From 5e856224bb84fcab85758e7ff24df9e599979cd8 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Mon, 26 Mar 2012 11:50:43 +0200 Subject: [PATCH] kernel: Update to 3.3.6. This commit updates the Linux kernel from 3.2 to 3.3. The kernel module for Advansys SCSI and NSP32 hardware had to be disabled on ARM because they FTBFS. --- kernel/config-arm-generic | 34 +- kernel/config-armv5tel-kirkwood | 2 +- kernel/config-armv7hl-omap | 31 +- kernel/config-generic | 271 +- kernel/config-i686-default | 9 +- kernel/config-i686-legacy | 5 +- kernel/config-x86-generic | 49 +- kernel/config-x86_64-default | 13 +- kernel/kernel.nm | 13 +- ...> grsecurity-2.9-3.3.6-201205151707.patch} | 11228 +++++++++------- .../linux-2.6-defaults-acpi-video.patch | 13 - ...-forwarding-when-turning-stp-off.patch.off | 86 - kernel/scripts/configdiff.py | 2 + 13 files changed, 6326 insertions(+), 5430 deletions(-) rename kernel/patches/{grsecurity-2.9-3.2.12-201203221944.patch => grsecurity-2.9-3.3.6-201205151707.patch} (91%) delete mode 100644 kernel/patches/linux-2.6-defaults-acpi-video.patch delete mode 100644 kernel/patches/linux-3.1-bridge-push-blocking-slaves-to-forwarding-when-turning-stp-off.patch.off diff --git a/kernel/config-arm-generic b/kernel/config-arm-generic index 23f6633da..bfa849213 100644 --- a/kernel/config-arm-generic +++ b/kernel/config-arm-generic @@ -85,7 +85,6 @@ CONFIG_ARCH_VERSATILE=y # CONFIG_ARCH_S5PV210 is not set # CONFIG_ARCH_EXYNOS is not set # CONFIG_ARCH_SHARK is not set -# CONFIG_ARCH_TCC_926 is not set # CONFIG_ARCH_U300 is not set # CONFIG_ARCH_U8500 is not set # CONFIG_ARCH_NOMADIK is not set @@ -125,12 +124,16 @@ CONFIG_CPU_USE_DOMAINS=y # # Processor Features # +# CONFIG_ARCH_PHYS_ADDR_T_64BIT is not set CONFIG_ARM_THUMB=y # CONFIG_CPU_ICACHE_DISABLE is not set # CONFIG_CPU_DCACHE_DISABLE is not set # CONFIG_CPU_DCACHE_WRITETHROUGH is not set # CONFIG_CPU_CACHE_ROUND_ROBIN is not set +# CONFIG_CACHE_L2X0 is not set CONFIG_ARM_L1_CACHE_SHIFT=5 +CONFIG_ARM_NR_BANKS=8 +CONFIG_MULTI_IRQ_HANDLER=y CONFIG_ARM_VIC=y CONFIG_ARM_VIC_NR=2 CONFIG_ICST=y @@ -142,6 +145,8 @@ CONFIG_PL330=y CONFIG_ARM_AMBA=y CONFIG_PCI_SYSCALL=y # CONFIG_ARCH_SUPPORTS_MSI is not set +# CONFIG_PCI_PRI is not set +# CONFIG_PCI_PASID is not set # # Kernel Features @@ -150,6 +155,7 @@ CONFIG_VMSPLIT_3G=y # CONFIG_VMSPLIT_2G is not set # CONFIG_VMSPLIT_1G is not set CONFIG_PAGE_OFFSET=0xC0000000 +CONFIG_ARCH_NR_GPIO=0 CONFIG_HZ=100 CONFIG_AEABI=y # CONFIG_OABI_COMPAT is not set @@ -222,6 +228,7 @@ CONFIG_OF=y # Device Tree and Open Firmware support # CONFIG_PROC_DEVICETREE=y +# CONFIG_OF_SELFTEST is not set CONFIG_OF_FLATTREE=y CONFIG_OF_EARLY_FLATTREE=y CONFIG_OF_ADDRESS=y @@ -233,7 +240,12 @@ CONFIG_OF_NET=y CONFIG_OF_MDIO=y CONFIG_OF_PCI=y CONFIG_OF_PCI_IRQ=y +# CONFIG_BLK_DEV_PCIESSD_MTIP32XX is not set # CONFIG_MG_DISK is not set + +# +# Misc devices +# # CONFIG_SENSORS_LIS3LV02D is not set # CONFIG_ATMEL_PWM is not set # CONFIG_SGI_IOC4 is not set @@ -243,7 +255,8 @@ CONFIG_OF_PCI_IRQ=y # SCSI Transports # # CONFIG_SCSI_ACARD is not set -CONFIG_SCSI_NSP32=m +# CONFIG_SCSI_ADVANSYS is not set +# CONFIG_SCSI_NSP32 is not set # # IEEE 1394 (FireWire) support @@ -251,7 +264,7 @@ CONFIG_SCSI_NSP32=m # CONFIG_ATM_HE is not set # -# CAIF transport drivers +# Distributed Switch Architecture drivers # CONFIG_DM9000=m # CONFIG_DM9000_FORCE_SIMPLE_PHY_POLL is not set @@ -273,6 +286,11 @@ CONFIG_SMSC911X=m # # CONFIG_ISDN_DRV_LOOP is not set +# +# Input Device Drivers +# +# CONFIG_KEYBOARD_SAMSUNG is not set + # # Hardware I/O ports # @@ -371,7 +389,6 @@ CONFIG_FB_ARMCLCD=m CONFIG_SND_ARM=y CONFIG_SND_ARMAACI=m CONFIG_SND_SOC=m -# CONFIG_SND_SOC_CACHE_LZO is not set CONFIG_SND_SOC_I2C_AND_SPI=m # CONFIG_SND_SOC_ALL_CODECS is not set @@ -408,12 +425,12 @@ CONFIG_RTC_DRV_PL031=m CONFIG_PL330_DMA=y # -# Virtio drivers +# Microsoft Hyper-V guest support # # CONFIG_DRM_NOUVEAU is not set # -# Speakup console speech +# Android # CONFIG_CLKDEV_LOOKUP=y @@ -439,6 +456,11 @@ CONFIG_OLD_MCOUNT=y # CONFIG_DEBUG_LL is not set # CONFIG_OC_ETM is not set +# +# Executable Protections +# +# CONFIG_GRKERNSEC_SETXID is not set + # # Miscellaneous hardening features # diff --git a/kernel/config-armv5tel-kirkwood b/kernel/config-armv5tel-kirkwood index 38a8f2134..b2d324477 100644 --- a/kernel/config-armv5tel-kirkwood +++ b/kernel/config-armv5tel-kirkwood @@ -62,7 +62,7 @@ CONFIG_CACHE_FEROCEON_L2_WRITETHROUGH=y # CONFIG_ARM_CPU_SUSPEND is not set # -# CAIF transport drivers +# Distributed Switch Architecture drivers # CONFIG_MV643XX_ETH=m diff --git a/kernel/config-armv7hl-omap b/kernel/config-armv7hl-omap index e2fc09997..613c38485 100644 --- a/kernel/config-armv7hl-omap +++ b/kernel/config-armv7hl-omap @@ -70,7 +70,8 @@ CONFIG_ARCH_OMAP2PLUS_TYPICAL=y CONFIG_ARCH_OMAP3=y CONFIG_ARCH_OMAP4=y CONFIG_SOC_OMAP3430=y -# CONFIG_SOC_OMAPTI816X is not set +CONFIG_SOC_OMAPTI81XX=y +CONFIG_SOC_OMAPAM33XX=y CONFIG_OMAP_PACKAGE_CBB=y CONFIG_OMAP_PACKAGE_CUS=y CONFIG_OMAP_PACKAGE_CBP=y @@ -103,10 +104,13 @@ CONFIG_MACH_IGEP0020=y CONFIG_MACH_IGEP0030=y CONFIG_MACH_SBC3530=y CONFIG_MACH_OMAP_3630SDP=y +CONFIG_MACH_TI8168EVM=y +CONFIG_MACH_TI8148EVM=y CONFIG_MACH_OMAP_4430SDP=y CONFIG_MACH_OMAP4_PANDA=y CONFIG_OMAP3_EMU=y # CONFIG_OMAP3_SDRC_AC_TIMING is not set +CONFIG_OMAP4_ERRATA_I688=y # # Processor Type @@ -125,6 +129,7 @@ CONFIG_CPU_HAS_ASID=y # # Processor Features # +# CONFIG_ARM_LPAE is not set CONFIG_ARM_THUMBEE=y CONFIG_SWP_EMULATE=y # CONFIG_CPU_BPREDICT_DISABLE is not set @@ -132,7 +137,10 @@ CONFIG_OUTER_CACHE=y CONFIG_OUTER_CACHE_SYNC=y CONFIG_CACHE_L2X0=y CONFIG_CACHE_PL310=y +CONFIG_ARM_L1_CACHE_SHIFT_6=y +CONFIG_ARM_L1_CACHE_SHIFT=6 CONFIG_ARM_DMA_MEM_BUFFERABLE=y +CONFIG_ARCH_HAS_BARRIERS=y CONFIG_CPU_HAS_PMU=y CONFIG_ARM_ERRATA_430973=y # CONFIG_ARM_ERRATA_458693 is not set @@ -313,7 +321,7 @@ CONFIG_MG_DISK_RES=0 # CONFIG_MULTICORE_RAID456 is not set # -# CAIF transport drivers +# Distributed Switch Architecture drivers # # CONFIG_TI_DAVINCI_EMAC is not set # CONFIG_TI_DAVINCI_MDIO is not set @@ -373,6 +381,7 @@ CONFIG_GPIO_TWL4030=y # 1-wire Slaves # # CONFIG_CHARGER_TWL4030 is not set +# CONFIG_CHARGER_MANAGER is not set # # Watchdog Device Drivers @@ -399,10 +408,12 @@ CONFIG_TWL6040_CORE=y # CONFIG_MFD_STMPE is not set # CONFIG_MFD_TC3589X is not set # CONFIG_PMIC_DA903X is not set +# CONFIG_MFD_DA9052_I2C is not set # CONFIG_PMIC_ADP5520 is not set # CONFIG_MFD_MAX8925 is not set # CONFIG_MFD_MAX8997 is not set # CONFIG_MFD_MAX8998 is not set +# CONFIG_MFD_S5M_CORE is not set # CONFIG_MFD_WM831X_I2C is not set # CONFIG_MFD_WM8350_I2C is not set # CONFIG_MFD_WM8994 is not set @@ -444,11 +455,9 @@ CONFIG_VIDEO_OMAP2_VOUT=m # # Graphics support # +CONFIG_DRM_KMS_HELPER=m # CONFIG_VGASTATE is not set # CONFIG_FB_DDC is not set -CONFIG_FB_CFB_FILLRECT=y -CONFIG_FB_CFB_COPYAREA=y -CONFIG_FB_CFB_IMAGEBLIT=y # CONFIG_FB_SVGALIB is not set # CONFIG_FB_BACKLIGHT is not set @@ -471,7 +480,7 @@ CONFIG_OMAP4_DSS_HDMI=y # CONFIG_OMAP2_DSS_FAKE_VSYNC is not set CONFIG_OMAP2_DSS_MIN_FCK_PER_PCK=1 CONFIG_OMAP2_DSS_SLEEP_AFTER_VENC_RESET=y -CONFIG_FB_OMAP2=y +CONFIG_FB_OMAP2=m CONFIG_FB_OMAP2_DEBUG_SUPPORT=y CONFIG_FB_OMAP2_NUM_FBS=3 @@ -546,13 +555,21 @@ CONFIG_VIRTIO=m CONFIG_VIRTIO_RING=m # -# Virtio drivers +# I2C encoder or helper chips # +CONFIG_DRM_I2C_CH7006=m +CONFIG_DRM_I2C_SIL164=m # CONFIG_TIDSPBRIDGE is not set # # Speakup console speech # +CONFIG_DRM_OMAP=m +CONFIG_DRM_OMAP_NUM_CRTCS=1 + +# +# Android +# CONFIG_HWSPINLOCK=m # diff --git a/kernel/config-generic b/kernel/config-generic index 45ce98ab7..0c5fbfaf2 100644 --- a/kernel/config-generic +++ b/kernel/config-generic @@ -43,6 +43,10 @@ CONFIG_TASK_DELAY_ACCT=y CONFIG_TASK_XACCT=y CONFIG_TASK_IO_ACCOUNTING=y CONFIG_AUDIT=y +CONFIG_AUDITSYSCALL=y +CONFIG_AUDIT_WATCH=y +CONFIG_AUDIT_TREE=y +CONFIG_AUDIT_LOGINUID_IMMUTABLE=y CONFIG_HAVE_GENERIC_HARDIRQS=y # @@ -73,6 +77,7 @@ CONFIG_RESOURCE_COUNTERS=y CONFIG_CGROUP_MEM_RES_CTLR=y CONFIG_CGROUP_MEM_RES_CTLR_SWAP=y # CONFIG_CGROUP_MEM_RES_CTLR_SWAP_ENABLED is not set +CONFIG_CGROUP_MEM_RES_CTLR_KMEM=y CONFIG_CGROUP_PERF=y CONFIG_CGROUP_SCHED=y CONFIG_FAIR_GROUP_SCHED=y @@ -160,6 +165,29 @@ CONFIG_BLK_DEV_BSGLIB=y CONFIG_BLK_DEV_INTEGRITY=y CONFIG_BLK_DEV_THROTTLING=y +# +# Partition Types +# +CONFIG_PARTITION_ADVANCED=y +# CONFIG_ACORN_PARTITION is not set +# CONFIG_OSF_PARTITION is not set +# CONFIG_AMIGA_PARTITION is not set +# CONFIG_ATARI_PARTITION is not set +# CONFIG_MAC_PARTITION is not set +CONFIG_MSDOS_PARTITION=y +# CONFIG_BSD_DISKLABEL is not set +# CONFIG_MINIX_SUBPARTITION is not set +# CONFIG_SOLARIS_X86_PARTITION is not set +# CONFIG_UNIXWARE_DISKLABEL is not set +CONFIG_LDM_PARTITION=y +# CONFIG_LDM_DEBUG is not set +# CONFIG_SGI_PARTITION is not set +# CONFIG_ULTRIX_PARTITION is not set +# CONFIG_SUN_PARTITION is not set +# CONFIG_KARMA_PARTITION is not set +CONFIG_EFI_PARTITION=y +# CONFIG_SYSV68_PARTITION is not set + # # IO Schedulers # @@ -259,8 +287,6 @@ CONFIG_PCI=y CONFIG_PCI_STUB=y CONFIG_PCI_ATS=y CONFIG_PCI_IOV=y -# CONFIG_PCI_PRI is not set -# CONFIG_PCI_PASID is not set CONFIG_PCCARD=m # CONFIG_PCMCIA is not set CONFIG_CARDBUS=y @@ -279,6 +305,7 @@ CONFIG_YENTA_TOSHIBA=y # Executable file formats / Emulations # CONFIG_BINFMT_ELF=y +CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE=y CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS=y CONFIG_BINFMT_MISC=y CONFIG_NET=y @@ -288,6 +315,7 @@ CONFIG_NET=y # CONFIG_PACKET=y CONFIG_UNIX=y +CONFIG_UNIX_DIAG=m CONFIG_XFRM=y CONFIG_XFRM_USER=y CONFIG_XFRM_SUB_POLICY=y @@ -326,6 +354,7 @@ CONFIG_INET_XFRM_MODE_BEET=m CONFIG_INET_LRO=y CONFIG_INET_DIAG=m CONFIG_INET_TCP_DIAG=m +CONFIG_INET_UDP_DIAG=m CONFIG_TCP_CONG_ADVANCED=y CONFIG_TCP_CONG_BIC=m CONFIG_TCP_CONG_CUBIC=y @@ -379,12 +408,14 @@ CONFIG_BRIDGE_NETFILTER=y # Core Netfilter Configuration # CONFIG_NETFILTER_NETLINK=m +CONFIG_NETFILTER_NETLINK_ACCT=m CONFIG_NETFILTER_NETLINK_QUEUE=m CONFIG_NETFILTER_NETLINK_LOG=m CONFIG_NF_CONNTRACK=m CONFIG_NF_CONNTRACK_MARK=y CONFIG_NF_CONNTRACK_SECMARK=y CONFIG_NF_CONNTRACK_ZONES=y +CONFIG_NF_CONNTRACK_PROCFS=y CONFIG_NF_CONNTRACK_EVENTS=y CONFIG_NF_CONNTRACK_TIMESTAMP=y CONFIG_NF_CT_PROTO_DCCP=m @@ -452,6 +483,7 @@ CONFIG_NETFILTER_XT_MATCH_CPU=m CONFIG_NETFILTER_XT_MATCH_DCCP=m CONFIG_NETFILTER_XT_MATCH_DEVGROUP=m CONFIG_NETFILTER_XT_MATCH_DSCP=m +CONFIG_NETFILTER_XT_MATCH_ECN=m CONFIG_NETFILTER_XT_MATCH_ESP=m CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=m CONFIG_NETFILTER_XT_MATCH_HELPER=m @@ -463,6 +495,7 @@ CONFIG_NETFILTER_XT_MATCH_LIMIT=m CONFIG_NETFILTER_XT_MATCH_MAC=m CONFIG_NETFILTER_XT_MATCH_MARK=m CONFIG_NETFILTER_XT_MATCH_MULTIPORT=m +CONFIG_NETFILTER_XT_MATCH_NFACCT=m CONFIG_NETFILTER_XT_MATCH_OSF=m CONFIG_NETFILTER_XT_MATCH_OWNER=m CONFIG_NETFILTER_XT_MATCH_POLICY=m @@ -522,6 +555,11 @@ CONFIG_IP_VS_SH=m CONFIG_IP_VS_SED=m CONFIG_IP_VS_NQ=m +# +# IPVS SH scheduler +# +CONFIG_IP_VS_SH_TAB_BITS=8 + # # IPVS application helper # @@ -539,6 +577,7 @@ CONFIG_NF_CONNTRACK_IPV4=m CONFIG_IP_NF_IPTABLES=y CONFIG_IP_NF_MATCH_AH=m CONFIG_IP_NF_MATCH_ECN=m +CONFIG_IP_NF_MATCH_RPFILTER=m CONFIG_IP_NF_MATCH_TTL=m CONFIG_IP_NF_FILTER=m CONFIG_IP_NF_TARGET_REJECT=m @@ -585,6 +624,7 @@ CONFIG_IP6_NF_MATCH_OPTS=m CONFIG_IP6_NF_MATCH_HL=m CONFIG_IP6_NF_MATCH_IPV6HEADER=m CONFIG_IP6_NF_MATCH_MH=m +CONFIG_IP6_NF_MATCH_RPFILTER=m CONFIG_IP6_NF_MATCH_RT=m CONFIG_IP6_NF_TARGET_HL=m CONFIG_IP6_NF_TARGET_LOG=m @@ -643,11 +683,6 @@ CONFIG_NET_DSA=y CONFIG_NET_DSA_TAG_DSA=y CONFIG_NET_DSA_TAG_EDSA=y CONFIG_NET_DSA_TAG_TRAILER=y -CONFIG_NET_DSA_MV88E6XXX=y -CONFIG_NET_DSA_MV88E6060=y -CONFIG_NET_DSA_MV88E6XXX_NEED_PPU=y -CONFIG_NET_DSA_MV88E6131=y -CONFIG_NET_DSA_MV88E6123_61_65=y CONFIG_VLAN_8021Q=m CONFIG_VLAN_8021Q_GVRP=y # CONFIG_DECNET is not set @@ -723,6 +758,9 @@ CONFIG_NET_SCH_FIFO=y # CONFIG_DCB is not set CONFIG_DNS_RESOLVER=y # CONFIG_BATMAN_ADV is not set +CONFIG_OPENVSWITCH=m +CONFIG_NETPRIO_CGROUP=m +CONFIG_BQL=y # # Network testing @@ -733,8 +771,6 @@ CONFIG_DNS_RESOLVER=y # CONFIG_CAN is not set # CONFIG_IRDA is not set CONFIG_BT=m -CONFIG_BT_L2CAP=y -CONFIG_BT_SCO=y CONFIG_BT_RFCOMM=m CONFIG_BT_RFCOMM_TTY=y CONFIG_BT_BNEP=m @@ -819,8 +855,10 @@ CONFIG_FW_LOADER=y CONFIG_EXTRA_FIRMWARE="" # CONFIG_DEBUG_DRIVER is not set # CONFIG_DEBUG_DEVRES is not set +# CONFIG_GENERIC_CPU_DEVICES is not set CONFIG_REGMAP=y CONFIG_REGMAP_I2C=m +# CONFIG_DMA_SHARED_BUFFER is not set CONFIG_CONNECTOR=y CONFIG_PROC_EVENTS=y # CONFIG_MTD is not set @@ -850,6 +888,7 @@ CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 CONFIG_BLK_DEV_CRYPTOLOOP=m # CONFIG_BLK_DEV_DRBD is not set # CONFIG_BLK_DEV_NBD is not set +CONFIG_BLK_DEV_NVME=m # CONFIG_BLK_DEV_OSD is not set CONFIG_BLK_DEV_SX8=m # CONFIG_BLK_DEV_UB is not set @@ -861,7 +900,10 @@ CONFIG_BLK_DEV_RAM_SIZE=16384 # CONFIG_ATA_OVER_ETH is not set CONFIG_VIRTIO_BLK=m # CONFIG_BLK_DEV_RBD is not set -CONFIG_MISC_DEVICES=y + +# +# Misc devices +# # CONFIG_AD525X_DPOT is not set # CONFIG_PHANTOM is not set # CONFIG_INTEL_MID_PTI is not set @@ -983,7 +1025,6 @@ CONFIG_SCSI_MVSAS=m CONFIG_SCSI_MVSAS_TASKLET=y # CONFIG_SCSI_MVUMI is not set CONFIG_SCSI_DPT_I2O=m -CONFIG_SCSI_ADVANSYS=m CONFIG_SCSI_ARCMSR=m CONFIG_MEGARAID_NEWGEN=y CONFIG_MEGARAID_MM=m @@ -1190,6 +1231,7 @@ CONFIG_DUMMY=m # CONFIG_NET_FC is not set CONFIG_MII=m CONFIG_IFB=m +# CONFIG_NET_TEAM is not set CONFIG_MACVLAN=m CONFIG_MACVTAP=m CONFIG_NETCONSOLE=m @@ -1226,6 +1268,15 @@ CONFIG_ATM_SOLOS=m # # CAIF transport drivers # + +# +# Distributed Switch Architecture drivers +# +CONFIG_NET_DSA_MV88E6XXX=y +CONFIG_NET_DSA_MV88E6060=y +CONFIG_NET_DSA_MV88E6XXX_NEED_PPU=y +CONFIG_NET_DSA_MV88E6131=y +CONFIG_NET_DSA_MV88E6123_61_65=y CONFIG_ETHERNET=y CONFIG_MDIO=m CONFIG_NET_VENDOR_3COM=y @@ -1255,6 +1306,7 @@ CONFIG_TIGON3=m CONFIG_BNX2X=m CONFIG_NET_VENDOR_BROCADE=y CONFIG_BNA=m +CONFIG_NET_CALXEDA_XGMAC=m CONFIG_NET_VENDOR_CHELSIO=y CONFIG_CHELSIO_T1=m CONFIG_CHELSIO_T1_1G=y @@ -1356,6 +1408,8 @@ CONFIG_EPIC100=m CONFIG_SMSC9420=m CONFIG_NET_VENDOR_STMICRO=y CONFIG_STMMAC_ETH=m +CONFIG_STMMAC_PLATFORM=m +CONFIG_STMMAC_PCI=m # CONFIG_STMMAC_DEBUG_FS is not set # CONFIG_STMMAC_DA is not set CONFIG_STMMAC_RING=y @@ -1477,6 +1531,7 @@ CONFIG_ATH9K_PCI=y CONFIG_ATH9K_AHB=y CONFIG_ATH9K_DEBUGFS=y CONFIG_ATH9K_RATE_CONTROL=y +CONFIG_ATH9K_BTCOEX_SUPPORT=y CONFIG_ATH9K_HTC=m # CONFIG_ATH9K_HTC_DEBUGFS is not set CONFIG_CARL9170=m @@ -1508,7 +1563,6 @@ CONFIG_B43LEGACY_PIO=y CONFIG_B43LEGACY_DMA_AND_PIO_MODE=y # CONFIG_B43LEGACY_DMA_MODE is not set # CONFIG_B43LEGACY_PIO_MODE is not set -# CONFIG_BRCMSMAC is not set # CONFIG_BRCMFMAC is not set CONFIG_HOSTAP=m CONFIG_HOSTAP_FIRMWARE=y @@ -1527,14 +1581,13 @@ CONFIG_IPW2200_QOS=y CONFIG_LIBIPW=m # CONFIG_LIBIPW_DEBUG is not set # CONFIG_IWLWIFI is not set -CONFIG_IWLWIFI_LEGACY=m +CONFIG_IWLEGACY=m # # Debugging Options # -# CONFIG_IWLWIFI_LEGACY_DEBUG is not set -CONFIG_IWLWIFI_LEGACY_DEBUGFS=y -# CONFIG_IWLWIFI_LEGACY_DEVICE_TRACING is not set +# CONFIG_IWLEGACY_DEBUG is not set +# CONFIG_IWLEGACY_DEBUGFS is not set CONFIG_IWL4965=m CONFIG_IWL3945=m # CONFIG_IWM is not set @@ -1589,7 +1642,6 @@ CONFIG_WL1251_SDIO=m CONFIG_WL12XX_MENU=m CONFIG_WL12XX=m CONFIG_WL12XX_SDIO=m -# CONFIG_WL12XX_SDIO_TEST is not set CONFIG_WL12XX_PLATFORM_DATA=y CONFIG_ZD1211RW=m # CONFIG_ZD1211RW_DEBUG is not set @@ -1737,6 +1789,7 @@ CONFIG_KEYBOARD_ATKBD=y CONFIG_KEYBOARD_GPIO=m CONFIG_KEYBOARD_GPIO_POLLED=m # CONFIG_KEYBOARD_TCA6416 is not set +# CONFIG_KEYBOARD_TCA8418 is not set # CONFIG_KEYBOARD_MATRIX is not set # CONFIG_KEYBOARD_LM8323 is not set # CONFIG_KEYBOARD_MAX7359 is not set @@ -1770,6 +1823,8 @@ CONFIG_INPUT_MISC=y # CONFIG_INPUT_BMA150 is not set # CONFIG_INPUT_MMA8450 is not set # CONFIG_INPUT_MPU3050 is not set +# CONFIG_INPUT_GP2A is not set +# CONFIG_INPUT_GPIO_TILT_POLLED is not set CONFIG_INPUT_ATI_REMOTE2=m CONFIG_INPUT_KEYSPAN_REMOTE=m # CONFIG_INPUT_KXTJ9 is not set @@ -1956,7 +2011,6 @@ CONFIG_GPIO_SYSFS=y # Memory mapped GPIO drivers: # # CONFIG_GPIO_GENERIC_PLATFORM is not set -# CONFIG_GPIO_IT8761E is not set # CONFIG_GPIO_VX855 is not set # @@ -2018,12 +2072,13 @@ CONFIG_POWER_SUPPLY=y # CONFIG_BATTERY_DS2760 is not set # CONFIG_BATTERY_DS2780 is not set # CONFIG_BATTERY_DS2782 is not set -# CONFIG_BATTERY_BQ20Z75 is not set +# CONFIG_BATTERY_SBS is not set # CONFIG_BATTERY_BQ27x00 is not set # CONFIG_BATTERY_MAX17040 is not set # CONFIG_BATTERY_MAX17042 is not set # CONFIG_CHARGER_ISP1704 is not set # CONFIG_CHARGER_MAX8903 is not set +# CONFIG_CHARGER_LP8727 is not set # CONFIG_CHARGER_GPIO is not set CONFIG_HWMON=y CONFIG_HWMON_VID=m @@ -2232,6 +2287,7 @@ CONFIG_IR_RC6_DECODER=m CONFIG_IR_JVC_DECODER=m CONFIG_IR_SONY_DECODER=m CONFIG_IR_RC5_SZ_DECODER=m +CONFIG_IR_SANYO_DECODER=m CONFIG_IR_MCE_KBD_DECODER=m CONFIG_IR_LIRC_CODEC=m # CONFIG_RC_ATI_REMOTE is not set @@ -2256,6 +2312,7 @@ CONFIG_MEDIA_TUNER_TEA5761=m CONFIG_MEDIA_TUNER_TEA5767=m CONFIG_MEDIA_TUNER_MT20XX=m CONFIG_MEDIA_TUNER_MT2060=m +CONFIG_MEDIA_TUNER_MT2063=m CONFIG_MEDIA_TUNER_MT2266=m CONFIG_MEDIA_TUNER_MT2131=m CONFIG_MEDIA_TUNER_QT1010=m @@ -2359,59 +2416,6 @@ CONFIG_VIDEO_UPD64083=m # CONFIG_VIDEO_M52790=m # CONFIG_VIDEO_VIVI is not set -CONFIG_VIDEO_BT848=m -CONFIG_VIDEO_BT848_DVB=y -CONFIG_VIDEO_BWQCAM=m -CONFIG_VIDEO_CQCAM=m -CONFIG_VIDEO_W9966=m -CONFIG_VIDEO_CPIA2=m -CONFIG_VIDEO_ZORAN=m -CONFIG_VIDEO_ZORAN_DC30=m -CONFIG_VIDEO_ZORAN_ZR36060=m -CONFIG_VIDEO_ZORAN_BUZ=m -CONFIG_VIDEO_ZORAN_DC10=m -CONFIG_VIDEO_ZORAN_LML33=m -CONFIG_VIDEO_ZORAN_LML33R10=m -CONFIG_VIDEO_ZORAN_AVS6EYES=m -CONFIG_VIDEO_SAA7134=m -CONFIG_VIDEO_SAA7134_ALSA=m -CONFIG_VIDEO_SAA7134_RC=y -CONFIG_VIDEO_SAA7134_DVB=m -CONFIG_VIDEO_MXB=m -CONFIG_VIDEO_HEXIUM_ORION=m -CONFIG_VIDEO_HEXIUM_GEMINI=m -CONFIG_VIDEO_TIMBERDALE=m -CONFIG_VIDEO_CX88=m -CONFIG_VIDEO_CX88_ALSA=m -CONFIG_VIDEO_CX88_BLACKBIRD=m -CONFIG_VIDEO_CX88_DVB=m -CONFIG_VIDEO_CX88_MPEG=m -CONFIG_VIDEO_CX88_VP3054=m -CONFIG_VIDEO_CX23885=m -# CONFIG_MEDIA_ALTERA_CI is not set -# CONFIG_VIDEO_CX25821 is not set -CONFIG_VIDEO_AU0828=m -CONFIG_VIDEO_IVTV=m -CONFIG_VIDEO_FB_IVTV=m -CONFIG_VIDEO_CX18=m -CONFIG_VIDEO_CX18_ALSA=m -CONFIG_VIDEO_SAA7164=m -CONFIG_SOC_CAMERA=m -CONFIG_SOC_CAMERA_IMX074=m -CONFIG_SOC_CAMERA_MT9M001=m -CONFIG_SOC_CAMERA_MT9M111=m -CONFIG_SOC_CAMERA_MT9T031=m -CONFIG_SOC_CAMERA_MT9T112=m -CONFIG_SOC_CAMERA_MT9V022=m -CONFIG_SOC_CAMERA_RJ54N1=m -CONFIG_SOC_CAMERA_TW9910=m -CONFIG_SOC_CAMERA_PLATFORM=m -CONFIG_SOC_CAMERA_OV2640=m -CONFIG_SOC_CAMERA_OV5642=m -CONFIG_SOC_CAMERA_OV6650=m -CONFIG_SOC_CAMERA_OV772X=m -CONFIG_SOC_CAMERA_OV9640=m -CONFIG_SOC_CAMERA_OV9740=m CONFIG_V4L_USB_DRIVERS=y CONFIG_USB_VIDEO_CLASS=m CONFIG_USB_VIDEO_CLASS_INPUT_EVDEV=y @@ -2425,6 +2429,7 @@ CONFIG_USB_GSPCA_CPIA1=m CONFIG_USB_GSPCA_ETOMS=m CONFIG_USB_GSPCA_FINEPIX=m CONFIG_USB_GSPCA_JEILINJ=m +CONFIG_USB_GSPCA_JL2005BCD=m CONFIG_USB_GSPCA_KINECT=m CONFIG_USB_GSPCA_KONICA=m CONFIG_USB_GSPCA_MARS=m @@ -2482,20 +2487,73 @@ CONFIG_VIDEO_USBVISION=m CONFIG_USB_PWC=m # CONFIG_USB_PWC_DEBUG is not set CONFIG_USB_PWC_INPUT_EVDEV=y +CONFIG_VIDEO_CPIA2=m CONFIG_USB_ZR364XX=m CONFIG_USB_STKWEBCAM=m CONFIG_USB_S2255=m +CONFIG_V4L_PCI_DRIVERS=y +CONFIG_VIDEO_AU0828=m +CONFIG_VIDEO_BT848=m +CONFIG_VIDEO_BT848_DVB=y +CONFIG_VIDEO_CX18=m +CONFIG_VIDEO_CX18_ALSA=m +CONFIG_VIDEO_CX23885=m +# CONFIG_MEDIA_ALTERA_CI is not set +# CONFIG_VIDEO_CX25821 is not set +CONFIG_VIDEO_CX88=m +CONFIG_VIDEO_CX88_ALSA=m +CONFIG_VIDEO_CX88_BLACKBIRD=m +CONFIG_VIDEO_CX88_DVB=m +CONFIG_VIDEO_CX88_VP3054=m +CONFIG_VIDEO_CX88_MPEG=m +CONFIG_VIDEO_HEXIUM_GEMINI=m +CONFIG_VIDEO_HEXIUM_ORION=m +CONFIG_VIDEO_IVTV=m +CONFIG_VIDEO_FB_IVTV=m +CONFIG_VIDEO_MXB=m +CONFIG_VIDEO_SAA7134=m +CONFIG_VIDEO_SAA7134_ALSA=m +CONFIG_VIDEO_SAA7134_RC=y +CONFIG_VIDEO_SAA7134_DVB=m +CONFIG_VIDEO_SAA7164=m +CONFIG_VIDEO_ZORAN=m +CONFIG_VIDEO_ZORAN_DC30=m +CONFIG_VIDEO_ZORAN_ZR36060=m +CONFIG_VIDEO_ZORAN_BUZ=m +CONFIG_VIDEO_ZORAN_DC10=m +CONFIG_VIDEO_ZORAN_LML33=m +CONFIG_VIDEO_ZORAN_LML33R10=m +CONFIG_VIDEO_ZORAN_AVS6EYES=m +# CONFIG_V4L_ISA_PARPORT_DRIVERS is not set +CONFIG_V4L_PLATFORM_DRIVERS=y +CONFIG_VIDEO_TIMBERDALE=m +CONFIG_SOC_CAMERA=m +CONFIG_SOC_CAMERA_IMX074=m +CONFIG_SOC_CAMERA_MT9M001=m +CONFIG_SOC_CAMERA_MT9M111=m +CONFIG_SOC_CAMERA_MT9T031=m +CONFIG_SOC_CAMERA_MT9T112=m +CONFIG_SOC_CAMERA_MT9V022=m +CONFIG_SOC_CAMERA_RJ54N1=m +CONFIG_SOC_CAMERA_TW9910=m +CONFIG_SOC_CAMERA_PLATFORM=m +CONFIG_SOC_CAMERA_OV2640=m +CONFIG_SOC_CAMERA_OV5642=m +CONFIG_SOC_CAMERA_OV6650=m +CONFIG_SOC_CAMERA_OV772X=m +CONFIG_SOC_CAMERA_OV9640=m +CONFIG_SOC_CAMERA_OV9740=m CONFIG_V4L_MEM2MEM_DRIVERS=y # CONFIG_VIDEO_MEM2MEM_TESTDEV is not set CONFIG_RADIO_ADAPTERS=y -CONFIG_RADIO_MAXIRADIO=m -CONFIG_I2C_SI4713=m -CONFIG_RADIO_SI4713=m -CONFIG_USB_DSBR=m CONFIG_RADIO_SI470X=y CONFIG_USB_SI470X=m CONFIG_I2C_SI470X=m CONFIG_USB_MR800=m +CONFIG_USB_DSBR=m +CONFIG_RADIO_MAXIRADIO=m +CONFIG_I2C_SI4713=m +CONFIG_RADIO_SI4713=m # CONFIG_RADIO_TEA5764 is not set # CONFIG_RADIO_SAA7706H is not set # CONFIG_RADIO_TEF6862 is not set @@ -2694,6 +2752,7 @@ CONFIG_DVB_DIB9000=m CONFIG_DVB_TDA10048=m CONFIG_DVB_AF9013=m CONFIG_DVB_EC100=m +CONFIG_DVB_HD29L2=m CONFIG_DVB_STV0367=m CONFIG_DVB_CXD2820R=m @@ -2845,15 +2904,6 @@ CONFIG_BACKLIGHT_CLASS_DEVICE=y # CONFIG_BACKLIGHT_ADP8860 is not set # CONFIG_BACKLIGHT_ADP8870 is not set -# -# Display device support -# -CONFIG_DISPLAY_SUPPORT=m - -# -# Display hardware drivers -# - # # Console display driver support # @@ -2894,6 +2944,7 @@ CONFIG_SND_DEBUG=y # CONFIG_SND_DEBUG_VERBOSE is not set CONFIG_SND_PCM_XRUN_DEBUG=y CONFIG_SND_VMASTER=y +CONFIG_SND_KCTL_JACK=y CONFIG_SND_RAWMIDI_SEQ=m CONFIG_SND_OPL3_LIB_SEQ=m # CONFIG_SND_OPL4_LIB_SEQ is not set @@ -3021,6 +3072,7 @@ CONFIG_SND_FIREWIRE_SPEAKERS=m CONFIG_AC97_BUS=m CONFIG_HID_SUPPORT=y CONFIG_HID=y +CONFIG_HID_BATTERY_STRENGTH=y CONFIG_HIDRAW=y # @@ -3074,10 +3126,10 @@ CONFIG_HID_PICOLCD_BACKLIGHT=y CONFIG_HID_PICOLCD_LCD=y CONFIG_HID_PICOLCD_LEDS=y # CONFIG_HID_PRIMAX is not set -# CONFIG_HID_QUANTA is not set CONFIG_HID_ROCCAT=m CONFIG_HID_ROCCAT_COMMON=m CONFIG_HID_ROCCAT_ARVO=m +CONFIG_HID_ROCCAT_ISKU=m CONFIG_HID_ROCCAT_KONE=m CONFIG_HID_ROCCAT_KONEPLUS=m CONFIG_HID_ROCCAT_KOVAPLUS=m @@ -3112,7 +3164,6 @@ CONFIG_USB_DEVICEFS=y # CONFIG_USB_DYNAMIC_MINORS is not set CONFIG_USB_SUSPEND=y # CONFIG_USB_OTG is not set -# CONFIG_USB_DWC3 is not set CONFIG_USB_MON=m CONFIG_USB_WUSB=m CONFIG_USB_WUSB_CBAF=m @@ -3127,6 +3178,7 @@ CONFIG_USB_XHCI_HCD=m CONFIG_USB_EHCI_HCD=y CONFIG_USB_EHCI_ROOT_HUB_TT=y CONFIG_USB_EHCI_TT_NEWSCHED=y +CONFIG_USB_EHCI_MV=y # CONFIG_USB_OXU210HP_HCD is not set # CONFIG_USB_ISP116X_HCD is not set # CONFIG_USB_ISP1760_HCD is not set @@ -3338,6 +3390,8 @@ CONFIG_LEDS_LP5523=m # CONFIG_LEDS_PCA955X is not set # CONFIG_LEDS_BD2802 is not set CONFIG_LEDS_LT3593=m +CONFIG_LEDS_TCA6507=m +CONFIG_LEDS_OT200=m CONFIG_LEDS_TRIGGERS=y # @@ -3455,6 +3509,10 @@ CONFIG_VIRTIO_PCI=y CONFIG_VIRTIO_BALLOON=m # CONFIG_VIRTIO_MMIO is not set +# +# Microsoft Hyper-V guest support +# + # # Xen driver support # @@ -3468,12 +3526,15 @@ CONFIG_ET131X=m # CONFIG_PANEL is not set # CONFIG_R8187SE is not set # CONFIG_RTL8192U is not set +CONFIG_RTLLIB=m +CONFIG_RTLLIB_CRYPTO_CCMP=m +CONFIG_RTLLIB_CRYPTO_TKIP=m +CONFIG_RTLLIB_CRYPTO_WEP=m # CONFIG_RTL8192E is not set # CONFIG_R8712U is not set # CONFIG_RTS_PSTOR is not set # CONFIG_RTS5139 is not set # CONFIG_TRANZPORT is not set -# CONFIG_POHMELFS is not set # CONFIG_IDE_PHISON is not set # CONFIG_LINE6_USB is not set @@ -3505,6 +3566,11 @@ CONFIG_ET131X=m # CONFIG_TOUCHSCREEN_SYNAPTICS_I2C_RMI4 is not set # CONFIG_STAGING_MEDIA is not set +# +# Android +# +# CONFIG_ANDROID is not set + # # Hardware Spinlock drivers # @@ -3546,6 +3612,7 @@ CONFIG_XFS_RT=y # CONFIG_OCFS2_FS is not set CONFIG_BTRFS_FS=m CONFIG_BTRFS_FS_POSIX_ACL=y +# CONFIG_BTRFS_FS_CHECK_INTEGRITY is not set # CONFIG_NILFS2_FS is not set CONFIG_FS_POSIX_ACL=y CONFIG_EXPORTFS=y @@ -3650,6 +3717,7 @@ CONFIG_NFSD_V2_ACL=y CONFIG_NFSD_V3=y CONFIG_NFSD_V3_ACL=y CONFIG_NFSD_V4=y +# CONFIG_NFSD_FAULT_INJECTION is not set CONFIG_LOCKD=m CONFIG_LOCKD_V4=y CONFIG_NFS_ACL_SUPPORT=m @@ -3673,29 +3741,6 @@ CONFIG_CIFS_ACL=y # CONFIG_NCP_FS is not set # CONFIG_CODA_FS is not set # CONFIG_AFS_FS is not set - -# -# Partition Types -# -CONFIG_PARTITION_ADVANCED=y -# CONFIG_ACORN_PARTITION is not set -# CONFIG_OSF_PARTITION is not set -# CONFIG_AMIGA_PARTITION is not set -# CONFIG_ATARI_PARTITION is not set -# CONFIG_MAC_PARTITION is not set -CONFIG_MSDOS_PARTITION=y -# CONFIG_BSD_DISKLABEL is not set -# CONFIG_MINIX_SUBPARTITION is not set -# CONFIG_SOLARIS_X86_PARTITION is not set -# CONFIG_UNIXWARE_DISKLABEL is not set -CONFIG_LDM_PARTITION=y -# CONFIG_LDM_DEBUG is not set -# CONFIG_SGI_PARTITION is not set -# CONFIG_ULTRIX_PARTITION is not set -# CONFIG_SUN_PARTITION is not set -# CONFIG_KARMA_PARTITION is not set -CONFIG_EFI_PARTITION=y -# CONFIG_SYSV68_PARTITION is not set CONFIG_NLS=y CONFIG_NLS_DEFAULT="utf-8" CONFIG_NLS_CODEPAGE_437=y @@ -3921,7 +3966,6 @@ CONFIG_GRKERNSEC_PROC_IPADDR=y CONFIG_GRKERNSEC_DMESG=y CONFIG_GRKERNSEC_HARDEN_PTRACE=y CONFIG_GRKERNSEC_PTRACE_READEXEC=y -CONFIG_GRKERNSEC_SETXID=y # CONFIG_GRKERNSEC_TPE is not set # @@ -3974,7 +4018,6 @@ CONFIG_PAX_RANDMMAP=y # Miscellaneous hardening features # CONFIG_PAX_USERCOPY=y -# CONFIG_PAX_SIZE_OVERFLOW is not set CONFIG_KEYS=y # CONFIG_ENCRYPTED_KEYS is not set CONFIG_KEYS_DEBUG_PROC_KEYS=y @@ -4120,6 +4163,7 @@ CONFIG_BINARY_PRINTF=y # CONFIG_RAID6_PQ=m CONFIG_BITREVERSE=y +CONFIG_GENERIC_PCI_IOMAP=y CONFIG_CRC_CCITT=m CONFIG_CRC16=y CONFIG_CRC_T10DIF=m @@ -4154,6 +4198,7 @@ CONFIG_HAS_IOMEM=y CONFIG_HAS_IOPORT=y CONFIG_HAS_DMA=y CONFIG_CHECK_SIGNATURE=y +CONFIG_DQL=y CONFIG_NLATTR=y CONFIG_AVERAGE=y CONFIG_CORDIC=m diff --git a/kernel/config-i686-default b/kernel/config-i686-default index 5a4ba8feb..c273ee1d0 100644 --- a/kernel/config-i686-default +++ b/kernel/config-i686-default @@ -31,8 +31,8 @@ CONFIG_X86_32_NON_STANDARD=y # CONFIG_X86_SUMMIT is not set # CONFIG_X86_ES7000 is not set CONFIG_X86_32_IRIS=m +CONFIG_XEN_MAX_DOMAIN_MEMORY=64 # CONFIG_LGUEST_GUEST is not set -CONFIG_X86_CYCLONE_TIMER=y # CONFIG_M386 is not set # CONFIG_M486 is not set # CONFIG_M586 is not set @@ -133,6 +133,8 @@ CONFIG_X86_LONGRUN=y # CONFIG_PCI_GODIRECT is not set CONFIG_PCI_GOANY=y CONFIG_PCI_BIOS=y +# CONFIG_PCI_PRI is not set +# CONFIG_PCI_PASID is not set # CONFIG_ISA is not set # CONFIG_MCA is not set # CONFIG_SCx200 is not set @@ -146,7 +148,7 @@ CONFIG_PCI_BIOS=y # CONFIG_HOTPLUG_PCI_SHPC is not set # -# Protocols +# Misc devices # CONFIG_IBM_ASM=m # CONFIG_SGI_IOC4 is not set @@ -243,7 +245,7 @@ CONFIG_VIDEO_CAFE_CCIC=m # CONFIG_EDAC_R82600 is not set # -# Speakup console speech +# Android # CONFIG_TC1100_WMI=m @@ -284,6 +286,7 @@ CONFIG_PAX_SEGMEXEC=y # CONFIG_CRYPTO_AES_586=y # CONFIG_CRYPTO_SALSA20_586 is not set +CONFIG_CRYPTO_SERPENT_SSE2_586=m CONFIG_CRYPTO_TWOFISH_586=m # diff --git a/kernel/config-i686-legacy b/kernel/config-i686-legacy index 6f03829f2..b28d1c848 100644 --- a/kernel/config-i686-legacy +++ b/kernel/config-i686-legacy @@ -31,6 +31,7 @@ CONFIG_OF=y # Device Tree and Open Firmware support # CONFIG_PROC_DEVICETREE=y +# CONFIG_OF_SELFTEST is not set CONFIG_OF_PROMTREE=y CONFIG_OF_ADDRESS=y CONFIG_OF_IRQ=y @@ -92,12 +93,12 @@ CONFIG_FB_SYS_FOPS=m # CONFIG_LEDS_NET5501 is not set # -# Virtio drivers +# Microsoft Hyper-V guest support # # CONFIG_FB_OLPC_DCON is not set # -# Speakup console speech +# Android # CONFIG_XO1_RFKILL=m diff --git a/kernel/config-x86-generic b/kernel/config-x86-generic index b9a309b40..b81d82e6e 100644 --- a/kernel/config-x86-generic +++ b/kernel/config-x86-generic @@ -3,10 +3,8 @@ CONFIG_INSTRUCTION_DECODER=y CONFIG_GENERIC_CMOS_UPDATE=y CONFIG_CLOCKSOURCE_WATCHDOG=y CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y -CONFIG_ZONE_DMA=y CONFIG_NEED_SG_DMA_LENGTH=y CONFIG_GENERIC_ISA_DMA=y -CONFIG_GENERIC_IOMAP=y CONFIG_ARCH_MAY_HAVE_PC_FDC=y # CONFIG_RWSEM_GENERIC_SPINLOCK is not set CONFIG_RWSEM_XCHGADD_ALGORITHM=y @@ -16,7 +14,6 @@ CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y CONFIG_ARCH_HIBERNATION_POSSIBLE=y -CONFIG_ARCH_POPULATES_NODE_MAP=y CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING=y CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y CONFIG_X86_HT=y @@ -28,9 +25,6 @@ CONFIG_ARCH_CPU_PROBE_RELEASE=y # CONFIG_KERNEL_GZIP is not set # CONFIG_KERNEL_BZIP2 is not set CONFIG_KERNEL_XZ=y -CONFIG_AUDITSYSCALL=y -CONFIG_AUDIT_WATCH=y -CONFIG_AUDIT_TREE=y # # IRQ subsystem @@ -49,6 +43,7 @@ CONFIG_PCSPKR_PLATFORM=y # # Kernel Performance Events And Counters # +CONFIG_OPROFILE_NMI_TIMER=y CONFIG_JUMP_LABEL=y CONFIG_USER_RETURN_NOTIFIER=y CONFIG_USE_GENERIC_SMP_HELPERS=y @@ -69,6 +64,7 @@ CONFIG_MUTEX_SPIN_ON_OWNER=y # # Processor type and features # +CONFIG_ZONE_DMA=y CONFIG_GENERIC_CLOCKEVENTS_MIN_ADJUST=y CONFIG_SMP=y CONFIG_X86_MPPARSE=y @@ -81,7 +77,6 @@ CONFIG_XEN=y CONFIG_XEN_DOM0=y CONFIG_XEN_PRIVILEGED_GUEST=y CONFIG_XEN_PVHVM=y -CONFIG_XEN_MAX_DOMAIN_MEMORY=128 CONFIG_XEN_SAVE_RESTORE=y CONFIG_XEN_DEBUG_FS=y CONFIG_KVM_CLOCK=y @@ -96,8 +91,6 @@ CONFIG_NO_BOOTMEM=y # CONFIG_MCORE2 is not set # CONFIG_MATOM is not set CONFIG_X86_CMPXCHG=y -CONFIG_CMPXCHG_LOCAL=y -CONFIG_CMPXCHG_DOUBLE=y CONFIG_X86_L1_CACHE_SHIFT=6 CONFIG_X86_XADD=y CONFIG_X86_WP_WORKS_OK=y @@ -136,6 +129,7 @@ CONFIG_ARCH_PHYS_ADDR_T_64BIT=y CONFIG_ARCH_DMA_ADDR_T_64BIT=y CONFIG_ARCH_SPARSEMEM_ENABLE=y CONFIG_ARCH_SELECT_MEMORY_MODEL=y +CONFIG_ARCH_DISCARD_MEMBLOCK=y CONFIG_SPLIT_PTLOCK_CPUS=4 CONFIG_PHYS_ADDR_T_64BIT=y CONFIG_ZONE_DMA_FLAG=1 @@ -158,6 +152,7 @@ CONFIG_X86_PAT=y CONFIG_ARCH_USES_PG_UNCACHED=y CONFIG_ARCH_RANDOM=y CONFIG_EFI=y +CONFIG_EFI_STUB=y # CONFIG_HZ_100 is not set # CONFIG_HZ_250 is not set CONFIG_HZ_300=y @@ -298,9 +293,14 @@ CONFIG_PNP=y # CONFIG_PNPACPI=y CONFIG_BLK_DEV_FD=m +CONFIG_BLK_DEV_PCIESSD_MTIP32XX=m CONFIG_XEN_BLKDEV_FRONTEND=m CONFIG_XEN_BLKDEV_BACKEND=m # CONFIG_BLK_DEV_HD is not set + +# +# Misc devices +# CONFIG_SENSORS_LIS3LV02D=m CONFIG_VMWARE_BALLOON=m @@ -308,6 +308,7 @@ CONFIG_VMWARE_BALLOON=m # SCSI Transports # CONFIG_SCSI_ACARD=m +CONFIG_SCSI_ADVANSYS=m CONFIG_SCSI_BUSLOGIC=m CONFIG_VMWARE_PVSCSI=m CONFIG_FCOE_FNIC=m @@ -336,7 +337,7 @@ CONFIG_ATM_HE=m # CONFIG_ATM_HE_USE_SUNI is not set # -# CAIF transport drivers +# Distributed Switch Architecture drivers # CONFIG_IGB_DCA=y CONFIG_IXGBE_DCA=y @@ -415,6 +416,7 @@ CONFIG_I2C_SCMI=m # # Memory mapped GPIO drivers: # +# CONFIG_GPIO_IT8761E is not set CONFIG_GPIO_SCH=m # @@ -472,6 +474,7 @@ CONFIG_NV_TCO=m # CONFIG_CPU5_WDT is not set CONFIG_SMSC_SCH311X_WDT=m # CONFIG_SMSC37B787_WDT is not set +CONFIG_VIA_WDT=m CONFIG_W83627HF_WDT=m CONFIG_W83697HF_WDT=m CONFIG_W83697UG_WDT=m @@ -517,6 +520,9 @@ CONFIG_DRM_I810=m CONFIG_DRM_I915=m CONFIG_DRM_I915_KMS=y CONFIG_DRM_SIS=m +CONFIG_DRM_GMA500=m +CONFIG_DRM_GMA600=y +CONFIG_DRM_GMA3600=y CONFIG_FB_BOOT_VESA_SUPPORT=y CONFIG_FB_CFB_FILLRECT=y CONFIG_FB_CFB_COPYAREA=y @@ -620,6 +626,11 @@ CONFIG_PCH_DMA=m # CONFIG_DCA=m +# +# Microsoft Hyper-V guest support +# +# CONFIG_HYPERV is not set + # # Xen driver support # @@ -637,6 +648,7 @@ CONFIG_XEN_GRANT_DEV_ALLOC=m CONFIG_SWIOTLB_XEN=y CONFIG_XEN_TMEM=y CONFIG_XEN_PCIDEV_BACKEND=m +CONFIG_XEN_PRIVCMD=m # CONFIG_SLICOSS is not set # CONFIG_COMEDI is not set CONFIG_DRM_NOUVEAU=m @@ -653,8 +665,11 @@ CONFIG_DRM_NOUVEAU_DEBUG=y # # Speakup console speech # -# CONFIG_DRM_PSB is not set # CONFIG_INTEL_MEI is not set + +# +# Android +# CONFIG_X86_PLATFORM_DEVICES=y CONFIG_ACER_WMI=m CONFIG_ACERHDF=m @@ -664,6 +679,8 @@ CONFIG_DELL_WMI=m CONFIG_DELL_WMI_AIO=m CONFIG_FUJITSU_LAPTOP=m # CONFIG_FUJITSU_LAPTOP_DEBUG is not set +# CONFIG_FUJITSU_TABLET is not set +CONFIG_AMILO_RFKILL=m CONFIG_HP_ACCEL=m CONFIG_HP_WMI=m CONFIG_MSI_LAPTOP=m @@ -711,7 +728,6 @@ CONFIG_DMAR_TABLE=y CONFIG_INTEL_IOMMU=y # CONFIG_INTEL_IOMMU_DEFAULT_ON is not set CONFIG_INTEL_IOMMU_FLOPPY_WA=y -# CONFIG_HYPERV is not set # # Firmware Drivers @@ -726,7 +742,6 @@ CONFIG_DMIID=y CONFIG_DMI_SYSFS=y CONFIG_ISCSI_IBFT_FIND=y CONFIG_ISCSI_IBFT=m -# CONFIG_SIGMA is not set # CONFIG_GOOGLE_FIRMWARE is not set # @@ -768,6 +783,7 @@ CONFIG_DEBUG_BOOT_PARAMS=y # CONFIG_CPA_DEBUG is not set CONFIG_OPTIMIZE_INLINING=y # CONFIG_DEBUG_STRICT_USER_COPY_CHECKS is not set +# CONFIG_DEBUG_NMI_SELFTEST is not set # # Memory Protections @@ -780,6 +796,11 @@ CONFIG_OPTIMIZE_INLINING=y CONFIG_GRKERNSEC_RWXMAP_LOG=y CONFIG_GRKERNSEC_AUDIT_TEXTREL=y +# +# Executable Protections +# +CONFIG_GRKERNSEC_SETXID=y + # # Non-executable pages # @@ -800,6 +821,7 @@ CONFIG_PAX_RANDKSTACK=y # CONFIG_PAX_MEMORY_STACKLEAK=y CONFIG_PAX_REFCOUNT=y +# CONFIG_PAX_SIZE_OVERFLOW is not set CONFIG_LSM_MMAP_MIN_ADDR=65536 CONFIG_ASYNC_TX_DISABLE_PQ_VAL_DMA=y CONFIG_ASYNC_TX_DISABLE_XOR_VAL_DMA=y @@ -839,5 +861,6 @@ CONFIG_VHOST_NET=m # Library routines # CONFIG_GENERIC_FIND_FIRST_BIT=y +CONFIG_GENERIC_IOMAP=y CONFIG_GENERIC_ALLOCATOR=y CONFIG_CPU_RMAP=y diff --git a/kernel/config-x86_64-default b/kernel/config-x86_64-default index c6b9a498c..14b8ad815 100644 --- a/kernel/config-x86_64-default +++ b/kernel/config-x86_64-default @@ -18,7 +18,7 @@ CONFIG_ARCH_HWEIGHT_CFLAGS="-fcall-saved-rdi -fcall-saved-rsi -fcall-saved-rdx - CONFIG_RCU_FANOUT=64 # -# GCOV-based kernel profiling +# Partition Types # CONFIG_BLOCK_COMPAT=y @@ -26,8 +26,10 @@ CONFIG_BLOCK_COMPAT=y # Processor type and features # CONFIG_X86_X2APIC=y +CONFIG_X86_NUMACHIP=y # CONFIG_X86_VSMP is not set # CONFIG_X86_UV is not set +CONFIG_XEN_MAX_DOMAIN_MEMORY=500 # CONFIG_MPSC is not set CONFIG_GENERIC_CPU=y CONFIG_X86_INTERNODE_CACHE_SHIFT=7 @@ -71,6 +73,12 @@ CONFIG_ACPI_BLACKLIST_YEAR=0 CONFIG_I7300_IDLE_IOAT_CHANNEL=y CONFIG_I7300_IDLE=m +# +# Bus options (PCI etc.) +# +CONFIG_PCI_PRI=y +CONFIG_PCI_PASID=y + # # PC-card bridges # @@ -94,7 +102,7 @@ CONFIG_COMPAT_NETLINK_MESSAGES=y CONFIG_BPF_JIT=y # -# Protocols +# Misc devices # # CONFIG_IBM_ASM is not set CONFIG_SGI_IOC4=m @@ -167,5 +175,6 @@ CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL=m CONFIG_CRYPTO_AES_X86_64=y CONFIG_CRYPTO_BLOWFISH_X86_64=m CONFIG_CRYPTO_SALSA20_X86_64=m +CONFIG_CRYPTO_SERPENT_SSE2_X86_64=m CONFIG_CRYPTO_TWOFISH_X86_64=m CONFIG_CRYPTO_TWOFISH_X86_64_3WAY=m diff --git a/kernel/kernel.nm b/kernel/kernel.nm index 67945fcbe..10bc121cf 100644 --- a/kernel/kernel.nm +++ b/kernel/kernel.nm @@ -4,8 +4,8 @@ ############################################################################### name = kernel -version = 3.2.12 -release = 4 +version = 3.3.6 +release = 1 thisapp = linux-%{version} maintainer = Michael Tremer @@ -142,6 +142,15 @@ build prepare_cmds rm -f %{DIR_APP}/localversion-grsec + # Remove -Werror flag to fix ARMv5 build. + sed -e "s/-Werror//g" -i grsecurity/Makefile + + # Disable the colorize plugin. + # It's generally very nice but it clutters our + # logfiles. + sed -e "/^COLORIZE_PLUGIN_CFLAGS/d" \ + -i Makefile + sed -e "s/^HOSTCFLAGS.*=.*/& -fPIC/g" -i Makefile cp -vf %{DIR_SOURCE}/%{DISTRO_SNAME}_logo.ppm \ diff --git a/kernel/patches/grsecurity-2.9-3.2.12-201203221944.patch b/kernel/patches/grsecurity-2.9-3.3.6-201205151707.patch similarity index 91% rename from kernel/patches/grsecurity-2.9-3.2.12-201203221944.patch rename to kernel/patches/grsecurity-2.9-3.3.6-201205151707.patch index 94d7e91d2..9202846db 100644 --- a/kernel/patches/grsecurity-2.9-3.2.12-201203221944.patch +++ b/kernel/patches/grsecurity-2.9-3.3.6-201205151707.patch @@ -1,5 +1,5 @@ diff --git a/Documentation/dontdiff b/Documentation/dontdiff -index dfa6fc6..df93044 100644 +index 0c083c5..bf13011 100644 --- a/Documentation/dontdiff +++ b/Documentation/dontdiff @@ -2,9 +2,11 @@ @@ -34,7 +34,7 @@ index dfa6fc6..df93044 100644 *_vga16.c *~ \#*# -@@ -70,6 +75,7 @@ Kerntypes +@@ -69,6 +74,7 @@ Image Module.markers Module.symvers PENDING @@ -42,7 +42,7 @@ index dfa6fc6..df93044 100644 SCCS System.map* TAGS -@@ -93,19 +99,24 @@ bounds.h +@@ -92,19 +98,24 @@ bounds.h bsetup btfixupprep build @@ -67,7 +67,7 @@ index dfa6fc6..df93044 100644 conmakehash consolemap_deftbl.c* cpustr.h -@@ -116,9 +127,11 @@ devlist.h* +@@ -115,9 +126,11 @@ devlist.h* dnotify_test docproc dslm @@ -79,7 +79,7 @@ index dfa6fc6..df93044 100644 fixdep flask.h fore200e_mkfirm -@@ -126,12 +139,15 @@ fore200e_pca_fw.c* +@@ -125,12 +138,15 @@ fore200e_pca_fw.c* gconf gconf.glade.h gen-devlist @@ -95,7 +95,7 @@ index dfa6fc6..df93044 100644 hpet_example hugepage-mmap hugepage-shm -@@ -146,7 +162,7 @@ int32.c +@@ -145,7 +161,7 @@ int32.c int4.c int8.c kallsyms @@ -104,7 +104,7 @@ index dfa6fc6..df93044 100644 keywords.c ksym.c* ksym.h* -@@ -154,7 +170,7 @@ kxgettext +@@ -153,7 +169,7 @@ kxgettext lkc_defs.h lex.c lex.*.c @@ -113,7 +113,7 @@ index dfa6fc6..df93044 100644 logo_*.c logo_*_clut224.c logo_*_mono.c -@@ -166,14 +182,15 @@ machtypes.h +@@ -165,14 +181,15 @@ machtypes.h map map_hugetlb maui_boot.h @@ -130,7 +130,7 @@ index dfa6fc6..df93044 100644 mkprep mkregtable mktables -@@ -209,6 +226,7 @@ r300_reg_safe.h +@@ -208,6 +225,7 @@ r300_reg_safe.h r420_reg_safe.h r600_reg_safe.h recordmcount @@ -138,7 +138,7 @@ index dfa6fc6..df93044 100644 relocs rlim_names.h rn50_reg_safe.h -@@ -219,6 +237,7 @@ setup +@@ -218,6 +236,7 @@ setup setup.bin setup.elf sImage @@ -146,7 +146,7 @@ index dfa6fc6..df93044 100644 sm_tbl* split-include syscalltab.h -@@ -229,6 +248,7 @@ tftpboot.img +@@ -228,6 +247,7 @@ tftpboot.img timeconst.h times.h* trix_boot.h @@ -154,7 +154,7 @@ index dfa6fc6..df93044 100644 utsrelease.h* vdso-syms.lds vdso.lds -@@ -246,7 +266,9 @@ vmlinux +@@ -245,7 +265,9 @@ vmlinux vmlinux-* vmlinux.aout vmlinux.bin.all @@ -164,7 +164,7 @@ index dfa6fc6..df93044 100644 vmlinuz voffset.h vsyscall.lds -@@ -254,9 +276,11 @@ vsyscall_32.lds +@@ -253,9 +275,11 @@ vsyscall_32.lds wanxlfw.inc uImage unifdef @@ -177,10 +177,10 @@ index dfa6fc6..df93044 100644 +zconf.lex.c zoffset.h diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt -index 81c287f..d456d02 100644 +index d99fd9c..8689fef 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt -@@ -1935,6 +1935,13 @@ bytes respectively. Such letter suffixes can also be entirely omitted. +@@ -1977,6 +1977,13 @@ bytes respectively. Such letter suffixes can also be entirely omitted. the specified number of seconds. This is to be used if your oopses keep scrolling off the screen. @@ -195,7 +195,7 @@ index 81c287f..d456d02 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 15e80f1..4fb87db 100644 +index 9cd6941..92e68ff 100644 --- a/Makefile +++ b/Makefile @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -221,15 +221,17 @@ index 15e80f1..4fb87db 100644 $(Q)$(MAKE) $(build)=scripts/basic $(Q)rm -f .tmp_quiet_recordmcount -@@ -564,6 +565,53 @@ else +@@ -564,6 +565,55 @@ else KBUILD_CFLAGS += -O2 endif +ifndef DISABLE_PAX_PLUGINS +ifeq ($(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCC)" "$(CC)"), y) +ifndef DISABLE_PAX_CONSTIFY_PLUGIN ++ifndef CONFIG_UML +CONSTIFY_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/constify_plugin.so -DCONSTIFY_PLUGIN +endif ++endif +ifdef CONFIG_PAX_MEMORY_STACKLEAK +STACKLEAK_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/stackleak_plugin.so -DSTACKLEAK_PLUGIN +STACKLEAK_PLUGIN_CFLAGS += -fplugin-arg-stackleak_plugin-track-lowest-sp=100 @@ -249,10 +251,10 @@ index 15e80f1..4fb87db 100644 +endif +COLORIZE_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/colorize_plugin.so +ifdef CONFIG_PAX_SIZE_OVERFLOW -+SIZE_OVERFLOW_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/size_overflow_plugin.so -DSIZE_OVERFLOW_PLUGIN ++SIZE_OVERFLOW_PLUGIN := -fplugin=$(objtree)/tools/gcc/size_overflow_plugin.so -DSIZE_OVERFLOW_PLUGIN +endif +GCC_PLUGINS_CFLAGS := $(CONSTIFY_PLUGIN_CFLAGS) $(STACKLEAK_PLUGIN_CFLAGS) $(KALLOCSTAT_PLUGIN_CFLAGS) -+GCC_PLUGINS_CFLAGS += $(KERNEXEC_PLUGIN_CFLAGS) $(CHECKER_PLUGIN_CFLAGS) $(COLORIZE_PLUGIN_CFLAGS) $(SIZE_OVERFLOW_PLUGIN_CFLAGS) ++GCC_PLUGINS_CFLAGS += $(KERNEXEC_PLUGIN_CFLAGS) $(CHECKER_PLUGIN_CFLAGS) $(COLORIZE_PLUGIN_CFLAGS) $(SIZE_OVERFLOW_PLUGIN) +GCC_PLUGINS_AFLAGS := $(KERNEXEC_PLUGIN_AFLAGS) +export CONSTIFY_PLUGIN STACKLEAK_PLUGIN KERNEXEC_PLUGIN CHECKER_PLUGIN SIZE_OVERFLOW_PLUGIN +ifeq ($(KBUILD_EXTMOD),) @@ -275,7 +277,7 @@ index 15e80f1..4fb87db 100644 include $(srctree)/arch/$(SRCARCH)/Makefile ifneq ($(CONFIG_FRAME_WARN),0) -@@ -708,7 +756,7 @@ export mod_strip_cmd +@@ -708,7 +758,7 @@ export mod_strip_cmd ifeq ($(KBUILD_EXTMOD),) @@ -284,7 +286,7 @@ index 15e80f1..4fb87db 100644 vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \ $(core-y) $(core-m) $(drivers-y) $(drivers-m) \ -@@ -932,6 +980,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE +@@ -932,6 +982,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE # The actual objects are generated when descending, # make sure no implicit rule kicks in @@ -293,7 +295,7 @@ index 15e80f1..4fb87db 100644 $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; # Handle descending into subdirectories listed in $(vmlinux-dirs) -@@ -941,7 +991,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; +@@ -941,7 +993,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; # Error messages still appears in the original language PHONY += $(vmlinux-dirs) @@ -302,7 +304,7 @@ index 15e80f1..4fb87db 100644 $(Q)$(MAKE) $(build)=$@ # Store (new) KERNELRELASE string in include/config/kernel.release -@@ -985,6 +1035,7 @@ prepare0: archprepare FORCE +@@ -985,6 +1037,7 @@ prepare0: archprepare FORCE $(Q)$(MAKE) $(build)=. # All the preparing.. @@ -310,7 +312,7 @@ index 15e80f1..4fb87db 100644 prepare: prepare0 # Generate some files -@@ -1086,6 +1137,8 @@ all: modules +@@ -1089,6 +1142,8 @@ all: modules # using awk while concatenating to the final file. PHONY += modules @@ -319,7 +321,7 @@ index 15e80f1..4fb87db 100644 modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order @$(kecho) ' Building modules, stage 2.'; -@@ -1101,7 +1154,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) +@@ -1104,7 +1159,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) # Target to prepare building external modules PHONY += modules_prepare @@ -328,7 +330,7 @@ index 15e80f1..4fb87db 100644 # Target to install modules PHONY += modules_install -@@ -1198,6 +1251,7 @@ distclean: mrproper +@@ -1201,6 +1256,7 @@ distclean: mrproper \( -name '*.orig' -o -name '*.rej' -o -name '*~' \ -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \ -o -name '.*.rej' \ @@ -336,7 +338,7 @@ index 15e80f1..4fb87db 100644 -o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \ -type f -print | xargs rm -f -@@ -1358,6 +1412,8 @@ PHONY += $(module-dirs) modules +@@ -1361,6 +1417,8 @@ PHONY += $(module-dirs) modules $(module-dirs): crmodverdir $(objtree)/Module.symvers $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) @@ -345,7 +347,7 @@ index 15e80f1..4fb87db 100644 modules: $(module-dirs) @$(kecho) ' Building modules, stage 2.'; $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost -@@ -1484,17 +1540,21 @@ else +@@ -1487,17 +1545,21 @@ else target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@)) endif @@ -371,7 +373,7 @@ index 15e80f1..4fb87db 100644 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) %.symtypes: %.c prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) -@@ -1504,11 +1564,15 @@ endif +@@ -1507,11 +1569,15 @@ endif $(cmd_crmodverdir) $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ $(build)=$(build-dir) @@ -454,6 +456,23 @@ index da5449e..7418343 100644 /* $0 is set by ld.so to a pointer to a function which might be registered using atexit. This provides a mean for the dynamic linker to call DT_FINI functions for shared libraries that have +diff --git a/arch/alpha/include/asm/pgalloc.h b/arch/alpha/include/asm/pgalloc.h +index bc2a0da..8ad11ee 100644 +--- a/arch/alpha/include/asm/pgalloc.h ++++ b/arch/alpha/include/asm/pgalloc.h +@@ -29,6 +29,12 @@ pgd_populate(struct mm_struct *mm, pgd_t *pgd, pmd_t *pmd) + pgd_set(pgd, pmd); + } + ++static inline void ++pgd_populate_kernel(struct mm_struct *mm, pgd_t *pgd, pmd_t *pmd) ++{ ++ pgd_populate(mm, pgd, pmd); ++} ++ + extern pgd_t *pgd_alloc(struct mm_struct *mm); + + static inline void diff --git a/arch/alpha/include/asm/pgtable.h b/arch/alpha/include/asm/pgtable.h index de98a73..bd4f1f8 100644 --- a/arch/alpha/include/asm/pgtable.h @@ -685,7 +704,7 @@ index fadd5f8..904e73a 100644 /* Allow reads even for write-only mappings */ if (!(vma->vm_flags & (VM_READ | VM_WRITE))) diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic.h -index 86976d0..683de93 100644 +index 86976d0..8e07f84 100644 --- a/arch/arm/include/asm/atomic.h +++ b/arch/arm/include/asm/atomic.h @@ -15,6 +15,10 @@ @@ -887,7 +906,35 @@ index 86976d0..683de93 100644 static inline void atomic_clear_mask(unsigned long mask, unsigned long *addr) { unsigned long tmp, tmp2; -@@ -207,6 +349,10 @@ static inline void atomic_clear_mask(unsigned long mask, unsigned long *addr) +@@ -165,7 +307,9 @@ static inline int atomic_add_return(int i, atomic_t *v) + + return val; + } ++#define atomic_add_return_unchecked(i, v) atomic_add_return(i, v) + #define atomic_add(i, v) (void) atomic_add_return(i, v) ++#define atomic_add_unchecked(i, v) (void) atomic_add_return_unchecked(i, v) + + static inline int atomic_sub_return(int i, atomic_t *v) + { +@@ -179,7 +323,9 @@ static inline int atomic_sub_return(int i, atomic_t *v) + + return val; + } ++#define atomic_sub_return_unchecked(i, v) atomic_sub_return(i, v) + #define atomic_sub(i, v) (void) atomic_sub_return(i, v) ++#define atomic_sub_unchecked(i, v) (void) atomic_sub_return_unchecked(i, v) + + static inline int atomic_cmpxchg(atomic_t *v, int old, int new) + { +@@ -194,6 +340,7 @@ static inline int atomic_cmpxchg(atomic_t *v, int old, int new) + + return ret; + } ++#define atomic_cmpxchg_unchecked(v, o, n) atomic_cmpxchg(v, o, n) + + static inline void atomic_clear_mask(unsigned long mask, unsigned long *addr) + { +@@ -207,6 +354,10 @@ static inline void atomic_clear_mask(unsigned long mask, unsigned long *addr) #endif /* __LINUX_ARM_ARCH__ */ #define atomic_xchg(v, new) (xchg(&((v)->counter), new)) @@ -898,7 +945,7 @@ index 86976d0..683de93 100644 static inline int __atomic_add_unless(atomic_t *v, int a, int u) { -@@ -219,11 +365,27 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u) +@@ -219,11 +370,27 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u) } #define atomic_inc(v) atomic_add(1, v) @@ -926,7 +973,7 @@ index 86976d0..683de93 100644 #define atomic_dec_return(v) (atomic_sub_return(1, v)) #define atomic_sub_and_test(i, v) (atomic_sub_return(i, v) == 0) -@@ -239,6 +401,14 @@ typedef struct { +@@ -239,6 +406,14 @@ typedef struct { u64 __aligned(8) counter; } atomic64_t; @@ -941,7 +988,7 @@ index 86976d0..683de93 100644 #define ATOMIC64_INIT(i) { (i) } static inline u64 atomic64_read(atomic64_t *v) -@@ -254,6 +424,19 @@ static inline u64 atomic64_read(atomic64_t *v) +@@ -254,6 +429,19 @@ static inline u64 atomic64_read(atomic64_t *v) return result; } @@ -961,7 +1008,7 @@ index 86976d0..683de93 100644 static inline void atomic64_set(atomic64_t *v, u64 i) { u64 tmp; -@@ -268,6 +451,20 @@ static inline void atomic64_set(atomic64_t *v, u64 i) +@@ -268,6 +456,20 @@ static inline void atomic64_set(atomic64_t *v, u64 i) : "cc"); } @@ -982,7 +1029,7 @@ index 86976d0..683de93 100644 static inline void atomic64_add(u64 i, atomic64_t *v) { u64 result; -@@ -276,6 +473,36 @@ static inline void atomic64_add(u64 i, atomic64_t *v) +@@ -276,6 +478,36 @@ static inline void atomic64_add(u64 i, atomic64_t *v) __asm__ __volatile__("@ atomic64_add\n" "1: ldrexd %0, %H0, [%3]\n" " adds %0, %0, %4\n" @@ -1019,7 +1066,7 @@ index 86976d0..683de93 100644 " adc %H0, %H0, %H4\n" " strexd %1, %0, %H0, [%3]\n" " teq %1, #0\n" -@@ -287,12 +514,49 @@ static inline void atomic64_add(u64 i, atomic64_t *v) +@@ -287,12 +519,49 @@ static inline void atomic64_add(u64 i, atomic64_t *v) static inline u64 atomic64_add_return(u64 i, atomic64_t *v) { @@ -1071,7 +1118,7 @@ index 86976d0..683de93 100644 "1: ldrexd %0, %H0, [%3]\n" " adds %0, %0, %4\n" " adc %H0, %H0, %H4\n" -@@ -316,6 +580,36 @@ static inline void atomic64_sub(u64 i, atomic64_t *v) +@@ -316,6 +585,36 @@ static inline void atomic64_sub(u64 i, atomic64_t *v) __asm__ __volatile__("@ atomic64_sub\n" "1: ldrexd %0, %H0, [%3]\n" " subs %0, %0, %4\n" @@ -1108,7 +1155,7 @@ index 86976d0..683de93 100644 " sbc %H0, %H0, %H4\n" " strexd %1, %0, %H0, [%3]\n" " teq %1, #0\n" -@@ -327,18 +621,32 @@ static inline void atomic64_sub(u64 i, atomic64_t *v) +@@ -327,18 +626,32 @@ static inline void atomic64_sub(u64 i, atomic64_t *v) static inline u64 atomic64_sub_return(u64 i, atomic64_t *v) { @@ -1146,7 +1193,7 @@ index 86976d0..683de93 100644 : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter) : "r" (&v->counter), "r" (i) : "cc"); -@@ -372,6 +680,30 @@ static inline u64 atomic64_cmpxchg(atomic64_t *ptr, u64 old, u64 new) +@@ -372,6 +685,30 @@ static inline u64 atomic64_cmpxchg(atomic64_t *ptr, u64 old, u64 new) return oldval; } @@ -1177,7 +1224,7 @@ index 86976d0..683de93 100644 static inline u64 atomic64_xchg(atomic64_t *ptr, u64 new) { u64 result; -@@ -395,21 +727,34 @@ static inline u64 atomic64_xchg(atomic64_t *ptr, u64 new) +@@ -395,21 +732,34 @@ static inline u64 atomic64_xchg(atomic64_t *ptr, u64 new) static inline u64 atomic64_dec_if_positive(atomic64_t *v) { @@ -1219,7 +1266,7 @@ index 86976d0..683de93 100644 : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter) : "r" (&v->counter) : "cc"); -@@ -432,13 +777,25 @@ static inline int atomic64_add_unless(atomic64_t *v, u64 a, u64 u) +@@ -432,13 +782,25 @@ static inline int atomic64_add_unless(atomic64_t *v, u64 a, u64 u) " teq %0, %5\n" " teqeq %H0, %H5\n" " moveq %1, #0\n" @@ -1247,7 +1294,7 @@ index 86976d0..683de93 100644 : "=&r" (val), "+r" (ret), "=&r" (tmp), "+Qo" (v->counter) : "r" (&v->counter), "r" (u), "r" (a) : "cc"); -@@ -451,10 +808,13 @@ static inline int atomic64_add_unless(atomic64_t *v, u64 a, u64 u) +@@ -451,10 +813,13 @@ static inline int atomic64_add_unless(atomic64_t *v, u64 a, u64 u) #define atomic64_add_negative(a, v) (atomic64_add_return((a), (v)) < 0) #define atomic64_inc(v) atomic64_add(1LL, (v)) @@ -1347,7 +1394,7 @@ index 53426c6..c7baff3 100644 #ifdef CONFIG_OUTER_CACHE diff --git a/arch/arm/include/asm/page.h b/arch/arm/include/asm/page.h -index ca94653..6ac0d56 100644 +index 97b440c..b7ff179 100644 --- a/arch/arm/include/asm/page.h +++ b/arch/arm/include/asm/page.h @@ -123,7 +123,7 @@ struct cpu_user_fns { @@ -1359,11 +1406,35 @@ index ca94653..6ac0d56 100644 #ifdef MULTI_USER extern struct cpu_user_fns cpu_user; +diff --git a/arch/arm/include/asm/pgalloc.h b/arch/arm/include/asm/pgalloc.h +index 943504f..bf8d667 100644 +--- a/arch/arm/include/asm/pgalloc.h ++++ b/arch/arm/include/asm/pgalloc.h +@@ -43,6 +43,11 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd) + set_pud(pud, __pud(__pa(pmd) | PMD_TYPE_TABLE)); + } + ++static inline void pud_populate_kernel(struct mm_struct *mm, pud_t *pud, pmd_t *pmd) ++{ ++ pud_populate(mm, pud, pmd); ++} ++ + #else /* !CONFIG_ARM_LPAE */ + + /* +@@ -51,6 +56,7 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd) + #define pmd_alloc_one(mm,addr) ({ BUG(); ((pmd_t *)2); }) + #define pmd_free(mm, pmd) do { } while (0) + #define pud_populate(mm,pmd,pte) BUG() ++#define pud_populate_kernel(mm,pmd,pte) BUG() + + #endif /* CONFIG_ARM_LPAE */ + diff --git a/arch/arm/include/asm/system.h b/arch/arm/include/asm/system.h -index 984014b..a6d914f 100644 +index e4c96cc..1145653 100644 --- a/arch/arm/include/asm/system.h +++ b/arch/arm/include/asm/system.h -@@ -90,6 +90,8 @@ void hook_ifault_code(int nr, int (*fn)(unsigned long, unsigned int, +@@ -98,6 +98,8 @@ void hook_ifault_code(int nr, int (*fn)(unsigned long, unsigned int, #define xchg(ptr,x) \ ((__typeof__(*(ptr)))__xchg((unsigned long)(x),(ptr),sizeof(*(ptr)))) @@ -1372,16 +1443,7 @@ index 984014b..a6d914f 100644 extern asmlinkage void c_backtrace(unsigned long fp, int pmode); -@@ -101,7 +103,7 @@ extern int __pure cpu_architecture(void); - extern void cpu_init(void); - - void arm_machine_restart(char mode, const char *cmd); --extern void (*arm_pm_restart)(char str, const char *cmd); -+extern void (*arm_pm_restart)(char str, const char *cmd) __noreturn; - - #define UDBG_UNDEFINED (1 << 0) - #define UDBG_SYSCALL (1 << 1) -@@ -526,6 +528,13 @@ static inline unsigned long long __cmpxchg64_mb(volatile void *ptr, +@@ -534,6 +536,13 @@ static inline unsigned long long __cmpxchg64_mb(volatile void *ptr, #endif /* __LINUX_ARM_ARCH__ >= 6 */ @@ -1395,8 +1457,38 @@ index 984014b..a6d914f 100644 #endif /* __ASSEMBLY__ */ #define arch_align_stack(x) (x) +diff --git a/arch/arm/include/asm/thread_info.h b/arch/arm/include/asm/thread_info.h +index d4c24d4..4ac53e8 100644 +--- a/arch/arm/include/asm/thread_info.h ++++ b/arch/arm/include/asm/thread_info.h +@@ -141,6 +141,12 @@ extern void vfp_flush_hwstate(struct thread_info *); + #define TIF_NOTIFY_RESUME 2 /* callback before returning to user */ + #define TIF_SYSCALL_TRACE 8 + #define TIF_SYSCALL_AUDIT 9 ++ ++/* within 8 bits of TIF_SYSCALL_TRACE ++ to meet flexible second operand requirements ++*/ ++#define TIF_GRSEC_SETXID 10 ++ + #define TIF_POLLING_NRFLAG 16 + #define TIF_USING_IWMMXT 17 + #define TIF_MEMDIE 18 /* is terminating due to OOM killer */ +@@ -156,9 +162,11 @@ extern void vfp_flush_hwstate(struct thread_info *); + #define _TIF_USING_IWMMXT (1 << TIF_USING_IWMMXT) + #define _TIF_RESTORE_SIGMASK (1 << TIF_RESTORE_SIGMASK) + #define _TIF_SECCOMP (1 << TIF_SECCOMP) ++#define _TIF_GRSEC_SETXID (1 << TIF_GRSEC_SETXID) + + /* Checks for any syscall work in entry-common.S */ +-#define _TIF_SYSCALL_WORK (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT) ++#define _TIF_SYSCALL_WORK (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | \ ++ _TIF_GRSEC_SETXID) + + /* + * Change these and you break ASM code in entry-common.S diff --git a/arch/arm/include/asm/uaccess.h b/arch/arm/include/asm/uaccess.h -index b293616..96310e5 100644 +index 2958976..12ccac4 100644 --- a/arch/arm/include/asm/uaccess.h +++ b/arch/arm/include/asm/uaccess.h @@ -22,6 +22,8 @@ @@ -1470,7 +1562,7 @@ index 5b0bce6..becd81c 100644 EXPORT_SYMBOL(__get_user_1); diff --git a/arch/arm/kernel/process.c b/arch/arm/kernel/process.c -index 3d0c6fb..9d326fa 100644 +index 971d65c..cc936fb 100644 --- a/arch/arm/kernel/process.c +++ b/arch/arm/kernel/process.c @@ -28,7 +28,6 @@ @@ -1481,33 +1573,19 @@ index 3d0c6fb..9d326fa 100644 #include #include -@@ -92,7 +91,7 @@ static int __init hlt_setup(char *__unused) - __setup("nohlt", nohlt_setup); - __setup("hlt", hlt_setup); - --void arm_machine_restart(char mode, const char *cmd) -+__noreturn void arm_machine_restart(char mode, const char *cmd) - { - /* Disable interrupts first */ - local_irq_disable(); -@@ -134,7 +133,7 @@ void arm_machine_restart(char mode, const char *cmd) - void (*pm_power_off)(void); - EXPORT_SYMBOL(pm_power_off); - --void (*arm_pm_restart)(char str, const char *cmd) = arm_machine_restart; -+void (*arm_pm_restart)(char str, const char *cmd) __noreturn = arm_machine_restart; - EXPORT_SYMBOL_GPL(arm_pm_restart); - - static void do_nothing(void *unused) -@@ -248,6 +247,7 @@ void machine_power_off(void) +@@ -273,9 +272,10 @@ void machine_power_off(void) machine_shutdown(); if (pm_power_off) pm_power_off(); + BUG(); } - void machine_restart(char *cmd) -@@ -484,12 +484,6 @@ unsigned long get_wchan(struct task_struct *p) +-void machine_restart(char *cmd) ++__noreturn void machine_restart(char *cmd) + { + machine_shutdown(); + +@@ -517,12 +517,6 @@ unsigned long get_wchan(struct task_struct *p) return 0; } @@ -1520,11 +1598,35 @@ index 3d0c6fb..9d326fa 100644 #ifdef CONFIG_MMU /* * The vectors page is always readable from user space for the +diff --git a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c +index f5ce8ab..4b73893 100644 +--- a/arch/arm/kernel/ptrace.c ++++ b/arch/arm/kernel/ptrace.c +@@ -905,10 +905,19 @@ long arch_ptrace(struct task_struct *child, long request, + return ret; + } + ++#ifdef CONFIG_GRKERNSEC_SETXID ++extern void gr_delayed_cred_worker(void); ++#endif ++ + asmlinkage int syscall_trace(int why, struct pt_regs *regs, int scno) + { + unsigned long ip; + ++#ifdef CONFIG_GRKERNSEC_SETXID ++ if (unlikely(test_and_clear_thread_flag(TIF_GRSEC_SETXID))) ++ gr_delayed_cred_worker(); ++#endif ++ + if (why) + audit_syscall_exit(regs); + else diff --git a/arch/arm/kernel/setup.c b/arch/arm/kernel/setup.c -index 8fc2c8f..064c150 100644 +index a255c39..4a19b25 100644 --- a/arch/arm/kernel/setup.c +++ b/arch/arm/kernel/setup.c -@@ -108,13 +108,13 @@ struct processor processor __read_mostly; +@@ -109,13 +109,13 @@ struct processor processor __read_mostly; struct cpu_tlb_fns cpu_tlb __read_mostly; #endif #ifdef MULTI_USER @@ -1542,7 +1644,7 @@ index 8fc2c8f..064c150 100644 #endif diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c -index 99a5727..a3d5bb1 100644 +index f84dfe6..13e94f7 100644 --- a/arch/arm/kernel/traps.c +++ b/arch/arm/kernel/traps.c @@ -259,6 +259,8 @@ static int __die(const char *str, int err, struct thread_info *thread, struct pt @@ -1554,7 +1656,7 @@ index 99a5727..a3d5bb1 100644 /* * This function is protected against re-entrancy. */ -@@ -288,6 +290,9 @@ void die(const char *str, struct pt_regs *regs, int err) +@@ -291,6 +293,9 @@ void die(const char *str, struct pt_regs *regs, int err) panic("Fatal exception in interrupt"); if (panic_on_oops) panic("Fatal exception"); @@ -1631,7 +1733,7 @@ index d066df6..df28194 100644 .pushsection .fixup,"ax" diff --git a/arch/arm/lib/uaccess.S b/arch/arm/lib/uaccess.S -index d0ece2a..5ae2f39 100644 +index 5c908b1..e712687 100644 --- a/arch/arm/lib/uaccess.S +++ b/arch/arm/lib/uaccess.S @@ -20,7 +20,7 @@ @@ -1643,7 +1745,7 @@ index d0ece2a..5ae2f39 100644 * Purpose : copy a block to user memory from kernel memory * Params : to - user memory * : from - kernel memory -@@ -40,7 +40,7 @@ USER( T(strgtb) r3, [r0], #1) @ May fault +@@ -40,7 +40,7 @@ USER( TUSER( strgtb) r3, [r0], #1) @ May fault sub r2, r2, ip b .Lc2u_dest_aligned @@ -1652,9 +1754,9 @@ index d0ece2a..5ae2f39 100644 stmfd sp!, {r2, r4 - r7, lr} cmp r2, #4 blt .Lc2u_not_enough -@@ -278,14 +278,14 @@ USER( T(strgeb) r3, [r0], #1) @ May fault +@@ -278,14 +278,14 @@ USER( TUSER( strgeb) r3, [r0], #1) @ May fault ldrgtb r3, [r1], #0 - USER( T(strgtb) r3, [r0], #1) @ May fault + USER( TUSER( strgtb) r3, [r0], #1) @ May fault b .Lc2u_finished -ENDPROC(__copy_to_user) +ENDPROC(___copy_to_user) @@ -1669,7 +1771,7 @@ index d0ece2a..5ae2f39 100644 * Purpose : copy a block from user memory to kernel memory * Params : to - kernel memory * : from - user memory -@@ -304,7 +304,7 @@ USER( T(ldrgtb) r3, [r1], #1) @ May fault +@@ -304,7 +304,7 @@ USER( TUSER( ldrgtb) r3, [r1], #1) @ May fault sub r2, r2, ip b .Lcfu_dest_aligned @@ -1678,8 +1780,8 @@ index d0ece2a..5ae2f39 100644 stmfd sp!, {r0, r2, r4 - r7, lr} cmp r2, #4 blt .Lcfu_not_enough -@@ -544,7 +544,7 @@ USER( T(ldrgeb) r3, [r1], #1) @ May fault - USER( T(ldrgtb) r3, [r1], #1) @ May fault +@@ -544,7 +544,7 @@ USER( TUSER( ldrgeb) r3, [r1], #1) @ May fault + USER( TUSER( ldrgtb) r3, [r1], #1) @ May fault strgtb r3, [r0], #1 b .Lcfu_finished -ENDPROC(__copy_from_user) @@ -1701,10 +1803,10 @@ index 025f742..8432b08 100644 /* * This test is stubbed out of the main function above to keep diff --git a/arch/arm/mach-omap2/board-n8x0.c b/arch/arm/mach-omap2/board-n8x0.c -index e9d5f4a..f099699 100644 +index 6722627..8f97548c 100644 --- a/arch/arm/mach-omap2/board-n8x0.c +++ b/arch/arm/mach-omap2/board-n8x0.c -@@ -593,7 +593,7 @@ static int n8x0_menelaus_late_init(struct device *dev) +@@ -597,7 +597,7 @@ static int n8x0_menelaus_late_init(struct device *dev) } #endif @@ -1727,10 +1829,10 @@ index 2b2d51c..0127490 100644 static int mbox_show(struct seq_file *s, void *data) { diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c -index aa33949..d366075 100644 +index bb7eac3..3bade16 100644 --- a/arch/arm/mm/fault.c +++ b/arch/arm/mm/fault.c -@@ -183,6 +183,13 @@ __do_user_fault(struct task_struct *tsk, unsigned long addr, +@@ -172,6 +172,13 @@ __do_user_fault(struct task_struct *tsk, unsigned long addr, } #endif @@ -1744,7 +1846,7 @@ index aa33949..d366075 100644 tsk->thread.address = addr; tsk->thread.error_code = fsr; tsk->thread.trap_no = 14; -@@ -384,6 +391,33 @@ do_page_fault(unsigned long addr, unsigned int fsr, struct pt_regs *regs) +@@ -393,6 +400,33 @@ do_page_fault(unsigned long addr, unsigned int fsr, struct pt_regs *regs) } #endif /* CONFIG_MMU */ @@ -1778,7 +1880,7 @@ index aa33949..d366075 100644 /* * First Level Translation Fault Handler * -@@ -628,6 +662,20 @@ do_PrefetchAbort(unsigned long addr, unsigned int ifsr, struct pt_regs *regs) +@@ -573,6 +607,20 @@ do_PrefetchAbort(unsigned long addr, unsigned int ifsr, struct pt_regs *regs) const struct fsr_info *inf = ifsr_info + fsr_fs(ifsr); struct siginfo info; @@ -1800,10 +1902,10 @@ index aa33949..d366075 100644 return; diff --git a/arch/arm/mm/mmap.c b/arch/arm/mm/mmap.c -index 44b628e..623ee2a 100644 +index ce8cb19..3ec539d 100644 --- a/arch/arm/mm/mmap.c +++ b/arch/arm/mm/mmap.c -@@ -54,6 +54,10 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -93,6 +93,10 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, if (len > TASK_SIZE) return -ENOMEM; @@ -1814,7 +1916,7 @@ index 44b628e..623ee2a 100644 if (addr) { if (do_align) addr = COLOUR_ALIGN(addr, pgoff); -@@ -61,15 +65,14 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -100,15 +104,14 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, addr = PAGE_ALIGN(addr); vma = find_vma(mm, addr); @@ -1827,14 +1929,14 @@ index 44b628e..623ee2a 100644 - start_addr = addr = mm->free_area_cache; + start_addr = addr = mm->free_area_cache; } else { -- start_addr = addr = TASK_UNMAPPED_BASE; +- start_addr = addr = mm->mmap_base; - mm->cached_hole_size = 0; + start_addr = addr = mm->mmap_base; + mm->cached_hole_size = 0; } - /* 8 bits of randomness in 20 address space bits */ - if ((current->flags & PF_RANDOMIZE) && -@@ -89,14 +92,14 @@ full_search: + + full_search: +@@ -124,14 +127,14 @@ full_search: * Start a new search - just in case we missed * some holes. */ @@ -1852,11 +1954,34 @@ index 44b628e..623ee2a 100644 /* * Remember the place where we stopped the search: */ +@@ -266,10 +269,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) + + if (mmap_is_legacy()) { + mm->mmap_base = TASK_UNMAPPED_BASE + random_factor; ++ ++#ifdef CONFIG_PAX_RANDMMAP ++ if (mm->pax_flags & MF_PAX_RANDMMAP) ++ mm->mmap_base += mm->delta_mmap; ++#endif ++ + mm->get_unmapped_area = arch_get_unmapped_area; + mm->unmap_area = arch_unmap_area; + } else { + mm->mmap_base = mmap_base(random_factor); ++ ++#ifdef CONFIG_PAX_RANDMMAP ++ if (mm->pax_flags & MF_PAX_RANDMMAP) ++ mm->mmap_base -= mm->delta_mmap + mm->delta_stack; ++#endif ++ + mm->get_unmapped_area = arch_get_unmapped_area_topdown; + mm->unmap_area = arch_unmap_area_topdown; + } diff --git a/arch/arm/plat-samsung/include/plat/dma-ops.h b/arch/arm/plat-samsung/include/plat/dma-ops.h -index 4c1a363..df311d0 100644 +index 71a6827..e7fbc23 100644 --- a/arch/arm/plat-samsung/include/plat/dma-ops.h +++ b/arch/arm/plat-samsung/include/plat/dma-ops.h -@@ -41,7 +41,7 @@ struct samsung_dma_ops { +@@ -43,7 +43,7 @@ struct samsung_dma_ops { int (*started)(unsigned ch); int (*flush)(unsigned ch); int (*stop)(unsigned ch); @@ -2203,6 +2328,36 @@ index b5298eb..67c6e62 100644 #define PT_IA_64_UNWIND 0x70000001 /* IA-64 relocations: */ +diff --git a/arch/ia64/include/asm/pgalloc.h b/arch/ia64/include/asm/pgalloc.h +index 96a8d92..617a1cf 100644 +--- a/arch/ia64/include/asm/pgalloc.h ++++ b/arch/ia64/include/asm/pgalloc.h +@@ -39,6 +39,12 @@ pgd_populate(struct mm_struct *mm, pgd_t * pgd_entry, pud_t * pud) + pgd_val(*pgd_entry) = __pa(pud); + } + ++static inline void ++pgd_populate_kernel(struct mm_struct *mm, pgd_t * pgd_entry, pud_t * pud) ++{ ++ pgd_populate(mm, pgd_entry, pud); ++} ++ + static inline pud_t *pud_alloc_one(struct mm_struct *mm, unsigned long addr) + { + return quicklist_alloc(0, GFP_KERNEL, NULL); +@@ -57,6 +63,12 @@ pud_populate(struct mm_struct *mm, pud_t * pud_entry, pmd_t * pmd) + pud_val(*pud_entry) = __pa(pmd); + } + ++static inline void ++pud_populate_kernel(struct mm_struct *mm, pud_t * pud_entry, pmd_t * pmd) ++{ ++ pud_populate(mm, pud_entry, pmd); ++} ++ + static inline pmd_t *pmd_alloc_one(struct mm_struct *mm, unsigned long addr) + { + return quicklist_alloc(0, GFP_KERNEL, NULL); diff --git a/arch/ia64/include/asm/pgtable.h b/arch/ia64/include/asm/pgtable.h index 1a97af3..7529d31 100644 --- a/arch/ia64/include/asm/pgtable.h @@ -2477,10 +2632,10 @@ index 5ca674b..e0e1b70 100644 addr = ALIGN(vmm->vm_end, HPAGE_SIZE); } diff --git a/arch/ia64/mm/init.c b/arch/ia64/mm/init.c -index 00cb0e2..2ad8024 100644 +index 13df239d..cb52116 100644 --- a/arch/ia64/mm/init.c +++ b/arch/ia64/mm/init.c -@@ -120,6 +120,19 @@ ia64_init_addr_space (void) +@@ -121,6 +121,19 @@ ia64_init_addr_space (void) vma->vm_start = current->thread.rbs_bot & PAGE_MASK; vma->vm_end = vma->vm_start + PAGE_SIZE; vma->vm_flags = VM_DATA_DEFAULT_FLAGS|VM_GROWSUP|VM_ACCOUNT; @@ -2650,10 +2805,10 @@ index 455c0ac..ad65fbe 100644 - #endif /* _ASM_ELF_H */ diff --git a/arch/mips/include/asm/page.h b/arch/mips/include/asm/page.h -index e59cd1a..8e329d6 100644 +index da9bd7d..91aa7ab 100644 --- a/arch/mips/include/asm/page.h +++ b/arch/mips/include/asm/page.h -@@ -93,7 +93,7 @@ extern void copy_user_highpage(struct page *to, struct page *from, +@@ -98,7 +98,7 @@ extern void copy_user_highpage(struct page *to, struct page *from, #ifdef CONFIG_CPU_MIPS32 typedef struct { unsigned long pte_low, pte_high; } pte_t; #define pte_val(x) ((x).pte_low | ((unsigned long long)(x).pte_high << 32)) @@ -2662,6 +2817,22 @@ index e59cd1a..8e329d6 100644 #else typedef struct { unsigned long long pte; } pte_t; #define pte_val(x) ((x).pte) +diff --git a/arch/mips/include/asm/pgalloc.h b/arch/mips/include/asm/pgalloc.h +index 881d18b..cea38bc 100644 +--- a/arch/mips/include/asm/pgalloc.h ++++ b/arch/mips/include/asm/pgalloc.h +@@ -37,6 +37,11 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd) + { + set_pud(pud, __pud((unsigned long)pmd)); + } ++ ++static inline void pud_populate_kernel(struct mm_struct *mm, pud_t *pud, pmd_t *pmd) ++{ ++ pud_populate(mm, pud, pmd); ++} + #endif + + /* diff --git a/arch/mips/include/asm/system.h b/arch/mips/include/asm/system.h index 6018c80..7c37203 100644 --- a/arch/mips/include/asm/system.h @@ -2674,6 +2845,40 @@ index 6018c80..7c37203 100644 +#define arch_align_stack(x) ((x) & ~0xfUL) #endif /* _ASM_SYSTEM_H */ +diff --git a/arch/mips/include/asm/thread_info.h b/arch/mips/include/asm/thread_info.h +index 0d85d8e..ec71487 100644 +--- a/arch/mips/include/asm/thread_info.h ++++ b/arch/mips/include/asm/thread_info.h +@@ -123,6 +123,8 @@ register struct thread_info *__current_thread_info __asm__("$28"); + #define TIF_32BIT_ADDR 23 /* 32-bit address space (o32/n32) */ + #define TIF_FPUBOUND 24 /* thread bound to FPU-full CPU set */ + #define TIF_LOAD_WATCH 25 /* If set, load watch registers */ ++/* li takes a 32bit immediate */ ++#define TIF_GRSEC_SETXID 29 /* update credentials on syscall entry/exit */ + #define TIF_SYSCALL_TRACE 31 /* syscall trace active */ + + #ifdef CONFIG_MIPS32_O32 +@@ -146,15 +148,18 @@ register struct thread_info *__current_thread_info __asm__("$28"); + #define _TIF_32BIT_ADDR (1<work.syscall_trace +@@ -538,6 +542,11 @@ asmlinkage void syscall_trace_enter(struct pt_regs *regs) + /* do the secure computing check first */ + secure_computing(regs->regs[2]); + ++#ifdef CONFIG_GRKERNSEC_SETXID ++ if (unlikely(test_and_clear_thread_flag(TIF_GRSEC_SETXID))) ++ gr_delayed_cred_worker(); ++#endif ++ + if (!(current->ptrace & PT_PTRACED)) + goto out; + +diff --git a/arch/mips/kernel/scall32-o32.S b/arch/mips/kernel/scall32-o32.S +index a632bc1..0b77c7c 100644 +--- a/arch/mips/kernel/scall32-o32.S ++++ b/arch/mips/kernel/scall32-o32.S +@@ -52,7 +52,7 @@ NESTED(handle_sys, PT_SIZE, sp) + + stack_done: + lw t0, TI_FLAGS($28) # syscall tracing enabled? +- li t1, _TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT ++ li t1, _TIF_SYSCALL_WORK + and t0, t1 + bnez t0, syscall_trace_entry # -> yes + +diff --git a/arch/mips/kernel/scall64-64.S b/arch/mips/kernel/scall64-64.S +index 3b5a5e9..e1ee86d 100644 +--- a/arch/mips/kernel/scall64-64.S ++++ b/arch/mips/kernel/scall64-64.S +@@ -54,7 +54,7 @@ NESTED(handle_sys64, PT_SIZE, sp) + + sd a3, PT_R26(sp) # save a3 for syscall restarting + +- li t1, _TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT ++ li t1, _TIF_SYSCALL_WORK + LONG_L t0, TI_FLAGS($28) # syscall tracing enabled? + and t0, t1, t0 + bnez t0, syscall_trace_entry +diff --git a/arch/mips/kernel/scall64-n32.S b/arch/mips/kernel/scall64-n32.S +index 6be6f70..1859577 100644 +--- a/arch/mips/kernel/scall64-n32.S ++++ b/arch/mips/kernel/scall64-n32.S +@@ -53,7 +53,7 @@ NESTED(handle_sysn32, PT_SIZE, sp) + + sd a3, PT_R26(sp) # save a3 for syscall restarting + +- li t1, _TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT ++ li t1, _TIF_SYSCALL_WORK + LONG_L t0, TI_FLAGS($28) # syscall tracing enabled? + and t0, t1, t0 + bnez t0, n32_syscall_trace_entry +diff --git a/arch/mips/kernel/scall64-o32.S b/arch/mips/kernel/scall64-o32.S +index 5422855..74e63a3 100644 +--- a/arch/mips/kernel/scall64-o32.S ++++ b/arch/mips/kernel/scall64-o32.S +@@ -81,7 +81,7 @@ NESTED(handle_sys, PT_SIZE, sp) + PTR 4b, bad_stack + .previous + +- li t1, _TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT ++ li t1, _TIF_SYSCALL_WORK + LONG_L t0, TI_FLAGS($28) # syscall tracing enabled? + and t0, t1, t0 + bnez t0, trace_a_syscall diff --git a/arch/mips/mm/fault.c b/arch/mips/mm/fault.c -index 937cf33..adb39bb 100644 +index 69ebd58..e4bff83 100644 --- a/arch/mips/mm/fault.c +++ b/arch/mips/mm/fault.c @@ -28,6 +28,23 @@ @@ -2969,6 +3253,30 @@ index 19f6cb1..6c78cf2 100644 /* This yields a mask that user programs can use to figure out what instruction set this CPU supports. This could be done in user space, but it's not easy, and we've already done it here. */ +diff --git a/arch/parisc/include/asm/pgalloc.h b/arch/parisc/include/asm/pgalloc.h +index fc987a1..6e068ef 100644 +--- a/arch/parisc/include/asm/pgalloc.h ++++ b/arch/parisc/include/asm/pgalloc.h +@@ -61,6 +61,11 @@ static inline void pgd_populate(struct mm_struct *mm, pgd_t *pgd, pmd_t *pmd) + (__u32)(__pa((unsigned long)pmd) >> PxD_VALUE_SHIFT)); + } + ++static inline void pgd_populate_kernel(struct mm_struct *mm, pgd_t *pgd, pmd_t *pmd) ++{ ++ pgd_populate(mm, pgd, pmd); ++} ++ + static inline pmd_t *pmd_alloc_one(struct mm_struct *mm, unsigned long address) + { + pmd_t *pmd = (pmd_t *)__get_free_pages(GFP_KERNEL|__GFP_REPEAT, +@@ -93,6 +98,7 @@ static inline void pmd_free(struct mm_struct *mm, pmd_t *pmd) + #define pmd_alloc_one(mm, addr) ({ BUG(); ((pmd_t *)2); }) + #define pmd_free(mm, x) do { } while (0) + #define pgd_populate(mm, pmd, pte) BUG() ++#define pgd_populate_kernel(mm, pmd, pte) BUG() + + #endif + diff --git a/arch/parisc/include/asm/pgtable.h b/arch/parisc/include/asm/pgtable.h index 22dadeb..f6c2be4 100644 --- a/arch/parisc/include/asm/pgtable.h @@ -3417,10 +3725,10 @@ index d4a7f64..451de1c 100644 return (vm_flags & VM_SAO) ? __pgprot(_PAGE_SAO) : __pgprot(0); } diff --git a/arch/powerpc/include/asm/page.h b/arch/powerpc/include/asm/page.h -index dd9c4fd..a2ced87 100644 +index f072e97..b436dee 100644 --- a/arch/powerpc/include/asm/page.h +++ b/arch/powerpc/include/asm/page.h -@@ -141,8 +141,9 @@ extern phys_addr_t kernstart_addr; +@@ -220,8 +220,9 @@ extern long long virt_phys_offset; * and needs to be executable. This means the whole heap ends * up being executable. */ @@ -3432,7 +3740,7 @@ index dd9c4fd..a2ced87 100644 #define VM_DATA_DEFAULT_FLAGS64 (VM_READ | VM_WRITE | \ VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC) -@@ -170,6 +171,9 @@ extern phys_addr_t kernstart_addr; +@@ -249,6 +250,9 @@ extern long long virt_phys_offset; #define is_kernel_addr(x) ((x) >= PAGE_OFFSET) #endif @@ -3443,10 +3751,10 @@ index dd9c4fd..a2ced87 100644 * Use the top bit of the higher-level page table entries to indicate whether * the entries we point to contain hugepages. This works because we know that diff --git a/arch/powerpc/include/asm/page_64.h b/arch/powerpc/include/asm/page_64.h -index fb40ede..d3ce956 100644 +index fed85e6..da5c71b 100644 --- a/arch/powerpc/include/asm/page_64.h +++ b/arch/powerpc/include/asm/page_64.h -@@ -144,15 +144,18 @@ do { \ +@@ -146,15 +146,18 @@ do { \ * stack by default, so in the absence of a PT_GNU_STACK program header * we turn execute permission off. */ @@ -3467,8 +3775,40 @@ index fb40ede..d3ce956 100644 #include +diff --git a/arch/powerpc/include/asm/pgalloc-64.h b/arch/powerpc/include/asm/pgalloc-64.h +index 292725c..f87ae14 100644 +--- a/arch/powerpc/include/asm/pgalloc-64.h ++++ b/arch/powerpc/include/asm/pgalloc-64.h +@@ -50,6 +50,7 @@ static inline void pgd_free(struct mm_struct *mm, pgd_t *pgd) + #ifndef CONFIG_PPC_64K_PAGES + + #define pgd_populate(MM, PGD, PUD) pgd_set(PGD, PUD) ++#define pgd_populate_kernel(MM, PGD, PUD) pgd_populate((MM), (PGD), (PUD)) + + static inline pud_t *pud_alloc_one(struct mm_struct *mm, unsigned long addr) + { +@@ -67,6 +68,11 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd) + pud_set(pud, (unsigned long)pmd); + } + ++static inline void pud_populate_kernel(struct mm_struct *mm, pud_t *pud, pmd_t *pmd) ++{ ++ pud_populate(mm, pud, pmd); ++} ++ + #define pmd_populate(mm, pmd, pte_page) \ + pmd_populate_kernel(mm, pmd, page_address(pte_page)) + #define pmd_populate_kernel(mm, pmd, pte) pmd_set(pmd, (unsigned long)(pte)) +@@ -76,6 +82,7 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd) + #else /* CONFIG_PPC_64K_PAGES */ + + #define pud_populate(mm, pud, pmd) pud_set(pud, (unsigned long)pmd) ++#define pud_populate_kernel(mm, pud, pmd) pud_populate((mm), (pud), (pmd)) + + static inline void pmd_populate_kernel(struct mm_struct *mm, pmd_t *pmd, + pte_t *pte) diff --git a/arch/powerpc/include/asm/pgtable.h b/arch/powerpc/include/asm/pgtable.h -index 88b0bd9..e32bc67 100644 +index 2e0e411..7899c68 100644 --- a/arch/powerpc/include/asm/pgtable.h +++ b/arch/powerpc/include/asm/pgtable.h @@ -2,6 +2,7 @@ @@ -3492,7 +3832,7 @@ index 4aad413..85d86bf 100644 #define _PAGE_NO_CACHE 0x020 /* I: cache inhibit */ #define _PAGE_WRITETHRU 0x040 /* W: cache write-through */ diff --git a/arch/powerpc/include/asm/reg.h b/arch/powerpc/include/asm/reg.h -index 559da19..7e5835c 100644 +index 7fdc2c0..e47a9b02d3 100644 --- a/arch/powerpc/include/asm/reg.h +++ b/arch/powerpc/include/asm/reg.h @@ -212,6 +212,7 @@ @@ -3504,10 +3844,10 @@ index 559da19..7e5835c 100644 #define DSISR_ISSTORE 0x02000000 /* access was a store */ #define DSISR_DABRMATCH 0x00400000 /* hit data breakpoint */ diff --git a/arch/powerpc/include/asm/system.h b/arch/powerpc/include/asm/system.h -index e30a13d..2b7d994 100644 +index c377457..3c69fbc 100644 --- a/arch/powerpc/include/asm/system.h +++ b/arch/powerpc/include/asm/system.h -@@ -530,7 +530,7 @@ __cmpxchg_local(volatile void *ptr, unsigned long old, unsigned long new, +@@ -539,7 +539,7 @@ __cmpxchg_local(volatile void *ptr, unsigned long old, unsigned long new, #define cmpxchg64_local(ptr, o, n) __cmpxchg64_local_generic((ptr), (o), (n)) #endif @@ -3516,6 +3856,40 @@ index e30a13d..2b7d994 100644 /* Used in very early kernel initialization. */ extern unsigned long reloc_offset(void); +diff --git a/arch/powerpc/include/asm/thread_info.h b/arch/powerpc/include/asm/thread_info.h +index 96471494..60ed5a2 100644 +--- a/arch/powerpc/include/asm/thread_info.h ++++ b/arch/powerpc/include/asm/thread_info.h +@@ -104,13 +104,15 @@ static inline struct thread_info *current_thread_info(void) + #define TIF_PERFMON_CTXSW 6 /* perfmon needs ctxsw calls */ + #define TIF_SYSCALL_AUDIT 7 /* syscall auditing active */ + #define TIF_SINGLESTEP 8 /* singlestepping active */ +-#define TIF_MEMDIE 9 /* is terminating due to OOM killer */ + #define TIF_SECCOMP 10 /* secure computing */ + #define TIF_RESTOREALL 11 /* Restore all regs (implies NOERROR) */ + #define TIF_NOERROR 12 /* Force successful syscall return */ + #define TIF_NOTIFY_RESUME 13 /* callback before returning to user */ + #define TIF_SYSCALL_TRACEPOINT 15 /* syscall tracepoint instrumentation */ + #define TIF_RUNLATCH 16 /* Is the runlatch enabled? */ ++#define TIF_MEMDIE 17 /* is terminating due to OOM killer */ ++/* mask must be expressable within 16 bits to satisfy 'andi' instruction reqs */ ++#define TIF_GRSEC_SETXID 9 /* update credentials on syscall entry/exit */ + + /* as above, but as bit values */ + #define _TIF_SYSCALL_TRACE (1<ops = ops; host->of_node = of_node_get(of_node); @@ -3749,7 +4123,7 @@ index 745c1e7..59d97a6 100644 raw_spin_lock_irqsave(&irq_big_lock, flags); /* If it's a legacy controller, check for duplicates and -@@ -622,7 +619,12 @@ struct irq_host *irq_find_host(struct device_node *node) +@@ -635,7 +632,12 @@ struct irq_host *irq_find_host(struct device_node *node) */ raw_spin_lock_irqsave(&irq_big_lock, flags); list_for_each_entry(h, &irq_hosts, link) @@ -3797,10 +4171,10 @@ index 0b6d796..d760ddb 100644 /* Find this entry, or if that fails, the next avail. entry */ while (entry->jump[0]) { diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c -index 6457574..08b28d3 100644 +index d817ab0..b23b18e 100644 --- a/arch/powerpc/kernel/process.c +++ b/arch/powerpc/kernel/process.c -@@ -660,8 +660,8 @@ void show_regs(struct pt_regs * regs) +@@ -676,8 +676,8 @@ void show_regs(struct pt_regs * regs) * Lookup NIP late so we have the best change of getting the * above info out without failing */ @@ -3811,7 +4185,7 @@ index 6457574..08b28d3 100644 #endif show_stack(current, (unsigned long *) regs->gpr[1]); if (!user_mode(regs)) -@@ -1165,10 +1165,10 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) +@@ -1181,10 +1181,10 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) newsp = stack[0]; ip = stack[STACK_FRAME_LR_SAVE]; if (!firstframe || ip != lr) { @@ -3824,7 +4198,7 @@ index 6457574..08b28d3 100644 (void *)current->ret_stack[curr_frame].ret); curr_frame--; } -@@ -1188,7 +1188,7 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) +@@ -1204,7 +1204,7 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) struct pt_regs *regs = (struct pt_regs *) (sp + STACK_FRAME_OVERHEAD); lr = regs->link; @@ -3833,7 +4207,7 @@ index 6457574..08b28d3 100644 regs->trap, (void *)regs->nip, (void *)lr); firstframe = 1; } -@@ -1263,58 +1263,3 @@ void thread_info_cache_init(void) +@@ -1279,58 +1279,3 @@ void thread_info_cache_init(void) } #endif /* THREAD_SHIFT < PAGE_SHIFT */ @@ -3892,6 +4266,45 @@ index 6457574..08b28d3 100644 - - return ret; -} +diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c +index 5b43325..94a5bb4 100644 +--- a/arch/powerpc/kernel/ptrace.c ++++ b/arch/powerpc/kernel/ptrace.c +@@ -1702,6 +1702,10 @@ long arch_ptrace(struct task_struct *child, long request, + return ret; + } + ++#ifdef CONFIG_GRKERNSEC_SETXID ++extern void gr_delayed_cred_worker(void); ++#endif ++ + /* + * We must return the syscall number to actually look up in the table. + * This can be -1L to skip running any syscall at all. +@@ -1712,6 +1716,11 @@ long do_syscall_trace_enter(struct pt_regs *regs) + + secure_computing(regs->gpr[0]); + ++#ifdef CONFIG_GRKERNSEC_SETXID ++ if (unlikely(test_and_clear_thread_flag(TIF_GRSEC_SETXID))) ++ gr_delayed_cred_worker(); ++#endif ++ + if (test_thread_flag(TIF_SYSCALL_TRACE) && + tracehook_report_syscall_entry(regs)) + /* +@@ -1746,6 +1755,11 @@ void do_syscall_trace_leave(struct pt_regs *regs) + { + int step; + ++#ifdef CONFIG_GRKERNSEC_SETXID ++ if (unlikely(test_and_clear_thread_flag(TIF_GRSEC_SETXID))) ++ gr_delayed_cred_worker(); ++#endif ++ + audit_syscall_exit(regs); + + if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) diff --git a/arch/powerpc/kernel/signal_32.c b/arch/powerpc/kernel/signal_32.c index 836a5a1..27289a3 100644 --- a/arch/powerpc/kernel/signal_32.c @@ -3919,26 +4332,27 @@ index a50b5ec..547078a 100644 } else { err |= setup_trampoline(__NR_rt_sigreturn, &frame->tramp[0]); diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c -index 5459d14..10f8070 100644 +index c091527..5592625 100644 --- a/arch/powerpc/kernel/traps.c +++ b/arch/powerpc/kernel/traps.c -@@ -98,6 +98,8 @@ static void pmac_backlight_unblank(void) - static inline void pmac_backlight_unblank(void) { } - #endif +@@ -131,6 +131,8 @@ static unsigned __kprobes long oops_begin(struct pt_regs *regs) + return flags; + } +extern void gr_handle_kernel_exploit(void); + - int die(const char *str, struct pt_regs *regs, long err) + static void __kprobes oops_end(unsigned long flags, struct pt_regs *regs, + int signr) { - static struct { -@@ -171,6 +173,8 @@ int die(const char *str, struct pt_regs *regs, long err) +@@ -178,6 +180,9 @@ static void __kprobes oops_end(unsigned long flags, struct pt_regs *regs, + panic("Fatal exception in interrupt"); if (panic_on_oops) panic("Fatal exception"); - ++ + gr_handle_kernel_exploit(); + - oops_exit(); - do_exit(err); + do_exit(signr); + } diff --git a/arch/powerpc/kernel/vdso.c b/arch/powerpc/kernel/vdso.c index 7d14bb6..1305601 100644 @@ -4006,7 +4420,7 @@ index 5eea6f3..5d10396 100644 EXPORT_SYMBOL(copy_in_user); diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c -index 5efe8c9..db9ceef 100644 +index 2f0d1b0..36fb5cc 100644 --- a/arch/powerpc/mm/fault.c +++ b/arch/powerpc/mm/fault.c @@ -32,6 +32,10 @@ @@ -4026,9 +4440,9 @@ index 5efe8c9..db9ceef 100644 #include +#include - #ifdef CONFIG_KPROBES - static inline int notify_page_fault(struct pt_regs *regs) -@@ -66,6 +71,33 @@ static inline int notify_page_fault(struct pt_regs *regs) + #include "icswx.h" + +@@ -68,6 +73,33 @@ static inline int notify_page_fault(struct pt_regs *regs) } #endif @@ -4062,7 +4476,7 @@ index 5efe8c9..db9ceef 100644 /* * Check whether the instruction at regs->nip is a store using * an update addressing form which will update r1. -@@ -136,7 +168,7 @@ int __kprobes do_page_fault(struct pt_regs *regs, unsigned long address, +@@ -138,7 +170,7 @@ int __kprobes do_page_fault(struct pt_regs *regs, unsigned long address, * indicate errors in DSISR but can validly be set in SRR1. */ if (trap == 0x400) @@ -4071,7 +4485,7 @@ index 5efe8c9..db9ceef 100644 else is_write = error_code & DSISR_ISSTORE; #else -@@ -259,7 +291,7 @@ good_area: +@@ -276,7 +308,7 @@ good_area: * "undefined". Of those that can be set, this is the only * one which seems bad. */ @@ -4080,7 +4494,7 @@ index 5efe8c9..db9ceef 100644 /* Guarded storage error. */ goto bad_area; #endif /* CONFIG_8xx */ -@@ -274,7 +306,7 @@ good_area: +@@ -291,7 +323,7 @@ good_area: * processors use the same I/D cache coherency mechanism * as embedded. */ @@ -4089,7 +4503,7 @@ index 5efe8c9..db9ceef 100644 goto bad_area; #endif /* CONFIG_PPC_STD_MMU */ -@@ -343,6 +375,23 @@ bad_area: +@@ -360,6 +392,23 @@ bad_area: bad_area_nosemaphore: /* User mode accesses cause a SIGSEGV */ if (user_mode(regs)) { @@ -4114,10 +4528,10 @@ index 5efe8c9..db9ceef 100644 return 0; } diff --git a/arch/powerpc/mm/mmap_64.c b/arch/powerpc/mm/mmap_64.c -index 5a783d8..c23e14b 100644 +index 67a42ed..1c7210c 100644 --- a/arch/powerpc/mm/mmap_64.c +++ b/arch/powerpc/mm/mmap_64.c -@@ -99,10 +99,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) +@@ -91,10 +91,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) */ if (mmap_is_legacy()) { mm->mmap_base = TASK_UNMAPPED_BASE; @@ -4277,10 +4691,10 @@ index 547f1a6..0b22b53 100644 - #endif diff --git a/arch/s390/include/asm/system.h b/arch/s390/include/asm/system.h -index ef573c1..75a1ce6 100644 +index d73cc6b..1a296ad 100644 --- a/arch/s390/include/asm/system.h +++ b/arch/s390/include/asm/system.h -@@ -262,7 +262,7 @@ extern void (*_machine_restart)(char *command); +@@ -260,7 +260,7 @@ extern void (*_machine_restart)(char *command); extern void (*_machine_halt)(void); extern void (*_machine_power_off)(void); @@ -4401,10 +4815,10 @@ index dfcb343..eda788a 100644 if (r_type == R_390_GOTPC) *(unsigned int *) loc = val; diff --git a/arch/s390/kernel/process.c b/arch/s390/kernel/process.c -index 53088e2..9f44a36 100644 +index e795933..b32563c 100644 --- a/arch/s390/kernel/process.c +++ b/arch/s390/kernel/process.c -@@ -320,39 +320,3 @@ unsigned long get_wchan(struct task_struct *p) +@@ -323,39 +323,3 @@ unsigned long get_wchan(struct task_struct *p) } return 0; } @@ -4630,18 +5044,6 @@ index afeb710..d1d1289 100644 bottomup: /* -diff --git a/arch/sparc/Kconfig b/arch/sparc/Kconfig -index f92602e..27060b2 100644 ---- a/arch/sparc/Kconfig -+++ b/arch/sparc/Kconfig -@@ -31,6 +31,7 @@ config SPARC - - config SPARC32 - def_bool !64BIT -+ select GENERIC_ATOMIC64 - - config SPARC64 - def_bool 64BIT diff --git a/arch/sparc/Makefile b/arch/sparc/Makefile index eddcfb3..b117d90 100644 --- a/arch/sparc/Makefile @@ -4655,19 +5057,6 @@ index eddcfb3..b117d90 100644 VMLINUX_MAIN += $(patsubst %/, %/lib.a, $(libs-y)) $(libs-y) VMLINUX_MAIN += $(drivers-y) $(net-y) -diff --git a/arch/sparc/include/asm/atomic_32.h b/arch/sparc/include/asm/atomic_32.h -index 5c3c8b6..ba822fa 100644 ---- a/arch/sparc/include/asm/atomic_32.h -+++ b/arch/sparc/include/asm/atomic_32.h -@@ -13,6 +13,8 @@ - - #include - -+#include -+ - #ifdef __KERNEL__ - - #include diff --git a/arch/sparc/include/asm/atomic_64.h b/arch/sparc/include/asm/atomic_64.h index 9f421df..b81fc12 100644 --- a/arch/sparc/include/asm/atomic_64.h @@ -4912,19 +5301,30 @@ index 7df8b7f..4946269 100644 extern unsigned long sparc64_elf_hwcap; #define ELF_HWCAP sparc64_elf_hwcap -diff --git a/arch/sparc/include/asm/page_32.h b/arch/sparc/include/asm/page_32.h -index 156707b..aefa786 100644 ---- a/arch/sparc/include/asm/page_32.h -+++ b/arch/sparc/include/asm/page_32.h -@@ -8,6 +8,8 @@ - #ifndef _SPARC_PAGE_H - #define _SPARC_PAGE_H +diff --git a/arch/sparc/include/asm/pgalloc_32.h b/arch/sparc/include/asm/pgalloc_32.h +index ca2b344..c6084f89 100644 +--- a/arch/sparc/include/asm/pgalloc_32.h ++++ b/arch/sparc/include/asm/pgalloc_32.h +@@ -37,6 +37,7 @@ BTFIXUPDEF_CALL(void, free_pgd_fast, pgd_t *) + BTFIXUPDEF_CALL(void, pgd_set, pgd_t *, pmd_t *) + #define pgd_set(pgdp,pmdp) BTFIXUP_CALL(pgd_set)(pgdp,pmdp) + #define pgd_populate(MM, PGD, PMD) pgd_set(PGD, PMD) ++#define pgd_populate_kernel(MM, PGD, PMD) pgd_populate((MM), (PGD), (PMD)) -+#include -+ - #define PAGE_SHIFT 12 + BTFIXUPDEF_CALL(pmd_t *, pmd_alloc_one, struct mm_struct *, unsigned long) + #define pmd_alloc_one(mm, address) BTFIXUP_CALL(pmd_alloc_one)(mm, address) +diff --git a/arch/sparc/include/asm/pgalloc_64.h b/arch/sparc/include/asm/pgalloc_64.h +index 40b2d7a..22a665b 100644 +--- a/arch/sparc/include/asm/pgalloc_64.h ++++ b/arch/sparc/include/asm/pgalloc_64.h +@@ -26,6 +26,7 @@ static inline void pgd_free(struct mm_struct *mm, pgd_t *pgd) + } - #ifndef __ASSEMBLY__ + #define pud_populate(MM, PUD, PMD) pud_set(PUD, PMD) ++#define pud_populate_kernel(MM, PUD, PMD) pud_populate((MM), (PUD), (PMD)) + + static inline pmd_t *pmd_alloc_one(struct mm_struct *mm, unsigned long addr) + { diff --git a/arch/sparc/include/asm/pgtable_32.h b/arch/sparc/include/asm/pgtable_32.h index a790cc6..091ed94 100644 --- a/arch/sparc/include/asm/pgtable_32.h @@ -5080,7 +5480,7 @@ index 9689176..63c18ea 100644 unsigned long mask, tmp1, tmp2, result; diff --git a/arch/sparc/include/asm/thread_info_32.h b/arch/sparc/include/asm/thread_info_32.h -index fa57532..e1a4c53 100644 +index c2a1080..21ed218 100644 --- a/arch/sparc/include/asm/thread_info_32.h +++ b/arch/sparc/include/asm/thread_info_32.h @@ -50,6 +50,8 @@ struct thread_info { @@ -5093,7 +5493,7 @@ index fa57532..e1a4c53 100644 /* diff --git a/arch/sparc/include/asm/thread_info_64.h b/arch/sparc/include/asm/thread_info_64.h -index 60d86be..952dea1 100644 +index 01d057f..13a7d2f 100644 --- a/arch/sparc/include/asm/thread_info_64.h +++ b/arch/sparc/include/asm/thread_info_64.h @@ -63,6 +63,8 @@ struct thread_info { @@ -5105,6 +5505,38 @@ index 60d86be..952dea1 100644 unsigned long fpregs[0] __attribute__ ((aligned(64))); }; +@@ -214,10 +216,11 @@ register struct thread_info *current_thread_info_reg asm("g6"); + #define TIF_UNALIGNED 5 /* allowed to do unaligned accesses */ + /* flag bit 6 is available */ + #define TIF_32BIT 7 /* 32-bit binary */ +-/* flag bit 8 is available */ ++#define TIF_GRSEC_SETXID 8 /* update credentials on syscall entry/exit */ + #define TIF_SECCOMP 9 /* secure computing */ + #define TIF_SYSCALL_AUDIT 10 /* syscall auditing active */ + #define TIF_SYSCALL_TRACEPOINT 11 /* syscall tracepoint instrumentation */ ++ + /* NOTE: Thread flags >= 12 should be ones we have no interest + * in using in assembly, else we can't use the mask as + * an immediate value in instructions such as andcc. +@@ -236,12 +239,18 @@ register struct thread_info *current_thread_info_reg asm("g6"); + #define _TIF_SYSCALL_AUDIT (1<ins[4], rwk->ins[5], rwk->ins[6], rwk->ins[7]); if (regs->tstate & TSTATE_PRIV) @@ -5297,7 +5729,7 @@ index 3739a06..48b2ff0 100644 printk("g0: %016lx g1: %016lx g2: %016lx g3: %016lx\n", regs->u_regs[0], regs->u_regs[1], regs->u_regs[2], regs->u_regs[3]); -@@ -200,7 +200,7 @@ void show_regs(struct pt_regs *regs) +@@ -202,7 +202,7 @@ void show_regs(struct pt_regs *regs) printk("o4: %016lx o5: %016lx sp: %016lx ret_pc: %016lx\n", regs->u_regs[12], regs->u_regs[13], regs->u_regs[14], regs->u_regs[15]); @@ -5306,7 +5738,7 @@ index 3739a06..48b2ff0 100644 show_regwindow(regs); show_stack(current, (unsigned long *) regs->u_regs[UREG_FP]); } -@@ -285,7 +285,7 @@ void arch_trigger_all_cpu_backtrace(void) +@@ -287,7 +287,7 @@ void arch_trigger_all_cpu_backtrace(void) ((tp && tp->task) ? tp->task->pid : -1)); if (gp->tstate & TSTATE_PRIV) { @@ -5315,6 +5747,45 @@ index 3739a06..48b2ff0 100644 (void *) gp->tpc, (void *) gp->o7, (void *) gp->i7, +diff --git a/arch/sparc/kernel/ptrace_64.c b/arch/sparc/kernel/ptrace_64.c +index 9388844..0075fd2 100644 +--- a/arch/sparc/kernel/ptrace_64.c ++++ b/arch/sparc/kernel/ptrace_64.c +@@ -1058,6 +1058,10 @@ long arch_ptrace(struct task_struct *child, long request, + return ret; + } + ++#ifdef CONFIG_GRKERNSEC_SETXID ++extern void gr_delayed_cred_worker(void); ++#endif ++ + asmlinkage int syscall_trace_enter(struct pt_regs *regs) + { + int ret = 0; +@@ -1065,6 +1069,11 @@ asmlinkage int syscall_trace_enter(struct pt_regs *regs) + /* do the secure computing check first */ + secure_computing(regs->u_regs[UREG_G1]); + ++#ifdef CONFIG_GRKERNSEC_SETXID ++ if (unlikely(test_and_clear_thread_flag(TIF_GRSEC_SETXID))) ++ gr_delayed_cred_worker(); ++#endif ++ + if (test_thread_flag(TIF_SYSCALL_TRACE)) + ret = tracehook_report_syscall_entry(regs); + +@@ -1085,6 +1094,11 @@ asmlinkage int syscall_trace_enter(struct pt_regs *regs) + + asmlinkage void syscall_trace_leave(struct pt_regs *regs) + { ++#ifdef CONFIG_GRKERNSEC_SETXID ++ if (unlikely(test_and_clear_thread_flag(TIF_GRSEC_SETXID))) ++ gr_delayed_cred_worker(); ++#endif ++ + audit_syscall_exit(regs); + + if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) diff --git a/arch/sparc/kernel/sys_sparc_32.c b/arch/sparc/kernel/sys_sparc_32.c index 42b282f..28ce9f2 100644 --- a/arch/sparc/kernel/sys_sparc_32.c @@ -5338,7 +5809,7 @@ index 42b282f..28ce9f2 100644 addr = vmm->vm_end; if (flags & MAP_SHARED) diff --git a/arch/sparc/kernel/sys_sparc_64.c b/arch/sparc/kernel/sys_sparc_64.c -index 441521a..b767073 100644 +index 232df99..cee1f9c 100644 --- a/arch/sparc/kernel/sys_sparc_64.c +++ b/arch/sparc/kernel/sys_sparc_64.c @@ -124,7 +124,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi @@ -5488,6 +5959,55 @@ index 441521a..b767073 100644 mm->get_unmapped_area = arch_get_unmapped_area_topdown; mm->unmap_area = arch_unmap_area_topdown; } +diff --git a/arch/sparc/kernel/syscalls.S b/arch/sparc/kernel/syscalls.S +index 1d7e274..b39c527 100644 +--- a/arch/sparc/kernel/syscalls.S ++++ b/arch/sparc/kernel/syscalls.S +@@ -62,7 +62,7 @@ sys32_rt_sigreturn: + #endif + .align 32 + 1: ldx [%g6 + TI_FLAGS], %l5 +- andcc %l5, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT|_TIF_SYSCALL_TRACEPOINT), %g0 ++ andcc %l5, _TIF_WORK_SYSCALL, %g0 + be,pt %icc, rtrap + nop + call syscall_trace_leave +@@ -179,7 +179,7 @@ linux_sparc_syscall32: + + srl %i5, 0, %o5 ! IEU1 + srl %i2, 0, %o2 ! IEU0 Group +- andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT|_TIF_SYSCALL_TRACEPOINT), %g0 ++ andcc %l0, _TIF_WORK_SYSCALL, %g0 + bne,pn %icc, linux_syscall_trace32 ! CTI + mov %i0, %l5 ! IEU1 + call %l7 ! CTI Group brk forced +@@ -202,7 +202,7 @@ linux_sparc_syscall: + + mov %i3, %o3 ! IEU1 + mov %i4, %o4 ! IEU0 Group +- andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT|_TIF_SYSCALL_TRACEPOINT), %g0 ++ andcc %l0, _TIF_WORK_SYSCALL, %g0 + bne,pn %icc, linux_syscall_trace ! CTI Group + mov %i0, %l5 ! IEU0 + 2: call %l7 ! CTI Group brk forced +@@ -226,7 +226,7 @@ ret_sys_call: + + cmp %o0, -ERESTART_RESTARTBLOCK + bgeu,pn %xcc, 1f +- andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT|_TIF_SYSCALL_TRACEPOINT), %l6 ++ andcc %l0, _TIF_WORK_SYSCALL, %l6 + 80: + /* System call success, clear Carry condition code. */ + andn %g3, %g2, %g3 +@@ -241,7 +241,7 @@ ret_sys_call: + /* System call failure, set Carry condition code. + * Also, get abs(errno) to return to the process. + */ +- andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT|_TIF_SYSCALL_TRACEPOINT), %l6 ++ andcc %l0, _TIF_WORK_SYSCALL, %l6 + sub %g0, %o0, %o0 + or %g3, %g2, %g3 + stx %o0, [%sp + PTREGS_OFF + PT_V9_I0] diff --git a/arch/sparc/kernel/traps_32.c b/arch/sparc/kernel/traps_32.c index 591f20c..0f1b925 100644 --- a/arch/sparc/kernel/traps_32.c @@ -5927,10 +6447,10 @@ index 59186e0..f747d7a 100644 cmp %g1, %g7 bne,pn %xcc, BACKOFF_LABEL(2f, 1b) diff --git a/arch/sparc/lib/ksyms.c b/arch/sparc/lib/ksyms.c -index 1b30bb3..b4a16c7 100644 +index f73c224..662af10 100644 --- a/arch/sparc/lib/ksyms.c +++ b/arch/sparc/lib/ksyms.c -@@ -142,12 +142,18 @@ EXPORT_SYMBOL(__downgrade_write); +@@ -136,12 +136,18 @@ EXPORT_SYMBOL(__downgrade_write); /* Atomic counter implementation. */ EXPORT_SYMBOL(atomic_add); @@ -6940,7 +7460,7 @@ index 392e533..536b092 100644 /* bytes per L2 cache line */ #define L2_CACHE_SHIFT CHIP_L2_LOG_LINE_SIZE() diff --git a/arch/um/Makefile b/arch/um/Makefile -index 7730af6..cce5b19 100644 +index 28688e6..4c0aa1c 100644 --- a/arch/um/Makefile +++ b/arch/um/Makefile @@ -61,6 +61,10 @@ USER_CFLAGS = $(patsubst $(KERNEL_DEFINES),,$(patsubst -D__KERNEL__,,\ @@ -7000,11 +7520,23 @@ index 7cfc3ce..cbd1a58 100644 #ifndef __ASSEMBLY__ struct page; +diff --git a/arch/um/include/asm/pgtable-3level.h b/arch/um/include/asm/pgtable-3level.h +index 0032f92..cd151e0 100644 +--- a/arch/um/include/asm/pgtable-3level.h ++++ b/arch/um/include/asm/pgtable-3level.h +@@ -58,6 +58,7 @@ + #define pud_present(x) (pud_val(x) & _PAGE_PRESENT) + #define pud_populate(mm, pud, pmd) \ + set_pud(pud, __pud(_PAGE_TABLE + __pa(pmd))) ++#define pud_populate_kernel(mm, pud, pmd) pud_populate((mm), (pud), (pmd)) + + #ifdef CONFIG_64BIT + #define set_pud(pudptr, pudval) set_64bit((u64 *) (pudptr), pud_val(pudval)) diff --git a/arch/um/kernel/process.c b/arch/um/kernel/process.c -index c533835..84db18e 100644 +index 69f2490..2634831 100644 --- a/arch/um/kernel/process.c +++ b/arch/um/kernel/process.c -@@ -406,22 +406,6 @@ int singlestepping(void * t) +@@ -408,22 +408,6 @@ int singlestepping(void * t) return 2; } @@ -7045,10 +7577,10 @@ index ad8f795..2c7eec6 100644 /* * Memory returned by kmalloc() may be used for DMA, so we must make diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index efb4294..61bc18c 100644 +index 5bed94e..fbcf200 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig -@@ -235,7 +235,7 @@ config X86_HT +@@ -226,7 +226,7 @@ config X86_HT config X86_32_LAZY_GS def_bool y @@ -7057,7 +7589,7 @@ index efb4294..61bc18c 100644 config ARCH_HWEIGHT_CFLAGS string -@@ -1022,7 +1022,7 @@ choice +@@ -1058,7 +1058,7 @@ choice config NOHIGHMEM bool "off" @@ -7066,7 +7598,7 @@ index efb4294..61bc18c 100644 ---help--- Linux can use up to 64 Gigabytes of physical memory on x86 systems. However, the address space of 32-bit x86 processors is only 4 -@@ -1059,7 +1059,7 @@ config NOHIGHMEM +@@ -1095,7 +1095,7 @@ config NOHIGHMEM config HIGHMEM4G bool "4GB" @@ -7075,7 +7607,7 @@ index efb4294..61bc18c 100644 ---help--- Select this if you have a 32-bit processor and between 1 and 4 gigabytes of physical RAM. -@@ -1113,7 +1113,7 @@ config PAGE_OFFSET +@@ -1149,7 +1149,7 @@ config PAGE_OFFSET hex default 0xB0000000 if VMSPLIT_3G_OPT default 0x80000000 if VMSPLIT_2G @@ -7084,7 +7616,7 @@ index efb4294..61bc18c 100644 default 0x40000000 if VMSPLIT_1G default 0xC0000000 depends on X86_32 -@@ -1496,6 +1496,7 @@ config SECCOMP +@@ -1539,6 +1539,7 @@ config SECCOMP config CC_STACKPROTECTOR bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)" @@ -7092,7 +7624,7 @@ index efb4294..61bc18c 100644 ---help--- This option turns on the -fstack-protector GCC feature. This feature puts, at the beginning of functions, a canary value on -@@ -1553,6 +1554,7 @@ config KEXEC_JUMP +@@ -1596,6 +1597,7 @@ config KEXEC_JUMP config PHYSICAL_START hex "Physical address where the kernel is loaded" if (EXPERT || CRASH_DUMP) default "0x1000000" @@ -7100,7 +7632,7 @@ index efb4294..61bc18c 100644 ---help--- This gives the physical address where the kernel is loaded. -@@ -1616,6 +1618,7 @@ config X86_NEED_RELOCS +@@ -1659,6 +1661,7 @@ config X86_NEED_RELOCS config PHYSICAL_ALIGN hex "Alignment value to which kernel should be aligned" if X86_32 default "0x1000000" @@ -7108,7 +7640,7 @@ index efb4294..61bc18c 100644 range 0x2000 0x1000000 ---help--- This value puts the alignment restrictions on physical address -@@ -1647,9 +1650,10 @@ config HOTPLUG_CPU +@@ -1690,9 +1693,10 @@ config HOTPLUG_CPU Say N if you want to disable CPU hotplug. config COMPAT_VDSO @@ -7121,10 +7653,10 @@ index efb4294..61bc18c 100644 Map the 32-bit VDSO to the predictable old-style address too. diff --git a/arch/x86/Kconfig.cpu b/arch/x86/Kconfig.cpu -index e3ca7e0..b30b28a 100644 +index 3c57033..22d44aa 100644 --- a/arch/x86/Kconfig.cpu +++ b/arch/x86/Kconfig.cpu -@@ -341,7 +341,7 @@ config X86_PPRO_FENCE +@@ -335,7 +335,7 @@ config X86_PPRO_FENCE config X86_F00F_BUG def_bool y @@ -7133,7 +7665,7 @@ index e3ca7e0..b30b28a 100644 config X86_INVD_BUG def_bool y -@@ -365,7 +365,7 @@ config X86_POPAD_OK +@@ -359,7 +359,7 @@ config X86_POPAD_OK config X86_ALIGNMENT_16 def_bool y @@ -7142,7 +7674,7 @@ index e3ca7e0..b30b28a 100644 config X86_INTEL_USERCOPY def_bool y -@@ -411,7 +411,7 @@ config X86_CMPXCHG64 +@@ -405,7 +405,7 @@ config X86_CMPXCHG64 # generates cmov. config X86_CMOV def_bool y @@ -7152,10 +7684,10 @@ index e3ca7e0..b30b28a 100644 config X86_MINIMUM_CPU_FAMILY int diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug -index bf56e17..05f9891 100644 +index e46c214..7c72b55 100644 --- a/arch/x86/Kconfig.debug +++ b/arch/x86/Kconfig.debug -@@ -81,7 +81,7 @@ config X86_PTDUMP +@@ -84,7 +84,7 @@ config X86_PTDUMP config DEBUG_RODATA bool "Write protect kernel read-only data structures" default y @@ -7164,7 +7696,7 @@ index bf56e17..05f9891 100644 ---help--- Mark the kernel read-only data as write-protected in the pagetables, in order to catch accidental (and incorrect) writes to such const -@@ -99,7 +99,7 @@ config DEBUG_RODATA_TEST +@@ -102,7 +102,7 @@ config DEBUG_RODATA_TEST config DEBUG_SET_MODULE_RONX bool "Set loadable kernel module data as NX and text as RO" @@ -7174,7 +7706,7 @@ index bf56e17..05f9891 100644 This option helps catch unintended modifications to loadable kernel module's text and read-only data. It also prevents execution diff --git a/arch/x86/Makefile b/arch/x86/Makefile -index b02e509..2631e48 100644 +index 209ba12..15140db 100644 --- a/arch/x86/Makefile +++ b/arch/x86/Makefile @@ -46,6 +46,7 @@ else @@ -7185,7 +7717,7 @@ index b02e509..2631e48 100644 KBUILD_AFLAGS += -m64 KBUILD_CFLAGS += -m64 -@@ -195,3 +196,12 @@ define archhelp +@@ -201,3 +202,12 @@ define archhelp echo ' FDARGS="..." arguments for the booted kernel' echo ' FDINITRD=file initrd for the booted kernel' endef @@ -7199,10 +7731,10 @@ index b02e509..2631e48 100644 +archprepare: + $(if $(LDFLAGS_BUILD_ID),,$(error $(OLD_LD))) diff --git a/arch/x86/boot/Makefile b/arch/x86/boot/Makefile -index 95365a8..52f857b 100644 +index 5a747dd..ff7b12c 100644 --- a/arch/x86/boot/Makefile +++ b/arch/x86/boot/Makefile -@@ -63,6 +63,9 @@ KBUILD_CFLAGS := $(LINUXINCLUDE) -g -Os -D_SETUP -D__KERNEL__ \ +@@ -64,6 +64,9 @@ KBUILD_CFLAGS := $(LINUXINCLUDE) -g -Os -D_SETUP -D__KERNEL__ \ $(call cc-option, -fno-stack-protector) \ $(call cc-option, -mpreferred-stack-boundary=2) KBUILD_CFLAGS += $(call cc-option, -m32) @@ -7257,7 +7789,7 @@ index c7093bd..d4247ffe0 100644 return diff; } diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile -index 09664ef..edc5d03 100644 +index fd55a2f..217b501 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -14,6 +14,9 @@ cflags-$(CONFIG_X86_64) := -mcmodel=small @@ -7271,10 +7803,10 @@ index 09664ef..edc5d03 100644 KBUILD_AFLAGS := $(KBUILD_CFLAGS) -D__ASSEMBLY__ GCOV_PROFILE := n diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/head_32.S -index 67a655a..b924059 100644 +index c85e3ac..6f5aa80 100644 --- a/arch/x86/boot/compressed/head_32.S +++ b/arch/x86/boot/compressed/head_32.S -@@ -76,7 +76,7 @@ ENTRY(startup_32) +@@ -106,7 +106,7 @@ preferred_addr: notl %eax andl %eax, %ebx #else @@ -7283,7 +7815,7 @@ index 67a655a..b924059 100644 #endif /* Target address to relocate to for decompression */ -@@ -162,7 +162,7 @@ relocated: +@@ -192,7 +192,7 @@ relocated: * and where it was actually loaded. */ movl %ebp, %ebx @@ -7292,7 +7824,7 @@ index 67a655a..b924059 100644 jz 2f /* Nothing to be done if loaded at compiled addr. */ /* * Process relocations. -@@ -170,8 +170,7 @@ relocated: +@@ -200,8 +200,7 @@ relocated: 1: subl $4, %edi movl (%edi), %ecx @@ -7303,7 +7835,7 @@ index 67a655a..b924059 100644 jmp 1b 2: diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S -index 35af09d..99c9676 100644 +index 87e03a1..0d94c76 100644 --- a/arch/x86/boot/compressed/head_64.S +++ b/arch/x86/boot/compressed/head_64.S @@ -91,7 +91,7 @@ ENTRY(startup_32) @@ -7315,7 +7847,7 @@ index 35af09d..99c9676 100644 #endif /* Target address to relocate to for decompression */ -@@ -233,7 +233,7 @@ ENTRY(startup_64) +@@ -263,7 +263,7 @@ preferred_addr: notq %rax andq %rax, %rbp #else @@ -7325,7 +7857,7 @@ index 35af09d..99c9676 100644 /* Target address to relocate to for decompression */ diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c -index 3a19d04..7c1d55a 100644 +index 7116dcb..d9ae1d7 100644 --- a/arch/x86/boot/compressed/misc.c +++ b/arch/x86/boot/compressed/misc.c @@ -310,7 +310,7 @@ static void parse_elf(void *output) @@ -7337,7 +7869,7 @@ index 3a19d04..7c1d55a 100644 #else dest = (void *)(phdr->p_paddr); #endif -@@ -363,7 +363,7 @@ asmlinkage void decompress_kernel(void *rmode, memptr heap, +@@ -365,7 +365,7 @@ asmlinkage void decompress_kernel(void *rmode, memptr heap, error("Destination address too large"); #endif #ifndef CONFIG_RELOCATABLE @@ -7347,7 +7879,7 @@ index 3a19d04..7c1d55a 100644 #endif diff --git a/arch/x86/boot/compressed/relocs.c b/arch/x86/boot/compressed/relocs.c -index 89bbf4e..869908e 100644 +index e77f4e4..17e511f 100644 --- a/arch/x86/boot/compressed/relocs.c +++ b/arch/x86/boot/compressed/relocs.c @@ -13,8 +13,11 @@ @@ -7452,7 +7984,7 @@ index 89bbf4e..869908e 100644 rel->r_info = elf32_to_cpu(rel->r_info); } } -@@ -396,14 +440,14 @@ static void read_relocs(FILE *fp) +@@ -396,13 +440,13 @@ static void read_relocs(FILE *fp) static void print_absolute_symbols(void) { @@ -7463,13 +7995,12 @@ index 89bbf4e..869908e 100644 for (i = 0; i < ehdr.e_shnum; i++) { struct section *sec = &secs[i]; char *sym_strtab; - Elf32_Sym *sh_symtab; - int j; + unsigned int j; if (sec->shdr.sh_type != SHT_SYMTAB) { continue; -@@ -431,14 +475,14 @@ static void print_absolute_symbols(void) +@@ -429,14 +473,14 @@ static void print_absolute_symbols(void) static void print_absolute_relocs(void) { @@ -7486,7 +8017,7 @@ index 89bbf4e..869908e 100644 if (sec->shdr.sh_type != SHT_REL) { continue; } -@@ -499,13 +543,13 @@ static void print_absolute_relocs(void) +@@ -497,13 +541,13 @@ static void print_absolute_relocs(void) static void walk_relocs(void (*visit)(Elf32_Rel *rel, Elf32_Sym *sym)) { @@ -7502,7 +8033,7 @@ index 89bbf4e..869908e 100644 struct section *sec = &secs[i]; if (sec->shdr.sh_type != SHT_REL) { -@@ -530,6 +574,22 @@ static void walk_relocs(void (*visit)(Elf32_Rel *rel, Elf32_Sym *sym)) +@@ -528,6 +572,22 @@ static void walk_relocs(void (*visit)(Elf32_Rel *rel, Elf32_Sym *sym)) !is_rel_reloc(sym_name(sym_strtab, sym))) { continue; } @@ -7525,7 +8056,7 @@ index 89bbf4e..869908e 100644 switch (r_type) { case R_386_NONE: case R_386_PC32: -@@ -571,7 +631,7 @@ static int cmp_relocs(const void *va, const void *vb) +@@ -569,7 +629,7 @@ static int cmp_relocs(const void *va, const void *vb) static void emit_relocs(int as_text) { @@ -7534,7 +8065,7 @@ index 89bbf4e..869908e 100644 /* Count how many relocations I have and allocate space for them. */ reloc_count = 0; walk_relocs(count_reloc); -@@ -665,6 +725,7 @@ int main(int argc, char **argv) +@@ -663,6 +723,7 @@ int main(int argc, char **argv) fname, strerror(errno)); } read_ehdr(fp); @@ -7642,10 +8173,10 @@ index 4d3ff03..e4972ff 100644 err = check_flags(); } diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S -index bdb4d45..0476680 100644 +index f1bbeeb..aff09cb 100644 --- a/arch/x86/boot/header.S +++ b/arch/x86/boot/header.S -@@ -224,7 +224,7 @@ setup_data: .quad 0 # 64-bit physical pointer to +@@ -372,7 +372,7 @@ setup_data: .quad 0 # 64-bit physical pointer to # single linked list of # struct setup_data @@ -7904,6 +8435,19 @@ index be6d9e3..21fbbca 100644 ret +ENDPROC(aesni_ctr_enc) #endif +diff --git a/arch/x86/crypto/aesni-intel_glue.c b/arch/x86/crypto/aesni-intel_glue.c +index 545d0ce..14841a6 100644 +--- a/arch/x86/crypto/aesni-intel_glue.c ++++ b/arch/x86/crypto/aesni-intel_glue.c +@@ -929,6 +929,8 @@ out_free_ablkcipher: + } + + static int rfc4106_set_key(struct crypto_aead *parent, const u8 *key, ++ unsigned int key_len) __size_overflow(3); ++static int rfc4106_set_key(struct crypto_aead *parent, const u8 *key, + unsigned int key_len) + { + int ret = 0; diff --git a/arch/x86/crypto/blowfish-x86_64-asm_64.S b/arch/x86/crypto/blowfish-x86_64-asm_64.S index 391d245..67f35c2 100644 --- a/arch/x86/crypto/blowfish-x86_64-asm_64.S @@ -7992,6 +8536,40 @@ index 6214a9b..1f4fc9a 100644 mov %rsi,%rdx + pax_force_retaddr ret +diff --git a/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S b/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S +index 7f24a15..9cd3ffe 100644 +--- a/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S ++++ b/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S +@@ -24,6 +24,8 @@ + * + */ + ++#include ++ + .file "serpent-sse2-x86_64-asm_64.S" + .text + +@@ -695,12 +697,14 @@ __serpent_enc_blk_8way: + write_blocks(%rsi, RA1, RB1, RC1, RD1, RK0, RK1, RK2); + write_blocks(%rax, RA2, RB2, RC2, RD2, RK0, RK1, RK2); + ++ pax_force_retaddr + ret; + + __enc_xor8: + xor_blocks(%rsi, RA1, RB1, RC1, RD1, RK0, RK1, RK2); + xor_blocks(%rax, RA2, RB2, RC2, RD2, RK0, RK1, RK2); + ++ pax_force_retaddr + ret; + + .align 8 +@@ -758,4 +762,5 @@ serpent_dec_blk_8way: + write_blocks(%rsi, RC1, RD1, RB1, RE1, RK0, RK1, RK2); + write_blocks(%rax, RC2, RD2, RB2, RE2, RK0, RK1, RK2); + ++ pax_force_retaddr + ret; diff --git a/arch/x86/crypto/sha1_ssse3_asm.S b/arch/x86/crypto/sha1_ssse3_asm.S index b2c2f57..8470cab 100644 --- a/arch/x86/crypto/sha1_ssse3_asm.S @@ -8076,7 +8654,7 @@ index 7bcf3fc..f53832f 100644 + pax_force_retaddr 0, 1 ret diff --git a/arch/x86/ia32/ia32_aout.c b/arch/x86/ia32/ia32_aout.c -index fd84387..887aa7e 100644 +index 39e4909..887aa7e 100644 --- a/arch/x86/ia32/ia32_aout.c +++ b/arch/x86/ia32/ia32_aout.c @@ -162,6 +162,8 @@ static int aout_core_dump(long signr, struct pt_regs *regs, struct file *file, @@ -8088,34 +8666,6 @@ index fd84387..887aa7e 100644 fs = get_fs(); set_fs(KERNEL_DS); has_dumped = 1; -@@ -315,6 +317,13 @@ static int load_aout_binary(struct linux_binprm *bprm, struct pt_regs *regs) - current->mm->free_area_cache = TASK_UNMAPPED_BASE; - current->mm->cached_hole_size = 0; - -+ retval = setup_arg_pages(bprm, IA32_STACK_TOP, EXSTACK_DEFAULT); -+ if (retval < 0) { -+ /* Someone check-me: is this error path enough? */ -+ send_sig(SIGKILL, current, 0); -+ return retval; -+ } -+ - install_exec_creds(bprm); - current->flags &= ~PF_FORKNOEXEC; - -@@ -410,13 +419,6 @@ beyond_if: - - set_brk(current->mm->start_brk, current->mm->brk); - -- retval = setup_arg_pages(bprm, IA32_STACK_TOP, EXSTACK_DEFAULT); -- if (retval < 0) { -- /* Someone check-me: is this error path enough? */ -- send_sig(SIGKILL, current, 0); -- return retval; -- } -- - current->mm->start_stack = - (unsigned long)create_aout_tables((char __user *)bprm->p, bprm); - /* start thread */ diff --git a/arch/x86/ia32/ia32_signal.c b/arch/x86/ia32/ia32_signal.c index 6557769..ef6ae89 100644 --- a/arch/x86/ia32/ia32_signal.c @@ -8197,20 +8747,21 @@ index 6557769..ef6ae89 100644 if (err) diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S -index a6253ec..4ad2120 100644 +index e3e7340..05ed805 100644 --- a/arch/x86/ia32/ia32entry.S +++ b/arch/x86/ia32/ia32entry.S -@@ -13,7 +13,9 @@ +@@ -13,8 +13,10 @@ #include #include #include +#include #include + #include +#include /* Avoid __ASSEMBLER__'ifying just for this. */ #include -@@ -95,6 +97,32 @@ ENTRY(native_irq_enable_sysexit) +@@ -94,6 +96,32 @@ ENTRY(native_irq_enable_sysexit) ENDPROC(native_irq_enable_sysexit) #endif @@ -8243,7 +8794,7 @@ index a6253ec..4ad2120 100644 /* * 32bit SYSENTER instruction entry. * -@@ -121,12 +149,6 @@ ENTRY(ia32_sysenter_target) +@@ -120,12 +148,6 @@ ENTRY(ia32_sysenter_target) CFI_REGISTER rsp,rbp SWAPGS_UNSAFE_STACK movq PER_CPU_VAR(kernel_stack), %rsp @@ -8256,11 +8807,11 @@ index a6253ec..4ad2120 100644 movl %ebp,%ebp /* zero extension */ pushq_cfi $__USER32_DS /*CFI_REL_OFFSET ss,0*/ -@@ -134,25 +156,39 @@ ENTRY(ia32_sysenter_target) +@@ -133,24 +155,39 @@ ENTRY(ia32_sysenter_target) CFI_REL_OFFSET rsp,0 pushfq_cfi /*CFI_REL_OFFSET rflags,0*/ -- movl 8*3-THREAD_SIZE+TI_sysenter_return(%rsp), %r10d +- movl TI_sysenter_return+THREAD_INFO(%rsp,3*8-KERNEL_STACK_OFFSET),%r10d - CFI_REGISTER rip,r10 + orl $X86_EFLAGS_IF,(%rsp) + GET_THREAD_INFO(%r11) @@ -8293,78 +8844,75 @@ index a6253ec..4ad2120 100644 .section __ex_table,"a" .quad 1b,ia32_badarg .previous -- GET_THREAD_INFO(%r10) -- orl $TS_COMPAT,TI_status(%r10) -- testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r10) +- orl $TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET) +- testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET) + GET_THREAD_INFO(%r11) + orl $TS_COMPAT,TI_status(%r11) + testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r11) CFI_REMEMBER_STATE jnz sysenter_tracesys cmpq $(IA32_NR_syscalls-1),%rax -@@ -162,13 +198,15 @@ sysenter_do_call: +@@ -160,12 +197,15 @@ sysenter_do_call: sysenter_dispatch: call *ia32_sys_call_table(,%rax,8) movq %rax,RAX-ARGOFFSET(%rsp) -- GET_THREAD_INFO(%r10) + GET_THREAD_INFO(%r11) DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF -- testl $_TIF_ALLWORK_MASK,TI_flags(%r10) +- testl $_TIF_ALLWORK_MASK,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET) + testl $_TIF_ALLWORK_MASK,TI_flags(%r11) jnz sysexit_audit sysexit_from_sys_call: -- andl $~TS_COMPAT,TI_status(%r10) +- andl $~TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET) + pax_exit_kernel_user + pax_erase_kstack + andl $~TS_COMPAT,TI_status(%r11) /* clear IF, that popfq doesn't enable interrupts early */ andl $~0x200,EFLAGS-R11(%rsp) movl RIP-R11(%rsp),%edx /* User %eip */ -@@ -194,6 +232,9 @@ sysexit_from_sys_call: +@@ -191,6 +231,9 @@ sysexit_from_sys_call: movl %eax,%esi /* 2nd arg: syscall number */ movl $AUDIT_ARCH_I386,%edi /* 1st arg: audit arch */ - call audit_syscall_entry + call __audit_syscall_entry + + pax_erase_kstack + movl RAX-ARGOFFSET(%rsp),%eax /* reload syscall number */ cmpq $(IA32_NR_syscalls-1),%rax ja ia32_badsys -@@ -205,7 +246,7 @@ sysexit_from_sys_call: +@@ -202,7 +245,7 @@ sysexit_from_sys_call: .endm .macro auditsys_exit exit -- testl $(_TIF_ALLWORK_MASK & ~_TIF_SYSCALL_AUDIT),TI_flags(%r10) +- testl $(_TIF_ALLWORK_MASK & ~_TIF_SYSCALL_AUDIT),TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET) + testl $(_TIF_ALLWORK_MASK & ~_TIF_SYSCALL_AUDIT),TI_flags(%r11) jnz ia32_ret_from_sys_call TRACE_IRQS_ON sti -@@ -215,12 +256,12 @@ sysexit_from_sys_call: +@@ -213,11 +256,12 @@ sysexit_from_sys_call: + 1: setbe %al /* 1 if error, 0 if not */ movzbl %al,%edi /* zero-extend that into %edi */ - inc %edi /* first arg, 0->1(AUDITSC_SUCCESS), 1->2(AUDITSC_FAILURE) */ - call audit_syscall_exit -- GET_THREAD_INFO(%r10) + call __audit_syscall_exit + GET_THREAD_INFO(%r11) - movl RAX-ARGOFFSET(%rsp),%eax /* reload syscall return value */ + movq RAX-ARGOFFSET(%rsp),%rax /* reload syscall return value */ movl $(_TIF_ALLWORK_MASK & ~_TIF_SYSCALL_AUDIT),%edi cli TRACE_IRQS_OFF -- testl %edi,TI_flags(%r10) +- testl %edi,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET) + testl %edi,TI_flags(%r11) jz \exit CLEAR_RREGS -ARGOFFSET jmp int_with_check -@@ -238,7 +279,7 @@ sysexit_audit: +@@ -235,7 +279,7 @@ sysexit_audit: sysenter_tracesys: #ifdef CONFIG_AUDITSYSCALL -- testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags(%r10) +- testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET) + testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags(%r11) jz sysenter_auditsys #endif SAVE_REST -@@ -246,6 +287,9 @@ sysenter_tracesys: +@@ -243,6 +287,9 @@ sysenter_tracesys: movq $-ENOSYS,RAX(%rsp)/* ptrace can change this for a bad syscall */ movq %rsp,%rdi /* &pt_regs -> arg1 */ call syscall_trace_enter @@ -8374,7 +8922,7 @@ index a6253ec..4ad2120 100644 LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace changed it */ RESTORE_REST cmpq $(IA32_NR_syscalls-1),%rax -@@ -277,19 +321,20 @@ ENDPROC(ia32_sysenter_target) +@@ -274,19 +321,20 @@ ENDPROC(ia32_sysenter_target) ENTRY(ia32_cstar_target) CFI_STARTPROC32 simple CFI_SIGNAL_FRAME @@ -8397,7 +8945,7 @@ index a6253ec..4ad2120 100644 movl %eax,%eax /* zero extension */ movq %rax,ORIG_RAX-ARGOFFSET(%rsp) movq %rcx,RIP-ARGOFFSET(%rsp) -@@ -305,13 +350,19 @@ ENTRY(ia32_cstar_target) +@@ -302,12 +350,19 @@ ENTRY(ia32_cstar_target) /* no need to do an access_ok check here because r8 has been 32bit zero extended */ /* hardware stack frame is complete now */ @@ -8411,44 +8959,42 @@ index a6253ec..4ad2120 100644 .section __ex_table,"a" .quad 1b,ia32_badarg .previous -- GET_THREAD_INFO(%r10) -- orl $TS_COMPAT,TI_status(%r10) -- testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r10) +- orl $TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET) +- testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET) + GET_THREAD_INFO(%r11) + orl $TS_COMPAT,TI_status(%r11) + testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r11) CFI_REMEMBER_STATE jnz cstar_tracesys cmpq $IA32_NR_syscalls-1,%rax -@@ -321,13 +372,15 @@ cstar_do_call: +@@ -317,12 +372,15 @@ cstar_do_call: cstar_dispatch: call *ia32_sys_call_table(,%rax,8) movq %rax,RAX-ARGOFFSET(%rsp) -- GET_THREAD_INFO(%r10) + GET_THREAD_INFO(%r11) DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF -- testl $_TIF_ALLWORK_MASK,TI_flags(%r10) +- testl $_TIF_ALLWORK_MASK,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET) + testl $_TIF_ALLWORK_MASK,TI_flags(%r11) jnz sysretl_audit sysretl_from_sys_call: -- andl $~TS_COMPAT,TI_status(%r10) +- andl $~TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET) + pax_exit_kernel_user + pax_erase_kstack + andl $~TS_COMPAT,TI_status(%r11) RESTORE_ARGS 0,-ARG_SKIP,0,0,0 movl RIP-ARGOFFSET(%rsp),%ecx CFI_REGISTER rip,rcx -@@ -355,7 +408,7 @@ sysretl_audit: +@@ -350,7 +408,7 @@ sysretl_audit: cstar_tracesys: #ifdef CONFIG_AUDITSYSCALL -- testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags(%r10) +- testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET) + testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags(%r11) jz cstar_auditsys #endif xchgl %r9d,%ebp -@@ -364,6 +417,9 @@ cstar_tracesys: +@@ -359,6 +417,9 @@ cstar_tracesys: movq $-ENOSYS,RAX(%rsp) /* ptrace can change this for a bad syscall */ movq %rsp,%rdi /* &pt_regs -> arg1 */ call syscall_trace_enter @@ -8458,7 +9004,7 @@ index a6253ec..4ad2120 100644 LOAD_ARGS32 ARGOFFSET, 1 /* reload args from stack in case ptrace changed it */ RESTORE_REST xchgl %ebp,%r9d -@@ -409,20 +465,21 @@ ENTRY(ia32_syscall) +@@ -404,19 +465,21 @@ ENTRY(ia32_syscall) CFI_REL_OFFSET rip,RIP-RIP PARAVIRT_ADJUST_EXCEPTION_FRAME SWAPGS @@ -8473,9 +9019,8 @@ index a6253ec..4ad2120 100644 /* note the registers are not zero extended to the sf. this could be a problem. */ SAVE_ARGS 0,1,0 -- GET_THREAD_INFO(%r10) -- orl $TS_COMPAT,TI_status(%r10) -- testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r10) +- orl $TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET) +- testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET) + pax_enter_kernel_user + /* + * No need to follow this irqs on/off section: the syscall @@ -8488,7 +9033,7 @@ index a6253ec..4ad2120 100644 jnz ia32_tracesys cmpq $(IA32_NR_syscalls-1),%rax ja ia32_badsys -@@ -441,6 +498,9 @@ ia32_tracesys: +@@ -435,6 +498,9 @@ ia32_tracesys: movq $-ENOSYS,RAX(%rsp) /* ptrace can change this for a bad syscall */ movq %rsp,%rdi /* &pt_regs -> arg1 */ call syscall_trace_enter @@ -8498,14 +9043,6 @@ index a6253ec..4ad2120 100644 LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace changed it */ RESTORE_REST cmpq $(IA32_NR_syscalls-1),%rax -@@ -455,6 +515,7 @@ ia32_badsys: - - quiet_ni_syscall: - movq $-ENOSYS,%rax -+ pax_force_retaddr - ret - CFI_ENDPROC - diff --git a/arch/x86/ia32/sys_ia32.c b/arch/x86/ia32/sys_ia32.c index f6f5c53..b358b28 100644 --- a/arch/x86/ia32/sys_ia32.c @@ -8578,22 +9115,9 @@ index f6f5c53..b358b28 100644 set_fs(old_fs); diff --git a/arch/x86/include/asm/alternative-asm.h b/arch/x86/include/asm/alternative-asm.h -index 091508b..7692c6f 100644 +index 952bd01..7692c6f 100644 --- a/arch/x86/include/asm/alternative-asm.h +++ b/arch/x86/include/asm/alternative-asm.h -@@ -4,10 +4,10 @@ - - #ifdef CONFIG_SMP - .macro LOCK_PREFIX --1: lock -+672: lock - .section .smp_locks,"a" - .balign 4 -- .long 1b - . -+ .long 672b - . - .previous - .endm - #else @@ -15,6 +15,45 @@ .endm #endif @@ -8654,7 +9178,7 @@ index 37ad100..7d47faa 100644 ".previous" diff --git a/arch/x86/include/asm/apic.h b/arch/x86/include/asm/apic.h -index 1a6c09a..fec2432 100644 +index 3ab9bdd..238033e 100644 --- a/arch/x86/include/asm/apic.h +++ b/arch/x86/include/asm/apic.h @@ -45,7 +45,7 @@ static inline void generic_apic_probe(void) @@ -9098,7 +9622,7 @@ index 58cb6d4..ca9010d 100644 /* * atomic_dec_if_positive - decrement by 1 if old value positive diff --git a/arch/x86/include/asm/atomic64_32.h b/arch/x86/include/asm/atomic64_32.h -index 24098aa..1e37723 100644 +index fa13f0e..27c2e08 100644 --- a/arch/x86/include/asm/atomic64_32.h +++ b/arch/x86/include/asm/atomic64_32.h @@ -12,6 +12,14 @@ typedef struct { @@ -9163,7 +9687,7 @@ index 24098aa..1e37723 100644 * atomic64_read - read atomic64 variable * @v: pointer to type atomic64_t * -@@ -93,6 +134,22 @@ static inline long long atomic64_read(atomic64_t *v) +@@ -93,6 +134,22 @@ static inline long long atomic64_read(const atomic64_t *v) } /** @@ -9562,7 +10086,7 @@ index 0e1cbfc..5623683 100644 #define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1, 0) diff --git a/arch/x86/include/asm/bitops.h b/arch/x86/include/asm/bitops.h -index 1775d6e..b65017f 100644 +index b97596e..9bd48b06 100644 --- a/arch/x86/include/asm/bitops.h +++ b/arch/x86/include/asm/bitops.h @@ -38,7 +38,7 @@ @@ -9666,28 +10190,32 @@ index 46fc474..b02b0f9 100644 if (len) diff --git a/arch/x86/include/asm/cmpxchg.h b/arch/x86/include/asm/cmpxchg.h -index 5d3acdf..6447a02 100644 +index 99480e5..d81165b 100644 --- a/arch/x86/include/asm/cmpxchg.h +++ b/arch/x86/include/asm/cmpxchg.h -@@ -14,6 +14,8 @@ extern void __cmpxchg_wrong_size(void) +@@ -14,8 +14,12 @@ extern void __cmpxchg_wrong_size(void) __compiletime_error("Bad argument size for cmpxchg"); extern void __xadd_wrong_size(void) __compiletime_error("Bad argument size for xadd"); +extern void __xadd_check_overflow_wrong_size(void) + __compiletime_error("Bad argument size for xadd_check_overflow"); + extern void __add_wrong_size(void) + __compiletime_error("Bad argument size for add"); ++extern void __add_check_overflow_wrong_size(void) ++ __compiletime_error("Bad argument size for add_check_overflow"); /* * Constants for operation sizes. On 32-bit, the 64-bit size it set to -@@ -195,6 +197,34 @@ extern void __xadd_wrong_size(void) +@@ -67,6 +71,34 @@ extern void __add_wrong_size(void) __ret; \ }) -+#define __xadd_check_overflow(ptr, inc, lock) \ ++#define __xchg_op_check_overflow(ptr, arg, op, lock) \ + ({ \ -+ __typeof__ (*(ptr)) __ret = (inc); \ ++ __typeof__ (*(ptr)) __ret = (arg); \ + switch (sizeof(*(ptr))) { \ + case __X86_CASE_L: \ -+ asm volatile (lock "xaddl %0, %1\n" \ ++ asm volatile (lock #op "l %0, %1\n" \ + "jno 0f\n" \ + "mov %0,%1\n" \ + "int $4\n0:\n" \ @@ -9696,7 +10224,7 @@ index 5d3acdf..6447a02 100644 + : : "memory", "cc"); \ + break; \ + case __X86_CASE_Q: \ -+ asm volatile (lock "xaddq %q0, %1\n" \ ++ asm volatile (lock #op "q %q0, %1\n" \ + "jno 0f\n" \ + "mov %0,%1\n" \ + "int $4\n0:\n" \ @@ -9705,26 +10233,29 @@ index 5d3acdf..6447a02 100644 + : : "memory", "cc"); \ + break; \ + default: \ -+ __xadd_check_overflow_wrong_size(); \ ++ __ ## op ## _check_overflow_wrong_size(); \ + } \ + __ret; \ + }) + /* - * xadd() adds "inc" to "*ptr" and atomically returns the previous - * value of "*ptr". -@@ -207,4 +237,6 @@ extern void __xadd_wrong_size(void) + * Note: no "lock" prefix even on SMP: xchg always implies lock anyway. + * Since this is generally used to protect other memory information, we +@@ -167,6 +199,9 @@ extern void __add_wrong_size(void) #define xadd_sync(ptr, inc) __xadd((ptr), (inc), "lock; ") #define xadd_local(ptr, inc) __xadd((ptr), (inc), "") -+#define xadd_check_overflow(ptr, inc) __xadd_check_overflow((ptr), (inc), LOCK_PREFIX) ++#define __xadd_check_overflow(ptr, inc, lock) __xchg_op_check_overflow((ptr), (inc), xadd, lock) ++#define xadd_check_overflow(ptr, inc) __xadd_check_overflow((ptr), (inc), LOCK_PREFIX) + - #endif /* ASM_X86_CMPXCHG_H */ + #define __add(ptr, inc, lock) \ + ({ \ + __typeof__ (*(ptr)) __ret = (inc); \ diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h -index f3444f7..051a196 100644 +index 8d67d42..183d0eb 100644 --- a/arch/x86/include/asm/cpufeature.h +++ b/arch/x86/include/asm/cpufeature.h -@@ -363,7 +363,7 @@ static __always_inline __pure bool __static_cpu_has(u16 bit) +@@ -367,7 +367,7 @@ static __always_inline __pure bool __static_cpu_has(u16 bit) ".section .discard,\"aw\",@progbits\n" " .byte 0xff + (4f-3f) - (2b-1b)\n" /* size check */ ".previous\n" @@ -9734,7 +10265,7 @@ index f3444f7..051a196 100644 "4:\n" ".previous\n" diff --git a/arch/x86/include/asm/desc.h b/arch/x86/include/asm/desc.h -index 41935fa..3b40db8 100644 +index e95822d..a90010e 100644 --- a/arch/x86/include/asm/desc.h +++ b/arch/x86/include/asm/desc.h @@ -4,6 +4,7 @@ @@ -9753,11 +10284,13 @@ index 41935fa..3b40db8 100644 desc->s = 1; desc->dpl = 0x3; -@@ -34,17 +36,12 @@ static inline void fill_ldt(struct desc_struct *desc, const struct user_desc *in +@@ -34,19 +36,14 @@ static inline void fill_ldt(struct desc_struct *desc, const struct user_desc *in } extern struct desc_ptr idt_descr; -extern gate_desc idt_table[]; + extern struct desc_ptr nmi_idt_descr; +-extern gate_desc nmi_idt_table[]; - -struct gdt_page { - struct desc_struct gdt[GDT_ENTRIES]; @@ -9765,6 +10298,7 @@ index 41935fa..3b40db8 100644 - -DECLARE_PER_CPU_PAGE_ALIGNED(struct gdt_page, gdt_page); +extern gate_desc idt_table[256]; ++extern gate_desc nmi_idt_table[256]; +extern struct desc_struct cpu_gdt_table[NR_CPUS][PAGE_SIZE / sizeof(struct desc_struct)]; static inline struct desc_struct *get_cpu_gdt_table(unsigned int cpu) @@ -9774,7 +10308,7 @@ index 41935fa..3b40db8 100644 } #ifdef CONFIG_X86_64 -@@ -69,8 +66,14 @@ static inline void pack_gate(gate_desc *gate, unsigned char type, +@@ -71,8 +68,14 @@ static inline void pack_gate(gate_desc *gate, unsigned char type, unsigned long base, unsigned dpl, unsigned flags, unsigned short seg) { @@ -9791,7 +10325,7 @@ index 41935fa..3b40db8 100644 } #endif -@@ -115,12 +118,16 @@ static inline void paravirt_free_ldt(struct desc_struct *ldt, unsigned entries) +@@ -117,12 +120,16 @@ static inline void paravirt_free_ldt(struct desc_struct *ldt, unsigned entries) static inline void native_write_idt_entry(gate_desc *idt, int entry, const gate_desc *gate) { @@ -9808,7 +10342,7 @@ index 41935fa..3b40db8 100644 } static inline void -@@ -134,7 +141,9 @@ native_write_gdt_entry(struct desc_struct *gdt, int entry, const void *desc, int +@@ -136,7 +143,9 @@ native_write_gdt_entry(struct desc_struct *gdt, int entry, const void *desc, int default: size = sizeof(*gdt); break; } @@ -9818,7 +10352,7 @@ index 41935fa..3b40db8 100644 } static inline void pack_descriptor(struct desc_struct *desc, unsigned long base, -@@ -207,7 +216,9 @@ static inline void native_set_ldt(const void *addr, unsigned int entries) +@@ -209,7 +218,9 @@ static inline void native_set_ldt(const void *addr, unsigned int entries) static inline void native_load_tr_desc(void) { @@ -9828,7 +10362,7 @@ index 41935fa..3b40db8 100644 } static inline void native_load_gdt(const struct desc_ptr *dtr) -@@ -244,8 +255,10 @@ static inline void native_load_tls(struct thread_struct *t, unsigned int cpu) +@@ -246,8 +257,10 @@ static inline void native_load_tls(struct thread_struct *t, unsigned int cpu) struct desc_struct *gdt = get_cpu_gdt_table(cpu); unsigned int i; @@ -9839,16 +10373,25 @@ index 41935fa..3b40db8 100644 } #define _LDT_empty(info) \ -@@ -307,7 +320,7 @@ static inline void set_desc_limit(struct desc_struct *desc, unsigned long limit) - desc->limit = (limit >> 16) & 0xf; +@@ -310,7 +323,7 @@ static inline void set_desc_limit(struct desc_struct *desc, unsigned long limit) } + #ifdef CONFIG_X86_64 +-static inline void set_nmi_gate(int gate, void *addr) ++static inline void set_nmi_gate(int gate, const void *addr) + { + gate_desc s; + +@@ -319,7 +332,7 @@ static inline void set_nmi_gate(int gate, void *addr) + } + #endif + -static inline void _set_gate(int gate, unsigned type, void *addr, +static inline void _set_gate(int gate, unsigned type, const void *addr, unsigned dpl, unsigned ist, unsigned seg) { gate_desc s; -@@ -326,7 +339,7 @@ static inline void _set_gate(int gate, unsigned type, void *addr, +@@ -338,7 +351,7 @@ static inline void _set_gate(int gate, unsigned type, void *addr, * Pentium F0 0F bugfix can have resulted in the mapped * IDT being write-protected. */ @@ -9857,7 +10400,7 @@ index 41935fa..3b40db8 100644 { BUG_ON((unsigned)n > 0xFF); _set_gate(n, GATE_INTERRUPT, addr, 0, 0, __KERNEL_CS); -@@ -356,19 +369,19 @@ static inline void alloc_intr_gate(unsigned int n, void *addr) +@@ -368,19 +381,19 @@ static inline void alloc_intr_gate(unsigned int n, void *addr) /* * This routine sets up an interrupt gate at directory privilege level 3. */ @@ -9880,7 +10423,7 @@ index 41935fa..3b40db8 100644 { BUG_ON((unsigned)n > 0xFF); _set_gate(n, GATE_TRAP, addr, 0, 0, __KERNEL_CS); -@@ -377,19 +390,31 @@ static inline void set_trap_gate(unsigned int n, void *addr) +@@ -389,19 +402,31 @@ static inline void set_trap_gate(unsigned int n, void *addr) static inline void set_task_gate(unsigned int n, unsigned int gdt_entry) { BUG_ON((unsigned)n > 0xFF); @@ -9933,7 +10476,7 @@ index 278441f..b95a174 100644 } __attribute__((packed)); diff --git a/arch/x86/include/asm/e820.h b/arch/x86/include/asm/e820.h -index 908b969..a1f4eb4 100644 +index 3778256..c5d4fce 100644 --- a/arch/x86/include/asm/e820.h +++ b/arch/x86/include/asm/e820.h @@ -69,7 +69,7 @@ struct e820map { @@ -10107,10 +10650,10 @@ index eb92a6e..b98b2f4 100644 /* EISA */ extern void eisa_set_level_irq(unsigned int irq); diff --git a/arch/x86/include/asm/i387.h b/arch/x86/include/asm/i387.h -index a850b4d..bae26dc 100644 +index 2479049..3fb9795 100644 --- a/arch/x86/include/asm/i387.h +++ b/arch/x86/include/asm/i387.h -@@ -92,6 +92,11 @@ static inline int fxrstor_checking(struct i387_fxsave_struct *fx) +@@ -93,6 +93,11 @@ static inline int fxrstor_checking(struct i387_fxsave_struct *fx) { int err; @@ -10122,7 +10665,7 @@ index a850b4d..bae26dc 100644 /* See comment in fxsave() below. */ #ifdef CONFIG_AS_FXSAVEQ asm volatile("1: fxrstorq %[fx]\n\t" -@@ -121,6 +126,11 @@ static inline int fxsave_user(struct i387_fxsave_struct __user *fx) +@@ -122,6 +127,11 @@ static inline int fxsave_user(struct i387_fxsave_struct __user *fx) { int err; @@ -10134,7 +10677,16 @@ index a850b4d..bae26dc 100644 /* * Clear the bytes not touched by the fxsave and reserved * for the SW usage. -@@ -424,7 +434,7 @@ static inline bool interrupted_kernel_fpu_idle(void) +@@ -278,7 +288,7 @@ static inline int restore_fpu_checking(struct task_struct *tsk) + "emms\n\t" /* clear stack tags */ + "fildl %P[addr]", /* set F?P to defined value */ + X86_FEATURE_FXSAVE_LEAK, +- [addr] "m" (tsk->thread.fpu.has_fpu)); ++ [addr] "m" (init_tss[smp_processor_id()].x86_tss.sp0)); + + return fpu_restore_checking(&tsk->thread.fpu); + } +@@ -445,7 +455,7 @@ static inline bool interrupted_kernel_fpu_idle(void) static inline bool interrupted_user_mode(void) { struct pt_regs *regs = get_irq_regs(); @@ -10202,19 +10754,10 @@ index 5478825..839e88c 100644 #define flush_insn_slot(p) do { } while (0) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h -index b4973f4..a42170a 100644 +index 52d6640..136b3bd 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h -@@ -459,7 +459,7 @@ struct kvm_arch { - unsigned int n_requested_mmu_pages; - unsigned int n_max_mmu_pages; - unsigned int indirect_shadow_pages; -- atomic_t invlpg_counter; -+ atomic_unchecked_t invlpg_counter; - struct hlist_head mmu_page_hash[KVM_NUM_MMU_PAGES]; - /* - * Hash table of struct kvm_mmu_page. -@@ -638,7 +638,7 @@ struct kvm_x86_ops { +@@ -663,7 +663,7 @@ struct kvm_x86_ops { int (*check_intercept)(struct kvm_vcpu *vcpu, struct x86_instruction_info *info, enum x86_intercept_stage stage); @@ -10223,36 +10766,24 @@ index b4973f4..a42170a 100644 struct kvm_arch_async_pf { u32 token; -@@ -667,9 +667,9 @@ void kvm_mmu_change_mmu_pages(struct kvm *kvm, unsigned int kvm_nr_mmu_pages); +@@ -694,7 +694,7 @@ void kvm_mmu_change_mmu_pages(struct kvm *kvm, unsigned int kvm_nr_mmu_pages); int load_pdptrs(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu, unsigned long cr3); int emulator_write_phys(struct kvm_vcpu *vcpu, gpa_t gpa, - const void *val, int bytes); + const void *val, int bytes) __size_overflow(2); - int kvm_pv_mmu_op(struct kvm_vcpu *vcpu, unsigned long bytes, -- gpa_t addr, unsigned long *ret); -+ gpa_t addr, unsigned long *ret) __size_overflow(2,3); u8 kvm_get_guest_memory_type(struct kvm_vcpu *vcpu, gfn_t gfn); extern bool tdp_enabled; -@@ -730,7 +730,7 @@ void kvm_get_cs_db_l_bits(struct kvm_vcpu *vcpu, int *db, int *l); - int kvm_set_xcr(struct kvm_vcpu *vcpu, u32 index, u64 xcr); +@@ -781,7 +781,7 @@ int fx_init(struct kvm_vcpu *vcpu); - int kvm_get_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata); --int kvm_set_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 data); -+int kvm_set_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 data) __size_overflow(3); - - unsigned long kvm_get_rflags(struct kvm_vcpu *vcpu); - void kvm_set_rflags(struct kvm_vcpu *vcpu, unsigned long rflags); -@@ -755,7 +755,7 @@ int fx_init(struct kvm_vcpu *vcpu); void kvm_mmu_flush_tlb(struct kvm_vcpu *vcpu); void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa, - const u8 *new, int bytes, -- bool guest_initiated); -+ bool guest_initiated) __size_overflow(2); +- const u8 *new, int bytes); ++ const u8 *new, int bytes) __size_overflow(2); + int kvm_mmu_unprotect_page(struct kvm *kvm, gfn_t gfn); int kvm_mmu_unprotect_page_virt(struct kvm_vcpu *vcpu, gva_t gva); void __kvm_mmu_free_some_pages(struct kvm_vcpu *vcpu); - int kvm_mmu_load(struct kvm_vcpu *vcpu); diff --git a/arch/x86/include/asm/local.h b/arch/x86/include/asm/local.h index 9cdae5d..300d20f 100644 --- a/arch/x86/include/asm/local.h @@ -10787,7 +11318,7 @@ index 8e8b9a4..f07d725 100644 /* This contains all the paravirt structures: we get a convenient * number for each function using the offset which we use to indicate diff --git a/arch/x86/include/asm/pgalloc.h b/arch/x86/include/asm/pgalloc.h -index b4389a4..b7ff22c 100644 +index b4389a4..7024269 100644 --- a/arch/x86/include/asm/pgalloc.h +++ b/arch/x86/include/asm/pgalloc.h @@ -63,6 +63,13 @@ static inline void pmd_populate_kernel(struct mm_struct *mm, @@ -10804,6 +11335,42 @@ index b4389a4..b7ff22c 100644 set_pmd(pmd, __pmd(__pa(pte) | _PAGE_TABLE)); } +@@ -99,12 +106,22 @@ static inline void __pmd_free_tlb(struct mmu_gather *tlb, pmd_t *pmd, + + #ifdef CONFIG_X86_PAE + extern void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd); ++static inline void pud_populate_kernel(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd) ++{ ++ pud_populate(mm, pudp, pmd); ++} + #else /* !CONFIG_X86_PAE */ + static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd) + { + paravirt_alloc_pmd(mm, __pa(pmd) >> PAGE_SHIFT); + set_pud(pud, __pud(_PAGE_TABLE | __pa(pmd))); + } ++ ++static inline void pud_populate_kernel(struct mm_struct *mm, pud_t *pud, pmd_t *pmd) ++{ ++ paravirt_alloc_pmd(mm, __pa(pmd) >> PAGE_SHIFT); ++ set_pud(pud, __pud(_KERNPG_TABLE | __pa(pmd))); ++} + #endif /* CONFIG_X86_PAE */ + + #if PAGETABLE_LEVELS > 3 +@@ -114,6 +131,12 @@ static inline void pgd_populate(struct mm_struct *mm, pgd_t *pgd, pud_t *pud) + set_pgd(pgd, __pgd(_PAGE_TABLE | __pa(pud))); + } + ++static inline void pgd_populate_kernel(struct mm_struct *mm, pgd_t *pgd, pud_t *pud) ++{ ++ paravirt_alloc_pud(mm, __pa(pud) >> PAGE_SHIFT); ++ set_pgd(pgd, __pgd(_KERNPG_TABLE | __pa(pud))); ++} ++ + static inline pud_t *pud_alloc_one(struct mm_struct *mm, unsigned long addr) + { + return (pud_t *)get_zeroed_page(GFP_KERNEL|__GFP_REPEAT); diff --git a/arch/x86/include/asm/pgtable-2level.h b/arch/x86/include/asm/pgtable-2level.h index 98391db..8f6984e 100644 --- a/arch/x86/include/asm/pgtable-2level.h @@ -10840,7 +11407,7 @@ index effff47..f9e4035 100644 /* diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h -index 18601c8..3d716d1 100644 +index 49afb3f..ed14d07 100644 --- a/arch/x86/include/asm/pgtable.h +++ b/arch/x86/include/asm/pgtable.h @@ -44,6 +44,7 @@ extern struct mm_struct *pgd_page_get_mm(struct page *page); @@ -11101,7 +11668,7 @@ index ed5903b..c7fe163 100644 #define MODULES_END VMALLOC_END #define MODULES_LEN (MODULES_VADDR - MODULES_END) diff --git a/arch/x86/include/asm/pgtable_64.h b/arch/x86/include/asm/pgtable_64.h -index 975f709..107976d 100644 +index 975f709..9f779c9 100644 --- a/arch/x86/include/asm/pgtable_64.h +++ b/arch/x86/include/asm/pgtable_64.h @@ -16,10 +16,14 @@ @@ -11131,7 +11698,17 @@ index 975f709..107976d 100644 } static inline void native_pmd_clear(pmd_t *pmd) -@@ -107,6 +113,13 @@ static inline void native_pud_clear(pud_t *pud) +@@ -97,7 +103,9 @@ static inline pmd_t native_pmdp_get_and_clear(pmd_t *xp) + + static inline void native_set_pud(pud_t *pudp, pud_t pud) + { ++ pax_open_kernel(); + *pudp = pud; ++ pax_close_kernel(); + } + + static inline void native_pud_clear(pud_t *pud) +@@ -107,6 +115,13 @@ static inline void native_pud_clear(pud_t *pud) static inline void native_set_pgd(pgd_t *pgdp, pgd_t pgd) { @@ -11276,10 +11853,10 @@ index 013286a..8b42f4f 100644 #define pgprot_writecombine pgprot_writecombine extern pgprot_t pgprot_writecombine(pgprot_t prot); diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h -index bb3ee36..781a6b8 100644 +index 58545c9..fe6fc38e 100644 --- a/arch/x86/include/asm/processor.h +++ b/arch/x86/include/asm/processor.h -@@ -268,7 +268,7 @@ struct tss_struct { +@@ -266,7 +266,7 @@ struct tss_struct { } ____cacheline_aligned; @@ -11288,7 +11865,7 @@ index bb3ee36..781a6b8 100644 /* * Save the original ist values for checking stack pointers during debugging -@@ -861,11 +861,18 @@ static inline void spin_lock_prefetch(const void *x) +@@ -860,11 +860,18 @@ static inline void spin_lock_prefetch(const void *x) */ #define TASK_SIZE PAGE_OFFSET #define TASK_SIZE_MAX TASK_SIZE @@ -11309,7 +11886,7 @@ index bb3ee36..781a6b8 100644 .vm86_info = NULL, \ .sysenter_cs = __KERNEL_CS, \ .io_bitmap_ptr = NULL, \ -@@ -879,7 +886,7 @@ static inline void spin_lock_prefetch(const void *x) +@@ -878,7 +885,7 @@ static inline void spin_lock_prefetch(const void *x) */ #define INIT_TSS { \ .x86_tss = { \ @@ -11318,7 +11895,7 @@ index bb3ee36..781a6b8 100644 .ss0 = __KERNEL_DS, \ .ss1 = __KERNEL_CS, \ .io_bitmap_base = INVALID_IO_BITMAP_OFFSET, \ -@@ -890,11 +897,7 @@ static inline void spin_lock_prefetch(const void *x) +@@ -889,11 +896,7 @@ static inline void spin_lock_prefetch(const void *x) extern unsigned long thread_saved_pc(struct task_struct *tsk); #define THREAD_SIZE_LONGS (THREAD_SIZE/sizeof(unsigned long)) @@ -11331,7 +11908,7 @@ index bb3ee36..781a6b8 100644 /* * The below -8 is to reserve 8 bytes on top of the ring0 stack. -@@ -909,7 +912,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); +@@ -908,7 +911,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); #define task_pt_regs(task) \ ({ \ struct pt_regs *__regs__; \ @@ -11340,7 +11917,7 @@ index bb3ee36..781a6b8 100644 __regs__ - 1; \ }) -@@ -919,13 +922,13 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); +@@ -918,13 +921,13 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); /* * User space process size. 47bits minus one guard page. */ @@ -11356,7 +11933,7 @@ index bb3ee36..781a6b8 100644 #define TASK_SIZE (test_thread_flag(TIF_IA32) ? \ IA32_PAGE_OFFSET : TASK_SIZE_MAX) -@@ -936,11 +939,11 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); +@@ -935,11 +938,11 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); #define STACK_TOP_MAX TASK_SIZE_MAX #define INIT_THREAD { \ @@ -11370,7 +11947,7 @@ index bb3ee36..781a6b8 100644 } /* -@@ -962,6 +965,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip, +@@ -961,6 +964,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip, */ #define TASK_UNMAPPED_BASE (PAGE_ALIGN(TASK_SIZE / 3)) @@ -11661,7 +12238,7 @@ index 5e64171..f58957e 100644 #define __USER_DS (GDT_ENTRY_DEFAULT_USER_DS*8+3) #define __USER_CS (GDT_ENTRY_DEFAULT_USER_CS*8+3) diff --git a/arch/x86/include/asm/smp.h b/arch/x86/include/asm/smp.h -index 73b11bc..d4a3b63 100644 +index 0434c40..1714bf0 100644 --- a/arch/x86/include/asm/smp.h +++ b/arch/x86/include/asm/smp.h @@ -36,7 +36,7 @@ DECLARE_PER_CPU(cpumask_var_t, cpu_core_map); @@ -11700,10 +12277,10 @@ index 73b11bc..d4a3b63 100644 #endif diff --git a/arch/x86/include/asm/spinlock.h b/arch/x86/include/asm/spinlock.h -index 972c260..43ab1fd 100644 +index a82c2bf..2198f61 100644 --- a/arch/x86/include/asm/spinlock.h +++ b/arch/x86/include/asm/spinlock.h -@@ -188,6 +188,14 @@ static inline int arch_write_can_lock(arch_rwlock_t *lock) +@@ -175,6 +175,14 @@ static inline int arch_write_can_lock(arch_rwlock_t *lock) static inline void arch_read_lock(arch_rwlock_t *rw) { asm volatile(LOCK_PREFIX READ_LOCK_SIZE(dec) " (%0)\n\t" @@ -11718,7 +12295,7 @@ index 972c260..43ab1fd 100644 "jns 1f\n" "call __read_lock_failed\n\t" "1:\n" -@@ -197,6 +205,14 @@ static inline void arch_read_lock(arch_rwlock_t *rw) +@@ -184,6 +192,14 @@ static inline void arch_read_lock(arch_rwlock_t *rw) static inline void arch_write_lock(arch_rwlock_t *rw) { asm volatile(LOCK_PREFIX WRITE_LOCK_SUB(%1) "(%0)\n\t" @@ -11733,7 +12310,7 @@ index 972c260..43ab1fd 100644 "jz 1f\n" "call __write_lock_failed\n\t" "1:\n" -@@ -226,13 +242,29 @@ static inline int arch_write_trylock(arch_rwlock_t *lock) +@@ -213,13 +229,29 @@ static inline int arch_write_trylock(arch_rwlock_t *lock) static inline void arch_read_unlock(arch_rwlock_t *rw) { @@ -11914,7 +12491,7 @@ index 2d2f01c..f985723 100644 /* * Force strict CPU ordering. diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h -index d7ef849..6af292e 100644 +index cfd8144..664ac89 100644 --- a/arch/x86/include/asm/thread_info.h +++ b/arch/x86/include/asm/thread_info.h @@ -10,6 +10,7 @@ @@ -11933,7 +12510,7 @@ index d7ef849..6af292e 100644 struct exec_domain *exec_domain; /* execution domain */ __u32 flags; /* low level flags */ __u32 status; /* thread synchronous flags */ -@@ -34,18 +34,12 @@ struct thread_info { +@@ -34,19 +34,13 @@ struct thread_info { mm_segment_t addr_limit; struct restart_block restart_block; void __user *sysenter_return; @@ -11944,7 +12521,8 @@ index d7ef849..6af292e 100644 - __u8 supervisor_stack[0]; -#endif + unsigned long lowest_stack; - int uaccess_err; + unsigned int sig_on_uaccess_error:1; + unsigned int uaccess_err:1; /* uaccess failed */ }; -#define INIT_THREAD_INFO(tsk) \ @@ -11954,7 +12532,7 @@ index d7ef849..6af292e 100644 .exec_domain = &default_exec_domain, \ .flags = 0, \ .cpu = 0, \ -@@ -56,7 +50,7 @@ struct thread_info { +@@ -57,7 +51,7 @@ struct thread_info { }, \ } @@ -11963,7 +12541,45 @@ index d7ef849..6af292e 100644 #define init_stack (init_thread_union.stack) #else /* !__ASSEMBLY__ */ -@@ -170,45 +164,40 @@ struct thread_info { +@@ -95,6 +89,7 @@ struct thread_info { + #define TIF_BLOCKSTEP 25 /* set when we want DEBUGCTLMSR_BTF */ + #define TIF_LAZY_MMU_UPDATES 27 /* task is updating the mmu lazily */ + #define TIF_SYSCALL_TRACEPOINT 28 /* syscall tracepoint instrumentation */ ++#define TIF_GRSEC_SETXID 29 /* update credentials on syscall entry/exit */ + + #define _TIF_SYSCALL_TRACE (1 << TIF_SYSCALL_TRACE) + #define _TIF_NOTIFY_RESUME (1 << TIF_NOTIFY_RESUME) +@@ -116,16 +111,17 @@ struct thread_info { + #define _TIF_BLOCKSTEP (1 << TIF_BLOCKSTEP) + #define _TIF_LAZY_MMU_UPDATES (1 << TIF_LAZY_MMU_UPDATES) + #define _TIF_SYSCALL_TRACEPOINT (1 << TIF_SYSCALL_TRACEPOINT) ++#define _TIF_GRSEC_SETXID (1 << TIF_GRSEC_SETXID) + + /* work to do in syscall_trace_enter() */ + #define _TIF_WORK_SYSCALL_ENTRY \ + (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_EMU | _TIF_SYSCALL_AUDIT | \ +- _TIF_SECCOMP | _TIF_SINGLESTEP | _TIF_SYSCALL_TRACEPOINT) ++ _TIF_SECCOMP | _TIF_SINGLESTEP | _TIF_SYSCALL_TRACEPOINT | _TIF_GRSEC_SETXID) + + /* work to do in syscall_trace_leave() */ + #define _TIF_WORK_SYSCALL_EXIT \ + (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | _TIF_SINGLESTEP | \ +- _TIF_SYSCALL_TRACEPOINT) ++ _TIF_SYSCALL_TRACEPOINT | _TIF_GRSEC_SETXID) + + /* work to do on interrupt/exception return */ + #define _TIF_WORK_MASK \ +@@ -135,7 +131,8 @@ struct thread_info { + + /* work to do on any return to user space */ + #define _TIF_ALLWORK_MASK \ +- ((0x0000FFFF & ~_TIF_SECCOMP) | _TIF_SYSCALL_TRACEPOINT) ++ ((0x0000FFFF & ~_TIF_SECCOMP) | _TIF_SYSCALL_TRACEPOINT | \ ++ _TIF_GRSEC_SETXID) + + /* Only used for 64 bit */ + #define _TIF_DO_NOTIFY_MASK \ +@@ -169,45 +166,40 @@ struct thread_info { ret; \ }) @@ -12034,7 +12650,7 @@ index d7ef849..6af292e 100644 /* * macros/functions for gaining access to the thread information structure * preempt_count needs to be 1 initially, until the scheduler is functional. -@@ -216,21 +205,8 @@ static inline struct thread_info *current_thread_info(void) +@@ -215,27 +207,8 @@ static inline struct thread_info *current_thread_info(void) #ifndef __ASSEMBLY__ DECLARE_PER_CPU(unsigned long, kernel_stack); @@ -12053,12 +12669,18 @@ index d7ef849..6af292e 100644 - movq PER_CPU_VAR(kernel_stack),reg ; \ - subq $(THREAD_SIZE-KERNEL_STACK_OFFSET),reg - +-/* +- * Same if PER_CPU_VAR(kernel_stack) is, perhaps with some offset, already in +- * a certain register (to be used in assembler memory operands). +- */ +-#define THREAD_INFO(reg, off) KERNEL_STACK_OFFSET+(off)-THREAD_SIZE(reg) +- +/* how to get the current stack pointer from C */ +register unsigned long current_stack_pointer asm("rsp") __used; #endif #endif /* !X86_32 */ -@@ -264,5 +240,16 @@ extern void arch_task_cache_init(void); +@@ -269,5 +242,16 @@ extern void arch_task_cache_init(void); extern void free_thread_info(struct thread_info *ti); extern int arch_dup_task_struct(struct task_struct *dst, struct task_struct *src); #define arch_task_cache_init arch_task_cache_init @@ -12076,7 +12698,7 @@ index d7ef849..6af292e 100644 #endif #endif /* _ASM_X86_THREAD_INFO_H */ diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h -index 36361bf..324f262 100644 +index 8be5f54..7ae826d 100644 --- a/arch/x86/include/asm/uaccess.h +++ b/arch/x86/include/asm/uaccess.h @@ -7,12 +7,15 @@ @@ -13001,10 +13623,10 @@ index bb05228..d763d5b 100644 #endif diff --git a/arch/x86/include/asm/x86_init.h b/arch/x86/include/asm/x86_init.h -index 1971e65..1e3559b 100644 +index a609c39..7a68dc7 100644 --- a/arch/x86/include/asm/x86_init.h +++ b/arch/x86/include/asm/x86_init.h -@@ -28,7 +28,7 @@ struct x86_init_mpparse { +@@ -29,7 +29,7 @@ struct x86_init_mpparse { void (*mpc_oem_bus_info)(struct mpc_bus *m, char *name); void (*find_smp_config)(void); void (*get_smp_config)(unsigned int early); @@ -13013,7 +13635,7 @@ index 1971e65..1e3559b 100644 /** * struct x86_init_resources - platform specific resource related ops -@@ -42,7 +42,7 @@ struct x86_init_resources { +@@ -43,7 +43,7 @@ struct x86_init_resources { void (*probe_roms)(void); void (*reserve_resources)(void); char *(*memory_setup)(void); @@ -13022,7 +13644,7 @@ index 1971e65..1e3559b 100644 /** * struct x86_init_irqs - platform specific interrupt setup -@@ -55,7 +55,7 @@ struct x86_init_irqs { +@@ -56,7 +56,7 @@ struct x86_init_irqs { void (*pre_vector_init)(void); void (*intr_init)(void); void (*trap_init)(void); @@ -13031,7 +13653,7 @@ index 1971e65..1e3559b 100644 /** * struct x86_init_oem - oem platform specific customizing functions -@@ -65,7 +65,7 @@ struct x86_init_irqs { +@@ -66,7 +66,7 @@ struct x86_init_irqs { struct x86_init_oem { void (*arch_setup)(void); void (*banner)(void); @@ -13040,7 +13662,7 @@ index 1971e65..1e3559b 100644 /** * struct x86_init_mapping - platform specific initial kernel pagetable setup -@@ -76,7 +76,7 @@ struct x86_init_oem { +@@ -77,7 +77,7 @@ struct x86_init_oem { */ struct x86_init_mapping { void (*pagetable_reserve)(u64 start, u64 end); @@ -13049,7 +13671,7 @@ index 1971e65..1e3559b 100644 /** * struct x86_init_paging - platform specific paging functions -@@ -86,7 +86,7 @@ struct x86_init_mapping { +@@ -87,7 +87,7 @@ struct x86_init_mapping { struct x86_init_paging { void (*pagetable_setup_start)(pgd_t *base); void (*pagetable_setup_done)(pgd_t *base); @@ -13058,7 +13680,7 @@ index 1971e65..1e3559b 100644 /** * struct x86_init_timers - platform specific timer setup -@@ -101,7 +101,7 @@ struct x86_init_timers { +@@ -102,7 +102,7 @@ struct x86_init_timers { void (*tsc_pre_init)(void); void (*timer_init)(void); void (*wallclock_init)(void); @@ -13067,7 +13689,7 @@ index 1971e65..1e3559b 100644 /** * struct x86_init_iommu - platform specific iommu setup -@@ -109,7 +109,7 @@ struct x86_init_timers { +@@ -110,7 +110,7 @@ struct x86_init_timers { */ struct x86_init_iommu { int (*iommu_init)(void); @@ -13076,7 +13698,7 @@ index 1971e65..1e3559b 100644 /** * struct x86_init_pci - platform specific pci init functions -@@ -123,7 +123,7 @@ struct x86_init_pci { +@@ -124,7 +124,7 @@ struct x86_init_pci { int (*init)(void); void (*init_irq)(void); void (*fixup_irqs)(void); @@ -13085,7 +13707,7 @@ index 1971e65..1e3559b 100644 /** * struct x86_init_ops - functions for platform specific setup -@@ -139,7 +139,7 @@ struct x86_init_ops { +@@ -140,7 +140,7 @@ struct x86_init_ops { struct x86_init_timers timers; struct x86_init_iommu iommu; struct x86_init_pci pci; @@ -13094,16 +13716,16 @@ index 1971e65..1e3559b 100644 /** * struct x86_cpuinit_ops - platform specific cpu hotplug setups -@@ -147,7 +147,7 @@ struct x86_init_ops { - */ +@@ -149,7 +149,7 @@ struct x86_init_ops { struct x86_cpuinit_ops { void (*setup_percpu_clockev)(void); + void (*fixup_cpu_id)(struct cpuinfo_x86 *c, int node); -}; +} __no_const; /** * struct x86_platform_ops - platform specific runtime functions -@@ -169,7 +169,7 @@ struct x86_platform_ops { +@@ -171,7 +171,7 @@ struct x86_platform_ops { void (*nmi_init)(void); unsigned char (*get_nmi_reason)(void); int (*i8042_detect)(void); @@ -13112,10 +13734,10 @@ index 1971e65..1e3559b 100644 struct pci_dev; -@@ -177,7 +177,7 @@ struct x86_msi_ops { - int (*setup_msi_irqs)(struct pci_dev *dev, int nvec, int type); +@@ -180,7 +180,7 @@ struct x86_msi_ops { void (*teardown_msi_irq)(unsigned int irq); void (*teardown_msi_irqs)(struct pci_dev *dev); + void (*restore_msi_irqs)(struct pci_dev *dev, int irq); -}; +} __no_const; @@ -13365,10 +13987,10 @@ index 1f84794..e23f862 100644 } diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c -index f98d84c..e402a69 100644 +index 5b3f88e..61232b4 100644 --- a/arch/x86/kernel/apic/apic.c +++ b/arch/x86/kernel/apic/apic.c -@@ -174,7 +174,7 @@ int first_system_vector = 0xfe; +@@ -184,7 +184,7 @@ int first_system_vector = 0xfe; /* * Debug level, exported for io_apic.c */ @@ -13377,7 +13999,7 @@ index f98d84c..e402a69 100644 int pic_mode; -@@ -1853,7 +1853,7 @@ void smp_error_interrupt(struct pt_regs *regs) +@@ -1912,7 +1912,7 @@ void smp_error_interrupt(struct pt_regs *regs) apic_write(APIC_ESR, 0); v1 = apic_read(APIC_ESR); ack_APIC_irq(); @@ -13387,7 +14009,7 @@ index f98d84c..e402a69 100644 apic_printk(APIC_DEBUG, KERN_DEBUG "APIC error on CPU%d: %02x(%02x)", smp_processor_id(), v0 , v1); diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c -index 6d939d7..0697fcc 100644 +index fb07275..e06bb59 100644 --- a/arch/x86/kernel/apic/io_apic.c +++ b/arch/x86/kernel/apic/io_apic.c @@ -1096,7 +1096,7 @@ int IO_APIC_get_PCI_irq_vector(int bus, int slot, int pin, @@ -13427,7 +14049,7 @@ index 6d939d7..0697fcc 100644 eoi_ioapic_irq(irq, cfg); } diff --git a/arch/x86/kernel/apm_32.c b/arch/x86/kernel/apm_32.c -index a46bd38..6b906d7 100644 +index f76623c..aab694f 100644 --- a/arch/x86/kernel/apm_32.c +++ b/arch/x86/kernel/apm_32.c @@ -411,7 +411,7 @@ static DEFINE_MUTEX(apm_mutex); @@ -13502,7 +14124,7 @@ index a46bd38..6b906d7 100644 proc_create("apm", 0, NULL, &apm_file_ops); diff --git a/arch/x86/kernel/asm-offsets.c b/arch/x86/kernel/asm-offsets.c -index 4f13faf..87db5d2 100644 +index 68de2dc..1f3c720 100644 --- a/arch/x86/kernel/asm-offsets.c +++ b/arch/x86/kernel/asm-offsets.c @@ -33,6 +33,8 @@ void common(void) { @@ -13542,10 +14164,10 @@ index 4f13faf..87db5d2 100644 BLANK(); OFFSET(XEN_vcpu_info_mask, vcpu_info, evtchn_upcall_mask); diff --git a/arch/x86/kernel/asm-offsets_64.c b/arch/x86/kernel/asm-offsets_64.c -index e72a119..6e2955d 100644 +index 834e897..dacddc8 100644 --- a/arch/x86/kernel/asm-offsets_64.c +++ b/arch/x86/kernel/asm-offsets_64.c -@@ -69,6 +69,7 @@ int main(void) +@@ -70,6 +70,7 @@ int main(void) BLANK(); #undef ENTRY @@ -13569,10 +14191,10 @@ index 25f24dc..4094a7f 100644 obj-y += proc.o capflags.o powerflags.o common.o obj-y += vmware.o hypervisor.o sched.o mshyperv.o diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c -index 0bab2b1..d0a1bf8 100644 +index 80ab83d..0a7b34e 100644 --- a/arch/x86/kernel/cpu/amd.c +++ b/arch/x86/kernel/cpu/amd.c -@@ -664,7 +664,7 @@ static unsigned int __cpuinit amd_size_cache(struct cpuinfo_x86 *c, +@@ -670,7 +670,7 @@ static unsigned int __cpuinit amd_size_cache(struct cpuinfo_x86 *c, unsigned int size) { /* AMD errata T13 (order #21922) */ @@ -13582,7 +14204,7 @@ index 0bab2b1..d0a1bf8 100644 if (c->x86_model == 3 && c->x86_mask == 0) size = 64; diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c -index aa003b1..47ea638 100644 +index 1a810e4..9fa8201 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -84,60 +84,6 @@ static const struct cpu_dev __cpuinitconst default_cpu = { @@ -13655,7 +14277,7 @@ index aa003b1..47ea638 100644 gdt_descr.size = GDT_SIZE - 1; load_gdt(&gdt_descr); /* Reload the per-cpu base */ -@@ -844,6 +790,10 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c) +@@ -839,6 +785,10 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c) /* Filter out anything that depends on CPUID levels we don't have */ filter_cpuid_features(c, true); @@ -13666,7 +14288,7 @@ index aa003b1..47ea638 100644 /* If the model name is still unset, do table lookup. */ if (!c->x86_model_id[0]) { const char *p; -@@ -1024,6 +974,9 @@ static __init int setup_disablecpuid(char *arg) +@@ -1019,10 +969,12 @@ static __init int setup_disablecpuid(char *arg) } __setup("clearcpuid=", setup_disablecpuid); @@ -13675,8 +14297,13 @@ index aa003b1..47ea638 100644 + #ifdef CONFIG_X86_64 struct desc_ptr idt_descr = { NR_VECTORS * 16 - 1, (unsigned long) idt_table }; +-struct desc_ptr nmi_idt_descr = { NR_VECTORS * 16 - 1, +- (unsigned long) nmi_idt_table }; ++struct desc_ptr nmi_idt_descr = { NR_VECTORS * 16 - 1, (unsigned long) nmi_idt_table }; -@@ -1039,7 +992,7 @@ DEFINE_PER_CPU(struct task_struct *, current_task) ____cacheline_aligned = + DEFINE_PER_CPU_FIRST(union irq_stack_union, + irq_stack_union) __aligned(PAGE_SIZE); +@@ -1036,7 +988,7 @@ DEFINE_PER_CPU(struct task_struct *, current_task) ____cacheline_aligned = EXPORT_PER_CPU_SYMBOL(current_task); DEFINE_PER_CPU(unsigned long, kernel_stack) = @@ -13685,7 +14312,7 @@ index aa003b1..47ea638 100644 EXPORT_PER_CPU_SYMBOL(kernel_stack); DEFINE_PER_CPU(char *, irq_stack_ptr) = -@@ -1104,7 +1057,7 @@ struct pt_regs * __cpuinit idle_regs(struct pt_regs *regs) +@@ -1126,7 +1078,7 @@ struct pt_regs * __cpuinit idle_regs(struct pt_regs *regs) { memset(regs, 0, sizeof(struct pt_regs)); regs->fs = __KERNEL_PERCPU; @@ -13694,7 +14321,7 @@ index aa003b1..47ea638 100644 return regs; } -@@ -1159,7 +1112,7 @@ void __cpuinit cpu_init(void) +@@ -1181,7 +1133,7 @@ void __cpuinit cpu_init(void) int i; cpu = stack_smp_processor_id(); @@ -13703,7 +14330,7 @@ index aa003b1..47ea638 100644 oist = &per_cpu(orig_ist, cpu); #ifdef CONFIG_NUMA -@@ -1185,7 +1138,7 @@ void __cpuinit cpu_init(void) +@@ -1207,7 +1159,7 @@ void __cpuinit cpu_init(void) switch_to_new_gdt(cpu); loadsegment(fs, 0); @@ -13712,7 +14339,7 @@ index aa003b1..47ea638 100644 memset(me->thread.tls_array, 0, GDT_ENTRY_TLS_ENTRIES * 8); syscall_init(); -@@ -1194,7 +1147,6 @@ void __cpuinit cpu_init(void) +@@ -1216,7 +1168,6 @@ void __cpuinit cpu_init(void) wrmsrl(MSR_KERNEL_GS_BASE, 0); barrier(); @@ -13720,7 +14347,7 @@ index aa003b1..47ea638 100644 if (cpu != 0) enable_x2apic(); -@@ -1248,7 +1200,7 @@ void __cpuinit cpu_init(void) +@@ -1272,7 +1223,7 @@ void __cpuinit cpu_init(void) { int cpu = smp_processor_id(); struct task_struct *curr = current; @@ -13730,7 +14357,7 @@ index aa003b1..47ea638 100644 if (cpumask_test_and_set_cpu(cpu, cpu_initialized_mask)) { diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c -index 5231312..a78a987 100644 +index 3e6ff6c..54b4992 100644 --- a/arch/x86/kernel/cpu/intel.c +++ b/arch/x86/kernel/cpu/intel.c @@ -174,7 +174,7 @@ static void __cpuinit trap_init_f00f_bug(void) @@ -13743,10 +14370,10 @@ index 5231312..a78a987 100644 } #endif diff --git a/arch/x86/kernel/cpu/mcheck/mce-inject.c b/arch/x86/kernel/cpu/mcheck/mce-inject.c -index 319882e..993534e 100644 +index fc4beb3..f20a5a7 100644 --- a/arch/x86/kernel/cpu/mcheck/mce-inject.c +++ b/arch/x86/kernel/cpu/mcheck/mce-inject.c -@@ -173,6 +173,8 @@ static void raise_mce(struct mce *m) +@@ -199,6 +199,8 @@ static void raise_mce(struct mce *m) /* Error injection interface */ static ssize_t mce_write(struct file *filp, const char __user *ubuf, @@ -13756,7 +14383,7 @@ index 319882e..993534e 100644 { struct mce m; diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c -index 2af127d..8ff7ac0 100644 +index 5a11ae2..a1a1c8a 100644 --- a/arch/x86/kernel/cpu/mcheck/mce.c +++ b/arch/x86/kernel/cpu/mcheck/mce.c @@ -42,6 +42,7 @@ @@ -13767,7 +14394,7 @@ index 2af127d..8ff7ac0 100644 #include "mce-internal.h" -@@ -202,7 +203,7 @@ static void print_mce(struct mce *m) +@@ -250,7 +251,7 @@ static void print_mce(struct mce *m) !