc_table;
+
+ memcpy(&ipc_table, table, sizeof(ipc_table));
+ ipc_table.data = get_ipc(table);
+@@ -65,7 +65,7 @@ static int proc_ipc_dointvec_minmax_orphans(ctl_table *table, int write,
+ static int proc_ipc_callback_dointvec(ctl_table *table, int write,
+ void __user *buffer, size_t *lenp, loff_t *ppos)
+ {
+- struct ctl_table ipc_table;
++ ctl_table_no_const ipc_table;
+ size_t lenp_bef = *lenp;
+ int rc;
+
+@@ -88,7 +88,7 @@ static int proc_ipc_callback_dointvec(ctl_table *table, int write,
+ static int proc_ipc_doulongvec_minmax(ctl_table *table, int write,
+ void __user *buffer, size_t *lenp, loff_t *ppos)
+ {
+- struct ctl_table ipc_table;
++ ctl_table_no_const ipc_table;
+ memcpy(&ipc_table, table, sizeof(ipc_table));
+ ipc_table.data = get_ipc(table);
+
+@@ -122,7 +122,7 @@ static void ipc_auto_callback(int val)
+ static int proc_ipcauto_dointvec_minmax(ctl_table *table, int write,
+ void __user *buffer, size_t *lenp, loff_t *ppos)
+ {
+- struct ctl_table ipc_table;
++ ctl_table_no_const ipc_table;
+ size_t lenp_bef = *lenp;
+ int oldval;
+ int rc;
+diff --git a/ipc/mq_sysctl.c b/ipc/mq_sysctl.c
+index 383d638..943fdbb 100644
+--- a/ipc/mq_sysctl.c
++++ b/ipc/mq_sysctl.c
+@@ -25,7 +25,7 @@ static void *get_mq(ctl_table *table)
+ static int proc_mq_dointvec_minmax(ctl_table *table, int write,
+ void __user *buffer, size_t *lenp, loff_t *ppos)
+ {
+- struct ctl_table mq_table;
++ ctl_table_no_const mq_table;
+ memcpy(&mq_table, table, sizeof(mq_table));
+ mq_table.data = get_mq(table);
+
diff --git a/ipc/mqueue.c b/ipc/mqueue.c
index 71a3ca1..cc330ee 100644
--- a/ipc/mqueue.c
if (u->mq_bytes + mq_bytes < u->mq_bytes ||
u->mq_bytes + mq_bytes > rlimit(RLIMIT_MSGQUEUE)) {
diff --git a/ipc/msg.c b/ipc/msg.c
-index a71af5a..a90a110 100644
+index 31cd1bf..362ea07 100644
--- a/ipc/msg.c
+++ b/ipc/msg.c
@@ -309,18 +309,19 @@ static inline int msg_security(struct kern_ipc_perm *ipcp, int msgflg)
sem_params.flg = semflg;
sem_params.u.nsems = nsems;
diff --git a/ipc/shm.c b/ipc/shm.c
-index dff40c9..9450e27 100644
+index 4fa6d8f..55cff14 100644
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -69,6 +69,14 @@ static void shm_destroy (struct ipc_namespace *ns, struct shmid_kernel *shp);
+#ifdef CONFIG_GRKERNSEC
+extern int gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
-+ const time_t shm_createtime, const uid_t cuid,
++ const time_t shm_createtime, const kuid_t cuid,
+ const int shmid);
+extern int gr_chroot_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
+ const time_t shm_createtime);
void shm_init_ns(struct ipc_namespace *ns)
{
ns->shm_ctlmax = SHMMAX;
-@@ -520,6 +528,14 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params)
+@@ -521,6 +529,14 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params)
shp->shm_lprid = 0;
shp->shm_atim = shp->shm_dtim = 0;
shp->shm_ctim = get_seconds();
shp->shm_segsz = size;
shp->shm_nattch = 0;
shp->shm_file = file;
-@@ -571,18 +587,19 @@ static inline int shm_more_checks(struct kern_ipc_perm *ipcp,
+@@ -572,18 +588,19 @@ static inline int shm_more_checks(struct kern_ipc_perm *ipcp,
return 0;
}
shm_params.key = key;
shm_params.flg = shmflg;
shm_params.u.size = size;
-@@ -1003,6 +1020,12 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr,
+@@ -1004,6 +1021,12 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr,
f_mode = FMODE_READ | FMODE_WRITE;
}
if (shmflg & SHM_EXEC) {
prot |= PROT_EXEC;
acc_mode |= S_IXUGO;
}
-@@ -1026,9 +1049,21 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr,
+@@ -1027,9 +1050,21 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr,
if (err)
goto out_unlock;
current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim;
set_fs(fs);
diff --git a/kernel/audit.c b/kernel/audit.c
-index 40414e9..c920b72 100644
+index d596e53..dbef3c3 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -116,7 +116,7 @@ u32 audit_sig_sid = 0;
audit_rate_limit,
audit_backlog_limit);
audit_panic(message);
-@@ -677,7 +677,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
+@@ -681,7 +681,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
status_set.pid = audit_pid;
status_set.rate_limit = audit_rate_limit;
status_set.backlog_limit = audit_backlog_limit;
audit_send_reply(NETLINK_CB(skb).portid, seq, AUDIT_GET, 0, 0,
&status_set, sizeof(status_set));
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
-index 157e989..b28b365 100644
+index a371f85..da826c1 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
-@@ -2352,7 +2352,7 @@ int auditsc_get_stamp(struct audit_context *ctx,
+@@ -2292,7 +2292,7 @@ int auditsc_get_stamp(struct audit_context *ctx,
}
/* global counter which is incremented every time something logs in */
/**
* audit_set_loginuid - set current task's audit_context loginuid
-@@ -2376,7 +2376,7 @@ int audit_set_loginuid(kuid_t loginuid)
+@@ -2316,7 +2316,7 @@ int audit_set_loginuid(kuid_t loginuid)
return -EPERM;
#endif /* CONFIG_AUDIT_LOGINUID_IMMUTABLE */
struct audit_buffer *ab;
diff --git a/kernel/capability.c b/kernel/capability.c
-index 493d972..ea17248 100644
+index 493d972..f87dfbd 100644
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@ -202,6 +202,9 @@ SYSCALL_DEFINE2(capget, cap_user_header_t, header, cap_user_data_t, dataptr)
+bool ns_capable_nolog(struct user_namespace *ns, int cap)
+{
+ if (unlikely(!cap_valid(cap))) {
-+ printk(KERN_CRIT "capable() called with invalid cap=%u\n", cap);
++ printk(KERN_CRIT "capable_nolog() called with invalid cap=%u\n", cap);
+ BUG();
+ }
+
-+ if (security_capable(current_cred(), ns, cap) == 0 && gr_is_capable_nolog(cap)) {
++ if (security_capable_noaudit(current_cred(), ns, cap) == 0 && gr_is_capable_nolog(cap)) {
+ current->flags |= PF_SUPERPRIV;
+ return true;
+ }
+ return ns_capable_nolog(ns, cap) && kuid_has_mapping(ns, inode->i_uid);
+}
diff --git a/kernel/cgroup.c b/kernel/cgroup.c
-index ad99830..992d8a7 100644
+index 1e23664..570a83d 100644
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
-@@ -5514,7 +5514,7 @@ static int cgroup_css_links_read(struct cgroup *cont,
+@@ -5543,7 +5543,7 @@ static int cgroup_css_links_read(struct cgroup *cont,
struct css_set *cg = link->cg;
struct task_struct *task;
int count = 0;
if (count++ > MAX_TASKS_SHOWN_PER_CSS) {
seq_puts(seq, " ...\n");
diff --git a/kernel/compat.c b/kernel/compat.c
-index c28a306..b4d0cf3 100644
+index 36700e9..73d770c 100644
--- a/kernel/compat.c
+++ b/kernel/compat.c
@@ -13,6 +13,7 @@
set_fs(old_fs);
if (ret)
-@@ -550,8 +551,8 @@ compat_sys_wait4(compat_pid_t pid, compat_uint_t __user *stat_addr, int options,
+@@ -552,8 +553,8 @@ COMPAT_SYSCALL_DEFINE4(wait4,
set_fs (KERNEL_DS);
ret = sys_wait4(pid,
(stat_addr ?
set_fs (old_fs);
if (ret > 0) {
-@@ -576,8 +577,8 @@ asmlinkage long compat_sys_waitid(int which, compat_pid_t pid,
+@@ -579,8 +580,8 @@ COMPAT_SYSCALL_DEFINE5(waitid,
memset(&info, 0, sizeof(info));
set_fs(KERNEL_DS);
set_fs(old_fs);
if ((ret < 0) || (info.si_signo == 0))
-@@ -707,8 +708,8 @@ long compat_sys_timer_settime(timer_t timer_id, int flags,
+@@ -714,8 +715,8 @@ long compat_sys_timer_settime(timer_t timer_id, int flags,
oldfs = get_fs();
set_fs(KERNEL_DS);
err = sys_timer_settime(timer_id, flags,
set_fs(oldfs);
if (!err && old && put_compat_itimerspec(old, &oldts))
return -EFAULT;
-@@ -725,7 +726,7 @@ long compat_sys_timer_gettime(timer_t timer_id,
+@@ -732,7 +733,7 @@ long compat_sys_timer_gettime(timer_t timer_id,
oldfs = get_fs();
set_fs(KERNEL_DS);
err = sys_timer_gettime(timer_id,
set_fs(oldfs);
if (!err && put_compat_itimerspec(setting, &ts))
return -EFAULT;
-@@ -744,7 +745,7 @@ long compat_sys_clock_settime(clockid_t which_clock,
+@@ -751,7 +752,7 @@ long compat_sys_clock_settime(clockid_t which_clock,
oldfs = get_fs();
set_fs(KERNEL_DS);
err = sys_clock_settime(which_clock,
set_fs(oldfs);
return err;
}
-@@ -759,7 +760,7 @@ long compat_sys_clock_gettime(clockid_t which_clock,
+@@ -766,7 +767,7 @@ long compat_sys_clock_gettime(clockid_t which_clock,
oldfs = get_fs();
set_fs(KERNEL_DS);
err = sys_clock_gettime(which_clock,
set_fs(oldfs);
if (!err && put_compat_timespec(&ts, tp))
return -EFAULT;
-@@ -779,7 +780,7 @@ long compat_sys_clock_adjtime(clockid_t which_clock,
+@@ -786,7 +787,7 @@ long compat_sys_clock_adjtime(clockid_t which_clock,
oldfs = get_fs();
set_fs(KERNEL_DS);
set_fs(oldfs);
err = compat_put_timex(utp, &txc);
-@@ -799,7 +800,7 @@ long compat_sys_clock_getres(clockid_t which_clock,
+@@ -806,7 +807,7 @@ long compat_sys_clock_getres(clockid_t which_clock,
oldfs = get_fs();
set_fs(KERNEL_DS);
err = sys_clock_getres(which_clock,
set_fs(oldfs);
if (!err && tp && put_compat_timespec(&ts, tp))
return -EFAULT;
-@@ -811,9 +812,9 @@ static long compat_clock_nanosleep_restart(struct restart_block *restart)
+@@ -818,9 +819,9 @@ static long compat_clock_nanosleep_restart(struct restart_block *restart)
long err;
mm_segment_t oldfs;
struct timespec tu;
oldfs = get_fs();
set_fs(KERNEL_DS);
err = clock_nanosleep_restart(restart);
-@@ -845,8 +846,8 @@ long compat_sys_clock_nanosleep(clockid_t which_clock, int flags,
+@@ -852,8 +853,8 @@ long compat_sys_clock_nanosleep(clockid_t which_clock, int flags,
oldfs = get_fs();
set_fs(KERNEL_DS);
err = sys_clock_nanosleep(which_clock, flags,
return -ENOMEM;
diff --git a/kernel/cred.c b/kernel/cred.c
-index 48cea3d..3476734 100644
+index e0573a4..3874e41 100644
--- a/kernel/cred.c
+++ b/kernel/cred.c
-@@ -207,6 +207,16 @@ void exit_creds(struct task_struct *tsk)
+@@ -164,6 +164,16 @@ void exit_creds(struct task_struct *tsk)
validate_creds(cred);
alter_cred_subscribers(cred, -1);
put_cred(cred);
}
/**
-@@ -469,7 +479,7 @@ error_put:
+@@ -411,7 +421,7 @@ static bool cred_cap_issubset(const struct cred *set, const struct cred *subset)
* Always returns 0 thus allowing this function to be tail-called at the end
* of, say, sys_setgid().
*/
{
struct task_struct *task = current;
const struct cred *old = task->real_cred;
-@@ -488,6 +498,8 @@ int commit_creds(struct cred *new)
+@@ -430,6 +440,8 @@ int commit_creds(struct cred *new)
get_cred(new); /* we will require a ref for the subj creds too */
/* dumpability changes */
if (!uid_eq(old->euid, new->euid) ||
!gid_eq(old->egid, new->egid) ||
-@@ -537,6 +549,101 @@ int commit_creds(struct cred *new)
+@@ -479,6 +491,102 @@ int commit_creds(struct cred *new)
put_cred(old);
return 0;
}
+
+ current->delayed_cred = NULL;
+
-+ if (current_uid() && new != NULL) {
++ if (!uid_eq(current_uid(), GLOBAL_ROOT_UID) && new != NULL) {
+ // from doing get_cred on it when queueing this
+ put_cred(new);
+ return;
+ init_cred
+ */
+ if (grsec_enable_setxid && !current_is_single_threaded() &&
-+ !current_uid() && new->uid) {
++ uid_eq(current_uid(), GLOBAL_ROOT_UID) &&
++ !uid_eq(new->uid, GLOBAL_ROOT_UID)) {
+ schedule_it = 1;
+ }
+ ret = __commit_creds(new);
#ifdef CONFIG_MODULE_UNLOAD
{
diff --git a/kernel/events/core.c b/kernel/events/core.c
-index dbccf83..8c66482 100644
+index 7b6646a..3cb1135 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -182,7 +182,7 @@ int perf_proc_update_handler(struct ctl_table *table, int write,
static void cpu_ctx_sched_out(struct perf_cpu_context *cpuctx,
enum event_type_t event_type);
-@@ -2668,7 +2668,7 @@ static void __perf_event_read(void *info)
+@@ -2677,7 +2677,7 @@ static void __perf_event_read(void *info)
static inline u64 perf_event_count(struct perf_event *event)
{
}
static u64 perf_event_read(struct perf_event *event)
-@@ -2998,9 +2998,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running)
+@@ -3007,9 +3007,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running)
mutex_lock(&event->child_mutex);
total += perf_event_read(event);
*enabled += event->total_time_enabled +
list_for_each_entry(child, &event->child_list, child_list) {
total += perf_event_read(child);
-@@ -3403,10 +3403,10 @@ void perf_event_update_userpage(struct perf_event *event)
+@@ -3412,10 +3412,10 @@ void perf_event_update_userpage(struct perf_event *event)
userpg->offset -= local64_read(&event->hw.prev_count);
userpg->time_enabled = enabled +
arch_perf_update_userpage(userpg, now);
-@@ -3965,11 +3965,11 @@ static void perf_output_read_one(struct perf_output_handle *handle,
+@@ -3974,11 +3974,11 @@ static void perf_output_read_one(struct perf_output_handle *handle,
values[n++] = perf_event_count(event);
if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) {
values[n++] = enabled +
}
if (read_format & PERF_FORMAT_ID)
values[n++] = primary_event_id(event);
-@@ -4712,12 +4712,12 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event)
+@@ -4721,12 +4721,12 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event)
* need to add enough zero bytes after the string to handle
* the 64bit alignment we do later.
*/
if (IS_ERR(name)) {
name = strncpy(tmp, "//toolong", sizeof(tmp));
goto got_name;
-@@ -6156,7 +6156,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu,
+@@ -6165,7 +6165,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu,
event->parent = parent_event;
- event->ns = get_pid_ns(current->nsproxy->pid_ns);
+ event->ns = get_pid_ns(task_active_pid_ns(current));
- event->id = atomic64_inc_return(&perf_event_id);
+ event->id = atomic64_inc_return_unchecked(&perf_event_id);
event->state = PERF_EVENT_STATE_INACTIVE;
-@@ -6774,10 +6774,10 @@ static void sync_child_event(struct perf_event *child_event,
+@@ -6790,10 +6790,10 @@ static void sync_child_event(struct perf_event *child_event,
/*
* Add back the child's count to the parent's count:
*/
/*
diff --git a/kernel/exit.c b/kernel/exit.c
-index 346616c..f103b28 100644
+index b4df219..f13c02d 100644
--- a/kernel/exit.c
+++ b/kernel/exit.c
-@@ -182,6 +182,10 @@ void release_task(struct task_struct * p)
+@@ -170,6 +170,10 @@ void release_task(struct task_struct * p)
struct task_struct *leader;
int zap_leader;
repeat:
/* don't need to get the RCU readlock here - the process is dead and
* can't be modifying its own credentials. But shut RCU-lockdep up */
rcu_read_lock();
-@@ -394,7 +398,7 @@ int allow_signal(int sig)
+@@ -338,7 +342,7 @@ int allow_signal(int sig)
* know it'll be handled, so that they don't get converted to
* SIGKILL or just silently dropped.
*/
recalc_sigpending();
spin_unlock_irq(¤t->sighand->siglock);
return 0;
-@@ -430,6 +434,9 @@ void daemonize(const char *name, ...)
- vsnprintf(current->comm, sizeof(current->comm), name, args);
- va_end(args);
-
-+ gr_put_exec_file(current);
-+ gr_set_kernel_label(current);
-+
- /*
- * If we were started as result of loading a module, close all of the
- * user space pages. We don't need them, and if we didn't close them
-@@ -812,6 +819,8 @@ void do_exit(long code)
+@@ -708,6 +712,8 @@ void do_exit(long code)
struct task_struct *tsk = current;
int group_dead;
profile_task_exit(tsk);
WARN_ON(blk_needs_flush_plug(tsk));
-@@ -828,7 +837,6 @@ void do_exit(long code)
+@@ -724,7 +730,6 @@ void do_exit(long code)
* mm_release()->clear_child_tid() from writing to a user-controlled
* kernel address.
*/
ptrace_event(PTRACE_EVENT_EXIT, code);
-@@ -887,6 +895,9 @@ void do_exit(long code)
+@@ -783,6 +788,9 @@ void do_exit(long code)
tsk->exit_code = code;
taskstats_exit(tsk, group_dead);
exit_mm(tsk);
if (group_dead)
-@@ -1007,7 +1018,7 @@ SYSCALL_DEFINE1(exit, int, error_code)
+@@ -903,7 +911,7 @@ SYSCALL_DEFINE1(exit, int, error_code)
* Take down every thread in the group. This is called by fatal signals
* as well as by sys_exit_group (below).
*/
{
struct signal_struct *sig = current->signal;
diff --git a/kernel/fork.c b/kernel/fork.c
-index acc4cb6..b524cb5 100644
+index 5630e52..0cee608 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -318,7 +318,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig)
- unsigned long charge;
- struct mempolicy *pol;
+ uprobe_start_dup_mmap();
down_write(&oldmm->mmap_sem);
- flush_cache_dup_mm(oldmm);
-@@ -363,8 +431,8 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
+@@ -364,8 +432,8 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
mm->locked_vm = 0;
mm->mmap = NULL;
mm->mmap_cache = NULL;
mm->map_count = 0;
cpumask_clear(mm_cpumask(mm));
mm->mm_rb = RB_ROOT;
-@@ -380,57 +448,15 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
+@@ -381,57 +449,15 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
prev = NULL;
for (mpnt = oldmm->mmap; mpnt; mpnt = mpnt->vm_next) {
}
/*
-@@ -462,6 +488,31 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
+@@ -463,6 +489,31 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
if (retval)
goto out;
}
/* a new mm has just been created */
arch_dup_mmap(oldmm, mm);
retval = 0;
-@@ -470,14 +521,6 @@ out:
- flush_tlb_mm(oldmm);
+@@ -472,14 +523,6 @@ out:
up_write(&oldmm->mmap_sem);
+ uprobe_end_dup_mmap();
return retval;
-fail_nomem_anon_vma_fork:
- mpol_put(pol);
}
static inline int mm_alloc_pgd(struct mm_struct *mm)
-@@ -692,8 +735,8 @@ struct mm_struct *mm_access(struct task_struct *task, unsigned int mode)
+@@ -694,8 +737,8 @@ struct mm_struct *mm_access(struct task_struct *task, unsigned int mode)
return ERR_PTR(err);
mm = get_task_mm(task);
mmput(mm);
mm = ERR_PTR(-EACCES);
}
-@@ -912,13 +955,20 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk)
+@@ -917,13 +960,20 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk)
spin_unlock(&fs->lock);
return -EAGAIN;
}
return 0;
}
-@@ -1183,6 +1233,9 @@ static struct task_struct *copy_process(unsigned long clone_flags,
+@@ -1196,6 +1246,9 @@ static struct task_struct *copy_process(unsigned long clone_flags,
DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled);
#endif
retval = -EAGAIN;
if (atomic_read(&p->real_cred->user->processes) >=
task_rlimit(p, RLIMIT_NPROC)) {
if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) &&
-@@ -1422,6 +1475,11 @@ static struct task_struct *copy_process(unsigned long clone_flags,
+@@ -1435,6 +1488,11 @@ static struct task_struct *copy_process(unsigned long clone_flags,
goto bad_fork_free_pid;
}
if (clone_flags & CLONE_THREAD) {
current->signal->nr_threads++;
atomic_inc(¤t->signal->live);
-@@ -1505,6 +1563,8 @@ bad_fork_cleanup_count:
+@@ -1518,6 +1576,8 @@ bad_fork_cleanup_count:
bad_fork_free:
free_task(p);
fork_out:
return ERR_PTR(retval);
}
-@@ -1605,6 +1665,8 @@ long do_fork(unsigned long clone_flags,
+@@ -1568,6 +1628,23 @@ long do_fork(unsigned long clone_flags,
+ return -EINVAL;
+ }
+
++#ifdef CONFIG_GRKERNSEC
++ if (clone_flags & CLONE_NEWUSER) {
++ /*
++ * This doesn't really inspire confidence:
++ * http://marc.info/?l=linux-kernel&m=135543612731939&w=2
++ * http://marc.info/?l=linux-kernel&m=135545831607095&w=2
++ * Increases kernel attack surface in areas developers
++ * previously cared little about ("low importance due
++ * to requiring "root" capability")
++ * To be removed when this code receives *proper* review
++ */
++ if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SETUID) ||
++ !capable(CAP_SETGID))
++ return -EPERM;
++ }
++#endif
++
+ /*
+ * Determine whether and which event to report to ptracer. When
+ * called from kernel_thread or CLONE_UNTRACED is explicitly
+@@ -1602,6 +1679,8 @@ long do_fork(unsigned long clone_flags,
if (clone_flags & CLONE_PARENT_SETTID)
put_user(nr, parent_tidptr);
if (clone_flags & CLONE_VFORK) {
p->vfork_done = &vfork;
init_completion(&vfork);
-@@ -1714,7 +1776,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp)
+@@ -1755,7 +1834,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp)
return 0;
/* don't need lock here; in the worst case we'll do useless copy */
return 0;
*new_fsp = copy_fs_struct(fs);
-@@ -1803,7 +1865,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
+@@ -1869,7 +1948,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
fs = current->fs;
spin_lock(&fs->lock);
current->fs = new_fs;
else
new_fs = fs;
diff --git a/kernel/futex.c b/kernel/futex.c
-index 19eb089..b8c65ea 100644
+index 8879430..31696f1 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -54,6 +54,7 @@
/*
* The futex address must be "naturally" aligned.
*/
-@@ -2733,6 +2739,7 @@ static int __init futex_init(void)
+@@ -2731,6 +2737,7 @@ static int __init futex_init(void)
{
u32 curval;
int i;
/*
* This will fail and we want it. Some arch implementations do
-@@ -2744,8 +2751,11 @@ static int __init futex_init(void)
+@@ -2742,8 +2749,11 @@ static int __init futex_init(void)
* implementation, the non-functional ones will return
* -ENOSYS.
*/
prev->next = info->next;
else
diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c
-index 6db7a5e..25b6648 100644
+index cdd5607..c3fc919 100644
--- a/kernel/hrtimer.c
+++ b/kernel/hrtimer.c
@@ -1407,7 +1407,7 @@ void hrtimer_peek_ahead_timers(void)
{
struct hrtimer_cpu_base *cpu_base = &__get_cpu_var(hrtimer_bases);
+@@ -1751,7 +1751,7 @@ static int __cpuinit hrtimer_cpu_notify(struct notifier_block *self,
+ return NOTIFY_OK;
+ }
+
+-static struct notifier_block __cpuinitdata hrtimers_nb = {
++static struct notifier_block hrtimers_nb = {
+ .notifier_call = hrtimer_cpu_notify,
+ };
+
diff --git a/kernel/jump_label.c b/kernel/jump_label.c
index 60f48fa..7f3a770 100644
--- a/kernel/jump_label.c
static int
diff --git a/kernel/kallsyms.c b/kernel/kallsyms.c
-index 2169fee..45c017a 100644
+index 2169fee..706ccca 100644
--- a/kernel/kallsyms.c
+++ b/kernel/kallsyms.c
@@ -11,6 +11,9 @@
struct kallsym_iter *iter = m->private;
+#ifdef CONFIG_GRKERNSEC_HIDESYM
-+ if (current_uid())
++ if (!uid_eq(current_uid(), GLOBAL_ROOT_UID))
+ return 0;
+#endif
+
return -ENOMEM;
reset_iter(iter, 0);
diff --git a/kernel/kcmp.c b/kernel/kcmp.c
-index 30b7b22..c726387 100644
+index e30ac0f..3528cac 100644
--- a/kernel/kcmp.c
+++ b/kernel/kcmp.c
-@@ -98,6 +98,10 @@ SYSCALL_DEFINE5(kcmp, pid_t, pid1, pid_t, pid2, int, type,
+@@ -99,6 +99,10 @@ SYSCALL_DEFINE5(kcmp, pid_t, pid1, pid_t, pid2, int, type,
struct task_struct *task1, *task2;
int ret;
/* Don't allow clients that don't understand the native
diff --git a/kernel/kmod.c b/kernel/kmod.c
-index 1c317e3..4a92a55 100644
+index 0023a87..9c0c068 100644
--- a/kernel/kmod.c
+++ b/kernel/kmod.c
@@ -74,7 +74,7 @@ static void free_modprobe_argv(struct subprocess_info *info)
return ret;
+#ifdef CONFIG_GRKERNSEC_MODHARDEN
-+ if (!current_uid()) {
++ if (uid_eq(current_uid(), GLOBAL_ROOT_UID)) {
+ /* hack to workaround consolekit/udisks stupidity */
+ read_lock(&tasklist_lock);
+ if (!strcmp(current->comm, "mount") &&
+ int ret;
+
+#ifdef CONFIG_GRKERNSEC_MODHARDEN
-+ if (current_uid()) {
++ if (!uid_eq(current_uid(), GLOBAL_ROOT_UID)) {
+ char module_param[MODULE_NAME_LEN];
+
+ memset(module_param, 0, sizeof(module_param));
+
-+ snprintf(module_param, sizeof(module_param) - 1, "grsec_modharden_normal%u_", current_uid());
++ snprintf(module_param, sizeof(module_param) - 1, "grsec_modharden_normal%u_", GR_GLOBAL_UID(current_uid()));
+
+ va_start(args, fmt);
+ ret = ____request_module(wait, module_param, fmt, args);
/*
* If ret is 0, either ____call_usermodehelper failed and the
+@@ -635,7 +688,7 @@ EXPORT_SYMBOL(call_usermodehelper_fns);
+ static int proc_cap_handler(struct ctl_table *table, int write,
+ void __user *buffer, size_t *lenp, loff_t *ppos)
+ {
+- struct ctl_table t;
++ ctl_table_no_const t;
+ unsigned long cap_array[_KERNEL_CAPABILITY_U32S];
+ kernel_cap_t new_cap;
+ int err, i;
diff --git a/kernel/kprobes.c b/kernel/kprobes.c
index 098f396..fe85ff1 100644
--- a/kernel/kprobes.c
head = &kprobe_table[i];
preempt_disable();
diff --git a/kernel/ksysfs.c b/kernel/ksysfs.c
-index 4e316e1..5501eef 100644
+index 6ada93c..dce7d5d 100644
--- a/kernel/ksysfs.c
+++ b/kernel/ksysfs.c
-@@ -47,6 +47,8 @@ static ssize_t uevent_helper_store(struct kobject *kobj,
+@@ -46,6 +46,8 @@ static ssize_t uevent_helper_store(struct kobject *kobj,
{
if (count+1 > UEVENT_HELPER_PATH_LEN)
return -ENOENT;
memcpy(uevent_helper, buf, count);
uevent_helper[count] = '\0';
if (count && uevent_helper[count-1] == '\n')
+@@ -172,7 +174,7 @@ static ssize_t notes_read(struct file *filp, struct kobject *kobj,
+ return count;
+ }
+
+-static struct bin_attribute notes_attr = {
++static bin_attribute_no_const notes_attr __read_only = {
+ .attr = {
+ .name = "notes",
+ .mode = S_IRUGO,
diff --git a/kernel/lockdep.c b/kernel/lockdep.c
index 7981e5b..7f2105c 100644
--- a/kernel/lockdep.c
printk("\nacquire class [%p] %s", class->key, class->name);
if (class->name_version > 1)
diff --git a/kernel/lockdep_proc.c b/kernel/lockdep_proc.c
-index 91c32a0..7b88d63 100644
+index b2c71c5..7b88d63 100644
--- a/kernel/lockdep_proc.c
+++ b/kernel/lockdep_proc.c
-@@ -39,7 +39,7 @@ static void l_stop(struct seq_file *m, void *v)
-
- static void print_name(struct seq_file *m, struct lock_class *class)
- {
-- char str[128];
-+ char str[KSYM_NAME_LEN];
- const char *name = class->name;
-
- if (!name) {
@@ -65,7 +65,7 @@ static int l_show(struct seq_file *m, void *v)
return 0;
}
seq_printf(m, "%40s %14lu %29s %pS\n",
name, stats->contending_point[i],
diff --git a/kernel/module.c b/kernel/module.c
-index 3e544f4..34c3008 100644
+index eab0827..f488603 100644
--- a/kernel/module.c
+++ b/kernel/module.c
-@@ -59,6 +59,7 @@
+@@ -61,6 +61,7 @@
#include <linux/pfn.h>
#include <linux/bsearch.h>
#include <linux/fips.h>
+#include <linux/grsecurity.h>
+ #include <uapi/linux/module.h>
#include "module-internal.h"
- #define CREATE_TRACE_POINTS
-@@ -153,7 +154,8 @@ static BLOCKING_NOTIFIER_HEAD(module_notify_list);
+@@ -156,7 +157,8 @@ static BLOCKING_NOTIFIER_HEAD(module_notify_list);
/* Bounds of module allocation, for speeding __module_address.
* Protected by module_mutex. */
int register_module_notifier(struct notifier_block * nb)
{
-@@ -319,7 +321,7 @@ bool each_symbol_section(bool (*fn)(const struct symsearch *arr,
+@@ -322,7 +324,7 @@ bool each_symbol_section(bool (*fn)(const struct symsearch *arr,
return true;
list_for_each_entry_rcu(mod, &modules, list) {
{ mod->syms, mod->syms + mod->num_syms, mod->crcs,
NOT_GPL_ONLY, false },
{ mod->gpl_syms, mod->gpl_syms + mod->num_gpl_syms,
-@@ -344,7 +346,7 @@ bool each_symbol_section(bool (*fn)(const struct symsearch *arr,
+@@ -347,7 +349,7 @@ bool each_symbol_section(bool (*fn)(const struct symsearch *arr,
if (mod->state == MODULE_STATE_UNFORMED)
continue;
static inline bool sect_empty(const Elf_Shdr *sect)
{
return !(sect->sh_flags & SHF_ALLOC) || sect->sh_size == 0;
+@@ -1451,7 +1453,7 @@ static void add_notes_attrs(struct module *mod, const struct load_info *info)
+ {
+ unsigned int notes, loaded, i;
+ struct module_notes_attrs *notes_attrs;
+- struct bin_attribute *nattr;
++ bin_attribute_no_const *nattr;
+
+ /* failed to create section attributes, so can't create notes */
+ if (!mod->sect_attrs)
+@@ -1563,7 +1565,7 @@ static void del_usage_links(struct module *mod)
+ static int module_add_modinfo_attrs(struct module *mod)
+ {
+ struct module_attribute *attr;
+- struct module_attribute *temp_attr;
++ module_attribute_no_const *temp_attr;
+ int error = 0;
+ int i;
+
@@ -1777,21 +1779,21 @@ static void set_section_ro_nx(void *base,
static void unset_module_core_ro_nx(struct module *mod)
info->index.sym) | INIT_OFFSET_MASK;
pr_debug("\t%s\n", info->secstrings + symsect->sh_name);
-@@ -2326,13 +2344,13 @@ static void layout_symtab(struct module *mod, struct load_info *info)
+@@ -2323,13 +2341,13 @@ static void layout_symtab(struct module *mod, struct load_info *info)
}
/* Append room for core symbols at end of core part. */
info->index.str) | INIT_OFFSET_MASK;
pr_debug("\t%s\n", info->secstrings + strsect->sh_name);
}
-@@ -2350,12 +2368,14 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
+@@ -2347,12 +2365,14 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
/* Make sure we get permanent strtab: don't use info->strtab. */
mod->strtab = (void *)info->sechdrs[info->index.str].sh_addr;
+ mod->core_symtab = dst = mod->module_core_rx + info->symoffs;
+ mod->core_strtab = s = mod->module_core_rx + info->stroffs;
src = mod->symtab;
- *s++ = 0;
for (ndst = i = 0; i < mod->num_symtab; i++) {
-@@ -2368,6 +2388,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
+ if (i == 0 ||
+@@ -2364,6 +2384,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
}
}
mod->core_num_syms = ndst;
}
#else
static inline void layout_symtab(struct module *mod, struct load_info *info)
-@@ -2401,17 +2423,33 @@ void * __weak module_alloc(unsigned long size)
- return size == 0 ? NULL : vmalloc_exec(size);
+@@ -2397,17 +2419,33 @@ void * __weak module_alloc(unsigned long size)
+ return vmalloc_exec(size);
}
-static void *module_alloc_update_bounds(unsigned long size)
mutex_unlock(&module_mutex);
}
return ret;
-@@ -2630,8 +2668,14 @@ static struct module *setup_load_info(struct load_info *info)
- static int check_modinfo(struct module *mod, struct load_info *info)
+@@ -2683,8 +2721,14 @@ static struct module *setup_load_info(struct load_info *info, int flags)
+ static int check_modinfo(struct module *mod, struct load_info *info, int flags)
{
const char *modmagic = get_modinfo(info, "vermagic");
+ const char *license = get_modinfo(info, "license");
+ return -ENOEXEC;
+#endif
+
- /* This is allowed: modprobe --force will invalidate it. */
- if (!modmagic) {
- err = try_to_force_load(mod, "bad vermagic");
-@@ -2654,7 +2698,7 @@ static int check_modinfo(struct module *mod, struct load_info *info)
+ if (flags & MODULE_INIT_IGNORE_VERMAGIC)
+ modmagic = NULL;
+
+@@ -2710,7 +2754,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags)
}
/* Set up license info based on the info section */
return 0;
}
-@@ -2748,7 +2792,7 @@ static int move_module(struct module *mod, struct load_info *info)
+@@ -2804,7 +2848,7 @@ static int move_module(struct module *mod, struct load_info *info)
void *ptr;
/* Do the allocs. */
/*
* The pointer to this block is stored in the module structure
* which is inside the block. Just mark it as not being a
-@@ -2758,10 +2802,10 @@ static int move_module(struct module *mod, struct load_info *info)
+@@ -2814,11 +2858,11 @@ static int move_module(struct module *mod, struct load_info *info)
if (!ptr)
return -ENOMEM;
+ memset(ptr, 0, mod->core_size_rw);
+ mod->module_core_rw = ptr;
-- ptr = module_alloc_update_bounds(mod->init_size);
-+ ptr = module_alloc_update_bounds_rw(mod->init_size_rw);
- /*
- * The pointer to this block is stored in the module structure
- * which is inside the block. This block doesn't need to be
-@@ -2769,12 +2813,39 @@ static int move_module(struct module *mod, struct load_info *info)
- * after the module is initialized.
- */
- kmemleak_ignore(ptr);
-- if (!ptr && mod->init_size) {
-- module_free(mod, mod->module_core);
-+ if (!ptr && mod->init_size_rw) {
-+ module_free(mod, mod->module_core_rw);
- return -ENOMEM;
- }
-- memset(ptr, 0, mod->init_size);
-- mod->module_init = ptr;
-+ memset(ptr, 0, mod->init_size_rw);
-+ mod->module_init_rw = ptr;
+- if (mod->init_size) {
+- ptr = module_alloc_update_bounds(mod->init_size);
++ if (mod->init_size_rw) {
++ ptr = module_alloc_update_bounds_rw(mod->init_size_rw);
+ /*
+ * The pointer to this block is stored in the module structure
+ * which is inside the block. This block doesn't need to be
+@@ -2827,13 +2871,45 @@ static int move_module(struct module *mod, struct load_info *info)
+ */
+ kmemleak_ignore(ptr);
+ if (!ptr) {
+- module_free(mod, mod->module_core);
++ module_free(mod, mod->module_core_rw);
+ return -ENOMEM;
+ }
+- memset(ptr, 0, mod->init_size);
+- mod->module_init = ptr;
++ memset(ptr, 0, mod->init_size_rw);
++ mod->module_init_rw = ptr;
+ } else
+- mod->module_init = NULL;
++ mod->module_init_rw = NULL;
+
+ ptr = module_alloc_update_bounds_rx(mod->core_size_rx);
+ kmemleak_not_leak(ptr);
+ if (!ptr) {
-+ module_free(mod, mod->module_init_rw);
++ if (mod->module_init_rw)
++ module_free(mod, mod->module_init_rw);
+ module_free(mod, mod->module_core_rw);
+ return -ENOMEM;
+ }
+ pax_close_kernel();
+ mod->module_core_rx = ptr;
+
-+ ptr = module_alloc_update_bounds_rx(mod->init_size_rx);
-+ kmemleak_ignore(ptr);
-+ if (!ptr && mod->init_size_rx) {
-+ module_free_exec(mod, mod->module_core_rx);
-+ module_free(mod, mod->module_init_rw);
-+ module_free(mod, mod->module_core_rw);
-+ return -ENOMEM;
-+ }
++ if (mod->init_size_rx) {
++ ptr = module_alloc_update_bounds_rx(mod->init_size_rx);
++ kmemleak_ignore(ptr);
++ if (!ptr && mod->init_size_rx) {
++ module_free_exec(mod, mod->module_core_rx);
++ if (mod->module_init_rw)
++ module_free(mod, mod->module_init_rw);
++ module_free(mod, mod->module_core_rw);
++ return -ENOMEM;
++ }
+
-+ pax_open_kernel();
-+ memset(ptr, 0, mod->init_size_rx);
-+ pax_close_kernel();
-+ mod->module_init_rx = ptr;
++ pax_open_kernel();
++ memset(ptr, 0, mod->init_size_rx);
++ pax_close_kernel();
++ mod->module_init_rx = ptr;
++ } else
++ mod->module_init_rx = NULL;
/* Transfer each section which specifies SHF_ALLOC */
pr_debug("final section addresses:\n");
-@@ -2785,16 +2856,45 @@ static int move_module(struct module *mod, struct load_info *info)
+@@ -2844,16 +2920,45 @@ static int move_module(struct module *mod, struct load_info *info)
if (!(shdr->sh_flags & SHF_ALLOC))
continue;
pr_debug("\t0x%lx %s\n",
(long)shdr->sh_addr, info->secstrings + shdr->sh_name);
}
-@@ -2849,12 +2949,12 @@ static void flush_module_icache(const struct module *mod)
+@@ -2908,12 +3013,12 @@ static void flush_module_icache(const struct module *mod)
* Do it before processing of module parameters, so the module
* can provide parameter accessor functions of its own.
*/
set_fs(old_fs);
}
-@@ -2924,8 +3024,10 @@ out:
+@@ -2983,8 +3088,10 @@ out:
static void module_deallocate(struct module *mod, struct load_info *info)
{
percpu_modfree(mod);
}
int __weak module_finalize(const Elf_Ehdr *hdr,
-@@ -2938,7 +3040,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr,
+@@ -2997,7 +3104,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr,
static int post_relocation(struct module *mod, const struct load_info *info)
{
/* Sort exception table now relocations are done. */
/* Copy relocated percpu area over. */
percpu_modcopy(mod, (void *)info->sechdrs[info->index.pcpu].sh_addr,
-@@ -3036,9 +3140,38 @@ again:
+@@ -3051,16 +3160,16 @@ static int do_init_module(struct module *mod)
+ MODULE_STATE_COMING, mod);
+
+ /* Set RO and NX regions for core */
+- set_section_ro_nx(mod->module_core,
+- mod->core_text_size,
+- mod->core_ro_size,
+- mod->core_size);
++ set_section_ro_nx(mod->module_core_rx,
++ mod->core_size_rx,
++ mod->core_size_rx,
++ mod->core_size_rx);
+
+ /* Set RO and NX regions for init */
+- set_section_ro_nx(mod->module_init,
+- mod->init_text_size,
+- mod->init_ro_size,
+- mod->init_size);
++ set_section_ro_nx(mod->module_init_rx,
++ mod->init_size_rx,
++ mod->init_size_rx,
++ mod->init_size_rx);
+
+ do_mod_ctors(mod);
+ /* Start the module */
+@@ -3122,11 +3231,12 @@ static int do_init_module(struct module *mod)
+ mod->strtab = mod->core_strtab;
+ #endif
+ unset_module_init_ro_nx(mod);
+- module_free(mod, mod->module_init);
+- mod->module_init = NULL;
+- mod->init_size = 0;
+- mod->init_ro_size = 0;
+- mod->init_text_size = 0;
++ module_free(mod, mod->module_init_rw);
++ module_free_exec(mod, mod->module_init_rx);
++ mod->module_init_rw = NULL;
++ mod->module_init_rx = NULL;
++ mod->init_size_rw = 0;
++ mod->init_size_rx = 0;
+ mutex_unlock(&module_mutex);
+ wake_up_all(&module_wq);
+
+@@ -3209,9 +3319,38 @@ again:
if (err)
goto free_unload;
+ }
+
/* Set up MODINFO_ATTR fields */
- setup_modinfo(mod, &info);
+ setup_modinfo(mod, info);
+#ifdef CONFIG_GRKERNSEC_MODHARDEN
+ {
+#endif
+
/* Fix up syms, so that st_value is a pointer to location. */
- err = simplify_symbols(mod, &info);
+ err = simplify_symbols(mod, info);
if (err < 0)
-@@ -3104,11 +3237,11 @@ again:
+@@ -3227,13 +3366,6 @@ again:
+
+ flush_module_icache(mod);
+
+- /* Now copy in args */
+- mod->args = strndup_user(uargs, ~0UL >> 1);
+- if (IS_ERR(mod->args)) {
+- err = PTR_ERR(mod->args);
+- goto free_arch_cleanup;
+- }
+-
+ dynamic_debug_setup(info->debug, info->num_debug);
+
+ mutex_lock(&module_mutex);
+@@ -3278,11 +3410,10 @@ again:
mutex_unlock(&module_mutex);
- dynamic_debug_remove(info.debug);
+ dynamic_debug_remove(info->debug);
synchronize_sched();
- kfree(mod->args);
- free_arch_cleanup:
+- free_arch_cleanup:
module_arch_cleanup(mod);
free_modinfo:
free_modinfo(mod);
free_unload:
module_unload_free(mod);
unlink_mod:
-@@ -3155,16 +3288,16 @@ SYSCALL_DEFINE3(init_module, void __user *, umod,
- MODULE_STATE_COMING, mod);
-
- /* Set RO and NX regions for core */
-- set_section_ro_nx(mod->module_core,
-- mod->core_text_size,
-- mod->core_ro_size,
-- mod->core_size);
-+ set_section_ro_nx(mod->module_core_rx,
-+ mod->core_size_rx,
-+ mod->core_size_rx,
-+ mod->core_size_rx);
-
- /* Set RO and NX regions for init */
-- set_section_ro_nx(mod->module_init,
-- mod->init_text_size,
-- mod->init_ro_size,
-- mod->init_size);
-+ set_section_ro_nx(mod->module_init_rx,
-+ mod->init_size_rx,
-+ mod->init_size_rx,
-+ mod->init_size_rx);
-
- do_mod_ctors(mod);
- /* Start the module */
-@@ -3209,11 +3342,12 @@ SYSCALL_DEFINE3(init_module, void __user *, umod,
- mod->strtab = mod->core_strtab;
- #endif
- unset_module_init_ro_nx(mod);
-- module_free(mod, mod->module_init);
-- mod->module_init = NULL;
-- mod->init_size = 0;
-- mod->init_ro_size = 0;
-- mod->init_text_size = 0;
-+ module_free(mod, mod->module_init_rw);
-+ module_free_exec(mod, mod->module_init_rx);
-+ mod->module_init_rw = NULL;
-+ mod->module_init_rx = NULL;
-+ mod->init_size_rw = 0;
-+ mod->init_size_rx = 0;
- mutex_unlock(&module_mutex);
- wake_up_all(&module_wq);
-
-@@ -3245,10 +3379,16 @@ static const char *get_ksymbol(struct module *mod,
+@@ -3365,10 +3496,16 @@ static const char *get_ksymbol(struct module *mod,
unsigned long nextval;
/* At worse, next value is at end of module */
/* Scan for closest preceding symbol, and next symbol. (ELF
starts real symbols at 1). */
-@@ -3501,7 +3641,7 @@ static int m_show(struct seq_file *m, void *p)
+@@ -3621,7 +3758,7 @@ static int m_show(struct seq_file *m, void *p)
return 0;
seq_printf(m, "%s %u",
print_unload_info(m, mod);
/* Informative for users. */
-@@ -3510,7 +3650,7 @@ static int m_show(struct seq_file *m, void *p)
+@@ -3630,7 +3767,7 @@ static int m_show(struct seq_file *m, void *p)
mod->state == MODULE_STATE_COMING ? "Loading":
"Live");
/* Used by oprofile and other similar tools. */
/* Taints info */
if (mod->taints)
-@@ -3546,7 +3686,17 @@ static const struct file_operations proc_modules_operations = {
+@@ -3666,7 +3803,17 @@ static const struct file_operations proc_modules_operations = {
static int __init proc_modules_init(void)
{
return 0;
}
module_init(proc_modules_init);
-@@ -3607,14 +3757,14 @@ struct module *__module_address(unsigned long addr)
+@@ -3727,14 +3874,14 @@ struct module *__module_address(unsigned long addr)
{
struct module *mod;
return mod;
}
return NULL;
-@@ -3649,11 +3799,20 @@ bool is_module_text_address(unsigned long addr)
+@@ -3769,11 +3916,20 @@ bool is_module_text_address(unsigned long addr)
*/
struct module *__module_text_address(unsigned long addr)
{
}
EXPORT_SYMBOL(__stack_chk_fail);
diff --git a/kernel/pid.c b/kernel/pid.c
-index aebd4f5..1693c13 100644
+index f2c6a68..4922d97 100644
--- a/kernel/pid.c
+++ b/kernel/pid.c
@@ -33,6 +33,7 @@
#include <linux/pid_namespace.h>
#include <linux/init_task.h>
#include <linux/syscalls.h>
-@@ -45,7 +46,7 @@ struct pid init_struct_pid = INIT_STRUCT_PID;
+@@ -46,7 +47,7 @@ struct pid init_struct_pid = INIT_STRUCT_PID;
int pid_max = PID_MAX_DEFAULT;
int pid_max_min = RESERVED_PIDS + 1;
int pid_max_max = PID_MAX_LIMIT;
-@@ -420,10 +421,18 @@ EXPORT_SYMBOL(pid_task);
+@@ -441,10 +442,18 @@ EXPORT_SYMBOL(pid_task);
*/
struct task_struct *find_task_by_pid_ns(pid_t nr, struct pid_namespace *ns)
{
}
struct task_struct *find_task_by_vpid(pid_t vnr)
-@@ -431,6 +440,14 @@ struct task_struct *find_task_by_vpid(pid_t vnr)
- return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns);
+@@ -452,6 +461,14 @@ struct task_struct *find_task_by_vpid(pid_t vnr)
+ return find_task_by_pid_ns(vnr, task_active_pid_ns(current));
}
+struct task_struct *find_task_by_vpid_unrestricted(pid_t vnr)
+ rcu_lockdep_assert(rcu_read_lock_held(),
+ "find_task_by_pid_ns() needs rcu_read_lock()"
+ " protection");
-+ return pid_task(find_pid_ns(vnr, current->nsproxy->pid_ns), PIDTYPE_PID);
++ return pid_task(find_pid_ns(vnr, task_active_pid_ns(current)), PIDTYPE_PID);
+}
+
struct pid *get_task_pid(struct task_struct *task, enum pid_type type)
{
struct pid *pid;
+diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c
+index c1c3dc1..bbeaf31 100644
+--- a/kernel/pid_namespace.c
++++ b/kernel/pid_namespace.c
+@@ -248,7 +248,7 @@ static int pid_ns_ctl_handler(struct ctl_table *table, int write,
+ void __user *buffer, size_t *lenp, loff_t *ppos)
+ {
+ struct pid_namespace *pid_ns = task_active_pid_ns(current);
+- struct ctl_table tmp = *table;
++ ctl_table_no_const tmp = *table;
+
+ if (write && !ns_capable(pid_ns->user_ns, CAP_SYS_ADMIN))
+ return -EPERM;
diff --git a/kernel/posix-cpu-timers.c b/kernel/posix-cpu-timers.c
-index 125cb67..2e5c8ad 100644
+index 942ca27..111e609 100644
--- a/kernel/posix-cpu-timers.c
+++ b/kernel/posix-cpu-timers.c
-@@ -6,9 +6,11 @@
- #include <linux/posix-timers.h>
- #include <linux/errno.h>
- #include <linux/math64.h>
-+#include <linux/security.h>
- #include <asm/uaccess.h>
- #include <linux/kernel_stat.h>
- #include <trace/events/timer.h>
-+#include <linux/random.h>
-
- /*
- * Called after updating RLIMIT_CPU to run cpu timer and update
-@@ -494,6 +496,8 @@ static void cleanup_timers(struct list_head *head,
- */
- void posix_cpu_timers_exit(struct task_struct *tsk)
- {
-+ add_device_randomness((const void*) &tsk->se.sum_exec_runtime,
-+ sizeof(unsigned long long));
- cleanup_timers(tsk->cpu_timers,
- tsk->utime, tsk->stime, tsk->se.sum_exec_runtime);
-
-@@ -1578,14 +1582,14 @@ struct k_clock clock_posix_cpu = {
+@@ -1576,14 +1576,14 @@ struct k_clock clock_posix_cpu = {
static __init int init_posix_cpu_timers(void)
{
.clock_get = thread_cpu_clock_get,
.timer_create = thread_cpu_timer_create,
diff --git a/kernel/posix-timers.c b/kernel/posix-timers.c
-index 69185ae..cc2847a 100644
+index e885be1..380fe76 100644
--- a/kernel/posix-timers.c
+++ b/kernel/posix-timers.c
@@ -43,6 +43,7 @@
}
static int common_timer_create(struct k_itimer *new_timer)
-@@ -959,6 +960,13 @@ SYSCALL_DEFINE2(clock_settime, const clockid_t, which_clock,
+@@ -966,6 +967,13 @@ SYSCALL_DEFINE2(clock_settime, const clockid_t, which_clock,
if (copy_from_user(&new_tp, tp, sizeof (*tp)))
return -EFAULT;
}
diff --git a/kernel/power/process.c b/kernel/power/process.c
-index 87da817..30ddd13 100644
+index d5a258b..4271191 100644
--- a/kernel/power/process.c
+++ b/kernel/power/process.c
@@ -33,6 +33,7 @@ static int try_to_freeze_tasks(bool user_only)
do_gettimeofday(&start);
-@@ -43,6 +44,8 @@ static int try_to_freeze_tasks(bool user_only)
+@@ -43,13 +44,20 @@ static int try_to_freeze_tasks(bool user_only)
while (true) {
todo = 0;
read_lock(&tasklist_lock);
do_each_thread(g, p) {
if (p == current || !freeze_task(p))
-@@ -58,9 +61,13 @@ static int try_to_freeze_tasks(bool user_only)
- * guaranteed that TASK_STOPPED/TRACED -> TASK_RUNNING
- * transition can't race with task state testing here.
