From 028e459b5a98c541f22cb4bb78d6064ca9d1c4c0 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Sun, 12 Aug 2012 22:07:41 +0200 Subject: [PATCH] kernel: Update to 3.5.1. --- kernel/config-arm-generic | 26 +- kernel/config-armv5tel-kirkwood | 20 +- kernel/config-armv7hl-omap | 36 +- kernel/config-generic | 163 +- kernel/config-i686-default | 9 +- kernel/config-i686-legacy | 13 +- kernel/config-x86-generic | 34 +- kernel/config-x86_64-default | 14 +- kernel/kernel.nm | 6 +- ...grsecurity-2.9.1-3.5.1-201208112021.patch} | 10735 +++++++++------- ...linux-2.6-input-kill-stupid-messages.patch | 32 - 11 files changed, 6268 insertions(+), 4820 deletions(-) rename kernel/patches/{grsecurity-2.9.1-3.4.6-201207281946.patch => grsecurity-2.9.1-3.5.1-201208112021.patch} (91%) delete mode 100644 kernel/patches/linux-2.6-input-kill-stupid-messages.patch diff --git a/kernel/config-arm-generic b/kernel/config-arm-generic index 874bcc645..f51241e6a 100644 --- a/kernel/config-arm-generic +++ b/kernel/config-arm-generic @@ -1,12 +1,10 @@ CONFIG_ARM=y CONFIG_MIGHT_HAVE_PCI=y CONFIG_SYS_SUPPORTS_APM_EMULATION=y -# CONFIG_ARCH_USES_GETTIMEOFFSET is not set -CONFIG_KTIME_SCALAR=y -CONFIG_HARDIRQS_SW_RESEND=y CONFIG_RWSEM_GENERIC_SPINLOCK=y CONFIG_VECTORS_BASE=0xffff0000 CONFIG_ARM_PATCH_PHYS_VIRT=y +CONFIG_NEED_MACH_IO_H=y # # General setup @@ -16,8 +14,10 @@ CONFIG_BROKEN_ON_SMP=y # # IRQ subsystem # +CONFIG_HARDIRQS_SW_RESEND=y CONFIG_IRQ_DOMAIN=y # CONFIG_IRQ_DOMAIN_DEBUG is not set +CONFIG_KTIME_SCALAR=y # # RCU Subsystem @@ -59,8 +59,6 @@ CONFIG_ARCH_VERSATILE=y # CONFIG_ARCH_IOP13XX is not set # CONFIG_ARCH_IOP32X is not set # CONFIG_ARCH_IOP33X is not set -# CONFIG_ARCH_IXP23XX is not set -# CONFIG_ARCH_IXP2000 is not set # CONFIG_ARCH_IXP4XX is not set # CONFIG_ARCH_DOVE is not set # CONFIG_ARCH_KIRKWOOD is not set @@ -102,6 +100,7 @@ CONFIG_MACH_VERSATILE_AB=y CONFIG_MACH_VERSATILE_DT=y CONFIG_PLAT_VERSATILE_CLCD=y CONFIG_PLAT_VERSATILE_FPGA_IRQ=y +CONFIG_PLAT_VERSATILE_FPGA_IRQ_NR=4 CONFIG_PLAT_VERSATILE_LEDS=y CONFIG_PLAT_VERSATILE_SCHED_CLOCK=y CONFIG_PLAT_VERSATILE=y @@ -238,7 +237,6 @@ CONFIG_OF_EARLY_FLATTREE=y CONFIG_OF_ADDRESS=y CONFIG_OF_IRQ=y CONFIG_OF_DEVICE=y -CONFIG_OF_GPIO=y CONFIG_OF_I2C=m CONFIG_OF_NET=y CONFIG_OF_MDIO=y @@ -288,6 +286,12 @@ CONFIG_SMSC911X=m # CONFIG_SMSC911X_ARCH_HOOKS is not set # CONFIG_SUNGEM is not set +# +# MII PHY device drivers +# +CONFIG_MDIO_BUS_MUX=m +CONFIG_MDIO_BUS_MUX_GPIO=m + # # ISDN feature submodules # @@ -307,6 +311,7 @@ CONFIG_SERIO_AMBAKMI=m # Serial drivers # # CONFIG_SERIAL_8250_DW is not set +# CONFIG_SERIAL_8250_EM is not set # # Non-8250 serial port support @@ -315,6 +320,7 @@ CONFIG_SERIAL_AMBA_PL011=y CONFIG_SERIAL_AMBA_PL011_CONSOLE=y CONFIG_SERIAL_OF_PLATFORM=m # CONFIG_HVC_DCC is not set +CONFIG_HW_RANDOM_ATMEL=m # # PC SMBus host controller drivers @@ -331,9 +337,16 @@ CONFIG_I2C_SIS630=m # CONFIG_I2C_DESIGNWARE_PLATFORM is not set CONFIG_I2C_VERSATILE=m +# +# Enable PHYLIB and NETWORK_PHY_TIMESTAMPING to see the additional clocks. +# +CONFIG_ARCH_HAVE_CUSTOM_GPIO_H=y +CONFIG_OF_GPIO=y + # # Memory mapped GPIO drivers: # +# CONFIG_GPIO_EM is not set # CONFIG_GPIO_PL061 is not set # @@ -405,6 +418,7 @@ CONFIG_SND_ARMAACI=m CONFIG_SND_SOC=m CONFIG_SND_SOC_I2C_AND_SPI=m # CONFIG_SND_SOC_ALL_CODECS is not set +CONFIG_SND_SIMPLE_CARD=m # # OTG and related infrastructure diff --git a/kernel/config-armv5tel-kirkwood b/kernel/config-armv5tel-kirkwood index 8e5d6e6ce..12e6cac92 100644 --- a/kernel/config-armv5tel-kirkwood +++ b/kernel/config-armv5tel-kirkwood @@ -1,4 +1,3 @@ -CONFIG_NEED_MACH_IO_H=y # # IRQ subsystem @@ -23,6 +22,9 @@ CONFIG_MACH_ESATA_SHEEVAPLUG=y CONFIG_MACH_GURUPLUG=y CONFIG_ARCH_KIRKWOOD_DT=y CONFIG_MACH_DREAMPLUG_DT=y +CONFIG_MACH_ICONNECT_DT=y +CONFIG_MACH_DLINK_KIRKWOOD_DT=y +CONFIG_MACH_IB62X0_DT=y CONFIG_MACH_TS219=y CONFIG_MACH_TS41X=y CONFIG_MACH_DOCKSTAR=y @@ -37,10 +39,6 @@ CONFIG_MACH_D2NET_V2=y CONFIG_MACH_NET2BIG_V2=y CONFIG_MACH_NET5BIG_V2=y CONFIG_MACH_T5325=y - -# -# System MMU -# CONFIG_PLAT_ORION=y # @@ -75,7 +73,7 @@ CONFIG_MV643XX_ETH=m CONFIG_I2C_MV64XXX=m # -# Enable Device Drivers -> PPS to see the PTP clock options. +# Enable PHYLIB and NETWORK_PHY_TIMESTAMPING to see the additional clocks. # CONFIG_ARCH_REQUIRE_GPIOLIB=y CONFIG_GPIO_GENERIC=y @@ -127,6 +125,16 @@ CONFIG_RTC_DRV_MV=m CONFIG_ASYNC_TX_ENABLE_CHANNEL_SWITCH=y CONFIG_MV_XOR=y +# +# Android +# +CONFIG_COMMON_CLK=y + +# +# Common Clock Framework +# +# CONFIG_COMMON_CLK_DEBUG is not set + # # Random Number Generation # diff --git a/kernel/config-armv7hl-omap b/kernel/config-armv7hl-omap index 87b023986..9b73127a1 100644 --- a/kernel/config-armv7hl-omap +++ b/kernel/config-armv7hl-omap @@ -1,16 +1,17 @@ -CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y CONFIG_ARCH_HAS_CPUFREQ=y # # IRQ subsystem # CONFIG_GENERIC_IRQ_CHIP=y +CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y # # RCU Subsystem # CONFIG_TREE_RCU=y CONFIG_RCU_FANOUT=32 +CONFIG_RCU_FANOUT_LEAF=16 # CONFIG_RCU_FANOUT_EXACT is not set CONFIG_RCU_FAST_NO_HZ=y @@ -19,11 +20,6 @@ CONFIG_RCU_FAST_NO_HZ=y # CONFIG_USE_GENERIC_SMP_HELPERS=y -# -# GCOV-based kernel profiling -# -CONFIG_STOP_MACHINE=y - # # IO Schedulers # @@ -69,8 +65,8 @@ CONFIG_ARCH_OMAP2PLUS_TYPICAL=y CONFIG_ARCH_OMAP3=y CONFIG_ARCH_OMAP4=y CONFIG_SOC_OMAP3430=y -CONFIG_SOC_OMAPTI81XX=y -CONFIG_SOC_OMAPAM33XX=y +CONFIG_SOC_TI81XX=y +CONFIG_SOC_AM33XX=y CONFIG_OMAP_PACKAGE_CBB=y CONFIG_OMAP_PACKAGE_CUS=y CONFIG_OMAP_PACKAGE_CBP=y @@ -172,6 +168,7 @@ CONFIG_SMP_ON_UP=y CONFIG_ARM_CPU_TOPOLOGY=y CONFIG_SCHED_MC=y CONFIG_SCHED_SMT=y +# CONFIG_ARM_ARCH_TIMER is not set CONFIG_NR_CPUS=2 CONFIG_HOTPLUG_CPU=y CONFIG_LOCAL_TIMERS=y @@ -215,6 +212,7 @@ CONFIG_XPS=y # Generic Driver Options # CONFIG_REGMAP_I2C=y +# CONFIG_CMA is not set CONFIG_MTD=y CONFIG_MTD_TESTS=m # CONFIG_MTD_REDBOOT_PARTS is not set @@ -287,6 +285,7 @@ CONFIG_MTD_NAND=y # CONFIG_MTD_NAND_MUSEUM_IDS is not set # CONFIG_MTD_NAND_GPIO is not set CONFIG_MTD_NAND_OMAP2=y +# CONFIG_MTD_NAND_OMAP_BCH is not set CONFIG_MTD_NAND_IDS=y # CONFIG_MTD_NAND_DISKONCHIP is not set # CONFIG_MTD_NAND_DOCG4 is not set @@ -364,6 +363,11 @@ CONFIG_I2C=y # CONFIG_I2C_OMAP=y +# +# PPS support +# +# CONFIG_PPS is not set + # # Enable Device Drivers -> PPS to see the PTP clock options. # @@ -413,10 +417,12 @@ CONFIG_TWL6040_CORE=y # CONFIG_PMIC_DA903X is not set # CONFIG_MFD_DA9052_I2C is not set # CONFIG_PMIC_ADP5520 is not set +# CONFIG_MFD_MAX77693 is not set # CONFIG_MFD_MAX8925 is not set # CONFIG_MFD_MAX8997 is not set # CONFIG_MFD_MAX8998 is not set # CONFIG_MFD_S5M_CORE is not set +# CONFIG_MFD_WM8400 is not set # CONFIG_MFD_WM831X_I2C is not set # CONFIG_MFD_WM8350_I2C is not set # CONFIG_MFD_WM8994 is not set @@ -424,6 +430,7 @@ CONFIG_MFD_OMAP_USB_HOST=y CONFIG_MFD_TPS65090=y # CONFIG_MFD_AAT2870_CORE is not set # CONFIG_MFD_RC5T583 is not set +# CONFIG_MFD_PALMAS is not set CONFIG_REGULATOR=y # CONFIG_REGULATOR_DEBUG is not set # CONFIG_REGULATOR_DUMMY is not set @@ -442,8 +449,8 @@ CONFIG_REGULATOR_GPIO=y CONFIG_REGULATOR_TPS62360=m # CONFIG_REGULATOR_TPS65023 is not set # CONFIG_REGULATOR_TPS6507X is not set +CONFIG_REGULATOR_TPS65090=m CONFIG_REGULATOR_TWL4030=y -# CONFIG_REGULATOR_WM8400 is not set # # Miscelaneous helper chips @@ -480,7 +487,6 @@ CONFIG_OMAP2_DSS_VENC=y CONFIG_OMAP4_DSS_HDMI=y # CONFIG_OMAP2_DSS_SDI is not set # CONFIG_OMAP2_DSS_DSI is not set -# CONFIG_OMAP2_DSS_FAKE_VSYNC is not set CONFIG_OMAP2_DSS_MIN_FCK_PER_PCK=1 CONFIG_OMAP2_DSS_SLEEP_AFTER_VENC_RESET=y CONFIG_FB_OMAP2=m @@ -491,7 +497,7 @@ CONFIG_FB_OMAP2_NUM_FBS=3 # OMAP2/3 Display Device Drivers # CONFIG_PANEL_GENERIC_DPI=y -# CONFIG_PANEL_DVI is not set +CONFIG_PANEL_TFP410=m CONFIG_PANEL_SHARP_LS037V7DW01=y # CONFIG_PANEL_PICODLP is not set # CONFIG_LCD_PLATFORM is not set @@ -505,7 +511,7 @@ CONFIG_PANEL_SHARP_LS037V7DW01=y # CONFIG_SND_OMAP_SOC is not set # -# Special HID drivers +# USB HID support # # CONFIG_USB_ARCH_HAS_XHCI is not set @@ -580,6 +586,11 @@ CONFIG_HWSPINLOCK=m CONFIG_HWSPINLOCK_OMAP=m # CONFIG_OMAP_IOMMU is not set +# +# Rpmsg drivers (EXPERIMENTAL) +# +CONFIG_TI_EMIF=m + # # Pseudo filesystems # @@ -629,3 +640,4 @@ CONFIG_CRYPTO_DEV_OMAP_AES=m # Library routines # CONFIG_CPU_RMAP=y +CONFIG_DDR=y diff --git a/kernel/config-generic b/kernel/config-generic index 202a0a19b..a2b2e3bff 100644 --- a/kernel/config-generic +++ b/kernel/config-generic @@ -1,6 +1,5 @@ # # -CONFIG_GENERIC_CLOCKEVENTS=y CONFIG_LOCKDEP_SUPPORT=y CONFIG_STACKTRACE_SUPPORT=y CONFIG_HAVE_LATENCYTOP_SUPPORT=y @@ -9,7 +8,6 @@ CONFIG_NEED_DMA_MAP_STATE=y CONFIG_GENERIC_BUG=y CONFIG_GENERIC_HWEIGHT=y CONFIG_GENERIC_GPIO=y -CONFIG_ARCH_HAS_CPU_IDLE_WAIT=y CONFIG_GENERIC_CALIBRATE_DELAY=y CONFIG_ARCH_SUSPEND_POSSIBLE=y CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config" @@ -58,6 +56,15 @@ CONFIG_HAVE_GENERIC_HARDIRQS=y CONFIG_GENERIC_HARDIRQS=y CONFIG_GENERIC_IRQ_PROBE=y CONFIG_GENERIC_IRQ_SHOW=y +CONFIG_GENERIC_CLOCKEVENTS=y +CONFIG_GENERIC_CLOCKEVENTS_BUILD=y + +# +# Timers subsystem +# +CONFIG_TICK_ONESHOT=y +CONFIG_NO_HZ=y +CONFIG_HIGH_RES_TIMERS=y # # RCU Subsystem @@ -88,7 +95,6 @@ CONFIG_BLK_CGROUP=y CONFIG_NAMESPACES=y CONFIG_UTS_NS=y CONFIG_IPC_NS=y -CONFIG_USER_NS=y CONFIG_PID_NS=y CONFIG_NET_NS=y CONFIG_SCHED_AUTOGROUP=y @@ -129,7 +135,6 @@ CONFIG_HAVE_PERF_EVENTS=y # Kernel Performance Events And Counters # CONFIG_PERF_EVENTS=y -CONFIG_PERF_COUNTERS=y # CONFIG_DEBUG_PERF_USE_VMALLOC is not set CONFIG_VM_EVENT_COUNTERS=y CONFIG_PCI_QUIRKS=y @@ -144,6 +149,9 @@ CONFIG_HAVE_OPROFILE=y CONFIG_JUMP_LABEL=y CONFIG_HAVE_KPROBES=y CONFIG_HAVE_KRETPROBES=y +CONFIG_HAVE_ARCH_TRACEHOOK=y +CONFIG_HAVE_DMA_ATTRS=y +CONFIG_GENERIC_SMP_IDLE_THREAD=y CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y CONFIG_HAVE_DMA_API_DEBUG=y CONFIG_HAVE_ARCH_JUMP_LABEL=y @@ -161,6 +169,7 @@ CONFIG_MODULE_UNLOAD=y # CONFIG_MODULE_FORCE_UNLOAD is not set # CONFIG_MODVERSIONS is not set CONFIG_MODULE_SRCVERSION_ALL=y +CONFIG_STOP_MACHINE=y CONFIG_BLOCK=y CONFIG_BLK_DEV_BSG=y CONFIG_BLK_DEV_BSGLIB=y @@ -233,10 +242,6 @@ CONFIG_FREEZER=y # # Processor type and features # -CONFIG_TICK_ONESHOT=y -CONFIG_NO_HZ=y -CONFIG_HIGH_RES_TIMERS=y -CONFIG_GENERIC_CLOCKEVENTS_BUILD=y CONFIG_PREEMPT_NONE=y # CONFIG_PREEMPT_VOLUNTARY is not set # CONFIG_PREEMPT is not set @@ -248,7 +253,9 @@ CONFIG_MIGRATION=y CONFIG_BOUNCE=y CONFIG_VIRT_TO_BUS=y CONFIG_KSM=y +CONFIG_CROSS_MEMORY_ATTACH=y CONFIG_CLEANCACHE=y +# CONFIG_FRONTSWAP is not set CONFIG_SECCOMP=y CONFIG_CC_STACKPROTECTOR=y CONFIG_KEXEC=y @@ -260,6 +267,8 @@ CONFIG_CRASH_DUMP=y CONFIG_SUSPEND=y CONFIG_SUSPEND_FREEZER=y CONFIG_PM_SLEEP=y +# CONFIG_PM_AUTOSLEEP is not set +# CONFIG_PM_WAKELOCKS is not set CONFIG_PM_RUNTIME=y CONFIG_PM=y # CONFIG_PM_DEBUG is not set @@ -319,6 +328,7 @@ CONFIG_PACKET=y CONFIG_UNIX=y CONFIG_UNIX_DIAG=m CONFIG_XFRM=y +CONFIG_XFRM_ALGO=y CONFIG_XFRM_USER=y CONFIG_XFRM_SUB_POLICY=y CONFIG_XFRM_MIGRATE=y @@ -459,6 +469,7 @@ CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=m CONFIG_NETFILTER_XT_TARGET_CT=m CONFIG_NETFILTER_XT_TARGET_DSCP=m CONFIG_NETFILTER_XT_TARGET_HL=m +CONFIG_NETFILTER_XT_TARGET_HMARK=m CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m CONFIG_NETFILTER_XT_TARGET_LED=m CONFIG_NETFILTER_XT_TARGET_LOG=m @@ -619,7 +630,6 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_DEFRAG_IPV6=m CONFIG_NF_CONNTRACK_IPV6=m -# CONFIG_IP6_NF_QUEUE is not set CONFIG_IP6_NF_IPTABLES=m CONFIG_IP6_NF_MATCH_AH=m CONFIG_IP6_NF_MATCH_EUI64=m @@ -721,6 +731,8 @@ CONFIG_NET_SCH_DRR=m CONFIG_NET_SCH_MQPRIO=m CONFIG_NET_SCH_CHOKE=m CONFIG_NET_SCH_QFQ=m +CONFIG_NET_SCH_CODEL=m +CONFIG_NET_SCH_FQ_CODEL=m CONFIG_NET_SCH_INGRESS=m CONFIG_NET_SCH_PLUG=m @@ -925,7 +937,8 @@ CONFIG_HP_ILO=m # CONFIG_SENSORS_APDS990X is not set # CONFIG_HMC6352 is not set CONFIG_DS1682=m -# CONFIG_BMP085 is not set +CONFIG_BMP085=y +CONFIG_BMP085_I2C=m CONFIG_PCH_PHUB=m CONFIG_USB_SWITCH_FSA9480=m # CONFIG_C2PORT is not set @@ -1356,9 +1369,12 @@ CONFIG_E100=m CONFIG_E1000=m CONFIG_E1000E=m CONFIG_IGB=m +CONFIG_IGB_PTP=y CONFIG_IGBVF=m CONFIG_IXGB=m CONFIG_IXGBE=m +CONFIG_IXGBE_HWMON=y +CONFIG_IXGBE_PTP=y CONFIG_NET_VENDOR_I825XX=y CONFIG_IP1000=m CONFIG_JME=m @@ -1385,6 +1401,7 @@ CONFIG_NET_VENDOR_NVIDIA=y CONFIG_FORCEDETH=m CONFIG_NET_VENDOR_OKI=y CONFIG_PCH_GBE=m +CONFIG_PCH_PTP=y CONFIG_ETHOC=m # CONFIG_NET_PACKET_ENGINE is not set CONFIG_NET_VENDOR_QLOGIC=y @@ -1417,8 +1434,8 @@ CONFIG_EPIC100=m CONFIG_SMSC9420=m CONFIG_NET_VENDOR_STMICRO=y CONFIG_STMMAC_ETH=m -CONFIG_STMMAC_PLATFORM=m -CONFIG_STMMAC_PCI=m +CONFIG_STMMAC_PLATFORM=y +CONFIG_STMMAC_PCI=y # CONFIG_STMMAC_DEBUG_FS is not set # CONFIG_STMMAC_DA is not set CONFIG_STMMAC_RING=y @@ -1435,6 +1452,12 @@ CONFIG_NET_VENDOR_VIA=y CONFIG_VIA_RHINE=m CONFIG_VIA_RHINE_MMIO=y CONFIG_VIA_VELOCITY=m +CONFIG_NET_VENDOR_WIZNET=y +CONFIG_WIZNET_W5100=m +CONFIG_WIZNET_W5300=m +# CONFIG_WIZNET_BUS_DIRECT is not set +# CONFIG_WIZNET_BUS_INDIRECT is not set +CONFIG_WIZNET_BUS_ANY=y # CONFIG_FDDI is not set # CONFIG_HIPPI is not set CONFIG_PHYLIB=y @@ -1475,7 +1498,6 @@ CONFIG_PPP_ASYNC=m CONFIG_PPP_SYNC_TTY=m # CONFIG_SLIP is not set CONFIG_SLHC=m -# CONFIG_TR is not set # # USB Network Adapters @@ -1650,17 +1672,19 @@ CONFIG_RTL8192CU=m CONFIG_RTLWIFI=m # CONFIG_RTLWIFI_DEBUG is not set CONFIG_RTL8192C_COMMON=m +CONFIG_WL_TI=y CONFIG_WL1251=m CONFIG_WL1251_SDIO=m -CONFIG_WL12XX_MENU=m CONFIG_WL12XX=m -CONFIG_WL12XX_SDIO=m +CONFIG_WLCORE=m +CONFIG_WLCORE_SDIO=m CONFIG_WL12XX_PLATFORM_DATA=y CONFIG_ZD1211RW=m # CONFIG_ZD1211RW_DEBUG is not set CONFIG_MWIFIEX=m CONFIG_MWIFIEX_SDIO=m # CONFIG_MWIFIEX_PCIE is not set +CONFIG_MWIFIEX_USB=m # # Enable WiMAX (Networking options) to see the WiMAX drivers @@ -1776,6 +1800,7 @@ CONFIG_INPUT=y # CONFIG_INPUT_FF_MEMLESS is not set CONFIG_INPUT_POLLDEV=m CONFIG_INPUT_SPARSEKMAP=m +CONFIG_INPUT_MATRIXKMAP=m # # Userland interfaces @@ -1804,6 +1829,7 @@ CONFIG_KEYBOARD_GPIO_POLLED=m # CONFIG_KEYBOARD_TCA8418 is not set # CONFIG_KEYBOARD_MATRIX is not set # CONFIG_KEYBOARD_LM8323 is not set +CONFIG_KEYBOARD_LM8333=m # CONFIG_KEYBOARD_MAX7359 is not set # CONFIG_KEYBOARD_MCS is not set # CONFIG_KEYBOARD_MPR121 is not set @@ -1937,7 +1963,6 @@ CONFIG_R3964=m CONFIG_RAW_DRIVER=y CONFIG_MAX_RAW_DEVS=8192 # CONFIG_TCG_TPM is not set -# CONFIG_RAMOOPS is not set CONFIG_I2C=m CONFIG_I2C_BOARDINFO=y CONFIG_I2C_COMPAT=y @@ -2010,7 +2035,16 @@ CONFIG_HSI_CHAR=m # # PPS support # -# CONFIG_PPS is not set +CONFIG_PPS=m +# CONFIG_PPS_DEBUG is not set + +# +# PPS clients support +# +# CONFIG_PPS_CLIENT_KTIMER is not set +# CONFIG_PPS_CLIENT_LDISC is not set +# CONFIG_PPS_CLIENT_PARPORT is not set +# CONFIG_PPS_CLIENT_GPIO is not set # # PPS generators support @@ -2019,10 +2053,12 @@ CONFIG_HSI_CHAR=m # # PTP clock support # +CONFIG_PTP_1588_CLOCK=m # -# Enable Device Drivers -> PPS to see the PTP clock options. +# Enable PHYLIB and NETWORK_PHY_TIMESTAMPING to see the additional clocks. # +CONFIG_PTP_1588_CLOCK_PCH=m CONFIG_ARCH_WANT_OPTIONAL_GPIOLIB=y CONFIG_GPIOLIB=y # CONFIG_DEBUG_GPIO is not set @@ -2197,6 +2233,7 @@ CONFIG_SENSORS_SCH5636=m CONFIG_SENSORS_ADS1015=m CONFIG_SENSORS_ADS7828=m CONFIG_SENSORS_AMC6821=m +CONFIG_SENSORS_INA2XX=m CONFIG_SENSORS_THMC50=m CONFIG_SENSORS_TMP102=m CONFIG_SENSORS_TMP401=m @@ -2229,6 +2266,7 @@ CONFIG_WATCHDOG_NOWAYOUT=y # CONFIG_SOFT_WATCHDOG=m CONFIG_ALIM7101_WDT=m +CONFIG_I6300ESB_WDT=m # # PCI-based Watchdog Cards @@ -2271,16 +2309,18 @@ CONFIG_MFD_SM501=m CONFIG_MFD_SM501_GPIO=y # CONFIG_HTC_PASIC3 is not set # CONFIG_UCB1400_CORE is not set +CONFIG_MFD_LM3533=m # CONFIG_TPS6105X is not set # CONFIG_TPS65010 is not set # CONFIG_TPS6507X is not set # CONFIG_MFD_TPS65217 is not set # CONFIG_MFD_TMIO is not set -CONFIG_MFD_WM8400=m # CONFIG_MFD_PCF50633 is not set +# CONFIG_MFD_MC13XXX_I2C is not set # CONFIG_ABX500_CORE is not set # CONFIG_MFD_TIMBERDALE is not set CONFIG_LPC_SCH=m +CONFIG_LPC_ICH=m # CONFIG_MFD_RDC321X is not set # CONFIG_MFD_JANZ_CMODIO is not set CONFIG_MFD_VX855=m @@ -2351,7 +2391,11 @@ CONFIG_MEDIA_TUNER_MXL5007T=m CONFIG_MEDIA_TUNER_MC44S803=m CONFIG_MEDIA_TUNER_MAX2165=m CONFIG_MEDIA_TUNER_TDA18218=m +CONFIG_MEDIA_TUNER_FC0011=m +CONFIG_MEDIA_TUNER_FC0012=m +CONFIG_MEDIA_TUNER_FC0013=m CONFIG_MEDIA_TUNER_TDA18212=m +CONFIG_MEDIA_TUNER_TUA9001=m CONFIG_VIDEO_V4L2=m CONFIG_VIDEOBUF_GEN=m CONFIG_VIDEOBUF_DMA_SG=m @@ -2444,6 +2488,7 @@ CONFIG_VIDEO_UPD64083=m CONFIG_VIDEO_M52790=m # CONFIG_VIDEO_VIVI is not set CONFIG_V4L_USB_DRIVERS=y +CONFIG_VIDEO_AU0828=m CONFIG_USB_VIDEO_CLASS=m CONFIG_USB_VIDEO_CLASS_INPUT_EVDEV=y CONFIG_USB_GSPCA=m @@ -2501,7 +2546,7 @@ CONFIG_VIDEO_HDPVR=m CONFIG_VIDEO_EM28XX=m CONFIG_VIDEO_EM28XX_ALSA=m CONFIG_VIDEO_EM28XX_DVB=m -CONFIG_VIDEO_EM28XX_RC=y +CONFIG_VIDEO_EM28XX_RC=m CONFIG_VIDEO_TLG2300=m CONFIG_VIDEO_CX231XX=m CONFIG_VIDEO_CX231XX_RC=y @@ -2509,7 +2554,6 @@ CONFIG_VIDEO_CX231XX_ALSA=m CONFIG_VIDEO_CX231XX_DVB=m # CONFIG_VIDEO_TM6000 is not set CONFIG_VIDEO_USBVISION=m -# CONFIG_USB_ET61X251 is not set # CONFIG_USB_SN9C102 is not set CONFIG_USB_PWC=m # CONFIG_USB_PWC_DEBUG is not set @@ -2519,7 +2563,6 @@ CONFIG_USB_ZR364XX=m CONFIG_USB_STKWEBCAM=m CONFIG_USB_S2255=m CONFIG_V4L_PCI_DRIVERS=y -CONFIG_VIDEO_AU0828=m CONFIG_VIDEO_BT848=m CONFIG_VIDEO_BT848_DVB=y CONFIG_VIDEO_CX18=m @@ -2648,6 +2691,7 @@ CONFIG_DVB_USB_TECHNISAT_USB2=m # CONFIG_DVB_USB_IT913X is not set # CONFIG_DVB_USB_MXL111SF is not set CONFIG_DVB_USB_RTL28XXU=m +CONFIG_DVB_USB_AF9035=m CONFIG_DVB_TTUSB_BUDGET=m CONFIG_DVB_TTUSB_DEC=m CONFIG_SMS_SIANO_MDTV=m @@ -2804,8 +2848,11 @@ CONFIG_DVB_OR51132=m CONFIG_DVB_BCM3510=m CONFIG_DVB_LGDT330X=m CONFIG_DVB_LGDT3305=m +CONFIG_DVB_LG2160=m CONFIG_DVB_S5H1409=m CONFIG_DVB_AU8522=m +CONFIG_DVB_AU8522_DTV=m +CONFIG_DVB_AU8522_V4L=m CONFIG_DVB_S5H1411=m # @@ -2838,6 +2885,7 @@ CONFIG_DVB_TDA665x=m CONFIG_DVB_IX2505V=m CONFIG_DVB_IT913X_FE=m CONFIG_DVB_M88RS2000=m +CONFIG_DVB_AF9033=m # # Tools to develop new frontends @@ -2865,6 +2913,9 @@ CONFIG_DRM_VIA=m CONFIG_DRM_SAVAGE=m CONFIG_DRM_VMWGFX=m CONFIG_DRM_UDL=m +CONFIG_DRM_AST=m +CONFIG_DRM_MGAG200=m +CONFIG_DRM_CIRRUS_QEMU=m CONFIG_STUB_POULSBO=m CONFIG_VGASTATE=m CONFIG_VIDEO_OUTPUT_CONTROL=m @@ -2937,12 +2988,14 @@ CONFIG_FB_MB862XX=m CONFIG_FB_MB862XX_PCI_GDC=y CONFIG_FB_MB862XX_I2C=y # CONFIG_FB_BROADSHEET is not set +# CONFIG_FB_AUO_K190X is not set # CONFIG_EXYNOS_VIDEO is not set CONFIG_BACKLIGHT_LCD_SUPPORT=y CONFIG_LCD_CLASS_DEVICE=m CONFIG_LCD_PLATFORM=m CONFIG_BACKLIGHT_CLASS_DEVICE=y # CONFIG_BACKLIGHT_GENERIC is not set +# CONFIG_BACKLIGHT_LM3533 is not set # CONFIG_BACKLIGHT_ADP8860 is not set # CONFIG_BACKLIGHT_ADP8870 is not set # CONFIG_BACKLIGHT_LP855X is not set @@ -3063,7 +3116,6 @@ CONFIG_SND_HDA_INPUT_BEEP_MODE=1 CONFIG_SND_HDA_INPUT_JACK=y # CONFIG_SND_HDA_PATCH_LOADER is not set CONFIG_SND_HDA_CODEC_REALTEK=y -CONFIG_SND_HDA_ENABLE_REALTEK_QUIRKS=y CONFIG_SND_HDA_CODEC_ANALOG=y CONFIG_SND_HDA_CODEC_SIGMATEL=y CONFIG_SND_HDA_CODEC_VIA=y @@ -3113,17 +3165,14 @@ CONFIG_SND_FIREWIRE_SPEAKERS=m # CONFIG_SND_ISIGHT is not set # CONFIG_SOUND_PRIME is not set CONFIG_AC97_BUS=m -CONFIG_HID_SUPPORT=y -CONFIG_HID=y -# CONFIG_HID_BATTERY_STRENGTH is not set -CONFIG_HIDRAW=y # -# USB Input Devices +# HID support # -CONFIG_USB_HID=y -CONFIG_HID_PID=y -CONFIG_USB_HIDDEV=y +CONFIG_HID=y +# CONFIG_HID_BATTERY_STRENGTH is not set +CONFIG_HIDRAW=y +CONFIG_HID_GENERIC=m # # Special HID drivers @@ -3131,6 +3180,7 @@ CONFIG_USB_HIDDEV=y CONFIG_HID_A4TECH=y # CONFIG_HID_ACRUX is not set CONFIG_HID_APPLE=y +CONFIG_HID_AUREAL=m CONFIG_HID_BELKIN=y CONFIG_HID_CHERRY=y CONFIG_HID_CHICONY=y @@ -3184,6 +3234,13 @@ CONFIG_HID_TOPSEED=m # CONFIG_HID_WIIMOTE is not set # CONFIG_HID_ZEROPLUS is not set CONFIG_HID_ZYDACRON=m + +# +# USB HID support +# +CONFIG_USB_HID=y +CONFIG_HID_PID=y +CONFIG_USB_HIDDEV=y CONFIG_USB_ARCH_HAS_OHCI=y CONFIG_USB_ARCH_HAS_EHCI=y CONFIG_USB_ARCH_HAS_XHCI=y @@ -3197,8 +3254,6 @@ CONFIG_USB_ANNOUNCE_NEW_DEVICES=y # # Miscellaneous USB options # -CONFIG_USB_DEVICEFS=y -# CONFIG_USB_DEVICE_CLASS is not set # CONFIG_USB_DYNAMIC_MINORS is not set CONFIG_USB_SUSPEND=y # CONFIG_USB_OTG is not set @@ -3233,6 +3288,10 @@ CONFIG_USB_SL811_HCD_ISO=y # CONFIG_USB_R8A66597_HCD is not set CONFIG_USB_WHCI_HCD=m CONFIG_USB_HWA_HCD=m +CONFIG_USB_HCD_SSB=m +CONFIG_USB_CHIPIDEA=m +# CONFIG_USB_CHIPIDEA_HOST is not set +# CONFIG_USB_CHIPIDEA_DEBUG is not set # # USB Device Class drivers @@ -3332,6 +3391,7 @@ CONFIG_USB_SERIAL_OPTION=m # CONFIG_USB_SERIAL_VIVOPAY_SERIAL is not set # CONFIG_USB_SERIAL_ZIO is not set CONFIG_USB_SERIAL_SSU100=m +CONFIG_USB_SERIAL_QT2=m # CONFIG_USB_SERIAL_DEBUG is not set # @@ -3358,6 +3418,11 @@ CONFIG_USB_IOWARRIOR=m # CONFIG_USB_TEST is not set # CONFIG_USB_ISIGHTFW is not set CONFIG_USB_YUREX=m + +# +# USB Physical Layer drivers +# +CONFIG_USB_ISP1301=m CONFIG_USB_ATM=m CONFIG_USB_SPEEDTOUCH=m CONFIG_USB_CXACRU=m @@ -3423,6 +3488,7 @@ CONFIG_LEDS_CLASS=y # LED drivers # CONFIG_LEDS_LM3530=m +CONFIG_LEDS_LM3533=m # CONFIG_LEDS_PCA9532 is not set # CONFIG_LEDS_GPIO is not set CONFIG_LEDS_LP3944=m @@ -3448,6 +3514,7 @@ CONFIG_LEDS_TRIGGER_DEFAULT_ON=m # # iptables trigger is under Netfilter config (LED target) # +CONFIG_LEDS_TRIGGER_TRANSIENT=m # CONFIG_ACCESSIBILITY is not set # CONFIG_INFINIBAND is not set @@ -3580,12 +3647,9 @@ CONFIG_RTLLIB_CRYPTO_WEP=m # CONFIG_IDE_PHISON is not set # CONFIG_LINE6_USB is not set # CONFIG_USB_SERIAL_QUATECH2 is not set -# CONFIG_USB_SERIAL_QUATECH_USB2 is not set # CONFIG_VT6655 is not set # CONFIG_VT6656 is not set -# CONFIG_VME_BUS is not set # CONFIG_DX_SEP is not set -# CONFIG_IIO is not set # CONFIG_FB_SM7XX is not set # CONFIG_CRYSTALHD is not set # CONFIG_FB_XGI is not set @@ -3607,6 +3671,8 @@ CONFIG_RTLLIB_CRYPTO_WEP=m # CONFIG_ANDROID is not set # CONFIG_PHONE is not set # CONFIG_USB_WPAN_HCD is not set +# CONFIG_IPACK_BUS is not set +# CONFIG_WIMAX_GDM72XX is not set # # Hardware Spinlock drivers @@ -3622,6 +3688,10 @@ CONFIG_IOMMU_SUPPORT=y # CONFIG_VIRT_DRIVERS=y # CONFIG_PM_DEVFREQ is not set +# CONFIG_EXTCON is not set +CONFIG_MEMORY=y +# CONFIG_IIO is not set +# CONFIG_VME_BUS is not set # # Firmware Drivers @@ -3741,12 +3811,14 @@ CONFIG_MISC_FILESYSTEMS=y # CONFIG_QNX6FS_FS is not set # CONFIG_ROMFS_FS is not set CONFIG_PSTORE=y +# CONFIG_PSTORE_RAM is not set # CONFIG_SYSV_FS is not set # CONFIG_UFS_FS is not set # CONFIG_EXOFS_FS is not set CONFIG_ORE=m CONFIG_NETWORK_FILESYSTEMS=y CONFIG_NFS_FS=m +CONFIG_NFS_V2=y CONFIG_NFS_V3=y CONFIG_NFS_V3_ACL=y CONFIG_NFS_V4=y @@ -3827,6 +3899,17 @@ CONFIG_NLS_ISO8859_14=m CONFIG_NLS_ISO8859_15=m CONFIG_NLS_KOI8_R=m CONFIG_NLS_KOI8_U=m +CONFIG_NLS_MAC_ROMAN=m +CONFIG_NLS_MAC_CELTIC=m +CONFIG_NLS_MAC_CENTEURO=m +CONFIG_NLS_MAC_CROATIAN=m +CONFIG_NLS_MAC_CYRILLIC=m +CONFIG_NLS_MAC_GAELIC=m +CONFIG_NLS_MAC_GREEK=m +CONFIG_NLS_MAC_ICELAND=m +CONFIG_NLS_MAC_INUIT=m +CONFIG_NLS_MAC_ROMANIAN=m +CONFIG_NLS_MAC_TURKISH=m CONFIG_NLS_UTF8=m CONFIG_DLM=m # CONFIG_DLM_DEBUG is not set @@ -3842,6 +3925,7 @@ CONFIG_ENABLE_MUST_CHECK=y CONFIG_FRAME_WARN=2048 CONFIG_MAGIC_SYSRQ=y CONFIG_STRIP_ASM_SYMS=y +# CONFIG_READABLE_ASM is not set # CONFIG_UNUSED_SYMBOLS is not set CONFIG_DEBUG_FS=y CONFIG_HEADERS_CHECK=y @@ -3853,6 +3937,8 @@ CONFIG_LOCKUP_DETECTOR=y CONFIG_BOOTPARAM_HARDLOCKUP_PANIC_VALUE=0 # CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC is not set CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC_VALUE=0 +# CONFIG_PANIC_ON_OOPS is not set +CONFIG_PANIC_ON_OOPS_VALUE=0 # CONFIG_DETECT_HUNG_TASK is not set CONFIG_SCHED_DEBUG=y CONFIG_SCHEDSTATS=y @@ -3917,6 +4003,7 @@ CONFIG_BRANCH_PROFILE_NONE=y # CONFIG_PROFILE_ALL_BRANCHES is not set CONFIG_STACK_TRACER=y CONFIG_BLK_DEV_IO_TRACE=y +# CONFIG_PROBE_EVENTS is not set CONFIG_DYNAMIC_FTRACE=y CONFIG_FUNCTION_PROFILER=y CONFIG_FTRACE_MCOUNT_RECORD=y @@ -3941,6 +4028,7 @@ CONFIG_STRICT_DEVMEM=y # # Grsecurity # +CONFIG_PAX_USERCOPY_SLABS=y CONFIG_GRKERNSEC=y # CONFIG_GRKERNSEC_CONFIG_AUTO is not set CONFIG_GRKERNSEC_CONFIG_CUSTOM=y @@ -3982,6 +4070,7 @@ CONFIG_PAX_RANDMMAP=y # Miscellaneous hardening features # CONFIG_PAX_USERCOPY=y +# CONFIG_PAX_LATENT_ENTROPY is not set # # Memory Protections @@ -4009,6 +4098,7 @@ CONFIG_GRKERNSEC_PROC=y CONFIG_GRKERNSEC_PROC_USERGROUP=y CONFIG_GRKERNSEC_PROC_ADD=y CONFIG_GRKERNSEC_LINK=y +# CONFIG_GRKERNSEC_SYMLINKOWN is not set CONFIG_GRKERNSEC_FIFO=y CONFIG_GRKERNSEC_SYSFS_RESTRICT=y # CONFIG_GRKERNSEC_ROFS is not set @@ -4257,3 +4347,4 @@ CONFIG_DQL=y CONFIG_NLATTR=y CONFIG_AVERAGE=y CONFIG_CORDIC=m +# CONFIG_DDR is not set diff --git a/kernel/config-i686-default b/kernel/config-i686-default index e01dd3ed2..31014ae13 100644 --- a/kernel/config-i686-default +++ b/kernel/config-i686-default @@ -3,11 +3,14 @@ CONFIG_X86_32=y # CONFIG_X86_64 is not set CONFIG_OUTPUT_FORMAT="elf32-i386" CONFIG_ARCH_DEFCONFIG="arch/x86/configs/i386_defconfig" -# CONFIG_GENERIC_TIME_VSYSCALL is not set # CONFIG_ZONE_DMA32 is not set # CONFIG_AUDIT_ARCH is not set CONFIG_X86_32_SMP=y CONFIG_ARCH_HWEIGHT_CFLAGS="-fcall-saved-ecx -fcall-saved-edx" + +# +# IRQ subsystem +# CONFIG_KTIME_SCALAR=y # @@ -28,6 +31,7 @@ CONFIG_X86_BIGSMP=y # CONFIG_X86_RDC321X is not set CONFIG_X86_32_NON_STANDARD=y # CONFIG_X86_NUMAQ is not set +# CONFIG_STA2X11 is not set # CONFIG_X86_SUMMIT is not set # CONFIG_X86_ES7000 is not set CONFIG_X86_32_IRIS=m @@ -133,7 +137,6 @@ CONFIG_PCI_BIOS=y # CONFIG_PCI_PRI is not set # CONFIG_PCI_PASID is not set # CONFIG_ISA is not set -# CONFIG_MCA is not set # CONFIG_SCx200 is not set # CONFIG_ALIX is not set # CONFIG_NET5501 is not set @@ -261,7 +264,7 @@ CONFIG_CLKSRC_I8253=y CONFIG_DOUBLEFAULT=y # -# PaX +# Grsecurity # CONFIG_ARCH_TRACK_EXEC_LIMIT=y diff --git a/kernel/config-i686-legacy b/kernel/config-i686-legacy index df2ac3d9c..61a548772 100644 --- a/kernel/config-i686-legacy +++ b/kernel/config-i686-legacy @@ -31,6 +31,7 @@ CONFIG_OLPC_XO15_SCI=y # Generic Driver Options # # CONFIG_SYS_HYPERVISOR is not set +# CONFIG_CMA is not set CONFIG_OF=y # @@ -42,13 +43,18 @@ CONFIG_OF_PROMTREE=y CONFIG_OF_ADDRESS=y CONFIG_OF_IRQ=y CONFIG_OF_DEVICE=y -CONFIG_OF_GPIO=y CONFIG_OF_I2C=m CONFIG_OF_NET=y CONFIG_OF_MDIO=y CONFIG_OF_PCI=y CONFIG_OF_PCI_IRQ=y +# +# MII PHY device drivers +# +CONFIG_MDIO_BUS_MUX=m +CONFIG_MDIO_BUS_MUX_GPIO=m + # # Input Device Drivers # @@ -70,6 +76,11 @@ CONFIG_SERIAL_OF_PLATFORM=m CONFIG_I2C_PXA=m CONFIG_I2C_PXA_PCI=y +# +# Enable PHYLIB and NETWORK_PHY_TIMESTAMPING to see the additional clocks. +# +CONFIG_OF_GPIO=y + # # PCI GPIO expanders: # diff --git a/kernel/config-x86-generic b/kernel/config-x86-generic index 35d8b05c3..f9ad22ff0 100644 --- a/kernel/config-x86-generic +++ b/kernel/config-x86-generic @@ -1,8 +1,5 @@ CONFIG_X86=y CONFIG_INSTRUCTION_DECODER=y -CONFIG_GENERIC_CMOS_UPDATE=y -CONFIG_CLOCKSOURCE_WATCHDOG=y -CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y CONFIG_NEED_SG_DMA_LENGTH=y CONFIG_GENERIC_ISA_DMA=y CONFIG_ARCH_MAY_HAVE_PC_FDC=y @@ -19,6 +16,8 @@ CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING=y CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y CONFIG_X86_HT=y CONFIG_ARCH_CPU_PROBE_RELEASE=y +CONFIG_ARCH_SUPPORTS_UPROBES=y +CONFIG_BUILDTIME_EXTABLE_SORT=y # # General setup @@ -31,11 +30,16 @@ CONFIG_ARCH_CPU_PROBE_RELEASE=y CONFIG_GENERIC_PENDING_IRQ=y CONFIG_IRQ_FORCED_THREADING=y CONFIG_SPARSE_IRQ=y +CONFIG_CLOCKSOURCE_WATCHDOG=y +CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y +CONFIG_GENERIC_CLOCKEVENTS_MIN_ADJUST=y +CONFIG_GENERIC_CMOS_UPDATE=y # # RCU Subsystem # CONFIG_TREE_RCU=y +CONFIG_RCU_FANOUT_LEAF=16 # CONFIG_RCU_FANOUT_EXACT is not set CONFIG_RCU_FAST_NO_HZ=y CONFIG_PCSPKR_PLATFORM=y @@ -47,11 +51,7 @@ CONFIG_OPROFILE_NMI_TIMER=y CONFIG_USER_RETURN_NOTIFIER=y CONFIG_USE_GENERIC_SMP_HELPERS=y CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y - -# -# GCOV-based kernel profiling -# -CONFIG_STOP_MACHINE=y +CONFIG_SECCOMP_FILTER=y # # IO Schedulers @@ -64,7 +64,6 @@ CONFIG_MUTEX_SPIN_ON_OWNER=y # Processor type and features # CONFIG_ZONE_DMA=y -CONFIG_GENERIC_CLOCKEVENTS_MIN_ADJUST=y CONFIG_SMP=y CONFIG_X86_MPPARSE=y CONFIG_X86_EXTENDED_PLATFORM=y @@ -307,6 +306,11 @@ CONFIG_XEN_BLKDEV_BACKEND=m CONFIG_SENSORS_LIS3LV02D=m CONFIG_VMWARE_BALLOON=m +# +# Altera FPGA firmware download module +# +# CONFIG_INTEL_MEI is not set + # # SCSI Transports # @@ -422,6 +426,7 @@ CONFIG_I2C_SCMI=m # # CONFIG_GPIO_IT8761E is not set CONFIG_GPIO_SCH=m +CONFIG_GPIO_ICH=m # # PCI GPIO expanders: @@ -463,7 +468,7 @@ CONFIG_SBC_FITPC2_WATCHDOG=m CONFIG_IB700_WDT=m CONFIG_IBMASR=m # CONFIG_WAFER_WDT is not set -CONFIG_I6300ESB_WDT=m +CONFIG_IE6XX_WDT=m CONFIG_ITCO_WDT=m # CONFIG_ITCO_VENDOR_SUPPORT is not set CONFIG_IT8712F_WDT=m @@ -669,11 +674,6 @@ CONFIG_XEN_ACPI_PROCESSOR=m CONFIG_ZSMALLOC=m # CONFIG_ACPI_QUICKSTART is not set -# -# Speakup console speech -# -# CONFIG_INTEL_MEI is not set - # # Android # @@ -773,8 +773,8 @@ CONFIG_RCU_CPU_STALL_TIMEOUT=60 # CONFIG_DEBUG_PER_CPU_MAPS is not set # CONFIG_CPU_NOTIFIER_ERROR_INJECT is not set CONFIG_USER_STACKTRACE_SUPPORT=y -CONFIG_FTRACE_NMI_ENTER=y CONFIG_FTRACE_SYSCALLS=y +# CONFIG_UPROBE_EVENT is not set # CONFIG_MMIOTRACE is not set # CONFIG_X86_VERBOSE_BOOTUP is not set CONFIG_EARLY_PRINTK=y @@ -877,6 +877,8 @@ CONFIG_VHOST_NET=m # # Library routines # +CONFIG_GENERIC_STRNCPY_FROM_USER=y +CONFIG_GENERIC_STRNLEN_USER=y CONFIG_GENERIC_FIND_FIRST_BIT=y CONFIG_GENERIC_IOMAP=y CONFIG_GENERIC_ALLOCATOR=y diff --git a/kernel/config-x86_64-default b/kernel/config-x86_64-default index 2da29dbd9..1fa32dfce 100644 --- a/kernel/config-x86_64-default +++ b/kernel/config-x86_64-default @@ -3,14 +3,19 @@ CONFIG_64BIT=y CONFIG_X86_64=y CONFIG_OUTPUT_FORMAT="elf64-x86-64" CONFIG_ARCH_DEFCONFIG="arch/x86/configs/x86_64_defconfig" -CONFIG_ARCH_CLOCKSOURCE_DATA=y CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y -CONFIG_GENERIC_TIME_VSYSCALL=y CONFIG_ZONE_DMA32=y CONFIG_AUDIT_ARCH=y CONFIG_X86_64_SMP=y CONFIG_ARCH_HWEIGHT_CFLAGS="-fcall-saved-rdi -fcall-saved-rsi -fcall-saved-rdx -fcall-saved-rcx -fcall-saved-r8 -fcall-saved-r9 -fcall-saved-r10 -fcall-saved-r11" -# CONFIG_KTIME_SCALAR is not set + +# +# IRQ subsystem +# +CONFIG_IRQ_DOMAIN=y +# CONFIG_IRQ_DOMAIN_DEBUG is not set +CONFIG_ARCH_CLOCKSOURCE_DATA=y +CONFIG_GENERIC_TIME_VSYSCALL=y # # RCU Subsystem @@ -99,6 +104,7 @@ CONFIG_COMPAT=y CONFIG_COMPAT_FOR_U64_ALIGNMENT=y CONFIG_SYSVIPC_COMPAT=y CONFIG_KEYS_COMPAT=y +CONFIG_X86_DEV_DMA_OPS=y CONFIG_COMPAT_NETLINK_MESSAGES=y # @@ -159,7 +165,7 @@ CONFIG_PROVIDE_OHCI1394_DMA_INIT=y # CONFIG_IOMMU_DEBUG is not set # -# PaX +# Grsecurity # CONFIG_TASK_SIZE_MAX_SHIFT=47 diff --git a/kernel/kernel.nm b/kernel/kernel.nm index c5afa3c69..61c541ce3 100644 --- a/kernel/kernel.nm +++ b/kernel/kernel.nm @@ -4,8 +4,8 @@ ############################################################################### name = kernel -version = 3.4.6 -release = 1 +version = 3.5.1 +release = 0.2 thisapp = linux-%{version} maintainer = Michael Tremer @@ -331,7 +331,7 @@ build rm -rfv %{BUILDROOT}/lib/firmware # Install tools. - make -C tools/perf DESTDIR=%{BUILDROOT} \ + make -C tools/perf DESTDIR=%{BUILDROOT} WERROR=0 \ HAVE_CPLUS_DEMANGLE=1 prefix=/usr perfexecdir=lib/perf-core \ install install-man diff --git a/kernel/patches/grsecurity-2.9.1-3.4.6-201207281946.patch b/kernel/patches/grsecurity-2.9.1-3.5.1-201208112021.patch similarity index 91% rename from kernel/patches/grsecurity-2.9.1-3.4.6-201207281946.patch rename to kernel/patches/grsecurity-2.9.1-3.5.1-201208112021.patch index 357f472e5..e9ffa801f 100644 --- a/kernel/patches/grsecurity-2.9.1-3.4.6-201207281946.patch +++ b/kernel/patches/grsecurity-2.9.1-3.5.1-201208112021.patch @@ -1,5 +1,5 @@ diff --git a/Documentation/dontdiff b/Documentation/dontdiff -index b4a898f..781c7ad 100644 +index b4a898f..cd023f2 100644 --- a/Documentation/dontdiff +++ b/Documentation/dontdiff @@ -2,9 +2,11 @@ @@ -145,15 +145,16 @@ index b4a898f..781c7ad 100644 mkprep mkregtable mktables -@@ -188,6 +207,7 @@ oui.c* +@@ -188,6 +207,8 @@ oui.c* page-types parse.c parse.h +parse-events* ++pasyms.h patches* pca200e.bin pca200e_ecd.bin2 -@@ -197,6 +217,7 @@ perf-archive +@@ -197,6 +218,7 @@ perf-archive piggyback piggy.gzip piggy.S @@ -161,15 +162,18 @@ index b4a898f..781c7ad 100644 pnmtologo ppc_defs.h* pss_boot.h -@@ -207,6 +228,7 @@ r300_reg_safe.h +@@ -206,7 +228,10 @@ r200_reg_safe.h + r300_reg_safe.h r420_reg_safe.h r600_reg_safe.h ++realmode.lds ++realmode.relocs recordmcount +regdb.c relocs rlim_names.h rn50_reg_safe.h -@@ -216,7 +238,9 @@ series +@@ -216,8 +241,11 @@ series setup setup.bin setup.elf @@ -177,9 +181,11 @@ index b4a898f..781c7ad 100644 sImage +slabinfo sm_tbl* ++sortextable split-include syscalltab.h -@@ -227,6 +251,7 @@ tftpboot.img + tables.c +@@ -227,6 +255,7 @@ tftpboot.img timeconst.h times.h* trix_boot.h @@ -187,7 +193,7 @@ index b4a898f..781c7ad 100644 utsrelease.h* vdso-syms.lds vdso.lds -@@ -238,13 +263,17 @@ vdso32.lds +@@ -238,13 +267,17 @@ vdso32.lds vdso32.so.dbg vdso64.lds vdso64.so.dbg @@ -205,7 +211,7 @@ index b4a898f..781c7ad 100644 vmlinuz voffset.h vsyscall.lds -@@ -252,9 +281,11 @@ vsyscall_32.lds +@@ -252,9 +285,11 @@ vsyscall_32.lds wanxlfw.inc uImage unifdef @@ -218,10 +224,10 @@ index b4a898f..781c7ad 100644 +zconf.lex.c zoffset.h diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt -index c1601e5..08557ce 100644 +index a92c5eb..7530459 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt -@@ -2021,6 +2021,13 @@ bytes respectively. Such letter suffixes can also be entirely omitted. +@@ -2051,6 +2051,13 @@ bytes respectively. Such letter suffixes can also be entirely omitted. the specified number of seconds. This is to be used if your oopses keep scrolling off the screen. @@ -235,11 +241,44 @@ index c1601e5..08557ce 100644 pcbit= [HW,ISDN] pcd. [PARIDE] +diff --git a/Documentation/sysctl/fs.txt b/Documentation/sysctl/fs.txt +index 13d6166..8c235b6 100644 +--- a/Documentation/sysctl/fs.txt ++++ b/Documentation/sysctl/fs.txt +@@ -163,16 +163,22 @@ This value can be used to query and set the core dump mode for setuid + or otherwise protected/tainted binaries. The modes are + + 0 - (default) - traditional behaviour. Any process which has changed +- privilege levels or is execute only will not be dumped ++ privilege levels or is execute only will not be dumped. + 1 - (debug) - all processes dump core when possible. The core dump is + owned by the current user and no security is applied. This is + intended for system debugging situations only. Ptrace is unchecked. ++ This is insecure as it allows regular users to examine the memory ++ contents of privileged processes. + 2 - (suidsafe) - any binary which normally would not be dumped is dumped +- readable by root only. This allows the end user to remove +- such a dump but not access it directly. For security reasons +- core dumps in this mode will not overwrite one another or +- other files. This mode is appropriate when administrators are +- attempting to debug problems in a normal environment. ++ anyway, but only if the "core_pattern" kernel sysctl is set to ++ either a pipe handler or a fully qualified path. (For more details ++ on this limitation, see CVE-2006-2451.) This mode is appropriate ++ when administrators are attempting to debug problems in a normal ++ environment, and either have a core dump pipe handler that knows ++ to treat privileged core dumps with care, or specific directory ++ defined for catching core dumps. If a core dump happens without ++ a pipe handler or fully qualifid path, a message will be emitted ++ to syslog warning about the lack of a correct setting. + + ============================================================== + diff --git a/Makefile b/Makefile -index 5d0edcb..f69ee4c 100644 +index d7ee1cb..bf3389b 100644 --- a/Makefile +++ b/Makefile -@@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ +@@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ HOSTCC = gcc HOSTCXX = g++ @@ -251,7 +290,7 @@ index 5d0edcb..f69ee4c 100644 # Decide whether to build built-in, modular, or both. # Normally, just do built-in. -@@ -407,8 +408,8 @@ export RCS_TAR_IGNORE := --exclude SCCS --exclude BitKeeper --exclude .svn --exc +@@ -404,8 +405,8 @@ export RCS_TAR_IGNORE := --exclude SCCS --exclude BitKeeper --exclude .svn \ # Rules shared between *config targets and build targets # Basic helpers built in scripts/ @@ -262,7 +301,7 @@ index 5d0edcb..f69ee4c 100644 $(Q)$(MAKE) $(build)=scripts/basic $(Q)rm -f .tmp_quiet_recordmcount -@@ -564,6 +565,60 @@ else +@@ -561,6 +562,60 @@ else KBUILD_CFLAGS += -O2 endif @@ -302,7 +341,7 @@ index 5d0edcb..f69ee4c 100644 +GCC_PLUGINS_CFLAGS += $(KERNEXEC_PLUGIN_CFLAGS) $(CHECKER_PLUGIN_CFLAGS) $(COLORIZE_PLUGIN_CFLAGS) +GCC_PLUGINS_CFLAGS += $(SIZE_OVERFLOW_PLUGIN_CFLAGS) $(LATENT_ENTROPY_PLUGIN_CFLAGS) +GCC_PLUGINS_AFLAGS := $(KERNEXEC_PLUGIN_AFLAGS) -+export PLUGINCC CONSTIFY_PLUGIN ++export PLUGINCC GCC_PLUGINS_CFLAGS GCC_PLUGINS_AFLAGS CONSTIFY_PLUGIN +ifeq ($(KBUILD_EXTMOD),) +gcc-plugins: + $(Q)$(MAKE) $(build)=tools/gcc @@ -322,8 +361,8 @@ index 5d0edcb..f69ee4c 100644 + include $(srctree)/arch/$(SRCARCH)/Makefile - ifneq ($(CONFIG_FRAME_WARN),0) -@@ -708,7 +763,7 @@ export mod_strip_cmd + ifdef CONFIG_READABLE_ASM +@@ -715,7 +770,7 @@ export mod_strip_cmd ifeq ($(KBUILD_EXTMOD),) @@ -332,16 +371,16 @@ index 5d0edcb..f69ee4c 100644 vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \ $(core-y) $(core-m) $(drivers-y) $(drivers-m) \ -@@ -932,6 +987,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE +@@ -762,6 +817,8 @@ endif # The actual objects are generated when descending, # make sure no implicit rule kicks in -+$(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS) -+$(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS) - $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; ++$(filter-out $(init-y),$(vmlinux-deps)): KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS) ++$(filter-out $(init-y),$(vmlinux-deps)): KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS) + $(sort $(vmlinux-deps)): $(vmlinux-dirs) ; # Handle descending into subdirectories listed in $(vmlinux-dirs) -@@ -941,7 +998,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; +@@ -771,7 +828,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ; # Error messages still appears in the original language PHONY += $(vmlinux-dirs) @@ -350,7 +389,7 @@ index 5d0edcb..f69ee4c 100644 $(Q)$(MAKE) $(build)=$@ # Store (new) KERNELRELASE string in include/config/kernel.release -@@ -985,6 +1042,7 @@ prepare0: archprepare FORCE +@@ -815,6 +872,7 @@ prepare0: archprepare FORCE $(Q)$(MAKE) $(build)=. # All the preparing.. @@ -358,7 +397,7 @@ index 5d0edcb..f69ee4c 100644 prepare: prepare0 # Generate some files -@@ -1092,6 +1150,8 @@ all: modules +@@ -922,6 +980,8 @@ all: modules # using awk while concatenating to the final file. PHONY += modules @@ -367,7 +406,7 @@ index 5d0edcb..f69ee4c 100644 modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order @$(kecho) ' Building modules, stage 2.'; -@@ -1107,7 +1167,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) +@@ -937,7 +997,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) # Target to prepare building external modules PHONY += modules_prepare @@ -376,7 +415,7 @@ index 5d0edcb..f69ee4c 100644 # Target to install modules PHONY += modules_install -@@ -1166,7 +1226,7 @@ CLEAN_FILES += vmlinux System.map \ +@@ -994,7 +1054,7 @@ CLEAN_DIRS += $(MODVERDIR) MRPROPER_DIRS += include/config usr/include include/generated \ arch/*/include/generated MRPROPER_FILES += .config .config.old .version .old_version \ @@ -385,7 +424,7 @@ index 5d0edcb..f69ee4c 100644 Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS # clean - Delete most, but leave enough to build external modules -@@ -1204,6 +1264,7 @@ distclean: mrproper +@@ -1032,6 +1092,7 @@ distclean: mrproper \( -name '*.orig' -o -name '*.rej' -o -name '*~' \ -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \ -o -name '.*.rej' \ @@ -393,7 +432,7 @@ index 5d0edcb..f69ee4c 100644 -o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \ -type f -print | xargs rm -f -@@ -1364,6 +1425,8 @@ PHONY += $(module-dirs) modules +@@ -1192,6 +1253,8 @@ PHONY += $(module-dirs) modules $(module-dirs): crmodverdir $(objtree)/Module.symvers $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) @@ -402,7 +441,7 @@ index 5d0edcb..f69ee4c 100644 modules: $(module-dirs) @$(kecho) ' Building modules, stage 2.'; $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost -@@ -1490,17 +1553,21 @@ else +@@ -1326,17 +1389,21 @@ else target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@)) endif @@ -428,7 +467,7 @@ index 5d0edcb..f69ee4c 100644 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) %.symtypes: %.c prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) -@@ -1510,11 +1577,15 @@ endif +@@ -1346,11 +1413,15 @@ endif $(cmd_crmodverdir) $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ $(build)=$(build-dir) @@ -564,10 +603,10 @@ index 2fd00b7..cfd5069 100644 for (i = 0; i < n; i++) { diff --git a/arch/alpha/kernel/osf_sys.c b/arch/alpha/kernel/osf_sys.c -index 49ee319..9ee7d14 100644 +index 98a1036..fb54ccf 100644 --- a/arch/alpha/kernel/osf_sys.c +++ b/arch/alpha/kernel/osf_sys.c -@@ -1146,7 +1146,7 @@ arch_get_unmapped_area_1(unsigned long addr, unsigned long len, +@@ -1312,7 +1312,7 @@ arch_get_unmapped_area_1(unsigned long addr, unsigned long len, /* At this point: (!vma || addr < vma->vm_end). */ if (limit - len < addr) return -ENOMEM; @@ -576,7 +615,7 @@ index 49ee319..9ee7d14 100644 return addr; addr = vma->vm_end; vma = vma->vm_next; -@@ -1182,6 +1182,10 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -1348,6 +1348,10 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, merely specific addresses, but regions of memory -- perhaps this feature should be incorporated into all ports? */ @@ -587,7 +626,7 @@ index 49ee319..9ee7d14 100644 if (addr) { addr = arch_get_unmapped_area_1 (PAGE_ALIGN(addr), len, limit); if (addr != (unsigned long) -ENOMEM) -@@ -1189,8 +1193,8 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -1355,8 +1359,8 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, } /* Next, try allocating at TASK_UNMAPPED_BASE. */ @@ -759,7 +798,7 @@ index 5eecab1..609abc0 100644 /* Allow reads even for write-only mappings */ if (!(vma->vm_flags & (VM_READ | VM_WRITE))) diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic.h -index 68374ba..cff7196 100644 +index c79f61f..9ac0642 100644 --- a/arch/arm/include/asm/atomic.h +++ b/arch/arm/include/asm/atomic.h @@ -17,17 +17,35 @@ @@ -920,7 +959,7 @@ index 68374ba..cff7196 100644 -"1: ldrex %0, [%3]\n" -" sub %0, %0, %4\n" +"1: ldrex %1, [%3]\n" -+" sub %0, %1, %4\n" ++" subs %0, %1, %4\n" + +#ifdef CONFIG_PAX_REFCOUNT +" bvc 3f\n" @@ -1064,8 +1103,8 @@ index 68374ba..cff7196 100644 + #define ATOMIC64_INIT(i) { (i) } - static inline u64 atomic64_read(atomic64_t *v) -@@ -256,6 +451,19 @@ static inline u64 atomic64_read(atomic64_t *v) + static inline u64 atomic64_read(const atomic64_t *v) +@@ -256,6 +451,19 @@ static inline u64 atomic64_read(const atomic64_t *v) return result; } @@ -1248,7 +1287,7 @@ index 68374ba..cff7196 100644 -" sbc %H0, %H0, %H4\n" +"1: ldrexd %1, %H1, [%3]\n" +" subs %0, %1, %4\n" -+" sbc %H0, %H1, %H4\n" ++" sbcs %H0, %H1, %H4\n" + +#ifdef CONFIG_PAX_REFCOUNT +" bvc 3f\n" @@ -1317,7 +1356,7 @@ index 68374ba..cff7196 100644 -" sbc %H0, %H0, #0\n" +"1: ldrexd %1, %H1, [%3]\n" +" subs %0, %1, #1\n" -+" sbc %H0, %H1, #0\n" ++" sbcs %H0, %H1, #0\n" + +#ifdef CONFIG_PAX_REFCOUNT +" bvc 3f\n" @@ -1350,7 +1389,8 @@ index 68374ba..cff7196 100644 -" beq 2f\n" +" beq 4f\n" " adds %0, %0, %6\n" - " adc %H0, %H0, %H6\n" +-" adc %H0, %H0, %H6\n" ++" adcs %H0, %H0, %H6\n" + +#ifdef CONFIG_PAX_REFCOUNT +" bvc 3f\n" @@ -1402,7 +1442,7 @@ index 75fe66b..2255c86 100644 /* * Memory returned by kmalloc() may be used for DMA, so we must make diff --git a/arch/arm/include/asm/cacheflush.h b/arch/arm/include/asm/cacheflush.h -index 1252a26..9dc17b5 100644 +index 004c1bc..d9d6d91 100644 --- a/arch/arm/include/asm/cacheflush.h +++ b/arch/arm/include/asm/cacheflush.h @@ -108,7 +108,7 @@ struct cpu_cache_fns { @@ -1415,7 +1455,7 @@ index 1252a26..9dc17b5 100644 /* * Select the calling method diff --git a/arch/arm/include/asm/cmpxchg.h b/arch/arm/include/asm/cmpxchg.h -index d41d7cb..9bea5e0 100644 +index 7eb18c1..e38b6d2 100644 --- a/arch/arm/include/asm/cmpxchg.h +++ b/arch/arm/include/asm/cmpxchg.h @@ -102,6 +102,8 @@ static inline unsigned long __xchg(unsigned long x, volatile void *ptr, int size @@ -1482,10 +1522,10 @@ index 53426c6..c7baff3 100644 #ifdef CONFIG_OUTER_CACHE diff --git a/arch/arm/include/asm/page.h b/arch/arm/include/asm/page.h -index 5838361..da6e813 100644 +index ecf9019..b71d9a1 100644 --- a/arch/arm/include/asm/page.h +++ b/arch/arm/include/asm/page.h -@@ -123,7 +123,7 @@ struct cpu_user_fns { +@@ -114,7 +114,7 @@ struct cpu_user_fns { void (*cpu_clear_user_highpage)(struct page *page, unsigned long vaddr); void (*cpu_copy_user_highpage)(struct page *to, struct page *from, unsigned long vaddr, struct vm_area_struct *vma); @@ -1519,7 +1559,7 @@ index 943504f..bf8d667 100644 #endif /* CONFIG_ARM_LPAE */ diff --git a/arch/arm/include/asm/thread_info.h b/arch/arm/include/asm/thread_info.h -index 0f04d84..2be5648 100644 +index af7b0bd..6750a8c 100644 --- a/arch/arm/include/asm/thread_info.h +++ b/arch/arm/include/asm/thread_info.h @@ -148,6 +148,12 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *, @@ -1536,15 +1576,15 @@ index 0f04d84..2be5648 100644 #define TIF_USING_IWMMXT 17 #define TIF_MEMDIE 18 /* is terminating due to OOM killer */ @@ -163,9 +169,11 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *, + #define _TIF_POLLING_NRFLAG (1 << TIF_POLLING_NRFLAG) #define _TIF_USING_IWMMXT (1 << TIF_USING_IWMMXT) - #define _TIF_RESTORE_SIGMASK (1 << TIF_RESTORE_SIGMASK) #define _TIF_SECCOMP (1 << TIF_SECCOMP) +#define _TIF_GRSEC_SETXID (1 << TIF_GRSEC_SETXID) /* Checks for any syscall work in entry-common.S */ -#define _TIF_SYSCALL_WORK (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT) +#define _TIF_SYSCALL_WORK (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | \ -+ _TIF_GRSEC_SETXID) ++ _TIF_GRSEC_SETXID) /* * Change these and you break ASM code in entry-common.S @@ -1623,7 +1663,7 @@ index b57c75e..ed2d6b2 100644 EXPORT_SYMBOL(__get_user_1); diff --git a/arch/arm/kernel/process.c b/arch/arm/kernel/process.c -index 2b7b017..c380fa2 100644 +index 19c95ea..7160f7c 100644 --- a/arch/arm/kernel/process.c +++ b/arch/arm/kernel/process.c @@ -28,7 +28,6 @@ @@ -1634,7 +1674,7 @@ index 2b7b017..c380fa2 100644 #include #include -@@ -275,9 +274,10 @@ void machine_power_off(void) +@@ -255,9 +254,10 @@ void machine_power_off(void) machine_shutdown(); if (pm_power_off) pm_power_off(); @@ -1646,7 +1686,7 @@ index 2b7b017..c380fa2 100644 { machine_shutdown(); -@@ -519,12 +519,6 @@ unsigned long get_wchan(struct task_struct *p) +@@ -499,12 +499,6 @@ unsigned long get_wchan(struct task_struct *p) return 0; } @@ -1660,10 +1700,10 @@ index 2b7b017..c380fa2 100644 /* * The vectors page is always readable from user space for the diff --git a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c -index 9650c14..ae30cdd 100644 +index 14e3826..d832d89 100644 --- a/arch/arm/kernel/ptrace.c +++ b/arch/arm/kernel/ptrace.c -@@ -906,10 +906,19 @@ long arch_ptrace(struct task_struct *child, long request, +@@ -907,10 +907,19 @@ long arch_ptrace(struct task_struct *child, long request, return ret; } @@ -1684,10 +1724,10 @@ index 9650c14..ae30cdd 100644 audit_syscall_exit(regs); else diff --git a/arch/arm/kernel/setup.c b/arch/arm/kernel/setup.c -index ebfac78..cbea9c0 100644 +index e15d83b..8c466dd 100644 --- a/arch/arm/kernel/setup.c +++ b/arch/arm/kernel/setup.c -@@ -111,13 +111,13 @@ struct processor processor __read_mostly; +@@ -112,13 +112,13 @@ struct processor processor __read_mostly; struct cpu_tlb_fns cpu_tlb __read_mostly; #endif #ifdef MULTI_USER @@ -1705,7 +1745,7 @@ index ebfac78..cbea9c0 100644 #endif diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c -index 63d402f..db1d714 100644 +index 3647170..065e1cd 100644 --- a/arch/arm/kernel/traps.c +++ b/arch/arm/kernel/traps.c @@ -264,6 +264,8 @@ static int __die(const char *str, int err, struct thread_info *thread, struct pt @@ -1793,63 +1833,6 @@ index d066df6..df28194 100644 ENDPROC(__copy_to_user_std) .pushsection .fixup,"ax" -diff --git a/arch/arm/lib/uaccess.S b/arch/arm/lib/uaccess.S -index 5c908b1..e712687 100644 ---- a/arch/arm/lib/uaccess.S -+++ b/arch/arm/lib/uaccess.S -@@ -20,7 +20,7 @@ - - #define PAGE_SHIFT 12 - --/* Prototype: int __copy_to_user(void *to, const char *from, size_t n) -+/* Prototype: int ___copy_to_user(void *to, const char *from, size_t n) - * Purpose : copy a block to user memory from kernel memory - * Params : to - user memory - * : from - kernel memory -@@ -40,7 +40,7 @@ USER( TUSER( strgtb) r3, [r0], #1) @ May fault - sub r2, r2, ip - b .Lc2u_dest_aligned - --ENTRY(__copy_to_user) -+ENTRY(___copy_to_user) - stmfd sp!, {r2, r4 - r7, lr} - cmp r2, #4 - blt .Lc2u_not_enough -@@ -278,14 +278,14 @@ USER( TUSER( strgeb) r3, [r0], #1) @ May fault - ldrgtb r3, [r1], #0 - USER( TUSER( strgtb) r3, [r0], #1) @ May fault - b .Lc2u_finished --ENDPROC(__copy_to_user) -+ENDPROC(___copy_to_user) - - .pushsection .fixup,"ax" - .align 0 - 9001: ldmfd sp!, {r0, r4 - r7, pc} - .popsection - --/* Prototype: unsigned long __copy_from_user(void *to,const void *from,unsigned long n); -+/* Prototype: unsigned long ___copy_from_user(void *to,const void *from,unsigned long n); - * Purpose : copy a block from user memory to kernel memory - * Params : to - kernel memory - * : from - user memory -@@ -304,7 +304,7 @@ USER( TUSER( ldrgtb) r3, [r1], #1) @ May fault - sub r2, r2, ip - b .Lcfu_dest_aligned - --ENTRY(__copy_from_user) -+ENTRY(___copy_from_user) - stmfd sp!, {r0, r2, r4 - r7, lr} - cmp r2, #4 - blt .Lcfu_not_enough -@@ -544,7 +544,7 @@ USER( TUSER( ldrgeb) r3, [r1], #1) @ May fault - USER( TUSER( ldrgtb) r3, [r1], #1) @ May fault - strgtb r3, [r0], #1 - b .Lcfu_finished --ENDPROC(__copy_from_user) -+ENDPROC(___copy_from_user) - - .pushsection .fixup,"ax" - .align 0 diff --git a/arch/arm/lib/uaccess_with_memcpy.c b/arch/arm/lib/uaccess_with_memcpy.c index 025f742..8432b08 100644 --- a/arch/arm/lib/uaccess_with_memcpy.c @@ -1863,11 +1846,24 @@ index 025f742..8432b08 100644 { /* * This test is stubbed out of the main function above to keep +diff --git a/arch/arm/mach-kirkwood/common.c b/arch/arm/mach-kirkwood/common.c +index f261cd2..4ae63fb 100644 +--- a/arch/arm/mach-kirkwood/common.c ++++ b/arch/arm/mach-kirkwood/common.c +@@ -128,7 +128,7 @@ static void clk_gate_fn_disable(struct clk_hw *hw) + clk_gate_ops.disable(hw); + } + +-static struct clk_ops clk_gate_fn_ops; ++static clk_ops_no_const clk_gate_fn_ops; + + static struct clk __init *clk_register_gate_fn(struct device *dev, + const char *name, diff --git a/arch/arm/mach-omap2/board-n8x0.c b/arch/arm/mach-omap2/board-n8x0.c -index 518091c..eae9a76 100644 +index 2c5d0ed..7d9099c 100644 --- a/arch/arm/mach-omap2/board-n8x0.c +++ b/arch/arm/mach-omap2/board-n8x0.c -@@ -596,7 +596,7 @@ static int n8x0_menelaus_late_init(struct device *dev) +@@ -594,7 +594,7 @@ static int n8x0_menelaus_late_init(struct device *dev) } #endif @@ -1877,7 +1873,7 @@ index 518091c..eae9a76 100644 }; diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c -index 5bb4835..4760f68 100644 +index c3bd834..e81ef02 100644 --- a/arch/arm/mm/fault.c +++ b/arch/arm/mm/fault.c @@ -174,6 +174,13 @@ __do_user_fault(struct task_struct *tsk, unsigned long addr, @@ -1928,7 +1924,7 @@ index 5bb4835..4760f68 100644 /* * First Level Translation Fault Handler * -@@ -577,6 +611,20 @@ do_PrefetchAbort(unsigned long addr, unsigned int ifsr, struct pt_regs *regs) +@@ -574,6 +608,20 @@ do_PrefetchAbort(unsigned long addr, unsigned int ifsr, struct pt_regs *regs) const struct fsr_info *inf = ifsr_info + fsr_fs(ifsr); struct siginfo info; @@ -2196,7 +2192,7 @@ index aea2718..3639a60 100644 #endif /* _ASM_ARCH_CACHE_H */ diff --git a/arch/cris/include/arch-v32/arch/cache.h b/arch/cris/include/arch-v32/arch/cache.h -index 1de779f..336fad3 100644 +index 7caf25d..ee65ac5 100644 --- a/arch/cris/include/arch-v32/arch/cache.h +++ b/arch/cris/include/arch-v32/arch/cache.h @@ -1,11 +1,12 @@ @@ -2211,7 +2207,7 @@ index 1de779f..336fad3 100644 #define L1_CACHE_SHIFT 5 +#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT) - #define __read_mostly __attribute__((__section__(".data.read_mostly"))) + #define __read_mostly __attribute__((__section__(".data..read_mostly"))) diff --git a/arch/frv/include/asm/atomic.h b/arch/frv/include/asm/atomic.h index b86329d..6709906 100644 @@ -2578,7 +2574,7 @@ index 24603be..948052d 100644 DEBUGP("%s: placing gp at 0x%lx\n", __func__, gp); } diff --git a/arch/ia64/kernel/sys_ia64.c b/arch/ia64/kernel/sys_ia64.c -index 609d500..7dde2a8 100644 +index d9439ef..b9a4303 100644 --- a/arch/ia64/kernel/sys_ia64.c +++ b/arch/ia64/kernel/sys_ia64.c @@ -43,6 +43,13 @@ arch_get_unmapped_area (struct file *filp, unsigned long addr, unsigned long len @@ -2907,10 +2903,10 @@ index 881d18b..cea38bc 100644 /* diff --git a/arch/mips/include/asm/thread_info.h b/arch/mips/include/asm/thread_info.h -index 0d85d8e..ec71487 100644 +index ca97e0e..cd08920 100644 --- a/arch/mips/include/asm/thread_info.h +++ b/arch/mips/include/asm/thread_info.h -@@ -123,6 +123,8 @@ register struct thread_info *__current_thread_info __asm__("$28"); +@@ -111,6 +111,8 @@ register struct thread_info *__current_thread_info __asm__("$28"); #define TIF_32BIT_ADDR 23 /* 32-bit address space (o32/n32) */ #define TIF_FPUBOUND 24 /* thread bound to FPU-full CPU set */ #define TIF_LOAD_WATCH 25 /* If set, load watch registers */ @@ -2919,7 +2915,7 @@ index 0d85d8e..ec71487 100644 #define TIF_SYSCALL_TRACE 31 /* syscall trace active */ #ifdef CONFIG_MIPS32_O32 -@@ -146,15 +148,18 @@ register struct thread_info *__current_thread_info __asm__("$28"); +@@ -134,15 +136,18 @@ register struct thread_info *__current_thread_info __asm__("$28"); #define _TIF_32BIT_ADDR (1<work.syscall_trace @@ -537,6 +541,11 @@ asmlinkage void syscall_trace_enter(struct pt_regs *regs) /* do the secure computing check first */ - secure_computing(regs->regs[2]); + secure_computing_strict(regs->regs[2]); +#ifdef CONFIG_GRKERNSEC_SETXID + if (unlikely(test_and_clear_thread_flag(TIF_GRSEC_SETXID))) @@ -3361,10 +3357,10 @@ index ee99f23..802b0a1 100644 #define PAGE_KERNEL_EXEC __pgprot(_PAGE_KERNEL_EXEC) #define PAGE_KERNEL_RWX __pgprot(_PAGE_KERNEL_RWX) diff --git a/arch/parisc/include/asm/uaccess.h b/arch/parisc/include/asm/uaccess.h -index 9ac0660..6ed15c4 100644 +index 4ba2c93..f5e3974 100644 --- a/arch/parisc/include/asm/uaccess.h +++ b/arch/parisc/include/asm/uaccess.h -@@ -252,10 +252,10 @@ static inline unsigned long __must_check copy_from_user(void *to, +@@ -251,10 +251,10 @@ static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n) { @@ -3922,7 +3918,7 @@ index 4aad413..85d86bf 100644 #define _PAGE_NO_CACHE 0x020 /* I: cache inhibit */ #define _PAGE_WRITETHRU 0x040 /* W: cache write-through */ diff --git a/arch/powerpc/include/asm/reg.h b/arch/powerpc/include/asm/reg.h -index 9d7f0fb..a28fe69 100644 +index 360585d..c3930ef 100644 --- a/arch/powerpc/include/asm/reg.h +++ b/arch/powerpc/include/asm/reg.h @@ -212,6 +212,7 @@ @@ -3934,10 +3930,10 @@ index 9d7f0fb..a28fe69 100644 #define DSISR_ISSTORE 0x02000000 /* access was a store */ #define DSISR_DABRMATCH 0x00400000 /* hit data breakpoint */ diff --git a/arch/powerpc/include/asm/thread_info.h b/arch/powerpc/include/asm/thread_info.h -index 4a741c7..c8162227b 100644 +index 68831e9..379c695 100644 --- a/arch/powerpc/include/asm/thread_info.h +++ b/arch/powerpc/include/asm/thread_info.h -@@ -104,12 +104,14 @@ static inline struct thread_info *current_thread_info(void) +@@ -91,12 +91,14 @@ static inline struct thread_info *current_thread_info(void) #define TIF_PERFMON_CTXSW 6 /* perfmon needs ctxsw calls */ #define TIF_SYSCALL_AUDIT 7 /* syscall auditing active */ #define TIF_SINGLESTEP 8 /* singlestepping active */ @@ -3953,21 +3949,20 @@ index 4a741c7..c8162227b 100644 /* as above, but as bit values */ #define _TIF_SYSCALL_TRACE (1<jump[0]) { diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c -index 4937c96..70714b7 100644 +index 710f400..d00ebe6 100644 --- a/arch/powerpc/kernel/process.c +++ b/arch/powerpc/kernel/process.c @@ -681,8 +681,8 @@ void show_regs(struct pt_regs * regs) @@ -4233,7 +4228,7 @@ index 4937c96..70714b7 100644 #endif show_stack(current, (unsigned long *) regs->gpr[1]); if (!user_mode(regs)) -@@ -1186,10 +1186,10 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) +@@ -1189,10 +1189,10 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) newsp = stack[0]; ip = stack[STACK_FRAME_LR_SAVE]; if (!firstframe || ip != lr) { @@ -4246,7 +4241,7 @@ index 4937c96..70714b7 100644 (void *)current->ret_stack[curr_frame].ret); curr_frame--; } -@@ -1209,7 +1209,7 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) +@@ -1212,7 +1212,7 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) struct pt_regs *regs = (struct pt_regs *) (sp + STACK_FRAME_OVERHEAD); lr = regs->link; @@ -4255,10 +4250,10 @@ index 4937c96..70714b7 100644 regs->trap, (void *)regs->nip, (void *)lr); firstframe = 1; } -@@ -1282,58 +1282,3 @@ void thread_info_cache_init(void) +@@ -1254,58 +1254,3 @@ void __ppc64_runlatch_off(void) + mtspr(SPRN_CTRLT, ctrl); } - - #endif /* THREAD_SHIFT < PAGE_SHIFT */ + #endif /* CONFIG_PPC64 */ - -unsigned long arch_align_stack(unsigned long sp) -{ @@ -4315,10 +4310,10 @@ index 4937c96..70714b7 100644 - return ret; -} diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c -index 8d8e028..c2aeb50 100644 +index c10fc28..c4ef063 100644 --- a/arch/powerpc/kernel/ptrace.c +++ b/arch/powerpc/kernel/ptrace.c -@@ -1702,6 +1702,10 @@ long arch_ptrace(struct task_struct *child, long request, +@@ -1660,6 +1660,10 @@ long arch_ptrace(struct task_struct *child, long request, return ret; } @@ -4329,9 +4324,9 @@ index 8d8e028..c2aeb50 100644 /* * We must return the syscall number to actually look up in the table. * This can be -1L to skip running any syscall at all. -@@ -1712,6 +1716,11 @@ long do_syscall_trace_enter(struct pt_regs *regs) +@@ -1670,6 +1674,11 @@ long do_syscall_trace_enter(struct pt_regs *regs) - secure_computing(regs->gpr[0]); + secure_computing_strict(regs->gpr[0]); +#ifdef CONFIG_GRKERNSEC_SETXID + if (unlikely(test_and_clear_thread_flag(TIF_GRSEC_SETXID))) @@ -4341,7 +4336,7 @@ index 8d8e028..c2aeb50 100644 if (test_thread_flag(TIF_SYSCALL_TRACE) && tracehook_report_syscall_entry(regs)) /* -@@ -1746,6 +1755,11 @@ void do_syscall_trace_leave(struct pt_regs *regs) +@@ -1704,6 +1713,11 @@ void do_syscall_trace_leave(struct pt_regs *regs) { int step; @@ -4354,10 +4349,10 @@ index 8d8e028..c2aeb50 100644 if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) diff --git a/arch/powerpc/kernel/signal_32.c b/arch/powerpc/kernel/signal_32.c -index 45eb998..0cb36bc 100644 +index 8b4c049..dcd6ef3 100644 --- a/arch/powerpc/kernel/signal_32.c +++ b/arch/powerpc/kernel/signal_32.c -@@ -861,7 +861,7 @@ int handle_rt_signal32(unsigned long sig, struct k_sigaction *ka, +@@ -852,7 +852,7 @@ int handle_rt_signal32(unsigned long sig, struct k_sigaction *ka, /* Save user registers on the stack */ frame = &rt_sf->uc.uc_mcontext; addr = frame; @@ -4367,7 +4362,7 @@ index 45eb998..0cb36bc 100644 goto badframe; regs->link = current->mm->context.vdso_base + vdso32_rt_sigtramp; diff --git a/arch/powerpc/kernel/signal_64.c b/arch/powerpc/kernel/signal_64.c -index 2692efd..6673d2e 100644 +index d183f87..1867f1a 100644 --- a/arch/powerpc/kernel/signal_64.c +++ b/arch/powerpc/kernel/signal_64.c @@ -430,7 +430,7 @@ int handle_rt_signal64(int signr, struct k_sigaction *ka, siginfo_t *info, @@ -4702,7 +4697,7 @@ index 2a30d5a..5e5586f 100644 #define __read_mostly __attribute__((__section__(".data..read_mostly"))) diff --git a/arch/s390/include/asm/elf.h b/arch/s390/include/asm/elf.h -index c4ee39f..352881b 100644 +index 06151e6..c08cb52 100644 --- a/arch/s390/include/asm/elf.h +++ b/arch/s390/include/asm/elf.h @@ -161,8 +161,14 @@ extern unsigned int vdso_enabled; @@ -4743,10 +4738,10 @@ index c4a93d6..4d2a9b4 100644 #endif /* __ASM_EXEC_H */ diff --git a/arch/s390/include/asm/uaccess.h b/arch/s390/include/asm/uaccess.h -index 8f2cada..43072c1 100644 +index 1f3a79b..44d7f9c 100644 --- a/arch/s390/include/asm/uaccess.h +++ b/arch/s390/include/asm/uaccess.h -@@ -236,6 +236,10 @@ static inline unsigned long __must_check +@@ -241,6 +241,10 @@ static inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n) { might_fault(); @@ -4757,7 +4752,7 @@ index 8f2cada..43072c1 100644 if (access_ok(VERIFY_WRITE, to, n)) n = __copy_to_user(to, from, n); return n; -@@ -261,6 +265,9 @@ copy_to_user(void __user *to, const void *from, unsigned long n) +@@ -266,6 +270,9 @@ copy_to_user(void __user *to, const void *from, unsigned long n) static inline unsigned long __must_check __copy_from_user(void *to, const void __user *from, unsigned long n) { @@ -4767,7 +4762,7 @@ index 8f2cada..43072c1 100644 if (__builtin_constant_p(n) && (n <= 256)) return uaccess.copy_from_user_small(n, from, to); else -@@ -292,10 +299,14 @@ __compiletime_warning("copy_from_user() buffer size is not provably correct") +@@ -297,10 +304,14 @@ __compiletime_warning("copy_from_user() buffer size is not provably correct") static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n) { @@ -4904,7 +4899,7 @@ index 60055ce..ee4b252 100644 - return ret; -} diff --git a/arch/s390/mm/mmap.c b/arch/s390/mm/mmap.c -index 2857c48..d047481 100644 +index a64fe53..5c66963 100644 --- a/arch/s390/mm/mmap.c +++ b/arch/s390/mm/mmap.c @@ -92,10 +92,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) @@ -4930,7 +4925,7 @@ index 2857c48..d047481 100644 mm->get_unmapped_area = arch_get_unmapped_area_topdown; mm->unmap_area = arch_unmap_area_topdown; } -@@ -166,10 +178,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) +@@ -174,10 +186,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) */ if (mmap_is_legacy()) { mm->mmap_base = TASK_UNMAPPED_BASE; @@ -5088,19 +5083,6 @@ index afeb710..d1d1289 100644 bottomup: /* -diff --git a/arch/sparc/Makefile b/arch/sparc/Makefile -index eddcfb3..b117d90 100644 ---- a/arch/sparc/Makefile -+++ b/arch/sparc/Makefile -@@ -75,7 +75,7 @@ drivers-$(CONFIG_OPROFILE) += arch/sparc/oprofile/ - # Export what is needed by arch/sparc/boot/Makefile - export VMLINUX_INIT VMLINUX_MAIN - VMLINUX_INIT := $(head-y) $(init-y) --VMLINUX_MAIN := $(core-y) kernel/ mm/ fs/ ipc/ security/ crypto/ block/ -+VMLINUX_MAIN := $(core-y) kernel/ mm/ fs/ ipc/ security/ crypto/ block/ grsecurity/ - VMLINUX_MAIN += $(patsubst %/, %/lib.a, $(libs-y)) $(libs-y) - VMLINUX_MAIN += $(drivers-y) $(net-y) - diff --git a/arch/sparc/include/asm/atomic_64.h b/arch/sparc/include/asm/atomic_64.h index ce35a1c..2e7b8f9 100644 --- a/arch/sparc/include/asm/atomic_64.h @@ -5292,7 +5274,7 @@ index ce35a1c..2e7b8f9 100644 #define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1, 0) diff --git a/arch/sparc/include/asm/cache.h b/arch/sparc/include/asm/cache.h -index 69358b5..9d0d492 100644 +index 5bb6991..5c2132e 100644 --- a/arch/sparc/include/asm/cache.h +++ b/arch/sparc/include/asm/cache.h @@ -7,10 +7,12 @@ @@ -5310,7 +5292,7 @@ index 69358b5..9d0d492 100644 #ifdef CONFIG_SPARC32 #define SMP_CACHE_BYTES_SHIFT 5 diff --git a/arch/sparc/include/asm/elf_32.h b/arch/sparc/include/asm/elf_32.h -index 4269ca6..e3da77f 100644 +index 2d4d755..81b6662 100644 --- a/arch/sparc/include/asm/elf_32.h +++ b/arch/sparc/include/asm/elf_32.h @@ -114,6 +114,13 @@ typedef struct { @@ -5346,17 +5328,17 @@ index 7df8b7f..4946269 100644 #define ELF_HWCAP sparc64_elf_hwcap diff --git a/arch/sparc/include/asm/pgalloc_32.h b/arch/sparc/include/asm/pgalloc_32.h -index ca2b344..c6084f89 100644 +index e5b169b46..e90b4fa 100644 --- a/arch/sparc/include/asm/pgalloc_32.h +++ b/arch/sparc/include/asm/pgalloc_32.h -@@ -37,6 +37,7 @@ BTFIXUPDEF_CALL(void, free_pgd_fast, pgd_t *) - BTFIXUPDEF_CALL(void, pgd_set, pgd_t *, pmd_t *) - #define pgd_set(pgdp,pmdp) BTFIXUP_CALL(pgd_set)(pgdp,pmdp) +@@ -46,6 +46,7 @@ static inline void pgd_set(pgd_t * pgdp, pmd_t * pmdp) + } + #define pgd_populate(MM, PGD, PMD) pgd_set(PGD, PMD) +#define pgd_populate_kernel(MM, PGD, PMD) pgd_populate((MM), (PGD), (PMD)) - BTFIXUPDEF_CALL(pmd_t *, pmd_alloc_one, struct mm_struct *, unsigned long) - #define pmd_alloc_one(mm, address) BTFIXUP_CALL(pmd_alloc_one)(mm, address) + static inline pmd_t *pmd_alloc_one(struct mm_struct *mm, + unsigned long address) diff --git a/arch/sparc/include/asm/pgalloc_64.h b/arch/sparc/include/asm/pgalloc_64.h index 40b2d7a..22a665b 100644 --- a/arch/sparc/include/asm/pgalloc_64.h @@ -5370,54 +5352,56 @@ index 40b2d7a..22a665b 100644 static inline pmd_t *pmd_alloc_one(struct mm_struct *mm, unsigned long addr) { diff --git a/arch/sparc/include/asm/pgtable_32.h b/arch/sparc/include/asm/pgtable_32.h -index 3d71018..48a11c5 100644 +index cbbbed5..0983069 100644 --- a/arch/sparc/include/asm/pgtable_32.h +++ b/arch/sparc/include/asm/pgtable_32.h -@@ -45,6 +45,13 @@ BTFIXUPDEF_SIMM13(user_ptrs_per_pgd) - BTFIXUPDEF_INT(page_none) - BTFIXUPDEF_INT(page_copy) - BTFIXUPDEF_INT(page_readonly) -+ -+#ifdef CONFIG_PAX_PAGEEXEC -+BTFIXUPDEF_INT(page_shared_noexec) -+BTFIXUPDEF_INT(page_copy_noexec) -+BTFIXUPDEF_INT(page_readonly_noexec) -+#endif -+ - BTFIXUPDEF_INT(page_kernel) - - #define PMD_SHIFT SUN4C_PMD_SHIFT -@@ -66,6 +73,16 @@ extern pgprot_t PAGE_SHARED; - #define PAGE_COPY __pgprot(BTFIXUP_INT(page_copy)) - #define PAGE_READONLY __pgprot(BTFIXUP_INT(page_readonly)) - -+#ifdef CONFIG_PAX_PAGEEXEC -+extern pgprot_t PAGE_SHARED_NOEXEC; -+# define PAGE_COPY_NOEXEC __pgprot(BTFIXUP_INT(page_copy_noexec)) -+# define PAGE_READONLY_NOEXEC __pgprot(BTFIXUP_INT(page_readonly_noexec)) -+#else -+# define PAGE_SHARED_NOEXEC PAGE_SHARED -+# define PAGE_COPY_NOEXEC PAGE_COPY -+# define PAGE_READONLY_NOEXEC PAGE_READONLY -+#endif -+ - extern unsigned long page_kernel; - - #ifdef MODULE +@@ -50,6 +50,9 @@ extern unsigned long calc_highpages(void); + #define PAGE_SHARED SRMMU_PAGE_SHARED + #define PAGE_COPY SRMMU_PAGE_COPY + #define PAGE_READONLY SRMMU_PAGE_RDONLY ++#define PAGE_SHARED_NOEXEC SRMMU_PAGE_SHARED_NOEXEC ++#define PAGE_COPY_NOEXEC SRMMU_PAGE_COPY_NOEXEC ++#define PAGE_READONLY_NOEXEC SRMMU_PAGE_RDONLY_NOEXEC + #define PAGE_KERNEL SRMMU_PAGE_KERNEL + + /* Top-level page directory */ +@@ -61,18 +64,18 @@ extern unsigned long ptr_in_current_pgd; + + /* xwr */ + #define __P000 PAGE_NONE +-#define __P001 PAGE_READONLY +-#define __P010 PAGE_COPY +-#define __P011 PAGE_COPY ++#define __P001 PAGE_READONLY_NOEXEC ++#define __P010 PAGE_COPY_NOEXEC ++#define __P011 PAGE_COPY_NOEXEC + #define __P100 PAGE_READONLY + #define __P101 PAGE_READONLY + #define __P110 PAGE_COPY + #define __P111 PAGE_COPY + + #define __S000 PAGE_NONE +-#define __S001 PAGE_READONLY +-#define __S010 PAGE_SHARED +-#define __S011 PAGE_SHARED ++#define __S001 PAGE_READONLY_NOEXEC ++#define __S010 PAGE_SHARE_NOEXEC ++#define __S011 PAGE_SHARE_NOEXEC + #define __S100 PAGE_READONLY + #define __S101 PAGE_READONLY + #define __S110 PAGE_SHARED diff --git a/arch/sparc/include/asm/pgtsrmmu.h b/arch/sparc/include/asm/pgtsrmmu.h -index f6ae2b2..b03ffc7 100644 +index 79da178..c2eede8 100644 --- a/arch/sparc/include/asm/pgtsrmmu.h +++ b/arch/sparc/include/asm/pgtsrmmu.h -@@ -115,6 +115,13 @@ +@@ -115,6 +115,11 @@ SRMMU_EXEC | SRMMU_REF) #define SRMMU_PAGE_RDONLY __pgprot(SRMMU_VALID | SRMMU_CACHE | \ SRMMU_EXEC | SRMMU_REF) + -+#ifdef CONFIG_PAX_PAGEEXEC +#define SRMMU_PAGE_SHARED_NOEXEC __pgprot(SRMMU_VALID | SRMMU_CACHE | SRMMU_WRITE | SRMMU_REF) -+#define SRMMU_PAGE_COPY_NOEXEC __pgprot(SRMMU_VALID | SRMMU_CACHE | SRMMU_REF) ++#define SRMMU_PAGE_COPY_NOEXEC __pgprot(SRMMU_VALID | SRMMU_CACHE | SRMMU_REF) +#define SRMMU_PAGE_RDONLY_NOEXEC __pgprot(SRMMU_VALID | SRMMU_CACHE | SRMMU_REF) -+#endif + #define SRMMU_PAGE_KERNEL __pgprot(SRMMU_VALID | SRMMU_CACHE | SRMMU_PRIV | \ SRMMU_DIRTY | SRMMU_REF) @@ -5524,10 +5508,10 @@ index 9689176..63c18ea 100644 unsigned long mask, tmp1, tmp2, result; diff --git a/arch/sparc/include/asm/thread_info_32.h b/arch/sparc/include/asm/thread_info_32.h -index c2a1080..21ed218 100644 +index e6cd224..3a71793 100644 --- a/arch/sparc/include/asm/thread_info_32.h +++ b/arch/sparc/include/asm/thread_info_32.h -@@ -50,6 +50,8 @@ struct thread_info { +@@ -49,6 +49,8 @@ struct thread_info { unsigned long w_saved; struct restart_block restart_block; @@ -5537,7 +5521,7 @@ index c2a1080..21ed218 100644 /* diff --git a/arch/sparc/include/asm/thread_info_64.h b/arch/sparc/include/asm/thread_info_64.h -index 01d057f..13a7d2f 100644 +index cfa8c38..13f30d3 100644 --- a/arch/sparc/include/asm/thread_info_64.h +++ b/arch/sparc/include/asm/thread_info_64.h @@ -63,6 +63,8 @@ struct thread_info { @@ -5549,7 +5533,7 @@ index 01d057f..13a7d2f 100644 unsigned long fpregs[0] __attribute__ ((aligned(64))); }; -@@ -214,10 +216,11 @@ register struct thread_info *current_thread_info_reg asm("g6"); +@@ -193,10 +195,11 @@ register struct thread_info *current_thread_info_reg asm("g6"); #define TIF_UNALIGNED 5 /* allowed to do unaligned accesses */ /* flag bit 6 is available */ #define TIF_32BIT 7 /* 32-bit binary */ @@ -5562,7 +5546,7 @@ index 01d057f..13a7d2f 100644 /* NOTE: Thread flags >= 12 should be ones we have no interest * in using in assembly, else we can't use the mask as * an immediate value in instructions such as andcc. -@@ -236,12 +239,18 @@ register struct thread_info *current_thread_info_reg asm("g6"); +@@ -215,12 +218,18 @@ register struct thread_info *current_thread_info_reg asm("g6"); #define _TIF_SYSCALL_AUDIT (1< #else diff --git a/arch/sparc/include/asm/uaccess_32.h b/arch/sparc/include/asm/uaccess_32.h -index 8303ac4..07f333d 100644 +index 53a28dd..50c38c3 100644 --- a/arch/sparc/include/asm/uaccess_32.h +++ b/arch/sparc/include/asm/uaccess_32.h -@@ -249,27 +249,46 @@ extern unsigned long __copy_user(void __user *to, const void __user *from, unsig +@@ -250,27 +250,46 @@ extern unsigned long __copy_user(void __user *to, const void __user *from, unsig static inline unsigned long copy_to_user(void __user *to, const void *from, unsigned long n) { @@ -5655,7 +5639,7 @@ index 8303ac4..07f333d 100644 } diff --git a/arch/sparc/include/asm/uaccess_64.h b/arch/sparc/include/asm/uaccess_64.h -index a1091afb..380228e 100644 +index 7c831d8..d440ca7 100644 --- a/arch/sparc/include/asm/uaccess_64.h +++ b/arch/sparc/include/asm/uaccess_64.h @@ -10,6 +10,7 @@ @@ -5666,7 +5650,7 @@ index a1091afb..380228e 100644 #include #include #include -@@ -212,8 +213,15 @@ extern unsigned long copy_from_user_fixup(void *to, const void __user *from, +@@ -214,8 +215,15 @@ extern unsigned long copy_from_user_fixup(void *to, const void __user *from, static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long size) { @@ -5683,7 +5667,7 @@ index a1091afb..380228e 100644 if (unlikely(ret)) ret = copy_from_user_fixup(to, from, size); -@@ -229,8 +237,15 @@ extern unsigned long copy_to_user_fixup(void __user *to, const void *from, +@@ -231,8 +239,15 @@ extern unsigned long copy_to_user_fixup(void __user *to, const void *from, static inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long size) { @@ -5701,7 +5685,7 @@ index a1091afb..380228e 100644 ret = copy_to_user_fixup(to, from, size); return ret; diff --git a/arch/sparc/kernel/Makefile b/arch/sparc/kernel/Makefile -index cb85458..e063f17 100644 +index 6cf591b..b49e65a 100644 --- a/arch/sparc/kernel/Makefile +++ b/arch/sparc/kernel/Makefile @@ -3,7 +3,7 @@ @@ -5712,21 +5696,12 @@ index cb85458..e063f17 100644 +#ccflags-y := -Werror extra-y := head_$(BITS).o - extra-y += init_task.o + diff --git a/arch/sparc/kernel/process_32.c b/arch/sparc/kernel/process_32.c -index efa0754..74b03fe 100644 +index cb36e82..1c1462f 100644 --- a/arch/sparc/kernel/process_32.c +++ b/arch/sparc/kernel/process_32.c -@@ -200,7 +200,7 @@ void __show_backtrace(unsigned long fp) - rw->ins[4], rw->ins[5], - rw->ins[6], - rw->ins[7]); -- printk("%pS\n", (void *) rw->ins[7]); -+ printk("%pA\n", (void *) rw->ins[7]); - rw = (struct reg_window32 *) rw->ins[6]; - } - spin_unlock_irqrestore(&sparc_backtrace_lock, flags); -@@ -267,14 +267,14 @@ void show_regs(struct pt_regs *r) +@@ -126,14 +126,14 @@ void show_regs(struct pt_regs *r) printk("PSR: %08lx PC: %08lx NPC: %08lx Y: %08lx %s\n", r->psr, r->pc, r->npc, r->y, print_tainted()); @@ -5743,7 +5718,7 @@ index efa0754..74b03fe 100644 printk("%%L: %08lx %08lx %08lx %08lx %08lx %08lx %08lx %08lx\n", rw->locals[0], rw->locals[1], rw->locals[2], rw->locals[3], -@@ -309,7 +309,7 @@ void show_stack(struct task_struct *tsk, unsigned long *_ksp) +@@ -168,7 +168,7 @@ void show_stack(struct task_struct *tsk, unsigned long *_ksp) rw = (struct reg_window32 *) fp; pc = rw->ins[7]; printk("[%08lx : ", pc); @@ -5792,7 +5767,7 @@ index aff0c72..9067b39 100644 (void *) gp->o7, (void *) gp->i7, diff --git a/arch/sparc/kernel/ptrace_64.c b/arch/sparc/kernel/ptrace_64.c -index 6f97c07..b1300ec 100644 +index 484daba..0674139 100644 --- a/arch/sparc/kernel/ptrace_64.c +++ b/arch/sparc/kernel/ptrace_64.c @@ -1057,6 +1057,10 @@ long arch_ptrace(struct task_struct *child, long request, @@ -5808,7 +5783,7 @@ index 6f97c07..b1300ec 100644 int ret = 0; @@ -1064,6 +1068,11 @@ asmlinkage int syscall_trace_enter(struct pt_regs *regs) /* do the secure computing check first */ - secure_computing(regs->u_regs[UREG_G1]); + secure_computing_strict(regs->u_regs[UREG_G1]); +#ifdef CONFIG_GRKERNSEC_SETXID + if (unlikely(test_and_clear_thread_flag(TIF_GRSEC_SETXID))) @@ -5831,11 +5806,11 @@ index 6f97c07..b1300ec 100644 if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) diff --git a/arch/sparc/kernel/sys_sparc_32.c b/arch/sparc/kernel/sys_sparc_32.c -index 42b282f..28ce9f2 100644 +index 0c9b31b..7cb7aee 100644 --- a/arch/sparc/kernel/sys_sparc_32.c +++ b/arch/sparc/kernel/sys_sparc_32.c -@@ -56,7 +56,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi - if (ARCH_SUN4C && len > 0x20000000) +@@ -54,7 +54,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi + if (len > TASK_SIZE - PAGE_SIZE) return -ENOMEM; if (!addr) - addr = TASK_UNMAPPED_BASE; @@ -5843,8 +5818,8 @@ index 42b282f..28ce9f2 100644 if (flags & MAP_SHARED) addr = COLOUR_ALIGN(addr); -@@ -71,7 +71,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi - } +@@ -65,7 +65,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi + /* At this point: (!vmm || addr < vmm->vm_end). */ if (TASK_SIZE - PAGE_SIZE - len < addr) return -ENOMEM; - if (!vmm || addr + len <= vmm->vm_start) @@ -5853,7 +5828,7 @@ index 42b282f..28ce9f2 100644 addr = vmm->vm_end; if (flags & MAP_SHARED) diff --git a/arch/sparc/kernel/sys_sparc_64.c b/arch/sparc/kernel/sys_sparc_64.c -index 3ee51f1..2ba4913 100644 +index 275f74f..81bf5b8 100644 --- a/arch/sparc/kernel/sys_sparc_64.c +++ b/arch/sparc/kernel/sys_sparc_64.c @@ -124,7 +124,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi @@ -6053,7 +6028,7 @@ index 1d7e274..b39c527 100644 or %g3, %g2, %g3 stx %o0, [%sp + PTREGS_OFF + PT_V9_I0] diff --git a/arch/sparc/kernel/traps_32.c b/arch/sparc/kernel/traps_32.c -index d2de213..6b22bc3 100644 +index a5785ea..405c5f7 100644 --- a/arch/sparc/kernel/traps_32.c +++ b/arch/sparc/kernel/traps_32.c @@ -44,6 +44,8 @@ static void instruction_dump(unsigned long *pc) @@ -6086,7 +6061,7 @@ index d2de213..6b22bc3 100644 } diff --git a/arch/sparc/kernel/traps_64.c b/arch/sparc/kernel/traps_64.c -index c72fdf5..743a344 100644 +index 3b05e66..6ea2917 100644 --- a/arch/sparc/kernel/traps_64.c +++ b/arch/sparc/kernel/traps_64.c @@ -75,7 +75,7 @@ static void dump_tl1_traplog(struct tl1_traplog *p) @@ -6227,10 +6202,10 @@ index c72fdf5..743a344 100644 } EXPORT_SYMBOL(die_if_kernel); diff --git a/arch/sparc/kernel/unaligned_64.c b/arch/sparc/kernel/unaligned_64.c -index dae85bc..af1e19d 100644 +index f81d038..e7a4680 100644 --- a/arch/sparc/kernel/unaligned_64.c +++ b/arch/sparc/kernel/unaligned_64.c -@@ -279,7 +279,7 @@ static void log_unaligned(struct pt_regs *regs) +@@ -278,7 +278,7 @@ static void log_unaligned(struct pt_regs *regs) static DEFINE_RATELIMIT_STATE(ratelimit, 5 * HZ, 5); if (__ratelimit(&ratelimit)) { @@ -6240,7 +6215,7 @@ index dae85bc..af1e19d 100644 } } diff --git a/arch/sparc/lib/Makefile b/arch/sparc/lib/Makefile -index a3fc437..fea9957 100644 +index dff4096..bd9a388 100644 --- a/arch/sparc/lib/Makefile +++ b/arch/sparc/lib/Makefile @@ -2,7 +2,7 @@ @@ -6250,14 +6225,14 @@ index a3fc437..fea9957 100644 -ccflags-y := -Werror +#ccflags-y := -Werror - lib-$(CONFIG_SPARC32) += mul.o rem.o sdiv.o udiv.o umul.o urem.o ashrdi3.o + lib-$(CONFIG_SPARC32) += ashrdi3.o lib-$(CONFIG_SPARC32) += memcpy.o memset.o diff --git a/arch/sparc/lib/atomic_64.S b/arch/sparc/lib/atomic_64.S -index 59186e0..f747d7a 100644 +index 4d502da..527c48d 100644 --- a/arch/sparc/lib/atomic_64.S +++ b/arch/sparc/lib/atomic_64.S -@@ -18,7 +18,12 @@ - atomic_add: /* %o0 = increment, %o1 = atomic_ptr */ +@@ -17,7 +17,12 @@ + ENTRY(atomic_add) /* %o0 = increment, %o1 = atomic_ptr */ BACKOFF_SETUP(%o2) 1: lduw [%o1], %g1 - add %g1, %o0, %g7 @@ -6270,13 +6245,11 @@ index 59186e0..f747d7a 100644 cas [%o1], %g1, %g7 cmp %g1, %g7 bne,pn %icc, BACKOFF_LABEL(2f, 1b) -@@ -28,12 +33,32 @@ atomic_add: /* %o0 = increment, %o1 = atomic_ptr */ +@@ -27,10 +32,28 @@ ENTRY(atomic_add) /* %o0 = increment, %o1 = atomic_ptr */ 2: BACKOFF_SPIN(%o2, %o3, 1b) - .size atomic_add, .-atomic_add + ENDPROC(atomic_add) -+ .globl atomic_add_unchecked -+ .type atomic_add_unchecked,#function -+atomic_add_unchecked: /* %o0 = increment, %o1 = atomic_ptr */ ++ENTRY(atomic_add_unchecked) /* %o0 = increment, %o1 = atomic_ptr */ + BACKOFF_SETUP(%o2) +1: lduw [%o1], %g1 + add %g1, %o0, %g7 @@ -6287,11 +6260,9 @@ index 59186e0..f747d7a 100644 + retl + nop +2: BACKOFF_SPIN(%o2, %o3, 1b) -+ .size atomic_add_unchecked, .-atomic_add_unchecked ++ENDPROC(atomic_add_unchecked) + - .globl atomic_sub - .type atomic_sub,#function - atomic_sub: /* %o0 = decrement, %o1 = atomic_ptr */ + ENTRY(atomic_sub) /* %o0 = decrement, %o1 = atomic_ptr */ BACKOFF_SETUP(%o2) 1: lduw [%o1], %g1 - sub %g1, %o0, %g7 @@ -6304,13 +6275,11 @@ index 59186e0..f747d7a 100644 cas [%o1], %g1, %g7 cmp %g1, %g7 bne,pn %icc, BACKOFF_LABEL(2f, 1b) -@@ -43,12 +68,32 @@ atomic_sub: /* %o0 = decrement, %o1 = atomic_ptr */ +@@ -40,10 +63,28 @@ ENTRY(atomic_sub) /* %o0 = decrement, %o1 = atomic_ptr */ 2: BACKOFF_SPIN(%o2, %o3, 1b) - .size atomic_sub, .-atomic_sub + ENDPROC(atomic_sub) -+ .globl atomic_sub_unchecked -+ .type atomic_sub_unchecked,#function -+atomic_sub_unchecked: /* %o0 = decrement, %o1 = atomic_ptr */ ++ENTRY(atomic_sub_unchecked) /* %o0 = decrement, %o1 = atomic_ptr */ + BACKOFF_SETUP(%o2) +1: lduw [%o1], %g1 + sub %g1, %o0, %g7 @@ -6321,11 +6290,9 @@ index 59186e0..f747d7a 100644 + retl + nop +2: BACKOFF_SPIN(%o2, %o3, 1b) -+ .size atomic_sub_unchecked, .-atomic_sub_unchecked ++ENDPROC(atomic_sub_unchecked) + - .globl atomic_add_ret - .type atomic_add_ret,#function - atomic_add_ret: /* %o0 = increment, %o1 = atomic_ptr */ + ENTRY(atomic_add_ret) /* %o0 = increment, %o1 = atomic_ptr */ BACKOFF_SETUP(%o2) 1: lduw [%o1], %g1 - add %g1, %o0, %g7 @@ -6338,13 +6305,11 @@ index 59186e0..f747d7a 100644 cas [%o1], %g1, %g7 cmp %g1, %g7 bne,pn %icc, BACKOFF_LABEL(2f, 1b) -@@ -58,12 +103,33 @@ atomic_add_ret: /* %o0 = increment, %o1 = atomic_ptr */ +@@ -53,10 +94,29 @@ ENTRY(atomic_add_ret) /* %o0 = increment, %o1 = atomic_ptr */ 2: BACKOFF_SPIN(%o2, %o3, 1b) - .size atomic_add_ret, .-atomic_add_ret + ENDPROC(atomic_add_ret) -+ .globl atomic_add_ret_unchecked -+ .type atomic_add_ret_unchecked,#function -+atomic_add_ret_unchecked: /* %o0 = increment, %o1 = atomic_ptr */ ++ENTRY(atomic_add_ret_unchecked) /* %o0 = increment, %o1 = atomic_ptr */ + BACKOFF_SETUP(%o2) +1: lduw [%o1], %g1 + addcc %g1, %o0, %g7 @@ -6356,11 +6321,9 @@ index 59186e0..f747d7a 100644 + retl + nop +2: BACKOFF_SPIN(%o2, %o3, 1b) -+ .size atomic_add_ret_unchecked, .-atomic_add_ret_unchecked ++ENDPROC(atomic_add_ret_unchecked) + - .globl atomic_sub_ret - .type atomic_sub_ret,#function - atomic_sub_ret: /* %o0 = decrement, %o1 = atomic_ptr */ + ENTRY(atomic_sub_ret) /* %o0 = decrement, %o1 = atomic_ptr */ BACKOFF_SETUP(%o2) 1: lduw [%o1], %g1 - sub %g1, %o0, %g7 @@ -6373,8 +6336,8 @@ index 59186e0..f747d7a 100644 cas [%o1], %g1, %g7 cmp %g1, %g7 bne,pn %icc, BACKOFF_LABEL(2f, 1b) -@@ -78,7 +144,12 @@ atomic_sub_ret: /* %o0 = decrement, %o1 = atomic_ptr */ - atomic64_add: /* %o0 = increment, %o1 = atomic_ptr */ +@@ -69,7 +129,12 @@ ENDPROC(atomic_sub_ret) + ENTRY(atomic64_add) /* %o0 = increment, %o1 = atomic_ptr */ BACKOFF_SETUP(%o2) 1: ldx [%o1], %g1 - add %g1, %o0, %g7 @@ -6387,13 +6350,11 @@ index 59186e0..f747d7a 100644 casx [%o1], %g1, %g7 cmp %g1, %g7 bne,pn %xcc, BACKOFF_LABEL(2f, 1b) -@@ -88,12 +159,32 @@ atomic64_add: /* %o0 = increment, %o1 = atomic_ptr */ +@@ -79,10 +144,28 @@ ENTRY(atomic64_add) /* %o0 = increment, %o1 = atomic_ptr */ 2: BACKOFF_SPIN(%o2, %o3, 1b) - .size atomic64_add, .-atomic64_add + ENDPROC(atomic64_add) -+ .globl atomic64_add_unchecked -+ .type atomic64_add_unchecked,#function -+atomic64_add_unchecked: /* %o0 = increment, %o1 = atomic_ptr */ ++ENTRY(atomic64_add_unchecked) /* %o0 = increment, %o1 = atomic_ptr */ + BACKOFF_SETUP(%o2) +1: ldx [%o1], %g1 + addcc %g1, %o0, %g7 @@ -6404,11 +6365,9 @@ index 59186e0..f747d7a 100644 + retl + nop +2: BACKOFF_SPIN(%o2, %o3, 1b) -+ .size atomic64_add_unchecked, .-atomic64_add_unchecked ++ENDPROC(atomic64_add_unchecked) + - .globl atomic64_sub - .type atomic64_sub,#function - atomic64_sub: /* %o0 = decrement, %o1 = atomic_ptr */ + ENTRY(atomic64_sub) /* %o0 = decrement, %o1 = atomic_ptr */ BACKOFF_SETUP(%o2) 1: ldx [%o1], %g1 - sub %g1, %o0, %g7 @@ -6421,13 +6380,11 @@ index 59186e0..f747d7a 100644 casx [%o1], %g1, %g7 cmp %g1, %g7 bne,pn %xcc, BACKOFF_LABEL(2f, 1b) -@@ -103,12 +194,32 @@ atomic64_sub: /* %o0 = decrement, %o1 = atomic_ptr */ +@@ -92,10 +175,28 @@ ENTRY(atomic64_sub) /* %o0 = decrement, %o1 = atomic_ptr */ 2: BACKOFF_SPIN(%o2, %o3, 1b) - .size atomic64_sub, .-atomic64_sub + ENDPROC(atomic64_sub) -+ .globl atomic64_sub_unchecked -+ .type atomic64_sub_unchecked,#function -+atomic64_sub_unchecked: /* %o0 = decrement, %o1 = atomic_ptr */ ++ENTRY(atomic64_sub_unchecked) /* %o0 = decrement, %o1 = atomic_ptr */ + BACKOFF_SETUP(%o2) +1: ldx [%o1], %g1 + subcc %g1, %o0, %g7 @@ -6438,11 +6395,9 @@ index 59186e0..f747d7a 100644 + retl + nop +2: BACKOFF_SPIN(%o2, %o3, 1b) -+ .size atomic64_sub_unchecked, .-atomic64_sub_unchecked ++ENDPROC(atomic64_sub_unchecked) + - .globl atomic64_add_ret - .type atomic64_add_ret,#function - atomic64_add_ret: /* %o0 = increment, %o1 = atomic_ptr */ + ENTRY(atomic64_add_ret) /* %o0 = increment, %o1 = atomic_ptr */ BACKOFF_SETUP(%o2) 1: ldx [%o1], %g1 - add %g1, %o0, %g7 @@ -6455,13 +6410,11 @@ index 59186e0..f747d7a 100644 casx [%o1], %g1, %g7 cmp %g1, %g7 bne,pn %xcc, BACKOFF_LABEL(2f, 1b) -@@ -118,12 +229,33 @@ atomic64_add_ret: /* %o0 = increment, %o1 = atomic_ptr */ +@@ -105,10 +206,29 @@ ENTRY(atomic64_add_ret) /* %o0 = increment, %o1 = atomic_ptr */ 2: BACKOFF_SPIN(%o2, %o3, 1b) - .size atomic64_add_ret, .-atomic64_add_ret + ENDPROC(atomic64_add_ret) -+ .globl atomic64_add_ret_unchecked -+ .type atomic64_add_ret_unchecked,#function -+atomic64_add_ret_unchecked: /* %o0 = increment, %o1 = atomic_ptr */ ++ENTRY(atomic64_add_ret_unchecked) /* %o0 = increment, %o1 = atomic_ptr */ + BACKOFF_SETUP(%o2) +1: ldx [%o1], %g1 + addcc %g1, %o0, %g7 @@ -6473,11 +6426,9 @@ index 59186e0..f747d7a 100644 + retl + nop +2: BACKOFF_SPIN(%o2, %o3, 1b) -+ .size atomic64_add_ret_unchecked, .-atomic64_add_ret_unchecked ++ENDPROC(atomic64_add_ret_unchecked) + - .globl atomic64_sub_ret - .type atomic64_sub_ret,#function - atomic64_sub_ret: /* %o0 = decrement, %o1 = atomic_ptr */ + ENTRY(atomic64_sub_ret) /* %o0 = decrement, %o1 = atomic_ptr */ BACKOFF_SETUP(%o2) 1: ldx [%o1], %g1 - sub %g1, %o0, %g7 @@ -6491,10 +6442,10 @@ index 59186e0..f747d7a 100644 cmp %g1, %g7 bne,pn %xcc, BACKOFF_LABEL(2f, 1b) diff --git a/arch/sparc/lib/ksyms.c b/arch/sparc/lib/ksyms.c -index f73c224..662af10 100644 +index 3b31218..345c609 100644 --- a/arch/sparc/lib/ksyms.c +++ b/arch/sparc/lib/ksyms.c -@@ -136,12 +136,18 @@ EXPORT_SYMBOL(__downgrade_write); +@@ -109,12 +109,18 @@ EXPORT_SYMBOL(__downgrade_write); /* Atomic counter implementation. */ EXPORT_SYMBOL(atomic_add); @@ -6514,7 +6465,7 @@ index f73c224..662af10 100644 /* Atomic bit operations. */ diff --git a/arch/sparc/mm/Makefile b/arch/sparc/mm/Makefile -index 301421c..e2535d1 100644 +index 30c3ecc..736f015 100644 --- a/arch/sparc/mm/Makefile +++ b/arch/sparc/mm/Makefile @@ -2,7 +2,7 @@ @@ -6527,7 +6478,7 @@ index 301421c..e2535d1 100644 obj-$(CONFIG_SPARC64) += ultra.o tlb.o tsb.o gup.o obj-y += fault_$(BITS).o diff --git a/arch/sparc/mm/fault_32.c b/arch/sparc/mm/fault_32.c -index df3155a..b6e32fa 100644 +index f46cf6b..cc0666bae 100644 --- a/arch/sparc/mm/fault_32.c +++ b/arch/sparc/mm/fault_32.c @@ -21,6 +21,9 @@ @@ -6540,7 +6491,7 @@ index df3155a..b6e32fa 100644 #include #include -@@ -207,6 +210,277 @@ static unsigned long compute_si_addr(struct pt_regs *regs, int text_fault) +@@ -177,6 +180,277 @@ static unsigned long compute_si_addr(struct pt_regs *regs, int text_fault) return safe_compute_effective_address(regs, insn); } @@ -6818,8 +6769,8 @@ index df3155a..b6e32fa 100644 static noinline void do_fault_siginfo(int code, int sig, struct pt_regs *regs, int text_fault) { -@@ -282,6 +556,24 @@ good_area: - if(!(vma->vm_flags & VM_WRITE)) +@@ -248,6 +522,24 @@ good_area: + if (!(vma->vm_flags & VM_WRITE)) goto bad_area; } else { + @@ -6841,7 +6792,7 @@ index df3155a..b6e32fa 100644 +#endif + /* Allow reads even for write-only mappings */ - if(!(vma->vm_flags & (VM_READ | VM_EXEC))) + if (!(vma->vm_flags & (VM_READ | VM_EXEC))) goto bad_area; diff --git a/arch/sparc/mm/fault_64.c b/arch/sparc/mm/fault_64.c index 1fe0429..8dd5dd5 100644 @@ -7426,62 +7377,6 @@ index 07e1453..0a7d9e9 100644 return addr; } if (mm->get_unmapped_area == arch_get_unmapped_area) -diff --git a/arch/sparc/mm/init_32.c b/arch/sparc/mm/init_32.c -index c5f9021..7591bae 100644 ---- a/arch/sparc/mm/init_32.c -+++ b/arch/sparc/mm/init_32.c -@@ -315,6 +315,9 @@ extern void device_scan(void); - pgprot_t PAGE_SHARED __read_mostly; - EXPORT_SYMBOL(PAGE_SHARED); - -+pgprot_t PAGE_SHARED_NOEXEC __read_mostly; -+EXPORT_SYMBOL(PAGE_SHARED_NOEXEC); -+ - void __init paging_init(void) - { - switch(sparc_cpu_model) { -@@ -343,17 +346,17 @@ void __init paging_init(void) - - /* Initialize the protection map with non-constant, MMU dependent values. */ - protection_map[0] = PAGE_NONE; -- protection_map[1] = PAGE_READONLY; -- protection_map[2] = PAGE_COPY; -- protection_map[3] = PAGE_COPY; -+ protection_map[1] = PAGE_READONLY_NOEXEC; -+ protection_map[2] = PAGE_COPY_NOEXEC; -+ protection_map[3] = PAGE_COPY_NOEXEC; - protection_map[4] = PAGE_READONLY; - protection_map[5] = PAGE_READONLY; - protection_map[6] = PAGE_COPY; - protection_map[7] = PAGE_COPY; - protection_map[8] = PAGE_NONE; -- protection_map[9] = PAGE_READONLY; -- protection_map[10] = PAGE_SHARED; -- protection_map[11] = PAGE_SHARED; -+ protection_map[9] = PAGE_READONLY_NOEXEC; -+ protection_map[10] = PAGE_SHARED_NOEXEC; -+ protection_map[11] = PAGE_SHARED_NOEXEC; - protection_map[12] = PAGE_READONLY; - protection_map[13] = PAGE_READONLY; - protection_map[14] = PAGE_SHARED; -diff --git a/arch/sparc/mm/srmmu.c b/arch/sparc/mm/srmmu.c -index cbef74e..c38fead 100644 ---- a/arch/sparc/mm/srmmu.c -+++ b/arch/sparc/mm/srmmu.c -@@ -2200,6 +2200,13 @@ void __init ld_mmu_srmmu(void) - PAGE_SHARED = pgprot_val(SRMMU_PAGE_SHARED); - BTFIXUPSET_INT(page_copy, pgprot_val(SRMMU_PAGE_COPY)); - BTFIXUPSET_INT(page_readonly, pgprot_val(SRMMU_PAGE_RDONLY)); -+ -+#ifdef CONFIG_PAX_PAGEEXEC -+ PAGE_SHARED_NOEXEC = pgprot_val(SRMMU_PAGE_SHARED_NOEXEC); -+ BTFIXUPSET_INT(page_copy_noexec, pgprot_val(SRMMU_PAGE_COPY_NOEXEC)); -+ BTFIXUPSET_INT(page_readonly_noexec, pgprot_val(SRMMU_PAGE_RDONLY_NOEXEC)); -+#endif -+ - BTFIXUPSET_INT(page_kernel, pgprot_val(SRMMU_PAGE_KERNEL)); - page_kernel = pgprot_val(SRMMU_PAGE_KERNEL); - diff --git a/arch/tile/include/asm/atomic_64.h b/arch/tile/include/asm/atomic_64.h index f4500c6..889656c 100644 --- a/arch/tile/include/asm/atomic_64.h @@ -7522,10 +7417,10 @@ index 392e533..536b092 100644 /* bytes per L2 cache line */ #define L2_CACHE_SHIFT CHIP_L2_LOG_LINE_SIZE() diff --git a/arch/tile/include/asm/uaccess.h b/arch/tile/include/asm/uaccess.h -index ef34d2c..d6ce60c 100644 +index 9ab078a..d6635c2 100644 --- a/arch/tile/include/asm/uaccess.h +++ b/arch/tile/include/asm/uaccess.h -@@ -361,9 +361,9 @@ static inline unsigned long __must_check copy_from_user(void *to, +@@ -403,9 +403,9 @@ static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n) { @@ -7538,7 +7433,7 @@ index ef34d2c..d6ce60c 100644 else copy_from_user_overflow(); diff --git a/arch/um/Makefile b/arch/um/Makefile -index 55c0661..86ad413 100644 +index 0970910..13adb57a 100644 --- a/arch/um/Makefile +++ b/arch/um/Makefile @@ -62,6 +62,10 @@ USER_CFLAGS = $(patsubst $(KERNEL_DEFINES),,$(patsubst -D__KERNEL__,,\ @@ -7611,10 +7506,10 @@ index 0032f92..cd151e0 100644 #ifdef CONFIG_64BIT #define set_pud(pudptr, pudval) set_64bit((u64 *) (pudptr), pud_val(pudval)) diff --git a/arch/um/kernel/process.c b/arch/um/kernel/process.c -index 2b73ded..804f540 100644 +index ccb9a9d..cc425bb 100644 --- a/arch/um/kernel/process.c +++ b/arch/um/kernel/process.c -@@ -404,22 +404,6 @@ int singlestepping(void * t) +@@ -407,22 +407,6 @@ int singlestepping(void * t) return 2; } @@ -7655,10 +7550,10 @@ index ad8f795..2c7eec6 100644 /* * Memory returned by kmalloc() may be used for DMA, so we must make diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index c9866b0..fe53aef 100644 +index c70684f..698fa4b 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig -@@ -229,7 +229,7 @@ config X86_HT +@@ -218,7 +218,7 @@ config X86_HT config X86_32_LAZY_GS def_bool y @@ -7667,7 +7562,7 @@ index c9866b0..fe53aef 100644 config ARCH_HWEIGHT_CFLAGS string -@@ -1042,7 +1042,7 @@ choice +@@ -1047,7 +1047,7 @@ choice config NOHIGHMEM bool "off" @@ -7676,7 +7571,7 @@ index c9866b0..fe53aef 100644 ---help--- Linux can use up to 64 Gigabytes of physical memory on x86 systems. However, the address space of 32-bit x86 processors is only 4 -@@ -1079,7 +1079,7 @@ config NOHIGHMEM +@@ -1084,7 +1084,7 @@ config NOHIGHMEM config HIGHMEM4G bool "4GB" @@ -7685,7 +7580,7 @@ index c9866b0..fe53aef 100644 ---help--- Select this if you have a 32-bit processor and between 1 and 4 gigabytes of physical RAM. -@@ -1133,7 +1133,7 @@ config PAGE_OFFSET +@@ -1138,7 +1138,7 @@ config PAGE_OFFSET hex default 0xB0000000 if VMSPLIT_3G_OPT default 0x80000000 if VMSPLIT_2G @@ -7694,7 +7589,7 @@ index c9866b0..fe53aef 100644 default 0x40000000 if VMSPLIT_1G default 0xC0000000 depends on X86_32 -@@ -1523,6 +1523,7 @@ config SECCOMP +@@ -1526,6 +1526,7 @@ config SECCOMP config CC_STACKPROTECTOR bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)" @@ -7702,7 +7597,7 @@ index c9866b0..fe53aef 100644 ---help--- This option turns on the -fstack-protector GCC feature. This feature puts, at the beginning of functions, a canary value on -@@ -1580,6 +1581,7 @@ config KEXEC_JUMP +@@ -1583,6 +1584,7 @@ config KEXEC_JUMP config PHYSICAL_START hex "Physical address where the kernel is loaded" if (EXPERT || CRASH_DUMP) default "0x1000000" @@ -7710,7 +7605,7 @@ index c9866b0..fe53aef 100644 ---help--- This gives the physical address where the kernel is loaded. -@@ -1643,6 +1645,7 @@ config X86_NEED_RELOCS +@@ -1646,6 +1648,7 @@ config X86_NEED_RELOCS config PHYSICAL_ALIGN hex "Alignment value to which kernel should be aligned" if X86_32 default "0x1000000" @@ -7718,7 +7613,7 @@ index c9866b0..fe53aef 100644 range 0x2000 0x1000000 ---help--- This value puts the alignment restrictions on physical address -@@ -1674,9 +1677,10 @@ config HOTPLUG_CPU +@@ -1677,9 +1680,10 @@ config HOTPLUG_CPU Say N if you want to disable CPU hotplug. config COMPAT_VDSO @@ -7793,7 +7688,7 @@ index e46c214..ab62fd1 100644 Enabling this option turns a certain set of sanity checks for user copy operations into compile time failures. diff --git a/arch/x86/Makefile b/arch/x86/Makefile -index b1c611e..2c1a823 100644 +index 1f25214..39422b3 100644 --- a/arch/x86/Makefile +++ b/arch/x86/Makefile @@ -46,6 +46,7 @@ else @@ -7890,10 +7785,10 @@ index e398bb5..3a382ca 100644 KBUILD_AFLAGS := $(KBUILD_CFLAGS) -D__ASSEMBLY__ GCOV_PROFILE := n diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c -index 0cdfc0d..6e79437 100644 +index 4e85f5f..39fa641 100644 --- a/arch/x86/boot/compressed/eboot.c +++ b/arch/x86/boot/compressed/eboot.c -@@ -122,7 +122,6 @@ again: +@@ -142,7 +142,6 @@ again: *addr = max_addr; } @@ -7901,7 +7796,7 @@ index 0cdfc0d..6e79437 100644 efi_call_phys1(sys_table->boottime->free_pool, map); fail: -@@ -186,7 +185,6 @@ static efi_status_t low_alloc(unsigned long size, unsigned long align, +@@ -206,7 +205,6 @@ static efi_status_t low_alloc(unsigned long size, unsigned long align, if (i == map_size / desc_size) status = EFI_NOT_FOUND; @@ -8085,10 +7980,10 @@ index 4d3ff03..e4972ff 100644 err = check_flags(); } diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S -index f1bbeeb..aff09cb 100644 +index efe5acf..22a3784 100644 --- a/arch/x86/boot/header.S +++ b/arch/x86/boot/header.S -@@ -372,7 +372,7 @@ setup_data: .quad 0 # 64-bit physical pointer to +@@ -391,10 +391,14 @@ setup_data: .quad 0 # 64-bit physical pointer to # single linked list of # struct setup_data @@ -8096,7 +7991,14 @@ index f1bbeeb..aff09cb 100644 +pref_address: .quad ____LOAD_PHYSICAL_ADDR # preferred load addr #define ZO_INIT_SIZE (ZO__end - ZO_startup_32 + ZO_z_extract_offset) ++#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) ++#define VO_INIT_SIZE (VO__end - VO__text - __PAGE_OFFSET - ____LOAD_PHYSICAL_ADDR) ++#else #define VO_INIT_SIZE (VO__end - VO__text) ++#endif + #if ZO_INIT_SIZE > VO_INIT_SIZE + #define INIT_SIZE ZO_INIT_SIZE + #else diff --git a/arch/x86/boot/memory.c b/arch/x86/boot/memory.c index db75d07..8e6d0af 100644 --- a/arch/x86/boot/memory.c @@ -8624,10 +8526,10 @@ index 07b3a68..bd2a388 100644 set_fs(KERNEL_DS); has_dumped = 1; diff --git a/arch/x86/ia32/ia32_signal.c b/arch/x86/ia32/ia32_signal.c -index 4f5bfac..e1ef0d3 100644 +index 673ac9b..7a8c5df 100644 --- a/arch/x86/ia32/ia32_signal.c +++ b/arch/x86/ia32/ia32_signal.c -@@ -168,7 +168,7 @@ asmlinkage long sys32_sigaltstack(const stack_ia32_t __user *uss_ptr, +@@ -162,7 +162,7 @@ asmlinkage long sys32_sigaltstack(const stack_ia32_t __user *uss_ptr, } seg = get_fs(); set_fs(KERNEL_DS); @@ -8636,7 +8538,7 @@ index 4f5bfac..e1ef0d3 100644 set_fs(seg); if (ret >= 0 && uoss_ptr) { if (!access_ok(VERIFY_WRITE, uoss_ptr, sizeof(stack_ia32_t))) -@@ -369,7 +369,7 @@ static int ia32_setup_sigcontext(struct sigcontext_ia32 __user *sc, +@@ -361,7 +361,7 @@ static int ia32_setup_sigcontext(struct sigcontext_ia32 __user *sc, */ static void __user *get_sigframe(struct k_sigaction *ka, struct pt_regs *regs, size_t frame_size, @@ -8645,7 +8547,7 @@ index 4f5bfac..e1ef0d3 100644 { unsigned long sp; -@@ -390,7 +390,7 @@ static void __user *get_sigframe(struct k_sigaction *ka, struct pt_regs *regs, +@@ -382,7 +382,7 @@ static void __user *get_sigframe(struct k_sigaction *ka, struct pt_regs *regs, if (used_math()) { sp = sp - sig_xstate_ia32_size; @@ -8654,7 +8556,7 @@ index 4f5bfac..e1ef0d3 100644 if (save_i387_xstate_ia32(*fpstate) < 0) return (void __user *) -1L; } -@@ -398,7 +398,7 @@ static void __user *get_sigframe(struct k_sigaction *ka, struct pt_regs *regs, +@@ -390,7 +390,7 @@ static void __user *get_sigframe(struct k_sigaction *ka, struct pt_regs *regs, sp -= frame_size; /* Align the stack pointer according to the i386 ABI, * i.e. so that on function entry ((sp + 4) & 15) == 0. */ @@ -8663,7 +8565,7 @@ index 4f5bfac..e1ef0d3 100644 return (void __user *) sp; } -@@ -456,7 +456,7 @@ int ia32_setup_frame(int sig, struct k_sigaction *ka, +@@ -448,7 +448,7 @@ int ia32_setup_frame(int sig, struct k_sigaction *ka, * These are actually not used anymore, but left because some * gdb versions depend on them as a marker. */ @@ -8672,7 +8574,7 @@ index 4f5bfac..e1ef0d3 100644 } put_user_catch(err); if (err) -@@ -498,7 +498,7 @@ int ia32_setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, +@@ -490,7 +490,7 @@ int ia32_setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, 0xb8, __NR_ia32_rt_sigreturn, 0x80cd, @@ -8681,7 +8583,7 @@ index 4f5bfac..e1ef0d3 100644 }; frame = get_sigframe(ka, regs, sizeof(*frame), &fpstate); -@@ -528,16 +528,18 @@ int ia32_setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, +@@ -520,16 +520,18 @@ int ia32_setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, if (ka->sa.sa_flags & SA_RESTORER) restorer = ka->sa.sa_restorer; @@ -8704,13 +8606,13 @@ index 4f5bfac..e1ef0d3 100644 if (err) diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S -index e3e7340..05ed805 100644 +index 20e5f7b..eab8751 100644 --- a/arch/x86/ia32/ia32entry.S +++ b/arch/x86/ia32/ia32entry.S -@@ -13,8 +13,10 @@ - #include +@@ -14,8 +14,10 @@ #include #include + #include +#include #include #include @@ -8718,7 +8620,7 @@ index e3e7340..05ed805 100644 /* Avoid __ASSEMBLER__'ifying just for this. */ #include -@@ -94,6 +96,32 @@ ENTRY(native_irq_enable_sysexit) +@@ -95,6 +97,32 @@ ENTRY(native_irq_enable_sysexit) ENDPROC(native_irq_enable_sysexit) #endif @@ -8751,7 +8653,7 @@ index e3e7340..05ed805 100644 /* * 32bit SYSENTER instruction entry. * -@@ -120,12 +148,6 @@ ENTRY(ia32_sysenter_target) +@@ -121,12 +149,6 @@ ENTRY(ia32_sysenter_target) CFI_REGISTER rsp,rbp SWAPGS_UNSAFE_STACK movq PER_CPU_VAR(kernel_stack), %rsp @@ -8764,7 +8666,7 @@ index e3e7340..05ed805 100644 movl %ebp,%ebp /* zero extension */ pushq_cfi $__USER32_DS /*CFI_REL_OFFSET ss,0*/ -@@ -133,24 +155,39 @@ ENTRY(ia32_sysenter_target) +@@ -134,22 +156,37 @@ ENTRY(ia32_sysenter_target) CFI_REL_OFFSET rsp,0 pushfq_cfi /*CFI_REL_OFFSET rflags,0*/ @@ -8798,9 +8700,7 @@ index e3e7340..05ed805 100644 +#endif + 1: movl (%rbp),%ebp - .section __ex_table,"a" - .quad 1b,ia32_badarg - .previous + _ASM_EXTABLE(1b,ia32_badarg) - orl $TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET) - testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET) + GET_THREAD_INFO(%r11) @@ -8809,7 +8709,7 @@ index e3e7340..05ed805 100644 CFI_REMEMBER_STATE jnz sysenter_tracesys cmpq $(IA32_NR_syscalls-1),%rax -@@ -160,12 +197,15 @@ sysenter_do_call: +@@ -159,12 +196,15 @@ sysenter_do_call: sysenter_dispatch: call *ia32_sys_call_table(,%rax,8) movq %rax,RAX-ARGOFFSET(%rsp) @@ -8827,7 +8727,7 @@ index e3e7340..05ed805 100644 /* clear IF, that popfq doesn't enable interrupts early */ andl $~0x200,EFLAGS-R11(%rsp) movl RIP-R11(%rsp),%edx /* User %eip */ -@@ -191,6 +231,9 @@ sysexit_from_sys_call: +@@ -190,6 +230,9 @@ sysexit_from_sys_call: movl %eax,%esi /* 2nd arg: syscall number */ movl $AUDIT_ARCH_I386,%edi /* 1st arg: audit arch */ call __audit_syscall_entry @@ -8837,7 +8737,7 @@ index e3e7340..05ed805 100644 movl RAX-ARGOFFSET(%rsp),%eax /* reload syscall number */ cmpq $(IA32_NR_syscalls-1),%rax ja ia32_badsys -@@ -202,7 +245,7 @@ sysexit_from_sys_call: +@@ -201,7 +244,7 @@ sysexit_from_sys_call: .endm .macro auditsys_exit exit @@ -8846,7 +8746,7 @@ index e3e7340..05ed805 100644 jnz ia32_ret_from_sys_call TRACE_IRQS_ON sti -@@ -213,11 +256,12 @@ sysexit_from_sys_call: +@@ -212,11 +255,12 @@ sysexit_from_sys_call: 1: setbe %al /* 1 if error, 0 if not */ movzbl %al,%edi /* zero-extend that into %edi */ call __audit_syscall_exit @@ -8860,7 +8760,7 @@ index e3e7340..05ed805 100644 jz \exit CLEAR_RREGS -ARGOFFSET jmp int_with_check -@@ -235,7 +279,7 @@ sysexit_audit: +@@ -234,7 +278,7 @@ sysexit_audit: sysenter_tracesys: #ifdef CONFIG_AUDITSYSCALL @@ -8869,7 +8769,7 @@ index e3e7340..05ed805 100644 jz sysenter_auditsys #endif SAVE_REST -@@ -243,6 +287,9 @@ sysenter_tracesys: +@@ -242,6 +286,9 @@ sysenter_tracesys: movq $-ENOSYS,RAX(%rsp)/* ptrace can change this for a bad syscall */ movq %rsp,%rdi /* &pt_regs -> arg1 */ call syscall_trace_enter @@ -8879,7 +8779,7 @@ index e3e7340..05ed805 100644 LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace changed it */ RESTORE_REST cmpq $(IA32_NR_syscalls-1),%rax -@@ -274,19 +321,20 @@ ENDPROC(ia32_sysenter_target) +@@ -273,19 +320,20 @@ ENDPROC(ia32_sysenter_target) ENTRY(ia32_cstar_target) CFI_STARTPROC32 simple CFI_SIGNAL_FRAME @@ -8902,7 +8802,7 @@ index e3e7340..05ed805 100644 movl %eax,%eax /* zero extension */ movq %rax,ORIG_RAX-ARGOFFSET(%rsp) movq %rcx,RIP-ARGOFFSET(%rsp) -@@ -302,12 +350,19 @@ ENTRY(ia32_cstar_target) +@@ -301,10 +349,17 @@ ENTRY(ia32_cstar_target) /* no need to do an access_ok check here because r8 has been 32bit zero extended */ /* hardware stack frame is complete now */ @@ -8913,9 +8813,7 @@ index e3e7340..05ed805 100644 +#endif + 1: movl (%r8),%r9d - .section __ex_table,"a" - .quad 1b,ia32_badarg - .previous + _ASM_EXTABLE(1b,ia32_badarg) - orl $TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET) - testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET) + GET_THREAD_INFO(%r11) @@ -8924,7 +8822,7 @@ index e3e7340..05ed805 100644 CFI_REMEMBER_STATE jnz cstar_tracesys cmpq $IA32_NR_syscalls-1,%rax -@@ -317,12 +372,15 @@ cstar_do_call: +@@ -314,12 +369,15 @@ cstar_do_call: cstar_dispatch: call *ia32_sys_call_table(,%rax,8) movq %rax,RAX-ARGOFFSET(%rsp) @@ -8942,7 +8840,7 @@ index e3e7340..05ed805 100644 RESTORE_ARGS 0,-ARG_SKIP,0,0,0 movl RIP-ARGOFFSET(%rsp),%ecx CFI_REGISTER rip,rcx -@@ -350,7 +408,7 @@ sysretl_audit: +@@ -347,7 +405,7 @@ sysretl_audit: cstar_tracesys: #ifdef CONFIG_AUDITSYSCALL @@ -8951,7 +8849,7 @@ index e3e7340..05ed805 100644 jz cstar_auditsys #endif xchgl %r9d,%ebp -@@ -359,6 +417,9 @@ cstar_tracesys: +@@ -356,6 +414,9 @@ cstar_tracesys: movq $-ENOSYS,RAX(%rsp) /* ptrace can change this for a bad syscall */ movq %rsp,%rdi /* &pt_regs -> arg1 */ call syscall_trace_enter @@ -8961,7 +8859,7 @@ index e3e7340..05ed805 100644 LOAD_ARGS32 ARGOFFSET, 1 /* reload args from stack in case ptrace changed it */ RESTORE_REST xchgl %ebp,%r9d -@@ -404,19 +465,21 @@ ENTRY(ia32_syscall) +@@ -401,19 +462,21 @@ ENTRY(ia32_syscall) CFI_REL_OFFSET rip,RIP-RIP PARAVIRT_ADJUST_EXCEPTION_FRAME SWAPGS @@ -8990,7 +8888,7 @@ index e3e7340..05ed805 100644 jnz ia32_tracesys cmpq $(IA32_NR_syscalls-1),%rax ja ia32_badsys -@@ -435,6 +498,9 @@ ia32_tracesys: +@@ -432,6 +495,9 @@ ia32_tracesys: movq $-ENOSYS,RAX(%rsp) /* ptrace can change this for a bad syscall */ movq %rsp,%rdi /* &pt_regs -> arg1 */ call syscall_trace_enter @@ -9001,7 +8899,7 @@ index e3e7340..05ed805 100644 RESTORE_REST cmpq $(IA32_NR_syscalls-1),%rax diff --git a/arch/x86/ia32/sys_ia32.c b/arch/x86/ia32/sys_ia32.c -index aec2202..f76174e 100644 +index 4540bec..714d913 100644 --- a/arch/x86/ia32/sys_ia32.c +++ b/arch/x86/ia32/sys_ia32.c @@ -69,8 +69,8 @@ asmlinkage long sys32_ftruncate64(unsigned int fd, unsigned long offset_low, @@ -9012,11 +8910,11 @@ index aec2202..f76174e 100644 - typeof(ubuf->st_gid) gid = 0; + typeof(((struct stat64 *)0)->st_uid) uid = 0; + typeof(((struct stat64 *)0)->st_gid) gid = 0; - SET_UID(uid, stat->uid); - SET_GID(gid, stat->gid); + SET_UID(uid, from_kuid_munged(current_user_ns(), stat->uid)); + SET_GID(gid, from_kgid_munged(current_user_ns(), stat->gid)); if (!access_ok(VERIFY_WRITE, ubuf, sizeof(struct stat64)) || -@@ -292,7 +292,7 @@ asmlinkage long sys32_alarm(unsigned int seconds) - return alarm_setitimer(seconds); +@@ -287,7 +287,7 @@ asmlinkage long sys32_sigaction(int sig, struct old_sigaction32 __user *act, + return ret; } -asmlinkage long sys32_waitpid(compat_pid_t pid, unsigned int *stat_addr, @@ -9024,7 +8922,7 @@ index aec2202..f76174e 100644 int options) { return compat_sys_wait4(pid, stat_addr, options, NULL); -@@ -313,7 +313,7 @@ asmlinkage long sys32_sched_rr_get_interval(compat_pid_t pid, +@@ -303,7 +303,7 @@ asmlinkage long sys32_sched_rr_get_interval(compat_pid_t pid, mm_segment_t old_fs = get_fs(); set_fs(KERNEL_DS); @@ -9033,7 +8931,7 @@ index aec2202..f76174e 100644 set_fs(old_fs); if (put_compat_timespec(&t, interval)) return -EFAULT; -@@ -329,7 +329,7 @@ asmlinkage long sys32_rt_sigpending(compat_sigset_t __user *set, +@@ -319,7 +319,7 @@ asmlinkage long sys32_rt_sigpending(compat_sigset_t __user *set, mm_segment_t old_fs = get_fs(); set_fs(KERNEL_DS); @@ -9042,7 +8940,7 @@ index aec2202..f76174e 100644 set_fs(old_fs); if (!ret) { switch (_NSIG_WORDS) { -@@ -354,7 +354,7 @@ asmlinkage long sys32_rt_sigqueueinfo(int pid, int sig, +@@ -344,7 +344,7 @@ asmlinkage long sys32_rt_sigqueueinfo(int pid, int sig, if (copy_siginfo_from_user32(&info, uinfo)) return -EFAULT; set_fs(KERNEL_DS); @@ -9051,7 +8949,7 @@ index aec2202..f76174e 100644 set_fs(old_fs); return ret; } -@@ -399,7 +399,7 @@ asmlinkage long sys32_sendfile(int out_fd, int in_fd, +@@ -376,7 +376,7 @@ asmlinkage long sys32_sendfile(int out_fd, int in_fd, return -EFAULT; set_fs(KERNEL_DS); @@ -9124,7 +9022,7 @@ index 49331be..9706065 100644 ".previous" diff --git a/arch/x86/include/asm/apic.h b/arch/x86/include/asm/apic.h -index d854101..f6ea947 100644 +index eaff479..3025a63 100644 --- a/arch/x86/include/asm/apic.h +++ b/arch/x86/include/asm/apic.h @@ -44,7 +44,7 @@ static inline void generic_apic_probe(void) @@ -9613,7 +9511,7 @@ index 58cb6d4..a4b806c 100644 /* Atomic operations are already serializing on x86 */ #define smp_mb__before_atomic_dec() barrier() diff --git a/arch/x86/include/asm/atomic64_32.h b/arch/x86/include/asm/atomic64_32.h -index 1981199..36b9dfb 100644 +index b154de7..aadebd8 100644 --- a/arch/x86/include/asm/atomic64_32.h +++ b/arch/x86/include/asm/atomic64_32.h @@ -12,6 +12,14 @@ typedef struct { @@ -10099,10 +9997,10 @@ index 0e1cbfc..5623683 100644 #define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1, 0) diff --git a/arch/x86/include/asm/bitops.h b/arch/x86/include/asm/bitops.h -index b97596e..9bd48b06 100644 +index a6983b2..63f48a2 100644 --- a/arch/x86/include/asm/bitops.h +++ b/arch/x86/include/asm/bitops.h -@@ -38,7 +38,7 @@ +@@ -40,7 +40,7 @@ * a mask operation on a byte. */ #define IS_IMMEDIATE(nr) (__builtin_constant_p(nr)) @@ -10112,7 +10010,7 @@ index b97596e..9bd48b06 100644 /** diff --git a/arch/x86/include/asm/boot.h b/arch/x86/include/asm/boot.h -index 5e1a2ee..c9f9533 100644 +index b13fe63..0dab13a 100644 --- a/arch/x86/include/asm/boot.h +++ b/arch/x86/include/asm/boot.h @@ -11,10 +11,15 @@ @@ -10278,7 +10176,7 @@ index f91e80f..7f9bd27 100644 "4:\n" ".previous\n" diff --git a/arch/x86/include/asm/desc.h b/arch/x86/include/asm/desc.h -index e95822d..a90010e 100644 +index 8bf1c06..f723dfd 100644 --- a/arch/x86/include/asm/desc.h +++ b/arch/x86/include/asm/desc.h @@ -4,6 +4,7 @@ @@ -10288,8 +10186,8 @@ index e95822d..a90010e 100644 +#include #include - -@@ -16,6 +17,7 @@ static inline void fill_ldt(struct desc_struct *desc, const struct user_desc *in + #include +@@ -17,6 +18,7 @@ static inline void fill_ldt(struct desc_struct *desc, const struct user_desc *in desc->type = (info->read_exec_only ^ 1) << 1; desc->type |= info->contents << 2; @@ -10297,7 +10195,7 @@ index e95822d..a90010e 100644 desc->s = 1; desc->dpl = 0x3; -@@ -34,19 +36,14 @@ static inline void fill_ldt(struct desc_struct *desc, const struct user_desc *in +@@ -35,19 +37,14 @@ static inline void fill_ldt(struct desc_struct *desc, const struct user_desc *in } extern struct desc_ptr idt_descr; @@ -10321,7 +10219,7 @@ index e95822d..a90010e 100644 } #ifdef CONFIG_X86_64 -@@ -71,8 +68,14 @@ static inline void pack_gate(gate_desc *gate, unsigned char type, +@@ -72,8 +69,14 @@ static inline void pack_gate(gate_desc *gate, unsigned char type, unsigned long base, unsigned dpl, unsigned flags, unsigned short seg) { @@ -10338,7 +10236,7 @@ index e95822d..a90010e 100644 } #endif -@@ -117,12 +120,16 @@ static inline void paravirt_free_ldt(struct desc_struct *ldt, unsigned entries) +@@ -118,12 +121,16 @@ static inline void paravirt_free_ldt(struct desc_struct *ldt, unsigned entries) static inline void native_write_idt_entry(gate_desc *idt, int entry, const gate_desc *gate) { @@ -10355,7 +10253,7 @@ index e95822d..a90010e 100644 } static inline void -@@ -136,7 +143,9 @@ native_write_gdt_entry(struct desc_struct *gdt, int entry, const void *desc, int +@@ -137,7 +144,9 @@ native_write_gdt_entry(struct desc_struct *gdt, int entry, const void *desc, int default: size = sizeof(*gdt); break; } @@ -10365,7 +10263,7 @@ index e95822d..a90010e 100644 } static inline void pack_descriptor(struct desc_struct *desc, unsigned long base, -@@ -209,7 +218,9 @@ static inline void native_set_ldt(const void *addr, unsigned int entries) +@@ -210,7 +219,9 @@ static inline void native_set_ldt(const void *addr, unsigned int entries) static inline void native_load_tr_desc(void) { @@ -10375,7 +10273,7 @@ index e95822d..a90010e 100644 } static inline void native_load_gdt(const struct desc_ptr *dtr) -@@ -246,8 +257,10 @@ static inline void native_load_tls(struct thread_struct *t, unsigned int cpu) +@@ -247,8 +258,10 @@ static inline void native_load_tls(struct thread_struct *t, unsigned int cpu) struct desc_struct *gdt = get_cpu_gdt_table(cpu); unsigned int i; @@ -10386,7 +10284,7 @@ index e95822d..a90010e 100644 } #define _LDT_empty(info) \ -@@ -310,7 +323,7 @@ static inline void set_desc_limit(struct desc_struct *desc, unsigned long limit) +@@ -311,7 +324,7 @@ static inline void set_desc_limit(struct desc_struct *desc, unsigned long limit) } #ifdef CONFIG_X86_64 @@ -10395,7 +10293,7 @@ index e95822d..a90010e 100644 { gate_desc s; -@@ -319,7 +332,7 @@ static inline void set_nmi_gate(int gate, void *addr) +@@ -320,7 +333,7 @@ static inline void set_nmi_gate(int gate, void *addr) } #endif @@ -10404,7 +10302,7 @@ index e95822d..a90010e 100644 unsigned dpl, unsigned ist, unsigned seg) { gate_desc s; -@@ -338,7 +351,7 @@ static inline void _set_gate(int gate, unsigned type, void *addr, +@@ -339,7 +352,7 @@ static inline void _set_gate(int gate, unsigned type, void *addr, * Pentium F0 0F bugfix can have resulted in the mapped * IDT being write-protected. */ @@ -10413,7 +10311,7 @@ index e95822d..a90010e 100644 { BUG_ON((unsigned)n > 0xFF); _set_gate(n, GATE_INTERRUPT, addr, 0, 0, __KERNEL_CS); -@@ -368,19 +381,19 @@ static inline void alloc_intr_gate(unsigned int n, void *addr) +@@ -369,19 +382,19 @@ static inline void alloc_intr_gate(unsigned int n, void *addr) /* * This routine sets up an interrupt gate at directory privilege level 3. */ @@ -10436,7 +10334,7 @@ index e95822d..a90010e 100644 { BUG_ON((unsigned)n > 0xFF); _set_gate(n, GATE_TRAP, addr, 0, 0, __KERNEL_CS); -@@ -389,19 +402,31 @@ static inline void set_trap_gate(unsigned int n, void *addr) +@@ -390,19 +403,31 @@ static inline void set_trap_gate(unsigned int n, void *addr) static inline void set_task_gate(unsigned int n, unsigned int gdt_entry) { BUG_ON((unsigned)n > 0xFF); @@ -10582,7 +10480,7 @@ index cc70c1c..d96d011 100644 #endif /* _ASM_X86_EMERGENCY_RESTART_H */ diff --git a/arch/x86/include/asm/fpu-internal.h b/arch/x86/include/asm/fpu-internal.h -index 4fa8815..71b121a 100644 +index 75f4c6d..ee3eb8f 100644 --- a/arch/x86/include/asm/fpu-internal.h +++ b/arch/x86/include/asm/fpu-internal.h @@ -86,6 +86,11 @@ static inline int fxrstor_checking(struct i387_fxsave_struct *fx) @@ -10754,10 +10652,10 @@ index 5478825..839e88c 100644 #define flush_insn_slot(p) do { } while (0) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h -index e216ba0..453f6ec 100644 +index db7c1f2..92f130a 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h -@@ -679,7 +679,7 @@ struct kvm_x86_ops { +@@ -680,7 +680,7 @@ struct kvm_x86_ops { int (*check_intercept)(struct kvm_vcpu *vcpu, struct x86_instruction_info *info, enum x86_intercept_stage stage); @@ -10976,7 +10874,7 @@ index 5f55e69..e20bfb1 100644 #ifdef CONFIG_SMP diff --git a/arch/x86/include/asm/mmu_context.h b/arch/x86/include/asm/mmu_context.h -index 6902152..da4283a 100644 +index cdbf367..adb37ac 100644 --- a/arch/x86/include/asm/mmu_context.h +++ b/arch/x86/include/asm/mmu_context.h @@ -24,6 +24,18 @@ void destroy_context(struct mm_struct *mm); @@ -10996,8 +10894,8 @@ index 6902152..da4283a 100644 +#endif + #ifdef CONFIG_SMP - if (percpu_read(cpu_tlbstate.state) == TLBSTATE_OK) - percpu_write(cpu_tlbstate.state, TLBSTATE_LAZY); + if (this_cpu_read(cpu_tlbstate.state) == TLBSTATE_OK) + this_cpu_write(cpu_tlbstate.state, TLBSTATE_LAZY); @@ -34,16 +46,30 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next, struct task_struct *tsk) { @@ -11009,10 +10907,10 @@ index 6902152..da4283a 100644 if (likely(prev != next)) { #ifdef CONFIG_SMP +#if defined(CONFIG_X86_32) && (defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)) -+ tlbstate = percpu_read(cpu_tlbstate.state); ++ tlbstate = this_cpu_read(cpu_tlbstate.state); +#endif - percpu_write(cpu_tlbstate.state, TLBSTATE_OK); - percpu_write(cpu_tlbstate.active_mm, next); + this_cpu_write(cpu_tlbstate.state, TLBSTATE_OK); + this_cpu_write(cpu_tlbstate.active_mm, next); #endif cpumask_set_cpu(cpu, mm_cpumask(next)); @@ -11066,8 +10964,8 @@ index 6902152..da4283a 100644 +#endif + +#ifdef CONFIG_SMP - percpu_write(cpu_tlbstate.state, TLBSTATE_OK); - BUG_ON(percpu_read(cpu_tlbstate.active_mm) != next); + this_cpu_write(cpu_tlbstate.state, TLBSTATE_OK); + BUG_ON(this_cpu_read(cpu_tlbstate.active_mm) != next); @@ -64,11 +119,28 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next, * tlb flush IPI delivery. We must reload CR3 @@ -11135,7 +11033,7 @@ index 9eae775..c914fea 100644 + #endif /* _ASM_X86_MODULE_H */ diff --git a/arch/x86/include/asm/page_64_types.h b/arch/x86/include/asm/page_64_types.h -index 7639dbf..e08a58c 100644 +index 320f7bb..e89f8f8 100644 --- a/arch/x86/include/asm/page_64_types.h +++ b/arch/x86/include/asm/page_64_types.h @@ -56,7 +56,7 @@ void copy_page(void *to, void *from); @@ -11148,7 +11046,7 @@ index 7639dbf..e08a58c 100644 extern unsigned long __phys_addr(unsigned long); #define __phys_reloc_hide(x) (x) diff --git a/arch/x86/include/asm/paravirt.h b/arch/x86/include/asm/paravirt.h -index aa0f913..0c5bc6a 100644 +index 6cbbabf..11b3aed 100644 --- a/arch/x86/include/asm/paravirt.h +++ b/arch/x86/include/asm/paravirt.h @@ -668,6 +668,18 @@ static inline void set_pgd(pgd_t *pgdp, pgd_t pgd) @@ -11201,7 +11099,7 @@ index aa0f913..0c5bc6a 100644 #endif #define INTERRUPT_RETURN \ -@@ -1042,6 +1069,21 @@ extern void default_banner(void); +@@ -1040,6 +1067,21 @@ extern void default_banner(void); PARA_SITE(PARA_PATCH(pv_cpu_ops, PV_CPU_irq_enable_sysexit), \ CLBR_NONE, \ jmp PARA_INDIRECT(pv_cpu_ops+PV_CPU_irq_enable_sysexit)) @@ -11835,7 +11733,7 @@ index 013286a..8b42f4f 100644 #define pgprot_writecombine pgprot_writecombine extern pgprot_t pgprot_writecombine(pgprot_t prot); diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h -index 4fa7dcc..764e33a 100644 +index 39bc577..538233f 100644 --- a/arch/x86/include/asm/processor.h +++ b/arch/x86/include/asm/processor.h @@ -276,7 +276,7 @@ struct tss_struct { @@ -11847,7 +11745,7 @@ index 4fa7dcc..764e33a 100644 /* * Save the original ist values for checking stack pointers during debugging -@@ -807,11 +807,18 @@ static inline void spin_lock_prefetch(const void *x) +@@ -809,11 +809,18 @@ static inline void spin_lock_prefetch(const void *x) */ #define TASK_SIZE PAGE_OFFSET #define TASK_SIZE_MAX TASK_SIZE @@ -11868,7 +11766,7 @@ index 4fa7dcc..764e33a 100644 .vm86_info = NULL, \ .sysenter_cs = __KERNEL_CS, \ .io_bitmap_ptr = NULL, \ -@@ -825,7 +832,7 @@ static inline void spin_lock_prefetch(const void *x) +@@ -827,7 +834,7 @@ static inline void spin_lock_prefetch(const void *x) */ #define INIT_TSS { \ .x86_tss = { \ @@ -11877,7 +11775,7 @@ index 4fa7dcc..764e33a 100644 .ss0 = __KERNEL_DS, \ .ss1 = __KERNEL_CS, \ .io_bitmap_base = INVALID_IO_BITMAP_OFFSET, \ -@@ -836,11 +843,7 @@ static inline void spin_lock_prefetch(const void *x) +@@ -838,11 +845,7 @@ static inline void spin_lock_prefetch(const void *x) extern unsigned long thread_saved_pc(struct task_struct *tsk); #define THREAD_SIZE_LONGS (THREAD_SIZE/sizeof(unsigned long)) @@ -11890,7 +11788,7 @@ index 4fa7dcc..764e33a 100644 /* * The below -8 is to reserve 8 bytes on top of the ring0 stack. -@@ -855,7 +858,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); +@@ -857,7 +860,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); #define task_pt_regs(task) \ ({ \ struct pt_regs *__regs__; \ @@ -11899,7 +11797,7 @@ index 4fa7dcc..764e33a 100644 __regs__ - 1; \ }) -@@ -865,13 +868,13 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); +@@ -867,13 +870,13 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); /* * User space process size. 47bits minus one guard page. */ @@ -11915,7 +11813,7 @@ index 4fa7dcc..764e33a 100644 #define TASK_SIZE (test_thread_flag(TIF_ADDR32) ? \ IA32_PAGE_OFFSET : TASK_SIZE_MAX) -@@ -882,11 +885,11 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); +@@ -884,11 +887,11 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); #define STACK_TOP_MAX TASK_SIZE_MAX #define INIT_THREAD { \ @@ -11929,7 +11827,7 @@ index 4fa7dcc..764e33a 100644 } /* -@@ -914,6 +917,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip, +@@ -916,6 +919,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip, */ #define TASK_UNMAPPED_BASE (PAGE_ALIGN(TASK_SIZE / 3)) @@ -11941,8 +11839,8 @@ index 4fa7dcc..764e33a 100644 /* Get/set a process' ability to use the timestamp counter instruction */ @@ -976,12 +983,12 @@ extern bool cpu_has_amd_erratum(const int *); - - void cpu_idle_wait(void); + #define cpu_has_amd_erratum(x) (false) + #endif /* CONFIG_CPU_SUP_AMD */ -extern unsigned long arch_align_stack(unsigned long sp); +#define arch_align_stack(x) ((x) & ~0xfUL) @@ -12014,6 +11912,19 @@ index dcfde52..dbfea06 100644 #endif } #endif +diff --git a/arch/x86/include/asm/realmode.h b/arch/x86/include/asm/realmode.h +index fce3f4a..3f69f2a 100644 +--- a/arch/x86/include/asm/realmode.h ++++ b/arch/x86/include/asm/realmode.h +@@ -30,7 +30,7 @@ struct real_mode_header { + struct trampoline_header { + #ifdef CONFIG_X86_32 + u32 start; +- u16 gdt_pad; ++ u16 boot_cs; + u16 gdt_limit; + u32 gdt_base; + #else diff --git a/arch/x86/include/asm/reboot.h b/arch/x86/include/asm/reboot.h index 92f29706..a79cbbb 100644 --- a/arch/x86/include/asm/reboot.h @@ -12165,7 +12076,7 @@ index 2dbe4a7..ce1db00 100644 #endif /* __KERNEL__ */ diff --git a/arch/x86/include/asm/segment.h b/arch/x86/include/asm/segment.h -index 1654662..5af4157 100644 +index c48a950..c6d7468 100644 --- a/arch/x86/include/asm/segment.h +++ b/arch/x86/include/asm/segment.h @@ -64,10 +64,15 @@ @@ -12234,7 +12145,7 @@ index 1654662..5af4157 100644 #define __KERNEL_DS (GDT_ENTRY_KERNEL_DS*8) #define __USER_DS (GDT_ENTRY_DEFAULT_USER_DS*8+3) #define __USER_CS (GDT_ENTRY_DEFAULT_USER_CS*8+3) -@@ -263,7 +279,7 @@ static inline unsigned long get_limit(unsigned long segment) +@@ -265,7 +281,7 @@ static inline unsigned long get_limit(unsigned long segment) { unsigned long __limit; asm("lsll %1,%0" : "=r" (__limit) : "r" (segment)); @@ -12244,7 +12155,7 @@ index 1654662..5af4157 100644 #endif /* !