(m->mcgstatus & MCG_STATUS_EIPV) ? " !INEXACT!" : "", m->cs, m->ip); @@ -13776,7 +14403,7 @@ index 2af127d..8ff7ac0 100644 print_symbol("{%s}", m->ip); pr_cont("\n"); } -@@ -235,10 +236,10 @@ static void print_mce(struct mce *m) +@@ -283,10 +284,10 @@ static void print_mce(struct mce *m) #define PANIC_TIMEOUT 5 /* 5 seconds */ @@ -13789,7 +14416,7 @@ index 2af127d..8ff7ac0 100644 /* Panic in progress. Enable interrupts and wait for final IPI */ static void wait_for_panic(void) -@@ -262,7 +263,7 @@ static void mce_panic(char *msg, struct mce *final, char *exp) +@@ -310,7 +311,7 @@ static void mce_panic(char *msg, struct mce *final, char *exp) /* * Make sure only one CPU runs in machine check panic */ @@ -13798,7 +14425,7 @@ index 2af127d..8ff7ac0 100644 wait_for_panic(); barrier(); -@@ -270,7 +271,7 @@ static void mce_panic(char *msg, struct mce *final, char *exp) +@@ -318,7 +319,7 @@ static void mce_panic(char *msg, struct mce *final, char *exp) console_verbose(); } else { /* Don't log too much for fake panic */ @@ -13807,7 +14434,7 @@ index 2af127d..8ff7ac0 100644 return; } /* First print corrected ones that are still unlogged */ -@@ -610,7 +611,7 @@ static int mce_timed_out(u64 *t) +@@ -658,7 +659,7 @@ static int mce_timed_out(u64 *t) * might have been modified by someone else. */ rmb(); @@ -13816,7 +14443,7 @@ index 2af127d..8ff7ac0 100644 wait_for_panic(); if (!monarch_timeout) goto out; -@@ -1398,7 +1399,7 @@ static void unexpected_machine_check(struct pt_regs *regs, long error_code) +@@ -1446,7 +1447,7 @@ static void unexpected_machine_check(struct pt_regs *regs, long error_code) } /* Call the installed machine check handler for this CPU setup. */ @@ -13825,7 +14452,7 @@ index 2af127d..8ff7ac0 100644 unexpected_machine_check; /* -@@ -1421,7 +1422,9 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c) +@@ -1469,7 +1470,9 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c) return; } @@ -13835,7 +14462,7 @@ index 2af127d..8ff7ac0 100644 __mcheck_cpu_init_generic(); __mcheck_cpu_init_vendor(c); -@@ -1435,7 +1438,7 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c) +@@ -1483,7 +1486,7 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c) */ static DEFINE_SPINLOCK(mce_chrdev_state_lock); @@ -13844,7 +14471,7 @@ index 2af127d..8ff7ac0 100644 static int mce_chrdev_open_exclu; /* already open exclusive? */ static int mce_chrdev_open(struct inode *inode, struct file *file) -@@ -1443,7 +1446,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file) +@@ -1491,7 +1494,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file) spin_lock(&mce_chrdev_state_lock); if (mce_chrdev_open_exclu || @@ -13853,7 +14480,7 @@ index 2af127d..8ff7ac0 100644 spin_unlock(&mce_chrdev_state_lock); return -EBUSY; -@@ -1451,7 +1454,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file) +@@ -1499,7 +1502,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file) if (file->f_flags & O_EXCL) mce_chrdev_open_exclu = 1; @@ -13862,7 +14489,7 @@ index 2af127d..8ff7ac0 100644 spin_unlock(&mce_chrdev_state_lock); -@@ -1462,7 +1465,7 @@ static int mce_chrdev_release(struct inode *inode, struct file *file) +@@ -1510,7 +1513,7 @@ static int mce_chrdev_release(struct inode *inode, struct file *file) { spin_lock(&mce_chrdev_state_lock); @@ -13871,7 +14498,7 @@ index 2af127d..8ff7ac0 100644 mce_chrdev_open_exclu = 0; spin_unlock(&mce_chrdev_state_lock); -@@ -2171,7 +2174,7 @@ struct dentry *mce_get_debugfs_dir(void) +@@ -2229,7 +2232,7 @@ struct dentry *mce_get_debugfs_dir(void) static void mce_reset(void) { cpu_missing = 0; @@ -13964,10 +14591,10 @@ index df5e41f..816c719 100644 extern int generic_get_free_region(unsigned long base, unsigned long size, int replace_reg); diff --git a/arch/x86/kernel/cpu/perf_event.c b/arch/x86/kernel/cpu/perf_event.c -index 2bda212..78cc605 100644 +index 5adce10..99284ec 100644 --- a/arch/x86/kernel/cpu/perf_event.c +++ b/arch/x86/kernel/cpu/perf_event.c -@@ -1529,7 +1529,7 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs) +@@ -1665,7 +1665,7 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs) break; perf_callchain_store(entry, frame.return_address); @@ -14028,7 +14655,7 @@ index 37250fe..bf2ec74 100644 .__cr3 = __pa_nodebug(swapper_pg_dir), diff --git a/arch/x86/kernel/dumpstack.c b/arch/x86/kernel/dumpstack.c -index 1aae78f..aab3a3d 100644 +index 4025fe4..d8451c6 100644 --- a/arch/x86/kernel/dumpstack.c +++ b/arch/x86/kernel/dumpstack.c @@ -2,6 +2,9 @@ @@ -14156,7 +14783,7 @@ index 1aae78f..aab3a3d 100644 } int __kprobes __die(const char *str, struct pt_regs *regs, long err) -@@ -269,7 +274,7 @@ int __kprobes __die(const char *str, struct pt_regs *regs, long err) +@@ -270,7 +275,7 @@ int __kprobes __die(const char *str, struct pt_regs *regs, long err) show_registers(regs); #ifdef CONFIG_X86_32 @@ -14165,7 +14792,7 @@ index 1aae78f..aab3a3d 100644 sp = regs->sp; ss = regs->ss & 0xffff; } else { -@@ -297,7 +302,7 @@ void die(const char *str, struct pt_regs *regs, long err) +@@ -298,7 +303,7 @@ void die(const char *str, struct pt_regs *regs, long err) unsigned long flags = oops_begin(); int sig = SIGSEGV; @@ -14258,7 +14885,7 @@ index c99f9ed..2a15d80 100644 +EXPORT_SYMBOL(pax_check_alloca); +#endif diff --git a/arch/x86/kernel/dumpstack_64.c b/arch/x86/kernel/dumpstack_64.c -index 6d728d9..279514e 100644 +index 17107bd..b2deecf 100644 --- a/arch/x86/kernel/dumpstack_64.c +++ b/arch/x86/kernel/dumpstack_64.c @@ -119,9 +119,9 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs, @@ -14364,7 +14991,7 @@ index 6d728d9..279514e 100644 +EXPORT_SYMBOL(pax_check_alloca); +#endif diff --git a/arch/x86/kernel/early_printk.c b/arch/x86/kernel/early_printk.c -index cd28a35..c72ed9a 100644 +index 9b9f18b..9fcaa04 100644 --- a/arch/x86/kernel/early_printk.c +++ b/arch/x86/kernel/early_printk.c @@ -7,6 +7,7 @@ @@ -14376,10 +15003,10 @@ index cd28a35..c72ed9a 100644 #include #include diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S -index f3f6f53..0841b66 100644 +index 7b784f4..db6b628 100644 --- a/arch/x86/kernel/entry_32.S +++ b/arch/x86/kernel/entry_32.S -@@ -186,13 +186,146 @@ +@@ -179,13 +179,146 @@ /*CFI_REL_OFFSET gs, PT_GS*/ .endm .macro SET_KERNEL_GS reg @@ -14527,7 +15154,7 @@ index f3f6f53..0841b66 100644 cld PUSH_GS pushl_cfi %fs -@@ -215,7 +348,7 @@ +@@ -208,7 +341,7 @@ CFI_REL_OFFSET ecx, 0 pushl_cfi %ebx CFI_REL_OFFSET ebx, 0 @@ -14536,7 +15163,7 @@ index f3f6f53..0841b66 100644 movl %edx, %ds movl %edx, %es movl $(__KERNEL_PERCPU), %edx -@@ -223,6 +356,15 @@ +@@ -216,6 +349,15 @@ SET_KERNEL_GS %edx .endm @@ -14552,7 +15179,7 @@ index f3f6f53..0841b66 100644 .macro RESTORE_INT_REGS popl_cfi %ebx CFI_RESTORE ebx -@@ -308,7 +450,7 @@ ENTRY(ret_from_fork) +@@ -301,7 +443,7 @@ ENTRY(ret_from_fork) popfl_cfi jmp syscall_exit CFI_ENDPROC @@ -14561,15 +15188,15 @@ index f3f6f53..0841b66 100644 /* * Interrupt exit functions should be protected against kprobes -@@ -333,7 +475,15 @@ check_userspace: - movb PT_CS(%esp), %al - andl $(X86_EFLAGS_VM | SEGMENT_RPL_MASK), %eax +@@ -335,7 +477,15 @@ resume_userspace_sig: + andl $SEGMENT_RPL_MASK, %eax + #endif cmpl $USER_RPL, %eax + +#ifdef CONFIG_PAX_KERNEXEC + jae resume_userspace + -+ PAX_EXIT_KERNEL ++ pax_exit_kernel + jmp resume_kernel +#else jb resume_kernel # not returning to v8086 or userspace @@ -14577,7 +15204,7 @@ index f3f6f53..0841b66 100644 ENTRY(resume_userspace) LOCKDEP_SYS_EXIT -@@ -345,8 +495,8 @@ ENTRY(resume_userspace) +@@ -347,8 +497,8 @@ ENTRY(resume_userspace) andl $_TIF_WORK_MASK, %ecx # is there any work to be done on # int/exception return? jne work_pending @@ -14588,7 +15215,7 @@ index f3f6f53..0841b66 100644 #ifdef CONFIG_PREEMPT ENTRY(resume_kernel) -@@ -361,7 +511,7 @@ need_resched: +@@ -363,7 +513,7 @@ need_resched: jz restore_all call preempt_schedule_irq jmp need_resched @@ -14597,7 +15224,7 @@ index f3f6f53..0841b66 100644 #endif CFI_ENDPROC /* -@@ -395,23 +545,34 @@ sysenter_past_esp: +@@ -397,23 +547,34 @@ sysenter_past_esp: /*CFI_REL_OFFSET cs, 0*/ /* * Push current_thread_info()->sysenter_return to the stack. @@ -14635,7 +15262,7 @@ index f3f6f53..0841b66 100644 movl %ebp,PT_EBP(%esp) .section __ex_table,"a" .align 4 -@@ -434,12 +595,24 @@ sysenter_do_call: +@@ -436,12 +597,24 @@ sysenter_do_call: testl $_TIF_ALLWORK_MASK, %ecx jne sysexit_audit sysenter_exit: @@ -14660,17 +15287,17 @@ index f3f6f53..0841b66 100644 PTGS_TO_GS ENABLE_INTERRUPTS_SYSEXIT -@@ -456,6 +629,9 @@ sysenter_audit: +@@ -458,6 +631,9 @@ sysenter_audit: movl %eax,%edx /* 2nd arg: syscall number */ movl $AUDIT_ARCH_I386,%eax /* 1st arg: audit arch */ - call audit_syscall_entry + call __audit_syscall_entry + + pax_erase_kstack + pushl_cfi %ebx movl PT_EAX(%esp),%eax /* reload syscall number */ jmp sysenter_do_call -@@ -482,11 +658,17 @@ sysexit_audit: +@@ -483,11 +659,17 @@ sysexit_audit: CFI_ENDPROC .pushsection .fixup,"ax" @@ -14690,7 +15317,7 @@ index f3f6f53..0841b66 100644 .popsection PTGS_TO_GS_EX ENDPROC(ia32_sysenter_target) -@@ -519,6 +701,15 @@ syscall_exit: +@@ -520,6 +702,15 @@ syscall_exit: testl $_TIF_ALLWORK_MASK, %ecx # current->work jne syscall_exit_work @@ -14706,7 +15333,7 @@ index f3f6f53..0841b66 100644 restore_all: TRACE_IRQS_IRET restore_all_notrace: -@@ -578,14 +769,34 @@ ldt_ss: +@@ -579,14 +770,34 @@ ldt_ss: * compensating for the offset by changing to the ESPFIX segment with * a base address that matches for the difference. */ @@ -14744,7 +15371,7 @@ index f3f6f53..0841b66 100644 pushl_cfi $__ESPFIX_SS pushl_cfi %eax /* new kernel esp */ /* Disable interrupts, but do not irqtrace this section: we -@@ -614,34 +825,28 @@ work_resched: +@@ -615,38 +826,30 @@ work_resched: movl TI_flags(%ebp), %ecx andl $_TIF_WORK_MASK, %ecx # is there any work to be done other # than syscall tracing? @@ -14762,6 +15389,8 @@ index f3f6f53..0841b66 100644 - jne work_notifysig_v86 # returning to kernel-space or + jz 1f # returning to kernel-space or # vm86-space +- TRACE_IRQS_ON +- ENABLE_INTERRUPTS(CLBR_NONE) - xorl %edx, %edx - call do_notify_resume - jmp resume_userspace_sig @@ -14776,6 +15405,8 @@ index f3f6f53..0841b66 100644 - movl %esp, %eax +1: #endif + TRACE_IRQS_ON + ENABLE_INTERRUPTS(CLBR_NONE) xorl %edx, %edx call do_notify_resume jmp resume_userspace_sig @@ -14784,7 +15415,7 @@ index f3f6f53..0841b66 100644 # perform syscall exit tracing ALIGN -@@ -649,11 +854,14 @@ syscall_trace_entry: +@@ -654,11 +857,14 @@ syscall_trace_entry: movl $-ENOSYS,PT_EAX(%esp) movl %esp, %eax call syscall_trace_enter @@ -14792,7 +15423,7 @@ index f3f6f53..0841b66 100644 + pax_erase_kstack + /* What it returned is what we'll actually use. */ - cmpl $(nr_syscalls), %eax + cmpl $(NR_syscalls), %eax jnae syscall_call jmp syscall_exit -END(syscall_trace_entry) @@ -14800,7 +15431,7 @@ index f3f6f53..0841b66 100644 # perform syscall exit tracing ALIGN -@@ -666,20 +874,24 @@ syscall_exit_work: +@@ -671,20 +877,24 @@ syscall_exit_work: movl %esp, %eax call syscall_trace_leave jmp resume_userspace @@ -14828,7 +15459,7 @@ index f3f6f53..0841b66 100644 CFI_ENDPROC /* * End of kprobes section -@@ -753,6 +965,36 @@ ptregs_clone: +@@ -756,6 +966,36 @@ ENTRY(ptregs_clone) CFI_ENDPROC ENDPROC(ptregs_clone) @@ -14865,7 +15496,7 @@ index f3f6f53..0841b66 100644 .macro FIXUP_ESPFIX_STACK /* * Switch back for ESPFIX stack to the normal zerobased stack -@@ -762,8 +1004,15 @@ ENDPROC(ptregs_clone) +@@ -765,8 +1005,15 @@ ENDPROC(ptregs_clone) * normal stack and adjusts ESP with the matching offset. */ /* fixup the stack */ @@ -14883,7 +15514,7 @@ index f3f6f53..0841b66 100644 shl $16, %eax addl %esp, %eax /* the adjusted stack pointer */ pushl_cfi $__KERNEL_DS -@@ -816,7 +1065,7 @@ vector=vector+1 +@@ -819,7 +1066,7 @@ vector=vector+1 .endr 2: jmp common_interrupt .endr @@ -14892,7 +15523,7 @@ index f3f6f53..0841b66 100644 .previous END(interrupt) -@@ -864,7 +1113,7 @@ ENTRY(coprocessor_error) +@@ -867,7 +1114,7 @@ ENTRY(coprocessor_error) pushl_cfi $do_coprocessor_error jmp error_code CFI_ENDPROC @@ -14901,7 +15532,7 @@ index f3f6f53..0841b66 100644 ENTRY(simd_coprocessor_error) RING0_INT_FRAME -@@ -885,7 +1134,7 @@ ENTRY(simd_coprocessor_error) +@@ -888,7 +1135,7 @@ ENTRY(simd_coprocessor_error) #endif jmp error_code CFI_ENDPROC @@ -14910,7 +15541,7 @@ index f3f6f53..0841b66 100644 ENTRY(device_not_available) RING0_INT_FRAME -@@ -893,7 +1142,7 @@ ENTRY(device_not_available) +@@ -896,7 +1143,7 @@ ENTRY(device_not_available) pushl_cfi $do_device_not_available jmp error_code CFI_ENDPROC @@ -14919,7 +15550,7 @@ index f3f6f53..0841b66 100644 #ifdef CONFIG_PARAVIRT ENTRY(native_iret) -@@ -902,12 +1151,12 @@ ENTRY(native_iret) +@@ -905,12 +1152,12 @@ ENTRY(native_iret) .align 4 .long native_iret, iret_exc .previous @@ -14934,7 +15565,7 @@ index f3f6f53..0841b66 100644 #endif ENTRY(overflow) -@@ -916,7 +1165,7 @@ ENTRY(overflow) +@@ -919,7 +1166,7 @@ ENTRY(overflow) pushl_cfi $do_overflow jmp error_code CFI_ENDPROC @@ -14943,7 +15574,7 @@ index f3f6f53..0841b66 100644 ENTRY(bounds) RING0_INT_FRAME -@@ -924,7 +1173,7 @@ ENTRY(bounds) +@@ -927,7 +1174,7 @@ ENTRY(bounds) pushl_cfi $do_bounds jmp error_code CFI_ENDPROC @@ -14952,7 +15583,7 @@ index f3f6f53..0841b66 100644 ENTRY(invalid_op) RING0_INT_FRAME -@@ -932,7 +1181,7 @@ ENTRY(invalid_op) +@@ -935,7 +1182,7 @@ ENTRY(invalid_op) pushl_cfi $do_invalid_op jmp error_code CFI_ENDPROC @@ -14961,7 +15592,7 @@ index f3f6f53..0841b66 100644 ENTRY(coprocessor_segment_overrun) RING0_INT_FRAME -@@ -940,35 +1189,35 @@ ENTRY(coprocessor_segment_overrun) +@@ -943,35 +1190,35 @@ ENTRY(coprocessor_segment_overrun) pushl_cfi $do_coprocessor_segment_overrun jmp error_code CFI_ENDPROC @@ -15002,7 +15633,7 @@ index f3f6f53..0841b66 100644 ENTRY(divide_error) RING0_INT_FRAME -@@ -976,7 +1225,7 @@ ENTRY(divide_error) +@@ -979,7 +1226,7 @@ ENTRY(divide_error) pushl_cfi $do_divide_error jmp error_code CFI_ENDPROC @@ -15011,7 +15642,7 @@ index f3f6f53..0841b66 100644 #ifdef CONFIG_X86_MCE ENTRY(machine_check) -@@ -985,7 +1234,7 @@ ENTRY(machine_check) +@@ -988,7 +1235,7 @@ ENTRY(machine_check) pushl_cfi machine_check_vector jmp error_code CFI_ENDPROC @@ -15020,7 +15651,7 @@ index f3f6f53..0841b66 100644 #endif ENTRY(spurious_interrupt_bug) -@@ -994,7 +1243,7 @@ ENTRY(spurious_interrupt_bug) +@@ -997,7 +1244,7 @@ ENTRY(spurious_interrupt_bug) pushl_cfi $do_spurious_interrupt_bug jmp error_code CFI_ENDPROC @@ -15029,7 +15660,7 @@ index f3f6f53..0841b66 100644 /* * End of kprobes section */ -@@ -1109,7 +1358,7 @@ BUILD_INTERRUPT3(xen_hvm_callback_vector, XEN_HVM_EVTCHN_CALLBACK, +@@ -1112,7 +1359,7 @@ BUILD_INTERRUPT3(xen_hvm_callback_vector, XEN_HVM_EVTCHN_CALLBACK, ENTRY(mcount) ret @@ -15038,7 +15669,7 @@ index f3f6f53..0841b66 100644 ENTRY(ftrace_caller) cmpl $0, function_trace_stop -@@ -1138,7 +1387,7 @@ ftrace_graph_call: +@@ -1141,7 +1388,7 @@ ftrace_graph_call: .globl ftrace_stub ftrace_stub: ret @@ -15047,7 +15678,7 @@ index f3f6f53..0841b66 100644 #else /* ! CONFIG_DYNAMIC_FTRACE */ -@@ -1174,7 +1423,7 @@ trace: +@@ -1177,7 +1424,7 @@ trace: popl %ecx popl %eax jmp ftrace_stub @@ -15056,7 +15687,7 @@ index f3f6f53..0841b66 100644 #endif /* CONFIG_DYNAMIC_FTRACE */ #endif /* CONFIG_FUNCTION_TRACER */ -@@ -1195,7 +1444,7 @@ ENTRY(ftrace_graph_caller) +@@ -1198,7 +1445,7 @@ ENTRY(ftrace_graph_caller) popl %ecx popl %eax ret @@ -15065,15 +15696,7 @@ index f3f6f53..0841b66 100644 .globl return_to_handler return_to_handler: -@@ -1209,7 +1458,6 @@ return_to_handler: - jmp *%ecx - #endif - --.section .rodata,"a" - #include "syscall_table_32.S" - - syscall_table_size=(.-sys_call_table) -@@ -1255,15 +1503,18 @@ error_code: +@@ -1253,15 +1500,18 @@ error_code: movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart REG_TO_PTGS %ecx SET_KERNEL_GS %ecx @@ -15094,7 +15717,7 @@ index f3f6f53..0841b66 100644 /* * Debug traps and NMI can happen at the one SYSENTER instruction -@@ -1305,7 +1556,7 @@ debug_stack_correct: +@@ -1303,7 +1553,7 @@ debug_stack_correct: call do_debug jmp ret_from_exception CFI_ENDPROC @@ -15103,7 +15726,7 @@ index f3f6f53..0841b66 100644 /* * NMI is doubly nasty. It can happen _while_ we're handling -@@ -1342,6 +1593,9 @@ nmi_stack_correct: +@@ -1340,6 +1590,9 @@ nmi_stack_correct: xorl %edx,%edx # zero error code movl %esp,%eax # pt_regs pointer call do_nmi @@ -15113,7 +15736,7 @@ index f3f6f53..0841b66 100644 jmp restore_all_notrace CFI_ENDPROC -@@ -1378,12 +1632,15 @@ nmi_espfix_stack: +@@ -1376,12 +1629,15 @@ nmi_espfix_stack: FIXUP_ESPFIX_STACK # %eax == %esp xorl %edx,%edx # zero error code call do_nmi @@ -15130,7 +15753,7 @@ index f3f6f53..0841b66 100644 ENTRY(int3) RING0_INT_FRAME -@@ -1395,14 +1652,14 @@ ENTRY(int3) +@@ -1393,14 +1649,14 @@ ENTRY(int3) call do_int3 jmp ret_from_exception CFI_ENDPROC @@ -15147,7 +15770,7 @@ index f3f6f53..0841b66 100644 #ifdef CONFIG_KVM_GUEST ENTRY(async_page_fault) -@@ -1410,7 +1667,7 @@ ENTRY(async_page_fault) +@@ -1408,7 +1664,7 @@ ENTRY(async_page_fault) pushl_cfi $do_async_page_fault jmp error_code CFI_ENDPROC @@ -15157,19 +15780,19 @@ index f3f6f53..0841b66 100644 /* diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S -index faf8d5e..4f16a68 100644 +index 1333d98..b340ca2 100644 --- a/arch/x86/kernel/entry_64.S +++ b/arch/x86/kernel/entry_64.S -@@ -55,6 +55,8 @@ - #include +@@ -56,6 +56,8 @@ #include #include + #include +#include +#include /* Avoid __ASSEMBLER__'ifying just for this. */ #include -@@ -68,8 +70,9 @@ +@@ -69,8 +71,9 @@ #ifdef CONFIG_FUNCTION_TRACER #ifdef CONFIG_DYNAMIC_FTRACE ENTRY(mcount) @@ -15180,7 +15803,7 @@ index faf8d5e..4f16a68 100644 ENTRY(ftrace_caller) cmpl $0, function_trace_stop -@@ -92,8 +95,9 @@ GLOBAL(ftrace_graph_call) +@@ -93,8 +96,9 @@ GLOBAL(ftrace_graph_call) #endif GLOBAL(ftrace_stub) @@ -15191,7 +15814,7 @@ index faf8d5e..4f16a68 100644 #else /* ! CONFIG_DYNAMIC_FTRACE */ ENTRY(mcount) -@@ -112,6 +116,7 @@ ENTRY(mcount) +@@ -113,6 +117,7 @@ ENTRY(mcount) #endif GLOBAL(ftrace_stub) @@ -15199,7 +15822,7 @@ index faf8d5e..4f16a68 100644 retq trace: -@@ -121,12 +126,13 @@ trace: +@@ -122,12 +127,13 @@ trace: movq 8(%rbp), %rsi subq $MCOUNT_INSN_SIZE, %rdi @@ -15214,7 +15837,7 @@ index faf8d5e..4f16a68 100644 #endif /* CONFIG_DYNAMIC_FTRACE */ #endif /* CONFIG_FUNCTION_TRACER */ -@@ -146,8 +152,9 @@ ENTRY(ftrace_graph_caller) +@@ -147,8 +153,9 @@ ENTRY(ftrace_graph_caller) MCOUNT_RESTORE_FRAME @@ -15225,7 +15848,7 @@ index faf8d5e..4f16a68 100644 GLOBAL(return_to_handler) subq $24, %rsp -@@ -163,6 +170,7 @@ GLOBAL(return_to_handler) +@@ -164,6 +171,7 @@ GLOBAL(return_to_handler) movq 8(%rsp), %rdx movq (%rsp), %rax addq $24, %rsp @@ -15233,7 +15856,7 @@ index faf8d5e..4f16a68 100644 jmp *%rdi #endif -@@ -178,6 +186,282 @@ ENTRY(native_usergs_sysret64) +@@ -179,6 +187,282 @@ ENTRY(native_usergs_sysret64) ENDPROC(native_usergs_sysret64) #endif /* CONFIG_PARAVIRT */ @@ -15516,7 +16139,7 @@ index faf8d5e..4f16a68 100644 .macro TRACE_IRQS_IRETQ offset=ARGOFFSET #ifdef CONFIG_TRACE_IRQFLAGS -@@ -231,8 +515,8 @@ ENDPROC(native_usergs_sysret64) +@@ -232,8 +516,8 @@ ENDPROC(native_usergs_sysret64) .endm .macro UNFAKE_STACK_FRAME @@ -15527,7 +16150,7 @@ index faf8d5e..4f16a68 100644 .endm /* -@@ -319,7 +603,7 @@ ENDPROC(native_usergs_sysret64) +@@ -320,7 +604,7 @@ ENDPROC(native_usergs_sysret64) movq %rsp, %rsi leaq -RBP(%rsp),%rdi /* arg1 for handler */ @@ -15536,7 +16159,7 @@ index faf8d5e..4f16a68 100644 je 1f SWAPGS /* -@@ -355,9 +639,10 @@ ENTRY(save_rest) +@@ -356,9 +640,10 @@ ENTRY(save_rest) movq_cfi r15, R15+16 movq %r11, 8(%rsp) /* return address */ FIXUP_TOP_OF_STACK %r11, 16 @@ -15548,7 +16171,7 @@ index faf8d5e..4f16a68 100644 /* save complete stack frame */ .pushsection .kprobes.text, "ax" -@@ -386,9 +671,10 @@ ENTRY(save_paranoid) +@@ -387,9 +672,10 @@ ENTRY(save_paranoid) js 1f /* negative -> in kernel */ SWAPGS xorl %ebx,%ebx @@ -15561,16 +16184,16 @@ index faf8d5e..4f16a68 100644 .popsection /* -@@ -410,7 +696,7 @@ ENTRY(ret_from_fork) +@@ -411,7 +697,7 @@ ENTRY(ret_from_fork) RESTORE_REST - testl $3, CS-ARGOFFSET(%rsp) # from kernel_thread? + testb $3, CS-ARGOFFSET(%rsp) # from kernel_thread? - je int_ret_from_sys_call + jz retint_restore_args testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET -@@ -420,7 +706,7 @@ ENTRY(ret_from_fork) +@@ -421,7 +707,7 @@ ENTRY(ret_from_fork) jmp ret_from_sys_call # go to the SYSRET fastpath CFI_ENDPROC @@ -15579,7 +16202,7 @@ index faf8d5e..4f16a68 100644 /* * System call entry. Up to 6 arguments in registers are supported. -@@ -456,7 +742,7 @@ END(ret_from_fork) +@@ -457,7 +743,7 @@ END(ret_from_fork) ENTRY(system_call) CFI_STARTPROC simple CFI_SIGNAL_FRAME @@ -15588,7 +16211,7 @@ index faf8d5e..4f16a68 100644 CFI_REGISTER rip,rcx /*CFI_REGISTER rflags,r11*/ SWAPGS_UNSAFE_STACK -@@ -469,12 +755,13 @@ ENTRY(system_call_after_swapgs) +@@ -470,21 +756,23 @@ GLOBAL(system_call_after_swapgs) movq %rsp,PER_CPU_VAR(old_rsp) movq PER_CPU_VAR(kernel_stack),%rsp @@ -15603,7 +16226,10 @@ index faf8d5e..4f16a68 100644 movq %rax,ORIG_RAX-ARGOFFSET(%rsp) movq %rcx,RIP-ARGOFFSET(%rsp) CFI_REL_OFFSET rip,RIP-ARGOFFSET -@@ -484,7 +771,7 @@ ENTRY(system_call_after_swapgs) +- testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET) ++ GET_THREAD_INFO(%rcx) ++ testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%rcx) + jnz tracesys system_call_fastpath: cmpq $__NR_syscall_max,%rax ja badsys @@ -15612,7 +16238,13 @@ index faf8d5e..4f16a68 100644 call *sys_call_table(,%rax,8) # XXX: rip relative movq %rax,RAX-ARGOFFSET(%rsp) /* -@@ -503,6 +790,8 @@ sysret_check: +@@ -498,10 +786,13 @@ sysret_check: + LOCKDEP_SYS_EXIT + DISABLE_INTERRUPTS(CLBR_NONE) + TRACE_IRQS_OFF +- movl TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET),%edx ++ GET_THREAD_INFO(%rcx) ++ movl TI_flags(%rcx),%edx andl %edi,%edx jnz sysret_careful CFI_REMEMBER_STATE @@ -15621,7 +16253,7 @@ index faf8d5e..4f16a68 100644 /* * sysretq will re-enable interrupts: */ -@@ -554,14 +843,18 @@ badsys: +@@ -553,14 +844,18 @@ badsys: * jump back to the normal fast path. */ auditsys: @@ -15632,7 +16264,7 @@ index faf8d5e..4f16a68 100644 movq %rdi,%rdx /* 3rd arg: 1st syscall arg */ movq %rax,%rsi /* 2nd arg: syscall number */ movl $AUDIT_ARCH_X86_64,%edi /* 1st arg: audit arch */ - call audit_syscall_entry + call __audit_syscall_entry + + pax_erase_kstack + @@ -15641,7 +16273,16 @@ index faf8d5e..4f16a68 100644 jmp system_call_fastpath /* -@@ -591,16 +884,20 @@ tracesys: +@@ -581,7 +876,7 @@ sysret_audit: + /* Do syscall tracing */ + tracesys: + #ifdef CONFIG_AUDITSYSCALL +- testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET) ++ testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags(%rcx) + jz auditsys + #endif + SAVE_REST +@@ -589,16 +884,20 @@ tracesys: FIXUP_TOP_OF_STACK %rdi movq %rsp,%rdi call syscall_trace_enter @@ -15663,16 +16304,7 @@ index faf8d5e..4f16a68 100644 call *sys_call_table(,%rax,8) movq %rax,RAX-ARGOFFSET(%rsp) /* Use IRET because user could have changed frame */ -@@ -612,7 +909,7 @@ tracesys: - GLOBAL(int_ret_from_sys_call) - DISABLE_INTERRUPTS(CLBR_NONE) - TRACE_IRQS_OFF -- testl $3,CS-ARGOFFSET(%rsp) -+ testb $3,CS-ARGOFFSET(%rsp) - je retint_restore_args - movl $_TIF_ALLWORK_MASK,%edi - /* edi: mask to check */ -@@ -623,6 +920,7 @@ GLOBAL(int_with_check) +@@ -619,6 +918,7 @@ GLOBAL(int_with_check) andl %edi,%edx jnz int_careful andl $~TS_COMPAT,TI_status(%rcx) @@ -15680,7 +16312,7 @@ index faf8d5e..4f16a68 100644 jmp retint_swapgs /* Either reschedule or signal or syscall exit tracking needed. */ -@@ -669,7 +967,7 @@ int_restore_rest: +@@ -665,7 +965,7 @@ int_restore_rest: TRACE_IRQS_OFF jmp int_with_check CFI_ENDPROC @@ -15689,7 +16321,7 @@ index faf8d5e..4f16a68 100644 /* * Certain special system calls that need to save a complete full stack frame. -@@ -685,7 +983,7 @@ ENTRY(\label) +@@ -681,7 +981,7 @@ ENTRY(\label) call \func jmp ptregscall_common CFI_ENDPROC @@ -15698,7 +16330,7 @@ index faf8d5e..4f16a68 100644 .endm PTREGSCALL stub_clone, sys_clone, %r8 -@@ -703,9 +1001,10 @@ ENTRY(ptregscall_common) +@@ -699,9 +999,10 @@ ENTRY(ptregscall_common) movq_cfi_restore R12+8, r12 movq_cfi_restore RBP+8, rbp movq_cfi_restore RBX+8, rbx @@ -15710,7 +16342,7 @@ index faf8d5e..4f16a68 100644 ENTRY(stub_execve) CFI_STARTPROC -@@ -720,7 +1019,7 @@ ENTRY(stub_execve) +@@ -716,7 +1017,7 @@ ENTRY(stub_execve) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -15719,7 +16351,7 @@ index faf8d5e..4f16a68 100644 /* * sigreturn is special because it needs to restore all registers on return. -@@ -738,7 +1037,7 @@ ENTRY(stub_rt_sigreturn) +@@ -734,7 +1035,7 @@ ENTRY(stub_rt_sigreturn) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -15728,7 +16360,7 @@ index faf8d5e..4f16a68 100644 /* * Build the entry stubs and pointer table with some assembler magic. -@@ -773,7 +1072,7 @@ vector=vector+1 +@@ -769,7 +1070,7 @@ vector=vector+1 2: jmp common_interrupt .endr CFI_ENDPROC @@ -15737,7 +16369,7 @@ index faf8d5e..4f16a68 100644 .previous END(interrupt) -@@ -793,6 +1092,16 @@ END(interrupt) +@@ -789,6 +1090,16 @@ END(interrupt) subq $ORIG_RAX-RBP, %rsp CFI_ADJUST_CFA_OFFSET ORIG_RAX-RBP SAVE_ARGS_IRQ @@ -15754,7 +16386,7 @@ index faf8d5e..4f16a68 100644 call \func .endm -@@ -824,7 +1133,7 @@ ret_from_intr: +@@ -820,7 +1131,7 @@ ret_from_intr: exit_intr: GET_THREAD_INFO(%rcx) @@ -15763,7 +16395,7 @@ index faf8d5e..4f16a68 100644 je retint_kernel /* Interrupt came from user space */ -@@ -846,12 +1155,15 @@ retint_swapgs: /* return to user-space */ +@@ -842,12 +1153,15 @@ retint_swapgs: /* return to user-space */ * The iretq could re-enable interrupts: */ DISABLE_INTERRUPTS(CLBR_ANY) @@ -15779,7 +16411,7 @@ index faf8d5e..4f16a68 100644 /* * The iretq could re-enable interrupts: */ -@@ -940,7 +1252,7 @@ ENTRY(retint_kernel) +@@ -936,7 +1250,7 @@ ENTRY(retint_kernel) #endif CFI_ENDPROC @@ -15788,7 +16420,7 @@ index faf8d5e..4f16a68 100644 /* * End of kprobes section */ -@@ -956,7 +1268,7 @@ ENTRY(\sym) +@@ -953,7 +1267,7 @@ ENTRY(\sym) interrupt \do_sym jmp ret_from_intr CFI_ENDPROC @@ -15797,7 +16429,7 @@ index faf8d5e..4f16a68 100644 .endm #ifdef CONFIG_SMP -@@ -1021,12 +1333,22 @@ ENTRY(\sym) +@@ -1026,12 +1340,22 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call error_entry DEFAULT_FRAME 0 @@ -15821,7 +16453,7 @@ index faf8d5e..4f16a68 100644 .endm .macro paranoidzeroentry sym do_sym -@@ -1038,15 +1360,25 @@ ENTRY(\sym) +@@ -1043,15 +1367,25 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid TRACE_IRQS_OFF @@ -15849,7 +16481,7 @@ index faf8d5e..4f16a68 100644 .macro paranoidzeroentry_ist sym do_sym ist ENTRY(\sym) INTR_FRAME -@@ -1056,14 +1388,30 @@ ENTRY(\sym) +@@ -1061,14 +1395,30 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid TRACE_IRQS_OFF @@ -15881,7 +16513,7 @@ index faf8d5e..4f16a68 100644 .endm .macro errorentry sym do_sym -@@ -1074,13 +1422,23 @@ ENTRY(\sym) +@@ -1079,13 +1429,23 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call error_entry DEFAULT_FRAME 0 @@ -15906,7 +16538,7 @@ index faf8d5e..4f16a68 100644 .endm /* error code is on the stack already */ -@@ -1093,13 +1451,23 @@ ENTRY(\sym) +@@ -1098,13 +1458,23 @@ ENTRY(\sym) call save_paranoid DEFAULT_FRAME 0 TRACE_IRQS_OFF @@ -15931,7 +16563,7 @@ index faf8d5e..4f16a68 100644 .endm zeroentry divide_error do_divide_error -@@ -1129,9 +1497,10 @@ gs_change: +@@ -1134,9 +1504,10 @@ gs_change: 2: mfence /* workaround */ SWAPGS popfq_cfi @@ -15943,7 +16575,7 @@ index faf8d5e..4f16a68 100644 .section __ex_table,"a" .align 8 -@@ -1153,13 +1522,14 @@ ENTRY(kernel_thread_helper) +@@ -1158,13 +1529,14 @@ ENTRY(kernel_thread_helper) * Here we are in the child and the registers are set as they were * at kernel_thread() invocation in the parent. */ @@ -15959,7 +16591,7 @@ index faf8d5e..4f16a68 100644 /* * execve(). This function needs to use IRET, not SYSRET, to set up all state properly. -@@ -1186,11 +1556,11 @@ ENTRY(kernel_execve) +@@ -1191,11 +1563,11 @@ ENTRY(kernel_execve) RESTORE_REST testq %rax,%rax je int_ret_from_sys_call @@ -15973,7 +16605,7 @@ index faf8d5e..4f16a68 100644 /* Call softirq on interrupt stack. Interrupts are off. */ ENTRY(call_softirq) -@@ -1208,9 +1578,10 @@ ENTRY(call_softirq) +@@ -1213,9 +1585,10 @@ ENTRY(call_softirq) CFI_DEF_CFA_REGISTER rsp CFI_ADJUST_CFA_OFFSET -8 decl PER_CPU_VAR(irq_count) @@ -15985,7 +16617,7 @@ index faf8d5e..4f16a68 100644 #ifdef CONFIG_XEN zeroentry xen_hypervisor_callback xen_do_hypervisor_callback -@@ -1248,7 +1619,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) +@@ -1253,7 +1626,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) decl PER_CPU_VAR(irq_count) jmp error_exit CFI_ENDPROC @@ -15994,7 +16626,7 @@ index faf8d5e..4f16a68 100644 /* * Hypervisor uses this for application faults while it executes. -@@ -1307,7 +1678,7 @@ ENTRY(xen_failsafe_callback) +@@ -1312,7 +1685,7 @@ ENTRY(xen_failsafe_callback) SAVE_ALL jmp error_exit CFI_ENDPROC @@ -16003,7 +16635,7 @@ index faf8d5e..4f16a68 100644 apicinterrupt XEN_HVM_EVTCHN_CALLBACK \ xen_hvm_callback_vector xen_evtchn_do_upcall -@@ -1356,16 +1727,31 @@ ENTRY(paranoid_exit) +@@ -1361,16 +1734,31 @@ ENTRY(paranoid_exit) TRACE_IRQS_OFF testl %ebx,%ebx /* swapgs needed? */ jnz paranoid_restore @@ -16036,7 +16668,7 @@ index faf8d5e..4f16a68 100644 jmp irq_return paranoid_userspace: GET_THREAD_INFO(%rcx) -@@ -1394,7 +1780,7 @@ paranoid_schedule: +@@ -1399,7 +1787,7 @@ paranoid_schedule: TRACE_IRQS_OFF jmp paranoid_userspace CFI_ENDPROC @@ -16045,7 +16677,7 @@ index faf8d5e..4f16a68 100644 /* * Exception entry point. This expects an error code/orig_rax on the stack. -@@ -1421,12 +1807,13 @@ ENTRY(error_entry) +@@ -1426,12 +1814,13 @@ ENTRY(error_entry) movq_cfi r14, R14+8 movq_cfi r15, R15+8 xorl %ebx,%ebx @@ -16060,7 +16692,7 @@ index faf8d5e..4f16a68 100644 ret /* -@@ -1453,7 +1840,7 @@ bstep_iret: +@@ -1458,7 +1847,7 @@ bstep_iret: movq %rcx,RIP+8(%rsp) jmp error_swapgs CFI_ENDPROC @@ -16069,17 +16701,30 @@ index faf8d5e..4f16a68 100644 /* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */ -@@ -1473,7 +1860,7 @@ ENTRY(error_exit) +@@ -1478,7 +1867,7 @@ ENTRY(error_exit) jnz retint_careful jmp retint_swapgs CFI_ENDPROC -END(error_exit) +ENDPROC(error_exit) - - /* runs on exception stack */ -@@ -1485,6 +1872,16 @@ ENTRY(nmi) - CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 + /* + * Test if a given stack is an NMI stack or not. +@@ -1535,9 +1924,11 @@ ENTRY(nmi) + * If %cs was not the kernel segment, then the NMI triggered in user + * space, which means it is definitely not nested. + */ ++ cmpl $__KERNEXEC_KERNEL_CS, 16(%rsp) ++ je 1f + cmpl $__KERNEL_CS, 16(%rsp) + jne first_nmi +- ++1: + /* + * Check the special variable on the stack to see if NMIs are + * executing. +@@ -1659,6 +2050,16 @@ restart_nmi: + */ call save_paranoid DEFAULT_FRAME 0 +#ifdef CONFIG_PAX_MEMORY_UDEREF @@ -16095,20 +16740,9 @@ index faf8d5e..4f16a68 100644 /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ movq %rsp,%rdi movq $-1,%rsi -@@ -1495,12 +1892,28 @@ ENTRY(nmi) - DISABLE_INTERRUPTS(CLBR_NONE) +@@ -1666,14 +2067,25 @@ restart_nmi: testl %ebx,%ebx /* swapgs needed? */ jnz nmi_restore -- testl $3,CS(%rsp) -+ testb $3,CS(%rsp) - jnz nmi_userspace -+#ifdef CONFIG_PAX_MEMORY_UDEREF -+ pax_exit_kernel -+ SWAPGS_UNSAFE_STACK -+ RESTORE_ALL 8 -+ pax_force_retaddr_bts -+ jmp irq_return -+#endif nmi_swapgs: +#ifdef CONFIG_PAX_MEMORY_UDEREF + pax_exit_kernel_user @@ -16117,23 +16751,23 @@ index faf8d5e..4f16a68 100644 +#endif SWAPGS_UNSAFE_STACK + RESTORE_ALL 8 ++ /* Clear the NMI executing stack variable */ ++ movq $0, 10*8(%rsp) + jmp irq_return nmi_restore: + pax_exit_kernel RESTORE_ALL 8 + pax_force_retaddr_bts + /* Clear the NMI executing stack variable */ + movq $0, 10*8(%rsp) jmp irq_return - nmi_userspace: - GET_THREAD_INFO(%rcx) -@@ -1529,14 +1942,14 @@ nmi_schedule: - jmp paranoid_exit CFI_ENDPROC - #endif -END(nmi) +ENDPROC(nmi) - ENTRY(ignore_sysret) - CFI_STARTPROC + /* + * If an NMI hit an iret because of an exception or breakpoint, +@@ -1700,7 +2112,7 @@ ENTRY(ignore_sysret) mov $-ENOSYS,%eax sysret CFI_ENDPROC @@ -16204,7 +16838,7 @@ index c9a281f..ce2f317 100644 return -EFAULT; diff --git a/arch/x86/kernel/head32.c b/arch/x86/kernel/head32.c -index 3bb0850..55a56f4 100644 +index 51ff186..9e77418 100644 --- a/arch/x86/kernel/head32.c +++ b/arch/x86/kernel/head32.c @@ -19,6 +19,7 @@ @@ -16215,12 +16849,13 @@ index 3bb0850..55a56f4 100644 static void __init i386_default_early_setup(void) { -@@ -33,7 +34,7 @@ void __init i386_start_kernel(void) - { - memblock_init(); +@@ -31,8 +32,7 @@ static void __init i386_default_early_setup(void) -- memblock_x86_reserve_range(__pa_symbol(&_text), __pa_symbol(&__bss_stop), "TEXT DATA BSS"); -+ memblock_x86_reserve_range(LOAD_PHYSICAL_ADDR, __pa_symbol(&__bss_stop), "TEXT DATA BSS"); + void __init i386_start_kernel(void) + { +- memblock_reserve(__pa_symbol(&_text), +- __pa_symbol(&__bss_stop) - __pa_symbol(&_text)); ++ memblock_reserve(LOAD_PHYSICAL_ADDR, __pa_symbol(&__bss_stop) - LOAD_PHYSICAL_ADDR); #ifdef CONFIG_BLK_DEV_INITRD /* Reserve INITRD */ @@ -16663,7 +17298,7 @@ index ce0be7c..c41476e 100644 + .fill PAGE_SIZE_asm - GDT_SIZE,1,0 + .endr diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S -index e11e394..9aebc5d 100644 +index 40f4eb3..6d24d9d 100644 --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S @@ -19,6 +19,8 @@ @@ -16889,7 +17524,7 @@ index e11e394..9aebc5d 100644 NEXT_PAGE(level2_kernel_pgt) /* -@@ -389,33 +429,55 @@ NEXT_PAGE(level2_kernel_pgt) +@@ -389,37 +429,59 @@ NEXT_PAGE(level2_kernel_pgt) * If you want to increase this then increase MODULES_VADDR * too.) */ @@ -16951,6 +17586,11 @@ index e11e394..9aebc5d 100644 .align L1_CACHE_BYTES ENTRY(idt_table) - .skip IDT_ENTRIES * 16 ++ .fill 512,8,0 + + .align L1_CACHE_BYTES + ENTRY(nmi_idt_table) +- .skip IDT_ENTRIES * 16 + .fill 512,8,0 __PAGE_ALIGNED_BSS @@ -16981,10 +17621,10 @@ index 9c3bd4a..e1d9b35 100644 +EXPORT_SYMBOL(__LOAD_PHYSICAL_ADDR); +#endif diff --git a/arch/x86/kernel/i387.c b/arch/x86/kernel/i387.c -index 739d859..d1d6be7 100644 +index f239f30..aab2a58 100644 --- a/arch/x86/kernel/i387.c +++ b/arch/x86/kernel/i387.c -@@ -188,6 +188,9 @@ int xfpregs_active(struct task_struct *target, const struct user_regset *regset) +@@ -189,6 +189,9 @@ int xfpregs_active(struct task_struct *target, const struct user_regset *regset) int xfpregs_get(struct task_struct *target, const struct user_regset *regset, unsigned int pos, unsigned int count, @@ -16994,7 +17634,7 @@ index 739d859..d1d6be7 100644 void *kbuf, void __user *ubuf) { int ret; -@@ -207,6 +210,9 @@ int xfpregs_get(struct task_struct *target, const struct user_regset *regset, +@@ -208,6 +211,9 @@ int xfpregs_get(struct task_struct *target, const struct user_regset *regset, int xfpregs_set(struct task_struct *target, const struct user_regset *regset, unsigned int pos, unsigned int count, @@ -17004,7 +17644,7 @@ index 739d859..d1d6be7 100644 const void *kbuf, const void __user *ubuf) { int ret; -@@ -240,6 +246,9 @@ int xfpregs_set(struct task_struct *target, const struct user_regset *regset, +@@ -241,6 +247,9 @@ int xfpregs_set(struct task_struct *target, const struct user_regset *regset, int xstateregs_get(struct task_struct *target, const struct user_regset *regset, unsigned int pos, unsigned int count, @@ -17014,7 +17654,7 @@ index 739d859..d1d6be7 100644 void *kbuf, void __user *ubuf) { int ret; -@@ -269,6 +278,9 @@ int xstateregs_get(struct task_struct *target, const struct user_regset *regset, +@@ -270,6 +279,9 @@ int xstateregs_get(struct task_struct *target, const struct user_regset *regset, int xstateregs_set(struct task_struct *target, const struct user_regset *regset, unsigned int pos, unsigned int count, @@ -17024,7 +17664,7 @@ index 739d859..d1d6be7 100644 const void *kbuf, const void __user *ubuf) { int ret; -@@ -439,6 +451,9 @@ static void convert_to_fxsr(struct task_struct *tsk, +@@ -440,6 +452,9 @@ static void convert_to_fxsr(struct task_struct *tsk, int fpregs_get(struct task_struct *target, const struct user_regset *regset, unsigned int pos, unsigned int count, @@ -17034,7 +17674,7 @@ index 739d859..d1d6be7 100644 void *kbuf, void __user *ubuf) { struct user_i387_ia32_struct env; -@@ -471,6 +486,9 @@ int fpregs_get(struct task_struct *target, const struct user_regset *regset, +@@ -472,6 +487,9 @@ int fpregs_get(struct task_struct *target, const struct user_regset *regset, int fpregs_set(struct task_struct *target, const struct user_regset *regset, unsigned int pos, unsigned int count, @@ -17044,7 +17684,7 @@ index 739d859..d1d6be7 100644 const void *kbuf, const void __user *ubuf) { struct user_i387_ia32_struct env; -@@ -619,6 +637,8 @@ static inline int restore_i387_fsave(struct _fpstate_ia32 __user *buf) +@@ -620,6 +638,8 @@ static inline int restore_i387_fsave(struct _fpstate_ia32 __user *buf) } static int restore_i387_fxsave(struct _fpstate_ia32 __user *buf, @@ -17136,7 +17776,7 @@ index 8c96897..be66bfa 100644 return -EPERM; } diff --git a/arch/x86/kernel/irq.c b/arch/x86/kernel/irq.c -index 429e0c9..17b3ece 100644 +index 7943e0c..dd32c5c 100644 --- a/arch/x86/kernel/irq.c +++ b/arch/x86/kernel/irq.c @@ -18,7 +18,7 @@ @@ -17148,7 +17788,7 @@ index 429e0c9..17b3ece 100644 /* Function pointer for generic interrupt vector handling */ void (*x86_platform_ipi_callback)(void) = NULL; -@@ -117,9 +117,9 @@ int arch_show_interrupts(struct seq_file *p, int prec) +@@ -121,9 +121,9 @@ int arch_show_interrupts(struct seq_file *p, int prec) seq_printf(p, "%10u ", per_cpu(mce_poll_count, j)); seq_printf(p, " Machine check polls\n"); #endif @@ -17160,7 +17800,7 @@ index 429e0c9..17b3ece 100644 #endif return 0; } -@@ -159,10 +159,10 @@ u64 arch_irq_stat_cpu(unsigned int cpu) +@@ -164,10 +164,10 @@ u64 arch_irq_stat_cpu(unsigned int cpu) u64 arch_irq_stat(void) { @@ -17174,10 +17814,10 @@ index 429e0c9..17b3ece 100644 return sum; } diff --git a/arch/x86/kernel/irq_32.c b/arch/x86/kernel/irq_32.c -index 7209070..cbcd71a 100644 +index 40fc861..9b8739b 100644 --- a/arch/x86/kernel/irq_32.c +++ b/arch/x86/kernel/irq_32.c -@@ -36,7 +36,7 @@ static int check_stack_overflow(void) +@@ -39,7 +39,7 @@ static int check_stack_overflow(void) __asm__ __volatile__("andl %%esp,%0" : "=r" (sp) : "0" (THREAD_SIZE - 1)); @@ -17186,7 +17826,7 @@ index 7209070..cbcd71a 100644 } static void print_stack_overflow(void) -@@ -54,8 +54,8 @@ static inline void print_stack_overflow(void) { } +@@ -59,8 +59,8 @@ static inline void print_stack_overflow(void) { } * per-CPU IRQ handling contexts (thread information and stack) */ union irq_ctx { @@ -17197,7 +17837,7 @@ index 7209070..cbcd71a 100644 } __attribute__((aligned(THREAD_SIZE))); static DEFINE_PER_CPU(union irq_ctx *, hardirq_ctx); -@@ -75,10 +75,9 @@ static void call_on_stack(void *func, void *stack) +@@ -80,10 +80,9 @@ static void call_on_stack(void *func, void *stack) static inline int execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq) { @@ -17209,7 +17849,7 @@ index 7209070..cbcd71a 100644 irqctx = __this_cpu_read(hardirq_ctx); /* -@@ -87,21 +86,16 @@ execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq) +@@ -92,21 +91,16 @@ execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq) * handler) we can't do that and just have to keep using the * current stack (which is the irq stack already after all) */ @@ -17237,7 +17877,7 @@ index 7209070..cbcd71a 100644 if (unlikely(overflow)) call_on_stack(print_stack_overflow, isp); -@@ -113,6 +107,11 @@ execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq) +@@ -118,6 +112,11 @@ execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq) : "0" (irq), "1" (desc), "2" (isp), "D" (desc->handle_irq) : "memory", "cc", "ecx"); @@ -17249,7 +17889,7 @@ index 7209070..cbcd71a 100644 return 1; } -@@ -121,29 +120,11 @@ execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq) +@@ -126,29 +125,11 @@ execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq) */ void __cpuinit irq_ctx_init(int cpu) { @@ -17281,7 +17921,7 @@ index 7209070..cbcd71a 100644 printk(KERN_DEBUG "CPU %u irqstacks, hard=%p soft=%p\n", cpu, per_cpu(hardirq_ctx, cpu), per_cpu(softirq_ctx, cpu)); -@@ -152,7 +133,6 @@ void __cpuinit irq_ctx_init(int cpu) +@@ -157,7 +138,6 @@ void __cpuinit irq_ctx_init(int cpu) asmlinkage void do_softirq(void) { unsigned long flags; @@ -17289,7 +17929,7 @@ index 7209070..cbcd71a 100644 union irq_ctx *irqctx; u32 *isp; -@@ -162,15 +142,22 @@ asmlinkage void do_softirq(void) +@@ -167,15 +147,22 @@ asmlinkage void do_softirq(void) local_irq_save(flags); if (local_softirq_pending()) { @@ -17317,23 +17957,36 @@ index 7209070..cbcd71a 100644 * Shouldn't happen, we returned above if in_interrupt(): */ diff --git a/arch/x86/kernel/irq_64.c b/arch/x86/kernel/irq_64.c -index 69bca46..0bac999 100644 +index d04d3ec..ea4b374 100644 --- a/arch/x86/kernel/irq_64.c +++ b/arch/x86/kernel/irq_64.c -@@ -38,7 +38,7 @@ static inline void stack_overflow_check(struct pt_regs *regs) - #ifdef CONFIG_DEBUG_STACKOVERFLOW +@@ -44,7 +44,7 @@ static inline void stack_overflow_check(struct pt_regs *regs) + u64 estack_top, estack_bottom; u64 curbase = (u64)task_stack_page(current); - if (user_mode_vm(regs)) + if (user_mode(regs)) return; - WARN_ONCE(regs->sp >= curbase && + if (regs->sp >= curbase + sizeof(struct thread_info) + +diff --git a/arch/x86/kernel/kdebugfs.c b/arch/x86/kernel/kdebugfs.c +index 90fcf62..e682cdd 100644 +--- a/arch/x86/kernel/kdebugfs.c ++++ b/arch/x86/kernel/kdebugfs.c +@@ -28,6 +28,8 @@ struct setup_data_node { + }; + + static ssize_t setup_data_read(struct file *file, char __user *user_buf, ++ size_t count, loff_t *ppos) __size_overflow(3); ++static ssize_t setup_data_read(struct file *file, char __user *user_buf, + size_t count, loff_t *ppos) + { + struct setup_data_node *node = file->private_data; diff --git a/arch/x86/kernel/kgdb.c b/arch/x86/kernel/kgdb.c -index faba577..93b9e71 100644 +index 2f45c4c..d95504f 100644 --- a/arch/x86/kernel/kgdb.c +++ b/arch/x86/kernel/kgdb.c -@@ -124,11 +124,11 @@ char *dbg_get_reg(int regno, void *mem, struct pt_regs *regs) +@@ -126,11 +126,11 @@ char *dbg_get_reg(int regno, void *mem, struct pt_regs *regs) #ifdef CONFIG_X86_32 switch (regno) { case GDB_SS: @@ -17347,7 +18000,7 @@ index faba577..93b9e71 100644 *(unsigned long *)mem = kernel_stack_pointer(regs); break; case GDB_GS: -@@ -473,12 +473,12 @@ int kgdb_arch_handle_exception(int e_vector, int signo, int err_code, +@@ -475,12 +475,12 @@ int kgdb_arch_handle_exception(int e_vector, int signo, int err_code, case 'k': /* clear the trace bit */ linux_regs->flags &= ~X86_EFLAGS_TF; @@ -17362,7 +18015,7 @@ index faba577..93b9e71 100644 raw_smp_processor_id()); } -@@ -543,7 +543,7 @@ static int __kgdb_notify(struct die_args *args, unsigned long cmd) +@@ -545,7 +545,7 @@ static int __kgdb_notify(struct die_args *args, unsigned long cmd) switch (cmd) { case DIE_DEBUG: @@ -17518,20 +18171,8 @@ index 7da647d..56fe348 100644 RELATIVE_ADDR_SIZE); insn_buf[0] = RELATIVEJUMP_OPCODE; -diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c -index a9c2116..a52d4fc 100644 ---- a/arch/x86/kernel/kvm.c -+++ b/arch/x86/kernel/kvm.c -@@ -437,6 +437,7 @@ static void __init paravirt_ops_setup(void) - pv_mmu_ops.set_pud = kvm_set_pud; - #if PAGETABLE_LEVELS == 4 - pv_mmu_ops.set_pgd = kvm_set_pgd; -+ pv_mmu_ops.set_pgd_batched = kvm_set_pgd; - #endif - #endif - pv_mmu_ops.flush_tlb_user = kvm_flush_tlb; diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c -index ea69726..8b497c9 100644 +index ea69726..a305f16 100644 --- a/arch/x86/kernel/ldt.c +++ b/arch/x86/kernel/ldt.c @@ -67,13 +67,13 @@ static int alloc_ldt(mm_context_t *pc, int mincount, int reload) @@ -17592,7 +18233,15 @@ index ea69726..8b497c9 100644 static int read_ldt(void __user *ptr, unsigned long bytecount) { int err; -@@ -230,6 +249,13 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode) +@@ -175,6 +194,7 @@ error_return: + return err; + } + ++static int read_default_ldt(void __user *ptr, unsigned long bytecount) __size_overflow(2); + static int read_default_ldt(void __user *ptr, unsigned long bytecount) + { + /* CHECKME: Can we use _one_ random number ? */ +@@ -230,6 +250,13 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode) } } @@ -17661,14 +18310,15 @@ index 3ca42d0..79d24cd 100644 static void microcode_fini_cpu(int cpu) diff --git a/arch/x86/kernel/module.c b/arch/x86/kernel/module.c -index 925179f..267ac7a 100644 +index 925179f..1f0d561 100644 --- a/arch/x86/kernel/module.c +++ b/arch/x86/kernel/module.c -@@ -36,15 +36,60 @@ +@@ -36,15 +36,61 @@ #define DEBUGP(fmt...) #endif -void *module_alloc(unsigned long size) ++static inline void *__module_alloc(unsigned long size, pgprot_t prot) __size_overflow(1); +static inline void *__module_alloc(unsigned long size, pgprot_t prot) { - if (PAGE_ALIGN(size) > MODULES_LEN) @@ -17728,7 +18378,7 @@ index 925179f..267ac7a 100644 #ifdef CONFIG_X86_32 int apply_relocate(Elf32_Shdr *sechdrs, const char *strtab, -@@ -55,14 +100,16 @@ int apply_relocate(Elf32_Shdr *sechdrs, +@@ -55,14 +101,16 @@ int apply_relocate(Elf32_Shdr *sechdrs, unsigned int i; Elf32_Rel *rel = (void *)sechdrs[relsec].sh_addr; Elf32_Sym *sym; @@ -17748,7 +18398,7 @@ index 925179f..267ac7a 100644 /* This is the symbol it is referring to. Note that all undefined symbols have been resolved. */ sym = (Elf32_Sym *)sechdrs[symindex].sh_addr -@@ -71,11 +118,15 @@ int apply_relocate(Elf32_Shdr *sechdrs, +@@ -71,11 +119,15 @@ int apply_relocate(Elf32_Shdr *sechdrs, switch (ELF32_R_TYPE(rel[i].r_info)) { case R_386_32: /* We add the value into the location given */ @@ -17766,7 +18416,7 @@ index 925179f..267ac7a 100644 break; default: printk(KERN_ERR "module %s: Unknown relocation: %u\n", -@@ -120,21 +171,30 @@ int apply_relocate_add(Elf64_Shdr *sechdrs, +@@ -120,21 +172,30 @@ int apply_relocate_add(Elf64_Shdr *sechdrs, case R_X86_64_NONE: break; case R_X86_64_64: @@ -17798,10 +18448,10 @@ index 925179f..267ac7a 100644 if ((s64)val != *(s32 *)loc) goto overflow; diff --git a/arch/x86/kernel/nmi.c b/arch/x86/kernel/nmi.c -index e88f37b..1353db6 100644 +index 47acaf3..ec48ab6 100644 --- a/arch/x86/kernel/nmi.c +++ b/arch/x86/kernel/nmi.c -@@ -408,6 +408,17 @@ static notrace __kprobes void default_do_nmi(struct pt_regs *regs) +@@ -505,6 +505,17 @@ static inline void nmi_nesting_postprocess(void) dotraplinkage notrace __kprobes void do_nmi(struct pt_regs *regs, long error_code) { @@ -17816,9 +18466,9 @@ index e88f37b..1353db6 100644 + } +#endif + - nmi_enter(); + nmi_nesting_preprocess(regs); - inc_irq_stat(__nmi_count); + nmi_enter(); diff --git a/arch/x86/kernel/paravirt-spinlocks.c b/arch/x86/kernel/paravirt-spinlocks.c index 676b8c7..870ba04 100644 --- a/arch/x86/kernel/paravirt-spinlocks.c @@ -17981,7 +18631,7 @@ index 35ccf75..7a15747 100644 #define DEBUG 1 diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c -index ee5d4fb..426649b 100644 +index 15763af..da59ada 100644 --- a/arch/x86/kernel/process.c +++ b/arch/x86/kernel/process.c @@ -48,16 +48,33 @@ void free_thread_xstate(struct task_struct *tsk) @@ -18122,7 +18772,7 @@ index ee5d4fb..426649b 100644 +} +#endif diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c -index 8598296..bfadef0 100644 +index c08d1ff..6ae1c81 100644 --- a/arch/x86/kernel/process_32.c +++ b/arch/x86/kernel/process_32.c @@ -67,6 +67,7 @@ asmlinkage void ret_from_fork(void) __asm__("ret_from_fork"); @@ -18133,7 +18783,7 @@ index 8598296..bfadef0 100644 } #ifndef CONFIG_SMP -@@ -130,15 +131,14 @@ void __show_regs(struct pt_regs *regs, int all) +@@ -132,15 +133,14 @@ void __show_regs(struct pt_regs *regs, int all) unsigned long sp; unsigned short ss, gs; @@ -18151,7 +18801,7 @@ index 8598296..bfadef0 100644 show_regs_common(); -@@ -200,13 +200,14 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, +@@ -202,13 +202,14 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, struct task_struct *tsk; int err; @@ -18167,7 +18817,7 @@ index 8598296..bfadef0 100644 p->thread.ip = (unsigned long) ret_from_fork; -@@ -296,7 +297,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) +@@ -299,7 +300,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) struct thread_struct *prev = &prev_p->thread, *next = &next_p->thread; int cpu = smp_processor_id(); @@ -18176,7 +18826,7 @@ index 8598296..bfadef0 100644 fpu_switch_t fpu; /* never put a printk in __switch_to... printk() calls wake_up*() indirectly */ -@@ -320,6 +321,10 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) +@@ -323,6 +324,10 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) */ lazy_save_gs(prev->gs); @@ -18187,7 +18837,7 @@ index 8598296..bfadef0 100644 /* * Load the per-thread Thread-Local Storage descriptor. */ -@@ -350,6 +355,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) +@@ -353,6 +358,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) */ arch_end_context_switch(next_p); @@ -18197,7 +18847,7 @@ index 8598296..bfadef0 100644 /* * Restore %gs if needed (which is common) */ -@@ -358,8 +366,6 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) +@@ -361,8 +369,6 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) switch_fpu_finish(next_p, fpu); @@ -18206,13 +18856,13 @@ index 8598296..bfadef0 100644 return prev_p; } -@@ -389,4 +395,3 @@ unsigned long get_wchan(struct task_struct *p) +@@ -392,4 +398,3 @@ unsigned long get_wchan(struct task_struct *p) } while (count++ < 16); return 0; } - diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c -index 6a364a6..b147d11 100644 +index cfa5c90..4facd28 100644 --- a/arch/x86/kernel/process_64.c +++ b/arch/x86/kernel/process_64.c @@ -89,7 +89,7 @@ static void __exit_idle(void) @@ -18224,7 +18874,7 @@ index 6a364a6..b147d11 100644 return; __exit_idle(); } -@@ -264,8 +264,7 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, +@@ -270,8 +270,7 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, struct pt_regs *childregs; struct task_struct *me = current; @@ -18234,7 +18884,7 @@ index 6a364a6..b147d11 100644 *childregs = *regs; childregs->ax = 0; -@@ -277,6 +276,7 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, +@@ -283,6 +282,7 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, p->thread.sp = (unsigned long) childregs; p->thread.sp0 = (unsigned long) (childregs+1); p->thread.usersp = me->thread.usersp; @@ -18242,7 +18892,7 @@ index 6a364a6..b147d11 100644 set_tsk_thread_flag(p, TIF_FORK); -@@ -379,7 +379,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) +@@ -385,7 +385,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) struct thread_struct *prev = &prev_p->thread; struct thread_struct *next = &next_p->thread; int cpu = smp_processor_id(); @@ -18251,7 +18901,7 @@ index 6a364a6..b147d11 100644 unsigned fsindex, gsindex; fpu_switch_t fpu; -@@ -461,10 +461,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) +@@ -467,10 +467,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) prev->usersp = percpu_read(old_rsp); percpu_write(old_rsp, next->usersp); percpu_write(current_task, next_p); @@ -18264,7 +18914,7 @@ index 6a364a6..b147d11 100644 /* * Now maybe reload the debug registers and handle I/O bitmaps -@@ -519,12 +518,11 @@ unsigned long get_wchan(struct task_struct *p) +@@ -525,12 +524,11 @@ unsigned long get_wchan(struct task_struct *p) if (!p || p == current || p->state == TASK_RUNNING) return 0; stack = (unsigned long)task_stack_page(p); @@ -18280,10 +18930,10 @@ index 6a364a6..b147d11 100644 ip = *(u64 *)(fp+8); if (!in_sched_functions(ip)) diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c -index 8252879..f367ec9 100644 +index 5026738..574f70a 100644 --- a/arch/x86/kernel/ptrace.c +++ b/arch/x86/kernel/ptrace.c -@@ -791,6 +791,10 @@ static int ioperm_active(struct task_struct *target, +@@ -792,6 +792,10 @@ static int ioperm_active(struct task_struct *target, static int ioperm_get(struct task_struct *target, const struct user_regset *regset, unsigned int pos, unsigned int count, @@ -18294,7 +18944,7 @@ index 8252879..f367ec9 100644 void *kbuf, void __user *ubuf) { if (!target->thread.io_bitmap_ptr) -@@ -822,7 +826,7 @@ long arch_ptrace(struct task_struct *child, long request, +@@ -823,7 +827,7 @@ long arch_ptrace(struct task_struct *child, long request, unsigned long addr, unsigned long data) { int ret; @@ -18303,7 +18953,7 @@ index 8252879..f367ec9 100644 switch (request) { /* read the word at location addr in the USER area. */ -@@ -907,14 +911,14 @@ long arch_ptrace(struct task_struct *child, long request, +@@ -908,14 +912,14 @@ long arch_ptrace(struct task_struct *child, long request, if ((int) addr < 0) return -EIO; ret = do_get_thread_area(child, addr, @@ -18320,7 +18970,7 @@ index 8252879..f367ec9 100644 break; #endif -@@ -1331,7 +1335,7 @@ static void fill_sigtrap_info(struct task_struct *tsk, +@@ -1332,7 +1336,7 @@ static void fill_sigtrap_info(struct task_struct *tsk, memset(info, 0, sizeof(*info)); info->si_signo = SIGTRAP; info->si_code = si_code; @@ -18329,6 +18979,41 @@ index 8252879..f367ec9 100644 } void user_single_step_siginfo(struct task_struct *tsk, +@@ -1361,6 +1365,10 @@ void send_sigtrap(struct task_struct *tsk, struct pt_regs *regs, + # define IS_IA32 0 + #endif + ++#ifdef CONFIG_GRKERNSEC_SETXID ++extern void gr_delayed_cred_worker(void); ++#endif ++ + /* + * We must return the syscall number to actually look up in the table. + * This can be -1L to skip running any syscall at all. +@@ -1369,6 +1377,11 @@ long syscall_trace_enter(struct pt_regs *regs) + { + long