- */
-- if (!task_is_stopped_or_traced(p) &&
-- !freezer_should_skip(p))
-+ if (!task_is_stopped_or_traced(p) && !freezer_should_skip(p)) {
+ continue;
+
+- if (!freezer_should_skip(p))
++ if (!freezer_should_skip(p)) {
todo++;
+ if (timedout) {
+ printk(KERN_ERR "Task refusing to freeze:\n");
} while_each_thread(g, p);
read_unlock(&tasklist_lock);
-@@ -69,7 +76,7 @@ static int try_to_freeze_tasks(bool user_only)
+@@ -58,7 +66,7 @@ static int try_to_freeze_tasks(bool user_only)
todo += wq_busy;
}
if (pm_wakeup_pending()) {
diff --git a/kernel/printk.c b/kernel/printk.c
-index f8e0b5a..dda2a5c 100644
+index 267ce78..2487112 100644
--- a/kernel/printk.c
+++ b/kernel/printk.c
-@@ -817,6 +817,11 @@ static int check_syslog_permissions(int type, bool from_file)
+@@ -609,11 +609,17 @@ static unsigned int devkmsg_poll(struct file *file, poll_table *wait)
+ return ret;
+ }
+
++static int check_syslog_permissions(int type, bool from_file);
++
+ static int devkmsg_open(struct inode *inode, struct file *file)
+ {
+ struct devkmsg_user *user;
+ int err;
+
++ err = check_syslog_permissions(SYSLOG_ACTION_OPEN, SYSLOG_FROM_FILE);
++ if (err)
++ return err;
++
+ /* write-only does not need any file context */
+ if ((file->f_flags & O_ACCMODE) == O_WRONLY)
+ return 0;
+@@ -822,7 +828,7 @@ static int syslog_action_restricted(int type)
+ if (dmesg_restrict)
+ return 1;
+ /* Unless restricted, we allow "read all" and "get buffer size" for everybody */
+- return type != SYSLOG_ACTION_READ_ALL && type != SYSLOG_ACTION_SIZE_BUFFER;
++ return type != SYSLOG_ACTION_OPEN && type != SYSLOG_ACTION_READ_ALL && type != SYSLOG_ACTION_SIZE_BUFFER;
+ }
+
+ static int check_syslog_permissions(int type, bool from_file)
+@@ -834,6 +840,11 @@ static int check_syslog_permissions(int type, bool from_file)
if (from_file && type != SYSLOG_ACTION_OPEN)
return 0;
if (capable(CAP_SYSLOG))
return 0;
diff --git a/kernel/profile.c b/kernel/profile.c
-index 76b8e77..a2930e8 100644
+index 1f39181..86093471 100644
--- a/kernel/profile.c
+++ b/kernel/profile.c
-@@ -39,7 +39,7 @@ struct profile_hit {
+@@ -40,7 +40,7 @@ struct profile_hit {
/* Oprofile timer tick hook */
static int (*timer_hook)(struct pt_regs *) __read_mostly;
static unsigned long prof_len, prof_shift;
int prof_on __read_mostly;
-@@ -281,7 +281,7 @@ static void profile_flip_buffers(void)
+@@ -282,7 +282,7 @@ static void profile_flip_buffers(void)
hits[i].pc = 0;
continue;
}
hits[i].hits = hits[i].pc = 0;
}
}
-@@ -342,9 +342,9 @@ static void do_profile_hits(int type, void *__pc, unsigned int nr_hits)
+@@ -343,9 +343,9 @@ static void do_profile_hits(int type, void *__pc, unsigned int nr_hits)
* Add the current hit(s) and flush the write-queue out
* to the global buffer:
*/
hits[i].pc = hits[i].hits = 0;
}
out:
-@@ -419,7 +419,7 @@ static void do_profile_hits(int type, void *__pc, unsigned int nr_hits)
+@@ -420,7 +420,7 @@ static void do_profile_hits(int type, void *__pc, unsigned int nr_hits)
{
unsigned long pc;
pc = ((unsigned long)__pc - (unsigned long)_stext) >> prof_shift;
}
#endif /* !CONFIG_SMP */
-@@ -517,7 +517,7 @@ read_profile(struct file *file, char __user *buf, size_t count, loff_t *ppos)
+@@ -518,7 +518,7 @@ read_profile(struct file *file, char __user *buf, size_t count, loff_t *ppos)
return -EFAULT;
buf++; p++; count--; read++;
}
if (copy_to_user(buf, (void *)pnt, count))
return -EFAULT;
read += count;
-@@ -548,7 +548,7 @@ static ssize_t write_profile(struct file *file, const char __user *buf,
+@@ -549,7 +549,7 @@ static ssize_t write_profile(struct file *file, const char __user *buf,
}
#endif
profile_discard_flip_buffers();
}
diff --git a/kernel/ptrace.c b/kernel/ptrace.c
-index fbea91d..9bf15e8 100644
+index 6cbeaae..363c48a 100644
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
-@@ -319,7 +319,7 @@ static int ptrace_attach(struct task_struct *task, long request,
-
+@@ -324,7 +324,7 @@ static int ptrace_attach(struct task_struct *task, long request,
if (seize)
flags |= PT_SEIZED;
-- if (ns_capable(task_user_ns(task), CAP_SYS_PTRACE))
-+ if (ns_capable_nolog(task_user_ns(task), CAP_SYS_PTRACE))
+ rcu_read_lock();
+- if (ns_capable(__task_cred(task)->user_ns, CAP_SYS_PTRACE))
++ if (ns_capable_nolog(__task_cred(task)->user_ns, CAP_SYS_PTRACE))
flags |= PT_PTRACE_CAP;
+ rcu_read_unlock();
task->ptrace = flags;
-
-@@ -526,7 +526,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst
+@@ -535,7 +535,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst
break;
return -EIO;
}
return -EFAULT;
copied += retval;
src += retval;
-@@ -711,7 +711,7 @@ int ptrace_request(struct task_struct *child, long request,
+@@ -720,7 +720,7 @@ int ptrace_request(struct task_struct *child, long request,
bool seized = child->ptrace & PT_SEIZED;
int ret = -EIO;
siginfo_t siginfo, *si;
unsigned long __user *datalp = datavp;
unsigned long flags;
-@@ -913,14 +913,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr,
+@@ -922,14 +922,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr,
goto out;
}
goto out_put_task_struct;
}
-@@ -948,7 +955,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr,
+@@ -957,7 +964,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr,
copied = access_process_vm(tsk, addr, &tmp, sizeof(tmp), 0);
if (copied != sizeof(tmp))
return -EIO;
}
int generic_ptrace_pokedata(struct task_struct *tsk, unsigned long addr,
-@@ -1058,14 +1065,21 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid,
+@@ -1067,14 +1074,21 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid,
goto out;
}
}
diff --git a/kernel/rcutiny.c b/kernel/rcutiny.c
-index e4c6a59..c86621a 100644
+index e7dce58..ad0d7b7 100644
--- a/kernel/rcutiny.c
+++ b/kernel/rcutiny.c
@@ -46,7 +46,7 @@
__rcu_process_callbacks(&rcu_sched_ctrlblk);
__rcu_process_callbacks(&rcu_bh_ctrlblk);
diff --git a/kernel/rcutiny_plugin.h b/kernel/rcutiny_plugin.h
-index 3d01902..afbf46e 100644
+index f85016a..91cb03b 100644
--- a/kernel/rcutiny_plugin.h
+++ b/kernel/rcutiny_plugin.h
-@@ -893,7 +893,7 @@ static int rcu_kthread(void *arg)
+@@ -896,7 +896,7 @@ static int rcu_kthread(void *arg)
have_rcu_kthread_work = morework;
local_irq_restore(flags);
if (work)
}
diff --git a/kernel/rcutorture.c b/kernel/rcutorture.c
-index aaa7b9f..055ff1e 100644
+index 31dea01..ad91ffb 100644
--- a/kernel/rcutorture.c
+++ b/kernel/rcutorture.c
@@ -163,12 +163,12 @@ static DEFINE_PER_CPU(long [RCU_TORTURE_PIPE_LEN + 1], rcu_torture_count) =
spin_lock_bh(&rcu_torture_lock);
list_add_tail(&p->rtort_free, &rcu_torture_freelist);
spin_unlock_bh(&rcu_torture_lock);
-@@ -410,7 +410,7 @@ rcu_torture_cb(struct rcu_head *p)
+@@ -409,7 +409,7 @@ rcu_torture_cb(struct rcu_head *p)
i = rp->rtort_pipe_count;
if (i > RCU_TORTURE_PIPE_LEN)
i = RCU_TORTURE_PIPE_LEN;
if (++rp->rtort_pipe_count >= RCU_TORTURE_PIPE_LEN) {
rp->rtort_mbtest = 0;
rcu_torture_free(rp);
-@@ -459,7 +459,7 @@ static void rcu_sync_torture_deferred_free(struct rcu_torture *p)
+@@ -457,7 +457,7 @@ static void rcu_sync_torture_deferred_free(struct rcu_torture *p)
i = rp->rtort_pipe_count;
if (i > RCU_TORTURE_PIPE_LEN)
i = RCU_TORTURE_PIPE_LEN;
if (++rp->rtort_pipe_count >= RCU_TORTURE_PIPE_LEN) {
rp->rtort_mbtest = 0;
list_del(&rp->rtort_free);
-@@ -1002,7 +1002,7 @@ rcu_torture_writer(void *arg)
+@@ -975,7 +975,7 @@ rcu_torture_writer(void *arg)
i = old_rp->rtort_pipe_count;
if (i > RCU_TORTURE_PIPE_LEN)
i = RCU_TORTURE_PIPE_LEN;
old_rp->rtort_pipe_count++;
cur_ops->deferred_free(old_rp);
}
-@@ -1087,7 +1087,7 @@ static void rcu_torture_timer(unsigned long unused)
+@@ -1060,7 +1060,7 @@ static void rcu_torture_timer(unsigned long unused)
}
do_trace_rcu_torture_read(cur_ops->name, &p->rtort_rcu);
if (p->rtort_mbtest == 0)
spin_lock(&rand_lock);
cur_ops->read_delay(&rand);
n_rcu_torture_timers++;
-@@ -1151,7 +1151,7 @@ rcu_torture_reader(void *arg)
+@@ -1124,7 +1124,7 @@ rcu_torture_reader(void *arg)
}
do_trace_rcu_torture_read(cur_ops->name, &p->rtort_rcu);
if (p->rtort_mbtest == 0)
cur_ops->read_delay(&rand);
preempt_disable();
pipe_count = p->rtort_pipe_count;
-@@ -1210,11 +1210,11 @@ rcu_torture_printk(char *page)
+@@ -1183,11 +1183,11 @@ rcu_torture_printk(char *page)
rcu_torture_current,
rcu_torture_current_version,
list_empty(&rcu_torture_freelist),
n_rcu_torture_boost_ktrerror,
n_rcu_torture_boost_rterror);
cnt += sprintf(&page[cnt], "rtbf: %ld rtb: %ld nt: %ld ",
-@@ -1233,14 +1233,14 @@ rcu_torture_printk(char *page)
+@@ -1206,14 +1206,14 @@ rcu_torture_printk(char *page)
n_barrier_attempts,
n_rcu_torture_barrier_error);
cnt += sprintf(&page[cnt], "\n%s%s ", torture_type, TORTURE_FLAG);
WARN_ON_ONCE(1);
}
cnt += sprintf(&page[cnt], "Reader Pipe: ");
-@@ -1254,7 +1254,7 @@ rcu_torture_printk(char *page)
+@@ -1227,7 +1227,7 @@ rcu_torture_printk(char *page)
cnt += sprintf(&page[cnt], "Free-Block Circulation: ");
for (i = 0; i < RCU_TORTURE_PIPE_LEN + 1; i++) {
cnt += sprintf(&page[cnt], " %d",
}
cnt += sprintf(&page[cnt], "\n");
if (cur_ops->stats)
-@@ -1938,7 +1938,7 @@ rcu_torture_cleanup(void)
+@@ -1920,7 +1920,7 @@ rcu_torture_cleanup(void)
+
+ rcu_torture_stats_print(); /* -After- the stats thread is stopped! */
- if (cur_ops->cleanup)
- cur_ops->cleanup();
- if (atomic_read(&n_rcu_torture_error) || n_rcu_torture_barrier_error)
+ if (atomic_read_unchecked(&n_rcu_torture_error) || n_rcu_torture_barrier_error)
rcu_torture_print_module_parms(cur_ops, "End of test: FAILURE");
else if (n_online_successes != n_online_attempts ||
n_offline_successes != n_offline_attempts)
-@@ -2007,18 +2007,18 @@ rcu_torture_init(void)
+@@ -1989,18 +1989,18 @@ rcu_torture_init(void)
rcu_torture_current = NULL;
rcu_torture_current_version = 0;
for (i = 0; i < RCU_TORTURE_PIPE_LEN + 1; i++) {
per_cpu(rcu_torture_count, cpu)[i] = 0;
diff --git a/kernel/rcutree.c b/kernel/rcutree.c
-index 2682295..0f2297e 100644
+index e441b77..dd54f17 100644
--- a/kernel/rcutree.c
+++ b/kernel/rcutree.c
-@@ -348,9 +348,9 @@ static void rcu_eqs_enter_common(struct rcu_dynticks *rdtp, long long oldval,
+@@ -349,9 +349,9 @@ static void rcu_eqs_enter_common(struct rcu_dynticks *rdtp, long long oldval,
rcu_prepare_for_idle(smp_processor_id());
/* CPUs seeing atomic_inc() must see prior RCU read-side crit sects */
smp_mb__before_atomic_inc(); /* See above. */
/*
* It is illegal to enter an extended quiescent state while
-@@ -508,10 +508,10 @@ static void rcu_eqs_exit_common(struct rcu_dynticks *rdtp, long long oldval,
+@@ -487,10 +487,10 @@ static void rcu_eqs_exit_common(struct rcu_dynticks *rdtp, long long oldval,
int user)
{
smp_mb__before_atomic_inc(); /* Force ordering w/previous sojourn. */
rcu_cleanup_after_idle(smp_processor_id());
trace_rcu_dyntick("End", oldval, rdtp->dynticks_nesting);
if (!user && !is_idle_task(current)) {
-@@ -670,14 +670,14 @@ void rcu_nmi_enter(void)
+@@ -629,14 +629,14 @@ void rcu_nmi_enter(void)
struct rcu_dynticks *rdtp = &__get_cpu_var(rcu_dynticks);
if (rdtp->dynticks_nmi_nesting == 0 &&
}
/**
-@@ -696,9 +696,9 @@ void rcu_nmi_exit(void)
+@@ -655,9 +655,9 @@ void rcu_nmi_exit(void)
return;
/* CPUs seeing atomic_inc() must see prior RCU read-side crit sects */
smp_mb__before_atomic_inc(); /* See above. */
}
/**
-@@ -712,7 +712,7 @@ int rcu_is_cpu_idle(void)
+@@ -671,7 +671,7 @@ int rcu_is_cpu_idle(void)
int ret;
preempt_disable();
preempt_enable();
return ret;
}
-@@ -795,7 +795,7 @@ int rcu_is_cpu_rrupt_from_idle(void)
+@@ -739,7 +739,7 @@ int rcu_is_cpu_rrupt_from_idle(void)
*/
static int dyntick_save_progress_counter(struct rcu_data *rdp)
{
return (rdp->dynticks_snap & 0x1) == 0;
}
-@@ -810,7 +810,7 @@ static int rcu_implicit_dynticks_qs(struct rcu_data *rdp)
+@@ -754,7 +754,7 @@ static int rcu_implicit_dynticks_qs(struct rcu_data *rdp)
unsigned int curr;
unsigned int snap;
snap = (unsigned int)rdp->dynticks_snap;
/*
-@@ -858,10 +858,10 @@ static int jiffies_till_stall_check(void)
+@@ -802,10 +802,10 @@ static int jiffies_till_stall_check(void)
* for CONFIG_RCU_CPU_STALL_TIMEOUT.
*/
if (till_stall_check < 3) {
till_stall_check = 300;
}
return till_stall_check * HZ + RCU_STALL_DELAY_DELTA;
-@@ -1589,7 +1589,7 @@ rcu_send_cbs_to_orphanage(int cpu, struct rcu_state *rsp,
+@@ -1592,7 +1592,7 @@ rcu_send_cbs_to_orphanage(int cpu, struct rcu_state *rsp,
rsp->qlen += rdp->qlen;
rdp->n_cbs_orphaned += rdp->qlen;
rdp->qlen_lazy = 0;
}
/*
-@@ -1831,7 +1831,7 @@ static void rcu_do_batch(struct rcu_state *rsp, struct rcu_data *rdp)
+@@ -1838,7 +1838,7 @@ static void rcu_do_batch(struct rcu_state *rsp, struct rcu_data *rdp)
}
smp_mb(); /* List handling before counting for rcu_barrier(). */
rdp->qlen_lazy -= count_lazy;
rdp->n_cbs_invoked += count;
/* Reinstate batch limit if we have worked down the excess. */
-@@ -2024,7 +2024,7 @@ __rcu_process_callbacks(struct rcu_state *rsp)
+@@ -2031,7 +2031,7 @@ __rcu_process_callbacks(struct rcu_state *rsp)
/*
* Do RCU core processing for the current CPU.
*/
{
struct rcu_state *rsp;
-@@ -2136,7 +2136,7 @@ __call_rcu(struct rcu_head *head, void (*func)(struct rcu_head *rcu),
+@@ -2154,7 +2154,7 @@ __call_rcu(struct rcu_head *head, void (*func)(struct rcu_head *rcu),
local_irq_restore(flags);
return;
}
if (lazy)
rdp->qlen_lazy++;
else
-@@ -2250,8 +2250,8 @@ void synchronize_rcu_bh(void)
- }
- EXPORT_SYMBOL_GPL(synchronize_rcu_bh);
-
--static atomic_t sync_sched_expedited_started = ATOMIC_INIT(0);
--static atomic_t sync_sched_expedited_done = ATOMIC_INIT(0);
-+static atomic_unchecked_t sync_sched_expedited_started = ATOMIC_INIT(0);
-+static atomic_unchecked_t sync_sched_expedited_done = ATOMIC_INIT(0);
-
- static int synchronize_sched_expedited_cpu_stop(void *data)
- {
-@@ -2312,7 +2312,7 @@ void synchronize_sched_expedited(void)
- int firstsnap, s, snap, trycount = 0;
+@@ -2363,11 +2363,11 @@ void synchronize_sched_expedited(void)
+ * counter wrap on a 32-bit system. Quite a few more CPUs would of
+ * course be required on a 64-bit system.
+ */
+- if (ULONG_CMP_GE((ulong)atomic_long_read(&rsp->expedited_start),
++ if (ULONG_CMP_GE((ulong)atomic_long_read_unchecked(&rsp->expedited_start),
+ (ulong)atomic_long_read(&rsp->expedited_done) +
+ ULONG_MAX / 8)) {
+ synchronize_sched();
+- atomic_long_inc(&rsp->expedited_wrap);
++ atomic_long_inc_unchecked(&rsp->expedited_wrap);
+ return;
+ }
- /* Note that atomic_inc_return() implies full memory barrier. */
-- firstsnap = snap = atomic_inc_return(&sync_sched_expedited_started);
-+ firstsnap = snap = atomic_inc_return_unchecked(&sync_sched_expedited_started);
+@@ -2375,7 +2375,7 @@ void synchronize_sched_expedited(void)
+ * Take a ticket. Note that atomic_inc_return() implies a
+ * full memory barrier.
+ */
+- snap = atomic_long_inc_return(&rsp->expedited_start);
++ snap = atomic_long_inc_return_unchecked(&rsp->expedited_start);
+ firstsnap = snap;
get_online_cpus();
WARN_ON_ONCE(cpu_is_offline(raw_smp_processor_id()));
+@@ -2388,14 +2388,14 @@ void synchronize_sched_expedited(void)
+ synchronize_sched_expedited_cpu_stop,
+ NULL) == -EAGAIN) {
+ put_online_cpus();
+- atomic_long_inc(&rsp->expedited_tryfail);
++ atomic_long_inc_unchecked(&rsp->expedited_tryfail);
-@@ -2334,7 +2334,7 @@ void synchronize_sched_expedited(void)
+ /* Check to see if someone else did our work for us. */
+ s = atomic_long_read(&rsp->expedited_done);
+ if (ULONG_CMP_GE((ulong)s, (ulong)firstsnap)) {
+ /* ensure test happens before caller kfree */
+ smp_mb__before_atomic_inc(); /* ^^^ */
+- atomic_long_inc(&rsp->expedited_workdone1);
++ atomic_long_inc_unchecked(&rsp->expedited_workdone1);
+ return;
}
- /* Check to see if someone else did our work for us. */
-- s = atomic_read(&sync_sched_expedited_done);
-+ s = atomic_read_unchecked(&sync_sched_expedited_done);
- if (UINT_CMP_GE((unsigned)s, (unsigned)firstsnap)) {
- smp_mb(); /* ensure test happens before caller kfree */
+@@ -2404,7 +2404,7 @@ void synchronize_sched_expedited(void)
+ udelay(trycount * num_online_cpus());
+ } else {
+ wait_rcu_gp(call_rcu_sched);
+- atomic_long_inc(&rsp->expedited_normal);
++ atomic_long_inc_unchecked(&rsp->expedited_normal);
return;
-@@ -2349,7 +2349,7 @@ void synchronize_sched_expedited(void)
- * grace period works for us.
+ }
+
+@@ -2413,7 +2413,7 @@ void synchronize_sched_expedited(void)
+ if (ULONG_CMP_GE((ulong)s, (ulong)firstsnap)) {
+ /* ensure test happens before caller kfree */
+ smp_mb__before_atomic_inc(); /* ^^^ */
+- atomic_long_inc(&rsp->expedited_workdone2);
++ atomic_long_inc_unchecked(&rsp->expedited_workdone2);
+ return;
+ }
+
+@@ -2425,10 +2425,10 @@ void synchronize_sched_expedited(void)
+ * period works for us.
*/
get_online_cpus();
-- snap = atomic_read(&sync_sched_expedited_started);
-+ snap = atomic_read_unchecked(&sync_sched_expedited_started);
+- snap = atomic_long_read(&rsp->expedited_start);
++ snap = atomic_long_read_unchecked(&rsp->expedited_start);
smp_mb(); /* ensure read is before try_stop_cpus(). */
}
+- atomic_long_inc(&rsp->expedited_stoppedcpus);
++ atomic_long_inc_unchecked(&rsp->expedited_stoppedcpus);
-@@ -2360,12 +2360,12 @@ void synchronize_sched_expedited(void)
- * than we did beat us to the punch.
+ /*
+ * Everyone up to our most recent fetch is covered by our grace
+@@ -2437,16 +2437,16 @@ void synchronize_sched_expedited(void)
+ * than we did already did their update.
*/
do {
-- s = atomic_read(&sync_sched_expedited_done);
-+ s = atomic_read_unchecked(&sync_sched_expedited_done);
- if (UINT_CMP_GE((unsigned)s, (unsigned)snap)) {
- smp_mb(); /* ensure test happens before caller kfree */
+- atomic_long_inc(&rsp->expedited_done_tries);
++ atomic_long_inc_unchecked(&rsp->expedited_done_tries);
+ s = atomic_long_read(&rsp->expedited_done);
+ if (ULONG_CMP_GE((ulong)s, (ulong)snap)) {
+ /* ensure test happens before caller kfree */
+ smp_mb__before_atomic_inc(); /* ^^^ */
+- atomic_long_inc(&rsp->expedited_done_lost);
++ atomic_long_inc_unchecked(&rsp->expedited_done_lost);
break;
}
-- } while (atomic_cmpxchg(&sync_sched_expedited_done, s, snap) != s);
-+ } while (atomic_cmpxchg_unchecked(&sync_sched_expedited_done, s, snap) != s);
+ } while (atomic_long_cmpxchg(&rsp->expedited_done, s, snap) != s);
+- atomic_long_inc(&rsp->expedited_done_exit);
++ atomic_long_inc_unchecked(&rsp->expedited_done_exit);
put_online_cpus();
}
-@@ -2539,7 +2539,7 @@ static void _rcu_barrier(struct rcu_state *rsp)
+@@ -2620,7 +2620,7 @@ static void _rcu_barrier(struct rcu_state *rsp)
* ACCESS_ONCE() to prevent the compiler from speculating
* the increment to precede the early-exit check.
*/
WARN_ON_ONCE((rsp->n_barrier_done & 0x1) != 1);
_rcu_barrier_trace(rsp, "Inc1", -1, rsp->n_barrier_done);
smp_mb(); /* Order ->n_barrier_done increment with below mechanism. */
-@@ -2581,7 +2581,7 @@ static void _rcu_barrier(struct rcu_state *rsp)
+@@ -2670,7 +2670,7 @@ static void _rcu_barrier(struct rcu_state *rsp)
/* Increment ->n_barrier_done to prevent duplicate work. */
smp_mb(); /* Keep increment after above mechanism. */
WARN_ON_ONCE((rsp->n_barrier_done & 0x1) != 0);
_rcu_barrier_trace(rsp, "Inc2", -1, rsp->n_barrier_done);
smp_mb(); /* Keep increment before caller's subsequent code. */
-@@ -2626,10 +2626,10 @@ rcu_boot_init_percpu_data(int cpu, struct rcu_state *rsp)
+@@ -2715,10 +2715,10 @@ rcu_boot_init_percpu_data(int cpu, struct rcu_state *rsp)
rdp->grpmask = 1UL << (cpu - rdp->mynode->grplo);
init_callback_list(rdp);
rdp->qlen_lazy = 0;
#ifdef CONFIG_RCU_USER_QS
WARN_ON_ONCE(rdp->dynticks->in_user);
#endif
-@@ -2664,8 +2664,8 @@ rcu_init_percpu_data(int cpu, struct rcu_state *rsp, int preemptible)
+@@ -2754,8 +2754,8 @@ rcu_init_percpu_data(int cpu, struct rcu_state *rsp, int preemptible)
rdp->blimit = blimit;
init_callback_list(rdp); /* Re-enable callbacks on this CPU. */
rdp->dynticks->dynticks_nesting = DYNTICK_TASK_EXIT_IDLE;
raw_spin_unlock(&rnp->lock); /* irqs remain disabled. */
diff --git a/kernel/rcutree.h b/kernel/rcutree.h
-index a240f03..d469618 100644
+index 4b69291..704c92e 100644
--- a/kernel/rcutree.h
+++ b/kernel/rcutree.h
@@ -86,7 +86,7 @@ struct rcu_dynticks {
#ifdef CONFIG_RCU_FAST_NO_HZ
int dyntick_drain; /* Prepare-for-idle state variable. */
unsigned long dyntick_holdoff;
+@@ -423,17 +423,17 @@ struct rcu_state {
+ /* _rcu_barrier(). */
+ /* End of fields guarded by barrier_mutex. */
+
+- atomic_long_t expedited_start; /* Starting ticket. */
+- atomic_long_t expedited_done; /* Done ticket. */
+- atomic_long_t expedited_wrap; /* # near-wrap incidents. */
+- atomic_long_t expedited_tryfail; /* # acquisition failures. */
+- atomic_long_t expedited_workdone1; /* # done by others #1. */
+- atomic_long_t expedited_workdone2; /* # done by others #2. */
+- atomic_long_t expedited_normal; /* # fallbacks to normal. */
+- atomic_long_t expedited_stoppedcpus; /* # successful stop_cpus. */
+- atomic_long_t expedited_done_tries; /* # tries to update _done. */
+- atomic_long_t expedited_done_lost; /* # times beaten to _done. */
+- atomic_long_t expedited_done_exit; /* # times exited _done loop. */
++ atomic_long_unchecked_t expedited_start; /* Starting ticket. */
++ atomic_long_t expedited_done; /* Done ticket. */
++ atomic_long_unchecked_t expedited_wrap; /* # near-wrap incidents. */
++ atomic_long_unchecked_t expedited_tryfail; /* # acquisition failures. */
++ atomic_long_unchecked_t expedited_workdone1; /* # done by others #1. */
++ atomic_long_unchecked_t expedited_workdone2; /* # done by others #2. */
++ atomic_long_unchecked_t expedited_normal; /* # fallbacks to normal. */
++ atomic_long_unchecked_t expedited_stoppedcpus; /* # successful stop_cpus. */
++ atomic_long_unchecked_t expedited_done_tries; /* # tries to update _done. */
++ atomic_long_unchecked_t expedited_done_lost; /* # times beaten to _done. */
++ atomic_long_unchecked_t expedited_done_exit; /* # times exited _done loop. */
+
+ unsigned long jiffies_force_qs; /* Time at which to invoke */
+ /* force_quiescent_state(). */
diff --git a/kernel/rcutree_plugin.h b/kernel/rcutree_plugin.h
-index f921154..34c4873 100644
+index c1cc7e1..f62e436 100644
--- a/kernel/rcutree_plugin.h
+++ b/kernel/rcutree_plugin.h
-@@ -865,7 +865,7 @@ void synchronize_rcu_expedited(void)
+@@ -892,7 +892,7 @@ void synchronize_rcu_expedited(void)
/* Clean up and exit. */
smp_mb(); /* ensure expedited GP seen before counter increment. */
unlock_mb_ret:
mutex_unlock(&sync_rcu_preempt_exp_mutex);
mb_ret:
-@@ -2040,7 +2040,7 @@ static void print_cpu_stall_info(struct rcu_state *rsp, int cpu)
+@@ -1440,7 +1440,7 @@ static void rcu_boost_kthread_setaffinity(struct rcu_node *rnp, int outgoingcpu)
+ free_cpumask_var(cm);
+ }
+
+-static struct smp_hotplug_thread rcu_cpu_thread_spec = {
++static struct smp_hotplug_thread rcu_cpu_thread_spec __read_only = {
+ .store = &rcu_cpu_kthread_task,
+ .thread_should_run = rcu_cpu_kthread_should_run,
+ .thread_fn = rcu_cpu_kthread,
+@@ -2072,7 +2072,7 @@ static void print_cpu_stall_info(struct rcu_state *rsp, int cpu)
print_cpu_stall_fast_no_hz(fast_no_hz, cpu);
printk(KERN_ERR "\t%d: (%lu %s) idle=%03x/%llx/%d %s\n",
cpu, ticks_value, ticks_title,
rdtp->dynticks_nesting, rdtp->dynticks_nmi_nesting,
fast_no_hz);
}
+@@ -2192,7 +2192,7 @@ static void __call_rcu_nocb_enqueue(struct rcu_data *rdp,
+
+ /* Enqueue the callback on the nocb list and update counts. */
+ old_rhpp = xchg(&rdp->nocb_tail, rhtp);
+- ACCESS_ONCE(*old_rhpp) = rhp;
++ ACCESS_ONCE_RW(*old_rhpp) = rhp;
+ atomic_long_add(rhcount, &rdp->nocb_q_count);
+ atomic_long_add(rhcount_lazy, &rdp->nocb_q_count_lazy);
+
+@@ -2384,12 +2384,12 @@ static int rcu_nocb_kthread(void *arg)
+ * Extract queued callbacks, update counts, and wait
+ * for a grace period to elapse.
+ */
+- ACCESS_ONCE(rdp->nocb_head) = NULL;
++ ACCESS_ONCE_RW(rdp->nocb_head) = NULL;
+ tail = xchg(&rdp->nocb_tail, &rdp->nocb_head);
+ c = atomic_long_xchg(&rdp->nocb_q_count, 0);
+ cl = atomic_long_xchg(&rdp->nocb_q_count_lazy, 0);
+- ACCESS_ONCE(rdp->nocb_p_count) += c;
+- ACCESS_ONCE(rdp->nocb_p_count_lazy) += cl;
++ ACCESS_ONCE_RW(rdp->nocb_p_count) += c;
++ ACCESS_ONCE_RW(rdp->nocb_p_count_lazy) += cl;
+ wait_rcu_gp(rdp->rsp->call_remote);
+
+ /* Each pass through the following loop invokes a callback. */
+@@ -2411,8 +2411,8 @@ static int rcu_nocb_kthread(void *arg)
+ list = next;
+ }
+ trace_rcu_batch_end(rdp->rsp->name, c, !!list, 0, 0, 1);
+- ACCESS_ONCE(rdp->nocb_p_count) -= c;
+- ACCESS_ONCE(rdp->nocb_p_count_lazy) -= cl;
++ ACCESS_ONCE_RW(rdp->nocb_p_count) -= c;
++ ACCESS_ONCE_RW(rdp->nocb_p_count_lazy) -= cl;
+ rdp->n_nocbs_invoked += c;
+ }
+ return 0;
+@@ -2438,7 +2438,7 @@ static void __init rcu_spawn_nocb_kthreads(struct rcu_state *rsp)
+ rdp = per_cpu_ptr(rsp->rda, cpu);
+ t = kthread_run(rcu_nocb_kthread, rdp, "rcuo%d", cpu);
+ BUG_ON(IS_ERR(t));
+- ACCESS_ONCE(rdp->nocb_kthread) = t;
++ ACCESS_ONCE_RW(rdp->nocb_kthread) = t;
+ }
+ }
+
diff --git a/kernel/rcutree_trace.c b/kernel/rcutree_trace.c
-index 693513b..b9f1d63 100644
+index 0d095dc..1985b19 100644
--- a/kernel/rcutree_trace.c
+++ b/kernel/rcutree_trace.c
-@@ -92,7 +92,7 @@ static void print_one_rcu_data(struct seq_file *m, struct rcu_data *rdp)
- rdp->completed, rdp->gpnum,
+@@ -123,7 +123,7 @@ static void print_one_rcu_data(struct seq_file *m, struct rcu_data *rdp)
+ ulong2long(rdp->completed), ulong2long(rdp->gpnum),
rdp->passed_quiesce, rdp->qs_pending);
seq_printf(m, " dt=%d/%llx/%d df=%lu",
- atomic_read(&rdp->dynticks->dynticks),
rdp->dynticks->dynticks_nesting,
rdp->dynticks->dynticks_nmi_nesting,
rdp->dynticks_fqs);
-@@ -154,7 +154,7 @@ static void print_one_rcu_data_csv(struct seq_file *m, struct rcu_data *rdp)
- rdp->completed, rdp->gpnum,
- rdp->passed_quiesce, rdp->qs_pending);
- seq_printf(m, ",%d,%llx,%d,%lu",
-- atomic_read(&rdp->dynticks->dynticks),
-+ atomic_read_unchecked(&rdp->dynticks->dynticks),
- rdp->dynticks->dynticks_nesting,
- rdp->dynticks->dynticks_nmi_nesting,
- rdp->dynticks_fqs);
+@@ -184,17 +184,17 @@ static int show_rcuexp(struct seq_file *m, void *v)
+ struct rcu_state *rsp = (struct rcu_state *)m->private;
+
+ seq_printf(m, "s=%lu d=%lu w=%lu tf=%lu wd1=%lu wd2=%lu n=%lu sc=%lu dt=%lu dl=%lu dx=%lu\n",
+- atomic_long_read(&rsp->expedited_start),
++ atomic_long_read_unchecked(&rsp->expedited_start),
+ atomic_long_read(&rsp->expedited_done),
+- atomic_long_read(&rsp->expedited_wrap),
+- atomic_long_read(&rsp->expedited_tryfail),
+- atomic_long_read(&rsp->expedited_workdone1),
+- atomic_long_read(&rsp->expedited_workdone2),
+- atomic_long_read(&rsp->expedited_normal),
+- atomic_long_read(&rsp->expedited_stoppedcpus),
+- atomic_long_read(&rsp->expedited_done_tries),
+- atomic_long_read(&rsp->expedited_done_lost),
+- atomic_long_read(&rsp->expedited_done_exit));
++ atomic_long_read_unchecked(&rsp->expedited_wrap),
++ atomic_long_read_unchecked(&rsp->expedited_tryfail),
++ atomic_long_read_unchecked(&rsp->expedited_workdone1),
++ atomic_long_read_unchecked(&rsp->expedited_workdone2),
++ atomic_long_read_unchecked(&rsp->expedited_normal),
++ atomic_long_read_unchecked(&rsp->expedited_stoppedcpus),
++ atomic_long_read_unchecked(&rsp->expedited_done_tries),
++ atomic_long_read_unchecked(&rsp->expedited_done_lost),
++ atomic_long_read_unchecked(&rsp->expedited_done_exit));
+ return 0;
+ }
+
diff --git a/kernel/resource.c b/kernel/resource.c
index 73f35d4..4684fc4 100644
--- a/kernel/resource.c
default:
diff --git a/kernel/sched/auto_group.c b/kernel/sched/auto_group.c
-index 15f60d0..7e50319 100644
+index 0984a21..939f183 100644
--- a/kernel/sched/auto_group.c
+++ b/kernel/sched/auto_group.c
@@ -11,7 +11,7 @@
#ifdef CONFIG_RT_GROUP_SCHED
/*
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
-index c529d00..d00b4f3 100644
+index 26058d0..f9d3c76 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
-@@ -3563,6 +3563,8 @@ int can_nice(const struct task_struct *p, const int nice)
+@@ -3631,6 +3631,8 @@ int can_nice(const struct task_struct *p, const int nice)
/* convert nice value [19,-20] to rlimit style value [1,40] */
int nice_rlim = 20 - nice;
return (nice_rlim <= task_rlimit(p, RLIMIT_NICE) ||
capable(CAP_SYS_NICE));
}
-@@ -3596,7 +3598,8 @@ SYSCALL_DEFINE1(nice, int, increment)
+@@ -3664,7 +3666,8 @@ SYSCALL_DEFINE1(nice, int, increment)
if (nice > 19)
nice = 19;
return -EPERM;
retval = security_task_setnice(current, nice);
-@@ -3750,6 +3753,7 @@ recheck:
+@@ -3818,6 +3821,7 @@ recheck:
unsigned long rlim_rtprio =
task_rlimit(p, RLIMIT_RTPRIO);
/* can't set/change the rt policy */
if (policy != p->policy && !rlim_rtprio)
return -EPERM;
+@@ -4901,7 +4905,7 @@ static void migrate_tasks(unsigned int dead_cpu)
+
+ #if defined(CONFIG_SCHED_DEBUG) && defined(CONFIG_SYSCTL)
+
+-static struct ctl_table sd_ctl_dir[] = {
++static ctl_table_no_const sd_ctl_dir[] __read_only = {
+ {
+ .procname = "sched_domain",
+ .mode = 0555,
+@@ -4918,17 +4922,17 @@ static struct ctl_table sd_ctl_root[] = {
+ {}
+ };
+
+-static struct ctl_table *sd_alloc_ctl_entry(int n)
++static ctl_table_no_const *sd_alloc_ctl_entry(int n)
+ {
+- struct ctl_table *entry =
++ ctl_table_no_const *entry =
+ kcalloc(n, sizeof(struct ctl_table), GFP_KERNEL);
+
+ return entry;
+ }
+
+-static void sd_free_ctl_entry(struct ctl_table **tablep)
++static void sd_free_ctl_entry(ctl_table_no_const *tablep)
+ {
+- struct ctl_table *entry;
++ ctl_table_no_const *entry;
+
+ /*
+ * In the intermediate directories, both the child directory and
+@@ -4936,22 +4940,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep)
+ * will always be set. In the lowest directory the names are
+ * static strings and all have proc handlers.
+ */
+- for (entry = *tablep; entry->mode; entry++) {
+- if (entry->child)
+- sd_free_ctl_entry(&entry->child);
++ for (entry = tablep; entry->mode; entry++) {
++ if (entry->child) {
++ sd_free_ctl_entry(entry->child);
++ pax_open_kernel();
++ entry->child = NULL;
++ pax_close_kernel();
++ }
+ if (entry->proc_handler == NULL)
+ kfree(entry->procname);
+ }
+
+- kfree(*tablep);
+- *tablep = NULL;
++ kfree(tablep);
+ }
+
+ static int min_load_idx = 0;
+ static int max_load_idx = CPU_LOAD_IDX_MAX;
+
+ static void
+-set_table_entry(struct ctl_table *entry,
++set_table_entry(ctl_table_no_const *entry,
+ const char *procname, void *data, int maxlen,
+ umode_t mode, proc_handler *proc_handler,
+ bool load_idx)
+@@ -4971,7 +4978,7 @@ set_table_entry(struct ctl_table *entry,
+ static struct ctl_table *
+ sd_alloc_ctl_domain_table(struct sched_domain *sd)
+ {
+- struct ctl_table *table = sd_alloc_ctl_entry(13);
++ ctl_table_no_const *table = sd_alloc_ctl_entry(13);
+
+ if (table == NULL)
+ return NULL;
+@@ -5006,9 +5013,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd)
+ return table;
+ }
+
+-static ctl_table *sd_alloc_ctl_cpu_table(int cpu)
++static ctl_table_no_const *sd_alloc_ctl_cpu_table(int cpu)
+ {
+- struct ctl_table *entry, *table;
++ ctl_table_no_const *entry, *table;
+ struct sched_domain *sd;
+ int domain_num = 0, i;
+ char buf[32];
+@@ -5035,11 +5042,13 @@ static struct ctl_table_header *sd_sysctl_header;
+ static void register_sched_domain_sysctl(void)
+ {
+ int i, cpu_num = num_possible_cpus();
+- struct ctl_table *entry = sd_alloc_ctl_entry(cpu_num + 1);
++ ctl_table_no_const *entry = sd_alloc_ctl_entry(cpu_num + 1);
+ char buf[32];
+
+ WARN_ON(sd_ctl_dir[0].child);
++ pax_open_kernel();
+ sd_ctl_dir[0].child = entry;
++ pax_close_kernel();
+
+ if (entry == NULL)
+ return;
+@@ -5062,8 +5071,12 @@ static void unregister_sched_domain_sysctl(void)
+ if (sd_sysctl_header)
+ unregister_sysctl_table(sd_sysctl_header);
+ sd_sysctl_header = NULL;
+- if (sd_ctl_dir[0].child)
+- sd_free_ctl_entry(&sd_ctl_dir[0].child);
++ if (sd_ctl_dir[0].child) {
++ sd_free_ctl_entry(sd_ctl_dir[0].child);
++ pax_open_kernel();
++ sd_ctl_dir[0].child = NULL;
++ pax_close_kernel();
++ }
+ }
+ #else
+ static void register_sched_domain_sysctl(void)
+@@ -5162,7 +5175,7 @@ migration_call(struct notifier_block *nfb, unsigned long action, void *hcpu)
+ * happens before everything else. This has to be lower priority than
+ * the notifier in the perf_event subsystem, though.
+ */
+-static struct notifier_block __cpuinitdata migration_notifier = {
++static struct notifier_block migration_notifier = {
+ .notifier_call = migration_call,
+ .priority = CPU_PRI_MIGRATION,
+ };
diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
-index 6b800a1..0c36227 100644
+index 81fa536..6ccf96a 100644
--- a/kernel/sched/fair.c
+++ b/kernel/sched/fair.c
-@@ -4890,7 +4890,7 @@ static void nohz_idle_balance(int this_cpu, enum cpu_idle_type idle) { }
+@@ -830,7 +830,7 @@ void task_numa_fault(int node, int pages, bool migrated)
+
+ static void reset_ptenuma_scan(struct task_struct *p)
+ {
+- ACCESS_ONCE(p->mm->numa_scan_seq)++;
++ ACCESS_ONCE_RW(p->mm->numa_scan_seq)++;
+ p->mm->numa_scan_offset = 0;
+ }
+
+@@ -3254,25 +3254,18 @@ find_idlest_cpu(struct sched_group *group, struct task_struct *p, int this_cpu)
+ */
+ static int select_idle_sibling(struct task_struct *p, int target)
+ {
+- int cpu = smp_processor_id();
+- int prev_cpu = task_cpu(p);
+ struct sched_domain *sd;
+ struct sched_group *sg;
+- int i;
++ int i = task_cpu(p);
+
+- /*
+- * If the task is going to be woken-up on this cpu and if it is
+- * already idle, then it is the right target.
+- */
+- if (target == cpu && idle_cpu(cpu))
+- return cpu;
++ if (idle_cpu(target))
++ return target;
+
+ /*
+- * If the task is going to be woken-up on the cpu where it previously
+- * ran and if it is currently idle, then it the right target.
++ * If the prevous cpu is cache affine and idle, don't be stupid.
+ */
+- if (target == prev_cpu && idle_cpu(prev_cpu))
+- return prev_cpu;
++ if (i != target && cpus_share_cache(i, target) && idle_cpu(i))
++ return i;
+
+ /*
+ * Otherwise, iterate the domains and find an elegible idle cpu.
+@@ -3286,7 +3279,7 @@ static int select_idle_sibling(struct task_struct *p, int target)
+ goto next;
+
+ for_each_cpu(i, sched_group_cpus(sg)) {
+- if (!idle_cpu(i))
++ if (i == target || !idle_cpu(i))
+ goto next;
+ }
+
+@@ -5663,7 +5656,7 @@ static void nohz_idle_balance(int this_cpu, enum cpu_idle_type idle) { }
* run_rebalance_domains is triggered when needed from the scheduler tick.
* Also triggered for nohz idle balancing (with nohz_balancing_kick set).
*/
int this_cpu = smp_processor_id();
struct rq *this_rq = cpu_rq(this_cpu);
diff --git a/kernel/signal.c b/kernel/signal.c
-index 57dde52..2c561f0 100644
+index 3d09cf6..8988390 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
-@@ -49,12 +49,12 @@ static struct kmem_cache *sigqueue_cachep;
+@@ -50,12 +50,12 @@ static struct kmem_cache *sigqueue_cachep;
int print_fatal_signals __read_mostly;
{
/* Is it explicitly or implicitly ignored? */
return handler == SIG_IGN ||
-@@ -63,7 +63,7 @@ static int sig_handler_ignored(void __user *handler, int sig)
+@@ -64,7 +64,7 @@ static int sig_handler_ignored(void __user *handler, int sig)
static int sig_task_ignored(struct task_struct *t, int sig, bool force)
{
handler = sig_handler(t, sig);
-@@ -367,6 +367,9 @@ __sigqueue_alloc(int sig, struct task_struct *t, gfp_t flags, int override_rlimi
+@@ -368,6 +368,9 @@ __sigqueue_alloc(int sig, struct task_struct *t, gfp_t flags, int override_rlimi
atomic_inc(&user->sigpending);
rcu_read_unlock();
if (override_rlimit ||
atomic_read(&user->sigpending) <=
task_rlimit(t, RLIMIT_SIGPENDING)) {
-@@ -491,7 +494,7 @@ flush_signal_handlers(struct task_struct *t, int force_default)
+@@ -485,6 +488,9 @@ flush_signal_handlers(struct task_struct *t, int force_default)
+ if (force_default || ka->sa.sa_handler != SIG_IGN)
+ ka->sa.sa_handler = SIG_DFL;
+ ka->sa.sa_flags = 0;
++#ifdef SA_RESTORER
++ ka->sa.sa_restorer = NULL;
++#endif
+ sigemptyset(&ka->sa.sa_mask);
+ ka++;
+ }
+@@ -492,7 +498,7 @@ flush_signal_handlers(struct task_struct *t, int force_default)
int unhandled_signal(struct task_struct *tsk, int sig)
{
if (is_global_init(tsk))
return 1;
if (handler != SIG_IGN && handler != SIG_DFL)
-@@ -811,6 +814,13 @@ static int check_kill_permission(int sig, struct siginfo *info,
+@@ -812,6 +818,13 @@ static int check_kill_permission(int sig, struct siginfo *info,
}
}
return security_task_kill(t, info, sig, 0);
}
-@@ -1192,7 +1202,7 @@ __group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p)
+@@ -1194,7 +1207,7 @@ __group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p)
return send_signal(sig, info, p, 1);
}
specific_send_sig_info(int sig, struct siginfo *info, struct task_struct *t)
{
return send_signal(sig, info, t, 0);
-@@ -1229,6 +1239,7 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t)
+@@ -1231,6 +1244,7 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t)
unsigned long int flags;
int ret, blocked, ignored;
struct k_sigaction *action;
spin_lock_irqsave(&t->sighand->siglock, flags);
action = &t->sighand->action[sig-1];
-@@ -1243,9 +1254,18 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t)
+@@ -1245,9 +1259,18 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t)
}
if (action->sa.sa_handler == SIG_DFL)
t->signal->flags &= ~SIGNAL_UNKILLABLE;
return ret;
}
-@@ -1312,8 +1332,11 @@ int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p)
+@@ -1314,8 +1337,11 @@ int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p)
ret = check_kill_permission(sig, info, p);
rcu_read_unlock();
return ret;
}
-@@ -2863,7 +2886,15 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info)
+@@ -2852,7 +2878,15 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info)
int error = -ESRCH;
rcu_read_lock();
if (p && (tgid <= 0 || task_tgid_vnr(p) == tgid)) {
error = check_kill_permission(sig, info, p);
/*
+@@ -3135,8 +3169,8 @@ COMPAT_SYSCALL_DEFINE2(sigaltstack,
+ }
+ seg = get_fs();
+ set_fs(KERNEL_DS);
+- ret = do_sigaltstack((stack_t __force __user *) (uss_ptr ? &uss : NULL),
+- (stack_t __force __user *) &uoss,
++ ret = do_sigaltstack((stack_t __force_user *) (uss_ptr ? &uss : NULL),
++ (stack_t __force_user *) &uoss,
+ compat_user_stack_pointer());
+ set_fs(seg);
+ if (ret >= 0 && uoss_ptr) {
+diff --git a/kernel/smp.c b/kernel/smp.c
+index 69f38bd..77bbf12 100644
+--- a/kernel/smp.c
++++ b/kernel/smp.c
+@@ -77,7 +77,7 @@ hotplug_cfd(struct notifier_block *nfb, unsigned long action, void *hcpu)
+ return NOTIFY_OK;
+ }
+
+-static struct notifier_block __cpuinitdata hotplug_cfd_notifier = {
++static struct notifier_block hotplug_cfd_notifier = {
+ .notifier_call = hotplug_cfd,
+ };
+
+diff --git a/kernel/smpboot.c b/kernel/smpboot.c
+index d6c5fc0..530560c 100644
+--- a/kernel/smpboot.c
++++ b/kernel/smpboot.c
+@@ -275,7 +275,7 @@ int smpboot_register_percpu_thread(struct smp_hotplug_thread *plug_thread)
+ }
+ smpboot_unpark_thread(plug_thread, cpu);
+ }
+- list_add(&plug_thread->list, &hotplug_threads);
++ pax_list_add(&plug_thread->list, &hotplug_threads);
+ out:
+ mutex_unlock(&smpboot_threads_lock);
+ return ret;
+@@ -292,7 +292,7 @@ void smpboot_unregister_percpu_thread(struct smp_hotplug_thread *plug_thread)
+ {
+ get_online_cpus();
+ mutex_lock(&smpboot_threads_lock);
+- list_del(&plug_thread->list);
++ pax_list_del(&plug_thread->list);
+ smpboot_destroy_threads(plug_thread);
+ mutex_unlock(&smpboot_threads_lock);
+ put_online_cpus();
diff --git a/kernel/softirq.c b/kernel/softirq.c
-index cc96bdc..8bb9750 100644
+index ed567ba..e71dabf 100644
--- a/kernel/softirq.c
+++ b/kernel/softirq.c
-@@ -57,7 +57,7 @@ static struct softirq_action softirq_vec[NR_SOFTIRQS] __cacheline_aligned_in_smp
+@@ -53,11 +53,11 @@ irq_cpustat_t irq_stat[NR_CPUS] ____cacheline_aligned;
+ EXPORT_SYMBOL(irq_stat);
+ #endif
+
+-static struct softirq_action softirq_vec[NR_SOFTIRQS] __cacheline_aligned_in_smp;
++static struct softirq_action softirq_vec[NR_SOFTIRQS] __read_only __aligned(PAGE_SIZE);
DEFINE_PER_CPU(struct task_struct *, ksoftirqd);
trace_softirq_exit(vec_nr);
if (unlikely(prev_count != preempt_count())) {
printk(KERN_ERR "huh, entered softirq %u %s %p"
-@@ -391,9 +391,11 @@ void __raise_softirq_irqoff(unsigned int nr)
+@@ -391,7 +391,7 @@ void __raise_softirq_irqoff(unsigned int nr)
or_softirq_pending(1UL << nr);
}
-void open_softirq(int nr, void (*action)(struct softirq_action *))
-+void open_softirq(int nr, void (*action)(void))
++void __init open_softirq(int nr, void (*action)(void))
{
-- softirq_vec[nr].action = action;
-+ pax_open_kernel();
-+ *(void **)&softirq_vec[nr].action = action;
-+ pax_close_kernel();
+ softirq_vec[nr].action = action;
}
-
- /*
-@@ -447,7 +449,7 @@ void __tasklet_hi_schedule_first(struct tasklet_struct *t)
+@@ -447,7 +447,7 @@ void __tasklet_hi_schedule_first(struct tasklet_struct *t)
EXPORT_SYMBOL(__tasklet_hi_schedule_first);
{
struct tasklet_struct *list;
-@@ -482,7 +484,7 @@ static void tasklet_action(struct softirq_action *a)
+@@ -482,7 +482,7 @@ static void tasklet_action(struct softirq_action *a)
}
}
{
struct tasklet_struct *list;
+@@ -718,7 +718,7 @@ static int __cpuinit remote_softirq_cpu_notify(struct notifier_block *self,
+ return NOTIFY_OK;
+ }
+
+-static struct notifier_block __cpuinitdata remote_softirq_cpu_notifier = {
++static struct notifier_block remote_softirq_cpu_notifier = {
+ .notifier_call = remote_softirq_cpu_notify,
+ };
+
+@@ -835,11 +835,11 @@ static int __cpuinit cpu_callback(struct notifier_block *nfb,
+ return NOTIFY_OK;
+ }
+
+-static struct notifier_block __cpuinitdata cpu_nfb = {
++static struct notifier_block cpu_nfb = {
+ .notifier_call = cpu_callback
+ };
+
+-static struct smp_hotplug_thread softirq_threads = {
++static struct smp_hotplug_thread softirq_threads __read_only = {
+ .store = &ksoftirqd,
+ .thread_should_run = ksoftirqd_should_run,
+ .thread_fn = run_ksoftirqd,
diff --git a/kernel/srcu.c b/kernel/srcu.c
-index 97c465e..d83f3bb 100644
+index 2b85982..d52ab26 100644
--- a/kernel/srcu.c
+++ b/kernel/srcu.c
-@@ -302,9 +302,9 @@ int __srcu_read_lock(struct srcu_struct *sp)
+@@ -305,9 +305,9 @@ int __srcu_read_lock(struct srcu_struct *sp)
preempt_disable();
idx = rcu_dereference_index_check(sp->completed,
rcu_read_lock_sched_held()) & 0x1;
preempt_enable();
return idx;
}
-@@ -320,7 +320,7 @@ void __srcu_read_unlock(struct srcu_struct *sp, int idx)
+@@ -323,7 +323,7 @@ void __srcu_read_unlock(struct srcu_struct *sp, int idx)
{
preempt_disable();
smp_mb(); /* C */ /* Avoid leaking the critical section. */
preempt_enable();
}
EXPORT_SYMBOL_GPL(__srcu_read_unlock);
+diff --git a/kernel/stop_machine.c b/kernel/stop_machine.c
+index 2f194e9..2c05ea9 100644
+--- a/kernel/stop_machine.c
++++ b/kernel/stop_machine.c
+@@ -362,7 +362,7 @@ static int __cpuinit cpu_stop_cpu_callback(struct notifier_block *nfb,
+ * cpu notifiers. It currently shares the same priority as sched
+ * migration_notifier.