__ASSEMBLY__ */ diff --git a/arch/x86/include/asm/smp.h b/arch/x86/include/asm/smp.h -index 0434c40..1714bf0 100644 +index f483945..64a7851 100644 --- a/arch/x86/include/asm/smp.h +++ b/arch/x86/include/asm/smp.h @@ -36,7 +36,7 @@ DECLARE_PER_CPU(cpumask_var_t, cpu_core_map); @@ -12256,7 +12167,7 @@ index 0434c40..1714bf0 100644 static inline struct cpumask *cpu_sibling_mask(int cpu) { -@@ -77,7 +77,7 @@ struct smp_ops { +@@ -79,7 +79,7 @@ struct smp_ops { void (*send_call_func_ipi)(const struct cpumask *mask); void (*send_call_func_single_ipi)(int cpu); @@ -12265,11 +12176,11 @@ index 0434c40..1714bf0 100644 /* Globals due to paravirt */ extern void set_cpu_sibling_map(int cpu); -@@ -192,14 +192,8 @@ extern unsigned disabled_cpus __cpuinitdata; +@@ -195,14 +195,8 @@ extern unsigned disabled_cpus __cpuinitdata; extern int safe_smp_processor_id(void); #elif defined(CONFIG_X86_64_SMP) --#define raw_smp_processor_id() (percpu_read(cpu_number)) +-#define raw_smp_processor_id() (this_cpu_read(cpu_number)) - -#define stack_smp_processor_id() \ -({ \ @@ -12277,16 +12188,16 @@ index 0434c40..1714bf0 100644 - __asm__("andq %%rsp,%0; ":"=r" (ti) : "0" (CURRENT_MASK)); \ - ti->cpu; \ -}) -+#define raw_smp_processor_id() (percpu_read(cpu_number)) ++#define raw_smp_processor_id() (this_cpu_read(cpu_number)) +#define stack_smp_processor_id() raw_smp_processor_id() #define safe_smp_processor_id() smp_processor_id() #endif diff --git a/arch/x86/include/asm/spinlock.h b/arch/x86/include/asm/spinlock.h -index 76bfa2c..12d3fe7 100644 +index b315a33..8849ab0 100644 --- a/arch/x86/include/asm/spinlock.h +++ b/arch/x86/include/asm/spinlock.h -@@ -175,6 +175,14 @@ static inline int arch_write_can_lock(arch_rwlock_t *lock) +@@ -173,6 +173,14 @@ static inline int arch_write_can_lock(arch_rwlock_t *lock) static inline void arch_read_lock(arch_rwlock_t *rw) { asm volatile(LOCK_PREFIX READ_LOCK_SIZE(dec) " (%0)\n\t" @@ -12301,7 +12212,7 @@ index 76bfa2c..12d3fe7 100644 "jns 1f\n" "call __read_lock_failed\n\t" "1:\n" -@@ -184,6 +192,14 @@ static inline void arch_read_lock(arch_rwlock_t *rw) +@@ -182,6 +190,14 @@ static inline void arch_read_lock(arch_rwlock_t *rw) static inline void arch_write_lock(arch_rwlock_t *rw) { asm volatile(LOCK_PREFIX WRITE_LOCK_SUB(%1) "(%0)\n\t" @@ -12316,7 +12227,7 @@ index 76bfa2c..12d3fe7 100644 "jz 1f\n" "call __write_lock_failed\n\t" "1:\n" -@@ -213,13 +229,29 @@ static inline int arch_write_trylock(arch_rwlock_t *lock) +@@ -211,13 +227,29 @@ static inline int arch_write_trylock(arch_rwlock_t *lock) static inline void arch_read_unlock(arch_rwlock_t *rw) { @@ -12349,7 +12260,7 @@ index 76bfa2c..12d3fe7 100644 } diff --git a/arch/x86/include/asm/stackprotector.h b/arch/x86/include/asm/stackprotector.h -index b5d9533..41655fa 100644 +index 6a99859..03cb807 100644 --- a/arch/x86/include/asm/stackprotector.h +++ b/arch/x86/include/asm/stackprotector.h @@ -47,7 +47,7 @@ @@ -12459,7 +12370,7 @@ index 3fda9db4..4ca1c61 100644 asmlinkage long sys32_sched_rr_get_interval(compat_pid_t, diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h -index ad6df8c..5e0cf6e 100644 +index 89f794f..1422765 100644 --- a/arch/x86/include/asm/thread_info.h +++ b/arch/x86/include/asm/thread_info.h @@ -10,6 +10,7 @@ @@ -12509,7 +12420,7 @@ index ad6df8c..5e0cf6e 100644 #define init_stack (init_thread_union.stack) #else /* !__ASSEMBLY__ */ -@@ -97,6 +91,7 @@ struct thread_info { +@@ -98,6 +92,7 @@ struct thread_info { #define TIF_SYSCALL_TRACEPOINT 28 /* syscall tracepoint instrumentation */ #define TIF_ADDR32 29 /* 32-bit address space on 64 bits */ #define TIF_X32 30 /* 32-bit native x86-64 binary */ @@ -12517,7 +12428,7 @@ index ad6df8c..5e0cf6e 100644 #define _TIF_SYSCALL_TRACE (1 << TIF_SYSCALL_TRACE) #define _TIF_NOTIFY_RESUME (1 << TIF_NOTIFY_RESUME) -@@ -120,16 +115,18 @@ struct thread_info { +@@ -122,16 +117,18 @@ struct thread_info { #define _TIF_SYSCALL_TRACEPOINT (1 << TIF_SYSCALL_TRACEPOINT) #define _TIF_ADDR32 (1 << TIF_ADDR32) #define _TIF_X32 (1 << TIF_X32) @@ -12538,7 +12449,7 @@ index ad6df8c..5e0cf6e 100644 /* work to do on interrupt/exception return */ #define _TIF_WORK_MASK \ -@@ -139,7 +136,8 @@ struct thread_info { +@@ -141,7 +138,8 @@ struct thread_info { /* work to do on any return to user space */ #define _TIF_ALLWORK_MASK \ @@ -12548,9 +12459,9 @@ index ad6df8c..5e0cf6e 100644 /* Only used for 64 bit */ #define _TIF_DO_NOTIFY_MASK \ -@@ -173,45 +171,40 @@ struct thread_info { - ret; \ - }) +@@ -157,45 +155,40 @@ struct thread_info { + + #define PREEMPT_ACTIVE 0x10000000 -#ifdef CONFIG_X86_32 - @@ -12592,7 +12503,7 @@ index ad6df8c..5e0cf6e 100644 + +static __always_inline struct thread_info *current_thread_info(void) +{ -+ return percpu_read_stable(current_tinfo); ++ return this_cpu_read_stable(current_tinfo); +} +#endif + @@ -12619,14 +12530,14 @@ index ad6df8c..5e0cf6e 100644 /* * macros/functions for gaining access to the thread information structure * preempt_count needs to be 1 initially, until the scheduler is functional. -@@ -219,27 +212,8 @@ static inline struct thread_info *current_thread_info(void) +@@ -203,27 +196,8 @@ static inline struct thread_info *current_thread_info(void) #ifndef __ASSEMBLY__ DECLARE_PER_CPU(unsigned long, kernel_stack); -static inline struct thread_info *current_thread_info(void) -{ - struct thread_info *ti; -- ti = (void *)(percpu_read_stable(kernel_stack) + +- ti = (void *)(this_cpu_read_stable(kernel_stack) + - KERNEL_STACK_OFFSET - THREAD_SIZE); - return ti; -} @@ -12649,25 +12560,21 @@ index ad6df8c..5e0cf6e 100644 #endif #endif /* !X86_32 */ -@@ -285,5 +259,16 @@ extern void arch_task_cache_init(void); - extern void free_thread_info(struct thread_info *ti); +@@ -284,5 +258,12 @@ static inline bool is_ia32_task(void) + extern void arch_task_cache_init(void); extern int arch_dup_task_struct(struct task_struct *dst, struct task_struct *src); - #define arch_task_cache_init arch_task_cache_init + extern void arch_release_task_struct(struct task_struct *tsk); + +#define __HAVE_THREAD_FUNCTIONS +#define task_thread_info(task) (&(task)->tinfo) +#define task_stack_page(task) ((task)->stack) +#define setup_thread_stack(p, org) do {} while (0) +#define end_of_stack(p) ((unsigned long *)task_stack_page(p) + 1) -+ -+#define __HAVE_ARCH_TASK_STRUCT_ALLOCATOR -+extern struct task_struct *alloc_task_struct_node(int node); -+extern void free_task_struct(struct task_struct *); + #endif #endif /* _ASM_X86_THREAD_INFO_H */ diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h -index e054459..14bc8a7 100644 +index e1f3a17..1ab364d 100644 --- a/arch/x86/include/asm/uaccess.h +++ b/arch/x86/include/asm/uaccess.h @@ -7,12 +7,15 @@ @@ -12699,19 +12606,20 @@ index e054459..14bc8a7 100644 #define segment_eq(a, b) ((a).seg == (b).seg) -@@ -76,7 +84,33 @@ +@@ -76,8 +84,33 @@ * checks that the pointer is in the user space range - after calling * this function, memory access functions may still return -EFAULT. */ --#define access_ok(type, addr, size) (likely(__range_not_ok(addr, size) == 0)) -+#define __access_ok(type, addr, size) (likely(__range_not_ok(addr, size) == 0)) +-#define access_ok(type, addr, size) \ +- (likely(__range_not_ok(addr, size, user_addr_max()) == 0)) ++#define __access_ok(type, addr, size) (likely(__range_not_ok(addr, size, user_addr_max()) == 0)) +#define access_ok(type, addr, size) \ +({ \ + long __size = size; \ + unsigned long __addr = (unsigned long)addr; \ + unsigned long __addr_ao = __addr & PAGE_MASK; \ + unsigned long __end_ao = __addr + __size - 1; \ -+ bool __ret_ao = __range_not_ok(__addr, __size) == 0; \ ++ bool __ret_ao = __range_not_ok(__addr, __size, user_addr_max()) == 0;\ + if (__ret_ao && unlikely((__end_ao ^ __addr_ao) & PAGE_MASK)) { \ + while(__addr_ao <= __end_ao) { \ + char __c_ao; \ @@ -12733,8 +12641,8 @@ index e054459..14bc8a7 100644 +}) /* - * The exception table consists of pairs of addresses: the first is the -@@ -182,12 +216,20 @@ extern int __get_user_bad(void); + * The exception table consists of pairs of addresses relative to the +@@ -188,12 +221,20 @@ extern int __get_user_bad(void); asm volatile("call __put_user_" #size : "=a" (__ret_pu) \ : "0" ((typeof(*(ptr)))(x)), "c" (ptr) : "ebx") @@ -12758,7 +12666,7 @@ index e054459..14bc8a7 100644 "3:\n" \ ".section .fixup,\"ax\"\n" \ "4: movl %3,%0\n" \ -@@ -199,8 +241,8 @@ extern int __get_user_bad(void); +@@ -205,8 +246,8 @@ extern int __get_user_bad(void); : "A" (x), "r" (addr), "i" (errret), "0" (err)) #define __put_user_asm_ex_u64(x, addr) \ @@ -12767,9 +12675,9 @@ index e054459..14bc8a7 100644 + asm volatile("1: "__copyuser_seg"movl %%eax,0(%1)\n" \ + "2: "__copyuser_seg"movl %%edx,4(%1)\n" \ "3:\n" \ - _ASM_EXTABLE(1b, 2b - 1b) \ - _ASM_EXTABLE(2b, 3b - 2b) \ -@@ -252,7 +294,7 @@ extern void __put_user_8(void); + _ASM_EXTABLE_EX(1b, 2b) \ + _ASM_EXTABLE_EX(2b, 3b) \ +@@ -258,7 +299,7 @@ extern void __put_user_8(void); __typeof__(*(ptr)) __pu_val; \ __chk_user_ptr(ptr); \ might_fault(); \ @@ -12778,7 +12686,7 @@ index e054459..14bc8a7 100644 switch (sizeof(*(ptr))) { \ case 1: \ __put_user_x(1, __pu_val, ptr, __ret_pu); \ -@@ -373,7 +415,7 @@ do { \ +@@ -379,7 +420,7 @@ do { \ } while (0) #define __get_user_asm(x, addr, err, itype, rtype, ltype, errret) \ @@ -12787,7 +12695,7 @@ index e054459..14bc8a7 100644 "2:\n" \ ".section .fixup,\"ax\"\n" \ "3: mov %3,%0\n" \ -@@ -381,7 +423,7 @@ do { \ +@@ -387,7 +428,7 @@ do { \ " jmp 2b\n" \ ".previous\n" \ _ASM_EXTABLE(1b, 3b) \ @@ -12796,16 +12704,16 @@ index e054459..14bc8a7 100644 : "m" (__m(addr)), "i" (errret), "0" (err)) #define __get_user_size_ex(x, ptr, size) \ -@@ -406,7 +448,7 @@ do { \ +@@ -412,7 +453,7 @@ do { \ } while (0) #define __get_user_asm_ex(x, addr, itype, rtype, ltype) \ - asm volatile("1: mov"itype" %1,%"rtype"0\n" \ + asm volatile("1: "__copyuser_seg"mov"itype" %1,%"rtype"0\n"\ "2:\n" \ - _ASM_EXTABLE(1b, 2b - 1b) \ + _ASM_EXTABLE_EX(1b, 2b) \ : ltype(x) : "m" (__m(addr))) -@@ -423,13 +465,24 @@ do { \ +@@ -429,13 +470,24 @@ do { \ int __gu_err; \ unsigned long __gu_val; \ __get_user_size(__gu_val, (ptr), (size), __gu_err, -EFAULT); \ @@ -12832,7 +12740,7 @@ index e054459..14bc8a7 100644 /* * Tell gcc we read from memory instead of writing: this is because -@@ -437,7 +490,7 @@ struct __large_struct { unsigned long buf[100]; }; +@@ -443,7 +495,7 @@ struct __large_struct { unsigned long buf[100]; }; * aliasing issues. */ #define __put_user_asm(x, addr, err, itype, rtype, ltype, errret) \ @@ -12841,7 +12749,7 @@ index e054459..14bc8a7 100644 "2:\n" \ ".section .fixup,\"ax\"\n" \ "3: mov %3,%0\n" \ -@@ -445,10 +498,10 @@ struct __large_struct { unsigned long buf[100]; }; +@@ -451,10 +503,10 @@ struct __large_struct { unsigned long buf[100]; }; ".previous\n" \ _ASM_EXTABLE(1b, 3b) \ : "=r"(err) \ @@ -12852,9 +12760,9 @@ index e054459..14bc8a7 100644 - asm volatile("1: mov"itype" %"rtype"0,%1\n" \ + asm volatile("1: "__copyuser_seg"mov"itype" %"rtype"0,%1\n"\ "2:\n" \ - _ASM_EXTABLE(1b, 2b - 1b) \ + _ASM_EXTABLE_EX(1b, 2b) \ : : ltype(x), "m" (__m(addr))) -@@ -487,8 +540,12 @@ struct __large_struct { unsigned long buf[100]; }; +@@ -493,8 +545,12 @@ struct __large_struct { unsigned long buf[100]; }; * On error, the variable @x is set to zero. */ @@ -12867,7 +12775,7 @@ index e054459..14bc8a7 100644 /** * __put_user: - Write a simple value into user space, with less checking. -@@ -510,8 +567,12 @@ struct __large_struct { unsigned long buf[100]; }; +@@ -516,8 +572,12 @@ struct __large_struct { unsigned long buf[100]; }; * Returns zero on success, or -EFAULT on error. */ @@ -12880,7 +12788,7 @@ index e054459..14bc8a7 100644 #define __get_user_unaligned __get_user #define __put_user_unaligned __put_user -@@ -529,7 +590,7 @@ struct __large_struct { unsigned long buf[100]; }; +@@ -535,7 +595,7 @@ struct __large_struct { unsigned long buf[100]; }; #define get_user_ex(x, ptr) do { \ unsigned long __gue_val; \ __get_user_size_ex((__gue_val), (ptr), (sizeof(*(ptr)))); \ @@ -12890,7 +12798,7 @@ index e054459..14bc8a7 100644 #ifdef CONFIG_X86_WP_WORKS_OK diff --git a/arch/x86/include/asm/uaccess_32.h b/arch/x86/include/asm/uaccess_32.h -index 8084bc7..3d6ec37 100644 +index 576e39b..ccd0a39 100644 --- a/arch/x86/include/asm/uaccess_32.h +++ b/arch/x86/include/asm/uaccess_32.h @@ -11,15 +11,15 @@ @@ -13008,7 +12916,7 @@ index 8084bc7..3d6ec37 100644 extern void copy_from_user_overflow(void) #ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS -@@ -199,17 +222,61 @@ extern void copy_from_user_overflow(void) +@@ -199,21 +222,65 @@ extern void copy_from_user_overflow(void) #endif ; @@ -13078,10 +12986,6 @@ index 8084bc7..3d6ec37 100644 return n; } -@@ -230,7 +297,7 @@ static inline unsigned long __must_check copy_from_user(void *to, - #define strlen_user(str) strnlen_user(str, LONG_MAX) - - long strnlen_user(const char __user *str, long n); -unsigned long __must_check clear_user(void __user *mem, unsigned long len); -unsigned long __must_check __clear_user(void __user *mem, unsigned long len); +unsigned long __must_check clear_user(void __user *mem, unsigned long len) __size_overflow(2); @@ -13089,7 +12993,7 @@ index 8084bc7..3d6ec37 100644 #endif /* _ASM_X86_UACCESS_32_H */ diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h -index fcd4b6f..ef04f8f 100644 +index 8e796fb..72fd934 100644 --- a/arch/x86/include/asm/uaccess_64.h +++ b/arch/x86/include/asm/uaccess_64.h @@ -10,6 +10,9 @@ @@ -13434,7 +13338,7 @@ index fcd4b6f..ef04f8f 100644 ret, "q", "", "=r", 8); if (likely(!ret)) __put_user_asm(tmp, (u64 __user *)dst, -@@ -203,47 +304,92 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) +@@ -203,44 +304,89 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) return ret; } default: @@ -13453,9 +13357,6 @@ index fcd4b6f..ef04f8f 100644 } } - __must_check long strnlen_user(const char __user *str, long n); - __must_check long __strnlen_user(const char __user *str, long n); - __must_check long strlen_user(const char __user *str); -__must_check unsigned long clear_user(void __user *mem, unsigned long len); -__must_check unsigned long __clear_user(void __user *mem, unsigned long len); +__must_check unsigned long clear_user(void __user *mem, unsigned long len) __size_overflow(2); @@ -13558,8 +13459,21 @@ index bb05228..d763d5b 100644 }) #endif +diff --git a/arch/x86/include/asm/word-at-a-time.h b/arch/x86/include/asm/word-at-a-time.h +index 5b238981..77fdd78 100644 +--- a/arch/x86/include/asm/word-at-a-time.h ++++ b/arch/x86/include/asm/word-at-a-time.h +@@ -11,7 +11,7 @@ + * and shift, for example. + */ + struct word_at_a_time { +- const unsigned long one_bits, high_bits; ++ unsigned long one_bits, high_bits; + }; + + #define WORD_AT_A_TIME_CONSTANTS { REPEAT_BYTE(0x01), REPEAT_BYTE(0x80) } diff --git a/arch/x86/include/asm/x86_init.h b/arch/x86/include/asm/x86_init.h -index 764b66a..ad3cfc8 100644 +index c090af1..7e7bf16 100644 --- a/arch/x86/include/asm/x86_init.h +++ b/arch/x86/include/asm/x86_init.h @@ -29,7 +29,7 @@ struct x86_init_mpparse { @@ -13670,17 +13584,25 @@ index 764b66a..ad3cfc8 100644 struct pci_dev; -@@ -186,7 +186,7 @@ struct x86_msi_ops { +@@ -186,14 +186,14 @@ struct x86_msi_ops { void (*teardown_msi_irq)(unsigned int irq); void (*teardown_msi_irqs)(struct pci_dev *dev); void (*restore_msi_irqs)(struct pci_dev *dev, int irq); -}; ++} __no_const; + + struct x86_io_apic_ops { + void (*init) (void); + unsigned int (*read) (unsigned int apic, unsigned int reg); + void (*write) (unsigned int apic, unsigned int reg, unsigned int value); + void (*modify)(unsigned int apic, unsigned int reg, unsigned int value); +-}; +} __no_const; extern struct x86_init_ops x86_init; extern struct x86_cpuinit_ops x86_cpuinit; diff --git a/arch/x86/include/asm/xsave.h b/arch/x86/include/asm/xsave.h -index c6ce245..ffbdab7 100644 +index 8a1b6f9..a29c4e4 100644 --- a/arch/x86/include/asm/xsave.h +++ b/arch/x86/include/asm/xsave.h @@ -65,6 +65,11 @@ static inline int xsave_user(struct xsave_struct __user *buf) @@ -13695,7 +13617,7 @@ index c6ce245..ffbdab7 100644 /* * Clear the xsave header first, so that reserved fields are * initialized to zero. -@@ -96,10 +101,15 @@ static inline int xsave_user(struct xsave_struct __user *buf) +@@ -93,10 +98,15 @@ static inline int xsave_user(struct xsave_struct __user *buf) static inline int xrestore_user(struct xsave_struct __user *buf, u64 mask) { int err; @@ -13712,48 +13634,12 @@ index c6ce245..ffbdab7 100644 __asm__ __volatile__("1: .byte " REX_PREFIX "0x0f,0xae,0x2f\n" "2:\n" ".section .fixup,\"ax\"\n" -diff --git a/arch/x86/kernel/acpi/realmode/Makefile b/arch/x86/kernel/acpi/realmode/Makefile -index 6a564ac..9b1340c 100644 ---- a/arch/x86/kernel/acpi/realmode/Makefile -+++ b/arch/x86/kernel/acpi/realmode/Makefile -@@ -41,6 +41,9 @@ KBUILD_CFLAGS := $(LINUXINCLUDE) -g -Os -D_SETUP -D_WAKEUP -D__KERNEL__ \ - $(call cc-option, -fno-stack-protector) \ - $(call cc-option, -mpreferred-stack-boundary=2) - KBUILD_CFLAGS += $(call cc-option, -m32) -+ifdef CONSTIFY_PLUGIN -+KBUILD_CFLAGS += $(CONSTIFY_PLUGIN) -fplugin-arg-constify_plugin-no-constify -+endif - KBUILD_AFLAGS := $(KBUILD_CFLAGS) -D__ASSEMBLY__ - GCOV_PROFILE := n - -diff --git a/arch/x86/kernel/acpi/realmode/wakeup.S b/arch/x86/kernel/acpi/realmode/wakeup.S -index b4fd836..4358fe3 100644 ---- a/arch/x86/kernel/acpi/realmode/wakeup.S -+++ b/arch/x86/kernel/acpi/realmode/wakeup.S -@@ -108,6 +108,9 @@ wakeup_code: - /* Do any other stuff... */ - - #ifndef CONFIG_64BIT -+ /* Recheck NX bit overrides (64bit path does this in trampoline */ -+ call verify_cpu -+ - /* This could also be done in C code... */ - movl pmode_cr3, %eax - movl %eax, %cr3 -@@ -131,6 +134,7 @@ wakeup_code: - movl pmode_cr0, %eax - movl %eax, %cr0 - jmp pmode_return -+# include "../../verify_cpu.S" - #else - pushw $0 - pushw trampoline_segment diff --git a/arch/x86/kernel/acpi/sleep.c b/arch/x86/kernel/acpi/sleep.c -index 146a49c..1b5338b 100644 +index 95bf99de..de9235c 100644 --- a/arch/x86/kernel/acpi/sleep.c +++ b/arch/x86/kernel/acpi/sleep.c -@@ -98,8 +98,12 @@ int acpi_suspend_lowlevel(void) - header->trampoline_segment = trampoline_address() >> 4; +@@ -73,8 +73,12 @@ int acpi_suspend_lowlevel(void) + #else /* CONFIG_64BIT */ #ifdef CONFIG_SMP stack_start = (unsigned long)temp_stack + sizeof(temp_stack); + @@ -13923,10 +13809,10 @@ index 1f84794..e23f862 100644 } diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c -index edc2448..553e7c5 100644 +index 39a222e..85a7767 100644 --- a/arch/x86/kernel/apic/apic.c +++ b/arch/x86/kernel/apic/apic.c -@@ -184,7 +184,7 @@ int first_system_vector = 0xfe; +@@ -185,7 +185,7 @@ int first_system_vector = 0xfe; /* * Debug level, exported for io_apic.c */ @@ -13935,7 +13821,7 @@ index edc2448..553e7c5 100644 int pic_mode; -@@ -1917,7 +1917,7 @@ void smp_error_interrupt(struct pt_regs *regs) +@@ -1923,7 +1923,7 @@ void smp_error_interrupt(struct pt_regs *regs) apic_write(APIC_ESR, 0); v1 = apic_read(APIC_ESR); ack_APIC_irq(); @@ -13945,21 +13831,10 @@ index edc2448..553e7c5 100644 apic_printk(APIC_DEBUG, KERN_DEBUG "APIC error on CPU%d: %02x(%02x)", smp_processor_id(), v0 , v1); diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c -index e88300d..cd5a87a 100644 +index 5f0ff59..f9e01bc 100644 --- a/arch/x86/kernel/apic/io_apic.c +++ b/arch/x86/kernel/apic/io_apic.c -@@ -83,7 +83,9 @@ static struct io_apic_ops io_apic_ops = { - - void __init set_io_apic_ops(const struct io_apic_ops *ops) - { -- io_apic_ops = *ops; -+ pax_open_kernel(); -+ memcpy((void*)&io_apic_ops, ops, sizeof io_apic_ops); -+ pax_close_kernel(); - } - - /* -@@ -1135,7 +1137,7 @@ int IO_APIC_get_PCI_irq_vector(int bus, int slot, int pin, +@@ -1084,7 +1084,7 @@ int IO_APIC_get_PCI_irq_vector(int bus, int slot, int pin, } EXPORT_SYMBOL(IO_APIC_get_PCI_irq_vector); @@ -13968,7 +13843,7 @@ index e88300d..cd5a87a 100644 { /* Used to the online set of cpus does not change * during assign_irq_vector. -@@ -1143,7 +1145,7 @@ void lock_vector_lock(void) +@@ -1092,7 +1092,7 @@ void lock_vector_lock(void) raw_spin_lock(&vector_lock); } @@ -13977,7 +13852,7 @@ index e88300d..cd5a87a 100644 { raw_spin_unlock(&vector_lock); } -@@ -2549,7 +2551,7 @@ static void ack_apic_edge(struct irq_data *data) +@@ -2369,7 +2369,7 @@ static void ack_apic_edge(struct irq_data *data) ack_APIC_irq(); } @@ -13985,8 +13860,8 @@ index e88300d..cd5a87a 100644 +atomic_unchecked_t irq_mis_count; #ifdef CONFIG_GENERIC_PENDING_IRQ - static inline bool ioapic_irqd_mask(struct irq_data *data, struct irq_cfg *cfg) -@@ -2667,7 +2669,7 @@ static void ack_apic_level(struct irq_data *data) + static bool io_apic_level_ack_pending(struct irq_cfg *cfg) +@@ -2510,7 +2510,7 @@ static void ack_apic_level(struct irq_data *data) * at the cpu. */ if (!(v & (1 << (i & 0x1f)))) { @@ -13996,7 +13871,7 @@ index e88300d..cd5a87a 100644 eoi_ioapic_irq(irq, cfg); } diff --git a/arch/x86/kernel/apm_32.c b/arch/x86/kernel/apm_32.c -index 459e78c..f037006 100644 +index 07b0c0d..1df6f42 100644 --- a/arch/x86/kernel/apm_32.c +++ b/arch/x86/kernel/apm_32.c @@ -410,7 +410,7 @@ static DEFINE_MUTEX(apm_mutex); @@ -14151,7 +14026,7 @@ index 146bb62..ac9c74a 100644 if (c->x86_model == 3 && c->x86_mask == 0) size = 64; diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c -index cf79302..b1b28ae 100644 +index 6b9333b..4c3083a 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -86,60 +86,6 @@ static const struct cpu_dev __cpuinitconst default_cpu = { @@ -14259,7 +14134,7 @@ index cf79302..b1b28ae 100644 EXPORT_PER_CPU_SYMBOL(kernel_stack); DEFINE_PER_CPU(char *, irq_stack_ptr) = -@@ -1126,7 +1078,7 @@ struct pt_regs * __cpuinit idle_regs(struct pt_regs *regs) +@@ -1132,7 +1084,7 @@ struct pt_regs * __cpuinit idle_regs(struct pt_regs *regs) { memset(regs, 0, sizeof(struct pt_regs)); regs->fs = __KERNEL_PERCPU; @@ -14268,7 +14143,7 @@ index cf79302..b1b28ae 100644 return regs; } -@@ -1181,7 +1133,7 @@ void __cpuinit cpu_init(void) +@@ -1187,7 +1139,7 @@ void __cpuinit cpu_init(void) int i; cpu = stack_smp_processor_id(); @@ -14277,7 +14152,7 @@ index cf79302..b1b28ae 100644 oist = &per_cpu(orig_ist, cpu); #ifdef CONFIG_NUMA -@@ -1207,7 +1159,7 @@ void __cpuinit cpu_init(void) +@@ -1213,7 +1165,7 @@ void __cpuinit cpu_init(void) switch_to_new_gdt(cpu); loadsegment(fs, 0); @@ -14286,7 +14161,7 @@ index cf79302..b1b28ae 100644 memset(me->thread.tls_array, 0, GDT_ENTRY_TLS_ENTRIES * 8); syscall_init(); -@@ -1216,7 +1168,6 @@ void __cpuinit cpu_init(void) +@@ -1222,7 +1174,6 @@ void __cpuinit cpu_init(void) wrmsrl(MSR_KERNEL_GS_BASE, 0); barrier(); @@ -14294,7 +14169,7 @@ index cf79302..b1b28ae 100644 if (cpu != 0) enable_x2apic(); -@@ -1272,7 +1223,7 @@ void __cpuinit cpu_init(void) +@@ -1278,7 +1229,7 @@ void __cpuinit cpu_init(void) { int cpu = smp_processor_id(); struct task_struct *curr = current; @@ -14317,7 +14192,7 @@ index 3e6ff6c..54b4992 100644 } #endif diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c -index 61604ae..98250a5 100644 +index c46ed49..5dc0a53 100644 --- a/arch/x86/kernel/cpu/mcheck/mce.c +++ b/arch/x86/kernel/cpu/mcheck/mce.c @@ -42,6 +42,7 @@ @@ -14368,7 +14243,7 @@ index 61604ae..98250a5 100644 return; } /* First print corrected ones that are still unlogged */ -@@ -684,7 +685,7 @@ static int mce_timed_out(u64 *t) +@@ -686,7 +687,7 @@ static int mce_timed_out(u64 *t) * might have been modified by someone else. */ rmb(); @@ -14377,7 +14252,7 @@ index 61604ae..98250a5 100644 wait_for_panic(); if (!monarch_timeout) goto out; -@@ -1535,7 +1536,7 @@ static void unexpected_machine_check(struct pt_regs *regs, long error_code) +@@ -1581,7 +1582,7 @@ static void unexpected_machine_check(struct pt_regs *regs, long error_code) } /* Call the installed machine check handler for this CPU setup. */ @@ -14386,7 +14261,7 @@ index 61604ae..98250a5 100644 unexpected_machine_check; /* -@@ -1558,7 +1559,9 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c) +@@ -1604,7 +1605,9 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c) return; } @@ -14396,7 +14271,7 @@ index 61604ae..98250a5 100644 __mcheck_cpu_init_generic(); __mcheck_cpu_init_vendor(c); -@@ -1572,7 +1575,7 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c) +@@ -1618,7 +1621,7 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c) */ static DEFINE_SPINLOCK(mce_chrdev_state_lock); @@ -14405,7 +14280,7 @@ index 61604ae..98250a5 100644 static int mce_chrdev_open_exclu; /* already open exclusive? */ static int mce_chrdev_open(struct inode *inode, struct file *file) -@@ -1580,7 +1583,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file) +@@ -1626,7 +1629,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file) spin_lock(&mce_chrdev_state_lock); if (mce_chrdev_open_exclu || @@ -14414,7 +14289,7 @@ index 61604ae..98250a5 100644 spin_unlock(&mce_chrdev_state_lock); return -EBUSY; -@@ -1588,7 +1591,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file) +@@ -1634,7 +1637,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file) if (file->f_flags & O_EXCL) mce_chrdev_open_exclu = 1; @@ -14423,7 +14298,7 @@ index 61604ae..98250a5 100644 spin_unlock(&mce_chrdev_state_lock); -@@ -1599,7 +1602,7 @@ static int mce_chrdev_release(struct inode *inode, struct file *file) +@@ -1645,7 +1648,7 @@ static int mce_chrdev_release(struct inode *inode, struct file *file) { spin_lock(&mce_chrdev_state_lock); @@ -14432,7 +14307,7 @@ index 61604ae..98250a5 100644 mce_chrdev_open_exclu = 0; spin_unlock(&mce_chrdev_state_lock); -@@ -2324,7 +2327,7 @@ struct dentry *mce_get_debugfs_dir(void) +@@ -2370,7 +2373,7 @@ struct dentry *mce_get_debugfs_dir(void) static void mce_reset(void) { cpu_missing = 0; @@ -14512,10 +14387,10 @@ index df5e41f..816c719 100644 extern int generic_get_free_region(unsigned long base, unsigned long size, int replace_reg); diff --git a/arch/x86/kernel/cpu/perf_event.c b/arch/x86/kernel/cpu/perf_event.c -index bb8e034..fb9020b 100644 +index c4706cf..264b0f7 100644 --- a/arch/x86/kernel/cpu/perf_event.c +++ b/arch/x86/kernel/cpu/perf_event.c -@@ -1835,7 +1835,7 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs) +@@ -1837,7 +1837,7 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs) break; perf_callchain_store(entry, frame.return_address); @@ -14576,7 +14451,7 @@ index 37250fe..bf2ec74 100644 .__cr3 = __pa_nodebug(swapper_pg_dir), diff --git a/arch/x86/kernel/dumpstack.c b/arch/x86/kernel/dumpstack.c -index 1b81839..0b4e7b0 100644 +index 571246d..81f335c 100644 --- a/arch/x86/kernel/dumpstack.c +++ b/arch/x86/kernel/dumpstack.c @@ -2,6 +2,9 @@ @@ -14713,7 +14588,7 @@ index 1b81839..0b4e7b0 100644 int __kprobes __die(const char *str, struct pt_regs *regs, long err) @@ -273,7 +277,7 @@ int __kprobes __die(const char *str, struct pt_regs *regs, long err) - show_registers(regs); + show_regs(regs); #ifdef CONFIG_X86_32 - if (user_mode_vm(regs)) { + if (user_mode(regs)) { @@ -14730,7 +14605,7 @@ index 1b81839..0b4e7b0 100644 if (__die(str, regs, err)) diff --git a/arch/x86/kernel/dumpstack_32.c b/arch/x86/kernel/dumpstack_32.c -index 88ec912..e95e935 100644 +index e0b1d78..a8ade5e 100644 --- a/arch/x86/kernel/dumpstack_32.c +++ b/arch/x86/kernel/dumpstack_32.c @@ -38,15 +38,13 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs, @@ -14753,7 +14628,7 @@ index 88ec912..e95e935 100644 if (ops->stack(data, "IRQ") < 0) break; touch_nmi_watchdog(); -@@ -87,7 +85,7 @@ void show_registers(struct pt_regs *regs) +@@ -87,7 +85,7 @@ void show_regs(struct pt_regs *regs) int i; print_modules(); @@ -14762,7 +14637,7 @@ index 88ec912..e95e935 100644 printk(KERN_EMERG "Process %.*s (pid: %d, ti=%p task=%p task.ti=%p)\n", TASK_COMM_LEN, current->comm, task_pid_nr(current), -@@ -96,21 +94,22 @@ void show_registers(struct pt_regs *regs) +@@ -96,21 +94,22 @@ void show_regs(struct pt_regs *regs) * When in-kernel, we also print out the stack and code at the * time of the fault.. */ @@ -14788,7 +14663,7 @@ index 88ec912..e95e935 100644 code_len = code_len - code_prologue + 1; } for (i = 0; i < code_len; i++, ip++) { -@@ -119,7 +118,7 @@ void show_registers(struct pt_regs *regs) +@@ -119,7 +118,7 @@ void show_regs(struct pt_regs *regs) printk(KERN_CONT " Bad EIP value."); break; } @@ -14822,7 +14697,7 @@ index 88ec912..e95e935 100644 +EXPORT_SYMBOL(pax_check_alloca); +#endif diff --git a/arch/x86/kernel/dumpstack_64.c b/arch/x86/kernel/dumpstack_64.c -index 17107bd..9623722 100644 +index 791b761..2ab6e33 100644 --- a/arch/x86/kernel/dumpstack_64.c +++ b/arch/x86/kernel/dumpstack_64.c @@ -119,9 +119,9 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs, @@ -14950,10 +14825,10 @@ index 9b9f18b..9fcaa04 100644 #include #include diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S -index 7b784f4..db6b628 100644 +index 623f288..0683156 100644 --- a/arch/x86/kernel/entry_32.S +++ b/arch/x86/kernel/entry_32.S -@@ -179,13 +179,146 @@ +@@ -176,13 +176,146 @@ /*CFI_REL_OFFSET gs, PT_GS*/ .endm .macro SET_KERNEL_GS reg @@ -15101,7 +14976,7 @@ index 7b784f4..db6b628 100644 cld PUSH_GS pushl_cfi %fs -@@ -208,7 +341,7 @@ +@@ -205,7 +338,7 @@ CFI_REL_OFFSET ecx, 0 pushl_cfi %ebx CFI_REL_OFFSET ebx, 0 @@ -15110,7 +14985,7 @@ index 7b784f4..db6b628 100644 movl %edx, %ds movl %edx, %es movl $(__KERNEL_PERCPU), %edx -@@ -216,6 +349,15 @@ +@@ -213,6 +346,15 @@ SET_KERNEL_GS %edx .endm @@ -15126,7 +15001,7 @@ index 7b784f4..db6b628 100644 .macro RESTORE_INT_REGS popl_cfi %ebx CFI_RESTORE ebx -@@ -301,7 +443,7 @@ ENTRY(ret_from_fork) +@@ -296,7 +438,7 @@ ENTRY(ret_from_fork) popfl_cfi jmp syscall_exit CFI_ENDPROC @@ -15135,7 +15010,7 @@ index 7b784f4..db6b628 100644 /* * Interrupt exit functions should be protected against kprobes -@@ -335,7 +477,15 @@ resume_userspace_sig: +@@ -329,7 +471,15 @@ ret_from_intr: andl $SEGMENT_RPL_MASK, %eax #endif cmpl $USER_RPL, %eax @@ -15151,7 +15026,7 @@ index 7b784f4..db6b628 100644 ENTRY(resume_userspace) LOCKDEP_SYS_EXIT -@@ -347,8 +497,8 @@ ENTRY(resume_userspace) +@@ -341,8 +491,8 @@ ENTRY(resume_userspace) andl $_TIF_WORK_MASK, %ecx # is there any work to be done on # int/exception return? jne work_pending @@ -15162,7 +15037,7 @@ index 7b784f4..db6b628 100644 #ifdef CONFIG_PREEMPT ENTRY(resume_kernel) -@@ -363,7 +513,7 @@ need_resched: +@@ -357,7 +507,7 @@ need_resched: jz restore_all call preempt_schedule_irq jmp need_resched @@ -15171,7 +15046,7 @@ index 7b784f4..db6b628 100644 #endif CFI_ENDPROC /* -@@ -397,23 +547,34 @@ sysenter_past_esp: +@@ -391,23 +541,34 @@ sysenter_past_esp: /*CFI_REL_OFFSET cs, 0*/ /* * Push current_thread_info()->sysenter_return to the stack. @@ -15207,9 +15082,9 @@ index 7b784f4..db6b628 100644 +#endif + movl %ebp,PT_EBP(%esp) - .section __ex_table,"a" - .align 4 -@@ -436,12 +597,24 @@ sysenter_do_call: + _ASM_EXTABLE(1b,syscall_fault) + +@@ -427,12 +588,24 @@ sysenter_do_call: testl $_TIF_ALLWORK_MASK, %ecx jne sysexit_audit sysenter_exit: @@ -15234,7 +15109,7 @@ index 7b784f4..db6b628 100644 PTGS_TO_GS ENABLE_INTERRUPTS_SYSEXIT -@@ -458,6 +631,9 @@ sysenter_audit: +@@ -449,6 +622,9 @@ sysenter_audit: movl %eax,%edx /* 2nd arg: syscall number */ movl $AUDIT_ARCH_I386,%eax /* 1st arg: audit arch */ call __audit_syscall_entry @@ -15244,7 +15119,7 @@ index 7b784f4..db6b628 100644 pushl_cfi %ebx movl PT_EAX(%esp),%eax /* reload syscall number */ jmp sysenter_do_call -@@ -483,11 +659,17 @@ sysexit_audit: +@@ -474,10 +650,16 @@ sysexit_audit: CFI_ENDPROC .pushsection .fixup,"ax" @@ -15255,16 +15130,15 @@ index 7b784f4..db6b628 100644 + jmp 1b +6: movl $0,PT_ES(%esp) jmp 1b - .section __ex_table,"a" - .align 4 -- .long 1b,2b -+ .long 1b,4b -+ .long 2b,5b -+ .long 3b,6b .popsection +- _ASM_EXTABLE(1b,2b) ++ _ASM_EXTABLE(1b,4b) ++ _ASM_EXTABLE(2b,5b) ++ _ASM_EXTABLE(3b,6b) PTGS_TO_GS_EX ENDPROC(ia32_sysenter_target) -@@ -520,6 +702,15 @@ syscall_exit: + +@@ -509,6 +691,15 @@ syscall_exit: testl $_TIF_ALLWORK_MASK, %ecx # current->work jne syscall_exit_work @@ -15280,7 +15154,7 @@ index 7b784f4..db6b628 100644 restore_all: TRACE_IRQS_IRET restore_all_notrace: -@@ -579,14 +770,34 @@ ldt_ss: +@@ -565,14 +756,34 @@ ldt_ss: * compensating for the offset by changing to the ESPFIX segment with * a base address that matches for the difference. */ @@ -15318,7 +15192,7 @@ index 7b784f4..db6b628 100644 pushl_cfi $__ESPFIX_SS pushl_cfi %eax /* new kernel esp */ /* Disable interrupts, but do not irqtrace this section: we -@@ -615,38 +826,30 @@ work_resched: +@@ -601,35 +812,23 @@ work_resched: movl TI_flags(%ebp), %ecx andl $_TIF_WORK_MASK, %ecx # is there any work to be done other # than syscall tracing? @@ -15338,9 +15212,13 @@ index 7b784f4..db6b628 100644 # vm86-space - TRACE_IRQS_ON - ENABLE_INTERRUPTS(CLBR_NONE) +- movb PT_CS(%esp), %bl +- andb $SEGMENT_RPL_MASK, %bl +- cmpb $USER_RPL, %bl +- jb resume_kernel - xorl %edx, %edx - call do_notify_resume -- jmp resume_userspace_sig +- jmp resume_userspace - ALIGN -work_notifysig_v86: @@ -15354,15 +15232,16 @@ index 7b784f4..db6b628 100644 #endif TRACE_IRQS_ON ENABLE_INTERRUPTS(CLBR_NONE) +@@ -640,7 +839,7 @@ work_notifysig_v86: xorl %edx, %edx call do_notify_resume - jmp resume_userspace_sig + jmp resume_userspace -END(work_pending) +ENDPROC(work_pending) # perform syscall exit tracing ALIGN -@@ -654,11 +857,14 @@ syscall_trace_entry: +@@ -648,11 +847,14 @@ syscall_trace_entry: movl $-ENOSYS,PT_EAX(%esp) movl %esp, %eax call syscall_trace_enter @@ -15378,7 +15257,7 @@ index 7b784f4..db6b628 100644 # perform syscall exit tracing ALIGN -@@ -671,20 +877,24 @@ syscall_exit_work: +@@ -665,20 +867,24 @@ syscall_exit_work: movl %esp, %eax call syscall_trace_leave jmp resume_userspace @@ -15406,7 +15285,7 @@ index 7b784f4..db6b628 100644 CFI_ENDPROC /* * End of kprobes section -@@ -756,6 +966,36 @@ ENTRY(ptregs_clone) +@@ -750,6 +956,36 @@ ENTRY(ptregs_clone) CFI_ENDPROC ENDPROC(ptregs_clone) @@ -15443,7 +15322,7 @@ index 7b784f4..db6b628 100644 .macro FIXUP_ESPFIX_STACK /* * Switch back for ESPFIX stack to the normal zerobased stack -@@ -765,8 +1005,15 @@ ENDPROC(ptregs_clone) +@@ -759,8 +995,15 @@ ENDPROC(ptregs_clone) * normal stack and adjusts ESP with the matching offset. */ /* fixup the stack */ @@ -15461,7 +15340,7 @@ index 7b784f4..db6b628 100644 shl $16, %eax addl %esp, %eax /* the adjusted stack pointer */ pushl_cfi $__KERNEL_DS -@@ -819,7 +1066,7 @@ vector=vector+1 +@@ -813,7 +1056,7 @@ vector=vector+1 .endr 2: jmp common_interrupt .endr @@ -15470,7 +15349,7 @@ index 7b784f4..db6b628 100644 .previous END(interrupt) -@@ -867,7 +1114,7 @@ ENTRY(coprocessor_error) +@@ -861,7 +1104,7 @@ ENTRY(coprocessor_error) pushl_cfi $do_coprocessor_error jmp error_code CFI_ENDPROC @@ -15479,7 +15358,7 @@ index 7b784f4..db6b628 100644 ENTRY(simd_coprocessor_error) RING0_INT_FRAME -@@ -888,7 +1135,7 @@ ENTRY(simd_coprocessor_error) +@@ -882,7 +1125,7 @@ ENTRY(simd_coprocessor_error) #endif jmp error_code CFI_ENDPROC @@ -15488,7 +15367,7 @@ index 7b784f4..db6b628 100644 ENTRY(device_not_available) RING0_INT_FRAME -@@ -896,7 +1143,7 @@ ENTRY(device_not_available) +@@ -890,18 +1133,18 @@ ENTRY(device_not_available) pushl_cfi $do_device_not_available jmp error_code CFI_ENDPROC @@ -15497,10 +15376,8 @@ index 7b784f4..db6b628 100644 #ifdef CONFIG_PARAVIRT ENTRY(native_iret) -@@ -905,12 +1152,12 @@ ENTRY(native_iret) - .align 4 - .long native_iret, iret_exc - .previous + iret + _ASM_EXTABLE(native_iret, iret_exc) -END(native_iret) +ENDPROC(native_iret) @@ -15512,7 +15389,7 @@ index 7b784f4..db6b628 100644 #endif ENTRY(overflow) -@@ -919,7 +1166,7 @@ ENTRY(overflow) +@@ -910,7 +1153,7 @@ ENTRY(overflow) pushl_cfi $do_overflow jmp error_code CFI_ENDPROC @@ -15521,7 +15398,7 @@ index 7b784f4..db6b628 100644 ENTRY(bounds) RING0_INT_FRAME -@@ -927,7 +1174,7 @@ ENTRY(bounds) +@@ -918,7 +1161,7 @@ ENTRY(bounds) pushl_cfi $do_bounds jmp error_code CFI_ENDPROC @@ -15530,7 +15407,7 @@ index 7b784f4..db6b628 100644 ENTRY(invalid_op) RING0_INT_FRAME -@@ -935,7 +1182,7 @@ ENTRY(invalid_op) +@@ -926,7 +1169,7 @@ ENTRY(invalid_op) pushl_cfi $do_invalid_op jmp error_code CFI_ENDPROC @@ -15539,7 +15416,7 @@ index 7b784f4..db6b628 100644 ENTRY(coprocessor_segment_overrun) RING0_INT_FRAME -@@ -943,35 +1190,35 @@ ENTRY(coprocessor_segment_overrun) +@@ -934,35 +1177,35 @@ ENTRY(coprocessor_segment_overrun) pushl_cfi $do_coprocessor_segment_overrun jmp error_code CFI_ENDPROC @@ -15580,7 +15457,7 @@ index 7b784f4..db6b628 100644 ENTRY(divide_error) RING0_INT_FRAME -@@ -979,7 +1226,7 @@ ENTRY(divide_error) +@@ -970,7 +1213,7 @@ ENTRY(divide_error) pushl_cfi $do_divide_error jmp error_code CFI_ENDPROC @@ -15589,7 +15466,7 @@ index 7b784f4..db6b628 100644 #ifdef CONFIG_X86_MCE ENTRY(machine_check) -@@ -988,7 +1235,7 @@ ENTRY(machine_check) +@@ -979,7 +1222,7 @@ ENTRY(machine_check) pushl_cfi machine_check_vector jmp error_code CFI_ENDPROC @@ -15598,7 +15475,7 @@ index 7b784f4..db6b628 100644 #endif ENTRY(spurious_interrupt_bug) -@@ -997,7 +1244,7 @@ ENTRY(spurious_interrupt_bug) +@@ -988,7 +1231,7 @@ ENTRY(spurious_interrupt_bug) pushl_cfi $do_spurious_interrupt_bug jmp error_code CFI_ENDPROC @@ -15607,7 +15484,7 @@ index 7b784f4..db6b628 100644 /* * End of kprobes section */ -@@ -1112,7 +1359,7 @@ BUILD_INTERRUPT3(xen_hvm_callback_vector, XEN_HVM_EVTCHN_CALLBACK, +@@ -1100,7 +1343,7 @@ BUILD_INTERRUPT3(xen_hvm_callback_vector, XEN_HVM_EVTCHN_CALLBACK, ENTRY(mcount) ret @@ -15616,7 +15493,7 @@ index 7b784f4..db6b628 100644 ENTRY(ftrace_caller) cmpl $0, function_trace_stop -@@ -1141,7 +1388,7 @@ ftrace_graph_call: +@@ -1129,7 +1372,7 @@ ftrace_graph_call: .globl ftrace_stub ftrace_stub: ret @@ -15625,7 +15502,7 @@ index 7b784f4..db6b628 100644 #else /* ! CONFIG_DYNAMIC_FTRACE */ -@@ -1177,7 +1424,7 @@ trace: +@@ -1165,7 +1408,7 @@ trace: popl %ecx popl %eax jmp ftrace_stub @@ -15634,7 +15511,7 @@ index 7b784f4..db6b628 100644 #endif /* CONFIG_DYNAMIC_FTRACE */ #endif /* CONFIG_FUNCTION_TRACER */ -@@ -1198,7 +1445,7 @@ ENTRY(ftrace_graph_caller) +@@ -1186,7 +1429,7 @@ ENTRY(ftrace_graph_caller) popl %ecx popl %eax ret @@ -15643,7 +15520,7 @@ index 7b784f4..db6b628 100644 .globl return_to_handler return_to_handler: -@@ -1253,15 +1500,18 @@ error_code: +@@ -1241,15 +1484,18 @@ error_code: movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart REG_TO_PTGS %ecx SET_KERNEL_GS %ecx @@ -15664,7 +15541,7 @@ index 7b784f4..db6b628 100644 /* * Debug traps and NMI can happen at the one SYSENTER instruction -@@ -1303,7 +1553,7 @@ debug_stack_correct: +@@ -1291,7 +1537,7 @@ debug_stack_correct: call do_debug jmp ret_from_exception CFI_ENDPROC @@ -15673,7 +15550,7 @@ index 7b784f4..db6b628 100644 /* * NMI is doubly nasty. It can happen _while_ we're handling -@@ -1340,6 +1590,9 @@ nmi_stack_correct: +@@ -1328,6 +1574,9 @@ nmi_stack_correct: xorl %edx,%edx # zero error code movl %esp,%eax # pt_regs pointer call do_nmi @@ -15683,7 +15560,7 @@ index 7b784f4..db6b628 100644 jmp restore_all_notrace CFI_ENDPROC -@@ -1376,12 +1629,15 @@ nmi_espfix_stack: +@@ -1364,12 +1613,15 @@ nmi_espfix_stack: FIXUP_ESPFIX_STACK # %eax == %esp xorl %edx,%edx # zero error code call do_nmi @@ -15700,7 +15577,7 @@ index 7b784f4..db6b628 100644 ENTRY(int3) RING0_INT_FRAME -@@ -1393,14 +1649,14 @@ ENTRY(int3) +@@ -1381,14 +1633,14 @@ ENTRY(int3) call do_int3 jmp ret_from_exception CFI_ENDPROC @@ -15717,7 +15594,7 @@ index 7b784f4..db6b628 100644 #ifdef CONFIG_KVM_GUEST ENTRY(async_page_fault) -@@ -1408,7 +1664,7 @@ ENTRY(async_page_fault) +@@ -1396,7 +1648,7 @@ ENTRY(async_page_fault) pushl_cfi $do_async_page_fault jmp error_code CFI_ENDPROC @@ -15727,19 +15604,19 @@ index 7b784f4..db6b628 100644 /* diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S -index cdc79b5..4710a75 100644 +index 7d65133..27bce5b 100644 --- a/arch/x86/kernel/entry_64.S +++ b/arch/x86/kernel/entry_64.S -@@ -56,6 +56,8 @@ - #include +@@ -57,6 +57,8 @@ #include + #include #include +#include +#include /* Avoid __ASSEMBLER__'ifying just for this. */ #include -@@ -69,8 +71,9 @@ +@@ -70,8 +72,9 @@ #ifdef CONFIG_FUNCTION_TRACER #ifdef CONFIG_DYNAMIC_FTRACE ENTRY(mcount) @@ -15750,7 +15627,7 @@ index cdc79b5..4710a75 100644 ENTRY(ftrace_caller) cmpl $0, function_trace_stop -@@ -93,8 +96,9 @@ GLOBAL(ftrace_graph_call) +@@ -94,8 +97,9 @@ GLOBAL(ftrace_graph_call) #endif GLOBAL(ftrace_stub) @@ -15761,7 +15638,7 @@ index cdc79b5..4710a75 100644 #else /* ! CONFIG_DYNAMIC_FTRACE */ ENTRY(mcount) -@@ -113,6 +117,7 @@ ENTRY(mcount) +@@ -114,6 +118,7 @@ ENTRY(mcount) #endif GLOBAL(ftrace_stub) @@ -15769,7 +15646,7 @@ index cdc79b5..4710a75 100644 retq trace: -@@ -122,12 +127,13 @@ trace: +@@ -123,12 +128,13 @@ trace: movq 8(%rbp), %rsi subq $MCOUNT_INSN_SIZE, %rdi @@ -15784,7 +15661,7 @@ index cdc79b5..4710a75 100644 #endif /* CONFIG_DYNAMIC_FTRACE */ #endif /* CONFIG_FUNCTION_TRACER */ -@@ -147,8 +153,9 @@ ENTRY(ftrace_graph_caller) +@@ -148,8 +154,9 @@ ENTRY(ftrace_graph_caller) MCOUNT_RESTORE_FRAME @@ -15795,7 +15672,7 @@ index cdc79b5..4710a75 100644 GLOBAL(return_to_handler) subq $24, %rsp -@@ -164,6 +171,7 @@ GLOBAL(return_to_handler) +@@ -165,6 +172,7 @@ GLOBAL(return_to_handler) movq 8(%rsp), %rdx movq (%rsp), %rax addq $24, %rsp @@ -15803,7 +15680,7 @@ index cdc79b5..4710a75 100644 jmp *%rdi #endif -@@ -179,6 +187,282 @@ ENTRY(native_usergs_sysret64) +@@ -180,6 +188,282 @@ ENTRY(native_usergs_sysret64) ENDPROC(native_usergs_sysret64) #endif /* CONFIG_PARAVIRT */ @@ -16086,7 +15963,7 @@ index cdc79b5..4710a75 100644 .macro TRACE_IRQS_IRETQ offset=ARGOFFSET #ifdef CONFIG_TRACE_IRQFLAGS -@@ -232,8 +516,8 @@ ENDPROC(native_usergs_sysret64) +@@ -271,8 +555,8 @@ ENDPROC(native_usergs_sysret64) .endm .macro UNFAKE_STACK_FRAME @@ -16097,7 +15974,7 @@ index cdc79b5..4710a75 100644 .endm /* -@@ -320,7 +604,7 @@ ENDPROC(native_usergs_sysret64) +@@ -359,7 +643,7 @@ ENDPROC(native_usergs_sysret64) movq %rsp, %rsi leaq -RBP(%rsp),%rdi /* arg1 for handler */ @@ -16106,7 +15983,7 @@ index cdc79b5..4710a75 100644 je 1f SWAPGS /* -@@ -355,9 +639,10 @@ ENTRY(save_rest) +@@ -394,9 +678,10 @@ ENTRY(save_rest) movq_cfi r15, R15+16 movq %r11, 8(%rsp) /* return address */ FIXUP_TOP_OF_STACK %r11, 16 @@ -16118,7 +15995,7 @@ index cdc79b5..4710a75 100644 /* save complete stack frame */ .pushsection .kprobes.text, "ax" -@@ -386,9 +671,10 @@ ENTRY(save_paranoid) +@@ -425,9 +710,10 @@ ENTRY(save_paranoid) js 1f /* negative -> in kernel */ SWAPGS xorl %ebx,%ebx @@ -16131,7 +16008,7 @@ index cdc79b5..4710a75 100644 .popsection /* -@@ -410,7 +696,7 @@ ENTRY(ret_from_fork) +@@ -449,7 +735,7 @@ ENTRY(ret_from_fork) RESTORE_REST @@ -16140,7 +16017,7 @@ index cdc79b5..4710a75 100644 jz retint_restore_args testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET -@@ -420,7 +706,7 @@ ENTRY(ret_from_fork) +@@ -459,7 +745,7 @@ ENTRY(ret_from_fork) jmp ret_from_sys_call # go to the SYSRET fastpath CFI_ENDPROC @@ -16149,7 +16026,7 @@ index cdc79b5..4710a75 100644 /* * System call entry. Up to 6 arguments in registers are supported. -@@ -456,7 +742,7 @@ END(ret_from_fork) +@@ -495,7 +781,7 @@ END(ret_from_fork) ENTRY(system_call) CFI_STARTPROC simple CFI_SIGNAL_FRAME @@ -16158,7 +16035,7 @@ index cdc79b5..4710a75 100644 CFI_REGISTER rip,rcx /*CFI_REGISTER rflags,r11*/ SWAPGS_UNSAFE_STACK -@@ -469,16 +755,18 @@ GLOBAL(system_call_after_swapgs) +@@ -508,16 +794,18 @@ GLOBAL(system_call_after_swapgs) movq %rsp,PER_CPU_VAR(old_rsp) movq PER_CPU_VAR(kernel_stack),%rsp @@ -16179,7 +16056,7 @@ index cdc79b5..4710a75 100644 jnz tracesys system_call_fastpath: #if __SYSCALL_MASK == ~0 -@@ -488,7 +776,7 @@ system_call_fastpath: +@@ -527,7 +815,7 @@ system_call_fastpath: cmpl $__NR_syscall_max,%eax #endif ja badsys @@ -16188,7 +16065,7 @@ index cdc79b5..4710a75 100644 call *sys_call_table(,%rax,8) # XXX: rip relative movq %rax,RAX-ARGOFFSET(%rsp) /* -@@ -502,10 +790,13 @@ sysret_check: +@@ -541,10 +829,13 @@ sysret_check: LOCKDEP_SYS_EXIT DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF @@ -16203,7 +16080,7 @@ index cdc79b5..4710a75 100644 /* * sysretq will re-enable interrupts: */ -@@ -557,14 +848,18 @@ badsys: +@@ -596,14 +887,18 @@ badsys: * jump back to the normal fast path. */ auditsys: @@ -16223,7 +16100,7 @@ index cdc79b5..4710a75 100644 jmp system_call_fastpath /* -@@ -585,7 +880,7 @@ sysret_audit: +@@ -624,7 +919,7 @@ sysret_audit: /* Do syscall tracing */ tracesys: #ifdef CONFIG_AUDITSYSCALL @@ -16232,7 +16109,7 @@ index cdc79b5..4710a75 100644 jz auditsys #endif SAVE_REST -@@ -593,12 +888,16 @@ tracesys: +@@ -632,12 +927,16 @@ tracesys: FIXUP_TOP_OF_STACK %rdi movq %rsp,%rdi call syscall_trace_enter @@ -16249,7 +16126,7 @@ index cdc79b5..4710a75 100644 RESTORE_REST #if __SYSCALL_MASK == ~0 cmpq $__NR_syscall_max,%rax -@@ -607,7 +906,7 @@ tracesys: +@@ -646,7 +945,7 @@ tracesys: cmpl $__NR_syscall_max,%eax #endif ja int_ret_from_sys_call /* RAX(%rsp) set to -ENOSYS above */ @@ -16258,7 +16135,7 @@ index cdc79b5..4710a75 100644 call *sys_call_table(,%rax,8) movq %rax,RAX-ARGOFFSET(%rsp) /* Use IRET because user could have changed frame */ -@@ -628,6 +927,7 @@ GLOBAL(int_with_check) +@@ -667,6 +966,7 @@ GLOBAL(int_with_check) andl %edi,%edx jnz int_careful andl $~TS_COMPAT,TI_status(%rcx) @@ -16266,7 +16143,7 @@ index cdc79b5..4710a75 100644 jmp retint_swapgs /* Either reschedule or signal or syscall exit tracking needed. */ -@@ -674,7 +974,7 @@ int_restore_rest: +@@ -713,7 +1013,7 @@ int_restore_rest: TRACE_IRQS_OFF jmp int_with_check CFI_ENDPROC @@ -16275,7 +16152,7 @@ index cdc79b5..4710a75 100644 /* * Certain special system calls that need to save a complete full stack frame. -@@ -690,7 +990,7 @@ ENTRY(\label) +@@ -729,7 +1029,7 @@ ENTRY(\label) call \func jmp ptregscall_common CFI_ENDPROC @@ -16284,7 +16161,7 @@ index cdc79b5..4710a75 100644 .endm PTREGSCALL stub_clone, sys_clone, %r8 -@@ -708,9 +1008,10 @@ ENTRY(ptregscall_common) +@@ -747,9 +1047,10 @@ ENTRY(ptregscall_common) movq_cfi_restore R12+8, r12 movq_cfi_restore RBP+8, rbp movq_cfi_restore RBX+8, rbx @@ -16296,7 +16173,7 @@ index cdc79b5..4710a75 100644 ENTRY(stub_execve) CFI_STARTPROC -@@ -725,7 +1026,7 @@ ENTRY(stub_execve) +@@ -764,7 +1065,7 @@ ENTRY(stub_execve) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -16305,7 +16182,7 @@ index cdc79b5..4710a75 100644 /* * sigreturn is special because it needs to restore all registers on return. -@@ -743,7 +1044,7 @@ ENTRY(stub_rt_sigreturn) +@@ -782,7 +1083,7 @@ ENTRY(stub_rt_sigreturn) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -16314,7 +16191,7 @@ index cdc79b5..4710a75 100644 #ifdef CONFIG_X86_X32_ABI PTREGSCALL stub_x32_sigaltstack, sys32_sigaltstack, %rdx -@@ -812,7 +1113,7 @@ vector=vector+1 +@@ -851,7 +1152,7 @@ vector=vector+1 2: jmp common_interrupt .endr CFI_ENDPROC @@ -16323,7 +16200,7 @@ index cdc79b5..4710a75 100644 .previous END(interrupt) -@@ -832,6 +1133,16 @@ END(interrupt) +@@ -871,6 +1172,16 @@ END(interrupt) subq $ORIG_RAX-RBP, %rsp CFI_ADJUST_CFA_OFFSET ORIG_RAX-RBP SAVE_ARGS_IRQ @@ -16340,7 +16217,7 @@ index cdc79b5..4710a75 100644 call \func .endm -@@ -863,7 +1174,7 @@ ret_from_intr: +@@ -902,7 +1213,7 @@ ret_from_intr: exit_intr: GET_THREAD_INFO(%rcx) @@ -16349,7 +16226,7 @@ index cdc79b5..4710a75 100644 je retint_kernel /* Interrupt came from user space */ -@@ -885,12 +1196,15 @@ retint_swapgs: /* return to user-space */ +@@ -924,12 +1235,15 @@ retint_swapgs: /* return to user-space */ * The iretq could re-enable interrupts: */ DISABLE_INTERRUPTS(CLBR_ANY) @@ -16365,7 +16242,7 @@ index cdc79b5..4710a75 100644 /* * The iretq could re-enable interrupts: */ -@@ -979,7 +1293,7 @@ ENTRY(retint_kernel) +@@ -1012,7 +1326,7 @@ ENTRY(retint_kernel) #endif CFI_ENDPROC @@ -16374,7 +16251,7 @@ index cdc79b5..4710a75 100644 /* * End of kprobes section */ -@@ -996,7 +1310,7 @@ ENTRY(\sym) +@@ -1029,7 +1343,7 @@ ENTRY(\sym) interrupt \do_sym jmp ret_from_intr CFI_ENDPROC @@ -16383,7 +16260,7 @@ index cdc79b5..4710a75 100644 .endm #ifdef CONFIG_SMP -@@ -1069,12 +1383,22 @@ ENTRY(\sym) +@@ -1102,12 +1416,22 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call error_entry DEFAULT_FRAME 0 @@ -16407,7 +16284,7 @@ index cdc79b5..4710a75 100644 .endm .macro paranoidzeroentry sym do_sym -@@ -1086,15 +1410,25 @@ ENTRY(\sym) +@@ -1119,15 +1443,25 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid TRACE_IRQS_OFF @@ -16435,10 +16312,10 @@ index cdc79b5..4710a75 100644 .macro paranoidzeroentry_ist sym do_sym ist ENTRY(\sym) INTR_FRAME -@@ -1104,14 +1438,30 @@ ENTRY(\sym) +@@ -1137,14 +1471,30 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid - TRACE_IRQS_OFF + TRACE_IRQS_OFF_DEBUG +#ifdef CONFIG_PAX_MEMORY_UDEREF + testb $3, CS(%rsp) + jnz 1f @@ -16467,7 +16344,7 @@ index cdc79b5..4710a75 100644 .endm .macro errorentry sym do_sym -@@ -1122,13 +1472,23 @@ ENTRY(\sym) +@@ -1155,13 +1505,23 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call error_entry DEFAULT_FRAME 0 @@ -16492,7 +16369,7 @@ index cdc79b5..4710a75 100644 .endm /* error code is on the stack already */ -@@ -1141,13 +1501,23 @@ ENTRY(\sym) +@@ -1174,13 +1534,23 @@ ENTRY(\sym) call save_paranoid DEFAULT_FRAME 0 TRACE_IRQS_OFF @@ -16517,7 +16394,7 @@ index cdc79b5..4710a75 100644 .endm zeroentry divide_error do_divide_error -@@ -1177,9 +1547,10 @@ gs_change: +@@ -1210,9 +1580,10 @@ gs_change: 2: mfence /* workaround */ SWAPGS popfq_cfi @@ -16527,9 +16404,9 @@ index cdc79b5..4710a75 100644 -END(native_load_gs_index) +ENDPROC(native_load_gs_index) - .section __ex_table,"a" - .align 8 -@@ -1201,13 +1572,14 @@ ENTRY(kernel_thread_helper) + _ASM_EXTABLE(gs_change,bad_gs) + .section .fixup,"ax" +@@ -1231,13 +1602,14 @@ ENTRY(kernel_thread_helper) * Here we are in the child and the registers are set as they were * at kernel_thread() invocation in the parent. */ @@ -16545,7 +16422,7 @@ index cdc79b5..4710a75 100644 /* * execve(). This function needs to use IRET, not SYSRET, to set up all state properly. -@@ -1234,11 +1606,11 @@ ENTRY(kernel_execve) +@@ -1264,11 +1636,11 @@ ENTRY(kernel_execve) RESTORE_REST testq %rax,%rax je int_ret_from_sys_call @@ -16559,7 +16436,7 @@ index cdc79b5..4710a75 100644 /* Call softirq on interrupt stack. Interrupts are off. */ ENTRY(call_softirq) -@@ -1256,9 +1628,10 @@ ENTRY(call_softirq) +@@ -1286,9 +1658,10 @@ ENTRY(call_softirq) CFI_DEF_CFA_REGISTER rsp CFI_ADJUST_CFA_OFFSET -8 decl PER_CPU_VAR(irq_count) @@ -16571,7 +16448,7 @@ index cdc79b5..4710a75 100644 #ifdef CONFIG_XEN zeroentry xen_hypervisor_callback xen_do_hypervisor_callback -@@ -1296,7 +1669,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) +@@ -1326,7 +1699,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) decl PER_CPU_VAR(irq_count) jmp error_exit CFI_ENDPROC @@ -16580,7 +16457,7 @@ index cdc79b5..4710a75 100644 /* * Hypervisor uses this for application faults while it executes. -@@ -1355,7 +1728,7 @@ ENTRY(xen_failsafe_callback) +@@ -1385,7 +1758,7 @@ ENTRY(xen_failsafe_callback) SAVE_ALL jmp error_exit CFI_ENDPROC @@ -16589,8 +16466,8 @@ index cdc79b5..4710a75 100644 apicinterrupt XEN_HVM_EVTCHN_CALLBACK \ xen_hvm_callback_vector xen_evtchn_do_upcall -@@ -1404,16 +1777,31 @@ ENTRY(paranoid_exit) - TRACE_IRQS_OFF +@@ -1434,16 +1807,31 @@ ENTRY(paranoid_exit) + TRACE_IRQS_OFF_DEBUG testl %ebx,%ebx /* swapgs needed? */ jnz paranoid_restore - testl $3,CS(%rsp) @@ -16616,13 +16493,13 @@ index cdc79b5..4710a75 100644 jmp irq_return paranoid_restore: + pax_exit_kernel - TRACE_IRQS_IRETQ 0 + TRACE_IRQS_IRETQ_DEBUG 0 RESTORE_ALL 8 + pax_force_retaddr_bts jmp irq_return paranoid_userspace: GET_THREAD_INFO(%rcx) -@@ -1442,7 +1830,7 @@ paranoid_schedule: +@@ -1472,7 +1860,7 @@ paranoid_schedule: TRACE_IRQS_OFF jmp paranoid_userspace CFI_ENDPROC @@ -16631,7 +16508,7 @@ index cdc79b5..4710a75 100644 /* * Exception entry point. This expects an error code/orig_rax on the stack. -@@ -1469,12 +1857,13 @@ ENTRY(error_entry) +@@ -1499,12 +1887,13 @@ ENTRY(error_entry) movq_cfi r14, R14+8 movq_cfi r15, R15+8 xorl %ebx,%ebx @@ -16646,7 +16523,7 @@ index cdc79b5..4710a75 100644 ret /* -@@ -1501,7 +1890,7 @@ bstep_iret: +@@ -1531,7 +1920,7 @@ bstep_iret: movq %rcx,RIP+8(%rsp) jmp error_swapgs CFI_ENDPROC @@ -16655,7 +16532,7 @@ index cdc79b5..4710a75 100644 /* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */ -@@ -1521,7 +1910,7 @@ ENTRY(error_exit) +@@ -1551,7 +1940,7 @@ ENTRY(error_exit) jnz retint_careful jmp retint_swapgs CFI_ENDPROC @@ -16664,7 +16541,7 @@ index cdc79b5..4710a75 100644 /* * Test if a given stack is an NMI stack or not. -@@ -1579,9 +1968,11 @@ ENTRY(nmi) +@@ -1609,9 +1998,11 @@ ENTRY(nmi) * If %cs was not the kernel segment, then the NMI triggered in user * space, which means it is definitely not nested. */ @@ -16677,7 +16554,7 @@ index cdc79b5..4710a75 100644 /* * Check the special variable on the stack to see if NMIs are * executing. -@@ -1728,6 +2119,16 @@ end_repeat_nmi: +@@ -1758,6 +2149,16 @@ end_repeat_nmi: */ call save_paranoid DEFAULT_FRAME 0 @@ -16694,7 +16571,7 @@ index cdc79b5..4710a75 100644 /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ movq %rsp,%rdi movq $-1,%rsi -@@ -1735,21 +2136,32 @@ end_repeat_nmi: +@@ -1765,21 +2166,32 @@ end_repeat_nmi: testl %ebx,%ebx /* swapgs needed? */ jnz nmi_restore nmi_swapgs: @@ -16730,40 +16607,10 @@ index cdc79b5..4710a75 100644 /* * End of kprobes section diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c -index c9a281f..ce2f317 100644 +index c3a7cb4..3ad00dc 100644 --- a/arch/x86/kernel/ftrace.c +++ b/arch/x86/kernel/ftrace.c -@@ -126,7 +126,7 @@ static void *mod_code_ip; /* holds the IP to write to */ - static const void *mod_code_newcode; /* holds the text to write to the IP */ - - static unsigned nmi_wait_count; --static atomic_t nmi_update_count = ATOMIC_INIT(0); -+static atomic_unchecked_t nmi_update_count = ATOMIC_INIT(0); - - int ftrace_arch_read_dyn_info(char *buf, int size) - { -@@ -134,7 +134,7 @@ int ftrace_arch_read_dyn_info(char *buf, int size) - - r = snprintf(buf, size, "%u %u", - nmi_wait_count, -- atomic_read(&nmi_update_count)); -+ atomic_read_unchecked(&nmi_update_count)); - return r; - } - -@@ -177,8 +177,10 @@ void ftrace_nmi_enter(void) - - if (atomic_inc_return(&nmi_running) & MOD_CODE_WRITE_FLAG) { - smp_rmb(); -+ pax_open_kernel(); - ftrace_mod_code(); -- atomic_inc(&nmi_update_count); -+ pax_close_kernel(); -+ atomic_inc_unchecked(&nmi_update_count); - } - /* Must have previous changes seen before executions */ - smp_mb(); -@@ -271,6 +273,8 @@ ftrace_modify_code(unsigned long ip, unsigned const char *old_code, +@@ -105,6 +105,8 @@ ftrace_modify_code_direct(unsigned long ip, unsigned const char *old_code, { unsigned char replaced[MCOUNT_INSN_SIZE]; @@ -16772,16 +16619,16 @@ index c9a281f..ce2f317 100644 /* * Note: Due to modules and __init, code can * disappear and change, we need to protect against faulting -@@ -327,7 +331,7 @@ int ftrace_update_ftrace_func(ftrace_func_t func) +@@ -212,7 +214,7 @@ int ftrace_update_ftrace_func(ftrace_func_t func) unsigned char old[MCOUNT_INSN_SIZE], *new; int ret; - memcpy(old, &ftrace_call, MCOUNT_INSN_SIZE); + memcpy(old, (void *)ktla_ktva((unsigned long)ftrace_call), MCOUNT_INSN_SIZE); new = ftrace_call_replace(ip, (unsigned long)func); - ret = ftrace_modify_code(ip, old, new); -@@ -353,6 +357,8 @@ static int ftrace_mod_jmp(unsigned long ip, + /* See comment above by declaration of modifying_ftrace_code */ +@@ -605,6 +607,8 @@ static int ftrace_mod_jmp(unsigned long ip, { unsigned char code[MCOUNT_INSN_SIZE]; @@ -16791,10 +16638,10 @@ index c9a281f..ce2f317 100644 return -EFAULT; diff --git a/arch/x86/kernel/head32.c b/arch/x86/kernel/head32.c -index 51ff186..9e77418 100644 +index c18f59d..9c0c9f6 100644 --- a/arch/x86/kernel/head32.c +++ b/arch/x86/kernel/head32.c -@@ -19,6 +19,7 @@ +@@ -18,6 +18,7 @@ #include #include #include @@ -16802,7 +16649,7 @@ index 51ff186..9e77418 100644 static void __init i386_default_early_setup(void) { -@@ -31,8 +32,7 @@ static void __init i386_default_early_setup(void) +@@ -30,8 +31,7 @@ static void __init i386_default_early_setup(void) void __init i386_start_kernel(void) { @@ -16813,10 +16660,10 @@ index 51ff186..9e77418 100644 #ifdef CONFIG_BLK_DEV_INITRD /* Reserve INITRD */ diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S -index ce0be7c..c41476e 100644 +index d42ab17..cb1b997 100644 --- a/arch/x86/kernel/head_32.S +++ b/arch/x86/kernel/head_32.S -@@ -25,6 +25,12 @@ +@@ -26,6 +26,12 @@ /* Physical address */ #define pa(X) ((X) - __PAGE_OFFSET) @@ -16829,7 +16676,7 @@ index ce0be7c..c41476e 100644 /* * References to members of the new_cpu_data structure. */ -@@ -54,11 +60,7 @@ +@@ -55,11 +61,7 @@ * and small than max_low_pfn, otherwise will waste some page table entries */ @@ -16842,7 +16689,7 @@ index ce0be7c..c41476e 100644 /* Number of possible pages in the lowmem region */ LOWMEM_PAGES = (((1<<32) - __PAGE_OFFSET) >> PAGE_SHIFT) -@@ -77,6 +79,12 @@ INIT_MAP_SIZE = PAGE_TABLE_SIZE(KERNEL_PAGES) * PAGE_SIZE +@@ -78,6 +80,12 @@ INIT_MAP_SIZE = PAGE_TABLE_SIZE(KERNEL_PAGES) * PAGE_SIZE RESERVE_BRK(pagetables, INIT_MAP_SIZE) /* @@ -16855,7 +16702,7 @@ index ce0be7c..c41476e 100644 * 32-bit kernel entrypoint; only used by the boot CPU. On entry, * %esi points to the real-mode code as a 32-bit pointer. * CS and DS must be 4 GB flat segments, but we don't depend on -@@ -84,6 +92,13 @@ RESERVE_BRK(pagetables, INIT_MAP_SIZE) +@@ -85,6 +93,13 @@ RESERVE_BRK(pagetables, INIT_MAP_SIZE) * can. */ __HEAD @@ -16869,7 +16716,7 @@ index ce0be7c..c41476e 100644 ENTRY(startup_32) movl pa(stack_start),%ecx -@@ -105,6 +120,57 @@ ENTRY(startup_32) +@@ -106,6 +121,57 @@ ENTRY(startup_32) 2: leal -__PAGE_OFFSET(%ecx),%esp @@ -16927,7 +16774,7 @@ index ce0be7c..c41476e 100644 /* * Clear BSS first so that there are no surprises... */ -@@ -195,8 +261,11 @@ ENTRY(startup_32) +@@ -196,8 +262,11 @@ ENTRY(startup_32) movl %eax, pa(max_pfn_mapped) /* Do early initialization of the fixmap area */ @@ -16941,7 +16788,7 @@ index ce0be7c..c41476e 100644 #else /* Not PAE */ page_pde_offset = (__PAGE_OFFSET >> 20); -@@ -226,8 +295,11 @@ page_pde_offset = (__PAGE_OFFSET >> 20); +@@ -227,8 +296,11 @@ page_pde_offset = (__PAGE_OFFSET >> 20); movl %eax, pa(max_pfn_mapped) /* Do early initialization of the fixmap area */ @@ -16955,7 +16802,7 @@ index ce0be7c..c41476e 100644 #endif #ifdef CONFIG_PARAVIRT -@@ -241,9 +313,7 @@ page_pde_offset = (__PAGE_OFFSET >> 20); +@@ -242,9 +314,7 @@ page_pde_offset = (__PAGE_OFFSET >> 20); cmpl $num_subarch_entries, %eax jae bad_subarch @@ -16966,7 +16813,7 @@ index ce0be7c..c41476e 100644 bad_subarch: WEAK(lguest_entry) -@@ -255,10 +325,10 @@ WEAK(xen_entry) +@@ -256,10 +326,10 @@ WEAK(xen_entry) __INITDATA subarch_entries: @@ -16981,7 +16828,7 @@ index ce0be7c..c41476e 100644 num_subarch_entries = (. - subarch_entries) / 4 .previous #else -@@ -312,6 +382,7 @@ default_entry: +@@ -310,6 +380,7 @@ default_entry: orl %edx,%eax movl %eax,%cr4 @@ -16989,7 +16836,7 @@ index ce0be7c..c41476e 100644 testb $X86_CR4_PAE, %al # check if PAE is enabled jz 6f -@@ -340,6 +411,9 @@ default_entry: +@@ -338,6 +409,9 @@ default_entry: /* Make changes effective */ wrmsr @@ -16999,7 +16846,7 @@ index ce0be7c..c41476e 100644 6: /* -@@ -443,7 +517,7 @@ is386: movl $2,%ecx # set MP +@@ -436,14 +510,20 @@ is386: movl $2,%ecx # set MP 1: movl $(__KERNEL_DS),%eax # reload all the segment registers movl %eax,%ss # after changing gdt. @@ -17008,10 +16855,23 @@ index ce0be7c..c41476e 100644 movl %eax,%ds movl %eax,%es -@@ -457,15 +531,22 @@ is386: movl $2,%ecx # set MP + movl $(__KERNEL_PERCPU), %eax + movl %eax,%fs # set this cpu's percpu + ++#ifdef CONFIG_CC_STACKPROTECTOR + movl $(__KERNEL_STACK_CANARY),%eax ++#elif defined(CONFIG_PAX_MEMORY_UDEREF) ++ movl $(__USER_DS),%eax ++#else ++ xorl %eax,%eax ++#endif + movl %eax,%gs + + xorl %eax,%eax # Clear LDT +@@ -520,8 +600,11 @@ setup_once: + * relocation. Manually set base address in stack canary + * segment descriptor. */ - cmpb $0,ready - jne 1f - movl $gdt_page,%eax + movl $cpu_gdt_table,%eax movl $stack_canary,%ecx @@ -17021,47 +16881,26 @@ index ce0be7c..c41476e 100644 movw %cx, 8 * GDT_ENTRY_STACK_CANARY + 2(%eax) shrl $16, %ecx movb %cl, 8 * GDT_ENTRY_STACK_CANARY + 4(%eax) - movb %ch, 8 * GDT_ENTRY_STACK_CANARY + 7(%eax) - 1: --#endif - movl $(__KERNEL_STACK_CANARY),%eax -+#elif defined(CONFIG_PAX_MEMORY_UDEREF) -+ movl $(__USER_DS),%eax -+#else -+ xorl %eax,%eax -+#endif - movl %eax,%gs - - xorl %eax,%eax # Clear LDT -@@ -558,22 +639,22 @@ early_page_fault: - jmp early_fault - - early_fault: -- cld - #ifdef CONFIG_PRINTK +@@ -552,7 +635,7 @@ ENDPROC(early_idt_handlers) + /* This is global to keep gas from relaxing the jumps */ + ENTRY(early_idt_handler) + cld +- cmpl $2,%ss:early_recursion_flag + cmpl $1,%ss:early_recursion_flag -+ je hlt_loop -+ incl %ss:early_recursion_flag -+ cld - pusha - movl $(__KERNEL_DS),%eax - movl %eax,%ds - movl %eax,%es -- cmpl $2,early_recursion_flag -- je hlt_loop -- incl early_recursion_flag - movl %cr2,%eax - pushl %eax - pushl %edx /* trapno */ + je hlt_loop + incl %ss:early_recursion_flag + +@@ -590,8 +673,8 @@ ENTRY(early_idt_handler) + pushl (20+6*4)(%esp) /* trapno */ pushl $fault_msg call printk -+; call dump_stack - #endif -- call dump_stack +-#endif + call dump_stack ++#endif hlt_loop: hlt jmp hlt_loop -@@ -581,8 +662,11 @@ hlt_loop: +@@ -610,8 +693,11 @@ ENDPROC(early_idt_handler) /* This is the default interrupt "handler" :-) */ ALIGN ignore_int: @@ -17074,7 +16913,7 @@ index ce0be7c..c41476e 100644 pushl %eax pushl %ecx pushl %edx -@@ -591,9 +675,6 @@ ignore_int: +@@ -620,9 +706,6 @@ ignore_int: movl $(__KERNEL_DS),%eax movl %eax,%ds movl %eax,%es @@ -17084,7 +16923,7 @@ index ce0be7c..c41476e 100644 pushl 16(%esp) pushl 24(%esp) pushl 32(%esp) -@@ -622,29 +703,43 @@ ENTRY(initial_code) +@@ -656,29 +739,43 @@ ENTRY(setup_once_ref) /* * BSS section */ @@ -17133,7 +16972,7 @@ index ce0be7c..c41476e 100644 ENTRY(initial_page_table) .long pa(initial_pg_pmd+PGD_IDENT_ATTR),0 /* low identity map */ # if KPMDS == 3 -@@ -663,18 +758,27 @@ ENTRY(initial_page_table) +@@ -697,12 +794,20 @@ ENTRY(initial_page_table) # error "Kernel PMDs should be 1, 2 or 3" # endif .align PAGE_SIZE /* needs to be page-sized too */ @@ -17153,18 +16992,18 @@ index ce0be7c..c41476e 100644 - .long init_thread_union+THREAD_SIZE + .long init_thread_union+THREAD_SIZE-8 -+ready: .byte 0 -+ -+.section .rodata,"a",@progbits - early_recursion_flag: - .long 0 - --ready: .byte 0 -- + __INITRODATA int_msg: - .asciz "Unknown interrupt or fault at: %p %p %p\n" +@@ -730,7 +835,7 @@ fault_msg: + * segment size, and 32-bit linear address value: + */ -@@ -707,7 +811,7 @@ fault_msg: +- .data ++.section .rodata,"a",@progbits + .globl boot_gdt_descr + .globl idt_descr + +@@ -739,7 +844,7 @@ fault_msg: .word 0 # 32 bit align gdt_desc.address boot_gdt_descr: .word __BOOT_DS+7 @@ -17173,7 +17012,7 @@ index ce0be7c..c41476e 100644 .word 0 # 32-bit align idt_desc.address idt_descr: -@@ -718,7 +822,7 @@ idt_descr: +@@ -750,7 +855,7 @@ idt_descr: .word 0 # 32 bit align gdt_desc.address ENTRY(early_gdt_descr) .word GDT_ENTRIES*8-1 @@ -17182,7 +17021,7 @@ index ce0be7c..c41476e 100644 /* * The boot_gdt must mirror the equivalent in setup.S and is -@@ -727,5 +831,65 @@ ENTRY(early_gdt_descr) +@@ -759,5 +864,65 @@ ENTRY(early_gdt_descr) .align L1_CACHE_BYTES ENTRY(boot_gdt) .fill GDT_ENTRY_BOOT_CS,8,0 @@ -17251,19 +17090,19 @@ index ce0be7c..c41476e 100644 + .fill PAGE_SIZE_asm - GDT_SIZE,1,0 + .endr diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S -index 40f4eb3..6d24d9d 100644 +index 94bf9cc..400455a 100644 --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S -@@ -19,6 +19,8 @@ - #include +@@ -20,6 +20,8 @@ #include #include + #include +#include +#include #ifdef CONFIG_PARAVIRT #include -@@ -38,6 +40,12 @@ L4_PAGE_OFFSET = pgd_index(__PAGE_OFFSET) +@@ -41,6 +43,12 @@ L4_PAGE_OFFSET = pgd_index(__PAGE_OFFSET) L3_PAGE_OFFSET = pud_index(__PAGE_OFFSET) L4_START_KERNEL = pgd_index(__START_KERNEL_map) L3_START_KERNEL = pud_index(__START_KERNEL_map) @@ -17276,7 +17115,7 @@ index 40f4eb3..6d24d9d 100644 .text __HEAD -@@ -85,35 +93,23 @@ startup_64: +@@ -88,35 +96,23 @@ startup_64: */ addq %rbp, init_level4_pgt + 0(%rip) addq %rbp, init_level4_pgt + (L4_PAGE_OFFSET*8)(%rip) @@ -17323,7 +17162,7 @@ index 40f4eb3..6d24d9d 100644 /* * Fixup the kernel text+data virtual addresses. Note that -@@ -160,8 +156,8 @@ ENTRY(secondary_startup_64) +@@ -159,8 +155,8 @@ ENTRY(secondary_startup_64) * after the boot processor executes this code. */ @@ -17334,7 +17173,7 @@ index 40f4eb3..6d24d9d 100644 movq %rax, %cr4 /* Setup early boot stage 4 level pagetables. */ -@@ -183,9 +179,17 @@ ENTRY(secondary_startup_64) +@@ -182,9 +178,17 @@ ENTRY(secondary_startup_64) movl $MSR_EFER, %ecx rdmsr btsl $_EFER_SCE, %eax /* Enable System Call */ @@ -17353,7 +17192,7 @@ index 40f4eb3..6d24d9d 100644 1: wrmsr /* Make changes effective */ /* Setup cr0 */ -@@ -247,6 +251,7 @@ ENTRY(secondary_startup_64) +@@ -246,6 +250,7 @@ ENTRY(secondary_startup_64) * jump. In addition we need to ensure %cs is set so we make this * a far return. */ @@ -17361,41 +17200,40 @@ index 40f4eb3..6d24d9d 100644 movq initial_code(%rip),%rax pushq $0 # fake return address to stop unwinder pushq $__KERNEL_CS # set correct cs -@@ -269,7 +274,7 @@ ENTRY(secondary_startup_64) +@@ -268,7 +273,7 @@ ENTRY(secondary_startup_64) bad_address: jmp bad_address - .section ".init.text","ax" + __INIT - #ifdef CONFIG_EARLY_PRINTK .globl early_idt_handlers early_idt_handlers: -@@ -314,18 +319,23 @@ ENTRY(early_idt_handler) - #endif /* EARLY_PRINTK */ - 1: hlt - jmp 1b + # 104(%rsp) %rflags +@@ -347,11 +352,15 @@ ENTRY(early_idt_handler) + addq $16,%rsp # drop vector number and error code + decl early_recursion_flag(%rip) + INTERRUPT_RETURN + .previous - #ifdef CONFIG_EARLY_PRINTK + __INITDATA + .balign 4 early_recursion_flag: .long 0 + .previous + .section .rodata,"a",@progbits + #ifdef CONFIG_EARLY_PRINTK early_idt_msg: .asciz "PANIC: early exception %02lx rip %lx:%lx error %lx cr2 %lx\n" - early_idt_ripmsg: - .asciz "RIP %s\n" -+ .previous +@@ -360,6 +369,7 @@ early_idt_ripmsg: #endif /* CONFIG_EARLY_PRINTK */ -- .previous + .previous + .section .rodata,"a",@progbits #define NEXT_PAGE(name) \ .balign PAGE_SIZE; \ ENTRY(name) -@@ -338,7 +348,6 @@ ENTRY(name) +@@ -372,7 +382,6 @@ ENTRY(name) i = i + 1 ; \ .endr @@ -17403,7 +17241,7 @@ index 40f4eb3..6d24d9d 100644 /* * This default setting generates an ident mapping at address 0x100000 * and a mapping for the kernel that precisely maps virtual address -@@ -349,13 +358,41 @@ NEXT_PAGE(init_level4_pgt) +@@ -383,13 +392,41 @@ NEXT_PAGE(init_level4_pgt) .quad level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE .org init_level4_pgt + L4_PAGE_OFFSET*8, 0 .quad level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE @@ -17445,7 +17283,7 @@ index 40f4eb3..6d24d9d 100644 NEXT_PAGE(level3_kernel_pgt) .fill L3_START_KERNEL,8,0 -@@ -363,20 +400,23 @@ NEXT_PAGE(level3_kernel_pgt) +@@ -397,20 +434,23 @@ NEXT_PAGE(level3_kernel_pgt) .quad level2_kernel_pgt - __START_KERNEL_map + _KERNPG_TABLE .quad level2_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE @@ -17477,7 +17315,7 @@ index 40f4eb3..6d24d9d 100644 NEXT_PAGE(level2_kernel_pgt) /* -@@ -389,37 +429,59 @@ NEXT_PAGE(level2_kernel_pgt) +@@ -423,37 +463,59 @@ NEXT_PAGE(level2_kernel_pgt) * If you want to increase this then increase MODULES_VADDR * too.) */ @@ -17574,7 +17412,7 @@ index 9c3bd4a..e1d9b35 100644 +EXPORT_SYMBOL(__LOAD_PHYSICAL_ADDR); +#endif diff --git a/arch/x86/kernel/i387.c b/arch/x86/kernel/i387.c -index 2d6e649..df6e1af 100644 +index f250431..54097e7 100644 --- a/arch/x86/kernel/i387.c +++ b/arch/x86/kernel/i387.c @@ -59,7 +59,7 @@ static inline bool interrupted_kernel_fpu_idle(void) @@ -17599,28 +17437,6 @@ index 36d1853..bf25736 100644 /* * Theoretically we do not have to handle this IRQ, * but in Linux this does not cause problems and is -diff --git a/arch/x86/kernel/init_task.c b/arch/x86/kernel/init_task.c -index 43e9ccf..44ccf6f 100644 ---- a/arch/x86/kernel/init_task.c -+++ b/arch/x86/kernel/init_task.c -@@ -20,8 +20,7 @@ static struct sighand_struct init_sighand = INIT_SIGHAND(init_sighand); - * way process stacks are handled. This is done by having a special - * "init_task" linker map entry.. - */ --union thread_union init_thread_union __init_task_data = -- { INIT_THREAD_INFO(init_task) }; -+union thread_union init_thread_union __init_task_data; - - /* - * Initial task structure. -@@ -38,5 +37,5 @@ EXPORT_SYMBOL(init_task); - * section. Since TSS's are completely CPU-local, we want them - * on exact cacheline boundaries, to eliminate cacheline ping-pong. - */ --DEFINE_PER_CPU_SHARED_ALIGNED(struct tss_struct, init_tss) = INIT_TSS; -- -+struct tss_struct init_tss[NR_CPUS] ____cacheline_internodealigned_in_smp = { [0 ... NR_CPUS-1] = INIT_TSS }; -+EXPORT_SYMBOL(init_tss); diff --git a/arch/x86/kernel/ioport.c b/arch/x86/kernel/ioport.c index 8c96897..be66bfa 100644 --- a/arch/x86/kernel/ioport.c @@ -17707,7 +17523,7 @@ index 3dafc60..aa8e9c4 100644 return sum; } diff --git a/arch/x86/kernel/irq_32.c b/arch/x86/kernel/irq_32.c -index 58b7f27..e112d08 100644 +index 344faf8..355f60d 100644 --- a/arch/x86/kernel/irq_32.c +++ b/arch/x86/kernel/irq_32.c @@ -39,7 +39,7 @@ static int check_stack_overflow(void) @@ -17777,7 +17593,7 @@ index 58b7f27..e112d08 100644 return 1; } -@@ -121,29 +125,11 @@ execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq) +@@ -121,29 +125,14 @@ execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq) */ void __cpuinit irq_ctx_init(int cpu) { @@ -17787,8 +17603,8 @@ index 58b7f27..e112d08 100644 return; - irqctx = page_address(alloc_pages_node(cpu_to_node(cpu), -- THREAD_FLAGS, -- THREAD_ORDER)); +- THREADINFO_GFP, +- THREAD_SIZE_ORDER)); - memset(&irqctx->tinfo, 0, sizeof(struct thread_info)); - irqctx->tinfo.cpu = cpu; - irqctx->tinfo.preempt_count = HARDIRQ_OFFSET; @@ -17797,19 +17613,22 @@ index 58b7f27..e112d08 100644 - per_cpu(hardirq_ctx, cpu) = irqctx; - - irqctx = page_address(alloc_pages_node(cpu_to_node(cpu), -- THREAD_FLAGS, -- THREAD_ORDER)); +- THREADINFO_GFP, +- THREAD_SIZE_ORDER)); - memset(&irqctx->tinfo, 0, sizeof(struct thread_info)); - irqctx->tinfo.cpu = cpu; - irqctx->tinfo.addr_limit = MAKE_MM_SEG(0); - - per_cpu(softirq_ctx, cpu) = irqctx; -+ per_cpu(hardirq_ctx, cpu) = page_address(alloc_pages_node(cpu_to_node(cpu), THREAD_FLAGS, THREAD_ORDER)); -+ per_cpu(softirq_ctx, cpu) = page_address(alloc_pages_node(cpu_to_node(cpu), THREAD_FLAGS, THREAD_ORDER)); ++ per_cpu(hardirq_ctx, cpu) = page_address(alloc_pages_node(cpu_to_node(cpu), THREADINFO_GFP, THREAD_SIZE_ORDER)); ++ per_cpu(softirq_ctx, cpu) = page_address(alloc_pages_node(cpu_to_node(cpu), THREADINFO_GFP, THREAD_SIZE_ORDER)); ++ ++ printk(KERN_DEBUG "CPU %u irqstacks, hard=%p soft=%p\n", ++ cpu, per_cpu(hardirq_ctx, cpu), per_cpu(softirq_ctx, cpu)); printk(KERN_DEBUG "CPU %u irqstacks, hard=%p soft=%p\n", cpu, per_cpu(hardirq_ctx, cpu), per_cpu(softirq_ctx, cpu)); -@@ -152,7 +138,6 @@ void __cpuinit irq_ctx_init(int cpu) +@@ -152,7 +141,6 @@ void __cpuinit irq_ctx_init(int cpu) asmlinkage void do_softirq(void) { unsigned long flags; @@ -17817,7 +17636,7 @@ index 58b7f27..e112d08 100644 union irq_ctx *irqctx; u32 *isp; -@@ -162,15 +147,22 @@ asmlinkage void do_softirq(void) +@@ -162,15 +150,22 @@ asmlinkage void do_softirq(void) local_irq_save(flags); if (local_softirq_pending()) { @@ -17844,7 +17663,7 @@ index 58b7f27..e112d08 100644 /* * Shouldn't happen, we returned above if in_interrupt(): */ -@@ -191,7 +183,7 @@ bool handle_irq(unsigned irq, struct pt_regs *regs) +@@ -191,7 +186,7 @@ bool handle_irq(unsigned irq, struct pt_regs *regs) if (unlikely(!desc)) return false; @@ -17867,20 +17686,20 @@ index d04d3ec..ea4b374 100644 if (regs->sp >= curbase + sizeof(struct thread_info) + diff --git a/arch/x86/kernel/kdebugfs.c b/arch/x86/kernel/kdebugfs.c -index 1d5d31e..ab846ed 100644 +index 1d5d31e..72731d4 100644 --- a/arch/x86/kernel/kdebugfs.c +++ b/arch/x86/kernel/kdebugfs.c -@@ -28,6 +28,8 @@ struct setup_data_node { +@@ -27,7 +27,7 @@ struct setup_data_node { + u32 len; }; - static ssize_t setup_data_read(struct file *file, char __user *user_buf, -+ size_t count, loff_t *ppos) __size_overflow(3); -+static ssize_t setup_data_read(struct file *file, char __user *user_buf, +-static ssize_t setup_data_read(struct file *file, char __user *user_buf, ++static ssize_t __size_overflow(3) setup_data_read(struct file *file, char __user *user_buf, size_t count, loff_t *ppos) { struct setup_data_node *node = file->private_data; diff --git a/arch/x86/kernel/kgdb.c b/arch/x86/kernel/kgdb.c -index 8bfb614..2b3b35f 100644 +index 3f61904..873cea9 100644 --- a/arch/x86/kernel/kgdb.c +++ b/arch/x86/kernel/kgdb.c @@ -127,11 +127,11 @@ char *dbg_get_reg(int regno, void *mem, struct pt_regs *regs) @@ -17958,7 +17777,7 @@ index c5e410e..da6aaf9 100644 insn_buf[0] = RELATIVEJUMP_OPCODE; diff --git a/arch/x86/kernel/kprobes.c b/arch/x86/kernel/kprobes.c -index e213fc8..d783ba4 100644 +index e2f751e..dffa2a0 100644 --- a/arch/x86/kernel/kprobes.c +++ b/arch/x86/kernel/kprobes.c @@ -120,8 +120,11 @@ static void __kprobes __synthesize_relative_insn(void *from, void *to, u8 op) @@ -18314,10 +18133,10 @@ index f21fd94..61565cd 100644 if ((s64)val != *(s32 *)loc) goto overflow; diff --git a/arch/x86/kernel/nmi.c b/arch/x86/kernel/nmi.c -index 32856fa..ce95eaa 100644 +index a0b2f84..875ab81 100644 --- a/arch/x86/kernel/nmi.c +++ b/arch/x86/kernel/nmi.c -@@ -507,6 +507,17 @@ static inline void nmi_nesting_postprocess(void) +@@ -460,6 +460,17 @@ static inline void nmi_nesting_postprocess(void) dotraplinkage notrace __kprobes void do_nmi(struct pt_regs *regs, long error_code) { @@ -18349,7 +18168,7 @@ index 676b8c7..870ba04 100644 .spin_is_locked = __ticket_spin_is_locked, .spin_is_contended = __ticket_spin_is_contended, diff --git a/arch/x86/kernel/paravirt.c b/arch/x86/kernel/paravirt.c -index ab13760..01218e0 100644 +index 9ce8859..b49bf51 100644 --- a/arch/x86/kernel/paravirt.c +++ b/arch/x86/kernel/paravirt.c @@ -55,6 +55,9 @@ u64 _paravirt_ident_64(u64 x) @@ -18497,48 +18316,29 @@ index 35ccf75..7a15747 100644 #define DEBUG 1 diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c -index 1d92a5a..7bc8c29 100644 +index 735279e..5008677 100644 --- a/arch/x86/kernel/process.c +++ b/arch/x86/kernel/process.c -@@ -69,16 +69,33 @@ void free_thread_xstate(struct task_struct *tsk) - - void free_thread_info(struct thread_info *ti) - { -- free_thread_xstate(ti->task); - free_pages((unsigned long)ti, THREAD_ORDER); - } +@@ -34,7 +34,8 @@ + * section. Since TSS's are completely CPU-local, we want them + * on exact cacheline boundaries, to eliminate cacheline ping-pong. + */ +-DEFINE_PER_CPU_SHARED_ALIGNED(struct tss_struct, init_tss) = INIT_TSS; ++struct tss_struct init_tss[NR_CPUS] ____cacheline_internodealigned_in_smp = { [0 ... NR_CPUS-1] = INIT_TSS }; ++EXPORT_SYMBOL(init_tss); -+static struct kmem_cache *task_struct_cachep; -+ - void arch_task_cache_init(void) - { -- task_xstate_cachep = -- kmem_cache_create("task_xstate", xstate_size, -+ /* create a slab on which task_structs can be allocated */ -+ task_struct_cachep = -+ kmem_cache_create("task_struct", sizeof(struct task_struct), -+ ARCH_MIN_TASKALIGN, SLAB_PANIC | SLAB_NOTRACK, NULL); -+ -+ task_xstate_cachep = -+ kmem_cache_create("task_xstate", xstate_size, + #ifdef CONFIG_X86_64 + static DEFINE_PER_CPU(unsigned char, is_idle); +@@ -92,7 +93,7 @@ void arch_task_cache_init(void) + task_xstate_cachep = + kmem_cache_create("task_xstate", xstate_size, __alignof__(union thread_xstate), - SLAB_PANIC | SLAB_NOTRACK, NULL); + SLAB_PANIC | SLAB_NOTRACK | SLAB_USERCOPY, NULL); -+} -+ -+struct task_struct *alloc_task_struct_node(int node) -+{ -+ return kmem_cache_alloc_node(task_struct_cachep, GFP_KERNEL, node); -+} -+ -+void free_task_struct(struct task_struct *task) -+{ -+ free_thread_xstate(task); -+ kmem_cache_free(task_struct_cachep, task); } - /* -@@ -91,7 +108,7 @@ void exit_thread(void) + static inline void drop_fpu(struct task_struct *tsk) +@@ -115,7 +116,7 @@ void exit_thread(void) unsigned long *bp = t->io_bitmap_ptr; if (bp) { @@ -18547,7 +18347,7 @@ index 1d92a5a..7bc8c29 100644 t->io_bitmap_ptr = NULL; clear_thread_flag(TIF_IO_BITMAP); -@@ -127,7 +144,7 @@ void show_regs_common(void) +@@ -147,7 +148,7 @@ void show_regs_common(void) printk(KERN_CONT "\n"); printk(KERN_DEFAULT "Pid: %d, comm: %.20s %s %s %.*s", @@ -18556,7 +18356,7 @@ index 1d92a5a..7bc8c29 100644 init_utsname()->release, (int)strcspn(init_utsname()->version, " "), init_utsname()->version); -@@ -141,6 +158,9 @@ void flush_thread(void) +@@ -161,6 +162,9 @@ void flush_thread(void) { struct task_struct *tsk = current; @@ -18565,8 +18365,8 @@ index 1d92a5a..7bc8c29 100644 +#endif flush_ptrace_hw_breakpoint(tsk); memset(tsk->thread.tls_array, 0, sizeof(tsk->thread.tls_array)); - /* -@@ -303,10 +323,10 @@ int kernel_thread(int (*fn)(void *), void *arg, unsigned long flags) + drop_fpu(tsk); +@@ -318,10 +322,10 @@ int kernel_thread(int (*fn)(void *), void *arg, unsigned long flags) regs.di = (unsigned long) arg; #ifdef CONFIG_X86_32 @@ -18580,7 +18380,7 @@ index 1d92a5a..7bc8c29 100644 #else regs.ss = __KERNEL_DS; #endif -@@ -392,7 +412,7 @@ static void __exit_idle(void) +@@ -407,7 +411,7 @@ static void __exit_idle(void) void exit_idle(void) { /* idle loop has pid 0 */ @@ -18589,7 +18389,7 @@ index 1d92a5a..7bc8c29 100644 return; __exit_idle(); } -@@ -501,7 +521,7 @@ bool set_pm_idle_to_default(void) +@@ -516,7 +520,7 @@ bool set_pm_idle_to_default(void) return ret; } @@ -18598,7 +18398,7 @@ index 1d92a5a..7bc8c29 100644 { local_irq_disable(); /* -@@ -743,16 +763,37 @@ static int __init idle_setup(char *str) +@@ -746,16 +750,37 @@ static int __init idle_setup(char *str) } early_param("idle", idle_setup); @@ -18642,12 +18442,12 @@ index 1d92a5a..7bc8c29 100644 + load_sp0(init_tss + smp_processor_id(), thread); + +#ifdef CONFIG_X86_64 -+ percpu_write(kernel_stack, thread->sp0); ++ this_cpu_write(kernel_stack, thread->sp0); +#endif +} +#endif diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c -index ae68473..7b0bb71 100644 +index 516fa18..80bd9e6 100644 --- a/arch/x86/kernel/process_32.c +++ b/arch/x86/kernel/process_32.c @@ -64,6 +64,7 @@ asmlinkage void ret_from_fork(void) __asm__("ret_from_fork"); @@ -18676,7 +18476,7 @@ index ae68473..7b0bb71 100644 show_regs_common(); -@@ -143,13 +143,14 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, +@@ -134,13 +134,14 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, struct task_struct *tsk; int err; @@ -18692,7 +18492,7 @@ index ae68473..7b0bb71 100644 p->thread.ip = (unsigned long) ret_from_fork; -@@ -240,7 +241,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) +@@ -231,7 +232,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) struct thread_struct *prev = &prev_p->thread, *next = &next_p->thread; int cpu = smp_processor_id(); @@ -18701,7 +18501,7 @@ index ae68473..7b0bb71 100644 fpu_switch_t fpu; /* never put a printk in __switch_to... printk() calls wake_up*() indirectly */ -@@ -264,6 +265,10 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) +@@ -255,6 +256,10 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) */ lazy_save_gs(prev->gs); @@ -18712,35 +18512,35 @@ index ae68473..7b0bb71 100644 /* * Load the per-thread Thread-Local Storage descriptor. */ -@@ -294,6 +299,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) +@@ -285,6 +290,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) */ arch_end_context_switch(next_p); -+ percpu_write(current_task, next_p); -+ percpu_write(current_tinfo, &next_p->tinfo); ++ this_cpu_write(current_task, next_p); ++ this_cpu_write(current_tinfo, &next_p->tinfo); + /* * Restore %gs if needed (which is common) */ -@@ -302,8 +310,6 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) +@@ -293,8 +301,6 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) switch_fpu_finish(next_p, fpu); -- percpu_write(current_task, next_p); +- this_cpu_write(current_task, next_p); - return prev_p; } -@@ -333,4 +339,3 @@ unsigned long get_wchan(struct task_struct *p) +@@ -324,4 +330,3 @@ unsigned long get_wchan(struct task_struct *p) } while (count++ < 16); return 0; } - diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c -index 43d8b48..c45d566 100644 +index 61cdf7f..797f06a 100644 --- a/arch/x86/kernel/process_64.c +++ b/arch/x86/kernel/process_64.c -@@ -162,8 +162,7 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, +@@ -153,8 +153,7 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, struct pt_regs *childregs; struct task_struct *me = current; @@ -18750,7 +18550,7 @@ index 43d8b48..c45d566 100644 *childregs = *regs; childregs->ax = 0; -@@ -175,6 +174,7 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, +@@ -166,6 +165,7 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, p->thread.sp = (unsigned long) childregs; p->thread.sp0 = (unsigned long) (childregs+1); p->thread.usersp = me->thread.usersp; @@ -18758,7 +18558,7 @@ index 43d8b48..c45d566 100644 set_tsk_thread_flag(p, TIF_FORK); -@@ -280,7 +280,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) +@@ -271,7 +271,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) struct thread_struct *prev = &prev_p->thread; struct thread_struct *next = &next_p->thread; int cpu = smp_processor_id(); @@ -18767,20 +18567,20 @@ index 43d8b48..c45d566 100644 unsigned fsindex, gsindex; fpu_switch_t fpu; -@@ -362,10 +362,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) - prev->usersp = percpu_read(old_rsp); - percpu_write(old_rsp, next->usersp); - percpu_write(current_task, next_p); -+ percpu_write(current_tinfo, &next_p->tinfo); +@@ -353,10 +353,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) + prev->usersp = this_cpu_read(old_rsp); + this_cpu_write(old_rsp, next->usersp); + this_cpu_write(current_task, next_p); ++ this_cpu_write(current_tinfo, &next_p->tinfo); -- percpu_write(kernel_stack, +- this_cpu_write(kernel_stack, - (unsigned long)task_stack_page(next_p) + - THREAD_SIZE - KERNEL_STACK_OFFSET); -+ percpu_write(kernel_stack, next->sp0); ++ this_cpu_write(kernel_stack, next->sp0); /* * Now maybe reload the debug registers and handle I/O bitmaps -@@ -434,12 +433,11 @@ unsigned long get_wchan(struct task_struct *p) +@@ -425,12 +424,11 @@ unsigned long get_wchan(struct task_struct *p) if (!p || p == current || p->state == TASK_RUNNING) return 0; stack = (unsigned long)task_stack_page(p); @@ -18796,7 +18596,7 @@ index 43d8b48..c45d566 100644 ip = *(u64 *)(fp+8); if (!in_sched_functions(ip)) diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c -index cf11783..e7ce551 100644 +index c4c6a5c..905f440 100644 --- a/arch/x86/kernel/ptrace.c +++ b/arch/x86/kernel/ptrace.c @@ -824,7 +824,7 @@ long arch_ptrace(struct task_struct *child, long request, @@ -18857,7 +18657,7 @@ index cf11783..e7ce551 100644 /* * If we stepped into a sysenter/syscall insn, it trapped in * kernel mode; do_debug() cleared TF and set TIF_SINGLESTEP. -@@ -1506,6 +1515,11 @@ void syscall_trace_leave(struct pt_regs *regs) +@@ -1511,6 +1520,11 @@ void syscall_trace_leave(struct pt_regs *regs) { bool step; @@ -18902,10 +18702,10 @@ index 42eb330..139955c 100644 return ret; diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c -index 3034ee5..7cfbfa6 100644 +index 5de92f1..2732385 100644 --- a/arch/x86/kernel/reboot.c +++ b/arch/x86/kernel/reboot.c -@@ -35,7 +35,7 @@ void (*pm_power_off)(void); +@@ -36,7 +36,7 @@ void (*pm_power_off)(void); EXPORT_SYMBOL(pm_power_off); static const struct desc_ptr no_idt = {}; @@ -18914,18 +18714,16 @@ index 3034ee5..7cfbfa6 100644 enum reboot_type reboot_type = BOOT_ACPI; int reboot_force; -@@ -335,13 +335,17 @@ core_initcall(reboot_init); - extern const unsigned char machine_real_restart_asm[]; - extern const u64 machine_real_restart_gdt[3]; +@@ -157,11 +157,15 @@ static int __init set_bios_reboot(const struct dmi_system_id *d) + return 0; + } -void machine_real_restart(unsigned int type) +__noreturn void machine_real_restart(unsigned int type) { - void *restart_va; - unsigned long restart_pa; -- void (*restart_lowmem)(unsigned int); -+ void (* __noreturn restart_lowmem)(unsigned int); - u64 *lowmem_gdt; +- void (*restart_lowmem)(unsigned int) = (void (*)(unsigned int)) ++ void (* restart_lowmem)(unsigned int) = (void (*)(unsigned int)) + real_mode_header->machine_real_restart_asm; +#if defined(CONFIG_X86_32) && (defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)) + struct desc_struct *gdt; @@ -18933,27 +18731,14 @@ index 3034ee5..7cfbfa6 100644 + local_irq_disable(); - /* Write zero to CMOS register number 0x0f, which the BIOS POST -@@ -367,14 +371,14 @@ void machine_real_restart(unsigned int type) - boot)". This seems like a fairly standard thing that gets set by - REBOOT.COM programs, and the previous reset routine did this - too. */ + /* +@@ -189,10 +193,36 @@ void machine_real_restart(unsigned int type) + * boot)". This seems like a fairly standard thing that gets set by + * REBOOT.COM programs, and the previous reset routine did this + * too. */ - *((unsigned short *)0x472) = reboot_mode; + *(unsigned short *)(__va(0x472)) = reboot_mode; - /* Patch the GDT in the low memory trampoline */ - lowmem_gdt = TRAMPOLINE_SYM(machine_real_restart_gdt); - - restart_va = TRAMPOLINE_SYM(machine_real_restart_asm); - restart_pa = virt_to_phys(restart_va); -- restart_lowmem = (void (*)(unsigned int))restart_pa; -+ restart_lowmem = (void *)restart_pa; - - /* GDT[0]: GDT self-pointer */ - lowmem_gdt[0] = -@@ -385,7 +389,33 @@ void machine_real_restart(unsigned int type) - GDT_ENTRY(0x009b, restart_pa, 0xffff); - /* Jump to the identity-mapped low memory code */ + +#if defined(CONFIG_X86_32) && (defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)) @@ -18985,7 +18770,7 @@ index 3034ee5..7cfbfa6 100644 } #ifdef CONFIG_APM_MODULE EXPORT_SYMBOL(machine_real_restart); -@@ -564,7 +594,7 @@ void __attribute__((weak)) mach_reboot_fixups(void) +@@ -543,7 +573,7 @@ void __attribute__((weak)) mach_reboot_fixups(void) * try to force a triple fault and then cycle between hitting the keyboard * controller and doing that */ @@ -18994,7 +18779,7 @@ index 3034ee5..7cfbfa6 100644 { int i; int attempt = 0; -@@ -688,13 +718,13 @@ void native_machine_shutdown(void) +@@ -670,13 +700,13 @@ void native_machine_shutdown(void) #endif } @@ -19010,16 +18795,16 @@ index 3034ee5..7cfbfa6 100644 { printk("machine restart\n"); -@@ -703,7 +733,7 @@ static void native_machine_restart(char *__unused) +@@ -685,7 +715,7 @@ static void native_machine_restart(char *__unused) __machine_emergency_restart(0); } -static void native_machine_halt(void) +static __noreturn void native_machine_halt(void) { - /* stop other cpus and apics */ + /* Stop other cpus and apics */ machine_shutdown(); -@@ -714,7 +744,7 @@ static void native_machine_halt(void) +@@ -695,7 +725,7 @@ static void native_machine_halt(void) stop_this_cpu(NULL); } @@ -19028,9 +18813,9 @@ index 3034ee5..7cfbfa6 100644 { if (pm_power_off) { if (!reboot_force) -@@ -723,6 +753,7 @@ static void native_machine_power_off(void) +@@ -704,6 +734,7 @@ static void native_machine_power_off(void) } - /* a fallback in case there is no PM info available */ + /* A fallback in case there is no PM info available */ tboot_shutdown(TB_SHUTDOWN_HALT); + unreachable(); } @@ -19065,10 +18850,10 @@ index 7a6f3b3..bed145d7 100644 1: diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index 1a29015..712f324 100644 +index 16be6dc..4686132 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c -@@ -447,7 +447,7 @@ static void __init parse_setup_data(void) +@@ -440,7 +440,7 @@ static void __init parse_setup_data(void) switch (data->type) { case SETUP_E820_EXT: @@ -19077,7 +18862,7 @@ index 1a29015..712f324 100644 break; case SETUP_DTB: add_dtb(pa_data); -@@ -639,7 +639,7 @@ static void __init trim_bios_range(void) +@@ -632,7 +632,7 @@ static void __init trim_bios_range(void) * area (640->1Mb) as ram even though it is not. * take them out. */ @@ -19086,7 +18871,7 @@ index 1a29015..712f324 100644 sanitize_e820_map(e820.map, ARRAY_SIZE(e820.map), &e820.nr_map); } -@@ -763,14 +763,14 @@ void __init setup_arch(char **cmdline_p) +@@ -755,14 +755,14 @@ void __init setup_arch(char **cmdline_p) if (!boot_params.hdr.root_flags) root_mountflags &= ~MS_RDONLY; @@ -19174,10 +18959,10 @@ index 5a98aa2..2f9288d 100644 * Up to this point, the boot CPU has been using .init.data * area. Reload any changed state for the boot CPU. diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c -index 115eac4..c0591d5 100644 +index 21af737..fb45e22 100644 --- a/arch/x86/kernel/signal.c +++ b/arch/x86/kernel/signal.c -@@ -190,7 +190,7 @@ static unsigned long align_sigframe(unsigned long sp) +@@ -191,7 +191,7 @@ static unsigned long align_sigframe(unsigned long sp) * Align the stack pointer according to the i386 ABI, * i.e. so that on function entry ((sp + 4) & 15) == 0. */ @@ -19186,7 +18971,7 @@ index 115eac4..c0591d5 100644 #else /* !CONFIG_X86_32 */ sp = round_down(sp, 16) - 8; #endif -@@ -241,11 +241,11 @@ get_sigframe(struct k_sigaction *ka, struct pt_regs *regs, size_t frame_size, +@@ -242,11 +242,11 @@ get_sigframe(struct k_sigaction *ka, struct pt_regs *regs, size_t frame_size, * Return an always-bogus address instead so we will die with SIGSEGV. */ if (onsigstack && !likely(on_sig_stack(sp))) @@ -19200,7 +18985,7 @@ index 115eac4..c0591d5 100644 return (void __user *)sp; } -@@ -300,9 +300,9 @@ __setup_frame(int sig, struct k_sigaction *ka, sigset_t *set, +@@ -301,9 +301,9 @@ __setup_frame(int sig, struct k_sigaction *ka, sigset_t *set, } if (current->mm->context.vdso) @@ -19212,7 +18997,7 @@ index 115eac4..c0591d5 100644 if (ka->sa.sa_flags & SA_RESTORER) restorer = ka->sa.sa_restorer; -@@ -316,7 +316,7 @@ __setup_frame(int sig, struct k_sigaction *ka, sigset_t *set, +@@ -317,7 +317,7 @@ __setup_frame(int sig, struct k_sigaction *ka, sigset_t *set, * reasons and because gdb uses it as a signature to notice * signal handler stack frames. */ @@ -19221,7 +19006,7 @@ index 115eac4..c0591d5 100644 if (err) return -EFAULT; -@@ -370,7 +370,10 @@ static int __setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, +@@ -371,7 +371,10 @@ static int __setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, err |= __copy_to_user(&frame->uc.uc_sigmask, set, sizeof(*set)); /* Set up to return from userspace. */ @@ -19233,7 +19018,7 @@ index 115eac4..c0591d5 100644 if (ka->sa.sa_flags & SA_RESTORER) restorer = ka->sa.sa_restorer; put_user_ex(restorer, &frame->pretcode); -@@ -382,7 +385,7 @@ static int __setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, +@@ -383,7 +386,7 @@ static int __setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, * reasons and because gdb uses it as a signature to notice * signal handler stack frames. */ @@ -19242,34 +19027,26 @@ index 115eac4..c0591d5 100644 } put_user_catch(err); if (err) -@@ -773,7 +776,7 @@ static void do_signal(struct pt_regs *regs) - * X86_32: vm86 regs switched out by assembly code before reaching - * here, so testing against kernel CS suffices. - */ -- if (!user_mode(regs)) -+ if (!user_mode_novm(regs)) - return; - - signr = get_signal_to_deliver(&info, &ka, regs, NULL); diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c -index 6e1e406..edfb7cb 100644 +index 7bd8a08..2659b5b 100644 --- a/arch/x86/kernel/smpboot.c +++ b/arch/x86/kernel/smpboot.c -@@ -699,17 +699,20 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu) - set_idle_for_cpu(cpu, c_idle.idle); - do_rest: - per_cpu(current_task, cpu) = c_idle.idle; -+ per_cpu(current_tinfo, cpu) = &c_idle.idle->tinfo; +@@ -679,6 +679,7 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu, struct task_struct *idle) + idle->thread.sp = (unsigned long) (((struct pt_regs *) + (THREAD_SIZE + task_stack_page(idle))) - 1); + per_cpu(current_task, cpu) = idle; ++ per_cpu(current_tinfo, cpu) = &idle->tinfo; + #ifdef CONFIG_X86_32 /* Stack for startup_32 can be just as for start_secondary onwards */ - irq_ctx_init(cpu); +@@ -686,11 +687,13 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu, struct task_struct *idle) #else - clear_tsk_thread_flag(c_idle.idle, TIF_FORK); + clear_tsk_thread_flag(idle, TIF_FORK); initial_gs = per_cpu_offset(cpu); - per_cpu(kernel_stack, cpu) = -- (unsigned long)task_stack_page(c_idle.idle) - +- (unsigned long)task_stack_page(idle) - - KERNEL_STACK_OFFSET + THREAD_SIZE; -+ per_cpu(kernel_stack, cpu) = (unsigned long)task_stack_page(c_idle.idle) - 16 + THREAD_SIZE; ++ per_cpu(kernel_stack, cpu) = (unsigned long)task_stack_page(idle) - 16 + THREAD_SIZE; #endif + + pax_open_kernel(); @@ -19277,9 +19054,9 @@ index 6e1e406..edfb7cb 100644 + pax_close_kernel(); + initial_code = (unsigned long)start_secondary; - stack_start = c_idle.idle->thread.sp; + stack_start = idle->thread.sp; -@@ -851,6 +854,12 @@ int __cpuinit native_cpu_up(unsigned int cpu) +@@ -826,6 +829,12 @@ int __cpuinit native_cpu_up(unsigned int cpu, struct task_struct *tidle) per_cpu(cpu_state, cpu) = CPU_UP_PREPARE; @@ -19289,7 +19066,7 @@ index 6e1e406..edfb7cb 100644 + KERNEL_PGD_PTRS); +#endif + - err = do_boot_cpu(apicid, cpu); + err = do_boot_cpu(apicid, cpu, tidle); if (err) { pr_debug("do_boot_cpu failed %d\n", err); diff --git a/arch/x86/kernel/step.c b/arch/x86/kernel/step.c @@ -19703,10 +19480,10 @@ index b4d3c39..82bb73b 100644 return addr; diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c -index 6410744..79758f0 100644 +index f84fe00..93fe08f 100644 --- a/arch/x86/kernel/tboot.c +++ b/arch/x86/kernel/tboot.c -@@ -219,7 +219,7 @@ static int tboot_setup_sleep(void) +@@ -220,7 +220,7 @@ static int tboot_setup_sleep(void) void tboot_shutdown(u32 shutdown_type) { @@ -19715,7 +19492,7 @@ index 6410744..79758f0 100644 if (!tboot_enabled()) return; -@@ -241,7 +241,7 @@ void tboot_shutdown(u32 shutdown_type) +@@ -242,7 +242,7 @@ void tboot_shutdown(u32 shutdown_type) switch_to_tboot_pt(); @@ -19724,7 +19501,7 @@ index 6410744..79758f0 100644 shutdown(); /* should not reach here */ -@@ -299,7 +299,7 @@ static int tboot_sleep(u8 sleep_state, u32 pm1a_control, u32 pm1b_control) +@@ -300,7 +300,7 @@ static int tboot_sleep(u8 sleep_state, u32 pm1a_control, u32 pm1b_control) return 0; } @@ -19733,7 +19510,7 @@ index 6410744..79758f0 100644 static int tboot_wait_for_aps(int num_aps) { -@@ -323,9 +323,9 @@ static int __cpuinit tboot_cpu_callback(struct notifier_block *nfb, +@@ -324,9 +324,9 @@ static int __cpuinit tboot_cpu_callback(struct notifier_block *nfb, { switch (action) { case CPU_DYING: @@ -19745,7 +19522,7 @@ index 6410744..79758f0 100644 return NOTIFY_BAD; break; } -@@ -344,7 +344,7 @@ static __init int tboot_late_init(void) +@@ -345,7 +345,7 @@ static __init int tboot_late_init(void) tboot_create_trampoline(); @@ -19755,10 +19532,10 @@ index 6410744..79758f0 100644 acpi_os_set_prepare_sleep(&tboot_sleep); diff --git a/arch/x86/kernel/time.c b/arch/x86/kernel/time.c -index c6eba2b..3303326 100644 +index 24d3c91..d06b473 100644 --- a/arch/x86/kernel/time.c +++ b/arch/x86/kernel/time.c -@@ -31,9 +31,9 @@ unsigned long profile_pc(struct pt_regs *regs) +@@ -30,9 +30,9 @@ unsigned long profile_pc(struct pt_regs *regs) { unsigned long pc = instruction_pointer(regs); @@ -19770,7 +19547,7 @@ index c6eba2b..3303326 100644 #else unsigned long *sp = (unsigned long *)kernel_stack_pointer(regs); -@@ -42,11 +42,17 @@ unsigned long profile_pc(struct pt_regs *regs) +@@ -41,11 +41,17 @@ unsigned long profile_pc(struct pt_regs *regs) * or above a saved flags. Eflags has bits 22-31 zero, * kernel addresses don't. */ @@ -19804,59 +19581,11 @@ index 9d9d2f9..ed344e4 100644 set_tls_desc(p, idx, &info, 1); return 0; -diff --git a/arch/x86/kernel/trampoline_32.S b/arch/x86/kernel/trampoline_32.S -index 451c0a7..e57f551 100644 ---- a/arch/x86/kernel/trampoline_32.S -+++ b/arch/x86/kernel/trampoline_32.S -@@ -32,6 +32,12 @@ - #include - #include - -+#ifdef CONFIG_PAX_KERNEXEC -+#define ta(X) (X) -+#else -+#define ta(X) ((X) - __PAGE_OFFSET) -+#endif -+ - #ifdef CONFIG_SMP - - .section ".x86_trampoline","a" -@@ -62,7 +68,7 @@ r_base = . - inc %ax # protected mode (PE) bit - lmsw %ax # into protected mode - # flush prefetch and jump to startup_32_smp in arch/i386/kernel/head.S -- ljmpl $__BOOT_CS, $(startup_32_smp-__PAGE_OFFSET) -+ ljmpl $__BOOT_CS, $ta(startup_32_smp) - - # These need to be in the same 64K segment as the above; - # hence we don't use the boot_gdt_descr defined in head.S -diff --git a/arch/x86/kernel/trampoline_64.S b/arch/x86/kernel/trampoline_64.S -index 09ff517..df19fbff 100644 ---- a/arch/x86/kernel/trampoline_64.S -+++ b/arch/x86/kernel/trampoline_64.S -@@ -90,7 +90,7 @@ startup_32: - movl $__KERNEL_DS, %eax # Initialize the %ds segment register - movl %eax, %ds - -- movl $X86_CR4_PAE, %eax -+ movl $(X86_CR4_PSE | X86_CR4_PAE | X86_CR4_PGE), %eax - movl %eax, %cr4 # Enable PAE mode - - # Setup trampoline 4 level pagetables -@@ -138,7 +138,7 @@ tidt: - # so the kernel can live anywhere - .balign 4 - tgdt: -- .short tgdt_end - tgdt # gdt limit -+ .short tgdt_end - tgdt - 1 # gdt limit - .long tgdt - r_base - .short 0 - .quad 0x00cf9b000000ffff # __KERNEL32_CS diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c -index ff9281f1..30cb4ac 100644 +index 05b31d9..501d3ba 100644 --- a/arch/x86/kernel/traps.c +++ b/arch/x86/kernel/traps.c -@@ -70,12 +70,6 @@ asmlinkage int system_call(void); +@@ -67,12 +67,6 @@ asmlinkage int system_call(void); /* Do we ignore FPU interrupts ? */ char ignore_fpu_irq; @@ -19869,7 +19598,7 @@ index ff9281f1..30cb4ac 100644 #endif DECLARE_BITMAP(used_vectors, NR_VECTORS); -@@ -108,13 +102,13 @@ static inline void preempt_conditional_cli(struct pt_regs *regs) +@@ -105,13 +99,13 @@ static inline void preempt_conditional_cli(struct pt_regs *regs) } static void __kprobes @@ -19885,7 +19614,7 @@ index ff9281f1..30cb4ac 100644 /* * traps 0, 1, 3, 4, and 5 should be forwarded to vm86. * On nmi (interrupt 2), do_trap should not be called. -@@ -125,7 +119,7 @@ do_trap(int trapnr, int signr, char *str, struct pt_regs *regs, +@@ -122,7 +116,7 @@ do_trap(int trapnr, int signr, char *str, struct pt_regs *regs, } #endif @@ -19894,7 +19623,7 @@ index ff9281f1..30cb4ac 100644 goto kernel_trap; #ifdef CONFIG_X86_32 -@@ -148,7 +142,7 @@ trap_signal: +@@ -145,7 +139,7 @@ trap_signal: printk_ratelimit()) { printk(KERN_INFO "%s[%d] trap %s ip:%lx sp:%lx error:%lx", @@ -19903,7 +19632,7 @@ index ff9281f1..30cb4ac 100644 regs->ip, regs->sp, error_code); print_vma_addr(" in ", regs->ip); printk("\n"); -@@ -165,8 +159,20 @@ kernel_trap: +@@ -162,8 +156,20 @@ kernel_trap: if (!fixup_exception(regs)) { tsk->thread.error_code = error_code; tsk->thread.trap_nr = trapnr; @@ -19924,7 +19653,7 @@ index ff9281f1..30cb4ac 100644 return; #ifdef CONFIG_X86_32 -@@ -259,14 +265,30 @@ do_general_protection(struct pt_regs *regs, long error_code) +@@ -256,14 +262,30 @@ do_general_protection(struct pt_regs *regs, long error_code) conditional_sti(regs); #ifdef CONFIG_X86_32 @@ -19957,7 +19686,7 @@ index ff9281f1..30cb4ac 100644 tsk->thread.error_code = error_code; tsk->thread.trap_nr = X86_TRAP_GP; -@@ -299,6 +321,13 @@ gp_in_kernel: +@@ -296,6 +318,13 @@ gp_in_kernel: if (notify_die(DIE_GPF, "general protection fault", regs, error_code, X86_TRAP_GP, SIGSEGV) == NOTIFY_STOP) return; @@ -19971,7 +19700,7 @@ index ff9281f1..30cb4ac 100644 die("general protection fault", regs, error_code); } -@@ -425,7 +454,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code) +@@ -431,7 +460,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code) /* It's safe to allow irq's after DR6 has been saved */ preempt_conditional_sti(regs); @@ -19980,7 +19709,7 @@ index ff9281f1..30cb4ac 100644 handle_vm86_trap((struct kernel_vm86_regs *) regs, error_code, X86_TRAP_DB); preempt_conditional_cli(regs); -@@ -440,7 +469,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code) +@@ -446,7 +475,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code) * We already checked v86 mode above, so we can check for kernel mode * by just checking the CPL of CS. */ @@ -19989,7 +19718,7 @@ index ff9281f1..30cb4ac 100644 tsk->thread.debugreg6 &= ~DR_STEP; set_tsk_thread_flag(tsk, TIF_SINGLESTEP); regs->flags &= ~X86_EFLAGS_TF; -@@ -471,7 +500,7 @@ void math_error(struct pt_regs *regs, int error_code, int trapnr) +@@ -477,7 +506,7 @@ void math_error(struct pt_regs *regs, int error_code, int trapnr) return; conditional_sti(regs); @@ -19998,6 +19727,19 @@ index ff9281f1..30cb4ac 100644 { if (!fixup_exception(regs)) { task->thread.error_code = error_code; +diff --git a/arch/x86/kernel/uprobes.c b/arch/x86/kernel/uprobes.c +index dc4e910..c9dedab 100644 +--- a/arch/x86/kernel/uprobes.c ++++ b/arch/x86/kernel/uprobes.c +@@ -606,7 +606,7 @@ int arch_uprobe_exception_notify(struct notifier_block *self, unsigned long val, + int ret = NOTIFY_DONE; + + /* We are only interested in userspace traps */ +- if (regs && !user_mode_vm(regs)) ++ if (regs && !user_mode(regs)) + return NOTIFY_DONE; + + switch (val) { diff --git a/arch/x86/kernel/verify_cpu.S b/arch/x86/kernel/verify_cpu.S index b9242ba..50c5edd 100644 --- a/arch/x86/kernel/verify_cpu.S @@ -20079,7 +19821,7 @@ index 255f58a..5e91150 100644 goto cannot_handle; if ((segoffs >> 16) == BIOSSEG) diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S -index 0f703f1..9e15f64 100644 +index 22a1530..8fbaaad 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -26,6 +26,13 @@ @@ -20148,7 +19890,7 @@ index 0f703f1..9e15f64 100644 HEAD_TEXT #ifdef CONFIG_X86_32 . = ALIGN(PAGE_SIZE); -@@ -108,13 +128,47 @@ SECTIONS +@@ -108,13 +128,48 @@ SECTIONS IRQENTRY_TEXT *(.fixup) *(.gnu.warning) @@ -20168,8 +19910,8 @@ index 0f703f1..9e15f64 100644 + MODULES_EXEC_VADDR = .; + BYTE(0) + . += (CONFIG_PAX_KERNEXEC_MODULE_TEXT * 1024 * 1024); -+ . = ALIGN(HPAGE_SIZE); -+ MODULES_EXEC_END = . - 1; ++ . = ALIGN(HPAGE_SIZE) - 1; ++ MODULES_EXEC_END = .; +#endif + + } :module @@ -20177,6 +19919,7 @@ index 0f703f1..9e15f64 100644 + + .text.end : AT(ADDR(.text.end) - LOAD_OFFSET) { + /* End of text section */ ++ BYTE(0) + _etext = . - __KERNEL_TEXT_OFFSET; + } + @@ -20200,7 +19943,7 @@ index 0f703f1..9e15f64 100644 #if defined(CONFIG_DEBUG_RODATA) /* .text should occupy whole number of pages */ -@@ -126,16 +180,20 @@ SECTIONS +@@ -126,16 +181,20 @@ SECTIONS /* Data */ .data : AT(ADDR(.data) - LOAD_OFFSET) { @@ -20224,7 +19967,7 @@ index 0f703f1..9e15f64 100644 PAGE_ALIGNED_DATA(PAGE_SIZE) -@@ -176,12 +234,19 @@ SECTIONS +@@ -176,12 +235,19 @@ SECTIONS #endif /* CONFIG_X86_64 */ /* Init code and data - will be freed after init */ @@ -20247,7 +19990,7 @@ index 0f703f1..9e15f64 100644 /* * percpu offsets are zero-based on SMP. PERCPU_VADDR() changes the * output PHDR, so the next output section - .init.text - should -@@ -190,12 +255,27 @@ SECTIONS +@@ -190,12 +256,27 @@ SECTIONS PERCPU_VADDR(INTERNODE_CACHE_BYTES, 0, :percpu) #endif @@ -20278,9 +20021,9 @@ index 0f703f1..9e15f64 100644 + . = ALIGN(PAGE_SIZE); + INIT_DATA_SECTION(16) :init - /* - * Code and data for a variety of lowlevel trampolines, to be -@@ -269,19 +349,12 @@ SECTIONS + .x86_cpu_dev.init : AT(ADDR(.x86_cpu_dev.init) - LOAD_OFFSET) { + __x86_cpu_dev_start = .; +@@ -257,19 +338,12 @@ SECTIONS } . = ALIGN(8); @@ -20301,7 +20044,7 @@ index 0f703f1..9e15f64 100644 PERCPU_SECTION(INTERNODE_CACHE_BYTES) #endif -@@ -300,16 +373,10 @@ SECTIONS +@@ -288,16 +362,10 @@ SECTIONS .smp_locks : AT(ADDR(.smp_locks) - LOAD_OFFSET) { __smp_locks = .; *(.smp_locks) @@ -20319,7 +20062,7 @@ index 0f703f1..9e15f64 100644 /* BSS */ . = ALIGN(PAGE_SIZE); .bss : AT(ADDR(.bss) - LOAD_OFFSET) { -@@ -325,6 +392,7 @@ SECTIONS +@@ -313,6 +381,7 @@ SECTIONS __brk_base = .; . += 64 * 1024; /* 64k alignment slop space */ *(.brk_reservation) /* areas brk users have reserved */ @@ -20327,7 +20070,7 @@ index 0f703f1..9e15f64 100644 __brk_limit = .; } -@@ -351,13 +419,12 @@ SECTIONS +@@ -339,13 +408,12 @@ SECTIONS * for the boot processor. */ #define INIT_PER_CPU(x) init_per_cpu__##x = x + __per_cpu_load @@ -20343,7 +20086,7 @@ index 0f703f1..9e15f64 100644 #ifdef CONFIG_SMP diff --git a/arch/x86/kernel/vsyscall_64.c b/arch/x86/kernel/vsyscall_64.c -index 7515cf0..331a1a0 100644 +index 5db36ca..2938af9 100644 --- a/arch/x86/kernel/vsyscall_64.c +++ b/arch/x86/kernel/vsyscall_64.c @@ -54,15 +54,13 @@ @@ -20363,16 +20106,7 @@ index 7515cf0..331a1a0 100644 else if (!strcmp("none", str)) vsyscall_mode = NONE; else -@@ -206,7 +204,7 @@ bool emulate_vsyscall(struct pt_regs *regs, unsigned long address) - - tsk = current; - if (seccomp_mode(&tsk->seccomp)) -- do_exit(SIGKILL); -+ do_group_exit(SIGKILL); - - /* - * With a real vsyscall, page faults cause SIGSEGV. We want to -@@ -278,8 +276,7 @@ bool emulate_vsyscall(struct pt_regs *regs, unsigned long address) +@@ -309,8 +307,7 @@ done: return true; sigsegv: @@ -20382,7 +20116,7 @@ index 7515cf0..331a1a0 100644 } /* -@@ -332,10 +329,7 @@ void __init map_vsyscall(void) +@@ -363,10 +360,7 @@ void __init map_vsyscall(void) extern char __vvar_page; unsigned long physaddr_vvar_page = __pa_symbol(&__vvar_page); @@ -20408,10 +20142,10 @@ index 9796c2f..f686fbf 100644 EXPORT_SYMBOL(copy_page); EXPORT_SYMBOL(clear_page); diff --git a/arch/x86/kernel/xsave.c b/arch/x86/kernel/xsave.c -index e62728e..5fc3a07 100644 +index bd18149..2ea0183 100644 --- a/arch/x86/kernel/xsave.c +++ b/arch/x86/kernel/xsave.c -@@ -131,7 +131,7 @@ int check_for_xstate(struct i387_fxsave_struct __user *buf, +@@ -129,7 +129,7 @@ int check_for_xstate(struct i387_fxsave_struct __user *buf, fx_sw_user->xstate_size > fx_sw_user->extended_size) return -EINVAL; @@ -20420,7 +20154,7 @@ index e62728e..5fc3a07 100644 fx_sw_user->extended_size - FP_XSTATE_MAGIC2_SIZE)); if (err) -@@ -267,7 +267,7 @@ fx_only: +@@ -265,7 +265,7 @@ fx_only: * the other extended state. */ xrstor_state(init_xstate_buf, pcntxt_mask & ~XSTATE_FPSSE); @@ -20429,7 +20163,7 @@ index e62728e..5fc3a07 100644 } /* -@@ -296,7 +296,7 @@ int restore_i387_xstate(void __user *buf) +@@ -294,7 +294,7 @@ int restore_i387_xstate(void __user *buf) if (use_xsave()) err = restore_user_xstate(buf); else @@ -20439,7 +20173,7 @@ index e62728e..5fc3a07 100644 if (unlikely(err)) { /* diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c -index 9fed5be..18fd595 100644 +index 7df1c6d..9ea7c79 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -124,15 +124,20 @@ int kvm_vcpu_ioctl_set_cpuid2(struct kvm_vcpu *vcpu, @@ -20490,10 +20224,10 @@ index 9fed5be..18fd595 100644 out: diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c -index 8375622..b7bca1a 100644 +index f95d242..3b49a90 100644 --- a/arch/x86/kvm/emulate.c +++ b/arch/x86/kvm/emulate.c -@@ -252,6 +252,7 @@ struct gprefix { +@@ -256,6 +256,7 @@ struct gprefix { #define ____emulate_2op(ctxt, _op, _x, _y, _suffix, _dsttype) \ do { \ @@ -20501,7 +20235,7 @@ index 8375622..b7bca1a 100644 __asm__ __volatile__ ( \ _PRE_EFLAGS("0", "4", "2") \ _op _suffix " %"_x"3,%1; " \ -@@ -266,8 +267,6 @@ struct gprefix { +@@ -270,8 +271,6 @@ struct gprefix { /* Raw emulation: instruction has two explicit operands. */ #define __emulate_2op_nobyte(ctxt,_op,_wx,_wy,_lx,_ly,_qx,_qy) \ do { \ @@ -20510,7 +20244,7 @@ index 8375622..b7bca1a 100644 switch ((ctxt)->dst.bytes) { \ case 2: \ ____emulate_2op(ctxt,_op,_wx,_wy,"w",u16); \ -@@ -283,7 +282,6 @@ struct gprefix { +@@ -287,7 +286,6 @@ struct gprefix { #define __emulate_2op(ctxt,_op,_bx,_by,_wx,_wy,_lx,_ly,_qx,_qy) \ do { \ @@ -20519,7 +20253,7 @@ index 8375622..b7bca1a 100644 case 1: \ ____emulate_2op(ctxt,_op,_bx,_by,"b",u8); \ diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c -index 8584322..17d5955 100644 +index 93c1574..d6097dc 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -54,7 +54,7 @@ @@ -20532,7 +20266,7 @@ index 8584322..17d5955 100644 #define APIC_LVT_NUM 6 /* 14 is the version for Xeon and Pentium 8.4.8*/ diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h -index df5a703..63748a7 100644 +index 34f9709..8eca2d5 100644 --- a/arch/x86/kvm/paging_tmpl.h +++ b/arch/x86/kvm/paging_tmpl.h @@ -197,7 +197,7 @@ retry_walk: @@ -20545,10 +20279,10 @@ index df5a703..63748a7 100644 goto error; diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c -index e334389..6839087 100644 +index f75af40..285b18f 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c -@@ -3509,7 +3509,11 @@ static void reload_tss(struct kvm_vcpu *vcpu) +@@ -3516,7 +3516,11 @@ static void reload_tss(struct kvm_vcpu *vcpu) int cpu = raw_smp_processor_id(); struct svm_cpu_data *sd = per_cpu(svm_data, cpu); @@ -20560,7 +20294,7 @@ index e334389..6839087 100644 load_TR_desc(); } -@@ -3887,6 +3891,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) +@@ -3894,6 +3898,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) #endif #endif @@ -20572,10 +20306,10 @@ index e334389..6839087 100644 local_irq_disable(); diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c -index 4ff0ab9..2ff68d3 100644 +index 32eb588..19c4fe3 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c -@@ -1303,7 +1303,11 @@ static void reload_tss(void) +@@ -1313,7 +1313,11 @@ static void reload_tss(void) struct desc_struct *descs; descs = (void *)gdt->address; @@ -20587,7 +20321,18 @@ index 4ff0ab9..2ff68d3 100644 load_TR_desc(); } -@@ -2625,8 +2629,11 @@ static __init int hardware_setup(void) +@@ -1475,8 +1479,8 @@ static void __vmx_load_host_state(struct vcpu_vmx *vmx) + * The sysexit path does not restore ds/es, so we must set them to + * a reasonable value ourselves. + */ +- loadsegment(ds, __USER_DS); +- loadsegment(es, __USER_DS); ++ loadsegment(ds, __KERNEL_DS); ++ loadsegment(es, __KERNEL_DS); + #endif + reload_tss(); + #ifdef CONFIG_X86_64 +@@ -2653,8 +2657,11 @@ static __init int hardware_setup(void) if (!cpu_has_vmx_flexpriority()) flexpriority_enabled = 0; @@ -20601,7 +20346,7 @@ index 4ff0ab9..2ff68d3 100644 if (enable_ept && !cpu_has_vmx_ept_2m_page()) kvm_disable_largepages(); -@@ -3642,7 +3649,7 @@ static void vmx_set_constant_host_state(void) +@@ -3680,7 +3687,7 @@ static void vmx_set_constant_host_state(void) vmcs_writel(HOST_IDTR_BASE, dt.address); /* 22.2.4 */ asm("mov $.Lkvm_vmx_return, %0" : "=r"(tmpl)); @@ -20610,7 +20355,7 @@ index 4ff0ab9..2ff68d3 100644 rdmsr(MSR_IA32_SYSENTER_CS, low32, high32); vmcs_write32(HOST_IA32_SYSENTER_CS, low32); -@@ -6180,6 +6187,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6218,6 +6225,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) "jmp .Lkvm_vmx_return \n\t" ".Llaunched: " __ex(ASM_VMX_VMRESUME) "\n\t" ".Lkvm_vmx_return: " @@ -20623,7 +20368,7 @@ index 4ff0ab9..2ff68d3 100644 /* Save guest registers, load host registers, keep flags */ "mov %0, %c[wordsize](%%"R"sp) \n\t" "pop %0 \n\t" -@@ -6228,6 +6241,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6266,6 +6279,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) #endif [cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)), [wordsize]"i"(sizeof(ulong)) @@ -20635,11 +20380,10 @@ index 4ff0ab9..2ff68d3 100644 : "cc", "memory" , R"ax", R"bx", R"di", R"si" #ifdef CONFIG_X86_64 -@@ -6256,7 +6274,16 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6294,6 +6312,16 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) } } -- asm("mov %0, %%ds; mov %0, %%es" : : "r"(__USER_DS)); + asm("mov %0, %%ds; mov %0, %%es; mov %0, %%ss" : : "r"(__KERNEL_DS)); + +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) @@ -20654,7 +20398,7 @@ index 4ff0ab9..2ff68d3 100644 vmx->exit_reason = vmcs_read32(VM_EXIT_REASON); diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c -index 185a2b8..866d2a6 100644 +index be6d549..b0ba2bf 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -1357,8 +1357,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) @@ -20668,7 +20412,7 @@ index 185a2b8..866d2a6 100644 u8 blob_size = lm ? kvm->arch.xen_hvm_config.blob_size_64 : kvm->arch.xen_hvm_config.blob_size_32; u32 page_num = data & ~PAGE_MASK; -@@ -2213,6 +2213,8 @@ long kvm_arch_dev_ioctl(struct file *filp, +@@ -2214,6 +2214,8 @@ long kvm_arch_dev_ioctl(struct file *filp, if (n < msr_list.nmsrs) goto out; r = -EFAULT; @@ -20677,7 +20421,7 @@ index 185a2b8..866d2a6 100644 if (copy_to_user(user_msr_list->indices, &msrs_to_save, num_msrs_to_save * sizeof(u32))) goto out; -@@ -2338,7 +2340,7 @@ static int kvm_vcpu_ioctl_set_lapic(struct kvm_vcpu *vcpu, +@@ -2339,7 +2341,7 @@ static int kvm_vcpu_ioctl_set_lapic(struct kvm_vcpu *vcpu, static int kvm_vcpu_ioctl_interrupt(struct kvm_vcpu *vcpu, struct kvm_interrupt *irq) { @@ -20686,7 +20430,7 @@ index 185a2b8..866d2a6 100644 return -EINVAL; if (irqchip_in_kernel(vcpu->kvm)) return -ENXIO; -@@ -4860,7 +4862,7 @@ static void kvm_set_mmio_spte_mask(void) +@@ -4876,7 +4878,7 @@ static void kvm_set_mmio_spte_mask(void) kvm_mmu_set_mmio_spte_mask(mask); } @@ -21196,20 +20940,20 @@ index f5cc9eb..51fa319 100644 CFI_ENDPROC ENDPROC(atomic64_inc_not_zero_cx8) diff --git a/arch/x86/lib/checksum_32.S b/arch/x86/lib/checksum_32.S -index 78d16a5..fbcf666 100644 +index 2af5df3..62b1a5a 100644 --- a/arch/x86/lib/checksum_32.S +++ b/arch/x86/lib/checksum_32.S -@@ -28,7 +28,8 @@ - #include +@@ -29,7 +29,8 @@ #include #include + #include - +#include + /* * computes a partial checksum, e.g. for TCP/UDP fragments */ -@@ -296,9 +297,24 @@ unsigned int csum_partial_copy_generic (const char *src, char *dst, +@@ -293,9 +294,24 @@ unsigned int csum_partial_copy_generic (const char *src, char *dst, #define ARGBASE 16 #define FP 12 @@ -21236,7 +20980,7 @@ index 78d16a5..fbcf666 100644 subl $4,%esp CFI_ADJUST_CFA_OFFSET 4 pushl_cfi %edi -@@ -320,7 +336,7 @@ ENTRY(csum_partial_copy_generic) +@@ -317,7 +333,7 @@ ENTRY(csum_partial_copy_generic) jmp 4f SRC(1: movw (%esi), %bx ) addl $2, %esi @@ -21245,7 +20989,7 @@ index 78d16a5..fbcf666 100644 addl $2, %edi addw %bx, %ax adcl $0, %eax -@@ -332,30 +348,30 @@ DST( movw %bx, (%edi) ) +@@ -329,30 +345,30 @@ DST( movw %bx, (%edi) ) SRC(1: movl (%esi), %ebx ) SRC( movl 4(%esi), %edx ) adcl %ebx, %eax @@ -21284,7 +21028,7 @@ index 78d16a5..fbcf666 100644 lea 32(%esi), %esi lea 32(%edi), %edi -@@ -369,7 +385,7 @@ DST( movl %edx, 28(%edi) ) +@@ -366,7 +382,7 @@ DST( movl %edx, 28(%edi) ) shrl $2, %edx # This clears CF SRC(3: movl (%esi), %ebx ) adcl %ebx, %eax @@ -21293,7 +21037,7 @@ index 78d16a5..fbcf666 100644 lea 4(%esi), %esi lea 4(%edi), %edi dec %edx -@@ -381,12 +397,12 @@ DST( movl %ebx, (%edi) ) +@@ -378,12 +394,12 @@ DST( movl %ebx, (%edi) ) jb 5f SRC( movw (%esi), %cx ) leal 2(%esi), %esi @@ -21308,7 +21052,7 @@ index 78d16a5..fbcf666 100644 6: addl %ecx, %eax adcl $0, %eax 7: -@@ -397,7 +413,7 @@ DST( movb %cl, (%edi) ) +@@ -394,7 +410,7 @@ DST( movb %cl, (%edi) ) 6001: movl ARGBASE+20(%esp), %ebx # src_err_ptr @@ -21317,7 +21061,7 @@ index 78d16a5..fbcf666 100644 # zero the complete destination - computing the rest # is too much work -@@ -410,11 +426,15 @@ DST( movb %cl, (%edi) ) +@@ -407,11 +423,15 @@ DST( movb %cl, (%edi) ) 6002: movl ARGBASE+24(%esp), %ebx # dst_err_ptr @@ -21334,7 +21078,7 @@ index 78d16a5..fbcf666 100644 popl_cfi %ebx CFI_RESTORE ebx popl_cfi %esi -@@ -424,26 +444,43 @@ DST( movb %cl, (%edi) ) +@@ -421,26 +441,43 @@ DST( movb %cl, (%edi) ) popl_cfi %ecx # equivalent to addl $4,%esp ret CFI_ENDPROC @@ -21383,7 +21127,7 @@ index 78d16a5..fbcf666 100644 pushl_cfi %ebx CFI_REL_OFFSET ebx, 0 pushl_cfi %edi -@@ -464,7 +501,7 @@ ENTRY(csum_partial_copy_generic) +@@ -461,7 +498,7 @@ ENTRY(csum_partial_copy_generic) subl %ebx, %edi lea -1(%esi),%edx andl $-32,%edx @@ -21392,7 +21136,7 @@ index 78d16a5..fbcf666 100644 testl %esi, %esi jmp *%ebx 1: addl $64,%esi -@@ -485,19 +522,19 @@ ENTRY(csum_partial_copy_generic) +@@ -482,19 +519,19 @@ ENTRY(csum_partial_copy_generic) jb 5f SRC( movw (%esi), %dx ) leal 2(%esi), %esi @@ -21415,7 +21159,7 @@ index 78d16a5..fbcf666 100644 # zero the complete destination (computing the rest is too much work) movl ARGBASE+8(%esp),%edi # dst movl ARGBASE+12(%esp),%ecx # len -@@ -505,10 +542,17 @@ DST( movb %dl, (%edi) ) +@@ -502,10 +539,17 @@ DST( movb %dl, (%edi) ) rep; stosb jmp 7b 6002: movl ARGBASE+24(%esp), %ebx # dst_err_ptr @@ -21434,7 +21178,7 @@ index 78d16a5..fbcf666 100644 popl_cfi %esi CFI_RESTORE esi popl_cfi %edi -@@ -517,7 +561,7 @@ DST( movb %dl, (%edi) ) +@@ -514,7 +558,7 @@ DST( movb %dl, (%edi) ) CFI_RESTORE ebx ret CFI_ENDPROC @@ -21587,18 +21331,18 @@ index 6b34d04..dccb07f 100644 .byte (copy_page_c - copy_page) - (2f - 1b) /* offset */ 2: diff --git a/arch/x86/lib/copy_user_64.S b/arch/x86/lib/copy_user_64.S -index 0248402..821c786 100644 +index 5b2995f..78e7644 100644 --- a/arch/x86/lib/copy_user_64.S +++ b/arch/x86/lib/copy_user_64.S -@@ -16,6 +16,7 @@ - #include +@@ -17,6 +17,7 @@ #include #include + #include +#include /* * By placing feature2 after feature1 in altinstructions section, we logically -@@ -29,7 +30,7 @@ +@@ -30,7 +31,7 @@ .byte 0xe9 /* 32bit jump */ .long \orig-1f /* by default jump to orig */ 1: @@ -21607,7 +21351,7 @@ index 0248402..821c786 100644 2: .byte 0xe9 /* near jump with 32bit immediate */ .long \alt1-1b /* offset */ /* or alternatively to alt1 */ 3: .byte 0xe9 /* near jump with 32bit immediate */ -@@ -71,47 +72,20 @@ +@@ -69,47 +70,20 @@ #endif .endm @@ -21658,7 +21402,7 @@ index 0248402..821c786 100644 ret CFI_ENDPROC ENDPROC(bad_from_user) -@@ -141,19 +115,19 @@ ENTRY(copy_user_generic_unrolled) +@@ -139,19 +113,19 @@ ENTRY(copy_user_generic_unrolled) jz 17f 1: movq (%rsi),%r8 2: movq 1*8(%rsi),%r9 @@ -21682,7 +21426,7 @@ index 0248402..821c786 100644 16: movq %r11,7*8(%rdi) leaq 64(%rsi),%rsi leaq 64(%rdi),%rdi -@@ -179,6 +153,7 @@ ENTRY(copy_user_generic_unrolled) +@@ -177,6 +151,7 @@ ENTRY(copy_user_generic_unrolled) decl %ecx jnz 21b 23: xor %eax,%eax @@ -21690,7 +21434,7 @@ index 0248402..821c786 100644 ret .section .fixup,"ax" -@@ -251,6 +226,7 @@ ENTRY(copy_user_generic_string) +@@ -246,6 +221,7 @@ ENTRY(copy_user_generic_string) 3: rep movsb 4: xorl %eax,%eax @@ -21698,7 +21442,7 @@ index 0248402..821c786 100644 ret .section .fixup,"ax" -@@ -287,6 +263,7 @@ ENTRY(copy_user_enhanced_fast_string) +@@ -279,6 +255,7 @@ ENTRY(copy_user_enhanced_fast_string) 1: rep movsb 2: xorl %eax,%eax @@ -21707,10 +21451,10 @@ index 0248402..821c786 100644 .section .fixup,"ax" diff --git a/arch/x86/lib/copy_user_nocache_64.S b/arch/x86/lib/copy_user_nocache_64.S -index cb0c112..e3a6895 100644 +index cacddc7..09d49e4 100644 --- a/arch/x86/lib/copy_user_nocache_64.S +++ b/arch/x86/lib/copy_user_nocache_64.S -@@ -8,12 +8,14 @@ +@@ -8,6 +8,7 @@ #include #include @@ -21718,14 +21462,15 @@ index cb0c112..e3a6895 100644 #define FIX_ALIGNMENT 1 - #include +@@ -15,6 +16,7 @@ #include #include + #include +#include .macro ALIGN_DESTINATION #ifdef FIX_ALIGNMENT -@@ -50,6 +52,15 @@ +@@ -48,6 +50,15 @@ */ ENTRY(__copy_user_nocache) CFI_STARTPROC @@ -21741,7 +21486,7 @@ index cb0c112..e3a6895 100644 cmpl $8,%edx jb 20f /* less then 8 bytes, go to byte copy loop */ ALIGN_DESTINATION -@@ -59,19 +70,19 @@ ENTRY(__copy_user_nocache) +@@ -57,19 +68,19 @@ ENTRY(__copy_user_nocache) jz 17f 1: movq (%rsi),%r8 2: movq 1*8(%rsi),%r9 @@ -21765,7 +21510,7 @@ index cb0c112..e3a6895 100644 16: movnti %r11,7*8(%rdi) leaq 64(%rsi),%rsi leaq 64(%rdi),%rdi -@@ -98,6 +109,7 @@ ENTRY(__copy_user_nocache) +@@ -96,6 +107,7 @@ ENTRY(__copy_user_nocache) jnz 21b 23: xorl %eax,%eax sfence @@ -21774,18 +21519,18 @@ index cb0c112..e3a6895 100644 .section .fixup,"ax" diff --git a/arch/x86/lib/csum-copy_64.S b/arch/x86/lib/csum-copy_64.S -index fb903b7..c92b7f7 100644 +index 2419d5f..953ee51 100644 --- a/arch/x86/lib/csum-copy_64.S +++ b/arch/x86/lib/csum-copy_64.S -@@ -8,6 +8,7 @@ - #include +@@ -9,6 +9,7 @@ #include #include + #include +#include /* * Checksum copy with exception handling. -@@ -228,6 +229,7 @@ ENTRY(csum_partial_copy_generic) +@@ -220,6 +221,7 @@ ENTRY(csum_partial_copy_generic) CFI_RESTORE rbp addq $7*8, %rsp CFI_ADJUST_CFA_OFFSET -7*8 @@ -21794,7 +21539,7 @@ index fb903b7..c92b7f7 100644 CFI_RESTORE_STATE diff --git a/arch/x86/lib/csum-wrappers_64.c b/arch/x86/lib/csum-wrappers_64.c -index 459b58a..9570bc7 100644 +index 25b7ae8..3b52ccd 100644 --- a/arch/x86/lib/csum-wrappers_64.c +++ b/arch/x86/lib/csum-wrappers_64.c @@ -52,7 +52,13 @@ csum_partial_copy_from_user(const void __user *src, void *dst, @@ -21828,7 +21573,7 @@ index 459b58a..9570bc7 100644 } EXPORT_SYMBOL(csum_partial_copy_to_user); diff --git a/arch/x86/lib/getuser.S b/arch/x86/lib/getuser.S -index 51f1504..ddac4c1 100644 +index b33b1fb..219f389 100644 --- a/arch/x86/lib/getuser.S +++ b/arch/x86/lib/getuser.S @@ -33,15 +33,38 @@ @@ -22629,7 +22374,7 @@ index 69fa106..adda88b 100644 3: CFI_RESTORE_STATE diff --git a/arch/x86/lib/putuser.S b/arch/x86/lib/putuser.S -index 36b0d15..d381858 100644 +index 7f951c8..ebd573a 100644 --- a/arch/x86/lib/putuser.S +++ b/arch/x86/lib/putuser.S @@ -15,7 +15,9 @@ @@ -22903,10 +22648,10 @@ index a63efd6..ccecad8 100644 ret CFI_ENDPROC diff --git a/arch/x86/lib/usercopy_32.c b/arch/x86/lib/usercopy_32.c -index ef2a6a5..3b28862 100644 +index 1781b2f..90368dd 100644 --- a/arch/x86/lib/usercopy_32.c +++ b/arch/x86/lib/usercopy_32.c -@@ -41,10 +41,12 @@ do { \ +@@ -42,10 +42,12 @@ do { \ int __d0; \ might_fault(); \ __asm__ __volatile__( \ @@ -22919,23 +22664,7 @@ index ef2a6a5..3b28862 100644 ".section .fixup,\"ax\"\n" \ "3: lea 0(%2,%0,4),%0\n" \ " jmp 2b\n" \ -@@ -113,6 +115,7 @@ long strnlen_user(const char __user *s, long n) - might_fault(); - - __asm__ __volatile__( -+ __COPYUSER_SET_ES - " testl %0, %0\n" - " jz 3f\n" - " andl %0,%%ecx\n" -@@ -121,6 +124,7 @@ long strnlen_user(const char __user *s, long n) - " subl %%ecx,%0\n" - " addl %0,%%eax\n" - "1:\n" -+ __COPYUSER_RESTORE_ES - ".section .fixup,\"ax\"\n" - "2: xorl %%eax,%%eax\n" - " jmp 1b\n" -@@ -140,7 +144,7 @@ EXPORT_SYMBOL(strnlen_user); +@@ -97,7 +99,7 @@ EXPORT_SYMBOL(__clear_user); #ifdef CONFIG_X86_INTEL_USERCOPY static unsigned long @@ -22944,7 +22673,7 @@ index ef2a6a5..3b28862 100644 { int d0, d1; __asm__ __volatile__( -@@ -152,36 +156,36 @@ __copy_user_intel(void __user *to, const void *from, unsigned long size) +@@ -109,36 +111,36 @@ __copy_user_intel(void __user *to, const void *from, unsigned long size) " .align 2,0x90\n" "3: movl 0(%4), %%eax\n" "4: movl 4(%4), %%edx\n" @@ -22997,7 +22726,7 @@ index ef2a6a5..3b28862 100644 " addl $-64, %0\n" " addl $64, %4\n" " addl $64, %3\n" -@@ -191,10 +195,12 @@ __copy_user_intel(void __user *to, const void *from, unsigned long size) +@@ -148,10 +150,12 @@ __copy_user_intel(void __user *to, const void *from, unsigned long size) " shrl $2, %0\n" " andl $3, %%eax\n" " cld\n" @@ -23010,7 +22739,7 @@ index ef2a6a5..3b28862 100644 ".section .fixup,\"ax\"\n" "101: lea 0(%%eax,%0,4),%0\n" " jmp 100b\n" -@@ -247,46 +253,155 @@ __copy_user_intel(void __user *to, const void *from, unsigned long size) +@@ -201,46 +205,150 @@ __copy_user_intel(void __user *to, const void *from, unsigned long size) } static unsigned long @@ -23073,56 +22802,51 @@ index ef2a6a5..3b28862 100644 + "101: lea 0(%%eax,%0,4),%0\n" + " jmp 100b\n" + ".previous\n" -+ ".section __ex_table,\"a\"\n" -+ " .align 4\n" -+ " .long 1b,100b\n" -+ " .long 2b,100b\n" -+ " .long 3b,100b\n" -+ " .long 4b,100b\n" -+ " .long 5b,100b\n" -+ " .long 6b,100b\n" -+ " .long 7b,100b\n" -+ " .long 8b,100b\n" -+ " .long 9b,100b\n" -+ " .long 10b,100b\n" -+ " .long 11b,100b\n" -+ " .long 12b,100b\n" -+ " .long 13b,100b\n" -+ " .long 14b,100b\n" -+ " .long 15b,100b\n" -+ " .long 16b,100b\n" -+ " .long 17b,100b\n" -+ " .long 18b,100b\n" -+ " .long 19b,100b\n" -+ " .long 20b,100b\n" -+ " .long 21b,100b\n" -+ " .long 22b,100b\n" -+ " .long 23b,100b\n" -+ " .long 24b,100b\n" -+ " .long 25b,100b\n" -+ " .long 26b,100b\n" -+ " .long 27b,100b\n" -+ " .long 28b,100b\n" -+ " .long 29b,100b\n" -+ " .long 30b,100b\n" -+ " .long 31b,100b\n" -+ " .long 32b,100b\n" -+ " .long 33b,100b\n" -+ " .long 34b,100b\n" -+ " .long 35b,100b\n" -+ " .long 36b,100b\n" -+ " .long 37b,100b\n" -+ " .long 99b,101b\n" -+ ".previous" ++ _ASM_EXTABLE(1b,100b) ++ _ASM_EXTABLE(2b,100b) ++ _ASM_EXTABLE(3b,100b) ++ _ASM_EXTABLE(4b,100b) ++ _ASM_EXTABLE(5b,100b) ++ _ASM_EXTABLE(6b,100b) ++ _ASM_EXTABLE(7b,100b) ++ _ASM_EXTABLE(8b,100b) ++ _ASM_EXTABLE(9b,100b) ++ _ASM_EXTABLE(10b,100b) ++ _ASM_EXTABLE(11b,100b) ++ _ASM_EXTABLE(12b,100b) ++ _ASM_EXTABLE(13b,100b) ++ _ASM_EXTABLE(14b,100b) ++ _ASM_EXTABLE(15b,100b) ++ _ASM_EXTABLE(16b,100b) ++ _ASM_EXTABLE(17b,100b) ++ _ASM_EXTABLE(18b,100b) ++ _ASM_EXTABLE(19b,100b) ++ _ASM_EXTABLE(20b,100b) ++ _ASM_EXTABLE(21b,100b) ++ _ASM_EXTABLE(22b,100b) ++ _ASM_EXTABLE(23b,100b) ++ _ASM_EXTABLE(24b,100b) ++ _ASM_EXTABLE(25b,100b) ++ _ASM_EXTABLE(26b,100b) ++ _ASM_EXTABLE(27b,100b) ++ _ASM_EXTABLE(28b,100b) ++ _ASM_EXTABLE(29b,100b) ++ _ASM_EXTABLE(30b,100b) ++ _ASM_EXTABLE(31b,100b) ++ _ASM_EXTABLE(32b,100b) ++ _ASM_EXTABLE(33b,100b) ++ _ASM_EXTABLE(34b,100b) ++ _ASM_EXTABLE(35b,100b) ++ _ASM_EXTABLE(36b,100b) ++ _ASM_EXTABLE(37b,100b) ++ _ASM_EXTABLE(99b,101b) + : "=&c"(size), "=&D" (d0), "=&S" (d1) + : "1"(to), "2"(from), "0"(size) + : "eax", "edx", "memory"); + return size; +} + -+static unsigned long -+__copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size) __size_overflow(3); -+static unsigned long ++static unsigned long __size_overflow(3) __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size) { int d0, d1; @@ -23184,7 +22908,7 @@ index ef2a6a5..3b28862 100644 " movl %%eax, 56(%3)\n" " movl %%edx, 60(%3)\n" " addl $-64, %0\n" -@@ -298,9 +413,9 @@ __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size) +@@ -252,9 +360,9 @@ __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size) " shrl $2, %0\n" " andl $3, %%eax\n" " cld\n" @@ -23196,12 +22920,12 @@ index ef2a6a5..3b28862 100644 "8:\n" ".section .fixup,\"ax\"\n" "9: lea 0(%%eax,%0,4),%0\n" -@@ -347,47 +462,49 @@ __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size) +@@ -297,48 +405,48 @@ __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size) + * hyoshiok@miraclelinux.com */ - static unsigned long __copy_user_zeroing_intel_nocache(void *to, -+ const void __user *from, unsigned long size) __size_overflow(3); -+static unsigned long __copy_user_zeroing_intel_nocache(void *to, +-static unsigned long __copy_user_zeroing_intel_nocache(void *to, ++static unsigned long __size_overflow(3) __copy_user_zeroing_intel_nocache(void *to, const void __user *from, unsigned long size) { int d0, d1; @@ -23264,7 +22988,7 @@ index ef2a6a5..3b28862 100644 " movnti %%eax, 56(%3)\n" " movnti %%edx, 60(%3)\n" " addl $-64, %0\n" -@@ -400,9 +517,9 @@ static unsigned long __copy_user_zeroing_intel_nocache(void *to, +@@ -351,9 +459,9 @@ static unsigned long __copy_user_zeroing_intel_nocache(void *to, " shrl $2, %0\n" " andl $3, %%eax\n" " cld\n" @@ -23276,12 +23000,12 @@ index ef2a6a5..3b28862 100644 "8:\n" ".section .fixup,\"ax\"\n" "9: lea 0(%%eax,%0,4),%0\n" -@@ -444,47 +561,49 @@ static unsigned long __copy_user_zeroing_intel_nocache(void *to, +@@ -391,48 +499,48 @@ static unsigned long __copy_user_zeroing_intel_nocache(void *to, + return size; } - static unsigned long __copy_user_intel_nocache(void *to, -+ const void __user *from, unsigned long size) __size_overflow(3); -+static unsigned long __copy_user_intel_nocache(void *to, +-static unsigned long __copy_user_intel_nocache(void *to, ++static unsigned long __size_overflow(3) __copy_user_intel_nocache(void *to, const void __user *from, unsigned long size) { int d0, d1; @@ -23344,7 +23068,7 @@ index ef2a6a5..3b28862 100644 " movnti %%eax, 56(%3)\n" " movnti %%edx, 60(%3)\n" " addl $-64, %0\n" -@@ -497,9 +616,9 @@ static unsigned long __copy_user_intel_nocache(void *to, +@@ -445,9 +553,9 @@ static unsigned long __copy_user_intel_nocache(void *to, " shrl $2, %0\n" " andl $3, %%eax\n" " cld\n" @@ -23356,7 +23080,7 @@ index ef2a6a5..3b28862 100644 "8:\n" ".section .fixup,\"ax\"\n" "9: lea 0(%%eax,%0,4),%0\n" -@@ -542,32 +661,36 @@ static unsigned long __copy_user_intel_nocache(void *to, +@@ -487,32 +595,36 @@ static unsigned long __copy_user_intel_nocache(void *to, */ unsigned long __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size); @@ -23398,7 +23122,7 @@ index ef2a6a5..3b28862 100644 ".section .fixup,\"ax\"\n" \ "5: addl %3,%0\n" \ " jmp 2b\n" \ -@@ -595,14 +718,14 @@ do { \ +@@ -537,14 +649,14 @@ do { \ " negl %0\n" \ " andl $7,%0\n" \ " subl %0,%3\n" \ @@ -23416,7 +23140,7 @@ index ef2a6a5..3b28862 100644 "2:\n" \ ".section .fixup,\"ax\"\n" \ "5: addl %3,%0\n" \ -@@ -688,9 +811,9 @@ survive: +@@ -627,9 +739,9 @@ survive: } #endif if (movsl_is_ok(to, from, n)) @@ -23428,7 +23152,7 @@ index ef2a6a5..3b28862 100644 return n; } EXPORT_SYMBOL(__copy_to_user_ll); -@@ -710,10 +833,9 @@ unsigned long __copy_from_user_ll_nozero(void *to, const void __user *from, +@@ -649,10 +761,9 @@ unsigned long __copy_from_user_ll_nozero(void *to, const void __user *from, unsigned long n) { if (movsl_is_ok(to, from, n)) @@ -23441,7 +23165,7 @@ index ef2a6a5..3b28862 100644 return n; } EXPORT_SYMBOL(__copy_from_user_ll_nozero); -@@ -740,65 +862,50 @@ unsigned long __copy_from_user_ll_nocache_nozero(void *to, const void __user *fr +@@ -679,65 +790,50 @@ unsigned long __copy_from_user_ll_nocache_nozero(void *to, const void __user *fr if (n > 64 && cpu_has_xmm2) n = __copy_user_intel_nocache(to, from, n); else @@ -23544,7 +23268,7 @@ index ef2a6a5..3b28862 100644 +EXPORT_SYMBOL(set_fs); +#endif diff --git a/arch/x86/lib/usercopy_64.c b/arch/x86/lib/usercopy_64.c -index 0d0326f..6a6155b 100644 +index e5b130b..6690d31 100644 --- a/arch/x86/lib/usercopy_64.c +++ b/arch/x86/lib/usercopy_64.c @@ -16,6 +16,12 @@ unsigned long __clear_user(void __user *addr, unsigned long size) @@ -23560,9 +23284,9 @@ index 0d0326f..6a6155b 100644 /* no memory constraint because it doesn't change any memory gcc knows about */ asm volatile( -@@ -100,12 +106,20 @@ long strlen_user(const char __user *s) +@@ -52,12 +58,20 @@ unsigned long clear_user(void __user *to, unsigned long n) } - EXPORT_SYMBOL(strlen_user); + EXPORT_SYMBOL(clear_user); -unsigned long copy_in_user(void __user *to, const void __user *from, unsigned len) +unsigned long copy_in_user(void __user *to, const void __user *from, unsigned long len) @@ -23586,7 +23310,7 @@ index 0d0326f..6a6155b 100644 } EXPORT_SYMBOL(copy_in_user); -@@ -115,7 +129,7 @@ EXPORT_SYMBOL(copy_in_user); +@@ -67,7 +81,7 @@ EXPORT_SYMBOL(copy_in_user); * it is not necessary to optimize tail handling. */ unsigned long @@ -23595,7 +23319,7 @@ index 0d0326f..6a6155b 100644 { char c; unsigned zero_len; -@@ -132,3 +146,15 @@ copy_user_handle_tail(char *to, char *from, unsigned len, unsigned zerorest) +@@ -84,3 +98,15 @@ copy_user_handle_tail(char *to, char *from, unsigned len, unsigned zerorest) break; return len; } @@ -23612,11 +23336,39 @@ index 0d0326f..6a6155b 100644 +} +EXPORT_SYMBOL(copy_to_user_overflow); diff --git a/arch/x86/mm/extable.c b/arch/x86/mm/extable.c -index 1fb85db..8b3540b 100644 +index 903ec1e..833f340 100644 --- a/arch/x86/mm/extable.c +++ b/arch/x86/mm/extable.c -@@ -8,7 +8,7 @@ int fixup_exception(struct pt_regs *regs) - const struct exception_table_entry *fixup; +@@ -6,12 +6,25 @@ + static inline unsigned long + ex_insn_addr(const struct exception_table_entry *x) + { +- return (unsigned long)&x->insn + x->insn; ++//printk(KERN_ERR "fixup %p insn:%x fixup:%x\n", x, x->insn, x->fixup); ++ unsigned long reloc = 0; ++ ++#if defined(CONFIG_PAX_KERNEXEC) && defined(CONFIG_X86_32) ++ reloc = ____LOAD_PHYSICAL_ADDR - LOAD_PHYSICAL_ADDR; ++#endif ++ ++ return (unsigned long)&x->insn + x->insn + reloc; + } + static inline unsigned long + ex_fixup_addr(const struct exception_table_entry *x) + { +- return (unsigned long)&x->fixup + x->fixup; ++ unsigned long reloc = 0; ++ ++#if defined(CONFIG_PAX_KERNEXEC) && defined(CONFIG_X86_32) ++ reloc = ____LOAD_PHYSICAL_ADDR - LOAD_PHYSICAL_ADDR; ++#endif ++ ++ return (unsigned long)&x->fixup + x->fixup + reloc; + } + + int fixup_exception(struct pt_regs *regs) +@@ -20,7 +33,7 @@ int fixup_exception(struct pt_regs *regs) + unsigned long new_ip; #ifdef CONFIG_PNPBIOS - if (unlikely(SEGMENT_IS_PNP_CODE(regs->cs))) { @@ -23624,8 +23376,16 @@ index 1fb85db..8b3540b 100644 extern u32 pnp_bios_fault_eip, pnp_bios_fault_esp; extern u32 pnp_bios_is_utter_crap; pnp_bios_is_utter_crap = 1; +@@ -34,6 +47,7 @@ int fixup_exception(struct pt_regs *regs) + #endif + + fixup = search_exception_tables(regs->ip); ++//printk(KERN_ERR "fixup %p %lx\n", fixup, regs->ip); + if (fixup) { + new_ip = ex_fixup_addr(fixup); + diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c -index 3ecfd1a..304d554 100644 +index 76dcd9d..e9dffde 100644 --- a/arch/x86/mm/fault.c +++ b/arch/x86/mm/fault.c @@ -13,11 +13,18 @@ @@ -23809,8 +23569,8 @@ index 3ecfd1a..304d554 100644 pte_t *pte = lookup_address(address, &level); if (pte && pte_present(*pte) && !pte_exec(*pte)) -- printk(nx_warning, current_uid()); -+ printk(nx_warning, current_uid(), current->comm, task_pid_nr(current)); +- printk(nx_warning, from_kuid(&init_user_ns, current_uid())); ++ printk(nx_warning, from_kuid(&init_user_ns, current_uid()), current->comm, task_pid_nr(current)); } +#ifdef CONFIG_PAX_KERNEXEC @@ -24582,7 +24342,7 @@ index f6679a7..8f795a3 100644 } if (mm->get_unmapped_area == arch_get_unmapped_area) diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c -index 4f0cec7..00976ce 100644 +index bc4e9d8..ca4c14b 100644 --- a/arch/x86/mm/init.c +++ b/arch/x86/mm/init.c @@ -16,6 +16,8 @@ @@ -24594,16 +24354,16 @@ index 4f0cec7..00976ce 100644 unsigned long __initdata pgt_buf_start; unsigned long __meminitdata pgt_buf_end; -@@ -32,7 +34,7 @@ int direct_gbpages - static void __init find_early_table_space(unsigned long end, int use_pse, - int use_gbpages) +@@ -38,7 +40,7 @@ struct map_range { + static void __init find_early_table_space(struct map_range *mr, unsigned long end, + int use_pse, int use_gbpages) { - unsigned long puds, pmds, ptes, tables, start = 0, good_end = end; + unsigned long puds, pmds, ptes, tables, start = 0x100000, good_end = end; phys_addr_t base; puds = (end + PUD_SIZE - 1) >> PUD_SHIFT; -@@ -311,10 +313,37 @@ unsigned long __init_refok init_memory_mapping(unsigned long start, +@@ -317,10 +319,37 @@ unsigned long __init_refok init_memory_mapping(unsigned long start, * Access has to be given to non-kernel-ram areas as well, these contain the PCI * mmio resources as well as potential bios/acpi data regions. */ @@ -24642,7 +24402,7 @@ index 4f0cec7..00976ce 100644 if (iomem_is_exclusive(pagenr << PAGE_SHIFT)) return 0; if (!page_is_ram(pagenr)) -@@ -371,8 +400,116 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end) +@@ -377,8 +406,116 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end) #endif } @@ -25038,7 +24798,7 @@ index 575d86f..4987469 100644 printk(KERN_INFO "Write protecting the kernel text: %luk\n", size >> 10); diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c -index fc18be0..e539653 100644 +index 2b6b4a3..c17210d 100644 --- a/arch/x86/mm/init_64.c +++ b/arch/x86/mm/init_64.c @@ -74,7 +74,7 @@ early_param("gbpages", parse_direct_gbpages_on); @@ -25155,7 +24915,7 @@ index fc18be0..e539653 100644 adr = (void *)(((unsigned long)adr) | left); return adr; -@@ -545,7 +559,7 @@ phys_pud_init(pud_t *pud_page, unsigned long addr, unsigned long end, +@@ -548,7 +562,7 @@ phys_pud_init(pud_t *pud_page, unsigned long addr, unsigned long end, unmap_low_page(pmd); spin_lock(&init_mm.page_table_lock); @@ -25164,7 +24924,7 @@ index fc18be0..e539653 100644 spin_unlock(&init_mm.page_table_lock); } __flush_tlb_all(); -@@ -591,7 +605,7 @@ kernel_physical_mapping_init(unsigned long start, +@@ -594,7 +608,7 @@ kernel_physical_mapping_init(unsigned long start, unmap_low_page(pud); spin_lock(&init_mm.page_table_lock); @@ -25173,7 +24933,7 @@ index fc18be0..e539653 100644 spin_unlock(&init_mm.page_table_lock); pgd_changed = true; } -@@ -683,6 +697,12 @@ void __init mem_init(void) +@@ -686,6 +700,12 @@ void __init mem_init(void) pci_iommu_alloc(); @@ -25186,7 +24946,7 @@ index fc18be0..e539653 100644 /* clear_bss() already clear the empty_zero_page */ reservedpages = 0; -@@ -843,8 +863,8 @@ int kern_addr_valid(unsigned long addr) +@@ -846,8 +866,8 @@ int kern_addr_valid(unsigned long addr) static struct vm_area_struct gate_vma = { .vm_start = VSYSCALL_START, .vm_end = VSYSCALL_START + (VSYSCALL_MAPPED_PAGES * PAGE_SIZE), @@ -25197,7 +24957,7 @@ index fc18be0..e539653 100644 }; struct vm_area_struct *get_gate_vma(struct mm_struct *mm) -@@ -878,7 +898,7 @@ int in_gate_area_no_mm(unsigned long addr) +@@ -881,7 +901,7 @@ int in_gate_area_no_mm(unsigned long addr) const char *arch_vma_name(struct vm_area_struct *vma) { @@ -25223,7 +24983,7 @@ index 7b179b4..6bd1777 100644 return (void *)vaddr; diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c -index be1ef57..55f0160 100644 +index 78fe3f1..8293b6f 100644 --- a/arch/x86/mm/ioremap.c +++ b/arch/x86/mm/ioremap.c @@ -97,7 +97,7 @@ static void __iomem *__ioremap_caller(resource_size_t phys_addr, @@ -25410,7 +25170,7 @@ index b008656..773eac2 100644 struct split_state { diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c -index e1ebde3..b1e1db38 100644 +index a718e0d..45efc32 100644 --- a/arch/x86/mm/pageattr.c +++ b/arch/x86/mm/pageattr.c @@ -261,7 +261,7 @@ static inline pgprot_t static_protections(pgprot_t prot, unsigned long address, @@ -25498,56 +25258,56 @@ index e1ebde3..b1e1db38 100644 static int diff --git a/arch/x86/mm/pat.c b/arch/x86/mm/pat.c -index f6ff57b..481690f 100644 +index 3d68ef6..7f69136 100644 --- a/arch/x86/mm/pat.c +++ b/arch/x86/mm/pat.c -@@ -361,7 +361,7 @@ int free_memtype(u64 start, u64 end) +@@ -376,7 +376,7 @@ int free_memtype(u64 start, u64 end) if (!entry) { - printk(KERN_INFO "%s:%d freeing invalid memtype %Lx-%Lx\n", -- current->comm, current->pid, start, end); -+ current->comm, task_pid_nr(current), start, end); + printk(KERN_INFO "%s:%d freeing invalid memtype [mem %#010Lx-%#010Lx]\n", +- current->comm, current->pid, start, end - 1); ++ current->comm, task_pid_nr(current), start, end - 1); return -EINVAL; } -@@ -492,8 +492,8 @@ static inline int range_is_allowed(unsigned long pfn, unsigned long size) +@@ -506,8 +506,8 @@ static inline int range_is_allowed(unsigned long pfn, unsigned long size) + while (cursor < to) { if (!devmem_is_allowed(pfn)) { - printk(KERN_INFO -- "Program %s tried to access /dev/mem between %Lx->%Lx.