ret = 0; + ++#ifdef CONFIG_GRKERNSEC_SETXID ++ if (unlikely(test_and_clear_thread_flag(TIF_GRSEC_SETXID))) ++ gr_delayed_cred_worker(); ++#endif ++ + /* + * If we stepped into a sysenter/syscall insn, it trapped in + * kernel mode; do_debug() cleared TF and set TIF_SINGLESTEP. +@@ -1412,6 +1425,11 @@ void syscall_trace_leave(struct pt_regs *regs) + { + bool step; + ++#ifdef CONFIG_GRKERNSEC_SETXID ++ if (unlikely(test_and_clear_thread_flag(TIF_GRSEC_SETXID))) ++ gr_delayed_cred_worker(); ++#endif ++ + audit_syscall_exit(regs); + + if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) diff --git a/arch/x86/kernel/pvclock.c b/arch/x86/kernel/pvclock.c index 42eb330..139955c 100644 --- a/arch/x86/kernel/pvclock.c @@ -18362,7 +19047,7 @@ index 42eb330..139955c 100644 return ret; diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c -index 37a458b..e63d183 100644 +index d840e69..98e9581 100644 --- a/arch/x86/kernel/reboot.c +++ b/arch/x86/kernel/reboot.c @@ -35,7 +35,7 @@ void (*pm_power_off)(void); @@ -18374,7 +19059,7 @@ index 37a458b..e63d183 100644 enum reboot_type reboot_type = BOOT_ACPI; int reboot_force; -@@ -324,13 +324,17 @@ core_initcall(reboot_init); +@@ -335,13 +335,17 @@ core_initcall(reboot_init); extern const unsigned char machine_real_restart_asm[]; extern const u64 machine_real_restart_gdt[3]; @@ -18394,7 +19079,7 @@ index 37a458b..e63d183 100644 local_irq_disable(); /* Write zero to CMOS register number 0x0f, which the BIOS POST -@@ -356,14 +360,14 @@ void machine_real_restart(unsigned int type) +@@ -367,14 +371,14 @@ void machine_real_restart(unsigned int type) boot)". This seems like a fairly standard thing that gets set by REBOOT.COM programs, and the previous reset routine did this too. */ @@ -18411,7 +19096,7 @@ index 37a458b..e63d183 100644 /* GDT[0]: GDT self-pointer */ lowmem_gdt[0] = -@@ -374,7 +378,33 @@ void machine_real_restart(unsigned int type) +@@ -385,7 +389,33 @@ void machine_real_restart(unsigned int type) GDT_ENTRY(0x009b, restart_pa, 0xffff); /* Jump to the identity-mapped low memory code */ @@ -18445,7 +19130,7 @@ index 37a458b..e63d183 100644 } #ifdef CONFIG_APM_MODULE EXPORT_SYMBOL(machine_real_restart); -@@ -540,7 +570,7 @@ void __attribute__((weak)) mach_reboot_fixups(void) +@@ -556,7 +586,7 @@ void __attribute__((weak)) mach_reboot_fixups(void) * try to force a triple fault and then cycle between hitting the keyboard * controller and doing that */ @@ -18454,7 +19139,7 @@ index 37a458b..e63d183 100644 { int i; int attempt = 0; -@@ -664,13 +694,13 @@ void native_machine_shutdown(void) +@@ -680,13 +710,13 @@ void native_machine_shutdown(void) #endif } @@ -18470,7 +19155,7 @@ index 37a458b..e63d183 100644 { printk("machine restart\n"); -@@ -679,7 +709,7 @@ static void native_machine_restart(char *__unused) +@@ -695,7 +725,7 @@ static void native_machine_restart(char *__unused) __machine_emergency_restart(0); } @@ -18479,7 +19164,7 @@ index 37a458b..e63d183 100644 { /* stop other cpus and apics */ machine_shutdown(); -@@ -690,7 +720,7 @@ static void native_machine_halt(void) +@@ -706,7 +736,7 @@ static void native_machine_halt(void) stop_this_cpu(NULL); } @@ -18488,7 +19173,7 @@ index 37a458b..e63d183 100644 { if (pm_power_off) { if (!reboot_force) -@@ -699,6 +729,7 @@ static void native_machine_power_off(void) +@@ -715,6 +745,7 @@ static void native_machine_power_off(void) } /* a fallback in case there is no PM info available */ tboot_shutdown(TB_SHUTDOWN_HALT); @@ -18525,10 +19210,10 @@ index 7a6f3b3..bed145d7 100644 1: diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index cf0ef98..e3f780b 100644 +index d7d5099..28555d0 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c -@@ -447,7 +447,7 @@ static void __init parse_setup_data(void) +@@ -448,7 +448,7 @@ static void __init parse_setup_data(void) switch (data->type) { case SETUP_E820_EXT: @@ -18537,7 +19222,7 @@ index cf0ef98..e3f780b 100644 break; case SETUP_DTB: add_dtb(pa_data); -@@ -650,7 +650,7 @@ static void __init trim_bios_range(void) +@@ -649,7 +649,7 @@ static void __init trim_bios_range(void) * area (640->1Mb) as ram even though it is not. * take them out. */ @@ -18546,7 +19231,7 @@ index cf0ef98..e3f780b 100644 sanitize_e820_map(e820.map, ARRAY_SIZE(e820.map), &e820.nr_map); } -@@ -773,14 +773,14 @@ void __init setup_arch(char **cmdline_p) +@@ -767,14 +767,14 @@ void __init setup_arch(char **cmdline_p) if (!boot_params.hdr.root_flags) root_mountflags &= ~MS_RDONLY; @@ -18567,7 +19252,7 @@ index cf0ef98..e3f780b 100644 bss_resource.start = virt_to_phys(&__bss_start); bss_resource.end = virt_to_phys(&__bss_stop)-1; diff --git a/arch/x86/kernel/setup_percpu.c b/arch/x86/kernel/setup_percpu.c -index 71f4727..217419b 100644 +index 5a98aa2..848d2be 100644 --- a/arch/x86/kernel/setup_percpu.c +++ b/arch/x86/kernel/setup_percpu.c @@ -21,19 +21,17 @@ @@ -18626,7 +19311,7 @@ index 71f4727..217419b 100644 write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_PERCPU, &gdt, DESCTYPE_S); #endif -@@ -207,6 +209,11 @@ void __init setup_per_cpu_areas(void) +@@ -219,6 +221,11 @@ void __init setup_per_cpu_areas(void) /* alrighty, percpu areas up and running */ delta = (unsigned long)pcpu_base_addr - (unsigned long)__per_cpu_start; for_each_possible_cpu(cpu) { @@ -18638,7 +19323,7 @@ index 71f4727..217419b 100644 per_cpu_offset(cpu) = delta + pcpu_unit_offsets[cpu]; per_cpu(this_cpu_off, cpu) = per_cpu_offset(cpu); per_cpu(cpu_number, cpu) = cpu; -@@ -247,6 +254,12 @@ void __init setup_per_cpu_areas(void) +@@ -259,6 +266,12 @@ void __init setup_per_cpu_areas(void) */ set_cpu_numa_node(cpu, early_cpu_to_node(cpu)); #endif @@ -18652,7 +19337,7 @@ index 71f4727..217419b 100644 * Up to this point, the boot CPU has been using .init.data * area. Reload any changed state for the boot CPU. diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c -index 54ddaeb2..22c3bdc 100644 +index 46a01bd..2e88e6d 100644 --- a/arch/x86/kernel/signal.c +++ b/arch/x86/kernel/signal.c @@ -198,7 +198,7 @@ static unsigned long align_sigframe(unsigned long sp) @@ -18720,7 +19405,7 @@ index 54ddaeb2..22c3bdc 100644 } put_user_catch(err); if (err) -@@ -769,7 +772,7 @@ static void do_signal(struct pt_regs *regs) +@@ -765,7 +768,7 @@ static void do_signal(struct pt_regs *regs) * X86_32: vm86 regs switched out by assembly code before reaching * here, so testing against kernel CS suffices. */ @@ -18730,10 +19415,10 @@ index 54ddaeb2..22c3bdc 100644 signr = get_signal_to_deliver(&info, &ka, regs, NULL); diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c -index 9f548cb..caf76f7 100644 +index 66d250c..f1b10bd 100644 --- a/arch/x86/kernel/smpboot.c +++ b/arch/x86/kernel/smpboot.c -@@ -709,17 +709,20 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu) +@@ -715,17 +715,20 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu) set_idle_for_cpu(cpu, c_idle.idle); do_rest: per_cpu(current_task, cpu) = c_idle.idle; @@ -18757,7 +19442,7 @@ index 9f548cb..caf76f7 100644 initial_code = (unsigned long)start_secondary; stack_start = c_idle.idle->thread.sp; -@@ -861,6 +864,12 @@ int __cpuinit native_cpu_up(unsigned int cpu) +@@ -868,6 +871,12 @@ int __cpuinit native_cpu_up(unsigned int cpu) per_cpu(cpu_state, cpu) = CPU_UP_PREPARE; @@ -19189,15 +19874,6 @@ index 0514890..3dbebce 100644 mm->cached_hole_size = ~0UL; return addr; -diff --git a/arch/x86/kernel/syscall_table_32.S b/arch/x86/kernel/syscall_table_32.S -index 9a0e312..e6f66f2 100644 ---- a/arch/x86/kernel/syscall_table_32.S -+++ b/arch/x86/kernel/syscall_table_32.S -@@ -1,3 +1,4 @@ -+.section .rodata,"a",@progbits - ENTRY(sys_call_table) - .long sys_restart_syscall /* 0 - old "setup()" system call, used for restarting */ - .long sys_exit diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c index e2410e2..4fe3fbc 100644 --- a/arch/x86/kernel/tboot.c @@ -19285,7 +19961,7 @@ index dd5fbf4..b7f2232 100644 return pc; } diff --git a/arch/x86/kernel/tls.c b/arch/x86/kernel/tls.c -index 6bb7b85..dd853e1 100644 +index bcfec2d..8f88b4a 100644 --- a/arch/x86/kernel/tls.c +++ b/arch/x86/kernel/tls.c @@ -85,6 +85,11 @@ int do_set_thread_area(struct task_struct *p, int idx, @@ -19361,7 +20037,7 @@ index 09ff517..df19fbff 100644 .short 0 .quad 0x00cf9b000000ffff # __KERNEL32_CS diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c -index 31d9d0f..e244dd9 100644 +index 4bbe04d..41d0943 100644 --- a/arch/x86/kernel/traps.c +++ b/arch/x86/kernel/traps.c @@ -70,12 +70,6 @@ asmlinkage int system_call(void); @@ -19479,7 +20155,7 @@ index 31d9d0f..e244dd9 100644 die("general protection fault", regs, error_code); } -@@ -414,7 +443,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code) +@@ -421,7 +450,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code) /* It's safe to allow irq's after DR6 has been saved */ preempt_conditional_sti(regs); @@ -19488,7 +20164,7 @@ index 31d9d0f..e244dd9 100644 handle_vm86_trap((struct kernel_vm86_regs *) regs, error_code, 1); preempt_conditional_cli(regs); -@@ -428,7 +457,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code) +@@ -436,7 +465,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code) * We already checked v86 mode above, so we can check for kernel mode * by just checking the CPL of CS. */ @@ -19497,7 +20173,7 @@ index 31d9d0f..e244dd9 100644 tsk->thread.debugreg6 &= ~DR_STEP; set_tsk_thread_flag(tsk, TIF_SINGLESTEP); regs->flags &= ~X86_EFLAGS_TF; -@@ -457,7 +486,7 @@ void math_error(struct pt_regs *regs, int error_code, int trapnr) +@@ -466,7 +495,7 @@ void math_error(struct pt_regs *regs, int error_code, int trapnr) return; conditional_sti(regs); @@ -19506,17 +20182,6 @@ index 31d9d0f..e244dd9 100644 { if (!fixup_exception(regs)) { task->thread.error_code = error_code; -@@ -569,8 +598,8 @@ asmlinkage void __attribute__((weak)) smp_threshold_interrupt(void) - void __math_state_restore(struct task_struct *tsk) - { - /* We need a safe address that is cheap to find and that is already -- in L1. We've just brought in "tsk->thread.has_fpu", so use that */ --#define safe_address (tsk->thread.has_fpu) -+ in L1. */ -+#define safe_address (init_tss[smp_processor_id()].x86_tss.sp0) - - /* AMD K7/K8 CPUs don't save/restore FDP/FIP/FOP unless an exception - is pending. Clear the x87 state here by setting it to fixed diff --git a/arch/x86/kernel/verify_cpu.S b/arch/x86/kernel/verify_cpu.S index b9242ba..50c5edd 100644 --- a/arch/x86/kernel/verify_cpu.S @@ -19530,7 +20195,7 @@ index b9242ba..50c5edd 100644 * verify_cpu, returns the status of longmode and SSE in register %eax. * 0: Success 1: Failure diff --git a/arch/x86/kernel/vm86_32.c b/arch/x86/kernel/vm86_32.c -index 863f875..4307295 100644 +index 328cb37..f37fee1 100644 --- a/arch/x86/kernel/vm86_32.c +++ b/arch/x86/kernel/vm86_32.c @@ -41,6 +41,7 @@ @@ -19541,7 +20206,17 @@ index 863f875..4307295 100644 #include #include -@@ -148,7 +149,7 @@ struct pt_regs *save_v86_state(struct kernel_vm86_regs *regs) +@@ -109,6 +110,9 @@ static int copy_vm86_regs_to_user(struct vm86_regs __user *user, + /* convert vm86_regs to kernel_vm86_regs */ + static int copy_vm86_regs_from_user(struct kernel_vm86_regs *regs, + const struct vm86_regs __user *user, ++ unsigned extra) __size_overflow(3); ++static int copy_vm86_regs_from_user(struct kernel_vm86_regs *regs, ++ const struct vm86_regs __user *user, + unsigned extra) + { + int ret = 0; +@@ -148,7 +152,7 @@ struct pt_regs *save_v86_state(struct kernel_vm86_regs *regs) do_exit(SIGSEGV); } @@ -19550,7 +20225,7 @@ index 863f875..4307295 100644 current->thread.sp0 = current->thread.saved_sp0; current->thread.sysenter_cs = __KERNEL_CS; load_sp0(tss, ¤t->thread); -@@ -208,6 +209,13 @@ int sys_vm86old(struct vm86_struct __user *v86, struct pt_regs *regs) +@@ -210,6 +214,13 @@ int sys_vm86old(struct vm86_struct __user *v86, struct pt_regs *regs) struct task_struct *tsk; int tmp, ret = -EPERM; @@ -19564,7 +20239,7 @@ index 863f875..4307295 100644 tsk = current; if (tsk->thread.saved_sp0) goto out; -@@ -238,6 +246,14 @@ int sys_vm86(unsigned long cmd, unsigned long arg, struct pt_regs *regs) +@@ -240,6 +251,14 @@ int sys_vm86(unsigned long cmd, unsigned long arg, struct pt_regs *regs) int tmp, ret; struct vm86plus_struct __user *v86; @@ -19579,7 +20254,7 @@ index 863f875..4307295 100644 tsk = current; switch (cmd) { case VM86_REQUEST_IRQ: -@@ -324,7 +340,7 @@ static void do_sys_vm86(struct kernel_vm86_struct *info, struct task_struct *tsk +@@ -326,7 +345,7 @@ static void do_sys_vm86(struct kernel_vm86_struct *info, struct task_struct *tsk tsk->thread.saved_fs = info->regs32->fs; tsk->thread.saved_gs = get_user_gs(info->regs32); @@ -19588,7 +20263,7 @@ index 863f875..4307295 100644 tsk->thread.sp0 = (unsigned long) &info->VM86_TSS_ESP0; if (cpu_has_sep) tsk->thread.sysenter_cs = 0; -@@ -529,7 +545,7 @@ static void do_int(struct kernel_vm86_regs *regs, int i, +@@ -533,7 +552,7 @@ static void do_int(struct kernel_vm86_regs *regs, int i, goto cannot_handle; if (i == 0x21 && is_revectored(AH(regs), &KVM86->int21_revectored)) goto cannot_handle; @@ -19862,14 +20537,14 @@ index 0f703f1..9e15f64 100644 #ifdef CONFIG_SMP diff --git a/arch/x86/kernel/vsyscall_64.c b/arch/x86/kernel/vsyscall_64.c -index e4d4a22..47ee71f 100644 +index b07ba93..a212969 100644 --- a/arch/x86/kernel/vsyscall_64.c +++ b/arch/x86/kernel/vsyscall_64.c @@ -57,15 +57,13 @@ DEFINE_VVAR(struct vsyscall_gtod_data, vsyscall_gtod_data) = .lock = __SEQLOCK_UNLOCKED(__vsyscall_gtod_data.lock), }; --static enum { EMULATE, NATIVE, NONE } vsyscall_mode = NATIVE; +-static enum { EMULATE, NATIVE, NONE } vsyscall_mode = EMULATE; +static enum { EMULATE, NONE } vsyscall_mode = EMULATE; static int __init vsyscall_setup(char *str) @@ -19882,16 +20557,16 @@ index e4d4a22..47ee71f 100644 else if (!strcmp("none", str)) vsyscall_mode = NONE; else -@@ -178,7 +176,7 @@ bool emulate_vsyscall(struct pt_regs *regs, unsigned long address) +@@ -207,7 +205,7 @@ bool emulate_vsyscall(struct pt_regs *regs, unsigned long address) tsk = current; if (seccomp_mode(&tsk->seccomp)) - do_exit(SIGKILL); + do_group_exit(SIGKILL); - switch (vsyscall_nr) { - case 0: -@@ -220,8 +218,7 @@ bool emulate_vsyscall(struct pt_regs *regs, unsigned long address) + /* + * With a real vsyscall, page faults cause SIGSEGV. We want to +@@ -279,8 +277,7 @@ bool emulate_vsyscall(struct pt_regs *regs, unsigned long address) return true; sigsegv: @@ -19901,7 +20576,7 @@ index e4d4a22..47ee71f 100644 } /* -@@ -274,10 +271,7 @@ void __init map_vsyscall(void) +@@ -333,10 +330,7 @@ void __init map_vsyscall(void) extern char __vvar_page; unsigned long physaddr_vvar_page = __pa_symbol(&__vvar_page); @@ -19957,11 +20632,62 @@ index 7110911..e8cdee5 100644 buf); if (unlikely(err)) { /* +diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c +index 89b02bf..0f6511d 100644 +--- a/arch/x86/kvm/cpuid.c ++++ b/arch/x86/kvm/cpuid.c +@@ -124,15 +124,20 @@ int kvm_vcpu_ioctl_set_cpuid2(struct kvm_vcpu *vcpu, + struct kvm_cpuid2 *cpuid, + struct kvm_cpuid_entry2 __user *entries) + { +- int r; ++ int r, i; + + r = -E2BIG; + if (cpuid->nent > KVM_MAX_CPUID_ENTRIES) + goto out; + r = -EFAULT; +- if (copy_from_user(&vcpu->arch.cpuid_entries, entries, +- cpuid->nent * sizeof(struct kvm_cpuid_entry2))) ++ if (!access_ok(VERIFY_READ, entries, cpuid->nent * sizeof(struct kvm_cpuid_entry2))) + goto out; ++ for (i = 0; i < cpuid->nent; ++i) { ++ struct kvm_cpuid_entry2 cpuid_entry; ++ if (__copy_from_user(&cpuid_entry, entries + i, sizeof(cpuid_entry))) ++ goto out; ++ vcpu->arch.cpuid_entries[i] = cpuid_entry; ++ } + vcpu->arch.cpuid_nent = cpuid->nent; + kvm_apic_set_version(vcpu); + kvm_x86_ops->cpuid_update(vcpu); +@@ -147,15 +152,19 @@ int kvm_vcpu_ioctl_get_cpuid2(struct kvm_vcpu *vcpu, + struct kvm_cpuid2 *cpuid, + struct kvm_cpuid_entry2 __user *entries) + { +- int r; ++ int r, i; + + r = -E2BIG; + if (cpuid->nent < vcpu->arch.cpuid_nent) + goto out; + r = -EFAULT; +- if (copy_to_user(entries, &vcpu->arch.cpuid_entries, +- vcpu->arch.cpuid_nent * sizeof(struct kvm_cpuid_entry2))) ++ if (!access_ok(VERIFY_WRITE, entries, vcpu->arch.cpuid_nent * sizeof(struct kvm_cpuid_entry2))) + goto out; ++ for (i = 0; i < vcpu->arch.cpuid_nent; ++i) { ++ struct kvm_cpuid_entry2 cpuid_entry = vcpu->arch.cpuid_entries[i]; ++ if (__copy_to_user(entries + i, &cpuid_entry, sizeof(cpuid_entry))) ++ goto out; ++ } + return 0; + + out: diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c -index f1e3be18..588efc8 100644 +index 0982507..7f6d72f 100644 --- a/arch/x86/kvm/emulate.c +++ b/arch/x86/kvm/emulate.c -@@ -249,6 +249,7 @@ struct gprefix { +@@ -250,6 +250,7 @@ struct gprefix { #define ____emulate_2op(ctxt, _op, _x, _y, _suffix, _dsttype) \ do { \ @@ -19969,7 +20695,7 @@ index f1e3be18..588efc8 100644 __asm__ __volatile__ ( \ _PRE_EFLAGS("0", "4", "2") \ _op _suffix " %"_x"3,%1; " \ -@@ -263,8 +264,6 @@ struct gprefix { +@@ -264,8 +265,6 @@ struct gprefix { /* Raw emulation: instruction has two explicit operands. */ #define __emulate_2op_nobyte(ctxt,_op,_wx,_wy,_lx,_ly,_qx,_qy) \ do { \ @@ -19978,7 +20704,7 @@ index f1e3be18..588efc8 100644 switch ((ctxt)->dst.bytes) { \ case 2: \ ____emulate_2op(ctxt,_op,_wx,_wy,"w",u16); \ -@@ -280,7 +279,6 @@ struct gprefix { +@@ -281,7 +280,6 @@ struct gprefix { #define __emulate_2op(ctxt,_op,_bx,_by,_wx,_wy,_lx,_ly,_qx,_qy) \ do { \ @@ -19987,10 +20713,10 @@ index f1e3be18..588efc8 100644 case 1: \ ____emulate_2op(ctxt,_op,_bx,_by,"b",u8); \ diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c -index 54abb40..a192606 100644 +index cfdc6e0..ab92e84 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c -@@ -53,7 +53,7 @@ +@@ -54,7 +54,7 @@ #define APIC_BUS_CYCLE_NS 1 /* #define apic_debug(fmt,arg...) printk(KERN_WARNING fmt,##arg) */ @@ -19999,30 +20725,8 @@ index 54abb40..a192606 100644 #define APIC_LVT_NUM 6 /* 14 is the version for Xeon and Pentium 8.4.8*/ -diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c -index f1b36cf..af8a124 100644 ---- a/arch/x86/kvm/mmu.c -+++ b/arch/x86/kvm/mmu.c -@@ -3555,7 +3555,7 @@ void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa, - - pgprintk("%s: gpa %llx bytes %d\n", __func__, gpa, bytes); - -- invlpg_counter = atomic_read(&vcpu->kvm->arch.invlpg_counter); -+ invlpg_counter = atomic_read_unchecked(&vcpu->kvm->arch.invlpg_counter); - - /* - * Assume that the pte write on a page table of the same type -@@ -3587,7 +3587,7 @@ void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa, - } - - spin_lock(&vcpu->kvm->mmu_lock); -- if (atomic_read(&vcpu->kvm->arch.invlpg_counter) != invlpg_counter) -+ if (atomic_read_unchecked(&vcpu->kvm->arch.invlpg_counter) != invlpg_counter) - gentry = 0; - kvm_mmu_free_some_pages(vcpu); - ++vcpu->kvm->stat.mmu_pte_write; diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h -index 9299410..ade2f9b 100644 +index 1561028..0ed7f14 100644 --- a/arch/x86/kvm/paging_tmpl.h +++ b/arch/x86/kvm/paging_tmpl.h @@ -197,7 +197,7 @@ retry_walk: @@ -20034,28 +20738,11 @@ index 9299410..ade2f9b 100644 if (unlikely(__copy_from_user(&pte, ptep_user, sizeof(pte)))) goto error; -@@ -705,7 +705,7 @@ static void FNAME(invlpg)(struct kvm_vcpu *vcpu, gva_t gva) - if (need_flush) - kvm_flush_remote_tlbs(vcpu->kvm); - -- atomic_inc(&vcpu->kvm->arch.invlpg_counter); -+ atomic_inc_unchecked(&vcpu->kvm->arch.invlpg_counter); - - spin_unlock(&vcpu->kvm->mmu_lock); - diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c -index 94a4672..1700ed1 100644 +index e385214..f8df033 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c -@@ -3037,6 +3037,7 @@ static int svm_set_vm_cr(struct kvm_vcpu *vcpu, u64 data) - return 0; - } - -+static int svm_set_msr(struct kvm_vcpu *vcpu, unsigned ecx, u64 data) __size_overflow(3); - static int svm_set_msr(struct kvm_vcpu *vcpu, unsigned ecx, u64 data) - { - struct vcpu_svm *svm = to_svm(vcpu); -@@ -3405,7 +3406,11 @@ static void reload_tss(struct kvm_vcpu *vcpu) +@@ -3420,7 +3420,11 @@ static void reload_tss(struct kvm_vcpu *vcpu) int cpu = raw_smp_processor_id(); struct svm_cpu_data *sd = per_cpu(svm_data, cpu); @@ -20067,7 +20754,7 @@ index 94a4672..1700ed1 100644 load_TR_desc(); } -@@ -3783,6 +3788,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) +@@ -3798,6 +3802,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) #endif #endif @@ -20079,10 +20766,10 @@ index 94a4672..1700ed1 100644 local_irq_disable(); diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c -index 4ea7678..c715f2f 100644 +index a7a6f60..04b745a 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c -@@ -1305,7 +1305,11 @@ static void reload_tss(void) +@@ -1306,7 +1306,11 @@ static void reload_tss(void) struct desc_struct *descs; descs = (void *)gdt->address; @@ -20094,15 +20781,7 @@ index 4ea7678..c715f2f 100644 load_TR_desc(); } -@@ -2163,6 +2167,7 @@ static int vmx_get_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 *pdata) - * Returns 0 on success, non-0 otherwise. - * Assumes vcpu_load() was already called. - */ -+static int vmx_set_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 data) __size_overflow(3); - static int vmx_set_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 data) - { - struct vcpu_vmx *vmx = to_vmx(vcpu); -@@ -2633,8 +2638,11 @@ static __init int hardware_setup(void) +@@ -2637,8 +2641,11 @@ static __init int hardware_setup(void) if (!cpu_has_vmx_flexpriority()) flexpriority_enabled = 0; @@ -20116,7 +20795,7 @@ index 4ea7678..c715f2f 100644 if (enable_ept && !cpu_has_vmx_ept_2m_page()) kvm_disable_largepages(); -@@ -3648,7 +3656,7 @@ static void vmx_set_constant_host_state(void) +@@ -3654,7 +3661,7 @@ static void vmx_set_constant_host_state(void) vmcs_writel(HOST_IDTR_BASE, dt.address); /* 22.2.4 */ asm("mov $.Lkvm_vmx_return, %0" : "=r"(tmpl)); @@ -20125,7 +20804,7 @@ index 4ea7678..c715f2f 100644 rdmsr(MSR_IA32_SYSENTER_CS, low32, high32); vmcs_write32(HOST_IA32_SYSENTER_CS, low32); -@@ -6169,6 +6177,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6192,6 +6199,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) "jmp .Lkvm_vmx_return \n\t" ".Llaunched: " __ex(ASM_VMX_VMRESUME) "\n\t" ".Lkvm_vmx_return: " @@ -20138,7 +20817,7 @@ index 4ea7678..c715f2f 100644 /* Save guest registers, load host registers, keep flags */ "mov %0, %c[wordsize](%%"R"sp) \n\t" "pop %0 \n\t" -@@ -6217,6 +6231,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6240,6 +6253,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) #endif [cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)), [wordsize]"i"(sizeof(ulong)) @@ -20150,7 +20829,7 @@ index 4ea7678..c715f2f 100644 : "cc", "memory" , R"ax", R"bx", R"di", R"si" #ifdef CONFIG_X86_64 -@@ -6245,7 +6264,16 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6268,7 +6286,16 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) } } @@ -20169,10 +20848,10 @@ index 4ea7678..c715f2f 100644 vmx->exit_reason = vmcs_read32(VM_EXIT_REASON); diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c -index 4c938da..6cd8090 100644 +index 8d1c6c6..6e6d611 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c -@@ -907,6 +907,7 @@ static int do_set_msr(struct kvm_vcpu *vcpu, unsigned index, u64 *data) +@@ -873,6 +873,7 @@ static int do_set_msr(struct kvm_vcpu *vcpu, unsigned index, u64 *data) return kvm_set_msr(vcpu, index, *data); } @@ -20180,7 +20859,12 @@ index 4c938da..6cd8090 100644 static void kvm_write_wall_clock(struct kvm *kvm, gpa_t wall_clock) { int version; -@@ -1345,8 +1346,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) +@@ -1307,12 +1308,13 @@ static int set_msr_mce(struct kvm_vcpu *vcpu, u32 msr, u64 data) + return 0; + } + ++static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) __size_overflow(2); + static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) { struct kvm *kvm = vcpu->kvm; int lm = is_long_mode(vcpu); @@ -20191,7 +20875,7 @@ index 4c938da..6cd8090 100644 u8 blob_size = lm ? kvm->arch.xen_hvm_config.blob_size_64 : kvm->arch.xen_hvm_config.blob_size_32; u32 page_num = data & ~PAGE_MASK; -@@ -2165,6 +2166,8 @@ long kvm_arch_dev_ioctl(struct file *filp, +@@ -2145,6 +2147,8 @@ long kvm_arch_dev_ioctl(struct file *filp, if (n < msr_list.nmsrs) goto out; r = -EFAULT; @@ -20200,54 +20884,7 @@ index 4c938da..6cd8090 100644 if (copy_to_user(user_msr_list->indices, &msrs_to_save, num_msrs_to_save * sizeof(u32))) goto out; -@@ -2340,15 +2343,20 @@ static int kvm_vcpu_ioctl_set_cpuid2(struct kvm_vcpu *vcpu, - struct kvm_cpuid2 *cpuid, - struct kvm_cpuid_entry2 __user *entries) - { -- int r; -+ int r, i; - - r = -E2BIG; - if (cpuid->nent > KVM_MAX_CPUID_ENTRIES) - goto out; - r = -EFAULT; -- if (copy_from_user(&vcpu->arch.cpuid_entries, entries, -- cpuid->nent * sizeof(struct kvm_cpuid_entry2))) -+ if (!access_ok(VERIFY_READ, entries, cpuid->nent * sizeof(struct kvm_cpuid_entry2))) - goto out; -+ for (i = 0; i < cpuid->nent; ++i) { -+ struct kvm_cpuid_entry2 cpuid_entry; -+ if (__copy_from_user(&cpuid_entry, entries + i, sizeof(cpuid_entry))) -+ goto out; -+ vcpu->arch.cpuid_entries[i] = cpuid_entry; -+ } - vcpu->arch.cpuid_nent = cpuid->nent; - kvm_apic_set_version(vcpu); - kvm_x86_ops->cpuid_update(vcpu); -@@ -2363,15 +2371,19 @@ static int kvm_vcpu_ioctl_get_cpuid2(struct kvm_vcpu *vcpu, - struct kvm_cpuid2 *cpuid, - struct kvm_cpuid_entry2 __user *entries) - { -- int r; -+ int r, i; - - r = -E2BIG; - if (cpuid->nent < vcpu->arch.cpuid_nent) - goto out; - r = -EFAULT; -- if (copy_to_user(entries, &vcpu->arch.cpuid_entries, -- vcpu->arch.cpuid_nent * sizeof(struct kvm_cpuid_entry2))) -+ if (!access_ok(VERIFY_WRITE, entries, vcpu->arch.cpuid_nent * sizeof(struct kvm_cpuid_entry2))) - goto out; -+ for (i = 0; i < vcpu->arch.cpuid_nent; ++i) { -+ struct kvm_cpuid_entry2 cpuid_entry = vcpu->arch.cpuid_entries[i]; -+ if (__copy_to_user(entries + i, &cpuid_entry, sizeof(cpuid_entry))) -+ goto out; -+ } - return 0; - - out: -@@ -2746,7 +2758,7 @@ static int kvm_vcpu_ioctl_set_lapic(struct kvm_vcpu *vcpu, +@@ -2266,7 +2270,7 @@ static int kvm_vcpu_ioctl_set_lapic(struct kvm_vcpu *vcpu, static int kvm_vcpu_ioctl_interrupt(struct kvm_vcpu *vcpu, struct kvm_interrupt *irq) { @@ -20256,7 +20893,7 @@ index 4c938da..6cd8090 100644 return -EINVAL; if (irqchip_in_kernel(vcpu->kvm)) return -ENXIO; -@@ -3949,6 +3961,9 @@ gpa_t kvm_mmu_gva_to_gpa_system(struct kvm_vcpu *vcpu, gva_t gva, +@@ -3499,6 +3503,9 @@ gpa_t kvm_mmu_gva_to_gpa_system(struct kvm_vcpu *vcpu, gva_t gva, static int kvm_read_guest_virt_helper(gva_t addr, void *val, unsigned int bytes, struct kvm_vcpu *vcpu, u32 access, @@ -20266,7 +20903,7 @@ index 4c938da..6cd8090 100644 struct x86_exception *exception) { void *data = val; -@@ -3980,6 +3995,9 @@ out: +@@ -3530,6 +3537,9 @@ out: /* used for instruction fetching */ static int kvm_fetch_guest_virt(struct x86_emulate_ctxt *ctxt, gva_t addr, void *val, unsigned int bytes, @@ -20276,7 +20913,7 @@ index 4c938da..6cd8090 100644 struct x86_exception *exception) { struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt); -@@ -4004,6 +4022,9 @@ EXPORT_SYMBOL_GPL(kvm_read_guest_virt); +@@ -3554,6 +3564,9 @@ EXPORT_SYMBOL_GPL(kvm_read_guest_virt); static int kvm_read_guest_virt_system(struct x86_emulate_ctxt *ctxt, gva_t addr, void *val, unsigned int bytes, @@ -20286,7 +20923,7 @@ index 4c938da..6cd8090 100644 struct x86_exception *exception) { struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt); -@@ -4117,12 +4138,16 @@ static int read_prepare(struct kvm_vcpu *vcpu, void *val, int bytes) +@@ -3667,12 +3680,16 @@ static int read_prepare(struct kvm_vcpu *vcpu, void *val, int bytes) } static int read_emulate(struct kvm_vcpu *vcpu, gpa_t gpa, @@ -20303,7 +20940,7 @@ index 4c938da..6cd8090 100644 void *val, int bytes) { return emulator_write_phys(vcpu, gpa, val, bytes); -@@ -4273,6 +4298,12 @@ static int emulator_cmpxchg_emulated(struct x86_emulate_ctxt *ctxt, +@@ -3823,6 +3840,12 @@ static int emulator_cmpxchg_emulated(struct x86_emulate_ctxt *ctxt, const void *old, const void *new, unsigned int bytes, @@ -20316,7 +20953,7 @@ index 4c938da..6cd8090 100644 struct x86_exception *exception) { struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt); -@@ -5162,7 +5193,7 @@ static void kvm_set_mmio_spte_mask(void) +@@ -4782,7 +4805,7 @@ static void kvm_set_mmio_spte_mask(void) kvm_mmu_set_mmio_spte_mask(mask); } @@ -20326,10 +20963,10 @@ index 4c938da..6cd8090 100644 int r; struct kvm_x86_ops *ops = (struct kvm_x86_ops *)opaque; diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h -index d36fe23..a4b189f 100644 +index cb80c29..aeee86c 100644 --- a/arch/x86/kvm/x86.h +++ b/arch/x86/kvm/x86.h -@@ -119,10 +119,10 @@ void kvm_write_tsc(struct kvm_vcpu *vcpu, u64 data); +@@ -116,11 +116,11 @@ void kvm_write_tsc(struct kvm_vcpu *vcpu, u64 data); int kvm_read_guest_virt(struct x86_emulate_ctxt *ctxt, gva_t addr, void *val, unsigned int bytes, @@ -20341,12 +20978,13 @@ index d36fe23..a4b189f 100644 - struct x86_exception *exception); + struct x86_exception *exception) __size_overflow(2,4); - #endif + extern u64 host_xcr0; + diff --git a/arch/x86/lguest/boot.c b/arch/x86/lguest/boot.c -index cf4603b..7cdde38 100644 +index 642d880..44e0f3f 100644 --- a/arch/x86/lguest/boot.c +++ b/arch/x86/lguest/boot.c -@@ -1195,9 +1195,10 @@ static __init int early_put_chars(u32 vtermno, const char *buf, int count) +@@ -1200,9 +1200,10 @@ static __init int early_put_chars(u32 vtermno, const char *buf, int count) * Rebooting also tells the Host we're finished, but the RESTART flag tells the * Launcher to reboot us. */ @@ -20700,7 +21338,7 @@ index e8e7e0d..56fd1b0 100644 movl %eax, (v) movl %edx, 4(v) diff --git a/arch/x86/lib/atomic64_cx8_32.S b/arch/x86/lib/atomic64_cx8_32.S -index 391a083..d658e9f 100644 +index 391a083..3a2cf39 100644 --- a/arch/x86/lib/atomic64_cx8_32.S +++ b/arch/x86/lib/atomic64_cx8_32.S @@ -35,10 +35,20 @@ ENTRY(atomic64_read_cx8) @@ -20811,7 +21449,7 @@ index 391a083..d658e9f 100644 -.macro incdec_return func ins insc -ENTRY(atomic64_\func\()_return_cx8) -+.macro incdec_return func ins insc unchecked ++.macro incdec_return func ins insc unchecked="" +ENTRY(atomic64_\func\()_return\unchecked\()_cx8) CFI_STARTPROC SAVE ebx @@ -21661,7 +22299,7 @@ index 51f1504..ddac4c1 100644 CFI_ENDPROC END(bad_get_user) diff --git a/arch/x86/lib/insn.c b/arch/x86/lib/insn.c -index 374562e..a75830b 100644 +index 5a1f9f3..ba9f577 100644 --- a/arch/x86/lib/insn.c +++ b/arch/x86/lib/insn.c @@ -21,6 +21,11 @@ @@ -23330,7 +23968,7 @@ index b7c2849..8633ad8 100644 char c; unsigned zero_len; diff --git a/arch/x86/mm/extable.c b/arch/x86/mm/extable.c -index d0474ad..36e9257 100644 +index 1fb85db..8b3540b 100644 --- a/arch/x86/mm/extable.c +++ b/arch/x86/mm/extable.c @@ -8,7 +8,7 @@ int fixup_exception(struct pt_regs *regs) @@ -23343,7 +23981,7 @@ index d0474ad..36e9257 100644 extern u32 pnp_bios_is_utter_crap; pnp_bios_is_utter_crap = 1; diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c -index 5db0490..2ddce45 100644 +index f0b4caf..d92fd42 100644 --- a/arch/x86/mm/fault.c +++ b/arch/x86/mm/fault.c @@ -13,11 +13,18 @@ @@ -23545,7 +24183,7 @@ index 5db0490..2ddce45 100644 printk(KERN_ALERT "BUG: unable to handle kernel "); if (address < PAGE_SIZE) printk(KERN_CONT "NULL pointer dereference"); -@@ -739,6 +820,21 @@ __bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code, +@@ -748,6 +829,21 @@ __bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code, } #endif @@ -23567,7 +24205,7 @@ index 5db0490..2ddce45 100644 if (unlikely(show_unhandled_signals)) show_signal_msg(regs, error_code, address, tsk); -@@ -835,7 +931,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address, +@@ -844,7 +940,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address, if (fault & (VM_FAULT_HWPOISON|VM_FAULT_HWPOISON_LARGE)) { printk(KERN_ERR "MCE: Killing %s:%d due to hardware memory corruption fault at %lx\n", @@ -23576,7 +24214,7 @@ index 5db0490..2ddce45 100644 code = BUS_MCEERR_AR; } #endif -@@ -890,6 +986,99 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte) +@@ -900,6 +996,99 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte) return 1; } @@ -23676,7 +24314,7 @@ index 5db0490..2ddce45 100644 /* * Handle a spurious fault caused by a stale TLB entry. * -@@ -962,6 +1151,9 @@ int show_unhandled_signals = 1; +@@ -972,6 +1161,9 @@ int show_unhandled_signals = 1; static inline int access_error(unsigned long error_code, struct vm_area_struct *vma) { @@ -23686,7 +24324,7 @@ index 5db0490..2ddce45 100644 if (error_code & PF_WRITE) { /* write, present and write, not present: */ if (unlikely(!(vma->vm_flags & VM_WRITE))) -@@ -995,18 +1187,32 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code) +@@ -1005,18 +1197,32 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code) { struct vm_area_struct *vma; struct task_struct *tsk; @@ -23724,7 +24362,7 @@ index 5db0490..2ddce45 100644 /* * Detect and handle instructions that would cause a page fault for -@@ -1067,7 +1273,7 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code) +@@ -1077,7 +1283,7 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code) * User-mode registers count as a user access even for any * potential system fault or CPU buglet: */ @@ -23733,7 +24371,7 @@ index 5db0490..2ddce45 100644 local_irq_enable(); error_code |= PF_USER; } else { -@@ -1122,6 +1328,11 @@ retry: +@@ -1132,6 +1338,11 @@ retry: might_sleep(); } @@ -23745,7 +24383,7 @@ index 5db0490..2ddce45 100644 vma = find_vma(mm, address); if (unlikely(!vma)) { bad_area(regs, error_code, address); -@@ -1133,18 +1344,24 @@ retry: +@@ -1143,18 +1354,24 @@ retry: bad_area(regs, error_code, address); return; } @@ -23781,7 +24419,7 @@ index 5db0490..2ddce45 100644 if (unlikely(expand_stack(vma, address))) { bad_area(regs, error_code, address); return; -@@ -1199,3 +1416,292 @@ good_area: +@@ -1209,3 +1426,292 @@ good_area: up_read(&mm->mmap_sem); } @@ -24104,7 +24742,7 @@ index f4f29b1..5cac4fb 100644 return (void *)vaddr; diff --git a/arch/x86/mm/hugetlbpage.c b/arch/x86/mm/hugetlbpage.c -index f581a18..29efd37 100644 +index 8ecbb4b..a269cab 100644 --- a/arch/x86/mm/hugetlbpage.c +++ b/arch/x86/mm/hugetlbpage.c @@ -266,13 +266,20 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *file, @@ -24180,7 +24818,7 @@ index f581a18..29efd37 100644 /* don't allow allocations above current base */ if (mm->free_area_cache > base) -@@ -321,64 +328,63 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file, +@@ -321,14 +328,15 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file, largest_hole = 0; mm->free_area_cache = base; } @@ -24195,18 +24833,14 @@ index f581a18..29efd37 100644 + addr = (mm->free_area_cache - len); do { + addr &= huge_page_mask(h); -+ vma = find_vma(mm, addr); /* * Lookup failure means no vma is above this address, * i.e. return with success: -- */ -- if (!(vma = find_vma_prev(mm, addr, &prev_vma))) -- return addr; -- -- /* +@@ -341,46 +349,47 @@ try_again: * new region fits between prev_vma->vm_end and * vma->vm_start, use it: */ +- prev_vma = vma->vm_prev; - if (addr + len <= vma->vm_start && - (!prev_vma || (addr >= prev_vma->vm_end))) { + if (check_heap_stack_gap(vma, addr, len)) { @@ -24275,7 +24909,7 @@ index f581a18..29efd37 100644 mm->cached_hole_size = ~0UL; addr = hugetlb_get_unmapped_area_bottomup(file, addr0, len, pgoff, flags); -@@ -386,6 +392,7 @@ fail: +@@ -388,6 +397,7 @@ fail: /* * Restore the topdown base: */ @@ -24283,7 +24917,7 @@ index f581a18..29efd37 100644 mm->free_area_cache = base; mm->cached_hole_size = ~0UL; -@@ -399,10 +406,19 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, +@@ -401,10 +411,19 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, struct hstate *h = hstate_file(file); struct mm_struct *mm = current->mm; struct vm_area_struct *vma; @@ -24304,7 +24938,7 @@ index f581a18..29efd37 100644 return -ENOMEM; if (flags & MAP_FIXED) { -@@ -414,8 +430,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, +@@ -416,8 +435,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, if (addr) { addr = ALIGN(addr, huge_page_size(h)); vma = find_vma(mm, addr); @@ -24315,18 +24949,18 @@ index f581a18..29efd37 100644 } if (mm->get_unmapped_area == arch_get_unmapped_area) diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c -index 87488b9..399f416 100644 +index 6cabf65..77e9c1c 100644 --- a/arch/x86/mm/init.c +++ b/arch/x86/mm/init.c -@@ -15,6 +15,7 @@ - #include +@@ -17,6 +17,7 @@ #include #include + #include /* for MAX_DMA_PFN */ +#include unsigned long __initdata pgt_buf_start; unsigned long __meminitdata pgt_buf_end; -@@ -31,7 +32,7 @@ int direct_gbpages +@@ -33,7 +34,7 @@ int direct_gbpages static void __init find_early_table_space(unsigned long end, int use_pse, int use_gbpages) { @@ -24335,7 +24969,7 @@ index 87488b9..399f416 100644 phys_addr_t base; puds = (end + PUD_SIZE - 1) >> PUD_SHIFT; -@@ -312,8 +313,29 @@ unsigned long __init_refok init_memory_mapping(unsigned long start, +@@ -314,8 +315,29 @@ unsigned long __init_refok init_memory_mapping(unsigned long start, */ int devmem_is_allowed(unsigned long pagenr) { @@ -24366,7 +25000,7 @@ index 87488b9..399f416 100644 if (iomem_is_exclusive(pagenr << PAGE_SHIFT)) return 0; if (!page_is_ram(pagenr)) -@@ -372,6 +394,86 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end) +@@ -374,6 +396,86 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end) void free_initmem(void) { @@ -24454,7 +25088,7 @@ index 87488b9..399f416 100644 (unsigned long)(&__init_begin), (unsigned long)(&__init_end)); diff --git a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c -index 29f7c6d..b46b35b 100644 +index 8663f6c..829ae76 100644 --- a/arch/x86/mm/init_32.c +++ b/arch/x86/mm/init_32.c @@ -74,36 +74,6 @@ static __init void *alloc_low_page(void) @@ -24647,7 +25281,7 @@ index 29f7c6d..b46b35b 100644 prot = PAGE_KERNEL_EXEC; pages_4k++; -@@ -472,7 +473,7 @@ void __init native_pagetable_setup_start(pgd_t *base) +@@ -466,7 +467,7 @@ void __init native_pagetable_setup_start(pgd_t *base) pud = pud_offset(pgd, va); pmd = pmd_offset(pud, va); @@ -24656,7 +25290,7 @@ index 29f7c6d..b46b35b 100644 break; pte = pte_offset_kernel(pmd, va); -@@ -524,12 +525,10 @@ void __init early_ioremap_page_table_range_init(void) +@@ -518,12 +519,10 @@ void __init early_ioremap_page_table_range_init(void) static void __init pagetable_init(void) { @@ -24671,7 +25305,7 @@ index 29f7c6d..b46b35b 100644 EXPORT_SYMBOL_GPL(__supported_pte_mask); /* user-defined highmem size */ -@@ -757,6 +756,12 @@ void __init mem_init(void) +@@ -735,6 +734,12 @@ void __init mem_init(void) pci_iommu_alloc(); @@ -24684,8 +25318,8 @@ index 29f7c6d..b46b35b 100644 #ifdef CONFIG_FLATMEM BUG_ON(!mem_map); #endif -@@ -774,7 +779,7 @@ void __init mem_init(void) - set_highmem_pages_init(); +@@ -761,7 +766,7 @@ void __init mem_init(void) + reservedpages++; codesize = (unsigned long) &_etext - (unsigned long) &_text; - datasize = (unsigned long) &_edata - (unsigned long) &_etext; @@ -24693,7 +25327,7 @@ index 29f7c6d..b46b35b 100644 initsize = (unsigned long) &__init_end - (unsigned long) &__init_begin; printk(KERN_INFO "Memory: %luk/%luk available (%dk kernel code, " -@@ -815,10 +820,10 @@ void __init mem_init(void) +@@ -802,10 +807,10 @@ void __init mem_init(void) ((unsigned long)&__init_end - (unsigned long)&__init_begin) >> 10, @@ -24707,7 +25341,7 @@ index 29f7c6d..b46b35b 100644 ((unsigned long)&_etext - (unsigned long)&_text) >> 10); /* -@@ -896,6 +901,7 @@ void set_kernel_text_rw(void) +@@ -883,6 +888,7 @@ void set_kernel_text_rw(void) if (!kernel_set_to_readonly) return; @@ -24715,7 +25349,7 @@ index 29f7c6d..b46b35b 100644 pr_debug("Set kernel text: %lx - %lx for read write\n", start, start+size); -@@ -910,6 +916,7 @@ void set_kernel_text_ro(void) +@@ -897,6 +903,7 @@ void set_kernel_text_ro(void) if (!kernel_set_to_readonly) return; @@ -24723,7 +25357,7 @@ index 29f7c6d..b46b35b 100644 pr_debug("Set kernel text: %lx - %lx for read only\n", start, start+size); -@@ -938,6 +945,7 @@ void mark_rodata_ro(void) +@@ -925,6 +932,7 @@ void mark_rodata_ro(void) unsigned long start = PFN_ALIGN(_text); unsigned long size = PFN_ALIGN(_etext) - start; @@ -24732,7 +25366,7 @@ index 29f7c6d..b46b35b 100644 printk(KERN_INFO "Write protecting the kernel text: %luk\n", size >> 10); diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c -index bbaaa00..796fa65 100644 +index 436a030..4f97ffc 100644 --- a/arch/x86/mm/init_64.c +++ b/arch/x86/mm/init_64.c @@ -75,7 +75,7 @@ early_param("gbpages", parse_direct_gbpages_on); @@ -24786,6 +25420,24 @@ index bbaaa00..796fa65 100644 } spin_unlock(&pgd_lock); } +@@ -162,7 +176,7 @@ static pud_t *fill_pud(pgd_t *pgd, unsigned long vaddr) + { + if (pgd_none(*pgd)) { + pud_t *pud = (pud_t *)spp_getpage(); +- pgd_populate(&init_mm, pgd, pud); ++ pgd_populate_kernel(&init_mm, pgd, pud); + if (pud != pud_offset(pgd, 0)) + printk(KERN_ERR "PAGETABLE BUG #00! %p <-> %p\n", + pud, pud_offset(pgd, 0)); +@@ -174,7 +188,7 @@ static pmd_t *fill_pmd(pud_t *pud, unsigned long vaddr) + { + if (pud_none(*pud)) { + pmd_t *pmd = (pmd_t *) spp_getpage(); +- pud_populate(&init_mm, pud, pmd); ++ pud_populate_kernel(&init_mm, pud, pmd); + if (pmd != pmd_offset(pud, 0)) + printk(KERN_ERR "PAGETABLE BUG #01! %p <-> %p\n", + pmd, pmd_offset(pud, 0)); @@ -203,7 +217,9 @@ void set_pte_vaddr_pud(pud_t *pud_page, unsigned long vaddr, pte_t new_pte) pmd = fill_pmd(pud, vaddr); pte = fill_pte(pmd, vaddr); @@ -24831,7 +25483,25 @@ index bbaaa00..796fa65 100644 adr = (void *)(((unsigned long)adr) | left); return adr; -@@ -693,6 +707,12 @@ void __init mem_init(void) +@@ -546,7 +560,7 @@ phys_pud_init(pud_t *pud_page, unsigned long addr, unsigned long end, + unmap_low_page(pmd); + + spin_lock(&init_mm.page_table_lock); +- pud_populate(&init_mm, pud, __va(pmd_phys)); ++ pud_populate_kernel(&init_mm, pud, __va(pmd_phys)); + spin_unlock(&init_mm.page_table_lock); + } + __flush_tlb_all(); +@@ -592,7 +606,7 @@ kernel_physical_mapping_init(unsigned long start, + unmap_low_page(pud); + + spin_lock(&init_mm.page_table_lock); +- pgd_populate(&init_mm, pgd, __va(pud_phys)); ++ pgd_populate_kernel(&init_mm, pgd, __va(pud_phys)); + spin_unlock(&init_mm.page_table_lock); + pgd_changed = true; + } +@@ -684,6 +698,12 @@ void __init mem_init(void) pci_iommu_alloc(); @@ -24844,7 +25514,7 @@ index bbaaa00..796fa65 100644 /* clear_bss() already clear the empty_zero_page */ reservedpages = 0; -@@ -853,8 +873,8 @@ int kern_addr_valid(unsigned long addr) +@@ -844,8 +864,8 @@ int kern_addr_valid(unsigned long addr) static struct vm_area_struct gate_vma = { .vm_start = VSYSCALL_START, .vm_end = VSYSCALL_START + (VSYSCALL_MAPPED_PAGES * PAGE_SIZE), @@ -24855,7 +25525,7 @@ index bbaaa00..796fa65 100644 }; struct vm_area_struct *get_gate_vma(struct mm_struct *mm) -@@ -888,7 +908,7 @@ int in_gate_area_no_mm(unsigned long addr) +@@ -879,7 +899,7 @@ int in_gate_area_no_mm(unsigned long addr) const char *arch_vma_name(struct vm_area_struct *vma) { @@ -25024,7 +25694,7 @@ index 845df68..1d8d29f 100644 mm->unmap_area = arch_unmap_area_topdown; } diff --git a/arch/x86/mm/mmio-mod.c b/arch/x86/mm/mmio-mod.c -index de54b9b..799051e 100644 +index dc0b727..dc9d71a 100644 --- a/arch/x86/mm/mmio-mod.c +++ b/arch/x86/mm/mmio-mod.c @@ -194,7 +194,7 @@ static void pre(struct kmmio_probe *p, struct pt_regs *regs, @@ -25068,7 +25738,7 @@ index b008656..773eac2 100644 struct split_state { diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c -index f9e5267..77b1a40 100644 +index e1ebde3..b1e1db38 100644 --- a/arch/x86/mm/pageattr.c +++ b/arch/x86/mm/pageattr.c @@ -261,7 +261,7 @@ static inline pgprot_t static_protections(pgprot_t prot, unsigned long address, @@ -25256,10 +25926,10 @@ index 9f0614d..92ae64a 100644 p += get_opcode(p, &opcode); for (i = 0; i < ARRAY_SIZE(imm_wop); i++) diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c -index 8573b83..c3b1a30 100644 +index 8573b83..7d9628f 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c -@@ -84,10 +84,52 @@ static inline void pgd_list_del(pgd_t *pgd) +@@ -84,10 +84,60 @@ static inline void pgd_list_del(pgd_t *pgd) list_del(&page->lru); } @@ -25278,14 +25948,22 @@ index 8573b83..c3b1a30 100644 +#ifdef CONFIG_PAX_PER_CPU_PGD +void __clone_user_pgds(pgd_t *dst, const pgd_t *src, int count) +{ -+ while (count--) ++ while (count--) { ++ pgd_t pgd; + -+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) -+ *dst++ = __pgd(pgd_val(*src++) & clone_pgd_mask); ++#ifdef CONFIG_X86_64 ++ pgd = __pgd(pgd_val(*src++) | _PAGE_USER); +#else -+ *dst++ = *src++; ++ pgd = *src++; ++#endif ++ ++#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) ++ pgd = __pgd(pgd_val(pgd) & clone_pgd_mask); +#endif + ++ *dst++ = pgd; ++ } ++ +} +#endif + @@ -25314,7 +25992,7 @@ index 8573b83..c3b1a30 100644 static void pgd_set_mm(pgd_t *pgd, struct mm_struct *mm) { BUILD_BUG_ON(sizeof(virt_to_page(pgd)->index) < sizeof(mm)); -@@ -128,6 +170,7 @@ static void pgd_dtor(pgd_t *pgd) +@@ -128,6 +178,7 @@ static void pgd_dtor(pgd_t *pgd) pgd_list_del(pgd); spin_unlock(&pgd_lock); } @@ -25322,7 +26000,7 @@ index 8573b83..c3b1a30 100644 /* * List of all pgd's needed for non-PAE so it can invalidate entries -@@ -140,7 +183,7 @@ static void pgd_dtor(pgd_t *pgd) +@@ -140,7 +191,7 @@ static void pgd_dtor(pgd_t *pgd) * -- wli */ @@ -25331,7 +26009,7 @@ index 8573b83..c3b1a30 100644 /* * In PAE mode, we need to do a cr3 reload (=tlb flush) when * updating the top-level pagetable entries to guarantee the -@@ -152,7 +195,7 @@ static void pgd_dtor(pgd_t *pgd) +@@ -152,7 +203,7 @@ static void pgd_dtor(pgd_t *pgd) * not shared between pagetables (!SHARED_KERNEL_PMDS), we allocate * and initialize the kernel pmds here. */ @@ -25340,7 +26018,7 @@ index 8573b83..c3b1a30 100644 void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd) { -@@ -170,36 +213,38 @@ void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd) +@@ -170,36 +221,38 @@ void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd) */ flush_tlb_mm(mm); } @@ -25390,7 +26068,7 @@ index 8573b83..c3b1a30 100644 return -ENOMEM; } -@@ -212,51 +257,55 @@ static int preallocate_pmds(pmd_t *pmds[]) +@@ -212,51 +265,55 @@ static int preallocate_pmds(pmd_t *pmds[]) * preallocate which never got a corresponding vma will need to be * freed manually. */ @@ -25463,7 +26141,7 @@ index 8573b83..c3b1a30 100644 pgd = (pgd_t *)__get_free_page(PGALLOC_GFP); -@@ -265,11 +314,11 @@ pgd_t *pgd_alloc(struct mm_struct *mm) +@@ -265,11 +322,11 @@ pgd_t *pgd_alloc(struct mm_struct *mm) mm->pgd = pgd; @@ -25477,7 +26155,7 @@ index 8573b83..c3b1a30 100644 /* * Make sure that pre-populating the pmds is atomic with -@@ -279,14 +328,14 @@ pgd_t *pgd_alloc(struct mm_struct *mm) +@@ -279,14 +336,14 @@ pgd_t *pgd_alloc(struct mm_struct *mm) spin_lock(&pgd_lock); pgd_ctor(mm, pgd); @@ -25495,7 +26173,7 @@ index 8573b83..c3b1a30 100644 out_free_pgd: free_page((unsigned long)pgd); out: -@@ -295,7 +344,7 @@ out: +@@ -295,7 +352,7 @@ out: void pgd_free(struct mm_struct *mm, pgd_t *pgd) { @@ -25653,7 +26331,7 @@ index 6687022..ceabcfa 100644 + pax_force_retaddr ret diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c -index 7c1b765..8c072c6 100644 +index 5a5b6e4..201d42e 100644 --- a/arch/x86/net/bpf_jit_comp.c +++ b/arch/x86/net/bpf_jit_comp.c @@ -117,6 +117,10 @@ static inline void bpf_flush_icache(void *start, void *end) @@ -25678,16 +26356,25 @@ index 7c1b765..8c072c6 100644 /* Before first pass, make a rough estimation of addrs[] * each bpf instruction is translated to less than 64 bytes */ -@@ -476,7 +484,7 @@ void bpf_jit_compile(struct sk_filter *fp) - func = sk_load_word; +@@ -477,7 +485,7 @@ void bpf_jit_compile(struct sk_filter *fp) common_load: seen |= SEEN_DATAREF; - if ((int)K < 0) + if ((int)K < 0) { + /* Abort the JIT because __load_pointer() is needed. */ - goto out; + goto error; + } t_offset = func - (image + addrs[i]); EMIT1_off32(0xbe, K); /* mov imm32,%esi */ - EMIT1_off32(0xe8, t_offset); /* call */ -@@ -586,17 +594,18 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; +@@ -492,7 +500,7 @@ common_load: seen |= SEEN_DATAREF; + case BPF_S_LDX_B_MSH: + if ((int)K < 0) { + /* Abort the JIT because __load_pointer() is needed. */ +- goto out; ++ goto error; + } + seen |= SEEN_DATAREF | SEEN_XREG; + t_offset = sk_load_byte_msh - (image + addrs[i]); +@@ -582,17 +590,18 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; break; default: /* hmm, too complex filter, give up with jit compiler */ @@ -25710,7 +26397,7 @@ index 7c1b765..8c072c6 100644 } proglen += ilen; addrs[i] = proglen; -@@ -617,11 +626,9 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; +@@ -613,11 +622,9 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; break; } if (proglen == oldproglen) { @@ -25724,7 +26411,7 @@ index 7c1b765..8c072c6 100644 } oldproglen = proglen; } -@@ -637,7 +644,10 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; +@@ -633,7 +640,10 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; bpf_flush_icache(image, image + proglen); fp->bpf_func = (void *)image; @@ -25736,7 +26423,7 @@ index 7c1b765..8c072c6 100644 out: kfree(addrs); return; -@@ -645,18 +655,20 @@ out: +@@ -641,18 +651,20 @@ out: static void jit_free_defer(struct work_struct *arg) { @@ -25812,7 +26499,7 @@ index cb29191..036766d 100644 return 1; } diff --git a/arch/x86/pci/pcbios.c b/arch/x86/pci/pcbios.c -index db0e9a5..0372c14 100644 +index da8fe05..7ee6704 100644 --- a/arch/x86/pci/pcbios.c +++ b/arch/x86/pci/pcbios.c @@ -79,50 +79,93 @@ union bios32 { @@ -26341,7 +27028,7 @@ index 4c07cca..2c8427d 100644 ret ENDPROC(efi_call6) diff --git a/arch/x86/platform/mrst/mrst.c b/arch/x86/platform/mrst/mrst.c -index ad4ec1c..686479e 100644 +index 475e2cd..1b8e708 100644 --- a/arch/x86/platform/mrst/mrst.c +++ b/arch/x86/platform/mrst/mrst.c @@ -76,18 +76,20 @@ struct sfi_rtc_table_entry sfi_mrtc_array[SFI_MRTC_MAX]; @@ -26368,10 +27055,10 @@ index ad4ec1c..686479e 100644 /* parse all the mtimer info to a static mtimer array */ diff --git a/arch/x86/platform/uv/tlb_uv.c b/arch/x86/platform/uv/tlb_uv.c -index 81aee5a..9ad9aae 100644 +index 3ae0e61..4202d86 100644 --- a/arch/x86/platform/uv/tlb_uv.c +++ b/arch/x86/platform/uv/tlb_uv.c -@@ -1433,6 +1433,8 @@ static ssize_t tunables_read(struct file *file, char __user *userbuf, +@@ -1424,6 +1424,8 @@ static ssize_t tunables_read(struct file *file, char __user *userbuf, * 0: display meaning of the statistics */ static ssize_t ptc_proc_write(struct file *file, const char __user *user, @@ -26380,7 +27067,7 @@ index 81aee5a..9ad9aae 100644 size_t count, loff_t *data) { int cpu; -@@ -1548,6 +1550,8 @@ static int parse_tunables_write(struct bau_control *bcp, char *instr, +@@ -1539,6 +1541,8 @@ static int parse_tunables_write(struct bau_control *bcp, char *instr, * Handle a write to debugfs. (/sys/kernel/debug/sgi_uv/bau_tunables) */ static ssize_t tunables_write(struct file *file, const char __user *user, @@ -26585,10 +27272,10 @@ index 153407c..611cba9 100644 -} -__setup("vdso=", vdso_setup); diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c -index 1f92865..c843b20 100644 +index 4e517d4..68a48f5 100644 --- a/arch/x86/xen/enlighten.c +++ b/arch/x86/xen/enlighten.c -@@ -85,8 +85,6 @@ EXPORT_SYMBOL_GPL(xen_start_info); +@@ -86,8 +86,6 @@ EXPORT_SYMBOL_GPL(xen_start_info); struct shared_info xen_dummy_shared_info; @@ -26597,7 +27284,7 @@ index 1f92865..c843b20 100644 RESERVE_BRK(shared_info_page_brk, PAGE_SIZE); __read_mostly int xen_have_vector_callback; EXPORT_SYMBOL_GPL(xen_have_vector_callback); -@@ -1029,7 +1027,7 @@ static const struct pv_apic_ops xen_apic_ops __initconst = { +@@ -1030,30 +1028,30 @@ static const struct pv_apic_ops xen_apic_ops __initconst = { #endif }; @@ -26606,8 +27293,10 @@ index 1f92865..c843b20 100644 { struct sched_shutdown r = { .reason = reason }; -@@ -1037,17 +1035,17 @@ static void xen_reboot(int reason) - BUG(); +- if (HYPERVISOR_sched_op(SCHEDOP_shutdown, &r)) +- BUG(); ++ HYPERVISOR_sched_op(SCHEDOP_shutdown, &r); ++ BUG(); } -static void xen_restart(char *msg) @@ -26627,7 +27316,13 @@ index 1f92865..c843b20 100644 { xen_reboot(SHUTDOWN_poweroff); } -@@ -1153,7 +1151,17 @@ asmlinkage void __init xen_start_kernel(void) + +-static void xen_machine_power_off(void) ++static __noreturn void xen_machine_power_off(void) + { + if (pm_power_off) + pm_power_off(); +@@ -1156,7 +1154,17 @@ asmlinkage void __init xen_start_kernel(void) __userpte_alloc_gfp &= ~__GFP_HIGHMEM; /* Work out if we support NX */ @@ -26646,7 +27341,7 @@ index 1f92865..c843b20 100644 xen_setup_features(); -@@ -1184,13 +1192,6 @@ asmlinkage void __init xen_start_kernel(void) +@@ -1187,13 +1195,6 @@ asmlinkage void __init xen_start_kernel(void) machine_ops = xen_machine_ops; @@ -26661,10 +27356,10 @@ index 1f92865..c843b20 100644 #ifdef CONFIG_ACPI_NUMA diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c -index 87f6673..e2555a6 100644 +index dc19347..1b07a2c 100644 --- a/arch/x86/xen/mmu.c +++ b/arch/x86/xen/mmu.c -@@ -1733,6 +1733,9 @@ pgd_t * __init xen_setup_kernel_pagetable(pgd_t *pgd, +@@ -1738,6 +1738,9 @@ pgd_t * __init xen_setup_kernel_pagetable(pgd_t *pgd, convert_pfn_mfn(init_level4_pgt); convert_pfn_mfn(level3_ident_pgt); convert_pfn_mfn(level3_kernel_pgt); @@ -26674,7 +27369,7 @@ index 87f6673..e2555a6 100644 l3 = m2v(pgd[pgd_index(__START_KERNEL_map)].pgd); l2 = m2v(l3[pud_index(__START_KERNEL_map)].pud); -@@ -1751,7 +1754,11 @@ pgd_t * __init xen_setup_kernel_pagetable(pgd_t *pgd, +@@ -1756,7 +1759,11 @@ pgd_t * __init xen_setup_kernel_pagetable(pgd_t *pgd, set_page_prot(init_level4_pgt, PAGE_KERNEL_RO); set_page_prot(level3_ident_pgt, PAGE_KERNEL_RO); set_page_prot(level3_kernel_pgt, PAGE_KERNEL_RO); @@ -26686,7 +27381,7 @@ index 87f6673..e2555a6 100644 set_page_prot(level2_kernel_pgt, PAGE_KERNEL_RO); set_page_prot(level2_fixmap_pgt, PAGE_KERNEL_RO); -@@ -1962,6 +1969,7 @@ static void __init xen_post_allocator_init(void) +@@ -1963,6 +1970,7 @@ static void __init xen_post_allocator_init(void) pv_mmu_ops.set_pud = xen_set_pud; #if PAGETABLE_LEVELS == 4 pv_mmu_ops.set_pgd = xen_set_pgd; @@ -26694,7 +27389,7 @@ index 87f6673..e2555a6 100644 #endif /* This will work as long as patching hasn't happened yet -@@ -2043,6 +2051,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = { +@@ -2044,6 +2052,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = { .pud_val = PV_CALLEE_SAVE(xen_pud_val), .make_pud = PV_CALLEE_SAVE(xen_make_pud), .set_pgd = xen_set_pgd_hyper, @@ -26703,10 +27398,10 @@ index 87f6673..e2555a6 100644 .alloc_pud = xen_alloc_pmd_init, .release_pud = xen_release_pmd_init, diff --git a/arch/x86/xen/smp.c b/arch/x86/xen/smp.c -index 041d4fe..7666b7e 100644 +index f2ce60a..14e08dc 100644 --- a/arch/x86/xen/smp.c +++ b/arch/x86/xen/smp.c -@@ -194,11 +194,6 @@ static void __init xen_smp_prepare_boot_cpu(void) +@@ -209,11 +209,6 @@ static void __init xen_smp_prepare_boot_cpu(void) { BUG_ON(smp_processor_id() != 0); native_smp_prepare_boot_cpu(); @@ -26718,7 +27413,7 @@ index 041d4fe..7666b7e 100644 xen_filter_cpu_maps(); xen_setup_vcpu_info_placement(); } -@@ -275,12 +270,12 @@ cpu_initialize_context(unsigned int cpu, struct task_struct *idle) +@@ -290,12 +285,12 @@ cpu_initialize_context(unsigned int cpu, struct task_struct *idle) gdt = get_cpu_gdt_table(cpu); ctxt->flags = VGCF_IN_KERNEL; @@ -26734,7 +27429,7 @@ index 041d4fe..7666b7e 100644 #else ctxt->gs_base_kernel = per_cpu_offset(cpu); #endif -@@ -331,13 +326,12 @@ static int __cpuinit xen_cpu_up(unsigned int cpu) +@@ -346,13 +341,12 @@ static int __cpuinit xen_cpu_up(unsigned int cpu) int rc; per_cpu(current_task, cpu) = idle; @@ -26911,7 +27606,7 @@ index 1366a89..e17f54b 100644 struct list_head *cpu_list, local_list; diff --git a/block/bsg.c b/block/bsg.c -index c0ab25c..9d49f8f 100644 +index ff64ae3..593560c 100644 --- a/block/bsg.c +++ b/block/bsg.c @@ -176,16 +176,24 @@ static int blk_fill_sgv4_hdr_rq(struct request_queue *q, struct request *rq, @@ -26942,7 +27637,7 @@ index c0ab25c..9d49f8f 100644 if (blk_verify_command(rq->cmd, has_write_perm)) return -EPERM; diff --git a/block/compat_ioctl.c b/block/compat_ioctl.c -index 7b72502..646105c 100644 +index 7c668c8..db3521c 100644 --- a/block/compat_ioctl.c +++ b/block/compat_ioctl.c @@ -340,7 +340,7 @@ static int compat_fd_ioctl(struct block_device *bdev, fmode_t mode, @@ -26954,8 +27649,33 @@ index 7b72502..646105c 100644 if (err) { err = -EFAULT; goto out; +diff --git a/block/partitions/efi.c b/block/partitions/efi.c +index 6296b40..417c00f 100644 +--- a/block/partitions/efi.c ++++ b/block/partitions/efi.c +@@ -234,14 +234,14 @@ static gpt_entry *alloc_read_gpt_entries(struct parsed_partitions *state, + if (!gpt) + return NULL; + ++ if (!le32_to_cpu(gpt->num_partition_entries)) ++ return NULL; ++ pte = kcalloc(le32_to_cpu(gpt->num_partition_entries), le32_to_cpu(gpt->sizeof_partition_entry), GFP_KERNEL); ++ if (!pte) ++ return NULL; ++ + count = le32_to_cpu(gpt->num_partition_entries) * + le32_to_cpu(gpt->sizeof_partition_entry); +- if (!count) +- return NULL; +- pte = kzalloc(count, GFP_KERNEL); +- if (!pte) +- return NULL; +- + if (read_lba(state, le64_to_cpu(gpt->partition_entry_lba), + (u8 *) pte, + count) < count) { diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c -index 688be8a..8a37d98 100644 +index 260fa80..e8f3caf 100644 --- a/block/scsi_ioctl.c +++ b/block/scsi_ioctl.c @@ -223,8 +223,20 @@ EXPORT_SYMBOL(blk_verify_command); @@ -27138,7 +27858,7 @@ index 5d41894..22021e4 100644 EXPORT_SYMBOL_GPL(cper_next_record_id); diff --git a/drivers/acpi/battery.c b/drivers/acpi/battery.c -index 7711d94..8622811 100644 +index 86933ca..5cb1a69 100644 --- a/drivers/acpi/battery.c +++ b/drivers/acpi/battery.c @@ -787,6 +787,9 @@ static int acpi_battery_print_alarm(struct seq_file *seq, int result) @@ -27152,7 +27872,7 @@ index 7711d94..8622811 100644 { int result = 0; diff --git a/drivers/acpi/ec_sys.c b/drivers/acpi/ec_sys.c -index 6c47ae9..abfdd63 100644 +index b258cab..3fb7da7 100644 --- a/drivers/acpi/ec_sys.c +++ b/drivers/acpi/ec_sys.c @@ -12,6 +12,7 @@ @@ -27243,10 +27963,10 @@ index 251c7b62..000462d 100644 bool enable = !device_may_wakeup(&dev->dev); device_set_wakeup_enable(&dev->dev, enable); diff --git a/drivers/acpi/processor_driver.c b/drivers/acpi/processor_driver.c -index 9d7bc9f..a6fc091 100644 +index 8ae05ce..7dbbed9 100644 --- a/drivers/acpi/processor_driver.c +++ b/drivers/acpi/processor_driver.c -@@ -473,7 +473,7 @@ static int __cpuinit acpi_processor_add(struct acpi_device *device) +@@ -555,7 +555,7 @@ static int __cpuinit acpi_processor_add(struct acpi_device *device) return 0; #endif @@ -27270,10 +27990,10 @@ index 6e36d0c..f319944 100644 { struct seq_file *seq = file->private_data; diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c -index c04ad68..0b99473 100644 +index c06e0ec..a2c06ba 100644 --- a/drivers/ata/libata-core.c +++ b/drivers/ata/libata-core.c -@@ -4733,7 +4733,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) +@@ -4736,7 +4736,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) struct ata_port *ap; unsigned int tag; @@ -27282,7 +28002,7 @@ index c04ad68..0b99473 100644 ap = qc->ap; qc->flags = 0; -@@ -4749,7 +4749,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) +@@ -4752,7 +4752,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) struct ata_port *ap; struct ata_link *link; @@ -27291,7 +28011,7 @@ index c04ad68..0b99473 100644 WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE)); ap = qc->ap; link = qc->dev->link; -@@ -5754,6 +5754,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) +@@ -5816,6 +5816,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) return; spin_lock(&lock); @@ -27299,7 +28019,7 @@ index c04ad68..0b99473 100644 for (cur = ops->inherits; cur; cur = cur->inherits) { void **inherit = (void **)cur; -@@ -5767,8 +5768,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) +@@ -5829,8 +5830,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) if (IS_ERR(*pp)) *pp = NULL; @@ -27311,7 +28031,7 @@ index c04ad68..0b99473 100644 } diff --git a/drivers/ata/pata_arasan_cf.c b/drivers/ata/pata_arasan_cf.c -index e8574bb..f9f6a72 100644 +index 048589f..4002b98 100644 --- a/drivers/ata/pata_arasan_cf.c +++ b/drivers/ata/pata_arasan_cf.c @@ -862,7 +862,9 @@ static int __devinit arasan_cf_probe(struct platform_device *pdev) @@ -27587,7 +28307,7 @@ index 361f5ae..7fc552d 100644 fore200e->tx_sat++; DPRINTK(2, "tx queue of device %s is saturated, PDU dropped - heartbeat is %08x\n", diff --git a/drivers/atm/he.c b/drivers/atm/he.c -index 9a51df4..f3bb5f8 100644 +index b182c2f..1c6fa8a 100644 --- a/drivers/atm/he.c +++ b/drivers/atm/he.c @@ -1709,7 +1709,7 @@ he_service_rbrq(struct he_dev *he_dev, int group) @@ -27852,7 +28572,7 @@ index 1c05212..c28e200 100644 } atomic_add(skb->truesize, &sk_atm(vcc)->sk_wmem_alloc); diff --git a/drivers/atm/iphase.c b/drivers/atm/iphase.c -index 3d0c2b0..45441fa 100644 +index 9e373ba..cf93727 100644 --- a/drivers/atm/iphase.c +++ b/drivers/atm/iphase.c @@ -1146,7 +1146,7 @@ static int rx_pkt(struct atm_dev *dev) @@ -27879,8 +28599,8 @@ index 3d0c2b0..45441fa 100644 { - atomic_inc(&vcc->stats->rx_err); + atomic_inc_unchecked(&vcc->stats->rx_err); + atm_return(vcc, skb->truesize); dev_kfree_skb_any(skb); - atm_return(vcc, atm_guess_pdu2truesize(len)); goto INCR_DLE; @@ -1331,7 +1331,7 @@ static void rx_dle_intr(struct atm_dev *dev) if ((length > iadev->rx_buf_sz) || (length > @@ -27890,7 +28610,7 @@ index 3d0c2b0..45441fa 100644 + atomic_inc_unchecked(&vcc->stats->rx_err); IF_ERR(printk("rx_dle_intr: Bad AAL5 trailer %d (skb len %d)", length, skb->len);) - dev_kfree_skb_any(skb); + atm_return(vcc, skb->truesize); @@ -1347,7 +1347,7 @@ static void rx_dle_intr(struct atm_dev *dev) IF_RX(printk("rx_dle_intr: skb push");) @@ -28215,7 +28935,7 @@ index 1c70c45..300718d 100644 } diff --git a/drivers/atm/solos-pci.c b/drivers/atm/solos-pci.c -index 5d1d076..12fbca4 100644 +index e8cd652..bbbd1fc 100644 --- a/drivers/atm/solos-pci.c +++ b/drivers/atm/solos-pci.c @@ -714,7 +714,7 @@ void solos_bh(unsigned long card_arg) @@ -28331,7 +29051,7 @@ index d889f56..17eb71e 100644 } diff --git a/drivers/base/devtmpfs.c b/drivers/base/devtmpfs.c -index a4760e0..51283cf 100644 +index 8493536..31adee0 100644 --- a/drivers/base/devtmpfs.c +++ b/drivers/base/devtmpfs.c @@ -368,7 +368,7 @@ int devtmpfs_mount(const char *mntdir) @@ -28656,7 +29376,7 @@ index be73e9d..7fbf140 100644 cmdlist_t *reqQ; cmdlist_t *cmpQ; diff --git a/drivers/block/drbd/drbd_int.h b/drivers/block/drbd/drbd_int.h -index 9cf2035..bffca95 100644 +index 8d68056..e67050f 100644 --- a/drivers/block/drbd/drbd_int.h +++ b/drivers/block/drbd/drbd_int.h @@ -736,7 +736,7 @@ struct drbd_request; @@ -28717,7 +29437,7 @@ index 9cf2035..bffca95 100644 void drbd_bump_write_ordering(struct drbd_conf *mdev, enum write_ordering_e wo); diff --git a/drivers/block/drbd/drbd_main.c b/drivers/block/drbd/drbd_main.c -index 0358e55..bc33689 100644 +index 211fc44..c5116f1 100644 --- a/drivers/block/drbd/drbd_main.c +++ b/drivers/block/drbd/drbd_main.c @@ -2397,7 +2397,7 @@ static int _drbd_send_ack(struct drbd_conf *mdev, enum drbd_packets cmd, @@ -28759,9 +29479,18 @@ index 0358e55..bc33689 100644 mdev->bm_writ_cnt = mdev->read_cnt = diff --git a/drivers/block/drbd/drbd_nl.c b/drivers/block/drbd/drbd_nl.c -index af2a250..219c74b 100644 +index af2a250..0fdeb75 100644 --- a/drivers/block/drbd/drbd_nl.c +++ b/drivers/block/drbd/drbd_nl.c +@@ -2297,7 +2297,7 @@ static void drbd_connector_callback(struct cn_msg *req, struct netlink_skb_parms + return; + } + +- if (!cap_raised(current_cap(), CAP_SYS_ADMIN)) { ++ if (!capable(CAP_SYS_ADMIN)) { + retcode = ERR_PERM; + goto fail; + } @@ -2359,7 +2359,7 @@ static void drbd_connector_callback(struct cn_msg *req, struct netlink_skb_parms module_put(THIS_MODULE); } @@ -28897,10 +29626,10 @@ index 43beaca..4a5b1dd 100644 } diff --git a/drivers/block/loop.c b/drivers/block/loop.c -index 1e888c9..05cf1b0 100644 +index cd50435..ba1ffb5 100644 --- a/drivers/block/loop.c +++ b/drivers/block/loop.c -@@ -227,7 +227,7 @@ static int __do_lo_send_write(struct file *file, +@@ -226,7 +226,7 @@ static int __do_lo_send_write(struct file *file, mm_segment_t old_fs = get_fs(); set_fs(get_ds()); @@ -29049,7 +29778,7 @@ index 58c0e63..46c16bf 100644 intf->proc_dir = NULL; diff --git a/drivers/char/ipmi/ipmi_si_intf.c b/drivers/char/ipmi/ipmi_si_intf.c -index 9397ab4..d01bee1 100644 +index 50fcf9c..91b5528 100644 --- a/drivers/char/ipmi/ipmi_si_intf.c +++ b/drivers/char/ipmi/ipmi_si_intf.c @@ -277,7 +277,7 @@ struct smi_info { @@ -29096,7 +29825,7 @@ index 1aeaaba..e018570 100644 .part_num = MBCS_PART_NUM, .mfg_num = MBCS_MFG_NUM, diff --git a/drivers/char/mem.c b/drivers/char/mem.c -index 1451790..f705c30 100644 +index d6e9d08..4493e89 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c @@ -18,6 +18,7 @@ @@ -29245,7 +29974,7 @@ index da3cfee..a5a6606 100644 *ppos = i; diff --git a/drivers/char/random.c b/drivers/char/random.c -index 6035ab8..bdfe4fd 100644 +index 54ca8b2..4a092ed 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -261,8 +261,13 @@ @@ -29280,7 +30009,7 @@ index 6035ab8..bdfe4fd 100644 #if 0 /* x^2048 + x^1638 + x^1231 + x^819 + x^411 + x + 1 -- 115 */ { 2048, 1638, 1231, 819, 411, 1 }, -@@ -909,7 +921,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf, +@@ -913,7 +925,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf, extract_buf(r, tmp); i = min_t(int, nbytes, EXTRACT_SIZE); @@ -29289,7 +30018,7 @@ index 6035ab8..bdfe4fd 100644 ret = -EFAULT; break; } -@@ -1228,7 +1240,7 @@ EXPORT_SYMBOL(generate_random_uuid); +@@ -1238,7 +1250,7 @@ EXPORT_SYMBOL(generate_random_uuid); #include static int min_read_thresh = 8, min_write_thresh; @@ -29298,6 +30027,25 @@ index 6035ab8..bdfe4fd 100644 static int max_write_thresh = INPUT_POOL_WORDS * 32; static char sysctl_bootid[16]; +@@ -1260,10 +1272,15 @@ static int proc_do_uuid(ctl_table *table, int write, + uuid = table->data; + if (!uuid) { + uuid = tmp_uuid; +- uuid[8] = 0; +- } +- if (uuid[8] == 0) + generate_random_uuid(uuid); ++ } else { ++ static DEFINE_SPINLOCK(bootid_spinlock); ++ ++ spin_lock(&bootid_spinlock); ++ if (!uuid[8]) ++ generate_random_uuid(uuid); ++ spin_unlock(&bootid_spinlock); ++ } + + sprintf(buf, "%pU", uuid); + diff --git a/drivers/char/sonypi.c b/drivers/char/sonypi.c index 1ee8ce7..b778bef 100644 --- a/drivers/char/sonypi.c @@ -29341,10 +30089,10 @@ index 1ee8ce7..b778bef 100644 return 0; diff --git a/drivers/char/tpm/tpm.c b/drivers/char/tpm/tpm.c -index 361a1df..2471eee 100644 +index ad7c732..5aa8054 100644 --- a/drivers/char/tpm/tpm.c +++ b/drivers/char/tpm/tpm.c -@@ -414,7 +414,7 @@ static ssize_t tpm_transmit(struct tpm_chip *chip, const char *buf, +@@ -415,7 +415,7 @@ static ssize_t tpm_transmit(struct tpm_chip *chip, const char *buf, chip->vendor.req_complete_val) goto out_recv; @@ -29401,7 +30149,7 @@ index 0636520..169c1d0 100644 acpi_os_unmap_memory(virt, len); return 0; diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c -index 8e3c46d..c139b99 100644 +index b58b561..c9088c8 100644 --- a/drivers/char/virtio_console.c +++ b/drivers/char/virtio_console.c @@ -563,7 +563,7 @@ static ssize_t fill_readbuf(struct port *port, char *out_buf, size_t out_count, @@ -29422,19 +30170,6 @@ index 8e3c46d..c139b99 100644 } static ssize_t port_fops_write(struct file *filp, const char __user *ubuf, -diff --git a/drivers/dma/dmatest.c b/drivers/dma/dmatest.c -index eb1d864..39ee5a7 100644 ---- a/drivers/dma/dmatest.c -+++ b/drivers/dma/dmatest.c -@@ -591,7 +591,7 @@ static int dmatest_add_channel(struct dma_chan *chan) - } - if (dma_has_cap(DMA_PQ, dma_dev->cap_mask)) { - cnt = dmatest_add_threads(dtc, DMA_PQ); -- thread_count += cnt > 0 ?: 0; -+ thread_count += cnt > 0 ? cnt : 0; - } - - pr_info("dmatest: Started %u threads using %s\n", diff --git a/drivers/edac/amd64_edac.c b/drivers/edac/amd64_edac.c index c9eee6d..f9d5280 100644 --- a/drivers/edac/amd64_edac.c @@ -29488,7 +30223,7 @@ index 6ffb6d2..383d8d7 100644 PCI_VEND_DEV(INTEL, 7205_0), PCI_ANY_ID, PCI_ANY_ID, 0, 0, E7205}, diff --git a/drivers/edac/edac_pci_sysfs.c b/drivers/edac/edac_pci_sysfs.c -index 495198a..ac08c85 100644 +index 97f5064..202b6e6 100644 --- a/drivers/edac/edac_pci_sysfs.c +++ b/drivers/edac/edac_pci_sysfs.c @@ -26,8 +26,8 @@ static int edac_pci_log_pe = 1; /* log PCI parity errors */ @@ -29588,10 +30323,10 @@ index c0510b3..6e2a954 100644 PCI_VEND_DEV(INTEL, 3000_HB), PCI_ANY_ID, PCI_ANY_ID, 0, 0, I3000}, diff --git a/drivers/edac/i3200_edac.c b/drivers/edac/i3200_edac.c -index aa08497..7e6822a 100644 +index 73f55e200..5faaf59 100644 --- a/drivers/edac/i3200_edac.c +++ b/drivers/edac/i3200_edac.c -@@ -456,7 +456,7 @@ static void __devexit i3200_remove_one(struct pci_dev *pdev) +@@ -445,7 +445,7 @@ static void __devexit i3200_remove_one(struct pci_dev *pdev) edac_mc_free(mci); } @@ -29653,7 +30388,7 @@ index 6104dba..e7ea8e1 100644 {0,} /* 0 terminated list. */ }; diff --git a/drivers/edac/i7core_edac.c b/drivers/edac/i7core_edac.c -index 70ad892..178943c 100644 +index 8568d9b..42b2fa8 100644 --- a/drivers/edac/i7core_edac.c +++ b/drivers/edac/i7core_edac.c @@ -391,7 +391,7 @@ static const struct pci_id_table pci_dev_table[] = { @@ -29705,10 +30440,10 @@ index 33864c6..01edc61 100644 PCI_VEND_DEV(INTEL, 82875_0), PCI_ANY_ID, PCI_ANY_ID, 0, 0, I82875P}, diff --git a/drivers/edac/i82975x_edac.c b/drivers/edac/i82975x_edac.c -index a5da732..983363b 100644 +index 4184e01..dcb2cd3 100644 --- a/drivers/edac/i82975x_edac.c +++ b/drivers/edac/i82975x_edac.c -@@ -604,7 +604,7 @@ static void __devexit i82975x_remove_one(struct pci_dev *pdev) +@@ -612,7 +612,7 @@ static void __devexit i82975x_remove_one(struct pci_dev *pdev) edac_mc_free(mci); } @@ -29731,7 +30466,7 @@ index 0106747..0b40417 100644 void amd_report_gart_errors(bool); void amd_register_ecc_decoder(void (*f)(int, struct mce *)); diff --git a/drivers/edac/r82600_edac.c b/drivers/edac/r82600_edac.c -index b153674..ad2ba9b 100644 +index e294e1b..a41b05b 100644 --- a/drivers/edac/r82600_edac.c +++ b/drivers/edac/r82600_edac.c @@ -373,7 +373,7 @@ static void __devexit r82600_remove_one(struct pci_dev *pdev) @@ -29744,7 +30479,7 @@ index b153674..ad2ba9b 100644 PCI_DEVICE(PCI_VENDOR_ID_RADISYS, R82600_BRIDGE_ID) }, diff --git a/drivers/edac/sb_edac.c b/drivers/edac/sb_edac.c -index 7a402bf..af0b211 100644 +index 1dc118d..8c68af9 100644 --- a/drivers/edac/sb_edac.c +++ b/drivers/edac/sb_edac.c @@ -367,7 +367,7 @@ static const struct pci_id_table pci_dev_descr_sbridge_table[] = { @@ -29846,7 +30581,7 @@ index 153980b..4b4d046 100644 iounmap(buf); return 0; diff --git a/drivers/gpio/gpio-vr41xx.c b/drivers/gpio/gpio-vr41xx.c -index 98723cb..10ca85b 100644 +index 82d5c20..44a7177 100644 --- a/drivers/gpio/gpio-vr41xx.c +++ b/drivers/gpio/gpio-vr41xx.c @@ -204,7 +204,7 @@ static int giu_get_irq(unsigned int irq) @@ -29858,107 +30593,11 @@ index 98723cb..10ca85b 100644 return -EINVAL; } -diff --git a/drivers/gpu/drm/drm_crtc.c b/drivers/gpu/drm/drm_crtc.c -index 8323fc3..5c1d755 100644 ---- a/drivers/gpu/drm/drm_crtc.c -+++ b/drivers/gpu/drm/drm_crtc.c -@@ -1379,7 +1379,7 @@ int drm_mode_getconnector(struct drm_device *dev, void *data, - */ - if ((out_resp->count_modes >= mode_count) && mode_count) { - copied = 0; -- mode_ptr = (struct drm_mode_modeinfo *)(unsigned long)out_resp->modes_ptr; -+ mode_ptr = (struct drm_mode_modeinfo __user *)(unsigned long)out_resp->modes_ptr; - list_for_each_entry(mode, &connector->modes, head) { - drm_crtc_convert_to_umode(&u_mode, mode); - if (copy_to_user(mode_ptr + copied, -@@ -1394,8 +1394,8 @@ int drm_mode_getconnector(struct drm_device *dev, void *data, - - if ((out_resp->count_props >= props_count) && props_count) { - copied = 0; -- prop_ptr = (uint32_t *)(unsigned long)(out_resp->props_ptr); -- prop_values = (uint64_t *)(unsigned long)(out_resp->prop_values_ptr); -+ prop_ptr = (uint32_t __user *)(unsigned long)(out_resp->props_ptr); -+ prop_values = (uint64_t __user *)(unsigned long)(out_resp->prop_values_ptr); - for (i = 0; i < DRM_CONNECTOR_MAX_PROPERTY; i++) { - if (connector->property_ids[i] != 0) { - if (put_user(connector->property_ids[i], -@@ -1417,7 +1417,7 @@ int drm_mode_getconnector(struct drm_device *dev, void *data, - - if ((out_resp->count_encoders >= encoders_count) && encoders_count) { - copied = 0; -- encoder_ptr = (uint32_t *)(unsigned long)(out_resp->encoders_ptr); -+ encoder_ptr = (uint32_t __user *)(unsigned long)(out_resp->encoders_ptr); - for (i = 0; i < DRM_CONNECTOR_MAX_ENCODER; i++) { - if (connector->encoder_ids[i] != 0) { - if (put_user(connector->encoder_ids[i], -@@ -1576,7 +1576,7 @@ int drm_mode_setcrtc(struct drm_device *dev, void *data, - } - - for (i = 0; i < crtc_req->count_connectors; i++) { -- set_connectors_ptr = (uint32_t *)(unsigned long)crtc_req->set_connectors_ptr; -+ set_connectors_ptr = (uint32_t __user *)(unsigned long)crtc_req->set_connectors_ptr; - if (get_user(out_id, &set_connectors_ptr[i])) { - ret = -EFAULT; - goto out; -@@ -1857,7 +1857,7 @@ int drm_mode_dirtyfb_ioctl(struct drm_device *dev, - fb = obj_to_fb(obj); - - num_clips = r->num_clips; -- clips_ptr = (struct drm_clip_rect *)(unsigned long)r->clips_ptr; -+ clips_ptr = (struct drm_clip_rect __user *)(unsigned long)r->clips_ptr; - - if (!num_clips != !clips_ptr) { - ret = -EINVAL; -@@ -2283,7 +2283,7 @@ int drm_mode_getproperty_ioctl(struct drm_device *dev, - out_resp->flags = property->flags; - - if ((out_resp->count_values >= value_count) && value_count) { -- values_ptr = (uint64_t *)(unsigned long)out_resp->values_ptr; -+ values_ptr = (uint64_t __user *)(unsigned long)out_resp->values_ptr; - for (i = 0; i < value_count; i++) { - if (copy_to_user(values_ptr + i, &property->values[i], sizeof(uint64_t))) { - ret = -EFAULT; -@@ -2296,7 +2296,7 @@ int drm_mode_getproperty_ioctl(struct drm_device *dev, - if (property->flags & DRM_MODE_PROP_ENUM) { - if ((out_resp->count_enum_blobs >= enum_count) && enum_count) { - copied = 0; -- enum_ptr = (struct drm_mode_property_enum *)(unsigned long)out_resp->enum_blob_ptr; -+ enum_ptr = (struct drm_mode_property_enum __user *)(unsigned long)out_resp->enum_blob_ptr; - list_for_each_entry(prop_enum, &property->enum_blob_list, head) { - - if (copy_to_user(&enum_ptr[copied].value, &prop_enum->value, sizeof(uint64_t))) { -@@ -2319,7 +2319,7 @@ int drm_mode_getproperty_ioctl(struct drm_device *dev, - if ((out_resp->count_enum_blobs >= blob_count) && blob_count) { - copied = 0; - blob_id_ptr = (uint32_t *)(unsigned long)out_resp->enum_blob_ptr; -- blob_length_ptr = (uint32_t *)(unsigned long)out_resp->values_ptr; -+ blob_length_ptr = (uint32_t __user *)(unsigned long)out_resp->values_ptr; - - list_for_each_entry(prop_blob, &property->enum_blob_list, head) { - if (put_user(prop_blob->base.id, blob_id_ptr + copied)) { -@@ -2380,7 +2380,7 @@ int drm_mode_getblob_ioctl(struct drm_device *dev, - struct drm_mode_get_blob *out_resp = data; - struct drm_property_blob *blob; - int ret = 0; -- void *blob_ptr; -+ void __user *blob_ptr; - - if (!drm_core_check_feature(dev, DRIVER_MODESET)) - return -EINVAL; -@@ -2394,7 +2394,7 @@ int drm_mode_getblob_ioctl(struct drm_device *dev, - blob = obj_to_blob(obj); - - if (out_resp->length == blob->length) { -- blob_ptr = (void *)(unsigned long)out_resp->data; -+ blob_ptr = (void __user *)(unsigned long)out_resp->data; - if (copy_to_user(blob_ptr, blob->data, blob->length)){ - ret = -EFAULT; - goto done; diff --git a/drivers/gpu/drm/drm_crtc_helper.c b/drivers/gpu/drm/drm_crtc_helper.c -index d2619d7..bd6bd00 100644 +index 84a4a80..ce0306e 100644 --- a/drivers/gpu/drm/drm_crtc_helper.c +++ b/drivers/gpu/drm/drm_crtc_helper.c -@@ -279,7 +279,7 @@ static bool drm_encoder_crtc_ok(struct drm_encoder *encoder, +@@ -280,7 +280,7 @@ static bool drm_encoder_crtc_ok(struct drm_encoder *encoder, struct drm_crtc *tmp; int crtc_mask = 1; @@ -29968,10 +30607,10 @@ index d2619d7..bd6bd00 100644 dev = crtc->dev; diff --git a/drivers/gpu/drm/drm_drv.c b/drivers/gpu/drm/drm_drv.c -index 40c187c..5746164 100644 +index ebf7d3f..d64c436 100644 --- a/drivers/gpu/drm/drm_drv.c +++ b/drivers/gpu/drm/drm_drv.c -@@ -308,7 +308,7 @@ module_exit(drm_core_exit); +@@ -312,7 +312,7 @@ module_exit(drm_core_exit); /** * Copy and IOCTL return string to user space */ @@ -29980,7 +30619,7 @@ index 40c187c..5746164 100644 { int len; -@@ -387,7 +387,7 @@ long drm_ioctl(struct file *filp, +@@ -391,7 +391,7 @@ long drm_ioctl(struct file *filp, dev = file_priv->minor->dev; atomic_inc(&dev->ioctl_count); @@ -29990,7 +30629,7 @@ index 40c187c..5746164 100644 DRM_DEBUG("pid=%d, cmd=0x%02x, nr=0x%02x, dev 0x%lx, auth=%d\n", diff --git a/drivers/gpu/drm/drm_fops.c b/drivers/gpu/drm/drm_fops.c -index 828bf65..cdaa0e9 100644 +index 6263b01..7987f55 100644 --- a/drivers/gpu/drm/drm_fops.c +++ b/drivers/gpu/drm/drm_fops.c @@ -71,7 +71,7 @@ static int drm_setup(struct drm_device * dev) @@ -30018,12 +30657,16 @@ index 828bf65..cdaa0e9 100644 mutex_lock(&drm_global_mutex); - DRM_DEBUG("open_count = %d\n", dev->open_count); -+ DRM_DEBUG("open_count = %d\n", local_read(&dev->open_count)); ++ DRM_DEBUG("open_count = %ld\n", local_read(&dev->open_count)); if (dev->driver->preclose) dev->driver->preclose(dev, file_priv); -@@ -485,7 +485,7 @@ int drm_release(struct inode *inode, struct file *filp) - DRM_DEBUG("pid = %d, device = 0x%lx, open_count = %d\n", +@@ -482,10 +482,10 @@ int drm_release(struct inode *inode, struct file *filp) + * Begin inline drm_release + */ + +- DRM_DEBUG("pid = %d, device = 0x%lx, open_count = %d\n", ++ DRM_DEBUG("pid = %d, device = 0x%lx, open_count = %ld\n", task_pid_nr(current), (long)old_encode_dev(file_priv->minor->device), - dev->open_count); @@ -30148,10 +30791,10 @@ index ab1162d..42587b2 100644 #if defined(__i386__) pgprot = pgprot_val(vma->vm_page_prot); diff --git a/drivers/gpu/drm/drm_ioc32.c b/drivers/gpu/drm/drm_ioc32.c -index ddd70db..40321e6 100644 +index 637fcc3..e890b33 100644 --- a/drivers/gpu/drm/drm_ioc32.c +++ b/drivers/gpu/drm/drm_ioc32.c -@@ -456,7 +456,7 @@ static int compat_drm_infobufs(struct file *file, unsigned int cmd, +@@ -457,7 +457,7 @@ static int compat_drm_infobufs(struct file *file, unsigned int cmd, request = compat_alloc_user_space(nbytes); if (!access_ok(VERIFY_WRITE, request, nbytes)) return -EFAULT; @@ -30160,7 +30803,7 @@ index ddd70db..40321e6 100644 if (__put_user(count, &request->count) || __put_user(list, &request->list)) -@@ -517,7 +517,7 @@ static int compat_drm_mapbufs(struct file *file, unsigned int cmd, +@@ -518,7 +518,7 @@ static int compat_drm_mapbufs(struct file *file, unsigned int cmd, request = compat_alloc_user_space(nbytes); if (!access_ok(VERIFY_WRITE, request, nbytes)) return -EFAULT; @@ -30170,10 +30813,10 @@ index ddd70db..40321e6 100644 if (__put_user(count, &request->count) || __put_user(list, &request->list)) diff --git a/drivers/gpu/drm/drm_ioctl.c b/drivers/gpu/drm/drm_ioctl.c -index 904d7e9..ab88581 100644 +index 956fd38..e52167a 100644 --- a/drivers/gpu/drm/drm_ioctl.c +++ b/drivers/gpu/drm/drm_ioctl.c -@@ -256,7 +256,7 @@ int drm_getstats(struct drm_device *dev, void *data, +@@ -251,7 +251,7 @@ int drm_getstats(struct drm_device *dev, void *data, stats->data[i].value = (file_priv->master->lock.hw_lock ? file_priv->master->lock.hw_lock->lock : 0); else @@ -30183,10 +30826,10 @@ index 904d7e9..ab88581 100644 } diff --git a/drivers/gpu/drm/drm_lock.c b/drivers/gpu/drm/drm_lock.c -index 632ae24..244cf4a 100644 +index c79c713..2048588 100644 --- a/drivers/gpu/drm/drm_lock.c +++ b/drivers/gpu/drm/drm_lock.c -@@ -89,7 +89,7 @@ int drm_lock(struct drm_device *dev, void *data, struct drm_file *file_priv) +@@ -90,7 +90,7 @@ int drm_lock(struct drm_device *dev, void *data, struct drm_file *file_priv) if (drm_lock_take(&master->lock, lock->context)) { master->lock.file_priv = file_priv; master->lock.lock_time = jiffies; @@ -30195,7 +30838,7 @@ index 632ae24..244cf4a 100644 break; /* Got lock */ } -@@ -160,7 +160,7 @@ int drm_unlock(struct drm_device *dev, void *data, struct drm_file *file_priv) +@@ -161,7 +161,7 @@ int drm_unlock(struct drm_device *dev, void *data, struct drm_file *file_priv) return -EINVAL; } @@ -30205,10 +30848,10 @@ index 632ae24..244cf4a 100644 if (drm_lock_free(&master->lock, lock->context)) { /* FIXME: Should really bail out here. */ diff --git a/drivers/gpu/drm/i810/i810_dma.c b/drivers/gpu/drm/i810/i810_dma.c -index 8f371e8..9f85d52 100644 +index 7f4b4e1..bf4def2 100644 --- a/drivers/gpu/drm/i810/i810_dma.c +++ b/drivers/gpu/drm/i810/i810_dma.c -@@ -950,8 +950,8 @@ static int i810_dma_vertex(struct drm_device *dev, void *data, +@@ -948,8 +948,8 @@ static int i810_dma_vertex(struct drm_device *dev, void *data, dma->buflist[vertex->idx], vertex->discard, vertex->used); @@ -30219,7 +30862,7 @@ index 8f371e8..9f85d52 100644 sarea_priv->last_enqueue = dev_priv->counter - 1; sarea_priv->last_dispatch = (int)hw_status[5]; -@@ -1111,8 +1111,8 @@ static int i810_dma_mc(struct drm_device *dev, void *data, +@@ -1109,8 +1109,8 @@ static int i810_dma_mc(struct drm_device *dev, void *data, i810_dma_dispatch_mc(dev, dma->buflist[mc->idx], mc->used, mc->last_render); @@ -30246,7 +30889,7 @@ index c9339f4..f5e1b9d 100644 int front_offset; } drm_i810_private_t; diff --git a/drivers/gpu/drm/i915/i915_debugfs.c b/drivers/gpu/drm/i915/i915_debugfs.c -index b2e3c97..58cf079 100644 +index deaa657..e0fd296 100644 --- a/drivers/gpu/drm/i915/i915_debugfs.c +++ b/drivers/gpu/drm/i915/i915_debugfs.c @@ -499,7 +499,7 @@ static int i915_interrupt_info(struct seq_file *m, void *data) @@ -30258,7 +30901,7 @@ index b2e3c97..58cf079 100644 for (i = 0; i < I915_NUM_RINGS; i++) { if (IS_GEN6(dev) || IS_GEN7(dev)) { seq_printf(m, "Graphics Interrupt mask (%s): %08x\n", -@@ -1232,7 +1232,7 @@ static int i915_opregion(struct seq_file *m, void *unused) +@@ -1321,7 +1321,7 @@ static int i915_opregion(struct seq_file *m, void *unused) return ret; if (opregion->header) @@ -30268,10 +30911,10 @@ index b2e3c97..58cf079 100644 mutex_unlock(&dev->struct_mutex); diff --git a/drivers/gpu/drm/i915/i915_dma.c b/drivers/gpu/drm/i915/i915_dma.c -index c4da951..3c59c5c 100644 +index ddfe3d9..f6e6b21 100644 --- a/drivers/gpu/drm/i915/i915_dma.c +++ b/drivers/gpu/drm/i915/i915_dma.c -@@ -1172,7 +1172,7 @@ static bool i915_switcheroo_can_switch(struct pci_dev *pdev) +@@ -1175,7 +1175,7 @@ static bool i915_switcheroo_can_switch(struct pci_dev *pdev) bool can_switch; spin_lock(&dev->count_lock); @@ -30281,10 +30924,10 @@ index c4da951..3c59c5c 100644 return can_switch; } diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h -index ae294a0..1755461 100644 +index 9689ca3..294f9c1 100644 --- a/drivers/gpu/drm/i915/i915_drv.h +++ b/drivers/gpu/drm/i915/i915_drv.h -@@ -229,7 +229,7 @@ struct drm_i915_display_funcs { +@@ -231,7 +231,7 @@ struct drm_i915_display_funcs { /* render clock increase/decrease */ /* display clock increase/decrease */ /* pll clock increase/decrease */ @@ -30293,7 +30936,7 @@ index ae294a0..1755461 100644 struct intel_device_info { u8 gen; -@@ -318,7 +318,7 @@ typedef struct drm_i915_private { +@@ -320,7 +320,7 @@ typedef struct drm_i915_private { int current_page; int page_flipping; @@ -30302,7 +30945,7 @@ index ae294a0..1755461 100644 /* protects the irq masks */ spinlock_t irq_lock; -@@ -893,7 +893,7 @@ struct drm_i915_gem_object { +@@ -896,7 +896,7 @@ struct drm_i915_gem_object { * will be page flipped away on the next vblank. When it * reaches 0, dev_priv->pending_flip_queue will be woken up. */ @@ -30311,7 +30954,7 @@ index ae294a0..1755461 100644 }; #define to_intel_bo(x) container_of(x, struct drm_i915_gem_object, base) -@@ -1273,7 +1273,7 @@ extern int intel_setup_gmbus(struct drm_device *dev); +@@ -1276,7 +1276,7 @@ extern int intel_setup_gmbus(struct drm_device *dev); extern void intel_teardown_gmbus(struct drm_device *dev); extern void intel_gmbus_set_speed(struct i2c_adapter *adapter, int speed); extern void intel_gmbus_force_bit(struct i2c_adapter *adapter, bool force_bit); @@ -30321,7 +30964,7 @@ index ae294a0..1755461 100644 return container_of(adapter, struct intel_gmbus, adapter)->force_bit; } diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c -index b9da890..cad1d98 100644 +index e159e33..cdcc663 100644 --- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c +++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c @@ -189,7 +189,7 @@ i915_gem_object_set_to_gpu_domain(struct drm_i915_gem_object *obj, @@ -30346,7 +30989,7 @@ index b9da890..cad1d98 100644 for (i = 0; i < count; i++) { char __user *ptr = (char __user *)(uintptr_t)exec[i].relocs_ptr; diff --git a/drivers/gpu/drm/i915/i915_irq.c b/drivers/gpu/drm/i915/i915_irq.c -index d47a53b..61154c2 100644 +index 5bd4361..0241a42 100644 --- a/drivers/gpu/drm/i915/i915_irq.c +++ b/drivers/gpu/drm/i915/i915_irq.c @@ -475,7 +475,7 @@ static irqreturn_t ivybridge_irq_handler(DRM_IRQ_ARGS) @@ -30376,7 +31019,7 @@ index d47a53b..61154c2 100644 iir = I915_READ(IIR); -@@ -1750,7 +1750,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev) +@@ -1743,7 +1743,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev) { drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; @@ -30385,7 +31028,7 @@ index d47a53b..61154c2 100644 INIT_WORK(&dev_priv->hotplug_work, i915_hotplug_work_func); INIT_WORK(&dev_priv->error_work, i915_error_work_func); -@@ -1938,7 +1938,7 @@ static void i915_driver_irq_preinstall(struct drm_device * dev) +@@ -1932,7 +1932,7 @@ static void i915_driver_irq_preinstall(struct drm_device * dev) drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; int pipe; @@ -30395,10 +31038,10 @@ index d47a53b..61154c2 100644 INIT_WORK(&dev_priv->hotplug_work, i915_hotplug_work_func); INIT_WORK(&dev_priv->error_work, i915_error_work_func); diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c -index 9ec9755..6d1cf2d 100644 +index 2163818..cede019 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c -@@ -2230,7 +2230,7 @@ intel_pipe_set_base(struct drm_crtc *crtc, int x, int y, +@@ -2238,7 +2238,7 @@ intel_pipe_set_base(struct drm_crtc *crtc, int x, int y, wait_event(dev_priv->pending_flip_queue, atomic_read(&dev_priv->mm.wedged) || @@ -30407,7 +31050,7 @@ index 9ec9755..6d1cf2d 100644 /* Big Hammer, we also need to ensure that any pending * MI_WAIT_FOR_EVENT inside a user batch buffer on the -@@ -2851,7 +2851,7 @@ static void intel_crtc_wait_for_pending_flips(struct drm_crtc *crtc) +@@ -2859,7 +2859,7 @@ static void intel_crtc_wait_for_pending_flips(struct drm_crtc *crtc) obj = to_intel_framebuffer(crtc->fb)->obj; dev_priv = crtc->dev->dev_private; wait_event(dev_priv->pending_flip_queue, @@ -30416,7 +31059,7 @@ index 9ec9755..6d1cf2d 100644 } static bool intel_crtc_driving_pch(struct drm_crtc *crtc) -@@ -6952,7 +6952,7 @@ static void do_intel_finish_page_flip(struct drm_device *dev, +@@ -7171,7 +7171,7 @@ static void do_intel_finish_page_flip(struct drm_device *dev, atomic_clear_mask(1 << intel_crtc->plane, &obj->pending_flip.counter); @@ -30425,7 +31068,22 @@ index 9ec9755..6d1cf2d 100644 wake_up(&dev_priv->pending_flip_queue); schedule_work(&work->work); -@@ -7242,7 +7242,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, +@@ -7354,7 +7354,13 @@ static int intel_gen6_queue_flip(struct drm_device *dev, + OUT_RING(fb->pitches[0] | obj->tiling_mode); + OUT_RING(obj->gtt_offset); + +- pf = I915_READ(PF_CTL(intel_crtc->pipe)) & PF_ENABLE; ++ /* Contrary to the suggestions in the documentation, ++ * "Enable Panel Fitter" does not seem to be required when page ++ * flipping with a non-native mode, and worse causes a normal ++ * modeset to fail. ++ * pf = I915_READ(PF_CTL(intel_crtc->pipe)) & PF_ENABLE; ++ */ ++ pf = 0; + pipesrc = I915_READ(PIPESRC(intel_crtc->pipe)) & 0x0fff0fff; + OUT_RING(pf | pipesrc); + ADVANCE_LP_RING(); +@@ -7461,7 +7467,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, /* Block clients from rendering to the new back buffer until * the flip occurs and the object is no longer visible. */ @@ -30434,7 +31092,7 @@ index 9ec9755..6d1cf2d 100644 ret = dev_priv->display.queue_flip(dev, crtc, fb, obj); if (ret) -@@ -7256,7 +7256,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, +@@ -7475,7 +7481,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, return 0; cleanup_pending: @@ -30500,10 +31158,10 @@ index 2581202..f230a8d9 100644 *sequence = cur_fence; diff --git a/drivers/gpu/drm/nouveau/nouveau_bios.c b/drivers/gpu/drm/nouveau/nouveau_bios.c -index 5fc201b..7b032b9 100644 +index e5cbead..6c354a3 100644 --- a/drivers/gpu/drm/nouveau/nouveau_bios.c +++ b/drivers/gpu/drm/nouveau/nouveau_bios.c -@@ -201,7 +201,7 @@ struct methods { +@@ -199,7 +199,7 @@ struct methods { const char desc[8]; void (*loadbios)(struct drm_device *, uint8_t *); const bool rw; @@ -30512,7 +31170,7 @@ index 5fc201b..7b032b9 100644 static struct methods shadow_methods[] = { { "PRAMIN", load_vbios_pramin, true }, -@@ -5474,7 +5474,7 @@ parse_bit_U_tbl_entry(struct drm_device *dev, struct nvbios *bios, +@@ -5290,7 +5290,7 @@ parse_bit_U_tbl_entry(struct drm_device *dev, struct nvbios *bios, struct bit_table { const char id; int (* const parse_fn)(struct drm_device *, struct nvbios *, struct bit_entry *); @@ -30522,10 +31180,10 @@ index 5fc201b..7b032b9 100644 #define BIT_TABLE(id, funcid) ((struct bit_table){ id, parse_bit_##funcid##_tbl_entry }) diff --git a/drivers/gpu/drm/nouveau/nouveau_drv.h b/drivers/gpu/drm/nouveau/nouveau_drv.h -index 4c0be3a..5757582 100644 +index b827098..c31a797 100644 --- a/drivers/gpu/drm/nouveau/nouveau_drv.h +++ b/drivers/gpu/drm/nouveau/nouveau_drv.h -@@ -238,7 +238,7 @@ struct nouveau_channel { +@@ -242,7 +242,7 @@ struct nouveau_channel { struct list_head pending; uint32_t sequence; uint32_t sequence_ack; @@ -30534,7 +31192,7 @@ index 4c0be3a..5757582 100644 struct nouveau_vma vma; } fence; -@@ -319,7 +319,7 @@ struct nouveau_exec_engine { +@@ -323,7 +323,7 @@ struct nouveau_exec_engine { u32 handle, u16 class); void (*set_tile_region)(struct drm_device *dev, int i); void (*tlb_flush)(struct drm_device *, int engine); @@ -30543,7 +31201,7 @@ index 4c0be3a..5757582 100644 struct nouveau_instmem_engine { void *priv; -@@ -341,13 +341,13 @@ struct nouveau_instmem_engine { +@@ -345,13 +345,13 @@ struct nouveau_instmem_engine { struct nouveau_mc_engine { int (*init)(struct drm_device *dev); void (*takedown)(struct drm_device *dev); @@ -30559,7 +31217,7 @@ index 4c0be3a..5757582 100644 struct nouveau_fb_engine { int num_tiles; -@@ -558,7 +558,7 @@ struct nouveau_vram_engine { +@@ -566,7 +566,7 @@ struct nouveau_vram_engine { void (*put)(struct drm_device *, struct nouveau_mem **); bool (*flags_valid)(struct drm_device *, u32 tile_flags); @@ -30568,7 +31226,7 @@ index 4c0be3a..5757582 100644 struct nouveau_engine { struct nouveau_instmem_engine instmem; -@@ -706,7 +706,7 @@ struct drm_nouveau_private { +@@ -714,7 +714,7 @@ struct drm_nouveau_private { struct drm_global_reference mem_global_ref; struct ttm_bo_global_ref bo_global_ref; struct ttm_bo_device bdev; @@ -30613,10 +31271,10 @@ index 7ce3fde..cb3ea04 100644 if (++trycnt > 100000) { NV_ERROR(dev, "%s failed and gave up.\n", __func__); diff --git a/drivers/gpu/drm/nouveau/nouveau_state.c b/drivers/gpu/drm/nouveau/nouveau_state.c -index d8831ab..0ba8356 100644 +index f80c5e0..936baa7 100644 --- a/drivers/gpu/drm/nouveau/nouveau_state.c +++ b/drivers/gpu/drm/nouveau/nouveau_state.c -@@ -542,7 +542,7 @@ static bool nouveau_switcheroo_can_switch(struct pci_dev *pdev) +@@ -543,7 +543,7 @@ static bool nouveau_switcheroo_can_switch(struct pci_dev *pdev) bool can_switch; spin_lock(&dev->count_lock); @@ -30732,32 +31390,20 @@ index 5a82b6b..9e69c73 100644 if (regcomp (&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) { -diff --git a/drivers/gpu/drm/radeon/r600_cs.c b/drivers/gpu/drm/radeon/r600_cs.c -index cb1acff..8861bc5 100644 ---- a/drivers/gpu/drm/radeon/r600_cs.c -+++ b/drivers/gpu/drm/radeon/r600_cs.c -@@ -1304,6 +1304,7 @@ static int r600_check_texture_resource(struct radeon_cs_parser *p, u32 idx, - h0 = G_038004_TEX_HEIGHT(word1) + 1; - d0 = G_038004_TEX_DEPTH(word1); - nfaces = 1; -+ array = 0; - switch (G_038000_DIM(word0)) { - case V_038000_SQ_TEX_DIM_1D: - case V_038000_SQ_TEX_DIM_2D: diff --git a/drivers/gpu/drm/radeon/radeon.h b/drivers/gpu/drm/radeon/radeon.h -index 8227e76..ce0b195 100644 +index 1668ec1..30ebdab 100644 --- a/drivers/gpu/drm/radeon/radeon.h +++ b/drivers/gpu/drm/radeon/radeon.h -@@ -192,7 +192,7 @@ extern int sumo_get_temp(struct radeon_device *rdev); - */ - struct radeon_fence_driver { +@@ -250,7 +250,7 @@ struct radeon_fence_driver { uint32_t scratch_reg; + uint64_t gpu_addr; + volatile uint32_t *cpu_addr; - atomic_t seq; + atomic_unchecked_t seq; uint32_t last_seq; unsigned long last_jiffies; unsigned long last_timeout; -@@ -530,7 +530,7 @@ struct r600_blit_cp_primitives { +@@ -752,7 +752,7 @@ struct r600_blit_cp_primitives { int x2, int y2); void (*draw_auto)(struct radeon_device *rdev); void (*set_default_state)(struct radeon_device *rdev); @@ -30766,7 +31412,7 @@ index 8227e76..ce0b195 100644 struct r600_blit { struct mutex mutex; -@@ -954,7 +954,7 @@ struct radeon_asic { +@@ -1201,7 +1201,7 @@ struct radeon_asic { void (*pre_page_flip)(struct radeon_device *rdev, int crtc); u32 (*page_flip)(struct radeon_device *rdev, int crtc, u64 crtc_base); void (*post_page_flip)(struct radeon_device *rdev, int crtc); @@ -30776,7 +31422,7 @@ index 8227e76..ce0b195 100644 /* * Asic structures diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c -index 9231564..78b00fd 100644 +index 49f7cb7..2fcb48f 100644 --- a/drivers/gpu/drm/radeon/radeon_device.c +++ b/drivers/gpu/drm/radeon/radeon_device.c @@ -687,7 +687,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev) @@ -30802,27 +31448,36 @@ index a1b59ca..86f2d44 100644 uint32_t irq_enable_reg; uint32_t r500_disp_irq_reg; diff --git a/drivers/gpu/drm/radeon/radeon_fence.c b/drivers/gpu/drm/radeon/radeon_fence.c -index 76ec0e9..6feb1a3 100644 +index 4bd36a3..e66fe9c 100644 --- a/drivers/gpu/drm/radeon/radeon_fence.c +++ b/drivers/gpu/drm/radeon/radeon_fence.c -@@ -78,7 +78,7 @@ int radeon_fence_emit(struct radeon_device *rdev, struct radeon_fence *fence) - write_unlock_irqrestore(&rdev->fence_drv.lock, irq_flags); +@@ -70,7 +70,7 @@ int radeon_fence_emit(struct radeon_device *rdev, struct radeon_fence *fence) + write_unlock_irqrestore(&rdev->fence_lock, irq_flags); return 0; } -- fence->seq = atomic_add_return(1, &rdev->fence_drv.seq); -+ fence->seq = atomic_add_return_unchecked(1, &rdev->fence_drv.seq); - if (!rdev->cp.ready) +- fence->seq = atomic_add_return(1, &rdev->fence_drv[fence->ring].seq); ++ fence->seq = atomic_add_return_unchecked(1, &rdev->fence_drv[fence->ring].seq); + if (!rdev->ring[fence->ring].ready) /* FIXME: cp is not running assume everythings is done right * away -@@ -373,7 +373,7 @@ int radeon_fence_driver_init(struct radeon_device *rdev) - return r; - } - radeon_fence_write(rdev, 0); -- atomic_set(&rdev->fence_drv.seq, 0); -+ atomic_set_unchecked(&rdev->fence_drv.seq, 0); - INIT_LIST_HEAD(&rdev->fence_drv.created); - INIT_LIST_HEAD(&rdev->fence_drv.emited); - INIT_LIST_HEAD(&rdev->fence_drv.signaled); +@@ -405,7 +405,7 @@ int radeon_fence_driver_start_ring(struct radeon_device *rdev, int ring) + } + rdev->fence_drv[ring].cpu_addr = &rdev->wb.wb[index/4]; + rdev->fence_drv[ring].gpu_addr = rdev->wb.gpu_addr + index; +- radeon_fence_write(rdev, atomic_read(&rdev->fence_drv[ring].seq), ring); ++ radeon_fence_write(rdev, atomic_read_unchecked(&rdev->fence_drv[ring].seq), ring); + rdev->fence_drv[ring].initialized = true; + DRM_INFO("fence driver on ring %d use gpu addr 0x%08Lx and cpu addr 0x%p\n", + ring, rdev->fence_drv[ring].gpu_addr, rdev->fence_drv[ring].cpu_addr); +@@ -418,7 +418,7 @@ static void radeon_fence_driver_init_ring(struct radeon_device *rdev, int ring) + rdev->fence_drv[ring].scratch_reg = -1; + rdev->fence_drv[ring].cpu_addr = NULL; + rdev->fence_drv[ring].gpu_addr = 0; +- atomic_set(&rdev->fence_drv[ring].seq, 0); ++ atomic_set_unchecked(&rdev->fence_drv[ring].seq, 0); + INIT_LIST_HEAD(&rdev->fence_drv[ring].created); + INIT_LIST_HEAD(&rdev->fence_drv[ring].emitted); + INIT_LIST_HEAD(&rdev->fence_drv[ring].signaled); diff --git a/drivers/gpu/drm/radeon/radeon_ioc32.c b/drivers/gpu/drm/radeon/radeon_ioc32.c index 48b7cea..342236f 100644 --- a/drivers/gpu/drm/radeon/radeon_ioc32.c @@ -30883,10 +31538,10 @@ index e8422ae..d22d4a8 100644 DRM_DEBUG("pid=%d\n", DRM_CURRENTPID); diff --git a/drivers/gpu/drm/radeon/radeon_ttm.c b/drivers/gpu/drm/radeon/radeon_ttm.c -index 0b5468b..9c4b308 100644 +index c421e77..e6bf2e8 100644 --- a/drivers/gpu/drm/radeon/radeon_ttm.c +++ b/drivers/gpu/drm/radeon/radeon_ttm.c -@@ -672,8 +672,10 @@ int radeon_mmap(struct file *filp, struct vm_area_struct *vma) +@@ -842,8 +842,10 @@ int radeon_mmap(struct file *filp, struct vm_area_struct *vma) } if (unlikely(ttm_vm_ops == NULL)) { ttm_vm_ops = vma->vm_ops; @@ -30900,7 +31555,7 @@ index 0b5468b..9c4b308 100644 vma->vm_ops = &radeon_ttm_vm_ops; return 0; diff --git a/drivers/gpu/drm/radeon/rs690.c b/drivers/gpu/drm/radeon/rs690.c -index a9049ed..501f284 100644 +index f68dff2..8df955c 100644 --- a/drivers/gpu/drm/radeon/rs690.c +++ b/drivers/gpu/drm/radeon/rs690.c @@ -304,9 +304,11 @@ void rs690_crtc_bandwidth_compute(struct radeon_device *rdev, @@ -30917,7 +31572,7 @@ index a9049ed..501f284 100644 if (rdev->pm.max_bandwidth.full > rdev->pm.k8_bandwidth.full && rdev->pm.k8_bandwidth.full) diff --git a/drivers/gpu/drm/ttm/ttm_page_alloc.c b/drivers/gpu/drm/ttm/ttm_page_alloc.c -index 727e93d..1565650 100644 +index 499debd..66fce72 100644 --- a/drivers/gpu/drm/ttm/ttm_page_alloc.c +++ b/drivers/gpu/drm/ttm/ttm_page_alloc.c @@ -398,9 +398,9 @@ static int ttm_pool_get_num_unused_pages(void) @@ -30933,7 +31588,7 @@ index 727e93d..1565650 100644 int shrink_pages = sc->nr_to_scan; diff --git a/drivers/gpu/drm/via/via_drv.h b/drivers/gpu/drm/via/via_drv.h -index 9cf87d9..2000b7d 100644 +index 88edacc..1e5412b 100644 --- a/drivers/gpu/drm/via/via_drv.h +++ b/drivers/gpu/drm/via/via_drv.h @@ -51,7 +51,7 @@ typedef struct drm_via_ring_buffer { @@ -31117,10 +31772,10 @@ index 8a8725c..afed796 100644 marker = list_first_entry(&queue->head, struct vmw_marker, head); diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c -index bb656d8..4169fca 100644 +index 75dbe34..f9204a8 100644 --- a/drivers/hid/hid-core.c +++ b/drivers/hid/hid-core.c -@@ -2012,7 +2012,7 @@ static bool hid_ignore(struct hid_device *hdev) +@@ -2021,7 +2021,7 @@ static bool hid_ignore(struct hid_device *hdev) int hid_add_device(struct hid_device *hdev) { @@ -31129,7 +31784,7 @@ index bb656d8..4169fca 100644 int ret; if (WARN_ON(hdev->status & HID_STAT_ADDED)) -@@ -2027,7 +2027,7 @@ int hid_add_device(struct hid_device *hdev) +@@ -2036,7 +2036,7 @@ int hid_add_device(struct hid_device *hdev) /* XXX hack, any other cleaner solution after the driver core * is converted to allow more than 20 bytes as the device name? */ dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus, @@ -31139,7 +31794,7 @@ index bb656d8..4169fca 100644 hid_debug_register(hdev, dev_name(&hdev->dev)); ret = device_add(&hdev->dev); diff --git a/drivers/hid/usbhid/hiddev.c b/drivers/hid/usbhid/hiddev.c -index 4ef02b2..8a96831 100644 +index b1ec0e2..c295a61 100644 --- a/drivers/hid/usbhid/hiddev.c +++ b/drivers/hid/usbhid/hiddev.c @@ -624,7 +624,7 @@ static long hiddev_ioctl(struct file *file, unsigned int cmd, unsigned long arg) @@ -31167,7 +31822,7 @@ index 4065374..10ed7dc 100644 ret = create_gpadl_header(kbuffer, size, &msginfo, &msgcount); if (ret) diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c -index 0fb100e..baf87e5 100644 +index 12aa97f..c0679f7 100644 --- a/drivers/hv/hv.c +++ b/drivers/hv/hv.c @@ -132,7 +132,7 @@ static u64 do_hypercall(u64 control, void *input, void *output) @@ -31180,7 +31835,7 @@ index 0fb100e..baf87e5 100644 __asm__ __volatile__ ("call *%8" : "=d"(hv_status_hi), "=a"(hv_status_lo) : "d" (control_hi), diff --git a/drivers/hv/hyperv_vmbus.h b/drivers/hv/hyperv_vmbus.h -index 0aee112..b72d21f 100644 +index 6d7d286..92b0873 100644 --- a/drivers/hv/hyperv_vmbus.h +++ b/drivers/hv/hyperv_vmbus.h @@ -556,7 +556,7 @@ enum vmbus_connect_state { @@ -31193,7 +31848,7 @@ index 0aee112..b72d21f 100644 /* * Represents channel interrupts. Each bit position represents a diff --git a/drivers/hv/vmbus_drv.c b/drivers/hv/vmbus_drv.c -index d2d0a2a..90b8f4d 100644 +index a220e57..428f54d 100644 --- a/drivers/hv/vmbus_drv.c +++ b/drivers/hv/vmbus_drv.c @@ -663,10 +663,10 @@ int vmbus_device_register(struct hv_device *child_device_obj) @@ -31210,7 +31865,7 @@ index d2d0a2a..90b8f4d 100644 child_device_obj->device.bus = &hv_bus; child_device_obj->device.parent = &hv_acpi_dev->dev; diff --git a/drivers/hwmon/acpi_power_meter.c b/drivers/hwmon/acpi_power_meter.c -index 66f6729..2d6de0a 100644 +index 554f046..f8b4729 100644 --- a/drivers/hwmon/acpi_power_meter.c +++ b/drivers/hwmon/acpi_power_meter.c @@ -316,8 +316,6 @@ static ssize_t set_trip(struct device *dev, struct device_attribute *devattr, @@ -31223,7 +31878,7 @@ index 66f6729..2d6de0a 100644 mutex_lock(&resource->lock); resource->trip[attr->index - 7] = temp; diff --git a/drivers/hwmon/sht15.c b/drivers/hwmon/sht15.c -index 5357925..6cf0418 100644 +index 91fdd1f..b66a686 100644 --- a/drivers/hwmon/sht15.c +++ b/drivers/hwmon/sht15.c @@ -166,7 +166,7 @@ struct sht15_data { @@ -31556,7 +32211,7 @@ index 8126824..55a2798 100644 } } diff --git a/drivers/ide/ide-pci-generic.c b/drivers/ide/ide-pci-generic.c -index a743e68..1cfd674 100644 +index 7f56b73..dab5b67 100644 --- a/drivers/ide/ide-pci-generic.c +++ b/drivers/ide/ide-pci-generic.c @@ -53,7 +53,7 @@ static const struct ide_port_ops netcell_port_ops = { @@ -31842,7 +32497,7 @@ index f46f49c..eb77678 100644 .init_chipset = init_chipset_via82cxxx, .enablebits = { { 0x40, 0x02, 0x02 }, { 0x40, 0x01, 0x01 } }, diff --git a/drivers/ieee802154/fakehard.c b/drivers/ieee802154/fakehard.c -index eb0e2cc..14241c7 100644 +index 73d4531..c90cd2d 100644 --- a/drivers/ieee802154/fakehard.c +++ b/drivers/ieee802154/fakehard.c @@ -386,7 +386,7 @@ static int __devinit ieee802154fake_probe(struct platform_device *pdev) @@ -31855,7 +32510,7 @@ index eb0e2cc..14241c7 100644 priv = netdev_priv(dev); priv->phy = phy; diff --git a/drivers/infiniband/core/cm.c b/drivers/infiniband/core/cm.c -index 8b72f39..55df4c8 100644 +index c889aae..6cf5aa7 100644 --- a/drivers/infiniband/core/cm.c +++ b/drivers/infiniband/core/cm.c @@ -114,7 +114,7 @@ static char const counter_group_names[CM_COUNTER_GROUPS] @@ -32091,7 +32746,7 @@ index 40c8353..946b0e4 100644 PDBG("%s stag_state 0x%0x type 0x%0x pdid 0x%0x, stag_idx 0x%x\n", __func__, stag_state, type, pdid, stag_idx); diff --git a/drivers/infiniband/hw/ipath/ipath_fs.c b/drivers/infiniband/hw/ipath/ipath_fs.c -index 31ae1b1..641d285 100644 +index a4de9d5..5fa20c3 100644 --- a/drivers/infiniband/hw/ipath/ipath_fs.c +++ b/drivers/infiniband/hw/ipath/ipath_fs.c @@ -126,6 +126,8 @@ static const struct file_operations atomic_counters_ops = { @@ -32103,6 +32758,15 @@ index 31ae1b1..641d285 100644 size_t count, loff_t *ppos) { struct ipath_devdata *dd; +@@ -177,6 +179,8 @@ bail: + } + + static ssize_t flash_write(struct file *file, const char __user *buf, ++ size_t count, loff_t *ppos) __size_overflow(3); ++static ssize_t flash_write(struct file *file, const char __user *buf, + size_t count, loff_t *ppos) + { + struct ipath_devdata *dd; diff --git a/drivers/infiniband/hw/ipath/ipath_rc.c b/drivers/infiniband/hw/ipath/ipath_rc.c index 79b3dbc..96e5fcc 100644 --- a/drivers/infiniband/hw/ipath/ipath_rc.c @@ -32158,7 +32822,7 @@ index 1f95bba..9530f87 100644 sdata, wqe->wr.wr.atomic.swap); goto send_comp; diff --git a/drivers/infiniband/hw/nes/nes.c b/drivers/infiniband/hw/nes/nes.c -index 5965b3d..16817fb 100644 +index 7140199..da60063 100644 --- a/drivers/infiniband/hw/nes/nes.c +++ b/drivers/infiniband/hw/nes/nes.c @@ -103,7 +103,7 @@ MODULE_PARM_DESC(limit_maxrdreqsz, "Limit max read request size to 256 Bytes"); @@ -32180,7 +32844,7 @@ index 5965b3d..16817fb 100644 /* Free the control structures */ diff --git a/drivers/infiniband/hw/nes/nes.h b/drivers/infiniband/hw/nes/nes.h -index 568b4f1..5ea3eff 100644 +index c438e46..ca30356 100644 --- a/drivers/infiniband/hw/nes/nes.h +++ b/drivers/infiniband/hw/nes/nes.h @@ -178,17 +178,17 @@ extern unsigned int nes_debug_level; @@ -32239,7 +32903,7 @@ index 568b4f1..5ea3eff 100644 extern u32 int_mod_timer_init; extern u32 int_mod_cq_depth_256; diff --git a/drivers/infiniband/hw/nes/nes_cm.c b/drivers/infiniband/hw/nes/nes_cm.c -index 0a52d72..0642f36 100644 +index a4972ab..1bcfc31 100644 --- a/drivers/infiniband/hw/nes/nes_cm.c +++ b/drivers/infiniband/hw/nes/nes_cm.c @@ -68,14 +68,14 @@ u32 cm_packets_dropped; @@ -32285,7 +32949,7 @@ index 0a52d72..0642f36 100644 int nes_add_ref_cm_node(struct nes_cm_node *cm_node) { -@@ -1271,7 +1271,7 @@ static int mini_cm_dec_refcnt_listen(struct nes_cm_core *cm_core, +@@ -1274,7 +1274,7 @@ static int mini_cm_dec_refcnt_listen(struct nes_cm_core *cm_core, kfree(listener); listener = NULL; ret = 0; @@ -32348,7 +33012,7 @@ index 0a52d72..0642f36 100644 dev_kfree_skb_any(skb); } break; -@@ -2880,7 +2880,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp) +@@ -2881,7 +2881,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp) if ((cm_id) && (cm_id->event_handler)) { if (issue_disconn) { @@ -32357,7 +33021,7 @@ index 0a52d72..0642f36 100644 cm_event.event = IW_CM_EVENT_DISCONNECT; cm_event.status = disconn_status; cm_event.local_addr = cm_id->local_addr; -@@ -2902,7 +2902,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp) +@@ -2903,7 +2903,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp) } if (issue_close) { @@ -32366,7 +33030,7 @@ index 0a52d72..0642f36 100644 nes_disconnect(nesqp, 1); cm_id->provider_data = nesqp; -@@ -3038,7 +3038,7 @@ int nes_accept(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param) +@@ -3039,7 +3039,7 @@ int nes_accept(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param) nes_debug(NES_DBG_CM, "QP%u, cm_node=%p, jiffies = %lu listener = %p\n", nesqp->hwqp.qp_id, cm_node, jiffies, cm_node->listener); @@ -32375,7 +33039,7 @@ index 0a52d72..0642f36 100644 nes_debug(NES_DBG_CM, "netdev refcnt = %u.