+ */
+-static struct notifier_block __cpuinitdata cpu_stop_cpu_notifier = {
++static struct notifier_block cpu_stop_cpu_notifier = {
+ .notifier_call = cpu_stop_cpu_callback,
+ .priority = 10,
+ };
diff --git a/kernel/sys.c b/kernel/sys.c
-index e6e0ece..1f2e413 100644
+index 265b376..4e42ef5 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -157,6 +157,12 @@ static int set_one_prio(struct task_struct *p, int niceval, int error)
goto error;
}
-+ if (gr_check_group_change(new->gid, new->egid, -1))
++ if (gr_check_group_change(new->gid, new->egid, INVALID_GID))
+ goto error;
+
if (rgid != (gid_t) -1 ||
goto error;
}
-+ if (gr_check_user_change(new->uid, new->euid, -1))
++ if (gr_check_user_change(new->uid, new->euid, INVALID_UID))
+ goto error;
+
if (!uid_eq(new->uid, old->uid)) {
goto error;
}
-+ if (gr_check_user_change(kruid, keuid, -1))
++ if (gr_check_user_change(kruid, keuid, INVALID_UID))
+ goto error;
+
if (ruid != (uid_t) -1) {
goto error;
}
-+ if (gr_check_group_change(krgid, kegid, -1))
++ if (gr_check_group_change(krgid, kegid, INVALID_GID))
+ goto error;
+
if (rgid != (gid_t) -1)
if (!uid_valid(kuid))
return old_fsuid;
-+ if (gr_check_user_change(-1, -1, kuid))
++ if (gr_check_user_change(INVALID_UID, INVALID_UID, kuid))
+ goto error;
+
new = prepare_creds();
if (gid_eq(kgid, old->gid) || gid_eq(kgid, old->egid) ||
gid_eq(kgid, old->sgid) || gid_eq(kgid, old->fsgid) ||
nsown_capable(CAP_SETGID)) {
-+ if (gr_check_group_change(-1, -1, kgid))
++ if (gr_check_group_change(INVALID_GID, INVALID_GID, kgid))
+ goto error;
+
if (!gid_eq(kgid, old->fsgid)) {
break;
}
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
-index 26f65ea..df8e5ad 100644
+index c88878d..e4fa5d1 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -92,7 +92,6 @@
/* The default sysctl tables: */
static struct ctl_table sysctl_base_table[] = {
-@@ -266,6 +279,22 @@ static int max_extfrag_threshold = 1000;
+@@ -268,6 +281,22 @@ static int max_extfrag_threshold = 1000;
#endif
static struct ctl_table kern_table[] = {
{
.procname = "sched_child_runs_first",
.data = &sysctl_sched_child_runs_first,
-@@ -552,7 +581,7 @@ static struct ctl_table kern_table[] = {
+@@ -593,7 +622,7 @@ static struct ctl_table kern_table[] = {
.data = &modprobe_path,
.maxlen = KMOD_PATH_LEN,
.mode = 0644,
},
{
.procname = "modules_disabled",
-@@ -719,16 +748,20 @@ static struct ctl_table kern_table[] = {
+@@ -760,16 +789,20 @@ static struct ctl_table kern_table[] = {
.extra1 = &zero,
.extra2 = &one,
},
{
.procname = "ngroups_max",
.data = &ngroups_max,
-@@ -1225,6 +1258,13 @@ static struct ctl_table vm_table[] = {
+@@ -1266,6 +1299,13 @@ static struct ctl_table vm_table[] = {
.proc_handler = proc_dointvec_minmax,
.extra1 = &zero,
},
#else
{
.procname = "nr_trim_pages",
-@@ -1675,6 +1715,16 @@ int proc_dostring(struct ctl_table *table, int write,
+@@ -1716,6 +1756,16 @@ int proc_dostring(struct ctl_table *table, int write,
buffer, lenp, ppos);
}
static size_t proc_skip_spaces(char **buf)
{
size_t ret;
-@@ -1780,6 +1830,8 @@ static int proc_put_long(void __user **buf, size_t *size, unsigned long val,
+@@ -1821,6 +1871,8 @@ static int proc_put_long(void __user **buf, size_t *size, unsigned long val,
len = strlen(tmp);
if (len > *size)
len = *size;
if (copy_to_user(*buf, tmp, len))
return -EFAULT;
*size -= len;
-@@ -1972,7 +2024,6 @@ static int proc_taint(struct ctl_table *table, int write,
+@@ -1985,7 +2037,7 @@ int proc_dointvec(struct ctl_table *table, int write,
+ static int proc_taint(struct ctl_table *table, int write,
+ void __user *buffer, size_t *lenp, loff_t *ppos)
+ {
+- struct ctl_table t;
++ ctl_table_no_const t;
+ unsigned long tmptaint = get_taint();
+ int err;
+
+@@ -2013,7 +2065,6 @@ static int proc_taint(struct ctl_table *table, int write,
return err;
}
static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos)
{
-@@ -1981,7 +2032,6 @@ static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write,
+@@ -2022,7 +2073,6 @@ static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write,
return proc_dointvec_minmax(table, write, buffer, lenp, ppos);
}
struct do_proc_dointvec_minmax_conv_param {
int *min;
-@@ -2128,8 +2178,11 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int
+@@ -2169,8 +2219,11 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int
*i = val;
} else {
val = convdiv * (*i) / convmul;
err = proc_put_long(&buffer, &left, val, false);
if (err)
break;
-@@ -2521,6 +2574,12 @@ int proc_dostring(struct ctl_table *table, int write,
+@@ -2562,6 +2615,12 @@ int proc_dostring(struct ctl_table *table, int write,
return -ENOSYS;
}
int proc_dointvec(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos)
{
-@@ -2577,5 +2636,6 @@ EXPORT_SYMBOL(proc_dointvec_minmax);
+@@ -2618,5 +2677,6 @@ EXPORT_SYMBOL(proc_dointvec_minmax);
EXPORT_SYMBOL(proc_dointvec_userhz_jiffies);
EXPORT_SYMBOL(proc_dointvec_ms_jiffies);
EXPORT_SYMBOL(proc_dostring);
EXPORT_SYMBOL(proc_doulongvec_minmax);
EXPORT_SYMBOL(proc_doulongvec_ms_jiffies_minmax);
diff --git a/kernel/sysctl_binary.c b/kernel/sysctl_binary.c
-index 65bdcf1..21eb831 100644
+index 0ddf3a0..a199f50 100644
--- a/kernel/sysctl_binary.c
+++ b/kernel/sysctl_binary.c
@@ -989,7 +989,7 @@ static ssize_t bin_intvec(struct file *file,
set_fs(old_fs);
if (result < 0)
goto out;
-@@ -1233,7 +1233,7 @@ static ssize_t bin_dn_node_address(struct file *file,
+@@ -1234,7 +1234,7 @@ static ssize_t bin_dn_node_address(struct file *file,
le16_to_cpu(dnaddr) & 0x3ff);
set_fs(KERNEL_DS);
cpumask_clear_cpu(cpu, tick_get_broadcast_mask());
tick_broadcast_clear_oneshot(cpu);
diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c
-index e424970..4c7962b 100644
+index cbc6acb..3a77191 100644
--- a/kernel/time/timekeeping.c
+++ b/kernel/time/timekeeping.c
@@ -15,6 +15,7 @@
#include <linux/syscore_ops.h>
#include <linux/clocksource.h>
#include <linux/jiffies.h>
-@@ -368,6 +369,8 @@ int do_settimeofday(const struct timespec *tv)
+@@ -412,6 +413,8 @@ int do_settimeofday(const struct timespec *tv)
if (!timespec_valid_strict(tv))
return -EINVAL;
return -ENOMEM;
return 0;
diff --git a/kernel/timer.c b/kernel/timer.c
-index 367d008..46857a0 100644
+index 367d008..1ee9ed9 100644
--- a/kernel/timer.c
+++ b/kernel/timer.c
@@ -1363,7 +1363,7 @@ void update_process_times(int user_tick)
}
-static struct notifier_block __cpuinitdata timers_nb = {
-+static struct notifier_block __cpuinitconst timers_nb = {
++static struct notifier_block timers_nb = {
.notifier_call = timer_cpu_notify,
};
ret = -EIO;
bt->dropped_file = debugfs_create_file("dropped", 0444, dir, bt,
diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
-index 356bc2f..7c94fc0 100644
+index 43defd1..76da436 100644
--- a/kernel/trace/ftrace.c
+++ b/kernel/trace/ftrace.c
@@ -1874,12 +1874,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec)
start_pg = ftrace_allocate_pages(count);
if (!start_pg)
-@@ -4541,8 +4548,6 @@ ftrace_enable_sysctl(struct ctl_table *table, int write,
+@@ -4559,8 +4566,6 @@ ftrace_enable_sysctl(struct ctl_table *table, int write,
#ifdef CONFIG_FUNCTION_GRAPH_TRACER
static int ftrace_graph_active;
int ftrace_graph_entry_stub(struct ftrace_graph_ent *trace)
{
return 0;
-@@ -4686,6 +4691,10 @@ ftrace_suspend_notifier_call(struct notifier_block *bl, unsigned long state,
+@@ -4704,6 +4709,10 @@ ftrace_suspend_notifier_call(struct notifier_block *bl, unsigned long state,
return NOTIFY_DONE;
}
int register_ftrace_graph(trace_func_graph_ret_t retfunc,
trace_func_graph_ent_t entryfunc)
{
-@@ -4699,7 +4708,6 @@ int register_ftrace_graph(trace_func_graph_ret_t retfunc,
+@@ -4717,7 +4726,6 @@ int register_ftrace_graph(trace_func_graph_ret_t retfunc,
goto out;
}
ftrace_graph_active++;
diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
-index 4cb5e51..e7e05d9 100644
+index ce8514f..8233573 100644
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@@ -346,9 +346,9 @@ struct buffer_data_page {
unsigned long real_end; /* real end of data */
struct buffer_data_page *page; /* Actual data page */
};
-@@ -460,8 +460,8 @@ struct ring_buffer_per_cpu {
- unsigned long lost_events;
+@@ -461,8 +461,8 @@ struct ring_buffer_per_cpu {
unsigned long last_overrun;
local_t entries_bytes;
-- local_t commit_overrun;
+ local_t entries;
- local_t overrun;
-+ local_unchecked_t commit_overrun;
+- local_t commit_overrun;
+ local_unchecked_t overrun;
- local_t entries;
++ local_unchecked_t commit_overrun;
+ local_t dropped_events;
local_t committing;
local_t commits;
-@@ -860,8 +860,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -861,8 +861,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer,
*
* We add a counter to the write field to denote this.
*/
/*
* Just make sure we have seen our old_write and synchronize
-@@ -889,8 +889,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -890,8 +890,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer,
* cmpxchg to only update if an interrupt did not already
* do it for us. If the cmpxchg fails, we don't care.
*/
/*
* No need to worry about races with clearing out the commit.
-@@ -1249,12 +1249,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer);
+@@ -1250,12 +1250,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer);
static inline unsigned long rb_page_entries(struct buffer_page *bpage)
{
}
static int
-@@ -1349,7 +1349,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned int nr_pages)
+@@ -1350,7 +1350,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned int nr_pages)
* bytes consumed in ring buffer from here.
* Increment overrun to account for the lost events.
*/
local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes);
}
-@@ -1905,7 +1905,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -1906,7 +1906,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer,
* it is our responsibility to update
* the counters.
*/
local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes);
/*
-@@ -2055,7 +2055,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2056,7 +2056,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
if (tail == BUF_PAGE_SIZE)
tail_page->real_end = 0;
return;
}
-@@ -2090,7 +2090,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2091,7 +2091,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
rb_event_set_padding(event);
/* Set the write back to the previous setting */
return;
}
-@@ -2102,7 +2102,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2103,7 +2103,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
/* Set write to end of buffer */
length = (tail + length) - BUF_PAGE_SIZE;
}
/*
-@@ -2128,7 +2128,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2129,7 +2129,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
* about it.
*/
if (unlikely(next_page == commit_page)) {
goto out_reset;
}
-@@ -2182,7 +2182,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2185,7 +2185,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
cpu_buffer->tail_page) &&
(cpu_buffer->commit_page ==
cpu_buffer->reader_page))) {
goto out_reset;
}
}
-@@ -2230,7 +2230,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2233,7 +2233,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
length += RB_LEN_TIME_EXTEND;
tail_page = cpu_buffer->tail_page;
/* set write to only the index of the write */
write &= RB_WRITE_MASK;
-@@ -2247,7 +2247,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2250,7 +2250,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
kmemcheck_annotate_bitfield(event, bitfield);
rb_update_event(cpu_buffer, event, length, add_timestamp, delta);
/*
* If this is the first commit on the page, then update
-@@ -2280,7 +2280,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2283,7 +2283,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
if (bpage->page == (void *)addr && rb_page_write(bpage) == old_index) {
unsigned long write_mask =
unsigned long event_length = rb_event_length(event);
/*
* This is on the tail page. It is possible that
-@@ -2290,7 +2290,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2293,7 +2293,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
*/
old_index += write_mask;
new_index += write_mask;
if (index == old_index) {
/* update counters */
local_sub(event_length, &cpu_buffer->entries_bytes);
-@@ -2629,7 +2629,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2632,7 +2632,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
/* Do the likely case first */
if (likely(bpage->page == (void *)addr)) {
return;
}
-@@ -2641,7 +2641,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2644,7 +2644,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
start = bpage;
do {
if (bpage->page == (void *)addr) {
return;
}
rb_inc_page(cpu_buffer, &bpage);
-@@ -2923,7 +2923,7 @@ static inline unsigned long
+@@ -2926,7 +2926,7 @@ static inline unsigned long
rb_num_of_entries(struct ring_buffer_per_cpu *cpu_buffer)
{
return local_read(&cpu_buffer->entries) -
}
/**
-@@ -3011,7 +3011,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu)
+@@ -3015,7 +3015,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu)
return 0;
cpu_buffer = buffer->buffers[cpu];
return ret;
}
-@@ -3032,7 +3032,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu)
+@@ -3038,7 +3038,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu)
return 0;
cpu_buffer = buffer->buffers[cpu];
return ret;
}
-@@ -3077,7 +3077,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer)
+@@ -3105,7 +3105,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer)
/* if you care about this being correct, lock the buffer */
for_each_buffer_cpu(buffer, cpu) {
cpu_buffer = buffer->buffers[cpu];
}
return overruns;
-@@ -3253,8 +3253,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
+@@ -3281,8 +3281,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
/*
* Reset the reader page to size zero.
*/
local_set(&cpu_buffer->reader_page->page->commit, 0);
cpu_buffer->reader_page->real_end = 0;
-@@ -3288,7 +3288,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
+@@ -3316,7 +3316,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
* want to compare with the last_overrun.
*/
smp_mb();
/*
* Here's the tricky part.
-@@ -3858,8 +3858,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
+@@ -3886,8 +3886,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
cpu_buffer->head_page
= list_entry(cpu_buffer->pages, struct buffer_page, list);
local_set(&cpu_buffer->head_page->page->commit, 0);
cpu_buffer->head_page->read = 0;
-@@ -3869,14 +3869,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
+@@ -3897,14 +3897,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
INIT_LIST_HEAD(&cpu_buffer->reader_page->list);
INIT_LIST_HEAD(&cpu_buffer->new_pages);
local_set(&cpu_buffer->reader_page->page->commit, 0);
cpu_buffer->reader_page->read = 0;
-- local_set(&cpu_buffer->commit_overrun, 0);
-+ local_set_unchecked(&cpu_buffer->commit_overrun, 0);
local_set(&cpu_buffer->entries_bytes, 0);
- local_set(&cpu_buffer->overrun, 0);
+- local_set(&cpu_buffer->commit_overrun, 0);
+ local_set_unchecked(&cpu_buffer->overrun, 0);
++ local_set_unchecked(&cpu_buffer->commit_overrun, 0);
+ local_set(&cpu_buffer->dropped_events, 0);
local_set(&cpu_buffer->entries, 0);
local_set(&cpu_buffer->committing, 0);
- local_set(&cpu_buffer->commits, 0);
-@@ -4279,8 +4279,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer,
+@@ -4308,8 +4308,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer,
rb_init_page(bpage);
bpage = reader->page;
reader->page = *data_page;
*data_page = bpage;
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
-index 31e4f55..62da00f 100644
+index 3c13e46..883d039 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
-@@ -4436,10 +4436,9 @@ static const struct file_operations tracing_dyn_info_fops = {
+@@ -4465,10 +4465,9 @@ static const struct file_operations tracing_dyn_info_fops = {
};
#endif
static int once;
if (d_tracer)
-@@ -4459,10 +4458,9 @@ struct dentry *tracing_init_dentry(void)
+@@ -4488,10 +4487,9 @@ struct dentry *tracing_init_dentry(void)
return d_tracer;
}
struct dentry *d_tracer;
diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c
-index d608d09..7eddcb1 100644
+index 880073d..42db7c3 100644
--- a/kernel/trace/trace_events.c
+++ b/kernel/trace/trace_events.c
-@@ -1320,10 +1320,6 @@ static LIST_HEAD(ftrace_module_file_list);
+@@ -1330,10 +1330,6 @@ static LIST_HEAD(ftrace_module_file_list);
struct ftrace_module_file_ops {
struct list_head list;
struct module *mod;
};
static struct ftrace_module_file_ops *
-@@ -1344,17 +1340,12 @@ trace_create_file_ops(struct module *mod)
+@@ -1354,17 +1350,12 @@ trace_create_file_ops(struct module *mod)
file_ops->mod = mod;
- file_ops->format = ftrace_event_format_fops;
- file_ops->format.owner = mod;
+ pax_open_kernel();
-+ *(void **)&mod->trace_id.owner = mod;
-+ *(void **)&mod->trace_enable.owner = mod;
-+ *(void **)&mod->trace_filter.owner = mod;
-+ *(void **)&mod->trace_format.owner = mod;
++ mod->trace_id.owner = mod;
++ mod->trace_enable.owner = mod;
++ mod->trace_filter.owner = mod;
++ mod->trace_format.owner = mod;
+ pax_close_kernel();
list_add(&file_ops->list, &ftrace_module_file_list);
-@@ -1378,8 +1369,8 @@ static void trace_module_add_events(struct module *mod)
+@@ -1388,8 +1379,8 @@ static void trace_module_add_events(struct module *mod)
for_each_event(call, start, end) {
__trace_add_event_call(*call, mod,
}
entry = ring_buffer_event_data(event);
diff --git a/kernel/trace/trace_output.c b/kernel/trace/trace_output.c
-index 123b189..1e9e2a6 100644
+index 194d796..76edb8f 100644
--- a/kernel/trace/trace_output.c
+++ b/kernel/trace/trace_output.c
@@ -278,7 +278,7 @@ int trace_seq_path(struct trace_seq *s, const struct path *path)
if (p) {
s->len = p - s->buffer;
return 1;
-@@ -824,14 +824,16 @@ int register_ftrace_event(struct trace_event *event)
+@@ -852,14 +852,16 @@ int register_ftrace_event(struct trace_event *event)
goto out;
}
key = event->type & (EVENT_HASHSIZE - 1);
diff --git a/kernel/trace/trace_stack.c b/kernel/trace/trace_stack.c
-index 0c1b1657..95337e9 100644
+index 42ca822..cdcacc6 100644
--- a/kernel/trace/trace_stack.c
+++ b/kernel/trace/trace_stack.c
-@@ -53,7 +53,7 @@ static inline void check_stack(void)
+@@ -52,7 +52,7 @@ static inline void check_stack(void)
return;
/* we do not handle interrupt stacks yet */
return;
local_irq_save(flags);
+diff --git a/kernel/user.c b/kernel/user.c
+index 33acb5e..57ebfd4 100644
+--- a/kernel/user.c
++++ b/kernel/user.c
+@@ -47,9 +47,7 @@ struct user_namespace init_user_ns = {
+ .count = 4294967295U,
+ },
+ },
+- .kref = {
+- .refcount = ATOMIC_INIT(3),
+- },
++ .count = ATOMIC_INIT(3),
+ .owner = GLOBAL_ROOT_UID,
+ .group = GLOBAL_ROOT_GID,
+ .proc_inum = PROC_USER_INIT_INO,
+diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
+index dbfe36a7..6d36e9a 100644
+--- a/kernel/user_namespace.c
++++ b/kernel/user_namespace.c
+@@ -79,7 +79,7 @@ int create_user_ns(struct cred *new)
+ return ret;
+ }
+
+- kref_init(&ns->kref);
++ atomic_set(&ns->count, 1);
+ /* Leave the new->user_ns reference with the new user namespace. */
+ ns->parent = parent_ns;
+ ns->owner = owner;
+@@ -105,15 +105,16 @@ int unshare_userns(unsigned long unshare_flags, struct cred **new_cred)
+ return create_user_ns(cred);
+ }
+
+-void free_user_ns(struct kref *kref)
++void free_user_ns(struct user_namespace *ns)
+ {
+- struct user_namespace *parent, *ns =
+- container_of(kref, struct user_namespace, kref);
++ struct user_namespace *parent;
+
+- parent = ns->parent;
+- proc_free_inum(ns->proc_inum);
+- kmem_cache_free(user_ns_cachep, ns);
+- put_user_ns(parent);
++ do {
++ parent = ns->parent;
++ proc_free_inum(ns->proc_inum);
++ kmem_cache_free(user_ns_cachep, ns);
++ ns = parent;
++ } while (atomic_dec_and_test(&parent->count));
+ }
+ EXPORT_SYMBOL(free_user_ns);
+
+diff --git a/kernel/utsname_sysctl.c b/kernel/utsname_sysctl.c
+index 63da38c..639904e 100644
+--- a/kernel/utsname_sysctl.c
++++ b/kernel/utsname_sysctl.c
+@@ -46,7 +46,7 @@ static void put_uts(ctl_table *table, int write, void *which)
+ static int proc_do_uts_string(ctl_table *table, int write,
+ void __user *buffer, size_t *lenp, loff_t *ppos)
+ {
+- struct ctl_table uts_table;
++ ctl_table_no_const uts_table;
+ int r;
+ memcpy(&uts_table, table, sizeof(uts_table));
+ uts_table.data = get_uts(table, write);
+diff --git a/kernel/watchdog.c b/kernel/watchdog.c
+index 75a2ab3..5961da7 100644
+--- a/kernel/watchdog.c
++++ b/kernel/watchdog.c
+@@ -527,7 +527,7 @@ int proc_dowatchdog(struct ctl_table *table, int write,
+ }
+ #endif /* CONFIG_SYSCTL */
+
+-static struct smp_hotplug_thread watchdog_threads = {
++static struct smp_hotplug_thread watchdog_threads __read_only = {
+ .store = &softlockup_watchdog,
+ .thread_should_run = watchdog_should_run,
+ .thread_fn = watchdog,
diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
-index 28e9d6c9..50381bd 100644
+index 67604e5..fe94fb1 100644
--- a/lib/Kconfig.debug
+++ b/lib/Kconfig.debug
+@@ -550,7 +550,7 @@ config DEBUG_MUTEXES
+
+ config DEBUG_LOCK_ALLOC
+ bool "Lock debugging: detect incorrect freeing of live locks"
+- depends on DEBUG_KERNEL && TRACE_IRQFLAGS_SUPPORT && STACKTRACE_SUPPORT && LOCKDEP_SUPPORT
++ depends on DEBUG_KERNEL && TRACE_IRQFLAGS_SUPPORT && STACKTRACE_SUPPORT && LOCKDEP_SUPPORT && !PAX_CONSTIFY_PLUGIN
+ select DEBUG_SPINLOCK
+ select DEBUG_MUTEXES
+ select LOCKDEP
+@@ -564,7 +564,7 @@ config DEBUG_LOCK_ALLOC
+
+ config PROVE_LOCKING
+ bool "Lock debugging: prove locking correctness"
+- depends on DEBUG_KERNEL && TRACE_IRQFLAGS_SUPPORT && STACKTRACE_SUPPORT && LOCKDEP_SUPPORT
++ depends on DEBUG_KERNEL && TRACE_IRQFLAGS_SUPPORT && STACKTRACE_SUPPORT && LOCKDEP_SUPPORT && !PAX_CONSTIFY_PLUGIN
+ select LOCKDEP
+ select DEBUG_SPINLOCK
+ select DEBUG_MUTEXES
+@@ -670,7 +670,7 @@ config LOCKDEP
+
+ config LOCK_STAT
+ bool "Lock usage statistics"
+- depends on DEBUG_KERNEL && TRACE_IRQFLAGS_SUPPORT && STACKTRACE_SUPPORT && LOCKDEP_SUPPORT
++ depends on DEBUG_KERNEL && TRACE_IRQFLAGS_SUPPORT && STACKTRACE_SUPPORT && LOCKDEP_SUPPORT && !PAX_CONSTIFY_PLUGIN
+ select LOCKDEP
+ select DEBUG_SPINLOCK
+ select DEBUG_MUTEXES
@@ -1278,6 +1278,7 @@ config LATENCYTOP
depends on DEBUG_KERNEL
depends on STACKTRACE_SUPPORT
This option lets you use the FireWire bus for remote debugging
with help of the firewire-ohci driver. It enables unfiltered
diff --git a/lib/Makefile b/lib/Makefile
-index a08b791..a3ff1eb 100644
+index 02ed6c0..bd243da 100644
--- a/lib/Makefile
+++ b/lib/Makefile
-@@ -46,7 +46,7 @@ obj-$(CONFIG_GENERIC_HWEIGHT) += hweight.o
+@@ -47,7 +47,7 @@ obj-$(CONFIG_GENERIC_HWEIGHT) += hweight.o
obj-$(CONFIG_BTREE) += btree.o
obj-$(CONFIG_DEBUG_PREEMPT) += smp_processor_id.o
ifneq ($(CONFIG_HAVE_DEC_LOCK),y)
diff --git a/lib/bitmap.c b/lib/bitmap.c
-index 06fdfa1..97c5c7d 100644
+index 06f7e4f..f3cf2b0 100644
--- a/lib/bitmap.c
+++ b/lib/bitmap.c
@@ -422,7 +422,7 @@ int __bitmap_parse(const char *buf, unsigned int buflen,
EXPORT_SYMBOL(devm_ioport_unmap);
diff --git a/lib/dma-debug.c b/lib/dma-debug.c
-index d84beb9..da44791 100644
+index 5e396ac..58d5de1 100644
--- a/lib/dma-debug.c
+++ b/lib/dma-debug.c
-@@ -754,7 +754,7 @@ static int dma_debug_device_change(struct notifier_block *nb, unsigned long acti
+@@ -768,7 +768,7 @@ static int dma_debug_device_change(struct notifier_block *nb, unsigned long acti
void dma_debug_add_bus(struct bus_type *bus)
{
if (global_disable)
return;
-@@ -919,7 +919,7 @@ out:
+@@ -942,7 +942,7 @@ out:
static void check_for_stack(struct device *dev, void *addr)
{
if (atomic_read(&task->signal->live) != 1)
return false;
+diff --git a/lib/kobject.c b/lib/kobject.c
+index e07ee1f..998489d 100644
+--- a/lib/kobject.c
++++ b/lib/kobject.c
+@@ -852,9 +852,9 @@ EXPORT_SYMBOL_GPL(kset_create_and_add);
+
+
+ static DEFINE_SPINLOCK(kobj_ns_type_lock);
+-static const struct kobj_ns_type_operations *kobj_ns_ops_tbl[KOBJ_NS_TYPES];
++static const struct kobj_ns_type_operations *kobj_ns_ops_tbl[KOBJ_NS_TYPES] __read_only;
+
+-int kobj_ns_type_register(const struct kobj_ns_type_operations *ops)
++int __init kobj_ns_type_register(const struct kobj_ns_type_operations *ops)
+ {
+ enum kobj_ns_type type = ops->type;
+ int error;
diff --git a/lib/list_debug.c b/lib/list_debug.c
-index c24c2f7..3fc5da0 100644
+index c24c2f7..0475b78 100644
--- a/lib/list_debug.c
+++ b/lib/list_debug.c
@@ -11,7 +11,9 @@
}
EXPORT_SYMBOL(__list_del_entry);
-@@ -86,15 +106,54 @@ EXPORT_SYMBOL(list_del);
+@@ -86,15 +106,85 @@ EXPORT_SYMBOL(list_del);
void __list_add_rcu(struct list_head *new,
struct list_head *prev, struct list_head *next)
{
- WARN(next->prev != prev,
-+ if (WARN(next->prev != prev,
- "list_add_rcu corruption. next->prev should be prev (%p), but was %p. (next=%p).\n",
+- "list_add_rcu corruption. next->prev should be prev (%p), but was %p. (next=%p).\n",
- prev, next->prev, next);
- WARN(prev->next != next,
-+ prev, next->prev, next) ||
-+ WARN(prev->next != next,
- "list_add_rcu corruption. prev->next should be next (%p), but was %p. (prev=%p).\n",
+- "list_add_rcu corruption. prev->next should be next (%p), but was %p. (prev=%p).\n",
- next, prev->next, prev);
-+ next, prev->next, prev))
++ if (!__list_add_debug(new, prev, next))
+ return;
+
new->next = next;
EXPORT_SYMBOL(__list_add_rcu);
+#endif
+
-+void pax_list_add_tail(struct list_head *new, struct list_head *head)
++void __pax_list_add(struct list_head *new, struct list_head *prev, struct list_head *next)
+{
-+ struct list_head *prev, *next;
-+
-+ prev = head->prev;
-+ next = head;
-+
+#ifdef CONFIG_DEBUG_LIST
+ if (!__list_add_debug(new, prev, next))
+ return;
+ prev->next = new;
+ pax_close_kernel();
+}
-+EXPORT_SYMBOL(pax_list_add_tail);
++EXPORT_SYMBOL(__pax_list_add);
+
+void pax_list_del(struct list_head *entry)
+{
+ pax_close_kernel();
+}
+EXPORT_SYMBOL(pax_list_del);
++
++void pax_list_del_init(struct list_head *entry)
++{
++ pax_open_kernel();
++ __list_del(entry->prev, entry->next);
++ INIT_LIST_HEAD(entry);
++ pax_close_kernel();
++}
++EXPORT_SYMBOL(pax_list_del_init);
++
++void __pax_list_add_rcu(struct list_head *new,
++ struct list_head *prev, struct list_head *next)
++{
++#ifdef CONFIG_DEBUG_LIST
++ if (!__list_add_debug(new, prev, next))
++ return;
++#endif
++
++ pax_open_kernel();
++ new->next = next;
++ new->prev = prev;
++ rcu_assign_pointer(list_next_rcu(prev), new);
++ next->prev = new;
++ pax_close_kernel();
++}
++EXPORT_SYMBOL(__pax_list_add_rcu);
++
++void pax_list_del_rcu(struct list_head *entry)
++{
++#ifdef CONFIG_DEBUG_LIST
++ if (!__list_del_entry_debug(entry))
++ return;
++#endif
++
++ pax_open_kernel();
++ __list_del(entry->prev, entry->next);
++ entry->next = LIST_POISON1;
++ entry->prev = LIST_POISON2;
++ pax_close_kernel();
++}
++EXPORT_SYMBOL(pax_list_del_rcu);
diff --git a/lib/radix-tree.c b/lib/radix-tree.c
index e796429..6e38f9f 100644
--- a/lib/radix-tree.c
long align, res = 0;
unsigned long c;
+diff --git a/lib/swiotlb.c b/lib/swiotlb.c
+index 196b069..358f342 100644
+--- a/lib/swiotlb.c
++++ b/lib/swiotlb.c
+@@ -642,7 +642,7 @@ EXPORT_SYMBOL(swiotlb_alloc_coherent);
+
+ void
+ swiotlb_free_coherent(struct device *hwdev, size_t size, void *vaddr,
+- dma_addr_t dev_addr)
++ dma_addr_t dev_addr, struct dma_attrs *attrs)
+ {
+ phys_addr_t paddr = dma_to_phys(hwdev, dev_addr);
+
diff --git a/lib/vsprintf.c b/lib/vsprintf.c
-index 39c99fe..18f060b 100644
+index fab33a9..3b5fe68 100644
--- a/lib/vsprintf.c
+++ b/lib/vsprintf.c
@@ -16,6 +16,9 @@
#include <stdarg.h>
#include <linux/module.h> /* for KSYM_SYMBOL_LEN */
#include <linux/types.h>
-@@ -533,7 +536,7 @@ char *symbol_string(char *buf, char *end, void *ptr,
+@@ -541,7 +544,7 @@ char *symbol_string(char *buf, char *end, void *ptr,
char sym[KSYM_SYMBOL_LEN];
if (ext == 'B')
sprint_backtrace(sym, value);
sprint_symbol(sym, value);
else
sprint_symbol_no_offset(sym, value);
-@@ -966,7 +969,11 @@ char *netdev_feature_string(char *buf, char *end, const u8 *addr,
+@@ -974,7 +977,11 @@ char *netdev_feature_string(char *buf, char *end, const u8 *addr,
return number(buf, end, *(const netdev_features_t *)addr, spec);
}
/*
* Show a '%p' thing. A kernel extension is that the '%p' is followed
-@@ -980,6 +987,8 @@ int kptr_restrict __read_mostly;
+@@ -988,6 +995,8 @@ int kptr_restrict __read_mostly;
* - 'S' For symbolic direct pointers with offset
* - 's' For symbolic direct pointers without offset
* - 'B' For backtraced symbolic direct pointers with offset
* - 'R' For decoded struct resource, e.g., [mem 0x0-0x1f 64bit pref]
* - 'r' For raw struct resource, e.g., [mem 0x0-0x1f flags 0x201]
* - 'M' For a 6-byte MAC address, it prints the address in the
-@@ -1035,12 +1044,12 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
+@@ -1043,12 +1052,12 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
if (!ptr && *fmt != 'K') {
/*
}
switch (*fmt) {
-@@ -1050,6 +1059,13 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
+@@ -1058,6 +1067,13 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
/* Fallthrough */
case 'S':
case 's':
case 'B':
return symbol_string(buf, end, ptr, spec, *fmt);
case 'R':
-@@ -1090,6 +1106,8 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
+@@ -1098,6 +1114,8 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
va_end(va);
return buf;
}
case 'K':
/*
* %pK cannot be used in IRQ context because its test
-@@ -1113,6 +1131,21 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
+@@ -1121,6 +1139,21 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
}
break;
}
spec.flags |= SMALL;
if (spec.field_width == -1) {
spec.field_width = default_width;
-@@ -1831,11 +1864,11 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf)
+@@ -1842,11 +1875,11 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf)
typeof(type) value; \
if (sizeof(type) == 8) { \
args = PTR_ALIGN(args, sizeof(u32)); \
} \
args += sizeof(type); \
value; \
-@@ -1898,7 +1931,7 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf)
+@@ -1909,7 +1942,7 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf)
case FORMAT_TYPE_STR: {
const char *str_arg = args;
args += strlen(str_arg) + 1;
@@ -0,0 +1 @@
+-grsec
diff --git a/mm/Kconfig b/mm/Kconfig
-index a3f8ddd..f31e92e 100644
+index 278e3ab..87c384d 100644
--- a/mm/Kconfig
+++ b/mm/Kconfig
-@@ -252,10 +252,10 @@ config KSM
+@@ -286,10 +286,10 @@ config KSM
root has set /sys/kernel/mm/ksm/run to 1 (if CONFIG_SYSFS is set).
config DEFAULT_MMAP_MIN_ADDR
This is the portion of low virtual memory which should be protected
from userspace allocation. Keeping a user from writing to low pages
can help reduce the impact of kernel NULL pointer bugs.
-@@ -286,7 +286,7 @@ config MEMORY_FAILURE
+@@ -320,7 +320,7 @@ config MEMORY_FAILURE
config HWPOISON_INJECT
tristate "HWPoison pages injector"
* Make sure the vma is shared, that it supports prefaulting,
* and that the remapped range is valid and fully within
diff --git a/mm/highmem.c b/mm/highmem.c
-index 09fc744..3936897 100644
+index b32b70c..e512eb0 100644
--- a/mm/highmem.c
+++ b/mm/highmem.c
-@@ -138,9 +138,10 @@ static void flush_all_zero_pkmaps(void)
+@@ -138,8 +138,9 @@ static void flush_all_zero_pkmaps(void)
* So no dangers, even with speculative execution.
*/
page = pte_page(pkmap_page_table[i]);
+ pax_open_kernel();
- pte_clear(&init_mm, (unsigned long)page_address(page),
- &pkmap_page_table[i]);
+ pte_clear(&init_mm, PKMAP_ADDR(i), &pkmap_page_table[i]);
-
+ pax_close_kernel();
set_page_address(page, NULL);
need_flush = 1;
}
-@@ -199,9 +200,11 @@ start:
+@@ -198,9 +199,11 @@ start:
}
}
vaddr = PKMAP_ADDR(last_pkmap_nr);
pkmap_count[last_pkmap_nr] = 1;
set_page_address(page, (void *)vaddr);
-diff --git a/mm/huge_memory.c b/mm/huge_memory.c
-index 40f17c3..c1cc011 100644
---- a/mm/huge_memory.c
-+++ b/mm/huge_memory.c
-@@ -710,7 +710,7 @@ out:
- * run pte_offset_map on the pmd, if an huge pmd could
- * materialize from under us from a different thread.
- */
-- if (unlikely(__pte_alloc(mm, vma, pmd, address)))
-+ if (unlikely(pmd_none(*pmd) && __pte_alloc(mm, vma, pmd, address)))
- return VM_FAULT_OOM;
- /* if an huge pmd materialized from under us just retry later */
- if (unlikely(pmd_trans_huge(*pmd)))
diff --git a/mm/hugetlb.c b/mm/hugetlb.c
-index b969ed4..10e3e37 100644
+index 546db81..34830af 100644
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
-@@ -2509,6 +2509,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2008,15 +2008,17 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy,
+ struct hstate *h = &default_hstate;
+ unsigned long tmp;
+ int ret;
++ ctl_table_no_const hugetlb_table;
+
+ tmp = h->max_huge_pages;
+
+ if (write && h->order >= MAX_ORDER)
+ return -EINVAL;
+
+- table->data = &tmp;
+- table->maxlen = sizeof(unsigned long);
+- ret = proc_doulongvec_minmax(table, write, buffer, length, ppos);
++ hugetlb_table = *table;
++ hugetlb_table.data = &tmp;
++ hugetlb_table.maxlen = sizeof(unsigned long);
++ ret = proc_doulongvec_minmax(&hugetlb_table, write, buffer, length, ppos);
+ if (ret)
+ goto out;
+
+@@ -2073,15 +2075,17 @@ int hugetlb_overcommit_handler(struct ctl_table *table, int write,
+ struct hstate *h = &default_hstate;
+ unsigned long tmp;
+ int ret;
++ ctl_table_no_const hugetlb_table;
+
+ tmp = h->nr_overcommit_huge_pages;
+
+ if (write && h->order >= MAX_ORDER)
+ return -EINVAL;
+
+- table->data = &tmp;
+- table->maxlen = sizeof(unsigned long);
+- ret = proc_doulongvec_minmax(table, write, buffer, length, ppos);
++ hugetlb_table = *table;
++ hugetlb_table.data = &tmp;
++ hugetlb_table.maxlen = sizeof(unsigned long);
++ ret = proc_doulongvec_minmax(&hugetlb_table, write, buffer, length, ppos);
+ if (ret)
+ goto out;
+
+@@ -2511,6 +2515,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma,
return 1;
}
/*
* Hugetlb_cow() should be called with page lock of the original hugepage held.
* Called with hugetlb_instantiation_mutex held and pte_page locked so we
-@@ -2627,6 +2648,11 @@ retry_avoidcopy:
+@@ -2629,6 +2654,11 @@ retry_avoidcopy:
make_huge_pte(vma, new_page, 1));
page_remove_rmap(old_page);
hugepage_add_new_anon_rmap(new_page, vma, address);
/* Make the old page be freed below */
new_page = old_page;
}
-@@ -2786,6 +2812,10 @@ retry:
+@@ -2788,6 +2818,10 @@ retry:
&& (vma->vm_flags & VM_SHARED)));
set_huge_pte_at(mm, address, ptep, new_pte);
if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) {
/* Optimization, do the COW without a second fault */
ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page);
-@@ -2815,6 +2845,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2817,6 +2851,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
static DEFINE_MUTEX(hugetlb_instantiation_mutex);
struct hstate *h = hstate_vma(vma);
address &= huge_page_mask(h);
ptep = huge_pte_offset(mm, address);
-@@ -2828,6 +2862,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2830,6 +2868,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
VM_FAULT_SET_HINDEX(hstate_index(h));
}
if (!ptep)
return VM_FAULT_OOM;
diff --git a/mm/internal.h b/mm/internal.h
-index 3c5197d..08d0065 100644
+index 9ba2110..eaf0674 100644
--- a/mm/internal.h
+++ b/mm/internal.h
-@@ -95,6 +95,7 @@ extern void putback_lru_page(struct page *page);
+@@ -100,6 +100,7 @@ extern pmd_t *mm_find_pmd(struct mm_struct *mm, unsigned long address);
* in mm/page_alloc.c
*/
extern void __free_pages_bootmem(struct page *page, unsigned int order);
#ifdef CONFIG_MEMORY_FAILURE
extern bool is_free_buddy_page(struct page *page);
diff --git a/mm/kmemleak.c b/mm/kmemleak.c
-index a217cc5..44b2b35 100644
+index 752a705..6c3102e 100644
--- a/mm/kmemleak.c
+++ b/mm/kmemleak.c
@@ -363,7 +363,7 @@ static void print_unreferenced(struct seq_file *seq,
}
}
-@@ -1852,7 +1852,7 @@ static int __init kmemleak_late_init(void)
+@@ -1853,7 +1853,7 @@ static int __init kmemleak_late_init(void)
return -ENOMEM;
}
if (end == start)
goto out;
diff --git a/mm/memory-failure.c b/mm/memory-failure.c
-index 8b20278..05dac18 100644
+index c6e4dd3..1f41988 100644
--- a/mm/memory-failure.c
+++ b/mm/memory-failure.c
@@ -61,7 +61,7 @@ int sysctl_memory_failure_early_kill __read_mostly = 0;
#ifdef __ARCH_SI_TRAPNO
si.si_trapno = trapno;
#endif
+@@ -760,7 +760,7 @@ static struct page_state {
+ unsigned long res;
+ char *msg;
+ int (*action)(struct page *p, unsigned long pfn);
+-} error_states[] = {
++} __do_const error_states[] = {
+ { reserved, reserved, "reserved kernel", me_kernel },
+ /*
+ * free pages are specially detected outside this table:
@@ -1040,7 +1040,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags)
}
&mce_bad_pages);
set_page_hwpoison_huge_page(hpage);
dequeue_hwpoisoned_huge_page(hpage);
-@@ -1582,7 +1582,7 @@ int soft_offline_page(struct page *page, int flags)
+@@ -1583,7 +1583,7 @@ int soft_offline_page(struct page *page, int flags)
return ret;
done:
/* keep elevated page count for bad page */
return ret;
diff --git a/mm/memory.c b/mm/memory.c
-index f2973b2..fd020a7 100644
+index bb1369f..efb96b5 100644
--- a/mm/memory.c
+++ b/mm/memory.c
-@@ -431,6 +431,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud,
+@@ -433,6 +433,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud,
free_pte_range(tlb, pmd, addr);
} while (pmd++, addr = next, addr != end);
start &= PUD_MASK;
if (start < floor)
return;
-@@ -445,6 +446,8 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud,
+@@ -447,6 +448,8 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud,
pmd = pmd_offset(pud, start);
pud_clear(pud);
pmd_free_tlb(tlb, pmd, start);
}
static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd,
-@@ -464,6 +467,7 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd,
+@@ -466,6 +469,7 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd,
free_pmd_range(tlb, pud, addr, next, floor, ceiling);
} while (pud++, addr = next, addr != end);
start &= PGDIR_MASK;
if (start < floor)
return;
-@@ -478,6 +482,8 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd,
+@@ -480,6 +484,8 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd,
pud = pud_offset(pgd, start);
pgd_clear(pgd);
pud_free_tlb(tlb, pud, start);
}
/*
-@@ -1626,12 +1632,6 @@ no_page_table:
+@@ -1618,12 +1624,6 @@ no_page_table:
return page;
}
/**
* __get_user_pages() - pin user pages in memory
* @tsk: task_struct of target task
-@@ -1704,10 +1704,10 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
- (VM_MAYREAD | VM_MAYWRITE) : (VM_READ | VM_WRITE);
+@@ -1709,10 +1709,10 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
+
i = 0;
- do {
if (!vma && in_gate_area(mm, start)) {
unsigned long pg = start & PAGE_MASK;
pgd_t *pgd;
-@@ -1755,7 +1755,7 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
+@@ -1760,7 +1760,7 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
goto next_page;
}
(vma->vm_flags & (VM_IO | VM_PFNMAP)) ||
!(vm_flags & vma->vm_flags))
return i ? : -EFAULT;
-@@ -1782,11 +1782,6 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
+@@ -1787,11 +1787,6 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
int ret;
unsigned int fault_flags = 0;
if (foll_flags & FOLL_WRITE)
fault_flags |= FAULT_FLAG_WRITE;
if (nonblocking)
-@@ -1860,7 +1855,7 @@ next_page:
+@@ -1865,7 +1860,7 @@ next_page:
start += PAGE_SIZE;
nr_pages--;
} while (nr_pages && start < vma->vm_end);
return i;
}
EXPORT_SYMBOL(__get_user_pages);
-@@ -2067,6 +2062,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr,
+@@ -2072,6 +2067,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr,
page_add_file_rmap(page);
set_pte_at(mm, addr, pte, mk_pte(page, prot));
retval = 0;
pte_unmap_unlock(pte, ptl);
return retval;
-@@ -2111,9 +2110,21 @@ int vm_insert_page(struct vm_area_struct *vma, unsigned long addr,
+@@ -2116,9 +2115,21 @@ int vm_insert_page(struct vm_area_struct *vma, unsigned long addr,
if (!page_count(page))
return -EINVAL;
if (!(vma->vm_flags & VM_MIXEDMAP)) {
}
return insert_page(vma, addr, page, vma->vm_page_prot);
}
-@@ -2196,6 +2207,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr,
+@@ -2201,6 +2212,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr,
unsigned long pfn)
{
BUG_ON(!(vma->vm_flags & VM_MIXEDMAP));
if (addr < vma->vm_start || addr >= vma->vm_end)
return -EFAULT;
-@@ -2396,7 +2408,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud,
+@@ -2401,7 +2413,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud,
BUG_ON(pud_huge(*pud));
if (!pmd)
return -ENOMEM;
do {
-@@ -2416,7 +2430,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd,
+@@ -2421,7 +2435,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd,
unsigned long next;
int err;
if (!pud)
return -ENOMEM;
do {
-@@ -2504,6 +2520,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo
+@@ -2509,6 +2525,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo
copy_user_highpage(dst, src, va, vma);
}
/*
* This routine handles present pages, when users try to write
* to a shared page. It is done by copying the page to a new address
-@@ -2720,6 +2916,12 @@ gotten:
+@@ -2725,6 +2921,12 @@ gotten:
*/
page_table = pte_offset_map_lock(mm, pmd, address, &ptl);
if (likely(pte_same(*page_table, orig_pte))) {
if (old_page) {
if (!PageAnon(old_page)) {
dec_mm_counter_fast(mm, MM_FILEPAGES);
-@@ -2771,6 +2973,10 @@ gotten:
+@@ -2776,6 +2978,10 @@ gotten:
page_remove_rmap(old_page);
}
} else {
if (cow_page)
mem_cgroup_uncharge_page(cow_page);
-@@ -3497,6 +3700,12 @@ int handle_pte_fault(struct mm_struct *mm,
+@@ -3664,6 +3867,12 @@ int handle_pte_fault(struct mm_struct *mm,
if (flags & FAULT_FLAG_WRITE)
flush_tlb_fix_spurious_fault(vma, address);
}
unlock:
pte_unmap_unlock(pte, ptl);
return 0;
-@@ -3513,6 +3722,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3680,6 +3889,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
pmd_t *pmd;
pte_t *pte;
__set_current_state(TASK_RUNNING);
count_vm_event(PGFAULT);
-@@ -3524,6 +3737,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3691,6 +3904,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
if (unlikely(is_vm_hugetlb_page(vma)))
return hugetlb_fault(mm, vma, address, flags);
retry:
pgd = pgd_offset(mm, address);
pud = pud_alloc(mm, pgd, address);
-@@ -3565,7 +3806,7 @@ retry:
- * run pte_offset_map on the pmd, if an huge pmd could
- * materialize from under us from a different thread.
- */
-- if (unlikely(pmd_none(*pmd)) && __pte_alloc(mm, vma, pmd, address))
-+ if (unlikely(pmd_none(*pmd) && __pte_alloc(mm, vma, pmd, address)))
- return VM_FAULT_OOM;
- /* if an huge pmd materialized from under us just retry later */
- if (unlikely(pmd_trans_huge(*pmd)))
-@@ -3602,6 +3843,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
+@@ -3789,6 +4030,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
spin_unlock(&mm->page_table_lock);
return 0;
}
#endif /* __PAGETABLE_PUD_FOLDED */
#ifndef __PAGETABLE_PMD_FOLDED
-@@ -3632,6 +3890,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address)
+@@ -3819,6 +4077,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address)
spin_unlock(&mm->page_table_lock);
return 0;
}
#endif /* __PAGETABLE_PMD_FOLDED */
int make_pages_present(unsigned long addr, unsigned long end)
-@@ -3669,7 +3951,7 @@ static int __init gate_vma_init(void)
+@@ -3856,7 +4138,7 @@ static int __init gate_vma_init(void)
gate_vma.vm_start = FIXADDR_USER_START;
gate_vma.vm_end = FIXADDR_USER_END;
gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC;
return 0;
}
diff --git a/mm/mempolicy.c b/mm/mempolicy.c
-index 002c281..9429765 100644
+index 3df6d12..a11056a 100644
--- a/mm/mempolicy.c
+++ b/mm/mempolicy.c
-@@ -655,6 +655,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start,
+@@ -721,6 +721,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start,
unsigned long vmstart;
unsigned long vmend;
vma = find_vma(mm, start);
if (!vma || vma->vm_start > start)
return -EFAULT;
-@@ -691,9 +695,20 @@ static int mbind_range(struct mm_struct *mm, unsigned long start,
+@@ -757,9 +761,20 @@ static int mbind_range(struct mm_struct *mm, unsigned long start,
if (err)
goto out;
}
}
out:
-@@ -1150,6 +1165,17 @@ static long do_mbind(unsigned long start, unsigned long len,
+@@ -1216,6 +1231,17 @@ static long do_mbind(unsigned long start, unsigned long len,
if (end < start)
return -EINVAL;
if (end == start)
return 0;
-@@ -1373,8 +1399,7 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode,
+@@ -1445,8 +1471,7 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode,
*/
tcred = __task_cred(task);
if (!uid_eq(cred->euid, tcred->suid) && !uid_eq(cred->euid, tcred->uid) &&
rcu_read_unlock();
err = -EPERM;
goto out_put;
-@@ -1405,6 +1430,15 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode,
+@@ -1477,6 +1502,15 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode,
goto out;
}
capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE);
diff --git a/mm/migrate.c b/mm/migrate.c
-index 346d32d..d7adff2 100644
+index 2fd8b4a..d70358f 100644
--- a/mm/migrate.c
+++ b/mm/migrate.c
-@@ -1352,8 +1352,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages,
+@@ -1401,8 +1401,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages,
*/
tcred = __task_cred(task);
if (!uid_eq(cred->euid, tcred->suid) && !uid_eq(cred->euid, tcred->uid) &&
err = -EPERM;
goto out;
diff --git a/mm/mlock.c b/mm/mlock.c
-index f0b9ce5..da8d069 100644
+index c9bd528..da8d069 100644
--- a/mm/mlock.c
+++ b/mm/mlock.c
@@ -13,6 +13,7 @@
if ((locked <= lock_limit) || capable(CAP_IPC_LOCK))
error = do_mlock(start, len, 1);
up_write(¤t->mm->mmap_sem);
-@@ -517,17 +527,23 @@ SYSCALL_DEFINE2(munlock, unsigned long, start, size_t, len)
- static int do_mlockall(int flags)
- {
- struct vm_area_struct * vma, * prev = NULL;
-- unsigned int def_flags = 0;
-
- if (flags & MCL_FUTURE)
-- def_flags = VM_LOCKED;
-- current->mm->def_flags = def_flags;
-+ current->mm->def_flags |= VM_LOCKED;
-+ else
-+ current->mm->def_flags &= ~VM_LOCKED;
- if (flags == MCL_FUTURE)
- goto out;
-
+@@ -528,6 +538,12 @@ static int do_mlockall(int flags)
for (vma = current->mm->mmap; vma ; vma = prev->vm_next) {
vm_flags_t newflags;
capable(CAP_IPC_LOCK))
ret = do_mlockall(flags);
diff --git a/mm/mmap.c b/mm/mmap.c
-index 9a796c4..e2c9724 100644
+index 8832b87..20500c1 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
-@@ -31,6 +31,7 @@
- #include <linux/audit.h>
+@@ -32,6 +32,7 @@
#include <linux/khugepaged.h>
#include <linux/uprobes.h>
+ #include <linux/rbtree_augmented.h>
+#include <linux/random.h>
#include <asm/uaccess.h>
#include <asm/cacheflush.h>
-@@ -47,6 +48,16 @@
+@@ -48,6 +49,16 @@
#define arch_rebalance_pgtables(addr, len) (addr)
#endif
static void unmap_region(struct mm_struct *mm,
struct vm_area_struct *vma, struct vm_area_struct *prev,
unsigned long start, unsigned long end);
-@@ -66,22 +77,32 @@ static void unmap_region(struct mm_struct *mm,
+@@ -67,22 +78,32 @@ static void unmap_region(struct mm_struct *mm,
* x: (no) no x: (no) yes x: (no) yes x: (yes) yes
*
*/
/*
* Make sure vm_committed_as in one cacheline and not cacheline shared with
* other variables. It can be updated by several CPUs frequently.