\n", -- current->comm, from, to); -+ "Program %s tried to access /dev/mem between %Lx->%Lx (%Lx).\n", -+ current->comm, from, to, cursor); +- printk(KERN_INFO "Program %s tried to access /dev/mem between [mem %#010Lx-%#010Lx]\n", +- current->comm, from, to - 1); ++ printk(KERN_INFO "Program %s tried to access /dev/mem between [mem %#010Lx-%#010Lx] (%#010Lx)\n", ++ current->comm, from, to - 1, cursor); return 0; } cursor += PAGE_SIZE; -@@ -557,7 +557,7 @@ int kernel_map_sync_memtype(u64 base, unsigned long size, unsigned long flags) - printk(KERN_INFO - "%s:%d ioremap_change_attr failed %s " - "for %Lx-%Lx\n", +@@ -570,7 +570,7 @@ int kernel_map_sync_memtype(u64 base, unsigned long size, unsigned long flags) + if (ioremap_change_attr((unsigned long)__va(base), id_sz, flags) < 0) { + printk(KERN_INFO "%s:%d ioremap_change_attr failed %s " + "for [mem %#010Lx-%#010Lx]\n", - current->comm, current->pid, + current->comm, task_pid_nr(current), cattr_name(flags), - base, (unsigned long long)(base + size)); + base, (unsigned long long)(base + size-1)); return -EINVAL; -@@ -593,7 +593,7 @@ static int reserve_pfn_range(u64 paddr, unsigned long size, pgprot_t *vma_prot, +@@ -605,7 +605,7 @@ static int reserve_pfn_range(u64 paddr, unsigned long size, pgprot_t *vma_prot, + flags = lookup_memtype(paddr); if (want_flags != flags) { - printk(KERN_WARNING - "%s:%d map pfn RAM range req %s for %Lx-%Lx, got %s\n", + printk(KERN_WARNING "%s:%d map pfn RAM range req %s for [mem %#010Lx-%#010Lx], got %s\n", - current->comm, current->pid, + current->comm, task_pid_nr(current), cattr_name(want_flags), (unsigned long long)paddr, - (unsigned long long)(paddr + size), -@@ -615,7 +615,7 @@ static int reserve_pfn_range(u64 paddr, unsigned long size, pgprot_t *vma_prot, + (unsigned long long)(paddr + size - 1), +@@ -627,7 +627,7 @@ static int reserve_pfn_range(u64 paddr, unsigned long size, pgprot_t *vma_prot, free_memtype(paddr, paddr + size); printk(KERN_ERR "%s:%d map pfn expected mapping type %s" - " for %Lx-%Lx, got %s\n", + " for [mem %#010Lx-%#010Lx], got %s\n", - current->comm, current->pid, + current->comm, task_pid_nr(current), cattr_name(want_flags), (unsigned long long)paddr, - (unsigned long long)(paddr + size), + (unsigned long long)(paddr + size - 1), diff --git a/arch/x86/mm/pf_in.c b/arch/x86/mm/pf_in.c index 9f0614d..92ae64a 100644 --- a/arch/x86/mm/pf_in.c @@ -25910,21 +25670,21 @@ index 410531d..0f16030 100644 } diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c -index d6c0418..06a0ad5 100644 +index 5e57e11..64874249 100644 --- a/arch/x86/mm/tlb.c +++ b/arch/x86/mm/tlb.c -@@ -65,7 +65,11 @@ void leave_mm(int cpu) +@@ -66,7 +66,11 @@ void leave_mm(int cpu) BUG(); - cpumask_clear_cpu(cpu, - mm_cpumask(percpu_read(cpu_tlbstate.active_mm))); + if (cpumask_test_cpu(cpu, mm_cpumask(active_mm))) { + cpumask_clear_cpu(cpu, mm_cpumask(active_mm)); + +#ifndef CONFIG_PAX_PER_CPU_PGD - load_cr3(swapper_pg_dir); + load_cr3(swapper_pg_dir); +#endif + + } } EXPORT_SYMBOL_GPL(leave_mm); - diff --git a/arch/x86/net/bpf_jit.S b/arch/x86/net/bpf_jit.S index 877b9a1..a8ecf42 100644 --- a/arch/x86/net/bpf_jit.S @@ -26540,7 +26300,7 @@ index 40e4469..1ab536e 100644 gdt_descr.size = GDT_SIZE - 1; load_gdt(&gdt_descr); diff --git a/arch/x86/platform/efi/efi_stub_32.S b/arch/x86/platform/efi/efi_stub_32.S -index fbe66e6..c5c0dd2 100644 +index fbe66e6..eae5e38 100644 --- a/arch/x86/platform/efi/efi_stub_32.S +++ b/arch/x86/platform/efi/efi_stub_32.S @@ -6,7 +6,9 @@ @@ -26562,22 +26322,35 @@ index fbe66e6..c5c0dd2 100644 ENTRY(efi_call_phys) /* * 0. The function can only be called in Linux kernel. So CS has been -@@ -36,9 +38,11 @@ ENTRY(efi_call_phys) +@@ -36,10 +38,24 @@ ENTRY(efi_call_phys) * The mapping of lower virtual memory has been created in prelog and * epilog. */ - movl $1f, %edx - subl $__PAGE_OFFSET, %edx - jmp *%edx ++#ifdef CONFIG_PAX_KERNEXEC + movl $(__KERNEXEC_EFI_DS), %edx + mov %edx, %ds + mov %edx, %es + mov %edx, %ss -+ ljmp $(__KERNEXEC_EFI_CS),$1f-__PAGE_OFFSET ++ addl $2f,(1f) ++ ljmp *(1f) ++ ++__INITDATA ++1: .long __LOAD_PHYSICAL_ADDR, __KERNEXEC_EFI_CS ++.previous ++ ++2: ++ subl $2b,(1b) ++#else ++ jmp 1f-__PAGE_OFFSET 1: ++#endif /* -@@ -47,14 +51,8 @@ ENTRY(efi_call_phys) + * 2. Now on the top of stack is the return +@@ -47,14 +63,8 @@ ENTRY(efi_call_phys) * parameter 2, ..., param n. To make things easy, we save the return * address of efi_call_phys in a global variable. */ @@ -26594,7 +26367,7 @@ index fbe66e6..c5c0dd2 100644 /* * 3. Clear PG bit in %CR0. -@@ -73,9 +71,8 @@ ENTRY(efi_call_phys) +@@ -73,9 +83,8 @@ ENTRY(efi_call_phys) /* * 5. Call the physical function. */ @@ -26605,7 +26378,7 @@ index fbe66e6..c5c0dd2 100644 /* * 6. After EFI runtime service returns, control will return to * following instruction. We'd better readjust stack pointer first. -@@ -88,35 +85,32 @@ ENTRY(efi_call_phys) +@@ -88,35 +97,36 @@ ENTRY(efi_call_phys) movl %cr0, %edx orl $0x80000000, %edx movl %edx, %cr0 @@ -26618,12 +26391,16 @@ index fbe66e6..c5c0dd2 100644 */ - movl $1f, %edx - jmp *%edx -+ ljmp $(__KERNEL_CS),$1f+__PAGE_OFFSET - 1: ++#ifdef CONFIG_PAX_KERNEXEC + movl $(__KERNEL_DS), %edx + mov %edx, %ds + mov %edx, %es + mov %edx, %ss ++ ljmp $(__KERNEL_CS),$1f ++#else ++ jmp 1f+__PAGE_OFFSET ++#endif + 1: /* * 9. Balance the stack. And because EAX contain the return value, @@ -26719,7 +26496,7 @@ index 4c07cca..2c8427d 100644 ret ENDPROC(efi_call6) diff --git a/arch/x86/platform/mrst/mrst.c b/arch/x86/platform/mrst/mrst.c -index e31bcd8..f12dc46 100644 +index fd41a92..9c33628 100644 --- a/arch/x86/platform/mrst/mrst.c +++ b/arch/x86/platform/mrst/mrst.c @@ -78,13 +78,15 @@ struct sfi_rtc_table_entry sfi_mrtc_array[SFI_MRTC_MAX]; @@ -26763,8 +26540,97 @@ index 218cdb1..fd55c08 100644 syscall_init(); /* This sets MSR_*STAR and related */ #endif +diff --git a/arch/x86/realmode/init.c b/arch/x86/realmode/init.c +index cbca565..35ce1d7 100644 +--- a/arch/x86/realmode/init.c ++++ b/arch/x86/realmode/init.c +@@ -62,7 +62,13 @@ void __init setup_real_mode(void) + __va(real_mode_header->trampoline_header); + + #ifdef CONFIG_X86_32 +- trampoline_header->start = __pa(startup_32_smp); ++ trampoline_header->start = __pa(ktla_ktva(startup_32_smp)); ++ ++#ifdef CONFIG_PAX_KERNEXEC ++ trampoline_header->start -= LOAD_PHYSICAL_ADDR; ++#endif ++ ++ trampoline_header->boot_cs = __BOOT_CS; + trampoline_header->gdt_limit = __BOOT_DS + 7; + trampoline_header->gdt_base = __pa(boot_gdt); + #else +diff --git a/arch/x86/realmode/rm/Makefile b/arch/x86/realmode/rm/Makefile +index 5b84a2d..a004393 100644 +--- a/arch/x86/realmode/rm/Makefile ++++ b/arch/x86/realmode/rm/Makefile +@@ -78,5 +78,8 @@ KBUILD_CFLAGS := $(LINUXINCLUDE) -m32 -g -Os -D_SETUP -D__KERNEL__ -D_WAKEUP \ + $(call cc-option, -fno-unit-at-a-time)) \ + $(call cc-option, -fno-stack-protector) \ + $(call cc-option, -mpreferred-stack-boundary=2) ++ifdef CONSTIFY_PLUGIN ++KBUILD_CFLAGS += $(CONSTIFY_PLUGIN) -fplugin-arg-constify_plugin-no-constify ++endif + KBUILD_AFLAGS := $(KBUILD_CFLAGS) -D__ASSEMBLY__ + GCOV_PROFILE := n +diff --git a/arch/x86/realmode/rm/trampoline_32.S b/arch/x86/realmode/rm/trampoline_32.S +index c1b2791..f9e31c7 100644 +--- a/arch/x86/realmode/rm/trampoline_32.S ++++ b/arch/x86/realmode/rm/trampoline_32.S +@@ -25,6 +25,12 @@ + #include + #include "realmode.h" + ++#ifdef CONFIG_PAX_KERNEXEC ++#define ta(X) (X) ++#else ++#define ta(X) (pa_ ## X) ++#endif ++ + .text + .code16 + +@@ -39,8 +45,6 @@ ENTRY(trampoline_start) + + cli # We should be safe anyway + +- movl tr_start, %eax # where we need to go +- + movl $0xA5A5A5A5, trampoline_status + # write marker for master knows we're running + +@@ -56,7 +60,7 @@ ENTRY(trampoline_start) + movw $1, %dx # protected mode (PE) bit + lmsw %dx # into protected mode + +- ljmpl $__BOOT_CS, $pa_startup_32 ++ ljmpl *(trampoline_header) + + .section ".text32","ax" + .code32 +@@ -67,7 +71,7 @@ ENTRY(startup_32) # note: also used from wakeup_asm.S + .balign 8 + GLOBAL(trampoline_header) + tr_start: .space 4 +- tr_gdt_pad: .space 2 ++ tr_boot_cs: .space 2 + tr_gdt: .space 6 + END(trampoline_header) + +diff --git a/arch/x86/realmode/rm/trampoline_64.S b/arch/x86/realmode/rm/trampoline_64.S +index bb360dc..3e5945f 100644 +--- a/arch/x86/realmode/rm/trampoline_64.S ++++ b/arch/x86/realmode/rm/trampoline_64.S +@@ -107,7 +107,7 @@ ENTRY(startup_32) + wrmsr + + # Enable paging and in turn activate Long Mode +- movl $(X86_CR0_PG | X86_CR0_WP | X86_CR0_PE), %eax ++ movl $(X86_CR0_PG | X86_CR0_PE), %eax + movl %eax, %cr0 + + /* diff --git a/arch/x86/tools/relocs.c b/arch/x86/tools/relocs.c -index b685296..e00eb65 100644 +index 5a1847d..deccb30 100644 --- a/arch/x86/tools/relocs.c +++ b/arch/x86/tools/relocs.c @@ -12,10 +12,13 @@ @@ -26781,7 +26647,7 @@ index b685296..e00eb65 100644 static unsigned long reloc_count, reloc_idx; static unsigned long *relocs; static unsigned long reloc16_count, reloc16_idx; -@@ -323,9 +326,39 @@ static void read_ehdr(FILE *fp) +@@ -330,9 +333,39 @@ static void read_ehdr(FILE *fp) } } @@ -26822,7 +26688,7 @@ index b685296..e00eb65 100644 Elf32_Shdr shdr; secs = calloc(ehdr.e_shnum, sizeof(struct section)); -@@ -360,7 +393,7 @@ static void read_shdrs(FILE *fp) +@@ -367,7 +400,7 @@ static void read_shdrs(FILE *fp) static void read_strtabs(FILE *fp) { @@ -26831,7 +26697,7 @@ index b685296..e00eb65 100644 for (i = 0; i < ehdr.e_shnum; i++) { struct section *sec = &secs[i]; if (sec->shdr.sh_type != SHT_STRTAB) { -@@ -385,7 +418,7 @@ static void read_strtabs(FILE *fp) +@@ -392,7 +425,7 @@ static void read_strtabs(FILE *fp) static void read_symtabs(FILE *fp) { @@ -26840,9 +26706,12 @@ index b685296..e00eb65 100644 for (i = 0; i < ehdr.e_shnum; i++) { struct section *sec = &secs[i]; if (sec->shdr.sh_type != SHT_SYMTAB) { -@@ -418,7 +451,9 @@ static void read_symtabs(FILE *fp) +@@ -423,9 +456,11 @@ static void read_symtabs(FILE *fp) + } - static void read_relocs(FILE *fp) + +-static void read_relocs(FILE *fp) ++static void read_relocs(FILE *fp, int use_real_mode) { - int i,j; + unsigned int i,j; @@ -26851,14 +26720,14 @@ index b685296..e00eb65 100644 for (i = 0; i < ehdr.e_shnum; i++) { struct section *sec = &secs[i]; if (sec->shdr.sh_type != SHT_REL) { -@@ -438,9 +473,22 @@ static void read_relocs(FILE *fp) +@@ -445,9 +480,22 @@ static void read_relocs(FILE *fp) die("Cannot read symbol table: %s\n", strerror(errno)); } + base = 0; + -+#if defined(CONFIG_PAX_KERNEXEC) && defined(CONFIG_X86_32) -+ for (j = 0; j < ehdr.e_phnum; j++) { ++#ifdef CONFIG_X86_32 ++ for (j = 0; !use_real_mode && j < ehdr.e_phnum; j++) { + if (phdr[j].p_type != PT_LOAD ) + continue; + if (secs[sec->shdr.sh_info].shdr.sh_offset < phdr[j].p_offset || secs[sec->shdr.sh_info].shdr.sh_offset >= phdr[j].p_offset + phdr[j].p_filesz) @@ -26875,7 +26744,7 @@ index b685296..e00eb65 100644 rel->r_info = elf32_to_cpu(rel->r_info); } } -@@ -449,13 +497,13 @@ static void read_relocs(FILE *fp) +@@ -456,13 +504,13 @@ static void read_relocs(FILE *fp) static void print_absolute_symbols(void) { @@ -26891,7 +26760,7 @@ index b685296..e00eb65 100644 if (sec->shdr.sh_type != SHT_SYMTAB) { continue; -@@ -482,14 +530,14 @@ static void print_absolute_symbols(void) +@@ -489,14 +537,14 @@ static void print_absolute_symbols(void) static void print_absolute_relocs(void) { @@ -26908,7 +26777,7 @@ index b685296..e00eb65 100644 if (sec->shdr.sh_type != SHT_REL) { continue; } -@@ -551,13 +599,13 @@ static void print_absolute_relocs(void) +@@ -558,13 +606,13 @@ static void print_absolute_relocs(void) static void walk_relocs(void (*visit)(Elf32_Rel *rel, Elf32_Sym *sym), int use_real_mode) { @@ -26924,30 +26793,32 @@ index b685296..e00eb65 100644 struct section *sec = &secs[i]; if (sec->shdr.sh_type != SHT_REL) { -@@ -581,6 +629,22 @@ static void walk_relocs(void (*visit)(Elf32_Rel *rel, Elf32_Sym *sym), +@@ -588,6 +636,24 @@ static void walk_relocs(void (*visit)(Elf32_Rel *rel, Elf32_Sym *sym), sym = &sh_symtab[ELF32_R_SYM(rel->r_info)]; r_type = ELF32_R_TYPE(rel->r_info); -+ /* Don't relocate actual per-cpu variables, they are absolute indices, not addresses */ -+ if (!strcmp(sec_name(sym->st_shndx), ".data..percpu") && strcmp(sym_name(sym_strtab, sym), "__per_cpu_load")) -+ continue; ++ if (!use_real_mode) { ++ /* Don't relocate actual per-cpu variables, they are absolute indices, not addresses */ ++ if (!strcmp(sec_name(sym->st_shndx), ".data..percpu") && strcmp(sym_name(sym_strtab, sym), "__per_cpu_load")) ++ continue; + +#if defined(CONFIG_PAX_KERNEXEC) && defined(CONFIG_X86_32) -+ /* Don't relocate actual code, they are relocated implicitly by the base address of KERNEL_CS */ -+ if (!strcmp(sec_name(sym->st_shndx), ".module.text") && !strcmp(sym_name(sym_strtab, sym), "_etext")) -+ continue; -+ if (!strcmp(sec_name(sym->st_shndx), ".init.text")) -+ continue; -+ if (!strcmp(sec_name(sym->st_shndx), ".exit.text")) -+ continue; -+ if (!strcmp(sec_name(sym->st_shndx), ".text") && strcmp(sym_name(sym_strtab, sym), "__LOAD_PHYSICAL_ADDR")) -+ continue; ++ /* Don't relocate actual code, they are relocated implicitly by the base address of KERNEL_CS */ ++ if (!strcmp(sec_name(sym->st_shndx), ".text.end") && !strcmp(sym_name(sym_strtab, sym), "_etext")) ++ continue; ++ if (!strcmp(sec_name(sym->st_shndx), ".init.text")) ++ continue; ++ if (!strcmp(sec_name(sym->st_shndx), ".exit.text")) ++ continue; ++ if (!strcmp(sec_name(sym->st_shndx), ".text") && strcmp(sym_name(sym_strtab, sym), "__LOAD_PHYSICAL_ADDR")) ++ continue; +#endif ++ } + shn_abs = sym->st_shndx == SHN_ABS; switch (r_type) { -@@ -674,7 +738,7 @@ static int write32(unsigned int v, FILE *f) +@@ -681,7 +747,7 @@ static int write32(unsigned int v, FILE *f) static void emit_relocs(int as_text, int use_real_mode) { @@ -26956,7 +26827,7 @@ index b685296..e00eb65 100644 /* Count how many relocations I have and allocate space for them. */ reloc_count = 0; walk_relocs(count_reloc, use_real_mode); -@@ -801,6 +865,7 @@ int main(int argc, char **argv) +@@ -808,10 +874,11 @@ int main(int argc, char **argv) fname, strerror(errno)); } read_ehdr(fp); @@ -26964,6 +26835,11 @@ index b685296..e00eb65 100644 read_shdrs(fp); read_strtabs(fp); read_symtabs(fp); +- read_relocs(fp); ++ read_relocs(fp, use_real_mode); + if (show_absolute_syms) { + print_absolute_symbols(); + return 0; diff --git a/arch/x86/vdso/Makefile b/arch/x86/vdso/Makefile index fd14be1..e3c79c0 100644 --- a/arch/x86/vdso/Makefile @@ -27137,10 +27013,10 @@ index 00aaf04..4a26505 100644 -} -__setup("vdso=", vdso_setup); diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c -index 40edfc3..b4d80ac 100644 +index ff962d4..2bb5e83 100644 --- a/arch/x86/xen/enlighten.c +++ b/arch/x86/xen/enlighten.c -@@ -95,8 +95,6 @@ EXPORT_SYMBOL_GPL(xen_start_info); +@@ -97,8 +97,6 @@ EXPORT_SYMBOL_GPL(xen_start_info); struct shared_info xen_dummy_shared_info; @@ -27149,7 +27025,7 @@ index 40edfc3..b4d80ac 100644 RESERVE_BRK(shared_info_page_brk, PAGE_SIZE); __read_mostly int xen_have_vector_callback; EXPORT_SYMBOL_GPL(xen_have_vector_callback); -@@ -1165,30 +1163,30 @@ static const struct pv_apic_ops xen_apic_ops __initconst = { +@@ -1175,30 +1173,30 @@ static const struct pv_apic_ops xen_apic_ops __initconst = { #endif }; @@ -27187,7 +27063,7 @@ index 40edfc3..b4d80ac 100644 { if (pm_power_off) pm_power_off(); -@@ -1291,7 +1289,17 @@ asmlinkage void __init xen_start_kernel(void) +@@ -1301,7 +1299,17 @@ asmlinkage void __init xen_start_kernel(void) __userpte_alloc_gfp &= ~__GFP_HIGHMEM; /* Work out if we support NX */ @@ -27206,7 +27082,7 @@ index 40edfc3..b4d80ac 100644 xen_setup_features(); -@@ -1322,13 +1330,6 @@ asmlinkage void __init xen_start_kernel(void) +@@ -1332,13 +1340,6 @@ asmlinkage void __init xen_start_kernel(void) machine_ops = xen_machine_ops; @@ -27221,7 +27097,7 @@ index 40edfc3..b4d80ac 100644 #ifdef CONFIG_ACPI_NUMA diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c -index 69f5857..0699dc5 100644 +index 3a73785..0d30df2 100644 --- a/arch/x86/xen/mmu.c +++ b/arch/x86/xen/mmu.c @@ -1738,6 +1738,9 @@ pgd_t * __init xen_setup_kernel_pagetable(pgd_t *pgd, @@ -27246,7 +27122,7 @@ index 69f5857..0699dc5 100644 set_page_prot(level2_kernel_pgt, PAGE_KERNEL_RO); set_page_prot(level2_fixmap_pgt, PAGE_KERNEL_RO); -@@ -1964,6 +1971,7 @@ static void __init xen_post_allocator_init(void) +@@ -1940,6 +1947,7 @@ static void __init xen_post_allocator_init(void) pv_mmu_ops.set_pud = xen_set_pud; #if PAGETABLE_LEVELS == 4 pv_mmu_ops.set_pgd = xen_set_pgd; @@ -27254,7 +27130,7 @@ index 69f5857..0699dc5 100644 #endif /* This will work as long as patching hasn't happened yet -@@ -2045,6 +2053,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = { +@@ -2021,6 +2029,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = { .pud_val = PV_CALLEE_SAVE(xen_pud_val), .make_pud = PV_CALLEE_SAVE(xen_make_pud), .set_pgd = xen_set_pgd_hyper, @@ -27263,10 +27139,10 @@ index 69f5857..0699dc5 100644 .alloc_pud = xen_alloc_pmd_init, .release_pud = xen_release_pmd_init, diff --git a/arch/x86/xen/smp.c b/arch/x86/xen/smp.c -index 0503c0c..ceb2d16 100644 +index afb250d..627075f 100644 --- a/arch/x86/xen/smp.c +++ b/arch/x86/xen/smp.c -@@ -215,11 +215,6 @@ static void __init xen_smp_prepare_boot_cpu(void) +@@ -231,11 +231,6 @@ static void __init xen_smp_prepare_boot_cpu(void) { BUG_ON(smp_processor_id() != 0); native_smp_prepare_boot_cpu(); @@ -27278,7 +27154,7 @@ index 0503c0c..ceb2d16 100644 xen_filter_cpu_maps(); xen_setup_vcpu_info_placement(); } -@@ -296,12 +291,12 @@ cpu_initialize_context(unsigned int cpu, struct task_struct *idle) +@@ -302,12 +297,12 @@ cpu_initialize_context(unsigned int cpu, struct task_struct *idle) gdt = get_cpu_gdt_table(cpu); ctxt->flags = VGCF_IN_KERNEL; @@ -27294,7 +27170,7 @@ index 0503c0c..ceb2d16 100644 #else ctxt->gs_base_kernel = per_cpu_offset(cpu); #endif -@@ -352,13 +347,12 @@ static int __cpuinit xen_cpu_up(unsigned int cpu) +@@ -357,13 +352,12 @@ static int __cpuinit xen_cpu_up(unsigned int cpu, struct task_struct *idle) int rc; per_cpu(current_task, cpu) = idle; @@ -27311,10 +27187,10 @@ index 0503c0c..ceb2d16 100644 xen_setup_runstate_info(cpu); xen_setup_timer(cpu); diff --git a/arch/x86/xen/xen-asm_32.S b/arch/x86/xen/xen-asm_32.S -index b040b0e..8cc4fe0 100644 +index f9643fc..602e8af 100644 --- a/arch/x86/xen/xen-asm_32.S +++ b/arch/x86/xen/xen-asm_32.S -@@ -83,14 +83,14 @@ ENTRY(xen_iret) +@@ -84,14 +84,14 @@ ENTRY(xen_iret) ESP_OFFSET=4 # bytes pushed onto stack /* @@ -27358,7 +27234,7 @@ index aaa7291..3f77960 100644 mov %rsi,xen_start_info mov $init_thread_union+THREAD_SIZE,%rsp diff --git a/arch/x86/xen/xen-ops.h b/arch/x86/xen/xen-ops.h -index b095739..8c17bcd 100644 +index 202d4c1..99b072a 100644 --- a/arch/x86/xen/xen-ops.h +++ b/arch/x86/xen/xen-ops.h @@ -10,8 +10,6 @@ @@ -27540,7 +27416,7 @@ index 6296b40..417c00f 100644 (u8 *) pte, count) < count) { diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c -index 260fa80..e8f3caf 100644 +index 9a87daa..fb17486 100644 --- a/block/scsi_ioctl.c +++ b/block/scsi_ioctl.c @@ -223,8 +223,20 @@ EXPORT_SYMBOL(blk_verify_command); @@ -27742,10 +27618,10 @@ index 0734086..3ad3e4c 100644 /* * Buggy BIOS check diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c -index d31ee55..8363a8b 100644 +index cece3a4..0845256 100644 --- a/drivers/ata/libata-core.c +++ b/drivers/ata/libata-core.c -@@ -4742,7 +4742,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) +@@ -4743,7 +4743,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) struct ata_port *ap; unsigned int tag; @@ -27754,7 +27630,7 @@ index d31ee55..8363a8b 100644 ap = qc->ap; qc->flags = 0; -@@ -4758,7 +4758,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) +@@ -4759,7 +4759,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) struct ata_port *ap; struct ata_link *link; @@ -27763,7 +27639,7 @@ index d31ee55..8363a8b 100644 WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE)); ap = qc->ap; link = qc->dev->link; -@@ -5822,6 +5822,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) +@@ -5823,6 +5823,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) return; spin_lock(&lock); @@ -27771,7 +27647,7 @@ index d31ee55..8363a8b 100644 for (cur = ops->inherits; cur; cur = cur->inherits) { void **inherit = (void **)cur; -@@ -5835,8 +5836,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) +@@ -5836,8 +5837,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) if (IS_ERR(*pp)) *pp = NULL; @@ -27783,7 +27659,7 @@ index d31ee55..8363a8b 100644 } diff --git a/drivers/ata/pata_arasan_cf.c b/drivers/ata/pata_arasan_cf.c -index 3239517..343b5f6 100644 +index ac6a5be..c7176b1 100644 --- a/drivers/ata/pata_arasan_cf.c +++ b/drivers/ata/pata_arasan_cf.c @@ -862,7 +862,9 @@ static int __devinit arasan_cf_probe(struct platform_device *pdev) @@ -27811,7 +27687,7 @@ index f9b983a..887b9d8 100644 return 0; } diff --git a/drivers/atm/ambassador.c b/drivers/atm/ambassador.c -index f8f41e0..1f987dd 100644 +index 89b30f3..7964211 100644 --- a/drivers/atm/ambassador.c +++ b/drivers/atm/ambassador.c @@ -454,7 +454,7 @@ static void tx_complete (amb_dev * dev, tx_out * tx) { @@ -28144,7 +28020,7 @@ index b182c2f..1c6fa8a 100644 return 0; } diff --git a/drivers/atm/horizon.c b/drivers/atm/horizon.c -index 75fd691..2d20b14 100644 +index 7d01c2a..4e3ac01 100644 --- a/drivers/atm/horizon.c +++ b/drivers/atm/horizon.c @@ -1034,7 +1034,7 @@ static void rx_schedule (hrz_dev * dev, int irq) { @@ -28166,7 +28042,7 @@ index 75fd691..2d20b14 100644 // free the skb hrz_kfree_skb (skb); diff --git a/drivers/atm/idt77252.c b/drivers/atm/idt77252.c -index 1c05212..c28e200 100644 +index 8974bd2..b856f85 100644 --- a/drivers/atm/idt77252.c +++ b/drivers/atm/idt77252.c @@ -812,7 +812,7 @@ drain_scq(struct idt77252_dev *card, struct vc_map *vc) @@ -28803,7 +28679,7 @@ index abe4e20..83c4727 100644 } diff --git a/drivers/base/devtmpfs.c b/drivers/base/devtmpfs.c -index 8493536..31adee0 100644 +index 765c3a2..771ace6 100644 --- a/drivers/base/devtmpfs.c +++ b/drivers/base/devtmpfs.c @@ -368,7 +368,7 @@ int devtmpfs_mount(const char *mntdir) @@ -28815,30 +28691,11 @@ index 8493536..31adee0 100644 if (err) printk(KERN_INFO "devtmpfs: error mounting %i\n", err); else -diff --git a/drivers/base/node.c b/drivers/base/node.c -index 90aa2a1..af1a177 100644 ---- a/drivers/base/node.c -+++ b/drivers/base/node.c -@@ -592,11 +592,9 @@ static ssize_t print_nodes_state(enum node_states state, char *buf) - { - int n; - -- n = nodelist_scnprintf(buf, PAGE_SIZE, node_states[state]); -- if (n > 0 && PAGE_SIZE > n + 1) { -- *(buf + n++) = '\n'; -- *(buf + n++) = '\0'; -- } -+ n = nodelist_scnprintf(buf, PAGE_SIZE-2, node_states[state]); -+ buf[n++] = '\n'; -+ buf[n] = '\0'; - return n; - } - diff --git a/drivers/base/power/wakeup.c b/drivers/base/power/wakeup.c -index 2a3e581..3d6a73f 100644 +index cbb463b..babe2cf 100644 --- a/drivers/base/power/wakeup.c +++ b/drivers/base/power/wakeup.c -@@ -30,14 +30,14 @@ bool events_check_enabled; +@@ -29,14 +29,14 @@ bool events_check_enabled __read_mostly; * They need to be modified together atomically, so it's better to use one * atomic variable to hold them both. */ @@ -28855,24 +28712,24 @@ index 2a3e581..3d6a73f 100644 *cnt = (comb >> IN_PROGRESS_BITS); *inpr = comb & MAX_IN_PROGRESS; -@@ -379,7 +379,7 @@ static void wakeup_source_activate(struct wakeup_source *ws) - ws->last_time = ktime_get(); +@@ -385,7 +385,7 @@ static void wakeup_source_activate(struct wakeup_source *ws) + ws->start_prevent_time = ws->last_time; /* Increment the counter of events in progress. */ -- atomic_inc(&combined_event_count); -+ atomic_inc_unchecked(&combined_event_count); - } +- cec = atomic_inc_return(&combined_event_count); ++ cec = atomic_inc_return_unchecked(&combined_event_count); - /** -@@ -475,7 +475,7 @@ static void wakeup_source_deactivate(struct wakeup_source *ws) + trace_wakeup_source_activate(ws->name, cec); + } +@@ -511,7 +511,7 @@ static void wakeup_source_deactivate(struct wakeup_source *ws) * Increment the counter of registered wakeup events and decrement the * couter of wakeup events in progress simultaneously. */ -- atomic_add(MAX_IN_PROGRESS, &combined_event_count); -+ atomic_add_unchecked(MAX_IN_PROGRESS, &combined_event_count); - } +- cec = atomic_add_return(MAX_IN_PROGRESS, &combined_event_count); ++ cec = atomic_add_return_unchecked(MAX_IN_PROGRESS, &combined_event_count); + trace_wakeup_source_deactivate(ws->name, cec); - /** + split_counters(&cnt, &inpr); diff --git a/drivers/block/cciss.c b/drivers/block/cciss.c index b0f553b..77b928b 100644 --- a/drivers/block/cciss.c @@ -29147,10 +29004,10 @@ index be73e9d..7fbf140 100644 cmdlist_t *reqQ; cmdlist_t *cmpQ; diff --git a/drivers/block/drbd/drbd_int.h b/drivers/block/drbd/drbd_int.h -index 8d68056..e67050f 100644 +index 02f013a..afeba24 100644 --- a/drivers/block/drbd/drbd_int.h +++ b/drivers/block/drbd/drbd_int.h -@@ -736,7 +736,7 @@ struct drbd_request; +@@ -735,7 +735,7 @@ struct drbd_request; struct drbd_epoch { struct list_head list; unsigned int barrier_nr; @@ -29159,7 +29016,7 @@ index 8d68056..e67050f 100644 atomic_t active; /* increased on every req. added, and dec on every finished. */ unsigned long flags; }; -@@ -1108,7 +1108,7 @@ struct drbd_conf { +@@ -1110,7 +1110,7 @@ struct drbd_conf { void *int_dig_in; void *int_dig_vv; wait_queue_head_t seq_wait; @@ -29168,7 +29025,7 @@ index 8d68056..e67050f 100644 unsigned int peer_seq; spinlock_t peer_seq_lock; unsigned int minor; -@@ -1617,30 +1617,30 @@ static inline int drbd_setsockopt(struct socket *sock, int level, int optname, +@@ -1651,30 +1651,30 @@ static inline int drbd_setsockopt(struct socket *sock, int level, int optname, static inline void drbd_tcp_cork(struct socket *sock) { @@ -29208,10 +29065,10 @@ index 8d68056..e67050f 100644 void drbd_bump_write_ordering(struct drbd_conf *mdev, enum write_ordering_e wo); diff --git a/drivers/block/drbd/drbd_main.c b/drivers/block/drbd/drbd_main.c -index 211fc44..c5116f1 100644 +index 920ede2..cb827ba 100644 --- a/drivers/block/drbd/drbd_main.c +++ b/drivers/block/drbd/drbd_main.c -@@ -2397,7 +2397,7 @@ static int _drbd_send_ack(struct drbd_conf *mdev, enum drbd_packets cmd, +@@ -2555,7 +2555,7 @@ static int _drbd_send_ack(struct drbd_conf *mdev, enum drbd_packets cmd, p.sector = sector; p.block_id = block_id; p.blksize = blksize; @@ -29220,16 +29077,16 @@ index 211fc44..c5116f1 100644 if (!mdev->meta.socket || mdev->state.conn < C_CONNECTED) return false; -@@ -2696,7 +2696,7 @@ int drbd_send_dblock(struct drbd_conf *mdev, struct drbd_request *req) +@@ -2853,7 +2853,7 @@ int drbd_send_dblock(struct drbd_conf *mdev, struct drbd_request *req) + p.sector = cpu_to_be64(req->sector); p.block_id = (unsigned long)req; - p.seq_num = cpu_to_be32(req->seq_num = -- atomic_add_return(1, &mdev->packet_seq)); -+ atomic_add_return_unchecked(1, &mdev->packet_seq)); +- p.seq_num = cpu_to_be32(atomic_add_return(1, &mdev->packet_seq)); ++ p.seq_num = cpu_to_be32(atomic_add_return_unchecked(1, &mdev->packet_seq)); dp_flags = bio_flags_to_wire(mdev, req->master_bio->bi_rw); -@@ -2981,7 +2981,7 @@ void drbd_init_set_defaults(struct drbd_conf *mdev) +@@ -3138,7 +3138,7 @@ void drbd_init_set_defaults(struct drbd_conf *mdev) atomic_set(&mdev->unacked_cnt, 0); atomic_set(&mdev->local_cnt, 0); atomic_set(&mdev->net_cnt, 0); @@ -29238,7 +29095,7 @@ index 211fc44..c5116f1 100644 atomic_set(&mdev->pp_in_use, 0); atomic_set(&mdev->pp_in_use_by_net, 0); atomic_set(&mdev->rs_sect_in, 0); -@@ -3063,8 +3063,8 @@ void drbd_mdev_cleanup(struct drbd_conf *mdev) +@@ -3220,8 +3220,8 @@ void drbd_mdev_cleanup(struct drbd_conf *mdev) mdev->receiver.t_state); /* no need to lock it, I'm the only thread alive */ @@ -29250,10 +29107,10 @@ index 211fc44..c5116f1 100644 mdev->bm_writ_cnt = mdev->read_cnt = diff --git a/drivers/block/drbd/drbd_nl.c b/drivers/block/drbd/drbd_nl.c -index 946166e..356b39a 100644 +index 6d4de6a..7b7ad4b 100644 --- a/drivers/block/drbd/drbd_nl.c +++ b/drivers/block/drbd/drbd_nl.c -@@ -2359,7 +2359,7 @@ static void drbd_connector_callback(struct cn_msg *req, struct netlink_skb_parms +@@ -2387,7 +2387,7 @@ static void drbd_connector_callback(struct cn_msg *req, struct netlink_skb_parms module_put(THIS_MODULE); } @@ -29262,7 +29119,7 @@ index 946166e..356b39a 100644 static unsigned short * __tl_add_blob(unsigned short *tl, enum drbd_tags tag, const void *data, -@@ -2430,7 +2430,7 @@ void drbd_bcast_state(struct drbd_conf *mdev, union drbd_state state) +@@ -2458,7 +2458,7 @@ void drbd_bcast_state(struct drbd_conf *mdev, union drbd_state state) cn_reply->id.idx = CN_IDX_DRBD; cn_reply->id.val = CN_VAL_DRBD; @@ -29271,7 +29128,7 @@ index 946166e..356b39a 100644 cn_reply->ack = 0; /* not used here. */ cn_reply->len = sizeof(struct drbd_nl_cfg_reply) + (int)((char *)tl - (char *)reply->tag_list); -@@ -2462,7 +2462,7 @@ void drbd_bcast_ev_helper(struct drbd_conf *mdev, char *helper_name) +@@ -2490,7 +2490,7 @@ void drbd_bcast_ev_helper(struct drbd_conf *mdev, char *helper_name) cn_reply->id.idx = CN_IDX_DRBD; cn_reply->id.val = CN_VAL_DRBD; @@ -29280,7 +29137,7 @@ index 946166e..356b39a 100644 cn_reply->ack = 0; /* not used here. */ cn_reply->len = sizeof(struct drbd_nl_cfg_reply) + (int)((char *)tl - (char *)reply->tag_list); -@@ -2540,7 +2540,7 @@ void drbd_bcast_ee(struct drbd_conf *mdev, +@@ -2568,7 +2568,7 @@ void drbd_bcast_ee(struct drbd_conf *mdev, cn_reply->id.idx = CN_IDX_DRBD; cn_reply->id.val = CN_VAL_DRBD; @@ -29289,7 +29146,7 @@ index 946166e..356b39a 100644 cn_reply->ack = 0; // not used here. cn_reply->len = sizeof(struct drbd_nl_cfg_reply) + (int)((char*)tl - (char*)reply->tag_list); -@@ -2579,7 +2579,7 @@ void drbd_bcast_sync_progress(struct drbd_conf *mdev) +@@ -2607,7 +2607,7 @@ void drbd_bcast_sync_progress(struct drbd_conf *mdev) cn_reply->id.idx = CN_IDX_DRBD; cn_reply->id.val = CN_VAL_DRBD; @@ -29299,10 +29156,10 @@ index 946166e..356b39a 100644 cn_reply->len = sizeof(struct drbd_nl_cfg_reply) + (int)((char *)tl - (char *)reply->tag_list); diff --git a/drivers/block/drbd/drbd_receiver.c b/drivers/block/drbd/drbd_receiver.c -index 43beaca..4a5b1dd 100644 +index ea4836e..272d72a 100644 --- a/drivers/block/drbd/drbd_receiver.c +++ b/drivers/block/drbd/drbd_receiver.c -@@ -894,7 +894,7 @@ retry: +@@ -893,7 +893,7 @@ retry: sock->sk->sk_sndtimeo = mdev->net_conf->timeout*HZ/10; sock->sk->sk_rcvtimeo = MAX_SCHEDULE_TIMEOUT; @@ -29310,8 +29167,8 @@ index 43beaca..4a5b1dd 100644 + atomic_set_unchecked(&mdev->packet_seq, 0); mdev->peer_seq = 0; - drbd_thread_start(&mdev->asender); -@@ -985,7 +985,7 @@ static enum finish_epoch drbd_may_finish_epoch(struct drbd_conf *mdev, + if (drbd_send_protocol(mdev) == -1) +@@ -994,7 +994,7 @@ static enum finish_epoch drbd_may_finish_epoch(struct drbd_conf *mdev, do { next_epoch = NULL; @@ -29320,7 +29177,7 @@ index 43beaca..4a5b1dd 100644 switch (ev & ~EV_CLEANUP) { case EV_PUT: -@@ -1020,7 +1020,7 @@ static enum finish_epoch drbd_may_finish_epoch(struct drbd_conf *mdev, +@@ -1030,7 +1030,7 @@ static enum finish_epoch drbd_may_finish_epoch(struct drbd_conf *mdev, rv = FE_DESTROYED; } else { epoch->flags = 0; @@ -29329,7 +29186,7 @@ index 43beaca..4a5b1dd 100644 /* atomic_set(&epoch->active, 0); is already zero */ if (rv == FE_STILL_LIVE) rv = FE_RECYCLED; -@@ -1191,14 +1191,14 @@ static int receive_Barrier(struct drbd_conf *mdev, enum drbd_packets cmd, unsign +@@ -1205,14 +1205,14 @@ static int receive_Barrier(struct drbd_conf *mdev, enum drbd_packets cmd, unsign drbd_wait_ee_list_empty(mdev, &mdev->active_ee); drbd_flush(mdev); @@ -29346,7 +29203,7 @@ index 43beaca..4a5b1dd 100644 D_ASSERT(atomic_read(&epoch->active) == 0); D_ASSERT(epoch->flags == 0); -@@ -1210,11 +1210,11 @@ static int receive_Barrier(struct drbd_conf *mdev, enum drbd_packets cmd, unsign +@@ -1224,11 +1224,11 @@ static int receive_Barrier(struct drbd_conf *mdev, enum drbd_packets cmd, unsign } epoch->flags = 0; @@ -29360,7 +29217,7 @@ index 43beaca..4a5b1dd 100644 list_add(&epoch->list, &mdev->current_epoch->list); mdev->current_epoch = epoch; mdev->epochs++; -@@ -1663,7 +1663,7 @@ static int receive_Data(struct drbd_conf *mdev, enum drbd_packets cmd, unsigned +@@ -1695,7 +1695,7 @@ static int receive_Data(struct drbd_conf *mdev, enum drbd_packets cmd, unsigned spin_unlock(&mdev->peer_seq_lock); drbd_send_ack_dp(mdev, P_NEG_ACK, p, data_size); @@ -29369,7 +29226,7 @@ index 43beaca..4a5b1dd 100644 return drbd_drain_block(mdev, data_size); } -@@ -1689,7 +1689,7 @@ static int receive_Data(struct drbd_conf *mdev, enum drbd_packets cmd, unsigned +@@ -1721,7 +1721,7 @@ static int receive_Data(struct drbd_conf *mdev, enum drbd_packets cmd, unsigned spin_lock(&mdev->epoch_lock); e->epoch = mdev->current_epoch; @@ -29378,7 +29235,7 @@ index 43beaca..4a5b1dd 100644 atomic_inc(&e->epoch->active); spin_unlock(&mdev->epoch_lock); -@@ -3885,7 +3885,7 @@ static void drbd_disconnect(struct drbd_conf *mdev) +@@ -3936,7 +3936,7 @@ static void drbd_disconnect(struct drbd_conf *mdev) D_ASSERT(list_empty(&mdev->done_ee)); /* ok, no more ee's on the fly, it is safe to reset the epoch_size */ @@ -29388,7 +29245,7 @@ index 43beaca..4a5b1dd 100644 } diff --git a/drivers/block/loop.c b/drivers/block/loop.c -index bbca966..65e37dd 100644 +index 3bba655..6151b66 100644 --- a/drivers/block/loop.c +++ b/drivers/block/loop.c @@ -226,7 +226,7 @@ static int __do_lo_send_write(struct file *file, @@ -29401,7 +29258,7 @@ index bbca966..65e37dd 100644 if (likely(bw == len)) return 0; diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig -index ee94686..3e09ad3 100644 +index ea6f632..eafb192 100644 --- a/drivers/char/Kconfig +++ b/drivers/char/Kconfig @@ -8,7 +8,8 @@ source "drivers/tty/Kconfig" @@ -29542,7 +29399,7 @@ index 47ff7e4..0c7d340 100644 .part_num = MBCS_PART_NUM, .mfg_num = MBCS_MFG_NUM, diff --git a/drivers/char/mem.c b/drivers/char/mem.c -index d6e9d08..0c314bf 100644 +index 67c3371..ba8429d 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c @@ -18,6 +18,7 @@ @@ -29667,7 +29524,7 @@ index d6e9d08..0c314bf 100644 return -EFAULT; buf += sz; p += sz; -@@ -867,6 +914,9 @@ static const struct memdev { +@@ -831,6 +878,9 @@ static const struct memdev { #ifdef CONFIG_CRASH_DUMP [12] = { "oldmem", 0, &oldmem_fops, NULL }, #endif @@ -29690,6 +29547,81 @@ index 9df78e2..01ba9ae 100644 return -EFAULT; *ppos = i; +diff --git a/drivers/char/pcmcia/synclink_cs.c b/drivers/char/pcmcia/synclink_cs.c +index 0a484b4..f48ccd1 100644 +--- a/drivers/char/pcmcia/synclink_cs.c ++++ b/drivers/char/pcmcia/synclink_cs.c +@@ -2340,9 +2340,9 @@ static void mgslpc_close(struct tty_struct *tty, struct file * filp) + + if (debug_level >= DEBUG_LEVEL_INFO) + printk("%s(%d):mgslpc_close(%s) entry, count=%d\n", +- __FILE__,__LINE__, info->device_name, port->count); ++ __FILE__,__LINE__, info->device_name, atomic_read(&port->count)); + +- WARN_ON(!port->count); ++ WARN_ON(!atomic_read(&port->count)); + + if (tty_port_close_start(port, tty, filp) == 0) + goto cleanup; +@@ -2360,7 +2360,7 @@ static void mgslpc_close(struct tty_struct *tty, struct file * filp) + cleanup: + if (debug_level >= DEBUG_LEVEL_INFO) + printk("%s(%d):mgslpc_close(%s) exit, count=%d\n", __FILE__,__LINE__, +- tty->driver->name, port->count); ++ tty->driver->name, atomic_read(&port->count)); + } + + /* Wait until the transmitter is empty. +@@ -2502,7 +2502,7 @@ static int mgslpc_open(struct tty_struct *tty, struct file * filp) + + if (debug_level >= DEBUG_LEVEL_INFO) + printk("%s(%d):mgslpc_open(%s), old ref count = %d\n", +- __FILE__,__LINE__,tty->driver->name, port->count); ++ __FILE__,__LINE__,tty->driver->name, atomic_read(&port->count)); + + /* If port is closing, signal caller to try again */ + if (tty_hung_up_p(filp) || port->flags & ASYNC_CLOSING){ +@@ -2522,11 +2522,11 @@ static int mgslpc_open(struct tty_struct *tty, struct file * filp) + goto cleanup; + } + spin_lock(&port->lock); +- port->count++; ++ atomic_inc(&port->count); + spin_unlock(&port->lock); + spin_unlock_irqrestore(&info->netlock, flags); + +- if (port->count == 1) { ++ if (atomic_read(&port->count) == 1) { + /* 1st open on this device, init hardware */ + retval = startup(info, tty); + if (retval < 0) +@@ -3891,7 +3891,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding, + unsigned short new_crctype; + + /* return error if TTY interface open */ +- if (info->port.count) ++ if (atomic_read(&info->port.count)) + return -EBUSY; + + switch (encoding) +@@ -3994,7 +3994,7 @@ static int hdlcdev_open(struct net_device *dev) + + /* arbitrate between network and tty opens */ + spin_lock_irqsave(&info->netlock, flags); +- if (info->port.count != 0 || info->netcount != 0) { ++ if (atomic_read(&info->port.count) != 0 || info->netcount != 0) { + printk(KERN_WARNING "%s: hdlc_open returning busy\n", dev->name); + spin_unlock_irqrestore(&info->netlock, flags); + return -EBUSY; +@@ -4083,7 +4083,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) + printk("%s:hdlcdev_ioctl(%s)\n",__FILE__,dev->name); + + /* return error if TTY interface open */ +- if (info->port.count) ++ if (atomic_read(&info->port.count)) + return -EBUSY; + + if (cmd != SIOCWANDEV) diff --git a/drivers/char/random.c b/drivers/char/random.c index 4ec04a7..9918387 100644 --- a/drivers/char/random.c @@ -29805,7 +29737,7 @@ index 45713f0..8286d21 100644 return 0; diff --git a/drivers/char/tpm/tpm.c b/drivers/char/tpm/tpm.c -index ad7c732..5aa8054 100644 +index 08427ab..1ab10b7 100644 --- a/drivers/char/tpm/tpm.c +++ b/drivers/char/tpm/tpm.c @@ -415,7 +415,7 @@ static ssize_t tpm_transmit(struct tpm_chip *chip, const char *buf, @@ -29974,10 +29906,10 @@ index 97f5064..202b6e6 100644 } } diff --git a/drivers/edac/mce_amd.h b/drivers/edac/mce_amd.h -index c6074c5..88a9e2e 100644 +index 8c87a5e..a19cbd7 100644 --- a/drivers/edac/mce_amd.h +++ b/drivers/edac/mce_amd.h -@@ -82,7 +82,7 @@ extern const char * const ii_msgs[]; +@@ -80,7 +80,7 @@ extern const char * const ii_msgs[]; struct amd_decoder_ops { bool (*dc_mce)(u16, u8); bool (*ic_mce)(u16, u8); @@ -29987,10 +29919,10 @@ index c6074c5..88a9e2e 100644 void amd_report_gart_errors(bool); void amd_register_ecc_decoder(void (*f)(int, struct mce *)); diff --git a/drivers/firewire/core-card.c b/drivers/firewire/core-card.c -index cc595eb..4ec702a 100644 +index 57ea7f4..789e3c3 100644 --- a/drivers/firewire/core-card.c +++ b/drivers/firewire/core-card.c -@@ -679,7 +679,7 @@ void fw_card_release(struct kref *kref) +@@ -680,7 +680,7 @@ EXPORT_SYMBOL_GPL(fw_card_release); void fw_core_remove_card(struct fw_card *card) { @@ -30000,10 +29932,10 @@ index cc595eb..4ec702a 100644 card->driver->update_phy_reg(card, 4, PHY_LINK_ACTIVE | PHY_CONTENDER, 0); diff --git a/drivers/firewire/core-cdev.c b/drivers/firewire/core-cdev.c -index 2e6b245..c3857d9 100644 +index 2783f69..9f4b0cc 100644 --- a/drivers/firewire/core-cdev.c +++ b/drivers/firewire/core-cdev.c -@@ -1341,8 +1341,7 @@ static int init_iso_resource(struct client *client, +@@ -1365,8 +1365,7 @@ static int init_iso_resource(struct client *client, int ret; if ((request->channels == 0 && request->bandwidth == 0) || @@ -30014,7 +29946,7 @@ index 2e6b245..c3857d9 100644 r = kmalloc(sizeof(*r), GFP_KERNEL); diff --git a/drivers/firewire/core-transaction.c b/drivers/firewire/core-transaction.c -index dea2dcc..a4fb978 100644 +index 780708d..ad60a66 100644 --- a/drivers/firewire/core-transaction.c +++ b/drivers/firewire/core-transaction.c @@ -37,6 +37,7 @@ @@ -30026,10 +29958,10 @@ index dea2dcc..a4fb978 100644 #include diff --git a/drivers/firewire/core.h b/drivers/firewire/core.h -index 9047f55..e47c7ff 100644 +index 515a42c..5ecf3ba 100644 --- a/drivers/firewire/core.h +++ b/drivers/firewire/core.h -@@ -110,6 +110,7 @@ struct fw_card_driver { +@@ -111,6 +111,7 @@ struct fw_card_driver { int (*stop_iso)(struct fw_iso_context *ctx); }; @@ -30076,7 +30008,7 @@ index 82d5c20..44a7177 100644 return -EINVAL; } diff --git a/drivers/gpu/drm/drm_crtc_helper.c b/drivers/gpu/drm/drm_crtc_helper.c -index 8111889..367b253 100644 +index 3252e70..b5314ace 100644 --- a/drivers/gpu/drm/drm_crtc_helper.c +++ b/drivers/gpu/drm/drm_crtc_helper.c @@ -286,7 +286,7 @@ static bool drm_encoder_crtc_ok(struct drm_encoder *encoder, @@ -30089,10 +30021,10 @@ index 8111889..367b253 100644 dev = crtc->dev; diff --git a/drivers/gpu/drm/drm_drv.c b/drivers/gpu/drm/drm_drv.c -index 6116e3b..c29dd16 100644 +index 8a9d079..606cdd5 100644 --- a/drivers/gpu/drm/drm_drv.c +++ b/drivers/gpu/drm/drm_drv.c -@@ -316,7 +316,7 @@ module_exit(drm_core_exit); +@@ -318,7 +318,7 @@ module_exit(drm_core_exit); /** * Copy and IOCTL return string to user space */ @@ -30101,7 +30033,7 @@ index 6116e3b..c29dd16 100644 { int len; -@@ -399,7 +399,7 @@ long drm_ioctl(struct file *filp, +@@ -401,7 +401,7 @@ long drm_ioctl(struct file *filp, return -ENODEV; atomic_inc(&dev->ioctl_count); @@ -30295,7 +30227,7 @@ index 637fcc3..e890b33 100644 if (__put_user(count, &request->count) || __put_user(list, &request->list)) diff --git a/drivers/gpu/drm/drm_ioctl.c b/drivers/gpu/drm/drm_ioctl.c -index cf85155..f2665cb 100644 +index 64a62c6..ceab35e 100644 --- a/drivers/gpu/drm/drm_ioctl.c +++ b/drivers/gpu/drm/drm_ioctl.c @@ -252,7 +252,7 @@ int drm_getstats(struct drm_device *dev, void *data, @@ -30308,7 +30240,7 @@ index cf85155..f2665cb 100644 } diff --git a/drivers/gpu/drm/drm_lock.c b/drivers/gpu/drm/drm_lock.c -index c79c713..2048588 100644 +index 5211520..c744d85 100644 --- a/drivers/gpu/drm/drm_lock.c +++ b/drivers/gpu/drm/drm_lock.c @@ -90,7 +90,7 @@ int drm_lock(struct drm_device *dev, void *data, struct drm_file *file_priv) @@ -30330,10 +30262,10 @@ index c79c713..2048588 100644 if (drm_lock_free(&master->lock, lock->context)) { /* FIXME: Should really bail out here. */ diff --git a/drivers/gpu/drm/drm_stub.c b/drivers/gpu/drm/drm_stub.c -index aa454f8..6d38580 100644 +index 21bcd4a..8e074e0 100644 --- a/drivers/gpu/drm/drm_stub.c +++ b/drivers/gpu/drm/drm_stub.c -@@ -512,7 +512,7 @@ void drm_unplug_dev(struct drm_device *dev) +@@ -511,7 +511,7 @@ void drm_unplug_dev(struct drm_device *dev) drm_device_set_unplugged(dev); @@ -30343,10 +30275,10 @@ index aa454f8..6d38580 100644 } mutex_unlock(&drm_global_mutex); diff --git a/drivers/gpu/drm/i810/i810_dma.c b/drivers/gpu/drm/i810/i810_dma.c -index f920fb5..001c52d 100644 +index fa94391..ed26ec8 100644 --- a/drivers/gpu/drm/i810/i810_dma.c +++ b/drivers/gpu/drm/i810/i810_dma.c -@@ -945,8 +945,8 @@ static int i810_dma_vertex(struct drm_device *dev, void *data, +@@ -943,8 +943,8 @@ static int i810_dma_vertex(struct drm_device *dev, void *data, dma->buflist[vertex->idx], vertex->discard, vertex->used); @@ -30357,7 +30289,7 @@ index f920fb5..001c52d 100644 sarea_priv->last_enqueue = dev_priv->counter - 1; sarea_priv->last_dispatch = (int)hw_status[5]; -@@ -1106,8 +1106,8 @@ static int i810_dma_mc(struct drm_device *dev, void *data, +@@ -1104,8 +1104,8 @@ static int i810_dma_mc(struct drm_device *dev, void *data, i810_dma_dispatch_mc(dev, dma->buflist[mc->idx], mc->used, mc->last_render); @@ -30384,10 +30316,10 @@ index c9339f4..f5e1b9d 100644 int front_offset; } drm_i810_private_t; diff --git a/drivers/gpu/drm/i915/i915_debugfs.c b/drivers/gpu/drm/i915/i915_debugfs.c -index e6162a1..b2ff486 100644 +index 5363e9c..59360d1 100644 --- a/drivers/gpu/drm/i915/i915_debugfs.c +++ b/drivers/gpu/drm/i915/i915_debugfs.c -@@ -500,7 +500,7 @@ static int i915_interrupt_info(struct seq_file *m, void *data) +@@ -518,7 +518,7 @@ static int i915_interrupt_info(struct seq_file *m, void *data) I915_READ(GTIMR)); } seq_printf(m, "Interrupts received: %d\n", @@ -30396,20 +30328,11 @@ index e6162a1..b2ff486 100644 for (i = 0; i < I915_NUM_RINGS; i++) { if (IS_GEN6(dev) || IS_GEN7(dev)) { seq_printf(m, "Graphics Interrupt mask (%s): %08x\n", -@@ -1313,7 +1313,7 @@ static int i915_opregion(struct seq_file *m, void *unused) - return ret; - - if (opregion->header) -- seq_write(m, opregion->header, OPREGION_SIZE); -+ seq_write(m, (const void __force_kernel *)opregion->header, OPREGION_SIZE); - - mutex_unlock(&dev->struct_mutex); - diff --git a/drivers/gpu/drm/i915/i915_dma.c b/drivers/gpu/drm/i915/i915_dma.c -index ba60f3c..e2dff7f 100644 +index 36822b9..b725e1b 100644 --- a/drivers/gpu/drm/i915/i915_dma.c +++ b/drivers/gpu/drm/i915/i915_dma.c -@@ -1178,7 +1178,7 @@ static bool i915_switcheroo_can_switch(struct pci_dev *pdev) +@@ -1266,7 +1266,7 @@ static bool i915_switcheroo_can_switch(struct pci_dev *pdev) bool can_switch; spin_lock(&dev->count_lock); @@ -30419,10 +30342,10 @@ index ba60f3c..e2dff7f 100644 return can_switch; } diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h -index 5fabc6c..0b08aa1 100644 +index b0b676a..d107105 100644 --- a/drivers/gpu/drm/i915/i915_drv.h +++ b/drivers/gpu/drm/i915/i915_drv.h -@@ -240,7 +240,7 @@ struct drm_i915_display_funcs { +@@ -268,7 +268,7 @@ struct drm_i915_display_funcs { /* render clock increase/decrease */ /* display clock increase/decrease */ /* pll clock increase/decrease */ @@ -30431,7 +30354,7 @@ index 5fabc6c..0b08aa1 100644 struct intel_device_info { u8 gen; -@@ -350,7 +350,7 @@ typedef struct drm_i915_private { +@@ -386,7 +386,7 @@ typedef struct drm_i915_private { int current_page; int page_flipping; @@ -30440,7 +30363,7 @@ index 5fabc6c..0b08aa1 100644 /* protects the irq masks */ spinlock_t irq_lock; -@@ -937,7 +937,7 @@ struct drm_i915_gem_object { +@@ -985,7 +985,7 @@ struct drm_i915_gem_object { * will be page flipped away on the next vblank. When it * reaches 0, dev_priv->pending_flip_queue will be woken up. */ @@ -30449,8 +30372,8 @@ index 5fabc6c..0b08aa1 100644 }; #define to_intel_bo(x) container_of(x, struct drm_i915_gem_object, base) -@@ -1359,7 +1359,7 @@ extern int intel_setup_gmbus(struct drm_device *dev); - extern void intel_teardown_gmbus(struct drm_device *dev); +@@ -1434,7 +1434,7 @@ extern struct i2c_adapter *intel_gmbus_get_adapter( + struct drm_i915_private *dev_priv, unsigned port); extern void intel_gmbus_set_speed(struct i2c_adapter *adapter, int speed); extern void intel_gmbus_force_bit(struct i2c_adapter *adapter, bool force_bit); -extern inline bool intel_gmbus_is_forced_bit(struct i2c_adapter *adapter) @@ -30459,7 +30382,7 @@ index 5fabc6c..0b08aa1 100644 return container_of(adapter, struct intel_gmbus, adapter)->force_bit; } diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c -index de43194..a14c4cc 100644 +index 974a9f1..b3ebd45 100644 --- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c +++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c @@ -189,7 +189,7 @@ i915_gem_object_set_to_gpu_domain(struct drm_i915_gem_object *obj, @@ -30471,7 +30394,7 @@ index de43194..a14c4cc 100644 /* The actual obj->write_domain will be updated with * pending_write_domain after we emit the accumulated flush for all -@@ -933,9 +933,9 @@ i915_gem_check_execbuffer(struct drm_i915_gem_execbuffer2 *exec) +@@ -916,9 +916,9 @@ i915_gem_check_execbuffer(struct drm_i915_gem_execbuffer2 *exec) static int validate_exec_list(struct drm_i915_gem_exec_object2 *exec, @@ -30484,59 +30407,113 @@ index de43194..a14c4cc 100644 for (i = 0; i < count; i++) { char __user *ptr = (char __user *)(uintptr_t)exec[i].relocs_ptr; diff --git a/drivers/gpu/drm/i915/i915_irq.c b/drivers/gpu/drm/i915/i915_irq.c -index 26c67a7..8d4cbcb 100644 +index ed3224c..6618589 100644 --- a/drivers/gpu/drm/i915/i915_irq.c +++ b/drivers/gpu/drm/i915/i915_irq.c -@@ -496,7 +496,7 @@ static irqreturn_t ivybridge_irq_handler(DRM_IRQ_ARGS) - u32 de_iir, gt_iir, de_ier, pch_iir, pm_iir; - struct drm_i915_master_private *master_priv; +@@ -433,7 +433,7 @@ static irqreturn_t valleyview_irq_handler(DRM_IRQ_ARGS) + int vblank = 0; + bool blc_event; + +- atomic_inc(&dev_priv->irq_received); ++ atomic_inc_unchecked(&dev_priv->irq_received); + + vblank_status = PIPE_START_VBLANK_INTERRUPT_STATUS | + PIPE_VBLANK_INTERRUPT_STATUS; +@@ -586,7 +586,7 @@ static irqreturn_t ivybridge_irq_handler(DRM_IRQ_ARGS) + irqreturn_t ret = IRQ_NONE; + int i; - atomic_inc(&dev_priv->irq_received); + atomic_inc_unchecked(&dev_priv->irq_received); /* disable master interrupt before clearing iir */ de_ier = I915_READ(DEIER); -@@ -579,7 +579,7 @@ static irqreturn_t ironlake_irq_handler(DRM_IRQ_ARGS) - struct drm_i915_master_private *master_priv; - u32 bsd_usr_interrupt = GT_BSD_USER_INTERRUPT; +@@ -661,7 +661,7 @@ static irqreturn_t ironlake_irq_handler(DRM_IRQ_ARGS) + u32 de_iir, gt_iir, de_ier, pch_iir, pm_iir; + u32 hotplug_mask; - atomic_inc(&dev_priv->irq_received); + atomic_inc_unchecked(&dev_priv->irq_received); - if (IS_GEN6(dev)) - bsd_usr_interrupt = GT_GEN6_BSD_USER_INTERRUPT; -@@ -1291,7 +1291,7 @@ static irqreturn_t i915_driver_irq_handler(DRM_IRQ_ARGS) - int ret = IRQ_NONE, pipe; - bool blc_event = false; + /* disable master interrupt before clearing iir */ + de_ier = I915_READ(DEIER); +@@ -1646,7 +1646,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev) + { + drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; + +- atomic_set(&dev_priv->irq_received, 0); ++ atomic_set_unchecked(&dev_priv->irq_received, 0); + + + I915_WRITE(HWSTAM, 0xeffe); +@@ -1673,7 +1673,7 @@ static void valleyview_irq_preinstall(struct drm_device *dev) + drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; + int pipe; + +- atomic_set(&dev_priv->irq_received, 0); ++ atomic_set_unchecked(&dev_priv->irq_received, 0); + + /* VLV magic */ + I915_WRITE(VLV_IMR, 0); +@@ -1969,7 +1969,7 @@ static void i8xx_irq_preinstall(struct drm_device * dev) + drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; + int pipe; + +- atomic_set(&dev_priv->irq_received, 0); ++ atomic_set_unchecked(&dev_priv->irq_received, 0); + + for_each_pipe(pipe) + I915_WRITE(PIPESTAT(pipe), 0); +@@ -2020,7 +2020,7 @@ static irqreturn_t i8xx_irq_handler(DRM_IRQ_ARGS) + I915_DISPLAY_PLANE_A_FLIP_PENDING_INTERRUPT | + I915_DISPLAY_PLANE_B_FLIP_PENDING_INTERRUPT; - atomic_inc(&dev_priv->irq_received); + atomic_inc_unchecked(&dev_priv->irq_received); - iir = I915_READ(IIR); - -@@ -1802,7 +1802,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev) - { + iir = I915_READ16(IIR); + if (iir == 0) +@@ -2105,7 +2105,7 @@ static void i915_irq_preinstall(struct drm_device * dev) drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; + int pipe; - atomic_set(&dev_priv->irq_received, 0); + atomic_set_unchecked(&dev_priv->irq_received, 0); - INIT_WORK(&dev_priv->hotplug_work, i915_hotplug_work_func); - INIT_WORK(&dev_priv->error_work, i915_error_work_func); -@@ -1979,7 +1979,7 @@ static void i915_driver_irq_preinstall(struct drm_device * dev) + if (I915_HAS_HOTPLUG(dev)) { + I915_WRITE(PORT_HOTPLUG_EN, 0); +@@ -2200,7 +2200,7 @@ static irqreturn_t i915_irq_handler(DRM_IRQ_ARGS) + }; + int pipe, ret = IRQ_NONE; + +- atomic_inc(&dev_priv->irq_received); ++ atomic_inc_unchecked(&dev_priv->irq_received); + + iir = I915_READ(IIR); + do { +@@ -2326,7 +2326,7 @@ static void i965_irq_preinstall(struct drm_device * dev) drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; int pipe; - atomic_set(&dev_priv->irq_received, 0); + atomic_set_unchecked(&dev_priv->irq_received, 0); - INIT_WORK(&dev_priv->hotplug_work, i915_hotplug_work_func); - INIT_WORK(&dev_priv->error_work, i915_error_work_func); + if (I915_HAS_HOTPLUG(dev)) { + I915_WRITE(PORT_HOTPLUG_EN, 0); +@@ -2436,7 +2436,7 @@ static irqreturn_t i965_irq_handler(DRM_IRQ_ARGS) + int irq_received; + int ret = IRQ_NONE, pipe; + +- atomic_inc(&dev_priv->irq_received); ++ atomic_inc_unchecked(&dev_priv->irq_received); + + iir = I915_READ(IIR); + diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c -index d4d162f..b49a04e 100644 +index a8538ac..4868a05 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c -@@ -2254,7 +2254,7 @@ intel_finish_fb(struct drm_framebuffer *old_fb) +@@ -2000,7 +2000,7 @@ intel_finish_fb(struct drm_framebuffer *old_fb) wait_event(dev_priv->pending_flip_queue, atomic_read(&dev_priv->mm.wedged) || @@ -30545,16 +30522,7 @@ index d4d162f..b49a04e 100644 /* Big Hammer, we also need to ensure that any pending * MI_WAIT_FOR_EVENT inside a user batch buffer on the -@@ -2919,7 +2919,7 @@ static void intel_crtc_wait_for_pending_flips(struct drm_crtc *crtc) - obj = to_intel_framebuffer(crtc->fb)->obj; - dev_priv = crtc->dev->dev_private; - wait_event(dev_priv->pending_flip_queue, -- atomic_read(&obj->pending_flip) == 0); -+ atomic_read_unchecked(&obj->pending_flip) == 0); - } - - static bool intel_crtc_driving_pch(struct drm_crtc *crtc) -@@ -7284,9 +7284,8 @@ static void do_intel_finish_page_flip(struct drm_device *dev, +@@ -5925,9 +5925,8 @@ static void do_intel_finish_page_flip(struct drm_device *dev, obj = work->old_fb_obj; @@ -30566,7 +30534,7 @@ index d4d162f..b49a04e 100644 wake_up(&dev_priv->pending_flip_queue); schedule_work(&work->work); -@@ -7582,7 +7581,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, +@@ -6264,7 +6263,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, /* Block clients from rendering to the new back buffer until * the flip occurs and the object is no longer visible. */ @@ -30575,7 +30543,7 @@ index d4d162f..b49a04e 100644 ret = dev_priv->display.queue_flip(dev, crtc, fb, obj); if (ret) -@@ -7596,7 +7595,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, +@@ -6279,7 +6278,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, return 0; cleanup_pending: @@ -30641,10 +30609,10 @@ index 2581202..f230a8d9 100644 *sequence = cur_fence; diff --git a/drivers/gpu/drm/nouveau/nouveau_bios.c b/drivers/gpu/drm/nouveau/nouveau_bios.c -index 0be4a81..7464804 100644 +index 2f11e16..191267e 100644 --- a/drivers/gpu/drm/nouveau/nouveau_bios.c +++ b/drivers/gpu/drm/nouveau/nouveau_bios.c -@@ -5329,7 +5329,7 @@ parse_bit_U_tbl_entry(struct drm_device *dev, struct nvbios *bios, +@@ -5340,7 +5340,7 @@ parse_bit_U_tbl_entry(struct drm_device *dev, struct nvbios *bios, struct bit_table { const char id; int (* const parse_fn)(struct drm_device *, struct nvbios *, struct bit_entry *); @@ -30654,19 +30622,10 @@ index 0be4a81..7464804 100644 #define BIT_TABLE(id, funcid) ((struct bit_table){ id, parse_bit_##funcid##_tbl_entry }) diff --git a/drivers/gpu/drm/nouveau/nouveau_drv.h b/drivers/gpu/drm/nouveau/nouveau_drv.h -index 3aef353..0ad1322 100644 +index b863a3a..c55e0dc 100644 --- a/drivers/gpu/drm/nouveau/nouveau_drv.h +++ b/drivers/gpu/drm/nouveau/nouveau_drv.h -@@ -240,7 +240,7 @@ struct nouveau_channel { - struct list_head pending; - uint32_t sequence; - uint32_t sequence_ack; -- atomic_t last_sequence_irq; -+ atomic_unchecked_t last_sequence_irq; - struct nouveau_vma vma; - } fence; - -@@ -321,7 +321,7 @@ struct nouveau_exec_engine { +@@ -302,7 +302,7 @@ struct nouveau_exec_engine { u32 handle, u16 class); void (*set_tile_region)(struct drm_device *dev, int i); void (*tlb_flush)(struct drm_device *, int engine); @@ -30675,7 +30634,7 @@ index 3aef353..0ad1322 100644 struct nouveau_instmem_engine { void *priv; -@@ -343,13 +343,13 @@ struct nouveau_instmem_engine { +@@ -324,13 +324,13 @@ struct nouveau_instmem_engine { struct nouveau_mc_engine { int (*init)(struct drm_device *dev); void (*takedown)(struct drm_device *dev); @@ -30691,7 +30650,7 @@ index 3aef353..0ad1322 100644 struct nouveau_fb_engine { int num_tiles; -@@ -590,7 +590,7 @@ struct nouveau_vram_engine { +@@ -547,7 +547,7 @@ struct nouveau_vram_engine { void (*put)(struct drm_device *, struct nouveau_mem **); bool (*flags_valid)(struct drm_device *, u32 tile_flags); @@ -30700,42 +30659,20 @@ index 3aef353..0ad1322 100644 struct nouveau_engine { struct nouveau_instmem_engine instmem; -@@ -739,7 +739,7 @@ struct drm_nouveau_private { +@@ -693,7 +693,7 @@ struct drm_nouveau_private { struct drm_global_reference mem_global_ref; struct ttm_bo_global_ref bo_global_ref; struct ttm_bo_device bdev; - atomic_t validate_sequence; + atomic_unchecked_t validate_sequence; - } ttm; - - struct { -diff --git a/drivers/gpu/drm/nouveau/nouveau_fence.c b/drivers/gpu/drm/nouveau/nouveau_fence.c -index c1dc20f..4df673c 100644 ---- a/drivers/gpu/drm/nouveau/nouveau_fence.c -+++ b/drivers/gpu/drm/nouveau/nouveau_fence.c -@@ -85,7 +85,7 @@ nouveau_fence_update(struct nouveau_channel *chan) - if (USE_REFCNT(dev)) - sequence = nvchan_rd32(chan, 0x48); - else -- sequence = atomic_read(&chan->fence.last_sequence_irq); -+ sequence = atomic_read_unchecked(&chan->fence.last_sequence_irq); - - if (chan->fence.sequence_ack == sequence) - goto out; -@@ -538,7 +538,7 @@ nouveau_fence_channel_init(struct nouveau_channel *chan) - return ret; - } - -- atomic_set(&chan->fence.last_sequence_irq, 0); -+ atomic_set_unchecked(&chan->fence.last_sequence_irq, 0); - return 0; - } - + int (*move)(struct nouveau_channel *, + struct ttm_buffer_object *, + struct ttm_mem_reg *, struct ttm_mem_reg *); diff --git a/drivers/gpu/drm/nouveau/nouveau_gem.c b/drivers/gpu/drm/nouveau/nouveau_gem.c -index ed52a6f..484acdc 100644 +index 30f5423..abca136 100644 --- a/drivers/gpu/drm/nouveau/nouveau_gem.c +++ b/drivers/gpu/drm/nouveau/nouveau_gem.c -@@ -314,7 +314,7 @@ validate_init(struct nouveau_channel *chan, struct drm_file *file_priv, +@@ -319,7 +319,7 @@ validate_init(struct nouveau_channel *chan, struct drm_file *file_priv, int trycnt = 0; int ret, i; @@ -30745,10 +30682,10 @@ index ed52a6f..484acdc 100644 if (++trycnt > 100000) { NV_ERROR(dev, "%s failed and gave up.\n", __func__); diff --git a/drivers/gpu/drm/nouveau/nouveau_state.c b/drivers/gpu/drm/nouveau/nouveau_state.c -index c2a8511..4b996f9 100644 +index 19706f0..f257368 100644 --- a/drivers/gpu/drm/nouveau/nouveau_state.c +++ b/drivers/gpu/drm/nouveau/nouveau_state.c -@@ -588,7 +588,7 @@ static bool nouveau_switcheroo_can_switch(struct pci_dev *pdev) +@@ -490,7 +490,7 @@ static bool nouveau_switcheroo_can_switch(struct pci_dev *pdev) bool can_switch; spin_lock(&dev->count_lock); @@ -30757,21 +30694,8 @@ index c2a8511..4b996f9 100644 spin_unlock(&dev->count_lock); return can_switch; } -diff --git a/drivers/gpu/drm/nouveau/nv04_graph.c b/drivers/gpu/drm/nouveau/nv04_graph.c -index dbdea8e..cd6eeeb 100644 ---- a/drivers/gpu/drm/nouveau/nv04_graph.c -+++ b/drivers/gpu/drm/nouveau/nv04_graph.c -@@ -554,7 +554,7 @@ static int - nv04_graph_mthd_set_ref(struct nouveau_channel *chan, - u32 class, u32 mthd, u32 data) - { -- atomic_set(&chan->fence.last_sequence_irq, data); -+ atomic_set_unchecked(&chan->fence.last_sequence_irq, data); - return 0; - } - diff --git a/drivers/gpu/drm/nouveau/nv50_sor.c b/drivers/gpu/drm/nouveau/nv50_sor.c -index 2746402..c8dc4a4 100644 +index a9514ea..369d511 100644 --- a/drivers/gpu/drm/nouveau/nv50_sor.c +++ b/drivers/gpu/drm/nouveau/nv50_sor.c @@ -304,7 +304,7 @@ nv50_sor_dpms(struct drm_encoder *encoder, int mode) @@ -30784,7 +30708,7 @@ index 2746402..c8dc4a4 100644 .train_set = nv50_sor_dp_train_set, .train_adj = nv50_sor_dp_train_adj diff --git a/drivers/gpu/drm/nouveau/nvd0_display.c b/drivers/gpu/drm/nouveau/nvd0_display.c -index 0247250..d2f6aaf 100644 +index c486d3c..3a7d6f4 100644 --- a/drivers/gpu/drm/nouveau/nvd0_display.c +++ b/drivers/gpu/drm/nouveau/nvd0_display.c @@ -1366,7 +1366,7 @@ nvd0_sor_dpms(struct drm_encoder *encoder, int mode) @@ -30891,19 +30815,10 @@ index 5a82b6b..9e69c73 100644 if (regcomp (&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) { diff --git a/drivers/gpu/drm/radeon/radeon.h b/drivers/gpu/drm/radeon/radeon.h -index 138b952..d74f9cb 100644 +index fefcca5..20a5b90 100644 --- a/drivers/gpu/drm/radeon/radeon.h +++ b/drivers/gpu/drm/radeon/radeon.h -@@ -253,7 +253,7 @@ struct radeon_fence_driver { - uint32_t scratch_reg; - uint64_t gpu_addr; - volatile uint32_t *cpu_addr; -- atomic_t seq; -+ atomic_unchecked_t seq; - uint32_t last_seq; - unsigned long last_jiffies; - unsigned long last_timeout; -@@ -753,7 +753,7 @@ struct r600_blit_cp_primitives { +@@ -743,7 +743,7 @@ struct r600_blit_cp_primitives { int x2, int y2); void (*draw_auto)(struct radeon_device *rdev); void (*set_default_state)(struct radeon_device *rdev); @@ -30911,8 +30826,8 @@ index 138b952..d74f9cb 100644 +} __no_const; struct r600_blit { - struct mutex mutex; -@@ -1246,7 +1246,7 @@ struct radeon_asic { + struct radeon_bo *shader_obj; +@@ -1244,7 +1244,7 @@ struct radeon_asic { u32 (*page_flip)(struct radeon_device *rdev, int crtc, u64 crtc_base); void (*post_page_flip)(struct radeon_device *rdev, int crtc); } pflip; @@ -30922,10 +30837,10 @@ index 138b952..d74f9cb 100644 /* * Asic structures diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c -index 5992502..c19c633 100644 +index 066c98b..96ab858 100644 --- a/drivers/gpu/drm/radeon/radeon_device.c +++ b/drivers/gpu/drm/radeon/radeon_device.c -@@ -691,7 +691,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev) +@@ -692,7 +692,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev) bool can_switch; spin_lock(&dev->count_lock); @@ -30947,37 +30862,6 @@ index a1b59ca..86f2d44 100644 int vblank_crtc; uint32_t irq_enable_reg; uint32_t r500_disp_irq_reg; -diff --git a/drivers/gpu/drm/radeon/radeon_fence.c b/drivers/gpu/drm/radeon/radeon_fence.c -index 4bd36a3..e66fe9c 100644 ---- a/drivers/gpu/drm/radeon/radeon_fence.c -+++ b/drivers/gpu/drm/radeon/radeon_fence.c -@@ -70,7 +70,7 @@ int radeon_fence_emit(struct radeon_device *rdev, struct radeon_fence *fence) - write_unlock_irqrestore(&rdev->fence_lock, irq_flags); - return 0; - } -- fence->seq = atomic_add_return(1, &rdev->fence_drv[fence->ring].seq); -+ fence->seq = atomic_add_return_unchecked(1, &rdev->fence_drv[fence->ring].seq); - if (!rdev->ring[fence->ring].ready) - /* FIXME: cp is not running assume everythings is done right - * away -@@ -405,7 +405,7 @@ int radeon_fence_driver_start_ring(struct radeon_device *rdev, int ring) - } - rdev->fence_drv[ring].cpu_addr = &rdev->wb.wb[index/4]; - rdev->fence_drv[ring].gpu_addr = rdev->wb.gpu_addr + index; -- radeon_fence_write(rdev, atomic_read(&rdev->fence_drv[ring].seq), ring); -+ radeon_fence_write(rdev, atomic_read_unchecked(&rdev->fence_drv[ring].seq), ring); - rdev->fence_drv[ring].initialized = true; - DRM_INFO("fence driver on ring %d use gpu addr 0x%08Lx and cpu addr 0x%p\n", - ring, rdev->fence_drv[ring].gpu_addr, rdev->fence_drv[ring].cpu_addr); -@@ -418,7 +418,7 @@ static void radeon_fence_driver_init_ring(struct radeon_device *rdev, int ring) - rdev->fence_drv[ring].scratch_reg = -1; - rdev->fence_drv[ring].cpu_addr = NULL; - rdev->fence_drv[ring].gpu_addr = 0; -- atomic_set(&rdev->fence_drv[ring].seq, 0); -+ atomic_set_unchecked(&rdev->fence_drv[ring].seq, 0); - INIT_LIST_HEAD(&rdev->fence_drv[ring].created); - INIT_LIST_HEAD(&rdev->fence_drv[ring].emitted); - INIT_LIST_HEAD(&rdev->fence_drv[ring].signaled); diff --git a/drivers/gpu/drm/radeon/radeon_ioc32.c b/drivers/gpu/drm/radeon/radeon_ioc32.c index 48b7cea..342236f 100644 --- a/drivers/gpu/drm/radeon/radeon_ioc32.c @@ -31038,10 +30922,10 @@ index e8422ae..d22d4a8 100644 DRM_DEBUG("pid=%d\n", DRM_CURRENTPID); diff --git a/drivers/gpu/drm/radeon/radeon_ttm.c b/drivers/gpu/drm/radeon/radeon_ttm.c -index f493c64..524ab6b 100644 +index c94a225..5795d34 100644 --- a/drivers/gpu/drm/radeon/radeon_ttm.c +++ b/drivers/gpu/drm/radeon/radeon_ttm.c -@@ -843,8 +843,10 @@ int radeon_mmap(struct file *filp, struct vm_area_struct *vma) +@@ -852,8 +852,10 @@ int radeon_mmap(struct file *filp, struct vm_area_struct *vma) } if (unlikely(ttm_vm_ops == NULL)) { ttm_vm_ops = vma->vm_ops; @@ -31055,7 +30939,7 @@ index f493c64..524ab6b 100644 vma->vm_ops = &radeon_ttm_vm_ops; return 0; diff --git a/drivers/gpu/drm/radeon/rs690.c b/drivers/gpu/drm/radeon/rs690.c -index f2c3b9d..d5a376b 100644 +index 159b6a4..fa82487 100644 --- a/drivers/gpu/drm/radeon/rs690.c +++ b/drivers/gpu/drm/radeon/rs690.c @@ -304,9 +304,11 @@ void rs690_crtc_bandwidth_compute(struct radeon_device *rdev, @@ -31272,10 +31156,10 @@ index 8a8725c..afed796 100644 marker = list_first_entry(&queue->head, struct vmw_marker, head); diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c -index 054677b..741672a 100644 +index 4c87276..9ecc3c7 100644 --- a/drivers/hid/hid-core.c +++ b/drivers/hid/hid-core.c -@@ -2070,7 +2070,7 @@ static bool hid_ignore(struct hid_device *hdev) +@@ -2151,7 +2151,7 @@ static bool hid_ignore(struct hid_device *hdev) int hid_add_device(struct hid_device *hdev) { @@ -31284,7 +31168,7 @@ index 054677b..741672a 100644 int ret; if (WARN_ON(hdev->status & HID_STAT_ADDED)) -@@ -2085,7 +2085,7 @@ int hid_add_device(struct hid_device *hdev) +@@ -2186,7 +2186,7 @@ int hid_add_device(struct hid_device *hdev) /* XXX hack, any other cleaner solution after the driver core * is converted to allow more than 20 bytes as the device name? */ dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus, @@ -31307,10 +31191,10 @@ index eec3291..8ed706b 100644 *off += size; diff --git a/drivers/hid/usbhid/hiddev.c b/drivers/hid/usbhid/hiddev.c -index b1ec0e2..c295a61 100644 +index 14599e2..711c965 100644 --- a/drivers/hid/usbhid/hiddev.c +++ b/drivers/hid/usbhid/hiddev.c -@@ -624,7 +624,7 @@ static long hiddev_ioctl(struct file *file, unsigned int cmd, unsigned long arg) +@@ -625,7 +625,7 @@ static long hiddev_ioctl(struct file *file, unsigned int cmd, unsigned long arg) break; case HIDIOCAPPLICATION: @@ -31335,7 +31219,7 @@ index 4065374..10ed7dc 100644 ret = create_gpadl_header(kbuffer, size, &msginfo, &msgcount); if (ret) diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c -index 15956bd..ea34398 100644 +index 86f8885..ab9cb2b 100644 --- a/drivers/hv/hv.c +++ b/drivers/hv/hv.c @@ -132,7 +132,7 @@ static u64 do_hypercall(u64 control, void *input, void *output) @@ -31348,7 +31232,7 @@ index 15956bd..ea34398 100644 __asm__ __volatile__ ("call *%8" : "=d"(hv_status_hi), "=a"(hv_status_lo) : "d" (control_hi), diff --git a/drivers/hv/hyperv_vmbus.h b/drivers/hv/hyperv_vmbus.h -index 699f0d8..f4f19250 100644 +index b9426a6..677ce34 100644 --- a/drivers/hv/hyperv_vmbus.h +++ b/drivers/hv/hyperv_vmbus.h @@ -555,7 +555,7 @@ enum vmbus_connect_state { @@ -31378,10 +31262,10 @@ index a220e57..428f54d 100644 child_device_obj->device.bus = &hv_bus; child_device_obj->device.parent = &hv_acpi_dev->dev; diff --git a/drivers/hwmon/acpi_power_meter.c b/drivers/hwmon/acpi_power_meter.c -index 9140236..ceaef4e 100644 +index 34ad5a2..e2b0ae8 100644 --- a/drivers/hwmon/acpi_power_meter.c +++ b/drivers/hwmon/acpi_power_meter.c -@@ -316,8 +316,6 @@ static ssize_t set_trip(struct device *dev, struct device_attribute *devattr, +@@ -308,8 +308,6 @@ static ssize_t set_trip(struct device *dev, struct device_attribute *devattr, return res; temp /= 1000; @@ -31469,10 +31353,10 @@ index 29015eb..af2d8e9 100644 /* Wrapper access functions for multiplexed SMBus */ static DEFINE_MUTEX(nforce2_lock); diff --git a/drivers/i2c/i2c-mux.c b/drivers/i2c/i2c-mux.c -index d7a4833..7fae376 100644 +index 1038c38..eb92f51 100644 --- a/drivers/i2c/i2c-mux.c +++ b/drivers/i2c/i2c-mux.c -@@ -28,7 +28,7 @@ +@@ -30,7 +30,7 @@ /* multiplexer per channel data */ struct i2c_mux_priv { struct i2c_adapter adap; @@ -31480,7 +31364,7 @@ index d7a4833..7fae376 100644 + i2c_algorithm_no_const algo; struct i2c_adapter *parent; - void *mux_dev; /* the mux chip/device */ + void *mux_priv; /* the mux chip/device */ diff --git a/drivers/ide/aec62xx.c b/drivers/ide/aec62xx.c index 57d00ca..0145194 100644 --- a/drivers/ide/aec62xx.c @@ -32237,7 +32121,7 @@ index 176c8f9..2627b62 100644 } } diff --git a/drivers/infiniband/hw/cxgb4/mem.c b/drivers/infiniband/hw/cxgb4/mem.c -index 40c8353..946b0e4 100644 +index 57e07c6..56d09d4 100644 --- a/drivers/infiniband/hw/cxgb4/mem.c +++ b/drivers/infiniband/hw/cxgb4/mem.c @@ -122,7 +122,7 @@ static int write_tpt_entry(struct c4iw_rdev *rdev, u32 reset_tpt_entry, @@ -32249,10 +32133,10 @@ index 40c8353..946b0e4 100644 if (c4iw_fatal_error(rdev)) return -EIO; -@@ -135,7 +135,7 @@ static int write_tpt_entry(struct c4iw_rdev *rdev, u32 reset_tpt_entry, - &rdev->resource.tpt_fifo_lock); - if (!stag_idx) - return -ENOMEM; +@@ -139,7 +139,7 @@ static int write_tpt_entry(struct c4iw_rdev *rdev, u32 reset_tpt_entry, + if (rdev->stats.stag.cur > rdev->stats.stag.max) + rdev->stats.stag.max = rdev->stats.stag.cur; + mutex_unlock(&rdev->stats.lock); - *stag = (stag_idx << 8) | (atomic_inc_return(&key) & 0xff); + *stag = (stag_idx << 8) | (atomic_inc_return_unchecked(&key) & 0xff); } @@ -32394,7 +32278,7 @@ index c438e46..ca30356 100644 extern u32 int_mod_timer_init; extern u32 int_mod_cq_depth_256; diff --git a/drivers/infiniband/hw/nes/nes_cm.c b/drivers/infiniband/hw/nes/nes_cm.c -index 71edfbb..15b62ae 100644 +index 020e95c..fbb3450 100644 --- a/drivers/infiniband/hw/nes/nes_cm.c +++ b/drivers/infiniband/hw/nes/nes_cm.c @@ -68,14 +68,14 @@ u32 cm_packets_dropped; @@ -32503,7 +32387,7 @@ index 71edfbb..15b62ae 100644 dev_kfree_skb_any(skb); } break; -@@ -2890,7 +2890,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp) +@@ -2891,7 +2891,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp) if ((cm_id) && (cm_id->event_handler)) { if (issue_disconn) { @@ -32512,7 +32396,7 @@ index 71edfbb..15b62ae 100644 cm_event.event = IW_CM_EVENT_DISCONNECT; cm_event.status = disconn_status; cm_event.local_addr = cm_id->local_addr; -@@ -2912,7 +2912,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp) +@@ -2913,7 +2913,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp) } if (issue_close) { @@ -32521,7 +32405,7 @@ index 71edfbb..15b62ae 100644 nes_disconnect(nesqp, 1); cm_id->provider_data = nesqp; -@@ -3048,7 +3048,7 @@ int nes_accept(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param) +@@ -3049,7 +3049,7 @@ int nes_accept(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param) nes_debug(NES_DBG_CM, "QP%u, cm_node=%p, jiffies = %lu listener = %p\n", nesqp->hwqp.qp_id, cm_node, jiffies, cm_node->listener); @@ -32530,7 +32414,7 @@ index 71edfbb..15b62ae 100644 nes_debug(NES_DBG_CM, "netdev refcnt = %u.\n", netdev_refcnt_read(nesvnic->netdev)); -@@ -3250,7 +3250,7 @@ int nes_reject(struct iw_cm_id *cm_id, const void *pdata, u8 pdata_len) +@@ -3251,7 +3251,7 @@ int nes_reject(struct iw_cm_id *cm_id, const void *pdata, u8 pdata_len) struct nes_cm_core *cm_core; u8 *start_buff; @@ -32539,7 +32423,7 @@ index 71edfbb..15b62ae 100644 cm_node = (struct nes_cm_node *)cm_id->provider_data; loopback = cm_node->loopbackpartner; cm_core = cm_node->cm_core; -@@ -3310,7 +3310,7 @@ int nes_connect(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param) +@@ -3311,7 +3311,7 @@ int nes_connect(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param) ntohl(cm_id->local_addr.sin_addr.s_addr), ntohs(cm_id->local_addr.sin_port)); @@ -32548,7 +32432,7 @@ index 71edfbb..15b62ae 100644 nesqp->active_conn = 1; /* cache the cm_id in the qp */ -@@ -3416,7 +3416,7 @@ int nes_create_listen(struct iw_cm_id *cm_id, int backlog) +@@ -3421,7 +3421,7 @@ int nes_create_listen(struct iw_cm_id *cm_id, int backlog) g_cm_core->api->stop_listener(g_cm_core, (void *)cm_node); return err; } @@ -32557,7 +32441,7 @@ index 71edfbb..15b62ae 100644 } cm_id->add_ref(cm_id); -@@ -3517,7 +3517,7 @@ static void cm_event_connected(struct nes_cm_event *event) +@@ -3522,7 +3522,7 @@ static void cm_event_connected(struct nes_cm_event *event) if (nesqp->destroyed) return; @@ -32566,7 +32450,7 @@ index 71edfbb..15b62ae 100644 nes_debug(NES_DBG_CM, "QP%u attempting to connect to 0x%08X:0x%04X on" " local port 0x%04X. jiffies = %lu.\n", nesqp->hwqp.qp_id, -@@ -3704,7 +3704,7 @@ static void cm_event_reset(struct nes_cm_event *event) +@@ -3709,7 +3709,7 @@ static void cm_event_reset(struct nes_cm_event *event) cm_id->add_ref(cm_id); ret = cm_id->event_handler(cm_id, &cm_event); @@ -32575,7 +32459,7 @@ index 71edfbb..15b62ae 100644 cm_event.event = IW_CM_EVENT_CLOSE; cm_event.status = 0; cm_event.provider_data = cm_id->provider_data; -@@ -3740,7 +3740,7 @@ static void cm_event_mpa_req(struct nes_cm_event *event) +@@ -3745,7 +3745,7 @@ static void cm_event_mpa_req(struct nes_cm_event *event) return; cm_id = cm_node->cm_id; @@ -32584,7 +32468,7 @@ index 71edfbb..15b62ae 100644 nes_debug(NES_DBG_CM, "cm_node = %p - cm_id = %p, jiffies = %lu\n", cm_node, cm_id, jiffies); -@@ -3780,7 +3780,7 @@ static void cm_event_mpa_reject(struct nes_cm_event *event) +@@ -3785,7 +3785,7 @@ static void cm_event_mpa_reject(struct nes_cm_event *event) return; cm_id = cm_node->cm_id; @@ -32726,7 +32610,7 @@ index 8b8812d..a5e1133 100644 /* Blow away the connection if it exists. */ diff --git a/drivers/infiniband/hw/qib/qib.h b/drivers/infiniband/hw/qib/qib.h -index 6b811e3..f8acf88 100644 +index 7e62f41..4c2b8e2 100644 --- a/drivers/infiniband/hw/qib/qib.h +++ b/drivers/infiniband/hw/qib/qib.h @@ -51,6 +51,7 @@ @@ -32781,7 +32665,7 @@ index 8921c61..f5cd63d 100644 error = device_add(&dev->dev); if (error) diff --git a/drivers/input/joystick/sidewinder.c b/drivers/input/joystick/sidewinder.c -index b8d8611..7a4a04b 100644 +index 04c69af..5f92d00 100644 --- a/drivers/input/joystick/sidewinder.c +++ b/drivers/input/joystick/sidewinder.c @@ -30,6 +30,7 @@ @@ -32793,10 +32677,10 @@ index b8d8611..7a4a04b 100644 #include #include diff --git a/drivers/input/joystick/xpad.c b/drivers/input/joystick/xpad.c -index 42f7b25..09fcf46 100644 +index 83811e4..0822b90 100644 --- a/drivers/input/joystick/xpad.c +++ b/drivers/input/joystick/xpad.c -@@ -714,7 +714,7 @@ static void xpad_led_set(struct led_classdev *led_cdev, +@@ -726,7 +726,7 @@ static void xpad_led_set(struct led_classdev *led_cdev, static int xpad_led_probe(struct usb_xpad *xpad) { @@ -32805,7 +32689,7 @@ index 42f7b25..09fcf46 100644 long led_no; struct xpad_led *led; struct led_classdev *led_cdev; -@@ -727,7 +727,7 @@ static int xpad_led_probe(struct usb_xpad *xpad) +@@ -739,7 +739,7 @@ static int xpad_led_probe(struct usb_xpad *xpad) if (!led) return -ENOMEM; @@ -32850,7 +32734,7 @@ index d0f7533..fb8215b 100644 serio->dev.release = serio_release_port; serio->dev.groups = serio_device_attr_groups; diff --git a/drivers/isdn/capi/capi.c b/drivers/isdn/capi/capi.c -index b902794..fc7b85b 100644 +index 38c4bd8..58965d9 100644 --- a/drivers/isdn/capi/capi.c +++ b/drivers/isdn/capi/capi.c @@ -83,8 +83,8 @@ struct capiminor { @@ -32864,7 +32748,7 @@ index b902794..fc7b85b 100644 struct tty_port port; int ttyinstop; -@@ -397,7 +397,7 @@ gen_data_b3_resp_for(struct capiminor *mp, struct sk_buff *skb) +@@ -392,7 +392,7 @@ gen_data_b3_resp_for(struct capiminor *mp, struct sk_buff *skb) capimsg_setu16(s, 2, mp->ap->applid); capimsg_setu8 (s, 4, CAPI_DATA_B3); capimsg_setu8 (s, 5, CAPI_RESP); @@ -32873,7 +32757,7 @@ index b902794..fc7b85b 100644 capimsg_setu32(s, 8, mp->ncci); capimsg_setu16(s, 12, datahandle); } -@@ -518,14 +518,14 @@ static void handle_minor_send(struct capiminor *mp) +@@ -513,14 +513,14 @@ static void handle_minor_send(struct capiminor *mp) mp->outbytes -= len; spin_unlock_bh(&mp->outlock); @@ -32890,6 +32774,34 @@ index b902794..fc7b85b 100644 capimsg_setu32(skb->data, 8, mp->ncci); /* NCCI */ capimsg_setu32(skb->data, 12, (u32)(long)skb->data);/* Data32 */ capimsg_setu16(skb->data, 16, len); /* Data length */ +diff --git a/drivers/isdn/gigaset/interface.c b/drivers/isdn/gigaset/interface.c +index a6d9fd2..afdb8a3 100644 +--- a/drivers/isdn/gigaset/interface.c ++++ b/drivers/isdn/gigaset/interface.c +@@ -160,9 +160,9 @@ static int if_open(struct tty_struct *tty, struct file *filp) + } + tty->driver_data = cs; + +- ++cs->port.count; ++ atomic_inc(&cs->port.count); + +- if (cs->port.count == 1) { ++ if (atomic_read(&cs->port.count) == 1) { + tty_port_tty_set(&cs->port, tty); + tty->low_latency = 1; + } +@@ -186,9 +186,9 @@ static void if_close(struct tty_struct *tty, struct file *filp) + + if (!cs->connected) + gig_dbg(DEBUG_IF, "not connected"); /* nothing to do */ +- else if (!cs->port.count) ++ else if (!atomic_read(&cs->port.count)) + dev_warn(cs->dev, "%s: device not opened\n", __func__); +- else if (!--cs->port.count) ++ else if (!atomic_dec_return(&cs->port.count)) + tty_port_tty_set(&cs->port, NULL); + + mutex_unlock(&cs->mutex); diff --git a/drivers/isdn/hardware/avm/b1.c b/drivers/isdn/hardware/avm/b1.c index 821f7ac..28d4030 100644 --- a/drivers/isdn/hardware/avm/b1.c @@ -32938,6 +32850,71 @@ index d303e65..28bcb7b 100644 typedef struct _diva_os_xdi_adapter { struct list_head link; +diff --git a/drivers/isdn/i4l/isdn_tty.c b/drivers/isdn/i4l/isdn_tty.c +index 7bc5067..fd36232 100644 +--- a/drivers/isdn/i4l/isdn_tty.c ++++ b/drivers/isdn/i4l/isdn_tty.c +@@ -1505,9 +1505,9 @@ isdn_tty_open(struct tty_struct *tty, struct file *filp) + port = &info->port; + #ifdef ISDN_DEBUG_MODEM_OPEN + printk(KERN_DEBUG "isdn_tty_open %s, count = %d\n", tty->name, +- port->count); ++ atomic_read(&port->count)) + #endif +- port->count++; ++ atomic_inc(&port->count); + tty->driver_data = info; + port->tty = tty; + tty->port = port; +@@ -1553,7 +1553,7 @@ isdn_tty_close(struct tty_struct *tty, struct file *filp) + #endif + return; + } +- if ((tty->count == 1) && (port->count != 1)) { ++ if ((tty->count == 1) && (atomic_read(&port->count) != 1)) { + /* + * Uh, oh. tty->count is 1, which means that the tty + * structure will be freed. Info->count should always +@@ -1562,15 +1562,15 @@ isdn_tty_close(struct tty_struct *tty, struct file *filp) + * serial port won't be shutdown. + */ + printk(KERN_ERR "isdn_tty_close: bad port count; tty->count is 1, " +- "info->count is %d\n", port->count); +- port->count = 1; ++ "info->count is %d\n", atomic_read(&port->count)); ++ atomic_set(&port->count, 1); + } +- if (--port->count < 0) { ++ if (atomic_dec_return(&port->count) < 0) { + printk(KERN_ERR "isdn_tty_close: bad port count for ttyi%d: %d\n", +- info->line, port->count); +- port->count = 0; ++ info->line, atomic_read(&port->count)); ++ atomic_set(&port->count, 0); + } +- if (port->count) { ++ if (atomic_read(&port->count)) { + #ifdef ISDN_DEBUG_MODEM_OPEN + printk(KERN_DEBUG "isdn_tty_close after info->count != 0\n"); + #endif +@@ -1624,7 +1624,7 @@ isdn_tty_hangup(struct tty_struct *tty) + if (isdn_tty_paranoia_check(info, tty->name, "isdn_tty_hangup")) + return; + isdn_tty_shutdown(info); +- port->count = 0; ++ atomic_set(&port->count, 0); + port->flags &= ~ASYNC_NORMAL_ACTIVE; + port->tty = NULL; + wake_up_interruptible(&port->open_wait); +@@ -1964,7 +1964,7 @@ isdn_tty_find_icall(int di, int ch, setup_parm *setup) + for (i = 0; i < ISDN_MAX_CHANNELS; i++) { + modem_info *info = &dev->mdm.info[i]; + +- if (info->port.count == 0) ++ if (atomic_read(&info->port.count) == 0) + continue; + if ((info->emu.mdmreg[REG_SI1] & si2bit[si1]) && /* SI1 is matching */ + (info->emu.mdmreg[REG_SI2] == si2)) { /* SI2 is matching */ diff --git a/drivers/isdn/icn/icn.c b/drivers/isdn/icn/icn.c index e74df7c..03a03ba 100644 --- a/drivers/isdn/icn/icn.c @@ -32951,19 +32928,6 @@ index e74df7c..03a03ba 100644 return -EFAULT; } else memcpy(msg, buf, count); -diff --git a/drivers/leds/leds-mc13783.c b/drivers/leds/leds-mc13783.c -index 8bc4915..4cc6a2e 100644 ---- a/drivers/leds/leds-mc13783.c -+++ b/drivers/leds/leds-mc13783.c -@@ -280,7 +280,7 @@ static int __devinit mc13783_led_probe(struct platform_device *pdev) - return -EINVAL; - } - -- led = kzalloc(sizeof(*led) * pdata->num_leds, GFP_KERNEL); -+ led = kcalloc(pdata->num_leds, sizeof(*led), GFP_KERNEL); - if (led == NULL) { - dev_err(&pdev->dev, "failed to alloc memory\n"); - return -ENOMEM; diff --git a/drivers/lguest/core.c b/drivers/lguest/core.c index b5fdcb7..5b6c59f 100644 --- a/drivers/lguest/core.c @@ -33116,15 +33080,15 @@ index 20e5c2c..9e849a9 100644 .device = PCI_ANY_ID, .subvendor = PCI_ANY_ID, diff --git a/drivers/md/bitmap.c b/drivers/md/bitmap.c -index 17e2b47..bcbeec4 100644 +index 15dbe03..743fc65 100644 --- a/drivers/md/bitmap.c +++ b/drivers/md/bitmap.c -@@ -1823,7 +1823,7 @@ void bitmap_status(struct seq_file *seq, struct bitmap *bitmap) +@@ -1786,7 +1786,7 @@ void bitmap_status(struct seq_file *seq, struct bitmap *bitmap) chunk_kb ? "KB" : "B"); - if (bitmap->file) { + if (bitmap->storage.file) { seq_printf(seq, ", file: "); -- seq_path(seq, &bitmap->file->f_path, " \t\n"); -+ seq_path(seq, &bitmap->file->f_path, " \t\n\\"); +- seq_path(seq, &bitmap->storage.file->f_path, " \t\n"); ++ seq_path(seq, &bitmap->storage.file->f_path, " \t\n\\"); } seq_printf(seq, "\n"); @@ -33142,7 +33106,7 @@ index a1a3e6d..1918bfc 100644 DMWARN("name not supplied when creating device"); return -EINVAL; diff --git a/drivers/md/dm-raid1.c b/drivers/md/dm-raid1.c -index d039de8..0cf5b87 100644 +index b58b7a3..8018b19 100644 --- a/drivers/md/dm-raid1.c +++ b/drivers/md/dm-raid1.c @@ -40,7 +40,7 @@ enum dm_raid1_error { @@ -33208,7 +33172,7 @@ index d039de8..0cf5b87 100644 ms->mirror[mirror].error_type = 0; ms->mirror[mirror].offset = offset; -@@ -1351,7 +1351,7 @@ static void mirror_resume(struct dm_target *ti) +@@ -1352,7 +1352,7 @@ static void mirror_resume(struct dm_target *ti) */ static char device_status_char(struct mirror *m) { @@ -33273,7 +33237,7 @@ index 2e227fb..44ead1f 100644 "start=%llu, len=%llu, dev_size=%llu", dm_device_name(ti->table->md), bdevname(bdev, b), diff --git a/drivers/md/dm-thin-metadata.c b/drivers/md/dm-thin-metadata.c -index 737d388..811ad5a 100644 +index 3e2907f..c28851a 100644 --- a/drivers/md/dm-thin-metadata.c +++ b/drivers/md/dm-thin-metadata.c @@ -432,7 +432,7 @@ static int init_pmd(struct dm_pool_metadata *pmd, @@ -33353,7 +33317,7 @@ index e24143c..ce2f21a1 100644 void dm_uevent_add(struct mapped_device *md, struct list_head *elist) diff --git a/drivers/md/md.c b/drivers/md/md.c -index 2b30ffd..362b519 100644 +index d5ab449..7e9ed7b 100644 --- a/drivers/md/md.c +++ b/drivers/md/md.c @@ -277,10 +277,10 @@ EXPORT_SYMBOL_GPL(md_trim_bio); @@ -33378,16 +33342,16 @@ index 2b30ffd..362b519 100644 wake_up(&md_event_waiters); } -@@ -1526,7 +1526,7 @@ static int super_1_load(struct md_rdev *rdev, struct md_rdev *refdev, int minor_ - - rdev->preferred_minor = 0xffff; - rdev->data_offset = le64_to_cpu(sb->data_offset); +@@ -1565,7 +1565,7 @@ static int super_1_load(struct md_rdev *rdev, struct md_rdev *refdev, int minor_ + if ((le32_to_cpu(sb->feature_map) & MD_FEATURE_RESHAPE_ACTIVE) && + (le32_to_cpu(sb->feature_map) & MD_FEATURE_NEW_OFFSET)) + rdev->new_data_offset += (s32)le32_to_cpu(sb->new_offset); - atomic_set(&rdev->corrected_errors, le32_to_cpu(sb->cnt_corrected_read)); + atomic_set_unchecked(&rdev->corrected_errors, le32_to_cpu(sb->cnt_corrected_read)); rdev->sb_size = le32_to_cpu(sb->max_dev) * 2 + 256; bmask = queue_logical_block_size(rdev->bdev->bd_disk->queue)-1; -@@ -1745,7 +1745,7 @@ static void super_1_sync(struct mddev *mddev, struct md_rdev *rdev) +@@ -1809,7 +1809,7 @@ static void super_1_sync(struct mddev *mddev, struct md_rdev *rdev) else sb->resync_offset = cpu_to_le64(0); @@ -33396,7 +33360,7 @@ index 2b30ffd..362b519 100644 sb->raid_disks = cpu_to_le32(mddev->raid_disks); sb->size = cpu_to_le64(mddev->dev_sectors); -@@ -2691,7 +2691,7 @@ __ATTR(state, S_IRUGO|S_IWUSR, state_show, state_store); +@@ -2803,7 +2803,7 @@ __ATTR(state, S_IRUGO|S_IWUSR, state_show, state_store); static ssize_t errors_show(struct md_rdev *rdev, char *page) { @@ -33405,7 +33369,7 @@ index 2b30ffd..362b519 100644 } static ssize_t -@@ -2700,7 +2700,7 @@ errors_store(struct md_rdev *rdev, const char *buf, size_t len) +@@ -2812,7 +2812,7 @@ errors_store(struct md_rdev *rdev, const char *buf, size_t len) char *e; unsigned long n = simple_strtoul(buf, &e, 10); if (*buf && (*e == 0 || *e == '\n')) { @@ -33414,7 +33378,7 @@ index 2b30ffd..362b519 100644 return len; } return -EINVAL; -@@ -3086,8 +3086,8 @@ int md_rdev_init(struct md_rdev *rdev) +@@ -3259,8 +3259,8 @@ int md_rdev_init(struct md_rdev *rdev) rdev->sb_loaded = 0; rdev->bb_page = NULL; atomic_set(&rdev->nr_pending, 0); @@ -33425,125 +33389,7 @@ index 2b30ffd..362b519 100644 INIT_LIST_HEAD(&rdev->same_set); init_waitqueue_head(&rdev->blocked_wait); -@@ -3744,8 +3744,8 @@ array_state_show(struct mddev *mddev, char *page) - return sprintf(page, "%s\n", array_states[st]); - } - --static int do_md_stop(struct mddev * mddev, int ro, int is_open); --static int md_set_readonly(struct mddev * mddev, int is_open); -+static int do_md_stop(struct mddev * mddev, int ro, struct block_device *bdev); -+static int md_set_readonly(struct mddev * mddev, struct block_device *bdev); - static int do_md_run(struct mddev * mddev); - static int restart_array(struct mddev *mddev); - -@@ -3761,14 +3761,14 @@ array_state_store(struct mddev *mddev, const char *buf, size_t len) - /* stopping an active array */ - if (atomic_read(&mddev->openers) > 0) - return -EBUSY; -- err = do_md_stop(mddev, 0, 0); -+ err = do_md_stop(mddev, 0, NULL); - break; - case inactive: - /* stopping an active array */ - if (mddev->pers) { - if (atomic_read(&mddev->openers) > 0) - return -EBUSY; -- err = do_md_stop(mddev, 2, 0); -+ err = do_md_stop(mddev, 2, NULL); - } else - err = 0; /* already inactive */ - break; -@@ -3776,7 +3776,7 @@ array_state_store(struct mddev *mddev, const char *buf, size_t len) - break; /* not supported yet */ - case readonly: - if (mddev->pers) -- err = md_set_readonly(mddev, 0); -+ err = md_set_readonly(mddev, NULL); - else { - mddev->ro = 1; - set_disk_ro(mddev->gendisk, 1); -@@ -3786,7 +3786,7 @@ array_state_store(struct mddev *mddev, const char *buf, size_t len) - case read_auto: - if (mddev->pers) { - if (mddev->ro == 0) -- err = md_set_readonly(mddev, 0); -+ err = md_set_readonly(mddev, NULL); - else if (mddev->ro == 1) - err = restart_array(mddev); - if (err == 0) { -@@ -5124,15 +5124,17 @@ void md_stop(struct mddev *mddev) - } - EXPORT_SYMBOL_GPL(md_stop); - --static int md_set_readonly(struct mddev *mddev, int is_open) -+static int md_set_readonly(struct mddev *mddev, struct block_device *bdev) - { - int err = 0; - mutex_lock(&mddev->open_mutex); -- if (atomic_read(&mddev->openers) > is_open) { -+ if (atomic_read(&mddev->openers) > !!bdev) { - printk("md: %s still in use.\n",mdname(mddev)); - err = -EBUSY; - goto out; - } -+ if (bdev) -+ sync_blockdev(bdev); - if (mddev->pers) { - __md_stop_writes(mddev); - -@@ -5154,18 +5156,26 @@ out: - * 0 - completely stop and dis-assemble array - * 2 - stop but do not disassemble array - */ --static int do_md_stop(struct mddev * mddev, int mode, int is_open) -+static int do_md_stop(struct mddev * mddev, int mode, -+ struct block_device *bdev) - { - struct gendisk *disk = mddev->gendisk; - struct md_rdev *rdev; - - mutex_lock(&mddev->open_mutex); -- if (atomic_read(&mddev->openers) > is_open || -+ if (atomic_read(&mddev->openers) > !!bdev || - mddev->sysfs_active) { - printk("md: %s still in use.\n",mdname(mddev)); - mutex_unlock(&mddev->open_mutex); - return -EBUSY; - } -+ if (bdev) -+ /* It is possible IO was issued on some other -+ * open file which was closed before we took ->open_mutex. -+ * As that was not the last close __blkdev_put will not -+ * have called sync_blockdev, so we must. -+ */ -+ sync_blockdev(bdev); - - if (mddev->pers) { - if (mddev->ro) -@@ -5239,7 +5249,7 @@ static void autorun_array(struct mddev *mddev) - err = do_md_run(mddev); - if (err) { - printk(KERN_WARNING "md: do_md_run() returned %d\n", err); -- do_md_stop(mddev, 0, 0); -+ do_md_stop(mddev, 0, NULL); - } - } - -@@ -6237,11 +6247,11 @@ static int md_ioctl(struct block_device *bdev, fmode_t mode, - goto done_unlock; - - case STOP_ARRAY: -- err = do_md_stop(mddev, 0, 1); -+ err = do_md_stop(mddev, 0, bdev); - goto done_unlock; - - case STOP_ARRAY_RO: -- err = md_set_readonly(mddev, 1); -+ err = md_set_readonly(mddev, bdev); - goto done_unlock; - - case BLKROSET: -@@ -6738,7 +6748,7 @@ static int md_seq_show(struct seq_file *seq, void *v) +@@ -6997,7 +6997,7 @@ static int md_seq_show(struct seq_file *seq, void *v) spin_unlock(&pers_lock); seq_printf(seq, "\n"); @@ -33552,7 +33398,7 @@ index 2b30ffd..362b519 100644 return 0; } if (v == (void*)2) { -@@ -6841,7 +6851,7 @@ static int md_seq_open(struct inode *inode, struct file *file) +@@ -7100,7 +7100,7 @@ static int md_seq_open(struct inode *inode, struct file *file) return error; seq = file->private_data; @@ -33561,7 +33407,7 @@ index 2b30ffd..362b519 100644 return error; } -@@ -6855,7 +6865,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait) +@@ -7114,7 +7114,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait) /* always allow read */ mask = POLLIN | POLLRDNORM; @@ -33570,7 +33416,7 @@ index 2b30ffd..362b519 100644 mask |= POLLERR | POLLPRI; return mask; } -@@ -6899,7 +6909,7 @@ static int is_mddev_idle(struct mddev *mddev, int init) +@@ -7158,7 +7158,7 @@ static int is_mddev_idle(struct mddev *mddev, int init) struct gendisk *disk = rdev->bdev->bd_contains->bd_disk; curr_events = (int)part_stat_read(&disk->part0, sectors[0]) + (int)part_stat_read(&disk->part0, sectors[1]) - @@ -33580,10 +33426,10 @@ index 2b30ffd..362b519 100644 * as sync_io is counted when a request starts, and * disk_stats is counted when it completes. diff --git a/drivers/md/md.h b/drivers/md/md.h -index 1c2063c..9639970 100644 +index 7b4a3c3..994ad4f 100644 --- a/drivers/md/md.h +++ b/drivers/md/md.h -@@ -93,13 +93,13 @@ struct md_rdev { +@@ -94,13 +94,13 @@ struct md_rdev { * only maintained for arrays that * support hot removal */ @@ -33599,7 +33445,7 @@ index 1c2063c..9639970 100644 * for reporting to userspace and storing * in superblock. */ -@@ -429,7 +429,7 @@ static inline void rdev_dec_pending(struct md_rdev *rdev, struct mddev *mddev) +@@ -435,7 +435,7 @@ static inline void rdev_dec_pending(struct md_rdev *rdev, struct mddev *mddev) static inline void md_sync_acct(struct block_device *bdev, unsigned long nr_sectors) { @@ -33660,10 +33506,10 @@ index 1cbfc6b..56e1dbb 100644 /*----------------------------------------------------------------*/ diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c -index d1f74ab..d1b24fd 100644 +index cacd008..2823610 100644 --- a/drivers/md/raid1.c +++ b/drivers/md/raid1.c -@@ -1688,7 +1688,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio) +@@ -1685,7 +1685,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio) if (r1_sync_page_io(rdev, sect, s, bio->bi_io_vec[idx].bv_page, READ) != 0) @@ -33672,7 +33518,7 @@ index d1f74ab..d1b24fd 100644 } sectors -= s; sect += s; -@@ -1902,7 +1902,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk, +@@ -1907,7 +1907,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk, test_bit(In_sync, &rdev->flags)) { if (r1_sync_page_io(rdev, sect, s, conf->tmppage, READ)) { @@ -33682,10 +33528,10 @@ index d1f74ab..d1b24fd 100644 "md/raid1:%s: read error corrected " "(%d sectors at %llu on %s)\n", diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c -index a954c95..6e7a21c 100644 +index 8da6282..8ec7103 100644 --- a/drivers/md/raid10.c +++ b/drivers/md/raid10.c -@@ -1684,7 +1684,7 @@ static void end_sync_read(struct bio *bio, int error) +@@ -1784,7 +1784,7 @@ static void end_sync_read(struct bio *bio, int error) /* The write handler will notice the lack of * R10BIO_Uptodate and record any errors etc */ @@ -33694,7 +33540,7 @@ index a954c95..6e7a21c 100644 &conf->mirrors[d].rdev->corrected_errors); /* for reconstruct, we always reschedule after a read. -@@ -2033,7 +2033,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) +@@ -2133,7 +2133,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) { struct timespec cur_time_mon; unsigned long hours_since_last; @@ -33703,7 +33549,7 @@ index a954c95..6e7a21c 100644 ktime_get_ts(&cur_time_mon); -@@ -2055,9 +2055,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) +@@ -2155,9 +2155,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) * overflowing the shift of read_errors by hours_since_last. */ if (hours_since_last >= 8 * sizeof(read_errors)) @@ -33715,7 +33561,7 @@ index a954c95..6e7a21c 100644 } static int r10_sync_page_io(struct md_rdev *rdev, sector_t sector, -@@ -2111,8 +2111,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 +@@ -2211,8 +2211,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 return; check_decay_read_errors(mddev, rdev); @@ -33726,7 +33572,7 @@ index a954c95..6e7a21c 100644 char b[BDEVNAME_SIZE]; bdevname(rdev->bdev, b); -@@ -2120,7 +2120,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 +@@ -2220,7 +2220,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 "md/raid10:%s: %s: Raid device exceeded " "read_error threshold [cur %d:max %d]\n", mdname(mddev), b, @@ -33735,9 +33581,9 @@ index a954c95..6e7a21c 100644 printk(KERN_NOTICE "md/raid10:%s: %s: Failing raid device\n", mdname(mddev), b); -@@ -2271,7 +2271,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 - (unsigned long long)( - sect + rdev->data_offset), +@@ -2375,7 +2375,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 + sect + + choose_data_offset(r10_bio, rdev)), bdevname(rdev->bdev, b)); - atomic_add(s, &rdev->corrected_errors); + atomic_add_unchecked(s, &rdev->corrected_errors); @@ -33745,12 +33591,12 @@ index a954c95..6e7a21c 100644 rdev_dec_pending(rdev, mddev); diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c -index 73a5800..2b0e3b1 100644 +index 04348d7..62a4b9b 100644 --- a/drivers/md/raid5.c +++ b/drivers/md/raid5.c -@@ -1694,18 +1694,18 @@ static void raid5_end_read_request(struct bio * bi, int error) - (unsigned long long)(sh->sector - + rdev->data_offset), +@@ -1736,19 +1736,19 @@ static void raid5_end_read_request(struct bio * bi, int error) + mdname(conf->mddev), STRIPE_SECTORS, + (unsigned long long)s, bdevname(rdev->bdev, b)); - atomic_add(STRIPE_SECTORS, &rdev->corrected_errors); + atomic_add_unchecked(STRIPE_SECTORS, &rdev->corrected_errors); @@ -33764,6 +33610,7 @@ index 73a5800..2b0e3b1 100644 } else { const char *bdn = bdevname(rdev->bdev, b); int retry = 0; + int set_bad = 0; clear_bit(R5_UPTODATE, &sh->dev[i].flags); - atomic_inc(&rdev->read_errors); @@ -33771,20 +33618,20 @@ index 73a5800..2b0e3b1 100644 if (test_bit(R5_ReadRepl, &sh->dev[i].flags)) printk_ratelimited( KERN_WARNING -@@ -1734,7 +1734,7 @@ static void raid5_end_read_request(struct bio * bi, int error) - (unsigned long long)(sh->sector - + rdev->data_offset), +@@ -1776,7 +1776,7 @@ static void raid5_end_read_request(struct bio * bi, int error) + mdname(conf->mddev), + (unsigned long long)s, bdn); -- else if (atomic_read(&rdev->read_errors) -+ else if (atomic_read_unchecked(&rdev->read_errors) +- } else if (atomic_read(&rdev->read_errors) ++ } else if (atomic_read_unchecked(&rdev->read_errors) > conf->max_nr_stripes) printk(KERN_WARNING "md/raid:%s: Too many read errors, failing device %s.