\n", netdev_refcnt_read(nesvnic->netdev)); -@@ -3240,7 +3240,7 @@ int nes_reject(struct iw_cm_id *cm_id, const void *pdata, u8 pdata_len) +@@ -3241,7 +3241,7 @@ int nes_reject(struct iw_cm_id *cm_id, const void *pdata, u8 pdata_len) struct nes_cm_core *cm_core; u8 *start_buff; @@ -32384,7 +33048,7 @@ index 0a52d72..0642f36 100644 cm_node = (struct nes_cm_node *)cm_id->provider_data; loopback = cm_node->loopbackpartner; cm_core = cm_node->cm_core; -@@ -3300,7 +3300,7 @@ int nes_connect(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param) +@@ -3301,7 +3301,7 @@ int nes_connect(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param) ntohl(cm_id->local_addr.sin_addr.s_addr), ntohs(cm_id->local_addr.sin_port)); @@ -32393,7 +33057,7 @@ index 0a52d72..0642f36 100644 nesqp->active_conn = 1; /* cache the cm_id in the qp */ -@@ -3406,7 +3406,7 @@ int nes_create_listen(struct iw_cm_id *cm_id, int backlog) +@@ -3407,7 +3407,7 @@ int nes_create_listen(struct iw_cm_id *cm_id, int backlog) g_cm_core->api->stop_listener(g_cm_core, (void *)cm_node); return err; } @@ -32402,7 +33066,7 @@ index 0a52d72..0642f36 100644 } cm_id->add_ref(cm_id); -@@ -3507,7 +3507,7 @@ static void cm_event_connected(struct nes_cm_event *event) +@@ -3508,7 +3508,7 @@ static void cm_event_connected(struct nes_cm_event *event) if (nesqp->destroyed) return; @@ -32411,7 +33075,7 @@ index 0a52d72..0642f36 100644 nes_debug(NES_DBG_CM, "QP%u attempting to connect to 0x%08X:0x%04X on" " local port 0x%04X. jiffies = %lu.\n", nesqp->hwqp.qp_id, -@@ -3694,7 +3694,7 @@ static void cm_event_reset(struct nes_cm_event *event) +@@ -3695,7 +3695,7 @@ static void cm_event_reset(struct nes_cm_event *event) cm_id->add_ref(cm_id); ret = cm_id->event_handler(cm_id, &cm_event); @@ -32420,7 +33084,7 @@ index 0a52d72..0642f36 100644 cm_event.event = IW_CM_EVENT_CLOSE; cm_event.status = 0; cm_event.provider_data = cm_id->provider_data; -@@ -3730,7 +3730,7 @@ static void cm_event_mpa_req(struct nes_cm_event *event) +@@ -3731,7 +3731,7 @@ static void cm_event_mpa_req(struct nes_cm_event *event) return; cm_id = cm_node->cm_id; @@ -32429,7 +33093,7 @@ index 0a52d72..0642f36 100644 nes_debug(NES_DBG_CM, "cm_node = %p - cm_id = %p, jiffies = %lu\n", cm_node, cm_id, jiffies); -@@ -3770,7 +3770,7 @@ static void cm_event_mpa_reject(struct nes_cm_event *event) +@@ -3771,7 +3771,7 @@ static void cm_event_mpa_reject(struct nes_cm_event *event) return; cm_id = cm_node->cm_id; @@ -32439,7 +33103,7 @@ index 0a52d72..0642f36 100644 cm_node, cm_id, jiffies); diff --git a/drivers/infiniband/hw/nes/nes_mgt.c b/drivers/infiniband/hw/nes/nes_mgt.c -index b3b2a24..7bfaf1e 100644 +index 3ba7be3..c81f6ff 100644 --- a/drivers/infiniband/hw/nes/nes_mgt.c +++ b/drivers/infiniband/hw/nes/nes_mgt.c @@ -40,8 +40,8 @@ @@ -32472,7 +33136,7 @@ index b3b2a24..7bfaf1e 100644 } diff --git a/drivers/infiniband/hw/nes/nes_nic.c b/drivers/infiniband/hw/nes/nes_nic.c -index c00d2f3..8834298 100644 +index f3a3ecf..57d311d 100644 --- a/drivers/infiniband/hw/nes/nes_nic.c +++ b/drivers/infiniband/hw/nes/nes_nic.c @@ -1277,39 +1277,39 @@ static void nes_netdev_get_ethtool_stats(struct net_device *netdev, @@ -32536,7 +33200,7 @@ index c00d2f3..8834298 100644 /** diff --git a/drivers/infiniband/hw/nes/nes_verbs.c b/drivers/infiniband/hw/nes/nes_verbs.c -index 5095bc4..41e8fff 100644 +index 0927b5c..ed67986 100644 --- a/drivers/infiniband/hw/nes/nes_verbs.c +++ b/drivers/infiniband/hw/nes/nes_verbs.c @@ -46,9 +46,9 @@ @@ -32583,7 +33247,7 @@ index b881bdc..c2e360c 100644 #include "qib_common.h" #include "qib_verbs.h" diff --git a/drivers/infiniband/hw/qib/qib_fs.c b/drivers/infiniband/hw/qib/qib_fs.c -index df7fa25..0c854f0 100644 +index 05e0f17..0275789 100644 --- a/drivers/infiniband/hw/qib/qib_fs.c +++ b/drivers/infiniband/hw/qib/qib_fs.c @@ -267,6 +267,8 @@ static const struct file_operations qsfp_ops[] = { @@ -32595,6 +33259,15 @@ index df7fa25..0c854f0 100644 size_t count, loff_t *ppos) { struct qib_devdata *dd; +@@ -318,6 +320,8 @@ bail: + } + + static ssize_t flash_write(struct file *file, const char __user *buf, ++ size_t count, loff_t *ppos) __size_overflow(3); ++static ssize_t flash_write(struct file *file, const char __user *buf, + size_t count, loff_t *ppos) + { + struct qib_devdata *dd; diff --git a/drivers/input/gameport/gameport.c b/drivers/input/gameport/gameport.c index c351aa4..e6967c2 100644 --- a/drivers/input/gameport/gameport.c @@ -32617,7 +33290,7 @@ index c351aa4..e6967c2 100644 gameport->dev.release = gameport_release_port; if (gameport->parent) diff --git a/drivers/input/input.c b/drivers/input/input.c -index da38d97..2aa0b79 100644 +index 1f78c95..3cddc6c 100644 --- a/drivers/input/input.c +++ b/drivers/input/input.c @@ -1814,7 +1814,7 @@ static void input_cleanse_bitmasks(struct input_dev *dev) @@ -32651,7 +33324,7 @@ index b8d8611..7a4a04b 100644 #include #include diff --git a/drivers/input/joystick/xpad.c b/drivers/input/joystick/xpad.c -index d728875..844c89b 100644 +index fd7a0d5..a4af10c 100644 --- a/drivers/input/joystick/xpad.c +++ b/drivers/input/joystick/xpad.c @@ -710,7 +710,7 @@ static void xpad_led_set(struct led_classdev *led_cdev, @@ -32921,19 +33594,6 @@ index a3bd163..8956575 100644 typedef struct _diva_os_xdi_adapter { struct list_head link; -diff --git a/drivers/isdn/i4l/isdn_net.c b/drivers/isdn/i4l/isdn_net.c -index 2339d73..802ab87a 100644 ---- a/drivers/isdn/i4l/isdn_net.c -+++ b/drivers/isdn/i4l/isdn_net.c -@@ -1901,7 +1901,7 @@ static int isdn_net_header(struct sk_buff *skb, struct net_device *dev, - { - isdn_net_local *lp = netdev_priv(dev); - unsigned char *p; -- ushort len = 0; -+ int len = 0; - - switch (lp->p_encap) { - case ISDN_NET_ENCAP_ETHER: diff --git a/drivers/isdn/icn/icn.c b/drivers/isdn/icn/icn.c index 1f355bb..43f1fea 100644 --- a/drivers/isdn/icn/icn.c @@ -32991,7 +33651,7 @@ index ff4a0bc..f5fdd9c 100644 { struct lguest *lg = file->private_data; diff --git a/drivers/lguest/x86/core.c b/drivers/lguest/x86/core.c -index 65af42f..530c87a 100644 +index 3980903..ce25c5e 100644 --- a/drivers/lguest/x86/core.c +++ b/drivers/lguest/x86/core.c @@ -59,7 +59,7 @@ static struct { @@ -33123,8 +33783,21 @@ index 1ce84ed..0fdd40a 100644 if (!*param->name) { DMWARN("name not supplied when creating device"); return -EINVAL; +diff --git a/drivers/md/dm-log-userspace-transfer.c b/drivers/md/dm-log-userspace-transfer.c +index 1f23e04..08d9a20 100644 +--- a/drivers/md/dm-log-userspace-transfer.c ++++ b/drivers/md/dm-log-userspace-transfer.c +@@ -134,7 +134,7 @@ static void cn_ulog_callback(struct cn_msg *msg, struct netlink_skb_parms *nsp) + { + struct dm_ulog_request *tfr = (struct dm_ulog_request *)(msg + 1); + +- if (!cap_raised(current_cap(), CAP_SYS_ADMIN)) ++ if (!capable(CAP_SYS_ADMIN)) + return; + + spin_lock(&receiving_list_lock); diff --git a/drivers/md/dm-raid1.c b/drivers/md/dm-raid1.c -index 9bfd057..01180bc 100644 +index 9bfd057..5373ff3 100644 --- a/drivers/md/dm-raid1.c +++ b/drivers/md/dm-raid1.c @@ -40,7 +40,7 @@ enum dm_raid1_error { @@ -33181,7 +33854,18 @@ index 9bfd057..01180bc 100644 m = NULL; if (likely(m)) -@@ -937,7 +937,7 @@ static int get_mirror(struct mirror_set *ms, struct dm_target *ti, +@@ -848,6 +848,10 @@ static void do_mirror(struct work_struct *work) + static struct mirror_set *alloc_context(unsigned int nr_mirrors, + uint32_t region_size, + struct dm_target *ti, ++ struct dm_dirty_log *dl) __size_overflow(1); ++static struct mirror_set *alloc_context(unsigned int nr_mirrors, ++ uint32_t region_size, ++ struct dm_target *ti, + struct dm_dirty_log *dl) + { + size_t len; +@@ -937,7 +941,7 @@ static int get_mirror(struct mirror_set *ms, struct dm_target *ti, } ms->mirror[mirror].ms = ms; @@ -33190,7 +33874,7 @@ index 9bfd057..01180bc 100644 ms->mirror[mirror].error_type = 0; ms->mirror[mirror].offset = offset; -@@ -1347,7 +1347,7 @@ static void mirror_resume(struct dm_target *ti) +@@ -1347,7 +1351,7 @@ static void mirror_resume(struct dm_target *ti) */ static char device_status_char(struct mirror *m) { @@ -33200,7 +33884,7 @@ index 9bfd057..01180bc 100644 return (test_bit(DM_RAID1_FLUSH_ERROR, &(m->error_type))) ? 'F' : diff --git a/drivers/md/dm-stripe.c b/drivers/md/dm-stripe.c -index 3d80cf0..b77cc47 100644 +index 3d80cf0..7d98e1a 100644 --- a/drivers/md/dm-stripe.c +++ b/drivers/md/dm-stripe.c @@ -20,7 +20,7 @@ struct stripe { @@ -33212,7 +33896,15 @@ index 3d80cf0..b77cc47 100644 }; struct stripe_c { -@@ -192,7 +192,7 @@ static int stripe_ctr(struct dm_target *ti, unsigned int argc, char **argv) +@@ -55,6 +55,7 @@ static void trigger_event(struct work_struct *work) + dm_table_event(sc->ti->table); + } + ++static inline struct stripe_c *alloc_context(unsigned int stripes) __size_overflow(1); + static inline struct stripe_c *alloc_context(unsigned int stripes) + { + size_t len; +@@ -192,7 +193,7 @@ static int stripe_ctr(struct dm_target *ti, unsigned int argc, char **argv) kfree(sc); return r; } @@ -33221,7 +33913,7 @@ index 3d80cf0..b77cc47 100644 } ti->private = sc; -@@ -314,7 +314,7 @@ static int stripe_status(struct dm_target *ti, +@@ -314,7 +315,7 @@ static int stripe_status(struct dm_target *ti, DMEMIT("%d ", sc->stripes); for (i = 0; i < sc->stripes; i++) { DMEMIT("%s ", sc->stripe[i].dev->name); @@ -33230,7 +33922,7 @@ index 3d80cf0..b77cc47 100644 'D' : 'A'; } buffer[i] = '\0'; -@@ -361,8 +361,8 @@ static int stripe_end_io(struct dm_target *ti, struct bio *bio, +@@ -361,8 +362,8 @@ static int stripe_end_io(struct dm_target *ti, struct bio *bio, */ for (i = 0; i < sc->stripes; i++) if (!strcmp(sc->stripe[i].dev->name, major_minor)) { @@ -33242,7 +33934,7 @@ index 3d80cf0..b77cc47 100644 schedule_work(&sc->trigger_event); } diff --git a/drivers/md/dm-table.c b/drivers/md/dm-table.c -index 8e91321..fd17aef 100644 +index 63cc542..8d45caf3 100644 --- a/drivers/md/dm-table.c +++ b/drivers/md/dm-table.c @@ -391,7 +391,7 @@ static int device_area_is_invalid(struct dm_target *ti, struct dm_dev *dev, @@ -33277,10 +33969,10 @@ index 237571a..fb6d19b 100644 pmd->bl_info.value_type.inc = data_block_inc; pmd->bl_info.value_type.dec = data_block_dec; diff --git a/drivers/md/dm.c b/drivers/md/dm.c -index 4720f68..78d1df7 100644 +index b89c548..2af3ce4 100644 --- a/drivers/md/dm.c +++ b/drivers/md/dm.c -@@ -177,9 +177,9 @@ struct mapped_device { +@@ -176,9 +176,9 @@ struct mapped_device { /* * Event handling. */ @@ -33292,7 +33984,7 @@ index 4720f68..78d1df7 100644 struct list_head uevent_list; spinlock_t uevent_lock; /* Protect access to uevent_list */ -@@ -1845,8 +1845,8 @@ static struct mapped_device *alloc_dev(int minor) +@@ -1844,8 +1844,8 @@ static struct mapped_device *alloc_dev(int minor) rwlock_init(&md->map_lock); atomic_set(&md->holders, 1); atomic_set(&md->open_count, 0); @@ -33303,7 +33995,7 @@ index 4720f68..78d1df7 100644 INIT_LIST_HEAD(&md->uevent_list); spin_lock_init(&md->uevent_lock); -@@ -1980,7 +1980,7 @@ static void event_callback(void *context) +@@ -1979,7 +1979,7 @@ static void event_callback(void *context) dm_send_uevents(&uevents, &disk_to_dev(md->disk)->kobj); @@ -33312,7 +34004,7 @@ index 4720f68..78d1df7 100644 wake_up(&md->eventq); } -@@ -2622,18 +2622,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action, +@@ -2621,18 +2621,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action, uint32_t dm_next_uevent_seq(struct mapped_device *md) { @@ -33335,10 +34027,10 @@ index 4720f68..78d1df7 100644 void dm_uevent_add(struct mapped_device *md, struct list_head *elist) diff --git a/drivers/md/md.c b/drivers/md/md.c -index f47f1f8..b7f559e 100644 +index 58027d8..d9cddcd 100644 --- a/drivers/md/md.c +++ b/drivers/md/md.c -@@ -278,10 +278,10 @@ EXPORT_SYMBOL_GPL(md_trim_bio); +@@ -277,10 +277,10 @@ EXPORT_SYMBOL_GPL(md_trim_bio); * start build, activate spare */ static DECLARE_WAIT_QUEUE_HEAD(md_event_waiters); @@ -33351,7 +34043,7 @@ index f47f1f8..b7f559e 100644 wake_up(&md_event_waiters); } EXPORT_SYMBOL_GPL(md_new_event); -@@ -291,7 +291,7 @@ EXPORT_SYMBOL_GPL(md_new_event); +@@ -290,7 +290,7 @@ EXPORT_SYMBOL_GPL(md_new_event); */ static void md_new_event_inintr(struct mddev *mddev) { @@ -33360,7 +34052,7 @@ index f47f1f8..b7f559e 100644 wake_up(&md_event_waiters); } -@@ -1525,7 +1525,7 @@ static int super_1_load(struct md_rdev *rdev, struct md_rdev *refdev, int minor_ +@@ -1524,7 +1524,7 @@ static int super_1_load(struct md_rdev *rdev, struct md_rdev *refdev, int minor_ rdev->preferred_minor = 0xffff; rdev->data_offset = le64_to_cpu(sb->data_offset); @@ -33369,7 +34061,7 @@ index f47f1f8..b7f559e 100644 rdev->sb_size = le32_to_cpu(sb->max_dev) * 2 + 256; bmask = queue_logical_block_size(rdev->bdev->bd_disk->queue)-1; -@@ -1742,7 +1742,7 @@ static void super_1_sync(struct mddev *mddev, struct md_rdev *rdev) +@@ -1743,7 +1743,7 @@ static void super_1_sync(struct mddev *mddev, struct md_rdev *rdev) else sb->resync_offset = cpu_to_le64(0); @@ -33378,7 +34070,7 @@ index f47f1f8..b7f559e 100644 sb->raid_disks = cpu_to_le32(mddev->raid_disks); sb->size = cpu_to_le64(mddev->dev_sectors); -@@ -2639,7 +2639,7 @@ __ATTR(state, S_IRUGO|S_IWUSR, state_show, state_store); +@@ -2689,7 +2689,7 @@ __ATTR(state, S_IRUGO|S_IWUSR, state_show, state_store); static ssize_t errors_show(struct md_rdev *rdev, char *page) { @@ -33387,7 +34079,7 @@ index f47f1f8..b7f559e 100644 } static ssize_t -@@ -2648,7 +2648,7 @@ errors_store(struct md_rdev *rdev, const char *buf, size_t len) +@@ -2698,7 +2698,7 @@ errors_store(struct md_rdev *rdev, const char *buf, size_t len) char *e; unsigned long n = simple_strtoul(buf, &e, 10); if (*buf && (*e == 0 || *e == '\n')) { @@ -33396,7 +34088,7 @@ index f47f1f8..b7f559e 100644 return len; } return -EINVAL; -@@ -3039,8 +3039,8 @@ int md_rdev_init(struct md_rdev *rdev) +@@ -3084,8 +3084,8 @@ int md_rdev_init(struct md_rdev *rdev) rdev->sb_loaded = 0; rdev->bb_page = NULL; atomic_set(&rdev->nr_pending, 0); @@ -33407,7 +34099,7 @@ index f47f1f8..b7f559e 100644 INIT_LIST_HEAD(&rdev->same_set); init_waitqueue_head(&rdev->blocked_wait); -@@ -6683,7 +6683,7 @@ static int md_seq_show(struct seq_file *seq, void *v) +@@ -6736,7 +6736,7 @@ static int md_seq_show(struct seq_file *seq, void *v) spin_unlock(&pers_lock); seq_printf(seq, "\n"); @@ -33416,7 +34108,7 @@ index f47f1f8..b7f559e 100644 return 0; } if (v == (void*)2) { -@@ -6772,7 +6772,7 @@ static int md_seq_show(struct seq_file *seq, void *v) +@@ -6828,7 +6828,7 @@ static int md_seq_show(struct seq_file *seq, void *v) chunk_kb ? "KB" : "B"); if (bitmap->file) { seq_printf(seq, ", file: "); @@ -33425,7 +34117,7 @@ index f47f1f8..b7f559e 100644 } seq_printf(seq, "\n"); -@@ -6803,7 +6803,7 @@ static int md_seq_open(struct inode *inode, struct file *file) +@@ -6859,7 +6859,7 @@ static int md_seq_open(struct inode *inode, struct file *file) return error; seq = file->private_data; @@ -33434,7 +34126,7 @@ index f47f1f8..b7f559e 100644 return error; } -@@ -6817,7 +6817,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait) +@@ -6873,7 +6873,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait) /* always allow read */ mask = POLLIN | POLLRDNORM; @@ -33443,7 +34135,7 @@ index f47f1f8..b7f559e 100644 mask |= POLLERR | POLLPRI; return mask; } -@@ -6861,7 +6861,7 @@ static int is_mddev_idle(struct mddev *mddev, int init) +@@ -6917,7 +6917,7 @@ static int is_mddev_idle(struct mddev *mddev, int init) struct gendisk *disk = rdev->bdev->bd_contains->bd_disk; curr_events = (int)part_stat_read(&disk->part0, sectors[0]) + (int)part_stat_read(&disk->part0, sectors[1]) - @@ -33453,10 +34145,10 @@ index f47f1f8..b7f559e 100644 * as sync_io is counted when a request starts, and * disk_stats is counted when it completes. diff --git a/drivers/md/md.h b/drivers/md/md.h -index cf742d9..7c7c745 100644 +index 44c63df..b795d1a 100644 --- a/drivers/md/md.h +++ b/drivers/md/md.h -@@ -120,13 +120,13 @@ struct md_rdev { +@@ -93,13 +93,13 @@ struct md_rdev { * only maintained for arrays that * support hot removal */ @@ -33472,7 +34164,7 @@ index cf742d9..7c7c745 100644 * for reporting to userspace and storing * in superblock. */ -@@ -410,7 +410,7 @@ static inline void rdev_dec_pending(struct md_rdev *rdev, struct mddev *mddev) +@@ -421,7 +421,7 @@ static inline void rdev_dec_pending(struct md_rdev *rdev, struct mddev *mddev) static inline void md_sync_acct(struct block_device *bdev, unsigned long nr_sectors) { @@ -33533,10 +34225,10 @@ index 1cbfc6b..56e1dbb 100644 /*----------------------------------------------------------------*/ diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c -index 7d9e071..015b1d5 100644 +index edc735a..e9b97f1 100644 --- a/drivers/md/raid1.c +++ b/drivers/md/raid1.c -@@ -1568,7 +1568,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio) +@@ -1645,7 +1645,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio) if (r1_sync_page_io(rdev, sect, s, bio->bi_io_vec[idx].bv_page, READ) != 0) @@ -33545,7 +34237,7 @@ index 7d9e071..015b1d5 100644 } sectors -= s; sect += s; -@@ -1781,7 +1781,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk, +@@ -1859,7 +1859,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk, test_bit(In_sync, &rdev->flags)) { if (r1_sync_page_io(rdev, sect, s, conf->tmppage, READ)) { @@ -33555,10 +34247,10 @@ index 7d9e071..015b1d5 100644 "md/raid1:%s: read error corrected " "(%d sectors at %llu on %s)\n", diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c -index 685ddf3..955b087 100644 +index 1898389..a3aa617 100644 --- a/drivers/md/raid10.c +++ b/drivers/md/raid10.c -@@ -1440,7 +1440,7 @@ static void end_sync_read(struct bio *bio, int error) +@@ -1636,7 +1636,7 @@ static void end_sync_read(struct bio *bio, int error) /* The write handler will notice the lack of * R10BIO_Uptodate and record any errors etc */ @@ -33567,7 +34259,7 @@ index 685ddf3..955b087 100644 &conf->mirrors[d].rdev->corrected_errors); /* for reconstruct, we always reschedule after a read. -@@ -1740,7 +1740,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) +@@ -1987,7 +1987,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) { struct timespec cur_time_mon; unsigned long hours_since_last; @@ -33576,7 +34268,7 @@ index 685ddf3..955b087 100644 ktime_get_ts(&cur_time_mon); -@@ -1762,9 +1762,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) +@@ -2009,9 +2009,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) * overflowing the shift of read_errors by hours_since_last. */ if (hours_since_last >= 8 * sizeof(read_errors)) @@ -33588,7 +34280,7 @@ index 685ddf3..955b087 100644 } static int r10_sync_page_io(struct md_rdev *rdev, sector_t sector, -@@ -1814,8 +1814,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 +@@ -2065,8 +2065,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 return; check_decay_read_errors(mddev, rdev); @@ -33599,7 +34291,7 @@ index 685ddf3..955b087 100644 char b[BDEVNAME_SIZE]; bdevname(rdev->bdev, b); -@@ -1823,7 +1823,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 +@@ -2074,7 +2074,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 "md/raid10:%s: %s: Raid device exceeded " "read_error threshold [cur %d:max %d]\n", mdname(mddev), b, @@ -33608,7 +34300,7 @@ index 685ddf3..955b087 100644 printk(KERN_NOTICE "md/raid10:%s: %s: Failing raid device\n", mdname(mddev), b); -@@ -1968,7 +1968,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 +@@ -2223,7 +2223,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 (unsigned long long)( sect + rdev->data_offset), bdevname(rdev->bdev, b)); @@ -33618,10 +34310,10 @@ index 685ddf3..955b087 100644 rdev_dec_pending(rdev, mddev); diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c -index 858fdbb..b2dac95 100644 +index d1162e5..c7cd902 100644 --- a/drivers/md/raid5.c +++ b/drivers/md/raid5.c -@@ -1610,19 +1610,19 @@ static void raid5_end_read_request(struct bio * bi, int error) +@@ -1687,18 +1687,18 @@ static void raid5_end_read_request(struct bio * bi, int error) (unsigned long long)(sh->sector + rdev->data_offset), bdevname(rdev->bdev, b)); @@ -33630,22 +34322,21 @@ index 858fdbb..b2dac95 100644 clear_bit(R5_ReadError, &sh->dev[i].flags); clear_bit(R5_ReWrite, &sh->dev[i].flags); } -- if (atomic_read(&conf->disks[i].rdev->read_errors)) -- atomic_set(&conf->disks[i].rdev->read_errors, 0); -+ if (atomic_read_unchecked(&conf->disks[i].rdev->read_errors)) -+ atomic_set_unchecked(&conf->disks[i].rdev->read_errors, 0); +- if (atomic_read(&rdev->read_errors)) +- atomic_set(&rdev->read_errors, 0); ++ if (atomic_read_unchecked(&rdev->read_errors)) ++ atomic_set_unchecked(&rdev->read_errors, 0); } else { - const char *bdn = bdevname(conf->disks[i].rdev->bdev, b); + const char *bdn = bdevname(rdev->bdev, b); int retry = 0; - rdev = conf->disks[i].rdev; clear_bit(R5_UPTODATE, &sh->dev[i].flags); - atomic_inc(&rdev->read_errors); + atomic_inc_unchecked(&rdev->read_errors); - if (conf->mddev->degraded >= conf->max_degraded) + if (test_bit(R5_ReadRepl, &sh->dev[i].flags)) printk_ratelimited( KERN_WARNING -@@ -1642,7 +1642,7 @@ static void raid5_end_read_request(struct bio * bi, int error) +@@ -1727,7 +1727,7 @@ static void raid5_end_read_request(struct bio * bi, int error) (unsigned long long)(sh->sector + rdev->data_offset), bdn); @@ -33655,7 +34346,7 @@ index 858fdbb..b2dac95 100644 printk(KERN_WARNING "md/raid:%s: Too many read errors, failing device %s.\n", diff --git a/drivers/media/dvb/ddbridge/ddbridge-core.c b/drivers/media/dvb/ddbridge/ddbridge-core.c -index ba9a643..e474ab5 100644 +index ce4f858..7bcfb46 100644 --- a/drivers/media/dvb/ddbridge/ddbridge-core.c +++ b/drivers/media/dvb/ddbridge/ddbridge-core.c @@ -1678,7 +1678,7 @@ static struct ddb_info ddb_v6 = { @@ -33681,7 +34372,7 @@ index a7d876f..8c21b61 100644 struct dvb_demux *demux; void *priv; diff --git a/drivers/media/dvb/dvb-core/dvbdev.c b/drivers/media/dvb/dvb-core/dvbdev.c -index f732877..d38c35a 100644 +index 00a6732..70a682e 100644 --- a/drivers/media/dvb/dvb-core/dvbdev.c +++ b/drivers/media/dvb/dvb-core/dvbdev.c @@ -192,7 +192,7 @@ int dvb_register_device(struct dvb_adapter *adap, struct dvb_device **pdvbdev, @@ -33694,20 +34385,20 @@ index f732877..d38c35a 100644 int minor; int id; diff --git a/drivers/media/dvb/dvb-usb/cxusb.c b/drivers/media/dvb/dvb-usb/cxusb.c -index 9f2a02c..5920f88 100644 +index 3940bb0..fb3952a 100644 --- a/drivers/media/dvb/dvb-usb/cxusb.c +++ b/drivers/media/dvb/dvb-usb/cxusb.c -@@ -1069,7 +1069,7 @@ static struct dib0070_config dib7070p_dib0070_config = { +@@ -1068,7 +1068,7 @@ static struct dib0070_config dib7070p_dib0070_config = { + struct dib0700_adapter_state { - int (*set_param_save) (struct dvb_frontend *, - struct dvb_frontend_parameters *); + int (*set_param_save) (struct dvb_frontend *); -}; +} __no_const; - static int dib7070_set_param_override(struct dvb_frontend *fe, - struct dvb_frontend_parameters *fep) + static int dib7070_set_param_override(struct dvb_frontend *fe) + { diff --git a/drivers/media/dvb/dvb-usb/dw2102.c b/drivers/media/dvb/dvb-usb/dw2102.c -index f103ec1..5e8968b 100644 +index 451c5a7..649f711 100644 --- a/drivers/media/dvb/dvb-usb/dw2102.c +++ b/drivers/media/dvb/dvb-usb/dw2102.c @@ -95,7 +95,7 @@ struct su3000_state { @@ -33732,21 +34423,8 @@ index 404f63a..4796533 100644 #if defined(CONFIG_DVB_DIB3000MB) || (defined(CONFIG_DVB_DIB3000MB_MODULE) && defined(MODULE)) extern struct dvb_frontend* dib3000mb_attach(const struct dib3000_config* config, -diff --git a/drivers/media/dvb/frontends/ds3000.c b/drivers/media/dvb/frontends/ds3000.c -index 90bf573..e8463da 100644 ---- a/drivers/media/dvb/frontends/ds3000.c -+++ b/drivers/media/dvb/frontends/ds3000.c -@@ -1210,7 +1210,7 @@ static int ds3000_set_frontend(struct dvb_frontend *fe, - - for (i = 0; i < 30 ; i++) { - ds3000_read_status(fe, &status); -- if (status && FE_HAS_LOCK) -+ if (status & FE_HAS_LOCK) - break; - - msleep(10); diff --git a/drivers/media/dvb/ngene/ngene-cards.c b/drivers/media/dvb/ngene/ngene-cards.c -index 0564192..75b16f5 100644 +index 8418c02..8555013 100644 --- a/drivers/media/dvb/ngene/ngene-cards.c +++ b/drivers/media/dvb/ngene/ngene-cards.c @@ -477,7 +477,7 @@ static struct ngene_info ngene_info_m780 = { @@ -33771,19 +34449,6 @@ index 16a089f..ab1667d 100644 mutex_lock(&dev->lock); if (dev->rdsstat == 0) { dev->rdsstat = 1; -diff --git a/drivers/media/rc/redrat3.c b/drivers/media/rc/redrat3.c -index 61287fc..8b08712 100644 ---- a/drivers/media/rc/redrat3.c -+++ b/drivers/media/rc/redrat3.c -@@ -905,7 +905,7 @@ static int redrat3_set_tx_carrier(struct rc_dev *dev, u32 carrier) - return carrier; - } - --static int redrat3_transmit_ir(struct rc_dev *rcdev, int *txbuf, u32 n) -+static int redrat3_transmit_ir(struct rc_dev *rcdev, unsigned *txbuf, u32 n) - { - struct redrat3_dev *rr3 = rcdev->priv; - struct device *dev = rr3->dev; diff --git a/drivers/media/video/au0828/au0828.h b/drivers/media/video/au0828/au0828.h index 9cde353..8c6a1c3 100644 --- a/drivers/media/video/au0828/au0828.h @@ -33797,8 +34462,46 @@ index 9cde353..8c6a1c3 100644 struct i2c_client i2c_client; u32 i2c_rc; +diff --git a/drivers/media/video/cpia2/cpia2_core.c b/drivers/media/video/cpia2/cpia2_core.c +index ee91e295..04ad048 100644 +--- a/drivers/media/video/cpia2/cpia2_core.c ++++ b/drivers/media/video/cpia2/cpia2_core.c +@@ -86,6 +86,7 @@ static inline unsigned long kvirt_to_pa(unsigned long adr) + return ret; + } + ++static void *rvmalloc(unsigned long size) __size_overflow(1); + static void *rvmalloc(unsigned long size) + { + void *mem; +diff --git a/drivers/media/video/cx18/cx18-alsa-pcm.c b/drivers/media/video/cx18/cx18-alsa-pcm.c +index 82d195b..181103c 100644 +--- a/drivers/media/video/cx18/cx18-alsa-pcm.c ++++ b/drivers/media/video/cx18/cx18-alsa-pcm.c +@@ -229,6 +229,8 @@ static int snd_cx18_pcm_ioctl(struct snd_pcm_substream *substream, + + + static int snd_pcm_alloc_vmalloc_buffer(struct snd_pcm_substream *subs, ++ size_t size) __size_overflow(2); ++static int snd_pcm_alloc_vmalloc_buffer(struct snd_pcm_substream *subs, + size_t size) + { + struct snd_pcm_runtime *runtime = subs->runtime; +diff --git a/drivers/media/video/cx231xx/cx231xx-audio.c b/drivers/media/video/cx231xx/cx231xx-audio.c +index a2c2b7d..8f1bec7 100644 +--- a/drivers/media/video/cx231xx/cx231xx-audio.c ++++ b/drivers/media/video/cx231xx/cx231xx-audio.c +@@ -389,6 +389,8 @@ static int cx231xx_init_audio_bulk(struct cx231xx *dev) + } + + static int snd_pcm_alloc_vmalloc_buffer(struct snd_pcm_substream *subs, ++ size_t size) __size_overflow(2); ++static int snd_pcm_alloc_vmalloc_buffer(struct snd_pcm_substream *subs, + size_t size) + { + struct snd_pcm_runtime *runtime = subs->runtime; diff --git a/drivers/media/video/cx88/cx88-alsa.c b/drivers/media/video/cx88/cx88-alsa.c -index 68d1240..46b32eb 100644 +index 04bf662..e0ac026 100644 --- a/drivers/media/video/cx88/cx88-alsa.c +++ b/drivers/media/video/cx88/cx88-alsa.c @@ -766,7 +766,7 @@ static struct snd_kcontrol_new snd_cx88_alc_switch = { @@ -33810,8 +34513,33 @@ index 68d1240..46b32eb 100644 {0x14f1,0x8801,PCI_ANY_ID,PCI_ANY_ID,0,0,0}, {0x14f1,0x8811,PCI_ANY_ID,PCI_ANY_ID,0,0,0}, {0, } +diff --git a/drivers/media/video/em28xx/em28xx-audio.c b/drivers/media/video/em28xx/em28xx-audio.c +index e2a7b77..753d0ee 100644 +--- a/drivers/media/video/em28xx/em28xx-audio.c ++++ b/drivers/media/video/em28xx/em28xx-audio.c +@@ -225,6 +225,8 @@ static int em28xx_init_audio_isoc(struct em28xx *dev) + } + + static int snd_pcm_alloc_vmalloc_buffer(struct snd_pcm_substream *subs, ++ size_t size) __size_overflow(2); ++static int snd_pcm_alloc_vmalloc_buffer(struct snd_pcm_substream *subs, + size_t size) + { + struct snd_pcm_runtime *runtime = subs->runtime; +diff --git a/drivers/media/video/meye.c b/drivers/media/video/meye.c +index b09a3c8..6dcba0a 100644 +--- a/drivers/media/video/meye.c ++++ b/drivers/media/video/meye.c +@@ -72,6 +72,7 @@ static struct meye meye; + /****************************************************************************/ + /* Memory allocation routines (stolen from bttv-driver.c) */ + /****************************************************************************/ ++static void *rvmalloc(unsigned long size) __size_overflow(1); + static void *rvmalloc(unsigned long size) + { + void *mem; diff --git a/drivers/media/video/omap/omap_vout.c b/drivers/media/video/omap/omap_vout.c -index ee0d0b3..63f6b78 100644 +index 1fb7d5b..3901e77 100644 --- a/drivers/media/video/omap/omap_vout.c +++ b/drivers/media/video/omap/omap_vout.c @@ -64,7 +64,6 @@ enum omap_vout_channels { @@ -33822,7 +34550,7 @@ index ee0d0b3..63f6b78 100644 /* Variables configurable through module params*/ static u32 video1_numbuffers = 3; static u32 video2_numbuffers = 3; -@@ -999,6 +998,12 @@ static int omap_vout_open(struct file *file) +@@ -1000,6 +999,12 @@ static int omap_vout_open(struct file *file) { struct videobuf_queue *q; struct omap_vout_device *vout = NULL; @@ -33835,7 +34563,7 @@ index ee0d0b3..63f6b78 100644 vout = video_drvdata(file); v4l2_dbg(1, debug, &vout->vid_dev->v4l2_dev, "Entering %s\n", __func__); -@@ -1016,10 +1021,6 @@ static int omap_vout_open(struct file *file) +@@ -1017,10 +1022,6 @@ static int omap_vout_open(struct file *file) vout->type = V4L2_BUF_TYPE_VIDEO_OUTPUT; q = &vout->vbq; @@ -33886,7 +34614,7 @@ index e2e0341..b80056c 100644 { struct saa7164_vbi_fh *fh = file->private_data; diff --git a/drivers/media/video/timblogiw.c b/drivers/media/video/timblogiw.c -index a0895bf..b7ebb1b 100644 +index 4ed1c7c2..8f15e13 100644 --- a/drivers/media/video/timblogiw.c +++ b/drivers/media/video/timblogiw.c @@ -745,7 +745,7 @@ static int timblogiw_mmap(struct file *file, struct vm_area_struct *vma) @@ -33907,11 +34635,47 @@ index a0895bf..b7ebb1b 100644 .owner = THIS_MODULE, .open = timblogiw_open, .release = timblogiw_close, +diff --git a/drivers/media/video/videobuf-dma-contig.c b/drivers/media/video/videobuf-dma-contig.c +index c969111..a7910f4 100644 +--- a/drivers/media/video/videobuf-dma-contig.c ++++ b/drivers/media/video/videobuf-dma-contig.c +@@ -184,6 +184,7 @@ static int videobuf_dma_contig_user_get(struct videobuf_dma_contig_memory *mem, + return ret; + } + ++static struct videobuf_buffer *__videobuf_alloc_vb(size_t size) __size_overflow(1); + static struct videobuf_buffer *__videobuf_alloc_vb(size_t size) + { + struct videobuf_dma_contig_memory *mem; +diff --git a/drivers/media/video/videobuf-dma-sg.c b/drivers/media/video/videobuf-dma-sg.c +index f300dea..5fc9c4a 100644 +--- a/drivers/media/video/videobuf-dma-sg.c ++++ b/drivers/media/video/videobuf-dma-sg.c +@@ -419,6 +419,7 @@ static const struct vm_operations_struct videobuf_vm_ops = { + struct videobuf_dma_sg_memory + */ + ++static struct videobuf_buffer *__videobuf_alloc_vb(size_t size) __size_overflow(1); + static struct videobuf_buffer *__videobuf_alloc_vb(size_t size) + { + struct videobuf_dma_sg_memory *mem; +diff --git a/drivers/media/video/videobuf-vmalloc.c b/drivers/media/video/videobuf-vmalloc.c +index df14258..12cc7a3 100644 +--- a/drivers/media/video/videobuf-vmalloc.c ++++ b/drivers/media/video/videobuf-vmalloc.c +@@ -135,6 +135,7 @@ static const struct vm_operations_struct videobuf_vm_ops = { + struct videobuf_dma_sg_memory + */ + ++static struct videobuf_buffer *__videobuf_alloc_vb(size_t size) __size_overflow(1); + static struct videobuf_buffer *__videobuf_alloc_vb(size_t size) + { + struct videobuf_vmalloc_memory *mem; diff --git a/drivers/message/fusion/mptbase.c b/drivers/message/fusion/mptbase.c -index e9c6a60..daf6a33 100644 +index a7dc467..a55c423 100644 --- a/drivers/message/fusion/mptbase.c +++ b/drivers/message/fusion/mptbase.c -@@ -6753,8 +6753,13 @@ static int mpt_iocinfo_proc_show(struct seq_file *m, void *v) +@@ -6754,8 +6754,13 @@ static int mpt_iocinfo_proc_show(struct seq_file *m, void *v) seq_printf(m, " MaxChainDepth = 0x%02x frames\n", ioc->facts.MaxChainDepth); seq_printf(m, " MinBlockSize = 0x%02x bytes\n", 4*ioc->facts.BlockSize); @@ -33926,7 +34690,7 @@ index e9c6a60..daf6a33 100644 * Rounding UP to nearest 4-kB boundary here... */ diff --git a/drivers/message/fusion/mptsas.c b/drivers/message/fusion/mptsas.c -index 9d95042..b808101 100644 +index 551262e..7551198 100644 --- a/drivers/message/fusion/mptsas.c +++ b/drivers/message/fusion/mptsas.c @@ -446,6 +446,23 @@ mptsas_is_end_device(struct mptsas_devinfo * attached) @@ -34007,7 +34771,7 @@ index 0c3ced7..1fe34ec 100644 return h->info_kbuf; } diff --git a/drivers/message/i2o/i2o_proc.c b/drivers/message/i2o/i2o_proc.c -index 07dbeaf..5533142 100644 +index 6d115c7..58ff7fd 100644 --- a/drivers/message/i2o/i2o_proc.c +++ b/drivers/message/i2o/i2o_proc.c @@ -255,13 +255,6 @@ static char *scsi_devices[] = { @@ -34137,7 +34901,7 @@ index 7ce65f4..e66e9bc 100644 }; diff --git a/drivers/mfd/janz-cmodio.c b/drivers/mfd/janz-cmodio.c -index 5c2a06a..8fa077c 100644 +index a9223ed..4127b13 100644 --- a/drivers/mfd/janz-cmodio.c +++ b/drivers/mfd/janz-cmodio.c @@ -13,6 +13,7 @@ @@ -34149,10 +34913,10 @@ index 5c2a06a..8fa077c 100644 #include #include diff --git a/drivers/misc/lis3lv02d/lis3lv02d.c b/drivers/misc/lis3lv02d/lis3lv02d.c -index 29d12a7..f900ba4 100644 +index a981e2a..5ca0c8b 100644 --- a/drivers/misc/lis3lv02d/lis3lv02d.c +++ b/drivers/misc/lis3lv02d/lis3lv02d.c -@@ -464,7 +464,7 @@ static irqreturn_t lis302dl_interrupt(int irq, void *data) +@@ -466,7 +466,7 @@ static irqreturn_t lis302dl_interrupt(int irq, void *data) * the lid is closed. This leads to interrupts as soon as a little move * is done. */ @@ -34161,7 +34925,7 @@ index 29d12a7..f900ba4 100644 wake_up_interruptible(&lis3->misc_wait); kill_fasync(&lis3->async_queue, SIGIO, POLL_IN); -@@ -550,7 +550,7 @@ static int lis3lv02d_misc_open(struct inode *inode, struct file *file) +@@ -552,7 +552,7 @@ static int lis3lv02d_misc_open(struct inode *inode, struct file *file) if (lis3->pm_dev) pm_runtime_get_sync(lis3->pm_dev); @@ -34170,7 +34934,7 @@ index 29d12a7..f900ba4 100644 return 0; } -@@ -583,7 +583,7 @@ static ssize_t lis3lv02d_misc_read(struct file *file, char __user *buf, +@@ -585,7 +585,7 @@ static ssize_t lis3lv02d_misc_read(struct file *file, char __user *buf, add_wait_queue(&lis3->misc_wait, &wait); while (true) { set_current_state(TASK_INTERRUPTIBLE); @@ -34179,7 +34943,7 @@ index 29d12a7..f900ba4 100644 if (data) break; -@@ -624,7 +624,7 @@ static unsigned int lis3lv02d_misc_poll(struct file *file, poll_table *wait) +@@ -626,7 +626,7 @@ static unsigned int lis3lv02d_misc_poll(struct file *file, poll_table *wait) struct lis3lv02d, miscdev); poll_wait(file, &lis3->misc_wait, wait); @@ -34217,7 +34981,7 @@ index 2f30bad..c4c13d0 100644 mcs_op_statistics[op].max = nsec; } diff --git a/drivers/misc/sgi-gru/gruprocfs.c b/drivers/misc/sgi-gru/gruprocfs.c -index 7768b87..f8aac38 100644 +index 950dbe9..eeef0f8 100644 --- a/drivers/misc/sgi-gru/gruprocfs.c +++ b/drivers/misc/sgi-gru/gruprocfs.c @@ -32,9 +32,9 @@ @@ -34472,10 +35236,10 @@ index 8d082b4..aa749ae 100644 /* * Timer function to enforce the timelimit on the partition disengage. diff --git a/drivers/mmc/host/sdhci-pci.c b/drivers/mmc/host/sdhci-pci.c -index 6878a94..fe5c5f1 100644 +index 6ebdc40..9edf5d8 100644 --- a/drivers/mmc/host/sdhci-pci.c +++ b/drivers/mmc/host/sdhci-pci.c -@@ -673,7 +673,7 @@ static const struct sdhci_pci_fixes sdhci_via = { +@@ -631,7 +631,7 @@ static const struct sdhci_pci_fixes sdhci_via = { .probe = via_probe, }; @@ -34485,10 +35249,10 @@ index 6878a94..fe5c5f1 100644 .vendor = PCI_VENDOR_ID_RICOH, .device = PCI_DEVICE_ID_RICOH_R5C822, diff --git a/drivers/mtd/devices/doc2000.c b/drivers/mtd/devices/doc2000.c -index e9fad91..0a7a16a 100644 +index 87a431c..4959b43 100644 --- a/drivers/mtd/devices/doc2000.c +++ b/drivers/mtd/devices/doc2000.c -@@ -773,7 +773,7 @@ static int doc_write(struct mtd_info *mtd, loff_t to, size_t len, +@@ -764,7 +764,7 @@ static int doc_write(struct mtd_info *mtd, loff_t to, size_t len, /* The ECC will not be calculated correctly if less than 512 is written */ /* DBB- @@ -34498,10 +35262,10 @@ index e9fad91..0a7a16a 100644 "ECC needs a full sector write (adr: %lx size %lx)\n", (long) to, (long) len); diff --git a/drivers/mtd/devices/doc2001.c b/drivers/mtd/devices/doc2001.c -index a3f7a27..234016e 100644 +index 9eacf67..4534b5b 100644 --- a/drivers/mtd/devices/doc2001.c +++ b/drivers/mtd/devices/doc2001.c -@@ -392,7 +392,7 @@ static int doc_read (struct mtd_info *mtd, loff_t from, size_t len, +@@ -384,7 +384,7 @@ static int doc_read (struct mtd_info *mtd, loff_t from, size_t len, struct Nand *mychip = &this->chips[from >> (this->chipshift)]; /* Don't allow read past end of device */ @@ -34523,7 +35287,7 @@ index 3984d48..28aa897 100644 #include "denali.h" diff --git a/drivers/mtd/nftlmount.c b/drivers/mtd/nftlmount.c -index ac40925..483b753 100644 +index 51b9d6a..52af9a7 100644 --- a/drivers/mtd/nftlmount.c +++ b/drivers/mtd/nftlmount.c @@ -24,6 +24,7 @@ @@ -34534,51 +35298,8 @@ index ac40925..483b753 100644 #include #include #include -diff --git a/drivers/mtd/ubi/build.c b/drivers/mtd/ubi/build.c -index 6c3fb5a..5b2eeb0 100644 ---- a/drivers/mtd/ubi/build.c -+++ b/drivers/mtd/ubi/build.c -@@ -1311,7 +1311,7 @@ module_exit(ubi_exit); - static int __init bytes_str_to_int(const char *str) - { - char *endp; -- unsigned long result; -+ unsigned long result, scale = 1; - - result = simple_strtoul(str, &endp, 0); - if (str == endp || result >= INT_MAX) { -@@ -1322,11 +1322,11 @@ static int __init bytes_str_to_int(const char *str) - - switch (*endp) { - case 'G': -- result *= 1024; -+ scale *= 1024; - case 'M': -- result *= 1024; -+ scale *= 1024; - case 'K': -- result *= 1024; -+ scale *= 1024; - if (endp[1] == 'i' && endp[2] == 'B') - endp += 2; - case '\0': -@@ -1337,7 +1337,13 @@ static int __init bytes_str_to_int(const char *str) - return -EINVAL; - } - -- return result; -+ if (result*scale >= INT_MAX) { -+ printk(KERN_ERR "UBI error: incorrect bytes count: \"%s\"\n", -+ str); -+ return -EINVAL; -+ } -+ -+ return result*scale; - } - - /** diff --git a/drivers/mtd/ubi/debug.c b/drivers/mtd/ubi/debug.c -index ab80c0d..aec8580 100644 +index e2cdebf..d48183a 100644 --- a/drivers/mtd/ubi/debug.c +++ b/drivers/mtd/ubi/debug.c @@ -338,6 +338,8 @@ out: @@ -34591,10 +35312,10 @@ index ab80c0d..aec8580 100644 { unsigned long ubi_num = (unsigned long)file->private_data; diff --git a/drivers/net/ethernet/atheros/atlx/atl2.c b/drivers/net/ethernet/atheros/atlx/atl2.c -index 1feae59..c2a61d2 100644 +index 071f4c8..440862e 100644 --- a/drivers/net/ethernet/atheros/atlx/atl2.c +++ b/drivers/net/ethernet/atheros/atlx/atl2.c -@@ -2857,7 +2857,7 @@ static void atl2_force_ps(struct atl2_hw *hw) +@@ -2862,7 +2862,7 @@ static void atl2_force_ps(struct atl2_hw *hw) */ #define ATL2_PARAM(X, desc) \ @@ -34604,10 +35325,10 @@ index 1feae59..c2a61d2 100644 MODULE_PARM_DESC(X, desc); #else diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h -index 9a517c2..a50cfcb 100644 +index 66da39f..5dc436d 100644 --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h +++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h -@@ -449,7 +449,7 @@ struct bnx2x_rx_mode_obj { +@@ -473,7 +473,7 @@ struct bnx2x_rx_mode_obj { int (*wait_comp)(struct bnx2x *bp, struct bnx2x_rx_mode_ramrod_params *p); @@ -34617,10 +35338,10 @@ index 9a517c2..a50cfcb 100644 /********************** Set multicast group ***********************************/ diff --git a/drivers/net/ethernet/broadcom/tg3.h b/drivers/net/ethernet/broadcom/tg3.h -index 94b4bd0..73c02de 100644 +index aea8f72..fcebf75 100644 --- a/drivers/net/ethernet/broadcom/tg3.h +++ b/drivers/net/ethernet/broadcom/tg3.h -@@ -134,6 +134,7 @@ +@@ -140,6 +140,7 @@ #define CHIPREV_ID_5750_A0 0x4000 #define CHIPREV_ID_5750_A1 0x4001 #define CHIPREV_ID_5750_A3 0x4003 @@ -34628,8 +35349,21 @@ index 94b4bd0..73c02de 100644 #define CHIPREV_ID_5750_C2 0x4202 #define CHIPREV_ID_5752_A0_HW 0x5000 #define CHIPREV_ID_5752_A0 0x6000 +diff --git a/drivers/net/ethernet/chelsio/cxgb/sge.c b/drivers/net/ethernet/chelsio/cxgb/sge.c +index 47a8435..248e4b3 100644 +--- a/drivers/net/ethernet/chelsio/cxgb/sge.c ++++ b/drivers/net/ethernet/chelsio/cxgb/sge.c +@@ -1052,6 +1052,8 @@ MODULE_PARM_DESC(copybreak, "Receive copy threshold"); + * be copied but there is no memory for the copy. + */ + static inline struct sk_buff *get_packet(struct pci_dev *pdev, ++ struct freelQ *fl, unsigned int len) __size_overflow(3); ++static inline struct sk_buff *get_packet(struct pci_dev *pdev, + struct freelQ *fl, unsigned int len) + { + struct sk_buff *skb; diff --git a/drivers/net/ethernet/chelsio/cxgb3/l2t.h b/drivers/net/ethernet/chelsio/cxgb3/l2t.h -index c5f5479..2e8c260 100644 +index c4e8643..0979484 100644 --- a/drivers/net/ethernet/chelsio/cxgb3/l2t.h +++ b/drivers/net/ethernet/chelsio/cxgb3/l2t.h @@ -87,7 +87,7 @@ typedef void (*arp_failure_handler_func)(struct t3cdev * dev, @@ -34642,7 +35376,7 @@ index c5f5479..2e8c260 100644 #define L2T_SKB_CB(skb) ((struct l2t_skb_cb *)(skb)->cb) diff --git a/drivers/net/ethernet/chelsio/cxgb3/sge.c b/drivers/net/ethernet/chelsio/cxgb3/sge.c -index cfb60e1..9c76da7 100644 +index cfb60e1..94af340 100644 --- a/drivers/net/ethernet/chelsio/cxgb3/sge.c +++ b/drivers/net/ethernet/chelsio/cxgb3/sge.c @@ -611,6 +611,8 @@ static void recycle_rx_buf(struct adapter *adap, struct sge_fl *q, @@ -34654,8 +35388,17 @@ index cfb60e1..9c76da7 100644 size_t sw_size, dma_addr_t * phys, void *metadata) { size_t len = nelem * elem_size; +@@ -777,6 +779,8 @@ static inline unsigned int flits_to_desc(unsigned int n) + * be copied but there is no memory for the copy. + */ + static struct sk_buff *get_packet(struct adapter *adap, struct sge_fl *fl, ++ unsigned int len, unsigned int drop_thres) __size_overflow(3); ++static struct sk_buff *get_packet(struct adapter *adap, struct sge_fl *fl, + unsigned int len, unsigned int drop_thres) + { + struct sk_buff *skb = NULL; diff --git a/drivers/net/ethernet/chelsio/cxgb4/sge.c b/drivers/net/ethernet/chelsio/cxgb4/sge.c -index 140254c..5b8a0a6 100644 +index 2dae795..73037d2 100644 --- a/drivers/net/ethernet/chelsio/cxgb4/sge.c +++ b/drivers/net/ethernet/chelsio/cxgb4/sge.c @@ -593,6 +593,9 @@ static inline void __refill_fl(struct adapter *adap, struct sge_fl *fl) @@ -34669,10 +35412,10 @@ index 140254c..5b8a0a6 100644 { size_t len = nelem * elem_size + stat_size; diff --git a/drivers/net/ethernet/chelsio/cxgb4vf/sge.c b/drivers/net/ethernet/chelsio/cxgb4vf/sge.c -index 8d5d55a..a3c3474 100644 +index 0bd585b..d954ca5 100644 --- a/drivers/net/ethernet/chelsio/cxgb4vf/sge.c +++ b/drivers/net/ethernet/chelsio/cxgb4vf/sge.c -@@ -730,6 +730,9 @@ static inline void __refill_fl(struct adapter *adapter, struct sge_fl *fl) +@@ -729,6 +729,9 @@ static inline void __refill_fl(struct adapter *adapter, struct sge_fl *fl) */ static void *alloc_ring(struct device *dev, size_t nelem, size_t hwsize, size_t swsize, dma_addr_t *busaddrp, void *swringp, @@ -34683,10 +35426,10 @@ index 8d5d55a..a3c3474 100644 { /* diff --git a/drivers/net/ethernet/dec/tulip/de4x5.c b/drivers/net/ethernet/dec/tulip/de4x5.c -index 871bcaa..4043505 100644 +index 4d71f5a..8004440 100644 --- a/drivers/net/ethernet/dec/tulip/de4x5.c +++ b/drivers/net/ethernet/dec/tulip/de4x5.c -@@ -5397,7 +5397,7 @@ de4x5_ioctl(struct net_device *dev, struct ifreq *rq, int cmd) +@@ -5392,7 +5392,7 @@ de4x5_ioctl(struct net_device *dev, struct ifreq *rq, int cmd) for (i=0; idev_addr[i]; } @@ -34695,7 +35438,7 @@ index 871bcaa..4043505 100644 break; case DE4X5_SET_HWADDR: /* Set the hardware address */ -@@ -5437,7 +5437,7 @@ de4x5_ioctl(struct net_device *dev, struct ifreq *rq, int cmd) +@@ -5432,7 +5432,7 @@ de4x5_ioctl(struct net_device *dev, struct ifreq *rq, int cmd) spin_lock_irqsave(&lp->lock, flags); memcpy(&statbuf, &lp->pktStats, ioc->len); spin_unlock_irqrestore(&lp->lock, flags); @@ -34718,7 +35461,7 @@ index 14d5b61..1398636 100644 "21140 MII PHY", "21142 Serial PHY", diff --git a/drivers/net/ethernet/dec/tulip/winbond-840.c b/drivers/net/ethernet/dec/tulip/winbond-840.c -index 4d01219..b58d26d 100644 +index 52da7b2..4ddfe1c 100644 --- a/drivers/net/ethernet/dec/tulip/winbond-840.c +++ b/drivers/net/ethernet/dec/tulip/winbond-840.c @@ -236,7 +236,7 @@ struct pci_id_info { @@ -34730,8 +35473,95 @@ index 4d01219..b58d26d 100644 { /* Sometime a Level-One switch card. */ "Winbond W89c840", CanHaveMII | HasBrokenTx | FDXOnNoMII}, { "Winbond W89c840", CanHaveMII | HasBrokenTx}, +diff --git a/drivers/net/ethernet/dlink/dl2k.c b/drivers/net/ethernet/dlink/dl2k.c +index b2dc2c8..2e09edb 100644 +--- a/drivers/net/ethernet/dlink/dl2k.c ++++ b/drivers/net/ethernet/dlink/dl2k.c +@@ -1259,55 +1259,21 @@ rio_ioctl (struct net_device *dev, struct ifreq *rq, int cmd) + { + int phy_addr; + struct netdev_private *np = netdev_priv(dev); +- struct mii_data *miidata = (struct mii_data *) &rq->ifr_ifru; +- +- struct netdev_desc *desc; +- int i; ++ struct mii_ioctl_data *miidata = if_mii(rq); + + phy_addr = np->phy_addr; + switch (cmd) { +- case SIOCDEVPRIVATE: ++ case SIOCGMIIPHY: ++ miidata->phy_id = phy_addr; + break; +- +- case SIOCDEVPRIVATE + 1: +- miidata->out_value = mii_read (dev, phy_addr, miidata->reg_num); ++ case SIOCGMIIREG: ++ miidata->val_out = mii_read (dev, phy_addr, miidata->reg_num); + break; +- case SIOCDEVPRIVATE + 2: +- mii_write (dev, phy_addr, miidata->reg_num, miidata->in_value); ++ case SIOCSMIIREG: ++ if (!capable(CAP_NET_ADMIN)) ++ return -EPERM; ++ mii_write (dev, phy_addr, miidata->reg_num, miidata->val_in); + break; +- case SIOCDEVPRIVATE + 3: +- break; +- case SIOCDEVPRIVATE + 4: +- break; +- case SIOCDEVPRIVATE + 5: +- netif_stop_queue (dev); +- break; +- case SIOCDEVPRIVATE + 6: +- netif_wake_queue (dev); +- break; +- case SIOCDEVPRIVATE + 7: +- printk +- ("tx_full=%x cur_tx=%lx old_tx=%lx cur_rx=%lx old_rx=%lx\n", +- netif_queue_stopped(dev), np->cur_tx, np->old_tx, np->cur_rx, +- np->old_rx); +- break; +- case SIOCDEVPRIVATE + 8: +- printk("TX ring:\n"); +- for (i = 0; i < TX_RING_SIZE; i++) { +- desc = &np->tx_ring[i]; +- printk +- ("%02x:cur:%08x next:%08x status:%08x frag1:%08x frag0:%08x", +- i, +- (u32) (np->tx_ring_dma + i * sizeof (*desc)), +- (u32)le64_to_cpu(desc->next_desc), +- (u32)le64_to_cpu(desc->status), +- (u32)(le64_to_cpu(desc->fraginfo) >> 32), +- (u32)le64_to_cpu(desc->fraginfo)); +- printk ("\n"); +- } +- printk ("\n"); +- break; +- + default: + return -EOPNOTSUPP; + } +diff --git a/drivers/net/ethernet/dlink/dl2k.h b/drivers/net/ethernet/dlink/dl2k.h +index ba0adca..30c2da3 100644 +--- a/drivers/net/ethernet/dlink/dl2k.h ++++ b/drivers/net/ethernet/dlink/dl2k.h +@@ -365,13 +365,6 @@ struct ioctl_data { + char *data; + }; + +-struct mii_data { +- __u16 reserved; +- __u16 reg_num; +- __u16 in_value; +- __u16 out_value; +-}; +- + /* The Rx and Tx buffer descriptors. */ + struct netdev_desc { + __le64 next_desc; diff --git a/drivers/net/ethernet/dlink/sundance.c b/drivers/net/ethernet/dlink/sundance.c -index dcd7f7a..ecb7fb3 100644 +index 28a3a9b..d96cb63 100644 --- a/drivers/net/ethernet/dlink/sundance.c +++ b/drivers/net/ethernet/dlink/sundance.c @@ -218,7 +218,7 @@ enum { @@ -34744,10 +35574,10 @@ index dcd7f7a..ecb7fb3 100644 {"D-Link DFE-550FX 100Mbps Fiber-optics Adapter"}, {"D-Link DFE-580TX 4 port Server Adapter"}, diff --git a/drivers/net/ethernet/emulex/benet/be_main.c b/drivers/net/ethernet/emulex/benet/be_main.c -index bf266a0..e024af7 100644 +index e703d64..d62ecf9 100644 --- a/drivers/net/ethernet/emulex/benet/be_main.c +++ b/drivers/net/ethernet/emulex/benet/be_main.c -@@ -397,7 +397,7 @@ static void accumulate_16bit_val(u32 *acc, u16 val) +@@ -402,7 +402,7 @@ static void accumulate_16bit_val(u32 *acc, u16 val) if (wrapped) newacc += 65536; @@ -34757,10 +35587,10 @@ index bf266a0..e024af7 100644 void be_parse_stats(struct be_adapter *adapter) diff --git a/drivers/net/ethernet/faraday/ftgmac100.c b/drivers/net/ethernet/faraday/ftgmac100.c -index fb5579a..debdffa 100644 +index 47f85c3..82ab6c4 100644 --- a/drivers/net/ethernet/faraday/ftgmac100.c +++ b/drivers/net/ethernet/faraday/ftgmac100.c -@@ -30,6 +30,8 @@ +@@ -31,6 +31,8 @@ #include #include #include @@ -34770,10 +35600,10 @@ index fb5579a..debdffa 100644 #include "ftgmac100.h" diff --git a/drivers/net/ethernet/faraday/ftmac100.c b/drivers/net/ethernet/faraday/ftmac100.c -index a127cb2..0d043cd 100644 +index bb336a0..4b472da 100644 --- a/drivers/net/ethernet/faraday/ftmac100.c +++ b/drivers/net/ethernet/faraday/ftmac100.c -@@ -30,6 +30,8 @@ +@@ -31,6 +31,8 @@ #include #include #include @@ -34783,7 +35613,7 @@ index a127cb2..0d043cd 100644 #include "ftmac100.h" diff --git a/drivers/net/ethernet/fealnx.c b/drivers/net/ethernet/fealnx.c -index 61d2bdd..7f1154a 100644 +index c82d444..0007fb4 100644 --- a/drivers/net/ethernet/fealnx.c +++ b/drivers/net/ethernet/fealnx.c @@ -150,7 +150,7 @@ struct chip_info { @@ -34872,7 +35702,7 @@ index 2967039..ca8c40c 100644 enum e1000_nvm_type type; enum e1000_nvm_override override; diff --git a/drivers/net/ethernet/intel/igb/e1000_hw.h b/drivers/net/ethernet/intel/igb/e1000_hw.h -index 4519a13..f97fcd0 100644 +index f67cbd3..cef9e3d 100644 --- a/drivers/net/ethernet/intel/igb/e1000_hw.h +++ b/drivers/net/ethernet/intel/igb/e1000_hw.h @@ -314,6 +314,7 @@ struct e1000_mac_operations { @@ -34944,7 +35774,7 @@ index 4519a13..f97fcd0 100644 u32 timeout; u32 usec_delay; diff --git a/drivers/net/ethernet/intel/igbvf/vf.h b/drivers/net/ethernet/intel/igbvf/vf.h -index d7ed58f..64cde36 100644 +index 57db3c6..aa825fc 100644 --- a/drivers/net/ethernet/intel/igbvf/vf.h +++ b/drivers/net/ethernet/intel/igbvf/vf.h @@ -189,9 +189,10 @@ struct e1000_mac_operations { @@ -34977,7 +35807,7 @@ index d7ed58f..64cde36 100644 u32 timeout; u32 usec_delay; diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_type.h b/drivers/net/ethernet/intel/ixgbe/ixgbe_type.h -index 6c5cca8..de8ef63 100644 +index 9b95bef..7e254ee 100644 --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_type.h +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_type.h @@ -2708,6 +2708,7 @@ struct ixgbe_eeprom_operations { @@ -35015,8 +35845,8 @@ index 6c5cca8..de8ef63 100644 - struct ixgbe_mac_operations ops; + ixgbe_mac_operations_no_const ops; enum ixgbe_mac_type type; - u8 addr[IXGBE_ETH_LENGTH_OF_ADDRESS]; - u8 perm_addr[IXGBE_ETH_LENGTH_OF_ADDRESS]; + u8 addr[ETH_ALEN]; + u8 perm_addr[ETH_ALEN]; @@ -2828,7 +2831,7 @@ struct ixgbe_mac_info { }; @@ -35044,7 +35874,7 @@ index 6c5cca8..de8ef63 100644 u32 timeout; u32 usec_delay; diff --git a/drivers/net/ethernet/intel/ixgbevf/vf.h b/drivers/net/ethernet/intel/ixgbevf/vf.h -index 10306b4..28df758 100644 +index 25c951d..cc7cf33 100644 --- a/drivers/net/ethernet/intel/ixgbevf/vf.h +++ b/drivers/net/ethernet/intel/ixgbevf/vf.h @@ -70,6 +70,7 @@ struct ixgbe_mac_operations { @@ -35082,13 +35912,13 @@ index 10306b4..28df758 100644 u32 timeout; u32 udelay; diff --git a/drivers/net/ethernet/mellanox/mlx4/main.c b/drivers/net/ethernet/mellanox/mlx4/main.c -index 94bbc85..78c12e6 100644 +index 8bf22b6..7f5baaa 100644 --- a/drivers/net/ethernet/mellanox/mlx4/main.c +++ b/drivers/net/ethernet/mellanox/mlx4/main.c -@@ -40,6 +40,7 @@ - #include +@@ -41,6 +41,7 @@ #include #include + #include +#include #include @@ -35120,10 +35950,10 @@ index 4a518a3..936b334 100644 #define VXGE_HW_VIRTUAL_PATH_HANDLE(vpath) \ ((struct __vxge_hw_vpath_handle *)(vpath)->vpath_handles.next) diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c -index 0cf2351..56c4cef 100644 +index bbacb37..d60887d 100644 --- a/drivers/net/ethernet/realtek/r8169.c +++ b/drivers/net/ethernet/realtek/r8169.c -@@ -698,17 +698,17 @@ struct rtl8169_private { +@@ -695,17 +695,17 @@ struct rtl8169_private { struct mdio_ops { void (*write)(void __iomem *, int, int); int (*read)(void __iomem *, int); @@ -35145,10 +35975,10 @@ index 0cf2351..56c4cef 100644 int (*set_speed)(struct net_device *, u8 aneg, u16 sp, u8 dpx, u32 adv); int (*get_settings)(struct net_device *, struct ethtool_cmd *); diff --git a/drivers/net/ethernet/sis/sis190.c b/drivers/net/ethernet/sis/sis190.c -index 1b4658c..a30dabb 100644 +index 5b118cd..858b523 100644 --- a/drivers/net/ethernet/sis/sis190.c +++ b/drivers/net/ethernet/sis/sis190.c -@@ -1624,7 +1624,7 @@ static int __devinit sis190_get_mac_addr_from_eeprom(struct pci_dev *pdev, +@@ -1622,7 +1622,7 @@ static int __devinit sis190_get_mac_addr_from_eeprom(struct pci_dev *pdev, static int __devinit sis190_get_mac_addr_from_apc(struct pci_dev *pdev, struct net_device *dev) { @@ -35158,10 +35988,10 @@ index 1b4658c..a30dabb 100644 struct pci_dev *isa_bridge; u8 reg, tmp8; diff --git a/drivers/net/ethernet/stmicro/stmmac/mmc_core.c b/drivers/net/ethernet/stmicro/stmmac/mmc_core.c -index 41e6b33..8e89b0f 100644 +index c07cfe9..81cbf7e 100644 --- a/drivers/net/ethernet/stmicro/stmmac/mmc_core.c +++ b/drivers/net/ethernet/stmicro/stmmac/mmc_core.c -@@ -139,8 +139,8 @@ void dwmac_mmc_ctrl(void __iomem *ioaddr, unsigned int mode) +@@ -140,8 +140,8 @@ void dwmac_mmc_ctrl(void __iomem *ioaddr, unsigned int mode) writel(value, ioaddr + MMC_CNTRL); @@ -35172,11 +36002,59 @@ index 41e6b33..8e89b0f 100644 } /* To mask all all interrupts.