-@@ -223,6 +244,7 @@ static struct vm_area_struct *remove_vma(struct vm_area_struct *vma)
+@@ -238,6 +259,7 @@ static struct vm_area_struct *remove_vma(struct vm_area_struct *vma)
struct vm_area_struct *next = vma->vm_next;
might_sleep();
if (vma->vm_ops && vma->vm_ops->close)
vma->vm_ops->close(vma);
if (vma->vm_file)
-@@ -266,6 +288,7 @@ SYSCALL_DEFINE1(brk, unsigned long, brk)
+@@ -281,6 +303,7 @@ SYSCALL_DEFINE1(brk, unsigned long, brk)
* not page aligned -Ram Gupta
*/
rlim = rlimit(RLIMIT_DATA);
if (rlim < RLIM_INFINITY && (brk - mm->start_brk) +
(mm->end_data - mm->start_data) > rlim)
goto out;
-@@ -736,6 +759,12 @@ static int
+@@ -888,6 +911,12 @@ static int
can_vma_merge_before(struct vm_area_struct *vma, unsigned long vm_flags,
struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff)
{
if (is_mergeable_vma(vma, file, vm_flags) &&
is_mergeable_anon_vma(anon_vma, vma->anon_vma, vma)) {
if (vma->vm_pgoff == vm_pgoff)
-@@ -755,6 +784,12 @@ static int
+@@ -907,6 +936,12 @@ static int
can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags,
struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff)
{
if (is_mergeable_vma(vma, file, vm_flags) &&
is_mergeable_anon_vma(anon_vma, vma->anon_vma, vma)) {
pgoff_t vm_pglen;
-@@ -797,13 +832,20 @@ can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags,
+@@ -949,13 +984,20 @@ can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags,
struct vm_area_struct *vma_merge(struct mm_struct *mm,
struct vm_area_struct *prev, unsigned long addr,
unsigned long end, unsigned long vm_flags,
/*
* We later require that vma->vm_flags == vm_flags,
* so this tests vma->vm_flags & VM_SPECIAL, too.
-@@ -819,6 +861,15 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
+@@ -971,6 +1013,15 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
if (next && next->vm_end == end) /* cases 6, 7, 8 */
next = next->vm_next;
/*
* Can it merge with the predecessor?
*/
-@@ -838,9 +889,24 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
+@@ -990,9 +1041,24 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
/* cases 1, 6 */
err = vma_adjust(prev, prev->vm_start,
next->vm_end, prev->vm_pgoff, NULL);
if (err)
return NULL;
khugepaged_enter_vma_merge(prev);
-@@ -854,12 +920,27 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
+@@ -1006,12 +1072,27 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
mpol_equal(policy, vma_policy(next)) &&
can_vma_merge_before(next, vm_flags,
anon_vma, file, pgoff+pglen)) {
if (err)
return NULL;
khugepaged_enter_vma_merge(area);
-@@ -968,16 +1049,13 @@ none:
+@@ -1120,16 +1201,13 @@ none:
void vm_stat_account(struct mm_struct *mm, unsigned long flags,
struct file *file, long pages)
{
mm->stack_vm += pages;
}
#endif /* CONFIG_PROC_FS */
-@@ -1013,7 +1091,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
+@@ -1165,7 +1243,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
* (the exception is when the underlying filesystem is noexec
* mounted, in which case we dont add PROT_EXEC.)
*/
if (!(file && (file->f_path.mnt->mnt_flags & MNT_NOEXEC)))
prot |= PROT_EXEC;
-@@ -1039,7 +1117,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
+@@ -1191,7 +1269,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
/* Obtain the address to map to. we verify (or select) it and ensure
* that it represents a valid section of the address space.
*/
if (addr & ~PAGE_MASK)
return addr;
-@@ -1050,6 +1128,36 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
+@@ -1202,6 +1280,36 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
vm_flags = calc_vm_prot_bits(prot) | calc_vm_flag_bits(flags) |
mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC;
if (flags & MAP_LOCKED)
if (!can_do_mlock())
return -EPERM;
-@@ -1061,6 +1169,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
+@@ -1213,6 +1321,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
locked += mm->locked_vm;
lock_limit = rlimit(RLIMIT_MEMLOCK);
lock_limit >>= PAGE_SHIFT;
if (locked > lock_limit && !capable(CAP_IPC_LOCK))
return -EAGAIN;
}
-@@ -1127,6 +1236,9 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
+@@ -1279,6 +1388,9 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
}
}
return mmap_region(file, addr, len, flags, vm_flags, pgoff);
}
-@@ -1203,7 +1315,7 @@ int vma_wants_writenotify(struct vm_area_struct *vma)
+@@ -1356,7 +1468,7 @@ int vma_wants_writenotify(struct vm_area_struct *vma)
vm_flags_t vm_flags = vma->vm_flags;
/* If it was private or non-writable, the write bit is already clear */
return 0;
/* The backer wishes to know when pages are first written to? */
-@@ -1252,13 +1364,22 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
+@@ -1405,13 +1517,22 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
unsigned long charged = 0;
struct inode *inode = file ? file->f_path.dentry->d_inode : NULL;
}
/* Check against address space limit. */
-@@ -1307,6 +1428,16 @@ munmap_back:
+@@ -1460,6 +1581,16 @@ munmap_back:
goto unacct_error;
}
vma->vm_mm = mm;
vma->vm_start = addr;
vma->vm_end = addr + len;
-@@ -1331,6 +1462,13 @@ munmap_back:
+@@ -1484,6 +1615,13 @@ munmap_back:
if (error)
goto unmap_and_free_vma;
/* Can addr have changed??
*
* Answer: Yes, several device drivers can do it in their
-@@ -1365,6 +1503,11 @@ munmap_back:
+@@ -1522,6 +1660,11 @@ munmap_back:
vma_link(mm, vma, prev, rb_link, rb_parent);
file = vma->vm_file;
/* Once vma denies write, undo our temporary denial count */
if (correct_wcount)
atomic_inc(&inode->i_writecount);
-@@ -1372,6 +1515,7 @@ out:
+@@ -1529,6 +1672,7 @@ out:
perf_event_mmap(vma);
vm_stat_account(mm, vm_flags, file, len >> PAGE_SHIFT);
if (vm_flags & VM_LOCKED) {
if (!mlock_vma_pages_range(vma, addr, addr + len))
mm->locked_vm += (len >> PAGE_SHIFT);
-@@ -1393,6 +1537,12 @@ unmap_and_free_vma:
+@@ -1550,6 +1694,12 @@ unmap_and_free_vma:
unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end);
charged = 0;
free_vma:
kmem_cache_free(vm_area_cachep, vma);
unacct_error:
if (charged)
-@@ -1400,6 +1550,62 @@ unacct_error:
+@@ -1557,6 +1707,62 @@ unacct_error:
return error;
}
+ return -ENOMEM;
+}
+
- /* Get an address range which is currently unmapped.
- * For shmat() with addr=0.
- *
-@@ -1419,6 +1625,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
+ unsigned long unmapped_area(struct vm_unmapped_area_info *info)
+ {
+ /*
+@@ -1776,6 +1982,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
struct mm_struct *mm = current->mm;
struct vm_area_struct *vma;
- unsigned long start_addr;
+ struct vm_unmapped_area_info info;
+ unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags);
if (len > TASK_SIZE)
return -ENOMEM;
-@@ -1426,18 +1633,23 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
+@@ -1783,17 +1990,26 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
if (flags & MAP_FIXED)
return addr;
+
if (addr) {
addr = PAGE_ALIGN(addr);
-- vma = find_vma(mm, addr);
+ vma = find_vma(mm, addr);
- if (TASK_SIZE - len >= addr &&
- (!vma || addr + len <= vma->vm_start))
-- return addr;
-+ if (TASK_SIZE - len >= addr) {
-+ vma = find_vma(mm, addr);
-+ if (check_heap_stack_gap(vma, addr, len, offset))
-+ return addr;
-+ }
- }
- if (len > mm->cached_hole_size) {
-- start_addr = addr = mm->free_area_cache;
-+ start_addr = addr = mm->free_area_cache;
- } else {
-- start_addr = addr = TASK_UNMAPPED_BASE;
-- mm->cached_hole_size = 0;
-+ start_addr = addr = mm->mmap_base;
-+ mm->cached_hole_size = 0;
++ if (TASK_SIZE - len >= addr && check_heap_stack_gap(vma, addr, len, offset))
+ return addr;
}
- full_search:
-@@ -1448,34 +1660,40 @@ full_search:
- * Start a new search - just in case we missed
- * some holes.
- */
-- if (start_addr != TASK_UNMAPPED_BASE) {
-- addr = TASK_UNMAPPED_BASE;
-- start_addr = addr;
-+ if (start_addr != mm->mmap_base) {
-+ start_addr = addr = mm->mmap_base;
- mm->cached_hole_size = 0;
- goto full_search;
- }
- return -ENOMEM;
- }
-- if (!vma || addr + len <= vma->vm_start) {
-- /*
-- * Remember the place where we stopped the search:
-- */
-- mm->free_area_cache = addr + len;
-- return addr;
-- }
-+ if (check_heap_stack_gap(vma, addr, len, offset))
-+ break;
- if (addr + mm->cached_hole_size < vma->vm_start)
- mm->cached_hole_size = vma->vm_start - addr;
- addr = vma->vm_end;
- }
+ info.flags = 0;
+ info.length = len;
+ info.low_limit = TASK_UNMAPPED_BASE;
+
-+ /*
-+ * Remember the place where we stopped the search:
-+ */
-+ mm->free_area_cache = addr + len;
-+ return addr;
- }
- #endif
++#ifdef CONFIG_PAX_RANDMMAP
++ if (mm->pax_flags & MF_PAX_RANDMMAP)
++ info.low_limit += mm->delta_mmap;
++#endif
++
+ info.high_limit = TASK_SIZE;
+ info.align_mask = 0;
+ return vm_unmapped_area(&info);
+@@ -1802,10 +2018,16 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
void arch_unmap_area(struct mm_struct *mm, unsigned long addr)
{
mm->free_area_cache = addr;
}
-@@ -1491,7 +1709,8 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
- {
- struct vm_area_struct *vma;
+@@ -1823,6 +2045,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
struct mm_struct *mm = current->mm;
-- unsigned long addr = addr0, start_addr;
-+ unsigned long base = mm->mmap_base, addr = addr0, start_addr;
+ unsigned long addr = addr0;
+ struct vm_unmapped_area_info info;
+ unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags);
/* requested length too big for entire address space */
if (len > TASK_SIZE)
-@@ -1500,13 +1719,18 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+@@ -1831,12 +2054,15 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
if (flags & MAP_FIXED)
return addr;
/* requesting a specific address */
if (addr) {
addr = PAGE_ALIGN(addr);
-- vma = find_vma(mm, addr);
+ vma = find_vma(mm, addr);
- if (TASK_SIZE - len >= addr &&
- (!vma || addr + len <= vma->vm_start))
-- return addr;
-+ if (TASK_SIZE - len >= addr) {
-+ vma = find_vma(mm, addr);
-+ if (check_heap_stack_gap(vma, addr, len, offset))
-+ return addr;
-+ }
++ if (TASK_SIZE - len >= addr && check_heap_stack_gap(vma, addr, len, offset))
+ return addr;
}
- /* check if free_area_cache is useful for us */
-@@ -1530,7 +1754,7 @@ try_again:
- * return with success:
- */
- vma = find_vma(mm, addr);
-- if (!vma || addr+len <= vma->vm_start)
-+ if (check_heap_stack_gap(vma, addr, len, offset))
- /* remember the address as a hint for next time */
- return (mm->free_area_cache = addr);
-
-@@ -1539,8 +1763,8 @@ try_again:
- mm->cached_hole_size = vma->vm_start - addr;
-
- /* try just below the current vma->vm_start */
-- addr = vma->vm_start-len;
-- } while (len < vma->vm_start);
-+ addr = skip_heap_stack_gap(vma, len, offset);
-+ } while (!IS_ERR_VALUE(addr));
-
- fail:
- /*
-@@ -1563,13 +1787,21 @@ fail:
- * can happen with large stack limits and large mmap()
- * allocations.
- */
-+ mm->mmap_base = TASK_UNMAPPED_BASE;
+@@ -1857,6 +2083,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+ VM_BUG_ON(addr != -ENOMEM);
+ info.flags = 0;
+ info.low_limit = TASK_UNMAPPED_BASE;
+
+#ifdef CONFIG_PAX_RANDMMAP
-+ if (mm->pax_flags & MF_PAX_RANDMMAP)
-+ mm->mmap_base += mm->delta_mmap;
++ if (mm->pax_flags & MF_PAX_RANDMMAP)
++ info.low_limit += mm->delta_mmap;
+#endif
+
-+ mm->free_area_cache = mm->mmap_base;
- mm->cached_hole_size = ~0UL;
-- mm->free_area_cache = TASK_UNMAPPED_BASE;
- addr = arch_get_unmapped_area(filp, addr0, len, pgoff, flags);
- /*
- * Restore the topdown base:
- */
-- mm->free_area_cache = mm->mmap_base;
-+ mm->mmap_base = base;
-+ mm->free_area_cache = base;
- mm->cached_hole_size = ~0UL;
-
- return addr;
-@@ -1578,6 +1810,12 @@ fail:
+ info.high_limit = TASK_SIZE;
+ addr = vm_unmapped_area(&info);
+ }
+@@ -1867,6 +2099,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr)
{
/*
* Is this a new hole at the highest possible address?
*/
-@@ -1585,8 +1823,10 @@ void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr)
+@@ -1874,8 +2112,10 @@ void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr)
mm->free_area_cache = addr;
/* dont allow allocations above current base */
}
unsigned long
-@@ -1685,6 +1925,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr,
+@@ -1974,6 +2214,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr,
return vma;
}
/*
* Verify that the stack growth is acceptable and
* update accounting. This is shared with both the
-@@ -1701,6 +1963,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
+@@ -1990,6 +2252,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
return -ENOMEM;
/* Stack limit test */
if (size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur))
return -ENOMEM;
-@@ -1711,6 +1974,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
+@@ -2000,6 +2263,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
locked = mm->locked_vm + grow;
limit = ACCESS_ONCE(rlim[RLIMIT_MEMLOCK].rlim_cur);
limit >>= PAGE_SHIFT;
if (locked > limit && !capable(CAP_IPC_LOCK))
return -ENOMEM;
}
-@@ -1740,37 +2004,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
+@@ -2029,37 +2293,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
* PA-RISC uses this for its stack; IA64 for its Register Backing Store.
* vma is the last one with address > vma->vm_end. Have to extend vma.
*/
unsigned long size, grow;
size = address - vma->vm_start;
-@@ -1787,6 +2062,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address)
+@@ -2094,6 +2369,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address)
}
}
}
vma_unlock_anon_vma(vma);
khugepaged_enter_vma_merge(vma);
validate_mm(vma->vm_mm);
-@@ -1801,6 +2078,8 @@ int expand_downwards(struct vm_area_struct *vma,
+@@ -2108,6 +2385,8 @@ int expand_downwards(struct vm_area_struct *vma,
unsigned long address)
{
int error;
/*
* We must make sure the anon_vma is allocated
-@@ -1814,6 +2093,15 @@ int expand_downwards(struct vm_area_struct *vma,
+@@ -2121,6 +2400,15 @@ int expand_downwards(struct vm_area_struct *vma,
if (error)
return error;
vma_lock_anon_vma(vma);
/*
-@@ -1823,9 +2111,17 @@ int expand_downwards(struct vm_area_struct *vma,
+@@ -2130,9 +2418,17 @@ int expand_downwards(struct vm_area_struct *vma,
*/
/* Somebody else might have raced and expanded it already */
size = vma->vm_end - address;
grow = (vma->vm_start - address) >> PAGE_SHIFT;
-@@ -1837,6 +2133,17 @@ int expand_downwards(struct vm_area_struct *vma,
- vma->vm_start = address;
+@@ -2157,6 +2453,18 @@ int expand_downwards(struct vm_area_struct *vma,
vma->vm_pgoff -= grow;
anon_vma_interval_tree_post_update_vma(vma);
+ vma_gap_update(vma);
+ track_exec_limit(vma->vm_mm, vma->vm_start, vma->vm_end, vma->vm_flags);
+
+#ifdef CONFIG_PAX_SEGMEXEC
+ vma_m->vm_start -= grow << PAGE_SHIFT;
+ vma_m->vm_pgoff -= grow;
+ anon_vma_interval_tree_post_update_vma(vma_m);
++ vma_gap_update(vma_m);
+ }
+#endif
+
+ spin_unlock(&vma->vm_mm->page_table_lock);
+
perf_event_mmap(vma);
- }
- }
-@@ -1914,6 +2221,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma)
+@@ -2263,6 +2571,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma)
do {
long nrpages = vma_pages(vma);
if (vma->vm_flags & VM_ACCOUNT)
nr_accounted += nrpages;
vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages);
-@@ -1959,6 +2273,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2308,6 +2623,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma,
insertion_point = (prev ? &prev->vm_next : &mm->mmap);
vma->vm_prev = NULL;
do {
+ }
+#endif
+
- rb_erase(&vma->vm_rb, &mm->mm_rb);
+ vma_rb_erase(vma, &mm->mm_rb);
mm->map_count--;
tail_vma = vma;
-@@ -1987,14 +2311,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
+@@ -2339,14 +2664,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
struct vm_area_struct *new;
int err = -ENOMEM;
/* most fields are the same, copy all, and then fixup */
*new = *vma;
-@@ -2007,6 +2350,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
+@@ -2359,6 +2703,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT);
}
pol = mpol_dup(vma_policy(vma));
if (IS_ERR(pol)) {
err = PTR_ERR(pol);
-@@ -2029,6 +2388,36 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
+@@ -2381,6 +2741,36 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
else
err = vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new);
/* Success. */
if (!err)
return 0;
-@@ -2038,10 +2427,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
+@@ -2390,10 +2780,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
new->vm_ops->close(new);
if (new->vm_file)
fput(new->vm_file);
kmem_cache_free(vm_area_cachep, new);
out_err:
return err;
-@@ -2054,6 +2451,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
+@@ -2406,6 +2804,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
unsigned long addr, int new_below)
{
if (mm->map_count >= sysctl_max_map_count)
return -ENOMEM;
-@@ -2065,11 +2471,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2417,11 +2824,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
* work. This now handles partial unmappings.
* Jeremy Fitzhardinge <jeremy@goop.org>
*/
if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start)
return -EINVAL;
-@@ -2144,6 +2569,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
+@@ -2496,6 +2922,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
/* Fix up all other VM information */
remove_vma_list(mm, vma);
return 0;
}
-@@ -2152,6 +2579,13 @@ int vm_munmap(unsigned long start, size_t len)
+@@ -2504,6 +2932,13 @@ int vm_munmap(unsigned long start, size_t len)
int ret;
struct mm_struct *mm = current->mm;
down_write(&mm->mmap_sem);
ret = do_munmap(mm, start, len);
up_write(&mm->mmap_sem);
-@@ -2165,16 +2599,6 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len)
+@@ -2517,16 +2952,6 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len)
return vm_munmap(addr, len);
}
/*
* this is really a simplified "do_mmap". it only handles
* anonymous maps. eventually we may be able to do some
-@@ -2188,6 +2612,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
+@@ -2540,6 +2965,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
struct rb_node ** rb_link, * rb_parent;
pgoff_t pgoff = addr >> PAGE_SHIFT;
int error;
len = PAGE_ALIGN(len);
if (!len)
-@@ -2195,16 +2620,30 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
+@@ -2547,16 +2973,30 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags;
locked += mm->locked_vm;
lock_limit = rlimit(RLIMIT_MEMLOCK);
lock_limit >>= PAGE_SHIFT;
-@@ -2221,21 +2660,20 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
+@@ -2573,21 +3013,20 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
/*
* Clear old maps. this also does some error checking for us
*/
return -ENOMEM;
/* Can we just expand an old private anonymous mapping? */
-@@ -2249,7 +2687,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
+@@ -2601,7 +3040,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
*/
vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
if (!vma) {
return -ENOMEM;
}
-@@ -2263,11 +2701,12 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
+@@ -2615,11 +3054,12 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
vma_link(mm, vma, prev, rb_link, rb_parent);
out:
perf_event_mmap(vma);
return addr;
}
-@@ -2325,6 +2764,7 @@ void exit_mmap(struct mm_struct *mm)
+@@ -2677,6 +3117,7 @@ void exit_mmap(struct mm_struct *mm)
while (vma) {
if (vma->vm_flags & VM_ACCOUNT)
nr_accounted += vma_pages(vma);
vma = remove_vma(vma);
}
vm_unacct_memory(nr_accounted);
-@@ -2341,6 +2781,13 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma)
+@@ -2693,6 +3134,13 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma)
struct vm_area_struct *prev;
struct rb_node **rb_link, *rb_parent;
/*
* The vm_pgoff of a purely anonymous vma should be irrelevant
* until its first write fault, when page's anon_vma and index
-@@ -2364,7 +2811,21 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma)
+@@ -2716,7 +3164,21 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma)
security_vm_enough_memory_mm(mm, vma_pages(vma)))
return -ENOMEM;
return 0;
}
-@@ -2384,6 +2845,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
+@@ -2736,6 +3198,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
struct mempolicy *pol;
bool faulted_in_anon_vma = true;
/*
* If anonymous vma has not yet been faulted, update new pgoff
* to match new location, to increase its chance of merging.
-@@ -2450,6 +2913,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
+@@ -2802,6 +3266,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
return NULL;
}
/*
* Return true if the calling process may expand its vm space by the passed
* number of pages
-@@ -2461,6 +2957,12 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages)
+@@ -2813,6 +3310,12 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages)
lim = rlimit(RLIMIT_AS) >> PAGE_SHIFT;
+#ifdef CONFIG_PAX_RANDMMAP
+ if (mm->pax_flags & MF_PAX_RANDMMAP)
-+ cur -= mm->brk_gap;
++ cur -= mm->aslr_gap;
+#endif
+
+ gr_learn_resource(current, RLIMIT_AS, (cur + npages) << PAGE_SHIFT, 1);
if (cur + npages > lim)
return 0;
return 1;
-@@ -2531,6 +3033,22 @@ int install_special_mapping(struct mm_struct *mm,
+@@ -2883,6 +3386,22 @@ int install_special_mapping(struct mm_struct *mm,
vma->vm_start = addr;
vma->vm_end = addr + len;
vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
diff --git a/mm/mprotect.c b/mm/mprotect.c
-index a409926..8b32e6d 100644
+index 94722a4..9837984 100644
--- a/mm/mprotect.c
+++ b/mm/mprotect.c
@@ -23,10 +23,17 @@
#ifndef pgprot_modify
static inline pgprot_t pgprot_modify(pgprot_t oldprot, pgprot_t newprot)
-@@ -141,6 +148,48 @@ static void change_protection(struct vm_area_struct *vma,
- flush_tlb_range(vma, start, end);
+@@ -233,6 +240,48 @@ unsigned long change_protection(struct vm_area_struct *vma, unsigned long start,
+ return pages;
}
+#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT
+ if (is_vm_hugetlb_page(vma))
+ hugetlb_change_protection(vma, vma->vm_start, vma->vm_end, vma->vm_page_prot);
+ else
-+ change_protection(vma, vma->vm_start, vma->vm_end, vma->vm_page_prot, vma_wants_writenotify(vma));
++ change_protection(vma, vma->vm_start, vma->vm_end, vma->vm_page_prot, vma_wants_writenotify(vma), 0);
+ }
+}
+#endif
int
mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev,
unsigned long start, unsigned long end, unsigned long newflags)
-@@ -153,11 +202,29 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev,
+@@ -245,11 +294,29 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev,
int error;
int dirty_accountable = 0;
/*
* If we make a private mapping writable we increase our commit;
* but (without finer accounting) cannot reduce our commit if we
-@@ -174,6 +241,42 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev,
+@@ -266,6 +333,42 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev,
}
}
/*
* First try to merge with previous and/or next vma.
*/
-@@ -204,9 +307,21 @@ success:
+@@ -296,9 +399,21 @@ success:
* vm_flags and vm_page_prot are protected by the mmap_sem
* held in write mode.
*/
if (vma_wants_writenotify(vma)) {
vma->vm_page_prot = vm_get_page_prot(newflags & ~VM_SHARED);
-@@ -248,6 +363,17 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
+@@ -337,6 +452,17 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
end = start + len;
if (end <= start)
return -ENOMEM;
if (!arch_validate_prot(prot))
return -EINVAL;
-@@ -255,7 +381,7 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
+@@ -344,7 +470,7 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
/*
* Does the application expect PROT_READ to imply PROT_EXEC:
*/
prot |= PROT_EXEC;
vm_flags = calc_vm_prot_bits(prot);
-@@ -288,6 +414,11 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
+@@ -376,6 +502,11 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
if (start > vma->vm_start)
prev = vma;
for (nstart = start ; ; ) {
unsigned long newflags;
-@@ -297,6 +428,14 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
+@@ -386,6 +517,14 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
/* newflags >> 4 shift VM_MAY% in place of VM_% */
if ((newflags & ~(newflags >> 4)) & (VM_READ | VM_WRITE | VM_EXEC)) {
error = -EACCES;
goto out;
}
-@@ -311,6 +450,9 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
+@@ -400,6 +539,9 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
error = mprotect_fixup(vma, &prev, nstart, tmp, newflags);
if (error)
goto out;
if (nstart < prev->vm_end)
diff --git a/mm/mremap.c b/mm/mremap.c
-index 1b61c2d..1cc0e3c 100644
+index e1031e1..1f2a0a1 100644
--- a/mm/mremap.c
+++ b/mm/mremap.c
@@ -125,6 +125,12 @@ static void move_ptes(struct vm_area_struct *vma, pmd_t *old_pmd,
out:
if (ret & ~PAGE_MASK)
diff --git a/mm/nommu.c b/mm/nommu.c
-index 45131b4..c521665 100644
+index 79c3cac..4d357e0 100644
--- a/mm/nommu.c
+++ b/mm/nommu.c
@@ -62,7 +62,6 @@ int sysctl_overcommit_memory = OVERCOMMIT_GUESS; /* heuristic overcommit */
atomic_long_t mmap_pages_allocated;
-@@ -824,15 +823,6 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr)
+@@ -839,15 +838,6 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr)
EXPORT_SYMBOL(find_vma);
/*
* expand a stack to a given address
* - not supported under NOMMU conditions
*/
-@@ -1540,6 +1530,7 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -1555,6 +1545,7 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
/* most fields are the same, copy all, and then fixup */
*new = *vma;
*region = *vma->vm_region;
new->vm_region = region;
+diff --git a/mm/page-writeback.c b/mm/page-writeback.c
+index 0713bfb..e3774e0 100644
+--- a/mm/page-writeback.c
++++ b/mm/page-writeback.c
+@@ -1630,7 +1630,7 @@ ratelimit_handler(struct notifier_block *self, unsigned long action,
+ }
+ }
+
+-static struct notifier_block __cpuinitdata ratelimit_nb = {
++static struct notifier_block ratelimit_nb = {
+ .notifier_call = ratelimit_handler,
+ .next = NULL,
+ };
diff --git a/mm/page_alloc.c b/mm/page_alloc.c
-index ceb4168..d7774f2 100644
+index 6a83cd3..3ab04ef 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
-@@ -340,7 +340,7 @@ out:
+@@ -58,6 +58,7 @@
+ #include <linux/prefetch.h>
+ #include <linux/migrate.h>
+ #include <linux/page-debug-flags.h>
++#include <linux/random.h>
+
+ #include <asm/tlbflush.h>
+ #include <asm/div64.h>
+@@ -338,7 +339,7 @@ out:
* This usage means that zero-order pages may not be compound.
*/
{
__free_pages_ok(page, compound_order(page));
}
-@@ -693,6 +693,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order)
+@@ -693,6 +694,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order)
int i;
int bad = 0;
trace_mm_page_free(page, order);
kmemcheck_free_shadow(page, order);
-@@ -708,6 +712,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order)
+@@ -708,6 +713,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order)
debug_check_no_obj_freed(page_address(page),
PAGE_SIZE << order);
}
arch_free_page(page, order);
kernel_map_pages(page, 1 << order, 0);
-@@ -849,8 +859,10 @@ static int prep_new_page(struct page *page, int order, gfp_t gfp_flags)
+@@ -730,6 +741,19 @@ static void __free_pages_ok(struct page *page, unsigned int order)
+ local_irq_restore(flags);
+ }
+
++#ifdef CONFIG_PAX_LATENT_ENTROPY
++bool __meminitdata extra_latent_entropy;
++
++static int __init setup_pax_extra_latent_entropy(char *str)
++{
++ extra_latent_entropy = true;
++ return 0;
++}
++early_param("pax_extra_latent_entropy", setup_pax_extra_latent_entropy);
++
++volatile u64 latent_entropy;
++#endif
++
+ /*
+ * Read access to zone->managed_pages is safe because it's unsigned long,
+ * but we still need to serialize writers. Currently all callers of
+@@ -752,6 +776,19 @@ void __meminit __free_pages_bootmem(struct page *page, unsigned int order)
+ set_page_count(p, 0);
+ }
+
++#ifdef CONFIG_PAX_LATENT_ENTROPY
++ if (extra_latent_entropy && !PageHighMem(page) && page_to_pfn(page) < 0x100000) {
++ u64 hash = 0;
++ size_t index, end = PAGE_SIZE * nr_pages / sizeof hash;
++ const u64 *data = lowmem_page_address(page);
++
++ for (index = 0; index < end; index++)
++ hash ^= hash + data[index];
++ latent_entropy ^= hash;
++ add_device_randomness((const void *)&latent_entropy, sizeof(latent_entropy));
++ }
++#endif
++
+ page_zone(page)->managed_pages += 1 << order;
+ set_page_refcounted(page);
+ __free_pages(page, order);
+@@ -861,8 +898,10 @@ static int prep_new_page(struct page *page, int order, gfp_t gfp_flags)
arch_alloc_page(page, order);
kernel_map_pages(page, 1 << order, 1);
if (order && (gfp_flags & __GFP_COMP))
prep_compound_page(page, order);
-@@ -3684,7 +3696,13 @@ static int pageblock_is_reserved(unsigned long start_pfn, unsigned long end_pfn)
+@@ -3752,7 +3791,13 @@ static int pageblock_is_reserved(unsigned long start_pfn, unsigned long end_pfn)
unsigned long pfn;
for (pfn = start_pfn; pfn < end_pfn; pfn++) {
}
return 0;
diff --git a/mm/percpu.c b/mm/percpu.c
-index ddc5efb..f632d2c 100644
+index 8c8e08f..73a5cda 100644
--- a/mm/percpu.c
+++ b/mm/percpu.c
@@ -122,7 +122,7 @@ static unsigned int pcpu_low_unit_cpu __read_mostly;
static const int *pcpu_unit_map __read_mostly; /* cpu -> unit */
diff --git a/mm/process_vm_access.c b/mm/process_vm_access.c
-index 926b466..b23df53 100644
+index fd26d04..0cea1b0 100644
--- a/mm/process_vm_access.c
+++ b/mm/process_vm_access.c
@@ -13,6 +13,7 @@
if (!mm || IS_ERR(mm)) {
rc = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH;
diff --git a/mm/rmap.c b/mm/rmap.c
-index 2ee1ef0..2e175ba 100644
+index 2c78f8c..9e9c624 100644
--- a/mm/rmap.c
+++ b/mm/rmap.c
@@ -163,6 +163,10 @@ int anon_vma_prepare(struct vm_area_struct *vma)
struct anon_vma_chain *avc;
struct anon_vma *anon_vma;
diff --git a/mm/shmem.c b/mm/shmem.c
-index 50c5b8f..0bc87f7 100644
+index efd0b3a..994b702 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -31,7 +31,7 @@
/*
* shmem_fallocate and shmem_writepage communicate via inode->i_private
-@@ -2112,6 +2112,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = {
+@@ -2202,6 +2202,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = {
static int shmem_xattr_validate(const char *name)
{
struct { const char *prefix; size_t len; } arr[] = {
{ XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN },
{ XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN }
};
-@@ -2167,6 +2172,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name,
+@@ -2257,6 +2262,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name,
if (err)
return err;
return simple_xattr_set(&info->xattrs, name, value, size, flags);
}
-@@ -2466,8 +2480,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent)
+@@ -2562,8 +2576,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent)
int err = -ENOMEM;
/* Round up to L1_CACHE_BYTES to resist false sharing */
return -ENOMEM;
diff --git a/mm/slab.c b/mm/slab.c
-index 33d3363..3851c61 100644
+index e7667a3..b62c169 100644
--- a/mm/slab.c
+++ b/mm/slab.c
-@@ -164,7 +164,7 @@ static bool pfmemalloc_active __read_mostly;
-
- /* Legal flag mask for kmem_cache_create(). */
- #if DEBUG
--# define CREATE_MASK (SLAB_RED_ZONE | \
-+# define CREATE_MASK (SLAB_USERCOPY | SLAB_RED_ZONE | \
- SLAB_POISON | SLAB_HWCACHE_ALIGN | \
- SLAB_CACHE_DMA | \
- SLAB_STORE_USER | \
-@@ -172,7 +172,7 @@ static bool pfmemalloc_active __read_mostly;
- SLAB_DESTROY_BY_RCU | SLAB_MEM_SPREAD | \
- SLAB_DEBUG_OBJECTS | SLAB_NOLEAKTRACE | SLAB_NOTRACK)
- #else
--# define CREATE_MASK (SLAB_HWCACHE_ALIGN | \
-+# define CREATE_MASK (SLAB_USERCOPY | SLAB_HWCACHE_ALIGN | \
- SLAB_CACHE_DMA | \
- SLAB_RECLAIM_ACCOUNT | SLAB_PANIC | \
- SLAB_DESTROY_BY_RCU | SLAB_MEM_SPREAD | \
-@@ -322,7 +322,7 @@ struct kmem_list3 {
+@@ -306,7 +306,7 @@ struct kmem_list3 {
* Need this for bootstrapping a per node allocator.
*/
#define NUM_INIT_LISTS (3 * MAX_NUMNODES)
#define CACHE_CACHE 0
#define SIZE_AC MAX_NUMNODES
#define SIZE_L3 (2 * MAX_NUMNODES)
-@@ -423,10 +423,10 @@ static void kmem_list3_init(struct kmem_list3 *parent)
+@@ -407,10 +407,10 @@ static void kmem_list3_init(struct kmem_list3 *parent)
if ((x)->max_freeable < i) \
(x)->max_freeable = i; \
} while (0)
#else
#define STATS_INC_ACTIVE(x) do { } while (0)
#define STATS_DEC_ACTIVE(x) do { } while (0)
-@@ -534,7 +534,7 @@ static inline void *index_to_obj(struct kmem_cache *cache, struct slab *slab,
+@@ -518,7 +518,7 @@ static inline void *index_to_obj(struct kmem_cache *cache, struct slab *slab,
* reciprocal_divide(offset, cache->reciprocal_buffer_size)
*/
static inline unsigned int obj_to_index(const struct kmem_cache *cache,
{
u32 offset = (obj - slab->s_mem);
return reciprocal_divide(offset, cache->reciprocal_buffer_size);
-@@ -555,12 +555,13 @@ EXPORT_SYMBOL(malloc_sizes);
+@@ -539,12 +539,13 @@ EXPORT_SYMBOL(malloc_sizes);
struct cache_names {
char *name;
char *name_dma;
#undef CACHE
};
-@@ -721,6 +722,12 @@ static inline struct kmem_cache *__find_general_cachep(size_t size,
+@@ -729,6 +730,12 @@ static inline struct kmem_cache *__find_general_cachep(size_t size,
if (unlikely(gfpflags & GFP_DMA))
return csizep->cs_dmacachep;
#endif
return csizep->cs_cachep;
}
-@@ -1676,7 +1683,7 @@ void __init kmem_cache_init(void)
- sizes[INDEX_AC].cs_cachep->size = sizes[INDEX_AC].cs_size;
- sizes[INDEX_AC].cs_cachep->object_size = sizes[INDEX_AC].cs_size;
- sizes[INDEX_AC].cs_cachep->align = ARCH_KMALLOC_MINALIGN;
-- __kmem_cache_create(sizes[INDEX_AC].cs_cachep, ARCH_KMALLOC_FLAGS|SLAB_PANIC);
-+ __kmem_cache_create(sizes[INDEX_AC].cs_cachep, ARCH_KMALLOC_FLAGS|SLAB_PANIC|SLAB_USERCOPY);
- list_add(&sizes[INDEX_AC].cs_cachep->list, &slab_caches);
-
- if (INDEX_AC != INDEX_L3) {
-@@ -1685,7 +1692,7 @@ void __init kmem_cache_init(void)
- sizes[INDEX_L3].cs_cachep->size = sizes[INDEX_L3].cs_size;
- sizes[INDEX_L3].cs_cachep->object_size = sizes[INDEX_L3].cs_size;
- sizes[INDEX_L3].cs_cachep->align = ARCH_KMALLOC_MINALIGN;
-- __kmem_cache_create(sizes[INDEX_L3].cs_cachep, ARCH_KMALLOC_FLAGS|SLAB_PANIC);
-+ __kmem_cache_create(sizes[INDEX_L3].cs_cachep, ARCH_KMALLOC_FLAGS|SLAB_PANIC|SLAB_USERCOPY);
- list_add(&sizes[INDEX_L3].cs_cachep->list, &slab_caches);
- }
-
-@@ -1705,7 +1712,7 @@ void __init kmem_cache_init(void)
- sizes->cs_cachep->size = sizes->cs_size;
- sizes->cs_cachep->object_size = sizes->cs_size;
- sizes->cs_cachep->align = ARCH_KMALLOC_MINALIGN;
-- __kmem_cache_create(sizes->cs_cachep, ARCH_KMALLOC_FLAGS|SLAB_PANIC);
-+ __kmem_cache_create(sizes->cs_cachep, ARCH_KMALLOC_FLAGS|SLAB_PANIC|SLAB_USERCOPY);
- list_add(&sizes->cs_cachep->list, &slab_caches);
- }
+@@ -1482,7 +1489,7 @@ static int __cpuinit cpuup_callback(struct notifier_block *nfb,
+ return notifier_from_errno(err);
+ }
+
+-static struct notifier_block __cpuinitdata cpucache_notifier = {
++static struct notifier_block cpucache_notifier = {
+ &cpuup_callback, NULL, 0
+ };
+
+@@ -1667,12 +1674,12 @@ void __init kmem_cache_init(void)
+ */
+
+ sizes[INDEX_AC].cs_cachep = create_kmalloc_cache(names[INDEX_AC].name,
+- sizes[INDEX_AC].cs_size, ARCH_KMALLOC_FLAGS);
++ sizes[INDEX_AC].cs_size, ARCH_KMALLOC_FLAGS|SLAB_USERCOPY);
+
+ if (INDEX_AC != INDEX_L3)
+ sizes[INDEX_L3].cs_cachep =
+ create_kmalloc_cache(names[INDEX_L3].name,
+- sizes[INDEX_L3].cs_size, ARCH_KMALLOC_FLAGS);
++ sizes[INDEX_L3].cs_size, ARCH_KMALLOC_FLAGS|SLAB_USERCOPY);
+
+ slab_early_init = 0;
+
+@@ -1686,13 +1693,20 @@ void __init kmem_cache_init(void)
+ */
+ if (!sizes->cs_cachep)
+ sizes->cs_cachep = create_kmalloc_cache(names->name,
+- sizes->cs_size, ARCH_KMALLOC_FLAGS);
++ sizes->cs_size, ARCH_KMALLOC_FLAGS|SLAB_USERCOPY);
+
#ifdef CONFIG_ZONE_DMA
-@@ -1718,6 +1725,17 @@ void __init kmem_cache_init(void)
- ARCH_KMALLOC_FLAGS|SLAB_CACHE_DMA| SLAB_PANIC);
- list_add(&sizes->cs_dmacachep->list, &slab_caches);
+ sizes->cs_dmacachep = create_kmalloc_cache(
+ names->name_dma, sizes->cs_size,
+ SLAB_CACHE_DMA|ARCH_KMALLOC_FLAGS);
#endif
+
+#ifdef CONFIG_PAX_USERCOPY_SLABS
-+ sizes->cs_usercopycachep = kmem_cache_zalloc(kmem_cache, GFP_NOWAIT);
-+ sizes->cs_usercopycachep->name = names->name_usercopy;
-+ sizes->cs_usercopycachep->size = sizes->cs_size;
-+ sizes->cs_usercopycachep->object_size = sizes->cs_size;
-+ sizes->cs_usercopycachep->align = ARCH_KMALLOC_MINALIGN;
-+ __kmem_cache_create(sizes->cs_usercopycachep, ARCH_KMALLOC_FLAGS| SLAB_PANIC|SLAB_USERCOPY);
-+ list_add(&sizes->cs_usercopycachep->list, &slab_caches);
++ sizes->cs_usercopycachep = create_kmalloc_cache(
++ names->name_usercopy, sizes->cs_size,
++ ARCH_KMALLOC_FLAGS|SLAB_USERCOPY);
+#endif
+
sizes++;
names++;
}
-@@ -4405,10 +4423,10 @@ static int s_show(struct seq_file *m, void *p)
+@@ -4365,10 +4379,10 @@ void slabinfo_show_stats(struct seq_file *m, struct kmem_cache *cachep)
}
/* cpu stats */
{
seq_printf(m, " : cpustat %6lu %6lu %6lu %6lu",
allochit, allocmiss, freehit, freemiss);
-@@ -4667,13 +4685,71 @@ static int __init slab_proc_init(void)
+@@ -4600,13 +4614,71 @@ static const struct file_operations proc_slabstats_operations = {
+ static int __init slab_proc_init(void)
{
- proc_create("slabinfo",S_IWUSR|S_IRUSR,NULL,&proc_slabinfo_operations);
#ifdef CONFIG_DEBUG_SLAB_LEAK
- proc_create("slab_allocators", 0, NULL, &proc_slabstats_operations);
+ proc_create("slab_allocators", S_IRUSR, NULL, &proc_slabstats_operations);
/**
* ksize - get the actual amount of memory allocated for a given object
* @objp: Pointer to the object
+diff --git a/mm/slab.h b/mm/slab.h
+index 34a98d6..73633d1 100644
+--- a/mm/slab.h
++++ b/mm/slab.h
+@@ -58,7 +58,7 @@ __kmem_cache_alias(struct mem_cgroup *memcg, const char *name, size_t size,
+
+ /* Legal flag mask for kmem_cache_create(), for various configurations */
+ #define SLAB_CORE_FLAGS (SLAB_HWCACHE_ALIGN | SLAB_CACHE_DMA | SLAB_PANIC | \
+- SLAB_DESTROY_BY_RCU | SLAB_DEBUG_OBJECTS )
++ SLAB_DESTROY_BY_RCU | SLAB_DEBUG_OBJECTS | SLAB_USERCOPY)
+
+ #if defined(CONFIG_DEBUG_SLAB)
+ #define SLAB_DEBUG_FLAGS (SLAB_RED_ZONE | SLAB_POISON | SLAB_STORE_USER)
+@@ -220,6 +220,9 @@ static inline struct kmem_cache *cache_from_obj(struct kmem_cache *s, void *x)
+ return s;
+
+ page = virt_to_head_page(x);
++
++ BUG_ON(!PageSlab(page));
++
+ cachep = page->slab_cache;
+ if (slab_equal_or_root(cachep, s))
+ return cachep;
diff --git a/mm/slab_common.c b/mm/slab_common.c
-index 069a24e6..226a310 100644
+index 3f3cd97..93b0236 100644
--- a/mm/slab_common.c
+++ b/mm/slab_common.c
-@@ -127,7 +127,7 @@ struct kmem_cache *kmem_cache_create(const char *name, size_t size, size_t align
+@@ -22,7 +22,7 @@
+
+ #include "slab.h"
+
+-enum slab_state slab_state;
++enum slab_state slab_state __read_only;
+ LIST_HEAD(slab_caches);
+ DEFINE_MUTEX(slab_mutex);
+ struct kmem_cache *kmem_cache;
+@@ -209,7 +209,7 @@ kmem_cache_create_memcg(struct mem_cgroup *memcg, const char *name, size_t size,
+
err = __kmem_cache_create(s, flags);
if (!err) {
-
- s->refcount = 1;
+ atomic_set(&s->refcount, 1);
list_add(&s->list, &slab_caches);
-
+ memcg_cache_list_add(memcg, s);
} else {
-@@ -163,8 +163,7 @@ void kmem_cache_destroy(struct kmem_cache *s)
- {
+@@ -255,8 +255,7 @@ void kmem_cache_destroy(struct kmem_cache *s)
+
get_online_cpus();
mutex_lock(&slab_mutex);
- s->refcount--;
list_del(&s->list);
if (!__kmem_cache_shutdown(s)) {
+@@ -302,7 +301,7 @@ void __init create_boot_cache(struct kmem_cache *s, const char *name, size_t siz
+ panic("Creation of kmalloc slab %s size=%zd failed. Reason %d\n",
+ name, size, err);
+
+- s->refcount = -1; /* Exempt from merging for now */
++ atomic_set(&s->refcount, -1); /* Exempt from merging for now */
+ }
+
+ struct kmem_cache *__init create_kmalloc_cache(const char *name, size_t size,
+@@ -315,7 +314,7 @@ struct kmem_cache *__init create_kmalloc_cache(const char *name, size_t size,
+
+ create_boot_cache(s, name, size, flags);
+ list_add(&s->list, &slab_caches);
+- s->refcount = 1;
++ atomic_set(&s->refcount, 1);
+ return s;
+ }
+
diff --git a/mm/slob.c b/mm/slob.c
-index 1e921c5..1ce12c2 100644
+index a99fdf7..f5b6577 100644
--- a/mm/slob.c
+++ b/mm/slob.c
-@@ -159,7 +159,7 @@ static void set_slob(slob_t *s, slobidx_t size, slob_t *next)
+@@ -157,7 +157,7 @@ static void set_slob(slob_t *s, slobidx_t size, slob_t *next)
/*
* Return the size of a slob block.
*/
{
if (s->units > 0)
return s->units;
-@@ -169,7 +169,7 @@ static slobidx_t slob_units(slob_t *s)
+@@ -167,7 +167,7 @@ static slobidx_t slob_units(slob_t *s)
/*
* Return the next free slob block pointer after this one.
*/
{
slob_t *base = (slob_t *)((unsigned long)s & PAGE_MASK);
slobidx_t next;
-@@ -184,14 +184,14 @@ static slob_t *slob_next(slob_t *s)
+@@ -182,14 +182,14 @@ static slob_t *slob_next(slob_t *s)
/*
* Returns true if s is the last free block in its page.
*/
#ifdef CONFIG_NUMA
if (node != NUMA_NO_NODE)
-@@ -203,14 +203,18 @@ static void *slob_new_pages(gfp_t gfp, int order, int node)
+@@ -201,14 +201,18 @@ static void *slob_new_pages(gfp_t gfp, int order, int node)
if (!page)
return NULL;
}
/*
-@@ -315,15 +319,15 @@ static void *slob_alloc(size_t size, gfp_t gfp, int align, int node)
+@@ -313,15 +317,15 @@ static void *slob_alloc(size_t size, gfp_t gfp, int align, int node)
/* Not enough space: must allocate a new page */
if (!b) {
INIT_LIST_HEAD(&sp->list);
set_slob(b, SLOB_UNITS(PAGE_SIZE), b + SLOB_UNITS(PAGE_SIZE));
set_slob_page_free(sp, slob_list);
-@@ -361,9 +365,7 @@ static void slob_free(void *block, int size)
+@@ -359,9 +363,7 @@ static void slob_free(void *block, int size)
if (slob_page_free(sp))
clear_slob_page_free(sp);
spin_unlock_irqrestore(&slob_lock, flags);
return;
}
-@@ -426,11 +428,10 @@ out:
+@@ -424,11 +426,10 @@ out:
*/
static __always_inline void *
gfp &= gfp_allowed_mask;
-@@ -444,20 +445,23 @@ __do_kmalloc_node(size_t size, gfp_t gfp, int node, unsigned long caller)
+@@ -442,23 +443,41 @@ __do_kmalloc_node(size_t size, gfp_t gfp, int node, unsigned long caller)
if (!m)
return NULL;
if (likely(order))
gfp |= __GFP_COMP;
- ret = slob_new_pages(gfp, order, node);
-- if (ret) {
-- struct page *page;
-- page = virt_to_page(ret);
+ page = slob_new_pages(gfp, order, node);
+ if (page) {
+ ret = page_address(page);
- page->private = size;
- }
++ page->private = size;
++ }
-@@ -465,7 +469,17 @@ __do_kmalloc_node(size_t size, gfp_t gfp, int node, unsigned long caller)
+ trace_kmalloc_node(caller, ret,
size, PAGE_SIZE << order, gfp, node);
}
return ret;
}
-@@ -501,15 +515,91 @@ void kfree(const void *block)
+@@ -494,33 +513,110 @@ void kfree(const void *block)
kmemleak_free(block);
sp = virt_to_page(block);
+ __ClearPageSlab(sp);
+ reset_page_mapcount(sp);
+ sp->private = 0;
- put_page(sp);
+ __free_pages(sp, compound_order(sp));
+ }
}
EXPORT_SYMBOL(kfree);
/* can't use ksize for kmem_cache_alloc memory, only kmalloc */
size_t ksize(const void *block)
{
-@@ -520,10 +610,11 @@ size_t ksize(const void *block)
+ struct page *sp;
+ int align;
+- unsigned int *m;
++ slob_t *m;
+
+ BUG_ON(!block);
+ if (unlikely(block == ZERO_SIZE_PTR))
return 0;
sp = virt_to_page(block);
-- if (PageSlab(sp)) {
+- if (unlikely(!PageSlab(sp)))
+- return PAGE_SIZE << compound_order(sp);
+ VM_BUG_ON(!PageSlab(sp));
-+ if (!sp->private) {
- int align = max_t(size_t, ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN);
-- unsigned int *m = (unsigned int *)(block - align);
-- return SLOB_UNITS(*m) * SLOB_UNIT;
-+ slob_t *m = (slob_t *)(block - align);
-+ return SLOB_UNITS(m[0].units) * SLOB_UNIT;
- } else
- return sp->private;
++ if (sp->private)
++ return sp->private;
+
+ align = max_t(size_t, ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN);
+- m = (unsigned int *)(block - align);
+- return SLOB_UNITS(*m) * SLOB_UNIT;
++ m = (slob_t *)(block - align);
++ return SLOB_UNITS(m[0].units) * SLOB_UNIT;
}
-@@ -550,23 +641,33 @@ int __kmem_cache_create(struct kmem_cache *c, unsigned long flags)
+ EXPORT_SYMBOL(ksize);
+
+@@ -536,23 +632,33 @@ int __kmem_cache_create(struct kmem_cache *c, unsigned long flags)
void *kmem_cache_alloc_node(struct kmem_cache *c, gfp_t flags, int node)
{
+#else
if (c->size < PAGE_SIZE) {
b = slob_alloc(c->size, flags, c->align, node);
- trace_kmem_cache_alloc_node(_RET_IP_, b, c->size,
+ trace_kmem_cache_alloc_node(_RET_IP_, b, c->object_size,
SLOB_UNITS(c->size) * SLOB_UNIT,
flags, node);
} else {
+ b = page_address(sp);
+ sp->private = c->size;
+ }
- trace_kmem_cache_alloc_node(_RET_IP_, b, c->size,
+ trace_kmem_cache_alloc_node(_RET_IP_, b, c->object_size,
PAGE_SIZE << get_order(c->size),
flags, node);
}
if (c->ctor)
c->ctor(b);
-@@ -578,10 +679,14 @@ EXPORT_SYMBOL(kmem_cache_alloc_node);
+@@ -564,10 +670,14 @@ EXPORT_SYMBOL(kmem_cache_alloc_node);
static void __kmem_cache_free(void *b, int size)
{
}
static void kmem_rcu_free(struct rcu_head *head)
-@@ -594,17 +699,31 @@ static void kmem_rcu_free(struct rcu_head *head)
+@@ -580,17 +690,31 @@ static void kmem_rcu_free(struct rcu_head *head)
void kmem_cache_free(struct kmem_cache *c, void *b)
{
EXPORT_SYMBOL(kmem_cache_free);
diff --git a/mm/slub.c b/mm/slub.c
-index 321afab..9595170 100644
+index ba2ca53..00b1f4e 100644
--- a/mm/slub.c
+++ b/mm/slub.c
-@@ -201,7 +201,7 @@ struct track {
+@@ -197,7 +197,7 @@ struct track {
enum track_item { TRACK_ALLOC, TRACK_FREE };
static int sysfs_slab_add(struct kmem_cache *);
static int sysfs_slab_alias(struct kmem_cache *, const char *);
static void sysfs_slab_remove(struct kmem_cache *);
-@@ -521,7 +521,7 @@ static void print_track(const char *s, struct track *t)
+@@ -518,7 +518,7 @@ static void print_track(const char *s, struct track *t)
if (!t->addr)
return;
s, (void *)t->addr, jiffies - t->when, t->cpu, t->pid);
#ifdef CONFIG_STACKTRACE
{
-@@ -2623,6 +2623,8 @@ void kmem_cache_free(struct kmem_cache *s, void *x)
-
- page = virt_to_head_page(x);
-
-+ BUG_ON(!PageSlab(page));
-+
- if (kmem_cache_debug(s) && page->slab != s) {
- pr_err("kmem_cache_free: Wrong slab cache. %s but object"
- " is from %s\n", page->slab->name, s->name);
-@@ -2663,7 +2665,7 @@ static int slub_min_objects;
+@@ -2653,7 +2653,7 @@ static int slub_min_objects;
* Merge control. If this is set then no merging of slab caches will occur.