\n", diff --git a/drivers/media/dvb/ddbridge/ddbridge-core.c b/drivers/media/dvb/ddbridge/ddbridge-core.c -index d88c4aa..17c80b1 100644 +index 131b938..8572ed1 100644 --- a/drivers/media/dvb/ddbridge/ddbridge-core.c +++ b/drivers/media/dvb/ddbridge/ddbridge-core.c -@@ -1679,7 +1679,7 @@ static struct ddb_info ddb_v6 = { +@@ -1678,7 +1678,7 @@ static struct ddb_info ddb_v6 = { .subvendor = _subvend, .subdevice = _subdev, \ .driver_data = (unsigned long)&_driverdata } @@ -33794,7 +33641,7 @@ index d88c4aa..17c80b1 100644 DDB_ID(DDVID, 0x0003, DDVID, 0x0001, ddb_octopus), DDB_ID(DDVID, 0x0003, DDVID, 0x0002, ddb_octopus_le), diff --git a/drivers/media/dvb/dvb-core/dvb_demux.h b/drivers/media/dvb/dvb-core/dvb_demux.h -index a7d876f..8c21b61 100644 +index fa7188a..04a045e 100644 --- a/drivers/media/dvb/dvb-core/dvb_demux.h +++ b/drivers/media/dvb/dvb-core/dvb_demux.h @@ -73,7 +73,7 @@ struct dvb_demux_feed { @@ -33819,6 +33666,19 @@ index 39eab73..60033e7 100644 struct device *clsdev; int minor; int id; +diff --git a/drivers/media/dvb/dvb-usb/az6007.c b/drivers/media/dvb/dvb-usb/az6007.c +index 4008b9c..ce714f5 100644 +--- a/drivers/media/dvb/dvb-usb/az6007.c ++++ b/drivers/media/dvb/dvb-usb/az6007.c +@@ -590,7 +590,7 @@ static int az6007_read_mac_addr(struct dvb_usb_device *d, u8 mac[6]) + int ret; + + ret = az6007_read(d, AZ6007_READ_DATA, 6, 0, st->data, 6); +- memcpy(mac, st->data, sizeof(mac)); ++ memcpy(mac, st->data, 6); + + if (ret > 0) + deb_info("%s: mac is %02x:%02x:%02x:%02x:%02x:%02x\n", diff --git a/drivers/media/dvb/dvb-usb/cxusb.c b/drivers/media/dvb/dvb-usb/cxusb.c index 3940bb0..fb3952a 100644 --- a/drivers/media/dvb/dvb-usb/cxusb.c @@ -33833,7 +33693,7 @@ index 3940bb0..fb3952a 100644 static int dib7070_set_param_override(struct dvb_frontend *fe) { diff --git a/drivers/media/dvb/dvb-usb/dw2102.c b/drivers/media/dvb/dvb-usb/dw2102.c -index 451c5a7..649f711 100644 +index 9382895..ac8093c 100644 --- a/drivers/media/dvb/dvb-usb/dw2102.c +++ b/drivers/media/dvb/dvb-usb/dw2102.c @@ -95,7 +95,7 @@ struct su3000_state { @@ -33906,33 +33766,6 @@ index 9cde353..8c6a1c3 100644 struct i2c_client i2c_client; u32 i2c_rc; -diff --git a/drivers/media/video/cx25821/cx25821-core.c b/drivers/media/video/cx25821/cx25821-core.c -index 7930ca5..235bf7d 100644 ---- a/drivers/media/video/cx25821/cx25821-core.c -+++ b/drivers/media/video/cx25821/cx25821-core.c -@@ -912,9 +912,6 @@ static int cx25821_dev_setup(struct cx25821_dev *dev) - list_add_tail(&dev->devlist, &cx25821_devlist); - mutex_unlock(&cx25821_devlist_mutex); - -- strcpy(cx25821_boards[UNKNOWN_BOARD].name, "unknown"); -- strcpy(cx25821_boards[CX25821_BOARD].name, "cx25821"); -- - if (dev->pci->device != 0x8210) { - pr_info("%s(): Exiting. Incorrect Hardware device = 0x%02x\n", - __func__, dev->pci->device); -diff --git a/drivers/media/video/cx25821/cx25821.h b/drivers/media/video/cx25821/cx25821.h -index b9aa801..029f293 100644 ---- a/drivers/media/video/cx25821/cx25821.h -+++ b/drivers/media/video/cx25821/cx25821.h -@@ -187,7 +187,7 @@ enum port { - }; - - struct cx25821_board { -- char *name; -+ const char *name; - enum port porta; - enum port portb; - enum port portc; diff --git a/drivers/media/video/cx88/cx88-alsa.c b/drivers/media/video/cx88/cx88-alsa.c index 04bf662..e0ac026 100644 --- a/drivers/media/video/cx88/cx88-alsa.c @@ -33983,7 +33816,7 @@ index 88cf9d9..bbc4b2c 100644 videobuf_queue_dma_contig_init(q, &video_vbq_ops, q->dev, diff --git a/drivers/media/video/pvrusb2/pvrusb2-hdw-internal.h b/drivers/media/video/pvrusb2/pvrusb2-hdw-internal.h -index 305e6aa..0143317 100644 +index 036952f..80d356d 100644 --- a/drivers/media/video/pvrusb2/pvrusb2-hdw-internal.h +++ b/drivers/media/video/pvrusb2/pvrusb2-hdw-internal.h @@ -196,7 +196,7 @@ struct pvr2_hdw { @@ -34018,10 +33851,10 @@ index 02194c0..091733b 100644 .open = timblogiw_open, .release = timblogiw_close, diff --git a/drivers/message/fusion/mptbase.c b/drivers/message/fusion/mptbase.c -index a5c591f..db692a3 100644 +index d99db56..a16b959 100644 --- a/drivers/message/fusion/mptbase.c +++ b/drivers/message/fusion/mptbase.c -@@ -6754,8 +6754,13 @@ static int mpt_iocinfo_proc_show(struct seq_file *m, void *v) +@@ -6751,8 +6751,13 @@ static int mpt_iocinfo_proc_show(struct seq_file *m, void *v) seq_printf(m, " MaxChainDepth = 0x%02x frames\n", ioc->facts.MaxChainDepth); seq_printf(m, " MinBlockSize = 0x%02x bytes\n", 4*ioc->facts.BlockSize); @@ -34117,7 +33950,7 @@ index 0c3ced7..1fe34ec 100644 return h->info_kbuf; } diff --git a/drivers/message/i2o/i2o_proc.c b/drivers/message/i2o/i2o_proc.c -index 6d115c7..58ff7fd 100644 +index 506c36f..b137580 100644 --- a/drivers/message/i2o/i2o_proc.c +++ b/drivers/message/i2o/i2o_proc.c @@ -255,13 +255,6 @@ static char *scsi_devices[] = { @@ -34134,7 +33967,7 @@ index 6d115c7..58ff7fd 100644 static int i2o_report_query_status(struct seq_file *seq, int block_status, char *group) { -@@ -838,8 +831,7 @@ static int i2o_seq_show_ddm_table(struct seq_file *seq, void *v) +@@ -825,8 +818,7 @@ static int i2o_seq_show_ddm_table(struct seq_file *seq, void *v) seq_printf(seq, "%-#7x", ddm_table.i2o_vendor_id); seq_printf(seq, "%-#8x", ddm_table.module_id); @@ -34144,7 +33977,7 @@ index 6d115c7..58ff7fd 100644 seq_printf(seq, "%9d ", ddm_table.data_size); seq_printf(seq, "%8d", ddm_table.code_size); -@@ -940,8 +932,8 @@ static int i2o_seq_show_drivers_stored(struct seq_file *seq, void *v) +@@ -927,8 +919,8 @@ static int i2o_seq_show_drivers_stored(struct seq_file *seq, void *v) seq_printf(seq, "%-#7x", dst->i2o_vendor_id); seq_printf(seq, "%-#8x", dst->module_id); @@ -34155,7 +33988,7 @@ index 6d115c7..58ff7fd 100644 seq_printf(seq, "%8d ", dst->module_size); seq_printf(seq, "%8d ", dst->mpb_size); seq_printf(seq, "0x%04x", dst->module_flags); -@@ -1272,14 +1264,10 @@ static int i2o_seq_show_dev_identity(struct seq_file *seq, void *v) +@@ -1259,14 +1251,10 @@ static int i2o_seq_show_dev_identity(struct seq_file *seq, void *v) seq_printf(seq, "Device Class : %s\n", i2o_get_class_name(work16[0])); seq_printf(seq, "Owner TID : %0#5x\n", work16[2]); seq_printf(seq, "Parent TID : %0#5x\n", work16[3]); @@ -34174,7 +34007,7 @@ index 6d115c7..58ff7fd 100644 seq_printf(seq, "Serial number : "); print_serial_number(seq, (u8 *) (work32 + 16), -@@ -1324,10 +1312,8 @@ static int i2o_seq_show_ddm_identity(struct seq_file *seq, void *v) +@@ -1311,10 +1299,8 @@ static int i2o_seq_show_ddm_identity(struct seq_file *seq, void *v) } seq_printf(seq, "Registering DDM TID : 0x%03x\n", result.ddm_tid); @@ -34187,7 +34020,7 @@ index 6d115c7..58ff7fd 100644 seq_printf(seq, "Serial number : "); print_serial_number(seq, result.serial_number, sizeof(result) - 36); -@@ -1358,14 +1344,10 @@ static int i2o_seq_show_uinfo(struct seq_file *seq, void *v) +@@ -1345,14 +1331,10 @@ static int i2o_seq_show_uinfo(struct seq_file *seq, void *v) return 0; } @@ -34247,7 +34080,7 @@ index 7ce65f4..e66e9bc 100644 }; diff --git a/drivers/mfd/janz-cmodio.c b/drivers/mfd/janz-cmodio.c -index a9223ed..4127b13 100644 +index 2ea9998..51dabee 100644 --- a/drivers/mfd/janz-cmodio.c +++ b/drivers/mfd/janz-cmodio.c @@ -13,6 +13,7 @@ @@ -34311,6 +34144,19 @@ index 2b1482a..5d33616 100644 union axis_conversion ac; /* hw -> logical axis */ int mapped_btns[3]; +diff --git a/drivers/misc/lkdtm.c b/drivers/misc/lkdtm.c +index 28adefe..08aad69 100644 +--- a/drivers/misc/lkdtm.c ++++ b/drivers/misc/lkdtm.c +@@ -477,6 +477,8 @@ static ssize_t lkdtm_debugfs_read(struct file *f, char __user *user_buf, + int i, n, out; + + buf = (char *)__get_free_page(GFP_KERNEL); ++ if (buf == NULL) ++ return -ENOMEM; + + n = snprintf(buf, PAGE_SIZE, "Available crash types:\n"); + for (i = 0; i < ARRAY_SIZE(cp_type); i++) diff --git a/drivers/misc/sgi-gru/gruhandles.c b/drivers/misc/sgi-gru/gruhandles.c index 2f30bad..c4c13d0 100644 --- a/drivers/misc/sgi-gru/gruhandles.c @@ -34581,11 +34427,27 @@ index 8d082b4..aa749ae 100644 /* * Timer function to enforce the timelimit on the partition disengage. +diff --git a/drivers/misc/ti-st/st_core.c b/drivers/misc/ti-st/st_core.c +index 2b62232..acfaeeb 100644 +--- a/drivers/misc/ti-st/st_core.c ++++ b/drivers/misc/ti-st/st_core.c +@@ -349,6 +349,11 @@ void st_int_recv(void *disc_data, + st_gdata->rx_skb = alloc_skb( + st_gdata->list[type]->max_frame_size, + GFP_ATOMIC); ++ if (st_gdata->rx_skb == NULL) { ++ pr_err("out of memory: dropping\n"); ++ goto done; ++ } ++ + skb_reserve(st_gdata->rx_skb, + st_gdata->list[type]->reserve); + /* next 2 required for BT only */ diff --git a/drivers/mmc/host/sdhci-pci.c b/drivers/mmc/host/sdhci-pci.c -index 69ef0be..f3ef91e 100644 +index 504da71..9722d43 100644 --- a/drivers/mmc/host/sdhci-pci.c +++ b/drivers/mmc/host/sdhci-pci.c -@@ -652,7 +652,7 @@ static const struct sdhci_pci_fixes sdhci_via = { +@@ -653,7 +653,7 @@ static const struct sdhci_pci_fixes sdhci_via = { .probe = via_probe, }; @@ -34608,7 +34470,7 @@ index a4eb8b5..8c0628f 100644 "ECC needs a full sector write (adr: %lx size %lx)\n", (long) to, (long) len); diff --git a/drivers/mtd/nand/denali.c b/drivers/mtd/nand/denali.c -index a9e57d6..c6d8731 100644 +index 0650aaf..7718762 100644 --- a/drivers/mtd/nand/denali.c +++ b/drivers/mtd/nand/denali.c @@ -26,6 +26,7 @@ @@ -34645,10 +34507,10 @@ index 6762dc4..9956862 100644 MODULE_PARM_DESC(X, desc); #else diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h -index 61a7670..7da6e34 100644 +index efd80bd..21fcff0 100644 --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h +++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h -@@ -483,7 +483,7 @@ struct bnx2x_rx_mode_obj { +@@ -487,7 +487,7 @@ struct bnx2x_rx_mode_obj { int (*wait_comp)(struct bnx2x *bp, struct bnx2x_rx_mode_ramrod_params *p); @@ -34683,7 +34545,7 @@ index c4e8643..0979484 100644 #define L2T_SKB_CB(skb) ((struct l2t_skb_cb *)(skb)->cb) diff --git a/drivers/net/ethernet/dec/tulip/de4x5.c b/drivers/net/ethernet/dec/tulip/de4x5.c -index 18b106c..2b38d36 100644 +index d3cd489..0fd52dd 100644 --- a/drivers/net/ethernet/dec/tulip/de4x5.c +++ b/drivers/net/ethernet/dec/tulip/de4x5.c @@ -5388,7 +5388,7 @@ de4x5_ioctl(struct net_device *dev, struct ifreq *rq, int cmd) @@ -34717,8 +34579,21 @@ index ed7d1dc..d426748 100644 "21140 non-MII", "21140 MII PHY", "21142 Serial PHY", +diff --git a/drivers/net/ethernet/dec/tulip/uli526x.c b/drivers/net/ethernet/dec/tulip/uli526x.c +index 75d45f8..3d9c55b 100644 +--- a/drivers/net/ethernet/dec/tulip/uli526x.c ++++ b/drivers/net/ethernet/dec/tulip/uli526x.c +@@ -129,7 +129,7 @@ struct uli526x_board_info { + struct uli_phy_ops { + void (*write)(struct uli526x_board_info *, u8, u8, u16); + u16 (*read)(struct uli526x_board_info *, u8, u8); +- } phy; ++ } __no_const phy; + struct net_device *next_dev; /* next device */ + struct pci_dev *pdev; /* PCI device */ + spinlock_t lock; diff --git a/drivers/net/ethernet/dec/tulip/winbond-840.c b/drivers/net/ethernet/dec/tulip/winbond-840.c -index 2ac6fff..2d127d0 100644 +index 4d1ffca..7c1ec4d 100644 --- a/drivers/net/ethernet/dec/tulip/winbond-840.c +++ b/drivers/net/ethernet/dec/tulip/winbond-840.c @@ -236,7 +236,7 @@ struct pci_id_info { @@ -34731,7 +34606,7 @@ index 2ac6fff..2d127d0 100644 "Winbond W89c840", CanHaveMII | HasBrokenTx | FDXOnNoMII}, { "Winbond W89c840", CanHaveMII | HasBrokenTx}, diff --git a/drivers/net/ethernet/dlink/sundance.c b/drivers/net/ethernet/dlink/sundance.c -index d783f4f..97fa1b0 100644 +index d7bb52a..3b83588 100644 --- a/drivers/net/ethernet/dlink/sundance.c +++ b/drivers/net/ethernet/dlink/sundance.c @@ -218,7 +218,7 @@ enum { @@ -34744,7 +34619,7 @@ index d783f4f..97fa1b0 100644 {"D-Link DFE-550FX 100Mbps Fiber-optics Adapter"}, {"D-Link DFE-580TX 4 port Server Adapter"}, diff --git a/drivers/net/ethernet/emulex/benet/be_main.c b/drivers/net/ethernet/emulex/benet/be_main.c -index 1bbf6b3..430dcd0 100644 +index bd5cf7e..c165651 100644 --- a/drivers/net/ethernet/emulex/benet/be_main.c +++ b/drivers/net/ethernet/emulex/benet/be_main.c @@ -403,7 +403,7 @@ static void accumulate_16bit_val(u32 *acc, u16 val) @@ -34783,7 +34658,7 @@ index 829b109..4ae5f6a 100644 #include "ftmac100.h" diff --git a/drivers/net/ethernet/fealnx.c b/drivers/net/ethernet/fealnx.c -index 1637b98..c42f87b 100644 +index 9d71c9c..0e4a0ac 100644 --- a/drivers/net/ethernet/fealnx.c +++ b/drivers/net/ethernet/fealnx.c @@ -150,7 +150,7 @@ struct chip_info { @@ -34796,7 +34671,7 @@ index 1637b98..c42f87b 100644 { "100/10M Ethernet PCI Adapter", HAS_CHIP_XCVR }, { "1000/100/10M Ethernet PCI Adapter", HAS_MII_XCVR }, diff --git a/drivers/net/ethernet/intel/e1000e/e1000.h b/drivers/net/ethernet/intel/e1000e/e1000.h -index b83897f..b2d970f 100644 +index 6e6fffb..588f361 100644 --- a/drivers/net/ethernet/intel/e1000e/e1000.h +++ b/drivers/net/ethernet/intel/e1000e/e1000.h @@ -181,7 +181,7 @@ struct e1000_info; @@ -34809,18 +34684,18 @@ index b83897f..b2d970f 100644 0x1f) /* pthresh */ diff --git a/drivers/net/ethernet/intel/e1000e/hw.h b/drivers/net/ethernet/intel/e1000e/hw.h -index f82ecf5..7d59ecb 100644 +index ed5b409..ec37828 100644 --- a/drivers/net/ethernet/intel/e1000e/hw.h +++ b/drivers/net/ethernet/intel/e1000e/hw.h -@@ -784,6 +784,7 @@ struct e1000_mac_operations { - void (*config_collision_dist)(struct e1000_hw *); +@@ -797,6 +797,7 @@ struct e1000_mac_operations { + void (*rar_set)(struct e1000_hw *, u8 *, u32); s32 (*read_mac_addr)(struct e1000_hw *); }; +typedef struct e1000_mac_operations __no_const e1000_mac_operations_no_const; /* * When to use various PHY register access functions: -@@ -824,6 +825,7 @@ struct e1000_phy_operations { +@@ -837,6 +838,7 @@ struct e1000_phy_operations { void (*power_up)(struct e1000_hw *); void (*power_down)(struct e1000_hw *); }; @@ -34828,7 +34703,7 @@ index f82ecf5..7d59ecb 100644 /* Function pointers for the NVM. */ struct e1000_nvm_operations { -@@ -836,9 +838,10 @@ struct e1000_nvm_operations { +@@ -849,9 +851,10 @@ struct e1000_nvm_operations { s32 (*validate)(struct e1000_hw *); s32 (*write)(struct e1000_hw *, u16, u16, u16 *); }; @@ -34840,7 +34715,7 @@ index f82ecf5..7d59ecb 100644 u8 addr[ETH_ALEN]; u8 perm_addr[ETH_ALEN]; -@@ -879,7 +882,7 @@ struct e1000_mac_info { +@@ -892,7 +895,7 @@ struct e1000_mac_info { }; struct e1000_phy_info { @@ -34849,7 +34724,7 @@ index f82ecf5..7d59ecb 100644 enum e1000_phy_type type; -@@ -913,7 +916,7 @@ struct e1000_phy_info { +@@ -926,7 +929,7 @@ struct e1000_phy_info { }; struct e1000_nvm_info { @@ -34859,18 +34734,18 @@ index f82ecf5..7d59ecb 100644 enum e1000_nvm_type type; enum e1000_nvm_override override; diff --git a/drivers/net/ethernet/intel/igb/e1000_hw.h b/drivers/net/ethernet/intel/igb/e1000_hw.h -index f67cbd3..cef9e3d 100644 +index c2a51dc..c2bd262 100644 --- a/drivers/net/ethernet/intel/igb/e1000_hw.h +++ b/drivers/net/ethernet/intel/igb/e1000_hw.h -@@ -314,6 +314,7 @@ struct e1000_mac_operations { - s32 (*read_mac_addr)(struct e1000_hw *); - s32 (*get_speed_and_duplex)(struct e1000_hw *, u16 *, u16 *); +@@ -327,6 +327,7 @@ struct e1000_mac_operations { + void (*release_swfw_sync)(struct e1000_hw *, u16); + }; +typedef struct e1000_mac_operations __no_const e1000_mac_operations_no_const; struct e1000_phy_operations { s32 (*acquire)(struct e1000_hw *); -@@ -330,6 +331,7 @@ struct e1000_phy_operations { +@@ -343,6 +344,7 @@ struct e1000_phy_operations { s32 (*set_d3_lplu_state)(struct e1000_hw *, bool); s32 (*write_reg)(struct e1000_hw *, u32, u16); }; @@ -34878,15 +34753,15 @@ index f67cbd3..cef9e3d 100644 struct e1000_nvm_operations { s32 (*acquire)(struct e1000_hw *); -@@ -339,6 +341,7 @@ struct e1000_nvm_operations { - s32 (*update)(struct e1000_hw *); +@@ -353,6 +355,7 @@ struct e1000_nvm_operations { s32 (*validate)(struct e1000_hw *); + s32 (*valid_led_default)(struct e1000_hw *, u16 *); }; +typedef struct e1000_nvm_operations __no_const e1000_nvm_operations_no_const; struct e1000_info { s32 (*get_invariants)(struct e1000_hw *); -@@ -350,7 +353,7 @@ struct e1000_info { +@@ -364,7 +367,7 @@ struct e1000_info { extern const struct e1000_info e1000_82575_info; struct e1000_mac_info { @@ -34895,7 +34770,7 @@ index f67cbd3..cef9e3d 100644 u8 addr[6]; u8 perm_addr[6]; -@@ -388,7 +391,7 @@ struct e1000_mac_info { +@@ -402,7 +405,7 @@ struct e1000_mac_info { }; struct e1000_phy_info { @@ -34904,7 +34779,7 @@ index f67cbd3..cef9e3d 100644 enum e1000_phy_type type; -@@ -423,7 +426,7 @@ struct e1000_phy_info { +@@ -437,7 +440,7 @@ struct e1000_phy_info { }; struct e1000_nvm_info { @@ -34913,7 +34788,7 @@ index f67cbd3..cef9e3d 100644 enum e1000_nvm_type type; enum e1000_nvm_override override; -@@ -468,6 +471,7 @@ struct e1000_mbx_operations { +@@ -482,6 +485,7 @@ struct e1000_mbx_operations { s32 (*check_for_ack)(struct e1000_hw *, u16); s32 (*check_for_rst)(struct e1000_hw *, u16); }; @@ -34921,7 +34796,7 @@ index f67cbd3..cef9e3d 100644 struct e1000_mbx_stats { u32 msgs_tx; -@@ -479,7 +483,7 @@ struct e1000_mbx_stats { +@@ -493,7 +497,7 @@ struct e1000_mbx_stats { }; struct e1000_mbx_info { @@ -34963,11 +34838,24 @@ index 57db3c6..aa825fc 100644 struct e1000_mbx_stats stats; u32 timeout; u32 usec_delay; +diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c +index dcebd12..c1fe8be 100644 +--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c ++++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c +@@ -805,7 +805,7 @@ void ixgbe_ptp_start_cyclecounter(struct ixgbe_adapter *adapter) + /* store the new cycle speed */ + adapter->cycle_speed = cycle_speed; + +- ACCESS_ONCE(adapter->base_incval) = incval; ++ ACCESS_ONCE_RW(adapter->base_incval) = incval; + smp_mb(); + + /* grab the ptp lock */ diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_type.h b/drivers/net/ethernet/intel/ixgbe/ixgbe_type.h -index 8636e83..ab9bbc3 100644 +index 204848d..d8aeaec 100644 --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_type.h +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_type.h -@@ -2710,6 +2710,7 @@ struct ixgbe_eeprom_operations { +@@ -2791,6 +2791,7 @@ struct ixgbe_eeprom_operations { s32 (*update_checksum)(struct ixgbe_hw *); u16 (*calc_checksum)(struct ixgbe_hw *); }; @@ -34975,15 +34863,15 @@ index 8636e83..ab9bbc3 100644 struct ixgbe_mac_operations { s32 (*init_hw)(struct ixgbe_hw *); -@@ -2773,6 +2774,7 @@ struct ixgbe_mac_operations { - /* Manageability interface */ - s32 (*set_fw_drv_ver)(struct ixgbe_hw *, u8, u8, u8, u8); +@@ -2856,6 +2857,7 @@ struct ixgbe_mac_operations { + s32 (*get_thermal_sensor_data)(struct ixgbe_hw *); + s32 (*init_thermal_sensor_thresh)(struct ixgbe_hw *hw); }; +typedef struct ixgbe_mac_operations __no_const ixgbe_mac_operations_no_const; struct ixgbe_phy_operations { s32 (*identify)(struct ixgbe_hw *); -@@ -2792,9 +2794,10 @@ struct ixgbe_phy_operations { +@@ -2875,9 +2877,10 @@ struct ixgbe_phy_operations { s32 (*write_i2c_eeprom)(struct ixgbe_hw *, u8, u8); s32 (*check_overtemp)(struct ixgbe_hw *); }; @@ -34995,7 +34883,7 @@ index 8636e83..ab9bbc3 100644 enum ixgbe_eeprom_type type; u32 semaphore_delay; u16 word_size; -@@ -2804,7 +2807,7 @@ struct ixgbe_eeprom_info { +@@ -2887,7 +2890,7 @@ struct ixgbe_eeprom_info { #define IXGBE_FLAGS_DOUBLE_RESET_REQUIRED 0x01 struct ixgbe_mac_info { @@ -35004,7 +34892,7 @@ index 8636e83..ab9bbc3 100644 enum ixgbe_mac_type type; u8 addr[ETH_ALEN]; u8 perm_addr[ETH_ALEN]; -@@ -2832,7 +2835,7 @@ struct ixgbe_mac_info { +@@ -2916,7 +2919,7 @@ struct ixgbe_mac_info { }; struct ixgbe_phy_info { @@ -35013,7 +34901,7 @@ index 8636e83..ab9bbc3 100644 struct mdio_if_info mdio; enum ixgbe_phy_type type; u32 id; -@@ -2860,6 +2863,7 @@ struct ixgbe_mbx_operations { +@@ -2944,6 +2947,7 @@ struct ixgbe_mbx_operations { s32 (*check_for_ack)(struct ixgbe_hw *, u16); s32 (*check_for_rst)(struct ixgbe_hw *, u16); }; @@ -35021,7 +34909,7 @@ index 8636e83..ab9bbc3 100644 struct ixgbe_mbx_stats { u32 msgs_tx; -@@ -2871,7 +2875,7 @@ struct ixgbe_mbx_stats { +@@ -2955,7 +2959,7 @@ struct ixgbe_mbx_stats { }; struct ixgbe_mbx_info { @@ -35030,36 +34918,6 @@ index 8636e83..ab9bbc3 100644 struct ixgbe_mbx_stats stats; u32 timeout; u32 usec_delay; -diff --git a/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c b/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c -index 307611a..d8e4562 100644 ---- a/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c -+++ b/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c -@@ -969,8 +969,6 @@ static irqreturn_t ixgbevf_msix_clean_tx(int irq, void *data) - r_idx = find_first_bit(q_vector->txr_idx, adapter->num_tx_queues); - for (i = 0; i < q_vector->txr_count; i++) { - tx_ring = &(adapter->tx_ring[r_idx]); -- tx_ring->total_bytes = 0; -- tx_ring->total_packets = 0; - ixgbevf_clean_tx_irq(adapter, tx_ring); - r_idx = find_next_bit(q_vector->txr_idx, adapter->num_tx_queues, - r_idx + 1); -@@ -994,16 +992,6 @@ static irqreturn_t ixgbevf_msix_clean_rx(int irq, void *data) - struct ixgbe_hw *hw = &adapter->hw; - struct ixgbevf_ring *rx_ring; - int r_idx; -- int i; -- -- r_idx = find_first_bit(q_vector->rxr_idx, adapter->num_rx_queues); -- for (i = 0; i < q_vector->rxr_count; i++) { -- rx_ring = &(adapter->rx_ring[r_idx]); -- rx_ring->total_bytes = 0; -- rx_ring->total_packets = 0; -- r_idx = find_next_bit(q_vector->rxr_idx, adapter->num_rx_queues, -- r_idx + 1); -- } - - if (!q_vector->rxr_count) - return IRQ_HANDLED; diff --git a/drivers/net/ethernet/intel/ixgbevf/vf.h b/drivers/net/ethernet/intel/ixgbevf/vf.h index 25c951d..cc7cf33 100644 --- a/drivers/net/ethernet/intel/ixgbevf/vf.h @@ -35099,7 +34957,7 @@ index 25c951d..cc7cf33 100644 u32 timeout; u32 udelay; diff --git a/drivers/net/ethernet/mellanox/mlx4/main.c b/drivers/net/ethernet/mellanox/mlx4/main.c -index 8bb05b4..074796f 100644 +index a0313de..e83a572 100644 --- a/drivers/net/ethernet/mellanox/mlx4/main.c +++ b/drivers/net/ethernet/mellanox/mlx4/main.c @@ -41,6 +41,7 @@ @@ -35137,10 +34995,10 @@ index 4a518a3..936b334 100644 #define VXGE_HW_VIRTUAL_PATH_HANDLE(vpath) \ ((struct __vxge_hw_vpath_handle *)(vpath)->vpath_handles.next) diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c -index 161e045..0bb5b86 100644 +index eb81da4..1592b62 100644 --- a/drivers/net/ethernet/realtek/r8169.c +++ b/drivers/net/ethernet/realtek/r8169.c -@@ -708,17 +708,17 @@ struct rtl8169_private { +@@ -723,22 +723,22 @@ struct rtl8169_private { struct mdio_ops { void (*write)(void __iomem *, int, int); int (*read)(void __iomem *, int); @@ -35159,13 +35017,19 @@ index 161e045..0bb5b86 100644 - } jumbo_ops; + } __no_const jumbo_ops; + struct csi_ops { + void (*write)(void __iomem *, int, int); + u32 (*read)(void __iomem *, int); +- } csi_ops; ++ } __no_const csi_ops; + int (*set_speed)(struct net_device *, u8 aneg, u16 sp, u8 dpx, u32 adv); int (*get_settings)(struct net_device *, struct ethtool_cmd *); diff --git a/drivers/net/ethernet/sis/sis190.c b/drivers/net/ethernet/sis/sis190.c -index a9deda8..5507c31 100644 +index 4613591..d816601 100644 --- a/drivers/net/ethernet/sis/sis190.c +++ b/drivers/net/ethernet/sis/sis190.c -@@ -1620,7 +1620,7 @@ static int __devinit sis190_get_mac_addr_from_eeprom(struct pci_dev *pdev, +@@ -1618,7 +1618,7 @@ static int __devinit sis190_get_mac_addr_from_eeprom(struct pci_dev *pdev, static int __devinit sis190_get_mac_addr_from_apc(struct pci_dev *pdev, struct net_device *dev) { @@ -35189,33 +35053,11 @@ index c07cfe9..81cbf7e 100644 } /* To mask all all interrupts.*/ -diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c -index 9bdfaba..3d8f8d4 100644 ---- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c -+++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c -@@ -1587,7 +1587,7 @@ static const struct file_operations stmmac_rings_status_fops = { - .open = stmmac_sysfs_ring_open, - .read = seq_read, - .llseek = seq_lseek, -- .release = seq_release, -+ .release = single_release, - }; - - static int stmmac_sysfs_dma_cap_read(struct seq_file *seq, void *v) -@@ -1659,7 +1659,7 @@ static const struct file_operations stmmac_dma_cap_fops = { - .open = stmmac_sysfs_dma_cap_open, - .read = seq_read, - .llseek = seq_lseek, -- .release = seq_release, -+ .release = single_release, - }; - - static int stmmac_init_fs(struct net_device *dev) diff --git a/drivers/net/hyperv/hyperv_net.h b/drivers/net/hyperv/hyperv_net.h -index c358245..8c1de63 100644 +index 2857ab0..9a1f9b0 100644 --- a/drivers/net/hyperv/hyperv_net.h +++ b/drivers/net/hyperv/hyperv_net.h -@@ -98,7 +98,7 @@ struct rndis_device { +@@ -99,7 +99,7 @@ struct rndis_device { enum rndis_device_state state; bool link_state; @@ -35225,7 +35067,7 @@ index c358245..8c1de63 100644 spinlock_t request_lock; struct list_head req_list; diff --git a/drivers/net/hyperv/rndis_filter.c b/drivers/net/hyperv/rndis_filter.c -index d6be64b..5d97e3b 100644 +index 981ebb1..b34959b 100644 --- a/drivers/net/hyperv/rndis_filter.c +++ b/drivers/net/hyperv/rndis_filter.c @@ -97,7 +97,7 @@ static struct rndis_request *get_rndis_request(struct rndis_device *dev, @@ -35247,7 +35089,7 @@ index d6be64b..5d97e3b 100644 /* Ignore return since this msg is optional. */ rndis_filter_send_request(dev, request); diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c -index 21d7151..8034208 100644 +index 5c05572..389610b 100644 --- a/drivers/net/ppp/ppp_generic.c +++ b/drivers/net/ppp/ppp_generic.c @@ -986,7 +986,6 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) @@ -35268,85 +35110,8 @@ index 21d7151..8034208 100644 break; err = 0; break; -diff --git a/drivers/net/tokenring/abyss.c b/drivers/net/tokenring/abyss.c -index b715e6b..6d2490f 100644 ---- a/drivers/net/tokenring/abyss.c -+++ b/drivers/net/tokenring/abyss.c -@@ -450,10 +450,12 @@ static struct pci_driver abyss_driver = { - - static int __init abyss_init (void) - { -- abyss_netdev_ops = tms380tr_netdev_ops; -+ pax_open_kernel(); -+ memcpy((void *)&abyss_netdev_ops, &tms380tr_netdev_ops, sizeof(tms380tr_netdev_ops)); - -- abyss_netdev_ops.ndo_open = abyss_open; -- abyss_netdev_ops.ndo_stop = abyss_close; -+ *(void **)&abyss_netdev_ops.ndo_open = abyss_open; -+ *(void **)&abyss_netdev_ops.ndo_stop = abyss_close; -+ pax_close_kernel(); - - return pci_register_driver(&abyss_driver); - } -diff --git a/drivers/net/tokenring/madgemc.c b/drivers/net/tokenring/madgemc.c -index 28adcdf..ae82f35 100644 ---- a/drivers/net/tokenring/madgemc.c -+++ b/drivers/net/tokenring/madgemc.c -@@ -742,9 +742,11 @@ static struct mca_driver madgemc_driver = { - - static int __init madgemc_init (void) - { -- madgemc_netdev_ops = tms380tr_netdev_ops; -- madgemc_netdev_ops.ndo_open = madgemc_open; -- madgemc_netdev_ops.ndo_stop = madgemc_close; -+ pax_open_kernel(); -+ memcpy((void *)&madgemc_netdev_ops, &tms380tr_netdev_ops, sizeof(tms380tr_netdev_ops)); -+ *(void **)&madgemc_netdev_ops.ndo_open = madgemc_open; -+ *(void **)&madgemc_netdev_ops.ndo_stop = madgemc_close; -+ pax_close_kernel(); - - return mca_register_driver (&madgemc_driver); - } -diff --git a/drivers/net/tokenring/proteon.c b/drivers/net/tokenring/proteon.c -index 62d90e4..9d84237 100644 ---- a/drivers/net/tokenring/proteon.c -+++ b/drivers/net/tokenring/proteon.c -@@ -352,9 +352,11 @@ static int __init proteon_init(void) - struct platform_device *pdev; - int i, num = 0, err = 0; - -- proteon_netdev_ops = tms380tr_netdev_ops; -- proteon_netdev_ops.ndo_open = proteon_open; -- proteon_netdev_ops.ndo_stop = tms380tr_close; -+ pax_open_kernel(); -+ memcpy((void *)&proteon_netdev_ops, &tms380tr_netdev_ops, sizeof(tms380tr_netdev_ops)); -+ *(void **)&proteon_netdev_ops.ndo_open = proteon_open; -+ *(void **)&proteon_netdev_ops.ndo_stop = tms380tr_close; -+ pax_close_kernel(); - - err = platform_driver_register(&proteon_driver); - if (err) -diff --git a/drivers/net/tokenring/skisa.c b/drivers/net/tokenring/skisa.c -index ee11e93..c8f19c7 100644 ---- a/drivers/net/tokenring/skisa.c -+++ b/drivers/net/tokenring/skisa.c -@@ -362,9 +362,11 @@ static int __init sk_isa_init(void) - struct platform_device *pdev; - int i, num = 0, err = 0; - -- sk_isa_netdev_ops = tms380tr_netdev_ops; -- sk_isa_netdev_ops.ndo_open = sk_isa_open; -- sk_isa_netdev_ops.ndo_stop = tms380tr_close; -+ pax_open_kernel(); -+ memcpy((void *)&sk_isa_netdev_ops, &tms380tr_netdev_ops, sizeof(tms380tr_netdev_ops)); -+ *(void **)&sk_isa_netdev_ops.ndo_open = sk_isa_open; -+ *(void **)&sk_isa_netdev_ops.ndo_stop = tms380tr_close; -+ pax_close_kernel(); - - err = platform_driver_register(&sk_isa_driver); - if (err) diff --git a/drivers/net/usb/hso.c b/drivers/net/usb/hso.c -index 2d2a688..35f2372 100644 +index 62f30b4..ff99dfd 100644 --- a/drivers/net/usb/hso.c +++ b/drivers/net/usb/hso.c @@ -71,7 +71,7 @@ @@ -35358,90 +35123,81 @@ index 2d2a688..35f2372 100644 #define MOD_AUTHOR "Option Wireless" #define MOD_DESCRIPTION "USB High Speed Option driver" -@@ -257,7 +257,7 @@ struct hso_serial { - - /* from usb_serial_port */ - struct tty_struct *tty; -- int open_count; -+ local_t open_count; - spinlock_t serial_lock; - - int (*write_data) (struct hso_serial *serial); -@@ -1190,7 +1190,7 @@ static void put_rxbuf_data_and_resubmit_ctrl_urb(struct hso_serial *serial) +@@ -1182,7 +1182,7 @@ static void put_rxbuf_data_and_resubmit_ctrl_urb(struct hso_serial *serial) struct urb *urb; urb = serial->rx_urb[0]; -- if (serial->open_count > 0) { -+ if (local_read(&serial->open_count) > 0) { +- if (serial->port.count > 0) { ++ if (atomic_read(&serial->port.count) > 0) { count = put_rxbuf_data(urb, serial); if (count == -1) return; -@@ -1226,7 +1226,7 @@ static void hso_std_serial_read_bulk_callback(struct urb *urb) +@@ -1218,7 +1218,7 @@ static void hso_std_serial_read_bulk_callback(struct urb *urb) DUMP1(urb->transfer_buffer, urb->actual_length); /* Anyone listening? */ -- if (serial->open_count == 0) -+ if (local_read(&serial->open_count) == 0) +- if (serial->port.count == 0) ++ if (atomic_read(&serial->port.count) == 0) return; if (status == 0) { -@@ -1311,8 +1311,7 @@ static int hso_serial_open(struct tty_struct *tty, struct file *filp) - spin_unlock_irq(&serial->serial_lock); +@@ -1300,8 +1300,7 @@ static int hso_serial_open(struct tty_struct *tty, struct file *filp) + tty_port_tty_set(&serial->port, tty); /* check for port already opened, if not set the termios */ -- serial->open_count++; -- if (serial->open_count == 1) { -+ if (local_inc_return(&serial->open_count) == 1) { +- serial->port.count++; +- if (serial->port.count == 1) { ++ if (atomic_inc_return(&serial->port.count) == 1) { serial->rx_state = RX_IDLE; /* Force default termio settings */ _hso_serial_set_termios(tty, NULL); -@@ -1324,7 +1323,7 @@ static int hso_serial_open(struct tty_struct *tty, struct file *filp) +@@ -1313,7 +1312,7 @@ static int hso_serial_open(struct tty_struct *tty, struct file *filp) result = hso_start_serial_device(serial->parent, GFP_KERNEL); if (result) { hso_stop_serial_device(serial->parent); -- serial->open_count--; -+ local_dec(&serial->open_count); +- serial->port.count--; ++ atomic_dec(&serial->port.count); kref_put(&serial->parent->ref, hso_serial_ref_free); } } else { -@@ -1361,10 +1360,10 @@ static void hso_serial_close(struct tty_struct *tty, struct file *filp) +@@ -1350,10 +1349,10 @@ static void hso_serial_close(struct tty_struct *tty, struct file *filp) /* reset the rts and dtr */ /* do the actual close */ -- serial->open_count--; -+ local_dec(&serial->open_count); - -- if (serial->open_count <= 0) { -- serial->open_count = 0; -+ if (local_read(&serial->open_count) <= 0) { -+ local_set(&serial->open_count, 0); - spin_lock_irq(&serial->serial_lock); - if (serial->tty == tty) { - serial->tty->driver_data = NULL; -@@ -1446,7 +1445,7 @@ static void hso_serial_set_termios(struct tty_struct *tty, struct ktermios *old) +- serial->port.count--; ++ atomic_dec(&serial->port.count); + +- if (serial->port.count <= 0) { +- serial->port.count = 0; ++ if (atomic_read(&serial->port.count) <= 0) { ++ atomic_set(&serial->port.count, 0); + tty_port_tty_set(&serial->port, NULL); + if (!usb_gone) + hso_stop_serial_device(serial->parent); +@@ -1429,7 +1428,7 @@ static void hso_serial_set_termios(struct tty_struct *tty, struct ktermios *old) /* the actual setup */ spin_lock_irqsave(&serial->serial_lock, flags); -- if (serial->open_count) -+ if (local_read(&serial->open_count)) +- if (serial->port.count) ++ if (atomic_read(&serial->port.count)) _hso_serial_set_termios(tty, old); else tty->termios = old; -@@ -1905,7 +1904,7 @@ static void intr_callback(struct urb *urb) +@@ -1888,7 +1887,7 @@ static void intr_callback(struct urb *urb) D1("Pending read interrupt on port %d\n", i); spin_lock(&serial->serial_lock); if (serial->rx_state == RX_IDLE && -- serial->open_count > 0) { -+ local_read(&serial->open_count) > 0) { +- serial->port.count > 0) { ++ atomic_read(&serial->port.count) > 0) { /* Setup and send a ctrl req read on * port i */ if (!serial->rx_urb_filled[0]) { -@@ -3098,7 +3097,7 @@ static int hso_resume(struct usb_interface *iface) +@@ -3079,7 +3078,7 @@ static int hso_resume(struct usb_interface *iface) /* Start all serial ports */ for (i = 0; i < HSO_SERIAL_TTY_MINORS; i++) { if (serial_table[i] && (serial_table[i]->interface == iface)) { -- if (dev2ser(serial_table[i])->open_count) { -+ if (local_read(&dev2ser(serial_table[i])->open_count)) { +- if (dev2ser(serial_table[i])->port.count) { ++ if (atomic_read(&dev2ser(serial_table[i])->port.count)) { result = hso_start_serial_device(serial_table[i], GFP_NOIO); hso_kick_transmit(dev2ser(serial_table[i])); @@ -35458,10 +35214,10 @@ index 420d69b..74f90a2 100644 struct ath_common; struct ath_bus_ops; diff --git a/drivers/net/wireless/ath/ath9k/ar9002_mac.c b/drivers/net/wireless/ath/ath9k/ar9002_mac.c -index aa2abaf..5f5152d 100644 +index 8d78253..bebbb68 100644 --- a/drivers/net/wireless/ath/ath9k/ar9002_mac.c +++ b/drivers/net/wireless/ath/ath9k/ar9002_mac.c -@@ -183,8 +183,8 @@ ar9002_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i) +@@ -184,8 +184,8 @@ ar9002_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i) ads->ds_txstatus6 = ads->ds_txstatus7 = 0; ads->ds_txstatus8 = ads->ds_txstatus9 = 0; @@ -35472,7 +35228,7 @@ index aa2abaf..5f5152d 100644 ctl1 = i->buf_len[0] | (i->is_last ? 0 : AR_TxMore); ctl6 = SM(i->keytype, AR_EncrType); -@@ -198,26 +198,26 @@ ar9002_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i) +@@ -199,26 +199,26 @@ ar9002_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i) if ((i->is_first || i->is_last) && i->aggr != AGGR_BUF_MIDDLE && i->aggr != AGGR_BUF_LAST) { @@ -35506,7 +35262,7 @@ index aa2abaf..5f5152d 100644 return; } -@@ -242,7 +242,7 @@ ar9002_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i) +@@ -243,7 +243,7 @@ ar9002_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i) break; } @@ -35515,7 +35271,7 @@ index aa2abaf..5f5152d 100644 | (i->flags & ATH9K_TXDESC_VMF ? AR_VirtMoreFrag : 0) | SM(i->txpower, AR_XmitPower) | (i->flags & ATH9K_TXDESC_VEOL ? AR_VEOL : 0) -@@ -252,19 +252,19 @@ ar9002_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i) +@@ -253,19 +253,19 @@ ar9002_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i) | (i->flags & ATH9K_TXDESC_RTSENA ? AR_RTSEnable : (i->flags & ATH9K_TXDESC_CTSENA ? AR_CTSEnable : 0)); @@ -35541,7 +35297,7 @@ index aa2abaf..5f5152d 100644 | set11nRateFlags(i->rates, 2) | set11nRateFlags(i->rates, 3) diff --git a/drivers/net/wireless/ath/ath9k/ar9003_mac.c b/drivers/net/wireless/ath/ath9k/ar9003_mac.c -index a66a13b..0ef399e 100644 +index d9e0824..1a874e7 100644 --- a/drivers/net/wireless/ath/ath9k/ar9003_mac.c +++ b/drivers/net/wireless/ath/ath9k/ar9003_mac.c @@ -39,47 +39,47 @@ ar9003_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i) @@ -35663,10 +35419,10 @@ index a66a13b..0ef399e 100644 static u16 ar9003_calc_ptr_chksum(struct ar9003_txc *ads) diff --git a/drivers/net/wireless/ath/ath9k/hw.h b/drivers/net/wireless/ath/ath9k/hw.h -index e88f182..4e57f5d 100644 +index b620c55..a76cd49 100644 --- a/drivers/net/wireless/ath/ath9k/hw.h +++ b/drivers/net/wireless/ath/ath9k/hw.h -@@ -614,7 +614,7 @@ struct ath_hw_private_ops { +@@ -609,7 +609,7 @@ struct ath_hw_private_ops { /* ANI */ void (*ani_cache_ini_regs)(struct ath_hw *ah); @@ -35675,7 +35431,7 @@ index e88f182..4e57f5d 100644 /** * struct ath_hw_ops - callbacks used by hardware code and driver code -@@ -644,7 +644,7 @@ struct ath_hw_ops { +@@ -639,7 +639,7 @@ struct ath_hw_ops { void (*antdiv_comb_conf_set)(struct ath_hw *ah, struct ath_hw_antcomb_conf *antconf); @@ -35684,7 +35440,7 @@ index e88f182..4e57f5d 100644 struct ath_nf_limits { s16 max; -@@ -664,7 +664,7 @@ enum ath_cal_list { +@@ -659,7 +659,7 @@ enum ath_cal_list { #define AH_FASTCC 0x4 struct ath_hw { @@ -35722,10 +35478,10 @@ index faec404..a5277f1 100644 D_INFO("*** LOAD DRIVER ***\n"); diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c -index b7ce6a6..5649756 100644 +index a0b7cfd..20b49f7 100644 --- a/drivers/net/wireless/mac80211_hwsim.c +++ b/drivers/net/wireless/mac80211_hwsim.c -@@ -1721,9 +1721,11 @@ static int __init init_mac80211_hwsim(void) +@@ -1752,9 +1752,11 @@ static int __init init_mac80211_hwsim(void) return -EINVAL; if (fake_hw_scan) { @@ -35741,23 +35497,23 @@ index b7ce6a6..5649756 100644 spin_lock_init(&hwsim_radio_lock); diff --git a/drivers/net/wireless/mwifiex/main.h b/drivers/net/wireless/mwifiex/main.h -index 35225e9..95e6bf9 100644 +index bd3b0bf..f9db92a 100644 --- a/drivers/net/wireless/mwifiex/main.h +++ b/drivers/net/wireless/mwifiex/main.h -@@ -537,7 +537,7 @@ struct mwifiex_if_ops { - void (*cleanup_mpa_buf) (struct mwifiex_adapter *); - int (*cmdrsp_complete) (struct mwifiex_adapter *, struct sk_buff *); +@@ -567,7 +567,7 @@ struct mwifiex_if_ops { int (*event_complete) (struct mwifiex_adapter *, struct sk_buff *); + int (*data_complete) (struct mwifiex_adapter *, struct sk_buff *); + int (*dnld_fw) (struct mwifiex_adapter *, struct mwifiex_fw_image *); -}; +} __no_const; struct mwifiex_adapter { u8 iface_type; diff --git a/drivers/net/wireless/rndis_wlan.c b/drivers/net/wireless/rndis_wlan.c -index d66e298..55b0a89 100644 +index dfcd02a..a42a59d 100644 --- a/drivers/net/wireless/rndis_wlan.c +++ b/drivers/net/wireless/rndis_wlan.c -@@ -1278,7 +1278,7 @@ static int set_rts_threshold(struct usbnet *usbdev, u32 rts_threshold) +@@ -1235,7 +1235,7 @@ static int set_rts_threshold(struct usbnet *usbdev, u32 rts_threshold) netdev_dbg(usbdev->net, "%s(): %i\n", __func__, rts_threshold); @@ -35767,7 +35523,7 @@ index d66e298..55b0a89 100644 tmp = cpu_to_le32(rts_threshold); diff --git a/drivers/net/wireless/rt2x00/rt2x00.h b/drivers/net/wireless/rt2x00/rt2x00.h -index c264dfa..08ee30e 100644 +index 8f75402..eed109d 100644 --- a/drivers/net/wireless/rt2x00/rt2x00.h +++ b/drivers/net/wireless/rt2x00/rt2x00.h @@ -396,7 +396,7 @@ struct rt2x00_intf { @@ -35780,10 +35536,10 @@ index c264dfa..08ee30e 100644 static inline struct rt2x00_intf* vif_to_intf(struct ieee80211_vif *vif) diff --git a/drivers/net/wireless/rt2x00/rt2x00queue.c b/drivers/net/wireless/rt2x00/rt2x00queue.c -index 50f92d5..f3afc41 100644 +index 2fd8301..9767e8c 100644 --- a/drivers/net/wireless/rt2x00/rt2x00queue.c +++ b/drivers/net/wireless/rt2x00/rt2x00queue.c -@@ -229,9 +229,9 @@ static void rt2x00queue_create_tx_descriptor_seq(struct rt2x00_dev *rt2x00dev, +@@ -240,9 +240,9 @@ static void rt2x00queue_create_tx_descriptor_seq(struct rt2x00_dev *rt2x00dev, * sequence counter given by mac80211. */ if (test_bit(ENTRY_TXD_FIRST_FRAGMENT, &txdesc->flags)) @@ -35795,10 +35551,10 @@ index 50f92d5..f3afc41 100644 hdr->seq_ctrl &= cpu_to_le16(IEEE80211_SCTL_FRAG); hdr->seq_ctrl |= cpu_to_le16(seqno); -diff --git a/drivers/net/wireless/wl1251/wl1251.h b/drivers/net/wireless/wl1251/wl1251.h +diff --git a/drivers/net/wireless/ti/wl1251/wl1251.h b/drivers/net/wireless/ti/wl1251/wl1251.h index 9d8f581..0f6589e 100644 ---- a/drivers/net/wireless/wl1251/wl1251.h -+++ b/drivers/net/wireless/wl1251/wl1251.h +--- a/drivers/net/wireless/ti/wl1251/wl1251.h ++++ b/drivers/net/wireless/ti/wl1251/wl1251.h @@ -266,7 +266,7 @@ struct wl1251_if_operations { void (*reset)(struct wl1251 *wl); void (*enable_irq)(struct wl1251 *wl); @@ -35808,6 +35564,19 @@ index 9d8f581..0f6589e 100644 struct wl1251 { struct ieee80211_hw *hw; +diff --git a/drivers/net/wireless/ti/wlcore/wlcore.h b/drivers/net/wireless/ti/wlcore/wlcore.h +index 0b3f0b5..62f68bd 100644 +--- a/drivers/net/wireless/ti/wlcore/wlcore.h ++++ b/drivers/net/wireless/ti/wlcore/wlcore.h +@@ -61,7 +61,7 @@ struct wlcore_ops { + struct wl12xx_vif *wlvif); + s8 (*get_pg_ver)(struct wl1271 *wl); + void (*get_mac)(struct wl1271 *wl); +-}; ++} __no_const; + + enum wlcore_partitions { + PART_DOWN, diff --git a/drivers/oprofile/buffer_sync.c b/drivers/oprofile/buffer_sync.c index f34b5b2..b5abb9f 100644 --- a/drivers/oprofile/buffer_sync.c @@ -35999,10 +35768,10 @@ index b500840..d7159d3 100644 #define ASPM_STATE_ALL (ASPM_STATE_L0S | ASPM_STATE_L1) diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c -index 5e1ca3c..08082fe 100644 +index 658ac97..05e1b90 100644 --- a/drivers/pci/probe.c +++ b/drivers/pci/probe.c -@@ -215,7 +215,7 @@ int __pci_read_base(struct pci_dev *dev, enum pci_bar_type type, +@@ -137,7 +137,7 @@ int __pci_read_base(struct pci_dev *dev, enum pci_bar_type type, u16 orig_cmd; struct pci_bus_region region; @@ -36033,7 +35802,7 @@ index 27911b5..5b6db88 100644 &proc_bus_pci_dev_operations); proc_initialized = 1; diff --git a/drivers/platform/x86/thinkpad_acpi.c b/drivers/platform/x86/thinkpad_acpi.c -index d68c000..f6094ca 100644 +index 8b5610d..a4c22bb 100644 --- a/drivers/platform/x86/thinkpad_acpi.c +++ b/drivers/platform/x86/thinkpad_acpi.c @@ -2094,7 +2094,7 @@ static int hotkey_mask_get(void) @@ -36247,7 +36016,7 @@ index b0ecacb..7c9da2e 100644 /* check if the resource is reserved */ diff --git a/drivers/power/bq27x00_battery.c b/drivers/power/bq27x00_battery.c -index 222ccd8..6275fa5 100644 +index f5d6d37..739f6a9 100644 --- a/drivers/power/bq27x00_battery.c +++ b/drivers/power/bq27x00_battery.c @@ -72,7 +72,7 @@ @@ -36260,10 +36029,10 @@ index 222ccd8..6275fa5 100644 enum bq27x00_chip { BQ27000, BQ27500 }; diff --git a/drivers/regulator/max8660.c b/drivers/regulator/max8660.c -index 4c5b053..104263e 100644 +index 8d53174..04c65de 100644 --- a/drivers/regulator/max8660.c +++ b/drivers/regulator/max8660.c -@@ -385,8 +385,10 @@ static int __devinit max8660_probe(struct i2c_client *client, +@@ -333,8 +333,10 @@ static int __devinit max8660_probe(struct i2c_client *client, max8660->shadow_regs[MAX8660_OVER1] = 5; } else { /* Otherwise devices can be toggled via software */ @@ -36277,10 +36046,10 @@ index 4c5b053..104263e 100644 /* diff --git a/drivers/regulator/mc13892-regulator.c b/drivers/regulator/mc13892-regulator.c -index 845aa22..99ec402 100644 +index 970a233..ee1f241 100644 --- a/drivers/regulator/mc13892-regulator.c +++ b/drivers/regulator/mc13892-regulator.c -@@ -574,10 +574,12 @@ static int __devinit mc13892_regulator_probe(struct platform_device *pdev) +@@ -566,10 +566,12 @@ static int __devinit mc13892_regulator_probe(struct platform_device *pdev) } mc13xxx_unlock(mc13892); @@ -36434,7 +36203,7 @@ index 1a99d4b..e85d64b 100644 /* * Queue element to wait for room in request queue. FIFO order is diff --git a/drivers/scsi/hosts.c b/drivers/scsi/hosts.c -index a3a056a..b9bbc2f 100644 +index b48c24f..dac0fbc 100644 --- a/drivers/scsi/hosts.c +++ b/drivers/scsi/hosts.c @@ -42,7 +42,7 @@ @@ -36446,7 +36215,7 @@ index a3a056a..b9bbc2f 100644 static void scsi_host_cls_release(struct device *dev) -@@ -360,7 +360,7 @@ struct Scsi_Host *scsi_host_alloc(struct scsi_host_template *sht, int privsize) +@@ -361,7 +361,7 @@ struct Scsi_Host *scsi_host_alloc(struct scsi_host_template *sht, int privsize) * subtract one because we increment first then return, but we need to * know what the next host number was before increment */ @@ -36456,19 +36225,19 @@ index a3a056a..b9bbc2f 100644 /* These three are default values which can be overridden */ diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c -index 500e20d..ebd3059 100644 +index 796482b..d08435c 100644 --- a/drivers/scsi/hpsa.c +++ b/drivers/scsi/hpsa.c -@@ -521,7 +521,7 @@ static inline u32 next_command(struct ctlr_info *h) - u32 a; +@@ -536,7 +536,7 @@ static inline u32 next_command(struct ctlr_info *h, u8 q) + unsigned long flags; if (unlikely(!(h->transMethod & CFGTBL_Trans_Performant))) -- return h->access.command_completed(h); -+ return h->access->command_completed(h); +- return h->access.command_completed(h, q); ++ return h->access->command_completed(h, q); - if ((*(h->reply_pool_head) & 1) == (h->reply_pool_wraparound)) { - a = *(h->reply_pool_head); /* Next cmd in ring buffer */ -@@ -3002,7 +3002,7 @@ static void start_io(struct ctlr_info *h) + if ((rq->head[rq->current_entry] & 1) == rq->wraparound) { + a = rq->head[rq->current_entry]; +@@ -3354,7 +3354,7 @@ static void start_io(struct ctlr_info *h) while (!list_empty(&h->reqQ)) { c = list_entry(h->reqQ.next, struct CommandList, list); /* can't do anything if fifo is full */ @@ -36477,21 +36246,21 @@ index 500e20d..ebd3059 100644 dev_warn(&h->pdev->dev, "fifo full\n"); break; } -@@ -3012,7 +3012,7 @@ static void start_io(struct ctlr_info *h) - h->Qdepth--; +@@ -3376,7 +3376,7 @@ static void start_io(struct ctlr_info *h) /* Tell the controller execute command */ + spin_unlock_irqrestore(&h->lock, flags); - h->access.submit_command(h, c); + h->access->submit_command(h, c); + spin_lock_irqsave(&h->lock, flags); + } + spin_unlock_irqrestore(&h->lock, flags); +@@ -3384,17 +3384,17 @@ static void start_io(struct ctlr_info *h) - /* Put job onto the completed Q */ - addQ(&h->cmpQ, c); -@@ -3021,17 +3021,17 @@ static void start_io(struct ctlr_info *h) - - static inline unsigned long get_next_completion(struct ctlr_info *h) + static inline unsigned long get_next_completion(struct ctlr_info *h, u8 q) { -- return h->access.command_completed(h); -+ return h->access->command_completed(h); +- return h->access.command_completed(h, q); ++ return h->access->command_completed(h, q); } static inline bool interrupt_pending(struct ctlr_info *h) @@ -36507,16 +36276,16 @@ index 500e20d..ebd3059 100644 (h->interrupts_enabled == 0); } -@@ -3930,7 +3930,7 @@ static int __devinit hpsa_pci_init(struct ctlr_info *h) +@@ -4298,7 +4298,7 @@ static int __devinit hpsa_pci_init(struct ctlr_info *h) if (prod_index < 0) return -ENODEV; h->product_name = products[prod_index].product_name; - h->access = *(products[prod_index].access); + h->access = products[prod_index].access; - if (hpsa_board_disabled(h->pdev)) { - dev_warn(&h->pdev->dev, "controller appears to be disabled\n"); -@@ -4175,7 +4175,7 @@ static void controller_lockup_detected(struct ctlr_info *h) + pci_disable_link_state(h->pdev, PCIE_LINK_STATE_L0S | + PCIE_LINK_STATE_L1 | PCIE_LINK_STATE_CLKPM); +@@ -4580,7 +4580,7 @@ static void controller_lockup_detected(struct ctlr_info *h) assert_spin_locked(&lockup_detector_lock); remove_ctlr_from_lockup_detector_list(h); @@ -36525,7 +36294,7 @@ index 500e20d..ebd3059 100644 spin_lock_irqsave(&h->lock, flags); h->lockup_detected = readl(h->vaddr + SA5_SCRATCHPAD_OFFSET); spin_unlock_irqrestore(&h->lock, flags); -@@ -4355,7 +4355,7 @@ reinit_after_soft_reset: +@@ -4758,7 +4758,7 @@ reinit_after_soft_reset: } /* make sure the board interrupts are off */ @@ -36534,16 +36303,16 @@ index 500e20d..ebd3059 100644 if (hpsa_request_irq(h, do_hpsa_intr_msi, do_hpsa_intr_intx)) goto clean2; -@@ -4389,7 +4389,7 @@ reinit_after_soft_reset: +@@ -4792,7 +4792,7 @@ reinit_after_soft_reset: * fake ones to scoop up any residual completions. */ spin_lock_irqsave(&h->lock, flags); - h->access.set_intr_mask(h, HPSA_INTR_OFF); + h->access->set_intr_mask(h, HPSA_INTR_OFF); spin_unlock_irqrestore(&h->lock, flags); - free_irq(h->intr[h->intr_mode], h); + free_irqs(h); rc = hpsa_request_irq(h, hpsa_msix_discard_completions, -@@ -4408,9 +4408,9 @@ reinit_after_soft_reset: +@@ -4811,9 +4811,9 @@ reinit_after_soft_reset: dev_info(&h->pdev->dev, "Board READY.\n"); dev_info(&h->pdev->dev, "Waiting for stale completions to drain.\n"); @@ -36555,7 +36324,7 @@ index 500e20d..ebd3059 100644 rc = controller_reset_failed(h->cfgtable); if (rc) -@@ -4431,7 +4431,7 @@ reinit_after_soft_reset: +@@ -4834,7 +4834,7 @@ reinit_after_soft_reset: } /* Turn the interrupts on so we can service requests */ @@ -36564,16 +36333,16 @@ index 500e20d..ebd3059 100644 hpsa_hba_inquiry(h); hpsa_register_scsi(h); /* hook ourselves into SCSI subsystem */ -@@ -4483,7 +4483,7 @@ static void hpsa_shutdown(struct pci_dev *pdev) +@@ -4886,7 +4886,7 @@ static void hpsa_shutdown(struct pci_dev *pdev) * To write all data in the battery backed cache to disks */ hpsa_flush_cache(h); - h->access.set_intr_mask(h, HPSA_INTR_OFF); + h->access->set_intr_mask(h, HPSA_INTR_OFF); - free_irq(h->intr[h->intr_mode], h); - #ifdef CONFIG_PCI_MSI - if (h->msix_vector) -@@ -4657,7 +4657,7 @@ static __devinit void hpsa_enter_performant_mode(struct ctlr_info *h, + hpsa_free_irqs_and_disable_msix(h); + } + +@@ -5055,7 +5055,7 @@ static __devinit void hpsa_enter_performant_mode(struct ctlr_info *h, return; } /* Change the access methods to the performant access methods */ @@ -36583,10 +36352,10 @@ index 500e20d..ebd3059 100644 } diff --git a/drivers/scsi/hpsa.h b/drivers/scsi/hpsa.h -index 7b28d54..952f23a 100644 +index 9816479..c5d4e97 100644 --- a/drivers/scsi/hpsa.h +++ b/drivers/scsi/hpsa.h -@@ -72,7 +72,7 @@ struct ctlr_info { +@@ -79,7 +79,7 @@ struct ctlr_info { unsigned int msix_vector; unsigned int msi_vector; int intr_mode; /* either PERF_MODE_INT or SIMPLE_MODE_INT */ @@ -36746,11 +36515,24 @@ index d109cc3..09f4e7d 100644 .qc_prep = ata_noop_qc_prep, .qc_issue = sas_ata_qc_issue, .qc_fill_rtf = sas_ata_qc_fill_rtf, +diff --git a/drivers/scsi/lpfc/Makefile b/drivers/scsi/lpfc/Makefile +index fe5d396..e93d526 100644 +--- a/drivers/scsi/lpfc/Makefile ++++ b/drivers/scsi/lpfc/Makefile +@@ -22,7 +22,7 @@ + ccflags-$(GCOV) := -fprofile-arcs -ftest-coverage + ccflags-$(GCOV) += -O0 + +-ccflags-y += -Werror ++#ccflags-y += -Werror + + obj-$(CONFIG_SCSI_LPFC) := lpfc.o + diff --git a/drivers/scsi/lpfc/lpfc.h b/drivers/scsi/lpfc/lpfc.h -index 3a1ffdd..8eb7c71 100644 +index e5da6da..c888d48 100644 --- a/drivers/scsi/lpfc/lpfc.h +++ b/drivers/scsi/lpfc/lpfc.h -@@ -413,7 +413,7 @@ struct lpfc_vport { +@@ -416,7 +416,7 @@ struct lpfc_vport { struct dentry *debug_nodelist; struct dentry *vport_debugfs_root; struct lpfc_debugfs_trc *disc_trc; @@ -36759,7 +36541,7 @@ index 3a1ffdd..8eb7c71 100644 #endif uint8_t stat_data_enabled; uint8_t stat_data_blocked; -@@ -826,8 +826,8 @@ struct lpfc_hba { +@@ -830,8 +830,8 @@ struct lpfc_hba { struct timer_list fabric_block_timer; unsigned long bit_flags; #define FABRIC_COMANDS_BLOCKED 0 @@ -36770,7 +36552,7 @@ index 3a1ffdd..8eb7c71 100644 unsigned long last_rsrc_error_time; unsigned long last_ramp_down_time; unsigned long last_ramp_up_time; -@@ -863,7 +863,7 @@ struct lpfc_hba { +@@ -867,7 +867,7 @@ struct lpfc_hba { struct dentry *debug_slow_ring_trc; struct lpfc_debugfs_trc *slow_ring_trc; @@ -36780,7 +36562,7 @@ index 3a1ffdd..8eb7c71 100644 struct dentry *idiag_root; struct dentry *idiag_pci_cfg; diff --git a/drivers/scsi/lpfc/lpfc_debugfs.c b/drivers/scsi/lpfc/lpfc_debugfs.c -index af04b0d..8f1a97e 100644 +index 3217d63..c417981 100644 --- a/drivers/scsi/lpfc/lpfc_debugfs.c +++ b/drivers/scsi/lpfc/lpfc_debugfs.c @@ -106,7 +106,7 @@ MODULE_PARM_DESC(lpfc_debugfs_mask_disc_trc, @@ -36863,10 +36645,10 @@ index af04b0d..8f1a97e 100644 snprintf(name, sizeof(name), "discovery_trace"); vport->debug_disc_trc = diff --git a/drivers/scsi/lpfc/lpfc_init.c b/drivers/scsi/lpfc/lpfc_init.c -index 9598fdc..7e9f3d9 100644 +index 411ed48..967f553 100644 --- a/drivers/scsi/lpfc/lpfc_init.c +++ b/drivers/scsi/lpfc/lpfc_init.c -@@ -10266,8 +10266,10 @@ lpfc_init(void) +@@ -10341,8 +10341,10 @@ lpfc_init(void) "misc_register returned with status %d", error); if (lpfc_enable_npiv) { @@ -36880,7 +36662,7 @@ index 9598fdc..7e9f3d9 100644 lpfc_transport_template = fc_attach_transport(&lpfc_transport_functions); diff --git a/drivers/scsi/lpfc/lpfc_scsi.c b/drivers/scsi/lpfc/lpfc_scsi.c -index 88f3a83..686d3fa 100644 +index 66e0906..1620281 100644 --- a/drivers/scsi/lpfc/lpfc_scsi.c +++ b/drivers/scsi/lpfc/lpfc_scsi.c @@ -311,7 +311,7 @@ lpfc_rampdown_queue_depth(struct lpfc_hba *phba) @@ -36910,9 +36692,9 @@ index 88f3a83..686d3fa 100644 + num_rsrc_err = atomic_read_unchecked(&phba->num_rsrc_err); + num_cmd_success = atomic_read_unchecked(&phba->num_cmd_success); - vports = lpfc_create_vport_work_array(phba); - if (vports != NULL) -@@ -417,8 +417,8 @@ lpfc_ramp_down_queue_handler(struct lpfc_hba *phba) + /* + * The error and success command counters are global per +@@ -425,8 +425,8 @@ lpfc_ramp_down_queue_handler(struct lpfc_hba *phba) } } lpfc_destroy_vport_work_array(phba, vports); @@ -36923,7 +36705,7 @@ index 88f3a83..686d3fa 100644 } /** -@@ -452,8 +452,8 @@ lpfc_ramp_up_queue_handler(struct lpfc_hba *phba) +@@ -460,8 +460,8 @@ lpfc_ramp_up_queue_handler(struct lpfc_hba *phba) } } lpfc_destroy_vport_work_array(phba, vports); @@ -37041,11 +36823,33 @@ index e1d150f..6c6df44 100644 /* To indicate add/delete/modify during CCN */ u8 change_detected; +diff --git a/drivers/scsi/qla2xxx/qla_attr.c b/drivers/scsi/qla2xxx/qla_attr.c +index 5ab9530..2dd80f7 100644 +--- a/drivers/scsi/qla2xxx/qla_attr.c ++++ b/drivers/scsi/qla2xxx/qla_attr.c +@@ -1855,7 +1855,7 @@ qla24xx_vport_disable(struct fc_vport *fc_vport, bool disable) + return 0; + } + +-struct fc_function_template qla2xxx_transport_functions = { ++fc_function_template_no_const qla2xxx_transport_functions = { + + .show_host_node_name = 1, + .show_host_port_name = 1, +@@ -1902,7 +1902,7 @@ struct fc_function_template qla2xxx_transport_functions = { + .bsg_timeout = qla24xx_bsg_timeout, + }; + +-struct fc_function_template qla2xxx_transport_vport_functions = { ++fc_function_template_no_const qla2xxx_transport_vport_functions = { + + .show_host_node_name = 1, + .show_host_port_name = 1, diff --git a/drivers/scsi/qla2xxx/qla_def.h b/drivers/scsi/qla2xxx/qla_def.h -index a244303..6015eb7 100644 +index 39007f5..7fafc64 100644 --- a/drivers/scsi/qla2xxx/qla_def.h +++ b/drivers/scsi/qla2xxx/qla_def.h -@@ -2264,7 +2264,7 @@ struct isp_operations { +@@ -2284,7 +2284,7 @@ struct isp_operations { int (*start_scsi) (srb_t *); int (*abort_isp) (struct scsi_qla_host *); int (*iospace_config)(struct qla_hw_data*); @@ -37054,8 +36858,23 @@ index a244303..6015eb7 100644 /* MSI-X Support *************************************************************/ +diff --git a/drivers/scsi/qla2xxx/qla_gbl.h b/drivers/scsi/qla2xxx/qla_gbl.h +index 9eacd2d..d79629c 100644 +--- a/drivers/scsi/qla2xxx/qla_gbl.h ++++ b/drivers/scsi/qla2xxx/qla_gbl.h +@@ -484,8 +484,8 @@ extern void qla2x00_get_sym_node_name(scsi_qla_host_t *, uint8_t *); + struct device_attribute; + extern struct device_attribute *qla2x00_host_attrs[]; + struct fc_function_template; +-extern struct fc_function_template qla2xxx_transport_functions; +-extern struct fc_function_template qla2xxx_transport_vport_functions; ++extern fc_function_template_no_const qla2xxx_transport_functions; ++extern fc_function_template_no_const qla2xxx_transport_vport_functions; + extern void qla2x00_alloc_sysfs_attr(scsi_qla_host_t *); + extern void qla2x00_free_sysfs_attr(scsi_qla_host_t *); + extern void qla2x00_init_host_attr(scsi_qla_host_t *); diff --git a/drivers/scsi/qla4xxx/ql4_def.h b/drivers/scsi/qla4xxx/ql4_def.h -index 7f2492e..5113877 100644 +index 96a5616..eeb185a 100644 --- a/drivers/scsi/qla4xxx/ql4_def.h +++ b/drivers/scsi/qla4xxx/ql4_def.h @@ -268,7 +268,7 @@ struct ddb_entry { @@ -37068,10 +36887,10 @@ index 7f2492e..5113877 100644 uint32_t default_time2wait; /* Default Min time between * relogins (+aens) */ diff --git a/drivers/scsi/qla4xxx/ql4_os.c b/drivers/scsi/qla4xxx/ql4_os.c -index ee47820..a83b1f4 100644 +index cd15678..f7e6846 100644 --- a/drivers/scsi/qla4xxx/ql4_os.c +++ b/drivers/scsi/qla4xxx/ql4_os.c -@@ -2551,12 +2551,12 @@ static void qla4xxx_check_relogin_flash_ddb(struct iscsi_cls_session *cls_sess) +@@ -2615,12 +2615,12 @@ static void qla4xxx_check_relogin_flash_ddb(struct iscsi_cls_session *cls_sess) */ if (!iscsi_is_session_online(cls_sess)) { /* Reset retry relogin timer */ @@ -37086,7 +36905,7 @@ index ee47820..a83b1f4 100644 ddb_entry->default_time2wait + 4)); set_bit(DPC_RELOGIN_DEVICE, &ha->dpc_flags); atomic_set(&ddb_entry->retry_relogin_timer, -@@ -4453,7 +4453,7 @@ static void qla4xxx_setup_flash_ddb_entry(struct scsi_qla_host *ha, +@@ -4517,7 +4517,7 @@ static void qla4xxx_setup_flash_ddb_entry(struct scsi_qla_host *ha, atomic_set(&ddb_entry->retry_relogin_timer, INVALID_ENTRY); atomic_set(&ddb_entry->relogin_timer, 0); @@ -37096,10 +36915,10 @@ index ee47820..a83b1f4 100644 ddb_entry->default_relogin_timeout = (def_timeout > LOGIN_TOV) && (def_timeout < LOGIN_TOV * 10) ? diff --git a/drivers/scsi/scsi.c b/drivers/scsi/scsi.c -index 07322ec..91ccc23 100644 +index bbbc9c9..ce22f77 100644 --- a/drivers/scsi/scsi.c +++ b/drivers/scsi/scsi.c -@@ -655,7 +655,7 @@ int scsi_dispatch_cmd(struct scsi_cmnd *cmd) +@@ -659,7 +659,7 @@ int scsi_dispatch_cmd(struct scsi_cmnd *cmd) unsigned long timeout; int rtn = 0; @@ -37109,10 +36928,10 @@ index 07322ec..91ccc23 100644 /* check if the device is still usable */ if (unlikely(cmd->device->sdev_state == SDEV_DEL)) { diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c -index 4037fd5..a19fcc7 100644 +index 495db80..fb37d59 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c -@@ -1415,7 +1415,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q) +@@ -1422,7 +1422,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q) shost = sdev->host; scsi_init_cmd_errh(cmd); cmd->result = DID_NO_CONNECT << 16; @@ -37121,7 +36940,7 @@ index 4037fd5..a19fcc7 100644 /* * SCSI request completion path will do scsi_device_unbusy(), -@@ -1441,9 +1441,9 @@ static void scsi_softirq_done(struct request *rq) +@@ -1448,9 +1448,9 @@ static void scsi_softirq_done(struct request *rq) INIT_LIST_HEAD(&cmd->eh_entry); @@ -37134,7 +36953,7 @@ index 4037fd5..a19fcc7 100644 disposition = scsi_decide_disposition(cmd); if (disposition != SUCCESS && diff --git a/drivers/scsi/scsi_sysfs.c b/drivers/scsi/scsi_sysfs.c -index 04c2a27..9d8bd66 100644 +index bb7c482..7551a95 100644 --- a/drivers/scsi/scsi_sysfs.c +++ b/drivers/scsi/scsi_sysfs.c @@ -660,7 +660,7 @@ show_iostat_##field(struct device *dev, struct device_attribute *attr, \ @@ -37160,7 +36979,7 @@ index 84a1fdf..693b0d6 100644 /* * TODO: need to fixup sg_tablesize, max_segment_size, diff --git a/drivers/scsi/scsi_transport_fc.c b/drivers/scsi/scsi_transport_fc.c -index 80fbe2a..efa223b 100644 +index 5797604..289a5b5 100644 --- a/drivers/scsi/scsi_transport_fc.c +++ b/drivers/scsi/scsi_transport_fc.c @@ -498,7 +498,7 @@ static DECLARE_TRANSPORT_CLASS(fc_vport_class, @@ -37262,10 +37081,10 @@ index 21a045e..ec89e03 100644 transport_setup_device(&rport->dev); diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c -index eacd46b..e3f4d62 100644 +index 9c5c5f2..8414557 100644 --- a/drivers/scsi/sg.c +++ b/drivers/scsi/sg.c -@@ -1077,7 +1077,7 @@ sg_ioctl(struct file *filp, unsigned int cmd_in, unsigned long arg) +@@ -1101,7 +1101,7 @@ sg_ioctl(struct file *filp, unsigned int cmd_in, unsigned long arg) sdp->disk->disk_name, MKDEV(SCSI_GENERIC_MAJOR, sdp->index), NULL, @@ -37274,29 +37093,11 @@ index eacd46b..e3f4d62 100644 case BLKTRACESTART: return blk_trace_startstop(sdp->device->request_queue, 1); case BLKTRACESTOP: -@@ -2312,7 +2312,7 @@ struct sg_proc_leaf { - const struct file_operations * fops; - }; - --static struct sg_proc_leaf sg_proc_leaf_arr[] = { -+static const struct sg_proc_leaf sg_proc_leaf_arr[] = { - {"allow_dio", &adio_fops}, - {"debug", &debug_fops}, - {"def_reserved_size", &dressz_fops}, -@@ -2332,7 +2332,7 @@ sg_proc_init(void) - if (!sg_proc_sgp) - return 1; - for (k = 0; k < num_leaves; ++k) { -- struct sg_proc_leaf *leaf = &sg_proc_leaf_arr[k]; -+ const struct sg_proc_leaf *leaf = &sg_proc_leaf_arr[k]; - umode_t mask = leaf->fops->write ? S_IRUGO | S_IWUSR : S_IRUGO; - proc_create(leaf->name, mask, sg_proc_sgp, leaf->fops); - } diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c -index 3d8f662..070f1a5 100644 +index 1041cb8..4a946fa 100644 --- a/drivers/spi/spi.c +++ b/drivers/spi/spi.c -@@ -1361,7 +1361,7 @@ int spi_bus_unlock(struct spi_master *master) +@@ -1453,7 +1453,7 @@ int spi_bus_unlock(struct spi_master *master) EXPORT_SYMBOL_GPL(spi_bus_unlock); /* portable code must never pass more than 32 bytes */ @@ -37306,7 +37107,7 @@ index 3d8f662..070f1a5 100644 static u8 *buf; diff --git a/drivers/staging/octeon/ethernet-rx.c b/drivers/staging/octeon/ethernet-rx.c -index d91751f..a3a9e36 100644 +index 34afc16..ffe44dd 100644 --- a/drivers/staging/octeon/ethernet-rx.c +++ b/drivers/staging/octeon/ethernet-rx.c @@ -421,11 +421,11 @@ static int cvm_oct_napi_poll(struct napi_struct *napi, int budget) @@ -37338,7 +37139,7 @@ index d91751f..a3a9e36 100644 dev_kfree_skb_irq(skb); } diff --git a/drivers/staging/octeon/ethernet.c b/drivers/staging/octeon/ethernet.c -index 60cba81..71eb239 100644 +index 18f7a79..cc3bc24 100644 --- a/drivers/staging/octeon/ethernet.c +++ b/drivers/staging/octeon/ethernet.c @@ -259,11 +259,11 @@ static struct net_device_stats *cvm_oct_common_get_stats(struct net_device *dev) @@ -37358,7 +37159,7 @@ index 60cba81..71eb239 100644 } diff --git a/drivers/staging/rtl8712/rtl871x_io.h b/drivers/staging/rtl8712/rtl871x_io.h -index d3d8727..f9327bb8 100644 +index dc23395..cf7e9b1 100644 --- a/drivers/staging/rtl8712/rtl871x_io.h +++ b/drivers/staging/rtl8712/rtl871x_io.h @@ -108,7 +108,7 @@ struct _io_ops { @@ -37401,7 +37202,7 @@ index 42cdafe..2769103 100644 ch = synth_buffer_getc(); } diff --git a/drivers/staging/usbip/usbip_common.h b/drivers/staging/usbip/usbip_common.h -index c7b888c..c94be93 100644 +index 5d89c0f..9261317 100644 --- a/drivers/staging/usbip/usbip_common.h +++ b/drivers/staging/usbip/usbip_common.h @@ -289,7 +289,7 @@ struct usbip_device { @@ -37412,7 +37213,7 @@ index c7b888c..c94be93 100644 + } __no_const eh_ops; }; - /* usbip_common.c */ + #define kthread_get_run(threadfn, data, namefmt, ...) \ diff --git a/drivers/staging/usbip/vhci.h b/drivers/staging/usbip/vhci.h index 88b3298..3783eee 100644 --- a/drivers/staging/usbip/vhci.h @@ -37427,7 +37228,7 @@ index 88b3298..3783eee 100644 /* * NOTE: diff --git a/drivers/staging/usbip/vhci_hcd.c b/drivers/staging/usbip/vhci_hcd.c -index dca9bf1..80735c9 100644 +index f708cba..2de6d72 100644 --- a/drivers/staging/usbip/vhci_hcd.c +++ b/drivers/staging/usbip/vhci_hcd.c @@ -488,7 +488,7 @@ static void vhci_tx_urb(struct urb *urb) @@ -37458,7 +37259,7 @@ index dca9bf1..80735c9 100644 hcd->power_budget = 0; /* no limit */ diff --git a/drivers/staging/usbip/vhci_rx.c b/drivers/staging/usbip/vhci_rx.c -index f5fba732..210a16c 100644 +index f0eaf04..5a82e06 100644 --- a/drivers/staging/usbip/vhci_rx.c +++ b/drivers/staging/usbip/vhci_rx.c @@ -77,7 +77,7 @@ static void vhci_recv_ret_submit(struct vhci_device *vdev, @@ -37585,69 +37386,11 @@ index 0d4aa82..f7832d4 100644 extern void tmem_register_hostops(struct tmem_hostops *m); /* core tmem accessor functions */ -diff --git a/drivers/target/target_core_cdb.c b/drivers/target/target_core_cdb.c -index 30a6770..fa323f8 100644 ---- a/drivers/target/target_core_cdb.c -+++ b/drivers/target/target_core_cdb.c -@@ -1107,7 +1107,7 @@ int target_emulate_write_same(struct se_task *task) - if (num_blocks != 0) - range = num_blocks; - else -- range = (dev->transport->get_blocks(dev) - lba); -+ range = (dev->transport->get_blocks(dev) - lba) + 1; - - pr_debug("WRITE_SAME UNMAP: LBA: %llu Range: %llu\n", - (unsigned long long)lba, (unsigned long long)range); -diff --git a/drivers/target/target_core_pr.c b/drivers/target/target_core_pr.c -index c3148b1..89d10e6 100644 ---- a/drivers/target/target_core_pr.c -+++ b/drivers/target/target_core_pr.c -@@ -2038,7 +2038,7 @@ static int __core_scsi3_write_aptpl_to_file( - if (IS_ERR(file) || !file || !file->f_dentry) { - pr_err("filp_open(%s) for APTPL metadata" - " failed\n", path); -- return (PTR_ERR(file) < 0 ? PTR_ERR(file) : -ENOENT); -+ return IS_ERR(file) ? PTR_ERR(file) : -ENOENT; - } - - iov[0].iov_base = &buf[0]; -@@ -3826,7 +3826,7 @@ int target_scsi3_emulate_pr_out(struct se_task *task) - " SPC-2 reservation is held, returning" - " RESERVATION_CONFLICT\n"); - cmd->scsi_sense_reason = TCM_RESERVATION_CONFLICT; -- ret = EINVAL; -+ ret = -EINVAL; - goto out; - } - -@@ -3836,7 +3836,8 @@ int target_scsi3_emulate_pr_out(struct se_task *task) - */ - if (!cmd->se_sess) { - cmd->scsi_sense_reason = TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE; -- return -EINVAL; -+ ret = -EINVAL; -+ goto out; - } - - if (cmd->data_length < 24) { -diff --git a/drivers/target/target_core_tmr.c b/drivers/target/target_core_tmr.c -index f015839..b15dfc4 100644 ---- a/drivers/target/target_core_tmr.c -+++ b/drivers/target/target_core_tmr.c -@@ -327,7 +327,7 @@ static void core_tmr_drain_task_list( - cmd->se_tfo->get_task_tag(cmd), cmd->pr_res_key, - cmd->t_task_list_num, - atomic_read(&cmd->t_task_cdbs_left), -- atomic_read(&cmd->t_task_cdbs_sent), -+ atomic_read_unchecked(&cmd->t_task_cdbs_sent), - (cmd->transport_state & CMD_T_ACTIVE) != 0, - (cmd->transport_state & CMD_T_STOP) != 0, - (cmd->transport_state & CMD_T_SENT) != 0); diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c -index 443704f..92d3517 100644 +index c6c385f..b23c65d 100644 --- a/drivers/target/target_core_transport.c +++ b/drivers/target/target_core_transport.c -@@ -1355,7 +1355,7 @@ struct se_device *transport_add_device_to_core_hba( +@@ -1233,7 +1233,7 @@ struct se_device *transport_add_device_to_core_hba( spin_lock_init(&dev->se_port_lock); spin_lock_init(&dev->se_tmr_lock); spin_lock_init(&dev->qf_cmd_lock); @@ -37656,7 +37399,7 @@ index 443704f..92d3517 100644 se_dev_set_default_attribs(dev, dev_limits); -@@ -1542,7 +1542,7 @@ static int transport_check_alloc_task_attr(struct se_cmd *cmd) +@@ -1402,7 +1402,7 @@ static int transport_check_alloc_task_attr(struct se_cmd *cmd) * Used to determine when ORDERED commands should go from * Dormant to Active status. */ @@ -37665,42 +37408,94 @@ index 443704f..92d3517 100644 smp_mb__after_atomic_inc(); pr_debug("Allocated se_ordered_id: %u for Task Attr: 0x%02x on %s\n", cmd->se_ordered_id, cmd->sam_task_attr, -@@ -1956,7 +1956,7 @@ void transport_generic_request_failure(struct se_cmd *cmd) - " CMD_T_ACTIVE: %d CMD_T_STOP: %d CMD_T_SENT: %d\n", - cmd->t_task_list_num, - atomic_read(&cmd->t_task_cdbs_left), -- atomic_read(&cmd->t_task_cdbs_sent), -+ atomic_read_unchecked(&cmd->t_task_cdbs_sent), - atomic_read(&cmd->t_task_cdbs_ex_left), - (cmd->transport_state & CMD_T_ACTIVE) != 0, - (cmd->transport_state & CMD_T_STOP) != 0, -@@ -2216,9 +2216,9 @@ check_depth: - cmd = task->task_se_cmd; - spin_lock_irqsave(&cmd->t_state_lock, flags); - task->task_flags |= (TF_ACTIVE | TF_SENT); -- atomic_inc(&cmd->t_task_cdbs_sent); -+ atomic_inc_unchecked(&cmd->t_task_cdbs_sent); - -- if (atomic_read(&cmd->t_task_cdbs_sent) == -+ if (atomic_read_unchecked(&cmd->t_task_cdbs_sent) == - cmd->t_task_list_num) - cmd->transport_state |= CMD_T_SENT; - -diff --git a/drivers/target/tcm_fc/tfc_cmd.c b/drivers/target/tcm_fc/tfc_cmd.c -index a375f25..da90f64 100644 ---- a/drivers/target/tcm_fc/tfc_cmd.c -+++ b/drivers/target/tcm_fc/tfc_cmd.c -@@ -240,6 +240,8 @@ u32 ft_get_task_tag(struct se_cmd *se_cmd) - { - struct ft_cmd *cmd = container_of(se_cmd, struct ft_cmd, se_cmd); - -+ if (cmd->aborted) -+ return ~0; - return fc_seq_exch(cmd->seq)->rxid; - } +diff --git a/drivers/tty/cyclades.c b/drivers/tty/cyclades.c +index e61cabd..7617d26 100644 +--- a/drivers/tty/cyclades.c ++++ b/drivers/tty/cyclades.c +@@ -1589,10 +1589,10 @@ static int cy_open(struct tty_struct *tty, struct file *filp) + printk(KERN_DEBUG "cyc:cy_open ttyC%d, count = %d\n", info->line, + info->port.count); + #endif +- info->port.count++; ++ atomic_inc(&info->port.count); + #ifdef CY_DEBUG_COUNT + printk(KERN_DEBUG "cyc:cy_open (%d): incrementing count to %d\n", +- current->pid, info->port.count); ++ current->pid, atomic_read(&info->port.count)); + #endif + + /* +@@ -3987,7 +3987,7 @@ static int cyclades_proc_show(struct seq_file *m, void *v) + for (j = 0; j < cy_card[i].nports; j++) { + info = &cy_card[i].ports[j]; + +- if (info->port.count) { ++ if (atomic_read(&info->port.count)) { + /* XXX is the ldisc num worth this? */ + struct tty_struct *tty; + struct tty_ldisc *ld; +diff --git a/drivers/tty/hvc/hvc_console.c b/drivers/tty/hvc/hvc_console.c +index 2d691eb..be02ebd 100644 +--- a/drivers/tty/hvc/hvc_console.c ++++ b/drivers/tty/hvc/hvc_console.c +@@ -315,7 +315,7 @@ static int hvc_open(struct tty_struct *tty, struct file * filp) + + spin_lock_irqsave(&hp->port.lock, flags); + /* Check and then increment for fast path open. */ +- if (hp->port.count++ > 0) { ++ if (atomic_inc_return(&hp->port.count) > 1) { + spin_unlock_irqrestore(&hp->port.lock, flags); + hvc_kick(); + return 0; +@@ -366,7 +366,7 @@ static void hvc_close(struct tty_struct *tty, struct file * filp) + + spin_lock_irqsave(&hp->port.lock, flags); + +- if (--hp->port.count == 0) { ++ if (atomic_dec_return(&hp->port.count) == 0) { + spin_unlock_irqrestore(&hp->port.lock, flags); + /* We are done with the tty pointer now. */ + tty_port_tty_set(&hp->port, NULL); +@@ -384,9 +384,9 @@ static void hvc_close(struct tty_struct *tty, struct file * filp) + */ + tty_wait_until_sent_from_close(tty, HVC_CLOSE_WAIT); + } else { +- if (hp->port.count < 0) ++ if (atomic_read(&hp->port.count) < 0) + printk(KERN_ERR "hvc_close %X: oops, count is %d\n", +- hp->vtermno, hp->port.count); ++ hp->vtermno, atomic_read(&hp->port.count)); + spin_unlock_irqrestore(&hp->port.lock, flags); + } + +@@ -412,13 +412,13 @@ static void hvc_hangup(struct tty_struct *tty) + * open->hangup case this can be called after the final close so prevent + * that from happening for now. + */ +- if (hp->port.count <= 0) { ++ if (atomic_read(&hp->port.count) <= 0) { + spin_unlock_irqrestore(&hp->port.lock, flags); + return; + } + +- temp_open_count = hp->port.count; +- hp->port.count = 0; ++ temp_open_count = atomic_read(&hp->port.count); ++ atomic_set(&hp->port.count, 0); + spin_unlock_irqrestore(&hp->port.lock, flags); + tty_port_tty_set(&hp->port, NULL); + +@@ -471,7 +471,7 @@ static int hvc_write(struct tty_struct *tty, const unsigned char *buf, int count + return -EPIPE; + /* FIXME what's this (unprotected) check for? */ +- if (hp->port.count <= 0) ++ if (atomic_read(&hp->port.count) <= 0) + return -EIO; + + spin_lock_irqsave(&hp->lock, flags); diff --git a/drivers/tty/hvc/hvcs.c b/drivers/tty/hvc/hvcs.c -index 3436436..772237b 100644 +index d56788c..12d8f85 100644 --- a/drivers/tty/hvc/hvcs.c +++ b/drivers/tty/hvc/hvcs.c @@ -83,6 +83,7 @@ @@ -37711,102 +37506,93 @@ index 3436436..772237b 100644 /* * 1.3.0 -> 1.3.1 In hvcs_open memset(..,0x00,..) instead of memset(..,0x3F,00). -@@ -270,7 +271,7 @@ struct hvcs_struct { - unsigned int index; - - struct tty_struct *tty; -- int open_count; -+ local_t open_count; - - /* - * Used to tell the driver kernel_thread what operations need to take -@@ -422,7 +423,7 @@ static ssize_t hvcs_vterm_state_store(struct device *dev, struct device_attribut +@@ -416,7 +417,7 @@ static ssize_t hvcs_vterm_state_store(struct device *dev, struct device_attribut spin_lock_irqsave(&hvcsd->lock, flags); -- if (hvcsd->open_count > 0) { -+ if (local_read(&hvcsd->open_count) > 0) { +- if (hvcsd->port.count > 0) { ++ if (atomic_read(&hvcsd->port.count) > 0) { spin_unlock_irqrestore(&hvcsd->lock, flags); printk(KERN_INFO "HVCS: vterm state unchanged. " "The hvcs device node is still in use.\n"); -@@ -1138,7 +1139,7 @@ static int hvcs_open(struct tty_struct *tty, struct file *filp) +@@ -1134,7 +1135,7 @@ static int hvcs_open(struct tty_struct *tty, struct file *filp) if ((retval = hvcs_partner_connect(hvcsd))) goto error_release; -- hvcsd->open_count = 1; -+ local_set(&hvcsd->open_count, 1); - hvcsd->tty = tty; +- hvcsd->port.count = 1; ++ atomic_set(&hvcsd->port.count, 1); + hvcsd->port.tty = tty; tty->driver_data = hvcsd; -@@ -1172,7 +1173,7 @@ fast_open: +@@ -1168,7 +1169,7 @@ fast_open: spin_lock_irqsave(&hvcsd->lock, flags); - kref_get(&hvcsd->kref); -- hvcsd->open_count++; -+ local_inc(&hvcsd->open_count); + tty_port_get(&hvcsd->port); +- hvcsd->port.count++; ++ atomic_inc(&hvcsd->port.count); hvcsd->todo_mask |= HVCS_SCHED_READ; spin_unlock_irqrestore(&hvcsd->lock, flags); -@@ -1216,7 +1217,7 @@ static void hvcs_close(struct tty_struct *tty, struct file *filp) +@@ -1212,7 +1213,7 @@ static void hvcs_close(struct tty_struct *tty, struct file *filp) hvcsd = tty->driver_data; spin_lock_irqsave(&hvcsd->lock, flags); -- if (--hvcsd->open_count == 0) { -+ if (local_dec_and_test(&hvcsd->open_count)) { +- if (--hvcsd->port.count == 0) { ++ if (atomic_dec_and_test(&hvcsd->port.count)) { vio_disable_interrupts(hvcsd->vdev); -@@ -1242,10 +1243,10 @@ static void hvcs_close(struct tty_struct *tty, struct file *filp) +@@ -1238,10 +1239,10 @@ static void hvcs_close(struct tty_struct *tty, struct file *filp) free_irq(irq, hvcsd); - kref_put(&hvcsd->kref, destroy_hvcs_struct); + tty_port_put(&hvcsd->port); return; -- } else if (hvcsd->open_count < 0) { -+ } else if (local_read(&hvcsd->open_count) < 0) { +- } else if (hvcsd->port.count < 0) { ++ } else if (atomic_read(&hvcsd->port.count) < 0) { printk(KERN_ERR "HVCS: vty-server@%X open_count: %d" " is missmanaged.\n", -- hvcsd->vdev->unit_address, hvcsd->open_count); -+ hvcsd->vdev->unit_address, local_read(&hvcsd->open_count)); +- hvcsd->vdev->unit_address, hvcsd->port.count); ++ hvcsd->vdev->unit_address, atomic_read(&hvcsd->port.count)); } spin_unlock_irqrestore(&hvcsd->lock, flags); -@@ -1261,7 +1262,7 @@ static void hvcs_hangup(struct tty_struct * tty) +@@ -1257,7 +1258,7 @@ static void hvcs_hangup(struct tty_struct * tty) spin_lock_irqsave(&hvcsd->lock, flags); /* Preserve this so that we know how many kref refs to put */ -- temp_open_count = hvcsd->open_count; -+ temp_open_count = local_read(&hvcsd->open_count); +- temp_open_count = hvcsd->port.count; ++ temp_open_count = atomic_read(&hvcsd->port.count); /* * Don't kref put inside the spinlock because the destruction -@@ -1276,7 +1277,7 @@ static void hvcs_hangup(struct tty_struct * tty) - hvcsd->tty->driver_data = NULL; - hvcsd->tty = NULL; +@@ -1272,7 +1273,7 @@ static void hvcs_hangup(struct tty_struct * tty) + tty->driver_data = NULL; + hvcsd->port.tty = NULL; -- hvcsd->open_count = 0; -+ local_set(&hvcsd->open_count, 0); +- hvcsd->port.count = 0; ++ atomic_set(&hvcsd->port.count, 0); /* This will drop any buffered data on the floor which is OK in a hangup * scenario. */ -@@ -1347,7 +1348,7 @@ static int hvcs_write(struct tty_struct *tty, +@@ -1343,7 +1344,7 @@ static int hvcs_write(struct tty_struct *tty, * the middle of a write operation? This is a crummy place to do this * but we want to keep it all in the spinlock. */ -- if (hvcsd->open_count <= 0) { -+ if (local_read(&hvcsd->open_count) <= 0) { +- if (hvcsd->port.count <= 0) { ++ if (atomic_read(&hvcsd->port.count) <= 0) { spin_unlock_irqrestore(&hvcsd->lock, flags); return -ENODEV; } -@@ -1421,7 +1422,7 @@ static int hvcs_write_room(struct tty_struct *tty) +@@ -1417,7 +1418,7 @@ static int hvcs_write_room(struct tty_struct *tty) { struct hvcs_struct *hvcsd = tty->driver_data; -- if (!hvcsd || hvcsd->open_count <= 0) -+ if (!hvcsd || local_read(&hvcsd->open_count) <= 0) +- if (!hvcsd || hvcsd->port.count <= 0) ++ if (!hvcsd || atomic_read(&hvcsd->port.count) <= 0) return 0; return HVCS_BUFF_LEN - hvcsd->chars_in_buffer; diff --git a/drivers/tty/ipwireless/tty.c b/drivers/tty/ipwireless/tty.c -index 4daf962..b4a2281 100644 +index f8b5fa0..4ba9f89 100644 --- a/drivers/tty/ipwireless/tty.c +++ b/drivers/tty/ipwireless/tty.c @@ -29,6 +29,7 @@ @@ -37817,122 +37603,126 @@ index 4daf962..b4a2281 100644 #include "tty.h" #include "network.h" -@@ -51,7 +52,7 @@ struct ipw_tty { - int tty_type; - struct ipw_network *network; - struct tty_struct *linux_tty; -- int open_count; -+ local_t open_count; - unsigned int control_lines; - struct mutex ipw_tty_mutex; - int tx_bytes_queued; -@@ -117,10 +118,10 @@ static int ipw_open(struct tty_struct *linux_tty, struct file *filp) +@@ -99,10 +100,10 @@ static int ipw_open(struct tty_struct *linux_tty, struct file *filp) mutex_unlock(&tty->ipw_tty_mutex); return -ENODEV; } -- if (tty->open_count == 0) -+ if (local_read(&tty->open_count) == 0) +- if (tty->port.count == 0) ++ if (atomic_read(&tty->port.count) == 0) tty->tx_bytes_queued = 0; -- tty->open_count++; -+ local_inc(&tty->open_count); +- tty->port.count++; ++ atomic_inc(&tty->port.count); - tty->linux_tty = linux_tty; + tty->port.tty = linux_tty; linux_tty->driver_data = tty; -@@ -136,9 +137,7 @@ static int ipw_open(struct tty_struct *linux_tty, struct file *filp) +@@ -118,9 +119,7 @@ static int ipw_open(struct tty_struct *linux_tty, struct file *filp) static void do_ipw_close(struct ipw_tty *tty) { -- tty->open_count--; +- tty->port.count--; - -- if (tty->open_count == 0) { -+ if (local_dec_return(&tty->open_count) == 0) { - struct tty_struct *linux_tty = tty->linux_tty; +- if (tty->port.count == 0) { ++ if (atomic_dec_return(&tty->port.count) == 0) { + struct tty_struct *linux_tty = tty->port.tty; if (linux_tty != NULL) { -@@ -159,7 +158,7 @@ static void ipw_hangup(struct tty_struct *linux_tty) +@@ -141,7 +140,7 @@ static void ipw_hangup(struct tty_struct *linux_tty) return; mutex_lock(&tty->ipw_tty_mutex); -- if (tty->open_count == 0) { -+ if (local_read(&tty->open_count) == 0) { +- if (tty->port.count == 0) { ++ if (atomic_read(&tty->port.count) == 0) { mutex_unlock(&tty->ipw_tty_mutex); return; } -@@ -188,7 +187,7 @@ void ipwireless_tty_received(struct ipw_tty *tty, unsigned char *data, +@@ -170,7 +169,7 @@ void ipwireless_tty_received(struct ipw_tty *tty, unsigned char *data, return; } -- if (!tty->open_count) { -+ if (!local_read(&tty->open_count)) { +- if (!tty->port.count) { ++ if (!atomic_read(&tty->port.count)) { mutex_unlock(&tty->ipw_tty_mutex); return; } -@@ -230,7 +229,7 @@ static int ipw_write(struct tty_struct *linux_tty, +@@ -212,7 +211,7 @@ static int ipw_write(struct tty_struct *linux_tty, return -ENODEV; mutex_lock(&tty->ipw_tty_mutex); -- if (!tty->open_count) { -+ if (!local_read(&tty->open_count)) { +- if (!tty->port.count) { ++ if (!atomic_read(&tty->port.count)) { mutex_unlock(&tty->ipw_tty_mutex); return -EINVAL; } -@@ -270,7 +269,7 @@ static int ipw_write_room(struct tty_struct *linux_tty) +@@ -252,7 +251,7 @@ static int ipw_write_room(struct tty_struct *linux_tty) if (!tty) return -ENODEV; -- if (!tty->open_count) -+ if (!local_read(&tty->open_count)) +- if (!tty->port.count) ++ if (!atomic_read(&tty->port.count)) return -EINVAL; room = IPWIRELESS_TX_QUEUE_SIZE - tty->tx_bytes_queued; -@@ -312,7 +311,7 @@ static int ipw_chars_in_buffer(struct tty_struct *linux_tty) +@@ -294,7 +293,7 @@ static int ipw_chars_in_buffer(struct tty_struct *linux_tty) if (!tty) return 0; -- if (!tty->open_count) -+ if (!local_read(&tty->open_count)) +- if (!tty->port.count) ++ if (!atomic_read(&tty->port.count)) return 0; return tty->tx_bytes_queued; -@@ -393,7 +392,7 @@ static int ipw_tiocmget(struct tty_struct *linux_tty) +@@ -375,7 +374,7 @@ static int ipw_tiocmget(struct tty_struct *linux_tty) if (!tty) return -ENODEV; -- if (!tty->open_count) -+ if (!local_read(&tty->open_count)) +- if (!tty->port.count) ++ if (!atomic_read(&tty->port.count)) return -EINVAL; return get_control_lines(tty); -@@ -409,7 +408,7 @@ ipw_tiocmset(struct tty_struct *linux_tty, +@@ -391,7 +390,7 @@ ipw_tiocmset(struct tty_struct *linux_tty, if (!tty) return -ENODEV; -- if (!tty->open_count) -+ if (!local_read(&tty->open_count)) +- if (!tty->port.count) ++ if (!atomic_read(&tty->port.count)) return -EINVAL; return set_control_lines(tty, set, clear); -@@ -423,7 +422,7 @@ static int ipw_ioctl(struct tty_struct *linux_tty, +@@ -405,7 +404,7 @@ static int ipw_ioctl(struct tty_struct *linux_tty, if (!tty) return -ENODEV; -- if (!tty->open_count) -+ if (!local_read(&tty->open_count)) +- if (!tty->port.count) ++ if (!atomic_read(&tty->port.count)) return -EINVAL; /* FIXME: Exactly how is the tty object locked here .. */ -@@ -572,7 +571,7 @@ void ipwireless_tty_free(struct ipw_tty *tty) - against a parallel ioctl etc */ +@@ -561,7 +560,7 @@ void ipwireless_tty_free(struct ipw_tty *tty) + * are gone */ mutex_lock(&ttyj->ipw_tty_mutex); } -- while (ttyj->open_count) -+ while (local_read(&ttyj->open_count)) +- while (ttyj->port.count) ++ while (atomic_read(&ttyj->port.count)) do_ipw_close(ttyj); ipwireless_disassociate_network_ttys(network, ttyj->channel_idx); +diff --git a/drivers/tty/moxa.c b/drivers/tty/moxa.c +index 324467d..504cc25 100644 +--- a/drivers/tty/moxa.c ++++ b/drivers/tty/moxa.c +@@ -1172,7 +1172,7 @@ static int moxa_open(struct tty_struct *tty, struct file *filp) + } + + ch = &brd->ports[port % MAX_PORTS_PER_BOARD]; +- ch->port.count++; ++ atomic_inc(&ch->port.count); + tty->driver_data = ch; + tty_port_tty_set(&ch->port, tty); + mutex_lock(&ch->port.mutex); diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c -index c43b683..0a88f1c 100644 +index c43b683..4dab83e 100644 --- a/drivers/tty/n_gsm.c +++ b/drivers/tty/n_gsm.c @@ -1629,7 +1629,7 @@ static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr) @@ -37944,11 +37734,20 @@ index c43b683..0a88f1c 100644 kfree(dlci); return NULL; } +@@ -2895,7 +2895,7 @@ static int gsmtty_open(struct tty_struct *tty, struct file *filp) + if (dlci == NULL) + return -ENOMEM; + port = &dlci->port; +- port->count++; ++ atomic_inc(&port->count); + tty->driver_data = dlci; + dlci_get(dlci); + dlci_get(dlci->gsm->dlci[0]); diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c -index 94b6eda..15f7cec 100644 +index ee1c268..0e97caf 100644 --- a/drivers/tty/n_tty.c +++ b/drivers/tty/n_tty.c -@@ -2122,6 +2122,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops) +@@ -2123,6 +2123,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops) { *ops = tty_ldisc_N_TTY; ops->owner = NULL; @@ -37958,10 +37757,10 @@ index 94b6eda..15f7cec 100644 } EXPORT_SYMBOL_GPL(n_tty_inherit_ops); diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c -index eeae7fa..177a743 100644 +index 5505ffc..7affff9 100644 --- a/drivers/tty/pty.c +++ b/drivers/tty/pty.c -@@ -707,8 +707,10 @@ static void __init unix98_pty_init(void) +@@ -718,8 +718,10 @@ static void __init unix98_pty_init(void) panic("Couldn't register Unix98 pts driver"); /* Now create the /dev/ptmx special device */ @@ -37973,6 +37772,37 @@ index eeae7fa..177a743 100644 cdev_init(&ptmx_cdev, &ptmx_fops); if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) || +diff --git a/drivers/tty/rocket.c b/drivers/tty/rocket.c +index 777d5f9..56d67ca 100644 +--- a/drivers/tty/rocket.c ++++ b/drivers/tty/rocket.c +@@ -924,7 +924,7 @@ static int rp_open(struct tty_struct *tty, struct file *filp) + tty->driver_data = info; + tty_port_tty_set(port, tty); + +- if (port->count++ == 0) { ++ if (atomic_inc_return(&port->count) == 1) { + atomic_inc(&rp_num_ports_open); + + #ifdef ROCKET_DEBUG_OPEN +@@ -933,7 +933,7 @@ static int rp_open(struct tty_struct *tty, struct file *filp) + #endif + } + #ifdef ROCKET_DEBUG_OPEN +- printk(KERN_INFO "rp_open ttyR%d, count=%d\n", info->line, info->port.count); ++ printk(KERN_INFO "rp_open ttyR%d, count=%d\n", info->line, atomic-read(&info->port.count)); + #endif + + /* +@@ -1528,7 +1528,7 @@ static void rp_hangup(struct tty_struct *tty) + spin_unlock_irqrestore(&info->port.lock, flags); + return; + } +- if (info->port.count) ++ if (atomic_read(&info->port.count)) + atomic_dec(&rp_num_ports_open); + clear_bit((info->aiop * 8) + info->chan, (void *) &xmit_flags[info->board]); + spin_unlock_irqrestore(&info->port.lock, flags); diff --git a/drivers/tty/serial/kgdboc.c b/drivers/tty/serial/kgdboc.c index 2b42a01..32a2ed3 100644 --- a/drivers/tty/serial/kgdboc.c @@ -38075,6 +37905,435 @@ index 2b42a01..32a2ed3 100644 #ifdef CONFIG_KGDB_SERIAL_CONSOLE /* This is only available if kgdboc is a built in for early debugging */ static int __init kgdboc_early_init(char *opt) +diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c +index 246b823..9e0db76 100644 +--- a/drivers/tty/serial/serial_core.c ++++ b/drivers/tty/serial/serial_core.c +@@ -1392,7 +1392,7 @@ static void uart_hangup(struct tty_struct *tty) + uart_flush_buffer(tty); + uart_shutdown(tty, state); + spin_lock_irqsave(&port->lock, flags); +- port->count = 0; ++ atomic_set(&port->count, 0); + clear_bit(ASYNCB_NORMAL_ACTIVE, &port->flags); + spin_unlock_irqrestore(&port->lock, flags); + tty_port_tty_set(port, NULL); +@@ -1488,7 +1488,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp) + goto end; + } + +- port->count++; ++ atomic_inc(&port->count); + if (!state->uart_port || state->uart_port->flags & UPF_DEAD) { + retval = -ENXIO; + goto err_dec_count; +@@ -1515,7 +1515,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp) + /* + * Make sure the device is in D0 state. + */ +- if (port->count == 1) ++ if (atomic_read(&port->count) == 1) + uart_change_pm(state, 0); + + /* +@@ -1533,7 +1533,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp) + end: + return retval; + err_dec_count: +- port->count--; ++ atomic_inc(&port->count); + mutex_unlock(&port->mutex); + goto end; + } +diff --git a/drivers/tty/synclink.c b/drivers/tty/synclink.c +index 593d40a..bdc61f3 100644 +--- a/drivers/tty/synclink.c ++++ b/drivers/tty/synclink.c +@@ -3095,7 +3095,7 @@ static void mgsl_close(struct tty_struct *tty, struct file * filp) + + if (debug_level >= DEBUG_LEVEL_INFO) + printk("%s(%d):mgsl_close(%s) entry, count=%d\n", +- __FILE__,__LINE__, info->device_name, info->port.count); ++ __FILE__,__LINE__, info->device_name, atomic_read(&info->port.count)); + + if (tty_port_close_start(&info->port, tty, filp) == 0) + goto cleanup; +@@ -3113,7 +3113,7 @@ static void mgsl_close(struct tty_struct *tty, struct file * filp) + cleanup: + if (debug_level >= DEBUG_LEVEL_INFO) + printk("%s(%d):mgsl_close(%s) exit, count=%d\n", __FILE__,__LINE__, +- tty->driver->name, info->port.count); ++ tty->driver->name, atomic_read(&info->port.count)); + + } /* end of mgsl_close() */ + +@@ -3212,8 +3212,8 @@ static void mgsl_hangup(struct tty_struct *tty) + + mgsl_flush_buffer(tty); + shutdown(info); +- +- info->port.count = 0; ++ ++ atomic_set(&info->port.count, 0); + info->port.flags &= ~ASYNC_NORMAL_ACTIVE; + info->port.tty = NULL; + +@@ -3302,12 +3302,12 @@ static int block_til_ready(struct tty_struct *tty, struct file * filp, + + if (debug_level >= DEBUG_LEVEL_INFO) + printk("%s(%d):block_til_ready before block on %s count=%d\n", +- __FILE__,__LINE__, tty->driver->name, port->count ); ++ __FILE__,__LINE__, tty->driver->name, atomic_read(&port->count)); + + spin_lock_irqsave(&info->irq_spinlock, flags); + if (!tty_hung_up_p(filp)) { + extra_count = true; +- port->count--; ++ atomic_dec(&port->count); + } + spin_unlock_irqrestore(&info->irq_spinlock, flags); + port->blocked_open++; +@@ -3336,7 +3336,7 @@ static int block_til_ready(struct tty_struct *tty, struct file * filp, + + if (debug_level >= DEBUG_LEVEL_INFO) + printk("%s(%d):block_til_ready blocking on %s count=%d\n", +- __FILE__,__LINE__, tty->driver->name, port->count ); ++ __FILE__,__LINE__, tty->driver->name, atomic_read(&port->count)); + + tty_unlock(); + schedule(); +@@ -3348,12 +3348,12 @@ static int block_til_ready(struct tty_struct *tty, struct file * filp, + + /* FIXME: Racy on hangup during close wait */ + if (extra_count) +- port->count++; ++ atomic_inc(&port->count); + port->blocked_open--; + + if (debug_level >= DEBUG_LEVEL_INFO) + printk("%s(%d):block_til_ready after blocking on %s count=%d\n", +- __FILE__,__LINE__, tty->driver->name, port->count ); ++ __FILE__,__LINE__, tty->driver->name, atomic_read(&port->count)); + + if (!retval) + port->flags |= ASYNC_NORMAL_ACTIVE; +@@ -3398,7 +3398,7 @@ static int mgsl_open(struct tty_struct *tty, struct file * filp) + + if (debug_level >= DEBUG_LEVEL_INFO) + printk("%s(%d):mgsl_open(%s), old ref count = %d\n", +- __FILE__,__LINE__,tty->driver->name, info->port.count); ++ __FILE__,__LINE__,tty->driver->name, atomic_read(&info->port.count)); + + /* If port is closing, signal caller to try again */ + if (tty_hung_up_p(filp) || info->port.flags & ASYNC_CLOSING){ +@@ -3417,10 +3417,10 @@ static int mgsl_open(struct tty_struct *tty, struct file * filp) + spin_unlock_irqrestore(&info->netlock, flags); + goto cleanup; + } +- info->port.count++; ++ atomic_inc(&info->port.count); + spin_unlock_irqrestore(&info->netlock, flags); + +- if (info->port.count == 1) { ++ if (atomic_read(&info->port.count) == 1) { + /* 1st open on this device, init hardware */ + retval = startup(info); + if (retval < 0) +@@ -3444,8 +3444,8 @@ cleanup: + if (retval) { + if (tty->count == 1) + info->port.tty = NULL; /* tty layer will release tty struct */ +- if(info->port.count) +- info->port.count--; ++ if (atomic_read(&info->port.count)) ++ atomic_dec(&info->port.count); + } + + return retval; +@@ -7653,7 +7653,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding, + unsigned short new_crctype; + + /* return error if TTY interface open */ +- if (info->port.count) ++ if (atomic_read(&info->port.count)) + return -EBUSY; + + switch (encoding) +@@ -7748,7 +7748,7 @@ static int hdlcdev_open(struct net_device *dev) + + /* arbitrate between network and tty opens */ + spin_lock_irqsave(&info->netlock, flags); +- if (info->port.count != 0 || info->netcount != 0) { ++ if (atomic_read(&info->port.count) != 0 || info->netcount != 0) { + printk(KERN_WARNING "%s: hdlc_open returning busy\n", dev->name); + spin_unlock_irqrestore(&info->netlock, flags); + return -EBUSY; +@@ -7834,7 +7834,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) + printk("%s:hdlcdev_ioctl(%s)\n",__FILE__,dev->name); + + /* return error if TTY interface open */ +- if (info->port.count) ++ if (atomic_read(&info->port.count)) + return -EBUSY; + + if (cmd != SIOCWANDEV) +diff --git a/drivers/tty/synclink_gt.c b/drivers/tty/synclink_gt.c +index aa1debf..9297a16 100644 +--- a/drivers/tty/synclink_gt.c ++++ b/drivers/tty/synclink_gt.c +@@ -671,7 +671,7 @@ static int open(struct tty_struct *tty, struct file *filp) + tty->driver_data = info; + info->port.tty = tty; + +- DBGINFO(("%s open, old ref count = %d\n", info->device_name, info->port.count)); ++ DBGINFO(("%s open, old ref count = %d\n", info->device_name, atomic_read(&info->port.count))); + + /* If port is closing, signal caller to try again */ + if (tty_hung_up_p(filp) || info->port.flags & ASYNC_CLOSING){ +@@ -692,10 +692,10 @@ static int open(struct tty_struct *tty, struct file *filp) + mutex_unlock(&info->port.mutex); + goto cleanup; + } +- info->port.count++; ++ atomic_inc(&info->port.count); + spin_unlock_irqrestore(&info->netlock, flags); + +- if (info->port.count == 1) { ++ if (atomic_read(&info->port.count) == 1) { + /* 1st open on this device, init hardware */ + retval = startup(info); + if (retval < 0) { +@@ -716,8 +716,8 @@ cleanup: + if (retval) { + if (tty->count == 1) + info->port.tty = NULL; /* tty layer will release tty struct */ +- if(info->port.count) +- info->port.count--; ++ if(atomic_read(&info->port.count)) ++ atomic_dec(&info->port.count); + } + + DBGINFO(("%s open rc=%d\n", info->device_name, retval)); +@@ -730,7 +730,7 @@ static void close(struct tty_struct *tty, struct file *filp) + + if (sanity_check(info, tty->name, "close")) + return; +- DBGINFO(("%s close entry, count=%d\n", info->device_name, info->port.count)); ++ DBGINFO(("%s close entry, count=%d\n", info->device_name, atomic_read(&info->port.count))); + + if (tty_port_close_start(&info->port, tty, filp) == 0) + goto cleanup; +@@ -747,7 +747,7 @@ static void close(struct tty_struct *tty, struct file *filp) + tty_port_close_end(&info->port, tty); + info->port.tty = NULL; + cleanup: +- DBGINFO(("%s close exit, count=%d\n", tty->driver->name, info->port.count)); ++ DBGINFO(("%s close exit, count=%d\n", tty->driver->name, atomic_read(&info->port.count))); + } + + static void hangup(struct tty_struct *tty) +@@ -765,7 +765,7 @@ static void hangup(struct tty_struct *tty) + shutdown(info); + + spin_lock_irqsave(&info->port.lock, flags); +- info->port.count = 0; ++ atomic_set(&info->port.count, 0); + info->port.flags &= ~ASYNC_NORMAL_ACTIVE; + info->port.tty = NULL; + spin_unlock_irqrestore(&info->port.lock, flags); +@@ -1450,7 +1450,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding, + unsigned short new_crctype; + + /* return error if TTY interface open */ +- if (info->port.count) ++ if (atomic_read(&info->port.count)) + return -EBUSY; + + DBGINFO(("%s hdlcdev_attach\n", info->device_name)); +@@ -1545,7 +1545,7 @@ static int hdlcdev_open(struct net_device *dev) + + /* arbitrate between network and tty opens */ + spin_lock_irqsave(&info->netlock, flags); +- if (info->port.count != 0 || info->netcount != 0) { ++ if (atomic_read(&info->port.count) != 0 || info->netcount != 0) { + DBGINFO(("%s hdlc_open busy\n", dev->name)); + spin_unlock_irqrestore(&info->netlock, flags); + return -EBUSY; +@@ -1630,7 +1630,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) + DBGINFO(("%s hdlcdev_ioctl\n", dev->name)); + + /* return error if TTY interface open */ +- if (info->port.count) ++ if (atomic_read(&info->port.count)) + return -EBUSY; + + if (cmd != SIOCWANDEV) +@@ -2419,7 +2419,7 @@ static irqreturn_t slgt_interrupt(int dummy, void *dev_id) + if (port == NULL) + continue; + spin_lock(&port->lock); +- if ((port->port.count || port->netcount) && ++ if ((atomic_read(&port->port.count) || port->netcount) && + port->pending_bh && !port->bh_running && + !port->bh_requested) { + DBGISR(("%s bh queued\n", port->device_name)); +@@ -3308,7 +3308,7 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp, + spin_lock_irqsave(&info->lock, flags); + if (!tty_hung_up_p(filp)) { + extra_count = true; +- port->count--; ++ atomic_dec(&port->count); + } + spin_unlock_irqrestore(&info->lock, flags); + port->blocked_open++; +@@ -3345,7 +3345,7 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp, + remove_wait_queue(&port->open_wait, &wait); + + if (extra_count) +- port->count++; ++ atomic_inc(&port->count); + port->blocked_open--; + + if (!retval) +diff --git a/drivers/tty/synclinkmp.c b/drivers/tty/synclinkmp.c +index a3dddc1..8905ab2 100644 +--- a/drivers/tty/synclinkmp.c ++++ b/drivers/tty/synclinkmp.c +@@ -742,7 +742,7 @@ static int open(struct tty_struct *tty, struct file *filp) + + if (debug_level >= DEBUG_LEVEL_INFO) + printk("%s(%d):%s open(), old ref count = %d\n", +- __FILE__,__LINE__,tty->driver->name, info->port.count); ++ __FILE__,__LINE__,tty->driver->name, atomic_read(&info->port.count)); + + /* If port is closing, signal caller to try again */ + if (tty_hung_up_p(filp) || info->port.flags & ASYNC_CLOSING){ +@@ -761,10 +761,10 @@ static int open(struct tty_struct *tty, struct file *filp) + spin_unlock_irqrestore(&info->netlock, flags); + goto cleanup; + } +- info->port.count++; ++ atomic_inc(&info->port.count); + spin_unlock_irqrestore(&info->netlock, flags); + +- if (info->port.count == 1) { ++ if (atomic_read(&info->port.count) == 1) { + /* 1st open on this device, init hardware */ + retval = startup(info); + if (retval < 0) +@@ -788,8 +788,8 @@ cleanup: + if (retval) { + if (tty->count == 1) + info->port.tty = NULL; /* tty layer will release tty struct */ +- if(info->port.count) +- info->port.count--; ++ if(atomic_read(&info->port.count)) ++ atomic_dec(&info->port.count); + } + + return retval; +@@ -807,7 +807,7 @@ static void close(struct tty_struct *tty, struct file *filp) + + if (debug_level >= DEBUG_LEVEL_INFO) + printk("%s(%d):%s close() entry, count=%d\n", +- __FILE__,__LINE__, info->device_name, info->port.count); ++ __FILE__,__LINE__, info->device_name, atomic_read(&info->port.count)); + + if (tty_port_close_start(&info->port, tty, filp) == 0) + goto cleanup; +@@ -826,7 +826,7 @@ static void close(struct tty_struct *tty, struct file *filp) + cleanup: + if (debug_level >= DEBUG_LEVEL_INFO) + printk("%s(%d):%s close() exit, count=%d\n", __FILE__,__LINE__, +- tty->driver->name, info->port.count); ++ tty->driver->name, atomic_read(&info->port.count)); + } + + /* Called by tty_hangup() when a hangup is signaled. +@@ -849,7 +849,7 @@ static void hangup(struct tty_struct *tty) + shutdown(info); + + spin_lock_irqsave(&info->port.lock, flags); +- info->port.count = 0; ++ atomic_set(&info->port.count, 0); + info->port.flags &= ~ASYNC_NORMAL_ACTIVE; + info->port.tty = NULL; + spin_unlock_irqrestore(&info->port.lock, flags); +@@ -1557,7 +1557,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding, + unsigned short new_crctype; + + /* return error if TTY interface open */ +- if (info->port.count) ++ if (atomic_read(&info->port.count)) + return -EBUSY; + + switch (encoding) +@@ -1652,7 +1652,7 @@ static int hdlcdev_open(struct net_device *dev) + + /* arbitrate between network and tty opens */ + spin_lock_irqsave(&info->netlock, flags); +- if (info->port.count != 0 || info->netcount != 0) { ++ if (atomic_read(&info->port.count) != 0 || info->netcount != 0) { + printk(KERN_WARNING "%s: hdlc_open returning busy\n", dev->name); + spin_unlock_irqrestore(&info->netlock, flags); + return -EBUSY; +@@ -1738,7 +1738,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) + printk("%s:hdlcdev_ioctl(%s)\n",__FILE__,dev->name); + + /* return error if TTY interface open */ +- if (info->port.count) ++ if (atomic_read(&info->port.count)) + return -EBUSY; + + if (cmd != SIOCWANDEV) +@@ -2623,7 +2623,7 @@ static irqreturn_t synclinkmp_interrupt(int dummy, void *dev_id) + * do not request bottom half processing if the + * device is not open in a normal mode. + */ +- if ( port && (port->port.count || port->netcount) && ++ if ( port && (atomic_read(&port->port.count) || port->netcount) && + port->pending_bh && !port->bh_running && + !port->bh_requested ) { + if ( debug_level >= DEBUG_LEVEL_ISR ) +@@ -3321,12 +3321,12 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp, + + if (debug_level >= DEBUG_LEVEL_INFO) + printk("%s(%d):%s block_til_ready() before block, count=%d\n", +- __FILE__,__LINE__, tty->driver->name, port->count ); ++ __FILE__,__LINE__, tty->driver->name, atomic_read(&port->count)); + + spin_lock_irqsave(&info->lock, flags); + if (!tty_hung_up_p(filp)) { + extra_count = true; +- port->count--; ++ atomic_dec(&port->count); + } + spin_unlock_irqrestore(&info->lock, flags); + port->blocked_open++; +@@ -3355,7 +3355,7 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp, + + if (debug_level >= DEBUG_LEVEL_INFO) + printk("%s(%d):%s block_til_ready() count=%d\n", +- __FILE__,__LINE__, tty->driver->name, port->count ); ++ __FILE__,__LINE__, tty->driver->name, atomic_read(&port->count)); + + tty_unlock(); + schedule(); +@@ -3366,12 +3366,12 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp, + remove_wait_queue(&port->open_wait, &wait); + + if (extra_count) +- port->count++; ++ atomic_inc(&port->count); + port->blocked_open--; + + if (debug_level >= DEBUG_LEVEL_INFO) + printk("%s(%d):%s block_til_ready() after, count=%d\n", +- __FILE__,__LINE__, tty->driver->name, port->count ); ++ __FILE__,__LINE__, tty->driver->name, atomic_read(&port->count)); + + if (!retval) + port->flags |= ASYNC_NORMAL_ACTIVE; diff --git a/drivers/tty/sysrq.c b/drivers/tty/sysrq.c index 05728894..b9d44c6 100644 --- a/drivers/tty/sysrq.c @@ -38089,10 +38348,10 @@ index 05728894..b9d44c6 100644 if (get_user(c, buf)) diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c -index d939bd7..33d92cd 100644 +index b425c79..08a3f06 100644 --- a/drivers/tty/tty_io.c +++ b/drivers/tty/tty_io.c -@@ -3278,7 +3278,7 @@ EXPORT_SYMBOL_GPL(get_current_tty); +@@ -3283,7 +3283,7 @@ EXPORT_SYMBOL_GPL(get_current_tty); void tty_default_fops(struct file_operations *fops) { @@ -38102,10 +38361,10 @@ index d939bd7..33d92cd 100644 /* diff --git a/drivers/tty/tty_ldisc.c b/drivers/tty/tty_ldisc.c -index 24b95db..9c078d0 100644 +index 9911eb6..5abe0e1 100644 --- a/drivers/tty/tty_ldisc.c +++ b/drivers/tty/tty_ldisc.c -@@ -57,7 +57,7 @@ static void put_ldisc(struct tty_ldisc *ld) +@@ -56,7 +56,7 @@ static void put_ldisc(struct tty_ldisc *ld) if (atomic_dec_and_lock(&ld->users, &tty_ldisc_lock)) { struct tty_ldisc_ops *ldo = ld->ops; @@ -38114,7 +38373,7 @@ index 24b95db..9c078d0 100644 module_put(ldo->owner); spin_unlock_irqrestore(&tty_ldisc_lock, flags); -@@ -92,7 +92,7 @@ int tty_register_ldisc(int disc, struct tty_ldisc_ops *new_ldisc) +@@ -91,7 +91,7 @@ int tty_register_ldisc(int disc, struct tty_ldisc_ops *new_ldisc) spin_lock_irqsave(&tty_ldisc_lock, flags); tty_ldiscs[disc] = new_ldisc; new_ldisc->num = disc; @@ -38123,7 +38382,7 @@ index 24b95db..9c078d0 100644 spin_unlock_irqrestore(&tty_ldisc_lock, flags); return ret; -@@ -120,7 +120,7 @@ int tty_unregister_ldisc(int disc) +@@ -119,7 +119,7 @@ int tty_unregister_ldisc(int disc) return -EINVAL; spin_lock_irqsave(&tty_ldisc_lock, flags); @@ -38132,7 +38391,7 @@ index 24b95db..9c078d0 100644 ret = -EBUSY; else tty_ldiscs[disc] = NULL; -@@ -141,7 +141,7 @@ static struct tty_ldisc_ops *get_ldops(int disc) +@@ -140,7 +140,7 @@ static struct tty_ldisc_ops *get_ldops(int disc) if (ldops) { ret = ERR_PTR(-EAGAIN); if (try_module_get(ldops->owner)) { @@ -38141,7 +38400,7 @@ index 24b95db..9c078d0 100644 ret = ldops; } } -@@ -154,7 +154,7 @@ static void put_ldops(struct tty_ldisc_ops *ldops) +@@ -153,7 +153,7 @@ static void put_ldops(struct tty_ldisc_ops *ldops) unsigned long flags; spin_lock_irqsave(&tty_ldisc_lock, flags); @@ -38150,11 +38409,78 @@ index 24b95db..9c078d0 100644 module_put(ldops->owner); spin_unlock_irqrestore(&tty_ldisc_lock, flags); } +diff --git a/drivers/tty/tty_port.c b/drivers/tty/tty_port.c +index bf6e238..d401c04 100644 +--- a/drivers/tty/tty_port.c ++++ b/drivers/tty/tty_port.c +@@ -138,7 +138,7 @@ void tty_port_hangup(struct tty_port *port) + unsigned long flags; + + spin_lock_irqsave(&port->lock, flags); +- port->count = 0; ++ atomic_set(&port->count, 0); + port->flags &= ~ASYNC_NORMAL_ACTIVE; + if (port->tty) { + set_bit(TTY_IO_ERROR, &port->tty->flags); +@@ -264,7 +264,7 @@ int tty_port_block_til_ready(struct tty_port *port, + /* The port lock protects the port counts */ + spin_lock_irqsave(&port->lock, flags); + if (!tty_hung_up_p(filp)) +- port->count--; ++ atomic_dec(&port->count); + port->blocked_open++; + spin_unlock_irqrestore(&port->lock, flags); + +@@ -306,7 +306,7 @@ int tty_port_block_til_ready(struct tty_port *port, + we must not mess that up further */ + spin_lock_irqsave(&port->lock, flags); + if (!tty_hung_up_p(filp)) +- port->count++; ++ atomic_inc(&port->count); + port->blocked_open--; + if (retval == 0) + port->flags |= ASYNC_NORMAL_ACTIVE; +@@ -326,19 +326,19 @@ int tty_port_close_start(struct tty_port *port, + return 0; + } + +- if (tty->count == 1 && port->count != 1) { ++ if (tty->count == 1 && atomic_read(&port->count) != 1) { + printk(KERN_WARNING + "tty_port_close_start: tty->count = 1 port count = %d.\n", +- port->count); +- port->count = 1; ++ atomic_read(&port->count)); ++ atomic_set(&port->count, 1); + } +- if (--port->count < 0) { ++ if (atomic_dec_return(&port->count) < 0) { + printk(KERN_WARNING "tty_port_close_start: count = %d\n", +- port->count); +- port->count = 0; ++ atomic_read(&port->count)); ++ atomic_set(&port->count, 0); + } + +- if (port->count) { ++ if (atomic_read(&port->count)) { + spin_unlock_irqrestore(&port->lock, flags); + if (port->ops->drop) + port->ops->drop(port); +@@ -418,7 +418,7 @@ int tty_port_open(struct tty_port *port, struct tty_struct *tty, + { + spin_lock_irq(&port->lock); + if (!tty_hung_up_p(filp)) +- ++port->count; ++ atomic_inc(&port->count); + spin_unlock_irq(&port->lock); + tty_port_tty_set(port, tty); + diff --git a/drivers/tty/vt/keyboard.c b/drivers/tty/vt/keyboard.c -index 3b0c4e3..f98a992 100644 +index 48cc6f2..85584dd 100644 --- a/drivers/tty/vt/keyboard.c +++ b/drivers/tty/vt/keyboard.c -@@ -663,6 +663,16 @@ static void k_spec(struct vc_data *vc, unsigned char value, char up_flag) +@@ -659,6 +659,16 @@ static void k_spec(struct vc_data *vc, unsigned char value, char up_flag) kbd->kbdmode == VC_OFF) && value != KVAL(K_SAK)) return; /* SAK is allowed even in raw mode */ @@ -38171,7 +38497,7 @@ index 3b0c4e3..f98a992 100644 fn_handler[value](vc); } -@@ -1812,9 +1822,6 @@ int vt_do_kdsk_ioctl(int cmd, struct kbentry __user *user_kbe, int perm, +@@ -1808,9 +1818,6 @@ int vt_do_kdsk_ioctl(int cmd, struct kbentry __user *user_kbe, int perm, if (copy_from_user(&tmp, user_kbe, sizeof(struct kbentry))) return -EFAULT; @@ -38181,7 +38507,7 @@ index 3b0c4e3..f98a992 100644 switch (cmd) { case KDGKBENT: /* Ensure another thread doesn't free it under us */ -@@ -1829,6 +1836,9 @@ int vt_do_kdsk_ioctl(int cmd, struct kbentry __user *user_kbe, int perm, +@@ -1825,6 +1832,9 @@ int vt_do_kdsk_ioctl(int cmd, struct kbentry __user *user_kbe, int perm, spin_unlock_irqrestore(&kbd_event_lock, flags); return put_user(val, &user_kbe->kb_value); case KDSKBENT: @@ -38191,7 +38517,7 @@ index 3b0c4e3..f98a992 100644 if (!perm) return -EPERM; if (!i && v == K_NOSUCHMAP) { -@@ -1919,9 +1929,6 @@ int vt_do_kdgkb_ioctl(int cmd, struct kbsentry __user *user_kdgkb, int perm) +@@ -1915,9 +1925,6 @@ int vt_do_kdgkb_ioctl(int cmd, struct kbsentry __user *user_kdgkb, int perm) int i, j, k; int ret; @@ -38201,7 +38527,7 @@ index 3b0c4e3..f98a992 100644 kbs = kmalloc(sizeof(*kbs), GFP_KERNEL); if (!kbs) { ret = -ENOMEM; -@@ -1955,6 +1962,9 @@ int vt_do_kdgkb_ioctl(int cmd, struct kbsentry __user *user_kdgkb, int perm) +@@ -1951,6 +1958,9 @@ int vt_do_kdgkb_ioctl(int cmd, struct kbsentry __user *user_kdgkb, int perm) kfree(kbs); return ((p && *p) ? -EOVERFLOW : 0); case KDSKBSENT: @@ -38307,7 +38633,7 @@ index a783d53..cb30d94 100644 ret = uio_get_minor(idev); if (ret) diff --git a/drivers/usb/atm/cxacru.c b/drivers/usb/atm/cxacru.c -index 98b89fe..aff824e 100644 +index b7eb86a..36d28af 100644 --- a/drivers/usb/atm/cxacru.c +++ b/drivers/usb/atm/cxacru.c @@ -473,7 +473,7 @@ static ssize_t cxacru_sysfs_store_adsl_config(struct device *dev, @@ -38320,7 +38646,7 @@ index 98b89fe..aff824e 100644 pos += tmp; diff --git a/drivers/usb/atm/usbatm.c b/drivers/usb/atm/usbatm.c -index d3448ca..d2864ca 100644 +index ee62b35..b663594 100644 --- a/drivers/usb/atm/usbatm.c +++ b/drivers/usb/atm/usbatm.c @@ -333,7 +333,7 @@ static void usbatm_extract_one_cell(struct usbatm_data *instance, unsigned char @@ -38385,7 +38711,7 @@ index d3448ca..d2864ca 100644 skb = skb_dequeue(&instance->sndqueue); } -@@ -773,11 +773,11 @@ static int usbatm_atm_proc_read(struct atm_dev *atm_dev, loff_t * pos, char *pag +@@ -770,11 +770,11 @@ static int usbatm_atm_proc_read(struct atm_dev *atm_dev, loff_t * pos, char *pag if (!left--) return sprintf(page, "AAL5: tx %d ( %d err ), rx %d ( %d err, %d drop )\n", @@ -38434,7 +38760,7 @@ index d956965..4179a77 100644 file->f_version = event_count; return POLLIN | POLLRDNORM; diff --git a/drivers/usb/early/ehci-dbgp.c b/drivers/usb/early/ehci-dbgp.c -index 1fc8f12..20647c1 100644 +index 347bb05..63e1b73 100644 --- a/drivers/usb/early/ehci-dbgp.c +++ b/drivers/usb/early/ehci-dbgp.c @@ -97,7 +97,8 @@ static inline u32 dbgp_len_update(u32 x, u32 len) @@ -38474,6 +38800,122 @@ index 1fc8f12..20647c1 100644 return 0; } +diff --git a/drivers/usb/gadget/u_serial.c b/drivers/usb/gadget/u_serial.c +index 5b3f5ff..6e00893 100644 +--- a/drivers/usb/gadget/u_serial.c ++++ b/drivers/usb/gadget/u_serial.c +@@ -731,9 +731,9 @@ static int gs_open(struct tty_struct *tty, struct file *file) + spin_lock_irq(&port->port_lock); + + /* already open? Great. */ +- if (port->port.count) { ++ if (atomic_read(&port->port.count)) { + status = 0; +- port->port.count++; ++ atomic_inc(&port->port.count); + + /* currently opening/closing? wait ... */ + } else if (port->openclose) { +@@ -792,7 +792,7 @@ static int gs_open(struct tty_struct *tty, struct file *file) + tty->driver_data = port; + port->port.tty = tty; + +- port->port.count = 1; ++ atomic_set(&port->port.count, 1); + port->openclose = false; + + /* if connected, start the I/O stream */ +@@ -834,11 +834,11 @@ static void gs_close(struct tty_struct *tty, struct file *file) + + spin_lock_irq(&port->port_lock); + +- if (port->port.count != 1) { +- if (port->port.count == 0) ++ if (atomic_read(&port->port.count) != 1) { ++ if (atomic_read(&port->port.count) == 0) + WARN_ON(1); + else +- --port->port.count; ++ atomic_dec(&port->port.count); + goto exit; + } + +@@ -848,7 +848,7 @@ static void gs_close(struct tty_struct *tty, struct file *file) + * and sleep if necessary + */ + port->openclose = true; +- port->port.count = 0; ++ atomic_set(&port->port.count, 0); + + gser = port->port_usb; + if (gser && gser->disconnect) +@@ -1152,7 +1152,7 @@ static int gs_closed(struct gs_port *port) + int cond; + + spin_lock_irq(&port->port_lock); +- cond = (port->port.count == 0) && !port->openclose; ++ cond = (atomic_read(&port->port.count) == 0) && !port->openclose; + spin_unlock_irq(&port->port_lock); + return cond; + } +@@ -1265,7 +1265,7 @@ int gserial_connect(struct gserial *gser, u8 port_num) + /* if it's already open, start I/O ... and notify the serial + * protocol about open/close status (connect/disconnect). + */ +- if (port->port.count) { ++ if (atomic_read(&port->port.count)) { + pr_debug("gserial_connect: start ttyGS%d\n", port->port_num); + gs_start_io(port); + if (gser->connect) +@@ -1312,7 +1312,7 @@ void gserial_disconnect(struct gserial *gser) + + port->port_usb = NULL; + gser->ioport = NULL; +- if (port->port.count > 0 || port->openclose) { ++ if (atomic_read(&port->port.count) > 0 || port->openclose) { + wake_up_interruptible(&port->drain_wait); + if (port->port.tty) + tty_hangup(port->port.tty); +@@ -1328,7 +1328,7 @@ void gserial_disconnect(struct gserial *gser) + + /* finally, free any unused/unusable I/O buffers */ + spin_lock_irqsave(&port->port_lock, flags); +- if (port->port.count == 0 && !port->openclose) ++ if (atomic_read(&port->port.count) == 0 && !port->openclose) + gs_buf_free(&port->port_write_buf); + gs_free_requests(gser->out, &port->read_pool, NULL); + gs_free_requests(gser->out, &port->read_queue, NULL); +diff --git a/drivers/usb/serial/console.c b/drivers/usb/serial/console.c +index b9cca6d..75c75df 100644 +--- a/drivers/usb/serial/console.c ++++ b/drivers/usb/serial/console.c +@@ -127,7 +127,7 @@ static int usb_console_setup(struct console *co, char *options) + + info->port = port; + +- ++port->port.count; ++ atomic_inc(&port->port.count); + if (!test_bit(ASYNCB_INITIALIZED, &port->port.flags)) { + if (serial->type->set_termios) { + /* +@@ -177,7 +177,7 @@ static int usb_console_setup(struct console *co, char *options) + } + /* Now that any required fake tty operations are completed restore + * the tty port count */ +- --port->port.count; ++ atomic_dec(&port->port.count); + /* The console is special in terms of closing the device so + * indicate this port is now acting as a system console. */ + port->port.console = 1; +@@ -190,7 +190,7 @@ static int usb_console_setup(struct console *co, char *options) + free_tty: + kfree(tty); + reset_open_count: +- port->port.count = 0; ++ atomic_set(&port->port.count, 0); + usb_autopm_put_interface(serial->interface); + error_get_interface: + usb_serial_put(serial); diff --git a/drivers/usb/wusbcore/wa-hc.h b/drivers/usb/wusbcore/wa-hc.h index d6bea3e..60b250e 100644 --- a/drivers/usb/wusbcore/wa-hc.h @@ -38510,10 +38952,10 @@ index 57c01ab..8a05959 100644 /* diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c -index 51e4c1e..9d87e2a 100644 +index 112156f..eb81154 100644 --- a/drivers/vhost/vhost.c +++ b/drivers/vhost/vhost.c -@@ -632,7 +632,7 @@ static long vhost_set_memory(struct vhost_dev *d, struct vhost_memory __user *m) +@@ -635,7 +635,7 @@ static long vhost_set_memory(struct vhost_dev *d, struct vhost_memory __user *m) return 0; } @@ -38550,7 +38992,7 @@ index 5c3960d..15cf8fc 100644 goto out1; } diff --git a/drivers/video/fbmem.c b/drivers/video/fbmem.c -index c6ce416..3b9b642 100644 +index 0dff12a..2ef47b3 100644 --- a/drivers/video/fbmem.c +++ b/drivers/video/fbmem.c @@ -428,7 +428,7 @@ static void fb_do_show_logo(struct fb_info *info, struct fb_image *image, @@ -38571,7 +39013,7 @@ index c6ce416..3b9b642 100644 info->fbops->fb_imageblit(info, image); image->dy -= image->height + 8; } -@@ -1157,7 +1157,7 @@ static long do_fb_ioctl(struct fb_info *info, unsigned int cmd, +@@ -1166,7 +1166,7 @@ static long do_fb_ioctl(struct fb_info *info, unsigned int cmd, return -EFAULT; if (con2fb.console < 1 || con2fb.console > MAX_NR_CONSOLES) return -EINVAL; @@ -41383,7 +41825,7 @@ index 3c14e43..eafa544 100644 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 +4 4 4 4 4 4 diff --git a/drivers/video/udlfb.c b/drivers/video/udlfb.c -index a159b63..4ab532d 100644 +index 8af6414..658c030 100644 --- a/drivers/video/udlfb.c +++ b/drivers/video/udlfb.c @@ -620,11 +620,11 @@ int dlfb_handle_damage(struct dlfb_data *dev, int x, int y, @@ -41699,7 +42141,7 @@ index e56c934..fc22f4b 100644 struct list_head list; }; diff --git a/fs/9p/vfs_inode.c b/fs/9p/vfs_inode.c -index 014c8dd..6f3dfe6 100644 +index 57ccb75..f6d05f8 100644 --- a/fs/9p/vfs_inode.c +++ b/fs/9p/vfs_inode.c @@ -1303,7 +1303,7 @@ static void *v9fs_vfs_follow_link(struct dentry *dentry, struct nameidata *nd) @@ -41712,7 +42154,7 @@ index 014c8dd..6f3dfe6 100644 p9_debug(P9_DEBUG_VFS, " %s %s\n", dentry->d_name.name, IS_ERR(s) ? "" : s); diff --git a/fs/Kconfig.binfmt b/fs/Kconfig.binfmt -index e95d1b6..3454244 100644 +index 0225742..1cd4732 100644 --- a/fs/Kconfig.binfmt +++ b/fs/Kconfig.binfmt @@ -89,7 +89,7 @@ config HAVE_AOUT @@ -41725,7 +42167,7 @@ index e95d1b6..3454244 100644 A.out (Assembler.OUTput) is a set of formats for libraries and executables used in the earliest versions of UNIX. Linux used diff --git a/fs/aio.c b/fs/aio.c -index e7f2fad..15ad8a4 100644 +index 55c4c76..11aee6f 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -118,7 +118,7 @@ static int aio_setup_ring(struct kioctx *ctx) @@ -41749,14 +42191,14 @@ index e7f2fad..15ad8a4 100644 (struct compat_iovec __user *)kiocb->ki_buf, - kiocb->ki_nbytes, 1, &kiocb->ki_inline_vec, + kiocb->ki_nbytes, 1, &iovstack, - &kiocb->ki_iovec, 1); + &kiocb->ki_iovec); else #endif ret = rw_copy_check_uvector(type, (struct iovec __user *)kiocb->ki_buf, - kiocb->ki_nbytes, 1, &kiocb->ki_inline_vec, + kiocb->ki_nbytes, 1, &iovstack, - &kiocb->ki_iovec, 1); + &kiocb->ki_iovec); if (ret < 0) goto out; @@ -1460,6 +1461,10 @@ static ssize_t aio_setup_vectored_rw(int type, struct kiocb *kiocb, bool compat) @@ -41771,7 +42213,7 @@ index e7f2fad..15ad8a4 100644 kiocb->ki_cur_seg = 0; /* ki_nbytes/left now reflect bytes instead of segs */ diff --git a/fs/attr.c b/fs/attr.c -index d94d1b6..f9bccd6 100644 +index 0da9095..1386693 100644 --- a/fs/attr.c +++ b/fs/attr.c @@ -99,6 +99,7 @@ int inode_newsize_ok(const struct inode *inode, loff_t offset) @@ -41889,7 +42331,7 @@ index d146e18..12d1bd1 100644 fd_offset + ex.a_text); if (error != N_DATADDR(ex)) { diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c -index 16f7354..7cc1e24 100644 +index 1b52956..271266e 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -32,6 +32,7 @@ @@ -41984,7 +42426,7 @@ index 16f7354..7cc1e24 100644 return -EFAULT; return 0; } -@@ -380,10 +399,10 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, +@@ -378,10 +397,10 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, { struct elf_phdr *elf_phdata; struct elf_phdr *eppnt; @@ -41997,7 +42439,7 @@ index 16f7354..7cc1e24 100644 unsigned long total_size; int retval, i, size; -@@ -429,6 +448,11 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, +@@ -427,6 +446,11 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, goto out_close; } @@ -42009,7 +42451,7 @@ index 16f7354..7cc1e24 100644 eppnt = elf_phdata; for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) { if (eppnt->p_type == PT_LOAD) { -@@ -472,8 +496,8 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, +@@ -470,8 +494,8 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, k = load_addr + eppnt->p_vaddr; if (BAD_ADDR(k) || eppnt->p_filesz > eppnt->p_memsz || @@ -42020,7 +42462,7 @@ index 16f7354..7cc1e24 100644 error = -ENOMEM; goto out_close; } -@@ -525,6 +549,311 @@ out: +@@ -523,6 +547,311 @@ out: return error; } @@ -42332,7 +42774,7 @@ index 16f7354..7cc1e24 100644 /* * These are the functions used to load ELF style executables and shared * libraries. There is no binary dependent code anywhere else. -@@ -541,6 +870,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top) +@@ -539,6 +868,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top) { unsigned int random_variable = 0; @@ -42344,7 +42786,7 @@ index 16f7354..7cc1e24 100644 if ((current->flags & PF_RANDOMIZE) && !