*/ +diff --git a/drivers/net/hyperv/hyperv_net.h b/drivers/net/hyperv/hyperv_net.h +index dec5836..6d4db7d 100644 +--- a/drivers/net/hyperv/hyperv_net.h ++++ b/drivers/net/hyperv/hyperv_net.h +@@ -97,7 +97,7 @@ struct rndis_device { + + enum rndis_device_state state; + bool link_state; +- atomic_t new_req_id; ++ atomic_unchecked_t new_req_id; + + spinlock_t request_lock; + struct list_head req_list; +diff --git a/drivers/net/hyperv/rndis_filter.c b/drivers/net/hyperv/rndis_filter.c +index 133b7fb..d58c559 100644 +--- a/drivers/net/hyperv/rndis_filter.c ++++ b/drivers/net/hyperv/rndis_filter.c +@@ -96,7 +96,7 @@ static struct rndis_request *get_rndis_request(struct rndis_device *dev, + * template + */ + set = &rndis_msg->msg.set_req; +- set->req_id = atomic_inc_return(&dev->new_req_id); ++ set->req_id = atomic_inc_return_unchecked(&dev->new_req_id); + + /* Add to the request list */ + spin_lock_irqsave(&dev->request_lock, flags); +@@ -627,7 +627,7 @@ static void rndis_filter_halt_device(struct rndis_device *dev) + + /* Setup the rndis set */ + halt = &request->request_msg.msg.halt_req; +- halt->req_id = atomic_inc_return(&dev->new_req_id); ++ halt->req_id = atomic_inc_return_unchecked(&dev->new_req_id); + + /* Ignore return since this msg is optional. */ + rndis_filter_send_request(dev, request); +diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c +index 58dc117..f140c77 100644 +--- a/drivers/net/macvtap.c ++++ b/drivers/net/macvtap.c +@@ -526,6 +526,8 @@ static int zerocopy_sg_from_iovec(struct sk_buff *skb, const struct iovec *from, + } + base = (unsigned long)from->iov_base + offset1; + size = ((base & ~PAGE_MASK) + len + ~PAGE_MASK) >> PAGE_SHIFT; ++ if (i + size >= MAX_SKB_FRAGS) ++ return -EFAULT; + num_pages = get_user_pages_fast(base, size, 0, &page[i]); + if ((num_pages != size) || + (num_pages > MAX_SKB_FRAGS - skb_shinfo(skb)->nr_frags)) diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c -index 486b404..0d6677d 100644 +index 3ed983c..a1bb418 100644 --- a/drivers/net/ppp/ppp_generic.c +++ b/drivers/net/ppp/ppp_generic.c -@@ -987,7 +987,6 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) +@@ -986,7 +986,6 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) void __user *addr = (void __user *) ifr->ifr_ifru.ifru_data; struct ppp_stats stats; struct ppp_comp_stats cstats; @@ -35184,7 +36062,7 @@ index 486b404..0d6677d 100644 switch (cmd) { case SIOCGPPPSTATS: -@@ -1009,8 +1008,7 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) +@@ -1008,8 +1007,7 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) break; case SIOCGPPPVER: @@ -35271,62 +36149,8 @@ index 46db5c5..37c1536 100644 err = platform_driver_register(&sk_isa_driver); if (err) -diff --git a/drivers/net/tun.c b/drivers/net/tun.c -index 7bea9c6..7ef073c 100644 ---- a/drivers/net/tun.c -+++ b/drivers/net/tun.c -@@ -359,7 +359,7 @@ static void tun_free_netdev(struct net_device *dev) - { - struct tun_struct *tun = netdev_priv(dev); - -- sock_put(tun->socket.sk); -+ sk_release_kernel(tun->socket.sk); - } - - /* Net device open. */ -@@ -979,10 +979,18 @@ static int tun_recvmsg(struct kiocb *iocb, struct socket *sock, - return ret; - } - -+static int tun_release(struct socket *sock) -+{ -+ if (sock->sk) -+ sock_put(sock->sk); -+ return 0; -+} -+ - /* Ops structure to mimic raw sockets with tun */ - static const struct proto_ops tun_socket_ops = { - .sendmsg = tun_sendmsg, - .recvmsg = tun_recvmsg, -+ .release = tun_release, - }; - - static struct proto tun_proto = { -@@ -1109,10 +1117,11 @@ static int tun_set_iff(struct net *net, struct file *file, struct ifreq *ifr) - tun->vnet_hdr_sz = sizeof(struct virtio_net_hdr); - - err = -ENOMEM; -- sk = sk_alloc(net, AF_UNSPEC, GFP_KERNEL, &tun_proto); -+ sk = sk_alloc(&init_net, AF_UNSPEC, GFP_KERNEL, &tun_proto); - if (!sk) - goto err_free_dev; - -+ sk_change_net(sk, net); - tun->socket.wq = &tun->wq; - init_waitqueue_head(&tun->wq.wait); - tun->socket.ops = &tun_socket_ops; -@@ -1173,7 +1182,7 @@ static int tun_set_iff(struct net *net, struct file *file, struct ifreq *ifr) - return 0; - - err_free_sk: -- sock_put(sk); -+ tun_free_netdev(dev); - err_free_dev: - free_netdev(dev); - failed: diff --git a/drivers/net/usb/hso.c b/drivers/net/usb/hso.c -index 304fe78..db112fa 100644 +index e1324b4..e1b0041 100644 --- a/drivers/net/usb/hso.c +++ b/drivers/net/usb/hso.c @@ -71,7 +71,7 @@ @@ -35425,22 +36249,8 @@ index 304fe78..db112fa 100644 result = hso_start_serial_device(serial_table[i], GFP_NOIO); hso_kick_transmit(dev2ser(serial_table[i])); -diff --git a/drivers/net/vmxnet3/vmxnet3_ethtool.c b/drivers/net/vmxnet3/vmxnet3_ethtool.c -index e662cbc..8d4a102 100644 ---- a/drivers/net/vmxnet3/vmxnet3_ethtool.c -+++ b/drivers/net/vmxnet3/vmxnet3_ethtool.c -@@ -601,8 +601,7 @@ vmxnet3_set_rss_indir(struct net_device *netdev, - * Return with error code if any of the queue indices - * is out of range - */ -- if (p->ring_index[i] < 0 || -- p->ring_index[i] >= adapter->num_rx_queues) -+ if (p->ring_index[i] >= adapter->num_rx_queues) - return -EINVAL; - } - diff --git a/drivers/net/wireless/ath/ath.h b/drivers/net/wireless/ath/ath.h -index 0f9ee46..e2d6e65 100644 +index efc0111..79c8f5b 100644 --- a/drivers/net/wireless/ath/ath.h +++ b/drivers/net/wireless/ath/ath.h @@ -119,6 +119,7 @@ struct ath_ops { @@ -35466,7 +36276,7 @@ index 8c5ce8b..abf101b 100644 { struct ath5k_hw *ah = file->private_data; diff --git a/drivers/net/wireless/ath/ath9k/ar9002_mac.c b/drivers/net/wireless/ath/ath9k/ar9002_mac.c -index b592016..fe47870 100644 +index 7b6417b..ab5db98 100644 --- a/drivers/net/wireless/ath/ath9k/ar9002_mac.c +++ b/drivers/net/wireless/ath/ath9k/ar9002_mac.c @@ -183,8 +183,8 @@ ar9002_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i) @@ -35549,7 +36359,7 @@ index b592016..fe47870 100644 | set11nRateFlags(i->rates, 2) | set11nRateFlags(i->rates, 3) diff --git a/drivers/net/wireless/ath/ath9k/ar9003_mac.c b/drivers/net/wireless/ath/ath9k/ar9003_mac.c -index f5ae3c6..7936af3 100644 +index 09b8c9d..905339e 100644 --- a/drivers/net/wireless/ath/ath9k/ar9003_mac.c +++ b/drivers/net/wireless/ath/ath9k/ar9003_mac.c @@ -35,47 +35,47 @@ ar9003_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i) @@ -35671,7 +36481,7 @@ index f5ae3c6..7936af3 100644 static u16 ar9003_calc_ptr_chksum(struct ar9003_txc *ads) diff --git a/drivers/net/wireless/ath/ath9k/debug.c b/drivers/net/wireless/ath/ath9k/debug.c -index 2741203..837a960 100644 +index 68d972b..1d9205b 100644 --- a/drivers/net/wireless/ath/ath9k/debug.c +++ b/drivers/net/wireless/ath/ath9k/debug.c @@ -60,6 +60,8 @@ static ssize_t read_file_debug(struct file *file, char __user *user_buf, @@ -35697,10 +36507,10 @@ index d3ff33c..c98bcda 100644 { struct ath9k_htc_priv *priv = file->private_data; diff --git a/drivers/net/wireless/ath/ath9k/hw.h b/drivers/net/wireless/ath/ath9k/hw.h -index 1bd8edf..10c6d30 100644 +index c8261d4..8d88929 100644 --- a/drivers/net/wireless/ath/ath9k/hw.h +++ b/drivers/net/wireless/ath/ath9k/hw.h -@@ -605,7 +605,7 @@ struct ath_hw_private_ops { +@@ -773,7 +773,7 @@ struct ath_hw_private_ops { /* ANI */ void (*ani_cache_ini_regs)(struct ath_hw *ah); @@ -35709,7 +36519,7 @@ index 1bd8edf..10c6d30 100644 /** * struct ath_hw_ops - callbacks used by hardware code and driver code -@@ -635,7 +635,7 @@ struct ath_hw_ops { +@@ -803,7 +803,7 @@ struct ath_hw_ops { void (*antdiv_comb_conf_set)(struct ath_hw *ah, struct ath_hw_antcomb_conf *antconf); @@ -35718,7 +36528,7 @@ index 1bd8edf..10c6d30 100644 struct ath_nf_limits { s16 max; -@@ -655,7 +655,7 @@ enum ath_cal_list { +@@ -823,7 +823,7 @@ enum ath_cal_list { #define AH_FASTCC 0x4 struct ath_hw { @@ -35728,10 +36538,10 @@ index 1bd8edf..10c6d30 100644 struct ieee80211_hw *hw; struct ath_common common; diff --git a/drivers/net/wireless/brcm80211/brcmsmac/phy/phy_int.h b/drivers/net/wireless/brcm80211/brcmsmac/phy/phy_int.h -index bea8524..c677c06 100644 +index af00e2c..ab04d34 100644 --- a/drivers/net/wireless/brcm80211/brcmsmac/phy/phy_int.h +++ b/drivers/net/wireless/brcm80211/brcmsmac/phy/phy_int.h -@@ -547,7 +547,7 @@ struct phy_func_ptr { +@@ -545,7 +545,7 @@ struct phy_func_ptr { void (*carrsuppr)(struct brcms_phy *); s32 (*rxsigpwr)(struct brcms_phy *, s32); void (*detach)(struct brcms_phy *); @@ -35740,26 +36550,26 @@ index bea8524..c677c06 100644 struct brcms_phy { struct brcms_phy_pub pubpi_ro; -diff --git a/drivers/net/wireless/iwlegacy/iwl3945-base.c b/drivers/net/wireless/iwlegacy/iwl3945-base.c -index 05f2ad1..ae00eea 100644 ---- a/drivers/net/wireless/iwlegacy/iwl3945-base.c -+++ b/drivers/net/wireless/iwlegacy/iwl3945-base.c -@@ -3685,7 +3685,9 @@ static int iwl3945_pci_probe(struct pci_dev *pdev, const struct pci_device_id *e +diff --git a/drivers/net/wireless/iwlegacy/3945-mac.c b/drivers/net/wireless/iwlegacy/3945-mac.c +index a2ec369..36fdf14 100644 +--- a/drivers/net/wireless/iwlegacy/3945-mac.c ++++ b/drivers/net/wireless/iwlegacy/3945-mac.c +@@ -3646,7 +3646,9 @@ il3945_pci_probe(struct pci_dev *pdev, const struct pci_device_id *ent) */ - if (iwl3945_mod_params.disable_hw_scan) { - IWL_DEBUG_INFO(priv, "Disabling hw_scan\n"); -- iwl3945_hw_ops.hw_scan = NULL; + if (il3945_mod_params.disable_hw_scan) { + D_INFO("Disabling hw_scan\n"); +- il3945_hw_ops.hw_scan = NULL; + pax_open_kernel(); -+ *(void **)&iwl3945_hw_ops.hw_scan = NULL; ++ *(void **)&il3945_hw_ops.hw_scan = NULL; + pax_close_kernel(); } - IWL_DEBUG_INFO(priv, "*** LOAD DRIVER ***\n"); + D_INFO("*** LOAD DRIVER ***\n"); diff --git a/drivers/net/wireless/iwlwifi/iwl-debug.h b/drivers/net/wireless/iwlwifi/iwl-debug.h -index 69a77e2..552b42c 100644 +index f8fc239..8cade22 100644 --- a/drivers/net/wireless/iwlwifi/iwl-debug.h +++ b/drivers/net/wireless/iwlwifi/iwl-debug.h -@@ -71,8 +71,8 @@ do { \ +@@ -86,8 +86,8 @@ do { \ } while (0) #else @@ -35768,13 +36578,13 @@ index 69a77e2..552b42c 100644 +#define IWL_DEBUG(m, level, fmt, args...) do {} while (0) +#define IWL_DEBUG_LIMIT(m, level, fmt, args...) do {} while (0) #define iwl_print_hex_dump(m, level, p, len) - #endif /* CONFIG_IWLWIFI_DEBUG */ - + #define IWL_DEBUG_QUIET_RFKILL(p, fmt, args...) \ + do { \ diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c -index 523ad55..f8c5dc5 100644 +index 4b9e730..7603659 100644 --- a/drivers/net/wireless/mac80211_hwsim.c +++ b/drivers/net/wireless/mac80211_hwsim.c -@@ -1678,9 +1678,11 @@ static int __init init_mac80211_hwsim(void) +@@ -1677,9 +1677,11 @@ static int __init init_mac80211_hwsim(void) return -EINVAL; if (fake_hw_scan) { @@ -35790,10 +36600,10 @@ index 523ad55..f8c5dc5 100644 spin_lock_init(&hwsim_radio_lock); diff --git a/drivers/net/wireless/mwifiex/main.h b/drivers/net/wireless/mwifiex/main.h -index 30f138b..c904585 100644 +index 3186aa4..b35b09f 100644 --- a/drivers/net/wireless/mwifiex/main.h +++ b/drivers/net/wireless/mwifiex/main.h -@@ -543,7 +543,7 @@ struct mwifiex_if_ops { +@@ -536,7 +536,7 @@ struct mwifiex_if_ops { void (*cleanup_mpa_buf) (struct mwifiex_adapter *); int (*cmdrsp_complete) (struct mwifiex_adapter *, struct sk_buff *); int (*event_complete) (struct mwifiex_adapter *, struct sk_buff *); @@ -35803,10 +36613,10 @@ index 30f138b..c904585 100644 struct mwifiex_adapter { u8 iface_type; diff --git a/drivers/net/wireless/rndis_wlan.c b/drivers/net/wireless/rndis_wlan.c -index 0c13840..a5c3ed6 100644 +index a330c69..a81540f 100644 --- a/drivers/net/wireless/rndis_wlan.c +++ b/drivers/net/wireless/rndis_wlan.c -@@ -1275,7 +1275,7 @@ static int set_rts_threshold(struct usbnet *usbdev, u32 rts_threshold) +@@ -1278,7 +1278,7 @@ static int set_rts_threshold(struct usbnet *usbdev, u32 rts_threshold) netdev_dbg(usbdev->net, "%s(): %i\n", __func__, rts_threshold); @@ -35881,7 +36691,7 @@ index c0cc4e7..44d4e54 100644 } diff --git a/drivers/oprofile/oprof.c b/drivers/oprofile/oprof.c -index f8c752e..28bf4fc 100644 +index ed2c3ec..deda85a 100644 --- a/drivers/oprofile/oprof.c +++ b/drivers/oprofile/oprof.c @@ -110,7 +110,7 @@ static void switch_worker(struct work_struct *work) @@ -36046,7 +36856,7 @@ index 76ba8a1..20ca857 100644 /* initialize our int15 lock */ diff --git a/drivers/pci/pcie/aspm.c b/drivers/pci/pcie/aspm.c -index 24f049e..051f66e 100644 +index 2275162..95f1a92 100644 --- a/drivers/pci/pcie/aspm.c +++ b/drivers/pci/pcie/aspm.c @@ -27,9 +27,9 @@ @@ -36063,7 +36873,7 @@ index 24f049e..051f66e 100644 #define ASPM_STATE_ALL (ASPM_STATE_L0S | ASPM_STATE_L1) diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c -index dfee1b3..a454fb6 100644 +index 71eac9c..2de27ef 100644 --- a/drivers/pci/probe.c +++ b/drivers/pci/probe.c @@ -136,7 +136,7 @@ int __pci_read_base(struct pci_dev *dev, enum pci_bar_type type, @@ -36097,7 +36907,7 @@ index 27911b5..5b6db88 100644 &proc_bus_pci_dev_operations); proc_initialized = 1; diff --git a/drivers/platform/x86/asus_acpi.c b/drivers/platform/x86/asus_acpi.c -index d9312b3..59f63f2 100644 +index 6f966d6..68e18ed 100644 --- a/drivers/platform/x86/asus_acpi.c +++ b/drivers/platform/x86/asus_acpi.c @@ -887,6 +887,8 @@ static int lcd_proc_open(struct inode *inode, struct file *file) @@ -36110,7 +36920,7 @@ index d9312b3..59f63f2 100644 { int rv, value; diff --git a/drivers/platform/x86/thinkpad_acpi.c b/drivers/platform/x86/thinkpad_acpi.c -index 7b82868..b9344c9 100644 +index ea0c607..58c4628 100644 --- a/drivers/platform/x86/thinkpad_acpi.c +++ b/drivers/platform/x86/thinkpad_acpi.c @@ -2094,7 +2094,7 @@ static int hotkey_mask_get(void) @@ -36337,10 +37147,10 @@ index b0ecacb..7c9da2e 100644 /* check if the resource is reserved */ diff --git a/drivers/power/bq27x00_battery.c b/drivers/power/bq27x00_battery.c -index bb16f5b..c751eef 100644 +index 1ed6ea0..77c0bd2 100644 --- a/drivers/power/bq27x00_battery.c +++ b/drivers/power/bq27x00_battery.c -@@ -67,7 +67,7 @@ +@@ -72,7 +72,7 @@ struct bq27x00_device_info; struct bq27x00_access_methods { int (*read)(struct bq27x00_device_info *di, u8 reg, bool single); @@ -36350,7 +37160,7 @@ index bb16f5b..c751eef 100644 enum bq27x00_chip { BQ27000, BQ27500 }; diff --git a/drivers/regulator/max8660.c b/drivers/regulator/max8660.c -index 33f5d9a..d957d3f 100644 +index a838e66..a9e1665 100644 --- a/drivers/regulator/max8660.c +++ b/drivers/regulator/max8660.c @@ -383,8 +383,10 @@ static int __devinit max8660_probe(struct i2c_client *client, @@ -36367,10 +37177,10 @@ index 33f5d9a..d957d3f 100644 /* diff --git a/drivers/regulator/mc13892-regulator.c b/drivers/regulator/mc13892-regulator.c -index 023d17d..74ef35b 100644 +index e8cfc99..072aee2 100644 --- a/drivers/regulator/mc13892-regulator.c +++ b/drivers/regulator/mc13892-regulator.c -@@ -565,10 +565,12 @@ static int __devinit mc13892_regulator_probe(struct platform_device *pdev) +@@ -574,10 +574,12 @@ static int __devinit mc13892_regulator_probe(struct platform_device *pdev) } mc13xxx_unlock(mc13892); @@ -36382,9 +37192,9 @@ index 023d17d..74ef35b 100644 + *(void **)&mc13892_regulators[MC13892_VCAM].desc.ops->get_mode = mc13892_vcam_get_mode; + pax_close_kernel(); - for (i = 0; i < pdata->num_regulators; i++) { - init_data = &pdata->regulators[i]; - priv->regulators[i] = regulator_register( + + mc13xxx_data = mc13xxx_parse_regulators_dt(pdev, mc13892_regulators, + ARRAY_SIZE(mc13892_regulators)); diff --git a/drivers/rtc/rtc-dev.c b/drivers/rtc/rtc-dev.c index cace6d3..f623fda 100644 --- a/drivers/rtc/rtc-dev.c @@ -36459,10 +37269,10 @@ index a796de9..1ef20e1 100644 struct bfa_faa_cbfn_s { diff --git a/drivers/scsi/bfa/bfa_fcpim.c b/drivers/scsi/bfa/bfa_fcpim.c -index e07bd47..cd1bbbb 100644 +index f0f80e2..8ec946b 100644 --- a/drivers/scsi/bfa/bfa_fcpim.c +++ b/drivers/scsi/bfa/bfa_fcpim.c -@@ -4121,7 +4121,7 @@ bfa_fcp_attach(struct bfa_s *bfa, void *bfad, struct bfa_iocfc_cfg_s *cfg, +@@ -3715,7 +3715,7 @@ bfa_fcp_attach(struct bfa_s *bfa, void *bfad, struct bfa_iocfc_cfg_s *cfg, bfa_iotag_attach(fcp); @@ -36471,7 +37281,7 @@ index e07bd47..cd1bbbb 100644 bfa_mem_kva_curp(fcp) = (u8 *)fcp->itn_arr + (fcp->num_itns * sizeof(struct bfa_itn_s)); memset(fcp->itn_arr, 0, -@@ -4179,7 +4179,7 @@ bfa_itn_create(struct bfa_s *bfa, struct bfa_rport_s *rport, +@@ -3773,7 +3773,7 @@ bfa_itn_create(struct bfa_s *bfa, struct bfa_rport_s *rport, void (*isr)(struct bfa_s *bfa, struct bfi_msg_s *m)) { struct bfa_fcp_mod_s *fcp = BFA_FCP_MOD(bfa); @@ -36481,7 +37291,7 @@ index e07bd47..cd1bbbb 100644 itn = BFA_ITN_FROM_TAG(fcp, rport->rport_tag); itn->isr = isr; diff --git a/drivers/scsi/bfa/bfa_fcpim.h b/drivers/scsi/bfa/bfa_fcpim.h -index 1080bcb..a3b39e3 100644 +index 36f26da..38a34a8 100644 --- a/drivers/scsi/bfa/bfa_fcpim.h +++ b/drivers/scsi/bfa/bfa_fcpim.h @@ -37,6 +37,7 @@ struct bfa_iotag_s { @@ -36492,7 +37302,7 @@ index 1080bcb..a3b39e3 100644 void bfa_itn_create(struct bfa_s *bfa, struct bfa_rport_s *rport, void (*isr)(struct bfa_s *bfa, struct bfi_msg_s *m)); -@@ -149,7 +150,7 @@ struct bfa_fcp_mod_s { +@@ -147,7 +148,7 @@ struct bfa_fcp_mod_s { struct list_head iotag_tio_free_q; /* free IO resources */ struct list_head iotag_unused_q; /* unused IO resources*/ struct bfa_iotag_s *iotag_arr; @@ -36546,10 +37356,10 @@ index 351dc0b..951dc32 100644 /* These three are default values which can be overridden */ diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c -index 865d452..e9b7fa7 100644 +index b96962c..0c82ec2 100644 --- a/drivers/scsi/hpsa.c +++ b/drivers/scsi/hpsa.c -@@ -505,7 +505,7 @@ static inline u32 next_command(struct ctlr_info *h) +@@ -507,7 +507,7 @@ static inline u32 next_command(struct ctlr_info *h) u32 a; if (unlikely(!(h->transMethod & CFGTBL_Trans_Performant))) @@ -36558,7 +37368,7 @@ index 865d452..e9b7fa7 100644 if ((*(h->reply_pool_head) & 1) == (h->reply_pool_wraparound)) { a = *(h->reply_pool_head); /* Next cmd in ring buffer */ -@@ -2989,7 +2989,7 @@ static void start_io(struct ctlr_info *h) +@@ -2991,7 +2991,7 @@ static void start_io(struct ctlr_info *h) while (!list_empty(&h->reqQ)) { c = list_entry(h->reqQ.next, struct CommandList, list); /* can't do anything if fifo is full */ @@ -36567,7 +37377,7 @@ index 865d452..e9b7fa7 100644 dev_warn(&h->pdev->dev, "fifo full\n"); break; } -@@ -2999,7 +2999,7 @@ static void start_io(struct ctlr_info *h) +@@ -3001,7 +3001,7 @@ static void start_io(struct ctlr_info *h) h->Qdepth--; /* Tell the controller execute command */ @@ -36576,7 +37386,7 @@ index 865d452..e9b7fa7 100644 /* Put job onto the completed Q */ addQ(&h->cmpQ, c); -@@ -3008,17 +3008,17 @@ static void start_io(struct ctlr_info *h) +@@ -3010,17 +3010,17 @@ static void start_io(struct ctlr_info *h) static inline unsigned long get_next_completion(struct ctlr_info *h) { @@ -36597,7 +37407,7 @@ index 865d452..e9b7fa7 100644 (h->interrupts_enabled == 0); } -@@ -3917,7 +3917,7 @@ static int __devinit hpsa_pci_init(struct ctlr_info *h) +@@ -3919,7 +3919,7 @@ static int __devinit hpsa_pci_init(struct ctlr_info *h) if (prod_index < 0) return -ENODEV; h->product_name = products[prod_index].product_name; @@ -36606,7 +37416,7 @@ index 865d452..e9b7fa7 100644 if (hpsa_board_disabled(h->pdev)) { dev_warn(&h->pdev->dev, "controller appears to be disabled\n"); -@@ -4162,7 +4162,7 @@ static void controller_lockup_detected(struct ctlr_info *h) +@@ -4164,7 +4164,7 @@ static void controller_lockup_detected(struct ctlr_info *h) assert_spin_locked(&lockup_detector_lock); remove_ctlr_from_lockup_detector_list(h); @@ -36615,7 +37425,7 @@ index 865d452..e9b7fa7 100644 spin_lock_irqsave(&h->lock, flags); h->lockup_detected = readl(h->vaddr + SA5_SCRATCHPAD_OFFSET); spin_unlock_irqrestore(&h->lock, flags); -@@ -4340,7 +4340,7 @@ reinit_after_soft_reset: +@@ -4344,7 +4344,7 @@ reinit_after_soft_reset: } /* make sure the board interrupts are off */ @@ -36624,7 +37434,7 @@ index 865d452..e9b7fa7 100644 if (hpsa_request_irq(h, do_hpsa_intr_msi, do_hpsa_intr_intx)) goto clean2; -@@ -4374,7 +4374,7 @@ reinit_after_soft_reset: +@@ -4378,7 +4378,7 @@ reinit_after_soft_reset: * fake ones to scoop up any residual completions. */ spin_lock_irqsave(&h->lock, flags); @@ -36633,7 +37443,7 @@ index 865d452..e9b7fa7 100644 spin_unlock_irqrestore(&h->lock, flags); free_irq(h->intr[h->intr_mode], h); rc = hpsa_request_irq(h, hpsa_msix_discard_completions, -@@ -4393,9 +4393,9 @@ reinit_after_soft_reset: +@@ -4397,9 +4397,9 @@ reinit_after_soft_reset: dev_info(&h->pdev->dev, "Board READY.\n"); dev_info(&h->pdev->dev, "Waiting for stale completions to drain.\n"); @@ -36645,7 +37455,7 @@ index 865d452..e9b7fa7 100644 rc = controller_reset_failed(h->cfgtable); if (rc) -@@ -4416,7 +4416,7 @@ reinit_after_soft_reset: +@@ -4420,7 +4420,7 @@ reinit_after_soft_reset: } /* Turn the interrupts on so we can service requests */ @@ -36654,7 +37464,7 @@ index 865d452..e9b7fa7 100644 hpsa_hba_inquiry(h); hpsa_register_scsi(h); /* hook ourselves into SCSI subsystem */ -@@ -4468,7 +4468,7 @@ static void hpsa_shutdown(struct pci_dev *pdev) +@@ -4472,7 +4472,7 @@ static void hpsa_shutdown(struct pci_dev *pdev) * To write all data in the battery backed cache to disks */ hpsa_flush_cache(h); @@ -36663,7 +37473,7 @@ index 865d452..e9b7fa7 100644 free_irq(h->intr[h->intr_mode], h); #ifdef CONFIG_PCI_MSI if (h->msix_vector) -@@ -4632,7 +4632,7 @@ static __devinit void hpsa_enter_performant_mode(struct ctlr_info *h, +@@ -4636,7 +4636,7 @@ static __devinit void hpsa_enter_performant_mode(struct ctlr_info *h, return; } /* Change the access methods to the performant access methods */ @@ -36699,7 +37509,7 @@ index f2df059..a3a9930 100644 typedef struct ips_ha { uint8_t ha_id[IPS_MAX_CHANNELS+1]; diff --git a/drivers/scsi/libfc/fc_exch.c b/drivers/scsi/libfc/fc_exch.c -index 9de9db2..1e09660 100644 +index 4d70d96..84d0573 100644 --- a/drivers/scsi/libfc/fc_exch.c +++ b/drivers/scsi/libfc/fc_exch.c @@ -105,12 +105,12 @@ struct fc_exch_mgr { @@ -36837,10 +37647,10 @@ index db9238f..4378ed2 100644 .qc_issue = sas_ata_qc_issue, .qc_fill_rtf = sas_ata_qc_fill_rtf, diff --git a/drivers/scsi/lpfc/lpfc.h b/drivers/scsi/lpfc/lpfc.h -index bb4c8e0..f33d849 100644 +index 825f930..ce42672 100644 --- a/drivers/scsi/lpfc/lpfc.h +++ b/drivers/scsi/lpfc/lpfc.h -@@ -425,7 +425,7 @@ struct lpfc_vport { +@@ -413,7 +413,7 @@ struct lpfc_vport { struct dentry *debug_nodelist; struct dentry *vport_debugfs_root; struct lpfc_debugfs_trc *disc_trc; @@ -36849,7 +37659,7 @@ index bb4c8e0..f33d849 100644 #endif uint8_t stat_data_enabled; uint8_t stat_data_blocked; -@@ -835,8 +835,8 @@ struct lpfc_hba { +@@ -821,8 +821,8 @@ struct lpfc_hba { struct timer_list fabric_block_timer; unsigned long bit_flags; #define FABRIC_COMANDS_BLOCKED 0 @@ -36860,7 +37670,7 @@ index bb4c8e0..f33d849 100644 unsigned long last_rsrc_error_time; unsigned long last_ramp_down_time; unsigned long last_ramp_up_time; -@@ -866,7 +866,7 @@ struct lpfc_hba { +@@ -852,7 +852,7 @@ struct lpfc_hba { struct dentry *debug_slow_ring_trc; struct lpfc_debugfs_trc *slow_ring_trc; @@ -36870,7 +37680,7 @@ index bb4c8e0..f33d849 100644 struct dentry *idiag_root; struct dentry *idiag_pci_cfg; diff --git a/drivers/scsi/lpfc/lpfc_debugfs.c b/drivers/scsi/lpfc/lpfc_debugfs.c -index 2838259..a07cfb5 100644 +index 3587a3f..d45b81b 100644 --- a/drivers/scsi/lpfc/lpfc_debugfs.c +++ b/drivers/scsi/lpfc/lpfc_debugfs.c @@ -106,7 +106,7 @@ MODULE_PARM_DESC(lpfc_debugfs_mask_disc_trc, @@ -36934,7 +37744,7 @@ index 2838259..a07cfb5 100644 dtp->jif = jiffies; #endif return; -@@ -3986,7 +3986,7 @@ lpfc_debugfs_initialize(struct lpfc_vport *vport) +@@ -4040,7 +4040,7 @@ lpfc_debugfs_initialize(struct lpfc_vport *vport) "slow_ring buffer\n"); goto debug_failed; } @@ -36943,7 +37753,7 @@ index 2838259..a07cfb5 100644 memset(phba->slow_ring_trc, 0, (sizeof(struct lpfc_debugfs_trc) * lpfc_debugfs_max_slow_ring_trc)); -@@ -4032,7 +4032,7 @@ lpfc_debugfs_initialize(struct lpfc_vport *vport) +@@ -4086,7 +4086,7 @@ lpfc_debugfs_initialize(struct lpfc_vport *vport) "buffer\n"); goto debug_failed; } @@ -36953,10 +37763,10 @@ index 2838259..a07cfb5 100644 snprintf(name, sizeof(name), "discovery_trace"); vport->debug_disc_trc = diff --git a/drivers/scsi/lpfc/lpfc_init.c b/drivers/scsi/lpfc/lpfc_init.c -index 55bc4fc..a2a109c 100644 +index dfea2da..8e17227 100644 --- a/drivers/scsi/lpfc/lpfc_init.c +++ b/drivers/scsi/lpfc/lpfc_init.c -@@ -10027,8 +10027,10 @@ lpfc_init(void) +@@ -10145,8 +10145,10 @@ lpfc_init(void) printk(LPFC_COPYRIGHT "\n"); if (lpfc_enable_npiv) { @@ -36970,7 +37780,7 @@ index 55bc4fc..a2a109c 100644 lpfc_transport_template = fc_attach_transport(&lpfc_transport_functions); diff --git a/drivers/scsi/lpfc/lpfc_scsi.c b/drivers/scsi/lpfc/lpfc_scsi.c -index 2e1e54e..1af0a0d 100644 +index c60f5d0..751535c 100644 --- a/drivers/scsi/lpfc/lpfc_scsi.c +++ b/drivers/scsi/lpfc/lpfc_scsi.c @@ -305,7 +305,7 @@ lpfc_rampdown_queue_depth(struct lpfc_hba *phba) @@ -37025,7 +37835,7 @@ index 2e1e54e..1af0a0d 100644 /** diff --git a/drivers/scsi/pmcraid.c b/drivers/scsi/pmcraid.c -index 5163edb..7b142bc 100644 +index ea8a0b4..812a124 100644 --- a/drivers/scsi/pmcraid.c +++ b/drivers/scsi/pmcraid.c @@ -200,8 +200,8 @@ static int pmcraid_slave_alloc(struct scsi_device *scsi_dev) @@ -37132,23 +37942,23 @@ index ca496c7..9c791d5 100644 /* To indicate add/delete/modify during CCN */ u8 change_detected; diff --git a/drivers/scsi/qla2xxx/qla_def.h b/drivers/scsi/qla2xxx/qla_def.h -index fcf052c..a8025a4 100644 +index af1003f..be55a75 100644 --- a/drivers/scsi/qla2xxx/qla_def.h +++ b/drivers/scsi/qla2xxx/qla_def.h -@@ -2244,7 +2244,7 @@ struct isp_operations { - int (*get_flash_version) (struct scsi_qla_host *, void *); +@@ -2247,7 +2247,7 @@ struct isp_operations { int (*start_scsi) (srb_t *); int (*abort_isp) (struct scsi_qla_host *); + int (*iospace_config)(struct qla_hw_data*); -}; +} __no_const; /* MSI-X Support *************************************************************/ diff --git a/drivers/scsi/qla4xxx/ql4_def.h b/drivers/scsi/qla4xxx/ql4_def.h -index fd5edc6..4906148 100644 +index bfe6854..ceac088 100644 --- a/drivers/scsi/qla4xxx/ql4_def.h +++ b/drivers/scsi/qla4xxx/ql4_def.h -@@ -258,7 +258,7 @@ struct ddb_entry { +@@ -261,7 +261,7 @@ struct ddb_entry { * (4000 only) */ atomic_t relogin_timer; /* Max Time to wait for * relogin to complete */ @@ -37158,10 +37968,10 @@ index fd5edc6..4906148 100644 uint32_t default_time2wait; /* Default Min time between * relogins (+aens) */ diff --git a/drivers/scsi/qla4xxx/ql4_os.c b/drivers/scsi/qla4xxx/ql4_os.c -index 4169c8b..a8b896b 100644 +index ce6d3b7..73fac54 100644 --- a/drivers/scsi/qla4xxx/ql4_os.c +++ b/drivers/scsi/qla4xxx/ql4_os.c -@@ -2104,12 +2104,12 @@ void qla4xxx_check_relogin_flash_ddb(struct iscsi_cls_session *cls_sess) +@@ -2178,12 +2178,12 @@ static void qla4xxx_check_relogin_flash_ddb(struct iscsi_cls_session *cls_sess) */ if (!iscsi_is_session_online(cls_sess)) { /* Reset retry relogin timer */ @@ -37176,15 +37986,15 @@ index 4169c8b..a8b896b 100644 ddb_entry->default_time2wait + 4)); set_bit(DPC_RELOGIN_DEVICE, &ha->dpc_flags); atomic_set(&ddb_entry->retry_relogin_timer, -@@ -3835,7 +3835,7 @@ static void qla4xxx_setup_flash_ddb_entry(struct scsi_qla_host *ha, +@@ -3953,7 +3953,7 @@ static void qla4xxx_setup_flash_ddb_entry(struct scsi_qla_host *ha, atomic_set(&ddb_entry->retry_relogin_timer, INVALID_ENTRY); atomic_set(&ddb_entry->relogin_timer, 0); - atomic_set(&ddb_entry->relogin_retry_count, 0); + atomic_set_unchecked(&ddb_entry->relogin_retry_count, 0); - + def_timeout = le16_to_cpu(ddb_entry->fw_ddb_entry.def_timeout); ddb_entry->default_relogin_timeout = - le16_to_cpu(ddb_entry->fw_ddb_entry.def_timeout); + (def_timeout > LOGIN_TOV) && (def_timeout < LOGIN_TOV * 10) ? diff --git a/drivers/scsi/scsi.c b/drivers/scsi/scsi.c index 2aeb2e9..46e3925 100644 --- a/drivers/scsi/scsi.c @@ -37199,10 +38009,10 @@ index 2aeb2e9..46e3925 100644 /* check if the device is still usable */ if (unlikely(cmd->device->sdev_state == SDEV_DEL)) { diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c -index f85cfa6..a57c9e8 100644 +index b2c95db..227d74e 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c -@@ -1416,7 +1416,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q) +@@ -1411,7 +1411,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q) shost = sdev->host; scsi_init_cmd_errh(cmd); cmd->result = DID_NO_CONNECT << 16; @@ -37211,7 +38021,7 @@ index f85cfa6..a57c9e8 100644 /* * SCSI request completion path will do scsi_device_unbusy(), -@@ -1442,9 +1442,9 @@ static void scsi_softirq_done(struct request *rq) +@@ -1437,9 +1437,9 @@ static void scsi_softirq_done(struct request *rq) INIT_LIST_HEAD(&cmd->eh_entry); @@ -37250,7 +38060,7 @@ index 84a1fdf..693b0d6 100644 /* * TODO: need to fixup sg_tablesize, max_segment_size, diff --git a/drivers/scsi/scsi_transport_fc.c b/drivers/scsi/scsi_transport_fc.c -index 1b21491..1b7f60e 100644 +index f59d4a0..1d89407 100644 --- a/drivers/scsi/scsi_transport_fc.c +++ b/drivers/scsi/scsi_transport_fc.c @@ -484,7 +484,7 @@ static DECLARE_TRANSPORT_CLASS(fc_vport_class, @@ -37290,7 +38100,7 @@ index 1b21491..1b7f60e 100644 /* * Check for overflow; dev_loss_tmo is u32 diff --git a/drivers/scsi/scsi_transport_iscsi.c b/drivers/scsi/scsi_transport_iscsi.c -index 96029e6..4d77fa0 100644 +index e3e3c7d..ebdab62 100644 --- a/drivers/scsi/scsi_transport_iscsi.c +++ b/drivers/scsi/scsi_transport_iscsi.c @@ -79,7 +79,7 @@ struct iscsi_internal { @@ -37302,7 +38112,7 @@ index 96029e6..4d77fa0 100644 static struct workqueue_struct *iscsi_eh_timer_workq; static DEFINE_IDA(iscsi_sess_ida); -@@ -1062,7 +1062,7 @@ int iscsi_add_session(struct iscsi_cls_session *session, unsigned int target_id) +@@ -1063,7 +1063,7 @@ int iscsi_add_session(struct iscsi_cls_session *session, unsigned int target_id) int err; ihost = shost->shost_data; @@ -37311,7 +38121,7 @@ index 96029e6..4d77fa0 100644 if (target_id == ISCSI_MAX_TARGET) { id = ida_simple_get(&iscsi_sess_ida, 0, 0, GFP_KERNEL); -@@ -2663,7 +2663,7 @@ static __init int iscsi_transport_init(void) +@@ -2680,7 +2680,7 @@ static __init int iscsi_transport_init(void) printk(KERN_INFO "Loading iSCSI transport class v%s.\n", ISCSI_TRANSPORT_VERSION); @@ -37352,7 +38162,7 @@ index 21a045e..ec89e03 100644 transport_setup_device(&rport->dev); diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c -index 441a1c5..07cece7 100644 +index eacd46b..e3f4d62 100644 --- a/drivers/scsi/sg.c +++ b/drivers/scsi/sg.c @@ -1077,7 +1077,7 @@ sg_ioctl(struct file *filp, unsigned int cmd_in, unsigned long arg) @@ -37373,15 +38183,15 @@ index 441a1c5..07cece7 100644 {"allow_dio", &adio_fops}, {"debug", &debug_fops}, {"def_reserved_size", &dressz_fops}, -@@ -2327,7 +2327,7 @@ sg_proc_init(void) - { - int k, mask; - int num_leaves = ARRAY_SIZE(sg_proc_leaf_arr); -- struct sg_proc_leaf * leaf; -+ const struct sg_proc_leaf * leaf; - - sg_proc_sgp = proc_mkdir(sg_proc_sg_dirname, NULL); +@@ -2332,7 +2332,7 @@ sg_proc_init(void) if (!sg_proc_sgp) + return 1; + for (k = 0; k < num_leaves; ++k) { +- struct sg_proc_leaf *leaf = &sg_proc_leaf_arr[k]; ++ const struct sg_proc_leaf *leaf = &sg_proc_leaf_arr[k]; + umode_t mask = leaf->fops->write ? S_IRUGO | S_IWUSR : S_IRUGO; + proc_create(leaf->name, mask, sg_proc_sgp, leaf->fops); + } diff --git a/drivers/spi/spi-dw-pci.c b/drivers/spi/spi-dw-pci.c index f64250e..1ee3049 100644 --- a/drivers/spi/spi-dw-pci.c @@ -37396,7 +38206,7 @@ index f64250e..1ee3049 100644 { PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0x0800) }, {}, diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c -index 77eae99..b7cdcc9 100644 +index b2ccdea..84cde75 100644 --- a/drivers/spi/spi.c +++ b/drivers/spi/spi.c @@ -1024,7 +1024,7 @@ int spi_bus_unlock(struct spi_master *master) @@ -37408,65 +38218,8 @@ index 77eae99..b7cdcc9 100644 static u8 *buf; -diff --git a/drivers/staging/gma500/power.c b/drivers/staging/gma500/power.c -index 436fe97..4082570 100644 ---- a/drivers/staging/gma500/power.c -+++ b/drivers/staging/gma500/power.c -@@ -266,7 +266,7 @@ bool gma_power_begin(struct drm_device *dev, bool force_on) - ret = gma_resume_pci(dev->pdev); - if (ret == 0) { - /* FIXME: we want to defer this for Medfield/Oaktrail */ -- gma_resume_display(dev); -+ gma_resume_display(dev->pdev); - psb_irq_preinstall(dev); - psb_irq_postinstall(dev); - pm_runtime_get(&dev->pdev->dev); -diff --git a/drivers/staging/hv/rndis_filter.c b/drivers/staging/hv/rndis_filter.c -index bafccb3..e3ac78d 100644 ---- a/drivers/staging/hv/rndis_filter.c -+++ b/drivers/staging/hv/rndis_filter.c -@@ -42,7 +42,7 @@ struct rndis_device { - - enum rndis_device_state state; - bool link_state; -- atomic_t new_req_id; -+ atomic_unchecked_t new_req_id; - - spinlock_t request_lock; - struct list_head req_list; -@@ -116,7 +116,7 @@ static struct rndis_request *get_rndis_request(struct rndis_device *dev, - * template - */ - set = &rndis_msg->msg.set_req; -- set->req_id = atomic_inc_return(&dev->new_req_id); -+ set->req_id = atomic_inc_return_unchecked(&dev->new_req_id); - - /* Add to the request list */ - spin_lock_irqsave(&dev->request_lock, flags); -@@ -646,7 +646,7 @@ static void rndis_filter_halt_device(struct rndis_device *dev) - - /* Setup the rndis set */ - halt = &request->request_msg.msg.halt_req; -- halt->req_id = atomic_inc_return(&dev->new_req_id); -+ halt->req_id = atomic_inc_return_unchecked(&dev->new_req_id); - - /* Ignore return since this msg is optional. */ - rndis_filter_send_request(dev, request); -diff --git a/drivers/staging/iio/buffer_generic.h b/drivers/staging/iio/buffer_generic.h -index 9e8f010..af9efb56 100644 ---- a/drivers/staging/iio/buffer_generic.h -+++ b/drivers/staging/iio/buffer_generic.h -@@ -64,7 +64,7 @@ struct iio_buffer_access_funcs { - - int (*is_enabled)(struct iio_buffer *buffer); - int (*enable)(struct iio_buffer *buffer); --}; -+} __no_const; - - /** - * struct iio_buffer_setup_ops - buffer setup related callbacks diff --git a/drivers/staging/octeon/ethernet-rx.c b/drivers/staging/octeon/ethernet-rx.c -index 8b307b4..a97ac91 100644 +index 400df8c..065d4f4 100644 --- a/drivers/staging/octeon/ethernet-rx.c +++ b/drivers/staging/octeon/ethernet-rx.c @@ -420,11 +420,11 @@ static int cvm_oct_napi_poll(struct napi_struct *napi, int budget) @@ -37498,7 +38251,7 @@ index 8b307b4..a97ac91 100644 dev_kfree_skb_irq(skb); } diff --git a/drivers/staging/octeon/ethernet.c b/drivers/staging/octeon/ethernet.c -index 076f866..2308070 100644 +index 9112cd8..92f8d51 100644 --- a/drivers/staging/octeon/ethernet.c +++ b/drivers/staging/octeon/ethernet.c @@ -258,11 +258,11 @@ static struct net_device_stats *cvm_oct_common_get_stats(struct net_device *dev) @@ -37517,80 +38270,11 @@ index 076f866..2308070 100644 #endif } -diff --git a/drivers/staging/pohmelfs/inode.c b/drivers/staging/pohmelfs/inode.c -index 7a19555..466456d 100644 ---- a/drivers/staging/pohmelfs/inode.c -+++ b/drivers/staging/pohmelfs/inode.c -@@ -1861,7 +1861,7 @@ static int pohmelfs_fill_super(struct super_block *sb, void *data, int silent) - mutex_init(&psb->mcache_lock); - psb->mcache_root = RB_ROOT; - psb->mcache_timeout = msecs_to_jiffies(5000); -- atomic_long_set(&psb->mcache_gen, 0); -+ atomic_long_set_unchecked(&psb->mcache_gen, 0); - - psb->trans_max_pages = 100; - -@@ -1876,7 +1876,7 @@ static int pohmelfs_fill_super(struct super_block *sb, void *data, int silent) - INIT_LIST_HEAD(&psb->crypto_ready_list); - INIT_LIST_HEAD(&psb->crypto_active_list); - -- atomic_set(&psb->trans_gen, 1); -+ atomic_set_unchecked(&psb->trans_gen, 1); - atomic_long_set(&psb->total_inodes, 0); - - mutex_init(&psb->state_lock); -diff --git a/drivers/staging/pohmelfs/mcache.c b/drivers/staging/pohmelfs/mcache.c -index e22665c..a2a9390 100644 ---- a/drivers/staging/pohmelfs/mcache.c -+++ b/drivers/staging/pohmelfs/mcache.c -@@ -121,7 +121,7 @@ struct pohmelfs_mcache *pohmelfs_mcache_alloc(struct pohmelfs_sb *psb, u64 start - m->data = data; - m->start = start; - m->size = size; -- m->gen = atomic_long_inc_return(&psb->mcache_gen); -+ m->gen = atomic_long_inc_return_unchecked(&psb->mcache_gen); - - mutex_lock(&psb->mcache_lock); - err = pohmelfs_mcache_insert(psb, m); -diff --git a/drivers/staging/pohmelfs/netfs.h b/drivers/staging/pohmelfs/netfs.h -index 985b6b7..7699e05 100644 ---- a/drivers/staging/pohmelfs/netfs.h -+++ b/drivers/staging/pohmelfs/netfs.h -@@ -571,14 +571,14 @@ struct pohmelfs_config; - struct pohmelfs_sb { - struct rb_root mcache_root; - struct mutex mcache_lock; -- atomic_long_t mcache_gen; -+ atomic_long_unchecked_t mcache_gen; - unsigned long mcache_timeout; - - unsigned int idx; - - unsigned int trans_retries; - -- atomic_t trans_gen; -+ atomic_unchecked_t trans_gen; - - unsigned int crypto_attached_size; - unsigned int crypto_align_size; -diff --git a/drivers/staging/pohmelfs/trans.c b/drivers/staging/pohmelfs/trans.c -index 06c1a74..866eebc 100644 ---- a/drivers/staging/pohmelfs/trans.c -+++ b/drivers/staging/pohmelfs/trans.c -@@ -492,7 +492,7 @@ int netfs_trans_finish(struct netfs_trans *t, struct pohmelfs_sb *psb) - int err; - struct netfs_cmd *cmd = t->iovec.iov_base; - -- t->gen = atomic_inc_return(&psb->trans_gen); -+ t->gen = atomic_inc_return_unchecked(&psb->trans_gen); - - cmd->size = t->iovec.iov_len - sizeof(struct netfs_cmd) + - t->attached_size + t->attached_pages * sizeof(struct netfs_cmd); diff --git a/drivers/staging/rtl8192e/rtllib_module.c b/drivers/staging/rtl8192e/rtllib_module.c -index c36a140..dd27fda 100644 +index f9dae95..ff48901 100644 --- a/drivers/staging/rtl8192e/rtllib_module.c +++ b/drivers/staging/rtl8192e/rtllib_module.c -@@ -228,6 +228,8 @@ static int show_debug_level(char *page, char **start, off_t offset, +@@ -215,6 +215,8 @@ static int show_debug_level(char *page, char **start, off_t offset, } static int store_debug_level(struct file *file, const char __user *buffer, @@ -37638,8 +38322,25 @@ index c7b5e8b..783d6cb 100644 return -EFAULT; return 0; +diff --git a/drivers/staging/speakup/speakup_soft.c b/drivers/staging/speakup/speakup_soft.c +index 42cdafe..2769103 100644 +--- a/drivers/staging/speakup/speakup_soft.c ++++ b/drivers/staging/speakup/speakup_soft.c +@@ -241,11 +241,11 @@ static ssize_t softsynth_read(struct file *fp, char *buf, size_t count, + break; + } else if (!initialized) { + if (*init) { +- ch = *init; + init++; + } else { + initialized = 1; + } ++ ch = *init; + } else { + ch = synth_buffer_getc(); + } diff --git a/drivers/staging/usbip/usbip_common.h b/drivers/staging/usbip/usbip_common.h -index be21617..0954e45 100644 +index b8f8c48..1fc5025 100644 --- a/drivers/staging/usbip/usbip_common.h +++ b/drivers/staging/usbip/usbip_common.h @@ -289,7 +289,7 @@ struct usbip_device { @@ -37650,7 +38351,7 @@ index be21617..0954e45 100644 + } __no_const eh_ops; }; - #if 0 + /* usbip_common.c */ diff --git a/drivers/staging/usbip/vhci.h b/drivers/staging/usbip/vhci.h index 88b3298..3783eee 100644 --- a/drivers/staging/usbip/vhci.h @@ -37696,7 +38397,7 @@ index 2ee97e2..0420b86 100644 hcd->power_budget = 0; /* no limit */ diff --git a/drivers/staging/usbip/vhci_rx.c b/drivers/staging/usbip/vhci_rx.c -index 3872b8c..fe6d2f4 100644 +index 3f511b4..d3dbc1e 100644 --- a/drivers/staging/usbip/vhci_rx.c +++ b/drivers/staging/usbip/vhci_rx.c @@ -77,7 +77,7 @@ static void vhci_recv_ret_submit(struct vhci_device *vdev, @@ -37824,10 +38525,10 @@ index ed147c4..94fc3c6 100644 /* core tmem accessor functions */ diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c -index 03d3528..6bbe82f 100644 +index 97c74ee..7f6d77d 100644 --- a/drivers/target/iscsi/iscsi_target.c +++ b/drivers/target/iscsi/iscsi_target.c -@@ -1364,7 +1364,7 @@ static int iscsit_handle_data_out(struct iscsi_conn *conn, unsigned char *buf) +@@ -1361,7 +1361,7 @@ static int iscsit_handle_data_out(struct iscsi_conn *conn, unsigned char *buf) * outstanding_r2ts reaches zero, go ahead and send the delayed * TASK_ABORTED status. */ @@ -37837,10 +38538,10 @@ index 03d3528..6bbe82f 100644 if (--cmd->outstanding_r2ts < 1) { iscsit_stop_dataout_timer(cmd); diff --git a/drivers/target/target_core_tmr.c b/drivers/target/target_core_tmr.c -index 6845228..df77141 100644 +index dcb0618..97e3d85 100644 --- a/drivers/target/target_core_tmr.c +++ b/drivers/target/target_core_tmr.c -@@ -250,7 +250,7 @@ static void core_tmr_drain_task_list( +@@ -260,7 +260,7 @@ static void core_tmr_drain_task_list( cmd->se_tfo->get_task_tag(cmd), cmd->pr_res_key, cmd->t_task_list_num, atomic_read(&cmd->t_task_cdbs_left), @@ -37849,7 +38550,7 @@ index 6845228..df77141 100644 atomic_read(&cmd->t_transport_active), atomic_read(&cmd->t_transport_stop), atomic_read(&cmd->t_transport_sent)); -@@ -281,7 +281,7 @@ static void core_tmr_drain_task_list( +@@ -291,7 +291,7 @@ static void core_tmr_drain_task_list( pr_debug("LUN_RESET: got t_transport_active = 1 for" " task: %p, t_fe_count: %d dev: %p\n", task, fe_count, dev); @@ -37858,7 +38559,7 @@ index 6845228..df77141 100644 spin_unlock_irqrestore(&cmd->t_state_lock, flags); core_tmr_handle_tas_abort(tmr_nacl, cmd, tas, fe_count); -@@ -289,7 +289,7 @@ static void core_tmr_drain_task_list( +@@ -299,7 +299,7 @@ static void core_tmr_drain_task_list( } pr_debug("LUN_RESET: Got t_transport_active = 0 for task: %p," " t_fe_count: %d dev: %p\n", task, fe_count, dev); @@ -37868,19 +38569,19 @@ index 6845228..df77141 100644 core_tmr_handle_tas_abort(tmr_nacl, cmd, tas, fe_count); diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c -index cdb774b..8753593 100644 +index cd5cd95..5249d30 100644 --- a/drivers/target/target_core_transport.c +++ b/drivers/target/target_core_transport.c -@@ -1343,7 +1343,7 @@ struct se_device *transport_add_device_to_core_hba( - - dev->queue_depth = dev_limits->queue_depth; - atomic_set(&dev->depth_left, dev->queue_depth); +@@ -1330,7 +1330,7 @@ struct se_device *transport_add_device_to_core_hba( + spin_lock_init(&dev->se_port_lock); + spin_lock_init(&dev->se_tmr_lock); + spin_lock_init(&dev->qf_cmd_lock); - atomic_set(&dev->dev_ordered_id, 0); + atomic_set_unchecked(&dev->dev_ordered_id, 0); se_dev_set_default_attribs(dev, dev_limits); -@@ -1530,7 +1530,7 @@ static int transport_check_alloc_task_attr(struct se_cmd *cmd) +@@ -1517,7 +1517,7 @@ static int transport_check_alloc_task_attr(struct se_cmd *cmd) * Used to determine when ORDERED commands should go from * Dormant to Active status. */ @@ -37889,7 +38590,7 @@ index cdb774b..8753593 100644 smp_mb__after_atomic_inc(); pr_debug("Allocated se_ordered_id: %u for Task Attr: 0x%02x on %s\n", cmd->se_ordered_id, cmd->sam_task_attr, -@@ -1800,7 +1800,7 @@ static void transport_generic_request_failure(struct se_cmd *cmd) +@@ -1862,7 +1862,7 @@ static void transport_generic_request_failure(struct se_cmd *cmd) " t_transport_active: %d t_transport_stop: %d" " t_transport_sent: %d\n", cmd->t_task_list_num, atomic_read(&cmd->t_task_cdbs_left), @@ -37898,8 +38599,8 @@ index cdb774b..8753593 100644 atomic_read(&cmd->t_task_cdbs_ex_left), atomic_read(&cmd->t_transport_active), atomic_read(&cmd->t_transport_stop), -@@ -2089,9 +2089,9 @@ check_depth: - +@@ -2121,9 +2121,9 @@ check_depth: + cmd = task->task_se_cmd; spin_lock_irqsave(&cmd->t_state_lock, flags); task->task_flags |= (TF_ACTIVE | TF_SENT); - atomic_inc(&cmd->t_task_cdbs_sent); @@ -37910,7 +38611,7 @@ index cdb774b..8753593 100644 cmd->t_task_list_num) atomic_set(&cmd->t_transport_sent, 1); -@@ -4297,7 +4297,7 @@ bool transport_wait_for_tasks(struct se_cmd *cmd) +@@ -4348,7 +4348,7 @@ bool transport_wait_for_tasks(struct se_cmd *cmd) atomic_set(&cmd->transport_lun_stop, 0); } if (!atomic_read(&cmd->t_transport_active) || @@ -37919,7 +38620,7 @@ index cdb774b..8753593 100644 spin_unlock_irqrestore(&cmd->t_state_lock, flags); return false; } -@@ -4546,7 +4546,7 @@ int transport_check_aborted_status(struct se_cmd *cmd, int send_status) +@@ -4597,7 +4597,7 @@ int transport_check_aborted_status(struct se_cmd *cmd, int send_status) { int ret = 0; @@ -37928,7 +38629,7 @@ index cdb774b..8753593 100644 if (!send_status || (cmd->se_cmd_flags & SCF_SENT_DELAYED_TAS)) return 1; -@@ -4583,7 +4583,7 @@ void transport_send_task_abort(struct se_cmd *cmd) +@@ -4634,7 +4634,7 @@ void transport_send_task_abort(struct se_cmd *cmd) */ if (cmd->data_direction == DMA_TO_DEVICE) { if (cmd->se_tfo->write_pending_status(cmd) != 0) { @@ -38183,7 +38884,7 @@ index fc7bbba..9527e93 100644 return NULL; } diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c -index 39d6ab6..eb97f41 100644 +index d2256d0..97476fa 100644 --- a/drivers/tty/n_tty.c +++ b/drivers/tty/n_tty.c @@ -2123,6 +2123,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops) @@ -38196,10 +38897,10 @@ index 39d6ab6..eb97f41 100644 } EXPORT_SYMBOL_GPL(n_tty_inherit_ops); diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c -index e18604b..a7d5a11 100644 +index d8653ab..f8afd9d 100644 --- a/drivers/tty/pty.c +++ b/drivers/tty/pty.c -@@ -773,8 +773,10 @@ static void __init unix98_pty_init(void) +@@ -765,8 +765,10 @@ static void __init unix98_pty_init(void) register_sysctl_table(pty_root_table); /* Now create the /dev/ptmx special device */ @@ -38313,11 +39014,24 @@ index 2b42a01..32a2ed3 100644 #ifdef CONFIG_KGDB_SERIAL_CONSOLE /* This is only available if kgdboc is a built in for early debugging */ static int __init kgdboc_early_init(char *opt) +diff --git a/drivers/tty/sysrq.c b/drivers/tty/sysrq.c +index 7867b7c..b3c119d 100644 +--- a/drivers/tty/sysrq.c ++++ b/drivers/tty/sysrq.c +@@ -862,7 +862,7 @@ EXPORT_SYMBOL(unregister_sysrq_key); + static ssize_t write_sysrq_trigger(struct file *file, const char __user *buf, + size_t count, loff_t *ppos) + { +- if (count) { ++ if (count && capable(CAP_SYS_ADMIN)) { + char c; + + if (get_user(c, buf)) diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c -index 05085be..67eadb0 100644 +index e41b9bb..84002fb 100644 --- a/drivers/tty/tty_io.c +++ b/drivers/tty/tty_io.c -@@ -3240,7 +3240,7 @@ EXPORT_SYMBOL_GPL(get_current_tty); +@@ -3291,7 +3291,7 @@ EXPORT_SYMBOL_GPL(get_current_tty); void tty_default_fops(struct file_operations *fops) { @@ -38327,10 +39041,10 @@ index 05085be..67eadb0 100644 /* diff --git a/drivers/tty/tty_ldisc.c b/drivers/tty/tty_ldisc.c -index 8e0924f..4204eb4 100644 +index 24b95db..9c078d0 100644 --- a/drivers/tty/tty_ldisc.c +++ b/drivers/tty/tty_ldisc.c -@@ -75,7 +75,7 @@ static void put_ldisc(struct tty_ldisc *ld) +@@ -57,7 +57,7 @@ static void put_ldisc(struct tty_ldisc *ld) if (atomic_dec_and_lock(&ld->users, &tty_ldisc_lock)) { struct tty_ldisc_ops *ldo = ld->ops; @@ -38339,7 +39053,7 @@ index 8e0924f..4204eb4 100644 module_put(ldo->owner); spin_unlock_irqrestore(&tty_ldisc_lock, flags); -@@ -110,7 +110,7 @@ int tty_register_ldisc(int disc, struct tty_ldisc_ops *new_ldisc) +@@ -92,7 +92,7 @@ int tty_register_ldisc(int disc, struct tty_ldisc_ops *new_ldisc) spin_lock_irqsave(&tty_ldisc_lock, flags); tty_ldiscs[disc] = new_ldisc; new_ldisc->num = disc; @@ -38348,7 +39062,7 @@ index 8e0924f..4204eb4 100644 spin_unlock_irqrestore(&tty_ldisc_lock, flags); return ret; -@@ -138,7 +138,7 @@ int tty_unregister_ldisc(int disc) +@@ -120,7 +120,7 @@ int tty_unregister_ldisc(int disc) return -EINVAL; spin_lock_irqsave(&tty_ldisc_lock, flags); @@ -38357,7 +39071,7 @@ index 8e0924f..4204eb4 100644 ret = -EBUSY; else tty_ldiscs[disc] = NULL; -@@ -159,7 +159,7 @@ static struct tty_ldisc_ops *get_ldops(int disc) +@@ -141,7 +141,7 @@ static struct tty_ldisc_ops *get_ldops(int disc) if (ldops) { ret = ERR_PTR(-EAGAIN); if (try_module_get(ldops->owner)) { @@ -38366,7 +39080,7 @@ index 8e0924f..4204eb4 100644 ret = ldops; } } -@@ -172,7 +172,7 @@ static void put_ldops(struct tty_ldisc_ops *ldops) +@@ -154,7 +154,7 @@ static void put_ldops(struct tty_ldisc_ops *ldops) unsigned long flags; spin_lock_irqsave(&tty_ldisc_lock, flags); @@ -38536,7 +39250,7 @@ index a783d53..cb30d94 100644 ret = uio_get_minor(idev); if (ret) diff --git a/drivers/usb/atm/cxacru.c b/drivers/usb/atm/cxacru.c -index a845f8b..4f54072 100644 +index 98b89fe..aff824e 100644 --- a/drivers/usb/atm/cxacru.c +++ b/drivers/usb/atm/cxacru.c @@ -473,7 +473,7 @@ static ssize_t cxacru_sysfs_store_adsl_config(struct device *dev, @@ -38764,19 +39478,6 @@ index b0b2ac3..89a4399 100644 "AGP", "PCI", "PRO AGP", -diff --git a/drivers/video/backlight/s6e63m0.c b/drivers/video/backlight/s6e63m0.c -index e132157..516db70 100644 ---- a/drivers/video/backlight/s6e63m0.c -+++ b/drivers/video/backlight/s6e63m0.c -@@ -690,7 +690,7 @@ static ssize_t s6e63m0_sysfs_store_gamma_mode(struct device *dev, - struct backlight_device *bd = NULL; - int brightness, rc; - -- rc = strict_strtoul(buf, 0, (unsigned long *)&lcd->gamma_mode); -+ rc = kstrtouint(buf, 0, &lcd->gamma_mode); - if (rc < 0) - return rc; - diff --git a/drivers/video/fbcmap.c b/drivers/video/fbcmap.c index 5c3960d..15cf8fc 100644 --- a/drivers/video/fbcmap.c @@ -38792,7 +39493,7 @@ index 5c3960d..15cf8fc 100644 goto out1; } diff --git a/drivers/video/fbmem.c b/drivers/video/fbmem.c -index ad93629..e020fc3 100644 +index c6ce416..3b9b642 100644 --- a/drivers/video/fbmem.c +++ b/drivers/video/fbmem.c @@ -428,7 +428,7 @@ static void fb_do_show_logo(struct fb_info *info, struct fb_image *image, @@ -38813,7 +39514,7 @@ index ad93629..e020fc3 100644 info->fbops->fb_imageblit(info, image); image->dy -= image->height + 8; } -@@ -1143,7 +1143,7 @@ static long do_fb_ioctl(struct fb_info *info, unsigned int cmd, +@@ -1157,7 +1157,7 @@ static long do_fb_ioctl(struct fb_info *info, unsigned int cmd, return -EFAULT; if (con2fb.console < 1 || con2fb.console > MAX_NR_CONSOLES) return -EINVAL; @@ -38870,7 +39571,7 @@ index 7672d2e..b56437f 100644 par->dev_flags |= LOCKUP; info->pixmap.scan_align = 1; diff --git a/drivers/video/i810/i810_main.c b/drivers/video/i810/i810_main.c -index 318f6fb..9a389c1 100644 +index b83f361..2b05a91 100644 --- a/drivers/video/i810/i810_main.c +++ b/drivers/video/i810/i810_main.c @@ -97,7 +97,7 @@ static int i810fb_blank (int blank_mode, struct fb_info *info); @@ -41625,7 +42326,7 @@ index 3c14e43..eafa544 100644 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 +4 4 4 4 4 4 diff --git a/drivers/video/udlfb.c b/drivers/video/udlfb.c -index 3473e75..c930142 100644 +index a40c05e..785c583 100644 --- a/drivers/video/udlfb.c +++ b/drivers/video/udlfb.c @@ -619,11 +619,11 @@ int dlfb_handle_damage(struct dlfb_data *dev, int x, int y, @@ -41712,7 +42413,7 @@ index 3473e75..c930142 100644 return count; } diff --git a/drivers/video/uvesafb.c b/drivers/video/uvesafb.c -index 7f8472c..9842e87 100644 +index 8408543..d6f20f1 100644 --- a/drivers/video/uvesafb.c +++ b/drivers/video/uvesafb.c @@ -19,6 +19,7 @@ @@ -41723,6 +42424,15 @@ index 7f8472c..9842e87 100644 #include