* (Could be removed. This was introduced to pacify the merge skeptics.)
*/
/*
* Calculate the order of allocation given an slab object size.
-@@ -3225,6 +3227,10 @@ EXPORT_SYMBOL(kmalloc_caches);
+@@ -3181,6 +3181,10 @@ EXPORT_SYMBOL(kmalloc_caches);
static struct kmem_cache *kmalloc_dma_caches[SLUB_PAGE_SHIFT];
#endif
static int __init setup_slub_min_order(char *str)
{
get_option(&str, &slub_min_order);
-@@ -3279,7 +3285,7 @@ static struct kmem_cache *__init create_kmalloc_cache(const char *name,
- if (kmem_cache_open(s, flags))
- goto panic;
-
-- s->refcount = 1;
-+ atomic_set(&s->refcount, 1);
- list_add(&s->list, &slab_caches);
- return s;
-
-@@ -3343,6 +3349,13 @@ static struct kmem_cache *get_slab(size_t size, gfp_t flags)
+@@ -3272,6 +3276,13 @@ static struct kmem_cache *get_slab(size_t size, gfp_t flags)
return kmalloc_dma_caches[index];
#endif
return kmalloc_caches[index];
}
-@@ -3411,6 +3424,59 @@ void *__kmalloc_node(size_t size, gfp_t flags, int node)
+@@ -3340,6 +3351,59 @@ void *__kmalloc_node(size_t size, gfp_t flags, int node)
EXPORT_SYMBOL(__kmalloc_node);
#endif
+ if (!PageSlab(page))
+ return false;
+
-+ s = page->slab;
++ s = page->slab_cache;
+ return s->flags & SLAB_USERCOPY;
+}
+
+ if (!PageSlab(page))
+ return NULL;
+
-+ s = page->slab;
++ s = page->slab_cache;
+ if (!(s->flags & SLAB_USERCOPY))
+ return s->name;
+
size_t ksize(const void *object)
{
struct page *page;
-@@ -3685,7 +3751,7 @@ static void __init kmem_cache_bootstrap_fixup(struct kmem_cache *s)
- int node;
-
- list_add(&s->list, &slab_caches);
-- s->refcount = -1;
-+ atomic_set(&s->refcount, -1);
-
- for_each_node_state(node, N_NORMAL_MEMORY) {
- struct kmem_cache_node *n = get_node(s, node);
-@@ -3808,17 +3874,17 @@ void __init kmem_cache_init(void)
+@@ -3712,17 +3776,17 @@ void __init kmem_cache_init(void)
/* Caches that are not of the two-to-the-power-of size */
if (KMALLOC_MIN_SIZE <= 32) {
caches++;
}
-@@ -3860,6 +3926,22 @@ void __init kmem_cache_init(void)
+@@ -3764,6 +3828,22 @@ void __init kmem_cache_init(void)
}
}
#endif
printk(KERN_INFO
"SLUB: Genslabs=%d, HWalign=%d, Order=%d-%d, MinObjects=%d,"
" CPUs=%d, Nodes=%d\n",
-@@ -3886,7 +3968,7 @@ static int slab_unmergeable(struct kmem_cache *s)
+@@ -3790,7 +3870,7 @@ static int slab_unmergeable(struct kmem_cache *s)
/*
* We may have set a slab to be unmergeable during bootstrap.
*/
return 1;
return 0;
-@@ -3940,7 +4022,7 @@ struct kmem_cache *__kmem_cache_alias(const char *name, size_t size,
+@@ -3848,7 +3928,7 @@ __kmem_cache_alias(struct mem_cgroup *memcg, const char *name, size_t size,
- s = find_mergeable(size, align, flags, name, ctor);
+ s = find_mergeable(memcg, size, align, flags, name, ctor);
if (s) {
- s->refcount++;
+ atomic_inc(&s->refcount);
/*
* Adjust the object sizes so that we clear
* the complete object on kzalloc.
-@@ -3949,7 +4031,7 @@ struct kmem_cache *__kmem_cache_alias(const char *name, size_t size,
+@@ -3857,7 +3937,7 @@ __kmem_cache_alias(struct mem_cgroup *memcg, const char *name, size_t size,
s->inuse = max_t(int, s->inuse, ALIGN(size, sizeof(void *)));
if (sysfs_slab_alias(s, name)) {
s = NULL;
}
}
-@@ -4064,7 +4146,7 @@ void *__kmalloc_node_track_caller(size_t size, gfp_t gfpflags,
+@@ -3919,7 +3999,7 @@ static int __cpuinit slab_cpuup_callback(struct notifier_block *nfb,
+ return NOTIFY_OK;
+ }
+
+-static struct notifier_block __cpuinitdata slab_notifier = {
++static struct notifier_block slab_notifier = {
+ .notifier_call = slab_cpuup_callback
+ };
+
+@@ -3977,7 +4057,7 @@ void *__kmalloc_node_track_caller(size_t size, gfp_t gfpflags,
}
#endif
static int count_inuse(struct page *page)
{
return page->inuse;
-@@ -4451,12 +4533,12 @@ static void resiliency_test(void)
+@@ -4364,12 +4444,12 @@ static void resiliency_test(void)
validate_slab_cache(kmalloc_caches[9]);
}
#else
enum slab_stat_type {
SL_ALL, /* All slabs */
SL_PARTIAL, /* Only partially allocated slabs */
-@@ -4700,7 +4782,7 @@ SLAB_ATTR_RO(ctor);
+@@ -4613,7 +4693,7 @@ SLAB_ATTR_RO(ctor);
static ssize_t aliases_show(struct kmem_cache *s, char *buf)
{
}
SLAB_ATTR_RO(aliases);
-@@ -5262,6 +5344,7 @@ static char *create_unique_id(struct kmem_cache *s)
+@@ -5266,6 +5346,7 @@ static char *create_unique_id(struct kmem_cache *s)
return name;
}
static int sysfs_slab_add(struct kmem_cache *s)
{
int err;
-@@ -5324,6 +5407,7 @@ static void sysfs_slab_remove(struct kmem_cache *s)
+@@ -5323,6 +5404,7 @@ static void sysfs_slab_remove(struct kmem_cache *s)
kobject_del(&s->kobj);
kobject_put(&s->kobj);
}
/*
* Need to buffer aliases during bootup until sysfs becomes
-@@ -5337,6 +5421,7 @@ struct saved_alias {
+@@ -5336,6 +5418,7 @@ struct saved_alias {
static struct saved_alias *alias_list;
static int sysfs_slab_alias(struct kmem_cache *s, const char *name)
{
struct saved_alias *al;
-@@ -5359,6 +5444,7 @@ static int sysfs_slab_alias(struct kmem_cache *s, const char *name)
+@@ -5358,6 +5441,7 @@ static int sysfs_slab_alias(struct kmem_cache *s, const char *name)
alias_list = al;
return 0;
}
}
return pgd;
}
+diff --git a/mm/sparse.c b/mm/sparse.c
+index 6b5fb76..db0c190 100644
+--- a/mm/sparse.c
++++ b/mm/sparse.c
+@@ -782,7 +782,7 @@ static void clear_hwpoisoned_pages(struct page *memmap, int nr_pages)
+
+ for (i = 0; i < PAGES_PER_SECTION; i++) {
+ if (PageHWPoison(&memmap[i])) {
+- atomic_long_sub(1, &mce_bad_pages);
++ atomic_long_sub_unchecked(1, &mce_bad_pages);
+ ClearPageHWPoison(&memmap[i]);
+ }
+ }
diff --git a/mm/swap.c b/mm/swap.c
index 6310dc2..3662b3f 100644
--- a/mm/swap.c
}
diff --git a/mm/swapfile.c b/mm/swapfile.c
-index f91a255..9dcac21 100644
+index e97a0e5..b50e796 100644
--- a/mm/swapfile.c
+++ b/mm/swapfile.c
@@ -64,7 +64,7 @@ static DEFINE_MUTEX(swapon_mutex);
static inline unsigned char swap_count(unsigned char ent)
{
-@@ -1601,7 +1601,7 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile)
+@@ -1608,7 +1608,7 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile)
}
filp_close(swap_file, NULL);
err = 0;
wake_up_interruptible(&proc_poll_wait);
out_dput:
-@@ -1618,8 +1618,8 @@ static unsigned swaps_poll(struct file *file, poll_table *wait)
+@@ -1625,8 +1625,8 @@ static unsigned swaps_poll(struct file *file, poll_table *wait)
poll_wait(file, &proc_poll_wait, wait);
return POLLIN | POLLRDNORM | POLLERR | POLLPRI;
}
-@@ -1717,7 +1717,7 @@ static int swaps_open(struct inode *inode, struct file *file)
+@@ -1724,7 +1724,7 @@ static int swaps_open(struct inode *inode, struct file *file)
return ret;
seq = file->private_data;
return 0;
}
-@@ -2059,7 +2059,7 @@ SYSCALL_DEFINE2(swapon, const char __user *, specialfile, int, swap_flags)
+@@ -2066,7 +2066,7 @@ SYSCALL_DEFINE2(swapon, const char __user *, specialfile, int, swap_flags)
(frontswap_map) ? "FS" : "");
mutex_unlock(&swapon_mutex);
if (S_ISREG(inode->i_mode))
diff --git a/mm/util.c b/mm/util.c
-index dc3036c..b6c7c9d 100644
+index c55e26b..3f913a9 100644
--- a/mm/util.c
+++ b/mm/util.c
@@ -292,6 +292,12 @@ done:
mm->unmap_area = arch_unmap_area;
}
diff --git a/mm/vmalloc.c b/mm/vmalloc.c
-index 78e0830..bc6bbd8 100644
+index 5123a16..f234a48 100644
--- a/mm/vmalloc.c
+++ b/mm/vmalloc.c
@@ -39,8 +39,19 @@ static void vunmap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end)
if (v->nr_pages)
seq_printf(m, " pages=%d", v->nr_pages);
diff --git a/mm/vmstat.c b/mm/vmstat.c
-index c737057..a49753a 100644
+index 9800306..76b4b27 100644
--- a/mm/vmstat.c
+++ b/mm/vmstat.c
@@ -78,7 +78,7 @@ void vm_events_fold_cpu(int cpu)
}
}
#endif
-@@ -1224,10 +1224,20 @@ static int __init setup_vmstat(void)
+@@ -1223,7 +1223,7 @@ static int __cpuinit vmstat_cpuup_callback(struct notifier_block *nfb,
+ return NOTIFY_OK;
+ }
+
+-static struct notifier_block __cpuinitdata vmstat_notifier =
++static struct notifier_block vmstat_notifier =
+ { &vmstat_cpuup_callback, NULL, 0 };
+ #endif
+
+@@ -1238,10 +1238,20 @@ static int __init setup_vmstat(void)
start_cpu_timer(cpu);
#endif
#ifdef CONFIG_PROC_FS
return 0;
}
diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c
-index ee07072..593e3fd 100644
+index a292e80..785ee68 100644
--- a/net/8021q/vlan.c
+++ b/net/8021q/vlan.c
-@@ -484,7 +484,7 @@ out:
+@@ -485,7 +485,7 @@ out:
return NOTIFY_DONE;
}
.notifier_call = vlan_device_event,
};
-@@ -559,8 +559,7 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg)
+@@ -560,8 +560,7 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg)
err = -EPERM;
- if (!capable(CAP_NET_ADMIN))
+ if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
break;
- if ((args.u.name_type >= 0) &&
- (args.u.name_type < VLAN_NAME_TYPE_HIGHEST)) {
struct vlan_net *vn;
vn = net_generic(net, vlan_net_id);
+diff --git a/net/9p/mod.c b/net/9p/mod.c
+index 6ab36ae..6f1841b 100644
+--- a/net/9p/mod.c
++++ b/net/9p/mod.c
+@@ -84,7 +84,7 @@ static LIST_HEAD(v9fs_trans_list);
+ void v9fs_register_trans(struct p9_trans_module *m)
+ {
+ spin_lock(&v9fs_trans_lock);
+- list_add_tail(&m->list, &v9fs_trans_list);
++ pax_list_add_tail((struct list_head *)&m->list, &v9fs_trans_list);
+ spin_unlock(&v9fs_trans_lock);
+ }
+ EXPORT_SYMBOL(v9fs_register_trans);
+@@ -97,7 +97,7 @@ EXPORT_SYMBOL(v9fs_register_trans);
+ void v9fs_unregister_trans(struct p9_trans_module *m)
+ {
+ spin_lock(&v9fs_trans_lock);
+- list_del_init(&m->list);
++ pax_list_del_init((struct list_head *)&m->list);
+ spin_unlock(&v9fs_trans_lock);
+ }
+ EXPORT_SYMBOL(v9fs_unregister_trans);
diff --git a/net/9p/trans_fd.c b/net/9p/trans_fd.c
index 02efb25..41541a9 100644
--- a/net/9p/trans_fd.c
__AAL_STAT_ITEMS
#undef __HANDLE_ITEM
}
+diff --git a/net/ax25/sysctl_net_ax25.c b/net/ax25/sysctl_net_ax25.c
+index d5744b7..506bae3 100644
+--- a/net/ax25/sysctl_net_ax25.c
++++ b/net/ax25/sysctl_net_ax25.c
+@@ -152,7 +152,7 @@ int ax25_register_dev_sysctl(ax25_dev *ax25_dev)
+ {
+ char path[sizeof("net/ax25/") + IFNAMSIZ];
+ int k;
+- struct ctl_table *table;
++ ctl_table_no_const *table;
+
+ table = kmemdup(ax25_param_table, sizeof(ax25_param_table), GFP_KERNEL);
+ if (!table)
diff --git a/net/batman-adv/bat_iv_ogm.c b/net/batman-adv/bat_iv_ogm.c
-index c6fcc76..1270d14 100644
+index 7d02ebd..4d4cc01 100644
--- a/net/batman-adv/bat_iv_ogm.c
+++ b/net/batman-adv/bat_iv_ogm.c
-@@ -62,7 +62,7 @@ static int batadv_iv_ogm_iface_enable(struct batadv_hard_iface *hard_iface)
+@@ -63,7 +63,7 @@ static int batadv_iv_ogm_iface_enable(struct batadv_hard_iface *hard_iface)
/* randomize initial seqno to avoid collision */
get_random_bytes(&random_seqno, sizeof(random_seqno));
-- atomic_set(&hard_iface->seqno, random_seqno);
-+ atomic_set_unchecked(&hard_iface->seqno, random_seqno);
+- atomic_set(&hard_iface->bat_iv.ogm_seqno, random_seqno);
++ atomic_set_unchecked(&hard_iface->bat_iv.ogm_seqno, random_seqno);
- hard_iface->packet_len = BATADV_OGM_HLEN;
- hard_iface->packet_buff = kmalloc(hard_iface->packet_len, GFP_ATOMIC);
-@@ -608,9 +608,9 @@ static void batadv_iv_ogm_schedule(struct batadv_hard_iface *hard_iface)
- batadv_ogm_packet = (struct batadv_ogm_packet *)hard_iface->packet_buff;
+ hard_iface->bat_iv.ogm_buff_len = BATADV_OGM_HLEN;
+ ogm_buff = kmalloc(hard_iface->bat_iv.ogm_buff_len, GFP_ATOMIC);
+@@ -615,9 +615,9 @@ static void batadv_iv_ogm_schedule(struct batadv_hard_iface *hard_iface)
+ batadv_ogm_packet = (struct batadv_ogm_packet *)(*ogm_buff);
/* change sequence number to network order */
-- seqno = (uint32_t)atomic_read(&hard_iface->seqno);
-+ seqno = (uint32_t)atomic_read_unchecked(&hard_iface->seqno);
+- seqno = (uint32_t)atomic_read(&hard_iface->bat_iv.ogm_seqno);
++ seqno = (uint32_t)atomic_read_unchecked(&hard_iface->bat_iv.ogm_seqno);
batadv_ogm_packet->seqno = htonl(seqno);
-- atomic_inc(&hard_iface->seqno);
-+ atomic_inc_unchecked(&hard_iface->seqno);
+- atomic_inc(&hard_iface->bat_iv.ogm_seqno);
++ atomic_inc_unchecked(&hard_iface->bat_iv.ogm_seqno);
batadv_ogm_packet->ttvn = atomic_read(&bat_priv->tt.vn);
batadv_ogm_packet->tt_crc = htons(bat_priv->tt.local_crc);
-@@ -1015,7 +1015,7 @@ static void batadv_iv_ogm_process(const struct ethhdr *ethhdr,
+@@ -1022,7 +1022,7 @@ static void batadv_iv_ogm_process(const struct ethhdr *ethhdr,
return;
/* could be changed by schedule_own_packet() */
-- if_incoming_seqno = atomic_read(&if_incoming->seqno);
-+ if_incoming_seqno = atomic_read_unchecked(&if_incoming->seqno);
+- if_incoming_seqno = atomic_read(&if_incoming->bat_iv.ogm_seqno);
++ if_incoming_seqno = atomic_read_unchecked(&if_incoming->bat_iv.ogm_seqno);
if (batadv_ogm_packet->flags & BATADV_DIRECTLINK)
has_directlink_flag = 1;
diff --git a/net/batman-adv/hard-interface.c b/net/batman-adv/hard-interface.c
-index d112fd6..686a447 100644
+index f1d37cd..4190879 100644
--- a/net/batman-adv/hard-interface.c
+++ b/net/batman-adv/hard-interface.c
-@@ -327,7 +327,7 @@ int batadv_hardif_enable_interface(struct batadv_hard_iface *hard_iface,
+@@ -370,7 +370,7 @@ int batadv_hardif_enable_interface(struct batadv_hard_iface *hard_iface,
hard_iface->batman_adv_ptype.dev = hard_iface->net_dev;
dev_add_pack(&hard_iface->batman_adv_ptype);
batadv_info(hard_iface->soft_iface, "Adding interface: %s\n",
hard_iface->net_dev->name);
-@@ -450,7 +450,7 @@ batadv_hardif_add_interface(struct net_device *net_dev)
+@@ -493,7 +493,7 @@ batadv_hardif_add_interface(struct net_device *net_dev)
/* This can't be called via a bat_priv callback because
* we have no bat_priv yet.
*/
-- atomic_set(&hard_iface->seqno, 1);
-+ atomic_set_unchecked(&hard_iface->seqno, 1);
- hard_iface->packet_buff = NULL;
+- atomic_set(&hard_iface->bat_iv.ogm_seqno, 1);
++ atomic_set_unchecked(&hard_iface->bat_iv.ogm_seqno, 1);
+ hard_iface->bat_iv.ogm_buff = NULL;
return hard_iface;
diff --git a/net/batman-adv/soft-interface.c b/net/batman-adv/soft-interface.c
-index ce0684a..4a0cbf1 100644
+index 6b548fd..fc32c8d 100644
--- a/net/batman-adv/soft-interface.c
+++ b/net/batman-adv/soft-interface.c
-@@ -234,7 +234,7 @@ static int batadv_interface_tx(struct sk_buff *skb,
+@@ -252,7 +252,7 @@ static int batadv_interface_tx(struct sk_buff *skb,
primary_if->net_dev->dev_addr, ETH_ALEN);
/* set broadcast sequence number */
+ seqno = atomic_inc_return_unchecked(&bat_priv->bcast_seqno);
bcast_packet->seqno = htonl(seqno);
- batadv_add_bcast_packet_to_list(bat_priv, skb, 1);
-@@ -427,7 +427,7 @@ struct net_device *batadv_softif_create(const char *name)
+ batadv_add_bcast_packet_to_list(bat_priv, skb, brd_delay);
+@@ -497,7 +497,7 @@ struct net_device *batadv_softif_create(const char *name)
atomic_set(&bat_priv->batman_queue_left, BATADV_BATMAN_QUEUE_LEN);
atomic_set(&bat_priv->mesh_state, BATADV_MESH_INACTIVE);
atomic_set(&bat_priv->tt.local_changes, 0);
atomic_set(&bat_priv->tt.ogm_append_cnt, 0);
diff --git a/net/batman-adv/types.h b/net/batman-adv/types.h
-index ac1e07a..4c846e2 100644
+index ae9ac9a..11e0fe7 100644
--- a/net/batman-adv/types.h
+++ b/net/batman-adv/types.h
-@@ -33,8 +33,8 @@ struct batadv_hard_iface {
+@@ -48,7 +48,7 @@
+ struct batadv_hard_iface_bat_iv {
+ unsigned char *ogm_buff;
+ int ogm_buff_len;
+- atomic_t ogm_seqno;
++ atomic_unchecked_t ogm_seqno;
+ };
+
+ struct batadv_hard_iface {
+@@ -56,7 +56,7 @@ struct batadv_hard_iface {
int16_t if_num;
char if_status;
struct net_device *net_dev;
-- atomic_t seqno;
- atomic_t frag_seqno;
-+ atomic_unchecked_t seqno;
+ atomic_unchecked_t frag_seqno;
- unsigned char *packet_buff;
- int packet_len;
struct kobject *hardif_obj;
-@@ -244,7 +244,7 @@ struct batadv_priv {
+ atomic_t refcount;
+ struct packet_type batman_adv_ptype;
+@@ -284,7 +284,7 @@ struct batadv_priv {
atomic_t orig_interval; /* uint */
atomic_t hop_penalty; /* uint */
atomic_t log_level; /* uint */
atomic_t batman_queue_left;
char num_ifaces;
diff --git a/net/batman-adv/unicast.c b/net/batman-adv/unicast.c
-index f397232..3206a33 100644
+index 10aff49..ea8e021 100644
--- a/net/batman-adv/unicast.c
+++ b/net/batman-adv/unicast.c
@@ -272,7 +272,7 @@ int batadv_frag_send_skb(struct sk_buff *skb, struct batadv_priv *bat_priv,
err = -EFAULT;
break;
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
-index a91239d..d7ed533 100644
+index 22e6583..426e2f3 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
-@@ -3183,8 +3183,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, voi
+@@ -3400,8 +3400,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len,
break;
case L2CAP_CONF_RFC:
+ memcpy(&rfc, (void *)val, olen);
if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) &&
- rfc.mode != chan->mode)
+ rfc.mode != chan->mode)
diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c
-index 083f2bf..799f9448 100644
+index 1bcfb84..dad9f98 100644
--- a/net/bluetooth/l2cap_sock.c
+++ b/net/bluetooth/l2cap_sock.c
-@@ -471,7 +471,8 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __us
+@@ -479,7 +479,8 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
struct sock *sk = sock->sk;
struct l2cap_chan *chan = l2cap_pi(sk)->chan;
struct l2cap_options opts;
u32 opt;
BT_DBG("sk %p", sk);
-@@ -493,7 +494,7 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __us
+@@ -501,7 +502,7 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
opts.max_tx = chan->max_tx;
opts.txwin_size = chan->tx_win;
if (copy_from_user((char *) &opts, optval, len)) {
err = -EFAULT;
break;
-@@ -571,7 +572,8 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch
+@@ -581,7 +582,8 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
struct bt_security sec;
struct bt_power pwr;
struct l2cap_conn *conn;
u32 opt;
BT_DBG("sk %p", sk);
-@@ -594,7 +596,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch
+@@ -604,7 +606,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
sec.level = BT_SECURITY_LOW;
if (copy_from_user((char *) &sec, optval, len)) {
err = -EFAULT;
break;
-@@ -691,7 +693,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch
+@@ -701,7 +703,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
err = -EFAULT;
break;
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
-index 868a909..d044bc3 100644
+index ce3f665..2c7d08f 100644
--- a/net/bluetooth/rfcomm/sock.c
+++ b/net/bluetooth/rfcomm/sock.c
@@ -667,7 +667,7 @@ static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, c
err = -EFAULT;
break;
diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c
-index ccc2487..921073d 100644
+index bd6fd0f..6492cba 100644
--- a/net/bluetooth/rfcomm/tty.c
+++ b/net/bluetooth/rfcomm/tty.c
@@ -309,7 +309,7 @@ static void rfcomm_dev_del(struct rfcomm_dev *dev)
@@ -664,10 +664,10 @@ static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp)
return -ENODEV;
- BT_DBG("dev %p dst %s channel %d opened %d", dev, batostr(&dev->dst),
-- dev->channel, dev->port.count);
-+ dev->channel, atomic_read(&dev->port.count));
+ BT_DBG("dev %p dst %pMR channel %d opened %d", dev, &dev->dst,
+- dev->channel, dev->port.count);
++ dev->channel, atomic_read(&dev->port.count));
spin_lock_irqsave(&dev->port.lock, flags);
- if (++dev->port.count > 1) {
spin_unlock_irqrestore(&dev->port.lock, flags);
if (dev->tty_dev->parent)
device_move(dev->tty_dev, NULL, DPM_ORDER_DEV_LAST);
+diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c
+index acc9f4c..2897e40 100644
+--- a/net/bridge/br_mdb.c
++++ b/net/bridge/br_mdb.c
+@@ -82,6 +82,7 @@ static int br_mdb_fill_info(struct sk_buff *skb, struct netlink_callback *cb,
+ port = p->port;
+ if (port) {
+ struct br_mdb_entry e;
++ memset(&e, 0, sizeof(e));
+ e.ifindex = port->dev->ifindex;
+ e.state = p->state;
+ if (p->addr.proto == htons(ETH_P_IP))
+@@ -138,6 +139,7 @@ static int br_mdb_dump(struct sk_buff *skb, struct netlink_callback *cb)
+ break;
+
+ bpm = nlmsg_data(nlh);
++ memset(bpm, 0, sizeof(*bpm));
+ bpm->ifindex = dev->ifindex;
+ if (br_mdb_fill_info(skb, cb, dev) < 0)
+ goto out;
+@@ -173,6 +175,7 @@ static int nlmsg_populate_mdb_fill(struct sk_buff *skb,
+ return -EMSGSIZE;
+
+ bpm = nlmsg_data(nlh);
++ memset(bpm, 0, sizeof(*bpm));
+ bpm->family = AF_BRIDGE;
+ bpm->ifindex = dev->ifindex;
+ nest = nla_nest_start(skb, MDBA_MDB);
+@@ -230,6 +233,7 @@ void br_mdb_notify(struct net_device *dev, struct net_bridge_port *port,
+ {
+ struct br_mdb_entry entry;
+
++ memset(&entry, 0, sizeof(entry));
+ entry.ifindex = port->dev->ifindex;
+ entry.addr.proto = group->proto;
+ entry.addr.u.ip4 = group->u.ip4;
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index 5fe2ff3..121d696 100644
--- a/net/bridge/netfilter/ebtables.c
break;
}
diff --git a/net/caif/cfctrl.c b/net/caif/cfctrl.c
-index 44f270f..1f5602d 100644
+index a376ec1..1fbd6be 100644
--- a/net/caif/cfctrl.c
+++ b/net/caif/cfctrl.c
@@ -10,6 +10,7 @@
};
diff --git a/net/can/gw.c b/net/can/gw.c
-index 1f5c978..ef714c7 100644
+index 574dda78e..3d2b3da 100644
--- a/net/can/gw.c
+++ b/net/can/gw.c
@@ -67,7 +67,6 @@ MODULE_AUTHOR("Oliver Hartkopp <oliver.hartkopp@volkswagen.de>");
static struct kmem_cache *cgw_cache __read_mostly;
-@@ -887,6 +886,10 @@ static int cgw_remove_job(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
+@@ -893,6 +892,10 @@ static int cgw_remove_job(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
return err;
}
static __init int cgw_module_init(void)
{
printk(banner);
-@@ -898,7 +901,6 @@ static __init int cgw_module_init(void)
+@@ -904,7 +907,6 @@ static __init int cgw_module_init(void)
return -ENOMEM;
/* set notifier */
a0 = a[0];
a1 = a[1];
diff --git a/net/core/datagram.c b/net/core/datagram.c
-index 0337e2b..47914a0 100644
+index 368f9c3..f82d4a3 100644
--- a/net/core/datagram.c
+++ b/net/core/datagram.c
@@ -289,7 +289,7 @@ int skb_kill_datagram(struct sock *sk, struct sk_buff *skb, unsigned int flags)
return err;
diff --git a/net/core/dev.c b/net/core/dev.c
-index e5942bf..25998c3 100644
+index f64e439..8f959e6 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
-@@ -1162,9 +1162,13 @@ void dev_load(struct net *net, const char *name)
+@@ -1250,9 +1250,13 @@ void dev_load(struct net *net, const char *name)
if (no_module && capable(CAP_NET_ADMIN))
no_module = request_module("netdev-%s", name);
if (no_module && capable(CAP_SYS_MODULE)) {
}
}
EXPORT_SYMBOL(dev_load);
-@@ -1627,7 +1631,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
+@@ -1715,7 +1719,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
{
if (skb_shinfo(skb)->tx_flags & SKBTX_DEV_ZEROCOPY) {
if (skb_copy_ubufs(skb, GFP_ATOMIC)) {
kfree_skb(skb);
return NET_RX_DROP;
}
-@@ -1637,7 +1641,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
+@@ -1725,7 +1729,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
nf_reset(skb);
if (unlikely(!is_skb_forwardable(dev, skb))) {
kfree_skb(skb);
return NET_RX_DROP;
}
-@@ -2093,7 +2097,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb)
+@@ -2180,7 +2184,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb)
struct dev_gso_cb {
void (*destructor)(struct sk_buff *skb);
#define DEV_GSO_CB(skb) ((struct dev_gso_cb *)(skb)->cb)
-@@ -2955,7 +2959,7 @@ enqueue:
+@@ -3053,7 +3057,7 @@ enqueue:
local_irq_restore(flags);
kfree_skb(skb);
return NET_RX_DROP;
}
-@@ -3027,7 +3031,7 @@ int netif_rx_ni(struct sk_buff *skb)
+@@ -3125,7 +3129,7 @@ int netif_rx_ni(struct sk_buff *skb)
}
EXPORT_SYMBOL(netif_rx_ni);
{
struct softnet_data *sd = &__get_cpu_var(softnet_data);
-@@ -3358,7 +3362,7 @@ ncls:
+@@ -3456,7 +3460,7 @@ ncls:
ret = pt_prev->func(skb, skb->dev, pt_prev, orig_dev);
} else {
drop:
kfree_skb(skb);
/* Jamal, now you will not able to escape explaining
* me how you were going to use this. :-)
-@@ -3944,7 +3948,7 @@ void netif_napi_del(struct napi_struct *napi)
+@@ -4039,7 +4043,7 @@ void netif_napi_del(struct napi_struct *napi)
}
EXPORT_SYMBOL(netif_napi_del);
{
struct softnet_data *sd = &__get_cpu_var(softnet_data);
unsigned long time_limit = jiffies + 2;
-@@ -4423,8 +4427,13 @@ static int ptype_seq_show(struct seq_file *seq, void *v)
+@@ -4523,8 +4527,13 @@ static int ptype_seq_show(struct seq_file *seq, void *v)
else
seq_printf(seq, "%04x", ntohs(pt->type));
}
return 0;
-@@ -5987,7 +5996,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
+@@ -6096,7 +6105,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
} else {
netdev_stats_to_stats64(storage, &dev->stats);
}
}
EXPORT_SYMBOL(dev_get_stats);
diff --git a/net/core/flow.c b/net/core/flow.c
-index e318c7e..168b1d0 100644
+index b0901ee..7d3c2ca 100644
--- a/net/core/flow.c
+++ b/net/core/flow.c
@@ -61,7 +61,7 @@ struct flow_cache {
return -EFAULT;
m->msg_iov = iov;
+diff --git a/net/core/neighbour.c b/net/core/neighbour.c
+index c815f28..e6403f2 100644
+--- a/net/core/neighbour.c
++++ b/net/core/neighbour.c
+@@ -2776,7 +2776,7 @@ static int proc_unres_qlen(ctl_table *ctl, int write, void __user *buffer,
+ size_t *lenp, loff_t *ppos)
+ {
+ int size, ret;
+- ctl_table tmp = *ctl;
++ ctl_table_no_const tmp = *ctl;
+
+ tmp.extra1 = &zero;
+ tmp.extra2 = &unres_qlen_max;
+diff --git a/net/core/net-sysfs.c b/net/core/net-sysfs.c
+index 28c5f5a..7edf2e2 100644
+--- a/net/core/net-sysfs.c
++++ b/net/core/net-sysfs.c
+@@ -1455,7 +1455,7 @@ void netdev_class_remove_file(struct class_attribute *class_attr)
+ }
+ EXPORT_SYMBOL(netdev_class_remove_file);
+
+-int netdev_kobject_init(void)
++int __init netdev_kobject_init(void)
+ {
+ kobj_ns_type_register(&net_ns_type_operations);
+ return class_register(&net_class);
+diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
+index 8acce01..2e306bb 100644
+--- a/net/core/net_namespace.c
++++ b/net/core/net_namespace.c
+@@ -442,7 +442,7 @@ static int __register_pernet_operations(struct list_head *list,
+ int error;
+ LIST_HEAD(net_exit_list);
+
+- list_add_tail(&ops->list, list);
++ pax_list_add_tail((struct list_head *)&ops->list, list);
+ if (ops->init || (ops->id && ops->size)) {
+ for_each_net(net) {
+ error = ops_init(ops, net);
+@@ -455,7 +455,7 @@ static int __register_pernet_operations(struct list_head *list,
+
+ out_undo:
+ /* If I have an error cleanup all namespaces I initialized */
+- list_del(&ops->list);
++ pax_list_del((struct list_head *)&ops->list);
+ ops_exit_list(ops, &net_exit_list);
+ ops_free_list(ops, &net_exit_list);
+ return error;
+@@ -466,7 +466,7 @@ static void __unregister_pernet_operations(struct pernet_operations *ops)
+ struct net *net;
+ LIST_HEAD(net_exit_list);
+
+- list_del(&ops->list);
++ pax_list_del((struct list_head *)&ops->list);
+ for_each_net(net)
+ list_add_tail(&net->exit_list, &net_exit_list);
+ ops_exit_list(ops, &net_exit_list);
+@@ -600,7 +600,7 @@ int register_pernet_device(struct pernet_operations *ops)
+ mutex_lock(&net_mutex);
+ error = register_pernet_operations(&pernet_list, ops);
+ if (!error && (first_device == &pernet_list))
+- first_device = &ops->list;
++ first_device = (struct list_head *)&ops->list;
+ mutex_unlock(&net_mutex);
+ return error;
+ }
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
-index fad649a..f2fdac4 100644
+index 1868625..e2261f5 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
-@@ -198,14 +198,16 @@ int __rtnl_register(int protocol, int msgtype,
- rtnl_msg_handlers[protocol] = tab;
- }
+@@ -58,7 +58,7 @@ struct rtnl_link {
+ rtnl_doit_func doit;
+ rtnl_dumpit_func dumpit;
+ rtnl_calcit_func calcit;
+-};
++} __no_const;
-+ pax_open_kernel();
- if (doit)
-- tab[msgindex].doit = doit;
-+ *(void **)&tab[msgindex].doit = doit;
+ static DEFINE_MUTEX(rtnl_mutex);
- if (dumpit)
-- tab[msgindex].dumpit = dumpit;
-+ *(void **)&tab[msgindex].dumpit = dumpit;
+@@ -299,10 +299,13 @@ int __rtnl_link_register(struct rtnl_link_ops *ops)
+ if (rtnl_link_ops_get(ops->kind))
+ return -EEXIST;
- if (calcit)
-- tab[msgindex].calcit = calcit;
-+ *(void **)&tab[msgindex].calcit = calcit;
-+ pax_close_kernel();
+- if (!ops->dellink)
+- ops->dellink = unregister_netdevice_queue;
++ if (!ops->dellink) {
++ pax_open_kernel();
++ *(void **)&ops->dellink = unregister_netdevice_queue;
++ pax_close_kernel();
++ }
+- list_add_tail(&ops->list, &link_ops);
++ pax_list_add_tail((struct list_head *)&ops->list, &link_ops);
return 0;
}
-@@ -248,8 +250,10 @@ int rtnl_unregister(int protocol, int msgtype)
- if (rtnl_msg_handlers[protocol] == NULL)
- return -ENOENT;
-
-- rtnl_msg_handlers[protocol][msgindex].doit = NULL;
-- rtnl_msg_handlers[protocol][msgindex].dumpit = NULL;
-+ pax_open_kernel();
-+ *(void **)&rtnl_msg_handlers[protocol][msgindex].doit = NULL;
-+ *(void **)&rtnl_msg_handlers[protocol][msgindex].dumpit = NULL;
-+ pax_close_kernel();
-
- return 0;
+ EXPORT_SYMBOL_GPL(__rtnl_link_register);
+@@ -349,7 +352,7 @@ void __rtnl_link_unregister(struct rtnl_link_ops *ops)
+ for_each_net(net) {
+ __rtnl_kill_links(net, ops);
+ }
+- list_del(&ops->list);
++ pax_list_del((struct list_head *)&ops->list);
}
+ EXPORT_SYMBOL_GPL(__rtnl_link_unregister);
+
+@@ -976,6 +979,7 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct net_device *dev,
+ * report anything.
+ */
+ ivi.spoofchk = -1;
++ memset(ivi.mac, 0, sizeof(ivi.mac));
+ if (dev->netdev_ops->ndo_get_vf_config(dev, i, &ivi))
+ break;
+ vf_mac.vf =
diff --git a/net/core/scm.c b/net/core/scm.c
-index ab57084..0190c8f 100644
+index 905dcc6..14ee2d6 100644
--- a/net/core/scm.c
+++ b/net/core/scm.c
-@@ -223,7 +223,7 @@ EXPORT_SYMBOL(__scm_send);
+@@ -224,7 +224,7 @@ EXPORT_SYMBOL(__scm_send);
int put_cmsg(struct msghdr * msg, int level, int type, int len, void *data)
{
struct cmsghdr __user *cm
struct cmsghdr cmhdr;
int cmlen = CMSG_LEN(len);
int err;
-@@ -246,7 +246,7 @@ int put_cmsg(struct msghdr * msg, int level, int type, int len, void *data)
+@@ -247,7 +247,7 @@ int put_cmsg(struct msghdr * msg, int level, int type, int len, void *data)
err = -EFAULT;
if (copy_to_user(cm, &cmhdr, sizeof cmhdr))
goto out;
goto out;
cmlen = CMSG_SPACE(len);
if (msg->msg_controllen < cmlen)
-@@ -262,7 +262,7 @@ EXPORT_SYMBOL(put_cmsg);
+@@ -263,7 +263,7 @@ EXPORT_SYMBOL(put_cmsg);
void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm)
{
struct cmsghdr __user *cm
int fdmax = 0;
int fdnum = scm->fp->count;
-@@ -282,7 +282,7 @@ void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm)
+@@ -283,7 +283,7 @@ void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm)
if (fdnum < fdmax)
fdmax = fdnum;
{
struct socket *sock;
diff --git a/net/core/sock.c b/net/core/sock.c
-index 8a146cf..ee08914d 100644
+index bc131d4..029e378 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -388,7 +388,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
goto discard_and_relse;
}
-@@ -875,12 +875,12 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
+@@ -930,12 +930,12 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
struct timeval tm;
} v;
return -EINVAL;
memset(&v, 0, sizeof(v));
-@@ -1028,11 +1028,11 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
+@@ -1083,11 +1083,11 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
case SO_PEERNAME:
{
return -EINVAL;
if (copy_to_user(optval, address, len))
return -EFAULT;
-@@ -1080,7 +1080,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
+@@ -1146,7 +1146,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
if (len > lv)
len = lv;
return -EFAULT;
lenout:
if (put_user(len, optlen))
-@@ -2212,7 +2212,7 @@ void sock_init_data(struct socket *sock, struct sock *sk)
+@@ -2276,7 +2276,7 @@ void sock_init_data(struct socket *sock, struct sock *sk)
*/
smp_wmb();
atomic_set(&sk->sk_refcnt, 1);
EXPORT_SYMBOL(sock_init_data);
diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c
-index 602cd63..05c6c60 100644
+index 750f44f..922399c 100644
--- a/net/core/sock_diag.c
+++ b/net/core/sock_diag.c
-@@ -15,20 +15,27 @@ static DEFINE_MUTEX(sock_diag_table_mutex);
+@@ -9,26 +9,33 @@
+ #include <linux/inet_diag.h>
+ #include <linux/sock_diag.h>
+
+-static const struct sock_diag_handler *sock_diag_handlers[AF_MAX];
++static const struct sock_diag_handler *sock_diag_handlers[AF_MAX] __read_only;
+ static int (*inet_rcv_compat)(struct sk_buff *skb, struct nlmsghdr *nlh);
+ static DEFINE_MUTEX(sock_diag_table_mutex);
int sock_diag_check_cookie(void *sk, __u32 *cookie)
{
}
EXPORT_SYMBOL_GPL(sock_diag_save_cookie);
+@@ -75,8 +82,11 @@ int sock_diag_register(const struct sock_diag_handler *hndl)
+ mutex_lock(&sock_diag_table_mutex);
+ if (sock_diag_handlers[hndl->family])
+ err = -EBUSY;
+- else
++ else {
++ pax_open_kernel();
+ sock_diag_handlers[hndl->family] = hndl;
++ pax_close_kernel();
++ }
+ mutex_unlock(&sock_diag_table_mutex);
+
+ return err;
+@@ -92,26 +102,13 @@ void sock_diag_unregister(const struct sock_diag_handler *hnld)
+
+ mutex_lock(&sock_diag_table_mutex);
+ BUG_ON(sock_diag_handlers[family] != hnld);
++ pax_open_kernel();
+ sock_diag_handlers[family] = NULL;
++ pax_close_kernel();
+ mutex_unlock(&sock_diag_table_mutex);
+ }
+ EXPORT_SYMBOL_GPL(sock_diag_unregister);
+
+-static const inline struct sock_diag_handler *sock_diag_lock_handler(int family)
+-{
+- if (sock_diag_handlers[family] == NULL)
+- request_module("net-pf-%d-proto-%d-type-%d", PF_NETLINK,
+- NETLINK_SOCK_DIAG, family);
+-
+- mutex_lock(&sock_diag_table_mutex);
+- return sock_diag_handlers[family];
+-}
+-
+-static inline void sock_diag_unlock_handler(const struct sock_diag_handler *h)
+-{
+- mutex_unlock(&sock_diag_table_mutex);
+-}
+-
+ static int __sock_diag_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
+ {
+ int err;
+@@ -124,12 +121,17 @@ static int __sock_diag_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
+ if (req->sdiag_family >= AF_MAX)
+ return -EINVAL;
+
+- hndl = sock_diag_lock_handler(req->sdiag_family);
++ if (sock_diag_handlers[req->sdiag_family] == NULL)
++ request_module("net-pf-%d-proto-%d-type-%d", PF_NETLINK,
++ NETLINK_SOCK_DIAG, req->sdiag_family);
++
++ mutex_lock(&sock_diag_table_mutex);
++ hndl = sock_diag_handlers[req->sdiag_family];
+ if (hndl == NULL)
+ err = -ENOENT;
+ else
+ err = hndl->dump(skb, nlh);
+- sock_diag_unlock_handler(hndl);
++ mutex_unlock(&sock_diag_table_mutex);
+
+ return err;
+ }
+diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c
+index d1b0804..4aed0a5 100644
+--- a/net/core/sysctl_net_core.c
++++ b/net/core/sysctl_net_core.c
+@@ -26,7 +26,7 @@ static int rps_sock_flow_sysctl(ctl_table *table, int write,
+ {
+ unsigned int orig_size, size;
+ int ret, i;
+- ctl_table tmp = {
++ ctl_table_no_const tmp = {
+ .data = &size,
+ .maxlen = sizeof(size),
+ .mode = table->mode
+@@ -205,13 +205,12 @@ static struct ctl_table netns_core_table[] = {
+
+ static __net_init int sysctl_core_net_init(struct net *net)
+ {
+- struct ctl_table *tbl;
++ ctl_table_no_const *tbl = NULL;
+
+ net->core.sysctl_somaxconn = SOMAXCONN;
+
+- tbl = netns_core_table;
+ if (!net_eq(net, &init_net)) {
+- tbl = kmemdup(tbl, sizeof(netns_core_table), GFP_KERNEL);
++ tbl = kmemdup(netns_core_table, sizeof(netns_core_table), GFP_KERNEL);
+ if (tbl == NULL)
+ goto err_dup;
+
+@@ -221,16 +220,16 @@ static __net_init int sysctl_core_net_init(struct net *net)
+ if (net->user_ns != &init_user_ns) {
+ tbl[0].procname = NULL;
+ }
+- }
+-
+- net->core.sysctl_hdr = register_net_sysctl(net, "net/core", tbl);
++ net->core.sysctl_hdr = register_net_sysctl(net, "net/core", tbl);
++ } else
++ net->core.sysctl_hdr = register_net_sysctl(net, "net/core", netns_core_table);
+ if (net->core.sysctl_hdr == NULL)
+ goto err_reg;
+
+ return 0;
+
+ err_reg:
+- if (tbl != netns_core_table)
++ if (tbl)
+ kfree(tbl);
+ err_dup:
+ return -ENOMEM;
+@@ -246,7 +245,7 @@ static __net_exit void sysctl_core_net_exit(struct net *net)
+ kfree(tbl);
+ }
+
+-static __net_initdata struct pernet_operations sysctl_core_ops = {
++static __net_initconst struct pernet_operations sysctl_core_ops = {
+ .init = sysctl_core_net_init,
+ .exit = sysctl_core_net_exit,
+ };
+diff --git a/net/dcb/dcbnl.c b/net/dcb/dcbnl.c
+index 1b588e2..21291f1 100644
+--- a/net/dcb/dcbnl.c
++++ b/net/dcb/dcbnl.c
+@@ -284,6 +284,7 @@ static int dcbnl_getperm_hwaddr(struct net_device *netdev, struct nlmsghdr *nlh,
+ if (!netdev->dcbnl_ops->getpermhwaddr)
+ return -EOPNOTSUPP;
+
++ memset(perm_addr, 0, sizeof(perm_addr));
+ netdev->dcbnl_ops->getpermhwaddr(netdev, perm_addr);
+
+ return nla_put(skb, DCB_ATTR_PERM_HWADDR, sizeof(perm_addr), perm_addr);
+@@ -1042,6 +1043,7 @@ static int dcbnl_ieee_fill(struct sk_buff *skb, struct net_device *netdev)
+
+ if (ops->ieee_getets) {
+ struct ieee_ets ets;
++ memset(&ets, 0, sizeof(ets));
+ err = ops->ieee_getets(netdev, &ets);
+ if (!err &&
+ nla_put(skb, DCB_ATTR_IEEE_ETS, sizeof(ets), &ets))
+@@ -1050,6 +1052,7 @@ static int dcbnl_ieee_fill(struct sk_buff *skb, struct net_device *netdev)
+
+ if (ops->ieee_getmaxrate) {
+ struct ieee_maxrate maxrate;
++ memset(&maxrate, 0, sizeof(maxrate));
+ err = ops->ieee_getmaxrate(netdev, &maxrate);
+ if (!err) {
+ err = nla_put(skb, DCB_ATTR_IEEE_MAXRATE,
+@@ -1061,6 +1064,7 @@ static int dcbnl_ieee_fill(struct sk_buff *skb, struct net_device *netdev)
+
+ if (ops->ieee_getpfc) {
+ struct ieee_pfc pfc;
++ memset(&pfc, 0, sizeof(pfc));
+ err = ops->ieee_getpfc(netdev, &pfc);
+ if (!err &&
+ nla_put(skb, DCB_ATTR_IEEE_PFC, sizeof(pfc), &pfc))
+@@ -1094,6 +1098,7 @@ static int dcbnl_ieee_fill(struct sk_buff *skb, struct net_device *netdev)
+ /* get peer info if available */
+ if (ops->ieee_peer_getets) {
+ struct ieee_ets ets;
++ memset(&ets, 0, sizeof(ets));
+ err = ops->ieee_peer_getets(netdev, &ets);
+ if (!err &&
+ nla_put(skb, DCB_ATTR_IEEE_PEER_ETS, sizeof(ets), &ets))
+@@ -1102,6 +1107,7 @@ static int dcbnl_ieee_fill(struct sk_buff *skb, struct net_device *netdev)
+
+ if (ops->ieee_peer_getpfc) {
+ struct ieee_pfc pfc;
++ memset(&pfc, 0, sizeof(pfc));
+ err = ops->ieee_peer_getpfc(netdev, &pfc);
+ if (!err &&
+ nla_put(skb, DCB_ATTR_IEEE_PEER_PFC, sizeof(pfc), &pfc))
+@@ -1280,6 +1286,7 @@ static int dcbnl_cee_fill(struct sk_buff *skb, struct net_device *netdev)
+ /* peer info if available */
+ if (ops->cee_peer_getpg) {
+ struct cee_pg pg;
++ memset(&pg, 0, sizeof(pg));
+ err = ops->cee_peer_getpg(netdev, &pg);
+ if (!err &&
+ nla_put(skb, DCB_ATTR_CEE_PEER_PG, sizeof(pg), &pg))
+@@ -1288,6 +1295,7 @@ static int dcbnl_cee_fill(struct sk_buff *skb, struct net_device *netdev)
+
+ if (ops->cee_peer_getpfc) {
+ struct cee_pfc pfc;
++ memset(&pfc, 0, sizeof(pfc));
+ err = ops->cee_peer_getpfc(netdev, &pfc);
+ if (!err &&
+ nla_put(skb, DCB_ATTR_CEE_PEER_PFC, sizeof(pfc), &pfc))
+diff --git a/net/decnet/af_decnet.c b/net/decnet/af_decnet.c
+index 307c322..78a4c6f 100644
+--- a/net/decnet/af_decnet.c
++++ b/net/decnet/af_decnet.c
+@@ -468,6 +468,7 @@ static struct proto dn_proto = {
+ .sysctl_rmem = sysctl_decnet_rmem,
+ .max_header = DN_MAX_NSP_DATA_HEADER + 64,
+ .obj_size = sizeof(struct dn_sock),
++ .slab_flags = SLAB_USERCOPY,
+ };
+
+ static struct sock *dn_alloc_sock(struct net *net, struct socket *sock, gfp_t gfp)
diff --git a/net/decnet/sysctl_net_decnet.c b/net/decnet/sysctl_net_decnet.c
index a55eecc..dd8428c 100644
--- a/net/decnet/sysctl_net_decnet.c
return -EFAULT;
*lenp = len;
+diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
+index fcf104e..95552d4 100644
+--- a/net/ipv4/af_inet.c
++++ b/net/ipv4/af_inet.c
+@@ -1717,13 +1717,9 @@ static int __init inet_init(void)
+
+ BUILD_BUG_ON(sizeof(struct inet_skb_parm) > sizeof(dummy_skb->cb));
+
+- sysctl_local_reserved_ports = kzalloc(65536 / 8, GFP_KERNEL);
+- if (!sysctl_local_reserved_ports)
+- goto out;
+-
+ rc = proto_register(&tcp_prot, 1);
+ if (rc)
+- goto out_free_reserved_ports;
++ goto out;
+
+ rc = proto_register(&udp_prot, 1);
+ if (rc)
+@@ -1832,8 +1828,6 @@ out_unregister_udp_proto:
+ proto_unregister(&udp_prot);
+ out_unregister_tcp_proto:
+ proto_unregister(&tcp_prot);
+-out_free_reserved_ports:
+- kfree(sysctl_local_reserved_ports);
+ goto out;
+ }
+
+diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c
+index a69b4e4..dbccba5 100644
+--- a/net/ipv4/ah4.c
++++ b/net/ipv4/ah4.c
+@@ -421,7 +421,7 @@ static void ah4_err(struct sk_buff *skb, u32 info)
+ return;
+
+ if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH) {
+- atomic_inc(&flow_cache_genid);
++ atomic_inc_unchecked(&flow_cache_genid);
+ rt_genid_bump(net);
+
+ ipv4_update_pmtu(skb, net, info, 0, 0, IPPROTO_AH, 0);
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
-index 2a6abc1..c379ba7 100644
+index a8e4f26..25e5f40 100644
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
-@@ -822,9 +822,9 @@ int devinet_ioctl(struct net *net, unsigned int cmd, void __user *arg)
- if (!ifa) {
- ret = -ENOBUFS;
- ifa = inet_alloc_ifa();
-+ if (!ifa)
-+ break;
- INIT_HLIST_NODE(&ifa->hash);
-- if (!ifa)
-- break;
- if (colon)
- memcpy(ifa->ifa_label, ifr.ifr_name, IFNAMSIZ);
- else
+@@ -1763,7 +1763,7 @@ static int ipv4_doint_and_flush(ctl_table *ctl, int write,
+ #define DEVINET_SYSCTL_FLUSHING_ENTRY(attr, name) \
+ DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, ipv4_doint_and_flush)
+
+-static struct devinet_sysctl_table {
++static const struct devinet_sysctl_table {
+ struct ctl_table_header *sysctl_header;
+ struct ctl_table devinet_vars[__IPV4_DEVCONF_MAX];
+ } devinet_sysctl = {
+@@ -1881,7 +1881,7 @@ static __net_init int devinet_init_net(struct net *net)
+ int err;
+ struct ipv4_devconf *all, *dflt;
+ #ifdef CONFIG_SYSCTL
+- struct ctl_table *tbl = ctl_forward_entry;
++ ctl_table_no_const *tbl = NULL;
+ struct ctl_table_header *forw_hdr;
+ #endif
+
+@@ -1899,7 +1899,7 @@ static __net_init int devinet_init_net(struct net *net)
+ goto err_alloc_dflt;
+
+ #ifdef CONFIG_SYSCTL
+- tbl = kmemdup(tbl, sizeof(ctl_forward_entry), GFP_KERNEL);
++ tbl = kmemdup(ctl_forward_entry, sizeof(ctl_forward_entry), GFP_KERNEL);
+ if (tbl == NULL)
+ goto err_alloc_ctl;
+
+@@ -1919,7 +1919,10 @@ static __net_init int devinet_init_net(struct net *net)
+ goto err_reg_dflt;
+
+ err = -ENOMEM;
+- forw_hdr = register_net_sysctl(net, "net/ipv4", tbl);
++ if (!net_eq(net, &init_net))
++ forw_hdr = register_net_sysctl(net, "net/ipv4", tbl);
++ else
++ forw_hdr = register_net_sysctl(net, "net/ipv4", ctl_forward_entry);
+ if (forw_hdr == NULL)
+ goto err_reg_ctl;
+ net->ipv4.forw_hdr = forw_hdr;
+@@ -1935,8 +1938,7 @@ err_reg_ctl:
+ err_reg_dflt:
+ __devinet_sysctl_unregister(all);
+ err_reg_all:
+- if (tbl != ctl_forward_entry)
+- kfree(tbl);
++ kfree(tbl);
+ err_alloc_ctl:
+ #endif
+ if (dflt != &ipv4_devconf_dflt)
+diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
+index 3b4f0cd..8cb864c 100644
+--- a/net/ipv4/esp4.c
++++ b/net/ipv4/esp4.c
+@@ -503,7 +503,7 @@ static void esp4_err(struct sk_buff *skb, u32 info)
+ return;
+
+ if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH) {
+- atomic_inc(&flow_cache_genid);
++ atomic_inc_unchecked(&flow_cache_genid);
+ rt_genid_bump(net);
+
+ ipv4_update_pmtu(skb, net, info, 0, 0, IPPROTO_ESP, 0);
diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
-index 825c608..750ff29 100644
+index 5cd75e2..f57ef39 100644
--- a/net/ipv4/fib_frontend.c
+++ b/net/ipv4/fib_frontend.c
@@ -1020,12 +1020,12 @@ static int fib_inetaddr_event(struct notifier_block *this, unsigned long event,
break;
case NETDEV_DOWN:
diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c
-index 71b125c..f4c70b0 100644
+index 4797a80..2bd54e9 100644
--- a/net/ipv4/fib_semantics.c
+++ b/net/ipv4/fib_semantics.c
@@ -767,7 +767,7 @@ __be32 fib_info_update_nh_saddr(struct net *net, struct fib_nh *nh)
return nh->nh_saddr;
}
+diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c
+index d0670f0..744ac80 100644
+--- a/net/ipv4/inet_connection_sock.c
++++ b/net/ipv4/inet_connection_sock.c
+@@ -37,7 +37,7 @@ struct local_ports sysctl_local_ports __read_mostly = {
+ .range = { 32768, 61000 },
+ };
+
+-unsigned long *sysctl_local_reserved_ports;
++unsigned long sysctl_local_reserved_ports[65536 / 8 / sizeof(unsigned long)];
+ EXPORT_SYMBOL(sysctl_local_reserved_ports);
+
+ void inet_get_local_port_range(int *low, int *high)
diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c
-index 7880af9..70f92a3 100644
+index fa3ae81..0dbe6b8 100644
--- a/net/ipv4/inet_hashtables.c
+++ b/net/ipv4/inet_hashtables.c
@@ -18,12 +18,15 @@
/*
* Allocate and initialize a new local port bind bucket.