(current->personality & ADDR_NO_RANDOMIZE)) { random_variable = get_random_int() & STACK_RND_MASK; -@@ -559,7 +893,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -557,7 +891,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) unsigned long load_addr = 0, load_bias = 0; int load_addr_set = 0; char * elf_interpreter = NULL; @@ -42353,7 +42795,7 @@ index 16f7354..7cc1e24 100644 struct elf_phdr *elf_ppnt, *elf_phdata; unsigned long elf_bss, elf_brk; int retval, i; -@@ -569,11 +903,11 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -567,11 +901,11 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) unsigned long start_code, end_code, start_data, end_data; unsigned long reloc_func_desc __maybe_unused = 0; int executable_stack = EXSTACK_DEFAULT; @@ -42366,7 +42808,7 @@ index 16f7354..7cc1e24 100644 loc = kmalloc(sizeof(*loc), GFP_KERNEL); if (!loc) { -@@ -709,11 +1043,81 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -707,11 +1041,81 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) goto out_free_dentry; /* OK, This is the point of no return */ @@ -42449,7 +42891,7 @@ index 16f7354..7cc1e24 100644 if (elf_read_implies_exec(loc->elf_ex, executable_stack)) current->personality |= READ_IMPLIES_EXEC; -@@ -804,6 +1208,20 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -802,6 +1206,20 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) #else load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr); #endif @@ -42470,7 +42912,7 @@ index 16f7354..7cc1e24 100644 } error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, -@@ -836,9 +1254,9 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -834,9 +1252,9 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) * allowed task size. Note that p_filesz must always be * <= p_memsz so it is only necessary to check p_memsz. */ @@ -42483,7 +42925,7 @@ index 16f7354..7cc1e24 100644 /* set_brk can never work. Avoid overflows. */ send_sig(SIGKILL, current, 0); retval = -EINVAL; -@@ -877,11 +1295,40 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -875,11 +1293,41 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) goto out_free_dentry; } if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) { @@ -42503,18 +42945,19 @@ index 16f7354..7cc1e24 100644 + + start = ELF_PAGEALIGN(elf_brk); + size = PAGE_SIZE + ((pax_get_random_long() & ((1UL << 22) - 1UL)) << 4); -+ down_write(¤t->mm->mmap_sem); ++ down_read(¤t->mm->mmap_sem); + retval = -ENOMEM; + if (!find_vma_intersection(current->mm, start, start + size + PAGE_SIZE)) { + unsigned long prot = PROT_NONE; + ++ up_read(¤t->mm->mmap_sem); + current->mm->brk_gap = PAGE_ALIGN(size) >> PAGE_SHIFT; +// if (current->personality & ADDR_NO_RANDOMIZE) +// prot = PROT_READ; -+ start = do_mmap(NULL, start, size, prot, MAP_ANONYMOUS | MAP_FIXED | MAP_PRIVATE, 0); ++ start = vm_mmap(NULL, start, size, prot, MAP_ANONYMOUS | MAP_FIXED | MAP_PRIVATE, 0); + retval = IS_ERR_VALUE(start) ? start : 0; -+ } -+ up_write(¤t->mm->mmap_sem); ++ } else ++ up_read(¤t->mm->mmap_sem); + if (retval == 0) + retval = set_brk(start + size, start + size + PAGE_SIZE); + if (retval < 0) { @@ -42527,7 +42970,7 @@ index 16f7354..7cc1e24 100644 if (elf_interpreter) { unsigned long uninitialized_var(interp_map_addr); -@@ -1109,7 +1556,7 @@ static bool always_dump_vma(struct vm_area_struct *vma) +@@ -1107,7 +1555,7 @@ static bool always_dump_vma(struct vm_area_struct *vma) * Decide what to dump of a segment, part, all or none. */ static unsigned long vma_dump_size(struct vm_area_struct *vma, @@ -42536,7 +42979,7 @@ index 16f7354..7cc1e24 100644 { #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type)) -@@ -1146,7 +1593,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, +@@ -1144,7 +1592,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, if (vma->vm_file == NULL) return 0; @@ -42545,7 +42988,7 @@ index 16f7354..7cc1e24 100644 goto whole; /* -@@ -1368,9 +1815,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) +@@ -1366,9 +1814,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) { elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv; int i = 0; @@ -42557,7 +43000,7 @@ index 16f7354..7cc1e24 100644 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv); } -@@ -1892,14 +2339,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, +@@ -1890,14 +2338,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, } static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma, @@ -42574,7 +43017,7 @@ index 16f7354..7cc1e24 100644 return size; } -@@ -1993,7 +2440,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -1991,7 +2439,7 @@ static int elf_core_dump(struct coredump_params *cprm) dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE); @@ -42583,7 +43026,7 @@ index 16f7354..7cc1e24 100644 offset += elf_core_extra_data_size(); e_shoff = offset; -@@ -2007,10 +2454,12 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2005,10 +2453,12 @@ static int elf_core_dump(struct coredump_params *cprm) offset = dataoff; size += sizeof(*elf); @@ -42596,7 +43039,7 @@ index 16f7354..7cc1e24 100644 if (size > cprm->limit || !dump_write(cprm->file, phdr4note, sizeof(*phdr4note))) goto end_coredump; -@@ -2024,7 +2473,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2022,7 +2472,7 @@ static int elf_core_dump(struct coredump_params *cprm) phdr.p_offset = offset; phdr.p_vaddr = vma->vm_start; phdr.p_paddr = 0; @@ -42605,7 +43048,7 @@ index 16f7354..7cc1e24 100644 phdr.p_memsz = vma->vm_end - vma->vm_start; offset += phdr.p_filesz; phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0; -@@ -2035,6 +2484,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2033,6 +2483,7 @@ static int elf_core_dump(struct coredump_params *cprm) phdr.p_align = ELF_EXEC_PAGESIZE; size += sizeof(phdr); @@ -42613,7 +43056,7 @@ index 16f7354..7cc1e24 100644 if (size > cprm->limit || !dump_write(cprm->file, &phdr, sizeof(phdr))) goto end_coredump; -@@ -2059,7 +2509,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2057,7 +2508,7 @@ static int elf_core_dump(struct coredump_params *cprm) unsigned long addr; unsigned long end; @@ -42622,7 +43065,7 @@ index 16f7354..7cc1e24 100644 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) { struct page *page; -@@ -2068,6 +2518,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2066,6 +2517,7 @@ static int elf_core_dump(struct coredump_params *cprm) page = get_dump_page(addr); if (page) { void *kaddr = kmap(page); @@ -42630,7 +43073,7 @@ index 16f7354..7cc1e24 100644 stop = ((size += PAGE_SIZE) > cprm->limit) || !dump_write(cprm->file, kaddr, PAGE_SIZE); -@@ -2085,6 +2536,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2083,6 +2535,7 @@ static int elf_core_dump(struct coredump_params *cprm) if (e_phnum == PN_XNUM) { size += sizeof(*shdr4extnum); @@ -42638,7 +43081,7 @@ index 16f7354..7cc1e24 100644 if (size > cprm->limit || !dump_write(cprm->file, shdr4extnum, sizeof(*shdr4extnum))) -@@ -2105,6 +2557,97 @@ out: +@@ -2103,6 +2556,97 @@ out: #endif /* CONFIG_ELF_CORE */ @@ -42737,7 +43180,7 @@ index 16f7354..7cc1e24 100644 { register_binfmt(&elf_format); diff --git a/fs/binfmt_flat.c b/fs/binfmt_flat.c -index 6b2daf9..a70dccb 100644 +index 178cb70..8972997 100644 --- a/fs/binfmt_flat.c +++ b/fs/binfmt_flat.c @@ -562,7 +562,9 @@ static int load_flat_file(struct linux_binprm * bprm, @@ -42745,7 +43188,7 @@ index 6b2daf9..a70dccb 100644 printk("Unable to allocate RAM for process data, errno %d\n", (int)-realdatastart); + down_write(¤t->mm->mmap_sem); - do_munmap(current->mm, textpos, text_len); + vm_munmap(textpos, text_len); + up_write(¤t->mm->mmap_sem); ret = realdatastart; goto err; @@ -42755,8 +43198,8 @@ index 6b2daf9..a70dccb 100644 if (IS_ERR_VALUE(result)) { printk("Unable to read data+bss, errno %d\n", (int)-result); + down_write(¤t->mm->mmap_sem); - do_munmap(current->mm, textpos, text_len); - do_munmap(current->mm, realdatastart, len); + vm_munmap(textpos, text_len); + vm_munmap(realdatastart, len); + up_write(¤t->mm->mmap_sem); ret = result; goto err; @@ -42766,17 +43209,17 @@ index 6b2daf9..a70dccb 100644 if (IS_ERR_VALUE(result)) { printk("Unable to read code+data+bss, errno %d\n",(int)-result); + down_write(¤t->mm->mmap_sem); - do_munmap(current->mm, textpos, text_len + data_len + extra + + vm_munmap(textpos, text_len + data_len + extra + MAX_SHARED_LIBS * sizeof(unsigned long)); + up_write(¤t->mm->mmap_sem); ret = result; goto err; } diff --git a/fs/bio.c b/fs/bio.c -index 84da885..bac1d48 100644 +index 73922ab..16642dd 100644 --- a/fs/bio.c +++ b/fs/bio.c -@@ -838,7 +838,7 @@ struct bio *bio_copy_user_iov(struct request_queue *q, +@@ -841,7 +841,7 @@ struct bio *bio_copy_user_iov(struct request_queue *q, /* * Overflow, abort */ @@ -42785,7 +43228,7 @@ index 84da885..bac1d48 100644 return ERR_PTR(-EINVAL); nr_pages += end - start; -@@ -972,7 +972,7 @@ static struct bio *__bio_map_user_iov(struct request_queue *q, +@@ -975,7 +975,7 @@ static struct bio *__bio_map_user_iov(struct request_queue *q, /* * Overflow, abort */ @@ -42794,7 +43237,7 @@ index 84da885..bac1d48 100644 return ERR_PTR(-EINVAL); nr_pages += end - start; -@@ -1234,7 +1234,7 @@ static void bio_copy_kern_endio(struct bio *bio, int err) +@@ -1237,7 +1237,7 @@ static void bio_copy_kern_endio(struct bio *bio, int err) const int read = bio_data_dir(bio) == READ; struct bio_map_data *bmd = bio->bi_private; int i; @@ -42804,7 +43247,7 @@ index 84da885..bac1d48 100644 __bio_for_each_segment(bvec, bio, i, 0) { char *addr = page_address(bvec->bv_page); diff --git a/fs/block_dev.c b/fs/block_dev.c -index ba11c30..623d736 100644 +index c2bbe1f..9dfbc23 100644 --- a/fs/block_dev.c +++ b/fs/block_dev.c @@ -704,7 +704,7 @@ static bool bd_may_claim(struct block_device *bdev, struct block_device *whole, @@ -42817,10 +43260,10 @@ index ba11c30..623d736 100644 else if (whole->bd_holder != NULL) return false; /* is a partition of a held device */ diff --git a/fs/btrfs/check-integrity.c b/fs/btrfs/check-integrity.c -index c053e90..e5f1afc 100644 +index da6e936..1598dd0 100644 --- a/fs/btrfs/check-integrity.c +++ b/fs/btrfs/check-integrity.c -@@ -156,7 +156,7 @@ struct btrfsic_block { +@@ -155,7 +155,7 @@ struct btrfsic_block { union { bio_end_io_t *bio; bh_end_io_t *bh; @@ -42830,10 +43273,10 @@ index c053e90..e5f1afc 100644 u64 flush_gen; /* only valid if !never_written */ }; diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c -index 4106264..8157ede 100644 +index 8206b39..06d5654 100644 --- a/fs/btrfs/ctree.c +++ b/fs/btrfs/ctree.c -@@ -513,9 +513,12 @@ static noinline int __btrfs_cow_block(struct btrfs_trans_handle *trans, +@@ -973,9 +973,12 @@ static noinline int __btrfs_cow_block(struct btrfs_trans_handle *trans, free_extent_buffer(buf); add_root_to_dirty_list(root); } else { @@ -42850,10 +43293,10 @@ index 4106264..8157ede 100644 WARN_ON(trans->transid != btrfs_header_generation(parent)); diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c -index 0df0d1f..4bdcbfe 100644 +index a7d1921..a32dba2 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c -@@ -7074,7 +7074,7 @@ fail: +@@ -7111,7 +7111,7 @@ fail: return -ENOMEM; } @@ -42862,7 +43305,7 @@ index 0df0d1f..4bdcbfe 100644 struct dentry *dentry, struct kstat *stat) { struct inode *inode = dentry->d_inode; -@@ -7088,6 +7088,14 @@ static int btrfs_getattr(struct vfsmount *mnt, +@@ -7125,6 +7125,14 @@ static int btrfs_getattr(struct vfsmount *mnt, return 0; } @@ -42878,10 +43321,10 @@ index 0df0d1f..4bdcbfe 100644 * If a file is moved, it will inherit the cow and compression flags of the new * directory. diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c -index 14f8e1f..ab8d81f 100644 +index 0e92e57..8b560de 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c -@@ -2882,9 +2882,12 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg) +@@ -2902,9 +2902,12 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg) for (i = 0; i < num_types; i++) { struct btrfs_space_info *tmp; @@ -42894,7 +43337,7 @@ index 14f8e1f..ab8d81f 100644 info = NULL; rcu_read_lock(); list_for_each_entry_rcu(tmp, &root->fs_info->space_info, -@@ -2906,15 +2909,12 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg) +@@ -2926,10 +2929,7 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg) memcpy(dest, &space, sizeof(space)); dest++; space_args.total_spaces++; @@ -42905,12 +43348,6 @@ index 14f8e1f..ab8d81f 100644 } up_read(&info->groups_sem); } - -- user_dest = (struct btrfs_ioctl_space_info *) -+ user_dest = (struct btrfs_ioctl_space_info __user *) - (arg + sizeof(struct btrfs_ioctl_space_args)); - - if (copy_to_user(user_dest, dest_orig, alloc_size)) diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c index 646ee21..f020f87 100644 --- a/fs/btrfs/relocation.c @@ -43101,10 +43538,10 @@ index 3e8094b..cb3ff3d 100644 } diff --git a/fs/cifs/cifs_debug.c b/fs/cifs/cifs_debug.c -index 2704646..c581c91 100644 +index e814052..28dcdf7 100644 --- a/fs/cifs/cifs_debug.c +++ b/fs/cifs/cifs_debug.c -@@ -265,8 +265,8 @@ static ssize_t cifs_stats_proc_write(struct file *file, +@@ -267,8 +267,8 @@ static ssize_t cifs_stats_proc_write(struct file *file, if (c == '1' || c == 'y' || c == 'Y' || c == '0') { #ifdef CONFIG_CIFS_STATS2 @@ -43115,7 +43552,7 @@ index 2704646..c581c91 100644 #endif /* CONFIG_CIFS_STATS2 */ spin_lock(&cifs_tcp_ses_lock); list_for_each(tmp1, &cifs_tcp_ses_list) { -@@ -279,25 +279,25 @@ static ssize_t cifs_stats_proc_write(struct file *file, +@@ -281,25 +281,25 @@ static ssize_t cifs_stats_proc_write(struct file *file, tcon = list_entry(tmp3, struct cifs_tcon, tcon_list); @@ -43160,7 +43597,7 @@ index 2704646..c581c91 100644 } } } -@@ -327,8 +327,8 @@ static int cifs_stats_proc_show(struct seq_file *m, void *v) +@@ -329,8 +329,8 @@ static int cifs_stats_proc_show(struct seq_file *m, void *v) smBufAllocCount.counter, cifs_min_small); #ifdef CONFIG_CIFS_STATS2 seq_printf(m, "Total Large %d Small %d Allocations\n", @@ -43171,7 +43608,7 @@ index 2704646..c581c91 100644 #endif /* CONFIG_CIFS_STATS2 */ seq_printf(m, "Operations (MIDs): %d\n", atomic_read(&midCount)); -@@ -357,41 +357,41 @@ static int cifs_stats_proc_show(struct seq_file *m, void *v) +@@ -359,41 +359,41 @@ static int cifs_stats_proc_show(struct seq_file *m, void *v) if (tcon->need_reconnect) seq_puts(m, "\tDISCONNECTED "); seq_printf(m, "\nSMBs: %d Oplock Breaks: %d", @@ -43234,10 +43671,10 @@ index 2704646..c581c91 100644 } } diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c -index 541ef81..a78deb8 100644 +index 8b6e344..303a662 100644 --- a/fs/cifs/cifsfs.c +++ b/fs/cifs/cifsfs.c -@@ -985,7 +985,7 @@ cifs_init_request_bufs(void) +@@ -994,7 +994,7 @@ cifs_init_request_bufs(void) cifs_req_cachep = kmem_cache_create("cifs_request", CIFSMaxBufSize + MAX_CIFS_HDR_SIZE, 0, @@ -43246,7 +43683,7 @@ index 541ef81..a78deb8 100644 if (cifs_req_cachep == NULL) return -ENOMEM; -@@ -1012,7 +1012,7 @@ cifs_init_request_bufs(void) +@@ -1021,7 +1021,7 @@ cifs_init_request_bufs(void) efficient to alloc 1 per page off the slab compared to 17K (5page) alloc of large cifs buffers even when page debugging is on */ cifs_sm_req_cachep = kmem_cache_create("cifs_small_rq", @@ -43255,7 +43692,7 @@ index 541ef81..a78deb8 100644 NULL); if (cifs_sm_req_cachep == NULL) { mempool_destroy(cifs_req_poolp); -@@ -1097,8 +1097,8 @@ init_cifs(void) +@@ -1106,8 +1106,8 @@ init_cifs(void) atomic_set(&bufAllocCount, 0); atomic_set(&smBufAllocCount, 0); #ifdef CONFIG_CIFS_STATS2 @@ -43267,10 +43704,10 @@ index 541ef81..a78deb8 100644 atomic_set(&midCount, 0); diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h -index 73fea28..b996b84 100644 +index d86ba9f..e80049d 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h -@@ -439,28 +439,28 @@ struct cifs_tcon { +@@ -491,28 +491,28 @@ struct cifs_tcon { __u16 Flags; /* optional support bits */ enum statusEnum tidStatus; #ifdef CONFIG_CIFS_STATS @@ -43321,7 +43758,7 @@ index 73fea28..b996b84 100644 #ifdef CONFIG_CIFS_STATS2 unsigned long long time_writes; unsigned long long time_reads; -@@ -677,7 +677,7 @@ convert_delimiter(char *path, char delim) +@@ -735,7 +735,7 @@ convert_delimiter(char *path, char delim) } #ifdef CONFIG_CIFS_STATS @@ -43330,7 +43767,7 @@ index 73fea28..b996b84 100644 static inline void cifs_stats_bytes_written(struct cifs_tcon *tcon, unsigned int bytes) -@@ -1036,8 +1036,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount; +@@ -1093,8 +1093,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount; /* Various Debug counters */ GLOBAL_EXTERN atomic_t bufAllocCount; /* current number allocated */ #ifdef CONFIG_CIFS_STATS2 @@ -43355,7 +43792,7 @@ index 6b0e064..94e6c3c 100644 kfree(p); } diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c -index c29d1aa..58018da 100644 +index 557506a..2fd3816 100644 --- a/fs/cifs/misc.c +++ b/fs/cifs/misc.c @@ -156,7 +156,7 @@ cifs_buf_get(void) @@ -43425,7 +43862,7 @@ index 6901578..d402eb5 100644 return hit; diff --git a/fs/compat.c b/fs/compat.c -index f2944ac..62845d2 100644 +index 6161255..512b1a1 100644 --- a/fs/compat.c +++ b/fs/compat.c @@ -490,7 +490,7 @@ compat_sys_io_setup(unsigned nr_reqs, u32 __user *ctx32p) @@ -43473,7 +43910,7 @@ index f2944ac..62845d2 100644 error = vfs_readdir(file, compat_fillonedir, &buf); if (buf.result) -@@ -900,6 +906,7 @@ struct compat_linux_dirent { +@@ -899,6 +905,7 @@ struct compat_linux_dirent { struct compat_getdents_callback { struct compat_linux_dirent __user *current_dir; struct compat_linux_dirent __user *previous; @@ -43481,7 +43918,7 @@ index f2944ac..62845d2 100644 int count; int error; }; -@@ -921,6 +928,10 @@ static int compat_filldir(void *__buf, const char *name, int namlen, +@@ -920,6 +927,10 @@ static int compat_filldir(void *__buf, const char *name, int namlen, buf->error = -EOVERFLOW; return -EOVERFLOW; } @@ -43492,7 +43929,7 @@ index f2944ac..62845d2 100644 dirent = buf->previous; if (dirent) { if (__put_user(offset, &dirent->d_off)) -@@ -968,6 +979,7 @@ asmlinkage long compat_sys_getdents(unsigned int fd, +@@ -966,6 +977,7 @@ asmlinkage long compat_sys_getdents(unsigned int fd, buf.previous = NULL; buf.count = count; buf.error = 0; @@ -43500,7 +43937,7 @@ index f2944ac..62845d2 100644 error = vfs_readdir(file, compat_filldir, &buf); if (error >= 0) -@@ -989,6 +1001,7 @@ out: +@@ -986,6 +998,7 @@ asmlinkage long compat_sys_getdents(unsigned int fd, struct compat_getdents_callback64 { struct linux_dirent64 __user *current_dir; struct linux_dirent64 __user *previous; @@ -43508,7 +43945,7 @@ index f2944ac..62845d2 100644 int count; int error; }; -@@ -1005,6 +1018,10 @@ static int compat_filldir64(void * __buf, const char * name, int namlen, loff_t +@@ -1002,6 +1015,10 @@ static int compat_filldir64(void * __buf, const char * name, int namlen, loff_t buf->error = -EINVAL; /* only used if we fail.. */ if (reclen > buf->count) return -EINVAL; @@ -43519,7 +43956,7 @@ index f2944ac..62845d2 100644 dirent = buf->previous; if (dirent) { -@@ -1056,13 +1073,14 @@ asmlinkage long compat_sys_getdents64(unsigned int fd, +@@ -1052,13 +1069,14 @@ asmlinkage long compat_sys_getdents64(unsigned int fd, buf.previous = NULL; buf.count = count; buf.error = 0; @@ -43624,10 +44061,10 @@ index 7e6c52d..94bc756 100644 /* * We'll have a dentry and an inode for diff --git a/fs/dcache.c b/fs/dcache.c -index b80531c..8ca7e2d 100644 +index 4046904..5e31505 100644 --- a/fs/dcache.c +++ b/fs/dcache.c -@@ -3084,7 +3084,7 @@ void __init vfs_caches_init(unsigned long mempages) +@@ -3154,7 +3154,7 @@ void __init vfs_caches_init(unsigned long mempages) mempages -= reserve; names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0, @@ -43653,28 +44090,19 @@ index b80bc84..0d46d1a 100644 } EXPORT_SYMBOL_GPL(debugfs_create_dir); diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c -index ab35b11..b30af66 100644 +index a07441a..046fc0d 100644 --- a/fs/ecryptfs/inode.c +++ b/fs/ecryptfs/inode.c -@@ -672,7 +672,7 @@ static int ecryptfs_readlink_lower(struct dentry *dentry, char **buf, +@@ -671,7 +671,7 @@ static int ecryptfs_readlink_lower(struct dentry *dentry, char **buf, old_fs = get_fs(); set_fs(get_ds()); rc = lower_dentry->d_inode->i_op->readlink(lower_dentry, - (char __user *)lower_buf, + (char __force_user *)lower_buf, - lower_bufsiz); + PATH_MAX); set_fs(old_fs); if (rc < 0) -@@ -718,7 +718,7 @@ static void *ecryptfs_follow_link(struct dentry *dentry, struct nameidata *nd) - } - old_fs = get_fs(); - set_fs(get_ds()); -- rc = dentry->d_inode->i_op->readlink(dentry, (char __user *)buf, len); -+ rc = dentry->d_inode->i_op->readlink(dentry, (char __force_user *)buf, len); - set_fs(old_fs); - if (rc < 0) { - kfree(buf); -@@ -733,7 +733,7 @@ out: +@@ -703,7 +703,7 @@ out: static void ecryptfs_put_link(struct dentry *dentry, struct nameidata *nd, void *ptr) { @@ -43719,7 +44147,7 @@ index b2a34a1..162fa69 100644 return rc; } diff --git a/fs/exec.c b/fs/exec.c -index 29e5f84..8bfc7cb 100644 +index e95aeed..9c7b4c2 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -55,6 +55,15 @@ @@ -43818,7 +44246,7 @@ index 29e5f84..8bfc7cb 100644 vma->vm_page_prot = vm_get_page_prot(vma->vm_flags); INIT_LIST_HEAD(&vma->anon_vma_chain); -@@ -291,6 +320,12 @@ static int __bprm_mm_init(struct linux_binprm *bprm) +@@ -287,6 +316,12 @@ static int __bprm_mm_init(struct linux_binprm *bprm) mm->stack_vm = mm->total_vm = 1; up_write(&mm->mmap_sem); bprm->p = vma->vm_end - sizeof(void *); @@ -43831,7 +44259,7 @@ index 29e5f84..8bfc7cb 100644 return 0; err: up_write(&mm->mmap_sem); -@@ -399,19 +434,7 @@ err: +@@ -395,19 +430,7 @@ err: return err; } @@ -43852,7 +44280,7 @@ index 29e5f84..8bfc7cb 100644 { const char __user *native; -@@ -420,14 +443,14 @@ static const char __user *get_user_arg_ptr(struct user_arg_ptr argv, int nr) +@@ -416,14 +439,14 @@ static const char __user *get_user_arg_ptr(struct user_arg_ptr argv, int nr) compat_uptr_t compat; if (get_user(compat, argv.ptr.compat + nr)) @@ -43869,7 +44297,7 @@ index 29e5f84..8bfc7cb 100644 return native; } -@@ -446,7 +469,7 @@ static int count(struct user_arg_ptr argv, int max) +@@ -442,7 +465,7 @@ static int count(struct user_arg_ptr argv, int max) if (!p) break; @@ -43878,7 +44306,7 @@ index 29e5f84..8bfc7cb 100644 return -EFAULT; if (i++ >= max) -@@ -480,7 +503,7 @@ static int copy_strings(int argc, struct user_arg_ptr argv, +@@ -476,7 +499,7 @@ static int copy_strings(int argc, struct user_arg_ptr argv, ret = -EFAULT; str = get_user_arg_ptr(argv, argc); @@ -43887,7 +44315,7 @@ index 29e5f84..8bfc7cb 100644 goto out; len = strnlen_user(str, MAX_ARG_STRLEN); -@@ -562,7 +585,7 @@ int copy_strings_kernel(int argc, const char *const *__argv, +@@ -558,7 +581,7 @@ int copy_strings_kernel(int argc, const char *const *__argv, int r; mm_segment_t oldfs = get_fs(); struct user_arg_ptr argv = { @@ -43896,7 +44324,7 @@ index 29e5f84..8bfc7cb 100644 }; set_fs(KERNEL_DS); -@@ -597,7 +620,8 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) +@@ -593,7 +616,8 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) unsigned long new_end = old_end - shift; struct mmu_gather tlb; @@ -43906,7 +44334,7 @@ index 29e5f84..8bfc7cb 100644 /* * ensure there are no vmas between where we want to go -@@ -606,6 +630,10 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) +@@ -602,6 +626,10 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) if (vma != find_vma(mm, new_start)) return -EFAULT; @@ -43917,7 +44345,7 @@ index 29e5f84..8bfc7cb 100644 /* * cover the whole range: [new_start, old_end) */ -@@ -686,10 +714,6 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -682,10 +710,6 @@ int setup_arg_pages(struct linux_binprm *bprm, stack_top = arch_align_stack(stack_top); stack_top = PAGE_ALIGN(stack_top); @@ -43928,7 +44356,7 @@ index 29e5f84..8bfc7cb 100644 stack_shift = vma->vm_end - stack_top; bprm->p -= stack_shift; -@@ -701,8 +725,28 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -697,8 +721,28 @@ int setup_arg_pages(struct linux_binprm *bprm, bprm->exec -= stack_shift; down_write(&mm->mmap_sem); @@ -43957,7 +44385,7 @@ index 29e5f84..8bfc7cb 100644 /* * Adjust stack execute permissions; explicitly enable for * EXSTACK_ENABLE_X, disable for EXSTACK_DISABLE_X and leave alone -@@ -721,13 +765,6 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -717,13 +761,6 @@ int setup_arg_pages(struct linux_binprm *bprm, goto out_unlock; BUG_ON(prev != vma); @@ -43971,7 +44399,7 @@ index 29e5f84..8bfc7cb 100644 /* mprotect_fixup is overkill to remove the temporary stack flags */ vma->vm_flags &= ~VM_STACK_INCOMPLETE_SETUP; -@@ -785,6 +822,8 @@ struct file *open_exec(const char *name) +@@ -781,6 +818,8 @@ struct file *open_exec(const char *name) fsnotify_open(file); @@ -43980,7 +44408,7 @@ index 29e5f84..8bfc7cb 100644 err = deny_write_access(file); if (err) goto exit; -@@ -808,7 +847,7 @@ int kernel_read(struct file *file, loff_t offset, +@@ -804,7 +843,7 @@ int kernel_read(struct file *file, loff_t offset, old_fs = get_fs(); set_fs(get_ds()); /* The cast to a user pointer is valid due to the set_fs() */ @@ -43989,7 +44417,7 @@ index 29e5f84..8bfc7cb 100644 set_fs(old_fs); return result; } -@@ -1254,7 +1293,7 @@ static int check_unsafe_exec(struct linux_binprm *bprm) +@@ -1257,7 +1296,7 @@ static int check_unsafe_exec(struct linux_binprm *bprm) } rcu_read_unlock(); @@ -43998,7 +44426,7 @@ index 29e5f84..8bfc7cb 100644 bprm->unsafe |= LSM_UNSAFE_SHARE; } else { res = -EAGAIN; -@@ -1451,6 +1490,28 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs) +@@ -1460,6 +1499,28 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs) EXPORT_SYMBOL(search_binary_handler); @@ -44027,7 +44455,7 @@ index 29e5f84..8bfc7cb 100644 /* * sys_execve() executes a new program. */ -@@ -1459,6 +1520,11 @@ static int do_execve_common(const char *filename, +@@ -1468,6 +1529,11 @@ static int do_execve_common(const char *filename, struct user_arg_ptr envp, struct pt_regs *regs) { @@ -44039,7 +44467,7 @@ index 29e5f84..8bfc7cb 100644 struct linux_binprm *bprm; struct file *file; struct files_struct *displaced; -@@ -1466,6 +1532,8 @@ static int do_execve_common(const char *filename, +@@ -1475,6 +1541,8 @@ static int do_execve_common(const char *filename, int retval; const struct cred *cred = current_cred(); @@ -44048,7 +44476,7 @@ index 29e5f84..8bfc7cb 100644 /* * We move the actual failure in case of RLIMIT_NPROC excess from * set*uid() to execve() because too many poorly written programs -@@ -1506,12 +1574,27 @@ static int do_execve_common(const char *filename, +@@ -1515,12 +1583,27 @@ static int do_execve_common(const char *filename, if (IS_ERR(file)) goto out_unmark; @@ -44076,7 +44504,7 @@ index 29e5f84..8bfc7cb 100644 retval = bprm_mm_init(bprm); if (retval) goto out_file; -@@ -1528,24 +1611,65 @@ static int do_execve_common(const char *filename, +@@ -1537,24 +1620,65 @@ static int do_execve_common(const char *filename, if (retval < 0) goto out; @@ -44146,7 +44574,7 @@ index 29e5f84..8bfc7cb 100644 current->fs->in_exec = 0; current->in_execve = 0; acct_update_integrals(current); -@@ -1554,6 +1678,14 @@ static int do_execve_common(const char *filename, +@@ -1563,6 +1687,14 @@ static int do_execve_common(const char *filename, put_files_struct(displaced); return retval; @@ -44161,7 +44589,7 @@ index 29e5f84..8bfc7cb 100644 out: if (bprm->mm) { acct_arg_size(bprm, 0); -@@ -1627,7 +1759,7 @@ static int expand_corename(struct core_name *cn) +@@ -1636,7 +1768,7 @@ static int expand_corename(struct core_name *cn) { char *old_corename = cn->corename; @@ -44170,7 +44598,7 @@ index 29e5f84..8bfc7cb 100644 cn->corename = krealloc(old_corename, cn->size, GFP_KERNEL); if (!cn->corename) { -@@ -1724,7 +1856,7 @@ static int format_corename(struct core_name *cn, long signr) +@@ -1733,7 +1865,7 @@ static int format_corename(struct core_name *cn, long signr) int pid_in_pattern = 0; int err = 0; @@ -44179,7 +44607,7 @@ index 29e5f84..8bfc7cb 100644 cn->corename = kmalloc(cn->size, GFP_KERNEL); cn->used = 0; -@@ -1821,6 +1953,250 @@ out: +@@ -1830,6 +1962,250 @@ out: return ispipe; } @@ -44430,7 +44858,37 @@ index 29e5f84..8bfc7cb 100644 static int zap_process(struct task_struct *start, int exit_code) { struct task_struct *t; -@@ -2018,17 +2394,17 @@ static void wait_for_dump_helpers(struct file *file) +@@ -2002,17 +2378,17 @@ static void coredump_finish(struct mm_struct *mm) + void set_dumpable(struct mm_struct *mm, int value) + { + switch (value) { +- case 0: ++ case SUID_DUMPABLE_DISABLED: + clear_bit(MMF_DUMPABLE, &mm->flags); + smp_wmb(); + clear_bit(MMF_DUMP_SECURELY, &mm->flags); + break; +- case 1: ++ case SUID_DUMPABLE_ENABLED: + set_bit(MMF_DUMPABLE, &mm->flags); + smp_wmb(); + clear_bit(MMF_DUMP_SECURELY, &mm->flags); + break; +- case 2: ++ case SUID_DUMPABLE_SAFE: + set_bit(MMF_DUMP_SECURELY, &mm->flags); + smp_wmb(); + set_bit(MMF_DUMPABLE, &mm->flags); +@@ -2025,7 +2401,7 @@ static int __get_dumpable(unsigned long mm_flags) + int ret; + + ret = mm_flags & MMF_DUMPABLE_MASK; +- return (ret >= 2) ? 2 : ret; ++ return (ret > SUID_DUMPABLE_ENABLED) ? SUID_DUMPABLE_SAFE : ret; + } + + int get_dumpable(struct mm_struct *mm) +@@ -2040,17 +2416,17 @@ static void wait_for_dump_helpers(struct file *file) pipe = file->f_path.dentry->d_inode->i_pipe; pipe_lock(pipe); @@ -44453,16 +44911,17 @@ index 29e5f84..8bfc7cb 100644 pipe_unlock(pipe); } -@@ -2089,7 +2465,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) +@@ -2111,7 +2487,8 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) int retval = 0; int flag = 0; int ispipe; - static atomic_t core_dump_count = ATOMIC_INIT(0); ++ bool need_nonrelative = false; + static atomic_unchecked_t core_dump_count = ATOMIC_INIT(0); struct coredump_params cprm = { .signr = signr, .regs = regs, -@@ -2104,6 +2480,9 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) +@@ -2126,6 +2503,9 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) audit_core_dumps(signr); @@ -44472,7 +44931,28 @@ index 29e5f84..8bfc7cb 100644 binfmt = mm->binfmt; if (!binfmt || !binfmt->core_dump) goto fail; -@@ -2171,7 +2550,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) +@@ -2136,14 +2516,16 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) + if (!cred) + goto fail; + /* +- * We cannot trust fsuid as being the "true" uid of the +- * process nor do we know its entire history. We only know it +- * was tainted so we dump it as root in mode 2. ++ * We cannot trust fsuid as being the "true" uid of the process ++ * nor do we know its entire history. We only know it was tainted ++ * so we dump it as root in mode 2, and only into a controlled ++ * environment (pipe handler or fully qualified path). + */ +- if (__get_dumpable(cprm.mm_flags) == 2) { ++ if (__get_dumpable(cprm.mm_flags) == SUID_DUMPABLE_SAFE) { + /* Setuid core dump mode */ + flag = O_EXCL; /* Stop rewrite attacks */ + cred->fsuid = GLOBAL_ROOT_UID; /* Dump root private */ ++ need_nonrelative = true; + } + + retval = coredump_wait(exit_code, &core_state); +@@ -2193,7 +2575,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) } cprm.limit = RLIM_INFINITY; @@ -44481,7 +44961,7 @@ index 29e5f84..8bfc7cb 100644 if (core_pipe_limit && (core_pipe_limit < dump_count)) { printk(KERN_WARNING "Pid %d(%s) over core_pipe_limit\n", task_tgid_vnr(current), current->comm); -@@ -2198,6 +2577,8 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) +@@ -2220,9 +2602,19 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) } else { struct inode *inode; @@ -44490,7 +44970,18 @@ index 29e5f84..8bfc7cb 100644 if (cprm.limit < binfmt->min_coredump) goto fail_unlock; -@@ -2241,7 +2622,7 @@ close_fail: ++ if (need_nonrelative && cn.corename[0] != '/') { ++ printk(KERN_WARNING "Pid %d(%s) can only dump core "\ ++ "to fully qualified path!\n", ++ task_tgid_vnr(current), current->comm); ++ printk(KERN_WARNING "Skipping core dump\n"); ++ goto fail_unlock; ++ } ++ + cprm.file = filp_open(cn.corename, + O_CREAT | 2 | O_NOFOLLOW | O_LARGEFILE | flag, + 0600); +@@ -2263,7 +2655,7 @@ close_fail: filp_close(cprm.file, NULL); fail_dropcount: if (ispipe) @@ -44499,7 +44990,7 @@ index 29e5f84..8bfc7cb 100644 fail_unlock: kfree(cn.corename); fail_corename: -@@ -2260,7 +2641,7 @@ fail: +@@ -2282,7 +2674,7 @@ fail: */ int dump_write(struct file *file, const void *addr, int nr) { @@ -44509,55 +45000,59 @@ index 29e5f84..8bfc7cb 100644 EXPORT_SYMBOL(dump_write); diff --git a/fs/ext2/balloc.c b/fs/ext2/balloc.c -index a8cbe1b..fed04cb 100644 +index 1c36139..cf6b350 100644 --- a/fs/ext2/balloc.c +++ b/fs/ext2/balloc.c -@@ -1192,7 +1192,7 @@ static int ext2_has_free_blocks(struct ext2_sb_info *sbi) +@@ -1190,10 +1190,10 @@ static int ext2_has_free_blocks(struct ext2_sb_info *sbi) free_blocks = percpu_counter_read_positive(&sbi->s_freeblocks_counter); root_blocks = le32_to_cpu(sbi->s_es->s_r_blocks_count); - if (free_blocks < root_blocks + 1 && !capable(CAP_SYS_RESOURCE) && -+ if (free_blocks < root_blocks + 1 && !capable_nolog(CAP_SYS_RESOURCE) && - sbi->s_resuid != current_fsuid() && - (sbi->s_resgid == 0 || !in_group_p (sbi->s_resgid))) { ++ if (free_blocks < root_blocks + 1 && + !uid_eq(sbi->s_resuid, current_fsuid()) && + (gid_eq(sbi->s_resgid, GLOBAL_ROOT_GID) || +- !in_group_p (sbi->s_resgid))) { ++ !in_group_p (sbi->s_resgid)) && !capable_nolog(CAP_SYS_RESOURCE)) { return 0; + } + return 1; diff --git a/fs/ext3/balloc.c b/fs/ext3/balloc.c -index baac1b1..1499b62 100644 +index 25cd608..9ed5294 100644 --- a/fs/ext3/balloc.c +++ b/fs/ext3/balloc.c -@@ -1438,9 +1438,10 @@ static int ext3_has_free_blocks(struct ext3_sb_info *sbi, int use_reservation) +@@ -1438,10 +1438,10 @@ static int ext3_has_free_blocks(struct ext3_sb_info *sbi, int use_reservation) free_blocks = percpu_counter_read_positive(&sbi->s_freeblocks_counter); root_blocks = le32_to_cpu(sbi->s_es->s_r_blocks_count); - if (free_blocks < root_blocks + 1 && !capable(CAP_SYS_RESOURCE) && + if (free_blocks < root_blocks + 1 && - !use_reservation && sbi->s_resuid != current_fsuid() && -- (sbi->s_resgid == 0 || !in_group_p (sbi->s_resgid))) { -+ (sbi->s_resgid == 0 || !in_group_p (sbi->s_resgid)) && -+ !capable_nolog(CAP_SYS_RESOURCE)) { + !use_reservation && !uid_eq(sbi->s_resuid, current_fsuid()) && + (gid_eq(sbi->s_resgid, GLOBAL_ROOT_GID) || +- !in_group_p (sbi->s_resgid))) { ++ !in_group_p (sbi->s_resgid)) && !capable_nolog(CAP_SYS_RESOURCE)) { return 0; } return 1; diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c -index 8da837b..ed3835b 100644 +index d23b31c..0585239 100644 --- a/fs/ext4/balloc.c +++ b/fs/ext4/balloc.c -@@ -463,8 +463,8 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi, +@@ -488,8 +488,8 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi, /* Hm, nope. Are (enough) root reserved clusters available? */ - if (sbi->s_resuid == current_fsuid() || - ((sbi->s_resgid != 0) && in_group_p(sbi->s_resgid)) || + if (uid_eq(sbi->s_resuid, current_fsuid()) || + (!gid_eq(sbi->s_resgid, GLOBAL_ROOT_GID) && in_group_p(sbi->s_resgid)) || - capable(CAP_SYS_RESOURCE) || - (flags & EXT4_MB_USE_ROOT_BLOCKS)) { -+ (flags & EXT4_MB_USE_ROOT_BLOCKS) || ++ (flags & EXT4_MB_USE_ROOT_BLOCKS) || + capable_nolog(CAP_SYS_RESOURCE)) { if (free_clusters >= (nclusters + dirty_clusters)) return 1; diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h -index 0e01e90..ae2bd5e 100644 +index 01434f2..bd995b4 100644 --- a/fs/ext4/ext4.h +++ b/fs/ext4/ext4.h -@@ -1225,19 +1225,19 @@ struct ext4_sb_info { +@@ -1246,19 +1246,19 @@ struct ext4_sb_info { unsigned long s_mb_last_start; /* stats for buddy allocator */ @@ -44587,20 +45082,8 @@ index 0e01e90..ae2bd5e 100644 atomic_t s_lock_busy; /* locality groups */ -diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c -index 1365903..9727522 100644 ---- a/fs/ext4/ioctl.c -+++ b/fs/ext4/ioctl.c -@@ -261,7 +261,6 @@ group_extend_out: - err = ext4_move_extents(filp, donor_filp, me.orig_start, - me.donor_start, me.len, &me.moved_len); - mnt_drop_write_file(filp); -- mnt_drop_write(filp->f_path.mnt); - - if (copy_to_user((struct move_extent __user *)arg, - &me, sizeof(me))) diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c -index 6b0a57e..1955a44 100644 +index 1cd6994..5799d45 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -1747,7 +1747,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac, @@ -44657,7 +45140,7 @@ index 6b0a57e..1955a44 100644 } free_percpu(sbi->s_locality_groups); -@@ -3045,16 +3045,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac) +@@ -3047,16 +3047,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac) struct ext4_sb_info *sbi = EXT4_SB(ac->ac_sb); if (sbi->s_mb_stats && ac->ac_g_ex.fe_len > 1) { @@ -44680,7 +45163,7 @@ index 6b0a57e..1955a44 100644 } if (ac->ac_op == EXT4_MB_HISTORY_ALLOC) -@@ -3458,7 +3458,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac) +@@ -3456,7 +3456,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac) trace_ext4_mb_new_inode_pa(ac, pa); ext4_mb_use_inode_pa(ac, pa); @@ -44689,7 +45172,7 @@ index 6b0a57e..1955a44 100644 ei = EXT4_I(ac->ac_inode); grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group); -@@ -3518,7 +3518,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac) +@@ -3516,7 +3516,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac) trace_ext4_mb_new_group_pa(ac, pa); ext4_mb_use_group_pa(ac, pa); @@ -44698,7 +45181,7 @@ index 6b0a57e..1955a44 100644 grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group); lg = ac->ac_lg; -@@ -3607,7 +3607,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh, +@@ -3605,7 +3605,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh, * from the bitmap and continue. */ } @@ -44707,7 +45190,7 @@ index 6b0a57e..1955a44 100644 return err; } -@@ -3625,7 +3625,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b, +@@ -3623,7 +3623,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b, ext4_get_group_no_and_offset(sb, pa->pa_pstart, &group, &bit); BUG_ON(group != e4b->bd_group && pa->pa_len != 0); mb_free_blocks(pa->pa_inode, e4b, bit, pa->pa_len); @@ -44717,7 +45200,7 @@ index 6b0a57e..1955a44 100644 return 0; diff --git a/fs/fcntl.c b/fs/fcntl.c -index 75e7c1f..1eb3e4d 100644 +index 81b70e6..d9ae6cf 100644 --- a/fs/fcntl.c +++ b/fs/fcntl.c @@ -224,6 +224,11 @@ int __f_setown(struct file *filp, struct pid *pid, enum pid_type type, @@ -46328,10 +46811,10 @@ index 7df2b5e..5804aa7 100644 if (!ret) ret = -EPIPE; diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c -index bc43832..0cfe5a6 100644 +index 334e0b1..fc571e8 100644 --- a/fs/fuse/dir.c +++ b/fs/fuse/dir.c -@@ -1181,7 +1181,7 @@ static char *read_link(struct dentry *dentry) +@@ -1189,7 +1189,7 @@ static char *read_link(struct dentry *dentry) return link; } @@ -46354,7 +46837,7 @@ index a9ba244..d9df391 100644 kfree(s); } diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c -index 001ef01..f7d5f07 100644 +index cc9281b..58996fb 100644 --- a/fs/hugetlbfs/inode.c +++ b/fs/hugetlbfs/inode.c @@ -920,7 +920,7 @@ static struct file_system_type hugetlbfs_fs_type = { @@ -46367,10 +46850,10 @@ index 001ef01..f7d5f07 100644 static int can_do_hugetlb_shm(void) { diff --git a/fs/inode.c b/fs/inode.c -index 9f4f5fe..6214688 100644 +index c99163b..a11ad40 100644 --- a/fs/inode.c +++ b/fs/inode.c -@@ -860,8 +860,8 @@ unsigned int get_next_ino(void) +@@ -867,8 +867,8 @@ unsigned int get_next_ino(void) #ifdef CONFIG_SMP if (unlikely((res & (LAST_INO_BATCH-1)) == 0)) { @@ -46396,10 +46879,10 @@ index 4a6cf28..d3a29d3 100644 jffs2_prealloc_raw_node_refs(c, jeb, 1); diff --git a/fs/jffs2/wbuf.c b/fs/jffs2/wbuf.c -index 74d9be1..d5dd140 100644 +index 6f4529d..bf12806 100644 --- a/fs/jffs2/wbuf.c +++ b/fs/jffs2/wbuf.c -@@ -1022,7 +1022,8 @@ static const struct jffs2_unknown_node oob_cleanmarker = +@@ -1023,7 +1023,8 @@ static const struct jffs2_unknown_node oob_cleanmarker = { .magic = constant_cpu_to_je16(JFFS2_MAGIC_BITMASK), .nodetype = constant_cpu_to_je16(JFFS2_NODETYPE_CLEANMARKER), @@ -46423,7 +46906,7 @@ index 4a82950..bcaa0cb 100644 if (jfs_inode_cachep == NULL) return -ENOMEM; diff --git a/fs/libfs.c b/fs/libfs.c -index 18d08f5..fe3dc64 100644 +index f86ec27..4734776 100644 --- a/fs/libfs.c +++ b/fs/libfs.c @@ -165,6 +165,9 @@ int dcache_readdir(struct file * filp, void * dirent, filldir_t filldir) @@ -46469,37 +46952,10 @@ index 8392cb8..80d6193 100644 memcpy(c->data, &cookie, 4); c->len=4; diff --git a/fs/locks.c b/fs/locks.c -index 6a64f15..c3dacf2 100644 +index 82c3533..34e929c 100644 --- a/fs/locks.c +++ b/fs/locks.c -@@ -308,7 +308,7 @@ static int flock_make_lock(struct file *filp, struct file_lock **lock, - return 0; - } - --static int assign_type(struct file_lock *fl, int type) -+static int assign_type(struct file_lock *fl, long type) - { - switch (type) { - case F_RDLCK: -@@ -445,7 +445,7 @@ static const struct lock_manager_operations lease_manager_ops = { - /* - * Initialize a lease, use the default lock manager operations - */ --static int lease_init(struct file *filp, int type, struct file_lock *fl) -+static int lease_init(struct file *filp, long type, struct file_lock *fl) - { - if (assign_type(fl, type) != 0) - return -EINVAL; -@@ -463,7 +463,7 @@ static int lease_init(struct file *filp, int type, struct file_lock *fl) - } - - /* Allocate a file_lock initialised to this type of lease */ --static struct file_lock *lease_alloc(struct file *filp, int type) -+static struct file_lock *lease_alloc(struct file *filp, long type) - { - struct file_lock *fl = locks_alloc_lock(); - int error = -ENOMEM; -@@ -2075,16 +2075,16 @@ void locks_remove_flock(struct file *filp) +@@ -2076,16 +2076,16 @@ void locks_remove_flock(struct file *filp) return; if (filp->f_op && filp->f_op->flock) { @@ -46521,10 +46977,10 @@ index 6a64f15..c3dacf2 100644 lock_flocks(); diff --git a/fs/namei.c b/fs/namei.c -index c427919..232326c 100644 +index 7d69419..10c6af6 100644 --- a/fs/namei.c +++ b/fs/namei.c -@@ -278,16 +278,32 @@ int generic_permission(struct inode *inode, int mask) +@@ -265,16 +265,32 @@ int generic_permission(struct inode *inode, int mask) if (ret != -EACCES) return ret; @@ -46536,14 +46992,14 @@ index c427919..232326c 100644 + if (S_ISDIR(inode->i_mode)) { /* DACs are overridable for directories */ -- if (ns_capable(inode_userns(inode), CAP_DAC_OVERRIDE)) +- if (inode_capable(inode, CAP_DAC_OVERRIDE)) - return 0; if (!(mask & MAY_WRITE)) -- if (ns_capable(inode_userns(inode), CAP_DAC_READ_SEARCH)) -+ if (ns_capable_nolog(inode_userns(inode), CAP_DAC_OVERRIDE) || -+ ns_capable(inode_userns(inode), CAP_DAC_READ_SEARCH)) +- if (inode_capable(inode, CAP_DAC_READ_SEARCH)) ++ if (inode_capable_nolog(inode, CAP_DAC_OVERRIDE) || ++ inode_capable(inode, CAP_DAC_READ_SEARCH)) return 0; -+ if (ns_capable(inode_userns(inode), CAP_DAC_OVERRIDE)) ++ if (inode_capable(inode, CAP_DAC_OVERRIDE)) + return 0; return -EACCES; } @@ -46552,16 +47008,16 @@ index c427919..232326c 100644 + */ + mask &= MAY_READ | MAY_WRITE | MAY_EXEC; + if (mask == MAY_READ) -+ if (ns_capable_nolog(inode_userns(inode), CAP_DAC_OVERRIDE) || -+ ns_capable(inode_userns(inode), CAP_DAC_READ_SEARCH)) ++ if (inode_capable_nolog(inode, CAP_DAC_OVERRIDE) || ++ inode_capable(inode, CAP_DAC_READ_SEARCH)) + return 0; + + /* * Read/write DACs are always overridable. * Executable DACs are overridable when there is * at least one exec bit set. -@@ -296,14 +312,6 @@ int generic_permission(struct inode *inode, int mask) - if (ns_capable(inode_userns(inode), CAP_DAC_OVERRIDE)) +@@ -283,14 +299,6 @@ int generic_permission(struct inode *inode, int mask) + if (inode_capable(inode, CAP_DAC_OVERRIDE)) return 0; - /* @@ -46569,13 +47025,13 @@ index c427919..232326c 100644 - */ - mask &= MAY_READ | MAY_WRITE | MAY_EXEC; - if (mask == MAY_READ) -- if (ns_capable(inode_userns(inode), CAP_DAC_READ_SEARCH)) +- if (inode_capable(inode, CAP_DAC_READ_SEARCH)) - return 0; - return -EACCES; } -@@ -652,11 +660,19 @@ follow_link(struct path *link, struct nameidata *nd, void **p) +@@ -639,11 +647,19 @@ follow_link(struct path *link, struct nameidata *nd, void **p) return error; } @@ -46596,27 +47052,25 @@ index c427919..232326c 100644 error = 0; if (s) error = __vfs_follow_link(nd, s); -@@ -1355,6 +1371,9 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd) +@@ -1386,6 +1402,8 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd) if (!res) res = walk_component(nd, path, &nd->last, nd->last_type, LOOKUP_FOLLOW); -+ if (res >= 0 && gr_handle_symlink_owner(&link, nd->inode)) { ++ if (res >= 0 && gr_handle_symlink_owner(&link, nd->inode)) + res = -EACCES; -+ } put_link(nd, &link, cookie); } while (res > 0); -@@ -1746,6 +1765,9 @@ static int path_lookupat(int dfd, const char *name, +@@ -1779,6 +1797,8 @@ static int path_lookupat(int dfd, const char *name, err = follow_link(&link, nd, &cookie); if (!err) err = lookup_last(nd, &path); -+ if (!err && gr_handle_symlink_owner(&link, nd->inode)) { ++ if (!err && gr_handle_symlink_owner(&link, nd->inode)) + err = -EACCES; -+ } put_link(nd, &link, cookie); } } -@@ -1753,6 +1775,21 @@ static int path_lookupat(int dfd, const char *name, +@@ -1786,6 +1806,21 @@ static int path_lookupat(int dfd, const char *name, if (!err) err = complete_walk(nd); @@ -46638,7 +47092,7 @@ index c427919..232326c 100644 if (!err && nd->flags & LOOKUP_DIRECTORY) { if (!nd->inode->i_op->lookup) { path_put(&nd->path); -@@ -1780,6 +1817,15 @@ static int do_path_lookup(int dfd, const char *name, +@@ -1813,6 +1848,15 @@ static int do_path_lookup(int dfd, const char *name, retval = path_lookupat(dfd, name, flags | LOOKUP_REVAL, nd); if (likely(!retval)) { @@ -46654,7 +47108,7 @@ index c427919..232326c 100644 if (unlikely(!audit_dummy_context())) { if (nd->path.dentry && nd->inode) audit_inode(name, nd->path.dentry); -@@ -2126,6 +2172,13 @@ static int may_open(struct path *path, int acc_mode, int flag) +@@ -2155,6 +2199,13 @@ static int may_open(struct path *path, int acc_mode, int flag) if (flag & O_NOATIME && !inode_owner_or_capable(inode)) return -EPERM; @@ -46668,7 +47122,16 @@ index c427919..232326c 100644 return 0; } -@@ -2187,6 +2240,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path, +@@ -2190,7 +2241,7 @@ static inline int open_to_namei_flags(int flag) + /* + * Handle the last step of open() + */ +-static struct file *do_last(struct nameidata *nd, struct path *path, ++static struct file *do_last(struct nameidata *nd, struct path *path, struct path *link, + const struct open_flags *op, const char *pathname) + { + struct dentry *dir = nd->path.dentry; +@@ -2220,16 +2271,44 @@ static struct file *do_last(struct nameidata *nd, struct path *path, error = complete_walk(nd); if (error) return ERR_PTR(error); @@ -46685,7 +47148,14 @@ index c427919..232326c 100644 audit_inode(pathname, nd->path.dentry); if (open_flag & O_CREAT) { error = -EISDIR; -@@ -2197,6 +2260,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path, + goto exit; + } ++ if (link && gr_handle_symlink_owner(link, nd->inode)) { ++ error = -EACCES; ++ goto exit; ++ } + goto ok; + case LAST_BIND: error = complete_walk(nd); if (error) return ERR_PTR(error); @@ -46698,28 +47168,15 @@ index c427919..232326c 100644 + if (!gr_acl_handle_hidden_file(dir, nd->path.mnt)) { + error = -ENOENT; + goto exit; ++ } ++ if (link && gr_handle_symlink_owner(link, nd->inode)) { ++ error = -EACCES; ++ goto exit; + } audit_inode(pathname, dir); goto ok; } -@@ -2218,6 +2291,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path, - error = complete_walk(nd); - if (error) - return ERR_PTR(error); -+#ifdef CONFIG_GRKERNSEC -+ if (nd->flags & LOOKUP_RCU) { -+ error = -ECHILD; -+ goto exit; -+ } -+#endif -+ if (!gr_acl_handle_hidden_file(nd->path.dentry, nd->path.mnt)) { -+ error = -ENOENT; -+ goto exit; -+ } - - error = -ENOTDIR; - if (nd->flags & LOOKUP_DIRECTORY) { -@@ -2258,6 +2341,12 @@ static struct file *do_last(struct nameidata *nd, struct path *path, +@@ -2285,6 +2364,12 @@ retry_lookup: /* Negative dentry, just create the file */ if (!dentry->d_inode) { umode_t mode = op->mode; @@ -46732,7 +47189,7 @@ index c427919..232326c 100644 if (!IS_POSIXACL(dir->d_inode)) mode &= ~current_umask(); /* -@@ -2281,6 +2370,8 @@ static struct file *do_last(struct nameidata *nd, struct path *path, +@@ -2308,6 +2393,8 @@ retry_lookup: error = vfs_create(dir->d_inode, dentry, mode, nd); if (error) goto exit_mutex_unlock; @@ -46741,7 +47198,7 @@ index c427919..232326c 100644 mutex_unlock(&dir->d_inode->i_mutex); dput(nd->path.dentry); nd->path.dentry = dentry; -@@ -2290,6 +2381,19 @@ static struct file *do_last(struct nameidata *nd, struct path *path, +@@ -2317,6 +2404,23 @@ retry_lookup: /* * It already exists. */ @@ -46750,6 +47207,10 @@ index c427919..232326c 100644 + error = -ENOENT; + goto exit_mutex_unlock; + } ++ if (link && gr_handle_symlink_owner(link, dentry->d_inode)) { ++ error = -EACCES; ++ goto exit_mutex_unlock; ++ } + + /* only check if O_CREAT is specified, all other checks need to go + into may_open */ @@ -46761,23 +47222,70 @@ index c427919..232326c 100644 mutex_unlock(&dir->d_inode->i_mutex); audit_inode(pathname, path->dentry); -@@ -2407,8 +2511,14 @@ static struct file *path_openat(int dfd, const char *pathname, +@@ -2349,6 +2453,11 @@ finish_lookup: + } + } + BUG_ON(inode != path->dentry->d_inode); ++ /* if we're resolving a symlink to another symlink */ ++ if (link && gr_handle_symlink_owner(link, inode)) { ++ error = -EACCES; ++ goto exit; ++ } + return NULL; + } + +@@ -2358,7 +2467,6 @@ finish_lookup: + save_parent.dentry = nd->path.dentry; + save_parent.mnt = mntget(path->mnt); + nd->path.dentry = path->dentry; +- + } + nd->inode = inode; + /* Why this, you ask? _Now_ we might have grown LOOKUP_JUMPED... */ +@@ -2367,6 +2475,21 @@ finish_lookup: + path_put(&save_parent); + return ERR_PTR(error); + } ++#ifdef CONFIG_GRKERNSEC ++ if (nd->flags & LOOKUP_RCU) { ++ error = -ECHILD; ++ goto exit; ++ } ++#endif ++ if (!gr_acl_handle_hidden_file(nd->path.dentry, nd->path.mnt)) { ++ error = -ENOENT; ++ goto exit; ++ } ++ if (link && gr_handle_symlink_owner(link, nd->inode)) { ++ error = -EACCES; ++ goto exit; ++ } ++ + error = -EISDIR; + if ((open_flag & O_CREAT) && S_ISDIR(nd->inode->i_mode)) + goto exit; +@@ -2461,7 +2584,7 @@ static struct file *path_openat(int dfd, const char *pathname, + if (unlikely(error)) + goto out_filp; + +- filp = do_last(nd, &path, op, pathname); ++ filp = do_last(nd, &path, NULL, op, pathname); + while (unlikely(!filp)) { /* trailing symlink */ + struct path link = path; + void *cookie; +@@ -2476,8 +2599,9 @@ static struct file *path_openat(int dfd, const char *pathname, error = follow_link(&link, nd, &cookie); if (unlikely(error)) filp = ERR_PTR(error); - else +- filp = do_last(nd, &path, op, pathname); + else { - filp = do_last(nd, &path, op, pathname); -+ if (!IS_ERR(filp) && gr_handle_symlink_owner(&link, nd->inode)) { -+ if (filp) -+ fput(filp); -+ filp = ERR_PTR(-EACCES); -+ } ++ filp = do_last(nd, &path, &link, op, pathname); + } put_link(nd, &link, cookie); } out: -@@ -2502,6 +2612,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, struct path *path +@@ -2577,6 +2701,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, struct path *path *path = nd.path; return dentry; eexist: @@ -46789,7 +47297,7 @@ index c427919..232326c 100644 dput(dentry); dentry = ERR_PTR(-EEXIST); fail: -@@ -2524,6 +2639,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, struct pat +@@ -2599,6 +2728,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, struct pat } EXPORT_SYMBOL(user_path_create); @@ -46810,7 +47318,7 @@ index c427919..232326c 100644 int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev) { int error = may_create(dir, dentry); -@@ -2591,6 +2720,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, umode_t, mode, +@@ -2665,6 +2808,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, umode_t, mode, error = mnt_want_write(path.mnt); if (error) goto out_dput; @@ -46828,7 +47336,7 @@ index c427919..232326c 100644 error = security_path_mknod(&path, dentry, mode, dev); if (error) goto out_drop_write; -@@ -2608,6 +2748,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, umode_t, mode, +@@ -2682,6 +2836,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, umode_t, mode, } out_drop_write: mnt_drop_write(path.mnt); @@ -46838,7 +47346,7 @@ index c427919..232326c 100644 out_dput: dput(dentry); mutex_unlock(&path.dentry->d_inode->i_mutex); -@@ -2661,12 +2804,21 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, umode_t, mode) +@@ -2735,12 +2892,21 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, umode_t, mode) error = mnt_want_write(path.mnt); if (error) goto out_dput; @@ -46860,7 +47368,7 @@ index c427919..232326c 100644 out_dput: dput(dentry); mutex_unlock(&path.dentry->d_inode->i_mutex); -@@ -2746,6 +2898,8 @@ static long do_rmdir(int dfd, const char __user *pathname) +@@ -2820,6 +2986,8 @@ static long do_rmdir(int dfd, const char __user *pathname) char * name; struct dentry *dentry; struct nameidata nd; @@ -46869,7 +47377,7 @@ index c427919..232326c 100644 error = user_path_parent(dfd, pathname, &nd, &name); if (error) -@@ -2774,6 +2928,15 @@ static long do_rmdir(int dfd, const char __user *pathname) +@@ -2848,6 +3016,15 @@ static long do_rmdir(int dfd, const char __user *pathname) error = -ENOENT; goto exit3; } @@ -46885,7 +47393,7 @@ index c427919..232326c 100644 error = mnt_want_write(nd.path.mnt); if (error) goto exit3; -@@ -2781,6 +2944,8 @@ static long do_rmdir(int dfd, const char __user *pathname) +@@ -2855,6 +3032,8 @@ static long do_rmdir(int dfd, const char __user *pathname) if (error) goto exit4; error = vfs_rmdir(nd.path.dentry->d_inode, dentry); @@ -46894,7 +47402,7 @@ index c427919..232326c 100644 exit4: mnt_drop_write(nd.path.mnt); exit3: -@@ -2843,6 +3008,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) +@@ -2917,6 +3096,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) struct dentry *dentry; struct nameidata nd; struct inode *inode = NULL; @@ -46903,7 +47411,7 @@ index c427919..232326c 100644 error = user_path_parent(dfd, pathname, &nd, &name); if (error) -@@ -2865,6 +3032,16 @@ static long do_unlinkat(int dfd, const char __user *pathname) +@@ -2939,6 +3120,16 @@ static long do_unlinkat(int dfd, const char __user *pathname) if (!inode) goto slashes; ihold(inode); @@ -46920,7 +47428,7 @@ index c427919..232326c 100644 error = mnt_want_write(nd.path.mnt); if (error) goto exit2; -@@ -2872,6 +3049,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) +@@ -2946,6 +3137,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) if (error) goto exit3; error = vfs_unlink(nd.path.dentry->d_inode, dentry); @@ -46929,7 +47437,7 @@ index c427919..232326c 100644 exit3: mnt_drop_write(nd.path.mnt); exit2: -@@ -2947,10 +3126,18 @@ SYSCALL_DEFINE3(symlinkat, const char __user *, oldname, +@@ -3021,10 +3214,18 @@ SYSCALL_DEFINE3(symlinkat, const char __user *, oldname, error = mnt_want_write(path.mnt); if (error) goto out_dput; @@ -46948,7 +47456,7 @@ index c427919..232326c 100644 out_drop_write: mnt_drop_write(path.mnt); out_dput: -@@ -3025,6 +3212,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, +@@ -3099,6 +3300,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, { struct dentry *new_dentry; struct path old_path, new_path; @@ -46956,7 +47464,7 @@ index c427919..232326c 100644 int how = 0; int error; -@@ -3048,7 +3236,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, +@@ -3122,7 +3324,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, if (error) return error; @@ -46965,7 +47473,7 @@ index c427919..232326c 100644 error = PTR_ERR(new_dentry); if (IS_ERR(new_dentry)) goto out; -@@ -3059,13 +3247,30 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, +@@ -3133,13 +3335,30 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, error = mnt_want_write(new_path.mnt); if (error) goto out_dput; @@ -46996,7 +47504,7 @@ index c427919..232326c 100644 dput(new_dentry); mutex_unlock(&new_path.dentry->d_inode->i_mutex); path_put(&new_path); -@@ -3299,6 +3504,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname, +@@ -3373,6 +3592,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname, if (new_dentry == trap) goto exit5; @@ -47009,7 +47517,7 @@ index c427919..232326c 100644 error = mnt_want_write(oldnd.path.mnt); if (error) goto exit5; -@@ -3308,6 +3519,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname, +@@ -3382,6 +3607,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname, goto exit6; error = vfs_rename(old_dir->d_inode, old_dentry, new_dir->d_inode, new_dentry); @@ -47019,7 +47527,7 @@ index c427919..232326c 100644 exit6: mnt_drop_write(oldnd.path.mnt); exit5: -@@ -3333,6 +3547,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna +@@ -3407,6 +3635,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link) { @@ -47028,7 +47536,7 @@ index c427919..232326c 100644 int len; len = PTR_ERR(link); -@@ -3342,7 +3558,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c +@@ -3416,7 +3646,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c len = strlen(link); if (len > (unsigned) buflen) len = buflen; @@ -47045,10 +47553,10 @@ index c427919..232326c 100644 out: return len; diff --git a/fs/namespace.c b/fs/namespace.c -index 4e46539..b28253c 100644 +index 1e4a5fe..a5ce747 100644 --- a/fs/namespace.c +++ b/fs/namespace.c -@@ -1156,6 +1156,9 @@ static int do_umount(struct mount *mnt, int flags) +@@ -1157,6 +1157,9 @@ static int do_umount(struct mount *mnt, int flags) if (!(sb->s_flags & MS_RDONLY)) retval = do_remount_sb(sb, MS_RDONLY, NULL, 0); up_write(&sb->s_umount); @@ -47058,8 +47566,8 @@ index 4e46539..b28253c 100644 return retval; } -@@ -1175,6 +1178,9 @@ static int do_umount(struct mount *mnt, int flags) - br_write_unlock(vfsmount_lock); +@@ -1176,6 +1179,9 @@ static int do_umount(struct mount *mnt, int flags) + br_write_unlock(&vfsmount_lock); up_write(&namespace_sem); release_mounts(&umount_list); + @@ -47068,7 +47576,7 @@ index 4e46539..b28253c 100644 return retval; } -@@ -2176,6 +2182,16 @@ long do_mount(char *dev_name, char *dir_name, char *type_page, +@@ -2177,6 +2183,16 @@ long do_mount(char *dev_name, char *dir_name, char *type_page, MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT | MS_STRICTATIME); @@ -47085,7 +47593,7 @@ index 4e46539..b28253c 100644 if (flags & MS_REMOUNT) retval = do_remount(&path, flags & ~MS_REMOUNT, mnt_flags, data_page); -@@ -2190,6 +2206,9 @@ long do_mount(char *dev_name, char *dir_name, char *type_page, +@@ -2191,6 +2207,9 @@ long do_mount(char *dev_name, char *dir_name, char *type_page, dev_name, data_page); dput_out: path_put(&path); @@ -47095,7 +47603,7 @@ index 4e46539..b28253c 100644 return retval; } -@@ -2471,6 +2490,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, +@@ -2472,6 +2491,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, if (error) goto out2; @@ -47108,7 +47616,7 @@ index 4e46539..b28253c 100644 error = lock_mount(&old); if (error) diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c -index e8bbfa5..864f936 100644 +index f729698..2bac081 100644 --- a/fs/nfs/inode.c +++ b/fs/nfs/inode.c @@ -152,7 +152,7 @@ static void nfs_zap_caches_locked(struct inode *inode) @@ -47120,7 +47628,7 @@ index e8bbfa5..864f936 100644 if (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)) nfsi->cache_validity |= NFS_INO_INVALID_ATTR|NFS_INO_INVALID_DATA|NFS_INO_INVALID_ACCESS|NFS_INO_INVALID_ACL|NFS_INO_REVAL_PAGECACHE; else -@@ -1005,16 +1005,16 @@ static int nfs_size_need_update(const struct inode *inode, const struct nfs_fatt +@@ -1008,16 +1008,16 @@ static int nfs_size_need_update(const struct inode *inode, const struct nfs_fatt return nfs_size_to_loff_t(fattr->size) > i_size_read(inode); } @@ -47141,7 +47649,7 @@ index e8bbfa5..864f936 100644 void nfs_fattr_init(struct nfs_fattr *fattr) diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c -index 5686661..80a9a3a 100644 +index c8bd9c3..4f83416 100644 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c @@ -933,7 +933,7 @@ nfsd_vfs_read(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file, @@ -47221,10 +47729,10 @@ index 99e3610..02c1068 100644 "inode 0x%lx or driver bug.", vdir->i_ino); goto err_out; diff --git a/fs/ntfs/file.c b/fs/ntfs/file.c -index 8639169..76697aa 100644 +index 7389d2d..dfd5dbe 100644 --- a/fs/ntfs/file.c +++ b/fs/ntfs/file.c -@@ -2229,6 +2229,6 @@ const struct inode_operations ntfs_file_inode_ops = { +@@ -2231,6 +2231,6 @@ const struct inode_operations ntfs_file_inode_ops = { #endif /* NTFS_RW */ }; @@ -47363,21 +47871,8 @@ index 68f4541..89cfe6a 100644 /* Copy the blockcheck stats from the superblock probe */ osb->osb_ecc_stats = *stats; -diff --git a/fs/ocfs2/symlink.c b/fs/ocfs2/symlink.c -index 5d22872..523db20 100644 ---- a/fs/ocfs2/symlink.c -+++ b/fs/ocfs2/symlink.c -@@ -142,7 +142,7 @@ bail: - - static void ocfs2_fast_put_link(struct dentry *dentry, struct nameidata *nd, void *cookie) - { -- char *link = nd_get_link(nd); -+ const char *link = nd_get_link(nd); - if (!IS_ERR(link)) - kfree(link); - } diff --git a/fs/open.c b/fs/open.c -index 3f1108b..822d7f7 100644 +index 1540632..79d7242 100644 --- a/fs/open.c +++ b/fs/open.c @@ -31,6 +31,8 @@ @@ -47400,7 +47895,7 @@ index 3f1108b..822d7f7 100644 if (!error) error = do_truncate(path.dentry, length, 0, NULL); -@@ -358,6 +364,9 @@ SYSCALL_DEFINE3(faccessat, int, dfd, const char __user *, filename, int, mode) +@@ -359,6 +365,9 @@ SYSCALL_DEFINE3(faccessat, int, dfd, const char __user *, filename, int, mode) if (__mnt_is_readonly(path.mnt)) res = -EROFS; @@ -47410,7 +47905,7 @@ index 3f1108b..822d7f7 100644 out_path_release: path_put(&path); out: -@@ -384,6 +393,8 @@ SYSCALL_DEFINE1(chdir, const char __user *, filename) +@@ -385,6 +394,8 @@ SYSCALL_DEFINE1(chdir, const char __user *, filename) if (error) goto dput_and_out; @@ -47419,7 +47914,7 @@ index 3f1108b..822d7f7 100644 set_fs_pwd(current->fs, &path); dput_and_out: -@@ -410,6 +421,13 @@ SYSCALL_DEFINE1(fchdir, unsigned int, fd) +@@ -411,6 +422,13 @@ SYSCALL_DEFINE1(fchdir, unsigned int, fd) goto out_putf; error = inode_permission(inode, MAY_EXEC | MAY_CHDIR); @@ -47433,7 +47928,7 @@ index 3f1108b..822d7f7 100644 if (!error) set_fs_pwd(current->fs, &file->f_path); out_putf: -@@ -438,7 +456,13 @@ SYSCALL_DEFINE1(chroot, const char __user *, filename) +@@ -439,7 +457,13 @@ SYSCALL_DEFINE1(chroot, const char __user *, filename) if (error) goto dput_and_out; @@ -47447,7 +47942,7 @@ index 3f1108b..822d7f7 100644 error = 0; dput_and_out: path_put(&path); -@@ -456,6 +480,16 @@ static int chmod_common(struct path *path, umode_t mode) +@@ -457,6 +481,16 @@ static int chmod_common(struct path *path, umode_t mode) if (error) return error; mutex_lock(&inode->i_mutex); @@ -47464,17 +47959,17 @@ index 3f1108b..822d7f7 100644 error = security_path_chmod(path, mode); if (error) goto out_unlock; -@@ -506,6 +540,9 @@ static int chown_common(struct path *path, uid_t user, gid_t group) - int error; - struct iattr newattrs; +@@ -512,6 +546,9 @@ static int chown_common(struct path *path, uid_t user, gid_t group) + uid = make_kuid(current_user_ns(), user); + gid = make_kgid(current_user_ns(), group); + if (!gr_acl_handle_chown(path->dentry, path->mnt)) + return -EACCES; + newattrs.ia_valid = ATTR_CTIME; if (user != (uid_t) -1) { - newattrs.ia_valid |= ATTR_UID; -@@ -987,6 +1024,7 @@ long do_sys_open(int dfd, const char __user *filename, int flags, umode_t mode) + if (!uid_valid(uid)) +@@ -1035,6 +1072,7 @@ long do_sys_open(int dfd, const char __user *filename, int flags, umode_t mode) } else { fsnotify_open(f); fd_install(fd, f); @@ -47483,7 +47978,7 @@ index 3f1108b..822d7f7 100644 } putname(tmp); diff --git a/fs/pipe.c b/fs/pipe.c -index fec5e4a..f4210f9 100644 +index 49c1065..13b9e12 100644 --- a/fs/pipe.c +++ b/fs/pipe.c @@ -438,9 +438,9 @@ redo: @@ -47528,7 +48023,7 @@ index fec5e4a..f4210f9 100644 } out: mutex_unlock(&inode->i_mutex); -@@ -713,7 +713,7 @@ pipe_poll(struct file *filp, poll_table *wait) +@@ -716,7 +716,7 @@ pipe_poll(struct file *filp, poll_table *wait) mask = 0; if (filp->f_mode & FMODE_READ) { mask = (nrbufs > 0) ? POLLIN | POLLRDNORM : 0; @@ -47537,7 +48032,7 @@ index fec5e4a..f4210f9 100644 mask |= POLLHUP; } -@@ -723,7 +723,7 @@ pipe_poll(struct file *filp, poll_table *wait) +@@ -726,7 +726,7 @@ pipe_poll(struct file *filp, poll_table *wait) * Most Unices do not set POLLERR for FIFOs but on Linux they * behave exactly like pipes for poll(). */ @@ -47546,7 +48041,7 @@ index fec5e4a..f4210f9 100644 mask |= POLLERR; } -@@ -737,10 +737,10 @@ pipe_release(struct inode *inode, int decr, int decw) +@@ -740,10 +740,10 @@ pipe_release(struct inode *inode, int decr, int decw) mutex_lock(&inode->i_mutex); pipe = inode->i_pipe; @@ -47560,7 +48055,7 @@ index fec5e4a..f4210f9 100644 free_pipe_info(inode); } else { wake_up_interruptible_sync_poll(&pipe->wait, POLLIN | POLLOUT | POLLRDNORM | POLLWRNORM | POLLERR | POLLHUP); -@@ -830,7 +830,7 @@ pipe_read_open(struct inode *inode, struct file *filp) +@@ -833,7 +833,7 @@ pipe_read_open(struct inode *inode, struct file *filp) if (inode->i_pipe) { ret = 0; @@ -47569,7 +48064,7 @@ index fec5e4a..f4210f9 100644 } mutex_unlock(&inode->i_mutex); -@@ -847,7 +847,7 @@ pipe_write_open(struct inode *inode, struct file *filp) +@@ -850,7 +850,7 @@ pipe_write_open(struct inode *inode, struct file *filp) if (inode->i_pipe) { ret = 0; @@ -47578,7 +48073,7 @@ index fec5e4a..f4210f9 100644 } mutex_unlock(&inode->i_mutex); -@@ -865,9 +865,9 @@ pipe_rdwr_open(struct inode *inode, struct file *filp) +@@ -868,9 +868,9 @@ pipe_rdwr_open(struct inode *inode, struct file *filp) if (inode->i_pipe) { ret = 0; if (filp->f_mode & FMODE_READ) @@ -47590,7 +48085,7 @@ index fec5e4a..f4210f9 100644 } mutex_unlock(&inode->i_mutex); -@@ -959,7 +959,7 @@ void free_pipe_info(struct inode *inode) +@@ -962,7 +962,7 @@ void free_pipe_info(struct inode *inode) inode->i_pipe = NULL; } @@ -47599,7 +48094,7 @@ index fec5e4a..f4210f9 100644 /* * pipefs_dname() is called from d_path(). -@@ -989,7 +989,8 @@ static struct inode * get_pipe_inode(void) +@@ -992,7 +992,8 @@ static struct inode * get_pipe_inode(void) goto fail_iput; inode->i_pipe = pipe; @@ -47641,7 +48136,7 @@ index 15af622..0e9f4467 100644 help Various /proc files exist to monitor process memory utilization: diff --git a/fs/proc/array.c b/fs/proc/array.c -index f9bd395..acb7847 100644 +index c1c207c..5179411 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c @@ -60,6 +60,7 @@ @@ -47652,7 +48147,7 @@ index f9bd395..acb7847 100644 #include #include #include -@@ -337,6 +338,21 @@ static void task_cpus_allowed(struct seq_file *m, struct task_struct *task) +@@ -346,6 +347,21 @@ static void task_cpus_allowed(struct seq_file *m, struct task_struct *task) seq_putc(m, '\n'); } @@ -47674,7 +48169,7 @@ index f9bd395..acb7847 100644 int proc_pid_status(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task) { -@@ -354,9 +370,24 @@ int proc_pid_status(struct seq_file *m, struct pid_namespace *ns, +@@ -363,9 +379,24 @@ int proc_pid_status(struct seq_file *m, struct pid_namespace *ns, task_cpus_allowed(m, task); cpuset_task_status_allowed(m, task); task_context_switch_counts(m, task); @@ -47699,7 +48194,7 @@ index f9bd395..acb7847 100644 static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task, int whole) { -@@ -378,6 +409,13 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, +@@ -387,6 +418,13 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, char tcomm[sizeof(task->comm)]; unsigned long flags; @@ -47713,7 +48208,7 @@ index f9bd395..acb7847 100644 state = *get_task_state(task); vsize = eip = esp = 0; permitted = ptrace_may_access(task, PTRACE_MODE_READ | PTRACE_MODE_NOAUDIT); -@@ -449,6 +487,19 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, +@@ -458,6 +496,19 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, gtime = task->gtime; } @@ -47733,9 +48228,9 @@ index f9bd395..acb7847 100644 /* scale priority and nice values from timeslices to -20..20 */ /* to make it look like a "normal" Unix priority/nice value */ priority = task_prio(task); -@@ -485,9 +536,15 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, +@@ -494,9 +545,15 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, seq_put_decimal_ull(m, ' ', vsize); - seq_put_decimal_ll(m, ' ', mm ? get_mm_rss(mm) : 0); + seq_put_decimal_ull(m, ' ', mm ? get_mm_rss(mm) : 0); seq_put_decimal_ull(m, ' ', rsslim); +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP + seq_put_decimal_ull(m, ' ', PAX_RAND_FLAGS(mm) ? 1 : (mm ? (permitted ? mm->start_code : 1) : 0)); @@ -47749,23 +48244,20 @@ index f9bd395..acb7847 100644 seq_put_decimal_ull(m, ' ', esp); seq_put_decimal_ull(m, ' ', eip); /* The signal information here is obsolete. -@@ -508,9 +565,15 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, - seq_put_decimal_ull(m, ' ', delayacct_blkio_ticks(task)); +@@ -518,7 +575,11 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, seq_put_decimal_ull(m, ' ', cputime_to_clock_t(gtime)); seq_put_decimal_ll(m, ' ', cputime_to_clock_t(cgtime)); + +- if (mm && permitted) { ++ if (mm && permitted +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP -+ seq_put_decimal_ull(m, ' ', PAX_RAND_FLAGS(mm) ? 0 : ((mm && permitted) ? mm->start_data : 0)); -+ seq_put_decimal_ull(m, ' ', PAX_RAND_FLAGS(mm) ? 0 : ((mm && permitted) ? mm->end_data : 0)); -+ seq_put_decimal_ull(m, ' ', PAX_RAND_FLAGS(mm) ? 0 : ((mm && permitted) ? mm->start_brk : 0)); -+#else - seq_put_decimal_ull(m, ' ', (mm && permitted) ? mm->start_data : 0); - seq_put_decimal_ull(m, ' ', (mm && permitted) ? mm->end_data : 0); - seq_put_decimal_ull(m, ' ', (mm && permitted) ? mm->start_brk : 0); ++ && !PAX_RAND_FLAGS(mm) +#endif - seq_putc(m, '\n'); - if (mm) - mmput(mm); -@@ -533,8 +596,15 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, ++ ) { + seq_put_decimal_ull(m, ' ', mm->start_data); + seq_put_decimal_ull(m, ' ', mm->end_data); + seq_put_decimal_ull(m, ' ', mm->start_brk); +@@ -556,8 +617,15 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task) { unsigned long size = 0, resident = 0, shared = 0, text = 0, data = 0; @@ -47782,11 +48274,10 @@ index f9bd395..acb7847 100644 if (mm) { size = task_statm(mm, &shared, &text, &data, &resident); mmput(mm); -@@ -556,3 +626,18 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, - +@@ -580,6 +648,21 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, return 0; } -+ + +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR +int proc_pid_ipaddr(struct task_struct *task, char *buffer) +{ @@ -47801,11 +48292,15 @@ index f9bd395..acb7847 100644 + return sprintf(buffer, "%pI4\n", &curr_ip); +} +#endif ++ + #ifdef CONFIG_CHECKPOINT_RESTORE + static struct pid * + get_children_pid(struct inode *inode, struct pid *pid_prev, loff_t pos) diff --git a/fs/proc/base.c b/fs/proc/base.c -index 9fc77b4..4877d08 100644 +index 437195f..cd2210d 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c -@@ -109,6 +109,14 @@ struct pid_entry { +@@ -110,6 +110,14 @@ struct pid_entry { union proc_op op; }; @@ -47820,19 +48315,7 @@ index 9fc77b4..4877d08 100644 #define NOD(NAME, MODE, IOP, FOP, OP) { \ .name = (NAME), \ .len = sizeof(NAME) - 1, \ -@@ -198,11 +206,6 @@ static int proc_root_link(struct dentry *dentry, struct path *path) - return result; - } - --struct mm_struct *mm_for_maps(struct task_struct *task) --{ -- return mm_access(task, PTRACE_MODE_READ); --} -- - static int proc_pid_cmdline(struct task_struct *task, char * buffer) - { - int res = 0; -@@ -213,6 +216,9 @@ static int proc_pid_cmdline(struct task_struct *task, char * buffer) +@@ -209,6 +217,9 @@ static int proc_pid_cmdline(struct task_struct *task, char * buffer) if (!mm->arg_end) goto out_mm; /* Shh! No looking before we're done */ @@ -47842,7 +48325,7 @@ index 9fc77b4..4877d08 100644 len = mm->arg_end - mm->arg_start; if (len > PAGE_SIZE) -@@ -240,12 +246,28 @@ out: +@@ -236,12 +247,28 @@ out: return res; } @@ -47854,8 +48337,7 @@ index 9fc77b4..4877d08 100644 + static int proc_pid_auxv(struct task_struct *task, char *buffer) { -- struct mm_struct *mm = mm_for_maps(task); -+ struct mm_struct *mm = mm_access(task, PTRACE_MODE_READ); + struct mm_struct *mm = mm_access(task, PTRACE_MODE_READ); int res = PTR_ERR(mm); if (mm && !IS_ERR(mm)) { unsigned int nwords = 0; @@ -47872,7 +48354,7 @@ index 9fc77b4..4877d08 100644 do { nwords += 2; } while (mm->saved_auxv[nwords - 2] != 0); /* AT_NULL */ -@@ -259,7 +281,7 @@ static int proc_pid_auxv(struct task_struct *task, char *buffer) +@@ -255,7 +282,7 @@ static int proc_pid_auxv(struct task_struct *task, char *buffer) } @@ -47881,7 +48363,7 @@ index 9fc77b4..4877d08 100644 /* * Provides a wchan file via kallsyms in a proper one-value-per-file format. * Returns the resolved symbol. If that fails, simply return the address. -@@ -298,7 +320,7 @@ static void unlock_trace(struct task_struct *task) +@@ -294,7 +321,7 @@ static void unlock_trace(struct task_struct *task) mutex_unlock(&task->signal->cred_guard_mutex); } @@ -47890,7 +48372,7 @@ index 9fc77b4..4877d08 100644 #define MAX_STACK_TRACE_DEPTH 64 -@@ -489,7 +511,7 @@ static int proc_pid_limits(struct task_struct *task, char *buffer) +@@ -486,7 +513,7 @@ static int proc_pid_limits(struct task_struct *task, char *buffer) return count; } @@ -47899,7 +48381,7 @@ index 9fc77b4..4877d08 100644 static int proc_pid_syscall(struct task_struct *task, char *buffer) { long nr; -@@ -518,7 +540,7 @@ static int proc_pid_syscall(struct task_struct *task, char *buffer) +@@ -515,7 +542,7 @@ static int proc_pid_syscall(struct task_struct *task, char *buffer) /************************************************************************/ /* permission checks */ @@ -47908,7 +48390,7 @@ index 9fc77b4..4877d08 100644 { struct task_struct *task; int allowed = 0; -@@ -528,7 +550,10 @@ static int proc_fd_access_allowed(struct inode *inode) +@@ -525,7 +552,10 @@ static int proc_fd_access_allowed(struct inode *inode) */ task = get_proc_task(inode); if (task) { @@ -47920,7 +48402,7 @@ index 9fc77b4..4877d08 100644 put_task_struct(task); } return allowed; -@@ -566,10 +591,35 @@ static bool has_pid_permissions(struct pid_namespace *pid, +@@ -563,10 +593,35 @@ static bool has_pid_permissions(struct pid_namespace *pid, struct task_struct *task, int hide_pid_min) { @@ -47956,7 +48438,7 @@ index 9fc77b4..4877d08 100644 return ptrace_may_access(task, PTRACE_MODE_READ); } -@@ -587,7 +637,11 @@ static int proc_pid_permission(struct inode *inode, int mask) +@@ -584,7 +639,11 @@ static int proc_pid_permission(struct inode *inode, int mask) put_task_struct(task); if (!has_perms) { @@ -47968,57 +48450,47 @@ index 9fc77b4..4877d08 100644 /* * Let's make getdents(), stat(), and open() * consistent with each other. If a process -@@ -677,7 +731,7 @@ static const struct file_operations proc_single_file_operations = { - .release = single_release, - }; - --static int mem_open(struct inode* inode, struct file* file) -+static int __mem_open(struct inode *inode, struct file *file, unsigned int mode) - { - struct task_struct *task = get_proc_task(file->f_path.dentry->d_inode); - struct mm_struct *mm; -@@ -685,7 +739,12 @@ static int mem_open(struct inode* inode, struct file* file) +@@ -682,6 +741,11 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode) if (!task) return -ESRCH; -- mm = mm_access(task, PTRACE_MODE_ATTACH); + if (gr_acl_handle_procpidmem(task)) { + put_task_struct(task); + return -EPERM; + } + -+ mm = mm_access(task, mode); + mm = mm_access(task, mode); put_task_struct(task); - if (IS_ERR(mm)) -@@ -698,11 +757,24 @@ static int mem_open(struct inode* inode, struct file* file) +@@ -695,16 +759,24 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode) mmput(mm); } -+ file->private_data = mm; -+ +- /* OK to pass negative loff_t, we can catch out-of-range */ +- file->f_mode |= FMODE_UNSIGNED_OFFSET; + file->private_data = mm; + +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP + file->f_version = current->exec_id; +#endif + -+ return 0; -+} -+ -+static int mem_open(struct inode *inode, struct file *file) -+{ + return 0; + } + + static int mem_open(struct inode *inode, struct file *file) + { +- return __mem_open(inode, file, PTRACE_MODE_ATTACH); + int ret; + ret = __mem_open(inode, file, PTRACE_MODE_ATTACH); + - /* OK to pass negative loff_t, we can catch out-of-range */ - file->f_mode |= FMODE_UNSIGNED_OFFSET; -- file->private_data = mm; - -- return 0; ++ /* OK to pass negative loff_t, we can catch out-of-range */ ++ file->f_mode |= FMODE_UNSIGNED_OFFSET; ++ + return ret; } static ssize_t mem_rw(struct file *file, char __user *buf, -@@ -713,6 +785,17 @@ static ssize_t mem_rw(struct file *file, char __user *buf, +@@ -715,6 +787,17 @@ static ssize_t mem_rw(struct file *file, char __user *buf, ssize_t copied; char *page; @@ -48036,53 +48508,23 @@ index 9fc77b4..4877d08 100644 if (!mm) return 0; -@@ -801,42 +884,49 @@ static const struct file_operations proc_mem_operations = { - .release = mem_release, - }; - -+static int environ_open(struct inode *inode, struct file *file) -+{ -+ return __mem_open(inode, file, PTRACE_MODE_READ); -+} -+ - static ssize_t environ_read(struct file *file, char __user *buf, - size_t count, loff_t *ppos) - { -- struct task_struct *task = get_proc_task(file->f_dentry->d_inode); - char *page; - unsigned long src = *ppos; -- int ret = -ESRCH; -- struct mm_struct *mm; -+ int ret = 0; -+ struct mm_struct *mm = file->private_data; +@@ -819,6 +902,13 @@ static ssize_t environ_read(struct file *file, char __user *buf, + if (!mm) + return 0; -- if (!task) -- goto out_no_task; -+ if (!mm) -+ return 0; -+ +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP + if (file->f_version != current->exec_id) { + gr_log_badprocpid("environ"); + return 0; + } +#endif - -- ret = -ENOMEM; ++ page = (char *)__get_free_page(GFP_TEMPORARY); if (!page) -- goto out; -- -- -- mm = mm_for_maps(task); -- ret = PTR_ERR(mm); -- if (!mm || IS_ERR(mm)) -- goto out_free; -+ return -ENOMEM; - - ret = 0; -+ if (!atomic_inc_not_zero(&mm->mm_users)) -+ goto free; + return -ENOMEM; +@@ -827,15 +917,17 @@ static ssize_t environ_read(struct file *file, char __user *buf, + if (!atomic_inc_not_zero(&mm->mm_users)) + goto free; while (count > 0) { - int this_len, retval, max_len; + size_t this_len, max_len; @@ -48095,42 +48537,15 @@ index 9fc77b4..4877d08 100644 - if (this_len <= 0) - break; -+ max_len = min_t(size_t, PAGE_SIZE, count); -+ this_len = min(max_len, this_len); - max_len = (count > PAGE_SIZE) ? PAGE_SIZE : count; - this_len = (this_len > max_len) ? max_len : this_len; -- -- retval = access_process_vm(task, (mm->env_start + src), -+ retval = access_remote_vm(mm, (mm->env_start + src), - page, this_len, 0); - - if (retval <= 0) { -@@ -855,19 +945,18 @@ static ssize_t environ_read(struct file *file, char __user *buf, - count -= retval; - } - *ppos = src; -- - mmput(mm); --out_free: -+ -+free: - free_page((unsigned long) page); --out: -- put_task_struct(task); --out_no_task: - return ret; - } - - static const struct file_operations proc_environ_operations = { -+ .open = environ_open, - .read = environ_read, - .llseek = generic_file_llseek, -+ .release = mem_release, - }; ++ max_len = min_t(size_t, PAGE_SIZE, count); ++ this_len = min(max_len, this_len); - static ssize_t oom_adjust_read(struct file *file, char __user *buf, -@@ -1433,7 +1522,7 @@ static void *proc_pid_follow_link(struct dentry *dentry, struct nameidata *nd) + retval = access_remote_vm(mm, (mm->env_start + src), + page, this_len, 0); +@@ -1433,7 +1525,7 @@ static void *proc_pid_follow_link(struct dentry *dentry, struct nameidata *nd) path_put(&nd->path); /* Are we allowed to snoop on the tasks file descriptors? */ @@ -48139,7 +48554,7 @@ index 9fc77b4..4877d08 100644 goto out; error = PROC_I(inode)->op.proc_get_link(dentry, &nd->path); -@@ -1472,8 +1561,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b +@@ -1472,8 +1564,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b struct path path; /* Are we allowed to snoop on the tasks file descriptors? */ @@ -48160,7 +48575,7 @@ index 9fc77b4..4877d08 100644 error = PROC_I(inode)->op.proc_get_link(dentry, &path); if (error) -@@ -1538,7 +1637,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t +@@ -1538,7 +1640,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t rcu_read_lock(); cred = __task_cred(task); inode->i_uid = cred->euid; @@ -48172,7 +48587,7 @@ index 9fc77b4..4877d08 100644 rcu_read_unlock(); } security_task_to_inode(task, inode); -@@ -1574,10 +1677,19 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat) +@@ -1574,10 +1680,19 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat) return -ENOENT; } if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || @@ -48192,7 +48607,7 @@ index 9fc77b4..4877d08 100644 } } rcu_read_unlock(); -@@ -1615,11 +1727,20 @@ int pid_revalidate(struct dentry *dentry, struct nameidata *nd) +@@ -1615,11 +1730,20 @@ int pid_revalidate(struct dentry *dentry, struct nameidata *nd) if (task) { if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || @@ -48212,8 +48627,8 @@ index 9fc77b4..4877d08 100644 +#endif rcu_read_unlock(); } else { - inode->i_uid = 0; -@@ -1737,7 +1858,8 @@ static int proc_fd_info(struct inode *inode, struct path *path, char *info) + inode->i_uid = GLOBAL_ROOT_UID; +@@ -1737,7 +1861,8 @@ static int proc_fd_info(struct inode *inode, struct path *path, char *info) int fd = proc_fd(inode); if (task) { @@ -48223,21 +48638,7 @@ index 9fc77b4..4877d08 100644 put_task_struct(task); } if (files) { -@@ -2025,11 +2147,8 @@ static int map_files_d_revalidate(struct dentry *dentry, struct nameidata *nd) - if (!task) - goto out_notask; - -- if (!ptrace_may_access(task, PTRACE_MODE_READ)) -- goto out; -- -- mm = get_task_mm(task); -- if (!mm) -+ mm = mm_access(task, PTRACE_MODE_READ); -+ if (IS_ERR_OR_NULL(mm)) - goto out; - - if (!dname_to_vma_addr(dentry, &vm_start, &vm_end)) { -@@ -2338,11 +2457,21 @@ static const struct file_operations proc_map_files_operations = { +@@ -2336,11 +2461,21 @@ static const struct file_operations proc_map_files_operations = { */ static int proc_fd_permission(struct inode *inode, int mask) { @@ -48261,7 +48662,7 @@ index 9fc77b4..4877d08 100644 return rv; } -@@ -2452,6 +2581,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir, +@@ -2450,6 +2585,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir, if (!task) goto out_no_task; @@ -48271,7 +48672,7 @@ index 9fc77b4..4877d08 100644 /* * Yes, it does not scale. And it should not. Don't add * new entries into /proc// without very good reasons. -@@ -2496,6 +2628,9 @@ static int proc_pident_readdir(struct file *filp, +@@ -2494,6 +2632,9 @@ static int proc_pident_readdir(struct file *filp, if (!task) goto out_no_task; @@ -48281,7 +48682,7 @@ index 9fc77b4..4877d08 100644 ret = 0; i = filp->f_pos; switch (i) { -@@ -2766,7 +2901,7 @@ static void *proc_self_follow_link(struct dentry *dentry, struct nameidata *nd) +@@ -2764,7 +2905,7 @@ static void *proc_self_follow_link(struct dentry *dentry, struct nameidata *nd) static void proc_self_put_link(struct dentry *dentry, struct nameidata *nd, void *cookie) { @@ -48290,7 +48691,7 @@ index 9fc77b4..4877d08 100644 if (!IS_ERR(s)) __putname(s); } -@@ -2967,7 +3102,7 @@ static const struct pid_entry tgid_base_stuff[] = { +@@ -3033,7 +3174,7 @@ static const struct pid_entry tgid_base_stuff[] = { REG("autogroup", S_IRUGO|S_IWUSR, proc_pid_sched_autogroup_operations), #endif REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations), @@ -48299,7 +48700,7 @@ index 9fc77b4..4877d08 100644 INF("syscall", S_IRUGO, proc_pid_syscall), #endif INF("cmdline", S_IRUGO, proc_pid_cmdline), -@@ -2992,10 +3127,10 @@ static const struct pid_entry tgid_base_stuff[] = { +@@ -3058,10 +3199,10 @@ static const struct pid_entry tgid_base_stuff[] = { #ifdef CONFIG_SECURITY DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), #endif @@ -48312,17 +48713,17 @@ index 9fc77b4..4877d08 100644 ONE("stack", S_IRUGO, proc_pid_stack), #endif #ifdef CONFIG_SCHEDSTATS -@@ -3029,6 +3164,9 @@ static const struct pid_entry tgid_base_stuff[] = { +@@ -3095,6 +3236,9 @@ static const struct pid_entry tgid_base_stuff[] = { #ifdef CONFIG_HARDWALL INF("hardwall", S_IRUGO, proc_pid_hardwall), #endif +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR -+ INF("ipaddr", S_IRUSR, proc_pid_ipaddr), ++ INF("ipaddr", S_IRUSR, proc_pid_ipaddr), +#endif - }; - - static int proc_tgid_base_readdir(struct file * filp, -@@ -3155,7 +3293,14 @@ static struct dentry *proc_pid_instantiate(struct inode *dir, + #ifdef CONFIG_USER_NS + REG("uid_map", S_IRUGO|S_IWUSR, proc_uid_map_operations), + REG("gid_map", S_IRUGO|S_IWUSR, proc_gid_map_operations), +@@ -3225,7 +3369,14 @@ static struct dentry *proc_pid_instantiate(struct inode *dir, if (!inode) goto out; @@ -48337,7 +48738,7 @@ index 9fc77b4..4877d08 100644 inode->i_op = &proc_tgid_base_inode_operations; inode->i_fop = &proc_tgid_base_operations; inode->i_flags|=S_IMMUTABLE; -@@ -3197,7 +3342,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, struct +@@ -3267,7 +3418,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, struct if (!task) goto out; @@ -48349,7 +48750,7 @@ index 9fc77b4..4877d08 100644 put_task_struct(task); out: return result; -@@ -3260,6 +3409,8 @@ static int proc_pid_fill_cache(struct file *filp, void *dirent, filldir_t filldi +@@ -3330,6 +3485,8 @@ static int proc_pid_fill_cache(struct file *filp, void *dirent, filldir_t filldi static int fake_filldir(void *buf, const char *name, int namelen, loff_t offset, u64 ino, unsigned d_type) { @@ -48358,7 +48759,7 @@ index 9fc77b4..4877d08 100644 return 0; } -@@ -3326,7 +3477,7 @@ static const struct pid_entry tid_base_stuff[] = { +@@ -3396,7 +3553,7 @@ static const struct pid_entry tid_base_stuff[] = { REG("sched", S_IRUGO|S_IWUSR, proc_pid_sched_operations), #endif REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations), @@ -48367,7 +48768,7 @@ index 9fc77b4..4877d08 100644 INF("syscall", S_IRUGO, proc_pid_syscall), #endif INF("cmdline", S_IRUGO, proc_pid_cmdline), -@@ -3350,10 +3501,10 @@ static const struct pid_entry tid_base_stuff[] = { +@@ -3423,10 +3580,10 @@ static const struct pid_entry tid_base_stuff[] = { #ifdef CONFIG_SECURITY DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), #endif @@ -48413,7 +48814,7 @@ index b143471..bb105e5 100644 } module_init(proc_devices_init); diff --git a/fs/proc/inode.c b/fs/proc/inode.c -index 205c922..2ee4c57 100644 +index 7ac817b..abab1a5 100644 --- a/fs/proc/inode.c +++ b/fs/proc/inode.c @@ -21,11 +21,17 @@ @@ -48461,19 +48862,10 @@ index 205c922..2ee4c57 100644 if (de->size) inode->i_size = de->size; diff --git a/fs/proc/internal.h b/fs/proc/internal.h -index 5f79bb8..e9ab85d 100644 +index eca4aca..19166b2 100644 --- a/fs/proc/internal.h +++ b/fs/proc/internal.h -@@ -31,8 +31,6 @@ struct vmalloc_info { - unsigned long largest_chunk; - }; - --extern struct mm_struct *mm_for_maps(struct task_struct *); -- - #ifdef CONFIG_MMU - #define VMALLOC_TOTAL (VMALLOC_END - VMALLOC_START) - extern void get_vmalloc_info(struct vmalloc_info *vmi); -@@ -54,6 +52,9 @@ extern int proc_pid_status(struct seq_file *m, struct pid_namespace *ns, +@@ -52,6 +52,9 @@ extern int proc_pid_status(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task); extern int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task); @@ -48482,7 +48874,7 @@ index 5f79bb8..e9ab85d 100644 +#endif extern loff_t mem_lseek(struct file *file, loff_t offset, int orig); - extern const struct file_operations proc_pid_maps_operations; + extern const struct file_operations proc_tid_children_operations; diff --git a/fs/proc/kcore.c b/fs/proc/kcore.c index 86c67ee..cdca321 100644 --- a/fs/proc/kcore.c @@ -48594,7 +48986,7 @@ index 06e1cc1..177cd98 100644 rcu_read_lock(); task = pid_task(proc_pid(dir), PIDTYPE_PID); diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c -index 21d836f..bebf3ee 100644 +index 3476bca..cb6d86a 100644 --- a/fs/proc/proc_sysctl.c +++ b/fs/proc/proc_sysctl.c @@ -12,11 +12,15 @@ @@ -48722,7 +49114,7 @@ index 21d836f..bebf3ee 100644 .permission = proc_sys_permission, .setattr = proc_sys_setattr, diff --git a/fs/proc/root.c b/fs/proc/root.c -index eed44bf..abeb499 100644 +index 7c30fce..b3d3aa2 100644 --- a/fs/proc/root.c +++ b/fs/proc/root.c @@ -188,7 +188,15 @@ void __init proc_root_init(void) @@ -48742,7 +49134,7 @@ index eed44bf..abeb499 100644 } diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c -index 7faaf2a..7793015 100644 +index 4540b8f..1b9772f 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c @@ -11,12 +11,19 @@ @@ -48802,15 +49194,6 @@ index 7faaf2a..7793015 100644 } unsigned long task_vsize(struct mm_struct *mm) -@@ -125,7 +149,7 @@ static void *m_start(struct seq_file *m, loff_t *pos) - if (!priv->task) - return ERR_PTR(-ESRCH); - -- mm = mm_for_maps(priv->task); -+ mm = mm_access(priv->task, PTRACE_MODE_READ); - if (!mm || IS_ERR(mm)) - return mm; - down_read(&mm->mmap_sem); @@ -231,13 +255,13 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid) pgoff = ((loff_t)vma->vm_pgoff) << PAGE_SHIFT; } @@ -48877,7 +49260,7 @@ index 7faaf2a..7793015 100644 show_map_vma(m, vma, is_pid); if (m->count < m->size) /* vma is copied successfully */ -@@ -482,12 +518,23 @@ static int show_smap(struct seq_file *m, void *v, int is_pid) +@@ -492,12 +528,23 @@ static int show_smap(struct seq_file *m, void *v, int is_pid) .private = &mss, }; @@ -48906,7 +49289,7 @@ index 7faaf2a..7793015 100644 show_map_vma(m, vma, is_pid); seq_printf(m, -@@ -505,7 +552,11 @@ static int show_smap(struct seq_file *m, void *v, int is_pid) +@@ -515,7 +562,11 @@ static int show_smap(struct seq_file *m, void *v, int is_pid) "KernelPageSize: %8lu kB\n" "MMUPageSize: %8lu kB\n" "Locked: %8lu kB\n", @@ -48918,16 +49301,7 @@ index 7faaf2a..7793015 100644 mss.resident >> 10, (unsigned long)(mss.pss >> (10 + PSS_SHIFT)), mss.shared_clean >> 10, -@@ -919,7 +970,7 @@ static ssize_t pagemap_read(struct file *file, char __user *buf, - if (!pm.buffer) - goto out_task; - -- mm = mm_for_maps(task); -+ mm = mm_access(task, PTRACE_MODE_READ); - ret = PTR_ERR(mm); - if (!mm || IS_ERR(mm)) - goto out_free; -@@ -1138,6 +1189,13 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) +@@ -1164,6 +1215,13 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) int n; char buffer[50]; @@ -48941,7 +49315,7 @@ index 7faaf2a..7793015 100644 if (!mm) return 0; -@@ -1155,11 +1213,15 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) +@@ -1181,11 +1239,15 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) mpol_to_str(buffer, sizeof(buffer), pol, 0); mpol_cond_put(pol); @@ -48959,7 +49333,7 @@ index 7faaf2a..7793015 100644 seq_printf(m, " heap"); } else { diff --git a/fs/proc/task_nommu.c b/fs/proc/task_nommu.c -index 74fe164..0848f95 100644 +index 1ccfa53..0848f95 100644 --- a/fs/proc/task_nommu.c +++ b/fs/proc/task_nommu.c @@ -51,7 +51,7 @@ void task_mem(struct seq_file *m, struct mm_struct *mm) @@ -48980,15 +49354,6 @@ index 74fe164..0848f95 100644 } else if (mm) { pid_t tid = vm_is_stack(priv->task, vma, is_pid); -@@ -223,7 +223,7 @@ static void *m_start(struct seq_file *m, loff_t *pos) - if (!priv->task) - return ERR_PTR(-ESRCH); - -- mm = mm_for_maps(priv->task); -+ mm = mm_access(priv->task, PTRACE_MODE_READ); - if (!mm || IS_ERR(mm)) { - put_task_struct(priv->task); - priv->task = NULL; diff --git a/fs/quota/netlink.c b/fs/quota/netlink.c index d67908b..d13f6a6 100644 --- a/fs/quota/netlink.c @@ -49012,7 +49377,7 @@ index d67908b..d13f6a6 100644 if (!msg_head) { printk(KERN_ERR diff --git a/fs/readdir.c b/fs/readdir.c -index cc0a822..43cb195 100644 +index 39e3370..20d446d 100644 --- a/fs/readdir.c +++ b/fs/readdir.c @@ -17,6 +17,7 @@ @@ -49050,7 +49415,7 @@ index cc0a822..43cb195 100644 error = vfs_readdir(file, fillonedir, &buf); if (buf.result) -@@ -142,6 +149,7 @@ struct linux_dirent { +@@ -141,6 +148,7 @@ struct linux_dirent { struct getdents_callback { struct linux_dirent __user * current_dir; struct linux_dirent __user * previous; @@ -49058,7 +49423,7 @@ index cc0a822..43cb195 100644 int count; int error; }; -@@ -163,6 +171,10 @@ static int filldir(void * __buf, const char * name, int namlen, loff_t offset, +@@ -162,6 +170,10 @@ static int filldir(void * __buf, const char * name, int namlen, loff_t offset, buf->error = -EOVERFLOW; return -EOVERFLOW; } @@ -49069,7 +49434,7 @@ index cc0a822..43cb195 100644 dirent = buf->previous; if (dirent) { if (__put_user(offset, &dirent->d_off)) -@@ -210,6 +222,7 @@ SYSCALL_DEFINE3(getdents, unsigned int, fd, +@@ -208,6 +220,7 @@ SYSCALL_DEFINE3(getdents, unsigned int, fd, buf.previous = NULL; buf.count = count; buf.error = 0; @@ -49077,7 +49442,7 @@ index cc0a822..43cb195 100644 error = vfs_readdir(file, filldir, &buf); if (error >= 0) -@@ -229,6 +242,7 @@ out: +@@ -226,6 +239,7 @@ SYSCALL_DEFINE3(getdents, unsigned int, fd, struct getdents_callback64 { struct linux_dirent64 __user * current_dir; struct linux_dirent64 __user * previous; @@ -49085,7 +49450,7 @@ index cc0a822..43cb195 100644 int count; int error; }; -@@ -244,6 +258,10 @@ static int filldir64(void * __buf, const char * name, int namlen, loff_t offset, +@@ -241,6 +255,10 @@ static int filldir64(void * __buf, const char * name, int namlen, loff_t offset, buf->error = -EINVAL; /* only used if we fail.. */ if (reclen > buf->count) return -EINVAL; @@ -49096,7 +49461,7 @@ index cc0a822..43cb195 100644 dirent = buf->previous; if (dirent) { if (__put_user(offset, &dirent->d_off)) -@@ -291,6 +309,7 @@ SYSCALL_DEFINE3(getdents64, unsigned int, fd, +@@ -287,6 +305,7 @@ SYSCALL_DEFINE3(getdents64, unsigned int, fd, buf.current_dir = dirent; buf.previous = NULL; @@ -49104,7 +49469,7 @@ index cc0a822..43cb195 100644 buf.count = count; buf.error = 0; -@@ -299,7 +318,7 @@ SYSCALL_DEFINE3(getdents64, unsigned int, fd, +@@ -295,7 +314,7 @@ SYSCALL_DEFINE3(getdents64, unsigned int, fd, error = buf.error; lastdirent = buf.previous; if (lastdirent) { @@ -49140,7 +49505,7 @@ index 2c1ade6..8c59d8d 100644 SF(s_do_balance), SF(s_unneeded_left_neighbor), SF(s_good_search_by_key_reada), SF(s_bmaps), diff --git a/fs/reiserfs/reiserfs.h b/fs/reiserfs/reiserfs.h -index a59d271..e12d1cf 100644 +index 33215f5..c5d427a 100644 --- a/fs/reiserfs/reiserfs.h +++ b/fs/reiserfs/reiserfs.h @@ -453,7 +453,7 @@ struct reiserfs_sb_info { @@ -49152,7 +49517,7 @@ index a59d271..e12d1cf 100644 // tree gets re-balanced unsigned long s_properties; /* File system properties. Currently holds on-disk FS format */ -@@ -1973,7 +1973,7 @@ static inline loff_t max_reiserfs_offset(struct inode *inode) +@@ -1978,7 +1978,7 @@ static inline loff_t max_reiserfs_offset(struct inode *inode) #define REISERFS_USER_MEM 1 /* reiserfs user memory mode */ #define fs_generation(s) (REISERFS_SB(s)->s_generation_counter) @@ -49162,7 +49527,7 @@ index a59d271..e12d1cf 100644 #define __fs_changed(gen,s) (gen != get_generation (s)) #define fs_changed(gen,s) \ diff --git a/fs/select.c b/fs/select.c -index 17d33d0..da0bf5c 100644 +index db14c78..3aae1bd 100644 --- a/fs/select.c +++ b/fs/select.c @@ -20,6 +20,7 @@ @@ -49173,7 +49538,7 @@ index 17d33d0..da0bf5c 100644 #include /* for STICKY_TIMEOUTS */ #include #include -@@ -833,6 +834,7 @@ int do_sys_poll(struct pollfd __user *ufds, unsigned int nfds, +@@ -831,6 +832,7 @@ int do_sys_poll(struct pollfd __user *ufds, unsigned int nfds, struct poll_list *walk = head; unsigned long todo = nfds; @@ -49249,7 +49614,7 @@ index 0cbd049..64e705c 100644 if (op) { diff --git a/fs/splice.c b/fs/splice.c -index 5cac690..f833a99 100644 +index 7bf08fa..eb35c2f 100644 --- a/fs/splice.c +++ b/fs/splice.c @@ -194,7 +194,7 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe, @@ -49313,7 +49678,7 @@ index 5cac690..f833a99 100644 return 0; if (sd->flags & SPLICE_F_NONBLOCK) -@@ -1185,7 +1185,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd, +@@ -1187,7 +1187,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd, * out of the pipe right after the splice_to_pipe(). So set * PIPE_READERS appropriately. */ @@ -49322,7 +49687,7 @@ index 5cac690..f833a99 100644 current->splice_pipe = pipe; } -@@ -1738,9 +1738,9 @@ static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags) +@@ -1740,9 +1740,9 @@ static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags) ret = -ERESTARTSYS; break; } @@ -49334,7 +49699,7 @@ index 5cac690..f833a99 100644 if (flags & SPLICE_F_NONBLOCK) { ret = -EAGAIN; break; -@@ -1772,7 +1772,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) +@@ -1774,7 +1774,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) pipe_lock(pipe); while (pipe->nrbufs >= pipe->buffers) { @@ -49343,7 +49708,7 @@ index 5cac690..f833a99 100644 send_sig(SIGPIPE, current, 0); ret = -EPIPE; break; -@@ -1785,9 +1785,9 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) +@@ -1787,9 +1787,9 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) ret = -ERESTARTSYS; break; } @@ -49355,7 +49720,7 @@ index 5cac690..f833a99 100644 } pipe_unlock(pipe); -@@ -1823,14 +1823,14 @@ retry: +@@ -1825,14 +1825,14 @@ retry: pipe_double_lock(ipipe, opipe); do { @@ -49372,7 +49737,7 @@ index 5cac690..f833a99 100644 break; /* -@@ -1927,7 +1927,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, +@@ -1929,7 +1929,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, pipe_double_lock(ipipe, opipe); do { @@ -49381,7 +49746,7 @@ index 5cac690..f833a99 100644 send_sig(SIGPIPE, current, 0); if (!ret) ret = -EPIPE; -@@ -1972,7 +1972,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, +@@ -1974,7 +1974,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, * return EAGAIN if we have the potential of some data in the * future, otherwise just return 0 */ @@ -49391,10 +49756,10 @@ index 5cac690..f833a99 100644 pipe_unlock(ipipe); diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c -index 35a36d3..23424b2 100644 +index e6bb9b2..d8e3951 100644 --- a/fs/sysfs/dir.c +++ b/fs/sysfs/dir.c -@@ -657,6 +657,18 @@ static int create_dir(struct kobject *kobj, struct sysfs_dirent *parent_sd, +@@ -678,6 +678,18 @@ static int create_dir(struct kobject *kobj, struct sysfs_dirent *parent_sd, struct sysfs_dirent *sd; int rc; @@ -49489,7 +49854,7 @@ index c175b4d..8f36a16 100644 int i; for (i = 0; i < sizeof(struct tag); ++i) diff --git a/fs/utimes.c b/fs/utimes.c -index ba653f3..06ea4b1 100644 +index fa4dbe4..e12d1b9 100644 --- a/fs/utimes.c +++ b/fs/utimes.c @@ -1,6 +1,7 @@ @@ -49514,7 +49879,7 @@ index ba653f3..06ea4b1 100644 error = notify_change(path->dentry, &newattrs); mutex_unlock(&inode->i_mutex); diff --git a/fs/xattr.c b/fs/xattr.c -index 3c8c1cc..a83c398 100644 +index 1d7ac37..23cb9ec 100644 --- a/fs/xattr.c +++ b/fs/xattr.c @@ -316,7 +316,7 @@ EXPORT_SYMBOL_GPL(vfs_removexattr); @@ -49558,14 +49923,14 @@ index 3c8c1cc..a83c398 100644 mnt_drop_write(path.mnt); } path_put(&path); -@@ -400,17 +405,15 @@ SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name, - const void __user *,value, size_t, size, int, flags) +@@ -401,17 +406,15 @@ SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name, { + int fput_needed; struct file *f; - struct dentry *dentry; int error = -EBADF; - f = fget(fd); + f = fget_light(fd, &fput_needed); if (!f) return error; - dentry = f->f_path.dentry; @@ -49577,7 +49942,7 @@ index 3c8c1cc..a83c398 100644 + error = setxattr(&f->f_path, name, value, size, flags); mnt_drop_write_file(f); } - fput(f); + fput_light(f, fput_needed); diff --git a/fs/xattr_acl.c b/fs/xattr_acl.c index 69d06b0..c0996e5 100644 --- a/fs/xattr_acl.c @@ -49594,10 +49959,10 @@ index 69d06b0..c0996e5 100644 struct posix_acl *acl; struct posix_acl_entry *acl_e; diff --git a/fs/xfs/xfs_bmap.c b/fs/xfs/xfs_bmap.c -index 85e7e32..5344e52 100644 +index 58b815e..595ddee 100644 --- a/fs/xfs/xfs_bmap.c +++ b/fs/xfs/xfs_bmap.c -@@ -190,7 +190,7 @@ xfs_bmap_validate_ret( +@@ -189,7 +189,7 @@ xfs_bmap_validate_ret( int nmap, int ret_nmap); #else @@ -49607,10 +49972,10 @@ index 85e7e32..5344e52 100644 STATIC int diff --git a/fs/xfs/xfs_dir2_sf.c b/fs/xfs/xfs_dir2_sf.c -index 79d05e8..e3e5861 100644 +index 19bf0c5..9f26b02 100644 --- a/fs/xfs/xfs_dir2_sf.c +++ b/fs/xfs/xfs_dir2_sf.c -@@ -852,7 +852,15 @@ xfs_dir2_sf_getdents( +@@ -851,7 +851,15 @@ xfs_dir2_sf_getdents( } ino = xfs_dir2_sfe_get_ino(sfp, sfep); @@ -49628,10 +49993,10 @@ index 79d05e8..e3e5861 100644 *offset = off & 0x7fffffff; return 0; diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c -index 91f8ff5..0ce68f9 100644 +index 3a05a41..320bec6 100644 --- a/fs/xfs/xfs_ioctl.c +++ b/fs/xfs/xfs_ioctl.c -@@ -128,7 +128,7 @@ xfs_find_handle( +@@ -126,7 +126,7 @@ xfs_find_handle( } error = -EFAULT; @@ -49641,10 +50006,10 @@ index 91f8ff5..0ce68f9 100644 goto out_put; diff --git a/fs/xfs/xfs_iops.c b/fs/xfs/xfs_iops.c -index 3011b87..1ab03e9 100644 +index 1a25fd8..e935581 100644 --- a/fs/xfs/xfs_iops.c +++ b/fs/xfs/xfs_iops.c -@@ -397,7 +397,7 @@ xfs_vn_put_link( +@@ -394,7 +394,7 @@ xfs_vn_put_link( struct nameidata *nd, void *p) { @@ -50646,10 +51011,10 @@ index 0000000..1b9afa9 +endif diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c new file mode 100644 -index 0000000..7a5922f +index 0000000..bda2a91 --- /dev/null +++ b/grsecurity/gracl.c -@@ -0,0 +1,4016 @@ +@@ -0,0 +1,4017 @@ +#include +#include +#include @@ -50675,12 +51040,15 @@ index 0000000..7a5922f +#include +#include +#include ++#include +#include "../fs/mount.h" + +#include +#include +#include + ++extern struct lglock vfsmount_lock; ++ +static struct acl_role_db acl_role_set; +static struct name_db name_set; +static struct inodev_db inodev_set; @@ -50744,8 +51112,6 @@ index 0000000..7a5922f +extern void gr_remove_uid(uid_t uid); +extern int gr_find_uid(uid_t uid); + -+DECLARE_BRLOCK(vfsmount_lock); -+ +__inline__ int +gr_acl_is_enabled(void) +{ @@ -50948,9 +51314,9 @@ index 0000000..7a5922f + get_fs_root(reaper->fs, &root); + + write_seqlock(&rename_lock); -+ br_read_lock(vfsmount_lock); ++ br_read_lock(&vfsmount_lock); + res = gen_full_path(&path, &root, buf, buflen); -+ br_read_unlock(vfsmount_lock); ++ br_read_unlock(&vfsmount_lock); + write_sequnlock(&rename_lock); + + path_put(&root); @@ -50962,10 +51328,10 @@ index 0000000..7a5922f +{ + char *ret; + write_seqlock(&rename_lock); -+ br_read_lock(vfsmount_lock); ++ br_read_lock(&vfsmount_lock); + ret = __d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[0],smp_processor_id()), + PAGE_SIZE); -+ br_read_unlock(vfsmount_lock); ++ br_read_unlock(&vfsmount_lock); + write_sequnlock(&rename_lock); + return ret; +} @@ -50978,7 +51344,7 @@ index 0000000..7a5922f + int buflen; + + write_seqlock(&rename_lock); -+ br_read_lock(vfsmount_lock); ++ br_read_lock(&vfsmount_lock); + buf = per_cpu_ptr(gr_shared_page[0], smp_processor_id()); + ret = __d_real_path(dentry, mnt, buf, PAGE_SIZE - 6); + buflen = (int)(ret - buf); @@ -50986,7 +51352,7 @@ index 0000000..7a5922f + prepend(&ret, &buflen, "/proc", 5); + else + ret = strcpy(buf, ""); -+ br_read_unlock(vfsmount_lock); ++ br_read_unlock(&vfsmount_lock); + write_sequnlock(&rename_lock); + return ret; +} @@ -52519,7 +52885,7 @@ index 0000000..7a5922f + struct dentry *parent; + + write_seqlock(&rename_lock); -+ br_read_lock(vfsmount_lock); ++ br_read_lock(&vfsmount_lock); + + if (unlikely((mnt == shm_mnt && dentry->d_inode->i_nlink == 0) || mnt == pipe_mnt || +#ifdef CONFIG_NET @@ -52566,7 +52932,7 @@ index 0000000..7a5922f + if (retval == NULL) + retval = full_lookup(l_dentry, l_mnt, real_root.dentry, subj, &path, checkglob); +out: -+ br_read_unlock(vfsmount_lock); ++ br_read_unlock(&vfsmount_lock); + write_sequnlock(&rename_lock); + + BUG_ON(retval == NULL); @@ -52608,7 +52974,7 @@ index 0000000..7a5922f + struct dentry *parent; + + write_seqlock(&rename_lock); -+ br_read_lock(vfsmount_lock); ++ br_read_lock(&vfsmount_lock); + + for (;;) { + if (dentry == real_root.dentry && mnt == real_root.mnt) @@ -52662,7 +53028,7 @@ index 0000000..7a5922f + read_unlock(&gr_inode_lock); + } +out: -+ br_read_unlock(vfsmount_lock); ++ br_read_unlock(&vfsmount_lock); + write_sequnlock(&rename_lock); + + BUG_ON(retval == NULL); @@ -53808,7 +54174,7 @@ index 0000000..7a5922f + + if (gr_usermode->mode != GR_SPROLE && gr_usermode->mode != GR_STATUS && + gr_usermode->mode != GR_UNSPROLE && gr_usermode->mode != GR_SPROLEPAM && -+ current_uid()) { ++ !uid_eq(current_uid(), GLOBAL_ROOT_UID)) { + error = -EPERM; + goto out; + } @@ -54272,7 +54638,7 @@ index 0000000..7a5922f + tmp = tmp->real_parent; + } + -+ if (!filp || (tmp->pid == 0 && ((grsec_enable_harden_ptrace && current_uid() && !(gr_status & GR_READY)) || ++ if (!filp || (tmp->pid == 0 && ((grsec_enable_harden_ptrace && !uid_eq(current_uid(), GLOBAL_ROOT_UID) && !(gr_status & GR_READY)) || + ((gr_status & GR_READY) && !(current->acl->mode & GR_RELAXPTRACE))))) { + read_unlock(&grsec_exec_file_lock); + read_unlock(&tasklist_lock); @@ -54334,7 +54700,7 @@ index 0000000..7a5922f + tmp = tmp->real_parent; + } + -+ if (tmp->pid == 0 && ((grsec_enable_harden_ptrace && current_uid() && !(gr_status & GR_READY)) || ++ if (tmp->pid == 0 && ((grsec_enable_harden_ptrace && !uid_eq(current_uid(), GLOBAL_ROOT_UID) && !(gr_status & GR_READY)) || + ((gr_status & GR_READY) && !(current->acl->mode & GR_RELAXPTRACE)))) { + read_unlock(&tasklist_lock); + gr_log_ptrace(GR_DONT_AUDIT, GR_PTRACE_ACL_MSG, task); @@ -54546,10 +54912,10 @@ index 0000000..7a5922f +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP) + cred = __task_cred(task); +#ifdef CONFIG_GRKERNSEC_PROC_USER -+ if (cred->uid != 0) ++ if (!uid_eq(cred->uid, GLOBAL_ROOT_UID)) + ret = -EACCES; +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP) -+ if (cred->uid != 0 && !groups_search(cred->group_info, CONFIG_GRKERNSEC_PROC_GID)) ++ if (!uid_eq(cred->uid, GLOBAL_ROOT_UID) && !groups_search(cred->group_info, CONFIG_GRKERNSEC_PROC_GID)) + ret = -EACCES; +#endif +#endif @@ -56013,7 +56379,7 @@ index 0000000..39645c9 +} diff --git a/grsecurity/gracl_segv.c b/grsecurity/gracl_segv.c new file mode 100644 -index 0000000..5556be3 +index 0000000..25197e9 --- /dev/null +++ b/grsecurity/gracl_segv.c @@ -0,0 +1,299 @@ @@ -56182,11 +56548,11 @@ index 0000000..5556be3 +static __inline__ int +proc_is_setxid(const struct cred *cred) +{ -+ if (cred->uid != cred->euid || cred->uid != cred->suid || -+ cred->uid != cred->fsuid) ++ if (!uid_eq(cred->uid, cred->euid) || !uid_eq(cred->uid, cred->suid) || ++ !uid_eq(cred->uid, cred->fsuid)) + return 1; -+ if (cred->gid != cred->egid || cred->gid != cred->sgid || -+ cred->gid != cred->fsgid) ++ if (!uid_eq(cred->gid, cred->egid) || !uid_eq(cred->gid, cred->sgid) || ++ !uid_eq(cred->gid, cred->fsgid)) + return 1; + + return 0; @@ -56227,7 +56593,7 @@ index 0000000..5556be3 + time_after(curr->expires, get_seconds())) { + rcu_read_lock(); + cred = __task_cred(task); -+ if (cred->uid && proc_is_setxid(cred)) { ++ if (!uid_eq(cred->uid, GLOBAL_ROOT_UID) && proc_is_setxid(cred)) { + gr_log_crash1(GR_DONT_AUDIT, GR_SEGVSTART_ACL_MSG, task, curr->res[GR_CRASH_RES].rlim_max); + spin_lock(&gr_uid_lock); + gr_insert_uid(cred->uid, curr->expires); @@ -56237,7 +56603,7 @@ index 0000000..5556be3 + read_lock(&tasklist_lock); + do_each_thread(tsk2, tsk) { + cred2 = __task_cred(tsk); -+ if (tsk != task && cred2->uid == cred->uid) ++ if (tsk != task && uid_eq(cred2->uid, cred->uid)) + gr_fake_force_sig(SIGKILL, tsk); + } while_each_thread(tsk2, tsk); + read_unlock(&tasklist_lock); @@ -57734,7 +58100,7 @@ index 0000000..05a6015 +} diff --git a/grsecurity/grsec_link.c b/grsecurity/grsec_link.c new file mode 100644 -index 0000000..35a96d1 +index 0000000..a225b02 --- /dev/null +++ b/grsecurity/grsec_link.c @@ -0,0 +1,59 @@ @@ -57751,8 +58117,8 @@ index 0000000..35a96d1 + + if (grsec_enable_symlinkown && in_group_p(grsec_symlinkown_gid) && + /* ignore root-owned links, e.g. /proc/self */ -+ link_inode->i_uid && -+ link_inode->i_uid != target->i_uid) { ++ !uid_eq(link_inode->i_uid, GLOBAL_ROOT_UID) && target && ++ !uid_eq(link_inode->i_uid, target->i_uid)) { + gr_log_fs_int2(GR_DONT_AUDIT, GR_SYMLINKOWNER_MSG, link->dentry, link->mnt, link_inode->i_uid, target->i_uid); + return 1; + } @@ -57769,8 +58135,8 @@ index 0000000..35a96d1 + const struct cred *cred = current_cred(); + + if (grsec_enable_link && S_ISLNK(inode->i_mode) && -+ (parent->i_mode & S_ISVTX) && (parent->i_uid != inode->i_uid) && -+ (parent->i_mode & S_IWOTH) && (cred->fsuid != inode->i_uid)) { ++ (parent->i_mode & S_ISVTX) && !uid_eq(parent->i_uid, inode->i_uid) && ++ (parent->i_mode & S_IWOTH) && !uid_eq(cred->fsuid, inode->i_uid)) { + gr_log_fs_int2(GR_DONT_AUDIT, GR_SYMLINK_MSG, dentry, mnt, inode->i_uid, inode->i_gid); + return -EACCES; + } @@ -57786,11 +58152,11 @@ index 0000000..35a96d1 +#ifdef CONFIG_GRKERNSEC_LINK + const struct cred *cred = current_cred(); + -+ if (grsec_enable_link && cred->fsuid != inode->i_uid && ++ if (grsec_enable_link && !uid_eq(cred->fsuid, inode->i_uid) && + (!S_ISREG(mode) || (mode & S_ISUID) || + ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) || + (inode_permission(inode, MAY_READ | MAY_WRITE))) && -+ !capable(CAP_FOWNER) && cred->uid) { ++ !capable(CAP_FOWNER) && !uid_eq(cred->uid, GLOBAL_ROOT_UID)) { + gr_log_fs_int2_str(GR_DONT_AUDIT, GR_HARDLINK_MSG, dentry, mnt, inode->i_uid, inode->i_gid, to); + return -EPERM; + } @@ -58319,10 +58685,10 @@ index 0000000..f7f29aa +} diff --git a/grsecurity/grsec_sig.c b/grsecurity/grsec_sig.c new file mode 100644 -index 0000000..7a5b2de +index 0000000..b4ac94c --- /dev/null +++ b/grsecurity/grsec_sig.c -@@ -0,0 +1,207 @@ +@@ -0,0 +1,209 @@ +#include +#include +#include @@ -58413,7 +58779,7 @@ index 0000000..7a5b2de +void gr_handle_brute_attach(struct task_struct *p, unsigned long mm_flags) +{ +#ifdef CONFIG_GRKERNSEC_BRUTE -+ uid_t uid = 0; ++ kuid_t uid = GLOBAL_ROOT_UID; + + if (!grsec_enable_brute) + return; @@ -58427,7 +58793,7 @@ index 0000000..7a5b2de + const struct cred *cred = __task_cred(p), *cred2; + struct task_struct *tsk, *tsk2; + -+ if (!__get_dumpable(mm_flags) && cred->uid) { ++ if (!__get_dumpable(mm_flags) && !uid_eq(cred->uid, GLOBAL_ROOT_UID)) { + struct user_struct *user; + + uid = cred->uid; @@ -58443,7 +58809,7 @@ index 0000000..7a5b2de + + do_each_thread(tsk2, tsk) { + cred2 = __task_cred(tsk); -+ if (tsk != p && cred2->uid == uid) ++ if (tsk != p && uid_eq(cred2->uid, uid)) + gr_fake_force_sig(SIGKILL, tsk); + } while_each_thread(tsk2, tsk); + } @@ -58453,8 +58819,9 @@ index 0000000..7a5b2de + read_unlock(&tasklist_lock); + rcu_read_unlock(); + -+ if (uid) -+ printk(KERN_ALERT "grsec: bruteforce prevention initiated against uid %u, banning for %d minutes\n", uid, GR_USER_BAN_TIME / 60); ++ if (!uid_eq(uid, GLOBAL_ROOT_UID)) ++ printk(KERN_ALERT "grsec: bruteforce prevention initiated against uid %u, banning for %d minutes\n", ++ from_kuid_munged(&init_user_ns, uid), GR_USER_BAN_TIME / 60); + +#endif + return; @@ -58475,21 +58842,22 @@ index 0000000..7a5b2de + const struct cred *cred; + struct task_struct *tsk, *tsk2; + struct user_struct *user; -+ uid_t uid; ++ kuid_t uid; + + if (in_irq() || in_serving_softirq() || in_nmi()) + panic("grsec: halting the system due to suspicious kernel crash caused in interrupt context"); + + uid = current_uid(); + -+ if (uid == 0) ++ if (uid_eq(uid, GLOBAL_ROOT_UID)) + panic("grsec: halting the system due to suspicious kernel crash caused by root"); + else { + /* kill all the processes of this user, hold a reference + to their creds struct, and prevent them from creating + another process until system reset + */ -+ printk(KERN_ALERT "grsec: banning user with uid %u until system restart for suspicious kernel crash\n", uid); ++ printk(KERN_ALERT "grsec: banning user with uid %u until system restart for suspicious kernel crash\n", ++ from_kuid_munged(&init_user_ns, uid)); + /* we intentionally leak this ref */ + user = get_uid(current->cred->user); + if (user) { @@ -58500,7 +58868,7 @@ index 0000000..7a5b2de + read_lock(&tasklist_lock); + do_each_thread(tsk2, tsk) { + cred = __task_cred(tsk); -+ if (cred->uid == uid) ++ if (uid_eq(cred->uid, uid)) + gr_fake_force_sig(SIGKILL, tsk); + } while_each_thread(tsk2, tsk); + read_unlock(&tasklist_lock); @@ -59424,10 +59792,10 @@ index 0000000..9f7b1ac + return retval; +} diff --git a/include/acpi/acpi_bus.h b/include/acpi/acpi_bus.h -index f1c8ca6..b5c1cc7 100644 +index 9e6e1c6..d47b906 100644 --- a/include/acpi/acpi_bus.h +++ b/include/acpi/acpi_bus.h -@@ -107,7 +107,7 @@ struct acpi_device_ops { +@@ -138,7 +138,7 @@ struct acpi_device_ops { acpi_op_bind bind; acpi_op_unbind unbind; acpi_op_notify notify; @@ -59926,10 +60294,10 @@ index 810431d..0ec4804f 100644 * (puds are folded into pgds so this doesn't get actually called, * but the define is needed for a generic inline function.) diff --git a/include/asm-generic/pgtable.h b/include/asm-generic/pgtable.h -index c7ec2cd..909d125 100644 +index ff4947b..f48183f 100644 --- a/include/asm-generic/pgtable.h +++ b/include/asm-generic/pgtable.h -@@ -531,6 +531,14 @@ static inline int pmd_trans_unstable(pmd_t *pmd) +@@ -530,6 +530,14 @@ static inline int pmd_trans_unstable(pmd_t *pmd) #endif } @@ -59945,7 +60313,7 @@ index c7ec2cd..909d125 100644 #endif /* !__ASSEMBLY__ */ diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h -index 8aeadf6..f1dc019 100644 +index 4e2e1cc..12c266b 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h @@ -218,6 +218,7 @@ @@ -59980,7 +60348,7 @@ index 8aeadf6..f1dc019 100644 /** * PERCPU_SECTION - define output section for percpu area, simple version diff --git a/include/drm/drmP.h b/include/drm/drmP.h -index dd73104..fde86bd 100644 +index 31ad880..4e79884 100644 --- a/include/drm/drmP.h +++ b/include/drm/drmP.h @@ -72,6 +72,7 @@ @@ -60010,27 +60378,27 @@ index dd73104..fde86bd 100644 struct list_head filelist; diff --git a/include/drm/drm_crtc_helper.h b/include/drm/drm_crtc_helper.h -index 37515d1..34fa8b0 100644 +index 7988e55..ec974c9 100644 --- a/include/drm/drm_crtc_helper.h +++ b/include/drm/drm_crtc_helper.h -@@ -74,7 +74,7 @@ struct drm_crtc_helper_funcs { +@@ -81,7 +81,7 @@ struct drm_crtc_helper_funcs { /* disable crtc when not in use - more explicit than dpms off */ void (*disable)(struct drm_crtc *crtc); -}; +} __no_const; - struct drm_encoder_helper_funcs { - void (*dpms)(struct drm_encoder *encoder, int mode); -@@ -95,7 +95,7 @@ struct drm_encoder_helper_funcs { + /** + * drm_encoder_helper_funcs - helper operations for encoders +@@ -109,7 +109,7 @@ struct drm_encoder_helper_funcs { struct drm_connector *connector); /* disable encoder when not in use - more explicit than dpms off */ void (*disable)(struct drm_encoder *encoder); -}; +} __no_const; - struct drm_connector_helper_funcs { - int (*get_modes)(struct drm_connector *connector); + /** + * drm_connector_helper_funcs - helper operations for connectors diff --git a/include/drm/ttm/ttm_memory.h b/include/drm/ttm/ttm_memory.h index d6d1da4..fdd1ac5 100644 --- a/include/drm/ttm/ttm_memory.h @@ -60089,10 +60457,10 @@ index 366422b..1fa7f84 100644 }; diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h -index 4d4ac24..2c3ccce 100644 +index 07954b0..cb2ae71 100644 --- a/include/linux/blkdev.h +++ b/include/linux/blkdev.h -@@ -1376,7 +1376,7 @@ struct block_device_operations { +@@ -1393,7 +1393,7 @@ struct block_device_operations { /* this callback is with swap_lock and sometimes page table lock held */ void (*swap_slot_free_notify) (struct block_device *, unsigned long); struct module *owner; @@ -60198,15 +60566,16 @@ index 4c57065..4307975 100644 #define ____cacheline_aligned __attribute__((__aligned__(SMP_CACHE_BYTES))) #endif diff --git a/include/linux/capability.h b/include/linux/capability.h -index 12d52de..b5f7fa7 100644 +index d10b7ed..11390a1 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h -@@ -548,6 +548,8 @@ extern bool has_ns_capability_noaudit(struct task_struct *t, - extern bool capable(int cap); +@@ -553,6 +553,9 @@ extern bool capable(int cap); extern bool ns_capable(struct user_namespace *ns, int cap); extern bool nsown_capable(int cap); + extern bool inode_capable(const struct inode *inode, int cap); +extern bool capable_nolog(int cap); +extern bool ns_capable_nolog(struct user_namespace *ns, int cap); ++extern bool inode_capable_nolog(const struct inode *inode, int cap); /* audit system wants to get cap info from files as well */ extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps); @@ -60223,6 +60592,18 @@ index 42e55de..1cd0e66 100644 extern struct cleancache_ops cleancache_register_ops(struct cleancache_ops *ops); +diff --git a/include/linux/clk-provider.h b/include/linux/clk-provider.h +index 4a0b483..f1f70ba 100644 +--- a/include/linux/clk-provider.h ++++ b/include/linux/clk-provider.h +@@ -110,6 +110,7 @@ struct clk_ops { + unsigned long); + void (*init)(struct clk_hw *hw); + }; ++typedef struct clk_ops __no_const clk_ops_no_const; + + /** + * struct clk_init_data - holds init data that's common to all clocks and is diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h index 2f40791..9c9e13c 100644 --- a/include/linux/compiler-gcc4.h @@ -60393,10 +60774,10 @@ index 923d093..1fef491 100644 #endif /* __LINUX_COMPILER_H */ diff --git a/include/linux/cred.h b/include/linux/cred.h -index adadf71..6af5560 100644 +index ebbed2c..908cc2c 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h -@@ -207,6 +207,9 @@ static inline void validate_creds_for_do_exit(struct task_struct *tsk) +@@ -208,6 +208,9 @@ static inline void validate_creds_for_do_exit(struct task_struct *tsk) static inline void validate_process_creds(void) { } @@ -60551,10 +60932,10 @@ index 999b4f5..57753b4 100644 #endif diff --git a/include/linux/filter.h b/include/linux/filter.h -index 8eeb205..d59bfa2 100644 +index 82b0135..917914d 100644 --- a/include/linux/filter.h +++ b/include/linux/filter.h -@@ -134,6 +134,7 @@ struct sock_fprog { /* Required for SO_ATTACH_FILTER. */ +@@ -146,6 +146,7 @@ struct compat_sock_fprog { struct sk_buff; struct sock; @@ -60562,7 +60943,7 @@ index 8eeb205..d59bfa2 100644 struct sk_filter { -@@ -141,6 +142,9 @@ struct sk_filter +@@ -153,6 +154,9 @@ struct sk_filter unsigned int len; /* Number of filter blocks */ unsigned int (*bpf_func)(const struct sk_buff *skb, const struct sock_filter *filter); @@ -60573,10 +60954,10 @@ index 8eeb205..d59bfa2 100644 struct sock_filter insns[0]; }; diff --git a/include/linux/firewire.h b/include/linux/firewire.h -index cdc9b71..ce69fb5 100644 +index 7edcf10..714d5e8 100644 --- a/include/linux/firewire.h +++ b/include/linux/firewire.h -@@ -413,7 +413,7 @@ struct fw_iso_context { +@@ -430,7 +430,7 @@ struct fw_iso_context { union { fw_iso_callback_t sc; fw_iso_mc_callback_t mc; @@ -60585,11 +60966,24 @@ index cdc9b71..ce69fb5 100644 void *callback_data; }; +diff --git a/include/linux/frontswap.h b/include/linux/frontswap.h +index 0e4e2ee..4ff4312 100644 +--- a/include/linux/frontswap.h ++++ b/include/linux/frontswap.h +@@ -11,7 +11,7 @@ struct frontswap_ops { + int (*load)(unsigned, pgoff_t, struct page *); + void (*invalidate_page)(unsigned, pgoff_t); + void (*invalidate_area)(unsigned); +-}; ++} __no_const; + + extern bool frontswap_enabled; + extern struct frontswap_ops diff --git a/include/linux/fs.h b/include/linux/fs.h -index 25c40b9..1bfd4f4 100644 +index 17fd887..8eebca0 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h -@@ -1634,7 +1634,8 @@ struct file_operations { +@@ -1663,7 +1663,8 @@ struct file_operations { int (*setlease)(struct file *, long, struct file_lock **); long (*fallocate)(struct file *file, int mode, loff_t offset, loff_t len); @@ -60648,7 +61042,7 @@ index a6dfe69..569586df 100644 /* diff --git a/include/linux/fsnotify_backend.h b/include/linux/fsnotify_backend.h -index 91d0e0a3..035666b 100644 +index 63d966d..cdcb717 100644 --- a/include/linux/fsnotify_backend.h +++ b/include/linux/fsnotify_backend.h @@ -105,6 +105,7 @@ struct fsnotify_ops { @@ -60695,7 +61089,7 @@ index 017a7fb..33a8507 100644 #ifdef CONFIG_BLK_DEV_INTEGRITY struct blk_integrity *integrity; diff --git a/include/linux/gfp.h b/include/linux/gfp.h -index 581e74b..8c34a24 100644 +index 1e49be4..b8a9305 100644 --- a/include/linux/gfp.h +++ b/include/linux/gfp.h @@ -38,6 +38,12 @@ struct vm_area_struct; @@ -61833,10 +62227,10 @@ index 0000000..e7ffaaf + +#endif diff --git a/include/linux/hid.h b/include/linux/hid.h -index 3a95da6..51986f1 100644 +index 449fa38..b37c8cc 100644 --- a/include/linux/hid.h +++ b/include/linux/hid.h -@@ -696,7 +696,7 @@ struct hid_ll_driver { +@@ -704,7 +704,7 @@ struct hid_ll_driver { unsigned int code, int value); int (*parse)(struct hid_device *hdev); @@ -61869,10 +62263,10 @@ index d3999b4..1304cb4 100644 unsigned start1, unsigned end1, unsigned start2, unsigned end2) diff --git a/include/linux/i2c.h b/include/linux/i2c.h -index 195d8b3..e20cfab 100644 +index ddfa041..a44cfff 100644 --- a/include/linux/i2c.h +++ b/include/linux/i2c.h -@@ -365,6 +365,7 @@ struct i2c_algorithm { +@@ -366,6 +366,7 @@ struct i2c_algorithm { /* To determine what the adapter supports */ u32 (*functionality) (struct i2c_adapter *); }; @@ -61894,10 +62288,10 @@ index d23c3c2..eb63c81 100644 and pointers */ #endif diff --git a/include/linux/if_team.h b/include/linux/if_team.h -index 58404b0..439ed95 100644 +index 8185f57..7b2d222 100644 --- a/include/linux/if_team.h +++ b/include/linux/if_team.h -@@ -64,6 +64,7 @@ struct team_mode_ops { +@@ -74,6 +74,7 @@ struct team_mode_ops { void (*port_leave)(struct team *team, struct team_port *port); void (*port_change_mac)(struct team *team, struct team_port *port); }; @@ -61905,8 +62299,8 @@ index 58404b0..439ed95 100644 enum team_option_type { TEAM_OPTION_TYPE_U32, -@@ -112,7 +113,7 @@ struct team { - struct list_head option_list; +@@ -136,7 +137,7 @@ struct team { + struct list_head option_inst_list; /* list of option instances */ const struct team_mode *mode; - struct team_mode_ops ops; @@ -61979,7 +62373,7 @@ index 6b95109..bcbdd68 100644 void cleanup_module(void) __attribute__((alias(#exitfn))); diff --git a/include/linux/init_task.h b/include/linux/init_task.h -index e4baff5..83bb175 100644 +index 9e65eff..b131e8b 100644 --- a/include/linux/init_task.h +++ b/include/linux/init_task.h @@ -134,6 +134,12 @@ extern struct cred init_cred; @@ -62017,10 +62411,10 @@ index e6ca56d..8583707 100644 enum { SR_DMAR_FECTL_REG, diff --git a/include/linux/interrupt.h b/include/linux/interrupt.h -index 2aea5d2..0b82f0c 100644 +index e68a8e5..811b9af 100644 --- a/include/linux/interrupt.h +++ b/include/linux/interrupt.h -@@ -439,7 +439,7 @@ enum +@@ -435,7 +435,7 @@ enum /* map softirq index to softirq name. update 'softirq_to_name' in * kernel/softirq.c when adding a new softirq. */ @@ -62029,7 +62423,7 @@ index 2aea5d2..0b82f0c 100644 /* softirq mask and active fields moved to irq_cpustat_t in * asm/hardirq.h to get better cache usage. KAO -@@ -447,12 +447,12 @@ extern char *softirq_to_name[NR_SOFTIRQS]; +@@ -443,12 +443,12 @@ extern char *softirq_to_name[NR_SOFTIRQS]; struct softirq_action { @@ -62045,7 +62439,7 @@ index 2aea5d2..0b82f0c 100644 extern void __raise_softirq_irqoff(unsigned int nr); diff --git a/include/linux/kallsyms.h b/include/linux/kallsyms.h -index 3875719..4cd454c 100644 +index 6883e19..06992b1 100644 --- a/include/linux/kallsyms.h +++ b/include/linux/kallsyms.h @@ -15,7 +15,8 @@ @@ -62058,7 +62452,7 @@ index 3875719..4cd454c 100644 /* Lookup the address for a symbol. Returns 0 if not found. */ unsigned long kallsyms_lookup_name(const char *name); -@@ -99,6 +100,16 @@ static inline int lookup_symbol_attrs(unsigned long addr, unsigned long *size, u +@@ -106,6 +107,17 @@ static inline int lookup_symbol_attrs(unsigned long addr, unsigned long *size, u /* Stupid that this does nothing, but I didn't create this mess. */ #define __print_symbol(fmt, addr) #endif /*CONFIG_KALLSYMS*/ @@ -62067,6 +62461,7 @@ index 3875719..4cd454c 100644 +extern void __print_symbol(const char *fmt, unsigned long address); +extern int sprint_backtrace(char *buffer, unsigned long address); +extern int sprint_symbol(char *buffer, unsigned long address); ++extern int sprint_symbol_no_offset(char *buffer, unsigned long address); +const char *kallsyms_lookup(unsigned long addr, + unsigned long *symbolsize, + unsigned long *offset, @@ -62107,7 +62502,7 @@ index c4d2fc1..5df9c19 100644 extern struct kgdb_arch arch_kgdb_ops; diff --git a/include/linux/kmod.h b/include/linux/kmod.h -index dd99c32..da06047 100644 +index 5398d58..5883a34 100644 --- a/include/linux/kmod.h +++ b/include/linux/kmod.h @@ -34,6 +34,8 @@ extern char modprobe_path[]; /* for sysctl */ @@ -62133,10 +62528,10 @@ index 9c07dce..a92fa71 100644 if (atomic_sub_and_test((int) count, &kref->refcount)) { release(kref); diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h -index 72cbf08..dd0201d 100644 +index 96c158a..1864db5 100644 --- a/include/linux/kvm_host.h +++ b/include/linux/kvm_host.h -@@ -322,7 +322,7 @@ void kvm_vcpu_uninit(struct kvm_vcpu *vcpu); +@@ -345,7 +345,7 @@ void kvm_vcpu_uninit(struct kvm_vcpu *vcpu); void vcpu_load(struct kvm_vcpu *vcpu); void vcpu_put(struct kvm_vcpu *vcpu); @@ -62145,7 +62540,7 @@ index 72cbf08..dd0201d 100644 struct module *module); void kvm_exit(void); -@@ -486,7 +486,7 @@ int kvm_arch_vcpu_ioctl_set_guest_debug(struct kvm_vcpu *vcpu, +@@ -511,7 +511,7 @@ int kvm_arch_vcpu_ioctl_set_guest_debug(struct kvm_vcpu *vcpu, struct kvm_guest_debug *dbg); int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run); @@ -62167,19 +62562,6 @@ index 6e887c7..4539601 100644 struct ata_port_info { unsigned long flags; -diff --git a/include/linux/mca.h b/include/linux/mca.h -index 3797270..7765ede 100644 ---- a/include/linux/mca.h -+++ b/include/linux/mca.h -@@ -80,7 +80,7 @@ struct mca_bus_accessor_functions { - int region); - void * (*mca_transform_memory)(struct mca_device *, - void *memory); --}; -+} __no_const; - - struct mca_bus { - u64 default_dma_mask; diff --git a/include/linux/memory.h b/include/linux/memory.h index 1ac7f6e..a5794d0 100644 --- a/include/linux/memory.h @@ -62194,10 +62576,10 @@ index 1ac7f6e..a5794d0 100644 /* * Kernel text modification mutex, used for code patching. Users of this lock diff --git a/include/linux/mfd/abx500.h b/include/linux/mfd/abx500.h -index ee96cd5..7823c3a 100644 +index 1318ca6..7521340 100644 --- a/include/linux/mfd/abx500.h +++ b/include/linux/mfd/abx500.h -@@ -455,6 +455,7 @@ struct abx500_ops { +@@ -452,6 +452,7 @@ struct abx500_ops { int (*event_registers_startup_state_get) (struct device *, u8 *); int (*startup_irq_enabled) (struct device *, unsigned int); }; @@ -62219,7 +62601,7 @@ index 9b07725..3d55001 100644 /** * struct ux500_charger - power supply ux500 charger sub class diff --git a/include/linux/mm.h b/include/linux/mm.h -index 74aa71b..4ae97ba 100644 +index f9f279c..198da78 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -116,7 +116,14 @@ extern unsigned int kobjsize(const void *objp); @@ -62237,7 +62619,7 @@ index 74aa71b..4ae97ba 100644 #define VM_PFN_AT_MMAP 0x40000000 /* PFNMAP vma that is fully mapped at mmap time */ #define VM_MERGEABLE 0x80000000 /* KSM may merge identical pages */ -@@ -1013,34 +1020,6 @@ int set_page_dirty(struct page *page); +@@ -1009,34 +1016,6 @@ int set_page_dirty(struct page *page); int set_page_dirty_lock(struct page *page); int clear_page_dirty_for_io(struct page *page); @@ -62272,7 +62654,7 @@ index 74aa71b..4ae97ba 100644 extern pid_t vm_is_stack(struct task_struct *task, struct vm_area_struct *vma, int in_group); -@@ -1139,6 +1118,15 @@ static inline void sync_mm_rss(struct mm_struct *mm) +@@ -1135,6 +1114,15 @@ static inline void sync_mm_rss(struct mm_struct *mm) } #endif @@ -62288,7 +62670,7 @@ index 74aa71b..4ae97ba 100644 int vma_wants_writenotify(struct vm_area_struct *vma); extern pte_t *__get_locked_pte(struct mm_struct *mm, unsigned long addr, -@@ -1157,8 +1145,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, +@@ -1153,8 +1141,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, { return 0; } @@ -62304,7 +62686,7 @@ index 74aa71b..4ae97ba 100644 #endif #ifdef __PAGETABLE_PMD_FOLDED -@@ -1167,8 +1162,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud, +@@ -1163,8 +1158,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud, { return 0; } @@ -62320,7 +62702,7 @@ index 74aa71b..4ae97ba 100644 #endif int __pte_alloc(struct mm_struct *mm, struct vm_area_struct *vma, -@@ -1186,11 +1188,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a +@@ -1182,11 +1184,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a NULL: pud_offset(pgd, address); } @@ -62344,7 +62726,7 @@ index 74aa71b..4ae97ba 100644 #endif /* CONFIG_MMU && !__ARCH_HAS_4LEVEL_HACK */ #if USE_SPLIT_PTLOCKS -@@ -1400,6 +1414,7 @@ extern unsigned long do_mmap(struct file *, unsigned long, +@@ -1396,6 +1410,7 @@ extern unsigned long do_mmap_pgoff(struct file *, unsigned long, unsigned long, unsigned long, unsigned long, unsigned long); extern int do_munmap(struct mm_struct *, unsigned long, size_t); @@ -62352,7 +62734,7 @@ index 74aa71b..4ae97ba 100644 /* These take the mm semaphore themselves */ extern unsigned long vm_brk(unsigned long, unsigned long); -@@ -1462,6 +1477,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add +@@ -1458,6 +1473,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr, struct vm_area_struct **pprev); @@ -62363,7 +62745,7 @@ index 74aa71b..4ae97ba 100644 /* Look up the first VMA which intersects the interval start_addr..end_addr-1, NULL if none. Assume start_addr < end_addr. */ static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * mm, unsigned long start_addr, unsigned long end_addr) -@@ -1490,15 +1509,6 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm, +@@ -1486,15 +1505,6 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm, return vma; } @@ -62379,7 +62761,7 @@ index 74aa71b..4ae97ba 100644 struct vm_area_struct *find_extend_vma(struct mm_struct *, unsigned long addr); int remap_pfn_range(struct vm_area_struct *, unsigned long addr, unsigned long pfn, unsigned long size, pgprot_t); -@@ -1602,7 +1612,7 @@ extern int unpoison_memory(unsigned long pfn); +@@ -1599,7 +1609,7 @@ extern int unpoison_memory(unsigned long pfn); extern int sysctl_memory_failure_early_kill; extern int sysctl_memory_failure_recovery; extern void shake_page(struct page *p, int access); @@ -62388,7 +62770,7 @@ index 74aa71b..4ae97ba 100644 extern int soft_offline_page(struct page *page, int flags); extern void dump_page(struct page *page); -@@ -1633,5 +1643,11 @@ static inline unsigned int debug_guardpage_minorder(void) { return 0; } +@@ -1630,5 +1640,11 @@ static inline unsigned int debug_guardpage_minorder(void) { return 0; } static inline bool page_is_guard(struct page *page) { return false; } #endif /* CONFIG_DEBUG_PAGEALLOC */ @@ -62401,10 +62783,10 @@ index 74aa71b..4ae97ba 100644 #endif /* __KERNEL__ */ #endif /* _LINUX_MM_H */ diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h -index b35752f..41075a0 100644 +index 704a626..bb0705a 100644 --- a/include/linux/mm_types.h +++ b/include/linux/mm_types.h -@@ -262,6 +262,8 @@ struct vm_area_struct { +@@ -263,6 +263,8 @@ struct vm_area_struct { #ifdef CONFIG_NUMA struct mempolicy *vm_policy; /* NUMA policy for the VMA */ #endif @@ -62413,7 +62795,7 @@ index b35752f..41075a0 100644 }; struct core_thread { -@@ -336,7 +338,7 @@ struct mm_struct { +@@ -337,7 +339,7 @@ struct mm_struct { unsigned long def_flags; unsigned long nr_ptes; /* Page table pages */ unsigned long start_code, end_code, start_data, end_data; @@ -62422,12 +62804,12 @@ index b35752f..41075a0 100644 unsigned long arg_start, arg_end, env_start, env_end; unsigned long saved_auxv[AT_VECTOR_SIZE]; /* for /proc/PID/auxv */ -@@ -398,6 +400,24 @@ struct mm_struct { - #ifdef CONFIG_CPUMASK_OFFSTACK +@@ -389,6 +391,24 @@ struct mm_struct { struct cpumask cpumask_allocation; #endif + struct uprobes_state uprobes_state; + -+#if defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS) || defined(CONFIG_PAX_XATTR_PAX_FLAGS) || defined(CONFIG_PAX_HAVE_ACL_FLAGS) || defined(CONFIG_PAX_HOOK_ACL_FLAGS) ++#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR) + unsigned long pax_flags; +#endif + @@ -62468,10 +62850,10 @@ index 1d1b1e1..2a13c78 100644 #define pmdp_clear_flush_notify(__vma, __address, __pmdp) \ diff --git a/include/linux/mmzone.h b/include/linux/mmzone.h -index 5f6806b..49db2b2 100644 +index 68c569f..5f43753 100644 --- a/include/linux/mmzone.h +++ b/include/linux/mmzone.h -@@ -380,7 +380,7 @@ struct zone { +@@ -411,7 +411,7 @@ struct zone { unsigned long flags; /* zone flags, see below */ /* Zone statistics */ @@ -62481,7 +62863,7 @@ index 5f6806b..49db2b2 100644 /* * The target ratio of ACTIVE_ANON to INACTIVE_ANON pages on diff --git a/include/linux/mod_devicetable.h b/include/linux/mod_devicetable.h -index 501da4c..ba79bb4 100644 +index 5db9382..50e801d 100644 --- a/include/linux/mod_devicetable.h +++ b/include/linux/mod_devicetable.h @@ -12,7 +12,7 @@ @@ -62499,9 +62881,9 @@ index 501da4c..ba79bb4 100644 -#define HID_ANY_ID (~0) +#define HID_ANY_ID (~0U) + #define HID_BUS_ANY 0xffff + #define HID_GROUP_ANY 0x0000 - struct hid_device_id { - __u16 bus; diff --git a/include/linux/module.h b/include/linux/module.h index fbcafe2..e5d9587 100644 --- a/include/linux/module.h @@ -62630,7 +63012,7 @@ index b2be02e..72d2f78 100644 or 0. */ int apply_relocate(Elf_Shdr *sechdrs, diff --git a/include/linux/moduleparam.h b/include/linux/moduleparam.h -index 944bc18..042d291 100644 +index d6a5806..7c13347 100644 --- a/include/linux/moduleparam.h +++ b/include/linux/moduleparam.h @@ -286,7 +286,7 @@ static inline void __kernel_param_unlock(void) @@ -62642,7 +63024,7 @@ index 944bc18..042d291 100644 = { len, string }; \ __module_param_call(MODULE_PARAM_PREFIX, name, \ ¶m_ops_string, \ -@@ -424,7 +424,7 @@ extern int param_set_bint(const char *val, const struct kernel_param *kp); +@@ -425,7 +425,7 @@ extern int param_set_bint(const char *val, const struct kernel_param *kp); */ #define module_param_array_named(name, array, type, nump, perm) \ param_check_##type(name, &(array)[0]); \ @@ -62680,18 +63062,18 @@ index ffc0213..2c1f2cb 100644 return nd->saved_names[nd->depth]; } diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h -index 33900a5..2072000 100644 +index d94cb14..e64c951 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h -@@ -1003,6 +1003,7 @@ struct net_device_ops { - int (*ndo_neigh_construct)(struct neighbour *n); - void (*ndo_neigh_destroy)(struct neighbour *n); +@@ -1026,6 +1026,7 @@ struct net_device_ops { + struct net_device *dev, + int idx); }; +typedef struct net_device_ops __no_const net_device_ops_no_const; /* * The DEVICE structure. -@@ -1064,7 +1065,7 @@ struct net_device { +@@ -1087,7 +1088,7 @@ struct net_device { int iflink; struct net_device_stats stats; @@ -62745,7 +63127,7 @@ index a4c5624..79d6d88 100644 /** create a directory */ struct dentry * oprofilefs_mkdir(struct super_block * sb, struct dentry * root, diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h -index ddbb6a9..be1680e 100644 +index 45db49f..386788e 100644 --- a/include/linux/perf_event.h +++ b/include/linux/perf_event.h @@ -879,8 +879,8 @@ struct perf_event { @@ -62800,7 +63182,7 @@ index e1ac1ce..0675fed 100644 unsigned int w_counter; struct page *tmp_page; diff --git a/include/linux/pm_runtime.h b/include/linux/pm_runtime.h -index 609daae..5392427 100644 +index f271860..6b3bec5 100644 --- a/include/linux/pm_runtime.h +++ b/include/linux/pm_runtime.h @@ -97,7 +97,7 @@ static inline bool pm_runtime_callbacks_present(struct device *dev) @@ -62841,7 +63223,7 @@ index 5a710b9..0b0dab9 100644 /** * preempt_notifier - key for installing preemption notifiers diff --git a/include/linux/printk.h b/include/linux/printk.h -index 0525927..a5388b6 100644 +index 1bec2f7..b66e833 100644 --- a/include/linux/printk.h +++ b/include/linux/printk.h @@ -94,6 +94,8 @@ void early_printk(const char *fmt, ...); @@ -62851,9 +63233,9 @@ index 0525927..a5388b6 100644 +extern int kptr_restrict; + #ifdef CONFIG_PRINTK - asmlinkage __printf(1, 0) - int vprintk(const char *fmt, va_list args); -@@ -117,7 +119,6 @@ extern bool printk_timed_ratelimit(unsigned long *caller_jiffies, + asmlinkage __printf(5, 0) + int vprintk_emit(int facility, int level, +@@ -128,7 +130,6 @@ extern bool printk_timed_ratelimit(unsigned long *caller_jiffies, extern int printk_delay_msec; extern int dmesg_restrict; @@ -62862,7 +63244,7 @@ index 0525927..a5388b6 100644 void log_buf_kexec_setup(void); void __init setup_log_buf(int early); diff --git a/include/linux/proc_fs.h b/include/linux/proc_fs.h -index 85c5073..51fac8b 100644 +index 3fd2e87..d93a721 100644 --- a/include/linux/proc_fs.h +++ b/include/linux/proc_fs.h @@ -155,6 +155,18 @@ static inline struct proc_dir_entry *proc_create(const char *name, umode_t mode, @@ -62992,10 +63374,10 @@ index 6fdf027..ff72610 100644 #if defined(CONFIG_RFKILL) || defined(CONFIG_RFKILL_MODULE) /** diff --git a/include/linux/rio.h b/include/linux/rio.h -index 4d50611..c6858a2 100644 +index a90ebad..fd87b5d 100644 --- a/include/linux/rio.h +++ b/include/linux/rio.h -@@ -315,7 +315,7 @@ struct rio_ops { +@@ -321,7 +321,7 @@ struct rio_ops { int mbox, void *buffer, size_t len); int (*add_inb_buffer)(struct rio_mport *mport, int mbox, void *buf); void *(*get_inb_message)(struct rio_mport *mport, int mbox); @@ -63005,7 +63387,7 @@ index 4d50611..c6858a2 100644 #define RIO_RESOURCE_MEM 0x00000100 #define RIO_RESOURCE_DOORBELL 0x00000200 diff --git a/include/linux/rmap.h b/include/linux/rmap.h -index fd07c45..4676b8e 100644 +index 3fce545..b4fed6e 100644 --- a/include/linux/rmap.h +++ b/include/linux/rmap.h @@ -119,9 +119,9 @@ static inline void anon_vma_unlock(struct anon_vma *anon_vma) @@ -63021,10 +63403,10 @@ index fd07c45..4676b8e 100644 static inline void anon_vma_merge(struct vm_area_struct *vma, struct vm_area_struct *next) diff --git a/include/linux/sched.h b/include/linux/sched.h -index 7b06169..c92adbe 100644 +index 4a1f493..5812aeb 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h -@@ -100,6 +100,7 @@ struct bio_list; +@@ -101,6 +101,7 @@ struct bio_list; struct fs_struct; struct perf_event_context; struct blk_plug; @@ -63032,7 +63414,7 @@ index 7b06169..c92adbe 100644 /* * List of flags we want to share for kernel threads, -@@ -382,10 +383,13 @@ struct user_namespace; +@@ -384,10 +385,13 @@ struct user_namespace; #define DEFAULT_MAX_MAP_COUNT (USHRT_MAX - MAPCOUNT_ELF_CORE_MARGIN) extern int sysctl_max_map_count; @@ -63046,7 +63428,19 @@ index 7b06169..c92adbe 100644 extern void arch_pick_mmap_layout(struct mm_struct *mm); extern unsigned long arch_get_unmapped_area(struct file *, unsigned long, unsigned long, -@@ -643,6 +647,17 @@ struct signal_struct { +@@ -406,6 +410,11 @@ static inline void arch_pick_mmap_layout(struct mm_struct *mm) {} + extern void set_dumpable(struct mm_struct *mm, int value); + extern int get_dumpable(struct mm_struct *mm); + ++/* get/set_dumpable() values */ ++#define SUID_DUMPABLE_DISABLED 0 ++#define SUID_DUMPABLE_ENABLED 1 ++#define SUID_DUMPABLE_SAFE 2 ++ + /* mm flags */ + /* dumpable bits */ + #define MMF_DUMPABLE 0 /* core dump is permitted */ +@@ -646,6 +655,17 @@ struct signal_struct { #ifdef CONFIG_TASKSTATS struct taskstats *stats; #endif @@ -63064,7 +63458,7 @@ index 7b06169..c92adbe 100644 #ifdef CONFIG_AUDIT unsigned audit_tty; struct tty_audit_buf *tty_audit_buf; -@@ -726,6 +741,11 @@ struct user_struct { +@@ -729,6 +749,11 @@ struct user_struct { struct key *session_keyring; /* UID's default session keyring */ #endif @@ -63075,8 +63469,8 @@ index 7b06169..c92adbe 100644 + /* Hash table maintenance information */ struct hlist_node uidhash_node; - uid_t uid; -@@ -1386,8 +1406,8 @@ struct task_struct { + kuid_t uid; +@@ -1348,8 +1373,8 @@ struct task_struct { struct list_head thread_group; struct completion *vfork_done; /* for vfork() */ @@ -63087,7 +63481,7 @@ index 7b06169..c92adbe 100644 cputime_t utime, stime, utimescaled, stimescaled; cputime_t gtime; -@@ -1403,13 +1423,6 @@ struct task_struct { +@@ -1365,11 +1390,6 @@ struct task_struct { struct task_cputime cputime_expires; struct list_head cpu_timers[3]; @@ -63096,12 +63490,10 @@ index 7b06169..c92adbe 100644 - * credentials (COW) */ - const struct cred __rcu *cred; /* effective (overridable) subjective task - * credentials (COW) */ -- struct cred *replacement_session_keyring; /* for KEYCTL_SESSION_TO_PARENT */ -- char comm[TASK_COMM_LEN]; /* executable name excluding path - access with [gs]et_task_comm (which lock it with task_lock()) -@@ -1426,8 +1439,16 @@ struct task_struct { +@@ -1386,8 +1406,16 @@ struct task_struct { #endif /* CPU-specific state of this task */ struct thread_struct thread; @@ -63118,7 +63510,7 @@ index 7b06169..c92adbe 100644 /* open file information */ struct files_struct *files; /* namespaces */ -@@ -1469,6 +1490,11 @@ struct task_struct { +@@ -1431,6 +1459,11 @@ struct task_struct { struct rt_mutex_waiter *pi_blocked_on; #endif @@ -63130,7 +63522,7 @@ index 7b06169..c92adbe 100644 #ifdef CONFIG_DEBUG_MUTEXES /* mutex deadlock detection */ struct mutex_waiter *blocked_on; -@@ -1585,6 +1611,27 @@ struct task_struct { +@@ -1547,6 +1580,27 @@ struct task_struct { unsigned long default_timer_slack_ns; struct list_head *scm_work_list; @@ -63158,7 +63550,7 @@ index 7b06169..c92adbe 100644 #ifdef CONFIG_FUNCTION_GRAPH_TRACER /* Index of current stored address in ret_stack */ int curr_ret_stack; -@@ -1619,6 +1666,51 @@ struct task_struct { +@@ -1585,6 +1639,51 @@ struct task_struct { #endif }; @@ -63210,7 +63602,7 @@ index 7b06169..c92adbe 100644 /* Future-safe accessor for struct task_struct's cpus_allowed. */ #define tsk_cpus_allowed(tsk) (&(tsk)->cpus_allowed) -@@ -2146,7 +2238,9 @@ void yield(void); +@@ -2112,7 +2211,9 @@ void yield(void); extern struct exec_domain default_exec_domain; union thread_union { @@ -63220,7 +63612,7 @@ index 7b06169..c92adbe 100644 unsigned long stack[THREAD_SIZE/sizeof(long)]; }; -@@ -2179,6 +2273,7 @@ extern struct pid_namespace init_pid_ns; +@@ -2145,6 +2246,7 @@ extern struct pid_namespace init_pid_ns; */ extern struct task_struct *find_task_by_vpid(pid_t nr); @@ -63228,7 +63620,7 @@ index 7b06169..c92adbe 100644 extern struct task_struct *find_task_by_pid_ns(pid_t nr, struct pid_namespace *ns); -@@ -2322,7 +2417,7 @@ extern void __cleanup_sighand(struct sighand_struct *); +@@ -2301,7 +2403,7 @@ extern void __cleanup_sighand(struct sighand_struct *); extern void exit_itimers(struct signal_struct *); extern void flush_itimer_signals(void); @@ -63237,7 +63629,7 @@ index 7b06169..c92adbe 100644 extern void daemonize(const char *, ...); extern int allow_signal(int); -@@ -2523,9 +2618,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p) +@@ -2502,9 +2604,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p) #endif @@ -63264,7 +63656,7 @@ index 899fbb4..1cb4138 100644 #define VIDEO_TYPE_MDA 0x10 /* Monochrome Text Display */ diff --git a/include/linux/security.h b/include/linux/security.h -index 673afbb..2b7454b 100644 +index 4e5a73c..a5784a1 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -26,6 +26,7 @@ @@ -63313,10 +63705,10 @@ index 92808b8..c28cac4 100644 /* shm_mode upper byte flags */ diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h -index c1bae8d..2dbcd31 100644 +index 642cb73..7ff7f9f 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h -@@ -663,7 +663,7 @@ static inline struct skb_shared_hwtstamps *skb_hwtstamps(struct sk_buff *skb) +@@ -680,7 +680,7 @@ static inline struct skb_shared_hwtstamps *skb_hwtstamps(struct sk_buff *skb) */ static inline int skb_queue_empty(const struct sk_buff_head *list) { @@ -63325,7 +63717,7 @@ index c1bae8d..2dbcd31 100644 } /** -@@ -676,7 +676,7 @@ static inline int skb_queue_empty(const struct sk_buff_head *list) +@@ -693,7 +693,7 @@ static inline int skb_queue_empty(const struct sk_buff_head *list) static inline bool skb_queue_is_last(const struct sk_buff_head *list, const struct sk_buff *skb) { @@ -63334,7 +63726,7 @@ index c1bae8d..2dbcd31 100644 } /** -@@ -689,7 +689,7 @@ static inline bool skb_queue_is_last(const struct sk_buff_head *list, +@@ -706,7 +706,7 @@ static inline bool skb_queue_is_last(const struct sk_buff_head *list, static inline bool skb_queue_is_first(const struct sk_buff_head *list, const struct sk_buff *skb) { @@ -63343,7 +63735,7 @@ index c1bae8d..2dbcd31 100644 } /** -@@ -1584,7 +1584,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len) +@@ -1605,7 +1605,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len) * NET_IP_ALIGN(2) + ethernet_header(14) + IP_header(20/40) + ports(8) */ #ifndef NET_SKB_PAD @@ -63353,7 +63745,7 @@ index c1bae8d..2dbcd31 100644 extern int ___pskb_trim(struct sk_buff *skb, unsigned int len); diff --git a/include/linux/slab.h b/include/linux/slab.h -index a595dce..dfab0d2 100644 +index 67d5d94..bbd740b 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h @@ -11,12 +11,20 @@ @@ -63403,15 +63795,7 @@ index a595dce..dfab0d2 100644 /* * Allocator specific definitions. These are mainly used to establish optimized -@@ -240,6 +253,7 @@ size_t ksize(const void *); - * for general use, and so are not documented here. For a full list of - * potential flags, always refer to linux/gfp.h. - */ -+static void *kmalloc_array(size_t n, size_t size, gfp_t flags) __size_overflow(1, 2); - static inline void *kmalloc_array(size_t n, size_t size, gfp_t flags) - { - if (size != 0 && n > ULONG_MAX / size) -@@ -298,7 +312,7 @@ static inline void *kmem_cache_alloc_node(struct kmem_cache *cachep, +@@ -298,7 +311,7 @@ static inline void *kmem_cache_alloc_node(struct kmem_cache *cachep, */ #if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_SLUB) || \ (defined(CONFIG_SLAB) && defined(CONFIG_TRACING)) @@ -63420,7 +63804,7 @@ index a595dce..dfab0d2 100644 #define kmalloc_track_caller(size, flags) \ __kmalloc_track_caller(size, flags, _RET_IP_) #else -@@ -317,7 +331,7 @@ extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long); +@@ -317,7 +330,7 @@ extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long); */ #if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_SLUB) || \ (defined(CONFIG_SLAB) && defined(CONFIG_TRACING)) @@ -63504,7 +63888,7 @@ index fbd1117..0a3d314 100644 return kmem_cache_alloc_node_trace(size, cachep, flags, node); diff --git a/include/linux/slob_def.h b/include/linux/slob_def.h -index 0ec00b3..39cb7fc 100644 +index 0ec00b3..22b4715 100644 --- a/include/linux/slob_def.h +++ b/include/linux/slob_def.h @@ -9,7 +9,7 @@ static __always_inline void *kmem_cache_alloc(struct kmem_cache *cachep, @@ -63516,16 +63900,17 @@ index 0ec00b3..39cb7fc 100644 static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int node) { -@@ -29,6 +29,7 @@ static __always_inline void *kmalloc(size_t size, gfp_t flags) +@@ -29,7 +29,7 @@ static __always_inline void *kmalloc(size_t size, gfp_t flags) return __kmalloc_node(size, flags, -1); } -+static __always_inline void *__kmalloc(size_t size, gfp_t flags) __size_overflow(1); - static __always_inline void *__kmalloc(size_t size, gfp_t flags) +-static __always_inline void *__kmalloc(size_t size, gfp_t flags) ++static __always_inline __size_overflow(1) void *__kmalloc(size_t size, gfp_t flags) { return kmalloc(size, flags); + } diff --git a/include/linux/slub_def.h b/include/linux/slub_def.h -index c2f8c8b..be9e036 100644 +index c2f8c8b..d992a41 100644 --- a/include/linux/slub_def.h +++ b/include/linux/slub_def.h @@ -92,7 +92,7 @@ struct kmem_cache { @@ -63537,15 +63922,16 @@ index c2f8c8b..be9e036 100644 void (*ctor)(void *); int inuse; /* Offset to metadata */ int align; /* Alignment */ -@@ -153,6 +153,7 @@ extern struct kmem_cache *kmalloc_caches[SLUB_PAGE_SHIFT]; +@@ -153,7 +153,7 @@ extern struct kmem_cache *kmalloc_caches[SLUB_PAGE_SHIFT]; * Sorry that the following has to be that ugly but some versions of GCC * have trouble with constant propagation and loops. */ -+static __always_inline int kmalloc_index(size_t size) __size_overflow(1); - static __always_inline int kmalloc_index(size_t size) +-static __always_inline int kmalloc_index(size_t size) ++static __always_inline __size_overflow(1) int kmalloc_index(size_t size) { if (!size) -@@ -218,7 +219,7 @@ static __always_inline struct kmem_cache *kmalloc_slab(size_t size) + return 0; +@@ -218,7 +218,7 @@ static __always_inline struct kmem_cache *kmalloc_slab(size_t size) } void *kmem_cache_alloc(struct kmem_cache *, gfp_t); @@ -63554,15 +63940,16 @@ index c2f8c8b..be9e036 100644 static __always_inline void * kmalloc_order(size_t size, gfp_t flags, unsigned int order) -@@ -259,6 +260,7 @@ kmalloc_order_trace(size_t size, gfp_t flags, unsigned int order) +@@ -259,7 +259,7 @@ kmalloc_order_trace(size_t size, gfp_t flags, unsigned int order) } #endif -+static __always_inline void *kmalloc_large(size_t size, gfp_t flags) __size_overflow(1); - static __always_inline void *kmalloc_large(size_t size, gfp_t flags) +-static __always_inline void *kmalloc_large(size_t size, gfp_t flags) ++static __always_inline __size_overflow(1) void *kmalloc_large(size_t size, gfp_t flags) { unsigned int order = get_order(size); -@@ -284,7 +286,7 @@ static __always_inline void *kmalloc(size_t size, gfp_t flags) + return kmalloc_order_trace(size, flags, order); +@@ -284,7 +284,7 @@ static __always_inline void *kmalloc(size_t size, gfp_t flags) } #ifdef CONFIG_NUMA @@ -63685,11 +64072,33 @@ index c34b4c8..a65b67d 100644 extern int proc_dointvec(struct ctl_table *, int, void __user *, size_t *, loff_t *); extern int proc_dointvec_minmax(struct ctl_table *, int, +diff --git a/include/linux/tty.h b/include/linux/tty.h +index 9f47ab5..73da944 100644 +--- a/include/linux/tty.h ++++ b/include/linux/tty.h +@@ -225,7 +225,7 @@ struct tty_port { + const struct tty_port_operations *ops; /* Port operations */ + spinlock_t lock; /* Lock protecting tty field */ + int blocked_open; /* Waiting to open */ +- int count; /* Usage count */ ++ atomic_t count; /* Usage count */ + wait_queue_head_t open_wait; /* Open waiters */ + wait_queue_head_t close_wait; /* Close waiters */ + wait_queue_head_t delta_msr_wait; /* Modem status change */ +@@ -525,7 +525,7 @@ extern int tty_port_open(struct tty_port *port, + struct tty_struct *tty, struct file *filp); + static inline int tty_port_users(struct tty_port *port) + { +- return port->count + port->blocked_open; ++ return atomic_read(&port->count) + port->blocked_open; + } + + extern int tty_register_ldisc(int disc, struct tty_ldisc_ops *new_ldisc); diff --git a/include/linux/tty_ldisc.h b/include/linux/tty_ldisc.h -index ff7dc08..893e1bd 100644 +index fb79dd8d..07d4773 100644 --- a/include/linux/tty_ldisc.h +++ b/include/linux/tty_ldisc.h -@@ -148,7 +148,7 @@ struct tty_ldisc_ops { +@@ -149,7 +149,7 @@ struct tty_ldisc_ops { struct module *owner; @@ -63699,7 +64108,7 @@ index ff7dc08..893e1bd 100644 struct tty_ldisc { diff --git a/include/linux/types.h b/include/linux/types.h -index 7f480db..175c256 100644 +index 9c1bd53..c2370f6 100644 --- a/include/linux/types.h +++ b/include/linux/types.h @@ -220,10 +220,26 @@ typedef struct { @@ -63974,44 +64383,39 @@ index e5d1220..ef6e406 100644 #include diff --git a/include/media/saa7146_vv.h b/include/media/saa7146_vv.h -index 4aeff96..b378cdc 100644 +index 944ecdf..a3994fc 100644 --- a/include/media/saa7146_vv.h +++ b/include/media/saa7146_vv.h -@@ -163,7 +163,7 @@ struct saa7146_ext_vv +@@ -161,8 +161,8 @@ struct saa7146_ext_vv int (*std_callback)(struct saa7146_dev*, struct saa7146_standard *); /* the extension can override this */ -- struct v4l2_ioctl_ops ops; -+ v4l2_ioctl_ops_no_const ops; +- struct v4l2_ioctl_ops vid_ops; +- struct v4l2_ioctl_ops vbi_ops; ++ v4l2_ioctl_ops_no_const vid_ops; ++ v4l2_ioctl_ops_no_const vbi_ops; /* pointer to the saa7146 core ops */ const struct v4l2_ioctl_ops *core_ops; diff --git a/include/media/v4l2-dev.h b/include/media/v4l2-dev.h -index 96d2221..2292f89 100644 +index a056e6e..31023a5 100644 --- a/include/media/v4l2-dev.h +++ b/include/media/v4l2-dev.h -@@ -56,7 +56,7 @@ int v4l2_prio_check(struct v4l2_prio_state *global, enum v4l2_priority local); - - - struct v4l2_file_operations { -- struct module *owner; -+ struct module * const owner; - ssize_t (*read) (struct file *, char __user *, size_t, loff_t *); - ssize_t (*write) (struct file *, const char __user *, size_t, loff_t *); - unsigned int (*poll) (struct file *, struct poll_table_struct *); -@@ -71,6 +71,7 @@ struct v4l2_file_operations { +@@ -73,7 +73,8 @@ struct v4l2_file_operations { + int (*mmap) (struct file *, struct vm_area_struct *); int (*open) (struct file *); int (*release) (struct file *); - }; +-}; ++} __do_const; +typedef struct v4l2_file_operations __no_const v4l2_file_operations_no_const; /* * Newer version of video_device, handled by videodev2.c diff --git a/include/media/v4l2-ioctl.h b/include/media/v4l2-ioctl.h -index 3cb939c..f23c6bb 100644 +index d8b76f7..7d5aa18 100644 --- a/include/media/v4l2-ioctl.h +++ b/include/media/v4l2-ioctl.h -@@ -281,7 +281,7 @@ struct v4l2_ioctl_ops { +@@ -287,7 +287,7 @@ struct v4l2_ioctl_ops { long (*vidioc_default) (struct file *file, void *fh, bool valid_prio, int cmd, void *arg); }; @@ -64021,7 +64425,7 @@ index 3cb939c..f23c6bb 100644 /* v4l debugging and diagnostics */ diff --git a/include/net/caif/caif_hsi.h b/include/net/caif/caif_hsi.h -index 6db8ecf..8c23861 100644 +index 439dadc..1c67e3f 100644 --- a/include/net/caif/caif_hsi.h +++ b/include/net/caif/caif_hsi.h @@ -98,7 +98,7 @@ struct cfhsi_drv { @@ -64099,7 +64503,7 @@ index 2040bff..f4c0733 100644 } diff --git a/include/net/ip_fib.h b/include/net/ip_fib.h -index 10422ef..662570f 100644 +index 78df0866..00e5c9b 100644 --- a/include/net/ip_fib.h +++ b/include/net/ip_fib.h @@ -146,7 +146,7 @@ extern __be32 fib_info_update_nh_saddr(struct net *net, struct fib_nh *nh); @@ -64112,7 +64516,7 @@ index 10422ef..662570f 100644 fib_info_update_nh_saddr((net), &FIB_RES_NH(res))) #define FIB_RES_GW(res) (FIB_RES_NH(res).nh_gw) diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h -index 72522f0..2965e05 100644 +index 95374d1..2300e36 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h @@ -510,7 +510,7 @@ struct ip_vs_conn { @@ -64127,21 +64531,12 @@ index 72522f0..2965e05 100644 @@ -648,7 +648,7 @@ struct ip_vs_dest { __be16 port; /* port number of the server */ union nf_inet_addr addr; /* IP address of the server */ - volatile unsigned flags; /* dest status flags */ + volatile unsigned int flags; /* dest status flags */ - atomic_t conn_flags; /* flags to copy to conn */ + atomic_unchecked_t conn_flags; /* flags to copy to conn */ atomic_t weight; /* server weight */ atomic_t refcnt; /* reference counter */ -@@ -1356,7 +1356,7 @@ static inline void ip_vs_notrack(struct sk_buff *skb) - struct nf_conn *ct = nf_ct_get(skb, &ctinfo); - - if (!ct || !nf_ct_is_untracked(ct)) { -- nf_reset(skb); -+ nf_conntrack_put(skb->nfct); - skb->nfct = &nf_ct_untracked_get()->ct_general; - skb->nfctinfo = IP_CT_NEW; - nf_conntrack_get(skb->nfct); diff --git a/include/net/irda/ircomm_core.h b/include/net/irda/ircomm_core.h index 69b610a..fe3962c 100644 --- a/include/net/irda/ircomm_core.h @@ -64192,7 +64587,7 @@ index cc7c197..9f2da2a 100644 unsigned int iucv_sock_poll(struct file *file, struct socket *sock, diff --git a/include/net/neighbour.h b/include/net/neighbour.h -index 34c996f..bb3b4d4 100644 +index 6cdfeed..55a0256 100644 --- a/include/net/neighbour.h +++ b/include/net/neighbour.h @@ -123,7 +123,7 @@ struct neigh_ops { @@ -64205,10 +64600,10 @@ index 34c996f..bb3b4d4 100644 struct pneigh_entry { struct pneigh_entry *next; diff --git a/include/net/netlink.h b/include/net/netlink.h -index f394fe5..fd073f9 100644 +index 785f37a..c81dc0c 100644 --- a/include/net/netlink.h +++ b/include/net/netlink.h -@@ -534,7 +534,7 @@ static inline void *nlmsg_get_pos(struct sk_buff *skb) +@@ -520,7 +520,7 @@ static inline void *nlmsg_get_pos(struct sk_buff *skb) static inline void nlmsg_trim(struct sk_buff *skb, const void *mark) { if (mark) @@ -64250,10 +64645,10 @@ index a2ef814..31a8e3f 100644 #define SCTP_DISABLE_DEBUG #define SCTP_ASSERT(expr, str, func) diff --git a/include/net/sock.h b/include/net/sock.h -index 5a0a58a..2e3d4d0 100644 +index 4a45216..7af2578 100644 --- a/include/net/sock.h +++ b/include/net/sock.h -@@ -302,7 +302,7 @@ struct sock { +@@ -303,7 +303,7 @@ struct sock { #ifdef CONFIG_RPS __u32 sk_rxhash; #endif @@ -64262,7 +64657,7 @@ index 5a0a58a..2e3d4d0 100644 int sk_rcvbuf; struct sk_filter __rcu *sk_filter; -@@ -1691,7 +1691,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags) +@@ -1726,7 +1726,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags) } static inline int skb_do_copy_data_nocache(struct sock *sk, struct sk_buff *skb, @@ -64272,10 +64667,10 @@ index 5a0a58a..2e3d4d0 100644 { if (skb->ip_summed == CHECKSUM_NONE) { diff --git a/include/net/tcp.h b/include/net/tcp.h -index f75a04d..702cf06 100644 +index e79aa48..9929421 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h -@@ -1425,7 +1425,7 @@ struct tcp_seq_afinfo { +@@ -1459,7 +1459,7 @@ struct tcp_seq_afinfo { char *name; sa_family_t family; const struct file_operations *seq_fops; @@ -64285,7 +64680,7 @@ index f75a04d..702cf06 100644 struct tcp_iter_state { diff --git a/include/net/udp.h b/include/net/udp.h -index 5d606d9..e879f7b 100644 +index 065f379..b661b40 100644 --- a/include/net/udp.h +++ b/include/net/udp.h @@ -244,7 +244,7 @@ struct udp_seq_afinfo { @@ -64298,7 +64693,7 @@ index 5d606d9..e879f7b 100644 struct udp_iter_state { diff --git a/include/net/xfrm.h b/include/net/xfrm.h -index 96239e7..c85b032 100644 +index e0a55df..5890bca07 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -505,7 +505,7 @@ struct xfrm_policy { @@ -64362,15 +64757,16 @@ index ba96988..ecf2eb9 100644 struct device sdev_gendev, sdev_dev; diff --git a/include/scsi/scsi_transport_fc.h b/include/scsi/scsi_transport_fc.h -index 719faf1..d1154d4 100644 +index 719faf1..07b6728 100644 --- a/include/scsi/scsi_transport_fc.h +++ b/include/scsi/scsi_transport_fc.h -@@ -739,7 +739,7 @@ struct fc_function_template { +@@ -739,7 +739,8 @@ struct fc_function_template { unsigned long show_host_system_hostname:1; unsigned long disable_target_scan:1; -}; +} __do_const; ++typedef struct fc_function_template __no_const fc_function_template_no_const; /** @@ -64439,27 +64835,40 @@ index af1b49e..a5d55a5 100644 /* * CSP private data diff --git a/include/sound/soc.h b/include/sound/soc.h -index 2ebf787..0276839 100644 +index c703871..f7fbbbd 100644 --- a/include/sound/soc.h +++ b/include/sound/soc.h -@@ -711,7 +711,7 @@ struct snd_soc_platform_driver { - /* platform IO - used for platform DAPM */ +@@ -757,7 +757,7 @@ struct snd_soc_platform_driver { unsigned int (*read)(struct snd_soc_platform *, unsigned int); int (*write)(struct snd_soc_platform *, unsigned int, unsigned int); + int (*bespoke_trigger)(struct snd_pcm_substream *, int); -}; +} __do_const; struct snd_soc_platform { const char *name; -@@ -887,7 +887,7 @@ struct snd_soc_pcm_runtime { +@@ -949,7 +949,7 @@ struct snd_soc_pcm_runtime { struct snd_soc_dai_link *dai_link; struct mutex pcm_mutex; enum snd_soc_pcm_subclass pcm_subclass; - struct snd_pcm_ops ops; + snd_pcm_ops_no_const ops; - unsigned int complete:1; unsigned int dev_registered:1; + +diff --git a/include/sound/tea575x-tuner.h b/include/sound/tea575x-tuner.h +index 0c3c2fb..d9d9990 100644 +--- a/include/sound/tea575x-tuner.h ++++ b/include/sound/tea575x-tuner.h +@@ -44,7 +44,7 @@ struct snd_tea575x_ops { + + struct snd_tea575x { + struct v4l2_device *v4l2_dev; +- struct v4l2_file_operations fops; ++ v4l2_file_operations_no_const fops; + struct video_device vd; /* video device */ + int radio_nr; /* radio_nr */ + bool tea5759; /* 5759 chip is present */ diff --git a/include/sound/ymfpci.h b/include/sound/ymfpci.h index 4119966..1a4671c 100644 --- a/include/sound/ymfpci.h @@ -64474,10 +64883,10 @@ index 4119966..1a4671c 100644 const struct firmware *dsp_microcode; const struct firmware *controller_microcode; diff --git a/include/target/target_core_base.h b/include/target/target_core_base.h -index aaccc5f..092d568 100644 +index 362e0d9..36b9a83 100644 --- a/include/target/target_core_base.h +++ b/include/target/target_core_base.h -@@ -447,7 +447,7 @@ struct t10_reservation_ops { +@@ -441,7 +441,7 @@ struct t10_reservation_ops { int (*t10_seq_non_holder)(struct se_cmd *, unsigned char *, u32); int (*t10_pr_register)(struct se_cmd *); int (*t10_pr_clear)(struct se_cmd *); @@ -64486,16 +64895,7 @@ index aaccc5f..092d568 100644 struct t10_reservation { /* Reservation effects all target ports */ -@@ -576,7 +576,7 @@ struct se_cmd { - atomic_t t_se_count; - atomic_t t_task_cdbs_left; - atomic_t t_task_cdbs_ex_left; -- atomic_t t_task_cdbs_sent; -+ atomic_unchecked_t t_task_cdbs_sent; - unsigned int transport_state; - #define CMD_T_ABORTED (1 << 0) - #define CMD_T_ACTIVE (1 << 1) -@@ -802,7 +802,7 @@ struct se_device { +@@ -780,7 +780,7 @@ struct se_device { spinlock_t stats_lock; /* Active commands on this virtual SE device */ atomic_t simple_cmds; @@ -64617,10 +65017,10 @@ index 0993a22..32ba2fe 100644 void *pmi_pal; u8 *vbe_state_orig; /* diff --git a/init/Kconfig b/init/Kconfig -index 6cfd71d..16006e6 100644 +index d07dcf9..fa47d0e 100644 --- a/init/Kconfig +++ b/init/Kconfig -@@ -790,6 +790,7 @@ endif # CGROUPS +@@ -835,6 +835,7 @@ endif # CGROUPS config CHECKPOINT_RESTORE bool "Checkpoint/restore support" if EXPERT @@ -64628,7 +65028,15 @@ index 6cfd71d..16006e6 100644 default n help Enables additional kernel features in a sake of checkpoint/restore. -@@ -1240,7 +1241,7 @@ config SLUB_DEBUG +@@ -1014,6 +1015,7 @@ config UIDGID_CONVERTED + # Security modules + depends on SECURITY_TOMOYO = n + depends on SECURITY_APPARMOR = n ++ depends on GRKERNSEC = n + + config UIDGID_STRICT_TYPE_CHECKS + bool "Require conversions between uid/gids and their internal representation" +@@ -1401,7 +1403,7 @@ config SLUB_DEBUG config COMPAT_BRK bool "Disable heap randomization" @@ -64637,7 +65045,7 @@ index 6cfd71d..16006e6 100644 help Randomizing heap placement makes heap exploits harder, but it also breaks ancient binaries (including anything libc5 based). -@@ -1423,7 +1424,7 @@ config INIT_ALL_POSSIBLE +@@ -1584,7 +1586,7 @@ config INIT_ALL_POSSIBLE config STOP_MACHINE bool default y @@ -64646,11 +65054,25 @@ index 6cfd71d..16006e6 100644 help Need stop_machine() primitive. +diff --git a/init/Makefile b/init/Makefile +index 7bc47ee..6da2dc7 100644 +--- a/init/Makefile ++++ b/init/Makefile +@@ -2,6 +2,9 @@ + # Makefile for the linux kernel. + # + ++ccflags-y := $(GCC_PLUGINS_CFLAGS) ++asflags-y := $(GCC_PLUGINS_AFLAGS) ++ + obj-y := main.o version.o mounts.o + ifneq ($(CONFIG_BLK_DEV_INITRD),y) + obj-y += noinitramfs.o diff --git a/init/do_mounts.c b/init/do_mounts.c -index 42b0707..c06eef4 100644 +index d3f0aee..c9322f5 100644 --- a/init/do_mounts.c +++ b/init/do_mounts.c -@@ -326,11 +326,11 @@ static void __init get_fs_names(char *page) +@@ -336,11 +336,11 @@ static void __init get_fs_names(char *page) static int __init do_mount_root(char *name, char *fs, int flags, void *data) { struct super_block *s; @@ -64659,12 +65081,12 @@ index 42b0707..c06eef4 100644 if (err) return err; -- sys_chdir((const char __user __force *)"/root"); +- sys_chdir("/root"); + sys_chdir((const char __force_user *)"/root"); s = current->fs->pwd.dentry->d_sb; ROOT_DEV = s->s_dev; printk(KERN_INFO -@@ -450,18 +450,18 @@ void __init change_floppy(char *fmt, ...) +@@ -460,18 +460,18 @@ void __init change_floppy(char *fmt, ...) va_start(args, fmt); vsprintf(buf, fmt, args); va_end(args); @@ -64686,12 +65108,12 @@ index 42b0707..c06eef4 100644 termios.c_lflag |= ICANON; sys_ioctl(fd, TCSETSF, (long)&termios); sys_close(fd); -@@ -555,6 +555,6 @@ void __init prepare_namespace(void) +@@ -565,6 +565,6 @@ void __init prepare_namespace(void) mount_root(); out: devtmpfs_mount("dev"); - sys_mount(".", "/", NULL, MS_MOVE, NULL); -- sys_chroot((const char __user __force *)"."); +- sys_chroot("."); + sys_mount((char __force_user *)".", (char __force_user *)"/", NULL, MS_MOVE, NULL); + sys_chroot((const char __force_user *)"."); } @@ -64728,10 +65150,10 @@ index f5b978a..69dbfe8 100644 if (!S_ISBLK(stat.st_mode)) return 0; diff --git a/init/do_mounts_initrd.c b/init/do_mounts_initrd.c -index 9047330..de0d1fb 100644 +index 135959a2..28a3f43 100644 --- a/init/do_mounts_initrd.c +++ b/init/do_mounts_initrd.c -@@ -43,13 +43,13 @@ static void __init handle_initrd(void) +@@ -53,13 +53,13 @@ static void __init handle_initrd(void) create_dev("/dev/root.old", Root_RAM0); /* mount initrd on rootfs' /root */ mount_block_root("/dev/root.old", root_mountflags & ~MS_RDONLY); @@ -64751,7 +65173,7 @@ index 9047330..de0d1fb 100644 /* * In case that a resume from disk is carried out by linuxrc or one of -@@ -66,15 +66,15 @@ static void __init handle_initrd(void) +@@ -76,15 +76,15 @@ static void __init handle_initrd(void) /* move initrd to rootfs' /old */ sys_fchdir(old_fd); @@ -64770,7 +65192,7 @@ index 9047330..de0d1fb 100644 return; } -@@ -82,17 +82,17 @@ static void __init handle_initrd(void) +@@ -92,17 +92,17 @@ static void __init handle_initrd(void) mount_root(); printk(KERN_NOTICE "Trying to move old root to /initrd ... "); @@ -64791,7 +65213,7 @@ index 9047330..de0d1fb 100644 printk(KERN_NOTICE "Trying to free ramdisk memory ... "); if (fd < 0) { error = fd; -@@ -115,11 +115,11 @@ int __init initrd_load(void) +@@ -125,11 +125,11 @@ int __init initrd_load(void) * mounted in the normal path. */ if (rd_load_image("/initrd.image") && ROOT_DEV != Root_RAM0) { @@ -64806,10 +65228,10 @@ index 9047330..de0d1fb 100644 return 0; } diff --git a/init/do_mounts_md.c b/init/do_mounts_md.c -index 32c4799..c27ee74 100644 +index 8cb6db5..d729f50 100644 --- a/init/do_mounts_md.c +++ b/init/do_mounts_md.c -@@ -170,7 +170,7 @@ static void __init md_setup_drive(void) +@@ -180,7 +180,7 @@ static void __init md_setup_drive(void) partitioned ? "_d" : "", minor, md_setup_args[ent].device_names); @@ -64818,7 +65240,7 @@ index 32c4799..c27ee74 100644 if (fd < 0) { printk(KERN_ERR "md: open failed - cannot start " "array %s\n", name); -@@ -233,7 +233,7 @@ static void __init md_setup_drive(void) +@@ -243,7 +243,7 @@ static void __init md_setup_drive(void) * array without it */ sys_close(fd); @@ -64827,29 +65249,43 @@ index 32c4799..c27ee74 100644 sys_ioctl(fd, BLKRRPART, 0); } sys_close(fd); -@@ -283,7 +283,7 @@ static void __init autodetect_raid(void) +@@ -293,7 +293,7 @@ static void __init autodetect_raid(void) wait_for_device_probe(); -- fd = sys_open((const char __user __force *) "/dev/md0", 0, 0); +- fd = sys_open("/dev/md0", 0, 0); + fd = sys_open((const char __force_user *) "/dev/md0", 0, 0); if (fd >= 0) { sys_ioctl(fd, RAID_AUTORUN, raid_autopart); sys_close(fd); +diff --git a/init/init_task.c b/init/init_task.c +index 8b2f399..f0797c9 100644 +--- a/init/init_task.c ++++ b/init/init_task.c +@@ -20,5 +20,9 @@ EXPORT_SYMBOL(init_task); + * Initial thread structure. Alignment of this is handled by a special + * linker map entry. + */ ++#ifdef CONFIG_X86 ++union thread_union init_thread_union __init_task_data; ++#else + union thread_union init_thread_union __init_task_data = + { INIT_THREAD_INFO(init_task) }; ++#endif diff --git a/init/initramfs.c b/init/initramfs.c -index 8216c30..25e8e32 100644 +index 84c6bf1..8899338 100644 --- a/init/initramfs.c +++ b/init/initramfs.c -@@ -74,7 +74,7 @@ static void __init free_hash(void) +@@ -84,7 +84,7 @@ static void __init free_hash(void) } } --static long __init do_utime(char __user *filename, time_t mtime) -+static long __init do_utime(__force char __user *filename, time_t mtime) +-static long __init do_utime(char *filename, time_t mtime) ++static long __init do_utime(char __force_user *filename, time_t mtime) { struct timespec t[2]; -@@ -109,7 +109,7 @@ static void __init dir_utime(void) +@@ -119,7 +119,7 @@ static void __init dir_utime(void) struct dir_entry *de, *tmp; list_for_each_entry_safe(de, tmp, &dir_list, list) { list_del(&de->list); @@ -64858,7 +65294,7 @@ index 8216c30..25e8e32 100644 kfree(de->name); kfree(de); } -@@ -271,7 +271,7 @@ static int __init maybe_link(void) +@@ -281,7 +281,7 @@ static int __init maybe_link(void) if (nlink >= 2) { char *old = find_link(major, minor, ino, mode, collected); if (old) @@ -64867,7 +65303,7 @@ index 8216c30..25e8e32 100644 } return 0; } -@@ -280,11 +280,11 @@ static void __init clean_path(char *path, umode_t mode) +@@ -290,11 +290,11 @@ static void __init clean_path(char *path, umode_t mode) { struct stat st; @@ -64882,7 +65318,7 @@ index 8216c30..25e8e32 100644 } } -@@ -305,7 +305,7 @@ static int __init do_name(void) +@@ -315,7 +315,7 @@ static int __init do_name(void) int openflags = O_WRONLY|O_CREAT; if (ml != 1) openflags |= O_TRUNC; @@ -64891,7 +65327,7 @@ index 8216c30..25e8e32 100644 if (wfd >= 0) { sys_fchown(wfd, uid, gid); -@@ -317,17 +317,17 @@ static int __init do_name(void) +@@ -327,17 +327,17 @@ static int __init do_name(void) } } } else if (S_ISDIR(mode)) { @@ -64916,7 +65352,7 @@ index 8216c30..25e8e32 100644 } } return 0; -@@ -336,15 +336,15 @@ static int __init do_name(void) +@@ -346,15 +346,15 @@ static int __init do_name(void) static int __init do_copy(void) { if (count >= body_len) { @@ -64935,7 +65371,7 @@ index 8216c30..25e8e32 100644 body_len -= count; eat(count); return 1; -@@ -355,9 +355,9 @@ static int __init do_symlink(void) +@@ -365,9 +365,9 @@ static int __init do_symlink(void) { collected[N_ALIGN(name_len) + body_len] = '\0'; clean_path(collected, 0); @@ -64949,7 +65385,7 @@ index 8216c30..25e8e32 100644 next_state = Reset; return 0; diff --git a/init/main.c b/init/main.c -index b08c5f7..bf65a52 100644 +index b5cc0a7..5605c91 100644 --- a/init/main.c +++ b/init/main.c @@ -95,6 +95,8 @@ static inline void mark_rodata_ro(void) { } @@ -65041,7 +65477,7 @@ index b08c5f7..bf65a52 100644 return ret; @@ -747,8 +793,14 @@ static void __init do_initcall_level(int level) level, level, - repair_env_string); + &repair_env_string); - for (fn = initcall_levels[level]; fn < initcall_levels[level+1]; fn++) + for (fn = initcall_levels[level]; fn < initcall_levels[level+1]; fn++) { @@ -65096,12 +65532,12 @@ index b08c5f7..bf65a52 100644 * Ok, we have completed the initial bootup, and * we're essentially up and running. Get rid of the diff --git a/ipc/mqueue.c b/ipc/mqueue.c -index 28bd64d..c66b72a 100644 +index 8ce5769..4666884 100644 --- a/ipc/mqueue.c +++ b/ipc/mqueue.c -@@ -156,6 +156,7 @@ static struct inode *mqueue_get_inode(struct super_block *sb, - mq_bytes = (mq_msg_tblsz + - (info->attr.mq_maxmsg * info->attr.mq_msgsize)); +@@ -279,6 +279,7 @@ static struct inode *mqueue_get_inode(struct super_block *sb, + mq_bytes = mq_treesize + (info->attr.mq_maxmsg * + info->attr.mq_msgsize); + gr_learn_resource(current, RLIMIT_MSGQUEUE, u->mq_bytes + mq_bytes, 1); spin_lock(&mq_lock); @@ -65169,7 +65605,7 @@ index 5215a81..cfc0cac 100644 sem_params.flg = semflg; sem_params.u.nsems = nsems; diff --git a/ipc/shm.c b/ipc/shm.c -index 406c5b2..bc66d67 100644 +index 41c1285..cf6404c 100644 --- a/ipc/shm.c +++ b/ipc/shm.c @@ -69,6 +69,14 @@ static void shm_destroy (struct ipc_namespace *ns, struct shmid_kernel *shp); @@ -65187,7 +65623,7 @@ index 406c5b2..bc66d67 100644 void shm_init_ns(struct ipc_namespace *ns) { ns->shm_ctlmax = SHMMAX; -@@ -508,6 +516,14 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params) +@@ -520,6 +528,14 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params) shp->shm_lprid = 0; shp->shm_atim = shp->shm_dtim = 0; shp->shm_ctim = get_seconds(); @@ -65202,7 +65638,7 @@ index 406c5b2..bc66d67 100644 shp->shm_segsz = size; shp->shm_nattch = 0; shp->shm_file = file; -@@ -559,18 +575,19 @@ static inline int shm_more_checks(struct kern_ipc_perm *ipcp, +@@ -571,18 +587,19 @@ static inline int shm_more_checks(struct kern_ipc_perm *ipcp, return 0; } @@ -65227,7 +65663,7 @@ index 406c5b2..bc66d67 100644 shm_params.key = key; shm_params.flg = shmflg; shm_params.u.size = size; -@@ -988,6 +1005,12 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr) +@@ -1000,6 +1017,12 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr) f_mode = FMODE_READ | FMODE_WRITE; } if (shmflg & SHM_EXEC) { @@ -65240,7 +65676,7 @@ index 406c5b2..bc66d67 100644 prot |= PROT_EXEC; acc_mode |= S_IXUGO; } -@@ -1011,9 +1034,21 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr) +@@ -1023,9 +1046,21 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr) if (err) goto out_unlock; @@ -65316,10 +65752,10 @@ index 1c7f2c6..9ba5359 100644 audit_send_reply(NETLINK_CB(skb).pid, seq, AUDIT_GET, 0, 0, &status_set, sizeof(status_set)); diff --git a/kernel/auditsc.c b/kernel/auditsc.c -index af1de0f..06dfe57 100644 +index 4b96415..d8c16ee 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c -@@ -2288,7 +2288,7 @@ int auditsc_get_stamp(struct audit_context *ctx, +@@ -2289,7 +2289,7 @@ int auditsc_get_stamp(struct audit_context *ctx, } /* global counter which is incremented every time something logs in */ @@ -65328,7 +65764,7 @@ index af1de0f..06dfe57 100644 /** * audit_set_loginuid - set current task's audit_context loginuid -@@ -2312,7 +2312,7 @@ int audit_set_loginuid(uid_t loginuid) +@@ -2313,7 +2313,7 @@ int audit_set_loginuid(uid_t loginuid) return -EPERM; #endif /* CONFIG_AUDIT_LOGINUID_IMMUTABLE */ @@ -65338,7 +65774,7 @@ index af1de0f..06dfe57 100644 struct audit_buffer *ab; diff --git a/kernel/capability.c b/kernel/capability.c -index 3f1adb6..c564db0 100644 +index 493d972..ea17248 100644 --- a/kernel/capability.c +++ b/kernel/capability.c @@ -202,6 +202,9 @@ SYSCALL_DEFINE2(capget, cap_user_header_t, header, cap_user_data_t, dataptr) @@ -65422,8 +65858,19 @@ index 3f1adb6..c564db0 100644 /** * nsown_capable - Check superior capability to one's own user_ns * @cap: The capability in question +@@ -440,3 +465,10 @@ bool inode_capable(const struct inode *inode, int cap) + + return ns_capable(ns, cap) && kuid_has_mapping(ns, inode->i_uid); + } ++ ++bool inode_capable_nolog(const struct inode *inode, int cap) ++{ ++ struct user_namespace *ns = current_user_ns(); ++ ++ return ns_capable_nolog(ns, cap) && kuid_has_mapping(ns, inode->i_uid); ++} diff --git a/kernel/compat.c b/kernel/compat.c -index d2c67aa..a629b2e 100644 +index c28a306..b4d0cf3 100644 --- a/kernel/compat.c +++ b/kernel/compat.c @@ -13,6 +13,7 @@ @@ -65605,26 +66052,27 @@ index 42e8fa0..9e7406b 100644 return -ENOMEM; diff --git a/kernel/cred.c b/kernel/cred.c -index e70683d..27761b6 100644 +index de728ac..e3c267c 100644 --- a/kernel/cred.c +++ b/kernel/cred.c -@@ -205,6 +205,15 @@ void exit_creds(struct task_struct *tsk) - validate_creds(cred); - put_cred(cred); - } +@@ -207,6 +207,16 @@ void exit_creds(struct task_struct *tsk) + validate_creds(cred); + alter_cred_subscribers(cred, -1); + put_cred(cred); + +#ifdef CONFIG_GRKERNSEC_SETXID + cred = (struct cred *) tsk->delayed_cred; -+ if (cred) { ++ if (cred != NULL) { + tsk->delayed_cred = NULL; + validate_creds(cred); ++ alter_cred_subscribers(cred, -1); + put_cred(cred); + } +#endif } /** -@@ -473,7 +482,7 @@ error_put: +@@ -469,7 +479,7 @@ error_put: * Always returns 0 thus allowing this function to be tail-called at the end * of, say, sys_setgid(). */ @@ -65633,16 +66081,16 @@ index e70683d..27761b6 100644 { struct task_struct *task = current; const struct cred *old = task->real_cred; -@@ -492,6 +501,8 @@ int commit_creds(struct cred *new) +@@ -488,6 +498,8 @@ int commit_creds(struct cred *new) get_cred(new); /* we will require a ref for the subj creds too */ + gr_set_role_label(task, new->uid, new->gid); + /* dumpability changes */ - if (old->euid != new->euid || - old->egid != new->egid || -@@ -541,6 +552,101 @@ int commit_creds(struct cred *new) + if (!uid_eq(old->euid, new->euid) || + !gid_eq(old->egid, new->egid) || +@@ -537,6 +549,101 @@ int commit_creds(struct cred *new) put_cred(old); return 0; } @@ -65809,10 +66257,10 @@ index 0557f24..1a00d9a 100644 } EXPORT_SYMBOL_GPL(kgdb_schedule_breakpoint); diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c -index 67b847d..93834dd 100644 +index 1f91413..362a0a1 100644 --- a/kernel/debug/kdb/kdb_main.c +++ b/kernel/debug/kdb/kdb_main.c -@@ -1983,7 +1983,7 @@ static int kdb_lsmod(int argc, const char **argv) +@@ -1984,7 +1984,7 @@ static int kdb_lsmod(int argc, const char **argv) list_for_each_entry(mod, kdb_modules, list) { kdb_printf("%-20s%8u 0x%p ", mod->name, @@ -65821,7 +66269,7 @@ index 67b847d..93834dd 100644 #ifdef CONFIG_MODULE_UNLOAD kdb_printf("%4ld ", module_refcount(mod)); #endif -@@ -1993,7 +1993,7 @@ static int kdb_lsmod(int argc, const char **argv) +@@ -1994,7 +1994,7 @@ static int kdb_lsmod(int argc, const char **argv) kdb_printf(" (Loading)"); else kdb_printf(" (Live)"); @@ -65831,7 +66279,7 @@ index 67b847d..93834dd 100644 #ifdef CONFIG_MODULE_UNLOAD { diff --git a/kernel/events/core.c b/kernel/events/core.c -index fd126f8..70b755b 100644 +index d7d71d6..f54b76f 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -181,7 +181,7 @@ int perf_proc_update_handler(struct ctl_table *table, int write, @@ -65843,7 +66291,7 @@ index fd126f8..70b755b 100644 static void cpu_ctx_sched_out(struct perf_cpu_context *cpuctx, enum event_type_t event_type); -@@ -2659,7 +2659,7 @@ static void __perf_event_read(void *info) +@@ -2663,7 +2663,7 @@ static void __perf_event_read(void *info) static inline u64 perf_event_count(struct perf_event *event) { @@ -65852,7 +66300,7 @@ index fd126f8..70b755b 100644 } static u64 perf_event_read(struct perf_event *event) -@@ -2983,9 +2983,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running) +@@ -2987,9 +2987,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running) mutex_lock(&event->child_mutex); total += perf_event_read(event); *enabled += event->total_time_enabled + @@ -65864,7 +66312,7 @@ index fd126f8..70b755b 100644 list_for_each_entry(child, &event->child_list, child_list) { total += perf_event_read(child); -@@ -3393,10 +3393,10 @@ void perf_event_update_userpage(struct perf_event *event) +@@ -3396,10 +3396,10 @@ void perf_event_update_userpage(struct perf_event *event) userpg->offset -= local64_read(&event->hw.prev_count); userpg->time_enabled = enabled + @@ -65877,7 +66325,7 @@ index fd126f8..70b755b 100644 arch_perf_update_userpage(userpg, now); -@@ -3829,11 +3829,11 @@ static void perf_output_read_one(struct perf_output_handle *handle, +@@ -3832,11 +3832,11 @@ static void perf_output_read_one(struct perf_output_handle *handle, values[n++] = perf_event_count(event); if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) { values[n++] = enabled + @@ -65891,7 +66339,7 @@ index fd126f8..70b755b 100644 } if (read_format & PERF_FORMAT_ID) values[n++] = primary_event_id(event); -@@ -4511,12 +4511,12 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event) +@@ -4514,12 +4514,12 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event) * need to add enough zero bytes after the string to handle * the 64bit alignment we do later. */ @@ -65906,7 +66354,7 @@ index fd126f8..70b755b 100644 if (IS_ERR(name)) { name = strncpy(tmp, "//toolong", sizeof(tmp)); goto got_name; -@@ -5929,7 +5929,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu, +@@ -5931,7 +5931,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu, event->parent = parent_event; event->ns = get_pid_ns(current->nsproxy->pid_ns); @@ -65915,7 +66363,7 @@ index fd126f8..70b755b 100644 event->state = PERF_EVENT_STATE_INACTIVE; -@@ -6491,10 +6491,10 @@ static void sync_child_event(struct perf_event *child_event, +@@ -6493,10 +6493,10 @@ static void sync_child_event(struct perf_event *child_event, /* * Add back the child's count to the parent's count: */ @@ -65930,7 +66378,7 @@ index fd126f8..70b755b 100644 /* diff --git a/kernel/exit.c b/kernel/exit.c -index 9d81012..d7911f1 100644 +index 46ce8da..c648f3a 100644 --- a/kernel/exit.c +++ b/kernel/exit.c @@ -59,6 +59,10 @@ @@ -65944,7 +66392,7 @@ index 9d81012..d7911f1 100644 static void exit_mm(struct task_struct * tsk); static void __unhash_process(struct task_struct *p, bool group_dead) -@@ -170,6 +174,10 @@ void release_task(struct task_struct * p) +@@ -182,6 +186,10 @@ void release_task(struct task_struct * p) struct task_struct *leader; int zap_leader; repeat: @@ -65955,7 +66403,7 @@ index 9d81012..d7911f1 100644 /* don't need to get the RCU readlock here - the process is dead and * can't be modifying its own credentials. But shut RCU-lockdep up */ rcu_read_lock(); -@@ -382,7 +390,7 @@ int allow_signal(int sig) +@@ -394,7 +402,7 @@ int allow_signal(int sig) * know it'll be handled, so that they don't get converted to * SIGKILL or just silently dropped. */ @@ -65964,7 +66412,7 @@ index 9d81012..d7911f1 100644 recalc_sigpending(); spin_unlock_irq(¤t->sighand->siglock); return 0; -@@ -418,6 +426,17 @@ void daemonize(const char *name, ...) +@@ -430,6 +438,17 @@ void daemonize(const char *name, ...) vsnprintf(current->comm, sizeof(current->comm), name, args); va_end(args); @@ -65982,7 +66430,7 @@ index 9d81012..d7911f1 100644 /* * If we were started as result of loading a module, close all of the * user space pages. We don't need them, and if we didn't close them -@@ -901,6 +920,8 @@ void do_exit(long code) +@@ -907,6 +926,8 @@ void do_exit(long code) struct task_struct *tsk = current; int group_dead; @@ -65991,7 +66439,7 @@ index 9d81012..d7911f1 100644 profile_task_exit(tsk); WARN_ON(blk_needs_flush_plug(tsk)); -@@ -917,7 +938,6 @@ void do_exit(long code) +@@ -923,7 +944,6 @@ void do_exit(long code) * mm_release()->clear_child_tid() from writing to a user-controlled * kernel address. */ @@ -65999,7 +66447,7 @@ index 9d81012..d7911f1 100644 ptrace_event(PTRACE_EVENT_EXIT, code); -@@ -978,6 +998,9 @@ void do_exit(long code) +@@ -985,6 +1005,9 @@ void do_exit(long code) tsk->exit_code = code; taskstats_exit(tsk, group_dead); @@ -66009,7 +66457,7 @@ index 9d81012..d7911f1 100644 exit_mm(tsk); if (group_dead) -@@ -1094,7 +1117,7 @@ SYSCALL_DEFINE1(exit, int, error_code) +@@ -1101,7 +1124,7 @@ SYSCALL_DEFINE1(exit, int, error_code) * Take down every thread in the group. This is called by fatal signals * as well as by sys_exit_group (below). */ @@ -66019,30 +66467,10 @@ index 9d81012..d7911f1 100644 { struct signal_struct *sig = current->signal; diff --git a/kernel/fork.c b/kernel/fork.c -index 8163333..aee97f3 100644 +index f00e319..c212fbc 100644 --- a/kernel/fork.c +++ b/kernel/fork.c -@@ -274,19 +274,24 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) - } - - err = arch_dup_task_struct(tsk, orig); -- if (err) -- goto out; - -+ /* -+ * We defer looking at err, because we will need this setup -+ * for the clean up path to work correctly. -+ */ - tsk->stack = ti; -- - setup_thread_stack(tsk, orig); -+ -+ if (err) -+ goto out; -+ - clear_user_return_notifier(tsk); - clear_tsk_need_resched(tsk); - stackend = end_of_stack(tsk); +@@ -321,7 +321,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) *stackend = STACK_END_MAGIC; /* for overflow detection */ #ifdef CONFIG_CC_STACKPROTECTOR @@ -66051,7 +66479,7 @@ index 8163333..aee97f3 100644 #endif /* -@@ -310,13 +315,78 @@ out: +@@ -345,13 +345,78 @@ out: } #ifdef CONFIG_MMU @@ -66132,7 +66560,7 @@ index 8163333..aee97f3 100644 down_write(&oldmm->mmap_sem); flush_cache_dup_mm(oldmm); -@@ -328,8 +398,8 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) +@@ -363,8 +428,8 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) mm->locked_vm = 0; mm->mmap = NULL; mm->mmap_cache = NULL; @@ -66143,7 +66571,7 @@ index 8163333..aee97f3 100644 mm->map_count = 0; cpumask_clear(mm_cpumask(mm)); mm->mm_rb = RB_ROOT; -@@ -345,8 +415,6 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) +@@ -380,8 +445,6 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) prev = NULL; for (mpnt = oldmm->mmap; mpnt; mpnt = mpnt->vm_next) { @@ -66152,7 +66580,7 @@ index 8163333..aee97f3 100644 if (mpnt->vm_flags & VM_DONTCOPY) { long pages = vma_pages(mpnt); mm->total_vm -= pages; -@@ -354,54 +422,11 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) +@@ -389,54 +452,11 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) -pages); continue; } @@ -66211,9 +66639,13 @@ index 8163333..aee97f3 100644 /* * Link in the new vma and copy the page table entries. -@@ -424,6 +449,31 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) +@@ -459,9 +479,34 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) if (retval) goto out; + +- if (file && uprobe_mmap(tmp)) ++ if (tmp->vm_file && uprobe_mmap(tmp)) + goto out; } + +#ifdef CONFIG_PAX_SEGMEXEC @@ -66243,7 +66675,7 @@ index 8163333..aee97f3 100644 /* a new mm has just been created */ arch_dup_mmap(oldmm, mm); retval = 0; -@@ -432,14 +482,6 @@ out: +@@ -470,14 +515,6 @@ out: flush_tlb_mm(oldmm); up_write(&oldmm->mmap_sem); return retval; @@ -66258,7 +66690,7 @@ index 8163333..aee97f3 100644 } static inline int mm_alloc_pgd(struct mm_struct *mm) -@@ -676,8 +718,8 @@ struct mm_struct *mm_access(struct task_struct *task, unsigned int mode) +@@ -714,8 +751,8 @@ struct mm_struct *mm_access(struct task_struct *task, unsigned int mode) return ERR_PTR(err); mm = get_task_mm(task); @@ -66269,7 +66701,7 @@ index 8163333..aee97f3 100644 mmput(mm); mm = ERR_PTR(-EACCES); } -@@ -899,13 +941,14 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk) +@@ -936,13 +973,14 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk) spin_unlock(&fs->lock); return -EAGAIN; } @@ -66285,7 +66717,7 @@ index 8163333..aee97f3 100644 return 0; } -@@ -1172,6 +1215,9 @@ static struct task_struct *copy_process(unsigned long clone_flags, +@@ -1209,6 +1247,9 @@ static struct task_struct *copy_process(unsigned long clone_flags, DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled); #endif retval = -EAGAIN; @@ -66295,7 +66727,7 @@ index 8163333..aee97f3 100644 if (atomic_read(&p->real_cred->user->processes) >= task_rlimit(p, RLIMIT_NPROC)) { if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) && -@@ -1392,6 +1438,9 @@ static struct task_struct *copy_process(unsigned long clone_flags, +@@ -1431,6 +1472,9 @@ static struct task_struct *copy_process(unsigned long clone_flags, /* Need tasklist lock for parent etc handling! */ write_lock_irq(&tasklist_lock); @@ -66305,7 +66737,7 @@ index 8163333..aee97f3 100644 /* CLONE_PARENT re-uses the old parent */ if (clone_flags & (CLONE_PARENT|CLONE_THREAD)) { p->real_parent = current->real_parent; -@@ -1502,6 +1551,8 @@ bad_fork_cleanup_count: +@@ -1541,6 +1585,8 @@ bad_fork_cleanup_count: bad_fork_free: free_task(p); fork_out: @@ -66314,7 +66746,7 @@ index 8163333..aee97f3 100644 return ERR_PTR(retval); } -@@ -1602,6 +1653,8 @@ long do_fork(unsigned long clone_flags, +@@ -1641,6 +1687,8 @@ long do_fork(unsigned long clone_flags, if (clone_flags & CLONE_PARENT_SETTID) put_user(nr, parent_tidptr); @@ -66323,7 +66755,7 @@ index 8163333..aee97f3 100644 if (clone_flags & CLONE_VFORK) { p->vfork_done = &vfork; init_completion(&vfork); -@@ -1700,7 +1753,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) +@@ -1739,7 +1787,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) return 0; /* don't need lock here; in the worst case we'll do useless copy */ @@ -66332,7 +66764,7 @@ index 8163333..aee97f3 100644 return 0; *new_fsp = copy_fs_struct(fs); -@@ -1789,7 +1842,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) +@@ -1828,7 +1876,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) fs = current->fs; spin_lock(&fs->lock); current->fs = new_fs; @@ -66343,7 +66775,7 @@ index 8163333..aee97f3 100644 else new_fs = fs; diff --git a/kernel/futex.c b/kernel/futex.c -index e2b0fb9..db818ac 100644 +index 3717e7b..473c750 100644 --- a/kernel/futex.c +++ b/kernel/futex.c @@ -54,6 +54,7 @@ @@ -66366,7 +66798,7 @@ index e2b0fb9..db818ac 100644 /* * The futex address must be "naturally" aligned. */ -@@ -2711,6 +2717,7 @@ static int __init futex_init(void) +@@ -2714,6 +2720,7 @@ static int __init futex_init(void) { u32 curval; int i; @@ -66374,7 +66806,7 @@ index e2b0fb9..db818ac 100644 /* * This will fail and we want it. Some arch implementations do -@@ -2722,8 +2729,11 @@ static int __init futex_init(void) +@@ -2725,8 +2732,11 @@ static int __init futex_init(void) * implementation, the non-functional ones will return * -ENOSYS. */ @@ -66460,7 +66892,7 @@ index 4304919..408c4c0 100644 static int diff --git a/kernel/kallsyms.c b/kernel/kallsyms.c -index 079f1d3..4e80e69 100644 +index 2169fee..45c017a 100644 --- a/kernel/kallsyms.c +++ b/kernel/kallsyms.c @@ -11,6 +11,9 @@ @@ -66536,7 +66968,7 @@ index 079f1d3..4e80e69 100644 if (all_var) return is_kernel(addr); -@@ -454,7 +493,6 @@ static unsigned long get_ksymbol_core(struct kallsym_iter *iter) +@@ -470,7 +509,6 @@ static unsigned long get_ksymbol_core(struct kallsym_iter *iter) static void reset_iter(struct kallsym_iter *iter, loff_t new_pos) { @@ -66544,7 +66976,7 @@ index 079f1d3..4e80e69 100644 iter->nameoff = get_symbol_offset(new_pos); iter->pos = new_pos; } -@@ -502,6 +540,11 @@ static int s_show(struct seq_file *m, void *p) +@@ -518,6 +556,11 @@ static int s_show(struct seq_file *m, void *p) { struct kallsym_iter *iter = m->private; @@ -66556,30 +66988,15 @@ index 079f1d3..4e80e69 100644 /* Some debugging symbols have no name. Ignore them. */ if (!iter->name[0]) return 0; -@@ -515,11 +558,22 @@ static int s_show(struct seq_file *m, void *p) +@@ -531,6 +574,7 @@ static int s_show(struct seq_file *m, void *p) */ type = iter->exported ? toupper(iter->type) : tolower(iter->type); + -+#ifdef CONFIG_GRKERNSEC_HIDESYM -+ seq_printf(m, "%pP %c %s\t[%s]\n", (void *)iter->value, -+ type, iter->name, iter->module_name); -+#else seq_printf(m, "%pK %c %s\t[%s]\n", (void *)iter->value, type, iter->name, iter->module_name); -+#endif } else -+#ifdef CONFIG_GRKERNSEC_HIDESYM -+ seq_printf(m, "%pP %c %s\n", (void *)iter->value, -+ iter->type, iter->name); -+#else - seq_printf(m, "%pK %c %s\n", (void *)iter->value, - iter->type, iter->name); -+#endif - return 0; - } - -@@ -540,7 +594,7 @@ static int kallsyms_open(struct inode *inode, struct file *file) +@@ -556,7 +600,7 @@ static int kallsyms_open(struct inode *inode, struct file *file) struct kallsym_iter *iter; int ret; @@ -66603,7 +67020,7 @@ index 4e2e472..cd0c7ae 100644 /* Don't allow clients that don't understand the native diff --git a/kernel/kmod.c b/kernel/kmod.c -index 05698a7..a4c1e3a 100644 +index ff2c7cb..085d7af 100644 --- a/kernel/kmod.c +++ b/kernel/kmod.c @@ -66,7 +66,7 @@ static void free_modprobe_argv(struct subprocess_info *info) @@ -66731,7 +67148,7 @@ index 05698a7..a4c1e3a 100644 EXPORT_SYMBOL(__request_module); #endif /* CONFIG_MODULES */ -@@ -267,7 +320,7 @@ static int wait_for_helper(void *data) +@@ -266,7 +319,7 @@ static int wait_for_helper(void *data) * * Thus the __user pointer cast is valid here. */ @@ -66839,7 +67256,7 @@ index 91c32a0..b2c71c5 100644 if (!name) { diff --git a/kernel/module.c b/kernel/module.c -index 78ac6ec..e87db0e 100644 +index 4edbd9c..165e780 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -58,6 +58,7 @@ @@ -67220,7 +67637,7 @@ index 78ac6ec..e87db0e 100644 mutex_unlock(&module_mutex); } return ret; -@@ -2543,8 +2581,14 @@ static struct module *setup_load_info(struct load_info *info) +@@ -2544,8 +2582,14 @@ static struct module *setup_load_info(struct load_info *info) static int check_modinfo(struct module *mod, struct load_info *info) { const char *modmagic = get_modinfo(info, "vermagic"); @@ -67235,7 +67652,7 @@ index 78ac6ec..e87db0e 100644 /* This is allowed: modprobe --force will invalidate it. */ if (!modmagic) { err = try_to_force_load(mod, "bad vermagic"); -@@ -2567,7 +2611,7 @@ static int check_modinfo(struct module *mod, struct load_info *info) +@@ -2568,7 +2612,7 @@ static int check_modinfo(struct module *mod, struct load_info *info) } /* Set up license info based on the info section */ @@ -67244,7 +67661,7 @@ index 78ac6ec..e87db0e 100644 return 0; } -@@ -2661,7 +2705,7 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2662,7 +2706,7 @@ static int move_module(struct module *mod, struct load_info *info) void *ptr; /* Do the allocs. */ @@ -67253,7 +67670,7 @@ index 78ac6ec..e87db0e 100644 /* * The pointer to this block is stored in the module structure * which is inside the block. Just mark it as not being a -@@ -2671,23 +2715,50 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2672,23 +2716,50 @@ static int move_module(struct module *mod, struct load_info *info) if (!ptr) return -ENOMEM; @@ -67312,7 +67729,7 @@ index 78ac6ec..e87db0e 100644 /* Transfer each section which specifies SHF_ALLOC */ pr_debug("final section addresses:\n"); -@@ -2698,16 +2769,45 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2699,16 +2770,45 @@ static int move_module(struct module *mod, struct load_info *info) if (!(shdr->sh_flags & SHF_ALLOC)) continue; @@ -67365,7 +67782,7 @@ index 78ac6ec..e87db0e 100644 pr_debug("\t0x%lx %s\n", (long)shdr->sh_addr, info->secstrings + shdr->sh_name); } -@@ -2758,12 +2858,12 @@ static void flush_module_icache(const struct module *mod) +@@ -2759,12 +2859,12 @@ static void flush_module_icache(const struct module *mod) * Do it before processing of module parameters, so the module * can provide parameter accessor functions of its own. */ @@ -67384,7 +67801,7 @@ index 78ac6ec..e87db0e 100644 set_fs(old_fs); } -@@ -2833,8 +2933,10 @@ out: +@@ -2834,8 +2934,10 @@ out: static void module_deallocate(struct module *mod, struct load_info *info) { percpu_modfree(mod); @@ -67397,7 +67814,17 @@ index 78ac6ec..e87db0e 100644 } int __weak module_finalize(const Elf_Ehdr *hdr, -@@ -2898,9 +3000,38 @@ static struct module *load_module(void __user *umod, +@@ -2848,7 +2950,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr, + static int post_relocation(struct module *mod, const struct load_info *info) + { + /* Sort exception table now relocations are done. */ ++ pax_open_kernel(); + sort_extable(mod->extable, mod->extable + mod->num_exentries); ++ pax_close_kernel(); + + /* Copy relocated percpu area over. */ + percpu_modcopy(mod, (void *)info->sechdrs[info->index.pcpu].sh_addr, +@@ -2899,9 +3003,38 @@ static struct module *load_module(void __user *umod, if (err) goto free_unload; @@ -67436,7 +67863,7 @@ index 78ac6ec..e87db0e 100644 /* Fix up syms, so that st_value is a pointer to location. */ err = simplify_symbols(mod, &info); if (err < 0) -@@ -2916,13 +3047,6 @@ static struct module *load_module(void __user *umod, +@@ -2917,13 +3050,6 @@ static struct module *load_module(void __user *umod, flush_module_icache(mod); @@ -67450,7 +67877,7 @@ index 78ac6ec..e87db0e 100644 /* Mark state as coming so strong_try_module_get() ignores us. */ mod->state = MODULE_STATE_COMING; -@@ -2980,11 +3104,10 @@ static struct module *load_module(void __user *umod, +@@ -2981,11 +3107,10 @@ static struct module *load_module(void __user *umod, unlock: mutex_unlock(&module_mutex); synchronize_sched(); @@ -67463,7 +67890,7 @@ index 78ac6ec..e87db0e 100644 free_unload: module_unload_free(mod); free_module: -@@ -3025,16 +3148,16 @@ SYSCALL_DEFINE3(init_module, void __user *, umod, +@@ -3026,16 +3151,16 @@ SYSCALL_DEFINE3(init_module, void __user *, umod, MODULE_STATE_COMING, mod); /* Set RO and NX regions for core */ @@ -67488,7 +67915,7 @@ index 78ac6ec..e87db0e 100644 do_mod_ctors(mod); /* Start the module */ -@@ -3080,11 +3203,12 @@ SYSCALL_DEFINE3(init_module, void __user *, umod, +@@ -3081,11 +3206,12 @@ SYSCALL_DEFINE3(init_module, void __user *, umod, mod->strtab = mod->core_strtab; #endif unset_module_init_ro_nx(mod); @@ -67506,7 +67933,7 @@ index 78ac6ec..e87db0e 100644 mutex_unlock(&module_mutex); return 0; -@@ -3115,10 +3239,16 @@ static const char *get_ksymbol(struct module *mod, +@@ -3116,10 +3242,16 @@ static const char *get_ksymbol(struct module *mod, unsigned long nextval; /* At worse, next value is at end of module */ @@ -67526,7 +67953,7 @@ index 78ac6ec..e87db0e 100644 /* Scan for closest preceding symbol, and next symbol. (ELF starts real symbols at 1). */ -@@ -3353,7 +3483,7 @@ static int m_show(struct seq_file *m, void *p) +@@ -3354,7 +3486,7 @@ static int m_show(struct seq_file *m, void *p) char buf[8]; seq_printf(m, "%s %u", @@ -67535,7 +67962,7 @@ index 78ac6ec..e87db0e 100644 print_unload_info(m, mod); /* Informative for users. */ -@@ -3362,7 +3492,7 @@ static int m_show(struct seq_file *m, void *p) +@@ -3363,7 +3495,7 @@ static int m_show(struct seq_file *m, void *p) mod->state == MODULE_STATE_COMING ? "Loading": "Live"); /* Used by oprofile and other similar tools. */ @@ -67544,7 +67971,7 @@ index 78ac6ec..e87db0e 100644 /* Taints info */ if (mod->taints) -@@ -3398,7 +3528,17 @@ static const struct file_operations proc_modules_operations = { +@@ -3399,7 +3531,17 @@ static const struct file_operations proc_modules_operations = { static int __init proc_modules_init(void) { @@ -67562,7 +67989,7 @@ index 78ac6ec..e87db0e 100644 return 0; } module_init(proc_modules_init); -@@ -3457,12 +3597,12 @@ struct module *__module_address(unsigned long addr) +@@ -3458,12 +3600,12 @@ struct module *__module_address(unsigned long addr) { struct module *mod; @@ -67578,7 +68005,7 @@ index 78ac6ec..e87db0e 100644 return mod; return NULL; } -@@ -3496,11 +3636,20 @@ bool is_module_text_address(unsigned long addr) +@@ -3497,11 +3639,20 @@ bool is_module_text_address(unsigned long addr) */ struct module *__module_text_address(unsigned long addr) { @@ -67683,10 +68110,25 @@ index a307cc9..27fd2e9 100644 /* set it to 0 if there are no waiters left: */ diff --git a/kernel/panic.c b/kernel/panic.c -index 9ed023b..e49543e 100644 +index d2a5f4e..5edc1d9 100644 --- a/kernel/panic.c +++ b/kernel/panic.c -@@ -402,7 +402,7 @@ static void warn_slowpath_common(const char *file, int line, void *caller, +@@ -75,6 +75,14 @@ void panic(const char *fmt, ...) + int state = 0; + + /* ++ * Disable local interrupts. This will prevent panic_smp_self_stop ++ * from deadlocking the first cpu that invokes the panic, since ++ * there is nothing to prevent an interrupt handler (that runs ++ * after the panic_lock is acquired) from invoking panic again. ++ */ ++ local_irq_disable(); ++ ++ /* + * It's possible to come here directly from a panic-assertion and + * not have preempt disabled. Some functions called from here want + * preempt to be disabled. No point enabling it later though... +@@ -402,7 +410,7 @@ static void warn_slowpath_common(const char *file, int line, void *caller, const char *board; printk(KERN_WARNING "------------[ cut here ]------------\n"); @@ -67695,7 +68137,7 @@ index 9ed023b..e49543e 100644 board = dmi_get_system_info(DMI_PRODUCT_NAME); if (board) printk(KERN_WARNING "Hardware name: %s\n", board); -@@ -457,7 +457,8 @@ EXPORT_SYMBOL(warn_slowpath_null); +@@ -457,7 +465,8 @@ EXPORT_SYMBOL(warn_slowpath_null); */ void __stack_chk_fail(void) { @@ -67706,7 +68148,7 @@ index 9ed023b..e49543e 100644 } EXPORT_SYMBOL(__stack_chk_fail); diff --git a/kernel/pid.c b/kernel/pid.c -index 9f08dfa..6765c40 100644 +index e86b291a..e8b0fb5 100644 --- a/kernel/pid.c +++ b/kernel/pid.c @@ -33,6 +33,7 @@ @@ -67948,10 +68390,10 @@ index 19db29f..33b52b6 100644 if (pm_wakeup_pending()) { diff --git a/kernel/printk.c b/kernel/printk.c -index b663c2c..1d6ba7a 100644 +index 21bea76..f55ef3e 100644 --- a/kernel/printk.c +++ b/kernel/printk.c -@@ -316,6 +316,11 @@ static int check_syslog_permissions(int type, bool from_file) +@@ -782,6 +782,11 @@ static int check_syslog_permissions(int type, bool from_file) if (from_file && type != SYSLOG_ACTION_OPEN) return 0; @@ -68025,10 +68467,10 @@ index 76b8e77..a2930e8 100644 } diff --git a/kernel/ptrace.c b/kernel/ptrace.c -index ee8d49b..bd3d790 100644 +index a232bb5..2a65ef9 100644 --- a/kernel/ptrace.c +++ b/kernel/ptrace.c -@@ -280,7 +280,7 @@ static int ptrace_attach(struct task_struct *task, long request, +@@ -279,7 +279,7 @@ static int ptrace_attach(struct task_struct *task, long request, if (seize) flags |= PT_SEIZED; @@ -68037,7 +68479,7 @@ index ee8d49b..bd3d790 100644 flags |= PT_PTRACE_CAP; task->ptrace = flags; -@@ -487,7 +487,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst +@@ -486,7 +486,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst break; return -EIO; } @@ -68046,7 +68488,7 @@ index ee8d49b..bd3d790 100644 return -EFAULT; copied += retval; src += retval; -@@ -672,7 +672,7 @@ int ptrace_request(struct task_struct *child, long request, +@@ -671,7 +671,7 @@ int ptrace_request(struct task_struct *child, long request, bool seized = child->ptrace & PT_SEIZED; int ret = -EIO; siginfo_t siginfo, *si; @@ -68055,7 +68497,7 @@ index ee8d49b..bd3d790 100644 unsigned long __user *datalp = datavp; unsigned long flags; -@@ -874,14 +874,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr, +@@ -873,14 +873,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr, goto out; } @@ -68078,7 +68520,7 @@ index ee8d49b..bd3d790 100644 goto out_put_task_struct; } -@@ -907,7 +914,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr, +@@ -906,7 +913,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr, copied = access_process_vm(tsk, addr, &tmp, sizeof(tmp), 0); if (copied != sizeof(tmp)) return -EIO; @@ -68087,7 +68529,7 @@ index ee8d49b..bd3d790 100644 } int generic_ptrace_pokedata(struct task_struct *tsk, unsigned long addr, -@@ -1017,14 +1024,21 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid, +@@ -1016,14 +1023,21 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid, goto out; } @@ -68133,10 +68575,10 @@ index 37a5444..eec170a 100644 __rcu_process_callbacks(&rcu_sched_ctrlblk); __rcu_process_callbacks(&rcu_bh_ctrlblk); diff --git a/kernel/rcutiny_plugin.h b/kernel/rcutiny_plugin.h -index 22ecea0..3789898 100644 +index fc31a2d..be2ec04 100644 --- a/kernel/rcutiny_plugin.h +++ b/kernel/rcutiny_plugin.h -@@ -955,7 +955,7 @@ static int rcu_kthread(void *arg) +@@ -939,7 +939,7 @@ static int rcu_kthread(void *arg) have_rcu_kthread_work = morework; local_irq_restore(flags); if (work) @@ -68146,10 +68588,10 @@ index 22ecea0..3789898 100644 } diff --git a/kernel/rcutorture.c b/kernel/rcutorture.c -index a89b381..efdcad8 100644 +index e66b34a..4b8b626 100644 --- a/kernel/rcutorture.c +++ b/kernel/rcutorture.c -@@ -158,12 +158,12 @@ static DEFINE_PER_CPU(long [RCU_TORTURE_PIPE_LEN + 1], rcu_torture_count) = +@@ -163,12 +163,12 @@ static DEFINE_PER_CPU(long [RCU_TORTURE_PIPE_LEN + 1], rcu_torture_count) = { 0 }; static DEFINE_PER_CPU(long [RCU_TORTURE_PIPE_LEN + 1], rcu_torture_batch) = { 0 }; @@ -68165,10 +68607,10 @@ index a89b381..efdcad8 100644 +static atomic_unchecked_t n_rcu_torture_free; +static atomic_unchecked_t n_rcu_torture_mberror; +static atomic_unchecked_t n_rcu_torture_error; + static long n_rcu_torture_barrier_error; static long n_rcu_torture_boost_ktrerror; static long n_rcu_torture_boost_rterror; - static long n_rcu_torture_boost_failure; -@@ -253,11 +253,11 @@ rcu_torture_alloc(void) +@@ -265,11 +265,11 @@ rcu_torture_alloc(void) spin_lock_bh(&rcu_torture_lock); if (list_empty(&rcu_torture_freelist)) { @@ -68182,7 +68624,7 @@ index a89b381..efdcad8 100644 p = rcu_torture_freelist.next; list_del_init(p); spin_unlock_bh(&rcu_torture_lock); -@@ -270,7 +270,7 @@ rcu_torture_alloc(void) +@@ -282,7 +282,7 @@ rcu_torture_alloc(void) static void rcu_torture_free(struct rcu_torture *p) { @@ -68191,7 +68633,7 @@ index a89b381..efdcad8 100644 spin_lock_bh(&rcu_torture_lock); list_add_tail(&p->rtort_free, &rcu_torture_freelist); spin_unlock_bh(&rcu_torture_lock); -@@ -390,7 +390,7 @@ rcu_torture_cb(struct rcu_head *p) +@@ -403,7 +403,7 @@ rcu_torture_cb(struct rcu_head *p) i = rp->rtort_pipe_count; if (i > RCU_TORTURE_PIPE_LEN) i = RCU_TORTURE_PIPE_LEN; @@ -68200,7 +68642,7 @@ index a89b381..efdcad8 100644 if (++rp->rtort_pipe_count >= RCU_TORTURE_PIPE_LEN) { rp->rtort_mbtest = 0; rcu_torture_free(rp); -@@ -437,7 +437,7 @@ static void rcu_sync_torture_deferred_free(struct rcu_torture *p) +@@ -451,7 +451,7 @@ static void rcu_sync_torture_deferred_free(struct rcu_torture *p) i = rp->rtort_pipe_count; if (i > RCU_TORTURE_PIPE_LEN) i = RCU_TORTURE_PIPE_LEN; @@ -68209,7 +68651,7 @@ index a89b381..efdcad8 100644 if (++rp->rtort_pipe_count >= RCU_TORTURE_PIPE_LEN) { rp->rtort_mbtest = 0; list_del(&rp->rtort_free); -@@ -926,7 +926,7 @@ rcu_torture_writer(void *arg) +@@ -983,7 +983,7 @@ rcu_torture_writer(void *arg) i = old_rp->rtort_pipe_count; if (i > RCU_TORTURE_PIPE_LEN) i = RCU_TORTURE_PIPE_LEN; @@ -68218,7 +68660,7 @@ index a89b381..efdcad8 100644 old_rp->rtort_pipe_count++; cur_ops->deferred_free(old_rp); } -@@ -1007,7 +1007,7 @@ static void rcu_torture_timer(unsigned long unused) +@@ -1064,7 +1064,7 @@ static void rcu_torture_timer(unsigned long unused) } do_trace_rcu_torture_read(cur_ops->name, &p->rtort_rcu); if (p->rtort_mbtest == 0) @@ -68227,7 +68669,7 @@ index a89b381..efdcad8 100644 spin_lock(&rand_lock); cur_ops->read_delay(&rand); n_rcu_torture_timers++; -@@ -1071,7 +1071,7 @@ rcu_torture_reader(void *arg) +@@ -1128,7 +1128,7 @@ rcu_torture_reader(void *arg) } do_trace_rcu_torture_read(cur_ops->name, &p->rtort_rcu); if (p->rtort_mbtest == 0) @@ -68236,7 +68678,7 @@ index a89b381..efdcad8 100644 cur_ops->read_delay(&rand); preempt_disable(); pipe_count = p->rtort_pipe_count; -@@ -1133,10 +1133,10 @@ rcu_torture_printk(char *page) +@@ -1191,10 +1191,10 @@ rcu_torture_printk(char *page) rcu_torture_current, rcu_torture_current_version, list_empty(&rcu_torture_freelist), @@ -68251,25 +68693,24 @@ index a89b381..efdcad8 100644 n_rcu_torture_boost_ktrerror, n_rcu_torture_boost_rterror, n_rcu_torture_boost_failure, -@@ -1146,7 +1146,7 @@ rcu_torture_printk(char *page) - n_online_attempts, - n_offline_successes, - n_offline_attempts); +@@ -1208,14 +1208,14 @@ rcu_torture_printk(char *page) + n_barrier_attempts, + n_rcu_torture_barrier_error); + cnt += sprintf(&page[cnt], "\n%s%s ", torture_type, TORTURE_FLAG); - if (atomic_read(&n_rcu_torture_mberror) != 0 || + if (atomic_read_unchecked(&n_rcu_torture_mberror) != 0 || + n_rcu_torture_barrier_error != 0 || n_rcu_torture_boost_ktrerror != 0 || n_rcu_torture_boost_rterror != 0 || - n_rcu_torture_boost_failure != 0) -@@ -1154,7 +1154,7 @@ rcu_torture_printk(char *page) - cnt += sprintf(&page[cnt], "\n%s%s ", torture_type, TORTURE_FLAG); - if (i > 1) { + n_rcu_torture_boost_failure != 0 || + i > 1) { cnt += sprintf(&page[cnt], "!!! "); - atomic_inc(&n_rcu_torture_error); + atomic_inc_unchecked(&n_rcu_torture_error); WARN_ON_ONCE(1); } cnt += sprintf(&page[cnt], "Reader Pipe: "); -@@ -1168,7 +1168,7 @@ rcu_torture_printk(char *page) +@@ -1229,7 +1229,7 @@ rcu_torture_printk(char *page) cnt += sprintf(&page[cnt], "Free-Block Circulation: "); for (i = 0; i < RCU_TORTURE_PIPE_LEN + 1; i++) { cnt += sprintf(&page[cnt], " %d", @@ -68278,16 +68719,16 @@ index a89b381..efdcad8 100644 } cnt += sprintf(&page[cnt], "\n"); if (cur_ops->stats) -@@ -1676,7 +1676,7 @@ rcu_torture_cleanup(void) +@@ -1888,7 +1888,7 @@ rcu_torture_cleanup(void) if (cur_ops->cleanup) cur_ops->cleanup(); -- if (atomic_read(&n_rcu_torture_error)) -+ if (atomic_read_unchecked(&n_rcu_torture_error)) +- if (atomic_read(&n_rcu_torture_error) || n_rcu_torture_barrier_error) ++ if (atomic_read_unchecked(&n_rcu_torture_error) || n_rcu_torture_barrier_error) rcu_torture_print_module_parms(cur_ops, "End of test: FAILURE"); else if (n_online_successes != n_online_attempts || n_offline_successes != n_offline_attempts) -@@ -1744,17 +1744,17 @@ rcu_torture_init(void) +@@ -1958,18 +1958,18 @@ rcu_torture_init(void) rcu_torture_current = NULL; rcu_torture_current_version = 0; @@ -68301,6 +68742,7 @@ index a89b381..efdcad8 100644 + atomic_set_unchecked(&n_rcu_torture_free, 0); + atomic_set_unchecked(&n_rcu_torture_mberror, 0); + atomic_set_unchecked(&n_rcu_torture_error, 0); + n_rcu_torture_barrier_error = 0; n_rcu_torture_boost_ktrerror = 0; n_rcu_torture_boost_rterror = 0; n_rcu_torture_boost_failure = 0; @@ -68312,10 +68754,10 @@ index a89b381..efdcad8 100644 for (i = 0; i < RCU_TORTURE_PIPE_LEN + 1; i++) { per_cpu(rcu_torture_count, cpu)[i] = 0; diff --git a/kernel/rcutree.c b/kernel/rcutree.c -index d0c5baf..109b2e7 100644 +index 4b97bba..b92c9d2 100644 --- a/kernel/rcutree.c +++ b/kernel/rcutree.c -@@ -357,9 +357,9 @@ static void rcu_idle_enter_common(struct rcu_dynticks *rdtp, long long oldval) +@@ -366,9 +366,9 @@ static void rcu_idle_enter_common(struct rcu_dynticks *rdtp, long long oldval) rcu_prepare_for_idle(smp_processor_id()); /* CPUs seeing atomic_inc() must see prior RCU read-side crit sects */ smp_mb__before_atomic_inc(); /* See above. */ @@ -68327,7 +68769,7 @@ index d0c5baf..109b2e7 100644 /* * The idle task is not permitted to enter the idle loop while -@@ -448,10 +448,10 @@ void rcu_irq_exit(void) +@@ -457,10 +457,10 @@ void rcu_irq_exit(void) static void rcu_idle_exit_common(struct rcu_dynticks *rdtp, long long oldval) { smp_mb__before_atomic_inc(); /* Force ordering w/previous sojourn. */ @@ -68340,7 +68782,7 @@ index d0c5baf..109b2e7 100644 rcu_cleanup_after_idle(smp_processor_id()); trace_rcu_dyntick("End", oldval, rdtp->dynticks_nesting); if (!is_idle_task(current)) { -@@ -545,14 +545,14 @@ void rcu_nmi_enter(void) +@@ -554,14 +554,14 @@ void rcu_nmi_enter(void) struct rcu_dynticks *rdtp = &__get_cpu_var(rcu_dynticks); if (rdtp->dynticks_nmi_nesting == 0 && @@ -68358,7 +68800,7 @@ index d0c5baf..109b2e7 100644 } /** -@@ -571,9 +571,9 @@ void rcu_nmi_exit(void) +@@ -580,9 +580,9 @@ void rcu_nmi_exit(void) return; /* CPUs seeing atomic_inc() must see prior RCU read-side crit sects */ smp_mb__before_atomic_inc(); /* See above. */ @@ -68370,7 +68812,7 @@ index d0c5baf..109b2e7 100644 } #ifdef CONFIG_PROVE_RCU -@@ -589,7 +589,7 @@ int rcu_is_cpu_idle(void) +@@ -598,7 +598,7 @@ int rcu_is_cpu_idle(void) int ret; preempt_disable(); @@ -68379,7 +68821,7 @@ index d0c5baf..109b2e7 100644 preempt_enable(); return ret; } -@@ -659,7 +659,7 @@ int rcu_is_cpu_rrupt_from_idle(void) +@@ -668,7 +668,7 @@ int rcu_is_cpu_rrupt_from_idle(void) */ static int dyntick_save_progress_counter(struct rcu_data *rdp) { @@ -68388,7 +68830,7 @@ index d0c5baf..109b2e7 100644 return (rdp->dynticks_snap & 0x1) == 0; } -@@ -674,7 +674,7 @@ static int rcu_implicit_dynticks_qs(struct rcu_data *rdp) +@@ -683,7 +683,7 @@ static int rcu_implicit_dynticks_qs(struct rcu_data *rdp) unsigned int curr; unsigned int snap; @@ -68397,7 +68839,7 @@ index d0c5baf..109b2e7 100644 snap = (unsigned int)rdp->dynticks_snap; /* -@@ -704,10 +704,10 @@ static int jiffies_till_stall_check(void) +@@ -713,10 +713,10 @@ static int jiffies_till_stall_check(void) * for CONFIG_RCU_CPU_STALL_TIMEOUT. */ if (till_stall_check < 3) { @@ -68410,7 +68852,7 @@ index d0c5baf..109b2e7 100644 till_stall_check = 300; } return till_stall_check * HZ + RCU_STALL_DELAY_DELTA; -@@ -1766,7 +1766,7 @@ __rcu_process_callbacks(struct rcu_state *rsp, struct rcu_data *rdp) +@@ -1824,7 +1824,7 @@ __rcu_process_callbacks(struct rcu_state *rsp, struct rcu_data *rdp) /* * Do RCU core processing for the current CPU. */ @@ -68419,7 +68861,7 @@ index d0c5baf..109b2e7 100644 { trace_rcu_utilization("Start RCU core"); __rcu_process_callbacks(&rcu_sched_state, -@@ -1949,8 +1949,8 @@ void synchronize_rcu_bh(void) +@@ -2042,8 +2042,8 @@ void synchronize_rcu_bh(void) } EXPORT_SYMBOL_GPL(synchronize_rcu_bh); @@ -68430,7 +68872,7 @@ index d0c5baf..109b2e7 100644 static int synchronize_sched_expedited_cpu_stop(void *data) { -@@ -2011,7 +2011,7 @@ void synchronize_sched_expedited(void) +@@ -2104,7 +2104,7 @@ void synchronize_sched_expedited(void) int firstsnap, s, snap, trycount = 0; /* Note that atomic_inc_return() implies full memory barrier. */ @@ -68439,7 +68881,7 @@ index d0c5baf..109b2e7 100644 get_online_cpus(); WARN_ON_ONCE(cpu_is_offline(raw_smp_processor_id())); -@@ -2033,7 +2033,7 @@ void synchronize_sched_expedited(void) +@@ -2126,7 +2126,7 @@ void synchronize_sched_expedited(void) } /* Check to see if someone else did our work for us. */ @@ -68448,7 +68890,7 @@ index d0c5baf..109b2e7 100644 if (UINT_CMP_GE((unsigned)s, (unsigned)firstsnap)) { smp_mb(); /* ensure test happens before caller kfree */ return; -@@ -2048,7 +2048,7 @@ void synchronize_sched_expedited(void) +@@ -2141,7 +2141,7 @@ void synchronize_sched_expedited(void) * grace period works for us. */ get_online_cpus(); @@ -68457,7 +68899,7 @@ index d0c5baf..109b2e7 100644 smp_mb(); /* ensure read is before try_stop_cpus(). */ } -@@ -2059,12 +2059,12 @@ void synchronize_sched_expedited(void) +@@ -2152,12 +2152,12 @@ void synchronize_sched_expedited(void) * than we did beat us to the punch. */ do { @@ -68472,7 +68914,7 @@ index d0c5baf..109b2e7 100644 put_online_cpus(); } -@@ -2262,7 +2262,7 @@ rcu_boot_init_percpu_data(int cpu, struct rcu_state *rsp) +@@ -2421,7 +2421,7 @@ rcu_boot_init_percpu_data(int cpu, struct rcu_state *rsp) rdp->qlen = 0; rdp->dynticks = &per_cpu(rcu_dynticks, cpu); WARN_ON_ONCE(rdp->dynticks->dynticks_nesting != DYNTICK_TASK_EXIT_IDLE); @@ -68481,7 +68923,7 @@ index d0c5baf..109b2e7 100644 rdp->cpu = cpu; rdp->rsp = rsp; raw_spin_unlock_irqrestore(&rnp->lock, flags); -@@ -2290,8 +2290,8 @@ rcu_init_percpu_data(int cpu, struct rcu_state *rsp, int preemptible) +@@ -2449,8 +2449,8 @@ rcu_init_percpu_data(int cpu, struct rcu_state *rsp, int preemptible) rdp->n_force_qs_snap = rsp->n_force_qs; rdp->blimit = blimit; rdp->dynticks->dynticks_nesting = DYNTICK_TASK_EXIT_IDLE; @@ -68493,20 +68935,20 @@ index d0c5baf..109b2e7 100644 raw_spin_unlock(&rnp->lock); /* irqs remain disabled. */ diff --git a/kernel/rcutree.h b/kernel/rcutree.h -index cdd1be0..5b2efb4 100644 +index 19b61ac..5c60a94 100644 --- a/kernel/rcutree.h +++ b/kernel/rcutree.h -@@ -87,7 +87,7 @@ struct rcu_dynticks { +@@ -83,7 +83,7 @@ struct rcu_dynticks { long long dynticks_nesting; /* Track irq/process nesting level. */ /* Process level is worth LLONG_MAX/2. */ int dynticks_nmi_nesting; /* Track NMI nesting level. */ - atomic_t dynticks; /* Even value for idle, else odd. */ + atomic_unchecked_t dynticks;/* Even value for idle, else odd. */ - }; - - /* RCU's kthread states for tracing. */ + #ifdef CONFIG_RCU_FAST_NO_HZ + int dyntick_drain; /* Prepare-for-idle state variable. */ + unsigned long dyntick_holdoff; diff --git a/kernel/rcutree_plugin.h b/kernel/rcutree_plugin.h -index c023464..7f57225 100644 +index 3e48994..d94f03a 100644 --- a/kernel/rcutree_plugin.h +++ b/kernel/rcutree_plugin.h @@ -909,7 +909,7 @@ void synchronize_rcu_expedited(void) @@ -68519,7 +68961,7 @@ index c023464..7f57225 100644 mutex_unlock(&sync_rcu_preempt_exp_mutex); mb_ret: diff --git a/kernel/rcutree_trace.c b/kernel/rcutree_trace.c -index ed459ed..a03c3fa 100644 +index d4bc16d..c234a5c 100644 --- a/kernel/rcutree_trace.c +++ b/kernel/rcutree_trace.c @@ -68,7 +68,7 @@ static void print_one_rcu_data(struct seq_file *m, struct rcu_data *rdp) @@ -68541,7 +68983,7 @@ index ed459ed..a03c3fa 100644 rdp->dynticks->dynticks_nmi_nesting, rdp->dynticks_fqs); diff --git a/kernel/resource.c b/kernel/resource.c -index 7e8ea66..1efd11f 100644 +index e1d2b8e..24820bb 100644 --- a/kernel/resource.c +++ b/kernel/resource.c @@ -141,8 +141,18 @@ static const struct file_operations proc_iomem_operations = { @@ -68680,10 +69122,10 @@ index 0984a21..939f183 100644 #ifdef CONFIG_RT_GROUP_SCHED /* diff --git a/kernel/sched/core.c b/kernel/sched/core.c -index 817bf70..9099fb4 100644 +index 468bdd4..b941572 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c -@@ -4038,6 +4038,8 @@ int can_nice(const struct task_struct *p, const int nice) +@@ -4097,6 +4097,8 @@ int can_nice(const struct task_struct *p, const int nice) /* convert nice value [19,-20] to rlimit style value [1,40] */ int nice_rlim = 20 - nice; @@ -68692,7 +69134,7 @@ index 817bf70..9099fb4 100644 return (nice_rlim <= task_rlimit(p, RLIMIT_NICE) || capable(CAP_SYS_NICE)); } -@@ -4071,7 +4073,8 @@ SYSCALL_DEFINE1(nice, int, increment) +@@ -4130,7 +4132,8 @@ SYSCALL_DEFINE1(nice, int, increment) if (nice > 19) nice = 19; @@ -68702,7 +69144,7 @@ index 817bf70..9099fb4 100644 return -EPERM; retval = security_task_setnice(current, nice); -@@ -4228,6 +4231,7 @@ recheck: +@@ -4284,6 +4287,7 @@ recheck: unsigned long rlim_rtprio = task_rlimit(p, RLIMIT_RTPRIO); @@ -68711,10 +69153,10 @@ index 817bf70..9099fb4 100644 if (policy != p->policy && !rlim_rtprio) return -EPERM; diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c -index e955364..eacd2a4 100644 +index c099cc6..06aec4f 100644 --- a/kernel/sched/fair.c +++ b/kernel/sched/fair.c -@@ -5107,7 +5107,7 @@ static void nohz_idle_balance(int this_cpu, enum cpu_idle_type idle) { } +@@ -4846,7 +4846,7 @@ static void nohz_idle_balance(int this_cpu, enum cpu_idle_type idle) { } * run_rebalance_domains is triggered when needed from the scheduler tick. * Also triggered for nohz idle balancing (with nohz_balancing_kick set). */ @@ -68724,10 +69166,10 @@ index e955364..eacd2a4 100644 int this_cpu = smp_processor_id(); struct rq *this_rq = cpu_rq(this_cpu); diff --git a/kernel/signal.c b/kernel/signal.c -index 17afcaf..4500b05 100644 +index 6771027..763e51e 100644 --- a/kernel/signal.c +++ b/kernel/signal.c -@@ -47,12 +47,12 @@ static struct kmem_cache *sigqueue_cachep; +@@ -48,12 +48,12 @@ static struct kmem_cache *sigqueue_cachep; int print_fatal_signals __read_mostly; @@ -68742,7 +69184,7 @@ index 17afcaf..4500b05 100644 { /* Is it explicitly or implicitly ignored? */ return handler == SIG_IGN || -@@ -61,7 +61,7 @@ static int sig_handler_ignored(void __user *handler, int sig) +@@ -62,7 +62,7 @@ static int sig_handler_ignored(void __user *handler, int sig) static int sig_task_ignored(struct task_struct *t, int sig, bool force) { @@ -68751,7 +69193,7 @@ index 17afcaf..4500b05 100644 handler = sig_handler(t, sig); -@@ -365,6 +365,9 @@ __sigqueue_alloc(int sig, struct task_struct *t, gfp_t flags, int override_rlimi +@@ -366,6 +366,9 @@ __sigqueue_alloc(int sig, struct task_struct *t, gfp_t flags, int override_rlimi atomic_inc(&user->sigpending); rcu_read_unlock(); @@ -68761,7 +69203,7 @@ index 17afcaf..4500b05 100644 if (override_rlimit || atomic_read(&user->sigpending) <= task_rlimit(t, RLIMIT_SIGPENDING)) { -@@ -489,7 +492,7 @@ flush_signal_handlers(struct task_struct *t, int force_default) +@@ -490,7 +493,7 @@ flush_signal_handlers(struct task_struct *t, int force_default) int unhandled_signal(struct task_struct *tsk, int sig) { @@ -68784,7 +69226,7 @@ index 17afcaf..4500b05 100644 return security_task_kill(t, info, sig, 0); } -@@ -1204,7 +1214,7 @@ __group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p) +@@ -1197,7 +1207,7 @@ __group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p) return send_signal(sig, info, p, 1); } @@ -68793,7 +69235,7 @@ index 17afcaf..4500b05 100644 specific_send_sig_info(int sig, struct siginfo *info, struct task_struct *t) { return send_signal(sig, info, t, 0); -@@ -1241,6 +1251,7 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t) +@@ -1234,6 +1244,7 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t) unsigned long int flags; int ret, blocked, ignored; struct k_sigaction *action; @@ -68801,7 +69243,7 @@ index 17afcaf..4500b05 100644 spin_lock_irqsave(&t->sighand->siglock, flags); action = &t->sighand->action[sig-1]; -@@ -1255,9 +1266,18 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t) +@@ -1248,9 +1259,18 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t) } if (action->sa.sa_handler == SIG_DFL) t->signal->flags &= ~SIGNAL_UNKILLABLE; @@ -68820,7 +69262,7 @@ index 17afcaf..4500b05 100644 return ret; } -@@ -1324,8 +1344,11 @@ int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p) +@@ -1317,8 +1337,11 @@ int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p) ret = check_kill_permission(sig, info, p); rcu_read_unlock(); @@ -68833,7 +69275,7 @@ index 17afcaf..4500b05 100644 return ret; } -@@ -2840,7 +2863,15 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info) +@@ -2858,7 +2881,15 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info) int error = -ESRCH; rcu_read_lock(); @@ -68851,10 +69293,10 @@ index 17afcaf..4500b05 100644 error = check_kill_permission(sig, info, p); /* diff --git a/kernel/smp.c b/kernel/smp.c -index 2f8b10e..a41bc14 100644 +index d0ae5b2..b87c5a8 100644 --- a/kernel/smp.c +++ b/kernel/smp.c -@@ -580,22 +580,22 @@ int smp_call_function(smp_call_func_t func, void *info, int wait) +@@ -582,22 +582,22 @@ int smp_call_function(smp_call_func_t func, void *info, int wait) } EXPORT_SYMBOL(smp_call_function); @@ -68935,11 +69377,36 @@ index 671f959..91c51cb 100644 { struct tasklet_struct *list; +diff --git a/kernel/srcu.c b/kernel/srcu.c +index 2095be3..9a5b89d 100644 +--- a/kernel/srcu.c ++++ b/kernel/srcu.c +@@ -302,9 +302,9 @@ int __srcu_read_lock(struct srcu_struct *sp) + preempt_disable(); + idx = rcu_dereference_index_check(sp->completed, + rcu_read_lock_sched_held()) & 0x1; +- ACCESS_ONCE(this_cpu_ptr(sp->per_cpu_ref)->c[idx]) += 1; ++ ACCESS_ONCE_RW(this_cpu_ptr(sp->per_cpu_ref)->c[idx]) += 1; + smp_mb(); /* B */ /* Avoid leaking the critical section. */ +- ACCESS_ONCE(this_cpu_ptr(sp->per_cpu_ref)->seq[idx]) += 1; ++ ACCESS_ONCE_RW(this_cpu_ptr(sp->per_cpu_ref)->seq[idx]) += 1; + preempt_enable(); + return idx; + } +@@ -320,7 +320,7 @@ void __srcu_read_unlock(struct srcu_struct *sp, int idx) + { + preempt_disable(); + smp_mb(); /* C */ /* Avoid leaking the critical section. */ +- ACCESS_ONCE(this_cpu_ptr(sp->per_cpu_ref)->c[idx]) -= 1; ++ ACCESS_ONCE_RW(this_cpu_ptr(sp->per_cpu_ref)->c[idx]) -= 1; + preempt_enable(); + } + EXPORT_SYMBOL_GPL(__srcu_read_unlock); diff --git a/kernel/sys.c b/kernel/sys.c -index e7006eb..8fb7c51 100644 +index 2d39a84..f778b49 100644 --- a/kernel/sys.c +++ b/kernel/sys.c -@@ -158,6 +158,12 @@ static int set_one_prio(struct task_struct *p, int niceval, int error) +@@ -157,6 +157,12 @@ static int set_one_prio(struct task_struct *p, int niceval, int error) error = -EACCES; goto out; } @@ -68952,7 +69419,7 @@ index e7006eb..8fb7c51 100644 no_nice = security_task_setnice(p, niceval); if (no_nice) { error = no_nice; -@@ -581,6 +587,9 @@ SYSCALL_DEFINE2(setregid, gid_t, rgid, gid_t, egid) +@@ -594,6 +600,9 @@ SYSCALL_DEFINE2(setregid, gid_t, rgid, gid_t, egid) goto error; } @@ -68960,20 +69427,20 @@ index e7006eb..8fb7c51 100644 + goto error; + if (rgid != (gid_t) -1 || - (egid != (gid_t) -1 && egid != old->gid)) + (egid != (gid_t) -1 && !gid_eq(kegid, old->gid))) new->sgid = new->egid; -@@ -610,6 +619,10 @@ SYSCALL_DEFINE1(setgid, gid_t, gid) +@@ -629,6 +638,10 @@ SYSCALL_DEFINE1(setgid, gid_t, gid) old = current_cred(); retval = -EPERM; + -+ if (gr_check_group_change(gid, gid, gid)) ++ if (gr_check_group_change(kgid, kgid, kgid)) + goto error; + if (nsown_capable(CAP_SETGID)) - new->gid = new->egid = new->sgid = new->fsgid = gid; - else if (gid == old->gid || gid == old->sgid) -@@ -627,7 +640,7 @@ error: + new->gid = new->egid = new->sgid = new->fsgid = kgid; + else if (gid_eq(kgid, old->gid) || gid_eq(kgid, old->sgid)) +@@ -646,7 +659,7 @@ error: /* * change the user struct in a credentials set to match the new UID */ @@ -68982,60 +69449,60 @@ index e7006eb..8fb7c51 100644 { struct user_struct *new_user; -@@ -697,6 +710,9 @@ SYSCALL_DEFINE2(setreuid, uid_t, ruid, uid_t, euid) +@@ -726,6 +739,9 @@ SYSCALL_DEFINE2(setreuid, uid_t, ruid, uid_t, euid) goto error; } + if (gr_check_user_change(new->uid, new->euid, -1)) + goto error; + - if (new->uid != old->uid) { + if (!uid_eq(new->uid, old->uid)) { retval = set_user(new); if (retval < 0) -@@ -741,6 +757,12 @@ SYSCALL_DEFINE1(setuid, uid_t, uid) +@@ -776,6 +792,12 @@ SYSCALL_DEFINE1(setuid, uid_t, uid) old = current_cred(); retval = -EPERM; + -+ if (gr_check_crash_uid(uid)) ++ if (gr_check_crash_uid(kuid)) + goto error; -+ if (gr_check_user_change(uid, uid, uid)) ++ if (gr_check_user_change(kuid, kuid, kuid)) + goto error; + if (nsown_capable(CAP_SETUID)) { - new->suid = new->uid = uid; - if (uid != old->uid) { -@@ -795,6 +817,9 @@ SYSCALL_DEFINE3(setresuid, uid_t, ruid, uid_t, euid, uid_t, suid) + new->suid = new->uid = kuid; + if (!uid_eq(kuid, old->uid)) { +@@ -845,6 +867,9 @@ SYSCALL_DEFINE3(setresuid, uid_t, ruid, uid_t, euid, uid_t, suid) goto error; } -+ if (gr_check_user_change(ruid, euid, -1)) ++ if (gr_check_user_change(kruid, keuid, -1)) + goto error; + if (ruid != (uid_t) -1) { - new->uid = ruid; - if (ruid != old->uid) { -@@ -859,6 +884,9 @@ SYSCALL_DEFINE3(setresgid, gid_t, rgid, gid_t, egid, gid_t, sgid) + new->uid = kruid; + if (!uid_eq(kruid, old->uid)) { +@@ -927,6 +952,9 @@ SYSCALL_DEFINE3(setresgid, gid_t, rgid, gid_t, egid, gid_t, sgid) goto error; } -+ if (gr_check_group_change(rgid, egid, -1)) ++ if (gr_check_group_change(krgid, kegid, -1)) + goto error; + if (rgid != (gid_t) -1) - new->gid = rgid; + new->gid = krgid; if (egid != (gid_t) -1) -@@ -905,6 +933,9 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid) - old = current_cred(); - old_fsuid = old->fsuid; +@@ -980,6 +1008,9 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid) + if (!uid_valid(kuid)) + return old_fsuid; -+ if (gr_check_user_change(-1, -1, uid)) ++ if (gr_check_user_change(-1, -1, kuid)) + goto error; + - if (uid == old->uid || uid == old->euid || - uid == old->suid || uid == old->fsuid || - nsown_capable(CAP_SETUID)) { -@@ -915,6 +946,7 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid) + new = prepare_creds(); + if (!new) + return old_fsuid; +@@ -994,6 +1025,7 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid) } } @@ -69043,15 +69510,15 @@ index e7006eb..8fb7c51 100644 abort_creds(new); return old_fsuid; -@@ -941,12 +973,16 @@ SYSCALL_DEFINE1(setfsgid, gid_t, gid) - if (gid == old->gid || gid == old->egid || - gid == old->sgid || gid == old->fsgid || +@@ -1026,12 +1058,16 @@ SYSCALL_DEFINE1(setfsgid, gid_t, gid) + if (gid_eq(kgid, old->gid) || gid_eq(kgid, old->egid) || + gid_eq(kgid, old->sgid) || gid_eq(kgid, old->fsgid) || nsown_capable(CAP_SETGID)) { -+ if (gr_check_group_change(-1, -1, gid)) ++ if (gr_check_group_change(-1, -1, kgid)) + goto error; + - if (gid != old_fsgid) { - new->fsgid = gid; + if (!gid_eq(kgid, old->fsgid)) { + new->fsgid = kgid; goto change_okay; } } @@ -69060,7 +69527,7 @@ index e7006eb..8fb7c51 100644 abort_creds(new); return old_fsgid; -@@ -1198,7 +1234,10 @@ static int override_release(char __user *release, int len) +@@ -1283,7 +1319,10 @@ static int override_release(char __user *release, int len) } v = ((LINUX_VERSION_CODE >> 8) & 0xff) + 40; snprintf(buf, len, "2.6.%u%s", v, rest); @@ -69072,7 +69539,7 @@ index e7006eb..8fb7c51 100644 } return ret; } -@@ -1252,19 +1291,19 @@ SYSCALL_DEFINE1(olduname, struct oldold_utsname __user *, name) +@@ -1337,19 +1376,19 @@ SYSCALL_DEFINE1(olduname, struct oldold_utsname __user *, name) return -EFAULT; down_read(&uts_sem); @@ -69097,7 +69564,7 @@ index e7006eb..8fb7c51 100644 __OLD_UTS_LEN); error |= __put_user(0, name->machine + __OLD_UTS_LEN); up_read(&uts_sem); -@@ -1847,7 +1886,7 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3, +@@ -2024,7 +2063,7 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3, error = get_dumpable(me->mm); break; case PR_SET_DUMPABLE: @@ -69107,7 +69574,7 @@ index e7006eb..8fb7c51 100644 break; } diff --git a/kernel/sysctl.c b/kernel/sysctl.c -index 4ab1187..0b75ced 100644 +index 4ab1187..33f4f2b 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -91,7 +91,6 @@ @@ -69118,7 +69585,7 @@ index 4ab1187..0b75ced 100644 /* External variables not in a header file. */ extern int sysctl_overcommit_memory; extern int sysctl_overcommit_ratio; -@@ -169,10 +168,8 @@ static int proc_taint(struct ctl_table *table, int write, +@@ -169,10 +168,13 @@ static int proc_taint(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos); #endif @@ -69126,10 +69593,15 @@ index 4ab1187..0b75ced 100644 static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos); -#endif ++ ++static int proc_dointvec_minmax_coredump(struct ctl_table *table, int write, ++ void __user *buffer, size_t *lenp, loff_t *ppos); ++static int proc_dostring_coredump(struct ctl_table *table, int write, ++ void __user *buffer, size_t *lenp, loff_t *ppos); #ifdef CONFIG_MAGIC_SYSRQ /* Note: sysrq code uses it's own private copy */ -@@ -196,6 +193,8 @@ static int sysrq_sysctl_handler(ctl_table *table, int write, +@@ -196,6 +198,8 @@ static int sysrq_sysctl_handler(ctl_table *table, int write, #endif @@ -69138,7 +69610,7 @@ index 4ab1187..0b75ced 100644 static struct ctl_table kern_table[]; static struct ctl_table vm_table[]; static struct ctl_table fs_table[]; -@@ -210,6 +209,20 @@ extern struct ctl_table epoll_table[]; +@@ -210,6 +214,20 @@ extern struct ctl_table epoll_table[]; int sysctl_legacy_va_layout; #endif @@ -69159,7 +69631,7 @@ index 4ab1187..0b75ced 100644 /* The default sysctl tables: */ static struct ctl_table sysctl_base_table[] = { -@@ -256,6 +269,22 @@ static int max_extfrag_threshold = 1000; +@@ -256,6 +274,22 @@ static int max_extfrag_threshold = 1000; #endif static struct ctl_table kern_table[] = { @@ -69182,7 +69654,16 @@ index 4ab1187..0b75ced 100644 { .procname = "sched_child_runs_first", .data = &sysctl_sched_child_runs_first, -@@ -540,7 +569,7 @@ static struct ctl_table kern_table[] = { +@@ -410,7 +444,7 @@ static struct ctl_table kern_table[] = { + .data = core_pattern, + .maxlen = CORENAME_MAX_SIZE, + .mode = 0644, +- .proc_handler = proc_dostring, ++ .proc_handler = proc_dostring_coredump, + }, + { + .procname = "core_pipe_limit", +@@ -540,7 +574,7 @@ static struct ctl_table kern_table[] = { .data = &modprobe_path, .maxlen = KMOD_PATH_LEN, .mode = 0644, @@ -69191,7 +69672,7 @@ index 4ab1187..0b75ced 100644 }, { .procname = "modules_disabled", -@@ -707,16 +736,20 @@ static struct ctl_table kern_table[] = { +@@ -707,16 +741,20 @@ static struct ctl_table kern_table[] = { .extra1 = &zero, .extra2 = &one, }, @@ -69213,7 +69694,7 @@ index 4ab1187..0b75ced 100644 { .procname = "ngroups_max", .data = &ngroups_max, -@@ -1215,6 +1248,13 @@ static struct ctl_table vm_table[] = { +@@ -1215,6 +1253,13 @@ static struct ctl_table vm_table[] = { .proc_handler = proc_dointvec_minmax, .extra1 = &zero, }, @@ -69227,7 +69708,16 @@ index 4ab1187..0b75ced 100644 #else { .procname = "nr_trim_pages", -@@ -1645,6 +1685,16 @@ int proc_dostring(struct ctl_table *table, int write, +@@ -1498,7 +1543,7 @@ static struct ctl_table fs_table[] = { + .data = &suid_dumpable, + .maxlen = sizeof(int), + .mode = 0644, +- .proc_handler = proc_dointvec_minmax, ++ .proc_handler = proc_dointvec_minmax_coredump, + .extra1 = &zero, + .extra2 = &two, + }, +@@ -1645,6 +1690,16 @@ int proc_dostring(struct ctl_table *table, int write, buffer, lenp, ppos); } @@ -69244,7 +69734,7 @@ index 4ab1187..0b75ced 100644 static size_t proc_skip_spaces(char **buf) { size_t ret; -@@ -1750,6 +1800,8 @@ static int proc_put_long(void __user **buf, size_t *size, unsigned long val, +@@ -1750,6 +1805,8 @@ static int proc_put_long(void __user **buf, size_t *size, unsigned long val, len = strlen(tmp); if (len > *size) len = *size; @@ -69253,7 +69743,7 @@ index 4ab1187..0b75ced 100644 if (copy_to_user(*buf, tmp, len)) return -EFAULT; *size -= len; -@@ -1942,7 +1994,6 @@ static int proc_taint(struct ctl_table *table, int write, +@@ -1942,7 +1999,6 @@ static int proc_taint(struct ctl_table *table, int write, return err; } @@ -69261,7 +69751,7 @@ index 4ab1187..0b75ced 100644 static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { -@@ -1951,7 +2002,6 @@ static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, +@@ -1951,7 +2007,6 @@ static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, return proc_dointvec_minmax(table, write, buffer, lenp, ppos); } @@ -69269,7 +69759,42 @@ index 4ab1187..0b75ced 100644 struct do_proc_dointvec_minmax_conv_param { int *min; -@@ -2066,8 +2116,11 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int +@@ -2009,6 +2064,34 @@ int proc_dointvec_minmax(struct ctl_table *table, int write, + do_proc_dointvec_minmax_conv, ¶m); + } + ++static void validate_coredump_safety(void) ++{ ++ if (suid_dumpable == SUID_DUMPABLE_SAFE && ++ core_pattern[0] != '/' && core_pattern[0] != '|') { ++ printk(KERN_WARNING "Unsafe core_pattern used with "\ ++ "suid_dumpable=2. Pipe handler or fully qualified "\ ++ "core dump path required.\n"); ++ } ++} ++ ++static int proc_dointvec_minmax_coredump(struct ctl_table *table, int write, ++ void __user *buffer, size_t *lenp, loff_t *ppos) ++{ ++ int error = proc_dointvec_minmax(table, write, buffer, lenp, ppos); ++ if (!error) ++ validate_coredump_safety(); ++ return error; ++} ++ ++static int proc_dostring_coredump(struct ctl_table *table, int write, ++ void __user *buffer, size_t *lenp, loff_t *ppos) ++{ ++ int error = proc_dostring(table, write, buffer, lenp, ppos); ++ if (!error) ++ validate_coredump_safety(); ++ return error; ++} ++ + static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int write, + void __user *buffer, + size_t *lenp, loff_t *ppos, +@@ -2066,8 +2149,11 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int *i = val; } else { val = convdiv * (*i) / convmul; @@ -69282,7 +69807,7 @@ index 4ab1187..0b75ced 100644 err = proc_put_long(&buffer, &left, val, false); if (err) break; -@@ -2459,6 +2512,12 @@ int proc_dostring(struct ctl_table *table, int write, +@@ -2459,6 +2545,12 @@ int proc_dostring(struct ctl_table *table, int write, return -ENOSYS; } @@ -69295,7 +69820,7 @@ index 4ab1187..0b75ced 100644 int proc_dointvec(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { -@@ -2515,5 +2574,6 @@ EXPORT_SYMBOL(proc_dointvec_minmax); +@@ -2515,5 +2607,6 @@ EXPORT_SYMBOL(proc_dointvec_minmax); EXPORT_SYMBOL(proc_dointvec_userhz_jiffies); EXPORT_SYMBOL(proc_dointvec_ms_jiffies); EXPORT_SYMBOL(proc_dostring); @@ -69413,7 +69938,7 @@ index ba744cf..267b7c5 100644 update_vsyscall_tz(); if (firsttime) { diff --git a/kernel/time/alarmtimer.c b/kernel/time/alarmtimer.c -index 8a538c5..def79d4 100644 +index aa27d39..34d221c 100644 --- a/kernel/time/alarmtimer.c +++ b/kernel/time/alarmtimer.c @@ -779,7 +779,7 @@ static int __init alarmtimer_init(void) @@ -69439,7 +69964,7 @@ index f113755..ec24223 100644 cpumask_clear_cpu(cpu, tick_get_broadcast_mask()); tick_broadcast_clear_oneshot(cpu); diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c -index 7c50de8..e29a94d 100644 +index 3447cfa..291806b 100644 --- a/kernel/time/timekeeping.c +++ b/kernel/time/timekeeping.c @@ -14,6 +14,7 @@ @@ -69450,7 +69975,7 @@ index 7c50de8..e29a94d 100644 #include #include #include -@@ -388,6 +389,8 @@ int do_settimeofday(const struct timespec *tv) +@@ -387,6 +388,8 @@ int do_settimeofday(const struct timespec *tv) if ((unsigned long)tv->tv_nsec >= NSEC_PER_SEC) return -EINVAL; @@ -69577,10 +70102,10 @@ index 0b537f2..9e71eca 100644 return -ENOMEM; return 0; diff --git a/kernel/timer.c b/kernel/timer.c -index a297ffc..5e16b0b 100644 +index 6ec7e7e..cbc448b 100644 --- a/kernel/timer.c +++ b/kernel/timer.c -@@ -1354,7 +1354,7 @@ void update_process_times(int user_tick) +@@ -1362,7 +1362,7 @@ void update_process_times(int user_tick) /* * This function runs timers and the timer-tq in bottom half context. */ @@ -69621,10 +70146,10 @@ index c0bd030..62a1927 100644 ret = -EIO; bt->dropped_file = debugfs_create_file("dropped", 0444, dir, bt, diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c -index 0fa92f6..89950b2 100644 +index a008663..30d7429 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c -@@ -1800,12 +1800,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec) +@@ -1785,12 +1785,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec) if (unlikely(ftrace_disabled)) return 0; @@ -69644,7 +70169,7 @@ index 0fa92f6..89950b2 100644 } /* -@@ -2917,7 +2922,7 @@ static void ftrace_free_entry_rcu(struct rcu_head *rhp) +@@ -2885,7 +2890,7 @@ static void ftrace_free_entry_rcu(struct rcu_head *rhp) int register_ftrace_function_probe(char *glob, struct ftrace_probe_ops *ops, @@ -69653,11 +70178,22 @@ index 0fa92f6..89950b2 100644 { struct ftrace_func_probe *entry; struct ftrace_page *pg; +@@ -3697,8 +3702,10 @@ static int ftrace_process_locs(struct module *mod, + if (!count) + return 0; + ++ pax_open_kernel(); + sort(start, count, sizeof(*start), + ftrace_cmp_ips, ftrace_swap_ips); ++ pax_close_kernel(); + + start_pg = ftrace_allocate_pages(count); + if (!start_pg) diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c -index 55e4d4c..8c915ec 100644 +index a7fa070..403bc8d 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c -@@ -4316,10 +4316,9 @@ static const struct file_operations tracing_dyn_info_fops = { +@@ -4421,10 +4421,9 @@ static const struct file_operations tracing_dyn_info_fops = { }; #endif @@ -69669,7 +70205,7 @@ index 55e4d4c..8c915ec 100644 static int once; if (d_tracer) -@@ -4339,10 +4338,9 @@ struct dentry *tracing_init_dentry(void) +@@ -4444,10 +4443,9 @@ struct dentry *tracing_init_dentry(void) return d_tracer; } @@ -69731,46 +70267,6 @@ index 29111da..d190fe2 100644 } } -diff --git a/kernel/trace/trace_kprobe.c b/kernel/trace/trace_kprobe.c -index 580a05e..9b31acb 100644 ---- a/kernel/trace/trace_kprobe.c -+++ b/kernel/trace/trace_kprobe.c -@@ -217,7 +217,7 @@ static __kprobes void FETCH_FUNC_NAME(memory, string)(struct pt_regs *regs, - long ret; - int maxlen = get_rloc_len(*(u32 *)dest); - u8 *dst = get_rloc_data(dest); -- u8 *src = addr; -+ const u8 __user *src = (const u8 __force_user *)addr; - mm_segment_t old_fs = get_fs(); - if (!maxlen) - return; -@@ -229,7 +229,7 @@ static __kprobes void FETCH_FUNC_NAME(memory, string)(struct pt_regs *regs, - pagefault_disable(); - do - ret = __copy_from_user_inatomic(dst++, src++, 1); -- while (dst[-1] && ret == 0 && src - (u8 *)addr < maxlen); -+ while (dst[-1] && ret == 0 && src - (const u8 __force_user *)addr < maxlen); - dst[-1] = '\0'; - pagefault_enable(); - set_fs(old_fs); -@@ -238,7 +238,7 @@ static __kprobes void FETCH_FUNC_NAME(memory, string)(struct pt_regs *regs, - ((u8 *)get_rloc_data(dest))[0] = '\0'; - *(u32 *)dest = make_data_rloc(0, get_rloc_offs(*(u32 *)dest)); - } else -- *(u32 *)dest = make_data_rloc(src - (u8 *)addr, -+ *(u32 *)dest = make_data_rloc(src - (const u8 __force_user *)addr, - get_rloc_offs(*(u32 *)dest)); - } - /* Return the length of string -- including null terminal byte */ -@@ -252,7 +252,7 @@ static __kprobes void FETCH_FUNC_NAME(memory, string_size)(struct pt_regs *regs, - set_fs(KERNEL_DS); - pagefault_disable(); - do { -- ret = __copy_from_user_inatomic(&c, (u8 *)addr + len, 1); -+ ret = __copy_from_user_inatomic(&c, (const u8 __force_user *)addr + len, 1); - len++; - } while (c && ret == 0 && len < MAX_STRING_SIZE); - pagefault_enable(); diff --git a/kernel/trace/trace_mmiotrace.c b/kernel/trace/trace_mmiotrace.c index fd3c8aa..5f324a6 100644 --- a/kernel/trace/trace_mmiotrace.c @@ -69837,42 +70333,11 @@ index d4545f4..a9010a1 100644 return; local_irq_save(flags); -diff --git a/kernel/trace/trace_workqueue.c b/kernel/trace/trace_workqueue.c -index 209b379..7f76423 100644 ---- a/kernel/trace/trace_workqueue.c -+++ b/kernel/trace/trace_workqueue.c -@@ -22,7 +22,7 @@ struct cpu_workqueue_stats { - int cpu; - pid_t pid; - /* Can be inserted from interrupt or user context, need to be atomic */ -- atomic_t inserted; -+ atomic_unchecked_t inserted; - /* - * Don't need to be atomic, works are serialized in a single workqueue thread - * on a single CPU. -@@ -60,7 +60,7 @@ probe_workqueue_insertion(void *ignore, - spin_lock_irqsave(&workqueue_cpu_stat(cpu)->lock, flags); - list_for_each_entry(node, &workqueue_cpu_stat(cpu)->list, list) { - if (node->pid == wq_thread->pid) { -- atomic_inc(&node->inserted); -+ atomic_inc_unchecked(&node->inserted); - goto found; - } - } -@@ -210,7 +210,7 @@ static int workqueue_stat_show(struct seq_file *s, void *p) - tsk = get_pid_task(pid, PIDTYPE_PID); - if (tsk) { - seq_printf(s, "%3d %6d %6u %s\n", cws->cpu, -- atomic_read(&cws->inserted), cws->executed, -+ atomic_read_unchecked(&cws->inserted), cws->executed, - tsk->comm); - put_task_struct(tsk); - } diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug -index 6777153..8519f60 100644 +index ff5bdee..3eaeba6 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug -@@ -1132,6 +1132,7 @@ config LATENCYTOP +@@ -1165,6 +1165,7 @@ config LATENCYTOP depends on DEBUG_KERNEL depends on STACKTRACE_SUPPORT depends on PROC_FS @@ -69881,10 +70346,10 @@ index 6777153..8519f60 100644 select KALLSYMS select KALLSYMS_ALL diff --git a/lib/bitmap.c b/lib/bitmap.c -index b5a8b6a..a69623c 100644 +index 06fdfa1..97c5c7d 100644 --- a/lib/bitmap.c +++ b/lib/bitmap.c -@@ -421,7 +421,7 @@ int __bitmap_parse(const char *buf, unsigned int buflen, +@@ -422,7 +422,7 @@ int __bitmap_parse(const char *buf, unsigned int buflen, { int c, old_c, totaldigits, ndigits, nchunks, nbits; u32 chunk; @@ -69893,7 +70358,7 @@ index b5a8b6a..a69623c 100644 bitmap_zero(maskp, nmaskbits); -@@ -506,7 +506,7 @@ int bitmap_parse_user(const char __user *ubuf, +@@ -507,7 +507,7 @@ int bitmap_parse_user(const char __user *ubuf, { if (!access_ok(VERIFY_READ, ubuf, ulen)) return -EFAULT; @@ -69934,10 +70399,10 @@ index a28c141..2bd3d95 100644 file = NULL; line = 0; diff --git a/lib/debugobjects.c b/lib/debugobjects.c -index 0ab9ae8..f01ceca 100644 +index d11808c..dc2d6f8 100644 --- a/lib/debugobjects.c +++ b/lib/debugobjects.c -@@ -288,7 +288,7 @@ static void debug_object_is_on_stack(void *addr, int onstack) +@@ -287,7 +287,7 @@ static void debug_object_is_on_stack(void *addr, int onstack) if (limit > 4) return; @@ -69969,7 +70434,7 @@ index 80b9c76..9e32279 100644 EXPORT_SYMBOL(devm_ioport_unmap); diff --git a/lib/dma-debug.c b/lib/dma-debug.c -index 13ef233..5241683 100644 +index 66ce414..6f0a0dd 100644 --- a/lib/dma-debug.c +++ b/lib/dma-debug.c @@ -924,7 +924,7 @@ out: @@ -69982,7 +70447,7 @@ index 13ef233..5241683 100644 "stack [addr=%p]\n", addr); } diff --git a/lib/extable.c b/lib/extable.c -index 4cac81e..63e9b8f 100644 +index 4cac81e..4d66cfc 100644 --- a/lib/extable.c +++ b/lib/extable.c @@ -13,6 +13,7 @@ @@ -69993,17 +70458,6 @@ index 4cac81e..63e9b8f 100644 #ifndef ARCH_HAS_SORT_EXTABLE /* -@@ -36,8 +37,10 @@ static int cmp_ex(const void *a, const void *b) - void sort_extable(struct exception_table_entry *start, - struct exception_table_entry *finish) - { -+ pax_open_kernel(); - sort(start, finish - start, sizeof(struct exception_table_entry), - cmp_ex, NULL); -+ pax_close_kernel(); - } - - #ifdef CONFIG_MODULES diff --git a/lib/inflate.c b/lib/inflate.c index 013a761..c28f3fc 100644 --- a/lib/inflate.c @@ -70054,12 +70508,12 @@ index bd2bea9..6b3c95e 100644 return false; diff --git a/lib/radix-tree.c b/lib/radix-tree.c -index 3ac50dc..240bb7e 100644 +index e796429..6e38f9f 100644 --- a/lib/radix-tree.c +++ b/lib/radix-tree.c -@@ -79,7 +79,7 @@ struct radix_tree_preload { +@@ -92,7 +92,7 @@ struct radix_tree_preload { int nr; - struct radix_tree_node *nodes[RADIX_TREE_MAX_PATH]; + struct radix_tree_node *nodes[RADIX_TREE_PRELOAD_SIZE]; }; -static DEFINE_PER_CPU(struct radix_tree_preload, radix_tree_preloads) = { 0, }; +static DEFINE_PER_CPU(struct radix_tree_preload, radix_tree_preloads); @@ -70067,7 +70521,7 @@ index 3ac50dc..240bb7e 100644 static inline void *ptr_to_indirect(void *ptr) { diff --git a/lib/vsprintf.c b/lib/vsprintf.c -index abbabec..d5eba6c 100644 +index c3f36d41..5c5aeb5 100644 --- a/lib/vsprintf.c +++ b/lib/vsprintf.c @@ -16,6 +16,9 @@ @@ -70080,7 +70534,7 @@ index abbabec..d5eba6c 100644 #include #include /* for KSYM_SYMBOL_LEN */ #include -@@ -433,7 +436,7 @@ char *symbol_string(char *buf, char *end, void *ptr, +@@ -536,7 +539,7 @@ char *symbol_string(char *buf, char *end, void *ptr, char sym[KSYM_SYMBOL_LEN]; if (ext == 'B') sprint_backtrace(sym, value); @@ -70088,8 +70542,8 @@ index abbabec..d5eba6c 100644 + else if (ext != 'f' && ext != 's' && ext != 'a') sprint_symbol(sym, value); else - kallsyms_lookup(value, NULL, NULL, NULL, sym); -@@ -809,7 +812,11 @@ char *netdev_feature_string(char *buf, char *end, const u8 *addr, + sprint_symbol_no_offset(sym, value); +@@ -912,7 +915,11 @@ char *netdev_feature_string(char *buf, char *end, const u8 *addr, return number(buf, end, *(const netdev_features_t *)addr, spec); } @@ -70101,7 +70555,7 @@ index abbabec..d5eba6c 100644 /* * Show a '%p' thing. A kernel extension is that the '%p' is followed -@@ -823,6 +830,8 @@ int kptr_restrict __read_mostly; +@@ -926,6 +933,8 @@ int kptr_restrict __read_mostly; * - 'S' For symbolic direct pointers with offset * - 's' For symbolic direct pointers without offset * - 'B' For backtraced symbolic direct pointers with offset @@ -70110,21 +70564,8 @@ index abbabec..d5eba6c 100644 * - 'R' For decoded struct resource, e.g., [mem 0x0-0x1f 64bit pref] * - 'r' For raw struct resource, e.g., [mem 0x0-0x1f flags 0x201] * - 'M' For a 6-byte MAC address, it prints the address in the -@@ -866,14 +875,25 @@ static noinline_for_stack - char *pointer(const char *fmt, char *buf, char *end, void *ptr, - struct printf_spec spec) - { -+#ifdef CONFIG_GRKERNSEC_HIDESYM -+ /* 'P' = approved pointers to copy to userland, -+ as in the /proc/kallsyms case, as we make it display nothing -+ for non-root users, and the real contents for root users -+ */ -+ if (ptr > TASK_SIZE && *fmt != 'P' && is_usercopy_object(buf)) { -+ ptr = NULL; -+ goto simple; -+ } -+#endif -+ +@@ -973,12 +982,12 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, + if (!ptr && *fmt != 'K') { /* - * Print (null) with the same width as a pointer so it makes @@ -70132,13 +70573,13 @@ index abbabec..d5eba6c 100644 * tabular output look nice. */ if (spec.field_width == -1) - spec.field_width = 2 * sizeof(void *); + spec.field_width = default_width; - return string(buf, end, "(null)", spec); + return string(buf, end, "(nil)", spec); } switch (*fmt) { -@@ -883,6 +903,13 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, +@@ -988,6 +997,13 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, /* Fallthrough */ case 'S': case 's': @@ -70152,7 +70593,7 @@ index abbabec..d5eba6c 100644 case 'B': return symbol_string(buf, end, ptr, spec, *fmt); case 'R': -@@ -920,6 +947,8 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, +@@ -1025,12 +1041,15 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, va_end(va); return buf; } @@ -70161,17 +70602,37 @@ index abbabec..d5eba6c 100644 case 'K': /* * %pK cannot be used in IRQ context because its test -@@ -942,6 +971,9 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, + * for CAP_SYSLOG would be meaningless. + */ +- if (in_irq() || in_serving_softirq() || in_nmi()) { ++ if (kptr_restrict && (in_irq() || in_serving_softirq() || ++ in_nmi())) { + if (spec.field_width == -1) + spec.field_width = default_width; + return string(buf, end, "pK-error", spec); +@@ -1047,6 +1066,21 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, } break; } ++ +#ifdef CONFIG_GRKERNSEC_HIDESYM -+simple: ++ /* 'P' = approved pointers to copy to userland, ++ as in the /proc/kallsyms case, as we make it display nothing ++ for non-root users, and the real contents for root users ++ Also ignore 'K' pointers, since we force their NULLing for non-root users ++ above ++ */ ++ if (ptr > TASK_SIZE && *fmt != 'P' && *fmt != 'K' && is_usercopy_object(buf)) { ++ printk(KERN_ALERT "grsec: kernel infoleak detected! Please report this log to spender@grsecurity.net.\n"); ++ dump_stack(); ++ ptr = NULL; ++ } +#endif ++ spec.flags |= SMALL; if (spec.field_width == -1) { - spec.field_width = 2 * sizeof(void *); -@@ -1653,11 +1685,11 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf) + spec.field_width = default_width; +@@ -1758,11 +1792,11 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf) typeof(type) value; \ if (sizeof(type) == 8) { \ args = PTR_ALIGN(args, sizeof(u32)); \ @@ -70186,7 +70647,7 @@ index abbabec..d5eba6c 100644 } \ args += sizeof(type); \ value; \ -@@ -1720,7 +1752,7 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf) +@@ -1825,7 +1859,7 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf) case FORMAT_TYPE_STR: { const char *str_arg = args; args += strlen(str_arg) + 1; @@ -70203,7 +70664,7 @@ index 0000000..7cd6065 @@ -0,0 +1 @@ +-grsec diff --git a/mm/Kconfig b/mm/Kconfig -index e338407..4210331 100644 +index 82fed4e..979e814 100644 --- a/mm/Kconfig +++ b/mm/Kconfig @@ -247,10 +247,10 @@ config KSM @@ -70230,10 +70691,10 @@ index e338407..4210331 100644 config NOMMU_INITIAL_TRIM_EXCESS diff --git a/mm/filemap.c b/mm/filemap.c -index 79c4b2b..596b417 100644 +index a4a5260..6151dc5 100644 --- a/mm/filemap.c +++ b/mm/filemap.c -@@ -1762,7 +1762,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma) +@@ -1723,7 +1723,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma) struct address_space *mapping = file->f_mapping; if (!mapping->a_ops->readpage) @@ -70242,7 +70703,7 @@ index 79c4b2b..596b417 100644 file_accessed(file); vma->vm_ops = &generic_file_vm_ops; vma->vm_flags |= VM_CAN_NONLINEAR; -@@ -2168,6 +2168,7 @@ inline int generic_write_checks(struct file *file, loff_t *pos, size_t *count, i +@@ -2064,6 +2064,7 @@ inline int generic_write_checks(struct file *file, loff_t *pos, size_t *count, i *pos = i_size_read(inode); if (limit != RLIM_INFINITY) { @@ -70296,10 +70757,10 @@ index 57d82c6..e9e0552 100644 set_page_address(page, (void *)vaddr); diff --git a/mm/huge_memory.c b/mm/huge_memory.c -index f0e5306..cb9398e 100644 +index 57c4b93..24b8f59 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c -@@ -733,7 +733,7 @@ out: +@@ -735,7 +735,7 @@ out: * run pte_offset_map on the pmd, if an huge pmd could * materialize from under us from a different thread. */ @@ -70309,10 +70770,10 @@ index f0e5306..cb9398e 100644 /* if an huge pmd materialized from under us just retry later */ if (unlikely(pmd_trans_huge(*pmd))) diff --git a/mm/hugetlb.c b/mm/hugetlb.c -index 263e177..3f36aec 100644 +index e198831..38d524f 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c -@@ -2446,6 +2446,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2447,6 +2447,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, return 1; } @@ -70340,7 +70801,7 @@ index 263e177..3f36aec 100644 /* * Hugetlb_cow() should be called with page lock of the original hugepage held. * Called with hugetlb_instantiation_mutex held and pte_page locked so we -@@ -2558,6 +2579,11 @@ retry_avoidcopy: +@@ -2559,6 +2580,11 @@ retry_avoidcopy: make_huge_pte(vma, new_page, 1)); page_remove_rmap(old_page); hugepage_add_new_anon_rmap(new_page, vma, address); @@ -70352,7 +70813,7 @@ index 263e177..3f36aec 100644 /* Make the old page be freed below */ new_page = old_page; mmu_notifier_invalidate_range_end(mm, -@@ -2712,6 +2738,10 @@ retry: +@@ -2713,6 +2739,10 @@ retry: && (vma->vm_flags & VM_SHARED))); set_huge_pte_at(mm, address, ptep, new_pte); @@ -70363,7 +70824,7 @@ index 263e177..3f36aec 100644 if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) { /* Optimization, do the COW without a second fault */ ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page); -@@ -2741,6 +2771,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2742,6 +2772,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, static DEFINE_MUTEX(hugetlb_instantiation_mutex); struct hstate *h = hstate_vma(vma); @@ -70374,7 +70835,7 @@ index 263e177..3f36aec 100644 address &= huge_page_mask(h); ptep = huge_pte_offset(mm, address); -@@ -2754,6 +2788,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2755,6 +2789,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, VM_FAULT_SET_HINDEX(h - hstates); } @@ -70402,7 +70863,7 @@ index 263e177..3f36aec 100644 if (!ptep) return VM_FAULT_OOM; diff --git a/mm/internal.h b/mm/internal.h -index 2189af4..f2ca332 100644 +index 2ba87fb..7f451e2 100644 --- a/mm/internal.h +++ b/mm/internal.h @@ -95,6 +95,7 @@ extern void putback_lru_page(struct page *page); @@ -70449,10 +70910,10 @@ index d53adf9..03a24bf 100644 set_fs(old_fs); diff --git a/mm/madvise.c b/mm/madvise.c -index 55f645c..cde5320 100644 +index 14d260f..b2a80fd 100644 --- a/mm/madvise.c +++ b/mm/madvise.c -@@ -46,6 +46,10 @@ static long madvise_behavior(struct vm_area_struct * vma, +@@ -48,6 +48,10 @@ static long madvise_behavior(struct vm_area_struct * vma, pgoff_t pgoff; unsigned long new_flags = vma->vm_flags; @@ -70463,7 +70924,7 @@ index 55f645c..cde5320 100644 switch (behavior) { case MADV_NORMAL: new_flags = new_flags & ~VM_RAND_READ & ~VM_SEQ_READ; -@@ -117,6 +121,13 @@ success: +@@ -119,6 +123,13 @@ success: /* * vm_flags is protected by the mmap_sem held in write mode. */ @@ -70477,7 +70938,7 @@ index 55f645c..cde5320 100644 vma->vm_flags = new_flags; out: -@@ -175,6 +186,11 @@ static long madvise_dontneed(struct vm_area_struct * vma, +@@ -177,6 +188,11 @@ static long madvise_dontneed(struct vm_area_struct * vma, struct vm_area_struct ** prev, unsigned long start, unsigned long end) { @@ -70489,7 +70950,7 @@ index 55f645c..cde5320 100644 *prev = vma; if (vma->vm_flags & (VM_LOCKED|VM_HUGETLB|VM_PFNMAP)) return -EINVAL; -@@ -187,6 +203,21 @@ static long madvise_dontneed(struct vm_area_struct * vma, +@@ -189,6 +205,21 @@ static long madvise_dontneed(struct vm_area_struct * vma, zap_page_range(vma, start, end - start, &details); } else zap_page_range(vma, start, end - start, NULL); @@ -70511,7 +70972,7 @@ index 55f645c..cde5320 100644 return 0; } -@@ -394,6 +425,16 @@ SYSCALL_DEFINE3(madvise, unsigned long, start, size_t, len_in, int, behavior) +@@ -393,6 +424,16 @@ SYSCALL_DEFINE3(madvise, unsigned long, start, size_t, len_in, int, behavior) if (end < start) goto out; @@ -70529,7 +70990,7 @@ index 55f645c..cde5320 100644 if (end == start) goto out; diff --git a/mm/memory-failure.c b/mm/memory-failure.c -index 97cc273..6ed703f 100644 +index de4ce70..3629c7d 100644 --- a/mm/memory-failure.c +++ b/mm/memory-failure.c @@ -61,7 +61,7 @@ int sysctl_memory_failure_early_kill __read_mostly = 0; @@ -70550,7 +71011,7 @@ index 97cc273..6ed703f 100644 #ifdef __ARCH_SI_TRAPNO si.si_trapno = trapno; #endif -@@ -1036,7 +1036,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags) +@@ -1038,7 +1038,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags) } nr_pages = 1 << compound_trans_order(hpage); @@ -70559,7 +71020,7 @@ index 97cc273..6ed703f 100644 /* * We need/can do nothing about count=0 pages. -@@ -1066,7 +1066,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags) +@@ -1068,7 +1068,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags) if (!PageHWPoison(hpage) || (hwpoison_filter(p) && TestClearPageHWPoison(p)) || (p != hpage && TestSetPageHWPoison(hpage))) { @@ -70568,7 +71029,7 @@ index 97cc273..6ed703f 100644 return 0; } set_page_hwpoison_huge_page(hpage); -@@ -1124,7 +1124,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags) +@@ -1126,7 +1126,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags) } if (hwpoison_filter(p)) { if (TestClearPageHWPoison(p)) @@ -70577,7 +71038,7 @@ index 97cc273..6ed703f 100644 unlock_page(hpage); put_page(hpage); return 0; -@@ -1319,7 +1319,7 @@ int unpoison_memory(unsigned long pfn) +@@ -1321,7 +1321,7 @@ int unpoison_memory(unsigned long pfn) return 0; } if (TestClearPageHWPoison(p)) @@ -70586,7 +71047,7 @@ index 97cc273..6ed703f 100644 pr_info("MCE: Software-unpoisoned free page %#lx\n", pfn); return 0; } -@@ -1333,7 +1333,7 @@ int unpoison_memory(unsigned long pfn) +@@ -1335,7 +1335,7 @@ int unpoison_memory(unsigned long pfn) */ if (TestClearPageHWPoison(page)) { pr_info("MCE: Software-unpoisoned page %#lx\n", pfn); @@ -70595,7 +71056,7 @@ index 97cc273..6ed703f 100644 freeit = 1; if (PageHuge(page)) clear_page_hwpoison_huge_page(page); -@@ -1446,7 +1446,7 @@ static int soft_offline_huge_page(struct page *page, int flags) +@@ -1448,7 +1448,7 @@ static int soft_offline_huge_page(struct page *page, int flags) } done: if (!PageHWPoison(hpage)) @@ -70604,7 +71065,7 @@ index 97cc273..6ed703f 100644 set_page_hwpoison_huge_page(hpage); dequeue_hwpoisoned_huge_page(hpage); /* keep elevated page count for bad page */ -@@ -1577,7 +1577,7 @@ int soft_offline_page(struct page *page, int flags) +@@ -1579,7 +1579,7 @@ int soft_offline_page(struct page *page, int flags) return ret; done: @@ -70614,7 +71075,7 @@ index 97cc273..6ed703f 100644 /* keep elevated page count for bad page */ return ret; diff --git a/mm/memory.c b/mm/memory.c -index 6105f47..3363489 100644 +index 2466d12..08be4f6 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -434,8 +434,12 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, @@ -70643,7 +71104,7 @@ index 6105f47..3363489 100644 } /* -@@ -1597,12 +1604,6 @@ no_page_table: +@@ -1602,12 +1609,6 @@ no_page_table: return page; } @@ -70656,7 +71117,7 @@ index 6105f47..3363489 100644 /** * __get_user_pages() - pin user pages in memory * @tsk: task_struct of target task -@@ -1675,10 +1676,10 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, +@@ -1680,10 +1681,10 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, (VM_MAYREAD | VM_MAYWRITE) : (VM_READ | VM_WRITE); i = 0; @@ -70669,7 +71130,7 @@ index 6105f47..3363489 100644 if (!vma && in_gate_area(mm, start)) { unsigned long pg = start & PAGE_MASK; pgd_t *pgd; -@@ -1726,7 +1727,7 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, +@@ -1731,7 +1732,7 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, goto next_page; } @@ -70678,7 +71139,7 @@ index 6105f47..3363489 100644 (vma->vm_flags & (VM_IO | VM_PFNMAP)) || !