* The bindhash mutex for snum's hash chain must be held here.
-@@ -530,6 +533,8 @@ ok:
+@@ -540,6 +543,8 @@ ok:
twrefcnt += inet_twsk_bind_unhash(tw, hinfo);
spin_unlock(&head->lock);
secure_ip_id(daddr->addr.a4) :
secure_ipv6_id(daddr->addr.a6));
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
-index 8d5cc75..821fd11 100644
+index eb9d63a..31c5372 100644
--- a/net/ipv4/ip_fragment.c
+++ b/net/ipv4/ip_fragment.c
@@ -322,7 +322,7 @@ static inline int ip_frag_too_far(struct ipq *qp)
qp->rid = end;
rc = qp->q.fragments && (end - start) > max;
+@@ -789,12 +789,11 @@ static struct ctl_table ip4_frags_ctl_table[] = {
+
+ static int __net_init ip4_frags_ns_ctl_register(struct net *net)
+ {
+- struct ctl_table *table;
++ ctl_table_no_const *table = NULL;
+ struct ctl_table_header *hdr;
+
+- table = ip4_frags_ns_ctl_table;
+ if (!net_eq(net, &init_net)) {
+- table = kmemdup(table, sizeof(ip4_frags_ns_ctl_table), GFP_KERNEL);
++ table = kmemdup(ip4_frags_ns_ctl_table, sizeof(ip4_frags_ns_ctl_table), GFP_KERNEL);
+ if (table == NULL)
+ goto err_alloc;
+
+@@ -805,9 +804,10 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net)
+ /* Don't export sysctls to unprivileged users */
+ if (net->user_ns != &init_user_ns)
+ table[0].procname = NULL;
+- }
++ hdr = register_net_sysctl(net, "net/ipv4", table);
++ } else
++ hdr = register_net_sysctl(net, "net/ipv4", ip4_frags_ns_ctl_table);
+
+- hdr = register_net_sysctl(net, "net/ipv4", table);
+ if (hdr == NULL)
+ goto err_reg;
+
+@@ -815,8 +815,7 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net)
+ return 0;
+
+ err_reg:
+- if (!net_eq(net, &init_net))
+- kfree(table);
++ kfree(table);
+ err_alloc:
+ return -ENOMEM;
+ }
+diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
+index e81b1ca..6f3b5b9 100644
+--- a/net/ipv4/ip_gre.c
++++ b/net/ipv4/ip_gre.c
+@@ -124,7 +124,7 @@ static bool log_ecn_error = true;
+ module_param(log_ecn_error, bool, 0644);
+ MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN");
+
+-static struct rtnl_link_ops ipgre_link_ops __read_mostly;
++static struct rtnl_link_ops ipgre_link_ops;
+ static int ipgre_tunnel_init(struct net_device *dev);
+ static void ipgre_tunnel_setup(struct net_device *dev);
+ static int ipgre_tunnel_bind_dev(struct net_device *dev);
+@@ -1756,7 +1756,7 @@ static const struct nla_policy ipgre_policy[IFLA_GRE_MAX + 1] = {
+ [IFLA_GRE_PMTUDISC] = { .type = NLA_U8 },
+ };
+
+-static struct rtnl_link_ops ipgre_link_ops __read_mostly = {
++static struct rtnl_link_ops ipgre_link_ops = {
+ .kind = "gre",
+ .maxtype = IFLA_GRE_MAX,
+ .policy = ipgre_policy,
+@@ -1769,7 +1769,7 @@ static struct rtnl_link_ops ipgre_link_ops __read_mostly = {
+ .fill_info = ipgre_fill_info,
+ };
+
+-static struct rtnl_link_ops ipgre_tap_ops __read_mostly = {
++static struct rtnl_link_ops ipgre_tap_ops = {
+ .kind = "gretap",
+ .maxtype = IFLA_GRE_MAX,
+ .policy = ipgre_policy,
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
-index 14bbfcf..644f472 100644
+index d9c4f11..02b82db 100644
--- a/net/ipv4/ip_sockglue.c
+++ b/net/ipv4/ip_sockglue.c
-@@ -1151,7 +1151,8 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname,
+@@ -1152,7 +1152,8 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname,
len = min_t(unsigned int, len, opt->optlen);
if (put_user(len, optlen))
return -EFAULT;
return -EFAULT;
return 0;
}
-@@ -1282,7 +1283,7 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname,
+@@ -1283,7 +1284,7 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname,
if (sk->sk_type != SOCK_STREAM)
return -ENOPROTOOPT;
msg.msg_controllen = len;
msg.msg_flags = flags;
+diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c
+index c3a4233..1412161 100644
+--- a/net/ipv4/ip_vti.c
++++ b/net/ipv4/ip_vti.c
+@@ -47,7 +47,7 @@
+ #define HASH_SIZE 16
+ #define HASH(addr) (((__force u32)addr^((__force u32)addr>>4))&(HASH_SIZE-1))
+
+-static struct rtnl_link_ops vti_link_ops __read_mostly;
++static struct rtnl_link_ops vti_link_ops;
+
+ static int vti_net_id __read_mostly;
+ struct vti_net {
+@@ -886,7 +886,7 @@ static const struct nla_policy vti_policy[IFLA_VTI_MAX + 1] = {
+ [IFLA_VTI_REMOTE] = { .len = FIELD_SIZEOF(struct iphdr, daddr) },
+ };
+
+-static struct rtnl_link_ops vti_link_ops __read_mostly = {
++static struct rtnl_link_ops vti_link_ops = {
+ .kind = "vti",
+ .maxtype = IFLA_VTI_MAX,
+ .policy = vti_policy,
+diff --git a/net/ipv4/ipcomp.c b/net/ipv4/ipcomp.c
+index 9a46dae..5f793a0 100644
+--- a/net/ipv4/ipcomp.c
++++ b/net/ipv4/ipcomp.c
+@@ -48,7 +48,7 @@ static void ipcomp4_err(struct sk_buff *skb, u32 info)
+ return;
+
+ if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH) {
+- atomic_inc(&flow_cache_genid);
++ atomic_inc_unchecked(&flow_cache_genid);
+ rt_genid_bump(net);
+
+ ipv4_update_pmtu(skb, net, info, 0, 0, IPPROTO_COMP, 0);
diff --git a/net/ipv4/ipconfig.c b/net/ipv4/ipconfig.c
-index 798358b..73570b7 100644
+index a2e50ae..e152b7c 100644
--- a/net/ipv4/ipconfig.c
+++ b/net/ipv4/ipconfig.c
-@@ -321,7 +321,7 @@ static int __init ic_devinet_ioctl(unsigned int cmd, struct ifreq *arg)
+@@ -323,7 +323,7 @@ static int __init ic_devinet_ioctl(unsigned int cmd, struct ifreq *arg)
mm_segment_t oldfs = get_fs();
set_fs(get_ds());
set_fs(oldfs);
return res;
}
-@@ -332,7 +332,7 @@ static int __init ic_dev_ioctl(unsigned int cmd, struct ifreq *arg)
+@@ -334,7 +334,7 @@ static int __init ic_dev_ioctl(unsigned int cmd, struct ifreq *arg)
mm_segment_t oldfs = get_fs();
set_fs(get_ds());
set_fs(oldfs);
return res;
}
-@@ -343,7 +343,7 @@ static int __init ic_route_ioctl(unsigned int cmd, struct rtentry *arg)
+@@ -345,7 +345,7 @@ static int __init ic_route_ioctl(unsigned int cmd, struct rtentry *arg)
mm_segment_t oldfs = get_fs();
set_fs(get_ds());
set_fs(oldfs);
return res;
}
+diff --git a/net/ipv4/ipip.c b/net/ipv4/ipip.c
+index 191fc24..1b3b804 100644
+--- a/net/ipv4/ipip.c
++++ b/net/ipv4/ipip.c
+@@ -138,7 +138,7 @@ struct ipip_net {
+ static int ipip_tunnel_init(struct net_device *dev);
+ static void ipip_tunnel_setup(struct net_device *dev);
+ static void ipip_dev_free(struct net_device *dev);
+-static struct rtnl_link_ops ipip_link_ops __read_mostly;
++static struct rtnl_link_ops ipip_link_ops;
+
+ static struct rtnl_link_stats64 *ipip_get_stats64(struct net_device *dev,
+ struct rtnl_link_stats64 *tot)
+@@ -972,7 +972,7 @@ static const struct nla_policy ipip_policy[IFLA_IPTUN_MAX + 1] = {
+ [IFLA_IPTUN_PMTUDISC] = { .type = NLA_U8 },
+ };
+
+-static struct rtnl_link_ops ipip_link_ops __read_mostly = {
++static struct rtnl_link_ops ipip_link_ops = {
+ .kind = "ipip",
+ .maxtype = IFLA_IPTUN_MAX,
+ .policy = ipip_policy,
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
-index 97e61ea..cac1bbb 100644
+index 3ea4127..849297b 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -879,14 +879,14 @@ static int compat_table_info(const struct xt_table_info *info,
case ARPT_SO_GET_ENTRIES:
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
-index 170b1fd..6105b91 100644
+index 17c5e06..1b91206 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -1068,14 +1068,14 @@ static int compat_table_info(const struct xt_table_info *info,
case IPT_SO_GET_ENTRIES:
diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c
-index 8f3d054..c58d05d 100644
+index dc454cc..5bb917f 100644
--- a/net/ipv4/ping.c
+++ b/net/ipv4/ping.c
-@@ -843,7 +843,7 @@ static void ping_format_sock(struct sock *sp, struct seq_file *f,
+@@ -844,7 +844,7 @@ static void ping_format_sock(struct sock *sp, struct seq_file *f,
from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)),
0, sock_i_ino(sp),
atomic_read(&sp->sk_refcnt), sp,
static int ping_seq_show(struct seq_file *seq, void *v)
diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c
-index 73d1e4d..3af0e8f 100644
+index 6f08991..55867ad 100644
--- a/net/ipv4/raw.c
+++ b/net/ipv4/raw.c
@@ -311,7 +311,7 @@ static int raw_rcv_skb(struct sock *sk, struct sk_buff *skb)
goto out;
ret = 0;
out: return ret;
-@@ -997,7 +1001,7 @@ static void raw_sock_seq_show(struct seq_file *seq, struct sock *sp, int i)
+@@ -998,7 +1002,7 @@ static void raw_sock_seq_show(struct seq_file *seq, struct sock *sp, int i)
0, 0L, 0,
from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)),
0, sock_i_ino(sp),
static int raw_seq_show(struct seq_file *seq, void *v)
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
-index df25142..e92a82a 100644
+index a0fcc47..32e2c89 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
-@@ -2529,7 +2529,7 @@ static __net_initdata struct pernet_operations sysctl_route_ops = {
+@@ -2552,34 +2552,34 @@ static struct ctl_table ipv4_route_flush_table[] = {
+ .maxlen = sizeof(int),
+ .mode = 0200,
+ .proc_handler = ipv4_sysctl_rtcache_flush,
++ .extra1 = &init_net,
+ },
+ { },
+ };
+
+ static __net_init int sysctl_route_net_init(struct net *net)
+ {
+- struct ctl_table *tbl;
++ ctl_table_no_const *tbl = NULL;
+
+- tbl = ipv4_route_flush_table;
+ if (!net_eq(net, &init_net)) {
+- tbl = kmemdup(tbl, sizeof(ipv4_route_flush_table), GFP_KERNEL);
++ tbl = kmemdup(ipv4_route_flush_table, sizeof(ipv4_route_flush_table), GFP_KERNEL);
+ if (tbl == NULL)
+ goto err_dup;
+
+ /* Don't export sysctls to unprivileged users */
+ if (net->user_ns != &init_user_ns)
+ tbl[0].procname = NULL;
+- }
+- tbl[0].extra1 = net;
++ tbl[0].extra1 = net;
++ net->ipv4.route_hdr = register_net_sysctl(net, "net/ipv4/route", tbl);
++ } else
++ net->ipv4.route_hdr = register_net_sysctl(net, "net/ipv4/route", ipv4_route_flush_table);
+
+- net->ipv4.route_hdr = register_net_sysctl(net, "net/ipv4/route", tbl);
+ if (net->ipv4.route_hdr == NULL)
+ goto err_reg;
+ return 0;
+
+ err_reg:
+- if (tbl != ipv4_route_flush_table)
+- kfree(tbl);
++ kfree(tbl);
+ err_dup:
+ return -ENOMEM;
+ }
+@@ -2602,7 +2602,7 @@ static __net_initdata struct pernet_operations sysctl_route_ops = {
static __net_init int rt_genid_init(struct net *net)
{
get_random_bytes(&net->ipv4.dev_addr_genid,
sizeof(net->ipv4.dev_addr_genid));
return 0;
-diff --git a/net/ipv4/tcp_cong.c b/net/ipv4/tcp_cong.c
-index 1432cdb..fc582a7 100644
---- a/net/ipv4/tcp_cong.c
-+++ b/net/ipv4/tcp_cong.c
-@@ -309,6 +309,12 @@ void tcp_slow_start(struct tcp_sock *tp)
- {
- int cnt; /* increase in packets */
- unsigned int delta = 0;
-+ u32 snd_cwnd = tp->snd_cwnd;
-+
-+ if (unlikely(!snd_cwnd)) {
-+ pr_err_once("snd_cwnd is nul, please report this bug.\n");
-+ snd_cwnd = 1U;
-+ }
-
- /* RFC3465: ABC Slow start
- * Increase only after a full MSS of bytes is acked
-@@ -323,7 +329,7 @@ void tcp_slow_start(struct tcp_sock *tp)
- if (sysctl_tcp_max_ssthresh > 0 && tp->snd_cwnd > sysctl_tcp_max_ssthresh)
- cnt = sysctl_tcp_max_ssthresh >> 1; /* limited slow start */
- else
-- cnt = tp->snd_cwnd; /* exponential increase */
-+ cnt = snd_cwnd; /* exponential increase */
+diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
+index d84400b..62e066e 100644
+--- a/net/ipv4/sysctl_net_ipv4.c
++++ b/net/ipv4/sysctl_net_ipv4.c
+@@ -54,7 +54,7 @@ static int ipv4_local_port_range(ctl_table *table, int write,
+ {
+ int ret;
+ int range[2];
+- ctl_table tmp = {
++ ctl_table_no_const tmp = {
+ .data = &range,
+ .maxlen = sizeof(range),
+ .mode = table->mode,
+@@ -107,7 +107,7 @@ static int ipv4_ping_group_range(ctl_table *table, int write,
+ int ret;
+ gid_t urange[2];
+ kgid_t low, high;
+- ctl_table tmp = {
++ ctl_table_no_const tmp = {
+ .data = &urange,
+ .maxlen = sizeof(urange),
+ .mode = table->mode,
+@@ -138,7 +138,7 @@ static int proc_tcp_congestion_control(ctl_table *ctl, int write,
+ void __user *buffer, size_t *lenp, loff_t *ppos)
+ {
+ char val[TCP_CA_NAME_MAX];
+- ctl_table tbl = {
++ ctl_table_no_const tbl = {
+ .data = val,
+ .maxlen = TCP_CA_NAME_MAX,
+ };
+@@ -157,7 +157,7 @@ static int proc_tcp_available_congestion_control(ctl_table *ctl,
+ void __user *buffer, size_t *lenp,
+ loff_t *ppos)
+ {
+- ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX, };
++ ctl_table_no_const tbl = { .maxlen = TCP_CA_BUF_MAX, };
+ int ret;
- /* RFC3465: ABC
- * We MAY increase by 2 if discovered delayed ack
-@@ -333,11 +339,11 @@ void tcp_slow_start(struct tcp_sock *tp)
- tp->bytes_acked = 0;
+ tbl.data = kmalloc(tbl.maxlen, GFP_USER);
+@@ -174,7 +174,7 @@ static int proc_allowed_congestion_control(ctl_table *ctl,
+ void __user *buffer, size_t *lenp,
+ loff_t *ppos)
+ {
+- ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX };
++ ctl_table_no_const tbl = { .maxlen = TCP_CA_BUF_MAX };
+ int ret;
- tp->snd_cwnd_cnt += cnt;
-- while (tp->snd_cwnd_cnt >= tp->snd_cwnd) {
-- tp->snd_cwnd_cnt -= tp->snd_cwnd;
-+ while (tp->snd_cwnd_cnt >= snd_cwnd) {
-+ tp->snd_cwnd_cnt -= snd_cwnd;
- delta++;
+ tbl.data = kmalloc(tbl.maxlen, GFP_USER);
+@@ -200,15 +200,17 @@ static int ipv4_tcp_mem(ctl_table *ctl, int write,
+ struct mem_cgroup *memcg;
+ #endif
+
+- ctl_table tmp = {
++ ctl_table_no_const tmp = {
+ .data = &vec,
+ .maxlen = sizeof(vec),
+ .mode = ctl->mode,
+ };
+
+ if (!write) {
+- ctl->data = &net->ipv4.sysctl_tcp_mem;
+- return proc_doulongvec_minmax(ctl, write, buffer, lenp, ppos);
++ ctl_table_no_const tcp_mem = *ctl;
++
++ tcp_mem.data = &net->ipv4.sysctl_tcp_mem;
++ return proc_doulongvec_minmax(&tcp_mem, write, buffer, lenp, ppos);
}
-- tp->snd_cwnd = min(tp->snd_cwnd + delta, tp->snd_cwnd_clamp);
-+ tp->snd_cwnd = min(snd_cwnd + delta, tp->snd_cwnd_clamp);
+
+ ret = proc_doulongvec_minmax(&tmp, write, buffer, lenp, ppos);
+@@ -235,7 +237,7 @@ static int ipv4_tcp_mem(ctl_table *ctl, int write,
+ int proc_tcp_fastopen_key(ctl_table *ctl, int write, void __user *buffer,
+ size_t *lenp, loff_t *ppos)
+ {
+- ctl_table tbl = { .maxlen = (TCP_FASTOPEN_KEY_LENGTH * 2 + 10) };
++ ctl_table_no_const tbl = { .maxlen = (TCP_FASTOPEN_KEY_LENGTH * 2 + 10) };
+ struct tcp_fastopen_context *ctxt;
+ int ret;
+ u32 user_key[4]; /* 16 bytes, matching TCP_FASTOPEN_KEY_LENGTH */
+@@ -476,7 +478,7 @@ static struct ctl_table ipv4_table[] = {
+ },
+ {
+ .procname = "ip_local_reserved_ports",
+- .data = NULL, /* initialized in sysctl_ipv4_init */
++ .data = sysctl_local_reserved_ports,
+ .maxlen = 65536,
+ .mode = 0644,
+ .proc_handler = proc_do_large_bitmap,
+@@ -860,11 +862,10 @@ static struct ctl_table ipv4_net_table[] = {
+
+ static __net_init int ipv4_sysctl_init_net(struct net *net)
+ {
+- struct ctl_table *table;
++ ctl_table_no_const *table = NULL;
+
+- table = ipv4_net_table;
+ if (!net_eq(net, &init_net)) {
+- table = kmemdup(table, sizeof(ipv4_net_table), GFP_KERNEL);
++ table = kmemdup(ipv4_net_table, sizeof(ipv4_net_table), GFP_KERNEL);
+ if (table == NULL)
+ goto err_alloc;
+
+@@ -897,15 +898,17 @@ static __net_init int ipv4_sysctl_init_net(struct net *net)
+
+ tcp_init_mem(net);
+
+- net->ipv4.ipv4_hdr = register_net_sysctl(net, "net/ipv4", table);
++ if (!net_eq(net, &init_net))
++ net->ipv4.ipv4_hdr = register_net_sysctl(net, "net/ipv4", table);
++ else
++ net->ipv4.ipv4_hdr = register_net_sysctl(net, "net/ipv4", ipv4_net_table);
+ if (net->ipv4.ipv4_hdr == NULL)
+ goto err_reg;
+
+ return 0;
+
+ err_reg:
+- if (!net_eq(net, &init_net))
+- kfree(table);
++ kfree(table);
+ err_alloc:
+ return -ENOMEM;
}
- EXPORT_SYMBOL_GPL(tcp_slow_start);
+@@ -927,16 +930,6 @@ static __net_initdata struct pernet_operations ipv4_sysctl_ops = {
+ static __init int sysctl_ipv4_init(void)
+ {
+ struct ctl_table_header *hdr;
+- struct ctl_table *i;
+-
+- for (i = ipv4_table; i->procname; i++) {
+- if (strcmp(i->procname, "ip_local_reserved_ports") == 0) {
+- i->data = sysctl_local_reserved_ports;
+- break;
+- }
+- }
+- if (!i->procname)
+- return -EINVAL;
+ hdr = register_net_sysctl(&init_net, "net/ipv4", ipv4_table);
+ if (hdr == NULL)
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
-index 181fc82..cc95f8c 100644
+index ad70a96..50cb55b 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
-@@ -4704,7 +4704,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb,
+@@ -4733,7 +4733,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb,
* simplifies code)
*/
static void
struct sk_buff *head, struct sk_buff *tail,
u32 start, u32 end)
{
-@@ -5536,6 +5536,9 @@ slow_path:
- if (len < (th->doff << 2) || tcp_checksum_complete_user(sk, skb))
- goto csum_error;
-
-+ if (!th->ack)
-+ goto discard;
-+
- /*
- * Standard slow path.
- */
-@@ -5544,7 +5547,7 @@ slow_path:
- return 0;
-
- step5:
-- if (th->ack && tcp_ack(sk, skb, FLAG_SLOWPATH) < 0)
-+ if (tcp_ack(sk, skb, FLAG_SLOWPATH) < 0)
- goto discard;
-
- /* ts_recent update must be made after we are sure that the packet
-@@ -5836,6 +5839,7 @@ discard:
+@@ -5850,6 +5850,7 @@ discard:
tcp_paws_reject(&tp->rx_opt, 0))
goto discard_and_undo;
if (th->syn) {
/* We see SYN without ACK. It is attempt of
* simultaneous connect with crossed SYNs.
-@@ -5886,6 +5890,7 @@ discard:
+@@ -5900,6 +5901,7 @@ discard:
goto discard;
#endif
}
/* "fifth, if neither of the SYN or RST bits is set then
* drop the segment and return."
*/
-@@ -5930,7 +5935,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
+@@ -5944,7 +5946,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
goto discard;
if (th->syn) {
goto discard;
if (icsk->icsk_af_ops->conn_request(sk, skb) < 0)
return 1;
-@@ -5977,11 +5982,15 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
- if (tcp_check_req(sk, skb, req, NULL, true) == NULL)
- goto discard;
- }
-+
-+ if (!th->ack)
-+ goto discard;
-+
- if (!tcp_validate_incoming(sk, skb, th, 0))
- return 0;
-
- /* step 5: check the ACK field */
-- if (th->ack) {
-+ if (true) {
- int acceptable = tcp_ack(sk, skb, FLAG_SLOWPATH) > 0;
-
- switch (sk->sk_state) {
-@@ -6131,8 +6140,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
- }
- break;
- }
-- } else
-- goto discard;
-+ }
-
- /* ts_recent update must be made after we are sure that the packet
- * is in window.
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
-index bc3cb46..815ccd6 100644
+index eadb693..e8f7251 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -90,6 +90,10 @@ int sysctl_tcp_low_latency __read_mostly;
#ifdef CONFIG_TCP_MD5SIG
static int tcp_v4_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key,
__be32 daddr, __be32 saddr, const struct tcphdr *th);
-@@ -1899,6 +1903,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb)
+@@ -1895,6 +1899,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb)
return 0;
reset:
tcp_v4_send_reset(rsk, skb);
discard:
kfree_skb(skb);
-@@ -1999,12 +2006,19 @@ int tcp_v4_rcv(struct sk_buff *skb)
+@@ -1994,12 +2001,19 @@ int tcp_v4_rcv(struct sk_buff *skb)
TCP_SKB_CB(skb)->sacked = 0;
sk = __inet_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) {
NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
-@@ -2055,6 +2069,10 @@ no_tcp_socket:
+@@ -2050,6 +2064,10 @@ no_tcp_socket:
bad_packet:
TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
} else {
}
diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c
-index a7302d9..e3ec754 100644
+index f35f2df..ccb5ca6 100644
--- a/net/ipv4/tcp_minisocks.c
+++ b/net/ipv4/tcp_minisocks.c
@@ -27,6 +27,10 @@
cnt += width;
}
diff --git a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c
-index d47c1b4..b0584de 100644
+index b78aac3..e18230b 100644
--- a/net/ipv4/tcp_timer.c
+++ b/net/ipv4/tcp_timer.c
@@ -22,6 +22,10 @@
syn_set ? 0 : icsk->icsk_user_timeout, syn_set)) {
/* Has it gone just too far? */
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
-index 79c8dbe..aceb1b6 100644
+index 1f4d405..3524677 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -87,6 +87,7 @@
icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
/*
-@@ -2119,7 +2143,7 @@ static void udp4_format_sock(struct sock *sp, struct seq_file *f,
+@@ -2120,7 +2144,7 @@ static void udp4_format_sock(struct sock *sp, struct seq_file *f,
from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)),
0, sock_i_ino(sp),
atomic_read(&sp->sk_refcnt), sp,
int udp4_seq_show(struct seq_file *seq, void *v)
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
-index 0424e4e..308dd43 100644
+index 1b5d8cb..ffb0833 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
-@@ -2121,7 +2121,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg)
+@@ -2272,7 +2272,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg)
p.iph.ihl = 5;
p.iph.protocol = IPPROTO_IPV6;
p.iph.ttl = 64;
if (ops->ndo_do_ioctl) {
mm_segment_t oldfs = get_fs();
+@@ -4388,7 +4388,7 @@ int addrconf_sysctl_forward(ctl_table *ctl, int write,
+ int *valp = ctl->data;
+ int val = *valp;
+ loff_t pos = *ppos;
+- ctl_table lctl;
++ ctl_table_no_const lctl;
+ int ret;
+
+ /*
+@@ -4470,7 +4470,7 @@ int addrconf_sysctl_disable(ctl_table *ctl, int write,
+ int *valp = ctl->data;
+ int val = *valp;
+ loff_t pos = *ppos;
+- ctl_table lctl;
++ ctl_table_no_const lctl;
+ int ret;
+
+ /*
+diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
+index fff5bdd..15194fb 100644
+--- a/net/ipv6/icmp.c
++++ b/net/ipv6/icmp.c
+@@ -973,7 +973,7 @@ ctl_table ipv6_icmp_table_template[] = {
+
+ struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net)
+ {
+- struct ctl_table *table;
++ ctl_table_no_const *table;
+
+ table = kmemdup(ipv6_icmp_table_template,
+ sizeof(ipv6_icmp_table_template),
diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c
-index d5cb3c4..b3e38d0 100644
+index 131dd09..f7ed64f 100644
--- a/net/ipv6/ip6_gre.c
+++ b/net/ipv6/ip6_gre.c
-@@ -1353,7 +1353,7 @@ static void ip6gre_fb_tunnel_init(struct net_device *dev)
+@@ -73,7 +73,7 @@ struct ip6gre_net {
+ struct net_device *fb_tunnel_dev;
+ };
+
+-static struct rtnl_link_ops ip6gre_link_ops __read_mostly;
++static struct rtnl_link_ops ip6gre_link_ops;
+ static int ip6gre_tunnel_init(struct net_device *dev);
+ static void ip6gre_tunnel_setup(struct net_device *dev);
+ static void ip6gre_tunnel_link(struct ip6gre_net *ign, struct ip6_tnl *t);
+@@ -1337,7 +1337,7 @@ static void ip6gre_fb_tunnel_init(struct net_device *dev)
}
.handler = ip6gre_rcv,
.err_handler = ip6gre_err,
.flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
+@@ -1671,7 +1671,7 @@ static const struct nla_policy ip6gre_policy[IFLA_GRE_MAX + 1] = {
+ [IFLA_GRE_FLAGS] = { .type = NLA_U32 },
+ };
+
+-static struct rtnl_link_ops ip6gre_link_ops __read_mostly = {
++static struct rtnl_link_ops ip6gre_link_ops = {
+ .kind = "ip6gre",
+ .maxtype = IFLA_GRE_MAX,
+ .policy = ip6gre_policy,
+@@ -1684,7 +1684,7 @@ static struct rtnl_link_ops ip6gre_link_ops __read_mostly = {
+ .fill_info = ip6gre_fill_info,
+ };
+
+-static struct rtnl_link_ops ip6gre_tap_ops __read_mostly = {
++static struct rtnl_link_ops ip6gre_tap_ops = {
+ .kind = "ip6gretap",
+ .maxtype = IFLA_GRE_MAX,
+ .policy = ip6gre_policy,
+diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
+index a14f28b..b4b8956 100644
+--- a/net/ipv6/ip6_tunnel.c
++++ b/net/ipv6/ip6_tunnel.c
+@@ -87,7 +87,7 @@ static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2)
+
+ static int ip6_tnl_dev_init(struct net_device *dev);
+ static void ip6_tnl_dev_setup(struct net_device *dev);
+-static struct rtnl_link_ops ip6_link_ops __read_mostly;
++static struct rtnl_link_ops ip6_link_ops;
+
+ static int ip6_tnl_net_id __read_mostly;
+ struct ip6_tnl_net {
+@@ -1686,7 +1686,7 @@ static const struct nla_policy ip6_tnl_policy[IFLA_IPTUN_MAX + 1] = {
+ [IFLA_IPTUN_PROTO] = { .type = NLA_U8 },
+ };
+
+-static struct rtnl_link_ops ip6_link_ops __read_mostly = {
++static struct rtnl_link_ops ip6_link_ops = {
+ .kind = "ip6tnl",
+ .maxtype = IFLA_IPTUN_MAX,
+ .policy = ip6_tnl_policy,
diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
-index e02faed..9780f28 100644
+index d1e2e8e..51c19ae 100644
--- a/net/ipv6/ipv6_sockglue.c
+++ b/net/ipv6/ipv6_sockglue.c
-@@ -990,7 +990,7 @@ static int do_ipv6_getsockopt(struct sock *sk, int level, int optname,
+@@ -991,7 +991,7 @@ static int do_ipv6_getsockopt(struct sock *sk, int level, int optname,
if (sk->sk_type != SOCK_STREAM)
return -ENOPROTOOPT;
msg.msg_flags = flags;
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
-index d7cb045..8c0ded6 100644
+index 125a90d..2a11f36 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
-@@ -1078,14 +1078,14 @@ static int compat_table_info(const struct xt_table_info *info,
+@@ -1076,14 +1076,14 @@ static int compat_table_info(const struct xt_table_info *info,
#endif
static int get_info(struct net *net, void __user *user,
sizeof(struct ip6t_getinfo));
return -EINVAL;
}
-@@ -1122,7 +1122,7 @@ static int get_info(struct net *net, void __user *user,
+@@ -1120,7 +1120,7 @@ static int get_info(struct net *net, void __user *user,
info.size = private->size;
strcpy(info.name, name);
ret = -EFAULT;
else
ret = 0;
-@@ -1976,7 +1976,7 @@ compat_do_ip6t_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
+@@ -1974,7 +1974,7 @@ compat_do_ip6t_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
switch (cmd) {
case IP6T_SO_GET_INFO:
break;
case IP6T_SO_GET_ENTRIES:
ret = compat_get_entries(sock_net(sk), user, len);
-@@ -2023,7 +2023,7 @@ do_ip6t_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
+@@ -2021,7 +2021,7 @@ do_ip6t_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
switch (cmd) {
case IP6T_SO_GET_INFO:
break;
case IP6T_SO_GET_ENTRIES:
+diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
+index 3dacecc..2939087 100644
+--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
++++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
+@@ -87,12 +87,11 @@ static struct ctl_table nf_ct_frag6_sysctl_table[] = {
+
+ static int nf_ct_frag6_sysctl_register(struct net *net)
+ {
+- struct ctl_table *table;
++ ctl_table_no_const *table = NULL;
+ struct ctl_table_header *hdr;
+
+- table = nf_ct_frag6_sysctl_table;
+ if (!net_eq(net, &init_net)) {
+- table = kmemdup(table, sizeof(nf_ct_frag6_sysctl_table),
++ table = kmemdup(nf_ct_frag6_sysctl_table, sizeof(nf_ct_frag6_sysctl_table),
+ GFP_KERNEL);
+ if (table == NULL)
+ goto err_alloc;
+@@ -100,9 +99,9 @@ static int nf_ct_frag6_sysctl_register(struct net *net)
+ table[0].data = &net->ipv6.frags.high_thresh;
+ table[1].data = &net->ipv6.frags.low_thresh;
+ table[2].data = &net->ipv6.frags.timeout;
+- }
+-
+- hdr = register_net_sysctl(net, "net/netfilter", table);
++ hdr = register_net_sysctl(net, "net/netfilter", table);
++ } else
++ hdr = register_net_sysctl(net, "net/netfilter", nf_ct_frag6_sysctl_table);
+ if (hdr == NULL)
+ goto err_reg;
+
+@@ -110,8 +109,7 @@ static int nf_ct_frag6_sysctl_register(struct net *net)
+ return 0;
+
+ err_reg:
+- if (!net_eq(net, &init_net))
+- kfree(table);
++ kfree(table);
+ err_alloc:
+ return -ENOMEM;
+ }
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
-index d8e95c7..81422bc 100644
+index 70fa814..d70c28c 100644
--- a/net/ipv6/raw.c
+++ b/net/ipv6/raw.c
@@ -379,7 +379,7 @@ static inline int rawv6_rcv_skb(struct sock *sk, struct sk_buff *skb)
}
static int raw6_seq_show(struct seq_file *seq, void *v)
+diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c
+index e5253ec..0410257 100644
+--- a/net/ipv6/reassembly.c
++++ b/net/ipv6/reassembly.c
+@@ -604,12 +604,11 @@ static struct ctl_table ip6_frags_ctl_table[] = {
+
+ static int __net_init ip6_frags_ns_sysctl_register(struct net *net)
+ {
+- struct ctl_table *table;
++ ctl_table_no_const *table = NULL;
+ struct ctl_table_header *hdr;
+
+- table = ip6_frags_ns_ctl_table;
+ if (!net_eq(net, &init_net)) {
+- table = kmemdup(table, sizeof(ip6_frags_ns_ctl_table), GFP_KERNEL);
++ table = kmemdup(ip6_frags_ns_ctl_table, sizeof(ip6_frags_ns_ctl_table), GFP_KERNEL);
+ if (table == NULL)
+ goto err_alloc;
+
+@@ -620,9 +619,10 @@ static int __net_init ip6_frags_ns_sysctl_register(struct net *net)
+ /* Don't export sysctls to unprivileged users */
+ if (net->user_ns != &init_user_ns)
+ table[0].procname = NULL;
+- }
++ hdr = register_net_sysctl(net, "net/ipv6", table);
++ } else
++ hdr = register_net_sysctl(net, "net/ipv6", ip6_frags_ns_ctl_table);
+
+- hdr = register_net_sysctl(net, "net/ipv6", table);
+ if (hdr == NULL)
+ goto err_reg;
+
+@@ -630,8 +630,7 @@ static int __net_init ip6_frags_ns_sysctl_register(struct net *net)
+ return 0;
+
+ err_reg:
+- if (!net_eq(net, &init_net))
+- kfree(table);
++ kfree(table);
+ err_alloc:
+ return -ENOMEM;
+ }
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
-index b1e6cf0..b140ef2 100644
+index 6f9f7b6..2306d63 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
-@@ -872,7 +872,7 @@ restart:
- dst_hold(&rt->dst);
- read_unlock_bh(&table->tb6_lock);
-
-- if (!rt->n && !(rt->rt6i_flags & RTF_NONEXTHOP))
-+ if (!rt->n && !(rt->rt6i_flags & (RTF_NONEXTHOP | RTF_LOCAL)))
- nrt = rt6_alloc_cow(rt, &fl6->daddr, &fl6->saddr);
- else if (!(rt->dst.flags & DST_HOST))
- nrt = rt6_alloc_clone(rt, &fl6->daddr);
+@@ -2965,7 +2965,7 @@ ctl_table ipv6_route_table_template[] = {
+
+ struct ctl_table * __net_init ipv6_route_sysctl_init(struct net *net)
+ {
+- struct ctl_table *table;
++ ctl_table_no_const *table;
+
+ table = kmemdup(ipv6_route_table_template,
+ sizeof(ipv6_route_table_template),
+diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
+index cfba99b..20ca511 100644
+--- a/net/ipv6/sit.c
++++ b/net/ipv6/sit.c
+@@ -72,7 +72,7 @@ MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN");
+ static int ipip6_tunnel_init(struct net_device *dev);
+ static void ipip6_tunnel_setup(struct net_device *dev);
+ static void ipip6_dev_free(struct net_device *dev);
+-static struct rtnl_link_ops sit_link_ops __read_mostly;
++static struct rtnl_link_ops sit_link_ops;
+
+ static int sit_net_id __read_mostly;
+ struct sit_net {
+@@ -1463,7 +1463,7 @@ static const struct nla_policy ipip6_policy[IFLA_IPTUN_MAX + 1] = {
+ #endif
+ };
+
+-static struct rtnl_link_ops sit_link_ops __read_mostly = {
++static struct rtnl_link_ops sit_link_ops = {
+ .kind = "sit",
+ .maxtype = IFLA_IPTUN_MAX,
+ .policy = ipip6_policy,
+diff --git a/net/ipv6/sysctl_net_ipv6.c b/net/ipv6/sysctl_net_ipv6.c
+index e85c48b..b8268d3 100644
+--- a/net/ipv6/sysctl_net_ipv6.c
++++ b/net/ipv6/sysctl_net_ipv6.c
+@@ -40,7 +40,7 @@ static ctl_table ipv6_rotable[] = {
+
+ static int __net_init ipv6_sysctl_net_init(struct net *net)
+ {
+- struct ctl_table *ipv6_table;
++ ctl_table_no_const *ipv6_table;
+ struct ctl_table *ipv6_route_table;
+ struct ctl_table *ipv6_icmp_table;
+ int err;
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
-index 73f2a6b..f8049a1 100644
+index 4f435371..5de9da7 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
-@@ -106,6 +106,10 @@ static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
+@@ -103,6 +103,10 @@ static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
inet6_sk(sk)->rx_dst_cookie = rt->rt6i_node->fn_sernum;
}
static void tcp_v6_hash(struct sock *sk)
{
if (sk->sk_state != TCP_CLOSE) {
-@@ -1525,6 +1529,9 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
+@@ -1433,6 +1437,9 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
return 0;
reset:
tcp_v6_send_reset(sk, skb);
discard:
if (opt_skb)
-@@ -1606,12 +1613,20 @@ static int tcp_v6_rcv(struct sk_buff *skb)
+@@ -1514,12 +1521,20 @@ static int tcp_v6_rcv(struct sk_buff *skb)
TCP_SKB_CB(skb)->sacked = 0;
sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) {
NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
-@@ -1660,6 +1675,10 @@ no_tcp_socket:
+@@ -1568,6 +1583,10 @@ no_tcp_socket:
bad_packet:
TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
} else {
}
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
-index fc99972..69397e8 100644
+index fb08329..2d6919e 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -51,6 +51,10 @@
icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_PORT_UNREACH, 0);
kfree_skb(skb);
-@@ -1473,7 +1480,7 @@ static void udp6_sock_seq_show(struct seq_file *seq, struct sock *sp, int bucket
+@@ -1379,7 +1386,7 @@ static void udp6_sock_seq_show(struct seq_file *seq, struct sock *sp, int bucket
0,
sock_i_ino(sp),
atomic_read(&sp->sk_refcnt), sp,
int udp6_seq_show(struct seq_file *seq, void *v)
diff --git a/net/irda/ircomm/ircomm_tty.c b/net/irda/ircomm/ircomm_tty.c
-index 496ce2c..f79fac8 100644
+index a68c88c..d55b0c5 100644
--- a/net/irda/ircomm/ircomm_tty.c
+++ b/net/irda/ircomm/ircomm_tty.c
-@@ -311,12 +311,12 @@ static int ircomm_tty_block_til_ready(struct ircomm_tty_cb *self,
+@@ -312,12 +312,12 @@ static int ircomm_tty_block_til_ready(struct ircomm_tty_cb *self,
add_wait_queue(&port->open_wait, &wait);
IRDA_DEBUG(2, "%s(%d):block_til_ready before block on %s open_count=%d\n",
}
spin_unlock_irqrestore(&port->lock, flags);
port->blocked_open++;
-@@ -352,7 +352,7 @@ static int ircomm_tty_block_til_ready(struct ircomm_tty_cb *self,
+@@ -353,7 +353,7 @@ static int ircomm_tty_block_til_ready(struct ircomm_tty_cb *self,
}
IRDA_DEBUG(1, "%s(%d):block_til_ready blocking on %s open_count=%d\n",
schedule();
}
-@@ -363,13 +363,13 @@ static int ircomm_tty_block_til_ready(struct ircomm_tty_cb *self,
+@@ -364,13 +364,13 @@ static int ircomm_tty_block_til_ready(struct ircomm_tty_cb *self,
if (extra_count) {
/* ++ is not atomic, so this should be protected - Jean II */
spin_lock_irqsave(&port->lock, flags);
if (!retval)
port->flags |= ASYNC_NORMAL_ACTIVE;
-@@ -443,12 +443,12 @@ static int ircomm_tty_open(struct tty_struct *tty, struct file *filp)
+@@ -444,12 +444,12 @@ static int ircomm_tty_open(struct tty_struct *tty, struct file *filp)
/* ++ is not atomic, so this should be protected - Jean II */
spin_lock_irqsave(&self->port.lock, flags);
/* Not really used by us, but lets do it anyway */
tty->low_latency = (self->port.flags & ASYNC_LOW_LATENCY) ? 1 : 0;
-@@ -985,7 +985,7 @@ static void ircomm_tty_hangup(struct tty_struct *tty)
+@@ -986,7 +986,7 @@ static void ircomm_tty_hangup(struct tty_struct *tty)
tty_kref_put(port->tty);
}
port->tty = NULL;
spin_unlock_irqrestore(&port->lock, flags);
wake_up_interruptible(&port->open_wait);
-@@ -1342,7 +1342,7 @@ static void ircomm_tty_line_info(struct ircomm_tty_cb *self, struct seq_file *m)
+@@ -1343,7 +1343,7 @@ static void ircomm_tty_line_info(struct ircomm_tty_cb *self, struct seq_file *m)
seq_putc(m, '\n');
seq_printf(m, "Role: %s\n", self->client ? "client" : "server");
seq_printf(m, "Max data size: %d\n", self->max_data_size);
seq_printf(m, "Max header size: %d\n", self->max_header_size);
+diff --git a/net/irda/iriap.c b/net/irda/iriap.c
+index e71e85b..29340a9 100644
+--- a/net/irda/iriap.c
++++ b/net/irda/iriap.c
+@@ -495,8 +495,11 @@ static void iriap_getvaluebyclass_confirm(struct iriap_cb *self,
+ /* case CS_ISO_8859_9: */
+ /* case CS_UNICODE: */
+ default:
+- IRDA_DEBUG(0, "%s(), charset %s, not supported\n",
+- __func__, ias_charset_types[charset]);
++ IRDA_DEBUG(0, "%s(), charset [%d] %s, not supported\n",
++ __func__, charset,
++ charset < ARRAY_SIZE(ias_charset_types) ?
++ ias_charset_types[charset] :
++ "(unknown)");
+
+ /* Aborting, close connection! */
+ iriap_disconnect_request(self);
diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c
index cd6f7a9..e63fe89 100644
--- a/net/iucv/af_iucv.c
}
write_unlock_bh(&iucv_sk_list.lock);
+diff --git a/net/iucv/iucv.c b/net/iucv/iucv.c
+index df08250..02021fe 100644
+--- a/net/iucv/iucv.c
++++ b/net/iucv/iucv.c
+@@ -690,7 +690,7 @@ static int __cpuinit iucv_cpu_notify(struct notifier_block *self,
+ return NOTIFY_OK;
+ }
+
+-static struct notifier_block __refdata iucv_cpu_notifier = {
++static struct notifier_block iucv_cpu_notifier = {
+ .notifier_call = iucv_cpu_notify,
+ };
+
diff --git a/net/key/af_key.c b/net/key/af_key.c
-index 08897a3..0b812ab 100644
+index 5b426a6..970032b 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -3019,10 +3019,10 @@ static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, const struc
} while (!res);
return res;
}
+diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c
+index 716605c..044e9e1 100644
+--- a/net/l2tp/l2tp_ppp.c
++++ b/net/l2tp/l2tp_ppp.c
+@@ -355,6 +355,7 @@ static int pppol2tp_sendmsg(struct kiocb *iocb, struct socket *sock, struct msgh
+ l2tp_xmit_skb(session, skb, session->hdr_len);
+
+ sock_put(ps->tunnel_sock);
++ sock_put(sk);
+
+ return error;
+
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
-index 494da7f..6ce2ffd 100644
+index 0479c64..d031db6 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
-@@ -2604,7 +2604,7 @@ static void ieee80211_mgmt_frame_register(struct wiphy *wiphy,
+@@ -790,7 +790,7 @@ static int ieee80211_set_monitor_channel(struct wiphy *wiphy,
+ ret = ieee80211_vif_use_channel(sdata, chandef,
+ IEEE80211_CHANCTX_EXCLUSIVE);
+ }
+- } else if (local->open_count == local->monitors) {
++ } else if (local_read(&local->open_count) == local->monitors) {
+ local->_oper_channel = chandef->chan;
+ local->_oper_channel_type = cfg80211_get_chandef_type(chandef);
+ ieee80211_hw_config(local, 0);
+@@ -2716,7 +2716,7 @@ static void ieee80211_mgmt_frame_register(struct wiphy *wiphy,
else
local->probe_req_reg--;
ieee80211_queue_work(&local->hw, &local->reconfig_filter);
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
-index 493e2e8..be76574 100644
+index 2ed065c..948177f 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -28,6 +28,7 @@
#include "key.h"
#include "sta_info.h"
#include "debug.h"
-@@ -852,7 +853,7 @@ struct ieee80211_local {
+@@ -909,7 +910,7 @@ struct ieee80211_local {
/* also used to protect ampdu_ac_queue and amdpu_ac_stop_refcnt */
spinlock_t queue_stop_reason_lock;
/* number of interfaces with corresponding FIF_ flags */
int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll,
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
-index 0f5af91..4dba9e7 100644
+index 8be854e..ad72a69 100644
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
-@@ -465,7 +465,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up)
+@@ -546,7 +546,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up)
break;
}
res = drv_start(local);
if (res)
goto err_del_bss;
-@@ -508,7 +508,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up)
+@@ -591,7 +591,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up)
break;
}
res = ieee80211_add_virtual_monitor(local);
if (res)
goto err_stop;
-@@ -616,7 +616,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up)
+@@ -699,7 +699,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up)
mutex_unlock(&local->mtx);
if (coming_up)
if (hw_reconf_flags)
ieee80211_hw_config(local, hw_reconf_flags);
-@@ -630,7 +630,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up)
+@@ -713,7 +713,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up)
err_del_interface:
drv_remove_interface(local, sdata);
err_stop:
drv_stop(local);
err_del_bss:
sdata->bss = NULL;
-@@ -762,7 +762,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
+@@ -827,7 +827,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
}
if (going_down)
switch (sdata->vif.type) {
case NL80211_IFTYPE_AP_VLAN:
-@@ -818,7 +818,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
+@@ -884,7 +884,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
ieee80211_recalc_ps(local, -1);
if (local->ops->napi_poll)
napi_disable(&local->napi);
ieee80211_clear_tx_pending(local);
-@@ -850,7 +850,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
+@@ -910,7 +910,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
}
spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
}
diff --git a/net/mac80211/main.c b/net/mac80211/main.c
-index f57f597..e0a7c03 100644
+index 1b087ff..bf600e9 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
-@@ -164,7 +164,7 @@ int ieee80211_hw_config(struct ieee80211_local *local, u32 changed)
- local->hw.conf.power_level = power;
- }
+@@ -181,7 +181,7 @@ int ieee80211_hw_config(struct ieee80211_local *local, u32 changed)
+ changed &= ~(IEEE80211_CONF_CHANGE_CHANNEL |
+ IEEE80211_CONF_CHANGE_POWER);
- if (changed && local->open_count) {
+ if (changed && local_read(&local->open_count)) {
/*
* Goal:
diff --git a/net/mac80211/pm.c b/net/mac80211/pm.c
-index 5c572e7..ecf75ce 100644
+index 79a48f3..5e185c9 100644
--- a/net/mac80211/pm.c
+++ b/net/mac80211/pm.c
-@@ -34,7 +34,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan)
- struct ieee80211_sub_if_data *sdata;
+@@ -35,7 +35,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan)
struct sta_info *sta;
+ struct ieee80211_chanctx *ctx;
- if (!local->open_count)
+ if (!local_read(&local->open_count))
goto suspend;
ieee80211_scan_cancel(local);
-@@ -72,7 +72,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan)
+@@ -73,7 +73,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan)
cancel_work_sync(&local->dynamic_ps_enable_work);
del_timer_sync(&local->dynamic_ps_timer);
if (local->wowlan) {
int err = drv_suspend(local, wowlan);
if (err < 0) {
-@@ -143,7 +143,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan)
- drv_remove_interface(local, sdata);
+@@ -187,7 +187,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan)
+ mutex_unlock(&local->chanctx_mtx);
/* stop hardware - this must stop RX */
- if (local->open_count)
suspend:
diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c
-index 3313c11..bec9f17 100644
+index dd88381..eef4dd6 100644
--- a/net/mac80211/rate.c
+++ b/net/mac80211/rate.c
-@@ -494,7 +494,7 @@ int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local,
+@@ -493,7 +493,7 @@ int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local,
ASSERT_RTNL();
return p;
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
-index 0151ae3..26709d3 100644
+index f11e8c5..08d0013 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
-@@ -1332,7 +1332,7 @@ int ieee80211_reconfig(struct ieee80211_local *local)
+@@ -1380,7 +1380,7 @@ int ieee80211_reconfig(struct ieee80211_local *local)
}
#endif
/* everything else happens only if HW was up & running */
obj-$(CONFIG_NETFILTER_XT_MATCH_HASHLIMIT) += xt_hashlimit.o
obj-$(CONFIG_NETFILTER_XT_MATCH_HELPER) += xt_helper.o
obj-$(CONFIG_NETFILTER_XT_MATCH_HL) += xt_hl.o
+diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c
+index 6d6d8f2..a676749 100644
+--- a/net/netfilter/ipset/ip_set_core.c
++++ b/net/netfilter/ipset/ip_set_core.c
+@@ -1800,7 +1800,7 @@ done:
+ return ret;
+ }
+
+-static struct nf_sockopt_ops so_set __read_mostly = {
++static struct nf_sockopt_ops so_set = {
+ .pf = PF_INET,
+ .get_optmin = SO_IP_SET,
+ .get_optmax = SO_IP_SET + 1,
diff --git a/net/netfilter/ipvs/ip_vs_conn.c b/net/netfilter/ipvs/ip_vs_conn.c
-index 1548df9..98ad9b4 100644
+index 30e764a..c3b6a9d 100644
--- a/net/netfilter/ipvs/ip_vs_conn.c
+++ b/net/netfilter/ipvs/ip_vs_conn.c
-@@ -557,7 +557,7 @@ ip_vs_bind_dest(struct ip_vs_conn *cp, struct ip_vs_dest *dest)
+@@ -554,7 +554,7 @@ ip_vs_bind_dest(struct ip_vs_conn *cp, struct ip_vs_dest *dest)
/* Increase the refcnt counter of the dest */
atomic_inc(&dest->refcnt);
if (cp->protocol != IPPROTO_UDP)
conn_flags &= ~IP_VS_CONN_F_ONE_PACKET;
flags = cp->flags;
-@@ -902,7 +902,7 @@ ip_vs_conn_new(const struct ip_vs_conn_param *p,
+@@ -899,7 +899,7 @@ ip_vs_conn_new(const struct ip_vs_conn_param *p,
atomic_set(&cp->refcnt, 1);
atomic_set(&cp->n_control, 0);
atomic_inc(&ipvs->conn_count);
if (flags & IP_VS_CONN_F_NO_CPORT)
-@@ -1183,7 +1183,7 @@ static inline int todrop_entry(struct ip_vs_conn *cp)
+@@ -1180,7 +1180,7 @@ static inline int todrop_entry(struct ip_vs_conn *cp)
/* Don't drop the entry if its number of incoming packets is not
located in [0, 8] */
if (!todrop_rate[i]) return 0;
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
-index 58918e2..4d177a9 100644
+index 47edf5a..235b07d 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
-@@ -562,7 +562,7 @@ int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb,
- ret = cp->packet_xmit(skb, cp, pd->pp);
+@@ -559,7 +559,7 @@ int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb,
+ ret = cp->packet_xmit(skb, cp, pd->pp, iph);
/* do not touch skb anymore */
- atomic_inc(&cp->in_pkts);
ip_vs_conn_put(cp);
return ret;
}
-@@ -1681,7 +1681,7 @@ ip_vs_in(unsigned int hooknum, struct sk_buff *skb, int af)
+@@ -1691,7 +1691,7 @@ ip_vs_in(unsigned int hooknum, struct sk_buff *skb, int af)
if (cp->flags & IP_VS_CONN_F_ONE_PACKET)
pkts = sysctl_sync_threshold(ipvs);
else
if (ipvs->sync_state & IP_VS_STATE_MASTER)
ip_vs_sync_conn(net, cp, pkts);
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
-index c4ee437..a774a74 100644
+index ec664cb..7f34a77 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -787,7 +787,7 @@ __ip_vs_update_dest(struct ip_vs_service *svc, struct ip_vs_dest *dest,
/* bind the service */
if (!dest->svc) {
+@@ -1688,7 +1688,7 @@ proc_do_sync_ports(ctl_table *table, int write,
+ * align with netns init in ip_vs_control_net_init()
+ */
+
+-static struct ctl_table vs_vars[] = {
++static ctl_table_no_const vs_vars[] __read_only = {
+ {
+ .procname = "amemthresh",
+ .maxlen = sizeof(int),
@@ -2081,7 +2081,7 @@ static int ip_vs_info_seq_show(struct seq_file *seq, void *v)
" %-7s %-6d %-10d %-10d\n",
&dest->addr.in6,
IP_VS_CONN_F_FWD_MASK)) ||
nla_put_u32(skb, IPVS_DEST_ATTR_WEIGHT,
atomic_read(&dest->weight)) ||
+@@ -3688,7 +3688,7 @@ static int __net_init ip_vs_control_net_init_sysctl(struct net *net)
+ {
+ int idx;
+ struct netns_ipvs *ipvs = net_ipvs(net);
+- struct ctl_table *tbl;
++ ctl_table_no_const *tbl;
+
+ atomic_set(&ipvs->dropentry, 0);
+ spin_lock_init(&ipvs->dropentry_lock);
+diff --git a/net/netfilter/ipvs/ip_vs_lblc.c b/net/netfilter/ipvs/ip_vs_lblc.c
+index fdd89b9..bd96aa9 100644
+--- a/net/netfilter/ipvs/ip_vs_lblc.c
++++ b/net/netfilter/ipvs/ip_vs_lblc.c
+@@ -115,7 +115,7 @@ struct ip_vs_lblc_table {
+ * IPVS LBLC sysctl table
+ */
+ #ifdef CONFIG_SYSCTL
+-static ctl_table vs_vars_table[] = {
++static ctl_table_no_const vs_vars_table[] __read_only = {
+ {
+ .procname = "lblc_expiration",
+ .data = NULL,
+diff --git a/net/netfilter/ipvs/ip_vs_lblcr.c b/net/netfilter/ipvs/ip_vs_lblcr.c
+index c03b6a3..8ce3681 100644
+--- a/net/netfilter/ipvs/ip_vs_lblcr.c
++++ b/net/netfilter/ipvs/ip_vs_lblcr.c
+@@ -288,7 +288,7 @@ struct ip_vs_lblcr_table {
+ * IPVS LBLCR sysctl table
+ */
+
+-static ctl_table vs_vars_table[] = {
++static ctl_table_no_const vs_vars_table[] __read_only = {
+ {
+ .procname = "lblcr_expiration",
+ .data = NULL,
diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c
-index effa10c..9058928 100644
+index 44fd10c..2a163b3 100644
--- a/net/netfilter/ipvs/ip_vs_sync.c
+++ b/net/netfilter/ipvs/ip_vs_sync.c
@@ -596,7 +596,7 @@ static void ip_vs_sync_conn_v0(struct net *net, struct ip_vs_conn *cp,
cp->old_state = cp->state;
/*
diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c
-index cc4c809..50f8fe5 100644
+index ee6b7a9..f9a89f6 100644
--- a/net/netfilter/ipvs/ip_vs_xmit.c
+++ b/net/netfilter/ipvs/ip_vs_xmit.c
-@@ -1202,7 +1202,7 @@ ip_vs_icmp_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
+@@ -1210,7 +1210,7 @@ ip_vs_icmp_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
else
rc = NF_ACCEPT;
/* do not touch skb anymore */
goto out;
}
-@@ -1323,7 +1323,7 @@ ip_vs_icmp_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,
+@@ -1332,7 +1332,7 @@ ip_vs_icmp_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,
else
rc = NF_ACCEPT;
/* do not touch skb anymore */
goto out;
}
+diff --git a/net/netfilter/nf_conntrack_acct.c b/net/netfilter/nf_conntrack_acct.c
+index 7df424e..a527b02 100644
+--- a/net/netfilter/nf_conntrack_acct.c
++++ b/net/netfilter/nf_conntrack_acct.c
+@@ -60,7 +60,7 @@ static struct nf_ct_ext_type acct_extend __read_mostly = {
+ #ifdef CONFIG_SYSCTL
+ static int nf_conntrack_acct_init_sysctl(struct net *net)
+ {
+- struct ctl_table *table;
++ ctl_table_no_const *table;
+
+ table = kmemdup(acct_sysctl_table, sizeof(acct_sysctl_table),
+ GFP_KERNEL);
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
-index ec02168..f0caab6 100644
+index e4a0c4f..c263f28 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
-@@ -1533,6 +1533,10 @@ err_extend:
- #define UNCONFIRMED_NULLS_VAL ((1<<30)+0)
+@@ -1529,6 +1529,10 @@ err_extend:
#define DYING_NULLS_VAL ((1<<30)+1)
+ #define TEMPLATE_NULLS_VAL ((1<<30)+2)
+#ifdef CONFIG_GRKERNSEC_HIDESYM
+static atomic_unchecked_t conntrack_cache_id = ATOMIC_INIT(0);
static int nf_conntrack_init_net(struct net *net)
{
int ret;
-@@ -1546,7 +1550,11 @@ static int nf_conntrack_init_net(struct net *net)
+@@ -1543,7 +1547,11 @@ static int nf_conntrack_init_net(struct net *net)
goto err_stat;
}
if (!net->ct.slabname) {
ret = -ENOMEM;
goto err_slabname;
+diff --git a/net/netfilter/nf_conntrack_ecache.c b/net/netfilter/nf_conntrack_ecache.c
+index faa978f..1afb18f 100644
+--- a/net/netfilter/nf_conntrack_ecache.c
++++ b/net/netfilter/nf_conntrack_ecache.c
+@@ -186,7 +186,7 @@ static struct nf_ct_ext_type event_extend __read_mostly = {
+ #ifdef CONFIG_SYSCTL
+ static int nf_conntrack_event_init_sysctl(struct net *net)
+ {
+- struct ctl_table *table;
++ ctl_table_no_const *table;
+
+ table = kmemdup(event_sysctl_table, sizeof(event_sysctl_table),
+ GFP_KERNEL);
+diff --git a/net/netfilter/nf_conntrack_helper.c b/net/netfilter/nf_conntrack_helper.c
+index 884f2b3..d53b33a 100644
+--- a/net/netfilter/nf_conntrack_helper.c
++++ b/net/netfilter/nf_conntrack_helper.c
+@@ -55,7 +55,7 @@ static struct ctl_table helper_sysctl_table[] = {
+
+ static int nf_conntrack_helper_init_sysctl(struct net *net)
+ {
+- struct ctl_table *table;
++ ctl_table_no_const *table;
+
+ table = kmemdup(helper_sysctl_table, sizeof(helper_sysctl_table),
+ GFP_KERNEL);
+diff --git a/net/netfilter/nf_conntrack_proto.c b/net/netfilter/nf_conntrack_proto.c
+index 51e928d..72a413a 100644
+--- a/net/netfilter/nf_conntrack_proto.c
++++ b/net/netfilter/nf_conntrack_proto.c
+@@ -51,7 +51,7 @@ nf_ct_register_sysctl(struct net *net,
+
+ static void
+ nf_ct_unregister_sysctl(struct ctl_table_header **header,
+- struct ctl_table **table,
++ ctl_table_no_const **table,
+ unsigned int users)
+ {
+ if (users > 0)
+diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
+index e7185c6..4ad6c9c 100644
+--- a/net/netfilter/nf_conntrack_standalone.c
++++ b/net/netfilter/nf_conntrack_standalone.c
+@@ -470,7 +470,7 @@ static ctl_table nf_ct_netfilter_table[] = {
+
+ static int nf_conntrack_standalone_init_sysctl(struct net *net)
+ {
+- struct ctl_table *table;
++ ctl_table_no_const *table;
+
+ if (net_eq(net, &init_net)) {
+ nf_ct_netfilter_header =
+diff --git a/net/netfilter/nf_conntrack_timestamp.c b/net/netfilter/nf_conntrack_timestamp.c
+index 7ea8026..bc9512d 100644
+--- a/net/netfilter/nf_conntrack_timestamp.c
++++ b/net/netfilter/nf_conntrack_timestamp.c
+@@ -42,7 +42,7 @@ static struct nf_ct_ext_type tstamp_extend __read_mostly = {
+ #ifdef CONFIG_SYSCTL
+ static int nf_conntrack_tstamp_init_sysctl(struct net *net)
+ {
+- struct ctl_table *table;
++ ctl_table_no_const *table;
+
+ table = kmemdup(tstamp_sysctl_table, sizeof(tstamp_sysctl_table),
+ GFP_KERNEL);
+diff --git a/net/netfilter/nf_log.c b/net/netfilter/nf_log.c
+index 9e31269..bc4c1b7 100644
+--- a/net/netfilter/nf_log.c
++++ b/net/netfilter/nf_log.c
+@@ -215,7 +215,7 @@ static const struct file_operations nflog_file_ops = {
+
+ #ifdef CONFIG_SYSCTL
+ static char nf_log_sysctl_fnames[NFPROTO_NUMPROTO-NFPROTO_UNSPEC][3];
+-static struct ctl_table nf_log_sysctl_table[NFPROTO_NUMPROTO+1];
++static ctl_table_no_const nf_log_sysctl_table[NFPROTO_NUMPROTO+1] __read_only;
+ static struct ctl_table_header *nf_log_dir_header;
+
+ static int nf_log_proc_dostring(ctl_table *table, int write,
+@@ -246,14 +246,16 @@ static int nf_log_proc_dostring(ctl_table *table, int write,
+ rcu_assign_pointer(nf_loggers[tindex], logger);
+ mutex_unlock(&nf_log_mutex);
+ } else {
++ ctl_table_no_const nf_log_table = *table;
++
+ mutex_lock(&nf_log_mutex);
+ logger = rcu_dereference_protected(nf_loggers[tindex],
+ lockdep_is_held(&nf_log_mutex));
+ if (!logger)
+- table->data = "NONE";
++ nf_log_table.data = "NONE";
+ else
+- table->data = logger->name;
+- r = proc_dostring(table, write, buffer, lenp, ppos);
++ nf_log_table.data = logger->name;
++ r = proc_dostring(&nf_log_table, write, buffer, lenp, ppos);
+ mutex_unlock(&nf_log_mutex);
+ }
+
+diff --git a/net/netfilter/nf_sockopt.c b/net/netfilter/nf_sockopt.c
+index f042ae5..30ea486 100644
+--- a/net/netfilter/nf_sockopt.c
++++ b/net/netfilter/nf_sockopt.c
+@@ -45,7 +45,7 @@ int nf_register_sockopt(struct nf_sockopt_ops *reg)
+ }
+ }
+
+- list_add(®->list, &nf_sockopts);
++ pax_list_add((struct list_head *)®->list, &nf_sockopts);
+ out:
+ mutex_unlock(&nf_sockopt_mutex);
+ return ret;
+@@ -55,7 +55,7 @@ EXPORT_SYMBOL(nf_register_sockopt);
+ void nf_unregister_sockopt(struct nf_sockopt_ops *reg)
+ {
+ mutex_lock(&nf_sockopt_mutex);
+- list_del(®->list);
++ pax_list_del((struct list_head *)®->list);
+ mutex_unlock(&nf_sockopt_mutex);
+ }
+ EXPORT_SYMBOL(nf_unregister_sockopt);
diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
index 92fd8ec..3f6ea4b 100644
--- a/net/netfilter/nfnetlink_log.c
return 0;
}
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
-index 4da797f..eb1df70 100644
+index c0353d5..fcb0270 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
-@@ -782,7 +782,7 @@ static void netlink_overrun(struct sock *sk)
+@@ -785,7 +785,7 @@ static void netlink_overrun(struct sock *sk)
sk->sk_error_report(sk);
}
}
}
static struct sock *netlink_getsockbyportid(struct sock *ssk, u32 portid)
-@@ -2068,7 +2068,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v)
+@@ -2071,7 +2071,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v)
sk_wmem_alloc_get(s),
nlk->cb,
atomic_read(&s->sk_refcnt),
sock_i_ino(s)
);
+diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c
+index f2aabb6..2e5e66e 100644
+--- a/net/netlink/genetlink.c
++++ b/net/netlink/genetlink.c
+@@ -295,18 +295,20 @@ int genl_register_ops(struct genl_family *family, struct genl_ops *ops)
+ goto errout;
+ }
+
++ pax_open_kernel();
+ if (ops->dumpit)
+- ops->flags |= GENL_CMD_CAP_DUMP;
++ *(unsigned int *)&ops->flags |= GENL_CMD_CAP_DUMP;
+ if (ops->doit)
+- ops->flags |= GENL_CMD_CAP_DO;
++ *(unsigned int *)&ops->flags |= GENL_CMD_CAP_DO;
+ if (ops->policy)
+- ops->flags |= GENL_CMD_CAP_HASPOL;
++ *(unsigned int *)&ops->flags |= GENL_CMD_CAP_HASPOL;
++ pax_close_kernel();
+
+ genl_lock();
+- list_add_tail(&ops->ops_list, &family->ops_list);
++ pax_list_add_tail((struct list_head *)&ops->ops_list, &family->ops_list);
+ genl_unlock();
+
+- genl_ctrl_event(CTRL_CMD_NEWOPS, ops);
++ genl_ctrl_event(CTRL_CMD_NEWOPS, (void *)ops);
+ err = 0;
+ errout:
+ return err;
+@@ -336,9 +338,9 @@ int genl_unregister_ops(struct genl_family *family, struct genl_ops *ops)
+ genl_lock();
+ list_for_each_entry(rc, &family->ops_list, ops_list) {
+ if (rc == ops) {
+- list_del(&ops->ops_list);
++ pax_list_del((struct list_head *)&ops->ops_list);
+ genl_unlock();
+- genl_ctrl_event(CTRL_CMD_DELOPS, ops);
++ genl_ctrl_event(CTRL_CMD_DELOPS, (void *)ops);
+ return 0;
+ }
+ }
diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c
index 7261eb8..44e8ac6 100644
--- a/net/netrom/af_netrom.c
*uaddr_len = sizeof(struct sockaddr_ax25);
}
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
-index 94060ed..c9bf90e 100644
+index c111bd0..7788ff7 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -1578,7 +1578,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
spin_unlock(&sk->sk_receive_queue.lock);
drop_n_restore:
-@@ -2335,13 +2335,15 @@ static int packet_release(struct socket *sock)
-
- packet_flush_mclist(sk);
-
-- memset(&req_u, 0, sizeof(req_u));
--
-- if (po->rx_ring.pg_vec)
-+ if (po->rx_ring.pg_vec) {
-+ memset(&req_u, 0, sizeof(req_u));
- packet_set_ring(sk, &req_u, 1, 0);
-+ }
-
-- if (po->tx_ring.pg_vec)
-+ if (po->tx_ring.pg_vec) {
-+ memset(&req_u, 0, sizeof(req_u));
- packet_set_ring(sk, &req_u, 1, 1);
-+ }
-
- fanout_release(sk);
-
-@@ -2537,6 +2539,7 @@ out:
+@@ -2565,6 +2565,7 @@ out:
static int packet_recv_error(struct sock *sk, struct msghdr *msg, int len)
{
struct sock_exterr_skb *serr;
struct sk_buff *skb, *skb2;
int copied, err;
-@@ -2558,8 +2561,9 @@ static int packet_recv_error(struct sock *sk, struct msghdr *msg, int len)
+@@ -2586,8 +2587,9 @@ static int packet_recv_error(struct sock *sk, struct msghdr *msg, int len)
sock_recv_timestamp(msg, sk, skb);
serr = SKB_EXT_ERR(skb);
msg->msg_flags |= MSG_ERRQUEUE;
err = copied;
-@@ -3171,7 +3175,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
+@@ -3212,7 +3214,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
case PACKET_HDRLEN:
if (len > sizeof(int))
len = sizeof(int);
return -EFAULT;
switch (val) {
case TPACKET_V1:
-@@ -3210,7 +3214,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
+@@ -3254,7 +3256,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
len = lv;
if (put_user(len, optlen))
return -EFAULT;
}
seq_printf(seq, "%*s\n", 127 - len, "");
return 0;
+diff --git a/net/phonet/sysctl.c b/net/phonet/sysctl.c
+index d6bbbbd..61561e4 100644
+--- a/net/phonet/sysctl.c
++++ b/net/phonet/sysctl.c
+@@ -67,7 +67,7 @@ static int proc_local_port_range(ctl_table *table, int write,
+ {
+ int ret;
+ int range[2] = {local_port_range[0], local_port_range[1]};
+- ctl_table tmp = {
++ ctl_table_no_const tmp = {
+ .data = &range,
+ .maxlen = sizeof(range),
+ .mode = table->mode,
diff --git a/net/rds/cong.c b/net/rds/cong.c
index e5b65ac..f3b6fb7 100644
--- a/net/rds/cong.c
if (likely(*recent == gen))
return 0;
diff --git a/net/rds/ib.h b/net/rds/ib.h
-index 8d2b3d5..227ec5b 100644
+index 7280ab8..e04f4ea 100644
--- a/net/rds/ib.h
+++ b/net/rds/ib.h
@@ -128,7 +128,7 @@ struct rds_ib_connection {
spinlock_t i_ack_lock; /* protect i_ack_next */
u64 i_ack_next; /* next ACK to send */
diff --git a/net/rds/ib_cm.c b/net/rds/ib_cm.c
-index a1e1162..265e129 100644
+index 31b74f5..dc1fbfa 100644
--- a/net/rds/ib_cm.c
+++ b/net/rds/ib_cm.c
-@@ -718,7 +718,7 @@ void rds_ib_conn_shutdown(struct rds_connection *conn)
+@@ -717,7 +717,7 @@ void rds_ib_conn_shutdown(struct rds_connection *conn)
/* Clear the ACK state */
clear_bit(IB_ACK_IN_FLIGHT, &ic->i_ack_flags);
#ifdef KERNEL_HAS_ATOMIC64
ic->i_ack_next = 0;
#endif
diff --git a/net/rds/ib_recv.c b/net/rds/ib_recv.c
-index 8d19491..05a3e65 100644
+index 8eb9501..0c386ff 100644
--- a/net/rds/ib_recv.c
+++ b/net/rds/ib_recv.c
-@@ -592,7 +592,7 @@ static u64 rds_ib_get_ack(struct rds_ib_connection *ic)
+@@ -597,7 +597,7 @@ static u64 rds_ib_get_ack(struct rds_ib_connection *ic)
static void rds_ib_set_ack(struct rds_ib_connection *ic, u64 seq,
int ack_required)
{
if (ack_required) {
smp_mb__before_clear_bit();
set_bit(IB_ACK_REQUESTED, &ic->i_ack_flags);
-@@ -604,7 +604,7 @@ static u64 rds_ib_get_ack(struct rds_ib_connection *ic)
+@@ -609,7 +609,7 @@ static u64 rds_ib_get_ack(struct rds_ib_connection *ic)
clear_bit(IB_ACK_REQUESTED, &ic->i_ack_flags);
smp_mb__after_clear_bit();
}
#endif
+diff --git a/net/rds/message.c b/net/rds/message.c
+index f0a4658..aff589c 100644
+--- a/net/rds/message.c
++++ b/net/rds/message.c
+@@ -197,6 +197,9 @@ struct rds_message *rds_message_alloc(unsigned int extra_len, gfp_t gfp)
+ {
+ struct rds_message *rm;
+
++ if (extra_len > KMALLOC_MAX_SIZE - sizeof(struct rds_message))
++ return NULL;
++
+ rm = kzalloc(sizeof(struct rds_message) + extra_len, gfp);
+ if (!rm)
+ goto out;
+diff --git a/net/rds/rds.h b/net/rds/rds.h
+index ec1d731..90a3a8d 100644
+--- a/net/rds/rds.h
++++ b/net/rds/rds.h
+@@ -449,7 +449,7 @@ struct rds_transport {
+ void (*sync_mr)(void *trans_private, int direction);
+ void (*free_mr)(void *trans_private, int invalidate);
+ void (*flush_mrs)(void);
+-};
++} __do_const;
+
+ struct rds_sock {
+ struct sock rs_sk;
diff --git a/net/rds/tcp.c b/net/rds/tcp.c
index edac9ef..16bcb98 100644
--- a/net/rds/tcp.c
_proto("Tx RESPONSE %%%u", ntohl(hdr->serial));
ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 3, len);
-diff --git a/net/sctp/auth.c b/net/sctp/auth.c
-index 159b9bc..d8420ae 100644
---- a/net/sctp/auth.c
-+++ b/net/sctp/auth.c
-@@ -71,7 +71,7 @@ void sctp_auth_key_put(struct sctp_auth_bytes *key)
- return;
-
- if (atomic_dec_and_test(&key->refcnt)) {
-- kfree(key);
-+ kzfree(key);
- SCTP_DBG_OBJCNT_DEC(keys);
- }
- }
-diff --git a/net/sctp/endpointola.c b/net/sctp/endpointola.c
-index 1859e2b..80a7264 100644
---- a/net/sctp/endpointola.c
-+++ b/net/sctp/endpointola.c
-@@ -249,6 +249,8 @@ void sctp_endpoint_free(struct sctp_endpoint *ep)
- /* Final destructor for endpoint. */
- static void sctp_endpoint_destroy(struct sctp_endpoint *ep)
- {
-+ int i;
-+
- SCTP_ASSERT(ep->base.dead, "Endpoint is not dead", return);
-
- /* Free up the HMAC transform. */
-@@ -271,6 +273,9 @@ static void sctp_endpoint_destroy(struct sctp_endpoint *ep)
- sctp_inq_free(&ep->base.inqueue);
- sctp_bind_addr_free(&ep->base.bind_addr);
-
-+ for (i = 0; i < SCTP_HOW_MANY_SECRETS; ++i)
-+ memset(&ep->secret_key[i], 0, SCTP_SECRET_SIZE);
-+
- /* Remove and free the port */
- if (sctp_sk(ep->base.sk)->bind_hash)
- sctp_put_port(ep->base.sk);
diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
-index ea14cb4..834e8e4 100644
+index 391a245..296b3d7 100644
--- a/net/sctp/ipv6.c
+++ b/net/sctp/ipv6.c
-@@ -1037,7 +1037,7 @@ void sctp_v6_pf_init(void)
+@@ -981,7 +981,7 @@ static const struct inet6_protocol sctpv6_protocol = {
+ .flags = INET6_PROTO_NOPOLICY | INET6_PROTO_FINAL,
+ };
+
+-static struct sctp_af sctp_af_inet6 = {
++static struct sctp_af sctp_af_inet6 __read_only = {
+ .sa_family = AF_INET6,
+ .sctp_xmit = sctp_v6_xmit,
+ .setsockopt = ipv6_setsockopt,
+@@ -1013,7 +1013,7 @@ static struct sctp_af sctp_af_inet6 = {
+ #endif
+ };
+
+-static struct sctp_pf sctp_pf_inet6 = {
++static struct sctp_pf sctp_pf_inet6 __read_only = {
+ .event_msgname = sctp_inet6_event_msgname,
+ .skb_msgname = sctp_inet6_skb_msgname,
+ .af_supported = sctp_inet6_af_supported,
+@@ -1038,7 +1038,7 @@ void sctp_v6_pf_init(void)
void sctp_v6_pf_exit(void)
{
- list_del(&sctp_af_inet6.list);
-+ pax_list_del((struct list_head *)&sctp_af_inet6.list);
++ pax_list_del(&sctp_af_inet6.list);
}
/* Initialize IPv6 support and register with socket layer. */
diff --git a/net/sctp/proc.c b/net/sctp/proc.c
-index 9966e7b..540c575 100644
+index 8c19e97..16264b8 100644
--- a/net/sctp/proc.c
+++ b/net/sctp/proc.c
-@@ -328,7 +328,8 @@ static int sctp_assocs_seq_show(struct seq_file *seq, void *v)
+@@ -338,7 +338,8 @@ static int sctp_assocs_seq_show(struct seq_file *seq, void *v)
seq_printf(seq,
"%8pK %8pK %-3d %-3d %-2d %-4d "
"%4d %8d %8d %7d %5lu %-5d %5d ",
assoc->assoc_id,
assoc->sndbuf_used,
diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c
-index 2d51842..150ba5c 100644
+index f898b1c..a2d0fe8 100644
--- a/net/sctp/protocol.c
+++ b/net/sctp/protocol.c
@@ -834,8 +834,10 @@ int sctp_register_af(struct sctp_af *af)
return 0;
}
-- INIT_LIST_HEAD(&af->list);
-- list_add_tail(&af->list, &sctp_address_families);
+ pax_open_kernel();
-+ INIT_LIST_HEAD((struct list_head *)&af->list);
+ INIT_LIST_HEAD(&af->list);
+- list_add_tail(&af->list, &sctp_address_families);
+ pax_close_kernel();
-+ pax_list_add_tail((struct list_head *)&af->list, &sctp_address_families);
++ pax_list_add_tail(&af->list, &sctp_address_families);
return 1;
}
+@@ -966,7 +968,7 @@ static inline int sctp_v4_xmit(struct sk_buff *skb,
+
+ static struct sctp_af sctp_af_inet;
+
+-static struct sctp_pf sctp_pf_inet = {
++static struct sctp_pf sctp_pf_inet __read_only = {
+ .event_msgname = sctp_inet_event_msgname,
+ .skb_msgname = sctp_inet_skb_msgname,
+ .af_supported = sctp_inet_af_supported,
+@@ -1037,7 +1039,7 @@ static const struct net_protocol sctp_protocol = {
+ };
+
+ /* IPv4 address related functions. */
+-static struct sctp_af sctp_af_inet = {
++static struct sctp_af sctp_af_inet __read_only = {
+ .sa_family = AF_INET,
+ .sctp_xmit = sctp_v4_xmit,
+ .setsockopt = ip_setsockopt,
@@ -1122,7 +1124,7 @@ static void sctp_v4_pf_init(void)
static void sctp_v4_pf_exit(void)
{
- list_del(&sctp_af_inet.list);
-+ pax_list_del((struct list_head *)&sctp_af_inet.list);
++ pax_list_del(&sctp_af_inet.list);
}
static int sctp_v4_protosw_init(void)
+diff --git a/net/sctp/sm_sideeffect.c b/net/sctp/sm_sideeffect.c
+index c957775..6d4593a 100644
+--- a/net/sctp/sm_sideeffect.c
++++ b/net/sctp/sm_sideeffect.c
+@@ -447,7 +447,7 @@ static void sctp_generate_sack_event(unsigned long data)
+ sctp_generate_timeout_event(asoc, SCTP_EVENT_TIMEOUT_SACK);
+ }
+
+-sctp_timer_event_t *sctp_timer_events[SCTP_NUM_TIMEOUT_TYPES] = {
++sctp_timer_event_t * const sctp_timer_events[SCTP_NUM_TIMEOUT_TYPES] = {
+ NULL,
+ sctp_generate_t1_cookie_event,
+ sctp_generate_t1_init_event,
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
-index 406d957..0a6ae623 100644
+index cedd9bf..d577d71 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
-@@ -3388,7 +3388,7 @@ static int sctp_setsockopt_auth_key(struct sock *sk,
-
- ret = sctp_auth_set_key(sctp_sk(sk)->ep, asoc, authkey);
- out:
-- kfree(authkey);
-+ kzfree(authkey);
- return ret;
- }
-
-@@ -4661,6 +4661,8 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len,
+@@ -4665,6 +4665,8 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len,
addrlen = sctp_get_af_specific(temp.sa.sa_family)->sockaddr_len;
if (space_left < addrlen)
return -ENOMEM;
if (copy_to_user(to, &temp, addrlen))
return -EFAULT;
to += addrlen;
+@@ -5653,6 +5655,9 @@ static int sctp_getsockopt_assoc_stats(struct sock *sk, int len,
+ if (len < sizeof(sctp_assoc_t))
+ return -EINVAL;
+
++ /* Allow the struct to grow and fill in as much as possible */
++ len = min_t(size_t, len, sizeof(sas));
++
+ if (copy_from_user(&sas, optval, len))
+ return -EFAULT;
+
+@@ -5686,9 +5691,6 @@ static int sctp_getsockopt_assoc_stats(struct sock *sk, int len,
+ /* Mark beginning of a new observation period */
+ asoc->stats.max_obs_rto = asoc->rto_min;
+
+- /* Allow the struct to grow and fill in as much as possible */
+- len = min_t(size_t, len, sizeof(sas));
+-
+ if (put_user(len, optlen))
+ return -EFAULT;
+
+diff --git a/net/sctp/ssnmap.c b/net/sctp/ssnmap.c
+index 442ad4e..825ea94 100644
+--- a/net/sctp/ssnmap.c
++++ b/net/sctp/ssnmap.c
+@@ -41,8 +41,6 @@
+ #include <net/sctp/sctp.h>
+ #include <net/sctp/sm.h>
+
+-#define MAX_KMALLOC_SIZE 131072
+-
+ static struct sctp_ssnmap *sctp_ssnmap_init(struct sctp_ssnmap *map, __u16 in,
+ __u16 out);
+
+@@ -65,7 +63,7 @@ struct sctp_ssnmap *sctp_ssnmap_new(__u16 in, __u16 out,
+ int size;
+
+ size = sctp_ssnmap_size(in, out);
+- if (size <= MAX_KMALLOC_SIZE)
++ if (size <= KMALLOC_MAX_SIZE)
+ retval = kmalloc(size, gfp);
+ else
+ retval = (struct sctp_ssnmap *)
+@@ -82,7 +80,7 @@ struct sctp_ssnmap *sctp_ssnmap_new(__u16 in, __u16 out,
+ return retval;
+
+ fail_map:
+- if (size <= MAX_KMALLOC_SIZE)
++ if (size <= KMALLOC_MAX_SIZE)
+ kfree(retval);
+ else
+ free_pages((unsigned long)retval, get_order(size));
+@@ -124,7 +122,7 @@ void sctp_ssnmap_free(struct sctp_ssnmap *map)
+ int size;
+
+ size = sctp_ssnmap_size(map->in.len, map->out.len);
+- if (size <= MAX_KMALLOC_SIZE)
++ if (size <= KMALLOC_MAX_SIZE)
+ kfree(map);
+ else
+ free_pages((unsigned long)map, get_order(size));
+diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c
+index bf3c6e8..376d8d0 100644
+--- a/net/sctp/sysctl.c
++++ b/net/sctp/sysctl.c
+@@ -307,7 +307,7 @@ static int proc_sctp_do_hmac_alg(ctl_table *ctl,
+ {
+ struct net *net = current->nsproxy->net_ns;
+ char tmp[8];
+- ctl_table tbl;
++ ctl_table_no_const tbl;
+ int ret;
+ int changed = 0;
+ char *none = "none";
+@@ -350,7 +350,7 @@ static int proc_sctp_do_hmac_alg(ctl_table *ctl,
+
+ int sctp_sysctl_net_register(struct net *net)
+ {
+- struct ctl_table *table;
++ ctl_table_no_const *table;
+ int i;
+
+ table = kmemdup(sctp_net_table, sizeof(sctp_net_table), GFP_KERNEL);
diff --git a/net/socket.c b/net/socket.c
-index d92c490..b4bc863 100644
+index 2ca51c7..45d0b31 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -89,6 +89,7 @@
static struct file_system_type sock_fs_type = {
.name = "sockfs",
-@@ -1276,6 +1279,8 @@ int __sock_create(struct net *net, int family, int type, int protocol,
+@@ -1270,6 +1273,8 @@ int __sock_create(struct net *net, int family, int type, int protocol,
return -EAFNOSUPPORT;
if (type < 0 || type >= SOCK_MAX)
return -EINVAL;
/* Compatibility.
-@@ -1407,6 +1412,16 @@ SYSCALL_DEFINE3(socket, int, family, int, type, int, protocol)
+@@ -1401,6 +1406,16 @@ SYSCALL_DEFINE3(socket, int, family, int, type, int, protocol)
if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
retval = sock_create(family, type, protocol, &sock);
if (retval < 0)
goto out;
-@@ -1534,6 +1549,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen)
+@@ -1528,6 +1543,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen)
if (sock) {
err = move_addr_to_kernel(umyaddr, addrlen, &address);
if (err >= 0) {
err = security_socket_bind(sock,
(struct sockaddr *)&address,
addrlen);
-@@ -1542,6 +1565,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen)
+@@ -1536,6 +1559,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen)
(struct sockaddr *)
&address, addrlen);
}
fput_light(sock->file, fput_needed);
}
return err;
-@@ -1565,10 +1589,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, backlog)
+@@ -1559,10 +1583,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, backlog)
if ((unsigned int)backlog > somaxconn)
backlog = somaxconn;
fput_light(sock->file, fput_needed);
}
return err;
-@@ -1612,6 +1646,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr,
+@@ -1606,6 +1640,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr,
newsock->type = sock->type;
newsock->ops = sock->ops;
/*
* We don't need try_module_get here, as the listening socket (sock)
* has the protocol module (sock->ops->owner) held.
-@@ -1657,6 +1703,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr,
+@@ -1651,6 +1697,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr,
fd_install(newfd, newfile);
err = newfd;
out_put:
fput_light(sock->file, fput_needed);
out:
-@@ -1689,6 +1737,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr,
+@@ -1683,6 +1731,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr,
int, addrlen)
{
struct socket *sock;
struct sockaddr_storage address;
int err, fput_needed;
-@@ -1699,6 +1748,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr,
+@@ -1693,6 +1742,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr,
if (err < 0)
goto out_put;
err =
security_socket_connect(sock, (struct sockaddr *)&address, addrlen);
if (err)
-@@ -2053,7 +2113,7 @@ static int __sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
+@@ -2047,7 +2107,7 @@ static int __sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
* checking falls down on this.
*/
if (copy_from_user(ctl_buf,
ctl_len))
goto out_freectl;
msg_sys->msg_control = ctl_buf;
-@@ -2221,7 +2281,7 @@ static int __sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
+@@ -2215,7 +2275,7 @@ static int __sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
* kernel msghdr to use the kernel address space)
*/
uaddr_len = COMPAT_NAMELEN(msg);
if (MSG_CMSG_COMPAT & flags) {
err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE);
-@@ -2844,7 +2904,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
+@@ -2838,7 +2898,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
}
ifr = compat_alloc_user_space(buf_size);
if (copy_in_user(&ifr->ifr_name, &ifr32->ifr_name, IFNAMSIZ))
return -EFAULT;
-@@ -2868,12 +2928,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
+@@ -2862,12 +2922,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
offsetof(struct ethtool_rxnfc, fs.ring_cookie));
if (copy_in_user(rxnfc, compat_rxnfc,
copy_in_user(&rxnfc->rule_cnt, &compat_rxnfc->rule_cnt,
sizeof(rxnfc->rule_cnt)))
return -EFAULT;
-@@ -2885,12 +2945,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
+@@ -2879,12 +2939,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
if (convert_out) {
if (copy_in_user(compat_rxnfc, rxnfc,
copy_in_user(&compat_rxnfc->rule_cnt, &rxnfc->rule_cnt,
sizeof(rxnfc->rule_cnt)))
return -EFAULT;
-@@ -2960,7 +3020,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd,
+@@ -2954,7 +3014,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd,
old_fs = get_fs();
set_fs(KERNEL_DS);
err = dev_ioctl(net, cmd,
set_fs(old_fs);
return err;
-@@ -3069,7 +3129,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
+@@ -3063,7 +3123,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
old_fs = get_fs();
set_fs(KERNEL_DS);
set_fs(old_fs);
if (cmd == SIOCGIFMAP && !err) {
-@@ -3174,7 +3234,7 @@ static int routing_ioctl(struct net *net, struct socket *sock,
+@@ -3168,7 +3228,7 @@ static int routing_ioctl(struct net *net, struct socket *sock,
ret |= __get_user(rtdev, &(ur4->rt_dev));
if (rtdev) {
ret |= copy_from_user(devname, compat_ptr(rtdev), 15);
devname[15] = 0;
} else
r4.rt_dev = NULL;
-@@ -3400,8 +3460,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname,
+@@ -3394,8 +3454,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname,
int __user *uoptlen;
int err;
set_fs(KERNEL_DS);
if (level == SOL_SOCKET)
-@@ -3421,7 +3481,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname,
+@@ -3415,7 +3475,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname,
char __user *uoptval;
int err;
set_fs(KERNEL_DS);
if (level == SOL_SOCKET)
+diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c
+index 507b5e8..049e64a 100644
+--- a/net/sunrpc/clnt.c
++++ b/net/sunrpc/clnt.c
+@@ -1272,7 +1272,9 @@ call_start(struct rpc_task *task)
+ (RPC_IS_ASYNC(task) ? "async" : "sync"));
+
+ /* Increment call count */
+- task->tk_msg.rpc_proc->p_count++;
++ pax_open_kernel();
++ (*(unsigned int *)&task->tk_msg.rpc_proc->p_count)++;
++ pax_close_kernel();
+ clnt->cl_stats->rpccnt++;
+ task->tk_action = call_reserve;
+ }
diff --git a/net/sunrpc/sched.c b/net/sunrpc/sched.c
-index 7865b44..174662e 100644
+index fb20f25..e3ba316 100644
--- a/net/sunrpc/sched.c
+++ b/net/sunrpc/sched.c
-@@ -240,9 +240,9 @@ static int rpc_wait_bit_killable(void *word)
+@@ -259,9 +259,9 @@ static int rpc_wait_bit_killable(void *word)
#ifdef RPC_DEBUG
static void rpc_task_set_debuginfo(struct rpc_task *task)
{
}
#else
static inline void rpc_task_set_debuginfo(struct rpc_task *task)
+diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c
+index 2d34b6b..e2d584d 100644
+--- a/net/sunrpc/svc.c
++++ b/net/sunrpc/svc.c
+@@ -1156,7 +1156,9 @@ svc_process_common(struct svc_rqst *rqstp, struct kvec *argv, struct kvec *resv)
+ svc_putnl(resv, RPC_SUCCESS);
+
+ /* Bump per-procedure stats counter */
+- procp->pc_count++;
++ pax_open_kernel();
++ (*(unsigned int *)&procp->pc_count)++;
++ pax_close_kernel();
+
+ /* Initialize storage for argp and resp */
+ memset(rqstp->rq_argp, 0, procp->pc_argsize);
diff --git a/net/sunrpc/xprtrdma/svc_rdma.c b/net/sunrpc/xprtrdma/svc_rdma.c
index 8343737..677025e 100644
--- a/net/sunrpc/xprtrdma/svc_rdma.c
.proc_handler = read_reset_stat,
},
diff --git a/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c b/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c
-index 41cb63b..c4a1489 100644
+index 0ce7552..d074459 100644
--- a/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c
+++ b/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c
@@ -501,7 +501,7 @@ next_sge:
/* Build up the XDR from the receive buffers. */
rdma_build_arg_xdr(rqstp, ctxt, ctxt->byte_len);
diff --git a/net/sunrpc/xprtrdma/svc_rdma_sendto.c b/net/sunrpc/xprtrdma/svc_rdma_sendto.c
-index 42eb7ba..c887c45 100644
+index c1d124d..acfc59e 100644
--- a/net/sunrpc/xprtrdma/svc_rdma_sendto.c
+++ b/net/sunrpc/xprtrdma/svc_rdma_sendto.c
@@ -362,7 +362,7 @@ static int send_write(struct svcxprt_rdma *xprt, struct svc_rqst *rqstp,
/* See if we can opportunistically reap SQ WR to make room */
sq_cq_reap(xprt);
diff --git a/net/sysctl_net.c b/net/sysctl_net.c
-index e3a6e37..be2ea77 100644
+index 9bc6db0..47ac8c0 100644
--- a/net/sysctl_net.c
+++ b/net/sysctl_net.c
-@@ -43,7 +43,7 @@ static int net_ctl_permissions(struct ctl_table_root *root,
- struct ctl_table *table)
- {
+@@ -46,7 +46,7 @@ static int net_ctl_permissions(struct ctl_table_header *head,
+ kgid_t root_gid = make_kgid(net->user_ns, 0);
+
/* Allow network administrator to have same access as root. */
-- if (capable(CAP_NET_ADMIN)) {
-+ if (capable_nolog(CAP_NET_ADMIN)) {
+- if (ns_capable(net->user_ns, CAP_NET_ADMIN) ||
++ if (ns_capable_nolog(net->user_ns, CAP_NET_ADMIN) ||
+ uid_eq(root_uid, current_uid())) {
int mode = (table->mode >> 6) & 7;
return (mode << 6) | (mode << 3) | mode;
- }
diff --git a/net/tipc/link.c b/net/tipc/link.c
-index a79c755..eca357d 100644
+index daa6080..02d357f 100644
--- a/net/tipc/link.c
+++ b/net/tipc/link.c
-@@ -1169,7 +1169,7 @@ static int link_send_sections_long(struct tipc_port *sender,
+@@ -1201,7 +1201,7 @@ static int link_send_sections_long(struct tipc_port *sender,
struct tipc_msg fragm_hdr;
struct sk_buff *buf, *buf_chain, *prev;
u32 fragm_crs, fragm_rest, hsz, sect_rest;
int curr_sect;
u32 fragm_no;
-@@ -1210,7 +1210,7 @@ again:
+@@ -1242,7 +1242,7 @@ again:
if (!sect_rest) {
sect_rest = msg_sect[++curr_sect].iov_len;
}
if (sect_rest < fragm_rest)
-@@ -1229,7 +1229,7 @@ error:
+@@ -1261,7 +1261,7 @@ error:
}
} else
skb_copy_to_linear_data_offset(buf, fragm_crs,
pos += msg_sect[cnt].iov_len;
}
diff --git a/net/tipc/subscr.c b/net/tipc/subscr.c
-index 0f7d0d0..00f89bf 100644
+index 6b42d47..2ac24d5 100644
--- a/net/tipc/subscr.c
+++ b/net/tipc/subscr.c
@@ -96,7 +96,7 @@ static void subscr_send_event(struct tipc_subscription *sub,
sub->evt.event = htohl(event, sub->swap);
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
-index 5b5c876..3127bf7 100644
+index 5b5c876..6713b81 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -786,6 +786,12 @@ static struct sock *unix_find_other(struct net *net,
done_path_create(&path, dentry);
return err;
}
+@@ -2326,9 +2345,13 @@ static int unix_seq_show(struct seq_file *seq, void *v)
+ seq_puts(seq, "Num RefCount Protocol Flags Type St "
+ "Inode Path\n");
+ else {
+- struct sock *s = v;
++ struct sock *s = v, *peer;
+ struct unix_sock *u = unix_sk(s);
+ unix_state_lock(s);
++ peer = unix_peer(s);
++ unix_state_unlock(s);
++
++ unix_state_double_lock(s, peer);
+
+ seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu",
+ s,
+@@ -2355,8 +2378,10 @@ static int unix_seq_show(struct seq_file *seq, void *v)
+ }
+ for ( ; i < len; i++)
+ seq_putc(seq, u->addr->name->sun_path[i]);
+- }
+- unix_state_unlock(s);
++ } else if (peer)
++ seq_printf(seq, " P%lu", sock_i_ino(peer));
++
++ unix_state_double_unlock(s, peer);
+ seq_putc(seq, '\n');
+ }
+
+diff --git a/net/unix/sysctl_net_unix.c b/net/unix/sysctl_net_unix.c
+index 8800604..0526440 100644
+--- a/net/unix/sysctl_net_unix.c
++++ b/net/unix/sysctl_net_unix.c
+@@ -28,7 +28,7 @@ static ctl_table unix_table[] = {
+
+ int __net_init unix_sysctl_register(struct net *net)
+ {
+- struct ctl_table *table;
++ ctl_table_no_const *table;
+
+ table = kmemdup(unix_table, sizeof(unix_table), GFP_KERNEL);
+ if (table == NULL)
diff --git a/net/wireless/wext-core.c b/net/wireless/wext-core.c
index c8717c1..08539f5 100644
--- a/net/wireless/wext-core.c
iwp->length += essid_compat;
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
-index 41eabc4..8d4e6d6 100644
+index 07c5857..fde4018 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -317,7 +317,7 @@ static void xfrm_policy_kill(struct xfrm_policy *policy)
return 0;
mtu = dst_mtu(dst->child);
-@@ -2896,7 +2896,7 @@ static int xfrm_policy_migrate(struct xfrm_policy *pol,
+@@ -2457,8 +2457,11 @@ int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo)
+ dst_ops->link_failure = xfrm_link_failure;
+ if (likely(dst_ops->neigh_lookup == NULL))
+ dst_ops->neigh_lookup = xfrm_neigh_lookup;
+- if (likely(afinfo->garbage_collect == NULL))
+- afinfo->garbage_collect = xfrm_garbage_collect_deferred;
++ if (likely(afinfo->garbage_collect == NULL)) {
++ pax_open_kernel();
++ *(void **)&afinfo->garbage_collect = xfrm_garbage_collect_deferred;
++ pax_close_kernel();
++ }
+ rcu_assign_pointer(xfrm_policy_afinfo[afinfo->family], afinfo);
+ }
+ spin_unlock(&xfrm_policy_afinfo_lock);
+@@ -2512,7 +2515,9 @@ int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo)
+ dst_ops->check = NULL;
+ dst_ops->negative_advice = NULL;
+ dst_ops->link_failure = NULL;
+- afinfo->garbage_collect = NULL;
++ pax_open_kernel();
++ *(void **)&afinfo->garbage_collect = NULL;
++ pax_close_kernel();
+ }
+ return err;
+ }
+@@ -2896,7 +2901,7 @@ static int xfrm_policy_migrate(struct xfrm_policy *pol,
sizeof(pol->xfrm_vec[i].saddr));
pol->xfrm_vec[i].encap_family = mp->new_family;
/* flush bundles */
}
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
-index 3459692..eefb515 100644
+index 3459692..e7cdb1a 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
-@@ -278,7 +278,9 @@ int xfrm_register_mode(struct xfrm_mode *mode, int family)
+@@ -194,11 +194,13 @@ int xfrm_register_type(const struct xfrm_type *type, unsigned short family)
+
+ if (unlikely(afinfo == NULL))
+ return -EAFNOSUPPORT;
+- typemap = afinfo->type_map;
++ typemap = (const struct xfrm_type **)afinfo->type_map;
+
+- if (likely(typemap[type->proto] == NULL))
++ if (likely(typemap[type->proto] == NULL)) {
++ pax_open_kernel();
+ typemap[type->proto] = type;
+- else
++ pax_close_kernel();
++ } else
+ err = -EEXIST;
+ xfrm_state_unlock_afinfo(afinfo);
+ return err;
+@@ -213,12 +215,15 @@ int xfrm_unregister_type(const struct xfrm_type *type, unsigned short family)
+
+ if (unlikely(afinfo == NULL))
+ return -EAFNOSUPPORT;
+- typemap = afinfo->type_map;
++ typemap = (const struct xfrm_type **)afinfo->type_map;
+
+ if (unlikely(typemap[type->proto] != type))
+ err = -ENOENT;
+- else
++ else {
++ pax_open_kernel();
+ typemap[type->proto] = NULL;
++ pax_close_kernel();
++ }
+ xfrm_state_unlock_afinfo(afinfo);
+ return err;
+ }
+@@ -227,7 +232,6 @@ EXPORT_SYMBOL(xfrm_unregister_type);
+ static const struct xfrm_type *xfrm_get_type(u8 proto, unsigned short family)
+ {
+ struct xfrm_state_afinfo *afinfo;
+- const struct xfrm_type **typemap;
+ const struct xfrm_type *type;
+ int modload_attempted = 0;
+
+@@ -235,9 +239,8 @@ retry:
+ afinfo = xfrm_state_get_afinfo(family);
+ if (unlikely(afinfo == NULL))
+ return NULL;
+- typemap = afinfo->type_map;
+
+- type = typemap[proto];
++ type = afinfo->type_map[proto];
+ if (unlikely(type && !try_module_get(type->owner)))
+ type = NULL;
+ if (!type && !modload_attempted) {
+@@ -270,7 +273,7 @@ int xfrm_register_mode(struct xfrm_mode *mode, int family)
+ return -EAFNOSUPPORT;
+
+ err = -EEXIST;
+- modemap = afinfo->mode_map;
++ modemap = (struct xfrm_mode **)afinfo->mode_map;
+ if (modemap[mode->encap])
+ goto out;
+
+@@ -278,8 +281,10 @@ int xfrm_register_mode(struct xfrm_mode *mode, int family)
if (!try_module_get(afinfo->owner))
goto out;
- mode->afinfo = afinfo;
+ pax_open_kernel();
-+ *(void **)&mode->afinfo = afinfo;
-+ pax_close_kernel();
++ *(const void **)&mode->afinfo = afinfo;
modemap[mode->encap] = mode;
++ pax_close_kernel();
err = 0;
+ out:
+@@ -302,9 +307,11 @@ int xfrm_unregister_mode(struct xfrm_mode *mode, int family)
+ return -EAFNOSUPPORT;
+
+ err = -ENOENT;
+- modemap = afinfo->mode_map;
++ modemap = (struct xfrm_mode **)afinfo->mode_map;
+ if (likely(modemap[mode->encap] == mode)) {
++ pax_open_kernel();
+ modemap[mode->encap] = NULL;
++ pax_close_kernel();
+ module_put(mode->afinfo->owner);
+ err = 0;
+ }
+diff --git a/net/xfrm/xfrm_sysctl.c b/net/xfrm/xfrm_sysctl.c
+index 05a6e3d..6716ec9 100644
+--- a/net/xfrm/xfrm_sysctl.c
++++ b/net/xfrm/xfrm_sysctl.c
+@@ -42,7 +42,7 @@ static struct ctl_table xfrm_table[] = {
+
+ int __net_init xfrm_sysctl_init(struct net *net)
+ {
+- struct ctl_table *table;
++ ctl_table_no_const *table;
+
+ __xfrm_sysctl_init(net);
+
diff --git a/scripts/Makefile.build b/scripts/Makefile.build
index 0e801c3..5c8ad3b 100644
--- a/scripts/Makefile.build
fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianess? %#x\n",
diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh
new file mode 100644
-index 0000000..008ac1a
+index 0000000..5e0222d
--- /dev/null
+++ b/scripts/gcc-plugin.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
-+plugincc=`$1 -x c -shared - -o /dev/null -I\`$3 -print-file-name=plugin\`/include 2>&1 <<EOF
++plugincc=`$1 -E -shared - -o /dev/null -I\`$3 -print-file-name=plugin\`/include 2>&1 <<EOF
+#include "gcc-plugin.h"
+#include "tree.h"
+#include "tm.h"
sprintf(alias, "dmi*");
diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
-index 0d93856..e828363 100644
+index ff36c50..7ab4fa9 100644
--- a/scripts/mod/modpost.c
+++ b/scripts/mod/modpost.c
-@@ -933,6 +933,7 @@ enum mismatch {
+@@ -929,6 +929,7 @@ enum mismatch {
ANY_INIT_TO_ANY_EXIT,
ANY_EXIT_TO_ANY_INIT,
EXPORT_TO_INIT_EXIT,
};
struct sectioncheck {
-@@ -1047,6 +1048,12 @@ const struct sectioncheck sectioncheck[] = {
+@@ -1043,6 +1044,12 @@ const struct sectioncheck sectioncheck[] = {
.tosec = { INIT_SECTIONS, EXIT_SECTIONS, NULL },
.mismatch = EXPORT_TO_INIT_EXIT,
.symbol_white_list = { DEFAULT_SYMBOL_WHITE_LIST, NULL },
}
};
-@@ -1169,10 +1176,10 @@ static Elf_Sym *find_elf_symbol(struct elf_info *elf, Elf64_Sword addr,
+@@ -1165,10 +1172,10 @@ static Elf_Sym *find_elf_symbol(struct elf_info *elf, Elf64_Sword addr,
continue;
if (ELF_ST_TYPE(sym->st_info) == STT_SECTION)
continue;
if (d < 0)
d = addr - sym->st_value;
if (d < distance) {
-@@ -1451,6 +1458,14 @@ static void report_sec_mismatch(const char *modname,
+@@ -1447,6 +1454,14 @@ static void report_sec_mismatch(const char *modname,
tosym, prl_to, prl_to, tosym);
free(prl_to);
break;
}
fprintf(stderr, "\n");
}
-@@ -1685,7 +1700,7 @@ static void section_rel(const char *modname, struct elf_info *elf,
+@@ -1681,7 +1696,7 @@ static void section_rel(const char *modname, struct elf_info *elf,
static void check_sec_ref(struct module *mod, const char *modname,
struct elf_info *elf)
{
Elf_Shdr *sechdrs = elf->sechdrs;
/* Walk through all sections */
-@@ -1783,7 +1798,7 @@ void __attribute__((format(printf, 2, 3))) buf_printf(struct buffer *buf,
+@@ -1779,7 +1794,7 @@ void __attribute__((format(printf, 2, 3))) buf_printf(struct buffer *buf,
va_end(ap);
}
{
if (buf->size - buf->pos < len) {
buf->size += len + SZ;
-@@ -2001,7 +2016,7 @@ static void write_if_changed(struct buffer *b, const char *fname)
+@@ -1997,7 +2012,7 @@ static void write_if_changed(struct buffer *b, const char *fname)
if (fstat(fileno(file), &st) < 0)
goto close_write;
filename, strerror(errno));
goto out;
diff --git a/scripts/pnmtologo.c b/scripts/pnmtologo.c
-index 5c11312..72742b5 100644
+index 68bb4ef..2f419e1 100644
--- a/scripts/pnmtologo.c
+++ b/scripts/pnmtologo.c
-@@ -237,14 +237,14 @@ static void write_header(void)
+@@ -244,14 +244,14 @@ static void write_header(void)
fprintf(out, " * Linux logo %s\n", logoname);
fputs(" */\n\n", out);
fputs("#include <linux/linux_logo.h>\n\n", out);
fprintf(out, "\t.type\t\t= %s,\n", logo_types[logo_type]);
fprintf(out, "\t.width\t\t= %d,\n", logo_width);
fprintf(out, "\t.height\t\t= %d,\n", logo_height);
-@@ -374,7 +374,7 @@ static void write_logo_clut224(void)
+@@ -381,7 +381,7 @@ static void write_logo_clut224(void)
fputs("\n};\n\n", out);
/* write logo clut */
logoname);
write_hex_cnt = 0;
for (i = 0; i < logo_clutsize; i++) {
+diff --git a/scripts/sortextable.h b/scripts/sortextable.h
+index e4fd45b..2eeb5c4 100644
+--- a/scripts/sortextable.h
++++ b/scripts/sortextable.h
+@@ -106,9 +106,9 @@ do_func(Elf_Ehdr *ehdr, char const *const fname, table_sort_t custom_sort)
+ const char *secstrtab;
+ const char *strtab;
+ char *extab_image;
+- int extab_index = 0;
+- int i;
+- int idx;
++ unsigned int extab_index = 0;
++ unsigned int i;
++ unsigned int idx;
+
+ shdr = (Elf_Shdr *)((char *)ehdr + _r(&ehdr->e_shoff));
+ shstrtab_sec = shdr + r2(&ehdr->e_shstrndx);
diff --git a/security/Kconfig b/security/Kconfig
-index e9c6ac7..01c698c 100644
+index e9c6ac7..952353c 100644
--- a/security/Kconfig
+++ b/security/Kconfig
-@@ -4,6 +4,902 @@
+@@ -4,6 +4,925 @@
menu "Security options"
+config PAX_KERNEXEC
+ bool "Enforce non-executable kernel pages"
+ default y if GRKERNSEC_CONFIG_AUTO && (GRKERNSEC_CONFIG_VIRT_NONE || (GRKERNSEC_CONFIG_VIRT_EPT && GRKERNSEC_CONFIG_VIRT_GUEST) || (GRKERNSEC_CONFIG_VIRT_EPT && GRKERNSEC_CONFIG_VIRT_KVM))
-+ depends on (X86 || ARM_LPAE) && (!X86_32 || X86_WP_WORKS_OK) && !XEN
++ depends on ((X86 && (!X86_32 || X86_WP_WORKS_OK)) || (ARM && (CPU_V6 || CPU_V7) && !(ARM_LPAE && MODULES))) && !XEN
+ select PAX_PER_CPU_PGD if X86_64 || (X86_32 && X86_PAE)
+ select PAX_KERNEXEC_PLUGIN if X86_64
+ help
+
+config PAX_MEMORY_UDEREF
+ bool "Prevent invalid userland pointer dereference"
-+ default y if GRKERNSEC_CONFIG_AUTO && (X86_32 || (X86_64 && GRKERNSEC_CONFIG_PRIORITY_SECURITY)) && (GRKERNSEC_CONFIG_VIRT_NONE || GRKERNSEC_CONFIG_VIRT_EPT)
-+ depends on X86 && !UML_X86 && !XEN
++ default y if GRKERNSEC_CONFIG_AUTO && !(X86_64 && GRKERNSEC_CONFIG_PRIORITY_PERF) && (GRKERNSEC_CONFIG_VIRT_NONE || GRKERNSEC_CONFIG_VIRT_EPT)
++ depends on (X86 || (ARM && (CPU_V6 || CPU_V7) && !ARM_LPAE)) && !UML_X86 && !XEN
+ select PAX_PER_CPU_PGD if X86_64
+ help
+ By saying Y here the kernel will be prevented from dereferencing
+ Since this has a negligible performance impact, you should enable
+ this feature.