(vm_flags & vma->vm_flags)) return i ? : -EFAULT; -@@ -1753,11 +1754,6 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, +@@ -1758,11 +1759,6 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, int ret; unsigned int fault_flags = 0; @@ -70690,7 +71151,7 @@ index 6105f47..3363489 100644 if (foll_flags & FOLL_WRITE) fault_flags |= FAULT_FLAG_WRITE; if (nonblocking) -@@ -1831,7 +1827,7 @@ next_page: +@@ -1836,7 +1832,7 @@ next_page: start += PAGE_SIZE; nr_pages--; } while (nr_pages && start < vma->vm_end); @@ -70699,7 +71160,7 @@ index 6105f47..3363489 100644 return i; } EXPORT_SYMBOL(__get_user_pages); -@@ -2038,6 +2034,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr, +@@ -2043,6 +2039,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr, page_add_file_rmap(page); set_pte_at(mm, addr, pte, mk_pte(page, prot)); @@ -70710,7 +71171,7 @@ index 6105f47..3363489 100644 retval = 0; pte_unmap_unlock(pte, ptl); return retval; -@@ -2072,10 +2072,22 @@ out: +@@ -2077,10 +2077,22 @@ out: int vm_insert_page(struct vm_area_struct *vma, unsigned long addr, struct page *page) { @@ -70733,7 +71194,7 @@ index 6105f47..3363489 100644 vma->vm_flags |= VM_INSERTPAGE; return insert_page(vma, addr, page, vma->vm_page_prot); } -@@ -2161,6 +2173,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr, +@@ -2166,6 +2178,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr, unsigned long pfn) { BUG_ON(!(vma->vm_flags & VM_MIXEDMAP)); @@ -70741,7 +71202,7 @@ index 6105f47..3363489 100644 if (addr < vma->vm_start || addr >= vma->vm_end) return -EFAULT; -@@ -2368,7 +2381,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud, +@@ -2373,7 +2386,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud, BUG_ON(pud_huge(*pud)); @@ -70752,7 +71213,7 @@ index 6105f47..3363489 100644 if (!pmd) return -ENOMEM; do { -@@ -2388,7 +2403,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd, +@@ -2393,7 +2408,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd, unsigned long next; int err; @@ -70763,7 +71224,7 @@ index 6105f47..3363489 100644 if (!pud) return -ENOMEM; do { -@@ -2476,6 +2493,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo +@@ -2481,6 +2498,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo copy_user_highpage(dst, src, va, vma); } @@ -70950,7 +71411,7 @@ index 6105f47..3363489 100644 /* * This routine handles present pages, when users try to write * to a shared page. It is done by copying the page to a new address -@@ -2687,6 +2884,12 @@ gotten: +@@ -2692,6 +2889,12 @@ gotten: */ page_table = pte_offset_map_lock(mm, pmd, address, &ptl); if (likely(pte_same(*page_table, orig_pte))) { @@ -70963,7 +71424,7 @@ index 6105f47..3363489 100644 if (old_page) { if (!PageAnon(old_page)) { dec_mm_counter_fast(mm, MM_FILEPAGES); -@@ -2738,6 +2941,10 @@ gotten: +@@ -2743,6 +2946,10 @@ gotten: page_remove_rmap(old_page); } @@ -70974,7 +71435,7 @@ index 6105f47..3363489 100644 /* Free the old page.. */ new_page = old_page; ret |= VM_FAULT_WRITE; -@@ -3017,6 +3224,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3022,6 +3229,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, swap_free(entry); if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page)) try_to_free_swap(page); @@ -70986,7 +71447,7 @@ index 6105f47..3363489 100644 unlock_page(page); if (swapcache) { /* -@@ -3040,6 +3252,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3045,6 +3257,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, /* No need to invalidate - it was non-present before */ update_mmu_cache(vma, address, page_table); @@ -70998,7 +71459,7 @@ index 6105f47..3363489 100644 unlock: pte_unmap_unlock(page_table, ptl); out: -@@ -3059,40 +3276,6 @@ out_release: +@@ -3064,40 +3281,6 @@ out_release: } /* @@ -71039,7 +71500,7 @@ index 6105f47..3363489 100644 * We enter with non-exclusive mmap_sem (to exclude vma changes, * but allow concurrent faults), and pte mapped but not yet locked. * We return with mmap_sem still held, but pte unmapped and unlocked. -@@ -3101,27 +3284,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3106,27 +3289,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long address, pte_t *page_table, pmd_t *pmd, unsigned int flags) { @@ -71072,7 +71533,7 @@ index 6105f47..3363489 100644 if (unlikely(anon_vma_prepare(vma))) goto oom; page = alloc_zeroed_user_highpage_movable(vma, address); -@@ -3140,6 +3319,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3145,6 +3324,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, if (!pte_none(*page_table)) goto release; @@ -71084,7 +71545,7 @@ index 6105f47..3363489 100644 inc_mm_counter_fast(mm, MM_ANONPAGES); page_add_new_anon_rmap(page, vma, address); setpte: -@@ -3147,6 +3331,12 @@ setpte: +@@ -3152,6 +3336,12 @@ setpte: /* No need to invalidate - it was non-present before */ update_mmu_cache(vma, address, page_table); @@ -71097,7 +71558,7 @@ index 6105f47..3363489 100644 unlock: pte_unmap_unlock(page_table, ptl); return 0; -@@ -3290,6 +3480,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3295,6 +3485,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, */ /* Only go through if we didn't race with anybody else... */ if (likely(pte_same(*page_table, orig_pte))) { @@ -71110,7 +71571,7 @@ index 6105f47..3363489 100644 flush_icache_page(vma, page); entry = mk_pte(page, vma->vm_page_prot); if (flags & FAULT_FLAG_WRITE) -@@ -3309,6 +3505,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3314,6 +3510,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, /* no need to invalidate: a not-present page won't be cached */ update_mmu_cache(vma, address, page_table); @@ -71125,7 +71586,7 @@ index 6105f47..3363489 100644 } else { if (cow_page) mem_cgroup_uncharge_page(cow_page); -@@ -3462,6 +3666,12 @@ int handle_pte_fault(struct mm_struct *mm, +@@ -3467,6 +3671,12 @@ int handle_pte_fault(struct mm_struct *mm, if (flags & FAULT_FLAG_WRITE) flush_tlb_fix_spurious_fault(vma, address); } @@ -71138,7 +71599,7 @@ index 6105f47..3363489 100644 unlock: pte_unmap_unlock(pte, ptl); return 0; -@@ -3478,6 +3688,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3483,6 +3693,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, pmd_t *pmd; pte_t *pte; @@ -71149,7 +71610,7 @@ index 6105f47..3363489 100644 __set_current_state(TASK_RUNNING); count_vm_event(PGFAULT); -@@ -3489,6 +3703,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3494,6 +3708,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, if (unlikely(is_vm_hugetlb_page(vma))) return hugetlb_fault(mm, vma, address, flags); @@ -71181,10 +71642,10 @@ index 6105f47..3363489 100644 + } +#endif + + retry: pgd = pgd_offset(mm, address); pud = pud_alloc(mm, pgd, address); - if (!pud) -@@ -3518,7 +3760,7 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3535,7 +3777,7 @@ retry: * run pte_offset_map on the pmd, if an huge pmd could * materialize from under us from a different thread. */ @@ -71193,7 +71654,7 @@ index 6105f47..3363489 100644 return VM_FAULT_OOM; /* if an huge pmd materialized from under us just retry later */ if (unlikely(pmd_trans_huge(*pmd))) -@@ -3555,6 +3797,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address) +@@ -3572,6 +3814,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address) spin_unlock(&mm->page_table_lock); return 0; } @@ -71217,7 +71678,7 @@ index 6105f47..3363489 100644 #endif /* __PAGETABLE_PUD_FOLDED */ #ifndef __PAGETABLE_PMD_FOLDED -@@ -3585,6 +3844,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) +@@ -3602,6 +3861,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) spin_unlock(&mm->page_table_lock); return 0; } @@ -71248,7 +71709,7 @@ index 6105f47..3363489 100644 #endif /* __PAGETABLE_PMD_FOLDED */ int make_pages_present(unsigned long addr, unsigned long end) -@@ -3622,7 +3905,7 @@ static int __init gate_vma_init(void) +@@ -3639,7 +3922,7 @@ static int __init gate_vma_init(void) gate_vma.vm_start = FIXADDR_USER_START; gate_vma.vm_end = FIXADDR_USER_END; gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC; @@ -71258,7 +71719,7 @@ index 6105f47..3363489 100644 return 0; } diff --git a/mm/mempolicy.c b/mm/mempolicy.c -index bf5b485..e44c2cb 100644 +index 1d771e4..f9a6808 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -619,6 +619,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, @@ -71289,7 +71750,7 @@ index bf5b485..e44c2cb 100644 } out: -@@ -1105,6 +1119,17 @@ static long do_mbind(unsigned long start, unsigned long len, +@@ -1125,6 +1139,17 @@ static long do_mbind(unsigned long start, unsigned long len, if (end < start) return -EINVAL; @@ -71307,17 +71768,17 @@ index bf5b485..e44c2cb 100644 if (end == start) return 0; -@@ -1328,8 +1353,7 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode, +@@ -1348,8 +1373,7 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode, */ tcred = __task_cred(task); - if (cred->euid != tcred->suid && cred->euid != tcred->uid && -- cred->uid != tcred->suid && cred->uid != tcred->uid && + if (!uid_eq(cred->euid, tcred->suid) && !uid_eq(cred->euid, tcred->uid) && +- !uid_eq(cred->uid, tcred->suid) && !uid_eq(cred->uid, tcred->uid) && - !capable(CAP_SYS_NICE)) { -+ cred->uid != tcred->suid && !capable(CAP_SYS_NICE)) { ++ !uid_eq(cred->uid, tcred->suid) && !capable(CAP_SYS_NICE)) { rcu_read_unlock(); err = -EPERM; goto out_put; -@@ -1360,6 +1384,15 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode, +@@ -1380,6 +1404,15 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode, goto out; } @@ -71420,10 +71881,10 @@ index ef726e8..cd7f1ec 100644 capable(CAP_IPC_LOCK)) ret = do_mlockall(flags); diff --git a/mm/mmap.c b/mm/mmap.c -index 848ef52..d2b586c 100644 +index 3edfcdf..4a27ae9 100644 --- a/mm/mmap.c +++ b/mm/mmap.c -@@ -46,6 +46,16 @@ +@@ -47,6 +47,16 @@ #define arch_rebalance_pgtables(addr, len) (addr) #endif @@ -71440,7 +71901,7 @@ index 848ef52..d2b586c 100644 static void unmap_region(struct mm_struct *mm, struct vm_area_struct *vma, struct vm_area_struct *prev, unsigned long start, unsigned long end); -@@ -71,22 +81,32 @@ static void unmap_region(struct mm_struct *mm, +@@ -72,22 +82,32 @@ static void unmap_region(struct mm_struct *mm, * x: (no) no x: (no) yes x: (no) yes x: (yes) yes * */ @@ -71476,7 +71937,7 @@ index 848ef52..d2b586c 100644 /* * Make sure vm_committed_as in one cacheline and not cacheline shared with * other variables. It can be updated by several CPUs frequently. -@@ -228,6 +248,7 @@ static struct vm_area_struct *remove_vma(struct vm_area_struct *vma) +@@ -229,6 +249,7 @@ static struct vm_area_struct *remove_vma(struct vm_area_struct *vma) struct vm_area_struct *next = vma->vm_next; might_sleep(); @@ -71484,7 +71945,7 @@ index 848ef52..d2b586c 100644 if (vma->vm_ops && vma->vm_ops->close) vma->vm_ops->close(vma); if (vma->vm_file) { -@@ -274,6 +295,7 @@ SYSCALL_DEFINE1(brk, unsigned long, brk) +@@ -275,6 +296,7 @@ SYSCALL_DEFINE1(brk, unsigned long, brk) * not page aligned -Ram Gupta */ rlim = rlimit(RLIMIT_DATA); @@ -71492,7 +71953,7 @@ index 848ef52..d2b586c 100644 if (rlim < RLIM_INFINITY && (brk - mm->start_brk) + (mm->end_data - mm->start_data) > rlim) goto out; -@@ -690,6 +712,12 @@ static int +@@ -708,6 +730,12 @@ static int can_vma_merge_before(struct vm_area_struct *vma, unsigned long vm_flags, struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff) { @@ -71505,7 +71966,7 @@ index 848ef52..d2b586c 100644 if (is_mergeable_vma(vma, file, vm_flags) && is_mergeable_anon_vma(anon_vma, vma->anon_vma, vma)) { if (vma->vm_pgoff == vm_pgoff) -@@ -709,6 +737,12 @@ static int +@@ -727,6 +755,12 @@ static int can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags, struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff) { @@ -71518,7 +71979,7 @@ index 848ef52..d2b586c 100644 if (is_mergeable_vma(vma, file, vm_flags) && is_mergeable_anon_vma(anon_vma, vma->anon_vma, vma)) { pgoff_t vm_pglen; -@@ -751,13 +785,20 @@ can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags, +@@ -769,13 +803,20 @@ can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags, struct vm_area_struct *vma_merge(struct mm_struct *mm, struct vm_area_struct *prev, unsigned long addr, unsigned long end, unsigned long vm_flags, @@ -71540,7 +72001,7 @@ index 848ef52..d2b586c 100644 /* * We later require that vma->vm_flags == vm_flags, * so this tests vma->vm_flags & VM_SPECIAL, too. -@@ -773,6 +814,15 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, +@@ -791,6 +832,15 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, if (next && next->vm_end == end) /* cases 6, 7, 8 */ next = next->vm_next; @@ -71556,7 +72017,7 @@ index 848ef52..d2b586c 100644 /* * Can it merge with the predecessor? */ -@@ -792,9 +842,24 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, +@@ -810,9 +860,24 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, /* cases 1, 6 */ err = vma_adjust(prev, prev->vm_start, next->vm_end, prev->vm_pgoff, NULL); @@ -71582,7 +72043,7 @@ index 848ef52..d2b586c 100644 if (err) return NULL; khugepaged_enter_vma_merge(prev); -@@ -808,12 +873,27 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, +@@ -826,12 +891,27 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, mpol_equal(policy, vma_policy(next)) && can_vma_merge_before(next, vm_flags, anon_vma, file, pgoff+pglen)) { @@ -71612,7 +72073,7 @@ index 848ef52..d2b586c 100644 if (err) return NULL; khugepaged_enter_vma_merge(area); -@@ -922,14 +1002,11 @@ none: +@@ -940,14 +1020,11 @@ none: void vm_stat_account(struct mm_struct *mm, unsigned long flags, struct file *file, long pages) { @@ -71628,7 +72089,7 @@ index 848ef52..d2b586c 100644 mm->stack_vm += pages; if (flags & (VM_RESERVED|VM_IO)) mm->reserved_vm += pages; -@@ -969,7 +1046,7 @@ static unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -985,7 +1062,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, * (the exception is when the underlying filesystem is noexec * mounted, in which case we dont add PROT_EXEC.) */ @@ -71637,7 +72098,7 @@ index 848ef52..d2b586c 100644 if (!(file && (file->f_path.mnt->mnt_flags & MNT_NOEXEC))) prot |= PROT_EXEC; -@@ -995,7 +1072,7 @@ static unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1011,7 +1088,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, /* Obtain the address to map to. we verify (or select) it and ensure * that it represents a valid section of the address space. */ @@ -71646,7 +72107,7 @@ index 848ef52..d2b586c 100644 if (addr & ~PAGE_MASK) return addr; -@@ -1006,6 +1083,36 @@ static unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1022,6 +1099,36 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, vm_flags = calc_vm_prot_bits(prot) | calc_vm_flag_bits(flags) | mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC; @@ -71683,7 +72144,7 @@ index 848ef52..d2b586c 100644 if (flags & MAP_LOCKED) if (!can_do_mlock()) return -EPERM; -@@ -1017,6 +1124,7 @@ static unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1033,6 +1140,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, locked += mm->locked_vm; lock_limit = rlimit(RLIMIT_MEMLOCK); lock_limit >>= PAGE_SHIFT; @@ -71691,9 +72152,9 @@ index 848ef52..d2b586c 100644 if (locked > lock_limit && !capable(CAP_IPC_LOCK)) return -EAGAIN; } -@@ -1087,6 +1195,9 @@ static unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, - if (error) - return error; +@@ -1099,6 +1207,9 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, + } + } + if (!gr_acl_handle_mmap(file, prot)) + return -EACCES; @@ -71701,7 +72162,7 @@ index 848ef52..d2b586c 100644 return mmap_region(file, addr, len, flags, vm_flags, pgoff); } -@@ -1192,7 +1303,7 @@ int vma_wants_writenotify(struct vm_area_struct *vma) +@@ -1175,7 +1286,7 @@ int vma_wants_writenotify(struct vm_area_struct *vma) vm_flags_t vm_flags = vma->vm_flags; /* If it was private or non-writable, the write bit is already clear */ @@ -71710,7 +72171,7 @@ index 848ef52..d2b586c 100644 return 0; /* The backer wishes to know when pages are first written to? */ -@@ -1241,14 +1352,24 @@ unsigned long mmap_region(struct file *file, unsigned long addr, +@@ -1224,14 +1335,24 @@ unsigned long mmap_region(struct file *file, unsigned long addr, unsigned long charged = 0; struct inode *inode = file ? file->f_path.dentry->d_inode : NULL; @@ -71737,7 +72198,7 @@ index 848ef52..d2b586c 100644 } /* Check against address space limit. */ -@@ -1297,6 +1418,16 @@ munmap_back: +@@ -1280,6 +1401,16 @@ munmap_back: goto unacct_error; } @@ -71754,7 +72215,7 @@ index 848ef52..d2b586c 100644 vma->vm_mm = mm; vma->vm_start = addr; vma->vm_end = addr + len; -@@ -1321,6 +1452,19 @@ munmap_back: +@@ -1304,6 +1435,19 @@ munmap_back: error = file->f_op->mmap(file, vma); if (error) goto unmap_and_free_vma; @@ -71774,7 +72235,7 @@ index 848ef52..d2b586c 100644 if (vm_flags & VM_EXECUTABLE) added_exe_file_vma(mm); -@@ -1358,6 +1502,11 @@ munmap_back: +@@ -1341,6 +1485,11 @@ munmap_back: vma_link(mm, vma, prev, rb_link, rb_parent); file = vma->vm_file; @@ -71786,7 +72247,7 @@ index 848ef52..d2b586c 100644 /* Once vma denies write, undo our temporary denial count */ if (correct_wcount) atomic_inc(&inode->i_writecount); -@@ -1366,6 +1515,7 @@ out: +@@ -1349,6 +1498,7 @@ out: mm->total_vm += len >> PAGE_SHIFT; vm_stat_account(mm, vm_flags, file, len >> PAGE_SHIFT); @@ -71794,7 +72255,7 @@ index 848ef52..d2b586c 100644 if (vm_flags & VM_LOCKED) { if (!mlock_vma_pages_range(vma, addr, addr + len)) mm->locked_vm += (len >> PAGE_SHIFT); -@@ -1383,6 +1533,12 @@ unmap_and_free_vma: +@@ -1371,6 +1521,12 @@ unmap_and_free_vma: unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end); charged = 0; free_vma: @@ -71807,7 +72268,7 @@ index 848ef52..d2b586c 100644 kmem_cache_free(vm_area_cachep, vma); unacct_error: if (charged) -@@ -1390,6 +1546,44 @@ unacct_error: +@@ -1378,6 +1534,44 @@ unacct_error: return error; } @@ -71852,7 +72313,7 @@ index 848ef52..d2b586c 100644 /* Get an address range which is currently unmapped. * For shmat() with addr=0. * -@@ -1416,18 +1610,23 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -1404,18 +1598,23 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, if (flags & MAP_FIXED) return addr; @@ -71883,7 +72344,7 @@ index 848ef52..d2b586c 100644 } full_search: -@@ -1438,34 +1637,40 @@ full_search: +@@ -1426,34 +1625,40 @@ full_search: * Start a new search - just in case we missed * some holes. */ @@ -71935,7 +72396,7 @@ index 848ef52..d2b586c 100644 mm->free_area_cache = addr; } -@@ -1481,7 +1686,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1469,7 +1674,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, { struct vm_area_struct *vma; struct mm_struct *mm = current->mm; @@ -71944,7 +72405,7 @@ index 848ef52..d2b586c 100644 /* requested length too big for entire address space */ if (len > TASK_SIZE) -@@ -1490,13 +1695,18 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1478,13 +1683,18 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, if (flags & MAP_FIXED) return addr; @@ -71967,7 +72428,7 @@ index 848ef52..d2b586c 100644 } /* check if free_area_cache is useful for us */ -@@ -1520,7 +1730,7 @@ try_again: +@@ -1508,7 +1718,7 @@ try_again: * return with success: */ vma = find_vma(mm, addr); @@ -71976,7 +72437,7 @@ index 848ef52..d2b586c 100644 /* remember the address as a hint for next time */ return (mm->free_area_cache = addr); -@@ -1529,8 +1739,8 @@ try_again: +@@ -1517,8 +1727,8 @@ try_again: mm->cached_hole_size = vma->vm_start - addr; /* try just below the current vma->vm_start */ @@ -71987,7 +72448,7 @@ index 848ef52..d2b586c 100644 fail: /* -@@ -1553,13 +1763,21 @@ fail: +@@ -1541,13 +1751,21 @@ fail: * can happen with large stack limits and large mmap() * allocations. */ @@ -72011,7 +72472,7 @@ index 848ef52..d2b586c 100644 mm->cached_hole_size = ~0UL; return addr; -@@ -1568,6 +1786,12 @@ fail: +@@ -1556,6 +1774,12 @@ fail: void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr) { @@ -72024,7 +72485,7 @@ index 848ef52..d2b586c 100644 /* * Is this a new hole at the highest possible address? */ -@@ -1575,8 +1799,10 @@ void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr) +@@ -1563,8 +1787,10 @@ void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr) mm->free_area_cache = addr; /* dont allow allocations above current base */ @@ -72036,7 +72497,7 @@ index 848ef52..d2b586c 100644 } unsigned long -@@ -1672,6 +1898,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr, +@@ -1663,6 +1889,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr, return vma; } @@ -72065,7 +72526,7 @@ index 848ef52..d2b586c 100644 /* * Verify that the stack growth is acceptable and * update accounting. This is shared with both the -@@ -1688,6 +1936,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns +@@ -1679,6 +1927,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns return -ENOMEM; /* Stack limit test */ @@ -72073,7 +72534,7 @@ index 848ef52..d2b586c 100644 if (size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur)) return -ENOMEM; -@@ -1698,6 +1947,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns +@@ -1689,6 +1938,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns locked = mm->locked_vm + grow; limit = ACCESS_ONCE(rlim[RLIMIT_MEMLOCK].rlim_cur); limit >>= PAGE_SHIFT; @@ -72081,7 +72542,7 @@ index 848ef52..d2b586c 100644 if (locked > limit && !capable(CAP_IPC_LOCK)) return -ENOMEM; } -@@ -1728,37 +1978,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns +@@ -1719,37 +1969,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns * PA-RISC uses this for its stack; IA64 for its Register Backing Store. * vma is the last one with address > vma->vm_end. Have to extend vma. */ @@ -72139,7 +72600,7 @@ index 848ef52..d2b586c 100644 unsigned long size, grow; size = address - vma->vm_start; -@@ -1773,6 +2034,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address) +@@ -1764,6 +2025,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address) } } } @@ -72148,7 +72609,7 @@ index 848ef52..d2b586c 100644 vma_unlock_anon_vma(vma); khugepaged_enter_vma_merge(vma); return error; -@@ -1786,6 +2049,8 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -1777,6 +2040,8 @@ int expand_downwards(struct vm_area_struct *vma, unsigned long address) { int error; @@ -72157,7 +72618,7 @@ index 848ef52..d2b586c 100644 /* * We must make sure the anon_vma is allocated -@@ -1799,6 +2064,15 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -1790,6 +2055,15 @@ int expand_downwards(struct vm_area_struct *vma, if (error) return error; @@ -72173,7 +72634,7 @@ index 848ef52..d2b586c 100644 vma_lock_anon_vma(vma); /* -@@ -1808,9 +2082,17 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -1799,9 +2073,17 @@ int expand_downwards(struct vm_area_struct *vma, */ /* Somebody else might have raced and expanded it already */ @@ -72192,7 +72653,7 @@ index 848ef52..d2b586c 100644 size = vma->vm_end - address; grow = (vma->vm_start - address) >> PAGE_SHIFT; -@@ -1820,11 +2102,22 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -1811,11 +2093,22 @@ int expand_downwards(struct vm_area_struct *vma, if (!error) { vma->vm_start = address; vma->vm_pgoff -= grow; @@ -72215,7 +72676,7 @@ index 848ef52..d2b586c 100644 khugepaged_enter_vma_merge(vma); return error; } -@@ -1894,6 +2187,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma) +@@ -1887,6 +2180,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma) do { long nrpages = vma_pages(vma); @@ -72226,10 +72687,10 @@ index 848ef52..d2b586c 100644 + } +#endif + + if (vma->vm_flags & VM_ACCOUNT) + nr_accounted += nrpages; mm->total_vm -= nrpages; - vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages); - vma = remove_vma(vma); -@@ -1939,6 +2239,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -1933,6 +2233,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma, insertion_point = (prev ? &prev->vm_next : &mm->mmap); vma->vm_prev = NULL; do { @@ -72246,7 +72707,7 @@ index 848ef52..d2b586c 100644 rb_erase(&vma->vm_rb, &mm->mm_rb); mm->map_count--; tail_vma = vma; -@@ -1967,14 +2277,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -1961,14 +2271,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, struct vm_area_struct *new; int err = -ENOMEM; @@ -72280,7 +72741,7 @@ index 848ef52..d2b586c 100644 /* most fields are the same, copy all, and then fixup */ *new = *vma; -@@ -1987,6 +2316,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -1981,6 +2310,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT); } @@ -72303,7 +72764,7 @@ index 848ef52..d2b586c 100644 pol = mpol_dup(vma_policy(vma)); if (IS_ERR(pol)) { err = PTR_ERR(pol); -@@ -2012,6 +2357,42 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2006,6 +2351,42 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, else err = vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new); @@ -72346,7 +72807,7 @@ index 848ef52..d2b586c 100644 /* Success. */ if (!err) return 0; -@@ -2024,10 +2405,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2018,10 +2399,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, removed_exe_file_vma(mm); fput(new->vm_file); } @@ -72366,7 +72827,7 @@ index 848ef52..d2b586c 100644 kmem_cache_free(vm_area_cachep, new); out_err: return err; -@@ -2040,6 +2429,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2034,6 +2423,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long addr, int new_below) { @@ -72382,7 +72843,7 @@ index 848ef52..d2b586c 100644 if (mm->map_count >= sysctl_max_map_count) return -ENOMEM; -@@ -2051,11 +2449,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2045,11 +2443,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, * work. This now handles partial unmappings. * Jeremy Fitzhardinge */ @@ -72413,7 +72874,7 @@ index 848ef52..d2b586c 100644 if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start) return -EINVAL; -@@ -2130,6 +2547,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) +@@ -2124,6 +2541,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) /* Fix up all other VM information */ remove_vma_list(mm, vma); @@ -72421,8 +72882,8 @@ index 848ef52..d2b586c 100644 + return 0; } - EXPORT_SYMBOL(do_munmap); -@@ -2139,6 +2558,13 @@ int vm_munmap(unsigned long start, size_t len) + +@@ -2132,6 +2551,13 @@ int vm_munmap(unsigned long start, size_t len) int ret; struct mm_struct *mm = current->mm; @@ -72436,7 +72897,7 @@ index 848ef52..d2b586c 100644 down_write(&mm->mmap_sem); ret = do_munmap(mm, start, len); up_write(&mm->mmap_sem); -@@ -2152,16 +2578,6 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len) +@@ -2145,16 +2571,6 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len) return vm_munmap(addr, len); } @@ -72453,7 +72914,7 @@ index 848ef52..d2b586c 100644 /* * this is really a simplified "do_mmap". it only handles * anonymous maps. eventually we may be able to do some -@@ -2175,6 +2591,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2168,6 +2584,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) struct rb_node ** rb_link, * rb_parent; pgoff_t pgoff = addr >> PAGE_SHIFT; int error; @@ -72461,7 +72922,7 @@ index 848ef52..d2b586c 100644 len = PAGE_ALIGN(len); if (!len) -@@ -2186,16 +2603,30 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2175,16 +2592,30 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags; @@ -72493,7 +72954,7 @@ index 848ef52..d2b586c 100644 locked += mm->locked_vm; lock_limit = rlimit(RLIMIT_MEMLOCK); lock_limit >>= PAGE_SHIFT; -@@ -2212,22 +2643,22 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2201,22 +2632,22 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) /* * Clear old maps. this also does some error checking for us */ @@ -72521,7 +72982,7 @@ index 848ef52..d2b586c 100644 return -ENOMEM; /* Can we just expand an old private anonymous mapping? */ -@@ -2241,7 +2672,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2230,7 +2661,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) */ vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL); if (!vma) { @@ -72530,7 +72991,7 @@ index 848ef52..d2b586c 100644 return -ENOMEM; } -@@ -2255,11 +2686,12 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2244,11 +2675,12 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) vma_link(mm, vma, prev, rb_link, rb_parent); out: perf_event_mmap(vma); @@ -72545,19 +73006,15 @@ index 848ef52..d2b586c 100644 return addr; } -@@ -2315,8 +2747,10 @@ void exit_mmap(struct mm_struct *mm) - * Walk the list again, actually closing and freeing it, - * with preemption enabled, without holding any MM locks. - */ -- while (vma) -+ while (vma) { +@@ -2306,6 +2738,7 @@ void exit_mmap(struct mm_struct *mm) + while (vma) { + if (vma->vm_flags & VM_ACCOUNT) + nr_accounted += vma_pages(vma); + vma->vm_mirror = NULL; vma = remove_vma(vma); -+ } - - BUG_ON(mm->nr_ptes > (FIRST_USER_ADDRESS+PMD_SIZE-1)>>PMD_SHIFT); - } -@@ -2330,6 +2764,13 @@ int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma) + } + vm_unacct_memory(nr_accounted); +@@ -2322,6 +2755,13 @@ int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma) struct vm_area_struct * __vma, * prev; struct rb_node ** rb_link, * rb_parent; @@ -72565,17 +73022,16 @@ index 848ef52..d2b586c 100644 + struct vm_area_struct *vma_m = NULL; +#endif + -+ if (security_file_mmap(NULL, 0, 0, 0, vma->vm_start, 1)) ++ if (security_mmap_addr(vma->vm_start)) + return -EPERM; + /* * The vm_pgoff of a purely anonymous vma should be irrelevant * until its first write fault, when page's anon_vma and index -@@ -2352,7 +2793,22 @@ int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma) - if ((vma->vm_flags & VM_ACCOUNT) && - security_vm_enough_memory_mm(mm, vma_pages(vma))) - return -ENOMEM; -+ +@@ -2348,7 +2788,21 @@ int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma) + if (vma->vm_file && uprobe_mmap(vma)) + return -EINVAL; + +#ifdef CONFIG_PAX_SEGMEXEC + if ((mm->pax_flags & MF_PAX_SEGMEXEC) && (vma->vm_flags & VM_EXEC)) { + vma_m = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL); @@ -72594,7 +73050,7 @@ index 848ef52..d2b586c 100644 return 0; } -@@ -2371,6 +2827,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, +@@ -2367,6 +2821,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, struct mempolicy *pol; bool faulted_in_anon_vma = true; @@ -72603,7 +73059,7 @@ index 848ef52..d2b586c 100644 /* * If anonymous vma has not yet been faulted, update new pgoff * to match new location, to increase its chance of merging. -@@ -2438,6 +2896,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, +@@ -2438,6 +2894,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, return NULL; } @@ -72643,7 +73099,7 @@ index 848ef52..d2b586c 100644 /* * Return true if the calling process may expand its vm space by the passed * number of pages -@@ -2449,6 +2940,12 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) +@@ -2449,6 +2938,12 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) lim = rlimit(RLIMIT_AS) >> PAGE_SHIFT; @@ -72656,7 +73112,7 @@ index 848ef52..d2b586c 100644 if (cur + npages > lim) return 0; return 1; -@@ -2519,6 +3016,22 @@ int install_special_mapping(struct mm_struct *mm, +@@ -2519,6 +3014,22 @@ int install_special_mapping(struct mm_struct *mm, vma->vm_start = addr; vma->vm_end = addr + len; @@ -72911,7 +73367,7 @@ index a409926..8b32e6d 100644 if (nstart < prev->vm_end) diff --git a/mm/mremap.c b/mm/mremap.c -index db8d983..76506cb 100644 +index 21fed20..6822658 100644 --- a/mm/mremap.c +++ b/mm/mremap.c @@ -106,6 +106,12 @@ static void move_ptes(struct vm_area_struct *vma, pmd_t *old_pmd, @@ -72969,16 +73425,16 @@ index db8d983..76506cb 100644 + if (addr + old_len > new_addr && new_addr + new_len > addr) goto out; - ret = security_file_mmap(NULL, 0, 0, 0, new_addr, 1); -@@ -440,6 +456,7 @@ unsigned long do_mremap(unsigned long addr, + ret = do_munmap(mm, new_addr, new_len); +@@ -436,6 +452,7 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, struct vm_area_struct *vma; unsigned long ret = -EINVAL; unsigned long charged = 0; + unsigned long pax_task_size = TASK_SIZE; - if (flags & ~(MREMAP_FIXED | MREMAP_MAYMOVE)) - goto out; -@@ -458,6 +475,17 @@ unsigned long do_mremap(unsigned long addr, + down_write(¤t->mm->mmap_sem); + +@@ -456,6 +473,17 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, if (!new_len) goto out; @@ -72996,7 +73452,7 @@ index db8d983..76506cb 100644 if (flags & MREMAP_FIXED) { if (flags & MREMAP_MAYMOVE) ret = mremap_to(addr, old_len, new_addr, new_len); -@@ -507,6 +535,7 @@ unsigned long do_mremap(unsigned long addr, +@@ -505,6 +533,7 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, addr + new_len); } ret = addr; @@ -73004,11 +73460,10 @@ index db8d983..76506cb 100644 goto out; } } -@@ -533,7 +562,13 @@ unsigned long do_mremap(unsigned long addr, - ret = security_file_mmap(NULL, 0, 0, 0, new_addr, 1); - if (ret) +@@ -528,7 +557,12 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, goto out; -+ + } + + map_flags = vma->vm_flags; ret = move_vma(vma, addr, old_len, new_len, new_addr); + if (!(ret & ~PAGE_MASK)) { @@ -73019,7 +73474,7 @@ index db8d983..76506cb 100644 out: if (ret & ~PAGE_MASK) diff --git a/mm/nommu.c b/mm/nommu.c -index bb8f4f0..40d3e02 100644 +index d4b0c10..ed421b5 100644 --- a/mm/nommu.c +++ b/mm/nommu.c @@ -62,7 +62,6 @@ int sysctl_overcommit_memory = OVERCOMMIT_GUESS; /* heuristic overcommit */ @@ -73046,7 +73501,7 @@ index bb8f4f0..40d3e02 100644 * expand a stack to a given address * - not supported under NOMMU conditions */ -@@ -1580,6 +1570,7 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -1551,6 +1541,7 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, /* most fields are the same, copy all, and then fixup */ *new = *vma; @@ -73055,10 +73510,10 @@ index bb8f4f0..40d3e02 100644 new->vm_region = region; diff --git a/mm/page_alloc.c b/mm/page_alloc.c -index 918330f..ae99ae1 100644 +index 4a4f921..eaa5e3a 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c -@@ -335,7 +335,7 @@ out: +@@ -336,7 +336,7 @@ out: * This usage means that zero-order pages may not be compound. */ @@ -73067,7 +73522,7 @@ index 918330f..ae99ae1 100644 { __free_pages_ok(page, compound_order(page)); } -@@ -692,6 +692,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order) +@@ -693,6 +693,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order) int i; int bad = 0; @@ -73078,7 +73533,7 @@ index 918330f..ae99ae1 100644 trace_mm_page_free(page, order); kmemcheck_free_shadow(page, order); -@@ -707,6 +711,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order) +@@ -708,6 +712,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order) debug_check_no_obj_freed(page_address(page), PAGE_SIZE << order); } @@ -73091,7 +73546,7 @@ index 918330f..ae99ae1 100644 arch_free_page(page, order); kernel_map_pages(page, 1 << order, 0); -@@ -830,8 +840,10 @@ static int prep_new_page(struct page *page, int order, gfp_t gfp_flags) +@@ -849,8 +859,10 @@ static int prep_new_page(struct page *page, int order, gfp_t gfp_flags) arch_alloc_page(page, order); kernel_map_pages(page, 1 << order, 1); @@ -73102,7 +73557,7 @@ index 918330f..ae99ae1 100644 if (order && (gfp_flags & __GFP_COMP)) prep_compound_page(page, order); -@@ -3523,7 +3535,13 @@ static int pageblock_is_reserved(unsigned long start_pfn, unsigned long end_pfn) +@@ -3579,7 +3591,13 @@ static int pageblock_is_reserved(unsigned long start_pfn, unsigned long end_pfn) unsigned long pfn; for (pfn = start_pfn; pfn < end_pfn; pfn++) { @@ -73130,7 +73585,7 @@ index bb4be74..a43ea85 100644 static const int *pcpu_unit_map __read_mostly; /* cpu -> unit */ diff --git a/mm/process_vm_access.c b/mm/process_vm_access.c -index c20ff48..137702a 100644 +index 926b466..b23df53 100644 --- a/mm/process_vm_access.c +++ b/mm/process_vm_access.c @@ -13,6 +13,7 @@ @@ -73181,7 +73636,7 @@ index c20ff48..137702a 100644 if (!mm || IS_ERR(mm)) { rc = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH; diff --git a/mm/rmap.c b/mm/rmap.c -index 5b5ad58..0f77903 100644 +index 0f3b7cd..c5652b6 100644 --- a/mm/rmap.c +++ b/mm/rmap.c @@ -167,6 +167,10 @@ int anon_vma_prepare(struct vm_area_struct *vma) @@ -73271,7 +73726,7 @@ index 5b5ad58..0f77903 100644 struct anon_vma_chain *avc; struct anon_vma *anon_vma; diff --git a/mm/shmem.c b/mm/shmem.c -index 9d65a02..7c877e7 100644 +index bd10636..5c16d49 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -31,7 +31,7 @@ @@ -73283,7 +73738,7 @@ index 9d65a02..7c877e7 100644 #ifdef CONFIG_SHMEM /* -@@ -74,7 +74,7 @@ static struct vfsmount *shm_mnt; +@@ -75,7 +75,7 @@ static struct vfsmount *shm_mnt; #define BOGO_DIRENT_SIZE 20 /* Symlink up to this size is kmalloc'ed instead of using a swappable page */ @@ -73292,7 +73747,7 @@ index 9d65a02..7c877e7 100644 struct shmem_xattr { struct list_head list; /* anchored by shmem_inode_info->xattr_list */ -@@ -2236,8 +2236,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent) +@@ -2590,8 +2590,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent) int err = -ENOMEM; /* Round up to L1_CACHE_BYTES to resist false sharing */ @@ -73863,7 +74318,7 @@ index 8105be4..3c15e57 100644 EXPORT_SYMBOL(kmem_cache_free); diff --git a/mm/slub.c b/mm/slub.c -index 71de9b5..a93d4a4 100644 +index 8c691fa..ff23a85 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -209,7 +209,7 @@ struct track { @@ -74171,7 +74626,7 @@ index 1b7e22a..3fcd4f3 100644 return pgd; } diff --git a/mm/swap.c b/mm/swap.c -index 5c13f13..f1cfc13 100644 +index 4e7e2ec..0c57830 100644 --- a/mm/swap.c +++ b/mm/swap.c @@ -30,6 +30,7 @@ @@ -74182,7 +74637,7 @@ index 5c13f13..f1cfc13 100644 #include "internal.h" -@@ -70,6 +71,8 @@ static void __put_compound_page(struct page *page) +@@ -72,6 +73,8 @@ static void __put_compound_page(struct page *page) __page_cache_release(page); dtor = get_compound_page_dtor(page); @@ -74192,10 +74647,10 @@ index 5c13f13..f1cfc13 100644 } diff --git a/mm/swapfile.c b/mm/swapfile.c -index 38186d9..bfba6d3 100644 +index 71373d0..11fa7d9 100644 --- a/mm/swapfile.c +++ b/mm/swapfile.c -@@ -61,7 +61,7 @@ static DEFINE_MUTEX(swapon_mutex); +@@ -63,7 +63,7 @@ static DEFINE_MUTEX(swapon_mutex); static DECLARE_WAIT_QUEUE_HEAD(proc_poll_wait); /* Activity counter to indicate that a swapon or swapoff has occurred */ @@ -74204,7 +74659,7 @@ index 38186d9..bfba6d3 100644 static inline unsigned char swap_count(unsigned char ent) { -@@ -1671,7 +1671,7 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile) +@@ -1663,7 +1663,7 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile) } filp_close(swap_file, NULL); err = 0; @@ -74213,7 +74668,7 @@ index 38186d9..bfba6d3 100644 wake_up_interruptible(&proc_poll_wait); out_dput: -@@ -1687,8 +1687,8 @@ static unsigned swaps_poll(struct file *file, poll_table *wait) +@@ -1679,8 +1679,8 @@ static unsigned swaps_poll(struct file *file, poll_table *wait) poll_wait(file, &proc_poll_wait, wait); @@ -74224,7 +74679,7 @@ index 38186d9..bfba6d3 100644 return POLLIN | POLLRDNORM | POLLERR | POLLPRI; } -@@ -1786,7 +1786,7 @@ static int swaps_open(struct inode *inode, struct file *file) +@@ -1778,7 +1778,7 @@ static int swaps_open(struct inode *inode, struct file *file) return ret; seq = file->private_data; @@ -74233,8 +74688,8 @@ index 38186d9..bfba6d3 100644 return 0; } -@@ -2123,7 +2123,7 @@ SYSCALL_DEFINE2(swapon, const char __user *, specialfile, int, swap_flags) - (p->flags & SWP_DISCARDABLE) ? "D" : ""); +@@ -2120,7 +2120,7 @@ SYSCALL_DEFINE2(swapon, const char __user *, specialfile, int, swap_flags) + (frontswap_map) ? "FS" : ""); mutex_unlock(&swapon_mutex); - atomic_inc(&proc_poll_event); @@ -74243,10 +74698,10 @@ index 38186d9..bfba6d3 100644 if (S_ISREG(inode->i_mode)) diff --git a/mm/util.c b/mm/util.c -index ae962b3..0bba886 100644 +index 8c7265a..c96d884 100644 --- a/mm/util.c +++ b/mm/util.c -@@ -284,6 +284,12 @@ done: +@@ -285,6 +285,12 @@ done: void arch_pick_mmap_layout(struct mm_struct *mm) { mm->mmap_base = TASK_UNMAPPED_BASE; @@ -74260,7 +74715,7 @@ index ae962b3..0bba886 100644 mm->unmap_area = arch_unmap_area; } diff --git a/mm/vmalloc.c b/mm/vmalloc.c -index 1196c77..2e608e8 100644 +index 2aad499..a8a740e 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -39,8 +39,19 @@ static void vunmap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end) @@ -74384,18 +74839,16 @@ index 1196c77..2e608e8 100644 if (!pmd_none(*pmd)) { pte_t *ptep, pte; -@@ -332,6 +372,10 @@ static void purge_vmap_area_lazy(void); - static struct vmap_area *alloc_vmap_area(unsigned long size, +@@ -329,7 +369,7 @@ static void purge_vmap_area_lazy(void); + * Allocate a region of KVA of the specified size and alignment, within the + * vstart and vend. + */ +-static struct vmap_area *alloc_vmap_area(unsigned long size, ++static struct __size_overflow(1) vmap_area *alloc_vmap_area(unsigned long size, unsigned long align, unsigned long vstart, unsigned long vend, -+ int node, gfp_t gfp_mask) __size_overflow(1); -+static struct vmap_area *alloc_vmap_area(unsigned long size, -+ unsigned long align, -+ unsigned long vstart, unsigned long vend, int node, gfp_t gfp_mask) - { - struct vmap_area *va; -@@ -1320,6 +1364,16 @@ static struct vm_struct *__get_vm_area_node(unsigned long size, +@@ -1320,6 +1360,16 @@ static struct vm_struct *__get_vm_area_node(unsigned long size, struct vm_struct *area; BUG_ON(in_interrupt()); @@ -74412,7 +74865,7 @@ index 1196c77..2e608e8 100644 if (flags & VM_IOREMAP) { int bit = fls(size); -@@ -1552,6 +1606,11 @@ void *vmap(struct page **pages, unsigned int count, +@@ -1552,6 +1602,11 @@ void *vmap(struct page **pages, unsigned int count, if (count > totalram_pages) return NULL; @@ -74424,7 +74877,7 @@ index 1196c77..2e608e8 100644 area = get_vm_area_caller((count << PAGE_SHIFT), flags, __builtin_return_address(0)); if (!area) -@@ -1653,6 +1712,13 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align, +@@ -1653,6 +1708,13 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align, if (!size || (size >> PAGE_SHIFT) > totalram_pages) goto fail; @@ -74438,7 +74891,7 @@ index 1196c77..2e608e8 100644 area = __get_vm_area_node(size, align, VM_ALLOC | VM_UNLIST, start, end, node, gfp_mask, caller); if (!area) -@@ -1826,10 +1892,9 @@ EXPORT_SYMBOL(vzalloc_node); +@@ -1826,10 +1888,9 @@ EXPORT_SYMBOL(vzalloc_node); * For tight control over page level allocator and protection flags * use __vmalloc() instead. */ @@ -74450,7 +74903,7 @@ index 1196c77..2e608e8 100644 -1, __builtin_return_address(0)); } -@@ -2124,6 +2189,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr, +@@ -2124,6 +2185,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr, unsigned long uaddr = vma->vm_start; unsigned long usize = vma->vm_end - vma->vm_start; @@ -74459,35 +74912,8 @@ index 1196c77..2e608e8 100644 if ((PAGE_SIZE-1) & (unsigned long)addr) return -EINVAL; -@@ -2376,8 +2443,8 @@ struct vm_struct **pcpu_get_vm_areas(const unsigned long *offsets, - return NULL; - } - -- vms = kzalloc(sizeof(vms[0]) * nr_vms, GFP_KERNEL); -- vas = kzalloc(sizeof(vas[0]) * nr_vms, GFP_KERNEL); -+ vms = kcalloc(nr_vms, sizeof(vms[0]), GFP_KERNEL); -+ vas = kcalloc(nr_vms, sizeof(vas[0]), GFP_KERNEL); - if (!vas || !vms) - goto err_free2; - -diff --git a/mm/vmscan.c b/mm/vmscan.c -index 4607cc6..be5bc0a 100644 ---- a/mm/vmscan.c -+++ b/mm/vmscan.c -@@ -3013,7 +3013,10 @@ static void kswapd_try_to_sleep(pg_data_t *pgdat, int order, int classzone_idx) - * them before going back to sleep. - */ - set_pgdat_percpu_threshold(pgdat, calculate_normal_threshold); -- schedule(); -+ -+ if (!kthread_should_stop()) -+ schedule(); -+ - set_pgdat_percpu_threshold(pgdat, calculate_pressure_threshold); - } else { - if (remaining) diff --git a/mm/vmstat.c b/mm/vmstat.c -index 7db1b9b..e9f6b07 100644 +index 1bbbbd9..ff35669 100644 --- a/mm/vmstat.c +++ b/mm/vmstat.c @@ -78,7 +78,7 @@ void vm_events_fold_cpu(int cpu) @@ -74517,7 +74943,7 @@ index 7db1b9b..e9f6b07 100644 } #endif -@@ -1208,10 +1208,20 @@ static int __init setup_vmstat(void) +@@ -1211,10 +1211,20 @@ static int __init setup_vmstat(void) start_cpu_timer(cpu); #endif #ifdef CONFIG_PROC_FS @@ -74543,10 +74969,10 @@ index 7db1b9b..e9f6b07 100644 return 0; } diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c -index efea35b..9c8dd0b 100644 +index 9096bcb..43ed7bb 100644 --- a/net/8021q/vlan.c +++ b/net/8021q/vlan.c -@@ -554,8 +554,7 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg) +@@ -557,8 +557,7 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg) err = -EPERM; if (!capable(CAP_NET_ADMIN)) break; @@ -74557,7 +74983,7 @@ index efea35b..9c8dd0b 100644 vn = net_generic(net, vlan_net_id); diff --git a/net/9p/trans_fd.c b/net/9p/trans_fd.c -index fccae26..e7ece2f 100644 +index 6449bae..8c1f454 100644 --- a/net/9p/trans_fd.c +++ b/net/9p/trans_fd.c @@ -425,7 +425,7 @@ static int p9_fd_write(struct p9_client *client, void *v, int len) @@ -74610,7 +75036,7 @@ index 876fbe8..8bbea9f 100644 #undef __HANDLE_ITEM } diff --git a/net/atm/lec.h b/net/atm/lec.h -index dfc0719..47c5322 100644 +index a86aff9..3a0d6f6 100644 --- a/net/atm/lec.h +++ b/net/atm/lec.h @@ -48,7 +48,7 @@ struct lane2_ops { @@ -74675,10 +75101,19 @@ index 23f45ce..c748f1a 100644 #undef __HANDLE_ITEM } diff --git a/net/batman-adv/bat_iv_ogm.c b/net/batman-adv/bat_iv_ogm.c -index a6d5d63..1cc6c2b 100644 +index dc53798..dc66333 100644 --- a/net/batman-adv/bat_iv_ogm.c +++ b/net/batman-adv/bat_iv_ogm.c -@@ -539,7 +539,7 @@ static void bat_iv_ogm_schedule(struct hard_iface *hard_iface, +@@ -63,7 +63,7 @@ static int bat_iv_ogm_iface_enable(struct hard_iface *hard_iface) + + /* randomize initial seqno to avoid collision */ + get_random_bytes(&random_seqno, sizeof(random_seqno)); +- atomic_set(&hard_iface->seqno, random_seqno); ++ atomic_set_unchecked(&hard_iface->seqno, random_seqno); + + hard_iface->packet_len = BATMAN_OGM_HLEN; + hard_iface->packet_buff = kmalloc(hard_iface->packet_len, GFP_ATOMIC); +@@ -572,7 +572,7 @@ static void bat_iv_ogm_schedule(struct hard_iface *hard_iface, /* change sequence number to network order */ batman_ogm_packet->seqno = @@ -74687,7 +75122,7 @@ index a6d5d63..1cc6c2b 100644 batman_ogm_packet->ttvn = atomic_read(&bat_priv->ttvn); batman_ogm_packet->tt_crc = htons((uint16_t) -@@ -559,7 +559,7 @@ static void bat_iv_ogm_schedule(struct hard_iface *hard_iface, +@@ -592,7 +592,7 @@ static void bat_iv_ogm_schedule(struct hard_iface *hard_iface, else batman_ogm_packet->gw_flags = NO_FLAGS; @@ -74696,7 +75131,7 @@ index a6d5d63..1cc6c2b 100644 slide_own_bcast_window(hard_iface); bat_iv_ogm_queue_add(bat_priv, hard_iface->packet_buff, -@@ -917,7 +917,7 @@ static void bat_iv_ogm_process(const struct ethhdr *ethhdr, +@@ -956,7 +956,7 @@ static void bat_iv_ogm_process(const struct ethhdr *ethhdr, return; /* could be changed by schedule_own_packet() */ @@ -74706,25 +75141,32 @@ index a6d5d63..1cc6c2b 100644 has_directlink_flag = (batman_ogm_packet->flags & DIRECTLINK ? 1 : 0); diff --git a/net/batman-adv/hard-interface.c b/net/batman-adv/hard-interface.c -index 3778977..f6a9450 100644 +index dc334fa..766a01a 100644 --- a/net/batman-adv/hard-interface.c +++ b/net/batman-adv/hard-interface.c -@@ -328,8 +328,8 @@ int hardif_enable_interface(struct hard_iface *hard_iface, +@@ -321,7 +321,7 @@ int hardif_enable_interface(struct hard_iface *hard_iface, hard_iface->batman_adv_ptype.dev = hard_iface->net_dev; dev_add_pack(&hard_iface->batman_adv_ptype); -- atomic_set(&hard_iface->seqno, 1); - atomic_set(&hard_iface->frag_seqno, 1); -+ atomic_set_unchecked(&hard_iface->seqno, 1); + atomic_set_unchecked(&hard_iface->frag_seqno, 1); bat_info(hard_iface->soft_iface, "Adding interface: %s\n", hard_iface->net_dev->name); +@@ -444,7 +444,7 @@ static struct hard_iface *hardif_add_interface(struct net_device *net_dev) + * This can't be called via a bat_priv callback because + * we have no bat_priv yet. + */ +- atomic_set(&hard_iface->seqno, 1); ++ atomic_set_unchecked(&hard_iface->seqno, 1); + hard_iface->packet_buff = NULL; + + return hard_iface; diff --git a/net/batman-adv/soft-interface.c b/net/batman-adv/soft-interface.c -index a5590f4..8d31969 100644 +index a0ec0e4..7beb587 100644 --- a/net/batman-adv/soft-interface.c +++ b/net/batman-adv/soft-interface.c -@@ -645,7 +645,7 @@ static int interface_tx(struct sk_buff *skb, struct net_device *soft_iface) +@@ -214,7 +214,7 @@ static int interface_tx(struct sk_buff *skb, struct net_device *soft_iface) /* set broadcast sequence number */ bcast_packet->seqno = @@ -74733,7 +75175,7 @@ index a5590f4..8d31969 100644 add_bcast_packet_to_list(bat_priv, skb, 1); -@@ -841,7 +841,7 @@ struct net_device *softif_create(const char *name) +@@ -390,7 +390,7 @@ struct net_device *softif_create(const char *name) atomic_set(&bat_priv->batman_queue_left, BATMAN_QUEUE_LEN); atomic_set(&bat_priv->mesh_state, MESH_INACTIVE); @@ -74743,7 +75185,7 @@ index a5590f4..8d31969 100644 atomic_set(&bat_priv->tt_local_changes, 0); atomic_set(&bat_priv->tt_ogm_append_cnt, 0); diff --git a/net/batman-adv/types.h b/net/batman-adv/types.h -index 302efb5..1590365 100644 +index 61308e8..2e142b2 100644 --- a/net/batman-adv/types.h +++ b/net/batman-adv/types.h @@ -38,8 +38,8 @@ struct hard_iface { @@ -74757,7 +75199,7 @@ index 302efb5..1590365 100644 unsigned char *packet_buff; int packet_len; struct kobject *hardif_obj; -@@ -155,7 +155,7 @@ struct bat_priv { +@@ -163,7 +163,7 @@ struct bat_priv { atomic_t orig_interval; /* uint */ atomic_t hop_penalty; /* uint */ atomic_t log_level; /* uint */ @@ -74767,7 +75209,7 @@ index 302efb5..1590365 100644 atomic_t batman_queue_left; atomic_t ttvn; /* translation table version number */ diff --git a/net/batman-adv/unicast.c b/net/batman-adv/unicast.c -index 676f6a6..3b4e668 100644 +index 74175c2..32f8901 100644 --- a/net/batman-adv/unicast.c +++ b/net/batman-adv/unicast.c @@ -264,7 +264,7 @@ int frag_send_skb(struct sk_buff *skb, struct bat_priv *bat_priv, @@ -74779,24 +75221,11 @@ index 676f6a6..3b4e668 100644 frag1->seqno = htons(seqno - 1); frag2->seqno = htons(seqno); -diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c -index 5238b6b..c9798ce 100644 ---- a/net/bluetooth/hci_conn.c -+++ b/net/bluetooth/hci_conn.c -@@ -233,7 +233,7 @@ void hci_le_ltk_reply(struct hci_conn *conn, u8 ltk[16]) - memset(&cp, 0, sizeof(cp)); - - cp.handle = cpu_to_le16(conn->handle); -- memcpy(cp.ltk, ltk, sizeof(ltk)); -+ memcpy(cp.ltk, ltk, sizeof(cp.ltk)); - - hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp); - } diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c -index 6f9c25b..d19fd66 100644 +index 4554e80..b778671 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c -@@ -2466,8 +2466,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, voi +@@ -2798,8 +2798,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, voi break; case L2CAP_CONF_RFC: @@ -74809,19 +75238,45 @@ index 6f9c25b..d19fd66 100644 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) && rfc.mode != chan->mode) -@@ -2585,8 +2587,10 @@ static void l2cap_conf_rfc_get(struct l2cap_chan *chan, void *rsp, int len) +diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c +index d1820ff..d414b0e 100644 +--- a/net/bluetooth/rfcomm/tty.c ++++ b/net/bluetooth/rfcomm/tty.c +@@ -314,7 +314,7 @@ static void rfcomm_dev_del(struct rfcomm_dev *dev) + BUG_ON(test_and_set_bit(RFCOMM_TTY_RELEASED, &dev->flags)); + + spin_lock_irqsave(&dev->port.lock, flags); +- if (dev->port.count > 0) { ++ if (atomic_read(&dev->port.count) > 0) { + spin_unlock_irqrestore(&dev->port.lock, flags); + return; + } +@@ -669,10 +669,10 @@ static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp) + return -ENODEV; - switch (type) { - case L2CAP_CONF_RFC: -- if (olen == sizeof(rfc)) -- memcpy(&rfc, (void *)val, olen); -+ if (olen != sizeof(rfc)) -+ break; -+ -+ memcpy(&rfc, (void *)val, olen); - goto done; - } + BT_DBG("dev %p dst %s channel %d opened %d", dev, batostr(&dev->dst), +- dev->channel, dev->port.count); ++ dev->channel, atomic_read(&dev->port.count)); + + spin_lock_irqsave(&dev->port.lock, flags); +- if (++dev->port.count > 1) { ++ if (atomic_inc_return(&dev->port.count) > 1) { + spin_unlock_irqrestore(&dev->port.lock, flags); + return 0; } +@@ -737,10 +737,10 @@ static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp) + return; + + BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc, +- dev->port.count); ++ atomic_read(&dev->port.count)); + + spin_lock_irqsave(&dev->port.lock, flags); +- if (!--dev->port.count) { ++ if (!atomic_dec_return(&dev->port.count)) { + spin_unlock_irqrestore(&dev->port.lock, flags); + if (dev->tty_dev->parent) + device_move(dev->tty_dev, NULL, DPM_ORDER_DEV_LAST); diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index 5fe2ff3..10968b5 100644 --- a/net/bridge/netfilter/ebtables.c @@ -74835,34 +75290,19 @@ index 5fe2ff3..10968b5 100644 BUGPRINT("c2u Didn't work\n"); ret = -EFAULT; break; -diff --git a/net/caif/caif_dev.c b/net/caif/caif_dev.c -index aa6f716..7bf4c21 100644 ---- a/net/caif/caif_dev.c -+++ b/net/caif/caif_dev.c -@@ -562,9 +562,9 @@ static int __init caif_device_init(void) - - static void __exit caif_device_exit(void) - { -- unregister_pernet_subsys(&caif_net_ops); - unregister_netdevice_notifier(&caif_device_notifier); - dev_remove_pack(&caif_packet_type); -+ unregister_pernet_subsys(&caif_net_ops); - } - - module_init(caif_device_init); diff --git a/net/caif/cfctrl.c b/net/caif/cfctrl.c -index 5cf5222..6f704ad 100644 +index 047cd0e..461fd28 100644 --- a/net/caif/cfctrl.c +++ b/net/caif/cfctrl.c -@@ -9,6 +9,7 @@ - #include +@@ -10,6 +10,7 @@ #include #include + #include +#include #include #include #include -@@ -42,8 +43,8 @@ struct cflayer *cfctrl_create(void) +@@ -43,8 +44,8 @@ struct cflayer *cfctrl_create(void) memset(&dev_info, 0, sizeof(dev_info)); dev_info.id = 0xff; cfsrvl_init(&this->serv, 0, &dev_info, false); @@ -74873,7 +75313,7 @@ index 5cf5222..6f704ad 100644 this->serv.layer.receive = cfctrl_recv; sprintf(this->serv.layer.name, "ctrl"); this->serv.layer.ctrlcmd = cfctrl_ctrlcmd; -@@ -129,8 +130,8 @@ static void cfctrl_insert_req(struct cfctrl *ctrl, +@@ -130,8 +131,8 @@ static void cfctrl_insert_req(struct cfctrl *ctrl, struct cfctrl_request_info *req) { spin_lock_bh(&ctrl->info_list_lock); @@ -74884,7 +75324,7 @@ index 5cf5222..6f704ad 100644 list_add_tail(&req->list, &ctrl->list); spin_unlock_bh(&ctrl->info_list_lock); } -@@ -148,7 +149,7 @@ static struct cfctrl_request_info *cfctrl_remove_req(struct cfctrl *ctrl, +@@ -149,7 +150,7 @@ static struct cfctrl_request_info *cfctrl_remove_req(struct cfctrl *ctrl, if (p != first) pr_warn("Requests are not received in order\n"); @@ -74894,7 +75334,7 @@ index 5cf5222..6f704ad 100644 list_del(&p->list); goto out; diff --git a/net/can/gw.c b/net/can/gw.c -index 3d79b12..8de85fa 100644 +index b41acf2..3affb3a 100644 --- a/net/can/gw.c +++ b/net/can/gw.c @@ -96,7 +96,7 @@ struct cf_mod { @@ -74907,7 +75347,7 @@ index 3d79b12..8de85fa 100644 diff --git a/net/compat.c b/net/compat.c -index e055708..3f80795 100644 +index 74ed1d7..62f7ea6 100644 --- a/net/compat.c +++ b/net/compat.c @@ -71,9 +71,9 @@ int get_compat_msghdr(struct msghdr *kmsg, struct compat_msghdr __user *umsg) @@ -74972,8 +75412,8 @@ index e055708..3f80795 100644 - struct compat_cmsghdr __user *cm = (struct compat_cmsghdr __user *) kmsg->msg_control; + struct compat_cmsghdr __user *cm = (struct compat_cmsghdr __force_user *) kmsg->msg_control; struct compat_cmsghdr cmhdr; - int cmlen; - + struct compat_timeval ctv; + struct compat_timespec cts[3]; @@ -275,7 +275,7 @@ int put_cmsg_compat(struct msghdr *kmsg, int level, int type, int len, void *dat void scm_detach_fds_compat(struct msghdr *kmsg, struct scm_cookie *scm) @@ -74983,7 +75423,7 @@ index e055708..3f80795 100644 int fdmax = (kmsg->msg_controllen - sizeof(struct compat_cmsghdr)) / sizeof(int); int fdnum = scm->fp->count; struct file **fp = scm->fp->fp; -@@ -372,7 +372,7 @@ static int do_set_sock_timeout(struct socket *sock, int level, +@@ -364,7 +364,7 @@ static int do_set_sock_timeout(struct socket *sock, int level, return -EFAULT; old_fs = get_fs(); set_fs(KERNEL_DS); @@ -74992,7 +75432,7 @@ index e055708..3f80795 100644 set_fs(old_fs); return err; -@@ -433,7 +433,7 @@ static int do_get_sock_timeout(struct socket *sock, int level, int optname, +@@ -425,7 +425,7 @@ static int do_get_sock_timeout(struct socket *sock, int level, int optname, len = sizeof(ktime); old_fs = get_fs(); set_fs(KERNEL_DS); @@ -75001,7 +75441,7 @@ index e055708..3f80795 100644 set_fs(old_fs); if (!err) { -@@ -576,7 +576,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname, +@@ -568,7 +568,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname, case MCAST_JOIN_GROUP: case MCAST_LEAVE_GROUP: { @@ -75010,7 +75450,7 @@ index e055708..3f80795 100644 struct group_req __user *kgr = compat_alloc_user_space(sizeof(struct group_req)); u32 interface; -@@ -597,7 +597,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname, +@@ -589,7 +589,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname, case MCAST_BLOCK_SOURCE: case MCAST_UNBLOCK_SOURCE: { @@ -75019,7 +75459,7 @@ index e055708..3f80795 100644 struct group_source_req __user *kgsr = compat_alloc_user_space( sizeof(struct group_source_req)); u32 interface; -@@ -618,7 +618,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname, +@@ -610,7 +610,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname, } case MCAST_MSFILTER: { @@ -75028,7 +75468,7 @@ index e055708..3f80795 100644 struct group_filter __user *kgf; u32 interface, fmode, numsrc; -@@ -656,7 +656,7 @@ int compat_mc_getsockopt(struct sock *sock, int level, int optname, +@@ -648,7 +648,7 @@ int compat_mc_getsockopt(struct sock *sock, int level, int optname, char __user *optval, int __user *optlen, int (*getsockopt)(struct sock *, int, int, char __user *, int __user *)) { @@ -75038,7 +75478,7 @@ index e055708..3f80795 100644 int __user *koptlen; u32 interface, fmode, numsrc; diff --git a/net/core/datagram.c b/net/core/datagram.c -index e4fbfd6..6a6ac94 100644 +index ae6acf6..d5c8f66 100644 --- a/net/core/datagram.c +++ b/net/core/datagram.c @@ -290,7 +290,7 @@ int skb_kill_datagram(struct sock *sk, struct sk_buff *skb, unsigned int flags) @@ -75051,10 +75491,10 @@ index e4fbfd6..6a6ac94 100644 return err; diff --git a/net/core/dev.c b/net/core/dev.c -index 533c586..f78a55f 100644 +index 1cb0d8a..0427dd9 100644 --- a/net/core/dev.c +++ b/net/core/dev.c -@@ -1136,9 +1136,13 @@ void dev_load(struct net *net, const char *name) +@@ -1135,9 +1135,13 @@ void dev_load(struct net *net, const char *name) if (no_module && capable(CAP_NET_ADMIN)) no_module = request_module("netdev-%s", name); if (no_module && capable(CAP_SYS_MODULE)) { @@ -75062,13 +75502,13 @@ index 533c586..f78a55f 100644 + ___request_module(true, "grsec_modharden_netdev", "%s", name); +#else if (!request_module("%s", name)) - pr_err("Loading kernel module for a network device with CAP_SYS_MODULE (deprecated). Use CAP_NET_ADMIN and alias netdev-%s instead.\n", - name); + pr_warn("Loading kernel module for a network device with CAP_SYS_MODULE (deprecated). Use CAP_NET_ADMIN and alias netdev-%s instead.\n", + name); +#endif } } EXPORT_SYMBOL(dev_load); -@@ -1602,7 +1606,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) +@@ -1601,7 +1605,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) { if (skb_shinfo(skb)->tx_flags & SKBTX_DEV_ZEROCOPY) { if (skb_copy_ubufs(skb, GFP_ATOMIC)) { @@ -75077,7 +75517,7 @@ index 533c586..f78a55f 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -1612,7 +1616,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) +@@ -1611,7 +1615,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) nf_reset(skb); if (unlikely(!is_skb_forwardable(dev, skb))) { @@ -75086,7 +75526,7 @@ index 533c586..f78a55f 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -2042,7 +2046,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb) +@@ -2040,7 +2044,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb) struct dev_gso_cb { void (*destructor)(struct sk_buff *skb); @@ -75095,7 +75535,7 @@ index 533c586..f78a55f 100644 #define DEV_GSO_CB(skb) ((struct dev_gso_cb *)(skb)->cb) -@@ -2877,7 +2881,7 @@ enqueue: +@@ -2875,7 +2879,7 @@ enqueue: local_irq_restore(flags); @@ -75104,7 +75544,7 @@ index 533c586..f78a55f 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -2949,7 +2953,7 @@ int netif_rx_ni(struct sk_buff *skb) +@@ -2947,7 +2951,7 @@ int netif_rx_ni(struct sk_buff *skb) } EXPORT_SYMBOL(netif_rx_ni); @@ -75113,7 +75553,7 @@ index 533c586..f78a55f 100644 { struct softnet_data *sd = &__get_cpu_var(softnet_data); -@@ -3237,7 +3241,7 @@ ncls: +@@ -3234,7 +3238,7 @@ ncls: if (pt_prev) { ret = pt_prev->func(skb, skb->dev, pt_prev, orig_dev); } else { @@ -75122,7 +75562,7 @@ index 533c586..f78a55f 100644 kfree_skb(skb); /* Jamal, now you will not able to escape explaining * me how you were going to use this. :-) -@@ -3797,7 +3801,7 @@ void netif_napi_del(struct napi_struct *napi) +@@ -3799,7 +3803,7 @@ void netif_napi_del(struct napi_struct *napi) } EXPORT_SYMBOL(netif_napi_del); @@ -75131,7 +75571,7 @@ index 533c586..f78a55f 100644 { struct softnet_data *sd = &__get_cpu_var(softnet_data); unsigned long time_limit = jiffies + 2; -@@ -4267,8 +4271,13 @@ static int ptype_seq_show(struct seq_file *seq, void *v) +@@ -4269,8 +4273,13 @@ static int ptype_seq_show(struct seq_file *seq, void *v) else seq_printf(seq, "%04x", ntohs(pt->type)); @@ -75145,7 +75585,7 @@ index 533c586..f78a55f 100644 } return 0; -@@ -5818,7 +5827,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev, +@@ -5820,7 +5829,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev, } else { netdev_stats_to_stats64(storage, &dev->stats); } @@ -75217,10 +75657,10 @@ index 7e7aeb0..2a998cb 100644 m->msg_iov = iov; diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c -index 90430b7..0032ec0 100644 +index 23e3f66..f78041f 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c -@@ -56,7 +56,7 @@ struct rtnl_link { +@@ -58,7 +58,7 @@ struct rtnl_link { rtnl_doit_func doit; rtnl_dumpit_func dumpit; rtnl_calcit_func calcit; @@ -75270,10 +75710,10 @@ index 611c5ef..88f6d6d 100644 { int new_fd; diff --git a/net/core/sock.c b/net/core/sock.c -index 0f8402e..f0b6338 100644 +index 9e5b71f..66dec30 100644 --- a/net/core/sock.c +++ b/net/core/sock.c -@@ -340,7 +340,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) +@@ -344,7 +344,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) struct sk_buff_head *list = &sk->sk_receive_queue; if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) { @@ -75282,7 +75722,7 @@ index 0f8402e..f0b6338 100644 trace_sock_rcvqueue_full(sk, skb); return -ENOMEM; } -@@ -350,7 +350,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) +@@ -354,7 +354,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) return err; if (!sk_rmem_schedule(sk, skb->truesize)) { @@ -75291,7 +75731,7 @@ index 0f8402e..f0b6338 100644 return -ENOBUFS; } -@@ -370,7 +370,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) +@@ -374,7 +374,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) skb_dst_force(skb); spin_lock_irqsave(&list->lock, flags); @@ -75300,25 +75740,25 @@ index 0f8402e..f0b6338 100644 __skb_queue_tail(list, skb); spin_unlock_irqrestore(&list->lock, flags); -@@ -390,7 +390,7 @@ int sk_receive_skb(struct sock *sk, struct sk_buff *skb, const int nested) +@@ -394,7 +394,7 @@ int sk_receive_skb(struct sock *sk, struct sk_buff *skb, const int nested) skb->dev = NULL; - if (sk_rcvqueues_full(sk, skb)) { + if (sk_rcvqueues_full(sk, skb, sk->sk_rcvbuf)) { - atomic_inc(&sk->sk_drops); + atomic_inc_unchecked(&sk->sk_drops); goto discard_and_relse; } if (nested) -@@ -408,7 +408,7 @@ int sk_receive_skb(struct sock *sk, struct sk_buff *skb, const int nested) +@@ -412,7 +412,7 @@ int sk_receive_skb(struct sock *sk, struct sk_buff *skb, const int nested) mutex_release(&sk->sk_lock.dep_map, 1, _RET_IP_); - } else if (sk_add_backlog(sk, skb)) { + } else if (sk_add_backlog(sk, skb, sk->sk_rcvbuf)) { bh_unlock_sock(sk); - atomic_inc(&sk->sk_drops); + atomic_inc_unchecked(&sk->sk_drops); goto discard_and_relse; } -@@ -984,7 +984,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname, +@@ -976,7 +976,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname, if (len > sizeof(peercred)) len = sizeof(peercred); cred_to_ucred(sk->sk_peer_pid, sk->sk_peer_cred, &peercred); @@ -75327,7 +75767,7 @@ index 0f8402e..f0b6338 100644 return -EFAULT; goto lenout; } -@@ -997,7 +997,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname, +@@ -989,7 +989,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname, return -ENOTCONN; if (lv < len) return -EINVAL; @@ -75336,7 +75776,7 @@ index 0f8402e..f0b6338 100644 return -EFAULT; goto lenout; } -@@ -1043,7 +1043,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname, +@@ -1035,7 +1035,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname, if (len > lv) len = lv; @@ -75345,7 +75785,7 @@ index 0f8402e..f0b6338 100644 return -EFAULT; lenout: if (put_user(len, optlen)) -@@ -2131,7 +2131,7 @@ void sock_init_data(struct socket *sock, struct sock *sk) +@@ -2124,7 +2124,7 @@ void sock_init_data(struct socket *sock, struct sock *sk) */ smp_wmb(); atomic_set(&sk->sk_refcnt, 1); @@ -75355,7 +75795,7 @@ index 0f8402e..f0b6338 100644 EXPORT_SYMBOL(sock_init_data); diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c -index b9868e1..849f809 100644 +index 5fd1467..8b70900 100644 --- a/net/core/sock_diag.c +++ b/net/core/sock_diag.c @@ -16,20 +16,27 @@ static DEFINE_MUTEX(sock_diag_table_mutex); @@ -75387,7 +75827,7 @@ index b9868e1..849f809 100644 EXPORT_SYMBOL_GPL(sock_diag_save_cookie); diff --git a/net/decnet/sysctl_net_decnet.c b/net/decnet/sysctl_net_decnet.c -index 02e75d1..9a57a7c 100644 +index a55eecc..dd8428c 100644 --- a/net/decnet/sysctl_net_decnet.c +++ b/net/decnet/sysctl_net_decnet.c @@ -174,7 +174,7 @@ static int dn_node_address_handler(ctl_table *table, int write, @@ -75408,38 +75848,8 @@ index 02e75d1..9a57a7c 100644 return -EFAULT; *lenp = len; -diff --git a/net/econet/Kconfig b/net/econet/Kconfig -index 39a2d29..f39c0fe 100644 ---- a/net/econet/Kconfig -+++ b/net/econet/Kconfig -@@ -4,7 +4,7 @@ - - config ECONET - tristate "Acorn Econet/AUN protocols (EXPERIMENTAL)" -- depends on EXPERIMENTAL && INET -+ depends on EXPERIMENTAL && INET && BROKEN - ---help--- - Econet is a fairly old and slow networking protocol mainly used by - Acorn computers to access file and print servers. It uses native -diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c -index c48adc5..667c1d4 100644 ---- a/net/ipv4/cipso_ipv4.c -+++ b/net/ipv4/cipso_ipv4.c -@@ -1725,8 +1725,10 @@ int cipso_v4_validate(const struct sk_buff *skb, unsigned char **option) - case CIPSO_V4_TAG_LOCAL: - /* This is a non-standard tag that we only allow for - * local connections, so if the incoming interface is -- * not the loopback device drop the packet. */ -- if (!(skb->dev->flags & IFF_LOOPBACK)) { -+ * not the loopback device drop the packet. Further, -+ * there is no legitimate reason for setting this from -+ * userspace so reject it if skb is NULL. */ -+ if (skb == NULL || !(skb->dev->flags & IFF_LOOPBACK)) { - err_offset = opt_iter; - goto validate_return_locked; - } diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c -index cbe3a68..a879b75 100644 +index 3854411..2201a94 100644 --- a/net/ipv4/fib_frontend.c +++ b/net/ipv4/fib_frontend.c @@ -969,12 +969,12 @@ static int fib_inetaddr_event(struct notifier_block *this, unsigned long event, @@ -75467,7 +75877,7 @@ index cbe3a68..a879b75 100644 break; case NETDEV_DOWN: diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c -index 8861f91..ab1e3c1 100644 +index e5b7182..570a90e 100644 --- a/net/ipv4/fib_semantics.c +++ b/net/ipv4/fib_semantics.c @@ -698,7 +698,7 @@ __be32 fib_info_update_nh_saddr(struct net *net, struct fib_nh *nh) @@ -75480,7 +75890,7 @@ index 8861f91..ab1e3c1 100644 return nh->nh_saddr; } diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c -index 984ec65..97ac518 100644 +index 7880af9..70f92a3 100644 --- a/net/ipv4/inet_hashtables.c +++ b/net/ipv4/inet_hashtables.c @@ -18,12 +18,15 @@ @@ -75524,7 +75934,7 @@ index dfba343..c827d50 100644 secure_ip_id(daddr->addr.a4) : secure_ipv6_id(daddr->addr.a6)); diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c -index 3727e23..517f5df 100644 +index 9dbd3dd..0c59fb2 100644 --- a/net/ipv4/ip_fragment.c +++ b/net/ipv4/ip_fragment.c @@ -318,7 +318,7 @@ static inline int ip_frag_too_far(struct ipq *qp) @@ -75537,10 +75947,10 @@ index 3727e23..517f5df 100644 rc = qp->q.fragments && (end - start) > max; diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c -index 2fd0fba..83fac99 100644 +index 0d11f23..2bb3f64 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c -@@ -1137,7 +1137,8 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname, +@@ -1142,7 +1142,8 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname, len = min_t(unsigned int, len, opt->optlen); if (put_user(len, optlen)) return -EFAULT; @@ -75550,7 +75960,7 @@ index 2fd0fba..83fac99 100644 return -EFAULT; return 0; } -@@ -1268,7 +1269,7 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname, +@@ -1273,7 +1274,7 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname, if (sk->sk_type != SOCK_STREAM) return -ENOPROTOOPT; @@ -75560,7 +75970,7 @@ index 2fd0fba..83fac99 100644 msg.msg_flags = flags; diff --git a/net/ipv4/ipconfig.c b/net/ipv4/ipconfig.c -index 92ac7e7..13f93d9 100644 +index 67e8a6b..386764d 100644 --- a/net/ipv4/ipconfig.c +++ b/net/ipv4/ipconfig.c @@ -321,7 +321,7 @@ static int __init ic_devinet_ioctl(unsigned int cmd, struct ifreq *arg) @@ -75591,10 +76001,10 @@ index 92ac7e7..13f93d9 100644 return res; } diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c -index 50009c7..5996a9f 100644 +index 2c00e8b..45b3bdd 100644 --- a/net/ipv4/ping.c +++ b/net/ipv4/ping.c -@@ -838,7 +838,7 @@ static void ping_format_sock(struct sock *sp, struct seq_file *f, +@@ -845,7 +845,7 @@ static void ping_format_sock(struct sock *sp, struct seq_file *f, sk_rmem_alloc_get(sp), 0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp), atomic_read(&sp->sk_refcnt), sp, @@ -75604,10 +76014,10 @@ index 50009c7..5996a9f 100644 static int ping_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c -index bbd604c..4d5469c 100644 +index 4032b81..625143c 100644 --- a/net/ipv4/raw.c +++ b/net/ipv4/raw.c -@@ -304,7 +304,7 @@ static int raw_rcv_skb(struct sock * sk, struct sk_buff * skb) +@@ -304,7 +304,7 @@ static int raw_rcv_skb(struct sock *sk, struct sk_buff *skb) int raw_rcv(struct sock *sk, struct sk_buff *skb) { if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb)) { @@ -75665,10 +76075,10 @@ index bbd604c..4d5469c 100644 static int raw_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv4/route.c b/net/ipv4/route.c -index 167ea10..4b15883 100644 +index 98b30d0..cfa3cf7 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c -@@ -312,7 +312,7 @@ static inline unsigned int rt_hash(__be32 daddr, __be32 saddr, int idx, +@@ -313,7 +313,7 @@ static inline unsigned int rt_hash(__be32 daddr, __be32 saddr, int idx, static inline int rt_genid(struct net *net) { @@ -75677,7 +76087,7 @@ index 167ea10..4b15883 100644 } #ifdef CONFIG_PROC_FS -@@ -936,7 +936,7 @@ static void rt_cache_invalidate(struct net *net) +@@ -937,7 +937,7 @@ static void rt_cache_invalidate(struct net *net) unsigned char shuffle; get_random_bytes(&shuffle, sizeof(shuffle)); @@ -75686,7 +76096,7 @@ index 167ea10..4b15883 100644 inetpeer_invalidate_tree(AF_INET); } -@@ -3009,7 +3009,7 @@ static int rt_fill_info(struct net *net, +@@ -3011,7 +3011,7 @@ static int rt_fill_info(struct net *net, error = rt->dst.error; if (peer) { inet_peer_refcheck(rt->peer); @@ -75696,7 +76106,7 @@ index 167ea10..4b15883 100644 ts = peer->tcp_ts; tsage = get_seconds() - peer->tcp_ts_stamp; diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c -index 0cb86ce..8e7fda8 100644 +index c8d28c4..e40f75a 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -90,6 +90,10 @@ int sysctl_tcp_low_latency __read_mostly; @@ -75710,7 +76120,7 @@ index 0cb86ce..8e7fda8 100644 #ifdef CONFIG_TCP_MD5SIG static int tcp_v4_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key, __be32 daddr, __be32 saddr, const struct tcphdr *th); -@@ -1641,6 +1645,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) +@@ -1656,6 +1660,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) return 0; reset: @@ -75720,7 +76130,7 @@ index 0cb86ce..8e7fda8 100644 tcp_v4_send_reset(rsk, skb); discard: kfree_skb(skb); -@@ -1703,12 +1710,19 @@ int tcp_v4_rcv(struct sk_buff *skb) +@@ -1718,12 +1725,19 @@ int tcp_v4_rcv(struct sk_buff *skb) TCP_SKB_CB(skb)->sacked = 0; sk = __inet_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest); @@ -75743,7 +76153,7 @@ index 0cb86ce..8e7fda8 100644 if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) { NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP); -@@ -1758,6 +1772,10 @@ no_tcp_socket: +@@ -1774,6 +1788,10 @@ no_tcp_socket: bad_packet: TCP_INC_STATS_BH(net, TCP_MIB_INERRS); } else { @@ -75754,7 +76164,7 @@ index 0cb86ce..8e7fda8 100644 tcp_v4_send_reset(NULL, skb); } -@@ -2419,7 +2437,11 @@ static void get_openreq4(const struct sock *sk, const struct request_sock *req, +@@ -2386,7 +2404,11 @@ static void get_openreq4(const struct sock *sk, const struct request_sock *req, 0, /* non standard timer */ 0, /* open_requests have no inode */ atomic_read(&sk->sk_refcnt), @@ -75766,7 +76176,7 @@ index 0cb86ce..8e7fda8 100644 len); } -@@ -2469,7 +2491,12 @@ static void get_tcp4_sock(struct sock *sk, struct seq_file *f, int i, int *len) +@@ -2436,7 +2458,12 @@ static void get_tcp4_sock(struct sock *sk, struct seq_file *f, int i, int *len) sock_i_uid(sk), icsk->icsk_probes_out, sock_i_ino(sk), @@ -75780,7 +76190,7 @@ index 0cb86ce..8e7fda8 100644 jiffies_to_clock_t(icsk->icsk_rto), jiffies_to_clock_t(icsk->icsk_ack.ato), (icsk->icsk_ack.quick << 1) | icsk->icsk_ack.pingpong, -@@ -2497,7 +2524,13 @@ static void get_timewait4_sock(const struct inet_timewait_sock *tw, +@@ -2464,7 +2491,13 @@ static void get_timewait4_sock(const struct inet_timewait_sock *tw, " %02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK%n", i, src, srcp, dest, destp, tw->tw_substate, 0, 0, 3, jiffies_to_clock_t(ttd), 0, 0, 0, 0, @@ -75796,7 +76206,7 @@ index 0cb86ce..8e7fda8 100644 #define TMPSZ 150 diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c -index 3cabafb..640525b 100644 +index b85d9fe..4b0eed9 100644 --- a/net/ipv4/tcp_minisocks.c +++ b/net/ipv4/tcp_minisocks.c @@ -27,6 +27,10 @@ @@ -75810,7 +76220,7 @@ index 3cabafb..640525b 100644 int sysctl_tcp_syncookies __read_mostly = 1; EXPORT_SYMBOL(sysctl_tcp_syncookies); -@@ -753,6 +757,10 @@ listen_overflow: +@@ -754,6 +758,10 @@ listen_overflow: embryonic_reset: NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_EMBRYONICRSTS); @@ -75822,7 +76232,7 @@ index 3cabafb..640525b 100644 req->rsk_ops->send_reset(sk, skb); diff --git a/net/ipv4/tcp_probe.c b/net/ipv4/tcp_probe.c -index a981cdc..48f4c3a 100644 +index 4526fe6..1a34e43 100644 --- a/net/ipv4/tcp_probe.c +++ b/net/ipv4/tcp_probe.c @@ -204,7 +204,7 @@ static ssize_t tcpprobe_read(struct file *file, char __user *buf, @@ -75835,7 +76245,7 @@ index a981cdc..48f4c3a 100644 cnt += width; } diff --git a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c -index 34d4a02..3b57f86 100644 +index e911e6c..d0a9356 100644 --- a/net/ipv4/tcp_timer.c +++ b/net/ipv4/tcp_timer.c @@ -22,6 +22,10 @@ @@ -75864,7 +76274,7 @@ index 34d4a02..3b57f86 100644 syn_set ? 0 : icsk->icsk_user_timeout, syn_set)) { /* Has it gone just too far? */ diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c -index fe14105..0618260 100644 +index eaca736..60488ae 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c @@ -87,6 +87,7 @@ @@ -75875,8 +76285,8 @@ index fe14105..0618260 100644 #include #include #include -@@ -109,6 +110,10 @@ - #include +@@ -110,6 +111,10 @@ + #include #include "udp_impl.h" +#ifdef CONFIG_GRKERNSEC_BLACKHOLE @@ -75886,7 +76296,7 @@ index fe14105..0618260 100644 struct udp_table udp_table __read_mostly; EXPORT_SYMBOL(udp_table); -@@ -567,6 +572,9 @@ found: +@@ -568,6 +573,9 @@ found: return s; } @@ -75896,7 +76306,7 @@ index fe14105..0618260 100644 /* * This routine is called by the ICMP module when it gets some * sort of error condition. If err < 0 then the socket should -@@ -858,9 +866,18 @@ int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, +@@ -859,9 +867,18 @@ int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, dport = usin->sin_port; if (dport == 0) return -EINVAL; @@ -75915,7 +76325,7 @@ index fe14105..0618260 100644 daddr = inet->inet_daddr; dport = inet->inet_dport; /* Open fast path for connected socket. -@@ -1102,7 +1119,7 @@ static unsigned int first_packet_length(struct sock *sk) +@@ -1103,7 +1120,7 @@ static unsigned int first_packet_length(struct sock *sk) udp_lib_checksum_complete(skb)) { UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, IS_UDPLITE(sk)); @@ -75924,7 +76334,7 @@ index fe14105..0618260 100644 __skb_unlink(skb, rcvq); __skb_queue_tail(&list_kill, skb); } -@@ -1188,6 +1205,10 @@ try_again: +@@ -1189,6 +1206,10 @@ try_again: if (!skb) goto out; @@ -75935,7 +76345,7 @@ index fe14105..0618260 100644 ulen = skb->len - sizeof(struct udphdr); copied = len; if (copied > ulen) -@@ -1489,7 +1510,7 @@ int udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) +@@ -1498,7 +1519,7 @@ int udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) drop: UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, is_udplite); @@ -75944,7 +76354,7 @@ index fe14105..0618260 100644 kfree_skb(skb); return -1; } -@@ -1508,7 +1529,7 @@ static void flush_stack(struct sock **stack, unsigned int count, +@@ -1517,7 +1538,7 @@ static void flush_stack(struct sock **stack, unsigned int count, skb1 = (i == final) ? skb : skb_clone(skb, GFP_ATOMIC); if (!skb1) { @@ -75953,7 +76363,7 @@ index fe14105..0618260 100644 UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_RCVBUFERRORS, IS_UDPLITE(sk)); UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, -@@ -1677,6 +1698,9 @@ int __udp4_lib_rcv(struct sk_buff *skb, struct udp_table *udptable, +@@ -1686,6 +1707,9 @@ int __udp4_lib_rcv(struct sk_buff *skb, struct udp_table *udptable, goto csum_error; UDP_INC_STATS_BH(net, UDP_MIB_NOPORTS, proto == IPPROTO_UDPLITE); @@ -75963,7 +76373,7 @@ index fe14105..0618260 100644 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0); /* -@@ -2094,8 +2118,13 @@ static void udp4_format_sock(struct sock *sp, struct seq_file *f, +@@ -2104,8 +2128,13 @@ static void udp4_format_sock(struct sock *sp, struct seq_file *f, sk_wmem_alloc_get(sp), sk_rmem_alloc_get(sp), 0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp), @@ -75980,10 +76390,10 @@ index fe14105..0618260 100644 int udp4_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c -index 7d5cb97..c56564f 100644 +index 8f6411c..5767579 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c -@@ -2142,7 +2142,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) +@@ -2145,7 +2145,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) p.iph.ihl = 5; p.iph.protocol = IPPROTO_IPV6; p.iph.ttl = 64; @@ -75993,7 +76403,7 @@ index 7d5cb97..c56564f 100644 if (ops->ndo_do_ioctl) { mm_segment_t oldfs = get_fs(); diff --git a/net/ipv6/inet6_connection_sock.c b/net/ipv6/inet6_connection_sock.c -index 02dd203..e03fcc9 100644 +index e6cee52..cf47476 100644 --- a/net/ipv6/inet6_connection_sock.c +++ b/net/ipv6/inet6_connection_sock.c @@ -178,7 +178,7 @@ void __inet6_csk_dst_store(struct sock *sk, struct dst_entry *dst, @@ -76015,10 +76425,10 @@ index 02dd203..e03fcc9 100644 dst = NULL; } diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c -index 63dd1f8..e7f53ca 100644 +index ba6d13d..6899122 100644 --- a/net/ipv6/ipv6_sockglue.c +++ b/net/ipv6/ipv6_sockglue.c -@@ -990,7 +990,7 @@ static int do_ipv6_getsockopt(struct sock *sk, int level, int optname, +@@ -989,7 +989,7 @@ static int do_ipv6_getsockopt(struct sock *sk, int level, int optname, if (sk->sk_type != SOCK_STREAM) return -ENOPROTOOPT; @@ -76028,7 +76438,7 @@ index 63dd1f8..e7f53ca 100644 msg.msg_flags = flags; diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c -index 5bddea7..82d9d67 100644 +index 93d6983..8e54c4d 100644 --- a/net/ipv6/raw.c +++ b/net/ipv6/raw.c @@ -377,7 +377,7 @@ static inline int rawv6_rcv_skb(struct sock *sk, struct sk_buff *skb) @@ -76118,7 +76528,7 @@ index 5bddea7..82d9d67 100644 static int raw6_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c -index 98256cf..7f16dbd 100644 +index 9df64a5..39875da 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -94,6 +94,10 @@ static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk, @@ -76132,7 +76542,7 @@ index 98256cf..7f16dbd 100644 static void tcp_v6_hash(struct sock *sk) { if (sk->sk_state != TCP_CLOSE) { -@@ -1542,6 +1546,9 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) +@@ -1544,6 +1548,9 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) return 0; reset: @@ -76142,7 +76552,7 @@ index 98256cf..7f16dbd 100644 tcp_v6_send_reset(sk, skb); discard: if (opt_skb) -@@ -1623,12 +1630,20 @@ static int tcp_v6_rcv(struct sk_buff *skb) +@@ -1625,12 +1632,20 @@ static int tcp_v6_rcv(struct sk_buff *skb) TCP_SKB_CB(skb)->sacked = 0; sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest); @@ -76165,7 +76575,7 @@ index 98256cf..7f16dbd 100644 if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) { NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP); -@@ -1676,6 +1691,10 @@ no_tcp_socket: +@@ -1679,6 +1694,10 @@ no_tcp_socket: bad_packet: TCP_INC_STATS_BH(net, TCP_MIB_INERRS); } else { @@ -76176,7 +76586,7 @@ index 98256cf..7f16dbd 100644 tcp_v6_send_reset(NULL, skb); } -@@ -1930,7 +1949,13 @@ static void get_openreq6(struct seq_file *seq, +@@ -1885,7 +1904,13 @@ static void get_openreq6(struct seq_file *seq, uid, 0, /* non standard timer */ 0, /* open_requests have no inode */ @@ -76191,7 +76601,7 @@ index 98256cf..7f16dbd 100644 } static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i) -@@ -1980,7 +2005,12 @@ static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i) +@@ -1935,7 +1960,12 @@ static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i) sock_i_uid(sp), icsk->icsk_probes_out, sock_i_ino(sp), @@ -76205,7 +76615,7 @@ index 98256cf..7f16dbd 100644 jiffies_to_clock_t(icsk->icsk_rto), jiffies_to_clock_t(icsk->icsk_ack.ato), (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong, -@@ -2015,7 +2045,13 @@ static void get_timewait6_sock(struct seq_file *seq, +@@ -1970,7 +2000,13 @@ static void get_timewait6_sock(struct seq_file *seq, dest->s6_addr32[2], dest->s6_addr32[3], destp, tw->tw_substate, 0, 0, 3, jiffies_to_clock_t(ttd), 0, 0, 0, 0, @@ -76221,7 +76631,7 @@ index 98256cf..7f16dbd 100644 static int tcp6_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c -index 37b0699..d323408 100644 +index f05099f..ea613f0 100644 --- a/net/ipv6/udp.c +++ b/net/ipv6/udp.c @@ -50,6 +50,10 @@ @@ -76235,44 +76645,35 @@ index 37b0699..d323408 100644 int ipv6_rcv_saddr_equal(const struct sock *sk, const struct sock *sk2) { const struct in6_addr *sk_rcv_saddr6 = &inet6_sk(sk)->rcv_saddr; -@@ -551,7 +555,7 @@ int udpv6_queue_rcv_skb(struct sock * sk, struct sk_buff *skb) - - return 0; +@@ -615,7 +619,7 @@ int udpv6_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) + return rc; drop: + UDP6_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, is_udplite); - atomic_inc(&sk->sk_drops); + atomic_inc_unchecked(&sk->sk_drops); - drop_no_sk_drops_inc: - UDP6_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, is_udplite); kfree_skb(skb); -@@ -627,7 +631,7 @@ static void flush_stack(struct sock **stack, unsigned int count, - continue; - } - drop: -- atomic_inc(&sk->sk_drops); -+ atomic_inc_unchecked(&sk->sk_drops); - UDP6_INC_STATS_BH(sock_net(sk), - UDP_MIB_RCVBUFERRORS, IS_UDPLITE(sk)); - UDP6_INC_STATS_BH(sock_net(sk), -@@ -782,6 +786,9 @@ int __udp6_lib_rcv(struct sk_buff *skb, struct udp_table *udptable, - UDP6_INC_STATS_BH(net, UDP_MIB_NOPORTS, - proto == IPPROTO_UDPLITE); + return -1; + } +@@ -673,7 +677,7 @@ static void flush_stack(struct sock **stack, unsigned int count, + if (likely(skb1 == NULL)) + skb1 = (i == final) ? skb : skb_clone(skb, GFP_ATOMIC); + if (!skb1) { +- atomic_inc(&sk->sk_drops); ++ atomic_inc_unchecked(&sk->sk_drops); + UDP6_INC_STATS_BH(sock_net(sk), UDP_MIB_RCVBUFERRORS, + IS_UDPLITE(sk)); + UDP6_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, +@@ -844,6 +848,9 @@ int __udp6_lib_rcv(struct sk_buff *skb, struct udp_table *udptable, + goto discard; + UDP6_INC_STATS_BH(net, UDP_MIB_NOPORTS, proto == IPPROTO_UDPLITE); +#ifdef CONFIG_GRKERNSEC_BLACKHOLE -+ if (!grsec_enable_blackhole || (skb->dev->flags & IFF_LOOPBACK)) ++ if (!grsec_enable_blackhole || (skb->dev->flags & IFF_LOOPBACK)) +#endif - icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_PORT_UNREACH, 0); + icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_PORT_UNREACH, 0); - kfree_skb(skb); -@@ -798,7 +805,7 @@ int __udp6_lib_rcv(struct sk_buff *skb, struct udp_table *udptable, - if (!sock_owned_by_user(sk)) - udpv6_queue_rcv_skb(sk, skb); - else if (sk_add_backlog(sk, skb)) { -- atomic_inc(&sk->sk_drops); -+ atomic_inc_unchecked(&sk->sk_drops); - bh_unlock_sock(sk); - sock_put(sk); - goto discard; -@@ -1411,8 +1418,13 @@ static void udp6_sock_seq_show(struct seq_file *seq, struct sock *sp, int bucket + kfree_skb(skb); +@@ -1453,8 +1460,13 @@ static void udp6_sock_seq_show(struct seq_file *seq, struct sock *sp, int bucket 0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp), @@ -76432,7 +76833,7 @@ index cd6f7a9..e63fe89 100644 write_unlock_bh(&iucv_sk_list.lock); diff --git a/net/key/af_key.c b/net/key/af_key.c -index 7e5d927..cdbb54e 100644 +index 34e4185..8823368 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c @@ -3016,10 +3016,10 @@ static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, const struc @@ -76449,7 +76850,7 @@ index 7e5d927..cdbb54e 100644 return res; } diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h -index db8fae5..ff070cd 100644 +index 3f3cd50..d2cf249 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h @@ -28,6 +28,7 @@ @@ -76460,7 +76861,7 @@ index db8fae5..ff070cd 100644 #include "key.h" #include "sta_info.h" -@@ -842,7 +843,7 @@ struct ieee80211_local { +@@ -863,7 +864,7 @@ struct ieee80211_local { /* also used to protect ampdu_ac_queue and amdpu_ac_stop_refcnt */ spinlock_t queue_stop_reason_lock; @@ -76470,10 +76871,10 @@ index db8fae5..ff070cd 100644 /* number of interfaces with corresponding FIF_ flags */ int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll, diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c -index 48f937e..4ccd7b8 100644 +index 8664111..1d6a065 100644 --- a/net/mac80211/iface.c +++ b/net/mac80211/iface.c -@@ -222,7 +222,7 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up) +@@ -328,7 +328,7 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up) break; } @@ -76482,16 +76883,16 @@ index 48f937e..4ccd7b8 100644 res = drv_start(local); if (res) goto err_del_bss; -@@ -246,7 +246,7 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up) - memcpy(dev->perm_addr, dev->dev_addr, ETH_ALEN); - - if (!is_valid_ether_addr(dev->dev_addr)) { -- if (!local->open_count) -+ if (!local_read(&local->open_count)) - drv_stop(local); - return -EADDRNOTAVAIL; +@@ -371,7 +371,7 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up) + break; } -@@ -347,7 +347,7 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up) + +- if (local->monitors == 0 && local->open_count == 0) { ++ if (local->monitors == 0 && local_read(&local->open_count) == 0) { + res = ieee80211_add_virtual_monitor(local); + if (res) + goto err_stop; +@@ -468,7 +468,7 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up) mutex_unlock(&local->mtx); if (coming_up) @@ -76500,7 +76901,7 @@ index 48f937e..4ccd7b8 100644 if (hw_reconf_flags) ieee80211_hw_config(local, hw_reconf_flags); -@@ -360,7 +360,7 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up) +@@ -481,7 +481,7 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up) err_del_interface: drv_remove_interface(local, sdata); err_stop: @@ -76509,7 +76910,7 @@ index 48f937e..4ccd7b8 100644 drv_stop(local); err_del_bss: sdata->bss = NULL; -@@ -491,7 +491,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, +@@ -613,7 +613,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, } if (going_down) @@ -76518,7 +76919,7 @@ index 48f937e..4ccd7b8 100644 switch (sdata->vif.type) { case NL80211_IFTYPE_AP_VLAN: -@@ -562,7 +562,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, +@@ -685,7 +685,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, ieee80211_recalc_ps(local, -1); @@ -76527,11 +76928,20 @@ index 48f937e..4ccd7b8 100644 if (local->ops->napi_poll) napi_disable(&local->napi); ieee80211_clear_tx_pending(local); +@@ -717,7 +717,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, + } + spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); + +- if (local->monitors == local->open_count && local->monitors > 0) ++ if (local->monitors == local_read(&local->open_count) && local->monitors > 0) + ieee80211_add_virtual_monitor(local); + } + diff --git a/net/mac80211/main.c b/net/mac80211/main.c -index 1633648..d45ebfa 100644 +index f5548e9..474a15f 100644 --- a/net/mac80211/main.c +++ b/net/mac80211/main.c -@@ -164,7 +164,7 @@ int ieee80211_hw_config(struct ieee80211_local *local, u32 changed) +@@ -166,7 +166,7 @@ int ieee80211_hw_config(struct ieee80211_local *local, u32 changed) local->hw.conf.power_level = power; } @@ -76541,7 +76951,7 @@ index 1633648..d45ebfa 100644 /* * Goal: diff --git a/net/mac80211/pm.c b/net/mac80211/pm.c -index ef8eba1..5c63952 100644 +index af1c4e2..24dbbe3 100644 --- a/net/mac80211/pm.c +++ b/net/mac80211/pm.c @@ -34,7 +34,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) @@ -76562,8 +76972,8 @@ index ef8eba1..5c63952 100644 if (local->wowlan) { int err = drv_suspend(local, wowlan); if (err < 0) { -@@ -128,7 +128,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) - } +@@ -132,7 +132,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) + drv_remove_interface(local, sdata); /* stop hardware - this must stop RX */ - if (local->open_count) @@ -76598,10 +77008,10 @@ index c97a065..ff61928 100644 return p; diff --git a/net/mac80211/util.c b/net/mac80211/util.c -index eb9d7c0..d34b832 100644 +index f564b5e..22fee47 100644 --- a/net/mac80211/util.c +++ b/net/mac80211/util.c -@@ -1179,7 +1179,7 @@ int ieee80211_reconfig(struct ieee80211_local *local) +@@ -1224,7 +1224,7 @@ int ieee80211_reconfig(struct ieee80211_local *local) } #endif /* everything else happens only if HW was up & running */ @@ -76611,10 +77021,10 @@ index eb9d7c0..d34b832 100644 /* diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig -index 0c6f67e..d02cdfc 100644 +index 209c1ed..39484dc 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig -@@ -836,6 +836,16 @@ config NETFILTER_XT_MATCH_ESP +@@ -851,6 +851,16 @@ config NETFILTER_XT_MATCH_ESP To compile it as a module, choose M here. If unsure, say N. @@ -76632,10 +77042,10 @@ index 0c6f67e..d02cdfc 100644 tristate '"hashlimit" match support' depends on (IP6_NF_IPTABLES || IP6_NF_IPTABLES=n) diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile -index ca36765..0882e7c 100644 +index 4e7960c..89e48d4 100644 --- a/net/netfilter/Makefile +++ b/net/netfilter/Makefile -@@ -86,6 +86,7 @@ obj-$(CONFIG_NETFILTER_XT_MATCH_DEVGROUP) += xt_devgroup.o +@@ -87,6 +87,7 @@ obj-$(CONFIG_NETFILTER_XT_MATCH_DEVGROUP) += xt_devgroup.o obj-$(CONFIG_NETFILTER_XT_MATCH_DSCP) += xt_dscp.o obj-$(CONFIG_NETFILTER_XT_MATCH_ECN) += xt_ecn.o obj-$(CONFIG_NETFILTER_XT_MATCH_ESP) += xt_esp.o @@ -76644,10 +77054,10 @@ index ca36765..0882e7c 100644 obj-$(CONFIG_NETFILTER_XT_MATCH_HELPER) += xt_helper.o obj-$(CONFIG_NETFILTER_XT_MATCH_HL) += xt_hl.o diff --git a/net/netfilter/ipvs/ip_vs_conn.c b/net/netfilter/ipvs/ip_vs_conn.c -index 29fa5ba..8debc79 100644 +index 1548df9..98ad9b4 100644 --- a/net/netfilter/ipvs/ip_vs_conn.c +++ b/net/netfilter/ipvs/ip_vs_conn.c -@@ -556,7 +556,7 @@ ip_vs_bind_dest(struct ip_vs_conn *cp, struct ip_vs_dest *dest) +@@ -557,7 +557,7 @@ ip_vs_bind_dest(struct ip_vs_conn *cp, struct ip_vs_dest *dest) /* Increase the refcnt counter of the dest */ atomic_inc(&dest->refcnt); @@ -76655,8 +77065,8 @@ index 29fa5ba..8debc79 100644 + conn_flags = atomic_read_unchecked(&dest->conn_flags); if (cp->protocol != IPPROTO_UDP) conn_flags &= ~IP_VS_CONN_F_ONE_PACKET; - /* Bind with the destination and its corresponding transmitter */ -@@ -869,7 +869,7 @@ ip_vs_conn_new(const struct ip_vs_conn_param *p, + flags = cp->flags; +@@ -902,7 +902,7 @@ ip_vs_conn_new(const struct ip_vs_conn_param *p, atomic_set(&cp->refcnt, 1); atomic_set(&cp->n_control, 0); @@ -76665,7 +77075,7 @@ index 29fa5ba..8debc79 100644 atomic_inc(&ipvs->conn_count); if (flags & IP_VS_CONN_F_NO_CPORT) -@@ -1149,7 +1149,7 @@ static inline int todrop_entry(struct ip_vs_conn *cp) +@@ -1183,7 +1183,7 @@ static inline int todrop_entry(struct ip_vs_conn *cp) /* Don't drop the entry if its number of incoming packets is not located in [0, 8] */ @@ -76675,7 +77085,7 @@ index 29fa5ba..8debc79 100644 if (!todrop_rate[i]) return 0; diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c -index 00bdb1d..6725a48 100644 +index a54b018c..07e0120 100644 --- a/net/netfilter/ipvs/ip_vs_core.c +++ b/net/netfilter/ipvs/ip_vs_core.c @@ -562,7 +562,7 @@ int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb, @@ -76694,10 +77104,10 @@ index 00bdb1d..6725a48 100644 - pkts = atomic_add_return(1, &cp->in_pkts); + pkts = atomic_add_return_unchecked(1, &cp->in_pkts); - if ((ipvs->sync_state & IP_VS_STATE_MASTER) && - cp->protocol == IPPROTO_SCTP) { + if (ipvs->sync_state & IP_VS_STATE_MASTER) + ip_vs_sync_conn(net, cp, pkts); diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c -index f558998..7dfb054 100644 +index 84444dd..86adaa0 100644 --- a/net/netfilter/ipvs/ip_vs_ctl.c +++ b/net/netfilter/ipvs/ip_vs_ctl.c @@ -788,7 +788,7 @@ __ip_vs_update_dest(struct ip_vs_service *svc, struct ip_vs_dest *dest, @@ -76709,30 +77119,7 @@ index f558998..7dfb054 100644 /* bind the service */ if (!dest->svc) { -@@ -1521,11 +1521,12 @@ static int ip_vs_dst_event(struct notifier_block *this, unsigned long event, - { - struct net_device *dev = ptr; - struct net *net = dev_net(dev); -+ struct netns_ipvs *ipvs = net_ipvs(net); - struct ip_vs_service *svc; - struct ip_vs_dest *dest; - unsigned int idx; - -- if (event != NETDEV_UNREGISTER) -+ if (event != NETDEV_UNREGISTER || !ipvs) - return NOTIFY_DONE; - IP_VS_DBG(3, "%s() dev=%s\n", __func__, dev->name); - EnterFunction(2); -@@ -1551,7 +1552,7 @@ static int ip_vs_dst_event(struct notifier_block *this, unsigned long event, - } - } - -- list_for_each_entry(dest, &net_ipvs(net)->dest_trash, n_list) { -+ list_for_each_entry(dest, &ipvs->dest_trash, n_list) { - __ip_vs_dev_reset(dest, dev); - } - mutex_unlock(&__ip_vs_mutex); -@@ -2028,7 +2029,7 @@ static int ip_vs_info_seq_show(struct seq_file *seq, void *v) +@@ -2074,7 +2074,7 @@ static int ip_vs_info_seq_show(struct seq_file *seq, void *v) " %-7s %-6d %-10d %-10d\n", &dest->addr.in6, ntohs(dest->port), @@ -76741,7 +77128,7 @@ index f558998..7dfb054 100644 atomic_read(&dest->weight), atomic_read(&dest->activeconns), atomic_read(&dest->inactconns)); -@@ -2039,7 +2040,7 @@ static int ip_vs_info_seq_show(struct seq_file *seq, void *v) +@@ -2085,7 +2085,7 @@ static int ip_vs_info_seq_show(struct seq_file *seq, void *v) "%-7s %-6d %-10d %-10d\n", ntohl(dest->addr.ip), ntohs(dest->port), @@ -76750,7 +77137,7 @@ index f558998..7dfb054 100644 atomic_read(&dest->weight), atomic_read(&dest->activeconns), atomic_read(&dest->inactconns)); -@@ -2509,7 +2510,7 @@ __ip_vs_get_dest_entries(struct net *net, const struct ip_vs_get_dests *get, +@@ -2555,7 +2555,7 @@ __ip_vs_get_dest_entries(struct net *net, const struct ip_vs_get_dests *get, entry.addr = dest->addr.ip; entry.port = dest->port; @@ -76759,29 +77146,38 @@ index f558998..7dfb054 100644 entry.weight = atomic_read(&dest->weight); entry.u_threshold = dest->u_threshold; entry.l_threshold = dest->l_threshold; -@@ -3042,7 +3043,7 @@ static int ip_vs_genl_fill_dest(struct sk_buff *skb, struct ip_vs_dest *dest) - NLA_PUT_U16(skb, IPVS_DEST_ATTR_PORT, dest->port); - - NLA_PUT_U32(skb, IPVS_DEST_ATTR_FWD_METHOD, -- atomic_read(&dest->conn_flags) & IP_VS_CONN_F_FWD_MASK); -+ atomic_read_unchecked(&dest->conn_flags) & IP_VS_CONN_F_FWD_MASK); - NLA_PUT_U32(skb, IPVS_DEST_ATTR_WEIGHT, atomic_read(&dest->weight)); - NLA_PUT_U32(skb, IPVS_DEST_ATTR_U_THRESH, dest->u_threshold); - NLA_PUT_U32(skb, IPVS_DEST_ATTR_L_THRESH, dest->l_threshold); +@@ -3089,7 +3089,7 @@ static int ip_vs_genl_fill_dest(struct sk_buff *skb, struct ip_vs_dest *dest) + if (nla_put(skb, IPVS_DEST_ATTR_ADDR, sizeof(dest->addr), &dest->addr) || + nla_put_u16(skb, IPVS_DEST_ATTR_PORT, dest->port) || + nla_put_u32(skb, IPVS_DEST_ATTR_FWD_METHOD, +- (atomic_read(&dest->conn_flags) & ++ (atomic_read_unchecked(&dest->conn_flags) & + IP_VS_CONN_F_FWD_MASK)) || + nla_put_u32(skb, IPVS_DEST_ATTR_WEIGHT, + atomic_read(&dest->weight)) || diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c -index 8a0d6d6..90ec197 100644 +index effa10c..9058928 100644 --- a/net/netfilter/ipvs/ip_vs_sync.c +++ b/net/netfilter/ipvs/ip_vs_sync.c -@@ -649,7 +649,7 @@ control: - * i.e only increment in_pkts for Templates. - */ - if (cp->flags & IP_VS_CONN_F_TEMPLATE) { -- int pkts = atomic_add_return(1, &cp->in_pkts); -+ int pkts = atomic_add_return_unchecked(1, &cp->in_pkts); - - if (pkts % sysctl_sync_period(ipvs) != 1) - return; -@@ -795,7 +795,7 @@ static void ip_vs_proc_conn(struct net *net, struct ip_vs_conn_param *param, +@@ -596,7 +596,7 @@ static void ip_vs_sync_conn_v0(struct net *net, struct ip_vs_conn *cp, + cp = cp->control; + if (cp) { + if (cp->flags & IP_VS_CONN_F_TEMPLATE) +- pkts = atomic_add_return(1, &cp->in_pkts); ++ pkts = atomic_add_return_unchecked(1, &cp->in_pkts); + else + pkts = sysctl_sync_threshold(ipvs); + ip_vs_sync_conn(net, cp->control, pkts); +@@ -758,7 +758,7 @@ control: + if (!cp) + return; + if (cp->flags & IP_VS_CONN_F_TEMPLATE) +- pkts = atomic_add_return(1, &cp->in_pkts); ++ pkts = atomic_add_return_unchecked(1, &cp->in_pkts); + else + pkts = sysctl_sync_threshold(ipvs); + goto sloop; +@@ -885,7 +885,7 @@ static void ip_vs_proc_conn(struct net *net, struct ip_vs_conn_param *param, if (opt) memcpy(&cp->in_seq, opt, sizeof(*opt)); @@ -76812,8 +77208,35 @@ index 7fd66de..e6fb361 100644 goto out; } +diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c +index ac3af97..c134c21 100644 +--- a/net/netfilter/nf_conntrack_core.c ++++ b/net/netfilter/nf_conntrack_core.c +@@ -1530,6 +1530,10 @@ err_proto: + #define UNCONFIRMED_NULLS_VAL ((1<<30)+0) + #define DYING_NULLS_VAL ((1<<30)+1) + ++#ifdef CONFIG_GRKERNSEC_HIDESYM ++static atomic_unchecked_t conntrack_cache_id = ATOMIC_INIT(0); ++#endif ++ + static int nf_conntrack_init_net(struct net *net) + { + int ret; +@@ -1543,7 +1547,11 @@ static int nf_conntrack_init_net(struct net *net) + goto err_stat; + } + ++#ifdef CONFIG_GRKERNSEC_HIDESYM ++ net->ct.slabname = kasprintf(GFP_KERNEL, "nf_conntrack_%08lx", atomic_inc_return_unchecked(&conntrack_cache_id)); ++#else + net->ct.slabname = kasprintf(GFP_KERNEL, "nf_conntrack_%p", net); ++#endif + if (!net->ct.slabname) { + ret = -ENOMEM; + goto err_slabname; diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c -index 66b2c54..c7884e3 100644 +index 3c3cfc0..7a6ea1a 100644 --- a/net/netfilter/nfnetlink_log.c +++ b/net/netfilter/nfnetlink_log.c @@ -70,7 +70,7 @@ struct nfulnl_instance { @@ -76825,15 +77248,15 @@ index 66b2c54..c7884e3 100644 #define INSTANCE_BUCKETS 16 static struct hlist_head instance_table[INSTANCE_BUCKETS]; -@@ -502,7 +502,7 @@ __build_packet_message(struct nfulnl_instance *inst, +@@ -517,7 +517,7 @@ __build_packet_message(struct nfulnl_instance *inst, /* global sequence number */ - if (inst->flags & NFULNL_CFG_F_SEQ_GLOBAL) - NLA_PUT_BE32(inst->skb, NFULA_SEQ_GLOBAL, -- htonl(atomic_inc_return(&global_seq))); -+ htonl(atomic_inc_return_unchecked(&global_seq))); + if ((inst->flags & NFULNL_CFG_F_SEQ_GLOBAL) && + nla_put_be32(inst->skb, NFULA_SEQ_GLOBAL, +- htonl(atomic_inc_return(&global_seq)))) ++ htonl(atomic_inc_return_unchecked(&global_seq)))) + goto nla_put_failure; if (data_len) { - struct nlattr *nla; diff --git a/net/netfilter/xt_gradm.c b/net/netfilter/xt_gradm.c new file mode 100644 index 0000000..6905327 @@ -76926,10 +77349,10 @@ index 4fe4fb4..87a89e5 100644 return 0; } diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c -index faa48f7..65f7f54 100644 +index b3025a6..d63a537 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c -@@ -741,7 +741,7 @@ static void netlink_overrun(struct sock *sk) +@@ -753,7 +753,7 @@ static void netlink_overrun(struct sock *sk) sk->sk_error_report(sk); } } @@ -76938,7 +77361,7 @@ index faa48f7..65f7f54 100644 } static struct sock *netlink_getsockbypid(struct sock *ssk, u32 pid) -@@ -2013,7 +2013,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v) +@@ -2022,7 +2022,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v) sk_wmem_alloc_get(s), nlk->cb, atomic_read(&s->sk_refcnt), @@ -76968,7 +77391,7 @@ index 06592d8..64860f6 100644 *uaddr_len = sizeof(struct sockaddr_ax25); } diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c -index 4f2c0df..f0ff342 100644 +index 0f66174..e7cb04c 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c @@ -1687,7 +1687,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, @@ -76989,7 +77412,26 @@ index 4f2c0df..f0ff342 100644 spin_unlock(&sk->sk_receive_queue.lock); drop_n_restore: -@@ -3294,7 +3294,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, +@@ -2641,6 +2641,7 @@ out: + + static int packet_recv_error(struct sock *sk, struct msghdr *msg, int len) + { ++ struct sock_extended_err ee; + struct sock_exterr_skb *serr; + struct sk_buff *skb, *skb2; + int copied, err; +@@ -2662,8 +2663,9 @@ static int packet_recv_error(struct sock *sk, struct msghdr *msg, int len) + sock_recv_timestamp(msg, sk, skb); + + serr = SKB_EXT_ERR(skb); ++ ee = serr->ee; + put_cmsg(msg, SOL_PACKET, PACKET_TX_TIMESTAMP, +- sizeof(serr->ee), &serr->ee); ++ sizeof ee, &ee); + + msg->msg_flags |= MSG_ERRQUEUE; + err = copied; +@@ -3275,7 +3277,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, case PACKET_HDRLEN: if (len > sizeof(int)) len = sizeof(int); @@ -76998,8 +77440,8 @@ index 4f2c0df..f0ff342 100644 return -EFAULT; switch (val) { case TPACKET_V1: -@@ -3344,7 +3344,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, - +@@ -3314,7 +3316,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, + len = lv; if (put_user(len, optlen)) return -EFAULT; - if (copy_to_user(optval, data, len)) @@ -77008,7 +77450,7 @@ index 4f2c0df..f0ff342 100644 return 0; } diff --git a/net/phonet/af_phonet.c b/net/phonet/af_phonet.c -index d65f699..05aa6ce 100644 +index 5a940db..f0b9c12 100644 --- a/net/phonet/af_phonet.c +++ b/net/phonet/af_phonet.c @@ -41,7 +41,7 @@ static struct phonet_protocol *phonet_proto_get(unsigned int protocol) @@ -77030,7 +77472,7 @@ index d65f699..05aa6ce 100644 err = proto_register(pp->prot, 1); diff --git a/net/phonet/pep.c b/net/phonet/pep.c -index 9726fe6..fc4e3a4 100644 +index 576f22c..bc7a71b 100644 --- a/net/phonet/pep.c +++ b/net/phonet/pep.c @@ -388,7 +388,7 @@ static int pipe_do_rcv(struct sock *sk, struct sk_buff *skb) @@ -77061,7 +77503,7 @@ index 9726fe6..fc4e3a4 100644 break; } diff --git a/net/phonet/socket.c b/net/phonet/socket.c -index 4c7eff3..59c727f 100644 +index 0acc943..c727611 100644 --- a/net/phonet/socket.c +++ b/net/phonet/socket.c @@ -613,8 +613,13 @@ static int pn_sock_seq_show(struct seq_file *seq, void *v) @@ -77112,7 +77554,7 @@ index e5b65ac..f3b6fb7 100644 if (likely(*recent == gen)) return 0; diff --git a/net/rds/ib.h b/net/rds/ib.h -index edfaaaf..8c89879 100644 +index 8d2b3d5..227ec5b 100644 --- a/net/rds/ib.h +++ b/net/rds/ib.h @@ -128,7 +128,7 @@ struct rds_ib_connection { @@ -77207,6 +77649,27 @@ index 4503335..db566b4 100644 } #endif +diff --git a/net/rds/recv.c b/net/rds/recv.c +index 5c6e9f1..9f0f17c 100644 +--- a/net/rds/recv.c ++++ b/net/rds/recv.c +@@ -410,6 +410,8 @@ int rds_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, + + rdsdebug("size %zu flags 0x%x timeo %ld\n", size, msg_flags, timeo); + ++ msg->msg_namelen = 0; ++ + if (msg_flags & MSG_OOB) + goto out; + +@@ -485,6 +487,7 @@ int rds_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, + sin->sin_port = inc->i_hdr.h_sport; + sin->sin_addr.s_addr = inc->i_saddr; + memset(sin->sin_zero, 0, sizeof(sin->sin_zero)); ++ msg->msg_namelen = sizeof(*sin); + } + break; + } diff --git a/net/rds/tcp.c b/net/rds/tcp.c index edac9ef..16bcb98 100644 --- a/net/rds/tcp.c @@ -77234,7 +77697,7 @@ index 1b4fd68..2234175 100644 set_fs(oldfs); } diff --git a/net/rxrpc/af_rxrpc.c b/net/rxrpc/af_rxrpc.c -index 74c064c..fdec26f 100644 +index 05996d0..5a1dfe0 100644 --- a/net/rxrpc/af_rxrpc.c +++ b/net/rxrpc/af_rxrpc.c @@ -39,7 +39,7 @@ static const struct proto_ops rxrpc_rpc_ops; @@ -77247,7 +77710,7 @@ index 74c064c..fdec26f 100644 /* count of skbs currently in use */ atomic_t rxrpc_n_skbs; diff --git a/net/rxrpc/ar-ack.c b/net/rxrpc/ar-ack.c -index c3126e8..21facc7 100644 +index e4d9cbc..b229649 100644 --- a/net/rxrpc/ar-ack.c +++ b/net/rxrpc/ar-ack.c @@ -175,7 +175,7 @@ static void rxrpc_resend(struct rxrpc_call *call) @@ -77314,7 +77777,7 @@ index c3126e8..21facc7 100644 send_message_2: diff --git a/net/rxrpc/ar-call.c b/net/rxrpc/ar-call.c -index bf656c2..48f9d27 100644 +index a3bbb36..3341fb9 100644 --- a/net/rxrpc/ar-call.c +++ b/net/rxrpc/ar-call.c @@ -83,7 +83,7 @@ static struct rxrpc_call *rxrpc_alloc_call(gfp_t gfp) @@ -77353,7 +77816,7 @@ index e7ed43a..6afa140 100644 ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 2, len); diff --git a/net/rxrpc/ar-input.c b/net/rxrpc/ar-input.c -index 1a2b0633..e8d1382 100644 +index 529572f..c758ca7 100644 --- a/net/rxrpc/ar-input.c +++ b/net/rxrpc/ar-input.c @@ -340,9 +340,9 @@ void rxrpc_fast_process_packet(struct rxrpc_call *call, struct sk_buff *skb) @@ -77369,13 +77832,13 @@ index 1a2b0633..e8d1382 100644 /* request ACK generation for any ACK or DATA packet that requests diff --git a/net/rxrpc/ar-internal.h b/net/rxrpc/ar-internal.h -index 8e22bd3..f66d1c0 100644 +index a693aca..81e7293 100644 --- a/net/rxrpc/ar-internal.h +++ b/net/rxrpc/ar-internal.h @@ -272,8 +272,8 @@ struct rxrpc_connection { int error; /* error code for local abort */ int debug_id; /* debug ID for printks */ - unsigned call_counter; /* call ID counter */ + unsigned int call_counter; /* call ID counter */ - atomic_t serial; /* packet serial number counter */ - atomic_t hi_serial; /* highest serial number received */ + atomic_unchecked_t serial; /* packet serial number counter */ @@ -77431,7 +77894,7 @@ index 16ae887..d24f12b 100644 sp->hdr.userStatus = 0; sp->hdr.securityIndex = conn->security_ix; diff --git a/net/rxrpc/ar-peer.c b/net/rxrpc/ar-peer.c -index 2754f09..b20e38f 100644 +index bebaa43..2644591 100644 --- a/net/rxrpc/ar-peer.c +++ b/net/rxrpc/ar-peer.c @@ -72,7 +72,7 @@ static struct rxrpc_peer *rxrpc_alloc_peer(struct sockaddr_rxrpc *srx, @@ -77472,7 +77935,7 @@ index 92df566..87ec1bf 100644 if (peer->srx.transport.family == AF_INET) { switch (peer->srx.transport_type) { diff --git a/net/rxrpc/rxkad.c b/net/rxrpc/rxkad.c -index 7635107..4670276 100644 +index f226709..0e735a8 100644 --- a/net/rxrpc/rxkad.c +++ b/net/rxrpc/rxkad.c @@ -610,7 +610,7 @@ static int rxkad_issue_challenge(struct rxrpc_connection *conn) @@ -77493,36 +77956,6 @@ index 7635107..4670276 100644 _proto("Tx RESPONSE %%%u", ntohl(hdr->serial)); ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 3, len); -diff --git a/net/sctp/input.c b/net/sctp/input.c -index 80f71af..be772c0 100644 ---- a/net/sctp/input.c -+++ b/net/sctp/input.c -@@ -736,15 +736,12 @@ static void __sctp_unhash_endpoint(struct sctp_endpoint *ep) - - epb = &ep->base; - -- if (hlist_unhashed(&epb->node)) -- return; -- - epb->hashent = sctp_ep_hashfn(epb->bind_addr.port); - - head = &sctp_ep_hashtable[epb->hashent]; - - sctp_write_lock(&head->lock); -- __hlist_del(&epb->node); -+ hlist_del_init(&epb->node); - sctp_write_unlock(&head->lock); - } - -@@ -825,7 +822,7 @@ static void __sctp_unhash_established(struct sctp_association *asoc) - head = &sctp_assoc_hashtable[epb->hashent]; - - sctp_write_lock(&head->lock); -- __hlist_del(&epb->node); -+ hlist_del_init(&epb->node); - sctp_write_unlock(&head->lock); - } - diff --git a/net/sctp/proc.c b/net/sctp/proc.c index 1e2eee8..ce3967e 100644 --- a/net/sctp/proc.c @@ -77538,38 +77971,10 @@ index 1e2eee8..ce3967e 100644 assoc->assoc_id, assoc->sndbuf_used, diff --git a/net/sctp/socket.c b/net/sctp/socket.c -index 92ba71d..9352c05 100644 +index 31c7bfc..bc380ae 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c -@@ -1231,8 +1231,14 @@ out_free: - SCTP_DEBUG_PRINTK("About to exit __sctp_connect() free asoc: %p" - " kaddrs: %p err: %d\n", - asoc, kaddrs, err); -- if (asoc) -+ if (asoc) { -+ /* sctp_primitive_ASSOCIATE may have added this association -+ * To the hash table, try to unhash it, just in case, its a noop -+ * if it wasn't hashed so we're safe -+ */ -+ sctp_unhash_established(asoc); - sctp_association_free(asoc); -+ } - return err; - } - -@@ -1942,8 +1948,10 @@ SCTP_STATIC int sctp_sendmsg(struct kiocb *iocb, struct sock *sk, - goto out_unlock; - - out_free: -- if (new_asoc) -+ if (new_asoc) { -+ sctp_unhash_established(asoc); - sctp_association_free(asoc); -+ } - out_unlock: - sctp_release_sock(sk); - -@@ -4569,7 +4577,7 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len, +@@ -4577,7 +4577,7 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len, addrlen = sctp_get_af_specific(temp.sa.sa_family)->sockaddr_len; if (space_left < addrlen) return -ENOMEM; @@ -77579,7 +77984,7 @@ index 92ba71d..9352c05 100644 to += addrlen; cnt++; diff --git a/net/socket.c b/net/socket.c -index 851edcd..b786851 100644 +index 0452dca..7e9758c 100644 --- a/net/socket.c +++ b/net/socket.c @@ -88,6 +88,7 @@ @@ -77608,7 +78013,7 @@ index 851edcd..b786851 100644 static struct file_system_type sock_fs_type = { .name = "sockfs", -@@ -1207,6 +1210,8 @@ int __sock_create(struct net *net, int family, int type, int protocol, +@@ -1210,6 +1213,8 @@ int __sock_create(struct net *net, int family, int type, int protocol, return -EAFNOSUPPORT; if (type < 0 || type >= SOCK_MAX) return -EINVAL; @@ -77617,7 +78022,7 @@ index 851edcd..b786851 100644 /* Compatibility. -@@ -1339,6 +1344,16 @@ SYSCALL_DEFINE3(socket, int, family, int, type, int, protocol) +@@ -1341,6 +1346,16 @@ SYSCALL_DEFINE3(socket, int, family, int, type, int, protocol) if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK)) flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK; @@ -77634,7 +78039,7 @@ index 851edcd..b786851 100644 retval = sock_create(family, type, protocol, &sock); if (retval < 0) goto out; -@@ -1451,6 +1466,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) +@@ -1453,6 +1468,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) if (sock) { err = move_addr_to_kernel(umyaddr, addrlen, &address); if (err >= 0) { @@ -77649,7 +78054,7 @@ index 851edcd..b786851 100644 err = security_socket_bind(sock, (struct sockaddr *)&address, addrlen); -@@ -1459,6 +1482,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) +@@ -1461,6 +1484,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) (struct sockaddr *) &address, addrlen); } @@ -77657,8 +78062,8 @@ index 851edcd..b786851 100644 fput_light(sock->file, fput_needed); } return err; -@@ -1482,10 +1506,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, backlog) - if ((unsigned)backlog > somaxconn) +@@ -1484,10 +1508,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, backlog) + if ((unsigned int)backlog > somaxconn) backlog = somaxconn; + if (gr_handle_sock_server_other(sock->sk)) { @@ -77678,7 +78083,7 @@ index 851edcd..b786851 100644 fput_light(sock->file, fput_needed); } return err; -@@ -1529,6 +1563,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, +@@ -1531,6 +1565,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, newsock->type = sock->type; newsock->ops = sock->ops; @@ -77697,7 +78102,7 @@ index 851edcd..b786851 100644 /* * We don't need try_module_get here, as the listening socket (sock) * has the protocol module (sock->ops->owner) held. -@@ -1567,6 +1613,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, +@@ -1569,6 +1615,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, fd_install(newfd, newfile); err = newfd; @@ -77706,7 +78111,7 @@ index 851edcd..b786851 100644 out_put: fput_light(sock->file, fput_needed); out: -@@ -1599,6 +1647,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, +@@ -1601,6 +1649,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, int, addrlen) { struct socket *sock; @@ -77714,7 +78119,7 @@ index 851edcd..b786851 100644 struct sockaddr_storage address; int err, fput_needed; -@@ -1609,6 +1658,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, +@@ -1611,6 +1660,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, if (err < 0) goto out_put; @@ -77732,7 +78137,7 @@ index 851edcd..b786851 100644 err = security_socket_connect(sock, (struct sockaddr *)&address, addrlen); if (err) -@@ -1966,7 +2026,7 @@ static int __sys_sendmsg(struct socket *sock, struct msghdr __user *msg, +@@ -1965,7 +2025,7 @@ static int __sys_sendmsg(struct socket *sock, struct msghdr __user *msg, * checking falls down on this. */ if (copy_from_user(ctl_buf, @@ -77741,7 +78146,7 @@ index 851edcd..b786851 100644 ctl_len)) goto out_freectl; msg_sys->msg_control = ctl_buf; -@@ -2136,7 +2196,7 @@ static int __sys_recvmsg(struct socket *sock, struct msghdr __user *msg, +@@ -2133,7 +2193,7 @@ static int __sys_recvmsg(struct socket *sock, struct msghdr __user *msg, * kernel msghdr to use the kernel address space) */ @@ -77750,7 +78155,7 @@ index 851edcd..b786851 100644 uaddr_len = COMPAT_NAMELEN(msg); if (MSG_CMSG_COMPAT & flags) { err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE); -@@ -2758,7 +2818,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) +@@ -2761,7 +2821,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) } ifr = compat_alloc_user_space(buf_size); @@ -77759,7 +78164,7 @@ index 851edcd..b786851 100644 if (copy_in_user(&ifr->ifr_name, &ifr32->ifr_name, IFNAMSIZ)) return -EFAULT; -@@ -2782,12 +2842,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) +@@ -2785,12 +2845,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) offsetof(struct ethtool_rxnfc, fs.ring_cookie)); if (copy_in_user(rxnfc, compat_rxnfc, @@ -77776,7 +78181,7 @@ index 851edcd..b786851 100644 copy_in_user(&rxnfc->rule_cnt, &compat_rxnfc->rule_cnt, sizeof(rxnfc->rule_cnt))) return -EFAULT; -@@ -2799,12 +2859,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) +@@ -2802,12 +2862,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) if (convert_out) { if (copy_in_user(compat_rxnfc, rxnfc, @@ -77793,7 +78198,7 @@ index 851edcd..b786851 100644 copy_in_user(&compat_rxnfc->rule_cnt, &rxnfc->rule_cnt, sizeof(rxnfc->rule_cnt))) return -EFAULT; -@@ -2874,7 +2934,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd, +@@ -2877,7 +2937,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd, old_fs = get_fs(); set_fs(KERNEL_DS); err = dev_ioctl(net, cmd, @@ -77802,7 +78207,7 @@ index 851edcd..b786851 100644 set_fs(old_fs); return err; -@@ -2983,7 +3043,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, +@@ -2986,7 +3046,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, old_fs = get_fs(); set_fs(KERNEL_DS); @@ -77811,7 +78216,7 @@ index 851edcd..b786851 100644 set_fs(old_fs); if (cmd == SIOCGIFMAP && !err) { -@@ -3088,7 +3148,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, +@@ -3091,7 +3151,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, ret |= __get_user(rtdev, &(ur4->rt_dev)); if (rtdev) { ret |= copy_from_user(devname, compat_ptr(rtdev), 15); @@ -77820,7 +78225,7 @@ index 851edcd..b786851 100644 devname[15] = 0; } else r4.rt_dev = NULL; -@@ -3314,8 +3374,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, +@@ -3317,8 +3377,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, int __user *uoptlen; int err; @@ -77831,7 +78236,7 @@ index 851edcd..b786851 100644 set_fs(KERNEL_DS); if (level == SOL_SOCKET) -@@ -3335,7 +3395,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, +@@ -3338,7 +3398,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, char __user *uoptval; int err; @@ -77841,7 +78246,7 @@ index 851edcd..b786851 100644 set_fs(KERNEL_DS); if (level == SOL_SOCKET) diff --git a/net/sunrpc/sched.c b/net/sunrpc/sched.c -index 994cfea..5343b6b 100644 +index eda32ae..1c9fa7c 100644 --- a/net/sunrpc/sched.c +++ b/net/sunrpc/sched.c @@ -240,9 +240,9 @@ static int rpc_wait_bit_killable(void *word) @@ -78061,10 +78466,10 @@ index 73b428b..5f3f8f3 100644 /* See if we can opportunistically reap SQ WR to make room */ sq_cq_reap(xprt); diff --git a/net/sysctl_net.c b/net/sysctl_net.c -index c3e65ae..f512a2b 100644 +index e3a6e37..be2ea77 100644 --- a/net/sysctl_net.c +++ b/net/sysctl_net.c -@@ -47,7 +47,7 @@ static int net_ctl_permissions(struct ctl_table_root *root, +@@ -43,7 +43,7 @@ static int net_ctl_permissions(struct ctl_table_root *root, struct ctl_table *table) { /* Allow network administrator to have same access as root. */ @@ -78074,10 +78479,10 @@ index c3e65ae..f512a2b 100644 return (mode << 6) | (mode << 3) | mode; } diff --git a/net/tipc/link.c b/net/tipc/link.c -index b4b9b30..5b62131 100644 +index 7a614f4..b14dbd2 100644 --- a/net/tipc/link.c +++ b/net/tipc/link.c -@@ -1203,7 +1203,7 @@ static int link_send_sections_long(struct tipc_port *sender, +@@ -1164,7 +1164,7 @@ static int link_send_sections_long(struct tipc_port *sender, struct tipc_msg fragm_hdr; struct sk_buff *buf, *buf_chain, *prev; u32 fragm_crs, fragm_rest, hsz, sect_rest; @@ -78086,7 +78491,7 @@ index b4b9b30..5b62131 100644 int curr_sect; u32 fragm_no; -@@ -1247,7 +1247,7 @@ again: +@@ -1205,7 +1205,7 @@ again: if (!sect_rest) { sect_rest = msg_sect[++curr_sect].iov_len; @@ -78095,7 +78500,7 @@ index b4b9b30..5b62131 100644 } if (sect_rest < fragm_rest) -@@ -1266,7 +1266,7 @@ error: +@@ -1224,7 +1224,7 @@ error: } } else skb_copy_to_linear_data_offset(buf, fragm_crs, @@ -78105,10 +78510,10 @@ index b4b9b30..5b62131 100644 sect_rest -= sz; fragm_crs += sz; diff --git a/net/tipc/msg.c b/net/tipc/msg.c -index e3afe16..333ea83 100644 +index deea0d2..fa13bd7 100644 --- a/net/tipc/msg.c +++ b/net/tipc/msg.c -@@ -99,7 +99,7 @@ int tipc_msg_build(struct tipc_msg *hdr, struct iovec const *msg_sect, +@@ -98,7 +98,7 @@ int tipc_msg_build(struct tipc_msg *hdr, struct iovec const *msg_sect, msg_sect[cnt].iov_len); else skb_copy_to_linear_data_offset(*buf, pos, @@ -78118,10 +78523,10 @@ index e3afe16..333ea83 100644 pos += msg_sect[cnt].iov_len; } diff --git a/net/tipc/subscr.c b/net/tipc/subscr.c -index b2964e9..fdf2e27 100644 +index f976e9cd..560d055 100644 --- a/net/tipc/subscr.c +++ b/net/tipc/subscr.c -@@ -101,7 +101,7 @@ static void subscr_send_event(struct tipc_subscription *sub, +@@ -96,7 +96,7 @@ static void subscr_send_event(struct tipc_subscription *sub, { struct iovec msg_sect; @@ -78131,10 +78536,10 @@ index b2964e9..fdf2e27 100644 sub->evt.event = htohl(event, sub->swap); diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c -index d510353..26c8a32 100644 +index 641f2e4..a63f5e1 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c -@@ -779,6 +779,12 @@ static struct sock *unix_find_other(struct net *net, +@@ -780,6 +780,12 @@ static struct sock *unix_find_other(struct net *net, err = -ECONNREFUSED; if (!S_ISSOCK(inode->i_mode)) goto put_fail; @@ -78147,7 +78552,7 @@ index d510353..26c8a32 100644 u = unix_find_socket_byinode(inode); if (!u) goto put_fail; -@@ -799,6 +805,13 @@ static struct sock *unix_find_other(struct net *net, +@@ -800,6 +806,13 @@ static struct sock *unix_find_other(struct net *net, if (u) { struct dentry *dentry; dentry = unix_sk(u)->path.dentry; @@ -78161,7 +78566,7 @@ index d510353..26c8a32 100644 if (dentry) touch_atime(&unix_sk(u)->path); } else -@@ -881,11 +894,18 @@ static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) +@@ -882,11 +895,18 @@ static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) err = security_path_mknod(&path, dentry, mode, 0); if (err) goto out_mknod_drop_write; @@ -78181,7 +78586,7 @@ index d510353..26c8a32 100644 dput(path.dentry); path.dentry = dentry; diff --git a/net/wireless/core.h b/net/wireless/core.h -index 3ac2dd0..fbe533e 100644 +index 8523f38..79f6091 100644 --- a/net/wireless/core.h +++ b/net/wireless/core.h @@ -27,7 +27,7 @@ struct cfg80211_registered_device { @@ -78194,10 +78599,10 @@ index 3ac2dd0..fbe533e 100644 struct work_struct rfkill_sync; diff --git a/net/wireless/wext-core.c b/net/wireless/wext-core.c -index af648e0..6185d3a 100644 +index b0eb7aa..7d73e82 100644 --- a/net/wireless/wext-core.c +++ b/net/wireless/wext-core.c -@@ -747,8 +747,7 @@ static int ioctl_standard_iw_point(struct iw_point *iwp, unsigned int cmd, +@@ -748,8 +748,7 @@ static int ioctl_standard_iw_point(struct iw_point *iwp, unsigned int cmd, */ /* Support for very large requests */ @@ -78207,7 +78612,7 @@ index af648e0..6185d3a 100644 /* Allow userspace to GET more than max so * we can support any size GET requests. * There is still a limit : -ENOMEM. -@@ -787,22 +786,6 @@ static int ioctl_standard_iw_point(struct iw_point *iwp, unsigned int cmd, +@@ -788,22 +787,6 @@ static int ioctl_standard_iw_point(struct iw_point *iwp, unsigned int cmd, } } @@ -78231,10 +78636,10 @@ index af648e0..6185d3a 100644 iwp->length += essid_compat; diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c -index a15d2a0..12142af 100644 +index ccfbd32..9b61cf9f 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c -@@ -299,7 +299,7 @@ static void xfrm_policy_kill(struct xfrm_policy *policy) +@@ -300,7 +300,7 @@ static void xfrm_policy_kill(struct xfrm_policy *policy) { policy->walk.dead = 1; @@ -78243,7 +78648,7 @@ index a15d2a0..12142af 100644 if (del_timer(&policy->timer)) xfrm_pol_put(policy); -@@ -583,7 +583,7 @@ int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl) +@@ -584,7 +584,7 @@ int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl) hlist_add_head(&policy->bydst, chain); xfrm_pol_hold(policy); net->xfrm.policy_count[dir]++; @@ -78252,7 +78657,7 @@ index a15d2a0..12142af 100644 if (delpol) __xfrm_policy_unlink(delpol, dir); policy->index = delpol ? delpol->index : xfrm_gen_index(net, dir); -@@ -1530,7 +1530,7 @@ free_dst: +@@ -1532,7 +1532,7 @@ free_dst: goto out; } @@ -78261,7 +78666,7 @@ index a15d2a0..12142af 100644 xfrm_dst_alloc_copy(void **target, const void *src, int size) { if (!*target) { -@@ -1542,7 +1542,7 @@ xfrm_dst_alloc_copy(void **target, const void *src, int size) +@@ -1544,7 +1544,7 @@ xfrm_dst_alloc_copy(void **target, const void *src, int size) return 0; } @@ -78270,7 +78675,7 @@ index a15d2a0..12142af 100644 xfrm_dst_update_parent(struct dst_entry *dst, const struct xfrm_selector *sel) { #ifdef CONFIG_XFRM_SUB_POLICY -@@ -1554,7 +1554,7 @@ xfrm_dst_update_parent(struct dst_entry *dst, const struct xfrm_selector *sel) +@@ -1556,7 +1556,7 @@ xfrm_dst_update_parent(struct dst_entry *dst, const struct xfrm_selector *sel) #endif } @@ -78279,7 +78684,7 @@ index a15d2a0..12142af 100644 xfrm_dst_update_origin(struct dst_entry *dst, const struct flowi *fl) { #ifdef CONFIG_XFRM_SUB_POLICY -@@ -1648,7 +1648,7 @@ xfrm_resolve_and_create_bundle(struct xfrm_policy **pols, int num_pols, +@@ -1650,7 +1650,7 @@ xfrm_resolve_and_create_bundle(struct xfrm_policy **pols, int num_pols, xdst->num_pols = num_pols; memcpy(xdst->pols, pols, sizeof(struct xfrm_policy*) * num_pols); @@ -78288,7 +78693,7 @@ index a15d2a0..12142af 100644 return xdst; } -@@ -2348,7 +2348,7 @@ static int xfrm_bundle_ok(struct xfrm_dst *first) +@@ -2350,7 +2350,7 @@ static int xfrm_bundle_ok(struct xfrm_dst *first) if (xdst->xfrm_genid != dst->xfrm->genid) return 0; if (xdst->num_pols > 0 && @@ -78297,7 +78702,7 @@ index a15d2a0..12142af 100644 return 0; mtu = dst_mtu(dst->child); -@@ -2885,7 +2885,7 @@ static int xfrm_policy_migrate(struct xfrm_policy *pol, +@@ -2887,7 +2887,7 @@ static int xfrm_policy_migrate(struct xfrm_policy *pol, sizeof(pol->xfrm_vec[i].saddr)); pol->xfrm_vec[i].encap_family = mp->new_family; /* flush bundles */ @@ -78474,8 +78879,21 @@ index 0000000..008ac1a + [[ "$plugincc" =~ "$1" ]] && echo "$1" + [[ "$plugincc" =~ "$2" ]] && echo "$2" +fi +diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh +index cd9c6c6..0c8f0fa 100644 +--- a/scripts/link-vmlinux.sh ++++ b/scripts/link-vmlinux.sh +@@ -147,7 +147,7 @@ else + fi; + + # final build of init/ +-${MAKE} -f "${srctree}/scripts/Makefile.build" obj=init ++${MAKE} -f "${srctree}/scripts/Makefile.build" obj=init GCC_PLUGINS_CFLAGS="${GCC_PLUGINS_CFLAGS}" GCC_PLUGINS_AFLAGS="${GCC_PLUGINS_AFLAGS}" + + kallsymso="" + kallsyms_vmlinux="" diff --git a/scripts/mod/file2alias.c b/scripts/mod/file2alias.c -index 44ddaa5..a3119bd 100644 +index 5759751..b170367 100644 --- a/scripts/mod/file2alias.c +++ b/scripts/mod/file2alias.c @@ -128,7 +128,7 @@ static void device_id_check(const char *modname, const char *device_id, @@ -78505,7 +78923,7 @@ index 44ddaa5..a3119bd 100644 id->match_flags = TO_NATIVE(id->match_flags); id->idVendor = TO_NATIVE(id->idVendor); -@@ -501,7 +501,7 @@ static void do_pnp_device_entry(void *symval, unsigned long size, +@@ -504,7 +504,7 @@ static void do_pnp_device_entry(void *symval, unsigned long size, for (i = 0; i < count; i++) { const char *id = (char *)devs[i].id; char acpi_id[sizeof(devs[0].id)]; @@ -78514,7 +78932,7 @@ index 44ddaa5..a3119bd 100644 buf_printf(&mod->dev_table_buf, "MODULE_ALIAS(\"pnp:d%s*\");\n", id); -@@ -531,7 +531,7 @@ static void do_pnp_card_entries(void *symval, unsigned long size, +@@ -534,7 +534,7 @@ static void do_pnp_card_entries(void *symval, unsigned long size, for (j = 0; j < PNP_MAX_DEVICES; j++) { const char *id = (char *)card->devs[j].id; @@ -78523,7 +78941,7 @@ index 44ddaa5..a3119bd 100644 int dup = 0; if (!id[0]) -@@ -557,7 +557,7 @@ static void do_pnp_card_entries(void *symval, unsigned long size, +@@ -560,7 +560,7 @@ static void do_pnp_card_entries(void *symval, unsigned long size, /* add an individual alias for every device entry */ if (!dup) { char acpi_id[sizeof(card->devs[0].id)]; @@ -78532,7 +78950,7 @@ index 44ddaa5..a3119bd 100644 buf_printf(&mod->dev_table_buf, "MODULE_ALIAS(\"pnp:d%s*\");\n", id); -@@ -882,7 +882,7 @@ static void dmi_ascii_filter(char *d, const char *s) +@@ -885,7 +885,7 @@ static void dmi_ascii_filter(char *d, const char *s) static int do_dmi_entry(const char *filename, struct dmi_system_id *id, char *alias) { @@ -78542,10 +78960,10 @@ index 44ddaa5..a3119bd 100644 sprintf(alias, "dmi*"); diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c -index c4e7d15..dad16c1 100644 +index 0f84bb3..2d42035 100644 --- a/scripts/mod/modpost.c +++ b/scripts/mod/modpost.c -@@ -922,6 +922,7 @@ enum mismatch { +@@ -925,6 +925,7 @@ enum mismatch { ANY_INIT_TO_ANY_EXIT, ANY_EXIT_TO_ANY_INIT, EXPORT_TO_INIT_EXIT, @@ -78553,7 +78971,7 @@ index c4e7d15..dad16c1 100644 }; struct sectioncheck { -@@ -1030,6 +1031,12 @@ const struct sectioncheck sectioncheck[] = { +@@ -1033,6 +1034,12 @@ const struct sectioncheck sectioncheck[] = { .tosec = { INIT_SECTIONS, EXIT_SECTIONS, NULL }, .mismatch = EXPORT_TO_INIT_EXIT, .symbol_white_list = { DEFAULT_SYMBOL_WHITE_LIST, NULL }, @@ -78566,7 +78984,7 @@ index c4e7d15..dad16c1 100644 } }; -@@ -1152,10 +1159,10 @@ static Elf_Sym *find_elf_symbol(struct elf_info *elf, Elf64_Sword addr, +@@ -1155,10 +1162,10 @@ static Elf_Sym *find_elf_symbol(struct elf_info *elf, Elf64_Sword addr, continue; if (ELF_ST_TYPE(sym->st_info) == STT_SECTION) continue; @@ -78579,7 +78997,7 @@ index c4e7d15..dad16c1 100644 if (d < 0) d = addr - sym->st_value; if (d < distance) { -@@ -1434,6 +1441,14 @@ static void report_sec_mismatch(const char *modname, +@@ -1437,6 +1444,14 @@ static void report_sec_mismatch(const char *modname, tosym, prl_to, prl_to, tosym); free(prl_to); break; @@ -78594,7 +79012,7 @@ index c4e7d15..dad16c1 100644 } fprintf(stderr, "\n"); } -@@ -1668,7 +1683,7 @@ static void section_rel(const char *modname, struct elf_info *elf, +@@ -1671,7 +1686,7 @@ static void section_rel(const char *modname, struct elf_info *elf, static void check_sec_ref(struct module *mod, const char *modname, struct elf_info *elf) { @@ -78603,7 +79021,7 @@ index c4e7d15..dad16c1 100644 Elf_Shdr *sechdrs = elf->sechdrs; /* Walk through all sections */ -@@ -1766,7 +1781,7 @@ void __attribute__((format(printf, 2, 3))) buf_printf(struct buffer *buf, +@@ -1769,7 +1784,7 @@ void __attribute__((format(printf, 2, 3))) buf_printf(struct buffer *buf, va_end(ap); } @@ -78612,7 +79030,7 @@ index c4e7d15..dad16c1 100644 { if (buf->size - buf->pos < len) { buf->size += len + SZ; -@@ -1984,7 +1999,7 @@ static void write_if_changed(struct buffer *b, const char *fname) +@@ -1987,7 +2002,7 @@ static void write_if_changed(struct buffer *b, const char *fname) if (fstat(fileno(file), &st) < 0) goto close_write; @@ -78688,10 +79106,10 @@ index 5c11312..72742b5 100644 write_hex_cnt = 0; for (i = 0; i < logo_clutsize; i++) { diff --git a/security/Kconfig b/security/Kconfig -index ccc61f8..5e68d73 100644 +index e9c6ac7..4349785 100644 --- a/security/Kconfig +++ b/security/Kconfig -@@ -4,6 +4,875 @@ +@@ -4,6 +4,876 @@ menu "Security options" @@ -78723,6 +79141,7 @@ index ccc61f8..5e68d73 100644 + bool "Grsecurity" + select CRYPTO + select CRYPTO_SHA256 ++ select PROC_FS + select STOP_MACHINE + help + If you say Y here, you will be able to configure many features @@ -79564,10 +79983,10 @@ index ccc61f8..5e68d73 100644 + +endmenu + - config KEYS - bool "Enable access key retention support" - help -@@ -169,7 +1038,7 @@ config INTEL_TXT + source security/keys/Kconfig + + config SECURITY_DMESG_RESTRICT +@@ -103,7 +973,7 @@ config INTEL_TXT config LSM_MMAP_MIN_ADDR int "Low address space for LSM to protect from user allocation" depends on SECURITY && SECURITY_SELINUX @@ -79577,10 +79996,10 @@ index ccc61f8..5e68d73 100644 help This is the portion of low virtual memory which should be protected diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c -index ad05d39..afffccb 100644 +index 8ea39aa..8569ac5 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c -@@ -622,7 +622,7 @@ static int apparmor_task_setrlimit(struct task_struct *task, +@@ -614,7 +614,7 @@ static int apparmor_task_setrlimit(struct task_struct *task, return error; } @@ -79590,17 +80009,17 @@ index ad05d39..afffccb 100644 .ptrace_access_check = apparmor_ptrace_access_check, diff --git a/security/commoncap.c b/security/commoncap.c -index 71a166a..851bb3e 100644 +index 6dbae46..f534748 100644 --- a/security/commoncap.c +++ b/security/commoncap.c -@@ -576,6 +576,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm) - { +@@ -583,6 +583,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm) const struct cred *cred = current_cred(); + kuid_t root_uid = make_kuid(cred->user_ns, 0); + if (gr_acl_enable_at_secure()) + return 1; + - if (cred->uid != 0) { + if (!uid_eq(cred->uid, root_uid)) { if (bprm->cap_effective) return 1; diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h @@ -79664,7 +80083,7 @@ index 55a6271..ad829c3 100644 hlist_add_head_rcu(&qe->hnext, &ima_htable.queue[key]); return 0; diff --git a/security/keys/compat.c b/security/keys/compat.c -index 4c48e13..7abdac9 100644 +index c92d42b..341e7ea 100644 --- a/security/keys/compat.c +++ b/security/keys/compat.c @@ -44,7 +44,7 @@ long compat_keyctl_instantiate_key_iov( @@ -79677,10 +80096,10 @@ index 4c48e13..7abdac9 100644 if (iov != iovstack) kfree(iov); diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c -index fb767c6..b9c49c0 100644 +index 0f5b3f0..b8d47c1 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c -@@ -935,7 +935,7 @@ static int keyctl_change_reqkey_auth(struct key *key) +@@ -966,7 +966,7 @@ static int keyctl_change_reqkey_auth(struct key *key) /* * Copy the iovec data from userspace */ @@ -79689,7 +80108,7 @@ index fb767c6..b9c49c0 100644 unsigned ioc) { for (; ioc > 0; ioc--) { -@@ -957,7 +957,7 @@ static long copy_from_user_iovec(void *buffer, const struct iovec *iov, +@@ -988,7 +988,7 @@ static long copy_from_user_iovec(void *buffer, const struct iovec *iov, * If successful, 0 will be returned. */ long keyctl_instantiate_key_common(key_serial_t id, @@ -79698,7 +80117,7 @@ index fb767c6..b9c49c0 100644 unsigned ioc, size_t plen, key_serial_t ringid) -@@ -1052,7 +1052,7 @@ long keyctl_instantiate_key(key_serial_t id, +@@ -1083,7 +1083,7 @@ long keyctl_instantiate_key(key_serial_t id, [0].iov_len = plen }; @@ -79707,7 +80126,7 @@ index fb767c6..b9c49c0 100644 } return keyctl_instantiate_key_common(id, NULL, 0, 0, ringid); -@@ -1085,7 +1085,7 @@ long keyctl_instantiate_key_iov(key_serial_t id, +@@ -1116,7 +1116,7 @@ long keyctl_instantiate_key_iov(key_serial_t id, if (ret == 0) goto no_payload_free; @@ -79717,15 +80136,16 @@ index fb767c6..b9c49c0 100644 if (iov != iovstack) kfree(iov); diff --git a/security/keys/keyring.c b/security/keys/keyring.c -index d605f75..2bc6be9 100644 +index 7445875..262834f 100644 --- a/security/keys/keyring.c +++ b/security/keys/keyring.c -@@ -214,15 +214,15 @@ static long keyring_read(const struct key *keyring, +@@ -227,16 +227,16 @@ static long keyring_read(const struct key *keyring, ret = -EFAULT; for (loop = 0; loop < klist->nkeys; loop++) { + key_serial_t serial; - key = klist->keys[loop]; + key = rcu_deref_link_locked(klist, loop, + keyring); + serial = key->serial; tmp = sizeof(key_serial_t); @@ -79760,7 +80180,7 @@ index f728728..6457a0c 100644 /* diff --git a/security/security.c b/security/security.c -index bf619ff..8179030 100644 +index 860aeb3..45765c0 100644 --- a/security/security.c +++ b/security/security.c @@ -20,6 +20,7 @@ @@ -79768,10 +80188,10 @@ index bf619ff..8179030 100644 #include #include +#include - #include - - #define MAX_LSM_EVM_XATTR 2 -@@ -28,8 +29,8 @@ + #include + #include + #include +@@ -32,8 +33,8 @@ static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] = CONFIG_DEFAULT_SECURITY; @@ -79782,7 +80202,7 @@ index bf619ff..8179030 100644 .name = "default", }; -@@ -70,7 +71,9 @@ int __init security_init(void) +@@ -74,7 +75,9 @@ int __init security_init(void) void reset_security_ops(void) { @@ -79793,7 +80213,7 @@ index bf619ff..8179030 100644 /* Save user chosen LSM */ diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c -index d85b793..a164832 100644 +index daaa4ed..99a640f 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -95,8 +95,6 @@ @@ -79805,7 +80225,29 @@ index d85b793..a164832 100644 /* SECMARK reference count */ static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0); -@@ -5520,7 +5518,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer) +@@ -2792,11 +2790,16 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name, + + /* We strip a nul only if it is at the end, otherwise the + * context contains a nul and we should audit that */ +- str = value; +- if (str[size - 1] == '\0') +- audit_size = size - 1; +- else +- audit_size = size; ++ if (value) { ++ str = value; ++ if (str[size - 1] == '\0') ++ audit_size = size - 1; ++ else ++ audit_size = size; ++ } else { ++ str = ""; ++ audit_size = 0; ++ } + ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR); + audit_log_format(ab, "op=setxattr invalid_context="); + audit_log_n_untrustedstring(ab, value, audit_size); +@@ -5506,7 +5509,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer) #endif @@ -79828,10 +80270,10 @@ index c220f31..89fab3f 100644 #else static inline int selinux_xfrm_enabled(void) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c -index 45c32f0..0038be2 100644 +index ee0bb57..57fcd43 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c -@@ -3500,7 +3500,7 @@ static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) +@@ -3432,7 +3432,7 @@ static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) return 0; } @@ -79841,7 +80283,7 @@ index 45c32f0..0038be2 100644 .ptrace_access_check = smack_ptrace_access_check, diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c -index 620d37c..e2ad89b 100644 +index c2d04a5..e6a1aeb 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -501,7 +501,7 @@ static int tomoyo_socket_sendmsg(struct socket *sock, struct msghdr *msg, @@ -79998,10 +80440,10 @@ index 91cdf94..4085161 100644 if (err < 0) return err; diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c -index 3fe99e6..26952e4 100644 +index 53b5ada..2db94c8 100644 --- a/sound/core/pcm_native.c +++ b/sound/core/pcm_native.c -@@ -2770,11 +2770,11 @@ int snd_pcm_kernel_ioctl(struct snd_pcm_substream *substream, +@@ -2780,11 +2780,11 @@ int snd_pcm_kernel_ioctl(struct snd_pcm_substream *substream, switch (substream->stream) { case SNDRV_PCM_STREAM_PLAYBACK: result = snd_pcm_playback_ioctl1(NULL, substream, cmd, @@ -80150,10 +80592,10 @@ index 3e32bd3..46fc152 100644 struct snd_rawmidi_substream *midi_input[PORTMAN_NUM_INPUT_PORTS]; }; diff --git a/sound/firewire/amdtp.c b/sound/firewire/amdtp.c -index 87657dd..a8268d4 100644 +index ea995af..f1bfa37 100644 --- a/sound/firewire/amdtp.c +++ b/sound/firewire/amdtp.c -@@ -371,7 +371,7 @@ static void queue_out_packet(struct amdtp_out_stream *s, unsigned int cycle) +@@ -389,7 +389,7 @@ static void queue_out_packet(struct amdtp_out_stream *s, unsigned int cycle) ptr = s->pcm_buffer_pointer + data_blocks; if (ptr >= pcm->runtime->buffer_size) ptr -= pcm->runtime->buffer_size; @@ -80162,7 +80604,7 @@ index 87657dd..a8268d4 100644 s->pcm_period_pointer += data_blocks; if (s->pcm_period_pointer >= pcm->runtime->period_size) { -@@ -511,7 +511,7 @@ EXPORT_SYMBOL(amdtp_out_stream_start); +@@ -557,7 +557,7 @@ EXPORT_SYMBOL(amdtp_out_stream_pcm_pointer); */ void amdtp_out_stream_update(struct amdtp_out_stream *s) { @@ -80172,10 +80614,10 @@ index 87657dd..a8268d4 100644 } EXPORT_SYMBOL(amdtp_out_stream_update); diff --git a/sound/firewire/amdtp.h b/sound/firewire/amdtp.h -index 537a9cb..8e8c8e9 100644 +index b680c5e..061b7a0 100644 --- a/sound/firewire/amdtp.h +++ b/sound/firewire/amdtp.h -@@ -146,7 +146,7 @@ static inline void amdtp_out_stream_pcm_prepare(struct amdtp_out_stream *s) +@@ -139,7 +139,7 @@ static inline bool amdtp_out_streaming_error(struct amdtp_out_stream *s) static inline void amdtp_out_stream_pcm_trigger(struct amdtp_out_stream *s, struct snd_pcm_substream *pcm) { @@ -80183,7 +80625,7 @@ index 537a9cb..8e8c8e9 100644 + ACCESS_ONCE_RW(s->pcm) = pcm; } - /** + static inline bool cip_sfc_is_base_44100(enum cip_sfc sfc) diff --git a/sound/firewire/isight.c b/sound/firewire/isight.c index d428ffe..751ef78 100644 --- a/sound/firewire/isight.c @@ -80293,7 +80735,7 @@ index 09d4648..cf234c7 100644 list_add(&s->list, &cs4297a_devs); diff --git a/sound/pci/hda/hda_codec.h b/sound/pci/hda/hda_codec.h -index 56b4f74..7cfd41a 100644 +index 2fdaadb..7df8fc6 100644 --- a/sound/pci/hda/hda_codec.h +++ b/sound/pci/hda/hda_codec.h @@ -611,7 +611,7 @@ struct hda_bus_ops { @@ -80305,7 +80747,7 @@ index 56b4f74..7cfd41a 100644 /* template to pass to the bus constructor */ struct hda_bus_template { -@@ -713,6 +713,7 @@ struct hda_codec_ops { +@@ -711,6 +711,7 @@ struct hda_codec_ops { #endif void (*reboot_notify)(struct hda_codec *codec); }; @@ -80313,7 +80755,7 @@ index 56b4f74..7cfd41a 100644 /* record for amp information cache */ struct hda_cache_head { -@@ -743,7 +744,7 @@ struct hda_pcm_ops { +@@ -741,7 +742,7 @@ struct hda_pcm_ops { struct snd_pcm_substream *substream); int (*cleanup)(struct hda_pcm_stream *info, struct hda_codec *codec, struct snd_pcm_substream *substream); @@ -80322,7 +80764,7 @@ index 56b4f74..7cfd41a 100644 /* PCM information for each substream */ struct hda_pcm_stream { -@@ -801,7 +802,7 @@ struct hda_codec { +@@ -799,7 +800,7 @@ struct hda_codec { const char *modelname; /* model name for preset */ /* set by patch */ @@ -80397,40 +80839,6 @@ index a8159b81..5f006a5 100644 chip->card = card; chip->pci = pci; chip->irq = -1; -diff --git a/sound/soc/soc-pcm.c b/sound/soc/soc-pcm.c -index 0ad8dca..7186339 100644 ---- a/sound/soc/soc-pcm.c -+++ b/sound/soc/soc-pcm.c -@@ -641,7 +641,7 @@ int soc_new_pcm(struct snd_soc_pcm_runtime *rtd, int num) - struct snd_soc_platform *platform = rtd->platform; - struct snd_soc_dai *codec_dai = rtd->codec_dai; - struct snd_soc_dai *cpu_dai = rtd->cpu_dai; -- struct snd_pcm_ops *soc_pcm_ops = &rtd->ops; -+ snd_pcm_ops_no_const *soc_pcm_ops = &rtd->ops; - struct snd_pcm *pcm; - char new_name[64]; - int ret = 0, playback = 0, capture = 0; -diff --git a/sound/usb/card.h b/sound/usb/card.h -index da5fa1a..113cd02 100644 ---- a/sound/usb/card.h -+++ b/sound/usb/card.h -@@ -45,6 +45,7 @@ struct snd_urb_ops { - int (*prepare_sync)(struct snd_usb_substream *subs, struct snd_pcm_runtime *runtime, struct urb *u); - int (*retire_sync)(struct snd_usb_substream *subs, struct snd_pcm_runtime *runtime, struct urb *u); - }; -+typedef struct snd_urb_ops __no_const snd_urb_ops_no_const; - - struct snd_usb_substream { - struct snd_usb_stream *stream; -@@ -94,7 +95,7 @@ struct snd_usb_substream { - struct snd_pcm_hw_constraint_list rate_list; /* limited rates */ - spinlock_t lock; - -- struct snd_urb_ops ops; /* callbacks (must be filled at init) */ -+ snd_urb_ops_no_const ops; /* callbacks (must be filled at init) */ - int last_frame_number; /* stored frame number */ - int last_delay; /* stored delay */ - }; diff --git a/tools/gcc/.gitignore b/tools/gcc/.gitignore new file mode 100644 index 0000000..50f2f2f @@ -82161,10 +82569,10 @@ index 0000000..b8008f7 +} diff --git a/tools/gcc/size_overflow_hash.data b/tools/gcc/size_overflow_hash.data new file mode 100644 -index 0000000..daaa86c +index 0000000..036c9c6 --- /dev/null +++ b/tools/gcc/size_overflow_hash.data -@@ -0,0 +1,2486 @@ +@@ -0,0 +1,3057 @@ +_000001_hash alloc_dr 2 65495 _000001_hash NULL +_000002_hash __copy_from_user 3 10918 _000002_hash NULL +_000003_hash copy_from_user 3 17559 _000003_hash NULL @@ -82422,7 +82830,7 @@ index 0000000..daaa86c +_000263_hash ide_settings_proc_write 3 35110 _000263_hash NULL +_000264_hash idetape_chrdev_write 3 53976 _000264_hash NULL +_000265_hash idmap_pipe_downcall 3 14591 _000265_hash NULL -+_000266_hash ieee80211_build_probe_req 7 27660 _000266_hash NULL ++_000266_hash ieee80211_build_probe_req 7-5 27660 _000266_hash NULL +_000267_hash ieee80211_if_write 3 34894 _000267_hash NULL +_000268_hash if_write 3 51756 _000268_hash NULL +_000269_hash ilo_write 3 64378 _000269_hash NULL @@ -82487,7 +82895,7 @@ index 0000000..daaa86c +_000331_hash lcd_write 3 14857 _000331_hash &_000014_hash +_000332_hash ldm_frag_add 2 5611 _000332_hash NULL +_000333_hash __lgread 4 31668 _000333_hash NULL -+_000334_hash libipw_alloc_txb 1 27579 _000334_hash NULL ++_000334_hash libipw_alloc_txb 1-3-2 27579 _000334_hash NULL +_000335_hash link_send_sections_long 4 46556 _000335_hash NULL +_000336_hash listxattr 3 12769 _000336_hash NULL +_000337_hash LoadBitmap 2 19658 _000337_hash NULL @@ -82515,7 +82923,7 @@ index 0000000..daaa86c +_000360_hash mpi_resize 2 44674 _000360_hash NULL +_000361_hash mptctl_getiocinfo 2 28545 _000361_hash NULL +_000362_hash mtdchar_readoob 4 31200 _000362_hash NULL -+_000363_hash mtdchar_write 3 56831 _000363_hash NULL ++_000363_hash mtdchar_write 3 56831 _002688_hash NULL nohasharray +_000364_hash mtdchar_writeoob 4 3393 _000364_hash NULL +_000365_hash mtd_device_parse_register 5 5024 _000365_hash NULL +_000366_hash mtf_test_write 3 18844 _000366_hash NULL @@ -82622,7 +83030,7 @@ index 0000000..daaa86c +_000472_hash rfcomm_sock_setsockopt 5 18254 _000472_hash NULL +_000473_hash rndis_add_response 2 58544 _000473_hash NULL +_000474_hash rndis_set_oid 4 6547 _000474_hash NULL -+_000475_hash rngapi_reset 3 34366 _000475_hash NULL ++_000475_hash rngapi_reset 3 34366 _002911_hash NULL nohasharray +_000476_hash roccat_common_receive 4 53407 _000476_hash NULL +_000477_hash roccat_common_send 4 12284 _000477_hash NULL +_000478_hash rpc_malloc 2 43573 _000478_hash NULL @@ -82808,7 +83216,7 @@ index 0000000..daaa86c +_000667_hash zd_usb_read_fw 4 22049 _000667_hash NULL +_000668_hash zerocopy_sg_from_iovec 3 11828 _000668_hash NULL +_000669_hash zoran_write 3 22404 _000669_hash NULL -+_000671_hash acpi_ex_allocate_name_string 2 7685 _000671_hash NULL ++_000671_hash acpi_ex_allocate_name_string 2 7685 _002855_hash NULL nohasharray +_000672_hash acpi_os_allocate_zeroed 1 37422 _000672_hash NULL +_000673_hash acpi_ut_initialize_buffer 2 47143 _002314_hash NULL nohasharray +_000674_hash ad7879_spi_xfer 3 36311 _000674_hash NULL @@ -82867,7 +83275,7 @@ index 0000000..daaa86c +_000733_hash ath6kl_wmi_send_mgmt_cmd 7 17347 _000733_hash NULL +_000734_hash ath_descdma_setup 5 12257 _000734_hash NULL +_000735_hash ath_rx_edma_init 2 65483 _000735_hash NULL -+_000736_hash ati_create_gatt_pages 1 4722 _000736_hash NULL ++_000736_hash ati_create_gatt_pages 1 4722 _003185_hash NULL nohasharray +_000737_hash au0828_init_isoc 2-3 61917 _000737_hash NULL +_000739_hash audit_init_entry 1 38644 _000739_hash NULL +_000740_hash ax25_sendmsg 4 62770 _000740_hash NULL @@ -82903,7 +83311,7 @@ index 0000000..daaa86c +_000774_hash cfg80211_roamed_bss 4-6 50198 _000774_hash NULL +_000776_hash cifs_readdata_alloc 1 50318 _000776_hash NULL +_000777_hash cifs_readv_from_socket 3 19109 _000777_hash NULL -+_000778_hash cifs_writedata_alloc 1 32880 _000778_hash NULL ++_000778_hash cifs_writedata_alloc 1 32880 _003119_hash NULL nohasharray +_000779_hash cnic_alloc_dma 3 34641 _000779_hash NULL +_000780_hash configfs_write_file 3 61621 _000780_hash NULL +_000781_hash construct_key 3 11329 _000781_hash NULL @@ -82935,7 +83343,7 @@ index 0000000..daaa86c +_000811_hash disconnect 4 32521 _000811_hash NULL +_000812_hash dma_attach 6-7 50831 _000812_hash NULL +_000814_hash dn_sendmsg 4 38390 _000814_hash NULL -+_000815_hash do_dccp_setsockopt 5 54377 _000815_hash NULL ++_000815_hash do_dccp_setsockopt 5 54377 _003160_hash NULL nohasharray +_000816_hash do_jffs2_setxattr 5 25910 _000816_hash NULL +_000817_hash do_msgsnd 4 1387 _000817_hash NULL +_000818_hash do_raw_setsockopt 5 55215 _000818_hash NULL @@ -82993,7 +83401,7 @@ index 0000000..daaa86c +_000873_hash ib_send_cm_rtu 3 63138 _000873_hash NULL +_000874_hash ieee80211_key_alloc 3 19065 _000874_hash NULL +_000875_hash ieee80211_mgmt_tx 9 46860 _000875_hash NULL -+_000876_hash ieee80211_send_probe_req 6 6924 _000876_hash NULL ++_000876_hash ieee80211_send_probe_req 6-4 6924 _000876_hash NULL +_000877_hash if_writecmd 2 815 _000877_hash NULL +_000878_hash init_bch 1-2 64130 _000878_hash NULL +_000880_hash init_ipath 1 48187 _000880_hash NULL @@ -83052,7 +83460,7 @@ index 0000000..daaa86c +_000937_hash kvm_read_guest_page_mmu 6 37611 _000937_hash NULL +_000938_hash kvm_set_irq_routing 3 48704 _000938_hash NULL +_000939_hash kvm_write_guest_cached 4 11106 _000939_hash NULL -+_000940_hash kvm_write_guest_page 5 63555 _000940_hash NULL ++_000940_hash kvm_write_guest_page 5 63555 _002809_hash NULL nohasharray +_000941_hash l2cap_skbuff_fromiovec 3-4 35003 _000941_hash NULL +_000943_hash l2tp_ip_sendmsg 4 50411 _000943_hash NULL +_000944_hash l2tp_session_create 1 25286 _000944_hash NULL @@ -83280,7 +83688,7 @@ index 0000000..daaa86c +_001186_hash timeout_write 3 50991 _001186_hash NULL +_001187_hash tipc_link_send_sections_fast 4 37920 _001187_hash NULL +_001188_hash tipc_subseq_alloc 1 5957 _001188_hash NULL -+_001189_hash tm6000_read_write_usb 7 50774 _001189_hash NULL ++_001189_hash tm6000_read_write_usb 7 50774 _002917_hash NULL nohasharray +_001190_hash tnode_alloc 1 49407 _001190_hash NULL +_001191_hash tomoyo_commit_ok 2 20167 _001191_hash NULL +_001192_hash tomoyo_scan_bprm 2-4 15642 _001192_hash NULL @@ -83300,7 +83708,7 @@ index 0000000..daaa86c +_001208_hash update_pmkid 4 2481 _001208_hash NULL +_001209_hash usb_alloc_coherent 2 65444 _001209_hash NULL +_001210_hash uvc_alloc_buffers 2 9656 _001210_hash NULL -+_001211_hash uvc_alloc_entity 3 20836 _001211_hash NULL ++_001211_hash uvc_alloc_entity 3-4 20836 _001211_hash NULL +_001212_hash v4l2_ctrl_new 7 38725 _001212_hash NULL +_001213_hash v4l2_event_subscribe 3 19510 _001213_hash NULL +_001214_hash vb2_read 3 42703 _001214_hash NULL @@ -83327,7 +83735,7 @@ index 0000000..daaa86c +_001237_hash _xfs_buf_get_pages 2 46811 _001237_hash NULL +_001238_hash xfs_da_buf_make 1 55845 _001238_hash NULL +_001239_hash xfs_da_grow_inode_int 3 21785 _001239_hash NULL -+_001240_hash xfs_dir_cilookup_result 3 64288 _001240_hash NULL ++_001240_hash xfs_dir_cilookup_result 3 64288 _003139_hash NULL nohasharray +_001241_hash xfs_iext_add_indirect_multi 3 32400 _001241_hash NULL +_001242_hash xfs_iext_inline_to_direct 2 12384 _001242_hash NULL +_001243_hash xfs_iroot_realloc 2 46826 _001243_hash NULL @@ -83426,7 +83834,7 @@ index 0000000..daaa86c +_001343_hash dump_midi 3 51040 _001343_hash NULL +_001344_hash dvb_dmxdev_set_buffer_size 2 55643 _001344_hash NULL +_001345_hash dvb_dvr_set_buffer_size 2 9840 _001345_hash NULL -+_001346_hash dvb_ringbuffer_pkt_read_user 3-5 4303 _001346_hash NULL ++_001346_hash dvb_ringbuffer_pkt_read_user 3-5-2 4303 _001346_hash NULL +_001348_hash dvb_ringbuffer_read_user 3 56702 _001348_hash NULL +_001349_hash ecryptfs_filldir 3 6622 _001349_hash NULL +_001350_hash ecryptfs_readlink 3 40775 _001350_hash NULL @@ -83600,7 +84008,7 @@ index 0000000..daaa86c +_001530_hash sys_getxattr 4 37418 _001530_hash NULL +_001531_hash sys_kexec_load 2 14222 _001531_hash NULL +_001532_hash sys_msgsnd 3 44537 _001532_hash &_000129_hash -+_001533_hash sys_process_vm_readv 3-5 19090 _001533_hash NULL ++_001533_hash sys_process_vm_readv 3-5 19090 _003125_hash NULL nohasharray +_001535_hash sys_process_vm_writev 3-5 4928 _001535_hash NULL +_001537_hash sys_sched_getaffinity 2 60033 _001537_hash NULL +_001538_hash sys_setsockopt 5 35320 _001538_hash NULL @@ -83666,7 +84074,7 @@ index 0000000..daaa86c +_001603_hash xfs_iext_realloc_indirect 2 59211 _001603_hash NULL +_001604_hash xfs_inumbers_fmt 3 12817 _001604_hash NULL +_001605_hash xlog_recover_add_to_cont_trans 4 44102 _001605_hash NULL -+_001606_hash xz_dec_lzma2_create 2 36353 _001606_hash NULL ++_001606_hash xz_dec_lzma2_create 2 36353 _002745_hash NULL nohasharray +_001607_hash _zd_iowrite32v_locked 3 44725 _001607_hash NULL +_001608_hash aat2870_reg_read_file 3 12221 _001608_hash NULL +_001609_hash add_sctp_bind_addr 3 12269 _001609_hash NULL @@ -83679,7 +84087,7 @@ index 0000000..daaa86c +_001616_hash afs_cell_lookup 2 8482 _001616_hash NULL +_001617_hash agp_allocate_memory 2 58761 _001617_hash NULL +_001618_hash __alloc_bootmem 1 31498 _001618_hash NULL -+_001619_hash __alloc_bootmem_low 1 43423 _001619_hash NULL ++_001619_hash __alloc_bootmem_low 1 43423 _003150_hash NULL nohasharray +_001620_hash __alloc_bootmem_node_nopanic 2 6432 _001620_hash NULL +_001621_hash alloc_cc770dev 1 48186 _001621_hash NULL +_001622_hash __alloc_ei_netdev 1 29338 _001622_hash NULL @@ -83706,7 +84114,7 @@ index 0000000..daaa86c +_001645_hash bfad_debugfs_read 3 13119 _001645_hash NULL +_001646_hash bfad_debugfs_read_regrd 3 57830 _001646_hash NULL +_001647_hash blk_init_tags 1 30592 _001647_hash NULL -+_001648_hash blk_queue_init_tags 2 44355 _001648_hash NULL ++_001648_hash blk_queue_init_tags 2 44355 _002686_hash NULL nohasharray +_001649_hash blk_rq_map_kern 4 47004 _001649_hash NULL +_001650_hash bm_entry_read 3 10976 _001650_hash NULL +_001651_hash bm_status_read 3 19583 _001651_hash NULL @@ -83780,9 +84188,9 @@ index 0000000..daaa86c +_001721_hash generic_readlink 3 32654 _001721_hash NULL +_001722_hash gpio_power_read 3 36059 _001722_hash NULL +_001723_hash hash_recvmsg 4 50924 _001723_hash NULL -+_001724_hash ht40allow_map_read 3 55209 _001724_hash NULL ++_001724_hash ht40allow_map_read 3 55209 _002830_hash NULL nohasharray +_001725_hash hwflags_read 3 52318 _001725_hash NULL -+_001726_hash hysdn_conf_read 3 42324 _001726_hash NULL ++_001726_hash hysdn_conf_read 3 42324 _003205_hash NULL nohasharray +_001727_hash i2400m_rx_stats_read 3 57706 _001727_hash NULL +_001728_hash i2400m_tx_stats_read 3 28527 _001728_hash NULL +_001729_hash idmouse_read 3 63374 _001729_hash NULL @@ -83863,7 +84271,7 @@ index 0000000..daaa86c +_001805_hash iwl_dbgfs_rxon_flags_read 3 20795 _001805_hash NULL +_001806_hash iwl_dbgfs_rx_queue_read 3 19943 _001806_hash NULL +_001807_hash iwl_dbgfs_rx_statistics_read 3 62687 _001807_hash &_000425_hash -+_001808_hash iwl_dbgfs_sensitivity_read 3 63116 _001808_hash NULL ++_001808_hash iwl_dbgfs_sensitivity_read 3 63116 _003026_hash NULL nohasharray +_001809_hash iwl_dbgfs_sleep_level_override_read 3 3038 _001809_hash NULL +_001810_hash iwl_dbgfs_sram_read 3 44505 _001810_hash NULL +_001811_hash iwl_dbgfs_stations_read 3 9309 _001811_hash NULL @@ -83929,7 +84337,7 @@ index 0000000..daaa86c +_001873_hash mwifiex_info_read 3 53447 _001873_hash NULL +_001874_hash mwifiex_rdeeprom_read 3 51429 _001874_hash NULL +_001875_hash mwifiex_regrdwr_read 3 34472 _001875_hash NULL -+_001876_hash nfsd_vfs_read 6 62605 _001876_hash NULL ++_001876_hash nfsd_vfs_read 6 62605 _003003_hash NULL nohasharray +_001877_hash nfsd_vfs_write 6 54577 _001877_hash NULL +_001878_hash nfs_idmap_lookup_id 2 10660 _001878_hash NULL +_001879_hash o2hb_debug_read 3 37851 _001879_hash NULL @@ -84042,7 +84450,7 @@ index 0000000..daaa86c +_001986_hash rx_out_of_mem_read 3 10157 _001986_hash NULL +_001987_hash rx_path_reset_read 3 23801 _001987_hash NULL +_001988_hash rxpipe_beacon_buffer_thres_host_int_trig_rx_data_read 3 55106 _001988_hash NULL -+_001989_hash rxpipe_descr_host_int_trig_rx_data_read 3 22001 _001989_hash NULL ++_001989_hash rxpipe_descr_host_int_trig_rx_data_read 3 22001 _003089_hash NULL nohasharray +_001990_hash rxpipe_missed_beacon_host_int_trig_rx_data_read 3 63405 _001990_hash NULL +_001991_hash rxpipe_rx_prep_beacon_drop_read 3 2403 _001991_hash NULL +_001992_hash rxpipe_tx_xfr_host_int_trig_rx_data_read 3 35538 _001992_hash NULL @@ -84163,7 +84571,7 @@ index 0000000..daaa86c +_002116_hash exofs_read_kern 6 39921 _002116_hash &_001885_hash +_002117_hash fc_change_queue_depth 2 36841 _002117_hash NULL +_002118_hash forced_ps_read 3 31685 _002118_hash NULL -+_002119_hash frequency_read 3 64031 _002119_hash NULL ++_002119_hash frequency_read 3 64031 _003106_hash NULL nohasharray +_002120_hash get_alua_req 3 4166 _002120_hash NULL +_002121_hash get_rdac_req 3 45882 _002121_hash NULL +_002122_hash hci_sock_recvmsg 4 7072 _002122_hash NULL @@ -84201,7 +84609,7 @@ index 0000000..daaa86c +_002154_hash ieee80211_if_read_flags 3 57470 _002389_hash NULL nohasharray +_002155_hash ieee80211_if_read_fwded_frames 3 36520 _002155_hash NULL +_002156_hash ieee80211_if_read_fwded_mcast 3 39571 _002156_hash &_000151_hash -+_002157_hash ieee80211_if_read_fwded_unicast 3 59740 _002157_hash NULL ++_002157_hash ieee80211_if_read_fwded_unicast 3 59740 _002859_hash NULL nohasharray +_002158_hash ieee80211_if_read_last_beacon 3 31257 _002158_hash NULL +_002159_hash ieee80211_if_read_min_discovery_timeout 3 13946 _002159_hash NULL +_002160_hash ieee80211_if_read_num_buffered_multicast 3 12716 _002160_hash NULL @@ -84511,7 +84919,7 @@ index 0000000..daaa86c +_002482_hash gru_alloc_gts 2-3 60056 _002482_hash NULL +_002484_hash handle_eviocgbit 3 44193 _002484_hash NULL +_002485_hash hid_parse_report 3 51737 _002485_hash NULL -+_002486_hash ieee80211_alloc_txb 1 52477 _002486_hash NULL ++_002486_hash ieee80211_alloc_txb 1-2 52477 _002486_hash NULL +_002487_hash ieee80211_wx_set_gen_ie 3 51399 _002487_hash NULL +_002488_hash ieee80211_wx_set_gen_ie_rsl 3 3521 _002488_hash NULL +_002489_hash init_cdev 1 8274 _002489_hash NULL @@ -84539,7 +84947,7 @@ index 0000000..daaa86c +_002511_hash queue_reply 3 22416 _002511_hash NULL +_002512_hash Realloc 2 34961 _002512_hash NULL +_002513_hash rfc4106_set_key 3 54519 _002513_hash NULL -+_002514_hash rtllib_alloc_txb 1 21687 _002514_hash NULL ++_002514_hash rtllib_alloc_txb 1-2 21687 _002514_hash NULL +_002515_hash rtllib_wx_set_gen_ie 3 59808 _002515_hash NULL +_002516_hash rts51x_transfer_data_partial 6 5735 _002516_hash NULL +_002517_hash sparse_early_usemaps_alloc_node 4 9269 _002517_hash NULL @@ -84557,7 +84965,7 @@ index 0000000..daaa86c +_002529_hash xpc_kzalloc_cacheline_aligned 1 65433 _002529_hash NULL +_002530_hash xsd_read 3 15653 _002530_hash NULL +_002531_hash compat_do_readv_writev 4 49102 _002531_hash NULL -+_002532_hash compat_keyctl_instantiate_key_iov 3 57431 _002532_hash NULL ++_002532_hash compat_keyctl_instantiate_key_iov 3 57431 _003110_hash NULL nohasharray +_002533_hash compat_process_vm_rw 3-5 22254 _002533_hash NULL +_002535_hash compat_sys_setsockopt 5 3326 _002535_hash NULL +_002536_hash ipath_cdev_init 1 37752 _002536_hash NULL @@ -84648,15 +85056,586 @@ index 0000000..daaa86c +_002631_hash v9fs_fid_readn 4 60544 _002631_hash NULL +_002632_hash v9fs_file_read 3 40858 _002632_hash NULL +_002633_hash __devres_alloc 2 25598 _002633_hash NULL -+_002634_hash acl_alloc 1 35979 _002634_hash NULL -+_002635_hash acl_alloc_stack_init 1 60630 _002635_hash NULL -+_002636_hash acl_alloc_num 1-2 60778 _002636_hash NULL ++_002634_hash alloc_dummy_extent_buffer 2 56374 _002634_hash NULL ++_002635_hash alloc_fdtable 1 17389 _002635_hash NULL ++_002636_hash alloc_large_system_hash 2 22391 _002636_hash NULL ++_002637_hash alloc_ldt 2 21972 _002637_hash NULL ++_002638_hash __alloc_skb 1 23940 _002638_hash NULL ++_002639_hash __ata_change_queue_depth 3 23484 _002639_hash NULL ++_002640_hash btrfs_alloc_free_block 3 8986 _002640_hash NULL ++_002641_hash btrfs_find_device_for_logical 2 44993 _002641_hash NULL ++_002642_hash ccid3_hc_rx_getsockopt 3 62331 _002642_hash NULL ++_002643_hash ccid3_hc_tx_getsockopt 3 16314 _002643_hash NULL ++_002644_hash cifs_readdata_alloc 1 26360 _002644_hash NULL ++_002645_hash cistpl_vers_1 4 15023 _002645_hash NULL ++_002646_hash cmm_read 3 57520 _002646_hash NULL ++_002647_hash cosa_read 3 25966 _002647_hash NULL ++_002648_hash dm_table_create 3 35687 _002648_hash NULL ++_002649_hash dpcm_state_read_file 3 65489 _002649_hash NULL ++_002651_hash edac_mc_alloc 4 3611 _002651_hash NULL ++_002652_hash ep0_read 3 38095 _002652_hash NULL ++_002653_hash event_buffer_read 3 48772 _002765_hash NULL nohasharray ++_002654_hash extend_netdev_table 2 21453 _002654_hash NULL ++_002655_hash extract_entropy_user 3 26952 _002655_hash NULL ++_002656_hash fcoe_ctlr_device_add 3 1793 _002656_hash NULL ++_002657_hash fd_do_readv 3 51297 _002657_hash NULL ++_002658_hash fd_do_writev 3 29329 _002658_hash NULL ++_002659_hash ffs_ep0_read 3 2672 _002659_hash NULL ++_002660_hash fill_readbuf 3 32464 _002660_hash NULL ++_002661_hash fw_iso_buffer_alloc 2 13704 _002661_hash NULL ++_002662_hash get_fd_set 1 3866 _002662_hash NULL ++_002663_hash hidraw_report_event 3 20503 _002663_hash NULL ++_002664_hash ieee80211_if_read_ht_opmode 3 29044 _002664_hash NULL ++_002665_hash ieee80211_if_read_num_mcast_sta 3 12419 _002665_hash NULL ++_002666_hash iwl_dbgfs_calib_disabled_read 3 22649 _002666_hash NULL ++_002667_hash iwl_dbgfs_rf_reset_read 3 26512 _002667_hash NULL ++_002668_hash ixgbe_alloc_q_vector 4-6 24439 _002668_hash NULL ++_002670_hash joydev_handle_JSIOCSAXMAP 3 48898 _002836_hash NULL nohasharray ++_002671_hash joydev_handle_JSIOCSBTNMAP 3 15643 _002671_hash NULL ++_002672_hash __kfifo_from_user_r 3 60345 _002672_hash NULL ++_002673_hash kstrtoint_from_user 2 8778 _002673_hash NULL ++_002674_hash kstrtol_from_user 2 10168 _002674_hash NULL ++_002675_hash kstrtoll_from_user 2 19500 _002675_hash NULL ++_002676_hash kstrtos16_from_user 2 28300 _002676_hash NULL ++_002677_hash kstrtos8_from_user 2 58268 _002677_hash NULL ++_002678_hash kstrtou16_from_user 2 54274 _002678_hash NULL ++_002679_hash kstrtou8_from_user 2 55599 _002679_hash NULL ++_002680_hash kstrtouint_from_user 2 10536 _002680_hash NULL ++_002681_hash kstrtoul_from_user 2 64569 _002681_hash NULL ++_002682_hash kstrtoull_from_user 2 63026 _002682_hash NULL ++_002683_hash l2cap_create_iframe_pdu 3 40055 _002683_hash NULL ++_002684_hash l2tp_ip6_recvmsg 4 62874 _002684_hash NULL ++_002685_hash mem_cgroup_read 5 22461 _002685_hash NULL ++_002686_hash nfs_fscache_get_super_cookie 3 44355 _002686_hash &_001648_hash ++_002687_hash nfs_pgarray_set 2 1085 _002687_hash NULL ++_002688_hash ntfs_rl_realloc 3 56831 _002688_hash &_000363_hash ++_002689_hash ntfs_rl_realloc_nofail 3 32173 _002689_hash NULL ++_002690_hash pn533_dep_link_up 5 22154 _002690_hash NULL ++_002691_hash port_fops_write 3 54627 _002691_hash NULL ++_002692_hash ptp_read 4 63251 _002692_hash NULL ++_002693_hash qla4xxx_change_queue_depth 2 1268 _002693_hash NULL ++_002694_hash reqsk_queue_alloc 2 40272 _002694_hash NULL ++_002695_hash resize_info_buffer 2 62889 _002695_hash NULL ++_002696_hash rfkill_fop_write 3 64808 _002696_hash NULL ++_002697_hash rt2x00debug_write_rfcsr 3 41473 _002697_hash NULL ++_002698_hash rvmalloc 1 46873 _002698_hash NULL ++_002699_hash rw_copy_check_uvector 3 45748 _002699_hash NULL ++_002700_hash sctp_getsockopt_active_key 2 45483 _002700_hash NULL ++_002701_hash sctp_getsockopt_adaptation_layer 2 45375 _002701_hash NULL ++_002702_hash sctp_getsockopt_assoc_ids 2 9043 _002702_hash NULL ++_002703_hash sctp_getsockopt_associnfo 2 58169 _002703_hash NULL ++_002704_hash sctp_getsockopt_assoc_number 2 6384 _002704_hash NULL ++_002705_hash sctp_getsockopt_auto_asconf 2 46584 _002705_hash NULL ++_002706_hash sctp_getsockopt_context 2 52490 _002706_hash NULL ++_002707_hash sctp_getsockopt_default_send_param 2 63056 _002707_hash NULL ++_002708_hash sctp_getsockopt_disable_fragments 2 12330 _002708_hash NULL ++_002709_hash sctp_getsockopt_fragment_interleave 2 51215 _002709_hash NULL ++_002710_hash sctp_getsockopt_initmsg 2 26042 _002710_hash NULL ++_002711_hash sctp_getsockopt_mappedv4 2 20044 _002711_hash NULL ++_002712_hash sctp_getsockopt_nodelay 2 9560 _002712_hash NULL ++_002713_hash sctp_getsockopt_partial_delivery_point 2 60952 _002713_hash NULL ++_002714_hash sctp_getsockopt_peeloff 2 59190 _002714_hash NULL ++_002715_hash sctp_getsockopt_peer_addr_info 2 6024 _002715_hash NULL ++_002716_hash sctp_getsockopt_peer_addr_params 2 53645 _002716_hash NULL ++_002717_hash sctp_getsockopt_primary_addr 2 24639 _002717_hash NULL ++_002718_hash sctp_getsockopt_rtoinfo 2 62027 _002718_hash NULL ++_002719_hash sctp_getsockopt_sctp_status 2 56540 _002719_hash NULL ++_002720_hash self_check_write 5 50856 _002720_hash NULL ++_002721_hash smk_read_mapped 3 7562 _002721_hash NULL ++_002722_hash smk_set_cipso 3 20379 _002722_hash NULL ++_002723_hash smk_user_access 3 24440 _002723_hash NULL ++_002724_hash smk_write_mapped 3 13519 _002724_hash NULL ++_002725_hash smk_write_rules_list 3 18565 _002725_hash NULL ++_002726_hash snd_mixart_BA0_read 5 45069 _002726_hash NULL ++_002727_hash snd_mixart_BA1_read 5 5082 _002727_hash NULL ++_002728_hash snd_pcm_oss_read2 3 54387 _002728_hash NULL ++_002729_hash syslog_print 2 307 _002729_hash NULL ++_002730_hash tcp_dma_try_early_copy 3 4457 _002730_hash NULL ++_002731_hash tcp_send_rcvq 3 11316 _002731_hash NULL ++_002732_hash tomoyo_init_log 2 61526 _002732_hash NULL ++_002733_hash ubi_dump_flash 4 46381 _002733_hash NULL ++_002734_hash ubi_eba_atomic_leb_change 5 60379 _002734_hash NULL ++_002735_hash ubi_eba_write_leb 5-6 36029 _002735_hash NULL ++_002737_hash ubi_eba_write_leb_st 5 44343 _002737_hash NULL ++_002738_hash ubi_self_check_all_ff 4 41959 _002738_hash NULL ++_002739_hash unix_bind 3 15668 _002739_hash NULL ++_002740_hash usbvision_rvmalloc 1 19655 _002740_hash NULL ++_002742_hash v4l2_ctrl_new 7 24927 _002742_hash NULL ++_002743_hash v4l2_event_subscribe 3 53687 _002743_hash NULL ++_002744_hash v9fs_direct_read 3 45546 _002744_hash NULL ++_002745_hash v9fs_file_readn 4 36353 _002745_hash &_001606_hash ++_002746_hash __videobuf_alloc_vb 1 5665 _002746_hash NULL ++_002747_hash wm8350_write 3 24480 _002747_hash NULL ++_002748_hash xfs_buf_read_uncached 3 42844 _002748_hash NULL ++_002749_hash yurex_write 3 8761 _002749_hash NULL ++_002750_hash alloc_skb 1 55439 _002750_hash NULL ++_002751_hash alloc_skb_fclone 1 3467 _002751_hash NULL ++_002752_hash ata_scsi_change_queue_depth 2 23126 _002752_hash NULL ++_002753_hash ath6kl_disconnect_timeout_write 3 794 _002753_hash NULL ++_002754_hash ath6kl_keepalive_write 3 45600 _002754_hash NULL ++_002755_hash ath6kl_lrssi_roam_write 3 8362 _002755_hash NULL ++_002756_hash ath6kl_regread_write 3 14220 _002756_hash NULL ++_002757_hash core_sys_select 1 47494 _002757_hash NULL ++_002758_hash do_syslog 3 56807 _002758_hash NULL ++_002759_hash expand_fdtable 2 39273 _002759_hash NULL ++_002760_hash fd_execute_cmd 3 1132 _002760_hash NULL ++_002761_hash get_chars 3 40373 _002761_hash NULL ++_002762_hash hid_report_raw_event 4 2762 _002762_hash NULL ++_002763_hash inet_csk_listen_start 2 38233 _002763_hash NULL ++_002764_hash kstrtou32_from_user 2 30361 _002764_hash NULL ++_002765_hash l2cap_segment_sdu 4 48772 _002765_hash &_002653_hash ++_002766_hash __netdev_alloc_skb 2 18595 _002766_hash NULL ++_002767_hash nfs_readdata_alloc 2 65015 _002767_hash NULL ++_002768_hash nfs_writedata_alloc 2 12133 _002768_hash NULL ++_002769_hash ntfs_rl_append 2-4 6037 _002769_hash NULL ++_002771_hash ntfs_rl_insert 2-4 4931 _002771_hash NULL ++_002773_hash ntfs_rl_replace 2-4 14136 _002773_hash NULL ++_002775_hash ntfs_rl_split 2-4 52328 _002775_hash NULL ++_002777_hash port_fops_read 3 49626 _002777_hash NULL ++_002778_hash random_read 3 13815 _002778_hash NULL ++_002779_hash sg_proc_write_adio 3 45704 _002779_hash NULL ++_002780_hash sg_proc_write_dressz 3 46316 _002780_hash NULL ++_002781_hash tcp_sendmsg 4 30296 _002781_hash NULL ++_002782_hash tomoyo_write_log2 2 34318 _002782_hash NULL ++_002783_hash ubi_leb_change 4 10289 _002783_hash NULL ++_002784_hash ubi_leb_write 4-5 5478 _002784_hash NULL ++_002786_hash urandom_read 3 30462 _002786_hash NULL ++_002787_hash v9fs_cached_file_read 3 2514 _002787_hash NULL ++_002788_hash __videobuf_alloc_cached 1 12740 _002788_hash NULL ++_002789_hash __videobuf_alloc_uncached 1 55711 _002789_hash NULL ++_002790_hash wm8350_block_write 3 19727 _002790_hash NULL ++_002791_hash alloc_tx 2 32143 _002791_hash NULL ++_002792_hash alloc_wr 1-2 24635 _002792_hash NULL ++_002794_hash ath6kl_endpoint_stats_write 3 59621 _002794_hash NULL ++_002795_hash ath6kl_fwlog_mask_write 3 24810 _002795_hash NULL ++_002796_hash ath9k_wmi_cmd 4 327 _002796_hash NULL ++_002797_hash atm_alloc_charge 2 19517 _002879_hash NULL nohasharray ++_002798_hash ax25_output 2 22736 _002798_hash NULL ++_002799_hash bcsp_prepare_pkt 3 12961 _002799_hash NULL ++_002800_hash bt_skb_alloc 1 6404 _002800_hash NULL ++_002801_hash capinc_tty_write 3 28539 _002801_hash NULL ++_002802_hash cfpkt_create_pfx 1-2 23594 _002802_hash NULL ++_002804_hash cmd_complete 6 51629 _002804_hash NULL ++_002805_hash cmtp_add_msgpart 4 9252 _002805_hash NULL ++_002806_hash cmtp_send_interopmsg 7 376 _002806_hash NULL ++_002807_hash cxgb3_get_cpl_reply_skb 2 10620 _002807_hash NULL ++_002808_hash dbg_leb_change 4 23555 _002808_hash NULL ++_002809_hash dbg_leb_write 4-5 63555 _002809_hash &_000940_hash ++_002811_hash dccp_listen_start 2 35918 _002811_hash NULL ++_002812_hash __dev_alloc_skb 1 28681 _002812_hash NULL ++_002813_hash diva_os_alloc_message_buffer 1 64568 _002813_hash NULL ++_002814_hash dn_alloc_skb 2 6631 _002814_hash NULL ++_002815_hash do_pselect 1 62061 _002815_hash NULL ++_002816_hash _fc_frame_alloc 1 43568 _002816_hash NULL ++_002817_hash find_skb 2 20431 _002817_hash NULL ++_002818_hash fm_send_cmd 5 39639 _002818_hash NULL ++_002819_hash gem_alloc_skb 2 51715 _002819_hash NULL ++_002820_hash get_packet 3 41914 _002820_hash NULL ++_002821_hash get_packet 3 5747 _002821_hash NULL ++_002822_hash get_packet_pg 4 28023 _002822_hash NULL ++_002823_hash get_skb 2 63008 _002823_hash NULL ++_002824_hash hidp_queue_report 3 1881 _002824_hash NULL ++_002825_hash __hidp_send_ctrl_message 4 28303 _002825_hash NULL ++_002826_hash hycapi_rx_capipkt 3 11602 _002826_hash NULL ++_002827_hash i2400m_net_rx 5 27170 _002827_hash NULL ++_002828_hash igmpv3_newpack 2 35912 _002828_hash NULL ++_002829_hash inet_listen 2 14723 _002829_hash NULL ++_002830_hash isdn_net_ciscohdlck_alloc_skb 2 55209 _002830_hash &_001724_hash ++_002831_hash isdn_ppp_ccp_xmit_reset 6 63297 _002831_hash NULL ++_002832_hash kmsg_read 3 46514 _002832_hash NULL ++_002833_hash _l2_alloc_skb 1 11883 _002833_hash NULL ++_002834_hash l3_alloc_skb 1 32289 _002834_hash NULL ++_002835_hash llc_alloc_frame 4 64366 _002835_hash NULL ++_002836_hash mac_drv_rx_init 2 48898 _002836_hash &_002670_hash ++_002837_hash mgmt_event 4 12810 _002837_hash NULL ++_002838_hash mI_alloc_skb 1 24770 _002838_hash NULL ++_002839_hash nci_skb_alloc 2 49757 _002839_hash NULL ++_002840_hash netdev_alloc_skb 2 62437 _002840_hash NULL ++_002841_hash __netdev_alloc_skb_ip_align 2 55067 _002841_hash NULL ++_002842_hash new_skb 1 21148 _002842_hash NULL ++_002843_hash nfc_alloc_recv_skb 1 10244 _002843_hash NULL ++_002844_hash nfcwilink_skb_alloc 1 16167 _002844_hash NULL ++_002845_hash nfulnl_alloc_skb 2 65207 _002845_hash NULL ++_002846_hash ni65_alloc_mem 3 10664 _002846_hash NULL ++_002847_hash pep_alloc_skb 3 46303 _002847_hash NULL ++_002848_hash pn_raw_send 2 54330 _002848_hash NULL ++_002849_hash __pskb_copy 2 9038 _002849_hash NULL ++_002850_hash refill_pool 2 19477 _002850_hash NULL ++_002851_hash rfcomm_wmalloc 2 58090 _002851_hash NULL ++_002852_hash rx 4 57944 _002852_hash NULL ++_002853_hash sctp_ulpevent_new 1 33377 _002853_hash NULL ++_002854_hash send_command 4 10832 _002854_hash NULL ++_002855_hash skb_copy_expand 2-3 7685 _002855_hash &_000671_hash ++_002857_hash sk_stream_alloc_skb 2 57622 _002857_hash NULL ++_002858_hash sock_alloc_send_pskb 2 21246 _002858_hash NULL ++_002859_hash sock_rmalloc 2 59740 _002859_hash &_002157_hash ++_002860_hash sock_wmalloc 2 16472 _002860_hash NULL ++_002861_hash solos_param_store 4 34755 _002861_hash NULL ++_002862_hash sys_select 1 38827 _002862_hash NULL ++_002863_hash sys_syslog 3 10746 _002863_hash NULL ++_002864_hash t4vf_pktgl_to_skb 2 39005 _002864_hash NULL ++_002865_hash tcp_collapse 5-6 63294 _002865_hash NULL ++_002867_hash tipc_cfg_reply_alloc 1 27606 _002867_hash NULL ++_002868_hash ubifs_leb_change 4 17789 _002868_hash NULL ++_002869_hash ubifs_leb_write 4-5 22679 _002869_hash NULL ++_002871_hash ulog_alloc_skb 1 23427 _002871_hash NULL ++_002872_hash _alloc_mISDN_skb 3 52232 _002872_hash NULL ++_002873_hash ath9k_multi_regread 4 65056 _002873_hash NULL ++_002874_hash ath_rxbuf_alloc 2 24745 _002874_hash NULL ++_002875_hash ax25_send_frame 2 19964 _002875_hash NULL ++_002876_hash bchannel_get_rxbuf 2 37213 _002876_hash NULL ++_002877_hash cfpkt_create 1 18197 _002877_hash NULL ++_002878_hash console_store 4 36007 _002878_hash NULL ++_002879_hash dev_alloc_skb 1 19517 _002879_hash &_002797_hash ++_002880_hash dn_nsp_do_disc 2-6 49474 _002880_hash NULL ++_002882_hash do_write_orph_node 2 64343 _002882_hash NULL ++_002883_hash dsp_cmx_send_member 2 15625 _002883_hash NULL ++_002884_hash fc_frame_alloc 2 1596 _002884_hash NULL ++_002885_hash fc_frame_alloc_fill 2 59394 _002885_hash NULL ++_002886_hash fmc_send_cmd 5 20435 _002886_hash NULL ++_002887_hash hci_send_cmd 3 43810 _002887_hash NULL ++_002888_hash hci_si_event 3 1404 _002888_hash NULL ++_002889_hash hfcpci_empty_bfifo 4 62323 _002889_hash NULL ++_002890_hash hidp_send_ctrl_message 4 43702 _002890_hash NULL ++_002891_hash hysdn_sched_rx 3 60533 _002891_hash NULL ++_002892_hash inet_dccp_listen 2 28565 _002892_hash NULL ++_002893_hash ip6_append_data 4-5 36490 _002893_hash NULL ++_002894_hash __ip_append_data 7-8 36191 _002894_hash NULL ++_002895_hash l1oip_socket_recv 6 56537 _002895_hash NULL ++_002896_hash l2cap_build_cmd 4 48676 _002896_hash NULL ++_002897_hash l2down_create 4 21755 _002897_hash NULL ++_002898_hash l2up_create 3 6430 _002898_hash NULL ++_002899_hash ldisc_receive 4 41516 _002899_hash NULL ++_002902_hash lro_gen_skb 6 2644 _002902_hash NULL ++_002903_hash macvtap_alloc_skb 2-4-3 50629 _002903_hash NULL ++_002906_hash mgmt_device_found 10 14146 _002906_hash NULL ++_002907_hash nci_send_cmd 3 58206 _002907_hash NULL ++_002908_hash netdev_alloc_skb_ip_align 2 40811 _002908_hash NULL ++_002909_hash nfcwilink_send_bts_cmd 3 10802 _002909_hash NULL ++_002910_hash nfqnl_mangle 2 14583 _002910_hash NULL ++_002911_hash p54_alloc_skb 3 34366 _002911_hash &_000475_hash ++_002912_hash packet_alloc_skb 2-5-4 62602 _002912_hash NULL ++_002915_hash pep_indicate 5 38611 _002915_hash NULL ++_002916_hash pep_reply 5 50582 _002916_hash NULL ++_002917_hash pipe_handler_request 5 50774 _002917_hash &_001189_hash ++_002918_hash ql_process_mac_rx_page 4 15543 _002918_hash NULL ++_002919_hash ql_process_mac_rx_skb 4 6689 _002919_hash NULL ++_002920_hash rfcomm_tty_write 3 51603 _002920_hash NULL ++_002921_hash send_mpa_reject 3 7135 _002921_hash NULL ++_002922_hash send_mpa_reply 3 32372 _002922_hash NULL ++_002923_hash set_rxd_buffer_pointer 8 9950 _002923_hash NULL ++_002924_hash sge_rx 3 50594 _002924_hash NULL ++_002925_hash skb_cow_data 2 11565 _002925_hash NULL ++_002926_hash smp_build_cmd 3 45853 _002926_hash NULL ++_002927_hash sock_alloc_send_skb 2 23720 _002927_hash NULL ++_002928_hash sys_pselect6 1 57449 _002928_hash NULL ++_002929_hash tcp_fragment 3 20436 _002929_hash NULL ++_002930_hash teiup_create 3 43201 _002930_hash NULL ++_002931_hash tg3_run_loopback 2 30093 _002931_hash NULL ++_002932_hash tun_alloc_skb 2-4-3 41216 _002932_hash NULL ++_002935_hash ubifs_write_node 5 11258 _002935_hash NULL ++_002936_hash use_pool 2 64607 _002936_hash NULL ++_002937_hash vxge_rx_alloc 3 52024 _002937_hash NULL ++_002938_hash add_packet 3 54433 _002938_hash NULL ++_002939_hash add_rx_skb 3 8257 _002939_hash NULL ++_002940_hash ath6kl_buf_alloc 1 57304 _002940_hash NULL ++_002941_hash bat_iv_ogm_aggregate_new 2 2620 _002941_hash NULL ++_002942_hash bnx2fc_process_l2_frame_compl 3 65072 _002942_hash NULL ++_002943_hash brcmu_pkt_buf_get_skb 1 5556 _002943_hash NULL ++_002944_hash br_send_bpdu 3 29669 _002944_hash NULL ++_002945_hash bt_skb_send_alloc 2 6581 _002945_hash NULL ++_002946_hash c4iw_reject_cr 3 28174 _002946_hash NULL ++_002947_hash carl9170_rx_copy_data 2 21656 _002947_hash NULL ++_002948_hash cfpkt_add_body 3 44630 _002948_hash NULL ++_002949_hash cfpkt_append 3 61206 _002949_hash NULL ++_002950_hash cosa_net_setup_rx 2 38594 _002950_hash NULL ++_002951_hash cxgb4_pktgl_to_skb 2 61899 _002951_hash NULL ++_002952_hash dn_alloc_send_pskb 2 4465 _002952_hash NULL ++_002953_hash dn_nsp_return_disc 2 60296 _002953_hash NULL ++_002954_hash dn_nsp_send_disc 2 23469 _002954_hash NULL ++_002955_hash dsp_tone_hw_message 3 17678 _002955_hash NULL ++_002956_hash dvb_net_sec 3 37884 _002956_hash NULL ++_002957_hash e1000_check_copybreak 3 62448 _002957_hash NULL ++_002958_hash fast_rx_path 3 59214 _002958_hash NULL ++_002959_hash fc_fcp_frame_alloc 2 12624 _002959_hash NULL ++_002960_hash fcoe_ctlr_send_keep_alive 3 15308 _002960_hash NULL ++_002961_hash fwnet_incoming_packet 3 40380 _002961_hash NULL ++_002962_hash fwnet_pd_new 4 39947 _002962_hash NULL ++_002963_hash got_frame 2 16028 _002963_hash NULL ++_002964_hash gsm_mux_rx_netchar 3 33336 _002964_hash NULL ++_002965_hash hdlcdev_rx 3 997 _002965_hash NULL ++_002966_hash hdlc_empty_fifo 2 18397 _002966_hash NULL ++_002967_hash hfc_empty_fifo 2 57972 _002967_hash NULL ++_002968_hash hfcpci_empty_fifo 4 2427 _002968_hash NULL ++_002969_hash hfcsusb_rx_frame 3 52745 _002969_hash NULL ++_002970_hash hidp_output_raw_report 3 5629 _002970_hash NULL ++_002971_hash hscx_empty_fifo 2 13360 _002971_hash NULL ++_002972_hash hysdn_rx_netpkt 3 16136 _002972_hash NULL ++_002973_hash ieee80211_fragment 4 33112 _002973_hash NULL ++_002974_hash ieee80211_probereq_get 4-6 29069 _002974_hash NULL ++_002976_hash ieee80211_send_auth 5 24121 _002976_hash NULL ++_002977_hash ieee80211_set_probe_resp 3 10077 _002977_hash NULL ++_002978_hash ieee80211_tdls_mgmt 8 9581 _002978_hash NULL ++_002979_hash ip6_ufo_append_data 5-7-6 4780 _002979_hash NULL ++_002982_hash ip_ufo_append_data 6-8-7 12775 _002982_hash NULL ++_002985_hash ipw_packet_received_skb 2 1230 _002985_hash NULL ++_002986_hash iwch_reject_cr 3 23901 _002986_hash NULL ++_002987_hash iwm_rx_packet_alloc 3 9898 _002987_hash NULL ++_002988_hash ixgb_check_copybreak 3 5847 _002988_hash NULL ++_002989_hash l1oip_socket_parse 4 4507 _002989_hash NULL ++_002990_hash l2cap_send_cmd 4 14548 _002990_hash NULL ++_002991_hash l2tp_ip6_sendmsg 4 7461 _002991_hash NULL ++_002993_hash lowpan_fragment_xmit 3-4 22095 _002993_hash NULL ++_002996_hash mcs_unwrap_fir 3 25733 _002996_hash NULL ++_002997_hash mcs_unwrap_mir 3 9455 _002997_hash NULL ++_002998_hash mld_newpack 2 50950 _002998_hash NULL ++_002999_hash nfc_alloc_send_skb 4 3167 _002999_hash NULL ++_003000_hash p54_download_eeprom 4 43842 _003000_hash NULL ++_003002_hash ppp_tx_cp 5 62044 _003002_hash NULL ++_003003_hash prism2_send_mgmt 4 62605 _003003_hash &_001876_hash ++_003004_hash prism2_sta_send_mgmt 5 43916 _003004_hash NULL ++_003005_hash _queue_data 4 54983 _003005_hash NULL ++_003006_hash read_dma 3 55086 _003006_hash NULL ++_003007_hash read_fifo 3 826 _003007_hash NULL ++_003008_hash receive_copy 3 12216 _003008_hash NULL ++_003009_hash rtl8169_try_rx_copy 3 705 _003009_hash NULL ++_003010_hash _rtl92s_firmware_downloadcode 3 14021 _003010_hash NULL ++_003011_hash rx_data 4 60442 _003011_hash NULL ++_003012_hash sis190_try_rx_copy 3 57069 _003012_hash NULL ++_003013_hash skge_rx_get 3 40598 _003013_hash NULL ++_003014_hash tcp_mark_head_lost 2 35895 _003014_hash NULL ++_003015_hash tcp_match_skb_to_sack 3-4 23568 _003015_hash NULL ++_003017_hash tso_fragment 3 29050 _003017_hash NULL ++_003018_hash tt_response_fill_table 1 57902 _003018_hash NULL ++_003020_hash udpv6_sendmsg 4 22316 _003020_hash NULL ++_003021_hash velocity_rx_copy 2 34583 _003021_hash NULL ++_003022_hash W6692_empty_Bfifo 2 47804 _003022_hash NULL ++_003023_hash zd_mac_rx 3 38296 _003023_hash NULL ++_003024_hash ath6kl_wmi_get_new_buf 1 52304 _003024_hash NULL ++_003025_hash bat_iv_ogm_queue_add 3 30870 _003025_hash NULL ++_003026_hash brcmf_alloc_pkt_and_read 2 63116 _003026_hash &_001808_hash ++_003027_hash brcmf_sdcard_recv_buf 6 38179 _003027_hash NULL ++_003028_hash brcmf_sdcard_rwdata 5 65041 _003028_hash NULL ++_003029_hash brcmf_sdcard_send_buf 6 7713 _003029_hash NULL ++_003030_hash carl9170_handle_mpdu 3 11056 _003030_hash NULL ++_003031_hash cfpkt_add_trail 3 27260 _003031_hash NULL ++_003032_hash cfpkt_pad_trail 2 55511 _003032_hash NULL ++_003033_hash dvb_net_sec_callback 2 28786 _003033_hash NULL ++_003034_hash fwnet_receive_packet 9 50537 _003034_hash NULL ++_003035_hash handle_rx_packet 3 58993 _003035_hash NULL ++_003036_hash HDLC_irq 2 8709 _003036_hash NULL ++_003037_hash hdlc_rpr_irq 2 10240 _003037_hash NULL ++_003043_hash ipwireless_network_packet_received 4 51277 _003043_hash NULL ++_003044_hash l2cap_bredr_sig_cmd 3 49065 _003044_hash NULL ++_003045_hash l2cap_sock_alloc_skb_cb 2 33532 _003045_hash NULL ++_003046_hash llcp_allocate_pdu 3 19866 _003046_hash NULL ++_003047_hash ppp_cp_event 6 2965 _003047_hash NULL ++_003048_hash receive_client_update_packet 3 49104 _003048_hash NULL ++_003049_hash receive_server_sync_packet 3 59021 _003049_hash NULL ++_003050_hash sky2_receive 2 13407 _003050_hash NULL ++_003051_hash tcp_sacktag_walk 5-6 49703 _003051_hash NULL ++_003053_hash tcp_write_xmit 2 64602 _003053_hash NULL ++_003054_hash ath6kl_wmi_add_wow_pattern_cmd 4 12842 _003054_hash NULL ++_003055_hash ath6kl_wmi_beginscan_cmd 8 25462 _003055_hash NULL ++_003056_hash ath6kl_wmi_send_probe_response_cmd 6 31728 _003056_hash NULL ++_003057_hash ath6kl_wmi_set_appie_cmd 5 39266 _003057_hash NULL ++_003058_hash ath6kl_wmi_set_ie_cmd 6 37260 _003058_hash NULL ++_003059_hash ath6kl_wmi_startscan_cmd 8 33674 _003059_hash NULL ++_003060_hash ath6kl_wmi_test_cmd 3 27312 _003060_hash NULL ++_003061_hash brcmf_sdbrcm_membytes 3-5 37324 _003061_hash NULL ++_003063_hash brcmf_sdbrcm_read_control 3 22721 _003063_hash NULL ++_003064_hash brcmf_tx_frame 3 20978 _003064_hash NULL ++_003065_hash __carl9170_rx 3 56784 _003065_hash NULL ++_003066_hash cfpkt_setlen 2 49343 _003066_hash NULL ++_003067_hash hdlc_irq_one 2 3944 _003067_hash NULL ++_003069_hash tcp_push_one 2 48816 _003069_hash NULL ++_003070_hash __tcp_push_pending_frames 2 48148 _003070_hash NULL ++_003071_hash brcmf_sdbrcm_bus_txctl 3 42492 _003071_hash NULL ++_003072_hash carl9170_rx 3 13272 _003072_hash NULL ++_003073_hash carl9170_rx_stream 3 1334 _003073_hash NULL ++_003074_hash tcp_push 3 10680 _003074_hash NULL ++_003075_hash create_log 2 8225 _003075_hash NULL ++_003076_hash expand_files 2 17080 _003076_hash NULL ++_003077_hash iio_device_alloc 1 41440 _003077_hash NULL ++_003078_hash OS_mem_token_alloc 1 14276 _003078_hash NULL ++_003079_hash packet_came 3 18072 _003079_hash NULL ++_003080_hash softsynth_write 3 3455 _003080_hash NULL ++_003081_hash alloc_fd 1 37637 _003081_hash NULL ++_003082_hash sys_dup3 2 33421 _003082_hash NULL ++_003083_hash do_fcntl 3 31468 _003083_hash NULL ++_003084_hash sys_dup2 2 25284 _003084_hash NULL ++_003085_hash sys_fcntl 3 19267 _003085_hash NULL ++_003086_hash sys_fcntl64 3 29031 _003086_hash NULL ++_003087_hash cmpk_message_handle_tx 4 54024 _003087_hash NULL ++_003088_hash comedi_buf_alloc 3 24822 _003088_hash NULL ++_003089_hash compat_rw_copy_check_uvector 3 22001 _003089_hash &_001989_hash ++_003090_hash compat_sys_fcntl64 3 60256 _003090_hash NULL ++_003091_hash evtchn_write 3 43278 _003091_hash NULL ++_003092_hash fw_download_code 3 13249 _003092_hash NULL ++_003093_hash fwSendNullPacket 2 54618 _003093_hash NULL ++_003095_hash ieee80211_authentication_req 3 63973 _003095_hash NULL ++_003097_hash rtllib_authentication_req 3 26713 _003097_hash NULL ++_003098_hash SendTxCommandPacket 3 42901 _003098_hash NULL ++_003099_hash snd_nm256_capture_copy 5 28622 _003099_hash NULL ++_003100_hash snd_nm256_playback_copy 5 38567 _003100_hash NULL ++_003101_hash tomoyo_init_log 2 14806 _003101_hash NULL ++_003102_hash usbdux_attach_common 4 51764 _003102_hash NULL ++_003103_hash compat_sys_fcntl 3 15654 _003103_hash NULL ++_003104_hash ieee80211_auth_challenge 3 18810 _003104_hash NULL ++_003105_hash ieee80211_rtl_auth_challenge 3 61897 _003105_hash NULL ++_003106_hash resize_async_buffer 4 64031 _003106_hash &_002119_hash ++_003107_hash rtllib_auth_challenge 3 12493 _003107_hash NULL ++_003108_hash tomoyo_write_log2 2 11732 _003108_hash NULL ++_003109_hash allocate_probes 1 40204 _003109_hash NULL ++_003110_hash alloc_ftrace_hash 1 57431 _003110_hash &_002532_hash ++_003111_hash __alloc_preds 2 9492 _003111_hash NULL ++_003112_hash __alloc_pred_stack 2 26687 _003112_hash NULL ++_003113_hash alloc_sched_domains 1 47756 _003113_hash NULL ++_003114_hash alloc_trace_probe 6 38720 _003114_hash NULL ++_003115_hash alloc_trace_uprobe 3 13870 _003115_hash NULL ++_003116_hash arcfb_write 3 8702 _003116_hash NULL ++_003117_hash ath6kl_sdio_alloc_prep_scat_req 2 51986 _003117_hash NULL ++_003118_hash ath6kl_usb_post_recv_transfers 2 32892 _003118_hash NULL ++_003119_hash ath6kl_usb_submit_ctrl_in 6 32880 _003119_hash &_000778_hash ++_003120_hash ath6kl_usb_submit_ctrl_out 6 9978 _003120_hash NULL ++_003121_hash auok190xfb_write 3 37001 _003121_hash NULL ++_003122_hash beacon_interval_write 3 17952 _003122_hash NULL ++_003123_hash blk_dropped_read 3 4168 _003123_hash NULL ++_003124_hash blk_msg_write 3 13655 _003124_hash NULL ++_003125_hash brcmf_usbdev_qinit 2 19090 _003125_hash &_001533_hash ++_003126_hash brcmf_usb_dl_cmd 4 53130 _003126_hash NULL ++_003127_hash broadsheetfb_write 3 39976 _003127_hash NULL ++_003128_hash broadsheet_spiflash_rewrite_sector 2 54864 _003128_hash NULL ++_003129_hash cyttsp_probe 4 1940 _003129_hash NULL ++_003130_hash da9052_group_write 3 4534 _003130_hash NULL ++_003131_hash dccpprobe_read 3 52549 _003131_hash NULL ++_003132_hash drm_property_create_bitmask 5 30195 _003132_hash NULL ++_003133_hash dtim_interval_write 3 30489 _003133_hash NULL ++_003134_hash dynamic_ps_timeout_write 3 37713 _003134_hash NULL ++_003135_hash event_enable_read 3 7074 _003135_hash NULL ++_003136_hash event_enable_write 3 45238 _003136_hash NULL ++_003137_hash event_filter_read 3 23494 _003137_hash NULL ++_003138_hash event_filter_write 3 56609 _003138_hash NULL ++_003139_hash event_id_read 3 64288 _003139_hash &_001240_hash ++_003140_hash f_audio_buffer_alloc 1 41110 _003140_hash NULL ++_003141_hash fb_sys_read 3 13778 _003141_hash NULL ++_003142_hash fb_sys_write 3 33130 _003142_hash NULL ++_003143_hash forced_ps_write 3 37209 _003143_hash NULL ++_003144_hash __fprog_create 2 41263 _003144_hash NULL ++_003145_hash fq_codel_zalloc 1 15378 _003145_hash NULL ++_003146_hash ftrace_pid_write 3 39710 _003146_hash NULL ++_003147_hash ftrace_profile_read 3 21327 _003147_hash NULL ++_003148_hash ftrace_profile_write 3 53327 _003148_hash NULL ++_003149_hash ftrace_write 3 29551 _003149_hash NULL ++_003150_hash gdm_wimax_netif_rx 3 43423 _003150_hash &_001619_hash ++_003151_hash gpio_power_write 3 1991 _003151_hash NULL ++_003152_hash hecubafb_write 3 26942 _003152_hash NULL ++_003153_hash hsc_msg_alloc 1 60990 _003153_hash NULL ++_003154_hash hsc_write 3 55875 _003154_hash NULL ++_003155_hash hsi_alloc_controller 1 41802 _003155_hash NULL ++_003156_hash hsi_register_board_info 2 13820 _003156_hash NULL ++_003157_hash i915_ring_stop_read 3 42549 _003157_hash NULL ++_003158_hash i915_ring_stop_write 3 59010 _003158_hash NULL ++_003159_hash ieee802154_alloc_device 1 13767 _003159_hash NULL ++_003160_hash intel_sdvo_write_cmd 4 54377 _003160_hash &_000815_hash ++_003161_hash ivtvfb_write 3 40023 _003161_hash NULL ++_003162_hash metronomefb_write 3 8823 _003162_hash NULL ++_003163_hash mwifiex_usb_submit_rx_urb 2 54558 _003163_hash NULL ++_003164_hash nfc_hci_hcp_message_tx 6 14534 _003164_hash NULL ++_003165_hash nfc_hci_set_param 5 40697 _003165_hash NULL ++_003166_hash nfc_shdlc_alloc_skb 2 12741 _003166_hash NULL ++_003167_hash odev_update 2 50169 _003167_hash NULL ++_003168_hash oz_add_farewell 5 20652 _003168_hash NULL ++_003169_hash oz_cdev_read 3 20659 _003169_hash NULL ++_003170_hash oz_cdev_write 3 33852 _003170_hash NULL ++_003171_hash oz_ep_alloc 2 5587 _003171_hash NULL ++_003172_hash oz_events_read 3 47535 _003172_hash NULL ++_003173_hash pmcraid_copy_sglist 3 38431 _003173_hash NULL ++_003174_hash prctl_set_mm 3 64538 _003174_hash NULL ++_003175_hash ptp_filter_init 2 36780 _003175_hash NULL ++_003176_hash rb_simple_read 3 45972 _003176_hash NULL ++_003177_hash rb_simple_write 3 20890 _003177_hash NULL ++_003178_hash read_file_dfs 3 43145 _003178_hash NULL ++_003179_hash rx_streaming_always_write 3 32357 _003179_hash NULL ++_003180_hash rx_streaming_interval_write 3 50120 _003180_hash NULL ++_003181_hash shmem_pread_fast 3 34147 _003181_hash NULL ++_003182_hash shmem_pread_slow 3 3198 _003182_hash NULL ++_003183_hash shmem_pwrite_fast 3 46842 _003183_hash NULL ++_003184_hash shmem_pwrite_slow 3 31741 _003184_hash NULL ++_003185_hash show_header 3 4722 _003185_hash &_000736_hash ++_003186_hash split_scan_timeout_write 3 52128 _003186_hash NULL ++_003187_hash stack_max_size_read 3 1445 _003187_hash NULL ++_003188_hash stack_max_size_write 3 36068 _003188_hash NULL ++_003189_hash subsystem_filter_read 3 62310 _003189_hash NULL ++_003190_hash subsystem_filter_write 3 13022 _003190_hash NULL ++_003191_hash suspend_dtim_interval_write 3 48854 _003191_hash NULL ++_003192_hash system_enable_read 3 25815 _003192_hash NULL ++_003193_hash system_enable_write 3 61396 _003193_hash NULL ++_003194_hash trace_options_core_read 3 47390 _003194_hash NULL ++_003195_hash trace_options_core_write 3 61551 _003195_hash NULL ++_003196_hash trace_options_read 3 11419 _003196_hash NULL ++_003197_hash trace_options_write 3 48275 _003197_hash NULL ++_003198_hash trace_parser_get_init 2 31379 _003198_hash NULL ++_003199_hash traceprobe_probes_write 3 64969 _003199_hash NULL ++_003200_hash trace_seq_to_user 3 65398 _003200_hash NULL ++_003201_hash tracing_buffers_read 3 11124 _003201_hash NULL ++_003202_hash tracing_clock_write 3 27961 _003202_hash NULL ++_003203_hash tracing_cpumask_read 3 7010 _003203_hash NULL ++_003204_hash tracing_ctrl_read 3 46922 _003204_hash NULL ++_003205_hash tracing_ctrl_write 3 42324 _003205_hash &_001726_hash ++_003206_hash tracing_entries_read 3 8345 _003206_hash NULL ++_003207_hash tracing_entries_write 3 60563 _003207_hash NULL ++_003208_hash tracing_max_lat_read 3 8890 _003208_hash NULL ++_003209_hash tracing_max_lat_write 3 8728 _003209_hash NULL ++_003210_hash tracing_read_dyn_info 3 45468 _003210_hash NULL ++_003211_hash tracing_readme_read 3 16493 _003211_hash NULL ++_003212_hash tracing_saved_cmdlines_read 3 21434 _003212_hash NULL ++_003213_hash tracing_set_trace_read 3 44122 _003213_hash NULL ++_003214_hash tracing_set_trace_write 3 57096 _003214_hash NULL ++_003215_hash tracing_stats_read 3 34537 _003215_hash NULL ++_003216_hash tracing_total_entries_read 3 62817 _003216_hash NULL ++_003217_hash tracing_trace_options_write 3 153 _003217_hash NULL ++_003218_hash ttm_put_pages 2 9179 _003218_hash NULL ++_003219_hash udl_prime_create 2 57159 _003219_hash NULL ++_003220_hash ufx_alloc_urb_list 3 10349 _003220_hash NULL ++_003221_hash u_memcpya 2-3 30139 _003221_hash NULL ++_003223_hash viafb_dfph_proc_write 3 49288 _003223_hash NULL ++_003224_hash viafb_dfpl_proc_write 3 627 _003224_hash NULL ++_003225_hash viafb_dvp0_proc_write 3 23023 _003225_hash NULL ++_003226_hash viafb_dvp1_proc_write 3 48864 _003226_hash NULL ++_003227_hash viafb_vt1636_proc_write 3 16018 _003227_hash NULL ++_003228_hash vivi_read 3 23073 _003228_hash NULL ++_003229_hash wl1271_rx_filter_alloc_field 5 46721 _003229_hash NULL ++_003230_hash wl12xx_cmd_build_probe_req 6-8 3098 _003230_hash NULL ++_003232_hash wlcore_alloc_hw 1 7785 _003232_hash NULL ++_003233_hash alloc_and_copy_ftrace_hash 1 29368 _003233_hash NULL ++_003234_hash create_trace_probe 1 20175 _003234_hash NULL ++_003235_hash create_trace_uprobe 1 13184 _003235_hash NULL ++_003236_hash intel_sdvo_set_value 4 2311 _003236_hash NULL ++_003237_hash mmio_read 4 40348 _003237_hash NULL ++_003238_hash nfc_hci_execute_cmd 5 43882 _003238_hash NULL ++_003239_hash nfc_hci_send_event 5 21452 _003239_hash NULL ++_003240_hash nfc_hci_send_response 5 56462 _003240_hash NULL ++_003241_hash picolcd_fb_write 3 2318 _003241_hash NULL ++_003242_hash probes_write 3 29711 _003242_hash NULL ++_003243_hash sys_prctl 4 8766 _003243_hash NULL ++_003244_hash tracing_read_pipe 3 35312 _003244_hash NULL ++_003245_hash brcmf_usb_attach 1-2 44656 _003245_hash NULL ++_003247_hash dlfb_ops_write 3 64150 _003247_hash NULL ++_003248_hash nfc_hci_send_cmd 5 55714 _003248_hash NULL ++_003249_hash ufx_ops_write 3 54848 _003249_hash NULL ++_003250_hash viafb_iga1_odev_proc_write 3 36241 _003250_hash NULL ++_003251_hash viafb_iga2_odev_proc_write 3 2363 _003251_hash NULL ++_003252_hash xenfb_write 3 43412 _003252_hash NULL ++_003253_hash acl_alloc 1 35979 _003253_hash NULL ++_003254_hash acl_alloc_stack_init 1 60630 _003254_hash NULL ++_003255_hash acl_alloc_num 1-2 60778 _003255_hash NULL diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c new file mode 100644 -index 0000000..cc96254 +index 0000000..5af42b5 --- /dev/null +++ b/tools/gcc/size_overflow_plugin.c -@@ -0,0 +1,1204 @@ +@@ -0,0 +1,1558 @@ +/* + * Copyright 2011, 2012 by Emese Revfy + * Licensed under the GPL v2, or (at your option) v3 @@ -84707,6 +85686,8 @@ index 0000000..cc96254 +#define CREATE_NEW_VAR NULL_TREE +#define CODES_LIMIT 32 +#define MAX_PARAM 10 ++#define MY_STMT GF_PLF_1 ++#define NO_CAST_CHECK GF_PLF_2 + +#if BUILDING_GCC_VERSION == 4005 +#define DECL_CHAIN(NODE) (TREE_CHAIN(DECL_MINIMAL_CHECK(NODE))) @@ -84716,20 +85697,30 @@ index 0000000..cc96254 +void debug_gimple_stmt(gimple gs); + +static tree expand(struct pointer_set_t *visited, bool *potentionally_overflowed, tree var); -+static tree signed_size_overflow_type; -+static tree unsigned_size_overflow_type; +static tree report_size_overflow_decl; +static tree const_char_ptr_type_node; +static unsigned int handle_function(void); ++static void check_size_overflow(gimple stmt, tree size_overflow_type, tree cast_rhs, tree rhs, bool *potentionally_overflowed, bool before); ++static tree get_size_overflow_type(gimple stmt, tree node); + +static struct plugin_info size_overflow_plugin_info = { -+ .version = "20120618beta", ++ .version = "20120811beta", + .help = "no-size-overflow\tturn off size overflow checking\n", +}; + +static tree handle_size_overflow_attribute(tree *node, tree __unused name, tree args, int __unused flags, bool *no_add_attrs) +{ -+ unsigned int arg_count = type_num_arguments(*node); ++ unsigned int arg_count; ++ ++ if (TREE_CODE(*node) == FUNCTION_DECL) ++ arg_count = type_num_arguments(TREE_TYPE(*node)); ++ else if (TREE_CODE(*node) == FUNCTION_TYPE || TREE_CODE(*node) == METHOD_TYPE) ++ arg_count = type_num_arguments(*node); ++ else { ++ *no_add_attrs = true; ++ error("%qE attribute only applies to functions", name); ++ return NULL_TREE; ++ } + + for (; args; args = TREE_CHAIN(args)) { + tree position = TREE_VALUE(args); @@ -84741,13 +85732,13 @@ index 0000000..cc96254 + return NULL_TREE; +} + -+static struct attribute_spec no_size_overflow_attr = { ++static struct attribute_spec size_overflow_attr = { + .name = "size_overflow", + .min_length = 1, + .max_length = -1, -+ .decl_required = false, -+ .type_required = true, -+ .function_type_required = true, ++ .decl_required = true, ++ .type_required = false, ++ .function_type_required = false, + .handler = handle_size_overflow_attribute, +#if BUILDING_GCC_VERSION >= 4007 + .affects_type_identity = false @@ -84756,7 +85747,7 @@ index 0000000..cc96254 + +static void register_attributes(void __unused *event_data, void __unused *data) +{ -+ register_attribute(&no_size_overflow_attr); ++ register_attribute(&size_overflow_attr); +} + +// http://www.team5150.com/~andrew/noncryptohashzoo2~/CrapWow.html @@ -84807,6 +85798,7 @@ index 0000000..cc96254 + +static inline gimple get_def_stmt(tree node) +{ ++ gcc_assert(node != NULL_TREE); + gcc_assert(TREE_CODE(node) == SSA_NAME); + return SSA_NAME_DEF_STMT(node); +} @@ -84969,11 +85961,11 @@ index 0000000..cc96254 + gcc_assert(TREE_CODE(arg) != COMPONENT_REF); + + type = TREE_TYPE(arg); -+ // skip function pointers -+ if (TREE_CODE(type) == POINTER_TYPE && TREE_CODE(TREE_TYPE(type)) == FUNCTION_TYPE) ++ ++ if (TREE_CODE(type) == POINTER_TYPE) + return; + -+ if (lookup_attribute("size_overflow", TYPE_ATTRIBUTES(TREE_TYPE(func)))) ++ if (lookup_attribute("size_overflow", DECL_ATTRIBUTES(func))) + return; + + argnum = find_arg_number(arg, func); @@ -84994,6 +85986,22 @@ index 0000000..cc96254 + return new_var; +} + ++static gimple create_binary_assign(enum tree_code code, gimple stmt, tree rhs1, tree rhs2) ++{ ++ gimple assign; ++ gimple_stmt_iterator gsi = gsi_for_stmt(stmt); ++ tree type = TREE_TYPE(rhs1); ++ tree lhs = create_new_var(type); ++ ++ assign = gimple_build_assign_with_ops(code, lhs, rhs1, rhs2); ++ gimple_set_lhs(assign, make_ssa_name(lhs, assign)); ++ ++ gsi_insert_before(&gsi, assign, GSI_NEW_STMT); ++ update_stmt(assign); ++ gimple_set_plf(assign, MY_STMT, true); ++ return assign; ++} ++ +static bool is_bool(tree node) +{ + tree type; @@ -85013,34 +86021,63 @@ index 0000000..cc96254 + +static tree cast_a_tree(tree type, tree var) +{ -+ gcc_assert(type != NULL_TREE && var != NULL_TREE); ++ gcc_assert(type != NULL_TREE); ++ gcc_assert(var != NULL_TREE); + gcc_assert(fold_convertible_p(type, var)); + + return fold_convert(type, var); +} + -+static tree signed_cast(tree var) -+{ -+ return cast_a_tree(signed_size_overflow_type, var); -+} -+ -+static gimple build_cast_stmt(tree type, tree var, tree new_var, location_t loc) ++static gimple build_cast_stmt(tree type, tree var, tree new_var, gimple_stmt_iterator *gsi, bool before) +{ + gimple assign; ++ location_t loc; ++ ++ gcc_assert(type != NULL_TREE && var != NULL_TREE); ++ if (gsi_end_p(*gsi) && before == BEFORE_STMT) ++ gcc_unreachable(); + + if (new_var == CREATE_NEW_VAR) + new_var = create_new_var(type); + + assign = gimple_build_assign(new_var, cast_a_tree(type, var)); -+ gimple_set_location(assign, loc); ++ ++ if (!gsi_end_p(*gsi)) { ++ loc = gimple_location(gsi_stmt(*gsi)); ++ gimple_set_location(assign, loc); ++ } ++ + gimple_set_lhs(assign, make_ssa_name(new_var, assign)); + ++ if (before) ++ gsi_insert_before(gsi, assign, GSI_NEW_STMT); ++ else ++ gsi_insert_after(gsi, assign, GSI_NEW_STMT); ++ update_stmt(assign); ++ gimple_set_plf(assign, MY_STMT, true); ++ + return assign; +} + ++static tree cast_to_new_size_overflow_type(gimple stmt, tree new_rhs1, tree size_overflow_type, bool before) ++{ ++ gimple assign; ++ gimple_stmt_iterator gsi; ++ ++ if (new_rhs1 == NULL_TREE) ++ return NULL_TREE; ++ ++ if (!useless_type_conversion_p(TREE_TYPE(new_rhs1), size_overflow_type)) { ++ gsi = gsi_for_stmt(stmt); ++ assign = build_cast_stmt(size_overflow_type, new_rhs1, CREATE_NEW_VAR, &gsi, before); ++ return gimple_get_lhs(assign); ++ } ++ return new_rhs1; ++} ++ +static tree create_assign(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple oldstmt, tree rhs1, bool before) +{ -+ tree oldstmt_rhs1; ++ tree oldstmt_rhs1, size_overflow_type, lhs; + enum tree_code code; + gimple stmt; + gimple_stmt_iterator gsi; @@ -85054,13 +86091,18 @@ index 0000000..cc96254 + gcc_unreachable(); + } + ++ if (gimple_code(oldstmt) == GIMPLE_ASM) ++ lhs = rhs1; ++ else ++ lhs = gimple_get_lhs(oldstmt); ++ + oldstmt_rhs1 = gimple_assign_rhs1(oldstmt); + code = TREE_CODE(oldstmt_rhs1); + if (code == PARM_DECL || (code == SSA_NAME && gimple_code(get_def_stmt(oldstmt_rhs1)) == GIMPLE_NOP)) + check_missing_attribute(oldstmt_rhs1); + -+ stmt = build_cast_stmt(signed_size_overflow_type, rhs1, CREATE_NEW_VAR, gimple_location(oldstmt)); + gsi = gsi_for_stmt(oldstmt); ++ pointer_set_insert(visited, oldstmt); + if (lookup_stmt_eh_lp(oldstmt) != 0) { + basic_block next_bb, cur_bb; + edge e; @@ -85078,18 +86120,20 @@ index 0000000..cc96254 + + gsi = gsi_after_labels(next_bb); + gcc_assert(!gsi_end_p(gsi)); ++ + before = true; ++ oldstmt = gsi_stmt(gsi); ++ pointer_set_insert(visited, oldstmt); + } -+ if (before) -+ gsi_insert_before(&gsi, stmt, GSI_NEW_STMT); -+ else -+ gsi_insert_after(&gsi, stmt, GSI_NEW_STMT); -+ update_stmt(stmt); -+ pointer_set_insert(visited, oldstmt); ++ ++ size_overflow_type = get_size_overflow_type(oldstmt, lhs); ++ ++ stmt = build_cast_stmt(size_overflow_type, rhs1, CREATE_NEW_VAR, &gsi, before); ++ gimple_set_plf(stmt, MY_STMT, true); + return gimple_get_lhs(stmt); +} + -+static tree dup_assign(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple oldstmt, tree rhs1, tree rhs2, tree __unused rhs3) ++static tree dup_assign(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple oldstmt, tree size_overflow_type, tree rhs1, tree rhs2, tree __unused rhs3) +{ + tree new_var, lhs = gimple_get_lhs(oldstmt); + gimple stmt; @@ -85098,6 +86142,9 @@ index 0000000..cc96254 + if (!*potentionally_overflowed) + return NULL_TREE; + ++ if (gimple_plf(oldstmt, MY_STMT)) ++ return lhs; ++ + if (gimple_num_ops(oldstmt) != 4 && rhs1 == NULL_TREE) { + rhs1 = gimple_assign_rhs1(oldstmt); + rhs1 = create_assign(visited, potentionally_overflowed, oldstmt, rhs1, BEFORE_STMT); @@ -85109,6 +86156,7 @@ index 0000000..cc96254 + + stmt = gimple_copy(oldstmt); + gimple_set_location(stmt, gimple_location(oldstmt)); ++ gimple_set_plf(stmt, MY_STMT, true); + + if (gimple_assign_rhs_code(oldstmt) == WIDEN_MULT_EXPR) + gimple_assign_set_rhs_code(stmt, MULT_EXPR); @@ -85116,13 +86164,13 @@ index 0000000..cc96254 + if (is_bool(lhs)) + new_var = SSA_NAME_VAR(lhs); + else -+ new_var = create_new_var(signed_size_overflow_type); ++ new_var = create_new_var(size_overflow_type); + new_var = make_ssa_name(new_var, stmt); + gimple_set_lhs(stmt, new_var); + + if (rhs1 != NULL_TREE) { + if (!gimple_assign_cast_p(oldstmt)) -+ rhs1 = signed_cast(rhs1); ++ rhs1 = cast_a_tree(size_overflow_type, rhs1); + gimple_assign_set_rhs1(stmt, rhs1); + } + @@ -85157,6 +86205,7 @@ index 0000000..cc96254 + gsi = gsi_for_stmt(oldstmt); + gsi_insert_after(&gsi, phi, GSI_NEW_STMT); + gimple_set_bb(phi, bb); ++ gimple_set_plf(phi, MY_STMT, true); + return phi; +} + @@ -85170,28 +86219,29 @@ index 0000000..cc96254 + return first_bb; +} + -+static gimple cast_old_phi_arg(gimple oldstmt, tree arg, tree new_var, unsigned int i) ++static tree cast_old_phi_arg(gimple oldstmt, tree size_overflow_type, tree arg, tree new_var, unsigned int i) +{ + basic_block bb; -+ gimple newstmt, def_stmt; ++ gimple newstmt; + gimple_stmt_iterator gsi; ++ bool before = BEFORE_STMT; + -+ newstmt = build_cast_stmt(signed_size_overflow_type, arg, new_var, gimple_location(oldstmt)); -+ if (TREE_CODE(arg) == SSA_NAME) { -+ def_stmt = get_def_stmt(arg); -+ if (gimple_code(def_stmt) != GIMPLE_NOP) { -+ gsi = gsi_for_stmt(def_stmt); -+ gsi_insert_after(&gsi, newstmt, GSI_NEW_STMT); -+ return newstmt; -+ } ++ if (TREE_CODE(arg) == SSA_NAME && gimple_code(get_def_stmt(arg)) != GIMPLE_NOP) { ++ gsi = gsi_for_stmt(get_def_stmt(arg)); ++ newstmt = build_cast_stmt(size_overflow_type, arg, new_var, &gsi, AFTER_STMT); ++ return gimple_get_lhs(newstmt); + } + + bb = gimple_phi_arg_edge(oldstmt, i)->src; -+ if (bb->index == 0) -+ bb = create_a_first_bb(); + gsi = gsi_after_labels(bb); -+ gsi_insert_before(&gsi, newstmt, GSI_NEW_STMT); -+ return newstmt; ++ if (bb->index == 0) { ++ bb = create_a_first_bb(); ++ gsi = gsi_start_bb(bb); ++ } ++ if (gsi_end_p(gsi)) ++ before = AFTER_STMT; ++ newstmt = build_cast_stmt(size_overflow_type, arg, new_var, &gsi, before); ++ return gimple_get_lhs(newstmt); +} + +static gimple handle_new_phi_arg(tree arg, tree new_var, tree new_rhs) @@ -85224,30 +86274,36 @@ index 0000000..cc96254 + + gimple_set_lhs(newstmt, make_ssa_name(new_var, newstmt)); + gsi_insert(&gsi, newstmt, GSI_NEW_STMT); ++ gimple_set_plf(newstmt, MY_STMT, true); + update_stmt(newstmt); + return newstmt; +} + -+static tree build_new_phi_arg(struct pointer_set_t *visited, bool *potentionally_overflowed, tree arg, tree new_var) ++static tree build_new_phi_arg(struct pointer_set_t *visited, bool *potentionally_overflowed, tree size_overflow_type, tree arg, tree new_var) +{ + gimple newstmt; + tree new_rhs; + + new_rhs = expand(visited, potentionally_overflowed, arg); -+ + if (new_rhs == NULL_TREE) + return NULL_TREE; + ++ new_rhs = cast_to_new_size_overflow_type(get_def_stmt(new_rhs), new_rhs, size_overflow_type, AFTER_STMT); ++ + newstmt = handle_new_phi_arg(arg, new_var, new_rhs); + return gimple_get_lhs(newstmt); +} + -+static tree build_new_phi(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple oldstmt) ++static tree build_new_phi(struct pointer_set_t *visited, bool *potentionally_overflowed, tree var) +{ -+ gimple phi; -+ tree new_var = create_new_var(signed_size_overflow_type); ++ gimple phi, oldstmt = get_def_stmt(var); ++ tree new_var, size_overflow_type; + unsigned int i, n = gimple_phi_num_args(oldstmt); + ++ size_overflow_type = get_size_overflow_type(oldstmt, var); ++ ++ new_var = create_new_var(size_overflow_type); ++ + pointer_set_insert(visited, oldstmt); + phi = overflow_create_phi_node(oldstmt, new_var); + for (i = 0; i < n; i++) { @@ -85255,10 +86311,10 @@ index 0000000..cc96254 + + arg = gimple_phi_arg_def(oldstmt, i); + if (is_gimple_constant(arg)) -+ arg = signed_cast(arg); -+ lhs = build_new_phi_arg(visited, potentionally_overflowed, arg, new_var); ++ arg = cast_a_tree(size_overflow_type, arg); ++ lhs = build_new_phi_arg(visited, potentionally_overflowed, size_overflow_type, arg, new_var); + if (lhs == NULL_TREE) -+ lhs = gimple_get_lhs(cast_old_phi_arg(oldstmt, arg, new_var, i)); ++ lhs = cast_old_phi_arg(oldstmt, size_overflow_type, arg, new_var, i); + add_phi_arg(phi, lhs, gimple_phi_arg_edge(oldstmt, i), gimple_location(oldstmt)); + } + @@ -85266,35 +86322,132 @@ index 0000000..cc96254 + return gimple_phi_result(phi); +} + -+static tree handle_unary_rhs(struct pointer_set_t *visited, bool *potentionally_overflowed, tree var) ++static tree change_assign_rhs(gimple stmt, tree orig_rhs, tree new_rhs) +{ -+ gimple def_stmt = get_def_stmt(var); -+ tree new_rhs1, rhs1 = gimple_assign_rhs1(def_stmt); ++ gimple assign; ++ gimple_stmt_iterator gsi = gsi_for_stmt(stmt); ++ tree origtype = TREE_TYPE(orig_rhs); ++ ++ gcc_assert(gimple_code(stmt) == GIMPLE_ASSIGN); ++ ++ assign = build_cast_stmt(origtype, new_rhs, CREATE_NEW_VAR, &gsi, BEFORE_STMT); ++ return gimple_get_lhs(assign); ++} ++ ++static void change_rhs1(gimple stmt, tree new_rhs1) ++{ ++ tree assign_rhs; ++ tree rhs = gimple_assign_rhs1(stmt); ++ ++ assign_rhs = change_assign_rhs(stmt, rhs, new_rhs1); ++ gimple_assign_set_rhs1(stmt, assign_rhs); ++ update_stmt(stmt); ++} ++ ++static bool check_mode_type(gimple stmt) ++{ ++ tree lhs = gimple_get_lhs(stmt); ++ tree lhs_type = TREE_TYPE(lhs); ++ tree rhs_type = TREE_TYPE(gimple_assign_rhs1(stmt)); ++ enum machine_mode lhs_mode = TYPE_MODE(lhs_type); ++ enum machine_mode rhs_mode = TYPE_MODE(rhs_type); ++ ++ if (rhs_mode == lhs_mode && TYPE_UNSIGNED(rhs_type) == TYPE_UNSIGNED(lhs_type)) ++ return false; ++ ++ if (rhs_mode == SImode && lhs_mode == DImode && (TYPE_UNSIGNED(rhs_type) || !TYPE_UNSIGNED(lhs_type))) ++ return false; ++ ++ return true; ++} ++ ++static bool check_undefined_integer_operation(gimple stmt) ++{ ++ gimple def_stmt; ++ tree lhs = gimple_get_lhs(stmt); ++ tree rhs1 = gimple_assign_rhs1(stmt); ++ tree rhs1_type = TREE_TYPE(rhs1); ++ tree lhs_type = TREE_TYPE(lhs); ++ ++ if (TYPE_MODE(rhs1_type) != TYPE_MODE(lhs_type) || TYPE_UNSIGNED(rhs1_type) == TYPE_UNSIGNED(lhs_type)) ++ return false; ++ ++ def_stmt = get_def_stmt(rhs1); ++ if (gimple_code(def_stmt) != GIMPLE_ASSIGN) ++ return false; ++ ++ if (gimple_assign_rhs_code(def_stmt) != MINUS_EXPR) ++ return false; ++ return true; ++} ++ ++static tree handle_unary_rhs(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple stmt) ++{ ++ tree size_overflow_type, lhs = gimple_get_lhs(stmt); ++ tree new_rhs1, rhs1 = gimple_assign_rhs1(stmt); ++ tree rhs1_type = TREE_TYPE(rhs1); ++ tree lhs_type = TREE_TYPE(lhs); + + *potentionally_overflowed = true; ++ + new_rhs1 = expand(visited, potentionally_overflowed, rhs1); -+ if (new_rhs1 == NULL_TREE) { -+ if (TREE_CODE(TREE_TYPE(rhs1)) == POINTER_TYPE) -+ return create_assign(visited, potentionally_overflowed, def_stmt, var, AFTER_STMT); -+ else -+ return create_assign(visited, potentionally_overflowed, def_stmt, rhs1, AFTER_STMT); ++ ++ if (new_rhs1 == NULL_TREE || TREE_CODE(rhs1_type) == POINTER_TYPE) ++ return create_assign(visited, potentionally_overflowed, stmt, lhs, AFTER_STMT); ++ ++ if (gimple_plf(stmt, MY_STMT)) ++ return lhs; ++ ++ if (gimple_plf(stmt, NO_CAST_CHECK)) { ++ size_overflow_type = get_size_overflow_type(stmt, rhs1); ++ new_rhs1 = cast_to_new_size_overflow_type(stmt, new_rhs1, size_overflow_type, BEFORE_STMT); ++ return dup_assign(visited, potentionally_overflowed, stmt, size_overflow_type, new_rhs1, NULL_TREE, NULL_TREE); ++ } ++ ++ if (!gimple_assign_cast_p(stmt)) { ++ size_overflow_type = get_size_overflow_type(stmt, lhs); ++ new_rhs1 = cast_to_new_size_overflow_type(stmt, new_rhs1, size_overflow_type, BEFORE_STMT); ++ return dup_assign(visited, potentionally_overflowed, stmt, size_overflow_type, new_rhs1, NULL_TREE, NULL_TREE); ++ } ++ ++ if (check_undefined_integer_operation(stmt)) { ++ size_overflow_type = get_size_overflow_type(stmt, lhs); ++ new_rhs1 = cast_to_new_size_overflow_type(stmt, new_rhs1, size_overflow_type, BEFORE_STMT); ++ return dup_assign(visited, potentionally_overflowed, stmt, size_overflow_type, new_rhs1, NULL_TREE, NULL_TREE); + } -+ return dup_assign(visited, potentionally_overflowed, def_stmt, new_rhs1, NULL_TREE, NULL_TREE); ++ ++ size_overflow_type = get_size_overflow_type(stmt, rhs1); ++ new_rhs1 = cast_to_new_size_overflow_type(stmt, new_rhs1, size_overflow_type, BEFORE_STMT); ++ ++ change_rhs1(stmt, new_rhs1); ++ check_size_overflow(stmt, size_overflow_type, new_rhs1, rhs1, potentionally_overflowed, BEFORE_STMT); ++ ++ if (TYPE_UNSIGNED(rhs1_type) != TYPE_UNSIGNED(lhs_type)) ++ return create_assign(visited, potentionally_overflowed, stmt, lhs, AFTER_STMT); ++ ++ if (!check_mode_type(stmt)) ++ return create_assign(visited, potentionally_overflowed, stmt, lhs, AFTER_STMT); ++ ++ size_overflow_type = get_size_overflow_type(stmt, lhs); ++ new_rhs1 = cast_to_new_size_overflow_type(stmt, new_rhs1, size_overflow_type, BEFORE_STMT); ++ ++ check_size_overflow(stmt, size_overflow_type, new_rhs1, lhs, potentionally_overflowed, BEFORE_STMT); ++ ++ return create_assign(visited, potentionally_overflowed, stmt, lhs, AFTER_STMT); +} + -+static tree handle_unary_ops(struct pointer_set_t *visited, bool *potentionally_overflowed, tree var) ++static tree handle_unary_ops(struct pointer_set_t *visited, bool *potentionally_overflowed, tree lhs) +{ -+ gimple def_stmt = get_def_stmt(var); ++ gimple def_stmt = get_def_stmt(lhs); + tree rhs1 = gimple_assign_rhs1(def_stmt); + + if (is_gimple_constant(rhs1)) -+ return dup_assign(visited, potentionally_overflowed, def_stmt, signed_cast(rhs1), NULL_TREE, NULL_TREE); ++ return create_assign(visited, potentionally_overflowed, def_stmt, lhs, AFTER_STMT); + + gcc_assert(TREE_CODE(rhs1) != COND_EXPR); + switch (TREE_CODE(rhs1)) { + case SSA_NAME: -+ return handle_unary_rhs(visited, potentionally_overflowed, var); -+ ++ return handle_unary_rhs(visited, potentionally_overflowed, def_stmt); + case ARRAY_REF: + case BIT_FIELD_REF: + case ADDR_EXPR: @@ -85306,7 +86459,7 @@ index 0000000..cc96254 + case PARM_DECL: + case TARGET_MEM_REF: + case VAR_DECL: -+ return create_assign(visited, potentionally_overflowed, def_stmt, var, AFTER_STMT); ++ return create_assign(visited, potentionally_overflowed, def_stmt, lhs, AFTER_STMT); + + default: + debug_gimple_stmt(def_stmt); @@ -85342,11 +86495,12 @@ index 0000000..cc96254 + return build1(ADDR_EXPR, ptr_type_node, string); +} + -+static void insert_cond_result(basic_block bb_true, gimple stmt, tree arg) ++static void insert_cond_result(basic_block bb_true, gimple stmt, tree arg, bool min) +{ + gimple func_stmt, def_stmt; -+ tree current_func, loc_file, loc_line; ++ tree current_func, loc_file, loc_line, ssa_name; + expanded_location xloc; ++ char ssa_name_buf[100]; + gimple_stmt_iterator gsi = gsi_start_bb(bb_true); + + def_stmt = get_def_stmt(arg); @@ -85366,8 +86520,15 @@ index 0000000..cc96254 + current_func = build_string(NAME_LEN(current_function_decl) + 1, NAME(current_function_decl)); + current_func = create_string_param(current_func); + -+ // void report_size_overflow(const char *file, unsigned int line, const char *func) -+ func_stmt = gimple_build_call(report_size_overflow_decl, 3, loc_file, loc_line, current_func); ++ if (min) ++ snprintf(ssa_name_buf, 100, "%s_%u (min)\n", NAME(SSA_NAME_VAR(arg)), SSA_NAME_VERSION(arg)); ++ else ++ snprintf(ssa_name_buf, 100, "%s_%u (max)\n", NAME(SSA_NAME_VAR(arg)), SSA_NAME_VERSION(arg)); ++ ssa_name = build_string(100, ssa_name_buf); ++ ssa_name = create_string_param(ssa_name); ++ ++ // void report_size_overflow(const char *file, unsigned int line, const char *func, const char *ssa_name) ++ func_stmt = gimple_build_call(report_size_overflow_decl, 4, loc_file, loc_line, current_func, ssa_name); + + gsi_insert_after(&gsi, func_stmt, GSI_CONTINUE_LINKING); +} @@ -85379,14 +86540,15 @@ index 0000000..cc96254 + inform(loc, "Integer size_overflow check applied here."); +} + -+static void insert_check_size_overflow(gimple stmt, enum tree_code cond_code, tree arg, tree type_value) ++static void insert_check_size_overflow(gimple stmt, enum tree_code cond_code, tree arg, tree type_value, bool before, bool min) +{ + basic_block cond_bb, join_bb, bb_true; + edge e; + gimple_stmt_iterator gsi = gsi_for_stmt(stmt); + + cond_bb = gimple_bb(stmt); -+ gsi_prev(&gsi); ++ if (before) ++ gsi_prev(&gsi); + if (gsi_end_p(gsi)) + e = split_block_after_labels(cond_bb); + else @@ -85412,80 +86574,218 @@ index 0000000..cc96254 + } + + insert_cond(cond_bb, arg, cond_code, type_value); -+ insert_cond_result(bb_true, stmt, arg); ++ insert_cond_result(bb_true, stmt, arg, min); + +// print_the_code_insertions(stmt); +} + -+static gimple cast_to_unsigned_size_overflow_type(gimple stmt, tree cast_rhs) ++static void check_size_overflow(gimple stmt, tree size_overflow_type, tree cast_rhs, tree rhs, bool *potentionally_overflowed, bool before) +{ -+ gimple ucast_stmt; -+ gimple_stmt_iterator gsi; -+ location_t loc = gimple_location(stmt); ++ tree cast_rhs_type, type_max_type, type_min_type, type_max, type_min, rhs_type = TREE_TYPE(rhs); ++ gcc_assert(rhs_type != NULL_TREE); ++ gcc_assert(TREE_CODE(rhs_type) == INTEGER_TYPE || TREE_CODE(rhs_type) == BOOLEAN_TYPE || TREE_CODE(rhs_type) == ENUMERAL_TYPE); + -+ ucast_stmt = build_cast_stmt(unsigned_size_overflow_type, cast_rhs, CREATE_NEW_VAR, loc); -+ gsi = gsi_for_stmt(stmt); -+ gsi_insert_before(&gsi, ucast_stmt, GSI_SAME_STMT); -+ return ucast_stmt; ++ if (!*potentionally_overflowed) ++ return; ++ ++ type_max = cast_a_tree(size_overflow_type, TYPE_MAX_VALUE(rhs_type)); ++ type_min = cast_a_tree(size_overflow_type, TYPE_MIN_VALUE(rhs_type)); ++ ++ gcc_assert(!TREE_OVERFLOW(type_max)); ++ ++ cast_rhs_type = TREE_TYPE(cast_rhs); ++ type_max_type = TREE_TYPE(type_max); ++ type_min_type = TREE_TYPE(type_min); ++ gcc_assert(useless_type_conversion_p(cast_rhs_type, type_max_type)); ++ gcc_assert(useless_type_conversion_p(type_max_type, type_min_type)); ++ ++ insert_check_size_overflow(stmt, GT_EXPR, cast_rhs, type_max, before, false); ++ insert_check_size_overflow(stmt, LT_EXPR, cast_rhs, type_min, before, true); +} + -+static void check_size_overflow(gimple stmt, tree cast_rhs, tree rhs, bool *potentionally_overflowed) ++static tree get_handle_const_assign_size_overflow_type(gimple def_stmt, tree var_rhs) +{ -+ tree type_max, type_min, rhs_type = TREE_TYPE(rhs); -+ gimple ucast_stmt; ++ gimple var_rhs_def_stmt; ++ tree lhs = gimple_get_lhs(def_stmt); ++ tree lhs_type = TREE_TYPE(lhs); ++ tree rhs1_type = TREE_TYPE(gimple_assign_rhs1(def_stmt)); ++ tree rhs2_type = TREE_TYPE(gimple_assign_rhs2(def_stmt)); + -+ if (!*potentionally_overflowed) -+ return; ++ if (var_rhs == NULL_TREE) ++ return get_size_overflow_type(def_stmt, lhs); + -+ if (TYPE_UNSIGNED(rhs_type)) { -+ ucast_stmt = cast_to_unsigned_size_overflow_type(stmt, cast_rhs); -+ type_max = cast_a_tree(unsigned_size_overflow_type, TYPE_MAX_VALUE(rhs_type)); -+ insert_check_size_overflow(stmt, GT_EXPR, gimple_get_lhs(ucast_stmt), type_max); -+ } else { -+ type_max = signed_cast(TYPE_MAX_VALUE(rhs_type)); -+ insert_check_size_overflow(stmt, GT_EXPR, cast_rhs, type_max); ++ var_rhs_def_stmt = get_def_stmt(var_rhs); ++ ++ if (TREE_CODE_CLASS(gimple_assign_rhs_code(def_stmt)) == tcc_comparison) ++ return get_size_overflow_type(var_rhs_def_stmt, var_rhs); ++ ++ if (gimple_assign_rhs_code(def_stmt) == LSHIFT_EXPR) ++ return get_size_overflow_type(var_rhs_def_stmt, var_rhs); + -+ type_min = signed_cast(TYPE_MIN_VALUE(rhs_type)); -+ insert_check_size_overflow(stmt, LT_EXPR, cast_rhs, type_min); ++ if (gimple_assign_rhs_code(def_stmt) == RSHIFT_EXPR) ++ return get_size_overflow_type(var_rhs_def_stmt, var_rhs); ++ ++ if (!useless_type_conversion_p(lhs_type, rhs1_type) || !useless_type_conversion_p(rhs1_type, rhs2_type)) { ++ debug_gimple_stmt(def_stmt); ++ gcc_unreachable(); + } ++ ++ return get_size_overflow_type(def_stmt, lhs); +} + -+static tree change_assign_rhs(gimple stmt, tree orig_rhs, tree new_rhs) ++static tree handle_const_assign(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple def_stmt, tree var_rhs, tree new_rhs1, tree new_rhs2) +{ -+ gimple assign; -+ gimple_stmt_iterator gsi = gsi_for_stmt(stmt); -+ tree origtype = TREE_TYPE(orig_rhs); ++ tree new_rhs, size_overflow_type, orig_rhs; ++ void (*gimple_assign_set_rhs)(gimple, tree); ++ tree rhs1 = gimple_assign_rhs1(def_stmt); ++ tree rhs2 = gimple_assign_rhs2(def_stmt); ++ tree lhs = gimple_get_lhs(def_stmt); + -+ gcc_assert(gimple_code(stmt) == GIMPLE_ASSIGN); ++ if (var_rhs == NULL_TREE) ++ return create_assign(visited, potentionally_overflowed, def_stmt, lhs, AFTER_STMT); + -+ assign = build_cast_stmt(origtype, new_rhs, CREATE_NEW_VAR, gimple_location(stmt)); -+ gsi_insert_before(&gsi, assign, GSI_SAME_STMT); -+ update_stmt(assign); -+ return gimple_get_lhs(assign); -+} ++ if (new_rhs2 == NULL_TREE) { ++ size_overflow_type = get_handle_const_assign_size_overflow_type(def_stmt, new_rhs1); ++ new_rhs2 = cast_a_tree(size_overflow_type, rhs2); ++ orig_rhs = rhs1; ++ gimple_assign_set_rhs = &gimple_assign_set_rhs1; ++ } else { ++ size_overflow_type = get_handle_const_assign_size_overflow_type(def_stmt, new_rhs2); ++ new_rhs1 = cast_a_tree(size_overflow_type, rhs1); ++ orig_rhs = rhs2; ++ gimple_assign_set_rhs = &gimple_assign_set_rhs2; ++ } + -+static tree handle_const_assign(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple def_stmt, tree var, tree orig_rhs, tree var_rhs, tree new_rhs1, tree new_rhs2, void (*gimple_assign_set_rhs)(gimple, tree)) -+{ -+ tree new_rhs; ++ var_rhs = cast_to_new_size_overflow_type(def_stmt, var_rhs, size_overflow_type, BEFORE_STMT); + + if (gimple_assign_rhs_code(def_stmt) == MIN_EXPR) -+ return dup_assign(visited, potentionally_overflowed, def_stmt, new_rhs1, new_rhs2, NULL_TREE); ++ return dup_assign(visited, potentionally_overflowed, def_stmt, size_overflow_type, new_rhs1, new_rhs2, NULL_TREE); + -+ if (var_rhs == NULL_TREE) -+ return create_assign(visited, potentionally_overflowed, def_stmt, var, AFTER_STMT); ++ check_size_overflow(def_stmt, size_overflow_type, var_rhs, orig_rhs, potentionally_overflowed, BEFORE_STMT); + + new_rhs = change_assign_rhs(def_stmt, orig_rhs, var_rhs); + gimple_assign_set_rhs(def_stmt, new_rhs); + update_stmt(def_stmt); + -+ check_size_overflow(def_stmt, var_rhs, orig_rhs, potentionally_overflowed); -+ return create_assign(visited, potentionally_overflowed, def_stmt, var, AFTER_STMT); ++ return create_assign(visited, potentionally_overflowed, def_stmt, lhs, AFTER_STMT); +} + -+static tree handle_binary_ops(struct pointer_set_t *visited, bool *potentionally_overflowed, tree var) ++static tree get_cast_def_stmt_rhs(tree new_rhs) +{ -+ tree rhs1, rhs2; -+ gimple def_stmt = get_def_stmt(var); ++ gimple def_stmt; ++ ++ def_stmt = get_def_stmt(new_rhs); ++ // get_size_overflow_type ++ if (LONG_TYPE_SIZE != GET_MODE_BITSIZE(SImode)) ++ gcc_assert(gimple_assign_cast_p(def_stmt)); ++ return gimple_assign_rhs1(def_stmt); ++} ++ ++static tree cast_to_int_TI_type_and_check(bool *potentionally_overflowed, gimple stmt, tree new_rhs) ++{ ++ gimple_stmt_iterator gsi; ++ gimple cast_stmt, def_stmt; ++ enum machine_mode mode = TYPE_MODE(TREE_TYPE(new_rhs)); ++ ++ if (mode != TImode && mode != DImode) { ++ def_stmt = get_def_stmt(new_rhs); ++ gcc_assert(gimple_assign_cast_p(def_stmt)); ++ new_rhs = gimple_assign_rhs1(def_stmt); ++ mode = TYPE_MODE(TREE_TYPE(new_rhs)); ++ } ++ ++ gcc_assert(mode == TImode || mode == DImode); ++ ++ if (mode == TYPE_MODE(intTI_type_node) && useless_type_conversion_p(TREE_TYPE(new_rhs), intTI_type_node)) ++ return new_rhs; ++ ++ gsi = gsi_for_stmt(stmt); ++ cast_stmt = build_cast_stmt(intTI_type_node, new_rhs, CREATE_NEW_VAR, &gsi, BEFORE_STMT); ++ new_rhs = gimple_get_lhs(cast_stmt); ++ ++ if (mode == DImode) ++ return new_rhs; ++ ++ check_size_overflow(stmt, intTI_type_node, new_rhs, new_rhs, potentionally_overflowed, BEFORE_STMT); ++ ++ return new_rhs; ++} ++ ++static bool is_an_integer_trunction(gimple stmt) ++{ ++ gimple rhs1_def_stmt, rhs2_def_stmt; ++ tree rhs1_def_stmt_rhs1, rhs2_def_stmt_rhs1; ++ enum machine_mode rhs1_def_stmt_rhs1_mode, rhs2_def_stmt_rhs1_mode; ++ tree rhs1 = gimple_assign_rhs1(stmt); ++ tree rhs2 = gimple_assign_rhs2(stmt); ++ enum machine_mode rhs1_mode = TYPE_MODE(TREE_TYPE(rhs1)); ++ enum machine_mode rhs2_mode = TYPE_MODE(TREE_TYPE(rhs2)); ++ ++ if (is_gimple_constant(rhs1) || is_gimple_constant(rhs2)) ++ return false; ++ ++ gcc_assert(TREE_CODE(rhs1) == SSA_NAME && TREE_CODE(rhs2) == SSA_NAME); ++ ++ if (gimple_assign_rhs_code(stmt) != MINUS_EXPR || rhs1_mode != SImode || rhs2_mode != SImode) ++ return false; ++ ++ rhs1_def_stmt = get_def_stmt(rhs1); ++ rhs2_def_stmt = get_def_stmt(rhs2); ++ if (!gimple_assign_cast_p(rhs1_def_stmt) || !gimple_assign_cast_p(rhs2_def_stmt)) ++ return false; ++ ++ rhs1_def_stmt_rhs1 = gimple_assign_rhs1(rhs1_def_stmt); ++ rhs2_def_stmt_rhs1 = gimple_assign_rhs1(rhs2_def_stmt); ++ rhs1_def_stmt_rhs1_mode = TYPE_MODE(TREE_TYPE(rhs1_def_stmt_rhs1)); ++ rhs2_def_stmt_rhs1_mode = TYPE_MODE(TREE_TYPE(rhs2_def_stmt_rhs1)); ++ if (rhs1_def_stmt_rhs1_mode != DImode || rhs2_def_stmt_rhs1_mode != DImode) ++ return false; ++ ++ gimple_set_plf(rhs1_def_stmt, NO_CAST_CHECK, true); ++ gimple_set_plf(rhs2_def_stmt, NO_CAST_CHECK, true); ++ return true; ++} ++ ++static tree handle_integer_truncation(struct pointer_set_t *visited, bool *potentionally_overflowed, tree lhs) ++{ ++ tree new_rhs1, new_rhs2, size_overflow_type; ++ tree new_rhs1_def_stmt_rhs1, new_rhs2_def_stmt_rhs1, new_lhs; ++ tree new_rhs1_def_stmt_rhs1_type, new_rhs2_def_stmt_rhs1_type; ++ gimple assign, stmt = get_def_stmt(lhs); ++ tree rhs1 = gimple_assign_rhs1(stmt); ++ tree rhs2 = gimple_assign_rhs2(stmt); ++ ++ if (!is_an_integer_trunction(stmt)) ++ return NULL_TREE; ++ ++ new_rhs1 = expand(visited, potentionally_overflowed, rhs1); ++ new_rhs2 = expand(visited, potentionally_overflowed, rhs2); ++ ++ new_rhs1_def_stmt_rhs1 = get_cast_def_stmt_rhs(new_rhs1); ++ new_rhs2_def_stmt_rhs1 = get_cast_def_stmt_rhs(new_rhs2); ++ ++ new_rhs1_def_stmt_rhs1_type = TREE_TYPE(new_rhs1_def_stmt_rhs1); ++ new_rhs2_def_stmt_rhs1_type = TREE_TYPE(new_rhs2_def_stmt_rhs1); ++ ++ if (!useless_type_conversion_p(new_rhs1_def_stmt_rhs1_type, new_rhs2_def_stmt_rhs1_type)) { ++ new_rhs1_def_stmt_rhs1 = cast_to_int_TI_type_and_check(potentionally_overflowed, stmt, new_rhs1_def_stmt_rhs1); ++ new_rhs2_def_stmt_rhs1 = cast_to_int_TI_type_and_check(potentionally_overflowed, stmt, new_rhs2_def_stmt_rhs1); ++ } ++ ++ assign = create_binary_assign(MINUS_EXPR, stmt, new_rhs1_def_stmt_rhs1, new_rhs2_def_stmt_rhs1); ++ new_lhs = gimple_get_lhs(assign); ++ check_size_overflow(assign, TREE_TYPE(new_lhs), new_lhs, rhs1, potentionally_overflowed, AFTER_STMT); ++ ++ size_overflow_type = get_size_overflow_type(stmt, lhs); ++ new_rhs1 = cast_to_new_size_overflow_type(stmt, new_rhs1, size_overflow_type, BEFORE_STMT); ++ new_rhs2 = cast_to_new_size_overflow_type(stmt, new_rhs2, size_overflow_type, BEFORE_STMT); ++ return dup_assign(visited, potentionally_overflowed, stmt, size_overflow_type, new_rhs1, new_rhs2, NULL_TREE); ++} ++ ++static tree handle_binary_ops(struct pointer_set_t *visited, bool *potentionally_overflowed, tree lhs) ++{ ++ tree rhs1, rhs2, size_overflow_type, new_lhs; ++ gimple def_stmt = get_def_stmt(lhs); + tree new_rhs1 = NULL_TREE; + tree new_rhs2 = NULL_TREE; + @@ -85506,32 +86806,41 @@ index 0000000..cc96254 + case EXACT_DIV_EXPR: + case POINTER_PLUS_EXPR: + case BIT_AND_EXPR: -+ return create_assign(visited, potentionally_overflowed, def_stmt, var, AFTER_STMT); ++ return create_assign(visited, potentionally_overflowed, def_stmt, lhs, AFTER_STMT); + default: + break; + } + + *potentionally_overflowed = true; + ++ new_lhs = handle_integer_truncation(visited, potentionally_overflowed, lhs); ++ if (new_lhs != NULL_TREE) ++ return new_lhs; ++ + if (TREE_CODE(rhs1) == SSA_NAME) + new_rhs1 = expand(visited, potentionally_overflowed, rhs1); + if (TREE_CODE(rhs2) == SSA_NAME) + new_rhs2 = expand(visited, potentionally_overflowed, rhs2); + + if (is_gimple_constant(rhs2)) -+ return handle_const_assign(visited, potentionally_overflowed, def_stmt, var, rhs1, new_rhs1, new_rhs1, signed_cast(rhs2), &gimple_assign_set_rhs1); ++ return handle_const_assign(visited, potentionally_overflowed, def_stmt, new_rhs1, new_rhs1, NULL_TREE); + + if (is_gimple_constant(rhs1)) -+ return handle_const_assign(visited, potentionally_overflowed, def_stmt, var, rhs2, new_rhs2, signed_cast(rhs1), new_rhs2, &gimple_assign_set_rhs2); ++ return handle_const_assign(visited, potentionally_overflowed, def_stmt, new_rhs2, NULL_TREE, new_rhs2); + -+ return dup_assign(visited, potentionally_overflowed, def_stmt, new_rhs1, new_rhs2, NULL_TREE); ++ size_overflow_type = get_size_overflow_type(def_stmt, lhs); ++ ++ new_rhs1 = cast_to_new_size_overflow_type(def_stmt, new_rhs1, size_overflow_type, BEFORE_STMT); ++ new_rhs2 = cast_to_new_size_overflow_type(def_stmt, new_rhs2, size_overflow_type, BEFORE_STMT); ++ ++ return dup_assign(visited, potentionally_overflowed, def_stmt, size_overflow_type, new_rhs1, new_rhs2, NULL_TREE); +} + +#if BUILDING_GCC_VERSION >= 4007 -+static tree get_new_rhs(struct pointer_set_t *visited, bool *potentionally_overflowed, tree rhs) ++static tree get_new_rhs(struct pointer_set_t *visited, bool *potentionally_overflowed, tree size_overflow_type, tree rhs) +{ + if (is_gimple_constant(rhs)) -+ return signed_cast(rhs); ++ return cast_a_tree(size_overflow_type, rhs); + if (TREE_CODE(rhs) != SSA_NAME) + return NULL_TREE; + return expand(visited, potentionally_overflowed, rhs); @@ -85539,61 +86848,72 @@ index 0000000..cc96254 + +static tree handle_ternary_ops(struct pointer_set_t *visited, bool *potentionally_overflowed, tree var) +{ -+ tree rhs1, rhs2, rhs3, new_rhs1, new_rhs2, new_rhs3; ++ tree rhs1, rhs2, rhs3, new_rhs1, new_rhs2, new_rhs3, size_overflow_type; + gimple def_stmt = get_def_stmt(var); + + *potentionally_overflowed = true; + ++ size_overflow_type = get_size_overflow_type(def_stmt, var); ++ + rhs1 = gimple_assign_rhs1(def_stmt); + rhs2 = gimple_assign_rhs2(def_stmt); + rhs3 = gimple_assign_rhs3(def_stmt); -+ new_rhs1 = get_new_rhs(visited, potentionally_overflowed, rhs1); -+ new_rhs2 = get_new_rhs(visited, potentionally_overflowed, rhs2); -+ new_rhs3 = get_new_rhs(visited, potentionally_overflowed, rhs3); ++ new_rhs1 = get_new_rhs(visited, potentionally_overflowed, size_overflow_type, rhs1); ++ new_rhs2 = get_new_rhs(visited, potentionally_overflowed, size_overflow_type, rhs2); ++ new_rhs3 = get_new_rhs(visited, potentionally_overflowed, size_overflow_type, rhs3); + -+ if (new_rhs1 == NULL_TREE && new_rhs2 != NULL_TREE && new_rhs3 != NULL_TREE) -+ return dup_assign(visited, potentionally_overflowed, def_stmt, new_rhs1, new_rhs2, new_rhs3); -+ error("handle_ternary_ops: unknown rhs"); -+ gcc_unreachable(); ++ new_rhs1 = cast_to_new_size_overflow_type(def_stmt, new_rhs1, size_overflow_type, BEFORE_STMT); ++ new_rhs2 = cast_to_new_size_overflow_type(def_stmt, new_rhs2, size_overflow_type, BEFORE_STMT); ++ new_rhs3 = cast_to_new_size_overflow_type(def_stmt, new_rhs3, size_overflow_type, BEFORE_STMT); ++ ++ return dup_assign(visited, potentionally_overflowed, def_stmt, size_overflow_type, new_rhs1, new_rhs2, new_rhs3); +} +#endif + -+static void set_size_overflow_type(tree node) ++static tree get_size_overflow_type(gimple stmt, tree node) +{ -+ switch (TYPE_MODE(TREE_TYPE(node))) { ++ tree type; ++ ++ gcc_assert(node != NULL_TREE); ++ ++ type = TREE_TYPE(node); ++ ++ if (gimple_plf(stmt, MY_STMT)) ++ return TREE_TYPE(node); ++ ++ switch (TYPE_MODE(type)) { ++ case QImode: ++ return (TYPE_UNSIGNED(type)) ? unsigned_intHI_type_node : intHI_type_node; ++ case HImode: ++ return (TYPE_UNSIGNED(type)) ? unsigned_intSI_type_node : intSI_type_node; + case SImode: -+ signed_size_overflow_type = intDI_type_node; -+ unsigned_size_overflow_type = unsigned_intDI_type_node; -+ break; ++ return (TYPE_UNSIGNED(type)) ? unsigned_intDI_type_node : intDI_type_node; + case DImode: -+ if (LONG_TYPE_SIZE == GET_MODE_BITSIZE(SImode)) { -+ signed_size_overflow_type = intDI_type_node; -+ unsigned_size_overflow_type = unsigned_intDI_type_node; -+ } else { -+ signed_size_overflow_type = intTI_type_node; -+ unsigned_size_overflow_type = unsigned_intTI_type_node; -+ } -+ break; ++ if (LONG_TYPE_SIZE == GET_MODE_BITSIZE(SImode)) ++ return (TYPE_UNSIGNED(type)) ? unsigned_intDI_type_node : intDI_type_node; ++ return (TYPE_UNSIGNED(type)) ? unsigned_intTI_type_node : intTI_type_node; + default: -+ error("set_size_overflow_type: unsupported gcc configuration."); ++ debug_tree(node); ++ error("get_size_overflow_type: unsupported gcc configuration."); + gcc_unreachable(); + } +} + +static tree expand_visited(gimple def_stmt) +{ -+ gimple tmp; ++ gimple next_stmt; + gimple_stmt_iterator gsi = gsi_for_stmt(def_stmt); + + gsi_next(&gsi); -+ tmp = gsi_stmt(gsi); -+ switch (gimple_code(tmp)) { ++ next_stmt = gsi_stmt(gsi); ++ ++ switch (gimple_code(next_stmt)) { + case GIMPLE_ASSIGN: -+ return gimple_get_lhs(tmp); ++ return gimple_get_lhs(next_stmt); + case GIMPLE_PHI: -+ return gimple_phi_result(tmp); ++ return gimple_phi_result(next_stmt); + case GIMPLE_CALL: -+ return gimple_call_lhs(tmp); ++ return gimple_call_lhs(next_stmt); + default: + return NULL_TREE; + } @@ -85611,19 +86931,18 @@ index 0000000..cc96254 + return NULL_TREE; + + gcc_assert(code == INTEGER_TYPE || code == POINTER_TYPE || code == BOOLEAN_TYPE || code == ENUMERAL_TYPE); -+ if (code != INTEGER_TYPE) -+ return NULL_TREE; + -+ if (SSA_NAME_IS_DEFAULT_DEF(var)) { ++ if (TREE_CODE(SSA_NAME_VAR(var)) == PARM_DECL) + check_missing_attribute(var); -+ return NULL_TREE; -+ } + + def_stmt = get_def_stmt(var); + + if (!def_stmt) + return NULL_TREE; + ++ if (gimple_plf(def_stmt, MY_STMT)) ++ return var; ++ + if (pointer_set_contains(visited, def_stmt)) + return expand_visited(def_stmt); + @@ -85632,7 +86951,7 @@ index 0000000..cc96254 + check_missing_attribute(var); + return NULL_TREE; + case GIMPLE_PHI: -+ return build_new_phi(visited, potentionally_overflowed, def_stmt); ++ return build_new_phi(visited, potentionally_overflowed, var); + case GIMPLE_CALL: + case GIMPLE_ASM: + return create_assign(visited, potentionally_overflowed, def_stmt, var, AFTER_STMT); @@ -85662,9 +86981,7 @@ index 0000000..cc96254 + + gcc_assert(gimple_code(stmt) == GIMPLE_CALL); + -+ assign = build_cast_stmt(origtype, newarg, CREATE_NEW_VAR, gimple_location(stmt)); -+ gsi_insert_before(&gsi, assign, GSI_SAME_STMT); -+ update_stmt(assign); ++ assign = build_cast_stmt(origtype, newarg, CREATE_NEW_VAR, &gsi, BEFORE_STMT); + + gimple_call_set_arg(stmt, argnum, gimple_get_lhs(assign)); + update_stmt(stmt); @@ -85714,8 +87031,6 @@ index 0000000..cc96254 + + check_arg_type(arg); + -+ set_size_overflow_type(arg); -+ + visited = pointer_set_create(); + potentionally_overflowed = false; + newarg = expand(visited, &potentionally_overflowed, arg); @@ -85726,7 +87041,7 @@ index 0000000..cc96254 + + change_function_arg(stmt, arg, argnum, newarg); + -+ check_size_overflow(stmt, newarg, arg, &potentionally_overflowed); ++ check_size_overflow(stmt, TREE_TYPE(newarg), newarg, arg, &potentionally_overflowed, BEFORE_STMT); +} + +static void handle_function_by_attribute(gimple stmt, tree attr, tree fndecl) @@ -85754,14 +87069,29 @@ index 0000000..cc96254 + handle_function_arg(stmt, fndecl, num - 1); +} + ++static void set_plf_false(void) ++{ ++ basic_block bb; ++ ++ FOR_ALL_BB(bb) { ++ gimple_stmt_iterator si; ++ ++ for (si = gsi_start_bb(bb); !gsi_end_p(si); gsi_next(&si)) ++ gimple_set_plf(gsi_stmt(si), MY_STMT, false); ++ for (si = gsi_start_phis(bb); !gsi_end_p(si); gsi_next(&si)) ++ gimple_set_plf(gsi_stmt(si), MY_STMT, false); ++ } ++} ++ +static unsigned int handle_function(void) +{ -+ basic_block bb = ENTRY_BLOCK_PTR->next_bb; -+ int saved_last_basic_block = last_basic_block; ++ basic_block next, bb = ENTRY_BLOCK_PTR->next_bb; ++ ++ set_plf_false(); + + do { + gimple_stmt_iterator gsi; -+ basic_block next = bb->next_bb; ++ next = bb->next_bb; + + for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) { + tree fndecl, attr; @@ -85774,15 +87104,16 @@ index 0000000..cc96254 + continue; + if (gimple_call_num_args(stmt) == 0) + continue; -+ attr = lookup_attribute("size_overflow", TYPE_ATTRIBUTES(TREE_TYPE(fndecl))); ++ attr = lookup_attribute("size_overflow", DECL_ATTRIBUTES(fndecl)); + if (!attr || !TREE_VALUE(attr)) + handle_function_by_hash(stmt, fndecl); + else + handle_function_by_attribute(stmt, attr, fndecl); + gsi = gsi_for_stmt(stmt); ++ next = gimple_bb(stmt)->next_bb; + } + bb = next; -+ } while (bb && bb->index <= saved_last_basic_block); ++ } while (bb); + return 0; +} + @@ -85810,11 +87141,12 @@ index 0000000..cc96254 + + const_char_ptr_type_node = build_pointer_type(build_type_variant(char_type_node, 1, 0)); + -+ // void report_size_overflow(const char *loc_file, unsigned int loc_line, const char *current_func) ++ // void report_size_overflow(const char *loc_file, unsigned int loc_line, const char *current_func, const char *ssa_var) + fntype = build_function_type_list(void_type_node, + const_char_ptr_type_node, + unsigned_type_node, + const_char_ptr_type_node, ++ const_char_ptr_type_node, + NULL_TREE); + report_size_overflow_decl = build_fn_decl("report_size_overflow", fntype); + @@ -85822,6 +87154,7 @@ index 0000000..cc96254 + TREE_PUBLIC(report_size_overflow_decl) = 1; + DECL_EXTERNAL(report_size_overflow_decl) = 1; + DECL_ARTIFICIAL(report_size_overflow_decl) = 1; ++ TREE_THIS_VOLATILE(report_size_overflow_decl) = 1; +} + +int plugin_init(struct plugin_name_args *plugin_info, struct plugin_gcc_version *version) @@ -85854,7 +87187,7 @@ index 0000000..cc96254 + + register_callback(plugin_name, PLUGIN_INFO, NULL, &size_overflow_plugin_info); + if (enable) { -+ register_callback ("start_unit", PLUGIN_START_UNIT, &start_unit_callback, NULL); ++ register_callback("start_unit", PLUGIN_START_UNIT, &start_unit_callback, NULL); + register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &size_overflow_pass_info); + } + register_callback(plugin_name, PLUGIN_ATTRIBUTES, register_attributes, NULL); @@ -86219,7 +87552,7 @@ index af0f22f..9a7d479 100644 break; } diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c -index 9739b53..6d457e3 100644 +index 44ee712..7da730b 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -75,7 +75,7 @@ LIST_HEAD(vm_list); @@ -86231,7 +87564,7 @@ index 9739b53..6d457e3 100644 struct kmem_cache *kvm_vcpu_cache; EXPORT_SYMBOL_GPL(kvm_vcpu_cache); -@@ -2247,7 +2247,7 @@ static void hardware_enable_nolock(void *junk) +@@ -2291,7 +2291,7 @@ static void hardware_enable_nolock(void *junk) if (r) { cpumask_clear_cpu(cpu, cpus_hardware_enabled); @@ -86240,7 +87573,7 @@ index 9739b53..6d457e3 100644 printk(KERN_INFO "kvm: enabling virtualization on " "CPU%d failed\n", cpu); } -@@ -2301,10 +2301,10 @@ static int hardware_enable_all(void) +@@ -2345,10 +2345,10 @@ static int hardware_enable_all(void) kvm_usage_count++; if (kvm_usage_count == 1) { @@ -86253,7 +87586,7 @@ index 9739b53..6d457e3 100644 hardware_disable_all_nolock(); r = -EBUSY; } -@@ -2667,7 +2667,7 @@ static void kvm_sched_out(struct preempt_notifier *pn, +@@ -2709,7 +2709,7 @@ static void kvm_sched_out(struct preempt_notifier *pn, kvm_arch_vcpu_put(vcpu); } @@ -86262,7 +87595,7 @@ index 9739b53..6d457e3 100644 struct module *module) { int r; -@@ -2730,7 +2730,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, +@@ -2772,7 +2772,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, if (!vcpu_align) vcpu_align = __alignof__(struct kvm_vcpu); kvm_vcpu_cache = kmem_cache_create("kvm_vcpu", vcpu_size, vcpu_align, @@ -86271,7 +87604,7 @@ index 9739b53..6d457e3 100644 if (!kvm_vcpu_cache) { r = -ENOMEM; goto out_free_3; -@@ -2740,9 +2740,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, +@@ -2782,9 +2782,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, if (r) goto out_free; diff --git a/kernel/patches/linux-2.6-input-kill-stupid-messages.patch b/kernel/patches/linux-2.6-input-kill-stupid-messages.patch deleted file mode 100644 index cc1dd7470..000000000 --- a/kernel/patches/linux-2.6-input-kill-stupid-messages.patch +++ /dev/null @@ -1,32 +0,0 @@ -From b2c6d55b2351152696aafb8c9bf3ec8968acf77c Mon Sep 17 00:00:00 2001 -From: Kyle McMartin -Date: Mon, 29 Mar 2010 23:59:58 -0400 -Subject: linux-2.6-input-kill-stupid-messages - ---- - drivers/input/keyboard/atkbd.c | 5 +++++ - 1 files changed, 5 insertions(+), 0 deletions(-) - -diff --git a/drivers/input/keyboard/atkbd.c b/drivers/input/keyboard/atkbd.c -index d358ef8..38db098 100644 ---- a/drivers/input/keyboard/atkbd.c -+++ b/drivers/input/keyboard/atkbd.c -@@ -425,11 +426,15 @@ static irqreturn_t atkbd_interrupt(struct serio *serio, unsigned char data, - goto out; - case ATKBD_RET_ACK: - case ATKBD_RET_NAK: -+#if 0 -+ /* Quite a few key switchers and other tools trigger this -+ * and it confuses people who can do nothing about it */ - if (printk_ratelimit()) - dev_warn(&serio->dev, - "Spurious %s on %s. " - "Some program might be trying access hardware directly.\n", - data == ATKBD_RET_ACK ? "ACK" : "NAK", serio->phys); -+#endif - goto out; - case ATKBD_RET_ERR: - atkbd->err_count++; --- -1.7.0.1 - -- 2.39.2