+
++config PAX_CONSTIFY_PLUGIN
++ bool "Automatically constify eligible structures"
++ default y
++ depends on !UML
++ help
++ By saying Y here the compiler will automatically constify a class
++ of types that contain only function pointers. This reduces the
++ kernel's attack surface and also produces a better memory layout.
++
++ Note that the implementation requires a gcc with plugin support,
++ i.e., gcc 4.5 or newer. You may need to install the supporting
++ headers explicitly in addition to the normal gcc package.
++
++ Note that if some code really has to modify constified variables
++ then the source code will have to be patched to allow it. Examples
++ can be found in PaX itself (the no_const attribute) and for some
++ out-of-tree modules at http://www.grsecurity.net/~paxguy1/ .
++
+config PAX_USERCOPY
+ bool "Harden heap object copies between kernel and userland"
+ default y if GRKERNSEC_CONFIG_AUTO
+ there is little 'natural' source of entropy normally. The cost
+ is some slowdown of the boot process.
+
++ When pax_extra_latent_entropy is passed on the kernel command line,
++ entropy will be extracted from up to the first 4GB of RAM while the
++ runtime memory allocator is being initialized. This costs even more
++ slowdown of the boot process.
++
+ Note that the implementation requires a gcc with plugin support,
+ i.e., gcc 4.5 or newer. You may need to install the supporting
+ headers explicitly in addition to the normal gcc package.
source security/keys/Kconfig
config SECURITY_DMESG_RESTRICT
-@@ -103,7 +999,7 @@ config INTEL_TXT
+@@ -103,7 +1022,7 @@ config INTEL_TXT
config LSM_MMAP_MIN_ADDR
int "Low address space for LSM to protect from user allocation"
depends on SECURITY && SECURITY_SELINUX
.ptrace_access_check = apparmor_ptrace_access_check,
diff --git a/security/commoncap.c b/security/commoncap.c
-index 6dbae46..d5611fd 100644
+index 7ee08c7..8d1a9d6 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
-@@ -415,6 +415,32 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data
+@@ -424,6 +424,32 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data
return 0;
}
/*
* Attempt to get the on-exec apply capability sets for an executable file from
* its xattrs and, if present, apply them to the proposed credentials being
-@@ -583,6 +609,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm)
+@@ -592,6 +618,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm)
const struct cred *cred = current_cred();
kuid_t root_uid = make_kuid(cred->user_ns, 0);
if (bprm->cap_effective)
return 1;
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
-index 6ee8826..6350060 100644
+index 079a85d..12e93f8 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -96,8 +96,8 @@ void ima_add_violation(struct inode *inode, const unsigned char *filename,
};
extern struct ima_h_table ima_htable;
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
-index b356884..fd9676e 100644
+index 0cea3db..2f0ef77 100644
--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
@@ -79,7 +79,7 @@ void ima_add_violation(struct inode *inode, const unsigned char *filename,
hlist_add_head_rcu(&qe->hnext, &ima_htable.queue[key]);
return 0;
diff --git a/security/keys/compat.c b/security/keys/compat.c
-index 1c26176..64a1ba2 100644
+index d65fa7f..cbfe366 100644
--- a/security/keys/compat.c
+++ b/security/keys/compat.c
@@ -44,7 +44,7 @@ static long compat_keyctl_instantiate_key_iov(
- ret = keyctl_instantiate_key_common(id, iov, ioc, ret, ringid);
+ ret = keyctl_instantiate_key_common(id, (const struct iovec __force_user *)iov, ioc, ret, ringid);
-
+ err:
if (iov != iovstack)
kfree(iov);
+diff --git a/security/keys/key.c b/security/keys/key.c
+index 8fb7c7b..ba3610d 100644
+--- a/security/keys/key.c
++++ b/security/keys/key.c
+@@ -284,7 +284,7 @@ struct key *key_alloc(struct key_type *type, const char *desc,
+
+ atomic_set(&key->usage, 1);
+ init_rwsem(&key->sem);
+- lockdep_set_class(&key->sem, &type->lock_class);
++ lockdep_set_class(&key->sem, (struct lock_class_key *)&type->lock_class);
+ key->type = type;
+ key->user = user;
+ key->quotalen = quotalen;
+@@ -1032,7 +1032,9 @@ int register_key_type(struct key_type *ktype)
+ struct key_type *p;
+ int ret;
+
+- memset(&ktype->lock_class, 0, sizeof(ktype->lock_class));
++ pax_open_kernel();
++ memset((void *)&ktype->lock_class, 0, sizeof(ktype->lock_class));
++ pax_close_kernel();
+
+ ret = -EEXIST;
+ down_write(&key_types_sem);
+@@ -1044,7 +1046,7 @@ int register_key_type(struct key_type *ktype)
+ }
+
+ /* store the type */
+- list_add(&ktype->link, &key_types_list);
++ pax_list_add((struct list_head *)&ktype->link, &key_types_list);
+
+ pr_notice("Key type %s registered\n", ktype->name);
+ ret = 0;
+@@ -1066,7 +1068,7 @@ EXPORT_SYMBOL(register_key_type);
+ void unregister_key_type(struct key_type *ktype)
+ {
+ down_write(&key_types_sem);
+- list_del_init(&ktype->link);
++ pax_list_del_init((struct list_head *)&ktype->link);
+ downgrade_write(&key_types_sem);
+ key_gc_keytype(ktype);
+ pr_notice("Key type %s unregistered\n", ktype->name);
+@@ -1084,10 +1086,10 @@ void __init key_init(void)
+ 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
+
+ /* add the special key types */
+- list_add_tail(&key_type_keyring.link, &key_types_list);
+- list_add_tail(&key_type_dead.link, &key_types_list);
+- list_add_tail(&key_type_user.link, &key_types_list);
+- list_add_tail(&key_type_logon.link, &key_types_list);
++ pax_list_add_tail((struct list_head *)&key_type_keyring.link, &key_types_list);
++ pax_list_add_tail((struct list_head *)&key_type_dead.link, &key_types_list);
++ pax_list_add_tail((struct list_head *)&key_type_user.link, &key_types_list);
++ pax_list_add_tail((struct list_head *)&key_type_logon.link, &key_types_list);
+
+ /* record the root user tracking */
+ rb_link_node(&root_key_user.node,
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
-index 5d34b4e..2456674 100644
+index 4b5c948..2054dc1 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -986,7 +986,7 @@ static int keyctl_change_reqkey_auth(struct key *key)
- ret = keyctl_instantiate_key_common(id, iov, ioc, ret, ringid);
+ ret = keyctl_instantiate_key_common(id, (const struct iovec __force_user *)iov, ioc, ret, ringid);
-
+ err:
if (iov != iovstack)
kfree(iov);
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
-index 6e42df1..aba52bd 100644
+index 6ece7f2..ecdb55c 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -227,16 +227,16 @@ static long keyring_read(const struct key *keyring,
/*
diff --git a/security/security.c b/security/security.c
-index 8dcd4ae..1124de7 100644
+index 7b88c6a..1e3ea8f 100644
--- a/security/security.c
+++ b/security/security.c
@@ -20,6 +20,7 @@
/* Save user chosen LSM */
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
-index 61a5336..27215d8 100644
+index ef26e96..642fb78 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -95,8 +95,6 @@
/* SECMARK reference count */
static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
-@@ -5476,7 +5474,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer)
+@@ -5501,7 +5499,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer)
#endif
.name = "smack",
.ptrace_access_check = smack_ptrace_access_check,
+diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c
+index 390c646..f2f8db3 100644
+--- a/security/tomoyo/mount.c
++++ b/security/tomoyo/mount.c
+@@ -118,6 +118,10 @@ static int tomoyo_mount_acl(struct tomoyo_request_info *r,
+ type == tomoyo_mounts[TOMOYO_MOUNT_MOVE]) {
+ need_dev = -1; /* dev_name is a directory */
+ } else {
++ if (!capable(CAP_SYS_ADMIN)) {
++ error = -EPERM;
++ goto out;
++ }
+ fstype = get_fs_type(type);
+ if (!fstype) {
+ error = -ENODEV;
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
index a2ee362..5754f34 100644
--- a/security/tomoyo/tomoyo.c
select SECURITYFS
select SECURITY_PATH
default n
+diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c
+index 23414b9..b92b314 100644
+--- a/security/yama/yama_lsm.c
++++ b/security/yama/yama_lsm.c
+@@ -367,7 +367,7 @@ int yama_ptrace_traceme(struct task_struct *parent)
+ }
+
+ #ifndef CONFIG_SECURITY_YAMA_STACKED
+-static struct security_operations yama_ops = {
++static struct security_operations yama_ops __read_only = {
+ .name = "yama",
+
+ .ptrace_access_check = yama_ptrace_access_check,
+@@ -378,28 +378,24 @@ static struct security_operations yama_ops = {
+ #endif
+
+ #ifdef CONFIG_SYSCTL
++static int zero __read_only;
++static int max_scope __read_only = YAMA_SCOPE_NO_ATTACH;
++
+ static int yama_dointvec_minmax(struct ctl_table *table, int write,
+ void __user *buffer, size_t *lenp, loff_t *ppos)
+ {
+- int rc;
++ ctl_table_no_const yama_table;
+
+ if (write && !capable(CAP_SYS_PTRACE))
+ return -EPERM;
+
+- rc = proc_dointvec_minmax(table, write, buffer, lenp, ppos);
+- if (rc)
+- return rc;
+-
++ yama_table = *table;
+ /* Lock the max value if it ever gets set. */
+- if (write && *(int *)table->data == *(int *)table->extra2)
+- table->extra1 = table->extra2;
+-
+- return rc;
++ if (ptrace_scope == max_scope)
++ yama_table.extra1 = &max_scope;
++ return proc_dointvec_minmax(&yama_table, write, buffer, lenp, ppos);
+ }
+
+-static int zero;
+-static int max_scope = YAMA_SCOPE_NO_ATTACH;
+-
+ struct ctl_path yama_sysctl_path[] = {
+ { .procname = "kernel", },
+ { .procname = "yama", },
diff --git a/sound/aoa/codecs/onyx.c b/sound/aoa/codecs/onyx.c
index 4cedc69..e59d8a3 100644
--- a/sound/aoa/codecs/onyx.c
}
} else if (runtime->access == SNDRV_PCM_ACCESS_RW_NONINTERLEAVED) {
diff --git a/sound/core/pcm_compat.c b/sound/core/pcm_compat.c
-index 91cdf943..4085161 100644
+index af49721..e85058e 100644
--- a/sound/core/pcm_compat.c
+++ b/sound/core/pcm_compat.c
@@ -31,7 +31,7 @@ static int snd_pcm_ioctl_delay_compat(struct snd_pcm_substream *substream,
if (err < 0)
return err;
diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c
-index f9ddecf..e27404d 100644
+index 09b4286..8620fac 100644
--- a/sound/core/pcm_native.c
+++ b/sound/core/pcm_native.c
-@@ -2804,11 +2804,11 @@ int snd_pcm_kernel_ioctl(struct snd_pcm_substream *substream,
+@@ -2806,11 +2806,11 @@ int snd_pcm_kernel_ioctl(struct snd_pcm_substream *substream,
switch (substream->stream) {
case SNDRV_PCM_STREAM_PLAYBACK:
result = snd_pcm_playback_ioctl1(NULL, substream, cmd,
default:
result = -EINVAL;
diff --git a/sound/core/seq/seq_device.c b/sound/core/seq/seq_device.c
-index 60e8fc1..786abcb 100644
+index 040c60e..989a19a 100644
--- a/sound/core/seq/seq_device.c
+++ b/sound/core/seq/seq_device.c
@@ -64,7 +64,7 @@ struct ops_list {
- struct snd_seq_dev_ops ops;
+ struct snd_seq_dev_ops *ops;
- /* registred devices */
+ /* registered devices */
struct list_head dev_list; /* list of devices */
@@ -333,7 +333,7 @@ int snd_seq_device_register_driver(char *id, struct snd_seq_dev_ops *entry,
dev->driver_data = NULL;
ops->num_init_devices--;
diff --git a/sound/drivers/mts64.c b/sound/drivers/mts64.c
-index 2d5514b..3afae9c 100644
+index 4e0dd22..7a1f32c 100644
--- a/sound/drivers/mts64.c
+++ b/sound/drivers/mts64.c
@@ -29,6 +29,7 @@
int timeout = 10;
while ((inb(opl4->fm_port) & OPL4_STATUS_BUSY) && --timeout > 0)
diff --git a/sound/drivers/portman2x4.c b/sound/drivers/portman2x4.c
-index 8364855..59f2e2b 100644
+index 991018d..8984740 100644
--- a/sound/drivers/portman2x4.c
+++ b/sound/drivers/portman2x4.c
@@ -48,6 +48,7 @@
break;
default:
return -EINVAL;
+diff --git a/sound/firewire/scs1x.c b/sound/firewire/scs1x.c
+index 844a555..985ab83 100644
+--- a/sound/firewire/scs1x.c
++++ b/sound/firewire/scs1x.c
+@@ -74,7 +74,7 @@ static void scs_output_trigger(struct snd_rawmidi_substream *stream, int up)
+ {
+ struct scs *scs = stream->rmidi->private_data;
+
+- ACCESS_ONCE(scs->output) = up ? stream : NULL;
++ ACCESS_ONCE_RW(scs->output) = up ? stream : NULL;
+ if (up) {
+ scs->output_idle = false;
+ tasklet_schedule(&scs->tasklet);
+@@ -257,7 +257,7 @@ static void scs_input_trigger(struct snd_rawmidi_substream *stream, int up)
+ {
+ struct scs *scs = stream->rmidi->private_data;
+
+- ACCESS_ONCE(scs->input) = up ? stream : NULL;
++ ACCESS_ONCE_RW(scs->input) = up ? stream : NULL;
+ }
+
+ static void scs_input_escaped_byte(struct snd_rawmidi_substream *stream,
+@@ -457,8 +457,8 @@ static int scs_remove(struct device *dev)
+
+ snd_card_disconnect(scs->card);
+
+- ACCESS_ONCE(scs->output) = NULL;
+- ACCESS_ONCE(scs->input) = NULL;
++ ACCESS_ONCE_RW(scs->output) = NULL;
++ ACCESS_ONCE_RW(scs->input) = NULL;
+
+ wait_event(scs->idle_wait, scs->output_idle);
+
diff --git a/sound/oss/sb_audio.c b/sound/oss/sb_audio.c
-index b2b3c01..e1c1e1f 100644
+index 048439a..3be9f6f 100644
--- a/sound/oss/sb_audio.c
+++ b/sound/oss/sb_audio.c
-@@ -903,7 +903,7 @@ sb16_copy_from_user(int dev,
+@@ -904,7 +904,7 @@ sb16_copy_from_user(int dev,
buf16 = (signed short *)(localbuf + localoffs);
while (c)
{
const struct firmware *dsp_microcode;
const struct firmware *controller_microcode;
diff --git a/sound/pci/ymfpci/ymfpci_main.c b/sound/pci/ymfpci/ymfpci_main.c
-index 3a6f03f..bc5c86c 100644
+index 22056c5..25d3244 100644
--- a/sound/pci/ymfpci/ymfpci_main.c
+++ b/sound/pci/ymfpci/ymfpci_main.c
-@@ -203,8 +203,8 @@ static void snd_ymfpci_hw_stop(struct snd_ymfpci *chip)
+@@ -202,8 +202,8 @@ static void snd_ymfpci_hw_stop(struct snd_ymfpci *chip)
if ((snd_ymfpci_readl(chip, YDSXGR_STATUS) & 2) == 0)
break;
}
wake_up(&chip->interrupt_sleep);
}
__end:
-@@ -788,7 +788,7 @@ static void snd_ymfpci_irq_wait(struct snd_ymfpci *chip)
+@@ -787,7 +787,7 @@ static void snd_ymfpci_irq_wait(struct snd_ymfpci *chip)
continue;
init_waitqueue_entry(&wait, current);
add_wait_queue(&chip->interrupt_sleep, &wait);
schedule_timeout_uninterruptible(msecs_to_jiffies(50));
remove_wait_queue(&chip->interrupt_sleep, &wait);
}
-@@ -826,8 +826,8 @@ static irqreturn_t snd_ymfpci_interrupt(int irq, void *dev_id)
+@@ -825,8 +825,8 @@ static irqreturn_t snd_ymfpci_interrupt(int irq, void *dev_id)
snd_ymfpci_writel(chip, YDSXGR_MODE, mode);
spin_unlock(&chip->reg_lock);
wake_up(&chip->interrupt_sleep);
}
}
-@@ -2420,7 +2420,7 @@ int __devinit snd_ymfpci_create(struct snd_card *card,
+@@ -2421,7 +2421,7 @@ int snd_ymfpci_create(struct snd_card *card,
spin_lock_init(&chip->reg_lock);
spin_lock_init(&chip->voice_lock);
init_waitqueue_head(&chip->interrupt_sleep);
+size_overflow_hash.h
diff --git a/tools/gcc/Makefile b/tools/gcc/Makefile
new file mode 100644
-index 0000000..1d09b7e
+index 0000000..6920fb3
--- /dev/null
+++ b/tools/gcc/Makefile
@@ -0,0 +1,43 @@
+
+ifeq ($(PLUGINCC),$(HOSTCC))
+HOSTLIBS := hostlibs
-+HOST_EXTRACFLAGS += -I$(GCCPLUGINS_DIR)/include -I$(GCCPLUGINS_DIR)/include/c-family -std=gnu99 -ggdb
++HOST_EXTRACFLAGS += -I$(GCCPLUGINS_DIR)/include -std=gnu99 -ggdb
+else
+HOSTLIBS := hostcxxlibs
-+HOST_EXTRACXXFLAGS += -I$(GCCPLUGINS_DIR)/include -I$(GCCPLUGINS_DIR)/include/c-family -std=gnu++98 -ggdb -Wno-unused-parameter
++HOST_EXTRACXXFLAGS += -I$(GCCPLUGINS_DIR)/include -std=gnu++98 -ggdb -Wno-unused-parameter
+endif
+
+$(HOSTLIBS)-y := constify_plugin.so
+}
diff --git a/tools/gcc/constify_plugin.c b/tools/gcc/constify_plugin.c
new file mode 100644
-index 0000000..c415c9d
+index 0000000..43e86d6
--- /dev/null
+++ b/tools/gcc/constify_plugin.c
-@@ -0,0 +1,359 @@
+@@ -0,0 +1,512 @@
+/*
+ * Copyright 2011 by Emese Revfy <re.emese@gmail.com>
+ * Copyright 2011-2013 by PaX Team <pageexec@freemail.hu>
+#include "rtl.h"
+#include "emit-rtl.h"
+#include "tree-flow.h"
++#include "target.h"
+
++// should come from c-tree.h if only it were installed for gcc 4.5...
+#define C_TYPE_FIELDS_READONLY(TYPE) TREE_LANG_FLAG_1(TYPE)
+
++// unused type flag in all versions 4.5-4.8
++#define TYPE_CONSTIFY_VISITED(TYPE) TYPE_LANG_FLAG_4(TYPE)
++
+int plugin_is_GPL_compatible;
+
+static struct plugin_info const_plugin_info = {
-+ .version = "201302112000",
++ .version = "201303070020",
+ .help = "no-constify\tturn off constification\n",
+};
+
-+static tree get_field_type(tree field)
++typedef struct {
++ bool has_fptr_field;
++ bool has_writable_field;
++ bool has_do_const_field;
++ bool has_no_const_field;
++} constify_info;
++
++static const_tree get_field_type(const_tree field)
+{
+ return strip_array_types(TREE_TYPE(field));
+}
+
-+static bool walk_struct(tree node);
++static bool is_fptr(const_tree field)
++{
++ const_tree ptr = get_field_type(field);
++
++ if (TREE_CODE(ptr) != POINTER_TYPE)
++ return false;
++
++ return TREE_CODE(TREE_TYPE(ptr)) == FUNCTION_TYPE;
++}
++
++/*
++ * determine whether the given structure type meets the requirements for automatic constification,
++ * including the constification attributes on nested structure types
++ */
++static void constifiable(const_tree node, constify_info *cinfo)
++{
++ const_tree field;
++
++ gcc_assert(TREE_CODE(node) == RECORD_TYPE || TREE_CODE(node) == UNION_TYPE);
++
++ // e.g., pointer to structure fields while still constructing the structure type
++ if (TYPE_FIELDS(node) == NULL_TREE)
++ return;
++
++ for (field = TYPE_FIELDS(node); field; field = TREE_CHAIN(field)) {
++ const_tree type = get_field_type(field);
++ enum tree_code code = TREE_CODE(type);
++
++ if (node == type)
++ continue;
++
++ if (is_fptr(field))
++ cinfo->has_fptr_field = true;
++ else if (!TREE_READONLY(field))
++ cinfo->has_writable_field = true;
++
++ if (code == RECORD_TYPE || code == UNION_TYPE) {
++ if (lookup_attribute("do_const", TYPE_ATTRIBUTES(type)))
++ cinfo->has_do_const_field = true;
++ else if (lookup_attribute("no_const", TYPE_ATTRIBUTES(type)))
++ cinfo->has_no_const_field = true;
++ else
++ constifiable(type, cinfo);
++ }
++ }
++}
++
++static bool constified(const_tree node)
++{
++ constify_info cinfo = {
++ .has_fptr_field = false,
++ .has_writable_field = false,
++ .has_do_const_field = false,
++ .has_no_const_field = false
++ };
++
++ gcc_assert(TREE_CODE(node) == RECORD_TYPE || TREE_CODE(node) == UNION_TYPE);
++
++ if (lookup_attribute("no_const", TYPE_ATTRIBUTES(node))) {
++ gcc_assert(!TYPE_READONLY(node));
++ return false;
++ }
++
++ if (lookup_attribute("do_const", TYPE_ATTRIBUTES(node))) {
++ gcc_assert(TYPE_READONLY(node));
++ return true;
++ }
++
++ constifiable(node, &cinfo);
++ if ((!cinfo.has_fptr_field || cinfo.has_writable_field) && !cinfo.has_do_const_field)
++ return false;
++
++ return TYPE_READONLY(node);
++}
++
+static void deconstify_tree(tree node);
+
+static void deconstify_type(tree type)
+{
+ tree field;
+
++ gcc_assert(TREE_CODE(type) == RECORD_TYPE || TREE_CODE(type) == UNION_TYPE);
++
+ for (field = TYPE_FIELDS(type); field; field = TREE_CHAIN(field)) {
-+ tree fieldtype = get_field_type(field);
++ const_tree fieldtype = get_field_type(field);
+
-+ if (TREE_CODE(fieldtype) != RECORD_TYPE && TREE_CODE(fieldtype) != UNION_TYPE)
++ // special case handling of simple ptr-to-same-array-type members
++ if (TREE_CODE(TREE_TYPE(field)) == POINTER_TYPE) {
++ const_tree ptrtype = TREE_TYPE(TREE_TYPE(field));
++
++ if (TREE_CODE(ptrtype) != RECORD_TYPE && TREE_CODE(ptrtype) != UNION_TYPE)
++ continue;
++ if (TREE_TYPE(TREE_TYPE(field)) == type)
++ continue;
++ if (TYPE_MAIN_VARIANT(ptrtype) == TYPE_MAIN_VARIANT(type)) {
++ TREE_TYPE(field) = copy_node(TREE_TYPE(field));
++ TREE_TYPE(TREE_TYPE(field)) = type;
++ }
+ continue;
-+ if (!TYPE_READONLY(fieldtype))
++ }
++ if (TREE_CODE(fieldtype) != RECORD_TYPE && TREE_CODE(fieldtype) != UNION_TYPE)
+ continue;
-+ if (!walk_struct(fieldtype))
++ if (!constified(fieldtype))
+ continue;
+
+ deconstify_tree(field);
+ }
+ TYPE_READONLY(type) = 0;
+ C_TYPE_FIELDS_READONLY(type) = 0;
++ if (lookup_attribute("do_const", TYPE_ATTRIBUTES(type)))
++ TYPE_ATTRIBUTES(type) = remove_attribute("do_const", TYPE_ATTRIBUTES(type));
+}
+
+static void deconstify_tree(tree node)
+{
+ tree old_type, new_type, field;
+
-+// TREE_READONLY(node) = 0;
+ old_type = TREE_TYPE(node);
+ while (TREE_CODE(old_type) == ARRAY_TYPE && TREE_CODE(TREE_TYPE(old_type)) != ARRAY_TYPE) {
-+ node = old_type;
++ node = TREE_TYPE(node) = copy_node(old_type);
+ old_type = TREE_TYPE(old_type);
+ }
+
+static tree handle_no_const_attribute(tree *node, tree name, tree args, int flags, bool *no_add_attrs)
+{
+ tree type;
++ constify_info cinfo = {
++ .has_fptr_field = false,
++ .has_writable_field = false,
++ .has_do_const_field = false,
++ .has_no_const_field = false
++ };
+
+ *no_add_attrs = true;
+ if (TREE_CODE(*node) == FUNCTION_DECL) {
+ return NULL_TREE;
+ }
+
++ if (TREE_CODE(*node) == PARM_DECL) {
++ error("%qE attribute does not apply to function parameters", name);
++ return NULL_TREE;
++ }
++
+ if (TREE_CODE(*node) == VAR_DECL) {
+ error("%qE attribute does not apply to variables", name);
+ return NULL_TREE;
+ }
+
+ if (TYPE_P(*node)) {
-+ if (TREE_CODE(*node) == RECORD_TYPE || TREE_CODE(*node) == UNION_TYPE)
-+ *no_add_attrs = false;
-+ else
-+ error("%qE attribute applies to struct and union types only", name);
-+ return NULL_TREE;
++ *no_add_attrs = false;
++ type = *node;
++ } else {
++ gcc_assert(TREE_CODE(*node) == TYPE_DECL);
++ type = TREE_TYPE(*node);
+ }
+
-+ type = TREE_TYPE(*node);
-+
+ if (TREE_CODE(type) != RECORD_TYPE && TREE_CODE(type) != UNION_TYPE) {
+ error("%qE attribute applies to struct and union types only", name);
+ return NULL_TREE;
+ return NULL_TREE;
+ }
+
-+ if (TREE_CODE(*node) == TYPE_DECL && !TYPE_READONLY(type)) {
-+ error("%qE attribute used on type that is not constified", name);
++ if (TYPE_P(*node)) {
++ if (lookup_attribute("do_const", TYPE_ATTRIBUTES(type)))
++ error("%qE attribute is incompatible with 'do_const'", name);
+ return NULL_TREE;
+ }
+
-+ if (TREE_CODE(*node) == TYPE_DECL) {
++ constifiable(type, &cinfo);
++ if ((cinfo.has_fptr_field && !cinfo.has_writable_field) || lookup_attribute("do_const", TYPE_ATTRIBUTES(type))) {
+ deconstify_tree(*node);
++ TYPE_CONSTIFY_VISITED(TREE_TYPE(*node)) = 1;
+ return NULL_TREE;
+ }
+
++ error("%qE attribute used on type that is not constified", name);
+ return NULL_TREE;
+}
+
+{
+ TYPE_READONLY(type) = 1;
+ C_TYPE_FIELDS_READONLY(type) = 1;
++ TYPE_CONSTIFY_VISITED(type) = 1;
++// TYPE_ATTRIBUTES(type) = tree_cons(get_identifier("do_const"), NULL_TREE, TYPE_ATTRIBUTES(type));
+}
+
+static tree handle_do_const_attribute(tree *node, tree name, tree args, int flags, bool *no_add_attrs)
+ return NULL_TREE;
+ }
+
++ if (lookup_attribute(IDENTIFIER_POINTER(name), TYPE_ATTRIBUTES(*node))) {
++ error("%qE attribute is already applied to the type", name);
++ return NULL_TREE;
++ }
++
++ if (lookup_attribute("no_const", TYPE_ATTRIBUTES(*node))) {
++ error("%qE attribute is incompatible with 'no_const'", name);
++ return NULL_TREE;
++ }
++
+ *no_add_attrs = false;
-+ constify_type(*node);
+ return NULL_TREE;
+}
+
+ register_attribute(&do_const_attr);
+}
+
-+static bool is_fptr(tree field)
++static void finish_type(void *event_data, void *data)
+{
-+ tree ptr = get_field_type(field);
-+
-+ if (TREE_CODE(ptr) != POINTER_TYPE)
-+ return false;
-+
-+ return TREE_CODE(TREE_TYPE(ptr)) == FUNCTION_TYPE;
-+}
++ tree type = (tree)event_data;
++ constify_info cinfo = {
++ .has_fptr_field = false,
++ .has_writable_field = false,
++ .has_do_const_field = false,
++ .has_no_const_field = false
++ };
+
-+static bool walk_struct(tree node)
-+{
-+ tree field;
++ if (type == NULL_TREE || type == error_mark_node)
++ return;
+
-+ if (TYPE_FIELDS(node) == NULL_TREE)
-+ return false;
++ if (TYPE_FIELDS(type) == NULL_TREE || TYPE_CONSTIFY_VISITED(type))
++ return;
+
-+ if (lookup_attribute("do_const", TYPE_ATTRIBUTES(node)))
-+ return true;
++ constifiable(type, &cinfo);
+
-+ if (lookup_attribute("no_const", TYPE_ATTRIBUTES(node))) {
-+ gcc_assert(!TYPE_READONLY(node));
-+ deconstify_type(node);
-+ return false;
++ if (TYPE_READONLY(type) && C_TYPE_FIELDS_READONLY(type)) {
++ if (!lookup_attribute("do_const", TYPE_ATTRIBUTES(type)))
++ return;
++ if (cinfo.has_writable_field)
++ return;
++ error("'do_const' attribute used on type that is%sconstified", cinfo.has_fptr_field ? " " : " not ");
++ return;
+ }
+
-+ for (field = TYPE_FIELDS(node); field; field = TREE_CHAIN(field)) {
-+ tree type = get_field_type(field);
-+ enum tree_code code = TREE_CODE(type);
-+
-+ if (node == type)
-+ return false;
-+ if (code == RECORD_TYPE || code == UNION_TYPE) {
-+ if (!(walk_struct(type)))
-+ return false;
-+ } else if (!is_fptr(field) && !TREE_READONLY(field))
-+ return false;
++ if (lookup_attribute("no_const", TYPE_ATTRIBUTES(type))) {
++ if ((cinfo.has_fptr_field && !cinfo.has_writable_field) || cinfo.has_do_const_field) {
++ deconstify_type(type);
++ TYPE_CONSTIFY_VISITED(type) = 1;
++ } else
++ error("'no_const' attribute used on type that is not constified");
++ return;
+ }
-+ return true;
-+}
-+
-+static void finish_type(void *event_data, void *data)
-+{
-+ tree type = (tree)event_data;
+
-+ if (type == NULL_TREE || type == error_mark_node)
++ if (lookup_attribute("do_const", TYPE_ATTRIBUTES(type))) {
++ constify_type(type);
+ return;
++ }
+
-+ if (TYPE_READONLY(type))
++ if (cinfo.has_fptr_field && !cinfo.has_writable_field) {
++ constify_type(type);
+ return;
++ }
+
-+ if (walk_struct(type))
-+ constify_type(type);
-+ else
-+ deconstify_type(type);
++ deconstify_type(type);
++ TYPE_CONSTIFY_VISITED(type) = 1;
+}
+
+static unsigned int check_local_variables(void)
+ if (TREE_CODE(type) != RECORD_TYPE && TREE_CODE(type) != UNION_TYPE)
+ continue;
+
-+ if (!TYPE_READONLY(type))
++ if (!TYPE_READONLY(type) || !C_TYPE_FIELDS_READONLY(type))
+ continue;
+
-+// if (lookup_attribute("no_const", DECL_ATTRIBUTES(var)))
-+// continue;
-+
-+ if (lookup_attribute("no_const", TYPE_ATTRIBUTES(type)))
++ if (!TYPE_CONSTIFY_VISITED(type))
+ continue;
+
-+ if (walk_struct(type)) {
-+ error_at(DECL_SOURCE_LOCATION(var), "constified variable %qE cannot be local", var);
-+ ret = 1;
-+ }
++ error_at(DECL_SOURCE_LOCATION(var), "constified variable %qE cannot be local", var);
++ ret = 1;
+ }
+ return ret;
+}
+
-+struct gimple_opt_pass pass_local_variable = {
++static struct gimple_opt_pass pass_local_variable = {
+ {
+ .type = GIMPLE_PASS,
+ .name = "check_local_variables",
+ }
+};
+
++static struct {
++ const char *name;
++ const char *asm_op;
++} sections[] = {
++ {".init.rodata", "\t.section\t.init.rodata,\"a\""},
++ {".ref.rodata", "\t.section\t.ref.rodata,\"a\""},
++ {".devinit.rodata", "\t.section\t.devinit.rodata,\"a\""},
++ {".devexit.rodata", "\t.section\t.devexit.rodata,\"a\""},
++ {".cpuinit.rodata", "\t.section\t.cpuinit.rodata,\"a\""},
++ {".cpuexit.rodata", "\t.section\t.cpuexit.rodata,\"a\""},
++ {".meminit.rodata", "\t.section\t.meminit.rodata,\"a\""},
++ {".memexit.rodata", "\t.section\t.memexit.rodata,\"a\""},
++ {".data..read_only", "\t.section\t.data..read_only,\"a\""},
++};
++
++static unsigned int (*old_section_type_flags)(tree decl, const char *name, int reloc);
++
++static unsigned int constify_section_type_flags(tree decl, const char *name, int reloc)
++{
++ size_t i;
++
++ for (i = 0; i < ARRAY_SIZE(sections); i++)
++ if (!strcmp(sections[i].name, name))
++ return 0;
++ return old_section_type_flags(decl, name, reloc);
++}
++
++static void constify_start_unit(void *gcc_data, void *user_data)
++{
++// size_t i;
++
++// for (i = 0; i < ARRAY_SIZE(sections); i++)
++// sections[i].section = get_unnamed_section(0, output_section_asm_op, sections[i].asm_op);
++// sections[i].section = get_section(sections[i].name, 0, NULL);
++
++ old_section_type_flags = targetm.section_type_flags;
++ targetm.section_type_flags = constify_section_type_flags;
++}
++
+int plugin_init(struct plugin_name_args *plugin_info, struct plugin_gcc_version *version)
+{
+ const char * const plugin_name = plugin_info->base_name;
+ if (constify) {
+ register_callback(plugin_name, PLUGIN_FINISH_TYPE, finish_type, NULL);
+ register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &local_variable_pass_info);
++ register_callback(plugin_name, PLUGIN_START_UNIT, constify_start_unit, NULL);
+ }
+ register_callback(plugin_name, PLUGIN_ATTRIBUTES, register_attributes, NULL);
+
+}
diff --git a/tools/gcc/latent_entropy_plugin.c b/tools/gcc/latent_entropy_plugin.c
new file mode 100644
-index 0000000..1276616
+index 0000000..b5395ba
--- /dev/null
+++ b/tools/gcc/latent_entropy_plugin.c
-@@ -0,0 +1,321 @@
+@@ -0,0 +1,327 @@
+/*
+ * Copyright 2012-2013 by the PaX Team <pageexec@freemail.hu>
+ * Licensed under the GPL v2
+#include "rtl.h"
+#include "emit-rtl.h"
+#include "tree-flow.h"
++#include "langhooks.h"
+
+#if BUILDING_GCC_VERSION >= 4008
+#define TODO_dump_func 0
+static tree latent_entropy_decl;
+
+static struct plugin_info latent_entropy_plugin_info = {
-+ .version = "201302112000",
++ .version = "201303102320",
+ .help = NULL
+};
+
+
+static void start_unit_callback(void *gcc_data, void *user_data)
+{
++ tree latent_entropy_type;
++
+#if BUILDING_GCC_VERSION >= 4007
+ seed = get_random_seed(false);
+#else
+ if (in_lto_p)
+ return;
+
-+ // extern u64 latent_entropy
-+ latent_entropy_decl = build_decl(UNKNOWN_LOCATION, VAR_DECL, get_identifier("latent_entropy"), unsigned_intDI_type_node);
++ // extern volatile u64 latent_entropy
++ gcc_assert(TYPE_PRECISION(long_long_unsigned_type_node) == 64);
++ latent_entropy_type = build_qualified_type(long_long_unsigned_type_node, TYPE_QUALS(long_long_unsigned_type_node) | TYPE_QUAL_VOLATILE);
++ latent_entropy_decl = build_decl(UNKNOWN_LOCATION, VAR_DECL, get_identifier("latent_entropy"), latent_entropy_type);
+
+ TREE_STATIC(latent_entropy_decl) = 1;
+ TREE_PUBLIC(latent_entropy_decl) = 1;
+ TREE_USED(latent_entropy_decl) = 1;
+ TREE_THIS_VOLATILE(latent_entropy_decl) = 1;
+ DECL_EXTERNAL(latent_entropy_decl) = 1;
-+ DECL_ARTIFICIAL(latent_entropy_decl) = 0;
++ DECL_ARTIFICIAL(latent_entropy_decl) = 1;
+ DECL_INITIAL(latent_entropy_decl) = NULL;
++ lang_hooks.decls.pushdecl(latent_entropy_decl);
+// DECL_ASSEMBLER_NAME(latent_entropy_decl);
+// varpool_finalize_decl(latent_entropy_decl);
+// varpool_mark_needed_node(latent_entropy_decl);
+atyfb_setup_generic_49151 atyfb_setup_generic 3 49151 NULL
diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c
new file mode 100644
-index 0000000..d52f2ee
+index 0000000..838ea58
--- /dev/null
+++ b/tools/gcc/size_overflow_plugin.c
-@@ -0,0 +1,1941 @@
+@@ -0,0 +1,1936 @@
+/*
+ * Copyright 2011, 2012 by Emese Revfy <re.emese@gmail.com>
+ * Licensed under the GPL v2, or (at your option) v3
+#include "tree-flow.h"
+#include "plugin.h"
+#include "gimple.h"
-+#include "c-common.h"
+#include "diagnostic.h"
+#include "cfgloop.h"
+
-+#if BUILDING_GCC_VERSION >= 4007
-+#include "c-tree.h"
-+#else
-+#define C_DECL_IMPLICIT(EXP) DECL_LANG_FLAG_2 (EXP)
-+#endif
++#define C_DECL_IMPLICIT(EXP) DECL_LANG_FLAG_2(EXP)
+
+#if BUILDING_GCC_VERSION >= 4008
+#define TODO_dump_func 0
+
#endif
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
-index 6e8fa7e..37f02a5 100644
+index 1cd693a..f4a7b20 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -75,12 +75,17 @@ LIST_HEAD(vm_list);
struct dentry *kvm_debugfs_dir;
-@@ -726,7 +731,7 @@ int __kvm_set_memory_region(struct kvm *kvm,
+@@ -731,7 +736,7 @@ int __kvm_set_memory_region(struct kvm *kvm,
/* We can read the guest memory with __xxx_user() later on. */
if (user_alloc &&
((mem->userspace_addr & (PAGE_SIZE - 1)) ||
(void __user *)(unsigned long)mem->userspace_addr,
mem->memory_size)))
goto out;
-@@ -2450,7 +2455,7 @@ static void hardware_enable_nolock(void *junk)
+@@ -1783,7 +1788,7 @@ static int kvm_vcpu_release(struct inode *inode, struct file *filp)
+ return 0;
+ }
+
+-static struct file_operations kvm_vcpu_fops = {
++static file_operations_no_const kvm_vcpu_fops __read_only = {
+ .release = kvm_vcpu_release,
+ .unlocked_ioctl = kvm_vcpu_ioctl,
+ #ifdef CONFIG_COMPAT
+@@ -2304,7 +2309,7 @@ static int kvm_vm_mmap(struct file *file, struct vm_area_struct *vma)
+ return 0;
+ }
+
+-static struct file_operations kvm_vm_fops = {
++static file_operations_no_const kvm_vm_fops __read_only = {
+ .release = kvm_vm_release,
+ .unlocked_ioctl = kvm_vm_ioctl,
+ #ifdef CONFIG_COMPAT
+@@ -2402,7 +2407,7 @@ out:
+ return r;
+ }
+
+-static struct file_operations kvm_chardev_ops = {
++static file_operations_no_const kvm_chardev_ops __read_only = {
+ .unlocked_ioctl = kvm_dev_ioctl,
+ .compat_ioctl = kvm_dev_ioctl,
+ .llseek = noop_llseek,
+@@ -2428,7 +2433,7 @@ static void hardware_enable_nolock(void *junk)
if (r) {
cpumask_clear_cpu(cpu, cpus_hardware_enabled);
printk(KERN_INFO "kvm: enabling virtualization on "
"CPU%d failed\n", cpu);
}
-@@ -2504,10 +2509,10 @@ static int hardware_enable_all(void)
+@@ -2482,10 +2487,10 @@ static int hardware_enable_all(void)
kvm_usage_count++;
if (kvm_usage_count == 1) {
hardware_disable_all_nolock();
r = -EBUSY;
}
-@@ -2865,7 +2870,7 @@ static void kvm_sched_out(struct preempt_notifier *pn,
+@@ -2843,7 +2848,7 @@ static void kvm_sched_out(struct preempt_notifier *pn,
kvm_arch_vcpu_put(vcpu);
}
struct module *module)
{
int r;
-@@ -2901,7 +2906,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
+@@ -2879,7 +2884,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
if (!vcpu_align)
vcpu_align = __alignof__(struct kvm_vcpu);
kvm_vcpu_cache = kmem_cache_create("kvm_vcpu", vcpu_size, vcpu_align,
if (!kvm_vcpu_cache) {
r = -ENOMEM;
goto out_free_3;
-@@ -2911,9 +2916,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
+@@ -2889,9 +2894,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
if (r)
goto out_free;
-- kvm_chardev_ops.owner = module;
-- kvm_vm_fops.owner = module;
-- kvm_vcpu_fops.owner = module;
+ pax_open_kernel();
-+ *(void **)&kvm_chardev_ops.owner = module;
-+ *(void **)&kvm_vm_fops.owner = module;
-+ *(void **)&kvm_vcpu_fops.owner = module;
+ kvm_chardev_ops.owner = module;
+ kvm_vm_fops.owner = module;
+ kvm_vcpu_fops.owner = module;
+ pax_close_kernel();
r = misc_register(&kvm_dev);
if (r) {
-@@ -2923,9 +2930,6 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
+@@ -2901,9 +2908,6 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
register_syscore_ops(&kvm_syscore_ops);